Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh merge openssh-8.1
details: https://anonhg.NetBSD.org/src/rev/b28a6f1d335e
branches: trunk
changeset: 464572:b28a6f1d335e
user: christos <christos%NetBSD.org@localhost>
date: Sat Oct 12 18:32:21 2019 +0000
description:
merge openssh-8.1
diffstat:
crypto/external/bsd/openssh/bin/sftp-server/Makefile | 4 +-
crypto/external/bsd/openssh/bin/ssh-keygen/Makefile | 4 +-
crypto/external/bsd/openssh/bin/sshd/Makefile | 4 +-
crypto/external/bsd/openssh/dist/auth-options.c | 81 +-
crypto/external/bsd/openssh/dist/auth-options.h | 7 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 16 +-
crypto/external/bsd/openssh/dist/auth.c | 22 +-
crypto/external/bsd/openssh/dist/auth.h | 4 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 8 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 7 +-
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 10 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 9 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 76 +-
crypto/external/bsd/openssh/dist/auth2.c | 10 +-
crypto/external/bsd/openssh/dist/authfd.c | 40 +-
crypto/external/bsd/openssh/dist/authfd.h | 7 +-
crypto/external/bsd/openssh/dist/authfile.c | 62 +-
crypto/external/bsd/openssh/dist/authfile.h | 9 +-
crypto/external/bsd/openssh/dist/canohost.c | 10 +-
crypto/external/bsd/openssh/dist/channels.c | 105 +-
crypto/external/bsd/openssh/dist/cipher.c | 9 +-
crypto/external/bsd/openssh/dist/cipher.h | 6 +-
crypto/external/bsd/openssh/dist/clientloop.c | 23 +-
crypto/external/bsd/openssh/dist/crc32.c | 109 --
crypto/external/bsd/openssh/dist/crc32.h | 31 -
crypto/external/bsd/openssh/dist/dh.c | 13 +-
crypto/external/bsd/openssh/dist/dh.h | 9 +-
crypto/external/bsd/openssh/dist/hmac.c | 5 +-
crypto/external/bsd/openssh/dist/hostfile.c | 14 +-
crypto/external/bsd/openssh/dist/kex.c | 109 ++-
crypto/external/bsd/openssh/dist/kex.h | 18 +-
crypto/external/bsd/openssh/dist/kexgen.c | 10 +-
crypto/external/bsd/openssh/dist/krl.c | 9 +-
crypto/external/bsd/openssh/dist/krl.h | 6 +-
crypto/external/bsd/openssh/dist/log.h | 6 +-
crypto/external/bsd/openssh/dist/mac.c | 8 +-
crypto/external/bsd/openssh/dist/match.c | 8 +-
crypto/external/bsd/openssh/dist/misc.c | 143 +++-
crypto/external/bsd/openssh/dist/misc.h | 10 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 158 ++-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 150 ++--
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 146 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 138 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 146 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 134 +-
crypto/external/bsd/openssh/dist/moduli.c | 10 +-
crypto/external/bsd/openssh/dist/monitor.c | 16 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 8 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 6 +-
crypto/external/bsd/openssh/dist/mux.c | 12 +-
crypto/external/bsd/openssh/dist/nchan.c | 10 +-
crypto/external/bsd/openssh/dist/packet.c | 21 +-
crypto/external/bsd/openssh/dist/packet.h | 16 +-
crypto/external/bsd/openssh/dist/progressmeter.c | 10 +-
crypto/external/bsd/openssh/dist/readconf.c | 37 +-
crypto/external/bsd/openssh/dist/readpass.c | 14 +-
crypto/external/bsd/openssh/dist/scp.1 | 8 +-
crypto/external/bsd/openssh/dist/scp.c | 30 +-
crypto/external/bsd/openssh/dist/servconf.c | 34 +-
crypto/external/bsd/openssh/dist/servconf.h | 6 +-
crypto/external/bsd/openssh/dist/serverloop.c | 12 +-
crypto/external/bsd/openssh/dist/session.c | 52 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 16 +-
crypto/external/bsd/openssh/dist/sftp-glob.c | 7 +-
crypto/external/bsd/openssh/dist/sftp-server-main.c | 8 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 33 +-
crypto/external/bsd/openssh/dist/sftp.1 | 46 +-
crypto/external/bsd/openssh/dist/sftp.c | 33 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 16 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 25 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 196 ++++-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 600 +++++++++++++--
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 26 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 17 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 29 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 79 +-
crypto/external/bsd/openssh/dist/ssh.1 | 8 +-
crypto/external/bsd/openssh/dist/ssh.c | 41 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 50 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 86 +-
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c | 166 ++++-
crypto/external/bsd/openssh/dist/sshbuf-misc.c | 98 ++-
crypto/external/bsd/openssh/dist/sshbuf.h | 64 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 70 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 11 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 49 +-
crypto/external/bsd/openssh/dist/sshd.c | 44 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 56 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.c | 34 +-
crypto/external/bsd/openssh/dist/sshkey.c | 455 ++++++++++-
crypto/external/bsd/openssh/dist/sshkey.h | 33 +-
crypto/external/bsd/openssh/dist/sshlogin.c | 9 +-
crypto/external/bsd/openssh/dist/sshpty.c | 29 +-
crypto/external/bsd/openssh/dist/sshsig.c | 8 +-
crypto/external/bsd/openssh/dist/uidswap.c | 23 +-
crypto/external/bsd/openssh/dist/umac.h | 8 +-
crypto/external/bsd/openssh/dist/uuencode.c | 96 --
crypto/external/bsd/openssh/dist/uuencode.h | 30 -
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/dist/xmalloc.c | 14 +-
crypto/external/bsd/openssh/dist/xmalloc.h | 5 +-
crypto/external/bsd/openssh/lib/Makefile | 4 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
103 files changed, 3034 insertions(+), 1815 deletions(-)
diffs (truncated from 10153 to 300 lines):
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/bin/sftp-server/Makefile
--- a/crypto/external/bsd/openssh/bin/sftp-server/Makefile Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/sftp-server/Makefile Sat Oct 12 18:32:21 2019 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+# $NetBSD: Makefile,v 1.2 2019/10/12 18:32:21 christos Exp $
BINDIR= /usr/libexec
PROG= sftp-server
-SRCS= sftp-server.c sftp-common.c sftp-server-main.c
+SRCS= sftp-server.c sftp-common.c sftp-server-main.c sftp-realpath.c
MAN= sftp-server.8
.include <bsd.prog.mk>
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/bin/ssh-keygen/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile Sat Oct 12 18:32:21 2019 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.4 2012/08/10 12:20:12 joerg Exp $
+# $NetBSD: Makefile,v 1.5 2019/10/12 18:32:21 christos Exp $
BINDIR= /usr/bin
PROG= ssh-keygen
-SRCS= ssh-keygen.c moduli.c
+SRCS= ssh-keygen.c moduli.c sshsig.c
COPTS.ssh-keygen.c= -Wno-pointer-sign
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile Sat Oct 12 18:32:21 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.17 2019/04/20 17:16:40 christos Exp $
+# $NetBSD: Makefile,v 1.18 2019/10/12 18:32:21 christos Exp $
.include <bsd.own.mk>
@@ -15,7 +15,7 @@
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor.c monitor_wrap.c \
kexgexs.c sftp-server.c sftp-common.c \
- sandbox-rlimit.c pfilter.c
+ sftp-realpath.c sandbox-rlimit.c pfilter.c
COPTS.auth-options.c+= -Wno-pointer-sign
COPTS.ldapauth.c+= -Wno-format-nonliteral # XXX: should fix
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Sat Oct 12 18:32:21 2019 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-options.c,v 1.20 2019/04/20 17:16:40 christos Exp $ */
-/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
+/* $NetBSD: auth-options.c,v 1.21 2019/10/12 18:32:22 christos Exp $ */
+/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
*
@@ -17,10 +17,11 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.20 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.21 2019/10/12 18:32:22 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
+#include <stdlib.h>
#include <netdb.h>
#include <pwd.h>
#include <string.h>
@@ -40,75 +41,6 @@
#include "ssh2.h"
#include "auth-options.h"
-/*
- * Match flag 'opt' in *optsp, and if allow_negate is set then also match
- * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
- * if negated option matches.
- * If the option or negated option matches, then *optsp is updated to
- * point to the first character after the option.
- */
-static int
-opt_flag(const char *opt, int allow_negate, const char **optsp)
-{
- size_t opt_len = strlen(opt);
- const char *opts = *optsp;
- int negate = 0;
-
- if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
- opts += 3;
- negate = 1;
- }
- if (strncasecmp(opts, opt, opt_len) == 0) {
- *optsp = opts + opt_len;
- return negate ? 0 : 1;
- }
- return -1;
-}
-
-static char *
-opt_dequote(const char **sp, const char **errstrp)
-{
- const char *s = *sp;
- char *ret;
- size_t i;
-
- *errstrp = NULL;
- if (*s != '"') {
- *errstrp = "missing start quote";
- return NULL;
- }
- s++;
- if ((ret = malloc(strlen((s)) + 1)) == NULL) {
- *errstrp = "memory allocation failed";
- return NULL;
- }
- for (i = 0; *s != '\0' && *s != '"';) {
- if (s[0] == '\\' && s[1] == '"')
- s++;
- ret[i++] = *s++;
- }
- if (*s == '\0') {
- *errstrp = "missing end quote";
- free(ret);
- return NULL;
- }
- ret[i] = '\0';
- s++;
- *sp = s;
- return ret;
-}
-
-static int
-opt_match(const char **opts, const char *term)
-{
- if (strncasecmp((*opts), term, strlen(term)) == 0 &&
- (*opts)[strlen(term)] == '=') {
- *opts += strlen(term) + 1;
- return 1;
- }
- return 0;
-}
-
static int
dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
{
@@ -321,7 +253,7 @@
size_t npermits = *npermitsp;
const char *errstr = "unknown error";
- if (npermits > INT_MAX) {
+ if (npermits > SSH_AUTHOPT_PERMIT_MAX) {
*errstrp = "too many permission directives";
return -1;
}
@@ -333,7 +265,8 @@
* Allow a bare port number in permitlisten to indicate a
* listen_host wildcard.
*/
- if (asprintf(&tmp, "*:%s", opt) < 0) {
+ if (asprintf(&tmp, "*:%s", opt) == -1) {
+ free(opt);
*errstrp = "memory allocation failed";
return -1;
}
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth-options.h
--- a/crypto/external/bsd/openssh/dist/auth-options.h Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.h Sat Oct 12 18:32:21 2019 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-options.h,v 1.11 2018/08/26 07:46:36 christos Exp $ */
-/* $OpenBSD: auth-options.h,v 1.27 2018/06/06 18:23:32 djm Exp $ */
+/* $NetBSD: auth-options.h,v 1.12 2019/10/12 18:32:22 christos Exp $ */
+/* $OpenBSD: auth-options.h,v 1.28 2019/07/09 04:15:00 djm Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
@@ -23,6 +23,9 @@
struct passwd;
struct sshkey;
+/* Maximum number of permitopen/permitlisten directives to accept */
+#define SSH_AUTHOPT_PERMIT_MAX 4096
+
/*
* sshauthopt represents key options parsed from authorized_keys or
* from certificate extensions/options.
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth-rhosts.c
--- a/crypto/external/bsd/openssh/dist/auth-rhosts.c Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c Sat Oct 12 18:32:21 2019 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: auth-rhosts.c,v 1.10 2019/01/27 02:08:33 pgoyette Exp $ */
-/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
-
+/* $NetBSD: auth-rhosts.c,v 1.11 2019/10/12 18:32:22 christos Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -17,7 +16,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-rhosts.c,v 1.10 2019/01/27 02:08:33 pgoyette Exp $");
+__RCSID("$NetBSD: auth-rhosts.c,v 1.11 2019/10/12 18:32:22 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -38,7 +37,6 @@
#include "sshkey.h"
#include "servconf.h"
#include "canohost.h"
-#include "sshkey.h"
#include "hostfile.h"
#include "auth.h"
@@ -222,8 +220,8 @@
* are no system-wide files.
*/
if (!rhosts_files[rhosts_file_index] &&
- stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
- stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
+ stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
+ stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
debug3("%s: no hosts access files exist", __func__);
return 0;
}
@@ -253,7 +251,7 @@
* Check that the home directory is owned by root or the user, and is
* not group or world writable.
*/
- if (stat(pw->pw_dir, &st) < 0) {
+ if (stat(pw->pw_dir, &st) == -1) {
logit("Rhosts authentication refused for %.100s: "
"no home directory %.200s", pw->pw_name, pw->pw_dir);
auth_debug_add("Rhosts authentication refused for %.100s: "
@@ -278,7 +276,7 @@
/* Check users .rhosts or .shosts. */
snprintf(buf, sizeof buf, "%.500s/%.100s",
pw->pw_dir, rhosts_files[rhosts_file_index]);
- if (stat(buf, &st) < 0)
+ if (stat(buf, &st) == -1)
continue;
/*
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth.c
--- a/crypto/external/bsd/openssh/dist/auth.c Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.c Sat Oct 12 18:32:21 2019 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth.c,v 1.24 2019/04/20 17:16:40 christos Exp $ */
-/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
+/* $NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $ */
+/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -25,12 +25,13 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.24 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $");
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/wait.h>
+#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#include <login_cap.h>
@@ -63,7 +64,6 @@
#endif
#include "authfile.h"
#include "monitor_wrap.h"
-#include "authfile.h"
#include "ssherr.h"
#include "compat.h"
#include "channels.h"
@@ -226,7 +226,7 @@
char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
_PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
- if (stat(shell, &st) != 0) {
+ if (stat(shell, &st) == -1) {
logit("User %.100s not allowed because shell %.100s "
"does not exist", pw->pw_name, shell);
free(shell);
@@ -557,7 +557,7 @@
return NULL;
}
- if (fstat(fd, &st) < 0) {
+ if (fstat(fd, &st) == -1) {
close(fd);
return NULL;
}
@@ -771,7 +771,7 @@
fromlen = sizeof(from);
Home |
Main Index |
Thread Index |
Old Index