git: b16cb28aca00 - stable/13 - ssh: Update to OpenSSH 9.7p1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 25 Mar 2024 22:39:24 UTC
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=b16cb28aca00112db2a7b5c070ee019c100cbc20 commit b16cb28aca00112db2a7b5c070ee019c100cbc20 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2024-03-18 14:00:57 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2024-03-25 22:39:14 +0000 ssh: Update to OpenSSH 9.7p1 This release contains mostly bugfixes. It also makes support for the DSA signature algorithm a compile-time option, with plans to disable it upstream later this year and remove support entirely in 2025. Full release notes at https://www.openssh.com/txt/release-9.7 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit a91a246563dffa876a52f53a98de4af9fa364c52) (cherry picked from commit 464fa66f639bdc8e340dd3f640af4309530d48ca) --- crypto/openssh/.github/configs | 21 +- crypto/openssh/.github/setup_ci.sh | 26 + crypto/openssh/.github/workflows/c-cpp.yml | 20 +- crypto/openssh/.github/workflows/selfhosted.yml | 1 + crypto/openssh/.gitignore | 2 + crypto/openssh/.skipped-commit-ids | 2 + crypto/openssh/ChangeLog | 11979 +++++++++---------- crypto/openssh/PROTOCOL | 22 +- crypto/openssh/PROTOCOL.agent | 4 +- crypto/openssh/PROTOCOL.mux | 4 +- crypto/openssh/README | 2 +- crypto/openssh/README.platform | 9 +- crypto/openssh/channels.c | 79 +- crypto/openssh/clientloop.c | 4 +- crypto/openssh/config.h | 3 + crypto/openssh/configure.ac | 50 +- crypto/openssh/contrib/redhat/openssh.spec | 2 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/gss-genr.c | 8 +- crypto/openssh/kex.c | 31 +- crypto/openssh/kex.h | 10 +- crypto/openssh/m4/openssh.m4 | 12 +- crypto/openssh/misc.c | 15 +- crypto/openssh/misc.h | 3 +- crypto/openssh/nchan.c | 4 +- crypto/openssh/openbsd-compat/getopt.h | 12 +- crypto/openssh/openbsd-compat/openbsd-compat.h | 10 +- crypto/openssh/packet.c | 2 +- crypto/openssh/packet.h | 2 +- crypto/openssh/readconf.c | 165 +- crypto/openssh/readconf.h | 8 +- crypto/openssh/regress/Makefile | 77 +- crypto/openssh/regress/channel-timeout.sh | 74 +- crypto/openssh/regress/dynamic-forward.sh | 9 +- crypto/openssh/regress/misc/fuzz-harness/Makefile | 8 +- .../regress/misc/fuzz-harness/agent_fuzz_helper.c | 7 + crypto/openssh/regress/multiplex.sh | 3 +- crypto/openssh/regress/putty-ciphers.sh | 51 +- crypto/openssh/regress/putty-kex.sh | 40 +- crypto/openssh/regress/putty-transfer.sh | 13 +- crypto/openssh/regress/test-exec.sh | 28 +- crypto/openssh/regress/unittests/Makefile.inc | 7 +- .../regress/unittests/hostkeys/test_iterate.c | 11 +- crypto/openssh/regress/unittests/kex/test_kex.c | 4 +- .../openssh/regress/unittests/sshkey/test_file.c | 4 +- .../openssh/regress/unittests/sshkey/test_fuzz.c | 8 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 23 +- crypto/openssh/regress/unittests/sshsig/tests.c | 4 +- crypto/openssh/servconf.c | 168 +- crypto/openssh/session.c | 4 +- crypto/openssh/sftp.c | 44 +- crypto/openssh/ssh-add.1 | 14 +- crypto/openssh/ssh-add.c | 10 +- crypto/openssh/ssh-agent.c | 48 +- crypto/openssh/ssh-dss.c | 7 +- crypto/openssh/ssh-keygen.c | 26 +- crypto/openssh/ssh-keyscan.c | 8 +- crypto/openssh/ssh-keysign.c | 7 +- crypto/openssh/ssh-pkcs11-client.c | 2 + crypto/openssh/ssh.c | 6 +- crypto/openssh/ssh_api.c | 14 +- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 26 +- crypto/openssh/ssh_namespace.h | 1 + crypto/openssh/sshbuf-getput-crypto.c | 4 +- crypto/openssh/sshconnect.c | 4 +- crypto/openssh/sshconnect2.c | 21 +- crypto/openssh/sshd.c | 4 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 59 +- crypto/openssh/sshkey.c | 12 +- crypto/openssh/sshsig.c | 4 +- crypto/openssh/version.h | 6 +- crypto/openssh/xmss_hash.c | 4 +- 74 files changed, 6366 insertions(+), 7026 deletions(-) diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index df82faf5046b..370fe29a3ee4 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -164,6 +164,11 @@ case "$config" in libressl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," ;; + putty-*) + CONFIGFLAGS="--with-plink=/usr/local/bin/plink --with-puttygen=/usr/local/bin/puttygen" + # We don't need to rerun the regular tests, just the interop ones. + TEST_TARGET=interop-tests + ;; openssl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," # OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec @@ -269,20 +274,22 @@ case "${TARGET_HOST}" in ;; minix3) CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + # Unix domain sockets don't work quite like we expect, so also + # disable FD passing (and thus multiplexing). + CONFIGFLAGS="${CONFIGFLAGS} --disable-fd-passing" LIBCRYPTOFLAGS="--without-openssl" + # Minix does not have a loopback interface so we have to skip any # test that relies on one. # Also, Minix seems to be very limited in the number of select() # calls that can be operating concurrently, so prune additional tests for that. T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse - connect connect-uri exit-status forwarding hostkey-agent - key-options keyscan knownhosts-command login-timeout + connect connect-uri dynamic-forward exit-status forwarding + forward-control + hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data transfer" - # Unix domain sockets don't work quite like we expect, so also skip any tests - # that use multiplexing. - T="$T connection-timeout dynamic-forward forward-control multiplex" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" @@ -320,6 +327,10 @@ case "$host" in # modern versions don't ship with libcrypto. LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec + + # On some OS X runners we can't write to /var/empty. + CONFIGFLAGS="${CONFIGFLAGS} --with-privsep-path=/usr/local/empty" + case "$host" in *-darwin22.*) # sudo -S nobody doesn't work on macos 13 for some reason. diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index d0ba7b4724e9..f0f2761c7107 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -142,6 +142,10 @@ for TARGET in $TARGETS; do INSTALL_BORINGSSL=1 PACKAGES="${PACKAGES} cmake ninja-build" ;; + putty-*) + INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-) + PACKAGES="${PACKAGES} cmake" + ;; valgrind*) PACKAGES="$PACKAGES valgrind" ;; @@ -241,3 +245,25 @@ if [ ! -z "${INSTALL_ZLIB}" ]; then cd ${HOME}/zlib && ./configure && make && sudo make install prefix=/opt/zlib) fi + +if [ ! -z "${INSTALL_PUTTY}" ]; then + ver="${INSTALL_PUTTY}" + case "${INSTALL_PUTTY}" in + snapshot) + tarball=putty.tar.gz + (cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball}) + ;; + *) + tarball=putty-${ver}.tar.gz + (cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball}) + ;; + esac + (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-* + if [ -f CMakeLists.txt ]; then + cmake . && cmake --build . && sudo cmake --build . --target install + else + ./configure && make && sudo make install + fi + ) + /usr/local/bin/plink -V +fi diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 8f624d21016c..edb88f23c0fb 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -62,20 +62,32 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.2 } + - { target: ubuntu-latest, config: libressl-3.8.3 } + - { target: ubuntu-latest, config: libressl-3.9.0 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } - { target: ubuntu-latest, config: openssl-1.1.1t } - { target: ubuntu-latest, config: openssl-1.1.1w } - { target: ubuntu-latest, config: openssl-3.0.0 } - - { target: ubuntu-latest, config: openssl-3.0.12 } + - { target: ubuntu-latest, config: openssl-3.0.13 } - { target: ubuntu-latest, config: openssl-3.1.0 } - - { target: ubuntu-latest, config: openssl-3.1.4 } - - { target: ubuntu-latest, config: openssl-3.2.0 } + - { target: ubuntu-latest, config: openssl-3.1.5 } + - { target: ubuntu-latest, config: openssl-3.2.1 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: putty-0.71 } + - { target: ubuntu-latest, config: putty-0.72 } + - { target: ubuntu-latest, config: putty-0.73 } + - { target: ubuntu-latest, config: putty-0.74 } + - { target: ubuntu-latest, config: putty-0.75 } + - { target: ubuntu-latest, config: putty-0.76 } + - { target: ubuntu-latest, config: putty-0.77 } + - { target: ubuntu-latest, config: putty-0.78 } + - { target: ubuntu-latest, config: putty-0.79 } + - { target: ubuntu-latest, config: putty-0.80 } + - { target: ubuntu-latest, config: putty-snapshot } - { target: ubuntu-latest, config: zlib-develop } - { target: ubuntu-22.04, config: pam } - { target: ubuntu-22.04, config: krb5 } diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index be0b4ffec580..4f1c587a5779 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -73,6 +73,7 @@ jobs: - { target: fbsd14, config: pam, host: libvirt } - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } + - { target: nbsd10, config: pam, host: libvirt } # VMs with persistent disks that have their own runner. - { target: win10, config: default, host: win10 } - { target: win10, config: cygwin-release, host: win10 } diff --git a/crypto/openssh/.gitignore b/crypto/openssh/.gitignore index 5e4ae5a60d06..7fccc6fe3dc3 100644 --- a/crypto/openssh/.gitignore +++ b/crypto/openssh/.gitignore @@ -18,6 +18,8 @@ survey.sh **/*.so **/*.out **/*.a +**/*.un~ +**/.*.swp autom4te.cache/ scp sftp diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index 59e80518acf2..06303955c566 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -1,3 +1,4 @@ +509bb19bb9762a4b3b589af98bac2e730541b6d4 clean sshd random relinking kit 5317f294d63a876bfc861e19773b1575f96f027d remove libssh from makefiles a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes f2c9feb26963615c4fece921906cf72e248b61ee more Makefile @@ -27,6 +28,7 @@ cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks +5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 981b7ecd94b6..3bbccf5ea3eb 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,9505 +1,8300 @@ -commit 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 +commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 Author: Damien Miller <djm@mindrot.org> -Date: Tue Dec 19 01:59:50 2023 +1100 +Date: Mon Mar 11 16:20:49 2024 +1100 - crank versions + version number in README -commit 2f2c65cb5f1518a9c556d3e8efa27ea0ca305c6b +commit 282721418e6465bc39ccfd39bb0133e670ee4423 Author: Damien Miller <djm@mindrot.org> -Date: Tue Dec 19 01:59:06 2023 +1100 +Date: Mon Mar 11 16:20:08 2024 +1100 - depend + crank RPM spec versions -commit e48cdee8e19059203b1aeeabec2350b8375fa61f +commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:50:08 2023 +0000 +Date: Mon Mar 11 04:59:47 2024 +0000 - upstream: regress test for agent PKCS#11-backed certificates + upstream: openssh-9.7 - OpenBSD-Regress-ID: 38f681777cb944a8cc3bf9d0ad62959a16764df9 + OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc -commit 2f512f862df1d5f456f82a0334c9e8cc7208a2a1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:49:39 2023 +0000 +commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 11 12:59:26 2024 +1100 - upstream: regress test for constrained PKCS#11 keys + Test against current OpenSSL and LibreSSL releases. - OpenBSD-Regress-ID: b2f26ae95d609d12257b43aef7cd7714c82618ff + Add LibreSSL 3.9.0, bump older branches to their respective current + releases. -commit cdddd66412ca5920ed4d3ebbfa6ace12dbd9b82f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:48:44 2023 +0000 +commit 26b09b45fec7b88ba09042c09be4157e58e231e2 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Mar 10 16:24:57 2024 +1100 - upstream: openssh-9.6 + quote regexes used to test for algorithm support - OpenBSD-Commit-ID: 21759837cf0e0092d9a2079f8fb562071c11016b + Fixes test failures on Solaris 8 reported by Tom G. Christensen -commit 6d51feab157cedf1e7ef5b3f8781ca8ff9c4ab1b +commit a6a740a4948d10a622b505135bb485c10f21db5e Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:48:08 2023 +0000 +Date: Sat Mar 9 05:12:13 2024 +0000 - upstream: ssh-agent: record failed session-bind attempts - - Record failed attempts to session-bind a connection and refuse signing - operations on that connection henceforth. - - Prevents a future situation where we add a new hostkey type that is not - recognised by an older ssh-agent, that consequently causes session-bind - to fail (this situation is only likely to arise when people mix ssh(1) - and ssh-agent(1) of different versions on the same host). Previously, - after such a failure the agent socket would be considered unbound and - not subject to restriction. + upstream: avoid logging in signal handler by converting mainloop to - Spotted by Jann Horn + ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ - OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e + OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f -commit 7ef3787c84b6b524501211b11a26c742f829af1a +commit cd82f7526e0481720567ae41db7849ab1c27e27b Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:47:44 2023 +0000 +Date: Fri Mar 8 22:16:32 2024 +0000 - upstream: ban user/hostnames with most shell metacharacters + upstream: skip more whitespace, fixes find-principals on - This makes ssh(1) refuse user or host names provided on the - commandline that contain most shell metacharacters. - - Some programs that invoke ssh(1) using untrusted data do not filter - metacharacters in arguments they supply. This could create - interactions with user-specified ProxyCommand and other directives - that allow shell injection attacks to occur. + allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz - It's a mistake to invoke ssh(1) with arbitrary untrusted arguments, - but getting this stuff right can be tricky, so this should prevent - most obvious ways of creating risky situations. It however is not - and cannot be perfect: ssh(1) has no practical way of interpreting - what shell quoting rules are in use and how they interact with the - user's specified ProxyCommand. + OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + +commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 8 11:34:10 2024 +0000 + + upstream: Invoke ProxyCommand that uses stderr redirection via - To allow configurations that use strange user or hostnames to - continue to work, this strictness is applied only to names coming - from the commandline. Names specified using User or Hostname - directives in ssh_config(5) are not affected. + $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. + Found by vinschen at redhat.com. - feedback/ok millert@ markus@ dtucker@ deraadt@ + OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + +commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 7 17:18:14 2024 +1100 + + Prefer openssl binary from --with-ssl-dir directory. - OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9 + Use openssl in the directory specified by --with-ssl-dir as long + as it's functional. Reported by The Doctor. -commit 0cb50eefdd29f0fec31d0e71cc4b004a5f704e67 +commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:47:20 2023 +0000 +Date: Wed Mar 6 02:59:59 2024 +0000 - upstream: stricter handling of channel window limits - - This makes ssh/sshd more strict in handling non-compliant peers that - send more data than the advertised channel window allows. Previously - the additional data would be silently discarded. This change will - cause ssh/sshd to terminate the connection if the channel window is - exceeded by more than a small grace allowance. + upstream: fix memory leak in mux proxy mode when requesting forwarding. - ok markus@ + found by RASU JSC, reported by Maks Mishin in GHPR#467 - OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037 + OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 -commit 4448a2938abc76e6bd33ba09b2ec17a216dfb491 +commit 242742827fea4508e68097c128e802edc79addb5 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:46:56 2023 +0000 +Date: Wed Mar 6 00:31:04 2024 +0000 - upstream: Make it possible to load certs from PKCS#11 tokens - - Adds a protocol extension to allow grafting certificates supplied by - ssh-add to keys loaded from PKCS#11 tokens in the agent. - - feedback/ok markus@ + upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 - OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f + OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 -commit 881d9c6af9da4257c69c327c4e2f1508b2fa754b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:46:12 2023 +0000 +commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a +Author: Damien Miller <djm@mindrot.org> +Date: Wed Mar 6 11:31:36 2024 +1100 - upstream: apply destination constraints to all p11 keys + disable RSA tests when algorithm is not supported - Previously applied only to the first key returned from each token. + Unbreaks "make test" when compiled --without-openssl. - ok markus@ + Similar treatment to how we do DSA and ECDSA. + +commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Mar 6 10:33:20 2024 +1100 + + add a --without-retpoline configure option - OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d + discussed with deraadt and dtucker a while ago -commit a7ed931caeb68947d30af8a795f4108b6efad761 +commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:45:49 2023 +0000 +Date: Mon Mar 4 04:13:18 2024 +0000 - upstream: add "ext-info-in-auth@openssh.com" extension - - This adds another transport protocol extension to allow a sshd to send - SSH2_MSG_EXT_INFO during user authentication, after the server has - learned the username that is being logged in to. - - This lets sshd to update the acceptable signature algoritms for public - key authentication, and allows these to be varied via sshd_config(5) - "Match" directives, which are evaluated after the server learns the - username being authenticated. + upstream: fix leak of CanonicalizePermittedCNAMEs on error path; - Full details in the PROTOCOL file + spotted by Coverity (CID 438039) - OpenBSD-Commit-ID: 1de7da7f2b6c32a46043d75fcd49b0cbb7db7779 + OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af -commit 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 +commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Dec 18 14:45:17 2023 +0000 +Date: Mon Mar 4 02:16:11 2024 +0000 - upstream: implement "strict key exchange" in ssh and sshd + upstream: Separate parsing of string array options from applying them - This adds a protocol extension to improve the integrity of the SSH - transport protocol, particular in and around the initial key exchange - (KEX) phase. + to the active configuration. This fixes the config parser from erroneously + rejecting cases like: - Full details of the extension are in the PROTOCOL file. + AuthenticationMethods password + Match User ivy + AuthenticationMethods any - with markus@ + bz3657 ok markus@ - OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 + OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 -commit 59d691b886c79e70b1d1c4ab744e81fd176222fd +commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 22 17:59:35 2024 +1100 + + Add nbsd10 test target. + +commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 18 14:49:11 2023 +1100 +Date: Thu Feb 22 12:06:10 2024 +1100 - better detection of broken -fzero-call-used-regs + more descriptive configure test name + +commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:17:29 2024 +0000 + + upstream: explain arguments of internal-sftp GHPR#454 from Niklas - Use OSSH_CHECK_CFLAG_LINK() for detection of these flags and extend - test program to exercise varargs, which seems to catch more stuff. + Hambüchen + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - ok dtucker@ + OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 -commit aa7b21708511a6d4aed3839fc9f6e82e849dd4a1 +commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Dec 13 03:28:19 2023 +0000 +Date: Wed Feb 21 06:06:43 2024 +0000 - upstream: when invoking KnownHostsCommand to determine the order of - - host key algorithms to request, ensure that the hostname passed to the - command is decorated with the port number for ports other than 22. + upstream: clarify permissions requirements for ChrootDirectory Part - This matches the behaviour of KnownHostsCommand when invoked to look - up the actual host key. + of GHPR#454 from Niklas Hambüchen + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit - bz3643, ok dtucker@ + OpenBSD-Commit-ID: d37bc8786317a11649c62ff5e2936441186ef7a0 + +commit d410e17d186552d0717f18217d0d049486754365 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:05:06 2024 +0000 + + upstream: .Cm for a keyword. Part of GHPR#454 from Niklas Hambüchen - OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1 + OpenBSD-Commit-ID: d59c52559f926fa82859035d79749fbb4a3ce18a -commit 4086bd6652c0badccc020218a62190a7798fb72c -Author: markus@openbsd.org <markus@openbsd.org> -Date: Fri Dec 8 09:18:39 2023 +0000 +commit ab73f9678ebf06b32d6361b88b50b42775e0565b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:01:13 2024 +0000 - upstream: prevent leak in sshsig_match_principals; ok djm@ + upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462 - OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae + from Tobias Manske + + OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908 -commit 19d3ee2f3adf7d9a606ff015c1e153744702c4c9 +commit 9844aa2521ccfb1a2d73745680327b79e0574445 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Dec 6 21:06:48 2023 +0000 +Date: Wed Feb 21 05:57:34 2024 +0000 - upstream: short circuit debug log processing early if we're not going + upstream: fix proxy multiplexing mode, broken when keystroke timing - to log anything. From Kobe Housen + obfuscation was added. GHPR#463 from montag451 - OpenBSD-Commit-ID: 2bcddd695872a1bef137cfff7823044dcded90ea + OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677 -commit 947affad4831df015c498c00c6351ea6f13895d5 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Nov 27 09:37:28 2023 +1100 +commit ee6d932acb532f80b11bb7cf161668c70ec8a117 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 20 04:10:03 2024 +0000 - Add tests for OpenSSL 3.2.0 and 3.2 stable branch. + upstream: don't append a gratuitous space to the end of subsystem + + arguments; bz3667 + + OpenBSD-Commit-ID: e11023aeb3f30b77a674e37b8292c862926d5dc6 -commit 747dce36206675ca6b885010a835733df469351b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Nov 25 09:03:38 2023 +1100 +commit e27f032aa8fcbae9b2e7c451baaf4b8ac6fa3d45 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Feb 19 09:25:52 2024 +0000 - Use non-zero arg in compiler test program. + upstream: Always define puttysetup function. - Now that we're running the test program, passing zero to the test function - can cause divide-by-zero exceptions which might show up in logs. + OpenBSD-Regress-ID: b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0 -commit 3d44a5c56585d1c351dbc006240a591b6da502b1 +commit 84046f9991abef5f46b040b10cf3d494f933a17b Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Nov 24 00:31:30 2023 +0000 +Date: Fri Feb 9 08:56:59 2024 +0000 - upstream: Plug mem leak of msg when processing a quit message. + upstream: Exapnd PuTTY test coverage. - Coverity CID#427852, ok djm@ + Expand the set of ciphers, MACs and KEX methods in the PuTTY interop + tests. - OpenBSD-Commit-ID: bf85362addbe2134c3d8c4b80f16601fbff823b7 + OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57 -commit 1d7f9b6e297877bd00973e6dc5c0642dbefc3b5f +commit bbf541ee2afe07b08a8b56fa0dc6f38fcfceef2a Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Nov 23 03:37:05 2023 +0000 +Date: Fri Feb 9 08:47:42 2024 +0000 - upstream: Include existing mux path in debug message. + upstream: Factor out PuTTY setup. - OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16 + Factor out PuTTY and call only when needed. + + This allows us to avoid PuTTY key setup when it's not needed, which + speeds up the overall test run by a couple of percent. + + OpenBSD-Regress-ID: c25eaccc3c91bc874400f7c85ce40e9032358c1c -commit f29934066bd0e561a2e516b7e584fb92d2eedee0 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Nov 23 19:41:27 2023 +1100 +commit d31c21c57fb4245271680a1e5043cf6470a96766 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sat Feb 10 11:28:52 2024 +0000 - Add an Ubuntu 22.04 test VM. + upstream: clean sshd random relinking kit; ok miod@ - This is the same version as Github's runners so most of the testing on - it is over there, but having a local VM makes debugging much easier. + OpenBSD-Commit-ID: 509bb19bb9762a4b3b589af98bac2e730541b6d4 -commit a93284a780cd3972afe5f89086b75d564ba157f3 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Nov 23 19:36:22 2023 +1100 +commit 4dbc5a363ff53a2fcecf6bc3bcc038badc12f118 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 2 00:13:34 2024 +0000 - Add gcc-12 -Werror test on Ubuntu 22.04. + upstream: whitespace - Explictly specify gcc-11 on Ubuntu 22.04 (it's the system compiler). + OpenBSD-Commit-ID: b24680bc755b621ea801ff8edf6f0f02b68edae1 -commit 670f5a647e98b6fd95ad64f789f87ee3274b481b +commit efde85dda2130272af24cc346f6c3cd326182ff1 Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Nov 23 19:34:57 2023 +1100 +Date: Mon Feb 19 17:29:31 2024 +1100 - Check return value from write to prevent warning. + Improve error message for OpenSSL header check. - ... and since we're testing for flags with -Werror, this caused - configure to mis-detect compiler flags. + bz#3668, ok djm@ -commit cea007d691cfedfa07a5b8599f97ce0511f53fc9 +commit cbbdf868bce431a59e2fa36ca244d5739429408d Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Nov 22 21:18:55 2023 +1100 +Date: Wed Feb 7 13:45:02 2024 +1100 - Run compiler test program when compiling natively. - - ok djm@ + Interop test against PuTTY snapshot and releases. -commit ee0d305828f13536c0a416bbf9c3e81039d9ea55 +commit 91898bf786b0f149f962c4c96c08a46f29888c10 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Nov 22 21:18:07 2023 +1100 +Date: Tue Feb 6 16:21:05 2024 +1100 - Factor out compiler test program into a macro. + Put privsep dir on OS X on /usr/local. - ok djm@ + On some runners we can't create /var/empty, so put it some place we can + write. Should fix test breakage on Max OS X 11. -commit de304c76316b029df460673725a9104224b9959b +commit be5ed8ebed8388c5056bfde4688308cc873c18b9 Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Nov 22 08:55:36 2023 +1100 +Date: Tue Feb 6 11:19:42 2024 +1100 - Add fbsd14 VM to test pool. + Add --disable-fd-passing option. + + .. and enable for the minix3 test VM. This will cause it to more reliably + skip tests that need FD passing and should fix the current test breakage. -commit 99a2df5e1994cdcb44ba2187b5f34d0e9190be91 +commit 0f6a8a0d0a518fd78c4cbebfdac990a57a1c4e41 Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Nov 21 16:19:29 2023 +1100 +Date: Tue Feb 6 11:18:44 2024 +1100 - Expand -fzero-call-used-regs test to cover gcc 11. - - It turns out that gcc also has some problems with -fzero-call-used-regs, - at least v11 on mips. Previously the test in OSSH_CHECK_CFLAG_COMPILE - was sufficient to catch it with "=all", but not sufficient for "=used". - Expand the testcase and include it in the other tests for good measure. - See bz#3629. ok djm@. + Use "skip" function instead doing it ourselves. -commit ff220d4010717f7bfbbc02a2400666fb9d24f250 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Nov 21 14:04:34 2023 +1100 +commit 3ad669f81aabbd2ba9fbd472903f680f598e1e99 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 1 14:01:18 2024 +1100 - Stop using -fzero-call-used-regs=all + ignore some vim droppings + +commit c283f29d23611a06bbee06bcf458f2fffad721d9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 1 02:37:33 2024 +0000 + + upstream: whitespace - ... since it seems to be problematic with several different versions of - clang. Only use -fzero-call-used-regs=used which is less - problematic, except with Apple's clang where we don't use it at all. - bz#3629, ok djm@ + OpenBSD-Commit-ID: bf9e4a1049562ee4322684fbdce07142f04fdbb7 -commit 2a19e02f36b16f0f6cc915f7d1e60ead5e36303b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Nov 21 14:02:18 2023 +1100 +commit 0d96b1506b2f4757fefa5d1f884d49e96a6fd4c3 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jan 16 14:40:18 2024 +1100 - Allow for vendor prefix on clang version numbers. + skip tests that use multiplexing on Windows - Correctly detects the version of OpenBSD's native clang, as well as - Apple's. Spotted tb@, ok djm@. + Some tests here use multiplexing, skip these if DISABLE_FD_PASSING + is set. Should unbreak tests on Windows. -commit c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6 +commit 50080fa42f5f744b798ee29400c0710f1b59f50e Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Nov 20 02:50:00 2023 +0000 +Date: Thu Jan 11 04:50:28 2024 +0000 - upstream: set errno=EAFNOSUPPORT when filtering addresses that don't + upstream: don't disable RSA test when DSA is disabled; bug introduced - match AddressFamily; yields slightly better error message if no address - matches. bz#3526 + in last commit - OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6 + OpenBSD-Regress-ID: 8780a7250bf742b33010e9336359a1c516f2d7b5 -commit 26f3f3bbc69196d908cad6558c8c7dc5beb8d74a +commit 415c94ce17288e0cdcb9e58cc91fba78d33c8457 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 15 23:03:38 2023 +0000 +Date: Thu Jan 11 01:45:58 2024 +0000 - upstream: when connecting via socket (the default case), filter + upstream: make DSA testing optional, defaulting to on - addresses by AddressFamily if one was specified. Fixes the case where, if - CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok - dtucker + ok markus - OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439 + OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a -commit 050c335c8da43741ed0df2570ebfbd5d1dfd0a31 +commit f9311e8921d92c5efca767227a497ab63280ac39 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 15 22:51:49 2023 +0000 +Date: Thu Jan 11 01:51:16 2024 +0000 - upstream: when deciding whether to enable keystroke timing - - obfuscation, only consider enabling it when a channel with a tty is open. + upstream: ensure key_fd is filled when DSA is disabled; spotted by - Avoids turning on the obfucation when X11 forwarding only is in use, - which slows it right down. Reported by Roger Marsh + tb@ - OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1 + OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7 -commit 676377ce67807a24e08a54cd60ec832946cc6cae -Author: tobhe@openbsd.org <tobhe@openbsd.org> -Date: Mon Nov 13 09:18:19 2023 +0000 +commit 4e838120a759d187b036036610402cbda33f3203 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 11 01:45:36 2024 +0000 - upstream: Make sure sftp_get_limits() only returns 0 if 'limits' + upstream: make DSA key support compile-time optional, defaulting to - was initialized. This fixes a potential uninitialized use of 'limits' in - sftp_init() if sftp_get_limits() returned early because of an unexpected - message type. + on - ok djm@ + ok markus@ - OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c + OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d -commit 64e0600f23c6dec36c3875392ac95b8a9100c2d6 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Nov 13 20:03:31 2023 +1100 +commit afcc9028bfc411bc26d20bba803b83f90cb84e26 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Jan 10 06:33:13 2024 +0000 - Test current releases of LibreSSL and OpenSSL. + upstream: fix incorrect capitalisation; - Retire some of the older releases. + OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984 -commit c8ed7cc545879ac15f6ce428be4b29c35598bb2a -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Nov 1 02:08:38 2023 +0000 +commit 9707c8170c0c1baeb1e06e5a53f604498193885f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 9 22:19:36 2024 +0000 - upstream: Specify ssh binary to use + upstream: extend ChannelTimeout regression test to exercise multiplexed - ... instead of relying on installed one. Fixes test failures in -portable - when running tests prior to installation. + connections and the new "global" timeout type. ok dtucker@ - OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685 + OpenBSD-Regress-ID: f10d19f697024e9941acad7c2057f73d6eacb8a2 -commit e9fc2c48121cada1b4dcc5dadea5d447fe0093c3 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Nov 1 13:11:31 2023 +1100 +commit b31b12d28de96e1d43581d32f34da8db27e11c03 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 9 22:19:00 2024 +0000 - Put long-running test targets on hipri runners. + upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8) - Some of the selfhosted test targets take a long time to run for various - reasons, so label them for "libvirt-hipri" runners so that they can - start immediately. This should reduce the time to complete all tests. + that watches all open channels and will close all open channels if there is + no traffic on any of them for the specified interval. This is in addition to + the existing per-channel timeouts added a few releases ago. + + This supports use-cases like having a session + x11 forwarding channel + open where one may be idle for an extended period but the other is + actively used. The global timeout would allow closing both channels when + both have been idle for too long. + + ok dtucker@ + + OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3 -commit 7ddf27668f0e21233f08c0ab2fe9ee3fdd6ab1e2 +commit 602f4beeeda5bb0eca181f8753d923a2997d0a51 Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Nov 1 00:29:46 2023 +0000 +Date: Tue Jan 9 21:39:14 2024 +0000 - upstream: add some tests of forced commands overriding Subsystem + upstream: adapt ssh_api.c code for kex-strict - directives + from markus@ ok me - OpenBSD-Regress-ID: eb48610282f6371672bdf2a8b5d2aa33cfbd322b + OpenBSD-Commit-ID: 4d9f256852af2a5b882b12cae9447f8f00f933ac -commit fb06f9b5a065dfbbef5916fc4accc03c0bf026dd -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Oct 31 04:15:40 2023 +0000 +commit 42ba34aba8708cf96583ff52975d95a8b47d990d +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jan 8 16:26:37 2024 +1100 - upstream: Don't try to use sudo inside sshd log wrapper. - - We still need to check if we're using sudo since we don't want to chown - unecessarily, as on some platforms this causes an error which pollutes - stderr. We also don't want to unnecessarily invoke sudo, since it's - running in the context of the proxycommand, on *other* platforms it - may not be able to authenticate, and if we're using SUDO then it should - already be privileged. - - OpenBSD-Regress-ID: 70d58df7503db699de579a9479300e5f3735f4ee + nite that recent OSX tun/tap is unsupported -commit fc3cc33e88c242c704781c6c48087838f1dcfa2a -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Oct 31 02:58:45 2023 +0000 +commit 690bc125f9a3b20e47745fa8f5b5e1fd5820247f +Author: Sevan Janiyan <venture37@geeklan.co.uk> +Date: Wed Dec 27 04:57:49 2023 +0000 - upstream: Only try to chmod logfile if we have sudo. If we don't have - - sudo then we won't need to chmod. *** 17647 LINES SKIPPED ***