git: 6ac1039d047a - stable/13 - ssh: update to OpenSSH v8.9p1
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 07 Oct 2022 01:39:38 UTC
The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=6ac1039d047aafcaae5fec13504ece8fdc764c5a commit 6ac1039d047aafcaae5fec13504ece8fdc764c5a Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2022-04-13 20:00:56 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-10-07 01:39:00 +0000 ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 1323ec571215a77ddd21294f0871979d5ad6b992) (cherry picked from commit 58def461e256e3a05c3ff15a87ed702fe0c3662c) --- crypto/openssh/.depend | 11 +- crypto/openssh/.github/configs | 76 +- crypto/openssh/.github/configure.sh | 17 +- crypto/openssh/.github/setup_ci.sh | 41 +- crypto/openssh/.github/workflows/c-cpp.yml | 24 +- crypto/openssh/.github/workflows/selfhosted.yml | 14 +- crypto/openssh/.github/workflows/upstream.yml | 3 +- crypto/openssh/.skipped-commit-ids | 1 + crypto/openssh/ChangeLog | 17378 +++++++++---------- crypto/openssh/INSTALL | 5 - crypto/openssh/LICENCE | 21 +- crypto/openssh/Makefile.in | 55 +- crypto/openssh/PROTOCOL | 69 +- crypto/openssh/PROTOCOL.agent | 85 +- crypto/openssh/PROTOCOL.mux | 6 +- crypto/openssh/README | 2 +- crypto/openssh/SECURITY.md | 5 + crypto/openssh/addr.c | 30 +- crypto/openssh/atomicio.c | 1 - crypto/openssh/auth-options.c | 4 +- crypto/openssh/auth-rhosts.c | 41 +- crypto/openssh/auth.c | 16 +- crypto/openssh/auth.h | 5 +- crypto/openssh/auth2-gss.c | 5 +- crypto/openssh/auth2-hostbased.c | 11 +- crypto/openssh/auth2-kbdint.c | 5 +- crypto/openssh/auth2-none.c | 5 +- crypto/openssh/auth2-passwd.c | 5 +- crypto/openssh/auth2-pubkey.c | 49 +- crypto/openssh/auth2.c | 70 +- crypto/openssh/authfd.c | 116 +- crypto/openssh/authfd.h | 35 +- crypto/openssh/authfile.c | 4 +- crypto/openssh/channels.c | 554 +- crypto/openssh/channels.h | 31 +- crypto/openssh/clientloop.c | 236 +- crypto/openssh/config.h | 36 +- crypto/openssh/configure.ac | 126 +- crypto/openssh/contrib/redhat/openssh.spec | 10 +- crypto/openssh/contrib/suse/openssh.spec | 2 +- crypto/openssh/defines.h | 39 +- crypto/openssh/digest-libc.c | 10 + crypto/openssh/dns.c | 4 +- crypto/openssh/gss-genr.c | 1 + crypto/openssh/hostfile.c | 22 +- crypto/openssh/includes.h | 1 - crypto/openssh/kex.c | 48 +- crypto/openssh/kex.h | 13 +- crypto/openssh/kexgen.c | 35 +- crypto/openssh/kexgexc.c | 24 +- crypto/openssh/kexgexs.c | 14 +- crypto/openssh/kexsntrup761x25519.c | 4 +- crypto/openssh/loginrec.c | 3 +- crypto/openssh/md5crypt.c | 165 - crypto/openssh/md5crypt.h | 22 - crypto/openssh/misc.c | 90 +- crypto/openssh/misc.h | 4 +- crypto/openssh/moduli | 831 +- crypto/openssh/monitor.c | 31 +- crypto/openssh/mux.c | 4 +- crypto/openssh/myproposal.h | 3 +- crypto/openssh/nchan.c | 10 +- crypto/openssh/openbsd-compat/arc4random.c | 8 +- crypto/openssh/openbsd-compat/base64.c | 1 - crypto/openssh/openbsd-compat/bcrypt_pbkdf.c | 41 +- crypto/openssh/openbsd-compat/bindresvport.c | 1 + crypto/openssh/openbsd-compat/blf.h | 7 +- crypto/openssh/openbsd-compat/blowfish.c | 7 +- crypto/openssh/openbsd-compat/bsd-closefrom.c | 8 +- crypto/openssh/openbsd-compat/bsd-cygwin_util.c | 4 +- crypto/openssh/openbsd-compat/bsd-getline.c | 2 +- crypto/openssh/openbsd-compat/bsd-openpty.c | 76 +- crypto/openssh/openbsd-compat/bsd-poll.c | 68 +- crypto/openssh/openbsd-compat/bsd-poll.h | 26 +- crypto/openssh/openbsd-compat/bsd-statvfs.c | 1 - crypto/openssh/openbsd-compat/dirname.c | 1 - crypto/openssh/openbsd-compat/fmt_scaled.c | 32 +- crypto/openssh/openbsd-compat/getcwd.c | 1 - crypto/openssh/openbsd-compat/inet_aton.c | 1 - crypto/openssh/openbsd-compat/inet_ntop.c | 1 - crypto/openssh/openbsd-compat/openbsd-compat.h | 4 +- crypto/openssh/openbsd-compat/port-solaris.c | 1 - crypto/openssh/openbsd-compat/xcrypt.c | 17 +- crypto/openssh/packet.c | 103 +- crypto/openssh/packet.h | 3 +- crypto/openssh/platform-tracing.c | 13 +- crypto/openssh/readconf.c | 27 +- crypto/openssh/readconf.h | 7 +- crypto/openssh/regress/Makefile | 14 +- crypto/openssh/regress/agent-getpeereid.sh | 3 + crypto/openssh/regress/agent-restrict.sh | 495 + crypto/openssh/regress/cert-hostkey.sh | 86 +- crypto/openssh/regress/cert-userkey.sh | 326 +- crypto/openssh/regress/cipher-speed.sh | 10 + crypto/openssh/regress/hostbased.sh | 66 + crypto/openssh/regress/hostkey-agent.sh | 84 +- crypto/openssh/regress/hostkey-rotate.sh | 17 +- crypto/openssh/regress/keys-command.sh | 6 +- crypto/openssh/regress/knownhosts.sh | 17 + crypto/openssh/regress/login-timeout.sh | 4 +- crypto/openssh/regress/misc/fuzz-harness/Makefile | 2 +- .../openssh/regress/misc/fuzz-harness/kex_fuzz.cc | 3 +- .../regress/misc/fuzz-harness/ssh-sk-null.cc | 3 +- crypto/openssh/regress/misc/sk-dummy/sk-dummy.c | 55 +- crypto/openssh/regress/percent.sh | 5 +- crypto/openssh/regress/principals-command.sh | 220 +- crypto/openssh/regress/sshd-log-wrapper.sh | 3 +- crypto/openssh/regress/sshsig.sh | 256 +- crypto/openssh/regress/test-exec.sh | 30 +- crypto/openssh/regress/unittests/authopt/tests.c | 3 +- crypto/openssh/regress/unittests/bitmap/tests.c | 3 +- .../openssh/regress/unittests/conversion/tests.c | 3 +- .../regress/unittests/hostkeys/test_iterate.c | 3 +- crypto/openssh/regress/unittests/kex/test_kex.c | 3 +- crypto/openssh/regress/unittests/match/tests.c | 3 +- crypto/openssh/regress/unittests/misc/test_argv.c | 3 +- .../openssh/regress/unittests/misc/test_convtime.c | 4 +- .../openssh/regress/unittests/misc/test_expand.c | 3 +- .../openssh/regress/unittests/misc/test_hpdelim.c | 82 + crypto/openssh/regress/unittests/misc/test_parse.c | 3 +- .../openssh/regress/unittests/misc/test_strdelim.c | 3 +- crypto/openssh/regress/unittests/misc/tests.c | 5 +- .../openssh/regress/unittests/sshbuf/test_sshbuf.c | 7 +- .../regress/unittests/sshbuf/test_sshbuf_fixed.c | 3 +- .../regress/unittests/sshbuf/test_sshbuf_fuzz.c | 5 +- .../unittests/sshbuf/test_sshbuf_getput_basic.c | 3 +- .../unittests/sshbuf/test_sshbuf_getput_crypto.c | 3 +- .../unittests/sshbuf/test_sshbuf_getput_fuzz.c | 5 +- .../regress/unittests/sshbuf/test_sshbuf_misc.c | 3 +- crypto/openssh/regress/unittests/sshkey/common.c | 3 +- .../openssh/regress/unittests/sshkey/test_file.c | 5 +- .../openssh/regress/unittests/sshkey/test_fuzz.c | 5 +- .../openssh/regress/unittests/sshkey/test_sshkey.c | 5 +- crypto/openssh/regress/unittests/sshsig/tests.c | 7 +- .../openssh/regress/unittests/sshsig/webauthn.html | 6 +- .../regress/unittests/test_helper/test_helper.c | 11 +- crypto/openssh/rijndael.h | 5 +- crypto/openssh/sandbox-capsicum.c | 1 - crypto/openssh/sandbox-seccomp-filter.c | 17 +- crypto/openssh/scp.1 | 4 +- crypto/openssh/scp.c | 85 +- crypto/openssh/servconf.c | 21 +- crypto/openssh/serverloop.c | 157 +- crypto/openssh/session.c | 5 +- crypto/openssh/sftp-client.c | 200 +- crypto/openssh/sftp-client.h | 4 +- crypto/openssh/sftp-server.c | 85 +- crypto/openssh/sftp.c | 1 - crypto/openssh/sk-api.h | 7 +- crypto/openssh/sk-usbhid.c | 225 +- crypto/openssh/sk_config.h | 2 + crypto/openssh/ssh-add.1 | 88 +- crypto/openssh/ssh-add.c | 218 +- crypto/openssh/ssh-agent.c | 716 +- crypto/openssh/ssh-keygen.1 | 37 +- crypto/openssh/ssh-keygen.c | 246 +- crypto/openssh/ssh-keyscan.c | 70 +- crypto/openssh/ssh-keysign.c | 42 +- crypto/openssh/ssh-pkcs11-client.c | 16 +- crypto/openssh/ssh-pkcs11-helper.c | 4 +- crypto/openssh/ssh-pkcs11.c | 35 +- crypto/openssh/ssh-sk-client.c | 98 +- crypto/openssh/ssh-sk-helper.c | 33 +- crypto/openssh/ssh-sk.c | 106 +- crypto/openssh/ssh-sk.h | 14 +- crypto/openssh/ssh.1 | 10 +- crypto/openssh/ssh.c | 20 +- crypto/openssh/ssh_config | 2 +- crypto/openssh/ssh_config.5 | 22 +- crypto/openssh/ssh_namespace.h | 40 +- crypto/openssh/sshbuf-misc.c | 39 +- crypto/openssh/sshbuf.h | 8 +- crypto/openssh/sshconnect.c | 4 +- crypto/openssh/sshconnect2.c | 79 +- crypto/openssh/sshd.c | 91 +- crypto/openssh/sshd_config | 2 +- crypto/openssh/sshd_config.5 | 8 +- crypto/openssh/sshkey.c | 31 +- crypto/openssh/sshkey.h | 6 +- crypto/openssh/sshsig.c | 284 +- crypto/openssh/sshsig.h | 6 +- crypto/openssh/umac.c | 4 +- crypto/openssh/umac.h | 4 +- crypto/openssh/version.h | 6 +- lib/libpam/modules/pam_ssh/pam_ssh.c | 2 +- secure/usr.sbin/sshd/Makefile | 2 +- 186 files changed, 13912 insertions(+), 12246 deletions(-) diff --git a/crypto/openssh/.depend b/crypto/openssh/.depend index a94a82d0e6f7..945a01dcc05d 100644 --- a/crypto/openssh/.depend +++ b/crypto/openssh/.depend @@ -13,7 +13,7 @@ auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-com auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h -auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h xmalloc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth.o: authfile.h monitor_wrap.h compat.h channels.h @@ -74,11 +74,10 @@ kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compa kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h -loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h +loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h misc.h logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h -md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h @@ -110,7 +109,7 @@ sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compa sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h -scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp-common.h sftp-client.h +scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey .h servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h @@ -127,8 +126,8 @@ sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h -ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h -ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h +ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h +ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h diff --git a/crypto/openssh/.github/configs b/crypto/openssh/.github/configs index 12578c067348..853da58a51e3 100755 --- a/crypto/openssh/.github/configs +++ b/crypto/openssh/.github/configs @@ -15,6 +15,8 @@ LTESTS="" SKIP_LTESTS="" SUDO=sudo # run with sudo by default TEST_SSH_UNSAFE_PERMISSIONS=1 +# Stop on first test failure to minimize logs +TEST_SSH_FAIL_FATAL=yes CONFIGFLAGS="" LIBCRYPTOFLAGS="" @@ -25,9 +27,29 @@ case "$config" in c89) CC="gcc" CFLAGS="-Wall -std=c89 -pedantic -Werror=vla" - CONFIGFLAGS="--without-openssl --without-zlib" + CONFIGFLAGS="--without-zlib" + LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; + cygwin-release) + CONFIGFLAGS="--with-libedit --with-xauth=/usr/bin/xauth --disable-strip --with-security-key-builtin" + ;; + clang-12-Werror) + CC="clang-12" + # clang's implicit-fallthrough requires that the code be annotated with + # __attribute__((fallthrough)) and does not understand /* FALLTHROUGH */ + CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough" + CONFIGFLAGS="--with-pam --with-Werror" + ;; + gcc-11-Werror) + CC="gcc" + # -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled + CFLAGS="-Wall -Wextra -Wno-format-truncation -O2 -Wimplicit-fallthrough=4" + CONFIGFLAGS="--with-pam --with-Werror" + ;; + clang*|gcc*) + CC="$config" + ;; kitchensink) CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" @@ -36,12 +58,21 @@ case "$config" in hardenedmalloc) CONFIGFLAGS="--with-ldflags=-lhardened_malloc" ;; - kerberos5) + tcmalloc) + CONFIGFLAGS="--with-ldflags=-ltcmalloc" + ;; + krb5|heimdal) CONFIGFLAGS="--with-kerberos5" ;; libedit) CONFIGFLAGS="--with-libedit" ;; + musl) + CC="musl-gcc" + CONFIGFLAGS="--without-zlib" + LIBCRYPTOFLAGS="--without-openssl" + TEST_TARGET="t-exec" + ;; pam-krb5) CONFIGFLAGS="--with-pam --with-kerberos5" SSHD_CONFOPTS="UsePam yes" @@ -76,9 +107,9 @@ case "$config" in # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed # by github so split into three separate tests. - tests2="rekey integrity" - tests3="krl forward-control sshsig" - tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment" + tests2="rekey integrity try-ciphers sftp" + tests3="krl forward-control sshsig agent-restrict kextype" + tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" case "$config" in valgrind-1) # All tests except agent-timeout (which is flaky under valgrind) @@ -122,22 +153,25 @@ case "${TARGET_HOST}" in SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace" ;; minix3) - CC="clang" - LIBCRYPTOFLAGS="--without-openssl" + LIBCRYPTOFLAGS="--without-openssl --disable-security-key" # Minix does not have a loopback interface so we have to skip any - # test that relies on it. + # test that relies on one. + # Also, Minix seems to be very limited in the number of select() + # calls that can be operating concurrently, so prune additional tests for that. + T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect + connect-uri exit-status forward-control forwarding hostkey-agent + key-options keyscan knownhosts-command login-timeout multiplex + reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds + sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data + transfer" + SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec - SKIP_LTESTS="addrmatch cfgparse key-options reexec agent connect" - SKIP_LTESTS="$SKIP_LTESTS keyscan rekey allow-deny-users connect-uri" - SKIP_LTESTS="$SKIP_LTESTS knownhosts-command sftp-uri brokenkeys" - SKIP_LTESTS="$SKIP_LTESTS exit-status login-timeout stderr-data" - SKIP_LTESTS="$SKIP_LTESTS cfgmatch forward-control multiplex transfer" - SKIP_LTESTS="$SKIP_LTESTS cfgmatchlisten forwarding reconfigure" SUDO="" ;; nbsd4) # System compiler will ICE on some files with fstack-protector - CONFIGFLAGS="${CONFIGFLAGS} --without-hardening" + # SHA256 functions in sha2.h conflict with OpenSSL's breaking sk-dummy + CONFIGFLAGS="${CONFIGFLAGS} --without-hardening --disable-security-key" ;; sol10|sol11) # sol10 VM is 32bit and the unit tests are slow. @@ -150,6 +184,15 @@ case "${TARGET_HOST}" in ;; esac +# Unless specified otherwise, build without OpenSSL on Mac OS since +# modern versions don't ship with libcrypto. +case "`./config.guess`" in +*-darwin*) + LIBCRYPTOFLAGS="--without-openssl" + TEST_TARGET=t-exec + ;; +esac + # If we have a local openssl/libressl, use that. if [ -z "${LIBCRYPTOFLAGS}" ]; then # last-match @@ -167,4 +210,5 @@ if [ -x "$(which plink 2>/dev/null)" ]; then export REGRESS_INTEROP_PUTTY fi -export CC CFLAGS LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS +export CC CFLAGS LTESTS SUDO +export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL diff --git a/crypto/openssh/.github/configure.sh b/crypto/openssh/.github/configure.sh index e098730f02d6..502bf5f0d407 100755 --- a/crypto/openssh/.github/configure.sh +++ b/crypto/openssh/.github/configure.sh @@ -2,5 +2,20 @@ . .github/configs $1 -set -x +printf "$ " + +if [ "x$CC" != "x" ]; then + printf "CC='$CC' " +fi +if [ "x$CFLAGS" != "x" ]; then + printf "CFLAGS='$CFLAGS' " +fi +if [ "x$CPPFLAGS" != "x" ]; then + printf "CPPFLAGS='$CPPFLAGS' " +fi +if [ "x$LDFLAGS" != "x" ]; then + printf "LDFLAGS='$LDFLAGS' " +fi + +echo ./configure ${CONFIGFLAGS} ./configure ${CONFIGFLAGS} diff --git a/crypto/openssh/.github/setup_ci.sh b/crypto/openssh/.github/setup_ci.sh index 107c049c4175..ca37f8c5512f 100755 --- a/crypto/openssh/.github/setup_ci.sh +++ b/crypto/openssh/.github/setup_ci.sh @@ -1,6 +1,8 @@ #!/bin/sh -case $(./config.guess) in + . .github/configs $@ + +case "`./config.guess`" in *-darwin*) brew install automake exit 0 @@ -20,23 +22,30 @@ set -ex lsb_release -a if [ "${TARGETS}" = "kitchensink" ]; then - TARGETS="kerberos5 libedit pam sk selinux" + TARGETS="krb5 libedit pam sk selinux" fi +for flag in $CONFIGFLAGS; do + case "$flag" in + --with-pam) PACKAGES="${PACKAGES} libpam0g-dev" ;; + --with-libedit) PACKAGES="${PACKAGES} libedit-dev" ;; + esac +done + for TARGET in $TARGETS; do case $TARGET in - default|without-openssl|without-zlib|c89) + default|without-openssl|without-zlib|c89|libedit|*pam) # nothing to do ;; - kerberos5) - PACKAGES="$PACKAGES heimdal-dev" - #PACKAGES="$PACKAGES libkrb5-dev" - ;; - libedit) - PACKAGES="$PACKAGES libedit-dev" + clang-*|gcc-*) + compiler=$(echo $TARGET | sed 's/-Werror//') + PACKAGES="$PACKAGES $compiler" ;; - *pam) - PACKAGES="$PACKAGES libpam0g-dev" + krb5) + PACKAGES="$PACKAGES libkrb5-dev" + ;; + heimdal) + PACKAGES="$PACKAGES heimdal-dev" ;; sk) INSTALL_FIDO_PPA="yes" @@ -47,7 +56,13 @@ for TARGET in $TARGETS; do ;; hardenedmalloc) INSTALL_HARDENED_MALLOC=yes - ;; + ;; + musl) + PACKAGES="$PACKAGES musl-tools" + ;; + tcmalloc) + PACKAGES="$PACKAGES libgoogle-perftools-dev" + ;; openssl-noec) INSTALL_OPENSSL=OpenSSL_1_1_1k SSLCONFOPTS="no-ec" @@ -93,7 +108,7 @@ if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then (cd ${HOME} && git clone https://github.com/GrapheneOS/hardened_malloc.git && cd ${HOME}/hardened_malloc && - make -j2 && sudo cp libhardened_malloc.so /usr/lib/) + make -j2 && sudo cp out/libhardened_malloc.so /usr/lib/) fi if [ ! -z "${INSTALL_OPENSSL}" ]; then diff --git a/crypto/openssh/.github/workflows/c-cpp.yml b/crypto/openssh/.github/workflows/c-cpp.yml index 152ddaa4fba6..5ee896308478 100644 --- a/crypto/openssh/.github/workflows/c-cpp.yml +++ b/crypto/openssh/.github/workflows/c-cpp.yml @@ -24,16 +24,28 @@ jobs: - { os: ubuntu-20.04, configs: valgrind-4 } - { os: ubuntu-20.04, configs: valgrind-unit } - { os: ubuntu-20.04, configs: c89 } + - { os: ubuntu-20.04, configs: clang-6.0 } + - { os: ubuntu-20.04, configs: clang-8 } + - { os: ubuntu-20.04, configs: clang-9 } + - { os: ubuntu-20.04, configs: clang-10 } + - { os: ubuntu-20.04, configs: clang-11 } + - { os: ubuntu-20.04, configs: clang-12-Werror } + - { os: ubuntu-20.04, configs: gcc-7 } + - { os: ubuntu-20.04, configs: gcc-8 } + - { os: ubuntu-20.04, configs: gcc-10 } + - { os: ubuntu-20.04, configs: gcc-11-Werror } - { os: ubuntu-20.04, configs: pam } - { os: ubuntu-20.04, configs: kitchensink } - { os: ubuntu-20.04, configs: hardenedmalloc } + - { os: ubuntu-20.04, configs: tcmalloc } + - { os: ubuntu-20.04, configs: musl } - { os: ubuntu-latest, configs: libressl-master } - { os: ubuntu-latest, configs: libressl-2.2.9 } - { os: ubuntu-latest, configs: libressl-2.8.3 } - { os: ubuntu-latest, configs: libressl-3.0.2 } - { os: ubuntu-latest, configs: libressl-3.2.6 } - { os: ubuntu-latest, configs: libressl-3.3.4 } - - { os: ubuntu-latest, configs: libressl-3.4.0 } + - { os: ubuntu-latest, configs: libressl-3.4.1 } - { os: ubuntu-latest, configs: openssl-master } - { os: ubuntu-latest, configs: openssl-noec } - { os: ubuntu-latest, configs: openssl-1.0.1 } @@ -46,7 +58,8 @@ jobs: - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch - { os: ubuntu-latest, configs: openssl-3.0 } # stable branch - { os: ubuntu-18.04, configs: pam } - - { os: ubuntu-18.04, configs: kerberos5 } + - { os: ubuntu-18.04, configs: krb5 } + - { os: ubuntu-18.04, configs: heimdal } - { os: ubuntu-18.04, configs: libedit } - { os: ubuntu-18.04, configs: sk } - { os: ubuntu-18.04, configs: selinux } @@ -63,6 +76,13 @@ jobs: run: autoreconf - name: configure run: ./.github/configure.sh ${{ matrix.configs }} + - name: save config + uses: actions/upload-artifact@v2 + with: + name: ${{ matrix.os }}-${{ matrix.configs }}-config + path: config.h + - name: make clean + run: make clean - name: make run: make -j2 - name: make tests diff --git a/crypto/openssh/.github/workflows/selfhosted.yml b/crypto/openssh/.github/workflows/selfhosted.yml index df6eca714fb5..09f7af939912 100644 --- a/crypto/openssh/.github/workflows/selfhosted.yml +++ b/crypto/openssh/.github/workflows/selfhosted.yml @@ -17,6 +17,7 @@ jobs: matrix: os: - ARM64 + - alpine - bbone - dfly30 - dfly48 @@ -26,7 +27,7 @@ jobs: - fbsd10 - fbsd12 - fbsd13 - - hurd + # - hurd - minix3 # - nbsd2 - nbsd3 @@ -35,8 +36,8 @@ jobs: - nbsd9 - obsd51 - obsd67 - - obsd68 - obsd69 + - obsd70 - obsdsnap - openindiana # - rocky84 @@ -64,6 +65,7 @@ jobs: - { os: sol11, configs: pam-krb5 } - { os: sol11, configs: sol64 } # - { os: sol11, configs: sol64-pam } + - { os: win10, configs: cygwin-release } steps: - uses: actions/checkout@v2 - name: autoreconf @@ -74,10 +76,18 @@ jobs: run: vmstartup - name: configure run: vmrun ./.github/configure.sh ${{ matrix.configs }} + - name: save config + uses: actions/upload-artifact@v2 + with: + name: ${{ matrix.os }}-${{ matrix.configs }}-config + path: config.h + - name: make clean + run: vmrun make clean - name: make run: vmrun make - name: make tests run: vmrun ./.github/run_test.sh ${{ matrix.configs }} + timeout-minutes: 300 - name: save logs if: failure() uses: actions/upload-artifact@v2 diff --git a/crypto/openssh/.github/workflows/upstream.yml b/crypto/openssh/.github/workflows/upstream.yml index f0493c12d7d5..b91083c65184 100644 --- a/crypto/openssh/.github/workflows/upstream.yml +++ b/crypto/openssh/.github/workflows/upstream.yml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ obsdsnap, obsdsnap-i386, obsd69, obsd68 ] + os: [ obsdsnap, obsdsnap-i386 ] configs: [ default, without-openssl ] steps: - uses: actions/checkout@v2 @@ -31,6 +31,7 @@ jobs: run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" - name: make tests run: vmrun "cd /usr/src/regress/usr.bin/ssh && make obj && make clean && if test '${{ matrix.configs }}' = 'without-openssl'; then make SUDO=sudo OPENSSL=no; else make SUDO=sudo; fi" + timeout-minutes: 300 - name: save logs if: failure() uses: actions/upload-artifact@v2 diff --git a/crypto/openssh/.skipped-commit-ids b/crypto/openssh/.skipped-commit-ids index 1de78172232a..c606eaee6c51 100644 --- a/crypto/openssh/.skipped-commit-ids +++ b/crypto/openssh/.skipped-commit-ids @@ -23,6 +23,7 @@ d9b910e412d139141b072a905e66714870c38ac0 Makefile.inc 07b5031e9f49f2b69ac5e85b8da4fc9e393992a0 Makefile.inc cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update +6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 makefile change Old upstream tree: diff --git a/crypto/openssh/ChangeLog b/crypto/openssh/ChangeLog index 9e660ec37ef3..c225b94dfd3e 100644 --- a/crypto/openssh/ChangeLog +++ b/crypto/openssh/ChangeLog @@ -1,13611 +1,11979 @@ -commit bf944e3794eff5413f2df1ef37cddf96918c6bde +commit 166456cedad3962b83b848b1e9caf80794831f0f Author: Damien Miller <djm@mindrot.org> -Date: Mon Sep 27 00:03:19 2021 +1000 +Date: Wed Feb 23 22:31:11 2022 +1100 - initgroups needs grp.h + makedepend -commit 8c5b5655149bd76ea21026d7fe73ab387dbc3bc7 +commit 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Sep 26 14:01:11 2021 +0000 +Date: Wed Feb 23 11:18:13 2022 +0000 - upstream: openssh-8.8 + upstream: avoid integer overflow of auth attempts (harmless, caught - OpenBSD-Commit-ID: 12357794602ac979eb7312a1fb190c453f492ec4 + by monitor) + + OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86 -commit f3cbe43e28fe71427d41cfe3a17125b972710455 +commit 6e0258c64c901753df695e06498b26f9f4812ea6 Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Sep 26 14:01:03 2021 +0000 +Date: Wed Feb 23 11:17:10 2022 +0000 - upstream: need initgroups() before setresgid(); reported by anton@, + upstream: randomise the password used in fakepw - ok deraadt@ + OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947 + +commit bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 11:15:57 2022 +0000 + + upstream: use asprintf to construct .rhosts paths - OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce + OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b -commit 8acaff41f7518be40774c626334157b1b1c5583c -Author: Damien Miller <djm@mindrot.org> -Date: Sun Sep 26 22:16:36 2021 +1000 +commit c07e154fbdc7285e9ec54e78d8a31f7325d43537 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 11:07:09 2022 +0000 - update version numbers for release + upstream: openssh-8.9 + + OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e -commit d39039ddc0010baa91c70a0fa0753a2699bbf435 -Author: kn@openbsd.org <kn@openbsd.org> -Date: Sat Sep 25 09:40:33 2021 +0000 +commit bc16667b4a1c3cad7029304853c143a32ae04bd4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 22 15:29:22 2022 +1100 - upstream: RSA/SHA-1 is not used by default anymore + Extend select+rlimit sanbox test to include poll. - OK dtucker deraadt djm + POSIX specifies that poll() shall fail if "nfds argument is greater + than {OPEN_MAX}". The setrlimit sandbox sets this to effectively zero + so this causes poll() to fail in the preauth privsep process. - OpenBSD-Commit-ID: 055c51a221c3f099dd75c95362f902da1b8678c6 + This is likely the underlying cause for the previously observed similar + behaviour of select() on plaforms where it is implement in userspace on + top of poll(). -commit 9b2ee74e3aa8c461eb5552a6ebf260449bb06f7e +commit 6520c488de95366be031d49287ed243620399e23 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Sep 24 11:08:03 2021 +1000 +Date: Tue Feb 22 13:08:59 2022 +1100 - Move the fgrep replacement to hostkey-rotate.sh. - - The fgrep replacement for buggy greps doesn't work in the sftp-glob test - so move it to just where we know it's needed. + Add Alpine Linux test VM. -commit f7039541570d4b66d76e6f574544db176d8d5c02 +commit a4b325a3fc82d11e0f5d61f62e7fde29415f7afb Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Sep 24 08:04:14 2021 +1000 +Date: Tue Feb 22 12:27:07 2022 +1100 - Replacement function for buggy fgrep. + Include sys/param.h if present. - GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will - occasionally fail to find ssh host keys in the hostkey-rotate test. - If we have those versions, use awk instead. + Needed for howmany() on MUSL systems such as Alpine. -commit f6a660e5bf28a01962af87568e118a2d2e79eaa0 -Author: David Manouchehri <david.manouchehri@riseup.net> -Date: Thu Sep 23 17:03:18 2021 -0400 +commit 5a102e9cb287a43bd7dfe594b775a89a8e94697c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 22 12:25:52 2022 +1100 - Don't prompt for yes/no questions. + Only include sys/poll.h if we don't have poll.h. + + Prevents warnings on MUSL based systems such as Alpine. -commit 7ed1a3117c09f8c3f1add35aad77d3ebe1b85b4d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Sep 20 06:53:56 2021 +0000 +commit 7c0d4ce911d5c58b6166b2db754a4e91f352adf5 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Feb 22 11:14:51 2022 +1100 - upstream: fix missing -s in SYNOPSYS and usage() as well as a + disable agent-restrict test on minix3 - capitalisation mistake; spotted by jmc@ + Minix seems to have a platform-wide limit on the number of + select(2) syscalls that can be concurrently issued. This test + seems to exceed this limit. - OpenBSD-Commit-ID: 0ed8ee085c7503c60578941d8b45f3a61d4c9710 + Refer to: + + https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114 + https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31 -commit 8c07170135dde82a26886b600a8bf6fb290b633d +commit 81d33d8e3cf7ea5ce3a5653c6102b623e019428a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 21 21:27:20 2022 +1100 + + Skip agent-getpeereid when running as root. + +commit fbd772570a25436a33924d91c164d2b24021f010 Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Mon Sep 20 04:02:13 2021 +0000 +Date: Sun Feb 20 03:47:26 2022 +0000 - upstream: Fix "Allocated port" debug message + upstream: Aproximate realpath on the expected output by deduping - for unix domain sockets. From peder.stray at gmail.com via github PR#272, - ok deraadt@ + leading slashes. Fixes test failure when user's home dir is / which is + possible in some portable configurations. - OpenBSD-Commit-ID: 8d5ef3fbdcdd29ebb0792b5022a4942db03f017e + OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63 -commit 277d3c6adfb128b4129db08e3d65195d94b55fe7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Sep 20 01:55:42 2021 +0000 +commit 336685d223a59f893faeedf0a562e053fd84058e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Feb 20 13:30:52 2022 +1100 - upstream: Switch scp back to use the old protocol by default, ahead of - - release. We'll wait a little longer for people to pick up sftp-server(8) that - supports the extension that scp needs for ~user paths to continue working in - SFTP protocol mode. Discussed with deraadt@ + Really move DSA to end of list. - OpenBSD-Commit-ID: f281f603a705fba317ff076e7b11bcf2df941871 + In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to + the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net. -commit ace19b34cc15bea3482be90450c1ed0cd0dd0669 +commit 63bf4f49ed2fdf2da6f97136c9df0c8168546eb3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 18 12:12:21 2022 +1100 + + Add test configs for MUSL C library. + +commit f7fc6a43f1173e8b2c38770bf6cee485a562d03b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 17 22:54:19 2022 +1100 + + minix needs BROKEN_POLL too; chokes on /dev/null + +commit 667fec5d4fe4406745750a32f69b5d2e1a75e94b Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Sep 18 02:03:25 2021 +0000 +Date: Thu Feb 17 10:58:27 2022 +0000 - upstream: better error message for ~user failures when the + upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught - sftp-server lacks the expand-path extension; ok deraadt@ + by dtucker's minix3 vm :) ok dtucker@ - OpenBSD-Commit-ID: 9c1d965d389411f7e86f0a445158bf09b8f9e4bc + OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361 -commit 6b1238ba971ee722a310d95037b498ede5539c03 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 16 15:22:22 2021 +0000 +commit 41417dbda9fb55a0af49a8236e3ef9d50d862644 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 17 22:05:29 2022 +1100 - upstream: make some more scp-in-SFTP mode better match Unix idioms - - suggested by deraadt@ + Comment hurd test, the VM is currently broken. + +commit b2aee35a1f0dc798339b3fcf96136da71b7e3f6d +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 17 21:15:16 2022 +1100 + + find sk-dummy.so when build_dir != src_dir - OpenBSD-Commit-ID: 0f2439404ed4cf0b0be8bf49a1ee734836e1ac87 + spotted by Corinna Vinschen; feedback & ok dtucker@ -commit e694f8ac4409931e67d08ac44ed251b20b10a957 +commit 62a2d4e50b2e89f2ef04576931895d5139a5d037 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Feb 16 16:26:17 2022 +1100 + + update versions in preparation for 8.9 release + +commit dd6d3dded721ac653ea73c017325e5bfeeec837f Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 16 15:11:19 2021 +0000 +Date: Tue Feb 15 05:13:36 2022 +0000 - upstream: allow log_stderr==2 to prefix log messages with argv[0] + upstream: document the unbound/host-bound options to - use this to make scp's SFTP mode error messages more scp-like + PubkeyAuthentication; spotted by HARUYAMA Seigo - prompted by and ok deraadt@ + OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981 + +commit df93529dd727fdf2fb290700cd4f1adb0c3c084b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 14 14:19:40 2022 +1100 + + Test if sshd accidentally acquires controlling tty - OpenBSD-Commit-ID: 0e821dbde423fc2280e47414bdc22aaa5b4e0733 + When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour + in the STREAMS code before activating the workaround. ok djm@ -commit 8a7a06ee505cb833e613f74a07392e9296286c30 +commit 766176cfdbfd7ec38bb6118dde6e4daa0df34888 Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Sep 17 13:03:31 2021 +1000 +Date: Sat Feb 12 10:24:56 2022 +1100 - Test against LibreSSL 3.2.6, 3.3.4, 3.4.0. + Add cygwin-release test config. + + This tests the flags used to build the cygwin release binaries. -commit c25c84074a47f700dd6534995b4af4b456927150 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Sep 16 05:36:03 2021 +0000 +commit b30698662b862f5397116d23688aac0764e0886e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 11 21:00:35 2022 +1100 - upstream: missing space character in ssh -G output broke the + Move SSHD_ACQUIRES_CTTY workaround into compat. - t-sshcfgparse regression test; spotted by anton@ + On some (most? all?) SysV based systems with STREAMS based ptys, + sshd could acquire a controlling terminal during pty setup when + it pushed the "ptem" module, due to what is probably a bug in + the STREAMS driver that's old enough to vote. Because it was the + privileged sshd's controlling terminal, it was not available for + the user's session, which ended up without one. This is known to + affect at least Solaris <=10, derivatives such as OpenIndiana and + several other SysV systems. See bz#245 for the backstory. - OpenBSD-Commit-ID: bcc36fae2f233caac4baa8e58482da4aa350eed0 + In the we past worked around that by not calling setsid in the + privileged sshd child, which meant it was not a session or process + group leader. This solved controlling terminal problem because sshd + was not eligble to acquire one, but had other side effects such as + not cleaning up helper subprocesses in the SIGALRM handler since it + was not PG leader. Recent cleanups in the signal handler uncovered + this, resulting in the LoginGraceTime timer not cleaning up privsep + unprivileged processes. + + This change moves the workaround into the STREAMS pty allocation code, + by allocating a sacrificial pty to act as sshd's controlling terminal + before allocating user ptys, so those are still available for users' + sessions. + + On the down side: + - this will waste a pty per ssh connection on affected platforms. + + On the up side: + - it makes the process group behaviour consistent between platforms. + *** 37455 LINES SKIPPED ***