Port to 9.8

Author: rapier1

.depend

@@ -33,6 +33,10 @@ ef9341d5a50f0d33e3a6fbe995e92964bc7ef2d3	Makefile relinking changes
 2fe8d707ae35ba23c7916adcb818bb5b66837ba0	ssh-agent relink kit
 866cfcc1955aef8f3fc32da0b70c353a1b859f2e	ssh-agent relink changes
 8b3820adb4da4e139c4b3cffbcc0bde9f08bf0c6	sshd-session relink kit
+6d2ded4cd91d4d727c2b26e099b91ea935bed504	relink kit
+fb39324748824cb0387e9d67c41d1bef945c54ea	Makefile change
+5f378c38ad8976d507786dc4db9283a879ec8cd0	Makefile change
+112aacedd3b61cc5c34b1fa6d9fb759214179172	Makefile change
 
 Old upstream tree:
 

.skipped-commit-ids

@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.107 2024/05/17 00:30:23 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.108 2024/05/17 06:42:04 jsg Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -155,8 +155,6 @@ void	 auth2_record_info(Authctxt *authctxt, const char *, ...)
 void	 auth2_update_session_info(Authctxt *, const char *, const char *);
 
 #ifdef KRB5
-int	auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
-int	auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
 int	auth_krb5_password(Authctxt *authctxt, const char *password);
 void	krb5_cleanup_proc(Authctxt *authctxt);
 #endif /* KRB5 */
@@ -215,7 +213,6 @@ int	 sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
     u_char **, size_t *, const u_char *, size_t, const char *);
 
 /* Key / cert options linkage to auth layer */
-const struct sshauthopt *auth_options(struct ssh *);
 int	 auth_activate_options(struct ssh *, struct sshauthopt *);
 void	 auth_restrict_session(struct ssh *);
 void	 auth_log_authopts(const char *, const struct sshauthopt *, int);

auth.h

@@ -17,7 +17,6 @@
 #include "includes.h"
 
 #include <sys/types.h>
-#include <sys/queue.h>
 
 #include <stdlib.h>
 #include <string.h>
@@ -32,13 +31,13 @@
 extern ServerOptions options;
 
 /*
- * Configuration of enabled authentication methods. Separate to the rest of
+ * Configuration of enabled authentication methods. Separate from the rest of
  * auth2-*.c because we want to query it during server configuration validity
  * checking in the sshd listener process without pulling all the auth code in
  * too.
  */
 
-/* "none" is allowed only one time and it cleared by userauth_none() later */
+/* "none" is allowed only one time and it is cleared by userauth_none() later */
 int none_enabled = 1;
 struct authmethod_cfg methodcfg_none = {
 	"none",
@@ -86,7 +85,7 @@ static struct authmethod_cfg *authmethod_cfgs[] = {
 };
 
 /*
- * Check a comma-separated list of methods for validity. Is need_enable is
+ * Check a comma-separated list of methods for validity. If need_enable is
  * non-zero, then also require that the methods are enabled.
  * Returns 0 on success or -1 if the methods list is invalid.
  */

auth2-methods.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.154 2023/12/18 14:47:20 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.156 2024/05/23 23:47:16 jsg Exp $ */
 
 /*
  * Author: Tatu Ylonen <[email protected]>
@@ -85,7 +85,6 @@
 struct ssh;
 struct Channel;
 typedef struct Channel Channel;
-struct fwd_perm_list;
 
 typedef void channel_open_fn(struct ssh *, int, int, void *);
 typedef void channel_callback_fn(struct ssh *, int, int, void *);
@@ -327,7 +326,6 @@ int	 channel_input_ieof(int, u_int32_t, struct ssh *);
 int	 channel_input_oclose(int, u_int32_t, struct ssh *);
 int	 channel_input_open_confirmation(int, u_int32_t, struct ssh *);
 int	 channel_input_open_failure(int, u_int32_t, struct ssh *);
-int	 channel_input_port_open(int, u_int32_t, struct ssh *);
 int	 channel_input_window_adjust(int, u_int32_t, struct ssh *);
 int	 channel_input_status_confirm(int, u_int32_t, struct ssh *);
 

channels.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.406 2024/05/09 09:46:47 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.407 2024/05/17 06:42:04 jsg Exp $ */
 /*
  * Author: Tatu Ylonen <[email protected]>
  * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
@@ -198,8 +198,6 @@ TAILQ_HEAD(global_confirms, global_confirm);
 static struct global_confirms global_confirms =
     TAILQ_HEAD_INITIALIZER(global_confirms);
 
-void ssh_process_session2_setup(int, int, int, struct sshbuf *);
-
 void client_request_metrics(struct ssh *);
 
 static void quit_message(const char *fmt, ...)

clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.h,v 1.37 2020/04/03 02:40:32 djm Exp $ */
+/* $OpenBSD: clientloop.h,v 1.38 2024/05/17 06:42:04 jsg Exp $ */
 
 /*
  * Author: Tatu Ylonen <[email protected]>
@@ -43,7 +43,6 @@ struct ssh;
 int	 client_loop(struct ssh *, int, int, int);
 int	 client_x11_get_proto(struct ssh *, const char *, const char *,
 	    u_int, u_int, char **, char **);
-void	 client_global_request_reply_fwd(int, u_int32_t, void *);
 void	 client_session2_setup(struct ssh *, int, int, int,
 	    const char *, struct termios *, int, struct sshbuf *, char **);
 char	 *client_request_tun_fwd(struct ssh *, int, int, int,

clientloop.h

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.439 2024/03/14 06:23:14 job Exp $
-.Dd $Mdocdate: March 14 2024 $
+.\" $OpenBSD: ssh.1,v 1.440 2024/05/26 20:35:12 naddy Exp $
+.Dd $Mdocdate: May 26 2024 $
 .Dt HPNSSH 1
 .Os
 .Sh NAME
@@ -1660,8 +1660,6 @@ Systemwide configuration file.
 The file format and configuration options are described in
 .Xr hpnssh_config 5 .
 .Pp
-.It Pa /etc/hpnssh/ssh_host_key
-.It Pa /etc/hpnssh/ssh_host_dsa_key
 .It Pa /etc/hpnssh/ssh_host_ecdsa_key
 .It Pa /etc/hpnssh/ssh_host_ed25519_key
 .It Pa /etc/hpnssh/ssh_host_rsa_key

hpnssh.1

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.355 2024/02/21 06:17:29 djm Exp $
-.Dd $Mdocdate: February 21 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.359 2024/06/11 01:07:35 djm Exp $
+.Dd $Mdocdate: June 11 2024 $
 .Dt HPNSSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1589,6 +1589,75 @@ Values for IPv4 and optionally IPv6 may be specified, separated by a colon.
 The default is
 .Cm 32:128 ,
 which means each address is considered individually.
+.It Cm PerSourcePenalties
+Controls penalties for various conditions that may represent attacks on
+.Xr sshd 8 .
+If a penalty is enforced against a client then its source address and any
+others in the same network, as defined by
+.Cm PerSourceNetBlockSize ,
+will be refused connection for a period.
+.Pp
+A penalty doesn't affect concurrent connections in progress, but multiple
+penalties from the same source from concurrent connections will accumulate
+up to a maximum.
+Conversely, penalties are not applied until a minimum threshold time has been
+accumulated.
+.Pp
+Penalties are enabled by default with the default settings listed below
+but may disabled using the
+.Cm off
+keyword.
+The defaults may be overridden by specifying one or more of the keywords below,
+separated by whitespace.
+All keywords accept arguments, e.g.\&
+.Qq crash:2m .
+.Bl -tag -width Ds
+.It Cm crash:duration
+Specifies how long to refuse clients that cause a crash of
+.Xr sshd 8 (default: 90s).
+.It Cm authfail:duration
+Specifies how long to refuse clients that disconnect after making one or more
+unsuccessful authentication attempts (default: 5s).
+.It Cm noauth:duration
+Specifies how long to refuse clients that disconnect without attempting
+authentication (default: 1s).
+This timeout should be used cautiously otherwise it may penalise legitimate
+scanning tools such as
+.Xr ssh-keyscan 1 .
+.It Cm grace-exceeded:duration
+Specifies how long to refuse clients that fail to authenticate after
+.Cm LoginGraceTime (default: 20s).
+.It Cm max:duration
+Specifies the maximum time a particular source address range will be refused
+access for (default: 10m).
+Repeated penalties will accumulate up to this maximum.
+.It Cm min:duration
+Specifies the minimum penalty that must accrue before enforcement begins
+(default: 15s).
+.It Cm max-sources:number
+Specifies the maximum number of penalise client address ranges to track
+(default: 65536).
+.It Cm overflow:mode
+Controls how the server behaves when
+.Cm max-sources
+is exceeded.
+There are two operating modes:
+.Cm deny-all ,
+which denies all incoming connections other than those exempted via
+.Cm PerSourcePenaltyExemptList
+until a penalty expires, and
+.Cm permissive ,
+which allows new connections by removing existing penalties early
+(default: permissive).
+.El
+.It Cm PerSourcePenaltyExemptList
+Specifies a comma-separated list of addresses to exempt from penalties.
+This list may contain wildcards and CIDR address/masklen ranges.
+Note that the mask length provided must be consistent with the address -
+it is an error to specify a mask length that is too long for the address
+or one with bits set in this host portion of the address.
+For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
+The default is not to exempt any addresses.
 .It Cm PidFile
 Specifies the file that contains the process ID of the
 SSH daemon, or

hpnsshd_config.5

@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.194 2024/05/17 00:30:23 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.196 2024/06/06 17:15:25 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -619,7 +619,7 @@ int
 convtime(const char *s)
 {
 	int secs, total = 0, multiplier;
-	char *p, *os, *np, c;
+	char *p, *os, *np, c = 0;
 	const char *errstr;
 
 	if (s == NULL || *s == '\0')
@@ -3098,3 +3098,19 @@ lib_contains_symbol(const char *path, const char *s)
 	return ret;
 #endif /* HAVE_NLIST_H */
 }
+
+int
+signal_is_crash(int sig)
+{
+	switch (sig) {
+	case SIGSEGV:
+	case SIGBUS:
+	case SIGTRAP:
+	case SIGSYS:
+	case SIGFPE:
+	case SIGILL:
+	case SIGABRT:
+		return 1;
+	}
+	return 0;
+}