Commit Graph

1259 Commits

Author SHA1 Message Date
Ed Maste
1b91d634a5 ssh: fix OpenSSH 9.4 regression with multiplexed sessions
Upstream commit message:
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
multiplexed sessions to ignore SIGINT under some circumstances.
Reported by / feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a

Fixes: 535af610a4 ("ssh: Update to OpenSSH 9.4p1")
Obtained from:	OpenSSH 803e22eabd3b
Sponsored by:	The FreeBSD Foundation
2023-08-20 15:20:49 -04:00
Ed Maste
14e78a3656 ssh: Remove note about memory leak now resolved upstream
OpenSSH 9.4p1 (updated in commit 535af610a4) includes the memory leak
fix that we originally applied in 69c72a57af ("sftp: avoid leaking
path arg in calls to make_absolute_pwd_glob.").

Sponsored by:	The FreeBSD Foundation
2023-08-15 11:56:08 -04:00
Ed Maste
33a23ef287 ssh: correct VersionAddendum date
Reported by:	Herbert J. Skuhra <herbert@gojira.at>
Fixes:		535af610a4 ("ssh: Update to OpenSSH 9.4p1")
Sponsored by:	The FreeBSD Foundation
2023-08-15 09:30:31 -04:00
Ed Maste
535af610a4 ssh: Update to OpenSSH 9.4p1
Excerpts from the release notes:

 * ssh-agent(1): PKCS#11 modules must now be specified by their full
   paths. Previously dlopen(3) could search for them in system
   library directories.

 * ssh(1): allow forwarding Unix Domain sockets via ssh -W.

 * ssh(1): add support for configuration tags to ssh(1).
   This adds a ssh_config(5) "Tag" directive and corresponding
   "Match tag" predicate that may be used to select blocks of
   configuration similar to the pf.conf(5) keywords of the same
   name.

 * ssh(1): add a "match localnetwork" predicate. This allows matching
   on the addresses of available network interfaces and may be used to
   vary the effective client configuration based on network location.

 * ssh-agent(1): improve isolation between loaded PKCS#11 modules
   by running separate ssh-pkcs11-helpers for each loaded provider.

 * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
   modules being loaded by checking that the requested module
   contains the required symbol before loading it.

 * ssh(1): don't incorrectly disable hostname canonicalization when
   CanonicalizeHostname=yes and ProxyJump was expicitly set to
   "none". bz3567

Full release notes at https://www.openssh.com/txt/release-9.4

Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2023-08-10 23:10:18 -04:00
Jung-uk Kim
6b405053c9 OpenSSL: clean up botched merges in OpenSSL 3.0.9 import
No functional change intended.
2023-08-10 22:36:15 -04:00
Jung-uk Kim
fb055b01eb OpenSSL: regen opensslv.h for OpenSSL 3.0.10 2023-08-10 20:17:23 -04:00
Pierre Pronchery
aa79573457 OpenSSL: update to 3.0.10
OpenSSL 3.0.10 addresses:
- CVE-2023-3817
- CVE-2023-3446
- CVE-2023-2975

(Note that the vendor branch commit incorrectly referenced 3.0.9.)

Relnotes:	Yes
Pull request:	https://github.com/freebsd/freebsd-src/pull/808
Sponsored by:	The FreeBSD Foundation
2023-08-10 12:07:32 -04:00
Ed Maste
348bea10b6 openssh: retire HPN option handling
The HPN patch set was removed from base system SSH in January 2016, in
commit 60c59fad88.  We retained the option parsing (using OpenSSH's
support for deprecated options) to avoid breaking existing installations
upon upgrade, but sufficient time has now passed that we can remove this
special case.

Approved by:	des
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41291
2023-08-04 13:29:04 -04:00
Pierre Pronchery
cf2fc1b0f5 openssl: Vendor import of OpenSSL-3.0.9
Summary:
Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.10.tar.gz

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.10.tar.gz                                   14 MB   15 MBps    01s
openssl-3.0.10.tar.gz.asc                              833  B   11 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.10
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2011-03-01 [SCA]
      DC34EE5DB2417BCC151E5100E5F8F8212F77A498
uid           [ unknown] Willem Toorop <willem@nlnetlabs.nl>
sub   rsa4096 2011-03-01 [E]

pub   rsa4096 2014-10-04 [SC] [expires: 2024-01-30]
      EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
uid           [ unknown] OpenSSL security team <openssl-security@openssl.org>
uid           [ unknown] OpenSSL OMC <openssl-omc@openssl.org>
uid           [ unknown] OpenSSL Security <openssl-security@openssl.org>
sub   rsa4096 2014-10-04 [E] [expires: 2024-01-30]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Aug  1 15:47:28 2023 CEST
gpg:                using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown]
gpg:                 aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown]
gpg:                 aka "OpenSSL Security <openssl-security@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EFC0 A467 D613 CB83 C7ED  6D30 D894 E2CE 8B3D 79F5
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
```

Subscribers: imp

Differential Revision: https://reviews.freebsd.org/D41293
2023-08-02 21:09:39 -04:00
Ed Maste
a93cbba2de ssh: comment deprecated option handling for retired local patches
Older versions of FreeBSD included the HPN patch set and provided
client-side VersionAddendum.  Both of these changes have been retired
but we've retained the option parsing for backwards compatibility to
avoid breaking upgrades.  Add comment references to the relevant
commits.

Sponsored by:	The FreeBSD Foundation
2023-08-02 10:21:34 -04:00
Gleb Smirnoff
9ff45b8ed8 sshd: do not resolve refused client hostname
This is a compromise between POLA and practical reasoning.  We don't
want to block the main server loop in an attempt to resolve.  But we
need to keep the format of the logged message as is, for sake of
sshguard and other scripts.  So let's print just the IP address twice,
this is what libwrap's refuse() would do if it failed to resolve.

Reviewed by:		philip
PR:			269456
Differential revision:	https://reviews.freebsd.org/D40069
2023-07-20 14:56:20 -07:00
Gleb Smirnoff
90f10db8a9 sshd: remove unneeded initialization of libwrap logging severities
This part of ca573c9a17 proved to be unnecessary.  As the removed
comment says, we set them merely for logging syntax errors, as we log
refusals ourselves.  However, inside the libwrap the parser logs any
syntax errors with tcpd_warn() which has hardcoded LOG_WARNING inside.

Reviewed by:		philip, emaste
Differential revision:	https://reviews.freebsd.org/D40068
2023-07-20 14:56:20 -07:00
Ed Maste
66fd12cf48 ssh: Update to OpenSSH 9.3p2
From the release notes:

Changes since OpenSSH 9.3
=========================

This release fixes a security bug.

Security
========

Fix CVE-2023-38408 - a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
code execution via a forwarded agent socket if the following
conditions are met:

* Exploitation requires the presence of specific libraries on
  the victim system.
* Remote exploitation requires that the agent was forwarded
  to an attacker-controlled system.

Exploitation can also be prevented by starting ssh-agent(1) with an
empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
an allowlist that contains only specific provider libraries.

This vulnerability was discovered and demonstrated to be exploitable
by the Qualys Security Advisory team.

In addition to removing the main precondition for exploitation,
this release removes the ability for remote ssh-agent(1) clients
to load PKCS#11 modules by default (see below).

Potentially-incompatible changes
--------------------------------

 * ssh-agent(8): the agent will now refuse requests to load PKCS#11
   modules issued by remote clients by default. A flag has been added
   to restore the previous behaviour "-Oallow-remote-pkcs11".

   Note that ssh-agent(8) depends on the SSH client to identify
   requests that are remote. The OpenSSH >=8.9 ssh(1) client does
   this, but forwarding access to an agent socket using other tools
   may circumvent this restriction.

CVE:		CVE-2023-38408
Sponsored by:	The FreeBSD Foundation
2023-07-19 13:02:33 -04:00
Ed Maste
d5e2d0f140 openssh: document a locally-applied workaround
We have a local hacky workaround for an issue caused by a hacky
upstream autoconf test.  Reported upstream on the OpenSSH mailing list:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040242.html

PR:		209441
Sponsored by:	The FreeBSD Foundation
2023-07-18 12:27:02 -04:00
Pierre Pronchery
7a991ecd1a libcrypto: add missing symbols to the fips provider
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "fips", ships with OpenSSL 3 directly, and groups
algorithms that can be FIPS 140-2 validated.

The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.

In addition, without the change in OpenSSL's crypto/bn/bn_const.c, the
FIPS module fails loading: `Undefined symbol "ossl_bignum_modp_1536_p"`.
This change is consistent with crypto/bn/bn_dh.c though.

Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/787
2023-07-05 16:00:54 -04:00
Mark Johnston
8e7046ff29 libcrypto: Revert recent changes to fix legacy and fips providers
They break the !amd64 builds due to an underspecified include path and
will be re-applied once that's fixed.

Reported by:	Ronald Klop <ronald-lists@klop.ws>
2023-07-04 16:38:26 -04:00
Pierre Pronchery
0102ee0d59 libcrypto: add missing symbols to the fips provider
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "fips", ships with OpenSSL 3 directly, and groups
algorithms that can be FIPS 140-2 validated.

The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.

In addition, without the change in OpenSSL's crypto/bn/bn_const.c, the
FIPS module fails loading: `Undefined symbol "ossl_bignum_modp_1536_p"`.
This change is consistent with crypto/bn/bn_dh.c though.

Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/787
2023-07-04 15:04:49 -04:00
Pierre Pronchery
b077aed33b Merge OpenSSL 3.0.9
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0.  OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0.  For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0.  Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1.  The process of updating to contemporary APIs can continue after
this merge.

Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit.  Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.

There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g.  haproxy).
Investigation will continue for these.

Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.

Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.

PR:		271615
PR:		271656 [exp-run]
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2023-06-23 18:53:36 -04:00
Pierre Pronchery
b84c4564ef openssl: Vendor import of OpenSSL-3.0.9
Summary:

Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.9.tar.gz

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.9.tar.gz                                    14 MB   74 MBps    01s
openssl-3.0.9.tar.gz.asc                               833  B   10 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.9
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2021-07-16 [SC] [expires: 2031-07-14]
      A21FAB74B0088AA361152586B8EF1A6BA9DA2D5C
uid           [ unknown] Tomáš Mráz <tm@t8m.info>
uid           [ unknown] Tomáš Mráz <tomas@arleto.cz>
uid           [ unknown] Tomáš Mráz <tomas@openssl.org>
sub   rsa4096 2021-07-16 [S] [expires: 2027-07-15]
sub   rsa4096 2021-07-16 [E] [expires: 2031-07-14]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue May 30 14:32:24 2023 CEST
gpg:                using RSA key DC7032662AF885E2F47F243F527466A21CA79E6D
gpg: Good signature from "Tomáš Mráz <tm@t8m.info>" [unknown]
gpg:                 aka "Tomáš Mráz <tomas@arleto.cz>" [unknown]
gpg:                 aka "Tomáš Mráz <tomas@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: A21F AB74 B008 8AA3 6115  2586 B8EF 1A6B A9DA 2D5C
     Subkey fingerprint: DC70 3266 2AF8 85E2 F47F  243F 5274 66A2 1CA7 9E6D

$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
```
2023-06-23 09:13:27 -04:00
Jung-uk Kim
8f1ef87a6b OpenSSL: Merge OpenSSL 1.1.1u
(cherry picked from commit 8ecb489345f08012fdc92a202a40119891cac330)
2023-05-30 10:40:04 -04:00
Ed Maste
170511589e openssh: Update configure for DISABLE_LASTLOG
PR:		209441
Sponsored by:	The FreeBSD Foundation
2023-04-20 18:08:16 -04:00
Ed Maste
43c6b7a60a openssh: restore PrintLastLog option
Upstream's autoconf sets DISABLE_LASTLOG if lastlog.ll_line does not
exist, but PrintLastLog also works with utmpx and other mechanisms.

Reported upstream at
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040242.html

PR:		209441
Sponsored by:	The FreeBSD Foundation
2023-04-19 21:17:59 -04:00
Ed Maste
9faa27f263 ssh: update FREEBSD-upgrade for upstream CheckHostIP default change
We changed the CheckHostIP default to "no" years ago.  Upstream has now
made the same change, so do not list it as a local change any longer.

I did not just remove the "Modified client-side defaults" section to
avoid having to renumber everything, and we may add a new local change
in the future.

Sponsored by:	The FreeBSD Foundation
2023-03-29 19:32:44 -04:00
Ed Maste
c888b3b228 sftp: add description of memory leak fix 2023-03-22 11:04:29 -04:00
Ed Maste
69c72a57af sftp: avoid leaking path arg in calls to make_absolute_pwd_glob
As Coverity reports:
    Overwriting tmp in tmp = make_absolute_pwd_glob(tmp, remote_path)
    leaks the storage that tmp points to.

Consume the first arg in make_absolute_pwd_glob, and add xstrdup() to
the one case which did not assign to the same variable that was passed
in. With this change make_absolute() and make_absolute_pwd_glob() have
the same semantics with respect to freeing the input string.

This change was reported to OpenSSH in
https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-November/040497.html
but was not acted on. It appears that OpenBSD subsequently received a
Coverity report for the same issue (their Coverity ID 405196) but fixed
only the specific instance reported by Coverity.

This change reverts OpenBSD's sftp.c 1.228 / OpenSSH-portable
commit 36c6c3eff5e4.

Reported by:	Coverity Scan
CID:		1500409
Reviewed by:	markj
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D37253
2023-03-22 10:54:35 -04:00
Kornel Dulęba
19a4869d66 OpenSSL: aes/asm/bsaes-armv7.pl: Replace adrl with add
"adrl" is a pseudo-instruction used to calculate an address relative
to PC. It's not recognized by clang resulting in a compilation error.
I've stumbled upon it when trying to integrate the bsaes-armv7 assmebly
logic into FreeBSD kernel, which uses clang as it's default compiler.
Note that this affect the build only if BSAES_ASM_EXTENDED_KEY is
defined, which is not the default option in OpenSSL.

The solution here is to replace it with an add instruction.
This mimics what has already been done in !BSAES_ASM_EXTENDED_KEY logic.
Because of that I've marked this as trivial CLA.

No objections from: jkim
Obtained from: OpenSSL commit 27093ba73372935fe4ef91d0a45ce6ea90a1ac8e
Differential Revision:	https://reviews.freebsd.org/D39091
2023-03-21 20:04:04 +01:00
Ed Maste
4d3fc8b057 ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new
features and bug fixes.  Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

 * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
   per-hop destination constraints (ssh-add -h ...) added in OpenSSH
   8.9, a logic error prevented the constraints from being
   communicated to the agent. This resulted in the keys being added
   without constraints. The common cases of non-smartcard keys and
   keys without destination constraints are unaffected. This problem
   was reported by Luci Stanescu.

 * ssh(1): Portable OpenSSH provides an implementation of the
   getrrsetbyname(3) function if the standard library does not
   provide it, for use by the VerifyHostKeyDNS feature. A
   specifically crafted DNS response could cause this function to
   perform an out-of-bounds read of adjacent stack data, but this
   condition does not appear to be exploitable beyond denial-of-
   service to the ssh(1) client.

   The getrrsetbyname(3) replacement is only included if the system's
   standard library lacks this function and portable OpenSSH was not
   compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
   only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
   problem was found by the Coverity static analyzer.

Sponsored by:	The FreeBSD Foundation
2023-03-16 10:29:55 -04:00
Ed Maste
6834ca8a43 ssh: update FREEBSD-upgrade instructions
Make it clear that the 'freebsd-configure.sh' and 'freebsd-namespace.sh'
scripts are run from the crypto/openssh directory.

Sponsored by:	The FreeBSD Foundation
2023-03-15 13:37:49 -04:00
Ed Maste
19aba210e1 ssh: fix leak and apply style(9) to hostname canonicalization
Fixes:		bf2e2524a2 ("ssh: canonicize the host name before...")
Fixes:		3e74849a1e ("ssh: canonicize the host name before...")
Reviewed by:	rew
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D38441
2023-03-14 13:16:57 -04:00
Cy Schubert
5abaf08664 heimdal: Fix CVE-2022-4152, signature validation error
When CVE-2022-3437 was fixed by changing memcmp to be a constant
time and the workaround for th e compiler was to add "!=0". However
the logic implmented was inverted resulting in CVE-2022-4152.

Reported by:	Timothy E Zingelman <zingelman _AT_ fnal.gov>
MFC after:	1 day
Security:	CVE-2022-4152
Security:	https://www.cve.org/CVERecord?id=CVE-2022-45142
Security:	https://nvd.nist.gov/vuln/detail/CVE-2022-45142
Security:	https://security-tracker.debian.org/tracker/CVE-2022-45142
Security:	https://bugs.gentoo.org/show_bug.cgi?id=CVE-2022-45142
Security:	https://bugzilla.samba.org/show_bug.cgi?id=15296
Security:	https://www.openwall.com/lists/oss-security/2023/02/08/1
2023-03-09 17:18:49 -08:00
Enji Cooper
e4520c8bd1 openssl: Vendor import of OpenSSL-3.0.8
Summary:

Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.8.tar.gz
Differential Revision:	https://reviews.freebsd.org/D38835

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.8.tar.gz                                    14 MB 4507 kBps    04s
openssl-3.0.8.tar.gz.asc                               833  B   10 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.8
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/ngie/.gnupg/pubring.kbx
-----------------------------
pub   rsa4096 2014-10-04 [SC]
      7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
uid           [ unknown] Richard Levitte <richard@levitte.org>
uid           [ unknown] Richard Levitte <levitte@lp.se>
uid           [ unknown] Richard Levitte <levitte@openssl.org>
sub   rsa4096 2014-10-04 [E]

$ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Feb  7 05:43:55 2023 PST
gpg:                using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown]
gpg:                 aka "Richard Levitte <levitte@lp.se>" [unknown]
gpg:                 aka "Richard Levitte <levitte@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7953 AC1F BC3D C8B3 B292  393E D5E9 E43F 7DF9 EE8C
$ (cd vendor.checkout/; git status; find . -type f -or -type l | cut -c 3- | sort > ../old)
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
$ cat .git
gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout
$ diff -arq ../openssl-3.0.8  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$
```

Reviewers: emaste, jkim

Subscribers: imp, andrew, dab

Differential Revision: https://reviews.freebsd.org/D38835
2023-03-06 12:41:29 -08:00
Ed Maste
41ff5ea22c ssh: default VerifyHostKeyDNS to no, following upstream
Revert to upstream's default.  Using VerifyHostKeyDNS may depend on a
trusted nameserver and network path.

This reverts commit 83c6a5242c.

Reported by:	David Leadbeater, G-Research
Reviewed by:	gordon
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D38648
2023-03-01 09:19:07 -05:00
Jung-uk Kim
3c320f4e5e Import OpenSSL 1.1.1t 2023-02-28 19:28:48 -08:00
Jung-uk Kim
aba33b3659 Import OpenSSL 1.1.1s 2023-02-28 19:28:39 -08:00
Ed Maste
1aa9a35f63 ssh: fix SIZEOF_TIME_T #define on i386
Reported by:	imp
Reviewed by:	imp
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D38443
2023-02-08 18:34:09 -05:00
Cy Schubert
6a70e0b4cd heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL
When the client sends kadmind a create principal (kadm_create) request
kadm_s_create_principal() returns an error before zeroing out ent (an
hdb entry structure wrapper -- hdb_entry_ex), resulting in a NULL
reference.

Fix obtained from upstream commit 35ea4955a.

PR:		268059
Reported by:	Robert Morris <rtm@lcs.mit.edu>
Obtained from:	Heimdal commit 35ea4955a
MFC after:	3 days
2023-02-08 15:08:54 -08:00
Ed Maste
232b4f33b4 ssh: add information on hostname canonicalization patch
We introduced hostname canonicalization in 2002, while upstream OpenSSH
added similar support in 2014.

It would be good to review our handling of CNAMEs in hostname
canonicalization.

Sponsored by:	The FreeBSD Foundation
2023-02-07 15:34:11 -05:00
Jung-uk Kim
640242a591 OpenSSL: Merge OpenSSL 1.1.1t
Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088'
2023-02-07 13:51:38 -05:00
Jung-uk Kim
0d51f65851 Import OpenSSL 1.1.1t 2023-02-07 12:05:11 -05:00
Ed Maste
77934b7a13 ssh: default X11Forwarding to no, following upstream
Administrators can enable it if required.

Reviewed by:	bz, kevans
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D37411
2023-02-06 18:41:10 -05:00
Ed Maste
f374ba41f5 ssh: update to OpenSSH 9.2p1
Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem.  The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

 * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
   controls whether the client-side ~C escape sequence that provides a
   command-line is available. Among other things, the ~C command-line
   could be used to add additional port-forwards at runtime.

 * sshd(8): add support for channel inactivity timeouts via a new
   sshd_config(5) ChannelTimeout directive. This allows channels that
   have not seen traffic in a configurable interval to be
   automatically closed. Different timeouts may be applied to session,
   X11, agent and TCP forwarding channels.

 * sshd(8): add a sshd_config UnusedConnectionTimeout option to
   terminate client connections that have no open channels for a
   length of time. This complements the ChannelTimeout option above.
    
 * sshd(8): add a -V (version) option to sshd like the ssh client has.

 * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
   allow control over some SFTP protocol parameters: the copy buffer
   length and the number of in-flight requests, both of which are used
   during upload/download. Previously these could be controlled in
   sftp(1) only. This makes them available in both SFTP protocol
   clients using the same option character sequence.
    
 * ssh-keyscan(1): allow scanning of complete CIDR address ranges,
   e.g.  "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
   it will be expanded to all possible addresses in the range
   including the all-0s and all-1s addresses. bz#976

 * ssh(1): support dynamic remote port forwarding in escape
   command-line's -R processing. bz#3499

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2023-02-06 16:54:56 -05:00
Ed Maste
2e82822057 ssh: Be more paranoid with host/domain names coming from the
never write a name with bad characters to a known_hosts file.

replace recently-added valid_domain() check for hostnames going to
known_hosts with a more relaxed check for bad characters.

Obtained from:	OpenSSH-portable commit 445363433ba2
Obtained from:	OpenSSH-portable commit 3cae9f92a318
Sponsored by:	The FreeBSD Foundation
2023-02-06 12:06:26 -05:00
Ed Maste
94e21add45 ssh: fix bug in PermitRemoteOpen which caused it to ignore...
its first argument unless it was one of the special keywords "any" or
"none".

Obtained from:	OpenSSH-portable commit b3daa8dc5823
Sponsored by:	The FreeBSD Foundation
2023-02-06 11:33:38 -05:00
Ed Maste
fe1371e8f3 ssh: fix double-free caused by compat_kex_proposal()
Security:	CVE-2023-25136
Obtained from:	OpenSSH-portable commit 12da78233364
Sponsored by:	The FreeBSD Foundation
2023-02-06 11:31:18 -05:00
Ed Maste
c755a7cc1e ssh: remove old reference from update instructions
ssh_config and ssh_config.5 no longer contain the VersionAddendum,
so remove instructions to update these files.

Fixes:		bffe60ead0 ("ssh: retire client VersionAddendum")
Sponsored By:	The FreeBSD Foundation
2023-02-05 13:17:46 -05:00
Ed Maste
9b7eddfeed openssh: remove mention of now-unused svn:keywords
Reported by:	gshapiro
2023-01-16 10:56:27 -05:00
Ed Maste
8974fa4515 ssh: describe two additional changes present in base system ssh
Sponsored by:	The FreeBSD Foundation
2022-12-13 09:45:56 -05:00
Ed Maste
a752e011a8 ssh: remove note about local change to [Use]PrivilegeSeparation
We documented "[Use]PrivilegeSeparation defaults to sandbox" as one of
our modifications to ssh's server-side defaults, but this is not (any
longer) a difference from upstream.

Sponsored by:	The FreeBSD Foundation
2022-12-12 17:07:27 -05:00
Cy Schubert
f6d5d31cd5 heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and can lead to potential vulnerability. Fix this.

Reported by:	rtm@csail.mit.edu
MFC after:	3 days
2022-12-09 06:09:54 -08:00
Cy Schubert
3deefb0d14 heimdal: Properly ix bus fault when zero-length request received
Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.

This properly fixes PR/268062 without regressions.

PR:		268062
Reported by:	Robert Morris <rtm@lcs.mit.edu>
MFC after:	3 days
2022-12-09 06:09:54 -08:00