FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F13.5 2025-02-20T18:45:36Z 2025-02-20T18:45:36Z Ed Maste emaste@FreeBSD.org 2025-02-19T19:08:59Z urn:sha1:cb8e164fbb1544a82dee9bfbb49dfcd1659f63b1 Highlights from the release notes are reproduced below. Bug fixes and improvements that were previously merged into FreeBSD have been elided. See the upstream release notes for full details of the 9.9p1 release (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters. New features ------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA. Bugfixes -------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505 --- Reviewed by: jlduran (build infrastructure) Reviewed by: cy (build infrastructure) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48947 (cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a) Approved by: re (accelerated MFC) (cherry picked from commit 802386cd37f638eec9606cb10d3dd03c8f1d6c17) (cherry picked from commit 6e688e6d4f9305441adce78079beaf1030e2881b) Approved by: re (cperciva) 2025-02-20T18:45:19Z Ed Maste emaste@FreeBSD.org 2025-02-19T17:20:44Z urn:sha1:b74bb7f01193eaf1f69735e530e85ac7cb6faa26 Highlights from the release notes are reproduced below. Some security and bug fixes were previously merged into FreeBSD and have been elided. See the upstream release notes for full details (https://www.openssh.com/releasenotes.html). --- Future deprecation notice ========================= OpenSSH plans to remove support for the DSA signature algorithm in early 2025. Potentially-incompatible changes -------------------------------- * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101 New features ------------ * sshd(8): sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys. Portability ----------- * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules unconditionally. The previous behaviour was to expose it only when particular authentication methods were in use. * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY environment variable to enable SSH_ASKPASS, similarly to the X11 DISPLAY environment variable. GHPR479 --- Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48914 (cherry picked from commit 0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e) (cherry picked from commit b4bb480ae9294d7e4b375f0ead9ae57517c79ef3) (cherry picked from commit e95979047aec384852102cf8bb1d55278ea77eeb) (cherry picked from commit dcb4ae528d357f34e4a4b4882c2757c67c98e395) Approved by: re (accelerated MFC) (cherry picked from commit ff2fd01609cc10bcdc87ebe4de42efaf7ffe2ee9) (cherry picked from commit c845ae475579d9b38cd1e3061f3896b44d1cb172) Approved by: re (cperciva) 2025-02-20T18:45:03Z Ed Maste emaste@FreeBSD.org 2025-02-06T19:21:12Z urn:sha1:ef280c2e5fe46241e12d2ddc5a557927eaadf584 It is used only by scp and sftp, and already included directly in their Makefiles. It does not belong in libssh. Fixes: d8b043c8d497 ("Update for 3.6.1p1; also remove Kerberos IV shims.") Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D48871 (cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba) (cherry picked from commit 8a02eb2c1e4f3847fccf3eb1e7ff914871e35be4) (cherry picked from commit 63d3c245221d79f16b59771e84467bdd1abf11dd) Approved by: re (cperciva) 2023-08-23T17:43:30Z Warner Losh imp@FreeBSD.org 2023-08-22T01:32:01Z urn:sha1:023fc80ee38a117fa65b2ccb2abf8bdc7dbd6fd9 Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit d0b2dbfa0ecf) 2023-03-16T19:08:54Z Ed Maste emaste@FreeBSD.org 2023-03-16T14:29:55Z urn:sha1:802b483630974c2ccf2bfbc90b39102b9e47d22b This release fixes a number of security bugs and has minor new features and bug fixes. Security fixes, from the release notes (https://www.openssh.com/txt/release-9.3): This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable, but we report most network-reachable memory faults as security bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. Accelerated MFC to prepare for inclusion in 13.2-RELEASE. Sponsored by: The FreeBSD Foundation (cherry picked from commit 4d3fc8b0570b29fb0d6ee9525f104d52176ff0d4) 2023-02-13T13:16:22Z Ed Maste emaste@FreeBSD.org 2023-02-06T21:54:56Z urn:sha1:2f43f145825d0d8468f583b1686262b0f40c1fe5 Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 MFC after: 1 week Sponsored by: The FreeBSD Foundation (cherry picked from commit f374ba41f55c1a127303d92d830dd58eef2f5243) 2022-10-26T16:42:37Z Ed Maste emaste@FreeBSD.org 2022-10-19T14:27:11Z urn:sha1:75f9d5c7e36b452f4f76356dfeb8bba51d64e51b Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 38a52bd3b5cac3da6f7f6eef3dd050e6aa08ebb3) 2022-02-09T19:53:11Z Ed Maste emaste@FreeBSD.org 2021-09-08T01:05:51Z urn:sha1:317a38ab65334cbd24bd020b20b11041423d142f Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985 (cherry picked from commit 19261079b74319502c6ffa1249920079f0f69a72) (cherry picked from commit f448c3ed4ae1281861913a56377f9d93d49f8e8e) (cherry picked from commit 1f290c707a19d1695c303e6c8ead9cc414ccc6dc) (cherry picked from commit 0f9bafdfc325779e4ecc5154d5bb06c752297138) (cherry picked from commit adb56e58e8db84d8087ebe3d3e7def0074cb5a90) (cherry picked from commit 576b58108c1723c85e4dd00355e29bfe301dab11) (cherry picked from commit 1c99af1ebe61cbaf633792941640dcd254acf921) (cherry picked from commit 87152f34054921632016bc5eb4ab9f836fbaa522) (cherry picked from commit 172fa4aa7577915bf5ace5783251821d3774dc05) 2021-11-08T21:24:09Z Ed Maste emaste@FreeBSD.org 2021-11-02T18:48:33Z urn:sha1:a0880129a545dbb7ff35b456429b12e55146ef5d This moves SSHDIR and ssh_namespace.h handling to a common location, and will simplify future work such as adding U2F support (D32509). Reviewed by: kevans MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32808 (cherry picked from commit 9d63429fa16352f58037ac2aa6ddc734b25e8331) 2020-10-27T11:29:11Z Stefan Eßer se@FreeBSD.org 2020-10-27T11:29:11Z urn:sha1:1f474190fc280d4a4ef0c214e4d7fff0d1237e22 Literal references to /usr/local exist in a large number of files in the FreeBSD base system. Many are in contributed software, in configuration files, or in the documentation, but 19 uses have been identified in C source files or headers outside the contrib and sys/contrib directories. This commit makes it possible to set _PATH_LOCALBASE in paths.h to use a different prefix for locally installed software. In order to avoid changes to openssh source files, LOCALBASE is passed to the build via Makefiles under src/secure. While _PATH_LOCALBASE could have been used here, there is precedent in the construction of the path used to a xauth program which depends on the LOCALBASE value passed on the compiler command line to select a non-default directory. This could be changed in a later commit to make the openssh build consistently use _PATH_LOCALBASE. It is considered out-of-scope for this commit. Reviewed by: imp MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D26942