diff options
Diffstat (limited to 'crypto/openssh/ChangeLog')
-rw-r--r-- | crypto/openssh/ChangeLog | 15891 |
1 files changed, 9944 insertions, 5947 deletions
diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 0307f62e0557..288e90bbfe51 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,9706 +1,13703 @@ -commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d +commit e1a596186c81e65a34ce13076449712d3bf97eb4 Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 17 11:01:20 2018 +1100 +Date: Fri Aug 20 14:03:49 2021 +1000 - Require OpenSSL 1.1.x series 1.1.0g or greater + depend + +commit 5450606c8f7f7a0d70211cea78bc2dab74ab35d1 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Aug 20 13:59:43 2021 +1000 + + update version numbers + +commit feee2384ab8d694c770b7750cfa76a512bdf8246 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 20 03:22:55 2021 +0000 + + upstream: openssh-8.7 - Previous versions have a bug with EVP_CipherInit() when passed a - NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 + OpenBSD-Commit-ID: 8769dff0fd76ae3193d77bf83b439adee0f300cd + +commit 9a2ed62173cc551b2b5f479460bb015b19499de8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 20 10:48:13 2021 +1000 + + Also check pid in pselect_notify_setup. - ok dtucker@ + Spotted by djm@. -commit 08300c211409c212e010fe2e2f2883e573a04ce2 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 17 08:12:02 2018 +1100 +commit deaadcb93ca15d4f38aa38fb340156077792ce87 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 20 08:39:33 2021 +1000 + + Prefix pselect functions to clarify debug messages + +commit 10e45654cff221ca60fd35ee069df67208fcf415 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 20 08:30:42 2021 +1000 - unbreak compilation with --with-ssl-engine + Fix race in pselect replacement code. + + On the second and subsequent calls to pselect the notify_pipe was not + added to the select readset, opening up a race that om G. Christensen + discovered on multiprocessor Solaris <=9 systems. - Missing last argument to OPENSSL_init_crypto() + Also reinitialize notify_pipe if the pid changes. This will prevent a + parent and child from using the same FD, although this is not an issue + in the current structure it might be in future. -commit 1673274aee67ce0eb6f00578b6f3d2bcbd58f937 +commit 464ba22f1e38d25402e5ec79a9b8d34a32df5a3f Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Oct 16 14:45:57 2018 +1100 +Date: Wed Aug 18 12:51:30 2021 +1000 - Remove gcc spectre mitigation flags. + Check compiler for c99 declarations after code. - Current impementions of the gcc spectre mitigation flags cause - miscompilations when combined with other flags and do not provide much - protection. Found by fweimer at redhat.com, ok djm@ + The sntrup761 reference code contains c99-style declarations after code + so don't try to build that if the compiler doesn't support it. -commit 4e23deefd7959ef83c73ed9cce574423438f6133 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Oct 16 10:51:52 2018 +1100 +commit 7d878679a4b155a359d32104ff473f789501748d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Aug 17 15:12:04 2021 +1000 - Avoid deprecated OPENSSL_config when using 1.1.x + Remove trailing backslash on regress-unit-binaries + +commit b71b2508f17c68c5d9dbbe537686d81cedb9a781 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Aug 17 07:59:27 2021 +1000 + + Put stdint.h inside HAVE_STDINT_H. - OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of - OPENSSL_init_crypto; pointed out by Jakub Jelen + From Tom G. Christensen. -commit 797cdd9c8468ed1125ce60d590ae3f1397866af4 +commit 6a24567a29bd7b4ab64e1afad859ea845cbc6b8c Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Oct 12 16:58:47 2018 +1100 +Date: Mon Aug 16 14:13:02 2021 +1000 - Don't avoid our *sprintf replacements. + Improve github test driver script. - Don't let systems with broken printf(3) avoid our replacements - via asprintf(3)/vasprintf(3) calling libc internally. From djm@ + - use a trap to always output any failed regress logs (since the script + sets -e, the existing log output is never invoked). + - pass LTESTS and SKIP_LTESTS when re-running with sshd options (eg. + UsePAM). -commit e526127cbd2f8ad88fb41229df0c9b850c722830 +commit b467cf13705f59ed348b620722ac098fe31879b7 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Oct 12 16:43:35 2018 +1100 +Date: Mon Aug 16 11:32:23 2021 +1000 - Check if snprintf understands %zu. + Remove deprecated ubuntu-16.04 test targets. - If the platforms snprintf and friends don't understand %zu, use the - compat replacement. Prevents segfaults on those platforms. + Github has deprecated ubuntu-16.04 and it will be removed on 20 + September. -commit cf39f875191708c5f2f1a3c1c9019f106e74aea3 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 12 09:48:05 2018 +1100 +commit 20e6eefcdf78394f05e453d456c1212ffaa6b6a4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Aug 15 23:25:26 2021 +1000 - remove stale link, tweak + Skip agent ptrace test on hurd. -commit a7205e68decf7de2005810853b4ce6b222b65e2a -Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 12 09:47:20 2018 +1100 +commit 7c9115bbbf958fbf85259a061c1122e2d046aabf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Aug 15 19:37:22 2021 +1000 + + Add hurd test target. + +commit 7909a566f6c6a78fcd30708dc49f4e4f9bb80ce3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Aug 15 12:45:10 2021 +1000 + + Skip scp3 tests on all dfly58 and 60 configs. - update version numbers ahead of release +commit e65198e52cb03534e8c846d1bca74c310b1526de +Author: Tim Rice <tim@multitalents.net> +Date: Sat Aug 14 13:08:07 2021 -0700 + + openbsd-compat/openbsd-compat.h: put bsd-signal.h before bsd-misc.h + to get sigset_t from signal.h needed for the pselect replacement. + +commit e50635640f79920d9375e0155cb3f4adb870eee5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 13 13:21:00 2021 +1000 -commit 1a4a9cf80f5b92b9d1dadd0bfa8867c04d195391 + Test OpenSSH from OpenBSD head on 6.8 and 6.9. + +commit e0ba38861c490c680117b7fe0a1d61a181cd00e7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 13 13:00:14 2021 +1000 + + Skip scp3 test on dragonfly 58 and 60. + + The tests hang, so skip until we figure them out. + +commit dcce2a2bcf007bf817a2fb0dce3db83fa9201e92 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 11 03:48:04 2018 +0000 +Date: Thu Aug 12 23:59:25 2021 +0000 - upstream: don't send new-style rsa-sha2-*-cert-v01@openssh.com names to + upstream: mention that CASignatureAlgorithms accepts +/- similarly to - older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker + the other algorithm list directives; ok jmc bz#3335 - OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631 + OpenBSD-Commit-ID: 0d46b53995817052c78e2dce9dbd133963b073d9 -commit dc8ddcdf1a95e011c263486c25869bb5bf4e30ec -Author: Damien Miller <djm@mindrot.org> -Date: Thu Oct 11 13:08:59 2018 +1100 +commit 090a82486e5d7a8f7f16613d67e66a673a40367f +Author: schwarze@openbsd.org <schwarze@openbsd.org> +Date: Thu Aug 12 09:59:00 2021 +0000 + + upstream: In the editline(3) branch of the sftp(1) event loop, + + handle SIGINT rather than ignoring it, such that the user can use Ctrl-C to + discard the currently edited command line and get a fresh prompt, just like + in ftp(1), bc(1), and in shells. + + It is critical to not use ssl_signal() for this particular case + because that function unconditionally sets SA_RESTART, but here we + need the signal to interrupt the read(2) in the el_gets(3) event loop. + + OK dtucker@ deraadt@ + + OpenBSD-Commit-ID: 8025115a773f52e9bb562eaab37ea2e021cc7299 - update depends +commit e1371e4f58404d6411d9f95eb774b444cea06a26 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Wed Aug 11 14:07:54 2021 +0000 -commit 26841ac265603fd2253e6832e03602823dbb4022 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Oct 11 13:02:11 2018 +1100 + upstream: scp: tweak man page and error message for -3 by default + + Now that the -3 option is enabled by default, flip the documentation + and error message logic from "requires -3" to "blocked by -R". + + ok djm@ + + OpenBSD-Commit-ID: a872592118444fb3acda5267b2a8c3d4c4252020 - some more duplicated key algorithm lines +commit 49f46f6d77328a3d10a758522b670a3e8c2235e7 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Wed Aug 11 14:05:19 2021 +0000 + + upstream: scp: do not spawn ssh with two -s flags for + + remote-to-remote copies - From Adam Eijdenberg + Do not add another "-s" to the argument vector every time an SFTP + connection is initiated. Instead, introduce a subsystem flag to + do_cmd() and add "-s" when the flag is set. + + ok djm@ + + OpenBSD-Commit-ID: 25df69759f323661d31b2e1e790faa22e27966c1 -commit 5d9d17603bfbb620195a4581025052832b4c4adc -Author: Damien Miller <djm@mindrot.org> -Date: Thu Oct 11 11:56:36 2018 +1100 +commit 2a2cd00783e1da45ee730b7f453408af1358ef5b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 11 08:55:04 2021 +0000 - fix duplicated algorithm specification lines + upstream: test -Oprint-pubkey - Spotted by Adam Eijdenberg + OpenBSD-Regress-ID: 3d51afb6d1f287975fb6fddd7a2c00a3bc5094e0 -commit ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663 +commit b9f4635ea5bc33ed5ebbacf332d79bae463b0f54 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 11 00:52:46 2018 +0000 +Date: Wed Aug 11 08:54:17 2021 +0000 - upstream: typo in plain RSA algorithm counterpart names for + upstream: when verifying sshsig signatures, support an option - certificates; spotted by Adam Eijdenberg; ok dtucker@ + (-Oprint-pubkey) to dump the full public key to stdout; based on patch from + Fabian Stelzer; ok markus@ - OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00 + OpenBSD-Commit-ID: 0598000e5b9adfb45d42afa76ff80daaa12fc3e2 -commit c29b111e7d87c2324ff71c80653dd8da168c13b9 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Oct 11 11:29:35 2018 +1100 +commit 750c1a45ba4e8ad63793d49418a0780e77947b9b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 11 05:21:32 2021 +0000 + + upstream: oops, missed one more %p + + OpenBSD-Commit-ID: e7e62818d1564cc5cd9086eaf7a51cbd1a9701eb - check pw_passwd != NULL here too +commit b5aa27b69ab2e1c13ac2b5ad3f8f7d389bad7489 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 11 05:20:17 2021 +0000 + + upstream: remove a bunch of %p in format strings; leftovers of - Again, for systems with broken NIS implementations. + debuggings past. prompted by Michael Forney, ok dtucker@ - Prompted by coolbugcheckers AT gmail.com + OpenBSD-Commit-ID: 4853a0d6c9cecaba9ecfcc19066e52d3a8dcb2ac -commit fe8e8f349a553ef4c567acd418aac769a82b7729 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Oct 11 11:03:15 2018 +1100 +commit 419aa01123db5ff5dbc68b2376ef23b222862338 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Aug 11 09:21:09 2021 +1000 - check for NULL return from shadow_pw() + Add includes.h to compat tests. - probably unreachable on this platform; pointed out by - coolbugcheckers AT gmail.com + On platforms where closefrom returns void (eg glibc>=2.34) the prototype + for closefrom in its compat tests would cause compile errors. Remove + this and have the tests pull in the compat headers in the same way as + the main code. bz#3336. -commit acc59cbe7a1fb169e1c3caba65a39bd74d6e030d -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Oct 10 16:43:49 2018 +0000 +commit 931f592f26239154eea3eb35a086585897b1a185 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Aug 10 03:35:45 2021 +0000 - upstream: introducing openssh 7.9 + upstream: adapt to scp -M flag change; make scp3.sh test SFTP mode too - OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25 + OpenBSD-Regress-ID: 43fea26704a0f0b962b53c1fabcb68179638f9c0 -commit 12731158c75c8760a8bea06350eeb3e763fe1a07 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Oct 11 10:29:29 2018 +1100 +commit 391ca67fb978252c48d20c910553f803f988bd37 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Aug 10 03:33:34 2021 +0000 - supply callback to PEM_read_bio_PrivateKey + upstream: Prepare for a future where scp(1) uses the SFTP protocol by - OpenSSL 1.1.0i has changed the behaviour of their PEM APIs, - so that empty passphrases are interpreted differently. This - probabalistically breaks loading some keys, because the PEM format - is terrible and doesn't include a proper MAC. + default. Replace recently added -M option to select the protocol with -O + (olde) and -s (SFTP) flags, and label the -s flag with a clear warning that + it will be removed in the near future (so no, don't use it in scripts!). - Avoid this by providing a basic callback to avoid passing empty - passphrases to OpenSSL in cases where one is required. + prompted by/feedback from deraadt@ - Based on patch from Jakub Jelen in bz#2913; ok dtucker@ + OpenBSD-Commit-ID: 92ad72cc6f0023c9be9e316d8b30eb6d8d749cfc -commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 10 14:57:00 2018 +1100 +commit bfdd4b722f124a4fa9173d20dd64dd0fc69856be +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 9 23:56:36 2021 +0000 - in pick_salt() avoid dereference of NULL passwords + upstream: make scp -3 the default for remote-to-remote copies. It + + provides a much better and more intuitive user experience and doesn't require + exposing credentials to the source host. - Apparently some NIS implementations can leave pw->pw_passwd (or the - shadow equivalent) NULL. + thanks naddy@ for catching the missing argument in usage() - bz#2909; based on patch from Todd Eigenschink + "Yes please!" - markus@ + "makes a lot of sense" - deraadt@ + "the right thing to do" - dtucker@ + + OpenBSD-Commit-ID: d0d2af5f0965c5192ba5b2fa461c9f9b130e5dd9 -commit edbb6febccee084d212fdc0cb05b40cb1c646ab1 +commit 2f7a3b51cef689ad9e93d0c6c17db5a194eb5555 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Oct 9 05:42:23 2018 +0000 +Date: Mon Aug 9 23:49:31 2021 +0000 - upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase + upstream: make scp in SFTP mode try to use relative paths as much + + as possible. Previosuly, it would try to make relative and ~/-rooted paths + absolute before requesting transfers. - is specified as "incorrect passphrase" instead of trying to choose between - that and "invalid format". + prompted by and much discussion deraadt@ + ok markus@ - libcrypto can return ASN1 parsing errors rather than the expected - decrypt error in certain infrequent cases when trying to decrypt/parse - PEM private keys when supplied with an invalid passphrase. + OpenBSD-Commit-ID: 46639d382ea99546a4914b545fa7b00fa1be5566 + +commit 2ab864010e0a93c5dd95116fb5ceaf430e2fc23c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 9 23:47:44 2021 +0000 + + upstream: SFTP protocol extension to allow the server to expand - Report and repro recipe from Thomas Deutschmann in bz#2901 + ~-prefixed paths, in particular ~user ones. Allows scp in sftp mode to accept + these paths, like scp in rcp mode does. + prompted by and much discussion deraadt@ ok markus@ - OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870 + OpenBSD-Commit-ID: 7d794def9e4de348e1e777f6030fc9bafdfff392 -commit 2581333d564d8697837729b3d07d45738eaf5a54 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Fri Oct 5 14:26:09 2018 +0000 +commit 41b019ac067f1d1f7d99914d0ffee4d2a547c3d8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 9 23:44:32 2021 +0000 - upstream: Support using service names for port numbers. + upstream: when scp is in SFTP mode, try to deal better with ~ - * Try to resolve a port specification with getservbyname(3) if a - numeric conversion fails. - * Make the "Port" option in ssh_config handle its argument as a - port rather than a plain integer. + prefixed paths. ~user paths aren't supported, but ~/ paths will be accepted + and prefixed with the SFTP server starting directory (more to come) - ok dtucker@ deraadt@ + prompted by and discussed with deraadt@ + ok markus@ - OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d + OpenBSD-Commit-ID: 263a071f14555c045fd03132a8fb6cbd983df00d -commit e0d6501e86734c48c8c503f81e1c0926e98c5c4c +commit b4b3f3da6cdceb3fd168b5fab69d11fba73bd0ae Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 4 07:47:35 2018 +0000 +Date: Mon Aug 9 07:21:01 2021 +0000 - upstream: when the peer sends a channel-close message, make sure we - - close the local extended read fd (stderr) along with the regular read fd - (stdout). Avoids weird stuck processed in multiplexing mode. + upstream: on fatal errors, make scp wait for ssh connection before - Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863 + exiting avoids LogLevel=verbose (or greater) messages from ssh appearing + after scp has returned exited and control has returned to the shell; ok + markus@ - ok dtucker@ markus@ + (this was originally committed as r1.223 along with unrelated stuff that + I rolled back in r1.224) - OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9 + OpenBSD-Commit-ID: 1261fd667ad918484889ed3d7aec074f3956a74b -commit 6f1aabb128246f445e33b8844fad3de9cb1d18cb +commit 2ae7771749e0b4cecb107f9d4860bec16c3f4245 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 4 01:04:52 2018 +0000 +Date: Mon Aug 9 07:19:12 2021 +0000 - upstream: factor out channel status formatting from - - channel_open_message() so we can use it in other debug messages + upstream: rever r1.223 - I accidentally committed unrelated changes - OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba + OpenBSD-Commit-ID: fb73f3865b2647a27dd94db73d6589506a9625f9 -commit f1dd179e122bdfdb7ca3072d9603607740efda05 +commit 986abe94d481a1e82a01747360bd767b96b41eda Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 4 00:10:11 2018 +0000 +Date: Mon Aug 9 07:16:09 2021 +0000 - upstream: include a little more information about the status and + upstream: show only the final path component in the progress meter; - disposition of channel's extended (stderr) fd; makes debugging some things a - bit easier. No behaviour change. + more useful with long paths (that may truncate) and better matches + traditional scp behaviour; spotted by naddy@ ok deraadt@ - OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce + OpenBSD-Commit-ID: 26b544d0074f03ebb8a3ebce42317d8d7ee291a3 -commit 2d1428b11c8b6f616f070f2ecedce12328526944 +commit 2b67932bb3176dee4fd447af4368789e04a82b93 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 4 00:04:41 2018 +0000 +Date: Mon Aug 9 07:13:54 2021 +0000 - upstream: explicit_bzero here to be consistent with other kex*.c; + upstream: on fatal errors, make scp wait for ssh connection before - report from coolbugcheckers AT gmail.com + exiting avoids LogLevel=verbose (or greater) messages from ssh appearing + after scp has returned exited and control has returned to the shell; ok + markus@ - OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb + OpenBSD-Commit-ID: ef9dab5ef5ae54a6a4c3b15d380568e94263456c -commit 5eff5b858e717e901e6af6596306a114de9f79f2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 3 06:38:35 2018 +0000 +commit 724eb900ace30661d45db2ba01d0f924d95ecccb +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Aug 8 08:49:09 2021 +0000 - upstream: Allow ssh_config IdentityAgent directive to accept + upstream: xstrdup environment variable used by ForwardAgent. bz#3328 - environment variable names as well as explicit paths. ok dtucker@ + from goetze at dovetail.com, ok djm@ deraadt@ - OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b + OpenBSD-Commit-ID: 760320dac1c3b26904284ba417a7d63fccc5e742 -commit a46ac4d86b25414d78b632e8173578b37e5f8a83 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Oct 2 12:51:58 2018 +0000 +commit 86b4cb3a884846b358305aad17a6ef53045fa41f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Aug 8 08:27:28 2021 +0000 - upstream: mention INFO@openssh.com for sending SIGINFO + upstream: Although it's POSIX, not all shells used in Portable support - OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900 + the implicit 'in "$@"' after 'for i'. + + OpenBSD-Regress-ID: 3c9aec6bca4868f85d2742b6ba5223fce110bdbc -commit ff3a411cae0b484274b7900ef52ff4dad3e12876 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Oct 2 22:49:40 2018 +1000 +commit f2ccf6c9f395923695f22345e626dfd691227aaf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Aug 8 17:39:56 2021 +1000 - only support SIGINFO on systems with SIGINFO + Move portable specific settings down. + + This brings the top hunk of the file back in sync with OpenBSD + so patches to the CVS Id should apply instead of always being + rejected. -commit cd98925c6405e972dc9f211afc7e75e838abe81c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Oct 2 12:40:07 2018 +0000 +commit 71b0eb997e220b0fc9331635af409ad84979f2af +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Aug 8 07:27:52 2021 +0000 - upstream: Add server support for signalling sessions via the SSH + upstream: Move setting of USER further down the startup In portable - channel/ session protocol. Signalling is only supported to sesssions that are - not subsystems and were not started with a forced command. + we have to change this and having it in the same hunk as the CVS Id string + means applying changes fails every. single. time. - Long requested in bz#1424 + OpenBSD-Regress-ID: 87cd603eb6db58c9b430bf90adacb7f90864429b + +commit f0aca2706c710a0da1a4be705f825a807cd15400 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Aug 8 06:38:33 2021 +0000 + + upstream: Drop -q in ssh-log-wrapper.sh to preserve logs. + + scp and sftp like to add -q to the command line passed to ssh which + overrides the LogLevel we set in the config files and suppresses output + to the debug logs so drop any "-q" from the invoked ssh. In the one + case where we actually want to use -q in the banner test, call the ssh + binary directly bypassing the logging wrapper. - Based on a patch from markus@ and reworked by dtucker@; - ok markus@ dtucker@ + OpenBSD-Regress-ID: e2c97d3c964bda33a751374c56f65cdb29755b75 + +commit cf27810a649c5cfae60f8ce66eeb25caa53b13bc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Aug 7 01:57:08 2021 +0000 + + upstream: Fix prototype mismatch for do_cmd. ok djm@ - OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3 + OpenBSD-Commit-ID: 1c1598bb5237a7ae0be99152f185e0071163714d -commit dba50258333f2604a87848762af07ba2cc40407a +commit 85de69f64665245786e28c81ab01fe18b0e2a149 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 26 07:32:44 2018 +0000 +Date: Sat Aug 7 01:55:01 2021 +0000 - upstream: remove big ugly TODO comment from start of file. Some of + upstream: sftp-client.c needs poll.h - the mentioned tasks are obsolete and, of the remainder, most are already - captured in PROTOCOL.mux where they better belong + remove unused variable - OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407 + OpenBSD-Commit-ID: 233ac6c012cd23af62f237167a661db391055a16 + +commit 397c4d72e50023af5fe3aee5cc2ad407a6eb1073 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Aug 7 11:30:57 2021 +1000 + + Include poll.h and friends for struct pollfd. -commit 92b61a38ee9b765f5049f03cd1143e13f3878905 +commit a9e2c533195f28627f205682482d9da384c4c52e Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 26 07:30:05 2018 +0000 +Date: Sat Aug 7 00:14:17 2021 +0000 - upstream: Document mux proxy mode; added by Markus in openssh-7.4 + upstream: do_upload() used a near-identical structure for - Also add a little bit of information about the overall packet format + tracking expected status replies from the server to what do_download() was + using. - OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95 + Refactor it to use the same structure and factor out some common + code into helper functions. + + OpenBSD-Commit-ID: 0c167df8ab6df4a5292c32421922b0cf379e9054 -commit 9d883a1ce4f89b175fd77405ff32674620703fb2 +commit 7b1cbcb7599d9f6a3bbad79d412604aa1203b5ee Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 26 01:48:57 2018 +0000 +Date: Sat Aug 7 00:12:09 2021 +0000 - upstream: s/process_mux_master/mux_master_process/ in mux master + upstream: make scp(1) in SFTP mode follow symlinks like - function names, + traditional scp(1) ok markus@ - Gives better symmetry with the existing mux_client_*() names and makes - it more obvious when a message comes from the master vs client (they - are interleved in ControlMaster=auto mode). + OpenBSD-Commit-ID: 97255e55be37e8e26605e4ba1e69f9781765d231 + +commit 133b44e500422df68c9c25c3b6de35c0263132f1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Aug 7 00:10:49 2021 +0000 + + upstream: fix incorrect directory permissions on scp -3 - no functional change beyond prefixing a could of log messages with - __func__ where they were previously lacking. + transfers; ok markus@ - OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75 + OpenBSD-Commit-ID: 64b2abaa5635a2be65ee2e77688ad9bcebf576c2 -commit c2fa53cd6462da82d3a851dc3a4a3f6b920337c8 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Sep 22 14:41:24 2018 +1000 +commit 98b59244ca10e62ff67a420856770cb700164f59 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Aug 7 00:09:57 2021 +0000 - Remove unused variable in _ssh_compat_fflush. + upstream: a bit more debugging of file attributes being + + sent/received over the wire + + OpenBSD-Commit-ID: f68c4e207b08ef95200a8b2de499d422808e089b -commit d1b3540c21212624af907488960d703c7d987b42 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Sep 20 18:08:43 2018 +1000 +commit c677e65365d6f460c084e41e0c4807bb8a9cf601 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Aug 7 00:08:52 2021 +0000 - Import updated moduli. + upstream: make scp(1) in SFTP mode output better match original + + scp(1) by suppressing "Retrieving [path]" lines that were emitted to support + the interactive sftp(1) client. ok markus@ + + OpenBSD-Commit-ID: 06be293df5f156a18f366079be2f33fa68001acc -commit b5e412a8993ad17b9e1141c78408df15d3d987e1 +commit 48cd39b7a4e5e7c25101c6d1179f98fe544835cd Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 21 12:46:22 2018 +0000 +Date: Sat Aug 7 00:07:18 2021 +0000 - upstream: Allow ssh_config ForwardX11Timeout=0 to disable the + upstream: factor out a structure duplicated between downloading - timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ + and crossloading; ok markus@ - OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69 + OpenBSD-Commit-ID: 96eede24d520569232086a129febe342e4765d39 -commit cb24d9fcc901429d77211f274031653476864ec6 +commit 318c06bb04ee21a0cfa6b6022a201eacaa53f388 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 21 12:23:17 2018 +0000 +Date: Sat Aug 7 00:06:30 2021 +0000 - upstream: when compiled with GSSAPI support, cache supported method + upstream: use sftp_client crossloading to implement scp -3 - OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether - GSSAPI authentication is enabled in the main config. + feedback/ok markus@ - This avoids sandbox violations for configurations that enable GSSAPI - auth later, e.g. + OpenBSD-Commit-ID: 7db4c0086cfc12afc9cfb71d4c2fd3c7e9416ee9 + +commit de7115b373ba0be3861c65de9b606a3e0e9d29a3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Aug 7 00:02:41 2021 +0000 + + upstream: support for "cross"-loading files/directories, i.e. - Match user djm - GSSAPIAuthentication yes + downloading from one SFTP server while simultaneously uploading to another. - bz#2107; ok dtucker@ + feedback & ok markus@ - OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d + OpenBSD-Commit-ID: 3982878e29d8df0fa4ddc502f5ff6126ac714235 -commit bbc8af72ba68da014d4de6e21a85eb5123384226 +commit a50bd0367ff2063bbc70a387740a2aa6914de094 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 21 12:20:12 2018 +0000 +Date: Sat Aug 7 00:01:29 2021 +0000 - upstream: In sshkey_in_file(), ignore keys that are considered for - - being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered - to be "in the file". This allows key revocation lists to contain short keys - without the entire revocation list being considered invalid. + upstream: factor our SSH2_FXP_OPEN calls into their own function; - bz#2897; ok dtucker + "looks fine" markus@ - OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b + OpenBSD-Commit-ID: d3dea2153f08855c6d9dacc01973248944adeffb -commit 383a33d160cefbfd1b40fef81f72eadbf9303a66 +commit e3c0ba05873cf3d3f7d19d595667a251026b2d84 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 21 03:11:36 2018 +0000 +Date: Sat Aug 7 00:00:33 2021 +0000 - upstream: Treat connections with ProxyJump specified the same as ones + upstream: prepare for scp -3 implemented via sftp - with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't - try to canonicalise the hostname unless CanonicalizeHostname is set to - 'always'). + OpenBSD-Commit-ID: 194aac0dd87cb175334b71c2a30623a5ad55bb44 + +commit 395d8fbdb094497211e1461cf0e2f80af5617e0a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Aug 6 09:00:18 2021 +0000 + + upstream: Make diff invocation more portable. - Patch from Sven Wegener via bz#2896 + POSIX does not require diff to have -N, so compare in both directions + with just -r, which should catch missing files in either directory. - OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37 + OpenBSD-Regress-ID: 0e2ec8594556a6f369ed5a0a90c6806419b845f7 -commit 0cbed248ed81584129b67c348dbb801660f25a6a +commit d247a73ce27b460138599648d9c637c6f2b77605 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 20 23:40:16 2018 +0000 +Date: Wed Aug 4 21:28:00 2021 +0000 - upstream: actually make CASignatureAlgorithms available as a config + upstream: regression test for scp -3 - option - - OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52 + OpenBSD-Regress-ID: b44375d125c827754a1f722ec6b6b75b634de05d -commit 62528870c0ec48cd86a37dd7320fb85886c3e6ee +commit 35c8e41a6f6d8ad76f8d1cd81ac2ea23d0d993b2 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Sep 20 08:07:03 2018 +0000 +Date: Fri Aug 6 05:04:42 2021 +0000 - upstream: Import updated moduli. + upstream: Document "ProxyJump none". bz#3334. - OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40 + OpenBSD-Commit-ID: f78cc6f55731f2cd35c3a41d5352ac1ee419eba7 -commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Sep 20 06:58:48 2018 +0000 +commit 911ec6411821bda535d09778df7503b92f0eafab +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Aug 4 01:34:55 2021 +0000 - upstream: reorder CASignatureAlgorithms, and add them to the + upstream: Allow for different (but POSIX compliant) behaviour of + + basename(3) and prevent a use-after-free in that case in the new sftp-compat + code. + + POSIX allows basename(3) to either return a pointer to static storage + or modify the passed string and return a pointer to that. OpenBSD does + the former and works as is, but on other platforms "filename" points + into "tmp" which was just freed. This makes the freeing of tmp + consistent with the other variable in the loop. - various -o lists; ok djm + Pinpointed by the -portable Valgrind regress test. ok djm@ deraadt@ - OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288 + OpenBSD-Commit-ID: 750f3c19bd4440e4210e30dd5d7367386e833374 -commit aa083aa9624ea7b764d5a81c4c676719a1a3e42b +commit 6df1fecb5d3e51f3a8027a74885c3a44f6cbfcbd +Author: Damien Miller <djm@mindrot.org> +Date: Wed Aug 4 11:05:11 2021 +1000 + + use openbsd-compat glob.h is required + +commit 9ebd1828881dfc9014a344587934a5ce7db6fa1b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Aug 3 21:03:23 2021 +1000 + + Missing space between macro arg and punctuation. + + From jmc@ + +commit 0fd3f62eddc7cf54dcc9053be6f58998f3eb926a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Aug 3 21:02:33 2021 +1000 + + Avoid lines >80 chars. From jmc@ + +commit af5d8094d8b755e1daaf2e20ff1dc252800b4c9b Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 20 03:31:49 2018 +0000 +Date: Tue Aug 3 01:05:24 2021 +0000 - upstream: fix "ssh -Q sig" to show correct signature algorithm list + upstream: regression tests for scp SFTP protocol support; mostly by - (it was erroneously showing certificate algorithms); prompted by markus@ + Jakub Jelen in GHPR#194 ok markus - OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d + OpenBSD-Regress-ID: 36f1458525bcb111741ec8547eaf58b13cddc715 -commit ecac7e1f7add6b28874959a11f2238d149dc2c07 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 20 03:30:44 2018 +0000 +commit e4673b7f67ae7740131a4ecea29a846593049a91 +Author: anton@openbsd.org <anton@openbsd.org> +Date: Thu Jul 29 15:34:09 2021 +0000 - upstream: add CASignatureAlgorithms option for the client, allowing + upstream: Treat doas with arguments as a valid SUDO variable. - it to specify which signature algorithms may be used by CAs when signing - certificates. Useful if you want to ban RSA/SHA1; ok markus@ + Allows one to specify SUDO="doas -n" which I do while running make regress. - OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f + ok dtucker@ + + OpenBSD-Regress-ID: 4fe5814b5010dbf0885500d703bea06048d11005 -commit 86e5737c39153af134158f24d0cab5827cbd5852 +commit 197e29f1cca190d767c4b2b63a662f9a9e5da0b3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 20 03:28:06 2018 +0000 +Date: Mon Aug 2 23:38:27 2021 +0000 - upstream: Add sshd_config CASignatureAlgorithms option to allow + upstream: support for using the SFTP protocol for file transfers in - control over which signature algorithms a CA may use when signing - certificates. In particular, this allows a sshd to ban certificates signed - with RSA/SHA1. + scp, via a new "-M sftp" option. Marked as experimental for now. - ok markus@ + Some corner-cases exist, in particular there is no attempt to + provide bug-compatibility with scp's weird "double shell" quoting + rules. + + Mostly by Jakub Jelen in GHPR#194 with some tweaks by me. ok markus@ + Thanks jmc@ for improving the scp.1 bits. - OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac + OpenBSD-Commit-ID: 6ce4c9157ff17b650ace571c9f7793d92874051c -commit f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 19 02:03:02 2018 +0000 +commit dd533c7ab79d61a7796b77b64bd81b098e0d7f9f +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jul 30 14:28:13 2021 +0000 - upstream: Make "ssh-add -q" do what it says on the tin: silence + upstream: fix a formatting error and add some Xr; from debian at - output from successful operations. + helgefjell de - Based on patch from Thijs van Dijk; ok dtucker@ deraadt@ + removed references to rlogin etc. as no longer relevant; + suggested by djm - OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1 + ok djm dtucker + + OpenBSD-Commit-ID: 3c431c303068d3aec5bb18573a0bd5e0cd77c5ae -commit 5e532320e9e51de720d5f3cc2596e95d29f6e98f -Author: millert@openbsd.org <millert@openbsd.org> -Date: Mon Sep 17 15:40:14 2018 +0000 +commit c7cd347a8823819411222c1e10a0d26747d0fd5c +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jul 30 14:25:01 2021 +0000 - upstream: When choosing a prime from the moduli file, avoid + upstream: fix a formatting error and mark up known_hosts + + consistently; issues reported by debian at helgefjell de - re-using the linenum variable for something that is not a line number to - avoid the confusion that resulted in the bug in rev. 1.64. This also lets us - pass the actual linenum to parse_prime() so the error messages include the - correct line number. OK markus@ some time ago. + ok djm dtucker - OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084 + OpenBSD-Commit-ID: a1fd8d21dc77f507685443832df0c9700481b0ce -commit cce8cbe0ed7d1ba3a575310e0b63c193326ae616 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Sep 15 19:44:06 2018 +1000 +commit 4455aec2e4fc90f64ae4fc47e78ebc9c18721738 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Jul 28 05:57:42 2021 +0000 - Fix openssl-1.1 fallout for --without-openssl. + upstream: no need to talk about version 2 with the -Q option, so - ok djm@ + rewrite the text to read better; + + issue reported by debian at helgefjell de + ok djm dtucker + + OpenBSD-Commit-ID: 59fe2e8219c37906740ad062e0fdaea487dbe9cf -commit 149519b9f201dac755f3cba4789f4d76fecf0ee1 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Sep 15 19:37:48 2018 +1000 +commit bec429338e9b30d2c7668060e82608286a8a4777 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Jul 27 14:28:46 2021 +0000 - add futex(2) syscall to seccomp sandbox + upstream: word fix; reported by debian at helgefjell de - Apparently needed for some glibc/openssl combinations. + OpenBSD-Commit-ID: 0c6fd22142422a25343c5bd1a618f31618f41ece + +commit efad4deb5a1f1cf79ebefd63c6625059060bfbe1 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Jul 27 14:14:25 2021 +0000 + + upstream: standardise the grammar in the options list; issue + + reported by debian at helgefjell de - Patch from Arkadiusz Miśkiewicz + ok dtucker djm + + OpenBSD-Commit-ID: 7ac15575045d82f4b205a42cc7d5207fe4c3f8e6 -commit 4488ae1a6940af704c4dbf70f55bf2f756a16536 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Sep 15 19:36:55 2018 +1000 +commit 1e11fb24066f3fc259ee30db3dbb2a3127e05956 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 2 18:56:29 2021 +1000 - really add source for authopt_fuzz this time + Check for RLIMIT_NOFILE before trying to use it. -commit 9201784b4a257c8345fbd740bcbdd70054885707 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Sep 15 19:35:40 2018 +1000 +commit 0f494236b49fb48c1ef33669f14822ca4f3ce2f4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 27 17:45:34 2021 +1000 - remove accidentally checked-in authopt_fuzz binary + lastenv is only used in setenv. + + Prevents an unused variable warning on platforms that have setenv but + not unsetenv. -commit beb9e522dc7717df08179f9e59f36b361bfa14ab -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 14 05:26:27 2018 +0000 +commit a1f78e08bdb3eaa88603ba3c6e01de7c8671e28a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jul 26 12:45:30 2021 +1000 + + Move SUDO to "make test" command line. + + Environment variables don't get passed by vmrun, so move to command + line. + +commit 02e624273b9c78a49a01239159b8c09b8409b1a0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jul 25 23:26:36 2021 +1000 - upstream: second try, deals properly with missing and private-only + Set SUDO for tests and cleanup. + +commit 460ae5d93051bab70239ad823dd784822d58baad +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jul 25 22:37:55 2021 +1000 + + Pass OPENSSL=no to make tests too. + +commit b398f499c68d74ebe3298b73757cf3f36e14e0cb +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Jul 25 12:27:37 2021 +0000 + + upstream: Skip unit and makefile-based key conversion tests when - Use consistent format in debug log for keys readied, offered and - received during public key authentication. + we're building with OPENSSL=no. - This makes it a little easier to see what is going on, as each message - now contains (where available) the key filename, its type and fingerprint, - and whether the key is hosted in an agent or a token. + OpenBSD-Regress-ID: 20455ed9a977c93f846059d1fcb48e29e2c8d732 + +commit 727ce36c8c5941bde99216d27109405907caae4f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Jul 25 12:13:03 2021 +0000 + + upstream: Replace OPENSSL as the variable that points to the + + openssl binary with OPENSSL_BIN. This will allow us to use the OPENSSL + variable from mk.conf or the make(1) command line indicating if we're + building with our without OpenSSL, and ultimately get the regress tests + working in the OPENSSL=no configuration. - OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7 + OpenBSD-Regress-ID: 2d788fade3264d7803e5b54cae8875963f688c4e -commit 6bc5a24ac867bfdc3ed615589d69ac640f51674b -Author: Damien Miller <djm@mindrot.org> -Date: Fri Sep 14 15:16:34 2018 +1000 +commit 55e17101a9075f6a63af724261c5744809dcb95c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jul 24 02:57:28 2021 +0000 - fuzzer harness for authorized_keys option parsing + upstream: Skip RFC4716 format import and export tests when built + + without OpenSSL. + + OpenBSD-Regress-ID: d2c2d5d38c1acc2b88cc99cfe00a2eb8bb39dfa4 -commit 6c8b82fc6929b6a9a3f645151b6ec26c5507d9ef -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 14 04:44:04 2018 +0000 +commit f5ccb5895d39cd627ad9e7b2c671d2587616100d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jul 24 02:51:14 2021 +0000 - upstream: revert following; deals badly with agent keys + upstream: Don't omit ssh-keygen -y from usage when built without + + OpenSSL. It is actually available, albeit only for ed25519 keys. - revision 1.285 - date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK; - Use consistent format in debug log for keys readied, offered and - received during public key authentication. + OpenBSD-Commit-ID: 7a254c33d0e6a55c30c6b016a8d298d3cb7a7674 + +commit 819d57ac23469f1f03baa8feb38ddefbada90fdc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jul 24 02:08:13 2021 +0000 + + upstream: Exclude key conversion options from usage when built - This makes it a little easier to see what is going on, as each message - now contains the key filename, its type and fingerprint, and whether - the key is hosted in an agent or a token. + without OpenSSL since those are not available, similar to what we currently + do with the moduli screening options. We can also use this to skip the + conversion regression tests in this case. - OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d + OpenBSD-Commit-ID: 3c82caa398cf99cd4518c23bba5a2fc66b16bafe + +commit b6673b1d2ee90b4690ee84f634efe40225423c38 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 24 13:02:51 2021 +1000 + + Test OpenBSD upstream with and without OpenSSL. -commit 6da046f9c3374ce7e269ded15d8ff8bc45017301 +commit 9d38074b5453c1abbdf888e80828c278d3b886ac Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 14 04:17:44 2018 +0000 +Date: Sat Jul 24 01:54:23 2021 +0000 - upstream: garbage-collect moribund ssh_new_private() API. + upstream: test for first-match-wins in authorized_keys environment= - OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c + options + + OpenBSD-Regress-ID: 1517c90276fe84b5dc5821c59f88877fcc34c0e8 + +commit 2b76f1dd19787e784711ea297ad8fc938b4484fd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 23 05:53:02 2021 +0000 -commit 1f24ac5fc05252ceb1c1d0e8cab6a283b883c780 + upstream: Simplify keygen-convert by using $SSH_KEYTYPES directly. + + OpenBSD-Regress-ID: cdbe408ec3671ea9ee9b55651ee551370d2a4108 + +commit 7d64a9fb587ba9592f027f7a2264226c713d6579 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 14 04:17:12 2018 +0000 +Date: Sat Jul 24 01:55:19 2021 +0000 - upstream: Use consistent format in debug log for keys readied, + upstream: don't leak environment= variable when it is not the first - offered and received during public key authentication. + match - This makes it a little easier to see what is going on, as each message - now contains the key filename, its type and fingerprint, and whether - the key is hosted in an agent or a token. + OpenBSD-Commit-ID: 7fbdc3dfe0032deaf003fd937eeb4d434ee4efe0 + +commit db2130e2340bf923e41c791aa9cd27b9e926042c +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jul 23 06:01:17 2021 +0000 + + upstream: punctuation; - OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f + OpenBSD-Commit-ID: 64be152e378c45975073ab1c07e0db7eddd15806 -commit 488c9325bb7233e975dbfbf89fa055edc3d3eddc -Author: millert@openbsd.org <millert@openbsd.org> -Date: Thu Sep 13 15:23:32 2018 +0000 +commit 03190d10980c6fc9124e988cb2df13101f266507 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 23 05:56:47 2021 +0000 - upstream: Fix warnings caused by user_from_uid() and group_from_gid() + upstream: mention in comment that read_passphrase(..., RP_ALLOW_STDIN) + + will try to use askpass first. bz3314 - now returning const char *. + convert a couple of debug() -> debug_f() while here - OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f + OpenBSD-Commit-ID: c7e812aebc28fcc5db06d4710e0f73613dee545c -commit 0aa1f230846ebce698e52051a107f3127024a05a -Author: Damien Miller <djm@mindrot.org> -Date: Fri Sep 14 10:31:47 2018 +1000 +commit 1653ece6832b2b304d46866b262d5f69880a9ec7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 23 05:07:16 2021 +0000 - allow SIGUSR1 as synonym for SIGINFO + upstream: Test conversion of ed25519 and ecdsa keys too. - Lets users on those unfortunate operating systems that lack SIGINFO - still be able to obtain progress information from unit tests :) + OpenBSD-Regress-ID: 3676d2d00e58e0d6d37f2878f108cc2b83bbe4bb -commit d64e78526596f098096113fcf148216798c327ff -Author: Damien Miller <djm@mindrot.org> -Date: Thu Sep 13 19:05:48 2018 +1000 +commit 8b7af02dcf9d2b738787efd27da7ffda9859bed2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 23 04:56:21 2021 +0000 - add compat header + upstream: Add test for exporting pubkey from a passphrase-protected + + private key. + + OpenBSD-Regress-ID: da99d93e7b235fbd5b5aaa01efc411225e6ba8ac -commit a3fd8074e2e2f06602e25618721f9556c731312c +commit 441095d4a3e5048fe3c87a6c5db5bc3383d767fb Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 13 09:03:20 2018 +0000 +Date: Fri Jul 23 03:54:55 2021 +0000 - upstream: missed a bit of openssl-1.0.x API in this unittest + upstream: regression test for time-limited signature keys - OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9 + OpenBSD-Regress-ID: 2a6f3bd900dbee0a3c96f1ff23e032c93ab392bc -commit 86e0a9f3d249d5580390daf58e015e68b01cef10 +commit 9e1882ef6489a7dd16b6d7794af96629cae61a53 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 13 05:06:51 2018 +0000 +Date: Fri Jul 23 05:24:02 2021 +0000 - upstream: use only openssl-1.1.x API here too + upstream: note successful authentication method in final "Authenticated + + to ..." message and partial auth success messages (all at LogLevel=verbose) + ok dtucker@ - OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f + OpenBSD-Commit-ID: 06834b89ceb89f8f16c5321d368a66c08f441984 -commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc -Author: Damien Miller <djm@mindrot.org> -Date: Thu Sep 13 12:13:50 2018 +1000 +commit a917e973a1b90b40ff1e950df083364b48fc6c78 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 23 04:04:52 2021 +0000 - adapt -portable to OpenSSL 1.1x API + upstream: Add a ForkAfterAuthentication ssh_config(5) counterpart - Polyfill missing API with replacement functions extracted from LibreSSL + to the ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch. ok + dtucker + + OpenBSD-Commit-ID: b18aeda12efdebe2093d55263c90fe4ea0bce0d3 -commit 86112951d63d48839f035b5795be62635a463f99 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Sep 13 12:12:42 2018 +1000 +commit e0c5088f1c96a145eb6ea1dee438010da78f9ef5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 23 04:00:59 2021 +0000 - forgot to stage these test files in commit d70d061 + upstream: Add a StdinNull directive to ssh_config(5) that allows + + the config file to do the same thing as -n does on the ssh(1) commandline. + Patch from Volker Diels-Grabsch via GHPR231; ok dtucker + + OpenBSD-Commit-ID: 66ddf3f15c76796d4dcd22ff464aed1edd62468e -commit 482d23bcacdd3664f21cc82a5135f66fc598275f +commit e3957e21ffdc119d6d04c0b1686f8e2fe052f5ea Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 13 02:08:33 2018 +0000 +Date: Fri Jul 23 03:57:20 2021 +0000 - upstream: hold our collective noses and use the openssl-1.1.x API in + upstream: make authorized_keys environment="..." directives + + first-match-wins and more strictly limit their maximum number; prompted by + OOM reported by OSS-fuzz (35470). - OpenSSH; feedback and ok tb@ jsing@ markus@ + feedback and ok dtucker@ - OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417 + OpenBSD-Commit-ID: 01f63fc10dcd995e7aed9c378ad879161af83121 -commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1 +commit d0bb1ce731762c55acb95817df4d5fab526c7ecd Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:36:45 2018 +0000 +Date: Fri Jul 23 03:37:52 2021 +0000 - upstream: Include certs with multiple RSA signature variants in + upstream: Let allowed signers files used by ssh-keygen(1) - test data Ensure that cert->signature_key is populated correctly + signatures support key lifetimes, and allow the verification mode to specify + a signature time to check at. This is intended for use by git to support + signing objects using ssh keys. ok dtucker@ - OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a + OpenBSD-Commit-ID: 3e2c67b7dcd94f0610194d1e8e4907829a40cf31 -commit f803b2682992cfededd40c91818b653b5d923ef5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:23:48 2018 +0000 +commit 44142068dc7ef783d135e91ff954e754d2ed432e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 08:48:33 2021 +0000 - upstream: test revocation by explicit hash and by fingerprint + upstream: Use SUDO when setting up hostkey. - OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8 + OpenBSD-Regress-ID: 990cf4481cab8dad62e90818a9b4b36c533851a7 -commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:22:43 2018 +0000 +commit 6b67f3f1d1d187597e54a139cc7785c0acebd9a2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 05:08:54 2021 +0000 - upstream: s/sshkey_demote/sshkey_from_private/g + upstream: Increase time margin for rekey tests. Should help - OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4 + reliability on very heavily loaded hosts. + + OpenBSD-Regress-ID: 4c28a0fce3ea89ebde441d7091464176e9730533 -commit 41c115a5ea1cb79a6a3182773c58a23f760e8076 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Sep 12 16:50:01 2018 +1000 +commit 7953e1bfce9e76bec41c1331a29bc6cff9d416b8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jul 19 13:47:51 2021 +1000 - delete the correct thing; kexfuzz binary + Add sshfp-connect.sh file missed in previous. -commit f0fcd7e65087db8c2496f13ed39d772f8e38b088 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 06:18:59 2018 +0000 +commit b75a80fa8369864916d4c93a50576155cad4df03 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 03:13:28 2021 +0000 - upstream: fix edit mistake; spotted by jmc@ + upstream: Ensure that all returned SSHFP records for the specified host - OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6 + name and hostkey type match instead of only one. While there, simplify the + code somewhat and add some debugging. Based on discussion in bz#3322, ok + djm@. + + OpenBSD-Commit-ID: 0a6a0a476eb7f9dfe8fe2c05a1a395e3e9b22ee4 -commit 4cc259bac699f4d2a5c52b92230f9e488c88a223 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:34:02 2018 +0000 +commit 1cc1fd095393663cd72ddac927d82c6384c622ba +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 02:21:50 2021 +0000 - upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of + upstream: Id sync only, -portable already has this. - signature algorithms that are allowed for CA signatures. Notably excludes - ssh-dsa. + Put dh_set_moduli_file call inside ifdef WITH_OPENSSL. Fixes + build with OPENSSL=no. - ok markus@ + OpenBSD-Commit-ID: af54abbebfb12bcde6219a44d544e18204defb15 + +commit 33abbe2f4153f5ca5c874582f6a7cc91ae167485 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 02:46:34 2021 +0000 + + upstream: Add test for host key verification via SSHFP records. This + + requires some external setup to operate so is disabled by default (see + comments in sshfp-connect.sh). - OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4 + OpenBSD-Regress-ID: c52c461bd1df3a803d17498917d156ef64512fd9 -commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:32:54 2018 +0000 +commit f0cd000d8e3afeb0416dce1c711c3d7c28d89bdd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 02:29:28 2021 +0000 + + upstream: Add ed25519 key and test SSHFP export of it. Only test + + RSA SSHFP export if we have RSA functionality compiled in. + + OpenBSD-Regress-ID: b4ff5181b8c9a5862e7f0ecdd96108622333a9af - upstream: add sshkey_check_cert_sigtype() that checks a +commit 0075511e27e5394faa28edca02bfbf13b9a6693e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 19 00:16:26 2021 +0000 + + upstream: Group keygen tests together. - cert->signature_type against a supplied whitelist; ok markus + OpenBSD-Regress-ID: 07e2d25c527bb44f03b7c329d893a1f2d6c5c40c + +commit 034828820c7e62652e7c48f9ee6b67fb7ba6fa26 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Jul 18 23:10:10 2021 +0000 + + upstream: Add test for ssh-keygen printing of SSHFP records. - OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302 + OpenBSD-Regress-ID: fde9566b56eeb980e149bbe157a884838507c46b -commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b +commit 52c3b6985ef1d5dadb4c4fe212f8b3a78ca96812 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:31:30 2018 +0000 +Date: Sat Jul 17 00:38:11 2021 +0000 - upstream: add cert->signature_type field and keep it in sync with + upstream: wrap some long lines - certificate signature wrt loading and certification operations; ok markus@ + OpenBSD-Commit-ID: 4f5186b1466656762dae37d3e569438d900c350d + +commit 43ec991a782791d0b3f42898cd789f99a07bfaa4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jul 17 00:36:53 2021 +0000 + + upstream: fix sftp on ControlPersist connections, broken by recent - OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3 + SessionType change; spotted by sthen@ + + OpenBSD-Commit-ID: 4c5ddc5698790ae6ff50d2a4f8f832f0eeeaa234 -commit 357128ac48630a9970e3af0e6ff820300a28da47 +commit 073f45c236550f158c9a94003e4611c07dea5279 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:30:10 2018 +0000 +Date: Fri Jul 16 09:00:23 2021 +0000 - upstream: Add "ssh -Q sig" to allow listing supported signature + upstream: Explicitly check for and start time-based rekeying in the + + client and server mainloops. - algorithms ok markus@ + Previously the rekey timeout could expire but rekeying would not start + until a packet was sent or received. This could cause us to spin in + select() on the rekey timeout if the connection was quiet. + + ok markus@ - OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b + OpenBSD-Commit-ID: 4356cf50d7900f3df0a8f2117d9e07c91b9ff987 -commit 9405c6214f667be604a820c6823b27d0ea77937d +commit ef7c4e52d5d840607f9ca3a302a4cbb81053eccf +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Jul 14 06:46:38 2021 +0000 + + upstream: reorder SessionType; ok djm + + OpenBSD-Commit-ID: c7dd0b39e942b1caf4976a0b1cf0fed33d05418c + +commit 8aa2f9aeb56506dca996d68ab90ab9c0bebd7ec3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 14 11:26:50 2021 +1000 + + Make whitespace consistent. + +commit 4f4297ee9b8a39f4dfd243a74c5f51f9e7a05723 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 14 11:26:12 2021 +1000 + + Add ARM64 Linux self-hosted runner. + +commit eda8909d1b0a85b9c3804a04d03ec6738fd9dc7f Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:21:34 2018 +0000 +Date: Tue Jul 13 23:48:36 2021 +0000 - upstream: allow key revocation by SHA256 hash and allow ssh-keygen + upstream: add a SessionType directive to ssh_config, allowing the - to create KRLs using SHA256/base64 key fingerprints; ok markus@ + configuration file to offer equivalent control to the -N (no session) and -s + (subsystem) command-line flags. - OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94 + Part of GHPR#231 by Volker Diels-Grabsch with some minor tweaks; + feedback and ok dtucker@ + + OpenBSD-Commit-ID: 726ee931dd4c5cc7f1d7a187b26f41257f9a2d12 -commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 +commit 7ae69f2628e338ba6e0eae7ee8a63bcf8fea7538 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Sep 12 01:19:12 2018 +0000 +Date: Mon Jul 12 02:12:22 2021 +0000 - upstream: log certificate fingerprint in authentication + upstream: fix some broken tests; clean up output - success/failure message (previously we logged only key ID and CA key - fingerprint). + OpenBSD-Regress-ID: 1d5038edb511dc4ce1622344c1e724626a253566 + +commit f5fc6a4c3404bbf65c21ca6361853b33d78aa87e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jul 12 18:00:05 2021 +1000 + + Add configure-time detection for SSH_TIME_T_MAX. - ok markus@ + Should fix printing cert times exceeding INT_MAX (bz#3329) on platforms + were time_t is a long long. The limit used is for the signed type, so if + some system has a 32bit unsigned time_t then the lower limit will still + be imposed and we would need to add some way to detect this. Anyone using + an unsigned 64bit can let us know when it starts being a problem. + +commit fd2d06ae4442820429d634c0a8bae11c8e40c174 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 12 06:22:57 2021 +0000 + + upstream: Make limit for time_t test unconditional in the + + format_absolute_time fix for bz#3329 that allows printing of timestamps past + INT_MAX. This was incorrectly included with the previous commit. Based on + discussion with djm@. - OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d + OpenBSD-Commit-ID: 835936f6837c86504b07cabb596b613600cf0f6e -commit de37ca909487d23e5844aca289b3f5e75d3f1e1f +commit 6c29b387cd64a57b0ec8ae7d2c8d02789d88fcc3 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Sep 7 04:26:56 2018 +0000 +Date: Mon Jul 12 06:08:57 2021 +0000 - upstream: Add FALLTHROUGH comments where appropriate. Patch from + upstream: Use existing format_absolute_time() function when - jjelen at redhat via bz#2687. + printing cert validity instead of doing it inline. Part of bz#3329. - OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3 + OpenBSD-Commit-ID: a13d4e3c4f59644c23745eb02a09b2a4e717c00c -commit 247766cd3111d5d8c6ea39833a3257ca8fb820f2 +commit 99981d5f8bfa383791afea03f6bce8454e96e323 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 7 01:42:54 2018 +0000 +Date: Fri Jul 9 09:55:56 2021 +0000 + + upstream: silence redundant error message; reported by Fabian Stelzer + + OpenBSD-Commit-ID: 9349a703016579a60557dafd03af2fe1d44e6aa2 + +commit e86097813419b49d5bff5c4b51d1c3a5d4d2d804 +Author: John Ericson <John.Ericson@Obsidian.Systems> +Date: Sat Dec 26 11:40:49 2020 -0500 + + Re-indent krb5 section after pkg-config addition. + +commit 32dd2daa56c294e40ff7efea482c9eac536d8cbb +Author: John Ericson <John.Ericson@Obsidian.Systems> +Date: Sat Dec 26 11:40:49 2020 -0500 + + Support finding Kerberos via pkg-config + + This makes cross compilation easier. + +commit def7a72234d7e4f684d72d33a0f7229f9eee0aa4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 9 14:34:06 2021 +1000 + + Update comments about EGD to include prngd. + +commit b5d23150b4e3368f4983fd169d432c07afeee45a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 5 01:21:07 2021 +0000 - upstream: ssh -MM requires confirmation for all operations that + upstream: Fix a couple of whitespace things. Portable already has - change the multiplexing state, not just new sessions. + these so this removes two diffs between the two. - mention that confirmation is checked via ssh-askpass + OpenBSD-Commit-ID: 769f017ebafd8e741e337b3e9e89eb5ac73c9c56 + +commit 8f57be9f279b8e905f9883066aa633c7e67b31cf +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 5 01:16:46 2021 +0000 + + upstream: Order includes as per style(9). Portable already has + + these so this removes a handful of diffs between the two. - OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2 + OpenBSD-Commit-ID: 8bd7452d809b199c19bfc49511a798f414eb4a77 -commit db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f -Author: mestre@openbsd.org <mestre@openbsd.org> -Date: Tue Aug 28 12:25:53 2018 +0000 +commit b75624f8733b3ed9e240f86cac5d4a39dae11848 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 5 00:50:25 2021 +0000 - upstream: fix misplaced parenthesis inside if-clause. it's harmless + upstream: Remove comment referencing now-removed - and the only issue is showing an unknown error (since it's not defined) - during fatal(), if it ever an error occurs inside that condition. + RhostsRSAAuthentication. ok djm@ - OK deraadt@ markus@ djm@ + OpenBSD-Commit-ID: 3d864bfbd99a1d4429a58e301688f3be464827a9 + +commit b67eb12f013c5441bb4f0893a97533582ad4eb13 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 5 00:25:42 2021 +0000 + + upstream: allow spaces to appear in usernames for local to remote, - OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8 + and scp -3 remote to remote copies. with & ok dtucker bz#1164 + + OpenBSD-Commit-ID: e9b550f3a85ffbb079b6720833da31317901d6dd -commit 086cc614f550b7d4f100c95e472a6b6b823938ab -Author: mestre@openbsd.org <mestre@openbsd.org> -Date: Tue Aug 28 12:17:45 2018 +0000 +commit 8c4ef0943e574f614fc7c6c7e427fd81ee64ab87 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 2 07:20:44 2021 +0000 - upstream: fix build with DEBUG_PK enabled + upstream: Remove obsolete comments about SSHv1 auth methods. ok - OK dtucker@ + djm@ - OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c + OpenBSD-Commit-ID: 6060f70966f362d8eb4bec3da2f6c4712fbfb98f -commit 2678833013e97f8b18f09779b7f70bcbf5eb2ab2 +commit 88908c9b61bcb99f16e8d398fc41e2b3b4be2003 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Sep 7 14:41:53 2018 +1000 +Date: Sat Jul 3 23:00:19 2021 +1000 - Handle ngroups>_SC_NGROUPS_MAX. + Remove reference to ChallengeResponse. - Based on github pull request #99 from Darren Maffat at Oracle: Solaris' - getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return - a larger number of groups. In this case, retry getgrouplist with a - larger array and defer allocating groups_byname. ok djm@ + challenge_response_authentication was removed from the struct, keeping + kbd_interactive_authentication. -commit 039bf2a81797b8f3af6058d34005a4896a363221 +commit 321874416d610ad2158ce6112f094a4862c2e37f Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Sep 7 14:06:57 2018 +1000 +Date: Sat Jul 3 20:38:09 2021 +1000 - Initial len for the fmt=NULL case. - - Patch from jjelen at redhat via bz#2687. (OpenSSH never calls - setproctitle with a null format so len is always initialized). + Move signal.h up include order to match upstream. -commit ea9c06e11d2e8fb2f4d5e02f8a41e23d2bd31ca9 +commit 4fa83e2d0e32c2dd758653e0359984bbf1334f32 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Sep 7 14:01:39 2018 +1000 +Date: Sat Jul 3 20:36:06 2021 +1000 - Include stdlib.h. + Remove old OpenBSD version marker. - Patch from jjelen at redhat via bz#2687. + Looks like an accidental leftover from a sync. -commit 9617816dbe73ec4d65075f4d897443f63a97c87f -Author: Damien Miller <djm@mindrot.org> -Date: Mon Aug 27 13:08:01 2018 +1000 +commit 9d5e31f55d5f3899b72645bac41a932d298ad73b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 3 20:34:19 2021 +1000 - document some more regress control env variables - - Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of - environment variables. + Remove duplicate error on error path. - Based on patch from Jakub Jelen + There's an extra error() call on the listen error path, it looks like + its removal was missed during an upstream sync. -commit 71508e06fab14bc415a79a08f5535ad7bffa93d9 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Aug 23 15:41:42 2018 +1000 +commit 888c459925c7478ce22ff206c9ac1fb812a40caf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 3 20:32:46 2021 +1000 - shorten temporary SSH_REGRESS_TMP path + Remove some whitespace not in upstream. - Previous path was exceeding max socket length on at least one platform (OSX) + Reduces diff vs OpenBSD by a small amount. -commit 26739cf5bdc9030a583b41ae5261dedd862060f0 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Aug 23 13:06:02 2018 +1000 +commit 4d2d4d47a18d93f3e0a91a241a6fdb545bbf7dc2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 3 19:27:43 2021 +1000 - rebuild dependencies + Replace remaining references to ChallengeResponse. + + Portable had a few additional references to ChallengeResponse related to + UsePAM, replaces these with equivalent keyboard-interactive ones. -commit ff729025c7463cf5d0a8d1ca1823306e48c6d4cf -Author: Damien Miller <djm@mindrot.org> -Date: Thu Aug 23 13:03:32 2018 +1000 +commit 53237ac789183946dac6dcb8838bc3b6b9b43be1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 3 19:23:28 2021 +1000 - fix path in distclean target + Sync remaining ChallengeResponse removal. - Patch from Jakub Jelen + These were omitted from commit 88868fd131. -commit 7fef173c28f7462dcd8ee017fdf12b5073f54c02 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Aug 23 03:01:08 2018 +0000 +commit 2c9e4b319f7e98744b188b0f58859d431def343b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 3 19:17:31 2021 +1000 + + Disable rocky84 to figure out why agent test fails + +commit bfe19197a92b7916f64a121fbd3c179abf15e218 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 2 15:43:28 2021 +1000 - upstream: memleak introduced in r1.83; from Colin Watson + Remove now-unused SSHv1 enums. - OpenBSD-Commit-ID: 5c019104c280cbd549a264a7217b67665e5732dc + sRhostsRSAAuthentication and sRSAAuthentication are protocol 1 options + and are no longer used. -commit b8ae02a2896778b8984c7f51566c7f0f56fa8b56 -Author: schwarze@openbsd.org <schwarze@openbsd.org> -Date: Tue Aug 21 13:56:27 2018 +0000 +commit c73b02d92d72458a5312bd098f32ce88868fd131 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 2 05:11:20 2021 +0000 - upstream: AIX reports the CODESET as "ISO8859-1" in the POSIX locale. + upstream: Remove references to ChallengeResponseAuthentication in - Treating that as a safe encoding is OK because even when other systems return - that string for real ISO8859-1, it is still safe in the sense that it is - ASCII-compatible and stateless. + favour of KbdInteractiveAuthentication. The former is what was in SSHv1, the + latter is what is in SSHv2 (RFC4256) and they were treated as somewhat but + not entirely equivalent. We retain the old name as deprecated alias so + config files continue to work and a reference in the man page for people + looking for it. - Issue reported by Val dot Baranov at duke dot edu. Additional - information provided by Michael dot Felt at felt dot demon dot nl. - Tested by Michael Felt on AIX 6.1 and by Val Baranov on AIX 7.1. - Tweak and OK djm@. + Prompted by bz#3303 which pointed out the discrepancy between the two + when used with Match. Man page help & ok jmc@, with & ok djm@ - OpenBSD-Commit-ID: 36f1210e0b229817d10eb490d6038f507b8256a7 + OpenBSD-Commit-ID: 2c1bff8e5c9852cfcdab1f3ea94dfef5a22f3b7e -commit bc44ee088ad269d232e514f037c87ada4c2fd3f0 -Author: Tim Rice <tim@multitalents.net> -Date: Tue Aug 21 08:57:24 2018 -0700 +commit f841fc9c8c7568a3b5d84a4cc0cefacb7dbc16b9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 2 15:20:32 2021 +1000 - modified: openbsd-compat/port-uw.c - remove obsolete and un-needed include + Fix ifdefs around get_random_bytes_prngd. + + get_random_bytes_prngd() is used if either of PRNGD_PORT or PRNGD_SOCKET + are defined, so adjust ifdef accordingly. -commit 829fc28a9c54e3f812ee7248c7a3e31eeb4f0b3a +commit 0767627cf66574484b9c0834500b42ea04fe528a Author: Damien Miller <djm@mindrot.org> -Date: Mon Aug 20 15:57:29 2018 +1000 +Date: Fri Jul 2 14:30:23 2021 +1000 - Missing unistd.h for regress/mkdtemp.c + wrap get_random_bytes_prngd() in ifdef + + avoid unused static function warning -commit c8313e492355a368a91799131520d92743d8d16c -Author: Damien Miller <djm@mindrot.org> -Date: Fri Aug 17 05:45:20 2018 +1000 +commit f93fdc4de158386efe1116bd44c5b3f4a7a82c25 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jun 28 13:06:37 2021 +1000 - update version numbers in anticipation of release + Add rocky84 test target. -commit 477b49a34b89f506f4794b35e3c70b3e2e83cd38 -Author: Corinna Vinschen <vinschen@redhat.com> -Date: Mon Aug 13 17:08:51 2018 +0200 +commit d443006c0ddfa7f6a5bd9c0ae92036f3d5f2fa3b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 25 06:30:22 2021 +0000 - configure: work around GCC shortcoming on Cygwin + upstream: fix decoding of X.509 subject name; from Leif Thuresson - Cygwin's latest 7.x GCC allows to specify -mfunction-return=thunk - as well as -mindirect-branch=thunk on the command line, albeit - producing invalid code, leading to an error at link stage. + via bz3327 ok markus@ - The check in configure.ac only checks if the option is present, - but not if it produces valid code. + OpenBSD-Commit-ID: 0ea2e28f39750dd388b7e317bc43dd997a217ae8 + +commit 2a5704ec142202d387fda2d6872fd4715ab81347 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 25 06:20:39 2021 +0000 + + upstream: Use better language to refer to the user. From l1ving - This patch fixes it by special-casing Cygwin. Another solution - may be to change these to linker checks. + via github PR#250, ok jmc@ - Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + OpenBSD-Commit-ID: 07ca3526626996613e128aeddf7748c93c4d6bbf -commit b0917945efa374be7648d67dbbaaff323ab39edc -Author: Corinna Vinschen <vinschen@redhat.com> -Date: Mon Aug 13 17:05:05 2018 +0200 +commit 4bdf7a04797a0ea1c431a9d54588417c29177d19 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 25 03:38:17 2021 +0000 - cygwin: add missing stdarg.h include + upstream: Replace SIGCHLD/notify_pipe kludge with pselect. + + Previously sshd's SIGCHLD handler would wake up select() by writing a + byte to notify_pipe. We can remove this by blocking SIGCHLD, checking + for child terminations then passing the original signal mask through + to pselect. This ensures that the pselect will immediately wake up if + a child terminates between wait()ing on them and the pselect. + + In -portable, for platforms that do not have pselect the kludge is still + there but is hidden behind a pselect interface. - Further header file standarization in Cygwin uncovered a lazy - indirect include in bsd-cygwin_util.c + Based on other changes for bz#2158, ok djm@ - Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + OpenBSD-Commit-ID: 202c85de0b3bdf1744fe53529a05404c5480d813 -commit c3903c38b0fd168ab3d925c2b129d1a599593426 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Aug 13 02:41:05 2018 +0000 +commit c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 25 15:08:18 2021 +1000 - upstream: revert compat.[ch] section of the following change. It - - causes double-free under some circumstances. + Move closefrom() to before first malloc. - -- + When built against tcmalloc, tcmalloc allocates a descriptor for its + internal use, so calling closefrom() afterward causes the descriptor + number to be reused resulting in a corrupted connection. Moving the + closefrom a little earlier should resolve this. From kircherlike at + outlook.com via bz#3321, ok djm@ + +commit 7ebfe4e439853b88997c9cfc2ff703408a1cca92 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 18 20:41:45 2021 +1000 + + Put second -lssh in link line for sftp-server. - date: 2018/07/31 03:07:24; author: djm; state: Exp; lines: +33 -18; commitid: f7g4UI8eeOXReTPh; - fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366 - feedback and ok dtucker@ + When building --without-openssl the recent port-prngd.c change adds + a dependency on atomicio, but since nothing else in sftp-server uses + it, the linker may not find it. Add a second -lssh similar to other + binaries. + +commit e409d7966785cfd9f5970e66a820685c42169717 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 18 18:34:08 2021 +1000 + + Try EGD/PRNGD if random device fails. - OpenBSD-Commit-ID: 1e77547f60fdb5e2ffe23e2e4733c54d8d2d1137 + When built --without-openssl, try EGD/PRGGD (if configured) as a last + resort before failing. -commit 1b9dd4aa15208100fbc3650f33ea052255578282 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Aug 12 20:19:13 2018 +0000 +commit e43a898043faa3a965dbaa1193cc60e0b479033d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 18 18:32:51 2021 +1000 - upstream: better diagnosics on alg list assembly errors; ok + Split EGD/PRNGD interface into its own file. - deraadt@ markus@ + This will allow us to use it when building --without-openssl. + +commit acb2887a769a1b1912cfd7067f3ce04fad240260 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jun 17 21:03:19 2021 +1000 + + Handle GIDs > 2^31 in getgrouplist. - OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee + When compiled in 32bit mode, the getgrouplist implementation may fail + for GIDs greater than LONG_MAX. Analysis and change from ralf.winkel + at tui.com. -commit e36a5f61b0f5bebf6d49c215d228cd99dfe86e28 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Aug 11 18:08:45 2018 -0700 +commit 31fac20c941126281b527605b73bff30a8f02edd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jun 10 09:46:28 2021 +0000 - Some AIX fixes; report from Michael Felt + upstream: Use $SUDO when reading sshd's pidfile here too. + + OpenBSD-Regress-ID: 6bfb0d455d493f24839034a629c5306f84dbd409 -commit 2f4766ceefe6657c5ad5fe92d13c411872acae0e +commit a3a58acffc8cc527f8fc6729486d34e4c3d27643 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Aug 10 01:35:49 2018 +0000 +Date: Thu Jun 10 09:43:51 2021 +0000 - upstream: The script that cooks up PuTTY format host keys does not + upstream: Use $SUDO when reading sshd's pidfile in case it was - understand the new key format so convert back to old format to create the - PuTTY key and remove it once done. + created with a very restrictive umask. This resyncs with -portable. - OpenBSD-Regress-ID: 2a449a18846c3a144bc645135b551ba6177e38d3 + OpenBSD-Regress-ID: 07fd2af06df759d4f64b82c59094accca1076a5d -commit e1b26ce504662a5d5b991091228984ccfd25f280 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 10 00:44:01 2018 +0000 +commit 249ad4ae51cd3bc235e75a4846eccdf8b1416611 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jun 10 09:37:59 2021 +0000 - upstream: improve + upstream: Set umask when creating hostkeys to prevent excessive + + permissions warning. - OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60 + OpenBSD-Regress-ID: 382841db0ee28dfef7f7bffbd511803e1b8ab0ef -commit 7c712966a3139622f7fb55045368d05de4e6782c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 10 00:42:29 2018 +0000 +commit 9d0892153c005cc65897e9372b01fa66fcbe2842 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jun 10 03:45:31 2021 +0000 - upstream: Describe pubkey format, prompted by bz#2853 + upstream: Add regress test for SIGHUP restart - While I'm here, describe and link to the remaining local PROTOCOL.* - docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and - PROTOCOL.mux) + while handling active and unauthenticated clients. Should catch anything + similar to the pselect bug just fixed in sshd.c. - OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231 + OpenBSD-Regress-ID: 3b3c19b5e75e43af1ebcb9586875b3ae3a4cac73 -commit ef100a2c5a8ed83afac0b8f36520815803da227a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 10 00:27:15 2018 +0000 +commit 73f6f191f44440ca3049b9d3c8e5401d10b55097 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jun 10 03:14:14 2021 +0000 - upstream: fix numbering + upstream: Continue accept loop when pselect - OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596 + returns -1, eg if it was interrupted by a signal. This should prevent + the hang discovered by sthen@ wherein sshd receives a SIGHUP while it has + an unauthenticated child and goes on to a blocking read on a notify_pipe. + feedback deraadt@, ok djm@ + + OpenBSD-Commit-ID: 0243c1c5544fca0974dae92cd4079543a3fceaa0 -commit ed7bd5d93fe14c7bd90febd29b858ea985d14d45 +commit c785c0ae134a8e8b5c82b2193f64c632a98159e4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Aug 8 01:16:01 2018 +0000 +Date: Tue Jun 8 22:30:27 2021 +0000 - upstream: Use new private key format by default. This format is + upstream: test that UserKnownHostsFile correctly accepts multiple - suported by OpenSSH >= 6.5 (released January 2014), so it should be supported - by most OpenSSH versions in active use. + arguments; would have caught readconf.c r1.356 regression - It is possible to convert new-format private keys to the older - format using "ssh-keygen -f /path/key -pm PEM". + OpenBSD-Regress-ID: 71ca54e66c2a0211b04999263e56390b1f323a6a + +commit 1a6f6b08e62c78906a3032e8d9a83e721c84574e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 8 22:06:12 2021 +0000 + + upstream: fix regression in r1.356: for ssh_config options that - ok deraadt dtucker + accepted multiple string arguments, ssh was only recording the first. + Reported by Lucas via bugs@ - OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8 + OpenBSD-Commit-ID: 7cbf182f7449bf1cb7c5b4452667dc2b41170d6d -commit 967226a1bdde59ea137e8f0df871854ff7b91366 +commit 78e30af3e2b2dd540a341cc827c6b98dd8b0a6de Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Aug 4 00:55:06 2018 +0000 +Date: Tue Jun 8 07:40:12 2021 +0000 + + upstream: test argv_split() optional termination on comments + + OpenBSD-Regress-ID: 9fd1c4a27a409897437c010cfd79c54b639a059c + +commit a023138957ea2becf1c7f93fcc42b0aaac6f2b03 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jun 8 07:05:27 2021 +0000 - upstream: invalidate dh->priv_key after freeing it in error path; + upstream: Add testcases from bz#3319 for IPQoS and TunnelDevice - avoids unlikely double-free later. Reported by Viktor Dukhovni via - https://github.com/openssh/openssh-portable/pull/96 feedback jsing@ tb@ + being overridden on the command line. - OpenBSD-Commit-ID: e317eb17c3e05500ae851f279ef6486f0457c805 + OpenBSD-Regress-ID: 801674d5d2d02abd58274a78cab2711f11de14a8 -commit 74287f5df9966a0648b4a68417451dd18f079ab8 +commit 660cea10b2cdc11f13ba99c89b1bbb368a4d9ff2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 31 03:10:27 2018 +0000 +Date: Tue Jun 8 06:52:43 2021 +0000 - upstream: delay bailout for invalid authentic + upstream: sprinkle some "# comment" at end of configuration lines - =?UTF-8?q?ating=20user=20until=20after=20the=20packet=20containing=20the?= - =?UTF-8?q?=20request=20has=20been=20fully=20parsed.=20Reported=20by=20Dar?= - =?UTF-8?q?iusz=20Tytko=20and=20Micha=C5=82=20Sajdak;=20ok=20deraadt?= - MIME-Version: 1.0 - Content-Type: text/plain; charset=UTF-8 - Content-Transfer-Encoding: 8bit + to test comment handling - OpenBSD-Commit-ID: b4891882fbe413f230fe8ac8a37349b03bd0b70d + OpenBSD-Regress-ID: cb82fbf40bda5c257a9f742c63b1798e5a8fdda7 -commit 1a66079c0669813306cc69e5776a4acd9fb49015 +commit acc9c32dcb6def6c7d3688bceb4c0e59bd26b411 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 31 03:07:24 2018 +0000 +Date: Tue Jun 8 06:51:47 2021 +0000 - upstream: fix some memory leaks spotted by Coverity via Jakub Jelen + upstream: more descriptive failure message - in bz#2366 feedback and ok dtucker@ - - OpenBSD-Commit-ID: 8402bbae67d578bedbadb0ce68ff7c5a136ef563 + OpenBSD-Regress-ID: 5300f6faf1d9e99c0cd10827b51756c5510e3509 -commit 87f08be054b7eeadbb9cdeb3fb4872be79ccf218 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 20 13:18:28 2018 +1000 +commit ce04dd4eae23d1c9cf7c424a702f48ee78573bc1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 7 01:16:34 2021 +0000 - Remove support for S/Key + upstream: test AuthenticationMethods inside a Match block as well + + as in the main config section - Most people will 1) be using modern multi-factor authentication methods - like TOTP/OATH etc and 2) be getting support for multi-factor - authentication via PAM or BSD Auth. + OpenBSD-Regress-ID: ebe0a686621b7cb8bb003ac520975279c28747f7 -commit 5d14019ba2ff54acbfd20a6b9b96bb860a8c7c31 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Jul 27 12:03:17 2018 +0000 +commit 9018bd821fca17e26e92f7a7e51d9b24cd62f2db +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 7 00:00:50 2021 +0000 - upstream: avoid expensive channel_open_message() calls; ok djm@ + upstream: prepare for stricter sshd_config parsing that will refuse - OpenBSD-Commit-ID: aea3b5512ad681cd8710367d743e8a753d4425d9 + a config that has {Allow,Deny}{Users,Groups} on a line with no subsequent + arguments. Such lines are permitted but are nonsensical noops ATM + + OpenBSD-Regress-ID: ef65463fcbc0bd044e27f3fe400ea56eb4b8f650 -commit e655ee04a3cb7999dbf9641b25192353e2b69418 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 27 05:34:42 2018 +0000 +commit a10f929d1ce80640129fc5b6bc1acd9bf689169e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 8 07:09:42 2021 +0000 - upstream: Now that ssh can't be setuid, remove the + upstream: switch sshd_config parsing to argv_split() + + similar to the previous commit, this switches sshd_config parsing to + the newer tokeniser. Config parsing will be a little stricter wrt + quote correctness and directives appearing without arguments. - original_real_uid and original_effective_uid globals and replace with calls - to plain getuid(). ok djm@ + feedback and ok markus@ - OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c + tested in snaps for the last five or so days - thanks Theo and those who + caught bugs + + OpenBSD-Commit-ID: 9c4305631d20c2d194661504ce11e1f68b20d93e -commit 73ddb25bae4c33a0db361ac13f2e3a60d7c6c4a5 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 27 05:13:02 2018 +0000 +commit ea9e45c89a4822d74a9d97fef8480707d584da4d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 8 07:07:15 2021 +0000 - upstream: Remove uid checks from low port binds. Now that ssh + upstream: Switch ssh_config parsing to use argv_split() - cannot be setuid and sshd always has privsep on, we can remove the uid checks - for low port binds and just let the system do the check. We leave a sanity - check for the !privsep case so long as the code is stil there. with & ok - djm@ + This fixes a couple of problems with the previous tokeniser, + strdelim() + + 1. strdelim() is permissive wrt accepting '=' characters. This is + intended to allow it to tokenise "Option=value" but because it + cannot keep state, it will incorrectly split "Opt=val=val2". + 2. strdelim() has rudimentry handling of quoted strings, but it + is incomplete and inconsistent. E.g. it doesn't handle escaped + quotes inside a quoted string. + 3. It has no support for stopping on a (unquoted) comment. Because + of this readconf.c r1.343 added chopping of lines at '#', but + this caused a regression because these characters may legitimately + appear inside quoted strings. + + The new tokeniser is stricter is a number of cases, including #1 above + but previously it was also possible for some directives to appear + without arguments. AFAIK these were nonsensical in all cases, and the + new tokeniser refuses to accept them. + + The new code handles quotes much better, permitting quoted space as + well as escaped closing quotes. Finally, comment handling should be + fixed - the tokeniser will terminate only on unquoted # characters. + + feedback & ok markus@ - OpenBSD-Commit-ID: 9535cfdbd1cd54486fdbedfaee44ce4367ec7ca0 + tested in snaps for the last five or so days - thanks Theo and those who + caught bugs + + OpenBSD-Commit-ID: dc72fd12af9d5398f4d9e159d671f9269c5b14d5 -commit c12033e102760d043bc5c98e6c8180e4d331b0df +commit d786424986c04d1d375f231fda177c8408e05c3e Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 27 03:55:22 2018 +0000 +Date: Tue Jun 8 07:02:46 2021 +0000 - upstream: ssh(1) no longer supports being setuid root. Remove reference + upstream: Check if IPQoS or TunnelDevice are already set before - to crc32 which went with protocol 1. Pointed out by deraadt@. + overriding. Prevents values in config files from overriding values supplied + on the command line. bz#3319, ok markus. - OpenBSD-Commit-ID: f8763c25fd96ed91dd1abdab5667fd2e27e377b6 + OpenBSD-Commit-ID: f3b08b898c324debb9195e6865d8999406938f74 -commit 4492e2ec4e1956a277ef507f51d66e5c2aafaaf8 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 27 14:15:28 2018 +1000 +commit aae4b4d3585b9f944d7dbd3c9e5ba0006c55e457 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 8 06:54:40 2021 +0000 - correct snprintf truncation check in closefrom() + upstream: Allow argv_split() to optionally terminate tokenisation + + when it encounters an unquoted comment. - Truncation cannot happen unless the system has set PATH_MAX to some - nonsensically low value. + Add some additional utility function for working with argument + vectors, since we'll be switching to using them to parse + ssh/sshd_config shortly. - bz#2862, patch from Daniel Le + ok markus@ as part of a larger diff; tested in snaps + + OpenBSD-Commit-ID: fd9c108cef2f713f24e3bc5848861d221bb3a1ac -commit 149cab325a8599a003364ed833f878449c15f259 +commit da9f9acaac5bab95dca642b48e0c8182b246ab69 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 27 13:46:06 2018 +1000 +Date: Mon Jun 7 19:19:23 2021 +1000 - Include stdarg.h in mkdtemp for va_list. + Save logs on failure for upstream test -commit 6728f31bdfdc864d192773c32465b1860e23f556 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Jul 25 17:12:35 2018 +0000 +commit 76883c60161e5f3808787085a27a8c37f8cc4e08 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jun 7 14:36:32 2021 +1000 - upstream: Don't redefine Makefile choices which come correct from + Add obsdsnap-i386 upstream test target. + +commit d45b9c63f947ec5ec314696e70281f6afddc0ac3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 7 03:38:38 2021 +0000 + + upstream: fix debug message when finding a private key to match a - bsd.*.mk ok markus + certificate being attempted for user authentication. Previously it would + print the certificate's path, whereas it was supposed to be showing the + private key's path. Patch from Alex Sherwin via GHPR247 - OpenBSD-Commit-ID: 814b2f670df75759e1581ecef530980b2b3d7e0f + OpenBSD-Commit-ID: d5af3be66d0f22c371dc1fe6195e774a18b2327b -commit 21fd477a855753c1a8e450963669e28e39c3b5d2 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Jul 25 13:56:23 2018 +0000 +commit 530739d42f6102668aecd699be0ce59815c1eceb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jun 6 11:34:16 2021 +0000 - upstream: fix indent; Clemens Goessnitzer + upstream: Match host certificates against host public keys, not private + + keys. Allows use of certificates with private keys held in a ssh-agent. + Reported by Miles Zhou in bz3524; ok dtucker@ - OpenBSD-Commit-ID: b5149a6d92b264d35f879d24608087b254857a83 + OpenBSD-Commit-ID: 25f5bf70003126d19162862d9eb380bf34bac22a -commit 8e433c2083db8664c41499ee146448ea7ebe7dbf -Author: beck@openbsd.org <beck@openbsd.org> -Date: Wed Jul 25 13:10:56 2018 +0000 +commit 4265215d7300901fd7097061c7517688ade82f8e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jun 6 03:40:39 2021 +0000 - upstream: Use the caller provided (copied) pwent struct in + upstream: Client-side workaround for a bug in OpenSSH 7.4: this release + + allows RSA/SHA2 signatures for public key authentication but fails to + advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these + server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse + to offer valid keys. - load_public_identity_files instead of calling getpwuid() again and discarding - the argument. This prevents a client crash where tilde_expand_filename calls - getpwuid() again before the pwent pointer is used. Issue noticed and reported - by Pierre-Olivier Martel <pom@apple.com> ok djm@ deraadt@ + Reported by and based on patch from Gordon Messmer via bz3213, thanks + also for additional analysis by Jakub Jelen. ok dtucker - OpenBSD-Commit-ID: a067d74b5b098763736c94cc1368de8ea3f0b157 + OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7 -commit e2127abb105ae72b6fda64fff150e6b24b3f1317 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Jul 23 19:53:55 2018 +0000 +commit bda270d7fb8522d43c21a79a4b02a052d7c64de8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jun 6 03:17:02 2021 +0000 - upstream: oops, failed to notice that SEE ALSO got messed up; + upstream: degrade gracefully if a sftp-server offers the - OpenBSD-Commit-ID: 61c1306542cefdc6e59ac331751afe961557427d + limits@openssh.com extension but fails when the client tries to invoke it. + Reported by Hector Martin via bz3318 + + OpenBSD-Commit-ID: bd9d1839c41811616ede4da467e25746fcd9b967 -commit ddf1b797c2d26bbbc9d410aa4f484cbe94673587 -Author: kn@openbsd.org <kn@openbsd.org> -Date: Mon Jul 23 19:02:49 2018 +0000 +commit d345d5811afdc2d6923019b653cdd93c4cc95f76 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jun 6 03:15:39 2021 +0000 - upstream: Point to glob in section 7 for the actual list of special + upstream: the limits@openssh.com extension was incorrectly marked - characters instead the C API in section 3. + as an operation that writes to the filesystem, which made it unavailable in + sftp-server read-only mode. Spotted by Hector Martin via bz3318 - OK millert jmc nicm, "the right idea" deraadt + OpenBSD-Commit-ID: f054465230787e37516c4b57098fc7975e00f067 + +commit 2b71010d9b43d7b8c9ec1bf010beb00d98fa765a +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sat Jun 5 13:47:00 2021 +0000 + + upstream: PROTOCOL.certkeys: update reference from IETF draft to + + RFC - OpenBSD-Commit-ID: a74fd215488c382809e4d041613aeba4a4b1ffc6 + Also fix some typos. + ok djm@ + + OpenBSD-Commit-ID: 5e855b6c5a22b5b13f8ffa3897a868e40d349b44 -commit 01c98d9661d0ed6156e8602b650f72eed9fc4d12 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Jul 22 12:16:59 2018 +0000 +commit aa99b2d9a3e45b943196914e8d8bf086646fdb54 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 4 23:41:29 2021 +1000 + + Clear notify_pipe from readset if present. + + Prevents leaking an implementation detail to the caller. + +commit 6de8dadf6b4d0627d35bca0667ca44b1d61c2c6b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 4 23:24:25 2021 +1000 + + space->tabs. + +commit c8677065070ee34c05c7582a9c2f58d8642e552d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 4 18:39:48 2021 +1000 - upstream: Switch authorized_keys example from ssh-dss to ssh-rsa + Add pselect implementation for platforms without. - since the former is no longer enabled by default. Pointed out by Daniel A. - Maierhofer, ok jmc + This is basically the existing notify_pipe kludge from serverloop.c + moved behind a pselect interface. It works by installing a signal + handler that writes to a pipe that the select is watching, then calls + the original handler. - OpenBSD-Commit-ID: 6a196cef53d7524e0c9b58cdbc1b5609debaf8c7 + The select call in serverloop will become pselect soon, at which point the + kludge will be removed from thereand will only exist in the compat layer. + Original code by markus, help from djm. -commit 472269f8fe19343971c2d08f504ab5cbb8234b33 +commit 7cd7f302d3a072748299f362f9e241d81fcecd26 +Author: Vincent Brillault <vincent.brillault@cern.ch> +Date: Sun May 24 09:15:06 2020 +0200 + + auth_log: dont log partial successes as failures + + By design, 'partial' logins are successful logins, so initially with + authenticated set to 1, for which another authentication is required. As + a result, authenticated is always reset to 0 when partial is set to 1. + However, even if authenticated is 0, those are not failed login + attempts, similarly to attempts with authctxt->postponed set to 1. + +commit e7606919180661edc7f698e6a1b4ef2cfb363ebf Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 20 05:01:10 2018 +0000 +Date: Fri Jun 4 06:19:07 2021 +0000 - upstream: slightly-clearer description for AuthenticationMethods - the + upstream: The RB_GENERATE_STATIC(3) macro expands to a series of - lists have comma-separated elements; bz#2663 from Hans Meier + function definitions and not a statement, so there should be no semicolon + following them. Patch from Michael Forney - OpenBSD-Commit-ID: 931c983d0fde4764d0942fb2c2b5017635993b5a + OpenBSD-Commit-ID: c975dd180580f0bdc0a4d5b7d41ab1f5e9b7bedd -commit c59aca8adbdf7f5597084ad360a19bedb3f80970 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 20 14:53:42 2018 +1000 +commit c298c4da574ab92df2f051561aeb3e106b0ec954 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 4 05:59:18 2021 +0000 - Create control sockets in clean temp directories + upstream: rework authorized_keys example section, removing irrelevant - Adds a regress/mkdtemp tool and uses it to create empty temp - directories for tests needing control sockets. + stuff, de-wrapping the example lines and better aligning the examples with + common usage and FAQs; ok jmc - Patch from Colin Watson via bz#2660; ok dtucker + OpenBSD-Commit-ID: d59f1c9281f828148e2a2e49eb9629266803b75c -commit 6ad8648e83e4f4ace37b742a05c2a6b6b872514e +commit d9cb35bbec5f623589d7c58fc094817b33030f35 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 20 03:46:34 2018 +0000 +Date: Fri Jun 4 05:10:03 2021 +0000 - upstream: remove unused zlib.h + upstream: adjust SetEnv description to clarify $TERM handling - OpenBSD-Commit-ID: 8d274a9b467c7958df12668b49144056819f79f1 + OpenBSD-Commit-ID: 8b8cc0124856bc1094949d55615e5c44390bcb22 -commit 3ba6e6883527fe517b6e4a824876e2fe62af22fc +commit 771f57a8626709f2ad207058efd68fbf30d31553 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jul 19 23:03:16 2018 +0000 +Date: Fri Jun 4 05:09:08 2021 +0000 - upstream: Fix typo in comment. From Alexandru Iacob via github. + upstream: Switch the listening select loop from select() to + + pselect() and mask signals while checking signal flags, umasking for pselect + and restoring afterwards. Also restore signals before sighup_restart so they + don't remain blocked after restart. - OpenBSD-Commit-ID: eff4ec07c6c8c5483533da43a4dda37d72ef7f1d + This prevents a race where a SIGTERM or SIGHUP can arrive between + checking the flag and calling select (eg if sshd is processing a + new connection) resulting in sshd not shutting down until the next + time it receives a new connection. bz#2158, with & ok djm@ + + OpenBSD-Commit-ID: bf85bf880fd78e00d7478657644fcda97b9a936f -commit c77bc73c91bc656e343a1961756e09dd1b170820 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 20 13:48:51 2018 +1000 +commit f64f8c00d158acc1359b8a096835849b23aa2e86 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 4 05:02:40 2021 +0000 - Explicitly include openssl before zlib. + upstream: allow ssh_config SetEnv to override $TERM, which is otherwise + + handled specially by the protocol. Useful in ~/.ssh/config to set TERM to + something generic (e.g. "xterm" instead of "xterm-256color") for destinations + that lack terminfo entries. feedback and ok dtucker@ - Some versions of OpenSSL have "free_func" in their headers, which zlib - typedefs. Including openssl after zlib (eg via sshkey.h) results in - "syntax error before `free_func'", which this fixes. + OpenBSD-Commit-ID: 38b1ef4d5bc159c7d9d589d05e3017433e2d5758 -commit 95d41e90eafcd1286a901e8e361e4a37b98aeb52 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jul 19 10:28:47 2018 +0000 +commit 60107677dc0ce1e93c61f23c433ad54687fcd9f5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 4 04:02:21 2021 +0000 - upstream: Deprecate UsePrivilegedPort now that support for running + upstream: correct extension name "no-presence-required" => - ssh(1) setuid has been removed, remove supporting code and clean up - references to it in the man pages + "no-touch-required" - We have not shipped ssh(1) the setuid bit since 2002. If ayone - really needs to make connections from a low port number this can - be implemented via a small setuid ProxyCommand. + document "verify-required" option - ok markus@ jmc@ djm@ + OpenBSD-Commit-ID: 1879ff4062cf61d79b515e433aff0bf49a6c55c5 + +commit ecc186e46e3e30f27539b4311366dfda502f0a08 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 2 13:54:11 2021 +1000 + + Retire fbsd7 test target. - OpenBSD-Commit-ID: d03364610b7123ae4c6792f5274bd147b6de717e + It's the slowest of the selfhosted targets (since it's 32bit but has + most of the crypto algos). We still have coverage for 32bit i386. -commit 258dc8bb07dfb35a46e52b0822a2c5b7027df60a +commit 5de0867b822ec48b5eec9abde0f5f95d1d646546 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 2 11:21:40 2021 +1000 + + Check for $OPENSSL in md5 fallback too. + +commit 1db69d1b6542f8419c04cee7fd523a4a11004be2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 2 11:17:54 2021 +1000 + + Add dfly60 target. + +commit a3f2dd955f1c19cad387a139f0e719af346ca6ef Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jul 18 11:34:04 2018 +0000 +Date: Wed Jun 2 00:17:45 2021 +0000 - upstream: Remove support for running ssh(1) setuid and fatal if + upstream: Merge back shell portability changes - attempted. Do not link uidwap.c into ssh any more. Neuters - UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ - djm@ + bringing it back in sync with -portable. - OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42 + OpenBSD-Regress-ID: c07905ba931e66ad7d849b87b7d19648007175d1 -commit ac590760b251506b0a152551abbf8e8d6dc2f527 +commit 9d482295c9f073e84d75af46b720a1c0f7ec2867 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 16 22:25:01 2018 +0000 +Date: Tue Jun 1 23:56:20 2021 +0000 - upstream: Slot 0 in the hostbased key array was previously RSA1, + upstream: Use a default value for $OPENSSL, - but that is now gone and the slot is unused so remove it. Remove two - now-unused macros, and add an array bounds check to the two remaining ones - (array is statically sized, so mostly a safety check on future changes). ok - markus@ + allowing it to be overridden. Do the same in the PuTTY tests since it's + needed there and not exported by test-exec.sh. - OpenBSD-Commit-ID: 2e4c0ca6cc1d8daeccead2aa56192a3f9d5e1e7a + OpenBSD-Regress-ID: c49dcd6aa7602a8606b7afa192196ca1fa65de16 -commit 26efc2f5df0e3bcf6a6bbdd0506fd682d60c2145 +commit 07660b3c99f8ea74ddf4a440e55c16c9f7fb3dd1 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 16 11:05:41 2018 +0000 +Date: Mon May 24 10:25:18 2021 +0000 - upstream: Remove support for loading HostBasedAuthentication keys + upstream: Find openssl binary via environment variable. This - directly in ssh(1) and always use ssh-keysign. This removes one of the few - remaining reasons why ssh(1) might be setuid. ok markus@ + allows overriding if necessary (eg in -portable where we're testing against a + specific version of OpenSSL). - OpenBSD-Commit-ID: 97f01e1448707129a20d75f86bad5d27c3cf0b7d + OpenBSD-Regress-ID: 491f39cae9e762c71aa4bf045803d077139815c5 -commit 3eb7f1038d17af7aea3c2c62d1e30cd545607640 +commit 1a4d1da9188d7c88f646b61f0d6a3b34f47c5439 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 16 07:06:50 2018 +0000 +Date: Fri May 21 04:03:47 2021 +0000 - upstream: keep options.identity_file_userprovided array in sync when we + upstream: fix memleak in test - load keys, fixing some spurious error messages; ok markus + OpenBSD-Regress-ID: 5e529d0982aa04666604936df43242e97a7a6f81 + +commit 60455a5d98065a73ec9a1f303345856bbd49aecc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 21 03:59:01 2021 +0000 + + upstream: also check contents of remaining string - OpenBSD-Commit-ID: c63e3d5200ee2cf9e35bda98de847302566c6a00 + OpenBSD-Regress-ID: d526fa07253f4eebbc7d6205a0ab3d491ec71a28 -commit 2f131e1b34502aa19f345e89cabf6fa3fc097f09 +commit 39f6cd207851d7b67ca46903bfce4a9f615b5b1c Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 16 03:09:59 2018 +0000 +Date: Fri May 21 03:48:07 2021 +0000 - upstream: memleak in unittest; found by valgrind + upstream: unit test for misc.c:strdelim() that mostly servces to + + highlight its inconsistencies - OpenBSD-Regress-ID: 168c23b0fb09fc3d0b438628990d3fd9260a8a5e + OpenBSD-Regress-ID: 8d2bf970fcc01ccc6e36a5065f89b9c7fa934195 + +commit 7a3a1dd2c7d4461962acbcc0ebee9445ba892be0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu May 27 21:23:15 2021 +1000 + + Put minix3 config in the host-specific block. -commit de2997a4cf22ca0a524f0e5b451693c583e2fd89 +commit 59a194825f12fff8a7f75d91bf751ea17645711b Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 16 03:09:13 2018 +0000 +Date: Mon May 31 06:48:42 2021 +0000 - upstream: memleaks; found by valgrind + upstream: Hash challenge supplied by client during FIDO key enrollment - OpenBSD-Commit-ID: 6c3ba22be53e753c899545f771e8399fc93cd844 + prior to passing it to libfido2, which does expect a hash. + + There is no effect for users who are simply generating FIDO keys using + ssh-keygen - by default we generate a random 256 bit challenge, but + people building attestation workflows around our tools should now have + a more consistent experience (esp. fewer failures when they fail to + guess the magic 32-byte challenge length requirement). + + ok markus@ + + OpenBSD-Commit-ID: b8d5363a6a7ca3b23dc28f3ca69470472959f2b5 -commit 61cc0003eb37fa07603c969c12b7c795caa498f3 +commit eb68e669bc8ab968d4cca5bf1357baca7136a826 Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Jul 14 16:49:01 2018 +1000 +Date: Thu May 27 21:14:15 2021 +1000 - Undef a few new macros in sys-queue.h. + Include login_cap.h for login_getpwclass override. - Prevents macro redefinition warnings on OSX. + On minix3, login_getpwclass is __RENAME'ed to __login_getpwclass50 so + without this the include overriding login_getpwclass causes a compile + error. -commit 30a2c213877a54a44dfdffb6ca8db70be5b457e0 +commit 2063af71422501b65c7a92a5e14c0e6a3799ed89 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 13 13:40:20 2018 +1000 +Date: Thu May 27 21:13:38 2021 +1000 + + Add minix3 test target. + +commit 2e1efcfd9f94352ca5f4b6958af8a454f8cf48cd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 26 01:47:24 2021 +0000 - Include unistd.h for geteuid declaration. + upstream: fix SEGV in UpdateHostkeys debug() message, triggered + + when the update removed more host keys than remain present. Fix tested by + reporter James Cook, via bugs@ + + OpenBSD-Commit-ID: 44f641f6ee02bb957f0c1d150495b60cf7b869d3 + +commit 9acd76e6e4d2b519773e7119c33cf77f09534909 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sun May 23 18:22:57 2021 +0000 + + upstream: ssh: The client configuration keyword is + + "hostbasedacceptedalgorithms" + + This fixes a mistake that slipped in when "HostbasedKeyTypes" was + renamed to "HostbasedAcceptedAlgorithms". + + Bug report by zack@philomathiclife.com + + OpenBSD-Commit-ID: d745a7e8e50b2589fc56877f322ea204bc784f38 -commit 1dd32c23f2a85714dfafe2a9cc516971d187caa4 +commit 078a0e60c92700da4c536c93c007257828ccd05b Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 13 13:38:10 2018 +1000 +Date: Tue May 25 11:40:47 2021 +1000 - Fallout from buffer conversion in AUDIT_EVENTS. + Rename README.md to ci-status.md. - Supply missing "int r" and fix error path for sshbuf_new(). + The original intent was to provide a status page for the CIs configured + in that directory, but it had the side effect of replacing the top-level + README.md. -commit 7449c178e943e5c4f6c8416a4e41d93b70c11c9e +commit 7be4ac813662f68e89f23c50de058a49aa32f7e4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 13 02:13:50 2018 +0000 +Date: Wed May 19 01:24:05 2021 +0000 - upstream: make this use ssh_proxy rather than starting/stopping a + upstream: restore blocking status on stdio fds before close + + ssh(1) needs to set file descriptors to non-blocking mode to operate + but it was not restoring the original state on exit. This could cause + problems with fds shared with other programs via the shell, e.g. + + > $ cat > test.sh << _EOF + > #!/bin/sh + > { + > ssh -Fnone -oLogLevel=verbose ::1 hostname + > cat /usr/share/dict/words + > } | sleep 10 + > _EOF + > $ ./test.sh + > Authenticated to ::1 ([::1]:22). + > Transferred: sent 2352, received 2928 bytes, in 0.1 seconds + > Bytes per second: sent 44338.9, received 55197.4 + > cat: stdout: Resource temporarily unavailable - daemon for each testcase + This restores the blocking status for fds 0,1,2 (stdio) before ssh(1) + abandons/closes them. - OpenBSD-Regress-ID: 608b7655ea65b1ba8fff5a13ce9caa60ef0c8166 + This was reported as bz3280 and GHPR246; ok dtucker@ + + OpenBSD-Commit-ID: 8cc67346f05aa85a598bddf2383fcfcc3aae61ce -commit dbab02f9208d9baa134cec1d007054ec82b96ca9 +commit c4902e1a653c67fea850ec99c7537f358904c0af Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 13 02:13:19 2018 +0000 +Date: Mon May 17 11:43:16 2021 +0000 - upstream: fix leaks in unit test; with this, all unit tests are + upstream: fix breakage of -W forwaring introduced in 1.554; reported by - leak free (as far as valgrind can spot anyway) + naddy@ and sthen@, ok sthen@ - OpenBSD-Regress-ID: b824d8b27998365379963440e5d18b95ca03aa17 + OpenBSD-Commit-ID: f72558e643a26dc4150cff6e5097b5502f6c85fd -commit 2f6accff5085eb79b0dbe262d8b85ed017d1a51c -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 13 11:39:25 2018 +1000 +commit afea01381ad1fcea1543b133040f75f7542257e6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon May 17 07:22:45 2021 +0000 - Enable leak checks for unit tests with valgrind + upstream: Regenerate moduli. - Leave the leak checking on unconditionally when running with valgrind. - The unit tests are leak-free and I want them to stay that way. + OpenBSD-Commit-ID: 83c93a2a07c584c347ac6114d6329b18ce515557 -commit e46cfbd9db5e907b821bf4fd0184d4dab99815ee +commit be2866d6207b090615ff083c9ef212b603816a56 Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 13 11:38:59 2018 +1000 +Date: Mon May 17 09:40:23 2021 +1000 - increase timeout to match cfgmatch.sh + Handle Android libc returning NULL pw->pw_passwd - lets test pass under valgrind (on my workstation at least) + Reported by Luke Dashjr -commit 6aa1bf475cf3e7a2149acc5a1e80e904749f064c -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jul 12 14:54:18 2018 +1000 +commit 5953c143008259d87342fb5155bd0b8835ba88e5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 14 05:20:32 2021 +0000 - rm regress/misc/kexfuzz/*.o in distclean target + upstream: fix previous: test saved no_shell_flag, not the one that just + + got clobbered + + OpenBSD-Commit-ID: b8deace085d9d941b2d02f810243b9c302e5355d -commit eef1447ddb559c03725a23d4aa6d03f40e8b0049 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jul 12 14:49:26 2018 +1000 +commit 1e9fa55f4dc4b334651d569d3448aaa3841f736f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 14 03:09:48 2021 +0000 - repair !WITH_OPENSSL build + upstream: Fix ssh started with ControlPersist incorrectly executing a + + shell when the -N (no shell) option was specified. bz3290 reported by Richard + Schwab; patch from markus@ ok me + + OpenBSD-Commit-ID: ea1ea4af16a95687302f7690bdbe36a6aabf87e1 -commit 4d3b2f36fd831941d1627ac587faae37b6d3570f -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jul 12 14:49:14 2018 +1000 +commit d1320c492f655d8f5baef8c93899d79dded217a5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed May 12 11:34:30 2021 +0000 - missing headers + upstream: Clarify language about moduli. While both ends of the + + connection do need to use the same parameters (ie groups), the DH-GEX + protocol takes care of that and both ends do not need the same contents in + the moduli file, which is what the previous text suggested. ok djm@ jmc@ + + OpenBSD-Commit-ID: f0c18cc8e79c2fbf537a432a9070ed94e96a622a -commit 3f420a692b293921216549c1099c2e46ff284eae -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jul 12 14:57:46 2018 +1000 +commit d3cc4d650ce3e59f3e370b101778b0e8f1c02c4d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 7 04:11:51 2021 +0000 - Remove key.h from portable files too. + upstream: include pid in LogVerbose spam - Commit 5467fbcb removed key.h so stop including it in portable files - too. Fixes builds on lots of platforms. + OpenBSD-Commit-ID: aacb86f96ee90c7cb84ec27452374285f89a7f00 -commit e2c4af311543093f16005c10044f7e06af0426f0 +commit e3c032333be5fdbbaf2751f6f478e044922b4ec4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jul 12 04:35:25 2018 +0000 +Date: Fri May 7 03:09:38 2021 +0000 - upstream: remove prototype to long-gone function + upstream: don't sigdie() in signal handler in privsep child process; - OpenBSD-Commit-ID: 0414642ac7ce01d176b9f359091a66a8bbb640bd + this can end up causing sandbox violations per bz3286; ok dtucker@ + + OpenBSD-Commit-ID: a7f40b2141dca4287920da68ede812bff7ccfdda -commit 394a842e60674bf8ee5130b9f15b01452a0b0285 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jul 11 18:55:11 2018 +0000 +commit a4039724a3f2abac810735fc95cf9114a3856049 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 7 09:23:40 2021 +0000 - upstream: treat ssh_packet_write_wait() errors as fatal; ok djm@ + upstream: Increase ConnectionAttempts from 4 to 10 as the tests + + occasionally time out on heavily loaded hosts. - OpenBSD-Commit-ID: f88ba43c9d54ed2d911218aa8d3f6285430629c3 + OpenBSD-Regress-ID: 29a8cdef354fc9da471a301f7f65184770434f3a -commit 5467fbcb09528ecdcb914f4f2452216c24796790 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jul 11 18:53:29 2018 +0000 +commit c0d7e36e979fa3cdb60f5dcb6ac9ad3fd018543b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 7 02:26:55 2021 +0000 + + upstream: dump out a usable private key string too; inspired by Tyson + + Whitehead + + OpenBSD-Regress-ID: 65572d5333801cb2f650ebc778cbdc955e372058 - upstream: remove legacy key emulation layer; ok djm@ +commit 24fee8973abdf1c521cd2c0047d89e86d9c3fc38 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 7 02:29:40 2021 +0000 + + upstream: correct mistake in spec - the private key blobs are encoded - OpenBSD-Commit-ID: 2b1f9619259e222bbd4fe9a8d3a0973eafb9dd8d + verbatim and not as strings (i.e. no 4-byte length header) + + OpenBSD-Commit-ID: 3606b5d443d72118c5b76c4af6dd87a5d5a4f837 -commit 5dc4c59d5441a19c99e7945779f7ec9051126c25 -Author: martijn@openbsd.org <martijn@openbsd.org> -Date: Wed Jul 11 08:19:35 2018 +0000 +commit f43859159cc62396ad5d080f0b1f2635a67dac02 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue May 4 22:53:52 2021 +0000 - upstream: s/wuth/with/ in comment + upstream: Don't pass NULL as a string in debugging as it does not work - OpenBSD-Commit-ID: 9de41468afd75f54a7f47809d2ad664aa577902c + on some platforms in -portable. ok djm@ + + OpenBSD-Commit-ID: 937c892c99aa3c9c272a8ed78fa7c2aba3a44fc9 + +commit ac31aa3c6341905935e75f0539cf4a61bbe99779 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon May 3 00:16:45 2021 +0000 -commit 1c688801e9dd7f9889fb2a29bc2b6fbfbc35a11f + upstream: more debugging for UpdateHostKeys signature failures + + OpenBSD-Commit-ID: 1ee95f03875e1725df15d5e4bea3e73493d57d36 + +commit 8e32e97e788e0676ce83018a742203614df6a2b3 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 11 12:12:38 2018 +1000 +Date: Sat May 1 20:07:47 2021 +1000 + + Add obsd69 test target. + +commit f06893063597c5bb9d9e93f851c4070e77d2fba9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 30 04:29:53 2021 +0000 - Include stdlib.h for declaration of free. + upstream: a little debugging in the main mux process for status - Fixes build with -Werror on at least Fedora and probably others. + confirmation failures in multiplexed sessions + + OpenBSD-Commit-ID: 6e27b87c95176107597035424e1439c3232bcb49 -commit fccfa239def497615f92ed28acc57cfe63da3666 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Jul 11 10:19:56 2018 +1000 +commit e65cf00da6bc31e5f54603b7feb7252dc018c033 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 30 04:02:52 2021 +0000 - VALGRIND_CHECK_LEAKS logic was backwards :( + upstream: Remove now-unused skey function prototypes leftover from + + skey removal. + + OpenBSD-Commit-ID: 2fc36d519fd37c6f10ce74854c628561555a94c3 -commit 416287d45fcde0a8e66eee8b99aa73bd58607588 +commit ae5f9b0d5c8126214244ee6b35aae29c21028133 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 11 10:10:26 2018 +1000 +Date: Thu Apr 29 13:01:50 2021 +1000 - Fix sshbuf_new error path in skey. + Wrap sntrup761x25519 inside ifdef. + + From balu.gajjala at gmail.com via bz#3306. -commit 7aab109b8b90a353c1af780524f1ac0d3af47bab +commit 70a8dc138a6480f85065cdb239915ad4b7f928cf Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 11 10:06:18 2018 +1000 +Date: Wed Apr 28 14:44:07 2021 +1000 - Supply missing third arg in skey. - - During the change to the new buffer api the third arg to - sshbuf_get_cstring was ommitted. Fixes build when configured with skey. + Add status badges for Actions-based tests. -commit 380320bb72cc353a901790ab04b6287fd335dc4a +commit 40b59024cc3365815381474cdf4fe423102e391b Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 11 10:03:34 2018 +1000 +Date: Wed Apr 28 12:22:11 2021 +1000 - Supply some more missing "int r" in skey + Add obsdsnap (OpenBSD snapshot) test target. -commit d20720d373d8563ee737d1a45dc5e0804d622dbc -Author: Damien Miller <djm@mindrot.org> -Date: Wed Jul 11 09:56:36 2018 +1000 +commit e627067ec8ef9ae8e7a638f4dbac91d52dee3e6d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 28 11:35:28 2021 +1000 - disable valgrind memleak checking by default + Add test building upstream OpenBSD source. + +commit 1b8108ebd12fc4ed0fb39ef94c5ba122558ac373 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 27 14:22:20 2021 +1000 + + Test against OpenSSL 1.1.0h instead of 1.1.0g. - Add VALGRIND_CHECK_LEAKS knob to turn it back on. + 1.1.0g requires a perl glob module that's not installed by default. -commit 79c9d35018f3a5e30ae437880b669aa8636cd3cd +commit 9bc20efd39ce8525be33df3ee009f5a4564224f1 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jul 11 09:54:00 2018 +1000 +Date: Tue Apr 27 12:37:59 2021 +1000 - Supply missing "int r" in skey code. + Use the default VM type for libcrypto ver tests. -commit 984bacfaacbbe31c35191b828fb5b5b2f0362c36 -Author: sf@openbsd.org <sf@openbsd.org> -Date: Tue Jul 10 09:36:58 2018 +0000 +commit 9f79e80dc40965c2e73164531250b83b176c1eea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 27 12:24:10 2021 +1000 - upstream: re-remove some pre-auth compression bits + Always build OpenSSL shared. - This time, make sure to not remove things that are necessary for - pre-auth compression on the client. Add a comment that pre-auth - compression is still supported in the client. + This is the default for current versions but we need it to test against + earlier versions. + +commit b3cc9fbdff2782eca79e33e02ac22450dc63bce9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 27 09:18:02 2021 +1000 + + Fix custom OpenSSL tests. - ok markus@ + Check out specified OpenSSL version. Install custom libcrypto where + configure expects to find it. Remove unneeded OpenSSL config time + options. Older OpenSSL versions were not make -j safe so remove it. + +commit 77532609874a99a19e3e2eb2d1b7fa93aef963bb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 17:18:25 2021 +1000 + + Export CC and CFLAGS for c89 test. + +commit 33f62dfbe865f4de77980ab88774bf1eb5e4e040 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 17:13:44 2021 +1000 + + Add c89 here too. + +commit da9d59f526fce58e11cba49cd8eb011dc0bf5677 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 15:34:23 2021 +1000 + + Add test against OpenSSL w/out ECC. + +commit 29e194a752359ebf85bf7fce100f23a0477fc4de +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 14:49:59 2021 +1000 + + Ensure we can still build with C89. + +commit a38016d369d21df5d35f761f2b67e175e132ba22 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 14:29:03 2021 +1000 + + Interop test agains PuTTY. + +commit 095b0307a77be8803768857cc6c0963fa52ed85b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 14:02:03 2021 +1000 + + Support testing against arbitary libcrytpo vers. - OpenBSD-Commit-ID: 282c6fec7201f18a5c333bbb68d9339734d2f784 + Add tests against various LibreSSL and OpenSSL versions. -commit 120a1ec74e8d9d29f4eb9a27972ddd22351ddef9 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jul 10 19:39:52 2018 +1000 +commit b16082aa110fa7128ece2a9037ff420c4a285317 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 26 13:35:44 2021 +1000 - Adapt portable to legacy buffer API removal + Add fbsd10 test target. -commit 0f3958c1e6ffb8ea4ba27e2a97a00326fce23246 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 10 09:13:30 2018 +0000 +commit 2c805f16b24ea37cc051c6018fcb05defab6e57a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Apr 25 14:15:02 2021 +1000 - upstream: kerberos/gssapi fixes for buffer removal + Disable compiler hardening on nbsd4. - OpenBSD-Commit-ID: 1cdf56fec95801e4563c47f21696f04cd8b60c4c + The system compiler supports -fstack-protector-all, but using it will + result in an internal compiler error on some files. -commit c74ae8e7c45f325f3387abd48fa7dfef07a08069 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 10 06:45:29 2018 +0000 +commit 6a5d39305649da5dff1934ee54292ee0cebd579d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Apr 25 13:01:34 2021 +1000 + + Add nbsd3, nbsd4 and nbsd9 test targets. + +commit d1aed05bd2e4ae70f359a394dc60a2d96b88f78c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 24 22:03:46 2021 +1000 + + Comment out nbsd2 test target for now. + +commit a6b4ec94e5bd5a8a18cd2c9942d829d2e5698837 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 24 17:52:24 2021 +1000 + + Add OPENBSD ORIGINAL marker. - upstream: buffer.[ch] and bufaux.c are no more +commit 3737c9f66ee590255546c4b637b6d2be669a11eb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 19:49:46 2021 +1000 + + Replace "==" (a bashism) with "=". + +commit a116b6f5be17a1dd345b7d54bf8aa3779a28a0df +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 16:34:48 2021 +1000 + + Add nbsd2 test target. + +commit 196bf2a9bb771f45d9b0429cee7d325962233c44 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 14:54:10 2021 +1000 + + Add obsd68 test target. + +commit e3ba6574ed69e8b7af725cf5e8a9edaac04ff077 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 14:53:32 2021 +1000 + + Remove dependency on bash. + +commit db1f9ab8feb838aee9f5b99c6fd3f211355dfdcf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 14:41:13 2021 +1000 + + Add obsd67 test target. + +commit c039a6bf79192fe1daa9ddcc7c87dd98e258ae7c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 11:08:23 2021 +1000 + + Re-add macos-11.0 test target. + +commit a6db3a47b56adb76870d59225ffb90a65bc4daf2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 10:28:28 2021 +1000 + + Add openindiana test target. + +commit 3fe7e73b025c07eda46d78049f1da8ed7dfc0c69 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 23 10:26:35 2021 +1000 + + Test krb5 on Solaris 11 too. + +commit f57fbfe5eb02df1a91f1a237c4d27165afd87c13 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 22 22:27:26 2021 +1000 + + Don't always set SUDO. - OpenBSD-Commit-ID: d1a1852284e554f39525eb4d4891b207cfb3d3a0 + Rely on sourcing configs to set as appropriate. + +commit e428f29402fb6ac140b52f8f12e06ece7bb104a0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 22 22:26:08 2021 +1000 + + Remove now-unused 2nd arg to configs. -commit a881e5a133d661eca923fb0633a03152ab2b70b2 +commit cb4ff640d79b3c736879582139778f016bbb2cd7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 21 01:08:04 2021 +1000 + + Add win10 test target. + +commit 4457837238072836b2fa3107d603aac809624983 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 20 23:31:29 2021 +1000 + + Add nbsd8 test target. + +commit bd4fba22e14da2fa196009010aabec5a8ba9dd42 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 17 09:55:47 2021 +1000 + + Add obsd51 target. + +commit 9403d0e805c77a5741ea8c3281bbe92558c2f125 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 16 18:14:25 2021 +1000 + + Add fbsd13 target. + +commit e86968280e358e62649d268d41f698d64d0dc9fa +Author: Damien Miller <djm@mindrot.org> +Date: Fri Apr 16 13:55:25 2021 +1000 + + depend + +commit 2fb25ca11e8b281363a2a2a4dec4c497a1475d9a +Author: Damien Miller <djm@mindrot.org> +Date: Fri Apr 16 13:53:02 2021 +1000 + + crank version in README and RPM spec files + +commit b2b60ebab0cb77b5bc02d364d72e13db882f33ae Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 10 06:43:52 2018 +0000 +Date: Fri Apr 16 03:42:00 2021 +0000 - upstream: one mention of Buffer that almost got away :) + upstream: openssh-8.6 - OpenBSD-Commit-ID: 30d7c27a90b4544ad5dfacf654595710cd499f02 + OpenBSD-Commit-ID: b5f3e133c846127ec114812248bc17eff07c3e19 -commit 49f47e656b60bcd1d1db98d88105295f4b4e600d +commit faf2b86a46c9281d237bcdec18c99e94a4eb820a Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:59:10 2018 +0000 +Date: Thu Apr 15 16:24:31 2021 +0000 - upstream: replace cast with call to sshbuf_mutable_ptr(); ok djm@ + upstream: do not pass file/func to monitor; noted by Ilja van Sprundel; - OpenBSD-Commit-ID: 4dfe9d29fa93d9231645c89084f7217304f7ba29 + ok djm@ + + OpenBSD-Commit-ID: 85ae5c063845c410283cbdce685515dcd19479fa -commit cb30cd47041edb03476be1c8ef7bc1f4b69d1555 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:56:06 2018 +0000 +commit 2dc328023f60212cd29504fc05d849133ae47355 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Apr 14 11:42:55 2021 +1000 - upstream: remove legacy buffer API emulation layer; ok djm@ + sshd don't exit on transient read errors - OpenBSD-Commit-ID: 2dd5dc17cbc23195be4299fa93be2707a0e08ad9 + openssh-8.5 introduced a regression that would cause sshd to exit + because of transient read errors on the network socket (e.g. EINTR, + EAGAIN). Reported by balu.gajjala AT gmail.com via bz3297 -commit 235c7c4e3bf046982c2d8242f30aacffa01073d1 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:53:45 2018 +0000 +commit d5d6b7d76d171a2e6861609dcd92e714ee62ad88 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Apr 10 18:45:00 2021 +1000 - upstream: sshd: switch monitor to sshbuf API; lots of help & ok + perform report_failed_grab() inline + +commit ea996ce2d023aa3c6d31125e2c3ebda1cb42db8c +Author: Damien Miller <djm@mindrot.org> +Date: Sat Apr 10 18:22:57 2021 +1000 + + dedicated gnome-ssk-askpass3 source - djm@ + Compatibility with Wayland requires that we use the gdk_seat_grab() + API for grabbing mouse/keyboard, however these API don't exist in + Gtk+2. + + This branches gnome-ssk-askpass2.c => gnome-ssk-askpass3.c and + makes the changes to use the gdk_seat_grab() instead of grabbing + mouse/focus separately via GDK. - OpenBSD-Commit-ID: d89bd02d33974fd35ca0b8940d88572227b34a48 + In the future, we can also use the branched file to avoid some + API that has been soft-deprecated in GTK+3, e.g. gtk_widget_modify_fg -commit b8d9214d969775e409e1408ecdf0d58fad99b344 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:37:55 2018 +0000 +commit bfa5405da05d906ffd58216eb77c4375b62d64c2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 8 15:18:15 2021 +1000 - upstream: sshd: switch GSSAPI to sshbuf API; ok djm@ + Ensure valgrind-out exists. - OpenBSD-Commit-ID: e48449ab4be3f006f7ba33c66241b7d652973e30 + Normally the regress tests would create it, but running the unit tests + on their own would fail because the directory did not exist. -commit c7d39ac8dc3587c5f05bdd5bcd098eb5c201c0c8 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:35:50 2018 +0000 +commit 1f189181f3ea09a9b08aa866f78843fec800874f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 8 15:17:19 2021 +1000 - upstream: sshd: switch authentication to sshbuf API; ok djm@ + Pass OBJ to unit test make invocation. - OpenBSD-Commit-ID: 880aa06bce4b140781e836bb56bec34873290641 + At least the Valgrind unit tests uses $OBJ. -commit c3cb7790e9efb14ba74b2d9f543ad593b3d55b31 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:29:36 2018 +0000 +commit f42b550c281d28bd19e9dd6ce65069164f3482b0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 8 14:20:12 2021 +1000 - upstream: sshd: switch config to sshbuf API; ok djm@ - - OpenBSD-Commit-ID: 72b02017bac7feac48c9dceff8355056bea300bd + Add pattern for valgrind-unit. -commit 2808d18ca47ad3d251836c555f0e22aaca03d15c -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:26:02 2018 +0000 +commit 19e534462710e98737478fd9c44768b50c27c4c6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 8 13:31:08 2021 +1000 - upstream: sshd: switch loginmsg to sshbuf API; ok djm@ + Run unit tests under valgrind. - OpenBSD-Commit-ID: f3cb4e54bff15c593602d95cc43e32ee1a4bac42 + Run a separate build for the unit tests under Valgrind. They take long + enough that running in parallel with the other Valgrind tests helps. -commit 89dd615b8b531979be63f05f9d5624367c9b28e6 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:20:26 2018 +0000 +commit 80032102d05e866dc2a48a5caf760cf42c2e090e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Apr 8 13:25:57 2021 +1000 - upstream: ttymodes: switch to sshbuf API; ok djm@ + ifdef out MIN and MAX. - OpenBSD-Commit-ID: 5df340c5965e822c9da21e19579d08dea3cbe429 + In -portable, defines.h ensures that these are defined, so redefining + potentially causes a warning. We don't just delete it to make any + future code syncs a little but easier. bz#3293. -commit f4608a7065480516ab46214f554e5f853fb7870f -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:18:10 2018 +0000 +commit d1bd184046bc310c405f45da3614a1dc5b3e521a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 7 10:23:51 2021 +1000 - upstream: client: switch mux to sshbuf API; with & ok djm@ + Remove only use of warn(). - OpenBSD-Commit-ID: 5948fb98d704f9c4e075b92edda64e0290b5feb2 + The warn() function is only used in one place in portable and does not + exist upstream. Upgrade the only instance it's used to fail() + (the privsep/sandbox+proxyconnect, from back when that was new) and + remove the now-unused function. -commit cecee2d607099a7bba0a84803e2325d15be4277b -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 21:03:30 2018 +0000 +commit fea8f4b1aa85026ad5aee5ad8e1599a8d5141fe0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 7 10:18:32 2021 +1000 - upstream: client: switch to sshbuf API; ok djm@ + Move make_tmpdir() into portable-specific area. - OpenBSD-Commit-ID: 60cb0356114acc7625ab85105f6f6a7cd44a8d05 + Reduces diff vs OpenBSD and makes it more likely diffs will apply + cleanly. -commit ff55f4ad898137d4703e7a2bcc81167dfe8e9324 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jul 9 20:39:28 2018 +0000 +commit 13e5fa2acffd26e754c6ee1d070d0afd035d4cb7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Apr 6 23:57:56 2021 +0000 - upstream: pkcs11: switch to sshbuf API; ok djm@ + upstream: Add TEST_SSH_ELAPSED_TIMES environment variable to print the - OpenBSD-Commit-ID: 98cc4e800f1617c51caf59a6cb3006f14492db79 + elapsed time in seconds of each test. This depends on "date +%s" which is + not specified by POSIX but is commonly implemented. + + OpenBSD-Regress-ID: ec3c8c19ff49b2192116a0a646ee7c9b944e8a9c -commit 168b46f405d6736960ba7930389eecb9b6710b7e -Author: sf@openbsd.org <sf@openbsd.org> -Date: Mon Jul 9 13:37:10 2018 +0000 +commit ef4f46ab4387bb863b471bad124d46e8d911a79a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 7 09:59:15 2021 +1000 - upstream: Revert previous two commits + Move the TEST_SSH_PORT section down a bit. - It turns out we still support pre-auth compression on the client. - Therefore revert the previous two commits: + This groups the portable-specific changes together and makes it a + little more likely that patches will apply cleanly. + +commit 3674e33fa70dfa1fe69b345bf576113af7b7be11 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 7 10:05:10 2021 +1000 + + Further split Valgrind tests. - date: 2018/07/06 09:06:14; author: sf; commitid: yZVYKIRtUZWD9CmE; - Rename COMP_DELAYED to COMP_ZLIB + Even split in two, the Valgrind tests take by far the longest to run, + so split them four ways to further increase parallelism. + +commit 961af266b861e30fce1e26170ee0dbb5bf591f29 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Apr 6 23:24:30 2021 +0000 + + upstream: include "ssherr.h" not <ssherr.h>; from Balu Gajjala via - Only delayed compression is supported nowadays. + bz#3292 - ok markus@ + OpenBSD-Commit-ID: e9535cd9966eb2e69e73d1ede1f44905c30310bd + +commit e7d0a285dbdd65d8df16123ad90f15e91862f959 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Apr 7 08:50:38 2021 +1000 + + wrap struct rlimit in HAVE_GETRLIMIT too + +commit f283a6c2e0a9bd9369e18462acd00be56fbe5b0d +Author: Damien Miller <djm@mindrot.org> +Date: Wed Apr 7 08:20:35 2021 +1000 + + wrap getrlimit call in HAVE_GETRLIMIT; bz3291 + +commit 679bdc4a5c9244f427a7aee9c14b0a0ed086da1f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Apr 6 09:07:33 2021 +0000 + + upstream: Don't check return value of unsetenv(). It's part of the - date: 2018/07/06 09:05:01; author: sf; commitid: rEGuT5UgI9f6kddP; - Remove leftovers from pre-authentication compression + environment setup and not part of the actual test, and some platforms + -portable runs on declare it as returning void, which prevents the test from + compiling. - Support for this has been removed in 2016. - COMP_DELAYED will be renamed in a later commit. + OpenBSD-Regress-ID: 24f08543ee3cdebc404f2951f3e388cc82b844a1 + +commit 320af2f3de6333aa123f1b088eca146a245e968a +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sun Apr 4 11:36:56 2021 +0000 + + upstream: remove stray inserts; from matthias schmidt - ok markus@ + OpenBSD-Commit-ID: 2c36ebdc54e14bbf1daad70c6a05479a073d5c63 + +commit 801f710953b24dd2f21939171c622eac77c7484d +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sun Apr 4 06:11:24 2021 +0000 + + upstream: missing comma; from kawashima james - OpenBSD-Commit-ID: cdfef526357e4e1483c86cf599491b2dafb77772 + OpenBSD-Commit-ID: 31cec6bf26c6db4ffefc8a070715ebef274e68ea -commit ab39267fa1243d02b6c330615539fc4b21e17dc4 -Author: sf@openbsd.org <sf@openbsd.org> -Date: Fri Jul 6 09:06:14 2018 +0000 +commit b3ca08cb174266884d44ec710a84cd64c12414ea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 5 23:46:42 2021 +1000 + + Install libcbor with libfido2. + +commit f3ca8af87a4c32ada660da12ae95cf03d190c083 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Apr 3 18:21:08 2021 +1100 - upstream: Rename COMP_DELAYED to COMP_ZLIB + enable authopt and misc unit tests - Only delayed compression is supported nowadays. + Neither were wired into the build, both required some build + adaptations for -portable + +commit dc1b45841fb97e3d7f655ddbcfef3839735cae5f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 3 06:58:30 2021 +0000 + + upstream: typos in comments; GHPR#180 from Vill - ok markus@ + =?UTF-8?q?e=20Skytt=C3=A4?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - OpenBSD-Commit-ID: 5b1dbaf3d9a4085aaa10fec0b7a4364396561821 + OpenBSD-Commit-ID: 93c732381ae0e2b680c79e67c40c1814b7ceed2c -commit 95db395d2e56a6f868193aead6cadb2493f036c6 -Author: sf@openbsd.org <sf@openbsd.org> -Date: Fri Jul 6 09:05:01 2018 +0000 +commit 53ea05e09b04fd7b6dea66b42b34d65fe61b9636 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 3 06:55:52 2021 +0000 - upstream: Remove leftovers from pre-authentication compression + upstream: sync CASignatureAlgorithms lists with reality. GHPR#174 from - Support for this has been removed in 2016. - COMP_DELAYED will be renamed in a later commit. + Matt Hazinski - ok markus@ - - OpenBSD-Commit-ID: 6a99616c832627157113fcb0cf5a752daf2e6b58 + OpenBSD-Commit-ID: f05e4ca54d7e67b90fe58fe1bdb1d2a37e0e2696 + +commit 57ed647ee07bb883a2f2264231bcd1df6a5b9392 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Apr 3 17:47:37 2021 +1100 -commit f28a4d5cd24c4aa177e96b4f96957991e552cb70 -Author: sf@openbsd.org <sf@openbsd.org> -Date: Fri Jul 6 09:03:02 2018 +0000 + polish whitespace for portable files - upstream: Remove unused ssh_packet_start_compression() +commit 31d8d231eb9377df474746a822d380c5d68d7ad6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 3 06:18:40 2021 +0000 + + upstream: highly polished whitespace, mostly fixing spaces-for-tab - ok markus@ + and bad indentation on continuation lines. Prompted by GHPR#185 - OpenBSD-Commit-ID: 9d34cf2f59aca5422021ae2857190578187dc2b4 + OpenBSD-Commit-ID: e5c81f0cbdcc6144df1ce468ec1bac366d8ad6e9 -commit 872517ddbb72deaff31d4760f28f2b0a1c16358f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jul 6 13:32:02 2018 +1000 +commit 34afde5c73b5570d6f8cce9b49993b23b77bfb86 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 3 05:54:14 2021 +0000 - Defer setting bufsiz in getdelim. + upstream: whitespace (tab after space) - Do not write to bufsiz until we are sure the malloc has succeeded, - in case any callers rely on it (which they shouldn't). ok djm@ + OpenBSD-Commit-ID: 0e2b3f7674e985d3f7c27ff5028e690ba1c2efd4 -commit 3deb56f7190a414dc264e21e087a934fa1847283 +commit 7cd262c1c5a08cc7f4f30e3cab108ef089d0a57b Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jul 5 13:32:01 2018 +1000 +Date: Sat Apr 3 16:59:10 2021 +1100 + + Save config.h and config.log on failure too. + +commit 460aee9298f365357e9fd26851c22e0dca51fd6a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 3 05:46:41 2021 +0000 - Fix other callers of read_environment_file. + upstream: fix incorrect plural; from Ville Skyt - read_environment_file recently gained an extra argument Some platform - specific code also calls it so add the argument to those too. Fixes - build on Solaris and AIX. + =?UTF-8?q?t=C3=A4=20via=20GHPR#181?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: 92f31754c6296d8f403d7c293e09dc27292d22c9 -commit 314908f451e6b2d4ccf6212ad246fa4619c721d3 +commit 082804c14e548cada75c81003a3c68ee098138ee Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jul 4 13:51:45 2018 +0000 +Date: Sat Apr 3 05:40:39 2021 +0000 - upstream: deal with API rename: match_filter_list() => + upstream: ensure that pkcs11_del_provider() is called before exit - + + some PKCS#11 providers get upset if C_Initialize is not matched with + C_Finalize. - match_filter_blacklist() + From Adithya Baglody via GHPR#234; ok markus - OpenBSD-Regress-ID: 2da342be913efeb51806351af906fab01ba4367f + OpenBSD-Commit-ID: f8e770e03b416ee9a58f9762e162add900f832b6 -commit 89f54cdf6b9cf1cf5528fd33897f1443913ddfb4 +commit 464ebc82aa926dd132ec75a0b064574ef375675e Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jul 4 13:51:12 2018 +0000 +Date: Sat Apr 3 05:28:43 2021 +0000 - upstream: exercise new expansion behaviour of + upstream: unused variable - PubkeyAcceptedKeyTypes and, by proxy, test kex_assemble_names() + OpenBSD-Commit-ID: 85f6a394c8e0f60d15ecddda75176f112007b205 + +commit dc3c0be8208c488e64a8bcb7d9efad98514e0ffb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 3 05:21:46 2021 +0000 + + upstream: Fix two problems in string->argv conversion: 1) multiple - ok markus@ + backslashes were not being dequoted correctly and 2) quoted space in the + middle of a string was being incorrectly split. + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + A unit test for these cases has already been committed + + prompted by and based on GHPR#223 by Eero Häkkinen; ok markus@ - OpenBSD-Regress-ID: 292978902e14d5729aa87e492dd166c842f72736 + OpenBSD-Commit-ID: d7ef27abb4eeeaf6e167e9312e4abe9e89faf1e4 + +commit f75bcbba58a08c670727ece5e3f8812125969799 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Apr 3 16:22:48 2021 +1100 + + missing bits from 259d648e -commit 187633f24c71564e970681c8906df5a6017dcccf +commit 4cbc4a722873d9b68cb5496304dc050d7168df78 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 13:53:26 2018 +0000 +Date: Wed Mar 31 21:59:26 2021 +0000 - upstream: add a comment that could have saved me 45 minutes of wild + upstream: cannot effectively test posix-rename extension after - goose chasing + changes in feature advertisment. - OpenBSD-Regress-ID: d469b29ffadd3402c090e21b792d627d46fa5297 + OpenBSD-Regress-ID: 5e390bf88d379162aaa81b60ed86b34cb0c54d29 -commit 312d2f2861a2598ed08587cb6c45c0e98a85408f +commit 259d648e63e82ade4fe2c2c73c8b67fe57d9d049 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jul 4 13:49:31 2018 +0000 +Date: Fri Mar 19 04:23:50 2021 +0000 - upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA + upstream: add a test for misc.c:argv_split(), currently fails - signature work - returns ability to add/remove/specify algorithms by - wildcard. + OpenBSD-Regress-ID: ad6b96d6ebeb9643b698b3575bdd6f78bb144200 + +commit 473ddfc2d6b602cb2d1d897e0e5c204de145cd9a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 19 03:25:01 2021 +0000 + + upstream: split + + OpenBSD-Regress-ID: f6c03c0e4c58b3b9e04b161757b8c10dc8378c34 + +commit 1339800fef8d0dfbfeabff71b34670105bcfddd2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 31 22:16:34 2021 +0000 + + upstream: Use new limits@openssh.com protocol extension to let the - Algorithm lists are now fully expanded when the server/client configs - are finalised, so errors are reported early and the config dumps - (e.g. "ssh -G ...") now list the actual algorithms selected. + client select good limits based on what the server supports. Split the + download and upload buffer sizes to allow them to be chosen independently. - Clarify that, while wildcards are accepted in algorithm lists, they - aren't full pattern-lists that support negation. + In practice (and assuming upgraded sftp/sftp-server at each end), this + increases the download buffer 32->64KiB and the upload buffer + 32->255KiB. - (lots of) feedback, ok markus@ + Patches from Mike Frysinger; ok dtucker@ - OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207 + OpenBSD-Commit-ID: ebd61c80d85b951b794164acc4b2f2fd8e88606c -commit 303af5803bd74bf05d375c04e1a83b40c30b2be5 +commit 6653c61202d104e59c8e741329fcc567f7bc36b8 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 11:43:49 2018 +0000 +Date: Wed Mar 31 21:58:07 2021 +0000 - upstream: some magic for RSA-SHA2 checks + upstream: do not advertise protocol extensions that have been - OpenBSD-Regress-ID: e5a9b11368ff6d86e7b25ad10ebe43359b471cd4 + disallowed by the command-line options (e.g. -p/-P/-R); ok dtucker@ + + OpenBSD-Commit-ID: 3a8a76b3f5131741aca4b41bfab8d101c9926205 -commit 7d68e262944c1fff1574600fe0e5e92ec8b398f5 +commit 71241fc05db4bbb11bb29340b44b92e2575373d8 Author: Damien Miller <djm@mindrot.org> -Date: Tue Jul 3 23:27:11 2018 +1000 +Date: Mon Mar 29 15:14:25 2021 +1100 - depend + gnome-ssh-askpass3 is a valid target here -commit b4d4eda633af433d20232cbf7e855ceac8b83fe5 +commit 8a9520836e71830f4fccca066dba73fea3d16bda Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 13:20:25 2018 +0000 +Date: Fri Mar 19 02:22:34 2021 +0000 - upstream: some finesse to fix RSA-SHA2 certificate authentication + upstream: return non-zero exit status when killed by signal; bz#3281 ok - for certs hosted in ssh-agent + dtucker@ - OpenBSD-Commit-ID: e5fd5edd726137dda2d020e1cdebc464110a010f + OpenBSD-Commit-ID: 117b31cf3c807993077b596bd730c24da9e9b816 -commit d78b75df4a57e0f92295f24298e5f2930e71c172 +commit 1269b8a686bf1254b03cd38af78167a04aa6ec88 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 13:07:58 2018 +0000 +Date: Fri Mar 19 02:18:28 2021 +0000 - upstream: check correct variable; unbreak agent keys + upstream: increase maximum SSH2_FXP_READ to match the maximum + + packet size. Also handle zero-length reads that are borderline nonsensical + but not explicitly banned by the spec. Based on patch from Mike Frysinger, + feedback deraadt@ ok dtucker@ - OpenBSD-Commit-ID: c36981fdf1f3ce04966d3310826a3e1e6233d93e + OpenBSD-Commit-ID: 4e67d60d81bde7b84a742b4ee5a34001bdf80d9c -commit 2f30300c5e15929d0e34013f38d73e857f445e12 +commit 860b67604416640e8db14f365adc3f840aebcb1f Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 11:42:12 2018 +0000 +Date: Tue Mar 16 06:15:43 2021 +0000 - upstream: crank version number to 7.8; needed for new compat flag + upstream: don't let logging clobber errno before use - for prior version; part of RSA-SHA2 strictification, ok markus@ - - OpenBSD-Commit-ID: 84a11fc0efd2674c050712336b5093f5d408e32b + OpenBSD-Commit-ID: ce6cca370005c270c277c51c111bb6911e1680ec -commit 4ba0d54794814ec0de1ec87987d0c3b89379b436 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 11:39:54 2018 +0000 +commit 5ca8a9216559349c56e09039c4335636fd85c241 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 13 14:40:43 2021 +1100 - upstream: Improve strictness and control over RSA-SHA2 signature + Only call dh_set_moduli_file if using OpenSSL. - In ssh, when an agent fails to return a RSA-SHA2 signature when - requested and falls back to RSA-SHA1 instead, retry the signature to - ensure that the public key algorithm sent in the SSH_MSG_USERAUTH - matches the one in the signature itself. + Fixes link failure when configuring --without-openssl since dh.c is not + linked in. + +commit 867a7dcf003c51d5a83f83565771a35f0d9530ac +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 13 13:52:53 2021 +1100 + + Don't install moduli during tests. - In sshd, strictly enforce that the public key algorithm sent in the - SSH_MSG_USERAUTH message matches what appears in the signature. + Now that we have TEST_SSH_MODULI_FILE pointing to the moduli in the + soure directory we don't need to install the file to prevent warnings + about it being missing. + +commit 0c054538fccf92b4a028008321d3711107bee6d5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 13 13:51:26 2021 +1100 + + Point TEST_SSH_MODULI_FILE at our own moduli. - Make the sshd_config PubkeyAcceptedKeyTypes and - HostbasedAcceptedKeyTypes options control accepted signature algorithms - (previously they selected supported key types). This allows these - options to ban RSA-SHA1 in favour of RSA-SHA2. + This will allow the test to run without requiring a moduli file + installed at the configured default path. + +commit 4d48219c72ab0c71238806f057f0e9630b7dd25c +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Fri Mar 12 05:18:01 2021 +0000 + + upstream: spelling - Add new signature algorithms "rsa-sha2-256-cert-v01@openssh.com" and - "rsa-sha2-512-cert-v01@openssh.com" to force use of RSA-SHA2 signatures - with certificate keys. + OpenBSD-Commit-ID: 478bc3db04f62f1048ed6e1765400f3ab325e60f + +commit 88057eb6df912abf2678ea5c846d9d9cbc92752c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 12 04:08:19 2021 +0000 + + upstream: Add ModuliFile keyword to sshd_config to specify the - feedback and ok markus@ + location of the "moduli" file containing the groups for DH-GEX. This will + allow us to run tests against arbitrary moduli files without having to + install them. ok djm@ - OpenBSD-Commit-ID: c6e9f6d45eed8962ad502d315d7eaef32c419dde + OpenBSD-Commit-ID: 8df99d60b14ecaaa28f3469d01fc7f56bff49f66 -commit 95344c257412b51199ead18d54eaed5bafb75617 +commit f07519a2af96109325b5a48b1af18b57601074ca Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jul 3 10:59:35 2018 +0000 +Date: Fri Mar 12 03:43:40 2021 +0000 - upstream: allow sshd_config PermitUserEnvironment to accept a + upstream: pwcopy() struct passwd that we're going to reuse across a - pattern-list of whitelisted environment variable names in addition to yes|no. + bunch of library calls; bz3273 ok dtucker@ - bz#1800, feedback and ok markus@ + OpenBSD-Commit-ID: b6eafa977b2e44607b1b121f5de855107809b762 + +commit 69d6d4b0c8a88d3d1288415605f36e2df61a2f12 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 10 06:32:27 2021 +0000 + + upstream: Import regenerated moduli file. - OpenBSD-Commit-ID: 77dc2b468e0bf04b53f333434ba257008a1fdf24 + OpenBSD-Commit-ID: 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b -commit 6f56fe4b9578b0627667f8bce69d4d938a88324c -Author: millert@openbsd.org <millert@openbsd.org> -Date: Tue Jun 26 11:23:59 2018 +0000 +commit e5895e8ecfac65086ea6b34d0d168409a66a15e1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 10 04:58:45 2021 +0000 - upstream: Fix "WARNING: line 6 disappeared in /etc/moduli, giving up" + upstream: no need to reset buffer after send_msg() as that is done - when choosing a prime. An extra increment of linenum snuck in as part of the - conversion to getline(). OK djm@ markus@ + for us; patch from Mike Frysinger - OpenBSD-Commit-ID: 0019225cb52ed621b71cd9f19ee2e78e57e3dd38 + OpenBSD-Commit-ID: 565516495ff8362a38231e0f1a087b8ae66da59c -commit 1eee79a11c1b3594f055b01e387c49c9a6e80005 +commit 721948e67488767df0fa0db71ff2578ee2bb9210 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jul 2 14:13:30 2018 +0000 +Date: Sat Mar 13 01:52:16 2021 +0000 - upstream: One ampersand is enough to backgroud an process. OpenBSD + upstream: Add TEST_SSH_MODULI_FILE variable to allow overriding of the - doesn't seem to mind, but some platforms in -portable object to the second. + moduli file used during the test run. - OpenBSD-Regress-ID: d6c3e404871764343761dc25c3bbe29c2621ff74 + OpenBSD-Regress-ID: be10f785263120edb64fc87db0e0d6570a10220a -commit 6301e6c787d4e26bfae1119ab4f747bbcaa94e44 +commit 82fef71e20ffef425b932bec26f5bc46aa1ed41c Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jul 2 21:16:58 2018 +1000 +Date: Fri Mar 12 15:58:57 2021 +1100 - Add implementation of getline. + Allow (but return EACCES) fstatat64 in sandbox. - Add getline for the benefit of platforms that don't have it. Sourced - from NetBSD (OpenBSD's implementation is a little too chummy with the - internals of FILE). + This is apparently used in some configurations of OpenSSL when glibc + has getrandom(). bz#3276, patch from Kris Karas, ok djm@ -commit 84623e0037628f9992839063151f7a9f5f13099a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 26 02:02:36 2018 +0000 +commit 1cd67ee15ce3d192ab51be22bc4872a6a7a4b6d9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 12 13:16:10 2021 +1100 - upstream: whitespace + Move generic includes outside of ifdef. - OpenBSD-Commit-ID: 9276951caf4daf555f6d262e95720e7f79244572 + This ensures that the macros in log.h are defined in the case where + either of --with-solaris-projects or --with-solaris-privs are used + without --with-solaris-contracts. bz#3278. -commit 90e51d672711c19a36573be1785caf35019ae7a8 +commit 2421a567a8862fe5102a4e7d60003ebffd1313dd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 10 17:41:21 2021 +1100 + + Import regenerated moduli file. + +commit e99080c05d9d48dbbdb022538533d53ae1bd567d +Author: millert@openbsd.org <millert@openbsd.org> +Date: Sat Mar 6 20:36:31 2021 +0000 + + upstream: Fix PRINT macro, the suffix param to sshlog() was missing. + + Also remove redundant __func__ prefix from PRINT calls as the macro already + adds __FILE__, __func__ and __LINE__. From Christos Zoulas. OK dtucker@ + + OpenBSD-Commit-ID: 01fdfa9c5541151b5461d9d7d6ca186a3413d949 + +commit 160db17fc678ceb5e3fd4a7e006cc73866f484aa Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jun 25 22:28:33 2018 +0000 +Date: Wed Mar 3 22:41:49 2021 +0000 - upstream: fix NULL dereference in open_listen_match_tcpip() + upstream: don't sshbuf_get_u32() into an enum; reported by goetze - OpenBSD-Commit-ID: c968c1d29e392352383c0f9681fcc1e93620c4a9 + AT dovetail.com via bz3269 + + OpenBSD-Commit-ID: 99a30a8f1df9bd72be54e21eee5c56a0f050921a -commit f535ff922a67d9fcc5ee69d060d1b21c8bb01d14 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue Jun 19 05:36:57 2018 +0000 +commit cffd033817a5aa388764b6661855dcdaabab0588 +Author: sthen@openbsd.org <sthen@openbsd.org> +Date: Wed Mar 3 21:40:16 2021 +0000 - upstream: spelling; + upstream: typo in other_hostkeys_message() display output, ok djm - OpenBSD-Commit-ID: db542918185243bea17202383a581851736553cc + OpenBSD-Commit-ID: 276f58afc97b6f5826e0be58380b737603dbf5f5 -commit 80e199d6175904152aafc5c297096c3e18297691 +commit 7fe141b96b13bd7dc67ca985e14d55b9bd8a03fd Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 19 03:02:17 2018 +0000 +Date: Wed Mar 3 08:42:52 2021 +0000 - upstream: test PermitListen with bare port numbers + upstream: needs FILE*; from Mike Frysinger - OpenBSD-Regress-ID: 4b50a02dfb0ccaca08247f3877c444126ba901b3 + OpenBSD-Commit-ID: dddb3aa9cb5792eeeaa37a1af67b5a3f25ded41d + +commit d2afd717e62d76bb41ab5f3ab4ce6f885c8edc98 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 2 21:31:47 2021 +1100 + + update depend + +commit f0c4eddf7cf224ebcac1f07ac8afdb30c6e9fe0a +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 2 21:30:14 2021 +1100 -commit 87ddd676da0f3abd08b778b12b53b91b670dc93c + update relnotes URL + +commit 67a8bb7fe62a381634db4c261720092e7d514a3d +Author: Damien Miller <djm@mindrot.org> +Date: Tue Mar 2 21:29:54 2021 +1100 + + update RPM spec version numbers + +commit 0a4b23b11b9a4e6eec332dd5c6ab2ac6f62aa164 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 19 02:59:41 2018 +0000 +Date: Tue Mar 2 01:48:18 2021 +0000 - upstream: allow bare port numbers to appear in PermitListen directives, + upstream: openssh-8.5 - e.g. + OpenBSD-Commit-ID: 185e85d60fe042b8f8fa1ef29d4ef637bdf397d6 + +commit de3866383b6720ad4cad83be76fe4c8aa111a249 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 1 21:13:24 2021 +1100 + + Only upload config logs if configure fails. + +commit 85ff2a564ce838f8690050081176c1de1fb33116 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Feb 28 22:56:30 2021 +0000 + + upstream: Add %k to list of keywords. From - PermitListen 2222 8080 + =?UTF-8?q?=20Eero=20H=C3=A4kkinenvia=20bz#3267?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - is equivalent to: + OpenBSD-Commit-ID: 9c87f39a048cee2a7d1c8bab951b2f716256865e + +commit e774bac35933e71f924f4301786e7fb5bbe1422f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Feb 28 01:50:47 2021 +0000 + + upstream: Do not try to reset signal handler for signal 0 in - PermitListen *:2222 *:8080 + subprocess. Prevents spurious debug message. ok djm@ - Some bonus manpage improvements, mostly from markus@ + OpenBSD-Commit-ID: 7f9785e292dcf304457566ad4637effd27ad1d46 + +commit 351c5dbbd74ce300c4f058112f9731c867c6e225 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Feb 27 23:42:37 2021 +0000 + + upstream: fix alphabetic ordering of options; spotted by Iain Morgan - "looks fine" markus@ + OpenBSD-Commit-ID: f955fec617d74af0feb5b275831a9fee813d7ad5 + +commit 0d1c9dbe578597f8d45d3ac7690df10d32d743e5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 27 12:25:25 2021 +1100 + + zlib is now optional. + +commit b7c6ee7b437d9adfd19ef49d6c0f19f13f26f9b3 +Author: Jeffrey H. Johnson <61629094+johnsonjh@users.noreply.github.com> +Date: Sat Feb 27 01:04:58 2021 +0000 + + Fix punctuatio and typo in README.md. - OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24 + Some very minor fixes, missing 's' and punctuation. -commit 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 15 07:01:11 2018 +0000 +commit 6248b86074804983e8f7a2058856a516dbfe2924 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 26 16:45:50 2021 +1100 - upstream: invalidate supplemental group cache used by + Revert "ssh: optional bind interface if bind address specified." - temporarily_use_uid() when the target uid differs; could cause failure to - read authorized_keys under some configurations. patch by Jakub Jelen via - bz2873; ok dtucker, markus + This reverts commit 5a878a71a3528c2626aa1d331934fd964782d41c. - OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1 + Apologies - I accidentally pushed this. -commit 89a85d724765b6b82e0135ee5a1181fdcccea9c6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jun 10 23:45:41 2018 +0000 +commit 493339a940b13be6071629c3c2dd5a3b6fc17023 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 26 15:45:38 2021 +1100 - upstream: unbreak SendEnv; patch from tb@ + detech BSD libc hash functions in libbsd / libmd - OpenBSD-Commit-ID: fc808daced813242563b80976e1478de95940056 + Some Linux distributions are shipping the BSD-style hashing functions + (e.g. SHA256Update) in libbsd and/or libmd. Detect this situation to + avoid header/replacement clashes later. ok dtucker@ -commit acf4260f0951f89c64e1ebbc4c92f451768871ad -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Jun 9 06:36:31 2018 +0000 +commit 5a878a71a3528c2626aa1d331934fd964782d41c +Author: Dmitrii Turlupov <dturlupov@factor-ts.ru> +Date: Thu Feb 4 16:27:31 2021 +0300 - upstream: sort previous; + ssh: optional bind interface if bind address specified. - OpenBSD-Commit-ID: 27d80d8b8ca99bc33971dee905e8ffd0053ec411 + Allows the -b and -B options to be used together. + For example, when the interface is in the VRF. -commit 1678d4236451060b735cb242d2e26e1ac99f0947 +commit 1fe4d70df94d3bcc2b35fd57cad6b5fc4b2d7b16 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 9 03:18:11 2018 +0000 +Date: Fri Feb 26 04:18:42 2021 +0000 - upstream: slightly better wording re handing of $TERM, from Jakub + upstream: remove this KEX fuzzer; it's awkward to use and doesn't play + + nice with popular fuzzing drivers like libfuzzer. AFAIK nobody has used it + but me. - Jelen via bz2386 + OpenBSD-Regress-ID: cad919522b3ce90c147c95abaf81b0492ac296c9 + +commit 24a3a67bd7421740d08803b84bd784e764107928 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 26 11:49:19 2021 +1100 + + Remove macos-11.00 PAM test target too. - OpenBSD-Commit-ID: 14bea3f069a93c8be66a7b97794255a91fece964 + These are failing apparently due to some kind of infrastructure problem, + making it look like every commit is busted. -commit 28013759f09ed3ebf7e8335e83a62936bd7a7f47 +commit 473201783f732ca8b0ec528b56aa55fa0d8cf717 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 9 03:03:10 2018 +0000 +Date: Fri Feb 26 00:16:58 2021 +0000 - upstream: add a SetEnv directive for sshd_config to allow an + upstream: a bit more debugging behind #ifdef DEBUG_SK - administrator to explicitly specify environment variables set in sessions - started by sshd. These override the default environment and any variables set - by user configuration (PermitUserEnvironment, etc), but not the SSH_* - variables set by sshd itself. + OpenBSD-Commit-ID: d9fbce14945721061cb322f0084c2165d33d1993 + +commit fd9fa76a344118fe1ef10b9a6c9e85d39599e9a8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 26 01:15:10 2021 +1100 + + Remove macos-11.0 from the test target list. - ok markus@ + It has been consistently failing for the past few days with a github + actions internal error. + +commit 476ac8e9d33dbf96ef97aab812b8d7089d0cdc24 +Author: Philip Hands <phil@hands.com> +Date: Wed Feb 24 23:43:16 2021 +0100 + + tidy the $INSTALLKEY_SH code layout a little - OpenBSD-Commit-ID: b6a96c0001ccd7dd211df6cae9e961c20fd718c0 + SSH-Copy-ID-Upstream: 78178aa5017222773e4c23d9001391eeaeca8983 -commit 7082bb58a2eb878d23ec674587c742e5e9673c36 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 9 03:01:12 2018 +0000 +commit 983e05ef3b81329d76d6a802b39ad0d1f637c06c +Author: Jakub Jelen <jjelen@redhat.com> +Date: Tue Sep 29 10:02:45 2020 +0000 - upstream: add a SetEnv directive to ssh_config that allows setting + if unable to add a missing newline, fail - environment variables for the remote session (subject to the server accepting - them) + SSH-Copy-ID-Upstream: 76b25e18f55499ea9edb4c4d6dc4a80bebc36d95 + +commit 3594b3b015f6014591da88ba71bf6ff010be7411 +Author: Philip Hands <phil@hands.com> +Date: Tue Oct 13 14:12:58 2020 +0200 + + use $AUTH_KEY_DIR, now that we have it - refactor SendEnv to remove the arbitrary limit of variable names. + since that was a change made since jjelen's commit was written - ok markus@ + also, quote the variables - OpenBSD-Commit-ID: cfbb00d9b0e10c1ffff1d83424351fd961d1f2be + SSH-Copy-ID-Upstream: 588cd8e5cbf95f3443d92b9ab27c5d73ceaf6616 -commit 3b9798bda15bd3f598f5ef07595d64e23504da91 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 9 02:58:02 2018 +0000 +commit 333e25f7bc43cee6e36f766e39dad6f9918b318c +Author: Jakub Jelen <jjelen@redhat.com> +Date: Tue Sep 29 10:00:01 2020 +0000 - upstream: reorder child environment preparation so that variables + restorecon the correct directory - read from ~/.ssh/environment (if enabled) do not override SSH_* variables set - by the server. + if using different path for authorized_keys file - OpenBSD-Commit-ID: 59f9d4c213cdcef2ef21f4b4ae006594dcf2aa7a + SSH-Copy-ID-Upstream: 791a3df47b48412c726bff6f7b1d190721e65d51 -commit 0368889f82f63c82ff8db9f8c944d89e7c657db4 +commit 9beeab8a37a49a9e3ffb1972fff6621ee5bd7a71 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 8 03:35:36 2018 +0000 +Date: Thu Feb 25 03:27:34 2021 +0000 + + upstream: s/PubkeyAcceptedKeyTypes/PubkeyAcceptedAlgorithms/ + + OpenBSD-Regress-ID: 3dbc005fa29f69dc23d97e433b6dffed6fe7cb69 + +commit 2dd9870c16ddbd83740adeead5030d6840288c8f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 24 23:12:35 2021 +0000 - upstream: fix incorrect expansion of %i in + upstream: Rename pubkeyacceptedkeytypes to pubkeyacceptedalgorithms in - load_public_identity_files(); reported by Roumen Petrov + test to match change to config-dump output. - OpenBSD-Commit-ID: a827289e77149b5e0850d72a350c8b0300e7ef25 + OpenBSD-Regress-ID: 74c9a4ad50306be873d032819d5e55c24eb74d5d + +commit b9225c3a1c3f5827e31d5d64a71b8e0504a25619 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 24 01:18:08 2021 +0000 -commit 027607fc2db6a0475a3380f8d95c635482714cb0 + upstream: Put obsolete aliases for hostbasedalgorithms and + + pubkeyacceptedalgorithms after their current names so that the config-dump + mode finds and uses the current names. Spotted by Phil Pennock. + + OpenBSD-Commit-ID: 5dd10e93cccfaff3aaaa09060c917adff04a9b15 + +commit 8b8b60542d6652b2c91e0ef9e9cc81bcb65e6b42 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 8 01:55:40 2018 +0000 +Date: Tue Feb 23 21:55:08 2021 +0000 - upstream: fix some over-long lines and __func__ up some debug + upstream: lots more s/key types/signature algorithms/ mostly in - messages + HostbasedAcceptedAlgorithms and HostKeyAlgorithms; prompted by Jakub Jelen - OpenBSD-Commit-ID: c70a60b4c8207d9f242fc2351941ba50916bb267 + OpenBSD-Commit-ID: 3f719de4385b1a89e4323b2549c66aae050129cb -commit 6ff6fda705bc204456a5fa12518dde6e8790bb02 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Jun 7 11:26:14 2018 +0000 +commit 0aeb508aaabc4818970c90831e3d21843c3c6d09 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 23 21:50:18 2021 +0000 - upstream: tweak previous; + upstream: Correct reference to signature algorithms as keys; from - OpenBSD-Commit-ID: f98f16af10b28e24bcecb806cb71ea994b648fd6 + Jakub Jelen + + OpenBSD-Commit-ID: 36f7ecee86fc811aa0f8e21e7a872eee044b4be5 -commit f2c06ab8dd90582030991f631a2715216bf45e5a +commit f186a020f2ba5f9c462a23293750e29ba0a746b1 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 8 17:43:36 2018 +1000 +Date: Tue Feb 23 16:05:22 2021 +1100 - Remove ability to override $LD. - - Since autoconf always uses $CC to link C programs, allowing users to - override LD caused mismatches between what LD_LINK_IFELSE thought worked - and what ld thought worked. If you do need to do this kind of thing you - need to set a compiler flag such as gcc's -fuse-ld in LDFLAGS. + Add a couple more test VMs. -commit e1542a80797b4ea40a91d2896efdcc76a57056d2 +commit ffcdd3d90e74176b3bb22937ad1f65a6c1cd3f9d Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jun 8 13:55:59 2018 +1000 +Date: Mon Feb 22 08:09:27 2021 +1100 - Better detection of unsupported compiler options. + Valgrind test: split and move up list. - Should prevent "unsupported -Wl,-z,retpoline" warnings during linking. - ok djm@ + Since the valgrind test takes so long it approaches the limit allowed by + github, move it to the head of the list so it's the first one started and + split the longest tests out into a second instance that runs concurrently + with the first. -commit 57379dbd013ad32ee3f9989bf5f5741065428360 +commit c3b1636770785cc2830dedd0f22ef7d3d3491d6d Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 7 14:29:43 2018 +0000 +Date: Tue Feb 23 00:05:31 2021 +0000 - upstream: test the correct configuration option name + upstream: warn when the user specifies a ForwardAgent path that does + + not exist and exit if ExitOnForwardFailure is set; bz3264 - OpenBSD-Regress-ID: 492279ea9f65657f97a970e0e7c7fd0b339fee23 + OpenBSD-Commit-ID: 72f7875865e723e464c71bf8692e83110699bf26 -commit 6d41815e202fbd6182c79780b6cc90e1ec1c9981 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 7 09:26:42 2018 +0000 +commit 5fcb0514949d61aadaf4a89cf16eb78fb47491ec +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 20 13:34:02 2021 +1100 - upstream: some permitlisten fixes from markus@ that I missed in my + Disable rlimit sandbox, doesn't work with valgrind - insomnia-fueled commits last night + Only run regress tests, runing unit tests as well makes it run longer + than allowed y github. + +commit bb0b9bf45396c19486080d3eb0a159f94de7e6ba +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 20 13:06:25 2021 +1100 + + Upload valgrind logs on failure. + +commit ebb3b75e974cb241c6b9b9f5881b09c7bd32b651 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 19 22:18:50 2021 +1100 + + Rename "vm" to "os" in selfhosted to match c-cpp. - OpenBSD-Commit-ID: 26f23622e928996086e85b1419cc1c0f136e359c + Should make it easier to share code or maybe merge at some point. -commit 4319f7a868d86d435fa07112fcb6153895d03a7f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 7 04:46:34 2018 +0000 +commit 76c0be0fe0465cb2b975dbd409f8d38b55e55bcb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 19 22:15:22 2021 +1100 - upstream: permitlisten/PermitListen unit test from Markus + Upload regress failure logs in c-cpp too. + +commit 8751b6c3136f5225c40f41bbf29aa29e15795f6e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 19 22:13:36 2021 +1100 + + Comment out Solaris 64bit PAM build... - OpenBSD-Regress-ID: ab12eb42f0e14926980441cf7c058a6d1d832ea5 + until I can figure out why it's failing. + +commit e9f6d563c06886b277c6b9abafa99fa80726dc48 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 19 10:20:17 2021 +1100 + + Actually run Valgrind tests. + +commit 41d232e226624f1a81c17091c36b44c9010aae62 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 19 10:16:56 2021 +1100 + + Add test against Valgrind. + +commit e6528d91f12fba05f0ea64224091c9d0f38bdf1d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 16:30:01 2021 +1100 + + Add fbsd12 test target. + +commit 6506cb2798d98ff03a7cc06567c392a81f540680 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 15:21:13 2021 +1100 + + Remove unused arg. -commit fa09076410ffc2d34d454145af23c790d728921e +commit 93c31a623973b0fad508214593aab6ca94b11dcb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 14:54:07 2021 +1100 + + Add DEBUG_SK to kitchensink builds. + +commit 65085740d3574eeb3289d592f042df62c2689bb0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 14:53:14 2021 +1100 + + Add bbone test target (arm32). + +commit 63238f5aed66148b8d6ca7bd5fb347d624200155 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 7 04:31:51 2018 +0000 +Date: Thu Feb 18 02:49:35 2021 +0000 - upstream: fix regression caused by recent permitlisten option commit: + upstream: Fix the hostkeys rotation extension documentation - authorized_keys lines that contained permitopen/permitlisten were being - treated as invalid. + The documentation was lacking the needed want-reply field in the initial + global request. - OpenBSD-Commit-ID: 7ef41d63a5a477b405d142dc925b67d9e7aaa31b + https://github.com/openssh/openssh-portable/pull/218 by dbussink + + OpenBSD-Commit-ID: 051824fd78edf6d647a0b9ac011bf88e28775054 -commit 7f90635216851f6cb4bf3999e98b825f85d604f8 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jun 6 18:29:18 2018 +0000 +commit 34c5ef6e2d06d9f0e20cb04a9aebf67a6f96609a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 18 02:15:07 2021 +0000 - upstream: switch config file parsing to getline(3) as this avoids + upstream: make names in function prototypes match those in - static limits noted by gerhard@; ok dtucker@, djm@ + definition from https://github.com/openssh/openssh-portable/pull/225 by + ZenithalHourlyRate - OpenBSD-Commit-ID: 6d702eabef0fa12e5a1d75c334a8c8b325298b5c + OpenBSD-Commit-ID: 7c736307bf3f2c7cb24d6f82f244eee959485acd -commit 392db2bc83215986a91c0b65feb0e40e7619ce7e +commit 88e3d4de31ab4f14cac658e9e0c512043b15b146 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 6 18:25:33 2018 +0000 +Date: Thu Feb 18 02:13:58 2021 +0000 - upstream: regress test for PermitOpen + upstream: unbreak SK_DEBUG builds + + from https://github.com/openssh/openssh-portable/pull/225 by + ZenithalHourlyRate - OpenBSD-Regress-ID: ce8b5f28fc039f09bb297fc4a92319e65982ddaf + OpenBSD-Commit-ID: 28d7259ce1b04d025411464decfa2f1a097b43eb -commit 803d896ef30758135e2f438bdd1a0be27989e018 +commit 788cbc5b74a53956ba9fff11e1ca506271a3597f Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 6 18:24:15 2018 +0000 +Date: Thu Feb 18 00:30:17 2021 +0000 - upstream: man bits for permitlisten authorized_keys option + upstream: sftp-server: implement limits@openssh.com extension + + This is a simple extension that allows the server to clearly + communicate transfer limits it is imposing so the client doesn't + have to guess, or force the user to manually tune. This is + particularly useful when an attempt to use too large of a value + causes the server to abort the connection. + + Patch from Mike Frysinger; ok dtucker@ - OpenBSD-Commit-ID: 86910af8f781a4ac5980fea125442eb25466dd78 + OpenBSD-Commit-ID: f96293221e5aa24102d9bf30e4f4ef04d5f4fb51 -commit 04df43208b5b460d7360e1598f876b92a32f5922 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 6 18:24:00 2018 +0000 +commit 324449a68d510720d0e4dfcc8e9e5a702fe6a48f +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 18 12:06:25 2021 +1100 - upstream: man bits for PermitListen + support OpenSSL 3.x cipher IV API change + + OpenSSL renamed the "get current CIPHER_CTX" IV operation in 3.x. + This uses the new name if available. - OpenBSD-Commit-ID: 35b200cba4e46a16a4db6a80ef11838ab0fad67c + https://github.com/openssl/openssl/issues/13411 + + bz#3238 ok dtucker@ -commit 93c06ab6b77514e0447fe4f1d822afcbb2a9be08 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 6 18:23:32 2018 +0000 +commit 845fe9811c047063d935eca89188ed55c993626b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 18 11:25:38 2021 +1100 - upstream: permitlisten option for authorized_keys; ok markus@ + prefer login_getpwclass() to login_getclass() + + FreeBSD has login_getpwclass() that does some special magic for + UID=0. Prefer this to login_getclass() as its easier to emulate + the former with the latter. - OpenBSD-Commit-ID: 8650883018d7aa893173d703379e4456a222c672 + Based on FreeBSD PR 37416 via Ed Maste; ok dtucker@ -commit 115063a6647007286cc8ca70abfd2a7585f26ccc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 6 18:22:41 2018 +0000 +commit d0763c8d566119cce84d9806e419badf20444b02 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 10:45:27 2021 +1100 - upstream: Add a PermitListen directive to control which server-side + Fixing quoting for installing moduli on target guest. + +commit b3afc243bc820f323a09e3218e9ec8a30a3c1933 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 10:27:16 2021 +1100 + + Install moduli on target not host. + +commit f060c2bc85d59d111fa18a12eb3872ee4b9f7e97 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 18 10:33:58 2021 +1100 + + don't free string returned by login_getcapstr(3) - addresses may be listened on when the client requests remote forwarding (ssh - -R). + OpenBSD and NetBSD require the caller to free strings returned + bu the login_* functions, but FreeBSD requires that callers don't. - This is the converse of the existing PermitOpen directive and this - includes some refactoring to share much of its implementation. + Fortunately in this case, we can harmlessly leak as the process is + about to exec the shell/command. - feedback and ok markus@ + From https://reviews.freebsd.org/D28617 via Ed Maste; ok dtucker@ + +commit bc9b0c25703215501da28aa7a6539f96c0fa656f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 10:10:00 2021 +1100 + + Skip unit tests on sol11 to speed things up. + +commit 161873035c12cc22211fc73d07170ade47746bc5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 10:09:27 2021 +1100 + + Remove SKIP_UNIT as it needs to be a make arg. + +commit 1c293868e4b4e8e74e3ea15b8dff90f6b089967a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 10:05:03 2021 +1100 + + Always intall moduli. - OpenBSD-Commit-ID: 15a931238c61a3f2ac74ea18a98c933e358e277f + Allows us to run tests without falling back to a fixed modulus. Ensure that + the directory exists. + +commit 5c8f41ad100601ec2fdcbccdfe92890c31f81bbe +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 09:59:09 2021 +1100 + + Quote SSHD_CONFOPTS in case it contains spaces. + +commit 4653116c1f5384ea7006e6396d9b53c33d218975 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 18 09:51:18 2021 +1100 + + Fix labels on targets (dots vs underscores). + +commit 4512047f57ca3c6e8cd68f0cc69be59e98b25287 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 17 21:47:48 2021 +1100 + + More compact representation of config matrix. + +commit 0406cd09f05c2e419b113dd4c0eac8bc34ec915b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 17 21:19:18 2021 +1100 + + Skip unit tests on hosted VMs to speed things up. + +commit 4582612e6147d766c336198c498740242fb8f1ec +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 17 20:21:29 2021 +1100 + + Merge macos and ubuntu tests. -commit 7703ae5f5d42eb302ded51705166ff6e19c92892 +commit 09f4b84654b71099559492e9aed5e1a38bf24815 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jun 6 16:04:29 2018 +1000 +Date: Wed Feb 17 18:41:30 2021 +1100 - Use ssh-keygen -A to generate missing host keys. + Convert most github hosted tests to new config structure. + +commit 65380ff7e054be1454e5ab4fd7bb9c66f8fcbaa9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 17 18:27:36 2021 +1100 + + Only run selfhosted tests from selfhosted repo. + +commit f031366535650b88248ed7dbf23033afdf466240 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 15 14:11:43 2021 +1100 + + Add self-hosted runners for VMs of other platforms. + + Github only hosts a limited number of platforms, and the runner code + is only supported on slightly wider range of platforms. To increase + our test coverage beyond that, we run the runner natively on a VM host, + where it runs a jobs that boot VMs of other platforms, waits for them + to come up then runs the build and test by ssh'ing into the guest. + This means that the minimum dependencies for the guests are quite low + (basically just sshd, a compiler and make). - Instead of testing for each specific key type, use ssh-keygen -A to - generate any missing host key types. + The interface to the VM host is fairly simple (basically 3 scripts: + vmstartup, vmrun and vmshutdown), but those are specific to the VM host + so are not in the public repo. We also mount the working directory on the + host via sshfs, so things like artifact upload by the runner also work. + + As part of this we are moving the per-test-target configs into a single + place (.github/configs) where there will be referenced by a single short + "config" key. I plan to make the github-hosted runners use this too. + + The self-hosted runners are run off a private repo on github since that + prevents third parties from accessing them[0], and since runner quota is + limited on private repos, we avoid running the tests we run on the public + repo. + + [0] https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories -commit e8d59fef1098e24f408248dc64e5c8efa5d01f3c -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Jun 1 06:23:10 2018 +0000 +commit 64bbd7444d658ef7ee14a7ea5ccc7f5810279ee7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 17 03:59:00 2021 +0000 - upstream: add missing punctuation after %i in ssh_config.5, and + upstream: Make sure puttygen is new enough to successfully run the - make the grammatical format in sshd_config.5 match that in ssh_config.5; + PuTTY interop tests, otherwise skip them. - OpenBSD-Commit-ID: e325663b9342f3d556e223e5306e0d5fa1a74fa0 + OpenBSD-Regress-ID: 34565bb50b8aec58331ed02a5e9e0a9a929bef51 -commit a1f737d6a99314e291a87856122cb4dbaf64c641 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Jun 1 05:52:26 2018 +0000 +commit da0a9afcc446a30ca49dd216612c41ac3cb1f2d4 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Mon Feb 15 20:43:15 2021 +0000 - upstream: oops - further adjustment to text neccessary; + upstream: ssh: add PermitRemoteOpen for remote dynamic forwarding + + with SOCKS ok djm@, dtucker@ - OpenBSD-Commit-ID: 23585576c807743112ab956be0fb3c786bdef025 + OpenBSD-Commit-ID: 64fe7b6360acc4ea56aa61b66498b5ecc0a96a7c -commit 294028493471e0bd0c7ffe55dc0c0a67cba6ec41 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Jun 1 05:50:18 2018 +0000 +commit b696858a7f9db72a83d02cb6edaca4b30a91b386 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Mon Feb 15 20:36:35 2021 +0000 - upstream: %U needs to be escaped; tweak text; + upstream: factor out opt_array_append; ok djm@ - OpenBSD-Commit-ID: 30887b73ece257273fb619ab6f4e86dc92ddc15e + OpenBSD-Commit-ID: 571bc5dd35f99c5cf9de6aaeac428b168218e74a -commit e5019da3c5a31e6e729a565f2b886a80c4be96cc -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 1 04:31:48 2018 +0000 +commit ad74fc127cc45567e170e8c6dfa2cfd9767324ec +Author: dlg@openbsd.org <dlg@openbsd.org> +Date: Mon Feb 15 11:09:22 2021 +0000 - upstream: Apply umask to all incoming files and directories not + upstream: ProxyJump takes "none" to disable processing like - just files. This makes sure it gets applied to directories too, and prevents - a race where files get chmodded after creation. bz#2839, ok djm@ + ProxyCommand does - OpenBSD-Commit-ID: 3168ee6c7c39093adac4fd71039600cfa296203b + ok djm@ jmc@ + + OpenBSD-Commit-ID: 941a2399da2193356bdc30b879d6e1692f18b6d3 -commit a1dcafc41c376332493b9385ee39f9754dc145ec +commit 16eacdb016ccf38dd9959c78edd3a6282513aa53 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 1 03:52:37 2018 +0000 +Date: Fri Feb 12 03:49:09 2021 +0000 - upstream: Adapt to extra default verboisity from ssh-keygen when + upstream: sftp: add missing lsetstat@openssh.com documentation - searching for and hashing known_hosts entries in a single operation - (ssh-keygen -HF ...) Patch from Anton Kremenetsky + patch from Mike Frysinger - OpenBSD-Regress-ID: 519585a4de35c4611285bd6a7272766c229b19dd + OpenBSD-Commit-ID: 9c114db88d505864075bfe7888b7c8745549715b -commit 76f314c75dffd4a55839d50ee23622edad52c168 +commit e04fd6dde16de1cdc5a4d9946397ff60d96568db Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue May 22 00:22:49 2018 +0000 +Date: Fri Feb 12 03:14:18 2021 +0000 - upstream: Add TEST_SSH_FAIL_FATAL variable, to force all failures + upstream: factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own - to instantly abort the test. Useful in capturing clean logs for individual - failure cases. + function and remove an unused variable; ok dtucker@ - OpenBSD-Regress-ID: feba18cf338c2328b9601bd4093cabdd9baa3af1 + OpenBSD-Commit-ID: e1a938657fbf7ef0ba5e73b30365734a0cc96559 -commit 065c8c055df8d83ae7c92e5e524a579d87668aab -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri May 11 03:51:06 2018 +0000 +commit 1bb130ed34721d46452529d094d9bbf045607d79 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 11 10:18:05 2021 +1100 - upstream: Clean up comment. + Add __NR_futex_time64 to seccomp sandbox. - OpenBSD-Regress-ID: 6adb35f384d447e7dcb9f170d4f0d546d3973e10 + This is apparently needed for (some) 32 bit platforms with glibc 2.33. + Patch from nix at esperi.org.uk and jjelen at redhat.com via bz#3260. -commit 01b048c8eba3b021701bd0ab26257fc82903cba8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 1 04:21:29 2018 +0000 +commit f88a7a431212a16e572ecabd559e632f369c363e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 6 09:37:01 2021 +1100 - upstream: whitespace + Add a hostname function for systems that don't have it. - OpenBSD-Commit-ID: e5edb5e843ddc9b73a8e46518899be41d5709add + Some systems don't have a hostname command (it's not required by POSIX). + The do have uname -n (which is), but as found by tim@ some others (eg + UnixWare) do not report the FQDN from uname -n. -commit 854ae209f992465a276de0b5f10ef770510c2418 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 1 04:05:29 2018 +0000 +commit 5e385a71ef2317856f37c91a98658eb12eb5a89c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 5 22:03:40 2021 +0000 - upstream: make ssh_remote_ipaddr() capable of being called after + upstream: Roll back the hostname->uname change in rev 1.10. It turns - the ssh->state has been torn down; bz#2773 + out uname -n doesn't do what we need for some platforms in portable, so we'll + fix the original problem (that some other platforms don't have hostname at + all) by providing wrapper function to implement it. - OpenBSD-Commit-ID: 167f12523613ca3d16d7716a690e7afa307dc7eb + OpenBSD-Regress-ID: 827a707d6201d5a8e196a8c28aec1d2c76c52341 -commit 3e088aaf236ef35beeef3c9be93fd53700df5861 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 1 03:51:34 2018 +0000 +commit b446c214279de50ed8388e54897eb1be5281c894 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 5 06:01:58 2021 +0000 - upstream: return correct exit code when searching for and hashing + upstream: hostname is not specified by POSIX but uname -n is, so use - known_hosts entries in a single operation (ssh-keygen -HF hostname); bz2772 - Report and fix from Anton Kremenetsky + the latter for portability. Patch from Geert Hendrickx via github PR#208. - OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58 + OpenBSD-Regress-ID: d6a79c7c4d141a0d05ade4a042eb57dddbce89f3 -commit 9c935dd9bf05628826ad2495d3e8bdf3d3271c21 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 1 03:33:53 2018 +0000 +commit 1cb6ce98d658e5fbdae025a3bd65793980e3b5d9 +Author: David Carlier <devnexen@gmail.com> +Date: Sat Nov 21 12:22:23 2020 +0000 - upstream: make UID available as a %-expansion everywhere that the + Using explicit_memset for the explicit_bzero compatibility layer. - username is available currently. In the client this is via %i, in the server - %U (since %i was already used in the client in some places for this, but used - for something different in the server); bz#2870, ok dtucker@ + Favoriting the native implementation in this case. + +commit 2e0beff67def2120f4b051b1016d7fbf84823e78 +Author: Luca Weiss <luca@z3ntu.xyz> +Date: Sun Nov 8 14:19:23 2020 +0100 + + Deny (non-fatal) statx in preauth privsep child. + +commit a35d3e911e193a652bd09eed40907e3e165b0a7b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 5 02:20:23 2021 +0000 + + upstream: Remove debug message from sigchld handler. While this + + works on OpenBSD it can cause problems on other platforms. From kircherlike + at outlook.com via bz#3259, ok djm@ - OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95 + OpenBSD-Commit-ID: 3e241d7ac1ee77e3de3651780b5dc47b283a7668 -commit d8748b91d1d6c108c0c260ed41fa55f37b9ef34b +commit 69338ab46afe9e3dfb7762ad65351d854077c998 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 1 03:11:49 2018 +0000 +Date: Tue Feb 2 22:36:59 2021 +0000 - upstream: prefer argv0 to "ssh" when re-executing ssh for ProxyJump - - directive; bz2831, feedback and ok dtucker@ + upstream: whitespace - OpenBSD-Commit-ID: 3cec709a131499fbb0c1ea8a0a9e0b0915ce769e + OpenBSD-Commit-ID: 544bb092e03fcbecb420196cd0f70af13ea868ad -commit fbb4b5fd4f8e0bb89732670a01954e18b69e15ba +commit f71219a01d8f71c4b3ed7e456337a84ddba1653e Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri May 25 07:11:01 2018 +0000 +Date: Tue Feb 2 22:36:46 2021 +0000 - upstream: Do not ban PTY allocation when a sshd session is restricted + upstream: fix memleaks in private key deserialisation; enforce more - because the user password is expired as it breaks password change dialog. + consistency between redundant fields in private key certificate and private + key body; ok markus@ - regression in openssh-7.7 reported by Daniel Wagner + OpenBSD-Commit-ID: dec344e414d47f0a7adc13aecf3760fe58101240 + +commit 3287790e78bf5b53c4a3cafb67bb5aa03e3910f0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 2 22:35:14 2021 +0000 + + upstream: memleak on error path; ok markus@ - OpenBSD-Commit-ID: 9fc09c584c6f1964b00595e3abe7f83db4d90d73 + OpenBSD-Commit-ID: 2091a36d6ca3980c81891a6c4bdc544e63cb13a8 -commit f6a59a22b0c157c4c4e5fd7232f868138223be64 +commit 3dd0c64e08f1bba21d71996d635c7256c8c139d1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri May 25 04:25:46 2018 +0000 +Date: Sun Jan 31 22:55:29 2021 +0000 - upstream: Fix return value confusion in several functions (readdir, + upstream: more strictly enforce KEX state-machine by banning packet - download and fsync). These should return -1 on error, not a sftp status code. + types once they are received. Fixes memleak caused by duplicate + SSH2_MSG_KEX_DH_GEX_REQUEST (spotted by portable OpenSSH kex_fuzz via + oss-fuzz #30078). - patch from Petr Cerny in bz#2871 + ok markus@ - OpenBSD-Commit-ID: 651aa0220ad23c9167d9297a436162d741f97a09 + OpenBSD-Commit-ID: 87331c715c095b587d5c88724694cdeb701c9def -commit 1da5934b860ac0378d52d3035b22b6670f6a967e +commit 7a92a324a2e351fabd0ba8ef9b434d3b12d54ee3 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri May 25 03:20:59 2018 +0000 +Date: Sun Jan 31 10:50:10 2021 +0000 - upstream: If select() fails in ssh_packet_read_seqnr go directly to + upstream: Set linesize returned by getline to zero when freeing and - the error path instead of trying to read from the socket on the way out, - which resets errno and causes the true error to be misreported. ok djm@ + NULLing the returned string. OpenBSD's getline handles this just fine, but + some implementations used by -portable do not. ok djm@ - OpenBSD-Commit-ID: 2614edaadbd05a957aa977728aa7a030af7c6f0a + OpenBSD-Commit-ID: 4d7bd5169d3397654247db9655cc69a9908d165c -commit 4ef75926ef517d539f2c7aac3188b09f315c86a7 +commit a5dfc5bae8c16e2a7caf564758d812c7672480b5 Author: Damien Miller <djm@mindrot.org> -Date: Fri May 25 13:36:58 2018 +1000 +Date: Sat Jan 30 16:32:29 2021 +1100 - Permit getuid()/geteuid() syscalls. + allow a fuzz case to contain more than one request - Requested for Linux/s390; patch from Eduardo Barretto via bz#2752; - ok dtucker + loop until input buffer empty, no message consumed or 256 messages + processed -commit 4b22fd8ecefd059a66140be67f352eb6145a9d88 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue May 22 00:13:26 2018 +0000 +commit 0ef24ad60204022f7e33b6e9d171172c50514132 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Jan 30 16:28:23 2021 +1100 - upstream: support ProxyJump=none to disable ProxyJump + expect fuzz cases to have length prefix - functionality; bz#2869 ok dtucker@ + might make life a little easier for the fuzzer, e.g. it can now + produce valid (multi-request) messages by smashing two cases together. + +commit de613f2713d2dfcd3b03c00e5558a40997f52712 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Jan 30 12:03:30 2021 +1100 + + ssh-agent fuzzer + +commit 7e96c877bcb2fb645355a687b8cb7347987c1c58 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Jan 30 12:02:46 2021 +1100 + + move keys out of kex_fuzz.cc into separate header - OpenBSD-Commit-ID: 1c06ee08eb78451b5837fcfd8cbebc5ff3a67a01 + add certificates and missing key types -commit f41bcd70f55b4f0fc4d8e1039cb361ac922b23fb -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 15 05:40:11 2018 +0000 +commit 76f46d75664fdaa1112739ca523ff85ee4eb52b4 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Jan 30 12:02:10 2021 +1100 + + some fixed test data (mostly keys) for fuzzing + +commit 7c2e3d6de1f2edb0c8b4725b4c2b56360e032b19 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 30 00:56:38 2021 +0000 - upstream: correct keyowrd name (permitemptypasswords); from brendan + upstream: add a SK_DUMMY_INTEGRATE define that allows the dummy - macdonell + security key middleware to be directly linked; useful for writing fuzzers, + etc. - OpenBSD-Commit-ID: ef1bdbc936b2ea693ee37a4c20a94d4d43f5fda3 + OpenBSD-Regress-ID: 0ebd00159b58ebd85e61d8270fc02f1e45df1544 -commit f18bc97151340127859634d20d79fd39ec8a7f39 +commit 1a4b92758690faa12f49079dd3b72567f909466d Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri May 11 04:01:11 2018 +0000 +Date: Fri Jan 29 06:29:46 2021 +0000 - upstream: Emphasise that -w implicitly sets Tunnel=point-to-point + upstream: fix the values of enum sock_type - and that users should specify an explicit Tunnel directive if they don't want - this. bz#2365. + OpenBSD-Commit-ID: 18d048f4dbfbb159ff500cfc2700b8fb1407facd + +commit 8afaa7d7918419d3da6c0477b83db2159879cb33 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 29 06:28:10 2021 +0000 + + upstream: give typedef'd struct a struct name; makes the fuzzer I'm - OpenBSD-Commit-ID: 1a8d9c67ae213ead180481900dbbb3e04864560d + writing a bit easier + + OpenBSD-Commit-ID: 1052ab521505a4d8384d67acb3974ef81b8896cb + +commit 1e660115f0c7c4a750cd31e468ff889f33dd8088 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jan 29 11:09:14 2021 +1100 + + fuzz diffie-hellman-group-exchange-sha1 kex too -commit 32e4e94e1511fe0020fbfbb62399d31b2d22a801 +commit be5f0048ea2aaeddd27be7dcca23aaad345fa16c Author: Damien Miller <djm@mindrot.org> -Date: Mon May 14 14:40:08 2018 +1000 +Date: Fri Jan 29 11:03:35 2021 +1100 + + support for running kex fuzzer with null cipher + +commit 3d59e88c0e42182c3749b446ccd9027933c84be4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 28 20:55:16 2021 +1100 - sync fmt_scaled.c + make with -j2 to use available CPUs. + +commit 66dd9ddb5d2ea8c407908c8e8468c9d6e71db05b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 28 14:31:01 2021 +1100 + + Add test against openssl head and libressl head. + +commit 237dbb34e24b6b7ea888d54bda4d17da0a0fd0fa +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 28 14:30:50 2021 +1100 + + Remove whitespace. + +commit d983e1732b8135d7ee8d92290d6dce35f736ab88 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 27 23:49:46 2021 +0000 + + upstream: fix leak: was double allocating kex->session_id buffer - revision 1.17 - date: 2018/05/14 04:39:04; author: djm; state: Exp; lines: +5 -2; - commitid: 53zY8GjViUBnWo8Z; - constrain fractional part to [0-9] (less confusing to static analysis); ok ian@ + OpenBSD-Commit-ID: 3765f4cc3ae1df874dba9102a3588ba7b48b8183 -commit 54268d589e85ecc43d3eba8d83f327bdada9d696 +commit 1134a48cdcef8e7363b9f6c73ebdd24405066738 Author: Damien Miller <djm@mindrot.org> -Date: Fri May 11 14:04:40 2018 +1000 +Date: Thu Jan 28 08:57:31 2021 +1100 + + correct kex name in disabled code + +commit 67f47f1965abafc1830a287761125c2f4790857e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 27 10:15:08 2021 +0000 + + upstream: this needs kex.h now + + OpenBSD-Commit-ID: c5a42166c5aa002197217421a971e48be7cb5d41 + +commit 39be3dc209f28f9c1ebfeba42adde8963b01e1cd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 27 10:05:28 2021 +0000 - fix key-options.sh on platforms without openpty(3) + upstream: make ssh->kex->session_id a sshbuf instead of u_char*/size_t - Skip the pty tests if the platform lacks openpty(3) and has to chown(2) - the pty device explicitly. This typically requires root permissions that - this test lacks. + and use that instead of global variables containing copies of it. feedback/ok + markus@ - bz#2856 ok dtucker@ + OpenBSD-Commit-ID: a4b1b1ca4afd2e37cb9f64f737b30a6a7f96af68 -commit b2140a739be4c3b43cc1dc08322dca39a1e39d20 +commit 4ca6a1fac328477c642329676d6469dba59019a3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri May 11 03:38:51 2018 +0000 +Date: Wed Jan 27 09:26:53 2021 +0000 - upstream: implement EMFILE mitigation for ssh-agent: remember the + upstream: remove global variable used to stash compat flags and use the - fd rlimit and stop accepting new connections when it is exceeded (with some - grace). Accept is resumed when enough connections are closed. + purpose-built ssh->compat variable instead; feedback/ok markus@ - bz#2576. feedback deraadt; ok dtucker@ + OpenBSD-Commit-ID: 7c4f200e112dae6bcf99f5bae1a5629288378a06 + +commit bba229b6f3328171f5e3ae85de443002523c0452 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 27 12:34:07 2021 +1100 + + Install moduli file before tests. - OpenBSD-Commit-ID: 6a85d9cec7b85741961e7116a49f8dae777911ea + Reduces warnings during test runs. + +commit 1b83185593a90a73860a503d753a95ca6d726c00 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 27 11:58:26 2021 +1100 + + Run one test with -Werror to catch warnings. -commit fdba503fdfc647ee8a244002f1581e869c1f3d90 +commit d1532d90074b212054d5fd965f833231b09982f5 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri May 11 03:22:55 2018 +0000 +Date: Wed Jan 27 00:37:26 2021 +0000 - upstream: Explicit cast when snprintf'ing an uint64. Prevents + upstream: Logical not bitwise or. ok djm@ - warnings on platforms where int64 is long not long long. ok djm@ + OpenBSD-Commit-ID: d4dc855cf04951b93c45caa383e1ac9af0a3b0e5 + +commit 507b448a2465a53ab03a88acbc71cc51b48ca6ac +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Tue Jan 26 15:40:17 2021 +0000 + + upstream: move HostbasedAcceptedAlgorithms to the right place in + + alphabetical order - OpenBSD-Commit-ID: 9c5359e2fbfce11dea2d93f7bc257e84419bd001 + OpenBSD-Commit-ID: d766820d33dd874d944c14b0638239adb522c7ec -commit e7751aa4094d51a9bc00778aa8d07e22934c55ee -Author: bluhm@openbsd.org <bluhm@openbsd.org> -Date: Thu Apr 26 14:47:03 2018 +0000 +commit e26c980778b228bdd42b8353cc70101cf49b731b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jan 26 11:25:01 2021 +0000 - upstream: Since the previous commit, ssh regress test sftp-chroot was + upstream: Remove unused variables leftover from refactoring. ok - failing. The sftp program terminated with the wrong exit code as sftp called - fatal() instad of exit(0). So when the sigchld handler waits for the child, - remember that it was found. Then don't expect that main() can wait again. OK - dtucker@ + djm@ - OpenBSD-Commit-ID: bfafd940c0de5297940c71ddf362053db0232266 + OpenBSD-Commit-ID: 8b3ad58bff828fcf874e54b2fc27a4cf1d9505e8 -commit 7c15301841e2e9d37cae732400de63ae9c0961d6 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Apr 29 17:54:12 2018 +1000 +commit e9f78d6b06fc323bba1890b2dc3b8423138fb35c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jan 26 05:32:21 2021 +0000 - Use includes.h instead of config.h. + upstream: Rename HostbasedKeyTypes (ssh) and + + HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms, which more + accurately reflects its effect. This matches a previous change to + PubkeyAcceptedAlgorithms. The previous names are retained as aliases. ok + djm@ - This ensures it picks up the definition of DEF_WEAK, the lack of which - can cause compile errors in some cases (eg modern AIX). From - michael at felt.demon.nl. + OpenBSD-Commit-ID: 49451c382adc6e69d3fa0e0663eeef2daa4b199e -commit cec338967a666b7c8ad8b88175f2faeddf268116 +commit 48d0d7a4dd31154c4208ec39029d60646192f978 Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Apr 19 09:53:14 2018 +1000 +Date: Tue Jan 26 14:48:07 2021 +1100 - Omit 3des-cbc if OpenSSL built without DES. + Disable sntrup761 if compiler doesn't support VLAs. + + The sntrup761 code sourced from supercop uses variable length + arrays. Although widely supported, they are not part of the ANSI + C89 spec so if the compiler does not support VLAs, disable the + sntrup761x25519-sha512@openssh.com KEX method by replacing the kex + functions with no-op ones similar to what we do in kexecdh.c. - Patch from hongxu.jia at windriver.com, ok djm@ + This should allow OpenSSH to build with a plain C89 compiler again. + Spotted by tim@, ok djm@. -commit a575ddd58835759393d2dddd16ebe5abdb56485e +commit 37c70ea8d4f3664a88141bcdf0bf7a16bd5fd1ac Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Apr 16 22:50:44 2018 +0000 +Date: Tue Jan 26 00:54:49 2021 +0000 - upstream: Disable SSH2_MSG_DEBUG messages for Twisted Conch clients + upstream: refactor key constraint parsing in ssh-agent - without version numbers since they choke on them under some circumstances. - https://twistedmatrix.com/trac/ticket/9422 via Colin Watson + Key constraints parsing code previously existed in both the "add regular + key" and "add smartcard key" path. This unifies them but also introduces + more consistency checking: duplicated constraints and constraints that + are nonsensical for a particular situation (e.g. FIDO provider for a + smartcard key) are now banned. - Newer Conch versions have a version number in their ident string and - handle debug messages okay. https://twistedmatrix.com/trac/ticket/9424 + ok markus@ - OpenBSD-Commit-ID: 6cf7be262af0419c58ddae11324d9c0dc1577539 + OpenBSD-Commit-ID: 511cb1b1c021ee1d51a4c2d649b937445de7983c -commit 390c7000a8946db565b66eab9e52fb11948711fa +commit e0e8bee8024fa9e31974244d14f03d799e5c0775 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Apr 14 21:50:41 2018 +0000 +Date: Tue Jan 26 00:53:31 2021 +0000 - upstream: don't free the %C expansion, it's used later for + upstream: more ssh-agent refactoring + + Allow confirm_key() to accept an additional reason suffix - LocalCommand + Factor publickey userauth parsing out into its own function and allow + it to optionally return things it parsed out of the message to its + caller. - OpenBSD-Commit-ID: 857b5cb37b2d856bfdfce61289a415257a487fb1 + feedback/ok markus@ + + OpenBSD-Commit-ID: 29006515617d1aa2d8b85cd2bf667e849146477e -commit 3455f1e7c48e2e549192998d330214975b9b1dc7 +commit dfe18a295542c169ffde8533b3d7fe42088e2de7 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 13 05:04:12 2018 +0000 +Date: Tue Jan 26 00:51:30 2021 +0000 - upstream: notify user immediately when underlying ssh process dies; + upstream: make struct hostkeys public; I have no idea why I made it + + opaque originally. - patch from Thomas Kuthan in bz2719; ok dtucker@ + ok markus@ - OpenBSD-Commit-ID: 78fac88c2f08054d1fc5162c43c24162b131cf78 + OpenBSD-Commit-ID: e50780b34d4bbe628d69b2405b024dd749d982f3 -commit 1c5b4bc827f4abc3e65888cda061ad5edf1b8c7c -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Apr 13 16:23:57 2018 +1000 +commit 3b44f2513cae89c920e8fe927b9bc910a1c8c65a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 26 00:49:30 2021 +0000 - Allow nanosleep in preauth privsep child. + upstream: move check_host_cert() from sshconnect,c to sshkey.c and + + refactor it to make it more generally usable and testable. - The new timing attack mitigation code uses nanosleep in the preauth - codepath, allow in systrace andbox too. + ok markus@ + + OpenBSD-Commit-ID: 536f489f5ff38808c1fa711ba58d4579b636f9e4 -commit 0e73428038d5ecfa5d2a28cff26661502a7aff4e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Apr 13 16:06:29 2018 +1000 +commit 1fe16fd61bb53944ec510882acc0491abd66ff76 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 26 00:47:47 2021 +0000 - Allow nanosleep in preauth privsep child. + upstream: use recallocarray to allocate the agent sockets table; + + also clear socket entries that are being marked as unused. - The new timing attack mitigation code uses nanosleep in the preauth - codepath, allow in sandbox. + spinkle in some debug2() spam to make it easier to watch an agent + do its thing. + + ok markus + + OpenBSD-Commit-ID: 74582c8e82e96afea46f6c7b6813a429cbc75922 -commit e9d910b0289c820852f7afa67f584cef1c05fe95 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 13 03:57:26 2018 +0000 +commit cb7b22ea20a01332c81c0ddcb3555ad50de9cce2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 26 00:46:17 2021 +0000 + + upstream: factor out common code in the agent client + + Add a ssh_request_reply_decode() function that sends a message to + the agent, reads and parses a success/failure reply. + Use it for all requests that only expect success/failure + + ok markus@ + + OpenBSD-Commit-ID: e0c1f4d5e6cfa525d62581e2b8de93be0cb85adb + +commit d1e578afe7cd48140ad6e92a453f9b035363fd7f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 25 06:00:17 2021 +0000 - upstream: Defend against user enumeration timing attacks. This + upstream: make ssh hostbased authentication send the signature + + algorithm in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. + This make HostbasedAcceptedAlgorithms do what it is supposed to - filter on + signature algorithm and not key type. - establishes a minimum time for each failed authentication attempt (5ms) and - adds a per-user constant derived from a host secret (0-4ms). Based on work - by joona.kannisto at tut.fi, ok markus@ djm@. + spotted with dtucker@ ok markus@ - OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca + OpenBSD-Commit-ID: 25bffe19f0326972f5728170f7da81d5f45c78c6 -commit d97874cbd909eb706886cd0cdd418f812c119ef9 +commit 95eca1e195a3b41baa1a725c2c5af8a09d885e4b Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Apr 13 13:43:55 2018 +1000 +Date: Sat Jan 23 18:26:05 2021 +1100 - Using "==" in shell tests is not portable. + ifdef new instance of sin6_scope_id - Patch from rsbecker at nexbridge.com. + Put inside HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID similar to + existing instance. Should fix error on UnixWare 7. -commit cfb1d9bc76734681e3dea532a1504fcd466fbe91 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Apr 13 13:38:06 2018 +1000 +commit 6ffdcdda128045226dda7fbb3956407978028a1e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jan 18 11:43:34 2021 +0000 - Fix tunnel forwarding broken in 7.7p1 + upstream: Fix long->int for convtime tests here too. Spotted by - bz2855, ok dtucker@ + tobhe@. + + OpenBSD-Regress-ID: a87094f5863312d00938afba771d25f788c849d0 -commit afa6e79b76fb52a0c09a29688b5c0d125eb08302 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Apr 13 13:31:42 2018 +1000 +commit b55b7565f15327d82ad7acbddafa90b658c5f0af +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 22 02:46:40 2021 +0000 - prefer to use getrandom() for PRNG seeding + upstream: PubkeyAcceptedKeyTypes->PubkeyAcceptedAlgorithms + + here too. - Only applies when built --without-openssl. Thanks Jann Horn for - reminder. + OpenBSD-Commit-ID: 3b64a640f8ce8c21d9314da9df7ce2420eefde3a -commit 575fac34a97f69bc217b235f81de9f8f433eceed -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Apr 13 13:13:33 2018 +1000 +commit ee9c0da8035b3168e8e57c1dedc2d1b0daf00eec +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 22 02:44:58 2021 +0000 - Revert $REGRESSTMP changes. + upstream: Rename PubkeyAcceptedKeyTypes keyword to - Revert 3fd2d229 and subsequent changes as they turned out to be a - portability hassle. + PubkeyAcceptedAlgorithms. While the two were originally equivalent, this + actually specifies the signature algorithms that are accepted. Some key + types (eg RSA) can be used by multiple algorithms (eg ssh-rsa, rsa-sha2-512) + so the old name is becoming increasingly misleading. The old name is + retained as an alias. Prompted by bz#3253, help & ok djm@, man page help jmc@ + + OpenBSD-Commit-ID: 0346b2f73f54c43d4e001089759d149bfe402ca5 -commit 10479cc2a4acd6faaf643eb305233b49d70c31c1 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Apr 10 10:19:02 2018 +1000 +commit a8e798feabe36d02de292bcfd274712cae1d8d17 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 15 02:58:11 2021 +0000 - Many typo fixes from Karsten Weiss + upstream: Change types in convtime() unit test to int to match change + + its new type. Add tests for boundary conditions and fix convtime to work up + to INT_MAX. ok djm@ - Spotted using https://github.com/lucasdemarchi/codespell + OpenBSD-Regress-ID: ba2b81e9a3257fff204b020affe85b604a44f97e -commit 907da2f88519b34189fd03fac96de0c52d448233 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Apr 10 00:14:10 2018 +0000 +commit 9bde1a420626da5007bf7ab499fa2159b9eddf72 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 15 04:31:25 2021 +0000 - upstream: more typos spotted by Karsten Weiss using codespell + upstream: Make output buffer larger to prevent potential truncation + + warnings from compilers not smart enough to know the strftime calls won't + ever fully fill "to" and "from". ok djm@ - OpenBSD-Regress-ID: d906a2aea0663810a658b7d0bc61a1d2907d4d69 + OpenBSD-Commit-ID: 83733f1b01b82da88b9dd1769475952aff10bdd7 -commit 37e5f4a7ab9a8026e5fc2f47dafb0f1b123d39e9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Apr 10 00:13:27 2018 +0000 +commit 02da325f10b214219eae2bb1bc2d3bf0c2f13f9f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 15 02:58:11 2021 +0000 - upstream: make this a bit more portable-friendly + upstream: Change types in convtime() unit test to int to match - OpenBSD-Regress-ID: 62f7b9e055e8dfaab92b3825f158beeb4ca3f963 + change its new type. Add tests for boundary conditions and fix convtime to + work up to INT_MAX. ok djm@ + + OpenBSD-Commit-ID: 01dc0475f1484ac2f47facdfcf9221f9472145de -commit 001aa55484852370488786bd40e9fdad4b465811 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Apr 10 00:10:49 2018 +0000 +commit 5339ab369c225b40bc64d5ec3374f5c91b3ad609 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 15 02:32:41 2021 +0000 - upstream: lots of typos in comments/docs. Patch from Karsten Weiss + upstream: In waitfd(), when poll returns early we are subtracting - after checking with codespell tool - (https://github.com/lucasdemarchi/codespell) + the elapsed time from the timeout each loop, so we only want to measure the + elapsed time the poll() in that loop, not since the start of the function. + Spotted by chris.xj.zhu at gmail.com, ok djm@ - OpenBSD-Commit-ID: 373222f12d7ab606598a2d36840c60be93568528 + OpenBSD-Commit-ID: 199df060978ee9aa89b8041a3dfaf1bf7ae8dd7a -commit 260ede2787fe80b18b8d5920455b4fb268519c7d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Apr 9 23:54:49 2018 +0000 +commit a164862dfa863b54b7897f66e1dd75437f086c11 +Author: rob@openbsd.org <rob@openbsd.org> +Date: Thu Jan 14 19:45:06 2021 +0000 - upstream: don't kill ssh-agent's listening socket entriely if we + upstream: Minor grammatical correction. - fail to accept a connection; bz#2837, patch from Lukas Kuster + OK jmc@ - OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f + OpenBSD-Commit-ID: de0fad0581e212b2750751e479b79c18ff8cac02 + +commit 8635e7df7e3a3fbb4a4f6cd5a7202883b2506087 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 13 18:00:57 2021 +1100 + + Merge Mac OS X targets into a single config. + +commit ac112ade990585c511048ed4edaf2d9fc92b61f0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 12 19:22:47 2021 +1100 + + Add Mac OS X test targets. + +commit 1050109b4b2884bf50fd1b3aa084c7fd0a42ae90 +Author: anatasluo <luolongjuna@gmail.com> +Date: Mon Jan 11 13:51:39 2021 +0000 -commit ebc8b4656f9b0f834a642a9fb3c9fbca86a61838 -Author: tj@openbsd.org <tj@openbsd.org> -Date: Mon Apr 9 20:41:22 2018 +0000 + Remove duplicated declaration in fatal.c . - upstream: the UseLogin option was removed, so remove it here too. +commit 7d0f8a3369579dfe398536eb4e3da7bc15da9599 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jan 11 04:48:22 2021 +0000 + + upstream: Correct spelling of persourcenetblocksize in config-dump - ok dtucker + mode. - OpenBSD-Commit-ID: 7080be73a64d68e21f22f5408a67a0ba8b1b6b06 + OpenBSD-Commit-ID: ecdc49e2b6bde6b6b0e52163d621831f6ac7b13d -commit 3e36f281851fc8e9c996b33f108b2ae167314fbe -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sun Apr 8 07:36:02 2018 +0000 +commit ba328bd7a6774f30daaf90b83f1933cc4afc866c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 9 12:31:46 2021 +0000 - upstream: tweak previous; + upstream: Adjust kexfuzz to addr.c/addrmatch.c split. - OpenBSD-Commit-ID: 2b9c23022ea7b9dddb62864de4e906000f9d7474 + OpenBSD-Regress-ID: 1d8d23bb548078020be2fb52c4c643efb190f0eb -commit 8368571efd6693c5c57f850e23a2372acf3f865f -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Apr 7 13:50:10 2018 +0000 +commit b08ef25552443e94c0857d5e3806dd019ccc55d7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 9 12:24:30 2021 +0000 - upstream: tweak previous; + upstream: Update unittests for addr.c/addrmatch.c split. - OpenBSD-Commit-ID: 38e347b6f8e888f5e0700d01abb1eba7caa154f9 + OpenBSD-Regress-ID: de2b415fb7af084a91c6ef147a90482d8f771eef -commit 555294a7279914ae6795b71bedf4e6011b7636df -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 6 13:02:39 2018 +0000 +commit 6d30673fedec2d251f4962c526fd0451f70c4d97 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jan 11 02:12:57 2021 +0000 - upstream: Allow "SendEnv -PATTERN" to clear environment variables + upstream: Change convtime() from returning long to returning int. - previously labeled for sendind. bz#1285 ok dtucker@ + On platforms where sizeof(int) != sizeof(long), convtime could accept values + >MAX_INT which subsequently truncate when stored in an int during config + parsing. bz#3250, ok djm@ - OpenBSD-Commit-ID: f6fec9e3d0f366f15903094fbe1754cb359a0df9 + OpenBSD-Commit-ID: 8fc932683d6b4660d52f50911d62bd6639c5db31 -commit 40f5f03544a07ebd2003b443d42e85cb51d94d59 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 6 04:15:45 2018 +0000 +commit 7a57adb8b07b2ad0aead4b2e09ee18edc04d0481 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sat Jan 9 12:51:12 2021 +0000 - upstream: relax checking of authorized_keys environment="..." + upstream: add a comma to previous; - options to allow underscores in variable names (regression introduced in - 7.7). bz2851, ok deraadt@ + OpenBSD-Commit-ID: 9139433701c0aa86a0d3a6c7afe10d1c9c2e0869 + +commit 3a923129534b007c2e24176a8655dec74eca9c46 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 9 12:10:02 2021 +0000 + + upstream: Add PerSourceMaxStartups and PerSourceNetBlockSize - OpenBSD-Commit-ID: 69690ffe0c97ff393f2c76d25b4b3d2ed4e4ac9c + options which provide more fine grained MaxStartups limits. Man page help + jmc@, feedback & ok djm@ + + OpenBSD-Commit-ID: e2f68664e3d02c0895b35aa751c48a2af622047b -commit 30fd7f9af0f553aaa2eeda5a1f53f26cfc222b5e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 6 03:51:27 2018 +0000 +commit d9a2bc71693ea27461a78110005d5a2d8b0c6a50 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 9 11:58:50 2021 +0000 - upstream: add a couple of missed options to the config dump; patch + upstream: Move address handling functions out into their own file - from Jakub Jelen via bz2835 + in order to reuse them for per-source maxstartups limiting. Supplement with + some additional functions from djm's flowtools that we'll also need. ok djm@ + (as part of a larger diff). - OpenBSD-Commit-ID: 5970adadf6ef206bee0dddfc75d24c2019861446 + OpenBSD-Commit-ID: e3e7d9ccc6c9b82e25cfef0ec83598e8e2327cbf + +commit b744914fcb76d70761f1b667de95841b3fc80a56 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 9 00:36:05 2021 +1100 + + Add test against Graphene hardened malloc. -commit 8d6829be324452d2acd282d5f8ceb0adaa89a4de +commit 6cb52d5bf771f6769b630fce35a8e9b8e433044f Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 6 03:34:27 2018 +0000 +Date: Fri Jan 8 04:49:13 2021 +0000 - upstream: ssh does not accept -oInclude=... on the commandline, the + upstream: make CheckHostIP default to 'no'. It doesn't provide any - Include keyword is for configuration files only. bz#2840, patch from Jakub - Jelen + perceptible value and makes it much harder for hosts to change host keys, + particularly ones that use IP-based load-balancing. + + ok dtucker@ - OpenBSD-Commit-ID: 32d052b4a7a7f22df35fe3f71c368c02b02cacb0 + OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0 + +commit 309b642e1442961b5e57701f095bcd4acd2bfb5f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 8 15:50:41 2021 +1100 + + Run tests with sudo for better coverage. + +commit c336644351fa3c715a08b7a292e309e72792e71e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 8 14:26:32 2021 +1100 + + Add Ubuntu 16.04 and 20.04 test targets. -commit 00c5222ddc0c8edcaa4ea45ac03befdc8013d137 +commit 4c7af01f9dcc1606dec033e7665a042cb0d8ec52 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Apr 5 22:54:28 2018 +0000 +Date: Fri Jan 8 02:57:24 2021 +0000 - upstream: We don't offer CBC cipher by default any more. Spotted by + upstream: If a signature operation on a FIDO key fails with a + + "incorrect PIN" reason and no PIN was initially requested from the user, then + request a PIN and retry the operation. + + This smoothes over a few corner cases including FIDO devices that + require PINs for all hosted credentials, biometric FIDO devices that + fall back to requiring PIN when reading the biometric failed, devices + that don't implement reading credProtect status for downloaded keys + and probably a few more cases that I haven't though of yet. - Renaud Allard (via otto@) + ok dtucker@ - OpenBSD-Commit-ID: a559b1eef741557dd959ae378b665a2977d92dca + OpenBSD-Commit-ID: 176db8518933d6a5bbf81a2e3cf62447158dc878 -commit 5ee8448ad7c306f05a9f56769f95336a8269f379 -Author: job@openbsd.org <job@openbsd.org> -Date: Wed Apr 4 15:12:17 2018 +0000 +commit 64ddd0fe68c4a7acf99b78624f8af45e919cd317 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 8 02:44:14 2021 +0000 - upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for + upstream: don't try to use timespeccmp(3) directly as a qsort(3) - interactive and CS1 for bulk + comparison function - it returns 0/1 and not the -1/0/1 that qsort expectes. - AF21 was selected as this is the highest priority within the low-latency - service class (and it is higher than what we have today). SSH is elastic - and time-sensitive data, where a user is waiting for a response via the - network in order to continue with a task at hand. As such, these flows - should be considered foreground traffic, with delays or drops to such - traffic directly impacting user-productivity. + fixes sftp "ls -ltr" under some circumstances. - For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable - networks implementing a scavanger/lower-than-best effort class to - discriminate scp(1) below normal activities, such as web surfing. In - general this type of bulk SSH traffic is a background activity. + Based on patch by Masahiro Matsuya via bz3248. - An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH - is that they are recognisable values on all common platforms (IANA - https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and - for AF21 specifically a definition of the intended behavior exists - https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition - of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and - for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662 + OpenBSD-Commit-ID: 65b5e9f18bb0d10573868c3516de6e5170adb163 + +commit 599df78f3008cf78af21f8977be3e1dd085f8e2e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 8 02:33:13 2021 +0000 + + upstream: Update the sntrup761 creation script and generated code: - The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE - 802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate", - or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e, - MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK"). + - remove unneeded header files and typedefs and rely on crypto_api.h - add + defines to map types used to the crypto_api ones instead of typedefs. This + prevents typedef name collisions in -portable. - remove CRYPTO_NAMESPACE + entirely instead of making it a no-op - delete unused functions and make the + remaining ones that aren't exported static. - OK deraadt@, "no objection" djm@ + ok djm@ - OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181 + OpenBSD-Commit-ID: 7b9d0cf3acd5a3c1091da8afe00c904d38cf5783 -commit 424b544fbda963f973da80f884717c3e0a513288 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Apr 3 02:14:08 2018 +0000 +commit 16448ff529affda7e2a15ee7c3200793abde0759 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 8 02:19:24 2021 +0000 - upstream: Import regenerated moduli file. + upstream: mention that DisableForwarding is valid in a sshd_config + + Match block reported by Fredrik Eriksson in bz3239 - OpenBSD-Commit-ID: 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e + OpenBSD-Commit-ID: 3a71c3d84b597f5e43e4b40d5232797daf0993f6 -commit 323f66ce934df2da551f256f37d69822428e1ca1 +commit 91bac5e95b1b0debf9b2b4f05c20dcfa96b368b9 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 6 04:18:35 2018 +0000 +Date: Mon Jan 4 21:58:58 2021 +0000 - upstream: Add test for username options parsing order, prompted by + upstream: estructure sntrup761.sh to process all files in a single - bz#2849. + list, which will make it easier to reorder. Re-inline int32_MINMAX. ok + tobhe@ - OpenBSD-Regress-ID: 6985cd32f38596882a3ac172ff8c510693b65283 + OpenBSD-Commit-ID: d145c6c19b08bb93c9e14bfaa7af589d90f144c0 -commit e8f474554e3bda102a797a2fbab0594ccc66f097 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Apr 6 14:11:44 2018 +1000 +commit 4d96a3ebab2224f17e639a15078e03be1ad3736d +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Sun Jan 3 18:05:21 2021 +0000 - Expose SSH_AUTH_INFO_0 to PAM auth modules + upstream: Prevent redefinition of `crypto_int32' error with gcc3. - bz#2408, patch from Radoslaw Ejsmont; ok dtucker@ + Fixes compilation on luna88k. + + Feedback millert@ + Found by and ok aoyama@ + + OpenBSD-Commit-ID: f305ddfe575a26cc53431af3fde3f4aeebed9ba6 -commit 014ba209cf4c6a159baa30ecebbaddfa97da7100 +commit a23954eeb930ccc8a66a2710153730769dba31b6 Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Apr 3 12:18:00 2018 +1000 +Date: Fri Jan 1 22:00:49 2021 +1100 - Import regenerated moduli file. + Undef int32 after sort routines. + + This prevents typedef'ing crypto_int32 twice, in sntrup761.c and + crypto_api.h, which some compilers (at least some GCCs) don't accept. -commit a0349a1cc4a18967ad1dbff5389bcdf9da098814 +commit 148b8a661c3f93e4b6d049ee902de3d521261fbc Author: Damien Miller <djm@mindrot.org> -Date: Mon Apr 2 15:38:28 2018 +1000 +Date: Thu Dec 31 12:47:22 2020 +1100 - update versions in .spec files + fix: missing pieces of previous commit -commit 816ad38f79792f5617e3913be306ddb27e91091c +commit 3d999be7b987c848feda718cfcfcdc005ddf670d +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Wed Dec 30 14:13:28 2020 +0000 + + upstream: Use int64_t for intermediate values in int32_MINMAX to + + prevent signed 32-bit integer overflow. + + Found by and ok djm@ + ok markus@ + + OpenBSD-Commit-ID: 4f0704768e34cf45fdd792bac4011c6971881bb3 + +commit 5c1953bf98732da5a76c706714ac066dbfa015ac Author: Damien Miller <djm@mindrot.org> -Date: Mon Apr 2 15:38:20 2018 +1000 +Date: Tue Dec 29 12:40:54 2020 +1100 - update version number + adapt KEX fuzzer to PQ kex change -commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Mar 30 18:23:07 2018 +1100 +commit 659864fe81dbc57eeed3769c462679d83e026640 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 29 01:02:15 2020 +0000 - Disable native strndup and strnlen on AIX. + upstream: Adapt to replacement of - On at least some revisions of AIX, strndup returns unterminated strings - under some conditions, apparently because strnlen returns incorrect - values in those cases. Disable both on AIX and use the replacements - from openbsd-compat. Fixes problem with ECDSA keys there, ok djm. + sntrup4591761x25519-sha512@tinyssh.org with + sntrup761x25519-sha512@openssh.com. + + Also test sntrup761x25519-sha512@openssh.com in unittests/kex + + OpenBSD-Regress-ID: cfa3506b2b077a9cac1877fb521efd2641b6030c -commit 6b5a17bc14e896e3904dc58d889b58934cfacd24 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Mar 26 13:12:44 2018 +1100 +commit 2c71cec020219d69df84055c59eba5799a1233ec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 29 00:59:15 2020 +0000 - Include ssh_api.h for struct ssh. + upstream: Update/replace the experimental post-quantim hybrid key + + exchange method based on Streamlined NTRU Prime (coupled with X25519). + + The previous sntrup4591761x25519-sha512@tinyssh.org method is + replaced with sntrup761x25519-sha512@openssh.com. Per the authors, + sntrup4591761 was replaced almost two years ago by sntrup761. + + The sntrup761 implementaion, like sntrup4591761 before it, is public + domain code extracted from the SUPERCOP cryptography benchmark + suite (https://bench.cr.yp.to/supercop.html). - struct ssh is needed by implementations of sys_auth_passwd() that were - converted in commit bba02a50. Needed to fix build on AIX, I assume for - the other platforms too (although it should be harmless if not needed). + Thanks for Daniel J Bernstein for guidance on algorithm selection. + Patch from Tobias Heider; feedback & ok markus@ and myself + + (note this both the updated method and the one that it replaced are + disabled by default) + + OpenBSD-Commit-ID: 2bf582b772d81ee24e911bb6f4b2aecfd39338ae -commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Mar 26 12:58:09 2018 +1100 +commit 09d070ccc3574ae0d7947d212ed53c7268ef7e1f +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Dec 22 07:40:26 2020 +0000 - Remove UNICOS code missed during removal. + upstream: tweak the description of KnownHostsCommand in ssh_conf.5, + + and add entries for it to the -O list in scp.1 and sftp.1; + + ok djm - Fixes compile error on AIX. + OpenBSD-Commit-ID: aba31ebea03f38f8d218857f7ce16a500c3e4aff -commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Sat Mar 24 19:29:03 2018 +0000 +commit 931c93389a80e32272712459b1102d303844453d +Author: Damien Miller <djm@mindrot.org> +Date: Tue Dec 22 19:43:55 2020 +1100 - upstream: openssh-7.7 - - OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 + whitespace at EOL -commit 4b7d8acdbbceef247dc035e611e577174ed8a87e +commit 397b1c4d393f97427283a4717e9015a2bd31b8a5 Author: Damien Miller <djm@mindrot.org> -Date: Mon Mar 26 09:37:02 2018 +1100 +Date: Tue Dec 22 19:42:37 2020 +1100 + + whitespace at EOL + +commit 33fa3ac547e5349ca34681cce6727b2f933dff0a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 22 19:21:26 2020 +1100 + + Improve AIX text. + +commit 0f2e21c9dca89598b694932b5b05848380a23ec0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 22 18:56:54 2020 +1100 - Remove authinfo.sh test dependency on printenv + Include stdio.h for FILE in misc.h. - Some platforms lack printenv in the default $PATH. - Reported by Tom G. Christensen + Fixes build on at least OpenBSD. -commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e -Author: Tim Rice <tim@multitalents.net> -Date: Sun Mar 25 10:00:21 2018 -0700 +commit 3e9811e57b57ee66b0f70d99d7258da3153b0e8a +Author: Damien Miller <djm@mindrot.org> +Date: Tue Dec 22 18:31:50 2020 +1100 - Use libiaf on all sysv5 systems + ensure $LOGNAME is set in tests -commit bba02a5094b3db228ceac41cb4bfca165d0735f3 -Author: Tim Rice <tim@multitalents.net> -Date: Sun Mar 25 09:17:33 2018 -0700 +commit 3eb647cbb34d87a063aa7714256c6e56103fffda +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 22 06:47:24 2020 +0000 - modified: auth-sia.c - modified: openbsd-compat/port-aix.c - modified: openbsd-compat/port-uw.c + upstream: more detail for failing tests - propogate changes to auth-passwd.c in commit - 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers - of sys_auth_passwd() + OpenBSD-Regress-ID: c68c0e5a521cad7e7f68e54c54ebf86d6c10ee1d -commit d7a7a39168bdfe273587bf85d779d60569100a3f -Author: markus@openbsd.org <markus@openbsd.org> -Date: Sat Mar 24 19:29:03 2018 +0000 +commit 2873f19570d4d8758be24dbf78332be9a779009b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 22 06:03:36 2020 +0000 - upstream: openssh-7.7 + upstream: regress test for KnownHostsCommand - OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41 + OpenBSD-Regress-ID: ffc77464320b6dabdcfa0a72e0df02659233a38a -commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Sat Mar 24 19:28:43 2018 +0000 +commit 0121aa87bab9ad2365de2d07f2832b56d5ff9871 +Author: tb@openbsd.org <tb@openbsd.org> +Date: Tue Dec 22 03:05:31 2020 +0000 - upstream: fix bogus warning when signing cert keys using agent; + upstream: Remove lines accidentally left behind in the ProxyJump + + parsing fix r1.345. - from djm; ok deraadt dtucker + ok djm - OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d + OpenBSD-Commit-ID: fe767c108c8117bea33767b080ff62eef2c55f5c -commit 393436024d2e4b4c7a01f9cfa5854e7437896d11 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Mar 25 09:40:46 2018 +1100 +commit da4bf0db942b5f0278f33238b86235e5813d7a5a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 22 00:15:22 2020 +0000 - Replace /dev/stdin with "-". + upstream: add a ssh_config KnownHostsCommand that allows the client + + to obtain known_hosts data from a command in addition to the usual files. - For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted - and suggested by vinschen at redhat.com. + The command accepts bunch of %-expansions, including details of the + connection and the offered server host key. Note that the command may + be invoked up to three times per connection (see the manpage for + details). + + ok markus@ + + OpenBSD-Commit-ID: 2433cff4fb323918ae968da6ff38feb99b4d33d0 -commit b5974de1a1d419e316ffb6524b1b277dda2f3b49 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Mar 23 13:21:14 2018 +1100 +commit a34e14a5a0071de2036826a00197ce38c8b4ba8b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 22 00:12:22 2020 +0000 - Provide $OBJ to paths in PuTTY interop tests. + upstream: move subprocess() from auth.c to misc.c + + make privilege dropping optional but allow it via callbacks (to avoid + need to link uidswap.c everywhere) + + add some other flags (keep environment, disable strict path safety check) + that make this more useful for client-side use. + + feedback & ok markus@ + + OpenBSD-Commit-ID: a80ea9fdcc156f1a18e9c166122c759fae1637bf -commit dc31e79454e9b9140b33ad380565fdb59b9c4f33 +commit 649205fe388b56acb3481a1b2461f6b5b7c6efa6 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 16 09:06:31 2018 +0000 +Date: Mon Dec 21 22:48:41 2020 +0000 - upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On + upstream: Remove explicit rijndael-cbc@lysator.liu.se test since the - OpenBSD they are both non-blocking, but on many other -portable platforms it - blocks, stalling tests. + cipher was removed. - OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc + OpenBSD-Regress-ID: aa93cddb4ecd9bc21446a79008a1a53050e64f17 -commit cb1f94431ef319cd48618b8b771b58739a8210cf -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Mar 22 07:06:11 2018 +0000 +commit 03e93c753d7c223063ad8acaf9a30aa511e5f931 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Dec 21 11:09:32 2020 +0000 - upstream: ssh/xmss: fix build; ok djm@ + upstream: Remove the pre-standardization cipher + + rijndael-cbc@lysator.liu.se. It is an alias for aes256-cbc which was + standardized in RFC4253 (2006), has been deprecated and disabled by default + since OpenSSH 7.2 (2016) and was only briefly documented in ssh.1 in 2001. + + This will reduce the amount of work the cipher/kex regression tests need + to do by a little bit. ok markus@ djm@ - OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186 + OpenBSD-Commit-ID: fb460acc18290a998fd70910b19c29b4e4f199ad -commit 27979da9e4074322611355598f69175b9ff10d39 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Mar 22 07:05:48 2018 +0000 +commit a11ca015879eab941add8c6bdaaec7d41107c6f5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 21 09:19:53 2020 +0000 - upstream: ssh/xmss: fix deserialize for certs; ok djm@ + upstream: properly fix ProxyJump parsing; Thanks to tb@ for + + pointing out my error (parse_ssh_uri() can return -1/0/1, that I missed). + Reported by Raf Czlonka via bugs@ + + ok tb@ - OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc + OpenBSD-Commit-ID: a2991a3794bcaf1ca2b025212cce11cdb5f6b7d6 -commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f +commit d97fb879724f1670bf55d9adfea7278a93c33ae2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 21 01:31:06 2020 +0000 + + upstream: adapt to API change in hostkeys_foreach()/load_hostkeys() + + OpenBSD-Regress-ID: dcb468514f32da49a446372453497dc6eeafdbf3 + +commit bf7eb3c266b7fd4ddda108fcf72b860af2af6406 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 16 14:02:24 2020 +0000 + + upstream: few more things needs match.c and addrmatch.c now that + + log.c calls match_pattern_list() + + OpenBSD-Regress-ID: f7c95c76b150d0aeb00a67858b9579b7d1b2db74 + +commit 2c64f24e27a5e72a7f59e515fc4f4985355237ae Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Mar 22 17:00:28 2018 +1100 +Date: Mon Dec 21 14:02:56 2020 +1100 + + Pull in missing rev 1.2. + +commit 0f504f592d15d8047e466eb7453067a6880992a8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 20 23:40:19 2020 +0000 + + upstream: plumb ssh_conn_info through to sshconnect.c; feedback/ok + + markus@ + + OpenBSD-Commit-ID: e8d14a09cda3f1dc55df08f8a4889beff74e68b0 + +commit 729b05f59ded35483acef90a6f88aa03eae33b29 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 20 23:38:00 2020 +0000 - Save $? before case statement. + upstream: allow UserKnownHostsFile=none; feedback and ok markus@ - In some shells (FreeBSD 9, ash) the case statement resets $?, so save - for later testing. + OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48 -commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d +commit b4c7cd1185c5dc0593d47eafcc1a34fda569dd1d Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 14 05:35:40 2018 +0000 +Date: Sun Dec 20 23:36:51 2020 +0000 - upstream: rename recently-added "valid-before" key restriction to + upstream: load_hostkeys()/hostkeys_foreach() variants for FILE* - "expiry-time" as the former is confusing wrt similar terminology in X.509; - pointed out by jsing@ + Add load_hostkeys_file() and hostkeys_foreach_file() that accept a + FILE* argument instead of opening the file directly. - OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793 + Original load_hostkeys() and hostkeys_foreach() are implemented using + these new interfaces. + + Add a u_int note field to the hostkey_entry and hostkey_foreach_line + structs that is passed directly from the load_hostkeys() and + hostkeys_foreach() call. This is a lightweight way to annotate results + between different invocations of load_hostkeys(). + + ok markus@ + + OpenBSD-Commit-ID: 6ff6db13ec9ee4edfa658b2c38baad0f505d8c20 + +commit 06fbb386bed666581095cb9cbc7a900e02bfe1b7 +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Sat Dec 19 22:09:21 2020 +0000 + + upstream: Print client kem key with correct length. + + ok markus@ + + OpenBSD-Commit-ID: 91689e14a4fc6c270e265a32d1c8faba63a45755 -commit 500396b204c58e78ad9d081516a365a9f28dc3fd +commit 0ebead6593e2441e4af2735bbe2cd097607cd0d3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Mar 12 00:56:03 2018 +0000 +Date: Thu Dec 17 23:28:50 2020 +0000 - upstream: check valid-before option in authorized_keys + upstream: fix possible error("%s", NULL) on error paths - OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11 + OpenBSD-Commit-ID: 0b3833c2cb985453ecca1d76803ebb8f3b736a11 -commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215 +commit d060bc7f6e6244f001e658208f53e3e2ecbbd382 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Mar 12 00:54:04 2018 +0000 +Date: Thu Dec 17 23:26:11 2020 +0000 - upstream: explicitly specify RSA/SHA-2 keytype here too + upstream: refactor client percent_expand() argument passing; - OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62 + consolidate the common arguments into a single struct and pass that around + instead of using a bunch of globals. ok markus@ + + OpenBSD-Commit-ID: 035e6d7ca9145ad504f6af5a021943f1958cd19b -commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1 +commit 43026da035cd266db37df1f723d5575056150744 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Mar 12 00:52:57 2018 +0000 +Date: Thu Dec 17 23:10:27 2020 +0000 - upstream: exlicitly include RSA/SHA-2 keytypes in + upstream: prepare readconf.c for fuzzing; remove fatal calls and - PubkeyAcceptedKeyTypes here + fix some (one-off) memory leaks; ok markus@ - OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9 + OpenBSD-Commit-ID: 91c6aec57b0e7aae9190de188e9fe8933aad5ec5 -commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed Mar 14 06:56:20 2018 +0000 +commit bef92346c4a808f33216e54d6f4948f9df2ad7c1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 14 03:13:12 2020 +0000 - upstream: sort expiry-time; + upstream: use _PATH_SSH_USER_DIR instead of hardcoded .ssh in path - OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf + OpenBSD-Commit-ID: 5c1048468813107baa872f5ee33ba51623630e01 + +commit a5ab499bd2644b4026596fc2cb24a744fa310666 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Dec 4 14:01:27 2020 +1100 + + basic KEX fuzzer; adapted from Markus' unittest + +commit 021ff33e383c77b11badd60cec5b141a3e3fa532 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Dec 4 13:57:43 2020 +1100 + + use options that work with recent clang -commit abc0fa38c9bc136871f28e452c3465c3051fc785 +commit e4d1a0b40add800b6e9352b40c2223e44acc3a45 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 14 05:35:40 2018 +0000 +Date: Fri Dec 4 02:41:10 2020 +0000 - upstream: rename recently-added "valid-before" key restriction to + upstream: shuffle a few utility functions into sftp-client.c; from - "expiry-time" as the former is confusing wrt similar terminology in X.509; - pointed out by jsing@ + Jakub Jelen - OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6 + OpenBSD-Commit-ID: fdeb1aae1f6149b193f12cd2af158f948c514a2a -commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13 +commit ace12dc64f8e3a2496ca48d36b53cb3c0a090755 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Mar 12 00:52:01 2018 +0000 +Date: Fri Dec 4 02:29:56 2020 +0000 - upstream: add valid-before="[time]" authorized_keys option. A + upstream: make ssh_free(NULL) a no-op - simple way of giving a key an expiry date. ok markus@ + OpenBSD-Commit-ID: 42cb285d94789cefe6608db89c63040ab0a80fa0 + +commit 3b98b6e27f8a122dbfda9966b1afeb3e371cce91 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 4 02:29:25 2020 +0000 + + upstream: memleak of DH public bignum; found with libfuzzer - OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947 + OpenBSD-Commit-ID: 0e913b542c3764b100b1571fdb0d0e5cc086fe97 -commit fbd733ab7adc907118a6cf56c08ed90c7000043f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Mar 12 19:17:26 2018 +1100 +commit 553b90feedd7da5b90901d73005f86705456d686 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 4 02:27:57 2020 +0000 - Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE. + upstream: fix minor memleak of kex->hostkey_alg on rekex - The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent - warnings from autoconf. Pointed out by klausz at haus-gisela.de. + OpenBSD-Commit-ID: 2c3969c74966d4ccdfeff5e5f0df0791919aef50 -commit c7c458e8261b04d161763cd333d74e7a5842e917 +commit ac0364b85e66eb53da2f9618f699ba6bd195ceea Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 7 23:53:08 2018 +0000 +Date: Fri Dec 4 02:27:08 2020 +0000 - upstream: revert recent strdelim() change, it causes problems with + upstream: typos: s/hex/kex/ in error messages - some configs. + OpenBSD-Commit-ID: 43a026c9571dd779ec148de1829cf5a6b6651905 + +commit ee22db7c5885a1d90219202c0695bc621aa0409b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 4 02:25:13 2020 +0000 + + upstream: make program name be const - revision 1.124 - date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT; - Allow escaped quotes \" and \' in ssh_config and sshd_config quotes - option strings. bz#1596 ok markus@ + OpenBSD-Commit-ID: ece25680ec637fdf20502721ccb0276691df5384 + +commit 2bcbf679de838bb77a8bd7fa18e100df471a679c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Nov 30 05:36:39 2020 +0000 + + upstream: Ignore comments at the end of config lines in ssh_config, - OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5 + similar to what we already do for sshd_config. bz#2320, with & ok djm@ + + OpenBSD-Commit-ID: bdbf9fc5bc72b1a14266f5f61723ed57307a6db4 -commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Mar 5 07:03:18 2018 +0000 +commit b755264e7d3cdf1de34e18df1af4efaa76a3c015 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Nov 28 12:52:32 2020 +0000 - upstream: move the input format details to -f; remove the output + upstream: Include cipher.h for declaration of cipher_by_name. - format details and point to sshd(8), where it is documented; + OpenBSD-Commit-ID: ddfebbca03ca0e14e00bbad9d35f94b99655d032 + +commit 022def7bd16c3426a95e25f57cb259d54468341c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Nov 28 03:27:59 2020 +0000 + + upstream: check result of strchr() against NULL rather than - ok dtucker + searched-for characters; from zhongjubin@huawei.com - OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a + OpenBSD-Commit-ID: e6f57de1d4a4d25f8db2d44e8d58d847e247a4fe -commit 45011511a09e03493568506ce32f4891a174a3bd -Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com> -Date: Tue Jun 20 16:42:28 2017 +0100 +commit 57bf03f0217554afb8980f6697a7a0b88658d0a9 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Nov 27 10:12:30 2020 +0000 - configure.ac: properly set seccomp_audit_arch for MIPS64 + upstream: Document ssh-keygen -Z, sanity check its argument earlier and - Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or - AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built - for MIPS64. However, that's only valid for n64 ABI. The right macros for - n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and - AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. + provide a better error message if it's not correct. Prompted by bz#2879, ok + djm@ jmc@ - Because of that an sshd built for MIPS64 n32 rejects connection attempts - and the output of strace reveals that the problem is related to seccomp - audit: + OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005 + +commit 33313ebc1c7135085676db62189e3520341d6b73 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 27 00:49:58 2020 +0000 + + upstream: Set the specified TOS/DSCP for interactive use prior to - [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, - filter=0x555d5da0}) = 0 - [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? - [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, - {fd=6, revents=POLLHUP}]) - [pid 194] +++ killed by SIGSYS +++ + TCP connect. The connection phase of the SSH session is time-sensitive (due + to server side login grace periods) and is frequently interactive (e.g. + entering passwords). The ultimate interactive/bulk TOS/DSCP will be set after + authentication completes. - This patch fixes that problem by setting the right value to - seccomp_audit_arch taking into account the MIPS64 ABI. + ok dtucker@ - Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> + OpenBSD-Commit-ID: f31ab10d9233363a6d2c9996007083ba43a093f1 -commit 580086704c31de91dc7ba040a28e416bf1fefbca -Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com> -Date: Tue Jun 20 16:42:11 2017 +0100 +commit b2bcec13f17ce9174238a704e91d52203e916432 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 27 00:37:10 2020 +0000 - configure.ac: detect MIPS ABI + upstream: clean up passing of struct passwd from monitor to preauth + + privsep process. No longer copy entire struct w/ pointer addresses, but pass + remaining scalar fields explicitly, + + Prompted by Yuichiro NAITO, feedback Thorsten Glaser; ok dtucker@ - Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> + OpenBSD-Commit-ID: 9925df75a56732c43f3663e70dd15ff413ab3e53 -commit cd4e937aa701f70366cd5b5969af525dff6fdf15 -Author: Alan Yee <alyee@ucsd.edu> -Date: Wed Mar 7 15:12:14 2018 -0800 +commit 19af04e2231155d513e24fdc81fbec2217ae36a6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Nov 22 22:38:26 2020 +0000 - Use https URLs for links that support it. + upstream: when loading PKCS#11 keys, include the key fingerprints + + and provider/slot information in debug output. + + OpenBSD-Commit-ID: 969a089575d0166a9a364a9901bb6a8d9b8a1431 -commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Mar 5 20:03:07 2018 +1100 +commit 9b9465ea856e15b9e9890b4ecb4110d7106e7766 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Nov 22 22:37:11 2020 +0000 - Disable UTMPX on SunOS4. + upstream: when mentioning that the host key has changed, don't + + report the type because it is ambiguous as to whether it referred to the + known or new host key. bz3216; ok dtucker@ + + OpenBSD-Commit-ID: 2d5ce4a83dbcf44e340a572e361decad8aab7bad -commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9 +commit 637017a7dd3281d3f2df804993cc27c30dbfda47 Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Mar 5 19:28:08 2018 +1100 +Date: Wed Nov 25 17:38:46 2020 +1100 - Check for and work around buggy fflush(NULL). + Use "=" not "==" in string test. - Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check - for and work around. With klausz at haus-gisela.de. + POSIX says "=" is string comparison and some shells (eg HP-UX) will + complain about "==". -commit 71e48bc7945f867029e50e06c665c66aed6d3c64 +commit 9880f3480f9768897f3b8e714d5317fb993bc5b3 Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Mar 5 10:22:32 2018 +1100 +Date: Fri Nov 20 17:16:51 2020 +1100 - Remove extra XMSS #endif + Restore correct flags during localtime_r check. - Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack - Schmidt via github. + We were restoring the wrong thing CPPFLAGS (we used CFLAGS) for any + platform that doesn't have localtime_r. -commit 055e09e2212ff52067786bf6d794ca9512ff7f0c +commit 41935882f4e82de60dbd6e033eabe79e1b963518 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sat Mar 3 06:37:53 2018 +0000 +Date: Fri Nov 20 03:16:56 2020 +0000 - upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18 + upstream: When doing an sftp recursive upload or download of a - bumped the minimum from 768 to 1024, update man page accordingly. + read-only directory, ensure that the directory is created with write and + execute permissions in the interim so that we can actually complete the + transfer, then set the directory permission as the final step. (The execute + bit is only likely to be an issue with a non-POSIX server). bz#3222, ok djm@ - OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338 + OpenBSD-Commit-ID: a82606212f2796e31f0e1af94a63355a7ad5d903 -commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Mar 4 01:46:48 2018 +0000 +commit 0f90440ca70abab947acbd77795e9f130967956c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 20 13:37:54 2020 +1100 - upstream: for the pty control tests, just check that the PTY path - - points to something in /dev (rather than checking the device node itself); - makes life easier for portable, where systems with dynamic ptys can delete - nodes before we get around to testing their existence. + Add new pselect6_time64 syscall on ARM. - OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994 + This is apparently needed on armhfp/armv7hl. bz#3232, patch from + jjelen at redhat.com. -commit 13ef4cf53f24753fe920832b990b25c9c9cd0530 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Mar 3 16:21:20 2018 +1100 +commit 3a7c46c72b6a1f643b1fc3589cd20d8320c3d9e1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Nov 20 02:14:16 2020 +0000 - Update PAM password change to new opts API. + upstream: Explicitly initialize all members of the + + find_by_key_ctx struct. Initializing a single member should be enough + (the spec says the remainder should be initialized as per the static + rules) but some GCCs warn on this which prevents us testing with -Werror + on those. ok deraadt@ djm@ + + OpenBSD-Commit-ID: 687126e60a27d30f02614760ef3c3ae4e8d6af28 -commit 33561e68e0b27366cb769295a077aabc6a49d2a1 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Mar 3 14:56:09 2018 +1100 +commit 076cb616b87d1ea1d292973fcd0ba38c08ea6832 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Nov 19 23:05:05 2020 +0000 - Add strndup for platforms that need it. + upstream: draft-ietf-secsh-architecture is now RFC4251. - Some platforms don't have strndup, which includes Solaris 10, NetBSD 3 - and FreeBSD 6. + OpenBSD-Commit-ID: cb0bb58c2711fb5ed519507659be1dcf179ed403 -commit e8a17feba95eef424303fb94441008f6c5347aaf -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Mar 3 14:49:07 2018 +1100 +commit 85cceda21f1471548e04111aefe2c4943131c1c8 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Nov 17 11:23:58 2020 +0000 - Flatten and alphabetize object file lists. + upstream: Specify that the KDF function is bcrypt. Based on github + + PR#214 from rafork, ok markus@, mdoc correction jmc@ - This will make maintenance and changes easier. "no objection" tim@ + OpenBSD-Commit-ID: d8f2853e7edbcd483f31b50da77ab80ffa18b4ef -commit de1920d743d295f50e6905e5957c4172c038e8eb +commit 5b9720f9adbd70ba5a994f407fe07a7d016d8d65 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 3 03:16:17 2018 +0000 +Date: Sun Nov 15 22:34:58 2020 +0000 - upstream: unit tests for new authorized_keys options API + upstream: revert r1.341; it breaks ProxyJump; reported by sthen@ - OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1 + OpenBSD-Commit-ID: 6ac2f945b26cb86d936eed338f77861d6da8356a -commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717 +commit 04088725ec9c44880c01799b588cd4ba47b3e8bc Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 2 02:53:27 2018 +0000 +Date: Fri Nov 13 07:30:44 2020 +0000 - upstream: fix testing of pty option, include positive test and + upstream: scrub keyboard-interactive authentication prompts coming - testing of restrict keyword + from the server through asmprintf() prior to display; suggested by and ok + dtucker@ - OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d + OpenBSD-Commit-ID: 31fe93367645c37fbfe4691596bf6cf1e3972a58 -commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61 +commit 5442b491d0ee4bb82f6341ad0ee620ef3947f8c5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 2 02:51:55 2018 +0000 +Date: Fri Nov 13 04:53:12 2020 +0000 - upstream: better testing for port-forwarding and restrict flags in + upstream: prefix keyboard interactive prompts with (user@host) to - authorized_keys + make it easier to determine which connection they are associated with in + cases like scp -3, ProxyJump, etc. bz#3224 ok dtucker - OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa + OpenBSD-Commit-ID: 67e6189b04b46c867662f8a6759cf3ecb5f59170 -commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 3 03:15:51 2018 +0000 +commit 2992e4e7014ac1047062acfdbbf6feb156fef616 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 13 17:56:11 2020 +1100 - upstream: switch over to the new authorized_keys options API and + Remove use of TIME_WITH_SYS_TIME. - remove the legacy one. + It was only set by the recently removed AC_HEADER_TIME macro, replace + with simple inclusions of both sys/time.h and time.h. Should prevent + mis-detection of struct timespec. + +commit e3f27006f15abacb7e89fda3f5e9a0bd420b7e38 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 13 14:20:43 2020 +1100 + + Revert "detect Linux/X32 systems" - Includes a fairly big refactor of auth2-pubkey.c to retain less state - between key file lines. + This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. - feedback and ok markus@ + The approach used was incorrect; discussion in bz#3085 + +commit e51dc7fab61df36e43f3bc64b673f88d388cab91 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 13 13:22:15 2020 +1100 + + SELinux has deprecated security_context_t + + (it was only ever a char* anyway) + +commit b79add37d118276d67f3899987b9f0629c9449c3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 13 13:43:30 2020 +1100 + + Remove obsolete AC_HEADER_TIME macro. - OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df + AC_HEADER_TIME is marked as obsolete in autoconf-2.70 and as far as I + can tell everything we have that might be old enough to need it doesn't. -commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b +commit d5d05cdb3d4efd4a618aa52caab5bec73097c163 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 3 03:06:02 2018 +0000 +Date: Thu Nov 12 22:56:00 2020 +0000 - upstream: Introduce a new API for handling authorized_keys options. + upstream: when prompting the user to accept a new hostkey, display + + any other host names/addresses already associated with the key. E.g. - This API parses options to a dedicated structure rather than the old API's - approach of setting global state. It also includes support for merging - options, e.g. from authorized_keys, authorized_principals and/or - certificates. + > The authenticity of host 'test (10.0.0.1)' can't be established. + > ECDSA key fingerprint is SHA256:milU4MODXm8iJQI18wlsbPG7Yup+34fuNNmV08qDnax. + > This host key is known by the following other names/addresses: + > ~/.ssh/known_hosts:1: host.example.org,10.0.0.1 + > ~/.ssh/known_hosts:2: [hashed name] + > ~/.ssh/known_hosts:3: [hashed name] + > ~/.ssh/known_hosts:4: host + > ~/.ssh/known_hosts:5: [host]:2222 + > Are you sure you want to continue connecting (yes/no/[fingerprint])? feedback and ok markus@ - OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2 + OpenBSD-Commit-ID: f6f58a77b49f1368b5883b3a1f776447cfcc7ef4 + +commit 819b44e8b9af6ce18d3ec7505b9f461bf7991a1f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Nov 12 22:38:57 2020 +0000 + + upstream: Prevent integer overflow when ridiculously large + + ConnectTimeout is specified, capping the effective value (for most platforms) + at 24 days. bz#3229, ok djm@ + + OpenBSD-Commit-ID: 62d4c4b7b87d111045f8e9f28b5b532d17ac5bc0 -commit 26074380767e639ef89321610e146ae11016b385 +commit add926dd1bbe3c4db06e27cab8ab0f9a3d00a0c2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 3 03:01:50 2018 +0000 +Date: Wed Nov 11 05:22:32 2020 +0000 - upstream: warn when the agent returns a signature type that was + upstream: fix logic error that broke URI parsing in ProxyJump - different to what was requested. This might happen when an old/non-OpenSSH - agent is asked to make a rsa-sha2-256/512 signature but only supports - ssh-rsa. bz#2799 feedback and ok markus@ + directives; ok dtucker@ - OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce + OpenBSD-Commit-ID: 96d48839b1704882a0e9a77898f5e14b2d222705 -commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Mar 2 21:40:15 2018 +0000 +commit 4340dd43928dfe746cb7e75fe920b63c0d909a9a +Author: claudio@openbsd.org <claudio@openbsd.org> +Date: Tue Nov 10 07:46:20 2020 +0000 - upstream: apply a lick of paint; tweaks/ok dtucker + upstream: Free the previously allocated msg buffer after writing it - OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703 + out. OK djm@ + + OpenBSD-Commit-ID: 18c055870fc75e4cb9f926c86c7543e2e21d7fa4 -commit 713d9cb510e0e7759398716cbe6dcf43e574be71 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 2 03:02:11 2018 +0000 +commit fcf429a4c69d30d8725612a55b37181594da8ddf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 11 12:30:46 2020 +1100 - upstream: Allow escaped quotes \" and \' in ssh_config and + Prevent excessively long username going to PAM. - sshd_config quotes option strings. bz#1596 ok markus@ + This is a mitigation for a buffer overflow in Solaris' PAM username + handling (CVE-2020-14871), and is only enabled for Sun-derived PAM + implementations. This is not a problem in sshd itself, it only + prevents sshd from being used as a vector to attack Solaris' PAM. + It does not prevent the bug in PAM from being exploited via some other + PAM application. - OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb + Based on github PR#212 from Mike Scott but implemented slightly + differently. ok tim@ djm@ -commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd +commit 10dce8ff68ef615362cfcab0c0cc33ce524e7682 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 2 02:08:03 2018 +0000 +Date: Sun Nov 8 23:19:03 2020 +0000 - upstream: refactor sshkey_read() to make it a little more, err, - - readable. ok markus + upstream: unbreak; missing NULL check - OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28 + OpenBSD-Commit-ID: 6613dfab488123f454d348ef496824476b8c11c0 -commit 5886b92968b360623491699247caddfb77a74d80 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Mar 1 20:32:16 2018 +0000 +commit d5a0cd4fc430c8eda213a4010a612d4778867cd9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Nov 8 22:37:24 2020 +0000 - upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by + upstream: when requesting a security key touch on stderr, inform the - jmc@ + user once the touch has been recorded; requested by claudio@ ok markus@ - OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b + OpenBSD-Commit-ID: 3b76ee444490e546b9ea7f879e4092ee0d256233 -commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Feb 26 12:14:53 2018 +0000 +commit 292bcb2479deb27204e3ff796539c003975a5f7a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 9 00:33:35 2020 +1100 - upstream: Remove unneeded (local) include. ok markus@ + Remove preprocessor directive from log macro calls. - OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93 + Preprocessor directives inside macro calls, such as the new log macros, + are undefined behaviour and do not work with, eg old GCCs. Put the + entire log call inside the ifdef for OPENSSL_HAS_NISTP521. -commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b +commit 71693251b7cbb7dd89aaac18815147124732d0d3 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Feb 26 03:56:44 2018 +0000 +Date: Sun Nov 8 12:10:20 2020 +0000 - upstream: Add $OpenBSD$ markers to xmss files to help keep synced + upstream: Add a comment documenting the source of the moduli group - with portable. ok djm@. + sizes. - OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1 + OpenBSD-Commit-ID: aec0725ce607630caaa62682624c6763b350391c -commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd +commit 4d94b031ff88b015f0db57e140f481bff7ae1a91 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Feb 26 03:03:05 2018 +0000 +Date: Sun Nov 8 11:46:12 2020 +0000 - upstream: Add newline at end of file to prevent compiler warnings. + upstream: Replace WITH_OPENSSL ifdefs in log calls with a macro. - OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063 + The log calls are themselves now macros, and preprocessor directives inside + macro arguments are undefined behaviour which some compilers (eg old GCCs) + choke on. It also makes the code tidier. ok deraadt@ + + OpenBSD-Commit-ID: cc12a9029833d222043aecd252d654965c351a69 -commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84 +commit 6d2564b94e51184eb0b73b97d13a36ad50b4f810 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Feb 28 19:59:35 2018 +1100 +Date: Fri Nov 6 17:11:16 2020 +1100 - Add WITH_XMSS, move to prevent conflicts. + Fix function body for variadic macro test. - Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after - includes.h so it's less likely to conflict and will pick up WITH_XMSS if - added to config.h. + AC_LANG_PROGRAM puts its second argument inside main() so we don't need + to do it ourselves. -commit a10d8552d0d2438da4ed539275abcbf557d1e7a8 +commit 586f9bd2f5980e12f8cf0d3c2a761fa63175da52 Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 27 14:45:17 2018 +1100 +Date: Fri Nov 6 16:53:24 2020 +1100 - Conditionally compile XMSS code. + Remove AC_PROC_CC_C99 obsoleted in autoconf 2.70. - The XMSS code is currently experimental and, unlike the rest of OpenSSH - cannot currently be compiled with a c89 compiler. + Since we only use it to make sure we can handle variadic macros, + explicitly check only for that. with & ok djm@ -commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b +commit a019e353df04de1b2ca78d91b39c393256044ad7 Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 12:51:29 2018 +1100 +Date: Fri Nov 6 13:56:41 2020 +1100 - Check dlopen has RTLD_NOW before enabling pkcs11. + Replace AC_TRY_COMPILE obsoleted in autoconf 2.70. + + Replace with the equivalent AC_COMPILE_IFELSE. -commit 1323f120d06a26074c4d154fcbe7f49bcad3d741 +commit 771b7795c0ef6a2fb43b4c6c66b615c2085cb9cd Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 27 08:41:25 2018 +1100 +Date: Fri Nov 6 13:55:33 2020 +1100 - Check for attributes on prototype args. + Move AC_PROG_CC_C99 to immediately afer AC_PROG_CC. - Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481) - do not accept __attribute__ on function pointer prototype args. Check for - this and hide them if they're not accepted. + This puts the related C version selection output in the same place. -commit f0b245b0439e600fab782d19e97980e9f2c2533c +commit e5591161f21ab493c6284a85ac3c0710ad94998f Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 11:43:48 2018 +1100 +Date: Fri Nov 6 13:54:17 2020 +1100 - Check if HAVE_DECL_BZERO correctly. + AC_CHECK_HEADER() is obsoleted in autoconf 2.70. + + Replace with the non-obsoleted AC_CHECK_HEADERS(). -commit c7ef4a399155e1621a532cc5e08e6fa773658dd4 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 17:42:56 2018 +1100 +commit 05bcd0cadf160fd4826a2284afa7cba6ec432633 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Nov 3 22:53:12 2020 +0000 - Wrap <stdint.h> in #ifdef HAVE_STDINT_H. + upstream: fold consecutive '*' wildcards to mitigate combinatorial + + explosion of recursive searches; ok dtucker + + OpenBSD-Commit-ID: d18bcb39c40fb8a1ab61153db987e7d11dd3792b -commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 16:24:23 2018 +1100 +commit 7d680448db5858dc76307663f78d0b8d3c2b4a3d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 30 01:50:07 2020 +0000 - Replace $(CURDIR) with $(PWD). + upstream: print reason in fatal error message when + + kex_assemble_namelist() fails - The former doesn't work on Solaris or BSDs. + OpenBSD-Commit-ID: a9975ee8db6c98d6f32233d88051b2077ca63dab -commit 534b2680a15d14e7e60274d5b29b812d44cc5a44 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 14:51:59 2018 +1100 +commit 95d1109fec7e89ad21f2a97e92bde1305d32a353 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 29 03:13:06 2020 +0000 - Comment out hexdump(). + upstream: fix sshd_config SetEnv directive inside Match blocks; part of + + github PR#201 from github user manuelm - Nothing currently uses them but they cause conflicts on at least - FreeBSD, possibly others. ok djm@ + OpenBSD-Commit-ID: 9772e3748abff3ad65ae8fc43d026ed569b1d2bc -commit 5aea4aa522f61bb2f34c3055a7de203909dfae77 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 14:39:14 2018 +1100 +commit b12b835dc022ba161afe68348e05a83dfbcb1515 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 29 03:01:18 2020 +0000 - typo: missing ; + upstream: fix type of nid in type_bits_valid(); github PR#202 from + + github user thingsconnected + + OpenBSD-Commit-ID: 769d2b040dec7ab32d323daf54b854dd5dcb5485 -commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 14:37:06 2018 +1100 +commit 1a14c13147618144d1798c36a588397ba9008fcc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 29 02:52:43 2020 +0000 - Hook up flock() compat code. + upstream: whitespace; no code change - Also a couple of minor changes: fail if we can't lock instead of - silently succeeding, and apply a couple of minor style fixes. + OpenBSD-Commit-ID: efefc1c47e880887bdee8cd2127ca93177eaad79 -commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 14:27:02 2018 +1100 +commit 815209abfdd2991fb92ad7d2e33374916cdcbcf4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 29 02:47:23 2020 +0000 + + upstream: UpdateHostkeys: fixed/better detection of host keys that + + exist under other names and addresses; spotted by and debugged with lots of + help from jca@ + + OpenBSD-Commit-ID: 5113d7f550bbd48243db1705afbf16b63792d4b7 + +commit a575cf44e59a65506c67bddb62a712208a7a279c +Author: Duncan Eastoe <duncan.eastoe@att.com> +Date: Wed Oct 21 10:11:10 2020 +0100 + + session.c: use "denylist" terminology + + Follow upstream (6d755706a0059eb9e2d63517f288b75cbc3b4701) language + improvements in this portable-specific code. - Import flock() compat from NetBSD. +commit 33267feaffd5d98aa56d2f0b3a99ec352effe938 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Oct 27 16:46:31 2020 +1100 + + Remove checks for strict POSIX mkdtemp() + + We needed a mkdtemp() that accepted template paths that did not + end in XXXXXX a long time ago for KRB4, but that code is long + deprecated. We no longer need to replace mkdtemp() for strictly + following POSIX. ok dtucker@ + +commit 492d70e18bad5a8c97d05f5eddac817171e88d2c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Oct 26 00:39:04 2020 +0000 + + upstream: Minor man page fixes (capitalization, commas) identified by + + the manpage-l10n project via bz#3223. feedback deraadt@, ok jmc@ + + OpenBSD-Commit-ID: ab83af0daf18369244a72daaec6c4a58a9eb7e2c + +commit eab2888cfc6cc4e2ef24bd017da9835a0f365f3f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Oct 19 22:49:23 2020 +0000 + + upstream: Adapt XMSS to new logging infrastructure. With markus@, ok + + djm@. + + OpenBSD-Commit-ID: 9c35ec3aa0f710e4e3325187ceff4fa3791686de + +commit f7bd11e4941620991f3e727cd0131b01f0311a58 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 19 08:07:08 2020 +0000 + + upstream: fix SEGV on fatal() errors spotted by dtucker@ - From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet. + OpenBSD-Commit-ID: 75f155a1ac61e364ed00dc379e2c42df81067ce2 -commit 89212533dde6798324e835b1499084658df4579e +commit 7715a3b171049afa1feffb1d5a1245dfac36ce99 Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 26 12:32:14 2018 +1100 +Date: Mon Oct 19 10:54:41 2020 +1100 + + Use fatal_fr not fatal_r when passing r. + + Caught by the PAM -Werror tinderbox build. + +commit 816036f142ecd284c12bb3685ae316a68d2ef190 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 18 11:32:01 2020 +0000 + + upstream: use the new variant log macros instead of prepending + + __func__ and appending ssh_err(r) manually; ok markus@ + + OpenBSD-Commit-ID: 1f14b80bcfa85414b2a1a6ff714fb5362687ace8 + +commit 9e2c4f64224f68fb84c49b5182e449f94b0dc985 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 18 11:21:59 2020 +0000 + + upstream: variants of the log methods that append a ssherr.h string + + from a supplied error code; ok markus@ + + OpenBSD-Commit-ID: aed98c4435d48d036ae6740300f6a8357b7cc0bf + +commit 28cb0a4b03940d1ee576eb767a81a4113bdc917e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 18 11:14:27 2020 +0000 - Fix breakage when REGRESSTMP not set. + upstream: remove a level of macro indirection; ok markus@ - BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR - instead. Pointed out by djm@. + OpenBSD-Commit-ID: 0c529d06e902c5d1a6b231e1bec6157f76dc67c9 -commit f885474137df4b89498c0b8834c2ac72c47aa4bd +commit 9cac1db52e6c4961c447910fe02cd68a3b2f9460 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 18 11:13:45 2020 +0000 + + upstream: add some variant log.h calls that prepend the calling + + function name; ok markus@ + + OpenBSD-Commit-ID: 4be1b2e2455b271ddb7457bc195c5367644f4e48 + +commit d55dfed34ef6ef1f028d552a90d5f3dba8dd6f7b Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 26 12:18:14 2018 +1100 +Date: Sat Oct 17 22:55:24 2020 +1100 - XMSS-related files get includes.h + missing header -commit 612faa34c72e421cdc9e63f624526bae62d557cc +commit 999d7cb79a3a73d92a6dfbf174c33da0d984c7a2 Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 26 12:17:55 2018 +1100 +Date: Sat Oct 17 22:47:52 2020 +1100 + + sync regress/misc/sk-dummy/fatal.c - object files end with .o - not .c +commit 3554b4afa38b3483a3302f1be18eaa6f843bb260 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Oct 17 01:28:20 2020 +0000 -commit bda709b8e13d3eef19e69c2d1684139e3af728f5 + upstream: make the log functions that exit (sshlogdie(), + + sshfatal(), etc) have identical signatures. Makes things a bit more + consistent... + + OpenBSD-Commit-ID: bd0ae124733389d7c0042e135c71ee9091362eb9 + +commit 616029a85ad7529b24bb8c4631d9607c0d6e7afe +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Oct 16 14:34:33 2020 +0000 + + upstream: add space between macro arg and punctuation; + + OpenBSD-Commit-ID: bb81e2ed5a77832fe62ab30a915ae67cda57633e + +commit f812a36cee5727147bc897d34ab9af068dd4561e Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 26 12:17:22 2018 +1100 +Date: Sat Oct 17 12:03:34 2020 +1100 - avoid inclusion of deprecated selinux/flask.h + check for and require a C99 capable compiler - Use string_to_security_class() instead. + recent logging changes use __VA_ARGS__. -commit 2e396439365c4ca352cac222717d09b14f8a0dfd +commit f9ea6515202b59a1e2d5b885cafc1b12eff33016 Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 26 11:48:27 2018 +1100 +Date: Sat Oct 17 11:51:20 2020 +1100 - updatedepend + logging is now macros, remove function pointers -commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Feb 23 15:58:37 2018 +0000 +commit 0f938f998626e8359324f803157cd7c9f8f403e2 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Oct 17 11:42:26 2020 +1100 + + adapt sk-dummy's fatal implementation to changes + +commit afbd9ec9e2dbad04834ce7ce53e58740434f32a5 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Oct 17 11:33:13 2020 +1100 + + fix netcat build problem + +commit 793b583d097381730adaf6f68bed3c343139a013 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 16 13:26:13 2020 +0000 - upstream: Add experimental support for PQC XMSS keys (Extended + upstream: LogVerbose keyword for ssh and sshd - Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS - in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See - https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok - djm@ + Allows forcing maximum debug logging by file/function/line pattern- + lists. + + ok markus@ - OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac + OpenBSD-Commit-ID: c294c25732d1b4fe7e345cb3e044df00531a6356 -commit 7d330a1ac02076de98cfc8fda05353d57b603755 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Feb 23 07:38:09 2018 +0000 +commit 752250caabda3dd24635503c4cd689b32a650794 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 16 13:24:45 2020 +0000 + + upstream: revised log infrastructure for OpenSSH + + log functions receive function, filename and line number of caller. + We can use this to selectively enable logging via pattern-lists. + + ok markus@ + + OpenBSD-Commit-ID: 51a472610cbe37834ce6ce4a3f0e0b1ccc95a349 + +commit acadbb3402b70f72f14d9a6930ad41be97c2f9dc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 16 02:37:12 2020 +0000 - upstream: some cleanup for BindInterface and ssh-keyscan; + upstream: use do_log2 instead of function pointers to different log + + functions - OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c + OpenBSD-Commit-ID: 88077b826d348c58352a6b394755520f4e484480 -commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 25 23:55:41 2018 +1100 +commit 95b0bcfd1531d59e056ae8af27bb741391f26ab0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 14 00:55:17 2020 +0000 - Invert sense of getpgrp test. + upstream: make UpdateHostkeys still more conservative: refuse to - AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not - declared. Instead, test if the zero-arg version we want to use works. + proceed if one of the keys offered by the server is already in known_hosts + under another name. This avoid collisions between address entries for + different host aliases when CheckHostIP=yes + + Also, do not attempt to fix known_hosts with incomplete host/ip matches + when there are no new or deprecated hostkeys. + + OpenBSD-Commit-ID: 95c19842f7c41f9bd9c92aa6441a278c0fd0c4a3 -commit b39593a6de5290650a01adf8699c6460570403c2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 25 13:25:15 2018 +1100 +commit a336ce8c2c55547cc00e0070a18c55f30bb53fb6 +Author: kn@openbsd.org <kn@openbsd.org> +Date: Mon Oct 12 08:36:36 2020 +0000 - Add no-op getsid implmentation. + upstream: Zap unused family parameter from ssh_connect_direct() + + sshconnect.c r1.241 from 2013 made it unused; found while reading code. + + OK djm + + OpenBSD-Commit-ID: 219ba6d7f9925d0b7992918612680399d86712b5 -commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 25 11:22:57 2018 +1100 +commit e545d94b713effab8e6c7dfabbfb76c1d84d7498 +Author: Philip Hands <phil@hands.com> +Date: Sun Oct 4 00:15:46 2020 +0200 - bsd-statvfs: include sys/vfs.h, check for f_flags. + shift contents of long $() into filter_ids() + + This was prompted by the fact that posh does not deal with $() + that contains comments where the comment includes an odd number + of single-quotes. It seems to get befuddled into trying to find + the matching quote. + Regardless, making a function for filtering the unneeded ids + seems much neater than avoiding apostrophes, + so that's what I've done. + + SSH-Copy-ID-Upstream: 3dab3366a584427045c8a690a93282f02c09cf24 -commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 25 10:20:31 2018 +1100 +commit fd360174596047b52aa1cddda74d85012a03ca4b +Author: Philip Hands <phil@hands.com> +Date: Sat Oct 3 23:15:16 2020 +0200 - Handle calloc(0,x) where different from malloc. + combine if/elif to avoid duplication of the action - Configure assumes that if malloc(0) returns null then calloc(0,n) - also does. On some old platforms (SunOS4) malloc behaves as expected - (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this - at configure time and activate the replacement function if found, plus - handle this case in rpl_calloc. + SSH-Copy-ID-Upstream: 42aeb1cc53d3f7f6e78edc210fb121fda0834914 -commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 24 21:06:48 2018 +1100 +commit f7c3a39b016dd77709ecbf18da8282f967b86cd7 +Author: Philip Hands <phil@hands.com> +Date: Sat Oct 3 21:45:16 2020 +0200 - Add prototype for readv if needed. + shellcheck tidyage + + SSH-Copy-ID-Upstream: 5b08f840e78ac544288b3983010a1b0585e966fd -commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 24 20:46:37 2018 +1100 +commit 108676c3f26be6c873db0dd8754063699908727b +Author: Philip Hands <phil@hands.com> +Date: Sat Oct 3 21:10:03 2020 +0200 - Check for raise and supply if needed. + tidy up test of $SCRATCH_DIR creation + + SSH-Copy-ID-Upstream: 2d8b22d96c105d87743ffe8874887b06f8989b93 -commit a9004425a032d7a7141a5437cfabfd02431e2a74 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 24 20:25:22 2018 +1100 +commit a9c9e91a82bc1a2cf801b4e3ef27a941dbd27717 +Author: Philip Hands <phil@hands.com> +Date: Wed Sep 16 16:13:30 2020 +0200 - Check for bzero and supply if needed. + add -s flag: to install keys via SFTP + + This is prompted by: + + https://bugzilla.mindrot.org/show_bug.cgi?id=3201 + + Thanks go to Matthias Blümel for the idea, and the helpful patch, from + which this patch grew. - Since explicit_bzero uses it via an indirect it needs to be a function - not just a macro. + SSH-Copy-ID-Upstream: f7c76dc64427cd20287a6868f672423b62057614 -commit 1a348359e4d2876203b5255941bae348557f4f54 +commit f92424970c02b78852ff149378c7f2616ada4ccf Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 23 05:14:05 2018 +0000 +Date: Sun Oct 11 22:14:38 2020 +0000 - upstream: Add ssh-keyscan -D option to make it print its results in + upstream: UpdateHostkeys: check for keys under other names - SSHFP format bz#2821, ok dtucker@ + Stop UpdateHostkeys from automatically removing deprecated keys from + known_hosts files if the same keys exist under a different name or + address to the host that is being connected to. + + This avoids UpdateHostkeys from making known_hosts inconsistent in + some cases. For example, multiple host aliases sharing address-based + known_hosts on different lines, or hosts that resolves to multiple + addresses. + + ok markus@ - OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221 + OpenBSD-Commit-ID: 6444a705ba504c3c8ccddccd8d1b94aa33bd11c1 -commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 23 04:18:46 2018 +0000 +commit d98f14b5328922ae3085e07007d820c4f655b57a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 11 22:13:37 2020 +0000 - upstream: Add missing braces. + upstream: UpdateHostkeys: better CheckHostIP handling + + When preparing to update the known_hosts file, fully check both + entries for both the host and the address (if CheckHostIP enabled) + and ensure that, at the end of the operation, entries for both are + recorded. + + Make sure this works with HashKnownHosts too, which requires maintaining + a list of entry-types seen across the whole file for each key. - Caught by the tinderbox's -Werror=misleading-indentation, ok djm@ + ok markus@ - OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca + OpenBSD-Commit-ID: 374dc263103f6b343d9671f87dbf81ffd0d6abdd -commit b59162da99399d89bd57f71c170c0003c55b1583 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 23 15:20:42 2018 +1100 +commit af5941ae9b013aac12585e84c4cf494f3728982f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 11 22:12:44 2020 +0000 - Check for ifaddrs.h for BindInterface. + upstream: UpdateHostkeys: better detect manual host entries + + Disable UpdateHostkeys if the known_hosts line has more than two + entries in the pattern-list. ssh(1) only writes "host" or "host,ip" + lines so anything else was added by a different tool or by a human. - BindInterface required getifaddr and friends so disable if not available - (eg Solaris 10). We should be able to add support for some systems with - a bit more work but this gets the building again. + ok markus@ + + OpenBSD-Commit-ID: e434828191fb5f3877d4887c218682825aa59820 -commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Feb 23 14:19:11 2018 +1100 +commit 6247812c76f70b2245f3c23f5074665b3d436cae +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 8 01:15:16 2020 +0000 - space before tab in previous + upstream: don't misdetect comma-separated hostkey names as wildcards; + + spotted by naddy@ + + OpenBSD-Commit-ID: 4b874edfec7fc324a21b130bdb42f912177739ce -commit b5e9263c7704247f9624c8f5c458e9181fcdbc09 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 9 03:40:22 2018 +0000 +commit 67146c7d022a170be3cdad2f5f40259a663fb266 +Author: wangxp006 <wangxiaopeng7@huawei.com> +Date: Thu Oct 8 17:49:59 2020 +0800 - upstream: Replace fatal with exit in the case that we do not have + fix TEST_MALLOC_OPTIONS var + +commit 3205eaa3f8883a34fa4559ddef6c90d1067c5cce +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 8 00:31:05 2020 +0000 + + upstream: clarify conditions for UpdateHostkeys + + OpenBSD-Commit-ID: 9cba714cf6aeed769f998ccbe8c483077a618e27 + +commit e8dfca9bfeff05de87160407fb3e6a5717fa3dcb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 7 06:38:16 2020 +0000 + + upstream: remove GlobalKnownHostsFile for this test after - $SUDO set. Prevents test failures when neither sudo nor doas are configured. + UpdateHostkeys change - OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b + OpenBSD-Regress-ID: a940ad79d59343319613ba8fc46b6ef24aa3f8e1 -commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 23 14:10:53 2018 +1100 +commit 4aa2717d7517cff4bc423a6cfba3a2defb055aea +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 7 02:26:28 2020 +0000 + + upstream: Disable UpdateHostkeys when hostkey checking fails + + If host key checking fails (i.e. a wrong host key is recorded for the + server) and the user elects to continue (via StrictHostKeyChecking=no), + then disable UpdateHostkeys for the session. + + reminded by Mark D. Baushke; ok markus@ + + OpenBSD-Commit-ID: 98b524f121f4252309dd21becd8c4cacb0c6042a + +commit 04c06d04475f1f673e9d9743710d194453fe3888 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 7 02:25:43 2020 +0000 + + upstream: Fix UpdateHostkeys/HashKnownHosts/CheckHostIP bug + + When all of UpdateHostkeys, HashKnownHosts and ChechHostIP + were enabled and new host keys were learned, known_hosts IP + entries were not being recorded for new host keys. + + reported by matthieu@ ok markus@ + + OpenBSD-Commit-ID: a654a8290bd1c930aac509e8158cf85e42e49cb7 + +commit b70e33711291f3081702133175a41cccafc0212a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 7 02:24:51 2020 +0000 + + upstream: don't UpdateHostkeys when the hostkey is verified by the + + GlobalKnownHostsFile file, support only UserKnownHostsFile matches + + suggested by Mark D. Baushke; feedback and ok markus@ + + OpenBSD-Commit-ID: eabb771a6add676c398d38a143a1aff5f04abbb9 + +commit aa623142e426ca1ab9db77b06dcc9b1b70bd102b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 7 02:22:23 2020 +0000 + + upstream: revert kex->flags cert hostkey downgrade back to a plain + + key (commitid VtF8vozGOF8DMKVg). We now do this a simpler way that needs less + plumbing. + + ok markus@ + + OpenBSD-Commit-ID: fb92d25b216bff8c136da818ac2221efaadf18ed - Use portable syntax for REGRESSTMP. +commit f4f14e023cafee1cd9ebe4bb0db4029e6e1fafac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 7 02:20:35 2020 +0000 -commit 73282b61187883a2b2bb48e087fdda1d751d6059 + upstream: simply disable UpdateHostkeys when a certificate + + successfully authenticated the host; simpler than the complicated plumbing + via kex->flags we have now. + + ok markus@ + + OpenBSD-Commit-ID: 80e39644eed75717d563a7f177e8117a0e14f42c + +commit e79957e877db42c4c68fabcf6ecff2268e53acb5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 23 03:03:00 2018 +0000 +Date: Wed Oct 7 02:18:45 2020 +0000 - upstream: unbreak interop test after SSHv1 purge; patch from Colin + upstream: disable UpdateHostkeys by default if VerifyHostKeyDNS is - Watson via bz#2823 + enabled; suggested by Mark D. Baushke - OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a + OpenBSD-Commit-ID: 85a1b88592c81bc85df7ee7787dbbe721a0542bf -commit f8985dde5f46aedade0373365cbf86ed3f1aead2 +commit 3d4c2016bae1a6f14b48c1150a4c79ca4c9968bd Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 9 03:42:57 2018 +0000 +Date: Tue Oct 6 07:12:04 2020 +0000 - upstream: Skip sftp-chroot test when SUDO not set instead of + upstream: Agent protocol draft is now at rev 4. ok djm@ - fatal(). + OpenBSD-Commit-ID: 8c01ea3aae48aab45e01b7421b0fca2dad5e7837 + +commit af889a40ffc113af9105c03d7b32131eb4372d50 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Oct 4 09:45:01 2020 +0000 + + upstream: when ordering host key algorithms in the client, consider - OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88 + the ECDSA key subtype; ok markus@ + + OpenBSD-Commit-ID: 3097686f853c61ff61772ea35f8b699931392ece -commit df88551c02d4e3445c44ff67ba8757cff718609a +commit 2d39fc9f7e039351daa3d6aead1538ac29258add Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 9 03:40:22 2018 +0000 +Date: Sun Oct 4 03:04:02 2020 +0000 + + upstream: Allow full range of UIDs and GIDs for sftp chown and + + chgrp on 32bit platforms instead of being limited by LONG_MAX. bz#3206, + found by booking00 at sina.cn, ok markus@ + + OpenBSD-Commit-ID: 373b7bbf1f15ae482d39567ce30d18b51c9229b5 + +commit 396d32f3a1a16e54df2a76b2a9b237868580dcbe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Oct 3 09:22:26 2020 +0000 - upstream: Replace fatal with exit in the case that we do not have + upstream: There are lots of place where we want to redirect stdin, - $SUDO set. Prevents test failures when neither sudo nor doas are configured. + stdout and/or stderr to /dev/null. Factor all these out to a single + stdfd_devnull() function that allows selection of which of these to redirect. + ok markus@ - OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b + OpenBSD-Commit-ID: 3033ba5a4c47cacfd5def020d42cabc52fad3099 -commit 3b252c20b19f093e87363de197f1100b79705dd3 +commit 1286981d08b8429a64613215ce8bff3f6b32488a Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 8 08:46:20 2018 +0000 +Date: Sat Oct 3 08:30:47 2020 +0000 - upstream: some helpers to check verbose/quiet mode + upstream: enable UpdateHostkeys by default when the configuration - OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de + has not overridden UserKnownHostsFile; ok markus@ "The timing is perfect" + deraadt@ + + OpenBSD-Commit-ID: 62df71c9c5242da5763cb473c2a2deefbd0cef60 -commit ac2e3026bbee1367e4cda34765d1106099be3287 +commit 332f21537293d66508f7342dc643bc7fe45f0f69 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 23 02:34:33 2018 +0000 +Date: Sat Oct 3 08:12:59 2020 +0000 - upstream: Add BindInterface ssh_config directive and -B + upstream: disable UpdateHostkeys when a wildcard hostname pattern - command-line argument to ssh(1) that directs it to bind its outgoing - connection to the address of the specified network interface. + is encountered or when a certificate host key is in use. feedback/ok markus@ - BindInterface prefers to use addresses that aren't loopback or link- - local, but will fall back to those if no other addresses of the - required family are available on that interface. + OpenBSD-Commit-ID: b6e5575af7e6732322be82ec299e09051a5413bd + +commit 13cee44ef907824083d89cb9395adbbd552e46c1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Oct 3 08:11:28 2020 +0000 + + upstream: record when the host key checking code downgrades a - Based on patch by Mike Manning in bz#2820, ok dtucker@ + certificate host key to a plain key. This occurs when the user connects to a + host with a certificate host key but no corresponding CA key configured in + known_hosts; feedback and ok markus@ - OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713 + OpenBSD-Commit-ID: 2ada81853ff9ee7824c62f440bcf4ad62030c901 -commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679 +commit 12ae8f95e2e0c273e9e7ef930b01a028ef796a3f Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 19 00:55:02 2018 +0000 +Date: Sat Oct 3 04:15:06 2020 +0000 - upstream: emphasise that the hostkey rotation may send key types + upstream: prefer ed25519 signature algorithm variants to ECDSA; ok - that the client may not support, and that the client should simply disregard - such keys (this is what ssh does already). + markus@ - OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf + OpenBSD-Commit-ID: 82187926fca96d35a5b5afbc091afa84e0966e5b -commit ce066f688dc166506c082dac41ca686066e3de5f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 22 20:45:09 2018 +1100 +commit e5ed753add7aa8eed6b167e44db6240a76404db2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Oct 3 03:40:38 2020 +0000 - Add headers for sys/audit.h. + upstream: want time.h here too - On some older platforms (at least sunos4, probably others) sys/audit.h - requires some other headers. Patch from klausz at haus-gisela.de. + OpenBSD-Commit-ID: fafee8f1108c64ad8b282f9a1ed5ea830d8c58a7 -commit 3fd2d2291a695c96a54269deae079bacce6e3fb9 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 19 18:37:40 2018 +1100 +commit 66bd9fdf8b7762eb6a85cabbb1ae4ed955679f60 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Sat Oct 3 02:18:33 2020 +0000 - Add REGRESSTMP make var override. + upstream: split introductory paragraph, and insert ominous words about + + the glob issue, which cannot be fully fixed and really requires completely + replacing scp with a completely different subsystem. team effort to find the + right words.. - Defaults to original location ($srcdir/regress) but allows overriding - if desired, eg a directory in /tmp. + OpenBSD-Commit-ID: 58e1f72d292687f63eb357183036ee242513691c -commit f8338428588f3ecb5243c86336eccaa28809f97e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 18 15:53:15 2018 +1100 +commit 86cc8ce002ea10e88a4c5d622a8fdfab8a7d261f +Author: Damien Miller <djm@mindrot.org> +Date: Sat Oct 3 13:38:55 2020 +1000 + + use relative rather than system include here + +commit 922cfac5ed5ead9f796f7d39f012dd653dc5c173 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Oct 3 13:38:41 2020 +1000 + + add some openbsd-compat licenses we missed + +commit ce941c75ea9cd6c358508a5b206809846c8d9240 +Author: Philip Hands <phil@hands.com> +Date: Sat Oct 3 00:20:07 2020 +0200 + + un-nest $() to make ksh cheerful - Remove now-unused check for getrusage. +commit 18ea5f4b88e303677d2003b95e5cb864b439e442 +Author: Philip Hands <phil@hands.com> +Date: Fri Oct 2 21:30:10 2020 +0200 + + ksh doesn't grok 'local' - getrusage was used in ssh-rand-helper but that's now long gone. - Patch from klauszh at haus-gisela.de. + and AFAICT it's not actually doing anything useful in the code, so let's + see how things go without it. + +commit d9e727dcc04a52caaac87543ea1d230e9e6b5604 +Author: Oleg <Fallmay@users.noreply.github.com> +Date: Thu Oct 1 12:09:08 2020 +0300 -commit 8570177195f6a4b3173c0a25484a83641ee3faa6 + Fix `EOF: command not found` error in ssh-copy-id + +commit a1a856d50c89be3206f320baa4bfb32fff4e826f Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 16 04:43:11 2018 +0000 +Date: Wed Sep 30 09:11:39 2020 +0000 - upstream: Don't send IUTF8 to servers that don't like them. + upstream: Regen moduli. - Some SSH servers eg "ConfD" drop the connection if the client sends the - new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit - for such servers and avoid sending IUTF8 to them. ok djm@ + OpenBSD-Commit-ID: 04967f8c43e9854ac34b917bcd6f5ac96c53a693 + +commit fa1fe3ead7069d90d3c67d62137ad66acfcc9f48 +Author: HARUYAMA Seigo <haruyama@unixuser.org> +Date: Sun Sep 27 20:06:20 2020 +0900 + + Restore first section title of INSTALL + +commit 279261e1ea8150c7c64ab5fe7cb4a4ea17acbb29 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Sep 27 17:25:01 2020 +1000 + + update version numbers + +commit 58ca6ab6ff035ed12b5078e3e9c7199fe72c8587 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 27 07:22:05 2020 +0000 + + upstream: openssh 8.4 - OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda + OpenBSD-Commit-ID: a29e5b372d2c00e297da8a35a3b87c9beb3b4a58 -commit f6dc2ba3c9d12be53057b9371f5109ec553a399f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 16 17:32:28 2018 +1100 +commit 9bb8a303ce05ff13fb421de991b495930be103c3 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Sep 22 10:07:43 2020 +1000 - freezero should check for NULL. + sync with upstream ssh-copy-id rev f0da1a1b7 -commit 680321f3eb46773883111e234b3c262142ff7c5b +commit 0a4a5571ada76b1b012bec9cf6ad1203fc19ec8d Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 16 02:40:45 2018 +0000 +Date: Mon Sep 21 07:29:09 2020 +0000 - upstream: Mention recent DH KEX methods: + upstream: close stdin when forking after authentication too; ok markus - diffie-hellman-group14-sha256 - diffie-hellman-group16-sha512 - diffie-hellman-group18-sha512 + OpenBSD-Commit-ID: 43db17e4abc3e6b4a7b033aa8cdab326a7cb6c24 + +commit d14fe25e6c3b89f8af17e2894046164ac3b45688 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 20 23:31:46 2020 +0000 + + upstream: close stdout/stderr after "ssh -f ..." forking - From Jakub Jelen via bz#2826 + bz#3137, ok markus - OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a + OpenBSD-Commit-ID: e2d83cc4dea1665651a7aa924ad1ed6bcaaab3e2 + +commit 53a33a0d745179c02108589e1722457ca8ae4372 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Sep 20 15:57:09 2020 +1000 + + .depend -commit 88c50a5ae20902715f0fca306bb9c38514f71679 +commit 107eb3eeafcd390e1fa7cc7672a05e994d14013e Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 16 02:32:40 2018 +0000 +Date: Sun Sep 20 05:47:25 2020 +0000 - upstream: stop loading DSA keys by default, remove sshd_config + upstream: cap channel input buffer size at 16MB; avoids high memory use - stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@ + when peer advertises a large window but is slow to consume the data we send + (e.g. because of a slow network) - OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09 + reported by Pierre-Yves David + + fix with & ok markus@ + + OpenBSD-Commit-ID: 1452771f5e5e768876d3bfe2544e3866d6ade216 + +commit acfe2ac5fe033e227ad3a56624fbbe4af8b5da04 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Sep 18 22:02:53 2020 +1000 + + libfido2 1.5.0 is recommended -commit d2b3db2860c962927def39a52f67f1c23f7b201a -Author: jsing@openbsd.org <jsing@openbsd.org> -Date: Wed Feb 14 16:27:24 2018 +0000 +commit 52a03e9fca2d74eef953ddd4709250f365ca3975 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 18 08:16:38 2020 +0000 - upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in + upstream: handle multiple messages in a single read() - constant time. + PR#183 by Dennis Kaarsemaker; feedback and ok markus@ - This avoids a potential side channel timing leak. + OpenBSD-Commit-ID: 8570bb4d02d00cf70b98590716ea6a7d1cce68d1 + +commit dc098405b2939146e17567a25b08fc6122893cdf +Author: pedro martelletto <pedro@ambientworks.net> +Date: Fri Sep 18 08:57:29 2020 +0200 + + configure.ac: add missing includes - ok djm@ markus@ + when testing, make sure to include the relevant header files that + declare the types of the functions used by the test: - OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c + - stdio.h for printf(); + - stdlib.h for exit(); + - string.h for strcmp(); + - unistd.h for unlink(), _exit(), fork(), getppid(), sleep(). -commit 4270efad7048535b4f250f493d70f9acfb201593 -Author: jsing@openbsd.org <jsing@openbsd.org> -Date: Wed Feb 14 16:03:32 2018 +0000 +commit b3855ff053f5078ec3d3c653cdaedefaa5fc362d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 18 05:23:03 2020 +0000 - upstream: Some obvious freezero() conversions. + upstream: tweak the client hostkey preference ordering algorithm to - This also zeros an ed25519_pk when it was not being zeroed previously. + prefer the default ordering if the user has a key that matches the + best-preference default algorithm. - ok djm@ dtucker@ + feedback and ok markus@ - OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82 + OpenBSD-Commit-ID: a92dd7d7520ddd95c0a16786a7519e6d0167d35f -commit affa6ba67ffccc30b85d6e98f36eb5afd9386882 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 22:32:04 2018 +1100 +commit f93b187ab900c7d12875952cc63350fe4de8a0a8 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Sep 18 14:55:48 2020 +1000 - Remove execute bit from modpipe.c. + control over the colours in gnome-ssh-askpass[23] + + Optionally set the textarea colours via $GNOME_SSH_ASKPASS_FG_COLOR and + $GNOME_SSH_ASKPASS_BG_COLOR. These accept the usual three or six digit + hex colours. -commit 9879dca438526ae6dfd656fecb26b0558c29c731 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 22:26:16 2018 +1100 +commit 9d3d36bdb10b66abd1af42e8655502487b6ba1fa +Author: Damien Miller <djm@mindrot.org> +Date: Fri Sep 18 14:50:38 2020 +1000 - Update prngd link to point to sourceforge. + focus improvement for gnome-ssh-askpass[23] + + When serving a SSH_ASKPASS_PROMPT=none information dialog, ensure + then <enter> doesn't immediately close the dialog. Instead, require an + explicit <tab> to reach the close button, or <esc>. -commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 22:22:38 2018 +1100 +commit d6f507f37e6c75a899db0ef8224e72797c5563b6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Sep 16 03:07:31 2020 +0000 - Remove references to UNICOS. + upstream: Remove unused buf, last user was removed when switching + + to the sshbuf API. Patch from Sebastian Andrzej Siewior. + + OpenBSD-Commit-ID: 250fa17f0cec01039cc4abd95917d9746e24c889 -commit f1ca487940449f0b64f38f1da575078257609966 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 22:18:37 2018 +1100 +commit c3c786c3a0973331ee0922b2c51832a3b8d7f20f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 9 21:57:27 2020 +0000 - Remove extra newline. + upstream: For the hostkey confirmation message: + + > Are you sure you want to continue connecting (yes/no/[fingerprint])? + + compare the fingerprint case sensitively; spotted Patrik Lundin + ok dtucker + + OpenBSD-Commit-ID: 73097afee1b3a5929324e345ba4a4a42347409f2 -commit 6d4e980f3cf27f409489cf89cd46c21501b13731 +commit f2950baf0bafe6aa20dfe2e8d1ca4b23528df617 Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 22:16:54 2018 +1100 +Date: Fri Sep 11 14:45:23 2020 +1000 - OpenSSH's builtin entropy gathering is long gone. + New config-build-time dependency on automake. -commit 389125b25d1a1d7f22e907463b7e8eca74af79ea +commit 600c1c27abd496372bd0cf83d21a1c119dfdf9a5 Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 21:43:01 2018 +1100 +Date: Sun Sep 6 21:56:36 2020 +1000 - Replace remaining mysignal() with signal(). + Add aclocal.m4 and config.h.in~ to .gitignore. - These seem to have been missed during the replacement of mysignal - with #define signal in commit 5ade9ab. Both include the requisite - headers to pick up the #define. + aclocal.m4 is now generated by autoreconf. -commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 20:06:19 2018 +1100 +commit 4bf7e1d00b1dcd3a6b3239f77465c019e61c6715 +Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Sat Sep 5 17:50:03 2020 +0200 - Remove remaining now-obsolete cvs $Ids. + Quote the definition of OSSH_CHECK_HEADER_FOR_FIELD + + autoreconf complains about underquoted definition of + OSSH_CHECK_HEADER_FOR_FIELD after aclocal.m4 has been and now is beeing + recreated. + + Quote OSSH_CHECK_HEADER_FOR_FIELD as suggested. + + Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -commit 015749e9b1d2f6e14733466d19ba72f014d0845c -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 15 17:01:54 2018 +1100 +commit a2f3ae386b5f7938ed3c565ad71f30c4f7f010f1 +Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Sat Sep 5 17:50:02 2020 +0200 - Regenerate dependencies after UNICOS removal. + Move the local m4 macros + + The `aclocal' step is skipped during `autoreconf' because aclocal.m4 is + present. + Move the current aclocal.m4 which contains local macros into the m4/ + folder. With this change the aclocal.m4 will be re-created during + changes to the m4/ macro. + This is needed so the `aclocal' can fetch m4 macros from the system if + they are references in the configure script. This is a prerequisite to + use PKG_CHECK_MODULES. + + Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 13 09:10:46 2018 +1100 +commit 8372bff3a895b84fd78a81dc39da10928b662f5a +Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Sat Sep 5 17:50:01 2020 +0200 - Remove UNICOS support. + Remove HAVE_MMAP and BROKEN_MMAP + + BROKEN_MMAP is no longer defined since commit + 1cfd5c06efb12 ("Remove portability support for mmap") + + this commit also removed other HAVE_MMAP user. I didn't find anything + that defines HAVE_MMAP. The check does not trigger because compression + on server side is by default COMP_DELAYED (2) so it never triggers. - The code required to support it is quite invasive to the mainline - code that is synced with upstream and is an ongoing maintenance burden. - Both the hardware and software are literal museum pieces these days and - we could not find anyone still running OpenSSH on one. + Remove remaining HAVE_MMAP and BROKEN_MMAP bits. + + Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -commit 174bed686968494723e6db881208cc4dac0d020f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 13 18:12:47 2018 +1100 +commit bbf20ac8065905f9cb9aeb8f1df57fcab52ee2fb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 9 03:10:21 2020 +0000 - Retpoline linker flag only needed for linking. + upstream: adapt to SSH_SK_VERSION_MAJOR crank + + OpenBSD-Regress-ID: 0f3e76bdc8f9dbd9d22707c7bdd86051d5112ab8 -commit 075e258c2cc41e1d7f3ea2d292c5342091728d40 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 13 17:36:43 2018 +1100 +commit 9afe2a150893b20bdf9eab764978d817b9a7b783 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Aug 28 03:17:13 2020 +0000 - Default PidFile is sshd.pid not ssh.pid. + upstream: Ensure that address/mask mismatches are flagged at + + config-check time. ok djm@ + + OpenBSD-Regress-ID: 8f5f4c2c0bf00e6ceae7a1755a444666de0ea5c2 -commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 13 16:27:09 2018 +1100 +commit c76773524179cb654ff838dd43ba1ddb155bafaa +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 9 03:08:01 2020 +0000 - Remove assigned-to-but-never-used variable. + upstream: when writing an attestation blob for a FIDO key, record all - 'p' was removed in previous change but I neglected to remove the - otherwise-unused assignment to it. + the data needed to verify the attestation. Previously we were missing the + "authenticator data" that is included in the signature. + + spotted by Ian Haken + feedback Pedro Martelletto and Ian Haken; ok markus@ + + OpenBSD-Commit-ID: 8439896e63792b2db99c6065dd9a45eabbdb7e0a + +commit c1c44eeecddf093a7983bd91e70b446de789b363 +Author: pedro martelletto <pedro@ambientworks.net> +Date: Tue Sep 1 17:01:55 2020 +0200 + + configure.ac: fix libfido2 back-compat + + - HAVE_FIDO_CRED_PROD -> HAVE_FIDO_CRED_PROT; + - check for fido_dev_get_touch_begin(), so that + HAVE_FIDO_DEV_GET_TOUCH_BEGIN gets defined. -commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1 +commit 785f0f315bf7ac5909e988bb1ac3e019fb5e1594 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 13 03:36:56 2018 +0000 +Date: Mon Aug 31 04:33:17 2020 +0000 - upstream: remove space before tab + upstream: refuse to add verify-required (PINful) FIDO keys to + + ssh-agent until the agent supports them properly - OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890 + OpenBSD-Commit-ID: 125bd55a8df32c87c3ec33c6ebe437673a3d037e + +commit 39e88aeff9c7cb6862b37ad1a87a03ebbb38c233 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 31 00:17:41 2020 +0000 -commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab + upstream: Add RCS IDs to the few files that are missing them; from + + Pedro Martelletto + + OpenBSD-Commit-ID: 39aa37a43d0c75ec87f1659f573d3b5867e4a3b3 + +commit 72730249b38a676da94a1366b54a6e96e6928bcb Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Feb 11 21:16:56 2018 +0000 +Date: Fri Aug 28 03:15:52 2020 +0000 - upstream Don't reset signal handlers inside handlers. + upstream: Check that the addresses supplied to Match Address and - The signal handlers from the original ssh1 code on which OpenSSH - is based assume unreliable signals and reinstall their handlers. - Since OpenBSD (and pretty much every current system) has reliable - signals this is not needed. In the unlikely even that -portable - is still being used on such systems we will deal with it in the - compat layer. ok deraadt@ + Match LocalAddress are valid when parsing in config-test mode. This will + catch address/mask mismatches before they cause problems at runtime. Found by + Daniel Stocker, ok djm@ - OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c + OpenBSD-Commit-ID: 2d0b10c69fad5d8fda4c703e7c6804935289378b -commit 3c51143c639ac686687c7acf9b373b8c08195ffb -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 13 09:07:29 2018 +1100 +commit 2a3a9822311a565a9df48ed3b6a3c972f462bd7d +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Aug 27 12:34:00 2020 +0000 - Whitespace sync with upstream. + upstream: sentence fix; from pedro martelletto + + OpenBSD-Commit-ID: f95b84a1e94e9913173229f3787448eea2f8a575 -commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 13 08:25:46 2018 +1100 +commit ce178be0d954b210c958bc2b9e998cd6a7aa73a9 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 27 20:01:52 2020 +1000 - Whitespace sync with upstream. + tweak back-compat for older libfido2 -commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 11 21:25:11 2018 +1300 +commit d6f45cdde031acdf434bbb27235a1055621915f4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 27 09:46:04 2020 +0000 - Move signal compat code into bsd-signal.{c,h} + upstream: debug()-print a little info about FIDO-specific key + + fields via "ssh-keygen -vyf /path/key" + + OpenBSD-Commit-ID: cf315c4fe77db43947d111b00155165cb6b577cf -commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 11 21:20:39 2018 +1300 +commit b969072cc3d62d05cb41bc6d6f3c22c764ed932f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 27 09:43:28 2020 +0000 - Include headers for linux/if.h. + upstream: skip a bit more FIDO token selection logic when only a + + single token is attached. - Prevents configure-time "present but cannot be compiled" warning. + with Pedro Martelletto + + OpenBSD-Commit-ID: e4a324bd9814227ec1faa8cb619580e661cca9ac -commit bc02181c24fc551aab85eb2cff0f90380928ef43 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 11 19:45:47 2018 +1300 +commit 744df42a129d7d7db26947b7561be32edac89f88 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Aug 27 06:15:22 2020 +0000 - Fix test for -z,retpolineplt linker flag. + upstream: tweak previous; + + OpenBSD-Commit-ID: 92714b6531e244e4da401b2defaa376374e24be7 -commit 3377df00ea3fece5293db85fe63baef33bf5152e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 11 09:32:37 2018 +1100 +commit e32479645ce649b444ba5c6e7151304306a09654 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 27 03:55:22 2020 +0000 - Add checks for Spectre v2 mitigation (retpoline) + upstream: adapt to API changes - This adds checks for gcc and clang flags for mitigations for Spectre - variant 2, ie "retpoline". It'll automatically enabled if the compiler - supports it as part of toolchain hardening flag. ok djm@ + OpenBSD-Regress-ID: 5f147990cb67094fe554333782ab268a572bb2dd -commit d9e5cf078ea5380da6df767bb1773802ec557ef0 +commit bbcc858ded3fbc46abfa7760e40389e3ca93884c +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 27 12:37:12 2020 +1000 + + degrade semi-gracefully when libfido2 is too old + +commit 9cbbdc12cb6a2ab1e9ffe9974cca91d213c185c2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 09:25:34 2018 +0000 +Date: Thu Aug 27 01:15:36 2020 +0000 - upstream commit + upstream: dummy firmware needs to match API version numner crank (for - constify some private key-related functions; based on - https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault + verify-required resident keys) even though it doesn't implement this feature - OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c + OpenBSD-Regress-ID: 86579ea2891e18e822e204413d011b2ae0e59657 -commit a7c38215d564bf98e8e9eb40c1079e3adf686f15 +commit c1e76c64956b424ba260fd4eec9970e5b5859039 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 09:03:54 2018 +0000 +Date: Thu Aug 27 02:11:09 2020 +0000 - upstream commit - - Mention ServerAliveTimeout in context of TCPKeepAlives; - prompted by Christoph Anton Mitterer via github + upstream: remove unreachable code I forgot to delete in r1.334 - OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2 + OpenBSD-Commit-ID: 9ed6078251a0959ee8deda443b9ae42484fd8b18 -commit 62562ceae61e4f7cf896566592bb840216e71061 +commit 0caff05350bd5fc635674c9e051a0322faba5ae3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 06:54:38 2018 +0000 +Date: Thu Aug 27 01:08:45 2020 +0000 - upstream commit + upstream: Request PIN ahead of time for certain FIDO actions + + When we know that a particular action will require a PIN, such as + downloading resident keys or generating a verify-required key, request + the PIN before attempting it. - clarify IgnoreUserKnownHosts; based on github PR from - Christoph Anton Mitterer. + joint work with Pedro Martelletto; ok markus@ - OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3 + OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727 -commit 4f011daa4cada6450fa810f7563b8968639bb562 +commit b649b3daa6d4b8ebe1bd6de69b3db5d2c03c9af0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 06:40:28 2018 +0000 +Date: Thu Aug 27 01:08:19 2020 +0000 - upstream commit + upstream: preserve verify-required for resident FIDO keys + + When downloading a resident, verify-required key from a FIDO token, + preserve the verify-required in the private key that is written to + disk. Previously we weren't doing that because of lack of support + in the middleware API. - Shorter, more accurate explanation of - NoHostAuthenticationForLocalhost without the confusing example. Prompted by - Christoph Anton Mitterer via github and bz#2293. + from Pedro Martelletto; ok markus@ and myself - OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df + OpenBSD-Commit-ID: 201c46ccdd227cddba3d64e1bdbd082afa956517 -commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f +commit 642e06d0df983fa2af85126cf4b23440bb2985bf Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 06:15:12 2018 +0000 +Date: Thu Aug 27 01:07:51 2020 +0000 - upstream commit + upstream: major rework of FIDO token selection logic - Disable RemoteCommand and RequestTTY in the ssh session - started by scp. sftp is already doing this. From Camden Narzt via github; ok - dtucker + When PINs are in use and multiple FIDO tokens are attached to a host, we + cannot just blast requests at all attached tokens with the PIN specified + as this will cause the per-token PIN failure counter to increment. If + this retry counter hits the token's limit (usually 3 attempts), then the + token will lock itself and render all (web and SSH) of its keys invalid. + We don't want this. + + So this reworks the key selection logic for the specific case of + multiple keys being attached. When multiple keys are attached and the + operation requires a PIN, then the user must touch the key that they + wish to use first in order to identify it. + + This may require multiple touches, but only if there are multiple keys + attached AND (usually) the operation requires a PIN. The usual case of a + single key attached should be unaffected. + + Work by Pedro Martelletto; ok myself and markus@ - OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b + OpenBSD-Commit-ID: 637d3049ced61b7a9ee796914bbc4843d999a864 -commit ca613249a00b64b2eea9f52d3834b55c28cf2862 +commit 801c9f095e6d8b7b91aefd98f5001c652ea13488 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 05:48:46 2018 +0000 +Date: Thu Aug 27 01:07:09 2020 +0000 - upstream commit + upstream: support for requiring user verified FIDO keys in sshd + + This adds a "verify-required" authorized_keys flag and a corresponding + sshd_config option that tells sshd to require that FIDO keys verify the + user identity before completing the signing/authentication attempt. + Whether or not user verification was performed is already baked into the + signature made on the FIDO token, so this is just plumbing that flag + through and adding ways to require it. - Refuse to create a certificate with an unusable number of - principals; Prompted by gdestuynder via github + feedback and ok markus@ - OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29 + OpenBSD-Commit-ID: 3a2313aae153e043d57763d766bb6d55c4e276e6 -commit b56ac069d46b6f800de34e1e935f98d050731d14 +commit 9b8ad93824c682ce841f53f3b5762cef4e7cc4dc Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Feb 10 05:43:26 2018 +0000 +Date: Thu Aug 27 01:06:18 2020 +0000 - upstream commit + upstream: support for user-verified FIDO keys - fatal if we're unable to write all the public key; previously - we would silently ignore errors writing the comment and terminating newline. - Prompted by github PR from WillerZ; ok dtucker + FIDO2 supports a notion of "user verification" where the user is + required to demonstrate their identity to the token before particular + operations (e.g. signing). Typically this is done by authenticating + themselves using a PIN that has been set on the token. - OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831 + This adds support for generating and using user verified keys where + the verification happens via PIN (other options might be added in the + future, but none are in common use now). Practically, this adds + another key generation option "verify-required" that yields a key that + requires a PIN before each authentication. + + feedback markus@ and Pedro Martelletto; ok markus@ + + OpenBSD-Commit-ID: 57fd461e4366f87c47502c5614ec08573e6d6a15 -commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 11:18:38 2018 +1100 +commit 1196d7f49d4fbc90f37e550de3056561613b0960 +Author: cheloha@openbsd.org <cheloha@openbsd.org> +Date: Wed Aug 12 01:23:45 2020 +0000 - Add changelog entry for binary strip change. + upstream: ssh-keyscan(1): simplify conloop() with timercmp(3), + + timersub(3); ok djm@ + + OpenBSD-Commit-ID: a102acb544f840d33ad73d40088adab4a687fa27 -commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 11:14:54 2018 +1100 +commit d0a195c89e26766d3eb8f3e4e2a00ebc98b57795 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Aug 11 09:49:57 2020 +0000 - Remove unused variables. + upstream: let ssh_config(5)'s AddKeysToAgent keyword accept a time + + limit for keys in addition to its current flag options. Time-limited keys + will automatically be removed from ssh-agent after their expiry time has + passed; ok markus@ + + OpenBSD-Commit-ID: 792e71cacbbc25faab5424cf80bee4a006119f94 -commit 937d96587df99c16c611d828cded292fa474a32b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 11:12:45 2018 +1100 +commit e9c2002891a7b8e66f4140557a982978f372e5a3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Aug 11 09:45:54 2020 +0000 - Don't strip binaries so debuginfo gets built. + upstream: let the "Confirm user presence for key ..." ssh-askpass + + notification respect $SSH_ASKPASS_REQUIRE; ok markus@ - Tell install not to strip binaries during package creation so that the - debuginfo package can be built. + OpenBSD-Commit-ID: 7c1a616b348779bda3b9ad46bf592741f8e206c1 -commit eb0865f330f59c889ec92696b97bd397090e720c +commit eaf8672b1b52db2815a229745f4e4b08681bed6d Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 10:33:11 2018 +1100 +Date: Fri Aug 21 00:04:13 2020 +1000 - Fix bogus dates in changelog. + Remove check for 'ent' command. + + It was added in 8d1fd57a9 for measuring entropy of ssh_prng_cmds which + has long since been removed and there are no other references to it. -commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165 +commit 05c215de8d224e094a872d97d45f37f60c06206b Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 10:25:15 2018 +1100 +Date: Mon Aug 17 21:34:32 2020 +1000 - Remove SSH1 from description. + Wrap stdint.h include in ifdef HAVE_STDINT_H. -commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 10:19:16 2018 +1100 +commit eaf2765efe8bc74feba85c34295d067637fc6635 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Aug 10 13:24:09 2020 +1000 - Add support for compat-openssl10 build dep. + sync memmem.c with OpenBSD -commit 04f4e8193cb5a5a751fcc356bd6656291fec539e +commit ed6bef77f5bb5b8f9ca2914478949e29f2f0a780 Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 09:57:04 2018 +1100 +Date: Fri Aug 7 17:12:16 2020 +1000 - Add leading zero so it'll work when rhel not set. + Always send any PAM account messages. - When rhel is not set it will error out with "bad if". Add leading zero - as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work - on non-RHEL. + If the PAM account stack reaturns any messages, send them to the user + not just if the check succeeds. bz#2049, ok djm@ -commit 12abd67a6af28476550807a443b38def2076bb92 +commit a09e98dcae1e26f026029b7142b0e0d10130056f Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 10 09:56:34 2018 +1100 +Date: Fri Aug 7 15:37:37 2020 +1000 - Update openssl-devel dependency. + Output test debug logs on failure. -commit b33e7645f8813719d7f9173fef24463c8833ebb3 -Author: nkadel <nkadel@gmail.com> -Date: Sun Nov 16 18:19:58 2014 -0500 +commit eb122b1eebe58b29a83a507ee814cbcf8aeded1b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 7 15:11:42 2020 +1000 - Add mandir with-mandir' for RHEL 5 compatibility. - - Activate '--mandir' and '--with-mandir' settings in setup for RHEL - 5 compatibility. + Add ability to specify exact test target. -commit 94f8bf360eb0162e39ddf39d69925c2e93511e40 -Author: nkadel <nkadel@gmail.com> -Date: Sun Nov 16 18:18:51 2014 -0500 +commit c2ec7a07f8caabb4d8e00c66e7cd46bf2cd1e922 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 7 14:21:15 2020 +1000 - Discard 'K5DIR' reporting. - - It does not work inside 'mock' build environment. + Document --without-openssl and --without-zlib. -commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5 -Author: nkadel <nkadel@gmail.com> -Date: Sun Nov 16 18:17:15 2014 -0500 +commit 651bb3a31949bbdc3a78b2ede95a77bce0c72984 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 7 14:15:11 2020 +1000 - Add 'dist' to 'rel' for OS specific RPM names. + Add without-openssl without-zlib test target. -commit 87346f1f57f71150a9b8c7029d8c210e27027716 -Author: nkadel <nkadel@gmail.com> -Date: Sun Nov 16 14:17:38 2014 -0500 +commit 9499f2bb01dc1032ae155999b2d7764b9491341f +Author: Stefan Schindler <dns2utf8@estada.ch> +Date: Wed Aug 5 19:00:52 2020 +0200 - Add openssh-devel >= 0.9.8f for redhat spec file. + Add CI with prepare script + + * Only use heimdal kerberos implementation + * Fetch yubico/libfido2 (see: https://github.com/Yubico/libfido2) + * Add one target for + * all features + * each feature alone + * no features -commit bec1478d710866d3c1b119343a35567a8fc71ec3 -Author: nkadel <nkadel@gmail.com> -Date: Sun Nov 16 13:10:24 2014 -0500 +commit ea1f649046546a860f68b97ddc3015b7e44346ca +Author: Damien Miller <djm@mindrot.org> +Date: Wed Aug 5 08:58:57 2020 +1000 - Enhance BuildRequires for openssh-x11-askpass. + support NetBSD's utmpx.ut_ss address field + + bz#960, ok dtucker -commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f -Author: nkadel <nkadel@gmail.com> -Date: Sun Nov 16 13:04:14 2014 -0500 +commit 32c63e75a70a0ed9d6887a55fcb0e4531a6ad617 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Aug 4 14:59:21 2020 +1000 - Always include x11-ssh-askpass SRPM. + wrap a declaration in the same ifdefs as its use - Always include x11-ssh-askpass tarball in redhat SRPM, even if unused. + avoids warnings on NetBSD -commit c61d0d038d58eebc365f31830be6e04ce373ad1b +commit c9e3be9f4b41fda32a2a0138d54c7a6b563bc94d Author: Damien Miller <djm@mindrot.org> -Date: Sat Feb 10 09:43:12 2018 +1100 +Date: Tue Aug 4 14:58:46 2020 +1000 + + undef TAILQ_CONCAT and friends + + Needed for NetBSD. etc that supply these macros - this is long unused; prompted by dtucker@ +commit 2d8a3b7e8b0408dfeb933ac5cfd3a58f5bac49af +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 3 02:53:51 2020 +0000 -commit 745771fb788e41bb7cdad34e5555bf82da3af7ed -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 9 02:37:36 2018 +0000 + upstream: ensure that certificate extensions are lexically sorted. + + Previously if the user specified a custom extension then the everything would + be in order except the custom ones. bz3198 ok dtucker markus + + OpenBSD-Commit-ID: d97deb90587b06cb227c66ffebb2d9667bf886f0 - upstream commit +commit a8732d74cb8e72f0c6366015687f1e649f60be87 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 3 02:43:41 2020 +0000 + + upstream: allow -A to explicitly enable agent forwarding in scp and - Remove unused sKerberosTgtPassing from enum. From - calestyo via github pull req #11, ok djm@ + sftp. The default remains to not forward an agent, even when ssh_config + enables it. ok jmc dtucker markus - OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540 + OpenBSD-Commit-ID: 36cc526aa3b0f94e4704b8d7b969dd63e8576822 -commit 1f385f55332db830b0ae22a7663b98279ca2d657 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Feb 8 04:12:32 2018 +0000 +commit ab9105470a83ed5d8197959a1b1f367399958ba1 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Mon Aug 3 02:42:49 2020 +0000 - upstream commit + upstream: clang -Wimplicit-fallthrough does not recognise /* - Rename struct umac_ctx to umac128_ctx too. In portable - some linkers complain about two symbols with the same name having differing - sizes. ok djm@ + FALLTHROUGH */ comments, which is the style we currently use, and gives too + many boring warnings. ok djm - OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3 + OpenBSD-Commit-ID: 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 -commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf +commit ced327b9fb78c94d143879ef4b2a02cbc5d38690 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Feb 7 22:52:45 2018 +0000 +Date: Fri Jul 31 04:19:37 2020 +0000 - upstream commit + upstream: Also compare username when checking for JumpHost loops. - ssh_free checks for and handles NULL args, remove NULL - checks from remaining callers. ok djm@ + bz#3057, ok djm@ - OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b + OpenBSD-Commit-ID: 9bbc1d138adb34c54f3c03a15a91f75dbf418782 -commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c +commit ae7527010c44b3376b85d036a498f136597b2099 Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 8 12:36:22 2018 +1100 +Date: Fri Jul 31 15:19:04 2020 +1000 - Set SO_REUSEADDR in regression test netcat. + Remove AC_REVISION. - Sometimes multiplex tests fail on Solaris with "netcat: local_listen: - Address already in use" which is likely due to previous invocations - leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to - SO_REUSEPORT which is alread set on platforms that support it). ok djm@ + It hasn't been useful since we switched to git in 2014. ok djm@ -commit 1749991c55bab716877b7c687cbfbf19189ac6f1 -Author: jsing@openbsd.org <jsing@openbsd.org> -Date: Wed Feb 7 05:17:56 2018 +0000 +commit 89fc3f414be0ce4e8008332a9739a7d721269e50 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 28 19:40:30 2020 +1000 - upstream commit - - Convert some explicit_bzero()/free() calls to freezero(). + Use argv in OSSH_CHECK_CFLAG_COMPILE test. - ok deraadt@ dtucker@ - - OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609 + configure.ac is not detecting -Wextra in compilers that implement the + option. The problem is that -Wextra implies -Wunused-parameter, and the + C excerpt used by aclocal.m4 does not use argv. Patch from pedro at + ambientworks.net, ok djm@ -commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2 -Author: jsing@openbsd.org <jsing@openbsd.org> -Date: Wed Feb 7 05:15:49 2018 +0000 +commit 62c81ef531b0cc7ff655455dd34f5f0c94f48e82 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jul 20 22:12:07 2020 +1000 - upstream commit - - Remove some #ifdef notyet code from OpenSSL 0.9.8 days. + Skip ECDSA-SK webauthn test when built w/out ECC + +commit 3ec9a6d7317236a9994887d8bd5d246af403a00d +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jul 20 13:09:25 2020 +1000 + + Add ssh-sk-helper and manpage to RPM spec file - These functions have never appeared in OpenSSL and are likely never to do - so. + Based on patch from Fabio Pedretti + +commit a2855c048b3f4b17d8787bd3f24232ec0cd79abe +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 17 07:09:24 2020 +0000 + + upstream: Add %k to the TOKENs for Match Exec for consistency with - "kill it with fire" djm@ + the other keywords that recently got %k. - OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e + OpenBSD-Commit-ID: 1857d1c40f270cbc254fca91e66110641dddcfdb -commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377 -Author: jsing@openbsd.org <jsing@openbsd.org> -Date: Wed Feb 7 02:06:50 2018 +0000 +commit 69860769fa9f4529d8612ec055ae11912f7344cf +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jul 17 05:59:05 2020 +0000 - upstream commit + upstream: fix macro slip in previous; - Remove all guards for calls to OpenSSL free functions - - all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. + OpenBSD-Commit-ID: 624e47ab209450ad9ad5c69f54fa69244de5ed9a + +commit 40649bd0822883b684183854b16d0b8461d5697b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 17 07:10:24 2020 +0000 + + upstream: Add test for '%k' (HostKeyAlias) TOKEN. - Prompted by dtucker@ asking about guards for RSA_free(), when looking at - openssh-portable pr#84 on github. + OpenBSD-Regress-ID: 8ed1ba1a811790031aad3fcea860a34ad7910456 + +commit 6736fe680704a3518cb4f3f8f6723b00433bd3dd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 17 03:26:58 2020 +0000 + + upstream: Add tests for expansions on UserKnownHostsFile. - ok deraadt@ dtucker@ + OpenBSD-Regress-ID: bccf8060306c841bbcceb1392644f906a4d6ca51 + +commit 287dc6396e0f9cb2393f901816dbd7f2a7dfbb5f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 17 03:51:32 2020 +0000 + + upstream: log error message for process_write() write failures - OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae + OpenBSD-Commit-ID: f733d7b3b05e3c68967dc18dfe39b9e8fad29851 -commit 3c000d57d46882eb736c6563edfc4995915c24a2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Feb 7 09:19:38 2018 +1100 +commit 8df5774a42d2eaffe057bd7f293fc6a4b1aa411c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 17 03:43:42 2020 +0000 - Remove obsolete "Smartcard support" message + upstream: Add a '%k' TOKEN that expands to the effective HostKey of + + the destination. This allows, eg, keeping host keys in individual files + using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654, ok djm@, jmc@ + (man page bits) - The configure checks that populated $SCARD_MSG were removed in commits - 7ea845e4 and d8f60022 when the smartcard support was replaced with - PKCS#11. + OpenBSD-Commit-ID: 7084d723c9cc987a5c47194219efd099af5beadc -commit 3e615090de0ce36a833d811e01c28aec531247c4 +commit c4f239944a4351810fd317edf408bdcd5c0102d9 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Feb 6 06:01:54 2018 +0000 +Date: Fri Jul 17 03:23:10 2020 +0000 - upstream commit + upstream: Add %-TOKEN, environment variable and tilde expansion to - Replace "trojan horse" with the correct term (MITM). - From maikel at predikkta.com via bz#2822, ok markus@ + UserKnownHostsFile, allowing the file to be automagically split up in the + configuration (eg bz#1654). ok djm@, man page parts jmc@ - OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53 + OpenBSD-Commit-ID: 7e1b406caf147638bb51558836a72d6cc0bd1b18 -commit 3484380110d437c50e17f87d18544286328c75cb -Author: tb@openbsd.org <tb@openbsd.org> -Date: Mon Feb 5 05:37:46 2018 +0000 +commit dbaaa01daedb423c38124a72c471982fb08a16fb +Author: solene@openbsd.org <solene@openbsd.org> +Date: Wed Jul 15 07:50:46 2020 +0000 - upstream commit + upstream: - Add [-a rounds] in ssh-keygen man page and usage() - - Add a couple of non-negativity checks to avoid close(-1). + Reorder parameters list in the first usage() case - Sentence rewording - ok djm + ok dtucker@ + jmc@ noticed usage() missed -a flag too - OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880 + OpenBSD-Commit-ID: f06b9afe91cc96f260b929a56e9930caecbde246 -commit 5069320be93c8b2a6584b9f944c86f60c2b04e48 -Author: tb@openbsd.org <tb@openbsd.org> -Date: Mon Feb 5 05:36:49 2018 +0000 +commit 69924a92c3af7b99a7541aa544a2334ec0fb092c +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Jul 15 05:40:05 2020 +0000 - upstream commit + upstream: start sentence with capital letter; - The file descriptors for socket, stdin, stdout and stderr - aren't necessarily distinct, so check if they are the same to avoid closing - the same fd several times. + OpenBSD-Commit-ID: ab06581d51b2b4cc1b4aab781f7f3cfa56cad973 + +commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jul 17 13:15:50 2020 +1000 + + detect Linux/X32 systems - ok djm + This is a frankenstein monster of AMD64 instructions/calling conventions + but with a 4GB address space. Allegedly deprecated but people still run + into it causing weird sandbox failures, e.g. bz#3085 + +commit 9c9ddc1391d6af8d09580a2424ab467d0a5df3c7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jul 15 06:43:16 2020 +0000 + + upstream: Fix previous by calling the correct function. - OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1 + OpenBSD-Regress-ID: 821cdd1dff9c502cceff4518b6afcb81767cad5a -commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 5 04:02:53 2018 +0000 +commit f1a4798941b4372bfe5e46f1c0f8672fe692d9e4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jul 15 05:36:50 2020 +0000 - upstream commit + upstream: Update test to match recent change in match.c - I accidentially a word + OpenBSD-Regress-ID: 965bda1f95f09a765050707340c73ad755f41167 + +commit d7e71be4fd57b7c7e620d733cdf2333b27bfa924 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 15 15:30:43 2020 +1000 + + Adjust portable code to match changes in 939d787d, + +commit fec89f32a84fd0aa1afc81deec80a460cbaf451a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jul 15 04:27:34 2020 +0000 + + upstream: Add default for number of rounds (-a). ok djm@ - OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a + OpenBSD-Commit-ID: cb7e9aa04ace01a98e63e4bd77f34a42ab169b15 -commit 130283d5c2545ff017c2162dc1258c5354e29399 +commit aaa8b609a7b332be836cd9a3b782422254972777 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 25 03:34:43 2018 +0000 +Date: Tue Jul 14 23:57:01 2020 +0000 - upstream commit + upstream: allow some additional control over the use of ssh-askpass - certificate options are case-sensitive; fix case on one - that had it wrong. + via $SSH_ASKPASS_REQUIRE, including force-enable/disable. bz#69 ok markus@ - move a badly-place sentence to a less bad place + OpenBSD-Commit-ID: 3a1e6cbbf6241ddc4405c4246caa2c249f149eb2 + +commit 6368022cd4dd508671c4999a59ec5826df098530 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Tue Jul 7 02:47:21 2020 +0000 + + upstream: correct recently broken comments - OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b + OpenBSD-Commit-ID: 964d9a88f7de1d0eedd3f8070b43fb6e426351f1 -commit 89f09ee68730337015bf0c3f138504494a34e9a6 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Jan 24 12:20:44 2018 +1100 +commit 6d755706a0059eb9e2d63517f288b75cbc3b4701 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jul 5 23:59:45 2020 +0000 - crypto_api.h needs includes.h + upstream: some language improvements; ok markus + + OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8 -commit c9c1bba06ad1c7cad8548549a68c071bd807af60 -Author: stsp@openbsd.org <stsp@openbsd.org> -Date: Tue Jan 23 20:00:58 2018 +0000 +commit b0c1e8384d5e136ebdf895d1434aea7dd8661a1c +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Jul 3 10:12:26 2020 +0000 - upstream commit + upstream: update setproctitle after re-exec; ok djm - Fix a logic bug in sshd_exchange_identification which - prevented clients using major protocol version 2 from connecting to the - server. ok millert@ + OpenBSD-Commit-ID: bc92d122f9184ec2a9471ade754b80edd034ce8b + +commit cd119a5ec2bf0ed5df4daff3bd14f8f7566dafd3 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Jul 3 10:11:33 2020 +0000 + + upstream: keep ignoring HUP after fork+exec; ok djm - OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 + OpenBSD-Commit-ID: 7679985a84ee5ceb09839905bb6f3ddd568749a2 -commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb -Author: stsp@openbsd.org <stsp@openbsd.org> -Date: Tue Jan 23 18:33:49 2018 +0000 +commit 8af4a743693ccbea3e15fc9e93edbeb610fa94f4 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Jul 3 10:10:17 2020 +0000 - upstream commit + upstream: don't exit the listener on send_rexec_state errors; ok - Add missing braces; fixes 'write: Socket is not - connected' error in ssh. ok deraadt@ + djm - OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24 + OpenBSD-Commit-ID: 57cbd757d130d3f45b7d41310b3a15eeec137d5c -commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 23 16:49:43 2018 +1100 +commit 03da4c2b70468f04ed1c08518ea0a70e67232739 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jul 15 04:55:47 2020 +0000 - rebuild depends + upstream: Use $OBJ to find key files. Fixes test when run on an obj + + directory (on OpenBSD) or out of tree (in Portable). + + OpenBSD-Regress-ID: 938fa8ac86adaa527d64a305bd2135cfbb1c0a17 -commit 552ea155be44f9c439c1f9f0c38f9e593428f838 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 23 16:49:22 2018 +1100 +commit 73f20f195ad18f1cf633eb7d8be95dc1b6111eea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 4 23:11:23 2020 +1000 - one SSH_BUG_BANNER instance that got away + Wrap stdint.h in ifdef HAVE_STDINT_H. -commit 14b5c635d1190633b23ac3372379517fb645b0c2 +commit aa6fa4bf3023fa0e5761cd8f4b2cd015d2de74dd Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 23 05:27:21 2018 +0000 +Date: Fri Jul 3 07:25:18 2020 +0000 - upstream commit - - Drop compatibility hacks for some ancient SSH - implementations, including ssh.com <=2.* and OpenSSH <= 3.*. + upstream: put back the mux_ctx memleak fix, but only for channels of - These versions were all released in or before 2001 and predate the - final SSH RFCs. The hacks in question aren't necessary for RFC- - compliant SSH implementations. + type SSH_CHANNEL_MUX_LISTENER; Specifically SSH_CHANNEL_MUX_PROXY channels + should not have this structure freed. - ok markus@ - - OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138 + OpenBSD-Commit-ID: f3b213ae60405f77439e2b06262f054760c9d325 -commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb +commit d8195914eb43b20b13381f4e5a74f9f8a14f0ded Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 23 05:17:04 2018 +0000 +Date: Fri Jul 3 07:17:35 2020 +0000 - upstream commit + upstream: revert r1.399 - the lifetime of c->mux_ctx is more complex; - try harder to preserve errno during - ssh_connect_direct() to make the final error message possibly accurate; - bz#2814, ok dtucker@ + simply freeing it here causes other problems - OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca + OpenBSD-Commit-ID: c6fee8ca94e2485faa783839541962be2834c5ed -commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec +commit 20b5fab9f773b3d3c7f06cb15b8f69a2c081ee80 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 23 05:12:12 2018 +0000 +Date: Fri Jul 3 07:02:37 2020 +0000 - upstream commit + upstream: avoid tilde_expand_filename() in expanding ~/.ssh/rc - if - unbreak support for clients that advertise a protocol - version of "1.99" (indicating both v2 and v1 support). Busted by me during - SSHv1 purge in r1.358; bz2810, ok dtucker + sshd is in chroot mode, the likely absence of a password database will cause + tilde_expand_filename() to fatal; ok dtucker@ - OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b + OpenBSD-Commit-ID: e20aee6159e8b79190d18dba1513fc1b7c8b7ee1 -commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d +commit c8935081db35d73ee6355999142fa0776a2af912 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 23 05:06:25 2018 +0000 +Date: Fri Jul 3 06:46:41 2020 +0000 - upstream commit + upstream: when redirecting sshd's log output to a file, undo this - don't attempt to force hostnames that are addresses to - lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to - remove ambiguities (e.g. ::0001 => ::1) before they are matched against - known_hosts; bz#2763, ok dtucker@ + redirection after the session child process is forked(); ok dtucker@ - OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0 + OpenBSD-Commit-ID: 6df86dd653c91f5bc8ac1916e7680d9d24690865 -commit d6364f6fb1a3d753d7ca9bf15b2adce961324513 +commit 183c4aaef944af3a1a909ffa01058c65bac55748 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 23 05:01:15 2018 +0000 +Date: Fri Jul 3 06:29:57 2020 +0000 - upstream commit + upstream: start ClientAliveInterval bookkeeping before first pass - avoid modifying pw->pw_passwd; let endpwent() clean up - for us, but keep a scrubbed copy; bz2777, ok dtucker@ + through select() loop; fixed theoretical case where busy sshd may ignore + timeouts from client; inspired by and ok dtucker - OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752 + OpenBSD-Commit-ID: 96bfc4b1f86c7da313882a84755b2b47eb31957f -commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Sat Jan 13 00:24:09 2018 +0000 +commit 6fcfd303d67f16695198cf23d109a988e40eefb6 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jul 3 15:28:27 2020 +1000 - upstream commit - - clarify authorship; prodded by and ok markus@ - - OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c + add check for fido_cred_set_prot() to configure -commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 8 15:37:21 2018 +0000 +commit f11b23346309e4d5138e733a49321aedd6eeaa2f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 3 05:09:06 2020 +0000 - upstream commit + upstream: Only reset the serveralive check when we receive traffic from - group shared source files (e.g. SRCS_KEX) and allow - compilation w/o OPENSSL ok djm@ + the server and ignore traffic from a port forwarding client, preventing a + client from keeping a connection alive when it should be terminated. Based + on a patch from jxraynor at gmail.com via openssh-unix-dev and bz#2265, ok + djm@ - OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62 + OpenBSD-Commit-ID: a941a575a5cbc244c0ef5d7abd0422bbf02c2dcd -commit 25cf9105b849932fc3b141590c009e704f2eeba6 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 8 15:21:49 2018 +0000 +commit adfdbf1211914b631c038f0867a447db7b519937 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jul 3 15:15:15 2020 +1000 - upstream commit - - move subprocess() so scp/sftp do not need uidswap.o; ok - djm@ + sync sys-queue.h with OpenBSD upstream - OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8 + needed for TAILQ_CONCAT -commit b0d34132b3ca26fe94013f01d7b92101e70b68bb -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 8 15:18:46 2018 +0000 +commit 1b90ddde49e2ff377204082b6eb130a096411dc1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 3 05:08:41 2020 +0000 - upstream commit + upstream: fix memory leak of mux_ctx; patch from Sergiy Lozovsky - switch ssh-pkcs11-helper to new API; ok djm@ + via bz3189 ok dtucker - OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42 + OpenBSD-Commit-ID: db249bd4526fd42d0f4f43f72f7b8b7705253bde -commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3 +commit 55ef3e9cbd5b336bd0f89205716924886fcf86de Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 8 15:15:36 2018 +0000 +Date: Wed Jul 1 16:28:31 2020 +0000 - upstream commit - - split client/server kex; only ssh-keygen needs - uuencode.o; only scp/sftp use progressmeter.o; ok djm@ + upstream: free kex in ssh_packet_close; ok djm semarie - OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee + OpenBSD-Commit-ID: dbc181e90d3d32fd97b10d75e68e374270e070a2 -commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 8 15:15:17 2018 +0000 +commit e1c401109b61f7dbc199b5099933d579e7fc5dc9 +Author: bket@openbsd.org <bket@openbsd.org> +Date: Sat Jun 27 13:39:09 2020 +0000 - upstream commit + upstream: Replace TAILQ concatenation loops with TAILQ_CONCAT - only ssh-keygen needs uuencode.o; only scp/sftp use - progressmeter.o + OK djm@ - OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85 + OpenBSD-Commit-ID: 454b40e09a117ddb833794358970a65b14c431ef -commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Mon Jan 8 15:14:44 2018 +0000 +commit 14beca57ac92d62830c42444c26ba861812dc837 +Author: semarie@openbsd.org <semarie@openbsd.org> +Date: Fri Jun 26 11:26:01 2020 +0000 - upstream commit + upstream: backout 1.293 fix kex mem-leak in ssh_packet_close at markus - uuencode.h is not used + request - OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c + the change introduced a NULL deref in sshpkt_vfatal() (uses of ssh->kex after + calling ssh_packet_clear_keys()) + + OpenBSD-Commit-ID: 9c9a6721411461b0b1c28dc00930d7251a798484 -commit 4f29309c4cb19bcb1774931db84cacc414f17d29 +commit 598c3a5e3885080ced0d7c40fde00f1d5cdbb32b Author: Damien Miller <djm@mindrot.org> -Date: Wed Jan 3 19:50:43 2018 +1100 +Date: Fri Jun 26 16:07:12 2020 +1000 - unbreak fuzz harness + document a PAM spec problem in a frustrated comment -commit f6b50bf84dc0b61f22c887c00423e0ea7644e844 +commit 976c4f86286d52a0cb2aadf4a095d379c0da752e Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Dec 21 05:46:35 2017 +0000 +Date: Fri Jun 26 05:42:16 2020 +0000 - upstream commit + upstream: avoid spurious error message when ssh-keygen creates files - another libssh casualty + outside ~/.ssh; with dtucker@ - OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec + OpenBSD-Commit-ID: ac0c662d44607e00ec78c266ee60752beb1c7e08 + +commit 32b2502a9dfdfded1ccdc1fd6dc2b3fe41bfc205 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 26 15:30:06 2020 +1000 + + missing ifdef SELINUX; spotted by dtucker -commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13 +commit e073106f370cdd2679e41f6f55a37b491f0e82fe Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Dec 21 03:01:49 2017 +0000 +Date: Fri Jun 26 05:12:21 2020 +0000 - upstream commit + upstream: regress test for ssh-add -d; ok dtucker@ - missed one (unbreak after ssh/lib removal) + OpenBSD-Regress-ID: 3a2e044be616afc7dd4f56c100179e83b33d8abf + +commit c809daaa1bad6b1c305b0e0b5440360f32546c84 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Jun 24 15:16:23 2020 +0000 + + upstream: add test for mux w/-Oproxy; ok djm - OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322 + OpenBSD-Regress-ID: 764d5c696e2a259f1316a056e225e50023abb027 -commit e6c4134165d05447009437a96e7201276688807f +commit 3d06ff4bbd3dca8054c238d2a94c0da563ef7eee Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Dec 21 00:41:22 2017 +0000 +Date: Fri Jun 26 05:16:38 2020 +0000 - upstream commit + upstream: handle EINTR in waitfd() and timeout_connect() helpers; - unbreak unit tests after removal of src/usr.bin/ssh/lib + bz#3071; ok dtucker@ - OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9 + OpenBSD-Commit-ID: 08fa87be50070bd8b754d9b1ebb1138d7bc9d8ee -commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe +commit fe2ec0b9c19adeab0cd9f04b8152dc17f31c31e5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Dec 21 00:00:28 2017 +0000 +Date: Fri Jun 26 05:04:07 2020 +0000 - upstream commit + upstream: allow "ssh-add -d -" to read keys to be deleted from - revert stricter key type / signature type checking in - userauth path; too much software generates inconsistent messages, so we need - a better plan. + stdin bz#3180; ok dtucker@ - OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519 + OpenBSD-Commit-ID: 15c7f10289511eb19fce7905c9cae8954e3857ff -commit c5a6cbdb79752f7e761074abdb487953ea6db671 +commit a3e0c376ffc11862fa3568b28188bd12965973e1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 19 00:49:30 2017 +0000 +Date: Fri Jun 26 05:03:36 2020 +0000 - upstream commit + upstream: constify a few things; ok dtucker (as part of another - explicitly test all key types and their certificate - counterparts + diff) - refactor a little + OpenBSD-Commit-ID: 7c17fc987085994d752304bd20b1ae267a9bcdf6 + +commit 74344c3ca42c3f53b00b025daf09ae7f6aa38076 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 26 05:02:03 2020 +0000 + + upstream: Defer creation of ~/.ssh by ssh(1) until we attempt to - OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4 + write to it so we don't leave an empty .ssh directory when it's not needed. + Use the same function to replace the code in ssh-keygen that does the same + thing. bz#3156, ok djm@ + + OpenBSD-Commit-ID: 59c073b569be1a60f4de36f491a4339bc4ae870f -commit f689adb7a370b5572612d88be9837ca9aea75447 +commit c9e24daac6324fcbdba171392c325bf9ccc3c768 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Dec 11 11:41:56 2017 +0000 +Date: Fri Jun 26 04:45:11 2020 +0000 - upstream commit + upstream: Expand path to ~/.ssh/rc rather than relying on it - use cmp in a loop instead of diff -N to compare - directories. The former works on more platforms for Portable. + being relative to the current directory, so that it'll still be found if the + shell startup changes its directory. Since the path is potentially longer, + make the cmd buffer that uses it dynamically sized. bz#3185, with & ok djm@ - OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099 + OpenBSD-Commit-ID: 36e33ff01497af3dc8226d0c4c1526fc3a1e46bf -commit 748dd8e5de332b24c40f4b3bbedb902acb048c98 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Dec 19 16:17:59 2017 +1100 +commit 07f5f369a25e228a7357ef6c57205f191f073d99 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Jun 24 15:12:09 2020 +0000 - remove blocks.c from Makefile + upstream: fix kex mem-leak in ssh_packet_close; ok djm + + OpenBSD-Commit-ID: e2e9533f393620383afd0b68ef435de8d5e8abe4 -commit 278856320520e851063b06cef6ef1c60d4c5d652 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 19 00:24:34 2017 +0000 +commit e35995088cd6691a712bfd586bae8084a3a922ba +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Jun 24 15:10:38 2020 +0000 - upstream commit + upstream: fix ssh -O proxy w/mux which got broken by no longer - include signature type and CA key (if applicable) in some - debug messages + making ssh->kex optional in packet.c revision 1.278 ok djm@ - OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5 + OpenBSD-Commit-ID: 2b65df04a064c2c6277359921d2320c90ab7d917 -commit 7860731ef190b52119fa480f8064ab03c44a120a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 23:16:23 2017 +0000 +commit 250246fef22b87a54a63211c60a2def9be431fbd +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Jun 24 15:09:53 2020 +0000 - upstream commit + upstream: support loading big sshd_config files w/o realloc; ok - unbreak hostkey rotation; attempting to sign with a - desired signature algorithm of kex->hostkey_alg is incorrect when the key - type isn't capable of making those signatures. ok markus@ + djm - OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906 + OpenBSD-Commit-ID: ba9238e810074ac907f0cf8cee1737ac04983171 -commit 966ef478339ad5e631fb684d2a8effe846ce3fd4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 23:14:34 2017 +0000 +commit 89b54900ac61986760452f132bbe3fb7249cfdac +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Jun 24 15:08:53 2020 +0000 - upstream commit + upstream: allow sshd_config longer than 256k; ok djm - log mismatched RSA signature types; ok markus@ + OpenBSD-Commit-ID: 83f40dd5457a64c1d3928eb4364461b22766beb3 + +commit e3fa6249e6d9ceb57c14b04dd4c0cfab12fa7cd5 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Jun 24 15:07:33 2020 +0000 + + upstream: only call sshkey_xmss_init() once for KEY_XMSS_CERT; ok - OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418 + djm + + OpenBSD-Commit-ID: d0002ffb7f20f538b014d1d0735facd5a81ff096 -commit 349ecd4da3a985359694a74635748009be6baca6 +commit 37f2da069c0619f2947fb92785051d82882876d7 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 23:13:42 2017 +0000 +Date: Mon Jun 22 23:44:27 2020 +0000 - upstream commit + upstream: some clarifying comments + + OpenBSD-Commit-ID: 5268479000fd97bfa30ab819f3517139daa054a2 + +commit b659319a5bc9e8adf3c4facc51f37b670d2a7426 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jun 22 06:37:38 2020 +0000 + + upstream: updated argument name for -P in first synopsis was - pass kex->hostkey_alg and kex->hostkey_nid from pre-auth - to post-auth unpriviledged child processes; ok markus@ + missed in previous; - OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302 + OpenBSD-Commit-ID: 8d84dc3050469884ea91e29ee06a371713f2d0b7 -commit c9e37a8725c083441dd34a8a53768aa45c3c53fe -Author: millert@openbsd.org <millert@openbsd.org> -Date: Mon Dec 18 17:28:54 2017 +0000 +commit 02a9222cbce7131d639984c2f6c71d1551fc3333 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jun 22 06:36:40 2020 +0000 - upstream commit + upstream: supply word missing in previous; + + OpenBSD-Commit-ID: 16a38b049f216108f66c8b699aa046063381bd23 + +commit 5098b3b6230852a80ac6cef5d53a785c789a5a56 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jun 22 16:54:02 2020 +1000 + + missing files for webauthn/sshsig unit test + +commit 354535ff79380237924ac8fdc98f8cdf83e67da6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 22 06:00:06 2020 +0000 + + upstream: add support for verification of webauthn sshsig signature, - Add helper function for uri handing in scp where a - missing path simply means ".". Also fix exit code and add warnings when an - invalid uri is encountered. OK otto@ + and example HTML/JS to generate webauthn signatures in SSH formats (also used + to generate the testdata/* for the test). - OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a + OpenBSD-Regress-ID: dc575be5bb1796fdf4b8aaee0ef52a6671a0f6fb -commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 +commit bb52e70fa5330070ec9a23069c311d9e277bbd6f Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 02:25:15 2017 +0000 +Date: Mon Jun 22 05:58:35 2020 +0000 - upstream commit + upstream: Add support for FIDO webauthn (verification only). - pass negotiated signing algorithm though to - sshkey_verify() and check that the negotiated algorithm matches the type in - the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ + webauthn is a standard for using FIDO keys in web browsers. webauthn + signatures are a slightly different format to plain FIDO signatures - this + support allows verification of these. Feedback and ok markus@ - OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9 + OpenBSD-Commit-ID: ab7e3a9fb5782d99d574f408614d833379e564ad -commit 931c78dfd7fe30669681a59e536bbe66535f3ee9 +commit 64bc121097f377142f1387ffb2df7592c49935af Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 02:22:29 2017 +0000 +Date: Mon Jun 22 05:56:23 2020 +0000 - upstream commit + upstream: refactor ECDSA-SK verification a little ahead of adding - sshkey_sigtype() function to return the type of a - signature; ok markus@ + support for FIDO webauthn signature verification support; ok markus@ - OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8 + OpenBSD-Commit-ID: c9f478fd8e0c1bd17e511ce8694f010d8e32043e -commit 4cdc5956f2fcc9e9078938db833142dc07d8f523 -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Thu Dec 14 21:07:39 2017 +0000 +commit 12848191f8fe725af4485d3600e0842d92f8637f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 22 05:54:10 2020 +0000 - upstream commit + upstream: support for RFC4648 base64url encoding; ok markus - Replace ED25519's private SHA-512 implementation with a - call to the regular digest code. This speeds up compilation considerably. ok - markus@ + OpenBSD-Commit-ID: 0ef22c55e772dda05c112c88412c0797fec66eb4 + +commit 473b4af43db12127137c7fc1a10928313f5a16d2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 22 05:53:26 2020 +0000 + + upstream: better terminology for permissions; feedback & ok markus@ - OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c + OpenBSD-Commit-ID: ff2a71803b5ea57b83cc3fa9b3be42b70e462fb9 -commit 012e5cb839faf76549e3b6101b192fe1a74d367e -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Tue Dec 12 15:06:12 2017 +0000 +commit fc270baf264248c3ee3050b13a6c8c0919e6559f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 22 05:52:05 2020 +0000 - upstream commit + upstream: better terminology for permissions; feedback & ok markus@ - Create a persistent umac128.c source file: #define the - output size and the name of the entry points for UMAC-128 before including - umac.c. Idea from FreeBSD. ok dtucker@ + OpenBSD-Commit-ID: ffb220b435610741dcb4de0e7fc68cbbdc876d2c + +commit 00531bb42f1af17ddabea59c3d9c4b0629000d27 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 19 07:21:42 2020 +0000 + + upstream: Correct synopsis and usage for the options accepted when + + passing a command to ssh-agent. ok jmc@ - OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1 + OpenBSD-Commit-ID: b36f0679cb0cac0e33b361051b3406ade82ea846 -commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Dec 11 16:23:28 2017 +1100 +commit b4556c8ad7177e379f0b60305a0cd70f12180e7c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 19 19:22:00 2020 +1000 - Update .depend with empty config.h + Add OPENBSD ORIGINAL marker to bcrypt_pbkdf. -commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Dec 11 16:21:55 2017 +1100 +commit 1babb8bb14c423011ca34c2f563bb1c51c8fbf1d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 19 19:10:47 2020 +1000 - Ensure config.h is always in dependencies. + Extra brackets around sizeof() in bcrypt. - Put an empty config.h into the dependency list to ensure that it's - always listed and consistent. + Prevents following warning from clang 10: + bcrypt_pbkdf.c:94:40: error: expression does not compute the number of + elements in this array; element type is ´uint32_tÂ[...] + place parentheses around the ´sizeof(uint64_t)´ expression to + silence this warning -commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Sun Dec 10 19:37:57 2017 +0000 +commit 9e065729592633290e5ddb6852792913b2286545 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 19 18:47:56 2020 +1000 - upstream commit + Add includes.h to new test. - ssh/lib hasn't worked towards our code-sharing goals for - a quit while, perhaps it is too verbose? Change each */Makefile to - specifying exactly what sources that program requires, compiling it seperate. - Maybe we'll iterate by sorting those into seperatable chunks, splitting up - files which contain common code + server/client specific code, or whatnot. - But this isn't one step, or we'd have done it a long time ago.. ok dtucker - markus djm + Fixes warnings eg "´bounded´ attribute directive ignor" from gcc. + +commit e684b1ea365e070433f282a3c1dabc3e2311ce49 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 19 18:38:39 2020 +1000 + + Skip OpenSSL specific tests w/out OpenSSL. - OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d + Allows unit tests to pass when configure'ed --without-openssl. + +commit 80610e97a76407ca982e62fd051c9be03622fe7b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 19 17:15:27 2020 +1000 + + Hook sshsig tests up to Portable Makefiles. -commit 48c23a39a8f1069a57264dd826f6c90aa12778d5 +commit 5dba1fcabacaab46693338ec829b42a1293d1f52 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Dec 10 05:55:29 2017 +0000 +Date: Fri Jun 19 05:07:09 2020 +0000 - upstream commit + upstream: Test that ssh-agent exits when running as as subprocess - Put remote client info back into the ClientAlive - connection termination message. Based in part on diff from lars.nooden at - gmail, ok djm + of a specified command (ie "ssh-agent command"). Would have caught bz#3181. - OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0 + OpenBSD-Regress-ID: 895b4765ba5153eefaea3160a7fe08ac0b6db8b3 -commit aabd75ec76575c1b17232e6526a644097cd798e5 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Fri Dec 8 03:45:52 2017 +0000 +commit 68e8294f6b04f9590ea227e63d3e129398a49e27 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 19 04:34:21 2020 +0000 - upstream commit + upstream: run sshsig unit tests - time_t printing needs %lld and (long long) casts ok djm - - OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7 + OpenBSD-Regress-ID: 706ef17e2b545b64873626e0e35553da7c06052a -commit fd4eeeec16537870bd40d04836c7906ec141c17d +commit 5edfa1690e9a75048971fd8775f7c16d153779db Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Dec 8 02:14:33 2017 +0000 +Date: Fri Jun 19 04:32:09 2020 +0000 - upstream commit + upstream: basic unit test for sshsig.[ch], including FIDO keys - fix ordering in previous to ensure errno isn't clobbered - before logging. + verification only so far - OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2 + OpenBSD-Regress-ID: fb1f946c8fc59206bc6a6666e577b5d5d7e45896 -commit 155072fdb0d938015df828836beb2f18a294ab8a +commit e95c0a0e964827722d29b4bc00d5c0ff4afe0ed2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Dec 8 02:13:02 2017 +0000 +Date: Fri Jun 19 03:48:49 2020 +0000 - upstream commit + upstream: basic unit test for FIDO kep parsing - for some reason unix_listener() logged most errors twice - with each message containing only some of the useful information; merge these + OpenBSD-Regress-ID: 8089b88393dd916d7c95422b442a6fd4cfe00c82 + +commit 7775819c6de3e9547ac57b87c7dd2bfd28cefcc5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 18 23:34:19 2020 +0000 + + upstream: check public host key matches private; ok markus@ (as - OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a + part of previous diff) + + OpenBSD-Commit-ID: 65a4f66436028748b59fb88b264cb8c94ce2ba63 -commit 79c0e1d29959304e5a49af1dbc58b144628c09f3 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Dec 11 14:38:33 2017 +1100 +commit c514f3c0522855b4d548286eaa113e209051a6d2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 18 23:33:38 2020 +0000 - Add autogenerated dependency info to Makefile. + upstream: avoid spurious "Unable to load host key" message when - Adds a .depend file containing dependency information generated by - makedepend, which is appended to the generated Makefile by configure. + sshd can load a private key but no public counterpart; with & ok markus@ - You can regen the file with "make -f Makefile.in depend" if necessary, - but we'll be looking at some way to automatically keep this up to date. + OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b + +commit 7fafaeb5da365f4a408fec355dac04a774f27193 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 12 05:26:37 2020 +0000 + + upstream: correct RFC number; from HARUYAMA Seigo via GH PR191 - "no objection" djm@ + OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10 -commit f001de8fbf7f3faddddd8efd03df18e57601f7eb -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Dec 11 13:42:51 2017 +1100 +commit 3a7f654d5bcb20df24a134b6581b0d235da4564a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 5 06:18:07 2020 +0000 - Fix pasto in ldns handling. + upstream: unbreak "sshd -ddd" - close of config passing fd happened too - When ldns-config is not found, configure would check the wrong variable. - ok djm@ + early. ok markus@ + + OpenBSD-Commit-ID: 49346e945c6447aca3e904e65fc400128d2f8ed0 -commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sat Dec 9 10:12:23 2017 +1100 +commit 3de02be39e5c0c2208d9682a3844991651620fcc +Author: Andreas Schwab <schwab@suse.de> +Date: Mon May 25 11:10:44 2020 +0200 - Portable switched to git so s/CVS/git/. + Add support for AUDIT_ARCH_RISCV64 -commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sat Dec 9 08:06:00 2017 +1100 +commit ea547eb0329c2f8da77a4ac05f6c330bd49bdaab +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 5 03:25:35 2020 +0000 - Remove now-used check for perl. + upstream: make sshbuf_putb(b, NULL) a no-op + + OpenBSD-Commit-ID: 976fdc99b500e347023d430df372f31c1dd128f7 -commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 +commit 69796297c812640415c6cea074ea61afc899cbaa Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Dec 6 05:06:21 2017 +0000 +Date: Fri Jun 5 03:24:36 2020 +0000 - upstream commit + upstream: make sshbuf_dump() args const - don't accept junk after "yes" or "no" responses to - hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ + OpenBSD-Commit-ID: b4a5accae750875d665b862504169769bcf663bd + +commit 670428895739d1f79894bdb2457891c3afa60a59 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 5 03:24:16 2020 +0000 + + upstream: wrap long line - OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c + OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2 -commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 +commit 2f648cf222882719040906722b3593b01df4ad1a Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Dec 5 23:59:47 2017 +0000 +Date: Fri Jun 5 03:15:26 2020 +0000 - upstream commit + upstream: Correct historical comment: provos@ modified OpenSSH to - Replace atoi and strtol conversions for integer arguments - to config keywords with a checking wrapper around strtonum. This will - prevent and flag invalid and negative arguments to these keywords. ok djm@ + work with SSLeay (very quickly replaced by OpenSSL) not SSL in general. ok + deraadt, historical context markus@ - OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998 + OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90 -commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 +commit 56548e4efcc3e3e8093c2eba30c75b23e561b172 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Dec 5 23:56:07 2017 +0000 +Date: Wed Jun 3 08:23:18 2020 +0000 - upstream commit - - Add missing break for rdomain. Prevents spurious - "Deprecated option" warnings. ok djm@ + upstream: Import regenerated moduli file. - OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a + OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54 -commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 5 01:30:19 2017 +0000 +commit 8da801f585dd9c534c0cbe487a3b1648036bf2fb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 5 13:20:10 2020 +1000 - upstream commit + Test fallthrough in OSSH_CHECK_CFLAG_COMPILE. - include the addr:port in bind/listen failure messages + clang 10's -Wimplicit-fallthrough does not understand /* FALLTHROUGH */ + comments and we don't use the __attribute__((fallthrough)) that it's + looking for. This has the effect of turning off -Wimplicit-fallthrough + where it does not currently help (particularly with -Werror). ok djm@ + +commit 049297de975b92adcc2db77e3fb7046c0e3c695d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jun 3 08:23:18 2020 +0000 + + upstream: Import regenerated moduli file. - OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e + OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54 -commit a8c89499543e2d889629c4e5e8dcf47a655cf889 +commit b458423a38a3140ac022ffcffcb332609faccfe3 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Nov 29 05:49:54 2017 +0000 +Date: Mon Jun 1 07:11:38 2020 +0000 - upstream commit + upstream: Remove now-unused proto_spec and associated definitions. - Import updated moduli. + ok djm@ - OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a + OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362 -commit 3dde09ab38c8e1cfc28252be473541a81bc57097 +commit 5ad3c3a33ef038b55a14ebd31faeeec46073db2c +Author: millert@openbsd.org <millert@openbsd.org> +Date: Fri May 29 21:22:02 2020 +0000 + + upstream: Fix error message on close(2) and add printf format + + attributes. From Christos Zoulas, OK markus@ + + OpenBSD-Commit-ID: 41523c999a9e3561fcc7082fd38ea2e0629ee07e + +commit 712ac1efb687a945a89db6aa3e998c1a17b38653 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Nov 28 21:10:22 2017 +0000 +Date: Fri May 29 11:17:56 2020 +0000 - upstream commit + upstream: Make dollar_expand variadic and pass a real va_list to - Have sftp print a warning about shell cleanliness when - decoding the first packet fails, which is usually caused by shells polluting - stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. + vdollar_percent_expand. Fixes build error on arm64 spotted by otto@. - OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5 + OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279 -commit 6c8a246437f612ada8541076be2414846d767319 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Dec 1 17:11:47 2017 +1100 +commit 837ffa9699a9cba47ae7921d2876afaccc027133 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 29 20:39:00 2020 +1000 - Replace mkinstalldirs with mkdir -p. + Omit ToS setting if we don't have IPV6_TCLASS too. - Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: - cannot create directory:... File exists" during "make install". - Patch from eb at emlix.com. + Fixes tests on old BSDs. -commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Dec 1 17:07:08 2017 +1100 +commit f85b118d2150847cc333895296bc230e367be6b5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 29 09:02:44 2020 +0000 - Pull in newer install-sh from autoconf-2.69. + upstream: Pass a NULL instead of zeroed out va_list from + + dollar_expand. The original intent was in case there's some platform where + va_list is not a pointer equivalent, but on i386 this chokes on the memset. + This unbreaks that build, but will require further consideration. - Suggested by eb at emlix.com + OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7 -commit 79226e5413c5b0fda3511351a8511ff457e306d8 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Dec 1 16:55:35 2017 +1100 +commit ec1d50b01c84ff667240ed525f669454c4ebc8e9 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri May 29 05:48:39 2020 +0000 - Remove RSA1 host key generation. + upstream: remove a stray .El; - SSH1 support is now gone, remove SSH1 key generation. - Patch from eb at emlix.com. + OpenBSD-Commit-ID: 58ddfe6f8a15fe10209db6664ecbe7896f1d167c -commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Nov 28 06:09:38 2017 +0000 +commit 058674a62ffe33f01d871d46e624bc2a2c22d91f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 29 04:32:26 2020 +0000 - upstream commit + upstream: Add regression and unit tests for ${ENV} style - more whitespace errors + environment variable expansion in various keywords (bz#3140). ok djm@ - OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb + OpenBSD-Regress-ID: 4d9ceb95d89365b7b674bc26cf064c15a5bbb197 -commit 7f257bf3fd3a759f31098960cbbd1453fafc4164 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Tue Nov 28 06:04:51 2017 +0000 +commit 0b15892fc47d6840eba1291a6be9be1a70bc8972 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 29 01:21:35 2020 +0000 - upstream commit + upstream: Unit test for convtime. ok djm@ - whitespace at EOL - - OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a + OpenBSD-Regress-ID: cec4239efa2fc4c7062064f07a847e1cbdbcd5dd -commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4 -Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> -Date: Sat Nov 25 06:46:22 2017 +0000 +commit 188e332d1c8f9f24e5b6659e9680bf083f837df9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 29 05:37:03 2020 +0000 - upstream commit + upstream: mention that wildcards are processed in lexical order; - Add monotime_ts and monotime_tv that return monotonic - timespec and timeval respectively. Replace calls to gettimeofday() in packet - timing with monotime_tv so that the callers will work over a clock step. - Should prevent integer overflow during clock steps reported by wangle6 at - huawei.com. "I like" markus@ + bz#3165 - OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a + OpenBSD-Commit-ID: 8856f3d1612bd42e9ee606d89386cae456dd165c -commit 2d638e986085bdf1a40310ed6e2307463db96ea0 -Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> -Date: Sat Nov 25 05:58:47 2017 +0000 +commit 4a1b46e6d032608b7ec00ae51c4e25b82f460b05 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 29 04:25:40 2020 +0000 - upstream commit + upstream: Allow some keywords to expand shell-style ${ENV} - Remove get_current_time() and replace with calls to - monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I - like" markus@ + environment variables on the client side. The supported keywords are + CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus + LocalForward and RemoteForward when used for Unix domain socket paths. This + would for example allow forwarding of Unix domain socket paths that change at + runtime. bz#3140, ok djm@ - OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952 + OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa -commit ba460acae48a36ef749cb23068f968f4d5d90a24 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Nov 24 16:24:31 2017 +1100 +commit c9bab1d3a9e183cef3a3412f57880a0374cc8cb2 +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 29 14:49:16 2020 +1000 - Include string.h for explicit_bzero. + depend -commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff -Author: Damien Miller <djm@mindrot.org> -Date: Fri Nov 24 10:23:47 2017 +1100 +commit 0b0d219313bf9239ca043f20b1a095db0245588f +Author: sobrado <sobrado@openbsd.org> +Date: Thu Sep 3 23:06:28 2015 +0000 - fix incorrect range of OpenSSL versions supported + partial sync of regress/netcat.c with upstream - Pointed out by Solar Designer + synchronize synopsis and usage. -commit 83a1e5dbec52d05775174f368e0c44b08619a308 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Wed Nov 15 02:10:16 2017 +0000 +commit 0f04c8467f589f85a523e19fd684c4f6c4ed9482 +Author: chl <chl@openbsd.org> +Date: Sun Jul 26 19:12:28 2015 +0000 - upstream commit + partial sync of regress/netcat.c with upstream - downgrade a couple more request parsing errors from - process-fatal to just returning failure, making them consistent with the - others that were already like that. + remove unused variable - OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918 + ok tedu@ -commit 93c68a8f3da8e5e6acdc3396f54d73919165e242 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Wed Nov 15 00:13:40 2017 +0000 +commit d6a81050ace2630b06c3c6dd39bb4eef5d1043f8 +Author: tobias <tobias@openbsd.org> +Date: Thu Mar 26 21:22:50 2015 +0000 - upstream commit + partial sync of regress/netcat.c with upstream - fix regression in 7.6: failure to parse a signature request - message shouldn't be fatal to the process, just the request. Reported by Ron - Frederick + The code in socks.c writes multiple times in a row to a socket. If the socket becomes invalid between these calls (e.g. connection closed), write will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can handle write's -1 return value (errno will be EPIPE). Ultimately, it leads to program exit, too -- but with nicer error message. :) - OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05 + with input by and ok djm -commit 548d3a66feb64c405733932a6b1abeaf7198fa71 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Tue Nov 14 00:45:29 2017 +0000 +commit bf3893dddd35e16def04bf48ed2ee1ad695b8f82 +Author: tobias <tobias@openbsd.org> +Date: Thu Mar 26 10:36:03 2015 +0000 - upstream commit - - fix problem in configuration parsing when in config dump mode - (sshd -T) without providing a full connection specification (sshd -T -C ...) + partial sync of regress/netcat.c with upstream - spotted by bluhm@ + Check for short writes in fdpass(). Clean up while at it. - OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f + ok djm -commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Nov 3 05:18:44 2017 +0000 +commit e18435fec124b4c08eb6bbbbee9693dc04f4befb +Author: jca <jca@openbsd.org> +Date: Sat Feb 14 22:40:22 2015 +0000 - upstream commit + partial sync of regress/netcat.c with upstream - reuse parse_multistate for parse_flag (yes/no arguments). - Saves a few lines of code and makes the parser more consistent wrt case- - sensitivity. bz#2664 ok dtucker@ + Support for nc -T on IPv6 addresses. - OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef + ok sthen@ -commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Nov 3 05:14:04 2017 +0000 +commit 4c607244054a036ad3b2449a6cb4c15feb846a76 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 29 03:14:02 2020 +0000 - upstream commit + upstream: fix compilation on !HAVE_DLOPEN platforms; stub function - allow certificate validity intervals that specify only a - start or stop time (we already support specifying both or neither) + was not updated to match API change. From Dale Rahn via beck@ ok markus@ - OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42 + OpenBSD-Commit-ID: 2b8d054afe34c9ac85e417dae702ef981917b836 -commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Nov 3 03:46:52 2017 +0000 +commit 224418cf55611869a4ace1b8b07bba0dff77a9c3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 29 03:11:54 2020 +0000 - upstream commit + upstream: fix exit status for downloading of FIDO resident keys; - allow "cd" and "lcd" commands with no explicit path - argument. lcd will change to the local user's home directory as usual. cd - will change to the starting directory for session (because the protocol - offers no way to obtain the remote user's home directory). bz#2760 ok - dtucker@ + from Pedro Martelletto, ok markus@ - OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393 + OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef -commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e -Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> -Date: Fri Nov 3 03:18:53 2017 +0000 +commit 1001dd148ed7c57bccf56afb40cb77482ea343a6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 29 01:20:46 2020 +0000 - upstream commit + upstream: Fix multiplier in convtime when handling seconds after - When doing a config test with sshd -T, only require the - attributes that are actually used in Match criteria rather than (an - incomplete list of) all criteria. ok djm@, man page help jmc@ + other units. bz#3171, spotted by ronf at timeheart.net, ok djm@. - OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc + OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be -commit c357eed5a52cd2f4ff358b17e30e3f9a800644da -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Nov 3 02:32:19 2017 +0000 +commit 7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 27 22:37:53 2020 +0000 - upstream commit + upstream: fix Include before Match in sshd_config; bz#3122 patch - typos in ECDSA certificate names; bz#2787 reported by - Mike Gerow + from Jakub Jelen - OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163 + OpenBSD-Commit-ID: 1b0aaf135fe6732b5d326946042665dd3beba5f4 -commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Nov 3 02:29:17 2017 +0000 +commit 0a9a611619b0a1fecd0195ec86a9885f5d681c84 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 27 21:59:11 2020 +0000 - upstream commit + upstream: Do not call process_queued_listen_addrs() for every - Private keys in PEM format have been encrypted by AES-128 for - a while (not 3DES). bz#2788 reported by Calum Mackay + included file from sshd_config; patch from Jakub Jelen - OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a + OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49 -commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Nov 3 14:52:51 2017 +1100 +commit 16ea1fdbe736648f79a827219134331f8d9844fb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 27 21:25:18 2020 +0000 - Check for linux/if.h when enabling rdomain. + upstream: fix crash in recallocarray when deleting SendEnv - musl libc doesn't seem to have linux/if.h, so check for its presence - before enabling rdomain support on Linux. - -commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Nov 3 14:09:45 2017 +1100 - - Add headers for sys/sysctl.h and net/route.h + variables; spotted by & ok sthen@ - On at least older OpenBSDs, sys/sysctl.h and net/route.h require - sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME. + OpenBSD-Commit-ID: b881e8e849edeec5082b5c0a87d8d7cff091a8fd -commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Nov 3 02:22:41 2017 +0000 +commit 47adfdc07f4f8ea0064a1495500244de08d311ed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 27 22:35:19 2020 +0000 - upstream commit + upstream: two new tests for Include in sshd_config, checking whether - avoid unused variable warnings for !WITH_OPENSSL; patch from - Marcus Folkesson + Port directives are processed correctly and handling of Include directives + that appear before Match. Both tests currently fail. bz#3122 and bz#3169 - + patch from Jakub Jelen - OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229 + OpenBSD-Regress-ID: 8ad5a4a385a63f0a1c59c59c763ff029b45715df -commit 6b373e4635a7470baa94253dd1dc8953663da9e8 -Author: Marcus Folkesson <marcus.folkesson@gmail.com> -Date: Sat Oct 28 19:48:39 2017 +0200 +commit 47faad8f794516c33864d866aa1b55d88416f94c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed May 27 23:26:23 2020 +1000 - only enable functions in dh.c when openssl is used - - Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> + Document that libfido2 >= 1.4.0 is needed. -commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Wed Nov 1 00:04:15 2017 +0000 +commit 4be563994c0cbe9856e7dd3078909f41beae4a9c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue May 26 01:59:46 2020 +0000 - upstream commit - - fix broken stdout in ControlPersist mode, introduced by me in - r1.467 and reported by Alf Schlichting + upstream: fix memleak of signature; from Pedro Martelletto - OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509 + OpenBSD-Commit-ID: d0a6eb07e77c001427d738b220dd024ddc64b2bb -commit f21455a084f9cc3942cf1bde64055a4916849fed -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Oct 31 10:09:33 2017 +1100 +commit 0c111eb84efba7c2a38b2cc3278901a0123161b9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue May 26 01:26:58 2020 +0000 - Include includes.h for HAVE_GETPAGESIZE. + upstream: Restrict ssh-agent from signing web challenges for FIDO - The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in - config.h, but bsd-getpagesize.c forgot to include includes.h (which - indirectly includes config.h) so the checks always fails, causing linker - issues when linking statically on systems with getpagesize(). + keys. - Patch from Peter Korsgaard <peter at korsgaard.com> - -commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Mon Oct 30 22:01:52 2017 +0000 - - upstream commit + When signing messages in ssh-agent using a FIDO key that has an + application string that does not start with "ssh:", ensure that the + message being signed is one of the forms expected for the SSH protocol + (currently pubkey authentication and sshsig signatures). - whitespace at EOL + This prevents ssh-agent forwarding on a host that has FIDO keys + attached granting the ability for the remote side to sign challenges + for web authentication using those keys too. - OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07 - -commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Mon Oct 30 21:59:43 2017 +0000 - - upstream commit + Note that the converse case of web browsers signing SSH challenges is + already precluded because no web RP can have the "ssh:" prefix in the + application string that we require. - whitespace at EOL + ok markus@ - OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd + OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19 -commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3 -Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org> -Date: Wed Oct 25 20:08:36 2017 +0000 +commit 9c5f64b6cb3a68b99915202d318b842c6c76cf14 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue May 26 01:09:05 2020 +0000 - upstream commit + upstream: improve logging for MaxStartups connection throttling: - Use printenv to test whether an SSH_USER_AUTH is set - instead of using $SSH_USER_AUTH. The latter won't work with csh which treats - unknown variables as an error when expanding them. OK markus@ + have sshd log when it starts and stops throttling and periodically while in + this state. bz#3055 ok markus@ - OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1 + OpenBSD-Commit-ID: 2e07a09a62ab45d790d3d2d714f8cc09a9ac7ab9 -commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7 -Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org> -Date: Tue Oct 24 19:33:32 2017 +0000 +commit 756c6f66aee83a5862a6f936a316f761532f3320 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue May 26 01:06:52 2020 +0000 - upstream commit + upstream: add fmt_timeframe() (from bgpd) to format a time - Add tests for URI parsing. OK markus@ + interval in a human- friendly format. Switch copyright for this file from BSD + to MIT to make it easier to add Henning's copyright for this function. ok + markus@ - OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b + OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9 -commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Oct 27 01:57:06 2017 +0000 +commit 2a63ce5cd6d0e782783bf721462239b03757dd49 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon May 18 04:29:35 2020 +0000 - upstream commit + upstream: avoid possible NULL deref; from Pedro Martelletto - whitespace at EOL - - OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6 + OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721 -commit d2135474344335a7c6ee643b6ade6db400fa76ee -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Oct 27 01:01:17 2017 +0000 +commit 4b307faf2fb0e63e51a550b37652f7f972df9676 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri May 15 08:34:03 2020 +0000 - upstream commit + upstream: sshd listener must not block if reexecd sshd exits - whitespace at EOL (lots) + in write(2) on config_s[0] if the forked child exits early before finishing + recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the + parent. this prevents the parent from accepting new connections. ok djm, + deraadt - OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747 + OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef -commit b77c29a07f5a02c7c1998701c73d92bde7ae1608 -Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> -Date: Fri Oct 27 00:18:41 2017 +0000 +commit af8b16fb2cce880341c0ee570ceb0d84104bdcc0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 15 03:57:33 2020 +0000 - upstream commit + upstream: fix off-by-one error that caused sftp downloads to make - improve printing of rdomain on accept() a little + one more concurrent request that desired. This prevented using sftp(1) in + unpipelined request/response mode, which is useful when debugging. Patch from + Stephen Goetze in bz#3054 - OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a + OpenBSD-Commit-ID: 41b394ebe57037dbc43bdd0eef21ff0511191f28 -commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b -Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> -Date: Thu Oct 26 06:44:01 2017 +0000 +commit d7d753e2979f2d3c904b03a08d30856cd2a6e892 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed May 13 22:38:41 2020 +0000 - upstream commit + upstream: we are still aiming for pre-C99 ... - mark up the rdomain keyword; - - OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a + OpenBSD-Commit-ID: a240fc9cbe60bc4e6c3d24d022eb4ab01fe1cb38 -commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b -Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> -Date: Wed Oct 25 06:19:46 2017 +0000 +commit 2ad7b7e46408dbebf2a4efc4efd75a9544197d57 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 13 10:08:02 2020 +0000 - upstream commit + upstream: Enable credProtect extension when generating a resident - tweak the uri text, specifically removing some markup to - make it a bit more readable; + key. - issue reported by - and diff ok - millert + The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect" + feature to better protect resident keys. This option allows (amone other + possibilities) requiring a PIN prior to all operations that may retrieve + the key handle. - OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f + Patch by Pedro Martelletto; ok djm and markus + + OpenBSD-Commit-ID: 013bc06a577dcaa66be3913b7f183eb8cad87e73 -commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40 -Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> -Date: Wed Oct 25 06:18:06 2017 +0000 +commit 1e70dc3285fc9b4f6454975acb81e8702c23dd89 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 13 09:57:17 2020 +0000 - upstream commit + upstream: always call fido_init(); previous behaviour only called - simplify macros in previous, and some minor tweaks; + fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but + this isn't guaranteed in the future. - OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca + OpenBSD-Commit-ID: c7ea20ff2bcd98dd12015d748d3672d4f01f0864 -commit eb9c582b710dc48976b48eb2204218f6863bae9a -Author: Damien Miller <djm@mindrot.org> -Date: Tue Oct 31 00:46:29 2017 +1100 +commit f2d84f1b3fa68d77c99238d4c645d0266fae2a74 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 13 09:55:57 2020 +0000 - Switch upstream git repository. + upstream: preserve group/world read permission on known_hosts - Previously portable OpenSSH has synced against a conversion of OpenBSD's - CVS repository made using the git cvsimport tool, but this has become - increasingly unreliable. + file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove + all rights for group/other. bz#3146 ok dtucker@ - As of this commit, portable OpenSSH now tracks a conversion of the - OpenBSD CVS upstream made using the excellent cvs2gitdump tool from - YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump + OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a + +commit 05a651400da6fbe12296c34e3d3bcf09f034fbbf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 13 09:52:41 2020 +0000 + + upstream: when ordering the hostkey algorithms to request from a - cvs2gitdump is considerably more reliable than gitcvsimport and the old - version of cvsps that it uses under the hood, and is the same tool used - to export the entire OpenBSD repository to git (so we know it can cope - with future growth). + server, prefer certificate types if the known_hosts files contain a key + marked as a @cert-authority; bz#3157 ok markus@ - These new conversions are mirrored at github, so interested parties can - match portable OpenSSH commits to their upstream counterparts. + OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db + +commit 829451815ec207e14bd54ff5cf7e22046816f042 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue May 12 01:41:32 2020 +0000 + + upstream: fix non-ASCII quote that snuck in; spotted by Gabriel - https://github.com/djmdjm/openbsd-openssh-src - https://github.com/djmdjm/openbsd-openssh-regress + Kihlman - An unfortunate side effect of switching upstreams is that we must have - a flag day, across which the upstream commit IDs will be inconsistent. - The old commit IDs are recorded with the tags "Upstream-ID" for main - directory commits and "Upstream-Regress-ID" for regress commits. + OpenBSD-Commit-ID: 04bcde311de2325d9e45730c744c8de079b49800 + +commit 5a442cec92c0efd6fffb4af84bf99c70af248ef3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon May 11 02:11:29 2020 +0000 + + upstream: clarify role of FIDO tokens in multi-factor - To make it clear that the commit IDs do not refer to the same - things, the new repository will instead use "OpenBSD-ID" and - "OpenBSD-Regress-ID" tags instead. + authentictation; mostly from Pedro Martelletto - Apart from being a longwinded explanation of what is going on, this - commit message also serves to synchronise our tools with the state of - the tree, which happens to be: + OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac + +commit ecb2c02d994b3e21994f31a70ff911667c262f1f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 8 05:13:14 2020 +0000 + + upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@ - OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 - OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef + OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a -commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea +commit 3ab6fccc3935e9b778ff52f9c8d40f215d58e01d Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 27 08:42:33 2017 +1100 +Date: Thu May 14 12:22:09 2020 +1000 + + prefer ln to cp for temporary copy of sshd + + I saw failures on the reexec fallback test on Darwin 19.4 where + fork()ed children of a process that had it's executable removed + would instantly fail. Using ln to preserve the inode avoids this. - fix rdomain compilation errors +commit f700d316c6b15a9cfbe87230d2dca81a5d916279 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed May 13 15:24:51 2020 +1000 + + Actually skip pty tests when needed. + +commit 08ce6b2210f46f795e7db747809f8e587429dfd2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed May 13 13:56:45 2020 +1000 -commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab + Skip building sk-dummy library if no SK support. + +commit 102d106bc2e50347d0e545fad6ff5ce408d67247 Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 14:15:42 2017 +1100 +Date: Wed May 13 12:08:34 2020 +1000 - autoconf glue to enable Linux VRF + explicitly manage .depend and .depend.bak + + Bring back removal of .depend to give the file a known state before + running makedepend, but manually move aside the current .depend file + and restore it as .depend.bak afterwards so the stale .depend check + works as expected. -commit 97c5aaf925d61641d599071abb56012cde265978 +commit 83a6dc6ba1e03b3fa39d12a8522b8b0e68dd6390 Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 14:09:56 2017 +1100 +Date: Wed May 13 12:03:42 2020 +1000 - basic valid_rdomain() implementation for Linux + make depend -commit ce1cca39d7935dd394080ce2df62f5ce5b51f485 +commit 7c0bbed967abed6301a63e0267cc64144357a99a Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 13:47:59 2017 +1100 +Date: Wed May 13 12:01:10 2020 +1000 - implement get/set_rdomain() for Linux + revert removal of .depend before makedepend - Not enabled, pending implementation of valid_rdomain() and autoconf glue + Commit 83657eac4 started removing .depend before running makedepend + to reset the contents of .depend to a known state. Unfortunately + this broke the depend-check step as now .depend.bak would only ever + be created as an empty file. + + ok dtucker -commit 6eee79f9b8d4a3b113b698383948a119acb82415 +commit 58ad004acdcabf3b9f40bc3aaa206b25d998db8c Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 13:22:29 2017 +1100 +Date: Tue May 12 12:58:46 2020 +1000 - stubs for rdomain replacement functions + prepare for 8.3 release -commit f5594f939f844bbb688313697d6676238da355b3 +commit 4fa9e048c2af26beb7dc2ee9479ff3323e92a7b5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 8 21:50:43 2020 +1000 + + Ensure SA_SIGNAL test only signals itself. + + When the test's child signals its parent and it exits the result of + getppid changes. On Ubuntu 20.04 this results in the ppid being that + of the GDM session, causing it to exit. Analysis and testing from pedro + at ambientworks.net + +commit dc2da29aae76e170d22f38bb36f1f5d1edd5ec2b Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 13:13:57 2017 +1100 +Date: Fri May 8 13:31:53 2020 +1000 - rename port-tun.[ch] => port-net.[ch] + sync config.guess/config.sub with latest versions - Ahead of adding rdomain support + ok dtucker@ -commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb +commit a8265bd64c14881fc7f4fa592f46dfc66b911f17 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 25 02:10:39 2017 +0000 +Date: Wed May 6 20:58:01 2020 +0000 - upstream commit + upstream: openssh-8.3; ok deraadt@ + + OpenBSD-Commit-ID: c8831ec88b9c750f5816aed9051031fb535d22c1 + +commit 955854cafca88e0cdcd3d09ca1ad4ada465364a1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 6 20:57:38 2020 +0000 + + upstream: another case where a utimes() failure could make scp send - uninitialised variable in PermitTunnel printing code + a desynchronising error; reminded by Aymeric Vincent ok deraadt markus - Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a + OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381 -commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f -Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 13:10:59 2017 +1100 +commit 59d531553fd90196946743da391f3a27cf472f4e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu May 7 15:34:12 2020 +1000 - provide hooks and fallbacks for rdomain support + Check if -D_REENTRANT is needed for localtime_r. + + On at least HP-UX 11.11, the localtime_r declararation is behind + ifdef _REENTRANT. Check for and add if needed. -commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Oct 25 11:25:43 2017 +1100 +commit c13403e55de8cdbb9da628ed95017b1d4c0f205f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue May 5 11:32:43 2020 +1000 - check for net/route.h and sys/sysctl.h + Skip security key tests if ENABLE_SK not set. -commit 4d5456c7de108e17603a0920c4d15bca87244921 +commit 4da393f87cd52d788c84112ee3f2191c9bcaaf30 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 25 00:21:37 2017 +0000 +Date: Fri May 1 04:03:14 2020 +0000 - upstream commit + upstream: sure enough, some of the test data that we though were in - transfer ownership of stdout to the session channel by - dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to - the local side; reported by David Newall, ok markus@ + new format were actually in the old format; fix from Michael Forney - Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79 + OpenBSD-Regress-ID: a41a5c43a61b0f0b1691994dbf16dfb88e8af933 -commit 68af80e6fdeaeb79432209db614386ff0f37e75f +commit 15bfafc1db4c8792265ada9623a96f387990f732 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 25 00:19:47 2017 +0000 +Date: Fri May 1 04:00:29 2020 +0000 - upstream commit + upstream: make mktestdata.sh generate old/new format keys that we - add a "rdomain" criteria for the sshd_config Match - keyword to allow conditional configuration that depends on which rdomain(4) a - connection was recevied on. ok markus@ + expect. This script was written before OpenSSH switched to new-format private + keys by default and was never updated to the change (until now) From Michael + Forney - Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb + OpenBSD-Regress-ID: 38cf354715c96852e5b71c2393fb6e7ad28b7ca7 -commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a +commit 7882d2eda6ad3eb82220a85294de545d20ef82db Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 25 00:17:08 2017 +0000 +Date: Fri May 1 03:58:02 2020 +0000 - upstream commit + upstream: portability fix for sed that always emil a newline even - add sshd_config RDomain keyword to place sshd and the - subsequent user session (including the shell and any TCP/IP forwardings) into - the specified rdomain(4) + if the input does not contain one; from Michael Forney - ok markus@ - - Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 + OpenBSD-Regress-ID: 9190c3ddf0d2562ccc02c4a95fce0e392196bfc7 -commit acf559e1cffbd1d6167cc1742729fc381069f06b +commit 8074f9499e454df0acdacea33598858a1453a357 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 25 00:15:35 2017 +0000 +Date: Fri May 1 03:36:25 2020 +0000 - upstream commit - - Add optional rdomain qualifier to sshd_config's - ListenAddress option to allow listening on a different rdomain(4), e.g. + upstream: remove obsolete RSA1 test keys; spotted by Michael Forney - ListenAddress 0.0.0.0 rdomain 4 + OpenBSD-Regress-ID: 6384ba889594e217d166908ed8253718ab0866da + +commit c697e46c314aa94574af0d393d80f23e0ebc9748 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat May 2 18:34:47 2020 +1000 + + Update .depend. + +commit 83657eac42941f270c4b02b2c46d9a21f616ef99 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat May 2 18:29:40 2020 +1000 + + Remove use of tail for 'make depend'. - Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091 + Not every tail supports +N and we can do with out it so just remove it. + Prompted by mforney at mforney.org. -commit b9903ee8ee8671b447fc260c2bee3761e26c7227 -Author: millert@openbsd.org <millert@openbsd.org> -Date: Tue Oct 24 19:41:45 2017 +0000 +commit d25d630d24c5a1c64d4e646510e79dc22d6d7b88 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat May 2 07:19:43 2020 +0000 - upstream commit + upstream: we have a sshkey_save_public() function to save public keys; + + use it and save a bunch of redundant code. - Kill dead store and some spaces vs. tabs indent in - parse_user_host_path(). Noticed by markus@ + Patch from loic AT venez.fr; ok markus@ djm@ - Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200 + OpenBSD-Commit-ID: f93e030a0ebcd0fd9054ab30db501ec63454ea5f -commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue Oct 24 06:27:42 2017 +0000 +commit e9dc9863723e111ae05e353d69df857f0169544a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 18:32:25 2020 +1000 - upstream commit + Use LONG_LONG_MAX and friends if available. - tweak previous; ok djm + If we don't have LLONG_{MIN,MAX} but do have LONG_LONG_{MIN,MAX} + then use those instead. We do calculate these values in configure, + but it turns out that at least one compiler (old HP ANSI C) can't + parse "-9223372036854775808LL" without mangling it. (It can parse + "-9223372036854775807LL" which is presumably why its limits.h defines + LONG_LONG_MIN as the latter minus 1.) - Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9 + Fixes rekey test when compiled with the aforementioned compiler. -commit e3fa20e2e58fdc88a0e842358778f2de448b771b -Author: Damien Miller <djm@mindrot.org> -Date: Mon Oct 23 16:25:24 2017 +1100 +commit aad87b88fc2536b1ea023213729aaf4eaabe1894 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 06:31:42 2020 +0000 - avoid -Wsign-compare warning in argv copying + upstream: when receving a file in sink(), be careful to send at + + most a single error response after the file has been opened. Otherwise the + source() and sink() can become desyncronised. Reported by Daniel Goujot, + Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. + + ok deraadt@ markus@ + + OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035 -commit b7548b12a6b2b4abf4d057192c353147e0abba08 +commit 31909696c4620c431dd55f6cd15db65c4e9b98da Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Oct 23 05:08:00 2017 +0000 +Date: Fri May 1 06:28:52 2020 +0000 - upstream commit + upstream: expose vasnmprintf(); ok (as part of other commit) markus - Expose devices allocated for tun/tap forwarding. + deraadt - At the client, the device may be obtained from a new %T expansion - for LocalCommand. + OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5 + +commit 99ce9cefbe532ae979744c6d956b49f4b02aff82 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 1 04:23:11 2020 +0000 + + upstream: avoid NULL dereference when attempting to convert invalid - At the server, the allocated devices will be listed in a - SSH_TUNNEL variable exposed to the environment of any user sessions - started after the tunnel forwarding was established. + ssh.com private keys using "ssh-keygen -i"; spotted by Michael Forney - ok markus - - Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e + OpenBSD-Commit-ID: 2e56e6d26973967d11d13f56ea67145f435bf298 -commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 -Author: millert@openbsd.org <millert@openbsd.org> -Date: Sat Oct 21 23:06:24 2017 +0000 +commit 6c6072ba8b079e6f5caa38b011a6f4570c14ed38 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 15:09:26 2020 +1000 - upstream commit + See if SA_RESTART signals will interrupt select(). - Add URI support to ssh, sftp and scp. For example - ssh://user@host or sftp://user@host/path. The connection parameters - described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since - the ssh fingerprint format in the draft uses md5 with no way to specify the - hash function type. OK djm@ + On some platforms (at least older HP-UXes such as 11.11, possibly others) + setting SA_RESTART on signal handers will cause it to not interrupt + select(), at least for calls that do not specify a timeout. Try to + detect this and if found, don't use SA_RESTART. - Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc + POSIX says "If SA_RESTART has been set for the interrupting signal, it + is implementation-dependent whether select() restarts or returns with + [EINTR]" so this behaviour is within spec. + +commit 90a0b434ed41f9c505662dba8782591818599cb3 +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 1 13:55:03 2020 +1000 + + fix reversed test -commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98 +commit c0dfd18dd1c2107c73d18f70cd164f7ebd434b08 Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 20 13:22:00 2017 +1100 +Date: Fri May 1 13:29:16 2020 +1000 - Fix missed RCSID merges + wrap sha2.h inclusion in #ifdef HAVE_SHA2_H -commit d3b6aeb546242c9e61721225ac4387d416dd3d5e +commit a01817a9f63dbcbbc6293aacc4019993a4cdc7e3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Oct 20 02:13:41 2017 +0000 +Date: Tue Apr 28 04:59:29 2020 +0000 - upstream commit + upstream: adapt dummy FIDO middleware to API change; ok markus@ - more RCSIDs + OpenBSD-Regress-ID: 8bb84ee500c2eaa5616044314dd0247709a1790f + +commit 261571ddf02ea38fdb5e4a97c69ee53f847ca5b7 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Apr 30 18:28:37 2020 +0000 + + upstream: tweak previous; ok markus - Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be + OpenBSD-Commit-ID: 41895450ce2294ec44a5713134491cc31f0c09fd -commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Oct 20 01:56:39 2017 +0000 +commit 5de21c82e1d806d3e401b5338371e354b2e0a66f +Author: markus@openbsd.org <markus@openbsd.org> +Date: Thu Apr 30 17:12:20 2020 +0000 - upstream commit + upstream: bring back debug() removed in rev 1.74; noted by pradeep - add RCSIDs to these; they make syncing portable a bit - easier + kumar - Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68 + OpenBSD-Commit-ID: 8d134d22ab25979078a3b48d058557d49c402e65 -commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 20 12:54:15 2017 +1100 +commit ea14103ce9a5e13492e805f7e9277516ff5a4273 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Thu Apr 30 17:07:10 2020 +0000 - upstream commit + upstream: run the 2nd ssh with BatchMode for scp -3 - Apply missing commit 1.11 to kexc25519s.c - - Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8 + OpenBSD-Commit-ID: 77994fc8c7ca02d88e6d0d06d0f0fe842a935748 -commit 6f72280553cb6918859ebcacc717f2d2fafc1a27 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 20 12:52:50 2017 +1100 +commit 59d2de956ed29aa5565ed5e5947a7abdb27ac013 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Apr 28 04:02:29 2020 +0000 - upstream commit + upstream: when signing a challenge using a FIDO toke, perform the - Apply missing commit 1.127 to servconf.h + hashing in the middleware layer rather than in ssh code. This allows + middlewares that call APIs that perform the hashing implicitly (including + Microsoft's AFAIK). ok markus@ - Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15 + OpenBSD-Commit-ID: c9fc8630aba26c75d5016884932f08a5a237f37d -commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed Oct 18 05:36:59 2017 +0000 +commit c9d10dbc0ccfb1c7568bbb784f7aeb7a0b5ded12 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Apr 26 09:38:14 2020 +0000 - upstream commit - - remove unused Pp; + upstream: Fix comment typo. Patch from mforney at mforney.org. - Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550 + OpenBSD-Commit-ID: 3565f056003707a5e678e60e03f7a3efd0464a2b -commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 18 02:49:44 2017 +0000 +commit 4d2c87b4d1bde019cdd0f00552fcf97dd8b39940 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Apr 25 06:59:36 2020 +0000 - upstream commit + upstream: We've standardized on memset over bzero, replace a couple - In the description of pattern-lists, clarify negated - matches by explicitly stating that a negated match will never yield a - positive result, and that at least one positive term in the pattern-list must - match. bz#1918 + that had slipped in. ok deraadt markus djm. - Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 + OpenBSD-Commit-ID: f5be055554ee93e6cc66b0053b590bef3728dbd6 -commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Oct 13 21:13:54 2017 +0000 +commit 7f23f42123d64272a7b00754afa6b0841d676691 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 12:21:58 2020 +1000 - upstream commit + Include sys/byteorder.h for htons and friends. - log debug messages sent to peer; ok deraadt markus + These are usually in netinet/in.h but on HP-UX they are not defined if + _XOPEN_SOURCE_EXTENDED is set. Only needed for netcat in the regression + tests. + +commit d27cba58c972d101a5de976777e518f34ac779cb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 1 09:21:52 2020 +1000 + + Fix conditional for openssl-based chacha20. - Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9 + Fixes warnings or link errors when building against older OpenSSLs. + ok djm -commit 071325f458d615d7740da5c1c1d5a8b68a0b4605 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Oct 13 16:50:45 2017 +0000 +commit 20819b962dc1467cd6fad5486a7020c850efdbee +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 24 15:07:55 2020 +1000 - upstream commit + Error out if given RDomain if unsupported. - trim permitrootlogin description somewhat, to avoid - ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and - myself + If the config contained 'RDomain %D' on a platform that did not support + it, the error would not be detected until runtime resulting in a broken + sshd. Detect this earlier and error out if found. bz#3126, based on a + patch from jjelen at redhat.com, tweaks and ok djm@ + +commit 2c1690115a585c624eed2435075a93a463a894e2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 24 03:33:21 2020 +0000 + + upstream: Fix incorrect error message for "too many known hosts files." - ok sthen schwarze deraadt + bz#3149, patch from jjelen at redhat.com. - Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2 + OpenBSD-Commit-ID: e0fcb07ed5cf7fd54ce340471a747c24454235e5 -commit 10727487becb897a15f658e0cb2d05466236e622 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Oct 13 06:45:18 2017 +0000 +commit 3beb7276e7a8aedd3d4a49f9c03b97f643448c92 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 24 02:19:40 2020 +0000 - upstream commit + upstream: Remove leave_non_blocking() which is now dead code - mention SSH_USER_AUTH in the list of environment - variables + because nothing sets in_non_blocking_mode any more. Patch from + michaael.meeks at collabora.com, ok djm@ - Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691 + OpenBSD-Commit-ID: c403cefe97a5a99eca816e19cc849cdf926bd09c -commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Oct 13 06:24:51 2017 +0000 +commit 8654e3561772f0656e7663a0bd6a1a8cb6d43300 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Apr 23 21:28:09 2020 +0000 - upstream commit + upstream: ce examples of "Ar arg Ar arg" with "Ar arg arg" and - BIO_get_mem_data() is supposed to take a char* as pointer - argument, so don't pass it a const char* + stop the spread; - Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec + OpenBSD-Commit-ID: af0e952ea0f5e2019c2ce953ed1796eca47f0705 -commit cfa46825b5ef7097373ed8e31b01a4538a8db565 -Author: benno@openbsd.org <benno@openbsd.org> -Date: Mon Oct 9 20:12:51 2017 +0000 +commit 67697e4a8246dd8423e44b8785f3ee31fee72d07 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 24 11:10:18 2020 +1000 - upstream commit - - clarify the order in which config statements are used. ok - jmc@ djm@ + Update .depend. + +commit d6cc76176216fe3fac16cd20d148d75cb9c50876 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 14:07:00 2020 +1000 + + Mailing list is now closed to non-subscribers. - Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed + While there, add a reference to the bugzilla. ok djm@ -commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Oct 5 15:52:03 2017 +0000 +commit cecde6a41689d0ae585ec903b190755613a6de79 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 12:09:40 2020 +1000 - upstream commit + Put the values from env vars back. - replace statically-sized arrays in ServerOptions with - dynamic ones managed by xrecallocarray, removing some arbitrary (though - large) limits and saving a bit of memory; "much nicer" markus@ + This merges the values from the recently removed environment into make's + command line arguments since we actually need those. + +commit 300c4322b92e98d3346efa0aec1c094c94d0f964 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 11:33:15 2020 +1000 + + Pass configure's egrep through to test-exec.sh. - Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2 + Use it to create a wrapper function to call it from tests. Fixes the + keygen-comment test on platforms with impoverished default egrep (eg + Solaris). -commit 2b4f3ab050c2aaf6977604dd037041372615178d -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Oct 5 12:56:50 2017 +0000 +commit c8d9796cfe046f00eb8b2096d2b7028d6a523a84 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 22 10:56:44 2020 +1000 - upstream commit + Remove unneeded env vars from t-exec invocation. + +commit 01d4cdcd4514e99a4b6eb9523cd832bbf008d1d7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Apr 21 23:14:58 2020 +0000 + + upstream: Backslash '$' at then end of string. Prevents warning on + + some shells. - %C is hashed; from klemens nanni ok markus + OpenBSD-Regress-ID: 5dc27ab624c09d34078fd326b10e38c1ce9c741f + +commit 8854724ccefc1fa16f10b37eda2e759c98148caa +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 21 18:27:23 2020 +1000 + + Sync rev 1.49. - Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 + Prevent infinite for loop since i went from ssize_t to size_t. Patch from + eagleoflqj via OpenSSH github PR#178, ok djm@, feedback & ok millert@ -commit a66714508b86d6814e9055fefe362d9fe4d49ab3 +commit d00d07b6744d3b4bb7aca46c734ecd670148da23 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 4 18:50:23 2017 +0000 +Date: Mon Apr 20 04:44:47 2020 +0000 - upstream commit + upstream: regression test for printing of private key fingerprints and - exercise PermitOpen a little more thoroughly + key comments, mostly by loic AT venez.fr (slightly tweaked for portability) + ok dtucker@ - Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac + OpenBSD-Regress-ID: 8dc6c4feaf4fe58b6d634cd89afac9a13fd19004 -commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Sep 26 22:39:25 2017 +0000 +commit a98d5ba31e5e7e01317352f85fa63b846a960f8c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Apr 20 04:43:57 2020 +0000 - upstream commit + upstream: fix a bug I introduced in r1.406: when printing private key - UsePrivilegeSeparation is gone, stop trying to test it. + fingerprint of old-format key, key comments were not being displayed. Spotted + by loic AT venez.fr, ok dtucker - Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191 + OpenBSD-Commit-ID: 2d98e4f9eb168eea733d17e141e1ead9fe26e533 -commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b +commit 32f2d0aad42c15e19bd3b07496076ca891573a58 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Oct 4 18:49:30 2017 +0000 +Date: Fri Apr 17 07:16:07 2020 +0000 - upstream commit + upstream: repair private key fingerprint printing to also print - fix (another) problem in PermitOpen introduced during the - channels.c refactor: the third and subsequent arguments to PermitOpen were - being silently ignored; ok markus@ + comment after regression caused by my recent pubkey loading refactor. + Reported by loic AT venez.fr, ok dtucker@ - Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd + OpenBSD-Commit-ID: f8db49acbee6a6ccb2a4259135693b3cceedb89e -commit 66bf74a92131b7effe49fb0eefe5225151869dc5 +commit 094dd513f4b42e6a3cebefd18d1837eb709b4d99 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Oct 2 19:33:20 2017 +0000 +Date: Fri Apr 17 07:15:11 2020 +0000 - upstream commit + upstream: refactor out some duplicate private key loading code; - Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ + based on patch from loic AT venez.fr, ok dtucker@ - Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c + OpenBSD-Commit-ID: 5eff2476b0d8d0614924c55e350fb7bb9c84f45e -commit d63b38160a59039708fd952adc75a0b3da141560 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Oct 1 10:32:25 2017 +1100 +commit 4e04f46f248f1708e39b900b76c9693c820eff68 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Apr 17 06:12:41 2020 +0000 - update URL again + upstream: add space beteen macro arg and punctuation; - I spotted a typo in the draft so uploaded a new version... + OpenBSD-Commit-ID: c93a6cbb4bf9468fc4c13e64bc1fd4efee201a44 -commit 6f64f596430cd3576c529f07acaaf2800aa17d58 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Oct 1 10:01:56 2017 +1100 +commit 44ae009a0112081d0d541aeaa90088bedb6f21ce +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 17 04:27:03 2020 +0000 - sync release notes URL + upstream: auth2-pubkey r1.89 changed the order of operations to + + checking AuthorizedKeysFile first and falling back to AuthorizedKeysCommand + if no key was found in a file. Document this order here; bz3134 + + OpenBSD-Commit-ID: afce0872cbfcfc1d4910ad7722e50f792a1dce12 -commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d +commit f96f17f920f38ceea6f3c5cb0b075c46b8929fdc Author: Damien Miller <djm@mindrot.org> -Date: Sun Oct 1 10:01:25 2017 +1100 +Date: Fri Apr 17 14:07:15 2020 +1000 - sync contrib/ssh-copy-id with upstream + sys/sysctl.h is only used on OpenBSD + + so change the preprocessor test used to include it to check + __OpenBSD__, matching the code that uses the symbols it declares. -commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Oct 1 09:59:19 2017 +1100 +commit 54688e937a69c7aebef8a3d50cbd4c6345bab2ca +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 17 03:38:47 2020 +0000 - update version in RPM spec files + upstream: fix reversed test that caused IdentitiesOnly=yes to not + + apply to keys loaded from a PKCS11Provider; bz3141, ok dtucker@ + + OpenBSD-Commit-ID: e3dd6424b94685671fe84c9b9dbe352fb659f677 -commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d -Author: Damien Miller <djm@mindrot.org> -Date: Sun Oct 1 09:58:24 2017 +1100 +commit 267cbc87b5b6e78973ac4d3c7a6f807ed226928c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 17 03:34:42 2020 +0000 - update agent draft URL + upstream: mention that /etc/hosts.equiv and /etc/shosts.equiv are + + not considered for HostbasedAuthentication when the target user is root; + bz3148 + + OpenBSD-Commit-ID: fe4c1256929e53f23af17068fbef47852f4bd752 -commit e4a798f001d2ecd8bf025c1d07658079f27cc604 +commit c90f72d29e84b4a2709078bf5546a72c29a65177 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Sep 30 22:26:33 2017 +0000 +Date: Fri Apr 17 03:30:05 2020 +0000 - upstream commit + upstream: make IgnoreRhosts a tri-state option: "yes" ignore - openssh-7.6; ok deraadt@ + rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow + .shosts files but not .rhosts. ok dtucker@ - Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 + OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9 -commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed Sep 27 06:45:53 2017 +0000 +commit 321c7147079270f3a154f91b59e66219aac3d514 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 17 03:23:13 2020 +0000 - upstream commit + upstream: allow the IgnoreRhosts directive to appear anywhere in a - tweak EposeAuthinfo; diff from lars nooden + sshd_config, not just before any Match blocks; bz3148, ok dtucker@ - tweaked by sthen; ok djm dtucker - - Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 + OpenBSD-Commit-ID: e042467d703bce640b1f42c5d1a62bf3825736e8 -commit bba69c246f0331f657fd6ec97724df99fc1ad174 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Sep 28 16:06:21 2017 -0700 +commit ca5403b085a735055ec7b7cdcd5b91f2662df94c +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sat Apr 11 20:20:09 2020 +0000 - don't fatal ./configure for LibreSSL + upstream: add space between macro arg and punctuation; + + OpenBSD-Commit-ID: e579e4d95eef13059c30931ea1f09ed8296b819c -commit 04dc070e8b4507d9d829f910b29be7e3b2414913 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Sep 28 14:54:34 2017 -0700 +commit 8af0244d7b4a65eed2e62f9c89141c7c8e63f09d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Apr 15 10:58:02 2020 +1000 - abort in configure when only openssl-1.1.x found + Add sys/syscall.h for syscall numbers. - We don't support openssl-1.1.x yet (see multiple threads on the - openssh-unix-dev@ mailing list for the reason), but previously - ./configure would accept it and the compilation would subsequently - fail. This makes ./configure display an explicit error message and - abort. - - ok dtucker@ + In some architecture/libc configurations we need to explicitly include + sys/syscall.h for the syscall number (__NR_xxx) definitions. bz#3085, + patch from blowfist at xroutine.net. -commit 74c1c3660acf996d9dc329e819179418dc115f2c -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Sep 27 07:44:41 2017 +1000 +commit 3779b50ee952078018a5d9e1df20977f4355df17 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Apr 11 10:16:11 2020 +0000 - Check for and handle calloc(p, 0) = NULL. + upstream: Refactor private key parsing. Eliminates a fair bit of + + duplicated code and fixes oss-fuzz#20074 (NULL deref) caused by a missing key + type check in the ECDSA_CERT parsing path. - On some platforms (AIX, maybe others) allocating zero bytes of memory - via the various *alloc functions returns NULL, which is permitted - by the standards. Autoconf has some macros for detecting this (with - the exception of calloc for some reason) so use these and if necessary - activate shims for them. ok djm@ + feedback and ok markus@ + + OpenBSD-Commit-ID: 4711981d88afb7196d228f7baad9be1d3b20f9c9 -commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Sep 21 19:18:12 2017 +0000 +commit b6a4013647db67ec622c144a9e05dd768f1966b3 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 10 00:54:03 2020 +0000 - upstream commit + upstream: Add tests for TOKEN expansion of LocalForward and - test reverse dynamic forwarding with SOCKS + RemoteForward. - Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 + OpenBSD-Regress-ID: 90fcbc60d510eb114a2b6eaf4a06ff87ecd80a89 -commit 1b9f321605733754df60fac8c1d3283c89b74455 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Sep 26 16:55:55 2017 +1000 +commit abc3e0a5179c13c0469a1b11fe17d832abc39999 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Apr 6 09:43:55 2020 +0000 - sync missing changes in dynamic-forward.sh + upstream: Add utf8.c for asmprintf used by krl.c + + OpenBSD-Regress-ID: 433708d11165afdb189fe635151d21659dd37a37 -commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Sep 25 09:48:10 2017 +1000 +commit 990687a0336098566c3a854d23cce74a31ec6fe2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 10 00:52:07 2020 +0000 - Add minimal strsignal for platforms without it. + upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward + + when used for Unix domain socket forwarding. Factor out the code for the + config keywords that use the most common subset of TOKENS into its own + function. bz#3014, ok jmc@ (man page bits) djm@ + + OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97 -commit 218e6f98df566fb9bd363f6aa47018cb65ede196 +commit 2b13d3934d5803703c04803ca3a93078ecb5b715 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Sep 24 13:45:34 2017 +0000 +Date: Wed Apr 8 00:10:37 2020 +0000 - upstream commit + upstream: let sshkey_try_load_public() load public keys from the - fix inverted test on channel open failure path that - "upgraded" a transient failure into a fatal error; reported by sthen and also - seen by benno@; ok sthen@ + unencrypted envelope of private key files if not sidecar public key file is + present. - Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 + ok markus@ + + OpenBSD-Commit-ID: 252a0a580e10b9a6311632530d63b5ac76592040 -commit c704f641f7b8777497dc82e81f2ac89afec7e401 +commit d01f39304eaab0352793b490a25e1ab5f59a5366 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Sep 24 09:50:01 2017 +0000 +Date: Wed Apr 8 00:09:24 2020 +0000 - upstream commit + upstream: simplify sshkey_try_load_public() - write the correct buffer when tunnel forwarding; doesn't - matter on OpenBSD (they are the same) but does matter on portable where we - use an output filter to translate os-specific tun/tap headers + ok markus@ - Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 + OpenBSD-Commit-ID: 05a5d46562aafcd70736c792208b1856064f40ad -commit 55486f5cef117354f0c64f991895835077b7c7f7 +commit f290ab0833e44355fc006e4e67b92446c14673ef Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Sep 23 22:04:07 2017 +0000 +Date: Wed Apr 8 00:08:46 2020 +0000 - upstream commit + upstream: add sshkey_parse_pubkey_from_private_fileblob_type() + + Extracts a public key from the unencrypted envelope of a new-style + OpenSSH private key. - fix tunnel forwarding problem introduced in refactor; - reported by stsp@ ok markus@ + ok markus@ - Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 + OpenBSD-Commit-ID: 44d7ab446e5e8c686aee96d5897b26b3939939aa -commit 609d7a66ce578abf259da2d5f6f68795c2bda731 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Thu Sep 21 19:16:53 2017 +0000 +commit 8d514eea4ae089626a55e11c7bc1745c8d9683e4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Apr 8 00:07:19 2020 +0000 - upstream commit - - Add 'reverse' dynamic forwarding which combines dynamic - forwarding (-D) with remote forwarding (-R) where the remote-forwarded port - expects SOCKS-requests. + upstream: simplify sshkey_parse_private_fileblob_type() - The SSH server code is unchanged and the parsing happens at the SSH - clients side. Thus the full SOCKS-request is sent over the forwarded - channel and the client parses c->output. Parsing happens in - channel_before_prepare_select(), _before_ the select bitmask is - computed in the pre[] handlers, but after network input processing - in the post[] handlers. + Try new format parser for all key types first, fall back to PEM + parser only for invalid format errors. - help and ok djm@ + ok markus@ - Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 + OpenBSD-Commit-ID: 0173bbb3a5cface77b0679d4dca0e15eb5600b77 -commit 36945fa103176c00b39731e1fc1919a0d0808b81 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Sep 20 05:19:00 2017 +0000 +commit 421169d0e758351b105eabfcebf42378ebf17217 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Apr 8 00:05:59 2020 +0000 - upstream commit + upstream: check private key type against requested key type in - Use strsignal in debug message instead of casting for the - benefit of portable where sig_atomic_t might not be int. "much nicer" - deraadt@ + new-style private decoding; ok markus@ - Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 + OpenBSD-Commit-ID: 04d44b3a34ce12ce5187fb6f6e441a88c8c51662 -commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e -Author: millert@openbsd.org <millert@openbsd.org> -Date: Tue Sep 19 12:10:30 2017 +0000 +commit 6aabfb6d22b36d07f584cba97f4cdc4363a829da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Apr 8 00:04:32 2020 +0000 - upstream commit + upstream: check that pubkey in private key envelope matches actual + + private key - Use explicit_bzero() instead of bzero() before free() to - prevent the compiler from optimizing away the bzero() call. OK djm@ + (this public key is currently unusued) + + ok markus@ - Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d + OpenBSD-Commit-ID: 634a60b5e135d75f48249ccdf042f3555112049c -commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 +commit c0f5b2294796451001fd328c44f0d00f1114eddf Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Sep 19 04:24:22 2017 +0000 +Date: Wed Apr 8 00:01:52 2020 +0000 - upstream commit + upstream: refactor private key parsing a little + + Split out the base64 decoding and private section decryption steps in + to separate functions. This will make the decryption step easier to fuzz + as well as making it easier to write a "load public key from new-format + private key" function. - fix use-after-free in ~^Z escape handler path, introduced - in channels.c refactor; spotted by millert@ "makes sense" deraadt@ + ok markus@ - Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 + OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e -commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e +commit 8461a5b3db34ed0b5a4a18d82f64fd5ac8693ea8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 6 20:54:34 2020 +1000 + + Include openssl-compat.h before checking ifdefs. + + Fixes problem where unsuitable chacha20 code in libressl would be used + unintentionally. + +commit 931c50c5883a9910ea1ae9a371e4e815ec56b035 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Apr 6 10:04:56 2020 +1000 + + fix inverted test for LibreSSL version + +commit d1d5f728511e2338b7c994968d301d8723012264 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Sep 18 12:03:24 2017 +0000 +Date: Sat Apr 4 23:04:41 2020 +0000 - upstream commit + upstream: Indicate if we're using a cached key in trace output. - Prevent type mismatch warning in debug on platforms where - sig_atomic_t != int. ok djm@ + OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89 + +commit a398251a4627367c78bc483c70c2ec973223f82c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Apr 5 08:43:57 2020 +1000 + + Use /usr/bin/xp4g/id if necessary. - Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed + Solaris' native "id" doesn't support the options we use but the one + in /usr/bin/xp4g does, so use that instead. -commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc +commit db0fdd48335b5b01114f78c1a73a195235910f81 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Sep 18 09:41:52 2017 +0000 +Date: Sat Apr 4 22:14:26 2020 +0000 - upstream commit + upstream: Some platforms don't have "hostname -s", so use cut to trim - Add braces missing after channels refactor. ok markus@ + short hostname instead. - Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 + OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7 -commit b79569190b9b76dfacc6d996faa482f16e8fc026 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Sep 19 12:29:23 2017 +1000 +commit e7e59a9cc8eb7fd5944ded28f4d7e3ae0a5fdecd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 3 07:53:10 2020 +0000 - add freezero(3) replacement + upstream: Compute hash locally and re-enable %C tests. - ok dtucker@ + OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770 -commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e +commit abe2b245b3ac6c4801e99bc0f13289cd28211e22 Author: Damien Miller <djm@mindrot.org> -Date: Tue Sep 19 10:18:56 2017 +1000 +Date: Fri Apr 3 17:25:46 2020 +1100 - move FORTIFY_SOURCE into hardening options group - - It's still on by default, but now it's possible to turn it off using - --without-hardening. This is useful since it's known to cause problems - with some -fsanitize options. ok dtucker@ + prefer libcrypto chacha20-poly1305 where possible -commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 -Author: bluhm@openbsd.org <bluhm@openbsd.org> -Date: Wed Sep 13 14:58:26 2017 +0000 +commit bc5c5d01ad668981f9e554e62195383bc12e8528 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 3 05:43:11 2020 +0000 - upstream commit + upstream: Temporarily remove tests for '%C' since the hash contains the - Print SKIPPED if sudo and doas configuration is missing. - Prevents that running the regression test with wrong environment is reported - as failure. Keep the fatal there to avoid interfering with other setups for - portable ssh. OK dtucker@ + local hostname and it doesn't work on any machine except mine... spotted by + djm@ - Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e + OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401 -commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Aug 7 03:52:55 2017 +0000 +commit 81624026989654955a657ebf2a1fe8b9994f3c87 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 3 06:07:57 2020 +0000 - upstream commit + upstream: r1.522 deleted one too many lines; repair - Remove obsolete privsep=no fallback test. + OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477 + +commit 668cb3585ce829bd6e34d4a962c489bda1d16370 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Apr 3 05:53:52 2020 +0000 + + upstream: sort -N and add it to usage(); - Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df + OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332 -commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Aug 7 00:53:51 2017 +0000 +commit 338ccee1e7fefa47f3d128c2541e94c5270abe0c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 3 05:48:57 2020 +0000 - upstream commit + upstream: avoid another compiler warning spotted in -portable - Remove non-privsep test since disabling privsep is now - deprecated. + OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7 + +commit 9f8a42340bd9af86a99cf554dc39ecdf89287544 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 3 04:07:48 2020 +0000 + + upstream: this needs utf8.c too - Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 + OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451 -commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e +commit 92115ea7c3a834374720c350841fc729e7d5c8b2 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 28 10:32:08 2017 +0000 +Date: Fri Apr 3 03:14:03 2020 +0000 - upstream commit + upstream: Add percent_expand test for 'Match Exec'. - Don't call fatal from stop_sshd since it calls cleanup - which calls stop_sshd which will probably fail in the same way. Instead, - just bail. Differentiate between sshd dying without cleanup and not shutting - down. - - Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 + OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f -commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba +commit de34a440276ae855c38deb20f926d46752c62c9d Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 14 04:32:21 2017 +0000 +Date: Fri Apr 3 04:43:24 2020 +0000 - upstream commit + upstream: fix format string (use %llu for uint64, not %lld). spotted by - Revert commitid: gJtIN6rRTS3CHy9b. + Darren and his tinderbox tests - ------------- - identify the case where SSHFP records are missing but other DNS RR - types are present and display a more useful error message for this - case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ - ------------- - - This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results - are missing but the user already has the key in known_hosts + OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2 + +commit 9cd40b829a5295cc81fbea8c7d632b2478db6274 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 3 04:34:15 2020 +0000 + + upstream: Add a flag to re-enable verbose output when in batch - Spotted by dtucker@ + mode; requested in bz3135; ok dtucker - Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 + OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b -commit 871f1e4374420b07550041b329627c474abc3010 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Sep 12 18:01:35 2017 +1000 +commit 6ce51a5da5d333a44e7c74c027f3571f70c39b24 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 3 04:32:21 2020 +0000 - adapt portable to channels API changes + upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20 + + Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the + way at a2k20 tb@ + + OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0 -commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb +commit eba523f0a130f1cce829e6aecdcefa841f526a1a Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Sep 12 07:55:48 2017 +0000 +Date: Fri Apr 3 04:27:03 2020 +0000 - upstream commit + upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as - unused variable + part of a larger diff at a2k20 - Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 + OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd -commit 9145a73ce2ba30c82bbf91d7205bfd112529449f +commit ebd29e90129cf18fedfcfe1de86e324228669295 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Sep 12 07:32:04 2017 +0000 +Date: Fri Apr 3 04:06:26 2020 +0000 - upstream commit + upstream: fix debug statement - fix tun/tap forwarding case in previous - - Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 + OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916 -commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e +commit 7b4d8999f2e1a0cb7b065e3efa83e6edccfc7d82 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Sep 12 06:35:31 2017 +0000 +Date: Fri Apr 3 04:03:51 2020 +0000 - upstream commit + upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I - Make remote channel ID a u_int + committed earlier had an off-by-one. Fix this and add some debugging that + would have made it apparent sooner. - Previously we tracked the remote channel IDs in an int, but this is - strictly incorrect: the wire protocol uses uint32 and there is nothing - in-principle stopping a SSH implementation from sending, say, 0xffff0000. + OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910 + +commit eece243666d44ceb710d004624c5c7bdc05454bc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 3 03:12:11 2020 +0000 + + upstream: %C expansion just added to Match Exec should include - In practice everyone numbers their channels sequentially, so this has - never been a problem. + remote user not local user. - ok markus@ + OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2 + +commit d5318a784d016478fc8da90a38d9062c51c10432 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 3 02:33:31 2020 +0000 + + upstream: Add regression test for percent expansions where possible. - Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 + OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288 -commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 +commit 663e84bb53de2a60e56a44d538d25b8152b5c1cc Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Sep 12 06:32:07 2017 +0000 +Date: Fri Apr 3 02:40:32 2020 +0000 - upstream commit + upstream: make failures when establishing "Tunnel" forwarding terminate - refactor channels.c + the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker - Move static state to a "struct ssh_channels" that is allocated at - runtime and tracked as a member of struct ssh. + OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735 + +commit ed833da176611a39d3376d62154eb88eb440d31c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 3 02:27:12 2020 +0000 + + upstream: Make with config keywords support which - Explicitly pass "struct ssh" to all channels functions. + percent_expansions more consistent. - %C is moved into its own function and + added to Match Exec. - move the common (global) options into a macro. This + is ugly but it's the least-ugly way I could come up with. - move + IdentityAgent and ForwardAgent percent expansion to before the config dump + to make it regression-testable. - document all of the above - Replace use of the legacy packet APIs in channels.c. + ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest. - Rework sshd_config PermitOpen handling: previously the configuration - parser would call directly into the channels layer. After the refactor - this is not possible, as the channels structures are allocated at - connection time and aren't available when the configuration is parsed. - The server config parser now tracks PermitOpen itself and explicitly - configures the channels code later. + OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75 + +commit 6ec7457171468da2bbd908b8cd63d298b0e049ea +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 3 02:26:56 2020 +0000 + + upstream: give ssh-keygen the ability to dump the contents of a - ok markus@ + binary key revocation list: ssh-keygen -lQf /path bz#3132; ok dtucker - Upstream-ID: 11828f161656b965cc306576422613614bea2d8f + OpenBSD-Commit-ID: b76afc4e3b74ab735dbde4e5f0cfa1f02356033b -commit abd59663df37a42152e37980113ccaa405b9a282 +commit af628b8a6c3ef403644d83d205c80ff188c97f0c Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 7 23:48:09 2017 +0000 +Date: Fri Apr 3 02:25:21 2020 +0000 - upstream commit + upstream: add allocating variant of the safe utf8 printer; ok - typo in comment + dtucker as part of a larger diff - Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 + OpenBSD-Commit-ID: 037e2965bd50eacc2ffb49889ecae41552744fa0 -commit 149a8cd24ce9dd47c36f571738681df5f31a326c -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Sep 4 06:34:43 2017 +0000 +commit d8ac9af645f5519ac5211e9e1e4dc1ed00e9cced +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 16 02:17:02 2020 +0000 - upstream commit + upstream: Cast lifetime to u_long for comparison to prevent unsigned - tweak previous; + comparison warning on 32bit arches. Spotted by deraadt, ok djm. - Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b + OpenBSD-Commit-ID: 7a75b2540bff5ab4fa00b4d595db1df13bb0515a -commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Sep 8 12:44:13 2017 +1000 +commit 0eaca933ae08b0a515edfccd5cc4a6b667034813 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 14 20:58:46 2020 +1100 - Fuzzer harnesses for sig verify and pubkey parsing + Include fido.h when checking for fido/credman.h. - These are some basic clang libfuzzer harnesses for signature - verification and public key parsing. Some assembly (metaphorical) - required. + It's required for fido_dev_t, otherwise configure fails with + when given --with-security-key-builtin. -commit de35c382894964a896a63ecd5607d3a3b93af75d -Author: Damien Miller <djm@mindrot.org> -Date: Fri Sep 8 12:38:31 2017 +1000 +commit c7c099060f82ffe6a36d8785ecf6052e12fd92f0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 13 03:18:45 2020 +0000 - Give configure ability to set CFLAGS/LDFLAGS later + upstream: some more speeling mistakes from - Some CFLAGS/LDFLAGS may disrupt the configure script's operation, - in particular santization and fuzzer options that break assumptions - about memory and file descriptor dispositions. + OpenBSD-Regress-ID: 02471c079805471c546b7a69d9ab1d34e9a57443 + +commit 1d89232a4aa97fe935cd60b8d24d75c2f70d56c5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 13 04:16:27 2020 +0000 + + upstream: improve error messages for some common PKCS#11 C_Login - This adds two flags to configure --with-cflags-after and - --with-ldflags-after that allow specifying additional compiler and - linker options that are added to the resultant Makefiles but not - used in the configure run itself. + failure cases; based on patch from Jacob Hoffman-Andrews in bz3130; ok + dtucker - E.g. + OpenBSD-Commit-ID: b8b849621b4a98e468942efd0a1c519c12ce089e + +commit 5becbec023f2037394987f85ed7f74b9a28699e0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 13 04:01:56 2020 +0000 + + upstream: use sshpkt_fatal() for kex_exchange_identification() - env CC=clang-3.9 ./configure \ - --with-cflags-after=-fsantize=address \ - --with-ldflags-after="-g -fsanitize=address" + errors. This ensures that the logged errors are consistent with other + transport- layer errors and that the relevant IP addresses are logged. bz3129 + ok dtucker@ + + OpenBSD-Commit-ID: 2c22891f0b9e1a6cd46771cedbb26ac96ec2e6ab + +commit eef88418f9e5e51910af3c5b23b5606ebc17af55 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 13 03:24:49 2020 +0000 -commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 + upstream: Don't clear alarm timers in listening sshd. Previously + + these timers were used for regenerating the SSH1 ephemeral host keys but + those are now gone so there's no need to clear the timers either. ok + deraadt@ + + OpenBSD-Commit-ID: 280d2b885e4a1ce404632e8cc38fcb17be7dafc0 + +commit d081f017c20a3564255873ed99fd7d024cac540f Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Sep 3 23:33:13 2017 +0000 +Date: Fri Mar 13 03:17:07 2020 +0000 - upstream commit + upstream: spelling errors in comments; no code change from - Expand ssh_config's StrictModes option with two new - settings: + OpenBSD-Commit-ID: 166ea64f6d84f7bac5636dbd38968592cb5eb924 + +commit c084a2d040f160bc2b83f13297e3e3ca3f5dbac6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 13 03:12:17 2020 +0000 + + upstream: when downloading FIDO2 resident keys from a token, don't - StrictModes=accept-new will automatically accept hitherto-unseen keys - but will refuse connections for changed or invalid hostkeys. + prompt for a PIN until the token has told us that it needs one. Avoids + double-prompting on devices that implement on-device authentication (e.g. a + touchscreen PIN pad on the Trezor Model T). ok dtucker@ - StrictModes=off is the same as StrictModes=no + OpenBSD-Commit-ID: 38b78903dd4422d7d3204095a31692fb69130817 + +commit 955c4cf4c6a1417c28d4e1040702c4d9bf63645b +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 13 14:30:16 2020 +1100 + + sync fnmatch.c with upstream to fix another typo + +commit 397f217e8640e75bb719a8e87111b4bd848fb3df +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 13 14:24:23 2020 +1100 + + another spelling error in comment + +commit def31bc5427579ec3f7f2ce99f2da1338fdc0c9f +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 13 14:23:07 2020 +1100 + + spelling mistakes - Motivation: + from https://fossies.org/linux/misc/openssh-8.2p1.tar.gz/codespell.html + +commit 8bdc3bb7cf4c82c3344cfcb82495a43406e87e83 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:29:54 2020 +0000 + + upstream: fix relative includes in sshd_config; ok djm + + OpenBSD-Commit-ID: fa29b0da3c93cbc3a1d4c6bcd58af43c00ffeb5b + +commit e32ef97a56ae03febfe307688858badae3a70e5a +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:29:14 2020 +0000 + + upstream: fix use-after-free in do_download_sk; ok djm - StrictModes=no combines two behaviours for host key processing: - automatically learning new hostkeys and continuing to connect to hosts - with invalid/changed hostkeys. The latter behaviour is quite dangerous - since it removes most of the protections the SSH protocol is supposed to - provide. + OpenBSD-Commit-ID: 96b49623d297797d4fc069f1f09e13c8811f8863 + +commit 5732d58020309364bf31fa125354e399361006db +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:28:50 2020 +0000 + + upstream: do not leak oprincipals; ok djm - Quite a few users want to automatically learn hostkeys however, so - this makes that feature available with less danger. + OpenBSD-Commit-ID: 4691d9387eab36f8fda48f5d8009756ed13a7c4c + +commit 8fae395f34c2c52cdaf9919aa261d1848b4bb00b +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:28:27 2020 +0000 + + upstream: initialize seconds for debug message; ok djm - At some point in the future, StrictModes=no will change to be a synonym - for accept-new, with its current behaviour remaining available via - StrictModes=off. + OpenBSD-Commit-ID: 293fbefe6d00b4812a180ba02e26170e4c855b81 + +commit 46e5c4c8ffcd1569bcd5d04803abaa2ecf3e4cff +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:27:50 2020 +0000 + + upstream: correct return code; ok djm - bz#2400, suggested by Michael Samuel; ok markus + OpenBSD-Commit-ID: 319d09e3b7f4b2bc920c67244d9ff6426b744810 + +commit 31c39e7840893f1bfdcbe4f813b20d1d7e69ec3e +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:27:15 2020 +0000 + + upstream: principalsp is optional, pubkey required; ok djm - Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 + OpenBSD-Commit-ID: 2cc3ea5018c28ed97edaccd7f17d2cc796f01024 -commit ff3c42384033514e248ba5d7376aa033f4a2b99a -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Sep 1 15:41:26 2017 +0000 +commit e26a31757c5df2f58687cb9a4853d1418f39728e +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:26:21 2020 +0000 - upstream commit + upstream: remove unused variables in ssh-pkcs11-helper; ok djm - remove blank line; + OpenBSD-Commit-ID: 13e572846d0d1b28f1251ddd2165e9cf18135ae1 + +commit 1b378c0d982d6ab522eda634b0e88cf1fca5e352 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:25:48 2020 +0000 + + upstream: return correct error in sshsk_ed25519_sig; ok djm - Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 + OpenBSD-Commit-ID: 52bf733df220303c260fee4f165ec64b4a977625 -commit b828605d51f57851316d7ba402b4ae06cf37c55d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 1 05:53:56 2017 +0000 +commit fbff605e637b068061ab6784ff03e3874890c092 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:25:12 2020 +0000 - upstream commit + upstream: fix possible null-deref in check_key_not_revoked; ok - identify the case where SSHFP records are missing but - other DNS RR types are present and display a more useful error message for - this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ + djm - Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 + OpenBSD-Commit-ID: 80855e9d7af42bb6fcc16c074ba69876bfe5e3bf -commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Sep 1 05:50:48 2017 +0000 +commit bc30b446841fc16e50ed6e75c56ccfbd37b9f281 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:24:39 2020 +0000 - upstream commit + upstream: ssh_fetch_identitylist() returns the return value from - document available AuthenticationMethods; bz#2453 ok - dtucker@ + ssh_request_reply() so we should also check against != 0 ok djm - Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 + OpenBSD-Commit-ID: 28d0028769d03e665688c61bb5fd943e18614952 -commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Aug 30 03:59:08 2017 +0000 +commit 7b4f70ddeb59f35283d77d8d9c834ca58f8cf436 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:23:17 2020 +0000 - upstream commit + upstream: sshkey_cert_check_authority requires reason to be set; - pass packet state down to some of the channels function - (more to come...); ok markus@ + ok djm - Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b + OpenBSD-Commit-ID: 6f7a6f19540ed5749763c2f9530c0897c94aa552 -commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue Aug 29 13:05:58 2017 +0000 +commit 05efe270df1e925db0af56a806d18b5063db4b6d +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:21:28 2020 +0000 - upstream commit + upstream: passphrase depends on kdfname, not ciphername (possible - sort options; + null-deref); ok djm - Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c + OpenBSD-Commit-ID: 0d39668edf5e790b5837df4926ee1141cec5471c -commit 530591a5795a02d01c78877d58604723918aac87 -Author: dlg@openbsd.org <dlg@openbsd.org> -Date: Tue Aug 29 09:42:29 2017 +0000 +commit 1ddf5682f3992bdacd29164891abb71a19c2cf61 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:20:44 2020 +0000 - upstream commit + upstream: consistently check packet_timeout_ms against 0; ok djm - add a -q option to ssh-add to make it quiet on success. + OpenBSD-Commit-ID: e8fb8cb2c96c980f075069302534eaf830929928 + +commit 31f1ee54968ad84eb32375e4412e0318766b586b +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:20:02 2020 +0000 + + upstream: initialize cname in case ai_canonname is NULL or too - if you want to silence ssh-add without this you generally redirect - the output to /dev/null, but that can hide error output which you - should see. + long; ok djm - ok djm@ + OpenBSD-Commit-ID: c27984636fdb1035d1642283664193e91aab6e37 + +commit a6134b02b5264b2611c8beae98bb392329452bba +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:19:21 2020 +0000 + + upstream: fix uninitialized pointers for forward_cancel; ok djm - Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c + OpenBSD-Commit-ID: 612778e6d87ee865d0ba97d0a335f141cee1aa37 -commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Aug 27 00:38:41 2017 +0000 +commit 16d4f9961c75680aab374dee762a5baa0ad507af +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:16:21 2020 +0000 - upstream commit + upstream: exit on parse failures in input_service_request; ok djm - Increase the buffer sizes for user prompts to ensure that - they won't be truncated by snprintf. Based on patch from cjwatson at - debian.org via bz#2768, ok djm@ + OpenBSD-Commit-ID: 6a7e1bfded26051d5aa893c030229b1ee6a0d5d2 + +commit 5f25afe5216ba7f8921e04f79aa4ca0624eca820 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:15:38 2020 +0000 + + upstream: fix null-deref on calloc failure; ok djm - Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e + OpenBSD-Commit-ID: a313519579b392076b7831ec022dfdefbec8724a -commit dd9d9b3381a4597b840d480b043823112039327e -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Aug 28 16:48:27 2017 +1000 +commit ff2acca039aef16a15fce409163df404858f7aa5 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:15:04 2020 +0000 - Switch Capsicum header to sys/capsicum.h. + upstream: exit if ssh_krl_revoke_key_sha256 fails; ok djm - FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to - avoid future conflicts with POSIX capabilities (the last release that - didn't have it was 9.3) so switch to that. Patch from des at des.no. + OpenBSD-Commit-ID: 0864ad4fe8bf28ab21fd1df766e0365c11bbc0dc -commit f5e917ab105af5dd6429348d9bc463e52b263f92 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sun Aug 27 08:55:40 2017 +1000 +commit 31c860a0212af2d5b6a129e3e8fcead51392ee1d +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:14:13 2020 +0000 - Add missing includes for bsd-err.c. + upstream: pkcs11_register_provider: return < 0 on error; ok djm - Patch from cjwatson at debian.org via bz#2767. + OpenBSD-Commit-ID: cfc8321315b787e4d40da4bdb2cbabd4154b0d97 -commit 878e029797cfc9754771d6f6ea17f8c89e11d225 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Aug 25 13:25:01 2017 +1000 +commit 15be29e1e3318737b0768ca37d5b4a3fbe868ef0 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:13:29 2020 +0000 - Split platform_sys_dir_uid into its own file + upstream: sshsig: return correct error, fix null-deref; ok djm - platform.o is too heavy for libssh.a use; it calls into the server on - many platforms. Move just the function needed by misc.c into its own - file. + OpenBSD-Commit-ID: 1d1af7cd538b8b23e621cf7ab84f11e7a923edcd -commit 07949bfe9133234eddd01715592aa0dde67745f0 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Aug 23 20:13:18 2017 +1000 +commit 6fb6f186cb62a6370fba476b6a03478a1e95c30d +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:12:55 2020 +0000 + + upstream: vasnmprintf allocates str and returns -1; ok djm + + OpenBSD-Commit-ID: dae4c9e83d88471bf3b3f89e3da7a107b44df11c - misc.c needs functions from platform.c now +commit 714e1cbca17daa13f4f98978cf9e0695d4b2e0a4 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Mar 6 18:11:10 2020 +0000 + + upstream: sshpkt_fatal() does not return; ok djm + + OpenBSD-Commit-ID: 7dfe847e28bd78208eb227b37f29f4a2a0929929 -commit b074c3c3f820000a21953441cea7699c4b17d72f +commit 9b47bd7b09d191991ad9e0506bb66b74bbc93d34 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 18 05:48:04 2017 +0000 +Date: Fri Feb 28 01:07:28 2020 +0000 - upstream commit + upstream: no-touch-required certificate option should be an - add a "quiet" flag to exited_cleanly() that supresses - errors about exit status (failure due to signal is still reported) + extension, not a critical option. - Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 + OpenBSD-Commit-ID: 626b22c5feb7be8a645e4b9a9bef89893b88600d -commit de4ae07f12dabf8815ecede54235fce5d22e3f63 +commit dd992520bed35387fc010239abe1bdc0c2665e38 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 18 05:36:45 2017 +0000 +Date: Fri Feb 28 01:06:05 2020 +0000 - upstream commit + upstream: better error message when trying to use a FIDO key + + function and SecurityKeyProvider is empty - Move several subprocess-related functions from various - locations to misc.c. Extend subprocess() to offer a little more control over - stdio disposition. + OpenBSD-Commit-ID: e56602c2ee8c82f835d30e4dc8ee2e4a7896be24 + +commit b81e66dbe0345aef4717911abcb4f589fff33a0a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Feb 27 02:32:37 2020 +0000 + + upstream: Drop leading space from line count that was confusing - feedback & ok dtucker@ + ssh-keygen's screen mode. - Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 + OpenBSD-Commit-ID: 3bcae7a754db3fc5ad3cab63dd46774edb35b8ae -commit 643c2ad82910691b2240551ea8b14472f60b5078 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Aug 12 06:46:01 2017 +0000 +commit d5ba1c03278eb079438bb038266d80d7477d49cb +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Wed Feb 26 13:40:09 2020 +0000 - upstream commit + upstream: change explicit_bzero();free() to freezero() - make "--" before the hostname terminate command-line - option processing completely; previous behaviour would not prevent further - options appearing after the hostname (ssh has a supported options after the - hostname for >20 years, so that's too late to change). + While freezero() returns early if the pointer is NULL the tests for + NULL in callers are left to avoid warnings about passing an + uninitialised size argument across a function boundry. - ok deraadt@ + ok deraadt@ djm@ - Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 + OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a -commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Aug 12 06:42:52 2017 +0000 +commit 9e3220b585c5be19a7431ea4ff8884c137b3a81c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 26 11:46:51 2020 +0000 - upstream commit + upstream: Have sftp reject "-1" in the same way as ssh(1) and - Switch from aes256-cbc to aes256-ctr for encrypting - new-style private keys. The latter having the advantage of being supported - for no-OpenSSL builds; bz#2754 ok markus@ + scp(1) do instead of accepting and silently ignoring it since protocol 1 + support has been removed. Spotted by shivakumar2696 at gmail.com, ok + deraadt@ - Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 + OpenBSD-Commit-ID: b79f95559a1c993214f4ec9ae3c34caa87e9d5de -commit c4972d0a9bd6f898462906b4827e09b7caea2d9b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 11 04:47:12 2017 +0000 +commit ade8e67bb0f07b12e5e47e7baeafbdc898de639f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 26 01:31:47 2020 +0000 - upstream commit + upstream: Remove obsolete XXX comment. ok deraadt@ - refuse to a private keys when its corresponding .pub key - does not match. bz#2737 ok dtucker@ + OpenBSD-Commit-ID: bc462cc843947feea26a2e21c750b3a7469ff01b + +commit 7eb903f51eba051d7f65790bab92a28970ac1ccc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Feb 24 04:27:58 2020 +0000 + + upstream: Fix typo. Patch from itoama at live.jp via github PR#173. - Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 + OpenBSD-Commit-ID: 5cdaafab38bbdea0d07e24777d00bfe6f972568a -commit 4b3ecbb663c919132dddb3758e17a23089413519 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Aug 11 04:41:08 2017 +0000 +commit b2491c289dd1b557a18a2aca04eeff5c157fc5ef +Author: Nico Kadel-Garcia <nkadel@gmail.com> +Date: Sat Oct 12 17:51:01 2019 -0400 - upstream commit + Switch %define to %global for redhat/openssh.spec + +commit b18dcf6cca7c7aba1cc22e668e04492090ef0255 +Author: mkontani <itoama@live.jp> +Date: Fri Feb 21 00:54:49 2020 +0900 + + fix some typos and sentence + +commit 0001576a096f788d40c2c0a39121cff51bf961ad +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 21 00:04:43 2020 +0000 + + upstream: Fix some typos and an incorrect word in docs. Patch from - don't print verbose error message when ssh disconnects - under sftp; bz#2750; ok dtucker@ + itoama at live.jp via github PR#172. - Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 + OpenBSD-Commit-ID: 166ee8f93a7201fef431b9001725ab8b269d5874 -commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 +commit 99ff8fefe4b2763a53778d06b5f74443c8701615 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Aug 11 04:16:35 2017 +0000 +Date: Thu Feb 20 05:58:08 2020 +0000 - upstream commit + upstream: Update moduli generation script to new ssh-keygen - Tweak previous keepalive commit: if last_time + keepalive - <= now instead of just "<" so client_alive_check will fire if the select - happens to return on exact second of the timeout. ok djm@ + generation and screening command line flags. - Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc + OpenBSD-Commit-ID: 5010ff08f7ad92082e87dde098b20f5c24921a8f -commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a +commit 700d16f5e534d6de5a3b7105a74a7a6f4487b681 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Aug 11 03:58:36 2017 +0000 +Date: Thu Feb 20 05:41:51 2020 +0000 - upstream commit + upstream: Import regenerated moduli. - Keep track of the last time we actually heard from the - client and use this to also schedule a client_alive_check(). Prevents - activity on a forwarded port from indefinitely preventing the select timeout - so that client_alive_check() will eventually (although not optimally) be - called. + OpenBSD-Commit-ID: 7b7b619c1452a459310b0cf4391c5757c6bdbc0f + +commit 4753b74ba0f09e4aacdaab5e184cd540352004d5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 20 16:42:50 2020 +1100 + + Import regenerated moduli. + +commit 11d427162778c18fa42917893a75d178679a2389 +Author: HARUYAMA Seigo <haruyama@unixuser.org> +Date: Fri Feb 14 16:14:23 2020 +0900 + + Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/ + +commit 264a966216137c9f4f8220fd9142242d784ba059 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 18 08:58:33 2020 +0000 + + upstream: Ensure that the key lifetime provided fits within the - Analysis by willchan at google com via bz#2756, feedback & ok djm@ + values allowed by the wire format (u32). Prevents integer wraparound of the + timeout values. bz#3119, ok markus@ djm@ - Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e + OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2 -commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 28 14:50:59 2017 +1000 +commit de1f3564cd85915b3002859873a37cb8d31ac9ce +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 18 08:49:49 2020 +0000 - Expose list of completed auth methods to PAM + upstream: Detect and prevent simple configuration loops when using - bz#2408; ok dtucker@ + ProxyJump. bz#3057, ok djm@ + + OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037 -commit c78e6eec78c88acf8d51db90ae05a3e39458603d -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 21 14:38:16 2017 +1000 +commit 30144865bfa06b12239cfabc37c45e5ddc369d97 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sun Feb 16 21:15:43 2020 +0000 - fix problems in tunnel forwarding portability code + upstream: document -F none; with jmc@ - This fixes a few problems in the tun forwarding code, mostly to do - with host/network byte order confusion. + OpenBSD-Commit-ID: 0eb93b75473d2267aae9200e02588e57778c84f2 + +commit 011052de73f3dbc53f50927ccf677266a9ade4f6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 17 22:55:51 2020 +1100 + + Remove unused variable warning. + +commit 31c9348c5e4e94e9913ec64b3ca6e15f68ba19e5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 17 22:53:24 2020 +1100 + + Constify aix_krb5_get_principal_name. - Based on a report and patch by stepe AT centaurus.uberspace.de; - bz#2735; ok dtucker@ + Prevents warning about discarding type qualifiers on AIX. -commit 2985d4062ebf4204bbd373456a810d558698f9f5 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jul 25 09:22:25 2017 +0000 +commit 290c994336a2cfe03c5496bebb6580863f94b232 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 17 22:51:36 2020 +1100 - upstream commit + Check if TILDE is already defined and undef. - Make WinSCP patterns for SSH_OLD_DHGEX more specific to - exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ + Prevents redefinition warning on AIX. + +commit 41a2e64ae480eda73ee0e809bbe743d203890938 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 17 22:51:00 2020 +1100 + + Prevent unused variable warning. + +commit d4860ec4efd25ba194337082736797fce0bda016 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 17 22:48:50 2020 +1100 + + Check if getpeereid is actually declared. - Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a + Check in sys/socket.h (AIX) and unistd.h (FreeBSD, DragonFLy and OS X). + Prevents undeclared function warning on at least some versions of AIX. -commit 9f0e44e1a0439ff4646495d5735baa61138930a9 +commit 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jul 24 04:34:28 2017 +0000 +Date: Fri Feb 14 00:39:20 2020 +0000 - upstream commit + upstream: openssh-8.2 - g/c unused variable; make a little more portable + OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b + +commit 72f0ce33f0d5a37f31bad5800d1eb2fbdb732de6 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Feb 12 09:28:35 2020 +1100 + + crank version numbers + +commit b763ed05bd1f1f15ae1727c86a4498546bc36ca8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 11 12:51:24 2020 +1100 + + Minor documentation update: - Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea + - remove duplication of dependency information (it's all in INSTALL). + - SSHFP is now an RFC. + +commit 14ccfdb7248e33b1dc8bbac1425ace4598e094cb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Feb 9 11:23:35 2020 +1100 + + Check if UINT32_MAX is defined before redefining. + +commit be075110c735a451fd9d79a864e01e2e0d9f19d2 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 7 15:07:27 2020 +1100 -commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 + typo; reported by Phil Pennock + +commit 963d71851e727ffdd2a97fe0898fad61d4a70ba1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Jul 23 23:37:02 2017 +0000 +Date: Fri Feb 7 03:57:31 2020 +0000 - upstream commit + upstream: sync the description of the $SSH_SK_PROVIDER environment - Allow IPQoS=none in ssh/sshd to not set an explicit - ToS/DSCP value and just use the operating system default; ok dtucker@ + variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive, + as the latter was more descriptive. - Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e + OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f -commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 21 14:24:26 2017 +1000 +commit d4d9e1d40514e2746f9e05335d646512ea1020c6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 7 03:54:44 2020 +0000 - mention libedit + upstream: Add ssh -Q key-sig for all key and signature types. + + Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as + an alias for the corresponding query. Man page help jmc@, ok djm@. + + OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8 -commit dc2bd308768386b02c7337120203ca477e67ba62 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Jul 19 08:30:41 2017 +0000 +commit fd68dc27864b099b552a6d9d507ca4b83afd6a76 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 7 03:27:54 2020 +0000 - upstream commit + upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more - fix support for unknown key types; ok djm@ + than the intended number of prompts (3) and 2) it would SEGV too many + incorrect PINs were entered; based on patch by Gabriel Kihlman - Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 + OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718 -commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 +commit 96bd895a0a0b3a36f81c14db8c91513578fc5563 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jul 19 01:15:02 2017 +0000 +Date: Thu Feb 6 22:48:23 2020 +0000 - upstream commit + upstream: When using HostkeyAlgorithms to merely append or remove - switch from select() to poll() for the ssh-agent - mainloop; ok markus + algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the + default behaviour of preferring those algorithms that have existing keys in + known_hosts; ok markus - Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 + OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed -commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jul 14 03:18:21 2017 +0000 +commit c7288486731734a864b58d024b1395029b55bbc5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 6 22:46:31 2020 +0000 - upstream commit + upstream: expand HostkeyAlgorithms prior to config dump, matching - Make ""Killed by signal 1" LogLevel verbose so it's not - shown at the default level. Prevents it from appearing during ssh -J and - equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ + other algorithm lists; ok markus@ - Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 + OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0 -commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Thu Jul 13 19:16:33 2017 +0000 +commit a6ac5d36efc072b15690c65039754f8e44247bdf +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Feb 6 22:34:58 2020 +0000 - upstream commit - - man pages with pseudo synopses which list filenames end - up creating very ugly output in man -k; after some discussion with ingo, we - feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly - helpful at page top, is contained already in FILES, and there are - sufficiently few that just zapping them is simple; + upstream: Add Include to the list of permitted keywords after a - ok schwarze, who also helpfully ran things through a build to check - output; + Match keyword. ok markus@ - Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c + OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb -commit 7f13a4827fb28957161de4249bd6d71954f1f2ed -Author: espie@openbsd.org <espie@openbsd.org> -Date: Mon Jul 10 14:09:59 2017 +0000 +commit a47f6a6c0e06628eed0c2a08dc31a8923bcc37ba +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Feb 6 22:30:54 2020 +0000 - upstream commit + upstream: Replace "security key" with "authenticator" in program - zap redundant Makefile variables. okay djm@ + messages. + + This replaces "security key" in error/usage/verbose messages and + distinguishes between "authenticator" and "authenticator-hosted key". + + ok djm@ - Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 + OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e -commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Jul 8 18:32:54 2017 +0000 +commit 849a9b87144f8a5b1771de6c85e44bfeb86be9a9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 6 11:28:14 2020 +1100 - upstream commit + Don't look for UINT32_MAX in inttypes.h - slightly rework previous, to avoid an article issue; + ... unless we are actually going to use it. Fixes build on HP-UX + without the potential impact to other platforms of a header change + shortly before release. + +commit a2437f8ed0c3be54ddd21630a93c68ebd168286f +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 6 12:02:22 2020 +1100 + + depend + +commit 9716e8c4956acdd7b223d1642bfa376e07e7503d +Author: Michael Forney <mforney@mforney.org> +Date: Wed Nov 27 19:17:26 2019 -0800 + + Fix sha2 MAKE_CLONE no-op definition - Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 + The point of the dummy declaration is so that MAKE_CLONE(...) can have + a trailing semicolon without introducing an empty declaration. So, + the macro replacement text should *not* have a trailing semicolon, + just like DEF_WEAK. -commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 +commit d596b1d30dc158915a3979fa409d21ff2465b6ee Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jul 7 03:53:12 2017 +0000 +Date: Tue Feb 4 09:58:04 2020 +0000 - upstream commit + upstream: require FIDO application strings to start with "ssh:"; ok - When generating all hostkeys (ssh-keygen -A), clobber - existing keys if they exist but are zero length. zero-length keys could - previously be made if ssh-keygen failed part way through generating them, so - avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ + markus@ - Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 + OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb -commit 43616876ba68a2ffaece6a6c792def4b039f2d6e +commit 501f3582438cb2cb1cb92be0f17be490ae96fb23 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jul 1 22:55:44 2017 +0000 +Date: Mon Feb 3 23:47:57 2020 +0000 - upstream commit + upstream: revert enabling UpdateHostKeys by default - there are still - actually remove these files + corner cases we need to address; ok markus - Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac + OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57 -commit 83fa3a044891887369ce8b487ce88d713a04df48 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jul 1 13:50:45 2017 +0000 +commit 072f3b832d2a4db8d9880effcb6c4d0dad676504 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Feb 3 08:15:37 2020 +0000 - upstream commit + upstream: use better markup for challenge and write-attestation, and - remove post-SSHv1 removal dead code from rsa.c and merge - the remaining bit that it still used into ssh-rsa.c; ok markus + rejig the challenge text a little; - Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f + ok djm + + OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f -commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 +commit 262eb05a22cb1fabc3bc1746c220566490b80229 Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 14 14:26:36 2017 +1000 - - make explicit_bzero/memset safe for sz=0 - -commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 -Author: Tim Rice <tim@multitalents.net> -Date: Tue Jul 11 18:47:56 2017 -0700 +Date: Mon Feb 3 21:22:15 2020 +1100 - modified: configure.ac - UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris - Analysis by Robbie Zhang + mention libfido2 in dependencies section -commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 +commit ccd3b247d59d3bde16c3bef0ea888213fbd6da86 Author: Damien Miller <djm@mindrot.org> -Date: Fri Jul 7 11:21:27 2017 +1000 +Date: Mon Feb 3 19:40:12 2020 +1100 - typo + add clock_gettime64(2) to sandbox allowed syscalls + + bz3093 -commit d79bceb9311a9c137d268f5bc481705db4151810 +commit adffbe1c645ad2887ba0b6d24c194aa7a40c5735 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 30 04:17:23 2017 +0000 +Date: Sun Feb 2 09:45:34 2020 +0000 - upstream commit + upstream: Output (none) in debug in the case in the CheckHostIP=no case - Only call close once in confree(). ssh_packet_close will - close the FD so only explicitly close non-SSH channels. bz#2734, from - bagajjal at microsoft.com, ok djm@ + as suggested by markus@ - Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 + OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf -commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Jun 29 15:40:25 2017 +1000 +commit 58c819096a2167983e55ae686486ce317b69b2d1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Feb 2 09:22:22 2020 +0000 - Update link for my patches. + upstream: Prevent possible null pointer deref of ip_str in debug. + + OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf -commit a98339edbc1fc21342a390f345179a9c3031bef7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 28 01:09:22 2017 +0000 +commit 0facae7bc8d3f8f9d02d0f6bed3d163ff7f39806 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sun Feb 2 07:36:50 2020 +0000 - upstream commit + upstream: shuffle the challenge keyword to keep the -O list sorted; - Allow ssh-keygen to use a key held in ssh-agent as a CA when - signing certificates. bz#2377 ok markus - - Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f + OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe -commit c9cdef35524bd59007e17d5bd2502dade69e2dfb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 06:35:24 2017 +0000 +commit 6fb3dd0ccda1c26b06223b87bcd1cab9ec8ec3cc +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sat Feb 1 06:53:12 2020 +0000 - upstream commit + upstream: tweak previous; - regress test for ExposeAuthInfo + OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3 + +commit 92725d4d3fde675acc0ca040b48f3d0c7be73b7f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 1 17:25:09 2020 +1100 + + Use sys-queue.h from compat library. - Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd + Fixes build on platforms that don't have sys/queue.h (eg MUSL). -commit f17ee61cad25d210edab69d04ed447ad55fe80c1 +commit 677d0ece67634262b3b96c3cd6410b19f3a603b7 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 07:08:57 2017 +0000 +Date: Fri Jan 31 23:25:08 2020 +0000 - upstream commit + upstream: regress test for sshd_config Include directive; from Jakub - correct env var name + Jelen - Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 + OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4 -commit 40962198e3b132cecdb32e9350acd4294e6a1082 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Jun 24 06:57:04 2017 +0000 +commit d4f4cdd681ab6408a98419f398b75a55497ed324 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 31 23:13:04 2020 +0000 - upstream commit - - spelling; + upstream: whitespace - Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 + OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772 -commit 33f86265d7e8a0e88d3a81745d746efbdd397370 +commit 245399dfb3ecebc6abfc2ef4ee2e650fa9f6942b Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 06:38:11 2017 +0000 +Date: Fri Jan 31 23:11:25 2020 +0000 - upstream commit + upstream: force early logging to stderr if debug_flag (-d) is set; - don't pass pointer to struct sshcipher between privsep - processes, just redo the lookup in each using the already-passed cipher name. - bz#2704 based on patch from Brooks Davis; ok markus dtucker + avoids missing messages from re-exec config passing - Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 + OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff -commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 +commit 7365f28a66d1c443723fbe6f4a2612ea6002901e Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 06:34:38 2017 +0000 +Date: Fri Jan 31 23:08:08 2020 +0000 - upstream commit - - refactor authentication logging + upstream: mistake in previous: filling the incorrect buffer - optionally record successful auth methods and public credentials - used in a file accessible to user sessions + OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a + +commit c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 31 22:42:45 2020 +0000 + + upstream: Add a sshd_config "Include" directive to allow inclusion - feedback and ok markus@ + of files. This has sensible semantics wrt Match blocks and accepts glob(3) + patterns to specify the included files. Based on patch by Jakub Jelen in + bz2468; feedback and ok markus@ - Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb + OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff -commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba +commit ba261a1dd33266168ead4f8f40446dcece4d1600 Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Jun 24 06:28:50 2017 +0000 +Date: Fri Jan 31 22:25:59 2020 +0000 - upstream commit - - word fix; + upstream: spelling fix; - Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5 + OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402 -commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513 +commit 771891a044f763be0711493eca14b6b0082e030f Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 05:37:44 2017 +0000 +Date: Thu Jan 30 22:25:34 2020 +0000 - upstream commit - - switch sshconnect.c from (slightly abused) select() to - poll(); ok deraadt@ a while back + upstream: document changed default for UpdateHostKeys - Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175 + OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c -commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765 +commit d53a518536c552672c00e8892e2aea28f664148c Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 05:35:05 2017 +0000 +Date: Thu Jan 30 22:19:32 2020 +0000 - upstream commit + upstream: enable UpdateKnownHosts=yes if the configuration - use HostKeyAlias if specified instead of hostname for - matching host certificate principal names; bz#2728; ok dtucker@ + specifies only the default known_hosts files, otherwise select + UpdateKnownHosts=ask; ok markus@ - Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd + OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7 + +commit bb63ff844e818d188da4fed3c016e0a4eecbbf25 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 30 18:54:42 2020 +1100 -commit 8904ffce057b80a7472955f1ec00d7d5c250076c + Look in inttypes.h for UINT32_MAX. + + Should prevent warnings on at least some AIX versions. + +commit afeb6a960da23f0a5cbc4b80cca107c7504e932a Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 24 05:24:11 2017 +0000 +Date: Thu Jan 30 07:21:38 2020 +0000 - upstream commit + upstream: use sshpkt_fatal() instead of plain fatal() for - no need to call log_init to reinitialise logged PID in - child sessions, since we haven't called openlog() in log_init() since 1999; - ok markus@ + ssh_packet_write_poll() failures here too as the former yields better error + messages; ok dtucker@ - Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e + OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3 -commit e238645d789cd7eb47541b66aea2a887ea122c9b -Author: mestre@openbsd.org <mestre@openbsd.org> -Date: Fri Jun 23 07:24:48 2017 +0000 +commit 65d6fd0a8a6f31c3ddf0c1192429a176575cf701 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 30 07:20:57 2020 +0000 - upstream commit + upstream: check the return value of ssh_packet_write_poll() and - When using the escape sequence &~ the code path is - client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() - and the pledge for this path lacks the proc promise and therefore aborts the - process. The solution is to just add proc the promise to this specific - pledge. + call sshpkt_fatal() if it fails; avoid potential busy-loop under some + circumstances. Based on patch by Mike Frysinger; ok dtucker@ - Reported by Gregoire Jadi gjadi ! omecha.info - Insight with tb@, OK jca@ - - Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b + OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec -commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 23 03:30:42 2017 +0000 +commit dce74eab0c0f9010dc84c62500a17771d0131ff3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 30 07:20:05 2020 +0000 - upstream commit + upstream: have sshpkt_fatal() save/restore errno before we - Import regenerated moduli. + potentially call strerror() (via ssh_err()); ok dtucker - Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95 + OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787 -commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 23 03:25:53 2017 +0000 +commit 14ef4efe2bf4180e085ea6738fdbebc199458b0c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 29 08:17:49 2020 +0000 - upstream commit + upstream: markus suggests a simplification to previous - Run the screen twice so we end up with more candidate - groups. ok djm@ - - Upstream-ID: b92c93266d8234d493857bb822260dacf4366157 + OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de -commit 4626e39c7053c6486c1c8b708ec757e464623f5f -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jun 14 00:31:38 2017 +0000 +commit 101ebc3a8cfa78d2e615afffbef9861bbbabf1ff +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 29 07:51:30 2020 +0000 - upstream commit + upstream: give more context to UpdateHostKeys messages, mentioning - Add user@host prefix to client's "Permisison denied" - messages, useful in particular when using "stacked" connections where it's - not clear which host is denying. bz#2720, ok djm@ markus@ + that the changes are validated by the existing trusted host key. Prompted by + espie@ feedback and ok markus@ - Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be + OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5 -commit c948030d54911b2d3cddb96a7a8e9269e15d11cd +commit 24c0f752adf9021277a7b0a84931bb5fe48ea379 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 13 12:13:59 2017 +0000 +Date: Tue Jan 28 08:01:34 2020 +0000 - upstream commit + upstream: changes to support FIDO attestation - Do not require that unknown EXT_INFO extension values not - contain \0 characters. This would cause fatal connection errors if an - implementation sent e.g. string-encoded sub-values inside a value. + Allow writing to disk the attestation certificate that is generated by + the FIDO token at key enrollment time. These certificates may be used + by an out-of-band workflow to prove that a particular key is held in + trustworthy hardware. - Reported by Denis Bider; ok markus@ + Allow passing in a challenge that will be sent to the card during + key enrollment. These are needed to build an attestation workflow + that resists replay attacks. - Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c + ok markus@ + + OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6 -commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e +commit 156bef36f93a48212383235bb8e3d71eaf2b2777 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jun 13 11:22:15 2017 +0000 +Date: Tue Jan 28 07:24:15 2020 +0000 - upstream commit + upstream: disable UpdateHostKeys=ask when in quiet mode; "work for - missing prototype. + me" matthieu@ - Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 + OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7 -commit bcd1485075aa72ba9418003f5cc27af2b049c51b +commit ec8a759b4045e54d6b38e690ffee4cbffc53c7b7 Author: Damien Miller <djm@mindrot.org> -Date: Sat Jun 10 23:41:25 2017 +1000 +Date: Tue Jan 28 12:57:25 2020 +1100 - portability for sftp globbed ls sort by mtime - - Include replacement timespeccmp() for systems that lack it. - Support time_t struct stat->st_mtime in addition to - timespec stat->st_mtim, as well as unsorted fallback. + compat for missing IPTOS_DSCP_LE in system headers -commit 072e172f1d302d2a2c6043ecbfb4004406717b96 +commit 4594c7627680c4f41c2ad5fe412e55b7cc79b10c Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 10 06:36:46 2017 +0000 +Date: Tue Jan 28 01:49:36 2020 +0000 - upstream commit + upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986, - print '?' instead of incorrect link count (that the - protocol doesn't provide) for remote listings. bz#2710 ok dtucker@ + based on patch by veegish AT cyberstorm.mu - Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e + OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425 -commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jun 10 06:33:34 2017 +0000 +commit da22216b5db3613325aa7b639f40dc017e4c6f69 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Mon Jan 27 20:51:32 2020 +0000 - upstream commit + upstream: disable UpdateHostKeys=ask if command is specified; ok - implement sorting for globbed ls; bz#2649 ok dtucker@ + djm@ sthen@ - Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8 + OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7 -commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721 +commit 1e1db0544fdd788e2e3fc21d972a7ccb7de6b4ae Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 9 06:47:13 2017 +0000 +Date: Sun Jan 26 00:09:50 2020 +0000 - upstream commit + upstream: unbreak unittests for recent API / source file changes - return failure rather than fatal() for more cases during - mux negotiations. Causes the session to fall back to a non-mux connection if - they occur. bz#2707 ok dtucker@ + OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0 + +commit 0d1144769151edf65f74aee9a4c8545c37861695 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jan 26 15:09:15 2020 +1100 + + Move definition of UINT32_MAX. - Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab + This allows us to always define it if needed not just if we also + define the type ourself. -commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976 +commit f73ab8a811bc874c2fb403012aa8e4bfdcaf5ec7 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 9 06:43:01 2017 +0000 +Date: Sun Jan 26 00:09:50 2020 +0000 - upstream commit + upstream: unbreak unittests for recent API / source file changes - in description of public key authentication, mention that - the server will send debug messages to the client for some error conditions - after authentication has completed. bz#2709 ok dtucker + OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0 + +commit 0373f9eba2b63455dceedbd3ac3d5dca306789ff +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jan 26 14:09:17 2020 +1100 + + Include signal.h to prevent redefintion of _NSIG. + +commit 638a45b5c1e20a8539100ca44166caad8abf26f8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jan 26 13:40:51 2020 +1100 + + Wrap stdint.h in tests inside HAVE_STDINT_H. + +commit 74dfc2c859c906eaab1f88a27fd883115ffb928f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jan 26 00:14:45 2020 +0000 + + upstream: for UpdateHostKeys, don't report errors for unsupported - Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd + key types - just ignore them. spotted by and ok dtucker@ + + OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473 -commit 2076e4adb986512ce8c415dd194fd4e52136c4b4 +commit b59618246c332e251160be0f1e0e88a7d4e2b0ae Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 9 06:40:24 2017 +0000 +Date: Sun Jan 26 00:13:20 2020 +0000 - upstream commit + upstream: downgrade error() for missing subsequent known_hosts - better translate libcrypto errors by looking deeper in - the accursed error stack for codes that indicate the wrong passphrase was - supplied for a PEM key. bz#2699 ok dtucker@ + files to debug() as it was intended to be; spotted by dtucker@ - Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 + OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9 -commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jun 9 04:40:04 2017 +0000 +commit 469df611f778eec5950d556aabfe1d4efc227915 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 23:33:27 2020 +0000 - upstream commit + upstream: clarify that BatchMode applies to all interactive prompts - Add comments referring to the relevant RFC sections for - rekeying behaviour. + (e.g. host key confirmation) and not just password prompts. - Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40 + OpenBSD-Commit-ID: 97b001883d89d3fb1620d2e6b747c14a26aa9818 -commit ce9134260b9b1247e2385a1afed00c26112ba479 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jun 9 14:43:47 2017 +1000 +commit de40876c4a5d7c519d3d7253557572fdfc13db76 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 23:28:06 2020 +0000 - drop two more privileges in the Solaris sandbox + upstream: tidy headers; some junk snuck into sshbuf-misc.c and - Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO. - Patch from huieying.lee AT oracle.com via bz#2723 + sshbuf-io.c doesn't need SSHBUF_INTERNAL set + + OpenBSD-Commit-ID: 27a724d2e0b2619c1a1490f44093bbd73580d9e6 -commit e0f609c8a2ab940374689ab8c854199c3c285a76 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Jun 9 13:36:29 2017 +1000 +commit 6a107606355fa9547884cad6740e6144a7a7955b +Author: Damien Miller <djm@mindrot.org> +Date: Sun Jan 26 10:28:21 2020 +1100 - Wrap stdint.h include in #ifdef. + depend -commit 1de5e47a85850526a4fdaf77185134046c050f75 +commit 59d01f1d720ebede4da42882f592d1093dac7adc Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jun 7 01:48:15 2017 +0000 +Date: Sat Jan 25 23:13:09 2020 +0000 - upstream commit + upstream: improve the error message for u2f enrollment errors by - unbreak after sshv1 purge + making ssh-keygen be solely responsible for printing the error message and + convertint some more common error responses from the middleware to a useful + ssherr.h status code. more detail remains visible via -v of course. - Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b - -commit 550c053168123fcc0791f9952abad684704b5760 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jun 6 09:12:17 2017 +0000 - - upstream commit + also remove indepedent copy of sk-api.h declarations in sk-usbhid.c + and just include it. - Fix compression output stats broken in rev 1.201. Patch - originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok - djm@ + feedback & ok markus@ - Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016 + OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb -commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39 +commit 99aa8035554ddb976348d2a9253ab3653019728d Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jun 2 06:06:10 2017 +0000 +Date: Sat Jan 25 23:02:13 2020 +0000 - upstream commit + upstream: factor out reading/writing sshbufs to dedicated - rationalise the long list of manual CDIAGFLAGS that we - add; most of these were redundant to -Wall -Wextra + functions; feedback and ok markus@ - Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c + OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d -commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1 +commit 065064fcf455778b0918f783033b374d4ba37a92 Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 1 06:59:21 2017 +0000 +Date: Sat Jan 25 22:49:38 2020 +0000 - upstream commit + upstream: add a comment describing the ranges of channel IDs that - no need to bzero allocated space now that we use use - recallocarray; ok deraadt@ + we use; requested by markus@ - Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8 + OpenBSD-Commit-ID: 83a1f09810ffa3a96a55fbe32675b34ba739e56b -commit cc812baf39b93d5355565da98648d8c31f955990 +commit 69334996ae203c51c70bf01d414c918a44618f8e Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 1 06:58:25 2017 +0000 +Date: Sat Jan 25 22:41:01 2020 +0000 - upstream commit + upstream: make sshd_config:ClientAliveCountMax=0 disable the - unconditionally zero init size of buffer; ok markus@ - deraadt@ + connection killing behaviour, rather than killing the connection after + sending the first liveness test probe (regardless of whether the client was + responsive) bz2627; ok markus - Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29 + OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf -commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jun 1 16:25:09 2017 +1000 +commit bf986a9e2792555e0879a3145fa18d2b49436c74 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 22:36:22 2020 +0000 - avoid compiler warning + upstream: clarify order of AllowUsers/DenyUsers vs + + AllowGroups/DenyGroups; bz1690, ok markus@ + + OpenBSD-Commit-ID: 5637584ec30db9cf64822460f41b3e42c8f9facd -commit 2d75d74272dc2a0521fce13cfe6388800c9a2406 +commit 022ce92fa0daa9d78830baeb2bd2dc3f83c724ba Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 1 06:16:43 2017 +0000 +Date: Sat Jan 25 07:17:18 2020 +0000 - upstream commit + upstream: when AddKeysToAgent=yes is set and the key contains no - some warnings spotted by clang; ok markus@ + comment, add the key to the agent with the key's path as the comment. bz2564 - Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b + OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f -commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jun 1 15:25:13 2017 +1000 +commit 0b813436bbf6546638b10c1fa71f54691bcf5e63 +Author: tedu@openbsd.org <tedu@openbsd.org> +Date: Sat Jan 25 07:09:14 2020 +0000 - add recallocarray replacement and dependency + upstream: group14-sha1 is no longer a default algorithm - recallocarray() needs getpagesize() so add a tiny replacement for that. + OpenBSD-Commit-ID: a96f04d5e9c2ff760c6799579dc44f69b4ff431d -commit 01e6f78924da308447e71e9a32c8a6104ef4e888 -Author: Damien Miller <djm@mindrot.org> -Date: Thu Jun 1 15:16:24 2017 +1000 +commit 3432b6e05d5c583c91c566c5708fed487cec79ac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 07:02:51 2020 +0000 - add *.0 manpage droppings + upstream: reword HashKnownHosts description a little more; some + + people found the wording confusing (bz#2560) + + OpenBSD-Commit-ID: ac30896598694f07d498828690aecd424c496988 -commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36 +commit f80d7d6aa98d6eddc5df02412efee6db75673d4c Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jun 1 04:51:58 2017 +0000 +Date: Sat Jan 25 07:01:00 2020 +0000 - upstream commit + upstream: weaken the language for what HashKnownHosts provides with - fix casts re constness + regards to known_hosts name privacy, it's not practical for this option to + offer any guarantee that hostnames cannot be recovered from a disclosed + known_hosts file (e.g. by brute force). - Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266 + OpenBSD-Commit-ID: 13f1e3285f8acf7244e9770074296bcf446c6972 -commit 75b8af8de805c0694b37fcf80ce82783b2acc86f -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed May 31 10:54:00 2017 +0000 +commit 846446bf3e7421e6671a4afd074bdf15eecd7832 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 06:40:20 2020 +0000 - upstream commit + upstream: the GatewayPorts vs -R listen address selection logic is - make sure we don't pass a NULL string to vfprintf - (triggered by the principals-command regress test); ok bluhm + still confusing people, so add another comment explaining the special + handling of "localhost"; bz#3258 - Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990 + OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a -commit 84008608c9ee944d9f72f5100f31ccff743b10f2 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed May 31 10:04:29 2017 +0000 +commit 734f2f83f5ff86f2967a99d67be9ce22dd0394dd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 06:03:10 2020 +0000 - upstream commit + upstream: mention that permitopen=/PermitOpen do no name to address - use SO_ZEROIZE for privsep communication (if available) + translation; prompted by bz3099 - Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62 + OpenBSD-Commit-ID: 0dda8e54d566b29855e76bebf9cfecce573f5c23 -commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed May 31 09:15:42 2017 +0000 +commit e1e97cae19ff07b7a7f7e82556bc048c3c54af63 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Jan 25 16:30:22 2020 +1100 - upstream commit + include tunnel device path in error message + +commit 0ecd20bc9f0b9c7c697c9eb014613516c8f65834 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 04:48:26 2020 +0000 + + upstream: unrevert this: + + > revision 1.217 + > date: 2019/11/27 03:34:04; author: dtucker; state: Exp; lines: +5 -7; commitid: wkiMn49XJyjzoJIs; + > Make channel_id u_int32_t and remove unnecessary check and cast that were + > left over from the type conversion. Noted by t-hashida@amiya.co.jp in + > bz#3098, ok markus@ djm@ - Switch to recallocarray() for a few operations. Both - growth and shrinkage are handled safely, and there also is no need for - preallocation dances. Future changes in this area will be less error prone. - Review and one bug found by markus + Darren was right the first time; ok dtucker@ "agreed" markus@ - Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 + OpenBSD-Commit-ID: 641dd1b99a6bbd85b7160da462ae1be83432c7c8 -commit dc5dc45662773c0f7745c29cf77ae2d52723e55e -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed May 31 08:58:52 2017 +0000 +commit a0c81d2402eedc514b9c9f25ef9604eb0576b86a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 25 02:57:53 2020 +0000 - upstream commit + upstream: Move setting $NC into test-exec since it's now used by - These shutdown() SHUT_RDWR are not needed before close() - ok djm markus claudio + multiple tests, and in -portable we use our own local copy to avoid + portability problems. - Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5 + OpenBSD-Regress-ID: ceb78445fcaac317bec2fc51b3f0d9589048c114 -commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed May 31 08:09:45 2017 +0000 +commit e16dfa94f86358033531c4a97dcb51508ef84d49 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 25 13:05:42 2020 +1100 - upstream commit - - clear session keys from memory; ok djm@ + Put EC key export inside OPENSSL_HAS_ECC. - Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f + Fixes link error when building against an OpenSSL that does not have + ECC. -commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed May 31 07:00:13 2017 +0000 +commit 94a2e5951b374e1a89761ceaff72e66eb1946807 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 25 00:27:56 2020 +0000 - upstream commit + upstream: Wait a bit longer for the multiplex master to become ready - remove now obsolete ctx from ssh_dispatch_run; ok djm@ + since on very slow hosts the current delay is not sufficient and the test + will fail. - Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29 + OpenBSD-Regress-ID: 6d90c7475d67ac3a95610b64af700629ece51a48 -commit 17ad5b346043c5bbc5befa864d0dbeb76be39390 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed May 31 05:34:14 2017 +0000 +commit b2df804f571d77b07059f087b90955ffbc2f67d4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 24 10:08:17 2020 +0000 - upstream commit + upstream: Add a connection test for proxycommand. This would have - use the ssh_dispatch_run_fatal variant + caught the problem caused by ssh.c rev 1.507 wherein Host and Hostname were + swapped. Prompted by beck@ - Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8 + OpenBSD-Regress-ID: d218500ae6aca4c479c27318fb5b09ebc00f7aae -commit 39896b777320a6574dd06707aebac5fb98e666da +commit c6f06fd38a257b9fcc7d6760f8fb6d505dccb628 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed May 31 05:08:46 2017 +0000 +Date: Sat Jan 25 00:22:31 2020 +0000 - upstream commit + upstream: set UpdateKnownHosts=ask by default; bz#2894; ok - another ctx => ssh conversion (in GSSAPI code) + markus@ - Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0 + OpenBSD-Commit-ID: f09cb3177f3a14c96428e14f347e976a8a531fee -commit 6116bd4ed354a71a733c8fd0f0467ce612f12911 -Author: Damien Miller <djm@mindrot.org> -Date: Wed May 31 14:56:07 2017 +1000 +commit 7955633a554397bc24913cec9fd7285002935f7e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 25 00:21:08 2020 +0000 - fix conversion of kexc25519s.c to struct ssh too + upstream: allow UpdateKnownHosts=yes to function when multiple - git cvsimport missed this commit for some reason + known_hosts files are in use. When updating host keys, ssh will now search + subsequent known_hosts files, but will add new/changed host keys to the first + specified file only. bz#2738 + + ok markus@ + + OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c -commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7 +commit e5a278a62ab49dffe96929fa8d8506c6928dba90 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed May 31 04:29:44 2017 +0000 +Date: Sat Jan 25 00:06:48 2020 +0000 - upstream commit + upstream: process security key provider via realpath() in agent, + + avoids malicious client from being able to cause agent to load arbitrary + libraries into ssh-sk-helper. - spell out that custom options/extensions should follow the - usual SSH naming rules, e.g. "extension@example.com" + reported by puck AT puckipedia.com; ok markus - Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d + OpenBSD-Commit-ID: 1086643df1b7eee4870825c687cf0c26a6145d1c -commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b +commit 89a8d4525e8edd9958ed3df60cf683551142eae0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed May 31 04:17:12 2017 +0000 +Date: Sat Jan 25 00:03:36 2020 +0000 - upstream commit + upstream: expose PKCS#11 key labels/X.509 subjects as comments + + Extract the key label or X.509 subject string when PKCS#11 keys + are retrieved from the token and plumb this through to places where + it may be used as a comment. - one more void *ctx => struct ssh *ssh conversion + based on https://github.com/openssh/openssh-portable/pull/138 + by Danielle Church + + feedback and ok markus@ - Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2 + OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35 -commit c04e979503e97f52b750d3b98caa6fe004ab2ab9 +commit a8c05c640873621681ab64d2e47a314592d5efa2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed May 31 00:43:04 2017 +0000 +Date: Fri Jan 24 23:56:01 2020 +0000 - upstream commit + upstream: tweak proctitle to include sshd arguments, as these are - fix possible OOB strlen() in SOCKS4A hostname parsing; - ok markus@ + frequently used to distinguish between multiple independent instances of the + server. New proctitle looks like this: - Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11 - -commit a3bb250c93bfe556838c46ed965066afce61cffa -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 30 19:38:17 2017 +0000 - - upstream commit + $ pgrep -lf sshd + 12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups - tweak previous; + requested by sthen@ and aja@; ok aja@ - Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031 + OpenBSD-Commit-ID: cf235a561c655a3524a82003cf7244ecb48ccc1e -commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc -Author: bluhm@openbsd.org <bluhm@openbsd.org> -Date: Tue May 30 18:58:37 2017 +0000 +commit 8075fccbd4f70a4371acabcfb47562471ff0de6f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 24 23:54:40 2020 +0000 - upstream commit + upstream: add xextendf() to extend a string with a format - Add RemoteCommand option to specify a command in the - ssh config file instead of giving it on the client's command line. This - command will be executed on the remote host. The feature allows to automate - tasks using ssh config. OK markus@ + (reallocating as necessary). ok aja@ as part of a larger diff - Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee + OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9 -commit eb272ea4099fd6157846f15c129ac5727933aa69 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:29:59 2017 +0000 +commit d15c8adf2c6f1a6b4845131074383eb9c3d05c3d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 24 05:33:01 2020 +0000 - upstream commit + upstream: minor tweaks to ssh-keygen -Y find-principals: + + emit matched principals one per line to stdout rather than as comma- + separated and with a free-text preamble (easy confusion opportunity) - switch auth2 to ssh_dispatch API; ok djm@ + emit "not found" error to stderr - Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f + fix up argument testing for -Y operations and improve error message for + unsupported operations + + OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c -commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:27:22 2017 +0000 +commit c3368a5d5ec368ef6bdf9971d6330ca0e3bdca06 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 24 00:28:57 2020 +0000 - upstream commit + upstream: remove ssh-rsa (SHA1) from the list of allowed CA - switch auth2-none.c to modern APIs; ok djm@ + signature algorithms ok markus - Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b + OpenBSD-Commit-ID: da3481fca8c81e6951f319a86b7be67502237f57 -commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:26:49 2017 +0000 +commit 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 24 00:27:04 2020 +0000 - upstream commit + upstream: when signing a certificate with an RSA key, default to - switch auth2-passwd.c to modern APIs; ok djm@ + a safe signature algorithm (rsa-sha-512) if not is explicitly specified by + the user; ok markus@ - Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7 + OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9 -commit eb76698b91338bd798c978d4db2d6af624d185e4 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:25:42 2017 +0000 +commit 8dfb6a202c96cdf037c8ce05e53e32e0e0b7b454 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 24 00:00:31 2020 +0000 - upstream commit + upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch - switch auth2-hostbased.c to modern APIs; ok djm@ + from Jakub Jelen ok markus@ - Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e + OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51 -commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:23:52 2017 +0000 +commit 72a8bea2d748c8bd7f076a8b39a52082c79ae95f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 23 23:31:52 2020 +0000 - upstream commit + upstream: ssh-keygen -Y find-principals fixes based on feedback - protocol handlers all get struct ssh passed; ok djm@ + from Markus: - Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d + use "principals" instead of principal, as allowed_signers lines may list + multiple. + + When the signing key is a certificate, emit only principals that match + the certificate principal list. + + NB. the command -Y name changes: "find-principal" => "find-principals" + + ok markus@ + + OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf -commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:19:15 2017 +0000 +commit 0585b5697201f5d8b32e6f1b0fee7e188268d30d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 24 01:29:23 2020 +0000 - upstream commit - - ssh: pass struct ssh to auth functions, too; ok djm@ + upstream: Do not warn about permissions on symlinks. - Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd + OpenBSD-Regress-ID: 339d4cbae224bd8743ffad9c3afb0cf3cb66c357 -commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:18:15 2017 +0000 +commit 415192348a5737a960f6d1b292a17b64d55b542c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 11:19:12 2020 +0000 - upstream commit + upstream: Handle zlib compression being disabled now that it's - sshd: pass struct ssh to auth functions; ok djm@ + optional. - Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488 + OpenBSD-Regress-ID: 0af4fbc5168e62f89d0350de524bff1cb00e707a -commit 7da5df11ac788bc1133d8d598d298e33500524cc -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:16:41 2017 +0000 +commit fbce7c1a898ae75286349822950682cf46346121 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 10:53:04 2020 +0000 - upstream commit - - remove unused wrapper functions from key.[ch]; ok djm@ + upstream: Fix typo in comment. - Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e + OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a -commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:15:17 2017 +0000 +commit ba247af8e9e302910e22881ef9d307a8afeef036 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 10:19:59 2020 +0000 - upstream commit + upstream: When checking for unsafe directories, ignore non-directories - sshkey_new() might return NULL (pkcs#11 code only); ok - djm@ + (ie symlinks, where permissions are not relevant). - Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd + OpenBSD-Regress-ID: fb6cfc8b022becb62b2dcb99ed3f072b3326e501 -commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:13:40 2017 +0000 +commit 74deb7029be4c00810443114aac9308875a81dae +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 23 22:17:24 2020 +1100 - upstream commit - - switch sshconnect.c to modern APIs; ok djm@ + zlib is now optional. + +commit 633a2af47ee90291aaf93969aeee1e5046074c7c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 23 22:16:51 2020 +1100 + + Plumb WITH_ZLIB into configure. - Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad + This allows zlib support to be disabled by ./configure --without-zlib. -commit 00ed75c92d1f95fe50032835106c368fa22f0f02 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 14:10:53 2017 +0000 +commit 7f8e66fea8c4e2a910df9067cb7638999b7764d5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 10:24:29 2020 +0000 - upstream commit + upstream: Make zlib optional. This adds a "ZLIB" build time option - switch auth2-pubkey.c to modern APIs; with & ok djm@ + that allows building without zlib compression and associated options. With + feedback from markus@, ok djm@ - Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07 + OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910 -commit 54d90ace1d3535b44d92a8611952dc109a74a031 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 08:52:19 2017 +0000 +commit 69ac4e33023b379e9a8e9b4b6aeeffa6d1fcf6fa +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 23 07:54:04 2020 +0000 - upstream commit + upstream: remove trailing period characters from pub/priv key - switch from Key typedef with struct sshkey; ok djm@ + pathnames - they make them needlessly more difficult to cut and paste without + error; ok markus@ & dtucker@ - Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f + OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a -commit c221219b1fbee47028dcaf66613f4f8d6b7640e9 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 08:49:58 2017 +0000 +commit 945bf52c3c815d95b1e842ebf6c910c3524bd5bb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 23 21:06:45 2020 +1100 - upstream commit + Fix a couple of mysig_t leftovers. + +commit 84226b447d45fe4542613de68c2ca59a890d7c01 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 23 18:55:24 2020 +1100 + + Remove mysignal wrapper. - remove ssh1 references; ok djm@ + We switched the main code to use sigaction(), so the wrapper is no + longer used. + +commit 5533c2fb7ef21172fa3708d66b03faa2c6b3d93f +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Jan 23 07:16:38 2020 +0000 + + upstream: new sentence, new line; - Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d + OpenBSD-Commit-ID: b6c3f2f36ec77e99198619b38a9f146655281925 -commit afbfa68fa18081ef05a9cd294958509a5d3cda8b -Author: markus@openbsd.org <markus@openbsd.org> -Date: Tue May 30 08:49:32 2017 +0000 +commit 3bf2a6ac791d64046a537335a0f1d5e43579c5ad +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 07:10:22 2020 +0000 - upstream commit + upstream: Replace all calls to signal(2) with a wrapper around - revise sshkey_load_public(): remove ssh1 related - comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if - 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ + sigaction(2). This wrapper blocks all other signals during the handler + preventing races between handlers, and sets SA_RESTART which should reduce + the potential for short read/write operations. - Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca + OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519 -commit 813f55336a24fdfc45e7ed655fccc7d792e8f859 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri May 26 20:34:49 2017 +0000 +commit e027c044c796f3a01081a91bee55741204283f28 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 23 04:54:34 2020 +0000 - upstream commit + upstream: missing header change from previous; spotted by dtucker@ - sshbuf_consume: reset empty buffer; ok djm@ + OpenBSD-Commit-ID: 321ce74c0a5bbd0f02fa3f20cb5cf2a952c6b96f + +commit 7e1323102b1b04eef391b01e180710a2d408a7ab +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 03:42:41 2020 +0000 + + upstream: Check for and warn about StrictModes permission problems. ok tb@ - Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821 + OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991 -commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri May 26 19:35:50 2017 +0000 +commit 84de1c27f845d15c859db44e7070a46f45504b66 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 03:35:07 2020 +0000 - upstream commit + upstream: Also test PuTTY chacha20. - remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ + OpenBSD-Regress-ID: 7af6a0e8763b05f1f8eee6bca5f31fcb16151040 + +commit c7ed15a39695ecd5f1f21842d8d9cd22246d4ee2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 03:24:38 2020 +0000 + + upstream: Also test PuTTY ecdh kex methods. - Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42 + OpenBSD-Regress-ID: ec4017dce612131842398a03e93007a869c2c133 -commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri May 26 19:34:12 2017 +0000 +commit c4b3a128954ee1b7fbcbda167baf8aca1a3d1c84 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 23 02:46:49 2020 +0000 - upstream commit + upstream: Remove unsupported algorithms from list of defaults at run - remove channel_input_close_confirmation (ssh1 only); ok - djm@ + time and remove ifdef and distinct settings for OPENSSL=no case. - Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1 + This will make things much simpler for -portable where the exact set + of algos depends on the configuration of both OpenSSH and the libcrypto + it's linked against (if any). ok djm@ + + OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2 -commit 8ba0fd40082751dbbc23a830433488bbfb1abdca +commit 56cffcc09f8a2e661d2ba02e61364ae6f998b2b1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri May 26 01:40:07 2017 +0000 +Date: Thu Jan 23 02:43:48 2020 +0000 - upstream commit + upstream: add a new signature operations "find-principal" to look - fix references to obsolete v00 cert format; spotted by - Jakub Jelen + up the principal associated with a signature from an allowed-signers file. + Work by Sebastian Kinne; ok dtucker@ - Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f + OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d -commit dcc714c65cfb81eb6903095b4590719e8690f3da -Author: Mike Frysinger <vapier@chromium.org> -Date: Wed May 24 23:21:19 2017 -0400 +commit 65cf8730de6876a56595eef296e07a86c52534a6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jan 22 07:38:30 2020 +0000 - configure: actually set cache vars when cross-compiling + upstream: Ignore whitespace when checking explict fingerprint. + + When confirming a host key using the fingerprint itself, ignore leading and + trailing whitespace. ok deraadt@ djm@ - The cross-compiling fallback message says it's assuming the test - passed, but it didn't actually set the cache var which causes - later tests to fail. + OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011 -commit 947a3e829a5b8832a4768fd764283709a4ca7955 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat May 20 02:35:47 2017 +0000 +commit 8d3af6ebdf524b34087a0a3ae415b5141ba10572 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jan 22 07:31:27 2020 +0000 - upstream commit + upstream: Increase keyscan timeout from default. On slow hosts 3 - there's no reason to artificially limit the key path - here, just check that it fits PATH_MAX; spotted by Matthew Patton + concurrent keyscans can hit the default 5 second timeout, so increase to 15 + seconds. - Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58 + OpenBSD-Regress-ID: 16383dec166af369b7fb9948572856f5d544c93f -commit 773224802d7cb250bb8b461546fcce10567b4b2e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri May 19 21:07:17 2017 +0000 +commit 6c30c9adbeeed09a8a9e7a69974cfa1f1ddd1e9e +Author: tedu@openbsd.org <tedu@openbsd.org> +Date: Wed Jan 22 04:58:23 2020 +0000 - upstream commit + upstream: remove diffie-hellman-group14-sha1 from default kex to - Now that we no longer support SSHv1, replace the contents - of this file with a pointer to - https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, - doesn't need to document stuff we no longer implement and does document stuff - that we do implement (RSA SHA256/512 signature flags) + see what happens. general mostly ok - Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e + OpenBSD-Commit-ID: 216b7b8462d2ef5f4531f26cb2cb839b2153dad9 -commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed May 17 01:24:17 2017 +0000 +commit 4a32c0ca44a2dc2a358f69b5d43c08e528b44b39 +Author: claudio@openbsd.org <claudio@openbsd.org> +Date: Wed Jan 22 04:51:51 2020 +0000 - upstream commit + upstream: For ssh-keygen -lF only add a space after key fingerprint - allow LogLevel in sshd_config Match blocks; ok dtucker - bz#2717 + when there is a comment. This makes copy-paste of fingerprints into ssh + easier. OK djm@ - Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8 + OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd -commit 277abcda3f1b08d2376686f0ef20320160d4c8ab +commit 37d3b736506760e4ebc7fe56255f7b8ea823a00c Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue May 16 16:56:15 2017 +0000 +Date: Wed Jan 22 04:49:16 2020 +0000 - upstream commit + upstream: some __func__ and strerror(errno) here; no functional - remove duplicate check; spotted by Jakub Jelen + change - Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0 + OpenBSD-Commit-ID: 6c3ddd5f848b99ea560b31d3fba99ceed66cef37 -commit adb47ce839c977fa197e770c1be8f852508d65aa +commit e2031b05c74c98b141179ceab13a323cf17d01e5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue May 16 16:54:05 2017 +0000 +Date: Wed Jan 22 02:25:21 2020 +0000 - upstream commit + upstream: factor out parsing of allowed-signers lines - mention that Ed25519 keys are valid as CA keys; spotted - by Jakub Jelen - - Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4 + OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e -commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6 +commit 47160e1de8c2f638f0ef41cef42c976417b61778 Author: Damien Miller <djm@mindrot.org> -Date: Tue May 9 14:35:03 2017 +1000 +Date: Wed Jan 22 10:30:13 2020 +1100 - clean up regress files and add a .gitignore + unbreak fuzzer support for recent ssh-sk.h changes -commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b +commit 70d38c3cfd4550e8ee66cc3bf1b91aa339c91df5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 8 22:57:38 2017 +0000 +Date: Tue Jan 21 22:39:57 2020 +0000 - upstream commit + upstream: expose the number of currently-authenticating connections - remove hmac-ripemd160; ok dtucker + along with the MaxStartups limit in the proctitle; suggestion from Philipp + Marek, w/ feedback from Craig Miskell ok dtucker@ - Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d + OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3 -commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 8 06:11:06 2017 +0000 +commit a78c66d5d2144bd49779bc80a647346bd3d7233d +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Tue Jan 21 12:40:04 2020 +0000 - upstream commit + upstream: document the default value of the ControlPersist option; - make requesting bad ECDSA bits yield the same error - (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA + ok dtucker@ djm@ - Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 + OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66 -commit d757a4b633e8874629a1442c7c2e7b1b55d28c19 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 8 06:08:42 2017 +0000 +commit b46a6325849e40aa2e4b0d962a6f00f708f6576a +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jan 22 09:28:32 2020 +1100 - upstream commit - - fix for new SSH_ERR_KEY_LENGTH error value - - Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc + remove accidental change in f8c11461 -commit 2e58a69508ac49c02d1bb6057300fa6a76db1045 +commit 80d3bebcab96fe1d177e45906e10db16895da01d Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 8 06:03:39 2017 +0000 +Date: Tue Jan 21 11:06:09 2020 +0000 - upstream commit + upstream: don't #ifdef out the KRL code when compiling without - helps if I commit the correct version of the file. fix - missing return statement. + libcrypto support; it works just fine and disabling it breaks a few tests. ok + dtucker@ - Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c + OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44 -commit effaf526bfa57c0ac9056ca236becf52385ce8af +commit f8c11461aa6db168fc5e7eeae448b4cbbf59642a Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 8 01:52:49 2017 +0000 +Date: Tue Jan 21 08:06:27 2020 +0000 - upstream commit + upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting - remove arcfour, blowfish and CAST here too + cleared; with dtucker@ - Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920 + OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e -commit 7461a5bc571696273252df28a1f1578968cae506 +commit b5fcb0ac1cc0ef01aeec1c089146298654ab3ae0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 8 00:21:36 2017 +0000 +Date: Tue Jan 21 07:07:31 2020 +0000 - upstream commit + upstream: check access(ssh-sk-helper, X_OK) to provide friendly - I was too aggressive with the scalpel in the last commit; - unbreak sshd, spotted quickly by naddy@ + error message for misconfigured helper paths - Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf + OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341 -commit bd636f40911094a39c2920bf87d2ec340533c152 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun May 7 23:15:59 2017 +0000 +commit 56bced43c14dc6fa2bfa1816007e441644105609 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jan 21 06:09:56 2020 +0000 - upstream commit + upstream: Document sntrup4591761x25519-sha512@tinyssh.org. Patch - Refuse RSA keys <1024 bits in length. Improve reporting - for keys that do not meet this requirement. ok markus@ + from jtesta@positronsecurity.com via github PR#151. - Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c + OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc -commit 70c1218fc45757a030285051eb4d209403f54785 +commit 4a05d789b86314fef7303824f69defbc6b96ed60 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun May 7 23:13:42 2017 +0000 +Date: Tue Jan 21 05:56:56 2020 +0000 - upstream commit + upstream: fix ssh-keygen not displaying authenticator touch - Don't offer CBC ciphers by default in the client. ok - markus@ + prompt; reported by jmc@ - Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef + OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859 -commit acaf34fd823235d549c633c0146ee03ac5956e82 +commit 881aded0389d999375f926051491a944c6d8752b Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun May 7 23:12:57 2017 +0000 +Date: Tue Jan 21 05:56:27 2020 +0000 - upstream commit + upstream: a little more verbosity in sign_and_send_pubkey() debug - As promised in last release announcement: remove - support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ + messages - Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222 + OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508 -commit 3e371bd2124427403971db853fb2e36ce789b6fd +commit b715fdc71bbd009d0caff691ab3fc04903c4aee8 Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Fri May 5 10:42:49 2017 +0000 +Date: Sat Jan 18 21:16:43 2020 +0000 - upstream commit + upstream: one more replacement "(security) key" -> "(FIDO) - more simplification and removal of SSHv1-related code; - ok djm@ + authenticator" - Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55 + OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd -commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd +commit 84911da1beeb6ed258a43468efb316cd39fb6855 Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Fri May 5 10:41:58 2017 +0000 +Date: Sat Jan 18 15:45:41 2020 +0000 - upstream commit + upstream: undo merge error and replace the term "security key" - remove superfluous protocol 2 mentions; ok jmc@ + again - Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d + OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395 -commit 744bde79c3361e2153cb395a2ecdcee6c713585d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu May 4 06:10:57 2017 +0000 +commit e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Fri Jan 17 20:13:47 2020 +0000 - upstream commit + upstream: Document loading of resident keys from a FIDO - since a couple of people have asked, leave a comment - explaining why we retain SSH v.1 support in the "delete all keys from agent" - path. + authenticator. - Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4 - -commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu May 4 01:33:21 2017 +0000 - - upstream commit + * Rename -O to -K to keep "-O option" available. + * Document -K. + * Trim usage() message down to synopsis, like all other commands. - another tentacle: cipher_set_key_string() was only ever - used for SSHv1 + ok markus@ - Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a + OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a -commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f +commit 0d005d6372a067b59123dec8fc6dc905f2c09e1e Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Wed May 3 21:49:18 2017 +0000 +Date: Tue Jan 14 15:07:30 2020 +0000 - upstream commit + upstream: sync ssh-keygen.1 and ssh-keygen's usage() with each - restore mistakenly deleted description of the - ConnectionAttempts option ok markus@ + other and reality ok markus@ - Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348 + OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92 -commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 +commit b8a4ca2ebfddab862f7eb1ea2a07fb9f70330429 Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Wed May 3 21:08:09 2017 +0000 +Date: Sat Jan 11 16:23:10 2020 +0000 - upstream commit + upstream: revise the fix for reversed arguments on - remove miscellaneous SSH1 leftovers; ok markus@ + expand_proxy_command() - Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c + Always put 'host' before 'host_arg' for consistency. ok markus@ djm@ + + OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3 -commit 1a1b24f8229bf7a21f89df21987433283265527a -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed May 3 10:01:44 2017 +0000 +commit 57b181eaf2d34fd0a1b51ab30cb6983df784de5a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 10 23:43:26 2020 +0000 - upstream commit + upstream: pass the log-on-stderr flag and log level through to - more protocol 1 bits removed; ok djm + ssh-sk-helper, making debugging a bit easier. ok markus@ - Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9 + OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a -commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed May 3 06:32:02 2017 +0000 +commit a8bd5fdbdb7581afc7123a042a7cd6ca25357388 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jan 21 12:32:16 2020 +1100 - upstream commit - - more protocol 1 stuff to go; ok djm + Wrap copy_environment_blacklist() in #ifdef - Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 + It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler + warnings otherwise. -commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 2 17:04:09 2017 +0000 +commit 10ecc647fc1db8d2dde9f6b9b826b201dfc48b62 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jan 21 12:20:05 2020 +1100 - upstream commit + depend + +commit b3f7009c9ffa5891283ed96e043001e09934a8d4 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Mon Jan 20 11:56:48 2020 +0100 + + Fix missing prototype warning for copy_environment - rsa1 is no longer valid; + This function is only used in this file, and only on Cygwin, so make + it static and hide it behind HAVE_CYGWIN. Prevents missing prototype + warning. + +commit 0c428c0e991e2c4fabc48cf5d9b8f84c9412e0c3 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Mon Jan 20 13:58:11 2020 +0100 + + configure.ac: fix ldns test - Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89 + When running ./configure --with-ldns, if ldns-config cannot be found, we + add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that. -commit 42b690b4fd0faef78c4d68225948b6e5c46c5163 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 2 14:06:37 2017 +0000 +commit 6089abf715e2784751c9f62697e09bb103295b93 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Mon Jan 20 12:13:26 2020 +0100 - upstream commit + Make sshpam_password_change_required static. - add PubKeyAcceptedKeyTypes to the -o list: scp(1) has - it, so i guess this should too; + sshpam_password_change_required is only used in auth-pam.c, so make it + static to prevent a mising prototype warning. + +commit 5a9b9c82851b7bc219dc3a65962a80803c76c102 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Mon Jan 20 12:24:51 2020 +0100 + + sandbox-darwin.c: fix missing prototypes. - Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c + Include the right header just like the other sandbox files. + Fixes missing prototype warnings for ssh_sandbox_* functions. -commit d852603214defd93e054de2877b20cc79c19d0c6 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 2 13:44:51 2017 +0000 +commit 335dc93526942a650f6c69666b3f6ca44d0a2910 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Mon Jan 20 11:09:27 2020 +0100 - upstream commit + Fix a few warnings when on Mac OS X. - remove now obsolete protocol1 options from the -o - lists; + Include stdlib.h for calloc, malloc, free and setenv. + +commit 0488dc2d3050ea1a99ef5cf44afc50ffbf3f1315 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Mon Jan 20 10:32:23 2020 +0100 + + Fix building without openssl. - Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd + This fixes the following when there are no openssl headers on the system: + ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found -commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 2 09:05:58 2017 +0000 +commit e6b7157b4ef29c83ec3a2d1d7c927e4b8898f9bb +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Wed Jan 15 16:08:55 2020 +0100 - upstream commit + Add config.log to .gitignore + +commit 515e10ddf9644010b88cfd7ecf601f4306d42232 +Author: Ruben Kerkhof <ruben@rubenkerkhof.com> +Date: Wed Jan 15 16:16:31 2020 +0100 + + Fix typo in README.md, s/crytpo/crypto/ + +commit 1af3354aea3c4bfa5b5ecfb5d1ff3ad231c2073c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 15 16:22:36 2020 +1100 + + Wrap stdint.h in ifdef HAVE_STDINT_H. + +commit 429170f273ce1b0140f8111a45ba69390d98de3a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 14 14:41:47 2020 +1100 + + Wrap stdint.h inside HAVE_STDINT_H. + +commit a0989b60211b6f1c2313e1397c526d883a23a075 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 14 14:26:41 2020 +1100 + + Include compat header for definitions. + +commit e0cedcad51fe02683943bf4f1ad2961aa3f35313 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 14 09:42:52 2020 +1100 + + Improve search for 'struct timespec'. - more -O shuffle; ok djm + Make struct timespec test consistent with existing timeval test. + Include time.h for timespec in compat header where required. + +commit acaf9e058594310001ce64468ed2923dc6323e81 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 14 12:43:03 2020 +1100 + + Update depend to remove rmd160.h. + +commit 26b2675b0c3e3efea11a52609073aec01736ec84 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 14 07:24:46 2020 +1100 + + Remove configure test & compat code for ripemd160. - Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb + RIPEMD160 support was removed upstream in 2017, however we still had + a configure test and compat code for it, so clean those up now. -commit 3575f0b12afe6b561681582fd3c34067d1196231 +commit ed3ad71b17adcd1fb4431d145f53cee1c6a1135e Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue May 2 08:54:19 2017 +0000 +Date: Thu Jan 9 03:28:38 2020 +0000 - upstream commit + upstream: fix reversed arguments on expand_proxy_command(); spotted - remove -1 / -2 options; pointed out by jmc@ + by anton@ - Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa + OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775 -commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f +commit cd53476383f0cf475f40ba8ac8deb6b76dd5ce4e Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 2 08:06:33 2017 +0000 +Date: Mon Jan 6 07:43:28 2020 +0000 - upstream commit + upstream: put the fido options in a list, and tidy up the text a - remove options -12 from usage(); + little; ok djm - Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270 + OpenBSD-Commit-ID: 491ce15ae52a88b7a6a2b3b6708a14b4aacdeebb -commit 6b84897f7fd39956b849eac7810319d8a9958568 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Tue May 2 07:13:31 2017 +0000 +commit 30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89 +Author: Jeremy Drake <github@jdrake.com> +Date: Fri Oct 11 18:31:05 2019 -0700 - upstream commit + Deny (non-fatal) ipc in preauth privsep child. - tidy up -O somewhat; ok djm + As noted in openssh/openssh-portable#149, i386 does not have have + _NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc, + https://linux.die.net/man/2/ipc). Add this syscall, if present, to the + list of syscalls that seccomp will deny non-fatally. + +commit b110cefdfbf5a20f49b774a55062d6ded2fb6e22 +Author: Khem Raj <raj.khem@gmail.com> +Date: Tue Jan 7 16:26:45 2020 -0800 + + seccomp: Allow clock_gettime64() in sandbox. - Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52 + This helps sshd accept connections on mips platforms with + upcoming glibc ( 2.31 ) -commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868 +commit 3cc60c899a92a469e5118310ba6b74cb57215618 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 1 22:09:48 2017 +0000 +Date: Mon Jan 6 02:39:30 2020 +0000 - upstream commit + upstream: missing else in check_enroll_options() - when freeing a bitmap, zero all it bytes; spotted by Ilya - Kaliman + OpenBSD-Commit-ID: e058fb918fda56ddbbf0bee910101004cec421d4 + +commit ff5784e2698d6c41e9f39ce4df24968c1beeb2bb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 6 02:24:28 2020 +0000 + + upstream: fix error message - Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4 + OpenBSD-Commit-ID: 1eb52025658eb78ea6223181e552862198d3d505 -commit 0f163983016c2988a92e039d18a7569f9ea8e071 +commit dd2acc8b862c09751621995fba2d5fa6f4e24cc9 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 1 14:08:26 2017 +0000 +Date: Mon Jan 6 02:07:50 2020 +0000 - upstream commit + upstream: adapt sk-dummy to SK API changes - this one I did forget to "cvs rm" + also, make it pull prototypes directly from sk-api.c and #error + if the expected version changes. This will make any future regress + test breakage because of SK API changes much more apparent - Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913 + OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d -commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed +commit c312ca077cd2a6c15545cd6b4d34ee2f69289174 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 1 09:27:45 2017 +0000 +Date: Mon Jan 6 02:00:46 2020 +0000 - upstream commit + upstream: Extends the SK API to accept a set of key/value options + + for all operations. These are intended to future-proof the API a little by + making it easier to specify additional fields for without having to change + the API version for each. + + At present, only two options are defined: one to explicitly specify + the device for an operation (rather than accepting the middleware's + autoselection) and another to specify the FIDO2 username that may + be used when generating a resident key. These new options may be + invoked at key generation time via ssh-keygen -O - don't know why cvs didn't exterminate these the first - time around, I use rm -f and everuthing... + This also implements a suggestion from Markus to avoid "int" in favour + of uint32_t for the algorithm argument in the API, to make implementation + of ssh-sk-client/helper a little easier. - pointed out by sobrado@ + feedback, fixes and ok markus@ - Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d + OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc -commit d29ba6f45086703fdcb894532848ada3427dfde6 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon May 1 13:53:07 2017 +1000 +commit 2ab335712d084d9ccaf3f53afc3fa9535329da87 +Author: beck@openbsd.org <beck@openbsd.org> +Date: Sun Jan 5 16:28:22 2020 +0000 - Define INT32_MAX and INT64_MAX if needed. + upstream: fix CanonicalizeHostname, broken by rev 1.507 + + Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> + ok dtucker@ markus@ djm@ + + OpenBSD-Commit-ID: 749f3168ec520609c35b0c4e1984e5fa47f16094 -commit 329037e389f02ec95c8e16bf93ffede94d3d44ce -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon May 1 13:19:41 2017 +1000 +commit 69e44ba701b90b0f530d64c3fe4363ea86e50cd3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jan 6 09:02:53 2020 +1100 - Wrap stdint.h in HAVE_STDINT_H + Fix typo: 'you' -> 'your'. + + bz#3108 from jmckitrick@gmail.com. -commit f382362e8dfb6b277f16779ab1936399d7f2af78 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 1 02:27:11 2017 +0000 +commit 7652a57662969bd5c61448b3843ec6d407ad12be +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jan 6 08:56:46 2020 +1100 - upstream commit - - remove unused variable + Remove auth-skey.c. - Upstream-ID: 66011f00819d0e71b14700449a98414033284516 + S/Key support was removed in OpenSSH 7.8 but this file was missed. -commit dd369320d2435b630a5974ab270d686dcd92d024 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:34:55 2017 +0000 +commit c593cc5e826c9f4ec506e22b629d37cabfaacff9 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jan 3 07:33:33 2020 +0000 - upstream commit + upstream: the download resident keys option is -K (upper) not -k - eliminate explicit specification of protocol in tests and - loops over protocol. We only support SSHv2 now. + (lower); ok djm - Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd + OpenBSD-Commit-ID: 71dc28a3e1fa7c553844abc508845bcf5766e091 -commit 557f921aad004be15805e09fd9572969eb3d9321 +commit ff31f15773ee173502eec4d7861ec56f26bba381 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:33:48 2017 +0000 +Date: Fri Jan 3 03:02:26 2020 +0000 - upstream commit + upstream: what bozo decided to use 2020 as a future date in a regress - remove SSHv1 support from unit tests + test? - Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe + OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a -commit e77e1562716fb3da413e4c2397811017b762f5e3 +commit 680eb7749a39d0e4d046e66cac4e51e8e3640b75 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon May 1 00:03:18 2017 +0000 +Date: Fri Jan 3 02:46:19 2020 +0000 - upstream commit + upstream: implement recent SK API change to support resident keys - fixup setting ciphercontext->plaintext (lost in SSHv1 purge), - though it isn't really used for much anymore. + and PIN prompting in the dummy middleware that we use for the tests. Should + fix breakage spotted by dtucker@ - Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747 + OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484 -commit f7849e6c83a4e0f602dea6c834a24091c622d68e -Author: Damien Miller <djm@mindrot.org> -Date: Mon May 1 09:55:56 2017 +1000 +commit 86834fe6b54ac57b8528c30cf0b27e5cac5b7af7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 2 13:25:38 2020 +0000 - remove configure --with-ssh1 + upstream: Update keygen moduli screen test to match recent command + + line option change to ssh-keygen(1). + + OpenBSD-Regress-ID: 744a72755004377e9669b662c13c6aa9ead8a0c3 -commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043 +commit 9039971887cccd95b209c479296f772a3a93e8e7 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:29:10 2017 +0000 +Date: Thu Jan 2 22:40:09 2020 +0000 - upstream commit + upstream: ability to download FIDO2 resident keys from a token via - flense SSHv1 support from ssh-agent, considerably - simplifying it + "ssh-keygen -K". This will save public/private keys into the current + directory. - ok markus + This is handy if you move a token between hosts. - Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365 + feedback & ok markus@ + + OpenBSD-Commit-ID: d57c1f9802f7850f00a117a1d36682a6c6d10da6 -commit 930e8d2827853bc2e196c20c3e000263cc87fb75 +commit 878ba4350d57e905d6bb1865d8ff31bdfe5deab4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:28:41 2017 +0000 +Date: Thu Jan 2 22:38:33 2020 +0000 - upstream commit + upstream: add sshkey_save_public(), to save a public key; ok - obliterate ssh1.h and some dead code that used it + markus@ - ok markus@ + OpenBSD-Commit-ID: 5d6f96a966d10d7fa689ff9aa9e1d6767ad5a076 + +commit 3b1382ffd5e71eff78db8cef0f3cada22ff29409 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Dec 30 16:10:00 2019 +0000 + + upstream: simplify the list for moduli options - no need for + + -compact; - Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343 + OpenBSD-Commit-ID: 6492c72280482c6d072be46236b365cb359fc280 + +commit 0248ec7c763dee9ff730a589e3d166eac5c74d7c +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jan 2 13:41:31 2020 +1100 + + ssh-sk-null.cc needs extern "C" {} + +commit 5ca4b414effe4b56f0cfe3058c92391aa8a43871 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jan 2 10:56:29 2020 +1100 + + add dummy ssh-sk API for linking with fuzzers + +commit c4b2664be7ba25e4c233315b25212dec29b727ab +Author: Damien Miller <djm@mindrot.org> +Date: Mon Dec 30 21:04:09 2019 +1100 + + refresh depend -commit a3710d5d529a34b8f56aa62db798c70e85d576a0 +commit 3093d12ff80927cf45da08d9f262a26680fb14ee Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:28:12 2017 +0000 +Date: Mon Dec 30 09:49:52 2019 +0000 - upstream commit + upstream: Remove the -x option currently used for - exterminate the -1 flag from scp + FIDO/U2F-specific key flags. Instead these flags may be specified via -O. ok markus@ - Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db + OpenBSD-Commit-ID: f23ebde2a8a7e1bf860a51055a711cffb8c328c1 -commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4 +commit ef65e7dbaa8fac3245aa2bfc9f7e09be7cba0d9d Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:26:54 2017 +0000 +Date: Mon Dec 30 09:25:29 2019 +0000 - upstream commit + upstream: document SK API changes in PROTOCOL.u2f - purge the last traces of SSHv1 from the TTY modes - handling code - - ok markus + ok markus@ - Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195 + OpenBSD-Commit-ID: 52622363c103a3c4d3d546050480ffe978a32186 -commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a +commit 43ce96427b76c4918e39af654e2fc9ee18d5d478 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:26:16 2017 +0000 +Date: Mon Dec 30 09:24:45 2019 +0000 - upstream commit + upstream: translate and return error codes; retry on bad PIN - remove the (in)famous SSHv1 CRC compensation attack - detector. + Define some well-known error codes in the SK API and pass + them back via ssh-sk-helper. - Despite your cameo in The Matrix movies, you will not be missed. + Use the new "wrong PIN" error code to retry PIN prompting during + ssh-keygen of resident keys. - ok markus + feedback and ok markus@ - Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0 + OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620 -commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6 +commit d433596736a2cd4818f538be11fc94783f5c5236 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:25:03 2017 +0000 +Date: Mon Dec 30 09:24:03 2019 +0000 - upstream commit - - undo some local debugging stuff that I committed by - accident + upstream: improve some error messages; ok markus@ - Upstream-ID: fe5b31f69a60d47171836911f144acff77810217 + OpenBSD-Commit-ID: 4ccd8ddabb8df4f995107dd3b7ea58220e93cb81 -commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14 +commit c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:23:54 2017 +0000 +Date: Mon Dec 30 09:23:28 2019 +0000 - upstream commit + upstream: SK API and sk-helper error/PIN passing - remove SSHv1 support from packet and buffer APIs + Allow passing a PIN via the SK API (API major crank) and let the + ssh-sk-helper API follow. - ok markus@ + Also enhance the ssh-sk-helper API to support passing back an error + code instead of a complete reply. Will be used to signal "wrong PIN", + etc. - Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9 + feedback and ok markus@ + + OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71 -commit 05164358577c82de18ed7373196bc7dbd8a3f79c +commit 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:21:54 2017 +0000 +Date: Mon Dec 30 09:22:49 2019 +0000 - upstream commit + upstream: implement loading resident keys in ssh-add - remove SSHv1-related buffers from client code + "ssh-add -O" will load resident keys from a FIDO2 token and add them + to a ssh-agent. + + feedback and ok markus@ - Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd + OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290 -commit 873d3e7d9a4707d0934fb4c4299354418f91b541 +commit 27753a8e21887d47fe6b5c78a4aed0efe558a850 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:18:44 2017 +0000 +Date: Mon Dec 30 09:21:59 2019 +0000 - upstream commit - - remove KEY_RSA1 + upstream: implement loading of resident keys in ssh-sk-helper - ok markus@ + feedback and ok markus@ - Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 + OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a -commit 788ac799a6efa40517f2ac0d895a610394298ffc +commit 14cea36df397677b8f8568204300ef654114fd76 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:18:22 2017 +0000 +Date: Mon Dec 30 09:21:16 2019 +0000 - upstream commit + upstream: resident keys support in SK API - remove SSHv1 configuration options and man pages bits + Adds a sk_load_resident_keys() function to the security key + API that accepts a security key provider and a PIN and returns + a list of keys. - ok markus@ + Implement support for this in the usbhid middleware. + + feedback and ok markus@ - Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 + OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0 -commit e6882463a8ae0594aacb6d6575a6318a41973d84 +commit 2fe05fcb4a2695f190b4fcf27770b655586ab349 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:17:37 2017 +0000 +Date: Mon Dec 30 09:20:36 2019 +0000 - upstream commit + upstream: Factor out parsing of struct sk_enroll_response + + We'll reuse this for extracting resident keys from a device. - remove SSH1 make flag and associated files ok markus@ + feedback and ok markus@ - Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef + OpenBSD-Commit-ID: 9bc1efd9c6897eac4df0983746cf6578c1542273 -commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833 +commit 4532bd01d57ee13c3ca881eceac1bf9da96a4d7e Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:15:04 2017 +0000 +Date: Mon Dec 30 09:19:52 2019 +0000 - upstream commit + upstream: basic support for generating FIDO2 resident keys + + "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a + device-resident key. - remove SSHv1 ciphers; ok markus@ + feedback and ok markus@ - Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 + OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431 -commit 97f4d3083b036ce3e68d6346a6140a22123d5864 +commit 3e60d18fba1b502c21d64fc7e81d80bcd08a2092 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:13:25 2017 +0000 +Date: Mon Dec 30 03:30:09 2019 +0000 - upstream commit + upstream: remove single-letter flags for moduli options - remove compat20/compat13/compat15 variables + Move all moduli generation options to live under the -O flag. - ok markus@ + Frees up seven single-letter flags. + + NB. this change break existing ssh-keygen commandline syntax for moduli- + related operations. Very few people use these fortunately. + + feedback and ok markus@ - Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c + OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935 -commit 99f95ba82673d33215dce17bfa1512b57f54ec09 +commit 1e645fe767f27725dc7fd7864526de34683f7daf Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:11:45 2017 +0000 +Date: Mon Dec 30 03:28:41 2019 +0000 - upstream commit + upstream: prepare for use of ssh-keygen -O flag beyond certs - remove options.protocol and client Protocol - configuration knob + Move list of available certificate options in ssh-keygen.1 to the + CERTIFICATES section. + + Collect options specified by -O but delay parsing/validation of + certificate options until we're sure that we're acting as a CA. ok markus@ - Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366 + OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106 -commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Apr 30 23:10:43 2017 +0000 +commit 20ccd854245c598e2b47cc9f8d4955d645195055 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Dec 27 08:28:44 2019 +0000 - upstream commit + upstream: sort -Y internally in the options list, as is already - unifdef WITH_SSH1 ok markus@ + done in synopsis; - Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 + OpenBSD-Commit-ID: 86d033c5764404057616690d7be992e445b42274 -commit d4084cd230f7319056559b00db8b99296dad49d5 +commit 5b6c954751dd3677466cda7adb92e4f05446c96c Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Sat Apr 29 06:06:01 2017 +0000 +Date: Fri Dec 27 08:25:07 2019 +0000 - upstream commit + upstream: in the options list, sort -Y and -y; - tweak previous; - - Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9 + OpenBSD-Commit-ID: 24c2e6a3aeab6e050a0271ffc73fdff91c10dcaa -commit 249516e428e8461b46340a5df5d5ed1fbad2ccce -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Apr 29 04:12:25 2017 +0000 +commit 141df487ba699cfd1ec3dcd98186e7c956e99024 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sat Dec 21 20:22:34 2019 +0000 - upstream commit + upstream: Replace the term "security key" with "(FIDO) - allow ssh-keygen to include arbitrary string or flag - certificate extensions and critical options. ok markus@ dtucker@ + authenticator". - Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646 + The polysemous use of "key" was too confusing. Input from markus@. + ok jmc@ + + OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f -commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Apr 28 06:15:03 2017 +0000 +commit fbd9729d4eadf2f7097b6017156387ac64302453 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Dec 21 02:33:07 2019 +0000 - upstream commit + upstream: unit tests for ForwardAgent=/path; from Eric Chiang - sort; - - Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a + OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da -commit 36465a76a79ad5040800711b41cf5f32249d5120 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Apr 28 14:44:28 2017 +1000 +commit e5b7cf8edca7e843adc125621e1dab14507f430a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 16 02:39:05 2019 +0000 - Typo. + upstream: test security key host keys in addition to user keys - Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1 -commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Apr 28 14:41:17 2017 +1000 +commit 40be78f503277bd91c958fa25ea9ef918a2ffd3d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Dec 21 02:19:13 2019 +0000 - Add 2 regress commits I applied by hand. + upstream: Allow forwarding a different agent socket to the path + + specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to + accepting an explicit path or the name of an environment variable in addition + to yes/no. - Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c - Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 + Patch by Eric Chiang, manpage by me; ok markus@ + + OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265 -commit 9504ea6b27f9f0ece64e88582ebb9235e664a100 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Apr 28 14:33:43 2017 +1000 +commit 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Fri Dec 20 20:28:55 2019 +0000 - Merge integrity.sh rev 1.22. + upstream: SSH U2F keys can now be used as host keys. Fix a garden + + path sentence. ok markus@ - Merge missing bits from Colin Watson's patch in bz#2658 which make integrity - tests more robust against timeouts. ok djm@ + OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b -commit 06ec837a34542627e2183a412d6a9d2236f22140 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Apr 28 14:30:03 2017 +1000 +commit 68010acbcfe36167b3eece3115f3a502535f80df +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Dec 20 02:42:42 2019 +0000 - Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes + upstream: Move always unsupported keywords to be grouped with the other + + ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch + from openbsd@academicsolutions.ch, ok djm@ + + OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec -commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Mon Apr 17 11:02:31 2017 +0000 +commit 8784b02dc49e1c98df4e7aca466be2f652ed4ad1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Dec 20 02:29:21 2019 +0000 - upstream commit + upstream: Remove obsolete opcodes from the configuation enum. - Change COMPILER_VERSION tests which limited additional - warnings to gcc4 to instead skip them on gcc3 as clang can handle - -Wpointer-sign and -Wold-style-definition. + Patch from openbsd@academicsolutions.ch, ok djm@ - Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f + OpenBSD-Commit-ID: 395c202228872ce8d9044cc08552ac969f51e01b -commit 6830be90e71f46bcd182a9202b151eaf2b299434 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Apr 28 03:24:53 2017 +0000 +commit 345be6091bdc9be09c90a937d1320f97c01fab2a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Dec 20 02:11:38 2019 +0000 - upstream commit + upstream: Remove now-obsolete config options from example in - include key fingerprint in "Offering public key" debug - message + comment. Patch from openbsd@academicsolutions.ch, ok djm@ - Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52 + OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101 -commit 066437187e16dcafcbc19f9402ef0e6575899b1d -Author: millert@openbsd.org <millert@openbsd.org> -Date: Fri Apr 28 03:21:12 2017 +0000 +commit ae024b22c4fd68e7f39681d605585889f9511108 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Dec 19 15:09:30 2019 +0000 - upstream commit + upstream: Document that security key-hosted keys can act as host - Avoid relying on implementation-specific behavior when - detecting whether the timestamp or file size overflowed. If time_t and off_t - are not either 32-bit or 64-bit scp will exit with an error. OK djm@ + keys. - Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135 + Update the list of default host key algorithms in ssh_config.5 and + sshd_config.5. Copy the description of the SecurityKeyProvider + option to sshd_config.5. + + ok jmc@ + + OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0 -commit 68d3a2a059183ebd83b15e54984ffaced04d2742 +commit bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Apr 28 03:20:27 2017 +0000 +Date: Thu Dec 19 03:50:01 2019 +0000 - upstream commit + upstream: "Forward security" -> "Forward secrecy" since that's the - Add SyslogFacility option to ssh(1) matching the - equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok - djm@ + correct term. Add "MAC" since we use that acronym in other man pages. ok + naddy@ - Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed + OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5 -commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Thu Apr 27 13:40:05 2017 +0000 +commit e905f7260d72bc0e33ef5f10a0db737ff6e77ba7 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Tue Dec 17 16:21:07 2019 +0000 - upstream commit + upstream: cut obsolete lists of crypto algorithms from outline of - remove a static array unused since rev 1.306 spotted by - clang ok djm@ + how SSH works ok markus@ jmc@ - Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8 + OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160 -commit 91bd2181866659f00714903e78e1c3edd4c45f3d -Author: millert@openbsd.org <millert@openbsd.org> -Date: Thu Apr 27 11:53:12 2017 +0000 +commit f65cf1163ff01531ae02f3f9210391d0d692f699 +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Mon Dec 16 13:58:53 2019 +0000 - upstream commit + upstream: strdup may return NULL if memory allocation fails. Use - Avoid potential signed int overflow when parsing the file - size. Use strtoul() instead of parsing manually. OK djm@ + the safer xstrdup which fatals on allocation failures. - Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02 - -commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Apr 25 08:32:27 2017 +1000 - - Fix typo in "socketcall". + ok markus@ - Pointed out by jjelen at redhat.com. + OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0 -commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Apr 24 19:40:31 2017 +1000 +commit 57634bfc5708477826c0be265ddc59b9d83e4886 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 16 03:16:58 2019 +0000 - Deny socketcall in seccomp filter on ppc64le. + upstream: sort sk-* methods behind their plain key methods cousins - OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys - in privsep child. The socket() syscall is already denied in the seccomp - filter, but in ppc64le kernel, it is implemented using socketcall() - syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and - therefore fails hard. + for now - Patch from jjelen at redhat.com. + OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828 -commit f8500b2be599053daa05248a86a743232ec6a536 -Author: schwarze@openbsd.org <schwarze@openbsd.org> -Date: Mon Apr 17 14:31:23 2017 +0000 +commit b8df8fe920e697edcc69c520390b78c3b7ad9d84 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 17 19:46:15 2019 +1100 - upstream commit - - Recognize nl_langinfo(CODESET) return values "646" and "" - as aliases for "US-ASCII", useful for different versions of NetBSD and - Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot - com>. OK dtucker@ deraadt@ + Mac OS X has PAM too. + +commit bf8de8b8251af69b5ce96a8faa69145af156af4d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 17 19:37:06 2019 +1100 + + Show portable tarball pattern in example. + +commit a19ef613e98141cc37c8acdeebe285b9dbe2531e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 17 19:35:59 2019 +1100 + + OpenSSL is now optional. + +commit 1a7217ac063e48cf0082895aeee81ed2b8a57191 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 15 18:58:33 2019 +0000 + + upstream: adapt to ssh-sk-client change - Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384 + OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea -commit 7480dfedf8c5c93baaabef444b3def9331e86ad5 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Mon Apr 17 11:02:31 2017 +0000 +commit a7fc1df246e80bfdabd09b069b91c72f9c578ca8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Dec 11 18:47:14 2019 +0000 - upstream commit + upstream: it's no longer possible to disable privilege separation - Change COMPILER_VERSION tests which limited additional - warnings to gcc4 to instead skip them on gcc3 as clang can handle - -Wpointer-sign and -Wold-style-definition. + in sshd, so don't double the tests' work by trying both off/on - Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a + OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68 -commit 4d827f0d75a53d3952288ab882efbddea7ffadfe +commit 3145d38ea06820a66c0f5e068f49af14fd2b7ac1 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Apr 4 00:24:56 2017 +0000 +Date: Sun Dec 15 20:59:23 2019 +0000 - upstream commit + upstream: don't treat HostKeyAgent=none as a path either; avoids - disallow creation (of empty files) in read-only mode; - reported by Michal Zalewski, feedback & ok deraadt@ + spurious warnings from the cfgparse regress test - Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b + OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54 -commit ef47843af0a904a21c920e619c5aec97b65dd9ac -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Sun Mar 26 00:18:52 2017 +0000 +commit 747e25192f436e71dd39e15d65aa32bca967533a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 15 20:57:15 2019 +0000 - upstream commit + upstream: do not attempt to find an absolute path for sshd_config - incorrect renditions of this quote bother me + SecurityKeyProvider=internal - unbreaks cfgparse regress test - Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49 + OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641 -commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Mar 31 11:04:43 2017 +1100 +commit 9b6e30b96b094ad787511a5b989253e3b8fe1789 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 15 19:47:10 2019 +0000 - Check for and use gcc's -pipe. + upstream: allow ssh-keyscan to find security key hostkeys - Speeds up configure and build by a couple of percent. ok djm@ + OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3 -commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 16:34:44 2017 +1100 +commit 56584cce75f3d20aaa30befc7cbd331d922927f3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 15 18:57:30 2019 +0000 - Import fmt_scaled.c rev 1.16 from OpenBSD. + upstream: allow security keys to act as host keys as well as user + + keys. + + Previously we didn't do this because we didn't want to expose + the attack surface presented by USB and FIDO protocol handling, + but now that this is insulated behind ssh-sk-helper there is + less risk. - Fix overly-conservative overflow checks on mulitplications and add checks - on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN - will still be flagged as a range error). ok millert@ + ok markus@ + + OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c -commit c73a229e4edf98920f395e19fd310684fc6bb951 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 16:34:02 2017 +1100 +commit 5af6fd5461bb709304e6979c8b7856c7af921c9e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Dec 16 13:55:56 2019 +1100 - Import fmt_scaled.c rev 1.15 from OpenBSD. + Allow clock_nanosleep_time64 in seccomp sandbox. - Collapse underflow and overflow checks into a single block. - ok djm@ millert@ + Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com. -commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 16:32:57 2017 +1100 +commit fff8ff6dd580e1a72ba09a6775d185175cdc8d13 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Dec 15 18:27:02 2019 +1100 - Import fmt_scaled.c rev 1.14 from OpenBSD. + Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC. - Catch integer underflow in scan_scaled reported by Nicolas Iooss. - ok deraadt@ djm@ + Fixes build when linking against OpenSSLs built with no-ec. -commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 12:39:39 2017 +1100 +commit 9244990ecdcfa36bb9371058111685b05f201c1e +Author: Damien Miller <djm@mindrot.org> +Date: Sat Dec 14 09:21:46 2019 +1100 - Don't check privsep user or path when unprivileged + remove a bunch of ENABLE_SK #ifdefs - If running with privsep (mandatory now) as a non-privileged user, we - don't chroot or change to an unprivileged user however we still checked - the existence of the user and directory. Don't do those checks if we're - not going to use them. Based in part on a patch from Lionel Fourquaux - via Corinna Vinschen, ok djm@ + The ssh-sk-helper client API gives us a nice place to disable + security key support when it is wasn't enabled at compile time, + so we don't need to check everywere. + + Also, verification of security key signatures can remain enabled + all the time - it has no additional dependencies. So sshd can + accept security key pubkeys in authorized_keys, etc regardless of + the host's support for dlopen, etc. -commit f2742a481fe151e493765a3fbdef200df2ea7037 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 10:50:31 2017 +1100 +commit a33ab1688b5c460a7e2a301418241ce1b13b2638 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Dec 14 09:15:06 2019 +1100 - Remove SHA256 EVP wrapper implementation. - - All supported versions of OpenSSL should now have SHA256 so remove our - EVP wrapper implementaion. ok djm@ + ssh-sk-client.c needs includes.h + +commit 633778d567ad50b63d2a3bca5e1b97d279d236d9 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Dec 14 08:40:33 2019 +1100 -commit 5346f271fc76549caf4a8e65b5fba319be422fe9 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 10:23:58 2017 +1100 + only link ssh-sk-helper against libfido2 - Remove check for OpenSSL < 0.9.8g. +commit 7b47b40b170db4d6f41da0479575f6d99dd7228a +Author: Damien Miller <djm@mindrot.org> +Date: Sat Dec 14 08:20:52 2019 +1100 + + adapt Makefile to ssh-sk-client everywhere + +commit f45f3a8a12e2bee601046b916e6c5cd6eae08048 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Dec 14 07:53:11 2019 +1100 + + fixup + +commit d21434766764d5babf99fc3937c19b625c0f6334 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 13 20:16:56 2019 +0000 + + upstream: actually commit the ssh-sk-helper client code; ok markus - We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC - in OpenSSL < 0.9.8g. + OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589 -commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 10:16:15 2017 +1100 +commit 611073fb40ecaf4ac65094e403edea3a08deb700 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 13 19:11:14 2019 +0000 - Remove compat code for OpenSSL < 0.9.7. + upstream: perform security key enrollment via ssh-sk-helper too. + + This means that ssh-keygen no longer needs to link against ssh-sk-helper, and + only ssh-sk-helper needs libfido2 and /dev/uhid* access; - Resyncs that code with OpenBSD upstream. + feedback & ok markus@ + + OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800 -commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Mar 29 09:50:54 2017 +1100 +commit 612b1dd1ec91ffb1e01f58cca0c6eb1d47bf4423 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 13 19:09:37 2019 +0000 - Remove SSHv1 code path. + upstream: allow sshbuf_put_stringb(buf, NULL); ok markus@ - Server-side support for Protocol 1 has been removed so remove !compat20 - PAM code path. + OpenBSD-Commit-ID: 91482c1ada9adb283165d48dafbb88ae91c657bd -commit 7af27bf538cbc493d609753f9a6d43168d438f1b -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Mar 24 09:44:56 2017 +1100 +commit b52ec0ba3983859514aa7b57d6100fa9759fe696 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 13 19:09:10 2019 +0000 - Enable ldns when using ldns-config. + upstream: use ssh-sk-helper for all security key signing operations + + This extracts and refactors the client interface for ssh-sk-helper + from ssh-agent and generalises it for use by the other programs. + This means that most OpenSSH tools no longer need to link against + libfido2 or directly interact with /dev/uhid* + + requested by, feedback and ok markus@ - Actually enable ldns when attempting to use ldns-config. bz#2697, patch - from fredrik at fornwall.net. + OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f -commit 58b8cfa2a062b72139d7229ae8de567f55776f24 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Mar 22 12:43:02 2017 +1100 +commit c33d46868c3d88e04a92610cdb429094aeeb5847 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Dec 11 22:19:47 2019 +0000 - Missing header on Linux/s390 + upstream: add a note about the 'extensions' field in the signed - Patch from Jakub Jelen + object + + OpenBSD-Commit-ID: 67c01e0565b258e0818c1ccfe1f1aeaf9a0d4c7b -commit 096fb65084593f9f3c1fc91b6d9052759a272a00 +commit a62f4e1960691f3aeb1f972e009788b29e2ae464 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Mar 20 22:08:06 2017 +0000 +Date: Tue Dec 10 23:37:31 2019 +0000 - upstream commit + upstream: some more corrections for documentation problems spotted - remove /usr/bin/time calls around tests, makes diffing test - runs harder. Based on patch from Mike Frysinger + by Ron Frederick - Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c + document certifiate private key format + correct flags type for sk-ssh-ed25519@openssh.com keys + + OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74 -commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 21 08:47:55 2017 +1100 +commit 22d4beb79622fc82d7111ac941269861fc7aef8d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 10 23:21:56 2019 +0000 - Fix syntax error on Linux/X32 + upstream: loading security keys into ssh-agent used the extension - Patch from Mike Frysinger + constraint "sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron + Frederick + + OpenBSD-Commit-ID: dbfba09edbe023abadd5f59c1492df9073b0e51d -commit d38f05dbdd291212bc95ea80648b72b7177e9f4e -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Mar 20 13:38:27 2017 +1100 +commit 75f7f22a43799f6d25dffd9d6683de1601da05a3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 10 22:43:19 2019 +0000 - Add llabs() implementation. + upstream: add security key types to list of keys allowed to act as + + CAs; spotted by Ron Frederick + + OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3 -commit 72536316a219b7394996a74691a5d4ec197480f7 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Mar 20 12:23:04 2017 +1100 +commit 516605f2d596884cedc2beed6b262716ec76f63d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 10 22:37:20 2019 +0000 - crank version numbers + upstream: when acting as a CA and using a security key as the CA + + key, remind the user to touch they key to authorise the signature. + + OpenBSD-Commit-ID: fe58733edd367362f9766b526a8b56827cc439c1 -commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f +commit c4036fe75ea5a4d03a2a40be1f3660dcbbfa01b2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Mar 20 01:18:59 2017 +0000 +Date: Tue Dec 10 22:36:08 2019 +0000 - upstream commit + upstream: chop some unnecessary and confusing verbiage from the - openssh-7.5 + security key protocol description; feedback from Ron Frederick - Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 + OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42 -commit db84e52fe9cfad57f22e7e23c5fbf00092385129 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Mar 20 12:07:20 2017 +1100 +commit 59175a350fe1091af7528b2971e3273aa7ca7295 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 6 03:06:08 2019 +0000 - I'm a doofus. + upstream: fix setting of $SSH_ASKPASS_PROMPT - it shouldn't be set + + when asking passphrases, only when confirming the use of a key (i.e. for + ssh-agent keys added with "ssh-add -c keyfile") - Unbreak obvious syntax error. + OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89 -commit 89f04852db27643717c9c3a2b0dde97ae50099ee -Author: Damien Miller <djm@mindrot.org> -Date: Mon Mar 20 11:53:34 2017 +1100 +commit 36eaa356d391a23a2d4e3a8aaa0223abc70b9822 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 6 02:55:21 2019 +0000 - on Cygwin, check paths from server for backslashes + upstream: bring the __func__ - Pointed out by Jann Horn of Google Project Zero + OpenBSD-Commit-ID: 71a3a45b0fe1b8f680ff95cf264aa81f7abbff67 -commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Mar 20 11:48:34 2017 +1100 +commit 483cc723d1ff3b7fdafc6239348040a608ebc78d +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sat Nov 30 07:07:59 2019 +0000 - Yet another synonym for ASCII: "646" + upstream: tweak the Nd lines for a bit of consistency; ok markus - Used by NetBSD; this unbreaks mprintf() and friends there for the C - locale (caught by dtucker@ and his menagerie of test systems). + OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16 -commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b -Author: Damien Miller <djm@mindrot.org> -Date: Mon Mar 20 09:58:34 2017 +1100 +commit afffd310360b155df2133d1f5f1ab2f4e939b570 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Dec 11 13:22:06 2019 +1100 - create test mux socket in /tmp + Check if memmem is declared in system headers. - Creating the socket in $OBJ could blow past the (quite limited) - path limit for Unix domain sockets. As a bandaid for bz#2660, - reported by Colin Watson; ok dtucker@ + If the system (or one of the dependencies) implements memmem but does + not define the header, we would not declare it either resulting in + compiler warnings. Check for declaration explicitly. bz#3102. -commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Mar 15 07:07:39 2017 +0000 +commit ad8cd420797695f3b580aea1034b9de60bede9b9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Dec 11 13:12:01 2019 +1100 - upstream commit + Sort depends. + +commit 5e3abff39e01817f6866494416f2ada25c316018 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Dec 11 13:09:34 2019 +1100 + + Sort .depend when rebuilding. - disallow KEXINIT before NEWKEYS; ok djm; report by - vegard.nossum at oracle.com + This makes diffs more stable between makedepend implementations. + +commit 5df9d1f5c0943367d9b68435f4c82224ce11a73f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Dec 11 13:06:43 2019 +1100 + + Update depend to include sk files. + +commit 9a967c5bbfca35835165f7d8a6165009f5b21872 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Dec 9 20:25:26 2019 +1100 + + Describe how to build libcrypto as PIC. - Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 + While there, move the OpenSSL 1.1.0g caveat closer to the other version + information. + +commit b66fa5da25c4b5b67cf9f0ce7af513f5a6a6a686 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Dec 9 17:23:22 2019 +1100 -commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Mar 16 14:05:46 2017 +1100 + Recommend running LibreSSL or OpenSSL self-tests. - Include includes.h for compat bits. +commit fa7924008e838cded7e8a561356ffe5e06e0ed64 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Dec 6 14:17:26 2019 +1100 + + Wrap ECC specific bits in ifdef. + + Fixes tests when built against an OpenSSL configured with no-ec. -commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Mar 16 13:45:17 2017 +1100 +commit 2ff822eabd7d4461743f22d3b9ba35ab76069df5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 29 20:21:36 2019 +1100 - Wrap stdint.h in #ifdef HAVE_STDINT_H + Wrap sha2.h include in ifdef. + + Fixes build --without-openssl on at least Fedora. -commit 55a1117d7342a0bf8b793250cf314bab6b482b99 +commit 443848155ffcda65a6077aac118c861b503a093f Author: Damien Miller <djm@mindrot.org> -Date: Thu Mar 16 11:22:42 2017 +1100 +Date: Fri Nov 29 15:10:21 2019 +1100 - Adapt Cygwin config script to privsep knob removal + compile sk-dummy.so with no-PIE version of LDFLAGS - Patch from Corinna Vinschen. + This lets it pick up the -L path to libcrypto for example. -commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Mar 15 03:52:30 2017 +0000 +commit 37f5b5346e4cc6a894245aa89d2930649bb7045b +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 29 14:48:46 2019 +1100 - upstream commit + includes.h for sk-dummy.c, dummy + +commit b218055e59a7c1a1816f7a55ca18e3f3c05d63a4 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 29 12:32:23 2019 +1100 + + (yet) another x-platform fix for sk-dummy.so - accidents happen to the best of us; ok djm + Check for -fPIC support from compiler - Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 + Compile libopenbsd-compat -fPIC + + Don't mix -fPIE and -fPIC when compiling -commit 25f837646be8c2017c914d34be71ca435dfc0e07 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 15 02:25:09 2017 +0000 +commit 0dedb703adcd98d0dbc4479f5f312a2bd3df2850 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 29 11:53:57 2019 +1100 - upstream commit + needs includes.h for WITH_OPENSSL + +commit ef3853bb94c2c72e7eda0de6cec0bcb1da62058f +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 29 11:52:23 2019 +1100 + + another attempt at sk-dummy.so working x-platform - fix regression in 7.4: deletion of PKCS#11-hosted keys - would fail unless they were specified by full physical pathname. Report and - fix from Jakub Jelen via bz#2682; ok dtucker@ + include a fatal() implementation to satisfy libopenbsd-compat - Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 + clean up .lo and .so files + + .gitignore .lo and .so files -commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f +commit d46ac56f1cbd5a855a2d5e7309f90d383dcf6431 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 15 02:19:09 2017 +0000 +Date: Fri Nov 29 00:13:29 2019 +0000 - upstream commit + upstream: lots of dependencies go away here with ed25519 no longer - Fix segfault when sshd attempts to load RSA1 keys (can - only happen when protocol v.1 support is enabled for the client). Reported by - Jakub Jelen in bz#2686; ok dtucker + needing the ssh_digest API. - Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 + OpenBSD-Regress-ID: 785847ec78cb580d141e29abce351a436d6b5d49 -commit 66705948c0639a7061a0d0753266da7685badfec +commit 7404b81f25a4a7847380c0f0cf7f1bea5f0a5cd3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 14 07:19:07 2017 +0000 +Date: Fri Nov 29 00:11:21 2019 +0000 - upstream commit + upstream: perform hashing directly in crypto_hash_sha512() using + + libcrypto or libc SHA512 functions rather than calling ssh_digest_memory(); + avoids many dependencies on ssh code that complicate standalone use of + ed25519, as we want to do in sk-dummy.so - Mark the sshd_config UsePrivilegeSeparation option as - deprecated, effectively making privsep mandatory in sandboxing mode. ok - markus@ deraadt@ + OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d + +commit d39a865b7af93a7a9b5a64cf7cf0ef4396c80ba3 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Nov 28 12:24:31 2019 +0000 + + upstream: improve the text for -A a little; input from naddy and - (note: this doesn't remove the !privsep code paths, though that will - happen eventually). + djm - Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a + OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d -commit f86586b03fe6cd8f595289bde200a94bc2c191af -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 14 18:26:29 2017 +1100 +commit 9a0e01bd0c61f553ead96b5af84abd73865847b8 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Nov 28 12:23:25 2019 +0000 - Make seccomp-bpf sandbox work on Linux/X32 + upstream: reshuffle the text to read better; input from naddy, - Allow clock_gettime syscall with X32 bit masked off. Apparently - this is required for at least some kernel versions. bz#2142 - Patch mostly by Colin Watson. ok dtucker@ + djmc, and dtucker + + OpenBSD-Commit-ID: a0b2aca2b67614dda3d6618ea097bf0610c35013 -commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 +commit 5ca52c0f2e5e7f7d01d8d557b994b5c2087bed00 Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 14 18:01:52 2017 +1100 +Date: Thu Nov 28 18:09:07 2019 +1100 - require OpenSSL >=1.0.1 + $< doesn't work as` I thought; explicily list objs -commit e3ea335abeab731c68f2b2141bee85a4b0bf680f -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 14 17:48:43 2017 +1100 +commit 18e84bfdc5906a73405c3b42d7f840013bbffe34 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Nov 28 05:20:54 2019 +0000 - Remove macro trickery; no binary change - - This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros - prepending __NR_ to the syscall number parameter and just makes - them explicit in the macro invocations. + upstream: tweak wording - No binary change in stripped object file before/after. + OpenBSD-Commit-ID: bd002ca1599b71331faca735ff5f6de29e32222e -commit 5f1596e11d55539678c41f68aed358628d33d86f +commit 8ef5bf9d03aa0f047711cff47f5ffbe3b33ff8c9 Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 14 13:15:18 2017 +1100 +Date: Thu Nov 28 13:12:30 2019 +1100 - support ioctls for ICA crypto card on Linux/s390 - - Based on patch from Eduardo Barretto; ok dtucker@ + missing .SUFFIXES line makes make sad -commit b1b22dd0df2668b322dda174e501dccba2cf5c44 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Mar 14 14:19:36 2017 +1100 +commit 323da82b8ea993b7f2c5793fd53b4f5ca105d19d +Author: Damien Miller <djm@mindrot.org> +Date: Thu Nov 28 09:53:42 2019 +1100 - Plumb conversion test into makefile. + (hopefully) fix out of tree builds of sk-dummy.so -commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 14 01:20:29 2017 +0000 +commit d8b2838c5d19bf409d44ede4d32df8ee47aeb4cd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 27 22:32:11 2019 +0000 - upstream commit + upstream: remove stray semicolon after closing brace of function; - Add unit test for convtime(). + from Michael Forney - Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 + OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7 -commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c +commit 6e1d1bbf5a3eca875005e0c87f341a0a03799809 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 14 01:10:07 2017 +0000 +Date: Wed Nov 27 05:38:43 2019 +0000 - upstream commit + upstream: Revert previous commit. The channels code still uses int - Add ASSERT_LONG_* helpers. + in many places for channel ids so the INT_MAX check still makes sense. - Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 + OpenBSD-Commit-ID: 532e4b644791b826956c3c61d6ac6da39bac84bf -commit c6774d21185220c0ba11e8fd204bf0ad1a432071 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 14 00:55:37 2017 +0000 +commit 48989244658b9748b6801034ff4ffbdfc6b1520f +Author: Damien Miller <djm@mindrot.org> +Date: Wed Nov 27 16:03:12 2019 +1100 - upstream commit + wire sk-dummy.so into test suite + +commit f79364bacaebde4f1c260318ab460fceacace02f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 27 05:00:17 2019 +0000 + + upstream: use error()+_exit() instead of fatal() to avoid running - Fix convtime() overflow test on boundary condition, - spotted by & ok djm. + cleanup handlers in child process; spotted via weird regress failures in + portable - Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 + OpenBSD-Commit-ID: 6902a9bb3987c7d347774444f7979b8a9ba7f412 -commit f5746b40cfe6d767c8e128fe50c43274b31cd594 +commit 70ec5e5e2681bcd409a9df94a2fec6f57a750945 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Mar 14 00:25:03 2017 +0000 +Date: Wed Nov 27 03:34:04 2019 +0000 - upstream commit + upstream: Make channel_id u_int32_t and remove unnecessary check - Check for integer overflow when parsing times in - convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ + and cast that were left over from the type conversion. Noted by + t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@ - Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 + OpenBSD-Commit-ID: 3ad105b6a905284e780b1fd7ff118e1c346e90b5 -commit f5907982f42a8d88a430b8a46752cbb7859ba979 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Mar 14 13:38:15 2017 +1100 +commit ad44ca81bea83657d558aaef5a1d789a9032bac3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Nov 26 23:43:10 2019 +0000 - Add a "unit" target to run only unit tests. + upstream: test FIDO2/U2F key types; ok markus@ + + OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474 -commit 9e96b41682aed793fadbea5ccd472f862179fb02 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Mar 14 12:24:47 2017 +1100 +commit c6efa8a91af1d4fdb43909a23a0a4ffa012155ad +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Nov 26 23:41:23 2019 +0000 - Fix weakness in seccomp-bpf sandbox arg inspection + upstream: add dummy security key middleware based on work by - Syscall arguments are passed via an array of 64-bit values in struct - seccomp_data, but we were only inspecting the bottom 32 bits and not - even those correctly for BE systems. + markus@ - Fortunately, the only case argument inspection was used was in the - socketcall filtering so using this for sandbox escape seems - impossible. + This will allow us to test U2F/FIDO2 support in OpenSSH without + requiring real hardware. - ok dtucker + ok markus@ + + OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae + +commit 8635afa1cdc21366d61730d943f3cf61861899c8 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Nov 26 22:42:26 2019 +0000 -commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 + upstream: tweak previous; + + OpenBSD-Commit-ID: a4c097364c75da320f1b291568db830fb1ee4883 + +commit e0d38ae9bc8c0de421605b9021d8144e4d8ff22b Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 11 23:44:16 2017 +0000 +Date: Tue Nov 26 03:04:27 2019 +0000 - upstream commit + upstream: more debugging; behind DEBUG_SK - regress tests for loading certificates without public keys; - bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ + OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60 + +commit 9281d4311b8abc63b88259f354944c53f9b0b3c7 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Nov 25 21:47:49 2019 +1100 + + unbreak fuzzers for recent security key changes + +commit c5f1cc993597fed0a9013743556b1567f476c677 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 25 10:32:35 2019 +0000 + + upstream: unbreak tests for recent security key changes - Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 + OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95 -commit 1e24552716194db8f2f620587b876158a9ef56ad +commit 64988266820cc90a45a21672be9d762cbde8d34d Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Mar 11 23:40:26 2017 +0000 +Date: Mon Nov 25 06:53:04 2019 +0000 - upstream commit + upstream: unbreak after security key support landed + + OpenBSD-Regress-ID: 3ab578b0dbeb2aa6d9969b54a9c1bad329c0dcba + +commit e65e25c81e22ea622e89a142a303726a3882384f +Author: tb@openbsd.org <tb@openbsd.org> +Date: Thu Nov 21 05:18:47 2019 +0000 + + upstream: Remove workaround for broken 'openssl rsa -text' output - allow ssh to use certificates accompanied by a private - key file but no corresponding plain *.pub public key. bz#2617 based on patch - from Adam Eijdenberg; ok dtucker@ markus@ + that was fixed in libcrypto/rsa/rsa_ameth.c r1.24. - Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 + ok dtucker inoguchi + + OpenBSD-Regress-ID: c260edfac177daa8fcce90141587cf04a95c4f5f -commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Sat Mar 11 13:07:35 2017 +0000 +commit 21377ec2a9378579ba4b44a681af7bbca77581f4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 25 10:23:36 2019 +0000 - upstream commit + upstream: redundant test - Don't count the initial block twice when computing how - many bytes to discard for the work around for the attacks against CBC-mode. - ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL + OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3 + +commit 664deef95a2e770812533439b8bdd3f3c291ae59 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 25 00:57:51 2019 +0000 + + upstream: document the "no-touch-required" certificate extension; - Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 + ok markus, feedback deraadt + + OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d -commit ef653dd5bd5777132d9f9ee356225f9ee3379504 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 07:18:32 2017 +0000 +commit 26cb128b31efdd5395153f4943f5be3eddc07033 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 25 00:57:27 2019 +0000 - upstream commit + upstream: Print a key touch reminder when generating a security - krl.c + key. Most keys require a touch to authorize the operation. - Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 + OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68 -commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 -Author: Damien Miller <djm@mindrot.org> -Date: Sun Mar 12 10:48:14 2017 +1100 +commit daeaf4136927c2a82af1399022103d67ff03f74a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 25 00:55:58 2019 +0000 - sync fmt_scaled.c with OpenBSD + upstream: allow "ssh-keygen -x no-touch-required" when generating a - revision 1.13 - date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; - fix signed integer overflow in scan_scaled. Found by Nicolas Iooss - using AFL against ssh_config. ok deraadt@ millert@ - ---------------------------- - revision 1.12 - date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; - fairly simple unsigned char casts for ctype - ok krw - ---------------------------- - revision 1.11 - date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; - make scan_scaled set errno to EINVAL rather than ERANGE if it encounters - an invalid multiplier, like the man page says it should + security key keypair to request one that does not require a touch for each + authentication attempt. The default remains to require touch. - "looks sensible" deraadt@, ok ian@ - ---------------------------- - revision 1.10 - date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; - use llabs instead of the home-grown version; and some comment changes - ok ian@, millert@ - ---------------------------- + feedback deraadt; ok markus@ + + OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd -commit 894221a63fa061e52e414ca58d47edc5fe645968 +commit 2e71263b80fec7ad977e098004fef7d122169d40 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 05:01:13 2017 +0000 +Date: Mon Nov 25 00:54:23 2019 +0000 - upstream commit + upstream: add a "no-touch-required" option for authorized_keys and - When updating hostkeys, accept RSA keys if - HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA - keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms - nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok - dtucker@ + a similar extension for certificates. This option disables the default + requirement that security key signatures attest that the user touched their + key to authorize them. + + feedback deraadt, ok markus - Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 + OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e -commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c +commit 0fddf2967ac51d518e300408a0d7e6adf4cd2634 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 04:24:55 2017 +0000 +Date: Mon Nov 25 00:52:46 2019 +0000 - upstream commit + upstream: Add a sshd_config PubkeyAuthOptions directive - make hostname matching really insensitive to case; - bz#2685, reported by Petr Cerny; ok dtucker@ + This directive has a single valid option "no-touch-required" that + causes sshd to skip checking whether user presence was tested before + a security key signature was made (usually by the user touching the + key). - Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 + ok markus@ + + OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de -commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f +commit b7e74ea072919b31391bc0f5ff653f80b9f5e84f Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 03:52:48 2017 +0000 +Date: Mon Nov 25 00:51:37 2019 +0000 - upstream commit + upstream: Add new structure for signature options + + This is populated during signature verification with additional fields + that are present in and covered by the signature. At the moment, it is + only used to record security key-specific options, especially the flags + field. - reword a comment to make it fit 80 columns + with and ok markus@ - Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 + OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49 -commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc +commit d2b0f88178ec9e3f11b606bf1004ac2fe541a2c3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 04:27:32 2017 +0000 +Date: Mon Nov 25 00:38:17 2019 +0000 - upstream commit + upstream: memleak in error path - better match sshd config parser behaviour: fatal() if - line is overlong, increase line buffer to match sshd's; bz#2651 reported by - Don Fong; ok dtucker@ + OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112 + +commit e2c0a21ade5e0bd7f0aab08d7eb9457f086681e9 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Nov 22 06:50:30 2019 +0000 + + upstream: Wait for FD to be readable or writeable during a nonblocking + + connect, not just readable. Prevents a timeout when the server doesn't + immediately send a banner (eg multiplexers like sslh) but is also slightly + quicker for other connections since, unlike ssh1, ssh2 doesn't specify + that the client should parse the server banner before sending its own. + Patch from mnissler@chromium.org, ok djm@ + + OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d + +commit 2f95d43dc222ce194622b706682e8de07c9cfb42 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 20 16:34:11 2019 +1100 + + Include openssl compat header. - Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 + Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1. -commit db2597207e69912f2592cd86a1de8e948a9d7ffb +commit a70d92f236576c032a45c39e68ca0d71e958d19d Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 04:26:06 2017 +0000 +Date: Tue Nov 19 22:23:19 2019 +0000 - upstream commit + upstream: adjust on-wire signature encoding for ecdsa-sk keys to + + better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne - ensure hostname is lower-case before hashing it; - bz#2591 reported by Griff Miller II; ok dtucker@ + NB. if you are depending on security keys (already?) then make sure you + update both your clients and servers. - Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 + OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679 -commit df9936936c695f85c1038bd706d62edf752aca4b +commit 26369a5f7d9c4e4ef44a3e04910126e1bcea43d8 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 04:24:55 2017 +0000 +Date: Tue Nov 19 22:21:15 2019 +0000 - upstream commit + upstream: a little more information from the monitor when signature - make hostname matching really insensitive to case; - bz#2685, reported by Petr Cerny; ok dtucker@ + verification fails. - Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 + OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3 -commit 67eed24bfa7645d88fa0b883745fccb22a0e527e -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 04:11:00 2017 +0000 +commit 4402d6c9b5bf128dcfae2429f1d41cdaa8849b6b +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Nov 19 16:02:32 2019 +0000 - upstream commit + upstream: revert previous: naddy pointed out what's meant to - Remove old null check from config dumper. Patch from - jjelen at redhat.com vi bz#2687, ok djm@ + happen. rethink needed... - Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 + OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421 -commit 183ba55aaaecca0206184b854ad6155df237adbe -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 04:07:20 2017 +0000 +commit 88056f881315233e990e4e04a815f8f96b4674e1 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Nov 19 14:54:47 2019 +0000 - upstream commit + upstream: -c and -s do not make sense with -k; reshuffle -k into - fix regression in 7.4 server-sig-algs, where we were - accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno - Goncalves; ok dtucker@ + the main synopsis/usage; ok djm - Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 + OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc -commit 66be4fe8c4435af5bbc82998501a142a831f1181 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 03:53:11 2017 +0000 +commit 2cf262c21f35296c2ff718cfdb52e0473a1c3983 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Mon Nov 18 23:17:48 2019 +0000 - upstream commit + upstream: document '$' environment variable expansion for - Check for NULL return value from key_new. Patch from - jjelen at redhat.com via bz#2687, ok djm@ + SecurityKeyProvider; ok djm@ - Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e + OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799 -commit ec2892b5c7fea199914cb3a6afb3af38f84990bf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 03:52:48 2017 +0000 +commit f0edda81c5ebccffcce52b182c3033531a1aab71 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Mon Nov 18 23:16:49 2019 +0000 - upstream commit + upstream: more missing mentions of ed25519-sk; ok djm@ - reword a comment to make it fit 80 columns + OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff + +commit 189550f5bc85148e85f4caa1f6b2fc623149a4ee +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Mon Nov 18 16:10:05 2019 +0000 + + upstream: additional missing stdarg.h includes when built without + + WITH_OPENSSL; ok djm@ - Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 + OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b -commit 7fadbb6da3f4122de689165651eb39985e1cba85 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 03:48:57 2017 +0000 +commit 723a5369864b338c48d22854bc2bb4ee5c083deb +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Mon Nov 18 16:08:57 2019 +0000 - upstream commit + upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK - Check for NULL argument to sshkey_read. Patch from - jjelen at redhat.com via bz#2687, ok djm@ + addition; ok djm@ - Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e + OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474 -commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 03:45:40 2017 +0000 +commit 478f4f98e4e93ae4ed1a8911dec4e5b75ea10f30 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Nov 19 08:52:24 2019 +1100 - upstream commit + remove all EC algs from proposals, no just sk ones - Plug some mem leaks mostly on error paths. From jjelen - at redhat.com via bz#2687, ok djm@ + ok dtucker@ + +commit 6a7ef310da100f876a257b7367e3b0766dac3994 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Nov 18 22:22:04 2019 +1100 + + filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms - Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 + Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when + compiling without ECC support in libcrypto. -commit f6edbe9febff8121f26835996b1229b5064d31b7 +commit 64f56f1d1af3947a71a4c391f2c08747d19ee591 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 03:24:48 2017 +0000 +Date: Mon Nov 18 09:15:17 2019 +0000 - upstream commit + upstream: LibreSSL change the format for openssl rsa -text output from - Plug mem leak on GLOB_NOMATCH case. From jjelen at - redhat.com via bz#2687, ok djm@ + "publicExponent" to "Exponent" so accept either. with djm. - Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d + OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6 -commit 566b3a46e89a2fda2db46f04f2639e92da64a120 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 03:22:40 2017 +0000 +commit 4bfc0503ad94a2a7190686a89649567c20b8534f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 18 06:58:00 2019 +0000 - upstream commit + upstream: fix a bug that prevented serialisation of ed25519-sk keys - Plug descriptor leaks of auth_sock. From jjelen at - redhat.com via bz#2687, ok djm@ + OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9 + +commit d88205417084f523107fbe1bc92061635cd57fd2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 18 06:39:36 2019 +0000 + + upstream: Fix incorrect error message when key certification fails - Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 + OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee -commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 +commit 740c4bc9875cbb4b9fc03fd5eac19df080f20df5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 03:18:24 2017 +0000 +Date: Mon Nov 18 06:39:02 2019 +0000 - upstream commit + upstream: fix bug that prevented certification of ed25519-sk keys - correctly hash hosts with a port number. Reported by Josh - Powers in bz#2692; ok dtucker@ + OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996 + +commit 85409cbb505d8c463ab6e2284b4039764c7243de +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 18 06:24:17 2019 +0000 + + upstream: allow *-sk key types to be turned into certificates - Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 + OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945 -commit 9747b9c742de409633d4753bf1a752cbd211e2d3 +commit e2e1283404e06a22ac6135d057199e70dcadb8dd Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 10 03:15:58 2017 +0000 +Date: Mon Nov 18 04:55:02 2019 +0000 - upstream commit + upstream: mention ed25519-sk key/cert types here too; prompted by - don't truncate off \r\n from long stderr lines; bz#2688, - reported by Brian Dyson; ok dtucker@ + jmc@ - Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 + OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818 -commit 4a4b75adac862029a1064577eb5af299b1580cdd -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Mar 10 02:59:51 2017 +0000 +commit 97dc5d1d82865a7d20f1eb193b5c62ce684024e5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 18 04:50:45 2019 +0000 - upstream commit + upstream: mention ed25519-sk in places where it is accepted; - Validate digest arg in ssh_digest_final; from jjelen at - redhat.com via bz#2687, ok djm@ + prompted by jmc@ - Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 + OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442 -commit bee0167be2340d8de4bdc1ab1064ec957c85a447 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Mar 10 13:40:18 2017 +1100 +commit 130664344862a8c7afd3e24d8d36ce40af41a99f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 18 04:34:47 2019 +0000 - Check for NULL from malloc. + upstream: document ed25519-sk pubkey, private key and certificate + + formats - Part of bz#2687, from jjelen at redhat.com. + OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88 -commit da39b09d43b137a5a3d071b51589e3efb3701238 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Mar 10 13:22:32 2017 +1100 +commit 71856e1142fc01628ce53098f8cfc74765464b35 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 18 04:29:50 2019 +0000 - If OSX is using launchd, remove screen no. + upstream: correct order or ecdsa-sk private key fields - Check for socket with and without screen number. From Apple and Jakob - Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ + OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e -commit 8fb15311a011517eb2394bb95a467c209b8b336c +commit 93fa2a6649ae3e0626cbff25c985a4573d63e3f2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Mar 8 12:07:47 2017 +0000 +Date: Mon Nov 18 04:16:53 2019 +0000 - upstream commit + upstream: correct description of fields in pub/private keys (was - quote [host]:port in generated ProxyJump commandline; the - [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri - Tirkkonen via bugs@ + missing curve name); spotted by Sebastian Kinne - Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 + OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7 -commit 18501151cf272a15b5f2c5e777f2e0933633c513 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Mar 6 02:03:20 2017 +0000 +commit b497e920b409250309c4abe64229237b8f2730ba +Author: Damien Miller <djm@mindrot.org> +Date: Mon Nov 18 15:05:04 2019 +1100 - upstream commit + Teach the GTK2/3 ssh-askpass the new prompt hints - Check l->hosts before dereferencing; fixes potential null - pointer deref. ok djm@ + ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT + when running the askpass program. This is intended to allow the + askpass to vary its UI across the three cases it supports: asking for + a passphrase, confirming the use of a key and (recently) reminding + a user to touch their security key. - Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 + This adapts the gnome-ssh-askpass[23] to use these hints. Specifically, + for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show + only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind + users to tap their security key), it shows only a "close" button. + + Help wanted: adapt the other askpass programs in active use, including + x11-ssh-askpass, lxqt-openssh-askpass, etc. -commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Mar 6 00:44:51 2017 +0000 +commit 857f49e91eeae6feb781ef5f5e26c38ca3d953ec +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 18 14:15:26 2019 +1100 - upstream commit + Move ifdef OPENSSL_HAS_ECC. - linenum is unsigned long so use %lu in log formats. ok - deraadt@ + Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef. + ok djm@ + +commit 6cf1c40096a79e5eedcf897c7cdb46bb32d4a3ee +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 18 14:14:18 2019 +1100 + + Enable -Wimplicit-fallthrough if supported - Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 + Suggested by djm. -commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 +commit 103c51fd5f5ddc01cd6b5c1132e711765b921bf5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Mar 3 06:13:11 2017 +0000 +Date: Mon Nov 18 01:59:48 2019 +0000 - upstream commit + upstream: missing break in getopt switch; spotted by Sebastian Kinne + + OpenBSD-Commit-ID: f002dbf14dba5586e8407e90f0141148ade8e8fc + +commit 9a1225e8ca2ce1fe809910874935302234399a6d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Nov 16 23:17:20 2019 +0000 + + upstream: tweak debug message - fix ssh-keygen -H accidentally corrupting known_hosts that - contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by - hostkeys_foreach() when hostname matching is in use, so we need to look for - the hash marker explicitly. + OpenBSD-Commit-ID: 2bf336d3be0b7e3dd97920d7e7471146a281d2b9 + +commit 4103a3ec7c68493dbc4f0994a229507e943a86d3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Nov 16 22:42:30 2019 +0000 + + upstream: a little debug() in the security key interface - Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 + OpenBSD-Commit-ID: 4c70300609a5c8b19707207bb7ad4109e963b0e8 -commit d7abb771bd5a941b26144ba400a34563a1afa589 +commit 05daa211de926f66f50b7380d637f84dc6341574 Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 28 06:10:08 2017 +0000 +Date: Sat Nov 16 22:36:48 2019 +0000 - upstream commit + upstream: always use ssh-sk-helper, even for the internal USB HID - small memleak: free fd_set on connection timeout (though - we are heading to exit anyway). From Tom Rix in bz#2683 + support. This avoid the need for a wpath pledge in ssh-agent. - Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 + reported by jmc@ + + OpenBSD-Commit-ID: 19f799c4d020b870741d221335dbfa5e76691c23 -commit 78142e3ab3887e53a968d6e199bcb18daaf2436e -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Mon Feb 27 14:30:33 2017 +0000 +commit d431778a561d90131814f986b646299f9af33c8c +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Nov 15 15:41:01 2019 +0000 - upstream commit + upstream: fix typos in sk_enroll - errant dot; from klemens nanni + OpenBSD-Commit-ID: faa9bf779e008b3e64e2eb1344d9b7d83b3c4487 + +commit af90aec0443ec51e6b2d804cb91771d3905f8a6f +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Nov 15 11:16:28 2019 +0000 + + upstream: double word; - Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 + OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9 -commit 8071a6924c12bb51406a9a64a4b2892675112c87 +commit fd1a96490cef7f945a1b3b5df4e90c8a1070f425 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 24 03:16:34 2017 +0000 +Date: Fri Nov 15 06:00:20 2019 +0000 - upstream commit + upstream: remove most uses of BN_CTX + + We weren't following the rules re BN_CTX_start/BN_CTX_end and the places + we were using it didn't benefit from its use anyway. ok dtucker@ - might as well set the listener socket CLOEXEC + OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a + +commit 39b87104cdd47baf79ef77dc81de62cea07d119f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 15 18:56:54 2019 +1100 + + Add wrappers for other ultrix headers. - Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 + Wrappers protect against multiple inclusions for headers that don't do + it themselves. + +commit 134a74f4e0cf750931f1125beb2a3f40c54c8809 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 15 18:55:13 2019 +1100 + + Add SSIZE_MAX when we define ssize_t. + +commit 9c6d0a3a1ed77989d8c5436d8c3cc6c7045c0197 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 15 17:13:19 2019 +1100 -commit d5499190559ebe374bcdfa8805408646ceffad64 + Remove ultrix realpath hack. + +commit c63fba5e3472307167850bbd84187186af7fa9f0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Feb 19 00:11:29 2017 +0000 +Date: Fri Nov 15 05:37:27 2019 +0000 - upstream commit + upstream: unshield security key privkey before attempting signature - add test cases for C locale; ok schwarze@ + in agent. spotted by dtucker@ - Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 + OpenBSD-Commit-ID: fb67d451665385b8a0a55371231c50aac67b91d2 -commit 011c8ffbb0275281a0cf330054cf21be10c43e37 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Feb 19 00:10:57 2017 +0000 +commit d165bb5396e3f718480e6039ca2cf77f5a2c2885 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Fri Nov 15 05:26:56 2019 +0000 + + upstream: rewrite c99-ism + + OpenBSD-Commit-ID: d0c70cca29cfa7e6d9f7ec1d6d5dabea112499b3 + +commit 03e06dd0e6e1c0a9f4b4b9de7def8a44dcbf93a7 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Fri Nov 15 05:25:52 2019 +0000 + + upstream: only clang understands those new -W options + + OpenBSD-Commit-ID: d9b910e412d139141b072a905e66714870c38ac0 + +commit 5c0bc273cba53f822b7d777bbb6c35d160d3b505 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:08:00 2019 +1100 + + configure flag to built-in security key support + + Require --with-security-key-builtin before enabling the built-in + security key support (and consequent dependency on libfido2). + +commit fbcb9a7fa55300b8bd4c18bee024c6104c5a25d7 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:06:30 2019 +1100 upstream commit - Add a common nl_langinfo(CODESET) alias for US-ASCII - "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for - non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ + revision 1.48 + date: 2019/02/04 16:45:40; author: millert; state: Exp; lines: +16 -17; commitid: cpNtVC7erojNyctw; + Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX. + This requires a libc major version bump. OK deraadt@ + +commit 2cfb11abac85885de0cb888bbeb9a3e4303105ea +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:05:07 2019 +1100 + + upstream commit - Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 + revision 1.47 + date: 2017/05/08 14:53:27; author: millert; state: Exp; lines: +34 -21; commitid: sYfxfyUHAfarP8sE; + Fix exponential CPU use with repeated '*' operators by changing '*' + handling to be interative instead of recursive. + Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@ -commit 0c4430a19b73058a569573492f55e4c9eeaae67b -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Feb 7 23:03:11 2017 +0000 +commit 228dd595c7882bb9b161dbb7d4dca15c8a5f03f5 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:04:28 2019 +1100 upstream commit - Remove deprecated SSH1 options RSAAuthentication and - RhostsRSAAuthentication from regression test sshd_config. + revision 1.46 + date: 2015/12/28 22:08:18; author: mmcc; state: Exp; lines: +5 -9; commitid: 0uXuF2O13NH9q2e1; + Remove NULL-checks before free() and a few related dead assignments. - Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 + ok and valuable input from millert@ -commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 17 02:32:05 2017 +0000 +commit a16f748690139b9f452485d97511ad5e578f59b2 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:02:43 2019 +1100 upstream commit - Do not show rsa1 key type in usage when compiled without - SSH1 support. + revision 1.44 + date: 2015/09/14 16:09:13; author: tedu; state: Exp; lines: +3 -5; commitid: iWfSX2BIn0sLw62l; + remove null check before free. from Michael McConville + ok semarie + +commit fd37cdeafe25adfcdc752280f535d28de7997ff1 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:02:27 2019 +1100 + + upstream commit - Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 + revision 1.43 + date: 2015/06/13 16:57:04; author: deraadt; state: Exp; lines: +4 -4; commitid: zOUKuqWBdOPOz1SZ; + in glob() initialize the glob_t before the first failure check. + from j@pureftpd.org + ok millert stsp -commit ecc35893715f969e98fee118481f404772de4132 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 17 02:31:14 2017 +0000 +commit fd62769c3882adea118dccaff80a06009874a2d1 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:01:20 2019 +1100 upstream commit - ifdef out "rsa1" from the list of supported keytypes when - compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ + revision 1.42 + date: 2015/02/05 12:59:57; author: millert; state: Exp; lines: +2 -1; commitid: DTQbfd4poqBW8iSJ; + Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ + +commit 2b6cba7ee2b8b36f393be739c860a9d2e5d8eb48 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 16:00:07 2019 +1100 + + upstream commit - Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f + revision 1.41 + date: 2014/10/08 05:35:27; author: deraadt; state: Exp; lines: +3 -3; commitid: JwTGarRLHQKDgPh2; + obvious realloc -> reallocarray conversion -commit 10577c6d96a55b877a960b2d0b75edef1b9945af +commit ab3600665387ae34785498558c4409e27f495b0b Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 17 02:04:15 2017 +0000 +Date: Fri Nov 15 04:12:32 2019 +0000 - upstream commit + upstream: don't consult dlopen whitelist for internal security key - For ProxyJump/-J, surround host name with brackets to - allow literal IPv6 addresses. From Dick Visser; ok dtucker@ + provider; spotted by dtucker@ - Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 + OpenBSD-Commit-ID: bfe5fbd17e4ff95dd85b9212181652b54444192e -commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Wed Feb 15 23:38:31 2017 +0000 +commit 19f8ec428db835f68c1cfd63587e9880ccd6486c +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 15:08:28 2019 +1100 + + upstream commit + + revision 1.40 + date: 2013/09/30 12:02:34; author: millert; state: Exp; lines: +14 -15; + Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX not MAXPATHNAMELEN, + MAXNAMLEN or MAXLOGNAME where possible. OK deraadt@ + +commit bb7413db98e418d4af791244660abf6c829783f5 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 15:07:30 2019 +1100 upstream commit - Fix memory leaks in match_filter_list() error paths. + revision 1.39 + date: 2012/01/20 07:09:42; author: tedu; state: Exp; lines: +4 -4; + the glob stat limit is way too low. bump to 2048. + while here, failed stats should count against the limit too. + ok deraadt sthen stsp + +commit 01362cf7cb979525c014714e2bccf799a46e772e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 15 03:41:57 2019 +0000 + + upstream: U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when + + probed to see if they own a key handle. Handle this case so the find_device() + look can work for them. Reported by Michael Forney + + OpenBSD-Commit-ID: 2ccd5b30a6ddfe4dba228b7159bf168601bd9166 + +commit cf62307bc9758105913dcb91b418e4968ac2244d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 15 14:01:00 2019 +1100 + + Add libfido2 to INSTALL. + +commit 69fbda1894349d1f420c842dfcbcc883239d1aa7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 15 13:42:15 2019 +1100 + + libcrypto is now optional. + +commit 45ffa369886e37930776d7c15dd8b973242d6ecc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 15 02:38:07 2019 +0000 + + upstream: show the "please touch your security key" notifier when - ok dtucker@ markus@ + using the (default) build-in security key support. - Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e + OpenBSD-Commit-ID: 4707643aaa7124501d14e92d1364b20f312a6428 -commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 +commit 49dc9fa928d77807c53bdc2898db7fb515fe5eb3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 15 01:46:47 2017 +0000 +Date: Fri Nov 15 02:37:24 2019 +0000 - upstream commit + upstream: close the "touch your security key" notifier on the error - fix division by zero crash in "df" output when server - returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok - dtucker@ + path too - Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f + OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829 -commit bd5d7d239525d595ecea92765334af33a45d9d63 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Sun Feb 12 15:45:15 2017 +1100 +commit 22a82712e89bf17c27427aeba15795fb4011a0c2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 15 02:20:06 2019 +0000 - ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR + upstream: correct function name in debug message - EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out - for the benefit of OpenSSL versions prior to that. + OpenBSD-Commit-ID: 2482c99d2ce448f39282493050f8a01e3ffc39ab -commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe +commit 018e2902a65c22faded215a7c588492c948f108c Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 10 04:34:50 2017 +0000 +Date: Fri Nov 15 00:32:40 2019 +0000 - upstream commit + upstream: follow existing askpass logic for security key notifier: - bring back r1.34 that was backed out for problems loading - public keys: + fall back to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment + variable is set. - translate OpenSSL error codes to something more - meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ + OpenBSD-Commit-ID: cda753726b13fb797bf7a9f7a0b3022d9ade4520 + +commit 575d0042a94997c1eeb86a6dcfb30b3c7bdbcba3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Nov 14 21:56:52 2019 +0000 + + upstream: remove debugging goop that snuck in to last commit - with additional fix from Jakub Jelen to solve the backout. - bz#2525 bz#2523 re-ok dtucker@ + OpenBSD-Commit-ID: 8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e + +commit 63a5b24f2dbdc9a4bf2182ac3db26731ddc617e8 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 11:21:26 2019 +1100 + + don't fatal if libfido2 not found - Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 + spotted by dtucker@ -commit a287c5ad1e0bf9811c7b9221979b969255076019 +commit 129952a81c00c332721b4ba3ede868c720ad7f4e +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 15 11:17:12 2019 +1100 + + correct object dependency + +commit 6bff9521ab9a9f7396d635755c342b72373bb4f9 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 10 03:36:40 2017 +0000 +Date: Thu Nov 14 21:27:29 2019 +0000 - upstream commit + upstream: directly support U2F/FIDO2 security keys in OpenSSH by - Sanitise escape sequences in key comments sent to printf - but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ + linking against the (previously external) USB HID middleware. The dlopen() + capability still exists for alternate middlewares, e.g. for Bluetooth, NFC + and test/debugging. - Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e + OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069 -commit e40269be388972848aafcca7060111c70aab5b87 -Author: millert@openbsd.org <millert@openbsd.org> -Date: Wed Feb 8 20:32:43 2017 +0000 +commit 4f5e331cb8e11face3025aa6578662dde489c3ad +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Nov 13 22:00:21 2019 +0000 - upstream commit + upstream: in order to be able to figure out the number of - Avoid printf %s NULL. From semarie@, OK djm@ + signatures left on a shielded key, we need to transfer the number of + signatures left from the private to the public key. ok djm@ - Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c + OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574 -commit 5b90709ab8704dafdb31e5651073b259d98352bc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 6 09:22:51 2017 +0000 +commit dffd02e297e6c2a4e86775f293eb1b0ff01fb3df +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Nov 13 20:25:45 2019 +0000 - upstream commit + upstream: fix check for sig_s; noted by qsa at qualys.com - Restore \r\n newline sequence for server ident string. The CR - got lost in the flensing of SSHv1. Pointed out by Stef Bon + OpenBSD-Commit-ID: 34198084e4afb424a859f52c04bb2c9668a52867 + +commit fc173aeb1526d4268db89ec5dfebaf8750dd26cd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Nov 13 11:25:11 2019 +0000 + + upstream: When clients get denied by MaxStartups, send a + + noification prior to the SSH2 protocol banner according to RFC4253 section + 4.2. ok djm@ deraadt@ markus@ - Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac + OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63 -commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 3 23:01:42 2017 +0000 +commit bf219920b70cafbf29ebc9890ef67d0efa54e738 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed Nov 13 07:53:10 2019 +0000 - upstream commit + upstream: fix shield/unshield for xmss keys: - in ssh-agent we need - unit test for match_filter_list() function; still want a - better name for this... + to delay the call to shield until we have received key specific options. - + when serializing xmss keys for shield we need to deal with all optional + components (e.g. state might not be loaded). ok djm@ - Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a + OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f -commit f1a193464a7b77646f0d0cedc929068e4a413ab4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 3 23:05:57 2017 +0000 +commit 40598b85d72a509566b7b2a6d57676c7231fed34 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Nov 13 05:42:26 2019 +0000 - upstream commit + upstream: remove size_t gl_pathc < 0 test, it is invalid. the - use ssh_packet_set_log_preamble() to include connection - username in packet log messages, e.g. + return value from glob() is sufficient. discussed with djm - Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] + OpenBSD-Commit-ID: c91203322db9caaf7efaf5ae90c794a91070be3c + +commit 72687c8e7c38736e3e64e833ee7aa8f9cd9efed1 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Nov 13 04:47:52 2019 +0000 + + upstream: stdarg.h required more broadly; ok djm - ok markus@ bz#113 + OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513 + +commit 1e0b248d47c96be944868a735553af8482300a07 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 14 16:08:17 2019 +1100 + + Put sshsk_sign call inside ifdef ENABLE_SK. - Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 + Fixes build against OpenSSL configured without ECC. -commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 3 23:03:33 2017 +0000 +commit 546274a6f89489d2e6be8a8b62f2bb63c87a61fd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 13 23:27:31 2019 +1100 - upstream commit + Remove duplicate __NR_clock_nanosleep + +commit b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 13 23:19:35 2019 +1100 + + seccomp: Allow clock_nanosleep() in sandbox. - add ssh_packet_set_log_preamble() to allow inclusion of a - preamble string in disconnect messages; ok markus@ + seccomp: Allow clock_nanosleep() to make OpenSSH working with latest + glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093. + +commit 2b523d23804c13cb68db135b919fcf312c42b580 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 13 11:56:56 2019 +1100 + + Include stdarg.h for va_list in xmalloc.h. + +commit 245dcbdca5374296bdb9c48be6e24bdf6b1c0af7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 13 11:19:26 2019 +1100 + + Put headers inside ifdef _AIX. - Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead + Prevents compile errors due to missing definitions (eg va_list) on + non-AIX platforms. + +commit a4cc579c6ad2b2e54bdd6cc0d5e12c2288113a56 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 13 10:41:41 2019 +1100 -commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 + Fix comment in match_usergroup_pattern_list. + + Spotted by balu.gajjala@gmail.com via bz#3092. + +commit fccff339cab5aa66f2554e0188b83f980683490b Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 3 23:01:19 2017 +0000 +Date: Tue Nov 12 22:38:19 2019 +0000 - upstream commit + upstream: allow an empty attestation certificate returned by a + + security key enrollment - these are possible for tokens that only offer self- + attestation. This also needs support from the middleware. - support =- for removing methods from algorithms lists, - e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like - it" markus@ + ok markus@ - Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d + OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc -commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e +commit e44bb61824e36d0d181a08489c16c378c486a974 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 3 05:05:56 2017 +0000 +Date: Tue Nov 12 22:36:44 2019 +0000 - upstream commit + upstream: security keys typically need to be tapped/touched in - allow form-feed characters at EOL; bz#2431 ok dtucker@ + order to perform a signature operation. Notify the user when this is expected + via the TTY (if available) or $SSH_ASKPASS if we can. + + ok markus@ - Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 + OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609 -commit 523db8540b720c4d21ab0ff6f928476c70c38aab -Author: Damien Miller <djm@mindrot.org> -Date: Fri Feb 3 16:01:22 2017 +1100 +commit 4671211068441519011ac0e38c588317f4157ba1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Nov 12 22:35:02 2019 +0000 - prefer to use ldns-config to find libldns + upstream: pass SSH_ASKPASS_PROMPT hint to y/n key confirm too - Should fix bz#2603 - "Build with ldns and without kerberos support - fails if ldns compiled with kerberos support" by including correct - cflags/libs + OpenBSD-Commit-ID: 08d46712e5e5f1bad0aea68e7717b7bec1ab8959 + +commit 5d1c1590d736694f41b03e686045f08fcae20d62 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Nov 12 22:34:20 2019 +0000 + + upstream: dd API for performing one-shot notifications via tty or - ok dtucker@ + SSH_ASKPASS + + OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3 -commit c998bf0afa1a01257a53793eba57941182e9e0b7 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 3 02:56:00 2017 +0000 +commit 166927fd410823eec8a7b2472463db51e0e6fef5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Nov 12 22:32:48 2019 +0000 - upstream commit + upstream: add xvasprintf() - Make ssh_packet_set_rekey_limits take u32 for the number of - seconds until rekeying (negative values are rejected at config parse time). - This allows the removal of some casts and a signed vs unsigned comparison - warning. + OpenBSD-Commit-ID: e5e3671c05c121993b034db935bce1a7aa372247 + +commit 782093ec6cf64cc6c4078410093359869ea9329f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 13 09:08:55 2019 +1100 + + Remove leftover if statement from sync. + +commit b556cc3cbf0c43f073bb41bba4e92ca709a1ec13 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:34:40 2019 +0000 + + upstream: remove extra layer for ed25519 signature; ok djm@ - rekey_time is cast to int64 for the comparison which is a no-op - on OpenBSD, but should also do the right thing in -portable on - anything still using 32bit time_t (until the system time actually - wraps, anyway). + OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47 + +commit 3fcf69ace19e75cf9dcd7206f396adfcb29611a8 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:34:00 2019 +0000 + + upstream: check sig_r and sig_s for ssh-sk keys; ok djm - some early guidance deraadt@, ok djm@ + OpenBSD-Commit-ID: 1a1e6a85b5f465d447a3800f739e35c5b74e0abc + +commit 2c55744a56de0ffc81fe445a1e7fc5cd308712b3 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:33:08 2019 +0000 + + upstream: enable ed25519 support; ok djm - Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c + OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e -commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Thu Feb 2 10:54:25 2017 +0000 +commit fd1a3b5e38721b1d69aae2d9de1a1d9155dfa5c7 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:32:30 2019 +0000 - upstream commit + upstream: update sk-api to version 2 for ed25519 support; ok djm - In vasnmprintf() return an error if malloc fails and - don't set a function argument to the address of free'd memory. + OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a + +commit 7c32b51edbed5bd57870249c0a45dffd06be0002 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:31:45 2019 +0000 + + upstream: implement sshsk_ed25519_assemble(); ok djm - ok djm@ + OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6 + +commit fe05a36dc0ea884c8c2395d53d804fe4f4202b26 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:31:18 2019 +0000 + + upstream: implement sshsk_ed25519_inner_sig(); ok djm - Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 + OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910 -commit 858252fb1d451ebb0969cf9749116c8f0ee42753 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Feb 1 02:59:09 2017 +0000 +commit e03a29e6554cd0c9cdbac0dae53dd79e6eb4ea47 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:30:50 2019 +0000 - upstream commit + upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm - Return true reason for port forwarding failures where - feasible rather than always "administratively prohibited". bz#2674, ok djm@ + OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19 + +commit bc7b5d6187de625c086b5f639b25bbad17bbabfc +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:30:21 2019 +0000 + + upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@ - Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 + OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584 -commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Jan 30 23:27:39 2017 +0000 +commit cef84a062db8cfeece26f067235dc440f6992c17 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:29:54 2019 +0000 - upstream commit + upstream: factor out sshsk_ecdsa_assemble(); ok djm@ - Small correction to the known_hosts section on when it is - updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at - sdf.org + OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026 + +commit 7c096c456f33f3d2682736d4735cc10e790276e9 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Tue Nov 12 19:29:24 2019 +0000 + + upstream: implement ssh-ed25519-sk verification; ok djm@ - Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 + OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6 + +commit ba5fb02bed1e556d0ce7b1740ae8a5f87b737491 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Nov 13 08:48:30 2019 +1100 -commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Feb 3 14:10:34 2017 +1100 + ignore ssh-sk-helper - Remove _XOPEN_SOURCE from wide char detection. +commit 78c96498947f711141f493a40d202c482cc59438 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Mon Nov 11 19:53:37 2019 +0000 + + upstream: skip demanding -fstack-protector-all on hppa. we never - Having _XOPEN_SOURCE unconditionally causes problems on some platforms - and configurations, notably Solaris 64-bit binaries. It was there for - the benefit of Linux put the required bits in the *-*linux* section. + wrote a stack protector for reverse-stack architectures, and i don't think + anyone else did either. a warning per compiled file is just annoying. - Patch from yvoinov at gmail.com. + OpenBSD-Commit-ID: 14806a59353152f843eb349e618abbf6f4dd3ada -commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd +commit aa1c9e37789f999979fe59df74ce5c8424861ac8 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 05:22:14 2017 +0000 +Date: Fri Nov 8 03:54:02 2019 +0000 - upstream commit + upstream: duplicate 'x' character in getopt(3) optstring + + OpenBSD-Commit-ID: 64c81caa0cb5798de3621eca16b7dd22e5d0d8a7 + +commit aa4c640dc362816d63584a16e786d5e314e24390 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Nov 7 08:38:38 2019 +0000 + + upstream: Fill in missing man page bits for U2F security key support: + + Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's + SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, + and ssh-keygen's new -w and -x options. - fully unbreak: some $SSH invocations did not have -F - specified and could pick up the ~/.ssh/config of the user running the tests + Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal + substitutions. - Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 + ok djm@ + + OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4 -commit 6956e21fb26652887475fe77ea40d2efcf25908b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 04:54:07 2017 +0000 +commit b236b27d6dada7f0542214003632b4e9b7aa1380 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 3 00:10:43 2019 +1100 - upstream commit + Put sftp-realpath in libssh.a - partially unbreak: was not specifying hostname on some - $SSH invocations + and remove it from the specific binary targets. + +commit 382c18c20cdcec45b5d21ff25b4a5e0df91a68c4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 3 00:09:21 2019 +1100 + + statfs might be defined in sys/mount.h. - Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc + eg on old NetBSDs. -commit 52763dd3fe0a4678dafdf7aeb32286e514130afc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 01:03:00 2017 +0000 +commit 03ffc0951c305c8e3b5fdc260d65312a57f8f7ea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Nov 2 23:25:01 2019 +1100 - upstream commit + Put stdint.h inside ifdef HAVE_STDINT_H. + +commit 19cb64c4b42d4312ce12091fd9436dbd6898998c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Nov 2 22:45:44 2019 +1100 + + Rebuild .depend. + +commit 3611bfe89b92ada5914526d8ff0919aeb967cfa7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Nov 2 22:42:05 2019 +1100 + + Define __BSD_VISIBLE in fnmatch.h. - revise keys/principals command hang fix (bz#2655) to - consume entire output, avoiding sending SIGPIPE to subprocesses early; ok - dtucker@ + .. since we use symbols defined only when it is when using the compat + fnmatch. + +commit f5cc5816aaddb8eca3cba193f53e99d6a0b37d05 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Nov 2 16:39:38 2019 +1100 + + Only enable U2F if OpenSSL supports ECC. - Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc + This requires moving the U2F bits to below the OpenSSL parts so we have + the required information. ok djm@ -commit 381a2615a154a82c4c53b787f4a564ef894fe9ac -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 00:38:50 2017 +0000 +commit ad38406fc95fa223b0ef2edf8ff50508f8ab1cb6 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Fri Nov 1 12:10:43 2019 +0000 - upstream commit + upstream: fix miscellaneous text problems; ok djm@ - small cleanup post SSHv1 removal: + OpenBSD-Commit-ID: 0cbf411a14d8fa0b269b69cbb1b4fc0ca699fe9f + +commit 9cac151c2dc76b8e5b727b2fa216f572e372170f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 18:26:07 2019 +1100 + + Add flags needed to build and work on Ultrix. + +commit 0e3c5bc50907d2058407641b5a3581b7eda91b7e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 18:24:29 2019 +1100 + + Hook up fnmatch for platforms that don't have it. + +commit b56dbfd9d967e5b6ce7be9f81f206112e19e1030 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 18:17:42 2019 +1100 + + Add missing bracket in realpath macro. + +commit 59ccb56f15e5e530e7c1b5a0b361749d8c6217d5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 17:32:47 2019 +1100 + + Import fnmatch.c from OpenBSD. + +commit 79d46de9fbea0f3c0e8ae7cf84effaba089071b0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 15:22:32 2019 +1100 + + Use sftp_realpath if no native realpath. + +commit bb4f003ed8c5f61ec74a66bcedc8ab19bf5b35c4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 15:06:16 2019 +1100 + + Configure flags for haiku from haikuports. - remove SSHv1-isms in commented examples + Should build with the default flags with ./configure + +commit 4332b4fe49360679647a8705bc08f4e81323f6b4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 1 03:54:33 2019 +0000 + + upstream: fix a race condition in the SIGCHILD handler that could turn - reorder token table to group deprecated and compile-time conditional tokens - better + in to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@ - fix config dumping code for some compile-time conditional options that - weren't being correctly skipped (SSHv1 and PKCS#11) + OpenBSD-Commit-ID: ac2742e04a69d4c34223505b6a32f6d686e18896 + +commit 03f9205f0fb49ea2507eacc143737a8511ae5a4e +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 1 14:49:25 2019 +1100 + + conditionalise SK sign/verify on ENABLE_SK - Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 + Spotted by Darren and his faux-Vax + +commit 5eb7b9563ff818e17de24231bf2d347d9db302c5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 14:41:07 2019 +1100 + + Add prototype for localtime_r if needed. + +commit d500b59a825f6a58f2abf7b04eb1992d81e45d58 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 1 13:42:12 2019 +1100 -commit 4833d01591b7eb049489d9558b65f5553387ed43 + Check if IP_TOS is defined before using. + +commit 764d51e04460ec0da12e05e4777bc90c116accb9 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 1 13:34:49 2019 +1100 + + autoconf pieces for U2F support + + Mostly following existing logic for PKCS#11 - turning off support + when either libcrypto or dlopen(3) are unavailable. + +commit 45f17a159acfc5a8e450bfbcc2cffe72950ed7a3 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 00:34:01 2017 +0000 +Date: Fri Nov 1 02:32:05 2019 +0000 - upstream commit + upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path - some explicit NULL tests when dumping configured - forwardings; from Karsten Weiss + OpenBSD-Commit-ID: 95a7cafad2a4665d57cabacc28031fabc0bea9fc + +commit db8d13f7925da7337df87248995c533e111637ec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 1 02:06:52 2019 +0000 + + upstream: more additional source files - Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d + OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f -commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 +commit f89c5df65dd307739ff22319c2cf847d3b0c5ab4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 00:32:28 2017 +0000 +Date: Fri Nov 1 02:04:25 2019 +0000 - upstream commit + upstream: additional source files here too - misplaced braces in test; from Karsten Weiss + OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd + +commit 02275afa1ecbfbd39f27d34c97090e76bec232ec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Nov 1 02:03:27 2019 +0000 + + upstream: additional source files here too - Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae + OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce -commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb +commit dfc8f01b9886c7999e6e20acf3f7492cb8c80796 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 30 00:32:03 2017 +0000 +Date: Fri Nov 1 01:57:59 2019 +0000 - upstream commit + upstream: adapt to extra sshkey_sign() argument and additional - don't dereference authctxt before testing != NULL, it - causes compilers to make assumptions; from Karsten Weiss + dependencies - Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 + OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e -commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 +commit afa59e26eeb44a93f36f043f60b936eaddae77c4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 6 02:51:16 2017 +0000 +Date: Fri Nov 1 01:55:41 2019 +0000 - upstream commit + upstream: skip security-key key types for tests until we have a - use correct ssh-add program; bz#2654, from Colin Watson + dummy U2F middleware to use. - Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 + OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95 -commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jan 6 02:26:10 2017 +0000 +commit de871e4daf346a712c78fa4ab8f18b231a47cb85 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Nov 1 00:52:35 2019 +0000 - upstream commit + upstream: sort; - Account for timeouts in the integrity tests as failures. + OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16 + +commit 2aae149a34b1b5dfbef423d3b7999a96818969bb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:37:33 2019 +0000 + + upstream: undo debugging bits that shouldn't have been committed - If the first test in a series for a given MAC happens to modify the low - bytes of a packet length, then ssh will time out and this will be - interpreted as a test failure. Patch from cjwatson at debian.org via - bz#2658. + OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf + +commit 3420e0464bd0e8fedcfa5fd20ad37bdc740ad5b4 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 1 09:24:58 2019 +1100 + + depend + +commit b923a90abc7bccb11a513dc8b5c0f13a0ea9682c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:28:27 2019 +0000 + + upstream: fix -Wshadow warning - Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 + OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c -commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jan 6 02:09:25 2017 +0000 +commit 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:23:19 2019 +0000 - upstream commit + upstream: Refactor signing - use sshkey_sign for everything, + + including the new U2F signatures. - Make forwarding test less racy by using unix domain - sockets instead of TCP ports where possible. Patch from cjwatson at - debian.org via bz#2659. + Don't use sshsk_ecdsa_sign() directly, instead make it reachable via + sshkey_sign() like all other signature operations. This means that + we need to add a provider argument to sshkey_sign(), so most of this + change is mechanically adding that. - Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 + Suggested by / ok markus@ + + OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c -commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Jan 29 21:35:23 2017 +0000 +commit 07da39f71d36fb547749a5b16aa8892e621a7e4a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:22:01 2019 +0000 - upstream commit + upstream: ssh-agent support for U2F/FIDO keys - Fix typo in ~C error message for bad port forward - cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's - bugtracker. + feedback & ok markus@ - Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af + OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb -commit 4ba15462ca38883b8a61a1eccc093c79462d5414 -Author: guenther@openbsd.org <guenther@openbsd.org> -Date: Sat Jan 21 11:32:04 2017 +0000 +commit eebec620c9519c4839d781c4d5b6082152998f82 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:20:38 2019 +0000 - upstream commit + upstream: ssh AddKeysToAgent support for U2F/FIDO keys - The POSIX APIs that that sockaddrs all ignore the s*_len - field in the incoming socket, so userspace doesn't need to set it unless it - has its own reasons for tracking the size along with the sockaddr. + feedback & ok markus@ - ok phessler@ deraadt@ florian@ + OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91 + +commit 486164d060314a7f8bca2a00f53be9e900c5e74d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:19:56 2019 +0000 + + upstream: ssh-add support for U2F/FIDO keys - Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 + OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644 -commit a1187bd3ef3e4940af849ca953a1b849dae78445 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Fri Jan 6 16:28:12 2017 +0000 +commit b9dd14d3091e31fb836f69873d3aa622eb7b4a1c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:19:14 2019 +0000 - upstream commit + upstream: add new agent key constraint for U2F/FIDO provider - keep the tokens list sorted; + feedback & ok markus@ - Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 + OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172 -commit b64077f9767634715402014f509e58decf1e140d +commit 884416bdb10468f1252e4d7c13d51b43dccba7f6 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 6 09:27:52 2017 +0000 +Date: Thu Oct 31 21:18:28 2019 +0000 - upstream commit - - fix previous + upstream: ssh client support for U2F/FIDO keys - Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 + OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc -commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de +commit 01a0670f69c5b86e471e033b92145d6c7cc77c58 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 6 03:53:58 2017 +0000 +Date: Thu Oct 31 21:17:49 2019 +0000 - upstream commit + upstream: Separate myproposal.h userauth pubkey types + + U2F/FIDO keys are not supported for host authentication, so we need + a separate list for user keys. - show a useful error message when included config files - can't be opened; bz#2653, ok dtucker@ + feedback & ok markus@ - Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b + OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429 -commit 13bd2e2d622d01dc85d22b94520a5b243d006049 +commit 23f38c2d8cda3fad24e214e1f0133c42435b54ee Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 6 03:45:41 2017 +0000 +Date: Thu Oct 31 21:17:09 2019 +0000 - upstream commit - - sshd_config is documented to set - GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. - bz#2637 ok dtucker + upstream: ssh-keygen support for generating U2F/FIDO keys - Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 + OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37 -commit f89b928534c9e77f608806a217d39a2960cc7fd0 +commit ed3467c1e16b7396ff7fcf12d2769261512935ec Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 6 03:41:58 2017 +0000 +Date: Thu Oct 31 21:16:20 2019 +0000 - upstream commit + upstream: U2F/FIDO middleware interface - Avoid confusing error message when attempting to use - ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 + Supports enrolling (generating) keys and signatures. - Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 + feedback & ok markus@ + + OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592 -commit 0999533014784579aa6f01c2d3a06e3e8804b680 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jan 6 02:34:54 2017 +0000 +commit 02bb0768a937e50bbb236efc2bbdddb1991b1c85 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 31 21:15:14 2019 +0000 - upstream commit + upstream: Initial infrastructure for U2F/FIDO support - Re-add '%k' token for AuthorizedKeysCommand which was - lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. + Key library support: including allocation, marshalling public/private + keys and certificates, signature validation. - Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 + feedback & ok markus@ + + OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7 -commit 51045869fa084cdd016fdd721ea760417c0a3bf3 +commit 57ecc10628b04c384cbba2fbc87d38b74cd1199d Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 4 05:37:40 2017 +0000 +Date: Thu Oct 31 21:14:17 2019 +0000 - upstream commit + upstream: Protocol documentation for U2F/FIDO keys in OpenSSH + + OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915 + +commit f4fdcd2b7a2bbf5d8770d44565173ca5158d4dcb +Author: Damien Miller <djm@mindrot.org> +Date: Fri Nov 1 08:36:16 2019 +1100 + + Missing unit test files + +commit 1bcd1169c5221688418fa38606e9c69055b72451 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Oct 29 19:45:03 2019 +1100 + + Add implementation of localtime_r. + +commit 2046ed16c1202431b0307674c33a123a113e8297 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Oct 29 07:47:27 2019 +0000 + + upstream: Signal handler cleanup: remove leftover support for - unbreak Unix domain socket forwarding for root; ok + unreliable signals and now-unneeded save and restore of errno. ok deraadt@ markus@ - Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 + OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88 -commit 58fca12ba967ea5c768653535604e1522d177e44 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Jan 16 09:08:32 2017 +1100 +commit 70fc9a6ca4dd33cb2dd400a4dad5db9683a3d284 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Oct 22 08:50:35 2019 +0000 - Remove LOGIN_PROGRAM. + upstream: fixes from lucas; - UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org + OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2 -commit b108ce92aae0ca0376dce9513d953be60e449ae1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 4 02:21:43 2017 +0000 +commit 702368aa4381c3b482368257ac574a87b5a80938 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Oct 22 07:06:35 2019 +0000 - upstream commit - - relax PKCS#11 whitelist a bit to allow libexec as well as - lib directories. + upstream: Import regenerated moduli file. - Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 + OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987 -commit c7995f296b9222df2846f56ecf61e5ae13d7a53d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 3 05:46:51 2017 +0000 +commit 5fe81da22652f8caa63e9e3a1af519a85d36337e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 21:19:47 2019 +1100 - upstream commit + Fix ifdefs to not mask needed bits. + +commit 7694e9d2fb5785bbdd0920dce7a160bd79feaf00 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 17:05:36 2019 +1100 + + Only use RLIMIT_NOFILE if it's defined. + +commit d561b0b2fa2531b4cc3bc70a7d657c6485c9fd0b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 16:09:04 2019 +1100 + + Make sure we have struct statfs before using. + +commit 2912596aecfcf48e5115c7a906d1e664f7717a4b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 16:06:59 2019 +1100 + + Define UINT32_MAX if needed. + +commit 7169e31121e8c8cc729b55154deb722ae495b316 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 16:00:45 2019 +1100 + + Move utimensat definition into timespec section. - check number of entries in SSH2_FXP_NAME response; avoids - unreachable overflow later. Reported by Jann Horn + Since utimensat uses struct timespec, move it to the section where we + define struct timespec when needed. + +commit 850ec1773d656cbff44d78a79e369dc262ce5853 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 15:57:22 2019 +1100 + + Wrap OpenSSL bits in WITH_OPENSSL. + +commit 6fc7e1c6fec3ba589869ae98e968c0e5e2e4695b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 28 15:53:25 2019 +1100 + + Wrap poll.h includes in HAVE_POLL_H. + +commit 9239a18f96905cc1a353e861e33af093652f24e7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Oct 24 14:39:49 2019 +1100 + + Add a function call stackprotector tests. - Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f + Including a function call in the test programs for the gcc stack + protector flag tests exercises more of the compiler and makes it more + likely it'll detect problems. + +commit b9705393be4612fd5e29d0cd8e7cf2b66ed19eb7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Oct 22 18:09:22 2019 +1100 -commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 + Import regenerated moduli file. + +commit 76ed2199491397e0f9902ade80d5271e4a9b2630 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Dec 30 22:08:02 2016 +0000 +Date: Wed Oct 16 06:05:39 2019 +0000 - upstream commit + upstream: potential NULL dereference for revoked hostkeys; reported - fix deadlock when keys/principals command produces a lot of - output and a key is matched early; bz#2655, patch from jboning AT gmail.com + by krishnaiah bommu - Upstream-ID: e19456429bf99087ea994432c16d00a642060afe + OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506 -commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Dec 20 12:16:11 2016 +1100 +commit 6500c3bc71bf4fe14972c1177e6b93f1164d07a4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 16 06:03:30 2019 +0000 - Re-add missing "Prerequisites" header and fix typo + upstream: free buf before return; reported by krishnaiah bommu - Patch from HARUYAMA Seigo <haruyama at unixuser org>. + OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1 -commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 +commit d7d116b6d9e6cb79cc235e9801caa683d3db3181 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 19 22:35:23 2016 +0000 +Date: Mon Oct 14 06:00:02 2019 +0000 - upstream commit + upstream: memleak in error path; spotted by oss-fuzz, ok markus@ - use standard /bin/sh equality test; from Mike Frysinger + OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266 + +commit 9b9e3ca6945351eefb821ff783a4a8e6d9b98b9a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Oct 11 14:12:16 2019 +1100 + + Re-add SA_RESTART to mysignal. + + This makes mysignal implement reliable BSD semantics according to + Stevens' APUE. This was first attempted in 2001 but was reverted + due to problems with HP-UX 10.20 and select() and possibly grantpt(). + Modern systems should be fine with it, but if any current platforms have + a problem with it now we can disable it just for those. ok djm@ + +commit 0bd312a362168c1eae3cd6b3889395a78e6fd0f8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Oct 10 09:42:03 2019 +1100 + + Fix ifdef typo for declaration of memmem. - Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 + Fixes build on IRIX. bz#3081. + +commit 01ce1cd402d5eecde2bba35b67e08f5b266b37fd +Author: Abhishek Arya <inferno@chromium.org> +Date: Tue Oct 8 20:19:18 2019 -0700 + + Update README.md + +commit 1ba130ac8fb2884307f658126f04578f8aef409e +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 9 13:49:35 2019 +1100 + + add a fuzzer for private key parsing -commit 4a354fc231174901f2629437c2a6e924a2dd6772 +commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 19 15:59:26 2016 +1100 +Date: Wed Oct 9 11:31:03 2019 +1100 - crank version numbers for release + prepare for 8.1 release -commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 +commit 3b4e56d740b74324e2d7542957cad5a11518f455 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 19 04:55:51 2016 +0000 +Date: Wed Oct 9 00:04:57 2019 +0000 - upstream commit + upstream: openssh-8.1 - openssh-7.4 + OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d + +commit 29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 9 00:04:42 2019 +0000 + + upstream: fix an unreachable integer overflow similar to the XMSS + + case, and some other NULL dereferences found by fuzzing. + + fix with and ok markus@ - Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 + OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b -commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b +commit a546b17bbaeb12beac4c9aeed56f74a42b18a93a Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 19 04:55:18 2016 +0000 +Date: Wed Oct 9 00:02:57 2019 +0000 - upstream commit + upstream: fix integer overflow in XMSS private key parsing. + + Reported by Adam Zabrocki via SecuriTeam's SSH program. + + Note that this code is experimental and not compiled by default. - remove testcase that depends on exact output and - behaviour of snprintf(..., "%s", NULL) + ok markus@ - Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f + OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 -commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 +commit c2cc25480ba36ab48c1a577bebb12493865aad87 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Dec 19 03:32:57 2016 +0000 +Date: Tue Oct 8 22:40:39 2019 +0000 - upstream commit + upstream: Correct type for end-of-list sentinel; fixes initializer - Use LOGNAME to get current user and fall back to whoami if - not set. Mainly to benefit -portable since some platforms don't have whoami. + warnings on some platforms. ok deraadt. - Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa + OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2 -commit 0d2f88428487518eea60602bd593989013831dcf -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Dec 16 03:51:19 2016 +0000 +commit e827aedf8818e75c0016b47ed8fc231427457c43 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 7 23:10:38 2019 +0000 - upstream commit + upstream: reversed test yielded incorrect debug message - Add regression test for AllowUsers and DenyUsers. Patch from - Zev Weiss <zev at bewilderbeest.net> + OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3 + +commit 8ca491d29fbe26e5909ce22b344c0a848dc28d55 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Oct 8 17:05:57 2019 +1100 + + depend + +commit 86a0323374cbd404629e75bb320b3fa1c16aaa6b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Oct 9 09:36:06 2019 +1100 + + Make MAKE_CLONE no-op macro more correct. - Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 + Similar to the previous change to DEF_WEAK, some compilers don't like + the empty statement, so convert into a no-op function prototype. -commit 3bc8180a008929f6fe98af4a56fb37d04444b417 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Dec 16 15:02:24 2016 +1100 +commit cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 9 09:06:35 2019 +1100 - Add missing monitor.h include. + wrap stdint.h include in HAVE_STDINT_H + + make the indenting a little more consistent too.. - Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net> + Fixes Solaris 2.6; reported by Tom G. Christensen -commit 410681f9015d76cc7b137dd90dac897f673244a0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Dec 16 02:48:55 2016 +0000 +commit 13b3369830a43b89a503915216a23816d1b25744 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Oct 8 15:32:02 2019 +1100 - upstream commit + avoid "return (value)" in void-declared function - revert to rev1.2; the new bits in this test depend on changes - to ssh that aren't yet committed + spotted by Tim Rice; ok dtucker + +commit 0c7f8d2326d812b371f7afd63aff846973ec80a4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Oct 8 14:44:50 2019 +1100 + + Make DEF_WEAK more likely to be correct. - Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 + Completely nop-ing out DEF_WEAK leaves an empty statemment which some + compilers don't like. Replace with a no-op function template. ok djm@ -commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e +commit b1e79ea8fae9c252399677a28707661d85c7d00c Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Dec 16 01:06:27 2016 +0000 +Date: Sun Oct 6 11:49:50 2019 +0000 - upstream commit + upstream: Instead of running sed over the whole log to remove CRs, - Move the "stop sshd" code into its own helper function. - Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@ + remove them only where it's needed (and confuses test(1) on at least OS X in + portable). - Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 + OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0 -commit e15e7152331e3976b35475fd4e9c72897ad0f074 +commit 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c +Author: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> +Date: Tue May 9 13:33:30 2017 -0300 + + Enable specific ioctl call for EP11 crypto card (s390) + + The EP11 crypto card needs to make an ioctl call, which receives an + specific argument. This crypto card is for s390 only. + + Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> + +commit 07f2c7f34951c04d2cd796ac6c80e47c56c4969e Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Dec 16 01:01:07 2016 +0000 +Date: Fri Oct 4 04:31:59 2019 +0000 - upstream commit + upstream: fix memory leak in error path; bz#3074 patch from - regression test for certificates along with private key - with no public half. bz#2617, mostly from Adam Eijdenberg + krishnaiah.bommu@intel.com, ok dtucker - Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 + OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c -commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Dec 15 23:50:37 2016 +0000 +commit b7fbc75e119170f4d15c94a7fda4a1050e0871d6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 4 04:13:39 2019 +0000 - upstream commit + upstream: space - Use $SUDO to read pidfile in case root's umask is - restricted. From portable. + OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac + +commit 643ab68c79ac1644f4a31e36928c2bfc8a51db3c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 4 03:39:19 2019 +0000 + + upstream: more sshsig regress tests: check key revocation, the + + check-novalidate signature test mode and signing keys in ssh-agent. + + From Sebastian Kinne (slightly tweaked) - Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 + OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2 -commit fe06b68f824f8f55670442fb31f2c03526dd326c +commit 714031a10bbe378a395a93cf1040f4ee1451f45f Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Dec 15 21:29:05 2016 +0000 +Date: Fri Oct 4 03:26:58 2019 +0000 - upstream commit + upstream: Check for gmtime failure in moduli generation. Based on - Add missing braces in DenyUsers code. Patch from zev at - bewilderbeest.net, ok deraadt@ + patch from krishnaiah.bommu@intel.com, ok djm@ - Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e + OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa -commit dcc7d74242a574fd5c4afbb4224795b1644321e7 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Dec 15 21:20:41 2016 +0000 +commit 6918974405cc28ed977f802fd97a9c9a9b2e141b +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Oct 3 17:07:50 2019 +0000 - upstream commit + upstream: use a more common options order in SYNOPSIS and sync + + usage(); while here, no need for Bk/Ek; - Fix text in error message. Patch from zev at - bewilderbeest.net. + ok dtucker - Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 + OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90 -commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 +commit feff96b7d4c0b99307f0459cbff128aede4a8984 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Dec 14 00:36:34 2016 +0000 +Date: Wed Oct 2 09:50:50 2019 +0000 - upstream commit + upstream: thinko in previous; spotted by Mantas - disable Unix-domain socket forwarding when privsep is - disabled + =?UTF-8?q?=20Mikul=C4=97nas?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 + OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d -commit 08a1e7014d65c5b59416a0e138c1f73f417496eb +commit b5a89eec410967d6b712665f8cf0cb632928d74b Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Dec 9 03:04:29 2016 +0000 +Date: Wed Oct 2 08:07:13 2019 +0000 - upstream commit + upstream: make signature format match PROTOCO - log connections dropped in excess of MaxStartups at - verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ + =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= + =?UTF-8?q?s=20Mikul=C4=97nas?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b + OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f -commit 10e290ec00964b2bf70faab15a10a5574bb80527 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Dec 13 13:51:32 2016 +1100 +commit dc6f81ee94995deb11bbf7e19801022c5f6fd90a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 2 08:05:50 2019 +0000 - Get default of TEST_SSH_UTF8 from environment. + upstream: ban empty namespace strings for s + + =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698 -commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Dec 13 12:56:40 2016 +1100 +commit fa5bd8107e0e2b3e1e184f55d0f9320c119f65f0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Oct 2 14:30:55 2019 +1000 - Remove commented-out includes. - - These commented-out includes have "Still needed?" comments. Since - they've been commented out for ~13 years I assert that they're not. + Put ssherr.h back as it's actually needed. -commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Dec 13 12:54:23 2016 +1100 +commit 3ef92a657444f172b61f92d5da66d94fa8265602 +Author: Lonnie Abelbeck <lonnie@abelbeck.com> +Date: Tue Oct 1 09:05:09 2019 -0500 - Add prototype for strcasestr in compat library. + Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child. + + New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt + in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox. -commit afec07732aa2985142f3e0b9a01eb6391f523dec -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Dec 13 10:23:03 2016 +1100 +commit edd1d3a6261aecbf9a55944fd7be1db83571b46e +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 2 10:54:28 2019 +1000 - Add strcasestr to compat library. + remove duplicate #includes - Fixes build on (at least) Solaris 10. + Prompted by Jakub Jelen -commit dda78a03af32e7994f132d923c2046e98b7c56c8 +commit 13c508dfed9f25e6e54c984ad00a74ef08539e70 Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 12 13:57:10 2016 +1100 +Date: Wed Oct 2 10:51:15 2019 +1000 + + typo in comment + +commit d0c3ac427f6c52b872d6617421421dd791664445 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 2 00:42:30 2019 +0000 + + upstream: remove some duplicate #includes + + OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c + +commit 084682786d9275552ee93857cb36e43c446ce92c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Oct 1 10:22:53 2019 +0000 - Force Turkish locales back to C/POSIX; bz#2643 + upstream: revert unconditional forced login implemented in r1.41 of - Turkish locales are unique in their handling of the letters 'i' and - 'I' (yes, they are different letters) and OpenSSH isn't remotely - prepared to deal with that. For now, the best we can do is to force - OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 - encoding if possible. + ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the + token returns no objects and this is less disruptive for users of tokens + directly in ssh (rather than via ssh-agent) and in ssh-keygen - ok dtucker@ + bz3006, patch from Jakub Jelen; ok markus + + OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e -commit c35995048f41239fc8895aadc3374c5f75180554 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Dec 9 12:52:02 2016 +1100 +commit 6c91d42cce3f055917dc3fd2c305dfc5b3b584b3 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sun Sep 29 16:31:57 2019 +0000 - exit is in stdlib.h not unistd.h (that's _exit). + upstream: group and sort single letter options; ok deraadt + + OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f -commit d399a8b914aace62418c0cfa20341aa37a192f98 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Dec 9 12:33:25 2016 +1100 +commit 3b44bf39ff4d7ef5d50861e2e9dda62d2926d2fe +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Sep 27 20:03:24 2019 +0000 - Include <unistd.h> for exit in utf8 locale test. + upstream: fix the DH-GEX text in -a; because this required a comma, + + i added a comma to the first part, for balance... + + OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58 -commit 47b8c99ab3221188ad3926108dd9d36da3b528ec -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Dec 8 15:48:34 2016 +1100 +commit 3e53ef28fab53094e3b19622ba0e9c3d5fe71273 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Tue Sep 24 12:50:46 2019 +0000 - Check for utf8 local support before testing it. + upstream: identity_file[] should be PATH_MAX, not the arbitrary - Check for utf8 local support and if not found, do not attempt to run the - utf8 tests. Suggested by djm@ + number 1024 + + OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7 -commit 4089fc1885b3a2822204effbb02b74e3da58240d -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Dec 8 12:57:24 2016 +1100 +commit 90d4b2541e8c907793233d9cbd4963f7624f4174 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Sep 20 18:50:58 2019 +0000 - Use AC_PATH_TOOL for krb5-config. + upstream: new sentence, new line; - This will use the host-prefixed version when cross compiling; patch from - david.michael at coreos.com. + OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698 -commit b4867e0712c89b93be905220c82f0a15e6865d1e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 6 07:48:01 2016 +0000 +commit fbec7dba01b70b49ac47f56031310865dff86200 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Sep 30 18:01:12 2019 +1000 - upstream commit + Include stdio.h for snprintf. - make IdentityFile successfully load and use certificates that - have no corresponding bare public key. E.g. just a private id_rsa and - certificate id_rsa-cert.pub (and no id_rsa.pub). + Patch from vapier@gentoo.org. + +commit 0a403bfde71c4b82147473298d3a60b4171468bd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Sep 30 14:11:42 2019 +1000 + + Add SKIP_LTESTS for skipping specific tests. + +commit 4d59f7a5169c451ebf559aedec031ac9da2bf80c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Sep 27 05:25:12 2019 +0000 + + upstream: Test for empty result in expected bits. Remove CRs from log - bz#2617 ok dtucker@ + as they confuse tools on some platforms. Re-enable the 3des-cbc test. - Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 + OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250 -commit c9792783a98881eb7ed295680013ca97a958f8ac -Author: Damien Miller <djm@mindrot.org> -Date: Fri Nov 25 14:04:21 2016 +1100 +commit 7c817d129e2d48fc8a6f7965339313023ec45765 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Sep 27 15:26:22 2019 +1000 - Add a gnome-ssh-askpass3 target for GTK+3 version + Re-enable dhgex test. - Based on patch from Colin Watson via bz#2640 + Since we've added larger fallback groups to dh.c this test will pass + even if there is no moduli file installed on the system. -commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Nov 25 14:03:53 2016 +1100 +commit c1e0a32fa852de6d1c82ece4f76add0ab0ca0eae +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Sep 24 21:17:20 2019 +1000 - Make gnome-ssh-askpass2.c GTK+3-friendly - - Patch from Colin Watson via bz#2640 + Add more ToS bits, currently only used by netcat. + +commit 5a273a33ca1410351cb484af7db7c13e8b4e8e4e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Sep 19 15:41:23 2019 +1000 + + Privsep is now required. -commit b9844a45c7f0162fd1b5465683879793d4cc4aaa +commit 8aa2aa3cd4d27d14e74b247c773696349472ef20 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 4 23:54:02 2016 +0000 +Date: Mon Sep 16 03:23:02 2019 +0000 - upstream commit + upstream: Allow testing signature syntax and validity without verifying + + that a signature came from a trusted signer. To discourage accidental or + unintentional use, this is invoked by the deliberately ugly option name + "check-novalidate" + + from Sebastian Kinne - Fix public key authentication when multiple - authentication is in use. Instead of deleting and re-preparing the entire - keys list, just reset the 'used' flags; the keys list is already in a good - order (with already- tried keys at the back) + OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b + +commit 7047d5afe3103f0f07966c05b810682d92add359 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 13 04:52:34 2019 +0000 + + upstream: clarify that IdentitiesOnly also applies to the default - Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ + ~/.ssh/id_* keys; bz#3062 - Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 + OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa -commit f2398eb774075c687b13af5bc22009eb08889abe +commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Dec 4 22:27:25 2016 +0000 +Date: Fri Sep 13 04:36:43 2019 +0000 - upstream commit + upstream: Plug mem leaks on error paths, based in part on github - Unlink PidFile on SIGHUP and always recreate it when the - new sshd starts. Regression tests (and possibly other things) depend on the - pidfile being recreated after SIGHUP, and unlinking it means it won't contain - a stale pid if sshd fails to restart. ok djm@ markus@ + pr#120 from David Carlier. ok djm@. - Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 + OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e -commit 85aa2efeba51a96bf6834f9accf2935d96150296 +commit 2aefdf1aef906cf7548a2e5927d35aacb55948d4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 30 03:01:33 2016 +0000 +Date: Fri Sep 13 04:31:19 2019 +0000 - upstream commit + upstream: whitespace + + OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700 + +commit fbe24b142915331ceb2a3a76be3dc5b6d204fddf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 13 04:27:35 2019 +0000 + + upstream: allow %n to be expanded in ProxyCommand strings - test new behaviour of cert force-command restriction vs. - authorized_key/ principals + From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 + ok dtucker@ - Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c + OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6 -commit 5d333131cd8519d022389cfd3236280818dae1bc -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed Nov 30 06:54:26 2016 +0000 +commit 2ce1d11600e13bee0667d6b717ffcc18a057b821 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 13 04:07:42 2019 +0000 - upstream commit + upstream: clarify that ConnectTimeout applies both to the TCP + + connection and to the protocol handshake/KEX. From Jean-Charles Longuet via + Github PR140 + + OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf + +commit df780114278f406ef7cb2278802a2660092fff09 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Sep 9 02:31:19 2019 +0000 + + upstream: Fix potential truncation warning. ok deraadt. + + OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff + +commit ec0e6243660bf2df30c620a6a0d83eded376c9c6 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Sep 13 13:14:39 2019 +1000 + + memleak of buffer in sshpam_query - tweak previous; while here fix up FILES and AUTHORS; + coverity report via Ed Maste; ok dtucker@ + +commit c17e4638e5592688264fc0349f61bfc7b4425aa5 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Sep 13 13:12:42 2019 +1000 + + explicitly test set[ug]id() return values - Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa + Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste + ok dtucker@ + +commit 91a2135f32acdd6378476c5bae475a6e7811a6a2 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Fri Sep 6 14:45:34 2019 +0000 -commit 786d5994da79151180cb14a6cf157ebbba61c0cc + upstream: Allow prepending a list of algorithms to the default set + + by starting the list with the '^' character, e.g. + + HostKeyAlgorithms ^ssh-ed25519 + Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com + + ok djm@ dtucker@ + + OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97 + +commit c8bdd2db77ac2369d5cdee237656f266c8f41552 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 30 03:07:37 2016 +0000 +Date: Fri Sep 6 07:53:40 2019 +0000 - upstream commit + upstream: key conversion should fail for !openssl builds, not fall - add a whitelist of paths from which ssh-agent will load - (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ + through to the key generation code - Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f + OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9 -commit 7844f357cdd90530eec81340847783f1f1da010b +commit 823f6c37eb2d8191d45539f7b6fa877a4cb4ed3d Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 30 03:00:05 2016 +0000 +Date: Fri Sep 6 06:08:11 2019 +0000 - upstream commit + upstream: typo in previous - Add a sshd_config DisableForwaring option that disables - X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as - anything else we might implement in the future. + OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e + +commit 6a710d3e06fd375e2c2ae02546b9541c488a2cdb +Author: Damien Miller <djm@mindrot.org> +Date: Sun Sep 8 14:48:11 2019 +1000 + + needs time.h for --without-openssl + +commit f61f29afda6c71eda26effa54d3c2e5306fd0833 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Sep 7 19:25:00 2019 +1000 + + make unittests pass for no-openssl case + +commit 105e1c9218940eb53473f55a9177652d889ddbad +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 6 05:59:41 2019 +0000 + + upstream: avoid compiling certain files that deeply depend on - This, like the 'restrict' authorized_keys flag, is intended to be a - simple and future-proof way of restricting an account. Suggested as - a complement to 'restrict' by Jann Horn; ok markus@ + libcrypto when WITH_OPENSSL isn't set - Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 + OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061 -commit fd6dcef2030d23c43f986d26979f84619c10589d +commit 670104b923dd97b1c06c0659aef7c3e52af571b2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 30 02:57:40 2016 +0000 +Date: Fri Sep 6 05:23:55 2019 +0000 - upstream commit + upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@ - When a forced-command appears in both a certificate and - an authorized keys/principals command= restriction, refuse to accept the - certificate unless they are identical. + OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f + +commit be02d7cbde3d211ec2ed2320a1f7d86b2339d758 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 6 04:53:27 2019 +0000 + + upstream: lots of things were relying on libcrypto headers to - The previous (documented) behaviour of having the certificate forced- - command override the other could be a bit confused and more error-prone. + transitively include various system headers (mostly stdlib.h); include them + explicitly - Pointed out by Jann Horn of Project Zero; ok dtucker@ + OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080 + +commit d05aaaaadcad592abfaa44540928e0c61ef72ebb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 6 03:30:42 2019 +0000 + + upstream: remove leakmalloc reference; we used this early when + + refactoring but not since - Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f + OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c -commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 +commit 1268f0bcd8fc844ac6c27167888443c8350005eb Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Nov 30 00:28:31 2016 +0000 +Date: Fri Sep 6 04:24:06 2019 +0000 - upstream commit + upstream: Check for RSA support before using it for the user key, + + otherwise use ed25519 which is supported when built without OpenSSL. + + OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7 + +commit fd7a2dec652b9efc8e97f03f118f935dce732c60 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Sep 6 14:07:10 2019 +1000 + + Provide explicit path to configure-check. - On startup, check to see if sshd is already daemonized - and if so, skip the call to daemon() and do not rewrite the PidFile. This - means that when sshd re-execs itself on SIGHUP the process ID will no longer - change. Should address bz#2641. ok djm@ markus@. + On some platforms (at least OpenBSD) make won't search VPATH for target + files, so building out-of-tree will fail at configure-check. Provide + explicit path. ok djm@ + +commit 00865c29690003b4523cc09a0e104724b9f911a4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 6 01:58:50 2019 +0000 + + upstream: better error code for bad arguments; inspired by - Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 + OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a -commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc +commit afdf27f5aceb4973b9f5308f4310c6e3fd8db1fb Author: Damien Miller <djm@mindrot.org> -Date: Wed Nov 30 13:51:49 2016 +1100 +Date: Thu Sep 5 21:38:40 2019 +1000 - factor out common PRNG reseed before privdrop + revert config.h/config.h.in freshness checks - Add a call to RAND_poll() to ensure than more than pid+time gets - stirred into child processes states. Prompted by analysis from Jann - Horn at Project Zero. ok dtucker@ + turns out autoreconf and configure don't touch some files if their content + doesn't change, so the mtime can't be relied upon in a makefile rule -commit 79e4829ec81dead1b30999e1626eca589319a47f -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Nov 25 03:02:01 2016 +0000 +commit a97609e850c57bd2cc2fe7e175fc35cb865bc834 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Sep 5 20:54:39 2019 +1000 - upstream commit + extend autoconf freshness test - Allow PuTTY interop tests to run unattended. bz#2639, - patch from cjwatson at debian.org. + make it cover config.h.in and config.h separately + +commit 182297c10edb21c4856c6a38326fd04d81de41a5 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Sep 5 20:34:54 2019 +1000 + + check that configure/config.h is up to date - Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 + Ensure they are newer than the configure.ac / aclocal.m4 source -commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Nov 25 02:56:49 2016 +0000 +commit 7d6034bd020248e9fc0f8c39c71c858debd0d0c1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Sep 5 10:05:51 2019 +0000 - upstream commit + upstream: if a PKCS#11 token returns no keys then try to login and - Reverse args to sshd-log-wrapper. Matches change in - portable, where it allows sshd do be optionally run under Valgrind. + refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ - Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 + OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43 -commit bd13017736ec2f8f9ca498fe109fb0035f322733 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Nov 25 02:49:18 2016 +0000 +commit 76f09bd95917862101b740afb19f4db5ccc752bf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Sep 5 09:35:19 2019 +0000 - upstream commit + upstream: sprinkle in some explicit errors here, otherwise the + + percolate all the way up to dispatch_run_fatal() and lose all meaninful + context - Fix typo in trace message; from portable. + to help with bz#3063; ok dtucker@ - Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a + OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a -commit 7da751d8b007c7f3e814fd5737c2351440d78b4c -Author: tb@openbsd.org <tb@openbsd.org> -Date: Tue Nov 1 13:43:27 2016 +0000 +commit 0ea332497b2b2fc3995f72f6bafe9d664c0195b3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Sep 5 09:25:13 2019 +0000 - upstream commit + upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker - Clean up MALLOC_OPTIONS. For the unittests, move - MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. + OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63 + +commit f23d91f9fa7f6f42e70404e000fac88aebfe3076 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Sep 5 05:47:23 2019 +0000 + + upstream: macro fix; ok djm - ok otto + OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e + +commit 8b57337c1c1506df2bb9f039d0628a6de618566b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Sep 5 15:46:39 2019 +1000 + + update fuzzing makefile to more recent clang + +commit ae631ad77daf8fd39723d15a687cd4b1482cbae8 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Sep 5 15:45:32 2019 +1000 + + fuzzer for sshsig allowed_signers option parsing + +commit 69159afe24120c97e5ebaf81016c85968afb903e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Sep 5 05:42:59 2019 +0000 + + upstream: memleak on error path; found by libfuzzer - Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 + OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7 -commit 36f58e68221bced35e06d1cca8d97c48807a8b71 -Author: tb@openbsd.org <tb@openbsd.org> -Date: Mon Oct 31 23:45:08 2016 +0000 +commit bab6feb01f9924758ca7129dba708298a53dde5f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Sep 5 04:55:32 2019 +0000 - upstream commit + upstream: expose allowed_signers options parsing code in header for - Remove the obsolete A and P flags from MALLOC_OPTIONS. + fuzzing - ok dtucker + rename to make more consistent with philosophically-similar auth + options parsing API. - Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 + OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c -commit b0899ee26a6630883c0f2350098b6a35e647f512 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Nov 29 03:54:50 2016 +0000 +commit 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Wed Sep 4 20:31:15 2019 +0000 - upstream commit + upstream: Call comma-separated lists as such to clarify semantics. + + Options such as Ciphers take values that may be a list of ciphers; the + complete list, not indiviual elements, may be prefixed with a dash or plus + character to remove from or append to the default list, respectively. + + Users might read the current text as if each elment took an optional prefix, + so tweak the wording from "values" to "list" to prevent such ambiguity for + all options supporting these semantics. - Factor out code to disconnect from controlling terminal - into its own function. ok djm@ + Fix instances missed in first commit. ok jmc@ kn@ - Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 + OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417 + +commit db1e6f60f03641b2d17e0ab062242609f4ed4598 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Sep 4 05:56:54 2019 +0000 + + upstream: tweak previous; + + OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27 + +commit 0f44e5956c7c816f6600f2a47be4d7bb5a8d711d +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Tue Sep 3 20:51:49 2019 +0000 + + upstream: repair typo and editing mishap + + OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e + +commit f4846dfc6a79f84bbc6356ae3184f142bacedc24 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Sep 5 11:09:28 2019 +1000 -commit 54d022026aae4f53fa74cc636e4a032d9689b64d + Fuzzer harness for sshsig + +commit b08a6bc1cc7750c6f8a425d1cdbd86552fffc637 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Sep 3 18:45:42 2019 +1000 + + oops; missed including the actual file + +commit 1a72c0dd89f09754df443c9576dde624a17d7dd0 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Sep 3 18:44:10 2019 +1000 + + portability fixes for sshsig + +commit 6d6427d01304d967e58544cf1c71d2b4394c0522 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Nov 25 23:24:45 2016 +0000 +Date: Tue Sep 3 08:37:45 2019 +0000 - upstream commit + upstream: regress test for sshsig; feedback and ok markus@ - use sshbuf_allocate() to pre-allocate the buffer used for - loading keys. This avoids implicit realloc inside the buffer code, which - might theoretically leave fragments of the key on the heap. This doesn't - appear to happen in practice for normal sized keys, but was observed for - novelty oversize ones. + OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b + +commit 59650f0eaf65115afe04c39abfb93a4fc994ec55 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Sep 3 08:37:06 2019 +0000 + + upstream: only add plain keys to prevent any certs laying around - Pointed out by Jann Horn of Project Zero; ok markus@ + from confusing the test. - Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 + OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f -commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e +commit d637c4aee6f9b5280c13c020d7653444ac1fcaa5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Nov 25 23:22:04 2016 +0000 +Date: Tue Sep 3 08:35:27 2019 +0000 - upstream commit + upstream: sshsig tweaks and improvements from and suggested by + + Markus - split allocation out of sshbuf_reserve() into a separate - sshbuf_allocate() function; ok markus@ + ok markus/me - Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 + OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9 -commit f0ddedee460486fa0e32fefb2950548009e5026e -Author: markus@openbsd.org <markus@openbsd.org> -Date: Wed Nov 23 23:14:15 2016 +0000 +commit 2a9c9f7272c1e8665155118fe6536bebdafb6166 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Sep 3 08:34:19 2019 +0000 - upstream commit + upstream: sshsig: lightweight signature and verification ability - allow ClientAlive{Interval,CountMax} in Match; ok dtucker, - djm + for OpenSSH + + This adds a simple manual signature scheme to OpenSSH. + Signatures can be made and verified using ssh-keygen -Y sign|verify + + Signatures embed the key used to make them. At verification time, this + is matched via principal name against an authorized_keys-like list + of allowed signers. + + Mostly by Sebastian Kinne w/ some tweaks by me + + ok markus@ - Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 + OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb -commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a +commit 5485f8d50a5bc46aeed829075ebf5d9c617027ea Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Nov 8 22:04:34 2016 +0000 +Date: Tue Sep 3 08:32:11 2019 +0000 - upstream commit + upstream: move authorized_keys option parsing helpsers to misc.c - unbreak DenyUsers; reported by henning@ + and make them public; ok markus@ - Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 + OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2 -commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a +commit f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Nov 6 05:46:37 2016 +0000 +Date: Tue Sep 3 08:31:20 2019 +0000 - upstream commit + upstream: make get_sigtype public as sshkey_get_sigtype(); ok + + markus@ - Validate address ranges for AllowUser/DenyUsers at - configuration load time and refuse to accept bad ones. It was previously - possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and - these would always match. + OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8 + +commit dd8002fbe63d903ffea5be7b7f5fc2714acab4a0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Sep 3 08:30:47 2019 +0000 + + upstream: move advance_past_options to authfile.c and make it - Thanks to Laurence Parry for a detailed bug report. ok markus (for - a previous diff version) + public; ok markus@ - Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb + OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c -commit efb494e81d1317209256b38b49f4280897c61e69 +commit c72d78ccbe642e08591a626e5de18381489716e0 Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Oct 28 03:33:52 2016 +0000 +Date: Tue Sep 3 08:29:58 2019 +0000 - upstream commit + upstream: move skip_space() to misc.c and make it public; ok - Improve pkcs11_add_provider() logging: demote some - excessively verbose error()s to debug()s, include PKCS#11 provider name and - slot in log messages where possible. bz#2610, based on patch from Jakub Jelen + markus@ - Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d + OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae -commit 5ee3fb5affd7646f141749483205ade5fc54adaf -Author: Darren Tucker <dtucker@zip.com.au> -Date: Tue Nov 1 08:12:33 2016 +1100 +commit 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Sep 3 08:29:15 2019 +0000 - Use ptrace(PT_DENY_ATTACH, ..) on OS X. + upstream: authfd: add function to check if key is in agent + + This commit adds a helper function which allows the caller to + check if a given public key is present in ssh-agent. + + work by Sebastian Kinne; ok markus@ + + OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13 -commit 315d2a4e674d0b7115574645cb51f968420ebb34 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Oct 28 14:34:07 2016 +1100 +commit 2ab5a8464870cc4b29ddbe849bbbc255729437bf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Sep 3 08:28:30 2019 +0000 - Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL + upstream: fix memleak in ssh_free_identitylist(); ok markus@ - ok dtucker@ + OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf -commit a9ff3950b8e80ff971b4d44bbce96df27aed28af -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 28 14:26:58 2016 +1100 +commit 85443f165b4169b2a448b3e24bc1d4dc5b3156a4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Sep 3 08:27:52 2019 +0000 - Move OPENSSL_NO_RIPEMD160 to compat. + upstream: factor out confirm_overwrite(); ok markus@ - Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the - ripemd160 MACs. + OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400 -commit bce58885160e5db2adda3054c3b81fe770f7285a -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 28 13:52:31 2016 +1100 +commit 9a396e33685633581c67d5ad9664570ef95281f2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 2 23:46:46 2019 +0000 - Check if RIPEMD160 is disabled in OpenSSL. + upstream: constify an argument + + OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b -commit d924640d4c355d1b5eca1f4cc60146a9975dbbff -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 28 13:38:19 2016 +1100 +commit b52c0c2e64988277a35a955a474d944967059aeb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 2 00:19:25 2019 +0000 - Skip ssh1 specfic ciphers. + upstream: downgrade PKCS#11 "provider returned no slots" warning + + from log level error to debug. This is common when attempting to enumerate + keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@ - cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try - to compile them when Protocol 1 is not enabled. + OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6 -commit 79d078e7a49caef746516d9710ec369ba45feab6 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Tue Oct 25 04:08:13 2016 +0000 +commit 0713322e18162463c5ab5ddfb9f935055ca775d8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 1 23:47:32 2019 +0000 - upstream commit + upstream: print comment when printing pubkey from private - Fix logic in add_local_forward() that inverted a test - when code was refactored out into bind_permitted(). This broke ssh port - forwarding for non-priv ports as a non root user. + bz#3052; ok dtucker - ok dtucker@ 'looks good' deraadt@ + OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914 + +commit 368f1cc2fbd6ad10c66bc1b67c2c04aebf8a04a8 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 2 10:28:42 2019 +1000 + + fixed test in OSX closefrom() replacement - Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 + from likan_999.student AT sina.com -commit a903e315dee483e555c8a3a02c2946937f9b4e5d -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Oct 24 01:09:17 2016 +0000 +commit 6b7c53498def19a14dd9587bf521ab6dbee8988f +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 2 10:22:02 2019 +1000 - upstream commit + retain Solaris PRIV_FILE_LINK_ANY in sftp-server - Remove dead breaks, found via opencoverage.net. ok - deraadt@ + Dropping this privilege removes the ability to create hard links to + files owned by other users. This is required for the legacy sftp rename + operation. - Upstream-ID: ad9cc655829d67fad219762810770787ba913069 + bz#3036; approach ok Alex Wilson (the original author of the Solaris + sandbox/pledge replacement code) -commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Wed Oct 26 08:43:25 2016 +1100 +commit e50f808712393e86d69e42e9847cdf8d473412d7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Aug 30 05:08:28 2019 +0000 - Use !=NULL instead of >0 for getdefaultproj. + upstream: Use ed25519 for most hostkey rotation tests since it's - getdefaultproj() returns a pointer so test it for NULL inequality - instead of >0. Fixes compiler warning and is more correct. Patch from - David Binderman. + supported even when built without OpenSSL. Use RSA for the secondary type + test if supported, otherwise skip it. Fixes this test for !OpenSSL builds. + + OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109 -commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Oct 23 22:04:05 2016 +0000 +commit 5e4796c47dd8d6c38fb2ff0b3e817525fed6040d +Author: bluhm@openbsd.org <bluhm@openbsd.org> +Date: Thu Aug 22 21:47:27 2019 +0000 - upstream commit + upstream: Test did not compile due to missing symbols. Add source - Factor out "can bind to low ports" check into its own function. This will - make it easier for Portable to support platforms with permissions models - other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" - deraadt@. + sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl - Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface + OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 -commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Oct 19 23:21:56 2016 +0000 +commit e0e7e3d0e26f2c30697e6d0cfc293414908963c7 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Aug 30 14:26:19 2019 +1000 - upstream commit + tweak warning flags - When tearing down ControlMaster connecctions, don't - pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. + Enable -Wextra if compiler supports it - Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced + Set -Wno-error=format-truncation if available to prevent expected + string truncations in openbsd-compat from breaking -Werror builds -commit 09e6a7d8354224933febc08ddcbc2010f542284e -Author: Darren Tucker <dtucker@zip.com.au> -Date: Mon Oct 24 09:06:18 2016 +1100 +commit 28744182cf90e0073b76a9e98de58a47e688b2c4 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Aug 30 13:21:38 2019 +1000 - Wrap stdint.h include in ifdef. + proc_pidinfo()-based closefrom() for OS X + + Refactor closefrom() to use a single brute-force close() loop fallback. + + Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@ -commit 08d9e9516e587b25127545c029e5464b2e7f2919 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 21 09:46:46 2016 +1100 +commit dc2ca588144f088a54febebfde3414568dc73d5f +Author: kn@openbsd.org <kn@openbsd.org> +Date: Fri Aug 16 11:16:32 2019 +0000 - Fix formatting. + upstream: Call comma-separated lists as such to clarify semantics + + Options such as Ciphers take values that may be a list of ciphers; the + complete list, not indiviual elements, may be prefixed with a dash or plus + character to remove from or append to the default list respectively. + + Users might read the current text as if each elment took an optional prefix, + so tweak the wording from "values" to "list" to prevent such ambiguity for + all options supporting this semantics (those that provide a list of + available elements via "ssh -Q ..."). + + Input and OK jmc + + OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57 -commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 21 06:55:58 2016 +1100 +commit c4736f39e66729ce2bf5b06ee6b391e092b48f47 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 16 06:35:27 2019 +0000 - Update links to https. + upstream: include sshbuf-misc.c in SRCS_BASE - www.openssh.com now supports https and ftp.openbsd.org no longer - supports ftp. Make all links to these https. + OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474 -commit dd4e7212a6141f37742de97795e79db51e4427ad -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 21 06:48:46 2016 +1100 +commit d0e51810f332fe44ebdba41113aacf319d35f5a5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Aug 24 15:12:11 2019 +1000 - Update host key generation examples. + Fix pasto in fallback code. - Remove ssh1 host key generation, add ssh-keygen -A + There is no parameter called "pathname", it should simply be "path". + bz#3059, patch from samuel at cendio.se. -commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Fri Oct 21 05:22:55 2016 +1100 +commit e83c989bfd9fc9838b7dfb711d1dc6da81814045 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Aug 23 10:19:30 2019 +1000 - Update links. + use SC_ALLOW_ARG_MASK to limit mmap protections - Make links to openssh.com HTTPS now that it's supported, point release - notes link to the HTML release notes page, and update a couple of other - links and bits of text. + Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC -commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 -Author: Darren Tucker <dtucker@zip.com.au> -Date: Thu Oct 20 03:42:09 2016 +1100 +commit f6906f9bf12c968debec3671bbf19926ff8a235b +Author: Damien Miller <djm@mindrot.org> +Date: Fri Aug 23 10:08:48 2019 +1000 - Remote channels .orig and .rej files. + allow mprotect(2) with PROT_(READ|WRITE|NONE) only - These files were incorrectly added during an OpenBSD sync. + Used by some hardened heap allocators. Requested by Yegor + Timoshenko in https://github.com/openssh/openssh-portable/pull/142 |