]> git.ipfire.org Git - thirdparty/openssh-portable.git/log
thirdparty/openssh-portable.git
8 months agoupstream: Remove redundant field of definition check
tb@openbsd.org [Tue, 3 Dec 2024 15:53:51 +0000 (15:53 +0000)] 
upstream: Remove redundant field of definition check

This will allow us to get rid of EC_GROUP_method_of() in the near future.

ok djm

OpenBSD-Commit-ID: b4a3d2e00990cf5c2ec6881c21ddca67327c2df8

8 months agodon't ignore changes in regress Makefiles
Damien Miller [Wed, 4 Dec 2024 13:59:19 +0000 (00:59 +1100)] 
don't ignore changes in regress Makefiles

reported by Torben Hansen in bz2880

8 months agoSupport systemd-style socket activation in agent
Damien Miller [Wed, 4 Dec 2024 13:01:33 +0000 (00:01 +1100)] 
Support systemd-style socket activation in agent

Adds support for systemd LISTEN_PID/LISTEN_FDS socket activation to
ssh-agent. Activated when these environment variables are set and
the agent is started with the -d or -D option and no socket path
is set.

Based on GHPR502 by Daniel Kahn Gillmor, ok dtucker

8 months agoUpdate readme files to better reflect reality.
Darren Tucker [Wed, 4 Dec 2024 10:36:01 +0000 (21:36 +1100)] 
Update readme files to better reflect reality.

Prompted by bz#3738, ok djm@.

8 months agoupstream: Improve description of KbdInteractiveAuthentication.
dtucker@openbsd.org [Tue, 3 Dec 2024 14:12:47 +0000 (14:12 +0000)] 
upstream: Improve description of KbdInteractiveAuthentication.

Based on bz#3658, fixes jmc@ ok markus@ djm@.

OpenBSD-Commit-ID: 9fadb56b9afed554d501acbba911c685acd6ffc2

8 months agoInherit DESTDIR from the environment.
Jonas 'Sortie' Termansen [Sat, 2 Nov 2024 16:53:23 +0000 (17:53 +0100)] 
Inherit DESTDIR from the environment.

autoconf packages conventionally inherit the DESTDIR variable from the
environment.

8 months agoDefine u_short and u_long if needed.
Jonas 'Sortie' Termansen [Sat, 2 Nov 2024 21:10:39 +0000 (22:10 +0100)] 
Define u_short and u_long if needed.

8 months agoupstream: support FIDO tokens that return no attestation data, e.g.
djm@openbsd.org [Tue, 3 Dec 2024 08:31:49 +0000 (08:31 +0000)] 
upstream: support FIDO tokens that return no attestation data, e.g.

recent WinHello. From Michael Braun via GHPR542

OpenBSD-Commit-ID: a71b0542f2f7819ba0e33a88908e01b6fc49e4ce

8 months agoAdd wtmpdb support as Y2038 safe wtmp replacement
Thorsten Kukuk [Tue, 19 Nov 2024 09:53:28 +0000 (10:53 +0100)] 
Add wtmpdb support as Y2038 safe wtmp replacement

8 months agoupstream: unbreak
djm@openbsd.org [Mon, 2 Dec 2024 14:06:42 +0000 (14:06 +0000)] 
upstream: unbreak

OpenBSD-Commit-ID: 05b6c31f4a6e385338f43cc0e08776cea75802a1

8 months agoupstream: prefer AES-GCM to AES-CTR; ok deraadt markus
djm@openbsd.org [Mon, 2 Dec 2024 13:37:18 +0000 (13:37 +0000)] 
upstream: prefer AES-GCM to AES-CTR; ok deraadt markus

OpenBSD-Commit-ID: 8366a72e0f300ee31c5dab2c95025387ec15bbc9

8 months agoFix compilation with DEBUG_SK enabled
Shiva Kaul [Mon, 2 Dec 2024 07:04:20 +0000 (02:04 -0500)] 
Fix compilation with DEBUG_SK enabled

In `ssh_ecdsa_sk_verify`, the `datalen` variable was renamed to `dlen` -- but not in this debugging block.

8 months agoupstream: Import regenerated moduli.
dtucker@openbsd.org [Fri, 29 Nov 2024 00:13:36 +0000 (00:13 +0000)] 
upstream: Import regenerated moduli.

OpenBSD-Commit-ID: 311d271bf0fab8a119e84f4f696d8cd40731692f

8 months agoAdd make target for standalone sk-libfido2
Jeremy Stott [Fri, 18 Oct 2024 23:10:52 +0000 (12:10 +1300)] 
Add make target for standalone sk-libfido2

Add a Makefile target for sk-libfido2, the standalone fido2 security
key shared library, suitable for use with the SecurityKeyProvider
option.

Add a new configure option `--with-security-key-standalone` that
optionally sets the shared library target sk-libfido2$(SHLIBEXT), and
adds it to $(TARGETS).

misc.h is required when SK_STANDALONE is defined, because of the use
of `monotime_tv` in `sk_select_by_touch`.

Sets the shared library extension for sk-libfido2 is by setting
`SHLIBEXT` depending on the platform in configure.ac.

Add the shared library to the CI builds in the `sk` target config to
make sure it can compile under the same conditions as
`--with-security-key-builtin`.

Add a libssh-pic.a static library that compiles with `-fPIC` reusing
.c.lo method in sk-dummy.so for use in the shared library sk-libfido2.

Note, a separate static library libssh-pic.a is needed, since defining
-DSK_STANDALONE excludes some symbols needed in sshkey.lo.

8 months agomdoc2man: balance nested square brackets
Arnout Engelen [Fri, 18 Oct 2024 11:42:38 +0000 (13:42 +0200)] 
mdoc2man: balance nested square brackets

I noticed the square brackets in `destination [command [argument...]`
in the synopsis for the `ssh.1` manpage were not balanced,
this balances them.

Signed-off-by: Arnout Engelen <arnout@bzzt.net>
8 months agoupstream: fix argument of "Compression" directive in ssh -G config
djm@openbsd.org [Wed, 27 Nov 2024 16:07:08 +0000 (16:07 +0000)] 
upstream: fix argument of "Compression" directive in ssh -G config

dump, which used to work but broke in 9.8

OpenBSD-Commit-ID: c79936242d29c70d01941b28d2d07fd0b85fe46f

8 months agoupstream: new name/link for agent I-D
djm@openbsd.org [Wed, 27 Nov 2024 13:27:34 +0000 (13:27 +0000)] 
upstream: new name/link for agent I-D

OpenBSD-Commit-ID: e3420f3925a297a1b2ab7dfe7c7d274cfc8e1193

8 months agoupstream: mention that biometrics may be used for FIDO key user
djm@openbsd.org [Wed, 27 Nov 2024 13:00:23 +0000 (13:00 +0000)] 
upstream: mention that biometrics may be used for FIDO key user

verification as well as PIN. Prompted by Zack Newman, ok jmc@

OpenBSD-Commit-ID: b774a4438c9be70012661ee278450790d21277b8

8 months agoupstream: g/c outdated XXX comments
djm@openbsd.org [Tue, 26 Nov 2024 22:05:51 +0000 (22:05 +0000)] 
upstream: g/c outdated XXX comments

OpenBSD-Commit-ID: 74d0c0b74994d9a4343c4d7ea4948cb34f609a6c

8 months agoupstream: regression test for UpdateHostkeys with multiple keys backed
djm@openbsd.org [Tue, 26 Nov 2024 22:02:28 +0000 (22:02 +0000)] 
upstream: regression test for UpdateHostkeys with multiple keys backed

by ssh-agent. Patch from Maxime Rey.

OpenBSD-Regress-ID: 1777ab6e639e57c0e20cbcb6df60455b49fd8bb3

8 months agoupstream: Explicitly specify the signature algorithm when signing
djm@openbsd.org [Tue, 26 Nov 2024 22:01:37 +0000 (22:01 +0000)] 
upstream: Explicitly specify the signature algorithm when signing

hostkeys-prove requests.

Fixes a corner-case triggered by UpdateHostKeys with one or more unknown
host keys stored in ssh-agent where sshd refuses to accept the signature
coming back from the agent.

Report/fix from Maxime Rey

OpenBSD-Commit-ID: 460c7d527a24f92b7e5f68ca1a2fa242ebf0d086

8 months agoupstream: when using RSA keys to sign messages, select the
djm@openbsd.org [Tue, 26 Nov 2024 21:23:35 +0000 (21:23 +0000)] 
upstream: when using RSA keys to sign messages, select the

signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx").

This allows using something other than rsa-sha2-512, which may not
be supported on all signing backends, e.g. some smartcards only
support SHA256.

Patch from Morten Linderud; ok markus@

OpenBSD-Commit-ID: 246353fac24e92629263996558c6788348363ad7

8 months agoupstream: turn off CDIAGFLAGS and turn back on INSTALL_STRIP
djm@openbsd.org [Sun, 24 Nov 2024 23:47:50 +0000 (23:47 +0000)] 
upstream: turn off CDIAGFLAGS and turn back on INSTALL_STRIP

accidentally changed in last commit

OpenBSD-Commit-ID: 6d07e4606997e36b860621a14dd41975f2902f8f

9 months agoDisable security key for bigendian interop. 403/head
Darren Tucker [Sat, 9 Nov 2024 00:41:44 +0000 (11:41 +1100)] 
Disable security key for bigendian interop.

It doesn't currently work.  It's not clear why, but I suspect
sk-dummy.so ends up being built for the wrong architecture.

9 months agoReshuffle OpenWRT test configs.
Darren Tucker [Fri, 8 Nov 2024 18:14:16 +0000 (05:14 +1100)] 
Reshuffle OpenWRT test configs.

Move the the flags used by the OpenWRT distro to mipsel target and
enable OpenSSL on all targets to improve coverage.

Explicitly disable security key and openssl on mips target so that host
end of the bigendian interop tests don't attempt them and fail (since
they're not enabled on the target side).

9 months agoAdd keytype to bigendian interop test.
Darren Tucker [Fri, 8 Nov 2024 16:26:08 +0000 (03:26 +1100)] 
Add keytype to bigendian interop test.

9 months agoIgnore chown failure, eg due to dangling symlinks.
Darren Tucker [Fri, 8 Nov 2024 16:24:29 +0000 (03:24 +1100)] 
Ignore chown failure, eg due to dangling symlinks.

9 months agoTest bigendian interop.
Darren Tucker [Sat, 2 Nov 2024 07:05:41 +0000 (18:05 +1100)] 
Test bigendian interop.

Where our test target is a bigendian system, do an additional build on
the runner host (which is little endian) and test interop between the two.
Should hopefully catch obvious endianness bugs.

9 months agoAllow overridding TEST_SSH_SSHD.
Darren Tucker [Fri, 1 Nov 2024 08:44:29 +0000 (19:44 +1100)] 
Allow overridding TEST_SSH_SSHD.

This will allow tests to specify an alternative sshd, eg on a remote
machine with different endianness.

9 months agoupstream: ssh-agent implemented an all-or-nothing allow-list of
djm@openbsd.org [Wed, 6 Nov 2024 22:51:26 +0000 (22:51 +0000)] 
upstream: ssh-agent implemented an all-or-nothing allow-list of

FIDO application IDs for security key-backed keys, to prevent web key handles
from being used remotely as this would likely lead to unpleasant surprises.
By default, only application IDs that start with "ssh:*" are allowed.

This adds a -Owebsafe-allow=... argument that can override the default
list with a more or less restrictive one. The default remains unchanged.

ok markus@

OpenBSD-Commit-ID: 957c1ed92a8d7c87453b9341f70cb3f4e6b23e8d

9 months agoupstream: Ignore extra groups that don't fit in the buffer passed
jca@openbsd.org [Mon, 4 Nov 2024 21:59:15 +0000 (21:59 +0000)] 
upstream: Ignore extra groups that don't fit in the buffer passed

to getgrouplist(3)

Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents
an admin from adding a user to more groups.  With that tweak we'll keep
on ignoring them instead of potentially reading past the buffer passed to
getgrouplist(3).  That behavior is explicitely described in initgroups(3).

ok millert@ gilles@

OpenBSD-Commit-ID: a959fc45ea3431b36f52eda04faefc58bcde00db

9 months agoAdd git signing key for Tim Rice
Damien Miller [Mon, 4 Nov 2024 03:39:27 +0000 (14:39 +1100)] 
Add git signing key for Tim Rice

9 months agoCorrect path to c-cpp.yml file in workflow config.
Darren Tucker [Fri, 1 Nov 2024 07:51:22 +0000 (18:51 +1100)] 
Correct path to c-cpp.yml file in workflow config.

9 months agoTest new OpenSSL and LibreSSL releases.`
Darren Tucker [Fri, 1 Nov 2024 07:44:42 +0000 (18:44 +1100)] 
Test new OpenSSL and LibreSSL releases.`

9 months agoAdd nbsd10 default test config.
Darren Tucker [Fri, 1 Nov 2024 07:44:00 +0000 (18:44 +1100)] 
Add nbsd10 default test config.

9 months agofix uint64_t types; reported by Tom G. Christensen 526/head
Damien Miller [Wed, 30 Oct 2024 03:25:14 +0000 (14:25 +1100)] 
fix uint64_t types; reported by Tom G. Christensen

9 months agohtole64() etc for systems without endian.h
Damien Miller [Sun, 27 Oct 2024 02:28:11 +0000 (13:28 +1100)] 
htole64() etc for systems without endian.h

9 months agoupstream: explicitly include endian.h
djm@openbsd.org [Sun, 27 Oct 2024 02:06:59 +0000 (02:06 +0000)] 
upstream: explicitly include endian.h

OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318

9 months agoupstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
djm@openbsd.org [Sun, 27 Oct 2024 02:06:01 +0000 (02:06 +0000)] 
upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by

jsg@ feedback/ok deraadt@

OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0

9 months agoupstream: mlkem768x25519-sha256 has been promoted to default key
naddy@openbsd.org [Fri, 25 Oct 2024 21:53:24 +0000 (21:53 +0000)] 
upstream: mlkem768x25519-sha256 has been promoted to default key

exchange

OpenBSD-Commit-ID: 5a3259a193fd42108a869ebf650b95b5f2d08dcf

9 months agoRetire the minix3 test config.
Darren Tucker [Fri, 25 Oct 2024 08:04:30 +0000 (19:04 +1100)] 
Retire the minix3 test config.

It got broken by the sshd-auth change, it's not obvious why, and the
platform lacks the debugging tools (eg gdb, strace) to figure it out.
The upstream project seems effectively dead (6 years since the last
commit, 10 since the last release).  It was useful while it lasted
(we found a real bug because of it) but its time seems to have passed.

9 months agoUpdated gitignore to ignore sshd-session and sshd-auth targets
Preetish Amballi [Mon, 21 Oct 2024 14:07:02 +0000 (14:07 +0000)] 
Updated gitignore to ignore sshd-session and sshd-auth targets

9 months agoSimplify pselect shim and remove side effects.
Darren Tucker [Fri, 25 Oct 2024 08:01:02 +0000 (19:01 +1100)] 
Simplify pselect shim and remove side effects.

Instead of maintaing state (pipe descriptors, signal handlers) across
pselect-on-select invocations, set up and restore them each call.
This prevents outside factors (eg a closefrom or signal handler
installation) from potentially causing problems.  This does result in a
drop in throughput of a couple of percent on geriatric platforms without
a native pselect due to the extra overhead.  Tweaks & ok djm@

9 months agoupstream: promote mlkem768x25519-sha256 to be the default key exchange;
djm@openbsd.org [Fri, 25 Oct 2024 01:34:18 +0000 (01:34 +0000)] 
upstream: promote mlkem768x25519-sha256 to be the default key exchange;

ok markus@

OpenBSD-Commit-ID: fc673065e6505bb06b2e2b9362f78ccb4200a828

9 months agoupstream: test SIGUSR1 dropping all keys from ssh-agent
djm@openbsd.org [Thu, 24 Oct 2024 03:28:34 +0000 (03:28 +0000)] 
upstream: test SIGUSR1 dropping all keys from ssh-agent

OpenBSD-Regress-ID: 8654b9aa8eb695b1499fffc408c25319592bf0e0

9 months agoupstream: amake ssh-agent drop all keys when it receives SIGUSR1;
djm@openbsd.org [Thu, 24 Oct 2024 03:15:47 +0000 (03:15 +0000)] 
upstream: amake ssh-agent drop all keys when it receives SIGUSR1;

let's users zap keys without access to $SSH_AUTH_SOCK

ok deraadt@

OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023

9 months agoupstream: relax valid_domain() checks to allow an underscore as the
djm@openbsd.org [Thu, 24 Oct 2024 03:14:37 +0000 (03:14 +0000)] 
upstream: relax valid_domain() checks to allow an underscore as the

first character. ok deraadt@

OpenBSD-Commit-ID: 3f8be6d32496e5596dd8b14e19cb067ddd7969ef

9 months agoupstream: Remove sshd logfile in start_sshd
dtucker@openbsd.org [Tue, 22 Oct 2024 07:13:28 +0000 (07:13 +0000)] 
upstream: Remove sshd logfile in start_sshd

... and ssh and sshd log wrappers before recreating them.  Prevents "can't
create" errors during tests when running tests without SUDO after having
run them with SUDO.

OpenBSD-Regress-ID: 2f0a83532e3dccd673a9bf0291090277268c69a6

9 months agoupstream: Add a sshd debug wrapper
dtucker@openbsd.org [Tue, 22 Oct 2024 06:16:26 +0000 (06:16 +0000)] 
upstream: Add a sshd debug wrapper

... to run all of the subprograms from the build directory while
developing and debugging.  Should help prevent accidentally testing
against unchanged installed sshd-auth and sshd-session binaries. ok djm@

OpenBSD-Commit-ID: 61760cdc98c2bc8f1e9f83a6f97cca0f66b52e69

9 months agoupstream: Make debug call printf("%s", NULL) safe.
dtucker@openbsd.org [Tue, 22 Oct 2024 06:13:00 +0000 (06:13 +0000)] 
upstream: Make debug call printf("%s", NULL) safe.

Prevents problems on platforms where this isn't safe (which it's not
required to be).  ok djm@

OpenBSD-Commit-ID: 8fa4ce3ad90915c925b81b99a79ab920b0523387

9 months agoResync cvsid missed in commit 6072e4c9.
Darren Tucker [Tue, 22 Oct 2024 06:48:32 +0000 (17:48 +1100)] 
Resync cvsid missed in commit 6072e4c9.

9 months agoupstream: mention that LocalForward and RemoteForward can accept Unix
djm@openbsd.org [Fri, 18 Oct 2024 05:53:26 +0000 (05:53 +0000)] 
upstream: mention that LocalForward and RemoteForward can accept Unix

domain socket paths; GHPR115

OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842

9 months agoupstream: remove duplicate check; GHPR392 from Pedro Martelletto
djm@openbsd.org [Fri, 18 Oct 2024 05:45:40 +0000 (05:45 +0000)] 
upstream: remove duplicate check; GHPR392 from Pedro Martelletto

OpenBSD-Commit-ID: 597ab7dd3f0e78939d2659fc1904d0f39ee95487

9 months agoupstream: allow "-" as output file for moduli screening
djm@openbsd.org [Fri, 18 Oct 2024 05:37:24 +0000 (05:37 +0000)] 
upstream: allow "-" as output file for moduli screening

based on GHPR393

OpenBSD-Commit-ID: 1517763764eb55d03a6092dd120d2909c6fef0e1

9 months agoupstream: ssh-keyscan doesn't need it's own sshfatal() definition, it
djm@openbsd.org [Fri, 18 Oct 2024 05:32:51 +0000 (05:32 +0000)] 
upstream: ssh-keyscan doesn't need it's own sshfatal() definition, it

can use the shared one from fatal.c

based on GHPR401 from lengyijun

OpenBSD-Commit-ID: 8ea75ea99f27f464c9223cbc89cb046ccf9cd5c4

9 months agoupstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type when
djm@openbsd.org [Fri, 18 Oct 2024 05:14:51 +0000 (05:14 +0000)] 
upstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type when

arranging the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I
guess others are using it

based on GHPR387 from Pawel Jakub Dawidek

OpenBSD-Commit-ID: 4d462495ac0c40f7b7dd66178e0005b9b2128225

9 months agoupstream: require control-escape character sequences passed via the '-e
djm@openbsd.org [Fri, 18 Oct 2024 05:03:34 +0000 (05:03 +0000)] 
upstream: require control-escape character sequences passed via the '-e

^x' commandline to be exactly two characters long. Avoids one by OOB read if
ssh is invoked as "ssh -e^ ..."

Spotted by Maciej Domanski in GHPR368

OpenBSD-Commit-ID: baa72bc60898fc5639e6c62de7493a202c95823d

9 months agoupstream: remove addr.[ch] functions that are unused and
djm@openbsd.org [Fri, 18 Oct 2024 04:30:09 +0000 (04:30 +0000)] 
upstream: remove addr.[ch] functions that are unused and

visbility-restrict ones that are unused outside the implementation itself;
based on GHPR#282 by tobias@

OpenBSD-Commit-ID: a0140f2418b4d46cfaa7b33febc0a0931f9b2744

9 months agoupstream: unreachable POLLERR case; from ya0guang via GHPR485
djm@openbsd.org [Fri, 18 Oct 2024 04:14:59 +0000 (04:14 +0000)] 
upstream: unreachable POLLERR case; from ya0guang via GHPR485

OpenBSD-Commit-ID: b3c82655190532b01eb817e532742cfaa4687eff

9 months agoupstream: s/Sx/Cm/ for external references; from Domen Puncer
djm@openbsd.org [Fri, 18 Oct 2024 04:11:54 +0000 (04:11 +0000)] 
upstream: s/Sx/Cm/ for external references; from Domen Puncer

Kugler via GHPR501

OpenBSD-Commit-ID: f864a34feb5d5ff17160cf7c42ad0f7744fe8a3f

9 months agoupstream: mention SshdAuthPath option; ok djm@
naddy@openbsd.org [Mon, 14 Oct 2024 23:53:34 +0000 (23:53 +0000)] 
upstream: mention SshdAuthPath option; ok djm@

OpenBSD-Commit-ID: 9a5d3add25e4e77bd3805bc5583a842ecf34d85c

9 months agoRemove references to systrace and pledge sandboxes.
Darren Tucker [Fri, 18 Oct 2024 02:37:55 +0000 (13:37 +1100)] 
Remove references to systrace and pledge sandboxes.

ok djm@

9 months agoFix "undeclared 'ut'" error by replacing it with 'utx'
Pavel Miadzvedzeu [Wed, 24 Apr 2024 07:19:56 +0000 (10:19 +0300)] 
Fix "undeclared 'ut'" error by replacing it with 'utx'

10 months agoSeed RNG when starting up sshd-auth.
Darren Tucker [Thu, 17 Oct 2024 09:50:29 +0000 (20:50 +1100)] 
Seed RNG when starting up sshd-auth.

Makes builds configured --without-openssl work again since otherwise
the first use of the RNG comes after the sandbox init and it can't
open /dev/random.

10 months agoMacOS 12 runners are deprecated, replace with 15.
Darren Tucker [Thu, 17 Oct 2024 08:18:23 +0000 (19:18 +1100)] 
MacOS 12 runners are deprecated, replace with 15.

10 months agoFix lookup path for sshd-auth; bz3745
Damien Miller [Thu, 17 Oct 2024 02:28:47 +0000 (13:28 +1100)] 
Fix lookup path for sshd-auth; bz3745

10 months agofix breakage; missing saved_argc symbol
Damien Miller [Tue, 15 Oct 2024 21:28:21 +0000 (08:28 +1100)] 
fix breakage; missing saved_argc symbol

10 months agofix capsicum sandbox
Damien Miller [Mon, 14 Oct 2024 06:17:50 +0000 (17:17 +1100)] 
fix capsicum sandbox

10 months agoput back some portable bits for sshd-auth.c
Damien Miller [Mon, 14 Oct 2024 06:16:41 +0000 (17:16 +1100)] 
put back some portable bits for sshd-auth.c

10 months agothere's only one sandbox, move to a static global
Damien Miller [Mon, 14 Oct 2024 03:49:25 +0000 (14:49 +1100)] 
there's only one sandbox, move to a static global

10 months agodepend
Damien Miller [Mon, 14 Oct 2024 03:49:20 +0000 (14:49 +1100)] 
depend

10 months agoupstream: regress support for split sshd-auth binary
djm@openbsd.org [Mon, 14 Oct 2024 03:02:08 +0000 (03:02 +0000)] 
upstream: regress support for split sshd-auth binary

OpenBSD-Regress-ID: df7d18a87b475f70004770f0f4e404adba5f6ab7

10 months agoupstream: test some more Match syntax, including criteria=arg and
djm@openbsd.org [Fri, 27 Sep 2024 01:05:54 +0000 (01:05 +0000)] 
upstream: test some more Match syntax, including criteria=arg and

negations

OpenBSD-Regress-ID: 67476baccc60bf1a255fd4e329ada950047b8b8d

10 months agoupstream: Split per-connection sshd-session binary
djm@openbsd.org [Mon, 14 Oct 2024 01:57:50 +0000 (01:57 +0000)] 
upstream: Split per-connection sshd-session binary

This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.

Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.

Joint work with markus@ feedback deraadt@

Tested in snaps since last week

OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c

10 months agoupstream: don't start the ObscureKeystrokeTiming mitigations if
djm@openbsd.org [Sun, 13 Oct 2024 22:20:06 +0000 (22:20 +0000)] 
upstream: don't start the ObscureKeystrokeTiming mitigations if

there has been traffic on a X11 forwarding channel recently.

Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655

OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab

10 months agoupstream: remove duplicate misc.h include ok dtucker@
jsg@openbsd.org [Sat, 12 Oct 2024 10:50:37 +0000 (10:50 +0000)] 
upstream: remove duplicate misc.h include ok dtucker@

OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e

10 months agoupstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
djm@openbsd.org [Sun, 6 Oct 2024 23:37:17 +0000 (23:37 +0000)] 
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key

exchange in sshd by default. Specifically, this removes the
diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
is unchanged and continues to support these methods by default.

Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.

ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.

ok markus@

OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da

10 months agoupstream: fix previous change to ssh_config Match, which broken on
djm@openbsd.org [Thu, 26 Sep 2024 23:55:08 +0000 (23:55 +0000)] 
upstream: fix previous change to ssh_config Match, which broken on

negated Matches; spotted by phessler@ ok deraadt@

OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7

10 months agoupstream: remove some unused defines; ok djm@
jsg@openbsd.org [Wed, 25 Sep 2024 23:01:39 +0000 (23:01 +0000)] 
upstream: remove some unused defines; ok djm@

OpenBSD-Commit-ID: 3a63e4e11d455704f684c28715d61b17f91e0996

10 months agoupstream: remove some unneeded Xo/Xc calls; from evan silberman the
jmc@openbsd.org [Wed, 25 Sep 2024 06:13:01 +0000 (06:13 +0000)] 
upstream: remove some unneeded Xo/Xc calls; from evan silberman the

original diff had a couple of errors, which i've fixed

OpenBSD-Commit-ID: f37ad5888adbc0d4e1cd6b6de237841f4b1e650d

10 months agoupstream: fix regression introduced when I switched the "Match"
djm@openbsd.org [Wed, 25 Sep 2024 01:24:04 +0000 (01:24 +0000)] 
upstream: fix regression introduced when I switched the "Match"

criteria tokeniser to a more shell-like one. Apparently the old tokeniser
(accidentally?) allowed "Match criteria=argument" as well as the "Match
criteria argument" syntax that we tested for.

People were using this syntax so this adds back support for
"Match criteria=argument"

bz3739 ok dtucker

OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a

10 months agoupstream: some extra paranoia, reminded by jsg@
djm@openbsd.org [Tue, 24 Sep 2024 02:28:17 +0000 (02:28 +0000)] 
upstream: some extra paranoia, reminded by jsg@

OpenBSD-Commit-ID: 22072bfa1df1391858ae7768a6c627e08593a91e

10 months agogss-serv.c needs sys/param.h
Damien Miller [Wed, 25 Sep 2024 01:15:45 +0000 (11:15 +1000)] 
gss-serv.c needs sys/param.h

From Void Linux

10 months agobuild construct_utmp() when USE_BTMP is set
Damien Miller [Wed, 25 Sep 2024 01:13:05 +0000 (11:13 +1000)] 
build construct_utmp() when USE_BTMP is set

Fixes compile error on Void Linux/Musl

10 months agoTest the flags from OpenWRT's package.
Darren Tucker [Tue, 24 Sep 2024 08:41:44 +0000 (18:41 +1000)] 
Test the flags from OpenWRT's package.

10 months agofix utmpx ifdef
Christoph Ostarek [Wed, 3 Jul 2024 10:46:59 +0000 (12:46 +0200)] 
fix utmpx ifdef

02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for
utmpx, but forgot to change the ifdef appropriately

10 months agoupstream: remove some unused defines; ok djm@
jsg@openbsd.org [Sun, 22 Sep 2024 12:56:21 +0000 (12:56 +0000)] 
upstream: remove some unused defines; ok djm@

OpenBSD-Commit-ID: 81869ee6356fdbff19dae6ff757095e6b24de712

10 months agoupstream: remove unneeded semicolons; checked by millert@
jsg@openbsd.org [Fri, 20 Sep 2024 02:00:46 +0000 (02:00 +0000)] 
upstream: remove unneeded semicolons; checked by millert@

OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231

10 months agoAdd 9.9 branch to CI status console.
Darren Tucker [Mon, 23 Sep 2024 10:52:31 +0000 (20:52 +1000)] 
Add 9.9 branch to CI status console.

10 months agoupdate version numbers
Damien Miller [Thu, 19 Sep 2024 22:20:13 +0000 (08:20 +1000)] 
update version numbers

10 months agoupstream: openssh-9.9
djm@openbsd.org [Thu, 19 Sep 2024 22:17:44 +0000 (22:17 +0000)] 
upstream: openssh-9.9

OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98

10 months agoinclude openbsd-compat/base64.c license in LICENSE
Damien Miller [Wed, 18 Sep 2024 06:03:23 +0000 (16:03 +1000)] 
include openbsd-compat/base64.c license in LICENSE

10 months agoconditionally include mman.h in arc4random code
Damien Miller [Tue, 17 Sep 2024 23:01:23 +0000 (09:01 +1000)] 
conditionally include mman.h in arc4random code

11 months agofix bug in recently-added sntrup761 fuzzer
Damien Miller [Tue, 17 Sep 2024 01:53:24 +0000 (11:53 +1000)] 
fix bug in recently-added sntrup761 fuzzer

key values need to be static to persist across invocations;
spotted by the Qualys Security Advisory team.

11 months agoupstream: use 64 bit math to avoid signed underflow. upstream code
djm@openbsd.org [Mon, 16 Sep 2024 05:37:05 +0000 (05:37 +0000)] 
upstream: use 64 bit math to avoid signed underflow. upstream code

relies on using -fwrapv to provide defined over/underflow behaviour, but we
use -ftrapv to catch integer errors and abort the program. ok dtucker@

OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b

11 months agoupstream: minor grammar/sort fixes for refuseconnection; ok djm
jmc@openbsd.org [Sun, 15 Sep 2024 08:27:38 +0000 (08:27 +0000)] 
upstream: minor grammar/sort fixes for refuseconnection; ok djm

OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da

11 months agoavoid gcc warning in fuzz test
Damien Miller [Sun, 15 Sep 2024 03:30:13 +0000 (13:30 +1000)] 
avoid gcc warning in fuzz test

11 months agoupstream: bad whitespace in config dump output
djm@openbsd.org [Sun, 15 Sep 2024 03:09:44 +0000 (03:09 +0000)] 
upstream: bad whitespace in config dump output

OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c

11 months agouse construct_utmp to construct btmp records
Damien Miller [Sun, 15 Sep 2024 02:53:59 +0000 (12:53 +1000)] 
use construct_utmp to construct btmp records

Simpler and removes some code with the old-style BSD license.

11 months agoupstream: update the Streamlined NTRU Prime code from the "ref"
djm@openbsd.org [Sun, 15 Sep 2024 02:20:51 +0000 (02:20 +0000)] 
upstream: update the Streamlined NTRU Prime code from the "ref"

implementation in SUPERCOP 20201130 to the "compact" implementation in
SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel
J Bernstein for pointing out the new implementation (and of course for
writing it).

tested in snaps/ok deraadt@

OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb