Commit Graph

283787 Commits

Author SHA1 Message Date
rillig 1dc8f59fce make(1): extract ExpandChildrenRegular from ExpandChildren 2020-12-05 17:12:02 +00:00
rillig a4609fef81 make(1): indent suff.c with tabs instead of spaces
ExpandChildren is way too deeply nested.
2020-12-05 16:59:47 +00:00
wiz aa6a229af8 pkg_install updated to 20201205 2020-12-05 16:23:08 +00:00
wiz f5c2953af3 Merge pkg_install-20201205 2020-12-05 16:21:26 +00:00
rillig b5df368a51 make(1): don't concatenate identifiers in Targ_PrintType
Concatenating identifiers makes it difficult to spot them when searching
the code.  This gets rid of the special case for OP_MEMBER and MEMBER.

The same pattern is applied in the DEBUG macro, by the way.
2020-12-05 15:57:02 +00:00
rillig 5737b54186 make(1): indent targ.c with tabs instead of spaces
Explain the tricky details of GNode_Free.

Invert a condition in Targ_PrintNode to reduce the overall indentation.
2020-12-05 15:35:34 +00:00
rillig 026824484e make(1): extract ShuffleStrings from ApplyModifier_Order 2020-12-05 15:31:18 +00:00
jdc 975e906d8f When matching, try a read in case this is an optional device and isn't
actually present.
2020-12-05 15:08:21 +00:00
jdc 0a676d496a Return "match_result", not "1". Pointed out by jmcneill. 2020-12-05 15:02:29 +00:00
rillig 808fed06b5 make(1): indent remaining code of var.c with tabs instead of spaces 2020-12-05 14:55:17 +00:00
jdc 9b06680388 Make sure that we set sc->sc_sme to NULL in failure cases in order to avoid
calling sysmon_envsys_unregister() with an invalid struct when we detach.
2020-12-05 14:50:33 +00:00
jdc e79fb53ef9 When matching, try a read in case this is an optional device and isn't
actually present.
Make sure that we set sc->sc_sme to NULL in failure cases and when we
detach in order to avoid calling sysmon_envsys_unregister() with an
invalid struct.
2020-12-05 14:48:09 +00:00
rillig 9515ff74a5 make(1): indent large parts of var.c with tabs instead of spaces
The few remaining functions need to be cleaned up before being indented
further, to reduce the overall indentation.
2020-12-05 14:28:09 +00:00
rillig a67bc1e4cd make(1): improve explanation of tests for the SysV modifier 2020-12-05 13:01:33 +00:00
skrll 95cc57f231 spaces to tab 2020-12-05 11:18:21 +00:00
mrg 7cd70c16d8 for boot -1, don't attach more than the boot CPU most others 2020-12-05 08:04:51 +00:00
sjg da0e1356d7 Use .MAKE.OS if we can 2020-12-05 03:42:15 +00:00
kre 5cea56c875 Correct typo in previous. 2020-12-04 23:04:58 +00:00
kardel 3f3878dd72 PR kern/55839:
handle multiple nvme_rescan()s correctly by doing the
name-space identify only once per nsid.

fixes issue where modloading triggers multiple
rescans.
2020-12-04 23:03:11 +00:00
rillig 4bdfa77c7f make(1): extract UnexportEnv from Var_UnExport 2020-12-04 22:47:57 +00:00
rillig ef3e9c527f make(1): extract UnexportVar from Var_UnExport 2020-12-04 22:35:40 +00:00
jmcneill 9e0fac6ea6 gicv3: Only use 1 of N SPI distribution when the feature is available.
A GICv3+ implementation is not guaranteed to support 1 of N SPI
distribution. Support for this feature is indicated in GICD_TYPER.No1N.

When No1N=1, route all interrupts to the primary PE by default and only
allow a single CPU target when updating affinity.
2020-12-04 21:39:26 +00:00
christos fe1e39fb82 Add __null_sentinel 2020-12-04 20:39:10 +00:00
christos 7b2fac7c35 add __null_sentinel (from FreeBSD) 2020-12-04 20:38:44 +00:00
rillig 35e25f72f1 make(1): rename parse functions
The word "Do" was not necessary.
2020-12-04 20:23:33 +00:00
rillig 19fb9dcba2 make(1): inline Lst_Enqueue 2020-12-04 20:11:48 +00:00
rillig dfc53e1755 make(1): inline Vector_Done 2020-12-04 20:08:07 +00:00
christos 7943068f01 new OpenSSH 2020-12-04 18:44:49 +00:00
christos a7527d8eca bump libssh 2020-12-04 18:43:47 +00:00
christos 2d3b0f52dc Merge conflicts 2020-12-04 18:42:49 +00:00
christos e86f78156e OpenSSH 8.4 was released on 2020-09-27. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

We intend to enable UpdateHostKeys by default in the next OpenSSH
release. This will assist the client by automatically migrating to
better algorithms. Users may consider enabling this option manually.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * ssh-agent(1): restrict ssh-agent from signing web challenges for
   FIDO/U2F keys.

   When signing messages in ssh-agent using a FIDO key that has an
   application string that does not start with "ssh:", ensure that the
   message being signed is one of the forms expected for the SSH protocol
   (currently public key authentication and sshsig signatures).

   This prevents ssh-agent forwarding on a host that has FIDO keys
   attached granting the ability for the remote side to sign challenges
   for web authentication using those keys too.

   Note that the converse case of web browsers signing SSH challenges is
   already precluded because no web RP can have the "ssh:" prefix in the
   application string that we require.

 * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating
   a FIDO resident key.

   The recent FIDO 2.1 Client to Authenticator Protocol introduced a
   "credProtect" feature to better protect resident keys. We use this
   option to require a PIN prior to all operations that may retrieve
   a resident key from a FIDO token.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * For FIDO/U2F support, OpenSSH recommends the use of libfido2 1.5.0
   or greater. Older libraries have limited support at the expense of
   disabling particular features. These include resident keys, PIN-
   required keys and multiple attached tokens.

 * ssh-keygen(1): the format of the attestation information optionally
   recorded when a FIDO key is generated has changed. It now includes
   the authenticator data needed to validate attestation signatures.

 * The API between OpenSSH and the FIDO token middleware has changed
   and the SSH_SK_VERSION_MAJOR version has been incremented as a
   result. Third-party middleware libraries must support the current
   API version (7) to work with OpenSSH 8.4.

 * The portable OpenSSH distribution now requires automake to rebuild
   the configure script and supporting files. This is not required when
   simply building portable OpenSSH from a release tar file.

Changes since OpenSSH 8.3
=========================

New features
------------

 * ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for
   each use. These keys may be generated using ssh-keygen using a new
   "verify-required" option. When a PIN-required key is used, the user
   will be prompted for a PIN to complete the signature operation.

 * sshd(8): authorized_keys now supports a new "verify-required"
   option to require FIDO signatures assert that the token verified
   that the user was present before making the signature. The FIDO
   protocol supports multiple methods for user-verification, but
   currently OpenSSH only supports PIN verification.

 * sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn
   signatures. Webauthn is a standard for using FIDO keys in web
   browsers. These signatures are a slightly different format to plain
   FIDO signatures and thus require explicit support.

 * ssh(1): allow some keywords to expand shell-style ${ENV}
   environment variables. The supported keywords are CertificateFile,
   ControlPath, IdentityAgent and IdentityFile, plus LocalForward and
   RemoteForward when used for Unix domain socket paths. bz#3140

 * ssh(1), ssh-agent(1): allow some additional control over the use of
   ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable,
   including forcibly enabling and disabling its use. bz#69

 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time
   limit for keys in addition to its current flag options. Time-
   limited keys will automatically be removed from ssh-agent after
   their expiry time has passed.

 * scp(1), sftp(1): allow the -A flag to explicitly enable agent
   forwarding in scp and sftp. The default remains to not forward an
   agent, even when ssh_config enables it.

 * ssh(1): add a '%k' TOKEN that expands to the effective HostKey of
   the destination. This allows, e.g., keeping host keys in individual
   files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654

 * ssh(1): add %-TOKEN, environment variable and tilde expansion to
   the UserKnownHostsFile directive, allowing the path to be
   completed by the configuration (e.g. bz#1654)

 * ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted
   from stdin. bz#3180

 * sshd(8): improve logging for MaxStartups connection throttling.
   sshd will now log when it starts and stops throttling and periodically
   while in this state. bz#3055

Bugfixes
--------

 * ssh(1), ssh-keygen(1): better support for multiple attached FIDO
   tokens. In cases where OpenSSH cannot unambiguously determine which
   token to direct a request to, the user is now required to select a
   token by touching it. In cases of operations that require a PIN to
   be verified, this avoids sending the wrong PIN to the wrong token
   and incrementing the token's PIN failure counter (tokens
   effectively erase their keys after too many PIN failures).

 * sshd(8): fix Include before Match in sshd_config; bz#3122

 * ssh(1): close stdin/out/error when forking after authentication
   completes ("ssh -f ...") bz#3137

 * ssh(1), sshd(8): limit the amount of channel input data buffered,
   avoiding peers that advertise large windows but are slow to read
   from causing high memory consumption.

 * ssh-agent(1): handle multiple requests sent in a single write() to
   the agent.

 * sshd(8): allow sshd_config longer than 256k

 * sshd(8): avoid spurious "Unable to load host key" message when sshd
   load a private key but no public counterpart

 * ssh(1): prefer the default hostkey algorithm list whenever we have
   a hostkey that matches its best-preference algorithm.

 * sshd(1): when ordering the hostkey algorithms to request from a
   server, prefer certificate types if the known_hosts files contain a key
   marked as a @cert-authority; bz#3157

 * ssh(1): perform host key fingerprint comparisons for the "Are you
   sure you want to continue connecting (yes/no/[fingerprint])?"
   prompt with case sensitivity.

 * sshd(8): ensure that address/masklen mismatches in sshd_config
   yield fatal errors at daemon start time rather than later when
   they are evaluated.

 * ssh-keygen(1): ensure that certificate extensions are lexically
   sorted. Previously if the user specified a custom extension then
   the everything would be in order except the custom ones. bz#3198

 * ssh(1): also compare username when checking for JumpHost loops.
   bz#3057

 * ssh-keygen(1): preserve group/world read permission on known_hosts
   files across runs of "ssh-keygen -Rf /path". The old behaviour was
   to remove all rights for group/other. bz#3146

 * ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen
   manual page and usage().

 * sshd(8): explicitly construct path to ~/.ssh/rc rather than
   relying on it being relative to the current directory, so that it
   can still be found if the shell startup changes its directory.
   bz#3185

 * sshd(8): when redirecting sshd's log output to a file, undo this
   redirection after the session child process is forked(). Fixes
   missing log messages when using this feature under some
   circumstances.

 * sshd(8): start ClientAliveInterval bookkeeping before first pass
   through select() loop; fixed theoretical case where busy sshd may
   ignore timeouts from client.

 * ssh(1): only reset the ServerAliveInterval check when we receive
   traffic from the server and ignore traffic from a port forwarding
   client, preventing a client from keeping a connection alive when
   it should be terminated. bz#2265

 * ssh-keygen(1): avoid spurious error message when ssh-keygen
   creates files outside ~/.ssh

 * sftp-client(1): fix off-by-one error that caused sftp downloads to
   make one more concurrent request that desired. This prevented using
   sftp(1) in unpipelined request/response mode, which is useful when
   debugging. bz#3054

 * ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect()
   helpers. bz#3071

 * ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to
   write to it so we don't leave an empty .ssh directory when it's not
   needed. bz#3156

 * ssh(1), sshd(8): fix multiplier when parsing time specifications
   when handling seconds after other units. bz#3171

Portability
-----------

 * sshd(8): always send any PAM account messages. If the PAM account
   stack returns any messages, always send them to the user and not
   just if the check succeeds. bz#2049

 * Implement some backwards compatibility for libfido2 libraries
   older than 1.5.0. Note that use of an older library will result
   in the loss of certain features including resident key support,
   PIN support and support for multiple attached tokens.

 * configure fixes for XCode 12

 * gnome-ssh-askpass3: ensure the "close" button is not focused by
   default for SSH_ASKPASS_PROMPT=none prompts. Avoids space/enter
   accidentally dismissing FIDO touch notifications.

 * gnome-ssh-askpass3: allow some control over textarea colour via
   $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR
   environment variables.

 * sshd(8): document another PAM spec problem in a frustrated comment

 * sshd(8): support NetBSD's utmpx.ut_ss address field. bz#960

 * Add the ssh-sk-helper binary and its manpage to the RPM spec file

 * Detect the Frankenstein monster of Linux/X32 and allow the sandbox
   to function there. bz#3085
2020-12-04 18:40:04 +00:00
christos 369e5be37a new libfido2new libfido2new libfido2new libfido2new libfido2new libfido2new libfido2new libfido2new libfido2 2020-12-04 18:28:55 +00:00
christos a0835e958e merge changes 2020-12-04 18:27:44 +00:00
christos 3b4019a6e5 new libfido2 2020-12-04 18:27:18 +00:00
christos 1fc1e710a8 Version 1.5.0 (2020-09-01)
hid_linux: return FIDO_OK if no devices are found.
    hid_osx:
        repair communication with U2F tokens, gh#166;
        reliability fixes.
    fido2-{assert,cred}: new options to explicitly toggle UP, UV.
    Support for configurable report lengths.
    New API calls:
        fido_cbor_info_maxcredcntlst;
        fido_cbor_info_maxcredidlen;
        fido_cred_aaguid_len;
        fido_cred_aaguid_ptr;
        fido_dev_get_touch_begin;
        fido_dev_get_touch_status.
    Use COSE_ECDH_ES256 with CTAP_CBOR_CLIENT_PIN; gh#154.
    Allow CTAP messages up to 2048 bytes; gh#171.
    Ensure we only list USB devices by default.
Version 1.4.0 (2020-04-15)
    hid_hidapi: hidapi backend; enable with -DUSE_HIDAPI=1.
    Fall back to U2F if the key claims to, but does not support FIDO2.
    FIDO2 credential protection (credprot) support.
    New API calls:
        fido_cbor_info_fwversion;
        fido_cred_prot;
        fido_cred_set_prot;
        fido_dev_set_transport_functions;
        fido_set_log_handler.
    Support for FreeBSD.
    Support for C++.
    Support for MSYS.
    Fixed EdDSA and RSA self-attestation.
Version 1.3.1 (2020-02-19)
    fix zero-ing of le1 and le2 when talking to a U2F device.
    dropping sk-libfido2 middleware, please find it in the openssh tree.
2020-12-04 18:09:13 +00:00
christos f3f0e8207f __sentinel__ = __sentinel__(0) 2020-12-04 17:56:04 +00:00
rillig 2cf4367e86 make(1): improve variable names in Arch_ParseArchive
The variable buf used to be a Buffer, now it is a simple string pointer.
2020-12-04 14:51:46 +00:00
rillig 65a2faf0b6 make(1): use consistent variable names for list nodes 2020-12-04 14:39:56 +00:00
rillig cb63c1e6d4 make(1): use fixed format for debug output of the directory cache
The previous output format had a %-20s conversion specifier.  This
produced different output depending on the length of the pathname, which
was too difficult to normalize.  By moving the directory name to the
end, it is no longer necessary to fill up any space, and the numbers are
always aligned properly.

As a result, 3 of the unit tests no longer need any special
postprocessing of their output.
2020-12-04 14:28:50 +00:00
skrll 3672aff462 Remove unnecessary casts 2020-12-04 08:29:11 +00:00
skrll 5366c4d023 Ensure translation table updates are visible to the hardware walker(s)
in pmapboot_enter.
2020-12-04 08:24:41 +00:00
skrll 62168433fc Trailing whitespace 2020-12-04 08:00:53 +00:00
skrll 6783f58cb0 Use __func__ in panic calls (and misc style changes) 2020-12-04 07:12:57 +00:00
skrll b74a1d3d8a Update stats in the coherent case. Reported by jmcneill. 2020-12-04 07:11:35 +00:00
thorpej ad62715351 Build ip_sync.c with -Wno-error to avoid failing due to excessive stack
usage.
2020-12-04 00:44:39 +00:00
thorpej 2c5ba6c2be Build x86emu.c with -fno-inline, otherwise all of the auto-inlining
the compiler does causes stack usage to exceed the limits we've set.
2020-12-04 00:43:00 +00:00
thorpej 4a8de7c848 In pfr_fix_anchor(), change an overlapping bcopy() call to a memmove()
call.
2020-12-04 00:41:10 +00:00
thorpej ca36980932 - malloc(9) -> kmem(9)
- In ibm561_set_cmap(), allocating 3K on the stack is not polite; allocate
  a temporary buffer for the cmap data using kmem_alloc().
2020-12-04 00:38:08 +00:00
thorpej 30e584e46a Rewrite linux_sys_alarm() to use dogetitimer() / dosetitimer(), rather
than fiddling with process timers directly.
2020-12-04 00:26:16 +00:00
nia aab2f38b54 Add some missing channel order related ioctl defines.
These are no-ops (unimplemented) on both FreeBSD and Solaris
and the one piece of code I've found that uses it seems to assume the
call will fail so it should be safe to leave this returning EINVAL.

However, it does need the definitions to compile...
2020-12-03 22:10:21 +00:00