rpms/openssh
7
0
Fork 2
Code Issues Pull Requests Releases Activity

Fix CVE-2026-3497

Browse Source 
Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
Zoltan Fridrich 2026-03-13 12:58:59 +01:00
parent 5112fd1dbb
commit f5a6642da3
2 changed files with 149 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

290
openssh-9.6p1-gssapi-keyex.patch
View File

@ -1,6 +1,6 @@
diff --color -ruNp a/auth2.c b/auth2.c
--- a/auth2.c 2024-09-16 11:45:56.858133241 +0200
+++ b/auth2.c 2024-09-16 11:46:34.688939755 +0200
--- a/auth2.c 2026-03-13 12:32:48.463830672 +0100
+++ b/auth2.c 2026-03-13 12:16:40.013559000 +0100
@@ -71,6 +71,7 @@ extern Authmethod method_passwd;
extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
@ -18,8 +18,8 @@ diff --color -ruNp a/auth2.c b/auth2.c
#endif
&method_passwd,
diff --color -ruNp a/auth2-gss.c b/auth2-gss.c
--- a/auth2-gss.c 2024-09-16 11:45:56.858133241 +0200
+++ b/auth2-gss.c 2024-09-16 11:46:34.689939776 +0200
--- a/auth2-gss.c 2026-03-13 12:32:48.464158978 +0100
+++ b/auth2-gss.c 2026-03-13 12:16:40.011579476 +0100
@@ -51,6 +51,7 @@
#define SSH_GSSAPI_MAX_MECHS 2048
@ -108,8 +108,8 @@ diff --color -ruNp a/auth2-gss.c b/auth2-gss.c
&methodcfg_gssapi,
userauth_gssapi,
diff --color -ruNp a/auth2-methods.c b/auth2-methods.c
--- a/auth2-methods.c 2024-07-01 06:36:28.000000000 +0200
+++ b/auth2-methods.c 2024-09-16 11:46:34.689939776 +0200
--- a/auth2-methods.c 2024-09-20 00:20:48.000000000 +0200
+++ b/auth2-methods.c 2026-03-13 12:16:40.011621502 +0100
@@ -50,6 +50,11 @@ struct authmethod_cfg methodcfg_pubkey =
&options.pubkey_authentication
};
@ -131,8 +131,8 @@ diff --color -ruNp a/auth2-methods.c b/auth2-methods.c
#endif
&methodcfg_passwd,
diff --color -ruNp a/auth.c b/auth.c
--- a/auth.c 2024-07-01 06:36:28.000000000 +0200
+++ b/auth.c 2024-09-16 11:46:34.690939798 +0200
--- a/auth.c 2024-09-20 00:20:48.000000000 +0200
+++ b/auth.c 2026-03-13 12:16:39.971971452 +0100
@@ -356,7 +356,8 @@ auth_root_allowed(struct ssh *ssh, const
case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
@ -144,8 +144,8 @@ diff --color -ruNp a/auth.c b/auth.c
break;
case PERMIT_FORCED_ONLY:
diff --color -ruNp a/canohost.c b/canohost.c
--- a/canohost.c 2024-07-01 06:36:28.000000000 +0200
+++ b/canohost.c 2024-09-16 11:46:34.690939798 +0200
--- a/canohost.c 2024-09-20 00:20:48.000000000 +0200
+++ b/canohost.c 2026-03-13 12:16:39.971614349 +0100
@@ -35,6 +35,99 @@
#include "canohost.h"
#include "misc.h"
@ -247,8 +247,8 @@ diff --color -ruNp a/canohost.c b/canohost.c
ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len)
{
diff --color -ruNp a/canohost.h b/canohost.h
--- a/canohost.h 2024-07-01 06:36:28.000000000 +0200
+++ b/canohost.h 2024-09-16 11:46:34.690939798 +0200
--- a/canohost.h 2024-09-20 00:20:48.000000000 +0200
+++ b/canohost.h 2026-03-13 12:16:39.973010227 +0100
@@ -15,6 +15,9 @@
#ifndef _CANOHOST_H
#define _CANOHOST_H
@ -260,8 +260,8 @@ diff --color -ruNp a/canohost.h b/canohost.h
int get_peer_port(int);
char *get_local_ipaddr(int);
diff --color -ruNp a/clientloop.c b/clientloop.c
--- a/clientloop.c 2024-07-01 06:36:28.000000000 +0200
+++ b/clientloop.c 2024-09-16 11:46:34.690939798 +0200
--- a/clientloop.c 2024-09-20 00:20:48.000000000 +0200
+++ b/clientloop.c 2026-03-13 12:16:39.973067475 +0100
@@ -115,6 +115,10 @@
#include "ssherr.h"
#include "hostfile.h"
@ -289,8 +289,8 @@ diff --color -ruNp a/clientloop.c b/clientloop.c
if (conn_in_ready)
client_process_net_input(ssh);
diff --color -ruNp a/configure.ac b/configure.ac
--- a/configure.ac 2024-09-16 11:45:56.870133497 +0200
+++ b/configure.ac 2024-09-16 11:46:34.691939819 +0200
--- a/configure.ac 2026-03-13 12:32:48.476497111 +0100
+++ b/configure.ac 2026-03-13 12:16:39.974067978 +0100
@@ -774,6 +774,30 @@ int main(void) { if (NSVersionOfRunTimeL
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
@ -323,8 +323,8 @@ diff --color -ruNp a/configure.ac b/configure.ac
AC_CHECK_DECL([AU_IPv4], [],
AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
diff --color -ruNp a/gss-genr.c b/gss-genr.c
--- a/gss-genr.c 2024-07-01 06:36:28.000000000 +0200
+++ b/gss-genr.c 2024-09-16 11:46:34.708940181 +0200
--- a/gss-genr.c 2024-09-20 00:20:48.000000000 +0200
+++ b/gss-genr.c 2026-03-13 12:16:40.012672759 +0100
@@ -42,9 +42,33 @@
#include "sshbuf.h"
#include "log.h"
@ -710,8 +710,8 @@ diff --color -ruNp a/gss-genr.c b/gss-genr.c
+
#endif /* GSSAPI */
diff --color -ruNp a/gss-serv.c b/gss-serv.c
--- a/gss-serv.c 2024-07-01 06:36:28.000000000 +0200
+++ b/gss-serv.c 2024-09-16 11:46:34.692939840 +0200
--- a/gss-serv.c 2024-09-20 00:20:48.000000000 +0200
+++ b/gss-serv.c 2026-03-13 12:16:39.978787818 +0100
@@ -1,7 +1,7 @@
/* $OpenBSD: gss-serv.c,v 1.32 2020/03/13 03:17:07 djm Exp $ */
@ -1004,8 +1004,8 @@ diff --color -ruNp a/gss-serv.c b/gss-serv.c
/* Privileged */
diff --color -ruNp a/gss-serv-krb5.c b/gss-serv-krb5.c
--- a/gss-serv-krb5.c 2024-07-01 06:36:28.000000000 +0200
+++ b/gss-serv-krb5.c 2024-09-16 11:46:34.692939840 +0200
--- a/gss-serv-krb5.c 2024-09-20 00:20:48.000000000 +0200
+++ b/gss-serv-krb5.c 2026-03-13 12:16:39.978934056 +0100
@@ -1,7 +1,7 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.9 2018/07/09 21:37:55 markus Exp $ */
@ -1143,8 +1143,8 @@ diff --color -ruNp a/gss-serv-krb5.c b/gss-serv-krb5.c
#endif /* KRB5 */
diff --color -ruNp a/kex.c b/kex.c
--- a/kex.c 2024-07-01 06:36:28.000000000 +0200
+++ b/kex.c 2024-09-16 11:46:34.692939840 +0200
--- a/kex.c 2024-09-20 00:20:48.000000000 +0200
+++ b/kex.c 2026-03-13 12:16:39.978857653 +0100
@@ -297,17 +297,37 @@ static int
kex_compose_ext_info_server(struct ssh *ssh, struct sshbuf *m)
{
@ -1200,8 +1200,8 @@ diff --color -ruNp a/kex.c b/kex.c
sshkey_free(kex->initial_hostkey);
free(kex->failed_choice);
diff --color -ruNp a/kexdh.c b/kexdh.c
--- a/kexdh.c 2024-07-01 06:36:28.000000000 +0200
+++ b/kexdh.c 2024-09-16 11:46:34.693939862 +0200
--- a/kexdh.c 2024-09-20 00:20:48.000000000 +0200
+++ b/kexdh.c 2026-03-13 12:16:39.979537228 +0100
@@ -49,13 +49,23 @@ kex_dh_keygen(struct kex *kex)
{
switch (kex->kex_type) {
@ -1227,8 +1227,8 @@ diff --color -ruNp a/kexdh.c b/kexdh.c
break;
case KEX_DH_GRP18_SHA512:
diff --color -ruNp a/kexgen.c b/kexgen.c
--- a/kexgen.c 2024-07-01 06:36:28.000000000 +0200
+++ b/kexgen.c 2024-09-16 11:46:34.693939862 +0200
--- a/kexgen.c 2024-09-20 00:20:48.000000000 +0200
+++ b/kexgen.c 2026-03-13 12:16:39.979737335 +0100
@@ -44,7 +44,7 @@
static int input_kex_gen_init(int, u_int32_t, struct ssh *);
static int input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh);
@ -1240,7 +1240,7 @@ diff --color -ruNp a/kexgen.c b/kexgen.c
const struct sshbuf *client_version,
diff --color -ruNp a/kexgssc.c b/kexgssc.c
--- a/kexgssc.c 1970-01-01 01:00:00.000000000 +0100
+++ b/kexgssc.c 2024-10-14 15:18:02.491798105 +0200
+++ b/kexgssc.c 2026-03-13 12:25:23.115812190 +0100
@@ -0,0 +1,706 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1369,7 +1369,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
+
+ /* Verify that the hash matches the MIC we just got. */
+ if (GSS_ERROR(ssh_gssapi_checkmic(gss, &gss->buf, &gss->msg_tok)))
+ sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
+ ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
+
+ gss_release_buffer(&gss->minor, &gss->msg_tok);
+
@ -1592,10 +1592,10 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
+ fatal("Failed to read token: %s", ssh_err(r));
+ /* If we're already complete - protocol error */
+ if (gss->major == GSS_S_COMPLETE)
+ sshpkt_disconnect(ssh, "Protocol error: received token when complete");
+ ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
+ } else {
+ if (gss->major != GSS_S_COMPLETE)
+ sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
+ ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
+ }
+ if ((r = sshpkt_get_end(ssh)) != 0)
+ fatal("Expecting end of packet.");
@ -1731,7 +1731,7 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
+
+ /* Verify that the hash matches the MIC we just got. */
+ if (GSS_ERROR(ssh_gssapi_checkmic(gss, &gss->buf, &gss->msg_tok)))
+ sshpkt_disconnect(ssh, "Hash's MIC didn't verify");
+ ssh_packet_disconnect(ssh, "Hash's MIC didn't verify");
+
+ gss_release_buffer(&gss->minor, &gss->msg_tok);
+
@ -1932,10 +1932,10 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
+ fatal("Failed to read token: %s", ssh_err(r));
+ /* If we're already complete - protocol error */
+ if (gss->major == GSS_S_COMPLETE)
+ sshpkt_disconnect(ssh, "Protocol error: received token when complete");
+ ssh_packet_disconnect(ssh, "Protocol error: received token when complete");
+ } else {
+ if (gss->major != GSS_S_COMPLETE)
+ sshpkt_disconnect(ssh, "Protocol error: did not receive final token");
+ ssh_packet_disconnect(ssh, "Protocol error: did not receive final token");
+ }
+ if ((r = sshpkt_get_end(ssh)) != 0)
+ fatal("Expecting end of packet.");
@ -1950,8 +1950,8 @@ diff --color -ruNp a/kexgssc.c b/kexgssc.c
+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
diff --color -ruNp a/kexgsss.c b/kexgsss.c
--- a/kexgsss.c 1970-01-01 01:00:00.000000000 +0100
+++ b/kexgsss.c 2024-10-14 15:18:02.491798105 +0200
@@ -0,0 +1,601 @@
+++ b/kexgsss.c 2026-03-13 12:32:17.556172591 +0100
@@ -0,0 +1,603 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+ *
@ -2083,7 +2083,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+{
+ struct kex *kex = ssh->kex;
+ Gssctxt *gss = kex->gss;
+ gss_buffer_desc msg_tok;
+ gss_buffer_desc msg_tok = GSS_C_EMPTY_BUFFER;
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
+ size_t hashlen;
+ struct sshbuf *shared_secret = NULL;
@ -2167,7 +2167,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+ Gssctxt *gss = kex->gss;
+ struct sshbuf *empty;
+ struct sshbuf *client_pubkey = NULL;
+ gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ OM_uint32 ret_flags = 0;
+ int r;
+
@ -2243,7 +2244,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+ struct ssh *ssh)
+{
+ Gssctxt *gss = ssh->kex->gss;
+ gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ OM_uint32 ret_flags = 0;
+ int r;
+
@ -2334,7 +2336,7 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+{
+ struct kex *kex = ssh->kex;
+ Gssctxt *gss = kex->gss;
+ gss_buffer_desc msg_tok;
+ gss_buffer_desc msg_tok = GSS_C_EMPTY_BUFFER;
+ u_char hash[SSH_DIGEST_MAX_LENGTH];
+ size_t hashlen;
+ const BIGNUM *pub_key, *dh_p, *dh_g;
@ -2475,10 +2477,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+ fatal("GSS_GEX, bad parameters: %d !< %d !< %d", min, nbits, max);
+
+ kex->dh = mm_choose_dh(min, nbits, max);
+ if (kex->dh == NULL) {
+ sshpkt_disconnect(ssh, "Protocol error: no matching group found");
+ fatal("Protocol error: no matching group found");
+ }
+ if (kex->dh == NULL)
+ ssh_packet_disconnect(ssh, "Protocol error: no matching group found");
+
+ DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXGSS_GROUP)) != 0 ||
@ -2510,7 +2510,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+ struct ssh *ssh)
+{
+ Gssctxt *gss = ssh->kex->gss;
+ gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ OM_uint32 ret_flags = 0;
+ int r;
+
@ -2537,7 +2538,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+ struct ssh *ssh)
+{
+ Gssctxt *gss = ssh->kex->gss;
+ gss_buffer_desc recv_tok, send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ OM_uint32 ret_flags = 0;
+ int r;
+
@ -2554,8 +2556,8 @@ diff --color -ruNp a/kexgsss.c b/kexgsss.c
+
+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
diff --color -ruNp a/kex.h b/kex.h
--- a/kex.h 2024-07-01 06:36:28.000000000 +0200
+++ b/kex.h 2024-09-16 11:46:34.710940224 +0200
--- a/kex.h 2024-09-20 00:20:48.000000000 +0200
+++ b/kex.h 2026-03-13 12:16:40.013688997 +0100
@@ -29,6 +29,10 @@
#include "mac.h"
#include "crypto_api.h"
@ -2567,7 +2569,7 @@ diff --color -ruNp a/kex.h b/kex.h
#ifdef WITH_OPENSSL
# include <openssl/bn.h>
# include <openssl/dh.h>
@@ -102,6 +106,15 @@ enum kex_exchange {
@@ -103,6 +107,15 @@ enum kex_exchange {
KEX_C25519_SHA256,
KEX_KEM_SNTRUP761X25519_SHA512,
KEX_KEM_MLKEM768X25519_SHA256,
@ -2583,7 +2585,7 @@ diff --color -ruNp a/kex.h b/kex.h
KEX_MAX
};
@@ -164,6 +177,13 @@ struct kex {
@@ -165,6 +178,13 @@ struct kex {
u_int flags;
int hash_alg;
int ec_nid;
@ -2597,7 +2599,7 @@ diff --color -ruNp a/kex.h b/kex.h
char *failed_choice;
int (*verify_host_key)(struct sshkey *, struct ssh *);
struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
@@ -189,8 +209,10 @@ int kex_hash_from_name(const char *);
@@ -191,8 +211,10 @@ int kex_hash_from_name(const char *);
int kex_nid_from_name(const char *);
int kex_names_valid(const char *);
char *kex_alg_list(char);
@ -2608,7 +2610,7 @@ diff --color -ruNp a/kex.h b/kex.h
int kex_assemble_names(char **, const char *, const char *);
void kex_proposal_populate_entries(struct ssh *, char *prop[PROPOSAL_MAX],
const char *, const char *, const char *, const char *, const char *);
@@ -224,6 +246,12 @@ int kexgex_client(struct ssh *);
@@ -226,6 +248,12 @@ int kexgex_client(struct ssh *);
int kexgex_server(struct ssh *);
int kex_gen_client(struct ssh *);
int kex_gen_server(struct ssh *);
@ -2621,7 +2623,7 @@ diff --color -ruNp a/kex.h b/kex.h
int kex_dh_keypair(struct kex *);
int kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
@@ -256,6 +284,12 @@ int kexgex_hash(int, const struct sshbu
@@ -264,6 +292,12 @@ int kexgex_hash(int, const struct sshbu
const BIGNUM *, const u_char *, size_t,
u_char *, size_t *);
@ -2635,8 +2637,8 @@ diff --color -ruNp a/kex.h b/kex.h
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
diff --color -ruNp a/kex-names.c b/kex-names.c
--- a/kex-names.c 2024-07-01 06:36:28.000000000 +0200
+++ b/kex-names.c 2024-09-16 11:46:34.694939883 +0200
--- a/kex-names.c 2024-09-20 00:20:48.000000000 +0200
+++ b/kex-names.c 2026-03-13 12:16:39.979603048 +0100
@@ -45,6 +45,10 @@
#include "ssherr.h"
#include "xmalloc.h"
@ -2648,7 +2650,7 @@ diff --color -ruNp a/kex-names.c b/kex-names.c
struct kexalg {
char *name;
u_int type;
@@ -83,15 +87,28 @@ static const struct kexalg kexalgs[] = {
@@ -89,15 +93,28 @@ static const struct kexalg kexalgs[] = {
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
{ NULL, 0, -1, -1},
};
@ -2680,7 +2682,7 @@ diff --color -ruNp a/kex-names.c b/kex-names.c
if (ret != NULL)
ret[rlen++] = sep;
nlen = strlen(k->name);
@@ -106,6 +123,18 @@ kex_alg_list(char sep)
@@ -112,6 +129,18 @@ kex_alg_list(char sep)
return ret;
}
@ -2699,7 +2701,7 @@ diff --color -ruNp a/kex-names.c b/kex-names.c
static const struct kexalg *
kex_alg_by_name(const char *name)
{
@@ -115,6 +144,10 @@ kex_alg_by_name(const char *name)
@@ -121,6 +150,10 @@ kex_alg_by_name(const char *name)
if (strcmp(k->name, name) == 0)
return k;
}
@ -2710,7 +2712,7 @@ diff --color -ruNp a/kex-names.c b/kex-names.c
return NULL;
}
@@ -328,3 +361,26 @@ kex_assemble_names(char **listp, const c
@@ -334,3 +367,26 @@ kex_assemble_names(char **listp, const c
free(ret);
return r;
}
@ -2738,8 +2740,8 @@ diff --color -ruNp a/kex-names.c b/kex-names.c
+ return 1;
+}
diff --color -ruNp a/Makefile.in b/Makefile.in
--- a/Makefile.in 2024-09-16 11:45:56.868133454 +0200
+++ b/Makefile.in 2024-09-16 11:46:34.695939904 +0200
--- a/Makefile.in 2026-03-13 12:32:48.475081074 +0100
+++ b/Makefile.in 2026-03-13 12:16:39.979453307 +0100
@@ -114,6 +114,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
kex.o kex-names.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
kexgexc.o kexgexs.o \
@ -2767,9 +2769,9 @@ diff --color -ruNp a/Makefile.in b/Makefile.in
regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS)
$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \
diff --color -ruNp a/monitor.c b/monitor.c
--- a/monitor.c 2024-09-16 11:45:56.861133305 +0200
+++ b/monitor.c 2024-09-16 11:46:34.696939926 +0200
@@ -143,6 +143,8 @@ int mm_answer_gss_setup_ctx(struct ssh *
--- a/monitor.c 2026-03-13 12:32:48.467311058 +0100
+++ b/monitor.c 2026-03-13 12:16:40.012477799 +0100
@@ -144,6 +144,8 @@ int mm_answer_gss_setup_ctx(struct ssh *
int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *);
int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *);
int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *);
@ -2778,7 +2780,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
#endif
#ifdef SSH_AUDIT_EVENTS
@@ -219,11 +221,18 @@ struct mon_table mon_dispatch_proto20[]
@@ -220,11 +222,18 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
@ -2797,7 +2799,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
#ifdef WITH_OPENSSL
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
#endif
@@ -292,6 +301,10 @@ monitor_child_preauth(struct ssh *ssh, s
@@ -293,6 +302,10 @@ monitor_child_preauth(struct ssh *ssh, s
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@ -2808,7 +2810,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
/* The first few requests do not require asynchronous access */
while (!authenticated) {
@@ -344,8 +357,15 @@ monitor_child_preauth(struct ssh *ssh, s
@@ -345,8 +358,15 @@ monitor_child_preauth(struct ssh *ssh, s
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(ssh, authenticated, partial,
auth_method, auth_submethod);
@ -2825,7 +2827,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
if (authenticated || partial) {
auth2_update_session_info(authctxt,
auth_method, auth_submethod);
@@ -413,6 +433,10 @@ monitor_child_postauth(struct ssh *ssh,
@@ -414,6 +434,10 @@ monitor_child_postauth(struct ssh *ssh,
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@ -2836,7 +2838,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
if (auth_opts->permit_pty_flag) {
monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
@@ -1793,6 +1817,17 @@ monitor_apply_keystate(struct ssh *ssh,
@@ -1803,6 +1827,17 @@ monitor_apply_keystate(struct ssh *ssh,
# ifdef OPENSSL_HAS_ECC
kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
# endif
@ -2854,7 +2856,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
#endif /* WITH_OPENSSL */
kex->kex[KEX_C25519_SHA256] = kex_gen_server;
kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
@@ -1885,8 +1920,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh,
@@ -1896,8 +1931,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh,
u_char *p;
int r;
@ -2865,7 +2867,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
if ((r = sshbuf_get_string(m, &p, &len)) != 0)
fatal_fr(r, "parse");
@@ -1918,8 +1953,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh
@@ -1929,8 +1964,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh
OM_uint32 flags = 0; /* GSI needs this */
int r;
@ -2876,7 +2878,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
fatal_fr(r, "ssh_gssapi_get_buffer_desc");
@@ -1939,6 +1974,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh
@@ -1950,6 +1985,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@ -2884,7 +2886,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
}
return (0);
}
@@ -1950,8 +1986,8 @@ mm_answer_gss_checkmic(struct ssh *ssh,
@@ -1961,8 +1997,8 @@ mm_answer_gss_checkmic(struct ssh *ssh,
OM_uint32 ret;
int r;
@ -2895,7 +2897,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
(r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
@@ -1977,13 +2013,17 @@ mm_answer_gss_checkmic(struct ssh *ssh,
@@ -1988,13 +2024,17 @@ mm_answer_gss_checkmic(struct ssh *ssh,
int
mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
{
@ -2917,7 +2919,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
sshbuf_reset(m);
if ((r = sshbuf_put_u32(m, authenticated)) != 0)
@@ -1992,7 +2032,11 @@ mm_answer_gss_userok(struct ssh *ssh, in
@@ -2003,7 +2043,11 @@ mm_answer_gss_userok(struct ssh *ssh, in
debug3_f("sending result %d", authenticated);
mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
@ -2930,7 +2932,7 @@ diff --color -ruNp a/monitor.c b/monitor.c
if ((displayname = ssh_gssapi_displayname()) != NULL)
auth2_record_info(authctxt, "%s", displayname);
@@ -2000,5 +2044,84 @@ mm_answer_gss_userok(struct ssh *ssh, in
@@ -2011,5 +2055,84 @@ mm_answer_gss_userok(struct ssh *ssh, in
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
@ -3016,8 +3018,8 @@ diff --color -ruNp a/monitor.c b/monitor.c
#endif /* GSSAPI */
diff --color -ruNp a/monitor.h b/monitor.h
--- a/monitor.h 2024-09-16 11:45:56.861133305 +0200
+++ b/monitor.h 2024-09-16 11:46:34.696939926 +0200
--- a/monitor.h 2026-03-13 12:32:48.467853845 +0100
+++ b/monitor.h 2026-03-13 12:16:40.011929029 +0100
@@ -67,6 +67,8 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
@ -3028,8 +3030,8 @@ diff --color -ruNp a/monitor.h b/monitor.h
struct ssh;
diff --color -ruNp a/monitor_wrap.c b/monitor_wrap.c
--- a/monitor_wrap.c 2024-09-16 11:45:56.862133326 +0200
+++ b/monitor_wrap.c 2024-09-16 11:46:34.697939947 +0200
--- a/monitor_wrap.c 2026-03-13 12:32:48.468148305 +0100
+++ b/monitor_wrap.c 2026-03-13 12:16:40.011969272 +0100
@@ -1075,13 +1075,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
}
@ -3108,8 +3110,8 @@ diff --color -ruNp a/monitor_wrap.c b/monitor_wrap.c
/*
diff --color -ruNp a/monitor_wrap.h b/monitor_wrap.h
--- a/monitor_wrap.h 2024-09-16 11:45:56.862133326 +0200
+++ b/monitor_wrap.h 2024-09-16 11:46:34.697939947 +0200
--- a/monitor_wrap.h 2026-03-13 12:32:48.468446940 +0100
+++ b/monitor_wrap.h 2026-03-13 12:16:40.012015851 +0100
@@ -67,8 +67,10 @@ void mm_decode_activate_server_options(s
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
@ -3123,8 +3125,8 @@ diff --color -ruNp a/monitor_wrap.h b/monitor_wrap.h
#ifdef USE_PAM
diff --color -ruNp a/readconf.c b/readconf.c
--- a/readconf.c 2024-07-01 06:36:28.000000000 +0200
+++ b/readconf.c 2024-09-16 11:46:34.699939990 +0200
--- a/readconf.c 2024-09-20 00:20:48.000000000 +0200
+++ b/readconf.c 2026-03-13 12:16:40.012058137 +0100
@@ -70,6 +70,7 @@
#include "uidswap.h"
#include "myproposal.h"
@ -3165,7 +3167,7 @@ diff --color -ruNp a/readconf.c b/readconf.c
#endif
#ifdef ENABLE_PKCS11
{ "pkcs11provider", oPKCS11Provider },
@@ -1227,10 +1242,42 @@ parse_time:
@@ -1256,10 +1271,42 @@ parse_time:
intptr = &options->gss_authentication;
goto parse_flag;
@ -3208,7 +3210,7 @@ diff --color -ruNp a/readconf.c b/readconf.c
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -2542,7 +2589,13 @@ initialize_options(Options * options)
@@ -2576,7 +2623,13 @@ initialize_options(Options * options)
options->fwd_opts.streamlocal_bind_unlink = -1;
options->pubkey_authentication = -1;
options->gss_authentication = -1;
@ -3222,7 +3224,7 @@ diff --color -ruNp a/readconf.c b/readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -2705,8 +2758,18 @@ fill_default_options(Options * options)
@@ -2739,8 +2792,18 @@ fill_default_options(Options * options)
options->pubkey_authentication = SSH_PUBKEY_AUTH_ALL;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@ -3241,7 +3243,7 @@ diff --color -ruNp a/readconf.c b/readconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -3533,7 +3596,14 @@ dump_client_config(Options *o, const cha
@@ -3567,7 +3630,14 @@ dump_client_config(Options *o, const cha
dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
#ifdef GSSAPI
dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
@ -3257,8 +3259,8 @@ diff --color -ruNp a/readconf.c b/readconf.c
dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
diff --color -ruNp a/readconf.h b/readconf.h
--- a/readconf.h 2024-07-01 06:36:28.000000000 +0200
+++ b/readconf.h 2024-09-16 11:46:34.699939990 +0200
--- a/readconf.h 2024-09-20 00:20:48.000000000 +0200
+++ b/readconf.h 2026-03-13 12:16:39.991140430 +0100
@@ -40,7 +40,13 @@ typedef struct {
int pubkey_authentication; /* Try ssh2 pubkey authentication. */
int hostbased_authentication; /* ssh2's rhosts_rsa */
@ -3274,8 +3276,8 @@ diff --color -ruNp a/readconf.h b/readconf.h
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
diff --color -ruNp a/servconf.c b/servconf.c
--- a/servconf.c 2024-07-01 06:36:28.000000000 +0200
+++ b/servconf.c 2024-09-16 11:46:34.700940011 +0200
--- a/servconf.c 2024-09-20 00:20:48.000000000 +0200
+++ b/servconf.c 2026-03-13 12:16:39.991185528 +0100
@@ -68,6 +68,7 @@
#include "auth.h"
#include "myproposal.h"
@ -3296,7 +3298,7 @@ diff --color -ruNp a/servconf.c b/servconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->permit_empty_passwd = -1;
@@ -376,10 +380,18 @@ fill_default_server_options(ServerOption
@@ -378,10 +382,18 @@ fill_default_server_options(ServerOption
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@ -3315,7 +3317,7 @@ diff --color -ruNp a/servconf.c b/servconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -558,6 +570,7 @@ typedef enum {
@@ -564,6 +576,7 @@ typedef enum {
sPerSourcePenalties, sPerSourcePenaltyExemptList,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@ -3323,7 +3325,7 @@ diff --color -ruNp a/servconf.c b/servconf.c
sAcceptEnv, sSetEnv, sPermitTunnel,
sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
@@ -643,12 +656,22 @@ static struct {
@@ -649,12 +662,22 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@ -3346,7 +3348,7 @@ diff --color -ruNp a/servconf.c b/servconf.c
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
{ "challengeresponseauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
@@ -1585,6 +1608,10 @@ process_server_config_line_depth(ServerO
@@ -1605,6 +1628,10 @@ process_server_config_line_depth(ServerO
intptr = &options->gss_authentication;
goto parse_flag;
@ -3357,7 +3359,7 @@ diff --color -ruNp a/servconf.c b/servconf.c
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
goto parse_flag;
@@ -1593,6 +1620,22 @@ process_server_config_line_depth(ServerO
@@ -1613,6 +1640,22 @@ process_server_config_line_depth(ServerO
intptr = &options->gss_strict_acceptor;
goto parse_flag;
@ -3380,7 +3382,7 @@ diff --color -ruNp a/servconf.c b/servconf.c
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
@@ -3178,6 +3221,10 @@ dump_config(ServerOptions *o)
@@ -3204,6 +3247,10 @@ dump_config(ServerOptions *o)
#ifdef GSSAPI
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@ -3392,9 +3394,9 @@ diff --color -ruNp a/servconf.c b/servconf.c
dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
dump_cfg_fmtint(sKbdInteractiveAuthentication,
diff --color -ruNp a/servconf.h b/servconf.h
--- a/servconf.h 2024-07-01 06:36:28.000000000 +0200
+++ b/servconf.h 2024-09-16 11:46:34.700940011 +0200
@@ -149,8 +149,11 @@ typedef struct {
--- a/servconf.h 2024-09-20 00:20:48.000000000 +0200
+++ b/servconf.h 2026-03-13 12:16:40.004993534 +0100
@@ -150,8 +150,11 @@ typedef struct {
int kerberos_get_afs_token; /* If true, try to get AFS token if
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
@ -3407,8 +3409,8 @@ diff --color -ruNp a/servconf.h b/servconf.h
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
diff --color -ruNp a/session.c b/session.c
--- a/session.c 2024-09-16 11:45:56.866133411 +0200
+++ b/session.c 2024-09-16 11:46:34.701940032 +0200
--- a/session.c 2026-03-13 12:32:48.472280104 +0100
+++ b/session.c 2026-03-13 12:16:40.005034524 +0100
@@ -2674,13 +2674,19 @@ do_cleanup(struct ssh *ssh, Authctxt *au
#ifdef KRB5
@ -3432,9 +3434,9 @@ diff --color -ruNp a/session.c b/session.c
/* remove agent socket */
diff --color -ruNp a/ssh.1 b/ssh.1
--- a/ssh.1 2024-09-16 11:45:56.875133603 +0200
+++ b/ssh.1 2024-09-16 11:46:34.701940032 +0200
@@ -536,7 +536,13 @@ For full details of the options listed b
--- a/ssh.1 2026-03-13 12:32:48.479681434 +0100
+++ b/ssh.1 2026-03-13 12:16:40.012217780 +0100
@@ -538,7 +538,13 @@ For full details of the options listed b
.It GatewayPorts
.It GlobalKnownHostsFile
.It GSSAPIAuthentication
@ -3448,7 +3450,7 @@ diff --color -ruNp a/ssh.1 b/ssh.1
.It HashKnownHosts
.It Host
.It HostbasedAcceptedAlgorithms
@@ -624,6 +630,8 @@ flag),
@@ -626,6 +632,8 @@ flag),
(supported message integrity codes),
.Ar kex
(key exchange algorithms),
@ -3458,8 +3460,8 @@ diff --color -ruNp a/ssh.1 b/ssh.1
(key types),
.Ar key-ca-sign
diff --color -ruNp a/ssh.c b/ssh.c
--- a/ssh.c 2024-07-01 06:36:28.000000000 +0200
+++ b/ssh.c 2024-09-16 11:46:34.702940054 +0200
--- a/ssh.c 2024-09-20 00:20:48.000000000 +0200
+++ b/ssh.c 2026-03-13 12:16:40.012768046 +0100
@@ -827,6 +827,8 @@ main(int ac, char **av)
else if (strcmp(optarg, "kex") == 0 ||
strcasecmp(optarg, "KexAlgorithms") == 0)
@ -3481,8 +3483,8 @@ diff --color -ruNp a/ssh.c b/ssh.c
if (cp == NULL)
fatal("Unsupported query \"%s\"", optarg);
diff --color -ruNp a/ssh_config b/ssh_config
--- a/ssh_config 2024-09-16 11:45:56.884133795 +0200
+++ b/ssh_config 2024-09-16 11:46:34.702940054 +0200
--- a/ssh_config 2026-03-13 12:32:48.487976307 +0100
+++ b/ssh_config 2026-03-13 12:16:40.007769377 +0100
@@ -24,6 +24,8 @@
# HostbasedAuthentication no
# GSSAPIAuthentication no
@ -3493,8 +3495,8 @@ diff --color -ruNp a/ssh_config b/ssh_config
# CheckHostIP no
# AddressFamily any
diff --color -ruNp a/ssh_config.5 b/ssh_config.5
--- a/ssh_config.5 2024-07-01 06:36:28.000000000 +0200
+++ b/ssh_config.5 2024-09-16 11:46:34.703940075 +0200
--- a/ssh_config.5 2024-09-20 00:20:48.000000000 +0200
+++ b/ssh_config.5 2026-03-13 12:16:40.013000257 +0100
@@ -938,10 +938,68 @@ The default is
Specifies whether user authentication based on GSSAPI is allowed.
The default is
@ -3565,8 +3567,8 @@ diff --color -ruNp a/ssh_config.5 b/ssh_config.5
Indicates that
.Xr ssh 1
diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
--- a/sshconnect2.c 2024-07-01 06:36:28.000000000 +0200
+++ b/sshconnect2.c 2024-09-16 11:46:34.703940075 +0200
--- a/sshconnect2.c 2024-09-20 00:20:48.000000000 +0200
+++ b/sshconnect2.c 2026-03-13 12:16:40.008053898 +0100
@@ -222,6 +222,11 @@ ssh_kex2(struct ssh *ssh, char *host, st
char *all_key, *hkalgs = NULL;
int r, use_known_hosts_order = 0;
@ -3669,7 +3671,7 @@ diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
#ifdef DEBUG_KEXDH
/* send 1st encrypted/maced/compressed message */
if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||
@@ -368,6 +439,7 @@ static int input_gssapi_response(int typ
@@ -369,6 +440,7 @@ static int input_gssapi_response(int typ
static int input_gssapi_token(int type, u_int32_t, struct ssh *);
static int input_gssapi_error(int, u_int32_t, struct ssh *);
static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
@ -3677,7 +3679,7 @@ diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
#endif
void userauth(struct ssh *, char *);
@@ -384,6 +456,11 @@ static char *authmethods_get(void);
@@ -385,6 +457,11 @@ static char *authmethods_get(void);
Authmethod authmethods[] = {
#ifdef GSSAPI
@ -3689,7 +3691,7 @@ diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
{"gssapi-with-mic",
userauth_gssapi,
userauth_gssapi_cleanup,
@@ -755,12 +832,32 @@ userauth_gssapi(struct ssh *ssh)
@@ -756,12 +833,32 @@ userauth_gssapi(struct ssh *ssh)
OM_uint32 min;
int r, ok = 0;
gss_OID mech = NULL;
@ -3723,7 +3725,7 @@ diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
/* Check to see whether the mechanism is usable before we offer it */
while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
@@ -769,13 +866,15 @@ userauth_gssapi(struct ssh *ssh)
@@ -770,13 +867,15 @@ userauth_gssapi(struct ssh *ssh)
elements[authctxt->mech_tried];
/* My DER encoding requires length<128 */
if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
@ -3740,7 +3742,7 @@ diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
if (!ok || mech == NULL)
return 0;
@@ -1009,6 +1108,55 @@ input_gssapi_error(int type, u_int32_t p
@@ -1010,6 +1109,55 @@ input_gssapi_error(int type, u_int32_t p
free(lang);
return r;
}
@ -3797,9 +3799,9 @@ diff --color -ruNp a/sshconnect2.c b/sshconnect2.c
static int
diff --color -ruNp a/sshd.c b/sshd.c
--- a/sshd.c 2024-07-01 06:36:28.000000000 +0200
+++ b/sshd.c 2024-09-16 11:46:34.704940096 +0200
@@ -1551,7 +1551,8 @@ main(int ac, char **av)
--- a/sshd.c 2024-09-20 00:20:48.000000000 +0200
+++ b/sshd.c 2026-03-13 12:16:40.008426802 +0100
@@ -1558,7 +1558,8 @@ main(int ac, char **av)
free(fp);
}
accumulate_host_timing_secret(cfg, NULL);
@ -3810,8 +3812,8 @@ diff --color -ruNp a/sshd.c b/sshd.c
exit(1);
}
diff --color -ruNp a/sshd_config b/sshd_config
--- a/sshd_config 2024-09-16 11:45:56.888133880 +0200
+++ b/sshd_config 2024-09-16 11:46:34.704940096 +0200
--- a/sshd_config 2026-03-13 12:32:48.491841092 +0100
+++ b/sshd_config 2026-03-13 12:16:40.008629209 +0100
@@ -77,6 +77,8 @@ AuthorizedKeysFile .ssh/authorized_keys
# GSSAPI options
#GSSAPIAuthentication no
@ -3822,8 +3824,8 @@ diff --color -ruNp a/sshd_config b/sshd_config
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
diff --color -ruNp a/sshd_config.5 b/sshd_config.5
--- a/sshd_config.5 2024-09-16 11:45:56.885133816 +0200
+++ b/sshd_config.5 2024-09-16 11:46:34.704940096 +0200
--- a/sshd_config.5 2026-03-13 12:32:48.489069461 +0100
+++ b/sshd_config.5 2026-03-13 12:16:40.013495921 +0100
@@ -739,6 +739,11 @@ Specifies whether to automatically destr
on logout.
The default is
@ -3870,9 +3872,9 @@ diff --color -ruNp a/sshd_config.5 b/sshd_config.5
Specifies the signature algorithms that will be accepted for hostbased
authentication as a list of comma-separated patterns.
diff --color -ruNp a/sshd-session.c b/sshd-session.c
--- a/sshd-session.c 2024-09-16 11:45:56.888133880 +0200
+++ b/sshd-session.c 2024-09-16 11:46:34.705940118 +0200
@@ -660,8 +660,8 @@ notify_hostkeys(struct ssh *ssh)
--- a/sshd-session.c 2026-03-13 12:32:48.491392577 +0100
+++ b/sshd-session.c 2026-03-13 12:16:40.013202390 +0100
@@ -662,8 +662,8 @@ notify_hostkeys(struct ssh *ssh)
}
debug3_f("sent %u hostkeys", nkeys);
if (nkeys == 0)
@ -3883,7 +3885,7 @@ diff --color -ruNp a/sshd-session.c b/sshd-session.c
sshpkt_fatal(ssh, r, "%s: send", __func__);
sshbuf_free(buf);
}
@@ -1180,8 +1180,9 @@ main(int ac, char **av)
@@ -1182,8 +1182,9 @@ main(int ac, char **av)
break;
}
}
@ -3895,7 +3897,7 @@ diff --color -ruNp a/sshd-session.c b/sshd-session.c
/* Ensure that umask disallows at least group and world write */
new_umask = umask(0077) | 0022;
@@ -1462,6 +1463,48 @@ do_ssh2_kex(struct ssh *ssh)
@@ -1476,6 +1477,48 @@ do_ssh2_kex(struct ssh *ssh)
free(hkalgs);
@ -3944,7 +3946,7 @@ diff --color -ruNp a/sshd-session.c b/sshd-session.c
/* start key exchange */
if ((r = kex_setup(ssh, myproposal)) != 0)
fatal_r(r, "kex_setup");
@@ -1479,7 +1522,18 @@ do_ssh2_kex(struct ssh *ssh)
@@ -1493,7 +1536,18 @@ do_ssh2_kex(struct ssh *ssh)
#ifdef OPENSSL_HAS_ECC
kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
#endif
@ -3965,8 +3967,8 @@ diff --color -ruNp a/sshd-session.c b/sshd-session.c
kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
kex->kex[KEX_KEM_MLKEM768X25519_SHA256] = kex_gen_server;
diff --color -ruNp a/ssh-gss.h b/ssh-gss.h
--- a/ssh-gss.h 2024-07-01 06:36:28.000000000 +0200
+++ b/ssh-gss.h 2024-09-16 11:46:34.710940224 +0200
--- a/ssh-gss.h 2024-09-20 00:20:48.000000000 +0200
+++ b/ssh-gss.h 2026-03-13 12:16:40.013453154 +0100
@@ -61,10 +61,36 @@
#define SSH_GSS_OIDTYPE 0x06
@ -4092,9 +4094,9 @@ diff --color -ruNp a/ssh-gss.h b/ssh-gss.h
#endif /* _SSH_GSS_H */
diff --color -ruNp a/sshkey.c b/sshkey.c
--- a/sshkey.c 2024-07-01 06:36:28.000000000 +0200
+++ b/sshkey.c 2024-09-16 11:46:34.706940139 +0200
@@ -131,6 +131,75 @@ extern const struct sshkey_impl sshkey_x
--- a/sshkey.c 2024-09-20 00:20:48.000000000 +0200
+++ b/sshkey.c 2026-03-13 12:16:40.006634461 +0100
@@ -132,6 +132,75 @@ extern const struct sshkey_impl sshkey_x
extern const struct sshkey_impl sshkey_xmss_cert_impl;
#endif
@ -4170,7 +4172,7 @@ diff --color -ruNp a/sshkey.c b/sshkey.c
const struct sshkey_impl * const keyimpls[] = {
&sshkey_ed25519_impl,
&sshkey_ed25519_cert_impl,
@@ -169,6 +238,7 @@ const struct sshkey_impl * const keyimpl
@@ -170,6 +239,7 @@ const struct sshkey_impl * const keyimpl
&sshkey_xmss_impl,
&sshkey_xmss_cert_impl,
#endif
@ -4178,7 +4180,7 @@ diff --color -ruNp a/sshkey.c b/sshkey.c
NULL
};
@@ -324,7 +394,7 @@ sshkey_alg_list(int certs_only, int plai
@@ -339,7 +409,7 @@ sshkey_alg_list(int certs_only, int plai
for (i = 0; keyimpls[i] != NULL; i++) {
impl = keyimpls[i];
@ -4188,9 +4190,9 @@ diff --color -ruNp a/sshkey.c b/sshkey.c
if (!include_sigonly && impl->sigonly)
continue;
diff --color -ruNp a/sshkey.h b/sshkey.h
--- a/sshkey.h 2024-07-01 06:36:28.000000000 +0200
+++ b/sshkey.h 2024-09-16 11:46:34.706940139 +0200
@@ -71,6 +71,7 @@ enum sshkey_types {
--- a/sshkey.h 2024-09-20 00:20:48.000000000 +0200
+++ b/sshkey.h 2026-03-13 12:16:40.008972328 +0100
@@ -73,6 +73,7 @@ enum sshkey_types {
KEY_ECDSA_SK_CERT,
KEY_ED25519_SK,
KEY_ED25519_SK_CERT,

3
openssh.spec
View File

@ -729,6 +729,9 @@ test -f %{sysconfig_anaconda} && \
Resolves: RHEL-121768
- Fix GSSAPI authentication indicator issues found by AI
Resolves: RHEL-154309
- CVE-2026-3497: Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex
Resolves: RHEL-155813
* Wed Mar 11 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-21
- Implement obtaining Kerberos tickets on behalf of user on SSH authentication