Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-6-0]: src Apply patch (requested by mrg in ticket #1468):
details: https://anonhg.NetBSD.org/src/rev/f047386d2c46
branches: netbsd-6-0
changeset: 775226:f047386d2c46
user: snj <snj%NetBSD.org@localhost>
date: Tue Aug 15 04:39:20 2017 +0000
description:
Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.
diffstat:
crypto/external/bsd/openssh/Makefile.inc | 15 +-
crypto/external/bsd/openssh/bin/Makefile.inc | 3 +-
crypto/external/bsd/openssh/bin/sftp/Makefile | 8 +-
crypto/external/bsd/openssh/bin/ssh-keygen/Makefile | 8 +-
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile | 4 +-
crypto/external/bsd/openssh/bin/ssh/Makefile | 12 +-
crypto/external/bsd/openssh/bin/sshd/Makefile | 35 +-
crypto/external/bsd/openssh/dist/OVERVIEW | 8 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 173 +-
crypto/external/bsd/openssh/dist/PROTOCOL.agent | 30 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 57 +-
crypto/external/bsd/openssh/dist/PROTOCOL.mux | 19 +-
crypto/external/bsd/openssh/dist/addrmatch.c | 21 +-
crypto/external/bsd/openssh/dist/atomicio.c | 11 +-
crypto/external/bsd/openssh/dist/auth-bsdauth.c | 15 +-
crypto/external/bsd/openssh/dist/auth-chall.c | 99 -
crypto/external/bsd/openssh/dist/auth-krb5.c | 30 +-
crypto/external/bsd/openssh/dist/auth-options.c | 357 +-
crypto/external/bsd/openssh/dist/auth-options.h | 6 +-
crypto/external/bsd/openssh/dist/auth-pam.c | 57 +-
crypto/external/bsd/openssh/dist/auth-passwd.c | 29 +-
crypto/external/bsd/openssh/dist/auth-rh-rsa.c | 104 -
crypto/external/bsd/openssh/dist/auth-rhosts.c | 95 +-
crypto/external/bsd/openssh/dist/auth-rsa.c | 422 --
crypto/external/bsd/openssh/dist/auth.c | 355 +-
crypto/external/bsd/openssh/dist/auth.h | 71 +-
crypto/external/bsd/openssh/dist/auth1.c | 480 --
crypto/external/bsd/openssh/dist/auth2-chall.c | 73 +-
crypto/external/bsd/openssh/dist/auth2-gss.c | 58 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 67 +-
crypto/external/bsd/openssh/dist/auth2-jpake.c | 564 ---
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 11 +-
crypto/external/bsd/openssh/dist/auth2-krb5.c | 11 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 9 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 15 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 897 ++++-
crypto/external/bsd/openssh/dist/auth2.c | 338 +-
crypto/external/bsd/openssh/dist/authfd.c | 925 ++--
crypto/external/bsd/openssh/dist/authfd.h | 64 +-
crypto/external/bsd/openssh/dist/authfile.c | 1099 ++----
crypto/external/bsd/openssh/dist/authfile.h | 63 +-
crypto/external/bsd/openssh/dist/bufaux.c | 276 +-
crypto/external/bsd/openssh/dist/bufbn.c | 203 +-
crypto/external/bsd/openssh/dist/bufec.c | 105 +-
crypto/external/bsd/openssh/dist/buffer.c | 247 +-
crypto/external/bsd/openssh/dist/buffer.h | 66 +-
crypto/external/bsd/openssh/dist/canohost.c | 295 +-
crypto/external/bsd/openssh/dist/canohost.h | 15 +-
crypto/external/bsd/openssh/dist/channels.c | 1703 +++++++-
crypto/external/bsd/openssh/dist/channels.h | 84 +-
crypto/external/bsd/openssh/dist/cipher-3des1.c | 68 +-
crypto/external/bsd/openssh/dist/cipher-bf1.c | 23 +-
crypto/external/bsd/openssh/dist/cipher-ctr-mt.c | 4 +-
crypto/external/bsd/openssh/dist/cipher-ctr.c | 139 -
crypto/external/bsd/openssh/dist/cipher.c | 633 ++-
crypto/external/bsd/openssh/dist/cipher.h | 64 +-
crypto/external/bsd/openssh/dist/clientloop.c | 1082 ++++-
crypto/external/bsd/openssh/dist/clientloop.h | 10 +-
crypto/external/bsd/openssh/dist/compat.c | 141 +-
crypto/external/bsd/openssh/dist/compat.h | 15 +-
crypto/external/bsd/openssh/dist/compress.c | 168 -
crypto/external/bsd/openssh/dist/compress.h | 26 -
crypto/external/bsd/openssh/dist/deattack.c | 82 +-
crypto/external/bsd/openssh/dist/deattack.h | 13 +-
crypto/external/bsd/openssh/dist/dh.c | 307 +-
crypto/external/bsd/openssh/dist/dh.h | 17 +-
crypto/external/bsd/openssh/dist/dispatch.c | 110 +-
crypto/external/bsd/openssh/dist/dispatch.h | 38 +-
crypto/external/bsd/openssh/dist/dns.c | 143 +-
crypto/external/bsd/openssh/dist/dns.h | 23 +-
crypto/external/bsd/openssh/dist/fmt_scaled.c | 11 +-
crypto/external/bsd/openssh/dist/fmt_scaled.h | 3 +-
crypto/external/bsd/openssh/dist/groupaccess.c | 15 +-
crypto/external/bsd/openssh/dist/gss-genr.c | 22 +-
crypto/external/bsd/openssh/dist/gss-serv-krb5.c | 72 +-
crypto/external/bsd/openssh/dist/gss-serv.c | 72 +-
crypto/external/bsd/openssh/dist/hostfile.c | 693 ++-
crypto/external/bsd/openssh/dist/hostfile.h | 66 +-
crypto/external/bsd/openssh/dist/includes.h | 9 +-
crypto/external/bsd/openssh/dist/jpake.c | 457 --
crypto/external/bsd/openssh/dist/jpake.h | 115 -
crypto/external/bsd/openssh/dist/kex.c | 1057 ++++-
crypto/external/bsd/openssh/dist/kex.h | 201 +-
crypto/external/bsd/openssh/dist/kexdh.c | 95 +-
crypto/external/bsd/openssh/dist/kexdhc.c | 208 +-
crypto/external/bsd/openssh/dist/kexdhs.c | 207 +-
crypto/external/bsd/openssh/dist/kexecdh.c | 107 +-
crypto/external/bsd/openssh/dist/kexecdhc.c | 215 +-
crypto/external/bsd/openssh/dist/kexecdhs.c | 204 +-
crypto/external/bsd/openssh/dist/kexgex.c | 111 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 308 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 289 +-
crypto/external/bsd/openssh/dist/key.c | 2331 +-----------
crypto/external/bsd/openssh/dist/key.h | 161 +-
crypto/external/bsd/openssh/dist/ldapauth.c | 6 +-
crypto/external/bsd/openssh/dist/ldapauth.h | 4 +-
crypto/external/bsd/openssh/dist/log.c | 59 +-
crypto/external/bsd/openssh/dist/log.h | 12 +-
crypto/external/bsd/openssh/dist/mac.c | 266 +-
crypto/external/bsd/openssh/dist/mac.h | 35 +-
crypto/external/bsd/openssh/dist/match.c | 96 +-
crypto/external/bsd/openssh/dist/match.h | 9 +-
crypto/external/bsd/openssh/dist/misc.c | 377 +-
crypto/external/bsd/openssh/dist/misc.h | 82 +-
crypto/external/bsd/openssh/dist/moduli.c | 172 +-
crypto/external/bsd/openssh/dist/monitor.c | 1207 +-----
crypto/external/bsd/openssh/dist/monitor.h | 92 +-
crypto/external/bsd/openssh/dist/monitor_fdpass.c | 14 +-
crypto/external/bsd/openssh/dist/monitor_mm.c | 347 -
crypto/external/bsd/openssh/dist/monitor_mm.h | 63 -
crypto/external/bsd/openssh/dist/monitor_wrap.c | 640 +---
crypto/external/bsd/openssh/dist/monitor_wrap.h | 54 +-
crypto/external/bsd/openssh/dist/msg.c | 29 +-
crypto/external/bsd/openssh/dist/msg.h | 9 +-
crypto/external/bsd/openssh/dist/mux.c | 636 ++-
crypto/external/bsd/openssh/dist/myproposal.h | 142 +-
crypto/external/bsd/openssh/dist/namespace.h | 4 +-
crypto/external/bsd/openssh/dist/openssh2netbsd | 38 -
crypto/external/bsd/openssh/dist/packet.c | 3235 ++++++++++++-----
crypto/external/bsd/openssh/dist/packet.h | 245 +-
crypto/external/bsd/openssh/dist/pathnames.h | 28 +-
crypto/external/bsd/openssh/dist/pkcs11.h | 20 +-
crypto/external/bsd/openssh/dist/progressmeter.c | 36 +-
crypto/external/bsd/openssh/dist/progressmeter.h | 6 +-
crypto/external/bsd/openssh/dist/readconf.c | 1848 ++++++++-
crypto/external/bsd/openssh/dist/readconf.h | 108 +-
crypto/external/bsd/openssh/dist/readpass.c | 16 +-
crypto/external/bsd/openssh/dist/readpassphrase.c | 19 +-
crypto/external/bsd/openssh/dist/roaming.h | 45 -
crypto/external/bsd/openssh/dist/roaming_client.c | 279 -
crypto/external/bsd/openssh/dist/roaming_common.c | 243 -
crypto/external/bsd/openssh/dist/roaming_dummy.c | 60 -
crypto/external/bsd/openssh/dist/roaming_serv.c | 30 -
crypto/external/bsd/openssh/dist/rsa.c | 119 +-
crypto/external/bsd/openssh/dist/rsa.h | 8 +-
crypto/external/bsd/openssh/dist/sandbox-rlimit.c | 3 +-
crypto/external/bsd/openssh/dist/sandbox-systrace.c | 192 -
crypto/external/bsd/openssh/dist/schnorr.c | 674 ---
crypto/external/bsd/openssh/dist/schnorr.h | 61 -
crypto/external/bsd/openssh/dist/scp.1 | 44 +-
crypto/external/bsd/openssh/dist/scp.c | 198 +-
crypto/external/bsd/openssh/dist/servconf.c | 1072 ++++-
crypto/external/bsd/openssh/dist/servconf.h | 88 +-
crypto/external/bsd/openssh/dist/serverloop.c | 927 +---
crypto/external/bsd/openssh/dist/serverloop.h | 5 +-
crypto/external/bsd/openssh/dist/session.c | 740 +--
crypto/external/bsd/openssh/dist/session.h | 8 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 1141 +++--
crypto/external/bsd/openssh/dist/sftp-client.h | 42 +-
crypto/external/bsd/openssh/dist/sftp-common.c | 118 +-
crypto/external/bsd/openssh/dist/sftp-common.h | 9 +-
crypto/external/bsd/openssh/dist/sftp-glob.c | 21 +-
crypto/external/bsd/openssh/dist/sftp-server-main.c | 9 +-
crypto/external/bsd/openssh/dist/sftp-server.8 | 64 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 1073 +++--
crypto/external/bsd/openssh/dist/sftp.1 | 101 +-
crypto/external/bsd/openssh/dist/sftp.c | 624 ++-
crypto/external/bsd/openssh/dist/ssh-add.1 | 46 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 401 +-
crypto/external/bsd/openssh/dist/ssh-agent.1 | 114 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 1001 +++--
crypto/external/bsd/openssh/dist/ssh-dss.c | 241 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 229 +-
crypto/external/bsd/openssh/dist/ssh-gss.h | 6 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 240 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 2173 +++++++----
crypto/external/bsd/openssh/dist/ssh-keyscan.1 | 52 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 266 +-
crypto/external/bsd/openssh/dist/ssh-keysign.8 | 12 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 190 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 21 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 | 8 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 46 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 270 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.h | 10 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 404 +-
crypto/external/bsd/openssh/dist/ssh.1 | 534 ++-
crypto/external/bsd/openssh/dist/ssh.c | 1180 ++++-
crypto/external/bsd/openssh/dist/ssh.h | 12 +-
crypto/external/bsd/openssh/dist/ssh1.h | 5 +-
crypto/external/bsd/openssh/dist/ssh2.h | 22 +-
crypto/external/bsd/openssh/dist/ssh_config | 16 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 1210 ++++-
crypto/external/bsd/openssh/dist/sshconnect.c | 591 ++-
crypto/external/bsd/openssh/dist/sshconnect.h | 12 +-
crypto/external/bsd/openssh/dist/sshconnect1.c | 197 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 1418 ++++---
crypto/external/bsd/openssh/dist/sshd.8 | 246 +-
crypto/external/bsd/openssh/dist/sshd.c | 1303 +++----
crypto/external/bsd/openssh/dist/sshd_config | 49 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 1168 ++++-
crypto/external/bsd/openssh/dist/sshlogin.c | 23 +-
crypto/external/bsd/openssh/dist/sshpty.c | 28 +-
crypto/external/bsd/openssh/dist/sshpty.h | 5 +-
crypto/external/bsd/openssh/dist/strtonum.c | 78 -
crypto/external/bsd/openssh/dist/ttymodes.c | 7 +-
crypto/external/bsd/openssh/dist/ttymodes.h | 7 +-
crypto/external/bsd/openssh/dist/uidswap.c | 8 +-
crypto/external/bsd/openssh/dist/umac.c | 192 +-
crypto/external/bsd/openssh/dist/umac.h | 16 +-
crypto/external/bsd/openssh/dist/uuencode.c | 13 +-
crypto/external/bsd/openssh/dist/version.h | 9 +-
crypto/external/bsd/openssh/dist/xmalloc.c | 52 +-
crypto/external/bsd/openssh/dist/xmalloc.h | 8 +-
crypto/external/bsd/openssh/lib/Makefile | 86 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
distrib/sets/lists/base/ad.mips64eb | 10 +-
distrib/sets/lists/base/ad.mips64el | 10 +-
distrib/sets/lists/base/md.amd64 | 6 +-
distrib/sets/lists/base/md.sparc64 | 6 +-
distrib/sets/lists/base/shl.mi | 6 +-
distrib/sets/lists/comp/ad.mips64eb | 6 +-
distrib/sets/lists/comp/ad.mips64el | 6 +-
distrib/sets/lists/comp/md.amd64 | 4 +-
distrib/sets/lists/comp/md.sparc64 | 4 +-
distrib/sets/lists/comp/shl.mi | 4 +-
lib/libpam/modules/pam_ssh/Makefile | 3 +-
lib/libpam/modules/pam_ssh/pam_ssh.c | 16 +-
218 files changed, 27892 insertions(+), 24217 deletions(-)
diffs (truncated from 78236 to 300 lines):
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/Makefile.inc
--- a/crypto/external/bsd/openssh/Makefile.inc Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/Makefile.inc Tue Aug 15 04:39:20 2017 +0000
@@ -1,14 +1,23 @@
-# $NetBSD: Makefile.inc,v 1.5 2011/10/13 17:23:28 plunky Exp $
+# $NetBSD: Makefile.inc,v 1.5.10.1 2017/08/15 04:39:20 snj Exp $
WARNS?= 4
.include <bsd.own.mk>
USE_FORT?= yes # network client/server
+WITH_OPENSSL=1
SSHDIST?= ${NETBSDSRCDIR}/crypto/external/bsd/openssh/dist
-CPPFLAGS+=-I${SSHDIST} -DHAVE_LOGIN_CAP -DHAVE_MMAP -DHAVE_OPENPTY -DENABLE_PKCS11
+CPPFLAGS+=-I${SSHDIST}
+CPPFLAGS+=-I${SSHDIST}/../lib
+
+CPPFLAGS+=-DHAVE_DLOPEN
+CPPFLAGS+=-DHAVE_HEADER_AD
+CPPFLAGS+=-DHAVE_LOGIN_CAP
+CPPFLAGS+=-DHAVE_STDLIB_H
+
+CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE=1
.if !defined(NOPIC)
CPPFLAGS+=-DHAVE_DLOPEN
.endif
@@ -31,9 +40,7 @@
CPPFLAGS+=-DWITH_LDAP_PUBKEY
.endif
-.if ${X11FLAVOUR} == "Xorg"
CPPFLAGS+=-DX11BASE=\"/usr/X11R7\"
-.endif
CPPFLAGS+=-DSUPPORT_UTMP -DSUPPORT_UTMPX
CPPFLAGS+=-DLIBWRAP
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/bin/Makefile.inc
--- a/crypto/external/bsd/openssh/bin/Makefile.inc Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/Makefile.inc Tue Aug 15 04:39:20 2017 +0000
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile.inc,v 1.2 2009/12/19 18:00:26 christos Exp $
+# $NetBSD: Makefile.inc,v 1.2.14.1 2017/08/15 04:39:20 snj Exp $
+CPPFLAGS+=-DWITH_OPENSSL
LDADD+= -lssh -lcrypto -lcrypt -lz
DPADD+= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ}
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/bin/sftp/Makefile
--- a/crypto/external/bsd/openssh/bin/sftp/Makefile Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/sftp/Makefile Tue Aug 15 04:39:20 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.4 2011/06/20 07:43:56 mrg Exp $
+# $NetBSD: Makefile,v 1.4.8.1 2017/08/15 04:39:20 snj Exp $
BINDIR= /usr/bin
@@ -9,9 +9,7 @@
LDADD+= -ledit -lterminfo
DPADD+= ${LIBEDIT} ${LIBTERMINFO}
-.include <bsd.prog.mk>
-
-.if defined(HAVE_GCC) || defined(HAVE_PCC)
COPTS.sftp.c+= -Wno-pointer-sign
COPTS.sftp-client.c+= -Wno-pointer-sign
-.endif
+
+.include <bsd.prog.mk>
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/bin/ssh-keygen/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile Tue Aug 15 04:39:20 2017 +0000
@@ -1,12 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2011/06/20 07:43:56 mrg Exp $
+# $NetBSD: Makefile,v 1.3.8.1 2017/08/15 04:39:20 snj Exp $
BINDIR= /usr/bin
PROG= ssh-keygen
SRCS= ssh-keygen.c moduli.c
-.include <bsd.prog.mk>
+COPTS.ssh-keygen.c= -Wno-pointer-sign
-.if defined(HAVE_GCC) || defined(HAVE_PCC)
-COPTS.ssh-keygen.c= -Wno-pointer-sign
-.endif
+.include <bsd.prog.mk>
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile Tue Aug 15 04:39:20 2017 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+# $NetBSD: Makefile,v 1.1.14.1 2017/08/15 04:39:20 snj Exp $
BINDIR= /usr/bin
PROG= ssh-keyscan
-SRCS= ssh-keyscan.c
+SRCS= ssh-keyscan.c ssh_api.c kexdhs.c kexgexs.c kexecdhs.c
MAN= ssh-keyscan.1
.include <bsd.prog.mk>
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile Tue Aug 15 04:39:20 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.7 2011/08/17 05:32:09 christos Exp $
+# $NetBSD: Makefile,v 1.7.8.1 2017/08/15 04:39:20 snj Exp $
.include <bsd.own.mk>
@@ -6,14 +6,12 @@
PROG= ssh
SRCS= ssh.c readconf.c clientloop.c sshtty.c \
- sshconnect.c sshconnect1.c sshconnect2.c mux.c \
- roaming_common.c roaming_client.c
+ sshconnect.c sshconnect1.c sshconnect2.c mux.c auth.c
+COPTS.auth.c= -DHOST_ONLY
COPTS.sshconnect1.c= -fno-strict-aliasing
-.if defined(HAVE_GCC) || defined(HAVE_PCC)
COPTS.mux.c= -Wno-pointer-sign
COPTS.sshconnect2.c= -Wno-pointer-sign
-.endif
LINKS= ${BINDIR}/ssh ${BINDIR}/slogin
MAN= ssh.1 ssh_config.5
@@ -31,8 +29,8 @@
LDADD+= -lkafs -lasn1 -lcrypt
DPADD+= ${LIBKAFS} ${LIBASN1} ${LIBCRYPT}
-LDADD+= -lcom_err -lroken -lutil
-DPADD+= ${LIBCOM_ERR} ${LIBROKEN} ${LIBUTIL}
+LDADD+= -lcom_err -lroken -lsqlite3 -lutil
+DPADD+= ${LIBCOM_ERR} ${LIBROKEN} ${LIBSQLITE3} ${LIBUTIL}
.endif
.include <bsd.prog.mk>
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile Tue Aug 15 04:39:20 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.8 2011/09/07 17:49:19 christos Exp $
+# $NetBSD: Makefile,v 1.8.8.1 2017/08/15 04:39:20 snj Exp $
.include <bsd.own.mk>
@@ -7,21 +7,18 @@
BINDIR= /usr/sbin
-SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
+SRCS= sshd.c auth-rhosts.c auth-passwd.c \
sshpty.c sshlogin.c servconf.c serverloop.c \
- auth.c auth1.c auth2.c auth-options.c session.c \
- auth-chall.c auth2-chall.c groupaccess.c \
- auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
+ auth.c auth2.c auth-options.c session.c \
+ auth-krb5.c auth2-chall.c groupaccess.c \
+ auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
auth2-none.c auth2-passwd.c auth2-pubkey.c \
- monitor_mm.c monitor.c monitor_wrap.c \
+ monitor.c monitor_wrap.c \
kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
- auth2-jpake.c \
- roaming_common.c roaming_serv.c sandbox-rlimit.c
+ sandbox-rlimit.c pfilter.c
-.if defined(HAVE_GCC) || defined(HAVE_PCC)
-COPTS.auth-options.c= -Wno-pointer-sign
-.endif
-COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
+COPTS.auth-options.c+= -Wno-pointer-sign
+COPTS.ldapauth.c+= -Wno-format-nonliteral # XXX: should fix
.if (${USE_PAM} != "no")
SRCS+= auth-pam.c
@@ -50,12 +47,12 @@
LDADD+= -lkafs
DPADD+= ${LIBKAFS}
-SRCS+= auth-krb5.c auth2-krb5.c
+SRCS+= auth2-krb5.c
LDADD+= -lkrb5 -lasn1
DPADD+= ${LIBKRB5} ${LIBASN1}
-LDADD+= -lcom_err -lroken
-DPADD+= ${LIBCOM_ERR} ${LIBROKEN}
+LDADD+= -lcom_err -lroken -lsqlite3
+DPADD+= ${LIBCOM_ERR} ${LIBROKEN} ${LIBSQLITE3}
.endif
.if (${USE_LDAP} != "no")
@@ -71,3 +68,11 @@
LDADD+= -lwrap
DPADD+= ${LIBWRAP}
+
+.ifdef CRUNCHEDPROG
+CPPFLAGS+=-DSMALL
+.else
+# XXXMRG netbsd-6 ssh
+#LDADD+= -lblacklist
+#DPADD+= ${LIBBLACKLIST}
+.endif
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/dist/OVERVIEW
--- a/crypto/external/bsd/openssh/dist/OVERVIEW Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/dist/OVERVIEW Tue Aug 15 04:39:20 2017 +0000
@@ -65,8 +65,8 @@
packets. CRC code comes from crc32.c.
- The code in packet.c calls the buffer manipulation routines
- (buffer.c, bufaux.c), compression routines (compress.c, zlib),
- and the encryption routines.
+ (buffer.c, bufaux.c), compression routines (zlib), and the
+ encryption routines.
X11, TCP/IP, and Agent forwarding
@@ -165,5 +165,5 @@
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
-$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
-$NetBSD: OVERVIEW,v 1.2 2011/07/25 03:03:10 christos Exp $
+$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $
+$NetBSD: OVERVIEW,v 1.2.10.1 2017/08/15 04:39:20 snj Exp $
diff -r 264c29bf9096 -r f047386d2c46 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Sat Aug 12 16:38:08 2017 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Tue Aug 15 04:39:20 2017 +0000
@@ -40,8 +40,8 @@
"ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost"
OpenSSH introduces new public key algorithms to support certificate
-authentication for users and hostkeys. These methods are documented in
-the file PROTOCOL.certkeys
+authentication for users and host keys. These methods are documented
+in the file PROTOCOL.certkeys
1.4. transport: Elliptic Curve cryptography
@@ -51,6 +51,57 @@
curve points encoded using point compression are NOT accepted or
generated.
+1.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms
+
+OpenSSH supports MAC algorithms, whose names contain "-etm", that
+perform the calculations in a different order to that defined in RFC
+4253. These variants use the so-called "encrypt then MAC" ordering,
+calculating the MAC over the packet ciphertext rather than the
+plaintext. This ordering closes a security flaw in the SSH transport
+protocol, where decryption of unauthenticated ciphertext provided a
+"decryption oracle" that could, in conjunction with cipher flaws, reveal
+session plaintext.
+
+Specifically, the "-etm" MAC algorithms modify the transport protocol
+to calculate the MAC over the packet ciphertext and to send the packet
+length unencrypted. This is necessary for the transport to obtain the
+length of the packet and location of the MAC tag so that it may be
+verified without decrypting unauthenticated data.
+
+As such, the MAC covers:
+
+ mac = MAC(key, sequence_number || packet_length || encrypted_packet)
+
+where "packet_length" is encoded as a uint32 and "encrypted_packet"
+contains:
+
+ byte padding_length
+ byte[n1] payload; n1 = packet_length - padding_length - 1
+ byte[n2] random padding; n2 = padding_length
+
+1.6 transport: AES-GCM
+
+OpenSSH supports the AES-GCM algorithm as specified in RFC 5647.
+Because of problems with the specification of the key exchange
+the behaviour of OpenSSH differs from the RFC as follows:
+
+AES-GCM is only negotiated as the cipher algorithms
+"aes128-gcm%openssh.com@localhost" or "aes256-gcm%openssh.com@localhost" and never as
+an MAC algorithm. Additionally, if AES-GCM is selected as the cipher
+the exchanged MAC algorithms are ignored and there doesn't have to be
+a matching MAC.
+
+1.7 transport: chacha20-poly1305%openssh.com@localhost authenticated encryption
+
+OpenSSH supports authenticated encryption using ChaCha20 and Poly1305
+as described in PROTOCOL.chacha20poly1305.
+
+1.8 transport: curve25519-sha256%libssh.org@localhost key exchange algorithm
+
+OpenSSH supports the use of ECDH in Curve25519 for key exchange as
+described at:
+http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256%libssh.org.txt@localhost?h=curve25519
+
Home |
Main Index |
Thread Index |
Old Index