diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:20:57 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 08:20:57 +0000 |
commit | d1667913ba37d7f61712e06dd6dd4919fe36a053 (patch) | |
tree | 3b79bcd5316ce3cc395ffa0275b54faded8b2b92 | |
parent | Releasing progress-linux version 1:9.6p1-5~progress7.99u1. (diff) | |
download | openssh-d1667913ba37d7f61712e06dd6dd4919fe36a053.tar.xz openssh-d1667913ba37d7f61712e06dd6dd4919fe36a053.zip |
Merging upstream version 1:9.7p1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
85 files changed, 2333 insertions, 2553 deletions
diff --git a/.github/configs b/.github/configs index df82faf..370fe29 100755 --- a/.github/configs +++ b/.github/configs @@ -164,6 +164,11 @@ case "$config" in libressl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath," ;; + putty-*) + CONFIGFLAGS="--with-plink=/usr/local/bin/plink --with-puttygen=/usr/local/bin/puttygen" + # We don't need to rerun the regular tests, just the interop ones. + TEST_TARGET=interop-tests + ;; openssl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," # OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec @@ -269,20 +274,22 @@ case "${TARGET_HOST}" in ;; minix3) CONFIGFLAGS="${CONFIGFLAGS} --disable-security-key" + # Unix domain sockets don't work quite like we expect, so also + # disable FD passing (and thus multiplexing). + CONFIGFLAGS="${CONFIGFLAGS} --disable-fd-passing" LIBCRYPTOFLAGS="--without-openssl" + # Minix does not have a loopback interface so we have to skip any # test that relies on one. # Also, Minix seems to be very limited in the number of select() # calls that can be operating concurrently, so prune additional tests for that. T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse - connect connect-uri exit-status forwarding hostkey-agent - key-options keyscan knownhosts-command login-timeout + connect connect-uri dynamic-forward exit-status forwarding + forward-control + hostkey-agent key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data transfer" - # Unix domain sockets don't work quite like we expect, so also skip any tests - # that use multiplexing. - T="$T connection-timeout dynamic-forward forward-control multiplex" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" @@ -320,6 +327,10 @@ case "$host" in # modern versions don't ship with libcrypto. LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec + + # On some OS X runners we can't write to /var/empty. + CONFIGFLAGS="${CONFIGFLAGS} --with-privsep-path=/usr/local/empty" + case "$host" in *-darwin22.*) # sudo -S nobody doesn't work on macos 13 for some reason. diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh index d0ba7b4..f0f2761 100755 --- a/.github/setup_ci.sh +++ b/.github/setup_ci.sh @@ -142,6 +142,10 @@ for TARGET in $TARGETS; do INSTALL_BORINGSSL=1 PACKAGES="${PACKAGES} cmake ninja-build" ;; + putty-*) + INSTALL_PUTTY=$(echo "${TARGET}" | cut -f2 -d-) + PACKAGES="${PACKAGES} cmake" + ;; valgrind*) PACKAGES="$PACKAGES valgrind" ;; @@ -241,3 +245,25 @@ if [ ! -z "${INSTALL_ZLIB}" ]; then cd ${HOME}/zlib && ./configure && make && sudo make install prefix=/opt/zlib) fi + +if [ ! -z "${INSTALL_PUTTY}" ]; then + ver="${INSTALL_PUTTY}" + case "${INSTALL_PUTTY}" in + snapshot) + tarball=putty.tar.gz + (cd /tmp && wget https://tartarus.org/~simon/putty-snapshots/${tarball}) + ;; + *) + tarball=putty-${ver}.tar.gz + (cd /tmp && wget https://the.earth.li/~sgtatham/putty/${ver}/${tarball}) + ;; + esac + (cd ${HOME} && tar xfz /tmp/${tarball} && cd putty-* + if [ -f CMakeLists.txt ]; then + cmake . && cmake --build . && sudo cmake --build . --target install + else + ./configure && make && sudo make install + fi + ) + /usr/local/bin/plink -V +fi diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml index 8f624d2..edb88f2 100644 --- a/.github/workflows/c-cpp.yml +++ b/.github/workflows/c-cpp.yml @@ -62,20 +62,32 @@ jobs: - { target: ubuntu-latest, config: libressl-3.5.3 } - { target: ubuntu-latest, config: libressl-3.6.1 } - { target: ubuntu-latest, config: libressl-3.7.2 } - - { target: ubuntu-latest, config: libressl-3.8.2 } + - { target: ubuntu-latest, config: libressl-3.8.3 } + - { target: ubuntu-latest, config: libressl-3.9.0 } - { target: ubuntu-latest, config: openssl-master } - { target: ubuntu-latest, config: openssl-noec } - { target: ubuntu-latest, config: openssl-1.1.1 } - { target: ubuntu-latest, config: openssl-1.1.1t } - { target: ubuntu-latest, config: openssl-1.1.1w } - { target: ubuntu-latest, config: openssl-3.0.0 } - - { target: ubuntu-latest, config: openssl-3.0.12 } + - { target: ubuntu-latest, config: openssl-3.0.13 } - { target: ubuntu-latest, config: openssl-3.1.0 } - - { target: ubuntu-latest, config: openssl-3.1.4 } - - { target: ubuntu-latest, config: openssl-3.2.0 } + - { target: ubuntu-latest, config: openssl-3.1.5 } + - { target: ubuntu-latest, config: openssl-3.2.1 } - { target: ubuntu-latest, config: openssl-1.1.1_stable } - { target: ubuntu-latest, config: openssl-3.0 } # stable branch - { target: ubuntu-latest, config: openssl-3.2 } # stable branch + - { target: ubuntu-latest, config: putty-0.71 } + - { target: ubuntu-latest, config: putty-0.72 } + - { target: ubuntu-latest, config: putty-0.73 } + - { target: ubuntu-latest, config: putty-0.74 } + - { target: ubuntu-latest, config: putty-0.75 } + - { target: ubuntu-latest, config: putty-0.76 } + - { target: ubuntu-latest, config: putty-0.77 } + - { target: ubuntu-latest, config: putty-0.78 } + - { target: ubuntu-latest, config: putty-0.79 } + - { target: ubuntu-latest, config: putty-0.80 } + - { target: ubuntu-latest, config: putty-snapshot } - { target: ubuntu-latest, config: zlib-develop } - { target: ubuntu-22.04, config: pam } - { target: ubuntu-22.04, config: krb5 } diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml index be0b4ff..4f1c587 100644 --- a/.github/workflows/selfhosted.yml +++ b/.github/workflows/selfhosted.yml @@ -73,6 +73,7 @@ jobs: - { target: fbsd14, config: pam, host: libvirt } - { target: nbsd8, config: pam, host: libvirt } - { target: nbsd9, config: pam, host: libvirt } + - { target: nbsd10, config: pam, host: libvirt } # VMs with persistent disks that have their own runner. - { target: win10, config: default, host: win10 } - { target: win10, config: cygwin-release, host: win10 } @@ -18,6 +18,8 @@ survey.sh **/*.so **/*.out **/*.a +**/*.un~ +**/.*.swp autom4te.cache/ scp sftp diff --git a/.skipped-commit-ids b/.skipped-commit-ids index 59e8051..0630395 100644 --- a/.skipped-commit-ids +++ b/.skipped-commit-ids @@ -1,3 +1,4 @@ +509bb19bb9762a4b3b589af98bac2e730541b6d4 clean sshd random relinking kit 5317f294d63a876bfc861e19773b1575f96f027d remove libssh from makefiles a337e886a49f96701ccbc4832bed086a68abfa85 Makefile changes f2c9feb26963615c4fece921906cf72e248b61ee more Makefile @@ -27,6 +28,7 @@ cc12a9029833d222043aecd252d654965c351a69 moduli-gen Makefile f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update 1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks +5a636f6ca7f25bfe775df4952f7aac90a7fcbbee moduli update Old upstream tree: @@ -1,3 +1,572 @@ +commit 86bdd3853f4d32c85e295e6216a2fe0953ad93f0 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 11 16:20:49 2024 +1100 + + version number in README + +commit 282721418e6465bc39ccfd39bb0133e670ee4423 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Mar 11 16:20:08 2024 +1100 + + crank RPM spec versions + +commit 3876a3bbd2ca84d23ba20f8b69ba83270c04ce3a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 11 04:59:47 2024 +0000 + + upstream: openssh-9.7 + + OpenBSD-Commit-ID: 618ececf58b8cdae016b149787af06240f7b0cbc + +commit 8fc109cc614954a8eb2738c48c0db36a62af9a06 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 11 12:59:26 2024 +1100 + + Test against current OpenSSL and LibreSSL releases. + + Add LibreSSL 3.9.0, bump older branches to their respective current + releases. + +commit 26b09b45fec7b88ba09042c09be4157e58e231e2 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Mar 10 16:24:57 2024 +1100 + + quote regexes used to test for algorithm support + + Fixes test failures on Solaris 8 reported by Tom G. Christensen + +commit a6a740a4948d10a622b505135bb485c10f21db5e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Mar 9 05:12:13 2024 +0000 + + upstream: avoid logging in signal handler by converting mainloop to + + ppoll() bz3670, reported by Ben Hamilton; ok dtucker@ + + OpenBSD-Commit-ID: e58f18042b86425405ca09e6e9d7dfa1df9f5f7f + +commit cd82f7526e0481720567ae41db7849ab1c27e27b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 8 22:16:32 2024 +0000 + + upstream: skip more whitespace, fixes find-principals on + + allowed_signers files with blank lines; reported by Wiktor Kwapisiewicz + + OpenBSD-Commit-ID: b3a22a2afd753d70766f34bc7f309c03706b5298 + +commit 2f9d2af5cb19905d87f37d1e11c9f035ac5daf3b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 8 11:34:10 2024 +0000 + + upstream: Invoke ProxyCommand that uses stderr redirection via + + $TEST_SHELL. Fixes test when run by a user whose login shell is tcsh. + Found by vinschen at redhat.com. + + OpenBSD-Regress-ID: f68d79e7f00caa8d216ebe00ee5f0adbb944062a + +commit 9b3f0beb4007a7e01dfedabb429097fb593deae6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 7 17:18:14 2024 +1100 + + Prefer openssl binary from --with-ssl-dir directory. + + Use openssl in the directory specified by --with-ssl-dir as long + as it's functional. Reported by The Doctor. + +commit c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 6 02:59:59 2024 +0000 + + upstream: fix memory leak in mux proxy mode when requesting forwarding. + + found by RASU JSC, reported by Maks Mishin in GHPR#467 + + OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + +commit 242742827fea4508e68097c128e802edc79addb5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 6 00:31:04 2024 +0000 + + upstream: wrap a few PKCS#11-specific bits in ENABLE_PKCS11 + + OpenBSD-Commit-ID: 463e4a69eef3426a43a2b922c4e7b2011885d923 + +commit d52b6509210e2043f33e5a1de58dd4a0d5d48c2a +Author: Damien Miller <djm@mindrot.org> +Date: Wed Mar 6 11:31:36 2024 +1100 + + disable RSA tests when algorithm is not supported + + Unbreaks "make test" when compiled --without-openssl. + + Similar treatment to how we do DSA and ECDSA. + +commit 668d270a6c77e8b5a1da26ecad2e6de9f62c8fe4 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Mar 6 10:33:20 2024 +1100 + + add a --without-retpoline configure option + + discussed with deraadt and dtucker a while ago + +commit 3deb501f86fc47e175ef6a3eaba9b9846a80d444 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 4 04:13:18 2024 +0000 + + upstream: fix leak of CanonicalizePermittedCNAMEs on error path; + + spotted by Coverity (CID 438039) + + OpenBSD-Commit-ID: 208839699939721f452a4418afc028a9f9d3d8af + +commit 65a44a8a4f7d902a64d4e60eda84384b2e2a24a2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 4 02:16:11 2024 +0000 + + upstream: Separate parsing of string array options from applying them + + to the active configuration. This fixes the config parser from erroneously + rejecting cases like: + + AuthenticationMethods password + Match User ivy + AuthenticationMethods any + + bz3657 ok markus@ + + OpenBSD-Commit-ID: 7f196cba634c2a3dba115f3fac3c4635a2199491 + +commit 6886e1b1f55c90942e4e6deed930f8ac32e0f938 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 22 17:59:35 2024 +1100 + + Add nbsd10 test target. + +commit d86bf8a3f6ea4fa7887406c2aa9959db71fa41be +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 22 12:06:10 2024 +1100 + + more descriptive configure test name + +commit 9ee335aacc9f5bdc4cc2c19fafb45e27be7d234e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:17:29 2024 +0000 + + upstream: explain arguments of internal-sftp GHPR#454 from Niklas + + Hambüchen + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: 0335d641ae6b5b6201b9ffd5dd06345ebbd0a3f3 + +commit d1164cb1001dd208fee88aaa9b43d5e6fd917274 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:06:43 2024 +0000 + + upstream: clarify permissions requirements for ChrootDirectory Part + + of GHPR#454 from Niklas Hambüchen + MIME-Version: 1.0 + Content-Type: text/plain; charset=UTF-8 + Content-Transfer-Encoding: 8bit + + OpenBSD-Commit-ID: d37bc8786317a11649c62ff5e2936441186ef7a0 + +commit d410e17d186552d0717f18217d0d049486754365 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:05:06 2024 +0000 + + upstream: .Cm for a keyword. Part of GHPR#454 from Niklas Hambüchen + + OpenBSD-Commit-ID: d59c52559f926fa82859035d79749fbb4a3ce18a + +commit ab73f9678ebf06b32d6361b88b50b42775e0565b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 06:01:13 2024 +0000 + + upstream: fix typo in match directive predicate (s/tagged/tag) GHPR#462 + + from Tobias Manske + + OpenBSD-Commit-ID: 05b23b772677d48aa82eefd7ebebd369ae758908 + +commit 9844aa2521ccfb1a2d73745680327b79e0574445 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 21 05:57:34 2024 +0000 + + upstream: fix proxy multiplexing mode, broken when keystroke timing + + obfuscation was added. GHPR#463 from montag451 + + OpenBSD-Commit-ID: 4e412d59b3f557d431f1d81c715a3bc0491cc677 + +commit ee6d932acb532f80b11bb7cf161668c70ec8a117 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 20 04:10:03 2024 +0000 + + upstream: don't append a gratuitous space to the end of subsystem + + arguments; bz3667 + + OpenBSD-Commit-ID: e11023aeb3f30b77a674e37b8292c862926d5dc6 + +commit e27f032aa8fcbae9b2e7c451baaf4b8ac6fa3d45 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Feb 19 09:25:52 2024 +0000 + + upstream: Always define puttysetup function. + + OpenBSD-Regress-ID: b4c0ccfa4006a1bc5dfd99ccf21c854d3ce2aee0 + +commit 84046f9991abef5f46b040b10cf3d494f933a17b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 9 08:56:59 2024 +0000 + + upstream: Exapnd PuTTY test coverage. + + Expand the set of ciphers, MACs and KEX methods in the PuTTY interop + tests. + + OpenBSD-Regress-ID: dd28d97d48efe7329a396d0d505ee2907bf7fc57 + +commit bbf541ee2afe07b08a8b56fa0dc6f38fcfceef2a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 9 08:47:42 2024 +0000 + + upstream: Factor out PuTTY setup. + + Factor out PuTTY and call only when needed. + + This allows us to avoid PuTTY key setup when it's not needed, which + speeds up the overall test run by a couple of percent. + + OpenBSD-Regress-ID: c25eaccc3c91bc874400f7c85ce40e9032358c1c + +commit d31c21c57fb4245271680a1e5043cf6470a96766 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sat Feb 10 11:28:52 2024 +0000 + + upstream: clean sshd random relinking kit; ok miod@ + + OpenBSD-Commit-ID: 509bb19bb9762a4b3b589af98bac2e730541b6d4 + +commit 4dbc5a363ff53a2fcecf6bc3bcc038badc12f118 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 2 00:13:34 2024 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: b24680bc755b621ea801ff8edf6f0f02b68edae1 + +commit efde85dda2130272af24cc346f6c3cd326182ff1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 19 17:29:31 2024 +1100 + + Improve error message for OpenSSL header check. + + bz#3668, ok djm@ + +commit cbbdf868bce431a59e2fa36ca244d5739429408d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 7 13:45:02 2024 +1100 + + Interop test against PuTTY snapshot and releases. + +commit 91898bf786b0f149f962c4c96c08a46f29888c10 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 6 16:21:05 2024 +1100 + + Put privsep dir on OS X on /usr/local. + + On some runners we can't create /var/empty, so put it some place we can + write. Should fix test breakage on Max OS X 11. + +commit be5ed8ebed8388c5056bfde4688308cc873c18b9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 6 11:19:42 2024 +1100 + + Add --disable-fd-passing option. + + .. and enable for the minix3 test VM. This will cause it to more reliably + skip tests that need FD passing and should fix the current test breakage. + +commit 0f6a8a0d0a518fd78c4cbebfdac990a57a1c4e41 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 6 11:18:44 2024 +1100 + + Use "skip" function instead doing it ourselves. + +commit 3ad669f81aabbd2ba9fbd472903f680f598e1e99 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 1 14:01:18 2024 +1100 + + ignore some vim droppings + +commit c283f29d23611a06bbee06bcf458f2fffad721d9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 1 02:37:33 2024 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: bf9e4a1049562ee4322684fbdce07142f04fdbb7 + +commit 0d96b1506b2f4757fefa5d1f884d49e96a6fd4c3 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jan 16 14:40:18 2024 +1100 + + skip tests that use multiplexing on Windows + + Some tests here use multiplexing, skip these if DISABLE_FD_PASSING + is set. Should unbreak tests on Windows. + +commit 50080fa42f5f744b798ee29400c0710f1b59f50e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 11 04:50:28 2024 +0000 + + upstream: don't disable RSA test when DSA is disabled; bug introduced + + in last commit + + OpenBSD-Regress-ID: 8780a7250bf742b33010e9336359a1c516f2d7b5 + +commit 415c94ce17288e0cdcb9e58cc91fba78d33c8457 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 11 01:45:58 2024 +0000 + + upstream: make DSA testing optional, defaulting to on + + ok markus + + OpenBSD-Regress-ID: dfc27b5574e3f19dc4043395594cea5f90b8572a + +commit f9311e8921d92c5efca767227a497ab63280ac39 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 11 01:51:16 2024 +0000 + + upstream: ensure key_fd is filled when DSA is disabled; spotted by + + tb@ + + OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7 + +commit 4e838120a759d187b036036610402cbda33f3203 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 11 01:45:36 2024 +0000 + + upstream: make DSA key support compile-time optional, defaulting to + + on + + ok markus@ + + OpenBSD-Commit-ID: 4f8e98fc1fd6de399d0921d5b31b3127a03f581d + +commit afcc9028bfc411bc26d20bba803b83f90cb84e26 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Jan 10 06:33:13 2024 +0000 + + upstream: fix incorrect capitalisation; + + OpenBSD-Commit-ID: cb07eb06e15fa2334660ac73e98f29b6a1931984 + +commit 9707c8170c0c1baeb1e06e5a53f604498193885f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 9 22:19:36 2024 +0000 + + upstream: extend ChannelTimeout regression test to exercise multiplexed + + connections and the new "global" timeout type. ok dtucker@ + + OpenBSD-Regress-ID: f10d19f697024e9941acad7c2057f73d6eacb8a2 + +commit b31b12d28de96e1d43581d32f34da8db27e11c03 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 9 22:19:00 2024 +0000 + + upstream: add a "global" ChannelTimeout type to ssh(1) and sshd(8) + + that watches all open channels and will close all open channels if there is + no traffic on any of them for the specified interval. This is in addition to + the existing per-channel timeouts added a few releases ago. + + This supports use-cases like having a session + x11 forwarding channel + open where one may be idle for an extended period but the other is + actively used. The global timeout would allow closing both channels when + both have been idle for too long. + + ok dtucker@ + + OpenBSD-Commit-ID: 0054157d24d2eaa5dc1a9a9859afefc13d1d7eb3 + +commit 602f4beeeda5bb0eca181f8753d923a2997d0a51 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 9 21:39:14 2024 +0000 + + upstream: adapt ssh_api.c code for kex-strict + + from markus@ ok me + + OpenBSD-Commit-ID: 4d9f256852af2a5b882b12cae9447f8f00f933ac + +commit 42ba34aba8708cf96583ff52975d95a8b47d990d +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jan 8 16:26:37 2024 +1100 + + nite that recent OSX tun/tap is unsupported + +commit 690bc125f9a3b20e47745fa8f5b5e1fd5820247f +Author: Sevan Janiyan <venture37@geeklan.co.uk> +Date: Wed Dec 27 04:57:49 2023 +0000 + + README.platform: update tuntap url + +commit 6b8be2ccd7dd091808f86af52066b0c2ec30483a +Author: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Tue Dec 19 11:48:20 2023 -0500 + + Fix compilation error in ssh-pcks11-client.c + + Compilation fails becaus of an undefined reference to helper_by_ec, + because we forgot the preprocessor conditional that excludes that function + from being called in unsupported configurations. + +commit 219c8134157744886ee6ac5b8c1650abcd981f4c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 8 05:11:18 2024 +0000 + + upstream: Remove outdated note from PROTOCOL.mux + + Port forward close by control master is already implemented + by `mux_master_process_close_fwd` in `mux.c` + + GHPR442 from bigb4ng + + OpenBSD-Commit-ID: ad0734fe5916d2dc7dd02b588906cea4df0482fb + +commit 4c3cf362631ccc4ffd422e572f075d5d594feace +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 8 05:05:15 2024 +0000 + + upstream: fix missing field in users-groups-by-id@openssh.com reply + + documentation + + GHPR441 from TJ Saunders + + OpenBSD-Commit-ID: ff5733ff6ef4cd24e0758ebeed557aa91184c674 + +commit f64cede2a3c298b50a2659a8b53eb3ab2c0b8d23 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 8 04:10:03 2024 +0000 + + upstream: make kex-strict section more explicit about its intent: + + banning all messages not strictly required in KEX + + OpenBSD-Commit-ID: fc33a2d7f3b7013a7fb7500bdbaa8254ebc88116 + +commit 698fe6fd61cbcb8e3e0e874a561d4335a49fbde5 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jan 8 14:46:19 2024 +1100 + + update fuzzer example makefile to clang16 + +commit fc332cb2d602c60983a8ec9f89412754ace06425 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jan 8 14:45:49 2024 +1100 + + unbreak fuzzers - missing pkcs11_make_cert() + + provide stub for use in fuzzer harness + +commit 9ea0a4524ae3276546248a926b6641b2fbc8421b +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jan 8 14:45:14 2024 +1100 + + unbreak fuzzers for clang16 + + getopt() needs a throw() attribute to compile, so supply one when compiling + things with C++ + +commit a72833d00788ef91100c643536ac08ada46440e1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 8 00:34:33 2024 +0000 + + upstream: remove ext-info-* in the kex.c code, not in callers; + + with/ok markus@ + + OpenBSD-Commit-ID: c06fe2d3a0605c517ff7d65e38ec7b2d1b0b2799 + +commit 86f9e96d9bcfd1f5cd4bf8fb57a9b4c242df67df +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 8 00:30:39 2024 +0000 + + upstream: fix typo; spotted by Albert Chin + + OpenBSD-Commit-ID: 77140b520a43375b886e535eb8bd842a268f9368 + +commit f0cbd26ec91bd49719fb3eea7ca44d2380318b9a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 4 09:51:49 2024 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: 5a636f6ca7f25bfe775df4952f7aac90a7fcbbee + +commit 64ddf776531ca4933832beecc8b7ebe1b937e081 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Wed Dec 20 00:06:25 2023 +0000 + + upstream: spelling; ok markus@ + + OpenBSD-Commit-ID: 9d01f2e9d59a999d5d42fc3b3efcf8dfb892e31b + +commit 503fbe9ea238a4637e8778208bde8c09bcf78475 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Dec 19 06:57:34 2023 +0000 + + upstream: sort -C, and add to usage(); ok djm + + OpenBSD-Commit-ID: 80141b2a5d60c8593e3c65ca3c53c431262c812f + +commit 5413b1c7ff5a19c6a7d44bd98c5a83eb47819ba6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 19 06:41:14 2023 +0000 + + upstream: correct section numbers; from Ed Maste + + OpenBSD-Commit-ID: e289576ee5651528404cb2fb68945556052cf83f + +commit 430ef864645cff83a4022f5b050174c840e275da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 15:58:56 2023 +0000 + + upstream: match flag type (s/int/u_int) + + OpenBSD-Commit-ID: 9422289747c35ccb7b31d0e1888ccd5e74ad566a + +commit 1036d77b34a5fa15e56f516b81b9928006848cbd +Author: Damien Miller <djm@mindrot.org> +Date: Fri Dec 22 17:56:26 2023 +1100 + + better detection of broken -fzero-call-used-regs + + gcc 13.2.0 on ppc64le refuses to compile some function, including + cipher.c:compression_alg_list() with an error: + + > sorry, unimplemented: argument ‘used’ is not supportedcw + > for ‘-fzero-call-used-regs’ on this target + + This extends the autoconf will-it-work test with a similarly- + structured function that seems to catch this. + + Spotted/tested by Colin Watson; bz3645 + commit 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 Author: Damien Miller <djm@mindrot.org> Date: Tue Dec 19 01:59:50 2023 +1100 @@ -7729,1777 +8298,3 @@ Date: Sun Mar 13 23:27:54 2022 +0000 ok dtucker@ millert@ OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a - -commit 2893c5e764557f48f9d6a929e224ed49c59545db -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Mar 11 18:43:58 2022 +1100 - - Resync fmt_scaled. with OpenBSD. - - Fixes underflow reported in bz#3401. - -commit 5ae31a0fdd27855af29f48ff027491629fff5979 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Mar 9 09:41:56 2022 +1100 - - Provide killpg implementation. - - Based on github PR#301 for Tandem NonStop. - -commit c41c84b439f4cd74d4fe44298a4b4037ddd7d2ae -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Mar 9 09:29:30 2022 +1100 - - Check for missing ftruncate prototype. - - From github PR#301 in conjunction with rsbeckerca. - -commit 8cf5275452a950869cb90eeac7d220b01f77b12e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Mar 8 20:04:06 2022 +1100 - - Default to not using sandbox when cross compiling. - - On most systems poll(2) does not work when the number of FDs is reduced - with setrlimit, so assume it doesn't when cross compiling and we can't - run the test. bz#3398. - -commit 379b30120da53d7c84aa8299c26b18c51c2a0dac -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Mar 1 01:59:19 2022 +0000 - - upstream: pack pollfd array before server_accept_loop() ppoll() - - call, and terminate sshd if ppoll() returns errno==EINVAL - - avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by - Daniel Micay - - feedback/ok deraadt - - OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 - -commit eceafbe0bdbbd9bd2f3cf024ccb350666a9934dd -Author: naddy@openbsd.org <naddy@openbsd.org> -Date: Sun Feb 27 01:33:59 2022 +0000 - - upstream: include rejected signature algorithm in error message and - - not the (useless) key type; ok djm@ - - OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff - -commit f2f3269423618a83157e18902385e720f9776007 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 25 09:46:24 2022 +0000 - - upstream: Remove the char * casts from arguments to do_lstat, - - do_readdir and do_stat paths since the underlying functions now take a const - char *. Patch from vapier at gentoo.org. - - OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b - -commit 4a66dac052c5ff5047161853f36904607649e4f9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Feb 25 02:09:27 2022 +0000 - - upstream: save an unneccessary alloc/free, based on patch from - - Martin Vahlensieck; ok dtucker@ - - OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f - -commit 6f117cb151efe138ac57bdd8e26165f350328f5f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Mar 1 09:02:06 2022 +1100 - - Remove unused ivbits argument from chacha_keysetup - -commit 15974235dd528aeab0ec67fb92a0a1d733f62be2 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Mar 1 09:00:20 2022 +1100 - - Add OPENBSD ORIGINAL marker. - -commit f2ff669347d320532e7c1b63cdf5c62f46e73150 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 28 22:21:36 2022 +1100 - - No unused param warnings for clang-12 and gcc-11. - - These have too many false positives in -Werror tests on the github CI - since we often provide empty stub functions for functionality not needed - for particular configurations. - -commit 96558ecd87adac62efa9a2b5479f686ab86b0be1 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 26 14:10:41 2022 +1100 - - Add debian-i386 test target. - -commit 284b6e5394652d519e31782e3b3cdfd7b21d1a81 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 26 14:06:14 2022 +1100 - - Allow ppoll_time64 in seccomp sandbox. - - Should fix sandbox violations on (some? at least i386 and armhf) 32bit - Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at - debian.org via bz#3396. - -commit 0132056efabc5edb85c3c7105d2fb6dee41843c6 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 25 19:47:48 2022 +1100 - - Improve handling of _getshort and _getlong. - - If the system native ones are exactly as required then use them, - otherwise use the local versions mapped to another name to prevent - name collisions. - -commit 8e206e0dd6b9f757b07979e48f53ad5bf9b7b52b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 25 15:14:22 2022 +1100 - - Constify utimes in compat library to match specs. - - Patch from vapier at chromium.org. - -commit 1b2920e3b63db2eddebeec7330ffe8b723055573 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 25 13:50:56 2022 +1100 - - ANSIfy getshort and getlong. - - These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c - which made this change in 2005. - -commit 54a86f4f6e1c43a2ca2be23ef799ab8910d4af70 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 25 13:23:04 2022 +1100 - - Use PICFLAG instead of hard coding -fPIC. - -commit 3016ba47035ac3561aabd48e2be70167fe157d6a -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 25 11:37:11 2022 +1100 - - Add tests for latest releases of {Libre,Open}SSL. - -commit f107467179428a0e3ea9e4aa9738ac12ff02822d -Author: Colin Watson <cjwatson@debian.org> -Date: Thu Feb 24 16:04:18 2022 +0000 - - Improve detection of -fzero-call-used-regs=all support - - GCC doesn't tell us whether this option is supported unless it runs into - the situation where it would need to emit corresponding code. - -commit 3383b2cac0e9275bc93c4b4760e6e048f537e1d6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 23 21:21:49 2022 +0000 - - upstream: free(3) wants stdlib.h - - OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a - -commit a4537e79ab4ac6db4493c5158744b9ebde5efcb0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 23 21:21:16 2022 +0000 - - upstream: put back the scp manpage changes for SFTP mode too - - OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768 - -commit 449bcb8403adfb9724805d02a51aea76046de185 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Wed Feb 23 19:01:00 2022 +0000 - - upstream: and we go back to testing sftp-scp after the 8.9 - - release... - - OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c - -commit 166456cedad3962b83b848b1e9caf80794831f0f -Author: Damien Miller <djm@mindrot.org> -Date: Wed Feb 23 22:31:11 2022 +1100 - - makedepend - -commit 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 23 11:18:13 2022 +0000 - - upstream: avoid integer overflow of auth attempts (harmless, caught - - by monitor) - - OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86 - -commit 6e0258c64c901753df695e06498b26f9f4812ea6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 23 11:17:10 2022 +0000 - - upstream: randomise the password used in fakepw - - OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947 - -commit bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 23 11:15:57 2022 +0000 - - upstream: use asprintf to construct .rhosts paths - - OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b - -commit c07e154fbdc7285e9ec54e78d8a31f7325d43537 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Feb 23 11:07:09 2022 +0000 - - upstream: openssh-8.9 - - OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e - -commit bc16667b4a1c3cad7029304853c143a32ae04bd4 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 22 15:29:22 2022 +1100 - - Extend select+rlimit sanbox test to include poll. - - POSIX specifies that poll() shall fail if "nfds argument is greater - than {OPEN_MAX}". The setrlimit sandbox sets this to effectively zero - so this causes poll() to fail in the preauth privsep process. - - This is likely the underlying cause for the previously observed similar - behaviour of select() on plaforms where it is implement in userspace on - top of poll(). - -commit 6520c488de95366be031d49287ed243620399e23 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 22 13:08:59 2022 +1100 - - Add Alpine Linux test VM. - -commit a4b325a3fc82d11e0f5d61f62e7fde29415f7afb -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 22 12:27:07 2022 +1100 - - Include sys/param.h if present. - - Needed for howmany() on MUSL systems such as Alpine. - -commit 5a102e9cb287a43bd7dfe594b775a89a8e94697c -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Feb 22 12:25:52 2022 +1100 - - Only include sys/poll.h if we don't have poll.h. - - Prevents warnings on MUSL based systems such as Alpine. - -commit 7c0d4ce911d5c58b6166b2db754a4e91f352adf5 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Feb 22 11:14:51 2022 +1100 - - disable agent-restrict test on minix3 - - Minix seems to have a platform-wide limit on the number of - select(2) syscalls that can be concurrently issued. This test - seems to exceed this limit. - - Refer to: - - https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114 - https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31 - -commit 81d33d8e3cf7ea5ce3a5653c6102b623e019428a -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 21 21:27:20 2022 +1100 - - Skip agent-getpeereid when running as root. - -commit fbd772570a25436a33924d91c164d2b24021f010 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Feb 20 03:47:26 2022 +0000 - - upstream: Aproximate realpath on the expected output by deduping - - leading slashes. Fixes test failure when user's home dir is / which is - possible in some portable configurations. - - OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63 - -commit 336685d223a59f893faeedf0a562e053fd84058e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Feb 20 13:30:52 2022 +1100 - - Really move DSA to end of list. - - In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to - the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net. - -commit 63bf4f49ed2fdf2da6f97136c9df0c8168546eb3 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 18 12:12:21 2022 +1100 - - Add test configs for MUSL C library. - -commit f7fc6a43f1173e8b2c38770bf6cee485a562d03b -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 17 22:54:19 2022 +1100 - - minix needs BROKEN_POLL too; chokes on /dev/null - -commit 667fec5d4fe4406745750a32f69b5d2e1a75e94b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 17 10:58:27 2022 +0000 - - upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught - - by dtucker's minix3 vm :) ok dtucker@ - - OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361 - -commit 41417dbda9fb55a0af49a8236e3ef9d50d862644 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 17 22:05:29 2022 +1100 - - Comment hurd test, the VM is currently broken. - -commit b2aee35a1f0dc798339b3fcf96136da71b7e3f6d -Author: Damien Miller <djm@mindrot.org> -Date: Thu Feb 17 21:15:16 2022 +1100 - - find sk-dummy.so when build_dir != src_dir - - spotted by Corinna Vinschen; feedback & ok dtucker@ - -commit 62a2d4e50b2e89f2ef04576931895d5139a5d037 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Feb 16 16:26:17 2022 +1100 - - update versions in preparation for 8.9 release - -commit dd6d3dded721ac653ea73c017325e5bfeeec837f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 15 05:13:36 2022 +0000 - - upstream: document the unbound/host-bound options to - - PubkeyAuthentication; spotted by HARUYAMA Seigo - - OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981 - -commit df93529dd727fdf2fb290700cd4f1adb0c3c084b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Feb 14 14:19:40 2022 +1100 - - Test if sshd accidentally acquires controlling tty - - When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour - in the STREAMS code before activating the workaround. ok djm@ - -commit 766176cfdbfd7ec38bb6118dde6e4daa0df34888 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Feb 12 10:24:56 2022 +1100 - - Add cygwin-release test config. - - This tests the flags used to build the cygwin release binaries. - -commit b30698662b862f5397116d23688aac0764e0886e -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 11 21:00:35 2022 +1100 - - Move SSHD_ACQUIRES_CTTY workaround into compat. - - On some (most? all?) SysV based systems with STREAMS based ptys, - sshd could acquire a controlling terminal during pty setup when - it pushed the "ptem" module, due to what is probably a bug in - the STREAMS driver that's old enough to vote. Because it was the - privileged sshd's controlling terminal, it was not available for - the user's session, which ended up without one. This is known to - affect at least Solaris <=10, derivatives such as OpenIndiana and - several other SysV systems. See bz#245 for the backstory. - - In the we past worked around that by not calling setsid in the - privileged sshd child, which meant it was not a session or process - group leader. This solved controlling terminal problem because sshd - was not eligble to acquire one, but had other side effects such as - not cleaning up helper subprocesses in the SIGALRM handler since it - was not PG leader. Recent cleanups in the signal handler uncovered - this, resulting in the LoginGraceTime timer not cleaning up privsep - unprivileged processes. - - This change moves the workaround into the STREAMS pty allocation code, - by allocating a sacrificial pty to act as sshd's controlling terminal - before allocating user ptys, so those are still available for users' - sessions. - - On the down side: - - this will waste a pty per ssh connection on affected platforms. - - On the up side: - - it makes the process group behaviour consistent between platforms. - - - it puts the workaround nearest the code that actually causes the - problem and competely out of the mainline code. - - - the workaround is only activated if you use the STREAMS code. If, - say, Solaris 11 has the bug but also a working openpty() it doesn't - matter that we defined SSHD_ACQUIRES_CTTY. - - - the workaround is only activated when the fist pty is allocated, - ie in the post-auth privsep monitor. This means there's no risk - of fd leaks to the unprivileged processes, and there's no effect on - sessions that do not allocate a pty. - - Based on analysis and work by djm@, ok djm@ - -commit cd00b48cf10f3565936a418c1e6d7e48b5c36140 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 11 20:09:32 2022 +1100 - - Simplify handling of --with-ssl-dir. - - ok djm@ - -commit ea13fc830fc0e0dce2459f1fab2ec5099f73bdf0 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 11 13:39:29 2022 +1100 - - Stop testing OpenBSD HEAD on 6.9 and 7.0. - - HEAD is not guaranteed to work on previous stable branches, and at the - moment is broken due to libfido API changes. - -commit 50b9e4a4514697ffb9592200e722de6b427cb9ff -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 11 00:43:56 2022 +0000 - - upstream: Always initialize delim before passing to hpdelim2 which - - might not set it. Found by the Valgrind tests on github, ok deraadt@ - - OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d - -commit 6ee53064f476cf163acd5521da45b11b7c57321b -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Feb 11 10:03:06 2022 +1100 - - Fix helper include path and remove excess code. - - Looks like test_hpdelim.c was imported twice into the same file. - Spotted by kevin.brott at gmail com and chris at cataclysmal org. - -commit 9fa63a19f68bc87452d3cf5c577cafad2921b7a4 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 10 23:27:02 2022 +1100 - - Put poll.h inside ifdef. - -commit 3ac00dfeb54b252c15dcbf1971582e9e3b946de6 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Feb 10 22:17:31 2022 +1100 - - We now support POLLPRI so actually define it. - -commit 25bd659cc72268f2858c5415740c442ee950049f -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sun Feb 6 22:58:33 2022 +0000 - - upstream: Add test for empty hostname with port. - - OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3 - -commit a29af853cff41c0635f0378c00fe91bf9c91dea4 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 4 07:53:44 2022 +0000 - - upstream: Add unit tests for hpdelim. - - OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018 - -commit 9699151b039ecc5fad9ac6c6c02e9afdbd26f15f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Feb 10 04:12:38 2022 +0000 - - upstream: revert for imminent OpenSSH release, which wil ship with - - scp in RCP mode. - - > revision 1.106 - > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; - > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP - > protocol for copying. Let's get back to testing the SFTP protocol. - - This will be put back once the OpenSSH release is done. - - OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768 - -commit 45279abceb37c3cbfac8ba36dde8b2c8cdd63d32 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Feb 8 08:59:12 2022 +0000 - - upstream: Switch hpdelim interface to accept only ":" as delimiter. - - Historicallly, hpdelim accepted ":" or "/" as a port delimiter between - hosts (or addresses) and ports. These days most of the uses for "/" - are no longer accepted, so there are several places where it checks the - delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 - in the other cases. ok djm@ - - OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102 - -commit a1bcbf04a7c2d81944141db7ecd0ba292d175a66 -Author: pedro martelletto <pedro@yubico.com> -Date: Mon Feb 7 09:09:59 2022 +0100 - - fix typos in previous - -commit 56192518e329b39f063487bc2dc4d796f791eca0 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Feb 7 12:53:47 2022 +1100 - - compat code for fido_assert_set_clientdata() - -commit d6b5aa08fdcf9b527f8b8f932432941d5b76b7ab -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Feb 7 01:25:12 2022 +0000 - - upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead - - of manually hashing data outselves. Saves a fair bit of code and makes life - easier for some -portable platforms. - - OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0 - -commit 86cc93fd3c26b2e0c7663c6394995fb04ebfbf3b -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Sun Feb 6 00:29:03 2022 +0000 - - upstream: remove please from manual pages ok jmc@ sthen@ millert@ - - OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa - -commit ad16a84e64a8cf1c69c63de3fb9008320a37009c -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Feb 4 02:49:17 2022 +0000 - - upstream: Since they are deprecated, move DSA to the end of the - - default list of public keys so that they will be tried last. From github - PR#295 from "ProBackup-nl", ok djm@ - - OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0 - -commit 253de42753de85dde266e061b6fec12ca6589f7d -Author: Damien Miller <djm@mindrot.org> -Date: Wed Feb 2 16:52:07 2022 +1100 - - portable-specific string array constification - - from Mike Frysinger - -commit dfdcc2220cf359c492d5d34eb723370e8bd8a19e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 1 23:37:15 2022 +0000 - - upstream: test 'ssh-keygen -Y find-principals' with wildcard - - principals; from Fabian Stelzer - - OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40 - -commit 968e508967ef42480cebad8cf3172465883baa77 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Fri Jan 21 02:54:41 2022 +0000 - - upstream: Enable all supported ciphers and macs in the server - - before trying to benchmark them. Increase the data file size to get more - signal. - - OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6 - -commit 15b7199a1fd37eff4c695e09d573f3db9f4274b7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 1 23:34:47 2022 +0000 - - upstream: allow 'ssh-keygen -Y find-principals' to match wildcard - - principals in allowed_signers files; from Fabian Stelzer - - OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098 - -commit 541667fe6dc26d7881e55f0bb3a4baa6f3171645 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 1 23:32:51 2022 +0000 - - upstream: mark const string array contents const too, i.e. static - - const char *array => static const char * const array from Mike Frysinger - - OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1 - -commit 8cfa73f8a2bde4c98773f33f974c650bdb40dd3c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Feb 1 23:11:11 2022 +0000 - - upstream: better match legacy scp behaviour: show un-expanded paths - - in error messages. Spotted by and ok tb@ - - OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7 - -commit 4e62c13ab419b4b224c8bc6a761e91fcf048012d -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Feb 1 07:57:32 2022 +0000 - - upstream: Remove explicit kill of privsep preauth child's PID in - - SIGALRM handler. It's no longer needed since the child will get terminated by - the SIGTERM to the process group that cleans up any auth helpers, it - simplifies the signal handler and removes the risk of a race when updating - the PID. Based on analysis by HerrSpace in github PR#289, ok djm@ - - OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663 - -commit 2a7ccd2ec4022917b745af7186f514f365b7ebe9 -Author: guenther@openbsd.org <guenther@openbsd.org> -Date: Fri Jan 28 06:18:42 2022 +0000 - - upstream: When it's the possessive of 'it', it's spelled "its", - - without the apostrophe. - - OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7 - -commit 8a0848cdd3b25c049332cd56034186b7853ae754 -Author: Alex James <theracermaster@gmail.com> -Date: Sun Jan 30 16:13:36 2022 -0600 - - sandbox-seccomp-filter: allow gettid - - Some allocators (such as Scudo) use gettid while tracing allocations [1]. - Allow gettid in preauth to prevent sshd from crashing with Scudo. - - [1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46 - -commit b30d32159dc3c7052f4bfdf36357996c905af739 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 22 00:49:34 2022 +0000 - - upstream: add a ssh_packet_process_read() function that reads from - - a fd directly into the transport input buffer. - - Use this in the client and server mainloops to avoid unnecessary - copying. It also lets us use a more greedy read size without penalty. - - Yields a 2-3% performance gain on cipher-speed.sh (in a fairly - unscientific test tbf) - - feedback dtucker@ ok markus@ - - OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632 - -commit a1a8efeaaa9cccb15cdc0a2bd7c347a149a3a7e3 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 22 00:45:31 2022 +0000 - - upstream: Use sshbuf_read() to read directly into the channel input - - buffer rather than into a stack buffer that needs to be copied again; - Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok - markus@ - - OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572 - -commit 29a76994e21623a1f84d68ebb9dc5a3c909fa3a7 -Author: Damien Miller <djm@mindrot.org> -Date: Tue Jan 25 11:52:34 2022 +1100 - - depend - -commit 754e0d5c7712296a7a3a83ace863812604c7bc4f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 22 00:43:43 2022 +0000 - - upstream: Add a sshbuf_read() that attempts to read(2) directly in - - to a sshbuf; ok markus@ - - OpenBSD-Commit-ID: 2d8f249040a4279f3bc23c018947384de8d4a45b - -commit c7964fb9829d9ae2ece8b51a76e4a02e8449338d -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 21 07:04:19 2022 +0000 - - upstream: add a helper for writing an error message to the - - stderr_buf and setting quit_pending; no functional change but saves a bunch - of boilerplate - - OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d - -commit d23b4f7fdb1bd87e2cd7a9ae7c198ae99d347916 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 21 06:58:06 2022 +0000 - - upstream: correct comment and use local variable instead of long - - indirection; spotted by dtucker@ - - OpenBSD-Commit-ID: 5f65f5f69db2b7d80a0a81b08f390a63f8845965 - -commit d069b020a02b6e3935080204ee44d233e8158ebb -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Fri Jan 21 00:53:40 2022 +0000 - - upstream: When poll(2) returns -1, for some error conditions - - pfd[].revents is not cleared. There are subtle errors in various programs. - In this particular case, the program should error out. ok djm millert - - OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c - -commit e204b34337a965feb439826157c191919fd9ecf8 -Author: Damien Miller <djm@mindrot.org> -Date: Sat Jan 22 11:38:21 2022 +1100 - - restore tty force-read hack - - This portable-specific hack fixes a hang on exit for ttyful sessions - on Linux and some SysVish Unix variants. It was accidentally disabled - in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion). - - Spotted by John in bz3383 - -commit 68085066b6bad43643b43f5957fcc5fd34782ccd -Author: Corinna Vinschen <vinschen@redhat.com> -Date: Fri Jan 21 03:22:56 2022 +1100 - - Fix signedness bug in Cygwin code - - The Cygwin-specific pattern match code has a bug. It checks - the size_t value returned by mbstowcs for being < 0. The right - thing to do is to check against (size_t) -1. Fix that. - - Signed-off-by: Corinna Vinschen <vinschen@redhat.com> - -commit 2e5cfed513e84444483baf1d8b31c40072b05103 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jan 20 13:26:27 2022 +1100 - - Improve compatibility of early exit trap handling. - - Dash (as used by the github runners) has some differences in its trap - builtin: - - it doesn't have -p (which is fine, that's not in posix). - - it doesn't work in a subshell (which turns out to be in compliance - with posix, which means bash isn't). - - it doesn't work in a pipeline, ie "trap|cat" produces no output. - -commit 3fe6800b6027add478e648934cbb29d684e51943 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jan 20 00:49:57 2022 +1100 - - Move more tests out of valgrind-1 runner. - -commit 20da6ed136dd76e6a0b229ca3036ef9c7c7ef798 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jan 19 15:37:39 2022 +1100 - - Invoke EXIT handler early when using Valgrind. - - When using Valgrind, we need to wait for all invoked programs to - complete before checking their valgrind logs. Some tests, notably - agent-restrict, set an EXIT trap handler to clean up things like - ssh-agent, but those do not get invoked until test-exec.sh exits. - This causes the Valgrind wait to deadlock, so if present invoke - the EXIT handler before checking the Valgrind logs. - -commit ad2e0580c87b0714cf166bca9d926a95ddeee1c8 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Jan 18 12:55:21 2022 +1100 - - Remove line leftover from upstream sync. - -commit d1051c0f11a6b749027e26bbeb61b07df4b67e15 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 17 22:56:04 2022 +0000 - - upstream: when decompressing zlib compressed packets, use - - Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually - specified as a valid mode for inflate(). There should be no practical change - in behaviour as the compression side ensures a flush that should make all - data available to the receiver in all cases. - - repoted by lamm AT ibm.com via bz3372; ok markus - - OpenBSD-Commit-ID: 67cfc1fa8261feae6d2cc0c554711c97867cc81b - -commit d5981b1883746b1ae178a46229c26b53af99e37a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 17 21:41:04 2022 +0000 - - upstream: make most of the sftp errors more idiomatic, following - - the general form of "[local/remote] operation path: error message"; ok markus - - OpenBSD-Commit-ID: 61364cd5f3a9fecaf8d63b4c38a42c0c91f8b571 - -commit ac7c9ec894ed0825d04ef69c55babb49bab1d32e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Mon Jan 17 21:39:51 2022 +0000 - - upstream: when transferring multiple files in SFTP mode, create the - - destination directory if it doesn't already exist to match olde-scp(1) - behaviour. noticed by deraadt@ ok markus@ - - OpenBSD-Commit-ID: cf44dfa231d4112f697c24ff39d7ecf2e6311407 - -commit 39d17e189f8e72c34c722579d8d4e701fa5132da -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 14 03:43:48 2022 +0000 - - upstream: allow pin-required FIDO keys to be added to ssh-agent(1). - - ssh-askpass will be used to request the PIN at authentication time. - - From Pedro Martelletto, ok djm - - OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950 - -commit 52423f64e13db2bdc31a51b32e999cb1bfcf1263 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 14 03:35:10 2022 +0000 - - upstream: ssh-sk: free a resident key's user id - - From Pedro Martelletto; ok dtucker & me - - OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9 - -commit 014e2f147a2788bfb3cc58d1b170dcf2bf2ee493 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 14 03:34:00 2022 +0000 - - upstream: sshsk_load_resident: don't preallocate resp - - resp is allocated by client_converse(), at which point we lose - the original pointer. - - From Pedro Martelletto; ok dtucker & me - - OpenBSD-Commit-ID: 1f1b5ea3282017d6584dfed4f8370dc1db1f44b1 - -commit c88265f207dfe0e8bdbaf9f0eda63ed6b33781cf -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 14 03:32:52 2022 +0000 - - upstream: sshsk_sign: trim call to sshkey_fingerprint() - - the resulting fingerprint doesn't appear to be used for anything, - and we end up leaking it. - - from Pedro Martelletto; ok dtucker & me - - OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7 - -commit 1cd1b2eac39661b849d5a4b4b56363e22bb5f61e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Fri Jan 14 03:31:52 2022 +0000 - - upstream: use status error message to communicate ~user expansion - - failures; provides better experience for scp in sftp mode, where ~user paths - are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & - markus - - (forgot to include this file in previous commit) - - OpenBSD-Commit-ID: d37cc4c8c861ce48cd6ea9899e96aaac3476847b - -commit a1d42a6ce0398da3833bedf374ef2571af7fea50 -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jan 14 13:49:32 2022 +1100 - - fix edge case in poll(2) wrapper - - Correct handling of select(2) exceptfds. These should only be consulted - for POLLPRI flagged pfds and not unconditionally converted to POLLERR. - - with and ok dtucker@ - -commit 976b9588b4b5babcaceec4767a241c11a67a5ccb -Author: Darren Tucker <dtucker@dtucker.net> -Date: Fri Jan 14 13:46:35 2022 +1100 - - Wrap OpenSSL includes in unit tests in ifdef. - - Fixes unit test on systems that do not have OpenSSL headers installed. - -commit c171879374b2e8b07157503f5639ed0bce59ce89 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Thu Jan 13 15:53:33 2022 +1100 - - Remove sort wrapper. - - agent-restrict now takes care of this itself. - -commit 9cc2654403f1a686bb26c07a6ac790edf334cef5 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jan 13 04:53:16 2022 +0000 - - upstream: Set LC_ALL in both local and remote shells so that sorted - - output matches regardless of what the user's shell sets it to. ok djm@ - - OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f - -commit 7a75f748cb2dd2f771bf70ea72698aa027996ab1 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jan 13 04:22:10 2022 +0000 - - upstream: Avoid %'s in commands (not used in OpenBSD, but used in - - -portable's Valgrind test) being interpretted as printf format strings. - - OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043 - -commit 6c435bd4994d71442192001483a1cdb846e5ffcd -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jan 12 16:58:13 2022 +1100 - - Stop on first test failure to minimize logs. - -commit 4bc2ba6095620a4484b708ece12842afd8c7685b -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jan 12 07:18:37 2022 +0000 - - upstream: Use egrep when searching for an anchored string. - - OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4 - -commit 6bf2efa2679da1e8e60731f41677b2081dedae2c -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Jan 12 18:25:06 2022 +1100 - - Add "rev" command replacement if needed. - -commit 72bcd7993dadaf967bb3d8564ee31cbf38132b5d -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Wed Jan 12 03:30:32 2022 +0000 - - upstream: Don't log NULL hostname in restricted agent code, - - printf("%s", NULL) is not safe on all platforms. with & ok djm - - OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02 - -commit acabefe3f8fb58c867c99fed9bbf84dfa1771727 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 11 22:33:16 2022 +0000 - - upstream: remove hardcoded domain and use window.location.host, so this - - can be run anywhere - - OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92 - -commit 96da0946e44f34adc0397eb7caa6ec35a3e79891 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jan 11 02:56:19 2022 +0000 - - upstream: "void" functions should not return anything. From Tim Rice - - via -portable. - - OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a - -commit a882a09722c9f086c9edb65d0c4022fd965ec1ed -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 11 01:26:47 2022 +0000 - - upstream: suppress "Connection to xxx closed" messages at LogLevel >= - - error bz3378; ok dtucker@ - - OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c - -commit 61a1a6af22e17fc94999a5d1294f27346e6c4668 -Author: Damien Miller <djm@mindrot.org> -Date: Wed Jan 12 08:57:49 2022 +1100 - - OS X poll(2) is broken; use compat replacement - - Darwin's poll(2) implementation is broken. For character-special - devices like /dev/null, it returns POLLNVAL when polled with - POLLIN. - - Apparently this is Apple bug 3710161, which is AFAIK not public, - but a websearch will find other OSS projects rediscovering it - periodically since it was first identified in 2005 (!!) - -commit 613a6545fc5a9542753b503cbe5906538a640b60 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Tue Jan 11 20:56:01 2022 +1100 - - libhardended_malloc.so moved into out dir. - -commit 61761340be5e11046556623f8f5412b236cefa95 -Author: Tim Rice <tim@multitalents.net> -Date: Mon Jan 10 11:07:04 2022 -0800 - - Make USL compilers happy - UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value - -commit 3ef403f351e80a59b6f7e9d43cb82c181855483c -Author: Darren Tucker <dtucker@dtucker.net> -Date: Mon Jan 10 21:07:38 2022 +1100 - - Add wrapper for "sort" to set LC_ALL=C. - - Found by djm, this should make sorts stable and reduce test flakiness. - -commit bd69e29f5716090181dbe0b8272eb7eab1a383bb -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sat Jan 8 07:55:26 2022 +0000 - - upstream: Remove errant "set -x" left over from debugging. - - OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc - -commit 1a7c88e26fd673813dc5f61c4ac278564845e004 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Sat Jan 8 07:01:13 2022 +0000 - - upstream: Enable all supported hostkey algorithms (but no others). - - Allows hostbased test to pass when built without OpenSSL. - - OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562 - -commit 12b457c2a42ff271e7967d9bedd068cebb048db9 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 8 07:37:32 2022 +0000 - - upstream: use status error message to communicate ~user expansion - - failures; provides better experience for scp in sftp mode, where ~user paths - are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & - markus - - OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f - -commit 63670d4e9030bcee490d5a9cce561373ac5b3b23 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 8 07:36:11 2022 +0000 - - upstream: fix some corner-case bugs in scp sftp-mode handling of - - ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus - - OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222 - -commit e14940bbec57fc7d3ce0644dbefa35f5a8ec97d0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 8 07:34:57 2022 +0000 - - upstream: more idiomatic error messages; spotted by jsg & deraadt - - ok jsg & markus - - OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8 - -commit 9acddcd5918c623f7ebf454520ffe946a8f15e90 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 8 07:33:54 2022 +0000 - - upstream: add a variant of send_status() that allows overriding the - - default, generic error message. feedback/ok markus & jsg - - OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f - -commit 961411337719d4cd78f1ab33e4ac549f3fa22f50 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 8 07:32:45 2022 +0000 - - upstream: refactor tilde_expand_filename() and make it handle ~user - - paths with no trailing slash; feedback/ok markus and jsg - - OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d - -commit dc38236ab6827dec575064cac65c8e7035768773 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jan 6 22:14:25 2022 +0000 - - upstream: Don't explicitly set HostbasedAuthentication in - - sshd_config. It defaults to "no", and not explicitly setting it allows us to - enable it for the (optional) hostbased test. - - OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c - -commit e12d912ddf1c873cb72e5de9a197afbe0b6622d2 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Thu Jan 6 21:46:56 2022 +0000 - - upstream: Add test for hostbased auth. It requires some external - - setup (see comments at the top) and thus is disabled unless - TEST_SSH_HOSTBASED_AUTH and SUDO are set. - - OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a - -commit a48533a8da6a0f4f05ecd055dc8048047e53569e -Author: Damien Miller <djm@mindrot.org> -Date: Fri Jan 7 09:24:26 2022 +1100 - - depend - -commit d9dbb5d9a0326e252d3c7bc13beb9c2434f59409 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:06:51 2022 +0000 - - upstream: allow hostbased auth to select RSA keys when only - - RSA/SHA2 are configured (this is the default case); ok markus@ - - OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827 - -commit fdb1d58d0d3888b042e5a500f6ce524486aaf782 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:05:42 2022 +0000 - - upstream: add a helper function to match a key type to a list of - - signature algorithms. RSA keys can make signatures with multiple algorithms, - so some special handling is required. ok markus@ - - OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff - -commit 11e8c4309a5086a45fbbbc87d0af5323c6152914 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:04:20 2022 +0000 - - upstream: log some details on hostkeys that ssh loads for - - hostbased authn ok markus@ - - OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38 - -commit c6706f661739514a34125aa3136532a958929510 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:03:59 2022 +0000 - - upstream: log signature algorithm during verification by monitor; - - ok markus - - OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc - -commit 8832402bd500d1661ccc80a476fd563335ef6cdc -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:02:52 2022 +0000 - - upstream: piece of UpdateHostkeys client strictification: when - - updating known_hosts with new keys, ignore NULL keys (forgot to include in - prior commit) - - OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08 - -commit c2d9ced1da0276961d86690b3bd7ebdaca7fdbf7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:01:14 2022 +0000 - - upstream: include rejected signature algorithm in error message - - and not the (useless) key type; ok markus - - OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023 - -commit 7aa7b096cf2bafe2777085abdeed5ce00581f641 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 22:00:18 2022 +0000 - - upstream: make ssh-keysign use the requested signature algorithm - - and not the default for the keytype. Part of unbreaking hostbased auth for - RSA/SHA2 keys. ok markus@ - - OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc - -commit 291721bc7c840d113a49518f3fca70e86248b8e8 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 21:57:28 2022 +0000 - - upstream: stricter UpdateHostkey signature verification logic on - - the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when - RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 - - ok markus@ - - OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29 - -commit 0fa33683223c76289470a954404047bc762be84c -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 21:55:23 2022 +0000 - - upstream: Fix signature algorithm selection logic for - - UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 - for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 - signatures for RSA keys if the client proposed these algorithms in initial - KEX. bz3375 - - Mostly by Dmitry Belyavskiy with some tweaks by me. - - ok markus@ - - OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029 - -commit 17877bc81db3846e6e7d4cfb124d966bb9c9296b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 21:48:38 2022 +0000 - - upstream: convert ssh, sshd mainloops from select() to poll(); - - feedback & ok deraadt@ and markus@ has been in snaps for a few months - - OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c - -commit 5c79952dfe1aa36105c93b3f383ce9be04dee384 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Thu Jan 6 21:46:23 2022 +0000 - - upstream: prepare for conversion of ssh, sshd mainloop from - - select() to poll() by moving FD_SET construction out of channel handlers into - separate functions. ok markus - - OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027 - -commit 24c5187edfef4651a625b7d5d692c8c7e794f71f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 21:54:37 2022 +0000 - - upstream: add a comment so I don't make this mistake again - - OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e - -commit 7369900441929058263a17f56aa67e05ff7ec628 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 21:50:00 2022 +0000 - - upstream: fix cut-and-pasto in error message - - OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198 - -commit 294c11b1c7d56d3fb61e329603a782315ed70c62 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 08:25:05 2022 +0000 - - upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, - - not just RSA-SHA1 - - OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8 - -commit 2ea1108c30e3edb6f872dfc1e6da10b041ddf2c0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 04:56:15 2022 +0000 - - upstream: regress test both sshsig message hash algorithms, possible - - now because the algorithm is controllable via the CLI - - OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f - -commit 2327c306b5d4a2b7e71178e5a4d139af9902c2b0 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 04:50:11 2022 +0000 - - upstream: allow selection of hash at sshsig signing time; code - - already supported either sha512 (default) or sha256, but plumbing wasn't - there mostly by Linus Nordberg - - OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd - -commit 56e941d0a00d6d8bae88317717d5e1b7395c9529 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 04:27:54 2022 +0000 - - upstream: add missing -O option to usage() for ssh-keygen -Y sign; - - from Linus Nordberg - - OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0 - -commit 141a14ec9b0924709c98df2dd8013bde5d8d12c7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 04:27:01 2022 +0000 - - upstream: move sig_process_opts() to before sig_sign(); no - - functional code change - - OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9 - -commit 37a14249ec993599a9051731e4fb0ac5e976aec1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 04:10:39 2022 +0000 - - upstream: regression test for find-principals NULL deref; from Fabian - - Stelzer - - OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5 - -commit eb1f042142fdaba93f6c9560cf6c91ae25f6884a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Wed Jan 5 04:02:42 2022 +0000 - - upstream: NULL deref when using find-principals when matching an - - allowed_signers line that contains a namespace restriction, but no - restriction specified on the command-line; report and fix from Fabian Stelzer - - OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145 - -commit 8f3b18030579f395eca2181da31a5f945af12a59 -Author: dtucker@openbsd.org <dtucker@openbsd.org> -Date: Tue Jan 4 08:38:53 2022 +0000 - - upstream: Log command invocation while debugging. - - This will aid in manually reproducing failing commands. - - OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a - -commit bbf285164df535f0d38c36237f007551bbdae27f -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sun Dec 26 10:31:15 2021 +1100 - - Always save config.h as build artifact. - - Should allow better comparison between failing and succeeding test - platforms. - -commit 03bd4ed0db699687c5cd83405d26f81d2dc28d22 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Sat Dec 25 16:42:51 2021 +1100 - - Add OpenBSD 7.0 target. Retire 6.8. - -commit c45a752f0de611afd87755c2887c8a24816d08ee -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Sat Jan 1 05:55:06 2022 +0000 - - upstream: spelling - - OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62 - -commit c672f83a89a756564db0d3af9934ba0e1cf8fa3e -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Jan 4 07:20:33 2022 +0000 - - upstream: unbreak test: was picking up system ssh-add instead of the - - one supposedly being tested. Spotted by dtucker and using his VM zoo (which - includes some systems old enough to lack ed25519 key support) - - OpenBSD-Regress-ID: 7976eb3df11cc2ca3af91030a6a8c0cef1590bb5 - -commit a23698c3082ffe661abed14b020eac9b0c25eb9f -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sat Jan 1 04:18:06 2022 +0000 - - upstream: fix memleak in process_extension(); oss-fuzz issue #42719 - - OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e - -commit cb885178f36b83d0f14cfe9f345d2068103feed0 -Author: jsg@openbsd.org <jsg@openbsd.org> -Date: Sat Jan 1 01:55:30 2022 +0000 - - upstream: spelling ok dtucker@ - - OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19 - -commit 6b977f8080a32c5b3cbb9edb634b9d5789fb79be -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 26 23:34:41 2021 +0000 - - upstream: split method list search functionality from - - authmethod_lookup() into a separate authmethod_byname(), for cases where we - don't need to check whether a method is enabled, etc. - - use this to fix the "none" authentication method regression reported - by Nam Nguyen via bugs@ - - ok deraadt@ - - OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17 - -commit 0074aa2c8d605ee7587279a22cdad4270b4ddd07 -Author: jmc@openbsd.org <jmc@openbsd.org> -Date: Wed Dec 22 06:56:41 2021 +0000 - - upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text; - - ok djm - - OpenBSD-Commit-ID: 90721643e41e9e09deb5b776aaa0443456ab0965 - -commit 1c9853a68b2319f2e5f929179735e8fbb9988a67 -Author: Darren Tucker <dtucker@dtucker.net> -Date: Wed Dec 22 19:33:10 2021 +1100 - - Use SHA.*_HMAC_BLOCK_SIZE if needed. - - If the platform has a native SHA2, does not define SHA.*_BLOCK_LENGTH - but does define SHA.*_HMAC_BLOCK_SIZE (eg Solaris) then use the latter. - Should fix --without-openssl build on Solaris. - -commit 715c892f0a5295b391ae92c26ef4d6a86ea96e8e -Author: Damien Miller <djm@mindrot.org> -Date: Wed Dec 22 09:02:50 2021 +1100 - - remove sys/param.h in -portable, after upstream - -commit 7a7c69d8b4022b1e5c0afb169c416af8ce70f3e8 -Author: Damien Miller <djm@mindrot.org> -Date: Mon Dec 20 13:05:20 2021 +1100 - - add agent-restrict.sh file, missed in last commit - -commit f539136ca51a4976644db5d0be8158cc1914c72a -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:20:12 2021 +0000 - - upstream: regression test for destination restrictions in ssh-agent - - OpenBSD-Regress-ID: 3c799d91e736b1753b4a42d80c42fc40de5ad33d - -commit 6e4980eb8ef94c04874a79dd380c3f568e8416d6 -Author: anton@openbsd.org <anton@openbsd.org> -Date: Sat Dec 18 06:53:59 2021 +0000 - - upstream: Make use of ntests variable, pointed out by clang 13. - - OpenBSD-Regress-ID: 4241a3d21bdfa1630ed429b6d4fee51038d1be72 - -commit 3eead8158393b697f663ec4301e3c7b6f24580b1 -Author: deraadt@openbsd.org <deraadt@openbsd.org> -Date: Tue Dec 14 21:25:27 2021 +0000 - - upstream: sys/param.h cleanup, mostly using MINIMUM() and - - <limits.h> ok dtucker - - OpenBSD-Regress-ID: 172a4c45d3bcf92fa6cdf6c4b9db3f1b3abe4db0 - -commit 266678e19eb0e86fdf865b431b6e172e7a95bf48 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:15:42 2021 +0000 - - upstream: document host-bound publickey authentication - - OpenBSD-Commit-ID: ea6ed91779a81f06d961e30ecc49316b3d71961b - -commit 3d00024b3b156aa9bbd05d105f1deb9cb088f6f7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:15:21 2021 +0000 - - upstream: document agent protocol extensions - - OpenBSD-Commit-ID: 09e8bb391bbaf24c409b75a4af44e0cac65405a7 - -commit c385abf76511451bcba78568167b1cd9e90587d5 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:14:47 2021 +0000 - - upstream: PubkeyAuthentication=yes|no|unbound|host-bound - - Allow control over which pubkey methods are used. Added out of - concern that some hardware devices may have difficulty signing - the longer pubkey authentication challenges. This provides a - way for them to disable the extension. It's also handy for - testing. - - feedback / ok markus@ - - OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a - -commit 34b1e9cc7654f41cd4c5b1cc290b999dcf6579bb -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:14:12 2021 +0000 - - upstream: document destination-constrained keys - - feedback / ok markus@ - - OpenBSD-Commit-ID: cd8c526c77268f6d91c06adbee66b014d22d672e - -commit a6d7677c4abcfba268053e5867f2acabe3aa371b -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:13:55 2021 +0000 - - upstream: Use hostkey parsed from hostbound userauth request - - Require host-bound userauth requests for forwarded SSH connections. - - The hostkey parsed from the host-bound userauth request is now checked - against the most recently bound session ID / hostkey on the agent socket - and the signature refused if they do not match. - - ok markus@ - - OpenBSD-Commit-ID: d69877c9a3bd8d1189a5dbdeceefa432044dae02 - -commit baaff0ff4357cc5a079621ba6e2d7e247b765061 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:13:33 2021 +0000 - - upstream: agent support for parsing hostkey-bound signatures - - Allow parse_userauth_request() to work with blobs from - publickey-hostbound-v00@openssh.com userauth attempts. - - Extract hostkey from these blobs. - - ok markus@ - - OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8 - -commit 3e16365a79cdeb2d758cf1da6051b1c5266ceed7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:13:12 2021 +0000 - - upstream: EXT_INFO negotiation of hostbound pubkey auth - - the EXT_INFO packet gets a new publickey-hostbound@openssh.com to - advertise the hostbound public key method. - - Client side support to parse this feature flag and set the kex->flags - indicator if the expected version is offered (currently "0"). - - ok markus@ - - OpenBSD-Commit-ID: 4cdb2ca5017ec1ed7a9d33bda95c1d6a97b583b0 - -commit 94ae0c6f0e35903b695e033bf4beacea1d376bb1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:12:54 2021 +0000 - - upstream: client side of host-bound pubkey authentication - - Add kex->flags member to enable the publickey-hostbound-v00@openssh.com - authentication method. - - Use the new hostbound method in client if the kex->flags flag was set, - and include the inital KEX hostkey in the userauth request. - - Note: nothing in kex.c actually sets the new flag yet - - ok markus@ - - OpenBSD-Commit-ID: 5a6fce8c6c8a77a80ee1526dc467d91036a5910d - -commit 288fd0218dbfdcb05d9fbd1885904bed9b6d42e6 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:12:30 2021 +0000 - - upstream: sshd side of hostbound public key auth - - This is identical to the standard "publickey" method, but it also includes - the initial server hostkey in the message signed by the client. - - feedback / ok markus@ - - OpenBSD-Commit-ID: 7ea01bb7238a560c1bfb426fda0c10a8aac07862 - -commit dbb339f015c33d63484261d140c84ad875a9e548 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:12:07 2021 +0000 - - upstream: prepare for multiple names for authmethods - - allow authentication methods to have one additional name beyond their - primary name. - - allow lookup by this synonym - - Use primary name for authentication decisions, e.g. for - PermitRootLogin=publickey - - Pass actual invoked name to the authmethods, so they can tell whether they - were requested via the their primary name or synonym. - - ok markus@ - - OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559 - -commit 39f00dcf44915f20684160f0a88d3ef8a3278351 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:11:39 2021 +0000 - - upstream: ssh-agent side of destination constraints - - Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com - constraints and to apply them to keys. - - Check constraints against the hostkeys recorded for a SocketEntry when - attempting a signature, adding, listing or deleting keys. Note that - the "delete all keys" request will remove constrained keys regardless of - location. - - feedback Jann Horn & markus@ - ok markus@ - - OpenBSD-Commit-ID: 84a7fb81106c2d609a6ac17469436df16d196319 - -commit ce943912df812c573a33d00bf9e5435b7fcca3f7 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:11:06 2021 +0000 - - upstream: ssh-add side of destination constraints - - Have ssh-add accept a list of "destination constraints" that allow - restricting where keys may be used in conjunction with a ssh-agent/ssh - that supports session ID/hostkey binding. - - Constraints are specified as either "[user@]host-pattern" or - "host-pattern>[user@]host-pattern". - - The first form permits a key to be used to authenticate as the - specified user to the specified host. - - The second form permits a key that has previously been permitted - for use at a host to be available via a forwarded agent to an - additional host. - - For example, constraining a key with "user1@host_a" and - "host_a>host_b". Would permit authentication as "user1" at - "host_a", and allow the key to be available on an agent forwarded - to "host_a" only for authentication to "host_b". The key would not - be visible on agent forwarded to other hosts or usable for - authentication there. - - Internally, destination constraints use host keys to identify hosts. - The host patterns are used to obtain lists of host keys for that - destination that are communicated to the agent. The user/hostkeys are - encoded using a new restrict-destination-v00@openssh.com key - constraint. - - host keys are looked up in the default client user/system known_hosts - files. It is possible to override this set on the command-line. - - feedback Jann Horn & markus@ - ok markus@ - - OpenBSD-Commit-ID: 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 - -commit 5e950d765727ee0b20fc3d2cbb0c790b21ac2425 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:10:24 2021 +0000 - - upstream: ssh-add side of destination constraints - - Have ssh-add accept a list of "destination constraints" that allow - restricting where keys may be used in conjunction with a ssh-agent/ssh - that supports session ID/hostkey binding. - - Constraints are specified as either "[user@]host-pattern" or - "host-pattern>[user@]host-pattern". - - The first form permits a key to be used to authenticate as the - specified user to the specified host. - - The second form permits a key that has previously been permitted - for use at a host to be available via a forwarded agent to an - additional host. - - For example, constraining a key with "user1@host_a" and - "host_a>host_b". Would permit authentication as "user1" at - "host_a", and allow the key to be available on an agent forwarded - to "host_a" only for authentication to "host_b". The key would not - be visible on agent forwarded to other hosts or usable for - authentication there. - - Internally, destination constraints use host keys to identify hosts. - The host patterns are used to obtain lists of host keys for that - destination that are communicated to the agent. The user/hostkeys are - encoded using a new restrict-destination-v00@openssh.com key - constraint. - - host keys are looked up in the default client user/system known_hosts - files. It is possible to override this set on the command-line. - - feedback Jann Horn & markus@ - ok markus@ - - OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e - -commit 4c1e3ce85e183a9d0c955c88589fed18e4d6a058 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:09:23 2021 +0000 - - upstream: ssh-agent side of binding - - record session ID/hostkey/forwarding status for each active socket. - - Attempt to parse data-to-be-signed at signature request time and extract - session ID from the blob if it is a pubkey userauth request. - - ok markus@ - - OpenBSD-Commit-ID: a80fd41e292b18b67508362129e9fed549abd318 - -commit e9497ecf73f3c16667288bce48d4e3d7e746fea1 -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:08:48 2021 +0000 - - upstream: ssh client side of binding - - send session ID, hostkey, signature and a flag indicating whether the - agent connection is being forwarded to ssh agent each time a connection - is opened via a new "session-bind@openssh.com" agent extension. - - ok markus@ - - OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135 - -commit b42c61d6840d16ef392ed0f365e8c000734669aa -Author: djm@openbsd.org <djm@openbsd.org> -Date: Sun Dec 19 22:08:06 2021 +0000 - - upstream: Record session ID, host key and sig at intital KEX - - These will be used later for agent session ID / hostkey binding - - ok markus@ - - OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe - -commit 26ca33d186473d58a32d812e19273ce078b6ffff -Author: djm@openbsd.org <djm@openbsd.org> -Date: Tue Dec 7 22:06:45 2021 +0000 - - upstream: better error message for FIDO keys when we can't match - - them to a token - - OpenBSD-Commit-ID: 58255c2a1980088f4ed144db67d879ada2607650 @@ -137,12 +137,12 @@ than as a named global or channel request to allow pings with very short packet lengths, which would not be possible with other approaches. -1.9 transport: strict key exchange extension +1.10 transport: strict key exchange extension OpenSSH supports a number of transport-layer hardening measures under a "strict KEX" feature. This feature is signalled similarly to the RFC8308 ext-info feature: by including a additional algorithm in the -initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append +initial SSH2_MSG_KEXINIT kex_algorithms field. The client may append "kex-strict-c-v00@openssh.com" to its kex_algorithms and the server may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored @@ -150,20 +150,21 @@ if they are present in subsequent SSH2_MSG_KEXINIT packets. When an endpoint that supports this extension observes this algorithm name in a peer's KEXINIT packet, it MUST make the following changes to -the the protocol: - -a) During initial KEX, terminate the connection if any unexpected or - out-of-sequence packet is received. This includes terminating the - connection if the first packet received is not SSH2_MSG_KEXINIT. - Unexpected packets for the purpose of strict KEX include messages - that are otherwise valid at any time during the connection such as - SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. +the protocol: + +a) During initial KEX, terminate the connection if out-of-sequence + packet or any message that is not strictly required by KEX is + received. This includes terminating the connection if the first + packet received is not SSH2_MSG_KEXINIT. Unexpected packets for + the purpose of strict KEX include messages that are otherwise + valid at any time during the connection such as SSH2_MSG_DEBUG, + SSH2_MSG_IGNORE or SSH2_MSG_UNIMPLEMENTED. b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the packet sequence number to zero. This behaviour persists for the duration of the connection (i.e. not just the first SSH2_MSG_NEWKEYS). -1.10 transport: SSH2_MSG_EXT_INFO during user authentication +1.11 transport: SSH2_MSG_EXT_INFO during user authentication This protocol extension allows the SSH2_MSG_EXT_INFO to be sent during user authentication. RFC8308 does allow a second @@ -735,6 +736,7 @@ identifiers: The server will reply with a SSH_FXP_EXTENDED_REPLY: byte SSH_FXP_EXTENDED_REPLY + uint32 id string usernames string groupnames @@ -790,4 +792,4 @@ master instance and later clients. OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.51 2023/12/18 14:45:49 djm Exp $ +$OpenBSD: PROTOCOL,v 1.55 2024/01/08 05:05:15 djm Exp $ diff --git a/PROTOCOL.agent b/PROTOCOL.agent index e4a6b74..7637882 100644 --- a/PROTOCOL.agent +++ b/PROTOCOL.agent @@ -91,7 +91,7 @@ with private keys as they are loaded from a PKCS#11 token. bool certs_only string certsblob -Where "certsblob" constists of one or more certificates encoded as public +Where "certsblob" consists of one or more certificates encoded as public key blobs: string[] certificates @@ -112,4 +112,4 @@ A SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS if any key (plain private or certificate) was successfully loaded, or SSH_AGENT_FAILURE if no key was loaded. -$OpenBSD: PROTOCOL.agent,v 1.21 2023/12/18 14:46:56 djm Exp $ +$OpenBSD: PROTOCOL.agent,v 1.22 2023/12/20 00:06:25 jsg Exp $ diff --git a/PROTOCOL.mux b/PROTOCOL.mux index 5a3dd5f..fef2e13 100644 --- a/PROTOCOL.mux +++ b/PROTOCOL.mux @@ -188,8 +188,6 @@ For dynamically allocated listen port the server replies with 7. Requesting closure of port forwards -Note: currently unimplemented (server will always reply with MUX_S_FAILURE). - A client may request the master to close a port forward: uint32 MUX_C_CLOSE_FWD @@ -295,4 +293,4 @@ XXX session inspection via master XXX signals via mux request XXX list active connections via mux -$OpenBSD: PROTOCOL.mux,v 1.13 2022/01/01 01:55:30 jsg Exp $ +$OpenBSD: PROTOCOL.mux,v 1.14 2024/01/08 05:11:18 djm Exp $ @@ -1,4 +1,4 @@ -See https://www.openssh.com/releasenotes.html#9.6p1 for the release +See https://www.openssh.com/releasenotes.html#9.7p1 for the release notes. Please read https://www.openssh.com/report.html for bug reporting diff --git a/README.platform b/README.platform index 7b754ba..4edf9d1 100644 --- a/README.platform +++ b/README.platform @@ -53,11 +53,12 @@ Darwin does not provide a tun(4) driver required for OpenSSH-based virtual private networks. The BSD manpage still exists, but the driver has been removed in recent releases of Darwin and MacOS X. -Nevertheless, tunnel support is known to work with Darwin 8 and -MacOS X 10.4 in Point-to-Point (Layer 3) and Ethernet (Layer 2) mode -using a third party driver. More information is available at: - http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ +Tunnel support is known to work with Darwin 8 and MacOS X 10.4 in +Point-to-Point (Layer 3) and Ethernet (Layer 2) mode using a third +party driver. More information is available at: + https://tuntaposx.sourceforge.net +Recent Darwin/MacOS X versions are likely unsupported. Linux ----- @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.435 2023/12/18 14:47:20 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.437 2024/03/06 02:59:59 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -214,6 +214,9 @@ struct ssh_channels { /* Channel timeouts by type */ struct ssh_channel_timeout *timeouts; size_t ntimeouts; + /* Global timeout for all OPEN channels */ + int global_deadline; + time_t lastused; }; /* helper */ @@ -316,6 +319,11 @@ channel_add_timeout(struct ssh *ssh, const char *type_pattern, { struct ssh_channels *sc = ssh->chanctxt; + if (strcmp(type_pattern, "global") == 0) { + debug2_f("global channel timeout %d seconds", timeout_secs); + sc->global_deadline = timeout_secs; + return; + } debug2_f("channel type \"%s\" timeout %d seconds", type_pattern, timeout_secs); sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts, @@ -377,6 +385,38 @@ channel_set_xtype(struct ssh *ssh, int id, const char *xctype) } /* + * update "last used" time on a channel. + * NB. nothing else should update lastused except to clear it. + */ +static void +channel_set_used_time(struct ssh *ssh, Channel *c) +{ + ssh->chanctxt->lastused = monotime(); + if (c != NULL) + c->lastused = ssh->chanctxt->lastused; +} + +/* + * Get the time at which a channel is due to time out for inactivity. + * Returns 0 if the channel is not due to time out ever. + */ +static time_t +channel_get_expiry(struct ssh *ssh, Channel *c) +{ + struct ssh_channels *sc = ssh->chanctxt; + time_t expiry = 0, channel_expiry; + + if (sc->lastused != 0 && sc->global_deadline != 0) + expiry = sc->lastused + sc->global_deadline; + if (c->lastused != 0 && c->inactive_deadline != 0) { + channel_expiry = c->lastused + c->inactive_deadline; + if (expiry == 0 || channel_expiry < expiry) + expiry = channel_expiry; + } + return expiry; +} + +/* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd */ @@ -441,6 +481,8 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd, if (efd != -1) set_nonblock(efd); } + /* channel might be entering a larval state, so reset global timeout */ + channel_set_used_time(ssh, NULL); } /* @@ -1197,7 +1239,7 @@ channel_set_fds(struct ssh *ssh, int id, int rfd, int wfd, int efd, channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty); c->type = SSH_CHANNEL_OPEN; - c->lastused = monotime(); + channel_set_used_time(ssh, c); c->local_window = c->local_window_max = window_max; if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 || @@ -1368,7 +1410,7 @@ channel_pre_x11_open(struct ssh *ssh, Channel *c) if (ret == 1) { c->type = SSH_CHANNEL_OPEN; - c->lastused = monotime(); + channel_set_used_time(ssh, c); channel_pre_open(ssh, c); } else if (ret == -1) { logit("X11 connection rejected because of wrong " @@ -2016,7 +2058,7 @@ channel_post_connecting(struct ssh *ssh, Channel *c) c->self, c->connect_ctx.host, c->connect_ctx.port); channel_connect_ctx_free(&c->connect_ctx); c->type = SSH_CHANNEL_OPEN; - c->lastused = monotime(); + channel_set_used_time(ssh, c); if (isopen) { /* no message necessary */ } else { @@ -2108,7 +2150,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) goto rfail; } if (nr != 0) - c->lastused = monotime(); + channel_set_used_time(ssh, c); return 1; } @@ -2134,7 +2176,7 @@ channel_handle_rfd(struct ssh *ssh, Channel *c) } return -1; } - c->lastused = monotime(); + channel_set_used_time(ssh, c); if (c->input_filter != NULL) { if (c->input_filter(ssh, c, buf, len) == -1) { debug2("channel %d: filter stops", c->self); @@ -2215,7 +2257,7 @@ channel_handle_wfd(struct ssh *ssh, Channel *c) } return -1; } - c->lastused = monotime(); + channel_set_used_time(ssh, c); #ifndef BROKEN_TCGETATTR_ICANON if (c->isatty && dlen >= 1 && buf[0] != '\r') { if (tcgetattr(c->wfd, &tio) == 0 && @@ -2264,7 +2306,7 @@ channel_handle_efd_write(struct ssh *ssh, Channel *c) if ((r = sshbuf_consume(c->extended, len)) != 0) fatal_fr(r, "channel %i: consume", c->self); c->local_consumed += len; - c->lastused = monotime(); + channel_set_used_time(ssh, c); } return 1; } @@ -2291,7 +2333,7 @@ channel_handle_efd_read(struct ssh *ssh, Channel *c) channel_close_fd(ssh, c, &c->efd); return 1; } - c->lastused = monotime(); + channel_set_used_time(ssh, c); if (c->extended_usage == CHAN_EXTENDED_IGNORE) debug3("channel %d: discard efd", c->self); else if ((r = sshbuf_put(c->extended, buf, len)) != 0) @@ -2581,10 +2623,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout) continue; } if (ftab[c->type] != NULL) { - if (table == CHAN_PRE && - c->type == SSH_CHANNEL_OPEN && - c->inactive_deadline != 0 && c->lastused != 0 && - now >= c->lastused + c->inactive_deadline) { + if (table == CHAN_PRE && c->type == SSH_CHANNEL_OPEN && + channel_get_expiry(ssh, c) != 0 && + now >= channel_get_expiry(ssh, c)) { /* channel closed for inactivity */ verbose("channel %d: closing after %u seconds " "of inactivity", c->self, @@ -2596,10 +2637,9 @@ channel_handler(struct ssh *ssh, int table, struct timespec *timeout) /* inactivity timeouts must interrupt poll() */ if (timeout != NULL && c->type == SSH_CHANNEL_OPEN && - c->lastused != 0 && - c->inactive_deadline != 0) { + channel_get_expiry(ssh, c) != 0) { ptimeout_deadline_monotime(timeout, - c->lastused + c->inactive_deadline); + channel_get_expiry(ssh, c)); } } else if (timeout != NULL) { /* @@ -3205,9 +3245,8 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) goto out; } /* Record that connection to this host/port is permitted. */ - permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>", -1, - listen_host, NULL, (int)listen_port, downstream); - listen_host = NULL; + permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "<mux>", + -1, listen_host, NULL, (int)listen_port, downstream); break; case SSH2_MSG_CHANNEL_CLOSE: if (have < 4) @@ -3558,7 +3597,7 @@ channel_input_open_confirmation(int type, u_int32_t seq, struct ssh *ssh) c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx); debug2_f("channel %d: callback done", c->self); } - c->lastused = monotime(); + channel_set_used_time(ssh, c); debug2("channel %d: open confirm rwindow %u rmax %u", c->self, c->remote_window, c->remote_maxpacket); return 0; diff --git a/clientloop.c b/clientloop.c index eb49029..8ec36af 100644 --- a/clientloop.c +++ b/clientloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.402 2023/11/24 00:31:30 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.403 2024/02/21 05:57:34 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -517,7 +517,7 @@ send_chaff(struct ssh *ssh) { int r; - if ((ssh->kex->flags & KEX_HAS_PING) == 0) + if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0) return 0; /* XXX probabilistically send chaff? */ /* diff --git a/config.h.in b/config.h.in index b09986e..75a2f5a 100644 --- a/config.h.in +++ b/config.h.in @@ -1963,6 +1963,9 @@ /* Define if you want to enable AIX4's authenticate function */ #undef WITH_AIXAUTHENTICATE +/* Define if to enable DSA keys. */ +#undef WITH_DSA + /* Define if you have/want arrays (cluster-wide session management, not C arrays) */ #undef WITH_IRIX_ARRAY @@ -775,6 +775,7 @@ enable_largefile with_openssl with_stackprotect with_hardening +with_retpoline with_rpath with_cflags with_cflags_after @@ -796,6 +797,7 @@ with_pie enable_pkcs11 enable_security_key with_security_key_builtin +enable_dsa_keys with_ssl_dir with_openssl_header_check with_ssl_engine @@ -820,6 +822,7 @@ with_superuser_path with_4in6 with_bsd_auth with_pid_dir +enable_fd_passing enable_lastlog enable_utmp enable_utmpx @@ -1464,8 +1467,10 @@ Optional Features: --disable-largefile omit support for large files --disable-pkcs11 disable PKCS#11 support code [no] --disable-security-key disable U2F/FIDO support code no + --disable-dsa-keys disable DSA key support no --disable-strip Disable calling strip(1) on install --disable-etc-default-login Disable using PATH from /etc/default/login no + --disable-fd-passing disable file descriptor passsing no --disable-lastlog disable use of lastlog even if detected no --disable-utmp disable use of utmp even if detected no --disable-utmpx disable use of utmpx even if detected no @@ -1481,6 +1486,7 @@ Optional Packages: --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** --without-stackprotect Don't use compiler's stack protection --without-hardening Don't use toolchain hardening flags + --without-retpoline Enable retpoline spectre mitigation --without-rpath Disable auto-added -R linker paths --with-cflags Specify additional flags to pass to compiler --with-cflags-after Specify additional flags to pass to compiler after configure @@ -6028,6 +6034,7 @@ fi use_stack_protector=1 use_toolchain_hardening=1 +use_retpoline=1 # Check whether --with-stackprotect was given. if test ${with_stackprotect+y} @@ -6049,6 +6056,16 @@ then : fi +# Check whether --with-retpoline was given. +if test ${with_retpoline+y} +then : + withval=$with_retpoline; + if test "x$withval" = "xno"; then + use_retpoline=0 + fi +fi + + # We use -Werror for the tests only so that we catch warnings like "this is # on by default" for things like -fPIE. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports -Werror" >&5 @@ -6126,18 +6143,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6187,18 +6210,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6263,18 +6292,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6324,18 +6359,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6400,18 +6441,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6461,18 +6508,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6537,18 +6590,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6598,18 +6657,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6674,18 +6739,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6735,18 +6806,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6811,18 +6888,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6872,18 +6955,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -6948,18 +7037,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7009,18 +7104,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7085,18 +7186,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7146,18 +7253,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7222,18 +7335,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7283,18 +7402,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7359,18 +7484,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7420,18 +7551,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7496,18 +7633,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7557,18 +7700,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7633,18 +7782,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7694,18 +7849,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7770,18 +7931,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7831,18 +7998,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7907,18 +8080,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -7968,18 +8147,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8044,18 +8229,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8105,18 +8296,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8181,18 +8378,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8242,18 +8445,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8318,18 +8527,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8379,18 +8594,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8455,18 +8676,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8516,18 +8743,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8569,12 +8802,12 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext } if test "x$use_toolchain_hardening" = "x1"; then { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mretpoline" >&5 -printf %s "checking if $CC supports compile flag -mretpoline... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 +printf %s "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -mretpoline" + CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-mretpoline" + test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8593,18 +8826,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8654,18 +8893,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8704,14 +8949,14 @@ printf "%s\n" "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -} # clang +} { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,retpolineplt" >&5 -printf %s "checking if $LD supports link flag -Wl,-z,retpolineplt... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,relro... " >&6; } saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,retpolineplt" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,retpolineplt" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8730,18 +8975,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8792,18 +9043,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8845,12 +9102,12 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext } { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -D_FORTIFY_SOURCE=2" >&5 -printf %s "checking if $CC supports compile flag -D_FORTIFY_SOURCE=2... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -D_FORTIFY_SOURCE=2" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,now... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-D_FORTIFY_SOURCE=2" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8869,18 +9126,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8897,20 +9160,21 @@ int main(int argc, char **argv) { _ACEOF -if ac_fn_c_try_compile "$LINENO" +if ac_fn_c_try_link "$LINENO" then : if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" else - if test "$cross_compiling" = yes + if test "$cross_compiling" = yes then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" + LDFLAGS="$saved_LDFLAGS $_define_flag" + else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8930,18 +9194,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -8962,11 +9232,11 @@ if ac_fn_c_try_run "$LINENO" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" + LDFLAGS="$saved_LDFLAGS $_define_flag" else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 printf "%s\n" "no, fails at run time" >&6; } - CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -8976,18 +9246,19 @@ fi else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext } { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,relro" >&5 -printf %s "checking if $LD supports link flag -Wl,-z,relro... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; } saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,relro" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,relro" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9006,18 +9277,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9068,18 +9345,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9120,13 +9403,18 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext } + # NB. -ftrapv expects certain support functions to be present in + # the compiler library (libgcc or similar) to detect integer operations + # that can overflow. We must check that the result of enabling it + # actually links. The test program compiled/linked includes a number + # of integer operations that should exercise this. { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,now" >&5 -printf %s "checking if $LD supports link flag -Wl,-z,now... " >&6; } - saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,now" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 +printf %s "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -ftrapv" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,now" + test "x$_define_flag" = "x" && _define_flag="-ftrapv" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9145,18 +9433,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9178,16 +9472,15 @@ then : if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" else - if test "$cross_compiling" = yes + if test "$cross_compiling" = yes then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" - + CFLAGS="$saved_CFLAGS $_define_flag" else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9207,18 +9500,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9239,11 +9538,11 @@ if ac_fn_c_try_run "$LINENO" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" + CFLAGS="$saved_CFLAGS $_define_flag" else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 printf "%s\n" "no, fails at run time" >&6; } - LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -9253,19 +9552,25 @@ fi else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext } - { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,noexecstack" >&5 -printf %s "checking if $LD supports link flag -Wl,-z,noexecstack... " >&6; } - saved_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $WERROR -Wl,-z,noexecstack" + # clang 15 seems to have a bug in -fzero-call-used-regs=all. See + # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and + # https://github.com/llvm/llvm-project/issues/59242 + # clang 17 has a different bug that causes an ICE when using this + # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) + case "$CLANG_VER" in + apple-15*) { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds" >&5 +printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-Wl,-z,noexecstack" + test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9284,18 +9589,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9317,16 +9628,15 @@ then : if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" else - if test "$cross_compiling" = yes + if test "$cross_compiling" = yes then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" - + CFLAGS="$saved_CFLAGS $_define_flag" else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9346,18 +9656,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9378,11 +9694,11 @@ if ac_fn_c_try_run "$LINENO" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - LDFLAGS="$saved_LDFLAGS $_define_flag" + CFLAGS="$saved_CFLAGS $_define_flag" else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 printf "%s\n" "no, fails at run time" >&6; } - LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -9392,24 +9708,20 @@ fi else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - LDFLAGS="$saved_LDFLAGS" + CFLAGS="$saved_CFLAGS" fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -} - # NB. -ftrapv expects certain support functions to be present in - # the compiler library (libgcc or similar) to detect integer operations - # that can overflow. We must check that the result of enabling it - # actually links. The test program compiled/linked includes a number - # of integer operations that should exercise this. - { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrapv and linking succeeds" >&5 -printf %s "checking if $CC supports compile flag -ftrapv and linking succeeds... " >&6; } +} ;; + 17*) ;; + *) { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds" >&5 +printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds... " >&6; } saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -ftrapv" + CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-ftrapv" + test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9428,18 +9740,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9489,18 +9807,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9540,20 +9864,15 @@ printf "%s\n" "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext -} - # clang 15 seems to have a bug in -fzero-call-used-regs=all. See - # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and - # https://github.com/llvm/llvm-project/issues/59242 - # clang 17 has a different bug that causes an ICE when using this - # flag at all (https://bugzilla.mindrot.org/show_bug.cgi?id=3629) - case "$CLANG_VER" in - apple-15*) { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds" >&5 -printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds... " >&6; } +} ;; + esac + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrivial-auto-var-init=zero" >&5 +printf %s "checking if $CC supports compile flag -ftrivial-auto-var-init=zero... " >&6; } saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" + CFLAGS="$CFLAGS $WERROR -ftrivial-auto-var-init=zero" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" + test "x$_define_flag" = "x" && _define_flag="-ftrivial-auto-var-init=zero" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9572,18 +9891,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9600,7 +9925,7 @@ int main(int argc, char **argv) { _ACEOF -if ac_fn_c_try_link "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null @@ -9633,18 +9958,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9682,17 +10013,17 @@ printf "%s\n" "no" >&6; } CFLAGS="$saved_CFLAGS" fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext -} ;; - 17*) ;; - *) { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds" >&5 -printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used and linking succeeds... " >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} + fi + if test "x$use_retpoline" = "x1"; then + { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -mretpoline" >&5 +printf %s "checking if $CC supports compile flag -mretpoline... " >&6; } saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" + CFLAGS="$CFLAGS $WERROR -mretpoline" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" + test "x$_define_flag" = "x" && _define_flag="-mretpoline" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9711,18 +10042,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9739,7 +10076,7 @@ int main(int argc, char **argv) { _ACEOF -if ac_fn_c_try_link "$LINENO" +if ac_fn_c_try_compile "$LINENO" then : if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null @@ -9772,18 +10109,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9821,17 +10164,15 @@ printf "%s\n" "no" >&6; } CFLAGS="$saved_CFLAGS" fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext -} ;; - esac +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} # clang { - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrivial-auto-var-init=zero" >&5 -printf %s "checking if $CC supports compile flag -ftrivial-auto-var-init=zero... " >&6; } - saved_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $WERROR -ftrivial-auto-var-init=zero" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $LD supports link flag -Wl,-z,retpolineplt" >&5 +printf %s "checking if $LD supports link flag -Wl,-z,retpolineplt... " >&6; } + saved_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS $WERROR -Wl,-z,retpolineplt" _define_flag="" - test "x$_define_flag" = "x" && _define_flag="-ftrivial-auto-var-init=zero" + test "x$_define_flag" = "x" && _define_flag="-Wl,-z,retpolineplt" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9850,18 +10191,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9878,20 +10225,21 @@ int main(int argc, char **argv) { _ACEOF -if ac_fn_c_try_compile "$LINENO" +if ac_fn_c_try_link "$LINENO" then : if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" else - if test "$cross_compiling" = yes + if test "$cross_compiling" = yes then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" + LDFLAGS="$saved_LDFLAGS $_define_flag" + else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9911,18 +10259,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -9943,11 +10297,11 @@ if ac_fn_c_try_run "$LINENO" then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } - CFLAGS="$saved_CFLAGS $_define_flag" + LDFLAGS="$saved_LDFLAGS $_define_flag" else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, fails at run time" >&5 printf "%s\n" "no, fails at run time" >&6; } - CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext @@ -9957,10 +10311,11 @@ fi else $as_nop { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } - CFLAGS="$saved_CFLAGS" + LDFLAGS="$saved_LDFLAGS" fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext } fi @@ -11321,18 +11676,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -11382,18 +11743,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -15000,18 +15367,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -15061,18 +15434,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -15137,18 +15516,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -15199,18 +15584,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -16279,6 +16670,23 @@ then : fi +disable_ecdsa= +# Check whether --enable-dsa-keys was given. +if test ${enable_dsa_keys+y} +then : + enableval=$enable_dsa_keys; + if test "x$enableval" = "xno" ; then + disable_ecdsa=1 + fi + + +fi + +test -z "$disable_ecdsa" && + +printf "%s\n" "#define WITH_DSA 1" >>confdefs.h + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 printf %s "checking for library containing dlopen... " >&6; } if test ${ac_cv_search_dlopen+y} @@ -17900,7 +18308,13 @@ then : else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi - openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" + if test -x "${withval}/bin/openssl" && \ + "${withval}/bin/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" + elif test -x "${withval}/apps/openssl" && \ + "${withval}/apps/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" + fi fi @@ -18076,9 +18490,9 @@ printf "%s\n" "$ssl_header_ver" >&6; } else $as_nop - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -printf "%s\n" "not found" >&6; } - as_fn_error $? "OpenSSL version header not found." "$LINENO" 5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +printf "%s\n" "failed" >&6; } + as_fn_error $? "OpenSSL version test program failed." "$LINENO" 5 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -18488,8 +18902,8 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi # Check for OpenSSL without EVP_aes_{192,256}_cbc - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL has crippled AES support" >&5 -printf %s "checking whether OpenSSL has crippled AES support... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL lacks support for AES 192/256" >&5 +printf %s "checking whether OpenSSL lacks support for AES 192/256... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -24874,6 +25288,20 @@ printf "%s\n" "#define _PATH_SSH_PIDDIR \"$piddir\"" >>confdefs.h + +# Check whether --enable-fd-passing was given. +if test ${enable_fd_passing+y} +then : + enableval=$enable_fd_passing; + if test "x$enableval" = "xno" ; then + printf "%s\n" "#define DISABLE_FD_PASSING 1" >>confdefs.h + + fi + + +fi + + # Check whether --enable-lastlog was given. if test ${enable_lastlog+y} then : diff --git a/configure.ac b/configure.ac index 379cd74..82e8bb7 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,7 @@ fi use_stack_protector=1 use_toolchain_hardening=1 +use_retpoline=1 AC_ARG_WITH([stackprotect], [ --without-stackprotect Don't use compiler's stack protection], [ if test "x$withval" = "xno"; then @@ -159,6 +160,11 @@ AC_ARG_WITH([hardening], if test "x$withval" = "xno"; then use_toolchain_hardening=0 fi ]) +AC_ARG_WITH([retpoline], + [ --without-retpoline Enable retpoline spectre mitigation], [ + if test "x$withval" = "xno"; then + use_retpoline=0 + fi ]) # We use -Werror for the tests only so that we catch warnings like "this is # on by default" for things like -fPIE. @@ -216,8 +222,6 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then OSSH_CHECK_CFLAG_COMPILE([-Wbitwise-instead-of-logical]) OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing]) if test "x$use_toolchain_hardening" = "x1"; then - OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang - OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) OSSH_CHECK_CFLAG_COMPILE([-D_FORTIFY_SOURCE=2]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,relro]) OSSH_CHECK_LDFLAG_LINK([-Wl,-z,now]) @@ -240,6 +244,10 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then esac OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero]) fi + if test "x$use_retpoline" = "x1"; then + OSSH_CHECK_CFLAG_COMPILE([-mretpoline]) # clang + OSSH_CHECK_LDFLAG_LINK([-Wl,-z,retpolineplt]) + fi AC_MSG_CHECKING([if $CC accepts -fno-builtin-memset]) saved_CFLAGS="$CFLAGS" @@ -2067,6 +2075,18 @@ AC_ARG_WITH([security-key-builtin], [ enable_sk_internal=$withval ] ) +disable_ecdsa= +AC_ARG_ENABLE([dsa-keys], + [ --disable-dsa-keys disable DSA key support [no]], + [ + if test "x$enableval" = "xno" ; then + disable_ecdsa=1 + fi + ] +) +test -z "$disable_ecdsa" && + AC_DEFINE([WITH_DSA], [1], [Define if to enable DSA keys.]) + AC_SEARCH_LIBS([dlopen], [dl]) AC_CHECK_FUNCS([dlopen]) AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) @@ -2723,7 +2743,15 @@ AC_ARG_WITH([ssl-dir], else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi - openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" + dnl Ensure specified openssl binary works, eg it can + dnl find its runtime libraries, before trying to use. + if test -x "${withval}/bin/openssl" && \ + "${withval}/bin/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/bin${PATH_SEPARATOR}${PATH}" + elif test -x "${withval}/apps/openssl" && \ + "${withval}/apps/openssl" version >/dev/null 2>&1; then + openssl_bin_PATH="${withval}/apps${PATH_SEPARATOR}${PATH}" + fi fi ] ) @@ -2790,8 +2818,8 @@ if test "x$openssl" = "xyes" ; then AC_MSG_RESULT([$ssl_header_ver]) ], [ - AC_MSG_RESULT([not found]) - AC_MSG_ERROR([OpenSSL version header not found.]) + AC_MSG_RESULT([failed]) + AC_MSG_ERROR([OpenSSL version test program failed.]) ], [ AC_MSG_WARN([cross compiling: not checking]) @@ -2994,7 +3022,7 @@ if test "x$openssl" = "xyes" ; then fi # Check for OpenSSL without EVP_aes_{192,256}_cbc - AC_MSG_CHECKING([whether OpenSSL has crippled AES support]) + AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256]) AC_LINK_IFELSE( [AC_LANG_PROGRAM([[ #include <stdlib.h> @@ -5293,6 +5321,16 @@ AC_DEFINE_UNQUOTED([_PATH_SSH_PIDDIR], ["$piddir"], [Specify location of ssh.pid]) AC_SUBST([piddir]) + +AC_ARG_ENABLE([fd-passing], + [ --disable-fd-passing disable file descriptor passsing [no]], + [ + if test "x$enableval" = "xno" ; then + AC_DEFINE([DISABLE_FD_PASSING]) + fi + ] +) + dnl allow user to disable some login recording features AC_ARG_ENABLE([lastlog], [ --disable-lastlog disable use of lastlog even if detected [no]], diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 0524a72..b230971 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%global ver 9.6p1 +%global ver 9.7p1 %global rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index b5082f0..7dbe4db 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 9.6p1 +Version: 9.7p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz @@ -1,4 +1,4 @@ -/* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */ +/* $OpenBSD: gss-genr.c,v 1.29 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved. @@ -278,7 +278,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"}; /* RFC 4462 says we MUST NOT do SPNEGO */ - if (oid->length == spnego_oid.length && + if (oid->length == spnego_oid.length && (memcmp(oid->elements, spnego_oid.elements, oid->length) == 0)) return 0; /* false */ @@ -286,7 +286,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) ssh_gssapi_set_oid(*ctx, oid); major = ssh_gssapi_import_name(*ctx, host); if (!GSS_ERROR(major)) { - major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, + major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, NULL); gss_release_buffer(&minor, &token); if ((*ctx)->context != GSS_C_NO_CONTEXT) @@ -294,7 +294,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host) GSS_C_NO_BUFFER); } - if (GSS_ERROR(major)) + if (GSS_ERROR(major)) ssh_gssapi_delete_ctx(ctx); return (!GSS_ERROR(major)); @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.184 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.185 2024/01/08 00:34:33 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -772,10 +772,11 @@ static int kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) { struct kex *kex = ssh->kex; - int r; + int r, initial = (kex->flags & KEX_INITIAL) != 0; + char *cp, **prop; debug("SSH2_MSG_NEWKEYS received"); - if (kex->ext_info_c && (kex->flags & KEX_INITIAL) != 0) + if (kex->ext_info_c && initial) ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_input_ext_info); ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error); ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); @@ -783,10 +784,32 @@ kex_input_newkeys(int type, u_int32_t seq, struct ssh *ssh) return r; if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) return r; + if (initial) { + /* Remove initial KEX signalling from proposal for rekeying */ + if ((r = kex_buf2prop(kex->my, NULL, &prop)) != 0) + return r; + if ((cp = match_filter_denylist(prop[PROPOSAL_KEX_ALGS], + kex->server ? + "ext-info-s,kex-strict-s-v00@openssh.com" : + "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) { + error_f("match_filter_denylist failed"); + goto fail; + } + free(prop[PROPOSAL_KEX_ALGS]); + prop[PROPOSAL_KEX_ALGS] = cp; + if ((r = kex_prop2buf(ssh->kex->my, prop)) != 0) { + error_f("kex_prop2buf failed"); + fail: + kex_proposal_free_entries(prop); + free(prop); + return SSH_ERR_INTERNAL_ERROR; + } + kex_proposal_free_entries(prop); + free(prop); + } kex->done = 1; kex->flags &= ~KEX_INITIAL; sshbuf_reset(kex->peer); - /* sshbuf_reset(kex->my); */ kex->flags &= ~KEX_INIT_SENT; free(kex->name); kex->name = NULL; @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.121 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.122 2024/02/02 00:13:34 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -109,10 +109,10 @@ enum kex_exchange { #define KEX_INIT_SENT 0x0001 #define KEX_INITIAL 0x0002 #define KEX_HAS_PUBKEY_HOSTBOUND 0x0004 -#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ -#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ -#define KEX_HAS_PING 0x0020 -#define KEX_HAS_EXT_INFO_IN_AUTH 0x0040 +#define KEX_RSA_SHA2_256_SUPPORTED 0x0008 /* only set in server for now */ +#define KEX_RSA_SHA2_512_SUPPORTED 0x0010 /* only set in server for now */ +#define KEX_HAS_PING 0x0020 +#define KEX_HAS_EXT_INFO_IN_AUTH 0x0040 struct sshenc { char *name; diff --git a/m4/openssh.m4 b/m4/openssh.m4 index 5d4c562..033df50 100644 --- a/m4/openssh.m4 +++ b/m4/openssh.m4 @@ -20,18 +20,24 @@ char *f2(char *s, ...) { va_end(args); return strdup(ret); } +const char *f3(int s) { + return s ? "good" : "gooder"; +} int main(int argc, char **argv) { - (void)argv; char b[256], *cp; + const char *s; /* Some math to catch -ftrapv problems in the toolchain */ int i = 123 * argc, j = 456 + argc, k = 789 - argc; float l = i * 2.1; double m = l / 0.5; long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + (void)argv; f(1); - snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + s = f3(f(2)); + snprintf(b, sizeof b, "%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); if (write(1, b, 0) == -1) exit(0); - cp = f2("%d %d %d %f %f %lld %lld\n", i,j,k,l,m,n,o); + cp = f2("%d %d %d %f %f %lld %lld %s\n", i,j,k,l,m,n,o,s); + if (write(1, cp, 0) == -1) exit(0); free(cp); /* * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.189 2023/10/12 03:36:32 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.190 2024/03/04 02:16:11 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -2644,6 +2644,19 @@ opt_array_append(const char *file, const int line, const char *directive, opt_array_append2(file, line, directive, array, NULL, lp, s, 0); } +void +opt_array_free2(char **array, int **iarray, u_int l) +{ + u_int i; + + if (array == NULL || l == 0) + return; + for (i = 0; i < l; i++) + free(array[i]); + free(array); + free(iarray); +} + sshsig_t ssh_signal(int signum, sshsig_t handler) { @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.106 2023/10/11 22:42:26 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.107 2024/03/04 02:16:11 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -210,6 +210,7 @@ void opt_array_append(const char *file, const int line, void opt_array_append2(const char *file, const int line, const char *directive, char ***array, int **iarray, u_int *lp, const char *s, int i); +void opt_array_free2(char **array, int **iarray, u_int l); struct timespec; void ptimeout_init(struct timespec *pt); @@ -71,4 +71,4 @@ STANDARDS M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. -OpenBSD 7.3 April 16, 2022 OpenBSD 7.3 +OpenBSD 7.5 April 16, 2022 OpenBSD 7.5 @@ -1,4 +1,4 @@ -/* $OpenBSD: nchan.c,v 1.74 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: nchan.c,v 1.75 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -349,7 +349,7 @@ chan_is_dead(struct ssh *ssh, Channel *c, int do_send) if (c->flags & CHAN_LOCAL) { debug2("channel %d: is dead (local)", c->self); return 1; - } + } if (!(c->flags & CHAN_CLOSE_SENT)) { if (do_send) { chan_send_close2(ssh, c); diff --git a/openbsd-compat/getopt.h b/openbsd-compat/getopt.h index 65c8bc7..b050fa8 100644 --- a/openbsd-compat/getopt.h +++ b/openbsd-compat/getopt.h @@ -33,6 +33,14 @@ #ifndef _GETOPT_H_ #define _GETOPT_H_ +#ifndef __THROW +# if defined __cplusplus +# define __THROW throw() +# else +# define __THROW +# endif +#endif + /* * GNU-like getopt_long() and 4.4BSD getsubopt()/optreset extensions */ @@ -63,8 +71,8 @@ int getopt_long_only(int, char * const *, const char *, #ifndef _GETOPT_DEFINED_ #define _GETOPT_DEFINED_ -int getopt(int, char * const *, const char *); -int getsubopt(char **, char * const *, char **); +int getopt(int, char * const *, const char *) __THROW; +int getsubopt(char **, char * const *, char **) __THROW; extern char *optarg; /* getopt(3) external variables */ extern int opterr; diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 78faea9..0823d6a 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -48,6 +48,14 @@ #include "blf.h" #include "fnmatch.h" +#ifndef __THROW +# if defined __cplusplus +# define __THROW throw() +# else +# define __THROW +# endif +#endif + #if defined(HAVE_LOGIN_CAP) && !defined(HAVE_LOGIN_GETPWCLASS) # include <login_cap.h> # define login_getpwclass(pw) login_getclass(pw->pw_class) @@ -187,7 +195,7 @@ int getgrouplist(const char *, gid_t, gid_t *, int *); #endif #if !defined(HAVE_GETOPT) || !defined(HAVE_GETOPT_OPTRESET) -int BSDgetopt(int argc, char * const *argv, const char *opts); +int BSDgetopt(int argc, char * const *argv, const char *opts) __THROW; #include "openbsd-compat/getopt.h" #endif @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -890,6 +890,20 @@ parse_token(const char *cp, const char *filename, int linenum, return oBadOption; } +static void +free_canon_cnames(struct allowed_cname *cnames, u_int n) +{ + u_int i; + + if (cnames == NULL || n == 0) + return; + for (i = 0; i < n; i++) { + free(cnames[i].source_list); + free(cnames[i].target_list); + } + free(cnames); +} + /* Multistate option parsing */ struct multistate { char *key; @@ -1032,21 +1046,24 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, { char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p; char **cpptr, ***cppptr, fwdarg[256]; - u_int i, *uintptr, uvalue, max_entries = 0; + u_int i, *uintptr, max_entries = 0; int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; - int remotefwd, dynamicfwd, ca_only = 0; + int remotefwd, dynamicfwd, ca_only = 0, found = 0; LogLevel *log_level_ptr; SyslogFacility *log_facility_ptr; long long val64; size_t len; struct Forward fwd; const struct multistate *multistate_ptr; - struct allowed_cname *cname; glob_t gl; const char *errstr; char **oav = NULL, **av; int oac = 0, ac; int ret = -1; + struct allowed_cname *cnames = NULL; + u_int ncnames = 0; + char **strs = NULL; /* string array arguments; freed implicitly */ + u_int nstrs = 0; if (activep == NULL) { /* We are processing a command line directive */ cmdline = 1; @@ -1662,14 +1679,13 @@ parse_pubkey_algos: case oPermitRemoteOpen: uintptr = &options->num_permitted_remote_opens; cppptr = &options->permitted_remote_opens; - uvalue = *uintptr; /* modified later */ - i = 0; + found = *uintptr == 0; while ((arg = argv_next(&ac, &av)) != NULL) { arg2 = xstrdup(arg); /* Allow any/none only in first position */ if (strcasecmp(arg, "none") == 0 || strcasecmp(arg, "any") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"%s\" " "argument must appear alone.", filename, linenum, keyword, arg); @@ -1695,17 +1711,20 @@ parse_pubkey_algos: lookup_opcode_name(opcode)); } } - if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, - lookup_opcode_name(opcode), - cppptr, uintptr, arg2); - } + opt_array_append(filename, linenum, + lookup_opcode_name(opcode), + &strs, &nstrs, arg2); free(arg2); - i++; } - if (i == 0) + if (nstrs == 0) fatal("%s line %d: missing %s specification", filename, linenum, lookup_opcode_name(opcode)); + if (found && *activep) { + *cppptr = strs; + *uintptr = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case oClearAllForwardings: @@ -1823,12 +1842,14 @@ parse_pubkey_algos: goto parse_int; case oSendEnv: + /* XXX appends to list; doesn't respect first-match-wins */ while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || strchr(arg, '=') != NULL) { error("%s line %d: Invalid environment name.", filename, linenum); goto out; } + found = 1; if (!*activep) continue; if (*arg == '-') { @@ -1840,27 +1861,38 @@ parse_pubkey_algos: lookup_opcode_name(opcode), &options->send_env, &options->num_send_env, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case oSetEnv: - value = options->num_setenv; + found = options->num_setenv == 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (strchr(arg, '=') == NULL) { error("%s line %d: Invalid SetEnv.", filename, linenum); goto out; } - if (!*activep || value != 0) - continue; - if (lookup_setenv_in_list(arg, options->setenv, - options->num_setenv) != NULL) { + if (lookup_setenv_in_list(arg, strs, nstrs) != NULL) { debug2("%s line %d: ignoring duplicate env " "name \"%.64s\"", filename, linenum, arg); continue; } opt_array_append(filename, linenum, lookup_opcode_name(opcode), - &options->setenv, &options->num_setenv, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->setenv = strs; + options->num_setenv = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2069,52 +2101,46 @@ parse_pubkey_algos: goto parse_flag; case oCanonicalDomains: - value = options->num_canonical_domains != 0; - i = 0; + found = options->num_canonical_domains == 0; while ((arg = argv_next(&ac, &av)) != NULL) { - if (*arg == '\0') { - error("%s line %d: keyword %s empty argument", - filename, linenum, keyword); - goto out; - } /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); goto out; } } - i++; if (!valid_domain(arg, 1, &errstr)) { error("%s line %d: %s", filename, linenum, errstr); goto out; } - if (!*activep || value) - continue; - if (options->num_canonical_domains >= - MAX_CANON_DOMAINS) { - error("%s line %d: too many hostname suffixes.", - filename, linenum); - goto out; - } - options->canonical_domains[ - options->num_canonical_domains++] = xstrdup(arg); + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->canonical_domains = strs; + options->num_canonical_domains = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; case oCanonicalizePermittedCNAMEs: - value = options->num_permitted_cnames != 0; - i = 0; + found = options->num_permitted_cnames == 0; while ((arg = argv_next(&ac, &av)) != NULL) { /* * Either 'none' (only in first position), '*' for * everything or 'list:list' */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (ncnames > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); @@ -2135,20 +2161,23 @@ parse_pubkey_algos: *arg2 = '\0'; arg2++; } - i++; - if (!*activep || value) - continue; - if (options->num_permitted_cnames >= - MAX_CANON_DOMAINS) { - error("%s line %d: too many permitted CNAMEs.", - filename, linenum); - goto out; - } - cname = options->permitted_cnames + - options->num_permitted_cnames++; - cname->source_list = xstrdup(arg); - cname->target_list = xstrdup(arg2); - } + cnames = xrecallocarray(cnames, ncnames, ncnames + 1, + sizeof(*cnames)); + cnames[ncnames].source_list = xstrdup(arg); + cnames[ncnames].target_list = xstrdup(arg2); + ncnames++; + } + if (ncnames == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->permitted_cnames = cnames; + options->num_permitted_cnames = ncnames; + cnames = NULL; /* transferred */ + ncnames = 0; + } + /* un-transferred cnames is cleaned up before exit */ break; case oCanonicalizeHostname: @@ -2329,12 +2358,11 @@ parse_pubkey_algos: break; case oChannelTimeout: - uvalue = options->num_channel_timeouts; - i = 0; + found = options->num_channel_timeouts == 0; while ((arg = argv_next(&ac, &av)) != NULL) { /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); @@ -2345,11 +2373,18 @@ parse_pubkey_algos: fatal("%s line %d: invalid channel timeout %s", filename, linenum, arg); } - if (!*activep || uvalue != 0) - continue; opt_array_append(filename, linenum, keyword, - &options->channel_timeouts, - &options->num_channel_timeouts, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->channel_timeouts = strs; + options->num_channel_timeouts = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2381,6 +2416,8 @@ parse_pubkey_algos: /* success */ ret = 0; out: + free_canon_cnames(cnames, ncnames); + opt_array_free2(strs, NULL, nstrs); argv_free(oav, oac); return ret; } @@ -2711,7 +2748,9 @@ fill_default_options(Options * options) add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_ED25519_SK, 0); add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0); +#ifdef WITH_DSA add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0); +#endif } if (options->escape_char == -1) options->escape_char = '~'; @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.156 2024/03/04 02:16:11 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -87,7 +87,7 @@ typedef struct { char *sk_provider; /* Security key provider */ int verify_host_key_dns; /* Verify host key using DNS */ - int num_identity_files; /* Number of files for RSA/DSA identities. */ + int num_identity_files; /* Number of files for identities. */ char *identity_files[SSH_MAX_IDENTITY_FILES]; int identity_file_userprovided[SSH_MAX_IDENTITY_FILES]; struct sshkey *identity_keys[SSH_MAX_IDENTITY_FILES]; @@ -155,12 +155,12 @@ typedef struct { int proxy_use_fdpass; int num_canonical_domains; - char *canonical_domains[MAX_CANON_DOMAINS]; + char **canonical_domains; int canonicalize_hostname; int canonicalize_max_dots; int canonicalize_fallback_local; int num_permitted_cnames; - struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS]; + struct allowed_cname *permitted_cnames; char *revoked_host_keys; diff --git a/regress/Makefile b/regress/Makefile index f5cb9bd..c9a495f 100644 --- a/regress/Makefile +++ b/regress/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.131 2023/12/18 14:50:08 djm Exp $ +# $OpenBSD: Makefile,v 1.133 2024/01/11 04:50:28 djm Exp $ tests: prep file-tests t-exec unit @@ -156,48 +156,67 @@ TEST_SSH_SSHKEYGEN?=ssh-keygen CPPFLAGS=-I.. t1: - ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv - tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv - ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv - awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv - ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/rsa_ssh2.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ + tr '\n' '\r' <${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_cr.prv ; \ + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_cr.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ + awk '{print $$0 "\r"}' ${.CURDIR}/rsa_ssh2.prv > ${.OBJDIR}/rsa_ssh2_crnl.prv ; \ + ${TEST_SSH_SSHKEYGEN} -if ${.OBJDIR}/rsa_ssh2_crnl.prv | diff - ${.CURDIR}/rsa_openssh.prv ; \ + fi t2: - cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out - chmod 600 $(OBJ)/t2.out - ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ + cat ${.CURDIR}/rsa_openssh.prv > $(OBJ)/t2.out ; \ + chmod 600 $(OBJ)/t2.out ; \ + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t2.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ + fi t3: - ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out - ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ + ${TEST_SSH_SSHKEYGEN} -ef ${.CURDIR}/rsa_openssh.pub >$(OBJ)/t3.out ; \ + ${TEST_SSH_SSHKEYGEN} -if $(OBJ)/t3.out | diff - ${.CURDIR}/rsa_openssh.pub ; \ + fi t4: - ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t4.ok + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ + ${TEST_SSH_SSHKEYGEN} -E md5 -lf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t4.ok ; \ + fi t5: - ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t5.ok - + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-rsa" ; then \ + ${TEST_SSH_SSHKEYGEN} -Bf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t5.ok ; \ + fi t6: - ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 - ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 - chmod 600 $(OBJ)/t6.out1 - ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.prv > $(OBJ)/t6.out1 ; \ + ${TEST_SSH_SSHKEYGEN} -if ${.CURDIR}/dsa_ssh2.pub > $(OBJ)/t6.out2 ; \ + chmod 600 $(OBJ)/t6.out1 ; \ + ${TEST_SSH_SSHKEYGEN} -yf $(OBJ)/t6.out1 | diff - $(OBJ)/t6.out2 ; \ + fi $(OBJ)/t7.out: - ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ + ${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@ ; \ + fi t7: $(OBJ)/t7.out - ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t7.out > /dev/null ; \ + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t7.out > /dev/null ; \ + fi $(OBJ)/t8.out: - ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ + set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \ + ${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@ ; \ + fi t8: $(OBJ)/t8.out - ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null - ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null + set -xe ; if ssh -Q key | grep -q "^ssh-dss" ; then \ + ${TEST_SSH_SSHKEYGEN} -lf $(OBJ)/t8.out > /dev/null ; \ + ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t8.out > /dev/null ; \ + fi $(OBJ)/t9.out: ! ${TEST_SSH_SSH} -Q key-plain | grep ecdsa >/dev/null || \ @@ -218,8 +237,10 @@ t10: $(OBJ)/t10.out ${TEST_SSH_SSHKEYGEN} -Bf $(OBJ)/t10.out > /dev/null t11: - ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ - awk '{print $$2}' | diff - ${.CURDIR}/t11.ok + set -xe ; if ${TEST_SSH_SSH} -Q key | grep -q "^ssh-dss" ; then \ + ${TEST_SSH_SSHKEYGEN} -E sha256 -lf ${.CURDIR}/rsa_openssh.pub |\ + awk '{print $$2}' | diff - ${.CURDIR}/t11.ok ; \ + fi $(OBJ)/t12.out: ${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@ diff --git a/regress/channel-timeout.sh b/regress/channel-timeout.sh index 1c42e83..97708f2 100644 --- a/regress/channel-timeout.sh +++ b/regress/channel-timeout.sh @@ -1,10 +1,33 @@ -# $OpenBSD: channel-timeout.sh,v 1.1 2023/01/06 08:07:39 djm Exp $ +# $OpenBSD: channel-timeout.sh,v 1.2 2024/01/09 22:19:36 djm Exp $ # Placed in the Public Domain. tid="channel timeout" # XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive +rm -f $OBJ/finished.* $OBJ/mux.* + +MUXPATH=$OBJ/mux.$$ +open_mux() { + ${SSH} -nNfM -oControlPath=$MUXPATH -F $OBJ/ssh_proxy "$@" somehost || + fatal "open mux failed" + test -e $MUXPATH || fatal "mux socket $MUXPATH not established" +} + +close_mux() { + test -e $MUXPATH || fatal "mux socket $MUXPATH missing" + ${SSH} -qF $OBJ/ssh_proxy -oControlPath=$MUXPATH -O exit somehost || + fatal "could not terminate mux process" + for x in 1 2 3 4 5 6 7 8 9 10 ; do + test -e $OBJ/mux && break + sleep 1 + done + test -e $MUXPATH && fatal "mux did not clean up" +} +mux_client() { + ${SSH} -F $OBJ/ssh_proxy -oControlPath=$MUXPATH somehost "$@" +} + rm -f $OBJ/sshd_proxy.orig cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig @@ -24,6 +47,15 @@ if [ $r -ne 255 ]; then fail "ssh returned unexpected error code $r" fi +verbose "command long timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=60") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "exit 23" +r=$? +if [ $r -ne 23 ]; then + fail "ssh returned unexpected error code $r" +fi + verbose "command wildcard timeout" (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \ > $OBJ/sshd_proxy @@ -42,6 +74,45 @@ if [ $r -ne 23 ]; then fail "ssh failed" fi +if config_defined DISABLE_FD_PASSING ; then + verbose "skipping multiplexing tests" +else + verbose "multiplexed command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 5 ; exit 23" + r=$? + if [ $r -ne 255 ]; then + fail "ssh returned unexpected error code $r" + fi + close_mux + + verbose "irrelevant multiplexed command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 5 ; exit 23" + r=$? + if [ $r -ne 23 ]; then + fail "ssh returned unexpected error code $r" + fi + close_mux + + verbose "global command timeout" + (cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout global=10") \ + > $OBJ/sshd_proxy + open_mux + mux_client "sleep 1 ; echo ok ; sleep 1; echo ok; sleep 60; touch $OBJ/finished.1" >/dev/null & + mux_client "sleep 60 ; touch $OBJ/finished.2" >/dev/null & + mux_client "sleep 2 ; touch $OBJ/finished.3" >/dev/null & + wait + test -f $OBJ/finished.1 && fail "first mux process completed" + test -f $OBJ/finished.2 && fail "second mux process completed" + test -f $OBJ/finished.3 || fail "third mux process did not complete" + close_mux +fi + # Set up a "slow sftp server" that sleeps before executing the real one. cat > $OBJ/slow-sftp-server.sh << _EOF #!/bin/sh @@ -88,4 +159,3 @@ if [ $r -ne 0 ]; then fail "sftp failed" fi cmp $DATA $COPY || fail "corrupted copy" - diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh index 5a4aa6d..85901ea 100644 --- a/regress/dynamic-forward.sh +++ b/regress/dynamic-forward.sh @@ -1,4 +1,4 @@ -# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $ +# $OpenBSD: dynamic-forward.sh,v 1.17 2024/03/08 11:34:10 dtucker Exp $ # Placed in the Public Domain. tid="dynamic forwarding" @@ -20,6 +20,7 @@ start_ssh() { arg="$2" n=0 error="1" + # Use a multiplexed ssh so we can control its lifecycle. trace "start dynamic -$direction forwarding, fork to background" (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config ${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \ @@ -56,9 +57,9 @@ check_socks() { for s in 4 5; do for h in 127.0.0.1 localhost; do trace "testing ssh socks version $s host $h (-$direction)" - ${REAL_SSH} -q -F $OBJ/ssh_config \ - -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ - somehost cat ${DATA} > ${COPY} + ${REAL_SSH} -q -F $OBJ/ssh_config -o \ + "ProxyCommand ${TEST_SHELL} -c '${proxycmd}${s} $h $PORT 2>/dev/null'" \ + somehost cat ${DATA} > ${COPY} r=$? if [ "x$expect_success" = "xY" ] ; then if [ $r -ne 0 ] ; then diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile index 0b4238f..1072130 100644 --- a/regress/misc/fuzz-harness/Makefile +++ b/regress/misc/fuzz-harness/Makefile @@ -1,10 +1,10 @@ # NB. libssh and libopenbsd-compat should be built with the same sanitizer opts. -CC=clang-11 -CXX=clang++-11 +CC=clang-16 +CXX=clang++-16 FUZZ_FLAGS=-fsanitize=address,fuzzer -fno-omit-frame-pointer -FUZZ_LIBS=-lFuzzer +FUZZ_LIBS=-L/usr/lib/llvm-16/lib -lFuzzer -CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS) +CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I ../../.. $(FUZZ_FLAGS) CFLAGS=$(CXXFLAGS) LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS) LIBS=-lssh -lopenbsd-compat -lmd -lcrypto -lfido2 -lcbor $(FUZZ_LIBS) diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c index 1d41982..c3051c7 100644 --- a/regress/misc/fuzz-harness/agent_fuzz_helper.c +++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c @@ -175,3 +175,10 @@ test_one(const uint8_t* s, size_t slen) cleanup_idtab(); cleanup_sockettab(); } + +int +pkcs11_make_cert(const struct sshkey *priv, + const struct sshkey *certpub, struct sshkey **certprivp) +{ + return -1; /* XXX */ +} diff --git a/regress/multiplex.sh b/regress/multiplex.sh index 8282d0d..b992cd4 100644 --- a/regress/multiplex.sh +++ b/regress/multiplex.sh @@ -8,8 +8,7 @@ tid="connection multiplexing" trace "will use ProxyCommand $proxycmd" if config_defined DISABLE_FD_PASSING ; then - echo "skipped (not supported on this platform)" - exit 0 + skip "not supported on this platform (FD passing disabled)" fi P=3301 # test port diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh index 5b8e25a..30f6461 100644 --- a/regress/putty-ciphers.sh +++ b/regress/putty-ciphers.sh @@ -1,24 +1,47 @@ -# $OpenBSD: putty-ciphers.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-ciphers.sh,v 1.13 2024/02/09 08:56:59 dtucker Exp $ # Placed in the Public Domain. tid="putty ciphers" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi +puttysetup -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak -for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do - verbose "$tid: cipher $c" +# Since there doesn't seem to be a way to set MACs on the PuTTY client side, +# we force each in turn on the server side, omitting the ones PuTTY doesn't +# support. Grepping the binary is pretty janky, but AFAIK there's no way to +# query for supported algos. +macs="" +for m in `${SSH} -Q MACs`; do + if strings "${PLINK}" | grep -E "^${m}$" >/dev/null; then + macs="${macs} ${m}" + else + trace "omitting unsupported MAC ${m}" + fi +done + +ciphers="" +for c in `${SSH} -Q Ciphers`; do + if strings "${PLINK}" | grep -E "^${c}$" >/dev/null; then + ciphers="${ciphers} ${c}" + else + trace "omitting unsupported cipher ${c}" + fi +done + +for c in default $ciphers; do + for m in default ${macs}; do + verbose "$tid: cipher $c mac $m" cp ${OBJ}/.putty/sessions/localhost_proxy \ ${OBJ}/.putty/sessions/cipher_$c - echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + if [ "${c}" != "default" ]; then + echo "Cipher=$c" >> ${OBJ}/.putty/sessions/cipher_$c + fi + + cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy + if [ "${m}" != "default" ]; then + echo "MACs $m" >> ${OBJ}/sshd_proxy + fi rm -f ${COPY} env HOME=$PWD ${PLINK} -load cipher_$c -batch -i ${OBJ}/putty.rsa2 \ @@ -27,6 +50,6 @@ for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do fail "ssh cat $DATA failed" fi cmp ${DATA} ${COPY} || fail "corrupted copy" + done done rm -f ${COPY} - diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh index c75802a..22f8bd7 100644 --- a/regress/putty-kex.sh +++ b/regress/putty-kex.sh @@ -1,28 +1,36 @@ -# $OpenBSD: putty-kex.sh,v 1.9 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-kex.sh,v 1.11 2024/02/09 08:56:59 dtucker Exp $ # Placed in the Public Domain. tid="putty KEX" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi +puttysetup -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +cp ${OBJ}/sshd_proxy ${OBJ}/sshd_proxy_bak -for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do +# Enable group1, which PuTTY now disables by default +echo "KEX=dh-group1-sha1" >>${OBJ}/.putty/sessions/localhost_proxy + +# Grepping algos out of the binary is pretty janky, but AFAIK there's no way +# to query supported algos. +kex="" +for k in `$SSH -Q kex`; do + if strings "${PLINK}" | grep -E "^${k}$" >/dev/null; then + kex="${kex} ${k}" + else + trace "omitting unsupported KEX ${k}" + fi +done + +for k in ${kex}; do verbose "$tid: kex $k" - cp ${OBJ}/.putty/sessions/localhost_proxy \ - ${OBJ}/.putty/sessions/kex_$k - echo "KEX=$k" >> ${OBJ}/.putty/sessions/kex_$k + cp ${OBJ}/sshd_proxy_bak ${OBJ}/sshd_proxy + echo "KexAlgorithms ${k}" >>${OBJ}/sshd_proxy - env HOME=$PWD ${PLINK} -load kex_$k -batch -i ${OBJ}/putty.rsa2 true + env HOME=$PWD ${PLINK} -v -load localhost_proxy -batch -i ${OBJ}/putty.rsa2 true \ + 2>${OBJ}/log/putty-kex-$k.log if [ $? -ne 0 ]; then fail "KEX $k failed" fi + kexmsg=`grep -E '^Doing.* key exchange' ${OBJ}/log/putty-kex-$k.log` + trace putty: ${kexmsg} done - diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh index a6864f9..1920f49 100644 --- a/regress/putty-transfer.sh +++ b/regress/putty-transfer.sh @@ -1,18 +1,9 @@ -# $OpenBSD: putty-transfer.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $ +# $OpenBSD: putty-transfer.sh,v 1.12 2024/02/09 08:47:42 dtucker Exp $ # Placed in the Public Domain. tid="putty transfer data" -if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then - skip "putty interop tests not enabled" -fi - -# Re-enable ssh-rsa on older PuTTY versions. -oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`" -if [ "x$oldver" = "xyes" ]; then - echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy - echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy -fi +puttysetup if [ "`${SSH} -Q compression`" = "none" ]; then comp="0" diff --git a/regress/test-exec.sh b/regress/test-exec.sh index 089ef73..ad62794 100644 --- a/regress/test-exec.sh +++ b/regress/test-exec.sh @@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.105 2023/10/31 04:15:40 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.108 2024/03/08 11:34:10 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -104,6 +104,9 @@ DBCLIENT=/usr/local/bin/dbclient DROPBEARKEY=/usr/local/bin/dropbearkey DROPBEARCONVERT=/usr/local/bin/dropbearconvert +# So we can override this in Portable. +TEST_SHELL="${TEST_SHELL:-/bin/sh}" + # Tools used by multiple tests NC=$OBJ/netcat # Always use the one configure tells us to, even if that's empty. @@ -761,7 +764,11 @@ case "$SCRIPT" in *) REGRESS_INTEROP_PUTTY=no ;; esac -if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then +puttysetup() { + if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then + skip "putty interop tests not enabled" + fi + mkdir -p ${OBJ}/.putty # Add a PuTTY key to authorized_keys @@ -794,9 +801,24 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy + PUTTYVER="`${PLINK} --version | awk '/plink: Release/{print $3}'`" + PUTTYMINORVER="`echo ${PUTTYVER} | cut -f2 -d.`" + verbose "plink version ${PUTTYVER} minor ${PUTTYMINORVER}" + + # Re-enable ssh-rsa on older PuTTY versions since they don't do newer + # key types. + if [ "$PUTTYMINORVER" -lt "76" ]; then + echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy + echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy + fi + + if [ "$PUTTYMINORVER" -le "64" ]; then + echo "KexAlgorithms +diffie-hellman-group14-sha1" \ + >>${OBJ}/sshd_proxy + fi PUTTYDIR=${OBJ}/.putty export PUTTYDIR -fi +} REGRESS_INTEROP_DROPBEAR=no if test -x "$DROPBEARKEY" -a -x "$DBCLIENT" -a -x "$DROPBEARCONVERT"; then diff --git a/regress/unittests/Makefile.inc b/regress/unittests/Makefile.inc index 623896f..98e2804 100644 --- a/regress/unittests/Makefile.inc +++ b/regress/unittests/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.15 2023/09/24 08:14:13 claudio Exp $ +# $OpenBSD: Makefile.inc,v 1.16 2024/01/11 01:45:58 djm Exp $ .include <bsd.own.mk> .include <bsd.obj.mk> @@ -13,6 +13,11 @@ TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTIONS} # XXX detect from ssh binary? OPENSSL?= yes +DSAKEY?= yes + +.if (${DSAKEY:L} == "yes") +CFLAGS+= -DWITH_DSA +.endif .if (${OPENSSL:L} == "yes") CFLAGS+= -DWITH_OPENSSL diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c index 84f26b5..7efb8e1 100644 --- a/regress/unittests/hostkeys/test_iterate.c +++ b/regress/unittests/hostkeys/test_iterate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_iterate.c,v 1.8 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_iterate.c,v 1.9 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test for hostfile.h hostkeys_foreach() * @@ -94,6 +94,11 @@ check(struct hostkey_foreach_line *l, void *_ctx) expected->no_parse_keytype == KEY_ECDSA) skip = 1; #endif /* OPENSSL_HAS_ECC */ +#ifndef WITH_DSA + if (expected->l.keytype == KEY_DSA || + expected->no_parse_keytype == KEY_DSA) + skip = 1; +#endif #ifndef WITH_OPENSSL if (expected->l.keytype == KEY_DSA || expected->no_parse_keytype == KEY_DSA || @@ -155,6 +160,10 @@ prepare_expected(struct expected *expected, size_t n) if (expected[i].l.keytype == KEY_ECDSA) continue; #endif /* OPENSSL_HAS_ECC */ +#ifndef WITH_DSA + if (expected[i].l.keytype == KEY_DSA) + continue; +#endif #ifndef WITH_OPENSSL switch (expected[i].l.keytype) { case KEY_RSA: diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c index c26761e..dc1014e 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_kex.c,v 1.6 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_kex.c,v 1.7 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test KEX * @@ -179,7 +179,9 @@ do_kex(char *kex) { #ifdef WITH_OPENSSL do_kex_with_key(kex, KEY_RSA, 2048); +#ifdef WITH_DSA do_kex_with_key(kex, KEY_DSA, 1024); +#endif #ifdef OPENSSL_HAS_ECC do_kex_with_key(kex, KEY_ECDSA, 256); #endif /* OPENSSL_HAS_ECC */ diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c index 488944c..4528405 100644 --- a/regress/unittests/sshkey/test_file.c +++ b/regress/unittests/sshkey/test_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_file.c,v 1.10 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_file.c,v 1.11 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -165,6 +165,7 @@ sshkey_file_tests(void) sshkey_free(k1); +#ifdef WITH_DSA TEST_START("parse DSA from private"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -255,6 +256,7 @@ sshkey_file_tests(void) TEST_DONE(); sshkey_free(k1); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("parse ECDSA from private"); diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c index 2fae19d..0aff7c9 100644 --- a/regress/unittests/sshkey/test_fuzz.c +++ b/regress/unittests/sshkey/test_fuzz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_fuzz.c,v 1.13 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_fuzz.c,v 1.14 2024/01/11 01:45:58 djm Exp $ */ /* * Fuzz tests for key parsing * @@ -160,6 +160,7 @@ sshkey_fuzz_tests(void) fuzz_cleanup(fuzz); TEST_DONE(); +#ifdef WITH_DSA TEST_START("fuzz DSA private"); buf = load_file("dsa_1"); fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf), @@ -203,6 +204,7 @@ sshkey_fuzz_tests(void) sshbuf_free(fuzzed); fuzz_cleanup(fuzz); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA private"); @@ -288,6 +290,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("fuzz DSA public"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -301,6 +304,7 @@ sshkey_fuzz_tests(void) public_fuzz(k1); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA public"); @@ -358,6 +362,7 @@ sshkey_fuzz_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("fuzz DSA sig"); buf = load_file("dsa_1"); ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0); @@ -365,6 +370,7 @@ sshkey_fuzz_tests(void) sig_fuzz(k1, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("fuzz ECDSA sig"); diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c index cc359ae..c1cbb11 100644 --- a/regress/unittests/sshkey/test_sshkey.c +++ b/regress/unittests/sshkey/test_sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.24 2024/01/11 01:45:58 djm Exp $ */ /* * Regress test for sshkey.h key management API * @@ -180,14 +180,14 @@ get_private(const char *n) void sshkey_tests(void) { - struct sshkey *k1, *k2, *k3, *kf; + struct sshkey *k1 = NULL, *k2 = NULL, *k3 = NULL, *kf = NULL; #ifdef WITH_OPENSSL - struct sshkey *k4, *kr, *kd; + struct sshkey *k4 = NULL, *kr = NULL, *kd = NULL; #ifdef OPENSSL_HAS_ECC - struct sshkey *ke; + struct sshkey *ke = NULL; #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ - struct sshbuf *b; + struct sshbuf *b = NULL; TEST_START("new invalid"); k1 = sshkey_new(-42); @@ -208,12 +208,14 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("new/free KEY_DSA"); k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("new/free KEY_ECDSA"); @@ -245,12 +247,14 @@ sshkey_tests(void) ASSERT_PTR_EQ(k1, NULL); TEST_DONE(); +#ifdef WITH_DSA TEST_START("generate KEY_DSA wrong bits"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1), SSH_ERR_KEY_LENGTH); ASSERT_PTR_EQ(k1, NULL); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("generate KEY_ECDSA wrong bits"); @@ -273,6 +277,7 @@ sshkey_tests(void) ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024); TEST_DONE(); +#ifdef WITH_DSA TEST_START("generate KEY_DSA"); ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); ASSERT_PTR_NE(kd, NULL); @@ -280,6 +285,7 @@ sshkey_tests(void) ASSERT_PTR_NE(dsa_g(kd), NULL); ASSERT_PTR_NE(dsa_priv_key(kd), NULL); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("generate KEY_ECDSA"); @@ -317,6 +323,7 @@ sshkey_tests(void) sshkey_free(k1); TEST_DONE(); +#ifdef WITH_DSA TEST_START("demote KEY_DSA"); ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0); ASSERT_PTR_NE(k1, NULL); @@ -331,6 +338,7 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(kd, k1), 1); sshkey_free(k1); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("demote KEY_ECDSA"); @@ -382,9 +390,6 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0); ASSERT_INT_EQ(sshkey_equal(kr, k1), 0); sshkey_free(k1); - ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k1), 0); - ASSERT_INT_EQ(sshkey_equal(kd, k1), 0); - sshkey_free(k1); #ifdef OPENSSL_HAS_ECC ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0); ASSERT_INT_EQ(sshkey_equal(ke, k1), 0); @@ -479,6 +484,7 @@ sshkey_tests(void) sshkey_free(k2); TEST_DONE(); +#ifdef WITH_DSA TEST_START("sign and verify DSA"); k1 = get_private("dsa_1"); ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2, @@ -487,6 +493,7 @@ sshkey_tests(void) sshkey_free(k1); sshkey_free(k2); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("sign and verify ECDSA"); diff --git a/regress/unittests/sshsig/tests.c b/regress/unittests/sshsig/tests.c index 13cfcfd..80966bd 100644 --- a/regress/unittests/sshsig/tests.c +++ b/regress/unittests/sshsig/tests.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.3 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: tests.c,v 1.4 2024/01/11 01:45:59 djm Exp $ */ /* * Regress test for sshbuf.h buffer API * @@ -103,9 +103,11 @@ tests(void) check_sig("rsa.pub", "rsa.sig", msg, namespace); TEST_DONE(); +#ifdef WITH_DSA TEST_START("check DSA signature"); check_sig("dsa.pub", "dsa.sig", msg, namespace); TEST_DONE(); +#endif #ifdef OPENSSL_HAS_ECC TEST_START("check ECDSA signature"); @@ -229,4 +229,4 @@ CAVEATS requires careful quoting of any characters that have special meaning to the remote shell, such as quote characters. -OpenBSD 7.3 December 16, 2022 OpenBSD 7.3 +OpenBSD 7.5 December 16, 2022 OpenBSD 7.5 @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.403 2023/10/11 22:42:26 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.405 2024/03/04 02:16:11 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1298,12 +1298,12 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct include_list *includes) { char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; - int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; - int ca_only = 0; + int cmdline = 0, *intptr, value, value2, n, port, oactive, r; + int ca_only = 0, found = 0; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; ServerOpCodes opcode; - u_int i, *uintptr, uvalue, flags = 0; + u_int i, *uintptr, flags = 0; size_t len; long long val64; const struct multistate *multistate_ptr; @@ -1313,6 +1313,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, char **oav = NULL, **av; int oac = 0, ac; int ret = -1; + char **strs = NULL; /* string array arguments; freed implicitly */ + u_int nstrs = 0; /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ if ((len = strlen(line)) == 0) @@ -1775,7 +1777,6 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sLogVerbose: found = options->num_log_verbose == 0; - i = 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') { error("%s line %d: keyword %s empty argument", @@ -1784,19 +1785,25 @@ process_server_config_line_depth(ServerOptions *options, char *line, } /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); goto out; } } - i++; - if (!found || !*activep) - continue; opt_array_append(filename, linenum, keyword, - &options->log_verbose, &options->num_log_verbose, - arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->log_verbose = strs; + options->num_log_verbose = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -1822,16 +1829,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, chararrayptr = &options->allow_users; uintptr = &options->num_allow_users; parse_allowdenyusers: + /* XXX appends to list; doesn't respect first-match-wins */ while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || match_user(NULL, NULL, NULL, arg) == -1) fatal("%s line %d: invalid %s pattern: \"%s\"", filename, linenum, keyword, arg); + found = 1; if (!*activep) continue; opt_array_append(filename, linenum, keyword, chararrayptr, uintptr, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case sDenyUsers: @@ -1842,16 +1855,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sAllowGroups: chararrayptr = &options->allow_groups; uintptr = &options->num_allow_groups; + /* XXX appends to list; doesn't respect first-match-wins */ parse_allowdenygroups: while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') fatal("%s line %d: empty %s pattern", filename, linenum, keyword); + found = 1; if (!*activep) continue; opt_array_append(filename, linenum, keyword, chararrayptr, uintptr, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case sDenyGroups: @@ -1945,7 +1964,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, arg = argv_assemble(1, &arg); /* quote command correctly */ arg2 = argv_assemble(ac, av); /* rest of command */ xasprintf(&options->subsystem_args[options->num_subsystems], - "%s %s", arg, arg2); + "%s%s%s", arg, *arg2 == '\0' ? "" : " ", arg2); free(arg2); argv_consume(&ac); options->num_subsystems++; @@ -2035,7 +2054,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, * AuthorizedKeysFile /etc/ssh_keys/%u */ case sAuthorizedKeysFile: - uvalue = options->num_authkeys_files; + found = options->num_authkeys_files == 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') { error("%s line %d: keyword %s empty argument", @@ -2043,13 +2062,20 @@ process_server_config_line_depth(ServerOptions *options, char *line, goto out; } arg2 = tilde_expand_filename(arg, getuid()); - if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, keyword, - &options->authorized_keys_files, - &options->num_authkeys_files, arg2); - } + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg2); free(arg2); } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->authorized_keys_files = strs; + options->num_authkeys_files = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case sAuthorizedPrincipalsFile: @@ -2075,34 +2101,47 @@ process_server_config_line_depth(ServerOptions *options, char *line, goto parse_int; case sAcceptEnv: + /* XXX appends to list; doesn't respect first-match-wins */ while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || strchr(arg, '=') != NULL) fatal("%s line %d: Invalid environment name.", filename, linenum); + found = 1; if (!*activep) continue; opt_array_append(filename, linenum, keyword, &options->accept_env, &options->num_accept_env, arg); } + if (!found) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } break; case sSetEnv: - uvalue = options->num_setenv; + found = options->num_setenv == 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0' || strchr(arg, '=') == NULL) fatal("%s line %d: Invalid environment.", filename, linenum); - if (!*activep || uvalue != 0) - continue; - if (lookup_setenv_in_list(arg, options->setenv, - options->num_setenv) != NULL) { + if (lookup_setenv_in_list(arg, strs, nstrs) != NULL) { debug2("%s line %d: ignoring duplicate env " "name \"%.64s\"", filename, linenum, arg); continue; } opt_array_append(filename, linenum, keyword, - &options->setenv, &options->num_setenv, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->setenv = strs; + options->num_setenv = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2253,21 +2292,20 @@ process_server_config_line_depth(ServerOptions *options, char *line, uintptr = &options->num_permitted_opens; chararrayptr = &options->permitted_opens; } - arg = argv_next(&ac, &av); - if (!arg || *arg == '\0') - fatal("%s line %d: %s missing argument.", - filename, linenum, keyword); - uvalue = *uintptr; /* modified later */ - if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { - if (*activep && uvalue == 0) { - *uintptr = 1; - *chararrayptr = xcalloc(1, - sizeof(**chararrayptr)); - (*chararrayptr)[0] = xstrdup(arg); + found = *uintptr == 0; + while ((arg = argv_next(&ac, &av)) != NULL) { + if (strcmp(arg, "any") == 0 || + strcmp(arg, "none") == 0) { + if (nstrs != 0) { + fatal("%s line %d: %s must appear " + "alone on a %s line.", + filename, linenum, arg, keyword); + } + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg); + continue; } - break; - } - for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) { + if (opcode == sPermitListen && strchr(arg, ':') == NULL) { /* @@ -2289,12 +2327,20 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("%s line %d: %s bad port number", filename, linenum, keyword); } - if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, keyword, - chararrayptr, uintptr, arg2); - } + opt_array_append(filename, linenum, keyword, + &strs, &nstrs, arg2); free(arg2); } + if (nstrs == 0) { + fatal("%s line %d: %s missing argument.", + filename, linenum, keyword); + } + if (found && *activep) { + *chararrayptr = strs; + *uintptr = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case sForceCommand: @@ -2419,10 +2465,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sAuthenticationMethods: found = options->num_auth_methods == 0; value = 0; /* seen "any" pseudo-method */ - value2 = 0; /* successfully parsed any method */ while ((arg = argv_next(&ac, &av)) != NULL) { if (strcmp(arg, "any") == 0) { - if (options->num_auth_methods > 0) { + if (nstrs > 0) { fatal("%s line %d: \"any\" must " "appear alone in %s", filename, linenum, keyword); @@ -2435,17 +2480,19 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("%s line %d: invalid %s method list.", filename, linenum, keyword); } - value2 = 1; - if (!found || !*activep) - continue; opt_array_append(filename, linenum, keyword, - &options->auth_methods, - &options->num_auth_methods, arg); + &strs, &nstrs, arg); } - if (value2 == 0) { + if (nstrs == 0) { fatal("%s line %d: no %s specified", filename, linenum, keyword); } + if (found && *activep) { + options->auth_methods = strs; + options->num_auth_methods = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; + } break; case sStreamLocalBindMask: @@ -2505,12 +2552,11 @@ process_server_config_line_depth(ServerOptions *options, char *line, goto parse_int; case sChannelTimeout: - uvalue = options->num_channel_timeouts; - i = 0; + found = options->num_channel_timeouts == 0; while ((arg = argv_next(&ac, &av)) != NULL) { /* Allow "none" only in first position */ if (strcasecmp(arg, "none") == 0) { - if (i > 0 || ac > 0) { + if (nstrs > 0 || ac > 0) { error("%s line %d: keyword %s \"none\" " "argument must appear alone.", filename, linenum, keyword); @@ -2521,11 +2567,18 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("%s line %d: invalid channel timeout %s", filename, linenum, arg); } - if (!*activep || uvalue != 0) - continue; opt_array_append(filename, linenum, keyword, - &options->channel_timeouts, - &options->num_channel_timeouts, arg); + &strs, &nstrs, arg); + } + if (nstrs == 0) { + fatal("%s line %d: no %s specified", + filename, linenum, keyword); + } + if (found && *activep) { + options->channel_timeouts = strs; + options->num_channel_timeouts = nstrs; + strs = NULL; /* transferred */ + nstrs = 0; } break; @@ -2565,6 +2618,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, /* success */ ret = 0; out: + opt_array_free2(strs, NULL, nstrs); argv_free(oav, oac); return ret; } @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.336 2023/08/10 23:05:48 djm Exp $ */ +/* $OpenBSD: session.c,v 1.337 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1327,7 +1327,7 @@ safely_chroot(const char *path, uid_t uid) memcpy(component, path, cp - path); component[cp - path] = '\0'; } - + debug3_f("checking '%s'", component); if (stat(component, &st) != 0) diff --git a/sftp-server.0 b/sftp-server.0 index 22c307f..23fdda3 100644 --- a/sftp-server.0 +++ b/sftp-server.0 @@ -95,4 +95,4 @@ HISTORY AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 7.3 July 27, 2021 OpenBSD 7.3 +OpenBSD 7.5 July 27, 2021 OpenBSD 7.5 @@ -435,4 +435,4 @@ SEE ALSO T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. -OpenBSD 7.3 December 16, 2022 OpenBSD 7.3 +OpenBSD 7.5 December 16, 2022 OpenBSD 7.5 @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.236 2023/09/10 23:12:32 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.237 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -177,24 +177,24 @@ struct CMD { #define LOCAL 2 static const struct CMD cmds[] = { - { "bye", I_QUIT, NOARGS, NOARGS }, - { "cd", I_CHDIR, REMOTE, NOARGS }, - { "chdir", I_CHDIR, REMOTE, NOARGS }, - { "chgrp", I_CHGRP, REMOTE, NOARGS }, - { "chmod", I_CHMOD, REMOTE, NOARGS }, - { "chown", I_CHOWN, REMOTE, NOARGS }, - { "copy", I_COPY, REMOTE, LOCAL }, - { "cp", I_COPY, REMOTE, LOCAL }, - { "df", I_DF, REMOTE, NOARGS }, - { "dir", I_LS, REMOTE, NOARGS }, - { "exit", I_QUIT, NOARGS, NOARGS }, - { "get", I_GET, REMOTE, LOCAL }, - { "help", I_HELP, NOARGS, NOARGS }, + { "bye", I_QUIT, NOARGS, NOARGS }, + { "cd", I_CHDIR, REMOTE, NOARGS }, + { "chdir", I_CHDIR, REMOTE, NOARGS }, + { "chgrp", I_CHGRP, REMOTE, NOARGS }, + { "chmod", I_CHMOD, REMOTE, NOARGS }, + { "chown", I_CHOWN, REMOTE, NOARGS }, + { "copy", I_COPY, REMOTE, LOCAL }, + { "cp", I_COPY, REMOTE, LOCAL }, + { "df", I_DF, REMOTE, NOARGS }, + { "dir", I_LS, REMOTE, NOARGS }, + { "exit", I_QUIT, NOARGS, NOARGS }, + { "get", I_GET, REMOTE, LOCAL }, + { "help", I_HELP, NOARGS, NOARGS }, { "lcd", I_LCHDIR, LOCAL, NOARGS }, { "lchdir", I_LCHDIR, LOCAL, NOARGS }, { "lls", I_LLS, LOCAL, NOARGS }, { "lmkdir", I_LMKDIR, LOCAL, NOARGS }, - { "ln", I_LINK, REMOTE, REMOTE }, + { "ln", I_LINK, REMOTE, REMOTE }, { "lpwd", I_LPWD, LOCAL, NOARGS }, { "ls", I_LS, REMOTE, NOARGS }, { "lumask", I_LUMASK, NOARGS, NOARGS }, @@ -203,17 +203,17 @@ static const struct CMD cmds[] = { { "mput", I_PUT, LOCAL, REMOTE }, { "progress", I_PROGRESS, NOARGS, NOARGS }, { "put", I_PUT, LOCAL, REMOTE }, - { "pwd", I_PWD, REMOTE, NOARGS }, - { "quit", I_QUIT, NOARGS, NOARGS }, - { "reget", I_REGET, REMOTE, LOCAL }, - { "rename", I_RENAME, REMOTE, REMOTE }, + { "pwd", I_PWD, REMOTE, NOARGS }, + { "quit", I_QUIT, NOARGS, NOARGS }, + { "reget", I_REGET, REMOTE, LOCAL }, + { "rename", I_RENAME, REMOTE, REMOTE }, { "reput", I_REPUT, LOCAL, REMOTE }, { "rm", I_RM, REMOTE, NOARGS }, { "rmdir", I_RMDIR, REMOTE, NOARGS }, { "symlink", I_SYMLINK, REMOTE, REMOTE }, - { "version", I_VERSION, NOARGS, NOARGS }, - { "!", I_SHELL, NOARGS, NOARGS }, - { "?", I_HELP, NOARGS, NOARGS }, + { "version", I_VERSION, NOARGS, NOARGS }, + { "!", I_SHELL, NOARGS, NOARGS }, + { "?", I_HELP, NOARGS, NOARGS }, { NULL, -1, -1, -1 } }; @@ -4,9 +4,9 @@ NAME ssh-add M-bM-^@M-^S adds private key identities to the OpenSSH authentication agent SYNOPSIS - ssh-add [-cCDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file] + ssh-add [-CcDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file] [-h destination_constraint] [-S provider] [-t life] [file ...] - ssh-add -s pkcs11 [-vC] [certificate ...] + ssh-add -s pkcs11 [-Cv] [certificate ...] ssh-add -e pkcs11 ssh-add -T pubkey ... @@ -29,15 +29,15 @@ DESCRIPTION The options are as follows: + -C When loading keys into or deleting keys from the agent, process + certificates only and skip plain keys. + -c Indicates that added identities should be subject to confirmation before being used for authentication. Confirmation is performed by ssh-askpass(1). Successful confirmation is signaled by a zero exit status from ssh-askpass(1), rather than text entered into the requester. - -C When loading keys into or deleting keys from the agent, process - certificates only and skip plain keys. - -D Deletes all identities from the agent. -d Instead of adding identities, removes identities from the agent. @@ -207,4 +207,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.3 December 18, 2023 OpenBSD 7.3 +OpenBSD 7.5 December 19, 2023 OpenBSD 7.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.85 2023/12/18 14:46:56 djm Exp $ +.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 18 2023 $ +.Dd $Mdocdate: December 19 2023 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the OpenSSH authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cCDdKkLlqvXx +.Op Fl CcDdKkLlqvXx .Op Fl E Ar fingerprint_hash .Op Fl H Ar hostkey_file .Op Fl h Ar destination_constraint @@ -52,7 +52,7 @@ .Op Ar .Nm ssh-add .Fl s Ar pkcs11 -.Op Fl vC +.Op Fl Cv .Op Ar certificate ... .Nm ssh-add .Fl e Ar pkcs11 @@ -94,6 +94,9 @@ to work. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl C +When loading keys into or deleting keys from the agent, process +certificates only and skip plain keys. .It Fl c Indicates that added identities should be subject to confirmation before being used for authentication. @@ -102,9 +105,6 @@ Confirmation is performed by Successful confirmation is signaled by a zero exit status from .Xr ssh-askpass 1 , rather than text entered into the requester. -.It Fl C -When loading keys into or deleting keys from the agent, process -certificates only and skip plain keys. .It Fl D Deletes all identities from the agent. .It Fl d @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.169 2023/12/18 14:46:56 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.172 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -85,7 +85,9 @@ static char *default_files[] = { _PATH_SSH_CLIENT_ID_ED25519, _PATH_SSH_CLIENT_ID_ED25519_SK, _PATH_SSH_CLIENT_ID_XMSS, +#ifdef WITH_DSA _PATH_SSH_CLIENT_ID_DSA, +#endif NULL }; @@ -790,13 +792,13 @@ static void usage(void) { fprintf(stderr, -"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]\n" +"usage: ssh-add [-CcDdKkLlqvXx] [-E fingerprint_hash] [-H hostkey_file]\n" " [-h destination_constraint] [-S provider] [-t life]\n" #ifdef WITH_XMSS " [-M maxsign] [-m minleft]\n" #endif " [file ...]\n" -" ssh-add -s pkcs11\n" +" ssh-add -s pkcs11 [-Cv] [certificate ...]\n" " ssh-add -e pkcs11\n" " ssh-add -T pubkey ...\n" ); @@ -817,7 +819,7 @@ main(int argc, char **argv) LogLevel log_level = SYSLOG_LEVEL_INFO; struct sshkey *k, **certs = NULL; struct dest_constraint **dest_constraints = NULL; - size_t ndest_constraints = 0i, ncerts = 0; + size_t ndest_constraints = 0, ncerts = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/ssh-agent.0 b/ssh-agent.0 index 9be740d..2e4ef7b 100644 --- a/ssh-agent.0 +++ b/ssh-agent.0 @@ -137,4 +137,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.3 August 10, 2023 OpenBSD 7.3 +OpenBSD 7.5 August 10, 2023 OpenBSD 7.5 diff --git a/ssh-agent.c b/ssh-agent.c index b6a3f48..d35741a 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.303 2023/12/18 14:48:08 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.306 2024/03/09 05:12:13 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -162,6 +162,8 @@ int max_fd = 0; pid_t parent_pid = -1; time_t parent_alive_interval = 0; +sig_atomic_t signalled = 0; + /* pid of process for which cleanup_socket is applicable */ pid_t cleanup_pid = 0; @@ -250,6 +252,7 @@ free_dest_constraints(struct dest_constraint *dcs, size_t ndcs) free(dcs); } +#ifdef ENABLE_PKCS11 static void dup_dest_constraint_hop(const struct dest_constraint_hop *dch, struct dest_constraint_hop *out) @@ -289,6 +292,7 @@ dup_dest_constraints(const struct dest_constraint *dcs, size_t ndcs) } return ret; } +#endif /* ENABLE_PKCS11 */ #ifdef DEBUG_CONSTRAINTS static void @@ -1522,10 +1526,11 @@ no_identities(SocketEntry *e) sshbuf_free(msg); } +#ifdef ENABLE_PKCS11 /* Add an identity to idlist; takes ownership of 'key' and 'comment' */ static void add_p11_identity(struct sshkey *key, char *comment, const char *provider, - time_t death, int confirm, struct dest_constraint *dest_constraints, + time_t death, u_int confirm, struct dest_constraint *dest_constraints, size_t ndest_constraints) { Identity *id; @@ -1548,7 +1553,6 @@ add_p11_identity(struct sshkey *key, char *comment, const char *provider, idtab->nentries++; } -#ifdef ENABLE_PKCS11 static void process_add_smartcard_key(SocketEntry *e) { @@ -2060,7 +2064,7 @@ after_poll(struct pollfd *pfd, size_t npfd, u_int maxfds) } static int -prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) +prepare_poll(struct pollfd **pfdp, size_t *npfdp, struct timespec *timeoutp, u_int maxfds) { struct pollfd *pfd = *pfdp; size_t i, j, npfd = 0; @@ -2126,14 +2130,8 @@ prepare_poll(struct pollfd **pfdp, size_t *npfdp, int *timeoutp, u_int maxfds) if (parent_alive_interval != 0) deadline = (deadline == 0) ? parent_alive_interval : MINIMUM(deadline, parent_alive_interval); - if (deadline == 0) { - *timeoutp = -1; /* INFTIM */ - } else { - if (deadline > INT_MAX / 1000) - *timeoutp = INT_MAX / 1000; - else - *timeoutp = deadline * 1000; - } + if (deadline != 0) + ptimeout_deadline_sec(timeoutp, deadline); return (1); } @@ -2153,17 +2151,16 @@ void cleanup_exit(int i) { cleanup_socket(); +#ifdef ENABLE_PKCS11 + pkcs11_terminate(); +#endif _exit(i); } static void cleanup_handler(int sig) { - cleanup_socket(); -#ifdef ENABLE_PKCS11 - pkcs11_terminate(); -#endif - _exit(2); + signalled = sig; } static void @@ -2207,10 +2204,11 @@ main(int ac, char **av) char pidstrbuf[1 + 3 * sizeof pid]; size_t len; mode_t prev_mask; - int timeout = -1; /* INFTIM */ + struct timespec timeout; struct pollfd *pfd = NULL; size_t npfd = 0; u_int maxfds; + sigset_t nsigset, osigset; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -2446,13 +2444,25 @@ skip: ssh_signal(SIGHUP, cleanup_handler); ssh_signal(SIGTERM, cleanup_handler); + sigemptyset(&nsigset); + sigaddset(&nsigset, SIGINT); + sigaddset(&nsigset, SIGHUP); + sigaddset(&nsigset, SIGTERM); + if (pledge("stdio rpath cpath unix id proc exec", NULL) == -1) fatal("%s: pledge: %s", __progname, strerror(errno)); platform_pledge_agent(); while (1) { + sigprocmask(SIG_BLOCK, &nsigset, &osigset); + if (signalled != 0) { + logit("exiting on signal %d", (int)signalled); + cleanup_exit(2); + } + ptimeout_init(&timeout); prepare_poll(&pfd, &npfd, &timeout, maxfds); - result = poll(pfd, npfd, timeout); + result = ppoll(pfd, npfd, ptimeout_get_tsp(&timeout), &osigset); + sigprocmask(SIG_SETMASK, &osigset, NULL); saved_errno = errno; if (parent_alive_interval != 0) check_parent_exists(); @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.50 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,7 +25,7 @@ #include "includes.h" -#ifdef WITH_OPENSSL +#if defined(WITH_OPENSSL) && defined(WITH_DSA) #include <sys/types.h> @@ -453,4 +453,5 @@ const struct sshkey_impl sshkey_dsa_cert_impl = { /* .keybits = */ 0, /* .funcs = */ &sshkey_dss_funcs, }; -#endif /* WITH_OPENSSL */ + +#endif /* WITH_OPENSSL && WITH_DSA */ diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 95e4aa3..b0c22f7 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 @@ -907,4 +907,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.3 September 4, 2023 OpenBSD 7.3 +OpenBSD 7.5 September 4, 2023 OpenBSD 7.5 diff --git a/ssh-keygen.c b/ssh-keygen.c index 5b945a8..97c6d13 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.471 2023/09/04 10:29:58 job Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.472 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -262,10 +262,12 @@ ask_filename(struct passwd *pw, const char *prompt) name = _PATH_SSH_CLIENT_ID_ED25519; else { switch (sshkey_type_from_name(key_type_name)) { +#ifdef WITH_DSA case KEY_DSA_CERT: case KEY_DSA: name = _PATH_SSH_CLIENT_ID_DSA; break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: @@ -376,10 +378,12 @@ do_convert_to_pkcs8(struct sshkey *k) if (!PEM_write_RSA_PUBKEY(stdout, k->rsa)) fatal("PEM_write_RSA_PUBKEY failed"); break; +#ifdef WITH_DSA case KEY_DSA: if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) @@ -400,10 +404,12 @@ do_convert_to_pem(struct sshkey *k) if (!PEM_write_RSAPublicKey(stdout, k->rsa)) fatal("PEM_write_RSAPublicKey failed"); break; +#ifdef WITH_DSA case KEY_DSA: if (!PEM_write_DSA_PUBKEY(stdout, k->dsa)) fatal("PEM_write_DSA_PUBKEY failed"); break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (!PEM_write_EC_PUBKEY(stdout, k->ecdsa)) @@ -478,8 +484,10 @@ do_convert_private_ssh2(struct sshbuf *b) u_int magic, i1, i2, i3, i4; size_t slen; u_long e; +#ifdef WITH_DSA BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL; +#endif BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL; @@ -507,10 +515,12 @@ do_convert_private_ssh2(struct sshbuf *b) } free(cipher); - if (strstr(type, "dsa")) { - ktype = KEY_DSA; - } else if (strstr(type, "rsa")) { + if (strstr(type, "rsa")) { ktype = KEY_RSA; +#ifdef WITH_DSA + } else if (strstr(type, "dsa")) { + ktype = KEY_DSA; +#endif } else { free(type); return NULL; @@ -520,6 +530,7 @@ do_convert_private_ssh2(struct sshbuf *b) free(type); switch (key->type) { +#ifdef WITH_DSA case KEY_DSA: if ((dsa_p = BN_new()) == NULL || (dsa_q = BN_new()) == NULL || @@ -539,6 +550,7 @@ do_convert_private_ssh2(struct sshbuf *b) fatal_f("DSA_set0_key failed"); dsa_pub_key = dsa_priv_key = NULL; /* transferred */ break; +#endif case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || @@ -702,12 +714,14 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) (*k)->type = KEY_RSA; (*k)->rsa = EVP_PKEY_get1_RSA(pubkey); break; +#ifdef WITH_DSA case EVP_PKEY_DSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); (*k)->type = KEY_DSA; (*k)->dsa = EVP_PKEY_get1_DSA(pubkey); break; +#endif #ifdef OPENSSL_HAS_ECC case EVP_PKEY_EC: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) @@ -777,10 +791,12 @@ do_convert_from(struct passwd *pw) fprintf(stdout, "\n"); } else { switch (k->type) { +#ifdef WITH_DSA case KEY_DSA: ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL, NULL, 0, NULL, NULL); break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: ok = PEM_write_ECPrivateKey(stdout, k->ecdsa, NULL, @@ -3752,9 +3768,11 @@ main(int argc, char **argv) n += do_print_resource_record(pw, _PATH_HOST_RSA_KEY_FILE, rr_hostname, print_generic, opts, nopts); +#ifdef WITH_DSA n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname, print_generic, opts, nopts); +#endif n += do_print_resource_record(pw, _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, print_generic, opts, nopts); diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index ee73788..e2055e7 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 @@ -118,4 +118,4 @@ AUTHORS Davison <wayned@users.sourceforge.net> added support for protocol version 2. -OpenBSD 7.3 February 10, 2023 OpenBSD 7.3 +OpenBSD 7.5 February 10, 2023 OpenBSD 7.5 diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 1d2df70..f2e6b59 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.153 2023/06/21 05:06:04 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.155 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -504,11 +504,11 @@ congreet(int s) /* * Read the server banner as per RFC4253 section 4.2. The "SSH-" - * protocol identification string may be preceeded by an arbitrarily + * protocol identification string may be preceded by an arbitrarily * large banner which we must read and ignore. Loop while reading * newline-terminated lines until we have one starting with "SSH-". * The ID string cannot be longer than 255 characters although the - * preceeding banner lines may (in which case they'll be discarded + * preceding banner lines may (in which case they'll be discarded * in multiple iterations of the outer loop). */ for (;;) { @@ -791,9 +791,11 @@ main(int argc, char **argv) int type = sshkey_type_from_name(tname); switch (type) { +#ifdef WITH_DSA case KEY_DSA: get_keytypes |= KT_DSA; break; +#endif case KEY_ECDSA: get_keytypes |= KT_ECDSA; break; diff --git a/ssh-keysign.0 b/ssh-keysign.0 index 71fa63b..c7fe6c8 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0 @@ -49,4 +49,4 @@ HISTORY AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 7.3 March 31, 2022 OpenBSD 7.3 +OpenBSD 7.5 March 31, 2022 OpenBSD 7.5 diff --git a/ssh-keysign.c b/ssh-keysign.c index b989f5e..c54a4bb 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.71 2022/08/01 11:09:26 djm Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -195,9 +195,14 @@ main(int argc, char **argv) if (fd > 2) close(fd); + for (i = 0; i < NUM_KEYTYPES; i++) + key_fd[i] = -1; + i = 0; /* XXX This really needs to read sshd_config for the paths */ +#ifdef WITH_DSA key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); +#endif key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c index 82e86a5..5fa8bf0 100644 --- a/ssh-pkcs11-client.c +++ b/ssh-pkcs11-client.c @@ -457,6 +457,7 @@ pkcs11_make_cert(const struct sshkey *priv, RSA_set_method(ret->rsa, helper->rsa_meth); if (helper->nrsa++ >= INT_MAX) fatal_f("RSA refcount error"); +#if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) } else if (priv->type == KEY_ECDSA) { if ((helper = helper_by_ec(priv->ecdsa)) == NULL || helper->fd == -1) @@ -466,6 +467,7 @@ pkcs11_make_cert(const struct sshkey *priv, EC_KEY_set_method(ret->ecdsa, helper->ec_meth); if (helper->nec++ >= INT_MAX) fatal_f("EC refcount error"); +#endif } else fatal_f("unknown key type %s", sshkey_type(priv)); diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0 index 07f7d66..5645872 100644 --- a/ssh-pkcs11-helper.0 +++ b/ssh-pkcs11-helper.0 @@ -32,4 +32,4 @@ HISTORY AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 7.3 April 29, 2022 OpenBSD 7.3 +OpenBSD 7.5 April 29, 2022 OpenBSD 7.5 diff --git a/ssh-sk-helper.0 b/ssh-sk-helper.0 index 1eb123b..ea2117a 100644 --- a/ssh-sk-helper.0 +++ b/ssh-sk-helper.0 @@ -31,4 +31,4 @@ HISTORY AUTHORS Damien Miller <djm@openbsd.org> -OpenBSD 7.3 April 29, 2022 OpenBSD 7.3 +OpenBSD 7.5 April 29, 2022 OpenBSD 7.5 @@ -1020,4 +1020,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.3 October 11, 2023 OpenBSD 7.3 +OpenBSD 7.5 October 11, 2023 OpenBSD 7.5 @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.599 2023/12/18 14:47:44 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.600 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1687,11 +1687,15 @@ main(int ac, char **av) L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0); L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1); L_CERT(_PATH_HOST_RSA_KEY_FILE, 2); +#ifdef WITH_DSA L_CERT(_PATH_HOST_DSA_KEY_FILE, 3); +#endif L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4); L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5); L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6); +#ifdef WITH_DSA L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); +#endif L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); if (loaded == 0) @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.27 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.28 2024/01/09 21:39:14 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -82,6 +82,7 @@ int ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) { char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *populated[PROPOSAL_MAX]; struct ssh *ssh; char **proposal; static int called; @@ -99,10 +100,19 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) /* Initialize key exchange */ proposal = kex_params ? kex_params->proposal : myproposal; - if ((r = kex_ready(ssh, proposal)) != 0) { + kex_proposal_populate_entries(ssh, populated, + proposal[PROPOSAL_KEX_ALGS], + proposal[PROPOSAL_ENC_ALGS_CTOS], + proposal[PROPOSAL_MAC_ALGS_CTOS], + proposal[PROPOSAL_COMP_ALGS_CTOS], + proposal[PROPOSAL_SERVER_HOST_KEY_ALGS]); + r = kex_ready(ssh, populated); + kex_proposal_free_entries(populated); + if (r != 0) { ssh_free(ssh); return r; } + ssh->kex->server = is_server; if (is_server) { #ifdef WITH_OPENSSL diff --git a/ssh_config.0 b/ssh_config.0 index 053cabc..aaf8b14 100644 --- a/ssh_config.0 +++ b/ssh_config.0 @@ -55,11 +55,12 @@ DESCRIPTION Match keyword are satisfied. Match conditions are specified using one or more criteria or the single token all which always matches. The available criteria keywords are: canonical, final, - exec, localnetwork, host, originalhost, Tag, user, and localuser. - The all criteria must appear alone or immediately after canonical - or final. Other criteria may be combined arbitrarily. All - criteria but all, canonical, and final require an argument. - Criteria may be negated by prepending an exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). + exec, localnetwork, host, originalhost, tagged, user, and + localuser. The all criteria must appear alone or immediately + after canonical or final. Other criteria may be combined + arbitrarily. All criteria but all, canonical, and final require + an argument. Criteria may be negated by prepending an + exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y). The canonical keyword matches only when the configuration file is being re-parsed after hostname canonicalization (see the @@ -226,17 +227,23 @@ DESCRIPTION ChannelTimeout Specifies whether and how quickly ssh(1) should close inactive channels. Timeouts are specified as one or more M-bM-^@M-^\type=intervalM-bM-^@M-^] - pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be a channel - type name (as described in the table below), optionally - containing wildcard characters. + pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be the + special keyword M-bM-^@M-^\globalM-bM-^@M-^] or a channel type name from the list + below, optionally containing wildcard characters. The timeout value M-bM-^@M-^\intervalM-bM-^@M-^] is specified in seconds or may use any of the units documented in the TIME FORMATS section. For - example, M-bM-^@M-^\session=5mM-bM-^@M-^] would cause the interactive session to + example, M-bM-^@M-^\session=5mM-bM-^@M-^] would cause interactive sessions to terminate after five minutes of inactivity. Specifying a zero value disables the inactivity timeout. - The available channel types include: + The special timeout M-bM-^@M-^\globalM-bM-^@M-^] applies to all active channels, + taken together. Traffic on any active channel will reset the + timeout, but when the timeout expires then all open channels will + be closed. Note that this global timeout is not matched by + wildcards and must be specified explicitly. + + The available channel type names include: agent-connection Open connections to ssh-agent(1). @@ -1415,4 +1422,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.3 October 12, 2023 OpenBSD 7.3 +OpenBSD 7.5 February 21, 2024 OpenBSD 7.5 diff --git a/ssh_config.5 b/ssh_config.5 index 4bbdfef..2931d80 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $ -.Dd $Mdocdate: October 12 2023 $ +.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $ +.Dd $Mdocdate: February 21 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -144,7 +144,7 @@ The available criteria keywords are: .Cm localnetwork , .Cm host , .Cm originalhost , -.Cm Tag , +.Cm tagged , .Cm user , and .Cm localuser . @@ -463,8 +463,10 @@ Timeouts are specified as one or more .Dq type=interval pairs separated by whitespace, where the .Dq type -must be a channel type name (as described in the table below), optionally -containing wildcard characters. +must be the special keyword +.Dq global +or a channel type name from the list below, optionally containing +wildcard characters. .Pp The timeout value .Dq interval @@ -473,11 +475,19 @@ is specified in seconds or may use any of the units documented in the section. For example, .Dq session=5m -would cause the interactive session to terminate after five minutes of +would cause interactive sessions to terminate after five minutes of inactivity. Specifying a zero value disables the inactivity timeout. .Pp -The available channel types include: +The special timeout +.Dq global +applies to all active channels, taken together. +Traffic on any active channel will reset the timeout, but when the timeout +expires then all open channels will be closed. +Note that this global timeout is not matched by wildcards and must be +specified explicitly. +.Pp +The available channel type names include: .Bl -tag -width Ds .It Cm agent-connection Open connections to diff --git a/sshbuf-getput-crypto.c b/sshbuf-getput-crypto.c index 56ffdd8..af3f397 100644 --- a/sshbuf-getput-crypto.c +++ b/sshbuf-getput-crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf-getput-crypto.c,v 1.10 2022/05/25 06:03:44 djm Exp $ */ +/* $OpenBSD: sshbuf-getput-crypto.c,v 1.11 2024/02/01 02:37:33 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -123,7 +123,7 @@ sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v) SSHBUF_ABORT(); return SSH_ERR_INTERNAL_ERROR; } - return 0; + return 0; } #endif /* OPENSSL_HAS_ECC */ diff --git a/sshconnect.c b/sshconnect.c index bd077c7..d8efc50 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.365 2023/11/20 02:50:00 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.366 2024/01/11 01:45:36 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1595,7 +1595,9 @@ show_other_keys(struct hostkeys *hostkeys, struct sshkey *key) { int type[] = { KEY_RSA, +#ifdef WITH_DSA KEY_DSA, +#endif KEY_ECDSA, KEY_ED25519, KEY_XMSS, diff --git a/sshconnect2.c b/sshconnect2.c index fab1e36..745c2a0 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.371 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.372 2024/01/08 00:34:34 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, const struct ssh_conn_info *cinfo) { char *myproposal[PROPOSAL_MAX]; - char *s, *all_key, *hkalgs = NULL; + char *all_key, *hkalgs = NULL; int r, use_known_hosts_order = 0; xxx_host = host; @@ -249,14 +249,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, fatal_fr(r, "kex_assemble_namelist"); free(all_key); - if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) - fatal_f("kex_names_cat"); - if (use_known_hosts_order) hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo); - kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers, - options.macs, compression_alg_list(options.compression), + kex_proposal_populate_entries(ssh, myproposal, + options.kex_algorithms, options.ciphers, options.macs, + compression_alg_list(options.compression), hkalgs ? hkalgs : options.hostkeyalgorithms); free(hkalgs); @@ -281,13 +279,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, ssh->kex->verify_host_key=&verify_host_key_callback; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); - - /* remove ext-info from the KEX proposals for rekeying */ - free(myproposal[PROPOSAL_KEX_ALGS]); - myproposal[PROPOSAL_KEX_ALGS] = - compat_kex_proposal(ssh, options.kex_algorithms); - if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) - fatal_r(r, "kex_prop2buf"); + kex_proposal_free_entries(myproposal); #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ @@ -297,7 +289,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send packet"); #endif - kex_proposal_free_entries(myproposal); } /* @@ -683,4 +683,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 7.3 September 19, 2023 OpenBSD 7.3 +OpenBSD 7.5 September 19, 2023 OpenBSD 7.5 @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.601 2023/12/18 14:45:49 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.602 2024/01/08 00:34:34 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2428,6 +2428,7 @@ do_ssh2_kex(struct ssh *ssh) kex->sign = sshd_hostkey_sign; ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done); + kex_proposal_free_entries(myproposal); #ifdef DEBUG_KEXDH /* send 1st encrypted/maced/compressed message */ @@ -2437,7 +2438,6 @@ do_ssh2_kex(struct ssh *ssh) (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send test"); #endif - kex_proposal_free_entries(myproposal); debug("KEX done"); } diff --git a/sshd_config.0 b/sshd_config.0 index 94c0ac8..8b39739 100644 --- a/sshd_config.0 +++ b/sshd_config.0 @@ -229,17 +229,23 @@ DESCRIPTION ChannelTimeout Specifies whether and how quickly sshd(8) should close inactive channels. Timeouts are specified as one or more M-bM-^@M-^\type=intervalM-bM-^@M-^] - pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be a channel - type name (as described in the table below), optionally - containing wildcard characters. + pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be the + special keyword M-bM-^@M-^\globalM-bM-^@M-^] or a channel type name from the list + below, optionally containing wildcard characters. The timeout value M-bM-^@M-^\intervalM-bM-^@M-^] is specified in seconds or may use any of the units documented in the TIME FORMATS section. For - example, M-bM-^@M-^\session:*=5mM-bM-^@M-^] would cause all sessions to terminate - after five minutes of inactivity. Specifying a zero value - disables the inactivity timeout. + example, M-bM-^@M-^\session=5mM-bM-^@M-^] would cause interactive sessions to + terminate after five minutes of inactivity. Specifying a zero + value disables the inactivity timeout. - The available channel types include: + The special timeout M-bM-^@M-^\globalM-bM-^@M-^] applies to all active channels, + taken together. Traffic on any active channel will reset the + timeout, but when the timeout expires then all open channels will + be closed. Note that this global timeout is not matched by + wildcards and must be specified explicitly. + + The available channel type names include: agent-connection Open connections to ssh-agent(1). @@ -254,15 +260,12 @@ DESCRIPTION have been established to a sshd(8) listening on behalf of a ssh(1) remote forwarding, i.e. RemoteForward. - session:command - Command execution sessions. - - session:shell - Interactive shell sessions. + session + The interactive main session, including shell session, + command execution, scp(1), sftp(1), etc. - session:subsystem:... - Subsystem sessions, e.g. for sftp(1), which could be - identified as session:subsystem:sftp. + tun-connection + Open TunnelForward connections. x11-connection Open X11 forwarding sessions. @@ -277,8 +280,7 @@ DESCRIPTION client from requesting another channel of the same type. In particular, expiring an inactive forwarding session does not prevent another identical forwarding from being subsequently - created. See also UnusedConnectionTimeout, which may be used in - conjunction with this option. + created. The default is not to expire channels of any type for inactivity. @@ -286,10 +288,10 @@ DESCRIPTION Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned directories which are - not writable by any other user or group. After the chroot, - sshd(8) changes the working directory to the user's home - directory. Arguments to ChrootDirectory accept the tokens - described in the TOKENS section. + not writable by group or others. After the chroot, sshd(8) + changes the working directory to the user's home directory. + Arguments to ChrootDirectory accept the tokens described in the + TOKENS section. The ChrootDirectory must contain the necessary files and directories to support the user's session. For an interactive @@ -1084,7 +1086,11 @@ DESCRIPTION Alternately the name internal-sftp implements an in-process SFTP server. This may simplify configurations using ChrootDirectory - to force a different filesystem root on clients. + to force a different filesystem root on clients. It accepts the + same command line arguments as sftp-server and even though it is + in-process, settings such as LogLevel or SyslogFacility do not + apply to it and must be set explicitly via command line + arguments. By default no subsystems are defined. @@ -1287,4 +1293,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 7.3 July 28, 2023 OpenBSD 7.3 +OpenBSD 7.5 February 21, 2024 OpenBSD 7.5 diff --git a/sshd_config.5 b/sshd_config.5 index 7e1a56c..a0f1687 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.350 2023/07/28 05:42:36 jmc Exp $ -.Dd $Mdocdate: July 28 2023 $ +.\" $OpenBSD: sshd_config.5,v 1.355 2024/02/21 06:17:29 djm Exp $ +.Dd $Mdocdate: February 21 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -409,8 +409,10 @@ Timeouts are specified as one or more .Dq type=interval pairs separated by whitespace, where the .Dq type -must be a channel type name (as described in the table below), optionally -containing wildcard characters. +must be the special keyword +.Dq global +or a channel type name from the list below, optionally containing +wildcard characters. .Pp The timeout value .Dq interval @@ -418,11 +420,20 @@ is specified in seconds or may use any of the units documented in the .Sx TIME FORMATS section. For example, -.Dq session:*=5m -would cause all sessions to terminate after five minutes of inactivity. +.Dq session=5m +would cause interactive sessions to terminate after five minutes of +inactivity. Specifying a zero value disables the inactivity timeout. .Pp -The available channel types include: +The special timeout +.Dq global +applies to all active channels, taken together. +Traffic on any active channel will reset the timeout, but when the timeout +expires then all open channels will be closed. +Note that this global timeout is not matched by wildcards and must be +specified explicitly. +.Pp +The available channel type names include: .Bl -tag -width Ds .It Cm agent-connection Open connections to @@ -443,15 +454,15 @@ listening on behalf of a .Xr ssh 1 remote forwarding, i.e.\& .Cm RemoteForward . -.It Cm session:command -Command execution sessions. -.It Cm session:shell -Interactive shell sessions. -.It Cm session:subsystem:... -Subsystem sessions, e.g. for +.It Cm session +The interactive main session, including shell session, command execution, +.Xr scp 1 , .Xr sftp 1 , -which could be identified as -.Cm session:subsystem:sftp . +etc. +.It Cm tun-connection +Open +.Cm TunnelForward +connections. .It Cm x11-connection Open X11 forwarding sessions. .El @@ -465,9 +476,6 @@ close the SSH connection, nor does it prevent a client from requesting another channel of the same type. In particular, expiring an inactive forwarding session does not prevent another identical forwarding from being subsequently created. -See also -.Cm UnusedConnectionTimeout , -which may be used in conjunction with this option. .Pp The default is not to expire channels of any type for inactivity. .It Cm ChrootDirectory @@ -477,7 +485,7 @@ to after authentication. At session startup .Xr sshd 8 checks that all components of the pathname are root-owned directories -which are not writable by any other user or group. +which are not writable by group or others. After the chroot, .Xr sshd 8 changes the working directory to the user's home directory. @@ -1118,7 +1126,8 @@ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended. .It Cm LogVerbose -Specify one or more overrides to LogLevel. +Specify one or more overrides to +.Cm LogLevel . An override consists of a pattern lists that matches the source file, function and line number to force detailed logging for. For example, an override pattern of: @@ -1783,6 +1792,14 @@ implements an in-process SFTP server. This may simplify configurations using .Cm ChrootDirectory to force a different filesystem root on clients. +It accepts the same command line arguments as +.Cm sftp-server +and even though it is in-process, settings such as +.Cm LogLevel +or +.Cm SyslogFacility +do not apply to it and must be set explicitly via +command line arguments. .Pp By default no subsystems are defined. .It Cm SyslogFacility @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.140 2023/10/16 08:40:00 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.142 2024/01/11 01:45:36 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -121,8 +121,10 @@ extern const struct sshkey_impl sshkey_rsa_sha256_impl; extern const struct sshkey_impl sshkey_rsa_sha256_cert_impl; extern const struct sshkey_impl sshkey_rsa_sha512_impl; extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl; +# ifdef WITH_DSA extern const struct sshkey_impl sshkey_dss_impl; extern const struct sshkey_impl sshkey_dsa_cert_impl; +# endif #endif /* WITH_OPENSSL */ #ifdef WITH_XMSS extern const struct sshkey_impl sshkey_xmss_impl; @@ -152,8 +154,10 @@ const struct sshkey_impl * const keyimpls[] = { &sshkey_ecdsa_sk_webauthn_impl, # endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ +# ifdef WITH_DSA &sshkey_dss_impl, &sshkey_dsa_cert_impl, +# endif &sshkey_rsa_impl, &sshkey_rsa_cert_impl, &sshkey_rsa_sha256_impl, @@ -1927,7 +1931,7 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, goto out; } if (sshkey_type_is_cert(type)) { - /* Skip nonce that preceeds all certificates */ + /* Skip nonce that precedes all certificates */ if (sshbuf_get_string_direct(b, NULL, NULL) != 0) { ret = SSH_ERR_INVALID_FORMAT; goto out; @@ -3230,6 +3234,7 @@ sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf, goto out; switch (key->type) { +#ifdef WITH_DSA case KEY_DSA: if (format == SSHKEY_PRIVATE_PEM) { success = PEM_write_bio_DSAPrivateKey(bio, key->dsa, @@ -3238,6 +3243,7 @@ sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf, success = EVP_PKEY_set1_DSA(pkey, key->dsa); } break; +#endif #ifdef OPENSSL_HAS_ECC case KEY_ECDSA: if (format == SSHKEY_PRIVATE_PEM) { @@ -3466,6 +3472,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, } if ((r = sshkey_check_rsa_length(prv, 0)) != 0) goto out; +#ifdef WITH_DSA } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { @@ -3477,6 +3484,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, #ifdef DEBUG_PK DSA_print_fp(stderr, prv->dsa, 8); #endif +#endif #ifdef OPENSSL_HAS_ECC } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC && (type == KEY_UNSPEC || type == KEY_ECDSA)) { @@ -1,4 +1,4 @@ -/* $OpenBSD: sshsig.c,v 1.34 2023/12/08 09:18:39 markus Exp $ */ +/* $OpenBSD: sshsig.c,v 1.35 2024/03/08 22:16:32 djm Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -746,7 +746,7 @@ parse_principals_key_and_options(const char *path, u_long linenum, char *line, *keyp = NULL; cp = line; - cp = cp + strspn(cp, " \t"); /* skip leading whitespace */ + cp = cp + strspn(cp, " \t\n\r"); /* skip leading whitespace */ if (*cp == '#' || *cp == '\0') return SSH_ERR_KEY_NOT_FOUND; /* blank or all-comment line */ @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.100 2023/12/18 14:48:44 djm Exp $ */ +/* $OpenBSD: version.h,v 1.101 2024/03/11 04:59:47 djm Exp $ */ -#define SSH_VERSION "OpenSSH_9.6" +#define SSH_VERSION "OpenSSH_9.7" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE diff --git a/xmss_hash.c b/xmss_hash.c index db0e5fa..70c126a 100644 --- a/xmss_hash.c +++ b/xmss_hash.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xmss_hash.c,v 1.3 2022/04/20 16:00:25 millert Exp $ */ +/* $OpenBSD: xmss_hash.c,v 1.4 2023/12/20 00:06:25 jsg Exp $ */ /* hash.c version 20160722 Andreas Hülsing @@ -74,7 +74,7 @@ int prf(unsigned char *out, const unsigned char *in, const unsigned char *key, u } /* - * Implemts H_msg + * Implements H_msg */ int h_msg(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *key, const unsigned int keylen, const unsigned int n) { |