Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh/lib merge local changes between ...
details: https://anonhg.NetBSD.org/src/rev/1ee2891fb456
branches: trunk
changeset: 953317:1ee2891fb456
user: christos <christos%NetBSD.org@localhost>
date: Fri Mar 05 17:47:15 2021 +0000
description:
merge local changes between openssh 8.4 and 8.5
diffstat:
crypto/external/bsd/openssh/bin/sshd/Makefile | 4 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 64 +-
crypto/external/bsd/openssh/dist/PROTOCOL.agent | 6 +-
crypto/external/bsd/openssh/dist/addr.c | 4 +
crypto/external/bsd/openssh/dist/addrmatch.c | 351 +----
crypto/external/bsd/openssh/dist/auth-krb5.c | 5 +-
crypto/external/bsd/openssh/dist/auth-options.c | 20 +-
crypto/external/bsd/openssh/dist/auth-passwd.c | 10 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 11 +-
crypto/external/bsd/openssh/dist/auth.c | 199 +--
crypto/external/bsd/openssh/dist/auth.h | 16 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 42 +-
crypto/external/bsd/openssh/dist/auth2-gss.c | 33 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 65 +-
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 9 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 8 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 9 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 136 +-
crypto/external/bsd/openssh/dist/auth2.c | 68 +-
crypto/external/bsd/openssh/dist/authfd.c | 72 +-
crypto/external/bsd/openssh/dist/canohost.c | 13 +-
crypto/external/bsd/openssh/dist/channels.c | 496 ++---
crypto/external/bsd/openssh/dist/cipher.c | 9 +-
crypto/external/bsd/openssh/dist/clientloop.c | 568 ++++--
crypto/external/bsd/openssh/dist/compat.c | 61 +-
crypto/external/bsd/openssh/dist/compat.h | 14 +-
crypto/external/bsd/openssh/dist/crypto_api.h | 20 +-
crypto/external/bsd/openssh/dist/dh.c | 11 +-
crypto/external/bsd/openssh/dist/digest-openssl.c | 15 +-
crypto/external/bsd/openssh/dist/digest.h | 2 +-
crypto/external/bsd/openssh/dist/dns.c | 11 +-
crypto/external/bsd/openssh/dist/fatal.c | 12 +-
crypto/external/bsd/openssh/dist/gss-genr.c | 21 +-
crypto/external/bsd/openssh/dist/hostfile.c | 207 +-
crypto/external/bsd/openssh/dist/hostfile.h | 26 +-
crypto/external/bsd/openssh/dist/kex.c | 138 +-
crypto/external/bsd/openssh/dist/kex.h | 20 +-
crypto/external/bsd/openssh/dist/kexdh.c | 7 +-
crypto/external/bsd/openssh/dist/kexgen.c | 27 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 19 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 12 +-
crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c | 220 --
crypto/external/bsd/openssh/dist/krl.c | 103 +-
crypto/external/bsd/openssh/dist/log.c | 194 +-
crypto/external/bsd/openssh/dist/log.h | 89 +-
crypto/external/bsd/openssh/dist/match.c | 12 +-
crypto/external/bsd/openssh/dist/misc.c | 375 +++-
crypto/external/bsd/openssh/dist/misc.h | 34 +-
crypto/external/bsd/openssh/dist/moduli-gen/Makefile | 3 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 147 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 146 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 163 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 145 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 131 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 125 +-
crypto/external/bsd/openssh/dist/monitor.c | 387 ++--
crypto/external/bsd/openssh/dist/monitor_fdpass.c | 25 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 252 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 7 +-
crypto/external/bsd/openssh/dist/msg.c | 20 +-
crypto/external/bsd/openssh/dist/mux.c | 566 +++---
crypto/external/bsd/openssh/dist/myproposal.h | 16 +-
crypto/external/bsd/openssh/dist/namespace.h | 9 +-
crypto/external/bsd/openssh/dist/nchan.c | 72 +-
crypto/external/bsd/openssh/dist/packet.c | 94 +-
crypto/external/bsd/openssh/dist/readconf.c | 755 ++++++--
crypto/external/bsd/openssh/dist/readconf.h | 20 +-
crypto/external/bsd/openssh/dist/readpass.c | 75 +-
crypto/external/bsd/openssh/dist/sandbox-pledge.c | 13 +-
crypto/external/bsd/openssh/dist/sandbox-rlimit.c | 20 +-
crypto/external/bsd/openssh/dist/scp.1 | 19 +-
crypto/external/bsd/openssh/dist/scp.c | 21 +-
crypto/external/bsd/openssh/dist/servconf.c | 204 +-
crypto/external/bsd/openssh/dist/servconf.h | 19 +-
crypto/external/bsd/openssh/dist/serverloop.c | 90 +-
crypto/external/bsd/openssh/dist/session.c | 141 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 238 +-
crypto/external/bsd/openssh/dist/sftp-client.h | 17 +-
crypto/external/bsd/openssh/dist/sftp-common.c | 9 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 167 +-
crypto/external/bsd/openssh/dist/sftp.1 | 43 +-
crypto/external/bsd/openssh/dist/sftp.c | 93 +-
crypto/external/bsd/openssh/dist/sk-usbhid.c | 13 +-
crypto/external/bsd/openssh/dist/sntrup4591761.c | 1084 -------------
crypto/external/bsd/openssh/dist/sntrup4591761.sh | 57 -
crypto/external/bsd/openssh/dist/srclimit.c | 4 +
crypto/external/bsd/openssh/dist/ssh-add.c | 44 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 659 ++++---
crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c | 10 +-
crypto/external/bsd/openssh/dist/ssh-ed25519.c | 7 +-
crypto/external/bsd/openssh/dist/ssh-gss.h | 6 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 25 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 324 +--
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 32 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 59 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 58 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 77 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 104 +-
crypto/external/bsd/openssh/dist/ssh-sk-client.c | 82 +-
crypto/external/bsd/openssh/dist/ssh-sk-helper.c | 51 +-
crypto/external/bsd/openssh/dist/ssh-sk.c | 102 +-
crypto/external/bsd/openssh/dist/ssh-xmss.c | 14 +-
crypto/external/bsd/openssh/dist/ssh.1 | 12 +-
crypto/external/bsd/openssh/dist/ssh.c | 460 ++--
crypto/external/bsd/openssh/dist/ssh2.h | 6 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 37 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 271 ++-
crypto/external/bsd/openssh/dist/sshconnect.c | 548 ++++-
crypto/external/bsd/openssh/dist/sshconnect.h | 49 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 376 ++--
crypto/external/bsd/openssh/dist/sshd.c | 243 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 117 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.c | 60 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.h | 9 +-
crypto/external/bsd/openssh/dist/sshkey.c | 70 +-
crypto/external/bsd/openssh/dist/sshkey.h | 17 +-
crypto/external/bsd/openssh/dist/sshlogin.c | 13 +-
crypto/external/bsd/openssh/dist/sshsig.c | 124 +-
crypto/external/bsd/openssh/dist/ttymodes.c | 48 +-
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/lib/Makefile | 9 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
122 files changed, 6489 insertions(+), 6924 deletions(-)
diffs (truncated from 29578 to 300 lines):
diff -r 0b742b2463e6 -r 1ee2891fb456 crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile Fri Mar 05 17:47:15 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.22 2020/06/15 01:57:29 christos Exp $
+# $NetBSD: Makefile,v 1.23 2021/03/05 17:47:15 christos Exp $
.include <bsd.own.mk>
@@ -13,7 +13,7 @@
auth-krb5.c auth2-chall.c groupaccess.c \
auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
auth2-none.c auth2-passwd.c auth2-pubkey.c \
- monitor.c monitor_wrap.c \
+ monitor.c monitor_wrap.c srclimit.c \
kexgexs.c sftp-server.c sftp-common.c \
sftp-realpath.c sandbox-rlimit.c pfilter.c
diff -r 0b742b2463e6 -r 1ee2891fb456 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Fri Mar 05 17:47:15 2021 +0000
@@ -292,6 +292,7 @@
byte SSH_MSG_GLOBAL_REQUEST
string "hostkeys-00%openssh.com@localhost"
+ char 0 /* want-reply */
string[] hostkeys
Upon receiving this message, a client should check which of the
@@ -465,6 +466,65 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
+3.7. sftp: Extension request "lsetstat%openssh.com@localhost"
+
+This request is like the "setstat" command, but sets file attributes on
+symlinks. It is implemented as a SSH_FXP_EXTENDED request with the
+following format:
+
+ uint32 id
+ string "lsetstat%openssh.com@localhost"
+ string path
+ ATTRS attrs
+
+See the "setstat" command for more details.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+3.8. sftp: Extension request "limits%openssh.com@localhost"
+
+This request is used to determine various limits the server might impose.
+Clients should not attempt to exceed these limits as the server might sever
+the connection immediately.
+
+ uint32 id
+ string "limits%openssh.com@localhost"
+
+The server will respond with a SSH_FXP_EXTENDED_REPLY reply:
+
+ uint32 id
+ uint64 max-packet-length
+ uint64 max-read-length
+ uint64 max-write-length
+ uint64 max-open-handles
+
+The 'max-packet-length' applies to the total number of bytes in a
+single SFTP packet. Servers SHOULD set this at least to 34000.
+
+The 'max-read-length' is the largest length in a SSH_FXP_READ packet.
+Even if the client requests a larger size, servers will usually respond
+with a shorter SSH_FXP_DATA packet. Servers SHOULD set this at least to
+32768.
+
+The 'max-write-length' is the largest length in a SSH_FXP_WRITE packet
+the server will accept. Servers SHOULD set this at least to 32768.
+
+The 'max-open-handles' is the maximum number of active handles that the
+server allows (e.g. handles created by SSH_FXP_OPEN and SSH_FXP_OPENDIR
+packets). Servers MAY count internal file handles against this limit
+(e.g. system logging or stdout/stderr), so clients SHOULD NOT expect to
+open this many handles in practice.
+
+If the server doesn't enforce a specific limit, then the field may be
+set to 0. This implies the server relies on the OS to enforce limits
+(e.g. available memory or file handles), and such limits might be
+dynamic. The client SHOULD take care to not try to exceed reasonable
+limits.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
4. Miscellaneous changes
4.1 Public key format
@@ -496,5 +556,5 @@
PROTOCOL.mux over a Unix domain socket for communications between a
master instance and later clients.
-$OpenBSD: PROTOCOL,v 1.38 2020/07/05 23:59:45 djm Exp $
-$NetBSD: PROTOCOL,v 1.15 2020/12/04 18:42:49 christos Exp $
+$OpenBSD: PROTOCOL,v 1.41 2021/02/18 02:49:35 djm Exp $
+$NetBSD: PROTOCOL,v 1.16 2021/03/05 17:47:15 christos Exp $
diff -r 0b742b2463e6 -r 1ee2891fb456 crypto/external/bsd/openssh/dist/PROTOCOL.agent
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent Fri Mar 05 17:47:15 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: PROTOCOL.agent,v 1.10 2020/12/04 18:42:49 christos Exp $
+$NetBSD: PROTOCOL.agent,v 1.11 2021/03/05 17:47:15 christos Exp $
This file used to contain a description of the SSH agent protocol
implemented by OpenSSH. It has since been superseded by
-https://tools.ietf.org/html/draft-miller-ssh-agent-00
+https://tools.ietf.org/html/draft-miller-ssh-agent-04
-$OpenBSD: PROTOCOL.agent,v 1.13 2020/08/31 00:17:41 djm Exp $
+$OpenBSD: PROTOCOL.agent,v 1.14 2020/10/06 07:12:04 dtucker Exp $
diff -r 0b742b2463e6 -r 1ee2891fb456 crypto/external/bsd/openssh/dist/addr.c
--- a/crypto/external/bsd/openssh/dist/addr.c Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/addr.c Fri Mar 05 17:47:15 2021 +0000
@@ -1,3 +1,4 @@
+/* $NetBSD: addr.c,v 1.2 2021/03/05 17:47:15 christos Exp $ */
/* $OpenBSD: addr.c,v 1.1 2021/01/09 11:58:50 dtucker Exp $ */
/*
@@ -16,6 +17,9 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include "includes.h"
+__RCSID("$NetBSD: addr.c,v 1.2 2021/03/05 17:47:15 christos Exp $");
+
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
diff -r 0b742b2463e6 -r 1ee2891fb456 crypto/external/bsd/openssh/dist/addrmatch.c
--- a/crypto/external/bsd/openssh/dist/addrmatch.c Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/addrmatch.c Fri Mar 05 17:47:15 2021 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: addrmatch.c,v 1.13 2019/01/27 02:08:33 pgoyette Exp $ */
-/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
+/* $NetBSD: addrmatch.c,v 1.14 2021/03/05 17:47:15 christos Exp $ */
+/* $OpenBSD: addrmatch.c,v 1.16 2021/01/09 11:58:50 dtucker Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm%mindrot.org@localhost>
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: addrmatch.c,v 1.13 2019/01/27 02:08:33 pgoyette Exp $");
+__RCSID("$NetBSD: addrmatch.c,v 1.14 2021/03/05 17:47:15 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -30,335 +30,10 @@
#include <stdio.h>
#include <stdarg.h>
+#include "addr.h"
#include "match.h"
#include "log.h"
-struct xaddr {
- sa_family_t af;
- union {
- struct in_addr v4;
- struct in6_addr v6;
- u_int8_t addr8[16];
- u_int32_t addr32[4];
- } xa; /* 128-bit address */
- u_int32_t scope_id; /* iface scope id for v6 */
-#define v4 xa.v4
-#define v6 xa.v6
-#define addr8 xa.addr8
-#define addr32 xa.addr32
-};
-
-static int
-addr_unicast_masklen(int af)
-{
- switch (af) {
- case AF_INET:
- return 32;
- case AF_INET6:
- return 128;
- default:
- return -1;
- }
-}
-
-static inline int
-masklen_valid(int af, u_int masklen)
-{
- switch (af) {
- case AF_INET:
- return masklen <= 32 ? 0 : -1;
- case AF_INET6:
- return masklen <= 128 ? 0 : -1;
- default:
- return -1;
- }
-}
-
-/*
- * Convert struct sockaddr to struct xaddr
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
-{
- struct sockaddr_in *in4 = (struct sockaddr_in *)(void *)sa;
- struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)(void *)sa;
-
- memset(xa, '\0', sizeof(*xa));
-
- switch (sa->sa_family) {
- case AF_INET:
- if (slen < (socklen_t)sizeof(*in4))
- return -1;
- xa->af = AF_INET;
- memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
- break;
- case AF_INET6:
- if (slen < (socklen_t)sizeof(*in6))
- return -1;
- xa->af = AF_INET6;
- memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
- xa->scope_id = in6->sin6_scope_id;
- break;
- default:
- return -1;
- }
-
- return 0;
-}
-
-/*
- * Calculate a netmask of length 'l' for address family 'af' and
- * store it in 'n'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_netmask(int af, u_int l, struct xaddr *n)
-{
- int i;
-
- if (masklen_valid(af, l) != 0 || n == NULL)
- return -1;
-
- memset(n, '\0', sizeof(*n));
- switch (af) {
- case AF_INET:
- n->af = AF_INET;
- if (l == 0)
- return 0;
- n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
- return 0;
- case AF_INET6:
- n->af = AF_INET6;
- for (i = 0; i < 4 && l >= 32; i++, l -= 32)
- n->addr32[i] = 0xffffffffU;
- if (i < 4 && l != 0)
- n->addr32[i] = htonl((0xffffffff << (32 - l)) &
- 0xffffffff);
- return 0;
- default:
- return -1;
- }
-}
-
-/*
- * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
-{
- int i;
-
- if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
- return -1;
-
- memcpy(dst, a, sizeof(*dst));
- switch (a->af) {
- case AF_INET:
- dst->v4.s_addr &= b->v4.s_addr;
- return 0;
- case AF_INET6:
- dst->scope_id = a->scope_id;
- for (i = 0; i < 4; i++)
- dst->addr32[i] &= b->addr32[i];
- return 0;
- default:
- return -1;
- }
-}
-
-/*
- * Compare addresses 'a' and 'b'
- * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)
Home |
Main Index |
Thread Index |
Old Index