Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh Merge changes between OpenSSH-9....
details: https://anonhg.NetBSD.org/src/rev/77ff961b9c9e
branches: trunk
changeset: 378209:77ff961b9c9e
user: christos <christos%NetBSD.org@localhost>
date: Wed Jul 26 17:58:15 2023 +0000
description:
Merge changes between OpenSSH-9.1 and OpenSSH-9.3
diffstat:
crypto/external/bsd/openssh/dist/PROTOCOL | 6 +-
crypto/external/bsd/openssh/dist/addr.c | 77 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 8 +-
crypto/external/bsd/openssh/dist/auth.c | 17 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 14 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 7 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 13 +-
crypto/external/bsd/openssh/dist/auth2-pubkeyfile.c | 8 +-
crypto/external/bsd/openssh/dist/auth2.c | 9 +-
crypto/external/bsd/openssh/dist/authfd.c | 14 +-
crypto/external/bsd/openssh/dist/authfile.c | 9 +-
crypto/external/bsd/openssh/dist/canohost.c | 10 +-
crypto/external/bsd/openssh/dist/channels.c | 291 +-
crypto/external/bsd/openssh/dist/channels.h | 28 +-
crypto/external/bsd/openssh/dist/clientloop.c | 188 +-
crypto/external/bsd/openssh/dist/compat.c | 72 +-
crypto/external/bsd/openssh/dist/compat.h | 16 +-
crypto/external/bsd/openssh/dist/crypto_api.h | 6 +-
crypto/external/bsd/openssh/dist/dispatch.c | 7 +-
crypto/external/bsd/openssh/dist/dns.c | 12 +-
crypto/external/bsd/openssh/dist/dns.h | 6 +-
crypto/external/bsd/openssh/dist/ed25519.c | 2049 ++++++++++++++-
crypto/external/bsd/openssh/dist/fe25519.c | 337 --
crypto/external/bsd/openssh/dist/fe25519.h | 71 -
crypto/external/bsd/openssh/dist/ge25519.c | 321 --
crypto/external/bsd/openssh/dist/ge25519.h | 44 -
crypto/external/bsd/openssh/dist/ge25519_base.data | 858 ------
crypto/external/bsd/openssh/dist/hostfile.c | 19 +-
crypto/external/bsd/openssh/dist/kex.c | 89 +-
crypto/external/bsd/openssh/dist/kex.h | 13 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 7 +-
crypto/external/bsd/openssh/dist/krl.c | 7 +-
crypto/external/bsd/openssh/dist/misc.c | 103 +-
crypto/external/bsd/openssh/dist/misc.h | 16 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 142 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 147 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 134 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 149 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 129 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 140 +-
crypto/external/bsd/openssh/dist/moduli.c | 18 +-
crypto/external/bsd/openssh/dist/monitor.c | 12 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 8 +-
crypto/external/bsd/openssh/dist/mux.c | 13 +-
crypto/external/bsd/openssh/dist/packet.c | 7 +-
crypto/external/bsd/openssh/dist/progressmeter.c | 109 +-
crypto/external/bsd/openssh/dist/readconf.c | 88 +-
crypto/external/bsd/openssh/dist/readconf.h | 6 +-
crypto/external/bsd/openssh/dist/sc25519.c | 308 --
crypto/external/bsd/openssh/dist/sc25519.h | 81 -
crypto/external/bsd/openssh/dist/scp.1 | 31 +-
crypto/external/bsd/openssh/dist/scp.c | 153 +-
crypto/external/bsd/openssh/dist/servconf.c | 155 +-
crypto/external/bsd/openssh/dist/servconf.h | 11 +-
crypto/external/bsd/openssh/dist/serverloop.c | 105 +-
crypto/external/bsd/openssh/dist/session.c | 34 +-
crypto/external/bsd/openssh/dist/session.h | 6 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 31 +-
crypto/external/bsd/openssh/dist/sftp-glob.c | 38 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 11 +-
crypto/external/bsd/openssh/dist/sftp.1 | 20 +-
crypto/external/bsd/openssh/dist/sftp.c | 52 +-
crypto/external/bsd/openssh/dist/sntrup761.c | 48 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 14 +-
crypto/external/bsd/openssh/dist/ssh-agent.1 | 51 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 40 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 289 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa-sk.c | 176 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 320 ++-
crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c | 144 +-
crypto/external/bsd/openssh/dist/ssh-ed25519.c | 183 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 21 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 53 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.1 | 41 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 74 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 12 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 357 ++-
crypto/external/bsd/openssh/dist/ssh-sk-helper.c | 8 +-
crypto/external/bsd/openssh/dist/ssh-xmss.c | 233 +-
crypto/external/bsd/openssh/dist/ssh.1 | 7 +-
crypto/external/bsd/openssh/dist/ssh.c | 54 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 8 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 23 +-
crypto/external/bsd/openssh/dist/sshbuf.c | 27 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 29 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 30 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 86 +-
crypto/external/bsd/openssh/dist/sshd.8 | 24 +-
crypto/external/bsd/openssh/dist/sshd.c | 118 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 118 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.c | 9 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.h | 7 +-
crypto/external/bsd/openssh/dist/sshkey.c | 1989 +++-----------
crypto/external/bsd/openssh/dist/sshkey.h | 84 +-
crypto/external/bsd/openssh/dist/umac.c | 9 +-
crypto/external/bsd/openssh/dist/verify.c | 49 -
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/lib/Makefile | 6 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
99 files changed, 6355 insertions(+), 5288 deletions(-)
diffs (truncated from 16728 to 300 lines):
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Wed Jul 26 17:58:15 2023 +0000
@@ -637,7 +637,7 @@ https://datatracker.ietf.org/doc/html/dr
4.12. sftp: Extension request "users-groups-by-id%openssh.com@localhost"
-This request asks the server to returns user and/or group names that
+This request asks the server to return user and/or group names that
correspond to one or more IDs (e.g. as returned from a SSH_FXP_STAT
request). This may be used by the client to provide usernames in
directory listings.
@@ -712,5 +712,5 @@ 5.5. Agent protocol extensions
OpenSSH extends the usual agent protocol. These changes are documented
in the PROTOCOL.agent file.
-$OpenBSD: PROTOCOL,v 1.47 2022/09/19 10:40:52 djm Exp $
-$NetBSD: PROTOCOL,v 1.20 2022/10/05 22:39:36 christos Exp $
+$OpenBSD: PROTOCOL,v 1.48 2022/11/07 01:53:01 dtucker Exp $
+$NetBSD: PROTOCOL,v 1.21 2023/07/26 17:58:15 christos Exp $
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/addr.c
--- a/crypto/external/bsd/openssh/dist/addr.c Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/addr.c Wed Jul 26 17:58:15 2023 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: addr.c,v 1.4 2022/10/05 22:39:36 christos Exp $ */
-/* $OpenBSD: addr.c,v 1.5 2022/04/29 04:55:07 djm Exp $ */
+/* $NetBSD: addr.c,v 1.5 2023/07/26 17:58:15 christos Exp $ */
+/* $OpenBSD: addr.c,v 1.6 2022/10/28 02:29:34 djm Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm%mindrot.org@localhost>
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: addr.c,v 1.4 2022/10/05 22:39:36 christos Exp $");
+__RCSID("$NetBSD: addr.c,v 1.5 2023/07/26 17:58:15 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
@@ -228,6 +228,28 @@ addr_and(struct xaddr *dst, const struct
}
int
+addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
+{
+ int i;
+
+ if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
+ return (-1);
+
+ memcpy(dst, a, sizeof(*dst));
+ switch (a->af) {
+ case AF_INET:
+ dst->v4.s_addr |= b->v4.s_addr;
+ return (0);
+ case AF_INET6:
+ for (i = 0; i < 4; i++)
+ dst->addr32[i] |= b->addr32[i];
+ return (0);
+ default:
+ return (-1);
+ }
+}
+
+int
addr_cmp(const struct xaddr *a, const struct xaddr *b)
{
int i;
@@ -278,6 +300,29 @@ addr_is_all0s(const struct xaddr *a)
}
}
+/* Increment the specified address. Note, does not do overflow checking */
+void
+addr_increment(struct xaddr *a)
+{
+ int i;
+ uint32_t n;
+
+ switch (a->af) {
+ case AF_INET:
+ a->v4.s_addr = htonl(ntohl(a->v4.s_addr) + 1);
+ break;
+ case AF_INET6:
+ for (i = 0; i < 4; i++) {
+ /* Increment with carry */
+ n = ntohl(a->addr32[3 - i]) + 1;
+ a->addr32[3 - i] = htonl(n);
+ if (n != 0)
+ break;
+ }
+ break;
+ }
+}
+
/*
* Test whether host portion of address 'a', as determined by 'masklen'
* is all zeros.
@@ -297,6 +342,32 @@ addr_host_is_all0s(const struct xaddr *a
return addr_is_all0s(&tmp_result);
}
+#if 0
+int
+addr_host_to_all0s(struct xaddr *a, u_int masklen)
+{
+ struct xaddr tmp_mask;
+
+ if (addr_netmask(a->af, masklen, &tmp_mask) == -1)
+ return (-1);
+ if (addr_and(a, a, &tmp_mask) == -1)
+ return (-1);
+ return (0);
+}
+#endif
+
+int
+addr_host_to_all1s(struct xaddr *a, u_int masklen)
+{
+ struct xaddr tmp_mask;
+
+ if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
+ return (-1);
+ if (addr_or(a, a, &tmp_mask) == -1)
+ return (-1);
+ return (0);
+}
+
/*
* Parse string address 'p' into 'n'.
* Returns 0 on success, -1 on failure.
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/auth-rhosts.c
--- a/crypto/external/bsd/openssh/dist/auth-rhosts.c Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c Wed Jul 26 17:58:15 2023 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-rhosts.c,v 1.15 2022/04/15 14:00:06 christos Exp $ */
-/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */
+/* $NetBSD: auth-rhosts.c,v 1.16 2023/07/26 17:58:15 christos Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.57 2022/12/09 00:17:40 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -16,10 +16,11 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-rhosts.c,v 1.15 2022/04/15 14:00:06 christos Exp $");
+__RCSID("$NetBSD: auth-rhosts.c,v 1.16 2023/07/26 17:58:15 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
+#include <errno.h>
#include <fcntl.h>
#include <netgroup.h>
#include <pwd.h>
@@ -282,6 +283,7 @@ auth_rhosts2(struct passwd *pw, const ch
xasprintf(&path, "%s/%s",
pw->pw_dir, rhosts_files[rhosts_file_index]);
if (stat(path, &st) == -1) {
+ debug3_f("stat %s: %s", path, strerror(errno));
free(path);
continue;
}
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/auth.c
--- a/crypto/external/bsd/openssh/dist/auth.c Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.c Wed Jul 26 17:58:15 2023 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: auth.c,v 1.33 2022/10/05 22:39:36 christos Exp $ */
-/* $OpenBSD: auth.c,v 1.158 2022/06/03 04:47:21 djm Exp $ */
-
+/* $NetBSD: auth.c,v 1.34 2023/07/26 17:58:15 christos Exp $ */
+/* $OpenBSD: auth.c,v 1.160 2023/03/05 05:34:09 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -26,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.33 2022/10/05 22:39:36 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.34 2023/07/26 17:58:15 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
@@ -66,7 +65,6 @@
#include "authfile.h"
#include "monitor_wrap.h"
#include "ssherr.h"
-#include "compat.h"
#include "channels.h"
#include "pfilter.h"
@@ -639,14 +637,13 @@ auth_debug_add(const char *fmt,...)
va_list args;
int r;
- if (auth_debug == NULL)
- return;
-
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
- fatal_fr(r, "sshbuf_put_cstring");
+ debug3("%s", buf);
+ if (auth_debug != NULL)
+ if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
+ fatal_fr(r, "sshbuf_put_cstring");
}
void
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/auth2-hostbased.c
--- a/crypto/external/bsd/openssh/dist/auth2-hostbased.c Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-hostbased.c Wed Jul 26 17:58:15 2023 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: auth2-hostbased.c,v 1.22 2022/10/05 22:39:36 christos Exp $ */
-/* $OpenBSD: auth2-hostbased.c,v 1.50 2022/09/17 10:34:29 djm Exp $ */
-
+/* $NetBSD: auth2-hostbased.c,v 1.23 2023/07/26 17:58:15 christos Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -26,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth2-hostbased.c,v 1.22 2022/10/05 22:39:36 christos Exp $");
+__RCSID("$NetBSD: auth2-hostbased.c,v 1.23 2023/07/26 17:58:15 christos Exp $");
#include <sys/types.h>
#include <stdlib.h>
@@ -42,7 +41,6 @@
#include "log.h"
#include "misc.h"
#include "servconf.h"
-#include "compat.h"
#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
@@ -103,12 +101,6 @@ userauth_hostbased(struct ssh *ssh, cons
"(received %d, expected %d)", key->type, pktype);
goto done;
}
- if (sshkey_type_plain(key->type) == KEY_RSA &&
- (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
- error("Refusing RSA key because peer uses unsafe "
- "signature format");
- goto done;
- }
if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
logit_f("signature algorithm %s not in "
"HostbasedAcceptedAlgorithms", pkalg);
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/auth2-none.c
--- a/crypto/external/bsd/openssh/dist/auth2-none.c Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-none.c Wed Jul 26 17:58:15 2023 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth2-none.c,v 1.13 2022/02/23 19:07:20 christos Exp $ */
-/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */
+/* $NetBSD: auth2-none.c,v 1.14 2023/07/26 17:58:15 christos Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.25 2023/03/05 05:34:09 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -25,7 +25,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth2-none.c,v 1.13 2022/02/23 19:07:20 christos Exp $");
+__RCSID("$NetBSD: auth2-none.c,v 1.14 2023/07/26 17:58:15 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
@@ -38,7 +38,6 @@
#include "log.h"
#include "misc.h"
#include "servconf.h"
-#include "compat.h"
#include "ssh2.h"
#include "ssherr.h"
#ifdef GSSAPI
diff -r 7874bd408ec7 -r 77ff961b9c9e crypto/external/bsd/openssh/dist/auth2-pubkey.c
--- a/crypto/external/bsd/openssh/dist/auth2-pubkey.c Wed Jul 26 17:31:29 2023 +0000
+++ b/crypto/external/bsd/openssh/dist/auth2-pubkey.c Wed Jul 26 17:58:15 2023 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: auth2-pubkey.c,v 1.32 2022/10/05 22:39:36 christos Exp $ */
-/* $OpenBSD: auth2-pubkey.c,v 1.117 2022/09/17 10:34:29 djm Exp $ */
-
+/* $NetBSD: auth2-pubkey.c,v 1.33 2023/07/26 17:58:15 christos Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.118 2023/02/17 04:22:50 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -27,7 +26,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.32 2022/10/05 22:39:36 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.33 2023/07/26 17:58:15 christos Exp $");
Home |
Main Index |
Thread Index |
Old Index