diff options
| author | Damien Miller <djm@mindrot.org> | 2024-07-01 14:36:28 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-07-01 14:36:28 +1000 |
| commit | 6849957945754e6551e515f41e8cf3937cda222d (patch) | |
| tree | 5cc2a7944ee7d0073ecb2ae03b28fdbc4630a484 | |
| parent | fa41f6592ff1b6ead4a652ac75af31eabb05b912 (diff) | |
autogenerated files for releaseV_9_8_P1
| -rw-r--r-- | .gitignore | 6 | ||||
| -rw-r--r-- | ChangeLog | 8666 | ||||
| -rw-r--r-- | aclocal.m4 | 15 | ||||
| -rw-r--r-- | config.h.in | 2051 | ||||
| -rwxr-xr-x | configure | 27691 | ||||
| -rw-r--r-- | moduli.0 | 74 | ||||
| -rw-r--r-- | scp.0 | 232 | ||||
| -rw-r--r-- | sftp-server.0 | 98 | ||||
| -rw-r--r-- | sftp.0 | 438 | ||||
| -rw-r--r-- | ssh-add.0 | 209 | ||||
| -rw-r--r-- | ssh-agent.0 | 140 | ||||
| -rw-r--r-- | ssh-keygen.0 | 907 | ||||
| -rw-r--r-- | ssh-keyscan.0 | 123 | ||||
| -rw-r--r-- | ssh-keysign.0 | 50 | ||||
| -rw-r--r-- | ssh-pkcs11-helper.0 | 35 | ||||
| -rw-r--r-- | ssh-sk-helper.0 | 34 | ||||
| -rw-r--r-- | ssh.0 | 1019 | ||||
| -rw-r--r-- | ssh_config.0 | 1431 | ||||
| -rw-r--r-- | sshd.0 | 685 | ||||
| -rw-r--r-- | sshd_config.0 | 1393 |
20 files changed, 45291 insertions, 6 deletions
@@ -33,9 +33,3 @@ sshd !regress/unittests/sshsig/Makefile tags -# Ignored on main branch -config.h.in -configure -aclocal.m4 -ChangeLog -**/*.0 diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 00000000..a1a52651 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,8666 @@ +commit fa41f6592ff1b6ead4a652ac75af31eabb05b912 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jul 1 14:33:26 2024 +1000 + + version numbers + +commit bfebb8a5130a792c5356bd06e1ddef72a0a0449f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 1 04:31:59 2024 +0000 + + upstream: openssh-9.8 + + OpenBSD-Commit-ID: 5f8b89e38a4c5f7c6d52ffa19f796d49f36fab19 + +commit 146c420d29d055cc75c8606327a1cf8439fe3a08 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 1 04:31:17 2024 +0000 + + upstream: when sending ObscureKeystrokeTiming chaff packets, we + + can't rely on channel_did_enqueue to tell that there is data to send. This + flag indicates that the channels code enqueued a packet on _this_ ppoll() + iteration, not that data was enqueued in _any_ ppoll() iteration in the + timeslice. ok markus@ + + OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + +commit 637e4dfea4ed81264e264b6200172ce319c64ead +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jul 1 03:10:19 2024 +0000 + + upstream: use "lcd" to change directory before "lls" rather then "cd", + + since the directory we're trying to list is local. Spotted by Corinna + Vinschen + + OpenBSD-Regress-ID: 821feca4a4bebe491944e624c8f7f2990b891415 + +commit c8cfe258cee0b8466ea84597bf15e1fcff3bc328 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 27 23:01:15 2024 +0000 + + upstream: delete obsolete comment + + OpenBSD-Commit-ID: 5fb04f298ed155053f3fbfdf0c6fe7cdf84bbfa2 + +commit 94b9d37100f6fa536aaa1d1a0e4926fe44fbf04d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 27 22:36:44 2024 +0000 + + upstream: retire unused API + + OpenBSD-Commit-ID: 3e30d7b0615e2707f6bbe70f61b1c2f72f78161b + +commit 268c3a7f5783e731ed60f4e28da66ee3743581d3 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Jun 27 21:02:16 2024 +0000 + + upstream: ssl(8) no longer contains a HISTORY section; + + OpenBSD-Commit-ID: 83b7ff34433d79595e9c2a5d2a561a6660251245 + +commit 12b6cc09ce6c430681f03af2a8069e37a664690b +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 26 23:47:46 2024 +0000 + + upstream: move child process waitpid() loop out of SIGCHLD handler; + + ok deraadt + + OpenBSD-Commit-ID: 65815a39564e431414aed7c5ace8076f4e9ca741 + +commit d6bcd13297c2ab8b528df5a6898f994734849031 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Jun 26 23:16:52 2024 +0000 + + upstream: Instead of using possibly complex ssh_signal(), write all + + the parts of the grace_alarm_handler() using the exact things allowed by the + signal-safe rules. This is a good rule of thumb: Handlers should be written + to either set a global volatile sig_atomic_t inspected from outside, and/or + directly perform only safe operations listed in our sigaction(2) manual page. + ok djm markus + + OpenBSD-Commit-ID: 14168ae8368aab76e4ed79e17a667cb46f404ecd + +commit b8793e2b0851f7d71b97554fa5260b23796d6277 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Wed Jun 26 23:14:14 2024 +0000 + + upstream: save_errno wrappers inside two small signal handlers that + + perform system calls, for systems with libc that do perform libc sigtramps. + ok djm markus + + OpenBSD-Commit-ID: 7749b56419a7c9dcfe4c6c04811e429813346c62 + +commit f23e9332c4c8df37465c4a4f38275ea98980ed7e +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Mon Jun 24 06:59:39 2024 +0000 + + upstream: - uppercase start of sentence - correct sentence grammar + + ok djm + + OpenBSD-Commit-ID: 1ec4b0fdb633a43667f2c8fff1d600bd647dde25 + +commit 1839e3eb71a759aa795602c1e4196300f4ac2615 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 24 04:05:11 2024 +0000 + + upstream: mention SshdSessionPath option + + OpenBSD-Commit-ID: c29734d36c21003973b15c1c9965c35f36cef30c + +commit 603193e32aef5db7d60c58066d5de89806e79312 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Jun 20 18:45:14 2024 +1000 + + Rerun upstream tests on .sh file changes too. + +commit dbbf9337c19381786a8e5a8a49152fe6b80c780d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jun 20 08:23:18 2024 +0000 + + upstream: Work around dbclient cipher/mac query bug. + + Unlike earlier versions, recent Dropbear (at least v2024.85) requires + a host arg when querying supported ciphers and macs via "-c/-m + help". Earlier versions accept but do not require it, so always + provide it. If these queries fail, skip the test with a warning. + + OpenBSD-Regress-ID: 98eb863a3f0363416922efb273885e6b3c7f68d4 + +commit 8de2c8cebc46bbdb94b7a2c120fcadfb66a3cccc +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Jun 20 08:18:34 2024 +0000 + + upstream: Remove dropbear key types not supported + + by current OpenSSH. Allows subsequent test runs to work if OpenSSH is + rebuilt w/out OpenSSL. + + OpenBSD-Regress-ID: e0129eb2b1d31771105903a8055216fbba20a770 + +commit e9b6471c59b21e5d9ef1b3832d4bf727338add85 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 20 00:18:05 2024 +0000 + + upstream: stricter check for overfull tables in penalty record path + + OpenBSD-Commit-ID: 7df01e648a0723418c554e64a9f2b6d38db060a6 + +commit d9336d344eb2a1e898c5e66147b3f108c7214694 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 19 23:24:47 2024 +0000 + + upstream: put back reaping of preauth child process when writes + + from the monitor fail. Not sure how this got lost in the avalanche of + patches. + + OpenBSD-Commit-ID: eb7eb36371e1ac01050b32b70fb2b3e5d98e72f5 + +commit 579d9adb70ec0206a788eb5c63804c31a67e9310 +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Mon Jun 17 13:50:18 2024 +0000 + + upstream: remove one more mention of DSA + + OpenBSD-Commit-ID: 8515f55a15f02836ba657df341415f63c60526ca + +commit 7089b5f8436ef0b8d3d3ad9ce01045fb9e7aab15 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 19 23:09:05 2024 +1000 + + Move -f to the place needed to restart sshd. + +commit d5f83cfd852b14a25f347f082ab539a9454702ad +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 19 21:04:01 2024 +1000 + + Need to supply "-f" to restart sshd. + +commit fad34b4ca25c0ef31e5aa841d461b6f21da5b8c1 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jun 19 10:15:51 2024 +0000 + + upstream: Provide defaults for ciphers and macs + + if querying for them fails since on some versions of Dropbear (at least + v2024.85) "-m help" doesn't seem to work. Enable all supported pubkey + algorithms in the server. + + OpenBSD-Regress-ID: 4f95556a49ee9f621789f25217c367a33d2745ca + +commit 5521060e35ada9f957cecdddc06d0524e75409ef +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jun 19 10:10:46 2024 +0000 + + upstream: Use ed25519 keys for kex tests + + since that's supported by OpenSSH even when built without OpenSSL. + Only test diffie-hellman kex if OpenSSH is compiled with support for it. + + OpenBSD-Regress-ID: a5d09ef9bbd171f9e4ec73ed0d9eeb49a8878e97 + +commit dbd3b833f6e3815e58f2dc6e14f61a51bcd4d6bd +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Jun 19 10:08:34 2024 +0000 + + upstream: Rework dropbear key setup + + to always generate ed25519 keys, other types only if OpenSSH has support + for the corresponding key type. + + OpenBSD-Regress-ID: 8f91f12604cddb9f8d93aa34f3f93a3f6074395d + +commit d6218504e11ae9148adf410fc69b0710a052be36 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Wed Jun 19 20:20:24 2024 +1000 + + Restart sshd after installing it for testing. + + When installing an sshd built without OpenSSL the mismatch between + the running sshd and newly installed sshd-session will cause the + remainder of the test to fail. + +commit 786a4465b6bb702daf4fb17b7c3bcb42b52f0b46 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Tue Jun 18 19:59:59 2024 +1000 + + Remove macos-11 runner. + + Github is retiring them soon. + +commit df1c72a55edbebac14363b57de66ac6a147ecc67 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jun 19 09:34:34 2024 +1000 + + PAMServiceName may appear in a Match block + +commit de1c2e70e5a5dc3c8d2fe04b24cc93d8ef6930e7 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Jun 18 08:11:48 2024 +0000 + + upstream: Re-enable ssh-dss tests + + ... if ssh is compiled with DSA support + + OpenBSD-Regress-ID: bbfaf8c17f2b50a2d46ac35cb97af99b990c990d + +commit dabc2c7cf3c141e8e5d5a1a60d6c1d2d2422cf43 +Author: anton@openbsd.org <anton@openbsd.org> +Date: Tue Jun 18 06:14:27 2024 +0000 + + upstream: Stop using DSA in dropbear interop tests. + + OpenBSD-Regress-ID: abfd4457d99d8cc1417fd22ca2c570270f74c1cf + +commit 761438012710169445acc179e3870c53c862bda0 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jun 18 12:29:45 2024 +1000 + + missed a bit of DSA in the fuzzer + +commit 3f9cc47da588e8de520720e59f98438043fdaf93 +Author: Damien Miller <djm@mindrot.org> +Date: Tue Jun 18 09:35:53 2024 +1000 + + DSA support is disabled, so remove from fuzzers + +commit 00eb95957dea5484b2c7c043f7d2bbc87301bef2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 17 08:30:29 2024 +0000 + + upstream: disable the DSA signature algorithm by default; ok + + markus@ + + (yes, I know this expands to "the Digitial Signature Algorithm + signature algorithm) + + OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed + +commit 5603befe11c9464ea26fe77cbacc95a7cc0b1ea7 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon Jun 17 08:28:31 2024 +0000 + + upstream: promote connection-closed messages from verbose to info + + log level; they could be the only record of the connection terminating if the + client doesn't send a SSH2_MSG_DISCONNECT message. ok dtucker@ + + OpenBSD-Commit-ID: 0c8bfaf5e9fdff945cee09ac21e641f6c5d65d3c + +commit b00331402fe5c60d577f3ffcc35e49286cdc6b47 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jun 17 17:02:18 2024 +1000 + + propagate PAM crashes to PerSourcePenalties + + If the PAM subprocess crashes, exit with a crash status that will be + picked up by the sshd(8) listener process where it can be used by + PerSourcePenalties to block the client. This is similar handling to + the privsep preauth process. + +commit 1c207f456ace38987deda047758d13fbf857f948 +Author: Damien Miller <djm@mindrot.org> +Date: Mon Jun 17 15:06:01 2024 +1000 + + minix doesn't have loopback, so skip penalty tests + + pointed out by dtucker@ + +commit 48443d202eaec52d4d39defdd709a4499a7140c6 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jun 16 11:54:49 2024 +0000 + + upstream: same treatment for this test + + OpenBSD-Regress-ID: d0cc9efca7833e673ea7b0cb3a679a3acee8d4c7 + +commit 45562a95ea11d328c22d97bf39401cd29684fb1f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sun Jun 16 08:18:06 2024 +0000 + + upstream: penalty test is still a bit racy + + OpenBSD-Regress-ID: 90c9ac224db454637baf1ebee5857e007321e824 + +commit 8d0f7eb147ef72d18acb16c0b18672d44941a8ca +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jun 15 03:59:10 2024 +0000 + + upstream: crank up penalty timeouts so this should work on even the + + slowest of test builders + + OpenBSD-Regress-ID: 70bda39c83e3fc9d0f3c1fad4542ed33e173d468 + +commit 93c75471a1202ab3e29db6938648d4e2602c0475 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Fri Jun 14 05:20:34 2024 +0000 + + upstream: sort -q in the options list; + + OpenBSD-Commit-ID: 6839b38378f38f754de638a5e988c13b4164cc7c + +commit dd7807bbe80a93ffb4616f2bd5cf83ad5a5595fb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 14 05:01:22 2024 +0000 + + upstream: clarify KEXAlgorithms supported vs available. Inspired by + + bz3701 from Colin Watson. + + OpenBSD-Commit-ID: e698e69bea19bd52971d253f2b1094490c4701f7 + +commit d172ad56df85b68316dbadbedad16761a1265874 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 14 05:00:42 2024 +0000 + + upstream: ssh-keyscan -q man bits + + OpenBSD-Commit-ID: ba28d0e1ac609a4c99c453e57e86560c79079db1 + +commit 092e4ff9ccaacbe035f286feb1b56ed499604743 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 14 14:46:35 2024 +1000 + + skip penalty-expire test in valgrind test env + +commit 2866ad08a9c50d7b67ce9424ca990532b806a21a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 14 04:43:11 2024 +0000 + + upstream: split the PerSourcePenalties test in two: one tests penalty + + enforcement but not penalty expiry, the other tests penalty expiry. + + This lets us disable the expiry testing in certain CI test environments. + + OpenBSD-Regress-ID: f56811064f3e3cb52ee73a206b8c2a06af1c8791 + +commit b2c64bc170d75823622a37cab3ca1804ca87ad16 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 14 14:19:23 2024 +1000 + + add a sshd_config PamServiceName option + + Allows selecting which PAM service name to use when UsePAM is + enabled. Defaults to "sshd" unless overridden at compile time + by defining SSHD_PAM_SERVICE. + + bz2102, ok dtucker@ + +commit 9f032a4dd17bf0ae6066223d82aa5e784285d987 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 14 00:26:12 2024 +0000 + + upstream: don't redirect stderr for ssh-keyscan we expect to succeed + + OpenBSD-Regress-ID: 8878b8eb4e070ed2e343166d3eb86db4a08a216c + +commit 1e84d0cf40e94ae3a77d6a7ca8c036d8e3d55a40 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 14 00:25:25 2024 +0000 + + upstream: make host/banner comments go to stderr instead of stdout, + + so they are useful as comments without extra shell redirection and so they + don't clutter actual errors on stderr. + + Add a -q flag to shut them up. + + ok dtucker@ + + OpenBSD-Commit-ID: bec813de56a71adb5c1a76adcf49621130d24264 + +commit 3e806d011855d6bd648ec95b9df630ebbd11c3bf +Author: naddy@openbsd.org <naddy@openbsd.org> +Date: Thu Jun 13 15:06:33 2024 +0000 + + upstream: separate keywords with comma + + OpenBSD-Commit-ID: d65a99666202a8188c4991c18d14374a229f7be5 + +commit abfd1f7a3cbd0a92581a0febba254b2f6649c0d9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Jun 14 00:23:55 2024 +0000 + + upstream: specify an algorithm for ssh-keyscan, otherwise it will make + + multiple attempts simultaneously and confuse the test + + OpenBSD-Regress-ID: 6e910f3315c4345053db1bf5cbf61826b194d0b9 + +commit a8fbe2f7d0d96d299ee8e69769e3b51067978748 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 13 16:41:29 2024 +1000 + + sshd: don't use argv[0] as PAM service name + + sshd would implicitly use argv[0] as the PAM service name to + allow people to select different PAM service names by making + differently-named copies/links to the sshd binary. + + Splitting sshd into sshd/sshd-session broke this, as the process + that starts PAM is always sshd-session and the user has no control + over this. + + Hardcode "sshd" as the default PAM service name unless/until we + figure out a better way. Should unbreak OSX integration tests. + +commit bf204bd05c3ae650f87e2b96527688579f59774c +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 13 15:00:28 2024 +1000 + + prepare for checking in autogenerated files + + We plan to check in automatically generated files (config.h.in, etc) on + release branches. These files are normally ignored by .gitignore, but + this shuffles the contents of this file to make it easy to un-ignore + them. + +commit 425f79a837489904c343b349ef00e09aeaa4e752 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 13 14:41:33 2024 +1000 + + typo in comment + +commit afe10313c1fa8d478af399ee7d54c8f85503013b +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 13 14:35:25 2024 +1000 + + fix PTY allocation on Cygwin, broken by sshd split + + Cygwin doesn't support FD passing and so used to disable post-auth + privilege separation entirely because privsep requires PTY allocation + to happen in the privileged monitor process with the PTY file + descriptors being passed back to the unprivileged process. + + This brings back a minimal version of the previous special treatment + for Cygwin (and any other platform that sets DISABLE_FD_PASSING): + privilege separation remains enabled, but PTY allocation happens in + the post-auth user process rather than the monitor. + + This either requires PTY allocation to not need privilege to begin + with (this appears to be the case on Cygwin), or the post-auth + privsep process retain privilege (other platforms that set the + DISABLE_FD_PASSING option). + + Keeping privileges here is bad, but the non-Cygwin systems that set + DISABLE_FD_PASSING are so deeply legacy that this is likely to be the + least of their problems. + +commit f66d4df5749551380a8c4ae642347675a0b6a2e9 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 13 11:33:09 2024 +1000 + + delay lookup of privsep user until config loaded + + sshd-session attempting to use options.kerberos_authentication to + decide whether it needed to lookup the privsep user before the + configuration was loaded. This caused it to get a placeholder value + that caused it always to try to lookup the privsep user, breaking at + least one test environment. + +commit f1c42858b94f5d9b58867b34dce3afb39c6b56a8 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Jun 13 11:16:57 2024 +1000 + + missing file for PerSourcePenalties regress test + +commit 4de80ff4e6fab5a6bb0028e7d57c6c23d1485adb +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Jun 12 22:36:00 2024 +0000 + + upstream: split PerSourcePenalties address tracking. Previously it + + used one shared table and overflow policy for IPv4 and IPv6 addresses, now it + will use separate tables and optionally different overflow policies. + + This prevents misbehaviour from IPv6 addresses (which are vastly easier + to obtain many of) from affecting IPv4 connections and may allow for + stricter overflow policies. + + ok deraadt@ + + OpenBSD-Commit-ID: 12637ed0aa4d5f1f3e702da42ea967cbd8bfdfd9 + +commit 06ab4c6931b0aaa4334db2faaa7e1069e76d0df6 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Tue Jun 11 05:24:39 2024 +0000 + + upstream: do not mark up "(default: 20ms)"; + + OpenBSD-Commit-ID: 54151ecdecfa1b67dcdda4fd24826ef6e2148ad4 + +commit cfe243cd9fde148ed060637876e27bb55ac78be9 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 02:54:51 2024 +0000 + + upstream: reap preauth net child if it hangs up during privsep message + + send, not just message receive + + OpenBSD-Commit-ID: 02a093f4ab4f8f83f0cd1ea2bb35b9ca420448f0 + +commit b0a711c00b9c64afd1c9d6fb538275c6604a2676 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 01:58:27 2024 +0000 + + upstream: fix PIDFILE handling, broken for SUDO=doas in last commit + + here + + OpenBSD-Regress-ID: 96fec579af228f87a036e94801eb294af9074625 + +commit 90fb801e2d9241be50a2a7ff79428386442a041f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 02:00:30 2024 +0000 + + upstream: reap the pre-auth [net] child if it hangs up during privsep + + message sending, not just receiving + + OpenBSD-Commit-ID: f7341605bf08c4c15830910446e6775323f2f8cb + +commit ef878d58798f6688c7f4d4e417dc0c29023ea831 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 01:23:25 2024 +0000 + + upstream: a little more RB_TREE paranoia + + OpenBSD-Commit-ID: 8dc2fd21eebd8830c4a4d25461ac4fe228e11156 + +commit fc4e96b2174d6a894d2033421699d091679baced +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 01:22:25 2024 +0000 + + upstream: fix off-by-one comparison for PerSourcePenalty + + OpenBSD-Commit-ID: af4f5d01c41ef870b23e55655bfbf73474a6c02b + +commit 82c836df4ff41145553cd7adb11c5b985aeaa06f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 01:21:41 2024 +0000 + + upstream: move tree init before possible early return + + OpenBSD-Commit-ID: 72e2c5b69f151c08a7c5bf5ad929b97a92c273df + +commit a2300f015cc4939c4d9c564b58b74e71202dc978 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 01:07:35 2024 +0000 + + upstream: update to mention that PerSourcePenalties default to + + being enabled and document the default values for each parameter. + + OpenBSD-Commit-ID: b981288bddfb097aad269f62df4081c688ce0034 + +commit 41987efd356d3fc30139aeab4b09374acf8f91a0 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 00:44:52 2024 +0000 + + upstream: reap the [net] child if it hangs up while writing privsep + + message payloads, not just the message header + + OpenBSD-Commit-ID: 24dbd400aa381ac96be7ed2dd49018487dfef6ce + +commit 6211aa085fa91155a24922e5329576ac9a8f3175 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 00:40:21 2024 +0000 + + upstream: log waitpid() status for abnormal exits + + OpenBSD-Commit-ID: b317930e06b51819c1a2bc6a4359764fecfb1c2d + +commit a59634c7adb9ae988748d99963dfafb3070d8d41 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Tue Jun 11 00:36:20 2024 +0000 + + upstream: correct error message + + OpenBSD-Commit-ID: 581f60f73099083392887206860229ab104620ed + +commit fa7d7a667f2ee031e72873e36de2d2a36bca973b +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Fri Jun 7 13:23:30 2024 +0000 + + upstream: avoid shadowing issues which some compilers won't accept + + ok djm + + OpenBSD-Commit-ID: 1e89572397dda83433d58c4fa6333a08f51170d4 + +commit 3ad4cd9eeca5c9bc6706db44b6de88e2e4513fd6 +Author: jmc@openbsd.org <jmc@openbsd.org> +Date: Thu Jun 6 21:14:49 2024 +0000 + + upstream: escape the final dot at eol in "e.g." to avoid double + + spacing; + + OpenBSD-Commit-ID: 0a9fb10bc9f7d577afe2da3f498a08bc431115b9 + +commit 0e0c69761a4c33ccd4a256560f522784a753d1a8 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 20:25:48 2024 +0000 + + upstream: enable PerSourcePenalties by default. + + ok markus + + NB. if you run a sshd that accepts connections from behind large NAT + blocks, proxies or anything else that aggregates many possible users + behind few IP addresses, then this change may cause legitimate traffic + to be denied. + + Please read the PerSourcePenalties, PerSourcePenaltyExemptList and + PerSourceNetBlockSize options in sshd_config(5) for how to tune your + sshd(8) for your specific circumstances. + + OpenBSD-Commit-ID: 24a0e5c23d37e5a63e16d2c6da3920a51078f6ce + +commit bd1f74741daabeaf20939a85cd8cec08c76d0bec +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 20:20:42 2024 +0000 + + upstream: mention that PerSourcePenalties don't affect concurrent + + in-progress connections. + + OpenBSD-Commit-ID: 20389da6264f2c97ac3463edfaa1182c212d420c + +commit 9774b938578327d88a651f4c63c504809717590a +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 19:49:25 2024 +0000 + + upstream: regress test for PerSourcePenalties + + OpenBSD-Regress-ID: a1af13d411b25a727742644459d26480b9a1b0f1 + +commit b8ebd86cefe9812204a10c028dc90de29918667d +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 19:48:40 2024 +0000 + + upstream: make sure logs are saved from sshd run via start_sshd + + OpenBSD-Regress-ID: de4ef0e32e3ab85ff3a6c36eb08d1909c0dd1b4a + +commit d7b2070bdaa4ebbfafb9975c1d5a62b73289d31f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 19:47:48 2024 +0000 + + upstream: simplify + + OpenBSD-Regress-ID: 50316e0d1ae0c0a057a45af042253e54ce23d11c + +commit e6ea3d224513b6bfb93818809d4c7397f5995ba2 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 18:48:13 2024 +0000 + + upstream: prepare for PerSourcePenalties being enabled by default + + in future + + OpenBSD-Regress-ID: 5236c6d1c823997aac5a35e2915da30f1903bec7 + +commit c0cb3b8c837761816a60a3cdb54062668df09652 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 19:50:01 2024 +0000 + + upstream: disable stderr redirection before closing fds + + OpenBSD-Commit-ID: d42cb895ee4542098050367fc35321c9303f003a + +commit 81c1099d22b81ebfd20a334ce986c4f753b0db29 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Jun 6 17:15:25 2024 +0000 + + upstream: Add a facility to sshd(8) to penalise particular + + problematic client behaviours, controlled by two new sshd_config(5) options: + PerSourcePenalties and PerSourcePenaltyExemptList. + + When PerSourcePenalties are enabled, sshd(8) will monitor the exit + status of its child pre-auth session processes. Through the exit + status, it can observe situations where the session did not + authenticate as expected. These conditions include when the client + repeatedly attempted authentication unsucessfully (possibly indicating + an attack against one or more accounts, e.g. password guessing), or + when client behaviour caused sshd to crash (possibly indicating + attempts to exploit sshd). + + When such a condition is observed, sshd will record a penalty of some + duration (e.g. 30 seconds) against the client's address. If this time + is above a minimum threshold specified by the PerSourcePenalties, then + connections from the client address will be refused (along with any + others in the same PerSourceNetBlockSize CIDR range). + + Repeated offenses by the same client address will accrue greater + penalties, up to a configurable maximum. A PerSourcePenaltyExemptList + option allows certain address ranges to be exempt from all penalties. + + We hope these options will make it significantly more difficult for + attackers to find accounts with weak/guessable passwords or exploit + bugs in sshd(8) itself. + + PerSourcePenalties is off by default, but we expect to enable it + automatically in the near future. + + much feedback markus@ and others, ok markus@ + + OpenBSD-Commit-ID: 89ded70eccb2b4926ef0366a4d58a693de366cca + +commit 916b0b6174e203cf2c5ec9bcf409472eb7ffbf43 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Jun 7 03:31:02 2024 +1000 + + whitespace + +commit 49b55e44182b8294419aa580cbf043d5b9e3d953 +Author: deraadt@openbsd.org <deraadt@openbsd.org> +Date: Tue Jun 4 15:14:45 2024 +0000 + + upstream: enable -fret-clean on amd64, for libc libcrypto ld.so + + kernel, and all the ssh tools. The dynamic objects are entirely ret-clean, + static binaries will contain a blend of cleaning and non-cleaning callers. + + OpenBSD-Commit-ID: 112aacedd3b61cc5c34b1fa6d9fb759214179172 + +commit cc80d51d034bcb24fd0f2564a4bdf1612000a2a2 +Author: Damien Miller <djm@mindrot.org> +Date: Wed Jun 5 02:21:30 2024 +1000 + + remove PRIVSEP macros for osx + +commit 8785491123d4d722b310c20f383570be758f8263 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Sat Jun 1 07:03:37 2024 +0000 + + upstream: be really strict with fds reserved for communication with the + + separate sshd-session process - reserve them early and fatal if we can't + dup2(2) them later. The pre-split fallback to re-reading the configuration + files is not possible, so sshd-session absolutely requires the fd the + configuration is passed over to be in order. + + ok deraadt@ + + OpenBSD-Commit-ID: 308a98ef3c8a6665ebf92c7c9a0fc9600ccd7065 + +commit f1c8918cb98459910fb159373baea053ba4108c0 +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 31 19:12:26 2024 +1000 + + depend + +commit 94b4866cb1f4b0ed29a9f367047b30f81002316f +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 31 19:11:14 2024 +1000 + + rename need_privsep to need_chroot + + privsep is mandatory, chroot is optional (disabled when running + sshd as non-root) + +commit e68a95142e5024b144f8eeccd5ffdee42c34f44c +Author: Damien Miller <djm@mindrot.org> +Date: Fri May 31 19:05:34 2024 +1000 + + remove remaining use_privsep mention + +commit b21d271f651d2536dca819cc6d74032fe98634db +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 31 09:01:08 2024 +0000 + + upstream: warn when -r (deprecated option to disable re-exec) is + + passed + + OpenBSD-Commit-ID: 73145ef5150edbe3ce7889f0844ed8fa6155f551 + +commit a4b5bc246cbca476deeeb4462aa31746a56e3021 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri May 31 08:49:35 2024 +0000 + + upstream: typos + + OpenBSD-Commit-ID: edfa72eb06bfa65da30fabf7d2fe76d2d33f77bf + +commit 8054b906983ceaed01fabd8188d3dac24c05ba39 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Mon May 27 01:52:26 2024 +0000 + + upstream: don't need sys/queue.h here + + OpenBSD-Commit-ID: dd13739 |