forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 326
/
ChangeLog
8666 lines (5586 loc) · 284 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
commit fa41f6592ff1b6ead4a652ac75af31eabb05b912
Author: Damien Miller <[email protected]>
Date: Mon Jul 1 14:33:26 2024 +1000
version numbers
commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f
Author: [email protected] <[email protected]>
Date: Mon Jul 1 04:31:59 2024 +0000
upstream: openssh-9.8
OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19
commit 146c420d29d055cc75c8606327a1cf8439fe3a08
Author: [email protected] <[email protected]>
Date: Mon Jul 1 04:31:17 2024 +0000
upstream: when sending ObscureKeystrokeTiming chaff packets, we
can't rely on channel_did_enqueue to tell that there is data to send. This
flag indicates that the channels code enqueued a packet on _this_ ppoll()
iteration, not that data was enqueued in _any_ ppoll() iteration in the
timeslice. ok markus@
OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
commit 637e4dfea4ed81264e264b6200172ce319c64ead
Author: [email protected] <[email protected]>
Date: Mon Jul 1 03:10:19 2024 +0000
upstream: use "lcd" to change directory before "lls" rather then "cd",
since the directory we're trying to list is local. Spotted by Corinna
Vinschen
OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415
commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328
Author: [email protected] <[email protected]>
Date: Thu Jun 27 23:01:15 2024 +0000
upstream: delete obsolete comment
OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2
commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d
Author: [email protected] <[email protected]>
Date: Thu Jun 27 22:36:44 2024 +0000
upstream: retire unused API
OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b
commit 268c3a7f5783e731ed60f4e28da66ee3743581d3
Author: [email protected] <[email protected]>
Date: Thu Jun 27 21:02:16 2024 +0000
upstream: ssl(8) no longer contains a HISTORY section;
OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245
commit 12b6cc09ce6c430681f03af2a8069e37a664690b
Author: [email protected] <[email protected]>
Date: Wed Jun 26 23:47:46 2024 +0000
upstream: move child process waitpid() loop out of SIGCHLD handler;
ok deraadt
OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741
commit d6bcd13297c2ab8b528df5a6898f994734849031
Author: [email protected] <[email protected]>
Date: Wed Jun 26 23:16:52 2024 +0000
upstream: Instead of using possibly complex ssh_signal(), write all
the parts of the grace_alarm_handler() using the exact things allowed by the
signal-safe rules. This is a good rule of thumb: Handlers should be written
to either set a global volatile sig_atomic_t inspected from outside, and/or
directly perform only safe operations listed in our sigaction(2) manual page.
ok djm markus
OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd
commit b8793e2b0851f7d71b97554fa5260b23796d6277
Author: [email protected] <[email protected]>
Date: Wed Jun 26 23:14:14 2024 +0000
upstream: save_errno wrappers inside two small signal handlers that
perform system calls, for systems with libc that do perform libc sigtramps.
ok djm markus
OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62
commit f23e9332c4c8df37465c4a4f38275ea98980ed7e
Author: [email protected] <[email protected]>
Date: Mon Jun 24 06:59:39 2024 +0000
upstream: - uppercase start of sentence - correct sentence grammar
ok djm
OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25
commit 1839e3eb71a759aa795602c1e4196300f4ac2615
Author: [email protected] <[email protected]>
Date: Mon Jun 24 04:05:11 2024 +0000
upstream: mention SshdSessionPath option
OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c
commit 603193e32aef5db7d60c58066d5de89806e79312
Author: Darren Tucker <[email protected]>
Date: Thu Jun 20 18:45:14 2024 +1000
Rerun upstream tests on .sh file changes too.
commit dbbf9337c19381786a8e5a8a49152fe6b80c780d
Author: [email protected] <[email protected]>
Date: Thu Jun 20 08:23:18 2024 +0000
upstream: Work around dbclient cipher/mac query bug.
Unlike earlier versions, recent Dropbear (at least v2024.85) requires
a host arg when querying supported ciphers and macs via "-c/-m
help". Earlier versions accept but do not require it, so always
provide it. If these queries fail, skip the test with a warning.
OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4
commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc
Author: [email protected] <[email protected]>
Date: Thu Jun 20 08:18:34 2024 +0000
upstream: Remove dropbear key types not supported
by current OpenSSH. Allows subsequent test runs to work if OpenSSH is
rebuilt w/out OpenSSL.
OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770
commit e9b6471c59b21e5d9ef1b3832d4bf727338add85
Author: [email protected] <[email protected]>
Date: Thu Jun 20 00:18:05 2024 +0000
upstream: stricter check for overfull tables in penalty record path
OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6
commit d9336d344eb2a1e898c5e66147b3f108c7214694
Author: [email protected] <[email protected]>
Date: Wed Jun 19 23:24:47 2024 +0000
upstream: put back reaping of preauth child process when writes
from the monitor fail. Not sure how this got lost in the avalanche of
patches.
OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5
commit 579d9adb70ec0206a788eb5c63804c31a67e9310
Author: [email protected] <[email protected]>
Date: Mon Jun 17 13:50:18 2024 +0000
upstream: remove one more mention of DSA
OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca
commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15
Author: Darren Tucker <[email protected]>
Date: Wed Jun 19 23:09:05 2024 +1000
Move -f to the place needed to restart sshd.
commit d5f83cfd852b14a25f347f082ab539a9454702ad
Author: Darren Tucker <[email protected]>
Date: Wed Jun 19 21:04:01 2024 +1000
Need to supply "-f" to restart sshd.
commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1
Author: [email protected] <[email protected]>
Date: Wed Jun 19 10:15:51 2024 +0000
upstream: Provide defaults for ciphers and macs
if querying for them fails since on some versions of Dropbear (at least
v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey
algorithms in the server.
OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca
commit 5521060e35ada9f957cecdddc06d0524e75409ef
Author: [email protected] <[email protected]>
Date: Wed Jun 19 10:10:46 2024 +0000
upstream: Use ed25519 keys for kex tests
since that's supported by OpenSSH even when built without OpenSSL.
Only test diffie-hellman kex if OpenSSH is compiled with support for it.
OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97
commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd
Author: [email protected] <[email protected]>
Date: Wed Jun 19 10:08:34 2024 +0000
upstream: Rework dropbear key setup
to always generate ed25519 keys, other types only if OpenSSH has support
for the corresponding key type.
OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d
commit d6218504e11ae9148adf410fc69b0710a052be36
Author: Darren Tucker <[email protected]>
Date: Wed Jun 19 20:20:24 2024 +1000
Restart sshd after installing it for testing.
When installing an sshd built without OpenSSL the mismatch between
the running sshd and newly installed sshd-session will cause the
remainder of the test to fail.
commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46
Author: Darren Tucker <[email protected]>
Date: Tue Jun 18 19:59:59 2024 +1000
Remove macos-11 runner.
Github is retiring them soon.
commit df1c72a55edbebac14363b57de66ac6a147ecc67
Author: Damien Miller <[email protected]>
Date: Wed Jun 19 09:34:34 2024 +1000
PAMServiceName may appear in a Match block
commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7
Author: [email protected] <[email protected]>
Date: Tue Jun 18 08:11:48 2024 +0000
upstream: Re-enable ssh-dss tests
... if ssh is compiled with DSA support
OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d
commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43
Author: [email protected] <[email protected]>
Date: Tue Jun 18 06:14:27 2024 +0000
upstream: Stop using DSA in dropbear interop tests.
OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf
commit 761438012710169445acc179e3870c53c862bda0
Author: Damien Miller <[email protected]>
Date: Tue Jun 18 12:29:45 2024 +1000
missed a bit of DSA in the fuzzer
commit 3f9cc47da588e8de520720e59f98438043fdaf93
Author: Damien Miller <[email protected]>
Date: Tue Jun 18 09:35:53 2024 +1000
DSA support is disabled, so remove from fuzzers
commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2
Author: [email protected] <[email protected]>
Date: Mon Jun 17 08:30:29 2024 +0000
upstream: disable the DSA signature algorithm by default; ok
markus@
(yes, I know this expands to "the Digitial Signature Algorithm
signature algorithm)
OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7
Author: [email protected] <[email protected]>
Date: Mon Jun 17 08:28:31 2024 +0000
upstream: promote connection-closed messages from verbose to info
log level; they could be the only record of the connection terminating if the
client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@
OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c
commit b00331402fe5c60d577f3ffcc35e49286cdc6b47
Author: Damien Miller <[email protected]>
Date: Mon Jun 17 17:02:18 2024 +1000
propagate PAM crashes to PerSourcePenalties
If the PAM subprocess crashes, exit with a crash status that will be
picked up by the sshd(8) listener process where it can be used by
PerSourcePenalties to block the client. This is similar handling to
the privsep preauth process.
commit 1c207f456ace38987deda047758d13fbf857f948
Author: Damien Miller <[email protected]>
Date: Mon Jun 17 15:06:01 2024 +1000
minix doesn't have loopback, so skip penalty tests
pointed out by dtucker@
commit 48443d202eaec52d4d39defdd709a4499a7140c6
Author: [email protected] <[email protected]>
Date: Sun Jun 16 11:54:49 2024 +0000
upstream: same treatment for this test
OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7
commit 45562a95ea11d328c22d97bf39401cd29684fb1f
Author: [email protected] <[email protected]>
Date: Sun Jun 16 08:18:06 2024 +0000
upstream: penalty test is still a bit racy
OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824
commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca
Author: [email protected] <[email protected]>
Date: Sat Jun 15 03:59:10 2024 +0000
upstream: crank up penalty timeouts so this should work on even the
slowest of test builders
OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468
commit 93c75471a1202ab3e29db6938648d4e2602c0475
Author: [email protected] <[email protected]>
Date: Fri Jun 14 05:20:34 2024 +0000
upstream: sort -q in the options list;
OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c
commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb
Author: [email protected] <[email protected]>
Date: Fri Jun 14 05:01:22 2024 +0000
upstream: clarify KEXAlgorithms supported vs available. Inspired by
bz3701 from Colin Watson.
OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7
commit d172ad56df85b68316dbadbedad16761a1265874
Author: [email protected] <[email protected]>
Date: Fri Jun 14 05:00:42 2024 +0000
upstream: ssh-keyscan -q man bits
OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1
commit 092e4ff9ccaacbe035f286feb1b56ed499604743
Author: Damien Miller <[email protected]>
Date: Fri Jun 14 14:46:35 2024 +1000
skip penalty-expire test in valgrind test env
commit 2866ad08a9c50d7b67ce9424ca990532b806a21a
Author: [email protected] <[email protected]>
Date: Fri Jun 14 04:43:11 2024 +0000
upstream: split the PerSourcePenalties test in two: one tests penalty
enforcement but not penalty expiry, the other tests penalty expiry.
This lets us disable the expiry testing in certain CI test environments.
OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791
commit b2c64bc170d75823622a37cab3ca1804ca87ad16
Author: Damien Miller <[email protected]>
Date: Fri Jun 14 14:19:23 2024 +1000
add a sshd_config PamServiceName option
Allows selecting which PAM service name to use when UsePAM is
enabled. Defaults to "sshd" unless overridden at compile time
by defining SSHD_PAM_SERVICE.
bz2102, ok dtucker@
commit 9f032a4dd17bf0ae6066223d82aa5e784285d987
Author: [email protected] <[email protected]>
Date: Fri Jun 14 00:26:12 2024 +0000
upstream: don't redirect stderr for ssh-keyscan we expect to succeed
OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c
commit 1e84d0cf40e94ae3a77d6a7ca8c036d8e3d55a40
Author: [email protected] <[email protected]>
Date: Fri Jun 14 00:25:25 2024 +0000
upstream: make host/banner comments go to stderr instead of stdout,
so they are useful as comments without extra shell redirection and so they
don't clutter actual errors on stderr.
Add a -q flag to shut them up.
ok dtucker@
OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264
commit 3e806d011855d6bd648ec95b9df630ebbd11c3bf
Author: [email protected] <[email protected]>
Date: Thu Jun 13 15:06:33 2024 +0000
upstream: separate keywords with comma
OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5
commit abfd1f7a3cbd0a92581a0febba254b2f6649c0d9
Author: [email protected] <[email protected]>
Date: Fri Jun 14 00:23:55 2024 +0000
upstream: specify an algorithm for ssh-keyscan, otherwise it will make
multiple attempts simultaneously and confuse the test
OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9
commit a8fbe2f7d0d96d299ee8e69769e3b51067978748
Author: Damien Miller <[email protected]>
Date: Thu Jun 13 16:41:29 2024 +1000
sshd: don't use argv[0] as PAM service name
sshd would implicitly use argv[0] as the PAM service name to
allow people to select different PAM service names by making
differently-named copies/links to the sshd binary.
Splitting sshd into sshd/sshd-session broke this, as the process
that starts PAM is always sshd-session and the user has no control
over this.
Hardcode "sshd" as the default PAM service name unless/until we
figure out a better way. Should unbreak OSX integration tests.
commit bf204bd05c3ae650f87e2b96527688579f59774c
Author: Damien Miller <[email protected]>
Date: Thu Jun 13 15:00:28 2024 +1000
prepare for checking in autogenerated files
We plan to check in automatically generated files (config.h.in, etc) on
release branches. These files are normally ignored by .gitignore, but
this shuffles the contents of this file to make it easy to un-ignore
them.
commit 425f79a837489904c343b349ef00e09aeaa4e752
Author: Damien Miller <[email protected]>
Date: Thu Jun 13 14:41:33 2024 +1000
typo in comment
commit afe10313c1fa8d478af399ee7d54c8f85503013b
Author: Damien Miller <[email protected]>
Date: Thu Jun 13 14:35:25 2024 +1000
fix PTY allocation on Cygwin, broken by sshd split
Cygwin doesn't support FD passing and so used to disable post-auth
privilege separation entirely because privsep requires PTY allocation
to happen in the privileged monitor process with the PTY file
descriptors being passed back to the unprivileged process.
This brings back a minimal version of the previous special treatment
for Cygwin (and any other platform that sets DISABLE_FD_PASSING):
privilege separation remains enabled, but PTY allocation happens in
the post-auth user process rather than the monitor.
This either requires PTY allocation to not need privilege to begin
with (this appears to be the case on Cygwin), or the post-auth
privsep process retain privilege (other platforms that set the
DISABLE_FD_PASSING option).
Keeping privileges here is bad, but the non-Cygwin systems that set
DISABLE_FD_PASSING are so deeply legacy that this is likely to be the
least of their problems.
commit f66d4df5749551380a8c4ae642347675a0b6a2e9
Author: Damien Miller <[email protected]>
Date: Thu Jun 13 11:33:09 2024 +1000
delay lookup of privsep user until config loaded
sshd-session attempting to use options.kerberos_authentication to
decide whether it needed to lookup the privsep user before the
configuration was loaded. This caused it to get a placeholder value
that caused it always to try to lookup the privsep user, breaking at
least one test environment.
commit f1c42858b94f5d9b58867b34dce3afb39c6b56a8
Author: Damien Miller <[email protected]>
Date: Thu Jun 13 11:16:57 2024 +1000
missing file for PerSourcePenalties regress test
commit 4de80ff4e6fab5a6bb0028e7d57c6c23d1485adb
Author: [email protected] <[email protected]>
Date: Wed Jun 12 22:36:00 2024 +0000
upstream: split PerSourcePenalties address tracking. Previously it
used one shared table and overflow policy for IPv4 and IPv6 addresses, now it
will use separate tables and optionally different overflow policies.
This prevents misbehaviour from IPv6 addresses (which are vastly easier
to obtain many of) from affecting IPv4 connections and may allow for
stricter overflow policies.
ok deraadt@
OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9
commit 06ab4c6931b0aaa4334db2faaa7e1069e76d0df6
Author: [email protected] <[email protected]>
Date: Tue Jun 11 05:24:39 2024 +0000
upstream: do not mark up "(default: 20ms)";
OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4
commit cfe243cd9fde148ed060637876e27bb55ac78be9
Author: [email protected] <[email protected]>
Date: Tue Jun 11 02:54:51 2024 +0000
upstream: reap preauth net child if it hangs up during privsep message
send, not just message receive
OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0
commit b0a711c00b9c64afd1c9d6fb538275c6604a2676
Author: [email protected] <[email protected]>
Date: Tue Jun 11 01:58:27 2024 +0000
upstream: fix PIDFILE handling, broken for SUDO=doas in last commit
here
OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625
commit 90fb801e2d9241be50a2a7ff79428386442a041f
Author: [email protected] <[email protected]>
Date: Tue Jun 11 02:00:30 2024 +0000
upstream: reap the pre-auth [net] child if it hangs up during privsep
message sending, not just receiving
OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb
commit ef878d58798f6688c7f4d4e417dc0c29023ea831
Author: [email protected] <[email protected]>
Date: Tue Jun 11 01:23:25 2024 +0000
upstream: a little more RB_TREE paranoia
OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156
commit fc4e96b2174d6a894d2033421699d091679baced
Author: [email protected] <[email protected]>
Date: Tue Jun 11 01:22:25 2024 +0000
upstream: fix off-by-one comparison for PerSourcePenalty
OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b
commit 82c836df4ff41145553cd7adb11c5b985aeaa06f
Author: [email protected] <[email protected]>
Date: Tue Jun 11 01:21:41 2024 +0000
upstream: move tree init before possible early return
OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df
commit a2300f015cc4939c4d9c564b58b74e71202dc978
Author: [email protected] <[email protected]>
Date: Tue Jun 11 01:07:35 2024 +0000
upstream: update to mention that PerSourcePenalties default to
being enabled and document the default values for each parameter.
OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034
commit 41987efd356d3fc30139aeab4b09374acf8f91a0
Author: [email protected] <[email protected]>
Date: Tue Jun 11 00:44:52 2024 +0000
upstream: reap the [net] child if it hangs up while writing privsep
message payloads, not just the message header
OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce
commit 6211aa085fa91155a24922e5329576ac9a8f3175
Author: [email protected] <[email protected]>
Date: Tue Jun 11 00:40:21 2024 +0000
upstream: log waitpid() status for abnormal exits
OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d
commit a59634c7adb9ae988748d99963dfafb3070d8d41
Author: [email protected] <[email protected]>
Date: Tue Jun 11 00:36:20 2024 +0000
upstream: correct error message
OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed
commit fa7d7a667f2ee031e72873e36de2d2a36bca973b
Author: [email protected] <[email protected]>
Date: Fri Jun 7 13:23:30 2024 +0000
upstream: avoid shadowing issues which some compilers won't accept
ok djm
OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4
commit 3ad4cd9eeca5c9bc6706db44b6de88e2e4513fd6
Author: [email protected] <[email protected]>
Date: Thu Jun 6 21:14:49 2024 +0000
upstream: escape the final dot at eol in "e.g." to avoid double
spacing;
OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9
commit 0e0c69761a4c33ccd4a256560f522784a753d1a8
Author: [email protected] <[email protected]>
Date: Thu Jun 6 20:25:48 2024 +0000
upstream: enable PerSourcePenalties by default.
ok markus
NB. if you run a sshd that accepts connections from behind large NAT
blocks, proxies or anything else that aggregates many possible users
behind few IP addresses, then this change may cause legitimate traffic
to be denied.
Please read the PerSourcePenalties, PerSourcePenaltyExemptList and
PerSourceNetBlockSize options in sshd_config(5) for how to tune your
sshd(8) for your specific circumstances.
OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce
commit bd1f74741daabeaf20939a85cd8cec08c76d0bec
Author: [email protected] <[email protected]>
Date: Thu Jun 6 20:20:42 2024 +0000
upstream: mention that PerSourcePenalties don't affect concurrent
in-progress connections.
OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c
commit 9774b938578327d88a651f4c63c504809717590a
Author: [email protected] <[email protected]>
Date: Thu Jun 6 19:49:25 2024 +0000
upstream: regress test for PerSourcePenalties
OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1
commit b8ebd86cefe9812204a10c028dc90de29918667d
Author: [email protected] <[email protected]>
Date: Thu Jun 6 19:48:40 2024 +0000
upstream: make sure logs are saved from sshd run via start_sshd
OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a
commit d7b2070bdaa4ebbfafb9975c1d5a62b73289d31f
Author: [email protected] <[email protected]>
Date: Thu Jun 6 19:47:48 2024 +0000
upstream: simplify
OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c
commit e6ea3d224513b6bfb93818809d4c7397f5995ba2
Author: [email protected] <[email protected]>
Date: Thu Jun 6 18:48:13 2024 +0000
upstream: prepare for PerSourcePenalties being enabled by default
in future
OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7
commit c0cb3b8c837761816a60a3cdb54062668df09652
Author: [email protected] <[email protected]>
Date: Thu Jun 6 19:50:01 2024 +0000
upstream: disable stderr redirection before closing fds
OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a
commit 81c1099d22b81ebfd20a334ce986c4f753b0db29
Author: [email protected] <[email protected]>
Date: Thu Jun 6 17:15:25 2024 +0000
upstream: Add a facility to sshd(8) to penalise particular
problematic client behaviours, controlled by two new sshd_config(5) options:
PerSourcePenalties and PerSourcePenaltyExemptList.
When PerSourcePenalties are enabled, sshd(8) will monitor the exit
status of its child pre-auth session processes. Through the exit
status, it can observe situations where the session did not
authenticate as expected. These conditions include when the client
repeatedly attempted authentication unsucessfully (possibly indicating
an attack against one or more accounts, e.g. password guessing), or
when client behaviour caused sshd to crash (possibly indicating
attempts to exploit sshd).
When such a condition is observed, sshd will record a penalty of some
duration (e.g. 30 seconds) against the client's address. If this time
is above a minimum threshold specified by the PerSourcePenalties, then
connections from the client address will be refused (along with any
others in the same PerSourceNetBlockSize CIDR range).
Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. A PerSourcePenaltyExemptList
option allows certain address ranges to be exempt from all penalties.
We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself.
PerSourcePenalties is off by default, but we expect to enable it
automatically in the near future.
much feedback markus@ and others, ok markus@
OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca
commit 916b0b6174e203cf2c5ec9bcf409472eb7ffbf43
Author: Damien Miller <[email protected]>
Date: Fri Jun 7 03:31:02 2024 +1000
whitespace
commit 49b55e44182b8294419aa580cbf043d5b9e3d953
Author: [email protected] <[email protected]>
Date: Tue Jun 4 15:14:45 2024 +0000
upstream: enable -fret-clean on amd64, for libc libcrypto ld.so
kernel, and all the ssh tools. The dynamic objects are entirely ret-clean,
static binaries will contain a blend of cleaning and non-cleaning callers.
OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172
commit cc80d51d034bcb24fd0f2564a4bdf1612000a2a2
Author: Damien Miller <[email protected]>
Date: Wed Jun 5 02:21:30 2024 +1000
remove PRIVSEP macros for osx
commit 8785491123d4d722b310c20f383570be758f8263
Author: [email protected] <[email protected]>
Date: Sat Jun 1 07:03:37 2024 +0000
upstream: be really strict with fds reserved for communication with the
separate sshd-session process - reserve them early and fatal if we can't
dup2(2) them later. The pre-split fallback to re-reading the configuration
files is not possible, so sshd-session absolutely requires the fd the
configuration is passed over to be in order.
ok deraadt@
OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065
commit f1c8918cb98459910fb159373baea053ba4108c0
Author: Damien Miller <[email protected]>
Date: Fri May 31 19:12:26 2024 +1000
depend
commit 94b4866cb1f4b0ed29a9f367047b30f81002316f
Author: Damien Miller <[email protected]>
Date: Fri May 31 19:11:14 2024 +1000
rename need_privsep to need_chroot
privsep is mandatory, chroot is optional (disabled when running
sshd as non-root)
commit e68a95142e5024b144f8eeccd5ffdee42c34f44c
Author: Damien Miller <[email protected]>
Date: Fri May 31 19:05:34 2024 +1000
remove remaining use_privsep mention
commit b21d271f651d2536dca819cc6d74032fe98634db
Author: [email protected] <[email protected]>
Date: Fri May 31 09:01:08 2024 +0000
upstream: warn when -r (deprecated option to disable re-exec) is
passed
OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551
commit a4b5bc246cbca476deeeb4462aa31746a56e3021
Author: [email protected] <[email protected]>
Date: Fri May 31 08:49:35 2024 +0000
upstream: typos
OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf
commit 8054b906983ceaed01fabd8188d3dac24c05ba39
Author: [email protected] <[email protected]>
Date: Mon May 27 01:52:26 2024 +0000
upstream: don't need sys/queue.h here
OpenBSD-Commit-ID: dd137396828171eb19e4911581812ca58de6c578
commit 210d4239733da6180ce853538aeb9413d5c62ad5
Author: [email protected] <[email protected]>
Date: Sun May 26 20:35:12 2024 +0000
upstream: remove references to SSH1 and DSA server keys
OpenBSD-Commit-ID: 57cc1c98d4f998981473734f144b904af7d178a2
commit f0b9261d7fdd0ef86806b49fe76344bd16770cd0
Author: [email protected] <[email protected]>
Date: Thu May 23 23:47:16 2024 +0000
upstream: remove unused struct fwd_perm_list, no decl with complete
type ok djm@
OpenBSD-Commit-ID: 416fb3970b7e73c76d2963c4f00cf96f2b2ee2fb
commit 2477a98c3ef78e63b11a1393656e00288f52ae97
Author: [email protected] <[email protected]>
Date: Wed May 22 15:24:55 2024 +0000
upstream: Do not pass -Werror twice when building with clang.
OpenBSD-Commit-ID: 5f378c38ad8976d507786dc4db9283a879ec8cd0
commit 435844f5675245b4271f8581f15e6d1f34fde3bc
Author: [email protected] <[email protected]>
Date: Wed May 22 11:49:36 2024 +0000
upstream: Do not pass -Werror if building with gcc 3, for asn1.h
and bio.h cause (admittedly bogus) warnings with gcc 3.
OpenBSD-Commit-ID: fb39324748824cb0387e9d67c41d1bef945c54ea
commit fc5dc092830de23767c6ef67baa18310a64ee533
Author: [email protected] <[email protected]>
Date: Wed May 22 04:20:00 2024 +0000
upstream: this test has been broken since 2014, and has been
testing the same key exchange algorithm repeatedly instead of testing all of
them. Spotted by nreilly AT blackberry.com in bz3692
Who broke the test? me.
OpenBSD-Regress-ID: 48f4f5946276f975667141957d25441b3c9a50e2
commit fd4816791beaed2fdae7eea3e1494d1972b2a39d
Author: [email protected] <[email protected]>
Date: Sun May 19 19:10:01 2024 +0000
upstream: Add missing kex-names.c source file required since the
ssh split.
OpenBSD-Regress-ID: ca666223f828fc4b069cb9016bff1eb50faf9fbb
commit beccb7319c5449f6454889013403c336446d622e
Author: [email protected] <[email protected]>
Date: Fri May 17 14:42:00 2024 +0000
upstream: remove duplicate copy of relink kit for sshd-session
OpenBSD-Commit-ID: 6d2ded4cd91d4d727c2b26e099b91ea935bed504
commit dcd79fa141311c287e0595ede684b7116122fae0
Author: [email protected] <[email protected]>
Date: Fri May 17 06:42:04 2024 +0000
upstream: remove prototypes with no matching function; ok djm@
OpenBSD-Commit-ID: 6d9065dadea5f14a01bece0dbfe2fba1be31c693
commit 6454a05e7c6574d70adf17efe505a8581a86ca4f
Author: [email protected] <[email protected]>
Date: Fri May 17 06:38:00 2024 +0000
upstream: remove externs for removed vars; ok djm@
OpenBSD-Commit-ID: f51ea791d45c15d4927eb4ae7d877ccc1e5a2aab
commit f3e4db4601ef7d2feb1d6f7447e432aaf353a616
Author: [email protected] <[email protected]>
Date: Fri May 17 06:11:17 2024 +0000
upstream: -Werror was turned on (probably just for development),
and this is a simple way to satisfy older gcc.
OpenBSD-Commit-ID: 7f698df54384b437ce33ab7405f0b86c87019e86
commit 24a1f3e5ad6f4a49377d4c74c36637e9a239efd0
Author: Damien Miller <[email protected]>
Date: Fri May 17 14:50:43 2024 +1000
attempt at updating RPM specs for sshd-session
commit 17b566eeb7a0c6acc9c48b35c08885901186f861
Author: [email protected] <[email protected]>
Date: Fri May 17 04:42:13 2024 +0000
upstream: g/c unused variable
OpenBSD-Commit-ID: aa6ef0778a1f1bde0d73efba72a777c48d2bd010
commit 01fb82eb2aa0a4eaf5c394ea8bb37ea4c26f8a3f
Author: [email protected] <[email protected]>
Date: Fri May 17 02:39:11 2024 +0000
upstream: spelling; ok djm@
OpenBSD-Commit-ID: bdea29bb3ed2a5a7782999c4c663b219d2270483
commit b88b690e99145a021fc1a1a116a11e0bce0594e7
Author: [email protected] <[email protected]>
Date: Fri May 17 01:45:22 2024 +0000
upstream: allow overriding the sshd-session binary path
OpenBSD-Regress-ID: 5058cd1c4b6ca1a15474e33546142931d9f964da
commit a68f80f2511f0e0c5cef737a8284cc2dfabad818
Author: [email protected] <[email protected]>
Date: Wed Apr 3 06:01:11 2024 +0000
upstream: Since ssh-agent(1) is only readable by root by now, use
ssh(1) while generating data in tests.
OpenBSD-Regress-ID: 24eb40de2e6b0ace185caaba35e2d470331ffe68
commit 92e55890314ce2b0be21a43ebcbc043b4abc232f
Author: [email protected] <[email protected]>
Date: Fri May 17 01:17:40 2024 +0000
upstream: fix incorrect debug option name introduce in previous
commit
OpenBSD-Commit-ID: 66d69e22b1c072c694a7267c847f212284614ed3
commit 4ad72878af7b6ec28da6e230e36a91650ebe84c1
Author: [email protected] <[email protected]>
Date: Fri May 17 00:33:25 2024 +0000
upstream: construct and install a relink-kit for sshd-session ok
djm
OpenBSD-Commit-ID: 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6
commit 02e679a2cb3f6df8e9dbb1519ed578226485157f
Author: Damien Miller <[email protected]>