Damien Miller [Mon, 11 Aug 2025 05:36:27 +0000 (15:36 +1000)]
support sntrup761x25519-sha512 alias
OpenSSH 8.9 supports the sntrup761x25519-sha512@openssh.com
key agreement algorithm. As part of standardisation, this algorithm
has been assigned the name sntrup761x25519-sha512.
This commit enables the existing algorithm under this new name.
Darren Tucker [Fri, 1 Apr 2022 12:38:44 +0000 (23:38 +1100)]
Only return events from ppoll that were requested.
If the underlying system's select() returns bits that were not in the
request set, our ppoll() implementation can return revents for events
not requested, which can apparently cause a hang. Only return revents
for activity in the requested event set. bz#3416, analysis and fix by
yaroslav.kuzmin at vmssoftware com, ok djm@
Darren Tucker [Tue, 8 Mar 2022 09:04:06 +0000 (20:04 +1100)]
Default to not using sandbox when cross compiling.
On most systems poll(2) does not work when the number of FDs is reduced
with setrlimit, so assume it doesn't when cross compiling and we can't
run the test. bz#3398.
Darren Tucker [Sat, 26 Feb 2022 03:06:14 +0000 (14:06 +1100)]
Allow ppoll_time64 in seccomp sandbox.
Should fix sandbox violations on (some? at least i386 and armhf) 32bit
Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at
debian.org via bz#3396.
Darren Tucker [Tue, 22 Feb 2022 04:29:22 +0000 (15:29 +1100)]
Extend select+rlimit sanbox test to include poll.
POSIX specifies that poll() shall fail if "nfds argument is greater
than {OPEN_MAX}". The setrlimit sandbox sets this to effectively zero
so this causes poll() to fail in the preauth privsep process.
This is likely the underlying cause for the previously observed similar
behaviour of select() on plaforms where it is implement in userspace on
top of poll().
Darren Tucker [Fri, 11 Feb 2022 10:00:35 +0000 (21:00 +1100)]
Move SSHD_ACQUIRES_CTTY workaround into compat.
On some (most? all?) SysV based systems with STREAMS based ptys,
sshd could acquire a controlling terminal during pty setup when
it pushed the "ptem" module, due to what is probably a bug in
the STREAMS driver that's old enough to vote. Because it was the
privileged sshd's controlling terminal, it was not available for
the user's session, which ended up without one. This is known to
affect at least Solaris <=10, derivatives such as OpenIndiana and
several other SysV systems. See bz#245 for the backstory.
In the we past worked around that by not calling setsid in the
privileged sshd child, which meant it was not a session or process
group leader. This solved controlling terminal problem because sshd
was not eligble to acquire one, but had other side effects such as
not cleaning up helper subprocesses in the SIGALRM handler since it
was not PG leader. Recent cleanups in the signal handler uncovered
this, resulting in the LoginGraceTime timer not cleaning up privsep
unprivileged processes.
This change moves the workaround into the STREAMS pty allocation code,
by allocating a sacrificial pty to act as sshd's controlling terminal
before allocating user ptys, so those are still available for users'
sessions.
On the down side:
- this will waste a pty per ssh connection on affected platforms.
On the up side:
- it makes the process group behaviour consistent between platforms.
- it puts the workaround nearest the code that actually causes the
problem and competely out of the mainline code.
- the workaround is only activated if you use the STREAMS code. If,
say, Solaris 11 has the bug but also a working openpty() it doesn't
matter that we defined SSHD_ACQUIRES_CTTY.
- the workaround is only activated when the fist pty is allocated,
ie in the post-auth privsep monitor. This means there's no risk
of fd leaks to the unprivileged processes, and there's no effect on
sessions that do not allocate a pty.
upstream: Switch hpdelim interface to accept only ":" as delimiter.
Historicallly, hpdelim accepted ":" or "/" as a port delimiter between
hosts (or addresses) and ports. These days most of the uses for "/"
are no longer accepted, so there are several places where it checks the
delimiter to disallow it. Make hpdelim accept only ":" and use hpdelim2
in the other cases. ok djm@
upstream: Remove explicit kill of privsep preauth child's PID in
SIGALRM handler. It's no longer needed since the child will get terminated by
the SIGTERM to the process group that cleans up any auth helpers, it
simplifies the signal handler and removes the risk of a race when updating
the PID. Based on analysis by HerrSpace in github PR#289, ok djm@
Damien Miller [Sat, 22 Jan 2022 00:38:21 +0000 (11:38 +1100)]
restore tty force-read hack
This portable-specific hack fixes a hang on exit for ttyful sessions
on Linux and some SysVish Unix variants. It was accidentally disabled
in commit 5c79952dfe1a (a precursor to the mainloop poll(2) conversion).
Corinna Vinschen [Thu, 20 Jan 2022 16:22:56 +0000 (03:22 +1100)]
Fix signedness bug in Cygwin code
The Cygwin-specific pattern match code has a bug. It checks
the size_t value returned by mbstowcs for being < 0. The right
thing to do is to check against (size_t) -1. Fix that.
Darren Tucker [Thu, 20 Jan 2022 02:26:27 +0000 (13:26 +1100)]
Improve compatibility of early exit trap handling.
Dash (as used by the github runners) has some differences in its trap
builtin:
- it doesn't have -p (which is fine, that's not in posix).
- it doesn't work in a subshell (which turns out to be in compliance
with posix, which means bash isn't).
- it doesn't work in a pipeline, ie "trap|cat" produces no output.
Darren Tucker [Wed, 19 Jan 2022 04:37:39 +0000 (15:37 +1100)]
Invoke EXIT handler early when using Valgrind.
When using Valgrind, we need to wait for all invoked programs to
complete before checking their valgrind logs. Some tests, notably
agent-restrict, set an EXIT trap handler to clean up things like
ssh-agent, but those do not get invoked until test-exec.sh exits.
This causes the Valgrind wait to deadlock, so if present invoke
the EXIT handler before checking the Valgrind logs.
djm@openbsd.org [Mon, 17 Jan 2022 22:56:04 +0000 (22:56 +0000)]
upstream: when decompressing zlib compressed packets, use
Z_SYNC_FLUSH instead of Z_PARTIAL_FLUSH as the latter is not actually
specified as a valid mode for inflate(). There should be no practical change
in behaviour as the compression side ensures a flush that should make all
data available to the receiver in all cases.
djm@openbsd.org [Fri, 14 Jan 2022 03:31:52 +0000 (03:31 +0000)]
upstream: use status error message to communicate ~user expansion
failures; provides better experience for scp in sftp mode, where ~user paths
are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg &
markus
Damien Miller [Tue, 11 Jan 2022 21:57:49 +0000 (08:57 +1100)]
OS X poll(2) is broken; use compat replacement
Darwin's poll(2) implementation is broken. For character-special
devices like /dev/null, it returns POLLNVAL when polled with
POLLIN.
Apparently this is Apple bug 3710161, which is AFAIK not public,
but a websearch will find other OSS projects rediscovering it
periodically since it was first identified in 2005 (!!)
djm@openbsd.org [Sat, 8 Jan 2022 07:37:32 +0000 (07:37 +0000)]
upstream: use status error message to communicate ~user expansion
failures; provides better experience for scp in sftp mode, where ~user paths
are more likely to be used; spotted jsg, feedback jsg & deraadt ok jsg &
markus
projects / thirdparty / openssh-portable.git / log
