1commit 4168c905943f7f715182180b9f7c8cda54af2514 2Author: Damien Miller <djm@mindrot.org> 3Date: Thu Apr 2 18:56:48 2026 +1100 4 5 depend 6 7commit f8b9d694fc20349b6c48a4af03a0499dea00f5f9 8Author: Damien Miller <djm@mindrot.org> 9Date: Thu Apr 2 18:55:50 2026 +1100 10 11 Update versions in RPM spec files 12 13commit 5aa09926fbf050d484a79717fadec8360c5c5645 14Author: djm@openbsd.org <djm@openbsd.org> 15Date: Thu Apr 2 07:52:15 2026 +0000 16 17 upstream: adapt to username validity check change 18 19 OpenBSD-Regress-ID: d22c66ca60f0d934a75e6ca752c4c11b9f4a5324 20 21commit eb3a5bb2abd4798ff546564eb2210d188efaf0f1 22Author: djm@openbsd.org <djm@openbsd.org> 23Date: Thu Apr 2 07:51:12 2026 +0000 24 25 upstream: openssh-10.3 26 27 OpenBSD-Commit-ID: 05e22de74e090e5a174998fa5799317d70ad19c4 28 29commit 76685c9b09a66435cd2ad8373246adf1c53976d3 30Author: djm@openbsd.org <djm@openbsd.org> 31Date: Thu Apr 2 07:50:55 2026 +0000 32 33 upstream: move username validity check for usernames specified on 34 35 the commandline to earlier in main(), specifically before some contexts where 36 a username with shell characters might be expanded by a %u directive in 37 ssh_config. 38 MIME-Version: 1.0 39 Content-Type: text/plain; charset=UTF-8 40 Content-Transfer-Encoding: 8bit 41 42 We continue to recommend against using untrusted input on 43 the SSH commandline. Mitigations like this are not 100% 44 guarantees of safety because we can't control every 45 combination of user shell and configuration where they are 46 used. 47 48 Reported by Florian Kohnhäuser 49 50 OpenBSD-Commit-ID: 25ef72223f5ccf1c38d307ae77c23c03f59acc55 51 52commit fd1c7e131f331942d20f42f31e79912d570081fa 53Author: djm@openbsd.org <djm@openbsd.org> 54Date: Thu Apr 2 07:48:13 2026 +0000 55 56 upstream: correctly match ECDSA signature algorithms against 57 58 algorithm allowlists: HostKeyAlgorithms, PubkeyAcceptedAlgorithms and 59 HostbasedAcceptedAlgorithms. 60 61 Previously, if any ECDSA type (say "ecdsa-sha2-nistp521") was 62 present in one of these lists, then all ECDSA algorithms would 63 be permitted. 64 65 Reported by Christos Papakonstantinou of Cantina and Spearbit. 66 67 OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86 68 69commit 487e8ac146f7d6616f65c125d5edb210519b833a 70Author: djm@openbsd.org <djm@openbsd.org> 71Date: Thu Apr 2 07:42:16 2026 +0000 72 73 upstream: when downloading files as root in legacy (-O) mode and 74 75 without the -p (preserve modes) flag set, clear setuid/setgid bits from 76 downloaded files as one might expect. 77 78 AFAIK this bug dates back to the original Berkeley rcp program. 79 80 Reported by Christos Papakonstantinou of Cantina and Spearbit. 81 82 OpenBSD-Commit-ID: 49e902fca8dd933a92a9b547ab31f63e86729fa1 83 84commit c805b97b67c774e0bf922ffb29dfbcda9d7b5add 85Author: djm@openbsd.org <djm@openbsd.org> 86Date: Thu Apr 2 07:39:57 2026 +0000 87 88 upstream: add missing askpass check when using 89 90 ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis 91 Vasileiadis 92 93 OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a 94 95commit 78d549857e0cc480c3cbb0a3571078920e3b79c5 96Author: djm@openbsd.org <djm@openbsd.org> 97Date: Thu Apr 2 07:38:14 2026 +0000 98 99 upstream: Fix possible sshd crash when sshd_config set MaxStartups 100 101 to a value <10 using the single-argument form of MaxStartups (e.g. 102 MaxStartups=3). This doesn't affect the three-argument form of the directive 103 (e.g. MaxStartups 3:20:5). 104 105 Patch from Peter Kaestle via bz3941 106 107 OpenBSD-Commit-ID: 1ad093cae69f55ebfdea1ab24318aefd593d63b8 108 109commit 5d72f1865b95ebfd99ea7baa8f6f2a4b721d151e 110Author: Damien Miller <djm@mindrot.org> 111Date: Thu Apr 2 18:32:00 2026 +1100 112 113 properly bail out when PAM changes username 114 115 OpenSSH doesn't support PAM changing its conception of the 116 username via a module calling pam_set_item(h, PAM_USER, ...). 117 We were supposed to bail out here, but I messed up while "fixing" 118 this last time and dropped a return statement. 119 120 Reported by Mike Damm 121 122commit fe86c39751d38eb9e9b03ace1e31aa4586ea6660 123Author: Michael Forney <mforney@mforney.org> 124Date: Wed Apr 1 12:09:00 2026 +1100 125 126 avoid k suffix in dd count operand in sftp-resume test 127 128 Not all dd implementations support this. POSIX only specifies 129 suffixes for block size operands. 130 131 Instead, just use 1024k to avoid the special case. This also removes 132 an incorrect redirection operator that appeared in the 1m case. 133 134commit 52c01f2a8019002c70cfd93be87ff9adee1d0e73 135Author: Michael Forney <mforney@mforney.org> 136Date: Tue Mar 31 12:54:22 2026 +1100 137 138 add missing <stdio.h> include to unit tests for printf 139 140 This fixes the build with --without-openssl on musl. glibc worked 141 previously because it got stdio.h implicitly through resolv.h. 142 143commit 1340d3fa8e4bb122906a82159c4c9b91584d65ce 144Author: Darren Tucker <dtucker@dtucker.net> 145Date: Mon Mar 30 21:58:44 2026 +1100 146 147 Add proxyjump.sh omitted from previous commit. 148 149commit 607bd871ec029e9aa22e632a22547250f3cae223 150Author: djm@openbsd.org <djm@openbsd.org> 151Date: Mon Mar 30 07:19:02 2026 +0000 152 153 upstream: add a regression test for ProxyJump/-J; ok dtucker 154 155 OpenBSD-Regress-ID: 400dc1b5fb7f2437d0dfbd2eb9a3583dafb412b3 156 157commit 55fc7bfd1d3a46f4856fd68f09da60d901fac626 158Author: dtucker@openbsd.org <dtucker@openbsd.org> 159Date: Tue Mar 24 12:31:35 2026 +0000 160 161 upstream: Use ~/.shosts for Hostbased test. 162 163 OpenBSD-Regress-ID: ab64fd0a86422df1eadacde56c0a2cff5d93425d 164 165commit 445db5cb620d73c9af1f1791c523aaf3d2236854 166Author: dtucker@openbsd.org <dtucker@openbsd.org> 167Date: Tue Mar 24 10:21:14 2026 +0000 168 169 upstream: Ensure known_hosts file exists when setting up. 170 171 OpenBSD-Regress-ID: 92721cad4c219fe62b7b795a73505c22e56f09e0 172 173commit 2ecfcc0aae651621535e345a1c23ff6d2a9593c9 174Author: dtucker@openbsd.org <dtucker@openbsd.org> 175Date: Mon Mar 23 09:53:52 2026 +0000 176 177 upstream: Check if host keys exist before adding them, and expand 178 179 on the warning about modifying the system config. 180 181 OpenBSD-Regress-ID: 68038da909f9c992375b7665dab0331d6af426b7 182 183commit 5576e260a0f9836ca55c8279e342c63d1a0851d1 184Author: dtucker@openbsd.org <dtucker@openbsd.org> 185Date: Mon Mar 23 09:09:36 2026 +0000 186 187 upstream: Add special handling of 188 189 TEST_SSH_HOSTBASED_AUTH=setupandrun. 190 191 This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable 192 hostbased authentication to/from itself and run the hostbased tests. It 193 won't undo these changes, so don't do this on a system where this matters. 194 195 OpenBSD-Regress-ID: ae5a86db1791a2b8f999b07b5c8cc756d40bf645 196 197commit 0a0ef4515361143cad21afa072319823854c1cf6 198Author: djm@openbsd.org <djm@openbsd.org> 199Date: Mon Mar 30 07:18:24 2026 +0000 200 201 upstream: apply the same validity rules to usernames and hostnames 202 203 set for ProxyJump/-J on the commandline as we do for destination user/host 204 names. 205 206 Specifically, they are no longer allowed to contain most characters 207 that have special meaning for common shells. Special characters are 208 still allowed in ProxyJump commands that are specified in the config 209 files. 210 211 This _reduces_ the chance that shell characters from a hostile -J 212 option from ending up in a shell execution context. 213 214 Don't pass untrusted stuff to the ssh commandline, it's not intended 215 to be a security boundary. We try to make it safe where we can, but 216 we can't make guarantees, because we can't know the parsing rules 217 and special characters for all the shells in the world, nor can we 218 know what the user does with this data in their ssh_config wrt 219 percent expansion, LocalCommand, match exec, etc. 220 221 While I'm in there, make ProxyJump and ProxyCommand first-match-wins 222 between each other. 223 224 reported by rabbit; ok dtucker@ 225 226 OpenBSD-Commit-ID: f05ad8a1eb5f6735f9a935a71a90580226759263 227 228commit b62a6cfbed3481dac8bff35fab22cf489bb0b77f 229Author: djm@openbsd.org <djm@openbsd.org> 230Date: Sun Mar 29 01:08:13 2026 +0000 231 232 upstream: switch from int to long long for bandwidth calculations; 233 234 fixes rate display when rate > 2GB/s; based on patch from Cyril Servant 235 feedback/ok deraadt@ 236 237 OpenBSD-Commit-ID: 071eb48c4cba598d70ea3854bef7c49ddfabf8d3 238 239commit 54443b8665c9c29ea0e3f5a5176d8f3c3403ad7c 240Author: Damien Miller <djm@mindrot.org> 241Date: Sun Mar 29 16:43:59 2026 +1100 242 243 depend 244 245commit c90f46b6230826cdadacd6c32b62b0f8106a09da 246Author: Damien Miller <djm@mindrot.org> 247Date: Sun Mar 29 16:42:33 2026 +1100 248 249 use nonnull attribute when available 250 251 Set this attribute on a few string to avoid compiler warnings from 252 -Wunterminated-string-initialization warnings in recent gcc. 253 254commit bdaf65ae51d62c6cb676bd341cc34217c1b24920 255Author: Damien Miller <djm@mindrot.org> 256Date: Sun Mar 29 16:24:59 2026 +1100 257 258 fix state confusion between PAM and privsep code 259 260 Commits b9a6dd4d6 and df2b28163 introduced a potential desynchronisation 261 between the PAM code and the sshd-session monitor that could result in 262 authentication bypass if the unprivileged sshd-auth process had been 263 compromised. 264 265 Reported by Ben Edelman of NIST. Only git HEAD is affected, these 266 changes have not yet been included in an OpenSSH release. 267 268commit 6eb5a68c42a587df802d3d9a19088671269ffca8 269Author: Laurent Chardon <laurent.chardon@gmail.com> 270Date: Sat Mar 28 04:22:54 2026 -0400 271 272 openbsd-compat: reword EAI_NONAME error string 273 274 Reword the EAI_NONAME message in fake-rfc2553.c to make it 275 clearer and grammatically correct. 276 277 While there, remove a couple of stray periods from other error 278 strings to keep the messages consistent. 279 280 No functional change. 281 282commit fd7d4b2b52deaf296b06d78b85c97fdae31912e8 283Author: Icenowy Zheng <uwu@icenowy.me> 284Date: Sun Mar 22 15:13:31 2026 +0800 285 286 seccomp sandbox: allow riscv_hwprobe syscall if present 287 288 The development branch of zlib-ng now contains code for utilizing 289 riscv_hwprobe syscall to retrieve availability information for several 290 RISC-V extensions (and accelerate deflate algorithm with them). 291 292 As the seccomp sandbox of OpenSSH will raise SIGSYS for filtered out 293 syscalls, this will abruptly terminate the process when the 294 riscv_hwprobe syscall is tried. 295 296 Put it into the allowlist to prevent process termination. As all 297 syscalls here are guarded by #ifdef's, the same will be done for 298 riscv_hwprobe, and thus on non-RISC-V builds nothing will happen. 299 300 Signed-off-by: Icenowy Zheng <uwu@icenowy.me> 301 302commit fd5018fbeb6e91ae4321490c2825ecc632b83748 303Author: djm@openbsd.org <djm@openbsd.org> 304Date: Sat Mar 28 05:16:18 2026 +0000 305 306 upstream: ensure c->local_window doesn't underflow during updates; 307 308 similar to checks performed elsewhere. From Renaud Allard 309 310 OpenBSD-Commit-ID: 4827c10807936e9ab9af2cf1c7379e1f56dbdeac 311 312commit 8331cb9daafd23391de4379e9977ff159bb8242e 313Author: djm@openbsd.org <djm@openbsd.org> 314Date: Sat Mar 28 05:10:25 2026 +0000 315 316 upstream: fix base16 parsing; currently unused. From Renaud Allard 317 318 OpenBSD-Commit-ID: 3f6e5d4c6a2550d5a7e3c33bcd895b7f8e42196b 319 320commit 21ecb5fd72ee442a8b1eb5011c7f929ba8ce02f9 321Author: djm@openbsd.org <djm@openbsd.org> 322Date: Sat Mar 28 05:07:12 2026 +0000 323 324 upstream: mention that RevokedKeys is read by the server at each 325 326 authentication time and should only ever be replaced atomically. 327 328 OpenBSD-Commit-ID: eeedf5a10331ac4e39fbd2fc41e4a11c38b2ef9b 329 330commit c5182e3f06f9f1fd86d62b9dcd0397408dd698da 331Author: djm@openbsd.org <djm@openbsd.org> 332Date: Sat Mar 28 05:06:16 2026 +0000 333 334 upstream: fix potential hang if /etc/moduli doesn't contain the 335 336 requested DH group values; from 77c9ca, ok dtucker@, markus@ 337 338 OpenBSD-Commit-ID: 1bf402cdb8876237c280ac77fbf7fafd2c16c5ae 339 340commit d3efbba14fda78ed7b15fbc34cf34c1cf27d1716 341Author: Darren Tucker <dtucker@dtucker.net> 342Date: Thu Mar 19 17:57:26 2026 +1100 343 344 Add a VM-based test for OpenBSD-current. 345 346commit 4bb4f1601e0776e71cfca50aae3680eb0771e2d0 347Author: Darren Tucker <dtucker@dtucker.net> 348Date: Mon Mar 23 17:50:40 2026 +1100 349 350 Add a Valgrind test of the PAM config. 351 352commit 12da685dfc98b14dddb5977a1fc52d06474f3308 353Author: Darren Tucker <dtucker@dtucker.net> 354Date: Thu Mar 19 17:52:54 2026 +1100 355 356 Upstream tests don't use the config file. 357 358commit 2ca6eef69d7dbecfd67cede25ea6a9aa1074ba3e 359Author: djm@openbsd.org <djm@openbsd.org> 360Date: Mon Mar 23 01:33:46 2026 +0000 361 362 upstream: clarify that Authorized(Keys|Principals)(File|Command) 363 364 are only consulted for valid users. 365 366 clarify that TOKENS are expanded without sanitisation or escaping 367 and that it's the user's reponsibility to ensure their usage is 368 safe. 369 370 prompted by bz3936; feedback/ok deraadt@ 371 372 OpenBSD-Commit-ID: cd58abad1137346ba2dee55fa9ebb975f5fa7a06 373 374commit 443616ce9070d370c97271347e91fcfd24b5df84 375Author: djm@openbsd.org <djm@openbsd.org> 376Date: Thu Mar 19 02:36:28 2026 +0000 377 378 upstream: repair ssh-keysign after pledge changes; spotted/tested 379 380 by naddy@ ok deraadt@ 381 382 OpenBSD-Commit-ID: fccc6c7994c8f45c4417efe490d23154d9caaa6d 383 384commit 552a5c786b60a9cfe0d2c157dd18f78950529513 385Author: dtucker@openbsd.org <dtucker@openbsd.org> 386Date: Wed Mar 11 09:10:59 2026 +0000 387 388 upstream: Check return values of fcntl(... O_CLOEXEC) 389 390 calls by reusing the macro in monitor.c. Flagged by Coverity CID 391 901297 in ssh-sk-client.c, a few other instances added for good measure. 392 begrudging ok deraadt@ 393 394 OpenBSD-Commit-ID: b9de92e17ac0b04348770e5a25cb15a02b416926 395 396commit 24168275e6d0b29cf2233c3f2c1d4a4614feb582 397Author: dtucker@openbsd.org <dtucker@openbsd.org> 398Date: Wed Mar 11 09:04:17 2026 +0000 399 400 upstream: Fix potential 1-byte array overrun 401 402 in the case where read() returns exactly 100 bytes. Flagged by Coverity 403 CID 901296, ok djm@ 404 405 OpenBSD-Commit-ID: 66a96b08166e63dcbeed00297c33f09c4f22c1f7 406 407commit 70a41262839a2d65ca8ef9e8ea34ad471c52afa1 408Author: djm@openbsd.org <djm@openbsd.org> 409Date: Tue Mar 10 07:27:14 2026 +0000 410 411 upstream: whitespace 412 413 OpenBSD-Commit-ID: b16d2b4a96406538fa181053926cba44abca7f29 414 415commit ef98b6014bc3268e904092894ffcb63022172a97 416Author: deraadt@openbsd.org <deraadt@openbsd.org> 417Date: Tue Mar 10 06:35:29 2026 +0000 418 419 upstream: when unveils error our, use correct variable 420 421 OpenBSD-Commit-ID: 6b496c10965e70413a9916a8823839c553c6b2c4 422 423commit beba5884dfe8cc30aadef439af5e5d784b5788b1 424Author: deraadt@openbsd.org <deraadt@openbsd.org> 425Date: Tue Mar 10 03:45:01 2026 +0000 426 427 upstream: When execve() failure is indicated on the pipe, replicate 428 429 the same error conditions as the previous access() check did ok djm 430 431 OpenBSD-Commit-ID: 875a77dddf0809a3501de2b913cb3bfd4b64f3f7 432 433commit 2a9e1aadaa20a05430bddc30853fbd3449083a4d 434Author: djm@openbsd.org <djm@openbsd.org> 435Date: Tue Mar 10 03:40:26 2026 +0000 436 437 upstream: unveil ssh-pkcs11-helper too; fixes breakage spotted by 438 439 anton@ 440 441 If SK/P11/askpass is overridden by environment, only unveil the requested 442 path and not both the requested one and the default. 443 444 feedback/ok deraadt@ 445 446 OpenBSD-Commit-ID: 84356c6a44f35e66fe73fc1524a7c8e908521eb2 447 448commit 46eb7dc5a6f312f99437ebdcf04f0f2c03aa570b 449Author: deraadt@openbsd.org <deraadt@openbsd.org> 450Date: Sat Mar 7 18:35:43 2026 +0000 451 452 upstream: With it's own daemonization / fd cleaning code, ssh-agent 453 454 opens /dev/null O_RDWR after a pledge without "wpath". This is allowed in 455 current pledge because "/dev/null" is implicitly allowed to be opened even 456 with the most restrictive pledges or unveils. This is a design decision in 457 pledge made at the very beginning, to satisfy libc requirements. We've 458 finally had enough experience and know how to fix that in the near-future, 459 but need to review and fix all code which opens these implicit paths. The fix 460 is to add "wpath", so that "/dev/null" can be opened O_RDWR. But that is 461 uncomfortable, so we add unveil() allowing "/" with "r", 4 unveil "x" for the 462 potential askpass and helpers to be execve'd, and "/dev/null" with "wr". As 463 a result filesystem access is substantially more restricted than before, and 464 ssh-agent is ready for the future pledge change. ok djm dtucker 465 466 OpenBSD-Commit-ID: f223b11d2db3c0b14e53c1de59966dd5f372a977 467 468commit b75bf339eae6115c544bdcefa0d67a6dcc971ec5 469Author: deraadt@openbsd.org <deraadt@openbsd.org> 470Date: Sat Mar 7 18:27:52 2026 +0000 471 472 upstream: Stop doing access() before execve(). It is a TOCTOU, but 473 474 also it forces use of unveil "rx" instead of "x". This is done by using a 475 pipe() through the fork+execve attempt to expose execve failure and create 476 the same error return as the access() used to do. ok djm dtucker 477 478 OpenBSD-Commit-ID: f9ee96e20352f35dc6f39127e0cc6b804700200a 479 480commit 73888af650f0ce27cd93797f3e351b2d1b670550 481Author: Damien Miller <djm@mindrot.org> 482Date: Tue Mar 10 14:43:30 2026 +1100 483 484 stubs for OpenBSD unveil(2) 485 486commit 4e15f7fc0c0ba897c227350eee1462d635ab32a6 487Author: dtucker@openbsd.org <dtucker@openbsd.org> 488Date: Fri Mar 6 07:06:45 2026 +0000 489 490 upstream: Move OpenBSD CVS ID marker to top of file to avoid conflicts 491 492 when syncing changes to portable. 493 494 OpenBSD-Regress-ID: 6b7a9ef354e13e26ed474e98d04ec1d74e56e54e 495 496commit 2df416dff1a1d5fb31598b7ce8fb5cb6b0f64fd3 497Author: dtucker@openbsd.org <dtucker@openbsd.org> 498Date: Fri Mar 6 06:57:33 2026 +0000 499 500 upstream: Replace u_intXX_t types with the equivalent C99 uintXX_t 501 502 types to match similar change to the main ssh code. 503 504 OpenBSD-Regress-ID: a62b6499f784f75a4fcb865aebb83f5936917a91 505 506commit e067ccd6b4306ca6422d94ff7ddd231cbddd43cb 507Author: djm@openbsd.org <djm@openbsd.org> 508Date: Thu Mar 5 05:44:15 2026 +0000 509 510 upstream: ssh-agent supports a "query" extension that allows a 511 512 client to request a list of extensions it support. This makes this capability 513 available to ssh-add via the -Q flag. 514 515 ok markus@ 516 517 OpenBSD-Commit-ID: f211630568ff1a7d6bb4983a94f05ddac1c2d4eb 518 519commit 4fe278629c3f792628ea71132ba4fcbb9ceaa6b7 520Author: djm@openbsd.org <djm@openbsd.org> 521Date: Thu Mar 5 05:40:35 2026 +0000 522 523 upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now 524 525 allocated, it's safe to start using the standard names for requesting agent 526 forwarding over the @openssh.com extension names we've used to date. 527 528 Support for the standard names is advertised via EXT_INFO. When the 529 client sees such support it will use the new names preferentially, 530 but the existing names remain supported unconditionally. 531 532 ok markus@ 533 534 OpenBSD-Commit-ID: 1ab4a0b4de01e81a432875c2b7e5f7357e231af3 535 536commit 511f5bc41aeca7f6ee6611e9b24d48e4dd6ae3d5 537Author: djm@openbsd.org <djm@openbsd.org> 538Date: Thu Mar 5 05:35:44 2026 +0000 539 540 upstream: correctness wrt draft-ietf-sshm-ssh-agent: 541 542 extension requests should indicate failure using 543 SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE 544 error code. This allows the client to discern between "the request 545 failed" and "the agent doesn't support this extension". 546 547 ok markus@ 548 549 OpenBSD-Commit-ID: d15d89f210cc973271d68147f09550163df731c9 550 551commit 2a387ba37452971747d2f00db7d4c18b4f2c45ed 552Author: dtucker@openbsd.org <dtucker@openbsd.org> 553Date: Tue Mar 3 09:57:25 2026 +0000 554 555 upstream: Replace all remaining instances of u_intXX_t types with the 556 557 C99 equivalent uintXX_t types. ok djm@ 558 559 OpenBSD-Commit-ID: d9b81151266adb129574ce268af49f14ac23e65b 560 561commit bb781f02d4efd178e329a62a838962bee16e3e9b 562Author: djm@openbsd.org <djm@openbsd.org> 563Date: Mon Mar 2 02:40:15 2026 +0000 564 565 upstream: Move banner exchange to sshd-auth process 566 567 Previously, exchange of the initial SSH- banners was performed 568 by the privileged sshd-session monitor. This moves it to the 569 unprivileged sshd-auth subprocess, removing ~200 LoC from the 570 monitor's privileged attack surface. 571 572 The monitor gains a new "setcompat" RPC to allow sshd-auth to 573 inform it of bug compat flags picked up from the client's banner. 574 575 feedback dtucker@, ok markus@ deraadt@ 576 577 OpenBSD-Commit-ID: d767eb1183630d754d521d9f0d84a6c72fbe7fc8 578 579commit b50b881b17ab15e34b5e57b159b65f2a02725798 580Author: Darren Tucker <dtucker@dtucker.net> 581Date: Sun Mar 1 09:46:39 2026 +1100 582 583 Try -lstdc++ for libcrypto before giving up. 584 585 BoringSSL recently added destructors to libcrypto, which requires 586 linking against libstdc++, so when checking for a working libcrypto if 587 at first the link fails, try again with -lstdc++ before giving up. 588 589commit c26d90e5ad05372b63dbb8727cb6c23a6505a2fb 590Author: Darren Tucker <dtucker@dtucker.net> 591Date: Sun Mar 1 09:41:39 2026 +1100 592 593 Remove BoringSSL rpath as it's statically linked. 594 595commit c65f4d2586416274e92720c9e1e745422e182488 596Author: dtucker@openbsd.org <dtucker@openbsd.org> 597Date: Tue Feb 24 01:50:51 2026 +0000 598 599 upstream: Use fmprintf instead of logit for challenge-response name and 600 601 info to preserve UTF-8 characters where appropriate. Prompted by github 602 PR#452, with & ok djm@. 603 604 OpenBSD-Commit-ID: e6361242329ec6925571478f60f4739726aad308 605 606commit acf749756872d7555eca48514e5aca6962116fb2 607Author: Darren Tucker <dtucker@dtucker.net> 608Date: Tue Feb 24 11:28:11 2026 -0500 609 610 Add AWS-LC and BoringSSL as potential libcryptos. 611 612commit c25254d1516df5e57affc0e391ed6ead8267b637 613Author: Darren Tucker <dtucker@dtucker.net> 614Date: Tue Feb 24 11:16:11 2026 -0500 615 616 Add self-hosted status to main README now it's public. 617 618commit 5da0ccec2b5806f104913465b62fea475b2e15bb 619Author: Darren Tucker <dtucker@dtucker.net> 620Date: Tue Feb 24 11:10:16 2026 -0500 621 622 Remove anchor to specific release notes version. 623 624commit d7a9cd696a316c71e4c16f4158dc516b94abd863 625Author: Darren Tucker <dtucker@dtucker.net> 626Date: Mon Feb 23 21:34:48 2026 -0500 627 628 Remove potentially leftover include compat shims. 629 630 If we don't need a specific shim, ensure it does not exist. Prevents 631 confusion if configurations change or the directory is reused across 632 different platforms. 633 634commit c940e709ae2155a4614bc3709e393d88fdddabde 635Author: Darren Tucker <dtucker@dtucker.net> 636Date: Mon Feb 23 20:54:55 2026 -0500 637 638 Check regress passwd is set before enabling kbdint. 639 640commit 4ed5f9ecca9ed867c9f1040a3425af35f0703675 641Author: dtucker@openbsd.org <dtucker@openbsd.org> 642Date: Tue Feb 24 00:39:59 2026 +0000 643 644 upstream: Remove leftover debugging. 645 646 OpenBSD-Regress-ID: e778d76b21696a14db80f31b9e79601f2d7a9abf 647 648commit a07a53b00e9aeadb420336783d219be012d88ba1 649Author: Darren Tucker <dtucker@dtucker.net> 650Date: Mon Feb 23 15:22:10 2026 -0500 651 652 Activate kbdint test on PAM configs. 653 654commit 5f98660c51e673f521e0216c7ed20205c4af10ed 655Author: Darren Tucker <dtucker@dtucker.net> 656Date: Wed Feb 18 12:39:31 2026 -0500 657 658 Install libaudit-dev for --with-audit=linux test. 659 660commit c9fcea8865b255d4b7566b28dce4af348d2bfbd6 661Author: Darren Tucker <dtucker@dtucker.net> 662Date: Wed Feb 18 11:22:37 2026 -0500 663 664 Enable BSM audit test on FreeBSD VMs. 665 666commit f1a9628cd7e415ce14e157d80c10b61514a22d13 667Author: Darren Tucker <dtucker@dtucker.net> 668Date: Wed Feb 18 10:59:02 2026 -0500 669 670 Move BSM audit test to selfhosted runner. 671 672 The vmactions VM on Github does not have the required libraries 673 installed. 674 675commit 97e8e66219d036404ae656060f0e0179b61f0614 676Author: Darren Tucker <dtucker@dtucker.net> 677Date: Wed Feb 18 10:51:09 2026 -0500 678 679 Increase riscv64 test coverage. 680 681 The machine running the tests has been replaced with a faster one. 682 683commit e5e18432a27b909aa2194ef0b28a5d49f0e6b3a6 684Author: Darren Tucker <dtucker@dtucker.net> 685Date: Wed Feb 18 10:49:35 2026 -0500 686 687 Whitespace fix. 688 689commit b0463306174941274a1f96eb705618e036832920 690Author: Darren Tucker <dtucker@dtucker.net> 691Date: Wed Feb 18 09:48:55 2026 -0500 692 693 Add test coverage for all of the --audit= configs. 694 695commit 84206bde8adbef2dfe4f5b97dd23399827015333 696Author: djm@openbsd.org <djm@openbsd.org> 697Date: Wed Feb 18 03:04:12 2026 +0000 698 699 upstream: same treatment for remote/remote copies (i.e. scp -3): 700 701 adjust permissions on destination directory only if we created it or -p was 702 requested. bz3925 703 704 OpenBSD-Commit-ID: d977006df7b8330e06ceaa319383b347f1aca3ef 705 706commit c3631567d9f77c2d073764e4b40f249687f4083e 707Author: djm@openbsd.org <djm@openbsd.org> 708Date: Wed Feb 18 02:59:27 2026 +0000 709 710 upstream: when uploading a directory using sftp/sftp (e.g. during a 711 712 recursive transfer), don't clobber the remote directory permissions unless 713 either we created the directory during the transfer or the -p flag was set. 714 bz3925 ok dtucker@ 715 716 OpenBSD-Commit-ID: d66f40d01de05c9ec4029fab5413325301039b3a 717 718commit 2b0f4a72bd87bef7cc9f0a1889cfc98545cbb158 719Author: djm@openbsd.org <djm@openbsd.org> 720Date: Tue Feb 17 21:45:07 2026 +0000 721 722 upstream: make IPQoS first-match-wins in sshd_config as it's 723 724 intended to be bz3924 725 726 OpenBSD-Commit-ID: 42753eb8400ab09713c69ace6fa8bfdde133f942 727 728commit 0e35095babe04ba1159e8029133e7f71e53d8fdb 729Author: jsg@openbsd.org <jsg@openbsd.org> 730Date: Mon Feb 16 23:47:06 2026 +0000 731 732 upstream: remove duplicate includes; ok dtucker@ 733 734 OpenBSD-Commit-ID: 6b9191bc1a0f4320c926d5ccd9f36b09f0f3bcaf 735 736commit 9eb778cfde5bca1d84bbad74d8664256301bb13b 737Author: Darren Tucker <dtucker@dtucker.net> 738Date: Mon Feb 16 18:58:04 2026 -0500 739 740 Restore utf8.h removed earlier as it's needed. 741 742 ... for msetlocale prototype. 743 744commit 723b76c8a358875cd53376c9a169887ba7a4b088 745Author: Darren Tucker <dtucker@dtucker.net> 746Date: Mon Feb 16 18:32:41 2026 -0500 747 748 Removed duplicate includes; spotted by jsg@. 749 750commit df2b28163ac75e023837de445d6492dc57359105 751Author: Darren Tucker <dtucker@dtucker.net> 752Date: Sun Feb 15 14:16:56 2026 -0500 753 754 Remove "draining" of PAM prompts. 755 756 With the previous commit, both prompts and info/error error messages are 757 returned to keyboard-interactive immedately and none are accumulated, so 758 there will never be any un-drained prompts. ok djm@ 759 760commit b9a6dd4d66ee14577494d550b396d0452bf05e1e 761Author: Marco Trevisan (Treviño) <mail@3v1n0.net> 762Date: Tue Oct 17 04:27:32 2023 +0200 763 764 auth-pam: Immediately report interactive instructions to clients 765 766 SSH keyboard-interactive authentication method supports instructions but 767 sshd didn't show them until an user prompt was requested. 768 769 This is quite inconvenient for various PAM modules that need to notify 770 an user without requiring for their explicit input. 771 772 So, properly implement RFC4256 making instructions to be shown to users 773 when they are requested from PAM. 774 775 Closes: https://bugzilla.mindrot.org/show_bug.cgi?id=2876 776 777commit a1158bba43e00240c00c530596de2d4e1d405b50 778Author: Matthew Heller <hellermf@accre.vanderbilt.edu> 779Date: Mon Oct 14 09:25:41 2024 -0500 780 781 fix duplicate PAM msgs, missing loginmsg reset 782 783 without this change in mm_answer_pam_account all messages added in 784 auth-pam.c sshpam_query(...) case PAM_SUCCESS end up sent here, then are 785 still sitting in the loginmsg buffer and printed a second time in 786 session.c do_login(...) 787 788commit 7a59f55e621c841aab187c96e0f3271c5c799709 789Author: dtucker@openbsd.org <dtucker@openbsd.org> 790Date: Mon Feb 16 00:45:41 2026 +0000 791 792 upstream: Reorder headers to match KNF and Portable. 793 794 ID sync only. 795 796 OpenBSD-Commit-ID: b7f9700d07b532eb3720f7bd722b952e31b1752f 797 798commit c5cee49a0c5721532716365f32977fc02eeea1d5 799Author: dtucker@openbsd.org <dtucker@openbsd.org> 800Date: Sun Feb 15 22:29:30 2026 +0000 801 802 upstream: Add basic test for keyboard-interactive auth. 803 804 Not enabled by default since it requires some setup on the host. 805 806 OpenBSD-Regress-ID: aa8a9608a2ea2e5aaa094c5a5cc453e4797cd902 807 808commit 07c6413e7bf08b7bfc6fd543eded9da68898e230 809Author: jsg@openbsd.org <jsg@openbsd.org> 810Date: Sat Feb 14 00:18:34 2026 +0000 811 812 upstream: remove unneeded includes; ok dtucker@ 813 814 OpenBSD-Commit-ID: bba6e85492276c30c7a9d27dfd3c4c55fa033335 815 816commit d8b806a2e6cd50c729e5d2bad569955a1df33f63 817Author: Darren Tucker <dtucker@dtucker.net> 818Date: Sun Feb 15 13:31:52 2026 -0500 819 820 Remove obsolete comment referencing auth-chall.c. 821 822 It was removed in commit 6cb6dcff along with the rest of the SSH1 server 823 support. 824 825commit 3e8a45e0eeb5c84f12ac04ea7cc2f831c91c263b 826Author: Marco Trevisan (Treviño) <mail@3v1n0.net> 827Date: Mon Oct 16 21:15:45 2023 +0200 828 829 auth-pam: Add an enum to define the PAM done status 830 831 Makes things more readable and easier to extend 832 833commit 9b0e50b4132679f0c09c0f1272bf1c45959103ea 834Author: Marco Trevisan (Treviño) <mail@3v1n0.net> 835Date: Tue Oct 17 04:35:17 2023 +0200 836 837 auth-pam: Add debugging information when we receive PAM messages 838 839commit c2447697aaecae11d164f1ba30e06d14b5cabcdd 840Author: Darren Tucker <dtucker@dtucker.net> 841Date: Fri Feb 13 15:34:44 2026 -0500 842 843 Remove DragonFlyBSD workaround for sys/mount.h. 844 845 ... since we're not not including it at all any more. 846 847commit 8b3a0552054106feb036c632fc844f878568799f 848Author: dtucker@openbsd.org <dtucker@openbsd.org> 849Date: Fri Feb 13 19:06:18 2026 +0000 850 851 upstream: Replace <sys/mount.h> with <limits.h> 852 853 The former is a portability hassle, but it turns out the only thing we 854 need from it is PATH_MAX which we can get directly from limits.h. 855 856 OpenBSD-Commit-ID: ccfbbd678bef3a3930ae89da456645c3ee5f83c0 857 858commit db475199639667197b12b3aa5205de71ef102e23 859Author: jsg@openbsd.org <jsg@openbsd.org> 860Date: Fri Feb 13 01:04:47 2026 +0000 861 862 upstream: remove unneeded forward struct declaration ok djm@ 863 864 OpenBSD-Commit-ID: a0c97e919667394bef8dbf31df72af3ba07542e9 865 866commit ae51e05dbd840ad674fee754f33c0e2fd141074e 867Author: djm@openbsd.org <djm@openbsd.org> 868Date: Wed Feb 11 22:58:23 2026 +0000 869 870 upstream: very basic testing of multiple files in RevokedKeys and 871 872 RevokedHostkeys 873 874 OpenBSD-Regress-ID: 6cee76bcc4bd6840bc8d39dd0d32d724e1427aa7 875 876commit 2f51e29b9a0ffd7acb9dc70d90defa466b5695d4 877Author: djm@openbsd.org <djm@openbsd.org> 878Date: Wed Feb 11 22:57:55 2026 +0000 879 880 upstream: support multiple files in a ssh_config RevokedHostKeys 881 882 directive bz3918; ok dtucker 883 884 OpenBSD-Commit-ID: 0ad2eacf836f912f347846ab84760799033dd348 885 886commit 135a62238a479c7369f2b2d5dafb921ddc1c2b74 887Author: djm@openbsd.org <djm@openbsd.org> 888Date: Wed Feb 11 22:57:16 2026 +0000 889 890 upstream: support multiple files in a sshd_config RevokedKeys 891 892 directive bz3918; ok dtucker 893 894 OpenBSD-Commit-ID: 9fc58c4e676f8e9ed2e3a0da666242a17b8a55b2 895 896commit 3160f2a97e875bfa9454f98899cbccad48c96ff4 897Author: dtucker@openbsd.org <dtucker@openbsd.org> 898Date: Wed Feb 11 17:05:32 2026 +0000 899 900 upstream: Add includes used in Portable to reduce diffs. 901 902 OpenBSD-Commit-ID: 186c60cf2da0ddb075d5bc4879e87bbd8779b7e4 903 904commit 6a756f3f7b9f87f24e948ec1de0266f5c1587811 905Author: dtucker@openbsd.org <dtucker@openbsd.org> 906Date: Wed Feb 11 17:03:17 2026 +0000 907 908 upstream: Remove unused sys/queue.h include. 909 910 OpenBSD-Commit-ID: 564f75672e27f1006f280614934eb304abe69167 911 912commit c169300df12b9aa7005ff6e61880a7e007e83bc5 913Author: dtucker@openbsd.org <dtucker@openbsd.org> 914Date: Wed Feb 11 17:01:34 2026 +0000 915 916 upstream: Reorder includes and defines to match both KNF and 917 918 Portable. 919 920 OpenBSD-Commit-ID: f3f179c095f8e4787ded5f450e2842881f6b8ab2 921 922commit 1a4eb511abaf3522b84fa5697524b81b4865279b 923Author: Darren Tucker <dtucker@dtucker.net> 924Date: Wed Feb 11 17:36:42 2026 -0500 925 926 Factor out RNG reseeding in to a single function. 927 928 sshd and sshd-session both reseed the RNG after a fork. Move the 929 existing reseed_prngs() function into entropy.c and use for both. 930 Clean up entropy.h too. ok djm@ 931 932commit 81746188e9333b166b4c31f9654d8eb249ddd897 933Author: Darren Tucker <dtucker@dtucker.net> 934Date: Wed Feb 11 16:47:27 2026 -0500 935 936 Remove do_pam_chauthtok since it's no longer used. 937 938commit f1b9e0f7f1f1ed5be2bd1c39bda03fc99a1cf5d8 939Author: dtucker@openbsd.org <dtucker@openbsd.org> 940Date: Wed Feb 11 16:57:38 2026 +0000 941 942 upstream: Pass actual size of the buffer to hostname() instead of a 943 944 define that's probably the same. ok millert@ djm@ 945 946 OpenBSD-Commit-ID: 7c97b22439100b4193404ccfa1e5f539c5a8d039 947 948commit 4ef24496b7c4c918d4d3a049f83739fbe2e36e9f 949Author: dtucker@openbsd.org <dtucker@openbsd.org> 950Date: Mon Feb 9 22:15:45 2026 +0000 951 952 upstream: De-underscore __inline__ to match -portable 953 954 (and every other use of it in ssh). ID sync only. 955 956 OpenBSD-Commit-ID: 83c913d5e2345635bc5434167ed67cec5409d494 957 958commit c8972792e5ce599e584bbe1aa084cc4056f1afe5 959Author: dtucker@openbsd.org <dtucker@openbsd.org> 960Date: Mon Feb 9 22:12:48 2026 +0000 961 962 upstream: Remove references to skey auth which is long gone. 963 964 ID sync only. 965 966 OpenBSD-Commit-ID: 0c2340566c399f7f74fe4c5366394974cd6fd122 967 968commit db779679839d2798de7cda196a3fe750a12845e8 969Author: dtucker@openbsd.org <dtucker@openbsd.org> 970Date: Mon Feb 9 22:11:39 2026 +0000 971 972 upstream: Remove unused OpenSSL includes, 973 974 that are no longer used, even when building with OPENSSL=yes. 975 976 OpenBSD-Commit-ID: e97e3e551ade9aee994b80a1d5851be6f32288e3 977 978commit 8ec21f6274108e93601173ec4e6f7528b90b0003 979Author: dtucker@openbsd.org <dtucker@openbsd.org> 980Date: Mon Feb 9 22:09:48 2026 +0000 981 982 upstream: Use https for URLs. 983 984 ID sync only. 985 986 OpenBSD-Commit-ID: 85b2919e95e6d2bfdeddf5e3b0709fb5b6b4c438 987 988commit c3eaa953ae78e581d7ba2327beea35206a14bc1e 989Author: dtucker@openbsd.org <dtucker@openbsd.org> 990Date: Mon Feb 9 21:38:14 2026 +0000 991 992 upstream: Remove unused OpenSSL includes, 993 994 which are no longer used even when building with OPENSSL=yes. 995 996 OpenBSD-Commit-ID: 31adb21bf3f8f5c13cde59229f1b85c20f19a858 997 998commit 280cf58afe71bf34141e732d30676367f0150bbe 999Author: dtucker@openbsd.org <dtucker@openbsd.org> 1000Date: Mon Feb 9 21:23:35 2026 +0000 1001 1002 upstream: Remove now-unused SKEYQUERY enums from monitor_reqtype. 1003 1004 ID sync only. 1005 1006 OpenBSD-Commit-ID: dab93b58e69c754887507e5557a81a0b5b84d734 1007 1008commit bb2703365ede3b4e13fdfa1c250ac88408e75f38 1009Author: dtucker@openbsd.org <dtucker@openbsd.org> 1010Date: Mon Feb 9 21:21:39 2026 +0000 1011 1012 upstream: Remove now-unused openssl includes since sshd.c no longer 1013 1014 needs them, even when built with OpenSSL. 1015 1016 OpenBSD-Commit-ID: ceaa0394db1520e92d75c37eea58130d44ba93c9 1017 1018commit 8a5d591c9f42933c49ece95e49c116d684d6cca0 1019Author: Darren Tucker <dtucker@dtucker.net> 1020Date: Wed Feb 11 11:38:58 2026 -0500 1021 1022 Don't create sys/mount.h shim except on DragonFly. 1023 1024 Fixes build on Mac OS X. 1025 1026commit 957cb0fbe87b6ab76045e8dc99426db6afb54057 1027Author: Darren Tucker <dtucker@dtucker.net> 1028Date: Tue Feb 10 08:55:53 2026 +1100 1029 1030 Minor resync with upstream 1031 1032 Reorder definitions add whitespace to eliminate diffs vs upstream. 1033 1034commit 4922635d3e66f9107c5b68a0a3fa57ddf0d820ae 1035Author: Darren Tucker <dtucker@dtucker.net> 1036Date: Tue Feb 10 07:22:30 2026 +1100 1037 1038 Factor out COMPATINCLUDES into its own variable. 1039 1040commit 3e9c4ed3b0e5d3890fcd2cbc9c3b595f17ea1946 1041Author: Darren Tucker <dtucker@dtucker.net> 1042Date: Tue Feb 10 05:34:46 2026 +1100 1043 1044 Provide compat shims for sys/{mount.h,statvfs.h). 1045 1046 In addition to shimming on platforms that don't have them, we also need to 1047 shim sys/mount.h on DragonFlyBSD since it uses its native STAILQ_ENTRYs 1048 which our compat queues.h does not have, which causes sftp-server.o to 1049 not build. This is a little icky, but it limits the blast radius to 1050 just one source file on only DragonFly. ok djm@ 1051 1052commit eeb671fa2f0fd7dda4c6b726098fe28016dc185b 1053Author: Darren Tucker <dtucker@dtucker.net> 1054Date: Tue Feb 10 03:39:45 2026 +1100 1055 1056 Shim <sys/queue.h> and <sys/tree.h>. 1057 1058 This significantly reduces the diff vs upstream making future syncs 1059 less painful. ok djm@ 1060 1061commit 47828dbd95c095d0cad327e12bb6859a510833c8 1062Author: dtucker@openbsd.org <dtucker@openbsd.org> 1063Date: Sun Feb 8 19:54:31 2026 +0000 1064 1065 upstream: Reorder headers according to KNF, 1066 1067 and pull in a few we don't have from Portable. 1068 1069 OpenBSD-Commit-ID: d83f6c75da7bfb16bbff40fd2133d6eba4aba272 1070 1071commit c73b8b09bf43be3dfe14bc0da349b352b280a74a 1072Author: dtucker@openbsd.org <dtucker@openbsd.org> 1073Date: Sun Feb 8 17:51:43 2026 +0000 1074 1075 upstream: Include sys/socket.h to match -portable, 1076 1077 eliminating one diff. 1078 1079 OpenBSD-Commit-ID: 7670fdf35b0c7aee41cd0d6ded86b4792e261f36 1080 1081commit 9385d72dd36ba6050b5f7728c14e3edc8329fe95 1082Author: dtucker@openbsd.org <dtucker@openbsd.org> 1083Date: Sun Feb 8 17:50:49 2026 +0000 1084 1085 upstream: Reorder headers as per KNF. 1086 1087 OpenBSD-Commit-ID: 3e29fabe20422454fd5d77f85c853e1e557f2181 1088 1089commit 62439369181b9b1dabf1ec3c2de6a7fbfcfb45eb 1090Author: Darren Tucker <dtucker@dtucker.net> 1091Date: Mon Feb 9 06:56:35 2026 +1100 1092 1093 Remove openindiana VM test. 1094 1095 When it works it's by far the slowest (>1h to install packages) and the 1096 package installation is flaky. We can bring it back if their infra ever 1097 improves. 1098 1099commit 43d0bf02d84a20a3f7c9992dabf8c109d9c25bed 1100Author: Darren Tucker <dtucker@dtucker.net> 1101Date: Mon Feb 9 06:42:27 2026 +1100 1102 1103 Sync header order with upstream and KNF. 1104 1105commit a3742cc38a6aa48a653a1a6300bc825f083955af 1106Author: Darren Tucker <dtucker@dtucker.net> 1107Date: Mon Feb 9 06:41:07 2026 +1100 1108 1109 Sync whitespace with upstream. 1110 1111commit b62198a19a53227ca166c62825ac72a7696c42ed 1112Author: Darren Tucker <dtucker@dtucker.net> 1113Date: Mon Feb 9 05:02:36 2026 +1100 1114 1115 Sync header order with upstream. 1116 1117commit 98fdb05f0c0d7a89a066225a94eafd7fce10163d 1118Author: Darren Tucker <dtucker@dtucker.net> 1119Date: Mon Feb 9 04:09:26 2026 +1100 1120 1121 Remove generic check for getpagesize. 1122 1123 We have a more specific check later. 1124 1125commit 249476f45dba9a92056bd2935aae7429f0f3b17c 1126Author: Darren Tucker <dtucker@dtucker.net> 1127Date: Mon Feb 9 03:47:25 2026 +1100 1128 1129 Test KERBEROS5=yes builds on OpenBSD. 1130 1131commit 6adb65508efc2def558f50a56c5eada09ca500c9 1132Author: dtucker@openbsd.org <dtucker@openbsd.org> 1133Date: Sun Feb 8 15:28:01 2026 +0000 1134 1135 upstream: Make ssh optionally build with Kerberos 5 against the 1136 1137 Heimdal port. This updates the Makefiles and repairs some bitrot in headers, 1138 resyncing them against Portable. To do this, "pkg_add heimdal" then "make 1139 KERBEROS5=yes". ok djm@ 1140 1141 (ID sync only) 1142 1143 OpenBSD-Commit-ID: 31f95c9ba58aa7ba89264f1d80c79106042b1095 1144 1145commit d6c672a8c16c8962e6b3022e279441fa6630cb86 1146Author: dtucker@openbsd.org <dtucker@openbsd.org> 1147Date: Sun Feb 8 03:30:15 2026 +0000 1148 1149 upstream: Remove sys/poll.h since we also have poll.h. 1150 1151 Also removes one line of diff vs portable. 1152 (ID sync only). 1153 1154 OpenBSD-Commit-ID: 461bd0cd35bfad82bd06892ccb0ff0fac15d1d27 1155 1156commit 8605ed26334b9ae704b8abe51940b61bdfe1e974 1157Author: dtucker@openbsd.org <dtucker@openbsd.org> 1158Date: Sun Feb 8 00:16:34 2026 +0000 1159 1160 upstream: Move setting of user, service and style earlier since 1161 1162 -portable needs to use these when setting up PAM. Removes two diffs vs 1163 portable. 1164 1165 OpenBSD-Commit-ID: 8db130d42a3581b7a1eaed65917673d4474fc4fe 1166 1167commit ecaaa4f9e44764e55c152a84af3d7efb63c50ce7 1168Author: Darren Tucker <dtucker@dtucker.net> 1169Date: Sun Feb 8 11:30:21 2026 +1100 1170 1171 Move USE_SYSTEM_GLOB into a glob.h compat shim. 1172 1173 This moves the logic for selecting whether or not we can use the system 1174 glob into configure, and if either don't have glob or can't use it, we 1175 create the shim. Removes several diffs vs upstream. 1176 1177commit 2a1a257612b7c6bcacd934149146a3da7411c485 1178Author: dtucker@openbsd.org <dtucker@openbsd.org> 1179Date: Sat Feb 7 18:04:53 2026 +0000 1180 1181 upstream: misc.h is needed for ForwardOptions in servconf.h. 1182 1183 OpenBSD-Commit-ID: b241d81c499e273fc2d81c82d5b7c7b280827416 1184 1185commit ad632364fb06f3bd1e9177e587d0040cf7958676 1186Author: Jonas 'Sortie' Termansen <sortie@maxsi.org> 1187Date: Sat Nov 2 22:30:07 2024 +0100 1188 1189 Remove unused <netinet/in_systm.h> includes. 1190 1191 netinet/in_systm.h is no longer in upstream and anything that actually 1192 needs it will get it from includes.h. 1193 1194commit 9ebce88be9d88605e02551fe7f65ef6a16f72667 1195Author: dtucker@openbsd.org <dtucker@openbsd.org> 1196Date: Sat Feb 7 17:10:34 2026 +0000 1197 1198 upstream: Also check for EWOULDBLOCK on system error. This is the 1199 1200 same as EAGAIN on OpenBSD so is a no-op but removes a diff making portable 1201 syncs easier. (ID sync only). 1202 1203 OpenBSD-Commit-ID: 68a5dcc5e2a506208c40396c6366f67bbf3b1dbe 1204 1205commit ccc1faf67df795d5cd757df754703823d0874028 1206Author: dtucker@openbsd.org <dtucker@openbsd.org> 1207Date: Sat Feb 7 17:04:22 2026 +0000 1208 1209 upstream: Move ssherr.h to where portable needs it. 1210 1211 (ID sync only) 1212 1213 OpenBSD-Commit-ID: 0488ce85f24864186678dcac7c9973ca44bd2cd5 1214 1215commit 6decbb90413c67c10ac2fd5b17a9c161196641ea 1216Author: Darren Tucker <dtucker@dtucker.net> 1217Date: Sun Feb 8 04:30:40 2026 +1100 1218 1219 Move paths.h and poll.h includes to resync with upstream. 1220 1221commit 4fe79e3deb5457af588ab67ee5db642afedd935f 1222Author: Darren Tucker <dtucker@dtucker.net> 1223Date: Sun Feb 8 04:28:28 2026 +1100 1224 1225 Move poll.h include to resync with upstream. 1226 1227commit 9e585f11bb71115fb0376b2b6118892ab600aa4f 1228Author: Darren Tucker <dtucker@dtucker.net> 1229Date: Sun Feb 8 04:25:42 2026 +1100 1230 1231 Resync minor format diffs with upstream. 1232 1233commit 3fd88caa36a94d85ae66bff297142606d08decde 1234Author: Darren Tucker <dtucker@dtucker.net> 1235Date: Sun Feb 8 03:56:15 2026 +1100 1236 1237 Resync headers with upstream. 1238 1239commit 77e41d0c1c8801c553b43eef5974268425395667 1240Author: Darren Tucker <dtucker@dtucker.net> 1241Date: Sun Feb 8 03:52:31 2026 +1100 1242 1243 Resync with upstream (unused header and whitespace). 1244 1245commit a393759f9693a08a7fba18d4824b74f2dda1fe3d 1246Author: Artem Savkov <artem.savkov@gmail.com> 1247Date: Tue Nov 18 16:26:11 2025 +0100 1248 1249 Fix ut_type for btmp records 1250 1251 According to man utmp ut_type is supposed to be only switched from 1252 LOGIN_PROCESS to USER_PROCESS after succesfull authentication and this 1253 is how sshd behaved before 671c44078. 1254 1255 Fixes: 671c44078 ("use construct_utmp to construct btmp records") 1256 Signed-off-by: Artem Savkov <artem.savkov@gmail.com> 1257 1258commit 15fe1ceb29760d72398c6ac7df5a403416cba207 1259Author: djm@openbsd.org <djm@openbsd.org> 1260Date: Sat Feb 7 02:02:00 2026 +0000 1261 1262 upstream: bit of webauthn support missed in previous commit 1263 1264 OpenBSD-Commit-ID: 9768454543ded01b7c61567fc5b3e78664346be2 1265 1266commit 670f7d210ceae59db73b16b67e52d8fd8def3012 1267Author: dtucker@openbsd.org <dtucker@openbsd.org> 1268Date: Fri Feb 6 23:39:14 2026 +0000 1269 1270 upstream: Adjust Makefiles to include just-added 1271 1272 ssherr_libcrypto where necessary. 1273 1274 OpenBSD-Regress-ID: 53d179a2db3ab931f2aa0e5447cf20cb9787a8bb 1275 1276commit 9c4949c11d8da1a5422e2174afb1a4f5b3dc8914 1277Author: dtucker@openbsd.org <dtucker@openbsd.org> 1278Date: Fri Feb 6 23:31:29 2026 +0000 1279 1280 upstream: Fetch the error reason from libcrypto 1281 1282 if available, append it to the corresponding ssh error message and 1283 optionall print the libcrypto full error stack (at debug1). with & 1284 ok tb@ djm@ millert@ schwarze@ 1285 1286 Note that the quality of errors obtainable from libcrypto is somewhat 1287 variable, so these may be any of: useful, misleading, incomplete 1288 or missing entirely. As a result we reserve the right to change 1289 what is returned or even stop returning it if it does more harm than 1290 good. 1291 1292 OpenBSD-Commit-ID: 1ad599ac3eeddbe254fec6b9c1cf658fa70d572e 1293 1294commit 5b12d836e7c42c146ac1a69a9600db05282dbbb8 1295Author: THE-Spellchecker <The.Spellchecker@outlook.com> 1296Date: Sat Jan 3 22:11:39 2026 -0600 1297 1298 Typographical Fixes 1299 1300commit 11600929832e04aa6ad20a57af7187c3feb973d4 1301Author: dtucker@openbsd.org <dtucker@openbsd.org> 1302Date: Fri Feb 6 22:59:18 2026 +0000 1303 1304 upstream: Typo fixes, mostly in comments. 1305 1306 From THE-Spellchecker via github PR#620. 1307 1308 OpenBSD-Commit-ID: 64929fafa3caae5a162f23257917ecf33f8a3764 1309 1310commit b83c0bb5109eb245dd4f06e4af4a960f96a0c193 1311Author: Darren Tucker <dtucker@dtucker.net> 1312Date: Sat Feb 7 06:58:59 2026 +1100 1313 1314 Enable gss-auth tests on Kerberos test configs. 1315 1316commit d84dbccee4371ce395d28543f146e7b62d8c0d36 1317Author: Pavol Žáčik <zacik.pa@gmail.com> 1318Date: Thu Jan 29 11:01:19 2026 +0100 1319 1320 Add a GSSAPI authentication test 1321 1322commit 86e0f4aa2c72d5e96618f0c7214109f5a46ca70d 1323Author: Darren Tucker <dtucker@dtucker.net> 1324Date: Thu Jan 1 21:41:10 2026 +1100 1325 1326 Split sudo out to its own install line. 1327 1328commit dfbb8526b5006cfe368193fb15e16f58cce6e1d1 1329Author: Darren Tucker <dtucker@dtucker.net> 1330Date: Wed Dec 31 16:35:29 2025 +1100 1331 1332 Remove obsolete comments. 1333 1334commit f0b7ecf7f5976c11f8c89ee9b0ca19383b573764 1335Author: Darren Tucker <dtucker@dtucker.net> 1336Date: Wed Dec 31 16:26:23 2025 +1100 1337 1338 Run tests on older OmniOS version too. 1339 1340commit 01bddc0663e5239df9342fcf7b373e5f58ff1b49 1341Author: Darren Tucker <dtucker@dtucker.net> 1342Date: Wed Dec 31 16:25:16 2025 +1100 1343 1344 Add OpenIndiana VM test target. 1345 1346commit 91c4d422cc0af2ae592f5e6c0cc505a5d8d7a6d2 1347Author: djm@openbsd.org <djm@openbsd.org> 1348Date: Fri Feb 6 01:24:36 2026 +0000 1349 1350 upstream: remove vestige of when we supported running without privsep 1351 1352 OpenBSD-Commit-ID: 5342c24d2330ef5ce357c294056f72b8123122c0 1353 1354commit 6463960c58cd0adcb26bfbddceb9d4efcfbd9dd0 1355Author: djm@openbsd.org <djm@openbsd.org> 1356Date: Thu Feb 5 22:05:49 2026 +0000 1357 1358 upstream: Implement missing pieces of FIDO/webauthn signature support, 1359 1360 mostly related to certificate handling and enable acceptance of this 1361 signature format by default. bz3748 GHPR624 GHPR625 1362 1363 Feedback tb / James Zhang; ok tb 1364 1365 OpenBSD-Commit-ID: ce3327b508086b24a3f7a6507aa5c49d8e9505e6 1366 1367commit 832a77000abe61f61bddb9e595f45c7131c0269d 1368Author: djm@openbsd.org <djm@openbsd.org> 1369Date: Tue Jan 27 06:48:29 2026 +0000 1370 1371 upstream: Implement "query" extension from 1372 1373 draft-ietf-sshm-ssh-agent 1374 1375 feedback jsg@, tb@; ok tb@ 1376 1377 OpenBSD-Commit-ID: adb2b79473ff86ba781ed5ab2735c1437b590f07 1378 1379commit 409dc952ab88b5232e809e34fd55662c6f75ad81 1380Author: millert@openbsd.org <millert@openbsd.org> 1381Date: Thu Jan 22 15:30:07 2026 +0000 1382 1383 upstream: Make it clear that DenyUsers/DenyGroups overrides 1384 1385 AllowUsers/AllowGroups. Previously we specified the order in which the 1386 directives are processed but it was ambiguous as to what happened if both 1387 matched. OK djm@ 1388 1389 OpenBSD-Commit-ID: 6ae0ab52ff796b78486b92a45cd7ec9310e20f4e 1390 1391commit d7950aca8eacae8b889d92c669e913111af75984 1392Author: djm@openbsd.org <djm@openbsd.org> 1393Date: Wed Jan 21 23:58:20 2026 +0000 1394 1395 upstream: In ssh(1), don't try to match certificates held in an 1396 1397 agent to private keys. 1398 1399 This matching is done to support certificates that were 1400 loaded without their private key material, but is unnecessary for 1401 agent-hosted certificate which always have private key material 1402 loaded in the agent. Worse, this matching would mess up the 1403 request sent to the agent in such a way as to break usage of these 1404 keys when the key usage was restricted in the agent. 1405 1406 Patch from Thibault Cools via bz3752, ok dtucker@ 1407 1408 OpenBSD-Commit-ID: ebfe37817dad4841c53339930565242ec683d726 1409 1410commit b0d0b71651b5a19d0dbd27b623ebb4fc43145560 1411Author: sthen@openbsd.org <sthen@openbsd.org> 1412Date: Wed Jan 21 15:44:51 2026 +0000 1413 1414 upstream: If editline has been switched to vi mode (i.e. via "bind 1415 1416 -v" in .editrc), setup a keybinding so that command mode can be entered. Diff 1417 originally from Walter Alejandro Iglesias with tweaks. Feedback from Crystal 1418 Kolipe. ok djm 1419 1420 OpenBSD-Commit-ID: 5786e17ccd83573e2d86418023f9bc768223336a 1421 1422commit 1cc936b2fabffeac7fff14ca1070d7d7a317ab7b 1423Author: dtucker@openbsd.org <dtucker@openbsd.org> 1424Date: Tue Jan 20 22:56:11 2026 +0000 1425 1426 upstream: Fill entropy in a single operation instead of hundreds. 1427 1428 The sntrup761 code we use from SUPERCOP fills entropy arrays 4 bytes at 1429 a time. On some platforms each of these operations has a significant 1430 overhead, so instead fill it in a single operation and as a precaution 1431 zero that array after it's used. 1432 1433 Analysis and code change is from Mike Frysinger via Github PR#621 with 1434 feedback from djm@ and sed-ification from me. ok djm@ beck@. 1435 1436 This change was submitted by Mike to SUPERCOP upstream so hopefully 1437 future versions will already have it. 1438 1439 OpenBSD-Commit-ID: 0e85c82f79b1b396facac59e05b288c08048f15c 1440 1441commit a6f8f793d427a831be1b350741faa4f34066d55f 1442Author: djm@openbsd.org <djm@openbsd.org> 1443Date: Sun Jan 4 09:52:58 2026 +0000 1444 1445 upstream: rewrite SOCKS4/4A/5 parsing code to use sshbuf functions 1446 1447 instead of manual pointer fiddling. Should make the code safer and easier to 1448 read. feedback/ok markus@ 1449 1450 OpenBSD-Commit-ID: 5ebd841fbd78d8395774f002a19c1ddcf91ad047 1451 1452commit ea367b4bbc3fd49f84683763723425adfdce35c0 1453Author: djm@openbsd.org <djm@openbsd.org> 1454Date: Tue Dec 30 04:28:42 2025 +0000 1455 1456 upstream: test the right thing, doofus 1457 1458 OpenBSD-Commit-ID: 31b2ec6e0b3dbd08c60ba2d969dd687cd80c25fd 1459 1460commit 5f2bc9cb8625d1fd582e0e4b562200f9856f1f7d 1461Author: djm@openbsd.org <djm@openbsd.org> 1462Date: Tue Dec 30 04:23:53 2025 +0000 1463 1464 upstream: avoid possible NULL deref if 1465 1466 ssh_packet_check_rekey_blocklimit() called before the encrypted transport is 1467 brought up. 1468 1469 OpenBSD-Commit-ID: fb998ccbe59865e33a8ab6a6577f254d39bdc72f 1470 1471commit b9c318777eb40db66fb92df87666c3642467d0e7 1472Author: djm@openbsd.org <djm@openbsd.org> 1473Date: Tue Dec 30 00:12:58 2025 +0000 1474 1475 upstream: unit tests for sshbuf_consume_upto_child() 1476 1477 OpenBSD-Regress-ID: 13cbd0370ebca7c61c35346b3e0356517719a447 1478 1479commit dd49a87bf4e4a219978bf20f03e2a72041f57b2f 1480Author: djm@openbsd.org <djm@openbsd.org> 1481Date: Tue Dec 30 00:35:37 2025 +0000 1482 1483 upstream: Remove bug compatibility for implementations that don't 1484 1485 support rekeying. AFAIK this is only an ancient Sun SSH version. 1486 1487 If such an implementation tries to interoperate with OpenSSH, it 1488 will eventually fail when the transport needs rekeying. 1489 1490 This is probably long enough to use it to download a modern SSH 1491 implementation that lacks this problem :) 1492 1493 ok markus@ deraadt@ 1494 1495 OpenBSD-Commit-ID: 228a502fee808cf8b7caee23169eb6a1ab1c331a 1496 1497commit ca313fef2deed90668fe0706da8529310092d1dd 1498Author: djm@openbsd.org <djm@openbsd.org> 1499Date: Tue Dec 30 00:22:58 2025 +0000 1500 1501 upstream: Enforce maximum packet/block limit during 1502 1503 pre-authentication phase 1504 1505 OpenSSH doesn't support rekeying before authentication completes to 1506 minimise pre-auth attack surface. 1507 1508 Given LoginGraceTime, MaxAuthTries and strict KEX, it would be 1509 difficult to send enough data or packets before authentication 1510 completes to reach a point where rekeying is required, but we'd 1511 prefer it to be completely impossible. 1512 1513 So this applies the default volume/packet rekeying limits to the 1514 pre-auth phase. If these limits are exceeded the connection will 1515 simply be closed. 1516 1517 ok dtucker markus 1518 1519 OpenBSD-Commit-ID: 70415098db739058006e4ebd1630b6bae8cc8bf6 1520 1521commit 55b6b1697433eca98052f5c45281133ca793a9c8 1522Author: djm@openbsd.org <djm@openbsd.org> 1523Date: Mon Dec 29 23:52:09 2025 +0000 1524 1525 upstream: Add sshbuf_consume_upto_child(), to similify particular 1526 1527 parsing patterns using parent/child buffer; ok markus@ 1528 1529 OpenBSD-Commit-ID: c11ed27907751f2a16c1283313e77f88617e4852 1530 1531commit 6eafc52a4185ba6d765047146cd645152baaeb58 1532Author: Ludovic Rousseau <ludovic.rousseau+github@gmail.com> 1533Date: Sat Dec 27 10:07:22 2025 +0100 1534 1535 Update ssh-agent.1 1536 1537 Add a missing "/" in the default allowed providers list. 1538 1539commit 09daf2ac5f248dc5d60a6f3a703b479d67da14b4 1540Author: djm@openbsd.org <djm@openbsd.org> 1541Date: Mon Dec 22 03:36:43 2025 +0000 1542 1543 upstream: correctly quote wildcard host certificate principal name, 1544 1545 lest it expand to an unrelated filename in the working directory 1546 1547 OpenBSD-Regress-ID: 8a9eb716d3ea7986d26c1a931758b996aa93c58e 1548 1549commit dfd710e4e2928201743e32027e2d6cf0e2eafc61 1550Author: djm@openbsd.org <djm@openbsd.org> 1551Date: Mon Dec 22 03:12:05 2025 +0000 1552 1553 upstream: return 0 in void function; spotted by clang -Wextra 1554 1555 OpenBSD-Commit-ID: fe7461c93dfaef98a007a246af837a8275a1e539 1556 1557commit ecdf9b9f8e89aae65d4a12fe5a25c560eea08393 1558Author: djm@openbsd.org <djm@openbsd.org> 1559Date: Mon Dec 22 01:50:46 2025 +0000 1560 1561 upstream: regression tests for certificates with empty principals 1562 1563 sections (which are now unconditionally refused) and for certificates with 1564 wildcard principals (which should only be accepted in host certs) 1565 1566 OpenBSD-Regress-ID: fdca88845a68424060547b4f9f32f90a7cf82e73 1567 1568commit adca2f439827eb829652805f36e288b5b260ce1b 1569Author: djm@openbsd.org <djm@openbsd.org> 1570Date: Mon Dec 22 01:31:07 2025 +0000 1571 1572 upstream: don't try to test webauthn signatures. Nothing in OpenSSH 1573 1574 generates these (yet) 1575 1576 OpenBSD-Regress-ID: 48d59b7c4768c2a22ce3d8cf3b455e6ada9fc7b0 1577 1578commit 5166b6cbf2b6103117a79f90a68068e89e02bf66 1579Author: djm@openbsd.org <djm@openbsd.org> 1580Date: Mon Dec 22 01:49:03 2025 +0000 1581 1582 upstream: When certificate support was added to OpenSSH, 1583 1584 certificates were originally specified to represent any principal if the 1585 principals list was empty. 1586 1587 This was, in retrospect, a mistake as it created a fail-open 1588 situation if a CA could be convinced to accidentally sign a 1589 certificate with no principals. This actually happened in a 3rd- 1590 party CA product (CVE-2024-7594). 1591 1592 Somewhat fortunately, the main pathway for using certificates in 1593 sshd (TrustedUserCAKeys) never supported empty-principals 1594 certificates, so the blast radius of such mistakes was 1595 substantially reduced. 1596 1597 This change removes this footcannon and requires all certificates 1598 include principals sections. It also fixes interpretation of 1599 wildcard principals, and properly enables them for host 1600 certificates only. 1601 1602 This is a behaviour change that will permanently break uses of 1603 certificates with empty principals sections. 1604 1605 ok markus@ 1606 1607 OpenBSD-Commit-ID: 0a901f03c567c100724a492cf91e02939904712e 1608 1609commit aaac8c61c18124eb5fb8a2cff1e85dea2db6c147 1610Author: djm@openbsd.org <djm@openbsd.org> 1611Date: Mon Dec 22 01:20:39 2025 +0000 1612 1613 upstream: Don't misuse the sftp limits extension's open-handles 1614 1615 field. This value is supposed to be the number of handles a server will allow 1616 to be opened and not a number of outstanding read/write requests that can be 1617 sent during an upload/download. 1618 1619 ok markus@ 1620 1621 OpenBSD-Commit-ID: 14ebb6690acbd488e748ce8ce3302bd7e1e8a5b0 1622 1623commit daf6bdd34b59f640d2af0fd230da69f1cbad33b4 1624Author: djm@openbsd.org <djm@openbsd.org> 1625Date: Mon Dec 22 01:17:31 2025 +0000 1626 1627 upstream: add a "ssh -O channels user@host" multiplexing command to 1628 1629 get a running mux process to show information about what channels are 1630 currently open; ok dtucker@ markus@ 1631 1632 OpenBSD-Commit-ID: 80bb3953b306a50839f9a4bc5679faebc32e5bb8 1633 1634commit b652322cdc5e94f059b37a8fb87e44ccb1cdff33 1635Author: djm@openbsd.org <djm@openbsd.org> 1636Date: Fri Dec 19 01:27:19 2025 +0000 1637 1638 upstream: typo in comment 1639 1640 OpenBSD-Commit-ID: f72306b86953e74f358096db141b4f9c00d33ed7 1641 1642commit 0b98be75dbb2ccb1c3146429c0077416c113b57d 1643Author: djm@openbsd.org <djm@openbsd.org> 1644Date: Fri Dec 19 01:26:39 2025 +0000 1645 1646 upstream: correctly check subsystem command is not the empty string 1647 1648 (was repeatedly checking the subsystem name) spotted by Coverity (CID 898836) 1649 1650 OpenBSD-Commit-ID: dabea2b499de8280f76f7291dd52086df6831cb0 1651 1652commit 345892ba2e8efea4be03675c866395bee251c117 1653Author: djm@openbsd.org <djm@openbsd.org> 1654Date: Fri Dec 19 00:57:42 2025 +0000 1655 1656 upstream: regression test for bz3906: sshd crashing at connection 1657 1658 time if the config lacks a subsystem directive but one is defined in a match 1659 block. 1660 1661 OpenBSD-Regress-ID: 5290553665307ccddaec2499ec1eb196bb2efc84 1662 1663commit 81e5bb8d93f2d8361bd7f4b034044ad8ee4ded0e 1664Author: djm@openbsd.org <djm@openbsd.org> 1665Date: Fri Dec 19 00:48:47 2025 +0000 1666 1667 upstream: check that invalid subsystem directives inside Match 1668 1669 blocks are noticed at startup; bz#3906 1670 1671 OpenBSD-Regress-ID: b9171bde4cc24757a826b3da0e9eadc33995a453 1672 1673commit 831e6db69ff8625b6e81c2809aa082abbab6c0b1 1674Author: djm@openbsd.org <djm@openbsd.org> 1675Date: Fri Dec 19 00:56:34 2025 +0000 1676 1677 upstream: don't crash at connection time if the main sshd_config 1678 1679 lacks any subsystem directive but one is defined in a Match block 1680 1681 bz#3906; ok dtucker 1682 1683 OpenBSD-Commit-ID: 2eb9024726d6f10eaa41958faeca9c9ba5ca7d8a 1684 1685commit 4e0f2dee54d210dc44f72f73e703c6dc5348a406 1686Author: djm@openbsd.org <djm@openbsd.org> 1687Date: Fri Dec 19 00:48:04 2025 +0000 1688 1689 upstream: detect invalid sshd_config Subsystem directives inside 1690 1691 Match blocks at startup rather than failing later at runtime; 1692 1693 noticed via bz#3906; ok dtucker 1694 1695 OpenBSD-Commit-ID: e6035ff0baa375de6c9f22c883ed530a8649dfed 1696 1697commit 4c9de155ce1d35c9e3c05223cc093580f9efff9a 1698Author: jsg@openbsd.org <jsg@openbsd.org> 1699Date: Thu Dec 18 23:54:10 2025 +0000 1700 1701 upstream: new sentence, new line 1702 1703 OpenBSD-Commit-ID: 23974d7c98b2ba4fea7f5143676c34e04ffd4128 1704 1705commit 3ab346aa6d9030379df3ec1ed0b0ce608f952c5f 1706Author: jsg@openbsd.org <jsg@openbsd.org> 1707Date: Thu Dec 18 23:51:56 2025 +0000 1708 1709 upstream: fix markup, .CM -> .Cm 1710 1711 OpenBSD-Commit-ID: 4db8cb254792df8a4dce11825852e089ae3d053a 1712 1713commit f878d7ccc25b02a39e6766f5dd405d5de6fb106c 1714Author: dtucker@openbsd.org <dtucker@openbsd.org> 1715Date: Tue Dec 16 08:36:43 2025 +0000 1716 1717 upstream: Plug leak in ssh_digest_memory on error path. 1718 1719 Bonehead mistake spotted by otto@, ok djm@ 1720 1721 OpenBSD-Commit-ID: 4ad67ac402e0b4c013f4f4e386d22b88969a5dd7 1722 1723commit 49480f1934f8cf994afa646d4bcbd22ac08bb6af 1724Author: dtucker@openbsd.org <dtucker@openbsd.org> 1725Date: Tue Dec 16 08:32:50 2025 +0000 1726 1727 upstream: Add 'invaliduser' penalty to PerSourcePenalties, which is 1728 1729 applied to login attempts for usernames that do not match real accounts. 1730 Defaults to 5s to match 'authfail' but allows administrators to block such 1731 sources for longer if desired. with & ok djm@ 1732 1733 OpenBSD-Commit-ID: bb62797bcf2adceb96f608ce86d0bb042aff5834 1734 1735commit 94bf1154b4132727114f222a587daeac101f1f5b 1736Author: djm@openbsd.org <djm@openbsd.org> 1737Date: Mon Dec 8 03:55:22 2025 +0000 1738 1739 upstream: add a GssDelegateCreds option for the server, controlling 1740 1741 whether it accepts delgated credentials offered by the client. This option 1742 mirrors GssDelegateCreds in ssh_config. 1743 1744 From Dmitry Belyavskiy via GHPR614; ok dtucker@ 1745 1746 OpenBSD-Commit-ID: ac419354edb26cef9ad15692e0bed17a03997786 1747 1748commit 24f32f7755801b16368375b8e27fb1a48d250fc5 1749Author: djm@openbsd.org <djm@openbsd.org> 1750Date: Mon Dec 8 00:45:00 2025 +0000 1751 1752 upstream: errant line 1753 1754 OpenBSD-Commit-ID: 8542d59f5ba48a67c3ebd5de17f9fa408ec54ca5 1755 1756commit a1e37f0998ed5027f6c8dd30befb379ea2cac95b 1757Author: djm@openbsd.org <djm@openbsd.org> 1758Date: Mon Dec 8 00:44:16 2025 +0000 1759 1760 upstream: There is a warning next to the authorized_keys command="" 1761 1762 flag that forcing a command doesn't automatically disable forwarding. Add one 1763 next to the sshd_config(5) ForceCommand directive too. 1764 1765 feedback deraadt@ 1766 1767 OpenBSD-Commit-ID: bfe38b4d3cfbadbb8bafe38bc256f5a17a0ee75c 1768 1769commit 70ad2e9a2b3aa6f856200464078c2750bfba0e3d 1770Author: djm@openbsd.org <djm@openbsd.org> 1771Date: Mon Dec 8 00:41:46 2025 +0000 1772 1773 upstream: increment correct variable when counting group 1774 1775 memberships. Reported by Kevin Day via bz3903 1776 1777 OpenBSD-Commit-ID: 772b9aafd5165a7c407f08cb95f8b94cc5a4c1c0 1778 1779commit d05b704086d53c02f4ad7de921435f7e7e3ad60a 1780Author: Darren Tucker <dtucker@dtucker.net> 1781Date: Sun Dec 7 20:10:42 2025 +1100 1782 1783 Add OpenBSD 7.8 VM test target. 1784 1785commit f086fafa0486012df6ba095664be75ecbf68e8e1 1786Author: Darren Tucker <dtucker@dtucker.net> 1787Date: Sun Dec 7 13:43:02 2025 +1100 1788 1789 Remove generated compat includes during distclean. 1790 1791commit 185459dd87c4f7580a2591fbbbb1d800ec249b78 1792Author: Darren Tucker <dtucker@dtucker.net> 1793Date: Sun Dec 7 14:17:20 2025 +1100 1794 1795 Define IPTOS_DSCP_VA if not already defined. 1796 1797commit f701869185915b9a324dcc23c12d0035251ef93f 1798Author: phessler@openbsd.org <phessler@openbsd.org> 1799Date: Fri Dec 5 17:48:47 2025 +0000 1800 1801 upstream: allow network programs select DSCP_VA for network ToS 1802 1803 OK stsp@ 1804 1805 OpenBSD-Commit-ID: 8019fd6e8c522b4b5f291a2c0e3bf2437cc70dc1 1806 1807commit f62868e03e51785c521c4d20d60662c0bbdd695e 1808Author: dtucker@openbsd.org <dtucker@openbsd.org> 1809Date: Sun Dec 7 02:59:53 2025 +0000 1810 1811 upstream: Avoid "if ! thing || ! otherthing; then" constructs since 1812 1813 they seem to cause portability problems. 1814 1815 OpenBSD-Regress-ID: ff001be683de43bf396cd5f9f6a54e0c7a99c3cf 1816 1817commit 45aca67d79c194660342a64a9175d814d4e8ba56 1818Author: dtucker@openbsd.org <dtucker@openbsd.org> 1819Date: Sun Dec 7 02:49:41 2025 +0000 1820 1821 upstream: spaces->tab 1822 1823 OpenBSD-Regress-ID: c78eb430da0ec2c4b6919ff4d27ef8e565ef52ff 1824 1825commit ab164f671609a3a25cd0efcd967aff29144081bb 1826Author: dtucker@openbsd.org <dtucker@openbsd.org> 1827Date: Sat Dec 6 07:10:24 2025 +0000 1828 1829 upstream: Append a newline, otherwise some sed's won't output anything. 1830 1831 OpenBSD-Regress-ID: 507cb8c36bb7fc338f60a55bf7040f479536b3f7 1832 1833commit c99a30d30a5d2af6fec30b9b0d85aa9b252760c9 1834Author: dtucker@openbsd.org <dtucker@openbsd.org> 1835Date: Sat Dec 6 03:23:27 2025 +0000 1836 1837 upstream: Don't check compressions stats when ssh does not support 1838 1839 compression. 1840 1841 OpenBSD-Regress-ID: 026db51b2654a949e9a10b908443dab83b64c74a 1842 1843commit 5f5d1af478d4b9daf61fab1e4298973980d4c348 1844Author: djm@openbsd.org <djm@openbsd.org> 1845Date: Fri Dec 5 11:13:35 2025 +0000 1846 1847 upstream: ASSERT_DOUBLE_* test helpers 1848 1849 OpenBSD-Regress-ID: cdb5c4e95c0f00efb773ddba4056a49e33702cf9 1850 1851commit 70a01a7e66075047329e3aeccc942678f512ebdd 1852Author: Darren Tucker <dtucker@dtucker.net> 1853Date: Fri Dec 5 20:02:39 2025 +1100 1854 1855 Set SSH_REGRESS_TMP after making tmpdir. 1856 1857 Put both of these later in the script so the cvsids don't cause 1858 conflicts on every synced patch. 1859 1860commit 89a67a04e581423cdc443f2597cb1e2c7d8cc50f 1861Author: dtucker@openbsd.org <dtucker@openbsd.org> 1862Date: Fri Dec 5 08:09:34 2025 +0000 1863 1864 upstream: Shell compatibility fix. 1865 1866 OpenBSD-Regress-ID: bceaeb267d49c13e4a797c42e93b8f0cdb14dbd7 1867 1868commit f4e79a4ba91cf0fd7397846424d1b261f3648708 1869Author: djm@openbsd.org <djm@openbsd.org> 1870Date: Fri Dec 5 07:43:24 2025 +0000 1871 1872 upstream: unit tests for convtime_double() 1873 1874 OpenBSD-Regress-ID: d3ba7b894019b4128845d638c78fca37b3b6eecf 1875 1876commit c48de35bea389308428cb47b5ee55b1b1fb4567c 1877Author: djm@openbsd.org <djm@openbsd.org> 1878Date: Fri Dec 5 07:49:45 2025 +0000 1879 1880 upstream: convert PerSourcePenalties to using floating point time, 1881 1882 allowing penalties to be less than a second. This is useful if you need to 1883 penalise things you expect to occur at >=1 QPS. 1884 1885 feedback dtucker / deraadt; ok deraadt@ 1886 1887 OpenBSD-Commit-ID: 89198be755722131b45a52d22d548e4c602201f0 1888 1889commit f45cd249e45a15c84bf1316ac719039d04a74e84 1890Author: djm@openbsd.org <djm@openbsd.org> 1891Date: Fri Dec 5 07:43:12 2025 +0000 1892 1893 upstream: Add convtime_double() that converts a string interval, 1894 1895 such as "3w2d4h5m10.5s", into a floating point number of seconds. 1896 1897 Reimplement the existing convtime() function using convtime_double() 1898 (it just drops the fractional seconds) 1899 1900 lots of feedback deraadt@ / dtucker@; ok deraadt@ 1901 1902 OpenBSD-Commit-ID: 053cdd0c72325a20efc6613caa847473fb89e36f 1903 1904commit b7dc1d95ee838c86a93df59663dad32e9b555520 1905Author: dtucker@openbsd.org <dtucker@openbsd.org> 1906Date: Fri Dec 5 06:55:22 2025 +0000 1907 1908 upstream: Add test for ssh -Oconninfo mux command. 1909 1910 OpenBSD-Regress-ID: e939edc41caad8b6ad00ff294f33b61ed32a1edd 1911 1912commit eb97fc2b5e7c85a37fdb3f8a6ee1d665ef086c3f 1913Author: dtucker@openbsd.org <dtucker@openbsd.org> 1914Date: Fri Dec 5 06:16:27 2025 +0000 1915 1916 upstream: Add an ssh -Oconninfo command 1917 1918 that shows connection information, similar to the ~I escapechar. 1919 This is the first use of the mux extension mechanism, so it should be 1920 both forward and backward compatible: a new client talking to an old 1921 server will not allow the "conninfo" request to be sent, but everything 1922 else should work seamlessly. feedback and ok djm@ 1923 1924 OpenBSD-Commit-ID: 50f047a85da277360558cabdfed59cb66f754341 1925 1926commit 66622394fd3a51e9a6c99c39a068f8ba709542fa 1927Author: djm@openbsd.org <djm@openbsd.org> 1928Date: Wed Dec 3 06:29:50 2025 +0000 1929 1930 upstream: correctly quote filenames in verbose output for local->local 1931 1932 copies; from Colin Watson via bz3900; ok dtucker@ 1933 1934 OpenBSD-Commit-ID: 5c09b030e2024651ebc8c1f9af6a8a2d37912150 1935 1936commit 8fce5520a1c9c2cf3fc6c6974dd158f4b3ce9c4e 1937Author: dtucker@openbsd.org <dtucker@openbsd.org> 1938Date: Sat Nov 29 06:49:56 2025 +0000 1939 1940 upstream: Add local hostname and pid to ~I escape connection info, 1941 1942 only display peer information for TCP connections including source address 1943 and port This provides enough information to uniquely identify a connection 1944 on the host or network. 1945 1946 OpenBSD-Commit-ID: aa18a4af2de41c298d1195d2566808585f8ce964 1947 1948commit 2e8b5de4a79fb393482465531be1e347b81699f3 1949Author: dtucker@openbsd.org <dtucker@openbsd.org> 1950Date: Sat Nov 29 05:00:50 2025 +0000 1951 1952 upstream: Add compression stats to ~I connection info escape 1953 1954 option. 1955 1956 OpenBSD-Commit-ID: 83424b71fc226ea6b3dc8dda39f993475fdbd775 1957 1958commit 52037ed910a9dcb669b9c9f612ccac711ac586f2 1959Author: dtucker@openbsd.org <dtucker@openbsd.org> 1960Date: Thu Nov 27 02:18:48 2025 +0000 1961 1962 upstream: Add Escape option ~I that shows information about the current 1963 1964 SSH connection. ok djm@, "I like/want" sthen@ florian@ 1965 1966 OpenBSD-Commit-ID: 0483fc0188ec899077e4bc8e1e353f7dfa9f5c1d 1967 1968commit 0fb1f3c9955d78fb0959842202b9ecfc36e37486 1969Author: djm@openbsd.org <djm@openbsd.org> 1970Date: Tue Nov 25 01:14:33 2025 +0000 1971 1972 upstream: move mention of default MaxStartups (which uses the 1973 1974 form. 1975 1976 GHPR568 from Santiago Vila 1977 1978 OpenBSD-Commit-ID: 7e68771f3cad61ec67303607afb3b85639288b29 1979 1980commit 2d0d26602f739b4a3ddde6c4dbc8f3ddab38ac0d 1981Author: djm@openbsd.org <djm@openbsd.org> 1982Date: Tue Nov 25 01:08:35 2025 +0000 1983 1984 upstream: Support writing ED25519 keys in PKCS8 format. GHPR570 from 1985 1986 Josh Brobst 1987 1988 OpenBSD-Commit-ID: 4f36019a38074b2929335fbe9cb8d9801e3177af 1989 1990commit c23122c5ea7348b7b6daa2982e53c201a5354007 1991Author: djm@openbsd.org <djm@openbsd.org> 1992Date: Tue Nov 25 00:57:04 2025 +0000 1993 1994 upstream: avoid leak of fingerprint on error path; from Lidong Yan via 1995 1996 GHPR611 1997 1998 OpenBSD-Commit-ID: 253f6f7d729d8636da23ac9925b60b494e85a810 1999 2000commit 6157e1c41071fb0f5621868c38861934284268b1 2001Author: djm@openbsd.org <djm@openbsd.org> 2002Date: Tue Nov 25 00:52:00 2025 +0000 2003 2004 upstream: don't set the PerSourceNetBlockSize IPv6 mask if sscanf 2005 2006 didn't decode it. From Mingjie Shen via GHPR598 2007 2008 OpenBSD-Commit-ID: c722014e735cbd87adb2fa968ce4c47b43cf98b0 2009 2010commit 1fdc3c61194819c16063dc430eeb84b81bf42dcf 2011Author: djm@openbsd.org <djm@openbsd.org> 2012Date: Mon Nov 24 23:56:58 2025 +0000 2013 2014 upstream: give ssh-agent more time to start in tests; requested in 2015 2016 GHPR602 2017 2018 OpenBSD-Regress-ID: 7d771db2c1d4a422e83c3f632ba1e96f72a262b8 2019 2020commit 5e7c3f33b2693b668ecfbac84b85f2c0c84410c2 2021Author: djm@openbsd.org <djm@openbsd.org> 2022Date: Mon Nov 24 23:54:15 2025 +0000 2023 2024 upstream: When testing PKCS11, explicitly allow the module path in 2025 2026 ssh-agent. 2027 2028 Allows testing of PKCS11 modules outside system directories. 2029 2030 From Morgan Jones via GHPR602 2031 2032 OpenBSD-Regress-ID: 548d6e0362a8d9f7d1cc01444b697a00811ff488 2033 2034commit 69965aefe3355488e0462291be13a233b8405091 2035Author: djm@openbsd.org <djm@openbsd.org> 2036Date: Mon Nov 24 23:43:10 2025 +0000 2037 2038 upstream: When loading FIDO2 resident keys, set the comment to the 2039 2040 FIDO application string. This matches the behaviour of ssh-keygen -K 2041 2042 From Arian van Putten via GHPR608 2043 2044 OpenBSD-Commit-ID: 3fda54b44ed6a8a6f94cd3e39e69c1e672095712 2045 2046commit 2238c48dc90dc56af1d86b298d2cb25fa0c7ef14 2047Author: tb@openbsd.org <tb@openbsd.org> 2048Date: Sun Nov 23 07:04:18 2025 +0000 2049 2050 upstream: pkcs11_fetch_ecdsa_pubkey: use ASN1_STRING accessors 2051 2052 In anticipation of davidben and beck making ASN1_STRING opaque in 2053 OpenSSL 4 with the aim of enabling surgery to make the X509 data 2054 structure less bad [1], we need to use dumb accessors to avoid build 2055 breakage. Fortunately only in one spot. 2056 2057 This is OpenSSL 1.1 API and available in all members of the fork family. 2058 2059 ok beck djm 2060 2061 [1]: https://github.com/openssl/openssl/issues/29117 2062 2063 OpenBSD-Commit-ID: 0bcaf691d20624ef43f3515c983cd5aa69547d4f 2064 2065commit 643222df689c95efff9e9506b76de458f69dd9c7 2066Author: Darren Tucker <dtucker@dtucker.net> 2067Date: Fri Nov 21 14:28:20 2025 +1100 2068 2069 Update OSSFuzz link to current bug tracker. 2070 2071commit 2efdfbb4d78b9bbb73f55af150e8f985d4fe4c0f 2072Author: Darren Tucker <dtucker@dtucker.net> 2073Date: Fri Nov 21 14:21:07 2025 +1100 2074 2075 Add VM CI and CIFuzz status badges. 2076 2077commit 71e8779113965d60d91ba2d15cdeeb43ecf230a7 2078Author: djm@openbsd.org <djm@openbsd.org> 2079Date: Fri Nov 21 01:29:27 2025 +0000 2080 2081 upstream: unit tests for sshbuf_get_nulterminated_string() 2082 2083 OpenBSD-Regress-ID: cb0af1e4d6dcc94e263942bc4dcf5f4466d1f086 2084 2085commit dec6334aaf6f542f34a0aca27dc2f535e9161a67 2086Author: djm@openbsd.org <djm@openbsd.org> 2087Date: Fri Nov 21 01:29:06 2025 +0000 2088 2089 upstream: add a sshbuf_get_nulterminated_string() function to pull a 2090 2091 \0- terminated string from a sshbuf. Intended to be used to improve parsing 2092 of SOCKS headers for dynamic forwarding. 2093 2094 ok deraadt; feedback Tim van der Molen 2095 2096 OpenBSD-Commit-ID: cf93d6db4730f7518d5269c279e16b172b484b36 2097 2098commit a8718c3fc52511e5237f1cbe10c210948c5616ea 2099Author: dtucker@openbsd.org <dtucker@openbsd.org> 2100Date: Thu Nov 20 05:07:57 2025 +0000 2101 2102 upstream: Free opts in FAIL_TEST. It should always be NULL anyway so 2103 2104 this is a no-op, but it should placate Coverity CID 405064. 2105 2106 OpenBSD-Regress-ID: 06789754de0741f26432c668fad8b9881c14c153 2107 2108commit d68d528fefeca1e331696296ef5db7c4db246f9a 2109Author: dtucker@openbsd.org <dtucker@openbsd.org> 2110Date: Thu Nov 20 05:10:56 2025 +0000 2111 2112 upstream: Plug leaks while parsing Match blocks. Coverity CID 2113 2114 469304, ok djm@ 2115 2116 OpenBSD-Commit-ID: f9b79b86879a953ad034e6b92a398265b251bea7 2117 2118commit e3f1fbb427df898d70083b42caab72baaa715400 2119Author: dtucker@openbsd.org <dtucker@openbsd.org> 2120Date: Thu Nov 20 05:10:11 2025 +0000 2121 2122 upstream: Plug leaks while parsing Match blocks. Coverity CID 2123 2124 515634, ok miod@ djm@ 2125 2126 OpenBSD-Commit-ID: c7932eddecd47e5122e945246a40c56ffa42a546 2127 2128commit ccad76e9e1e4f06889ee023893cea98bc165858b 2129Author: Darren Tucker <dtucker@dtucker.net> 2130Date: Tue Nov 18 20:14:44 2025 +1100 2131 2132 Pull in rev 1.17 for spelling fix. 2133 2134 Prompted by github PR#609 from Edge-Seven. 2135 2136commit 58533bbdf7aa0548de8e2abd3cb2de0593fa9fdc 2137Author: jca@openbsd.org <jca@openbsd.org> 2138Date: Mon Nov 17 12:59:29 2025 +0000 2139 2140 upstream: Export XDG_RUNTIME_DIR to child ssh sessions 2141 2142 Currently setusercontext(LOGIN_SETALL) does create the directory in 2143 /tmp/run/user, since LOGIN_SETXDGENV is part of LOGIN_SETALL, but the 2144 env variable wasn't exported. 2145 2146 ok djm@ 2147 2148 OpenBSD-Commit-ID: 02b8433f72759b3a07b55cbc5a7cdb84391b0017 2149 2150commit e4cc5ab0efd85f01c0e1ae46825ffc0c7a8f44ce 2151Author: djm@openbsd.org <djm@openbsd.org> 2152Date: Mon Nov 17 05:24:42 2025 +0000 2153 2154 upstream: don't strnvis() log messages that are going to be logged 2155 2156 by sshd-auth via its parent sshd-session process, as the parent will also run 2157 them though strnvis(). 2158 2159 Prevents double-escaping of non-printing characters in some log 2160 messages. bz3896 ok dtucker@ 2161 2162 OpenBSD-Commit-ID: d78faad96a98af5269d66ddceee553cf7d396dfe 2163 2164commit bad220decb95d3b5cc6e30f843c4fc9d9b0b7a67 2165Author: Darren Tucker <dtucker@dtucker.net> 2166Date: Mon Nov 17 21:36:45 2025 +1100 2167 2168 Remove obsolete CVSID. 2169 2170commit 2fe6e406b496b54351dab923f9be95579d39d071 2171Author: dtucker@openbsd.org <dtucker@openbsd.org> 2172Date: Mon Nov 17 09:59:13 2025 +0000 2173 2174 upstream: Ensure both sides of the test are non-NULL instead of just 2175 2176 either. Coverity CID 443285. 2177 2178 OpenBSD-Regress-ID: aa90e57b1bc8efce9e50734a07a8ffec0680059a 2179 2180commit e2b93e16232834c61c9dcff5b20e4c55a26b324d 2181Author: Darren Tucker <dtucker@dtucker.net> 2182Date: Thu Nov 13 23:30:48 2025 +1100 2183 2184 Move libcrypto init check into entropy.c. 2185 2186 This prevents link errors with the openbsd-compat tests when the linker 2187 tries to bring in all the logging bits. 2188 2189commit ec41739bd68d639b0847b366697706e7dab3498d 2190Author: Icenowy Zheng <uwu@icenowy.me> 2191Date: Fri Nov 7 14:27:35 2025 +0800 2192 2193 seccomp sandbox: allow uname(3) 2194 2195 The uname(3) syscall is utilized by zlib-ng on RISC-V to decide whether 2196 the kernel handles VILL bit of V extension properly (by checking the 2197 kernel version against 6.5). 2198 2199 Allow it in the seccomp sandbox. 2200 2201 Signed-off-by: Icenowy Zheng <uwu@icenowy.me> 2202 2203commit 90501bc30ca94fa5443e2b7e2072d5d454587ef8 2204Author: Darren Tucker <dtucker@dtucker.net> 2205Date: Thu Nov 13 22:04:19 2025 +1100 2206 2207 Remove remaining OpenSSL_add_all_algorithms() calls. 2208 2209 We already have OPENSSL_init_crypto() in the compat layer (now with a 2210 check of its return code, prompted by tb@). Prompted by github PR#606 2211 from Dimitri John Ledkov. ok beck@ 2212 2213commit d9955e4571ec356ba4f2e99d01f7fa88f6e20a63 2214Author: dtucker@openbsd.org <dtucker@openbsd.org> 2215Date: Thu Nov 13 10:35:14 2025 +0000 2216 2217 upstream: Remove calls to OpenSSL_add_all_algorithms() 2218 2219 and ERR_load_crypto_strings(). These are no-ops in LibreSSL, and in 2220 Portable have been mostly replaced by a call to OPENSSL_init_crypto() 2221 in the compat layer. ok tb@ 2222 2223 OpenBSD-Commit-ID: 4c3e0af10fe276766054eda34428a37a5606d3ea 2224 2225commit 6aba7008e6451ae3f9298214b13b8eded5fd9ff0 2226Author: djm@openbsd.org <djm@openbsd.org> 2227Date: Thu Nov 13 05:13:06 2025 +0000 2228 2229 upstream: sync support for systems that lack __builtin_popcount() from 2230 2231 portable 2232 2233 unused on OpenBSD (nothing sets MISSING_BUILTIN_POPCOUNT), but it 2234 makes syncing much easier. 2235 2236 OpenBSD-Commit-ID: 496446300d82615b24f83eca886b8fabdbee445b 2237 2238commit 84347d67ad2d5ee0db43f32bca91bacccecdb647 2239Author: djm@openbsd.org <djm@openbsd.org> 2240Date: Thu Nov 13 04:56:23 2025 +0000 2241 2242 upstream: update our ML-KEM implementation to upstream libcrux 2243 2244 v0.0.4 2245 2246 tested/ok tb@ 2247 2248 OpenBSD-Commit-ID: 525a62549efbf53492adcb2c57e4872cdbaeed62 2249 2250commit c09eeba78ad622b988ab7f8d96e75b7edd434598 2251Author: tb@openbsd.org <tb@openbsd.org> 2252Date: Fri Nov 7 06:29:45 2025 +0000 2253 2254 upstream: sshkey_ec_validate_public: zap trailing blank I missed on 2255 2256 review 2257 2258 OpenBSD-Commit-ID: b296bd6056f33fd567ca0d5e9123dac1ec00f037 2259 2260commit 7cb3ea4dcc7d73b2fad6782a119901cfa2b022aa 2261Author: Darren Tucker <dtucker@dtucker.net> 2262Date: Thu Nov 13 10:23:45 2025 +1100 2263 2264 Simplify git command to avoid yaml syntax error. 2265 2266commit 08786bbe7eebff316efb0b4ccb882f93f33a16b8 2267Author: Darren Tucker <dtucker@dtucker.net> 2268Date: Thu Nov 13 09:53:17 2025 +1100 2269 2270 Don't use OpenSSL's ed25519 if built without EC. 2271 2272 Explicitly check for OPENSSL_NO_EC, since otherwise the test will link 2273 but then fail at runtime. 2274 2275commit d12813314452173b1709f7fdbae74add84c0056f 2276Author: Damien Miller <djm@mindrot.org> 2277Date: Fri Nov 7 15:49:55 2025 +1100 2278 2279 octal-escape the colon character 2280 2281 Apparently these are YAML magic when followed by whitespace 2282 2283commit 5a104d81a2a916a6b9a42e28a7fa11bb781dfdf4 2284Author: Damien Miller <djm@mindrot.org> 2285Date: Fri Nov 7 15:44:18 2025 +1100 2286 2287 try single quotes instead of escaped quotes 2288 2289commit 48d8293956b9801b870a56782e19f29793ca04ba 2290Author: Damien Miller <djm@mindrot.org> 2291Date: Fri Nov 7 15:42:57 2025 +1100 2292 2293 escape quotes in yaml 2294 2295commit 1f1d63e16b5ce67f6f2f1170ec7221f1e6bff530 2296Author: djm@openbsd.org <djm@openbsd.org> 2297Date: Fri Nov 7 04:33:52 2025 +0000 2298 2299 upstream: Escape SSH_AUTH_SOCK paths that are sent to the shell as 2300 2301 setenv commands. 2302 2303 Unbreaks ssh-agent for home directory paths that contain whitespace. 2304 2305 Based on fix from Beat Bolli via bz3884; feedback/ok dtucker@ 2306 2307 OpenBSD-Commit-ID: aaf06594e299940df8b4c4b9f0a1d14bef427e02 2308 2309commit 5794f2a186ee8ea7db0002bf7470b817572aaef0 2310Author: djm@openbsd.org <djm@openbsd.org> 2311Date: Thu Nov 6 17:24:28 2025 +0000 2312 2313 upstream: sk-dummy.so needs sshlog() stub after ed25519-openssl.c 2314 2315 change 2316 2317 OpenBSD-Regress-ID: 50b7f49021b8085728d0544275e141fb1bf4a2b5 2318 2319commit a1c526f29b47147046f77a0f74097008256396f6 2320Author: djm@openbsd.org <djm@openbsd.org> 2321Date: Thu Nov 6 01:33:26 2025 +0000 2322 2323 upstream: unit test for stringlist_append() and stringlist_free() 2324 2325 OpenBSD-Regress-ID: a3a4dae538c831b3810f69abc34ad8504dc3c460 2326 2327commit 9d8c686981834bc1dde09f5067ff925d8fc158f5 2328Author: djm@openbsd.org <djm@openbsd.org> 2329Date: Thu Nov 6 01:33:03 2025 +0000 2330 2331 upstream: link against ed25519-openssl.c instead of ed25519.c 2332 2333 OpenBSD-Regress-ID: f789d46e99d2598929e3c2d00b45c47cc3102501 2334 2335commit e57ef43c3ecb69aa237e2d88b793f18ee8a25817 2336Author: anton@openbsd.org <anton@openbsd.org> 2337Date: Sat Nov 1 05:39:25 2025 +0000 2338 2339 upstream: Cope with recent changes and don't link hash.c. 2340 2341 OpenBSD-Regress-ID: 577ef2f36ee592528448e8c0f33499e2e3512054 2342 2343commit 9bea081888fa659b964e6bfa41caca2b5def98c2 2344Author: djm@openbsd.org <djm@openbsd.org> 2345Date: Fri Nov 7 04:11:59 2025 +0000 2346 2347 upstream: Remove some unnecessary checks in 2348 2349 sshkey_ec_validate_public() 2350 MIME-Version: 1.0 2351 Content-Type: text/plain; charset=UTF-8 2352 Content-Transfer-Encoding: 8bit 2353 2354 Checking nQ == infinity is not needed for cofactor 1 curves. 2355 Checking x and y coordinates against order is not needed either. 2356 2357 patch from Szilárd Pfeiffer, with further refinement by tb@ 2358 ok tb@ 2359 2360 OpenBSD-Commit-ID: ef985e2be7c64e215d064757d3fc65eb181e8ede 2361 2362commit 1399419f0b2d024bde968ffe769a3808611917e4 2363Author: djm@openbsd.org <djm@openbsd.org> 2364Date: Thu Nov 6 01:31:11 2025 +0000 2365 2366 upstream: move stringlist_append() and stringlist_free() to misc.c 2367 2368 OpenBSD-Commit-ID: 7d047bbff6964b9abbc04e9b3e2e1b4cc1db0aea 2369 2370commit f2ff1d9c1687be313dd491fcd136c682ef51bea8 2371Author: djm@openbsd.org <djm@openbsd.org> 2372Date: Fri Oct 31 01:50:43 2025 +0000 2373 2374 upstream: cleanup file descriptors across PKCS#11 client/helper 2375 2376 execution; ok markus 2377 2378 OpenBSD-Commit-ID: 993628a5b361e30aa48bbb4c07667a280f3f23ab 2379 2380commit 7e5d404cf73b6762715eec69b67cce2c4801f9e9 2381Author: Darren Tucker <dtucker@dtucker.net> 2382Date: Sat Nov 1 08:34:15 2025 +1100 2383 2384 Support using git for OpenBSD src tree tests. 2385 2386commit d87e7f0bed66fc9f76fe4a2f43390fdc9a664132 2387Author: Darren Tucker <dtucker@dtucker.net> 2388Date: Sat Nov 1 08:33:07 2025 +1100 2389 2390 Add OpenBSD 7.8 test target. 2391 2392commit 2425d7faf4154b32b5f836596023cf2432b81eaf 2393Author: Damien Miller <djm@mindrot.org> 2394Date: Fri Oct 31 13:47:49 2025 +1100 2395 2396 check PAM user against previous user, not pw_name 2397 2398 Avoids early fatal() if the user doesn't exist. 2399 2400 Reported by Viswesh Narayanan; ok dtucker@ 2401 2402commit 7e2f89b0fb72141abbce098e2682ba8e090cabfc 2403Author: Damien Miller <djm@mindrot.org> 2404Date: Fri Oct 31 12:19:47 2025 +1100 2405 2406 skip pkcs11 tests when built --without-openssl 2407 2408commit 590a260f0bedc895688bb38b1cf6f0f72d8013e3 2409Author: Damien Miller <djm@mindrot.org> 2410Date: Fri Oct 31 12:19:34 2025 +1100 2411 2412 add sshlog() replacement to sk-dummy.so 2413 2414commit 57e347bae04cf214795fdeae3579991f0cc2e090 2415Author: Damien Miller <djm@mindrot.org> 2416Date: Fri Oct 31 11:16:29 2025 +1100 2417 2418 rename openbsd-compat sha2.h -> bsd-sha2.h 2419 2420 avoids confusion with system header when included from files under 2421 openbsd-compat/ 2422 2423commit a5f638585152863dc64ee9436a08e1d84735d740 2424Author: Damien Miller <djm@mindrot.org> 2425Date: Fri Oct 31 11:07:17 2025 +1100 2426 2427 fix linking for sk-dummy.so, used in tests 2428 2429commit c2a178959b03472c1b1677fea4bb263ed9fee2bd 2430Author: djm@openbsd.org <djm@openbsd.org> 2431Date: Thu Oct 30 23:55:09 2025 +0000 2432 2433 upstream: don't link hash.c 2434 2435 OpenBSD-Regress-ID: a145f09c1efb1fcd3924544463f1f94f5d4805c0 2436 2437commit 249224a0d43fdd2a536d7476c2bb15f4006dbbdd 2438Author: miod@openbsd.org <miod@openbsd.org> 2439Date: Thu Oct 23 19:06:10 2025 +0000 2440 2441 upstream: Prepare for gcc 3 leaving the building, COMPILER_VERSION 2442 2443 can no longer get set to "gcc3". 2444 2445 OpenBSD-Regress-ID: 02351ea947975b80be60b9a8c6e4dbb57789e890 2446 2447commit 9dcd640d44b8270c75783ef662c340187250d6e4 2448Author: dtucker@openbsd.org <dtucker@openbsd.org> 2449Date: Thu Oct 23 06:15:26 2025 +0000 2450 2451 upstream: Check tmux version and skip if too old. ok djm@ 2452 2453 OpenBSD-Regress-ID: fb62024eb753c61b4d78402ec8378af839fad26c 2454 2455commit 94a78254a1c953c2a55eb54f65a5d99873b54bdf 2456Author: djm@openbsd.org <djm@openbsd.org> 2457Date: Thu Oct 30 23:19:33 2025 +0000 2458 2459 upstream: move crypto_hash_sha512() to be inline in crypto_api.h, saves 2460 2461 about 0.5kb per binary and makes life easier for portable; with/ok dtucker@ 2462 2463 OpenBSD-Commit-ID: 672d7390f78bb6581c12661d7f5adc8a9c6be564 2464 2465commit 266647c5f2075d397bd5ed5316450183eda73388 2466Author: djm@openbsd.org <djm@openbsd.org> 2467Date: Thu Oct 30 20:49:10 2025 +0000 2468 2469 upstream: support ed25519 signatures via libcrypto. Mostly by Jeremy 2470 2471 Allison Feedback tb@, ok tb@ markus@ 2472 2473 OpenBSD-Commit-ID: e8edf8adffd5975d05769dde897df882d7933526 2474 2475commit 4f3e65bda22b65dc5fff82df1e97af07456fed42 2476Author: djm@openbsd.org <djm@openbsd.org> 2477Date: Thu Oct 30 03:19:54 2025 +0000 2478 2479 upstream: Activate UnusedConnectionTimeout only after last channel 2480 2481 has closed. Previously UnusedConnectionTimeout could fire early after a 2482 ChannelTimeout. 2483 2484 This was not a problem for the OpenSSH client because it terminates 2485 once all channels have closed but could cause problems for other 2486 clients (e.g. API clients) that do things differently. 2487 2488 bz3827; ok dtucker 2489 2490 OpenBSD-Commit-ID: ff2e4607cbd4e600de3c8a5ece3b0e4bb641ed8f 2491 2492commit e7f5928ef1c8e8c725bdca9cdd6b80e77fe774ac 2493Author: miod@openbsd.org <miod@openbsd.org> 2494Date: Thu Oct 23 19:06:10 2025 +0000 2495 2496 upstream: Prepare for gcc 3 leaving the building, COMPILER_VERSION 2497 2498 can no longer get set to "gcc3". 2499 2500 OpenBSD-Commit-ID: 98eefed432ff8253b307002e20d28da14b93e7e3 2501 2502commit 0ffb76c6590800958777cd0f7b1aaae19c74fa3f 2503Author: djm@openbsd.org <djm@openbsd.org> 2504Date: Wed Oct 22 06:22:58 2025 +0000 2505 2506 upstream: more explicit synchronisation around killing tmux sessions 2507 2508 between runs. 2509 2510 OpenBSD-Regress-ID: 1735f5cb13ad281e869ab998c7d49b692ee3ed47 2511 2512commit ffd086b69886e8cfeb74f9b2bcb18764bf7d9a52 2513Author: djm@openbsd.org <djm@openbsd.org> 2514Date: Wed Oct 22 05:22:31 2025 +0000 2515 2516 upstream: remove debugging junk 2517 2518 OpenBSD-Regress-ID: 3247e0ac98ae4cfe4eede871ef424d166e29e828 2519 2520commit 52712d5f11172ca98ffb0b2ac93007f74cb67134 2521Author: djm@openbsd.org <djm@openbsd.org> 2522Date: Tue Oct 21 23:30:01 2025 +0000 2523 2524 upstream: just skip the test if $PATH or $HOME has whitespace in it 2525 2526 OpenBSD-Regress-ID: ccf75a29d1a300a35f63be0e4f11ad5276756275 2527 2528commit a8eac05a85e31b11513a6a8dc5d662b14cbc2f4b 2529Author: djm@openbsd.org <djm@openbsd.org> 2530Date: Tue Oct 21 22:13:27 2025 +0000 2531 2532 upstream: quote paths; avoids test failure when run from a path with a 2533 2534 space in it 2535 2536 OpenBSD-Regress-ID: e4b7bffc289f10d47c50c02dd70b0323078a83b4 2537 2538commit 425e5b6bd765efbfc7691f43bfc08c86dc8a615e 2539Author: djm@openbsd.org <djm@openbsd.org> 2540Date: Tue Oct 21 08:35:22 2025 +0000 2541 2542 upstream: fix test for executability of tmux 2543 2544 OpenBSD-Regress-ID: a18119876ecfd95edb78225b086ac668eb0977ab 2545 2546commit d1d8144ea682adae5c3bb2994322fa524584ce8b 2547Author: djm@openbsd.org <djm@openbsd.org> 2548Date: Tue Oct 21 08:34:52 2025 +0000 2549 2550 upstream: add some more synchronisation to avoid a race between 2551 2552 command entry and ^C that showed up on the portable regress tests. 2553 2554 OpenBSD-Regress-ID: 5527e74aed1b008aa7e5223ca5a84aedecd973d4 2555 2556commit 8704c141bf6ded67ab466f5e987c49329ebbd968 2557Author: dtucker@openbsd.org <dtucker@openbsd.org> 2558Date: Tue Oct 21 07:18:27 2025 +0000 2559 2560 upstream: Always create logfiles. Should prevent "can't operate on 2561 2562 symlink" warnings during test runs. 2563 2564 OpenBSD-Regress-ID: 65cf5ce3c8b87b5609f1f3ea142b4f381128dc33 2565 2566commit dc9af8fb0436013afb544248e0afc2fd02a1a8fa 2567Author: Mike Frysinger <vapier@gentoo.org> 2568Date: Sun Oct 19 09:33:23 2025 -0400 2569 2570 bsd-openpty: include stdio.h for snprintf 2571 2572commit afe83537e0c0c159c7c3b6ef859424f6da18169c 2573Author: Damien Miller <djm@mindrot.org> 2574Date: Tue Oct 21 09:14:35 2025 +1100 2575 2576 include tmux in CI package list 2577 2578commit a750ec60782d21db69383344dda478342d40ffa1 2579Author: Darren Tucker <dtucker@dtucker.net> 2580Date: Mon Oct 20 18:31:08 2025 +1100 2581 2582 Detect tmux at configure time and pass to tests. 2583 2584 ok djm@ 2585 2586commit 75faa8a167b5cd4453937387b15216aa3cbc52ce 2587Author: Darren Tucker <dtucker@dtucker.net> 2588Date: Mon Oct 20 18:29:24 2025 +1100 2589 2590 Update LibreSSL versions and add 4.2.0. 2591 2592commit 74369b2b7c366887211ef5c092b0aaa60f31ef11 2593Author: djm@openbsd.org <djm@openbsd.org> 2594Date: Mon Oct 20 00:45:10 2025 +0000 2595 2596 upstream: regression test for "interactive" ssh with a PTY attached, 2597 2598 using tmux 2599 2600 would have likely caught the ControlPersist regression in 10.1. 2601 2602 feedback nicm@ 2603 2604 OpenBSD-Regress-ID: d4d709c08657769cb5691893cc98f34b6f537e76 2605 2606commit a204650386124df8035b8c8613dccbe9b3158cdf 2607Author: Darren Tucker <dtucker@dtucker.net> 2608Date: Fri Oct 17 16:26:22 2025 +1100 2609 2610 Retire macos-13 runners, add Intel-specific ones. 2611 2612commit a6503f1e22aa34ac08d5b4d2b6730954ffd30116 2613Author: Darren Tucker <dtucker@dtucker.net> 2614Date: Fri Oct 17 16:23:43 2025 +1100 2615 2616 If we have nfds_t, check if it's int or long. 2617 2618 Should fix build on very old Mac OS X, eg 10.3. Spotted and patch tested 2619 by Sevan Janiyan. 2620 2621commit ce49aceba9f4b5f34a1041145782914aa35ca880 2622Author: Damien Miller <djm@mindrot.org> 2623Date: Thu Oct 16 11:15:16 2025 +1100 2624 2625 link ssh against ssh-pkcs11.o 2626 2627 Should fix PIN entry for direct use of PKCS11Provider in ssh(1) 2628 bz3879 2629 2630commit 946574b97ceae126e0f0af2db43abb454937defe 2631Author: djm@openbsd.org <djm@openbsd.org> 2632Date: Thu Oct 16 00:01:54 2025 +0000 2633 2634 upstream: regress test for PKCS#11 directly in ssh (not via ssh-agent) 2635 2636 would have caught bz3879 2637 2638 OpenBSD-Regress-ID: ceafb1e9a6c07185cc0cb0589f3170489a516123 2639 2640commit e3fdb82fb02723dbe139f9d4be274d7fddfb7983 2641Author: djm@openbsd.org <djm@openbsd.org> 2642Date: Thu Oct 16 00:00:36 2025 +0000 2643 2644 upstream: missed a case in previous 2645 2646 OpenBSD-Commit-ID: 271c5602b5e719ee3def19dbd9a33328b4fa7edc 2647 2648commit d926a84d17fb28bc94219e68575cb4847af02e9a 2649Author: djm@openbsd.org <djm@openbsd.org> 2650Date: Wed Oct 15 23:55:01 2025 +0000 2651 2652 upstream: don't try to pledge() the client if a PKCS11Provider is 2653 2654 in use 2655 2656 OpenBSD-Commit-ID: 445b2bf4b1e36e515f4d888f35244fd2dcfbb566 2657 2658commit 9c8572a357c071923569a62bd9cfb68b1f788e09 2659Author: djm@openbsd.org <djm@openbsd.org> 2660Date: Wed Oct 15 23:54:20 2025 +0000 2661 2662 upstream: mention this is for both ssh-pkcs11.c and 2663 2664 ssh-pkcs11-client.c 2665 2666 OpenBSD-Commit-ID: 26eff4b9a328fa056e98b997cb57254639e48fda 2667 2668commit a4e404a64b117a15453075ee26eb061d416e58cd 2669Author: Arnout Engelen <arnout@bzzt.net> 2670Date: Sat Jun 21 09:47:28 2025 +0200 2671 2672 mdoc2man: process `Dl` macros 2673 2674 `Dl` marks a single line as 'literal'. Since we don't output single 2675 lines differently in literal vs regular mode (we only insert line 2676 breaks for multi-line blocks in literal mode), we can just skip it. 2677 2678commit 45e2d8861bb724cfced1bf0693a6418a0cba6ab2 2679Author: Arnout Engelen <arnout@bzzt.net> 2680Date: Fri Jun 20 21:36:44 2025 +0200 2681 2682 mdoc2man: support `Ns` inside `Ic` 2683 2684 When encountering an `Ns` mdoc macro ('no space') inside an `Ic` block 2685 ('command'), such as for 'lines=number' in ssh-keygen.1, `mdoc2man` 2686 just output the macro instead of processing it. 2687 2688 This adds processing for `Ns` when seen inside an `Ic` block. 2689 2690commit 2b1761dea36c120417d8b73db8310dc09a781e6f 2691Author: Mike Frysinger <vapier@gentoo.org> 2692Date: Mon Oct 13 11:29:36 2025 -0400 2693 2694 gitignore: ignore all *~ files 2695 2696 This is a common backup style. 2697 2698commit 3ccdd9841f48e7d660f8b60c996965e9dde0a3a9 2699Author: Mike Frysinger <vapier@gentoo.org> 2700Date: Mon Oct 13 12:49:24 2025 -0400 2701 2702 bsd-misc: include sys/ioctl.h 2703 2704 This file uses ioctl() to implement some fallback functions, but 2705 doesn't include sys/ioctl.h for it. 2706 2707commit 3adc47e161901001816045c032fa61e94b0c9426 2708Author: Damien Miller <djm@mindrot.org> 2709Date: Tue Oct 14 14:52:50 2025 +1100 2710 2711 don't leak PAM handle on repeat invocations 2712 2713 Reported by Casper Dik via bz3882; ok dtucker@ 2714 2715commit a6ee0eb8cd951d0a00b2f06687c77f8f573b5985 2716Author: Darren Tucker <dtucker@dtucker.net> 2717Date: Mon Oct 13 19:02:45 2025 +1100 2718 2719 Switch OpenBSD VMs to use doas instead of sudo. 2720 2721 OpenBSD 7.3 packages have been removed from the mirrors so we can't 2722 install sudo for it any more, so switch to the native doas utility. 2723 2724commit da2f945f62e5a462381103803ee72e924bd1f137 2725Author: Damien Miller <djm@mindrot.org> 2726Date: Mon Oct 13 14:33:04 2025 +1100 2727 2728 check whether diff accepts -N 2729 2730commit cd8c96f283dbad90991edc09ade962bcfd96adc9 2731Author: djm@openbsd.org <djm@openbsd.org> 2732Date: Mon Oct 13 00:56:15 2025 +0000 2733 2734 upstream: test remote/remote recursive transfers where the source 2735 2736 path ends in ".." 2737 2738 OpenBSD-Regress-ID: 2f42078cfcee986d08b5d135968b8de6186c0003 2739 2740commit be0777ae3ef6d9deacb0e3c494674c84feac34bd 2741Author: djm@openbsd.org <djm@openbsd.org> 2742Date: Mon Oct 13 00:55:45 2025 +0000 2743 2744 upstream: test recursive transfers, including cases where the 2745 2746 source path ends in ".." 2747 2748 OpenBSD-Regress-ID: a38e3dbc86f6b7a95605784dcc601f17ede9c3f0 2749 2750commit 36a98fccaacbbf07eaf67855a8057cba724c5e91 2751Author: djm@openbsd.org <djm@openbsd.org> 2752Date: Mon Oct 13 00:55:09 2025 +0000 2753 2754 upstream: test implicit destination path selection when source path 2755 2756 ends with ".." 2757 2758 OpenBSD-Regress-ID: 42a88e7cdceee8a83879f5730199084ee4a95902 2759 2760commit 4f14ca8633a2c8c0a1a19165663421f0ab32f6ab 2761Author: djm@openbsd.org <djm@openbsd.org> 2762Date: Mon Oct 13 00:54:29 2025 +0000 2763 2764 upstream: similar to scp, fix implicit destination path selection 2765 2766 when source path ends with ".."; ok deraadt@ 2767 2768 OpenBSD-Commit-ID: 9b8d2a662d96b241293a88b3ea21f2419bfc4812 2769 2770commit 6432b9f6a216d0f5fb43df500e9bc30bebb3f58b 2771Author: djm@openbsd.org <djm@openbsd.org> 2772Date: Mon Oct 13 00:53:51 2025 +0000 2773 2774 upstream: when using the SFTP protocol for transfers, fix implicit 2775 2776 destination path selection when source path ends with ".."; ok deraadt@ 2777 bz3871 2778 2779 OpenBSD-Commit-ID: d75b3b006386c5302ed4f67c4add18464ab36a0b 2780 2781commit 30c20c901d8f665fb28edd006f6f8c1e46413051 2782Author: dtucker@openbsd.org <dtucker@openbsd.org> 2783Date: Sat Oct 11 23:39:14 2025 +0000 2784 2785 upstream: Import regenerate moduli. 2786 2787 OpenBSD-Commit-ID: 8512e01cf917dca6455be561d66db8eeb49f3f0b 2788 2789commit b6fd0e6d085ef519982c968b57fbaa9e509e1a3a 2790Author: Damien Miller <djm@mindrot.org> 2791Date: Fri Oct 10 15:23:59 2025 +1100 2792 2793 depend 2794 2795commit d6212b0b89241e96d2fea9619b2d66ea668bceaa 2796Author: djm@openbsd.org <djm@openbsd.org> 2797Date: Fri Oct 10 00:31:53 2025 +0000 2798 2799 upstream: clean up more thoroughly between tests 2800 2801 OpenBSD-Regress-ID: c8394eae7547374a8fc43d03d865539e2917ea50 2802 2803commit 9525aa3ecc6b27643fb83d8be4d61e831e357134 2804Author: djm@openbsd.org <djm@openbsd.org> 2805Date: Thu Oct 9 23:58:27 2025 +0000 2806 2807 upstream: simplify 2808 2809 OpenBSD-Regress-ID: 8e91a2a5c1eb50128de3be72118b544d73a86673 2810 2811commit e7b4b3f153713c15e3888aa50df039b2445492dd 2812Author: djm@openbsd.org <djm@openbsd.org> 2813Date: Thu Oct 9 23:26:47 2025 +0000 2814 2815 upstream: don't abuse SSHKEY_FLAG_EXT to signal that a key is in 2816 2817 the agent, as that triggers special handling on sshkey_free() 2818 2819 OpenBSD-Commit-ID: 2ae2247babd2db167a30cf7a4f7eae4f26c000a8 2820 2821commit 59a336cfd1283f512f067e01bc91bda5af253f80 2822Author: djm@openbsd.org <djm@openbsd.org> 2823Date: Thu Oct 9 23:25:23 2025 +0000 2824 2825 upstream: downgrade a useless error() -> debug() 2826 2827 OpenBSD-Commit-ID: 5b0c9bcddb324f8bed2c8e8ffe9c92d263adc2d9 2828 2829commit 649c9994e7d1995a03d8621f1412cfee90a430af 2830Author: djm@openbsd.org <djm@openbsd.org> 2831Date: Thu Oct 9 03:23:33 2025 +0000 2832 2833 upstream: silence "mm_log_handler: write: Broken pipe" logspam 2834 2835 OpenBSD-Commit-ID: bcf7c6ea509e755bd5a7cd567ff7cad725111a14 2836 2837commit fb0bf236b0237aa83a0c5b666af7bdc0423ac457 2838Author: Darren Tucker <dtucker@dtucker.net> 2839Date: Thu Oct 9 17:57:17 2025 +1100 2840 2841 Add tracking for 10.2 branch. 2842 2843commit 081b8dbbe90d81a43b5e0f1995fe59a0e319aa15 2844Author: Damien Miller <djm@mindrot.org> 2845Date: Thu Oct 9 13:12:15 2025 +1100 2846 2847 complete PKCS#11 stubs and move to ssh-pkcs11.c 2848 2849 Should unbreak --disable-pkcs11 builds 2850 2851commit ac4457787900c99ada9cc3768249291b002fa16e 2852Author: Damien Miller <djm@mindrot.org> 2853Date: Thu Oct 9 13:10:27 2025 +1100 2854 2855 some fixes to p11_setup 2856 2857 1. Use the ssh-keygen under test and not the one in $PATH 2858 2. Include a test PKCS#11 operation to ensure that the P11 stack is 2859 working correctly. 2860 2861 Previously, it was possible for p11_setup to return success on 2862 configurations with PKCS#11 support disabled. 2863 2864commit 3470f465c6f5c7c371e73927ebb403dd7ba05893 2865Author: Damien Miller <djm@mindrot.org> 2866Date: Thu Oct 9 10:07:40 2025 +1100 2867 2868 link ssh-keygen directly against ssh-pkcs11.c 2869 2870 Matches what OpenBSD does and fixes ssh-keygen regression in 2871 certifying keys using a CA key hosted via ssh-agent (bz3877) 2872 2873commit 0f3b8fd68a29766697d7a709bae8b0a61da6cff2 2874Author: djm@openbsd.org <djm@openbsd.org> 2875Date: Wed Oct 8 21:48:40 2025 +0000 2876 2877 upstream: When tab-completing a filename, ensure that the completed 2878 2879 string does not end up mid-way through a multibyte character, as this will 2880 cause a fatal() later on. 2881 2882 based on GHPR#587 from @TaoistBrickscarrier; feedback tb@ kevlo@ 2883 ok dtucker@ 2884 2885 OpenBSD-Commit-ID: efb977164b4e20d61204a66201a7592ba8291362 2886 2887commit 0118c30acaff308deb089fc25fe98ef59a149ca5 2888Author: djm@openbsd.org <djm@openbsd.org> 2889Date: Wed Oct 8 21:02:16 2025 +0000 2890 2891 upstream: fix crash at exit (visible via ssh-keygen -D) when 2892 2893 multiple keys loaded. ok markus deraadt dtucker 2894 2895 OpenBSD-Commit-ID: baa9763ec69d162108dafd962792ec5610ff45c9 2896 2897commit 64ea9e95256203f30f98a6896f4721fd223106aa 2898Author: djm@openbsd.org <djm@openbsd.org> 2899Date: Wed Oct 8 00:32:52 2025 +0000 2900 2901 upstream: openssh-10.2 2902 2903 The only change since 10.1 is the channels.c fix 2904 2905 OpenBSD-Commit-ID: 5eebeb0db14c694efd4ee96b5f16112e3e5d5ba9 2906 2907commit bcf7c05a473f92a35f4f3b561fd7a1e339e0a30f 2908Author: Darren Tucker <dtucker@dtucker.net> 2909Date: Wed Oct 8 11:26:52 2025 +1100 2910 2911 Fix header name and move return outside of ifdef. 2912 2913 Fixes from Mike Frysinger via Github PR#597. 2914 2915commit b937061fe4922caced7b91442b3233c0bd763492 2916Author: Darren Tucker <dtucker@dtucker.net> 2917Date: Tue Oct 7 21:10:33 2025 +1100 2918 2919 Check HAVE_MMAP too now that configure sets it. 2920 2921commit 8d57083c062f03098c9f767ec8d6278dc549a2f6 2922Author: Darren Tucker <dtucker@dtucker.net> 2923Date: Tue Oct 7 21:07:05 2025 +1100 2924 2925 Use calloc for sshkeys if mmap is not supported. 2926 2927 Based on Github PR#597 from Mike Frysinger, any bugs added by me. 2928 2929commit c97b931bffa481c72ff4bfddd9d59a2110899289 2930Author: Darren Tucker <dtucker@dtucker.net> 2931Date: Tue Oct 7 20:25:07 2025 +1100 2932 2933 Add fcntl.h to includes. 2934 2935 From FreeBSD via bz#3874: "This was previously included due to nested 2936 includes in Heimdal's headers. Without this, the build fails with an 2937 error due to redefining AT_FDCWD." 2938 2939commit 8aa13832315e52c4404c993a59c6139b44ac6114 2940Author: Daan De Meyer <daan.j.demeyer@gmail.com> 2941Date: Mon Mar 20 20:22:14 2023 +0100 2942 2943 Only set PAM_RHOST if the remote host is not "UNKNOWN" 2944 2945 When using sshd's -i option with stdio that is not a AF_INET/AF_INET6 2946 socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then 2947 set as the value of PAM_RHOST, causing pam to try to do a reverse DNS 2948 query of "UNKNOWN", which times out multiple times, causing a 2949 substantial slowdown when logging in. 2950 2951 To fix this, let's only set PAM_RHOST if the hostname is not "UNKNOWN". 2952 2953commit 0bd6649ea80ead0cd6404dbc25b64937421b556e 2954Author: Darren Tucker <dtucker@dtucker.net> 2955Date: Tue Oct 7 20:10:56 2025 +1100 2956 2957 Don't copy native host keys for hostbased test. 2958 2959 Some github runners (notably macos-14) seem to have host keys where 2960 public and private do not match, so generate our own keys for testing 2961 purposes. 2962 2963commit 33b63718d40ccc555b8c7a24331a3790b2efc6c5 2964Author: Darren Tucker <dtucker@dtucker.net> 2965Date: Tue Oct 7 20:10:07 2025 +1100 2966 2967 Add 10.1 branch to ci-status page. 2968 2969commit 52411f15353257e9ec883fc044b7a56b6fca242d 2970Author: Darren Tucker <dtucker@dtucker.net> 2971Date: Tue Oct 7 20:04:40 2025 +1100 2972 2973 Add clock_gettime compat shim. 2974 2975 This fixes the build on macOS prior to 10.12 Sierra, since it does not 2976 have it. Found and tested by Sevan Janiyan. 2977 2978commit beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 2979Author: djm@openbsd.org <djm@openbsd.org> 2980Date: Tue Oct 7 08:02:32 2025 +0000 2981 2982 upstream: don't reuse c->isatty for signalling that the remote channel 2983 2984 has a tty attached as this causes side effects, e.g. in channel_handle_rfd(). 2985 bz3872 2986 2987 ok markus@ 2988 2989 OpenBSD-Commit-ID: 4cd8a9f641498ca6089442e59bad0fd3dcbe85f8 2990 2991commit 476bab6259d5a6ea0402ec79bc47ed61e2c15e86 2992Author: Damien Miller <djm@mindrot.org> 2993Date: Mon Oct 6 12:52:25 2025 +1100 2994 2995 depend 2996 2997commit af956575eba6bf6b6d6bc817e1aa6ed73a365984 2998Author: Damien Miller <djm@mindrot.org> 2999Date: Mon Oct 6 12:51:13 2025 +1100 3000 3001 update versions 3002 3003commit 2fd0945913a30fbbe7c02503347961df03f28e66 3004Author: Damien Miller <djm@mindrot.org> 3005Date: Mon Oct 6 12:48:16 2025 +1100 3006 3007 sync ssh-copy-id to upstream version 527be673f4d 3008 3009commit 981bb32bc6062fa5d6f11de7ffb732967463bf57 3010Author: djm@openbsd.org <djm@openbsd.org> 3011Date: Mon Oct 6 01:45:22 2025 +0000 3012 3013 upstream: openssh-10.1 3014 3015 OpenBSD-Commit-ID: 2a232c2d2fc05a23519f69bc29e6d8c076b97d97 3016 3017commit b9a640a1a0dccfb56be684cc7ade402f57cf7ebd 3018Author: dtucker@openbsd.org <dtucker@openbsd.org> 3019Date: Fri Oct 3 01:03:45 2025 +0000 3020 3021 upstream: If write() returned short, the subsequent write would restart 3022 3023 from the beginning of the buffer not the end of what was written. Fix, since 3024 we want modpipe to corrupt data for testing purposes deliberately not 3025 accidentally. ok djm@ 3026 3027 OpenBSD-Regress-ID: 50ca74d287445c58944f070bb92dc13b1d054b43 3028 3029commit a0e5446ac85aca5a3ef9844eeedf787300fdb8b3 3030Author: naddy@openbsd.org <naddy@openbsd.org> 3031Date: Sat Oct 4 21:41:35 2025 +0000 3032 3033 upstream: typos: a ssh* -> an ssh* 3034 3035 ok dtucker@ 3036 3037 OpenBSD-Commit-ID: a70fd2e1b23089260e8f5a7921b0debc06b011cb 3038 3039commit ade92f53c3bd4ad7dcd95334a194add57ec9ff71 3040Author: djm@openbsd.org <djm@openbsd.org> 3041Date: Fri Oct 3 00:09:26 2025 +0000 3042 3043 upstream: stray newline 3044 3045 OpenBSD-Commit-ID: b47ed4fa93b781c7ec8ae2936526a290f4e17e1f 3046 3047commit a9cbe10da2be5be76755af0cea029db0f9c1f263 3048Author: djm@openbsd.org <djm@openbsd.org> 3049Date: Fri Oct 3 00:08:02 2025 +0000 3050 3051 upstream: include openssl/bn.h explicitly in files where we use BN_* 3052 3053 makes things simpler for portable; from Mike Frysinger 3054 3055 OpenBSD-Commit-ID: 717e93403fd1108e175afd7451b5a4ab46a598fe 3056 3057commit 3957cc2914cdc88932c972413853f8b68c1ffba5 3058Author: dtucker@openbsd.org <dtucker@openbsd.org> 3059Date: Thu Oct 2 08:38:43 2025 +0000 3060 3061 upstream: Relax array check slightly. Prevents compiler warnings 3062 3063 in -portable when there are no kbdint devices present. ok djm@ 3064 3065 OpenBSD-Commit-ID: c1c050cecd642d6073c792201908fd225191df93 3066 3067commit 6a239b057be2897d7a597daaf5394f2e7312dc65 3068Author: djm@openbsd.org <djm@openbsd.org> 3069Date: Thu Oct 2 04:23:11 2025 +0000 3070 3071 upstream: backout r1.243 (fix for fatal during tab-completion with 3072 3073 some multibyte sequences) as it breaks the common case for tab completion. 3074 3075 Will deal with it properly after release. 3076 3077 OpenBSD-Commit-ID: 196d00f5ff19579214de45357f16a1fb2d624be1 3078 3079commit b9f6a84ea383d811216de38219472214963c10b2 3080Author: Darren Tucker <dtucker@dtucker.net> 3081Date: Thu Oct 2 10:48:04 2025 +1000 3082 3083 Pass COMPATINCLUDES down to openbsd-compat too. 3084 3085 Fixes build on Solaris, AIX and probably others. 3086 3087commit 047e0221eaf9815775e8ea78c6d6add5ab0f68c7 3088Author: Darren Tucker <dtucker@dtucker.net> 3089Date: Wed Oct 1 14:34:02 2025 +1000 3090 3091 Pass new "compat includes" path via AC_SUBST. 3092 3093 This fixes the build when the directory path containing a space. 3094 Found by Sevan Janiyan, tested by Job Snijders. This doesn't fix 3095 "make tests", however that is a different, pre-existing problem 3096 that needs to be addressed separately. 3097 3098commit 5c50ddbe4deac83995edc1d014e9ba0d5efa18a6 3099Author: Darren Tucker <dtucker@dtucker.net> 3100Date: Wed Oct 1 13:37:35 2025 +1000 3101 3102 Remove compat "include" dir during distclean. 3103 3104commit aceabd62ce5833716dd2e99d4be4fcb603d263cc 3105Author: dtucker@openbsd.org <dtucker@openbsd.org> 3106Date: Wed Oct 1 00:33:37 2025 +0000 3107 3108 upstream: Set keys to NULL after freeing in tests where the 3109 3110 variables will be used again. Should prevent Coverity "potential use after 3111 free" warnings. 3112 3113 OpenBSD-Regress-ID: 24d141657d25977e41dfb0c58e9b74ab093972bf 3114 3115commit eb30a0d1493a97b5c14728846576dc6af5d442da 3116Author: dtucker@openbsd.org <dtucker@openbsd.org> 3117Date: Wed Oct 1 00:30:19 2025 +0000 3118 3119 upstream: Get rid of utf8 droppings in commment since it confuses 3120 3121 older shells. From Sevan Janiyan via openssh-unix-dev. 3122 3123 OpenBSD-Regress-ID: 67c11a5cff6ef23538c77e9b29d538e175e6cfe3 3124 3125commit d478e250230e917eeb5032238df0b9af357404ee 3126Author: Darren Tucker <dtucker@dtucker.net> 3127Date: Wed Oct 1 12:17:54 2025 +1000 3128 3129 Update OpenSSL & LibreSSL versions we test against. 3130 3131commit 2c504a74ed81d13c8198a89ed1040d0fc5f73129 3132Author: djm@openbsd.org <djm@openbsd.org> 3133Date: Tue Sep 30 00:10:42 2025 +0000 3134 3135 upstream: during sftp uploads, avoid a condition where a failed write 3136 3137 could be ignored if a subsequent write succeeded. 3138 3139 This is unlikely but technically possible because sftp servers are 3140 allowed to reorder requests. 3141 3142 Reported by Graziano Stefani, ok tb@ 3143 3144 OpenBSD-Commit-ID: 03904bce2c7f787223d01d7e1179fde15753eca3 3145 3146commit 1f7556753869654ba5e2bf61e384c5da2db5ca6a 3147Author: djm@openbsd.org <djm@openbsd.org> 3148Date: Tue Sep 30 00:06:06 2025 +0000 3149 3150 upstream: avoid a fatal() when sftp tab-completes filenames that 3151 3152 share common utf-8 characters that don't encode to a complete codepoint 3153 3154 from menthu.zhou via GHPR#587; ok dtucker@ 3155 3156 OpenBSD-Commit-ID: e07e4d8a8cac032ab536570b8214e6ef6839b585 3157 3158commit 42b14ff1e06fd683c7d15a6b2816c16108873a5a 3159Author: djm@openbsd.org <djm@openbsd.org> 3160Date: Tue Sep 30 00:03:09 2025 +0000 3161 3162 upstream: fix memory leak in mux_client_request_stdio_fwd GHPR#575 3163 3164 by Boris Tonofa; ok dtucker 3165 3166 OpenBSD-Commit-ID: 410cdd05242304bd0196b9172ce5fcaf89d2d8ce 3167 3168commit e5055ef26abcffd3f99669e411ea6b35ca166111 3169Author: Allison Karlitskaya <allison.karlitskaya@redhat.com> 3170Date: Wed Sep 3 20:07:55 2025 +0200 3171 3172 Don't log audit messages with UNKNOWN hostname 3173 3174 The `host` parameter to audit_log_acct_message() is documented as 3175 follows: 3176 3177 host - The hostname if known. If not available pass a NULL. 3178 3179 but we pass the string "UNKNOWN" in case we don't know the hostname. 3180 Make sure we pass NULL instead. 3181 3182 This avoids having the audit system attempt to perform a DNS lookup on 3183 the hostname "UNKNOWN", which tends to result in long delays when 3184 attempting to login. 3185 3186commit d343df4019b4369ce7f87e9bf6bbc80b81cd263d 3187Author: zhangjun <zhangjun-tc@dfmc.com.cn> 3188Date: Fri Aug 22 16:49:07 2025 +0800 3189 3190 ensure struct passwd fields are non-NULL in pwcopy 3191 3192 Android libc can return NULL pw_gecos, for example. 3193 3194commit 893a579e4b37e6bd89d206dc8e7ac2a906ccf114 3195Author: dtucker@openbsd.org <dtucker@openbsd.org> 3196Date: Mon Sep 29 21:37:52 2025 +0000 3197 3198 upstream: Add explicit check for array overflow. 3199 3200 The array is bounded by a NULL sentinel which already prevents this, 3201 however since we check the bit vector for overflow Coverity assumes that 3202 check is for the devices array and flags it as a potential overflow. 3203 Adding this additional check on the array placates CID 896018. ok djm@ 3204 deraadt@ 3205 3206 OpenBSD-Commit-ID: e92fff41341b38e4206a70655cc9acaaa032ebee 3207 3208commit 90f49a185ac1a786d9f7e9a710b369afb3692a65 3209Author: dtucker@openbsd.org <dtucker@openbsd.org> 3210Date: Mon Sep 29 21:30:15 2025 +0000 3211 3212 upstream: Move ifdef to start of file. Removes diff vs portable. 3213 3214 OpenBSD-Commit-ID: 55058ac3d477e4c696575039f5b275522b99ffea 3215 3216commit 2f71b44d48dc8da7fb743d6ffe609aea5a645edb 3217Author: dtucker@openbsd.org <dtucker@openbsd.org> 3218Date: Mon Sep 29 21:29:22 2025 +0000 3219 3220 upstream: Include misc.h. Removes diff vs portable. 3221 3222 OpenBSD-Commit-ID: 8aa48451fe5c37f04a339450c4ed9cfb8f4c288f 3223 3224commit dfb991bdd826517bbce1cf62ce07bcb3e48a2f27 3225Author: dtucker@openbsd.org <dtucker@openbsd.org> 3226Date: Mon Sep 29 21:28:33 2025 +0000 3227 3228 upstream: Sort headers as per KNF. Removes diff vs portable. 3229 3230 OpenBSD-Commit-ID: 55f5b9eaeb826a25cfb506a78136094275a71bcb 3231 3232commit c82f4dd6b723a8365b4c538d7c99fe8e46985ed0 3233Author: dtucker@openbsd.org <dtucker@openbsd.org> 3234Date: Mon Sep 29 07:40:55 2025 +0000 3235 3236 upstream: Null out keys after freeing in tests in the case where we 3237 3238 potentially reuse the variable. Fixes Coverity CID 405057. 3239 3240 OpenBSD-Regress-ID: c52e86502b33bfa6e448448a74a0217dd519dd58 3241 3242commit fda31e1e5179b4e70c27094ebb303ee47c11a5a7 3243Author: djm@openbsd.org <djm@openbsd.org> 3244Date: Mon Sep 29 03:17:54 2025 +0000 3245 3246 upstream: avoid spurious error message when loading certificates 3247 3248 only bz3869 3249 3250 OpenBSD-Commit-ID: e7848fec50d15cc142fed946aa8f79abef3c5be7 3251 3252commit bcd88ded2fff97652d4236405a3354ca66f90f7e 3253Author: djm@openbsd.org <djm@openbsd.org> 3254Date: Mon Sep 29 02:32:15 2025 +0000 3255 3256 upstream: kbd-interactive device names should be matched against 3257 3258 the full device name, not a prefix. Doesn't matter in practice as there is 3259 only one kbd-int device supported (PAM xor BSD auth), and an attacker would 3260 still need to successfully authenticate against an incorrectly-selected 3261 device. 3262 3263 reported by ashamedbit, NobleMathews; ok deraadt@ 3264 3265 OpenBSD-Commit-ID: cf75d4f99405fbb41354c4ae724a3b39a3b58f82 3266 3267commit b1c4bf5c2f1c2b30698dbaadc5d823862213f1fc 3268Author: jsg@openbsd.org <jsg@openbsd.org> 3269Date: Thu Sep 25 12:52:21 2025 +0000 3270 3271 upstream: avoid use-after-free in update_krl_from_file() found with 3272 3273 clang scan-build, ok dtucker@ 3274 3275 OpenBSD-Commit-ID: 8ec86eca573740c94d5bc7e252959174555f4eb8 3276 3277commit b06a150bc903a0cf898406384d5a34059d0f2d8f 3278Author: Darren Tucker <dtucker@dtucker.net> 3279Date: Sat Sep 27 20:20:34 2025 +1000 3280 3281 Stop testing OpenBSD ubsan until fixed upstream. 3282 3283commit 97b32fa2af25c16aec4de85c5cbb63fd038b4dfa 3284Author: dtucker@openbsd.org <dtucker@openbsd.org> 3285Date: Fri Sep 26 04:40:45 2025 +0000 3286 3287 upstream: Use $OBJ for temp file in maxstartups idempotence test. 3288 3289 Fixes test in -portable when run out-of-tree. 3290 3291 OpenBSD-Regress-ID: 8578be08238af4abe2dc91af1c199f7f71f1a7a2 3292 3293commit b4ceca952b85752958d849508294afdc56dfcb9f 3294Author: Darren Tucker <dtucker@dtucker.net> 3295Date: Fri Sep 26 22:28:13 2025 +1000 3296 3297 Shorten workflow names to fit in a single line. 3298 3299commit 9824ec515ed6256c1a98d66049471053f965b75e 3300Author: Darren Tucker <dtucker@dtucker.net> 3301Date: Fri Sep 26 22:26:33 2025 +1000 3302 3303 Update link to oss-fuzz bug tracker. 3304 3305 Remove 9.8 branch. 3306 3307commit 37d996bd0537837f15fc540d5aebb1ef2faf2268 3308Author: dtucker@openbsd.org <dtucker@openbsd.org> 3309Date: Thu Sep 25 22:17:29 2025 +0000 3310 3311 upstream: Check return codes of sshbuf functions. 3312 3313 Fixes Coverity CIDs 405059 and 405061. 3314 3315 OpenBSD-Regress-ID: defa55d32892172251bbd5efd15731ce55888247 3316 3317commit 6c3c9f03c3c2cc4e40decbb49b8486abfb9e57df 3318Author: Darren Tucker <dtucker@dtucker.net> 3319Date: Fri Sep 26 08:23:21 2025 +1000 3320 3321 Replace hand-rolled modulo with arc4random_uniform. 3322 3323 Fixes potential modulo-by-zero UB flagged by Coverity CID 405068 3324 3325commit e914e61eb88e22e5b725c399698256c54589ca32 3326Author: Darren Tucker <dtucker@dtucker.net> 3327Date: Thu Sep 25 17:50:07 2025 +1000 3328 3329 Remove status bits from OpenSSL >=3 version check. 3330 3331 OpenSSL traditionally did not guarantee ABI compatibility across release 3332 (and development) versions. Because of this, OpenSSH checked the lower 4 3333 "status" bits returned by OpenSSL_version_num(), which were originally 3334 set to 0 for development versions and 0xf for release versions and, if 3335 they did not match, would report the discrepancy and exit. 3336 3337 OpenSSL (unintentionally) changed these bits in the 3.0.0 and subsequent 3338 3.x releases, setting them to zero in the release versions (which happened 3339 to also match the documentation), then changed them back in the 3.5.3 3340 release. If OpenSSL was upgraded to (or from) this version without 3341 recompiling OpenSSH, it would cause OpenSSH flag it as potentially 3342 incompatible and refuse to use it. Ultimately OpenSSL rolled this 3343 back, but the check now has no value so is being removed for OpenSSL 3344 versions >=3. 3345 3346 bz#3865 and https://github.com/openssl/openssl/issues/28575, ok djm@ 3347 3348commit 35f3e2a41c2afe7a68a8a4efb3eb385e7f8d247d 3349Author: Darren Tucker <dtucker@dtucker.net> 3350Date: Thu Sep 25 18:06:55 2025 +1000 3351 3352 Update pledge() interface to match current OpenBSD. 3353 3354 ok djm@ 3355 3356commit 7ce3823547578a3b083085744c1fea39237197a2 3357Author: Darren Tucker <dtucker@dtucker.net> 3358Date: Tue Sep 23 22:12:19 2025 +1000 3359 3360 Merge all putty tests into a single test. 3361 3362 The lets us reuse the built OpenSSH binaries and replaces 12*4min of 3363 tests with a single 14min one. 3364 3365commit 1362f6c0f4ca3306a201a6572bb9ec0d47d8edb3 3366Author: Darren Tucker <dtucker@dtucker.net> 3367Date: Thu Sep 25 18:20:53 2025 +1000 3368 3369 Add #ifdefs in pwfree to match those in pwcopy. 3370 3371 Fixes build on many platforms. 3372 3373commit 8235dc3d82c0ac347a3600df0907c6573720fbaa 3374Author: djm@openbsd.org <djm@openbsd.org> 3375Date: Thu Sep 25 07:05:11 2025 +0000 3376 3377 upstream: fix some one-off leaks in ssh.c; ok dtucker@ 3378 3379 OpenBSD-Commit-ID: bf3c27ffe4b3cccb6553b554ec4c04929065a2bc 3380 3381commit 846987d1233f24bbe87ebed347e328f45525388a 3382Author: djm@openbsd.org <djm@openbsd.org> 3383Date: Thu Sep 25 07:04:38 2025 +0000 3384 3385 upstream: fix some one-off leaks in ssh-keygen; ok dtucker@ 3386 3387 OpenBSD-Commit-ID: 32f51289c93246474659aa49067926fcab9e02e8 3388 3389commit a1a7df8b3694fdd7b55ad6bb8fa7b3d5d7f5b89a 3390Author: djm@openbsd.org <djm@openbsd.org> 3391Date: Thu Sep 25 07:00:43 2025 +0000 3392 3393 upstream: fix some leaks in ssh-add; feedback/ok dtucker@ 3394 3395 OpenBSD-Commit-ID: 441302917de31a128c1d6d63acccc67042fcf349 3396 3397commit a8a2702bcd9e81a086e6d2c278f1b62f9d8bf3a1 3398Author: djm@openbsd.org <djm@openbsd.org> 3399Date: Thu Sep 25 06:57:54 2025 +0000 3400 3401 upstream: fix some leaks; feedback/ok dtucker@ 3402 3403 OpenBSD-Commit-ID: 05bdbc2e494b87a4a79e509020bd8249c86a4ff0 3404 3405commit a071af0682d686de85cf471f5e04deaee4d90adb 3406Author: djm@openbsd.org <djm@openbsd.org> 3407Date: Thu Sep 25 06:45:50 2025 +0000 3408 3409 upstream: wait for the unprivileged sshd-auth process to exit 3410 3411 before closing the fd it uses to report log messages 3412 3413 This avoids a race where the child process notices the 3414 fd was closed before exiting and spams the logs. 3415 3416 ok dtucker@ 3417 3418 OpenBSD-Commit-ID: 7cddaa41be3b955e6bed570900db7ab8817b1e76 3419 3420commit 4fddebe7f524b3403c876c3b399d5ce7ce3390a6 3421Author: djm@openbsd.org <djm@openbsd.org> 3422Date: Thu Sep 25 06:33:19 2025 +0000 3423 3424 upstream: add some functions to free various structs, including 3425 3426 channels data and packet state; ok dtucker@ tb@ 3427 3428 OpenBSD-Commit-ID: a8b3705309d632cdae370d4147a03e703087b0d1 3429 3430commit d0c1e73d408a24b2db18c0aa1a0108bea0f24210 3431Author: djm@openbsd.org <djm@openbsd.org> 3432Date: Thu Sep 25 06:31:42 2025 +0000 3433 3434 upstream: fix leaks of config objects in 3435 3436 mm_decode_activate_server_options ok dtucker@ tb@ 3437 3438 OpenBSD-Commit-ID: 211f4d7d02e847bd1bcb460f6beb11658809a742 3439 3440commit b62aa85dcbc8f03bf91d26d14fbf8fd5e172d882 3441Author: djm@openbsd.org <djm@openbsd.org> 3442Date: Thu Sep 25 06:25:38 2025 +0000 3443 3444 upstream: clarify intent and avoid (harmess, defined behaviour) 3445 3446 unsigned underflow. ok tb@ 3447 3448 OpenBSD-Commit-ID: b73bf5f1f381c3e4561a6cc706fb1cd77c939cd8 3449 3450commit 6f28a935cc7d073e6647643e81d98b5831df204f 3451Author: jsg@openbsd.org <jsg@openbsd.org> 3452Date: Thu Sep 25 06:23:19 2025 +0000 3453 3454 upstream: consistently use NULL for null pointer constants found 3455 3456 with sparse, ok djm@ 3457 3458 OpenBSD-Commit-ID: 1067504b63732d809d0d57ad4bc626818d112772 3459 3460commit 0af7e5b690e2cfe8824f04f154b0e543509dbefd 3461Author: jsg@openbsd.org <jsg@openbsd.org> 3462Date: Thu Sep 25 02:15:39 2025 +0000 3463 3464 upstream: remove unneeded externs ok djm@ 3465 3466 OpenBSD-Commit-ID: fe553193e910a122505142a4e1db7358cc1ae653 3467 3468commit ae62a16118bb96a8e449ef25f5e55ef86a52cefb 3469Author: jsg@openbsd.org <jsg@openbsd.org> 3470Date: Thu Sep 25 02:12:16 2025 +0000 3471 3472 upstream: remove prototype for removed ssh_packet_set_tos() ok 3473 3474 djm@ 3475 3476 OpenBSD-Commit-ID: 396f82995074ef4d7b9ce44168266ef4640d9985 3477 3478commit d8588478850463f8945aa18d0358b2b227f8b57a 3479Author: jsg@openbsd.org <jsg@openbsd.org> 3480Date: Wed Sep 24 00:51:28 2025 +0000 3481 3482 upstream: spelling; ok dtucker@ 3483 3484 OpenBSD-Commit-ID: 93870117b0153859dd8baa80b97e44d4558c786b 3485 3486commit eff358890a7cab1e7c2fec62e5b9914d2c1c8703 3487Author: Darren Tucker <dtucker@dtucker.net> 3488Date: Tue Sep 23 16:51:34 2025 +1000 3489 3490 Merge VM tests into a single workflow file. 3491 3492 Should make it easier to manage, although it may cause a few extra runs. 3493 3494commit d00015d21190517a1f505eb8120f716b1c2e4055 3495Author: Darren Tucker <dtucker@dtucker.net> 3496Date: Tue Sep 23 16:38:45 2025 +1000 3497 3498 Test openssl-3.6 branch not beta1. 3499 3500commit 31fce4fc5aaf79b9a4bccf09467e86c56b482bde 3501Author: Darren Tucker <dtucker@dtucker.net> 3502Date: Tue Sep 23 15:51:14 2025 +1000 3503 3504 Test openssl-3.6.0-beta1. 3505 3506commit b94e7251a17a497669e825cb70ac79c96bdc3472 3507Author: Darren Tucker <dtucker@dtucker.net> 3508Date: Tue Sep 23 11:32:57 2025 +1000 3509 3510 Specify rpath when building OpenSSL. 3511 3512commit 83853aa5e35f3da0690bccd2983764d4e749a670 3513Author: Darren Tucker <dtucker@dtucker.net> 3514Date: Mon Sep 22 15:26:17 2025 +1000 3515 3516 Factor out OpenSSL install and test more versions. 3517 3518 Move OpenSSL installation into its own script with a "-a" option to 3519 install the "next" version to test for ABI compatibility. 3520 3521commit 2c1d38f7ffc8b8ec244bfe17ec8a85b3d737dcab 3522Author: Darren Tucker <dtucker@dtucker.net> 3523Date: Mon Sep 22 16:55:49 2025 +1000 3524 3525 Exclude generated openbsd-compat/include directory. 3526 3527commit 67b3ed101a18348b564507f55e3ed4b7e0d23ff9 3528Author: Darren Tucker <dtucker@dtucker.net> 3529Date: Sat Sep 20 15:07:36 2025 +1000 3530 3531 Add OpenSSL 3.x ABI cross-compatibility test. 3532 3533commit c682c9f45a10ee0dc37fd716cfccd42271f92ddc 3534Author: Darren Tucker <dtucker@dtucker.net> 3535Date: Sat Sep 20 15:05:19 2025 +1000 3536 3537 Add tests for OpenSSL 3.4 and 3.5 versions. 3538 3539commit 1659d0ac095608b809fd3173d2c48b7b39d40b02 3540Author: Darren Tucker <dtucker@dtucker.net> 3541Date: Sat Sep 20 15:53:04 2025 +1000 3542 3543 Build OpenSSL with -j4 to speed it up. 3544 3545commit ca9ac1109e2c875ea33da6818c1841aa2181e962 3546Author: Darren Tucker <dtucker@dtucker.net> 3547Date: Sat Sep 20 15:16:30 2025 +1000 3548 3549 Rerun tests if run_tests.sh changes. 3550 3551commit bc328144f149af07139a0f2c1329018cd85b86b7 3552Author: djm@openbsd.org <djm@openbsd.org> 3553Date: Fri Sep 19 01:32:45 2025 +0000 3554 3555 upstream: log at level INFO when PerSourcePenalties actually blocks 3556 3557 access to a source address range. Previously this was logged at level 3558 VERBOSE, which hid enforcement actions under default config settings. 3559 3560 ok dtucker, markus 3561 3562 OpenBSD-Commit-ID: ea2b0d7c2253ff5205719d74b526cf2870df894d 3563 3564commit 80993390bed15bbd1c348f3352e55d0db01ca0fd 3565Author: Darren Tucker <dtucker@dtucker.net> 3566Date: Wed Sep 17 17:41:41 2025 +1000 3567 3568 Whitespace. 3569 3570commit fc704057ce6b75637645a4b9c917565b3563e21b 3571Author: Darren Tucker <dtucker@dtucker.net> 3572Date: Wed Sep 17 17:33:25 2025 +1000 3573 3574 Move Gihub VMs to their own status line. 3575 3576commit 2202e5f9008003044cac01ed70d83deec42ad4e0 3577Author: Darren Tucker <dtucker@dtucker.net> 3578Date: Tue Sep 16 23:00:14 2025 +1000 3579 3580 Use relative URLs for status 3581 3582commit 7c32e09ea3e5c7e1fa0b7e2d4ddc83f8beadafed 3583Author: Darren Tucker <dtucker@dtucker.net> 3584Date: Mon Sep 15 17:21:15 2025 +1000 3585 3586 Add VM test targets via vmaction on Github. 3587 3588commit a4aa090a3d40dddb07d5ebebc501f6457541a501 3589Author: djm@openbsd.org <djm@openbsd.org> 3590Date: Mon Sep 15 03:00:22 2025 +0000 3591 3592 upstream: memory leaks in unit tests 3593 3594 OpenBSD-Regress-ID: af11ac7b8034b99ca324af4dae1ef5cd7700b273 3595 3596commit 6f5942454ad6756355f3b4983ab882cf15e44440 3597Author: djm@openbsd.org <djm@openbsd.org> 3598Date: Mon Sep 15 05:17:37 2025 +0000 3599 3600 upstream: fix leaks of struct sftp_conn in scp; ok dtucker@ 3601 3602 OpenBSD-Commit-ID: 76bea50b5b87b750c3771bf80feb6067d994a9d2 3603 3604commit 52f38c76fcb38dfe619d8caa3bb4bb782c785026 3605Author: djm@openbsd.org <djm@openbsd.org> 3606Date: Mon Sep 15 04:52:41 2025 +0000 3607 3608 upstream: leak of principals file lines; ok dtucker@ 3609 3610 OpenBSD-Commit-ID: 918bf1b70e5a969059300f3c23d45911690d9015 3611 3612commit b9464cee0fd084d89d91696a17b3621b4cf512bf 3613Author: djm@openbsd.org <djm@openbsd.org> 3614Date: Mon Sep 15 04:52:12 2025 +0000 3615 3616 upstream: leak of authentication options at exit; ok dtucker@ 3617 3618 OpenBSD-Commit-ID: ba559799c2ff9b10afc3abefb1797c0843a6ff24 3619 3620commit 0bb37080c86674de7cdfb56c80add3cd316c68a8 3621Author: djm@openbsd.org <djm@openbsd.org> 3622Date: Mon Sep 15 04:51:35 2025 +0000 3623 3624 upstream: memleak of keys not used for authentication; ok 3625 3626 dtucker@ 3627 3628 OpenBSD-Commit-ID: ddfda79d243150fbd382d8f2cd75a90a072b3669 3629 3630commit ee99f6e93e0ee90eedbd27ffb9b7f9fef7b98010 3631Author: djm@openbsd.org <djm@openbsd.org> 3632Date: Mon Sep 15 04:50:42 2025 +0000 3633 3634 upstream: memleak of certificate path; ok dtucker@ 3635 3636 OpenBSD-Commit-ID: 90dc5390f2756ba339e2e6df54d4b8651d64c1e7 3637 3638commit 42fc6b6f9fbf58293b070f4de377c7695c275a8a 3639Author: djm@openbsd.org <djm@openbsd.org> 3640Date: Mon Sep 15 04:49:41 2025 +0000 3641 3642 upstream: memleak of hostkey when downgrading host cert->key; ok 3643 3644 dtucker 3645 3646 OpenBSD-Commit-ID: f6f1f38a8ec144fb615434f6877066cf4610b826 3647 3648commit bc60bd55cbc1f8139c840668733b51475cbefd93 3649Author: djm@openbsd.org <djm@openbsd.org> 3650Date: Mon Sep 15 04:49:00 2025 +0000 3651 3652 upstream: memleak of editline history; ok dtucker@ 3653 3654 OpenBSD-Commit-ID: a244c54eb074cf7fbe28f7ac4f03ace270f7a999 3655 3656commit ee77ab9b2ca2d70daf8d4352f5daffa8036ece64 3657Author: djm@openbsd.org <djm@openbsd.org> 3658Date: Mon Sep 15 04:48:29 2025 +0000 3659 3660 upstream: memleak of rfwd callback context; ok dtucker@ 3661 3662 OpenBSD-Commit-ID: 70b2aafeaace90703dd16a44a2a0b723d9155f33 3663 3664commit 0088b3f0ab2c615ae95b9f374963abaa0ab837ec 3665Author: djm@openbsd.org <djm@openbsd.org> 3666Date: Mon Sep 15 04:47:49 2025 +0000 3667 3668 upstream: memleaks of request packet and hostkeys blob; ok 3669 3670 dtucker@ 3671 3672 OpenBSD-Commit-ID: 313b13a8e36b4ca8e064ee56792e67e0670a386a 3673 3674commit d68451a25808c4eee74b898873cd4761f73651ed 3675Author: djm@openbsd.org <djm@openbsd.org> 3676Date: Mon Sep 15 04:41:20 2025 +0000 3677 3678 upstream: memleak of KRL revoked certs struct; ok dtucker 3679 3680 OpenBSD-Commit-ID: f319868e0b2de49c41c735e75b87c403f009f5f9 3681 3682commit 67940cc2f329427d3acb64d4893faf4527e58d5c 3683Author: djm@openbsd.org <djm@openbsd.org> 3684Date: Mon Sep 15 04:40:34 2025 +0000 3685 3686 upstream: memleak of kex->server_sig_algs; ok dtucker@ 3687 3688 OpenBSD-Commit-ID: 41a3f64edd2c9b8addb2e445514ae25c24819e2c 3689 3690commit fae8e41741d23298c94a1ea3ef8704a1cc186cb5 3691Author: djm@openbsd.org <djm@openbsd.org> 3692Date: Mon Sep 15 04:39:58 2025 +0000 3693 3694 upstream: fix memleak of channel forwarding permissions; ok 3695 3696 dtucker@ 3697 3698 OpenBSD-Commit-ID: 069745547109bc8fcc09fab5b19c53599cae99fd 3699 3700commit 03872018c14ed943bc01a4e88be59195a742f106 3701Author: djm@openbsd.org <djm@openbsd.org> 3702Date: Mon Sep 15 04:39:15 2025 +0000 3703 3704 upstream: when merging auth options into the active set, don't 3705 3706 leak the old struct sshauthopt; ok dtucker@ 3707 3708 OpenBSD-Commit-ID: c6bfd7bc2932e37f811b3c53272c3b919d33e75b 3709 3710commit efed5da4ced88170cf474246eff771dd16c7092f 3711Author: djm@openbsd.org <djm@openbsd.org> 3712Date: Mon Sep 15 04:38:00 2025 +0000 3713 3714 upstream: fix memleak when applying certificate options; ok 3715 3716 dtucker 3717 3718 OpenBSD-Commit-ID: 36c219dcc05f4df82a0f9c500bdf5dbfea925289 3719 3720commit edc601707b583a2c900e49621e048c26574edd3a 3721Author: djm@openbsd.org <djm@openbsd.org> 3722Date: Thu Sep 11 07:23:32 2025 +0000 3723 3724 upstream: disable ssh-add autoexpiry of certificates when testing 3725 3726 expired certificates 3727 3728 OpenBSD-Regress-ID: 64aadd23d37fd0b3a06498151f2cf83be7ac342c 3729 3730commit c60153e4878f3a6700af69adbdd1863003e78abf 3731Author: djm@openbsd.org <djm@openbsd.org> 3732Date: Thu Sep 11 07:22:37 2025 +0000 3733 3734 upstream: correct getopt() string 3735 3736 OpenBSD-Commit-ID: 05ef9581a3dab32ec93aa5b9c3349ed1e7da9ec8 3737 3738commit 7a4738af45201c115a9e20f830f30ed38ce6be76 3739Author: djm@openbsd.org <djm@openbsd.org> 3740Date: Thu Sep 11 03:29:58 2025 +0000 3741 3742 upstream: need time.h for time(3) 3743 3744 OpenBSD-Commit-ID: 530964039cccab679432b6c5b28d2b0aa9760b00 3745 3746commit 0c719c6aabc061f02a907fc96c390d0449b49f26 3747Author: djm@openbsd.org <djm@openbsd.org> 3748Date: Thu Sep 11 02:54:42 2025 +0000 3749 3750 upstream: When adding certificates to an agent, set the expiry to 3751 3752 the certificate expiry time plus a short (5 min) grace period. 3753 3754 This will cause the agent to automtically remove certificates shortly 3755 after they expire. 3756 3757 A new ssh-add -N option disables this behaviour. 3758 3759 Feedback/ok deraadt@ 3760 3761 OpenBSD-Commit-ID: 92fed1bba1025069ad45deebb534be7530e181df 3762 3763commit e9dcccc3541b0ae1c43581ed26215d5cc82e4be0 3764Author: jsg@openbsd.org <jsg@openbsd.org> 3765Date: Mon Sep 8 00:31:54 2025 +0000 3766 3767 upstream: remove unused 0-sized files; ok deraadt@ 3768 3769 OpenBSD-Commit-ID: 7e8178786157e863f6ff63c5d55200d7b6b04f9e 3770 3771commit d16b1b484a024ee6b35094e7d9d55bf96b96253b 3772Author: dtucker@openbsd.org <dtucker@openbsd.org> 3773Date: Fri Sep 5 10:34:35 2025 +0000 3774 3775 upstream: Tabs->spaces. Removes diff vs portable. 3776 3777 OpenBSD-Commit-ID: 06598021a9f08188dab29ac956b2baa002a0ff85 3778 3779commit 3d8ae7f235b96da604b08c44ae83420e367eeab4 3780Author: Tim Rice <tim@multitalents.net> 3781Date: Mon Sep 8 12:53:10 2025 -0700 3782 3783 modified: regress/rekey.sh 3784 Fix for when building out of tree. 3785 3786commit 54abadd3f286efea0dbbdbfea8011d5e1e30c074 3787Author: Darren Tucker <dtucker@dtucker.net> 3788Date: Sun Sep 7 13:35:22 2025 +1000 3789 3790 Accept OpenSSL 4.0.0-dev versions. 3791 3792 They seem to work, at least for now. 3793 3794commit 67a8bf4e4057597170bfa923fe2ce5bf90c43974 3795Author: Maxim Khon <fjoe@samodelkin.net> 3796Date: Mon Aug 18 12:05:42 2025 +0000 3797 3798 Use SSH_TUN_COMPAT_AF on FreeBSD. 3799 3800 Otherwise tun forwarding from other OSes fails as soon as the first IPv6 3801 message is sent by the other side (which is usually a Router Solicitation 3802 ICMPv6 message which is sent as soon as the interface is up): all other 3803 OS'es use SSH_TUN_COMPAT_AF or SSH_TUN_PREPEND_AF which effectively uses 3804 OpenBSD AF_INET/AF_INET6 values. 3805 3806commit 3ca274e44cb2c2351376fc14e4c3e92ba4a8f87b 3807Author: Darren Tucker <dtucker@dtucker.net> 3808Date: Fri Sep 5 21:32:30 2025 +1000 3809 3810 Check for nlist function. 3811 3812 Check for nlist function presence before attenmpting to use it instead 3813 of relying on the presence of the nlist.h header. Mac OS X, in particular 3814 has the header, but only has the function in the 32bit libraries. 3815 3816commit ee32a36c62424f13907023595bfa8b23a528ced1 3817Author: dtucker@openbsd.org <dtucker@openbsd.org> 3818Date: Fri Sep 5 10:23:55 2025 +0000 3819 3820 upstream: Order includes as per KNF and add time.h. Removes diff 3821 3822 vs portable. 3823 3824 OpenBSD-Commit-ID: 38043f0bfa17c48ef6d1a744c2834b4405bc9311 3825 3826commit 0ac179c9540e2b05b4c1194db69ce01306c253d3 3827Author: dtucker@openbsd.org <dtucker@openbsd.org> 3828Date: Fri Sep 5 10:17:21 2025 +0000 3829 3830 upstream: Order headers as per KNF. Removes diff vs portable. 3831 3832 OpenBSD-Commit-ID: 4df519fd9fa13ce9653adf7a3d1076e20591d886 3833 3834commit e80322284f3ee70b6b760a9f83179470d675e5ba 3835Author: dtucker@openbsd.org <dtucker@openbsd.org> 3836Date: Fri Sep 5 10:01:35 2025 +0000 3837 3838 upstream: Order headers as per KNF. 3839 3840 OpenBSD-Commit-ID: 7156b69b0364c68e181e0f6fa17c0f05c72e8670 3841 3842commit bb8ac0515e68cab63db2d026eb60127185a3d2b8 3843Author: Darren Tucker <dtucker@dtucker.net> 3844Date: Fri Sep 5 20:39:16 2025 +1000 3845 3846 Resync header order with upstream. 3847 3848commit 024b694249482698b0c73d24da0eaec696fca8c8 3849Author: Darren Tucker <dtucker@dtucker.net> 3850Date: Fri Sep 5 20:37:04 2025 +1000 3851 3852 Resync header order with upstream. 3853 3854commit aed6a958bc108faab64bc2855d6ed93894cfc6ff 3855Author: Darren Tucker <dtucker@dtucker.net> 3856Date: Fri Sep 5 20:30:20 2025 +1000 3857 3858 Sync includes with upstream. 3859 3860commit 22cfd2dd32f34f0cea218dd651f3aa9544b6e3b5 3861Author: Darren Tucker <dtucker@dtucker.net> 3862Date: Fri Sep 5 20:26:14 2025 +1000 3863 3864 Move ssh-pkcs11.h include to match upstream. 3865 3866commit b34c16bc4cac2962cc6a7517efbc4fed2c8a2d9a 3867Author: Darren Tucker <dtucker@dtucker.net> 3868Date: Fri Sep 5 20:20:27 2025 +1000 3869 3870 Reorder includes to match upstream. 3871 3872commit 441a8fa9a0178704bce497bff92ca43fcf04bf7a 3873Author: dtucker@openbsd.org <dtucker@openbsd.org> 3874Date: Fri Sep 5 09:58:08 2025 +0000 3875 3876 upstream: Order headers as per KNF. Removes diff vs portable. 3877 3878 OpenBSD-Commit-ID: db72be57429418f6a4319bbe34c98fc103e11ce0 3879 3880commit 19d6a7afb256c4afc571dbf56a013ef91cd9596f 3881Author: dtucker@openbsd.org <dtucker@openbsd.org> 3882Date: Fri Sep 5 09:49:26 2025 +0000 3883 3884 upstream: Order headers as per KNF. Also removes diff vs 3885 3886 -portable. 3887 3888 OpenBSD-Commit-ID: 2061307dc938712e524bc9da48a52f545e43670e 3889 3890commit 932e9f200bd48b7568eb21ec456c67ec92d517e2 3891Author: dtucker@openbsd.org <dtucker@openbsd.org> 3892Date: Fri Sep 5 09:31:31 2025 +0000 3893 3894 upstream: Remove unused rmd160.h header. ripemd160 support was 3895 3896 removed in 2017. 3897 3898 OpenBSD-Commit-ID: 937fca21498b921adf6e04bac120f4a2e7975b3c 3899 3900commit f93de828b9b0f29bff51d38ea92d0759595ec30b 3901Author: Darren Tucker <dtucker@dtucker.net> 3902Date: Fri Sep 5 20:07:16 2025 +1000 3903 3904 Create replacement nlist.h if needed. 3905 3906 Remove #ifdef HAVE_NLIST_H wrapper. ok djm@ 3907 3908commit 6aac2beaa53467e83f6a137376b6dcf423ab6f6c 3909Author: Darren Tucker <dtucker@dtucker.net> 3910Date: Fri Sep 5 19:55:20 2025 +1000 3911 3912 Create replacement endian.h if needed. 3913 3914 Remove #ifdef HAVE_ENDIAN_H wrapper. ok djm@ 3915 3916commit a60721c894f0a2ce973876d0f55617e187e6fab1 3917Author: Darren Tucker <dtucker@dtucker.net> 3918Date: Fri Sep 5 19:52:48 2025 +1000 3919 3920 Add /* WITH_OPENSSL */ comments. 3921 3922 Removes diffs vs upstream. 3923 3924commit c729a833298d9d55ffb22771cf1400dfdc640164 3925Author: Darren Tucker <dtucker@dtucker.net> 3926Date: Fri Sep 5 19:22:37 2025 +1000 3927 3928 Move sys/time.h include to match upstream. 3929 3930commit caa973dd06a7be43c29353b256c9a473f5ad9882 3931Author: Darren Tucker <dtucker@dtucker.net> 3932Date: Fri Sep 5 19:13:52 2025 +1000 3933 3934 Create replacement netgroup.h if needed. 3935 3936 Remove #ifdef HAVE_NETGROUP_H wrapper. ok djm@ 3937 3938commit 7d30526b7df14d960a5de63d6af823ffdab86518 3939Author: Darren Tucker <dtucker@dtucker.net> 3940Date: Fri Sep 5 18:24:59 2025 +1000 3941 3942 Remove stray #endif left from previous. 3943 3944commit 4911f2600fdbb1959311bb1886bfe51f7dd4a74e 3945Author: Darren Tucker <dtucker@dtucker.net> 3946Date: Fri Sep 5 18:08:51 2025 +1000 3947 3948 Create replacement libgen.h if needed. 3949 3950 Remove #ifdef HAVE_LIBGEN_H wrapper. ok djm@ 3951 3952commit 65dcdb56f5daee519ec824ae17e64412d2492f90 3953Author: Darren Tucker <dtucker@dtucker.net> 3954Date: Fri Sep 5 18:05:15 2025 +1000 3955 3956 Create replacement sys/un.h if needed. 3957 3958 Remove #ifdef HAVE_SYS_UN_H wrapper. ok djm@ 3959 3960commit 60334af5a908ac3b263d2ec696f9977e20b739cb 3961Author: Darren Tucker <dtucker@dtucker.net> 3962Date: Fri Sep 5 18:03:55 2025 +1000 3963 3964 Reformat replacement header check one per line. 3965 3966commit cd9ba068e36b0f37374d2eba2d19dacc7ea9a167 3967Author: Darren Tucker <dtucker@dtucker.net> 3968Date: Fri Sep 5 17:55:33 2025 +1000 3969 3970 Create replacement time.h if needed. 3971 3972 Remove #ifdef HAVE_TIME_H wrapper. ok djm@ 3973 3974commit ea586edbcbec7089f768ed682a79a399eaa1e5b1 3975Author: Darren Tucker <dtucker@dtucker.net> 3976Date: Fri Sep 5 17:50:18 2025 +1000 3977 3978 Create replacement sys/stat.h if needed. 3979 3980 Remove #ifdef HAVE_SYS_STAT_H wrapper. ok djm@ 3981 3982commit 59b80707c6cf45230597a800e7d2ce6b00ce35b5 3983Author: Darren Tucker <dtucker@dtucker.net> 3984Date: Fri Sep 5 17:44:07 2025 +1000 3985 3986 Create replacement sys/time.h if needed. 3987 3988 Remove #ifdef HAVE_SYS_TIME_H wrapper. ok djm@ 3989 3990commit 82fed5110fe09e9af258a8f5a2f92ffb397fff5b 3991Author: Darren Tucker <dtucker@dtucker.net> 3992Date: Fri Sep 5 17:31:15 2025 +1000 3993 3994 Create replacement ifaddrs.h if needed. 3995 3996 Remove #ifdef HAVE_IFADDRS_H wrapper. ok djm@ 3997 3998commit 53887d8ebc583b51e996cb2bdeb11e054d36343b 3999Author: Darren Tucker <dtucker@dtucker.net> 4000Date: Fri Sep 5 17:27:43 2025 +1000 4001 4002 Create replacement util.h if needed. 4003 4004 Remove #ifdef HAVE_UTIL_H wrapper. ok djm@ 4005 4006commit 5f09983d1e724097bd577097fb0f2c00c2436f21 4007Author: Darren Tucker <dtucker@dtucker.net> 4008Date: Fri Sep 5 17:24:50 2025 +1000 4009 4010 Create replacement paths.h if needed. 4011 4012 Remove #ifdef HAVE_PATHS_H wrapper. ok djm@ 4013 4014commit d45b17dc5a0598dda2b11dc89598203408d2d59c 4015Author: Darren Tucker <dtucker@dtucker.net> 4016Date: Fri Sep 5 17:17:52 2025 +1000 4017 4018 Create replacement poll.h if needed. 4019 4020 Remove #ifdef HAVE_POLL_H wrapper. ok djm@ 4021 4022commit 9b2c5a2db0650e394597839ef00d797f57568937 4023Author: Darren Tucker <dtucker@dtucker.net> 4024Date: Fri Sep 5 17:06:14 2025 +1000 4025 4026 Fill in missing system header files. 4027 4028 Create replacement header files inside openbsd-compat for common headers 4029 that are missing on a given platform. Usually these are just empty, 4030 but in some cases they'll include the equivalent file. This avoids 4031 having to wrap those includes in '#ifdef HAVE_FOO_H' and reduces the 4032 diff vs OpenBSD. 4033 4034 If we create any such headers, add the path to includes. 4035 4036 Initially just stdint.h, more to follow. 4037 4038 ok djm@ 4039 4040commit f64701ca25795548a61614d0b13391d6dfa7f38c 4041Author: djm@openbsd.org <djm@openbsd.org> 4042Date: Thu Sep 4 03:04:44 2025 +0000 4043 4044 upstream: repair test after changes to percent expansion of usernames 4045 4046 on the commandline. 4047 4048 Test more cases that should/shouldn't expand and lightly test 4049 username validity checks. 4050 4051 OpenBSD-Regress-ID: ad4c12c70bdf1f959abfebd1637ecff1b49a484c 4052 4053commit 45698669d49949868b1f3d13dfda1b7cb70060ad 4054Author: djm@openbsd.org <djm@openbsd.org> 4055Date: Thu Sep 4 00:37:10 2025 +0000 4056 4057 upstream: unit tests for sshbuf_equals and sshbuf_dtourlb64; ok 4058 4059 deraadt@ 4060 4061 OpenBSD-Regress-ID: bab54e2d4caa813036a63ee67e92c93e6712a5b9 4062 4063commit 4be445116f1b56f14254b98d8b132bb25777e160 4064Author: djm@openbsd.org <djm@openbsd.org> 4065Date: Thu Sep 4 00:34:17 2025 +0000 4066 4067 upstream: unit tests for a bunch of misc.c functions; ok deraadt@ 4068 4069 OpenBSD-Regress-ID: 886cf142605405e777ee77a96b48694dc2e9235d 4070 4071commit e3699ff47df336f57da2e78188d0057f8368af56 4072Author: djm@openbsd.org <djm@openbsd.org> 4073Date: Thu Sep 4 00:32:31 2025 +0000 4074 4075 upstream: fix sshbuf_dtourlb64() to not choke on empty buffers; 4076 4077 previously it incorrectly returned an error in this situation; ok deraadt 4078 4079 OpenBSD-Commit-ID: e62773d6e8cb95a19aab54f0af0edbcd47b345c0 4080 4081commit 8e85ad33cfcc71e03594e53f2e19d8ce2e27dcc6 4082Author: djm@openbsd.org <djm@openbsd.org> 4083Date: Thu Sep 4 00:31:49 2025 +0000 4084 4085 upstream: fix rtrim() function to not attempt to delete whitespace 4086 4087 inside a string, just at the end. ok deraadt@ 4088 4089 OpenBSD-Commit-ID: d44deaa43580cd88de978dd5509b14e905b67b84 4090 4091commit 43b3bff47bb029f2299bacb6a36057981b39fdb0 4092Author: djm@openbsd.org <djm@openbsd.org> 4093Date: Thu Sep 4 00:30:06 2025 +0000 4094 4095 upstream: don't allow \0 characters in url-encoded strings. 4096 4097 Suggested by David Leadbeater, ok deraadt@ 4098 4099 OpenBSD-Commit-ID: c92196cef0f970ceabc1e8007a80b01e9b7cd49c 4100 4101commit 35d5917652106aede47621bb3f64044604164043 4102Author: djm@openbsd.org <djm@openbsd.org> 4103Date: Thu Sep 4 00:29:09 2025 +0000 4104 4105 upstream: Improve rules for %-expansion of username. 4106 4107 Usernames passed on the commandline will no longer be subject to 4108 % expansion. Some tools invoke ssh with connection information 4109 (i.e. usernames and host names) supplied from untrusted sources. 4110 These may contain % expansion sequences which could yield 4111 unexpected results. 4112 4113 Since openssh-9.6, all usernames have been subject to validity 4114 checking. This change tightens the validity checks by refusing 4115 usernames that include control characters (again, these can cause 4116 surprises when supplied adversarially). 4117 4118 This change also relaxes the validity checks in one small way: 4119 usernames supplied via the configuration file as literals (i.e. 4120 include no % expansion characters) are not subject to these 4121 validity checks. This allows usernames that contain arbitrary 4122 characters to be used, but only via configuration files. This 4123 is done on the basis that ssh's configuration is trusted. 4124 4125 Pointed out by David Leadbeater, ok deraadt@ 4126 4127 OpenBSD-Commit-ID: e2f0c871fbe664aba30607321575e7c7fc798362 4128 4129commit f38a552dc71f20df2544338099e3fe2563f1a9ca 4130Author: Damien Miller <djm@mindrot.org> 4131Date: Wed Sep 3 09:42:39 2025 +1000 4132 4133 missing header 4134 4135commit cc4eb3d6943cb57e08ab3abbcf92644deb429e46 4136Author: djm@openbsd.org <djm@openbsd.org> 4137Date: Tue Sep 2 11:08:34 2025 +0000 4138 4139 upstream: simplify algorithm list functions using xextendf(); ok 4140 4141 dtucker@ 4142 4143 OpenBSD-Commit-ID: ffc5f8d0c25b95705a8a66c8b634f98d23bd92dc 4144 4145commit 8866d24cdd1d6e73bb3220b753f94e255c49ff96 4146Author: djm@openbsd.org <djm@openbsd.org> 4147Date: Tue Sep 2 11:04:58 2025 +0000 4148 4149 upstream: unit test for xextendf() 4150 4151 OpenBSD-Regress-ID: ddb3b4db1a52dda23696b967470882fe2b9c3af7 4152 4153commit 2f369d3fd0ff3715c2b32dff5cb35c0330272445 4154Author: djm@openbsd.org <djm@openbsd.org> 4155Date: Tue Sep 2 09:41:23 2025 +0000 4156 4157 upstream: fix comment on sshbuf_froms() - it *returns* an error 4158 4159 code, the allocated buffer is passed via argument 4160 4161 OpenBSD-Commit-ID: b2b0a76df71328f39c3e2ad941a4d87085d8335d 4162 4163commit 6fd93060bb2ec35a7f0bf96d1a74104bab49e017 4164Author: djm@openbsd.org <djm@openbsd.org> 4165Date: Tue Sep 2 09:40:19 2025 +0000 4166 4167 upstream: GssStrictAcceptor was missing from sshd -T output; fix 4168 4169 OpenBSD-Commit-ID: 6014049ccfedc48a208e37d5488ade6bdc2d1c44 4170 4171commit d94a9a8c54e9036961c1100c6f445c50ab9b6b40 4172Author: Damien Miller <djm@mindrot.org> 4173Date: Tue Sep 2 19:38:39 2025 +1000 4174 4175 portable-specific comment grammer/spelling fixes 4176 4177commit a0b095fa03d3c08d723a803ce25540fddd955c53 4178Author: djm@openbsd.org <djm@openbsd.org> 4179Date: Tue Sep 2 09:34:48 2025 +0000 4180 4181 upstream: grammar and typos in comments 4182 4183 OpenBSD-Commit-ID: de954daffcd0147ce142d55e8a374810cd19d7ed 4184 4185commit 23a2bb750547a9a5251cbc44c5ceb1d05303befe 4186Author: Damien Miller <djm@mindrot.org> 4187Date: Tue Sep 2 19:30:07 2025 +1000 4188 4189 replace remaining manual logging of __func__ 4190 4191 Use the appropriate log macro that prepends the function name 4192 (e.g. logit_f/debug2_f/etc). 4193 4194commit a9b0b69f15e63bc4e8c8b38e24ee85ea076a7e11 4195Author: djm@openbsd.org <djm@openbsd.org> 4196Date: Tue Sep 2 09:26:21 2025 +0000 4197 4198 upstream: replace remaining cases where we manually included __func__ 4199 4200 in a debug or error log with the respective *_f log variant 4201 4202 OpenBSD-Commit-ID: 46a280d78bcc0bc98f28e65a30b613366600328f 4203 4204commit 19f7cb39eecb4b8f768f37e8294dc3a9142e022b 4205Author: djm@openbsd.org <djm@openbsd.org> 4206Date: Mon Sep 1 23:55:29 2025 +0000 4207 4208 upstream: test MaxStatups idempotency; ok dtucker@ 4209 4210 OpenBSD-Regress-ID: b5d713c2709000fa5e41d82c0cf8627e13cb43f9 4211 4212commit c357c4a1e626feba9a968b5f0cb832b989b2d433 4213Author: djm@openbsd.org <djm@openbsd.org> 4214Date: Thu Aug 21 05:55:30 2025 +0000 4215 4216 upstream: benchmark more diffie-hellman-group* KEXs 4217 4218 use current KEX names, i.e. remove the "@openssh.com" where the KEX 4219 has been standardised 4220 4221 OpenBSD-Regress-ID: a67e9da4efd9a971d39cb2481093f836046f9b7f 4222 4223commit 9313233a735733821dfd170b70782fb7da492962 4224Author: djm@openbsd.org <djm@openbsd.org> 4225Date: Tue Sep 2 01:03:43 2025 +0000 4226 4227 upstream: fix previous 4228 4229 OpenBSD-Commit-ID: 09d95dfb5e064a1d0e74afba8d77474cc1d110a4 4230 4231commit 683d0abe596b069a896f1688f86256f1beeb0cdc 4232Author: djm@openbsd.org <djm@openbsd.org> 4233Date: Mon Sep 1 23:53:16 2025 +0000 4234 4235 upstream: Make MaxStartups and PerSourceNetBlockSize first-match-wins 4236 4237 as advertised. bz3859 reported by jan.v.hofmann; ok dtucker 4238 4239 OpenBSD-Commit-ID: 08f7786f1b3b4a05a106cdbd2dc5f1f2d8299447 4240 4241commit a9a3f025d76f06a6601e6e8d52b468ec467865d9 4242Author: djm@openbsd.org <djm@openbsd.org> 4243Date: Fri Aug 29 03:50:38 2025 +0000 4244 4245 upstream: remove experimental support for XMSS keys; 4246 4247 ok deraadt markus 4248 4249 OpenBSD-Commit-ID: 38eaf4df6189acad9e46eddf7cf32d7f6d07df35 4250 4251commit 908e9d55139bed19ed87d6fec749974eb42702c6 4252Author: caspar@openbsd.org <caspar@openbsd.org> 4253Date: Mon Aug 18 18:39:33 2025 +0000 4254 4255 upstream: ssh_config.5: say "post-quantum" instead of "post quantum 4256 4257 safe", and rephrase the sentence to make it easier to read. 4258 4259 Input djm@, input and OK deraadt@, OK dtucker@ 4260 4261 OpenBSD-Commit-ID: c3ee4d1cafdcfc20cc0d2f086021efce4b19c075 4262 4263commit ceca966bde4ab38b2434876416da12fe16747459 4264Author: job@openbsd.org <job@openbsd.org> 4265Date: Mon Aug 18 09:16:36 2025 +0000 4266 4267 upstream: Delete unused accessor function 4268 4269 OK dtucker@ 4270 4271 OpenBSD-Commit-ID: 93b59ac088fb254e1189729ece5bb9656d6e810b 4272 4273commit 3ef1a87d0a29eac94f32371af628e81eb2e2d817 4274Author: Damien Miller <djm@mindrot.org> 4275Date: Mon Aug 18 17:00:26 2025 +1000 4276 4277 Fix pledge(2) special casing 4278 4279 Unbreaks non-OpenBSD platforms 4280 4281commit 5e9ca80fe65e407428dc46ed45804724d08b91b7 4282Author: Damien Miller <djm@mindrot.org> 4283Date: Mon Aug 18 16:47:23 2025 +1000 4284 4285 Match version instead of groups in connect-bigconf 4286 4287 The connect-bigconf makes a giant config file to test config passing 4288 between the sshd subprocesses. Previously it used a bunch of "Match 4289 group" lines to construct a large file. However checking group 4290 membership can be expensive (e.g. if a large groups database is 4291 present or if group lookup is remote via NSS). This could be slow 4292 enough to exceed LoginGraceTime. 4293 4294 This switches it to "Match version" which is just a string compare 4295 and does just as well for making a giant nonsense config file. 4296 4297commit 6c84609e5f9ddd49e250d5cf190b2820dbeca178 4298Author: Damien Miller <djm@mindrot.org> 4299Date: Mon Aug 18 16:47:00 2025 +1000 4300 4301 depend 4302 4303commit 9184fa363687fcb5dac056b093fb3b8e9d327242 4304Author: Damien Miller <djm@mindrot.org> 4305Date: Mon Aug 18 16:45:15 2025 +1000 4306 4307 check for setsockopt IP_TOS in OpenBSD pledge 4308 4309 OpenBSD has recently relaxed the pledge(2) sandbox to allow some 4310 setsockopt options to be changed without the "inet" promise. 4311 4312 This adds compatibility for OpenBSD that predates this relaxation. 4313 4314commit ae44cd74f3a4ac711152f50b2712803ccf785593 4315Author: djm@openbsd.org <djm@openbsd.org> 4316Date: Mon Aug 18 04:50:35 2025 +0000 4317 4318 upstream: cast 4319 4320 OpenBSD-Commit-ID: d69bd2328513c2dcd99f4f346b77e2bd90cf1964 4321 4322commit c2c8bae39380392449ac3297061cbfc486126ad5 4323Author: djm@openbsd.org <djm@openbsd.org> 4324Date: Mon Aug 18 04:38:21 2025 +0000 4325 4326 upstream: missing set_log_handler() call in ssh-auth.c, exposed after 4327 4328 last commit 4329 4330 OpenBSD-Commit-ID: 09f5c3cf33c18b8ad321edbf96c30ae3deada2b0 4331 4332commit 056022261e6cf7eb65bbacac72afe5f4d5945f2c 4333Author: Damien Miller <djm@mindrot.org> 4334Date: Mon Aug 18 14:22:32 2025 +1000 4335 4336 depend 4337 4338commit b7ee13fbbb4ebafcf71f29685f053ecb97d1bcef 4339Author: Damien Miller <djm@mindrot.org> 4340Date: Mon Aug 18 14:22:18 2025 +1000 4341 4342 wrap SIGINFO in ifdef 4343 4344commit 289239046b2c4b0076c14394ae9703a879e78706 4345Author: djm@openbsd.org <djm@openbsd.org> 4346Date: Mon Aug 18 03:43:01 2025 +0000 4347 4348 upstream: Make ssh(1) and sshd(8) set IP QoS (aka IP_TOS, IPV6_TCLASS) 4349 4350 continually at runtime based on what sessions/channels are open. 4351 4352 Previously, ssh(1) and sshd(8) would pick a QoS value when they 4353 were started and use it for the whole connection. This could 4354 produce suboptimal choices for the QoS value, e.g. for multiplexed 4355 sessions that started interactive but picked up a sftp client, 4356 or sessions that moved large amounts of data via port forwarding. 4357 4358 Now the QoS value will change to the non-interactive IPQoS whenever 4359 a "non-interactive" channel is open; basically any channel that lacks 4360 a tty other than agent forwarding. 4361 4362 This is important now that the default interactive IPQoS is EF 4363 (Expedited Forwarding), as many networks are configured to allow 4364 only relatively small amounts of traffic of this class and they will 4365 aggressively deprioritise the entire connection if this is exceeded. 4366 4367 NB. because ssh(1) and sshd(8) now change IP_TOS/IPV6_TCLASS 4368 continually via setsockopt(), this commit requires a recent pledge(2) 4369 change that landed recently in the OpenBSD kernel. Please ensure 4370 you have updated to a kernel from within the last two weeks before 4371 updating OpenSSH. 4372 4373 with job@ deraadt@ 4374 4375 OpenBSD-Commit-ID: 325fc41717eecdf5e4b534bfa8d66817425b840f 4376 4377commit dc5147028ff19213a32281dad07bba02e58da3fa 4378Author: djm@openbsd.org <djm@openbsd.org> 4379Date: Mon Aug 18 03:29:11 2025 +0000 4380 4381 upstream: SIGINFO handler for sshd(8) to dump active 4382 4383 channels/sessions ok deraadt@ 4384 4385 OpenBSD-Commit-ID: 9955cb6d157c6d7aa23a819e8ef61b1edabc8b7d 4386 4387commit f807a598c96be683d97810481e954ec9db6b0027 4388Author: djm@openbsd.org <djm@openbsd.org> 4389Date: Mon Aug 18 03:28:36 2025 +0000 4390 4391 upstream: SIGINFO handler for ssh(1) to dump active 4392 4393 channels/sessions ok deraadt@ 4394 4395 OpenBSD-Commit-ID: 12f88a5044bca40ef5f41ff61b1755d0e25df901 4396 4397commit 9b61679d73a8a001c25ab308db8a3162456010cf 4398Author: djm@openbsd.org <djm@openbsd.org> 4399Date: Mon Aug 18 03:28:02 2025 +0000 4400 4401 upstream: add channel_report_open() to report (to logs) open 4402 4403 channels; ok deraadt@ (as part of bigger diff) 4404 4405 OpenBSD-Commit-ID: 7f691e25366c5621d7ed6f7f9018d868f7511c0d 4406 4407commit 80b5ffd22abd4093201939e31d1ea6dc8cc7913a 4408Author: djm@openbsd.org <djm@openbsd.org> 4409Date: Mon Aug 18 01:59:53 2025 +0000 4410 4411 upstream: make -E a no-op in sshd-auth. Redirecting logging to a 4412 4413 file doesn't work in this program as logging already goes via the parent 4414 sshd-session process. ok dtucker@ 4415 4416 OpenBSD-Commit-ID: 73325b9e69364117c18305f896c620a3abcf4f87 4417 4418commit 3a039108bd25ff10047d7fa64750ed7df10c717c 4419Author: Damien Miller <djm@mindrot.org> 4420Date: Mon Aug 18 13:46:37 2025 +1000 4421 4422 allow some socket syscalls in seccomp sandbox 4423 4424 Allow getsockname(2), getpeername(2) and getsockopt(2). 4425 4426 Also allow setsockopt(2) but only IP_TOS and IPV6_TCLASS. 4427 4428 Note that systems that use the older socketcall(2) mux syscall will 4429 not have IP_TOS and IPV6_TCLASS allowlisted. On these platforms, 4430 these calls will be soft-blocked (i.e. will fail rather than 4431 terminate the whole process with a sandbox violation). 4432 4433 Needed for upcoming IPQoS change; ok dtucker@ 4434 4435commit a00f5b02e171bc6d6fb130050afb7a08f5ece1d8 4436Author: Damien Miller <djm@mindrot.org> 4437Date: Mon Aug 18 13:44:53 2025 +1000 4438 4439 handle futex_time64 properly in seccomp sandbox 4440 4441 Previously we only allowed __NR_futex, but some 32-bit systems 4442 apparently support __NR_futex_time64. We had support for this 4443 in the sandbox, but because of a macro error only __NR_futex was 4444 allowlisted. 4445 4446 ok dtucker@ 4447 4448commit 32deb00b38b4ee2b3302f261ea1e68c04e020a08 4449Author: dtucker@openbsd.org <dtucker@openbsd.org> 4450Date: Thu Aug 14 10:03:44 2025 +0000 4451 4452 upstream: Cast serial no for %lld to prevent compiler warnings on some 4453 4454 platforms. 4455 4456 OpenBSD-Commit-ID: afadd741622f16c6733d461c0d6053ed52868a57 4457 4458commit 883886c959ecab152650e231335857eb3193c662 4459Author: dtucker@openbsd.org <dtucker@openbsd.org> 4460Date: Thu Aug 14 09:44:39 2025 +0000 4461 4462 upstream: Cast serial no for %lld to prevent compiler warnings on some 4463 4464 platforms. 4465 4466 OpenBSD-Commit-ID: 46c6063284d318f7e4dc922479a3e394c94b0588 4467 4468commit fde5a4d2cd01bea700439fa6d5bbad88e65c99bd 4469Author: dtucker@openbsd.org <dtucker@openbsd.org> 4470Date: Thu Aug 14 09:26:53 2025 +0000 4471 4472 upstream: Cast serial no for %lld to prevent compiler warnings on some 4473 4474 platforms. 4475 4476 OpenBSD-Commit-ID: 15644234b58abc9c6da2994f0422a5aa344a9e89 4477 4478commit ab5074dfb614e3801fecbd376d8ed4cea613c629 4479Author: sthen@openbsd.org <sthen@openbsd.org> 4480Date: Tue Aug 12 11:09:48 2025 +0000 4481 4482 upstream: fix typo, ok markus dtucker 4483 4484 OpenBSD-Commit-ID: 8f223da7633752162c64a659c6cf55202703d870 4485 4486commit 8b6c1f402feb9eb6438003a312d7ffe8d5669896 4487Author: deraadt@openbsd.org <deraadt@openbsd.org> 4488Date: Mon Aug 11 14:37:43 2025 +0000 4489 4490 upstream: Handle localtime_r() failure by return "UNKNOWN-TIME" 4491 4492 which is only used in user-visible contexts. freebsd 288773 shows their 4493 localtime_r() has failed at least once for unknown reason. discussed with djm 4494 4495 OpenBSD-Commit-ID: 68f4c92d46b2578d4594b0ed940958d597fd61ac 4496 4497commit 0e1b8aa27f7c86d412c9e54ad9e2cae30d9ddab4 4498Author: djm@openbsd.org <djm@openbsd.org> 4499Date: Mon Aug 11 10:55:38 2025 +0000 4500 4501 upstream: ssh(1): add a warning when the connection negotiates a 4502 4503 non-post quantum safe key agreement algorithm. 4504 4505 Controlled via a new WarnWeakCrypto ssh_config option, defaulting 4506 to on. This option might grow additional weak crypto warnings in 4507 the future. 4508 4509 More details at https://openssh.com/pq.html 4510 4511 mostly by deraadt@ feedback dtucker@ ok deraadt@ 4512 4513 OpenBSD-Commit-ID: 974ff243a1eccceac6a1a9d8fab3bcc89d74a2a4 4514 4515commit 2ebc6384258b58ace0ad2adb2593744f62749235 4516Author: djm@openbsd.org <djm@openbsd.org> 4517Date: Wed Aug 6 23:44:09 2025 +0000 4518 4519 upstream: all state related to the ssh connection should live in 4520 4521 struct ssh or struct packet_state; one static int escaped this rule, so move 4522 it to struct packet_state now. 4523 4524 ok millert tb 4525 4526 OpenBSD-Commit-ID: bd6737168bf61a836ffbdc99ee4803468db90a53 4527 4528commit 60b909fb110f77c1ffd15cceb5d09b8e3f79b27e 4529Author: dtucker@openbsd.org <dtucker@openbsd.org> 4530Date: Wed Aug 6 11:22:53 2025 +0000 4531 4532 upstream: Improve sentence. ok djm@ 4533 4534 OpenBSD-Commit-ID: 9c481ddd6bad110af7e530ba90db41f6d5fe2273 4535 4536commit 9ffa98111dbe53bf86d07da8e01ded8c5c25456b 4537Author: djm@openbsd.org <djm@openbsd.org> 4538Date: Wed Aug 6 04:53:04 2025 +0000 4539 4540 upstream: when refusing a certificate for user authentication, log 4541 4542 enough information to identify the certificate in addition to the reason why 4543 it was being denied. Makes debugging certificate authz problems a bit easier. 4544 4545 ok dlg@ 4546 4547 OpenBSD-Commit-ID: 4c4621b2e70412754b3fe7540af8f4bf02b722b1 4548 4549commit 2a31009c36eb2da412c2784fe131fcb6ba800978 4550Author: job@openbsd.org <job@openbsd.org> 4551Date: Tue Aug 5 09:08:16 2025 +0000 4552 4553 upstream: Use the operating system default DSCP marking for 4554 4555 non-interactive traffic 4556 4557 It seems the CS1 traffic class mark is considered ambiguous and therefore 4558 somewhat unhelpful (see RFC 8622 for more considerations). But, the new 4559 'LE' scavenger class (also proposed in RFC 8622) offers high probability 4560 of excessive delays & high packet loss, which would be inappropriate 4561 for use with, for example, X11 forwardings. In fact, it is not known to 4562 SSH what's appropriate because SSH is not aware of the content of what 4563 passing through session forwardings. Therefore, no marking is appropriate. 4564 Non-interactive traffic simply is best effort. 4565 4566 OK djm@ deraadt@ 4567 4568 OpenBSD-Commit-ID: db1da1a432ecd53fc28feb84287aedb6bec80b01 4569 4570commit 6ebd472c391a73574abe02771712d407c48e130d 4571Author: djm@openbsd.org <djm@openbsd.org> 4572Date: Tue Aug 5 04:00:15 2025 +0000 4573 4574 upstream: a bunch of the protocol extensions we support now have RFCs 4575 4576 and I-Ds that are more complete and detailed than what we have in the 4577 PROTOCOL.* files. Refer to these when possible instead of documenting them 4578 here. 4579 4580 OpenBSD-Commit-ID: 4fa5b0fcf5d5f24093d33d9e82c7ca4850d50d70 4581 4582commit ec3465f59c651405e395092f3ad606f8992328d8 4583Author: job@openbsd.org <job@openbsd.org> 4584Date: Thu Jul 31 11:23:39 2025 +0000 4585 4586 upstream: Deprecate support for IPv4 type-of-service (TOS) IPQoS 4587 4588 keywords 4589 4590 Type of Service (ToS) was deprecated in the late nineties and replaced 4591 with the Differentiated Services architecture. Diffserv has significant 4592 advantages for operators because this mechanism offers more granularity. 4593 4594 OpenSSH switched its default IPQoS from ToS to DSCP values in 2018. 4595 4596 IPQoS configurations with 'lowdelay', 'reliability', or 'throughput' will be 4597 ignored and instead the system default QoS settings apply. Additionally, a 4598 debug message is logged about the deprecation with a suggestion to use DSCP. 4599 4600 with/OK deraadt@ sthen@ djm@ 4601 4602 OpenBSD-Commit-ID: 40c8c0c5cb20151a348728703536af2ec1c754ba 4603 4604commit 65909fa114e7dd7511800db2b7bacb8774afe887 4605Author: job@openbsd.org <job@openbsd.org> 4606Date: Thu Jul 31 09:38:41 2025 +0000 4607 4608 upstream: Set default IPQoS for interactive sessions to Expedited 4609 4610 Forwarding (EF) 4611 4612 Marking interactive session data with DSCP value EF (RFC3246, RFC3247) 4613 helps inform the network on relative priority compared to other traffic. 4614 This is especially useful for differentiated treatment over wireless media. 4615 4616 Following the reconciled IETF Diffserv to IEEE 802.11 mappings (RFC 8325), 4617 traffic marked with DSCP value EF maps to User Priority 6 in QoS Control, 4618 in turn mapping to the high priority WMM AC_VO access category. 4619 4620 OK djm@ 4621 4622 OpenBSD-Commit-ID: aadda7b9da794d70d7c6b381a861a0610afce1b3 4623 4624commit d1c6c67a50fc957010fa027c6ab970424e9b9142 4625Author: Darren Tucker <dtucker@dtucker.net> 4626Date: Sat Aug 2 14:49:00 2025 +1000 4627 4628 Disable security key tests for bigendian interop 4629 4630commit e85248df3f1073343da87a6b00512e6a1e4a863d 4631Author: Darren Tucker <dtucker@dtucker.net> 4632Date: Sat Aug 2 12:51:42 2025 +1000 4633 4634 Comment out atime restore test. 4635 4636 This works on filesystems mounted 'noatime', but on others the stat() 4637 resets atime causing the test to fail. 4638 4639commit b1c4cedbee107dc611ce091f27ea9f1de28ee378 4640Author: Darren Tucker <dtucker@dtucker.net> 4641Date: Fri Aug 1 19:29:00 2025 +1000 4642 4643 Replace fbsd64ppc VM with physical host. 4644 4645 Run 64bit bigendian interop test on NetBSD arm64be instead. 4646 4647commit 284abbed9a8d815b1ec5e96aff885d77e26537e7 4648Author: dtucker@openbsd.org <dtucker@openbsd.org> 4649Date: Wed Jul 30 10:17:13 2025 +0000 4650 4651 upstream: Plug leak in case where sigp is passed as NULL. Coverity CID 4652 4653 483725, ok djm@ 4654 4655 OpenBSD-Commit-ID: 47cf7b399c84e102b670b9f97ab6926c9a7256b5 4656 4657commit dc630e6d81be8aa495254839731e4f3521cf9e31 4658Author: djm@openbsd.org <djm@openbsd.org> 4659Date: Wed Jul 30 04:27:42 2025 +0000 4660 4661 upstream: unbreak WITH_OPENSSL=no builds, also allowing ed25519 4662 4663 keys to be used via PKCS#11 when OpenSSH is built without libcrypto. 4664 4665 OpenBSD-Commit-ID: ecf26fdf7591bf2c98bac5136fbc36e0b59c3fc2 4666 4667commit a5bec2cdfc4f38ddb6211809851aae29ba99a35a 4668Author: djm@openbsd.org <djm@openbsd.org> 4669Date: Wed Jul 30 04:19:17 2025 +0000 4670 4671 upstream: fix variable name in disabled code 4672 4673 OpenBSD-Commit-ID: 5612e979575d5da933c8b720d296423fd84392f5 4674 4675commit 5e4bfe6c16924b1c21a733f3e218cfcba98e301e 4676Author: Damien Miller <djm@mindrot.org> 4677Date: Sat Jul 26 19:19:46 2025 +1000 4678 4679 more ec/ed25519 fixing 4680 4681commit 2603098959eff55cbe188c3dfcbe5302808a80fc 4682Author: Damien Miller <djm@mindrot.org> 4683Date: Sat Jul 26 14:27:53 2025 +1000 4684 4685 repair build for libcrypto without ed25519 support 4686 4687commit a729163c56ecc002c0cb04db56e7d86ceec2e8b0 4688Author: djm@openbsd.org <djm@openbsd.org> 4689Date: Sat Jul 26 01:53:31 2025 +0000 4690 4691 upstream: regression tests for Ed25519 keys in PKCS#11 tokens 4692 4693 OpenBSD-Regress-ID: 50067c0716abfea3a526b4a0c8f1fe15e7665c0f 4694 4695commit 361ff0ca308ac02449e71689fc5ea72114db43db 4696Author: djm@openbsd.org <djm@openbsd.org> 4697Date: Sat Jul 26 01:51:44 2025 +0000 4698 4699 upstream: Support ed25519 keys hosted on PKCS#11 tokens. 4700 4701 Tested on Yubikeys and against SoftHSM2. 4702 4703 feedback/ok tb@ 4704 4705 OpenBSD-Commit-ID: 90ddb6529f2e12e98e8bba21d8592e60579ce2e4 4706 4707commit 2b530cc3005a71c5ba6b712978872fc9c147439c 4708Author: djm@openbsd.org <djm@openbsd.org> 4709Date: Fri Jul 25 13:06:07 2025 +0000 4710 4711 upstream: update our PKCS#11 API header to v3.0; 4712 4713 feedback/ok tb@ 4714 4715 OpenBSD-Commit-ID: e67fa6a26e515c2b1fb7b0d1519d138aafb3e017 4716 4717commit 550d2a4a66c50f7641563a63b900761d99efb24a 4718Author: Damien Miller <djm@mindrot.org> 4719Date: Fri Jul 25 23:04:33 2025 +1000 4720 4721 another attempt at fixing !EC builds 4722 4723commit ed1e370d84e9dc39bc31c19cca12222d991fdc6f 4724Author: dtucker@openbsd.org <dtucker@openbsd.org> 4725Date: Fri Jul 25 11:50:45 2025 +0000 4726 4727 upstream: Don't snprintf a NULL since not all platforms support it. 4728 4729 OpenBSD-Commit-ID: 6e0c268e40047e96fab6bc56dc340580b537183b 4730 4731commit eedab8db12d57c4f4583f6b60e48a4ce25b47b9c 4732Author: Damien Miller <djm@mindrot.org> 4733Date: Fri Jul 25 16:21:43 2025 +1000 4734 4735 unbreak !EC builds 4736 4737commit 203f5ac6cfa0e257db7509d4bb830e8a4bba6211 4738Author: djm@openbsd.org <djm@openbsd.org> 4739Date: Thu Jul 24 06:04:47 2025 +0000 4740 4741 upstream: test code now needs to link ssh-pkcs11-client.c any time 4742 4743 sshkey.c is included 4744 4745 OpenBSD-Regress-ID: 9d07188eae9a96801c3150b3433bb220626d4443 4746 4747commit 33b4f05c8ddab24aa6c47afb313b8cbd0d4b77f4 4748Author: Damien Miller <djm@mindrot.org> 4749Date: Fri Jul 25 12:47:17 2025 +1000 4750 4751 update clang-16 -> clang-19 4752 4753commit 03e9e993ef1ef5accc6457152278cab5988f9b3d 4754Author: Damien Miller <djm@mindrot.org> 4755Date: Fri Jul 25 12:46:59 2025 +1000 4756 4757 include ssh-pkcs11-client.o as common dep 4758 4759commit 2f5269938a8e4769f484c9d45419a86529078ede 4760Author: Damien Miller <djm@mindrot.org> 4761Date: Fri Jul 25 12:46:10 2025 +1000 4762 4763 remove vestigial stub 4764 4765commit bf33a73c40522ce60961d4fff316a7187fb06ca0 4766Author: djm@openbsd.org <djm@openbsd.org> 4767Date: Thu Jul 24 23:27:04 2025 +0000 4768 4769 upstream: this should include stdlib.h explicitly 4770 4771 OpenBSD-Commit-ID: 1c0cc5c3838344b33ae4ab7aa62c01530357bf29 4772 4773commit 9f8ccc3b81b53324cc489f3fe00f03c329c0acb2 4774Author: djm@openbsd.org <djm@openbsd.org> 4775Date: Thu Jul 24 06:59:51 2025 +0000 4776 4777 upstream: less stale reference to PKCS#1 1.5 hash OIDs; feedback 4778 4779 from tb@ 4780 4781 OpenBSD-Commit-ID: 9fda77978491a130a7b77d87d40c79277b796721 4782 4783commit 1641ab8744f500f55f12155d03f1a3116aaea374 4784Author: djm@openbsd.org <djm@openbsd.org> 4785Date: Thu Jul 24 06:12:08 2025 +0000 4786 4787 upstream: factor out encoding of a raw ed25519 signature into its 4788 4789 ssh form into a separate function 4790 4791 OpenBSD-Commit-ID: 3711c6d6b52dde0bd1f17884da5cddb8716f1b64 4792 4793commit a8c0e5c871c0c7ee5ae93e353b1499a53c09c71d 4794Author: djm@openbsd.org <djm@openbsd.org> 4795Date: Thu Jul 24 05:44:55 2025 +0000 4796 4797 upstream: Help OpenSSH's PKCS#11 support kick its meth habit. 4798 4799 The PKCS#11 code in OpenSSH used the libcrypto public key method API 4800 (e.g. the delightfully named RSA_meth_free()) to delegate signing 4801 operations to external keys. This had one advantage - that it was 4802 basically transparent to callers, but also had a big disadvantage - 4803 that we'd manually have to track the method implementations, their 4804 state and their relationships to the underlying PKCS#11 objects. 4805 4806 This rips this out and replaces it with explicit delegation to 4807 PKCS#11 code for externally hosted keys via the ssh-pkcs11-helper 4808 subprocess. This is very similar to how we handle FIDO keys in 4809 OpenSSH (i.e. via ssh-sk-helper). All we need to track now is a 4810 much simpler mapping of public key -> helper subprocess. 4811 4812 Kicking our libcrypto meth dependency also makes it much easier 4813 to support Ed25519 keys in PKCS#11, which will happen in a subsequent 4814 commit. 4815 4816 feedback / ok tb@ 4817 4818 OpenBSD-Commit-ID: a5a1eaf57971cf15e0cdc5a513e313541c8a35f0 4819 4820commit 259c66aebe4e1f9d60e548f728ff74083bcccddf 4821Author: Darren Tucker <dtucker@dtucker.net> 4822Date: Thu Jul 24 22:02:49 2025 +1000 4823 4824 Remove DEBUG_ACTIONS variable. 4825 4826 If needed it can be set in github if needed. 4827 4828commit 40fb2dc4ece76c8f0c624d90a17bc1bbf47f3729 4829Author: djm@openbsd.org <djm@openbsd.org> 4830Date: Wed Jul 23 05:07:19 2025 +0000 4831 4832 upstream: add a ssh_config RefuseConnection option that, when 4833 4834 encountered while processing an active section in a configuration file, 4835 terminates ssh(1) with an error message that contains the argument to the 4836 option. 4837 4838 This may be useful for expressing reminders or warnings in config 4839 files, for example: 4840 4841 Match host foo 4842 RefuseConnection "foo is deprecated, use splork instead" 4843 4844 ok djg 4845 4846 OpenBSD-Commit-ID: 5b0072fcd08ad3932ab21e27bbaa66b008d44237 4847 4848commit defc806574d2256036d69a291caf0f3484844de6 4849Author: miod@openbsd.org <miod@openbsd.org> 4850Date: Sat Jul 12 05:28:33 2025 +0000 4851 4852 upstream: Add missing inter-library dependencies to LDADD and 4853 4854 DPADD. ok tb@ deraadt@ 4855 4856 OpenBSD-Commit-ID: a05e13a7e2c0b65bb4b47184fef731243431c6ff 4857 4858commit e6805e2a6b33e001e1a7257b85ab779fd592a578 4859Author: Jan Tojnar <jtojnar@gmail.com> 4860Date: Thu May 18 16:30:35 2023 +0200 4861 4862 Add gnome-ssh-askpass4 for GNOME 40+ 4863 4864 GTK 3 has been in maintenance mode for a while now, and it is on the road 4865 to being abandoned. As a result, the dialogue looks out of place on modern 4866 systems. 4867 4868 We could port it to GTK 4 but without the program being registered as an 4869 application (i.e. having a .desktop file), GNOME Shell would ask for 4870 permission to grab input every time. 4871 4872 Let’s instead use the GNOME Shell’s native prompt through the unstable 4873 Gcr API. 4874 4875commit f9dc519259804702cab0fa0ca8b193a360e3ec38 4876Author: Damien Miller <djm@mindrot.org> 4877Date: Fri Jul 11 17:20:27 2025 -0700 4878 4879 let ga_init() fail gracefully if getgrouplist does 4880 4881 Apparently getgrouplist() can fail on OSX for when passed a non-existent 4882 group name. Other platforms seem to return a group list consisting of 4883 the numeric gid passed to the function. 4884 4885 This makes ga_init() handle this failure case gracefully, where it will 4886 return success but with an empty group list array. 4887 4888 bz3848; ok dtucker@ 4889 4890commit f01a899b92ab8c5e6ff71214658bd09636c47e87 4891Author: djm@openbsd.org <djm@openbsd.org> 4892Date: Fri Jul 11 23:26:59 2025 +0000 4893 4894 upstream: add a "Match Group NoSuchGroup" to exercise groupaccess.c 4895 4896 OpenBSD-Regress-ID: 7ff58e6f0eb21eb9064dd0cfa78c3b6f34b5f713 4897 4898commit 1052fa62b35e0bb25b0c1efb9fdd7870e4a68ab6 4899Author: Damien Miller <djm@mindrot.org> 4900Date: Fri Jul 11 15:36:49 2025 -0700 4901 4902 more diagnostics when getgrouplist fails 4903 4904commit eddd1d2daa64a6ab1a915ca88436fa41aede44d4 4905Author: djm@openbsd.org <djm@openbsd.org> 4906Date: Fri Jul 4 09:51:01 2025 +0000 4907 4908 upstream: Fix mistracking of MaxStartups process exits in some 4909 4910 situations. At worst, this can cause all MaxStartups slots to fill and sshd 4911 to refuse new connections. 4912 4913 Diagnosis by xnor; ok dtucker@ 4914 4915 OpenBSD-Commit-ID: 10273033055552557196730f898ed6308b36a78d 4916 4917commit c971f3d93efe4c00d73b276cdbab66e7c66c9b5c 4918Author: Darren Tucker <dtucker@dtucker.net> 4919Date: Sat Jul 5 20:50:50 2025 +1000 4920 4921 Add include for gssapi definitions. 4922 4923 Patch from dbelyavs at redhat.com via bz#3846. 4924 4925commit 007b69f21cf9e64125b241d4411a5e47f5028aa8 4926Author: djm@openbsd.org <djm@openbsd.org> 4927Date: Fri Jul 4 07:52:17 2025 +0000 4928 4929 upstream: add a regress test for configurations > 256KB 4930 4931 mostly by Dmitry Belyavskiy 4932 4933 OpenBSD-Regress-ID: fcedb249e4cf2447e078a839877f99730ee79024 4934 4935commit 0cf38d74463bcf80510e7fd1b3d9328e7d91eb00 4936Author: djm@openbsd.org <djm@openbsd.org> 4937Date: Fri Jul 4 07:47:35 2025 +0000 4938 4939 upstream: the messaging layer between sshd-session and sshd-auth had a 4940 4941 maximum message size of 256KB. Some people apparently have configurations 4942 larger than this and would hit this limit. 4943 4944 Worse, there was no good logging that could help diagnose what was 4945 going wrong. 4946 4947 So this bumps the maximum message size to 4MB and implements an early 4948 check (usable via the sshd -t test mode) that will report it to the 4949 user where it is hopefully more visible. 4950 4951 bz3808, reported by Dmitry Belyavskiy, ok dtucker@ 4952 4953 OpenBSD-Commit-ID: 69c303fb68cbd1a4735936835d67a71e7b57f63b 4954 4955commit fd10cea0f16e928ae2b52fbeadccd475d0438eb4 4956Author: djm@openbsd.org <djm@openbsd.org> 4957Date: Fri Jul 4 00:17:55 2025 +0000 4958 4959 upstream: mux: fix incorrect return value check in local forward 4960 4961 cancellation 4962 4963 channel_cancel_lport_listener() returns 1 on success and 0 on failure. 4964 The previous code incorrectly checked for `== -1`, a value the function 4965 never returns, so failure was not detected and the "port not found" 4966 error message was never shown when cancelling dynamic or local port 4967 forwards. 4968 4969 From: Boris Tonofa <b.tonofa@ideco.ru> 4970 4971 OpenBSD-Commit-ID: 3e9d2252a4d0bd318d4f25e2b518afb44acea170 4972 4973commit 29cf521486bf97ab9de5b9b356f812107e0671bc 4974Author: Damien Miller <djm@mindrot.org> 4975Date: Wed Jul 2 13:47:38 2025 +1000 4976 4977 wrap some autoconf macros in AC_CACHE_CHECK 4978 4979 This allows skipping/overriding the OSSH_CHECK_CFLAG_COMPILE and 4980 OSSH_CHECK_CFLAG_LINK macros used to discover supported compiler 4981 or linker flags. E.g. 4982 4983 $ ./configure ossh_cv_cflag__fzero_call_used_regs_used=no 4984 [...] 4985 checking if cc supports compile flag -ftrapv and linking succeeds... yes 4986 checking if cc supports compile flag -fzero-call-used-regs=used and linking succeeds... (cached) no 4987 checking if cc supports compile flag -ftrivial-auto-var-init=zero... yes 4988 4989 Patch from Colin Watson, ok dtucker@ 4990 4991commit b28e91aff80fd24341de8cb3c34dc454d6b75228 4992Author: dtucker@openbsd.org <dtucker@openbsd.org> 4993Date: Sun Jun 29 08:20:21 2025 +0000 4994 4995 upstream: Add shebang path to askpass script. Required for exec on 4996 4997 some platforms (musl, probably others). 4998 4999 OpenBSD-Regress-ID: 35cdeed12ae701afcb812f800c04d817325cd22a 5000 5001commit 83d3ffc0fc0f5e4473ab43f0d42a1cf9497ce0b5 5002Author: dtucker@openbsd.org <dtucker@openbsd.org> 5003Date: Sun Jun 29 05:35:00 2025 +0000 5004 5005 upstream: Check dropbear server version for required features. 5006 5007 Dropbear added the '-D' flag in version 2025.87. We need that for the 5008 dropbear-server test, so skip on older versions. 5009 5010 OpenBSD-Regress-ID: 9db0b84edd54d3c00ab17db1dc6d62af4644c550 5011 5012commit 0b17d564cfae82f2a52e9b4d588657da47ea4e43 5013Author: Darren Tucker <dtucker@dtucker.net> 5014Date: Sun Jun 29 14:34:48 2025 +1000 5015 5016 Encrypt temporary password we're setting. 5017 5018 Now that we want to actually use the random password for tests, we need 5019 to correctly encrypt it, instead of just setting it to a random string 5020 that's not the "locked" value. 5021 5022commit 700205bd861c25cc7564010cf63d984d8db5098a 5023Author: Darren Tucker <dtucker@dtucker.net> 5024Date: Sun Jun 29 11:27:17 2025 +1000 5025 5026 Fix env again. 5027 5028commit 223a1beac7b7be9252f69055781c9c15f4d8a607 5029Author: Darren Tucker <dtucker@dtucker.net> 5030Date: Sun Jun 29 11:24:42 2025 +1000 5031 5032 Move env again. 5033 5034commit d32614b448528ac08a65caac323a34b4f559a204 5035Author: Darren Tucker <dtucker@dtucker.net> 5036Date: Sun Jun 29 11:22:00 2025 +1000 5037 5038 Move env to where it (hopefully) belongs. 5039 5040commit 8a9384de483b8fb69a800e0347273686a5715fc3 5041Author: Darren Tucker <dtucker@dtucker.net> 5042Date: Sun Jun 29 11:14:18 2025 +1000 5043 5044 Enable password tests on Github ephemeral VMs. 5045 5046commit bcfe7340d9b622ecd978c87dbf885c8b5a503ca2 5047Author: dtucker@openbsd.org <dtucker@openbsd.org> 5048Date: Sat Jun 28 13:34:08 2025 +0000 5049 5050 upstream: Add simple regression test for dropbear as a server. 5051 5052 OpenBSD-Regress-ID: 7abe1f6607d0cd49839918aade8f135d2462d389 5053 5054commit 838d5ec4b12fb519ed9db76e5beccf11b7ee212f 5055Author: dtucker@openbsd.org <dtucker@openbsd.org> 5056Date: Tue Jun 24 12:28:23 2025 +0000 5057 5058 upstream: Add simple test for password auth. Requires some setup 5059 5060 so does not run by default. 5061 5062 OpenBSD-Regress-ID: d5ded47a266b031fc91f99882f07161ab6d1bb70 5063 5064commit 57fb460165ae3b2d591f2468d7fe13cc1abda26d 5065Author: djm@openbsd.org <djm@openbsd.org> 5066Date: Tue Jun 17 01:24:32 2025 +0000 5067 5068 upstream: add RCS ID 5069 5070 OpenBSD-Regress-ID: 6e30094e3bf0a1c65efb75c67a87093304a3e619 5071 5072commit 688fa02728f2efbf18388bc1a8e94e7ba7ee4f11 5073Author: djm@openbsd.org <djm@openbsd.org> 5074Date: Tue Jun 24 09:22:03 2025 +0000 5075 5076 upstream: make "Match !final" not trigger a 2nd pass ssh_config 5077 5078 parsing pass (unless hostname canonicalisation or a separate "Match final" 5079 does). bz3843 5080 5081 ok dtucker@ 5082 5083 OpenBSD-Commit-ID: ce82b6034828888f0f3f1c812e08f5e87400d802 5084 5085commit 5ba8391d697740a838fd8811434f707f0e079baa 5086Author: djm@openbsd.org <djm@openbsd.org> 5087Date: Thu Jun 19 05:49:05 2025 +0000 5088 5089 upstream: better debug diagnostics when loading keys. Will now list 5090 5091 key fingerprint and algorithm (not just algorithm number) as well as making 5092 it explicit which keys didn't load. 5093 5094 OpenBSD-Commit-ID: ee3e77a0271ab502e653922c6d161b1e091f8fee 5095 5096commit b360f3a675e24b0dbb2ec30d985e3b6756996c0d 5097Author: djm@openbsd.org <djm@openbsd.org> 5098Date: Tue Jun 17 01:20:17 2025 +0000 5099 5100 upstream: whitespace 5101 5102 OpenBSD-Commit-ID: 6e96814bcf70d0edbb0749ec61cc4fd8707f286d 5103 5104commit ad38ec5f1b6768944d64ed7709da8706538b5509 5105Author: djm@openbsd.org <djm@openbsd.org> 5106Date: Tue Jun 17 01:19:27 2025 +0000 5107 5108 upstream: fix leak on error path; Coverity CID 481976 5109 5110 OpenBSD-Commit-ID: 963dba2c804e2fd8efea2256092899874d0dbc7b 5111 5112commit 5f761cdb2331a12318bde24db5ca84ee144a51d1 5113Author: Darren Tucker <dtucker@dtucker.net> 5114Date: Tue Jun 17 21:46:37 2025 +1000 5115 5116 Update obsd tests to use current images. 5117 5118commit 1e8347e3543a415067ccc556aefea97656ecafb7 5119Author: Damien Miller <djm@mindrot.org> 5120Date: Tue Jun 17 09:48:47 2025 +1000 5121 5122 add sshd-auth to RPM spec files 5123 5124commit dd800444943bd64913507f6005586136d49f63db 5125Author: dtucker@openbsd.org <dtucker@openbsd.org> 5126Date: Mon Jun 16 09:09:42 2025 +0000 5127 5128 upstream: Limit each moduli size to a max of 100 entries. 5129 5130 OpenBSD-Commit-ID: 747219d54565030ff7c45298b9f5e971801f6cb2 5131 5132commit 05f7bf46d1e2c101e9cbdd3df2ccee484bed969f 5133Author: dtucker@openbsd.org <dtucker@openbsd.org> 5134Date: Mon Jun 16 09:07:08 2025 +0000 5135 5136 upstream: Now that ssh-keygen defaults to the maximum memory for 5137 5138 moduli generation we no longer need to run it twice to get enough. Use mkdir 5139 -p instead of a conditional, which allows "make -jN" to work without error. 5140 5141 OpenBSD-Commit-ID: c2eb57285424f819f9520fa33e0d6d3c4a361a5e 5142 5143commit df3f903d616763a105570610a616dacf0f83438e 5144Author: dtucker@openbsd.org <dtucker@openbsd.org> 5145Date: Mon Jun 16 09:02:19 2025 +0000 5146 5147 upstream: Fix overflow check in sshbuf_dup_string. It's already 5148 5149 constrained by SSHBUF_SIZE_MAX, but still worth fixing the check. Patch from 5150 afonot via github PR#573, with & ok djm@ 5151 5152 OpenBSD-Commit-ID: 438888498e66472fc6a48133196d6538d27bff18 5153 5154commit 80916d0d3794e2f92dd6998d7c45daba484e4f18 5155Author: dtucker@openbsd.org <dtucker@openbsd.org> 5156Date: Mon Jun 16 08:53:04 2025 +0000 5157 5158 upstream: Plug mem leak. Patch from afonot via github PR#574, ok djm@ 5159 5160 OpenBSD-Commit-ID: 65619f14ef206028ce39bc31f704b832a0609688 5161 5162commit bd1bd7e8296aa51a4b3958cef2fbb17894ba94e9 5163Author: dtucker@openbsd.org <dtucker@openbsd.org> 5164Date: Mon Jun 16 08:49:27 2025 +0000 5165 5166 upstream: Save return value from sshbuf_len instead of calling it 5167 5168 multiple times. Fixes Coverity CID 470521. 5169 5170 OpenBSD-Regress-ID: 356b8b43c8a232deaf445c1ff7526577b177a8e9 5171 5172commit 2827b6ac304ded8f99e8fbc12e7299133fadb2c2 5173Author: dtucker@openbsd.org <dtucker@openbsd.org> 5174Date: Fri Jun 13 07:35:14 2025 +0000 5175 5176 upstream: Plug leak. Coverity CID 405058. 5177 5178 OpenBSD-Regress-ID: 7fb2fce68d2cb063cdb94d5d66f84fa3a2902792 5179 5180commit 9cdc72b829e9f0e24dedc533cbe87291d8a88c9e 5181Author: dtucker@openbsd.org <dtucker@openbsd.org> 5182Date: Fri Jun 13 07:23:07 2025 +0000 5183 5184 upstream: Remove dead code flagged by Coverity CID 307783. ok djm@ 5185 5186 OpenBSD-Regress-ID: e579f5ec2fd2eb2fe2bad654d16f2ba655a3e035 5187 5188commit 930a45ee759728c8ba711c45a2a985b8191bd297 5189Author: dtucker@openbsd.org <dtucker@openbsd.org> 5190Date: Thu Jun 12 10:09:39 2025 +0000 5191 5192 upstream: Set user, host and path to NULL immediately before calling 5193 5194 parse_user_host_path in tests. This ensures that we don't accidentally use 5195 the previous value if the function under test doesn't set them Also fixes 5196 Coverity CIDs 405056 405065 405066. 5197 5198 OpenBSD-Regress-ID: 43678ff59001712f32214fe303b1c21c163c2960 5199 5200commit 2314d87f9b8b430532111fd6e5e8df0cf9068c9c 5201Author: dtucker@openbsd.org <dtucker@openbsd.org> 5202Date: Thu Jun 12 09:26:57 2025 +0000 5203 5204 upstream: Plug mem leak on error path here too. 5205 5206 Coverity CID 307781. 5207 5208 OpenBSD-Regress-ID: 18e053d9b661fbb4227d3db03172077c1216bb2e 5209 5210commit 567ef4e7ddc5c1e7a461560963a1dc759669821d 5211Author: dtucker@openbsd.org <dtucker@openbsd.org> 5212Date: Thu Jun 12 09:19:43 2025 +0000 5213 5214 upstream: Plug mem leak on error path. 5215 5216 Coverity CID 307776. 5217 5218 OpenBSD-Regress-ID: c44246690973e1b8643e51079a2faa7ace26490c 5219 5220commit 5d415897ac04e237f1fa73b9dcb9ba8fb3ac812b 5221Author: dtucker@openbsd.org <dtucker@openbsd.org> 5222Date: Wed Jun 11 13:27:11 2025 +0000 5223 5224 upstream: Remove dead code ternary. We always report at least 5225 5226 KB/s, so B/s is never used. Coverity CID 291809, ok djm@ 5227 5228 OpenBSD-Commit-ID: a67c5bcc9e19c8965bfeace0e337b13660efa058 5229 5230commit 4b3d27032ba88dd089b721f3bbe3e4a8d23b4ae1 5231Author: dtucker@openbsd.org <dtucker@openbsd.org> 5232Date: Wed Jun 11 13:24:05 2025 +0000 5233 5234 upstream: Improve termination condition of while loop to compare 5235 5236 size_t's. Assuming read() does what it's supposed to this shouldn't matter, 5237 but should be more robust. Flagged by Coverity CID 470514, ok djm@ 5238 5239 OpenBSD-Commit-ID: d7b5ad60feb797b3464964b9ea67fd78fb9d6cc6 5240 5241commit 5530e5f83b3cd3425ea3dbab02da15140befdd91 5242Author: Darren Tucker <dtucker@dtucker.net> 5243Date: Tue Jun 10 18:40:56 2025 +1000 5244 5245 Replace Windows 2019 runners with 2025 ones. 5246 5247 The windows-2019 runners are being decomissioned. 5248 5249commit a22ff3c6f11edd00c19981f9cb85d3b25d305a56 5250Author: Darren Tucker <dtucker@dtucker.net> 5251Date: Wed Jun 4 18:33:52 2025 +1000 5252 5253 Disable _FORTIFY_SOURCE during snprintf test. 5254 5255 Prevents mistakenly detecting snprintf as broken on FreeBSD 15 with 5256 _FORTIFY_SOURCE enabled. bz#3809, patch from jlduran at gmail.com 5257 5258commit 203bb886797677aa5d61b57be83cfdc1b634bc9c 5259Author: dtucker@openbsd.org <dtucker@openbsd.org> 5260Date: Mon Jun 2 14:09:34 2025 +0000 5261 5262 upstream: Fix x11_channel_used_recently() to return true when channel 5263 5264 has been used within the last second, instead of more than a second ago. 5265 Should fix ~5s delay on X client startup when ObscureKeystrokeTiming is 5266 enabled. bz#3820, ok (& sigh) djm@ 5267 5268 OpenBSD-Commit-ID: b741011e81fb3e3d42711d9bd3ed8a959924dee4 5269 5270commit dc6c134b48ba4bcfadedcea17b4eddac329601d9 5271Author: dtucker@openbsd.org <dtucker@openbsd.org> 5272Date: Thu May 29 13:27:27 2025 +0000 5273 5274 upstream: When there's more than one x11 channel in use, return 5275 5276 lastused of most recently used x11 channel instead of the last one found. ok 5277 djm@ 5278 5279 OpenBSD-Commit-ID: 94a72bf988d40a5bae2e38608f4e117f712569fe 5280 5281commit 73ef0563a59f90324f8426c017f38e20341b555f 5282Author: djm@openbsd.org <djm@openbsd.org> 5283Date: Sat May 24 11:41:51 2025 +0000 5284 5285 upstream: replace xmalloc+memset(0) with xcalloc(); from AZero13 via 5286 5287 GHPR417 5288 5289 OpenBSD-Commit-ID: 921079436a4900325d22bd3b6a90c8d0d54f62f8 5290 5291commit 3a61f5ed66231881bee432c7e7c6add066c086af 5292Author: djm@openbsd.org <djm@openbsd.org> 5293Date: Sat May 24 09:46:16 2025 +0000 5294 5295 upstream: fix punctuation around host key fingerprints to make them 5296 5297 easier to copy and paste. 5298 5299 Patch from Till Maas via GHPR556; ok dtucker@ 5300 5301 OpenBSD-Commit-ID: c0100182a30b6925c8cdb2225b18140264594b7b 5302 5303commit b12d4ab1e16f57c6c348b483b1dbdd4530aaaddd 5304Author: dtucker@openbsd.org <dtucker@openbsd.org> 5305Date: Sat May 24 08:13:29 2025 +0000 5306 5307 upstream: Replace strncmp + byte count with strprefix in Penalty 5308 5309 config parsing. ok kn@, djm@ 5310 5311 OpenBSD-Commit-ID: 34a41bb1b9ba37fb6c7eb29a7ea909547bf02a5a 5312 5313commit a356d978e30dd9870c0b3a7d8edca535b0cd2809 5314Author: dtucker@openbsd.org <dtucker@openbsd.org> 5315Date: Sat May 24 08:09:32 2025 +0000 5316 5317 upstream: Make the display number check relative to 5318 5319 X11DisplayOffset. 5320 5321 This will allows people to use X11DisplayOffset to configure much higher 5322 port ranges if they really want, while not changing the default behaviour. 5323 Patch from Roman Gubarev via github PR#559, ok djm@ 5324 5325 OpenBSD-Commit-ID: e0926af5dc0c11e364452b624c3ad0cda88550b5 5326 5327commit e18983d03ab969e2f12485d5c0ee61e6d745a649 5328Author: Darren Tucker <dtucker@dtucker.net> 5329Date: Sat May 24 17:20:57 2025 +1000 5330 5331 Remove progressmeter.o from libssh.a. 5332 5333 It's now explicitly included by the binaries that need it (scp & sftp). 5334 bz#3810, patch from jlduran at gmail.com 5335 5336commit f8967045ad9d588bc11426642070bf8549065e62 5337Author: dtucker@openbsd.org <dtucker@openbsd.org> 5338Date: Sat May 24 06:50:28 2025 +0000 5339 5340 upstream: Null out keys between test runs. 5341 5342 BENCH_START and BENCH_FINISH are actually a while() loop in disguise, 5343 so if sshkey_generate does not reset the key pointer on failure the test 5344 may incorrectly pass. It also confuses Coverity (CID 551234). 5345 5346 OpenBSD-Regress-ID: bf4d32079fc6df6dce1f26c2025f4ed492f13936 5347 5348commit a26091ecdb2a3d72b77baf3c253e676a3c835a24 5349Author: djm@openbsd.org <djm@openbsd.org> 5350Date: Sat May 24 04:41:12 2025 +0000 5351 5352 upstream: add some verbosity 5353 5354 OpenBSD-Regress-ID: 11c86cda4435b5f9ab6172c4742b95899666c977 5355 5356commit 484563ec70e30472ab4484d49bca9a83771d785c 5357Author: djm@openbsd.org <djm@openbsd.org> 5358Date: Sat May 24 04:41:03 2025 +0000 5359 5360 upstream: use start_ssh_agent() to ensure we get logging 5361 5362 add some verbosity 5363 5364 OpenBSD-Regress-ID: a89bf64696b9fb1b91be318e6b8940c9ab21c616 5365 5366commit e3c58113ebb3397b252ff26e0e94f726b7db7a8a 5367Author: djm@openbsd.org <djm@openbsd.org> 5368Date: Sat May 24 04:40:37 2025 +0000 5369 5370 upstream: add a start_ssh_agent() function that sets up an agent 5371 5372 with logging 5373 5374 OpenBSD-Regress-ID: 7f9f30f9c64acbd4b418a5e1a19140cc988071a8 5375 5376commit 3de011ef7a761751afe28ac7ef97fe330d784595 5377Author: dtucker@openbsd.org <dtucker@openbsd.org> 5378Date: Sat May 24 06:43:37 2025 +0000 5379 5380 upstream: Plug leak of startup_pollfd in debug and child paths. 5381 5382 Coverity CID 405024, ok djm@ 5383 5384 OpenBSD-Commit-ID: db46047229253e9c4470c8bbf5f82706ac021377 5385 5386commit d0245389bc55f16082cadd0a39dda5af1c415dfa 5387Author: Darren Tucker <dtucker@dtucker.net> 5388Date: Sat May 24 17:11:38 2025 +1000 5389 5390 ssh-keygen changes were fixup'ed into single commit. 5391 5392commit 140bae1df2b7246bb43439d039bf994159973585 5393Author: Marco Trevisan (Treviño) <mail@3v1n0.net> 5394Date: Mon Sep 30 13:14:11 2024 +0200 5395 5396 auth-pam: Check the user didn't change during PAM transaction 5397 5398 PAM modules can change the user during their execution, in such case ssh 5399 would still use the user that has been provided giving potentially 5400 access to another user with the credentials of another one. 5401 5402 So prevent this to happen, by ensuring that the final PAM user is 5403 matching the one that initiated the transaction. 5404 5405commit 216824172724a50a4a75439fb2b4b8edccf5b733 5406Author: dtucker@openbsd.org <dtucker@openbsd.org> 5407Date: Sat May 24 03:37:40 2025 +0000 5408 5409 upstream: Remove ssh-keygen's moduli screen -Omemory option. 5410 5411 This vaguely made sense 20 years ago, but these days you'd be hard 5412 pressed to *find* a machine small enough to not support the maximum 5413 (127MB), and no one is screening moduli on such machines anyway, 5414 so just use the max. This also fixes Coverity CID 470522 by deleting 5415 code in question. "kill it with fire" djm@. 5416 5417 OpenBSD-Commit-ID: 39036aa406a99f0a91923aa3a96afff1205558e6 5418 5419commit f5cd14e81fa29b4924959cb2e1f9c206aae2d502 5420Author: dtucker@openbsd.org <dtucker@openbsd.org> 5421Date: Sat May 24 02:33:33 2025 +0000 5422 5423 upstream: Fix compile error on 32bit platforms. 5424 5425 Spotted by & ok tb@ 5426 5427 OpenBSD-Commit-ID: cbcf518247886f3c7518fc54cb3bd911ffc69db7 5428 5429commit eccc15014fe146e8590568e6737a3097bfac3415 5430Author: dtucker@openbsd.org <dtucker@openbsd.org> 5431Date: Sat May 24 02:01:28 2025 +0000 5432 5433 upstream: Use pointer from strprefix in error message, 5434 5435 missed in previous. 5436 5437 OpenBSD-Commit-ID: d2cdec6cf0fcd4b0ee25e4e3fad8bc8cf0ee657d 5438 5439commit 91903511d0597c3bea218167f9ca5a176fa0dc20 5440Author: dtucker@openbsd.org <dtucker@openbsd.org> 5441Date: Fri May 23 12:52:45 2025 +0000 5442 5443 upstream: Replace strncmp and strncasecmp with hand-counting bytes 5444 5445 with strprefix. nits lucas@, ok lucas@ djm@ 5446 5447 OpenBSD-Commit-ID: f0888807f151ea2bdaf6fed36303ae81f259d1d4 5448 5449commit 0c64d69e4e24a3ab06f7922ef389e7399c4dfb88 5450Author: dtucker@openbsd.org <dtucker@openbsd.org> 5451Date: Fri May 23 11:54:50 2025 +0000 5452 5453 upstream: Include stdint.h for UINT32_MAX. 5454 5455 OpenBSD-Commit-ID: edc29ed67e8bd03bac729d9b4849066d1d3a8cb9 5456 5457commit 3e11478f585408888defa56fa47e8dc6567378d0 5458Author: dtucker@openbsd.org <dtucker@openbsd.org> 5459Date: Fri May 23 11:25:35 2025 +0000 5460 5461 upstream: Ensure args to nh_update() fit within uint32, which it 5462 5463 should always anyway. Placates Coverity CID 470520. While there, fix the 5464 upstream URL. ok djm@ 5465 5466 OpenBSD-Commit-ID: 2478e89fde089a49fa02f9faf6287d35959c9f92 5467 5468commit f097d7bd07da4634c1a723d1dc4fcf56e7d0e147 5469Author: dtucker@openbsd.org <dtucker@openbsd.org> 5470Date: Fri May 23 09:26:25 2025 +0000 5471 5472 upstream: Don't leak the args list. Coverity CIDs 481569 & 481570, 5473 5474 ok job@ tb@. 5475 5476 OpenBSD-Commit-ID: becabcd00513d13d1435b68b7ccffa7151b72393 5477 5478commit a4ea7f6042f25b41061a83445016a1ea4f470f7b 5479Author: dtucker@openbsd.org <dtucker@openbsd.org> 5480Date: Fri May 23 08:40:13 2025 +0000 5481 5482 upstream: Explictly set LC_ALL=C on each sort invocation. 5483 5484 Remove it from sshd_config (where it could be overridden by shell startup 5485 scripts, eg on macos-15) causing random test failures. with & ok djm@ 5486 5487 OpenBSD-Regress-ID: ad0a6678964784096e9a9e6d15ead36beed92f18 5488 5489commit 7674c03caed80cb3565d14690c92068a14051967 5490Author: Darren Tucker <dtucker@dtucker.net> 5491Date: Fri May 23 16:39:18 2025 +1000 5492 5493 Allow setting LTESTS in repo variables. 5494 5495commit d8b5bd36078e5b6d78da4633f0cc9b90ffda8b50 5496Author: Darren Tucker <dtucker@dtucker.net> 5497Date: Fri May 23 16:26:20 2025 +1000 5498 5499 Rename debugging variable RUN_ONLY_TEST. 5500 5501 to RUN_ONLY_TARGET_CONFIG to make it more obvious what it matches. 5502 5503commit a79a2c1190bd3124da21d9e1582dd94877c7f972 5504Author: Darren Tucker <dtucker@dtucker.net> 5505Date: Fri May 23 16:11:48 2025 +1000 5506 5507 chown regress logs before uploading. 5508 5509commit 24889a33071086b6f1f62568b0c2bd0a4955ac49 5510Author: dtucker@openbsd.org <dtucker@openbsd.org> 5511Date: Fri May 23 01:14:35 2025 +0000 5512 5513 upstream: Import regenerated moduli. 5514 5515 OpenBSD-Commit-ID: 07e29dc891e29b31e03e2e5493658b4a9ac19431 5516 5517commit 4b8bee62d72ffb3c419c9ead6c9fb1a586283868 5518Author: deraadt@openbsd.org <deraadt@openbsd.org> 5519Date: Fri May 23 00:40:45 2025 +0000 5520 5521 upstream: use "const char * const" for malloc_options here also 5522 5523 OpenBSD-Commit-ID: 869715b9c7e1dd5b85efd07814e7e53f0286eea2 5524 5525commit 6629eee21ca9d0a597a04dcac744a1ad882f912e 5526Author: dtucker@openbsd.org <dtucker@openbsd.org> 5527Date: Thu May 22 12:14:19 2025 +0000 5528 5529 upstream: Adjust debug message to prevent (unsigned) integer overflow. 5530 5531 Fixes Coverity CID 481110, ok djm@ 5532 5533 OpenBSD-Commit-ID: 26178bf3b812707fb498ea85d076cadd1f2eb686 5534 5535commit 7acb70e05e9977ceca7b33df84ceaea337b1efef 5536Author: bluhm@openbsd.org <bluhm@openbsd.org> 5537Date: Thu May 22 04:34:18 2025 +0000 5538 5539 upstream: Fix OpenBSD RCS ID typos. from Andrius V 5540 5541 OpenBSD-Regress-ID: 5c03a2ef5323969fc4978f2eec4f1a25c48c572a 5542 5543commit 2b2a7a2a0d70023b439080bb2770ff36522dbea8 5544Author: Darren Tucker <dtucker@dtucker.net> 5545Date: Thu May 22 22:09:48 2025 +1000 5546 5547 Remove debug change accidentally commited. 5548 5549 Fixes Coverity CID 481160. 5550 5551commit 450a8a1df1577ddbe68fe8da1fb8514d3781ef32 5552Author: Darren Tucker <dtucker@dtucker.net> 5553Date: Thu May 22 21:16:37 2025 +1000 5554 5555 Collect all of regress dir on failure. 5556 5557 This may allow us to sort through its entrails and determine the cause 5558 of some types of failures. 5559 5560commit de25e739781c4c09d20abd410f50f0a6f192dc72 5561Author: Damien Miller <djm@mindrot.org> 5562Date: Thu May 22 18:42:44 2025 +1000 5563 5564 minimal shims for fstatat(2)/unlinkat(2) in agent 5565 5566 Add some very minimal and task-specific replacements for 5567 fstatat(2) and unlinkat(2) in the ssh-agent socket cleanup 5568 loop, for platforms that lack these functions. ok dtucker@ 5569 5570commit 6d192645a613aa814d51050b0458f37265b90d6c 5571Author: dtucker@openbsd.org <dtucker@openbsd.org> 5572Date: Thu May 22 04:22:03 2025 +0000 5573 5574 upstream: Output the current name for PermitRootLogin's 5575 5576 "prohibit-password" in sshd -T instead of its deprecated alias 5577 "without-password". bz#3788, patch from cjwatson at debian.org. 5578 5579 OpenBSD-Commit-ID: 2d5df18d5ad33a9b6c7547ec78a8e6ea13813df9 5580 5581commit 1ccf42378df202472e7254f37f7dabb2f5723955 5582Author: dtucker@openbsd.org <dtucker@openbsd.org> 5583Date: Thu May 22 03:53:46 2025 +0000 5584 5585 upstream: Copy arg to be passed to dirname(). 5586 5587 POSIX allows dirname() to modify its args and return a pointer into it, 5588 so this prevents an overlapping strlcpy. bz#3819, patch from cjwatson 5589 at debian.org 5590 5591 OpenBSD-Commit-ID: c32e496e6a1618aba31c8b7a9d4e1376c5ea6aa1 5592 5593commit b5877b7b3e597f47578ade9dbe7e4332f112dfc4 5594Author: dtucker@openbsd.org <dtucker@openbsd.org> 5595Date: Thu May 22 03:41:10 2025 +0000 5596 5597 upstream: Add $OpenBSD$ marker for easier syncing. 5598 5599 OpenBSD-Commit-ID: 27ff3e1e2e6610d9981ebe43ae9b783236800035 5600 5601commit 58d094c7cb974d7bd3ba6eb1059b186a2ac3dd55 5602Author: djm@openbsd.org <djm@openbsd.org> 5603Date: Wed May 21 12:12:20 2025 +0000 5604 5605 upstream: Correct FILES section to mention new default path to 5606 5607 agent sockets. Spotted by / ok jmc@ 5608 5609 OpenBSD-Commit-ID: 91d736d78d71a4276c9cbb075b1462bbc3df55a6 5610 5611commit d1d5c8b9b8de8283618c18d0dafdec6a209911cc 5612Author: Darren Tucker <dtucker@dtucker.net> 5613Date: Thu May 22 12:25:35 2025 +1000 5614 5615 Fix nc install some more. 5616 5617commit 49a2412ad23162e44be9e0b2cb12f6daf6b666d7 5618Author: Darren Tucker <dtucker@dtucker.net> 5619Date: Thu May 22 12:21:11 2025 +1000 5620 5621 Fix cvs up of nc. 5622 5623commit df22801b3f0ae245f825cf9c9dbb4543e41a7c5c 5624Author: Darren Tucker <dtucker@dtucker.net> 5625Date: Thu May 22 11:34:04 2025 +1000 5626 5627 Install nc during upstream test. 5628 5629 This ensures that the installed nc matches the expectations of the 5630 regress tests. 5631 5632commit e391c5289c2b687ff886cf780dc8fcb426e4d5d2 5633Author: Darren Tucker <dtucker@dtucker.net> 5634Date: Thu May 22 10:52:31 2025 +1000 5635 5636 Remove 9.7 branch from CI status page. 5637 5638 It's been obsolete long enough that github no longer reports its 5639 status. 5640 5641commit b71773c20d566fa5dcaf9edf3139bdcb3f2c4bc2 5642Author: Damien Miller <djm@mindrot.org> 5643Date: Wed May 21 19:14:47 2025 +1000 5644 5645 pull a small netcat SOCKS4A fix from upstream 5646 5647commit 0adb2db25eff3fe1c90c55654387ae1e4e18a396 5648Author: djm@openbsd.org <djm@openbsd.org> 5649Date: Wed May 21 08:41:52 2025 +0000 5650 5651 upstream: test SOCKS4A; ok tb 5652 5653 OpenBSD-Regress-ID: d880b75280295cd581a86e39bb0996d347f122d2 5654 5655commit 5699f4e9553c6a228fd9dc578d99e3aa6451c014 5656Author: djm@openbsd.org <djm@openbsd.org> 5657Date: Wed May 21 08:36:39 2025 +0000 5658 5659 upstream: remove log tarballing "it seemed like a good idea at the 5660 5661 time" - dtucker@ 5662 5663 ensure that log files have correct perms when running under sudo/doas 5664 5665 ok dtucker@ 5666 5667 OpenBSD-Regress-ID: 20588c14b05de9519f85d638b374b66ae0678c89 5668 5669commit 0c14e6b69a20f20d602e0e72559ca3f4dbc797fb 5670Author: djm@openbsd.org <djm@openbsd.org> 5671Date: Wed May 21 06:44:24 2025 +0000 5672 5673 upstream: use logit_f("...") instead of logit("func: ...") 5674 5675 OpenBSD-Commit-ID: c8d49eb39a9abff3cbcaeaf7df9d48468a5a0695 5676 5677commit 1743589d038476f28dc4dfb1f69317649ae22ac5 5678Author: djm@openbsd.org <djm@openbsd.org> 5679Date: Wed May 21 06:43:48 2025 +0000 5680 5681 upstream: function to make a sshbuf from a hex string; useful in 5682 5683 tests 5684 5685 also constify some arguments 5686 5687 OpenBSD-Commit-ID: 00f9c25b256be0efd73f2d8268ff041bc45ffb2c 5688 5689commit 83729cf503289104d7e64a69be14579523988cb6 5690Author: Damien Miller <djm@mindrot.org> 5691Date: Wed May 21 18:47:46 2025 +1000 5692 5693 merge netcat SOCKS4A support from OpenBSD 5694 5695 Not a full sync of this file as we have diverged substantially 5696 from upstream (it has libtls support, etc.) 5697 5698commit 750f1867476bda36879f69e25e8f52cb45c58807 5699Author: Darren Tucker <dtucker@dtucker.net> 5700Date: Tue May 20 22:17:02 2025 +1000 5701 5702 Include OpenSSL compat shim where needed. 5703 5704commit 6fb728df50c1afd338cb0223a84ce24579577eff 5705Author: Darren Tucker <dtucker@dtucker.net> 5706Date: Tue May 20 19:28:55 2025 +1000 5707 5708 Run all tests on Cygwin again. 5709 5710 ... now that we've fixed ci-setup on Cygwin. 5711 5712commit 648a3a008cf1cfa54631d2f0457b5313c455f484 5713Author: Darren Tucker <dtucker@dtucker.net> 5714Date: Tue May 20 18:48:23 2025 +1000 5715 5716 Use USERNAME rather than LOGNAME on Cygwin. 5717 5718 LOGNAME is specified by POSIX, but Windows (or at least, github's 5719 Windows images) don't set it. 5720 5721commit 0214e53124c09528b6ee29b9a551442b5611a454 5722Author: Darren Tucker <dtucker@dtucker.net> 5723Date: Tue May 20 18:28:52 2025 +1000 5724 5725 Add debug output when setting up CI environment. 5726 5727commit 9d9a2c0369419f3b4952e597db7b8696f54e7f3a 5728Author: Darren Tucker <dtucker@dtucker.net> 5729Date: Tue May 20 19:16:38 2025 +1000 5730 5731 Include openssl compat shims in test. 5732 5733 Fixes tests on platforms using older LibreSSL releases prior to 3.4. 5734 5735commit 1a9b1cfa4e8b807c7f82fdba8f730c2abdbba071 5736Author: Darren Tucker <dtucker@dtucker.net> 5737Date: Tue May 20 18:14:06 2025 +1000 5738 5739 Add compat shims for EC_POINT affine_coordinates 5740 5741 LibreSSL <3.4 does not have EC_POINT_[gs]et_affine_coordinates 5742 but does have the now-deprecated _GFp variantes. We still support 5743 LibreSSL back as far as 3.2.x so add a compat shim. 5744 5745commit cff2175200b412a9207a4fe5c1bdcc54e8a73d07 5746Author: tb@openbsd.org <tb@openbsd.org> 5747Date: Mon May 12 05:42:02 2025 +0000 5748 5749 upstream: Use EC_POINT_[sg]et_affine_coordinates() 5750 5751 It is available in all supported OpenSSL flavors/versions and the _GFp 5752 variants will be removed from LibreSSL. 5753 5754 ok hshoexer jsing 5755 5756 OpenBSD-Regress-ID: 66cf1561e7b6c49002978f2d6720956f33a882f0 5757 5758commit 2d35e24739b515394017b74465a0996c384cf28f 5759Author: tb@openbsd.org <tb@openbsd.org> 5760Date: Mon May 12 05:41:20 2025 +0000 5761 5762 upstream: Use EC_POINT_[sg]et_affine_coordinates() 5763 5764 It is available in all supported OpenSSL flavors/versions and the _GFp 5765 variants will be removed from LibreSSL. 5766 5767 ok hshoexer jsing 5768 5769 OpenBSD-Commit-ID: ecedca0e1ffa80e0c9ef7c787bc6a972882c596b 5770 5771commit 17003b9f1cd7b7bf1f52493cc4a1ab95727c3ed7 5772Author: djm@openbsd.org <djm@openbsd.org> 5773Date: Fri May 9 02:42:03 2025 +0000 5774 5775 upstream: make the progress-meter code safe against being called 5776 5777 when not initialised; spotted by tb@ feedback/ok tb@ deraadt@ 5778 5779 OpenBSD-Commit-ID: a9fda1ee08a24c62e0981ff6d15ca93b63467038 5780 5781commit 2d023e7a95d673e93ccc1978bf8931f7335b2b53 5782Author: tedu@openbsd.org <tedu@openbsd.org> 5783Date: Thu May 8 17:32:53 2025 +0000 5784 5785 upstream: convert a last quad_t to int64_t. ok deraadt djm 5786 5787 OpenBSD-Commit-ID: 1c9e01ba1a9ccf442a9cdf10f222077f66885f1f 5788 5789commit fc8c56ade809f66f7df4b5153a4d92593631c12a 5790Author: Darren Tucker <dtucker@dtucker.net> 5791Date: Tue May 20 15:01:29 2025 +1000 5792 5793 Set runner pasword to random string. 5794 5795 The most recent version of the Github ubuntu-latest image sets the 5796 password field to "!" which sshd considers to be a locked account, 5797 breaking most of the tests. 5798 5799commit c404686c17daeda7e95ca6fc14c8a4a570cf975d 5800Author: Darren Tucker <dtucker@dtucker.net> 5801Date: Sun May 11 22:54:13 2025 +1000 5802 5803 Debug log for why an account is considered locked. 5804 5805commit ee1d31781cf0d292a50b4df4cb8cb6ffcbfbe9af 5806Author: Darren Tucker <dtucker@dtucker.net> 5807Date: Sun May 11 16:35:31 2025 +1000 5808 5809 Move debug log output into separate workflow step. 5810 5811 Should reduce the need to scroll back to find out which test actually 5812 failed. 5813 5814commit ddfb78a15f57a33427d462b9c401de5c8e6799da 5815Author: Darren Tucker <dtucker@dtucker.net> 5816Date: Sat May 10 21:48:06 2025 +1000 5817 5818 Skip sftp-perm on Cygwin too. 5819 5820commit 8846caccb86b3f5a4f1c10bfffcc9cf1adc17925 5821Author: Darren Tucker <dtucker@dtucker.net> 5822Date: Sat May 10 10:23:30 2025 +1000 5823 5824 Remove CYGWIN binmode as it's now obsolete. 5825 5826commit cf795d55437e6c1ffe85e90e0fae00e885e50036 5827Author: Darren Tucker <dtucker@dtucker.net> 5828Date: Sat May 10 09:25:18 2025 +1000 5829 5830 Also skip sftp-cmds test on Cygwin. 5831 5832 Fails at the hardlink step. 5833 5834commit d1b28639c1cb382943bd92c68992ea74af9b5773 5835Author: Darren Tucker <dtucker@dtucker.net> 5836Date: Sat May 10 08:52:11 2025 +1000 5837 5838 Tell Cygwin to use native symlinks. 5839 5840commit 56782dad7d7f96b4943951227515bd7904ac3cf7 5841Author: Darren Tucker <dtucker@dtucker.net> 5842Date: Sat May 10 08:26:37 2025 +1000 5843 5844 Skip keygen-knownhost test on Cygwin. 5845 5846 It fails but at this time it's not clear why. 5847 5848commit d5cbac2364b03e55b733a2422a07e78e16d2a118 5849Author: Darren Tucker <dtucker@dtucker.net> 5850Date: Sat May 10 07:59:44 2025 +1000 5851 5852 Pass Cygwin setup location to CI setup. 5853 5854 (instead of hard coding it, wrongly). 5855 5856commit 82f1f52c5582f005761e4e200c279ddd9c6781e4 5857Author: Darren Tucker <dtucker@dtucker.net> 5858Date: Sat May 10 06:37:24 2025 +1000 5859 5860 Add RUN_ONLY_TEST to limit which tests are run. 5861 5862 For testing, you can set the repo variable RUN_ONLY_TEST in your repo 5863 (Repo -> Settings -> Security -> Actions -> Variables) to run only that test. 5864 5865commit 140ba45895de8ebfb3e2517b0ddee58729979c29 5866Author: Darren Tucker <dtucker@dtucker.net> 5867Date: Fri May 9 19:32:06 2025 +1000 5868 5869 Move misc-agent.o to LIBSSH_OBJS. 5870 5871 It's needed by the fuzzer. 5872 5873commit 3357bf2fe2d11b6ed4465c1ed2871bd1099cbbc5 5874Author: Darren Tucker <dtucker@dtucker.net> 5875Date: Fri May 9 19:08:36 2025 +1000 5876 5877 Put PRIV_ECDSA back, it's still used. 5878 5879 Should fix oss-fuzz test. 5880 5881commit f5726215957bb34e18bb872d527845c2f64e2389 5882Author: Darren Tucker <dtucker@dtucker.net> 5883Date: Thu May 8 18:56:39 2025 +1000 5884 5885 Since it's unused, make dirfd() take void *. 5886 5887 Some platforms (eg Old BSDs) in some configurations define DIR to "void 5888 *", which causes compile errors in the no-op implementation. 5889 5890commit 1511f113a27d8aafe080aa6493cb3c0cf2b5abe0 5891Author: Darren Tucker <dtucker@dtucker.net> 5892Date: Thu May 8 11:38:24 2025 +1000 5893 5894 Add no-op implmentation of dirfd(). 5895 5896 Fixes build on pre-POSIX.1 2008 systems. 5897 5898commit 086369736a9496b39af0d9f09443fa81b59b7f05 5899Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 5900Date: Wed Apr 16 10:18:34 2025 +1000 5901 5902 ssh-agent: exit 0 from SIGTERM under systemd socket-activation 5903 5904 When the ssh-agent service is configured to be launched under systemd 5905 socket-activation, the user can inspect the status of the agent with 5906 something like: 5907 5908 systemctl --user status ssh-agent.service 5909 5910 If the user does: 5911 5912 systemctl --user stop ssh-agent.service 5913 5914 it causes the `systemd --user` supervisor to send a SIGTERM to the 5915 agent, which terminates while leaving the systemd-managed socket in 5916 place. That's good, and as expected. (If the user wants to close the 5917 socket, they can do "systemctl --user stop ssh-agent.socket" instead) 5918 5919 But because ssh-agent exits with code 2 in response to a SIGTERM, the 5920 supervisor marks the service as "failed", even though the state of the 5921 supervised service is exactly the same as during session startup (not 5922 running, ready to launch when a client connects to the socket). 5923 5924 This change makes ssh-agent exit cleanly (code 0) in response to a 5925 SIGTERM when launched under socket activation. This aligns the systemd 5926 supervisor's understanding of the state of supervised ssh-agent with 5927 reality. 5928 5929 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 5930 5931commit 755c3d082e59e6884f28d30e6333a1444e9173d1 5932Author: Darren Tucker <dtucker@dtucker.net> 5933Date: Wed May 7 21:05:06 2025 +1000 5934 5935 Skip d_type check on platforms that don't have it. 5936 5937 On those, the subsequent stat() should catch the sockets. 5938 5939commit 207289a5663bdf49903e1aeb938dcc0924e2ac63 5940Author: dtucker@openbsd.org <dtucker@openbsd.org> 5941Date: Wed May 7 10:44:26 2025 +0000 5942 5943 upstream: Rename sockaddr_un sun -> sunaddr. 5944 5945 This makes things easier in -portable, where on Solaris an derivatives 5946 "sun" is defined to "1", causing compilation errors. ok deraadt@. 5947 5948 OpenBSD-Commit-ID: 0669043afb49856b57b382f0489221bd98305d3b 5949 5950commit 7cc8e150d51a4545b86d996692b541419b35d1a3 5951Author: djm@openbsd.org <djm@openbsd.org> 5952Date: Tue May 6 06:05:48 2025 +0000 5953 5954 upstream: remove DSA from the regression/unit test suite too. 5955 5956 OpenBSD-Regress-ID: 4424d2eaf0bce3887318ef6d18de6c06f3617d6e 5957 5958commit 0404fa799746c283325a463c363436eb152daefc 5959Author: djm@openbsd.org <djm@openbsd.org> 5960Date: Tue Apr 15 05:31:24 2025 +0000 5961 5962 upstream: another missing ifdef 5963 5964 OpenBSD-Regress-ID: 4f71f8f122eac4cbf7f1d2088a9be45317dd3e4a 5965 5966commit c5dbbe8805caaee132545ab4cffd3b2221e80975 5967Author: djm@openbsd.org <djm@openbsd.org> 5968Date: Tue Apr 15 05:00:13 2025 +0000 5969 5970 upstream: missing ifdef 5971 5972 OpenBSD-Regress-ID: 7260fb672de5738c17dec06c71a5be0186bb2b09 5973 5974commit 93e904a673a632604525fdc98b940b7996f1ce54 5975Author: djm@openbsd.org <djm@openbsd.org> 5976Date: Wed May 7 04:10:21 2025 +0000 5977 5978 upstream: memory leak on error path; bz3821 5979 5980 OpenBSD-Commit-ID: 65577596a15ad6dd9a1ab3fc24c1c31303ee6e2b 5981 5982commit 55b38ff4d7286c8fac2a472da664462e0f2d75e0 5983Author: deraadt@openbsd.org <deraadt@openbsd.org> 5984Date: Tue May 6 15:15:05 2025 +0000 5985 5986 upstream: test ssh-agent with the -T flag to force the old /tmp 5987 5988 location rather than inside the homedir. During relink operation, 5989 /.ssh/agent was created which is surprising. This test sequence could use 5990 some improvement so this is a temporary fix. observed by florian, change ok 5991 semarie 5992 5993 OpenBSD-Commit-ID: c7246a6b519ac390ca550719f91acfdaef1fa0f0 5994 5995commit a32d28d792567253bb601362f36391f155f8f772 5996Author: djm@openbsd.org <djm@openbsd.org> 5997Date: Tue May 6 05:40:56 2025 +0000 5998 5999 upstream: finally remove DSA signature support from OpenSSH. 6000 6001 feedback/ok tb@, ok deraadt@ 6002 6003 OpenBSD-Commit-ID: bfe6ee73c1b676c81a2901030c791f8ec888228f 6004 6005commit 928f8dcc1bb622c25be409c34374b655d0149373 6006Author: djm@openbsd.org <djm@openbsd.org> 6007Date: Mon May 5 05:51:11 2025 +0000 6008 6009 upstream: Now that there's an I-D for certificate keys, refer to 6010 6011 that instead of the much more basic format description we had previously. 6012 6013 OpenBSD-Commit-ID: cf01e0727a813fee8626ad7b3aa240621cc92014 6014 6015commit fe883543bece18c975fa53aa02104f0433645d99 6016Author: jmc@openbsd.org <jmc@openbsd.org> 6017Date: Mon May 5 05:47:28 2025 +0000 6018 6019 upstream: - add full stop to the text in -a - move the -U and -u 6020 6021 text to the correct place 6022 6023 OpenBSD-Commit-ID: 2fb484337a0978c703f61983bb14bc5cbaf898c2 6024 6025commit 5fd6ef297dec23e3574646b6334087131230d0a6 6026Author: Darren Tucker <dtucker@dtucker.net> 6027Date: Tue May 6 19:01:00 2025 +1000 6028 6029 Add minimal implementations of fstatat and unlinkat. 6030 6031 Fixes build on some pre-POSIX.1-2008 platforms. 6032 6033commit d2480827b3ef6ec119965822afdff35d734b2dee 6034Author: Darren Tucker <dtucker@dtucker.net> 6035Date: Tue May 6 08:15:34 2025 +1000 6036 6037 New location of cygwin setup. 6038 6039commit 57eb87b15bd0343372f99d661ce95efb25a16f1e 6040Author: Darren Tucker <dtucker@dtucker.net> 6041Date: Tue May 6 08:07:23 2025 +1000 6042 6043 Boringssl now puts libcrypto in a different place. 6044 6045commit 61525ba967ac1bb7394ea0792aa6030bcbbad049 6046Author: Darren Tucker <dtucker@dtucker.net> 6047Date: Mon May 5 20:45:42 2025 +1000 6048 6049 Handle systems that don't have st_mtim. 6050 6051 Ignores nanoseconds, but it's checking for >1h old so a few nanoseconds 6052 shouldn't matter much. Fixes build on Mac OS X. 6053 6054commit 27861e9b15151898841097c14ee974c026093131 6055Author: Darren Tucker <dtucker@dtucker.net> 6056Date: Mon May 5 19:09:25 2025 +1000 6057 6058 Supply timespecsub if needed. 6059 6060commit 7c0e6626e4be53efcfbb92f0c6382a76f1138e38 6061Author: Darren Tucker <dtucker@dtucker.net> 6062Date: Mon May 5 19:08:48 2025 +1000 6063 6064 includes.h for compat, time.h for clock_gettime. 6065 6066commit 7a7cc3cf721fe7fe9f4925d92bb7c694b8550a7f 6067Author: Darren Tucker <dtucker@dtucker.net> 6068Date: Mon May 5 18:51:34 2025 +1000 6069 6070 Cygwin install in back on D: 6071 6072commit 6ab8133c067a8e91ba69ce7ca04f95b50f2f2d7b 6073Author: Damien Miller <djm@mindrot.org> 6074Date: Mon May 5 14:59:30 2025 +1000 6075 6076 depend 6077 6078commit 12912429cf39cfeca97dd18a8f875ad9824d1751 6079Author: djm@openbsd.org <djm@openbsd.org> 6080Date: Mon May 5 03:35:06 2025 +0000 6081 6082 upstream: missing file in previous commit 6083 6084 OpenBSD-Commit-ID: e526c97fcb2fd9f0b7b229720972426ab437d7eb 6085 6086commit 80162f9d7e7eadca4ffd0bd1c015d38cb1821ab6 6087Author: djm@openbsd.org <djm@openbsd.org> 6088Date: Mon May 5 02:48:06 2025 +0000 6089 6090 upstream: Move agent listener sockets from /tmp to under 6091 6092 ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8). 6093 6094 This ensures processes (such as Firefox) that have restricted 6095 filesystem access that includes /tmp (via unveil(3)) do not have the 6096 ability to use keys in an agent. 6097 6098 Moving the default directory has the consequence that the OS will no 6099 longer clean up stale agent sockets, so ssh-agent now gains this 6100 ability. 6101 6102 To support $HOME on NFS, the socket path includes a truncated hash of 6103 the hostname. ssh-agent will by default only clean up sockets from 6104 the same hostname. 6105 6106 ssh-agent gains some new flags: -U suppresses the automatic cleanup 6107 of stale sockets when it starts. -u forces a cleanup without 6108 keeping a running agent, -uu forces a cleanup that ignores the 6109 hostname. -T makes ssh-agent put the socket back in /tmp. 6110 6111 feedback deraadt@ naddy@, doitdoitdoit deraadt@ 6112 6113 OpenBSD-Commit-ID: 8383dabd98092fe5498d5f7f15c7d314b03a93e1 6114 6115commit 566443b5f5d7bc4c5310313b4e46232760850c7a 6116Author: djm@openbsd.org <djm@openbsd.org> 6117Date: Mon May 5 02:40:30 2025 +0000 6118 6119 upstream: correct log messages; the reap function is used for more 6120 6121 than just the preauth process now 6122 6123 OpenBSD-Commit-ID: 768c5b674bd77802bb197c31dba78559f1174c02 6124 6125commit e048230106fb3f5e7cc07abc311c6feb5f52fd05 6126Author: djm@openbsd.org <djm@openbsd.org> 6127Date: Wed Apr 30 05:26:15 2025 +0000 6128 6129 upstream: make writing known_hosts lines more atomic, by writing 6130 6131 the entire line in one operation and using unbuffered stdio. 6132 6133 Usually writes to this file are serialised on the "Are you sure you 6134 want to continue connecting?" prompt, but if host key checking is 6135 disabled and connections were being made with high concurrency 6136 then interleaved writes might have been possible. 6137 6138 feedback/ok deraadt@ millert@ 6139 6140 OpenBSD-Commit-ID: d11222b49dabe5cfe0937b49cb439ba3d4847b08 6141 6142commit c991273c18afc490313a9f282383eaf59d9c13b9 6143Author: djm@openbsd.org <djm@openbsd.org> 6144Date: Wed Apr 30 05:23:15 2025 +0000 6145 6146 upstream: fix a out-of-bounds read if the known_hosts file is 6147 6148 truncated after the hostname. 6149 6150 Reported by the OpenAI Security Research Team 6151 6152 ok deraadt@ 6153 6154 OpenBSD-Commit-ID: c0b516d7c80c4779a403826f73bcd8adbbc54ebd 6155 6156commit b5b405fee7f3e79d44e2d2971a4b6b4cc53f112e 6157Author: Darren Tucker <dtucker@dtucker.net> 6158Date: Sun Apr 20 09:07:57 2025 +1000 6159 6160 Set Windows permssions on regress dir. 6161 6162 Prevents "unprotected private key file" error when running tests. 6163 6164commit 76631fdd04824c3e50ea6551d3611b1fe0216a41 6165Author: Darren Tucker <dtucker@dtucker.net> 6166Date: Fri Apr 18 08:18:52 2025 +1000 6167 6168 Add 10.0 branch to test status page. 6169 6170commit c627b468d3b99e487e2b24c90958ae57e633d681 6171Author: Darren Tucker <dtucker@dtucker.net> 6172Date: Fri Apr 18 08:14:16 2025 +1000 6173 6174 cygwin-install-action now puts setup.exe on D: 6175 6176commit 52bddbc1a7f53a1e5c871767913648eb639ac6d5 6177Author: Darren Tucker <dtucker@dtucker.net> 6178Date: Fri Apr 18 08:10:32 2025 +1000 6179 6180 Include time.h for clock_gettime(). 6181 6182commit 9b50cb171b5c56184ce6fa3994ce62f9882d2daf 6183Author: Darren Tucker <dtucker@dtucker.net> 6184Date: Thu Apr 17 16:51:14 2025 +1000 6185 6186 Add includes.h for new tests. 6187 6188 Fixes builds on older platforms. 6189 6190commit 46e52fdae08b89264a0b23f94391c2bf637def34 6191Author: Darren Tucker <dtucker@dtucker.net> 6192Date: Wed Apr 16 22:29:17 2025 +1000 6193 6194 Provide INFINITY if it's not provided. 6195 6196 INFINITY is specified in c99, so define if not provided. 6197 6198commit 849c2fd894aa87a7e40c71e8d5bda5392b1205be 6199Author: Darren Tucker <dtucker@dtucker.net> 6200Date: Tue Apr 15 21:58:49 2025 +1000 6201 6202 Look for sqrt(), possibly in libm. 6203 6204 The unit tests now use sqrt(), which in some platforms (notably 6205 DragonFlyBSD and Solaris) is not in libc but rather libm. Since only 6206 the unit tests use this, add TESTLIBS and if necessary put libm in it. 6207 6208commit 1ec5b39f1f673beac039bb42c98a11aa2b08a0b2 6209Author: dtucker@openbsd.org <dtucker@openbsd.org> 6210Date: Tue Apr 15 09:22:25 2025 +0000 6211 6212 upstream: Cast signalled_keydrop to int when logging to prevent warning 6213 6214 on platforms where sig_atomic_t is not the same as int. bz#3811, patch from 6215 jlduran at gmail com. 6216 6217 OpenBSD-Commit-ID: b6bc9e9006e7f81ade57d41a48623a4323deca6c 6218 6219commit f3d465530e75cb6c02e2cde1d15e6c4bb51ebfd9 6220Author: djm@openbsd.org <djm@openbsd.org> 6221Date: Tue Apr 15 04:00:42 2025 +0000 6222 6223 upstream: basic benchmarking support for the unit test framework enable 6224 6225 with "make UNITTEST_BENCHMARK=yes" 6226 6227 ok dtucker@ 6228 6229 OpenBSD-Regress-ID: 7f16a2e247f860897ca46ff87bccbe6002a32564 6230 6231commit 609fe2cae2459d721ac11d23cd27b8a94397ef3c 6232Author: jmc@openbsd.org <jmc@openbsd.org> 6233Date: Mon Apr 14 05:41:42 2025 +0000 6234 6235 upstream: rework the text for -3 to make it clearer what default 6236 6237 behaviour is, and adjust the text for -R to make them more consistent; 6238 6239 issue raised by mikhail mp39590; 6240 behaviour explained by naddy 6241 6242 ok djm 6243 6244 OpenBSD-Commit-ID: 15ff3bd1518d86c84fa8e91d7aa72cfdb41dccc8 6245 6246commit 8725dbc5b5fcc3e326fc71189ef8dba4333362cc 6247Author: Damien Miller <djm@mindrot.org> 6248Date: Wed Apr 9 17:02:17 2025 +1000 6249 6250 update version numbers 6251 6252commit cc7feb9458ad3b893b53dc9c7500d1affd208bde 6253Author: djm@openbsd.org <djm@openbsd.org> 6254Date: Wed Apr 9 07:00:21 2025 +0000 6255 6256 upstream: openssh-10.0 6257 6258 OpenBSD-Commit-ID: db5b4a1f1c9e988f8f166b56dc5643606294b403 6259 6260commit fc86875e6acb36401dfc1dfb6b628a9d1460f367 6261Author: djm@openbsd.org <djm@openbsd.org> 6262Date: Wed Apr 9 07:00:03 2025 +0000 6263 6264 upstream: Fix logic error in DisableForwarding option. This option 6265 6266 was documented as disabling X11 and agent forwarding but it failed to do so. 6267 Spotted by Tim Rice. 6268 6269 OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1 6270 6271commit dd73459e351b0a2908aed90910c8ff9b0b381c6d 6272Author: djm@openbsd.org <djm@openbsd.org> 6273Date: Wed Apr 9 01:24:40 2025 +0000 6274 6275 upstream: oops, I accidentally backed out the typo fix 6276 6277 OpenBSD-Commit-ID: f485f79bf3e9ebbe1de13ac96150cf458956cfd8 6278 6279commit 0cb945891944bada5850e85d60afa3c807cf1af6 6280Author: djm@openbsd.org <djm@openbsd.org> 6281Date: Wed Apr 9 01:23:47 2025 +0000 6282 6283 upstream: typo 6284 6285 OpenBSD-Commit-ID: f912725c7d303720706b3ccfb2cb846d46296d13 6286 6287commit cd4a6bd50b658d707867caa1f5aa40b35c2b6c19 6288Author: Damien Miller <djm@mindrot.org> 6289Date: Wed Apr 9 09:49:55 2025 +1000 6290 6291 initialise websafe_allowlist in agent fuzzer 6292 6293commit 55b7cb48af96c1102ef8ab5a73bb329cbed30945 6294Author: djm@openbsd.org <djm@openbsd.org> 6295Date: Tue Apr 8 23:10:46 2025 +0000 6296 6297 upstream: typo 6298 6299 OpenBSD-Regress-ID: 08477b936d1d0c1e8a98aa1c0e1bdde8871894c9 6300 6301commit 985d8cbcd3438cc36b4e709476f1783e358ddfb1 6302Author: djm@openbsd.org <djm@openbsd.org> 6303Date: Tue Apr 8 23:10:08 2025 +0000 6304 6305 upstream: typo 6306 6307 OpenBSD-Commit-ID: 6e683e13e72bf1e43bbd3bbc6a8332d5a98bdc99 6308 6309commit 000c3d14e94d8f7597087c457260ea9417045b65 6310Author: dtucker@openbsd.org <dtucker@openbsd.org> 6311Date: Mon Apr 7 08:12:22 2025 +0000 6312 6313 upstream: Include time.h for time(). 6314 6315 Fixes warning on some platforms when building without openssl. 6316 6317 OpenBSD-Commit-ID: 04ca29b8eaae1860c7adde3e770baa1866e30a54 6318 6319commit 49b8b9bf829e08af22366530614a5e59ac341ca9 6320Author: tb@openbsd.org <tb@openbsd.org> 6321Date: Wed Apr 2 04:28:03 2025 +0000 6322 6323 upstream: Wrap #include <openssl/dsa.h> in #ifdef WITH_DSA 6324 6325 ok djm 6326 6327 OpenBSD-Commit-ID: ed01a7c102243f84e4a317aefb431916d98aab15 6328 6329commit f80fb819e5521e13f167edbcc3eed66e22ad0c2a 6330Author: Damien Miller <djm@mindrot.org> 6331Date: Thu Apr 3 09:10:19 2025 +1100 6332 6333 remove all instances of -pie from LDFLAGS 6334 6335 Previously only the first instance of this flag was removed. 6336 Unbreaks build on OpenSUSE Tumbleweed. Patch from Antonio Larrosa 6337 6338commit 6c9872faa1c297a84c6d3e3b95a927be99eadbf6 6339Author: djm@openbsd.org <djm@openbsd.org> 6340Date: Tue Apr 1 23:23:20 2025 +0000 6341 6342 upstream: remove ability to enable DSA support. Actual code will be 6343 6344 g/c'd separately. ok deraadt@ 6345 6346 OpenBSD-Commit-ID: 2a032b75156c4d922e8343fa97ff6bc227f09819 6347 6348commit 8460aaa4e1f8680f03cc5334556b9440b401f010 6349Author: dtucker@openbsd.org <dtucker@openbsd.org> 6350Date: Fri Mar 28 21:45:55 2025 +0000 6351 6352 upstream: Add TEST_SSH_SSHD_ENV to sshd lines here too. 6353 6354 OpenBSD-Regress-ID: 045f2c88b42d694b404db51c5de5eca20d748ff1 6355 6356commit 5e60f5937b9c33190b9d7614f72d85d4a9b38d3d 6357Author: dtucker@openbsd.org <dtucker@openbsd.org> 6358Date: Fri Mar 28 06:04:07 2025 +0000 6359 6360 upstream: Pass "ControlMaster no" to ssh when invoked by scp & sftp. 6361 6362 If you have ControlMaster auto (or yes) in your config, and the 6363 first connection you make is via scp or sftp, then you may get a 6364 few unexpected options applied to it (eg ForwardX11 no), since sftp 6365 and sftp explicitly disable those for reasons. These effects will 6366 persist beyond the initial scp or sftp command. 6367 6368 This explicitly disables persistent session *creation* by scp and sftp. 6369 It will not prevent them from using an existing session if one has 6370 already been created. 6371 6372 From Github PR#557, ok djm@ kn@ 6373 6374 OpenBSD-Commit-ID: 9dad7c737466837e0150c4318920f46d844770c4 6375 6376commit bbd36869dfb4b770cc9e6a345c04a585a0955aec 6377Author: dtucker@openbsd.org <dtucker@openbsd.org> 6378Date: Fri Mar 28 05:41:15 2025 +0000 6379 6380 upstream: Set sshd environment variables during sshd test run too. 6381 6382 OpenBSD-Regress-ID: 50cb325d92c390a2909662c901f6ac5d80b6f74d 6383 6384commit 98f05b1484daddef2f56b79e24540523b5016143 6385Author: dtucker@openbsd.org <dtucker@openbsd.org> 6386Date: Fri Mar 28 05:36:24 2025 +0000 6387 6388 upstream: Add TEST_SSH_SSHD_ENV variable which is added to sshd's 6389 6390 environment. Will be used in Portable to tweak behaviour of tcmalloc's 6391 debugging. 6392 6393 OpenBSD-Regress-ID: 67e38c3c4517ddb72c8a3549a3325a166d7bb6d6 6394 6395commit 8cd9ed4df0eccc825eca0c45354a37332e125e38 6396Author: dtucker@openbsd.org <dtucker@openbsd.org> 6397Date: Fri Mar 28 05:33:30 2025 +0000 6398 6399 upstream: chown log directory in addition to log files. 6400 6401 OpenBSD-Regress-ID: b520d54a0bbf2c6554413c798218bda26b385ad9 6402 6403commit e32de6bf4f3229d4838beb127de45eed1377ccc5 6404Author: Darren Tucker <dtucker@dtucker.net> 6405Date: Fri Mar 28 16:47:58 2025 +1100 6406 6407 Be explicit about environment variables for tests. 6408 6409 This will make it easier to reproduce a test failure by cut-and-paste of 6410 the corresponding line from the github log. 6411 6412commit 77a3e6ba47381547b3fe4b29223256f276fbd07e 6413Author: Darren Tucker <dtucker@dtucker.net> 6414Date: Fri Mar 28 16:46:40 2025 +1100 6415 6416 Add tcmalloc flags to TEST_SSH_SSHD_ENV. 6417 6418 This will get passed to sshd via test-exec.sh. 6419 6420commit a73890e340fbd6121251854b658a72d738b86c84 6421Author: Darren Tucker <dtucker@dtucker.net> 6422Date: Thu Mar 27 23:04:44 2025 +1100 6423 6424 Add PuTTY 0.81, 0.82 and 0.83 to tests. 6425 6426commit 90a28de0d49570324d1695c0b4686354ef3bcae0 6427Author: Darren Tucker <dtucker@dtucker.net> 6428Date: Thu Mar 27 22:30:40 2025 +1100 6429 6430 Include TCMALLOC_STACKTRACE_METHOD in output. 6431 6432 If TCMALLOC_STACKTRACE_METHOD happens to be set, include it in the debug 6433 output to make reproducing test cases easier. 6434 6435commit fd5a6bb6dd7657c4bd8cd0ee11d5c8ddf0d927b2 6436Author: Darren Tucker <dtucker@dtucker.net> 6437Date: Thu Mar 27 20:15:11 2025 +1100 6438 6439 Test with-linux-memlock-onfault in kitchensink. 6440 6441commit 22330711e2459c23d9736ee16e0e2ee0fcc30b9a 6442Author: Collin Funk <collin.funk1@gmail.com> 6443Date: Wed Mar 26 18:24:59 2025 -0700 6444 6445 Include fcntl.h so AT_FDCWD does not get redefined. 6446 6447commit 6c49e5f7dcaf886b4a702a6c003cae9dca04d3ea 6448Author: Daniil Tatianin <d-tatianin@yandex-team.ru> 6449Date: Thu Feb 27 11:37:13 2025 +0300 6450 6451 Add support for locking memory on Linux 6452 6453 Linux wakes up kcompactd threads in order to make more contiguous memory 6454 available on the system, it does this by migrating live movable pages 6455 (actively modifying live processes' page tables and constantly flooding 6456 them with page invalidation IPIs, which can be up to millions per 6457 second), which causes the process to become unresponsive for up to 6458 seconds or even minutes in some severe cases. In case of sshd, we want 6459 to always be able to connect to the system, even if it's under heavy 6460 kcompactd load. 6461 6462 Introduce an option to protect sshd and its children sessions from being 6463 compacted by kcompactd (this works in cojunction with 6464 compact_unevictable_allowed = 0). Note that we depend on MCL_ONFAULT 6465 being available, which was introduced in linux 4.4. MCL_ONFAULT allows 6466 the system to lock pages lazily, thus drastically reducing memory usage 6467 of a locked process (without MCL_ONFAULT, every existing mapping in the 6468 process is instantly write-faulted). 6469 6470commit fdc4853c5b1567934d43ab13282f03033cc21325 6471Author: Daniil Tatianin <d-tatianin@yandex-team.ru> 6472Date: Thu Feb 27 11:46:25 2025 +0300 6473 6474 platform: introduce a way to hook new session start 6475 6476 Previously this was possible via post_fork_child, but ever since sshd 6477 was split into multiple binaries, this is now no longer possible becase 6478 of execv. 6479 6480commit 1b311b6b17be81577514c38e8be4f5740d7df496 6481Author: dtucker@openbsd.org <dtucker@openbsd.org> 6482Date: Wed Mar 19 06:11:15 2025 +0000 6483 6484 upstream: Prevent theoretical NULL deref in throughlocal_sftp. 6485 6486 Coverity CID 405019, although at the moment it's not reachable. ok djm@ 6487 6488 OpenBSD-Commit-ID: 630d46c1021b69fbb470e349976c70e9a48b7644 6489 6490commit 96493ebd6ff48bbb802576e208794a26928569b0 6491Author: Darren Tucker <dtucker@dtucker.net> 6492Date: Wed Mar 19 17:35:10 2025 +1100 6493 6494 Fix workflow syntax again. 6495 6496commit 575c43fd4c44d376b1771c0fdaf4941021ba88c9 6497Author: Darren Tucker <dtucker@dtucker.net> 6498Date: Tue Mar 18 20:54:48 2025 +1100 6499 6500 Differentiate logfiles better. 6501 6502commit 8a1294638f3a47d46263ea574fa85c8e115ea893 6503Author: Darren Tucker <dtucker@dtucker.net> 6504Date: Tue Mar 18 20:27:46 2025 +1100 6505 6506 Fix another typo in workflow. 6507 6508commit bd9e6bbcc864b3e10c4e11f5aec1b3a5e3a89b55 6509Author: Darren Tucker <dtucker@dtucker.net> 6510Date: Tue Mar 18 18:16:12 2025 +1100 6511 6512 Fix syntax error in workflow. 6513 6514commit ce88a1bb4a2e6425752094f7a2eb4adfb0ca7971 6515Author: Darren Tucker <dtucker@dtucker.net> 6516Date: Tue Mar 18 18:13:14 2025 +1100 6517 6518 Identify each logfile while printing them. 6519 6520commit b58e429960c4791fc4e30bb7c70d1f77d538b546 6521Author: djm@openbsd.org <djm@openbsd.org> 6522Date: Tue Mar 18 04:53:14 2025 +0000 6523 6524 upstream: fix NULL dereference for Match conditions missing 6525 6526 arguments, e.g. "Match user". Spotted by Coverity (CID 477813) 6527 6528 OpenBSD-Commit-ID: 13584281cfa23b8ebc41f9d128a6b9464ae960d4 6529 6530commit 0ce5281f017c3ad7bdcc2bbd9745119a73e0cbb8 6531Author: tb@openbsd.org <tb@openbsd.org> 6532Date: Fri Mar 14 09:49:49 2025 +0000 6533 6534 upstream: Fix EVP_CIPHER_CTX_ctrl() return checks 6535 6536 While this API tries to translate negative return values (i.e. -1) to 0 6537 in BoringSSL and LibreSSL, it is still possible for it to return negative 6538 values in prinicple. We even incorrectly document that -1 can be returned 6539 while Boring and OpenSSL plead the Fifth. 6540 6541 In OpenSSL 3 there are now code paths that explicitly return -1 and they 6542 started shifting their return checks to <= 0 - of course they do this in 6543 inconsistent and sometimes incorrect manner. While these paths aren't 6544 reachable from ssh right now, who can really tell what happens in the two 6545 hundred lines of inscrutable bloated mess this has become. 6546 6547 So error check with <= 0 to ensure that we don't accidentally translate an 6548 error to success. 6549 6550 ok markus schwarze 6551 6552 OpenBSD-Commit-ID: a855c833cf4ecfce43bedc761f26ad924f70483c 6553 6554commit 2e81100763d5885e500f065b04c16ed87ce74318 6555Author: Darren Tucker <dtucker@dtucker.net> 6556Date: Mon Mar 17 21:35:55 2025 +1100 6557 6558 Fix debug log path. 6559 6560commit 442a44970179d70ebb62bba792699eaec978a1db 6561Author: Darren Tucker <dtucker@dtucker.net> 6562Date: Fri Mar 14 16:24:06 2025 +1100 6563 6564 Also lazily unmount workspace in case of straggers. 6565 6566commit 20427f6735fe5ddab31911ce5315adc71acf47d8 6567Author: Darren Tucker <dtucker@dtucker.net> 6568Date: Fri Mar 14 16:17:39 2025 +1100 6569 6570 Make sure upstream tests run on correct hardware. 6571 6572commit 91a2f70a56827ae31649baf17227b0914ac5aa36 6573Author: Darren Tucker <dtucker@dtucker.net> 6574Date: Fri Mar 14 13:47:27 2025 +1100 6575 6576 Add OpenBSD upstream test on obsdsnap-arm64. 6577 6578commit c20f7413525602b0ea786d8974d03a81f7ca2a92 6579Author: Damien Miller <djm@mindrot.org> 6580Date: Thu Mar 13 10:45:53 2025 +1100 6581 6582 rebuild .depend 6583 6584commit d47ef958b89c6fa809302d654009d3dfabe11b75 6585Author: djm@openbsd.org <djm@openbsd.org> 6586Date: Wed Mar 12 22:43:44 2025 +0000 6587 6588 upstream: remove assumption that the sshd_config and any configs 6589 6590 included from it can fit in a (possibly enlarged) socket buffer, by having 6591 the sshd listener mainloop actively manage sending the configuration to the 6592 sshd-session subprocess. 6593 6594 work by markus@ w/ a little feedback from me; 6595 ok me and committing on his behalf 6596 6597 OpenBSD-Commit-ID: 8f54451483f64951853074adb76bc4f838eaf3ae 6598 6599commit 9c90b563943c16418d737433ac478974b8761ee5 6600Author: dtucker@openbsd.org <dtucker@openbsd.org> 6601Date: Tue Mar 11 11:46:44 2025 +0000 6602 6603 upstream: Prime caches for DNS names needed for tests. 6604 6605 When running the SSHFP tests, particularly on an ephemeral VM, the first 6606 query or two can fail for some reason, presumably because something isn't 6607 fully initialized or something. To work around this, issue queries for the 6608 names we'll need before we need them. 6609 6610 OpenBSD-Regress-ID: 900841133540e7dead253407db5a874a6ed09eca 6611 6612commit 10124eefe875a3e4e1cfb84ebe6a613ed3213b78 6613Author: dtucker@openbsd.org <dtucker@openbsd.org> 6614Date: Tue Mar 11 09:06:50 2025 +0000 6615 6616 upstream: Some dd's don't understand "1m", so handle seperately. 6617 6618 OpenBSD-Regress-ID: 1d983b27c96f28f69d3a288c19e8d8c58e1b2ee3 6619 6620commit c21c8fc319376c2f5e0da166e9e89a97a245ae72 6621Author: Darren Tucker <dtucker@dtucker.net> 6622Date: Tue Mar 11 19:17:46 2025 +1100 6623 6624 Lazily unmount github workspace at end of workflow. 6625 6626 Sometimes when a test times out the workspace is still busy when we try 6627 to unmount it, which leaves the runner unusable until it's cleaned up 6628 manually. We try to unmount this in the first step, but that usually 6629 doesn't work since it fails during setup before it starts our workflow. 6630 Move it to the end and make it a lazy unmount so it hopefully works 6631 eventually. 6632 6633commit 4bcbac742968f5086cfd4c570a51de25ef77931f 6634Author: dtucker@openbsd.org <dtucker@openbsd.org> 6635Date: Tue Mar 11 07:50:20 2025 +0000 6636 6637 upstream: Add regress test for sftp resume. 6638 6639 OpenBSD-Regress-ID: 37f629b3014338fa23a85df1e1bb320ea12282e1 6640 6641commit e2c4f070b43a4fd7d59a9350e2fe78df605830b5 6642Author: dtucker@openbsd.org <dtucker@openbsd.org> 6643Date: Tue Mar 11 07:46:02 2025 +0000 6644 6645 upstream: Use ssh binary instead of the (smaller) script when 6646 6647 preparing test data files since it's faster. 6648 6649 OpenBSD-Regress-ID: 4215e42682fdb73e131e10645d4a1a23a91d64f5 6650 6651commit 62f02e95ba5cda4649c482d30f4370e2360eb94d 6652Author: dtucker@openbsd.org <dtucker@openbsd.org> 6653Date: Tue Mar 11 07:43:45 2025 +0000 6654 6655 upstream: Set up dbclient's known_hosts as it expects. 6656 6657 OpenBSD-Regress-ID: 9e0898e8423237ce5023be53787bb4062e0d0418 6658 6659commit 395284bd52887dbaf7e78200c857d7f2d9ce398e 6660Author: dtucker@openbsd.org <dtucker@openbsd.org> 6661Date: Tue Mar 11 07:43:03 2025 +0000 6662 6663 upstream: Use $DBCLIENT to access dbclient for consistency. 6664 6665 OpenBSD-Regress-ID: 81e1b41e1ffc49aba1e6fcaeb6242f3b7875ea3c 6666 6667commit 97e10c0005a784622c61cb4e8bb7858b410bbcc6 6668Author: dtucker@openbsd.org <dtucker@openbsd.org> 6669Date: Tue Mar 11 07:42:08 2025 +0000 6670 6671 upstream: Check if dbclient supports SHA1 before trying SHA1-based 6672 6673 KEX. 6674 6675 Dropbear 2025.87 removed SHA1 support by default, which means 6676 diffie-hellman-group14-sha1 is not available. Unfortunately there isn't a 6677 flag to query supported KEX, so instead check MACs and if it doesn't have 6678 SHA1 methods, assuming SHA1 based KEXes are likewise not available. Spotted 6679 by anton@. 6680 6681 OpenBSD-Regress-ID: acfa8e26c001cb18b9fb81a27271c3b51288d304 6682 6683commit 29a5127f808d00aa539fd27d83a65c2c56179b0e 6684Author: dtucker@openbsd.org <dtucker@openbsd.org> 6685Date: Tue Mar 11 07:48:51 2025 +0000 6686 6687 upstream: Set highwater when resuming a "put". Prevents bogus "server 6688 6689 reordered acks" debug message. ok djm@ 6690 6691 OpenBSD-Commit-ID: aa7f6d0fc2e893c8c278ea3e6e0974c2eca83f5d 6692 6693commit 6575859d7acb110acf408707f98ed9744ca7d692 6694Author: dtucker@openbsd.org <dtucker@openbsd.org> 6695Date: Mon Mar 3 06:54:37 2025 +0000 6696 6697 upstream: Test for %-token and env var expansion in SetEnv. 6698 6699 OpenBSD-Regress-ID: bd6139a6177ac4afb29a0ce4afc23567b22ef9f9 6700 6701commit fd7ad8d7bf7dbdeb8f11a8b51aa9d31df1a17e52 6702Author: dtucker@openbsd.org <dtucker@openbsd.org> 6703Date: Sun Mar 2 07:41:06 2025 +0000 6704 6705 upstream: Also test User expansions when supplied via -l option and 6706 6707 user@host. 6708 6709 OpenBSD-Regress-ID: 56415859260b53ef0dd20f71225ba5fdf6320f50 6710 6711commit e6cfd783f1491b502db9322aa970822c63f1667d 6712Author: dtucker@openbsd.org <dtucker@openbsd.org> 6713Date: Sat Mar 1 06:12:47 2025 +0000 6714 6715 upstream: Tests for User expansion of %-tokens and environment 6716 6717 variables. 6718 6719 OpenBSD-Regress-ID: 7ed21dd0e09fb1f3537b8b177f171018aa501628 6720 6721commit 197e503b8e4b642ce0f405a5d65da4256fa96431 6722Author: djm@openbsd.org <djm@openbsd.org> 6723Date: Fri Dec 6 16:25:58 2024 +0000 6724 6725 upstream: use glob(3) wildcards in AuthorizedKeys/PrincipalsFile 6726 6727 tests to exercise this feature; ok dtucker 6728 6729 OpenBSD-Regress-ID: 7f7b19c0b05b1862cc6521ce61b2b301a3f9cc3b 6730 6731commit 396202180180a4ac16788d469508a348789dafa1 6732Author: djm@openbsd.org <djm@openbsd.org> 6733Date: Fri Dec 6 10:37:42 2024 +0000 6734 6735 upstream: implement attestation verification for ED25519 keys 6736 6737 OpenBSD-Regress-ID: c44fa5cdb434375a8b5545fdb4fc651061afca1f 6738 6739commit b49875428cda9c16c5bd52552100da2b419cda5f 6740Author: dtucker@openbsd.org <dtucker@openbsd.org> 6741Date: Mon Mar 3 06:53:09 2025 +0000 6742 6743 upstream: Add %-token and environment variable expansion to SetEnv. 6744 6745 feedback deraadt@ jmc@, nits and ok djm@ 6746 6747 OpenBSD-Commit-ID: 2f6e5070481cb73e6f35fd1c6608c1eeff88a5c1 6748 6749commit b6bba67e6c31d268480773e4fed16d0a32b4218e 6750Author: djm@openbsd.org <djm@openbsd.org> 6751Date: Sun Mar 2 22:44:00 2025 +0000 6752 6753 upstream: fix PerSourcePenalty incorrectly using "crash" penalty when 6754 6755 LoginGraceTime was exceeded. Reported by irwin AT princeton.edu via bz3797 6756 6757 OpenBSD-Commit-ID: 1ba3e490a5a9451359618c550d995380af454d25 6758 6759commit 38d69fee1b06948f160d94abd07b6b297630d30a 6760Author: Damien Miller <djm@mindrot.org> 6761Date: Sun Mar 2 22:06:53 2025 +1100 6762 6763 include __builtin_popcount replacement function 6764 6765 Some systems/compilers lack __builtin_popcount(), so replace it as 6766 necessary. Reported by Dennis Clarke; ok dtucker@ 6767 6768commit c94138d02a45dda5015f38f5a60b0bdde29019c1 6769Author: djm@openbsd.org <djm@openbsd.org> 6770Date: Sun Mar 2 11:03:13 2025 +0000 6771 6772 upstream: whitespace 6773 6774 OpenBSD-Commit-ID: 1bd8953a37451ef7e0991f9fceec5e8005fe986a 6775 6776commit 65d2c59628e68e166046efa69e76c1d395a8df6e 6777Author: dtucker@openbsd.org <dtucker@openbsd.org> 6778Date: Sun Mar 2 07:02:49 2025 +0000 6779 6780 upstream: Make a copy of the user when handling ssh -l, so that 6781 6782 later during User token expansion we don't end up freeing a member of argv. 6783 Spotted by anton@'s regress tests. 6784 6785 OpenBSD-Commit-ID: 2f671a4f5726b66d123b88b1fdd1a90581339955 6786 6787commit bd30cf784d6e825ef71592fb723c41d4f2fd407b 6788Author: dtucker@openbsd.org <dtucker@openbsd.org> 6789Date: Sat Mar 1 06:11:26 2025 +0000 6790 6791 upstream: Allow %-token and environment variable expansion in User, 6792 6793 with the exception of %r and %C which are self-referential. Requested in 6794 bz#3477, ok djm@, man page improvements jmc@ 6795 6796 OpenBSD-Commit-ID: caeb46251ee073662f6f5864c6f7b92d8ac80fa8 6797 6798commit 94f59dcfc57f95ae044f75c3ce544329c8956c35 6799Author: Darren Tucker <dtucker@dtucker.net> 6800Date: Sat Mar 1 10:28:59 2025 +1100 6801 6802 Rebuild config files if Makefile changes. 6803 6804 This ensures paths are updated if they are changed by re-running configure. 6805 Patch from rapier at psc.edu. 6806 6807commit dfd9880585db1570656022f9fe1519df673f7b8a 6808Author: Darren Tucker <dtucker@dtucker.net> 6809Date: Wed Feb 26 18:16:03 2025 +1100 6810 6811 Check for le32toh, le64toh, htole64 individually. 6812 6813 It appears that at least some versions of endian.h in glibc do not have 6814 the latter two, so check for and replace each one individually. 6815 bz#3794, ok djm@ 6816 6817commit cb99e8eb228df366af33f4fe88d7a9dd0dbf0756 6818Author: djm@openbsd.org <djm@openbsd.org> 6819Date: Tue Feb 25 06:25:30 2025 +0000 6820 6821 upstream: ressurect fix for "match invalid-user" that got clobbered 6822 6823 by 1.423 6824 6825 OpenBSD-Commit-ID: d18bf0945976e0f3467d710d4bc8bdbe181c0567 6826 6827commit 487cf4c18c123b66c1f3f733398cd37e6b2ab6ab 6828Author: deraadt@openbsd.org <deraadt@openbsd.org> 6829Date: Fri Feb 21 18:22:41 2025 +0000 6830 6831 upstream: Also prohibit , (comma) in hostnames, proposed by David 6832 6833 Leadbeater ok djm millert 6834 6835 OpenBSD-Commit-ID: 2837fa31dc6e81976f510f0a259edaa559b20b07 6836 6837commit 3bc6de98c830bd5207f6c371ba69c5874f06305b 6838Author: Damien Miller <djm@mindrot.org> 6839Date: Mon Feb 24 17:27:50 2025 +1100 6840 6841 Try to fix github tcmalloc target failure 6842 6843 tcmalloc may, depending on the stacktrace generator it uses, create 6844 pipe(2) fds during shared library initialisation. These will later 6845 get clobbered by ssh/sshd calling closefrom() and chaos will ensue. 6846 Tell tcmalloc to use an unwinder that doesn't pull this stuff. 6847 6848commit 922e54bbfe8c8479453693ef52350338f0c19124 6849Author: Damien Miller <djm@mindrot.org> 6850Date: Fri Feb 21 13:44:35 2025 +1100 6851 6852 cleanup last mention of ubuntu-20.04 6853 6854commit bc4b3f6dc1738d389e5c9dcca8c56d7e153fee49 6855Author: Damien Miller <djm@mindrot.org> 6856Date: Fri Feb 21 13:44:13 2025 +1100 6857 6858 prune gcc/clang versions to be tested 6859 6860 Test only the oldest and latest versions of each 6861 6862commit 94b73755f931d592a612ef5cb998694643eab5ff 6863Author: Damien Miller <djm@mindrot.org> 6864Date: Fri Feb 21 11:30:22 2025 +1100 6865 6866 Update AWS-LC version number 6867 6868 Patch from Shubham Mittal bz bz3792 6869 6870commit 6887099fae6d9f3482e1075d034e9343dc413200 6871Author: Damien Miller <djm@mindrot.org> 6872Date: Fri Feb 21 11:22:34 2025 +1100 6873 6874 adjust workflows for ubuntu version transition 6875 6876 remove workflows for unsupported compilers, add a few for additional 6877 supported compilers, move some workflows to run on ubuntu-latest 6878 6879commit 33bb47e6f74f2ca8093946e6f462d655a9ae46d3 6880Author: Damien Miller <djm@mindrot.org> 6881Date: Thu Feb 20 17:10:32 2025 +1100 6882 6883 Add ubuntu-*-arm test runners 6884 6885commit a0c95fbb215b2168fa51b15906e2d6990d7fef6b 6886Author: Damien Miller <djm@mindrot.org> 6887Date: Thu Feb 20 17:03:28 2025 +1100 6888 6889 remove ubuntu-20.04 Github action runners 6890 6891 ubuntu-20.04 is deprecated now, so migrate all its unique runners 6892 to ubuntu-22.04. 6893 6894 ok dtucker@ 6895 6896commit 0cbeedba81b57c56379e1d202b9ccd3b72af7ddc 6897Author: Damien Miller <djm@mindrot.org> 6898Date: Tue Feb 18 19:03:42 2025 +1100 6899 6900 openssh-9.9p2 6901 6902commit 0832aac79517611dd4de93ad0a83577994d9c907 6903Author: djm@openbsd.org <djm@openbsd.org> 6904Date: Tue Feb 18 08:02:48 2025 +0000 6905 6906 upstream: Fix cases where error codes were not correctly set 6907 6908 Reported by the Qualys Security Advisory team. ok markus@ 6909 6910 OpenBSD-Commit-ID: 7bcd4ffe0fa1e27ff98d451fb9c22f5fae6e610d 6911 6912commit 6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2 6913Author: djm@openbsd.org <djm@openbsd.org> 6914Date: Tue Feb 18 08:02:12 2025 +0000 6915 6916 upstream: Don't reply to PING in preauth phase or during KEX 6917 6918 Reported by the Qualys Security Advisory team. ok markus@ 6919 6920 OpenBSD-Commit-ID: c656ac4abd1504389d1733d85152044b15830217 6921 6922commit 9e5bd74a85192c00a842f63d7ab788713b4284c3 6923Author: jmc@openbsd.org <jmc@openbsd.org> 6924Date: Sat Feb 15 06:48:56 2025 +0000 6925 6926 upstream: - use \& when contructs like "e.g." end a line, to avoid 6927 6928 double spacing - macro is Qq not Oq 6929 6930 OpenBSD-Commit-ID: 17e5d2d7f288cc7fc536e3af252224525f9fb43a 6931 6932commit f519e71fb7a46314ae16e2a75490649dc0bd01a2 6933Author: Damien Miller <djm@mindrot.org> 6934Date: Sat Feb 15 13:12:40 2025 +1100 6935 6936 depend 6937 6938commit 9131ac64b0ebe66dc1de9d44bf8d1bd64a24c350 6939Author: djm@openbsd.org <djm@openbsd.org> 6940Date: Sat Feb 15 01:52:07 2025 +0000 6941 6942 upstream: add "Match version" support to ssh_config. Allows 6943 6944 matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*" 6945 6946 ok markus@ 6947 6948 OpenBSD-Commit-ID: c0cb504d0b9e43ccf12e68a544a7cd625e89758d 6949 6950commit 192a20df00c8a56fe7d92ffa23d959c865d7fb9e 6951Author: djm@openbsd.org <djm@openbsd.org> 6952Date: Sat Feb 15 01:50:47 2025 +0000 6953 6954 upstream: Add support for "Match sessiontype" to ssh_config. Allows 6955 6956 matching on the type of session requested, either "shell" for interactive 6957 sessions, "exec" for command execution sessions, "subsystem" for subsystem 6958 requests, such as sftp, or "none" for transport/forwarding-only sessions. 6959 6960 ok markus@ 6961 6962 OpenBSD-Commit-ID: eff5c001aecb2283d36639cfb28c0935a8bfd468 6963 6964commit caa3c0c77082888236b0b0c4feb3e6879731b3ba 6965Author: djm@openbsd.org <djm@openbsd.org> 6966Date: Sat Feb 15 01:48:30 2025 +0000 6967 6968 upstream: "Match command ..." support for ssh_config to allow 6969 6970 matching on the remote command specified on the commandline. 6971 6972 Also relaxes matching rules for `Match tagged` to allow 6973 `Match tagged ""` to match an empty tag value. This also works 6974 for command. 6975 6976 ok markus@ 6977 6978 OpenBSD-Commit-ID: 00dcfea425bf58d824bf5e3464cfc2409121b60d 6979 6980commit 38f6000e9851a00e2e4b8e1eb4ea6a243ef7e6a3 6981Author: Damien Miller <djm@mindrot.org> 6982Date: Tue Feb 11 10:32:26 2025 +1100 6983 6984 depend 6985 6986commit aa1409e7a0a5605f0127651a3ba5a348666325bc 6987Author: djm@openbsd.org <djm@openbsd.org> 6988Date: Mon Feb 10 23:19:26 2025 +0000 6989 6990 upstream: include arguments the command was invoked with, and 6991 6992 operating system name, version and architecture in startup debugging output; 6993 ok dtucker 6994 6995 OpenBSD-Commit-ID: 2a509d319aaf31a6bf9998e1842832883fbc3edd 6996 6997commit 857ac20f5fe19f183defba5dbf4b7d9e6400230c 6998Author: djm@openbsd.org <djm@openbsd.org> 6999Date: Mon Feb 10 23:16:51 2025 +0000 7000 7001 upstream: include line number in Match debug messages, makes it a 7002 7003 little easier to see what's going on 7004 7005 OpenBSD-Commit-ID: 1fcf4aa2ee667711b9497ded0fa52d757c69b1df 7006 7007commit af49d474e481d2d78b2f06b06a06b0b37629358e 7008Author: djm@openbsd.org <djm@openbsd.org> 7009Date: Mon Feb 10 23:00:29 2025 +0000 7010 7011 upstream: fix "Match invalid-user" from incorrectly being activated 7012 7013 in initial configuration pass when no other predicates were present on the 7014 match line 7015 7016 OpenBSD-Commit-ID: 02703b4bd207fafd03788bc4e7774bf80be6c9a8 7017 7018commit 1c67bae3f5834e48ded71c406f2039dea6e536db 7019Author: schwarze@openbsd.org <schwarze@openbsd.org> 7020Date: Sun Feb 9 18:24:08 2025 +0000 7021 7022 upstream: In a section 1 manual, use the plain English words 7023 7024 "standard output" rather than the overly technical abbreviation "stdout" - we 7025 are not talking about a device file or a FILE * object here. Issue reported 7026 by <onf at disroot dot org> on the groff mailing list. 7027 7028 OpenBSD-Commit-ID: a0816999f970e6159523bed8484f62c42ec93109 7029 7030commit 85b3d68dd931416ede657f371f1d60cdc3a66f34 7031Author: dtucker@openbsd.org <dtucker@openbsd.org> 7032Date: Fri Jan 17 00:09:41 2025 +0000 7033 7034 upstream: Fix debug logging of user specific delay. Patch from 7035 7036 Achim Leitner (fjl5) via github PR#552. 7037 7038 OpenBSD-Commit-ID: 834a869ed9b15058d3c1ef0cd75402ef989255d8 7039 7040commit e4e5b06fdf4532705669c0ae944b364022d16b9d 7041Author: dtucker@openbsd.org <dtucker@openbsd.org> 7042Date: Thu Jan 16 06:37:10 2025 +0000 7043 7044 upstream: Call log_init in sshd-auth and sshd-session immediately 7045 7046 after parsing the config file so that any log settings set in the config file 7047 take effect immediately. Move version banners to immediately after that, and 7048 make them distinct per binary. ok djm@ 7049 7050 OpenBSD-Commit-ID: acf3d090638edf9b6e6f78eed96b537fe671f0f5 7051 7052commit 0643994b20f2cc54bca80842a984b3052ff1a6a9 7053Author: dtucker@openbsd.org <dtucker@openbsd.org> 7054Date: Wed Jan 15 22:23:13 2025 +0000 7055 7056 upstream: Use strprefix helper when processing sshd -C test args 7057 7058 instead of counting bytes by hand. ok djm@ 7059 7060 OpenBSD-Commit-ID: 2866d369d96fe04bf76112260ac37e489f98a9a9 7061 7062commit 66efd0fbb6b8b95f8a520f2cdf8ede14e62b30b3 7063Author: Damien Miller <djm@mindrot.org> 7064Date: Thu Feb 6 09:38:09 2025 +1100 7065 7066 add support for AWS-LC (AWS libcrypto) 7067 7068 Patch from Shubham Mittal via bz3784; ok dtucker 7069 7070commit 826483d51a9fee60703298bbf839d9ce37943474 7071Author: Tim Rice <tim@multitalents.net> 7072Date: Mon Dec 16 15:36:54 2024 -0800 7073 7074 fix old typo (s/SYSVINITSTOPT/SYSVINITSTOP/) 7075 7076commit 1a8ce460f1d0c3f7304edba0733783b57b430e21 7077Author: dtucker@openbsd.org <dtucker@openbsd.org> 7078Date: Thu Dec 12 09:09:09 2024 +0000 7079 7080 upstream: Plug leak on error path, spotted by Coverity. ok djm@ 7081 7082 OpenBSD-Commit-ID: b1859959374b4709569760cae0866d22a16606d3 7083 7084commit 924f996144fc0ae1a659fadcfc2237d1ae935fc4 7085Author: Xavier Hsinyuan <me@lstlx.com> 7086Date: Mon Dec 9 11:21:05 2024 +0800 7087 7088 Add $(srcdir) for standalone sk-libfido2 make target. 7089 7090 Fix out-of-tree build failure due to incorrect path for `sk-usbhid.c`. 7091 7092commit bbc9c18e84de29c83fa03e69290979fcca54a2b2 7093Author: djm@openbsd.org <djm@openbsd.org> 7094Date: Sat Dec 7 10:12:19 2024 +0000 7095 7096 upstream: replace bespoke logging of MaxSessions enforcement with 7097 7098 new ratelimited logging infrastructure. 7099 7100 Add ratelimits to logging of connections dropped by PerSourcePenalties 7101 7102 ok dtucker 7103 7104 OpenBSD-Commit-ID: f22fe7c39607e4361aadf95e33773ffd68c59489 7105 7106commit 5a6ddf946cf105189c2c99a04f86ce95edc55fc5 7107Author: djm@openbsd.org <djm@openbsd.org> 7108Date: Sat Dec 7 10:05:36 2024 +0000 7109 7110 upstream: add infrastructure for ratelimited logging; feedback/ok 7111 7112 dtucker 7113 7114 OpenBSD-Commit-ID: 18a83e5ac09d59aaf1e834fd6b796db89dd842e7 7115 7116commit 85f0c1e75e8f6c5d83b8070918ee2f6ab16d403e 7117Author: djm@openbsd.org <djm@openbsd.org> 7118Date: Fri Dec 6 16:24:27 2024 +0000 7119 7120 upstream: allow glob(3) patterns for sshd_config AuthorizedKeysFile 7121 7122 and AuthorizedPrincipalsFile directives; bz2755 ok dtucker 7123 7124 OpenBSD-Commit-ID: 3e3e05a17fca39bba78b993a07b44664519adf7f 7125 7126commit 9a9ffee6e10bcd039f1f9385599577441ebe542a 7127Author: djm@openbsd.org <djm@openbsd.org> 7128Date: Fri Dec 6 16:21:48 2024 +0000 7129 7130 upstream: support VersionAddendum in the client, mirroring the 7131 7132 option of the same name in the server; bz2745 ok dtucker@ 7133 7134 OpenBSD-Commit-ID: 6ff7905b3f9806649bde750515786553fb89cdf4 7135 7136commit 41ab0ccecd68232e196efae5e224b31ca104c423 7137Author: djm@openbsd.org <djm@openbsd.org> 7138Date: Fri Dec 6 16:02:12 2024 +0000 7139 7140 upstream: clarify encoding of options/extensions; bz2389 7141 7142 OpenBSD-Commit-ID: c4e92356d44dfe6d0a4416deecb33d1d1eba016c 7143 7144commit 5488810359f0fd91e2f7b919c70a3798e46376cb 7145Author: djm@openbsd.org <djm@openbsd.org> 7146Date: Fri Dec 6 15:17:15 2024 +0000 7147 7148 upstream: ignore SIGPIPE here; some downstreams have had this for 7149 7150 years... 7151 7152 OpenBSD-Commit-ID: 73674ee4f8ceb8fc9cb8de71d8ddea0c721eb035 7153 7154commit 4389a792d9078212366eba124a3eed36e009d09e 7155Author: djm@openbsd.org <djm@openbsd.org> 7156Date: Fri Dec 6 15:12:56 2024 +0000 7157 7158 upstream: sync -o option lists with ssh.1; requested jmc@ 7159 7160 OpenBSD-Commit-ID: a7ac295b444da7b2ca7a33a52370594f6897f6bb 7161 7162commit 6b9cd095565ddc5402d5096dce248fa0521dbda3 7163Author: Fabio Pedretti <pedretti.fabio@gmail.com> 7164Date: Mon Oct 16 17:12:24 2023 +0200 7165 7166 Remove ancient RHL 6.x config in RPM spec. 7167 7168 It looks like build6x options were intended for RHL 6.x 7169 (the Red Hat distro predating Fedora, not RHEL), but were 7170 then applied to RHEL. 7171 7172 Completely remove support for this ancient configuration. 7173 7174 Successfully built, installed and run on RHEL 6. This also 7175 remove a build warning about deprecation of PreReq. 7176 7177commit 5cacfa798f92b707491375fed748d1d1bcb33ec9 7178Author: Darren Tucker <dtucker@dtucker.net> 7179Date: Fri Dec 6 23:54:45 2024 +1100 7180 7181 Add new hardware-backed signing key for myself. 7182 7183 Retire old non-hardware based signing key. 7184 7185commit f129b6ee1d4361799e65307216e3a4d5544356b7 7186Author: Jonas 'Sortie' Termansen <sortie@maxsi.org> 7187Date: Sat Nov 2 22:05:45 2024 +0100 7188 7189 Fix configure implicit declaration and format warnings. 7190 7191commit 11a5e5179077f73c2d45bcdf3f60153ae3f17815 7192Author: dtucker@openbsd.org <dtucker@openbsd.org> 7193Date: Fri Dec 6 07:05:54 2024 +0000 7194 7195 upstream: Expand $SSH to absolute path if it's not already. 7196 7197 Prevents problem later in increase_datafile_size if ssh is not in 7198 the path. Patch from quaresmajose via GHPR#510. 7199 7200 OpenBSD-Regress-ID: 2670a66af8b827410ca7139f0a89f4501cece77b 7201 7202commit dc2ef8f0944a4ff7ba19e52fd17b4654e6bd9b93 7203Author: dtucker@openbsd.org <dtucker@openbsd.org> 7204Date: Fri Dec 6 06:55:28 2024 +0000 7205 7206 upstream: Change "login again" to "log in again" 7207 7208 in password change message. From ThinLinc-Zeijlon via github PR#532. 7209 7210 OpenBSD-Commit-ID: fea5e9bc04caf613a118c419f16863733b340cf1 7211 7212commit 8252f346eb21cd6b30816f905b7d94f10962373e 7213Author: naddy@openbsd.org <naddy@openbsd.org> 7214Date: Thu Dec 5 22:45:03 2024 +0000 7215 7216 upstream: catch up documentation: AES-GCM is preferred to AES-CTR 7217 7218 OpenBSD-Commit-ID: 63360924b6834507fe70020edb936f5075043a9e 7219 7220commit 9a2f4c75081769bd45eba2bf3fab0a32b25f1879 7221Author: Darren Tucker <dtucker@dtucker.net> 7222Date: Fri Dec 6 17:56:17 2024 +1100 7223 7224 Change text from "login to" to "log in to". 7225 7226 From ThinLinc-Zeijlon via GHPR#532. 7227 7228commit 24dcf368d816b06136a02845ebd0c7846bf18927 7229Author: Xavier Hsinyuan <me@lstlx.com> 7230Date: Fri Dec 6 11:56:34 2024 +0800 7231 7232 Fix configure message typo in sk-libfido2 standalone. 7233 7234commit 1a0cac2f3411a22d69ae6918eff48456b805e73b 7235Author: Alexander Kanavin <alex@linutronix.de> 7236Date: Thu Dec 5 16:26:46 2024 +0100 7237 7238 Skip 2038 key expiry test on 64 bit time_t systems. 7239 7240 This allows testing Y2038 with system time set to after that (i.e. 2040), 7241 so that actual Y2038 issues can be exposed, and not masked by key expiry 7242 errors. 7243 7244 Signed-off-by: Alexander Kanavin <alex@linutronix.de> 7245 7246commit 6b4611dc1232c5d2c8e43201f580f19aab320c87 7247Author: Darren Tucker <dtucker@dtucker.net> 7248Date: Fri Dec 6 01:45:52 2024 +1100 7249 7250 Skip 64bit expiry time test on 32bit time_t. 7251 7252commit c9b7866a7dc5e6c30f5aa9d22dd0bbafda0d496f 7253Author: dtucker@openbsd.org <dtucker@openbsd.org> 7254Date: Thu Dec 5 14:28:39 2024 +0000 7255 7256 upstream: Add key expiry test in the 64bit time_t range for additional 7257 7258 coverage. From Alexander Kanavin via bz#3684. 7259 7260 OpenBSD-Regress-ID: bdf6eb3c2421f2e1e11483d03b34c7931d1bccf7 7261 7262commit 790c913b5fc6ee93ae14793443dc85a0f574b7eb 7263Author: Damien Miller <djm@mindrot.org> 7264Date: Thu Dec 5 19:24:56 2024 +1100 7265 7266 typo 7267 7268commit d23a23aaeeabc228792e3fd7eb5f2fa6ae13c482 7269Author: Damien Miller <djm@mindrot.org> 7270Date: Thu Dec 5 08:47:02 2024 +1100 7271 7272 add a Makefile target for ssh-verify-attestation 7273 7274 Not built by default, but easier than doing it by hand 7275 7276commit d0ac63d0f8b5f778d5fd326701ef4489bc27635e 7277Author: dtucker@openbsd.org <dtucker@openbsd.org> 7278Date: Thu Dec 5 06:49:26 2024 +0000 7279 7280 upstream: De-magic the x11 base port number into a define. ok djm@ 7281 7282 OpenBSD-Commit-ID: 23b85ca9d222cb739b9c33ee5e4d6ac9fdeecbfa 7283 7284commit 9998c93d57bf0f1df2bc93e0bc2d8112c6f8c720 7285Author: dtucker@openbsd.org <dtucker@openbsd.org> 7286Date: Thu Dec 5 06:47:00 2024 +0000 7287 7288 upstream: Prevent integer overflow in x11 port handling. These are 7289 7290 theoretically possible if the admin misconfigures X11DisplayOffset or the 7291 user misconfigures their own $DISPLAY, but don't happen in normal operation. 7292 From Suhov Roman via bz#3730, ok djm@ 7293 7294 OpenBSD-Commit-ID: e9e3860f1a19b862ccf07dc8ecbe8f1e1034f4ed 7295 7296commit 8c9ee046d40e4254c6c1711783ea11027b72c3e9 7297Author: djm@openbsd.org <djm@openbsd.org> 7298Date: Wed Dec 4 16:42:49 2024 +0000 7299 7300 upstream: add a work-in-progress tool to verify FIDO attestation 7301 7302 blobs that ssh-keygen can write when enrolling FIDO keys. 7303 7304 OpenBSD-Regress-ID: 6c97bf3f46e48866677ad69f54b77683eb92437f 7305 7306commit 50c640d874d0246dd0a0d949398c3d7f757c716a 7307Author: dtucker@openbsd.org <dtucker@openbsd.org> 7308Date: Wed Dec 4 10:51:13 2024 +0000 7309 7310 upstream: Don't assume existence of SK provider in test. Patch from 7311 7312 balu.gajjala at gmail via bz#3402. 7313 7314 OpenBSD-Regress-ID: d571932016d07d135b54433d07520b9e1901db43 7315 7316commit 73d782693144262570d3585b62f16b183170c014 7317Author: djm@openbsd.org <djm@openbsd.org> 7318Date: Wed Dec 4 14:37:55 2024 +0000 7319 7320 upstream: sync the list of options accepted by -o with ssh_config.5 7321 7322 prompted by bz3455 7323 7324 OpenBSD-Commit-ID: 0ecbfa70aea6c769bcc259defe07182edf461f57 7325 7326commit 6993d9f0959534b0b7d52e17b95e9e79fb0b3d0a 7327Author: djm@openbsd.org <djm@openbsd.org> 7328Date: Wed Dec 4 14:24:20 2024 +0000 7329 7330 upstream: don't screw up ssh-keygen -l output when the file 7331 7332 contains CR characters; GHPR236 bz3385, fix from Dmitry Belyavskiy 7333 7334 OpenBSD-Commit-ID: e458cf6b0adcea5b69ef4c7ba38e590841d02ef4 7335 7336commit c0b03c2534946fc114880092177aa4a3683ced2d 7337Author: jsg@openbsd.org <jsg@openbsd.org> 7338Date: Tue Dec 3 22:30:03 2024 +0000 7339 7340 upstream: spelling; ok djm@ 7341 7342 OpenBSD-Commit-ID: c8ff3f70020451eef214e598117b7ce1a29853ef 7343 7344commit 97eb247f40167f44324e88a537d5b4fe771a63b2 7345Author: dtucker@openbsd.org <dtucker@openbsd.org> 7346Date: Tue Dec 3 16:27:53 2024 +0000 7347 7348 upstream: Remove fallback to compiled-in gropup for dhgex when the 7349 7350 moduli file exists, but does not contain moduli within the client-requested 7351 range. The fallback behaviour remains for the case where the moduli file does 7352 not exist (typically, running tests prior to installing). From bz#2793, based 7353 in part on patch from Joe Testa, ok djm@ 7354 7355 OpenBSD-Commit-ID: b1a8c5dbbedf249b42474679ebaf14db7332b1ab 7356 7357commit 30c746265ebde29806dba77c92fb1fd3803cbf5c 7358Author: tb@openbsd.org <tb@openbsd.org> 7359Date: Tue Dec 3 15:53:51 2024 +0000 7360 7361 upstream: Remove redundant field of definition check 7362 7363 This will allow us to get rid of EC_GROUP_method_of() in the near future. 7364 7365 ok djm 7366 7367 OpenBSD-Commit-ID: b4a3d2e00990cf5c2ec6881c21ddca67327c2df8 7368 7369commit eaa1744f34c30740328fd0a0d84b5f2f9e6918c1 7370Author: Damien Miller <djm@mindrot.org> 7371Date: Thu Dec 5 00:59:19 2024 +1100 7372 7373 don't ignore changes in regress Makefiles 7374 7375 reported by Torben Hansen in bz2880 7376 7377commit 66e986880b2472fefaad781f10113b138b65ff27 7378Author: Damien Miller <djm@mindrot.org> 7379Date: Thu Dec 5 00:01:33 2024 +1100 7380 7381 Support systemd-style socket activation in agent 7382 7383 Adds support for systemd LISTEN_PID/LISTEN_FDS socket activation to 7384 ssh-agent. Activated when these environment variables are set and 7385 the agent is started with the -d or -D option and no socket path 7386 is set. 7387 7388 Based on GHPR502 by Daniel Kahn Gillmor, ok dtucker 7389 7390commit 9b57c099f57152e6c94f633c114f544087f4bdaa 7391Author: Darren Tucker <dtucker@dtucker.net> 7392Date: Wed Dec 4 21:36:01 2024 +1100 7393 7394 Update readme files to better reflect reality. 7395 7396 Prompted by bz#3738, ok djm@. 7397 7398commit ffa885db1b960451d426455045d2f51288e48ee8 7399Author: dtucker@openbsd.org <dtucker@openbsd.org> 7400Date: Tue Dec 3 14:12:47 2024 +0000 7401 7402 upstream: Improve description of KbdInteractiveAuthentication. 7403 7404 Based on bz#3658, fixes jmc@ ok markus@ djm@. 7405 7406 OpenBSD-Commit-ID: 9fadb56b9afed554d501acbba911c685acd6ffc2 7407 7408commit b460f82a67795bba37c6cc6c78f788e5b435b4cb 7409Author: Jonas 'Sortie' Termansen <sortie@maxsi.org> 7410Date: Sat Nov 2 17:53:23 2024 +0100 7411 7412 Inherit DESTDIR from the environment. 7413 7414 autoconf packages conventionally inherit the DESTDIR variable from the 7415 environment. 7416 7417commit 9da7fa7c7464df241ae5d17da94e4ebed9013719 7418Author: Jonas 'Sortie' Termansen <sortie@maxsi.org> 7419Date: Sat Nov 2 22:10:39 2024 +0100 7420 7421 Define u_short and u_long if needed. 7422 7423commit d3a7ff7cecbc23cc37044bdf02e7118d05bf3c35 7424Author: djm@openbsd.org <djm@openbsd.org> 7425Date: Tue Dec 3 08:31:49 2024 +0000 7426 7427 upstream: support FIDO tokens that return no attestation data, e.g. 7428 7429 recent WinHello. From Michael Braun via GHPR542 7430 7431 OpenBSD-Commit-ID: a71b0542f2f7819ba0e33a88908e01b6fc49e4ce 7432 7433commit 96b64056c812620014b65371a9e3ac86bfcd08d5 7434Author: Thorsten Kukuk <kukuk@suse.com> 7435Date: Tue Nov 19 10:53:28 2024 +0100 7436 7437 Add wtmpdb support as Y2038 safe wtmp replacement 7438 7439commit 1d9563a56f2ad5b0c0aeef20e19c1a03ad54f88a 7440Author: djm@openbsd.org <djm@openbsd.org> 7441Date: Mon Dec 2 14:06:42 2024 +0000 7442 7443 upstream: unbreak 7444 7445 OpenBSD-Commit-ID: 05b6c31f4a6e385338f43cc0e08776cea75802a1 7446 7447commit d75837b9f6d0d6cc18ed5078789ea0f3dad08f00 7448Author: djm@openbsd.org <djm@openbsd.org> 7449Date: Mon Dec 2 13:37:18 2024 +0000 7450 7451 upstream: prefer AES-GCM to AES-CTR; ok deraadt markus 7452 7453 OpenBSD-Commit-ID: 8366a72e0f300ee31c5dab2c95025387ec15bbc9 7454 7455commit e19cd494b567a73dc390e09b47c1e21545e6116b 7456Author: Shiva Kaul <shiva.kaul@gmail.com> 7457Date: Mon Dec 2 02:04:20 2024 -0500 7458 7459 Fix compilation with DEBUG_SK enabled 7460 7461 In `ssh_ecdsa_sk_verify`, the `datalen` variable was renamed to `dlen` -- but not in this debugging block. 7462 7463commit 67ace92be0718df7e0f52c0a76684fc2ebae4089 7464Author: dtucker@openbsd.org <dtucker@openbsd.org> 7465Date: Fri Nov 29 00:13:36 2024 +0000 7466 7467 upstream: Import regenerated moduli. 7468 7469 OpenBSD-Commit-ID: 311d271bf0fab8a119e84f4f696d8cd40731692f 7470 7471commit ca0697a90e5720ba4d76cb0ae9d5572b5260a16c 7472Author: Jeremy Stott <jeremy@stott.co.nz> 7473Date: Sat Oct 19 12:10:52 2024 +1300 7474 7475 Add make target for standalone sk-libfido2 7476 7477 Add a Makefile target for sk-libfido2, the standalone fido2 security 7478 key shared library, suitable for use with the SecurityKeyProvider 7479 option. 7480 7481 Add a new configure option `--with-security-key-standalone` that 7482 optionally sets the shared library target sk-libfido2$(SHLIBEXT), and 7483 adds it to $(TARGETS). 7484 7485 misc.h is required when SK_STANDALONE is defined, because of the use 7486 of `monotime_tv` in `sk_select_by_touch`. 7487 7488 Sets the shared library extension for sk-libfido2 is by setting 7489 `SHLIBEXT` depending on the platform in configure.ac. 7490 7491 Add the shared library to the CI builds in the `sk` target config to 7492 make sure it can compile under the same conditions as 7493 `--with-security-key-builtin`. 7494 7495 Add a libssh-pic.a static library that compiles with `-fPIC` reusing 7496 .c.lo method in sk-dummy.so for use in the shared library sk-libfido2. 7497 7498 Note, a separate static library libssh-pic.a is needed, since defining 7499 -DSK_STANDALONE excludes some symbols needed in sshkey.lo. 7500 7501commit 74d70841efbf41b9fcc8e6f6f4777d2e9d7e2004 7502Author: Arnout Engelen <arnout@bzzt.net> 7503Date: Fri Oct 18 13:42:38 2024 +0200 7504 7505 mdoc2man: balance nested square brackets 7506 7507 I noticed the square brackets in `destination [command [argument...]` 7508 in the synopsis for the `ssh.1` manpage were not balanced, 7509 this balances them. 7510 7511 Signed-off-by: Arnout Engelen <arnout@bzzt.net> 7512 7513commit 8eabd2ae2ca1d7756417a1ee5b41f09c5d997634 7514Author: djm@openbsd.org <djm@openbsd.org> 7515Date: Wed Nov 27 16:07:08 2024 +0000 7516 7517 upstream: fix argument of "Compression" directive in ssh -G config 7518 7519 dump, which used to work but broke in 9.8 7520 7521 OpenBSD-Commit-ID: c79936242d29c70d01941b28d2d07fd0b85fe46f 7522 7523commit 53c03961769d8879a81398074ea3cb36253d4f2e 7524Author: djm@openbsd.org <djm@openbsd.org> 7525Date: Wed Nov 27 13:27:34 2024 +0000 7526 7527 upstream: new name/link for agent I-D 7528 7529 OpenBSD-Commit-ID: e3420f3925a297a1b2ab7dfe7c7d274cfc8e1193 7530 7531commit 785e3c9110df8f2d30e42ce8b45969c49700f35b 7532Author: djm@openbsd.org <djm@openbsd.org> 7533Date: Wed Nov 27 13:00:23 2024 +0000 7534 7535 upstream: mention that biometrics may be used for FIDO key user 7536 7537 verification as well as PIN. Prompted by Zack Newman, ok jmc@ 7538 7539 OpenBSD-Commit-ID: b774a4438c9be70012661ee278450790d21277b8 7540 7541commit fd2e64c9ec9ea3e89e396be0db41aaf982ae1210 7542Author: djm@openbsd.org <djm@openbsd.org> 7543Date: Tue Nov 26 22:05:51 2024 +0000 7544 7545 upstream: g/c outdated XXX comments 7546 7547 OpenBSD-Commit-ID: 74d0c0b74994d9a4343c4d7ea4948cb34f609a6c 7548 7549commit 0ad34a6193357d286042322ea7347262a6fb0778 7550Author: djm@openbsd.org <djm@openbsd.org> 7551Date: Tue Nov 26 22:02:28 2024 +0000 7552 7553 upstream: regression test for UpdateHostkeys with multiple keys backed 7554 7555 by ssh-agent. Patch from Maxime Rey. 7556 7557 OpenBSD-Regress-ID: 1777ab6e639e57c0e20cbcb6df60455b49fd8bb3 7558 7559commit 84023656d91b78f1ef86c8321ec563f2e90f7227 7560Author: djm@openbsd.org <djm@openbsd.org> 7561Date: Tue Nov 26 22:01:37 2024 +0000 7562 7563 upstream: Explicitly specify the signature algorithm when signing 7564 7565 hostkeys-prove requests. 7566 7567 Fixes a corner-case triggered by UpdateHostKeys with one or more unknown 7568 host keys stored in ssh-agent where sshd refuses to accept the signature 7569 coming back from the agent. 7570 7571 Report/fix from Maxime Rey 7572 7573 OpenBSD-Commit-ID: 460c7d527a24f92b7e5f68ca1a2fa242ebf0d086 7574 7575commit d1c1cfc5e4e9b43593d4642810ea8135e4c7db49 7576Author: djm@openbsd.org <djm@openbsd.org> 7577Date: Tue Nov 26 21:23:35 2024 +0000 7578 7579 upstream: when using RSA keys to sign messages, select the 7580 7581 signature algorithm based on the requested hash algorithm ("-Ohashalg=xxx"). 7582 7583 This allows using something other than rsa-sha2-512, which may not 7584 be supported on all signing backends, e.g. some smartcards only 7585 support SHA256. 7586 7587 Patch from Morten Linderud; ok markus@ 7588 7589 OpenBSD-Commit-ID: 246353fac24e92629263996558c6788348363ad7 7590 7591commit ac7544654441280071b90a4129a47467d40f2389 7592Author: djm@openbsd.org <djm@openbsd.org> 7593Date: Sun Nov 24 23:47:50 2024 +0000 7594 7595 upstream: turn off CDIAGFLAGS and turn back on INSTALL_STRIP 7596 7597 accidentally changed in last commit 7598 7599 OpenBSD-Commit-ID: 6d07e4606997e36b860621a14dd41975f2902f8f 7600 7601commit 953fa5b59afb04c3c74ed82d7bace65c13cd8baa 7602Author: Darren Tucker <dtucker@dtucker.net> 7603Date: Sat Nov 9 11:41:44 2024 +1100 7604 7605 Disable security key for bigendian interop. 7606 7607 It doesn't currently work. It's not clear why, but I suspect 7608 sk-dummy.so ends up being built for the wrong architecture. 7609 7610commit a80eb71c428c474098087c672398f200be8fabdf 7611Author: Darren Tucker <dtucker@dtucker.net> 7612Date: Sat Nov 9 05:14:16 2024 +1100 7613 7614 Reshuffle OpenWRT test configs. 7615 7616 Move the the flags used by the OpenWRT distro to mipsel target and 7617 enable OpenSSL on all targets to improve coverage. 7618 7619 Explicitly disable security key and openssl on mips target so that host 7620 end of the bigendian interop tests don't attempt them and fail (since 7621 they're not enabled on the target side). 7622 7623commit d2709c461359e4129311cdff81ee05242d6c53cd 7624Author: Darren Tucker <dtucker@dtucker.net> 7625Date: Sat Nov 9 03:26:08 2024 +1100 7626 7627 Add keytype to bigendian interop test. 7628 7629commit 50ac0f0e0627d29fd9becf5e15e8ceca5ad18078 7630Author: Darren Tucker <dtucker@dtucker.net> 7631Date: Sat Nov 9 03:24:29 2024 +1100 7632 7633 Ignore chown failure, eg due to dangling symlinks. 7634 7635commit 9e528e65a03245cf28e814f09b88c701bec935d1 7636Author: Darren Tucker <dtucker@dtucker.net> 7637Date: Sat Nov 2 18:05:41 2024 +1100 7638 7639 Test bigendian interop. 7640 7641 Where our test target is a bigendian system, do an additional build on 7642 the runner host (which is little endian) and test interop between the two. 7643 Should hopefully catch obvious endianness bugs. 7644 7645commit dd416f5bfa96ac1ff44b27a93f7b55ee627c6baf 7646Author: Darren Tucker <dtucker@dtucker.net> 7647Date: Fri Nov 1 19:44:29 2024 +1100 7648 7649 Allow overridding TEST_SSH_SSHD. 7650 7651 This will allow tests to specify an alternative sshd, eg on a remote 7652 machine with different endianness. 7653 7654commit 82662d562cf54829df8a941cdfb2fd307e1d9a90 7655Author: djm@openbsd.org <djm@openbsd.org> 7656Date: Wed Nov 6 22:51:26 2024 +0000 7657 7658 upstream: ssh-agent implemented an all-or-nothing allow-list of 7659 7660 FIDO application IDs for security key-backed keys, to prevent web key handles 7661 from being used remotely as this would likely lead to unpleasant surprises. 7662 By default, only application IDs that start with "ssh:*" are allowed. 7663 7664 This adds a -Owebsafe-allow=... argument that can override the default 7665 list with a more or less restrictive one. The default remains unchanged. 7666 7667 ok markus@ 7668 7669 OpenBSD-Commit-ID: 957c1ed92a8d7c87453b9341f70cb3f4e6b23e8d 7670 7671commit 593a0b65c55c1e06a8c22b084aefc395aedb0127 7672Author: jca@openbsd.org <jca@openbsd.org> 7673Date: Mon Nov 4 21:59:15 2024 +0000 7674 7675 upstream: Ignore extra groups that don't fit in the buffer passed 7676 7677 to getgrouplist(3) 7678 7679 Our kernel supports 16 groups (NGROUPS_MAX), but nothing prevents 7680 an admin from adding a user to more groups. With that tweak we'll keep 7681 on ignoring them instead of potentially reading past the buffer passed to 7682 getgrouplist(3). That behavior is explicitely described in initgroups(3). 7683 7684 ok millert@ gilles@ 7685 7686 OpenBSD-Commit-ID: a959fc45ea3431b36f52eda04faefc58bcde00db 7687 7688commit e7adebeff3a9d038d0eaeeb0fcefedf29acb7e90 7689Author: Damien Miller <djm@mindrot.org> 7690Date: Mon Nov 4 14:39:27 2024 +1100 7691 7692 Add git signing key for Tim Rice 7693 7694commit da4b84845e874f12af7e0686170fa391c919d1df 7695Author: Darren Tucker <dtucker@dtucker.net> 7696Date: Fri Nov 1 18:51:22 2024 +1100 7697 7698 Correct path to c-cpp.yml file in workflow config. 7699 7700commit 28740aa2c75392a9c4191eb9523f9b20853e2932 7701Author: Darren Tucker <dtucker@dtucker.net> 7702Date: Fri Nov 1 18:44:42 2024 +1100 7703 7704 Test new OpenSSL and LibreSSL releases.` 7705 7706commit a74809fe06540f16231b354ffe21fcbf39e81f73 7707Author: Darren Tucker <dtucker@dtucker.net> 7708Date: Fri Nov 1 18:44:00 2024 +1100 7709 7710 Add nbsd10 default test config. 7711 7712commit 88b35cbdc1500efece65cd6a9a20a72cf7e46eaa 7713Author: Damien Miller <djm@mindrot.org> 7714Date: Wed Oct 30 14:25:14 2024 +1100 7715 7716 fix uint64_t types; reported by Tom G. Christensen 7717 7718commit ef7c26cd2f0f9a8222f851d1e551f6dfd3113f8b 7719Author: Damien Miller <djm@mindrot.org> 7720Date: Sun Oct 27 13:28:11 2024 +1100 7721 7722 htole64() etc for systems without endian.h 7723 7724commit 0c3927c45f8a57b511c874c4d51a8c89414f74ef 7725Author: djm@openbsd.org <djm@openbsd.org> 7726Date: Sun Oct 27 02:06:59 2024 +0000 7727 7728 upstream: explicitly include endian.h 7729 7730 OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318 7731 7732commit cf3e48ee8ba1beeccddd2f203b558fa102be67a2 7733Author: djm@openbsd.org <djm@openbsd.org> 7734Date: Sun Oct 27 02:06:01 2024 +0000 7735 7736 upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by 7737 7738 jsg@ feedback/ok deraadt@ 7739 7740 OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0 7741 7742commit ae566d51b64fa3dce7063e7745b9b35f8f47abde 7743Author: naddy@openbsd.org <naddy@openbsd.org> 7744Date: Fri Oct 25 21:53:24 2024 +0000 7745 7746 upstream: mlkem768x25519-sha256 has been promoted to default key 7747 7748 exchange 7749 7750 OpenBSD-Commit-ID: 5a3259a193fd42108a869ebf650b95b5f2d08dcf 7751 7752commit 3af1dba1384ca896df6e973c70398c41d36de1ea 7753Author: Darren Tucker <dtucker@dtucker.net> 7754Date: Fri Oct 25 19:04:30 2024 +1100 7755 7756 Retire the minix3 test config. 7757 7758 It got broken by the sshd-auth change, it's not obvious why, and the 7759 platform lacks the debugging tools (eg gdb, strace) to figure it out. 7760 The upstream project seems effectively dead (6 years since the last 7761 commit, 10 since the last release). It was useful while it lasted 7762 (we found a real bug because of it) but its time seems to have passed. 7763 7764commit 3b240cc44b8de9175280ddbe59331317d427b0e3 7765Author: Preetish Amballi <amballip@gmail.com> 7766Date: Mon Oct 21 14:07:02 2024 +0000 7767 7768 Updated gitignore to ignore sshd-session and sshd-auth targets 7769 7770commit 326495744f06a0ab18ee0d16f87b3fe91cac92fb 7771Author: Darren Tucker <dtucker@dtucker.net> 7772Date: Fri Oct 25 19:01:02 2024 +1100 7773 7774 Simplify pselect shim and remove side effects. 7775 7776 Instead of maintaing state (pipe descriptors, signal handlers) across 7777 pselect-on-select invocations, set up and restore them each call. 7778 This prevents outside factors (eg a closefrom or signal handler 7779 installation) from potentially causing problems. This does result in a 7780 drop in throughput of a couple of percent on geriatric platforms without 7781 a native pselect due to the extra overhead. Tweaks & ok djm@ 7782 7783commit e53b615f3934ffac1efb3c1e491d126b9b09fd24 7784Author: djm@openbsd.org <djm@openbsd.org> 7785Date: Fri Oct 25 01:34:18 2024 +0000 7786 7787 upstream: promote mlkem768x25519-sha256 to be the default key exchange; 7788 7789 ok markus@ 7790 7791 OpenBSD-Commit-ID: fc673065e6505bb06b2e2b9362f78ccb4200a828 7792 7793commit de644b1831b970f6655f871c051774cc871e8e74 7794Author: djm@openbsd.org <djm@openbsd.org> 7795Date: Thu Oct 24 03:28:34 2024 +0000 7796 7797 upstream: test SIGUSR1 dropping all keys from ssh-agent 7798 7799 OpenBSD-Regress-ID: 8654b9aa8eb695b1499fffc408c25319592bf0e0 7800 7801commit e86d7a077ce9a2b9ee9d4138c358a17cbdb786f9 7802Author: djm@openbsd.org <djm@openbsd.org> 7803Date: Thu Oct 24 03:15:47 2024 +0000 7804 7805 upstream: amake ssh-agent drop all keys when it receives SIGUSR1; 7806 7807 let's users zap keys without access to $SSH_AUTH_SOCK 7808 7809 ok deraadt@ 7810 7811 OpenBSD-Commit-ID: dae9db0516b1011e5ba8c655ac702fce42e6c023 7812 7813commit 94cdfebec852a2429c008cc2a55f8e4183f36972 7814Author: djm@openbsd.org <djm@openbsd.org> 7815Date: Thu Oct 24 03:14:37 2024 +0000 7816 7817 upstream: relax valid_domain() checks to allow an underscore as the 7818 7819 first character. ok deraadt@ 7820 7821 OpenBSD-Commit-ID: 3f8be6d32496e5596dd8b14e19cb067ddd7969ef 7822 7823commit 1b05d5437bf45bee5e3104772dea06ed51764f1b 7824Author: dtucker@openbsd.org <dtucker@openbsd.org> 7825Date: Tue Oct 22 07:13:28 2024 +0000 7826 7827 upstream: Remove sshd logfile in start_sshd 7828 7829 ... and ssh and sshd log wrappers before recreating them. Prevents "can't 7830 create" errors during tests when running tests without SUDO after having 7831 run them with SUDO. 7832 7833 OpenBSD-Regress-ID: 2f0a83532e3dccd673a9bf0291090277268c69a6 7834 7835commit 307ab3c7720f8879b835614b02687358ee4df9b9 7836Author: dtucker@openbsd.org <dtucker@openbsd.org> 7837Date: Tue Oct 22 06:16:26 2024 +0000 7838 7839 upstream: Add a sshd debug wrapper 7840 7841 ... to run all of the subprograms from the build directory while 7842 developing and debugging. Should help prevent accidentally testing 7843 against unchanged installed sshd-auth and sshd-session binaries. ok djm@ 7844 7845 OpenBSD-Commit-ID: 61760cdc98c2bc8f1e9f83a6f97cca0f66b52e69 7846 7847commit 87bd1cb3ccba5e91d2650eb7f753c898ee43858e 7848Author: dtucker@openbsd.org <dtucker@openbsd.org> 7849Date: Tue Oct 22 06:13:00 2024 +0000 7850 7851 upstream: Make debug call printf("%s", NULL) safe. 7852 7853 Prevents problems on platforms where this isn't safe (which it's not 7854 required to be). ok djm@ 7855 7856 OpenBSD-Commit-ID: 8fa4ce3ad90915c925b81b99a79ab920b0523387 7857 7858commit c44c349edd157b2c00c42bd5ef5f9dfb37de26f3 7859Author: Darren Tucker <dtucker@dtucker.net> 7860Date: Tue Oct 22 17:48:32 2024 +1100 7861 7862 Resync cvsid missed in commit 6072e4c9. 7863 7864commit fe4305c37ffe53540a67586854e25f05cf615849 7865Author: djm@openbsd.org <djm@openbsd.org> 7866Date: Fri Oct 18 05:53:26 2024 +0000 7867 7868 upstream: mention that LocalForward and RemoteForward can accept Unix 7869 7870 domain socket paths; GHPR115 7871 7872 OpenBSD-Commit-ID: a8a34d0a0c51a9ddab3dfce615f9878fa76ef842 7873 7874commit 9c97b6af8e052ab5ffe0f9096fadc8f9a4d0ed0f 7875Author: djm@openbsd.org <djm@openbsd.org> 7876Date: Fri Oct 18 05:45:40 2024 +0000 7877 7878 upstream: remove duplicate check; GHPR392 from Pedro Martelletto 7879 7880 OpenBSD-Commit-ID: 597ab7dd3f0e78939d2659fc1904d0f39ee95487 7881 7882commit d9cd208e89a471a3ff8adfcec68d6210af9e9fd5 7883Author: djm@openbsd.org <djm@openbsd.org> 7884Date: Fri Oct 18 05:37:24 2024 +0000 7885 7886 upstream: allow "-" as output file for moduli screening 7887 7888 based on GHPR393 7889 7890 OpenBSD-Commit-ID: 1517763764eb55d03a6092dd120d2909c6fef0e1 7891 7892commit 5eb5c4b2820d0636b1eccee646fb32ec946c4a95 7893Author: djm@openbsd.org <djm@openbsd.org> 7894Date: Fri Oct 18 05:32:51 2024 +0000 7895 7896 upstream: ssh-keyscan doesn't need it's own sshfatal() definition, it 7897 7898 can use the shared one from fatal.c 7899 7900 based on GHPR401 from lengyijun 7901 7902 OpenBSD-Commit-ID: 8ea75ea99f27f464c9223cbc89cb046ccf9cd5c4 7903 7904commit 0a1e75499e2c6fc258ee903645c878480949f362 7905Author: djm@openbsd.org <djm@openbsd.org> 7906Date: Fri Oct 18 05:14:51 2024 +0000 7907 7908 upstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type when 7909 7910 arranging the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I 7911 guess others are using it 7912 7913 based on GHPR387 from Pawel Jakub Dawidek 7914 7915 OpenBSD-Commit-ID: 4d462495ac0c40f7b7dd66178e0005b9b2128225 7916 7917commit d01ee7a88c5f4b1aa8c75a7c739f8f3bc1ad8bde 7918Author: djm@openbsd.org <djm@openbsd.org> 7919Date: Fri Oct 18 05:03:34 2024 +0000 7920 7921 upstream: require control-escape character sequences passed via the '-e 7922 7923 ^x' commandline to be exactly two characters long. Avoids one by OOB read if 7924 ssh is invoked as "ssh -e^ ..." 7925 7926 Spotted by Maciej Domanski in GHPR368 7927 7928 OpenBSD-Commit-ID: baa72bc60898fc5639e6c62de7493a202c95823d 7929 7930commit 74ff6382f5743e09930e6cbd195dac65cd6062c9 7931Author: djm@openbsd.org <djm@openbsd.org> 7932Date: Fri Oct 18 04:30:09 2024 +0000 7933 7934 upstream: remove addr.[ch] functions that are unused and 7935 7936 visbility-restrict ones that are unused outside the implementation itself; 7937 based on GHPR#282 by tobias@ 7938 7939 OpenBSD-Commit-ID: a0140f2418b4d46cfaa7b33febc0a0931f9b2744 7940 7941commit a9d6d7d93c533fa729f08b405e786d912553f33e 7942Author: djm@openbsd.org <djm@openbsd.org> 7943Date: Fri Oct 18 04:14:59 2024 +0000 7944 7945 upstream: unreachable POLLERR case; from ya0guang via GHPR485 7946 7947 OpenBSD-Commit-ID: b3c82655190532b01eb817e532742cfaa4687eff 7948 7949commit d76424bf279ff951383e21213eb3759ea4090674 7950Author: djm@openbsd.org <djm@openbsd.org> 7951Date: Fri Oct 18 04:11:54 2024 +0000 7952 7953 upstream: s/Sx/Cm/ for external references; from Domen Puncer 7954 7955 Kugler via GHPR501 7956 7957 OpenBSD-Commit-ID: f864a34feb5d5ff17160cf7c42ad0f7744fe8a3f 7958 7959commit ca204b994e2981e7bf95627b3105408917105649 7960Author: naddy@openbsd.org <naddy@openbsd.org> 7961Date: Mon Oct 14 23:53:34 2024 +0000 7962 7963 upstream: mention SshdAuthPath option; ok djm@ 7964 7965 OpenBSD-Commit-ID: 9a5d3add25e4e77bd3805bc5583a842ecf34d85c 7966 7967commit be27770e840c4dd9d9fcad1aa879400c727d7c2f 7968Author: Darren Tucker <dtucker@dtucker.net> 7969Date: Fri Oct 18 13:37:55 2024 +1100 7970 7971 Remove references to systrace and pledge sandboxes. 7972 7973 ok djm@ 7974 7975commit 49e64bf63fbf2f14961062dafe8ef08cb816bb08 7976Author: Pavel Miadzvedzeu <pmiadzvedzeu@gmail.com> 7977Date: Wed Apr 24 10:19:56 2024 +0300 7978 7979 Fix "undeclared 'ut'" error by replacing it with 'utx' 7980 7981commit 67f684733f60f66479854a2867b953de731e71b2 7982Author: Darren Tucker <dtucker@dtucker.net> 7983Date: Thu Oct 17 20:50:29 2024 +1100 7984 7985 Seed RNG when starting up sshd-auth. 7986 7987 Makes builds configured --without-openssl work again since otherwise 7988 the first use of the RNG comes after the sandbox init and it can't 7989 open /dev/random. 7990 7991commit c06c681aeebbe8e84e7410095514e7ee91f7e6cb 7992Author: Darren Tucker <dtucker@dtucker.net> 7993Date: Thu Oct 17 19:18:23 2024 +1100 7994 7995 MacOS 12 runners are deprecated, replace with 15. 7996 7997commit 39db1f23bafb48a7c0cc9c65c716a0370f4cc677 7998Author: Damien Miller <djm@mindrot.org> 7999Date: Thu Oct 17 13:28:47 2024 +1100 8000 8001 Fix lookup path for sshd-auth; bz3745 8002 8003commit c537eeb1ae5f069450053b0027e64efe5bdb37d2 8004Author: Damien Miller <djm@mindrot.org> 8005Date: Wed Oct 16 08:28:21 2024 +1100 8006 8007 fix breakage; missing saved_argc symbol 8008 8009commit 98a0883bdef28a06c7e017f27adf21ba57898bf4 8010Author: Damien Miller <djm@mindrot.org> 8011Date: Mon Oct 14 17:17:50 2024 +1100 8012 8013 fix capsicum sandbox 8014 8015commit 164ea4380564a2a83713eacf71908e3946e5e4e4 8016Author: Damien Miller <djm@mindrot.org> 8017Date: Mon Oct 14 17:16:41 2024 +1100 8018 8019 put back some portable bits for sshd-auth.c 8020 8021commit f8edf08c258ee2918689872c4702302052729726 8022Author: Damien Miller <djm@mindrot.org> 8023Date: Mon Oct 14 14:49:25 2024 +1100 8024 8025 there's only one sandbox, move to a static global 8026 8027commit 4482f0042b41d3d63c3845d7ba9fcf47c9252a84 8028Author: Damien Miller <djm@mindrot.org> 8029Date: Mon Oct 14 14:49:20 2024 +1100 8030 8031 depend 8032 8033commit 74856204a353a187dc6e7706c6cf84b7f14d775d 8034Author: djm@openbsd.org <djm@openbsd.org> 8035Date: Mon Oct 14 03:02:08 2024 +0000 8036 8037 upstream: regress support for split sshd-auth binary 8038 8039 OpenBSD-Regress-ID: df7d18a87b475f70004770f0f4e404adba5f6ab7 8040 8041commit 461741083d7254595fecea274e60fe3ebf3ce3f9 8042Author: djm@openbsd.org <djm@openbsd.org> 8043Date: Fri Sep 27 01:05:54 2024 +0000 8044 8045 upstream: test some more Match syntax, including criteria=arg and 8046 8047 negations 8048 8049 OpenBSD-Regress-ID: 67476baccc60bf1a255fd4e329ada950047b8b8d 8050 8051commit 6072e4c9385713e9c166f32cfca6a7e603d4f0b8 8052Author: djm@openbsd.org <djm@openbsd.org> 8053Date: Mon Oct 14 01:57:50 2024 +0000 8054 8055 upstream: Split per-connection sshd-session binary 8056 8057 This splits the user authentication code from the sshd-session 8058 binary into a separate sshd-auth binary. This will be executed by 8059 sshd-session to complete the user authentication phase of the 8060 protocol only. 8061 8062 Splitting this code into a separate binary ensures that the crucial 8063 pre-authentication attack surface has an entirely disjoint address 8064 space from the code used for the rest of the connection. It also 8065 yields a small runtime memory saving as the authentication code will 8066 be unloaded after thhe authentication phase completes. 8067 8068 Joint work with markus@ feedback deraadt@ 8069 8070 Tested in snaps since last week 8071 8072 OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c 8073 8074commit fe6c6330c1a94c7a537efe9069853ce7a275c50a 8075Author: djm@openbsd.org <djm@openbsd.org> 8076Date: Sun Oct 13 22:20:06 2024 +0000 8077 8078 upstream: don't start the ObscureKeystrokeTiming mitigations if 8079 8080 there has been traffic on a X11 forwarding channel recently. 8081 8082 Should fix X11 forwarding performance problems when this setting is 8083 enabled. Patch from Antonio Larrosa via bz3655 8084 8085 OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab 8086 8087commit 538cd28598ae942c94b99855b06fdd937e2e7381 8088Author: jsg@openbsd.org <jsg@openbsd.org> 8089Date: Sat Oct 12 10:50:37 2024 +0000 8090 8091 upstream: remove duplicate misc.h include ok dtucker@ 8092 8093 OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e 8094 8095commit 0051381a8c33740a77a1eca6859efa1c78887d80 8096Author: djm@openbsd.org <djm@openbsd.org> 8097Date: Sun Oct 6 23:37:17 2024 +0000 8098 8099 upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key 8100 8101 exchange in sshd by default. Specifically, this removes the 8102 diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client 8103 is unchanged and continues to support these methods by default. 8104 8105 Finite field Diffie Hellman is slow and computationally expensive for 8106 the same security level as Elliptic Curve DH or PQ key agreement while 8107 offering no redeeming advantages. 8108 8109 ECDH has been specified for the SSH protocol for 15 years and some 8110 form of ECDH has been the default key exchange in OpenSSH for the last 8111 14 years. 8112 8113 ok markus@ 8114 8115 OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da 8116 8117commit 67a115e7a56dbdc3f5a58c64b29231151f3670f5 8118Author: djm@openbsd.org <djm@openbsd.org> 8119Date: Thu Sep 26 23:55:08 2024 +0000 8120 8121 upstream: fix previous change to ssh_config Match, which broken on 8122 8123 negated Matches; spotted by phessler@ ok deraadt@ 8124 8125 OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7 8126 8127commit 220b6c1290042acd5180d783dea01efe1365c265 8128Author: jsg@openbsd.org <jsg@openbsd.org> 8129Date: Wed Sep 25 23:01:39 2024 +0000 8130 8131 upstream: remove some unused defines; ok djm@ 8132 8133 OpenBSD-Commit-ID: 3a63e4e11d455704f684c28715d61b17f91e0996 8134 8135commit 3ef4f6e8a4d774f73852391fdccbb95f39fc71bf 8136Author: jmc@openbsd.org <jmc@openbsd.org> 8137Date: Wed Sep 25 06:13:01 2024 +0000 8138 8139 upstream: remove some unneeded Xo/Xc calls; from evan silberman the 8140 8141 original diff had a couple of errors, which i've fixed 8142 8143 OpenBSD-Commit-ID: f37ad5888adbc0d4e1cd6b6de237841f4b1e650d 8144 8145commit 3f02368e8e9121847727c46b280efc280e5eb615 8146Author: djm@openbsd.org <djm@openbsd.org> 8147Date: Wed Sep 25 01:24:04 2024 +0000 8148 8149 upstream: fix regression introduced when I switched the "Match" 8150 8151 criteria tokeniser to a more shell-like one. Apparently the old tokeniser 8152 (accidentally?) allowed "Match criteria=argument" as well as the "Match 8153 criteria argument" syntax that we tested for. 8154 8155 People were using this syntax so this adds back support for 8156 "Match criteria=argument" 8157 8158 bz3739 ok dtucker 8159 8160 OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a 8161 8162commit 9517cc58577f85a0ba5f8bb46778dff625f0688f 8163Author: djm@openbsd.org <djm@openbsd.org> 8164Date: Tue Sep 24 02:28:17 2024 +0000 8165 8166 upstream: some extra paranoia, reminded by jsg@ 8167 8168 OpenBSD-Commit-ID: 22072bfa1df1391858ae7768a6c627e08593a91e 8169 8170commit 815a94e86a68c1000b8310cb47695cea9329516c 8171Author: Damien Miller <djm@mindrot.org> 8172Date: Wed Sep 25 11:15:45 2024 +1000 8173 8174 gss-serv.c needs sys/param.h 8175 8176 From Void Linux 8177 8178commit 76a618d2842c34c16cd21a4efc7230e2f459008d 8179Author: Damien Miller <djm@mindrot.org> 8180Date: Wed Sep 25 11:13:05 2024 +1000 8181 8182 build construct_utmp() when USE_BTMP is set 8183 8184 Fixes compile error on Void Linux/Musl 8185 8186commit d3aee17f6d395202eaa42a0c449b6da41f61527c 8187Author: Darren Tucker <dtucker@dtucker.net> 8188Date: Tue Sep 24 18:41:44 2024 +1000 8189 8190 Test the flags from OpenWRT's package. 8191 8192commit 0f5d19e6fe4b58a89e6dc8c71a2aae30365d193e 8193Author: Christoph Ostarek <christoph@zededa.com> 8194Date: Wed Jul 3 12:46:59 2024 +0200 8195 8196 fix utmpx ifdef 8197 8198 02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for 8199 utmpx, but forgot to change the ifdef appropriately 8200 8201commit e03239f999acf9dc3da0f2f72bde36abbe678911 8202Author: jsg@openbsd.org <jsg@openbsd.org> 8203Date: Sun Sep 22 12:56:21 2024 +0000 8204 8205 upstream: remove some unused defines; ok djm@ 8206 8207 OpenBSD-Commit-ID: 81869ee6356fdbff19dae6ff757095e6b24de712 8208 8209commit a35f543d3a6275fef781e515c262d1c687c3bc28 8210Author: jsg@openbsd.org <jsg@openbsd.org> 8211Date: Fri Sep 20 02:00:46 2024 +0000 8212 8213 upstream: remove unneeded semicolons; checked by millert@ 8214 8215 OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231 8216 8217commit 1641f2d4d6e05d2147913442864cae546e64f08b 8218Author: Darren Tucker <dtucker@dtucker.net> 8219Date: Mon Sep 23 20:52:31 2024 +1000 8220 8221 Add 9.9 branch to CI status console. 8222 8223commit 46d1fb16b20e971b9ac15e86a3d3e350b49c9ad6 8224Author: Damien Miller <djm@mindrot.org> 8225Date: Fri Sep 20 08:20:13 2024 +1000 8226 8227 update version numbers 8228 8229commit 0bdca1f218971b38728a0a129f482476baff0968 8230Author: djm@openbsd.org <djm@openbsd.org> 8231Date: Thu Sep 19 22:17:44 2024 +0000 8232 8233 upstream: openssh-9.9 8234 8235 OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98 8236 8237commit ef2d7f2d3e1b4c9ae71bacf963e76a92ab8be543 8238Author: Damien Miller <djm@mindrot.org> 8239Date: Wed Sep 18 16:03:23 2024 +1000 8240 8241 include openbsd-compat/base64.c license in LICENSE 8242 8243commit 7ef362b989c8d1f7596f557f22e5924b9c08f0ea 8244Author: Damien Miller <djm@mindrot.org> 8245Date: Wed Sep 18 09:01:23 2024 +1000 8246 8247 conditionally include mman.h in arc4random code 8248 8249commit 5fb2b5ad0e748732a27fd8cc16a7ca3c21770806 8250Author: Damien Miller <djm@mindrot.org> 8251Date: Tue Sep 17 11:53:24 2024 +1000 8252 8253 fix bug in recently-added sntrup761 fuzzer 8254 8255 key values need to be static to persist across invocations; 8256 spotted by the Qualys Security Advisory team. 8257 8258commit 0ca128c9ee894f1b0067abd473bfb33171df67f8 8259Author: djm@openbsd.org <djm@openbsd.org> 8260Date: Mon Sep 16 05:37:05 2024 +0000 8261 8262 upstream: use 64 bit math to avoid signed underflow. upstream code 8263 8264 relies on using -fwrapv to provide defined over/underflow behaviour, but we 8265 use -ftrapv to catch integer errors and abort the program. ok dtucker@ 8266 8267 OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b 8268 8269commit f82e5e22cad88c81d8a117de74241328c7b101c3 8270Author: jmc@openbsd.org <jmc@openbsd.org> 8271Date: Sun Sep 15 08:27:38 2024 +0000 8272 8273 upstream: minor grammar/sort fixes for refuseconnection; ok djm 8274 8275 OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da 8276 8277commit 0c1165fc78e8fe69b5df71f81a8f944554a68b53 8278Author: Damien Miller <djm@mindrot.org> 8279Date: Sun Sep 15 13:30:13 2024 +1000 8280 8281 avoid gcc warning in fuzz test 8282 8283commit ce171d0718104b643854b53443ff72f7283d33f2 8284Author: djm@openbsd.org <djm@openbsd.org> 8285Date: Sun Sep 15 03:09:44 2024 +0000 8286 8287 upstream: bad whitespace in config dump output 8288 8289 OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c 8290 8291commit 671c440786a5a66216922f15d0007b60f1e6733f 8292Author: Damien Miller <djm@mindrot.org> 8293Date: Sun Sep 15 12:53:59 2024 +1000 8294 8295 use construct_utmp to construct btmp records 8296 8297 Simpler and removes some code with the old-style BSD license. 8298 8299commit 930cb02b6113df72fbc732b9feb8e4f490952a81 8300Author: djm@openbsd.org <djm@openbsd.org> 8301Date: Sun Sep 15 02:20:51 2024 +0000 8302 8303 upstream: update the Streamlined NTRU Prime code from the "ref" 8304 8305 implementation in SUPERCOP 20201130 to the "compact" implementation in 8306 SUPERCOP 20240808. The new version is substantially faster. Thanks to Daniel 8307 J Bernstein for pointing out the new implementation (and of course for 8308 writing it). 8309 8310 tested in snaps/ok deraadt@ 8311 8312 OpenBSD-Commit-ID: bf1a77924c125ecdbf03e2f3df8ad13bd3dafdcb 8313 8314commit 9306d6017e0ce5dea6824c29ca5ba5673c2923ad 8315Author: djm@openbsd.org <djm@openbsd.org> 8316Date: Sun Sep 15 01:19:56 2024 +0000 8317 8318 upstream: document Match invalid-user 8319 8320 OpenBSD-Commit-ID: 2c84a9b517283e9711e2812c1f268081dcb02081 8321 8322commit 0118a4da21147a88a56dc8b90bbc2849fefd5c1e 8323Author: djm@openbsd.org <djm@openbsd.org> 8324Date: Sun Sep 15 01:18:26 2024 +0000 8325 8326 upstream: add a "Match invalid-user" predicate to sshd_config Match 8327 8328 options. 8329 8330 This allows writing Match conditions that trigger for invalid username. 8331 E.g. 8332 8333 PerSourcePenalties refuseconnection:90s 8334 Match invalid-user 8335 RefuseConnection yes 8336 8337 Will effectively penalise bots try to guess passwords for bogus accounts, 8338 at the cost of implicitly revealing which accounts are invalid. 8339 8340 feedback markus@ 8341 8342 OpenBSD-Commit-ID: 93d3a46ca04bbd9d84a94d1e1d9d3a21073fbb07 8343 8344commit 7875975136f275619427604900cb0ffd7020e845 8345Author: djm@openbsd.org <djm@openbsd.org> 8346Date: Sun Sep 15 01:11:26 2024 +0000 8347 8348 upstream: Add a "refuseconnection" penalty class to sshd_config 8349 8350 PerSourcePenalties 8351 8352 This allows penalising connection sources that have had connections 8353 dropped by the RefuseConnection option. ok markus@ 8354 8355 OpenBSD-Commit-ID: 3c8443c427470bb3eac1880aa075cb4864463cb6 8356 8357commit 8d21713b669b8516ca6d43424a356fccc37212bb 8358Author: djm@openbsd.org <djm@openbsd.org> 8359Date: Sun Sep 15 01:09:40 2024 +0000 8360 8361 upstream: Add a sshd_config "RefuseConnection" option 8362 8363 If set, this will terminate the connection at the first authentication 8364 request (this is the earliest we can evaluate sshd_config Match blocks) 8365 8366 ok markus@ 8367 8368 OpenBSD-Commit-ID: 43cc2533984074c44d0d2f92eb93f661e7a0b09c 8369 8370commit acad117e66018fe1fa5caf41b36e6dfbd61f76a1 8371Author: djm@openbsd.org <djm@openbsd.org> 8372Date: Sun Sep 15 00:58:01 2024 +0000 8373 8374 upstream: switch sshd_config Match processing to the argv tokeniser 8375 8376 too; ok markus@ 8377 8378 OpenBSD-Commit-ID: b74b5b0385f2e0379670e2b869318a65b0bc3923 8379 8380commit baec3f7f4c60cd5aa1bb9adbeb6dfa4a172502a8 8381Author: djm@openbsd.org <djm@openbsd.org> 8382Date: Sun Sep 15 00:57:36 2024 +0000 8383 8384 upstream: switch "Match" directive processing over to the argv 8385 8386 string tokeniser, making it possible to use shell-like quoting in Match 8387 directives, particularly "Match exec". ok markus@ 8388 8389 OpenBSD-Commit-ID: 0877309650b76f624b2194c35dbacaf065e769a5 8390 8391commit dd424d7c382c2074ab70f1b8ad4f169a10f60ee7 8392Author: djm@openbsd.org <djm@openbsd.org> 8393Date: Sun Sep 15 00:47:01 2024 +0000 8394 8395 upstream: include pathname in some of the ssh-keygen passphrase 8396 8397 prompts. Helps the user know what's going on when ssh-keygen is invoked via 8398 other tools. Requested in GHPR503 8399 8400 OpenBSD-Commit-ID: 613b0bb6cf845b7e787d69a5b314057ceda6a8b6 8401 8402commit 62bbf8f825cc390ecb0523752ddac1435006f206 8403Author: djm@openbsd.org <djm@openbsd.org> 8404Date: Sun Sep 15 00:41:18 2024 +0000 8405 8406 upstream: Do not apply authorized_keys options when signature 8407 8408 verification fails. Prevents restrictive key options being incorrectly 8409 applied to subsequent keys in authorized_keys. bz3733, ok markus@ 8410 8411 OpenBSD-Commit-ID: ba3776d9da4642443c19dbc015a1333622eb5a4e 8412 8413commit 49f325fd47af4e53fcd7aafdbcc280e53f5aa5ce 8414Author: Wu Weixin <wuweixin@gmail.com> 8415Date: Fri Aug 2 22:16:40 2024 +0800 8416 8417 Fix without_openssl always being set to 1 8418 8419 In Fedora systems, %{?rhel} is empty. In RHEL systems, %{?fedora} is 8420 empty. Therefore, the original code always sets without_openssl to 1. 8421 8422commit c21c3a2419bbc1c59cb1a16ea356e703e99a90d9 8423Author: djm@openbsd.org <djm@openbsd.org> 8424Date: Thu Sep 12 00:36:27 2024 +0000 8425 8426 upstream: Relax absolute path requirement back to what it was prior to 8427 8428 OpenSSH 9.8, which incorrectly required that sshd was started with an 8429 absolute path in inetd mode. bz3717, patch from Colin Wilson 8430 8431 OpenBSD-Commit-ID: 25c57f22764897242d942853f8cccc5e991ea058 8432 8433commit 1bc426f51b0a5cfdcfbd205218f0b6839ffe91e9 8434Author: naddy@openbsd.org <naddy@openbsd.org> 8435Date: Mon Sep 9 14:41:21 2024 +0000 8436 8437 upstream: document the mlkem768x25519-sha256 key exchange algorithm 8438 8439 OpenBSD-Commit-ID: fa18dccdd9753dd287e62ecab189b3de45672521 8440 8441commit 0a2db61a5ffc64d2e2961c52964f933879952fc7 8442Author: Darren Tucker <dtucker@dtucker.net> 8443Date: Tue Sep 10 21:11:14 2024 +1000 8444 8445 Spell omnios test host correctly. 8446 8447commit 059ed698a47c9af541a49cf754fd09f984ac5a21 8448Author: Darren Tucker <dtucker@dtucker.net> 8449Date: Tue Sep 10 18:52:02 2024 +1000 8450 8451 Add omnios test target. 8452 8453commit f4ff91575a448b19176ceaa8fd6843a25f39d572 8454Author: Darren Tucker <dtucker@dtucker.net> 8455Date: Tue Sep 10 18:45:55 2024 +1000 8456 8457 Wrap stdint.h in ifdef. 8458 8459commit ff714f001d20a9c843ee1fd9d92a16d40567d264 8460Author: Darren Tucker <dtucker@dtucker.net> 8461Date: Mon Sep 9 19:31:54 2024 +1000 8462 8463 Also test PAM on dfly64. 8464 8465commit 509b757c052ea969b3a41fc36818b44801caf1cf 8466Author: Damien Miller <djm@mindrot.org> 8467Date: Mon Sep 9 21:50:14 2024 +1000 8468 8469 stubs for ML-KEM KEX functions 8470 8471 used for C89 compilers 8472 8473commit 273581210c99ce7275b8efdefbb9f89e1c22e341 8474Author: Damien Miller <djm@mindrot.org> 8475Date: Mon Sep 9 17:30:38 2024 +1000 8476 8477 declare defeat trying to detect C89 compilers 8478 8479 I can't find a reliable way to detect the features the ML-KEM code 8480 requires in configure. Give up for now and use VLA support (that we 8481 can detect) as a proxy for "old compiler" and turn off ML-KEM if 8482 it isn't supported. 8483 8484commit e8a0f19b56dfa20f98ea9876d7171ec315fb338a 8485Author: Damien Miller <djm@mindrot.org> 8486Date: Mon Sep 9 16:46:40 2024 +1000 8487 8488 fix previous; check for C99 compound literals 8489 8490 The previous commit was incorrect (or at least insufficient), the 8491 ML-KEM code is actually using compound literals, so test for them. 8492 8493commit 7c07bec1446978bebe0780ed822c8fedfb377ae8 8494Author: Damien Miller <djm@mindrot.org> 8495Date: Mon Sep 9 16:06:21 2024 +1000 8496 8497 test for compiler feature needed for ML-KEM 8498 8499 The ML-KEM implementation we uses need the compiler to support 8500 C99-style named struct initialisers (e.g foo = {.bar = 1}). We 8501 still support (barely) building OpenSSH with older compilers, so 8502 add a configure test for this. 8503 8504commit d469d5f348772058789d35332d1ccb0b109c28ef 8505Author: djm@openbsd.org <djm@openbsd.org> 8506Date: Mon Sep 9 03:13:39 2024 +0000 8507 8508 upstream: test mlkem768x25519-sha256 8509 8510 OpenBSD-Regress-ID: 7baf6bc39ae55648db1a2bfdc55a624954847611 8511 8512commit 62fb2b51bb7f6863c3ab697f397b2068da1c993f 8513Author: djm@openbsd.org <djm@openbsd.org> 8514Date: Mon Sep 9 02:39:57 2024 +0000 8515 8516 upstream: pull post-quantum ML-KEM/x25519 key exchange out from 8517 8518 compile-time flag now than an IANA codepoint has been assigned for the 8519 algorithm. 8520 8521 Add mlkem768x25519-sha256 in 2nd KexAlgorithms preference slot. 8522 8523 ok markus@ 8524 8525 OpenBSD-Commit-ID: 9f50a0fae7d7ae8b27fcca11f8dc6f979207451a 8526 8527commit a8ad7a2952111c6ce32949a775df94286550af6b 8528Author: djm@openbsd.org <djm@openbsd.org> 8529Date: Fri Sep 6 02:30:44 2024 +0000 8530 8531 upstream: make parsing user@host consistently look for the last '@' in 8532 8533 the string rather than the first. This makes it possible to use usernames 8534 that contain '@' characters. 8535 MIME-Version: 1.0 8536 Content-Type: text/plain; charset=UTF-8 8537 Content-Transfer-Encoding: 8bit 8538 8539 Prompted by Max Zettlmeißl; feedback/ok millert@ 8540 8541 OpenBSD-Commit-ID: 0b16eec246cda15469ebdcf3b1e2479810e394c5 8542 8543commit 13cc78d016b67a74a67f1c97c7c348084cd9212c 8544Author: djm@openbsd.org <djm@openbsd.org> 8545Date: Wed Sep 4 05:33:34 2024 +0000 8546 8547 upstream: be more strict in parsing key type names. Only allow 8548 8549 shortnames (e.g "rsa") in user-interface code and require full SSH protocol 8550 names (e.g. "ssh-rsa") everywhere else. 8551 8552 Prompted by bz3725; ok markus@ 8553 8554 OpenBSD-Commit-ID: b3d8de9dac37992eab78adbf84fab2fe0d84b187 8555 8556commit ef8472309a68e319018def6f8ea47aeb40d806f5 8557Author: djm@openbsd.org <djm@openbsd.org> 8558Date: Wed Sep 4 05:11:33 2024 +0000 8559 8560 upstream: fix RCSID in output 8561 8562 OpenBSD-Commit-ID: 889ae07f2d2193ddc4351711919134664951dd76 8563 8564commit ba2ef20c75c5268d4d1257adfc2ac11c930d31e1 8565Author: jmc@openbsd.org <jmc@openbsd.org> 8566Date: Tue Sep 3 06:17:48 2024 +0000 8567 8568 upstream: envrionment -> environment; 8569 8570 OpenBSD-Commit-ID: b719f39c20e8c671ec6135c832d6cc67a595af9c 8571 8572commit e66c0c5673a4304a3a9fbf8305c6a19f8653740f 8573Author: Damien Miller <djm@mindrot.org> 8574Date: Wed Sep 4 15:35:29 2024 +1000 8575 8576 add basic fuzzers for our import of sntrup761 8577 8578commit d19dea6330ecd4eb403fef2423bd7e127f4c9828 8579Author: djm@openbsd.org <djm@openbsd.org> 8580Date: Tue Sep 3 05:58:56 2024 +0000 8581 8582 upstream: regression test for Include variable expansion 8583 8584 OpenBSD-Regress-ID: 35477da3ba1abd9ca64bc49080c50a9c1350c6ca 8585 8586commit 8c4d6a628051e318bae2f283e8dc38b896400862 8587Author: djm@openbsd.org <djm@openbsd.org> 8588Date: Tue Sep 3 05:29:55 2024 +0000 8589 8590 upstream: allow the "Include" directive to expand the same set of 8591 8592 %-tokens that "Match Exec" and environment variables. 8593 8594 ok dtucker@ 8595 8596 OpenBSD-Commit-ID: 12ef521eaa966a9241e684258564f52f1f3c5d37 8597 8598commit 51b82648b6827675fc0cde21175fd1ed8e89aab2 8599Author: djm@openbsd.org <djm@openbsd.org> 8600Date: Mon Sep 2 12:18:35 2024 +0000 8601 8602 upstream: missing ifdef 8603 8604 OpenBSD-Commit-ID: 85f09da957dd39fd0abe08fe5ee19393f25c2021 8605 8606commit f68312eb593943127b39ba79a4d7fa438c34c153 8607Author: djm@openbsd.org <djm@openbsd.org> 8608Date: Mon Sep 2 12:13:56 2024 +0000 8609 8610 upstream: Add experimental support for hybrid post-quantum key exchange 8611 8612 ML-KEM768 with ECDH/X25519 from the Internet-draft: 8613 https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 8614 8615 This is based on previous patches from markus@ but adapted to use the 8616 final FIPS203 standard ML-KEM using a formally-verified implementation 8617 from libcrux. 8618 8619 Note this key exchange method is still a draft and thus subject to 8620 change. It is therefore disabled by default; set MLKEM=yes to build it. 8621 We're making it available now to make it easy for other SSH 8622 implementations to test against it. 8623 8624 ok markus@ deraadt@ 8625 8626 OpenBSD-Commit-ID: 02a8730a570b63fa8acd9913ec66353735dea42c 8627 8628commit 05f2b141cfcc60c7cdedf9450d2b9d390c19eaad 8629Author: Antonio Larrosa <alarrosa@suse.com> 8630Date: Fri Aug 23 12:21:06 2024 +0200 8631 8632 Don't skip audit before exitting cleanup_exit 8633 8634 This fixes an issue where the SSH_CONNECTION_ABANDON event is not 8635 audited because cleanup_exit overrides the regular _exit too soon and 8636 as a result, failed auth attempts are not logged correctly. 8637 8638 The problem was introduced in 81c1099d22b81ebfd20a334ce986c4f753b0db29 8639 where the code from upstream was merged before the audit_event call when 8640 it should have been merged right before the _exit call in order to honor 8641 the comment that just mentions an override of the exit value. 8642 8643commit 16eaf9d401e70996f89f3f417738a8db421aa959 8644Author: djm@openbsd.org <djm@openbsd.org> 8645Date: Wed Aug 28 12:08:26 2024 +0000 8646 8647 upstream: fix test: -F is the argument to specify a non-default 8648 8649 ssh_config, not -f (this is sadly not a new bug) 8650 8651 OpenBSD-Regress-ID: 45a7bda4cf33f2cea218507d8b6a55cddbcfb322 8652 8653commit 10ccf611ab8ecba9ce6b0548c5ccd8c1220baf92 8654Author: deraadt@openbsd.org <deraadt@openbsd.org> 8655Date: Fri Aug 23 04:51:00 2024 +0000 8656 8657 upstream: As defined in the RFC, the SSH protocol has negotiable 8658 8659 compression support (which is requested as the name "zlib"). Compression 8660 starts very early in the session. Relative early in OpenSSH lifetime, privsep 8661 was added to sshd, and this required a shared-memory hack so the two 8662 processes could see what was going on in the dataflow. This shared-memory 8663 hack was soon recognized as a tremendous complexity risk, because it put libz 8664 (which very much trusts it's memory) in a dangerous place, and a new option 8665 ("zlib@openssh.com") was added begins compression after authentication (aka 8666 delayed-compression). That change also permitted removal of the 8667 shared-memory hack. Despite removal from the server, the old "zlib" support 8668 remained in the client, to allow negotiation with non-OpenSSH daemons which 8669 lack the delayed-compression option. This commit deletes support for the 8670 older "zlib" option in the client. It reduces our featureset in a small way, 8671 and encourages other servers to move to a better design. The SSH protocol is 8672 different enough that compressed-key-material attacks like BEAST are 8673 unlikely, but who wants to take the chance? We encourage other ssh servers 8674 who care about optional compression support to add delayed-zlib support. 8675 (Some already do "zlib@openssh.com") ok djm markus 8676 8677 OpenBSD-Commit-ID: 6df986f38e4ab389f795a6e39e7c6857a763ba72 8678 8679commit aee54878255d71bf93aa6e91bbd4eb1825c0d1b9 8680Author: djm@openbsd.org <djm@openbsd.org> 8681Date: Thu Aug 22 23:11:30 2024 +0000 8682 8683 upstream: sntrup761x25519-sha512 now has an IANA codepoint assigned, so 8684 8685 we can make the algorithm available without the @openssh.com suffix too. ok 8686 markus@ deraadt@ 8687 8688 OpenBSD-Commit-ID: eeed8fcde688143a737729d3d56d20ab4353770f 8689 8690commit a76a6b85108e3032c8175611ecc5746e7131f876 8691Author: Darren Tucker <dtucker@dtucker.net> 8692Date: Thu Aug 22 20:36:12 2024 +1000 8693 8694 Move rekey test into valgrind-2. 8695 8696 Now that the rekey test has been optimized it's fast enough to not be in 8697 its own valgrind test, so move it into valgrind-2, which is currently 8698 the quickest of the others, bringing all of them to roughly the same 8699 runtime of ~1.1 hours. 8700 8701commit 7e75e3f57c41b9a6e6401e7674d7c2ff5c33975b 8702Author: dtucker@openbsd.org <dtucker@openbsd.org> 8703Date: Thu Aug 22 10:21:02 2024 +0000 8704 8705 upstream: Use aes128-ctr for MAC tests since default has implicit MAC. 8706 8707 Also verify that the Cipher or MAC we intended to use is actually the one 8708 selected during the test. 8709 8710 OpenBSD-Regress-ID: ff43fed30552afe23d1364526fe8cf88cbfafe1d 8711 8712commit ebc890b8b4ba08c84cd1066b7b94b2b11f6c4cb4 8713Author: Damien Miller <djm@mindrot.org> 8714Date: Thu Aug 22 09:45:49 2024 +1000 8715 8716 fix incorrect default for PasswordAuthentication 8717 8718 merge botch spotted by gsgleason 8719 8720commit 15ace435ea1c2fab2a1cc7d9c3157fe20c776b80 8721Author: dtucker@openbsd.org <dtucker@openbsd.org> 8722Date: Wed Aug 21 10:33:27 2024 +0000 8723 8724 upstream: Some awks won't match on the \r so delete it instead. Fixes 8725 8726 regress in portable on, eg Solaris. 8727 8728 OpenBSD-Regress-ID: 44a96d6d2f8341d89b7d5fff777502b92ac9e9ba 8729 8730commit 51c96b6ed627779a04493a8fe25747996a37f3c2 8731Author: dtucker@openbsd.org <dtucker@openbsd.org> 8732Date: Wed Aug 21 07:06:27 2024 +0000 8733 8734 upstream: Import regenerated moduli. 8735 8736 OpenBSD-Commit-ID: 5db7049ad5558dee5b2079d3422e8ddab187c1cc 8737 8738commit 25c52f37a82c4da48ec537de37d7c168982b8d6d 8739Author: dtucker@openbsd.org <dtucker@openbsd.org> 8740Date: Wed Aug 21 06:59:08 2024 +0000 8741 8742 upstream: Use curve25519-sha256 kex where possible. 8743 8744 Except where we're explicitly testing a different kex, use 8745 curve25519-sha256 since it's faster than the default and supported even 8746 when configured without OpenSSL. Add a check to ensure that the kex we 8747 intended to test is the one we actually tested. Speeds test up by ~5%. 8748 8749 OpenBSD-Regress-ID: 3b27fcc2ae953cb08fd82a0d3155c498b226d6e0 8750 8751commit 3eb62b7ba49483c309b483eb9002a679014f3887 8752Author: dtucker@openbsd.org <dtucker@openbsd.org> 8753Date: Tue Aug 20 12:36:59 2024 +0000 8754 8755 upstream: Send only as much data as needed to trigger rekeying. Speeds 8756 8757 up tests by about 10% in the common case, hopefully more when instrumented 8758 with something like valgrind. 8759 8760 OpenBSD-Regress-ID: 7bf9292b4803357efcf0baf7cfbdc8521f212da1 8761 8762commit cbd3f034bbf7853618fac99d7d868a2250154ea7 8763Author: Damien Miller <djm@mindrot.org> 8764Date: Wed Aug 21 09:18:29 2024 +1000 8765 8766 simplify sshkey_prekey_alloc(); always use mmap 8767 8768commit 4442bbc2fc661277a6dabfedb756a7e15ee8b8b8 8769Author: dtucker@openbsd.org <dtucker@openbsd.org> 8770Date: Tue Aug 20 09:15:49 2024 +0000 8771 8772 upstream: Merge AEAD test into main test loop. 8773 8774 Removes 3 duplicate tests and speeds overall test up by about 1%. 8775 8776 OpenBSD-Regress-ID: 5e5c9ff3f7588091ed369e34ac28520490ad2619 8777 8778commit 829976a63fd1efae3a4c3e7c16fded59d92edb67 8779Author: dtucker@openbsd.org <dtucker@openbsd.org> 8780Date: Tue Aug 20 09:02:45 2024 +0000 8781 8782 upstream: Set a default RekeyLimit of 256k. 8783 8784 Used unless overridden by a command-line flag, which simplifies some of 8785 the ssh command lines. 8786 8787 OpenBSD-Regress-ID: e7cffa57027088e10336e412b34113969f88cb87 8788 8789commit 57d02c9ea36aebad4e7146d46e041b6b2e582f7f 8790Author: dtucker@openbsd.org <dtucker@openbsd.org> 8791Date: Tue Aug 20 07:52:43 2024 +0000 8792 8793 upstream: Add Compression=no to default ssh_config. 8794 8795 All of the rekey tests use it (otherwise the encrypted byte counts would 8796 not match) so this lets us simplify the command lines. 8797 8798 OpenBSD-Regress-ID: dab7ce10f4cf6c68827eb8658141272aab3ea262 8799 8800commit 7254eb26f7c0772c4b47c3b32f6d1b15855cdd8c 8801Author: dtucker@openbsd.org <dtucker@openbsd.org> 8802Date: Tue Aug 20 07:41:35 2024 +0000 8803 8804 upstream: Remove duplicate curve25519-sha256 kex. 8805 8806 curve25519-sha256@libssh.org is the pre-standardization name for the same 8807 thing, so remove it as a duplicate. Speeds up test by a tiny amount. 8808 8809 OpenBSD-Regress-ID: 5a5ee5fa1595a6e140b1cc16040bedf5996a5715 8810 8811commit 749896b874928c2785256cae4d75161dc3bfcc7d 8812Author: dtucker@openbsd.org <dtucker@openbsd.org> 8813Date: Tue Aug 20 07:27:25 2024 +0000 8814 8815 upstream: Unnest rekey param parsing test and use ssh not sshd. 8816 8817 ssh uses the same parsing code, now has "-G" to dump its config and is 8818 slightly faster to start up. This speeds up the test slightly (~5%) in the 8819 common case but should help more during instrumented tests, eg under 8820 valgrind, where startup costs are magnified. 8821 8822 OpenBSD-Regress-ID: 07c3acaf4c728e641033071f4441afc88141b0d0 8823 8824commit 2b1762115481ff2b7a60fd4db2ae69b725437462 8825Author: djm@openbsd.org <djm@openbsd.org> 8826Date: Tue Aug 20 11:10:04 2024 +0000 8827 8828 upstream: actually use the length parameter that was passed in rather 8829 8830 than a constant (this makes no difference in practice because the length is 8831 always the same); reported by martin AT nmkd.net 8832 8833 OpenBSD-Commit-ID: 4aecce232c2fe9b16e9217ff6bcb3c848d853e7e 8834 8835commit d922762ca16a7381131b242f49d7376c41fabcb5 8836Author: Damien Miller <djm@mindrot.org> 8837Date: Tue Aug 20 13:55:30 2024 +1000 8838 8839 private key coredump protection for Linux/FreeBSD 8840 8841 platforms not supporting coredump exclusion using mmap/madvise flags 8842 fall back to plain old malloc(3). 8843 8844commit cc048ca536d6bed6f2285b07040b0d57cd559ba5 8845Author: djm@openbsd.org <djm@openbsd.org> 8846Date: Tue Aug 20 03:48:30 2024 +0000 8847 8848 upstream: place shielded keys (i.e. keys at rest in RAM) into memory 8849 8850 allocated using mmap(3) with MAP_CONCEAL set. This prevents exposure of the 8851 key material in coredumps, etc (this is in addition to other measures we take 8852 in this area). 8853 8854 ok deraadt@ 8855 8856 OpenBSD-Commit-ID: cbbae59f337a00c9858d6358bc65f74e62261369 8857 8858commit a0b35c791cad1f85481b23ba46373060292e1c80 8859Author: djm@openbsd.org <djm@openbsd.org> 8860Date: Sat Aug 17 08:35:04 2024 +0000 8861 8862 upstream: mention that ed25519 is the default key type generated and 8863 8864 clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. 8865 Based on GHPR505 from SebastianRzk 8866 8867 OpenBSD-Commit-ID: 1d90df71636a04601685d2a10a8233bcc8d4f4c5 8868 8869commit 127a50f2c80572ed1a021feb11ecf941e92cbbef 8870Author: djm@openbsd.org <djm@openbsd.org> 8871Date: Sat Aug 17 08:23:04 2024 +0000 8872 8873 upstream: fix minor memory leak in Subsystem option parsing; from 8874 8875 Antonio Larrosa via GHPR515 8876 8877 OpenBSD-Commit-ID: fff3bbefd1b2c45c98cbe45c6b857b15d8a2d364 8878 8879commit 171427261d2079941eb1041079dbae875da37cbc 8880Author: djm@openbsd.org <djm@openbsd.org> 8881Date: Sat Aug 17 08:09:50 2024 +0000 8882 8883 upstream: fix swapping of source and destination addresses in some sshd 8884 8885 log messages 8886 8887 OpenBSD-Commit-ID: 24d4cbb86325275df1f037545aa3b91456e52d25 8888 8889commit 2a50a8f1fa57857a5e124a2280bcf61cc63c77f7 8890Author: Darren Tucker <dtucker@dtucker.net> 8891Date: Sat Aug 17 11:10:19 2024 +1000 8892 8893 Add compat functions for EVP_Digest{Sign,Verify}. 8894 8895 This should make LibreSSL 3.1.x through 3.3.x work again. Code from 8896 tb@, ok djm@. Restore the test configs covering those. 8897 8898commit 1c3a7145260e03037cc18715b883880836fd122d 8899Author: Philip Hands <phil@hands.com> 8900Date: Thu Aug 8 13:03:51 2024 +0200 8901 8902 make sure that usage & man page match 8903 8904 SSH-Copy-ID-Upstream: da5b1abe55b72a16e0430e7598e1573da01779c0 8905 8906commit cd0d681645b9adcf2467e7838bfd9d5142de4c4e 8907Author: Philip Hands <phil@hands.com> 8908Date: Thu Aug 8 13:01:47 2024 +0200 8909 8910 update copyright notices 8911 8912 Bump the year to 2024, but also reflect the fact that hands.com Ltd. has 8913 been wound up in the UK, and its assets (including this copyright) have 8914 now reverted to its owner, Philip Hands. 8915 8916 SSH-Copy-ID-Upstream: 0e4c4d072747a6568b11a790c29dd1b4ce663d7f 8917 8918commit 7fc9ccdce18841ebd0a97e31e43258512ab32a32 8919Author: Philip Hands <phil@hands.com> 8920Date: Sun Aug 4 20:45:00 2024 +0200 8921 8922 restore optionality of -i's argument 8923 8924 SSH-Copy-ID-Upstream: f70e3abb510e4eeb040b47894e41828246c1b720 8925 8926commit c37aa7012b1a3c2c322fd19e71310aadc90fc674 8927Author: Philip Hands <phil@hands.com> 8928Date: Fri Aug 2 15:52:07 2024 +0200 8929 8930 avoid exploring .ssh/id*.pub subdirectories 8931 8932 SSH-Copy-ID-Upstream: 0b9e08b7707ad16de3c8e6a0410d9f42fbd56997 8933 8934commit 777dce9e2e0d12f7e81e162f77749f30899869fe 8935Author: Philip Hands <phil@hands.com> 8936Date: Fri Aug 2 10:07:11 2024 +0200 8937 8938 ensure that we're always told the source of keys 8939 8940 SSH-Copy-ID-Upstream: 1bee96f4793e8ec3fab9f9361204ae58f5cc7cae 8941 8942commit fb94fd2339848e40cad6c9bb42b822244cc1a7bc 8943Author: Philip Hands <phil@hands.com> 8944Date: Wed Jul 31 23:19:51 2024 +0200 8945 8946 add $HOME to ERROR if one cannot write to ~/.ssh 8947 8948 SSH-Copy-ID-Upstream: ebef3e9c06e0447bff06e9d84b33023cf592e0ba 8949 8950commit eb5aafa1ffaeee75799141ec5ded406a65ec7d18 8951Author: Philip Hands <phil@hands.com> 8952Date: Wed Jul 31 23:19:03 2024 +0200 8953 8954 assert that SCRATCH_DIR is a writable directory 8955 8956 SSH-Copy-ID-Upstream: ecb2b9d10883b9a16df56c83896c9bb47a80cde2 8957 8958commit abcc460a2af46f0d812f8433d97a8eae1d80724c 8959Author: Philip Hands <phil@hands.com> 8960Date: Wed Jul 31 23:17:54 2024 +0200 8961 8962 quote to avoid potential for word splitting 8963 8964 SSH-Copy-ID-Upstream: f379adbe06ac2ef1daf0f130752234c7f8b97e3c 8965 8966commit b3f91411fd1473605f74c40c1a91a024c7171e27 8967Author: Philip Hands <phil@hands.com> 8968Date: Wed Jul 31 23:15:11 2024 +0200 8969 8970 ensure ERROR output goes to STDERR 8971 8972 SSH-Copy-ID-Upstream: ac394b05eead3b91feb7c2ae4129a3e9b892f1e2 8973 8974commit 674b8f30f0dbacd787eb1e4e7e1ece34b5543d8f 8975Author: Philip Hands <phil@hands.com> 8976Date: Thu Aug 1 14:03:06 2024 +0200 8977 8978 avoid extra space when no arg given to -i option 8979 8980 SSH-Copy-ID-Upstream: feca9e67e6e37c5653445d1c733569d7abb1770e 8981 8982commit 0efa0e1c41427c0c6ba839a18c72c1afcd7b7cc0 8983Author: Philip Hands <phil@hands.com> 8984Date: Wed Jul 31 23:28:36 2024 +0200 8985 8986 put the -i before -[pP] (matching man pages) 8987 8988 The man pages (ssh, sftp & ssh-copy-id) all list -i before the port 8989 setting, so make the output match that order, which also seems more 8990 natural with the port being next to the server. 8991 8992 SSH-Copy-ID-Upstream: 34d5d614172c78f9a42249466c4b81975b8883a1 8993 8994commit 87831345e9745f2d13bd7a4a7972809f6788f331 8995Author: Shreyas Mahangade <smahanga@redhat.com> 8996Date: Mon Jul 29 15:26:05 2024 +0000 8997 8998 Minor space issue fixed 8999 9000 SSH-Copy-ID-Upstream: 335e44d7be78b03962a54c3a5c99a2ff45294a54 9001 9002commit 2f3010f4736b4b3f5c10a4be97a24e90ff04c5e7 9003Author: Shreyas Mahangade <smahanga@redhat.com> 9004Date: Mon Jul 29 16:55:28 2024 +0530 9005 9006 Show identity file in 'ssh' command 9007 9008 - Previously no identity file is shown in "ssh" command output on the line "Now try logging into the..." 9009 - This commit makes sure whenever "ssh-copy-id" with "-i" is invoked, it also reflects in "ssh" command 9010 9011 SSH-Copy-ID-Upstream: 58e022ec26cb2315eb3be581d01e0ba787082428 9012 9013commit a13856374b894397a7682b32257ed0bf67cfede9 9014Author: Damien Miller <djm@mindrot.org> 9015Date: Fri Aug 16 08:30:20 2024 +1000 9016 9017 more OPENSSL_HAS_ECC 9018 9019commit 4da2a1a7f648979bea6eaf3b17f5f250faed4afc 9020Author: Damien Miller <djm@mindrot.org> 9021Date: Thu Aug 15 23:35:54 2024 +1000 9022 9023 fix merge botch that broke !OPENSSL_HAS_ECC 9024 9025commit 2c53d2f32b8e3992b61682c909ae5bc5122b6e5d 9026Author: Damien Miller <djm@mindrot.org> 9027Date: Thu Aug 15 15:09:45 2024 +1000 9028 9029 missed OPENSSL_HAS_ECC case 9030 9031commit 342dd7a219f39119b8b686b5aaa99c8e15ede368 9032Author: Damien Miller <djm@mindrot.org> 9033Date: Thu Aug 15 15:06:55 2024 +1000 9034 9035 retire testing aginst older LibreSSL versions 9036 9037 libressl prior to 3.4.x lack support for the EVP_DigestSign and 9038 EVP_DigestVerify APIs that we need now that sshkey is converted 9039 to EVP_PKEY. 9040 9041 If someone makes a good case for why we should support these versions 9042 then we could bring back support with wrappers. 9043 9044commit a7c6ea8eebe0f179141ec5dbf0c9e5354417930f 9045Author: Damien Miller <djm@mindrot.org> 9046Date: Thu Aug 15 12:44:17 2024 +1000 9047 9048 sync TEST_MALLOC_OPTIONS for OpenBSD 9049 9050commit 60c2cf22e8f64f35d8b1175e4671257313f2e4d3 9051Author: Damien Miller <djm@mindrot.org> 9052Date: Thu Aug 15 12:43:47 2024 +1000 9053 9054 remove gratuitious difference from OpenBSD 9055 9056commit 339c4fc60a6250429d41fa8713f783d82aad4551 9057Author: djm@openbsd.org <djm@openbsd.org> 9058Date: Thu Aug 15 00:52:23 2024 +0000 9059 9060 upstream: adapt to EVP_PKEY conversion 9061 9062 OpenBSD-Regress-ID: 0e2d4efb0ed0e392e23cd8fda183fe56531ac446 9063 9064commit 63a94f99b9d7c8a48182a40192e45879d1ba8791 9065Author: djm@openbsd.org <djm@openbsd.org> 9066Date: Fri Jul 19 04:33:36 2024 +0000 9067 9068 upstream: test transfers in mux proxy mode too 9069 9070 OpenBSD-Regress-ID: 2edfc980628cfef3550649cab8d69fa23b5cd6c4 9071 9072commit 7bdfc20516e288b58c8c847958059c7b141eeff9 9073Author: djm@openbsd.org <djm@openbsd.org> 9074Date: Thu Aug 15 00:51:51 2024 +0000 9075 9076 upstream: Convert RSA and ECDSA key to the libcrypto EVP_PKEY API. 9077 9078 DSA remains unconverted as it will be removed within six months. 9079 9080 Based on patches originally from Dmitry Belyavskiy, but significantly 9081 reworked based on feedback from Bob Beck, Joel Sing and especially 9082 Theo Buehler (apologies to anyone I've missed). 9083 9084 ok tb@ 9085 9086 OpenBSD-Commit-ID: d098744e89f1dc7e5952a6817bef234eced648b5 9087 9088commit 0af06e2c5b898992a18c74333e75a0136506acc6 9089Author: tobias@openbsd.org <tobias@openbsd.org> 9090Date: Wed Aug 14 15:42:18 2024 +0000 9091 9092 upstream: Reorder calloc arguments 9093 9094 The first argument should be the amount, the second argument should be the 9095 element size. Fixing this also silences some gcc compiler warnings for 9096 portable. 9097 9098 Spotted with Benny Baumann (BenBE at geshi dot org). 9099 9100 ok djm@ 9101 9102 OpenBSD-Commit-ID: 711ad6f7bd7fb48bf52208f2cf9f108cddb6d41a 9103 9104commit 56ce0aa3c6cf28d9fcbce3207457abeac91b5050 9105Author: tobias@openbsd.org <tobias@openbsd.org> 9106Date: Wed Aug 14 15:40:30 2024 +0000 9107 9108 upstream: Extend sshbuf validation 9109 9110 Multiple sshbuf structs can be linked through a parent/child relationship. 9111 Make sure that a single sshbuf cannot be its own parent. If this would ever 9112 happen, it would result in reference counting issues. 9113 9114 This is a cheap way of testing this with very little overhead. It does not 9115 detect A->B->A linkages though for performance reason and the fact that it 9116 takes a programming error for this to occur anyway. 9117 9118 Authored with Benny Baumann (BenBE at geshi dot org). 9119 9120 ok djm@ 9121 9122 OpenBSD-Commit-ID: fb3fa9ee2cad3c7e842ebadfd7f5db220c4aaf16 9123 9124commit fc48ddf6998188517af42dce807e2088b6a0c0be 9125Author: tobias@openbsd.org <tobias@openbsd.org> 9126Date: Wed Aug 14 15:37:11 2024 +0000 9127 9128 upstream: Use freezero for better readability 9129 9130 It has the same meaning as the current pair of calling explicit_bzero 9131 and free. Spotted with Benny Baumann (BenBE at geshi dot org). 9132 9133 ok djm@ 9134 9135 OpenBSD-Commit-ID: 939fbe9ccf52d0d48c5fa53694d6f3bb9927970c 9136 9137commit 1ff6907ec26dac6ac59fe9fe232899a63b4c14d8 9138Author: tobias@openbsd.org <tobias@openbsd.org> 9139Date: Wed Aug 14 15:35:23 2024 +0000 9140 9141 upstream: Fix typo in comment 9142 9143 Spotted with Benny Baumann (BenBE at geshi dot org). 9144 9145 ok djm@ 9146 9147 OpenBSD-Commit-ID: 829160ac8ef3ad3409695ce3a3ade835061cae57 9148 9149commit 487faaed8f3bb9ffb19e8f807a3da72895b16421 9150Author: dlg@openbsd.org <dlg@openbsd.org> 9151Date: Wed Jul 31 12:00:18 2024 +0000 9152 9153 upstream: add a random amount of time (up to 4 seconds) to the 9154 9155 grace login time. 9156 9157 ok deraadt@ djm@ 9158 9159 OpenBSD-Commit-ID: abd3c57aaa5861517529b322df79b6be35ee67f4 9160 9161commit 2865f5b7520bed3e74fbbb5f8d7a44193d7a4314 9162Author: naddy@openbsd.org <naddy@openbsd.org> 9163Date: Fri Jul 26 15:24:49 2024 +0000 9164 9165 upstream: document the reduced logingrace penalty 9166 9167 OpenBSD-Commit-ID: 9b63e0e3599d524ddc10edc4f978081382c3548b 9168 9169commit 1ec0a64c5dc57b8a2053a93b5ef0d02ff8598e5c 9170Author: Darren Tucker <dtucker@dtucker.net> 9171Date: Sun Jul 28 21:26:51 2024 +1000 9172 9173 Explicitly install libssl-devel cygwin. 9174 9175 Should fix CI tests for cygwin default config. 9176 9177commit 0bf6e5bb750b66b25c20a1c5a471f91850de3748 9178Author: djm@openbsd.org <djm@openbsd.org> 9179Date: Thu Jul 25 23:44:01 2024 +0000 9180 9181 upstream: reduce logingrace penalty. 9182 9183 A single forgotton login that times out should be below the penalty 9184 threshold. 9185 9186 ok deraadt/claudio 9187 9188 OpenBSD-Commit-ID: cee1f7d17597c97bff8e5092af5d136fdb08f81d 9189 9190commit 29fb6f6d46b67770084b4f12bcf8a01bd535041b 9191Author: djm@openbsd.org <djm@openbsd.org> 9192Date: Thu Jul 25 22:40:08 2024 +0000 9193 9194 upstream: Fix proxy multiplexing (-O proxy) bug 9195 9196 If a mux started with ControlPersist then later has a forwarding added using 9197 mux proxy connection and the forwarding was used, then when the mux proxy 9198 session terminates, the mux master process will send a channel close to the 9199 server with a bad channel ID and crash the connection. 9200 9201 This was caused by my stupidly reusing c->remote_id for mux channel 9202 associations when I should have just added another member to struct channel. 9203 9204 ok markus@ 9205 9206 OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2 9207 9208commit 53d1d307438517805989c7d5616d752739a97e03 9209Author: djm@openbsd.org <djm@openbsd.org> 9210Date: Thu Jul 18 01:47:27 2024 +0000 9211 9212 upstream: mention mux proxy mode 9213 9214 OpenBSD-Commit-ID: fd77a77779f06d316a314e4540dc57c93fc3369a 9215 9216commit a9b90859d252c2f5a24142f985d38610ac74685f 9217Author: jsg@openbsd.org <jsg@openbsd.org> 9218Date: Sun Jul 14 10:19:23 2024 +0000 9219 9220 upstream: fix double word; ok dtucker@ 9221 9222 OpenBSD-Commit-ID: e6aff005914fa350b896d2be030be3d3b56ec0e8 9223 9224commit b05fda224bbcd2f641254534ed2175c42487f3c8 9225Author: Darren Tucker <dtucker@dtucker.net> 9226Date: Thu Jul 25 17:59:35 2024 +1000 9227 9228 Check for SA_RESTART before using it. 9229 9230 ok djm@ 9231 9232commit c276672fc0e99f0c4389988d54a84c203ce325b6 9233Author: Yuichiro Naito <naito.yuichiro@gmail.com> 9234Date: Wed Sep 1 10:19:32 2021 +0900 9235 9236 Class-imposed login restrictions 9237 9238 If the following functions are available, 9239 add an additional check if users are allowed to login imposed by login class. 9240 9241 * auth_hostok(3) 9242 * auth_timeok(3) 9243 9244 These functions are implemented on FreeBSD. 9245 9246commit 7717b9e9155209916cc6b4b4b54f4e8fa578e889 9247Author: djm@openbsd.org <djm@openbsd.org> 9248Date: Wed Jul 10 21:58:34 2024 +0000 9249 9250 upstream: correct keyword; from Yatao Su via GHPR509 9251 9252 OpenBSD-Commit-ID: 81c778c76dea7ef407603caa157eb0c381c52ad2 9253 9254commit f2b78bb8f149d6b4d1f62c21aa1f06995dccf4ce 9255Author: djm@openbsd.org <djm@openbsd.org> 9256Date: Mon Jul 8 03:04:34 2024 +0000 9257 9258 upstream: don't need return at end of void function 9259 9260 OpenBSD-Commit-ID: 42d322d37f13aa075ae7b1ad9eef591e20b89717 9261 9262commit a395d37a813c0177cb5bfc4bebf5a52badb73cf0 9263Author: djm@openbsd.org <djm@openbsd.org> 9264Date: Thu Jul 4 22:53:59 2024 +0000 9265 9266 upstream: fix grammar: "a pattern lists" -> "one or more pattern 9267 9268 lists" 9269 9270 OpenBSD-Commit-ID: f3c844763398faa9800687e8ff6621225498202a 9271 9272commit 8b664df75966e5aed8dabea00b8838303d3488b8 9273Author: Darren Tucker <dtucker@dtucker.net> 9274Date: Sun Jul 7 18:46:19 2024 +1000 9275 9276 Cast to sockaddr * in systemd interface. 9277 9278 Fixes build with musl libx. bz#3707. 9279 9280commit 30c8c81da2169e78357d08dbb0ddd823b60e93bc 9281Author: Darren Tucker <dtucker@dtucker.net> 9282Date: Thu Jul 4 20:12:26 2024 +1000 9283 9284 Add 9.8 branch to ci-status page. 9285 9286commit ee6b9e661633fcefd29dba0c811cecbc4d027f6f 9287Author: Samuel Thibault <samuel.thibault@ens-lyon.org> 9288Date: Tue Mar 26 22:15:08 2024 +0100 9289 9290 Fix detection of setres*id on GNU/Hurd 9291 9292 Like Linux, proper _SOURCE macros need to be set to get declarations of 9293 various standard functions, notably setres*id. Now that Debian is using 9294 -Werror=implicit-function-declaration this is really required. While at 9295 it, define other _SOURCE macros like on GNU/Linux, since GNU/Hurd uses 9296 the same glibc. 9297 9298commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 9299Author: Damien Miller <djm@mindrot.org> 9300Date: Mon Jul 1 14:33:26 2024 +1000 9301 9302 version numbers 9303 9304commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f 9305Author: djm@openbsd.org <djm@openbsd.org> 9306Date: Mon Jul 1 04:31:59 2024 +0000 9307 9308 upstream: openssh-9.8 9309 9310 OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 9311 9312commit 146c420d29d055cc75c8606327a1cf8439fe3a08 9313Author: djm@openbsd.org <djm@openbsd.org> 9314Date: Mon Jul 1 04:31:17 2024 +0000 9315 9316 upstream: when sending ObscureKeystrokeTiming chaff packets, we 9317 9318 can't rely on channel_did_enqueue to tell that there is data to send. This 9319 flag indicates that the channels code enqueued a packet on _this_ ppoll() 9320 iteration, not that data was enqueued in _any_ ppoll() iteration in the 9321 timeslice. ok markus@ 9322 9323 OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 9324 9325commit 637e4dfea4ed81264e264b6200172ce319c64ead 9326Author: djm@openbsd.org <djm@openbsd.org> 9327Date: Mon Jul 1 03:10:19 2024 +0000 9328 9329 upstream: use "lcd" to change directory before "lls" rather then "cd", 9330 9331 since the directory we're trying to list is local. Spotted by Corinna 9332 Vinschen 9333 9334 OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 9335 9336commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 9337Author: djm@openbsd.org <djm@openbsd.org> 9338Date: Thu Jun 27 23:01:15 2024 +0000 9339 9340 upstream: delete obsolete comment 9341 9342 OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 9343 9344commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d 9345Author: djm@openbsd.org <djm@openbsd.org> 9346Date: Thu Jun 27 22:36:44 2024 +0000 9347 9348 upstream: retire unused API 9349 9350 OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b 9351 9352commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 9353Author: jmc@openbsd.org <jmc@openbsd.org> 9354Date: Thu Jun 27 21:02:16 2024 +0000 9355 9356 upstream: ssl(8) no longer contains a HISTORY section; 9357 9358 OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 9359 9360commit 12b6cc09ce6c430681f03af2a8069e37a664690b 9361Author: djm@openbsd.org <djm@openbsd.org> 9362Date: Wed Jun 26 23:47:46 2024 +0000 9363 9364 upstream: move child process waitpid() loop out of SIGCHLD handler; 9365 9366 ok deraadt 9367 9368 OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 9369 9370commit d6bcd13297c2ab8b528df5a6898f994734849031 9371Author: deraadt@openbsd.org <deraadt@openbsd.org> 9372Date: Wed Jun 26 23:16:52 2024 +0000 9373 9374 upstream: Instead of using possibly complex ssh_signal(), write all 9375 9376 the parts of the grace_alarm_handler() using the exact things allowed by the 9377 signal-safe rules. This is a good rule of thumb: Handlers should be written 9378 to either set a global volatile sig_atomic_t inspected from outside, and/or 9379 directly perform only safe operations listed in our sigaction(2) manual page. 9380 ok djm markus 9381 9382 OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd 9383 9384commit b8793e2b0851f7d71b97554fa5260b23796d6277 9385Author: deraadt@openbsd.org <deraadt@openbsd.org> 9386Date: Wed Jun 26 23:14:14 2024 +0000 9387 9388 upstream: save_errno wrappers inside two small signal handlers that 9389 9390 perform system calls, for systems with libc that do perform libc sigtramps. 9391 ok djm markus 9392 9393 OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 9394 9395commit f23e9332c4c8df37465c4a4f38275ea98980ed7e 9396Author: jmc@openbsd.org <jmc@openbsd.org> 9397Date: Mon Jun 24 06:59:39 2024 +0000 9398 9399 upstream: - uppercase start of sentence - correct sentence grammar 9400 9401 ok djm 9402 9403 OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 9404 9405commit 1839e3eb71a759aa795602c1e4196300f4ac2615 9406Author: djm@openbsd.org <djm@openbsd.org> 9407Date: Mon Jun 24 04:05:11 2024 +0000 9408 9409 upstream: mention SshdSessionPath option 9410 9411 OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c 9412 9413commit 603193e32aef5db7d60c58066d5de89806e79312 9414Author: Darren Tucker <dtucker@dtucker.net> 9415Date: Thu Jun 20 18:45:14 2024 +1000 9416 9417 Rerun upstream tests on .sh file changes too. 9418 9419commit dbbf9337c19381786a8e5a8a49152fe6b80c780d 9420Author: dtucker@openbsd.org <dtucker@openbsd.org> 9421Date: Thu Jun 20 08:23:18 2024 +0000 9422 9423 upstream: Work around dbclient cipher/mac query bug. 9424 9425 Unlike earlier versions, recent Dropbear (at least v2024.85) requires 9426 a host arg when querying supported ciphers and macs via "-c/-m 9427 help". Earlier versions accept but do not require it, so always 9428 provide it. If these queries fail, skip the test with a warning. 9429 9430 OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 9431 9432commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc 9433Author: dtucker@openbsd.org <dtucker@openbsd.org> 9434Date: Thu Jun 20 08:18:34 2024 +0000 9435 9436 upstream: Remove dropbear key types not supported 9437 9438 by current OpenSSH. Allows subsequent test runs to work if OpenSSH is 9439 rebuilt w/out OpenSSL. 9440 9441 OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 9442 9443commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 9444Author: djm@openbsd.org <djm@openbsd.org> 9445Date: Thu Jun 20 00:18:05 2024 +0000 9446 9447 upstream: stricter check for overfull tables in penalty record path 9448 9449 OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 9450 9451commit d9336d344eb2a1e898c5e66147b3f108c7214694 9452Author: djm@openbsd.org <djm@openbsd.org> 9453Date: Wed Jun 19 23:24:47 2024 +0000 9454 9455 upstream: put back reaping of preauth child process when writes 9456 9457 from the monitor fail. Not sure how this got lost in the avalanche of 9458 patches. 9459 9460 OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 9461 9462commit 579d9adb70ec0206a788eb5c63804c31a67e9310 9463Author: naddy@openbsd.org <naddy@openbsd.org> 9464Date: Mon Jun 17 13:50:18 2024 +0000 9465 9466 upstream: remove one more mention of DSA 9467 9468 OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca 9469 9470commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 9471Author: Darren Tucker <dtucker@dtucker.net> 9472Date: Wed Jun 19 23:09:05 2024 +1000 9473 9474 Move -f to the place needed to restart sshd. 9475 9476commit d5f83cfd852b14a25f347f082ab539a9454702ad 9477Author: Darren Tucker <dtucker@dtucker.net> 9478Date: Wed Jun 19 21:04:01 2024 +1000 9479 9480 Need to supply "-f" to restart sshd. 9481 9482commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 9483Author: dtucker@openbsd.org <dtucker@openbsd.org> 9484Date: Wed Jun 19 10:15:51 2024 +0000 9485 9486 upstream: Provide defaults for ciphers and macs 9487 9488 if querying for them fails since on some versions of Dropbear (at least 9489 v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey 9490 algorithms in the server. 9491 9492 OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca 9493 9494commit 5521060e35ada9f957cecdddc06d0524e75409ef 9495Author: dtucker@openbsd.org <dtucker@openbsd.org> 9496Date: Wed Jun 19 10:10:46 2024 +0000 9497 9498 upstream: Use ed25519 keys for kex tests 9499 9500 since that's supported by OpenSSH even when built without OpenSSL. 9501 Only test diffie-hellman kex if OpenSSH is compiled with support for it. 9502 9503 OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 9504 9505commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd 9506Author: dtucker@openbsd.org <dtucker@openbsd.org> 9507Date: Wed Jun 19 10:08:34 2024 +0000 9508 9509 upstream: Rework dropbear key setup 9510 9511 to always generate ed25519 keys, other types only if OpenSSH has support 9512 for the corresponding key type. 9513 9514 OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d 9515 9516commit d6218504e11ae9148adf410fc69b0710a052be36 9517Author: Darren Tucker <dtucker@dtucker.net> 9518Date: Wed Jun 19 20:20:24 2024 +1000 9519 9520 Restart sshd after installing it for testing. 9521 9522 When installing an sshd built without OpenSSL the mismatch between 9523 the running sshd and newly installed sshd-session will cause the 9524 remainder of the test to fail. 9525 9526commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 9527Author: Darren Tucker <dtucker@dtucker.net> 9528Date: Tue Jun 18 19:59:59 2024 +1000 9529 9530 Remove macos-11 runner. 9531 9532 Github is retiring them soon. 9533 9534commit df1c72a55edbebac14363b57de66ac6a147ecc67 9535Author: Damien Miller <djm@mindrot.org> 9536Date: Wed Jun 19 09:34:34 2024 +1000 9537 9538 PAMServiceName may appear in a Match block 9539 9540commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 9541Author: dtucker@openbsd.org <dtucker@openbsd.org> 9542Date: Tue Jun 18 08:11:48 2024 +0000 9543 9544 upstream: Re-enable ssh-dss tests 9545 9546 ... if ssh is compiled with DSA support 9547 9548 OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d 9549 9550commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 9551Author: anton@openbsd.org <anton@openbsd.org> 9552Date: Tue Jun 18 06:14:27 2024 +0000 9553 9554 upstream: Stop using DSA in dropbear interop tests. 9555 9556 OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf 9557 9558commit 761438012710169445acc179e3870c53c862bda0 9559Author: Damien Miller <djm@mindrot.org> 9560Date: Tue Jun 18 12:29:45 2024 +1000 9561 9562 missed a bit of DSA in the fuzzer 9563 9564commit 3f9cc47da588e8de520720e59f98438043fdaf93 9565Author: Damien Miller <djm@mindrot.org> 9566Date: Tue Jun 18 09:35:53 2024 +1000 9567 9568 DSA support is disabled, so remove from fuzzers 9569 9570commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 9571Author: djm@openbsd.org <djm@openbsd.org> 9572Date: Mon Jun 17 08:30:29 2024 +0000 9573 9574 upstream: disable the DSA signature algorithm by default; ok 9575 9576 markus@ 9577 9578 (yes, I know this expands to "the Digitial Signature Algorithm 9579 signature algorithm) 9580 9581 OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed 9582 9583commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 9584Author: djm@openbsd.org <djm@openbsd.org> 9585Date: Mon Jun 17 08:28:31 2024 +0000 9586 9587 upstream: promote connection-closed messages from verbose to info 9588 9589 log level; they could be the only record of the connection terminating if the 9590 client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ 9591 9592 OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c 9593 9594commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 9595Author: Damien Miller <djm@mindrot.org> 9596Date: Mon Jun 17 17:02:18 2024 +1000 9597 9598 propagate PAM crashes to PerSourcePenalties 9599 9600 If the PAM subprocess crashes, exit with a crash status that will be 9601 picked up by the sshd(8) listener process where it can be used by 9602 PerSourcePenalties to block the client. This is similar handling to 9603 the privsep preauth process. 9604 9605commit 1c207f456ace38987deda047758d13fbf857f948 9606Author: Damien Miller <djm@mindrot.org> 9607Date: Mon Jun 17 15:06:01 2024 +1000 9608 9609 minix doesn't have loopback, so skip penalty tests 9610 9611 pointed out by dtucker@ 9612 9613commit 48443d202eaec52d4d39defdd709a4499a7140c6 9614Author: djm@openbsd.org <djm@openbsd.org> 9615Date: Sun Jun 16 11:54:49 2024 +0000 9616 9617 upstream: same treatment for this test 9618 9619 OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 9620 9621commit 45562a95ea11d328c22d97bf39401cd29684fb1f 9622Author: djm@openbsd.org <djm@openbsd.org> 9623Date: Sun Jun 16 08:18:06 2024 +0000 9624 9625 upstream: penalty test is still a bit racy 9626 9627 OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 9628 9629commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca 9630Author: djm@openbsd.org <djm@openbsd.org> 9631Date: Sat Jun 15 03:59:10 2024 +0000 9632 9633 upstream: crank up penalty timeouts so this should work on even the 9634 9635 slowest of test builders 9636 9637 OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 9638 9639commit 93c75471a1202ab3e29db6938648d4e2602c0475 9640Author: jmc@openbsd.org <jmc@openbsd.org> 9641Date: Fri Jun 14 05:20:34 2024 +0000 9642 9643 upstream: sort -q in the options list; 9644 9645 OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c 9646 9647commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb 9648Author: djm@openbsd.org <djm@openbsd.org> 9649Date: Fri Jun 14 05:01:22 2024 +0000 9650 9651 upstream: clarify KEXAlgorithms supported vs available. Inspired by 9652 9653 bz3701 from Colin Watson. 9654 9655 OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 9656 9657commit d172ad56df85b68316dbadbedad16761a1265874 9658Author: djm@openbsd.org <djm@openbsd.org> 9659Date: Fri Jun 14 05:00:42 2024 +0000 9660 9661 upstream: ssh-keyscan -q man bits 9662 9663 OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 9664 9665commit 092e4ff9ccaacbe035f286feb1b56ed499604743 9666Author: Damien Miller <djm@mindrot.org> 9667Date: Fri Jun 14 14:46:35 2024 +1000 9668 9669 skip penalty-expire test in valgrind test env 9670 9671commit 2866ad08a9c50d7b67ce9424ca990532b806a21a 9672Author: djm@openbsd.org <djm@openbsd.org> 9673Date: Fri Jun 14 04:43:11 2024 +0000 9674 9675 upstream: split the PerSourcePenalties test in two: one tests penalty 9676 9677 enforcement but not penalty expiry, the other tests penalty expiry. 9678 9679 This lets us disable the expiry testing in certain CI test environments. 9680 9681 OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791 9682 9683commit b2c64bc170d75823622a37cab3ca1804ca87ad16 9684Author: Damien Miller <djm@mindrot.org> 9685Date: Fri Jun 14 14:19:23 2024 +1000 9686 9687 add a sshd_config PamServiceName option 9688 9689 Allows selecting which PAM service name to use when UsePAM is 9690 enabled. Defaults to "sshd" unless overridden at compile time 9691 by defining SSHD_PAM_SERVICE. 9692 9693 bz2102, ok dtucker@ 9694 9695commit 9f032a4dd17bf0ae6066223d82aa5e784285d987 9696Author: djm@openbsd.org <djm@openbsd.org> 9697Date: Fri Jun 14 00:26:12 2024 +0000 9698 9699 upstream: don't redirect stderr for ssh-keyscan we expect to succeed 9700 9701 OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c 9702 9703commit 1e84d0cf40e94ae3a77d6a7ca8c036d8e3d55a40 9704Author: djm@openbsd.org <djm@openbsd.org> 9705Date: Fri Jun 14 00:25:25 2024 +0000 9706 9707 upstream: make host/banner comments go to stderr instead of stdout, 9708 9709 so they are useful as comments without extra shell redirection and so they 9710 don't clutter actual errors on stderr. 9711 9712 Add a -q flag to shut them up. 9713 9714 ok dtucker@ 9715 9716 OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264 9717 9718commit 3e806d011855d6bd648ec95b9df630ebbd11c3bf 9719Author: naddy@openbsd.org <naddy@openbsd.org> 9720Date: Thu Jun 13 15:06:33 2024 +0000 9721 9722 upstream: separate keywords with comma 9723 9724 OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5 9725 9726commit abfd1f7a3cbd0a92581a0febba254b2f6649c0d9 9727Author: djm@openbsd.org <djm@openbsd.org> 9728Date: Fri Jun 14 00:23:55 2024 +0000 9729 9730 upstream: specify an algorithm for ssh-keyscan, otherwise it will make 9731 9732 multiple attempts simultaneously and confuse the test 9733 9734 OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9 9735 9736commit a8fbe2f7d0d96d299ee8e69769e3b51067978748 9737Author: Damien Miller <djm@mindrot.org> 9738Date: Thu Jun 13 16:41:29 2024 +1000 9739 9740 sshd: don't use argv[0] as PAM service name 9741 9742 sshd would implicitly use argv[0] as the PAM service name to 9743 allow people to select different PAM service names by making 9744 differently-named copies/links to the sshd binary. 9745 9746 Splitting sshd into sshd/sshd-session broke this, as the process 9747 that starts PAM is always sshd-session and the user has no control 9748 over this. 9749 9750 Hardcode "sshd" as the default PAM service name unless/until we 9751 figure out a better way. Should unbreak OSX integration tests. 9752 9753commit bf204bd05c3ae650f87e2b96527688579f59774c 9754Author: Damien Miller <djm@mindrot.org> 9755Date: Thu Jun 13 15:00:28 2024 +1000 9756 9757 prepare for checking in autogenerated files 9758 9759 We plan to check in automatically generated files (config.h.in, etc) on 9760 release branches. These files are normally ignored by .gitignore, but 9761 this shuffles the contents of this file to make it easy to un-ignore 9762 them. 9763 9764commit 425f79a837489904c343b349ef00e09aeaa4e752 9765Author: Damien Miller <djm@mindrot.org> 9766Date: Thu Jun 13 14:41:33 2024 +1000 9767 9768 typo in comment 9769 9770commit afe10313c1fa8d478af399ee7d54c8f85503013b 9771Author: Damien Miller <djm@mindrot.org> 9772Date: Thu Jun 13 14:35:25 2024 +1000 9773 9774 fix PTY allocation on Cygwin, broken by sshd split 9775 9776 Cygwin doesn't support FD passing and so used to disable post-auth 9777 privilege separation entirely because privsep requires PTY allocation 9778 to happen in the privileged monitor process with the PTY file 9779 descriptors being passed back to the unprivileged process. 9780 9781 This brings back a minimal version of the previous special treatment 9782 for Cygwin (and any other platform that sets DISABLE_FD_PASSING): 9783 privilege separation remains enabled, but PTY allocation happens in 9784 the post-auth user process rather than the monitor. 9785 9786 This either requires PTY allocation to not need privilege to begin 9787 with (this appears to be the case on Cygwin), or the post-auth 9788 privsep process retain privilege (other platforms that set the 9789 DISABLE_FD_PASSING option). 9790 9791 Keeping privileges here is bad, but the non-Cygwin systems that set 9792 DISABLE_FD_PASSING are so deeply legacy that this is likely to be the 9793 least of their problems. 9794 9795commit f66d4df5749551380a8c4ae642347675a0b6a2e9 9796Author: Damien Miller <djm@mindrot.org> 9797Date: Thu Jun 13 11:33:09 2024 +1000 9798 9799 delay lookup of privsep user until config loaded 9800 9801 sshd-session attempting to use options.kerberos_authentication to 9802 decide whether it needed to lookup the privsep user before the 9803 configuration was loaded. This caused it to get a placeholder value 9804 that caused it always to try to lookup the privsep user, breaking at 9805 least one test environment. 9806 9807commit f1c42858b94f5d9b58867b34dce3afb39c6b56a8 9808Author: Damien Miller <djm@mindrot.org> 9809Date: Thu Jun 13 11:16:57 2024 +1000 9810 9811 missing file for PerSourcePenalties regress test 9812 9813commit 4de80ff4e6fab5a6bb0028e7d57c6c23d1485adb 9814Author: djm@openbsd.org <djm@openbsd.org> 9815Date: Wed Jun 12 22:36:00 2024 +0000 9816 9817 upstream: split PerSourcePenalties address tracking. Previously it 9818 9819 used one shared table and overflow policy for IPv4 and IPv6 addresses, now it 9820 will use separate tables and optionally different overflow policies. 9821 9822 This prevents misbehaviour from IPv6 addresses (which are vastly easier 9823 to obtain many of) from affecting IPv4 connections and may allow for 9824 stricter overflow policies. 9825 9826 ok deraadt@ 9827 9828 OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9 9829 9830commit 06ab4c6931b0aaa4334db2faaa7e1069e76d0df6 9831Author: jmc@openbsd.org <jmc@openbsd.org> 9832Date: Tue Jun 11 05:24:39 2024 +0000 9833 9834 upstream: do not mark up "(default: 20ms)"; 9835 9836 OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4 9837 9838commit cfe243cd9fde148ed060637876e27bb55ac78be9 9839Author: djm@openbsd.org <djm@openbsd.org> 9840Date: Tue Jun 11 02:54:51 2024 +0000 9841 9842 upstream: reap preauth net child if it hangs up during privsep message 9843 9844 send, not just message receive 9845 9846 OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0 9847 9848commit b0a711c00b9c64afd1c9d6fb538275c6604a2676 9849Author: djm@openbsd.org <djm@openbsd.org> 9850Date: Tue Jun 11 01:58:27 2024 +0000 9851 9852 upstream: fix PIDFILE handling, broken for SUDO=doas in last commit 9853 9854 here 9855 9856 OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625 9857 9858commit 90fb801e2d9241be50a2a7ff79428386442a041f 9859Author: djm@openbsd.org <djm@openbsd.org> 9860Date: Tue Jun 11 02:00:30 2024 +0000 9861 9862 upstream: reap the pre-auth [net] child if it hangs up during privsep 9863 9864 message sending, not just receiving 9865 9866 OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb 9867 9868commit ef878d58798f6688c7f4d4e417dc0c29023ea831 9869Author: djm@openbsd.org <djm@openbsd.org> 9870Date: Tue Jun 11 01:23:25 2024 +0000 9871 9872 upstream: a little more RB_TREE paranoia 9873 9874 OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156 9875 9876commit fc4e96b2174d6a894d2033421699d091679baced 9877Author: djm@openbsd.org <djm@openbsd.org> 9878Date: Tue Jun 11 01:22:25 2024 +0000 9879 9880 upstream: fix off-by-one comparison for PerSourcePenalty 9881 9882 OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b 9883 9884commit 82c836df4ff41145553cd7adb11c5b985aeaa06f 9885Author: djm@openbsd.org <djm@openbsd.org> 9886Date: Tue Jun 11 01:21:41 2024 +0000 9887 9888 upstream: move tree init before possible early return 9889 9890 OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df 9891 9892commit a2300f015cc4939c4d9c564b58b74e71202dc978 9893Author: djm@openbsd.org <djm@openbsd.org> 9894Date: Tue Jun 11 01:07:35 2024 +0000 9895 9896 upstream: update to mention that PerSourcePenalties default to 9897 9898 being enabled and document the default values for each parameter. 9899 9900 OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034 9901 9902commit 41987efd356d3fc30139aeab4b09374acf8f91a0 9903Author: djm@openbsd.org <djm@openbsd.org> 9904Date: Tue Jun 11 00:44:52 2024 +0000 9905 9906 upstream: reap the [net] child if it hangs up while writing privsep 9907 9908 message payloads, not just the message header 9909 9910 OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce 9911 9912commit 6211aa085fa91155a24922e5329576ac9a8f3175 9913Author: djm@openbsd.org <djm@openbsd.org> 9914Date: Tue Jun 11 00:40:21 2024 +0000 9915 9916 upstream: log waitpid() status for abnormal exits 9917 9918 OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d 9919 9920commit a59634c7adb9ae988748d99963dfafb3070d8d41 9921Author: djm@openbsd.org <djm@openbsd.org> 9922Date: Tue Jun 11 00:36:20 2024 +0000 9923 9924 upstream: correct error message 9925 9926 OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed 9927 9928commit fa7d7a667f2ee031e72873e36de2d2a36bca973b 9929Author: deraadt@openbsd.org <deraadt@openbsd.org> 9930Date: Fri Jun 7 13:23:30 2024 +0000 9931 9932 upstream: avoid shadowing issues which some compilers won't accept 9933 9934 ok djm 9935 9936 OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4 9937 9938commit 3ad4cd9eeca5c9bc6706db44b6de88e2e4513fd6 9939Author: jmc@openbsd.org <jmc@openbsd.org> 9940Date: Thu Jun 6 21:14:49 2024 +0000 9941 9942 upstream: escape the final dot at eol in "e.g." to avoid double 9943 9944 spacing; 9945 9946 OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9 9947 9948commit 0e0c69761a4c33ccd4a256560f522784a753d1a8 9949Author: djm@openbsd.org <djm@openbsd.org> 9950Date: Thu Jun 6 20:25:48 2024 +0000 9951 9952 upstream: enable PerSourcePenalties by default. 9953 9954 ok markus 9955 9956 NB. if you run a sshd that accepts connections from behind large NAT 9957 blocks, proxies or anything else that aggregates many possible users 9958 behind few IP addresses, then this change may cause legitimate traffic 9959 to be denied. 9960 9961 Please read the PerSourcePenalties, PerSourcePenaltyExemptList and 9962 PerSourceNetBlockSize options in sshd_config(5) for how to tune your 9963 sshd(8) for your specific circumstances. 9964 9965 OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce 9966 9967commit bd1f74741daabeaf20939a85cd8cec08c76d0bec 9968Author: djm@openbsd.org <djm@openbsd.org> 9969Date: Thu Jun 6 20:20:42 2024 +0000 9970 9971 upstream: mention that PerSourcePenalties don't affect concurrent 9972 9973 in-progress connections. 9974 9975 OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c 9976 9977commit 9774b938578327d88a651f4c63c504809717590a 9978Author: djm@openbsd.org <djm@openbsd.org> 9979Date: Thu Jun 6 19:49:25 2024 +0000 9980 9981 upstream: regress test for PerSourcePenalties 9982 9983 OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1 9984 9985commit b8ebd86cefe9812204a10c028dc90de29918667d 9986Author: djm@openbsd.org <djm@openbsd.org> 9987Date: Thu Jun 6 19:48:40 2024 +0000 9988 9989 upstream: make sure logs are saved from sshd run via start_sshd 9990 9991 OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a 9992 9993commit d7b2070bdaa4ebbfafb9975c1d5a62b73289d31f 9994Author: djm@openbsd.org <djm@openbsd.org> 9995Date: Thu Jun 6 19:47:48 2024 +0000 9996 9997 upstream: simplify 9998 9999 OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c 10000 10001commit e6ea3d224513b6bfb93818809d4c7397f5995ba2 10002Author: djm@openbsd.org <djm@openbsd.org> 10003Date: Thu Jun 6 18:48:13 2024 +0000 10004 10005 upstream: prepare for PerSourcePenalties being enabled by default 10006 10007 in future 10008 10009 OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7 10010 10011commit c0cb3b8c837761816a60a3cdb54062668df09652 10012Author: djm@openbsd.org <djm@openbsd.org> 10013Date: Thu Jun 6 19:50:01 2024 +0000 10014 10015 upstream: disable stderr redirection before closing fds 10016 10017 OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a 10018 10019commit 81c1099d22b81ebfd20a334ce986c4f753b0db29 10020Author: djm@openbsd.org <djm@openbsd.org> 10021Date: Thu Jun 6 17:15:25 2024 +0000 10022 10023 upstream: Add a facility to sshd(8) to penalise particular 10024 10025 problematic client behaviours, controlled by two new sshd_config(5) options: 10026 PerSourcePenalties and PerSourcePenaltyExemptList. 10027 10028 When PerSourcePenalties are enabled, sshd(8) will monitor the exit 10029 status of its child pre-auth session processes. Through the exit 10030 status, it can observe situations where the session did not 10031 authenticate as expected. These conditions include when the client 10032 repeatedly attempted authentication unsucessfully (possibly indicating 10033 an attack against one or more accounts, e.g. password guessing), or 10034 when client behaviour caused sshd to crash (possibly indicating 10035 attempts to exploit sshd). 10036 10037 When such a condition is observed, sshd will record a penalty of some 10038 duration (e.g. 30 seconds) against the client's address. If this time 10039 is above a minimum threshold specified by the PerSourcePenalties, then 10040 connections from the client address will be refused (along with any 10041 others in the same PerSourceNetBlockSize CIDR range). 10042 10043 Repeated offenses by the same client address will accrue greater 10044 penalties, up to a configurable maximum. A PerSourcePenaltyExemptList 10045 option allows certain address ranges to be exempt from all penalties. 10046 10047 We hope these options will make it significantly more difficult for 10048 attackers to find accounts with weak/guessable passwords or exploit 10049 bugs in sshd(8) itself. 10050 10051 PerSourcePenalties is off by default, but we expect to enable it 10052 automatically in the near future. 10053 10054 much feedback markus@ and others, ok markus@ 10055 10056 OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca 10057 10058commit 916b0b6174e203cf2c5ec9bcf409472eb7ffbf43 10059Author: Damien Miller <djm@mindrot.org> 10060Date: Fri Jun 7 03:31:02 2024 +1000 10061 10062 whitespace 10063 10064commit 49b55e44182b8294419aa580cbf043d5b9e3d953 10065Author: deraadt@openbsd.org <deraadt@openbsd.org> 10066Date: Tue Jun 4 15:14:45 2024 +0000 10067 10068 upstream: enable -fret-clean on amd64, for libc libcrypto ld.so 10069 10070 kernel, and all the ssh tools. The dynamic objects are entirely ret-clean, 10071 static binaries will contain a blend of cleaning and non-cleaning callers. 10072 10073 OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172 10074 10075commit cc80d51d034bcb24fd0f2564a4bdf1612000a2a2 10076Author: Damien Miller <djm@mindrot.org> 10077Date: Wed Jun 5 02:21:30 2024 +1000 10078 10079 remove PRIVSEP macros for osx 10080 10081commit 8785491123d4d722b310c20f383570be758f8263 10082Author: djm@openbsd.org <djm@openbsd.org> 10083Date: Sat Jun 1 07:03:37 2024 +0000 10084 10085 upstream: be really strict with fds reserved for communication with the 10086 10087 separate sshd-session process - reserve them early and fatal if we can't 10088 dup2(2) them later. The pre-split fallback to re-reading the configuration 10089 files is not possible, so sshd-session absolutely requires the fd the 10090 configuration is passed over to be in order. 10091 10092 ok deraadt@ 10093 10094 OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065 10095 10096commit f1c8918cb98459910fb159373baea053ba4108c0 10097Author: Damien Miller <djm@mindrot.org> 10098Date: Fri May 31 19:12:26 2024 +1000 10099 10100 depend 10101 10102commit 94b4866cb1f4b0ed29a9f367047b30f81002316f 10103Author: Damien Miller <djm@mindrot.org> 10104Date: Fri May 31 19:11:14 2024 +1000 10105 10106 rename need_privsep to need_chroot 10107 10108 privsep is mandatory, chroot is optional (disabled when running 10109 sshd as non-root) 10110 10111commit e68a95142e5024b144f8eeccd5ffdee42c34f44c 10112Author: Damien Miller <djm@mindrot.org> 10113Date: Fri May 31 19:05:34 2024 +1000 10114 10115 remove remaining use_privsep mention 10116 10117commit b21d271f651d2536dca819cc6d74032fe98634db 10118Author: djm@openbsd.org <djm@openbsd.org> 10119Date: Fri May 31 09:01:08 2024 +0000 10120 10121 upstream: warn when -r (deprecated option to disable re-exec) is 10122 10123 passed 10124 10125 OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551 10126 10127commit a4b5bc246cbca476deeeb4462aa31746a56e3021 10128Author: djm@openbsd.org <djm@openbsd.org> 10129Date: Fri May 31 08:49:35 2024 +0000 10130 10131 upstream: typos 10132 10133 OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf 10134 10135commit 8054b906983ceaed01fabd8188d3dac24c05ba39 10136Author: djm@openbsd.org <djm@openbsd.org> 10137Date: Mon May 27 01:52:26 2024 +0000 10138 10139 upstream: don't need sys/queue.h here 10140 10141 OpenBSD-Commit-ID: dd137396828171eb19e4911581812ca58de6c578 10142 10143commit 210d4239733da6180ce853538aeb9413d5c62ad5 10144Author: naddy@openbsd.org <naddy@openbsd.org> 10145Date: Sun May 26 20:35:12 2024 +0000 10146 10147 upstream: remove references to SSH1 and DSA server keys 10148 10149 OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2 10150 10151commit f0b9261d7fdd0ef86806b49fe76344bd16770cd0 10152Author: jsg@openbsd.org <jsg@openbsd.org> 10153Date: Thu May 23 23:47:16 2024 +0000 10154 10155 upstream: remove unused struct fwd_perm_list, no decl with complete 10156 10157 type ok djm@ 10158 10159 OpenBSD-Commit-ID: 416fb3970b7e73c76d2963c4f00cf96f2b2ee2fb 10160 10161commit 2477a98c3ef78e63b11a1393656e00288f52ae97 10162Author: naddy@openbsd.org <naddy@openbsd.org> 10163Date: Wed May 22 15:24:55 2024 +0000 10164 10165 upstream: Do not pass -Werror twice when building with clang. 10166 10167 OpenBSD-Commit-ID: 5f378c38ad8976d507786dc4db9283a879ec8cd0 10168 10169commit 435844f5675245b4271f8581f15e6d1f34fde3bc 10170Author: miod@openbsd.org <miod@openbsd.org> 10171Date: Wed May 22 11:49:36 2024 +0000 10172 10173 upstream: Do not pass -Werror if building with gcc 3, for asn1.h 10174 10175 and bio.h cause (admittedly bogus) warnings with gcc 3. 10176 10177 OpenBSD-Commit-ID: fb39324748824cb0387e9d67c41d1bef945c54ea 10178 10179commit fc5dc092830de23767c6ef67baa18310a64ee533 10180Author: djm@openbsd.org <djm@openbsd.org> 10181Date: Wed May 22 04:20:00 2024 +0000 10182 10183 upstream: this test has been broken since 2014, and has been 10184 10185 testing the same key exchange algorithm repeatedly instead of testing all of 10186 them. Spotted by nreilly AT blackberry.com in bz3692 10187 10188 Who broke the test? me. 10189 10190 OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2 10191 10192commit fd4816791beaed2fdae7eea3e1494d1972b2a39d 10193Author: anton@openbsd.org <anton@openbsd.org> 10194Date: Sun May 19 19:10:01 2024 +0000 10195 10196 upstream: Add missing kex-names.c source file required since the 10197 10198 ssh split. 10199 10200 OpenBSD-Regress-ID: ca666223f828fc4b069cb9016bff1eb50faf9fbb 10201 10202commit beccb7319c5449f6454889013403c336446d622e 10203Author: naddy@openbsd.org <naddy@openbsd.org> 10204Date: Fri May 17 14:42:00 2024 +0000 10205 10206 upstream: remove duplicate copy of relink kit for sshd-session 10207 10208 OpenBSD-Commit-ID: 6d2ded4cd91d4d727c2b26e099b91ea935bed504 10209 10210commit dcd79fa141311c287e0595ede684b7116122fae0 10211Author: jsg@openbsd.org <jsg@openbsd.org> 10212Date: Fri May 17 06:42:04 2024 +0000 10213 10214 upstream: remove prototypes with no matching function; ok djm@ 10215 10216 OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693 10217 10218commit 6454a05e7c6574d70adf17efe505a8581a86ca4f 10219Author: jsg@openbsd.org <jsg@openbsd.org> 10220Date: Fri May 17 06:38:00 2024 +0000 10221 10222 upstream: remove externs for removed vars; ok djm@ 10223 10224 OpenBSD-Commit-ID: f51ea791d45c15d4927eb4ae7d877ccc1e5a2aab 10225 10226commit f3e4db4601ef7d2feb1d6f7447e432aaf353a616 10227Author: deraadt@openbsd.org <deraadt@openbsd.org> 10228Date: Fri May 17 06:11:17 2024 +0000 10229 10230 upstream: -Werror was turned on (probably just for development), 10231 10232 and this is a simple way to satisfy older gcc. 10233 10234 OpenBSD-Commit-ID: 7f698df54384b437ce33ab7405f0b86c87019e86 10235 10236commit 24a1f3e5ad6f4a49377d4c74c36637e9a239efd0 10237Author: Damien Miller <djm@mindrot.org> 10238Date: Fri May 17 14:50:43 2024 +1000 10239 10240 attempt at updating RPM specs for sshd-session 10241 10242commit 17b566eeb7a0c6acc9c48b35c08885901186f861 10243Author: djm@openbsd.org <djm@openbsd.org> 10244Date: Fri May 17 04:42:13 2024 +0000 10245 10246 upstream: g/c unused variable 10247 10248 OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010 10249 10250commit 01fb82eb2aa0a4eaf5c394ea8bb37ea4c26f8a3f 10251Author: jsg@openbsd.org <jsg@openbsd.org> 10252Date: Fri May 17 02:39:11 2024 +0000 10253 10254 upstream: spelling; ok djm@ 10255 10256 OpenBSD-Commit-ID: bdea29bb3ed2a5a7782999c4c663b219d2270483 10257 10258commit b88b690e99145a021fc1a1a116a11e0bce0594e7 10259Author: djm@openbsd.org <djm@openbsd.org> 10260Date: Fri May 17 01:45:22 2024 +0000 10261 10262 upstream: allow overriding the sshd-session binary path 10263 10264 OpenBSD-Regress-ID: 5058cd1c4b6ca1a15474e33546142931d9f964da 10265 10266commit a68f80f2511f0e0c5cef737a8284cc2dfabad818 10267Author: anton@openbsd.org <anton@openbsd.org> 10268Date: Wed Apr 3 06:01:11 2024 +0000 10269 10270 upstream: Since ssh-agent(1) is only readable by root by now, use 10271 10272 ssh(1) while generating data in tests. 10273 10274 OpenBSD-Regress-ID: 24eb40de2e6b0ace185caaba35e2d470331ffe68 10275 10276commit 92e55890314ce2b0be21a43ebcbc043b4abc232f 10277Author: djm@openbsd.org <djm@openbsd.org> 10278Date: Fri May 17 01:17:40 2024 +0000 10279 10280 upstream: fix incorrect debug option name introduce in previous 10281 10282 commit 10283 10284 OpenBSD-Commit-ID: 66d69e22b1c072c694a7267c847f212284614ed3 10285 10286commit 4ad72878af7b6ec28da6e230e36a91650ebe84c1 10287Author: deraadt@openbsd.org <deraadt@openbsd.org> 10288Date: Fri May 17 00:33:25 2024 +0000 10289 10290 upstream: construct and install a relink-kit for sshd-session ok 10291 10292 djm 10293 10294 OpenBSD-Commit-ID: 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6 10295 10296commit 02e679a2cb3f6df8e9dbb1519ed578226485157f 10297Author: Damien Miller <djm@mindrot.org> 10298Date: Fri May 17 12:21:27 2024 +1000 10299 10300 Makefile support for sshd-session 10301 10302commit c0416035c5eaf70a8450d11c8833c5f7068ee7ad 10303Author: djm@openbsd.org <djm@openbsd.org> 10304Date: Fri May 17 00:32:32 2024 +0000 10305 10306 upstream: missing files from previous 10307 10308 OpenBSD-Commit-ID: 4b7be4434d8799f02365552b641a7a70a7ebeb2f 10309 10310commit 03e3de416ed7c34faeb692967737be4a7bbe2eb5 10311Author: djm@openbsd.org <djm@openbsd.org> 10312Date: Fri May 17 00:30:23 2024 +0000 10313 10314 upstream: Start the process of splitting sshd into separate 10315 10316 binaries. This step splits sshd into a listener and a session binary. More 10317 splits are planned. 10318 10319 After this changes, the listener binary will validate the configuration, 10320 load the hostkeys, listen on port 22 and manage MaxStartups only. All 10321 session handling will be performed by a new sshd-session binary that the 10322 listener fork+execs. 10323 10324 This reduces the listener process to the minimum necessary and sets us 10325 up for future work on the sshd-session binary. 10326 10327 feedback/ok markus@ deraadt@ 10328 10329 NB. if you're updating via source, please restart sshd after installing, 10330 otherwise you run the risk of locking yourself out. 10331 10332 OpenBSD-Commit-ID: 43c04a1ab96cdbdeb53d2df0125a6d42c5f19934 10333 10334commit 1c0d81357921f8d3bab06841df649edac515ae5b 10335Author: djm@openbsd.org <djm@openbsd.org> 10336Date: Thu May 9 09:46:47 2024 +0000 10337 10338 upstream: simplify exit message handling, which was more complicated 10339 10340 than it needed to be because of unexpunged ssh1 remnants. ok markus@ 10341 10342 OpenBSD-Commit-ID: 8b0cd2c0dee75fb053718f442aa89510b684610b 10343 10344commit cbbbf76aa6cd54fce32eacce1300e7abcf9461d4 10345Author: tobias@openbsd.org <tobias@openbsd.org> 10346Date: Mon May 6 19:26:17 2024 +0000 10347 10348 upstream: remove SSH1 leftovers 10349 10350 Authored with Space Meyer <git at the-space dot agency> 10351 10352 ok djm 10353 10354 OpenBSD-Commit-ID: 81db602e4cb407baae472689db1c222ed7b2afa3 10355 10356commit bc5dcb8ab9a4e8af54a724883732af378f42ea78 10357Author: tobias@openbsd.org <tobias@openbsd.org> 10358Date: Tue Apr 30 15:40:43 2024 +0000 10359 10360 upstream: never close stdin 10361 10362 The sanitise_stdfd call makes sure that standard file descriptors are 10363 open (if they were closed, they are connected with /dev/null). 10364 10365 Do not close stdin in any case to prevent error messages when stdin is 10366 read multiple times and to prevent later usage of fd 0 for connections, 10367 e.g. 10368 10369 echo localhost | ssh-keyscan -f - -f - 10370 10371 While at it, make stdin-related error messages nicer. 10372 10373 Authored with Max Kunzelmann <maxdev at posteo dot de> 10374 10375 ok djm 10376 10377 OpenBSD-Commit-ID: 48e9b7938e2fa2f9bd47e6de6df66a31e0b375d3 10378 10379commit 6a42b70e56bef1aacdcdf06352396e837883e84f 10380Author: Damien Miller <djm@mindrot.org> 10381Date: Wed May 8 09:43:59 2024 +1000 10382 10383 sync getrrsetbyname.c with recent upstream changes 10384 10385commit 385ecb31e147dfea59c1c488a1d2011d3867e60e 10386Author: djm@openbsd.org <djm@openbsd.org> 10387Date: Tue Apr 30 06:23:51 2024 +0000 10388 10389 upstream: fix home-directory extension implementation, it always 10390 10391 returned the current user's home directory contrary to the spec. 10392 10393 Patch from Jakub Jelen via GHPR477 10394 10395 OpenBSD-Commit-ID: 5afd775eab7f9cbe222d7fbae4c793de6c3b3d28 10396 10397commit 14e2b16bc67ffcc188906f65008667e22f73d103 10398Author: djm@openbsd.org <djm@openbsd.org> 10399Date: Tue Apr 30 06:16:55 2024 +0000 10400 10401 upstream: flush stdout after writing "sftp>" prompt when not using 10402 10403 editline. 10404 10405 From Alpine Linux via GHPR480 10406 10407 OpenBSD-Commit-ID: 80bdc7ffe0358dc090eb9b93e6dedb2b087b24cd 10408 10409commit 2e69a724051488e3fb3cd11531c4b5bc1764945b 10410Author: djm@openbsd.org <djm@openbsd.org> 10411Date: Tue Apr 30 05:53:03 2024 +0000 10412 10413 upstream: stricter validation of messaging socket fd number; disallow 10414 10415 usage of stderr. Based on GHPR492 by RealHurrison 10416 10417 OpenBSD-Commit-ID: 73dbbe82ea16f73ce1d044d3232bc869ae2f2ce8 10418 10419commit da757b022bf18c6f7d04e685a10cd96ed00f83da 10420Author: djm@openbsd.org <djm@openbsd.org> 10421Date: Tue Apr 30 05:45:56 2024 +0000 10422 10423 upstream: add missing reserved fields to key constraint protocol 10424 10425 documentation. 10426 10427 from Wiktor Kwapisiewicz via GHPR487 10428 10429 OpenBSD-Commit-ID: 0dfb69998cfdb3fa00cbb0e7809e7d2f6126e3df 10430 10431commit 16d0b82fa08038f35f1b3630c70116979f49784f 10432Author: Damien Miller <djm@mindrot.org> 10433Date: Tue Apr 30 12:39:34 2024 +1000 10434 10435 depend 10436 10437commit 66aaa678dbe59aa21d0d9d89a3596ecedde0254b 10438Author: djm@openbsd.org <djm@openbsd.org> 10439Date: Tue Apr 30 02:14:10 2024 +0000 10440 10441 upstream: correctly restore sigprocmask around ppoll() reported 10442 10443 by Tõivo Leedjärv; ok deraadt@ 10444 10445 OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686 10446 10447commit 80fb0eb21551aed3aebb009ab20aeffeb01e44e0 10448Author: djm@openbsd.org <djm@openbsd.org> 10449Date: Tue Apr 30 02:10:49 2024 +0000 10450 10451 upstream: add explict check for server hostkey type against 10452 10453 HostkeyAlgorithms. Allows HostkeyAlgorithms to disable implicit fallback from 10454 certificate keys to plain keys. ok markus@ 10455 10456 OpenBSD-Commit-ID: 364087e4a395ff9b2f42bf3aefdb2090bb23643a 10457 10458commit 5b28096d31ff7d80748fc845553a4aef5bb05d86 10459Author: jsg@openbsd.org <jsg@openbsd.org> 10460Date: Tue Apr 23 13:34:50 2024 +0000 10461 10462 upstream: correct indentation; no functional change ok tb@ 10463 10464 OpenBSD-Commit-ID: dd9702fd43de546bc6a3f4f025c74d6f3692a0d4 10465 10466commit fd3cb8a82784e05f621dea5b56ac6f89bc53c067 10467Author: semarie@openbsd.org <semarie@openbsd.org> 10468Date: Thu Apr 4 16:00:51 2024 +0000 10469 10470 upstream: set right mode on ssh-agent at boot-time 10471 10472 which sthen@ 10473 ok deraadt@ 10474 10475 OpenBSD-Commit-ID: 662b5056a2c6171563e1626f9c69f27862b5e7af 10476 10477commit 54343a260e3aa4bceca1852dde31cd08e2abd82b 10478Author: deraadt@openbsd.org <deraadt@openbsd.org> 10479Date: Tue Apr 2 12:22:38 2024 +0000 10480 10481 upstream: Oops, incorrect hex conversion spotted by claudio. 10482 10483 While here try to improve how it reads a bit better. Surprising the 10484 regression tests didn't spot this error, maybe it fails to roundtrip the 10485 values. 10486 10487 OpenBSD-Commit-ID: 866cfcc1955aef8f3fc32da0b70c353a1b859f2e 10488 10489commit ec78c31409590ad74efc194f886273ed080a545a 10490Author: deraadt@openbsd.org <deraadt@openbsd.org> 10491Date: Tue Apr 2 10:02:08 2024 +0000 10492 10493 upstream: for parse_ipqos(), use strtonum() instead of mostly 10494 10495 idiomatic strtoul(), but wow it's so gross. ok djm 10496 10497 OpenBSD-Commit-ID: cec14a76af2eb7b225300c80fc0e21052be67b05 10498 10499commit 8176e1a6c2e6da9361a7abb6fbf6c23c299f495b 10500Author: deraadt@openbsd.org <deraadt@openbsd.org> 10501Date: Tue Apr 2 09:56:58 2024 +0000 10502 10503 upstream: can shortcut by returning strtonum() value directly; ok 10504 10505 djm 10506 10507 OpenBSD-Commit-ID: 7bb2dd3d6d1f288dac14247d1de446e3d7ba8b8e 10508 10509commit 9f543d7022a781f80bb696f9d73f1d1c6f9e31d6 10510Author: deraadt@openbsd.org <deraadt@openbsd.org> 10511Date: Tue Apr 2 09:52:14 2024 +0000 10512 10513 upstream: rewrite convtime() to use a isdigit-scanner and 10514 10515 strtonum() instead of strange strtoul can might be fooled by garage 10516 characters. passes regress/usr.bin/ssh/unittests/misc ok djm 10517 10518 OpenBSD-Commit-ID: 4b1ef826bb16047aea3f3bdcb385b72ffd450abc 10519 10520commit 8673137f780d8d9e4cda3c4605cb5d88d5cea271 10521Author: claudio@openbsd.org <claudio@openbsd.org> 10522Date: Tue Apr 2 09:48:24 2024 +0000 10523 10524 upstream: Remove unused ptr[3] char array in pkcs11_decode_hex. 10525 10526 OK deraadt@ 10527 10528 OpenBSD-Commit-ID: 3d14433e39fd558f662d3b0431c4c555ef920481 10529 10530commit c7fec708f331f108343d69e4d74c9a5d86d6cfe7 10531Author: deraadt@openbsd.org <deraadt@openbsd.org> 10532Date: Tue Apr 2 09:32:28 2024 +0000 10533 10534 upstream: Replace non-idiomatic strtoul(, 16) to parse a region 10535 10536 of 2-character hex sequences with a low-level replacement designed just for 10537 the task. ok djm 10538 10539 OpenBSD-Commit-ID: 67bab8b8a4329a19a0add5085eacd6f4cc215e85 10540 10541commit 019a5f483b0f588da6270ec401d0b4bb35032f3f 10542Author: deraadt@openbsd.org <deraadt@openbsd.org> 10543Date: Tue Apr 2 09:29:31 2024 +0000 10544 10545 upstream: Use strtonum() instead of severely non-idomatic 10546 10547 strtoul() In particular this will now reject trailing garbage, ie. 10548 '12garbage'. ok djm 10549 10550 OpenBSD-Commit-ID: c82d95e3ccbfedfc91a8041c2f8bf0cf987d1501 10551 10552commit 8231ca046fa39ea4eb99b79e0a6e09dec50ac952 10553Author: deraadt@openbsd.org <deraadt@openbsd.org> 10554Date: Mon Apr 1 15:50:17 2024 +0000 10555 10556 upstream: also create a relink kit for ssh-agent, since it is a 10557 10558 long-running setgid program carrying keys with some (not very powerful) 10559 communication channels. solution for testing the binary from dtucker. 10560 agreement from djm. Will add it into /etc/rc in a few days. 10561 10562 OpenBSD-Commit-ID: 2fe8d707ae35ba23c7916adcb818bb5b66837ba0 10563 10564commit bf7bf50bd6a14e49c9c243cb8f4de31e555a5a2e 10565Author: deraadt@openbsd.org <deraadt@openbsd.org> 10566Date: Mon Apr 1 15:48:16 2024 +0000 10567 10568 upstream: new-style relink kit for sshd. The old scheme created 10569 10570 a Makefile by concatenating two Makefiles and was incredibly fragile. In the 10571 new way a narrow-purposed install.sh script is created and shipped with the 10572 objects. A recently commited /etc/rc script understands these files. 10573 10574 OpenBSD-Commit-ID: ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3 10575 10576commit 00e63688920905e326d8667cb47f17a156b6dc8f 10577Author: renmingshuai <renmingshuai@huawei.com> 10578Date: Fri Apr 12 10:20:49 2024 +0800 10579 10580 Shell syntax fix (leftover from a sync). 10581 10582 Signed-off-by: renmingshuai <renmingshuai@huawei.com> 10583 10584commit 2eded551ba96e66bc3afbbcc883812c2eac02bd7 10585Author: Darren Tucker <dtucker@dtucker.net> 10586Date: Thu Apr 25 13:20:19 2024 +1000 10587 10588 Merge flags for OpenSSL 3.x versions. 10589 10590 OpenSSL has moved to 3.4 which we don't currently accept. Based on 10591 the OpenSSL versioning policy[0] it looks like all of the 3.x versions 10592 should work with OpenSSH, so remove the distinction in configure and 10593 accept all of them. 10594 10595 [0] https://openssl.org/policies/general/versioning-policy.html 10596 10597commit 8673245918081c6d1dc7fb3733c8eb2c5a902c5e 10598Author: Darren Tucker <dtucker@dtucker.net> 10599Date: Thu Apr 25 13:19:03 2024 +1000 10600 10601 Remove 9.6 branch from status page. 10602 10603commit 70d43049747fa3c66cf876d52271859407cec2fa 10604Author: Darren Tucker <dtucker@dtucker.net> 10605Date: Thu Apr 25 13:16:58 2024 +1000 10606 10607 Update LibreSSL and OpenSSL versions tested. 10608 10609 Update LibreSSL versions to current releases (3.8.4 & 3.9.1). 10610 Add newly-released OpenSSL 3.3.0, and add tests against the 3.1 and 10611 3.3 branches. 10612 10613commit 88351eca17dcc55189991ba60e50819b6d4193c1 10614Author: 90 <hi@90.gripe> 10615Date: Fri Apr 5 19:36:06 2024 +0100 10616 10617 Fix missing header for systemd notification 10618 10619commit 08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c 10620Author: Damien Miller <djm@mindrot.org> 10621Date: Wed Apr 3 14:40:32 2024 +1100 10622 10623 notify systemd on listen and reload 10624 10625 Standalone implementation that does not depend on libsystemd. 10626 With assistance from Luca Boccassi, and feedback/testing from Colin 10627 Watson. bz2641 10628