Commits on May 27, 2020

  1. upstream: fix compilation with DEBUG_KEXDH; bz#3160 ok dtucker@ 

    OpenBSD-Commit-ID: 832e771948fb45f2270e8b8895aac36d176ba17a
    @djmdjm
    djmdjm committed May 27, 2020
    ecb2c02

  2. upstream: clarify role of FIDO tokens in multi-factor 

    authentictation; mostly from Pedro Martelletto

OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac
    @djmdjm
    djmdjm committed May 27, 2020
    5a442ce

  3. upstream: fix non-ASCII quote that snuck in; spotted by Gabriel 

    Kihlman

OpenBSD-Commit-ID: 04bcde311de2325d9e45730c744c8de079b49800
    @djmdjm
    djmdjm committed May 27, 2020
    8294518

  4. upstream: when ordering the hostkey algorithms to request from a 

    server, prefer certificate types if the known_hosts files contain a key
marked as a @cert-authority; bz#3157 ok markus@

OpenBSD-Commit-ID: 8f194573e5bb7c01b69bbfaabc68f27c9fa5e0db
    @djmdjm
    djmdjm committed May 27, 2020
    05a6514

  5. upstream: preserve group/world read permission on known_hosts 

    file across runs of "ssh-keygen -Rf /path". The old behaviour was to remove
all rights for group/other. bz#3146 ok dtucker@

OpenBSD-Commit-ID: dc369d0e0b5dd826430c63fd5f4b269953448a8a
    @djmdjm
    djmdjm committed May 27, 2020
    f2d84f1

  6. upstream: always call fido_init(); previous behaviour only called 

    fido_init() when SK_DEBUG was defined. Harmless with current libfido2, but
this isn't guaranteed in the future.

OpenBSD-Commit-ID: c7ea20ff2bcd98dd12015d748d3672d4f01f0864
    @djmdjm
    djmdjm committed May 27, 2020
    1e70dc3

  7. upstream: Enable credProtect extension when generating a resident 

    key.

The FIDO 2.1 Client to Authenticator Protocol introduced a "credProtect"
feature to better protect resident keys. This option allows (amone other
possibilities) requiring a PIN prior to all operations that may retrieve
the key handle.

Patch by Pedro Martelletto; ok djm and markus

OpenBSD-Commit-ID: 013bc06a577dcaa66be3913b7f183eb8cad87e73
    @djmdjm
    djmdjm committed May 27, 2020
    2ad7b7e

  8. upstream: we are still aiming for pre-C99 ... 

    OpenBSD-Commit-ID: a240fc9cbe60bc4e6c3d24d022eb4ab01fe1cb38
    @djmdjm
    deraadt@openbsd.org authored and djmdjm committed May 27, 2020
    d7d753e

  9. upstream: fix off-by-one error that caused sftp downloads to make 

    one more concurrent request that desired. This prevented using sftp(1) in
unpipelined request/response mode, which is useful when debugging. Patch from
Stephen Goetze in bz#3054

OpenBSD-Commit-ID: 41b394ebe57037dbc43bdd0eef21ff0511191f28
    @djmdjm
    djmdjm committed May 27, 2020
    af8b16f

  10. upstream: sshd listener must not block if reexecd sshd exits 

    in write(2) on config_s[0] if the forked child exits early before finishing
recv_rexec_state (e.g. with fatal()) because config_s[1] stays open in the
parent. this prevents the parent from accepting new connections. ok djm,
deraadt

OpenBSD-Commit-ID: 92ccfeb939ccd55bda914dc3fe84582158c4a9ef
    @mfriedl @djmdjm
    mfriedl authored and djmdjm committed May 27, 2020
    4b307fa

  11. upstream: avoid possible NULL deref; from Pedro Martelletto 

    OpenBSD-Commit-ID: e6099c3fbb70aa67eb106e84d8b43f1fa919b721
    @djmdjm
    djmdjm committed May 27, 2020
    2a63ce5

  12. upstream: add fmt_timeframe() (from bgpd) to format a time 

    interval in a human- friendly format. Switch copyright for this file from BSD
to MIT to make it easier to add Henning's copyright for this function. ok
markus@

OpenBSD-Commit-ID: 414a831c662df7e68893e5233e86f2cac081ccf9
    @djmdjm
    djmdjm committed May 27, 2020
    756c6f6

  13. upstream: improve logging for MaxStartups connection throttling: 

    have sshd log when it starts and stops throttling and periodically while in
this state. bz#3055 ok markus@

OpenBSD-Commit-ID: 2e07a09a62ab45d790d3d2d714f8cc09a9ac7ab9
    @djmdjm
    djmdjm committed May 27, 2020
    9c5f64b

  14. upstream: Restrict ssh-agent from signing web challenges for FIDO 

    keys.

When signing messages in ssh-agent using a FIDO key that has an
application string that does not start with "ssh:", ensure that the
message being signed is one of the forms expected for the SSH protocol
(currently pubkey authentication and sshsig signatures).

This prevents ssh-agent forwarding on a host that has FIDO keys
attached granting the ability for the remote side to sign challenges
for web authentication using those keys too.

Note that the converse case of web browsers signing SSH challenges is
already precluded because no web RP can have the "ssh:" prefix in the
application string that we require.

ok markus@

OpenBSD-Commit-ID: 9ab6012574ed0352d2f097d307f4a988222d1b19
    @djmdjm
    djmdjm committed May 27, 2020
    0c111eb

  15. upstream: fix memleak of signature; from Pedro Martelletto 

    OpenBSD-Commit-ID: d0a6eb07e77c001427d738b220dd024ddc64b2bb
    @djmdjm
    djmdjm committed May 27, 2020
    4be5639

  16. Document that libfido2 >= 1.4.0 is needed.

    @daztucker
    daztucker committed May 27, 2020
    47faad8

  17. upstream: two new tests for Include in sshd_config, checking whether 

    Port directives are processed correctly and handling of Include directives
that appear before Match. Both tests currently fail. bz#3122 and bz#3169 -
patch from Jakub Jelen

OpenBSD-Regress-ID: 8ad5a4a385a63f0a1c59c59c763ff029b45715df
    @djmdjm
    djmdjm committed May 27, 2020
    47adfdc

Commits on May 28, 2020

  1. upstream: fix crash in recallocarray when deleting SendEnv 

    variables; spotted by & ok sthen@

OpenBSD-Commit-ID: b881e8e849edeec5082b5c0a87d8d7cff091a8fd
    @djmdjm @daztucker
    djmdjm authored and daztucker committed May 28, 2020
    16ea1fd

  2. upstream: Do not call process_queued_listen_addrs() for every 

    included file from sshd_config; patch from Jakub Jelen

OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49
    @djmdjm @daztucker
    djmdjm authored and daztucker committed May 28, 2020
    0a9a611

  3. upstream: fix Include before Match in sshd_config; bz#3122 patch 

    from Jakub Jelen

OpenBSD-Commit-ID: 1b0aaf135fe6732b5d326946042665dd3beba5f4
    @djmdjm @daztucker
    djmdjm authored and daztucker committed May 28, 2020
    7af1e92

Commits on May 29, 2020

  1. upstream: Fix multiplier in convtime when handling seconds after 

    other units. bz#3171, spotted by ronf at timeheart.net, ok djm@.

OpenBSD-Commit-ID: 95b7a848e1083974a65fbb6ccb381d438e1dd5be
    @daztucker @djmdjm
    daztucker authored and djmdjm committed May 29, 2020
    1001dd1

  2. upstream: fix exit status for downloading of FIDO resident keys; 

    from Pedro Martelletto, ok markus@

OpenBSD-Commit-ID: 0da77dc24a1084798eedd83c39a002a9d231faef
    @djmdjm
    djmdjm committed May 29, 2020
    224418c

  3. upstream: fix compilation on !HAVE_DLOPEN platforms; stub function 

    was not updated to match API change. From Dale Rahn via beck@ ok markus@

OpenBSD-Commit-ID: 2b8d054afe34c9ac85e417dae702ef981917b836
    @djmdjm
    djmdjm committed May 29, 2020
    4c60724

  4. partial sync of regress/netcat.c with upstream 

    Support for nc -T on IPv6 addresses.

ok sthen@
    @jcourreges @djmdjm
    jcourreges authored and djmdjm committed May 29, 2020
    e18435f

  5. partial sync of regress/netcat.c with upstream 

    Check for short writes in fdpass(). Clean up while at it.

ok djm
    @djmdjm
    tobias authored and djmdjm committed May 29, 2020
    bf3893d

  6. partial sync of regress/netcat.c with upstream 

    The code in socks.c writes multiple times in a row to a socket. If the socket becomes invalid between these calls (e.g. connection closed), write will throw SIGPIPE. With this patch, SIGPIPE is ignored so we can handle write's -1 return value (errno will be EPIPE). Ultimately, it leads to program exit, too -- but with nicer error message. :)

with input by and ok djm
    @djmdjm
    tobias authored and djmdjm committed May 29, 2020
    d6a8105

  7. partial sync of regress/netcat.c with upstream 

    remove unused variable

ok tedu@
    @djmdjm
    chl authored and djmdjm committed May 29, 2020
    0f04c84

  8. partial sync of regress/netcat.c with upstream 

    synchronize synopsis and usage.
    @djmdjm
    sobrado authored and djmdjm committed May 29, 2020
    0b0d219

  9. depend

    @djmdjm
    djmdjm committed May 29, 2020
    c9bab1d

  10. upstream: Allow some keywords to expand shell-style ${ENV} 

    environment variables on the client side.  The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths.  This
would for example allow forwarding of Unix domain socket paths that change at
runtime.  bz#3140, ok djm@

OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
    @daztucker @djmdjm
    daztucker authored and djmdjm committed May 29, 2020
    4a1b46e

  11. upstream: mention that wildcards are processed in lexical order; 

    bz#3165

OpenBSD-Commit-ID: 8856f3d1612bd42e9ee606d89386cae456dd165c
    @djmdjm
    djmdjm committed May 29, 2020
    188e332

  12. upstream: Unit test for convtime. ok djm@ 

    OpenBSD-Regress-ID: cec4239efa2fc4c7062064f07a847e1cbdbcd5dd
    @daztucker @djmdjm
    daztucker authored and djmdjm committed May 29, 2020
    0b15892

  13. upstream: Add regression and unit tests for ${ENV} style 

    environment variable expansion in various keywords (bz#3140).  ok djm@

OpenBSD-Regress-ID: 4d9ceb95d89365b7b674bc26cf064c15a5bbb197
    @daztucker @djmdjm
    daztucker authored and djmdjm committed May 29, 2020
    058674a

  14. upstream: remove a stray .El; 

    OpenBSD-Commit-ID: 58ddfe6f8a15fe10209db6664ecbe7896f1d167c
    @daztucker
    jmc@openbsd.org authored and daztucker committed May 29, 2020
    ec1d50b

  15. upstream: Pass a NULL instead of zeroed out va_list from 

    dollar_expand.  The original intent was in case there's some platform where
va_list is not a pointer equivalent, but on i386 this chokes on the memset.
This unbreaks that build, but will require further consideration.

OpenBSD-Commit-ID: 7b90afcd8e1137a1d863204060052aef415baaf7
    @daztucker
    daztucker committed May 29, 2020
    f85b118

  16. Omit ToS setting if we don't have IPV6_TCLASS too. 

    Fixes tests on old BSDs.
    @daztucker
    daztucker committed May 29, 2020
    837ffa9

  17. upstream: Make dollar_expand variadic and pass a real va_list to 

    vdollar_percent_expand. Fixes build error on arm64 spotted by otto@.

OpenBSD-Commit-ID: 181910d7ae489f40ad609b4cf4a20f3d068a7279
    @daztucker
    daztucker committed May 29, 2020
    712ac1e

Commits on May 30, 2020

  1. upstream: Fix error message on close(2) and add printf format 

    attributes. From Christos Zoulas, OK markus@

OpenBSD-Commit-ID: 41523c999a9e3561fcc7082fd38ea2e0629ee07e
    @djmdjm
    millert@openbsd.org authored and djmdjm committed May 30, 2020
    5ad3c3a

Commits on Jun 4, 2020

  1. upstream: Remove now-unused proto_spec and associated definitions. 

    ok djm@

OpenBSD-Commit-ID: 2e2b18e3aa6ee22a7b69c39f2d3bd679ec35c362
    @daztucker
    daztucker committed Jun 4, 2020
    b458423

  2. upstream: Import regenerated moduli file. 

    OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54
    @daztucker
    daztucker committed Jun 4, 2020
    049297d

Commits on Jun 5, 2020

  1. Test fallthrough in OSSH_CHECK_CFLAG_COMPILE. 

    clang 10's -Wimplicit-fallthrough does not understand /* FALLTHROUGH */
comments and we don't use the __attribute__((fallthrough)) that it's
looking for.  This has the effect of turning off -Wimplicit-fallthrough
where it does not currently help (particularly with -Werror).  ok djm@
    @daztucker
    daztucker committed Jun 5, 2020
    8da801f

  2. upstream: Import regenerated moduli file. 

    OpenBSD-Commit-ID: 52ff0e3205036147b2499889353ac082e505ea54
    @daztucker @djmdjm
    daztucker authored and djmdjm committed Jun 5, 2020
    56548e4

  3. upstream: Correct historical comment: provos@ modified OpenSSH to 

    work with SSLeay (very quickly replaced by OpenSSL) not SSL in general.  ok
deraadt, historical context markus@

OpenBSD-Commit-ID: 7209e07a2984b50411ed8ca5a4932da5030d2b90
    @daztucker @djmdjm
    daztucker authored and djmdjm committed Jun 5, 2020
    2f648cf

  4. upstream: wrap long line 

    OpenBSD-Commit-ID: ed405a12bd27bdc9c52e169bc5ff3529b4ebbbb2
    @djmdjm
    djmdjm committed Jun 5, 2020
    6704288

  5. upstream: make sshbuf_dump() args const 

    OpenBSD-Commit-ID: b4a5accae750875d665b862504169769bcf663bd
    @djmdjm
    djmdjm committed Jun 5, 2020
    6979629

  6. upstream: make sshbuf_putb(b, NULL) a no-op 

    OpenBSD-Commit-ID: 976fdc99b500e347023d430df372f31c1dd128f7
    @djmdjm
    djmdjm committed Jun 5, 2020
    ea547eb

  7. Add support for AUDIT_ARCH_RISCV64

    @andreas-schwab @daztucker
    andreas-schwab authored and daztucker committed Jun 5, 2020
    3de02be

  8. upstream: unbreak "sshd -ddd" - close of config passing fd happened too 

    early. ok markus@

OpenBSD-Commit-ID: 49346e945c6447aca3e904e65fc400128d2f8ed0
    @djmdjm
    djmdjm committed Jun 5, 2020
    3a7f654

Commits on Jun 12, 2020

  1. upstream: correct RFC number; from HARUYAMA Seigo via GH PR191 

    OpenBSD-Commit-ID: 8d03b6c96ca98bfbc23d3754c3c33e1fe0852e10
    @djmdjm
    djmdjm committed Jun 12, 2020
    7fafaeb

Commits on Jun 19, 2020

  1. upstream: avoid spurious "Unable to load host key" message when 

    sshd can load a private key but no public counterpart; with & ok markus@

OpenBSD-Commit-ID: 0713cbdf9aa1ff8ac7b1f78b09ac911af510f81b
    @djmdjm @daztucker
    djmdjm authored and daztucker committed Jun 19, 2020
    c514f3c