Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssh merge openssh-8.1



details:   https://anonhg.NetBSD.org/src/rev/b28a6f1d335e
branches:  trunk
changeset: 464572:b28a6f1d335e
user:      christos <christos%NetBSD.org@localhost>
date:      Sat Oct 12 18:32:21 2019 +0000

description:
merge openssh-8.1

diffstat:

 crypto/external/bsd/openssh/bin/sftp-server/Makefile    |    4 +-
 crypto/external/bsd/openssh/bin/ssh-keygen/Makefile     |    4 +-
 crypto/external/bsd/openssh/bin/sshd/Makefile           |    4 +-
 crypto/external/bsd/openssh/dist/auth-options.c         |   81 +-
 crypto/external/bsd/openssh/dist/auth-options.h         |    7 +-
 crypto/external/bsd/openssh/dist/auth-rhosts.c          |   16 +-
 crypto/external/bsd/openssh/dist/auth.c                 |   22 +-
 crypto/external/bsd/openssh/dist/auth.h                 |    4 +-
 crypto/external/bsd/openssh/dist/auth2-chall.c          |    8 +-
 crypto/external/bsd/openssh/dist/auth2-hostbased.c      |    7 +-
 crypto/external/bsd/openssh/dist/auth2-kbdint.c         |   10 +-
 crypto/external/bsd/openssh/dist/auth2-passwd.c         |    9 +-
 crypto/external/bsd/openssh/dist/auth2-pubkey.c         |   76 +-
 crypto/external/bsd/openssh/dist/auth2.c                |   10 +-
 crypto/external/bsd/openssh/dist/authfd.c               |   40 +-
 crypto/external/bsd/openssh/dist/authfd.h               |    7 +-
 crypto/external/bsd/openssh/dist/authfile.c             |   62 +-
 crypto/external/bsd/openssh/dist/authfile.h             |    9 +-
 crypto/external/bsd/openssh/dist/canohost.c             |   10 +-
 crypto/external/bsd/openssh/dist/channels.c             |  105 +-
 crypto/external/bsd/openssh/dist/cipher.c               |    9 +-
 crypto/external/bsd/openssh/dist/cipher.h               |    6 +-
 crypto/external/bsd/openssh/dist/clientloop.c           |   23 +-
 crypto/external/bsd/openssh/dist/crc32.c                |  109 --
 crypto/external/bsd/openssh/dist/crc32.h                |   31 -
 crypto/external/bsd/openssh/dist/dh.c                   |   13 +-
 crypto/external/bsd/openssh/dist/dh.h                   |    9 +-
 crypto/external/bsd/openssh/dist/hmac.c                 |    5 +-
 crypto/external/bsd/openssh/dist/hostfile.c             |   14 +-
 crypto/external/bsd/openssh/dist/kex.c                  |  109 ++-
 crypto/external/bsd/openssh/dist/kex.h                  |   18 +-
 crypto/external/bsd/openssh/dist/kexgen.c               |   10 +-
 crypto/external/bsd/openssh/dist/krl.c                  |    9 +-
 crypto/external/bsd/openssh/dist/krl.h                  |    6 +-
 crypto/external/bsd/openssh/dist/log.h                  |    6 +-
 crypto/external/bsd/openssh/dist/mac.c                  |    8 +-
 crypto/external/bsd/openssh/dist/match.c                |    8 +-
 crypto/external/bsd/openssh/dist/misc.c                 |  143 +++-
 crypto/external/bsd/openssh/dist/misc.h                 |   10 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 |  158 ++-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 |  150 ++--
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 |  146 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 |  138 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 |  146 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 |  134 +-
 crypto/external/bsd/openssh/dist/moduli.c               |   10 +-
 crypto/external/bsd/openssh/dist/monitor.c              |   16 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.c         |    8 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.h         |    6 +-
 crypto/external/bsd/openssh/dist/mux.c                  |   12 +-
 crypto/external/bsd/openssh/dist/nchan.c                |   10 +-
 crypto/external/bsd/openssh/dist/packet.c               |   21 +-
 crypto/external/bsd/openssh/dist/packet.h               |   16 +-
 crypto/external/bsd/openssh/dist/progressmeter.c        |   10 +-
 crypto/external/bsd/openssh/dist/readconf.c             |   37 +-
 crypto/external/bsd/openssh/dist/readpass.c             |   14 +-
 crypto/external/bsd/openssh/dist/scp.1                  |    8 +-
 crypto/external/bsd/openssh/dist/scp.c                  |   30 +-
 crypto/external/bsd/openssh/dist/servconf.c             |   34 +-
 crypto/external/bsd/openssh/dist/servconf.h             |    6 +-
 crypto/external/bsd/openssh/dist/serverloop.c           |   12 +-
 crypto/external/bsd/openssh/dist/session.c              |   52 +-
 crypto/external/bsd/openssh/dist/sftp-client.c          |   16 +-
 crypto/external/bsd/openssh/dist/sftp-glob.c            |    7 +-
 crypto/external/bsd/openssh/dist/sftp-server-main.c     |    8 +-
 crypto/external/bsd/openssh/dist/sftp-server.c          |   33 +-
 crypto/external/bsd/openssh/dist/sftp.1                 |   46 +-
 crypto/external/bsd/openssh/dist/sftp.c                 |   33 +-
 crypto/external/bsd/openssh/dist/ssh-add.c              |   16 +-
 crypto/external/bsd/openssh/dist/ssh-agent.c            |   25 +-
 crypto/external/bsd/openssh/dist/ssh-keygen.1           |  196 ++++-
 crypto/external/bsd/openssh/dist/ssh-keygen.c           |  600 +++++++++++++--
 crypto/external/bsd/openssh/dist/ssh-keyscan.c          |   26 +-
 crypto/external/bsd/openssh/dist/ssh-keysign.c          |   17 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c    |   29 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11.c           |   79 +-
 crypto/external/bsd/openssh/dist/ssh.1                  |    8 +-
 crypto/external/bsd/openssh/dist/ssh.c                  |   41 +-
 crypto/external/bsd/openssh/dist/ssh_api.c              |   50 +-
 crypto/external/bsd/openssh/dist/ssh_config.5           |   86 +-
 crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c  |  166 ++++-
 crypto/external/bsd/openssh/dist/sshbuf-misc.c          |   98 ++-
 crypto/external/bsd/openssh/dist/sshbuf.h               |   64 +-
 crypto/external/bsd/openssh/dist/sshconnect.c           |   70 +-
 crypto/external/bsd/openssh/dist/sshconnect.h           |   11 +-
 crypto/external/bsd/openssh/dist/sshconnect2.c          |   49 +-
 crypto/external/bsd/openssh/dist/sshd.c                 |   44 +-
 crypto/external/bsd/openssh/dist/sshd_config.5          |   56 +-
 crypto/external/bsd/openssh/dist/sshkey-xmss.c          |   34 +-
 crypto/external/bsd/openssh/dist/sshkey.c               |  455 ++++++++++-
 crypto/external/bsd/openssh/dist/sshkey.h               |   33 +-
 crypto/external/bsd/openssh/dist/sshlogin.c             |    9 +-
 crypto/external/bsd/openssh/dist/sshpty.c               |   29 +-
 crypto/external/bsd/openssh/dist/sshsig.c               |    8 +-
 crypto/external/bsd/openssh/dist/uidswap.c              |   23 +-
 crypto/external/bsd/openssh/dist/umac.h                 |    8 +-
 crypto/external/bsd/openssh/dist/uuencode.c             |   96 --
 crypto/external/bsd/openssh/dist/uuencode.h             |   30 -
 crypto/external/bsd/openssh/dist/version.h              |    8 +-
 crypto/external/bsd/openssh/dist/xmalloc.c              |   14 +-
 crypto/external/bsd/openssh/dist/xmalloc.h              |    5 +-
 crypto/external/bsd/openssh/lib/Makefile                |    4 +-
 crypto/external/bsd/openssh/lib/shlib_version           |    4 +-
 103 files changed, 3034 insertions(+), 1815 deletions(-)

diffs (truncated from 10153 to 300 lines):

diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/bin/sftp-server/Makefile
--- a/crypto/external/bsd/openssh/bin/sftp-server/Makefile      Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/sftp-server/Makefile      Sat Oct 12 18:32:21 2019 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+#      $NetBSD: Makefile,v 1.2 2019/10/12 18:32:21 christos Exp $
 
 BINDIR=        /usr/libexec
 
 PROG=  sftp-server
-SRCS=  sftp-server.c sftp-common.c sftp-server-main.c
+SRCS=  sftp-server.c sftp-common.c sftp-server-main.c sftp-realpath.c
 MAN=   sftp-server.8
 
 .include <bsd.prog.mk>
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/bin/ssh-keygen/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile       Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile       Sat Oct 12 18:32:21 2019 +0000
@@ -1,9 +1,9 @@
-#      $NetBSD: Makefile,v 1.4 2012/08/10 12:20:12 joerg Exp $
+#      $NetBSD: Makefile,v 1.5 2019/10/12 18:32:21 christos Exp $
 
 BINDIR=        /usr/bin
 
 PROG=  ssh-keygen
-SRCS=  ssh-keygen.c moduli.c
+SRCS=  ssh-keygen.c moduli.c sshsig.c
 
 COPTS.ssh-keygen.c=    -Wno-pointer-sign
 
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile     Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile     Sat Oct 12 18:32:21 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.17 2019/04/20 17:16:40 christos Exp $
+#      $NetBSD: Makefile,v 1.18 2019/10/12 18:32:21 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -15,7 +15,7 @@
        auth2-none.c auth2-passwd.c auth2-pubkey.c \
        monitor.c monitor_wrap.c \
        kexgexs.c sftp-server.c sftp-common.c \
-       sandbox-rlimit.c pfilter.c
+       sftp-realpath.c sandbox-rlimit.c pfilter.c
 
 COPTS.auth-options.c+= -Wno-pointer-sign
 COPTS.ldapauth.c+=     -Wno-format-nonliteral  # XXX: should fix
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c   Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c   Sat Oct 12 18:32:21 2019 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: auth-options.c,v 1.20 2019/04/20 17:16:40 christos Exp $       */
-/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
+/*     $NetBSD: auth-options.c,v 1.21 2019/10/12 18:32:22 christos Exp $       */
+/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
  *
@@ -17,10 +17,11 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.20 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.21 2019/10/12 18:32:22 christos Exp $");
 #include <sys/types.h>
 #include <sys/queue.h>
 
+#include <stdlib.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <string.h>
@@ -40,75 +41,6 @@
 #include "ssh2.h"
 #include "auth-options.h"
 
-/*
- * Match flag 'opt' in *optsp, and if allow_negate is set then also match
- * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
- * if negated option matches.
- * If the option or negated option matches, then *optsp is updated to
- * point to the first character after the option.
- */
-static int
-opt_flag(const char *opt, int allow_negate, const char **optsp)
-{
-       size_t opt_len = strlen(opt);
-       const char *opts = *optsp;
-       int negate = 0;
-
-       if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
-               opts += 3;
-               negate = 1;
-       }
-       if (strncasecmp(opts, opt, opt_len) == 0) {
-               *optsp = opts + opt_len;
-               return negate ? 0 : 1;
-       }
-       return -1;
-}
-
-static char *
-opt_dequote(const char **sp, const char **errstrp)
-{
-       const char *s = *sp;
-       char *ret;
-       size_t i;
-
-       *errstrp = NULL;
-       if (*s != '"') {
-               *errstrp = "missing start quote";
-               return NULL;
-       }
-       s++;
-       if ((ret = malloc(strlen((s)) + 1)) == NULL) {
-               *errstrp = "memory allocation failed";
-               return NULL;
-       }
-       for (i = 0; *s != '\0' && *s != '"';) {
-               if (s[0] == '\\' && s[1] == '"')
-                       s++;
-               ret[i++] = *s++;
-       }
-       if (*s == '\0') {
-               *errstrp = "missing end quote";
-               free(ret);
-               return NULL;
-       }
-       ret[i] = '\0';
-       s++;
-       *sp = s;
-       return ret;
-}
-
-static int
-opt_match(const char **opts, const char *term)
-{
-       if (strncasecmp((*opts), term, strlen(term)) == 0 &&
-           (*opts)[strlen(term)] == '=') {
-               *opts += strlen(term) + 1;
-               return 1;
-       }
-       return 0;
-}
-
 static int
 dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
 {
@@ -321,7 +253,7 @@
        size_t npermits = *npermitsp;
        const char *errstr = "unknown error";
 
-       if (npermits > INT_MAX) {
+       if (npermits > SSH_AUTHOPT_PERMIT_MAX) {
                *errstrp = "too many permission directives";
                return -1;
        }
@@ -333,7 +265,8 @@
                 * Allow a bare port number in permitlisten to indicate a
                 * listen_host wildcard.
                 */
-               if (asprintf(&tmp, "*:%s", opt) < 0) {
+               if (asprintf(&tmp, "*:%s", opt) == -1) {
+                       free(opt);
                        *errstrp = "memory allocation failed";
                        return -1;
                }
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth-options.h
--- a/crypto/external/bsd/openssh/dist/auth-options.h   Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.h   Sat Oct 12 18:32:21 2019 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: auth-options.h,v 1.11 2018/08/26 07:46:36 christos Exp $       */
-/* $OpenBSD: auth-options.h,v 1.27 2018/06/06 18:23:32 djm Exp $ */
+/*     $NetBSD: auth-options.h,v 1.12 2019/10/12 18:32:22 christos Exp $       */
+/* $OpenBSD: auth-options.h,v 1.28 2019/07/09 04:15:00 djm Exp $ */
 
 /*
  * Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
@@ -23,6 +23,9 @@
 struct passwd;
 struct sshkey;
 
+/* Maximum number of permitopen/permitlisten directives to accept */
+#define SSH_AUTHOPT_PERMIT_MAX 4096
+
 /*
  * sshauthopt represents key options parsed from authorized_keys or
  * from certificate extensions/options.
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth-rhosts.c
--- a/crypto/external/bsd/openssh/dist/auth-rhosts.c    Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-rhosts.c    Sat Oct 12 18:32:21 2019 +0000
@@ -1,6 +1,5 @@
-/*     $NetBSD: auth-rhosts.c,v 1.10 2019/01/27 02:08:33 pgoyette Exp $        */
-/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
-
+/*     $NetBSD: auth-rhosts.c,v 1.11 2019/10/12 18:32:22 christos Exp $        */
+/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -17,7 +16,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-rhosts.c,v 1.10 2019/01/27 02:08:33 pgoyette Exp $");
+__RCSID("$NetBSD: auth-rhosts.c,v 1.11 2019/10/12 18:32:22 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -38,7 +37,6 @@
 #include "sshkey.h"
 #include "servconf.h"
 #include "canohost.h"
-#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 
@@ -222,8 +220,8 @@
         * are no system-wide files.
         */
        if (!rhosts_files[rhosts_file_index] &&
-           stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
-           stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
+           stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
+           stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
                debug3("%s: no hosts access files exist", __func__);
                return 0;
        }
@@ -253,7 +251,7 @@
         * Check that the home directory is owned by root or the user, and is
         * not group or world writable.
         */
-       if (stat(pw->pw_dir, &st) < 0) {
+       if (stat(pw->pw_dir, &st) == -1) {
                logit("Rhosts authentication refused for %.100s: "
                    "no home directory %.200s", pw->pw_name, pw->pw_dir);
                auth_debug_add("Rhosts authentication refused for %.100s: "
@@ -278,7 +276,7 @@
                /* Check users .rhosts or .shosts. */
                snprintf(buf, sizeof buf, "%.500s/%.100s",
                         pw->pw_dir, rhosts_files[rhosts_file_index]);
-               if (stat(buf, &st) < 0)
+               if (stat(buf, &st) == -1)
                        continue;
 
                /*
diff -r f3598f1ddfe7 -r b28a6f1d335e crypto/external/bsd/openssh/dist/auth.c
--- a/crypto/external/bsd/openssh/dist/auth.c   Sat Oct 12 17:50:56 2019 +0000
+++ b/crypto/external/bsd/openssh/dist/auth.c   Sat Oct 12 18:32:21 2019 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: auth.c,v 1.24 2019/04/20 17:16:40 christos Exp $       */
-/* $OpenBSD: auth.c,v 1.138 2019/01/19 21:41:18 djm Exp $ */
+/*     $NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $       */
+/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,12 +25,13 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.24 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $");
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/wait.h>
 
+#include <stdlib.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <login_cap.h>
@@ -63,7 +64,6 @@
 #endif
 #include "authfile.h"
 #include "monitor_wrap.h"
-#include "authfile.h"
 #include "ssherr.h"
 #include "compat.h"
 #include "channels.h"
@@ -226,7 +226,7 @@
                char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
                    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
 
-               if (stat(shell, &st) != 0) {
+               if (stat(shell, &st) == -1) {
                        logit("User %.100s not allowed because shell %.100s "
                            "does not exist", pw->pw_name, shell);
                        free(shell);
@@ -557,7 +557,7 @@
                return NULL;
        }
 
-       if (fstat(fd, &st) < 0) {
+       if (fstat(fd, &st) == -1) {
                close(fd);
                return NULL;
        }
@@ -771,7 +771,7 @@
        fromlen = sizeof(from);



Home | Main Index | Thread Index | Old Index