Skip to content

Merge 10.0p2 #796

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 347 commits into
base: latestw_all
Choose a base branch
from
Open

Merge 10.0p2 #796

wants to merge 347 commits into from
+27,717 −10,660

Conversation

tgauth
Copy link
Collaborator

@tgauth tgauth commented Jul 29, 2025
edited
Loading

PR Summary

  • notable changes for Windows compatibility:
    • [auth2-pubkey.c] glob call needs convertToForwardslash for relative AuthorizedKeysPath
    • [sshd-auth] add sshd-auth.vcxproj and update Win32-OpenSSH.sln
    • [sshd-session] removal of privsep_unauth_child logic that is now handled by sshd-auth

PR Context

  • merge changes from upstream version 10.0p2

djmdjm and others added 30 commits September 15, 2024 13:10
@djmdjm
upstream: bad whitespace in config dump output
ce171d0 
OpenBSD-Commit-ID: d899c13b0e8061d209298eaf58fe53e3643e967c
@djmdjm
avoid gcc warning in fuzz test
0c1165f
@djmdjm
upstream: minor grammar/sort fixes for refuseconnection; ok djm
f82e5e2 
OpenBSD-Commit-ID: 1c81f37b138b8b66abba811fec836388a0f3e6da
@djmdjm
upstream: use 64 bit math to avoid signed underflow. upstream code
0ca128c 
relies on using -fwrapv to provide defined over/underflow behaviour, but we
use -ftrapv to catch integer errors and abort the program. ok dtucker@

OpenBSD-Commit-ID: 8933369b33c17b5f02479503d0a92d87bc3a574b
@djmdjm
fix bug in recently-added sntrup761 fuzzer
5fb2b5a 
key values need to be static to persist across invocations;
spotted by the Qualys Security Advisory team.
@djmdjm
conditionally include mman.h in arc4random code
7ef362b
@djmdjm
include openbsd-compat/base64.c license in LICENSE
ef2d7f2
@djmdjm
upstream: openssh-9.9
0bdca1f 
OpenBSD-Commit-ID: 303417285f1a73b9cb7a2ae78d3f493bbbe31f98
@djmdjm
update version numbers
46d1fb1
@daztucker
Add 9.9 branch to CI status console.
1641f2d
@jonathangray @djmdjm
upstream: remove unneeded semicolons; checked by millert@
a35f543 
OpenBSD-Commit-ID: 3fb621a58e04b759a875ad6a33f35bb57ca80231
@jonathangray @djmdjm
upstream: remove some unused defines; ok djm@
e03239f 
OpenBSD-Commit-ID: 81869ee6356fdbff19dae6ff757095e6b24de712
@christoph-zededa @djmdjm
fix utmpx ifdef
0f5d19e 
02e16ad did a copy-paste for
utmpx, but forgot to change the ifdef appropriately
@daztucker
Test the flags from OpenWRT's package.
d3aee17
@djmdjm
build construct_utmp() when USE_BTMP is set
76a618d 
Fixes compile error on Void Linux/Musl
@djmdjm
gss-serv.c needs sys/param.h
815a94e 
From Void Linux
@djmdjm
upstream: some extra paranoia, reminded by jsg@
9517cc5 
OpenBSD-Commit-ID: 22072bfa1df1391858ae7768a6c627e08593a91e
@djmdjm
upstream: fix regression introduced when I switched the "Match"
3f02368 
criteria tokeniser to a more shell-like one. Apparently the old tokeniser
(accidentally?) allowed "Match criteria=argument" as well as the "Match
criteria argument" syntax that we tested for.

People were using this syntax so this adds back support for
"Match criteria=argument"

bz3739 ok dtucker

OpenBSD-Commit-ID: d1eebedb8c902002b75b75debfe1eeea1801f58a
@djmdjm
upstream: remove some unneeded Xo/Xc calls; from evan silberman the
3ef4f6e 
original diff had a couple of errors, which i've fixed

OpenBSD-Commit-ID: f37ad5888adbc0d4e1cd6b6de237841f4b1e650d
@jonathangray @djmdjm
upstream: remove some unused defines; ok djm@
220b6c1 
OpenBSD-Commit-ID: 3a63e4e11d455704f684c28715d61b17f91e0996
@djmdjm
upstream: fix previous change to ssh_config Match, which broken on
67a115e 
negated Matches; spotted by phessler@ ok deraadt@

OpenBSD-Commit-ID: b1c6acec66cd5bd1252feff1d02ad7129ced37c7
@djmdjm
upstream: Turn off finite field (a.k.a modp) Diffie-Hellman key
0051381 
exchange in sshd by default. Specifically, this removes the
diffie-hellman-group* and diffie-hellman-group-exchange-* methods. The client
is unchanged and continues to support these methods by default.

Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.

ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.

ok markus@

OpenBSD-Commit-ID: 4e238ad480a33312667cc10ae0eb6393abaec8da
@jonathangray @djmdjm
upstream: remove duplicate misc.h include ok dtucker@
538cd28 
OpenBSD-Commit-ID: fdd056e7854294834d54632b4282b877cfe4c12e
@djmdjm
upstream: don't start the ObscureKeystrokeTiming mitigations if
fe6c633 
there has been traffic on a X11 forwarding channel recently.

Should fix X11 forwarding performance problems when this setting is
enabled. Patch from Antonio Larrosa via bz3655

OpenBSD-Commit-ID: 820284a92eb4592fcd3d181a62c1b86b08a4a7ab
@djmdjm
upstream: Split per-connection sshd-session binary
6072e4c 
This splits the user authentication code from the sshd-session
binary into a separate sshd-auth binary. This will be executed by
sshd-session to complete the user authentication phase of the
protocol only.

Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.

Joint work with markus@ feedback deraadt@

Tested in snaps since last week

OpenBSD-Commit-ID: 9c3b2087ae08626ec31b4177b023db600e986d9c
@djmdjm
upstream: test some more Match syntax, including criteria=arg and
4617410 
negations

OpenBSD-Regress-ID: 67476baccc60bf1a255fd4e329ada950047b8b8d
@djmdjm
upstream: regress support for split sshd-auth binary
7485620 
OpenBSD-Regress-ID: df7d18a87b475f70004770f0f4e404adba5f6ab7
@djmdjm
depend
4482f00
@djmdjm
there's only one sandbox, move to a static global
f8edf08
@djmdjm
put back some portable bits for sshd-auth.c
164ea43
@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth
Copy link
Collaborator Author

tgauth commented Aug 12, 2025

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth
fix bash test on Windows by retrieving exit code from child process
b64ce69 
fix bash test on Windows by retrieving exit code from child process
@tgauth
Copy link
Collaborator Author

tgauth commented Aug 12, 2025

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth
Copy link
Collaborator Author

tgauth commented Aug 12, 2025

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth tgauth changed the title [WIP] Merge 10.0p2 Merge 10.0p2 Aug 12, 2025
@tgauth
Copy link
Collaborator Author

tgauth commented Aug 18, 2025

/azp run

@tgauth tgauth requested a review from vthiebaut10 August 18, 2025 19:45
@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth tgauth requested a review from Copilot August 21, 2025 18:37
Copilot
Copilot AI reviewed Aug 21, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR merges upstream OpenSSH version 10.0p2, focusing primarily on Windows compatibility improvements and necessary updates to align with upstream changes.

Key changes include:

  • Updates version strings from 9.8 to 10.0 across the codebase
  • Windows-specific compatibility improvements for authentication and session handling
  • Major refactoring of SSH signature handling and cryptography backend
  • Addition of new sshd-auth process and related infrastructure

Reviewed Changes

Copilot reviewed 201 out of 207 changed files in this pull request and generated no comments.

Show a summary per file
File Description
version.h Version string update from 9.8 to 10.0
sshsig.c Signature handling improvements and RSA algorithm selection
sshkey.h/.c Major cryptography backend refactoring with EVP_PKEY integration
sshd_config.5/.0 Configuration documentation updates and new options
sshd.c Connection handling and process management improvements
sshd-session.c Session process refactoring and Windows compatibility
sshd-auth.c New authentication process for privilege separation
ssh*.c Various client-side improvements and configuration handling
Comments suppressed due to low confidence (5)

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@tgauth
Copy link
Collaborator Author

tgauth commented Sep 10, 2025

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth
Copy link
Collaborator Author

tgauth commented Sep 10, 2025

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@tgauth
Copy link
Collaborator Author

tgauth commented Sep 10, 2025

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@vthiebaut10 vthiebaut10 Awaiting requested review from vthiebaut10

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.