diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 9505 |
1 files changed, 9505 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..981b7ec --- /dev/null +++ b/ChangeLog @@ -0,0 +1,9505 @@ +commit 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Dec 19 01:59:50 2023 +1100 + + crank versions + +commit 2f2c65cb5f1518a9c556d3e8efa27ea0ca305c6b +Author: Damien Miller <djm@mindrot.org> +Date: Tue Dec 19 01:59:06 2023 +1100 + + depend + +commit e48cdee8e19059203b1aeeabec2350b8375fa61f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:50:08 2023 +0000 + + upstream: regress test for agent PKCS#11-backed certificates + + OpenBSD-Regress-ID: 38f681777cb944a8cc3bf9d0ad62959a16764df9 + +commit 2f512f862df1d5f456f82a0334c9e8cc7208a2a1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:49:39 2023 +0000 + + upstream: regress test for constrained PKCS#11 keys + + OpenBSD-Regress-ID: b2f26ae95d609d12257b43aef7cd7714c82618ff + +commit cdddd66412ca5920ed4d3ebbfa6ace12dbd9b82f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:48:44 2023 +0000 + + upstream: openssh-9.6 + + OpenBSD-Commit-ID: 21759837cf0e0092d9a2079f8fb562071c11016b + +commit 6d51feab157cedf1e7ef5b3f8781ca8ff9c4ab1b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:48:08 2023 +0000 + + upstream: ssh-agent: record failed session-bind attempts + + Record failed attempts to session-bind a connection and refuse signing + operations on that connection henceforth. + + Prevents a future situation where we add a new hostkey type that is not + recognised by an older ssh-agent, that consequently causes session-bind + to fail (this situation is only likely to arise when people mix ssh(1) + and ssh-agent(1) of different versions on the same host). Previously, + after such a failure the agent socket would be considered unbound and + not subject to restriction. + + Spotted by Jann Horn + + OpenBSD-Commit-ID: b0fdd023e920aa4831413f640de4c5307b53552e + +commit 7ef3787c84b6b524501211b11a26c742f829af1a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:47:44 2023 +0000 + + upstream: ban user/hostnames with most shell metacharacters + + This makes ssh(1) refuse user or host names provided on the + commandline that contain most shell metacharacters. + + Some programs that invoke ssh(1) using untrusted data do not filter + metacharacters in arguments they supply. This could create + interactions with user-specified ProxyCommand and other directives + that allow shell injection attacks to occur. + + It's a mistake to invoke ssh(1) with arbitrary untrusted arguments, + but getting this stuff right can be tricky, so this should prevent + most obvious ways of creating risky situations. It however is not + and cannot be perfect: ssh(1) has no practical way of interpreting + what shell quoting rules are in use and how they interact with the + user's specified ProxyCommand. + + To allow configurations that use strange user or hostnames to + continue to work, this strictness is applied only to names coming + from the commandline. Names specified using User or Hostname + directives in ssh_config(5) are not affected. + + feedback/ok millert@ markus@ dtucker@ deraadt@ + + OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9 + +commit 0cb50eefdd29f0fec31d0e71cc4b004a5f704e67 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:47:20 2023 +0000 + + upstream: stricter handling of channel window limits + + This makes ssh/sshd more strict in handling non-compliant peers that + send more data than the advertised channel window allows. Previously + the additional data would be silently discarded. This change will + cause ssh/sshd to terminate the connection if the channel window is + exceeded by more than a small grace allowance. + + ok markus@ + + OpenBSD-Commit-ID: 811e21b41831eba3dd7f67b3d409a438f20d3037 + +commit 4448a2938abc76e6bd33ba09b2ec17a216dfb491 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:46:56 2023 +0000 + + upstream: Make it possible to load certs from PKCS#11 tokens + + Adds a protocol extension to allow grafting certificates supplied by + ssh-add to keys loaded from PKCS#11 tokens in the agent. + + feedback/ok markus@ + + OpenBSD-Commit-ID: bb5433cd28ede2bc910996eb3c0b53e20f86037f + +commit 881d9c6af9da4257c69c327c4e2f1508b2fa754b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:46:12 2023 +0000 + + upstream: apply destination constraints to all p11 keys + + Previously applied only to the first key returned from each token. + + ok markus@ + + OpenBSD-Commit-ID: 36df3afb8eb94eec6b2541f063d0d164ef8b488d + +commit a7ed931caeb68947d30af8a795f4108b6efad761 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:45:49 2023 +0000 + + upstream: add "ext-info-in-auth@openssh.com" extension + + This adds another transport protocol extension to allow a sshd to send + SSH2_MSG_EXT_INFO during user authentication, after the server has + learned the username that is being logged in to. + + This lets sshd to update the acceptable signature algoritms for public + key authentication, and allows these to be varied via sshd_config(5) + "Match" directives, which are evaluated after the server learns the + username being authenticated. + + Full details in the PROTOCOL file + + OpenBSD-Commit-ID: 1de7da7f2b6c32a46043d75fcd49b0cbb7db7779 + +commit 1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Dec 18 14:45:17 2023 +0000 + + upstream: implement "strict key exchange" in ssh and sshd + + This adds a protocol extension to improve the integrity of the SSH + transport protocol, particular in and around the initial key exchange + (KEX) phase. + + Full details of the extension are in the PROTOCOL file. + + with markus@ + + OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 + +commit 59d691b886c79e70b1d1c4ab744e81fd176222fd +Author: Damien Miller <djm@mindrot.org> +Date: Mon Dec 18 14:49:11 2023 +1100 + + better detection of broken -fzero-call-used-regs + + Use OSSH_CHECK_CFLAG_LINK() for detection of these flags and extend + test program to exercise varargs, which seems to catch more stuff. + + ok dtucker@ + +commit aa7b21708511a6d4aed3839fc9f6e82e849dd4a1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Dec 13 03:28:19 2023 +0000 + + upstream: when invoking KnownHostsCommand to determine the order of + + host key algorithms to request, ensure that the hostname passed to the + command is decorated with the port number for ports other than 22. + + This matches the behaviour of KnownHostsCommand when invoked to look + up the actual host key. + + bz3643, ok dtucker@ + + OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1 + +commit 4086bd6652c0badccc020218a62190a7798fb72c +Author: markus@openbsd.org <markus@openbsd.org> +Date: Fri Dec 8 09:18:39 2023 +0000 + + upstream: prevent leak in sshsig_match_principals; ok djm@ + + OpenBSD-Commit-ID: 594f61ad4819ff5c72dfe99ba666a17f0e1030ae + +commit 19d3ee2f3adf7d9a606ff015c1e153744702c4c9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Dec 6 21:06:48 2023 +0000 + + upstream: short circuit debug log processing early if we're not going + + to log anything. From Kobe Housen + + OpenBSD-Commit-ID: 2bcddd695872a1bef137cfff7823044dcded90ea + +commit 947affad4831df015c498c00c6351ea6f13895d5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 27 09:37:28 2023 +1100 + + Add tests for OpenSSL 3.2.0 and 3.2 stable branch. + +commit 747dce36206675ca6b885010a835733df469351b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Nov 25 09:03:38 2023 +1100 + + Use non-zero arg in compiler test program. + + Now that we're running the test program, passing zero to the test function + can cause divide-by-zero exceptions which might show up in logs. + +commit 3d44a5c56585d1c351dbc006240a591b6da502b1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Nov 24 00:31:30 2023 +0000 + + upstream: Plug mem leak of msg when processing a quit message. + + Coverity CID#427852, ok djm@ + + OpenBSD-Commit-ID: bf85362addbe2134c3d8c4b80f16601fbff823b7 + +commit 1d7f9b6e297877bd00973e6dc5c0642dbefc3b5f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Nov 23 03:37:05 2023 +0000 + + upstream: Include existing mux path in debug message. + + OpenBSD-Commit-ID: 1c3641be10c2f4fbad2a1b088a441d072e18bf16 + +commit f29934066bd0e561a2e516b7e584fb92d2eedee0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 23 19:41:27 2023 +1100 + + Add an Ubuntu 22.04 test VM. + + This is the same version as Github's runners so most of the testing on + it is over there, but having a local VM makes debugging much easier. + +commit a93284a780cd3972afe5f89086b75d564ba157f3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 23 19:36:22 2023 +1100 + + Add gcc-12 -Werror test on Ubuntu 22.04. + + Explictly specify gcc-11 on Ubuntu 22.04 (it's the system compiler). + +commit 670f5a647e98b6fd95ad64f789f87ee3274b481b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 23 19:34:57 2023 +1100 + + Check return value from write to prevent warning. + + ... and since we're testing for flags with -Werror, this caused + configure to mis-detect compiler flags. + +commit cea007d691cfedfa07a5b8599f97ce0511f53fc9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 22 21:18:55 2023 +1100 + + Run compiler test program when compiling natively. + + ok djm@ + +commit ee0d305828f13536c0a416bbf9c3e81039d9ea55 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 22 21:18:07 2023 +1100 + + Factor out compiler test program into a macro. + + ok djm@ + +commit de304c76316b029df460673725a9104224b9959b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 22 08:55:36 2023 +1100 + + Add fbsd14 VM to test pool. + +commit 99a2df5e1994cdcb44ba2187b5f34d0e9190be91 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 21 16:19:29 2023 +1100 + + Expand -fzero-call-used-regs test to cover gcc 11. + + It turns out that gcc also has some problems with -fzero-call-used-regs, + at least v11 on mips. Previously the test in OSSH_CHECK_CFLAG_COMPILE + was sufficient to catch it with "=all", but not sufficient for "=used". + Expand the testcase and include it in the other tests for good measure. + See bz#3629. ok djm@. + +commit ff220d4010717f7bfbbc02a2400666fb9d24f250 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 21 14:04:34 2023 +1100 + + Stop using -fzero-call-used-regs=all + + ... since it seems to be problematic with several different versions of + clang. Only use -fzero-call-used-regs=used which is less + problematic, except with Apple's clang where we don't use it at all. + bz#3629, ok djm@ + +commit 2a19e02f36b16f0f6cc915f7d1e60ead5e36303b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 21 14:02:18 2023 +1100 + + Allow for vendor prefix on clang version numbers. + + Correctly detects the version of OpenBSD's native clang, as well as + Apple's. Spotted tb@, ok djm@. + +commit c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 20 02:50:00 2023 +0000 + + upstream: set errno=EAFNOSUPPORT when filtering addresses that don't + + match AddressFamily; yields slightly better error message if no address + matches. bz#3526 + + OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6 + +commit 26f3f3bbc69196d908cad6558c8c7dc5beb8d74a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 15 23:03:38 2023 +0000 + + upstream: when connecting via socket (the default case), filter + + addresses by AddressFamily if one was specified. Fixes the case where, if + CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok + dtucker + + OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439 + +commit 050c335c8da43741ed0df2570ebfbd5d1dfd0a31 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 15 22:51:49 2023 +0000 + + upstream: when deciding whether to enable keystroke timing + + obfuscation, only consider enabling it when a channel with a tty is open. + + Avoids turning on the obfucation when X11 forwarding only is in use, + which slows it right down. Reported by Roger Marsh + + OpenBSD-Commit-ID: c292f738db410f729190f92de100c39ec931a4f1 + +commit 676377ce67807a24e08a54cd60ec832946cc6cae +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Mon Nov 13 09:18:19 2023 +0000 + + upstream: Make sure sftp_get_limits() only returns 0 if 'limits' + + was initialized. This fixes a potential uninitialized use of 'limits' in + sftp_init() if sftp_get_limits() returned early because of an unexpected + message type. + + ok djm@ + + OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c + +commit 64e0600f23c6dec36c3875392ac95b8a9100c2d6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 13 20:03:31 2023 +1100 + + Test current releases of LibreSSL and OpenSSL. + + Retire some of the older releases. + +commit c8ed7cc545879ac15f6ce428be4b29c35598bb2a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Nov 1 02:08:38 2023 +0000 + + upstream: Specify ssh binary to use + + ... instead of relying on installed one. Fixes test failures in -portable + when running tests prior to installation. + + OpenBSD-Regress-ID: b6d6ba71c23209c616efc805a60d9a445d53a685 + +commit e9fc2c48121cada1b4dcc5dadea5d447fe0093c3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 1 13:11:31 2023 +1100 + + Put long-running test targets on hipri runners. + + Some of the selfhosted test targets take a long time to run for various + reasons, so label them for "libvirt-hipri" runners so that they can + start immediately. This should reduce the time to complete all tests. + +commit 7ddf27668f0e21233f08c0ab2fe9ee3fdd6ab1e2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 1 00:29:46 2023 +0000 + + upstream: add some tests of forced commands overriding Subsystem + + directives + + OpenBSD-Regress-ID: eb48610282f6371672bdf2a8b5d2aa33cfbd322b + +commit fb06f9b5a065dfbbef5916fc4accc03c0bf026dd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Oct 31 04:15:40 2023 +0000 + + upstream: Don't try to use sudo inside sshd log wrapper. + + We still need to check if we're using sudo since we don't want to chown + unecessarily, as on some platforms this causes an error which pollutes + stderr. We also don't want to unnecessarily invoke sudo, since it's + running in the context of the proxycommand, on *other* platforms it + may not be able to authenticate, and if we're using SUDO then it should + already be privileged. + + OpenBSD-Regress-ID: 70d58df7503db699de579a9479300e5f3735f4ee + +commit fc3cc33e88c242c704781c6c48087838f1dcfa2a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Oct 31 02:58:45 2023 +0000 + + upstream: Only try to chmod logfile if we have sudo. If we don't have + + sudo then we won't need to chmod. + + OpenBSD-Regress-ID: dbad2f5ece839658ef8af3376cb1fb1cabe2e324 + +commit 3a506598fddd3f18f9095af3fe917f24cbdd32e0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 30 23:00:25 2023 +0000 + + upstream: move PKCS#11 setup code to test-exec.sh so it can be reused + + elsewhere + + OpenBSD-Regress-ID: 1d29e6be40f994419795d9e660a8d07f538f0acb + +commit f82fa227a52661c37404a6d33bbabf14fed05db0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 30 17:32:00 2023 +0000 + + upstream: tidy and refactor PKCS#11 setup code + + Replace the use of a perl script to delete the controlling TTY with a + SSH_ASKPASS script to directly load the PIN. + + Move PKCS#11 setup code to functions in anticipation of it being used + elsewhere in additional tests. + + Reduce stdout spam + + OpenBSD-Regress-ID: 07705c31de30bab9601a95daf1ee6bef821dd262 + +commit 3cf698c6d4ffa9be1da55672a3519e2135a6366a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 30 21:35:03 2023 +1100 + + Add obsd74 test VM and retire obsd69 and obsd70. + +commit 3e21d58a09894acb38dc69ed615d101131f473d0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 30 18:34:12 2023 +1100 + + Add OpenSSL 3.3.0 as a known dev version. + +commit 917ba181c2cbdb250a443589ec732aa36fd51ffa +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 30 13:32:03 2023 +1100 + + Restore nopasswd sudo rule on Mac OS X. + + This seems to be missing from some (but not all) github runners, so + restore it if it seems to be missing. + +commit c5698abad6d4ec98ca20bcaaabaeacd5e1ec3f4f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 30 13:26:52 2023 +1100 + + Don't exit early when setting up on Mac OS X. + + We probably need some of the other bits in there (specifically, setting + the perms on the home directory) so make it less of a special snowflake. + +commit 1d6a878ceba60b9dc14037dddc8f036070c0065f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Oct 29 06:22:07 2023 +0000 + + upstream: Only try to chown logfiles that exist to prevent spurious + + errors. + + OpenBSD-Regress-ID: f1b20a476734e885078c481f1324c9ea03af991e + +commit e612376427a66f835e284f6b426d16d7c85301bc +Author: anton@openbsd.org <anton@openbsd.org> +Date: Thu Oct 26 18:52:45 2023 +0000 + + upstream: make use of bsd.regress.mk in extra and interop targets; ok + + dtucker@ + + OpenBSD-Regress-ID: 7ea21b5f6fc4506165093b2123d88d20ff13a4f0 + +commit ea0039173957d0edcd6469b9614dcedb44dcb4f9 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Oct 26 12:44:07 2023 +0000 + + upstream: Skip conch interop tests when not enabled instead of fatal. + + OpenBSD-Regress-ID: b0abf81c24ac6c21f367233663228ba16fa96a46 + +commit d220b9ed5494252b26b95f05be118472bc3ab5c0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Oct 25 05:38:08 2023 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: 95f5dd6107e8902b87dc5b005ef2b53f1ff378b8 + +commit a611e4db4009447a0151f31a44e235ca32ed4429 +Author: anton@openbsd.org <anton@openbsd.org> +Date: Wed Oct 25 08:01:59 2023 +0000 + + upstream: ssh conch interop tests requires a controlling terminal; + + ok dtucker@ + + OpenBSD-Regress-ID: cbf2701bc347c2f19d907f113779c666f1ecae4a + +commit da951b5e08c167acb5d6e2eec6f146502f5d6ed8 +Author: anton@openbsd.org <anton@openbsd.org> +Date: Mon Oct 23 11:30:49 2023 +0000 + + upstream: Use private key that is allowed by sshd defaults in conch + + interop tests. + + ok dtucker@ + + OpenBSD-Regress-ID: 3b7f65c8f409c328bcd4b704f60cb3d31746f045 + +commit 1ca166dbb3c0ce632b98869cd955f69320aa6fe8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Oct 20 20:43:00 2023 +1100 + + Install Dropbear for interop testing. + +commit f993bb58351c5cb71e61aede63805a34a6d4daea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Oct 20 20:39:03 2023 +1100 + + Resync PuTTY and Conch path handling with upstream. + + Now that configure finds these for us we can remove these -portable + specific changes. + +commit ff85becd5f5f06a76efa45d30fb204a3c5e5215c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Oct 20 20:35:46 2023 +1100 + + Have configure find PuTTY and Conch binaries. + + This will let us remove some -portable specific changes from + test-exec.sh. + +commit c54a50359b9cecddbf3ffcdc26efcb3cd6071ec1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Oct 20 07:37:07 2023 +0000 + + upstream: Allow overriding the locations of the Dropbear binaries + + similar to what we do for the PuTTY ones. + + OpenBSD-Regress-ID: 7de0e00518fb0c8fdc5f243b7f82f523c936049c + +commit fbaa707d455a61d0aef8ae65e02a25bac5351e5c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Oct 20 06:56:45 2023 +0000 + + upstream: Add interop test with Dropbear. + + Right now this is only dbclient not the Dropbear server since it won't + currently run as a ProxyCommand. + + OpenBSD-Regress-ID: 8cb898c414fcdb252ca6328896b0687acdaee496 + +commit c2003d0dbdcdb61ca336c3f90c5c2b4a09c8e73f +Author: Fabio Pedretti <pedretti.fabio@gmail.com> +Date: Mon Oct 16 11:59:53 2023 +0200 + + Update openssl-devel dependency in RPM spec. + + Since openssh 9.4p1, openssl >= 1.1.1 is required, so + build with --without-openssl elsewhere. + According to https://repology.org/project/openssl/versions + openssl 1.1.1 is available on fedora >= 29 and rhel >= 8. + Successfully build tested, installed and run on rhel 6 + +commit 064e09cd632721c7e6889904e07767443ee23821 +Author: Fabio Pedretti <pedretti.fabio@gmail.com> +Date: Mon Oct 16 10:13:06 2023 +0200 + + Remove reference of dropped sshd.pam.old file + + The file was removed in openssh 8.8 + +commit 62db354b696b378a164b6e478cb6b0171dcb0c3d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Oct 16 08:40:00 2023 +0000 + + upstream: Move declaration of "len" into the block where it's used. + + This lets us compile Portable with -Werror with when OpenSSL doesn't have + Ed25519 support. + + OpenBSD-Commit-ID: e02e4b4af351946562a7caee905da60eff16ba29 + +commit 6eee8c972d5901d10e80634a006b4e346b2c8c19 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Oct 13 15:15:05 2023 +1100 + + run t-extra regress tests + + This exposes the t-extra regress tests (including agent-pkcs11.sh) as + a new extra-tests target in the top level Makefile and runs them by + default. ok dtucker@ + +commit 637624dbbac13f2bc3c8ec5b15c9d627d07f2935 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Oct 12 22:01:23 2023 +1100 + + Don't use make -j2. + + While we have 2 cores available on github runners, not using it means + that the most recent log message is the actual failure, rather than + having to search back through the log for it. + +commit 971e0cfcfd52ef1d73cf5244074c306a60006e89 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Oct 12 16:23:05 2023 +1100 + + Correct arg order for ED255519 AC_LINK_IFELSE test. + +commit c616e64688b2a0c1b4daad69b056099be998d121 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 03:51:08 2023 +0000 + + upstream: typos and extra debug trace calls + + OpenBSD-Regress-ID: 98a2a6b9333743274359e3c0f0e65cf919a591d1 + +commit c49a3fbf10162128c67c59562348de2041188974 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 03:48:53 2023 +0000 + + upstream: ensure logs are owned by correct user; feedback/ok + + dtucker@ + + OpenBSD-Regress-ID: c3297af8f07717f1d400a5d34529962f1a76b5a3 + +commit 5ec0ed79ac074c3437b25f6cba8b8cf21c8d4587 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 03:36:32 2023 +0000 + + upstream: 64 %-expansion keys ought to be enough for anybody; ok + + dtucker (we just hit the previous limit in some cases) + + OpenBSD-Commit-ID: 84070f8001ec22ff5d669f836b62f206e08c5787 + +commit f59a94e22e46db2c23eddeb871aa9e8d93ab0016 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 02:48:43 2023 +0000 + + upstream: don't dereference NULL pointer when hashing jumphost + + OpenBSD-Commit-ID: 251c0263e1759a921341c7efe7f1d4c73e1c70f4 + +commit 281c79168edcc303abfd5bca983616eaa24c5f32 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Oct 12 13:20:01 2023 +1100 + + Solaris: prefer PRIV_XPOLICY to PRIV_LIMIT + + If the system support PRIV_XPOLICY and one is set, then don't + modify PRIV_LIMIT. bz2833, patch from Ron Jordan, ok dtucker@ + +commit 98fc34df837f3a3b79d2a111b96fe8a39adcab55 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 02:18:18 2023 +0000 + + upstream: add %j token that expands to the configured ProxyJump + + hostname (or the empty string if this option is not being used). bz3610, ok + dtucker + + OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339 + +commit 7f3180be8a85320b5d3221714b40c16e66881249 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 02:15:53 2023 +0000 + + upstream: release GSS OIDs only at end of authentication; bz2982, + + ok dtucker@ + + OpenBSD-Commit-ID: 0daa41e0525ae63cae4483519ecaa37ac485d94c + +commit a612b93de5d86e955bfb6e24278f621118eea500 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 12 02:12:53 2023 +0000 + + upstream: mask SIGINT/TERM/QUIT/HUP before checking quit_pending + + and use ppoll() to unmask them in the mainloop. Avoids race condition between + signaling ssh to exit and polling. bz3531; ok dtucker + + OpenBSD-Commit-ID: 5c14e1aabcddedb95cdf972283d9c0d5083229e7 + +commit 531b27a006116fe7aff325510aaa576f24844452 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 23:23:58 2023 +0000 + + upstream: sync usage() with ssh.1; spotted by kn@ + + OpenBSD-Commit-ID: 191a85639477dcb5fa1616d270d93b7c8d5c1dfd + +commit 64f7ca881b19be754425dca60d1590d306c9d1d0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 23:14:33 2023 +0000 + + upstream: ssh -Q does not make sense with other command-line options, + + so give it its own line in the manpage + + OpenBSD-Commit-ID: 00a747f0655c12122bbb77c2796be0013c105361 + +commit a752a6c0e1001f93696d7025f0c867f0376e2ecf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 22:42:26 2023 +0000 + + upstream: add ChannelTimeout support to the client, mirroring the + + same option in the server. ok markus@ + + OpenBSD-Commit-ID: 55630b26f390ac063980cfe7ad8c54b03284ef02 + +commit 76e91e7238cdc5662bc818e2a48d466283840d23 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 22:41:05 2023 +0000 + + upstream: add support for reading ED25519 private keys in PEM PKCS8 + + format; ok markus@ tb@ + + OpenBSD-Commit-ID: 01b85c91757e6b057e9b23b8a23f96415c3c7174 + +commit fc77c8e352c0f44125425c05265e3a00c183d78a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 06:40:54 2023 +0000 + + upstream: mention "none" is a valid argument to IdentityFile; bz3080 + + OpenBSD-Commit-ID: 1b4fb590ef731099349a7d468b77f02b240ac926 + +commit c97520d23d1fe53d30725a2af25d2dddd6f2faff +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 05:42:08 2023 +0000 + + upstream: in olde rcp/scp protocol mode, when rejecting a path from the + + server as not matching the glob that the client sent, log (at debug level) + the received pathname as well as the list of possible expected paths expanded + from the glob. bz2966 + + OpenBSD-Commit-ID: 0bd8db8a595334ca86bca8f36e23fc0395315765 + +commit 208c2b719879805983398160791d6a1ef9c2c3fc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 11 04:46:29 2023 +0000 + + upstream: s/%.100s/%s/ in SSH- banner construction as there's no + + reason to limit its size: the version string bring included is a compile time + constant going into an allocated banner string. + + OpenBSD-Commit-ID: 0ef73304b9bf3e534c60900cd84ab699f859ebcd + +commit 0354790826b97c41bbd171a965574e159b58d83e +Author: tb@openbsd.org <tb@openbsd.org> +Date: Tue Oct 10 06:49:54 2023 +0000 + + upstream: Garbage collect cipher_get_keyiv_len() + + This is a compat20 leftover, unused since 2017. + + ok djm + + OpenBSD-Commit-ID: 91fa5497c9dc6883064624ac27813a567883fdce + +commit 8d29ee4115001a02641386ae394992c65ed279e0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Oct 10 03:57:45 2023 +0000 + + upstream: Reserve a range of "local extension" message numbers that + + OpenSSH promises not to use (comment change only) + + OpenBSD-Commit-ID: e61795b453d4892d2c99ce1039112c4a00250e03 + +commit 90b0d73d63a706e85f6431f05a62d2ce1b476472 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 6 03:32:15 2023 +0000 + + upstream: typo in error message + + OpenBSD-Regress-ID: 6a8edf0dc39941298e3780b147b10c0a600b4fee + +commit e84517f51532ec913d8fb01a8aab7307134774bb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 6 03:25:14 2023 +0000 + + upstream: Perform the softhsm2 setup as discrete steps rather than + + as a long shell pipeline. Makes it easier to figure out what has happened + when it breaks. + + OpenBSD-Regress-ID: b3f1292115fed65765d0a95414df16e27772d81c + +commit cb54becff4d776238e0e9072943ba0872260535d +Author: claudio@openbsd.org <claudio@openbsd.org> +Date: Sun Sep 24 08:14:13 2023 +0000 + + upstream: REGRESS_FAIL_EARLY defaults to yes now. So no need to + + overload the value here anymore. OK tb@ bluhm@ + + OpenBSD-Regress-ID: f063330f1bebbcd373100afccebc91a965b14496 + +commit f01f5137ceba65baf34ceac5a298c12ac01b1fef +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Oct 4 05:42:10 2023 +0000 + + upstream: spelling fix; + + OpenBSD-Commit-ID: 493f95121567e5ab0d9dd1150f873b5535ca0195 + +commit 80a2f64b8c1d27383cc83d182b73920d1e6a91f1 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 4 15:34:10 2023 +1100 + + crank version numbers + +commit f65f187b105d9b5c12fd750a211397d08c17c6d4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 4 04:04:09 2023 +0000 + + upstream: openssh-9.5 + + OpenBSD-Commit-ID: 5e0af680480bd3b6f5560cf840ad032d48fd6b16 + +commit ffe27e54a4bb18d5d3bbd3f4cc93a41b8d94dfd2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Oct 4 04:03:50 2023 +0000 + + upstream: add some cautionary text about % token expansion and + + shell metacharacters; based on report from vinci AT protonmail.ch + + OpenBSD-Commit-ID: aa1450a54fcee2f153ef70368d90edb1e7019113 + +commit 60ec3d54fd1ebfe2dda75893fa1e870b8dffbb0d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Oct 3 23:56:10 2023 +0000 + + upstream: fix link to agent draft; spotted by Jann Horn + + OpenBSD-Commit-ID: ff5bda21a83ec013db683e282256a85201d2dc4b + +commit 12e2d4b13f6f63ce2de13cbfcc9e4d0d4b4ab231 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 4 10:54:04 2023 +1100 + + use portable provider allowlist path in manpage + + spotted by Jann Horn + +commit 6c2c6ffde75df95fd838039850d3dd3d84956d87 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Tue Sep 19 20:37:07 2023 +0000 + + upstream: typo; from Jim Spath + + OpenBSD-Commit-ID: 2f5fba917b5d4fcf93d9e0b0756c7f63189e228e + +commit b6b49130a0089b297245ee39e769231d7c763014 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 10 23:12:32 2023 +0000 + + upstream: rename remote_glob() -> sftp_glob() to match other API + + OpenBSD-Commit-ID: d9dfb3708d824ec02970a84d96cf5937e0887229 + +commit 21b79af6c8d2357c822c84cef3fbdb8001ed263b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 10 03:51:55 2023 +0000 + + upstream: typo in comment + + OpenBSD-Commit-ID: 69285e0ce962a7c6b0ab5f17a293c60a0a360a18 + +commit 41232d25532b4d2ef6c5db62efc0cf50a79d26ca +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Sep 10 15:45:38 2023 +1000 + + Use zero-call-used-regs=used with Apple compilers. + + Apple's versions of clang have version numbers that do not match the + corresponding upstream clang versions. Unfortunately, they do still + have the clang-15 zero-call-used-regs=all bug, so for now use the value + that doesn't result in segfaults. We could allowlist future versions + that are known to work. bz#3584 (and probably also our github CI + failures). + +commit 90ccc5918ea505bf156c31148b6b59a1bf5d6dc6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 10 03:25:53 2023 +0000 + + upstream: randomise keystroke obfuscation intervals and average + + interval rate. ok dtucker@ + + OpenBSD-Commit-ID: 05f61d051ab418fcfc4857ff306e420037502382 + +commit bd1b9e52f5fa94d87223c90905c5fdc1a7c32aa6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 8 06:34:24 2023 +0000 + + upstream: fix sizeof(*ptr) instead sizeof(ptr) in realloc (pointer here + + is char**, so harmless); spotted in CID 416964 + + OpenBSD-Commit-ID: c61caa4a5a667ee20bb1042098861e6c72c69002 + +commit c4f966482983e18601eec70a1563115de836616f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 8 06:10:57 2023 +0000 + + upstream: regress test recursive remote-remote directories copies where + + the directory contains a symlink to another directory. + + also remove errant `set -x` that snuck in at some point + + OpenBSD-Regress-ID: 1c94a48bdbd633ef2285954ee257725cd7bc456f + +commit 5e1dfe5014ebc194641678303e22ab3bba15f4e5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 8 06:10:02 2023 +0000 + + upstream: fix recursive remote-remote copies of directories that + + contain symlinks to other directories (similar to bz3611) + + OpenBSD-Commit-ID: 7e19d2ae09b4f941bf8eecc3955c9120171da37f + +commit 7c0ce2bf98b303b6ad91493ee3247d96c18ba1f6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 8 05:50:57 2023 +0000 + + upstream: regress test for recursive copies of directories containing + + symlinks to other directories. bz3611, ok dtucker@ + + OpenBSD-Regress-ID: eaa4c29cc5cddff4e72a16bcce14aeb1ecfc94b9 + +commit 2de990142a83bf60ef694378b8598706bc654b08 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 8 05:56:13 2023 +0000 + + upstream: the sftp code was one of my first contributions to + + OpenSSH and it shows - the function names are terrible. + + Rename do_blah() to sftp_blah() to make them less so. + + Completely mechanical except for sftp_stat() and sftp_lstat() which + change from returning a pointer to a static variable (error-prone) to + taking a pointer to a caller-provided receiver. + + OpenBSD-Commit-ID: eb54d6a72d0bbba4d623e2175cf5cc4c75dc2ba4 + +commit 249d8bd0472b53e3a2a0e138b4c030a31e83346a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 8 05:50:12 2023 +0000 + + upstream: fix scp in SFTP mode recursive upload and download of + + directories that contain symlinks to other directories. In scp mode, the + links would be followed, but in SFTP mode they were not. bz3611, ok dtucker@ + + OpenBSD-Commit-ID: 9760fda668eaa94a992250d7670dfbc62a45197c + +commit 0e1f4401c466fa4fdaea81b6dadc8dd1fc4cf0af +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 6 23:36:09 2023 +0000 + + upstream: regression test for override of subsystem in match blocks + + OpenBSD-Regress-ID: 5f8135da3bfda71067084c048d717b0e8793e87c + +commit 8a1450c62035e834d8a79a5d0d1c904236f9dcfe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 6 23:35:35 2023 +0000 + + upstream: allow override of Sybsystem directives in sshd Match + + blocks + + OpenBSD-Commit-ID: 3911d18a826a2d2fe7e4519075cf3e57af439722 + +commit 6e52826e2a74d077147a82ead8d4fbd5b54f4e3b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 6 23:26:37 2023 +0000 + + upstream: allocate the subsystems array as necessary and remove the + + fixed limit of subsystems. Saves a few kb of memory in the server and makes + it more like the other options. + + OpenBSD-Commit-ID: e683dfca6bdcbc3cc339bb6c6517c0c4736a547f + +commit e19069c9fac4c111d6496b19c7f7db43b4f07b4f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 6 23:23:53 2023 +0000 + + upstream: preserve quoting of Subsystem commands and arguments. + + This may change behaviour of exotic configurations, but the most common + subsystem configuration (sftp-server) is unlikely to be affected. + + OpenBSD-Commit-ID: 8ffa296aeca981de5b0945242ce75aa6dee479bf + +commit 52dfe3c72d98503d8b7c6f64fc7e19d685636c0b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 6 23:21:36 2023 +0000 + + upstream: downgrade duplicate Subsystem directives from being a + + fatal error to being a debug message to match behaviour with just about all + other directives. + + OpenBSD-Commit-ID: fc90ed2cc0c18d4eb8e33d2c5e98d25f282588ce + +commit 1ee0a16e07b6f0847ff463d7b5221c4bf1876e25 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 6 23:18:15 2023 +0000 + + upstream: handle cr+lf (instead of just cr) in sshsig signature + + files + + OpenBSD-Commit-ID: 647460a212b916540016d066568816507375fd7f + +commit e1c284d60a928bcdd60bc575c6f9604663502770 +Author: job@openbsd.org <job@openbsd.org> +Date: Mon Sep 4 10:29:58 2023 +0000 + + upstream: Generate Ed25519 keys when invoked without arguments + + Ed25519 public keys are very convenient due to their small size. + OpenSSH has supported Ed25519 since version 6.5 (January 2014). + + OK djm@ markus@ sthen@ deraadt@ + + OpenBSD-Commit-ID: f498beaad19c8cdcc357381a60df4a9c69858b3f + +commit 694150ad92765574ff82a18f4e86322bd3231e68 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 4 00:08:14 2023 +0000 + + upstream: trigger keystroke timing obfucation only if the channels + + layer enqueud some data in the last poll() cycle; this avoids triggering the + obfuscatior for non-channels data like ClientAlive probes and also fixes a + related problem were the obfucations would be triggered on fully quiescent + connections. + + Based on / tested by naddy@ + + OpenBSD-Commit-ID: d98f32dc62d7663ff4660e4556e184032a0db123 + +commit b5fd97896b59a3a46245cf438cc8b16c795d9f74 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 4 00:04:02 2023 +0000 + + upstream: avoid bogus "obfuscate_keystroke_timing: stopping ..." + + debug messages when keystroke timing obfuscation was never started; spotted + by naddy@ + + OpenBSD-Commit-ID: 5c270d35f7d2974db5c1646e9c64188f9393be31 + +commit ccf7d913db34e49b7a6db1b8331bd402004c840d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 4 00:01:46 2023 +0000 + + upstream: make channel_output_poll() return a flag indicating + + whether channel data was enqueued. Will be used to improve keystroke timing + obfuscation. Problem spotted by / tested by naddy@ + + OpenBSD-Commit-ID: f9776c7b0065ba7c3bbe50431fd3b629f44314d0 + +commit 43254b326ac6e2131dbd750f9464dc62c14bd5a7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Sep 3 23:59:32 2023 +0000 + + upstream: set interactive mode for ControlPersist sessions if they + + originally requested a tty; enables keystroke timing obfuscation for most + ControlPersist sessions. Spotted by naddy@ + + OpenBSD-Commit-ID: 72783a26254202e2f3f41a2818a19956fe49a772 + +commit ff3eda68ceb2e2bb8f48e3faceb96076c3e85c20 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 31 23:02:35 2023 +1000 + + Set LLONG_MAX for C89 test. + + If we don't have LLONG_MAX, configure will figure out that it can get it + by setting -std=gnu99, at which point we won't be testing C89 any more. + To avoid this, feed it in via CFLAGS. + +commit f98031773db361424d59e3301aa92aacf423d920 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Aug 29 02:50:10 2023 +0000 + + upstream: make PerSourceMaxStartups first-match-wins; ok dtucker@ + + OpenBSD-Commit-ID: dac0c24cb709e3c595b8b4f422a0355dc5a3b4e7 + +commit cfa66857db90cd908de131e0041a50ffc17c7df8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 28 09:52:09 2023 +0000 + + upstream: descriptive text shouldn't be under .Cm + + OpenBSD-Commit-ID: b1afaeb456a52bc8a58f4f9f8b2f9fa8f6bf651b + +commit 01dbf3d46651b7d6ddf5e45d233839bbfffaeaec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 28 09:48:11 2023 +0000 + + upstream: limit artificial login delay to a reasonable maximum (5s) + + and don't delay at all for the "none" authentication mechanism. Patch by + Dmitry Belyavskiy in bz3602 with polish/ok dtucker@ + + OpenBSD-Commit-ID: 85b364676dd84cf1de0e98fc2fbdcb1a844ce515 + +commit 528da5b9d7c5da01ed7a73ff21c722e1b5326006 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Aug 28 05:32:28 2023 +0000 + + upstream: add spacing for punctuation when macro args; + + OpenBSD-Commit-ID: e80343c16ce0420b2aec98701527cf90371bd0db + +commit 3867361ca691d0956ef7d5fb8181cf554a91d84a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 28 04:06:52 2023 +0000 + + upstream: explicit long long type in timing calculations (doesn't + + matter, since the range is pre-clamped) + + OpenBSD-Commit-ID: f786ed902d04a5b8ecc581d068fea1a79aa772de + +commit 7603ba71264e7fa938325c37eca993e2fa61272f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 28 03:31:16 2023 +0000 + + upstream: Add keystroke timing obfuscation to the client. + + This attempts to hide inter-keystroke timings by sending interactive + traffic at fixed intervals (default: every 20ms) when there is only a + small amount of data being sent. It also sends fake "chaff" keystrokes + for a random interval after the last real keystroke. These are + controlled by a new ssh_config ObscureKeystrokeTiming keyword/ + + feedback/ok markus@ + + OpenBSD-Commit-ID: 02231ddd4f442212820976068c34a36e3c1b15be + +commit dce6d80d2ed3cad2c516082682d5f6ca877ef714 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 28 03:28:43 2023 +0000 + + upstream: Introduce a transport-level ping facility + + This adds a pair of SSH transport protocol messages SSH2_MSG_PING/PONG + to implement a ping capability. These messages use numbers in the "local + extensions" number space and are advertised using a "ping@openssh.com" + ext-info message with a string version number of "0". + + ok markus@ + + OpenBSD-Commit-ID: b6b3c4cb2084c62f85a8dc67cf74954015eb547f + +commit d2d247938b38b928f8a6e1a47a330c5584d3a358 +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Mon Aug 21 21:16:18 2023 +0000 + + upstream: Log errors in kex_exchange_identification() with level + + verbose instead of error to reduce preauth log spam. All of those get logged + with a more generic error message by sshpkt_fatal(). + + feedback from sthen@ + ok djm@ + + OpenBSD-Commit-ID: bd47dab4695b134a44c379f0e9a39eed33047809 + +commit 9d7193a8359639801193ad661a59d1ae4dc3d302 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 21 04:59:54 2023 +0000 + + upstream: correct math for ClientAliveInterval that caused the + + probes to be sent less frequently than configured; from Dawid Majchrzak + + OpenBSD-Commit-ID: 641153e7c05117436ddfc58267aa267ca8b80038 + +commit 3c6ab63b383b0b7630da175941e01de9db32a256 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 25 14:48:02 2023 +1000 + + Include Portable version in sshd version string. + + bz#3608, ok djm@ + +commit 17fa6cd10a26e193bb6f65d21264d2fe553bcd87 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 21 19:47:58 2023 +1000 + + obsd-arm64 host is real hardware... + + so put in the correct config location. + +commit 598ca75c85acaaacee5ef954251e489cc20d7be9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 21 18:38:36 2023 +1000 + + Add OpenBSD ARM64 test host. + +commit 1acac79bfbe207e8db639e8043524962037c8feb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 21 18:05:26 2023 +1000 + + Add test for zlib development branch. + +commit 84efebf352fc700e9040c8065707c63caedd36a3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 21 04:36:46 2023 +0000 + + upstream: want stdlib.h for free(3) + + OpenBSD-Commit-ID: 743af3c6e3ce5e6cecd051668f0327a01f44af29 + +commit cb4ed12ffc332d1f72d054ed92655b5f1c38f621 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Aug 19 07:39:08 2023 +1000 + + Fix zlib version check for 1.3 and future version. + + bz#3604. + +commit 25b75e21f16bccdaa472ea1889b293c9bd51a87b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 14 11:10:08 2023 +1000 + + Add 9.4 branch to CI status page. + +commit 803e22eabd3ba75485eedd8b7b44d6ace79f2052 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 18 01:37:41 2023 +0000 + + upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused + + multiplexed sessions to ignore SIGINT under some circumstances. Reported by / + feedback naddy@, ok dtucker@ + + OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a + +commit e706bca324a70f68dadfd0ec69edfdd486eed23a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 16 16:14:11 2023 +0000 + + upstream: defence-in-depth MaxAuthTries check in monitor; ok markus + + OpenBSD-Commit-ID: 65a4225dc708e2dae71315adf93677edace46c21 + +commit d1ab7eb90474df656d5e9935bae6df0bd000d343 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 14 03:37:00 2023 +0000 + + upstream: add message number of SSH2_MSG_NEWCOMPRESS defined in RFC8308 + + OpenBSD-Commit-ID: 6c984171c96ed67effd7b5092f3d3975d55d6028 + +commit fa8da52934cb7dff6f660a143276bdb28bb9bbe1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Aug 13 15:01:27 2023 +1000 + + Add obsd72 and obsd73 test targets. + +commit f9f18006678d2eac8b0c5a5dddf17ab7c50d1e9f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 10 23:05:48 2023 +0000 + + upstream: better debug logging of sessions' exit status + + OpenBSD-Commit-ID: 82237567fcd4098797cbdd17efa6ade08e1a36b0 + +commit a8c57bcb077f0cfdffcf9f23866bf73bb93e185c +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Aug 10 14:37:32 2023 +0000 + + upstream: drop a wayward comma, ok jmc@ + + OpenBSD-Commit-ID: 5c11fbb9592a29b37bbf36f66df50db9d38182c6 + +commit e962f9b318a238db1becc53c2bf79dd3a49095b4 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 10 11:10:22 2023 +1000 + + depend + +commit 0fcb60bf83130dfa428bc4422b3a3ac20fb528af +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 10 11:05:42 2023 +1000 + + update versions in RPM specs + +commit d0cee4298491314f09afa1c4383a66d913150b26 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 10 11:05:14 2023 +1000 + + update version in README + +commit 78b4dc6684f4d35943b46b24ee645edfdb9974f5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 10 01:01:07 2023 +0000 + + upstream: openssh-9.4 + + OpenBSD-Commit-ID: 71fc1e01a4c4ea061b252bd399cda7be757e6e35 + +commit 58ca4f0aa8c4306ac0a629c9a85fb1efaf4ff092 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 10 11:30:24 2023 +1000 + + Only include unistd.h once. + +commit 3961ed02dc578517a9d2535128cff5c3a5460d28 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 10 09:08:49 2023 +1000 + + wrap poll.h include in HAVE_POLL_H + +commit e535fbe2af893046c28adfcd787c1fdbae36a24a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Aug 4 06:32:40 2023 +0000 + + upstream: Apply ConnectTimeout to multiplexing local socket + + connections. If the multiplex socket exists but the connection times out, + ssh will fall back to a direct connection the same way it would if the socket + did not exist at all. ok djm@ + + OpenBSD-Commit-ID: 2fbe1a36d4a24b98531b2d298a6557c8285dc1b4 + +commit 9d92e7b24848fcc605945f7c2e3460c7c31832ce +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 3 19:35:33 2023 +1000 + + Fix RNG seeding for OpenSSL w/out self seeding. + + When sshd is built with an OpenSSL that does not self-seed, it would + fail in the preauth privsep process while handling a new connection. + Sanity checked by djm@ + +commit f70010d9b0b3e7e95de8aa0b961e1d74362cfb5d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 2 23:04:38 2023 +0000 + + upstream: CheckHostIP has defaulted to 'no' for a while; make the + + commented- out config option match. From Ed Maste + + OpenBSD-Commit-ID: e66e934c45a9077cb1d51fc4f8d3df4505db58d9 + +commit c88a8788f9865d02b986d00405b9f0be65ad0b5a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Aug 1 08:15:04 2023 +0000 + + upstream: remove unnecessary if statement. + + github PR#422 from eyalasulin999, ok djm@ + + OpenBSD-Commit-ID: 2b6b0dde4407e039f58f86c8d2ff584a8205ea55 + +commit 77b8b865cd5a8c79a47605c0c5b2bacf4692c4d5 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jul 28 05:42:36 2023 +0000 + + upstream: %C is a callable macro in mdoc(7) + + so, as we do for %D, escape it; + + OpenBSD-Commit-ID: 538cfcddbbb59dc3a8739604319491dcb8e0c0c9 + +commit e0f91aa9c2fbfc951e9ced7e1305455fc614d3f2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 28 05:33:15 2023 +0000 + + upstream: don't need to start a command here; use ssh -N instead. + + Fixes failure on cygwin spotted by Darren + + OpenBSD-Regress-ID: ff678a8cc69160a3b862733d935ec4a383f93cfb + +commit f446a44f30bc680e0d026a4204844b02646c1c2d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 17 05:52:01 2023 +0000 + + upstream: add LTESTS_FROM variable to allow skipping of tests up to + + a specific point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh + test and subsequent ones. ok dtucker@ + + OpenBSD-Regress-ID: 07f653de731def074b29293db946042706fcead3 + +commit 8eb8899d612440a9b608bee7f916081d3d0b7812 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 12 06:37:42 2023 +0000 + + upstream: test ChrootDirectory in Match block + + OpenBSD-Regress-ID: a6150262f39065939f025e546af2a346ffe674c1 + +commit e43f43d3f19516222e9a143468ea0dc1b3ab67b6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 12 06:36:27 2023 +0000 + + upstream: better error messages + + OpenBSD-Regress-ID: 55e4186604e80259496d841e690ea2090981bc7a + +commit 6958f00acf3b9e0b3730f7287e69996bcf3ceda4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jul 27 22:26:49 2023 +0000 + + upstream: don't incorrectly truncate logged strings retrieved from + + PKCS#11 modules; based on GHPR406 by Jakub Jelen; ok markus + + OpenBSD-Commit-ID: 7ed1082f23a13b38c373008f856fd301d50012f9 + +commit d1ffde6b55170cd4b9a72bfd9a3f17508e6cf714 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jul 27 22:25:17 2023 +0000 + + upstream: make sshd_config AuthorizedPrincipalsCommand and + + AuthorizedKeysCommand accept the %D (routing domain) and a new %C (connection + address/port 4-tuple) as expansion sequences; ok markus + + OpenBSD-Commit-ID: ee9a48bf1a74c4ace71b69de69cfdaa2a7388565 + +commit 999a2886ca1844a7a74b905e5f2c8c701f9838cd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jul 27 22:23:05 2023 +0000 + + upstream: increase default KDF work-factor for OpenSSH format + + private keys from 16 to 24; { feedback ok } x { deraadt markus } + + OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec + +commit 0fa803a1dd1c7b546c166000e23a869cf6c4ec10 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 27 02:25:09 2023 +1000 + + Prefer OpenSSL's SHA256 in sk-dummy.so + + Previously sk-dummy.so used libc's (or compat's) SHA256 since it may be + built without OpenSSL. In many cases, however, including both libc's + and OpenSSL's headers together caused conflicting definitions. + + We tried working around this (on OpenSSL <1.1 you could define + OPENSSL_NO_SHA, NetBSD had USE_LIBC_SHA2, various #define hacks) with + varying levels of success. Since OpenSSL >=1.1 removed OPENSSL_NO_SHA + and including most OpenSSL headers would bring sha.h in, even if it + wasn't used directly this was a constant hassle. + + Admit defeat and use OpenSSL's SHA256 unless we aren't using OpenSSL at + all. ok djm@ + +commit 36cdb5dbf55c99c0faad06066f56a7c341258c1f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 27 10:29:44 2023 +1000 + + Retire dfly58 test VM. Add dfly64. + +commit 2d34205dab08ede9b0676efa57647fc49e6decbe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 26 23:06:00 2023 +0000 + + upstream: make ssh -f (fork after authentication) work properly in + + multiplexed cases (inc. ControlPersist). bz3589 bz3589 Based on patches by + Peter Chubb; ok dtucker@ + + OpenBSD-Commit-ID: a7a2976a54b93e6767dc846b85647e6ec26969ac + +commit 076aeda86a7ee9be8fd2f0181ec7b9729a6ceb37 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sun Jul 23 20:04:45 2023 +0000 + + upstream: man page typos; ok jmc@ + + OpenBSD-Commit-ID: e6ddfef94b0eb867ad88abe07cedc8ed581c07f0 + +commit 135e7d5fe31f700e6dfc61ce914970c5ee7175ba +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Jul 20 05:43:39 2023 +0000 + + upstream: tweak the allow-remote-pkcs11 text; + + OpenBSD-Commit-ID: bc965460a89edf76865b7279b45cf9cbdebd558a + +commit 5f83342b61d1f76c141de608ed2bd293990416bd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 25 13:00:22 2023 +1000 + + Handle a couple more OpenSSL no-ecc cases. + + ok djm@ + +commit edc2ef4e418e514c99701451fae4428ec04ce538 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jul 20 12:53:44 2023 +1000 + + depend + +commit 51fda734e0d3c2df256fc03e8b060c4305be6e59 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jul 20 12:53:21 2023 +1000 + + Bring back OPENSSL_HAS_ECC to ssh-pkcs11-client + +commit 099cdf59ce1e72f55d421c8445bf6321b3004755 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 14:03:45 2023 +0000 + + upstream: Separate ssh-pkcs11-helpers for each p11 module + + Make ssh-pkcs11-client start an independent helper for each provider, + providing better isolation between modules and reliability if a single + module misbehaves. + + This also implements reference counting of PKCS#11-hosted keys, + allowing ssh-pkcs11-helper subprocesses to be automatically reaped + when no remaining keys reference them. This fixes some bugs we have + that make PKCS11 keys unusable after they have been deleted, e.g. + https://bugzilla.mindrot.org/show_bug.cgi?id=3125 + + ok markus@ + + OpenBSD-Commit-ID: 0ce188b14fe271ab0568f4500070d96c5657244e + +commit 29ef8a04866ca14688d5b7fed7b8b9deab851f77 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 14:02:27 2023 +0000 + + upstream: Ensure FIDO/PKCS11 libraries contain expected symbols + + This checks via nlist(3) that candidate provider libraries contain one + of the symbols that we will require prior to dlopen(), which can cause + a number of side effects, including execution of constructors. + + Feedback deraadt; ok markus + + OpenBSD-Commit-ID: 1508a5fbd74e329e69a55b56c453c292029aefbe + +commit 1f2731f5d7a8f8a8385c6031667ed29072c0d92a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 13:56:33 2023 +0000 + + upstream: Disallow remote addition of FIDO/PKCS11 provider + + libraries to ssh-agent by default. + + The old behaviour of allowing remote clients from loading providers + can be restored using `ssh-agent -O allow-remote-pkcs11`. + + Detection of local/remote clients requires a ssh(1) that supports + the `session-bind@openssh.com` extension. Forwarding access to a + ssh-agent socket using non-OpenSSH tools may circumvent this control. + + ok markus@ + + OpenBSD-Commit-ID: 4c2bdf79b214ae7e60cc8c39a45501344fa7bd7c + +commit 892506b13654301f69f9545f48213fc210e5c5cc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 19 13:55:53 2023 +0000 + + upstream: terminate process if requested to load a PKCS#11 provider + + that isn't a PKCS#11 provider; from / ok markus@ + + OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c + +commit f3f56df8ec476b2de6cbdbdfdb77a2a61087829d +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 19 12:07:18 2023 +1000 + + agent_fuzz doesn't want stdint.h conditionalised + +commit 750911fd31d307a767cc86e3bfa90bbbb77b1a25 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jul 18 15:41:12 2023 +1000 + + conditionalise stdint.h inclusion on HAVE_STDINT_H + + fixes build on AIX5 at least + +commit ff047504fa6e008c4092f8929881816b8993bea0 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jul 18 15:30:45 2023 +1000 + + conditionalise match localnetwork on ifaddrs.h + + Fixes build breakage on platforms that lack getifaddrs() + +commit b87b03282e466ca2927954ce93f5dbf0bfdc68f6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 06:16:33 2023 +0000 + + upstream: missing match localnetwork negation check + + OpenBSD-Commit-ID: 9a08ed8dae27d3f38cf280f1b28d4e0ff41a737a + +commit 6d6e185ba29ef4274164b77eab4dc763907f8821 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jul 17 05:41:53 2023 +0000 + + upstream: - add -P to usage() - sync the arg name to -J in usage() + + with that in ssh.1 - reformat usage() to match what "man ssh" does on 80width + + OpenBSD-Commit-ID: 5235dd7aa42e5bf90ae54579d519f92fc107036e + +commit f1a9898283a0638667b587ee4a950afd61ab51b0 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jul 17 05:38:10 2023 +0000 + + upstream: -P before -p in SYNOPSIS; + + OpenBSD-Commit-ID: 535f5257c779e26c6a662a038d241b017f8cab7c + +commit eef4d7e873568e1c84c36bb4034e2c3378250a61 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Mon Jul 17 05:36:14 2023 +0000 + + upstream: configuation -> configuration + + OpenBSD-Commit-ID: 4776ced33b780f1db0b2902faec99312f26a726b + +commit dc1dbe94cf6532bd546a3373ad436404f8850e5f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 05:26:38 2023 +0000 + + upstream: move other RCSIDs to before their respective license blocks + + too no code change + + OpenBSD-Commit-ID: ef5bf46b57726e4260a63b032b0b5ac3b4fe9cd4 + +commit ebe11044681caff78834ca6b78311ad19c1860b8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 05:22:30 2023 +0000 + + upstream: Move RCSID to before license block and away from #includes, + + where it caused merge conflict in -portable for each commit :( + + OpenBSD-Commit-ID: 756ebac963df3245258b962e88150ebab9d5fc20 + +commit 05c08e5f628de3ecf6f7ea20947735bcfa3201e0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 05:20:15 2023 +0000 + + upstream: return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a + + valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed + to fall back to text revocation lists in some cases; fixes t-cert-hostkey. + + OpenBSD-Commit-ID: 5c670a6c0f027e99b7774ef29f18ba088549c7e1 + +commit c6fad2c3d19b74f0bd0af1ef040fc74f3a1d9ebb +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jul 17 14:56:14 2023 +1000 + + avoid AF_LINK on platforms that don't define it + +commit 919bc3d3b712c920de1ae6be5ac6561c98886d7e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 04:08:31 2023 +0000 + + upstream: Add support for configuration tags to ssh(1). + + This adds a ssh_config(5) "Tag" directive and corresponding + "Match tag" predicate that may be used to select blocks of + configuration similar to the pf.conf(5) keywords of the same + name. + + ok markus + + OpenBSD-Commit-ID: dc08358e70e702b59ac3e591827e5a96141b06a3 + +commit 3071d85a47061c1bdaf11a0ac233b501ecba862c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 04:04:36 2023 +0000 + + upstream: add a "match localnetwork" predicate. + + This allows matching on the addresses of available network interfaces + and may be used to vary the effective client configuration based on + network location (e.g. to use a ProxyJump when not on a particular + network). + + ok markus@ + + OpenBSD-Commit-ID: cffb6ff9a3803abfc52b5cad0aa190c5e424c139 + +commit beec17bb311365b75a0a5941418d4b96df7d7888 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 04:01:10 2023 +0000 + + upstream: remove vestigal support for KRL signatures + + When the KRL format was originally defined, it included support for + signing of KRL objects. However, the code to sign KRLs and verify KRL + signatues was never completed in OpenSSH. + + Now, some years later, we have SSHSIG support in ssh-keygen that is + more general, well tested and actually works. So this removes the + semi-finished KRL signing/verification support from OpenSSH and + refactors the remaining code to realise the benefit - primarily, we + no longer need to perform multiple parsing passes over KRL objects. + + ok markus@ + + OpenBSD-Commit-ID: 517437bab3d8180f695c775410c052340e038804 + +commit 449566f64c21b4578d5c0c431badd0328adc53ed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 17 03:57:21 2023 +0000 + + upstream: Support for KRL extensions. + + This defines wire formats for optional KRL extensions and implements + parsing of the new submessages. No actual extensions are supported at + this point. + + ok markus + + OpenBSD-Commit-ID: ae2fcde9a22a9ba7f765bd4f36b3f5901d8c3fa7 + +commit 18ea857770e84825a3a6238bb37f54864487b59f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 14 07:44:21 2023 +0000 + + upstream: Include stdint.h for SIZE_MAX. Fixes OPENSSL=no build. + + OpenBSD-Commit-ID: e7c31034a5434f2ead3579b13a7892960651e6b0 + +commit 20b768fcd13effe0f2d3619661b6c8592c773553 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 14 17:07:32 2023 +1000 + + Fix typo in declaration of nmesg. + +commit 4b94d09542e36ebde2eb9ad89bc68431609932de +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jul 14 15:34:47 2023 +1000 + + portable-specific int overflow defence-in-depth + + These too are unreachable, but we want the code to be safe regardless of + context. Reported by Yair Mizrahi @ JFrog + +commit 2ee48adb9fc8692e8d6ac679dcc9f35e89ad68f0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 14 05:31:44 2023 +0000 + + upstream: add defence-in-depth checks for some unreachable integer + + overflows reported by Yair Mizrahi @ JFrog; feedback/ok millert@ + + OpenBSD-Commit-ID: 52af085f4e7ef9f9d8423d8c1840a6a88bda90bd + +commit 4b43bc358ae6f6b19a973679246dc5172f6ac41b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 10 04:51:26 2023 +0000 + + upstream: misplaced debug message + + OpenBSD-Commit-ID: d0f12af0a5067a756aa707bc39a83fa6f58bf7e5 + +commit 8c7203bcee4c4f98a22487b4631fe068b992099b +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 12 11:41:19 2023 +1000 + + replace deprecate selinux matchpathcon function + + This function is apparently deprecated. Documentation on what is the + supposed replacement is is non-existent, so this follows the approach + glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59 + + ok dtucker@ + +commit 7e8800f5d701efffa39ccb63ca1e095ea777c31a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jul 6 22:17:59 2023 +0000 + + upstream: minleft and maxsign are u_int so cast appropriately. Prompted + + by github PR#410, ok deraadt. + + OpenBSD-Commit-ID: 0514cd51db3ec60239966622a0d3495b15406ddd + +commit 94842bfe9b09fc93189c6ed0dc9bbebc1d44a426 +Author: dlg@openbsd.org <dlg@openbsd.org> +Date: Tue Jul 4 03:59:21 2023 +0000 + + upstream: add support for unix domain sockets to ssh -W + + ok djm@ dtucker@ + + OpenBSD-Commit-ID: 3e6d47567b895c7c28855c7bd614e106c987a6d8 + +commit a95fc5eed09a0238fb127b6c50e8498432b79dae +Author: David Seifert <soap@gentoo.org> +Date: Fri May 12 14:06:01 2023 +0200 + + gss-serv.c: `MAXHOSTNAMELEN` -> `HOST_NAME_MAX` + + `MAXHOSTNAMELEN` is not defined in POSIX, which breaks on musl: + https://pubs.opengroup.org/onlinepubs/9699919799/functions/gethostname.html + + Bug: https://bugs.gentoo.org/834044 + +commit 8a6cd08850f576e7527c52a1b086cae82fab290e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jun 23 09:49:02 2023 +1000 + + Update runner OS version for hardenedmalloc test. + + Hardenedmalloc dropped support for "legacy glibc" versions in their + 64dad0a69 so use a newer Ubuntu version for the runner for that test. + +commit cfca6f17e64baed6822bb927ed9f372ce64d9c5b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 22 15:04:03 2023 +1000 + + handle sysconf(SC_OPEN_MAX) returning > INT_MAX; + + bz3581; ok dtucker + +commit c1c2ca1365b3f7b626683690bd2c68265f6d8ffd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 21 05:10:26 2023 +0000 + + upstream: better validate CASignatureAlgorithms in ssh_config and + + sshd_config. + + Previously this directive would accept certificate algorithm names, but + these were unusable in practice as OpenSSH does not support CA chains. + + part of bz3577; ok dtucker@ + + OpenBSD-Commit-ID: a992d410c8a78ec982701bc3f91043dbdb359912 + +commit 4e73cd0f4ab3e5b576c56cac9732da62c8fc0565 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 21 05:08:32 2023 +0000 + + upstream: make `ssh -Q CASignatureAlgorithms` only list signature + + algorithms that are valid for CA signing. Previous behaviour was to list all + signing algorithms, including certificate algorithms (OpenSSH certificates do + not support CA chains). part of bz3577; ok dtucker@ + + OpenBSD-Commit-ID: 99c2b072dbac0f44fd1f2269e3ff6c1b5d7d3e59 + +commit a69062f1695ac9c3c3dea29d3044c72aaa6af0ea +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 21 05:06:04 2023 +0000 + + upstream: handle rlimits > INT_MAX (rlim_t is u64); ok dtucker + + bz3581 + + OpenBSD-Commit-ID: 31cf59c041becc0e5ccb0a77106f812c4cd1cd74 + +commit 8d33f2aa6bb895a7f85a47189913639086347b75 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 20 23:59:33 2023 +0000 + + upstream: prepare for support for connecting to unix domain sockets + + using ssh -W by explicitly decoding PORT_STREAMLOCAL (a negative number) from + the u32 that's passed over the multiplexing socket; previously code would + just cast, which is UB. + + OpenBSD-Commit-ID: e5ac5f40d354096c51e8c118a5c1b2d2b7a31384 + +commit b4ac435b4e67f8eb5932d8f59eb5b3cf7dc38df0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 20 00:05:09 2023 +0000 + + upstream: reset comment=NULL for each key in do_fingerprint(); + + fixes "no comment" not showing on when running `ssh-keygen -l` on multiple + keys where one has a comment and other following keys do not. Patch from + Markus Kuhn via GHPR407, bz3580 + + OpenBSD-Commit-ID: 3cce84456fdcd67dc6b84e369f92c6686d111d9b + +commit b53a809a549dcd4fbde554c6aa283e597b15ea33 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Mon Jun 5 13:24:36 2023 +0000 + + upstream: Store timeouts as int, not u_int as they are limited to + + INT_MAX. Fixes sign compare warnings systems with 32-bit time_t due to type + promotion. OK djm@ + + OpenBSD-Commit-ID: 48081e9ad35705c5f1705711704a4c2ff94e87b7 + +commit 2709809fd616a0991dc18e3a58dea10fb383c3f0 +Author: Philip Hands <phil@hands.com> +Date: Wed May 24 19:41:14 2023 +0200 + + fixup! if -s & -p specified, mention 'sftp -P' on + + success + + SSH-Copy-ID-Upstream: 32686e7c65b4fa2846e474d3315102dfa0f043b0 + +commit 204e0bf05161b7641500d7ab266c21217412379f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Aug 3 21:25:48 2021 +1000 + + Make ssh-copy-id(1) consistent with OpenSSH. + + This makes the ssh-copy-id man page more consistent with the rest of the + OpenSSH man pages: + - new sentence, new line + - no sentences >80 + - N.B. -> NB + - zap unused .Pp + - zap trailing whitespace + + Report from Debian via mindrot bz#3331, diff from jmc at openbsd.org. + + SSH-Copy-ID-Upstream: d8974cfb6242316460ed22a1ccc662800a50c5d3 + +commit 9de79df66d1430d290fab670bb4b18612875e518 +Author: Philip Hands <phil@hands.com> +Date: Wed May 24 11:45:43 2023 +0200 + + if -s & -p specified, mention 'sftp -P' on success + + This was inspired by this: + https://github.com/openssh/openssh-portable/pull/321 + but I thought that it was better to not do the sed patching. + + BTW the reason one can get away with using $SSH_OPTS throughout, despite + the lowercase -p in there, even if sftp is in use, is that the sftp call + is using the already-established ssh master connection, so the port was + passed to the earlier ssh. + + SSH-Copy-ID-Upstream: 1c124d9bfafdbe28a00b683367ebf5750ce12eb2 + +commit 801cda54c00e0f4e7d89345a90874c8d05dc233a +Author: Philip Hands <phil@hands.com> +Date: Tue May 23 23:07:11 2023 +0200 + + drop whitespace + + SSH-Copy-ID-Upstream: e604fae1cdee35c18055d35dcec530cf12ef00ad + +commit 288482f53613f3e74544eb92deeb24f7c7f1f371 +Author: Philip Hands <phil@hands.com> +Date: Tue May 23 20:52:13 2023 +0200 + + make -x also apply to the target script + + SSH-Copy-ID-Upstream: 3c4214704f427bd0654adf9b0fc079253db21cf4 + +commit b79e7b88ed44f0e4339f0ff35c96c78a92175a8d +Author: Philip Hands <phil@hands.com> +Date: Tue May 23 16:46:42 2023 +0200 + + add -t option to specify the target path + + Allow the default target path (.ssh/authorized_files) to be over-riden + + This was inspired by this MR from Panagiotis Cheilaris <philaris@cs.ntua.gr> + + https://gitlab.com/phil_hands/ssh-copy-id/-/merge_requests/8 + + SSH-Copy-ID-Upstream: a942a0e076874adb6d8b2f0fb76d6c7918190fcd + +commit 914f4ad138714c471ba72fb6d5496b6235320edd +Author: Carlos RodrÃguez Gili <carlos.rodriguez-gili@upc.edu> +Date: Tue Apr 20 19:23:57 2021 +0200 + + Fix test error for /bin/sh on Solaris 10 and older + + On Solaris 10 and older targets /bin/sh is not POSIX-compliant. + Test -z `...` fails with error 'sh: test: argument expected'. + Using quotes around backticks fixes this and doesn't break + POSIX compatibility. + + SSH-Copy-ID-Upstream: 98394072a3f985b2650c1e8eab2fef84e38cc065 + +commit bd382dca316c721aed1e45edcf4c4e0f6374afb0 +Author: Jakub Jelen <jjelen@redhat.com> +Date: Tue Mar 2 21:34:05 2021 +0000 + + Remove outdated comment + + The commit b068122 removed the code dropping the trailing colon, but the comment stayed leaving the code confusing for future readers + + SSH-Copy-ID-Upstream: 930d39f238117cd53810240ec989d0356aa1c1f6 + +commit bdcaf7939029433635d63aade8f9ac762aca2bbe +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed May 10 18:50:46 2023 +1000 + + Special case OpenWrt instead of Dropbear. + + OpenWrt overrides the location of authorized_keys for root. Currently we + assume that all Dropbear installations behave this way, which is not the + case. Check for OpenWrt and root user before using that location instead + of assuming that for all Dropbear servers. Prompted by Github PR#250. + + SSH-Copy-ID-Upstream: 0e1f5d443a9967483c33945793107ae3f3e4af2d + +commit cf84498f67abe93f813a296167b406a0db7b288e +Author: Philip Hands <phil@hands.com> +Date: Thu May 18 18:20:55 2023 +0200 + + ssh-copy-id: add -x option (for debugging) + + This option causes the ssh-copy-id to run with set -x + + SSH-Copy-ID-Upstream: a0ee367ea8c0a29c8b4515245e408d2d349e7844 + +commit b4a1efdcb88f03394c08e7f68ed4e11676830002 +Author: Philip Hands <phil@hands.com> +Date: Thu May 18 17:14:41 2023 +0200 + + update copyright notices + + SSH-Copy-ID-Upstream: c284ed33b361814ea48ff68cbd01ca525b2bf117 + +commit fcd78e31cdd45a7e69ccfe6d8a3b1037dc1de290 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 24 23:01:06 2023 +0000 + + upstream: fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand + + appears previously in configuration. Reported by John Meyers in bz3574 ok + dtucker@ + + OpenBSD-Commit-ID: 1c92e4517284386703936e1d3abaa36cfacf1951 + +commit 5ec5504f1d328d5bfa64280cd617c3efec4f78f3 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed May 10 10:04:20 2023 +0000 + + upstream: Remove unused prototypes for ssh1 RSA functions. + + From lengyijun via github PR#396. + + OpenBSD-Commit-ID: 379a5afa8b7a0f3cba0c8a9bcceb4e5e33a5c1ef + +commit fbf362b3891ae4b36052d1b39f37fc618b41c476 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue May 9 19:26:56 2023 +1000 + + main(void) to prevent unused variable warning. + +commit baf854c8bb0a6d0af5c696c801e631a48dabbaba +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue May 9 19:25:45 2023 +1000 + + Remove warning pragma since clang doesn't like it. + +commit 5fbb7a1349fbbb48ccb1b8cafff2c1854370d87d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue May 9 17:13:33 2023 +1000 + + Suppress warning for snprintf truncation test. + +commit 47742c513e4e045ecc985c6483fc5c8b050acda2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue May 9 17:12:50 2023 +1000 + + Update OpenSSL compat test for 3.x. + +commit 86ad25d455a2313126125540e61e0f9314283f88 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon May 8 20:23:08 2023 +1000 + + Add macos13 PAM test target. + +commit 77cca2c4b13bc6e5f389565583b6202b0d1bccc2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon May 8 20:14:46 2023 +1000 + + Skip agent-peereid test on macos13. + + sudo -S nobody doesn't work on the github runners (probably a + permission issue) so skip that test. + +commit b356b8e91678ea295bcf44df5248c3fbf499fdcf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon May 8 20:14:28 2023 +1000 + + Include config.guess in debug output. + +commit b7afd8a4ecaca8afd3179b55e9db79c0ff210237 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon May 8 20:12:59 2023 +1000 + + Handle OpenSSL >=3 ABI compatibility. + + Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only + major must match instead of major and minor in earlier versions). + bz#3548, ok djm@ + +commit 0e9e2663eb2c6e9c3e10d15d70418312ae67e542 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon May 1 08:57:29 2023 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: 3d5f811cfcaed8cc4a97e1db49ac61bdf118113c + +commit d9687f49682e1e93383fc15ab2018850b2ef38c3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon May 1 11:45:14 2023 +1000 + + Add macos-13 test target. + + Also flatten OS list for clarity. + +commit aacfd6767497b8fa6d41ecdd3f8e265d1e9ef1f6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Apr 30 22:54:22 2023 +0000 + + upstream: adjust ftruncate() logic to handle servers that reorder + + requests. + + sftp/scp will ftruncate the destination file after a transfer completes, + to deal with the case where a longer destination file already existed. + We tracked the highest contiguous block transferred to deal with this + case, but our naive tracking doesn't deal with servers that reorder + requests - a misfeature strictly permitted by the protocol but seldom + implemented. + + Adjust the logic to ftruncate() at the highest absolute block received + when the transfer is successful. feedback deraadt@ ok markus@ + + prompted by https://github.com/openssh/openssh-portable/commit/9b733#commitcomment-110679778 + + OpenBSD-Commit-ID: 4af7fac75958ad8507b4fea58706f3ff0cfddb1b + +commit c8eb3941758615c8284a48fff47872db926da63c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Apr 26 01:36:03 2023 +0000 + + upstream: Check for ProxyJump=none in CanonicalizeHostname logic. + + Previously ssh would incorrectly refuse to canonicalise the hostname + if ProxyJump was explicitly set to "none" when CanonicalizeHostname=yes + + bz3567; ok dtucker + + OpenBSD-Commit-ID: 80a58e43c3a32f97361282f756ec8d3f37989efd + +commit ac383f3a5c6f529a2e8a5bc44af79a08c7da294e +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Wed Apr 12 14:22:04 2023 +0000 + + upstream: remove duplicate signal.h include + + OpenBSD-Commit-ID: 30c0a34d74d91ddd0e6992525da70d3293392f70 + +commit 740dafa20f3f3d325f6f5d44e990b8c8a6d3d816 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Wed Apr 12 08:53:54 2023 +0000 + + upstream: fix double words ok dtucker@ + + OpenBSD-Commit-ID: 44d3223902fbce5276422bdc8063ab72a4078489 + +commit 6452f89577ec4f22440c31b8e19b061d1a7c4b2a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 11 16:49:19 2023 +1000 + + Test against LibreSSL 3.7.2. + +commit 2138f6be595ca106fe4805a1e3ab9c4d8acc697b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Apr 6 14:33:10 2023 +1000 + + remove unused upper-case const strings in fmtfp + + no float format that uses upper-case is supported nor are hex floats. + ok dtucker + +commit 484c5e6168fdb22cbcd73c4ff987cf9ca47989ca +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Apr 6 03:56:02 2023 +0000 + + upstream: simplify sshsig_find_principals() similar to what happened to + + sshsig_check_allowed_keys() in r1.31, removing some dead code + + OpenBSD-Commit-ID: a493e628d4d6c08f878c276d998f4313ba61702d + +commit 3a7b110fbc7e096423f8f7b459deffe4c65d70f4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Apr 6 03:21:31 2023 +0000 + + upstream: remove redundant ssh!=NULL check; we'd already + + dereferenced it + + OpenBSD-Commit-ID: 852bf12591ec5a9fb12dcbde9b1fd3945ad0df3c + +commit 2519110659a1efac6c976895a86659d1b341c91b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Apr 6 03:19:32 2023 +0000 + + upstream: match_user() shouldn't be called with user==NULL unless + + host and ipaddr are also NULL + + OpenBSD-Commit-ID: fa3518346c21483e9e01a2e4b9436ae501daf8ea + +commit 3b9ceaad7ad63c1c03c2a89e148340ad3a62a482 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Apr 6 03:12:32 2023 +0000 + + upstream: don't care about glob() return value here. + + OpenBSD-Commit-ID: 85bb82fea90478a482e9f65a1bec0aa24227fd66 + +commit 09d8da0849e2791b2500267cda333cd238f38754 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Apr 3 08:10:54 2023 +0000 + + upstream: Move up null check and simplify process_escapes. + + Based on Coverity CID 291863 which points out we check the channel + pointer for NULLness after dereferencing it. Move this to the start + of the function, and while there simplify initialization of efc a bit. + ok djm@ + + OpenBSD-Commit-ID: de36e5ad6fde0fe263ca134e986b9095dc59380a + +commit b36b162be5e6206f12b734222b7bc517c13a6bc8 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 31 14:51:20 2023 +1100 + + need va_end() after va_copy(); ok dtucker + + spotted by Coverity + +commit f703757234a5c585553e72bba279b255a272750a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 31 05:56:36 2023 +0000 + + upstream: Explicitly ignore return from waitpid here too. + + OpenBSD-Commit-ID: eef2403df083c61028969fc679ee370373eacacb + +commit 6b73aa29035991d1448a1a76f63ac152a6bf931c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 31 04:45:08 2023 +0000 + + upstream: Explictly ignore return codes + + where we don't check them. + + OpenBSD-Commit-ID: 1ffb03038ba1b6b72667be50cf5e5e396b5f2740 + +commit 6f0308a3e717ebe68eeb3f95253612fab5dbf20e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 31 04:42:29 2023 +0000 + + upstream: Return immediately from get_sock_port + + if sock <0 so we don't call getsockname on a negative FD. From Coverity + CID 291840, ok djm@ + + OpenBSD-Commit-ID: de1c1130646230c2eda559831fc6bfd1b61d9618 + +commit 1c1124dc901fca1ea2cb762044b8f1a5793a2bed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 31 04:23:02 2023 +0000 + + upstream: don't leak arg2 on parse_pubkey_algos error path; ok + + dtucker@ + + OpenBSD-Commit-ID: 7d0270ad3dd102412ca76add2b3760518abdef75 + +commit 8ba2d4764bb6a4701cd447d8b52604622ffe65f4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 31 04:22:27 2023 +0000 + + upstream: clamp max number of GSSAPI mechanisms to 2048; ok dtucker + + OpenBSD-Commit-ID: ce66db603a913d3dd57063e330cb5494d70722c4 + +commit 1883841fc13d0eada8743cac5d3abe142ee2efa7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 31 04:21:56 2023 +0000 + + upstream: don't print key if printing hostname failed; with/ok + + dtucker@ + + OpenBSD-Commit-ID: ad42971a6ee5a46feab2d79f7f656f8cf4b119f3 + +commit c6011129cafe4c411f6ef670a4cf271314708eb8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 31 04:04:15 2023 +0000 + + upstream: remove redundant test + + OpenBSD-Commit-ID: 6a0b719f9b1ae9d42ad8c5b144c7962c93792f7c + +commit 4fb29eeafb40a2076c0dbe54e46b687c318f87aa +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 31 04:00:37 2023 +0000 + + upstream: don't attempt to decode a ridiculous number of + + attributes; harmless because of bounds elsewhere, but better to be explicit + + OpenBSD-Commit-ID: 1a34f4b6896155b80327d15dc7ccf294b538a9f2 + +commit fc437c154ef724621a4af236de9bc7e51a8381ae +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 31 03:22:49 2023 +0000 + + upstream: remove unused variable; prompted by Coverity CID 291879 + + OpenBSD-Commit-ID: 4c7d20ef776887b0ba1aabcfc1b14690e4ad0a40 + +commit 0eb8131e4a53b33a8fc9b9ab694e6b6778b87ade +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 31 00:44:29 2023 +0000 + + upstream: Check fd against >=0 instead of >0 in error path. The + + dup could in theory return fd 0 although currently it doesn't in practice. + From Dmitry Belyavskiy vi github PR#238. + + OpenBSD-Commit-ID: 4a95f3f7330394dffee5c749d52713cbf3b54846 + +commit 7174ba6f8a431ca4257767a260fc50e204068242 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 30 07:19:50 2023 +0000 + + upstream: Ignore return value from muxclient(). It normally loops + + without returning, but it if returns on failure we immediately exit. + Coverity CID 405050. + + OpenBSD-Commit-ID: ab3fde6da384ea588226037c38635a6b2e015295 + +commit a4c1c2513e36f111eeaa1322c510067930e5e51e +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 31 14:17:22 2023 +1100 + + don't call connect() on negative socket + + Coverity CID 405037 + +commit 34ee842cdd981a759fe8f0d4a37521f9a1c63170 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 30 03:05:01 2023 +0000 + + upstream: return SSH_ERR_KEY_NOT_FOUND if the allowed_signers file + + is empty, not SSH_ERR_INTERNAL_ERROR. Also remove some dead code spotted + by Coverity; with/ok dtucker@ + + OpenBSD-Commit-ID: 898a1e817cda9869554b1f586a434f67bcc3b650 + +commit f108e77a9dc9852e72215af1bf27731c48434557 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 30 00:49:37 2023 +0000 + + upstream: Remove dead code from inside if block. + + The only way the if statement can be true is if both dup()s fail, and + in that case the tmp2 can never be set. Coverity CID 291805, ok djm@ + + OpenBSD-Commit-ID: c0d6089b3fb725015462040cd94e23237449f0c8 + +commit 05b8e88ebe23db690abbfb1a91111abea09cde08 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 30 13:53:29 2023 +1100 + + child_set_eng: verify both env pointer and count. + + If child_set env was called with a NULL env pointer and a non-zero count + it would end up in a null deref, although we don't currently do this. + Prompted by Coverity CID 291850, tweak & ok djm@ + +commit 28f1b8ef9b84b8cd2f6c9889a0c60aa4a90dadfa +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 29 01:07:48 2023 +0000 + + upstream: Ignore return from sshpkt_disconnect + + since we set our own return value for the function. Coverity CID 291797, + ok djm@ + + OpenBSD-Commit-ID: 710b57ba954c139240895e23feea41f203201f04 + +commit c3da05d95922f5550bcc7815e799474d6a160175 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 29 00:59:08 2023 +0000 + + upstream: Plug potential mem leak in process_put. + + It allocates abs_dst inside a loop but only frees it on exit, so free + inside the loop if necessary. Coverity CID 291837, ok djm@ + + OpenBSD-Commit-ID: a01616503a185519b16f00dde25d34ceaf4ae1a3 + +commit 13ae327eae598b1043e5ec30e4b170edb3c898a5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 29 00:18:35 2023 +0000 + + upstream: fix memory leak; Coverity CID 291848 + + with/ok dtucker@ + + OpenBSD-Commit-ID: 37f80cb5d075ead5a00ad1b74175684ab1156ff8 + +commit 9ffa76e1284c85bf459c3dcb8e995733a8967e1b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 28 07:44:32 2023 +0000 + + upstream: Plug more mem leaks in sftp by making + + make_absolute_pwd_glob work in the same way as make_absolute: you + pass it a dynamically allocated string and it either returns it, or + frees it and allocates a new one. Patch from emaste at freebsd.org and + https://reviews.freebsd.org/D37253 ok djm@ + + OpenBSD-Commit-ID: 85f7404e9d47fd28b222fbc412678f3361d2dffc + +commit 82b2b8326962b1a98af279bc5bbbbbcab15b3e45 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 28 06:12:38 2023 +0000 + + upstream: Remove compat code for OpenSSL < 1.1.* + + since -portable no longer supports them. + + OpenBSD-Commit-ID: ea2893783331947cd29a67612b4e56f818f185ff + +commit b500afcf00ae1b6b73b2ccf171111dfbfeaef74d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 27 23:56:54 2023 +0000 + + upstream: Remove compat code for OpenSSL 1.0.* + + versions now that -portable has dropped support for those versions. + + OpenBSD-Regress-ID: 82a8eacd87aec28e4aa19f17246ddde9d5ce7fe7 + +commit 727560e6011efcb36d2f3ac6910444bc775abaa1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 28 18:06:42 2023 +1100 + + Prevent conflicts between Solaris SHA2 and OpenSSL. + + We used to prevent conflicts between native SHA2 headers and OpenSSL's + by setting OPENSSL_NO_SHA but that was removed prior to OpenSSL 1.1.0 + +commit 46db8e14b7f186d32173dcdecd5b785334429b8b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 28 12:44:03 2023 +1100 + + Remove HEADER_SHA_H from previous... + + since it causes more problems than it solves. + +commit 72bd68d37387aa5f81da928f6e82f1c88ed8f674 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 28 10:35:18 2023 +1100 + + Replace OPENSSL_NO_SHA with HEADER_SHA_H. + + Since this test doesn't use OpenSSL's SHA2 and may cause conflicts we + don't want to include it, but OPENSSL_NO_SHA was removed beginning in + OpenSSL's 1.1 series. + +commit 99668f2e6e0deb833e46cfab56db59ff0fc28c7e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 28 09:50:06 2023 +1100 + + Configure with --target instead of deprecated form. + +commit f751d9306c62cd1061f966e6a7483d9bab9c379b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 27 22:05:29 2023 +1100 + + Pass rpath when building 64bit Solaris. + +commit a64b935cd450ee8d04c26c9cd728629cf9ca5c91 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 27 19:21:19 2023 +1100 + + Explicitly disable OpenSSL on AIX test VM. + +commit 7ebc6f060fc2f70495a56e16d210baae6424cd96 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 27 03:56:50 2023 +0000 + + upstream: Add RevokedHostKeys to percent expansion test. + + OpenBSD-Regress-ID: c077fd12a38005dd53d878c5b944154dec88d2ff + +commit f1a17de150f8d309d0c52f9abfaebf11c51a8537 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 27 03:56:11 2023 +0000 + + upstream: Add tilde and environment variable expansion to + + RevokedHostKeys. bz#3552, ok djm@ + + OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d + +commit 009eb4cb48a9708ab9174684dcbcc0f942907abe +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 27 03:31:05 2023 +0000 + + upstream: fix test: getnameinfo returns a non-zero value on error, not + + (neccessarily) -1. From GHPR#384 + + OpenBSD-Commit-ID: d35e2b71268f66f5543a7ea68751972b3ae22b25 + +commit 4f0a676486700f10a4788f7e9426e94e39c1c89e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Mar 27 03:25:08 2023 +0000 + + upstream: scp: when copying local->remote, check that source file + + exists before opening SFTP connection to the server. Based on GHPR#370 ok + dtucker, markus + + OpenBSD-Commit-ID: b4dd68e15bfe22ce4fac9960a1066a2b721e54fb + +commit 154d8baf631327163571760c2c524bc93c37567c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 27 12:22:30 2023 +1100 + + Also look for gdb error message from OpenIndiana. + +commit fbd3811ddb2b6ce2e6dba91fde7352c8978e5412 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 27 11:08:00 2023 +1100 + + Explicitly disable security key test on aix51 VM. + + We don't know how to build the shared objects required for the security + key tests so skip them. + +commit 4922ac3be8a996780ef3dc220411da2e27c29d9c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Mar 26 14:49:43 2023 +1100 + + Split libcrypto and other config flags. + + This should allow the automatic OpenSSL version selection in the tests + to work better. + +commit 4a948b1469f185e871160a2d70e2a0fce2858f9e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Mar 26 14:39:45 2023 +1100 + + Specify test target if we build without OpenSSL. + + When we decide we can't use the versions of OpenSSL available, also + restrict the tests we run to avoid the ones that need OpenSSL. + +commit b308c636f5b5d89eecb98be00b3d56306a005a09 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Mar 26 14:22:53 2023 +1100 + + Find suitable OpenSSL version. + + Check the installed OpenSSL versions for a suitable one, and if there + isn't (and we don't have a specific version configured) then build + without OpenSSL. + +commit 021ea5c2860f133f44790970968e0e73208b3a87 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 15:02:52 2023 +1100 + + Github testing support for BoringSSL + +commit 9a97cd106466a2a9bda2bfaa4c48c4f1b2cc9c1b +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 15:34:29 2023 +1100 + + BoringSSL doesn't support EC_POINT_point2bn() + + so don't invoke it in unittest + +commit cc5969c033a032d126ff78e5d95cf20abbede4c7 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 15:34:05 2023 +1100 + + another ERR_load_CRYPTO_strings() vestige + +commit 4974293899a068133e976f81d6693670d2b576ca +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 15:24:05 2023 +1100 + + don't use obsolete ERR_load_CRYPTO_strings() + + OpenSSL (and elsewhere in OpenSSH) uses ERR_load_crypto_strings() + +commit 3c527d55f906e6970d17c4cab6db90ae9e013235 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 15:23:05 2023 +1100 + + Allow building with BoringSSL + +commit b7e27cfd7f163fc16b4c5d041cc28ee488a5eeec +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 15:21:18 2023 +1100 + + put back SSLeay_version compat in configure test + + Needed to detect old versions and give good "your version is bad" + messages at configure time; spotted by dtucker@ + +commit 7280401bdd77ca54be6867a154cc01e0d72612e0 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 24 13:56:25 2023 +1100 + + remove support for old libcrypto + + OpenSSH now requires LibreSSL 3.1.0 or greater or + OpenSSL 1.1.1 or greater + + with/ok dtucker@ + +commit abda22fb48302f2142233f71d27c74040288c518 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Mar 19 15:36:13 2023 +1100 + + Test latest OpenSSL 1.1, 3.0 and LibreSSL 3.7. + +commit 610ac1cb077cd5a1ebfc21612154bfa13d2ec825 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 16 21:38:04 2023 +1100 + + Show 9.3 branch instead of 9.2. + +commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 16 08:28:19 2023 +1100 + + depend + +commit 1dba63eb10c40b6fda9f5012ed6ae87e2d3d028e +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 16 08:27:54 2023 +1100 + + crank version + +commit ba7532d0dac9aaf0ad7270664c43837fc9f64a5f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 15 21:19:57 2023 +0000 + + upstream: openssh-9.3 + + OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848 + +commit 6fd4daafb949b66bf555f3100f715a9ec64c3390 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 07:28:47 2023 +0000 + + upstream: Free KRL ptr in addition to its contents. + + From Coverity CID 291841, ok djm@ + + OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6 + +commit 1d270bd303afaf6d94e9098cbbf18e5e539e2088 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 07:26:25 2023 +0000 + + upstream: Check pointer for NULL before deref. + + None of the existing callers seem to do that, but it's worth checking. + From Coverity CID 291834, ok djm@ + + OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4 + +commit d95af508e78c0cd3dce56b83853baaa59ae295cf +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 12 10:40:39 2023 +0000 + + upstream: Limit number of entries in SSH2_MSG_EXT_INFO + + request. This is already constrained by the maximum SSH packet size but this + makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@ + + OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09 + +commit 8f287ba60d342b3e2f750e7332d2131e3ec7ecd0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 12 09:41:18 2023 +0000 + + upstream: calloc can return NULL but xcalloc can't. + + From Coverity CID 291881, ok djm@ + + OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b + +commit 83a56a49fd50f4acf900f934279482e4ef329715 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 07:17:08 2023 +0000 + + upstream: Explicitly ignore return from fcntl + + (... FD_CLOEXEC) here too. Coverity CID 291853. + + OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5 + +commit 0fda9d704d3bbf54a5e64ce02a6fecb11fe7f047 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 10 15:59:46 2023 +1100 + + bounds checking for getrrsetbyname() replacement; + + Spotted by Coverity in CID 405033; ok millert@ + +commit 89b8df518f21677045599df0ad3e5dd0f39909b5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 04:06:21 2023 +0000 + + upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. + + OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac + +commit bf4dae0ad192c3e2f03f7223834b00d88ace3d3e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 10 14:46:57 2023 +1100 + + Add prototypes for mkstemp replacements. + + Should prevent warnings due to our wrapper function. + +commit 4e04d68d6a33cdc73b831fd4b5e6124175555d3d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:01:51 2023 +0000 + + upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since + + there's not much we can do anyway. From Coverity CID 291857, ok djm@ + + OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729 + +commit d6d38fd77cbe091c59e1bb720c3a494df4990640 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 02:32:04 2023 +0000 + + upstream: Like sshd_config, some ssh_config options are not + + first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for + this file + + OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e + +commit 7187d3f86bf8f2066cc9941f217d23b0cacae25e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 02:24:56 2023 +0000 + + upstream: Remove no-op (int) > INT_MAX checks + + since they can never be true. From Coverity CID 405031, ok djm@ + + OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84 + +commit 77adde4305542ebe3005dd456122624fe2347b01 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 10 13:27:29 2023 +1100 + + Wrap mkstemp calls with umask set/restore. + + glibc versions 2.06 and earlier did not set a umask on files created by + mkstemp created the world-writable. Wrap mkstemp to set and restore + the umask. From Coverity (CIDs 291826 291886 291891), ok djm@ + +commit 633d3dc2a1e9e2a013d019a0576a0771c8423713 +Author: jcs@openbsd.org <jcs@openbsd.org> +Date: Thu Mar 9 21:06:24 2023 +0000 + + upstream: modify parentheses in conditionals to make it clearer what is + + being assigned and what is being checked + + ok djm dtucker + + OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8 + +commit 733030840c4772f858de95d5940ec0c37663e8b0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 9 07:11:05 2023 +0000 + + upstream: Re-split the merge of the reorder-hostkeys test. + + In the kex_proposal_populate_entries change I merged the the check for + reordering hostkeys with the actual reordering, but kex_assemble_names + mutates options.hostkeyalgorithms which renders the check ineffective. + Put the check back where it was. Spotted and tested by jsg@, ok djm@ + + OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de + +commit 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 9 06:58:26 2023 +0000 + + upstream: include destination constraints for smartcard keys too. + + Spotted by Luci Stanescu; ok deraadt@ markus@ + + OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f + +commit bfd1ad01d974a316b60622759ad17537fa2d92b4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 9 18:24:54 2023 +1100 + + Limit the number of PAM environment variables. + + xcalloc has its own limits, but these are specific to PAM. From + Coverity CID 405198, ok djm@ + +commit a231414970e01a35f45a295d5f93698fa1249b28 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 9 18:19:44 2023 +1100 + + Limit the number of PAM environment variables. + + From Coverity CID 405194, tweaks and ok djm@ + +commit 36c6c3eff5e4a669ff414b9daf85f919666e8e03 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 8 06:21:32 2023 +0000 + + upstream: Plug mem leak. Coverity CID 405196, ok djm@ + + OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2 + +commit dfb9b736e1ccf9e6b03eea21cd961f4fd0634c98 +Author: tb@openbsd.org <tb@openbsd.org> +Date: Wed Mar 8 05:33:53 2023 +0000 + + upstream: ssh-pkcs11: synchronize error messages with errors + + A handful of error messages contained incorrect function names or + otherwise inaccurate descriptions. Fix them to match reality. + + input/ok djm + + OpenBSD-Commit-ID: 165a15db52f75b31e1804b043480c36af09f3411 + +commit 51875897b81b5c21b80c256a29597916edbde454 +Author: guenther@openbsd.org <guenther@openbsd.org> +Date: Wed Mar 8 04:43:12 2023 +0000 + + upstream: Delete obsolete /* ARGSUSED */ lint comments. + + ok miod@ millert@ + + OpenBSD-Commit-ID: 7be168a570264d59e96a7d2d22e927d45fee0e4c + +commit a76085bda883c2104afb33ab0334eca190927362 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 8 17:25:37 2023 +1100 + + Extra brackets to prevent warning. + +commit 147ae57d4dfa0508109f93b78a7d8b92819e1f83 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 8 00:05:58 2023 +0000 + + upstream: use RSA/SHA256 when testing usability of private key in + + agent; with/ok dtucker + + OpenBSD-Commit-ID: fe1382e2fdf23fcae631308e72342bad56066a56 + +commit 27fd251bc906a763e70ce0f27c8abdf8bbd1e416 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 8 00:05:37 2023 +0000 + + upstream: use RSA/SHA256 when testing usability of private key; + + based on fix in bz3546 by Dmitry Belyavskiy; with/ok dtucker + + OpenBSD-Commit-ID: 0ef414cc363a832f9fab92a5da0234448bce2eba + +commit eee9f3fc3d52ae7d2106929bb06b7f291fb0b81a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 7 21:47:42 2023 +0000 + + upstream: refactor to be more readable top to bottom. Prompted by + + Coverity CID 405048 which was a false-positive fd leak; ok dtucker@ + + OpenBSD-Commit-ID: fc55ec2af622a017defb9b768bf26faefc792c00 + +commit 42a06b29a4c99272bf690f9b3be520b08b448dc5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 7 18:34:41 2023 +1100 + + Add header changes missed in previous. + +commit 4710077096edff2e6926dd5b15bf586491d317db +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 7 06:09:14 2023 +0000 + + upstream: Fix mem leak in environment setup. + + From jjelen at redhat.com via bz#2687, ok djm@ + + OpenBSD-Commit-ID: 9f9e4ba3cac003e6f81da3bcebd1b9ec43e7f353 + +commit 03acc50d0ccb78fc91d1570de1cd0fdfea646028 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 6 12:15:47 2023 +0000 + + upstream: Unit test for kex_proposal_populate_entries. + + OpenBSD-Regress-ID: bdb211d80d572a08bf14b49fe2a58b9ff265c006 + +commit 3f9231c2e1f374ebb08016ba00ea97b47c0ed20b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 7 05:37:26 2023 +0000 + + upstream: fix memory leak in process_read() path; Spotted by James + + Robinson in GHPR363; ok markus@ + + OpenBSD-Commit-ID: cdc2d98e6478b7e7f3a36976845adae3820429d8 + +commit c5e6e890839ec520ab9301a92cba56303749dea2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 7 01:30:52 2023 +0000 + + upstream: correct size for array argument when changing + + UMAC_OUTPUT_LEN Coverity CID 291845; ok dtucker@ + + OpenBSD-Commit-ID: 2eb017d10705bb623d4418691f961c930eafaec0 + +commit 9641753e0fd146204d57b2a4165f552a81afade4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Mar 6 12:14:48 2023 +0000 + + upstream: Refactor creation of KEX proposal. + + This adds kex_proposal_populate_entries (and corresponding free) which + populates the KEX proposal array with dynamically allocated strings. + This replaces the previous mix of static and dynamic that has been the + source of previous leaks and bugs. Remove unused compat functions. + With & ok djm@. + + OpenBSD-Commit-ID: f2f99da4aae2233cb18bf9c749320c5e040a9c7b + +commit aa59d6a489fb20973fa461d0fdb1110db412947b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 5 09:24:35 2023 +0000 + + upstream: Fix mem and FILE leaks in moduli screening. + + If multiple -Ocheckpoint= options are passed, the earlier ones would + be overwritten and leaked. If we use an input file that wasn't stdin, + close that. From Coverity CIDs 291884 and 291894. + + OpenBSD-Commit-ID: a4d9d15f572926f841788912e2b282485ad09e8b + +commit 23b8cb41767af99a1aac24589d1882d9c8c2c205 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 5 08:18:58 2023 +0000 + + upstream: Plug mem leak in moduli checkpoint option parsing. + + From Coverity CID 291894. + + OpenBSD-Commit-ID: 9b1aba2d049741ae21c8dc4560a7e29ab17310f4 + +commit fc7f8f2188d4a4fc8ba77eddbe863c7665666db5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 5 05:34:09 2023 +0000 + + upstream: Remove unused compat.h includes. + + We've previously removed a lot of the really old compatibility code, + and with it went the need to include compat.h in most of the files that + have it. + + OpenBSD-Commit-ID: 5af8baa194be00a3092d17598e88a5b29f7ea2b4 + +commit 6c165c36246d8004c20e1df5cec4961a5ac422d6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Mar 4 03:22:59 2023 +0000 + + upstream: Use time_t for x11 timeout. + + Use time_t instead of u_int for remaining x11 timeout checks for 64bit + time_t safety. From Coverity CIDs 405197 and 405028, ok djm@ + + OpenBSD-Commit-ID: 356685bfa1fc3d81bd95722d3fc47101cc1a4972 + +commit 4a3918f51bd2d968387e7aa87e33b32c78077fb4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 3 10:23:42 2023 +0000 + + upstream: Ensure ms_remain is always initialized + + similar to what we do in ssh_packet_write_wait. bz#2687, from jjelen + at redhat.com. + + OpenBSD-Commit-ID: a50e0541cf823f8d1c72f71ccde925d3dbe6dfac + +commit e44846a4487d2885ac7f2610be09b1e2bf52249b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 3 09:48:51 2023 +0000 + + upstream: Check for non-NULL before string + + comparison. From jjelen at redhat.com via bz#2687. + + OpenBSD-Commit-ID: 0d9b2e0cac88a311b5766b1aef737082583c285f + +commit 1842d523fae63b862ce8e60725c9b606cddb86a6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 3 05:00:34 2023 +0000 + + upstream: guard against getsockname(-1, ...) from Coverity CID + + 291832 + + OpenBSD-Commit-ID: e58d5227327917d189229b7f0b37d2780f360d5f + +commit 78571a5fe9847d40d7f220c92b707574ae9ec4ce +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 3 04:36:20 2023 +0000 + + upstream: some options are not first-match-wins. Mention that there + + are exceptions at the start of the manpage and label some of them in the + option description. + + OpenBSD-Commit-ID: 3b74728446fa6fc8742769eeb8c3674e233e84c4 + +commit d1c1b3272e8895a96c4f5889bd6e07a8525bd9f1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 3 04:34:49 2023 +0000 + + upstream: actually print "channeltimeout none" in config dump mode; + + spotted via Coverity CID 405022 + + OpenBSD-Commit-ID: b074b52bf138b75f08264e8da15880b29c7a630f + +commit 8bf61e95610b48192d4e1720cc15d9004617301d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 3 14:50:03 2023 +1100 + + Add Coverity badges. + +commit 93291bd723959adf462b1df958106cf07a7734dd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 3 03:12:24 2023 +0000 + + upstream: Check return values of dup2. Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 19fb1b53072826d00c67df677731d2f6c1dd602b + +commit e37261dff33af23f37202cfce0848d36f5c1055c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 3 02:37:58 2023 +0000 + + upstream: Use time_t for x11_refuse_time timeout. We need + + SSH_TIME_T_MAX for this, so move from misc.c to misc.h so it's available. + Fixes a Coverity warning for 64bit time_t safety, ok djm@ + + OpenBSD-Commit-ID: c69c4c3152cdaab953706db4ccf4d5fd682f7d8d + +commit 32755a98c29114b13f4c9d47454bbb265b932ad7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 3 02:34:29 2023 +0000 + + upstream: Check return value from fctnl and warn on failure. + + Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 2097c7db3cf657f1e3a6c5077041bacc63143cab + +commit 5fc60e8246c36b8255f72a937ebe9787b39648c6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 2 11:10:27 2023 +0000 + + upstream: Remove SUDO in proxy command wrapper. Anything that needs + + sudo is already run by it, and it breaks if root isn't in sudoers. + + OpenBSD-Regress-ID: 6cf22fda32a89c16915f31a6ed9bbdbef2a3bac9 + +commit 0d514659b23a257247491179cfbb53a6dd64e164 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 2 08:24:41 2023 +0000 + + upstream: Fix breakage on dhgex test. + + This was due to the sshd logs being written to the wrong log file. + While there, make save_debug_logs less verbose, write the name of the + tarball to regress.log and use $SUDO to remove the old symlinks (which + shouldn't be needed, but won't hurt). Initial problem spotted by anton@. + + OpenBSD-Regress-ID: 9c44fb9cd418e6ff31165e7a6c1f9f11a6d19f5b + +commit 860201201d4ae655702807966901682cff30a171 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 2 08:14:52 2023 +0000 + + upstream: Quote grep and log message better. + + OpenBSD-Regress-ID: 3823d9063127169736aa274b1784cb28e15b64d4 + +commit 03a03c6002525f5ad9c8fc874a5d5826a35d9858 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 2 06:41:56 2023 +0000 + + upstream: Always call fclose on checkpoints. + + In the case of an fprintf failure we would not call fclose which would + leak the FILE pointer. While we're there, try to clean up the temp file + on failure. Spotted by Coverity, ok djm@ + + OpenBSD-Commit-ID: 73c7ccc5d4fcc235f54c6b20767a2815408525ef + +commit 13fe8f9785e6d90400ce548939a0b0ddc11fcb3c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 1 21:54:50 2023 +0000 + + upstream: Remove old log symlinks + + before creating new ones. In -portable some platforms don't like + overwriting existing symlinks. + + OpenBSD-Regress-ID: 7e7ddc0beb73e945e1c4c58d51c8a125b518120f + +commit 131fcbcaffd1e3bcf5ab766ec497b5d768955310 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 1 23:23:02 2023 +1100 + + Adjust test jobs for new log directory. + +commit a6f4ac8a2baf77e5361cfa017d0dc250d1409bec +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 1 09:29:32 2023 +0000 + + upstream: Rework logging for the regression tests. + + Previously we would log to ssh.log and sshd.log, but that is insufficient + for tests that have more than one concurent ssh/sshd. + + Instead, we'll log to separate datestamped files in a $OBJ/log/ and + leave a symlink at the previous location pointing at the most recent + instance with an entry in regress.log showing which files were created + at each point. This should be sufficient to reconstruct what happened + even for tests that use multiple instances of each program. If the test + fails, tar up all of the logs for later analysis. + + This will let us also capture the output from some of the other tools + which was previously sent to /dev/null although most of those will be + in future commits. + + OpenBSD-Regress-ID: f802aa9e7fa51d1a01225c05fb0412d015c33e24 + +commit 8ead62ed5e86c7df597d8604f332f49cd1527b85 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 28 21:31:50 2023 +0000 + + upstream: fatal out if allocating banner string fails to avoid + + potential null deref later in sscanf. Spotted by Coverity, ok deraadt@ + + OpenBSD-Commit-ID: 74e8d228ac00552e96e9e968dfcccf8dd1f46ad5 + +commit 44ca56ba0b3f531f1d85730cc701097cd49e6868 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 28 08:45:24 2023 +0000 + + upstream: Explicitly ignore return from fchmod + + similar to other calls to prevent warning. + + OpenBSD-Commit-ID: fdc5287dcee0860b5a493186414226c655b0eb0a + +commit 803392933a3a6f09f834aa5f0c2aab06a3b382f4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Feb 27 22:12:40 2023 +0000 + + upstream: Plug mem leak on globbed ls error path. + + Spotted by Coverity, ok deraadt@ + + OpenBSD-Commit-ID: de28476025db29820a9a2e56e98b964d8a02861c + +commit aa33b4d396abf47a2a45f982f28d054fb1dcb5c3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 27 21:04:22 2023 +1100 + + Cast time_t's in debug output to long long. + + Should fix Coverity warning about truncation of 64bit time_t. + +commit b0fd60a9de62a03189ad57d0c07f0ac51dc00e95 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 27 17:28:59 2023 +1100 + + Do shadow expiry calcs using "long long". + + Coverity flags these as potentially not 64bit time_t safe so use + long long for the calculations and debug output. ok djm@ + +commit 01dbeb3084d714bbd001ff9d03b9de542e8cdf58 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Feb 27 17:07:52 2023 +1100 + + avoid clash between for getopt's struct option + + Since we don't use getopt_long() nothing outside the getopt() + implementation itself uses this structure, so move it into the + source to remove it from visibility and clashes with libc's + + ok dtucker@ + +commit eb88d07c43afe407094e7d609248d85a15e148ef +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 25 14:45:41 2023 +1100 + + Revert explicit chmods on private keys. + + This should no longer be needed on Cygwin test runners due to previous + commit. + +commit 52b75db61030a6c8baf66b73644380cf3f58e26a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 25 14:43:28 2023 +1100 + + Remove extended ACLs from working dirs. + + This should allow umask to work as expected and prevent tests from + failing due to excessive permissions on private keys. + +commit 0c5d4c843df5605b043a758d69f9a611ef63c479 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 24 13:44:13 2023 +1100 + + Explicitly set permissions on user and host keys. + + On cygwin, the umask might not be sufficient. Should fix tests on + Github runners. + +commit 6c9fc9d7a9f7abf82c3294d74e6d4a25735862ce +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 22 03:56:43 2023 +0000 + + upstream: fix progressmeter corruption on wide displays; bz3534 + + feedback/ok dtucker@ + + OpenBSD-Commit-ID: f4affee067cec7c182f3e0b307d758e0472762a3 + +commit fe0bd3cde9665d364e5eedd2c2c2e60d4cdc3786 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 21 06:48:18 2023 +0000 + + upstream: fseek to end of known_hosts before writing to it. + + POSIX and ANSI C require that applications call fseek or similar between + read and writing to a RW file. OpenBSD doesn't enforce this, but some + (System V derived) platforms need this to prevent it from writing a + spurious extra byte (in this case, a newline). ok djm@ deraadt@ + + OpenBSD-Commit-ID: 33e680dcd8110582a93a40a8491024e961f45137 + +commit 357fb8ae14c07cd025eeed66e73de91bab569849 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 21 17:51:09 2023 +1100 + + Also run unit tests on AIX VMs. + + In the past these tests took too long, but these days it only adds + about 5 min to the run. + +commit 17781aaa5188ee1477f7779b280d105512e3dbed +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 21 17:38:55 2023 +1100 + + Wrap stdint.h inside ifdef. + +commit ef798bad38505f7bf1b5fa5c0843dfc5a2b192b9 +Author: Mayank Sharma <mayank.fit2010@gmail.com> +Date: Mon Feb 20 17:37:15 2023 +0530 + + Add includes to ptimeout test. + + Fixes test failures on AIX due to type mismatches. + +commit ab69dda05d5268454209f529fa80f477e60d846a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 20 18:24:39 2023 +1100 + + Always use the openssl binary configure tells us. + + This fixes tests on platforms that do not have the openssl tool + installed at all. + +commit 2a7e3449908571af601a4c2d12ab140096442e47 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 17 04:22:50 2023 +0000 + + upstream: Remove now-unused compat bit SSH_BUG_RSASIGMD5. The code + + to set this was removed in OpenSSH 7.7 when support for SSH implementations + dating back to before RFC standardization were removed. "burn it all" djm@ + + OpenBSD-Commit-ID: 6330935fbe23dd00be79891505e06d1ffdac7cda + +commit 0833ccf2c8b7ae08b296c06f17bd53e3ab94b0b0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 17 03:06:18 2023 +0000 + + upstream: Remove now-unused compat bit SSH_BUG_BIGENDIANAES. This + + was previously set for OpenSSH 2.3 (released in 2000) but this check was + removed in OpenSSH 7.7 (2018). ok djm@ deraadt@ + + OpenBSD-Commit-ID: 326426ea328707fc9e83305291ab135c87f678af + +commit c81c2bea6e828d52b62b448b4ffdd3c163177975 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 17 10:12:40 2023 +1100 + + whitespace fixes + +commit 500f90b39db5f0014e6b0c49ff1f45c994b69293 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 17 10:02:08 2023 +1100 + + whitespace at EOL + +commit 68350152406339170721c15e97afdf827a5e4001 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Feb 16 10:10:00 2023 +0000 + + upstream: Remove SSH_BUG_PASSWORDPAD compat bit + + since it's no longer used. ok markus@ + + OpenBSD-Commit-ID: b92c21f56fe4b7f9a54790d6a9650725c226820b + +commit 537cccd804eaf65f32bdce037cc31db4e0ab0f44 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Feb 16 07:55:15 2023 +0000 + + upstream: Remove SSH_BUG_IGNOREMSG compat flag + + since it's only applicable to SSH1 and thus no longer used. ok markus@ + "kill it with fire" djm@ + + OpenBSD-Commit-ID: ea13318b1937795d9db4790d3ce0a6ed01584dab + +commit 285cf6cd4b91a0a0ce33193c358c99085af33e43 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Feb 10 06:41:53 2023 +0000 + + upstream: space between macro and punctuation; sort usage(); + + OpenBSD-Commit-ID: 6141610cfca037700730e41f868d1d9124958f8c + +commit d39a96f70f81878c77336ed35f5c648c1804b71a +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Feb 10 06:40:48 2023 +0000 + + upstream: space between macro and punctuation; + + OpenBSD-Commit-ID: abc95e550be9e6d9a7ff64b65c104c7be21ab19e + +commit 16e82bf53fc34e43e3b948d43b68d5b27a7335e6 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Feb 10 06:39:27 2023 +0000 + + upstream: sort SYNOPSIS; + + OpenBSD-Commit-ID: dacd9da33277d5669a51213d880632599c890c1e + +commit d9685121ff6d57b8797411f3cb123884a4b96e30 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 11 12:32:19 2023 +1100 + + Improve seccomp compat on older systems. + + Check if flags to mmap and madvise are defined before using them. + Should fix problems building on older Linux systems that don't have + these. bz#3537, with & ok djm@. + +commit 6180b0fa4f7996687678702806257e661fd5931e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 05:06:03 2023 +0000 + + upstream: test -Ohashalg=... and that the default output contains both + + specified hash algorithms; prompted by dtucker@ + + OpenBSD-Regress-ID: 26f309208c8d8b8fa9c5f419767b85f1e9b22f51 + +commit d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 04:56:30 2023 +0000 + + upstream: let ssh-keygen and ssh-keyscan accept + + -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm + selection. bz3493 ok dtucker@ + + OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d + +commit 18938d11a90b74d63c20b2d3c965d5bd64786ab1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 04:47:19 2023 +0000 + + upstream: add a `sshd -G` option that parses and prints the + + effective configuration without attempting to load private keys and perform + other checks. This allows usage of the option before keys have been + generated. + + bz3460 feedback/ok dtucker@ + + OpenBSD-Commit-ID: 774504f629023fc25a559ab1d95401adb3a7fb29 + +commit df7d3dbf7194db8e97730ee0425d4d9d7bdb8b10 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 10 04:40:28 2023 +0000 + + upstream: make `ssh -Q CASignatureAlgorithms` work as the manpage says + + it should bz3532 + + OpenBSD-Commit-ID: 0ddb17b3fcbd99bfb5baea4ac5e449620cbd3adc + +commit d3b8d4198b6595f23b5859d43dc8fc701f97429b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 10 14:26:44 2023 +1100 + + Add CentOS 7 test targets. + +commit 22efb01e355bba4755b730ed417f91c081445bfc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Feb 9 09:55:33 2023 +0000 + + upstream: Test adding terminating newline to known_hosts. + + OpenBSD-Regress-ID: 5fc3010ac450195b3fbdeb68e875564968800365 + +commit caec6da1a583ed8c32c6ad3b81bbcaab46ac8b61 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Feb 8 08:06:03 2023 +0000 + + upstream: ssh-agent doesn't actually take -v, + + so the recently-added ones will result in the test not cleaning up + after itself. Patch from cjwatson at debian.org vi bz#3536. + + OpenBSD-Regress-ID: 1fc8283568f5bf2f918517c2c1e778072cf61b1a + +commit 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Feb 9 09:54:11 2023 +0000 + + upstream: Ensure that there is a terminating newline when adding a new + + entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ + markus@ + + OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 + +commit 95b6bbd2553547260b324b39d602061c88b774bc +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 7 08:43:47 2023 +1100 + + Replace 9.1 with 9.2 on CI status page. + +commit 195313dfe10a23c82e9d56d5fdd2f59beee1bdcf +Author: Damien Miller <djm@mindrot.org> +Date: Fri Feb 3 16:33:09 2023 +1100 + + harden Linux seccomp sandbox + + Linux mmap(2) and madvise(2) syscalls support quite a number of funky + flags that we don't expect that sshd/libc will ever need. We can + exclude this kernel attack surface by filtering the mmap(2) flags + and the madvise(2) advice arguments. + + Similarly, the sandboxed process in sshd is a single-threaded program + that does not use shared memory for synchronisation or communication. + Therefore, there should be no reason for the advanced priority + inheritance futex(2) operations to be necessary. These can also be + excluded. + + Motivated by Jann Horn pointing out that there have been kernel bugs + in nearby Linux kernel code, e.g. CVE-2020-29368, CVE-2020-29374 and + CVE-2022-42703. + + Feedback Jann Horn, ok dtucker@ + +commit 6dfb65de949cdd0a5d198edee9a118f265924f33 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 2 23:21:54 2023 +1100 + + crank versions in RPM specs + +commit d07cfb11a0ca574eb68a3931d8c46fbe862a2021 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 2 23:21:45 2023 +1100 + + update version in README + +commit 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 2 23:17:49 2023 +1100 + + adapt compat_kex_proposal() test to portable + +commit 903c556b938fff2d7bff8da2cc460254430963c5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 2 12:12:52 2023 +0000 + + upstream: test compat_kex_proposal(); by dtucker@ + + OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 + +commit 405fba71962dec8409c0c962408e09049e5624b5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 19 07:53:45 2023 +0000 + + upstream: Check if we can copy sshd or need to use sudo to do so + + during reexec test. Skip test if neither can work. Patch from anton@, tweaks + from me. + + OpenBSD-Regress-ID: 731b96ae74d02d5744e1f1a8e51d09877ffd9b6d + +commit b2a2a8f69fd7737ea17dc044353c514f2f962f35 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 2 12:10:22 2023 +0000 + + upstream: openssh-9.2 + + OpenBSD-Commit-ID: f7389f32413c74d6e2055f05cf65e7082de03923 + +commit 12da7823336434a403f25c7cc0c2c6aed0737a35 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 2 12:10:05 2023 +0000 + + upstream: fix double-free caused by compat_kex_proposal(); bz3522 + + by dtucker@, ok me + + OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 + +commit 79efd95ab5ff99f4cb3a955e2d713b3f54fb807e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Feb 1 17:17:26 2023 +1100 + + Skip connection-timeout test on minix3. + + Minix 3's Unix domain sockets don't seem to work the way we expect, so + skip connection-timeout test on that platform. While there, group + together all similarly skipped tests and explicitly comment. + +commit 6b508c4e039619842bcf5a16f8a6b08dd6bec44a +Author: Damien Miller <djm@mindrot.org> +Date: Wed Feb 1 12:12:05 2023 +1100 + + fix libfido2 detection without pkg-config + + Place libfido2 before additional libraries (that it may depend upon) + and not after. bz3530 from James Zhang; ok dtucker@ + +commit 358e300fed5e6def233a2c06326e51e20ebed621 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Jan 18 20:56:36 2023 +0000 + + upstream: delete useless dependency + + OpenBSD-Commit-ID: e1dc11143f83082e3154d6094f9136d0dc2637ad + +commit a4cb9be1b021b511e281ee55c356f964487d9e82 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Jan 18 20:43:15 2023 +0000 + + upstream: Create and install sshd random relink kit. + + ../Makefile.inc and Makfile are concatenated for reuse, which hopefully won't + be too fragile, we'll see if we need a different approach. The resulting sshd + binary is tested with the new sshd -V option before installation. As the + binary layout is now semi-unknown (meaning relative, fixed, and gadget + offsets are not precisely known), change the filesystem permissions to 511 to + prevent what I call "logged in BROP". I have ideas for improving this further + but this is a first step ok djm + + OpenBSD-Commit-ID: 1e0a2692b7e20b126dda60bf04999d1d30d959d8 + +commit bc7de6f91a9a0ae2f148a9d31a4027d441a51999 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Jan 18 06:55:32 2023 +0000 + + upstream: tweak previous; ok djm + + OpenBSD-Commit-ID: df71ce4180c58202dfdc1d92626cfe900b91b7c3 + +commit a20b7e999773e6333c8aa9b0a7fa41966e63b037 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 31 19:35:44 2023 +1100 + + Skip connection-timeout test under Valgrind. + + Valgrind slows things down so much that the timeout test fails. Skip + this test until we figure out if we can make it work. + +commit c3ffb54b4fc5e608206037921db6ccbc2f5ab25f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 25 21:58:40 2023 +1100 + + Skip connection-timeout when missing FD passing. + + This tests uses multiplexing which uses file descriptor passing, so + skip it if we don't have that. Fixes test failures on Cygwin. + +commit 35253af01d8c0ab444c8377402121816e71c71f5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 18 02:00:10 2023 +0000 + + upstream: when restoring non-blocking mode to stdio fds, restore + + exactly the flags that ssh started with and don't just clobber them with + zero, as this could also remove the append flag from the set; + + bz3523; ok dtucker@ + + OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 + +commit 7d17ea151c0b2519f023bd9cc7f141128833ac47 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Wed Jan 18 01:50:21 2023 +0000 + + upstream: Add a -V (version) option to sshd like the ssh client + + has. OK markus@ deraadt@ + + OpenBSD-Commit-ID: abe990ec3e636fb040132aab8cbbede98f0c413e + +commit 62360feb7f08f2a4c6fc36f3b3449309203c42c9 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Tue Jan 17 18:52:44 2023 +0000 + + upstream: For "ssh -V" always exit 0, there is no need to check opt + + again. This was missed when the fallthrough in the switch case above it was + removed. OK deraadt@ + + OpenBSD-Commit-ID: 5583e5d8f6d62a8a4215cfa95a69932f344c8120 + +commit 12492c0abf1eb415d08a897cc1d8b9e789888230 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 17 10:15:10 2023 +0000 + + upstream: also check that an active session inhibits + + UnusedConnectionTimeout idea markus@ + + OpenBSD-Regress-ID: 55c0fb61f3bf9e092b0a53f9041d3d2012f14003 + +commit cef2593c33ac46a58238ff998818754eabdf64ff +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 17 10:02:34 2023 +0000 + + upstream: regression test for UnusedConnectionTimeout + + OpenBSD-Regress-ID: 7f29001374a68e71e5e078f69e4520cf4bcca084 + +commit aff9493a89c71d6a080419b49ac64eead9730491 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 16 04:11:29 2023 +0000 + + upstream: unbreak test: cannot access shell positional parameters + + past $9 without wrapping the position in braces (i.e. need ${10}, etc.) + + OpenBSD-Regress-ID: 3750ec98d5d409ce6a93406fedde6f220d2ea2ac + +commit 0293c19807f83141cdf33b443154459f9ee471f6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 17 09:44:48 2023 +0000 + + upstream: Add a sshd_config UnusedConnectionTimeout option to terminate + + client connections that have no open channels for some length of time. This + complements the recently-added ChannelTimeout option that terminates inactive + channels after a timeout. + + ok markus@ + + OpenBSD-Commit-ID: ca983be74c0350364c11f8ba3bd692f6f24f5da9 + +commit 8ec2e3123802d2beeca06c1644b0b647f6d36dab +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jan 15 23:35:10 2023 +0000 + + upstream: adapt to ed25519 changes in src/usr.bin/ssh + + OpenBSD-Regress-ID: 4b3e7ba7ee486ae8a0b4790f8112eded2bb7dcd5 + +commit 9fbbfeca1ce4c7ec0001c827bbf4189a3ba0964b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jan 15 23:05:32 2023 +0000 + + upstream: update OpenSSH's Ed25519 code to the last version of SUPERCOP + + (20221122) and change the import approach to the same one we use for + Streamlined NTRUPrime: use a shell script to extract the bits we need from + SUPERCOP, make some minor adjustments and squish them all into a single file. + + ok tb@ tobhe@ + + OpenBSD-Commit-ID: 1bc0fd624cb6af440905b8ba74ac7c03311b8e3b + +commit 6283f4bd83eee714d0f5fc55802eff836b06fea8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 14 22:02:44 2023 +1100 + + Allow writev is seccomp sandbox. + + This seems to be used by recent glibcs at least in some configurations. + From bz#3512, ok djm@ + +commit 923c3f437f439cfca238fba37e97a7041782f615 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 14 10:05:54 2023 +0000 + + upstream: Shell syntax fix. From ren mingshuai vi github PR#369. + + OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 + +commit 4d87a00f704e0365e11c3c38b170c1275ec461fc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 14 09:57:08 2023 +0000 + + upstream: Instead of skipping the all-tokens test if we don't have + + OpenSSL (since we use it to compute the hash), put the hash at the end and + just omit it if we don't have it. Prompted by bz#3521. + + OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea + +commit b05406d6f93b8c8ec11ec8b27e7c76cc7a5a55fb +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jan 13 07:13:40 2023 +0000 + + upstream: fix double phrase in previous; + + OpenBSD-Commit-ID: 671e6c8dc5e9230518b2bbfa143daaa88adc66c2 + +commit 40564812b659c530eb1f4b62d09e85612aef3107 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 13 03:16:29 2023 +0000 + + upstream: Document "UserKnownHostsFile none". ok djm@ + + OpenBSD-Commit-ID: f695742d39e34ecdcc3c861c3739a84648a4bce5 + +commit d03e245e034019a37388f6f5f893ce848ab6d2e2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 13 23:02:34 2023 +1100 + + Retry package installation 3 times. + + When setting up the CI environment, retry package installation 3 times + before going up. Should help prevent spurious failures during + infrastructure issues. + +commit 625f6bc39840167dafb3bf5b6a3e18503ac986e8 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 13 04:47:34 2023 +0000 + + upstream: Move scp path setting to a helper function. The previous + + commit to add scp to the test sshd's path causes the t-envpass test to fail + when the test scp is given using a fully qualified path. Put this in a + helper function and only call it from the scp tests. + + OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 + +commit 6e6f88647042b3cde54a628545c2f5fb656a9327 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 13 04:23:00 2023 +0000 + + upstream: Add scp's path to test sshd's PATH. + + If the scp we're testing is fully qualified (eg it's not in the system + PATH) then add its path to the under-test sshd's PATH so we can find + it. Prompted by bz#3518. + + OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 + +commit 8a5e99a70fcf9b022a8aa175ebf6a71f58511da3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 13 15:49:48 2023 +1100 + + Remove skipping test when scp not in path. + + An upcoming change renders this obsolete by adding scp's path to the + test sshd's PATH, and removing this first will make the subsequent sync + easier. + +commit 41f36dd896c8fb8337d403fcf476762986976e9d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 13 02:58:20 2023 +0000 + + upstream: Add a "Host" line to the output of ssh -G showing the + + original host arg. Inspired by patch from vincent at bernat.ch via bz#3343, + ok djm@ + + OpenBSD-Commit-ID: 59c0f60a222113a44d0650cd394376e3beecc883 + +commit f673b49f3be3eb51074fbb8a405beb6cd0f7d93e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 13 02:44:02 2023 +0000 + + upstream: avoid printf("%s", NULL) if using ssh + + -oUserKnownHostsFile=none and a hostkey in one of the system known hosts file + changes; ok dtucker@ + + OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 + +commit 93fc7c576563e3d88a1dc019dd213f65607784cc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 11 05:39:38 2023 +0000 + + upstream: clamp the minimum buffer lengths and number of inflight + + requests too + + OpenBSD-Commit-ID: c4965f62fa0ba850940fd66ae3f60cf516bbcd56 + +commit 48bf234322e639d279c5a28435eae50155e9b514 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 11 05:36:50 2023 +0000 + + upstream: ignore bogus upload/download buffer lengths in the limits + + extension + + OpenBSD-Commit-ID: c5b023e0954693ba9a5376e4280c739b5db575f8 + +commit 36b00d31833ca74cb0f7c7d8eda1bde55700f929 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 11 02:13:52 2023 +0000 + + upstream: remove whitespace at EOL from code extracted from SUPERCOP + + OpenBSD-Commit-ID: 1ec524ff2fbb9387d731601437c82008f35a60f4 + +commit d888de06c5e4d7dbf2f2b85f2b5bf028c570cf78 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 11 00:51:27 2023 +0000 + + upstream: rewrite this test to use a multiplexed ssh session so we can + + control its lifecycle without risk of race conditions; fixes some of the + Github integration tests for openssh-portable + + OpenBSD-Regress-ID: 5451cad59ba0d43ae9eeda48ec80f54405fee969 + +commit 4bcc737a35fdd9cc4af7423d6c23dfd0c7ef4786 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jan 11 11:45:17 2023 +1100 + + remove buffer len workaround for NetBSD 4.x + + Switching to from pipes to a socketpair for communicating with the + ssh process avoids the (kernel bug?) problem. + +commit f5154d2aac3e6a32a1b13dec23a701a087850cdc +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jan 11 11:44:19 2023 +1100 + + add back use of pipes in scp.c under USE_PIPES + + This matches sftp.c which prefers socketpair but uses pipes on + some older platforms. + +commit eec737b59cf13841de46134967a206607000acd4 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Tue Jan 10 23:22:15 2023 +0000 + + upstream: Switch scp from using pipes to a socketpair for + + communication with it's ssh sub-processes. We no longer need to reserve two + descriptors to ensure that we don't end up using fd 0-2 unexpectedly, that is + handled by sanitise_stdfd() in main(). Based on an original diff from djm@. + OK deraadt@ djm@ + + OpenBSD-Commit-ID: b80c372faac462471e955ddeab9480d668a2e48d + +commit d213d126a4a343abd3a1eb13687d39c1891fe5c8 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jan 6 08:44:11 2023 +0000 + + upstream: tweak previous; ok djm + + OpenBSD-Commit-ID: 229c493452766d70a78b0f02f6ff9894f9028858 + +commit 4a5590a5ee47b7dfd49773e9fdba48ad3089fe64 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jan 9 16:33:56 2023 +1100 + + try to improve logging for dynamic-forward test + + previously the logs from the ssh used to exercise the forwarding + channel would clobber the logs from the ssh actually doing the + forwarding + +commit 715bc25dcfccf9fb2bee820155fe071d01a618db +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 7 23:24:50 2023 +1100 + + Skip dynamic-forward test on minix3. + + This test relies on loopback addresses which minix does not have. + Previously the test would not run at all since it also doesn't have + netcat, but now we use our own netcat it tries and fails. + +commit dd1249bd5c45128a908395c61b26996a70f82205 +Author: Damien Miller <djm@mindrot.org> +Date: Sun Jan 8 12:08:59 2023 +1100 + + don't test IPv6 addresses if platform lacks support + +commit d77fc611a62f2dfee0b654c31a50a814b13310dd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 12:33:33 2023 +0000 + + upstream: When OpenSSL is not available, skip parts of percent test + + that require it. Based on github pr#368 from ren mingshuai. + + OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 + +commit 1cd2aac312af9172f1b5cb06c2e1cd090abb83cf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 7 23:01:11 2023 +1100 + + Use our own netcat for dynamic-forward test. + + That way we can be surer about its behaviour rather than trying to + second-guess the behaviour of various netcat implementations. + +commit 26cab41c05d7b0859d2a1ea5b6ed253d91848a80 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 7 14:30:43 2023 +1100 + + Use autoconf to find openssl binary. + + It's possible to install an OpenSSL in a path not in the system's + default library search path. OpenSSH can still use this (eg if you + specify an rpath) but the openssl binary there may not work. If one is + available on the system path just use that. + +commit 5532e010a0eeb6aa264396514f9aed7948471538 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jan 7 10:34:18 2023 +1100 + + Check openssl_bin path is executable before using. + +commit 5d7b16cff48598d5908db970bfdc9ff9326142c8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 6 23:19:07 2023 +1100 + + Set OPENSSL_BIN from OpenSSL directory. + +commit 344a0e8240eaf08da5d46a5e3a9ecad6e4f64c35 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 6 08:50:33 2023 +0000 + + upstream: Save debug logs from ssh for debugging purposes. + + OpenBSD-Regress-ID: 109e40b06de1c006a3b8e0d8745b790b2c5870a0 + +commit e1ef172646f7f49c80807eea90225ef5e0be55a8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 08:07:39 2023 +0000 + + upstream: regression test for ChannelTimeout + + OpenBSD-Regress-ID: 280bfbefcfa415428ad744e43f69a8dede8ad685 + +commit 2393ea8daf25853459eb07a528d7577688847777 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 07:18:18 2023 +0000 + + upstream: fix typo in verbose logging + + OpenBSD-Regress-ID: 0497cdb66e003b2f50ed77291a9104fba2e017e9 + +commit 161a5378a3cc2e7aa3f9674cb7f4686ae6ce9586 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:59:50 2023 +0000 + + upstream: unit tests for misc.c:ptimeout_* API + + OpenBSD-Regress-ID: 01f8fb12d08e5aaadd4bd4e71f456b6588be9a94 + +commit 018d671d78145f03d6f07ae9d64d51321da70325 +Author: tb@openbsd.org <tb@openbsd.org> +Date: Wed Jan 4 22:48:57 2023 +0000 + + upstream: Copy bytes from the_banana[] rather than banana() + + Fixes test failure due to segfault seen on arm64 with xonly snap. + + ok djm + + OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 + +commit ab6bb69e251faa8b24f81b25c72ec0120f20cad4 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jan 6 19:13:36 2023 +1100 + + unbreak scp on NetBSD 4.x + + e555d5cad5 effectively increased the default copy buffer size for SFTP + transfers. This caused NetBSD 4.x to hang during the "copy local file to + remote file in place" scp.sh regression test. + + This puts back the original 32KB copy buffer size until we can properly + figure out why. + + lots of debugging assistance from dtucker@ + +commit 2d1ff2b9431393ad99ef496d5e3b9dd0d4f5ac8c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:47:18 2023 +0000 + + upstream: Implement channel inactivity timeouts + + This adds a sshd_config ChannelTimeouts directive that allows channels that + have not seen traffic in a configurable interval to be automatically closed. + Different timeouts may be applied to session, X11, agent and TCP forwarding + channels. + + Note: this only affects channels over an opened SSH connection and not + the connection itself. Most clients close the connection when their channels + go away, with a notable exception being ssh(1) in multiplexing mode. + + ok markus dtucker + + OpenBSD-Commit-ID: ae8bba3ed9d9f95ff2e2dc8dcadfa36b48e6c0b8 + +commit 0e34348d0bc0b1522f75d6212a53d6d1d1367980 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:42:34 2023 +0000 + + upstream: Add channel_set_xtype() + + This sets an "extended" channel type after channel creation (e.g. + "session:subsystem:sftp") that will be used for setting channel inactivity + timeouts. + + ok markus dtucker + + OpenBSD-Commit-ID: 42564aa92345045b4a74300528f960416a15d4ca + +commit ceedf09b2977f3a756c759a6e7eb8f8e9db86a18 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:41:49 2023 +0000 + + upstream: tweak channel ctype names + + These are now used by sshd_config:ChannelTimeouts to specify timeouts by + channel type, so force them all to use a similar format without whitespace. + + ok dtucker markus + + OpenBSD-Commit-ID: 66834765bb4ae14f96d2bb981ac98a7dae361b65 + +commit c60438158ad4b2f83d8504257aba1be7d0b0bb4b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:39:59 2023 +0000 + + upstream: Add channel_force_close() + + This will forcibly close an open channel by simulating read/write errors, + draining the IO buffers and calling the detach function. + + Previously the detach function was only ever called during channel garbage + collection, but there was no way to signal the user of a channel (e.g. + session.c) that its channel was being closed deliberately (vs. by the + usual state-machine logic). So this adds an extra "force" argument to the + channel cleanup callback to indicate this condition. + + ok markus dtucker + + OpenBSD-Commit-ID: 23052707a42bdc62fda2508636e624afd466324b + +commit d478cdc7ad6edd4b1bcd1e86fb2f23194ff33d5a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:38:23 2023 +0000 + + upstream: replace manual poll/ppoll timeout math with ptimeout API + + feedback markus / ok markus dtucker + + OpenBSD-Commit-ID: c5ec4f2d52684cdb788cd9cbc1bcf89464014be2 + +commit 4adf3817a24efe99b06e62630577d683c7cd8065 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 6 02:37:04 2023 +0000 + + upstream: add ptimeout API for keeping track of poll/ppoll + + timeouts; ok dtucker markus + + OpenBSD-Commit-ID: 3335268ca135b3ec15a947547d7cfbb8ff929ead + +commit 8c7c69d32375d2f3ce9da0109c9bffc560842316 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 5 05:49:13 2023 +0000 + + upstream: suppress "Connection closed" message when in quiet mode + + OpenBSD-Commit-ID: 8a3ab7176764da55f60bfacfeae9b82d84e3908f + +commit 845ceecea2ac311b0c267f9ecbd34862e1876fc6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 2 07:03:57 2023 +0000 + + upstream: regression test for PermitRemoteOpen + + OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c + +commit b3daa8dc582348d6ab8150bc1e571b7aa08c5388 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 2 07:03:30 2023 +0000 + + upstream: fix bug in PermitRemoteOpen which caused it to ignore its + + first argument unless it was one of the special keywords "any" or "none". + + Reported by Georges Chaudy in bz3515; ok dtucker@ + + OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 + +commit 0872663a7be0301bcc3d49acdbc9b740a3d972d4 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Dec 26 19:16:03 2022 +0000 + + upstream: spelling fixes; from paul tagliamonte amendments to his + + diff are noted on tech + + OpenBSD-Commit-ID: d776dd03d0b882ca9c83b84f6b384f6f9bd7de4a + +commit 797da2812a71785b34890bb6eb44767a7d09cd34 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 16 07:13:22 2022 +0000 + + upstream: Mention that scp uses the SFTP protocol and remove + + reference to legacy flag. Spotted by, feedback and ok jmc@ + + OpenBSD-Commit-ID: 9dfe04966f52e941966b46c7a2972147f95281b3 + +commit 93f2ce8c050a7a2a628646c00b40b9b53fef93ef +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 16 06:56:47 2022 +0000 + + upstream: Clear signal mask early in main(); sshd may have been + + started with one or more signals masked (sigprocmask(2) is not cleared + on fork/exec) and this could interfere with various things, e.g. the + login grace timer. + + Execution environments that fail to clear the signal mask before running + sshd are clearly broken, but apparently they do exist. + + Reported by Sreedhar Balasubramanian; ok dtucker@ + + OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae + +commit 4acfaabfae41badb9d334a2ee88c5c6ad041c0d5 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Dec 16 06:52:48 2022 +0000 + + upstream: add -X to usage(); + + OpenBSD-Commit-ID: 1bdc3df7de11d766587b0428318336dbffe4a9d0 + +commit e555d5cad5afae7d5ef2bbc02ca591178fe16fed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 16 03:40:03 2022 +0000 + + upstream: add a -X option to both scp(1) and sftp(1) to allow + + control over some SFTP protocol knobs: the copy buffer length and + the number of inflight requests, both of which are used during + upload/download. + + Previously these could be controlled in sftp(1) using the -b/-R options. + This makes them available in both SFTP protocol clients using the same + option character sequence. + + ok dtucker@ + + OpenBSD-Commit-ID: 27502bffc589776f5da1f31df8cb51abe9a15f1c + +commit 5a7a7acab2f466dc1d7467b5d05d35268c3137aa +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Thu Dec 15 18:20:39 2022 +0000 + + upstream: The idiomatic way of coping with signed char vs unsigned + + char (which did not come from stdio read functions) in the presence of + ctype macros, is to always cast to (unsigned char). casting to (int) + for a "macro" which is documented to take int, is weird. And sadly wrong, + because of the sing extension risk.. same diff from florian + + OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea + +commit b0b58222c7cc62efd8212c4fb65a545f58ebb22d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Dec 19 18:49:51 2022 +1100 + + Simply handling of SSH_CONNECTION PAM env var. + + Prompted by bz#3508: there's no need to cache the value of + sshpam_conninfo so remove the global. While there, add check of + return value from pam_putenv. ok djm@ + +commit ed8444572ae684fdb892f97bae342c6cb6456f04 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Dec 19 18:42:34 2022 +1100 + + Add tests for LibreSSL 3.7.0 and OpenSSL 1.1.1s. + +commit abb9a8aaddfcacbd12641f6e4f203da0fa85a287 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Dec 18 21:36:25 2022 +1100 + + Use sudo when resetting perms on directories. + +commit 2f5664c5908d84697cbe91302d5d5c4d83cb2121 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Dec 18 21:19:33 2022 +1100 + + Set group perms on regress dir. + + This ensures that the tests don't fail due to StrictMode checks. + +commit 137196300fc1540affadde880210f02ba6cb4abf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Dec 18 21:13:42 2022 +1100 + + Fetch regress logs from obj dir. + +commit 5f93c4836527d9fda05de8944a1c7b4a205080c7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 13 20:59:54 2022 +1100 + + obsdsnap test VMs runs-on libvirt too. + +commit 8386886fb1ab7fda73069fb0db1dbe0e5a52f758 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 13 20:55:37 2022 +1100 + + Run upstream obsdsnap tests on ephemeral runners. + +commit b6e01459b55ece85d7f296b2bc719d1841e1009e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 13 20:48:56 2022 +1100 + + Move obsdsnap test VMs to ephemeral runners. + +commit ea6fdf9a1aa71a411f7db218a986392c4fb55693 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Dec 9 18:00:21 2022 +1100 + + use calloc for allocating arc4random structs + + ok dtucker + +commit 4403b62f5548e91389cb3339d26a9d0c4bb07b34 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Dec 9 00:22:29 2022 +0000 + + upstream: Warn if no host keys for hostbased auth can be loaded. + + OpenBSD-Commit-ID: 2a0a13132000cf8d3593133c1b49768aa3c95977 + +commit a6183e25e3f1842e21999fe88bc40bb99b121dc3 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Dec 9 00:17:40 2022 +0000 + + upstream: Add server debugging for hostbased auth. + + auth_debug_add queues messages about the auth process which is sent to + the client after successful authentication. This also sends those to + the server debug log to aid in debugging. From bz#3507, ok djm@ + + OpenBSD-Commit-ID: 46ff67518cccf9caf47e06393e2a121ee5aa258a + +commit b85c3581c16aaf6e83b9a797c80705a56b1f312e +Author: cheloha@openbsd.org <cheloha@openbsd.org> +Date: Sun Dec 4 23:50:49 2022 +0000 + + upstream: remove '?' from getopt(3) loops + + userspace: remove vestigial '?' cases from top-level getopt(3) loops + + getopt(3) returns '?' when it encounters a flag not present in the in + the optstring or if a flag is missing its option argument. We can + handle this case with the "default" failure case with no loss of + legibility. Hence, remove all the redundant "case '?':" lines. + + Prompted by dlg@. With help from dlg@ and millert@. + + Link: https://marc.info/?l=openbsd-tech&m=167011979726449&w=2 + + ok naddy@ millert@ dlg@ + + OpenBSD-Commit-ID: b2f89346538ce4f5b33ab8011a23e0626a67e66e + +commit 9a067e8d28a2249fd73f004961e30c113ee85e5d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Dec 7 11:45:43 2022 +0000 + + upstream: Fix comment typo. + + OpenBSD-Regress-ID: 3b04faced6511bb5e74648c6a4ef4bf2c4decf03 + +commit ce3c3e78ce45d68a82c7c8dc89895f297a67f225 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Dec 7 18:58:25 2022 +1100 + + Add SANDBOX_DEBUG to the kitchensink test build. + +commit bc234605fa3eb10f56bf0d74c8ecb0d91ada9d05 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Dec 7 18:38:25 2022 +1100 + + disable SANDBOX_SECCOMP_FILTER_DEBUG + + It was mistakenly enabled in 2580916e4872 + + Reported by Peter sec-openssh-com.22.fichtner AT 0sg.net + +commit b087c5cfa011b27992e01589314fec830266f99d +Author: Rose <83477269+AtariDreams@users.noreply.github.com> +Date: Tue Nov 29 15:12:54 2022 -0500 + + Update autotools + + Regenerate config files using latest autotools + +commit d63f5494978a185c7421d492b9c2f6f05bb54138 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Dec 6 12:22:36 2022 +1100 + + Fix typo in comment. Spotted by tim@ + +commit 73dcca12115aa12ed0d123b914d473c384e52651 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Dec 4 11:03:11 2022 +0000 + + upstream: Remove duplicate includes. + + Patch from AtariDreams via github PR#364. + + OpenBSD-Commit-ID: b9186638a05cb8b56ef7c0de521922b6723644ea + +commit 3cec15543010bc8d6997d896b1717a650afb7e92 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Dec 2 04:40:27 2022 +0000 + + upstream: make struct sshbuf private + + and remove an unused field; ok dtucker + + OpenBSD-Commit-ID: c7a3d77c0b8c153d463398606a8d57569186a0c3 + +commit 5796bf8ca9535f9fa7d01829a540d2550e05c860 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Dec 2 11:43:36 2022 +1100 + + Restore ssh-agent permissions on exit. + + ...enough that subsequent builds can overwrite ssh-agent if necessary. + +commit ccf5a13868cbb4659107458cac1e017c98abcbda +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Dec 1 02:22:13 2022 +0000 + + upstream: Clean up ssh-add and ssh-agent logs. + + OpenBSD-Regress-ID: 9eda8e4c3714d7f943ab2e73ed58a233bd29cd2c + +commit 7a8b40cf6a5eda80173140cc6750a6db8412fa87 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Dec 1 02:19:29 2022 +0000 + + upstream: Log output of ssh-agent and ssh-add + + This should make debugging easier. + + OpenBSD-Regress-ID: 5974b02651f428d7e1079b41304c498ca7e306c8 + +commit 4a1805d532616233dd6072e5cd273b96dd3062e6 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Nov 29 22:41:14 2022 +0000 + + upstream: Add void to client_repledge args to fix compiler warning. ok djm@ + + OpenBSD-Commit-ID: 7e964a641ce4a0a0a11f047953b29929d7a4b866 + +commit 815c4704930aa449edf6e812e99d69e9ffd31f01 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 28 01:38:22 2022 +0000 + + upstream: tighten pledge(2) after session establishment + + feedback, ok & testing in snaps deraadt@ + + OpenBSD-Commit-ID: aecf4d49d28586dfbcc74328d9333398fef9eb58 + +commit f7cebbbf407d772ed71403d314343766782fe540 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 28 01:37:36 2022 +0000 + + upstream: New EnableEscapeCommandline ssh_config(5) option + + This option (default "no") controls whether the ~C escape is available. + Turning it off by default means we will soon be able to use a stricter + default pledge(2) in the client. + + feedback deraadt@ dtucker@; tested in snaps for a while + + OpenBSD-Commit-ID: 7e277595d60acb8263118dcb66554472257b387a + +commit d323f7ecf52e3d4ec1f4939bf31693e02f891dca +Author: mbuhl@openbsd.org <mbuhl@openbsd.org> +Date: Fri Nov 18 19:47:40 2022 +0000 + + upstream: In channel_request_remote_forwarding the parameters for + + permission_set_add are leaked as they are also duplicated in the call. Found + by CodeChecker. ok djm + + OpenBSD-Commit-ID: 4aef50fa9be7c0b138188814c8fe3dccc196f61e + +commit 62cc33e6eed847aafdc29e34aa69e9bd82a0ee16 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 30 11:23:11 2022 +1100 + + Use -fzero-call-used-regs=used on clang 15. + + clang 15 seems to have a problem with -fzero-call-used-reg=all which + causes spurious "incorrect signature" failures with ED25519. On those + versions, use -fzero-call-used-regs=used instead. (We may add exceptions + later if specific versions prove to be OK). Also move the GCC version + check to match. + + Initial investigation by Daniel Pouzzner (douzzer at mega nu), workaround + suggested by Bill Wendling (morbo at google com). bz#3475, ok djm@ + +commit f84b9cffd52c9c5c359a54a1929f9948e803ab1d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 28 21:09:28 2022 +1100 + + Skip unit tests on slow riscv64 hardware. + +commit 9f2747e0bed3faca92679eae69aef10c95dc82f5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 15:26:22 2022 +1100 + + Rework how selfhosted tests interact with runners. + + Previously there was one runner per test target (mostly VMs). This had + a few limitations: + - multiple tests that ran on the same target (eg multiple build + configs) were serialized on availability or that runner. + - it needed manual balancing of VMs over host machines. + + To address this, make VMs that use ephemeral disks (ie most of them) + all use a pool of runners with the "libvirt" label. This requires that + we distinguish between "host" and "target" for those. Native runners + and VMs with persistent disks (eg the constantly-updated snapshot ones) + specify the same host and target. + + This should improve test throughput. + +commit d664ddaec87bdc7385be8ef7f1337793e1679d48 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 12:19:37 2022 +1100 + + Run vmstartup from temp dir. + + This will allow us to create ephemeral disk images per-runner. + +commit 0fa16e952b1fc1c4cf65e3dd138b0e87003e2e45 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 12:14:00 2022 +1100 + + Make "config" in matrix singular and pass in env. + + This will allow the startup scripts to adapt their behaviour based on + the type and config. + +commit e8857043af54809187be1e8b06749db61112899f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 11:42:22 2022 +1100 + + Add "libvirt" label to dfly30. + +commit 9775473d84902dc37753686cd10ae71fbe67efda +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 09:28:20 2022 +1100 + + Rename "os" in matrix to "target". + + This is in preparation to distinguish this from the host that the runner + runs on in case where they are separate (eg VMs). + +commit 04fd00ceff39f4544ced6f5342060abe584835d0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 09:23:04 2022 +1100 + + Remove unused self-hosted test targets. + +commit c9d9fcad2a11c1cd1550a541f44091d65f0b5584 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 27 09:16:15 2022 +1100 + + Remove explicit "default" test config argument. + + Not specifying the test config implicitly selects default args. + +commit 15a01cf15f396f87c6d221c5a6af98331c818962 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 23 13:18:54 2022 +1100 + + Add fallback for old platforms w/out MAP_ANON. + +commit 6b9bbbfe8b26db6e9a30a7e08c223e85421aed98 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 23 13:09:11 2022 +1100 + + If we haven't found it yet, recheck for sys/stat.h. + + On some very old platforms, sys/stat.h needs sys/types.h, however + autoconf 2.71's AC_CHECK_INCLUDES_DEFAULT checks for them in the + opposite order, which in combination with modern autoconf's + "present but cannot be compiled" behaviour causes it to not be + detected. + +commit 8926956f22639132a9f2433fcd25224e01b900f5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 11 11:25:37 2022 +1100 + + Add dfly62 test target. + +commit 650de7ecd3567b5a5dbf16dd1eb598bd8c20bca8 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Nov 10 23:03:10 2022 +0000 + + upstream: Handle dynamic remote port forwarding in escape commandline's + + -R processing. bz#3499, ok djm@ + + OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 + +commit 5372db7e7985ba2c00f20fdff8942145ca99e033 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 10 12:44:51 2022 +1100 + + Remove seed passing over reexec. + + This was added for the benefit of platforms using ssh-rand-helper to + prevent a delay on each connection as sshd reseeded itself. + + ssh-random-helper is long gone, and since the re-exec happens before the + chroot the re-execed sshd can reseed itself normally. ok djm@ + +commit ca98d3f8c64cfc51af81e1b01c36a919d5947ec2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 9 20:59:20 2022 +1100 + + Skip reexec test on OpenSSL 1.1.1 specifically. + + OpenSSL 1.1.1 has a bug in its RNG that breaks reexec fallback, so skip + that test. See bz#3483 for details. + +commit 5ec4ebc2548e5f7f1b55b2a5cef5b67bdca8146f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Nov 9 09:04:12 2022 +0000 + + upstream: Fix typo in fatal error message. + + Patch from vapier at chromium.org. + + OpenBSD-Commit-ID: 8a0c164a6a25eef0eedfc30df95bfa27644e35cf + +commit e6abafe9a6d809422d3432b95b3f9747b0acaa71 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Nov 9 09:01:52 2022 +0000 + + upstream: Remove errant colon and simplify format + + string in error messages. Patch from vapier at chromium.org. + + OpenBSD-Commit-ID: fc28466ebc7b74e0072331947a89bdd239c160d3 + +commit db2027a687516f87c3fb141e87154bb3d8a7807c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 9 01:37:44 2022 +0000 + + upstream: rename client_global_hostkeys_private_confirm() to + + client_global_hostkeys_prove_confirm(), as it handles the + "hostkeys-prove00@openssh.com" message; no functional change + + OpenBSD-Commit-ID: 31e09bd3cca6eed26855b88fb8beed18e9bd026d + +commit 1c2be7c2004cf1abcd172fee9fe3eab57cd4c426 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Nov 9 00:15:59 2022 +0000 + + upstream: typo in comment + + OpenBSD-Commit-ID: 39c58f41e0f32d1ff31731fa6f5bbbc3ad25084a + +commit cf1a9852d7fc93e4abc4168aed09529a57427cdc +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 9 09:23:47 2022 +1100 + + Defer seed_rng until after closefrom call. + + seed_rng will initialize OpenSSL, and some engine providers (eg Intel's + QAT) will open descriptors for their own use. bz#3483, patch from + joel.d.schuetze at intel.com, ok djm@ + +commit dffa64480163fbf76af7e4fb62c26bb0dd6642aa +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 9 08:27:47 2022 +1100 + + Fix comment text. From emaste at freebsd.org. + +commit d9df5689c29823ab830ec4f54c83c6cc3c0077ad +Author: Pierre Ossman <ossman@cendio.se> +Date: Wed Jul 6 13:52:10 2022 +0200 + + Avoid assuming layout of fd_set + + POSIX doesn't specify the internal layout of the fd_set object, so let's + not assume it is just a bit mask. This increases compatibility with + systems that have a different layout. + + The assumption is also worthless as we already refuse to use file + descriptors over FD_SETSIZE anyway. Meaning that the default size of + fd_set is quite sufficient. + +commit 419aa8a312e8d8f491933ca3d5933e602cb05aae +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 8 12:42:52 2022 +1100 + + Shutdown any VM before trying to check out repo. + + In the case where the previous run did not clean up, the checkout will + fail as it'll leave a stale mount. + +commit a32c07cbb78f65d8527642b96474a83b413f8108 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 8 11:33:25 2022 +1100 + + Run vm startup and shutdown from runner temp dir. + + Should work even if the github workspace dir is on a stale sshfs mount. + +commit 2b40a7dfcdb8e616155b9504145aa52b271455aa +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 8 11:03:31 2022 +1100 + + Add valrind-5 test here too. + +commit 2ea03d1f6d0a05ee2b63ed2dc0f2d54f1e4655a1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 8 09:21:10 2022 +1100 + + Update checkout and upload actions. + + Update actions/checkout and actions/upload-artifact to main branch for + compatibility with node.js v16. + +commit 4e316ff0f18a118232bb9ac6512ee62773a9e8ea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 8 09:17:04 2022 +1100 + + Split out rekey test since it runs the longest. + +commit 21625a6424258a92a96a3bb73ae6aabc5ed8a6b4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Nov 7 10:09:28 2022 +0000 + + upstream: The IdentityFile option in ssh_config can also be used to + + specify a public key file, as documented in ssh.1 for the -i option. Document + this also for IdentityFile in ssh_config.5, for documentation completeness. + From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@ + + OpenBSD-Commit-ID: 2f943be9f96e60ef81a9a4faa25b009999f9883b + +commit 747691604d3325ed2b62bad85b6fd8563ad32f6c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Nov 7 10:05:38 2022 +0000 + + upstream: Remove some set but otherwise unused variables, spotted + + in -portable by clang 16's -Wunused-but-set-variable. ok djm@ + + OpenBSD-Commit-ID: 3d943ddf2369b38fbf89f5f19728e7dc1daf3982 + +commit 1d78d25653805aefc7a8dd9d86cd7359ada3823c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Nov 7 10:02:59 2022 +0000 + + upstream: Check for and disallow MaxStartups values less than or + + equal to zero during config parsing, rather than faling later at runtime. + bz#3489, ok djm@ + + OpenBSD-Commit-ID: d79c2b7a8601eb9be493629a91245d761154308b + +commit a00f59a645072e5f5a8d207af15916a7b23e2642 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Nov 7 04:04:40 2022 +0000 + + upstream: fix parsing of hex cert expiry time; was checking whether the + + start time began with "0x", not the expiry time. + + from Ed Maste + + OpenBSD-Commit-ID: 6269242c3e1a130b47c92cfca4d661df15f05739 + +commit f58acaf8c7315483f4ac87d46a1aa2142a713cd8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 15:10:59 2022 +1100 + + Fix merge conflict. + +commit 162e5741020a8d996c0c12b988b118e71ed728e6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 15:04:33 2022 +1100 + + Branch-specific links for master status badges. + +commit e4b7c12ab24579312aa3ed38ce7041a439ec2d56 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 14:46:38 2022 +1100 + + Add CIFuzz status badge. + +commit b496b9f831acd1e5bcd875e26e797488beef494a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 14:45:16 2022 +1100 + + Do not run CIFuzz on selfhosted tree. + + We already run it on the regular tree, no need to double up. + +commit 2138b1c4ddb300129a41a5104627b0d561184c7b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 14:41:58 2022 +1100 + + Whitespace change to trigger CIFuzz workflow. + +commit 4670b97ef87c7b0f21283c9b07c7191be88dda05 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 14:34:04 2022 +1100 + + Run cifuzz workflow on the actions as regular CI. + +commit 79391e66ce851ace1baf3c6a35e83a23f08ec2ba +Author: David Korczynski <david@adalogics.com> +Date: Tue Nov 30 11:45:20 2021 +0000 + + Add CIFuzz integration + +commit c1893364a0be243270014d7d34362a8101d55112 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Nov 7 02:21:22 2022 +0000 + + upstream: Import regenerated moduli. + + OpenBSD-Commit-ID: b0e54ee4d703bd6929bbc624068666a7a42ecb1f + +commit 5c3f18fb994ef27e685b205ee2351851b80fdbd1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Nov 7 01:53:01 2022 +0000 + + upstream: Fix typo. From pablomh via -portable github PR#344. + + OpenBSD-Commit-ID: d056ee2e73691dc3ecdb44a6de68e6b88cd93827 + +commit e1c6fcc142066417c9832e634463faa3dd5d116c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 12:46:58 2022 +1100 + + Link to branch-specific queries for V_9_1 status. + +commit 4f4a5fad6d8892c3f8ee9cd81ec7de6458210c9f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 6 10:55:59 2022 +1100 + + Use "prohibit-password" in -portable comments. + + "without-password" is the deprecated alias for "prohibit-password", + so we should reference the latter. From emaste at freebsd.org. + +commit 0f7e1eba55259ec037f515000b4c4afbf446230a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Nov 6 10:50:01 2022 +1100 + + Fix tracing disable on FreeBSD. + + Some versions of FreeBSD do not support using id 0 to refer to the + current pid for procctl, so pass getpid() explicitly. From + emaste at freebsd.org. + +commit 32fddb982fd61b11a2f218a115975a87ab126d43 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Nov 7 10:39:01 2022 +1100 + + Fix setres*id checks to work with clang-16. + + glibc has the prototypes for setresuid and setresgid behind _GNU_SOURCE, + and clang 16 will error out on implicit function definitions, so add + _GNU_SOURCE and the required headers to the configure checks. From + sam at @gentoo.org via bz#3497. + +commit 12af712d116f42164bcfa56db901d06e4fa27199 +Author: Sam James <sam@gentoo.org> +Date: Sun Nov 6 04:52:38 2022 +0000 + + configure.ac: Fix -Wstrict-prototypes + + Clang 16 now warns on this and it'll be removed in C23, so let's + just be future proof. It also reduces noise when doing general + Clang 16 porting work (which is a big job as it is). github PR#355. + + Signed-off-by: Sam James <sam@gentoo.org> + +commit 40b0a5eb6e3edfa2886b60c09c7803353b0cc7f5 +Author: Sam James <sam@gentoo.org> +Date: Sun Nov 6 04:47:35 2022 +0000 + + configure.ac: Add <pty.h> include for openpty + + Another Clang 16ish fix (which makes -Wimplicit-function-declaration + an error by default). github PR#355. + + See: 2efd71da49b9cfeab7987058cf5919e473ff466b + See: be197635329feb839865fdc738e34e24afd1fca8 + +commit 6b17e128879ec6cc32ca2c28b5d894b4aa72e32d +Author: Rochdi Nassah <rochdinassah.1998@gmail.com> +Date: Fri Oct 28 01:26:31 2022 +0100 + + Fix broken zlib link. + +commit 99500df246ccb736ddbdd04160dcc82165d81a77 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Nov 4 16:59:26 2022 +1100 + + Don't run openbsd-compat tests on Cygwin. + + Add "compat-tests" to the default TEST_TARGET so we can override as + necessary. Override TEST_TARGET for Cygwin as the tests don't currently + compile there. + +commit 3cae9f92a31897409666aa1e6f696f779759332b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Nov 3 21:59:20 2022 +0000 + + upstream: replace recently-added valid_domain() check for hostnames + + going to known_hosts with a more relaxed check for bad characters; previous + commit broke address literals. Reported by/feedback from florian@ + + OpenBSD-Commit-ID: 10b86dc6a4b206adaa0c11b58b6d5933898d43e0 + +commit 9655217231c9056200bea7ae2dffcc9c0c3eb265 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 23:07:50 2022 +1100 + + Rerun tests on changes to Makefile.in in any dir. + +commit 3500f0405a3ab16b59a26f3508c4257a3fc3bce6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 23:04:08 2022 +1100 + + Link libssh into compat tests. + + The cygwin compat code uses xmalloc, so add libssh.a so pick up that. + +commit ec59effcf65b8a4c85d47ff5a271123259dd0ab8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 21:44:23 2022 +1100 + + Fix compat regress to work with non-GNU make. + +commit 73550a218e7dfbbd599534cbf856309bc924f6fd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 13:41:16 2022 +1100 + + Increase selfhosted job timeout. + + The default job timeout of 360 (6h) is not enough to complete the + regress tests for some of the slow VMs depending on the load on the host. + Increase to 600 (10h). + +commit db97d8d0b90c6ce52b94b153d6f8f5f7d3b11777 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 10:00:43 2022 +1100 + + Only run opensslver tests if built with OpenSSL. + +commit ba053709638dff2f6603df0c1f340352261d63ea +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 2 14:16:04 2022 +1100 + + Add tests for OpenSSL 3.0.7 and LibreSSL 3.6.1. + +commit edd24101c7e17d1a8f6576e1aaf62233b47ad6f5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 08:17:39 2022 +1100 + + Run compat regress tests too. + +commit fe88d67e7599b0bc73f6e4524add28d743e7f977 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 08:14:05 2022 +1100 + + Compat tests need libcrypto. + + This was moved to CHANNELLIBS during the libs refactor. Spotted by + rapier at psc.edu. + +commit 96b519726b7944eee3c23a54eee3d5c031ba1533 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Nov 3 04:24:39 2022 +1100 + + Include time.h when defining timegm. + + Fixes build on some platforms eg recent AIX. + +commit da6038bd5cd55eb212eb2aec1fc8ae79bbf76156 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Nov 1 19:10:30 2022 +1100 + + Always use compat getentropy. + + Have it call native getentropy and fall back as required. Should fix + issues of platforms where libc has getentropy but it is not implemented + in the kernel. Based on github PR#354 from simsergey. + +commit 5ebe18cab6be3247b44c807ac145164010465b82 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Nov 2 10:51:48 2022 +1100 + + Check for sockaddr_in.sin_len. + + If found, set SOCK_HAS_LEN which is used in addr.c. Should fix keyscan + tests on platforms with this (eg old NetBSD). + +commit a1febadf426536612c2734168d409147c392e7cf +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Oct 30 18:42:07 2022 +0000 + + upstream: Use variable for diff options + + instead of unconditionally specifying "-rN". This will make life easier + in -portable where not all diff's understand -N. + + OpenBSD-Regress-ID: 8b8a407115546be1c6d72d350b1e4f1f960d3cd3 + +commit f6d3ed9a8a9280cbb68d6a499850cfe810e92bd0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Oct 31 05:13:02 2022 +1100 + + OpenSSL dev branch is 302 not 320. + + While there, also accept 301 which it shat it was previously. + +commit 25c8a2bbcc10c493d27faea57c42a6bf13fa51f2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 02:47:04 2022 +0000 + + upstream: put sshkey_check_rsa_length() back in sshkey.c to unbreak + + OPENSSL=no builds + + OpenBSD-Commit-ID: 99eec58abe382ecd14b14043b195ee1babb9cf6e + +commit 1192588546c29ceec10775125f396555ea71850f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 02:29:34 2022 +0000 + + upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. + + ssh-keyscan 192.168.0.0/24 + + If a CIDR range is passed, then it will be expanded to all possible + addresses in the range including the all-0s and all-1s addresses. + + bz#976 feedback/ok markus@ + + OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b + +commit 64af4209309461c79c39eda2d13f9d77816c6398 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Oct 28 12:54:35 2022 +1100 + + fix merge botch + +commit 27267642699342412964aa785b98afd69d952c88 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:44:44 2022 +0000 + + upstream: refactor sshkey_private_deserialize + + feedback/ok markus@ + + OpenBSD-Commit-ID: f5ca6932fdaf840a5e8250becb38315a29b5fc9f + +commit 2519a7077a9332f70935e5242ba91ee670ed6b87 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:44:17 2022 +0000 + + upstream: refactor sshkey_private_serialize_opt() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 61e0fe989897901294efe7c3b6d670cefaf44cbd + +commit 11a768adf98371fe4e43f3b06014024c033385d5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:43:30 2022 +0000 + + upstream: refactor certify + + feedback/ok markus@ + + OpenBSD-Commit-ID: 35d742992e223eaca3537e6fb3d3002c08eed4f6 + +commit 3fbc58bb249d967cc43ebdc554f6781bb73d4a58 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:43:08 2022 +0000 + + upstream: refactor sshkey_sign() and sshkey_verify() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 368e662c128c99d05cc043b1308d2b6c71a4d3cc + +commit a1deb6cdbbe6afaab74ecb08fcb62db5739267be +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:41:52 2022 +0000 + + upstream: refactor sshkey_from_blob_internal() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 1f46c0cbb8060ee9666a02749594ad6658c8e283 + +commit 7d00799c935271ce89300494c5677190779f6453 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:41:17 2022 +0000 + + upstream: refactor sshkey_from_private() + + feedback/ok markus@ + + OpenBSD-Commit-ID: e5dbe7a3545930c50f70ee75c867a1e08b382b53 + +commit 262647c2e920492ca57f1b9320d74f4a0f6e482b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:39:29 2022 +0000 + + upstream: factor out key generation + + feedback/ok markus@ + + OpenBSD-Commit-ID: 5b4211bff4de8d9adb84bc72857a8c42c44e7ceb + +commit 401c74e7dc15eab60540653d2f94d9306a927bab +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:38:58 2022 +0000 + + upstream: refactor and simplify sshkey_read() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 0d93b7a56e31cd06a8bb0d2191d084ce254b0971 + +commit 591fed94e66a016acf87f4b7cd416ce812f2abe8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:37:24 2022 +0000 + + upstream: factor out public key serialization + + feedback/ok markus@ + + OpenBSD-Commit-ID: a3570c4b97290c5662890aea7328d87f55939033 + +commit 1e78844ae2b2dc01ba735d5ae740904c57e13685 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:36:31 2022 +0000 + + upstream: factor out sshkey_equal_public() + + feedback/ok markus@ + + OpenBSD-Commit-ID: 1368ba114cb37732fe6ec3d89c7e6d27ea6fdc94 + +commit 25de1c01a8b9a2c8ab9b1da22444a03e89c982de +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 28 00:35:40 2022 +0000 + + upstream: begin big refactor of sshkey + + Move keytype data and some of the type-specific code (allocation, + cleanup, etc) out into each key type's implementation. Subsequent + commits will move more, with the goal of having each key-*.c file + owning as much of its keytype's implementation as possible. + + lots of feedback + ok markus@ + + OpenBSD-Commit-ID: 0f2b4334f73914344e9e5b3d33522d41762a57ec + +commit 445363433ba20b8a3e655b113858c836da46a1cb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 24 22:43:36 2022 +0000 + + upstream: Be more paranoid with host/domain names coming from the + + never write a name with bad characters to a known_hosts file. + + reported by David Leadbeater, ok deraadt@ + + OpenBSD-Commit-ID: ba9b25fa8b5490b49398471e0c9657b0cbc7a5ad + +commit 7190154de2c9fe135f0cc1ad349cb2fa45152b89 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 24 21:52:50 2022 +0000 + + upstream: regress test for unmatched glob characters; fails before + + previous commit but passes now. bz3488; prodded by dtucker@ + + OpenBSD-Regress-ID: 0cc5cc9ea4a6fd170dc61b9212f15badaafb3bbd + +commit a4821a592456c3add3cd325db433110cdaaa3e5c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Oct 24 21:51:55 2022 +0000 + + upstream: when scp(1) is using the SFTP protocol for transport (the + + default), better match scp/rcp's handling of globs that don't match the + globbed characters but do match literally (e.g. trying to transfer + "foo.[1]"). + + Previously scp(1) in SFTP mode would not match these pathnames but + legacy scp/rcp mode would. + + Reported by Michael Yagliyan in bz3488; ok dtucker@ + + OpenBSD-Commit-ID: d8a3773f53015ba811fddba7473769a2fd343e11 + +commit 18376847b8043ba967eabbe23692ef74c9a3fddc +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Thu Oct 13 09:09:28 2022 +0000 + + upstream: use correct type with sizeof ok djm@ + + OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 + +commit 4a4883664d6b4e9e4e459a8cdc16bd8d4b735de9 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Oct 7 06:00:58 2022 +0000 + + upstream: ssh-agent.1: - use Nm not Xr for self-ref - while here, + + wrap a long line + + ssh-agent.c: + - add -O to usage() + + OpenBSD-Commit-ID: 855dac4695cef22e96d69c53436496bc408ca389 + +commit 9fd2441113fce2a83fc7470968c3b27809cc7f10 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Oct 7 04:06:26 2022 +0000 + + upstream: document "-O no-restrict-websafe"; spotted by Ross L + + Richardson + + OpenBSD-Commit-ID: fe9eaa50237693a14ebe5b5614bf32a02145fe8b + +commit 614252b05d70f798a0929b1cd3d213030ad4d007 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Oct 18 06:29:16 2022 +1100 + + OpenSSL dev branch now identifies as 3.2.0. + +commit 195e5a65fd793a738ea8451ebfdd1919db5aff3e +Author: Damien Miller <djm@mindrot.org> +Date: Mon Oct 17 09:41:47 2022 +1100 + + revert c64b62338b4 and guard POLL* defines instead + + c64b62338b4 broke OSX builds, which do have poll.h but lack ppoll(2) + Spotted by dtucker + +commit bc2e480d99613bd59720edae244d1764636544c4 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Oct 14 14:52:22 2022 +1100 + + undef _get{short,long} before redefining + +commit 5eb796a369c64f18d55a6ae9b1fa9b35eea237fb +Author: Harmen Stoppels <harmenstoppels@gmail.com> +Date: Thu Oct 13 16:08:46 2022 +0200 + + Fix snprintf configure test for clang 15 + + Clang 15 -Wimplicit-int defaults to an error in C99 mode and above. + A handful of tests have "main(..." and not "int main(..." which caused + the tests to produce incorrect results. + +commit c64b62338b46ffa08839f05f21ad69fa6234dc17 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Oct 10 12:32:43 2022 +1100 + + skip bsd-poll.h if poll.h found; ok dtucker + +commit 5ee2b8ccfcf4b606f450eb0ff2305e311f68b0be +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Oct 6 22:42:37 2022 +0000 + + upstream: honour user's umask if it is more restrictive then the ssh + + default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ + + OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d + +commit a75cffc2700cebd3e2dd9093f7f7388d2be95cb7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Oct 7 03:54:56 2022 +1100 + + Add LibreSSL 3.6.0 to test suite. + + While there, bump OpenSSL to latest 1.1.1q release. + +commit fcc0f0c0e96a30076683fea9a7c9eedc72931742 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Oct 6 21:18:16 2022 +1100 + + Add 9.1 branch to CI status page. + +commit ef211eee63821d894a8bf81f22bfba9f6899d0fe +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Oct 4 23:20:23 2022 +1100 + + Test commits to all branches of portable. + + Only test OpenBSD upstream on commits to master since that's what it + tracks. + +commit fe646de03cafb6593ff4e4954bca9ec4b4b753a8 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 5 03:47:26 2022 +1100 + + whitespace at EOL + +commit a6e1852d10c63a830196e82168dadd957aaf28ec +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 5 03:40:01 2022 +1100 + + mention libfido2 autodetection + +commit 7360c2c206f33d309edbaf64036c96fadf74d640 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Oct 5 03:37:36 2022 +1100 + + remove mention of --with-security-key-builtin + + it is enabled by default when libfido2 is installed + +commit 0ffb46f2ee2ffcc4daf45ee679e484da8fcf338c +Author: Damien Miller <djm@mindrot.org> +Date: Tue Oct 4 01:51:42 2022 +1100 + + update .depend + +commit 657e676ff696c7bb787bffb0e249ea1be3b474e1 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Oct 4 01:45:52 2022 +1100 + + update release notes URL + +commit f059da2b29840c0f048448809c317ce2ae014da7 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Oct 4 01:45:41 2022 +1100 + + crank versions in RPM spec files + +commit b51f3f172d87cbdb80ca4eb7b2149e56a7647557 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 26 22:18:40 2022 +0000 + + upstream: openssh-9.1 + + OpenBSD-Commit-ID: 5a467b2ee81da01a86adf1ad93b62b1728494e56 + +commit 4cf8d0c0f3030f594a238bab21a0695735515487 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Sep 21 22:26:50 2022 +0000 + + upstream: Fix typo. From AlexanderStohr via github PR#343. + + OpenBSD-Commit-ID: a134c9b4039e48803fc6a87f955b0f4a03181497 + +commit 8179fed3264d5919899900ed8881d5f9bb57ca33 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 19 21:39:16 2022 +0000 + + upstream: add RequiredRSASize to the list of keywords accepted by + + -o; spotted by jmc@ + + OpenBSD-Commit-ID: fe871408cf6f9d3699afeda876f8adbac86a035e + +commit 5f954929e9f173dd1e279e07d0e8b14fa845814d +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 19 20:59:34 2022 +1000 + + no need for glob.h here + + it also causes portability problems + +commit 03d94a47207d58b3db37eba4f87eb6ae5a63168a +Author: Damien Miller <djm@mindrot.org> +Date: Mon Sep 19 20:59:04 2022 +1000 + + avoid Wuninitialized false positive in gcc-12ish + +commit 9d952529113831fb3071ab6e408d2726fd72e771 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 19 10:46:00 2022 +0000 + + upstream: use users-groups-by-id@openssh.com sftp-server extension + + (when available) to fill in user/group names for directory listings. + Implement a client-side cache of see uid/gid=>user/group names. ok markus@ + + OpenBSD-Commit-ID: f239aeeadfa925a37ceee36ee8b256b8ccf4466e + +commit 8ff680368b0bccf88ae85d4c99de69387fbad7a6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 19 10:43:12 2022 +0000 + + upstream: sftp client library support for + + users-groups-by-id@openssh.com; ok markus@ + + OpenBSD-Commit-ID: ddb2f33a2da6349a9a89a8b5bcb9ca7c999394de + +commit 488f6e1c582212c2374a4bf8cd1b703d2e70fb8b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 19 10:41:58 2022 +0000 + + upstream: extend sftp-common.c:extend ls_file() to support supplied + + user/group names; ok markus@ + + OpenBSD-Commit-ID: c70c70498b1fdcf158531117e405b6245863bfb0 + +commit 74b77f7497dba3a58315c8f308883de448078057 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 19 10:40:52 2022 +0000 + + upstream: sftp-server(8): add a "users-groups-by-id@openssh.com" + + extension request that allows the client to obtain user/group names that + correspond to a set of uids/gids. + + Will be used to make directory listings more useful and consistent + in sftp(1). + + ok markus@ + + OpenBSD-Commit-ID: 7ebabde0bcb95ef949c4840fe89e697e30df47d3 + +commit 231a346c0c67cc7ca098360f9a554fa7d4f1eddb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Sep 19 08:49:50 2022 +0000 + + upstream: better debugging for connect_next() + + OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 + +commit 1875042c52a3b950ae5963c9ca3774a4cc7f0380 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Sep 17 10:34:29 2022 +0000 + + upstream: Add RequiredRSASize for sshd(8); RSA keys that fall + + beneath this limit will be ignored for user and host-based authentication. + + Feedback deraadt@ ok markus@ + + OpenBSD-Commit-ID: 187931dfc19d51873df5930a04f2d972adf1f7f1 + +commit 54b333d12e55e6560b328c737d514ff3511f1afd +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Sep 17 10:33:18 2022 +0000 + + upstream: add a RequiredRSASize for checking RSA key length in + + ssh(1). User authentication keys that fall beneath this limit will be + ignored. If a host presents a host key beneath this limit then the connection + will be terminated (unfortunately there are no fallbacks in the protocol for + host authentication). + + feedback deraadt, Dmitry Belyavskiy; ok markus@ + + OpenBSD-Commit-ID: 430e339b2a79fa9ecc63f2837b06fdd88a7da13a + +commit 07d8771bacfefbcfb37fa8a6dc6103bcc097e0ab +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Sep 17 10:30:45 2022 +0000 + + upstream: Add a sshkey_check_rsa_length() call for checking the + + length of an RSA key; ok markus@ + + OpenBSD-Commit-ID: de77cd5b11594297eda82edc594b0d32b8535134 + +commit 3991a0cf947cf3ae0f0373bcec5a90e86a7152f5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Sep 17 10:11:29 2022 +0000 + + upstream: actually hook up restrict_websafe; the command-line flag + + was never actually used. Spotted by Matthew Garrett + + OpenBSD-Commit-ID: 0b363518ac4c2819dbaa3dfad4028633ab9cdff1 + +commit 30b2a7e4291fb9e357f80a237931ff008d686d3b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 16 06:55:37 2022 +0000 + + upstream: correct error value + + OpenBSD-Commit-ID: 780efcbad76281f11f14b2a5ff04eb6db3dfdad4 + +commit ac1ec9545947d9f9657259f55d04cb49d3a94c8a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 16 03:33:14 2022 +0000 + + upstream: sftp: Be a bit more clever about completions + + There are commands (e.g. "get" or "put") that accept two + arguments, a local path and a remote path. However, the way + current completion is written doesn't take this distinction into + account and always completes remote or local paths. + + By expanding CMD struct and "cmds" array this distinction can be + reflected and with small adjustment to completer code the correct + path can be completed. + + By Michal Privoznik, ok dtucker@ + + OpenBSD-Commit-ID: 1396d921c4eb1befd531f5c4a8ab47e7a74b610b + +commit 590db83384f9d99fc51c84505792d26d1ef60df9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 16 03:13:34 2022 +0000 + + upstream: sftp: Don't attempt to complete arguments for + + non-existent commands + + If user entered a non-existent command (e.g. because they made a + typo) there is no point in trying to complete its arguments. Skip + calling complete_match() if that's the case. + + From Michal Privoznik + + OpenBSD-Commit-ID: cf39c811a68cde2aeb98fc85addea4000ef6b07a + +commit ff9809fdfd1d9a91067bb14a77d176002edb153c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 14 00:14:37 2022 +0000 + + upstream: sk_enroll: never drop SSH_SK_USER_VERIFICATION_REQD flag + + from response + + Now that all FIDO signing calls attempt first without PIN and then + fall back to trying PIN only if that attempt fails, we can remove the + hack^wtrick that removed the UV flag from the keys returned during + enroll. + + By Corinna Vinschen + + OpenBSD-Commit-ID: 684517608c8491503bf80cd175425f0178d91d7f + +commit 940dc10729cb5a95b7ee82c10184e2b9621c8a1d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 14 00:13:13 2022 +0000 + + upstream: a little extra debugging + + OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a + +commit 4b5f91cb959358141181b934156513fcb8a6c1e3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Sep 14 00:02:03 2022 +0000 + + upstream: ssh-agent: attempt FIDO key signing without PIN and use + + the error to determine whether a PIN is required and prompt only if + necessary. from Corinna Vinschen + + OpenBSD-Commit-ID: dd6be6a0b7148608e834ee737c3479b3270b00dd + +commit 113523bf0bc33600b07ebb083572c8c346b6fdf4 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sun Sep 11 06:38:11 2022 +0000 + + upstream: .Li -> .Vt where appropriate; from josiah frentsos, + + tweaked by schwarze + + ok schwarze + + OpenBSD-Commit-ID: 565046e3ce68b46c2f440a93d67c2a92726de8ed + +commit 86af013b56cecb5ee58ae0bd9d495cd586fc5918 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Sat Sep 10 08:50:53 2022 +0000 + + upstream: fix repeated words ok miod@ jmc@ + + OpenBSD-Commit-ID: 6765daefe26a6b648cc15cadbbe337596af709b7 + +commit 0ba39b93b326a7d5dfab776cc9b9d326161a9b16 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 9 03:31:42 2022 +0000 + + upstream: notifier_complete(NULL, ...) is a noop, so no need to test + + that ctx!=NULL; from Corinna Vinschen + + OpenBSD-Commit-ID: ade2f2e9cc519d01a586800c25621d910bce384a + +commit be197635329feb839865fdc738e34e24afd1fca8 +Author: Sam James <sam@gentoo.org> +Date: Thu Sep 8 02:49:29 2022 +0100 + + openbsd-compat/bsd-asprintf: add <stdio.h> include for vsnprintf + + Fixes the following build failure with Clang 15 on musl: + ``` + bsd-asprintf.c:51:8: error: call to undeclared library function 'vsnprintf' with type 'int (char *, unsigned long, const char *, struct __va_list_tag *)'; ISO C99 and laterclang -O2 -pipe -fdiagnostics-color=always -frecord-gcc-switches -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -Wbitwise-instead-of-logical -fno-strict-aliasing -mretpoline -ftrapv -fzero-call-used-regs=all -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/lib/misc/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/lib/misc/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/lib/misc/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/lib/misc/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/lib/misc/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher-aes.c -o cipher-aes.o + do not support + implicit function declarations [-Wimplicit-function-declaration] + ret = vsnprintf(string, INIT_SZ, fmt, ap2); + ^ + bsd-asprintf.c:51:8: note: include the header <stdio.h> or explicitly provide a declaration for 'vsnprintf' + 1 error generated. + ``` + +commit 6cb6f660bb35f77a0456dd2581ddf39c29398a5e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Sep 2 16:43:27 2022 +1000 + + Remove DEF_WEAK, it's already in defines.h. + +commit ce39e7d8b70c4726defde5d3bc4cb7d40d131153 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Sep 2 14:28:14 2022 +1000 + + Resync arc4random with OpenBSD. + + This brings us up to current, including djm's random-reseeding change, + as prompted by logan at cyberstorm.mu in bz#3467. It brings the + platform-specific hooks from LibreSSL Portable, simplified to match our + use case. ok djm@. + +commit beaddde26f30e2195b8aa4f3193970e140e17305 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Sep 2 14:20:04 2022 +1000 + + Move OPENBSD ORIGINAL marker. + + Putting this after the copyright statement (which doesn't change) + instead of before the version identifier (which does) prevents merge + conflicts when resyncing changes. + +commit c83e467ead67a8cb48ef4bec8085d6fb880a2ff4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Sep 2 14:17:28 2022 +1000 + + Remove arc4random_uniform from arc4random.c + + This was previously moved into its own file (matching OpenBSD) which + prematurely committed in commit 73541f2. + +commit 5f45c2395c60865e59fa44152ff1d003a128c5bc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Sep 2 04:20:02 2022 +0000 + + upstream: sk-usbhid: fix key_lookup() on tokens with built-in UV + + explicitly test whether the token performs built-in UV (e.g. biometric + tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388 + + OpenBSD-Commit-ID: 007eb7e387d27cf3029ab06b88224e03eca62ccd + +commit 03277a4aa49b80af541a3e691f264c0c0d8f9cec +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Aug 31 20:26:30 2022 +1000 + + Move sftp from valgrind-2 to 3 to rebalance. + +commit fcf5365da69c516817321ba89c3a91df98d098df +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 31 02:56:40 2022 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: c2bcbf93610d3d62ed206cdf9bf9ff98c6aaf232 + +commit e60136a3d7a223dd8e84ba8a6895bc3142360993 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Aug 29 13:27:45 2022 +1000 + + additional keys + +commit 2b02dcb505288c462d1b5dd1ac04e603d01340eb +Author: Damien Miller <djm@mindrot.org> +Date: Mon Aug 29 13:23:43 2022 +1000 + + cross-sign allowed_signers with PGP key + + Provides continuity of trust from legacy PGP release key to + the SSHSIG signing keys that we will use henceforth for git + signing. + +commit 51b345f177ae981b8755f6bdf8358b1cc5e83d67 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Aug 27 21:49:27 2022 +1000 + + Add libcrypt-devel to cygwin-release deps. + + Based on feedback from vinschen at redhat.com. + +commit 9f81736cf16dd8dda1c8942f1973a5f80b8cd78c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Aug 27 09:37:40 2022 +1000 + + Add Windows 2022 test targets. + +commit 85e1a69243f12be8520438ad6a3cfdc0b7fcbb2d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 26 16:26:06 2022 +1000 + + Add cygwin-release test target. + + This also moves the cygwin package install from the workflow file to + setup_ci.sh so that we can install different sets of Cygwin packages + for different test configs. + +commit 92382dbe8bf9ea1225b16858f9b9b208c15c7e8d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 26 08:16:27 2022 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: a5d015efbfd228dc598ffdef612d2da3a579e5d8 + +commit 70a5de0a50e84d7250eb4e4537f765599f64c4af +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 26 08:12:56 2022 +0000 + + upstream: whitespace + + OpenBSD-Commit-ID: d297e4387935d4aef091c5e9432578c2e513f538 + +commit 3a683a19fd116ea15ebf8aa13d02646cceb302a9 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Aug 26 14:23:55 2022 +1000 + + initial list of allowed signers + +commit 6851f4b8c3fc1b3e1114c56106e4dc31369c8513 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 19 17:22:18 2022 +1000 + + Install Cygwin packages based on OS not config. + +commit f96480906893ed93665df8cdf9065865c51c1475 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 19 06:07:47 2022 +0000 + + upstream: attemp FIDO key signing without PIN and use the error + + code returned to fall back only if necessary. Avoids PIN prompts for FIDO + tokens that don't require them; part of GHPR#302 + + OpenBSD-Commit-ID: 4f752aaf9f2e7c28bcaaf3d4f8fc290131bd038e + +commit 5453333b5d28e313284cb9aae82899704103f98d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 19 05:53:28 2022 +0000 + + upstream: remove incorrect check that can break enrolling a + + resident key (introduced in r1.40) + + OpenBSD-Commit-ID: 4cab364d518470e29e624af3d3f9ffa9c92b6f01 + +commit ff89b1bed80721295555bd083b173247a9c0484e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Aug 19 04:02:46 2022 +0000 + + upstream: Strictly enforce the maximum allowed SSH2 banner size in + + ssh-keyscan and prevent a one-byte buffer overflow. Patch from Qualys, ok + djm@ + + OpenBSD-Commit-ID: 6ae664f9f4db6e8a0589425f74cd0bbf3aeef4e4 + +commit 1b470b9036639cef4f32fb303bb35ea0b711178d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 19 15:18:09 2022 +1000 + + Fix cygwin conditional steps. + +commit fd6ee741ab16714b7035d60aca924123ba28135a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 19 15:12:57 2022 +1000 + + Add a bit more debug output. + +commit a9305c4c739f4d91a3d3a92c0b6d4949404a36c5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 12 15:08:47 2022 +1000 + + Add Cygwin (on windows-2019) test target. + + In addition to installing the requisite Cygwin packages, we also need to + explicitly invoke "sh" for steps that run other scripts since the runner + environment doesn't understand #! paths. + +commit 5062ad48814b06162511c4f5924a33d97b6b2566 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 19 03:06:30 2022 +0000 + + upstream: double free() in error path; from Eusgor via GHPR333 + + OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4 + +commit 5a5c580b48fc6006bdfa731fc2f6d4945c2c0e4e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 18 21:36:39 2022 +1000 + + Check for perms to run agent-getpeereid test. + + Ubuntu 22.04 defaults to private home dirs which prevents "nobody" + running ssh-add during the agent-getpeereid test. Check for this and + add the necessary permissions. + +commit cd06a76b7ccc706e2bb4f1cc4aa9e9796a28a812 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Aug 17 16:04:16 2022 +1000 + + on Cygwin, prefer WinHello FIDO device + + If no FIDO device was explictly specified, then prefer the + windows://hello FIDO device. An exception to this is when + probing resident FIDO keys, in which case hardware FIDO + devices are preferred. + +commit 47f72f534ac5cc2cd3027675a3df7b00a8f77575 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Aug 17 06:01:57 2022 +0000 + + upstream: add an extra flag to sk_probe() to indicate whether we're + + probing for a FIDO resident key or not. Unused here, but will make like + easier for portable + + OpenBSD-Commit-ID: 432c8ff70e270378df9dbceb9bdeaa5b43b5a832 + +commit edb0bcb3c79b16031dc87a8e57aecc3c4a3414f0 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Aug 16 20:24:08 2022 +0000 + + upstream: use .Cm for "sign"; from josiah frentsos + + OpenBSD-Commit-ID: 7f80a53d54857ac6ae49ea6ad93c5bd12231d1e4 + +commit cccb011e130cbbac538b1689d10e4a067298df8b +Author: Corinna Vinschen <vinschen@redhat.com> +Date: Thu Aug 11 20:19:35 2022 +0200 + + Revert "check_sk_options: add temporary WinHello workaround" + + Cygwin now comes with libfido2 1.11.0, so this workaround + isn't required anymore. + + This reverts commit 242c044ab111a37aad3b0775727c36a4c5f0102c. + + Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + +commit 9468cd7cf9d989dfa2ac20e2a0268ba6e93bfa5a +Author: Corinna Vinschen <vinschen@redhat.com> +Date: Thu Aug 11 20:18:17 2022 +0200 + + fido_dev_is_winhello: return 0, not "false" + + "false" is not used anywhere in OpenSSH, so return 0 like + everywhere else. + + Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + +commit 730a80609472ee0451c99482d75c9c41f3ebc42d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 12 05:20:28 2022 +0000 + + upstream: sftp-server: support home-directory request + + Add support to the sftp-server for the home-directory extension defined + in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the + existing expand-path@openssh.com, but uses a more official protocol name, + and so is a bit more likely to be implemented by non-OpenSSH clients. + + From Mike Frysinger, ok dtucker@ + + OpenBSD-Commit-ID: bfc580d05cc0c817831ae7ecbac4a481c23566ab + +commit 5e820bf79ce3ce99ef7e98b0ab642b0a0a4f396c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 12 14:56:55 2022 +1000 + + Replace deprecated ubuntu-18.04 runners with 22.04 + +commit 87b0d9c1b789d3ff958ec45df2ac912e24461bae +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 11 22:48:23 2022 +1000 + + Add a timegm implementation from Heimdal via Samba. + + Fixes build on (at least Solaris 10). + +commit d0c4fa58594577994921b593f10037c5282597ca +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 11 14:23:58 2022 +1000 + + Rerun tests if any .github config file changes. + +commit 113fe6c77ab43769fc61e953d07cb619fd7ea54b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 11 13:33:51 2022 +1000 + + Skip hostbased during Valgrind tests. + + Valgrind doesn't let ssh exec ssh-keysign (because it's setuid) so skip + it during the Valgrind based tests. + + See https://bugs.kde.org/show_bug.cgi?id=119404 for a discussion of this + (ironically there the problematic binary was ssh(1) back when it could + still be setuid). + +commit b98a42afb69d60891eb0488935990df6ee571c4d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 11 01:57:50 2022 +0000 + + upstream: add some tests for parse_absolute_time(), including cases + + where it is forced to the UTC timezone. bz3468 ok dtucker + + OpenBSD-Regress-ID: ea07ca31c2f3847a38df028ca632763ae44e8759 + +commit ec1ddb72a146fd66d18df9cd423517453a5d8044 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Aug 11 01:56:51 2022 +0000 + + upstream: allow certificate validity intervals, sshsig verification + + times and authorized_keys expiry-time options to accept dates in the UTC time + zone in addition to the default of interpreting them in the system time zone. + YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if + suffixed with a 'Z' character. + + Also allow certificate validity intervals to be specified in raw + seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This + is intended for use by regress tests and other tools that call + ssh-keygen as part of a CA workflow. + + bz3468 ok dtucker + + OpenBSD-Commit-ID: 454db1cdffa9fa346aea5211223a2ce0588dfe13 + +commit 4df246ec75751da7eb925e1880498300d8bda187 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 11 10:23:55 2022 +1000 + + Fix conditional for running hostbased tests. + +commit 2580916e48721802220c61ce9e0df1297c00bc07 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Aug 11 08:58:28 2022 +1000 + + fix SANDBOX_SECCOMP_FILTER_DEBUG + +commit fdbd5bf507fc271ff813714fab8a72ff2c6cb5ca +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Aug 10 17:35:52 2022 +1000 + + Test hostbased auth on github runners. + +commit 7e2f51940ba48a1c0fae1107801ea643fa83c971 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Aug 10 17:25:24 2022 +1000 + + Rename our getentropy to prevent possible loops. + + Since arc4random seeds from getentropy, and we use OpenSSL for that + if enabled, there's the possibility that if we build on a system that + does not have getentropy then run on a system that does have it, then + OpenSSL could end up calling our getentropy and getting stuck in a loop. + Pointed out by deraadt@, ok djm@ + +commit 7a01f61be8d0aca0e975e7417f26371495fe7674 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 8 12:17:04 2022 +1000 + + Actually put HAVE_STDINT_H around the stdint.h. + +commit 73541f29f0b50480da6c20dceb7a7191bd8ea7d3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Aug 8 10:30:34 2022 +1000 + + Give unused param a name. + + Fixes builds on platforms that do have fido2 but don't have + fido_dev_is_winhello. + +commit 2a108c0ea960381bd9b14ee0d84e818a23df4482 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Aug 5 05:01:40 2022 +0000 + + upstream: don't prompt for FIDO passphrase before attempting to enroll + + the credential, just let the enroll operating fail and we'll attempt to get a + PIN anyway. Might avoid some unneccessary PIN prompts. + + Part of GHPR#302 from Corinna Vinschen; ok dtucker@ + + OpenBSD-Commit-ID: bd5342ffc353ee37d39617906867c305564d1ce2 + +commit 2886975c0ad9244e60dc5e4be34fde3aa573a4b5 +Author: Corinna Vinschen <vinschen@redhat.com> +Date: Fri Feb 11 14:33:41 2022 +0100 + + sk_sign: set FIDO2 uv attribute explicitely for WinHello + + WinHello via libfido2 performs user verification by default. + However, if we stick to that, there's no way to differentiate + between keys created with or without "-O verify-required". + Set FIDO2 uv attribute explicitely to FIDO_OPT_FALSE, then check + if user verification has been requested. + + Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + +commit 242c044ab111a37aad3b0775727c36a4c5f0102c +Author: Corinna Vinschen <vinschen@redhat.com> +Date: Tue Feb 15 11:28:08 2022 +0100 + + check_sk_options: add temporary WinHello workaround + + Up to libfido 1.10.0, WinHello advertises "clientPin" rather + than "uv" capability. This is fixed in 1.11.0. For the time + being, workaround it here. + + Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + +commit 78774c08cc4b4997382975b0f414a86e06b6780c +Author: Corinna Vinschen <vinschen@redhat.com> +Date: Thu Feb 10 18:19:29 2022 +0100 + + compat code for fido_dev_is_winhello() + + Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + +commit 3d3a932a019aedfb891e0779bb4990cd5008a390 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Aug 5 13:12:27 2022 +1000 + + Factor out getrnd() and rename to getentropy(). + + Factor out the arc4random seeding into its own file and change the + interface to match getentropy. Use native getentropy if available. + This will make it easier to resync OpenBSD changes to arc4random. + Prompted by bz#3467, ok djm@. + +commit 9385d277b787403be9dfcb229cf372202496d2f3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Aug 4 18:55:48 2022 +1000 + + Include CHANNEL and FIDO2 libs in configure output + +commit 141535b904b6fba01724444f38193a8599201f82 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Aug 1 11:09:26 2022 +0000 + + upstream: avoid double-free in error path introduced in r1.70; report + + and fix based on GHPR#332 by v-rzh ok dtucker@ + + OpenBSD-Commit-ID: 3d21aa127b1f37cfc5bdc21461db369a663a951f + +commit dba7099ffcba3ca07b3946f017ba6a4c3158d9b1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 27 18:40:12 2022 +1000 + + Remove deprecated MacOS 10.15 runners. + +commit 722a56439aa5972c830e4a9a724cf52aff4a950a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 27 18:31:14 2022 +1000 + + Move stale-configure check as early as possible. + + We added a check in Makefile to catch the case where configure needs to + be rebuilt, however this did not happen until a build was attempted in + which case all of the work done by configure was wasted. Move this check + to the start of configure to catch it as early as possible. ok djm@ + +commit 099d6b56288b421ba38531d26dc1bd6bb685e311 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 22 10:47:19 2022 +1000 + + Move libcrypto into CHANNELLIBS. + + This will result in sftp, sftp-server and scp no longer being linked + against libcrypto. ok djm@ + +commit 1bdf86725b77733bb5f17c54888b88a10b2f6538 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 22 10:45:47 2022 +1000 + + Remove seed_rng calls from scp, sftp, sftp-server. + + These binaries don't use OpenSSL's random functions. The next step + will be to stop linking them against libcrypto. ok djm@ + +commit d73f77b8cb9b422f1ac4facee7890aa10ff2bc21 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 22 09:51:51 2022 +1000 + + Group libcrypto and PRNGD checks together. + + They're related more than the libcrypt or libiaf checks which are + currently between them. ok djm@ + +commit f117e372b3f42f2fbdb0a578d063b2609ab58e1f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 22 09:24:45 2022 +1000 + + Do not link scp, sftp and sftp-server w/ zlib. + + Some of our binaries (eg sftp, sftp-server, scp) do not interact with + the channels code and thus do use libraries such as zlib and libcrypto + although they are linked with them. This adds a CHANNELLIBS and starts + by moving zlib into it, which means the aformentioned binaries are no + longer linked against zlib. ok djm@ + +commit 800c2483e68db38bd1566ff69677124be974aceb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jul 25 21:49:04 2022 +1000 + + Remove workarounds for OpenSSL missing AES-CTR. + + We have some compatibility hacks that were added to support OpenSSL + versions that do not support AES CTR mode. Since that time, however, + the minimum OpenSSL version that we support has moved to 1.0.1 which + *does* have CTR, so this is no longer needed. ok djm@ + +commit b7c56b65c12f51fe0dbae798d19c8f58224a5d95 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jul 25 21:43:00 2022 +1000 + + Remove workarounds for OpenSSL missing AES-GCM. + + We have some compatibility hacks that were added to support OpenSSL + versions that do not support AES GCM mode. Since that time, however, + the minimum OpenSSL version that we support has moved to 1.0.1 which + *does* have GCM, so this is no longer needed. ok djm@ + +commit 5a4a9f7a968fbf92cc1eac519c65638e79ae9f1f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 25 07:12:45 2022 +0000 + + upstream: Restore missing "!" in TEST_SSH_ELAPSED_TIMES test. + + OpenBSD-Regress-ID: 38783f9676ec348c5a792caecee9a16e354b37b0 + +commit 0ff886be132299386cc29d87c2aa16ff68a1aa08 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Jul 24 23:29:10 2022 +0000 + + upstream: Test TEST_SSH_ELAPSED_TIMES for empty string not + + executable. No-op on most platforms but should prevent warnings in -portable + on systems that don't have 'date %s'. + + OpenBSD-Regress-ID: e39d79867b8065e33d0c5926fa1a31f85659d2a4 + +commit f69319ad8ad1dd50f90bbcf5912e11cc8ed3e037 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 23 14:38:22 2022 +1000 + + Convert "have_prog" function into "which". + + "which" and its behaviour is not standardized, so convert the existing + have_prog function into "which" so we can rely on it being available + and what its semantics are. Add a have_prog wrapper that maintains the + existing behaviour. + +commit ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jul 23 14:36:38 2022 +1000 + + Skip scp3 test if there's no scp on remote path. + + scp -3 ends up using the scp that's in the remote path and will fail if + one is not available. Based on a patch from rapier at psc.edu. + +commit c46f6fed419167c1671e4227459e108036c760f8 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jul 20 13:39:14 2022 +1000 + + crank SSH_SK_VERSION_MAJOR in sk-dummy.so + +commit f208e3b9ffb5ee76cf9c95df7ff967adc7f51c7d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 20 03:33:22 2022 +0000 + + upstream: ssh-keygen: fix touch prompt, pin retries; + + part of GHPR329 from Pedro Martelletto + + OpenBSD-Commit-ID: 75d1005bd2ef8f29fa834c90d2684e73556fffe8 + +commit 8638a2ce7e90c8a51d9af3143404282126c524f8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 20 03:31:42 2022 +0000 + + upstream: sk-usbhid: preserve error code returned by key_lookup() + + it conveys useful information, such as the supplied pin being wrong. + + Part of GHPR329 from Pedro Martelletto + + OpenBSD-Commit-ID: c0647eb9290f793add363d81378439b273756c1b + +commit 9ab929ca2d820520327b41929372bcb9e261534c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 20 03:29:14 2022 +0000 + + upstream: when enrolling a resident key on a security token, check + + if a credential with matching application and user ID strings already exists. + if so, prompt the user for confirmation before overwriting the credential. + + patch from Pedro Martelletto via GHPR329 + + NB. cranks SSH_SK_VERSION_MAJOR, so any third-party FIDO middleware + implementations will need to adjust + + OpenBSD-Commit-ID: e45e9f1bf2b2f32d9850669e7a8dbd64acc5fca4 + +commit 5bcfc788b38d5b64e4c347bdc04bd9a01bbc36da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jul 20 03:13:04 2022 +0000 + + upstream: pull passphrase reading and confirmation into a separate + + function so it can be used for FIDO2 PINs; no functional change + + OpenBSD-Commit-ID: bf34f76b8283cc1d3f54633e0d4f13613d87bb2f + +commit eb679e2959bdb15454eb94751930eb4c9110da94 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 15 21:31:48 2022 +1000 + + Move vmshutdown to first step. + + If a previous run on a physical runner has failed to clean up, the next + run will fail because it'll try to check out the code to a broken + directory mount. Make cleanup the first step. + +commit 46b91b70ff3cb9c147e2875ef5dc609fd64c0c96 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 15 20:25:27 2022 +1000 + + Rename bbone test target to ARM. + +commit 751d22cdeffed9fe921db78eedc32a29f9e80510 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 15 13:37:29 2022 +1000 + + Add AUDIT_ARCH_PPC to supported seccomp arches. + + Patch from dries.deschout at dodeco.eu. + +commit a061792a6e8d235fc40a9b5d4c22a1762bb75a7b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 14 19:20:24 2022 +1000 + + Remove unintended changes. + + I inadvertently included a couple of local changes with the OpenSSL + 3.0.4 change. Revert, anything that should be there will be committed + separately. + +commit 527cb43fa1b4e55df661feabbac51b8e608b6519 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 14 11:22:08 2022 +1000 + + Return ERANGE from getcwd() if buffer size is 1. + + If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it + could result in a nul byte being written out of array bounds. POSIX says + it should return ERANGE if the path will not fit in the available buffer + (with terminating nul). 1 byte cannot fit any possible path with its nul, + so immediately return ERANGE in that case. + + OpenSSH never uses getcwd() with this buffer size, and all current + (and even quite old) platforms that we are currently known to work + on have a native getcwd() so this code is not used on those anyway. + Reported by Qualys, ok djm@ + +commit 36857fefd8849c4b0e877cfd9d1eb22f79b76650 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 14 10:02:35 2022 +1000 + + Split README.platform into its own line. + + README.platform has general platform-specific information, having it + following text about FIDO2 on the same line could imply that it only + has information about FIDO2. + +commit 00a496c6c14f2d41f2a9365714d494dd5f3aac9f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jul 14 09:56:01 2022 +1000 + + Clarify README.md text. + + Clarify the text about the implications of building without OpenSSL, and + prefix the "configure --help" example command with a "./" so it's likely + to work as-is in more shells. From bz#3461. + +commit f40b52f21fbc52eb513279168a49d3285c65256c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 12 19:48:44 2022 +1000 + + Remove special casing of crypt(). + + Configure goes to some lengths to pick crypt() from either libcrypt + or OpenSSL's libcrypto because they can more or less featureful (eg + supporting md5-style passwords). + + OpenSSL removed its crypt() interface in 2002: + https://github.com/openssl/openssl/commit/69deec58 so these hijinks + should no longer be necessary. This also only links sshd with libcrypt + which is the only thing that needs it. ok djm@ + +commit 76f4e48631d7b09fb243b47d7b393d100d3741b7 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 13 13:17:47 2022 +1000 + + Only refuse to use OpenSSL 3.0.4 on x86_64. + + The potential RCE only impacts x86_64, so only refuse to use it if we're + targetting a potentially impacted architecture. ok djm@ + +commit e75bbc1d88491fa85e61b2cc8783d4bbd00cd131 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 12 14:37:15 2022 +1000 + + Capture stderr output from configure. + +commit d9eaea4bea6271bcee6a2b9428f1271faf2d033b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 12 12:54:49 2022 +1000 + + Refuse to use OpenSSL 3.0.4 due to potential RCE. + + OpenSSL has a potential RCE in its RSA implementation (CVE-2022-2274) + so refuse to use that specific version. + +commit fb2f3a61bf3d28fff285524535f7ffcd177c9235 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 12 12:54:24 2022 +1000 + + Move unset to before we set anything. + +commit c483a5c0fb8e8b8915fad85c5f6113386a4341ca +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jul 6 11:52:54 2022 +1000 + + Test against openssl-3.0.5. + +commit 669a56bcfe73f8b985f2bba476ba834d55253acf +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 5 18:35:53 2022 +1000 + + Update sanitizer test targets: + + - remove clang-sanitize-memory for now. It takes so long that the test + times out. + - add gcc sanitize-address and sanitize-undefined test targets. + +commit 48cc68b69118b3ce8d07fd4f82e00d58667d5379 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 5 16:23:28 2022 +1000 + + Add GCC address sanitizer build/test. + +commit 55c60bdd39b82457e92efa77da8d16cfa6a49391 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jul 5 12:02:33 2022 +1000 + + Move sanitizer logs into regress for collection. + +commit 35ef2b3b6ef198f8574904a45780487ec2f17858 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon Jul 4 09:10:31 2022 +0000 + + upstream: Add TEST_REGRESS_CACHE_DIR. + + If set, it is used to cache regress test names that have succeeded and + skip those on a re-run. + + OpenBSD-Regress-ID: a7570dd29a58df59f2cca647c3c2ec989b49f247 + +commit 7394ed80c4de8b228a43c8956cf2fa1b9c6b2622 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jul 3 21:46:44 2022 +1000 + + Add clang sanitizer tests. + +commit bfce0e66b6017a9bfab450b9dc7d4b16f90de817 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jul 3 18:14:09 2022 +1000 + + Skip all rlimit tests when sandboxing disabled. + + The rlimit tests can hang when being run with some compiler sanitizers + so skip all of them if sandbox=no. + +commit 6208d611520f9ea94d5369f9da404b709930029d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Jul 3 17:54:49 2022 +1000 + + Move checks for pollfd.fd and nfds_t. + + Move the checks for struct pollfd.fd and nfds_t to before the sandboxing + checks. This groups all the sandbox checks together so we can skip them + all when sandboxing is disabled. + +commit 322964f8f2e9c321e77ebae1e4d2cd0ccc5c5a0b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 1 05:08:23 2022 +0000 + + upstream: Remove leftover line. + + Remove extra line leftover from merge conflict. ok djm@ + + OpenBSD-Commit-ID: 460e2290875d7ae64971a7e669c244b1d1c0ae2e + +commit 7ec81daad0e03a64e8d91c5590960c48c1a899a3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 1 04:45:50 2022 +0000 + + upstream: use consistent field names (s/char/byte) + + in format description + + OpenBSD-Commit-ID: 3de33572733ee7fcfd7db33d37db23d2280254f0 + +commit 32e82a392d9f263485effdd606ff5862d289a4a0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jul 1 13:55:19 2022 +1000 + + Skip select+rlimit check if sandboxing is disabled + + It's not needed in that case, and the test can fail when being built + with some compiler memory sanitizer flags. bz#3441 + +commit 4be7184ebe2a2ccef175983517a35ee06766e1b4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 1 03:52:57 2022 +0000 + + upstream: bump up loglevel from debug to info when unable to open + + authorized keys/principals file for errno != ENOENT; bz2042 ok dtucker + + OpenBSD-Commit-ID: e79aa550d91ade6a80f081bda689da24c086d66b + +commit 6c31ba10e97b6953c4f325f526f3e846dfea647a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 1 03:39:44 2022 +0000 + + upstream: Don't leak the strings allocated by order_hostkeyalgs() + + and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of + github PR#324 from ZoltanFridrich, ok djm@ + + This is a roll-forward of the previous rollback now that the required + changes in compat.c have been done. + + OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb + +commit 486c4dc3b83b4b67d663fb0fa62bc24138ec3946 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jul 1 03:35:45 2022 +0000 + + upstream: Always return allocated strings from the kex filtering so + + that we can free them later. Fix one leak in compat_kex_proposal. Based on + github PR#324 from ZoltanFridrich with some simplications by me. ok djm@ + + OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4 + +commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jul 1 00:36:30 2022 +0000 + + upstream: ignore SIGPIPE earlier in main(), specifically before + + muxclient() which performs operations that could cause one; Reported by Noam + Lewis via bz3454, ok dtucker@ + + OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47 + +commit 33efac790f6b09d54894ba6c3e17dfb08b6fc7e1 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Jun 28 06:09:14 2022 +0000 + + upstream: reflect the update to -D arg name in usage(); + + OpenBSD-Commit-ID: abdcde4f92b1ef094ae44210ee99d3b0155aad9c + +commit c71a1442d02f0a3586109dfe2cb366de36dee08e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 29 18:28:47 2022 +1000 + + Update OpenSSL tests to the most recent releases. + +commit 2a822f29300b2de7335fbff65f0b187a0c582304 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 27 21:41:55 2022 +0000 + + upstream: allow arguments to sftp -D option, e.g. sftp -D + + "/usr/libexec/sftp-server -el debug3" + + ok markus@ + + OpenBSD-Commit-ID: 5a002b9f3a7aef2731fc0ffa9c921cf15f38ecce + +commit 2369a2810187e08f2af5d58b343956062fb96ee8 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 24 10:45:06 2022 +0000 + + upstream: Roll back previous KEX changes as they aren't safe until + + compat_pkalg_proposal and friends always allocate their returned strings. + Reported by Qualys. + + OpenBSD-Commit-ID: 1c7a88a0d5033f42f88ab9bec58ef1cf72c81ad0 + +commit 646686136c34c2dbf6a01296dfaa9ebee029386d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 24 04:37:00 2022 +0000 + + upstream: Don't leak the strings allocated by order_hostkeyalgs() + + and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of + github PR#324 from ZoltanFridrich, ok djm@ + + OpenBSD-Commit-ID: b2f6e5f60f2bba293b831654328a8a0035ef4a1b + +commit 193c6d8d905dde836b628fc07a7b9cf2d347e2a3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jun 25 12:16:15 2022 +1000 + + Zero out LIBFIDO2 when SK support not usable. + + Prevents us from trying to link them into ssh-sk-helper and failing to + build. + +commit 40f5d849d25c60b4ae21261e78484d435f5cfd51 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Jun 25 11:47:28 2022 +1000 + + Disable SK support if FIDO libs not found. + +commit 5fd922ade1b25880fe8a8249f5c0385e413108f9 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 24 14:43:54 2022 +1000 + + fix broken case statement in previous + +commit f51423bdaf0008d46b6af082bcfd7a22a87375f0 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 24 14:40:42 2022 +1000 + + request 1.1x API compatibility for OpenSSL >=3.x + + idea/patch from Pedro Martelletto via GHPR#322; ok dtucker@ + +commit 455cee8d6c2e4c48c5af9faead3599c49948411e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 24 04:27:14 2022 +0000 + + upstream: make it clear that RekeyLimit applies to both transmitted + + and received data. GHPR#328 from Jan Pazdziora + + OpenBSD-Commit-ID: d180a905fec9ff418a75c07bb96ea41c9308c3f9 + +commit 17904f05802988d0bb9ed3c8d1d37411e8f459c3 +Author: tobhe@openbsd.org <tobhe@openbsd.org> +Date: Tue Jun 21 14:52:13 2022 +0000 + + upstream: Make sure not to fclose() the same fd twice in case of an + + error. + + ok dtucker@ + + OpenBSD-Commit-ID: e384c4e05d5521e7866b3d53ca59acd2a86eef99 + +commit f29d6cf98c25bf044079032d22c1a57c63ab9d8e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jun 18 02:17:16 2022 +0000 + + upstream: Don't attempt to fprintf a null identity comment. From + + Martin Vahlensieck via tech@. + + OpenBSD-Commit-ID: 4c54d20a8e8e4e9912c38a7b4ef5bfc5ca2e05c2 + +commit ad1762173bb38716a106e8979806149fd0f2753e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 17 01:00:03 2022 +0000 + + upstream: Log an error if pipe() fails while accepting a + + connection. bz#3447, from vincent-openssh at vinc17 net, ok djm@ + + OpenBSD-Commit-ID: 9d59f19872b94900a5c79da2d57850241ac5df94 + +commit 9c59e7486cc8691401228b43b96a3edbb06e0412 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 24 14:20:43 2022 +1000 + + automatically enable built-in FIDO support + + If libfido2 is found and usable, then enable the built-in + security key support unless --without-security-key-builtin + was requested. + + ok dtucker@ + +commit 7d25b37fb2a5ff4dadabcbdac6087a97479434f5 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 24 13:46:39 2022 +1000 + + fix possible NULL deref when built without FIDO + + Analysis/fix from kircher in bz3443; ok dtucker@ + +commit f5ba85daddfc2da6a8dab6038269e02c0695be44 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 15 16:08:25 2022 +0000 + + upstream: make sure that UseDNS hostname lookup happens in the monitor + + and not in the pledge(2)'d unprivileged process; fixes regression caused by + recent refactoring spotted by henning@ + + OpenBSD-Commit-ID: a089870b95101cd8881a2dff65b2f1627d13e88d + +commit acb2059febaddd71ee06c2ebf63dcf211d9ab9f2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 3 04:47:21 2022 +0000 + + upstream: move auth_openprincipals() and auth_openkeyfile() over to + + auth2-pubkeyfile.c too; they make more sense there. + + OpenBSD-Commit-ID: 9970d99f900e1117fdaab13e9e910a621b7c60ee + +commit 3d9b0845f34510111cc693bb99a667662ca50cd8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 3 04:31:54 2022 +0000 + + upstream: test setenv in both client and server, test first-match-wins + + too + + OpenBSD-Regress-ID: 4c8804f9db38a02db480b9923317457b377fe34b + +commit 22e1a3a71ad6d108ff0c5f07f93c3fcbd30f8b40 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 3 04:30:46 2022 +0000 + + upstream: Make SetEnv directives first-match-wins in both + + sshd_config and sshd_config; previously if the same name was reused then the + last would win (which is the opposite to how the config is supposed to work). + + While there, make the ssh_config parsing more like sshd_config. + + bz3438, ok dtucker + + OpenBSD-Commit-ID: 797909c1e0262c0d00e09280459d7ab00f18273b + +commit 38ed6c57e9e592c08e020fa6e82b45b4e1040970 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 3 04:00:15 2022 +0000 + + upstream: Add missing *-sk types to ssh-keyscan manpage. From + + skazi0 via github PR#294. + + OpenBSD-Commit-ID: fda2c869cdb871f3c90a89fb3f985370bb5d25c0 + +commit ea97ec98c41ec2b755dfab459347db674ff9a5de +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 3 03:21:09 2022 +0000 + + upstream: Add period at end of "not known by any other names" + + message. github PR#320 from jschauma, ok djm@ + + OpenBSD-Commit-ID: bd60809803c4bfd3ebb7c5c4d918b10e275266f2 + +commit 88e376fcd67478ad1660d94bc73ab348ac9f4527 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jun 3 03:17:42 2022 +0000 + + upstream: ssh-keygen -A: do not generate DSA keys by default. + + Based on github PR#303 from jsegitz with man page text from jmc@, ok markus@ + djm@ + + OpenBSD-Commit-ID: 5c4c57bdd7063ff03381cfb6696659dd3f9f5b9f + +commit 6b3fb624675082a1e5aa615d1b8479873d8b5731 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Tue May 31 14:05:12 2022 +0000 + + upstream: ssh-keygen: implement "verify-required" certificate option. + + This was already documented when support for user-verified FIDO + keys was added, but the ssh-keygen(1) code was missing. + + ok djm@ + + OpenBSD-Commit-ID: f660f973391b593fea4b7b25913c9a15c3eb8a06 + +commit b7f86ffc301be105bba9a3e0618b6fab3ae379bd +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Sat May 28 05:57:56 2022 +0000 + + upstream: keywords ref ssh_config.5; + + from caspar schutijser + + OpenBSD-Commit-ID: f146a19d7d5c9374c3b9c520da43b2732d7d1a4e + +commit dc7bc52372f2744fa39191577be5306ee57aacd4 +Author: Damien Miller <djm@mindrot.org> +Date: Mon May 30 09:29:09 2022 +1000 + + fix some bugs in the fuzzer + +commit 1781f507c113667613351c19898efaf1e311a865 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 27 18:19:48 2022 +1000 + + Test against OpenSSL 1.1.1o and 3.0.3. + +commit c53906e0c59e569691b4095d3e8db79cf78fa058 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 27 18:18:31 2022 +1000 + + Test against LibreSSL 3.5.3. + +commit 9b3ad432ad2f19319bcc089370e356c6315d682f +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 27 17:00:43 2022 +1000 + + fuzzer for authorized_keys parsing + + mostly redundant to authopt_fuzz, but it's sensitive code so IMO it + makes sense to test this layer too + +commit c83d8c4d6f3ccceef84d46de107f6b71cda06359 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 27 05:02:46 2022 +0000 + + upstream: split the low-level file handling functions out from + + auth2-pubkey.c + + Put them in a new auth2-pubkeyfile.c to make it easier to refer to them + (e.g. in unit/fuzz tests) without having to refer to everything else + pubkey auth brings in. + + ok dtucker@ + + OpenBSD-Commit-ID: 3fdca2c61ad97dc1b8d4a7346816f83dc4ce2217 + +commit 3b0b142d2a0767d8cd838e2f3aefde8a0aaa41e1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 27 05:01:25 2022 +0000 + + upstream: refactor authorized_keys/principals handling + + remove "struct ssh *" from arguments - this was only used to pass the + remote host/address. These can be passed in instead and the resulting + code is less tightly coupled to ssh_api.[ch] + + ok dtucker@ + + OpenBSD-Commit-ID: 9d4373d013edc4cc4b5c21a599e1837ac31dda0d + +commit 2c334fd36f80cb91cc42e4b978b10aa35e0df236 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 27 04:29:40 2022 +0000 + + upstream: f sshpkt functions fail, then password is not cleared + + with freezero. Unconditionally call freezero to guarantee that password is + removed from RAM. + + From tobias@ and c3h2_ctf via github PR#286, ok djm@ + + OpenBSD-Commit-ID: 6b093619c9515328e25b0f8093779c52402c89cd + +commit 5d3a77f4c5ae774c6796387266503f52c7cdc7c2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 27 04:27:49 2022 +0000 + + upstream: Avoid kill with -1 argument. The out_ctx label can be + + reached before fork has been called. If this happens, then kill -1 would be + called, sending SIGTERM to all processes reachable by the current process. + + From tobias@ and c3h2_ctf via github PR#286, ok djm@ + + OpenBSD-Commit-ID: 6277af1207d81202f5daffdccfeeaed4c763b1a8 + +commit 533b31cd08e4b97f455466f91c36915e2924c15a +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri May 27 04:13:24 2022 +0000 + + upstream: Note that ProxyJump also accepts the same tokens as + + ProxyCommand. From pallxk via github PR#305. + + OpenBSD-Commit-ID: 7115ac351b129205f1f1ffa6bbfd62abd76be7c5 + +commit 9d8c80f8a304babe61ca28f2e3fb5eb6dc9c39bf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 25 06:03:44 2022 +0000 + + upstream: revert previous; it was broken (spotted by Theo) + + OpenBSD-Commit-ID: 457c79afaca2f89ec2606405c1059b98b30d8b0d + +commit 9e0d02ef7ce88b67643bfb1c2272c9f5f04cc680 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed May 25 00:31:13 2022 +0000 + + upstream: make SSHBUF_DBG/SSHBUF_TELL (off by default and only enabled + + via #define) dump to stderr rather than stdout + + OpenBSD-Commit-ID: 10298513ee32db8390aecb0397d782d68cb14318 + +commit 2487163630f28be28b7e2396b4bd6511b98f1d3e +Author: Tim Rice <tim@multitalents.net> +Date: Tue May 24 10:21:25 2022 -0700 + + configure.ac: Add missing AC_DEFINE for caph_cache_tzdata test causing + HAVE_CAPH_CACHE_TZDATA to be missing from config.h.in. + Spotted by Bryan Drewery + +commit bedb93415b60db3dfd704a3d525e82adb14a2481 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun May 15 23:48:07 2022 +0000 + + upstream: regress test for in-place transfers and clobbering larger + + files with smaller ones; would have caught last regression in scp(1) + + OpenBSD-Regress-ID: 19de4e88dd3a4f7e5c1618c9be3c32415bd93bc2 + +commit b4f0d719c2548cb74da509fb65f384dada4ebd37 +Author: anton@openbsd.org <anton@openbsd.org> +Date: Fri Apr 22 05:08:43 2022 +0000 + + upstream: Only run agent-ptrace.sh if gdb is available as all + + architectures do not ship with gdb. + + OpenBSD-Regress-ID: ec53e928803e6b87f9ac142d38888ca79a45348d + +commit 9b73345f80255a7f3048026462f2c0c6a241eeac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun May 15 23:47:21 2022 +0000 + + upstream: fix in-place copies; r1.163 incorrectly skipped truncation in + + all cases, not just at the start of a transfer. This could cause overwrites + of larger files to leave junk at the end. Spotted by tb@ + + OpenBSD-Commit-ID: b189f19cd68119548c8e24e39c79f61e115bf92c + +commit 56a0697fe079ff3e1ba30a2d5c26b5e45f7b71f8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 13 06:31:50 2022 +0000 + + upstream: arrange for scp, when in sftp mode, to not ftruncate(3) files + + early + + previous behavious of unconditionally truncating the destination file + would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to + delete all the contents of their destination. + + spotted by solene@ sthen@, also bz3431; ok dtucker@ + + OpenBSD-Commit-ID: ca39fdd39e0ec1466b9666f15cbcfddea6aaa179 + +commit fbcef70c2832712f027bccea1aa9bc4b4103da93 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Mon May 9 08:25:27 2022 +0000 + + upstream: Remove errant apostrophe. From haruyama at queen-ml org. + + OpenBSD-Commit-ID: dc6b294567cb84b384ad6ced9ca469f2bbf0bd10 + +commit 0086a286ea6bbd11ca9b664ac3bb12b27443d6eb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon May 9 03:09:53 2022 +0000 + + upstream: Allow existing -U (use agent) flag to work with "-Y sign" + + operations, where it will be interpreted to require that the private keys is + hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@ + + OpenBSD-Commit-ID: a7bc69873b99c32c42c7628ed9ea91565ba08c2f + +commit cb010744cc98f651b1029bb09efa986eb54e4ccf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun May 8 22:58:35 2022 +0000 + + upstream: improve error message when 'ssh-keygen -Y sign' is unable to + + load a private key; bz3429, reported by Adam Szkoda ok dtucker@ + + OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74 + +commit aa61fc82c63d309a90c22ca74fb1da6c6f4372fd +Author: Tobias Heider <me@tobhe.de> +Date: Mon May 9 02:00:01 2022 +0200 + + Remove duplicate bcrypt_pbkdf.o from Makefile + + bcrypt_pbkdf.o is duplicated in the openbsd-compat Makefile's object + file list. + +commit deb506d00da8d11fb04c1e7b9b1e1cc379c1705c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun May 8 22:32:36 2022 +0000 + + upstream: When performing operations that glob(3) a remote path, ensure + + that the implicit working directory used to construct that path escapes + glob(3) characters. + + This prevents glob characters from being processed in places they + shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation + treat the path "/tmp/a*" literally and not attempt to expand it. + + Reported by Lusia Kundel; ok markus@ + + OpenBSD-Commit-ID: 4f647f58482cbad3d58b1eab7f6a1691433deeef + +commit f38cf74f20b5da113cfa823afd5bfb5c6ba65f3d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 6 14:50:18 2022 +1000 + + Also retest OpenBSD upstream on .yml changes. + +commit f87a132800ba3710ab130d703448a31ef1128d77 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 6 14:46:09 2022 +1000 + + Note that, for now, we need variadic macros. + +commit 217b518e0f7c52c4b909e935141a55344c61e644 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri May 6 14:39:34 2022 +1000 + + Add ubsan minimal testcase on OpenBSD. + + As suggested by djm@. + +commit 457dce2cfef6a48f5442591cd8b21c7e8cba13f8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu May 5 01:04:14 2022 +0000 + + upstream: sshkey_unshield_private() contains a exact duplicate of + + the code in private2_check_padding(). Pull private2_check_padding() up so the + code can be reused. From Martin Vahlensieck, ok deraadt@ + + OpenBSD-Commit-ID: 876884c3f0e62e8fd8d1594bab06900f971c9c85 + +commit 0e44db4d9cb313e68a59a44d27884af66c02356e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu May 5 00:56:58 2022 +0000 + + upstream: channel_new no longer frees remote_name. So update the + + comment accordingly. As remote_name is not modified, it can be const as + well. From Martin Vahlensieck + + OpenBSD-Commit-ID: e4e10dc8dc9f40c166ea5a8e991942bedc75a76a + +commit 37b62fd5caf19c85a48241535277cefff65adace +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu May 5 00:55:11 2022 +0000 + + upstream: mux.c: mark argument as const; from Martin Vahlensieck + + OpenBSD-Commit-ID: 69a1a93a55986c7c2ad9f733c093b46a47184341 + +commit f4e67c0ad259b4cf10177277a5827fa5545bac53 +Author: markus@openbsd.org <markus@openbsd.org> +Date: Wed May 4 07:31:22 2022 +0000 + + upstream: make sure stdout is non-blocking; ok djm@ + + OpenBSD-Commit-ID: 64940fffbd1b882eda2d7c8c7a43c79368309c0d + +commit e5c036d2092c00bef395e9161dc5ce42d4be9565 +Author: florian@openbsd.org <florian@openbsd.org> +Date: Tue May 3 07:42:27 2022 +0000 + + upstream: Add FIDO AUTHENTICATOR section and explain a bit how FIDO + + works. The wording came mostly from the 8.2 OpenSSH release notes, addapted + to fit the man page. Then move the -O bits into the new section as is already + done for CERTIFICATES and MODULI GENERATION. Finally we can explain the + trade-offs of resident keys. While here, consistently refer to the FIDO + thingies as "FIDO authenticators", not "FIDO tokens". + + input & OK jmc, naddy + + OpenBSD-Commit-ID: dd98748d7644df048f78dcf793b3b63db9ab1d25 + +commit 575771bf79bef7127be6aaccddc46031ea15529e +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon May 2 05:40:37 2022 +0000 + + upstream: remove an obsolete rsa1 format example from an example; + + from megan batty + ok djm + + OpenBSD-Commit-ID: db2c89879c29bf083df996bd830abfb1e70d62bf + +commit 0bc6b4c8f04e292577bdb44d5dc6b630d3448087 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun May 1 23:20:30 2022 +0000 + + upstream: fix some integer overflows in sieve_large() that show up when + + trying to generate modp groups > 16k bits. Reported via GHPR#306 by Bertram + Felgenhauer, but fixed in a different way. feedback/ok tb@ + + OpenBSD-Commit-ID: 81cbc6dd3a21c57bd6fadea10e44afe37bca558e + +commit a45615cb172bc827e21ec76750de39dfb30ecc05 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 29 04:55:07 2022 +0000 + + upstream: be stricter in which characters will be accepted in + + specifying a mask length; allow only 0-9. From khaleesicodes via GHPR#278; ok + dtucker@ + + OpenBSD-Commit-ID: e267746c047ea86665cdeccef795a8a56082eeb2 + +commit 4835544d2dd31de6ffc7dba59f92093aea98155b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 30 10:56:41 2022 +1000 + + Add Mac OS X 12 test target. + +commit 97a6a8b8c1f2da09712d0e72d0ef800e4edd34cd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 29 18:27:34 2022 +1000 + + Only run tests when source files change. + + Also run tests on changes to V_9_0 branch. + +commit 6d0392b9ff4b50a56ac5685d1b9392e2cd432ca3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 29 18:22:34 2022 +1000 + + Remove now-empty int32_minmax.inc. + +commit af59463553b5ad52d3b42c4455ee3c5600158bb7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 29 03:24:30 2022 +0000 + + upstream: mention that the helpers are used by ssh(1), ssh-agent(1) + + and ssh-keygen(1). Previously only ssh(1) was mentioned. From Pedro + Martelletto + + OpenBSD-Commit-ID: 30f880f989d4b329589c1c404315685960a5f153 + +commit 3e26b3a6eebcee27be177207cc0846fb844b7a56 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 29 03:16:48 2022 +0000 + + upstream: Don't leak SK device. Patch from Pedro Martelletto via + + github PR#316. ok djm@ + + OpenBSD-Commit-ID: 17d11327545022e727d95fd08b213171c5a4585d + +commit 247082b5013f0d4fcae8f97453f2a2f01bcda811 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 29 03:13:32 2022 +0000 + + upstream: fix memleak on session-bind path; from Pedro Martelletto, ok + + dtucker@ + + OpenBSD-Commit-ID: e85899a26ba402b4c0717b531317e8fc258f0a7e + +commit e05522008092ceb86a87bdd4ad7878424315db89 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Apr 28 02:53:31 2022 +0000 + + upstream: avoid printing hash algorithm twice; from lucas AT sexy.is + + OpenBSD-Commit-ID: 9d24671e10a84141b7c504396cabad600e47a941 + +commit 0979e29356915261d69a9517a1e0aaade7c9fc75 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Apr 27 11:08:55 2022 +0000 + + upstream: Add authfd path to debug output. ok markus@ + + OpenBSD-Commit-ID: f735a17d1a6f2bee63bfc609d76ef8db8c090890 + +commit 67b7c784769c74fd4d6b147d91e17e1ac1a8a96d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Apr 26 07:41:44 2022 +0000 + + upstream: Check sshauthopt_new() for NULL. bz#3425, from + + tessgauthier at microsoft.com. ok djm@ + + OpenBSD-Commit-ID: af0315bc3e44aa406daa7e0ae7c2d719a974483f + +commit d571314d14b919fbd7c84a61f9bf2065fc0a6841 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Wed Apr 20 16:00:25 2022 +0000 + + upstream: Remove unnecessary includes: openssl/hmac.h and + + openssl/evp.h. From Martin Vahlensieck. + + OpenBSD-Commit-ID: a6debb5fb0c8a44e43e8d5ca7cc70ad2f3ea31c3 + +commit da8dddf8cc1f2516ff894b8183e83a7c5ba3ef80 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Wed Apr 20 15:59:18 2022 +0000 + + upstream: Add missing includes of stdlib.h and stdint.h. We need + + stdlib.h for malloc(3) and stdint.h for SIZE_MAX. Unlike the other xmss + files, ssh-xmss.c does not include xmss_commons.h so ssh-xmss.c must include + those headers itself. From Martin Vahlensieck + + OpenBSD-Commit-ID: 70e28a9818cee3da1be2ef6503d4b396dd421e6b + +commit fe9d87a6800a7a33be08f4d5ab662a758055ced2 +Author: millert@openbsd.org <millert@openbsd.org> +Date: Wed Apr 20 15:56:49 2022 +0000 + + upstream: Avoid an unnecessary xstrdup in rm_env() when matching + + patterns. Since match_pattern() doesn't modify its arguments (they are + const), there is no need to make an extra copy of the strings in + options->send_env. From Martin Vahlensieck + + OpenBSD-Commit-ID: 2c9db31e3f4d3403b49642c64ee048b2a0a39351 + +commit 7bf2eb958fbb551e7d61e75c176bb3200383285d +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Apr 26 23:30:59 2022 +1000 + + Add debian-riscv64 test target. + +commit 3913c935523902482974c4c503bcff20bd850a6a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 25 17:20:06 2022 +1000 + + Update OpenSSL and LibreSSL versions in tests. + +commit dcd8dca29bcdb193ff6be35b96fc55e6e30d37d9 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 23 20:40:28 2022 +1000 + + Include stdlib.h for free() prototype. + + ... which is used inside the CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG block. + +commit 4cc05de568e1c3edd7834ff3bd9d8214eb34861b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 23 20:17:26 2022 +1000 + + Cache timezone data in capsicum sandbox. + + From emaste at freebsd.org, originally part of FreeBSD commit r339216 + / fc3c19a9 with autoconf bits added by me. + +commit c31404426d212e2964ff9e5e58e1d0fce3d83f27 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Apr 21 01:36:46 2022 +0000 + + upstream: It looks like we can't completely avoid + + waiting for processes to exit so retrieve the pid via controlmaster and + use that. + + OpenBSD-Regress-ID: 8246f00f22b14e49d2ff1744c94897ead33d457b + +commit d19b21afab5c8e2f3df6bd8aee9766bdad3d8c58 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Apr 20 13:25:55 2022 +0000 + + upstream: Use ssh -f and ControlPersist .. + + to start up test forwards and ssh -O stop to shut them down intead of + sleep loops. This speeds up the test by an order of magnitude. + + OpenBSD-Regress-ID: eb3db5f805100919b092a3b2579c611fba3e83e7 + +commit 5f76286a126721fa005de6edf3d1c7a265555f19 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Apr 20 05:24:13 2022 +0000 + + upstream: Simplify forward-control test. + + Since we no longer need to support SSH1 we don't need to run shell + commands on the other end of the connection and can use ssh -N instead. + This also makes the test less racy. + + OpenBSD-Regress-ID: 32e94ce272820cc398f30b848b2b0f080d10302c + +commit 687bbf23572d8bdf25cbbcdf8ac583514e1ba710 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 31 03:07:33 2022 +0000 + + upstream: regression test for sftp cp command + + OpenBSD-Regress-ID: c96bea9edde3a384b254785e7f9b2b24a81cdf82 + +commit f1233f19a6a9fe58f52946f50df4772f5b136761 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Apr 20 01:13:47 2022 +0000 + + upstream: Import regenerated moduli + + OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0 + +commit fec014785de198b9a325d1b94e324bb958c5fe7b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Apr 20 04:19:11 2022 +0000 + + upstream: Try to continue running local I/O for channels in state + + OPEN during SSH transport rekeying. The most visible benefit is that it + should make ~-escapes work in the client (e.g. to exit) if the connection + happened to have stalled during a rekey event. Based work by and ok dtucker@ + + OpenBSD-Commit-ID: a66e8f254e92edd4ce09c9f750883ec8f1ea5f45 + +commit e68154b0d4f0f5085a050ea896955da1b1be6e30 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Apr 20 01:13:47 2022 +0000 + + upstream: Import regenerated moduli + + OpenBSD-Commit-ID: f9a0726d957cf10692a231996a1f34e7f9cdfeb0 + +commit 69928b106d8f0fa15b88cf3850d992ed81c44ae0 +Author: tj@openbsd.org <tj@openbsd.org> +Date: Sat Apr 16 00:22:31 2022 +0000 + + upstream: list the correct version number + + for when usage of the sftp protocol became default and fix a typo + from ed maste + + OpenBSD-Commit-ID: 24e1795ed2283fdeacf16413c2f07503bcdebb31 + +commit 21042a05c0b304c16f655efeec97438249d2e2cc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Apr 12 05:09:49 2022 +0000 + + upstream: Correct path for system known hosts file in description + + of IgnoreUserKnownHosts. Patch from Martin Vahlensieck via tech@ + + OpenBSD-Commit-ID: 9b7784f054fa5aa4d63cb36bd563889477127215 + +commit 53f4aff60a7c1a08a23917bd47496f8901c471f5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 16 14:33:20 2022 +1000 + + Resync moduli.5 with upstream. + + 1.18: remove duplicate publication year; carsten dot kunze at arcor dot de + 1.19: ssh-keygen's -G/-T have been replaced with -M generate/screen. + +commit d2b888762b9844eb0d8eb59909cdf5af5159f810 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Apr 16 14:31:13 2022 +1000 + + Retire fbsd6 test VM. + + It's long since out of support, relatively slow (it's i686) and the + compiler has trouble with PIE. + +commit cd1f70009860a154b51230d367c55ea5f9a4504e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Apr 11 22:52:08 2022 +0000 + + upstream: clear io_want/io_ready flags at start of poll() cycle; + + avoids plausible spin during rekeying if channel io_want flags are reused + across cycles. ok markus@ deraadt@ + + OpenBSD-Commit-ID: 91034f855b7c73cd2591657c49ac30f10322b967 + +commit aa1920302778273f7f94c2091319aba199068ca0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Apr 8 05:43:39 2022 +0000 + + upstream: Note that curve25519-sha256 was later published in + + RFC8731. ok djm@ + + OpenBSD-Commit-ID: 2ac2b5d642d4cf5918eaec8653cad9a4460b2743 + +commit 4673fa8f2be983f2f88d5afd754adb1a2a39ec9e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Apr 8 04:40:40 2022 +0000 + + upstream: two defensive changes from Tobias Stoeckmann via GHPR287 + + enforce stricter invarient for sshbuf_set_parent() - never allow + a buffer to have a previously-set parent changed. + + In sshbuf_reset(), if the reallocation fails, then zero the entire + buffer and not the (potentially smaller) default initial alloc size. + + OpenBSD-Commit-ID: 14583203aa5d50ad38d2e209ae10abaf8955e6a9 + +commit 26eef015e2d2254375e13afaaf753b78932b1bf5 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Apr 11 16:07:09 2022 +1000 + + Revert "update build-aux files to match autoconf-2.71" + + This reverts commit 0a8ca39fac6ad19096b6c263436f8b2dd51606f2. + + It turns out that the checked-in copies of these files are actually newer + than autoconf-2.71's copies, so this was effectively a downgrade. + Spotted by Bo Anderson via github + +commit 0a8ca39fac6ad19096b6c263436f8b2dd51606f2 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Apr 8 14:48:58 2022 +1000 + + update build-aux files to match autoconf-2.71 + + i.e. config.guess, config.sub and install-sh + +commit 94eb6858efecc1b4f02d8a6bd35e149f55c814c8 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Apr 6 10:47:48 2022 +1000 + + update version numbers for release + +commit 8e4a8eadf4fe74e65e6492f34250f8cf7d67e8da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Apr 4 22:45:25 2022 +0000 + + upstream: openssh-9.0 + + OpenBSD-Commit-ID: 0dfb461188f4513ec024c1534da8c1ce14c20b64 + +commit a9f23ea2e3227f406880c2634d066f6f50fa5eaa +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Mar 31 17:58:44 2022 +0000 + + upstream: ssh: document sntrup761x25519-sha512@openssh.com as + + default KEX + + OpenBSD-Commit-ID: 12545bfa10bcbf552d04d9d9520d0f4e98b0e171 + +commit 9ec2713d122af79d66ebb9c1d6d9ae8621a8945f +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Mar 31 17:27:27 2022 +0000 + + upstream: man pages: add missing commas between subordinate and + + main clauses + + jmc@ dislikes a comma before "then" in a conditional, so leave those + untouched. + + ok jmc@ + + OpenBSD-Commit-ID: 9520801729bebcb3c9fe43ad7f9776ab4dd05ea3 + +commit 3741df98ffaaff92b474ee70d8ef276b5882f85a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 4 23:52:11 2022 +1000 + + Disable security key on fbsd6 test host. + +commit 32c12236f27ae83bfe6d2983b67c9bc67a83a417 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Apr 4 15:16:51 2022 +1000 + + Specify TEST_SHELL=bash on AIX. + + The system shells cause the agent-restrict test to fail due to some + quoting so explicitly specify bash until we can get configure to + autmatically work around that. + +commit 90452c8b69d065b7c7c285ff78b81418a75bcd76 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 23:38:44 2022 +1100 + + Only return events from ppoll that were requested. + + If the underlying system's select() returns bits that were not in the + request set, our ppoll() implementation can return revents for events + not requested, which can apparently cause a hang. Only return revents + for activity in the requested event set. bz#3416, analysis and fix by + yaroslav.kuzmin at vmssoftware com, ok djm@ + +commit 6c49eb5fabc56f4865164ed818aa5112d09c31a8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 23:21:40 2022 +1100 + + Only run regression tests on slow VMs. + +commit f67e47903977b42cb6abcd5565a61bd7293e4dc3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 23:21:06 2022 +1100 + + Increase test timeout to allow slow VMs to finish + +commit 02488c1b54065ddc4f25835dbd2618b2a2fe21f5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 16:27:38 2022 +1100 + + Use bash or ksh if available for SH in Makefile. + +commit 34c7018c316af4773e432066de28d0ef9d0888cd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 14:56:54 2022 +1100 + + Set Makefile SHELL as determined by configure. + + This should improve compatibility for users with non-POSIX shells. If + using Makefile.in directly (eg make -f Makefile.in distprep) then SHELL + will need to be specified on the command line (along with MANFMT in that + particular case). ok djm@ + +commit 5b054d76402faab38c48377efd112426469553a0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Apr 1 13:16:47 2022 +1100 + + Skip slow tests on (very) slow test targets. + +commit b275818065b31a865142c48c2acf6a7c1655c542 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 31 14:11:36 2022 +1100 + + depend + +commit 3fa539c3ffaabd6211995512d33e29150f88c5c5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 31 03:07:03 2022 +0000 + + upstream: add a sftp client "cp" command that supports server-side + + copying of files. Useful for this task and for testing the copy-data + extension. Patch from Mike Frysinger; ok dtucker@ + + OpenBSD-Commit-ID: 1bb1b950af0d49f0d5425b1f267e197aa1b57444 + +commit 7988bfc4b701c4b3fe9b36c8561a3d1c5d4c9a74 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 31 03:05:49 2022 +0000 + + upstream: add support for the "corp-data" protocol extension to + + allow server-side copies to be performed without having to go via the client. + Patch by Mike Frysinger, ok dtucker@ + + OpenBSD-Commit-ID: 00aa510940fedd66dab1843b58682de4eb7156d5 + +commit 32dc1c29a4ac9c592ddfef0a4895eb36c1f567ba +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 21:13:23 2022 +0000 + + upstream: select post-quantum KEX + + sntrup761x25519-sha512@openssh.com as the default; ok markus@ + + OpenBSD-Commit-ID: f02d99cbfce22dffec2e2ab1b60905fbddf48fb9 + +commit d6556de1db0822c76ba2745cf5c097d9472adf7c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 21:10:25 2022 +0000 + + upstream: fix poll() spin when a channel's output fd closes without + + data in the channel buffer. Introduce more exact packing of channel fds into + the pollfd array. fixes bz3405 and bz3411; ok deraadt@ markus@ + + OpenBSD-Commit-ID: 06740737849c9047785622ad5d472cb6a3907d10 + +commit 8a74a96d25ca4d32fbf298f6c0ac5a148501777d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 04:33:09 2022 +0000 + + upstream: ssh is almost out of getopt() characters; note the + + remaining remaining available ones in a comment + + OpenBSD-Commit-ID: 48d38cef59d6bc8e84c6c066f6d601875d3253fd + +commit 6d4fc51adb9d8a42f67b5474f02f877422379de6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 30 04:27:51 2022 +0000 + + upstream: avoid NULL deref via ssh-keygen -Y find-principals. + + bz3409, reported by Mateusz Adamowski + + OpenBSD-Commit-ID: a3b2c02438052ee858e0ee18e5a288586b5df2c5 + +commit e937514920335b92b543fd9be79cd6481d1eb0b6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Mar 28 17:51:03 2022 +1100 + + Add AIX 5.1 test target. + +commit 4bbe815ba974b4fd89cc3fc3e3ef1be847a0befe +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 22:01:31 2022 +1100 + + Drop leading "v" from release version identifier. + + It's present in the git tags but not in the release tarball names. + Also drop extra "/" from URL path. + +commit f5cdd3b3c275dffaebfca91df782dca29975e9ac +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 16:28:04 2022 +1100 + + Use tarballs when testing LibreSSL releases. + + This means they'll still work when the combination of -portable and + openbsd github repos no longer match. + +commit 24dc37d198f35a7cf71bf4d5384363c7ef4209d4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 15:02:45 2022 +1100 + + Remove now-unused passwd variable. + +commit 5b467ceef2c356f0a77f5e8ab4eb0fac367e4d24 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 13:15:44 2022 +1100 + + Missing semicolon. + +commit 2923d026e55998133c0f6e5186dca2a3c0fa5ff5 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 12:49:50 2022 +1100 + + Factor out platform-specific locked account check. + + Also fixes an incorrect free on platforms with both libiaf and shadow + passwords (probably only Unixware). Prompted by github PR#284, + originally from @c3h2_ctf and stoeckmann@. + +commit d23efe4b12886ffe416be10bc0a7da6ca8aa72d1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Mar 26 08:13:46 2022 +1100 + + Add OpenWRT mips and mipsel test targets. + +commit 16ea8b85838dd7a4dbeba4e51ac4f43fd68b1e5b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Mar 20 08:52:17 2022 +0000 + + upstream: don't leak argument list; bz3404, reported by Balu + + Gajjala ok dtucker@ + + OpenBSD-Commit-ID: fddc32d74e5dd5cff1a49ddd6297b0867eae56a6 + +commit a72bde294fe0518c9a44ba63864093a1ef2425e3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Mar 20 08:51:21 2022 +0000 + + upstream: make addargs() and replacearg() a little more robust and + + improve error reporting + + make freeargs(NULL) a noop like the other free functions + + ok dtucker as part of bz3403 + + OpenBSD-Commit-ID: 15f86da83176978b4d1d288caa24c766dfa2983d + +commit 731087d2619fa7f01e675b23f57af10d745e8af2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 04:04:11 2022 +0000 + + upstream: don't try to resolve ListenAddress directives in the sshd + + re-exec path - we're never going to use the result and if the operation fails + then it can prevent connections from being accepted. Reported by Aaron + Poffenberger; with / ok dtucker@ + + OpenBSD-Commit-ID: 44c53a43909a328e2f5ab26070fdef3594eded60 + +commit 1c83c082128694ddd11ac05fdf31d70312ff1763 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 02:50:21 2022 +0000 + + upstream: remove blank line + + OpenBSD-Commit-ID: d5e0182965b2fbfb03ad5f256d1a1ce5706bcddf + +commit 807be68684da7a1fe969c399ddce2fafb7997dcb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 02:32:22 2022 +0000 + + upstream: helpful comment + + OpenBSD-Commit-ID: e3315a45cb04e7feeb614d76ec80a9fe4ca0e8c7 + +commit a0b5816f8f1f645acdf74f7bc11b34455ec30bac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 18 02:31:25 2022 +0000 + + upstream: ssh-keygen -Y check-novalidate requires namespace or SEGV + + will ensue. Patch from Mateusz Adamowski via GHPR#307 + + OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd + +commit 5a252d54a63be30d5ba4be76210942d754a531c0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 15 05:27:37 2022 +0000 + + upstream: improve DEBUG_CHANNEL_POLL debugging message + + OpenBSD-Commit-ID: 2275eb7bc4707d019b1a0194b9c92c0b78da848f + +commit ce324cf58ba2840e31afeb996935800780c8fa4b +Author: cheloha@openbsd.org <cheloha@openbsd.org> +Date: Sun Mar 13 23:27:54 2022 +0000 + + upstream: ssh: xstrdup(): use memcpy(3) + + Copying the given string into the buffer with strlcpy(3) confers no + benefit in this context because we have already determined the + string's length with strlen(3) in order to allocate that buffer. + + Thread: https://marc.info/?l=openbsd-tech&m=164687525802691&w=2 + + ok dtucker@ millert@ + + OpenBSD-Commit-ID: f8bfc082e36e2d2dc4e1feece02fe274155ca11a + +commit 2893c5e764557f48f9d6a929e224ed49c59545db +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 11 18:43:58 2022 +1100 + + Resync fmt_scaled. with OpenBSD. + + Fixes underflow reported in bz#3401. + +commit 5ae31a0fdd27855af29f48ff027491629fff5979 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 9 09:41:56 2022 +1100 + + Provide killpg implementation. + + Based on github PR#301 for Tandem NonStop. + +commit c41c84b439f4cd74d4fe44298a4b4037ddd7d2ae +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Mar 9 09:29:30 2022 +1100 + + Check for missing ftruncate prototype. + + From github PR#301 in conjunction with rsbeckerca. + +commit 8cf5275452a950869cb90eeac7d220b01f77b12e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 8 20:04:06 2022 +1100 + + Default to not using sandbox when cross compiling. + + On most systems poll(2) does not work when the number of FDs is reduced + with setrlimit, so assume it doesn't when cross compiling and we can't + run the test. bz#3398. + +commit 379b30120da53d7c84aa8299c26b18c51c2a0dac +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Mar 1 01:59:19 2022 +0000 + + upstream: pack pollfd array before server_accept_loop() ppoll() + + call, and terminate sshd if ppoll() returns errno==EINVAL + + avoids spin in ppoll when MaxStartups > RLIMIT_NOFILE, reported by + Daniel Micay + + feedback/ok deraadt + + OpenBSD-Commit-ID: dbab1c24993ac977ec24d83283b8b7528f7c2c15 + +commit eceafbe0bdbbd9bd2f3cf024ccb350666a9934dd +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Sun Feb 27 01:33:59 2022 +0000 + + upstream: include rejected signature algorithm in error message and + + not the (useless) key type; ok djm@ + + OpenBSD-Commit-ID: d0c0f552a4d9161203e07e95d58a76eb602a76ff + +commit f2f3269423618a83157e18902385e720f9776007 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 25 09:46:24 2022 +0000 + + upstream: Remove the char * casts from arguments to do_lstat, + + do_readdir and do_stat paths since the underlying functions now take a const + char *. Patch from vapier at gentoo.org. + + OpenBSD-Commit-ID: 9e4d964dbfb0ed683a2a2900711b88e7f1c0297b + +commit 4a66dac052c5ff5047161853f36904607649e4f9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Feb 25 02:09:27 2022 +0000 + + upstream: save an unneccessary alloc/free, based on patch from + + Martin Vahlensieck; ok dtucker@ + + OpenBSD-Commit-ID: 90ffbf1f837e509742f2c31a1fbf2c0fd376fd5f + +commit 6f117cb151efe138ac57bdd8e26165f350328f5f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 1 09:02:06 2022 +1100 + + Remove unused ivbits argument from chacha_keysetup + +commit 15974235dd528aeab0ec67fb92a0a1d733f62be2 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Mar 1 09:00:20 2022 +1100 + + Add OPENBSD ORIGINAL marker. + +commit f2ff669347d320532e7c1b63cdf5c62f46e73150 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 28 22:21:36 2022 +1100 + + No unused param warnings for clang-12 and gcc-11. + + These have too many false positives in -Werror tests on the github CI + since we often provide empty stub functions for functionality not needed + for particular configurations. + +commit 96558ecd87adac62efa9a2b5479f686ab86b0be1 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 26 14:10:41 2022 +1100 + + Add debian-i386 test target. + +commit 284b6e5394652d519e31782e3b3cdfd7b21d1a81 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 26 14:06:14 2022 +1100 + + Allow ppoll_time64 in seccomp sandbox. + + Should fix sandbox violations on (some? at least i386 and armhf) 32bit + Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at + debian.org via bz#3396. + +commit 0132056efabc5edb85c3c7105d2fb6dee41843c6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 19:47:48 2022 +1100 + + Improve handling of _getshort and _getlong. + + If the system native ones are exactly as required then use them, + otherwise use the local versions mapped to another name to prevent + name collisions. + +commit 8e206e0dd6b9f757b07979e48f53ad5bf9b7b52b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 15:14:22 2022 +1100 + + Constify utimes in compat library to match specs. + + Patch from vapier at chromium.org. + +commit 1b2920e3b63db2eddebeec7330ffe8b723055573 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 13:50:56 2022 +1100 + + ANSIfy getshort and getlong. + + These functions appear to have come from OpenBSD's lib/libc/net/res_comp.c + which made this change in 2005. + +commit 54a86f4f6e1c43a2ca2be23ef799ab8910d4af70 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 13:23:04 2022 +1100 + + Use PICFLAG instead of hard coding -fPIC. + +commit 3016ba47035ac3561aabd48e2be70167fe157d6a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 25 11:37:11 2022 +1100 + + Add tests for latest releases of {Libre,Open}SSL. + +commit f107467179428a0e3ea9e4aa9738ac12ff02822d +Author: Colin Watson <cjwatson@debian.org> +Date: Thu Feb 24 16:04:18 2022 +0000 + + Improve detection of -fzero-call-used-regs=all support + + GCC doesn't tell us whether this option is supported unless it runs into + the situation where it would need to emit corresponding code. + +commit 3383b2cac0e9275bc93c4b4760e6e048f537e1d6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 21:21:49 2022 +0000 + + upstream: free(3) wants stdlib.h + + OpenBSD-Commit-ID: 227a8c70a95b4428c49e46863c9ef4bd318a3b8a + +commit a4537e79ab4ac6db4493c5158744b9ebde5efcb0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 21:21:16 2022 +0000 + + upstream: put back the scp manpage changes for SFTP mode too + + OpenBSD-Commit-ID: 05dc53921f927e1b5e5694e1f3aa314549f2e768 + +commit 449bcb8403adfb9724805d02a51aea76046de185 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Feb 23 19:01:00 2022 +0000 + + upstream: and we go back to testing sftp-scp after the 8.9 + + release... + + OpenBSD-Commit-ID: a80440168258adca543a4607b871327a279c569c + +commit 166456cedad3962b83b848b1e9caf80794831f0f +Author: Damien Miller <djm@mindrot.org> +Date: Wed Feb 23 22:31:11 2022 +1100 + + makedepend + +commit 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 11:18:13 2022 +0000 + + upstream: avoid integer overflow of auth attempts (harmless, caught + + by monitor) + + OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86 + +commit 6e0258c64c901753df695e06498b26f9f4812ea6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 11:17:10 2022 +0000 + + upstream: randomise the password used in fakepw + + OpenBSD-Commit-ID: 34e159f73b1fbf0a924a9c042d8d61edde293947 + +commit bf114d6f0a9df0b8369823d9a0daa6c72b0c4cc9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 11:15:57 2022 +0000 + + upstream: use asprintf to construct .rhosts paths + + OpenBSD-Commit-ID: 8286e8d3d2c6ff916ff13d041d1713073f738a8b + +commit c07e154fbdc7285e9ec54e78d8a31f7325d43537 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Feb 23 11:07:09 2022 +0000 + + upstream: openssh-8.9 + + OpenBSD-Commit-ID: 5c5f791c87c483cdab6d9266b43acdd9ca7bde0e + +commit bc16667b4a1c3cad7029304853c143a32ae04bd4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 22 15:29:22 2022 +1100 + + Extend select+rlimit sanbox test to include poll. + + POSIX specifies that poll() shall fail if "nfds argument is greater + than {OPEN_MAX}". The setrlimit sandbox sets this to effectively zero + so this causes poll() to fail in the preauth privsep process. + + This is likely the underlying cause for the previously observed similar + behaviour of select() on plaforms where it is implement in userspace on + top of poll(). + +commit 6520c488de95366be031d49287ed243620399e23 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 22 13:08:59 2022 +1100 + + Add Alpine Linux test VM. + +commit a4b325a3fc82d11e0f5d61f62e7fde29415f7afb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 22 12:27:07 2022 +1100 + + Include sys/param.h if present. + + Needed for howmany() on MUSL systems such as Alpine. + +commit 5a102e9cb287a43bd7dfe594b775a89a8e94697c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Feb 22 12:25:52 2022 +1100 + + Only include sys/poll.h if we don't have poll.h. + + Prevents warnings on MUSL based systems such as Alpine. + +commit 7c0d4ce911d5c58b6166b2db754a4e91f352adf5 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Feb 22 11:14:51 2022 +1100 + + disable agent-restrict test on minix3 + + Minix seems to have a platform-wide limit on the number of + select(2) syscalls that can be concurrently issued. This test + seems to exceed this limit. + + Refer to: + + https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L114 + https://github.com/Stichting-MINIX-Research-Foundation/minix/blob/R3.3.0/minix/servers/vfs/select.c#L30-L31 + +commit 81d33d8e3cf7ea5ce3a5653c6102b623e019428a +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 21 21:27:20 2022 +1100 + + Skip agent-getpeereid when running as root. + +commit fbd772570a25436a33924d91c164d2b24021f010 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Feb 20 03:47:26 2022 +0000 + + upstream: Aproximate realpath on the expected output by deduping + + leading slashes. Fixes test failure when user's home dir is / which is + possible in some portable configurations. + + OpenBSD-Regress-ID: 53b8c53734f8893806961475c7106397f98d9f63 + +commit 336685d223a59f893faeedf0a562e053fd84058e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Feb 20 13:30:52 2022 +1100 + + Really move DSA to end of list. + + In commit ad16a84e syncing from OpenBSD, RSA was accidentally moved to + the end of the list instead of DSA. Spotted by andrew at fyfe.gb.net. + +commit 63bf4f49ed2fdf2da6f97136c9df0c8168546eb3 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 18 12:12:21 2022 +1100 + + Add test configs for MUSL C library. + +commit f7fc6a43f1173e8b2c38770bf6cee485a562d03b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 17 22:54:19 2022 +1100 + + minix needs BROKEN_POLL too; chokes on /dev/null + +commit 667fec5d4fe4406745750a32f69b5d2e1a75e94b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 17 10:58:27 2022 +0000 + + upstream: check for EINTR/EAGAIN failures in the rfd fast-path; caught + + by dtucker's minix3 vm :) ok dtucker@ + + OpenBSD-Commit-ID: 2e2c895a3e82ef347aa6694394a76a438be91361 + +commit 41417dbda9fb55a0af49a8236e3ef9d50d862644 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 17 22:05:29 2022 +1100 + + Comment hurd test, the VM is currently broken. + +commit b2aee35a1f0dc798339b3fcf96136da71b7e3f6d +Author: Damien Miller <djm@mindrot.org> +Date: Thu Feb 17 21:15:16 2022 +1100 + + find sk-dummy.so when build_dir != src_dir + + spotted by Corinna Vinschen; feedback & ok dtucker@ + +commit 62a2d4e50b2e89f2ef04576931895d5139a5d037 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Feb 16 16:26:17 2022 +1100 + + update versions in preparation for 8.9 release + +commit dd6d3dded721ac653ea73c017325e5bfeeec837f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 15 05:13:36 2022 +0000 + + upstream: document the unbound/host-bound options to + + PubkeyAuthentication; spotted by HARUYAMA Seigo + + OpenBSD-Commit-ID: 298f681b66a9ecd498f0700082c7a6c46e948981 + +commit df93529dd727fdf2fb290700cd4f1adb0c3c084b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Feb 14 14:19:40 2022 +1100 + + Test if sshd accidentally acquires controlling tty + + When SSHD_ACQUIRES_CTTY is defined, test for the problematic behaviour + in the STREAMS code before activating the workaround. ok djm@ + +commit 766176cfdbfd7ec38bb6118dde6e4daa0df34888 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Feb 12 10:24:56 2022 +1100 + + Add cygwin-release test config. + + This tests the flags used to build the cygwin release binaries. + +commit b30698662b862f5397116d23688aac0764e0886e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 11 21:00:35 2022 +1100 + + Move SSHD_ACQUIRES_CTTY workaround into compat. + + On some (most? all?) SysV based systems with STREAMS based ptys, + sshd could acquire a controlling terminal during pty setup when + it pushed the "ptem" module, due to what is probably a bug in + the STREAMS driver that's old enough to vote. Because it was the + privileged sshd's controlling terminal, it was not available for + the user's session, which ended up without one. This is known to + affect at least Solaris <=10, derivatives such as OpenIndiana and + several other SysV systems. See bz#245 for the backstory. + + In the we past worked around that by not calling setsid in the + privileged sshd child, which meant it was not a session or process + group leader. This solved controlling terminal problem because sshd + was not eligble to acquire one, but had other side effects such as + not cleaning up helper subprocesses in the SIGALRM handler since it + was not PG leader. Recent cleanups in the signal handler uncovered + this, resulting in the LoginGraceTime timer not cleaning up privsep + unprivileged processes. + + This change moves the workaround into the STREAMS pty allocation code, + by allocating a sacrificial pty to act as sshd's controlling terminal + before allocating user ptys, so those are still available for users' + sessions. + + On the down side: + - this will waste a pty per ssh connection on affected platforms. + + On the up side: + - it makes the process group behaviour consistent between platforms. + + - it puts the workaround nearest the code that actually causes the + problem and competely out of the mainline code. + + - the workaround is only activated if you use the STREAMS code. If, + say, Solaris 11 has the bug but also a working openpty() it doesn't + matter that we defined SSHD_ACQUIRES_CTTY. + + - the workaround is only activated when the fist pty is allocated, + ie in the post-auth privsep monitor. This means there's no risk + of fd leaks to the unprivileged processes, and there's no effect on + sessions that do not allocate a pty. + + Based on analysis and work by djm@, ok djm@ + +commit cd00b48cf10f3565936a418c1e6d7e48b5c36140 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 11 20:09:32 2022 +1100 + + Simplify handling of --with-ssl-dir. + + ok djm@ + +commit ea13fc830fc0e0dce2459f1fab2ec5099f73bdf0 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 11 13:39:29 2022 +1100 + + Stop testing OpenBSD HEAD on 6.9 and 7.0. + + HEAD is not guaranteed to work on previous stable branches, and at the + moment is broken due to libfido API changes. + +commit 50b9e4a4514697ffb9592200e722de6b427cb9ff +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 11 00:43:56 2022 +0000 + + upstream: Always initialize delim before passing to hpdelim2 which + + might not set it. Found by the Valgrind tests on github, ok deraadt@ + + OpenBSD-Commit-ID: c830c0db185ca43beff3f41c19943c724b4f636d + +commit 6ee53064f476cf163acd5521da45b11b7c57321b +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Feb 11 10:03:06 2022 +1100 + + Fix helper include path and remove excess code. + + Looks like test_hpdelim.c was imported twice into the same file. + Spotted by kevin.brott at gmail com and chris at cataclysmal org. + +commit 9fa63a19f68bc87452d3cf5c577cafad2921b7a4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 10 23:27:02 2022 +1100 + + Put poll.h inside ifdef. + +commit 3ac00dfeb54b252c15dcbf1971582e9e3b946de6 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Feb 10 22:17:31 2022 +1100 + + We now support POLLPRI so actually define it. + +commit 25bd659cc72268f2858c5415740c442ee950049f +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Feb 6 22:58:33 2022 +0000 + + upstream: Add test for empty hostname with port. + + OpenBSD-Regress-ID: e19e89d3c432b68997667efea44cf015bbe2a7e3 + +commit a29af853cff41c0635f0378c00fe91bf9c91dea4 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 4 07:53:44 2022 +0000 + + upstream: Add unit tests for hpdelim. + + OpenBSD-Regress-ID: be97b85c19895e6a1ce13c639765a3b48fd95018 + +commit 9699151b039ecc5fad9ac6c6c02e9afdbd26f15f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Feb 10 04:12:38 2022 +0000 + + upstream: revert for imminent OpenSSH release, which wil ship with + + scp in RCP mode. + + > revision 1.106 + > date: 2021/10/15 14:46:46; author: deraadt; state: Exp; lines: +13 -9; commitid: w5n9B2RE38tFfggl; + > openbsd 7.0 release shipped with the (hopefully last) scp that uses RCP + > protocol for copying. Let's get back to testing the SFTP protocol. + + This will be put back once the OpenSSH release is done. + + OpenBSD-Commit-ID: 0c725481a78210aceecff1537322c0b2df03e768 + +commit 45279abceb37c3cbfac8ba36dde8b2c8cdd63d32 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 8 08:59:12 2022 +0000 + + upstream: Switch hpdelim interface to accept only ":" as delimiter. + + Historicallly, hpdelim accepted ":" or "/" as a port delimiter between + hosts (or addresses) and ports. These days most of the uses for "/" + are no longer accepted, so there are several places where it checks the + delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2 + in the other cases. ok djm@ + + OpenBSD-Commit-ID: 7e6420bd1be87590b6840973f5ad5305804e3102 + +commit a1bcbf04a7c2d81944141db7ecd0ba292d175a66 +Author: pedro martelletto <pedro@yubico.com> +Date: Mon Feb 7 09:09:59 2022 +0100 + + fix typos in previous + +commit 56192518e329b39f063487bc2dc4d796f791eca0 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Feb 7 12:53:47 2022 +1100 + + compat code for fido_assert_set_clientdata() + +commit d6b5aa08fdcf9b527f8b8f932432941d5b76b7ab +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Feb 7 01:25:12 2022 +0000 + + upstream: use libfido2 1.8.0+ fido_assert_set_clientdata() instead + + of manually hashing data outselves. Saves a fair bit of code and makes life + easier for some -portable platforms. + + OpenBSD-Commit-ID: 351dfaaa5ab1ee928c0e623041fca28078cff0e0 + +commit 86cc93fd3c26b2e0c7663c6394995fb04ebfbf3b +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Sun Feb 6 00:29:03 2022 +0000 + + upstream: remove please from manual pages ok jmc@ sthen@ millert@ + + OpenBSD-Commit-ID: 6543acb00f4f38a23472538e1685c013ca1a99aa + +commit ad16a84e64a8cf1c69c63de3fb9008320a37009c +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Feb 4 02:49:17 2022 +0000 + + upstream: Since they are deprecated, move DSA to the end of the + + default list of public keys so that they will be tried last. From github + PR#295 from "ProBackup-nl", ok djm@ + + OpenBSD-Commit-ID: 7e5d575cf4971d4e2de92e0b6d6efaba53598bf0 + +commit 253de42753de85dde266e061b6fec12ca6589f7d +Author: Damien Miller <djm@mindrot.org> +Date: Wed Feb 2 16:52:07 2022 +1100 + + portable-specific string array constification + + from Mike Frysinger + +commit dfdcc2220cf359c492d5d34eb723370e8bd8a19e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 1 23:37:15 2022 +0000 + + upstream: test 'ssh-keygen -Y find-principals' with wildcard + + principals; from Fabian Stelzer + + OpenBSD-Regress-ID: fbe4da5f0032e7ab496527a5bf0010fd700f8f40 + +commit 968e508967ef42480cebad8cf3172465883baa77 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Jan 21 02:54:41 2022 +0000 + + upstream: Enable all supported ciphers and macs in the server + + before trying to benchmark them. Increase the data file size to get more + signal. + + OpenBSD-Regress-ID: dc3697d9f7defdfc51c608782c8e750128e46eb6 + +commit 15b7199a1fd37eff4c695e09d573f3db9f4274b7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 1 23:34:47 2022 +0000 + + upstream: allow 'ssh-keygen -Y find-principals' to match wildcard + + principals in allowed_signers files; from Fabian Stelzer + + OpenBSD-Commit-ID: 1e970b9c025b80717dddff5018fe5e6f470c5098 + +commit 541667fe6dc26d7881e55f0bb3a4baa6f3171645 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 1 23:32:51 2022 +0000 + + upstream: mark const string array contents const too, i.e. static + + const char *array => static const char * const array from Mike Frysinger + + OpenBSD-Commit-ID: a664e31ea6a795d7c81153274a5f47b22bdc9bc1 + +commit 8cfa73f8a2bde4c98773f33f974c650bdb40dd3c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Feb 1 23:11:11 2022 +0000 + + upstream: better match legacy scp behaviour: show un-expanded paths + + in error messages. Spotted by and ok tb@ + + OpenBSD-Commit-ID: 866c8ffac5bd7d38ecbfc3357c8adfa58af637b7 + +commit 4e62c13ab419b4b224c8bc6a761e91fcf048012d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Feb 1 07:57:32 2022 +0000 + + upstream: Remove explicit kill of privsep preauth child's PID in + + SIGALRM handler. It's no longer needed since the child will get terminated by + the SIGTERM to the process group that cleans up any auth helpers, it + simplifies the signal handler and removes the risk of a race when updating + the PID. Based on analysis by HerrSpace in github PR#289, ok djm@ + + OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663 + +commit 2a7ccd2ec4022917b745af7186f514f365b7ebe9 +Author: guenther@openbsd.org <guenther@openbsd.org> +Date: Fri Jan 28 06:18:42 2022 +0000 + + upstream: When it's the possessive of 'it', it's spelled "its", + + without the apostrophe. + + OpenBSD-Commit-ID: fb6ab9c65bd31de831da1eb4631ddac018c5fae7 + +commit 8a0848cdd3b25c049332cd56034186b7853ae754 +Author: Alex James <theracermaster@gmail.com> +Date: Sun Jan 30 16:13:36 2022 -0600 + + sandbox-seccomp-filter: allow gettid + + Some allocators (such as Scudo) use gettid while tracing allocations [1]. + Allow gettid in preauth to prevent sshd from crashing with Scudo. + + [1]: https://github.com/llvm/llvm-project/blob/llvmorg-13.0.0/compiler-rt/lib/gwp_asan/common.cpp#L46 + +commit b30d32159dc3c7052f4bfdf36357996c905af739 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 22 00:49:34 2022 +0000 + + upstream: add a ssh_packet_process_read() function that reads from + + a fd directly into the transport input buffer. + + Use this in the client and server mainloops to avoid unnecessary + copying. It also lets us use a more greedy read size without penalty. + + Yields a 2-3% performance gain on cipher-speed.sh (in a fairly + unscientific test tbf) + + feedback dtucker@ ok markus@ + + OpenBSD-Commit-ID: df4112125bf79d8e38e79a77113e1b373078e632 + +commit a1a8efeaaa9cccb15cdc0a2bd7c347a149a3a7e3 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 22 00:45:31 2022 +0000 + + upstream: Use sshbuf_read() to read directly into the channel input + + buffer rather than into a stack buffer that needs to be copied again; + Improves performance by about 1% on cipher-speed.sh feedback dtucker@ ok + markus@ + + OpenBSD-Commit-ID: bf5e6e3c821ac3546dc8241d8a94e70d47716572 + +commit 29a76994e21623a1f84d68ebb9dc5a3c909fa3a7 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jan 25 11:52:34 2022 +1100 + + depend + +commit 754e0d5c7712296a7a3a83ace863812604c7bc4f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 22 00:43:43 2022 +0000 + + upstream: Add a sshbuf_read() that attempts to read(2) directly in + + to a sshbuf; ok markus@ + + OpenBSD-Commit-ID: 2d8f249040a4279f3bc23c018947384de8d4a45b + +commit c7964fb9829d9ae2ece8b51a76e4a02e8449338d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 21 07:04:19 2022 +0000 + + upstream: add a helper for writing an error message to the + + stderr_buf and setting quit_pending; no functional change but saves a bunch + of boilerplate + + OpenBSD-Commit-ID: 0747657cad6b9eabd514a6732adad537568e232d + +commit d23b4f7fdb1bd87e2cd7a9ae7c198ae99d347916 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 21 06:58:06 2022 +0000 + + upstream: correct comment and use local variable instead of long + + indirection; spotted by dtucker@ + + OpenBSD-Commit-ID: 5f65f5f69db2b7d80a0a81b08f390a63f8845965 + +commit d069b020a02b6e3935080204ee44d233e8158ebb +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Fri Jan 21 00:53:40 2022 +0000 + + upstream: When poll(2) returns -1, for some error conditions + + pfd[].revents is not cleared. There are subtle errors in various programs. + In this particular case, the program should error out. ok djm millert + + OpenBSD-Commit-ID: 00f839b16861f7fb2adcf122e95e8a82fa6a375c + +commit e204b34337a965feb439826157c191919fd9ecf8 +Author: Damien Miller <djm@mindrot.org> +Date: Sat Jan 22 11:38:21 2022 +1100 + + restore tty force-read hack + + This portable-specific hack fixes a hang on exit for ttyful sessions + on Linux and some SysVish Unix variants. It was accidentally disabled + in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion). + + Spotted by John in bz3383 + +commit 68085066b6bad43643b43f5957fcc5fd34782ccd +Author: Corinna Vinschen <vinschen@redhat.com> +Date: Fri Jan 21 03:22:56 2022 +1100 + + Fix signedness bug in Cygwin code + + The Cygwin-specific pattern match code has a bug. It checks + the size_t value returned by mbstowcs for being < 0. The right + thing to do is to check against (size_t) -1. Fix that. + + Signed-off-by: Corinna Vinschen <vinschen@redhat.com> + +commit 2e5cfed513e84444483baf1d8b31c40072b05103 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 20 13:26:27 2022 +1100 + + Improve compatibility of early exit trap handling. + + Dash (as used by the github runners) has some differences in its trap + builtin: + - it doesn't have -p (which is fine, that's not in posix). + - it doesn't work in a subshell (which turns out to be in compliance + with posix, which means bash isn't). + - it doesn't work in a pipeline, ie "trap|cat" produces no output. + +commit 3fe6800b6027add478e648934cbb29d684e51943 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 20 00:49:57 2022 +1100 + + Move more tests out of valgrind-1 runner. + +commit 20da6ed136dd76e6a0b229ca3036ef9c7c7ef798 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 19 15:37:39 2022 +1100 + + Invoke EXIT handler early when using Valgrind. + + When using Valgrind, we need to wait for all invoked programs to + complete before checking their valgrind logs. Some tests, notably + agent-restrict, set an EXIT trap handler to clean up things like + ssh-agent, but those do not get invoked until test-exec.sh exits. + This causes the Valgrind wait to deadlock, so if present invoke + the EXIT handler before checking the Valgrind logs. + +commit ad2e0580c87b0714cf166bca9d926a95ddeee1c8 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 18 12:55:21 2022 +1100 + + Remove line leftover from upstream sync. + +commit d1051c0f11a6b749027e26bbeb61b07df4b67e15 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 17 22:56:04 2022 +0000 + + upstream: when decompressing zlib compressed packets, use + + Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually + specified as a valid mode for inflate(). There should be no practical change + in behaviour as the compression side ensures a flush that should make all + data available to the receiver in all cases. + + repoted by lamm AT ibm.com via bz3372; ok markus + + OpenBSD-Commit-ID: 67cfc1fa8261feae6d2cc0c554711c97867cc81b + +commit d5981b1883746b1ae178a46229c26b53af99e37a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 17 21:41:04 2022 +0000 + + upstream: make most of the sftp errors more idiomatic, following + + the general form of "[local/remote] operation path: error message"; ok markus + + OpenBSD-Commit-ID: 61364cd5f3a9fecaf8d63b4c38a42c0c91f8b571 + +commit ac7c9ec894ed0825d04ef69c55babb49bab1d32e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jan 17 21:39:51 2022 +0000 + + upstream: when transferring multiple files in SFTP mode, create the + + destination directory if it doesn't already exist to match olde-scp(1) + behaviour. noticed by deraadt@ ok markus@ + + OpenBSD-Commit-ID: cf44dfa231d4112f697c24ff39d7ecf2e6311407 + +commit 39d17e189f8e72c34c722579d8d4e701fa5132da +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 14 03:43:48 2022 +0000 + + upstream: allow pin-required FIDO keys to be added to ssh-agent(1). + + ssh-askpass will be used to request the PIN at authentication time. + + From Pedro Martelletto, ok djm + + OpenBSD-Commit-ID: de8189fcd35b45f632484864523c1655550e2950 + +commit 52423f64e13db2bdc31a51b32e999cb1bfcf1263 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 14 03:35:10 2022 +0000 + + upstream: ssh-sk: free a resident key's user id + + From Pedro Martelletto; ok dtucker & me + + OpenBSD-Commit-ID: 47be40d602b7a6458c4c71114df9b53d149fc2e9 + +commit 014e2f147a2788bfb3cc58d1b170dcf2bf2ee493 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 14 03:34:00 2022 +0000 + + upstream: sshsk_load_resident: don't preallocate resp + + resp is allocated by client_converse(), at which point we lose + the original pointer. + + From Pedro Martelletto; ok dtucker & me + + OpenBSD-Commit-ID: 1f1b5ea3282017d6584dfed4f8370dc1db1f44b1 + +commit c88265f207dfe0e8bdbaf9f0eda63ed6b33781cf +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 14 03:32:52 2022 +0000 + + upstream: sshsk_sign: trim call to sshkey_fingerprint() + + the resulting fingerprint doesn't appear to be used for anything, + and we end up leaking it. + + from Pedro Martelletto; ok dtucker & me + + OpenBSD-Commit-ID: 5625cf6c68f082bc2cbbd348e69a3ed731d2f9b7 + +commit 1cd1b2eac39661b849d5a4b4b56363e22bb5f61e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jan 14 03:31:52 2022 +0000 + + upstream: use status error message to communicate ~user expansion + + failures; provides better experience for scp in sftp mode, where ~user paths + are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & + markus + + (forgot to include this file in previous commit) + + OpenBSD-Commit-ID: d37cc4c8c861ce48cd6ea9899e96aaac3476847b + +commit a1d42a6ce0398da3833bedf374ef2571af7fea50 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jan 14 13:49:32 2022 +1100 + + fix edge case in poll(2) wrapper + + Correct handling of select(2) exceptfds. These should only be consulted + for POLLPRI flagged pfds and not unconditionally converted to POLLERR. + + with and ok dtucker@ + +commit 976b9588b4b5babcaceec4767a241c11a67a5ccb +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Jan 14 13:46:35 2022 +1100 + + Wrap OpenSSL includes in unit tests in ifdef. + + Fixes unit test on systems that do not have OpenSSL headers installed. + +commit c171879374b2e8b07157503f5639ed0bce59ce89 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jan 13 15:53:33 2022 +1100 + + Remove sort wrapper. + + agent-restrict now takes care of this itself. + +commit 9cc2654403f1a686bb26c07a6ac790edf334cef5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 13 04:53:16 2022 +0000 + + upstream: Set LC_ALL in both local and remote shells so that sorted + + output matches regardless of what the user's shell sets it to. ok djm@ + + OpenBSD-Regress-ID: 4e97dd69a68b05872033175a4c2315345d01837f + +commit 7a75f748cb2dd2f771bf70ea72698aa027996ab1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 13 04:22:10 2022 +0000 + + upstream: Avoid %'s in commands (not used in OpenBSD, but used in + + -portable's Valgrind test) being interpretted as printf format strings. + + OpenBSD-Regress-ID: dc8655db27ac4acd2c386c4681bf42a10d80b043 + +commit 6c435bd4994d71442192001483a1cdb846e5ffcd +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 12 16:58:13 2022 +1100 + + Stop on first test failure to minimize logs. + +commit 4bc2ba6095620a4484b708ece12842afd8c7685b +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jan 12 07:18:37 2022 +0000 + + upstream: Use egrep when searching for an anchored string. + + OpenBSD-Regress-ID: dd114a2ac27ac4b06f9e4a586d3f6320c54aeeb4 + +commit 6bf2efa2679da1e8e60731f41677b2081dedae2c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jan 12 18:25:06 2022 +1100 + + Add "rev" command replacement if needed. + +commit 72bcd7993dadaf967bb3d8564ee31cbf38132b5d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jan 12 03:30:32 2022 +0000 + + upstream: Don't log NULL hostname in restricted agent code, + + printf("%s", NULL) is not safe on all platforms. with & ok djm + + OpenBSD-Commit-ID: faf10cdae4adde00cdd668cd1f6e05d0a0e32a02 + +commit acabefe3f8fb58c867c99fed9bbf84dfa1771727 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 11 22:33:16 2022 +0000 + + upstream: remove hardcoded domain and use window.location.host, so this + + can be run anywhere + + OpenBSD-Regress-ID: 2ac2ade3b6227d9c547351d3ccdfe671e62b7f92 + +commit 96da0946e44f34adc0397eb7caa6ec35a3e79891 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jan 11 02:56:19 2022 +0000 + + upstream: "void" functions should not return anything. From Tim Rice + + via -portable. + + OpenBSD-Commit-ID: ce6616304f4c9881b46413e616b226c306830e2a + +commit a882a09722c9f086c9edb65d0c4022fd965ec1ed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 11 01:26:47 2022 +0000 + + upstream: suppress "Connection to xxx closed" messages at LogLevel >= + + error bz3378; ok dtucker@ + + OpenBSD-Commit-ID: d5bf457d5d2eb927b81d0663f45248a31028265c + +commit 61a1a6af22e17fc94999a5d1294f27346e6c4668 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jan 12 08:57:49 2022 +1100 + + OS X poll(2) is broken; use compat replacement + + Darwin's poll(2) implementation is broken. For character-special + devices like /dev/null, it returns POLLNVAL when polled with + POLLIN. + + Apparently this is Apple bug 3710161, which is AFAIK not public, + but a websearch will find other OSS projects rediscovering it + periodically since it was first identified in 2005 (!!) + +commit 613a6545fc5a9542753b503cbe5906538a640b60 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jan 11 20:56:01 2022 +1100 + + libhardended_malloc.so moved into out dir. + +commit 61761340be5e11046556623f8f5412b236cefa95 +Author: Tim Rice <tim@multitalents.net> +Date: Mon Jan 10 11:07:04 2022 -0800 + + Make USL compilers happy + UX:acomp: ERROR: "sftp-server.c", line 567: void function cannot return value + +commit 3ef403f351e80a59b6f7e9d43cb82c181855483c +Author: Darren Tucker <dtucker@dtucker.net> +Date: Mon Jan 10 21:07:38 2022 +1100 + + Add wrapper for "sort" to set LC_ALL=C. + + Found by djm, this should make sorts stable and reduce test flakiness. + +commit bd69e29f5716090181dbe0b8272eb7eab1a383bb +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 8 07:55:26 2022 +0000 + + upstream: Remove errant "set -x" left over from debugging. + + OpenBSD-Regress-ID: cd989268e034264cec5df97be7581549032c87dc + +commit 1a7c88e26fd673813dc5f61c4ac278564845e004 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sat Jan 8 07:01:13 2022 +0000 + + upstream: Enable all supported hostkey algorithms (but no others). + + Allows hostbased test to pass when built without OpenSSL. + + OpenBSD-Regress-ID: 5ddd677a68b672517e1e78460dc6ca2ccc0a9562 + +commit 12b457c2a42ff271e7967d9bedd068cebb048db9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 8 07:37:32 2022 +0000 + + upstream: use status error message to communicate ~user expansion + + failures; provides better experience for scp in sftp mode, where ~user paths + are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg & + markus + + OpenBSD-Commit-ID: fc610ce00ca0cdc2ecdabbd49ce7cb82033f905f + +commit 63670d4e9030bcee490d5a9cce561373ac5b3b23 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 8 07:36:11 2022 +0000 + + upstream: fix some corner-case bugs in scp sftp-mode handling of + + ~-prefixed paths; spotted by jsg; feedback jsg & deraadt, ok jsg & markus + + OpenBSD-Commit-ID: d1697dbaaa9f0f5649d69be897eab25c7d37c222 + +commit e14940bbec57fc7d3ce0644dbefa35f5a8ec97d0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 8 07:34:57 2022 +0000 + + upstream: more idiomatic error messages; spotted by jsg & deraadt + + ok jsg & markus + + OpenBSD-Commit-ID: 43618c692f3951747b4151c477c7df22afe2bcc8 + +commit 9acddcd5918c623f7ebf454520ffe946a8f15e90 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 8 07:33:54 2022 +0000 + + upstream: add a variant of send_status() that allows overriding the + + default, generic error message. feedback/ok markus & jsg + + OpenBSD-Commit-ID: 81f251e975d759994131b717ee7c0b439659c40f + +commit 961411337719d4cd78f1ab33e4ac549f3fa22f50 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 8 07:32:45 2022 +0000 + + upstream: refactor tilde_expand_filename() and make it handle ~user + + paths with no trailing slash; feedback/ok markus and jsg + + OpenBSD-Commit-ID: a2ab365598a902f0f14ba6a4f8fb2d07a9b5d51d + +commit dc38236ab6827dec575064cac65c8e7035768773 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 6 22:14:25 2022 +0000 + + upstream: Don't explicitly set HostbasedAuthentication in + + sshd_config. It defaults to "no", and not explicitly setting it allows us to + enable it for the (optional) hostbased test. + + OpenBSD-Regress-ID: aa8e3548eb5793721641d26e56c29f363b767c0c + +commit e12d912ddf1c873cb72e5de9a197afbe0b6622d2 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jan 6 21:46:56 2022 +0000 + + upstream: Add test for hostbased auth. It requires some external + + setup (see comments at the top) and thus is disabled unless + TEST_SSH_HOSTBASED_AUTH and SUDO are set. + + OpenBSD-Regress-ID: 3ec8ba3750c5b595fc63e7845d13483065a4827a + +commit a48533a8da6a0f4f05ecd055dc8048047e53569e +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jan 7 09:24:26 2022 +1100 + + depend + +commit d9dbb5d9a0326e252d3c7bc13beb9c2434f59409 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:06:51 2022 +0000 + + upstream: allow hostbased auth to select RSA keys when only + + RSA/SHA2 are configured (this is the default case); ok markus@ + + OpenBSD-Commit-ID: 411c18c7bde40c60cc6dfb7017968577b4d4a827 + +commit fdb1d58d0d3888b042e5a500f6ce524486aaf782 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:05:42 2022 +0000 + + upstream: add a helper function to match a key type to a list of + + signature algorithms. RSA keys can make signatures with multiple algorithms, + so some special handling is required. ok markus@ + + OpenBSD-Commit-ID: 03b41b2bda06fa4cd9c84cef6095033b9e49b6ff + +commit 11e8c4309a5086a45fbbbc87d0af5323c6152914 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:04:20 2022 +0000 + + upstream: log some details on hostkeys that ssh loads for + + hostbased authn ok markus@ + + OpenBSD-Commit-ID: da17061fa1f0e58cb31b88478a40643e18233e38 + +commit c6706f661739514a34125aa3136532a958929510 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:03:59 2022 +0000 + + upstream: log signature algorithm during verification by monitor; + + ok markus + + OpenBSD-Commit-ID: 02b92bb42c4d4bf05a051702a56eb915151d9ecc + +commit 8832402bd500d1661ccc80a476fd563335ef6cdc +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:02:52 2022 +0000 + + upstream: piece of UpdateHostkeys client strictification: when + + updating known_hosts with new keys, ignore NULL keys (forgot to include in + prior commit) + + OpenBSD-Commit-ID: 49d2eda6379490e1ceec40c3b670b973f63dea08 + +commit c2d9ced1da0276961d86690b3bd7ebdaca7fdbf7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:01:14 2022 +0000 + + upstream: include rejected signature algorithm in error message + + and not the (useless) key type; ok markus + + OpenBSD-Commit-ID: 4180b5ec7ab347b43f84e00b1972515296dab023 + +commit 7aa7b096cf2bafe2777085abdeed5ce00581f641 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 22:00:18 2022 +0000 + + upstream: make ssh-keysign use the requested signature algorithm + + and not the default for the keytype. Part of unbreaking hostbased auth for + RSA/SHA2 keys. ok markus@ + + OpenBSD-Commit-ID: b5639a14462948970da3a8020dc06f9a80ecccdc + +commit 291721bc7c840d113a49518f3fca70e86248b8e8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 21:57:28 2022 +0000 + + upstream: stricter UpdateHostkey signature verification logic on + + the client- side. Require RSA/SHA2 signatures for RSA hostkeys except when + RSA/SHA1 was explicitly negotiated during initial KEX; bz3375 + + ok markus@ + + OpenBSD-Commit-ID: 46e75e8dfa2c813781805b842580dcfbd888cf29 + +commit 0fa33683223c76289470a954404047bc762be84c +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 21:55:23 2022 +0000 + + upstream: Fix signature algorithm selection logic for + + UpdateHostkeys on the server side. The previous code tried to prefer RSA/SHA2 + for hostkey proofs of RSA keys, but missed some cases. This will use RSA/SHA2 + signatures for RSA keys if the client proposed these algorithms in initial + KEX. bz3375 + + Mostly by Dmitry Belyavskiy with some tweaks by me. + + ok markus@ + + OpenBSD-Commit-ID: c17ba0c3236340d2c6a248158ebed042ac6a8029 + +commit 17877bc81db3846e6e7d4cfb124d966bb9c9296b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 21:48:38 2022 +0000 + + upstream: convert ssh, sshd mainloops from select() to poll(); + + feedback & ok deraadt@ and markus@ has been in snaps for a few months + + OpenBSD-Commit-ID: a77e16a667d5b194dcdb3b76308b8bba7fa7239c + +commit 5c79952dfe1aa36105c93b3f383ce9be04dee384 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jan 6 21:46:23 2022 +0000 + + upstream: prepare for conversion of ssh, sshd mainloop from + + select() to poll() by moving FD_SET construction out of channel handlers into + separate functions. ok markus + + OpenBSD-Commit-ID: 937fbf2a4de12b19fb9d5168424e206124807027 + +commit 24c5187edfef4651a625b7d5d692c8c7e794f71f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 21:54:37 2022 +0000 + + upstream: add a comment so I don't make this mistake again + + OpenBSD-Commit-ID: 69c7f2362f9de913bb29b6318580c5a1b52c921e + +commit 7369900441929058263a17f56aa67e05ff7ec628 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 21:50:00 2022 +0000 + + upstream: fix cut-and-pasto in error message + + OpenBSD-Commit-ID: 4cc5c619e4b456cd2e9bb760d17e3a9c84659198 + +commit 294c11b1c7d56d3fb61e329603a782315ed70c62 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 08:25:05 2022 +0000 + + upstream: select all RSA hostkey algorithms for UpdateHostkeys tests, + + not just RSA-SHA1 + + OpenBSD-Regress-ID: b40e62b65863f2702a0c10aca583b2fe76772bd8 + +commit 2ea1108c30e3edb6f872dfc1e6da10b041ddf2c0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 04:56:15 2022 +0000 + + upstream: regress test both sshsig message hash algorithms, possible + + now because the algorithm is controllable via the CLI + + OpenBSD-Regress-ID: 0196fa87acc3544b2b4fd98de844a571cb09a39f + +commit 2327c306b5d4a2b7e71178e5a4d139af9902c2b0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 04:50:11 2022 +0000 + + upstream: allow selection of hash at sshsig signing time; code + + already supported either sha512 (default) or sha256, but plumbing wasn't + there mostly by Linus Nordberg + + OpenBSD-Commit-ID: 1b536404b9da74a84b3a1c8d0b05fd564cdc96cd + +commit 56e941d0a00d6d8bae88317717d5e1b7395c9529 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 04:27:54 2022 +0000 + + upstream: add missing -O option to usage() for ssh-keygen -Y sign; + + from Linus Nordberg + + OpenBSD-Commit-ID: 4e78feb4aa830727ab76bb2e3d940440ae1d7af0 + +commit 141a14ec9b0924709c98df2dd8013bde5d8d12c7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 04:27:01 2022 +0000 + + upstream: move sig_process_opts() to before sig_sign(); no + + functional code change + + OpenBSD-Commit-ID: da02d61f5464f72b4e8b299f83e93c3b657932f9 + +commit 37a14249ec993599a9051731e4fb0ac5e976aec1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 04:10:39 2022 +0000 + + upstream: regression test for find-principals NULL deref; from Fabian + + Stelzer + + OpenBSD-Regress-ID: f845a8632a5a7d5ae26978004c93e796270fd3e5 + +commit eb1f042142fdaba93f6c9560cf6c91ae25f6884a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jan 5 04:02:42 2022 +0000 + + upstream: NULL deref when using find-principals when matching an + + allowed_signers line that contains a namespace restriction, but no + restriction specified on the command-line; report and fix from Fabian Stelzer + + OpenBSD-Commit-ID: 4a201b86afb668c908d1a559c6af456a61f4b145 + +commit 8f3b18030579f395eca2181da31a5f945af12a59 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jan 4 08:38:53 2022 +0000 + + upstream: Log command invocation while debugging. + + This will aid in manually reproducing failing commands. + + OpenBSD-Regress-ID: b4aba8d5ac5675ceebeeeefa3261ce344e67333a + +commit bbf285164df535f0d38c36237f007551bbdae27f +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sun Dec 26 10:31:15 2021 +1100 + + Always save config.h as build artifact. + + Should allow better comparison between failing and succeeding test + platforms. + +commit 03bd4ed0db699687c5cd83405d26f81d2dc28d22 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Sat Dec 25 16:42:51 2021 +1100 + + Add OpenBSD 7.0 target. Retire 6.8. + +commit c45a752f0de611afd87755c2887c8a24816d08ee +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Sat Jan 1 05:55:06 2022 +0000 + + upstream: spelling + + OpenBSD-Commit-ID: c63e43087a64d0727af13409c708938e05147b62 + +commit c672f83a89a756564db0d3af9934ba0e1cf8fa3e +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jan 4 07:20:33 2022 +0000 + + upstream: unbreak test: was picking up system ssh-add instead of the + + one supposedly being tested. Spotted by dtucker and using his VM zoo (which + includes some systems old enough to lack ed25519 key support) + + OpenBSD-Regress-ID: 7976eb3df11cc2ca3af91030a6a8c0cef1590bb5 + +commit a23698c3082ffe661abed14b020eac9b0c25eb9f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jan 1 04:18:06 2022 +0000 + + upstream: fix memleak in process_extension(); oss-fuzz issue #42719 + + OpenBSD-Commit-ID: d8d49f840162fb7b8949e3a5adb8107444b6de1e + +commit cb885178f36b83d0f14cfe9f345d2068103feed0 +Author: jsg@openbsd.org <jsg@openbsd.org> +Date: Sat Jan 1 01:55:30 2022 +0000 + + upstream: spelling ok dtucker@ + + OpenBSD-Commit-ID: bfc7ba74c22c928de2e257328b3f1274a3dfdf19 + +commit 6b977f8080a32c5b3cbb9edb634b9d5789fb79be +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 26 23:34:41 2021 +0000 + + upstream: split method list search functionality from + + authmethod_lookup() into a separate authmethod_byname(), for cases where we + don't need to check whether a method is enabled, etc. + + use this to fix the "none" authentication method regression reported + by Nam Nguyen via bugs@ + + ok deraadt@ + + OpenBSD-Commit-ID: 8cd188dc3a83aa8abe5b7693e762975cd8ea8a17 + +commit 0074aa2c8d605ee7587279a22cdad4270b4ddd07 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Wed Dec 22 06:56:41 2021 +0000 + + upstream: sort -H and -h in SYNOPSIS/usage(); tweak the -H text; + + ok djm + + OpenBSD-Commit-ID: 90721643e41e9e09deb5b776aaa0443456ab0965 + +commit 1c9853a68b2319f2e5f929179735e8fbb9988a67 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Dec 22 19:33:10 2021 +1100 + + Use SHA.*_HMAC_BLOCK_SIZE if needed. + + If the platform has a native SHA2, does not define SHA.*_BLOCK_LENGTH + but does define SHA.*_HMAC_BLOCK_SIZE (eg Solaris) then use the latter. + Should fix --without-openssl build on Solaris. + +commit 715c892f0a5295b391ae92c26ef4d6a86ea96e8e +Author: Damien Miller <djm@mindrot.org> +Date: Wed Dec 22 09:02:50 2021 +1100 + + remove sys/param.h in -portable, after upstream + +commit 7a7c69d8b4022b1e5c0afb169c416af8ce70f3e8 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Dec 20 13:05:20 2021 +1100 + + add agent-restrict.sh file, missed in last commit + +commit f539136ca51a4976644db5d0be8158cc1914c72a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:20:12 2021 +0000 + + upstream: regression test for destination restrictions in ssh-agent + + OpenBSD-Regress-ID: 3c799d91e736b1753b4a42d80c42fc40de5ad33d + +commit 6e4980eb8ef94c04874a79dd380c3f568e8416d6 +Author: anton@openbsd.org <anton@openbsd.org> +Date: Sat Dec 18 06:53:59 2021 +0000 + + upstream: Make use of ntests variable, pointed out by clang 13. + + OpenBSD-Regress-ID: 4241a3d21bdfa1630ed429b6d4fee51038d1be72 + +commit 3eead8158393b697f663ec4301e3c7b6f24580b1 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Tue Dec 14 21:25:27 2021 +0000 + + upstream: sys/param.h cleanup, mostly using MINIMUM() and + + <limits.h> ok dtucker + + OpenBSD-Regress-ID: 172a4c45d3bcf92fa6cdf6c4b9db3f1b3abe4db0 + +commit 266678e19eb0e86fdf865b431b6e172e7a95bf48 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:15:42 2021 +0000 + + upstream: document host-bound publickey authentication + + OpenBSD-Commit-ID: ea6ed91779a81f06d961e30ecc49316b3d71961b + +commit 3d00024b3b156aa9bbd05d105f1deb9cb088f6f7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:15:21 2021 +0000 + + upstream: document agent protocol extensions + + OpenBSD-Commit-ID: 09e8bb391bbaf24c409b75a4af44e0cac65405a7 + +commit c385abf76511451bcba78568167b1cd9e90587d5 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:14:47 2021 +0000 + + upstream: PubkeyAuthentication=yes|no|unbound|host-bound + + Allow control over which pubkey methods are used. Added out of + concern that some hardware devices may have difficulty signing + the longer pubkey authentication challenges. This provides a + way for them to disable the extension. It's also handy for + testing. + + feedback / ok markus@ + + OpenBSD-Commit-ID: ee52580db95c355cf6d563ba89974c210e603b1a + +commit 34b1e9cc7654f41cd4c5b1cc290b999dcf6579bb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:14:12 2021 +0000 + + upstream: document destination-constrained keys + + feedback / ok markus@ + + OpenBSD-Commit-ID: cd8c526c77268f6d91c06adbee66b014d22d672e + +commit a6d7677c4abcfba268053e5867f2acabe3aa371b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:13:55 2021 +0000 + + upstream: Use hostkey parsed from hostbound userauth request + + Require host-bound userauth requests for forwarded SSH connections. + + The hostkey parsed from the host-bound userauth request is now checked + against the most recently bound session ID / hostkey on the agent socket + and the signature refused if they do not match. + + ok markus@ + + OpenBSD-Commit-ID: d69877c9a3bd8d1189a5dbdeceefa432044dae02 + +commit baaff0ff4357cc5a079621ba6e2d7e247b765061 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:13:33 2021 +0000 + + upstream: agent support for parsing hostkey-bound signatures + + Allow parse_userauth_request() to work with blobs from + publickey-hostbound-v00@openssh.com userauth attempts. + + Extract hostkey from these blobs. + + ok markus@ + + OpenBSD-Commit-ID: 81c064255634c1109477dc65c3e983581d336df8 + +commit 3e16365a79cdeb2d758cf1da6051b1c5266ceed7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:13:12 2021 +0000 + + upstream: EXT_INFO negotiation of hostbound pubkey auth + + the EXT_INFO packet gets a new publickey-hostbound@openssh.com to + advertise the hostbound public key method. + + Client side support to parse this feature flag and set the kex->flags + indicator if the expected version is offered (currently "0"). + + ok markus@ + + OpenBSD-Commit-ID: 4cdb2ca5017ec1ed7a9d33bda95c1d6a97b583b0 + +commit 94ae0c6f0e35903b695e033bf4beacea1d376bb1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:12:54 2021 +0000 + + upstream: client side of host-bound pubkey authentication + + Add kex->flags member to enable the publickey-hostbound-v00@openssh.com + authentication method. + + Use the new hostbound method in client if the kex->flags flag was set, + and include the inital KEX hostkey in the userauth request. + + Note: nothing in kex.c actually sets the new flag yet + + ok markus@ + + OpenBSD-Commit-ID: 5a6fce8c6c8a77a80ee1526dc467d91036a5910d + +commit 288fd0218dbfdcb05d9fbd1885904bed9b6d42e6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:12:30 2021 +0000 + + upstream: sshd side of hostbound public key auth + + This is identical to the standard "publickey" method, but it also includes + the initial server hostkey in the message signed by the client. + + feedback / ok markus@ + + OpenBSD-Commit-ID: 7ea01bb7238a560c1bfb426fda0c10a8aac07862 + +commit dbb339f015c33d63484261d140c84ad875a9e548 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:12:07 2021 +0000 + + upstream: prepare for multiple names for authmethods + + allow authentication methods to have one additional name beyond their + primary name. + + allow lookup by this synonym + + Use primary name for authentication decisions, e.g. for + PermitRootLogin=publickey + + Pass actual invoked name to the authmethods, so they can tell whether they + were requested via the their primary name or synonym. + + ok markus@ + + OpenBSD-Commit-ID: 9e613fcb44b8168823195602ed3d09ffd7994559 + +commit 39f00dcf44915f20684160f0a88d3ef8a3278351 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:11:39 2021 +0000 + + upstream: ssh-agent side of destination constraints + + Gives ssh-agent the ability to parse restrict-destination-v00@openssh.com + constraints and to apply them to keys. + + Check constraints against the hostkeys recorded for a SocketEntry when + attempting a signature, adding, listing or deleting keys. Note that + the "delete all keys" request will remove constrained keys regardless of + location. + + feedback Jann Horn & markus@ + ok markus@ + + OpenBSD-Commit-ID: 84a7fb81106c2d609a6ac17469436df16d196319 + +commit ce943912df812c573a33d00bf9e5435b7fcca3f7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:11:06 2021 +0000 + + upstream: ssh-add side of destination constraints + + Have ssh-add accept a list of "destination constraints" that allow + restricting where keys may be used in conjunction with a ssh-agent/ssh + that supports session ID/hostkey binding. + + Constraints are specified as either "[user@]host-pattern" or + "host-pattern>[user@]host-pattern". + + The first form permits a key to be used to authenticate as the + specified user to the specified host. + + The second form permits a key that has previously been permitted + for use at a host to be available via a forwarded agent to an + additional host. + + For example, constraining a key with "user1@host_a" and + "host_a>host_b". Would permit authentication as "user1" at + "host_a", and allow the key to be available on an agent forwarded + to "host_a" only for authentication to "host_b". The key would not + be visible on agent forwarded to other hosts or usable for + authentication there. + + Internally, destination constraints use host keys to identify hosts. + The host patterns are used to obtain lists of host keys for that + destination that are communicated to the agent. The user/hostkeys are + encoded using a new restrict-destination-v00@openssh.com key + constraint. + + host keys are looked up in the default client user/system known_hosts + files. It is possible to override this set on the command-line. + + feedback Jann Horn & markus@ + ok markus@ + + OpenBSD-Commit-ID: 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 + +commit 5e950d765727ee0b20fc3d2cbb0c790b21ac2425 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:10:24 2021 +0000 + + upstream: ssh-add side of destination constraints + + Have ssh-add accept a list of "destination constraints" that allow + restricting where keys may be used in conjunction with a ssh-agent/ssh + that supports session ID/hostkey binding. + + Constraints are specified as either "[user@]host-pattern" or + "host-pattern>[user@]host-pattern". + + The first form permits a key to be used to authenticate as the + specified user to the specified host. + + The second form permits a key that has previously been permitted + for use at a host to be available via a forwarded agent to an + additional host. + + For example, constraining a key with "user1@host_a" and + "host_a>host_b". Would permit authentication as "user1" at + "host_a", and allow the key to be available on an agent forwarded + to "host_a" only for authentication to "host_b". The key would not + be visible on agent forwarded to other hosts or usable for + authentication there. + + Internally, destination constraints use host keys to identify hosts. + The host patterns are used to obtain lists of host keys for that + destination that are communicated to the agent. The user/hostkeys are + encoded using a new restrict-destination-v00@openssh.com key + constraint. + + host keys are looked up in the default client user/system known_hosts + files. It is possible to override this set on the command-line. + + feedback Jann Horn & markus@ + ok markus@ + + OpenBSD-Commit-ID: ef47fa9ec0e3c2a82e30d37ef616e245df73163e + +commit 4c1e3ce85e183a9d0c955c88589fed18e4d6a058 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:09:23 2021 +0000 + + upstream: ssh-agent side of binding + + record session ID/hostkey/forwarding status for each active socket. + + Attempt to parse data-to-be-signed at signature request time and extract + session ID from the blob if it is a pubkey userauth request. + + ok markus@ + + OpenBSD-Commit-ID: a80fd41e292b18b67508362129e9fed549abd318 + +commit e9497ecf73f3c16667288bce48d4e3d7e746fea1 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:08:48 2021 +0000 + + upstream: ssh client side of binding + + send session ID, hostkey, signature and a flag indicating whether the + agent connection is being forwarded to ssh agent each time a connection + is opened via a new "session-bind@openssh.com" agent extension. + + ok markus@ + + OpenBSD-Commit-ID: 2f154844fe13167d3ab063f830d7455fcaa99135 + +commit b42c61d6840d16ef392ed0f365e8c000734669aa +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Dec 19 22:08:06 2021 +0000 + + upstream: Record session ID, host key and sig at intital KEX + + These will be used later for agent session ID / hostkey binding + + ok markus@ + + OpenBSD-Commit-ID: a9af29e33772b18e3e867c6fa8ab35e1694a81fe + +commit 26ca33d186473d58a32d812e19273ce078b6ffff +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Dec 7 22:06:45 2021 +0000 + + upstream: better error message for FIDO keys when we can't match + + them to a token + + OpenBSD-Commit-ID: 58255c2a1980088f4ed144db67d879ada2607650 |