openssh: Update to version 10.4p1

Message ID 20260709150851.3632942-7-adolf.belka@ipfire.org
State Staged
Commit 1e3ae365bf241abf4301b783d70a32a0194b780c
Headers
Series openssh: Update to version 10.4p1 |

Commit Message

Adolf Belka 9 Jul 2026, 3:08 p.m. UTC
- Update from version 10.3p1 to 10.4pi
- Update of rootfile
- Changelog
10.4p1
   Potentially-incompatible changes
	 * sshd(8): configuration dump mode ("sshd -G") now writes directives
	   in mixed case (e.g. "PubkeyAuthentication") whereas previously it
	   emitted only lower-case names.
	 * sshd(8): on Linux systems with the seccomp sandbox enabled,
	   failures to enable SECCOMP or NO_NEW_PRIVS are now fatal.
	   Previously sshd(8) would log the error but continue operation,
	   to support systems that lacked these features. Now systems that
	   lack these should instead disable the sandbox at configure time.
	 * ssh(1), sshd(8): make the transport protocol stricter by
	   disconnecting if the peer sends non-KEX messages during a post-
	   authentication key re-exchange. Previously a malicious peer could
	   continue sending non-key exchange messages without penalty. These
	   would be buffered, causing memory to be wasted up until the
	   connection terminated or the server/client hit a memory limit.
	   Implementations that do not restrict messages sent during key
	   exchange as per RFC4253 section 7.1 may be disconnected.
	   Reported by Marko Jevtic.
   Security
	 * sftp(1): when downloading files on the command-line using
	   "sftp host:/path .", a malicious server could cause the file to
	   be downloaded to an unexpected location. This issue was identified
	   by the Swival Security Scanner.
	 * scp(1): when copying files between two remote destinations, do
	   not allow a malicious server to write files to the parent
	   directory of the intended target directory.  This issue was
	   identified by the Swival Security Scanner.
	 * sshd(8): when using the "internal-sftp" SFTP server implementation
	   (this is not the default), long command lines were previously
	   truncated silently after the 9th argument. If a security-relevant
	   option was in the 10th or later position, it would be discarded.
	   Reported by Steve Caffrey.
	 * sshd(8): add a documentation note to mention that the
	   GSSAPIStrictAcceptorCheck option is ineffective when the server
	   is joined to a Windows Active Directory. Reported by Yarin Aharoni
	   of Safebreach.
	 * sshd(8): DisableForwarding=yes didn't override PermitTunnel=yes
	   as it was documented to do. Note that PermitTunnel is not enabled
	   by default. Reported independently by Huzaifa Sidhpurwala of
	   Redhat and Marko Jevtic.
	 * sshd(8): avoid a potential pre-authentication denial of service
	   when GSSAPIAuthentication was enabled (this feature is off by
	   default). This was not mitigated by MaxAuthTries, but would be
	   penalised by PerSourcePenalties. This was reported by Manfred
	   Kaiser of the milCERT AT (Austrian Ministry of Defence).
	 * sshd(8): fix a number of cases where the minimum authentication
	   delay was not being enforced. Reported by the Orange Cyberdefense
	   Vulnerability Team.
	 * ssh(1): fix a possible client-side use-after-free if the server
	   changes its host key during a key reexchange. This was reported by
	   Zhenpeng (Leo) Lin of Depthfirst.
   New features
	 * All: add experimental support for a composite post-quantum
	   signature scheme that combines ML-DSA 44 and Ed25519 as specified
	   in draft-miller-sshm-mldsa44-ed25519-composite-sigs.
	   This scheme is not enabled by default. To use it, you'll need
	   to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc.
	   Keys may be generated using "ssh-keygen -t mldsa44-ed25519".
	 * ssh(1), sshd(8): replace the wildcard pattern matcher with an
	   implementation based on an NFA. This avoids exponential worst-case
	   behaviour for the old implementation.
   Bugfixes
	 * ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION
	   requests. bz3967
	 * sshd(8): avoid sending observably different messages for valid vs
	   invalid users in GSSAPIAuthentication (disabled by default).
	 * ssh(1), sshd(8): fix several bugs that incorrectly
	   classified bulk traffic as interactive. bz3972, bz3958
	 * ssh-keygen(1), ssh-add(1): skip unsupported key types when
	   downloading resident keys from a FIDO token. Previously, downloads
	   would abort when one was encountered. GHPR657
	 * ssh(1): fix a potential use-after-free on an error path if
	   cipher_init() fails.
	 * sshd(8): perform stricter encoding and validation of transport
	   state passed between sshd privilege separation subprocesses. This
	   somewhat further hardens the server against attacks on sshd-auth
	   or sshd-session subprocesses.
	 * ssh-agent(1): avoid possible runtime denial of service by
	   enforcing some limits on the length of usernames in key use
	   constraints.
	 * sftp(1): fix two separate one-byte out-of-bounds reads, in
	   SSH2_FXP_REALPATH and batch command processing.
	 * sftp-server(8): disallow use of the copy-data extension to read
	   and write to the same inode simultaneously.
	 * ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was
	   created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent.
	   GHPR679
	 * sftp(1), scp(1): avoid a situation where sftp_download() could get
	   stuck in a loop if a broken server repeatedly returned zero length
	   while reading a file.
	 * ssh(1): avoid leaking DNS0x20 case-randomised names into names
	   canonicalised using CanonicalizePermittedCNAMEs. bz3966
	 * sftp-server(8): avoid truncation of pathnames passed to lstat()
	   during SSH_FXP_REALPATH handling on systems where PATH_MAX is not
	   the actual max. GHPR688
	 * ssh(1), sshd(8): correct arming of poll(2) event masks for some
	   socket-type channels. GHPR660
	 * sshd(8): major refactor of sshd_config parsing and management
	   code, to allow for more exact serialisation/deserialisation across
	   privilege separation boundaries.
	 * ssh-add(1): open connection to the agent only after getopt()
	   processing has completed, to give options like "-v" a chance to
	   display debug information about this operation.
	 * crypto code: fix bounds checking when signing messages of length
	   greater than will fit in a size_t. In OpenSSH, message sizes are
	   bounded by SSHBUF_SIZE_MAX so this was unreachable.
	 * crypto code: add signature malleability and pubkey validity checks
	   to ed25519 verification. SSH doesn't depend on these properties
	 * crypto code: fix ECDSA order check for curves with cofactor != 1.
	   All supported EC curves have cofactor 1, so this was
	   unreachable.
	 * sshd(8): differentiate between execution failures and a subsystem
	   that was not found when logging why a subsystem failed to start.
	   GHPR637
	 * All: use safer idioms for timegm(3) and mktime(3) error detection.
	 * ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in
	   config files or command-line arguments. This could cause runtime
	   failures later.
	 * ssh(1): fix NULL deref crash during pubkey auth when using a PEM
	   style private key with no corresponding .pub key adjacent to it.
	 * sshd(8): don't print an error message when trying to load a host
	   private key when PKCS#11 keys are in use, as these don't need the
	   private half on the filesystem. GHPR664
	 * All: don't use deprecated ERR_load_crypto_strings(). GHPR650
	 * ssh(1): properly report errors during configuration default
	   setting. GHPR649
	 * ssh(1): use correct directive name (Match instead of Host) in
	   error message. bz3968
	 * sftp(1): fix "ls -ln" which was not correctly showing numeric
	   UID/GIDs but rather user and group names. bz3953
	 * sshd(8): avoid possible NULL dereference if an allocation fails
	   during config parsing. bz3948
	 * All: fix ineffective guards against loading overly large public
	   keys in several places. bz3969 and bz3970
	 * sftp(1): ensure file descriptors used by sftp to communicate to
	   its ssh(1) subprocess don't leak into executed subprocesses (e.g.
	   via "!"). GHPR693
   Portability
	 * Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness
	   fix for large exponents (GHPR671)
	 * sshd(8): remove duplicate sandbox entry for clock_gettime64.
	 * ssh(1), sshd(8): use correct IPTOS_DSCP_VA value if not provided
	   by the system headers.
	 * Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness
	   fixes.
	 * Disable replacements in openbsd-compat for strvisx(3) and
	   stravis(3), as these are unused in OpenSSH
	 * Avoid fortify warnings on Android bz3954
	 * Fix a number of memory leaks on error paths in the portability
	   code. GHPR681
	 * Revise the README.privsep documentation to reflect sshd's recent
	   switch to a multi-binary model.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/openssh | 2 ++
 lfs/openssh                     | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)
  

Patch

diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index 85dd5dd2d..8e7364b07 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -5,6 +5,8 @@  etc/ssh/ssh_config
 #etc/ssh/ssh_host_ecdsa_key.pub
 #etc/ssh/ssh_host_ed25519_key
 #etc/ssh/ssh_host_ed25519_key.pub
+#etc/ssh/ssh_host_mldsa44_ed25519_key
+#etc/ssh/ssh_host_mldsa44_ed25519_key.pub
 #etc/ssh/ssh_host_rsa_key
 #etc/ssh/ssh_host_rsa_key.pub
 etc/ssh/sshd_config
diff --git a/lfs/openssh b/lfs/openssh
index fdffce8d4..e7acb2058 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 10.3p1
+VER        = 10.4p1
 
 THISAPP    = openssh-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 77ff7c3bc943702267d74f6f7cdae44209ab940e42501e8a225761f3c8ab5416f2f0e4e61183e0b4cd79d5a041f4d1600674fcda17d3a2bd172074655cefdcd1
+$(DL_FILE)_BLAKE2 = 3051a345fd24333708277a1de781deca9094dd07cc55e613e93715b1266d80d59043bf5cdb2282d02c797cb9446916020e70fbd4c7a2470da7ab98eb612f6b74
 
 install : $(TARGET)