From nobody Fri Oct 07 01:39:40 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mk9wD54ZFz4f0q5; Fri, 7 Oct 2022 01:39:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mk9wD3kppz487p; Fri, 7 Oct 2022 01:39:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665106780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DV/j8mq93h5Uy+Zwg3+8Si4lWQG8+oozeye3k+Jx0LI=; b=rQ32uavs3z0vrvPPOWzP1qemLYHB2kZYGrHqWKnQkdd3fjr/83nGdq8ElCgUTq+DjPDtfF SYFTA8Ob/ib+mKrgce7PHa3ahnNmGgfNxw7QYHRSOy9f06exalFaRFq2O4J9MW1OJXlObs Q7KPfMrRAc9InELO5jVNNkYFfkHXStp8w2tZ4Uspp0EOBrXgfyn1GWG4zpcWyYcpWVXeCo 4IhsNHHqwCMO6xaDPomCT3AC5CeuL9mAsholAUMPNPFC+TyLXfEjs4GzkYCtqAbBtcqJQV SQNaxXfqinzDV2BHUC3BBZGEn1QVBm2cDboNoy8cWkDClqXlqQSZ3ndRzWr5tg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mk9wD2566zRN0; Fri, 7 Oct 2022 01:39:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2971degt016178; Fri, 7 Oct 2022 01:39:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2971deVk016177; Fri, 7 Oct 2022 01:39:40 GMT (envelope-from git) Date: Fri, 7 Oct 2022 01:39:40 GMT Message-Id: <202210070139.2971deVk016177@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 8449ae9c7668 - stable/13 - ssh: update to OpenSSH v9.0p1 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 8449ae9c7668075c9a4ff7d503bf72a1f12445dd Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665106780; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DV/j8mq93h5Uy+Zwg3+8Si4lWQG8+oozeye3k+Jx0LI=; b=ipuytNHfT6Y0F3BrYo4JuXZneCSkQR8Ip0d6NUtIJimIpTTxu+BL2LVcFWgIEZJ9Y40YtJ B3Q92V6oEvkLkxez10pQ0xR1caOpqkDCj8WZTyN/4Rr3pYIV4wjy2cLFUEjBD9xK/VAjig hGeSAxtrXHvFuy9Rdk4kJ0EjOI3zaMrR0qG1FXN+RaXkHS7nIGPtAx93odMs62siI/5p/n T6Xq4nUhh/SuRbjOFBpGqz7QmeVlJaeUcS2SspW6vsFFvl1LotGqS8tvOzTL9gsr1UjsUK G/wzm+1NXoREtpm66hZ8UcRlIIBvgKl+KDmS+dkw4L/P+TbzSZfDLpQNlFCn5Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665106780; a=rsa-sha256; cv=none; b=FDZcXQNQJOi0xpCooP39yvsRm8Rnrh51eVFbN0tjsJhFe6xRo/6C20rWwuEKSutEFHB5tg BoGqg1vP18uhXZvytSoDhGcVh3ZAza9lyd8GQgvPfxwYCXxZYtq/bi+F0vq5IevvAOU/rw 8FYEfSz7sNWq2xGlD9bEtuPi4N8ZuY4nqtZrMWgDhK2EJ3LpucU0d26FD4BuQUpCxnmrq+ iUwWRwu1XYX8M/hlLsAaSL7QXK9cN1OeSoznXK1MaSl75qeancCndD09rVF/+mz8j0iH5n IfVFwmHs9eT8r1DVipmjjww8dD3k7W1GlSTDo7IE0IOYB4R/kuPTW9LGk0WKHg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=8449ae9c7668075c9a4ff7d503bf72a1f12445dd commit 8449ae9c7668075c9a4ff7d503bf72a1f12445dd Author: Ed Maste AuthorDate: 2022-04-15 14:41:08 +0000 Commit: Ed Maste CommitDate: 2022-10-07 01:39:00 +0000 ssh: update to OpenSSH v9.0p1 Release notes are available at https://www.openssh.com/txt/release-9.0 Some highlights: * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. This commit excludes the scp(1) change to use the SFTP protocol by default; that change will immediately follow. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 87c1498d1a7473ff983e5c0456f30608f3f1e601) (cherry picked from commit 9fce8d4140370ca8bc03d6a5668fb64a040c00fc) (cherry picked from commit e2cec5ba2c4385eec0b76d07469ec11d3ce3d6e2) --- crypto/openssh/.depend | 2 +- crypto/openssh/.github/configs | 21 +- crypto/openssh/.github/setup_ci.sh | 25 +- crypto/openssh/.github/workflows/c-cpp.yml | 3 + crypto/openssh/.github/workflows/selfhosted.yml | 7 +- crypto/openssh/ChangeLog | 1092 +++++++++++------------ crypto/openssh/Makefile.in | 5 +- crypto/openssh/PROTOCOL | 41 +- crypto/openssh/README | 2 +- crypto/openssh/auth.c | 52 +- crypto/openssh/auth2-pubkey.c | 6 +- crypto/openssh/channels.c | 229 ++--- crypto/openssh/channels.h | 4 +- crypto/openssh/config.h | 7 + crypto/openssh/configure.ac | 13 +- crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/m4/openssh.m4 | 3 + crypto/openssh/misc.c | 27 +- crypto/openssh/monitor.c | 11 +- crypto/openssh/myproposal.h | 4 +- crypto/openssh/openbsd-compat/arc4random.c | 2 +- crypto/openssh/openbsd-compat/bsd-misc.c | 10 +- crypto/openssh/openbsd-compat/bsd-misc.h | 2 +- crypto/openssh/openbsd-compat/bsd-poll.c | 6 +- crypto/openssh/openbsd-compat/chacha_private.h | 6 +- crypto/openssh/openbsd-compat/getrrsetbyname.c | 31 +- crypto/openssh/openbsd-compat/openbsd-compat.h | 8 + crypto/openssh/platform.c | 51 ++ crypto/openssh/platform.h | 1 + crypto/openssh/scp.c | 4 +- crypto/openssh/servconf.c | 9 +- crypto/openssh/servconf.h | 4 +- crypto/openssh/sftp-client.c | 122 ++- crypto/openssh/sftp-client.h | 5 +- crypto/openssh/sftp-glob.c | 8 +- crypto/openssh/sftp-server.c | 94 +- crypto/openssh/sftp.1 | 20 +- crypto/openssh/sftp.c | 17 +- crypto/openssh/ssh-agent.1 | 8 +- crypto/openssh/ssh-keygen.c | 9 +- crypto/openssh/ssh-keysign.8 | 6 +- crypto/openssh/ssh.1 | 10 +- crypto/openssh/ssh.c | 4 +- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 10 +- crypto/openssh/sshd.8 | 6 +- crypto/openssh/sshd.c | 4 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 8 +- crypto/openssh/sshsig.c | 9 +- crypto/openssh/version.h | 4 +- crypto/openssh/xmalloc.c | 5 +- 53 files changed, 1173 insertions(+), 872 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index 945a01dcc05d..cd38d15f8f52 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -121,7 +121,7 @@ sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-c sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h -sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h +sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 853da58a51e3..871a3d414d94 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -38,13 +38,13 @@ case "$config" in CC="clang-12" # clang's implicit-fallthrough requires that the code be annotated with # __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */ - CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough" + CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter" CONFIGFLAGS="--with-pam --with-Werror" ;; gcc-11-Werror) CC="gcc" # -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled - CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4" + CFLAGS="-Wall -Wextra -O2 -Wno-format-truncation -Wimplicit-fallthrough=4 -Wno-unused-parameter" CONFIGFLAGS="--with-pam --with-Werror" ;; clang*|gcc*) @@ -145,10 +145,23 @@ case "$config" in esac case "${TARGET_HOST}" in + aix*) + # These are slow real or virtual machines so skip the slowest tests + # (which tend to be thw ones that transfer lots of data) so that the + # test run does not time out. + # The agent-restrict test fails due to some quoting issue when run + # with sh or ksh so specify bash for now. + TEST_TARGET="t-exec TEST_SHELL=bash" + SKIP_LTESTS="rekey sftp" + ;; dfly58*|dfly60*) # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 ;; + fbsd6) + # Native linker is not great with PIC so OpenSSL is built w/out. + CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + ;; hurd) SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" ;; @@ -173,6 +186,10 @@ case "${TARGET_HOST}" in # SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" ;; + openwrt-*) + CONFIGFLAGS="${CONFIGFLAGS} --without-openssl --without-zlib" + TEST_TARGET="t-exec" + ;; sol10|sol11) # sol10 VM is 32bit and the unit tests are slow. # sol11 has 4 test configs so skip unit tests to speed up. diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index ca37f8c5512f..a3bb8587eab1 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -80,7 +80,7 @@ for TARGET in $TARGETS; do INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-) case ${INSTALL_LIBRESSL} in master) ;; - *) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;; + *) INSTALL_LIBRESSL="$(echo ${TARGET} | cut -f2 -d-)" ;; esac PACKAGES="${PACKAGES} putty-tools" ;; @@ -122,11 +122,20 @@ if [ ! -z "${INSTALL_OPENSSL}" ]; then fi if [ ! -z "${INSTALL_LIBRESSL}" ]; then - (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && - git clone https://github.com/libressl-portable/portable.git && - cd ${HOME}/libressl/portable && - git checkout ${INSTALL_LIBRESSL} && - sh update.sh && sh autogen.sh && - ./configure --prefix=/opt/libressl && - make -j2 && sudo make install) + if [ "${INSTALL_LIBRESSL}" = "master" ]; then + (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl && + git clone https://github.com/libressl-portable/portable.git && + cd ${HOME}/libressl/portable && + git checkout ${INSTALL_LIBRESSL} && + sh update.sh && sh autogen.sh && + ./configure --prefix=/opt/libressl && + make -j2 && sudo make install) + else + LIBRESSL_URLBASE=https://cdn.openbsd.org/pub/OpenBSD/LibreSSL + (cd ${HOME} && + wget ${LIBRESSL_URLBASE}/libressl-${INSTALL_LIBRESSL}.tar.gz && + tar xfz libressl-${INSTALL_LIBRESSL}.tar.gz && + cd libressl-${INSTALL_LIBRESSL} && + ./configure --prefix=/opt/libressl && make -j2 && sudo make install) + fi fi diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 5ee896308478..b778c9804203 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -46,6 +46,7 @@ jobs: - { os: ubuntu-latest, configs: libressl-3.2.6 } - { os: ubuntu-latest, configs: libressl-3.3.4 } - { os: ubuntu-latest, configs: libressl-3.4.1 } + - { os: ubuntu-latest, configs: libressl-3.5.0 } - { os: ubuntu-latest, configs: openssl-master } - { os: ubuntu-latest, configs: openssl-noec } - { os: ubuntu-latest, configs: openssl-1.0.1 } @@ -54,7 +55,9 @@ jobs: - { os: ubuntu-latest, configs: openssl-1.1.0h } - { os: ubuntu-latest, configs: openssl-1.1.1 } - { os: ubuntu-latest, configs: openssl-1.1.1k } + - { os: ubuntu-latest, configs: openssl-1.1.1m } - { os: ubuntu-latest, configs: openssl-3.0.0 } + - { os: ubuntu-latest, configs: openssl-3.0.1 } - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch - { os: ubuntu-latest, configs: openssl-3.0 } # stable branch - { os: ubuntu-18.04, configs: pam } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index 09f7af939912..ec2c29825c85 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -16,9 +16,11 @@ jobs: # default config. "os" corresponds to a label associated with the worker. matrix: os: + - aix51 - ARM64 - alpine - bbone + - debian-i386 - dfly30 - dfly48 - dfly58 @@ -40,6 +42,8 @@ jobs: - obsd70 - obsdsnap - openindiana + - openwrt-mips + - openwrt-mipsel # - rocky84 - sol10 - sol11 @@ -49,6 +53,7 @@ jobs: # Then we include any extra configs we want to test for specific VMs. include: - { os: ARM64, configs: pam } + - { os: debian-i386, configs: pam } - { os: dfly30, configs: without-openssl} - { os: dfly48, configs: pam } - { os: dfly58, configs: pam } @@ -87,7 +92,7 @@ jobs: run: vmrun make - name: make tests run: vmrun ./.github/run_test.sh ${{ matrix.configs }} - timeout-minutes: 300 + timeout-minutes: 600 - name: save logs if: failure() uses: actions/upload-artifact@v2 diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index c225b94dfd3e..063b54769d53 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,3 +1,504 @@ +commit 94eb6858efecc1b4f02d8a6bd35e149f55c814c8 +Author: Damien Miller +Date: Wed Apr 6 10:47:48 2022 +1000 + + update version numbers for release + +commit 8e4a8eadf4fe74e65e6492f34250f8cf7d67e8da +Author: djm@openbsd.org +Date: Mon Apr 4 22:45:25 2022 +0000 + + upstream: openssh-9.0 + + OpenBSD-Commit-ID: 0dfb461188f4513ec024c1534da8c1ce14c20b64 + +commit a9f23ea2e3227f406880c2634d066f6f50fa5eaa +Author: naddy@openbsd.org +Date: Thu Mar 31 17:58:44 2022 +0000 + + upstream: ssh: document sntrup761x25519-sha512@openssh.com as + + default KEX + + OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171 + +commit 9ec2713d122af79d66ebb9c1d6d9ae8621a8945f +Author: naddy@openbsd.org +Date: Thu Mar 31 17:27:27 2022 +0000 + + upstream: man pages: add missing commas between subordinate and + + main clauses + + jmc@ dislikes a comma before "then" in a conditional, so leave those + untouched. + + ok jmc@ + + OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3 + +commit 3741df98ffaaff92b474ee70d8ef276b5882f85a +Author: Darren Tucker +Date: Mon Apr 4 23:52:11 2022 +1000 + + Disable security key on fbsd6 test host. + +commit 32c12236f27ae83bfe6d2983b67c9bc67a83a417 +Author: Darren Tucker +Date: Mon Apr 4 15:16:51 2022 +1000 + + Specify TEST_SHELL=bash on AIX. + + The system shells cause the agent-restrict test to fail due to some + quoting so explicitly specify bash until we can get configure to + autmatically work around that. + +commit 90452c8b69d065b7c7c285ff78b81418a75bcd76 +Author: Darren Tucker +Date: Fri Apr 1 23:38:44 2022 +1100 + + Only return events from ppoll that were requested. + + If the underlying system's select() returns bits that were not in the + request set, our ppoll() implementation can return revents for events + not requested, which can apparently cause a hang. Only return revents + for activity in the requested event set. bz#3416, analysis and fix by + yaroslav.kuzmin at vmssoftware com, ok djm@ + +commit 6c49eb5fabc56f4865164ed818aa5112d09c31a8 +Author: Darren Tucker +Date: Fri Apr 1 23:21:40 2022 +1100 + + Only run regression tests on slow VMs. + +commit f67e47903977b42cb6abcd5565a61bd7293e4dc3 +Author: Darren Tucker +Date: Fri Apr 1 23:21:06 2022 +1100 + + Increase test timeout to allow slow VMs to finish + +commit 02488c1b54065ddc4f25835dbd2618b2a2fe21f5 +Author: Darren Tucker +Date: Fri Apr 1 16:27:38 2022 +1100 + + Use bash or ksh if available for SH in Makefile. + +commit 34c7018c316af4773e432066de28d0ef9d0888cd +Author: Darren Tucker +Date: Fri Apr 1 14:56:54 2022 +1100 + + Set Makefile SHELL as determined by configure. + + This should improve compatibility for users with non-POSIX shells. If + using Makefile.in directly (eg make -f Makefile.in distprep) then SHELL + will need to be specified on the command line (along with MANFMT in that + particular case). ok djm@ + +commit 5b054d76402faab38c48377efd112426469553a0 +Author: Darren Tucker +Date: Fri Apr 1 13:16:47 2022 +1100 + + Skip slow tests on (very) slow test targets. + +commit b275818065b31a865142c48c2acf6a7c1655c542 +Author: Damien Miller +Date: Thu Mar 31 14:11:36 2022 +1100 + + depend + +commit 3fa539c3ffaabd6211995512d33e29150f88c5c5 +Author: djm@openbsd.org +Date: Thu Mar 31 03:07:03 2022 +0000 + + upstream: add a sftp client "cp" command that supports server-side + + copying of files. Useful for this task and for testing the copy-data + extension. Patch from Mike Frysinger; ok dtucker@ + + OpenBSD-Commit-ID: 1bb1b950af0d49f0d5425b1f267e197aa1b57444 + +commit 7988bfc4b701c4b3fe9b36c8561a3d1c5d4c9a74 +Author: djm@openbsd.org +Date: Thu Mar 31 03:05:49 2022 +0000 + + upstream: add support for the "corp-data" protocol extension to + + allow server-side copies to be performed without having to go via the client. + Patch by Mike Frysinger, ok dtucker@ + + OpenBSD-Commit-ID: 00aa510940fedd66dab1843b58682de4eb7156d5 + +commit 32dc1c29a4ac9c592ddfef0a4895eb36c1f567ba +Author: djm@openbsd.org +Date: Wed Mar 30 21:13:23 2022 +0000 + + upstream: select post-quantum KEX + + sntrup761x25519-sha512@openssh.com as the default; ok markus@ + + OpenBSD-Commit-ID: f02d99cbfce22dffec2e2ab1b60905fbddf48fb9 + +commit d6556de1db0822c76ba2745cf5c097d9472adf7c +Author: djm@openbsd.org +Date: Wed Mar 30 21:10:25 2022 +0000 + + upstream: fix poll() spin when a channel's output fd closes without + + data in the channel buffer. Introduce more exact packing of channel fds into + the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@ + + OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10 + +commit 8a74a96d25ca4d32fbf298f6c0ac5a148501777d +Author: djm@openbsd.org +Date: Wed Mar 30 04:33:09 2022 +0000 + + upstream: ssh is almost out of getopt() characters; note the + + remaining remaining available ones in a comment + + OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd + +commit 6d4fc51adb9d8a42f67b5474f02f877422379de6 +Author: djm@openbsd.org +Date: Wed Mar 30 04:27:51 2022 +0000 + + upstream: avoid NULL deref via ssh-keygen -Y find-principals. + + bz3409, reported by Mateusz Adamowski + + OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5 + +commit e937514920335b92b543fd9be79cd6481d1eb0b6 +Author: Darren Tucker +Date: Mon Mar 28 17:51:03 2022 +1100 + + Add AIX 5.1 test target. + +commit 4bbe815ba974b4fd89cc3fc3e3ef1be847a0befe +Author: Darren Tucker +Date: Sat Mar 26 22:01:31 2022 +1100 + + Drop leading "v" from release version identifier. + + It's present in the git tags but not in the release tarball names. + Also drop extra "/" from URL path. + +commit f5cdd3b3c275dffaebfca91df782dca29975e9ac +Author: Darren Tucker +Date: Sat Mar 26 16:28:04 2022 +1100 + + Use tarballs when testing LibreSSL releases. + + This means they'll still work when the combination of -portable and + openbsd github repos no longer match. + +commit 24dc37d198f35a7cf71bf4d5384363c7ef4209d4 +Author: Darren Tucker +Date: Sat Mar 26 15:02:45 2022 +1100 + + Remove now-unused passwd variable. + +commit 5b467ceef2c356f0a77f5e8ab4eb0fac367e4d24 +Author: Darren Tucker +Date: Sat Mar 26 13:15:44 2022 +1100 + + Missing semicolon. + +commit 2923d026e55998133c0f6e5186dca2a3c0fa5ff5 +Author: Darren Tucker +Date: Sat Mar 26 12:49:50 2022 +1100 + + Factor out platform-specific locked account check. + + Also fixes an incorrect free on platforms with both libiaf and shadow + passwords (probably only Unixware). Prompted by github PR#284, + originally from @c3h2_ctf and stoeckmann@. + +commit d23efe4b12886ffe416be10bc0a7da6ca8aa72d1 +Author: Darren Tucker +Date: Sat Mar 26 08:13:46 2022 +1100 + + Add OpenWRT mips and mipsel test targets. + +commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b +Author: djm@openbsd.org +Date: Sun Mar 20 08:52:17 2022 +0000 + + upstream: don't leak argument list; bz3404, reported by Balu + + Gajjala ok dtucker@ + + OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6 + +commit a72bde294fe0518c9a44ba63864093a1ef2425e3 +Author: djm@openbsd.org +Date: Sun Mar 20 08:51:21 2022 +0000 + + upstream: make addargs() and replacearg() a little more robust and + + improve error reporting + + make freeargs(NULL) a noop like the other free functions + + ok dtucker as part of bz3403 + + OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d + +commit 731087d2619fa7f01e675b23f57af10d745e8af2 +Author: djm@openbsd.org +Date: Fri Mar 18 04:04:11 2022 +0000 + + upstream: don't try to resolve ListenAddress directives in the sshd + + re-exec path - we're never going to use the result and if the operation fails + then it can prevent connections from being accepted. Reported by Aaron + Poffenberger; with / ok dtucker@ + + OpenBSD-Commit-ID: 44c53a43909a328e2f5ab26070fdef3594eded60 + +commit 1c83c082128694ddd11ac05fdf31d70312ff1763 +Author: djm@openbsd.org +Date: Fri Mar 18 02:50:21 2022 +0000 + + upstream: remove blank line + + OpenBSD-Commit-ID: d5e0182965b2fbfb03ad5f256d1a1ce5706bcddf + +commit 807be68684da7a1fe969c399ddce2fafb7997dcb +Author: djm@openbsd.org +Date: Fri Mar 18 02:32:22 2022 +0000 + + upstream: helpful comment + + OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7 + +commit a0b5816f8f1f645acdf74f7bc11b34455ec30bac +Author: djm@openbsd.org +Date: Fri Mar 18 02:31:25 2022 +0000 + + upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV + + will ensue. Patch from Mateusz Adamowski via GHPR#307 + + OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd + +commit 5a252d54a63be30d5ba4be76210942d754a531c0 +Author: djm@openbsd.org +Date: Tue Mar 15 05:27:37 2022 +0000 + + upstream: improve DEBUG_CHANNEL_POLL debugging message + + OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f + +commit ce324cf58ba2840e31afeb996935800780c8fa4b +Author: cheloha@openbsd.org +Date: Sun Mar 13 23:27:54 2022 +0000 + + upstream: ssh: xstrdup(): use memcpy(3) + + Copying the given string into the buffer with strlcpy(3) confers no + benefit in this context because we have already determined the + string's length with strlen(3) in order to allocate that buffer. + + Thread: https://marc.info/?l=openbsd-tech&m=164687525802691&w=2 + + ok dtucker@ millert@ + + OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a + +commit 2893c5e764557f48f9d6a929e224ed49c59545db +Author: Darren Tucker +Date: Fri Mar 11 18:43:58 2022 +1100 + + Resync fmt_scaled. with OpenBSD. + + Fixes underflow reported in bz#3401. + +commit 5ae31a0fdd27855af29f48ff027491629fff5979 +Author: Darren Tucker +Date: Wed Mar 9 09:41:56 2022 +1100 + + Provide killpg implementation. + + Based on github PR#301 for Tandem NonStop. + +commit c41c84b439f4cd74d4fe44298a4b4037ddd7d2ae +Author: Darren Tucker +Date: Wed Mar 9 09:29:30 2022 +1100 + + Check for missing ftruncate prototype. + + From github PR#301 in conjunction with rsbeckerca. + +commit 8cf5275452a950869cb90eeac7d220b01f77b12e +Author: Darren Tucker +Date: Tue Mar 8 20:04:06 2022 +1100 + + Default to not using sandbox when cross compiling. + + On most systems poll(2) does not work when the number of FDs is reduced + with setrlimit, so assume it doesn't when cross compiling and we can't + run the test. bz#3398. + +commit 379b30120da53d7c84aa8299c26b18c51c2a0dac +Author: djm@openbsd.org +Date: Tue Mar 1 01:59:19 2022 +0000 + + upstream: pack pollfd array before server_accept_loop() ppoll() + + call, and terminate sshd if ppoll() returns errno==EINVAL + + avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by + Daniel Micay + + feedback/ok deraadt + + OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 + +commit eceafbe0bdbbd9bd2f3cf024ccb350666a9934dd +Author: naddy@openbsd.org +Date: Sun Feb 27 01:33:59 2022 +0000 + + upstream: include rejected signature algorithm in error message and + + not the (useless) key type; ok djm@ + + OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff + +commit f2f3269423618a83157e18902385e720f9776007 +Author: dtucker@openbsd.org +Date: Fri Feb 25 09:46:24 2022 +0000 + + upstream: Remove the char * casts from arguments to do_lstat, + + do_readdir and do_stat paths since the underlying functions now take a const + char *. Patch from vapier at gentoo.org. + + OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b + +commit 4a66dac052c5ff5047161853f36904607649e4f9 +Author: djm@openbsd.org +Date: Fri Feb 25 02:09:27 2022 +0000 + + upstream: save an unneccessary alloc/free, based on patch from + + Martin Vahlensieck; ok dtucker@ + + OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f + +commit 6f117cb151efe138ac57bdd8e26165f350328f5f +Author: Darren Tucker +Date: Tue Mar 1 09:02:06 2022 +1100 + + Remove unused ivbits argument from chacha_keysetup + +commit 15974235dd528aeab0ec67fb92a0a1d733f62be2 +Author: Darren Tucker +Date: Tue Mar 1 09:00:20 2022 +1100 + + Add OPENBSD ORIGINAL marker. + +commit f2ff669347d320532e7c1b63cdf5c62f46e73150 +Author: Darren Tucker +Date: Mon Feb 28 22:21:36 2022 +1100 + + No unused param warnings for clang-12 and gcc-11. + + These have too many false positives in -Werror tests on the github CI + since we often provide empty stub functions for functionality not needed + for particular configurations. + +commit 96558ecd87adac62efa9a2b5479f686ab86b0be1 +Author: Darren Tucker +Date: Sat Feb 26 14:10:41 2022 +1100 + + Add debian-i386 test target. + +commit 284b6e5394652d519e31782e3b3cdfd7b21d1a81 +Author: Darren Tucker +Date: Sat Feb 26 14:06:14 2022 +1100 + + Allow ppoll_time64 in seccomp sandbox. + + Should fix sandbox violations on (some? at least i386 and armhf) 32bit + Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at + debian.org via bz#3396. + +commit 0132056efabc5edb85c3c7105d2fb6dee41843c6 +Author: Darren Tucker +Date: Fri Feb 25 19:47:48 2022 +1100 + + Improve handling of _getshort and _getlong. + + If the system native ones are exactly as required then use them, + otherwise use the local versions mapped to another name to prevent + name collisions. + +commit 8e206e0dd6b9f757b07979e48f53ad5bf9b7b52b +Author: Darren Tucker +Date: Fri Feb 25 15:14:22 2022 +1100 + + Constify utimes in compat library to match specs. + + Patch from vapier at chromium.org. + +commit 1b2920e3b63db2eddebeec7330ffe8b723055573 +Author: Darren Tucker +Date: Fri Feb 25 13:50:56 2022 +1100 + + ANSIfy getshort and getlong. + + These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c + which made this change in 2005. + +commit 54a86f4f6e1c43a2ca2be23ef799ab8910d4af70 +Author: Darren Tucker +Date: Fri Feb 25 13:23:04 2022 +1100 + + Use PICFLAG instead of hard coding -fPIC. + +commit 3016ba47035ac3561aabd48e2be70167fe157d6a +Author: Darren Tucker +Date: Fri Feb 25 11:37:11 2022 +1100 + + Add tests for latest releases of {Libre,Open}SSL. + +commit f107467179428a0e3ea9e4aa9738ac12ff02822d +Author: Colin Watson +Date: Thu Feb 24 16:04:18 2022 +0000 + + Improve detection of -fzero-call-used-regs=all support + + GCC doesn't tell us whether this option is supported unless it runs into + the situation where it would need to emit corresponding code. + +commit 3383b2cac0e9275bc93c4b4760e6e048f537e1d6 +Author: djm@openbsd.org +Date: Wed Feb 23 21:21:49 2022 +0000 + + upstream: free(3) wants stdlib.h + + OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a + +commit a4537e79ab4ac6db4493c5158744b9ebde5efcb0 +Author: djm@openbsd.org +Date: Wed Feb 23 21:21:16 2022 +0000 + + upstream: put back the scp manpage changes for SFTP mode too + + OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768 + +commit 449bcb8403adfb9724805d02a51aea76046de185 +Author: deraadt@openbsd.org +Date: Wed Feb 23 19:01:00 2022 +0000 + + upstream: and we go back to testing sftp-scp after the 8.9 + + release... + + OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c + commit 166456cedad3962b83b848b1e9caf80794831f0f Author: Damien Miller Date: Wed Feb 23 22:31:11 2022 +1100 @@ -11386,594 +11887,3 @@ Date: Wed Apr 8 00:01:52 2020 +0000 ok markus@ OpenBSD-Commit-ID: 7de31d80fb9062aa01901ddf040c286b64ff904e - -commit 8461a5b3db34ed0b5a4a18d82f64fd5ac8693ea8 -Author: Darren Tucker -Date: Mon Apr 6 20:54:34 2020 +1000 - - Include openssl-compat.h before checking ifdefs. - - Fixes problem where unsuitable chacha20 code in libressl would be used - unintentionally. - -commit 931c50c5883a9910ea1ae9a371e4e815ec56b035 -Author: Damien Miller -Date: Mon Apr 6 10:04:56 2020 +1000 - - fix inverted test for LibreSSL version - -commit d1d5f728511e2338b7c994968d301d8723012264 -Author: dtucker@openbsd.org -Date: Sat Apr 4 23:04:41 2020 +0000 - - upstream: Indicate if we're using a cached key in trace output. - - OpenBSD-Regress-ID: 409a7b0e59d1272890fda507651c0c3d2d3c0d89 - -commit a398251a4627367c78bc483c70c2ec973223f82c -Author: Darren Tucker -Date: Sun Apr 5 08:43:57 2020 +1000 - - Use /usr/bin/xp4g/id if necessary. - - Solaris' native "id" doesn't support the options we use but the one - in /usr/bin/xp4g does, so use that instead. - -commit db0fdd48335b5b01114f78c1a73a195235910f81 -Author: dtucker@openbsd.org -Date: Sat Apr 4 22:14:26 2020 +0000 - - upstream: Some platforms don't have "hostname -s", so use cut to trim - - short hostname instead. - - OpenBSD-Regress-ID: ebcf36a6fdf287c9336b0d4f6fc9f793c05307a7 - -commit e7e59a9cc8eb7fd5944ded28f4d7e3ae0a5fdecd -Author: dtucker@openbsd.org -Date: Fri Apr 3 07:53:10 2020 +0000 - - upstream: Compute hash locally and re-enable %C tests. - - OpenBSD-Regress-ID: 94d1366e8105274858b88a1f9ad2e62801e49770 - -commit abe2b245b3ac6c4801e99bc0f13289cd28211e22 -Author: Damien Miller -Date: Fri Apr 3 17:25:46 2020 +1100 - - prefer libcrypto chacha20-poly1305 where possible - -commit bc5c5d01ad668981f9e554e62195383bc12e8528 -Author: dtucker@openbsd.org -Date: Fri Apr 3 05:43:11 2020 +0000 - - upstream: Temporarily remove tests for '%C' since the hash contains the - - local hostname and it doesn't work on any machine except mine... spotted by - djm@ - - OpenBSD-Regress-ID: 2d4c3585b9fcbbff14f4a5a5fde51dbd0d690401 - -commit 81624026989654955a657ebf2a1fe8b9994f3c87 -Author: djm@openbsd.org -Date: Fri Apr 3 06:07:57 2020 +0000 - - upstream: r1.522 deleted one too many lines; repair - - OpenBSD-Commit-ID: 1af8851fd7a99e4a887b19aa8f4c41a6b3d25477 - -commit 668cb3585ce829bd6e34d4a962c489bda1d16370 -Author: jmc@openbsd.org -Date: Fri Apr 3 05:53:52 2020 +0000 - - upstream: sort -N and add it to usage(); - - OpenBSD-Commit-ID: 5b00e8db37c2b0a54c7831fed9e5f4db53ada332 - -commit 338ccee1e7fefa47f3d128c2541e94c5270abe0c -Author: djm@openbsd.org -Date: Fri Apr 3 05:48:57 2020 +0000 - - upstream: avoid another compiler warning spotted in -portable - - OpenBSD-Commit-ID: 1d29c51ac844b287c4c8bcaf04c63c7d9ba3b8c7 - -commit 9f8a42340bd9af86a99cf554dc39ecdf89287544 -Author: djm@openbsd.org -Date: Fri Apr 3 04:07:48 2020 +0000 - - upstream: this needs utf8.c too - - OpenBSD-Regress-ID: 445040036cec714d28069a20da25553a04a28451 - -commit 92115ea7c3a834374720c350841fc729e7d5c8b2 -Author: dtucker@openbsd.org -Date: Fri Apr 3 03:14:03 2020 +0000 - - upstream: Add percent_expand test for 'Match Exec'. - - OpenBSD-Regress-ID: a41c14fd6a0b54d66aa1e9eebfb9ec962b41232f - -commit de34a440276ae855c38deb20f926d46752c62c9d -Author: djm@openbsd.org -Date: Fri Apr 3 04:43:24 2020 +0000 - - upstream: fix format string (use %llu for uint64, not %lld). spotted by - - Darren and his tinderbox tests - - OpenBSD-Commit-ID: 3b4587c3d9d46a7be9bdf028704201943fba96c2 - -commit 9cd40b829a5295cc81fbea8c7d632b2478db6274 -Author: djm@openbsd.org -Date: Fri Apr 3 04:34:15 2020 +0000 - - upstream: Add a flag to re-enable verbose output when in batch - - mode; requested in bz3135; ok dtucker - - OpenBSD-Commit-ID: 5ad2ed0e6440562ba9c84b666a5bbddc1afe2e2b - -commit 6ce51a5da5d333a44e7c74c027f3571f70c39b24 -Author: djm@openbsd.org -Date: Fri Apr 3 04:32:21 2020 +0000 - - upstream: chacha20-poly1305 AEAD using libcrypto EVP_chacha20 - - Based on patch from Yuriy M. Kaminskiy. ok + lots of assistance along the - way at a2k20 tb@ - - OpenBSD-Commit-ID: 5e08754c13d31258bae6c5e318cc96219d6b10f0 - -commit eba523f0a130f1cce829e6aecdcefa841f526a1a -Author: djm@openbsd.org -Date: Fri Apr 3 04:27:03 2020 +0000 - - upstream: make Chacha20-POLY1305 context struct opaque; ok tb@ as - - part of a larger diff at a2k20 - - OpenBSD-Commit-ID: a4609b7263284f95c9417ef60ed7cdbb7bf52cfd - -commit ebd29e90129cf18fedfcfe1de86e324228669295 -Author: djm@openbsd.org -Date: Fri Apr 3 04:06:26 2020 +0000 - - upstream: fix debug statement - - OpenBSD-Commit-ID: 42c6edeeda5ce88b51a20d88c93be3729ce6b916 - -commit 7b4d8999f2e1a0cb7b065e3efa83e6edccfc7d82 -Author: djm@openbsd.org -Date: Fri Apr 3 04:03:51 2020 +0000 - - upstream: the tunnel-forwarding vs ExitOnForwardFailure fix that I - - committed earlier had an off-by-one. Fix this and add some debugging that - would have made it apparent sooner. - - OpenBSD-Commit-ID: 082f8f72b1423bd81bbdad750925b906e5ac6910 - -commit eece243666d44ceb710d004624c5c7bdc05454bc -Author: dtucker@openbsd.org -Date: Fri Apr 3 03:12:11 2020 +0000 - - upstream: %C expansion just added to Match Exec should include - - remote user not local user. - - OpenBSD-Commit-ID: 80f1d976938f2a55ee350c11d8b796836c8397e2 - -commit d5318a784d016478fc8da90a38d9062c51c10432 -Author: dtucker@openbsd.org -Date: Fri Apr 3 02:33:31 2020 +0000 - - upstream: Add regression test for percent expansions where possible. - - OpenBSD-Regress-ID: 7283be8b2733ac1cbefea3048a23d02594485288 - -commit 663e84bb53de2a60e56a44d538d25b8152b5c1cc -Author: djm@openbsd.org -Date: Fri Apr 3 02:40:32 2020 +0000 - - upstream: make failures when establishing "Tunnel" forwarding terminate - - the connection when ExitOnForwardFailure is enabled; bz3116; ok dtucker - - OpenBSD-Commit-ID: ef4b4808de0a419c17579b1081da768625c1d735 - -commit ed833da176611a39d3376d62154eb88eb440d31c -Author: dtucker@openbsd.org -Date: Fri Apr 3 02:27:12 2020 +0000 - - upstream: Make with config keywords support which - - percent_expansions more consistent. - %C is moved into its own function and *** 2373 LINES SKIPPED ***