Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src Pull up blacklistd(8), requested by christos in ticket #711:
details: https://anonhg.NetBSD.org/src/rev/0769ab85259f
branches: netbsd-7
changeset: 799260:0769ab85259f
user: riz <riz%NetBSD.org@localhost>
date: Thu Apr 30 06:07:29 2015 +0000
description:
Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h up to 1.1
crypto/external/bsd/openssh/dist/blocks.c up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c up to 1.2
crypto/external/bsd/openssh/dist/chacha.c up to 1.3
crypto/external/bsd/openssh/dist/chacha.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.c up to 1.3
crypto/external/bsd/openssh/dist/hmac.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c up to 1.3
crypto/external/bsd/openssh/dist/opacket.c up to 1.2
crypto/external/bsd/openssh/dist/umac128.c up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h up to 1.2
crypto/external/bsd/openssh/dist/opacket.h up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c delete
crypto/external/bsd/openssh/dist/compress.c delete
crypto/external/bsd/openssh/dist/compress.h delete
crypto/external/bsd/openssh/dist/jpake.c delete
crypto/external/bsd/openssh/dist/jpake.h delete
crypto/external/bsd/openssh/dist/schnorr.c delete
crypto/external/bsd/openssh/dist/schnorr.h delete
crypto/external/bsd/openssh/dist/strtonum.c 1.1
crypto/external/bsd/openssh/Makefile.inc up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c up to 1.10
crypto/external/bsd/openssh/dist/auth.c up to 1.12
crypto/external/bsd/openssh/dist/auth.h up to 1.10
crypto/external/bsd/openssh/dist/auth1.c up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c up to 1.11
crypto/external/bsd/openssh/dist/authfd.c up to 1.8
crypto/external/bsd/openssh/dist/authfd.h up to 1.5
crypto/external/bsd/openssh/dist/authfile.c up to 1.10
crypto/external/bsd/openssh/dist/authfile.h up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c up to 1.5
crypto/external/bsd/openssh/dist/bufec.c up to 1.5
crypto/external/bsd/openssh/dist/buffer.c up to 1.6
crypto/external/bsd/openssh/dist/buffer.h up to 1.7
crypto/external/bsd/openssh/dist/canohost.c up to 1.8
crypto/external/bsd/openssh/dist/channels.c up to 1.13
crypto/external/bsd/openssh/dist/channels.h up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c up to 1.6
crypto/external/bsd/openssh/dist/cipher.c up to 1.7
crypto/external/bsd/openssh/dist/cipher.h up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c up to 1.13
crypto/external/bsd/openssh/dist/compat.c up to 1.9
crypto/external/bsd/openssh/dist/compat.h up to 1.6
crypto/external/bsd/openssh/dist/deattack.c up to 1.4
crypto/external/bsd/openssh/dist/deattack.h up to 1.4
crypto/external/bsd/openssh/dist/dh.c up to 1.8
crypto/external/bsd/openssh/dist/dh.h up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h up to 1.4
crypto/external/bsd/openssh/dist/dns.c up to 1.11
crypto/external/bsd/openssh/dist/dns.h up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h up to 1.7
crypto/external/bsd/openssh/dist/includes.h up to 1.4
crypto/external/bsd/openssh/dist/kex.c up to 1.10
crypto/external/bsd/openssh/dist/kex.h up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c up to 1.8
crypto/external/bsd/openssh/dist/key.c up to 1.16
crypto/external/bsd/openssh/dist/key.h up to 1.9
crypto/external/bsd/openssh/dist/krl.c up to 1.5
crypto/external/bsd/openssh/dist/krl.h up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c up to 1.11
crypto/external/bsd/openssh/dist/mac.h up to 1.5
crypto/external/bsd/openssh/dist/match.c up to 1.5
crypto/external/bsd/openssh/dist/misc.c up to 1.10
crypto/external/bsd/openssh/dist/misc.h up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c up to 1.8
crypto/external/bsd/openssh/dist/monitor.c up to 1.14
crypto/external/bsd/openssh/dist/monitor.h up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c up to 1.4
crypto/external/bsd/openssh/dist/msg.h up to 1.4
crypto/external/bsd/openssh/dist/mux.c up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h up to 1.10
crypto/external/bsd/openssh/dist/namespace.h up to 1.5
crypto/external/bsd/openssh/dist/packet.c up to 1.18
crypto/external/bsd/openssh/dist/packet.h up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c up to 1.13
crypto/external/bsd/openssh/dist/readconf.h up to 1.12
crypto/external/bsd/openssh/dist/readpass.c up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c up to 1.5
crypto/external/bsd/openssh/dist/rsa.h up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1 up to 1.9
crypto/external/bsd/openssh/dist/scp.c up to 1.11
crypto/external/bsd/openssh/dist/servconf.c up to 1.17
crypto/external/bsd/openssh/dist/servconf.h up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c up to 1.12
crypto/external/bsd/openssh/dist/session.c up to 1.14
crypto/external/bsd/openssh/dist/session.h up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8 up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c up to 1.11
crypto/external/bsd/openssh/dist/sftp.1 up to 1.11
crypto/external/bsd/openssh/dist/sftp.c up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1 up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1 up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1 up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1 up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8 up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c up to 1.7
crypto/external/bsd/openssh/dist/ssh.1 up to 1.14
crypto/external/bsd/openssh/dist/ssh.c up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h up to 1.6
crypto/external/bsd/openssh/dist/ssh_config up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5 up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c up to 1.19
crypto/external/bsd/openssh/dist/sshd.8 up to 1.13
crypto/external/bsd/openssh/dist/sshd.c up to 1.18
crypto/external/bsd/openssh/dist/sshd_config up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5 up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c up to 1.4
crypto/external/bsd/openssh/dist/umac.c up to 1.9
crypto/external/bsd/openssh/dist/version.h up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c up to 1.5
crypto/external/bsd/openssh/lib/Makefile up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version up to 1.13
distrib/sets/lists/base/ad.aarch64 patch
distrib/sets/lists/base/ad.arm patch
distrib/sets/lists/base/ad.mips patch
distrib/sets/lists/base/ad.powerpc patch
distrib/sets/lists/base/md.amd64 patch
distrib/sets/lists/base/md.sparc64 patch
distrib/sets/lists/base/mi patch
distrib/sets/lists/base/shl.mi patch
distrib/sets/lists/comp/ad.aarch64 patch
distrib/sets/lists/comp/ad.arm patch
distrib/sets/lists/comp/ad.mips patch
distrib/sets/lists/comp/ad.powerpc patch
distrib/sets/lists/comp/md.amd64 patch
distrib/sets/lists/comp/md.sparc64 patch
distrib/sets/lists/comp/mi patch
distrib/sets/lists/comp/shl.mi patch
distrib/sets/lists/debug/ad.aarch64 patch
distrib/sets/lists/debug/ad.arm patch
distrib/sets/lists/debug/ad.mips patch
distrib/sets/lists/debug/ad.powerpc patch
distrib/sets/lists/debug/md.amd64 patch
distrib/sets/lists/debug/md.sparc64 patch
distrib/sets/lists/debug/shl.mi patch
distrib/sets/lists/etc/mi patch
distrib/sets/lists/man/mi patch
etc/defaults/rc.conf 1.130
etc/mtree/NetBSD.dist.base 1.142
external/bsd/Makefile up to 1.48
external/bsd/blacklist/bin/Makefile up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8 up to 1.6
external/bsd/blacklist/bin/blacklistctl.c up to 1.17
external/bsd/blacklist/bin/blacklistd.8 up to 1.10
external/bsd/blacklist/bin/blacklistd.c up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5 up to 1.2
external/bsd/blacklist/bin/conf.c up to 1.18
external/bsd/blacklist/bin/conf.h up to 1.6
external/bsd/blacklist/bin/internal.c up to 1.5
external/bsd/blacklist/bin/internal.h up to 1.12
external/bsd/blacklist/bin/run.c up to 1.12
external/bsd/blacklist/bin/run.h up to 1.5
external/bsd/blacklist/bin/state.c up to 1.15
external/bsd/blacklist/bin/state.h up to 1.5
external/bsd/blacklist/bin/support.c up to 1.6
external/bsd/blacklist/bin/support.h up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd up to 1.1
external/bsd/blacklist/etc/Makefile up to 1.3
external/bsd/blacklist/etc/blacklistd.conf up to 1.3
external/bsd/blacklist/etc/npf.conf up to 1.1
external/bsd/blacklist/Makefile up to 1.2
external/bsd/blacklist/Makefile.inc up to 1.3
external/bsd/blacklist/README up to 1.7
external/bsd/blacklist/TODO up to 1.7
external/bsd/blacklist/diff/ftpd.diff up to 1.1
external/bsd/blacklist/diff/named.diff up to 1.6
external/bsd/blacklist/diff/ssh.diff up to 1.6
external/bsd/blacklist/include/Makefile up to 1.1
external/bsd/blacklist/include/bl.h up to 1.12
external/bsd/blacklist/include/blacklist.h up to 1.3
external/bsd/blacklist/include/config.h new
external/bsd/blacklist/lib/Makefile up to 1.3
external/bsd/blacklist/lib/bl.c up to 1.24
external/bsd/blacklist/lib/blacklist.c up to 1.5
external/bsd/blacklist/lib/libblacklist.3 up to 1.3
external/bsd/blacklist/lib/shlib_version up to 1.1
external/bsd/blacklist/libexec/Makefile up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore up to 1.1
external/bsd/blacklist/port/Makefile.am up to 1.4
external/bsd/blacklist/port/_strtoi.h up to 1.1
external/bsd/blacklist/port/clock_gettime.c up to 1.2
external/bsd/blacklist/port/configure.ac up to 1.7
external/bsd/blacklist/port/fgetln.c up to 1.1
external/bsd/blacklist/port/fparseln.c up to 1.1
external/bsd/blacklist/port/getprogname.c up to 1.4
external/bsd/blacklist/port/pidfile.c up to 1.1
external/bsd/blacklist/port/popenve.c up to 1.2
external/bsd/blacklist/port/port.h up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c up to 1.2
external/bsd/blacklist/port/strlcpy.c up to 1.2
external/bsd/blacklist/port/strtoi.c up to 1.3
external/bsd/blacklist/test/Makefile up to 1.2
external/bsd/blacklist/test/cltest.c up to 1.6
external/bsd/blacklist/test/srvtest.c up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c up to 1.23
libexec/ftpd/pfilter.c up to 1.1
libexec/ftpd/pfilter.h up to 1.1
libexec/ftpd/Makefile up to 1.64
libexec/ftpd/ftpd.c up to 1.201
Add blacklistd(8), a daemon to block and release network ports
on demand to mitigate abuse, and related changes to system daemons
to support it.
[christos, ticket #711]
diffstat:
crypto/external/bsd/openssh/Makefile.inc | 13 +-
crypto/external/bsd/openssh/bin/Makefile.inc | 3 +-
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile | 4 +-
crypto/external/bsd/openssh/bin/sshd/Makefile | 12 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 130 +-
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 | 105 +
crypto/external/bsd/openssh/dist/PROTOCOL.key | 68 +
crypto/external/bsd/openssh/dist/PROTOCOL.krl | 9 +-
crypto/external/bsd/openssh/dist/addrmatch.c | 10 +-
crypto/external/bsd/openssh/dist/atomicio.c | 7 +-
crypto/external/bsd/openssh/dist/auth-bsdauth.c | 13 +-
crypto/external/bsd/openssh/dist/auth-chall.c | 10 +-
crypto/external/bsd/openssh/dist/auth-krb5.c | 5 +-
crypto/external/bsd/openssh/dist/auth-options.c | 103 +-
crypto/external/bsd/openssh/dist/auth-options.h | 6 +-
crypto/external/bsd/openssh/dist/auth-passwd.c | 7 +-
crypto/external/bsd/openssh/dist/auth-rh-rsa.c | 7 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 70 +-
crypto/external/bsd/openssh/dist/auth-rsa.c | 44 +-
crypto/external/bsd/openssh/dist/auth.c | 88 +-
crypto/external/bsd/openssh/dist/auth.h | 28 +-
crypto/external/bsd/openssh/dist/auth1.c | 17 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 18 +-
crypto/external/bsd/openssh/dist/auth2-gss.c | 34 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 47 +-
crypto/external/bsd/openssh/dist/auth2-jpake.c | 564 -
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 7 +-
crypto/external/bsd/openssh/dist/auth2-krb5.c | 5 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 9 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 11 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 101 +-
crypto/external/bsd/openssh/dist/auth2.c | 46 +-
crypto/external/bsd/openssh/dist/authfd.c | 919 +-
crypto/external/bsd/openssh/dist/authfd.h | 62 +-
crypto/external/bsd/openssh/dist/authfile.c | 1083 +--
crypto/external/bsd/openssh/dist/authfile.h | 65 +-
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c | 174 +
crypto/external/bsd/openssh/dist/bitmap.c | 216 +
crypto/external/bsd/openssh/dist/bitmap.h | 58 +
crypto/external/bsd/openssh/dist/blf.h | 88 +
crypto/external/bsd/openssh/dist/blocks.c | 248 +
crypto/external/bsd/openssh/dist/blowfish.c | 695 ++
crypto/external/bsd/openssh/dist/bufaux.c | 280 +-
crypto/external/bsd/openssh/dist/bufbn.c | 203 +-
crypto/external/bsd/openssh/dist/bufec.c | 106 +-
crypto/external/bsd/openssh/dist/buffer.c | 247 +-
crypto/external/bsd/openssh/dist/buffer.h | 68 +-
crypto/external/bsd/openssh/dist/canohost.c | 50 +-
crypto/external/bsd/openssh/dist/chacha.c | 221 +
crypto/external/bsd/openssh/dist/chacha.h | 35 +
crypto/external/bsd/openssh/dist/channels.c | 813 +-
crypto/external/bsd/openssh/dist/channels.h | 61 +-
crypto/external/bsd/openssh/dist/cipher-3des1.c | 64 +-
crypto/external/bsd/openssh/dist/cipher-aesctr.c | 78 +
crypto/external/bsd/openssh/dist/cipher-aesctr.h | 35 +
crypto/external/bsd/openssh/dist/cipher-bf1.c | 23 +-
crypto/external/bsd/openssh/dist/cipher-chachapoly.c | 119 +
crypto/external/bsd/openssh/dist/cipher-chachapoly.h | 41 +
crypto/external/bsd/openssh/dist/cipher.c | 469 +-
crypto/external/bsd/openssh/dist/cipher.h | 65 +-
crypto/external/bsd/openssh/dist/clientloop.c | 557 +-
crypto/external/bsd/openssh/dist/compat.c | 107 +-
crypto/external/bsd/openssh/dist/compat.h | 13 +-
crypto/external/bsd/openssh/dist/compress.c | 168 -
crypto/external/bsd/openssh/dist/compress.h | 26 -
crypto/external/bsd/openssh/dist/crypto_api.h | 42 +
crypto/external/bsd/openssh/dist/deattack.c | 82 +-
crypto/external/bsd/openssh/dist/deattack.h | 13 +-
crypto/external/bsd/openssh/dist/dh.c | 98 +-
crypto/external/bsd/openssh/dist/dh.h | 9 +-
crypto/external/bsd/openssh/dist/digest-libc.c | 259 +
crypto/external/bsd/openssh/dist/digest-openssl.c | 189 +
crypto/external/bsd/openssh/dist/digest.h | 71 +
crypto/external/bsd/openssh/dist/dispatch.c | 126 +-
crypto/external/bsd/openssh/dist/dispatch.h | 38 +-
crypto/external/bsd/openssh/dist/dns.c | 52 +-
crypto/external/bsd/openssh/dist/dns.h | 12 +-
crypto/external/bsd/openssh/dist/ed25519.c | 145 +
crypto/external/bsd/openssh/dist/fe25519.c | 337 +
crypto/external/bsd/openssh/dist/fe25519.h | 70 +
crypto/external/bsd/openssh/dist/ge25519.c | 321 +
crypto/external/bsd/openssh/dist/ge25519.h | 43 +
crypto/external/bsd/openssh/dist/ge25519_base.data | 858 ++
crypto/external/bsd/openssh/dist/groupaccess.c | 8 +-
crypto/external/bsd/openssh/dist/gss-genr.c | 5 +-
crypto/external/bsd/openssh/dist/gss-serv-krb5.c | 5 +-
crypto/external/bsd/openssh/dist/gss-serv.c | 35 +-
crypto/external/bsd/openssh/dist/hash.c | 76 +
crypto/external/bsd/openssh/dist/hmac.c | 197 +
crypto/external/bsd/openssh/dist/hmac.h | 38 +
crypto/external/bsd/openssh/dist/hostfile.c | 669 +-
crypto/external/bsd/openssh/dist/hostfile.h | 66 +-
crypto/external/bsd/openssh/dist/includes.h | 8 +-
crypto/external/bsd/openssh/dist/jpake.c | 457 -
crypto/external/bsd/openssh/dist/jpake.h | 115 -
crypto/external/bsd/openssh/dist/kex.c | 722 +-
crypto/external/bsd/openssh/dist/kex.h | 168 +-
crypto/external/bsd/openssh/dist/kexc25519.c | 128 +
crypto/external/bsd/openssh/dist/kexc25519c.c | 170 +
crypto/external/bsd/openssh/dist/kexc25519s.c | 159 +
crypto/external/bsd/openssh/dist/kexdh.c | 94 +-
crypto/external/bsd/openssh/dist/kexdhc.c | 200 +-
crypto/external/bsd/openssh/dist/kexdhs.c | 193 +-
crypto/external/bsd/openssh/dist/kexecdh.c | 91 +-
crypto/external/bsd/openssh/dist/kexecdhc.c | 212 +-
crypto/external/bsd/openssh/dist/kexecdhs.c | 195 +-
crypto/external/bsd/openssh/dist/kexgex.c | 111 +-
crypto/external/bsd/openssh/dist/kexgexc.c | 305 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 264 +-
crypto/external/bsd/openssh/dist/key.c | 2310 +------
crypto/external/bsd/openssh/dist/key.h | 158 +-
crypto/external/bsd/openssh/dist/krl.c | 865 +-
crypto/external/bsd/openssh/dist/krl.h | 38 +-
crypto/external/bsd/openssh/dist/mac.c | 195 +-
crypto/external/bsd/openssh/dist/mac.h | 34 +-
crypto/external/bsd/openssh/dist/match.c | 10 +-
crypto/external/bsd/openssh/dist/misc.c | 91 +-
crypto/external/bsd/openssh/dist/misc.h | 69 +-
crypto/external/bsd/openssh/dist/moduli-gen/Makefile | 32 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli | 295 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh | 33 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 | 48 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 | 34 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 | 34 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 39 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 35 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 37 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 31 +
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 35 +
crypto/external/bsd/openssh/dist/moduli.c | 118 +-
crypto/external/bsd/openssh/dist/monitor.c | 640 +-
crypto/external/bsd/openssh/dist/monitor.h | 6 +-
crypto/external/bsd/openssh/dist/monitor_fdpass.c | 8 +-
crypto/external/bsd/openssh/dist/monitor_mm.c | 39 +-
crypto/external/bsd/openssh/dist/monitor_mm.h | 6 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 429 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 30 +-
crypto/external/bsd/openssh/dist/msg.c | 29 +-
crypto/external/bsd/openssh/dist/msg.h | 9 +-
crypto/external/bsd/openssh/dist/mux.c | 284 +-
crypto/external/bsd/openssh/dist/myproposal.h | 113 +-
crypto/external/bsd/openssh/dist/namespace.h | 3 +-
crypto/external/bsd/openssh/dist/opacket.c | 330 +
crypto/external/bsd/openssh/dist/opacket.h | 171 +
crypto/external/bsd/openssh/dist/packet.c | 2894 +++++---
crypto/external/bsd/openssh/dist/packet.h | 233 +-
crypto/external/bsd/openssh/dist/pathnames.h | 6 +-
crypto/external/bsd/openssh/dist/pfilter.c | 35 +
crypto/external/bsd/openssh/dist/pfilter.h | 3 +
crypto/external/bsd/openssh/dist/pkcs11.h | 20 +-
crypto/external/bsd/openssh/dist/poly1305.c | 158 +
crypto/external/bsd/openssh/dist/poly1305.h | 22 +
crypto/external/bsd/openssh/dist/progressmeter.c | 16 +-
crypto/external/bsd/openssh/dist/progressmeter.h | 6 +-
crypto/external/bsd/openssh/dist/readconf.c | 1260 +++-
crypto/external/bsd/openssh/dist/readconf.h | 78 +-
crypto/external/bsd/openssh/dist/readpass.c | 12 +-
crypto/external/bsd/openssh/dist/reallocarray.c | 41 +
crypto/external/bsd/openssh/dist/rijndael.c | 1126 +++
crypto/external/bsd/openssh/dist/rijndael.h | 44 +
crypto/external/bsd/openssh/dist/roaming_client.c | 28 +-
crypto/external/bsd/openssh/dist/roaming_common.c | 23 +-
crypto/external/bsd/openssh/dist/roaming_dummy.c | 15 +-
crypto/external/bsd/openssh/dist/rsa.c | 119 +-
crypto/external/bsd/openssh/dist/rsa.h | 8 +-
crypto/external/bsd/openssh/dist/sandbox-systrace.c | 16 +-
crypto/external/bsd/openssh/dist/sc25519.c | 308 +
crypto/external/bsd/openssh/dist/sc25519.h | 80 +
crypto/external/bsd/openssh/dist/schnorr.c | 676 --
crypto/external/bsd/openssh/dist/schnorr.h | 61 -
crypto/external/bsd/openssh/dist/scp.1 | 30 +-
crypto/external/bsd/openssh/dist/scp.c | 23 +-
crypto/external/bsd/openssh/dist/servconf.c | 320 +-
crypto/external/bsd/openssh/dist/servconf.h | 20 +-
crypto/external/bsd/openssh/dist/serverloop.c | 242 +-
crypto/external/bsd/openssh/dist/session.c | 129 +-
crypto/external/bsd/openssh/dist/session.h | 5 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 987 +-
crypto/external/bsd/openssh/dist/sftp-client.h | 38 +-
crypto/external/bsd/openssh/dist/sftp-common.c | 107 +-
crypto/external/bsd/openssh/dist/sftp-common.h | 9 +-
crypto/external/bsd/openssh/dist/sftp-glob.c | 9 +-
crypto/external/bsd/openssh/dist/sftp-server.8 | 48 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 982 +-
crypto/external/bsd/openssh/dist/sftp.1 | 74 +-
crypto/external/bsd/openssh/dist/sftp.c | 315 +-
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c | 268 +
crypto/external/bsd/openssh/dist/ssh-add.1 | 20 +-
crypto/external/bsd/openssh/dist/ssh-add.c | 343 +-
crypto/external/bsd/openssh/dist/ssh-agent.1 | 63 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 743 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 243 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 233 +-
crypto/external/bsd/openssh/dist/ssh-ed25519.c | 166 +
crypto/external/bsd/openssh/dist/ssh-gss.h | 6 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 81 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 1295 ++-
crypto/external/bsd/openssh/dist/ssh-keyscan.1 | 41 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 180 +-
crypto/external/bsd/openssh/dist/ssh-keysign.8 | 8 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 157 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 8 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c | 14 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.c | 154 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11.h | 10 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 304 +-
crypto/external/bsd/openssh/dist/ssh.1 | 107 +-
crypto/external/bsd/openssh/dist/ssh.c | 687 +-
crypto/external/bsd/openssh/dist/ssh2.h | 10 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 533 +
crypto/external/bsd/openssh/dist/ssh_api.h | 137 +
crypto/external/bsd/openssh/dist/ssh_config | 6 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 430 +-
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c | 462 +
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c | 218 +
crypto/external/bsd/openssh/dist/sshbuf-misc.c | 136 +
crypto/external/bsd/openssh/dist/sshbuf.c | 406 +
crypto/external/bsd/openssh/dist/sshbuf.h | 331 +
crypto/external/bsd/openssh/dist/sshconnect.c | 444 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 10 +-
crypto/external/bsd/openssh/dist/sshconnect1.c | 132 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 937 +-
crypto/external/bsd/openssh/dist/sshd.8 | 55 +-
crypto/external/bsd/openssh/dist/sshd.c | 500 +-
crypto/external/bsd/openssh/dist/sshd_config | 19 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 343 +-
crypto/external/bsd/openssh/dist/ssherr.c | 148 +
crypto/external/bsd/openssh/dist/ssherr.h | 84 +
crypto/external/bsd/openssh/dist/sshkey.c | 3886 ++++++++++++
crypto/external/bsd/openssh/dist/sshkey.h | 221 +
crypto/external/bsd/openssh/dist/sshlogin.c | 18 +-
crypto/external/bsd/openssh/dist/sshpty.c | 15 +-
crypto/external/bsd/openssh/dist/uidswap.c | 8 +-
crypto/external/bsd/openssh/dist/umac.c | 120 +-
crypto/external/bsd/openssh/dist/umac128.c | 6 +
crypto/external/bsd/openssh/dist/verify.c | 49 +
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/dist/xmalloc.c | 25 +-
crypto/external/bsd/openssh/lib/Makefile | 64 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
distrib/sets/lists/base/ad.aarch64 | 18 +-
distrib/sets/lists/base/ad.arm | 8 +-
distrib/sets/lists/base/ad.mips | 14 +-
distrib/sets/lists/base/ad.powerpc | 8 +-
distrib/sets/lists/base/md.amd64 | 8 +-
distrib/sets/lists/base/md.sparc64 | 8 +-
distrib/sets/lists/base/mi | 8 +-
distrib/sets/lists/base/shl.mi | 12 +-
distrib/sets/lists/comp/ad.aarch64 | 10 +-
distrib/sets/lists/comp/ad.arm | 6 +-
distrib/sets/lists/comp/ad.mips | 10 +-
distrib/sets/lists/comp/ad.powerpc | 6 +-
distrib/sets/lists/comp/md.amd64 | 6 +-
distrib/sets/lists/comp/md.sparc64 | 6 +-
distrib/sets/lists/comp/mi | 31 +-
distrib/sets/lists/comp/shl.mi | 3 +-
distrib/sets/lists/debug/ad.aarch64 | 10 +-
distrib/sets/lists/debug/ad.arm | 5 +-
distrib/sets/lists/debug/ad.mips | 8 +-
distrib/sets/lists/debug/ad.powerpc | 6 +-
distrib/sets/lists/debug/md.amd64 | 6 +-
distrib/sets/lists/debug/md.evbmips | 4 +-
distrib/sets/lists/debug/md.sparc64 | 6 +-
distrib/sets/lists/debug/mi | 9 +-
distrib/sets/lists/debug/shl.mi | 6 +-
distrib/sets/lists/etc/mi | 3 +-
distrib/sets/lists/man/mi | 10 +-
etc/defaults/rc.conf | 5 +-
etc/mtree/NetBSD.dist.base | 3 +-
external/bsd/Makefile | 4 +-
external/bsd/bind/bin/named/Makefile | 6 +-
external/bsd/bind/dist/bin/named/client.c | 5 +-
external/bsd/bind/dist/bin/named/main.c | 15 +-
external/bsd/bind/dist/bin/named/pfilter.c | 47 +
external/bsd/bind/dist/bin/named/pfilter.h | 2 +
external/bsd/bind/dist/bin/named/query.c | 8 +-
external/bsd/bind/dist/bin/named/update.c | 7 +-
external/bsd/bind/dist/bin/named/xfrout.c | 5 +-
external/bsd/bind/dist/contrib/zkt-1.1.2/tags | 448 -
external/bsd/bind/dist/doc/arm/Bv9ARM.pdf | Bin
external/bsd/blacklist/Makefile | 5 +
external/bsd/blacklist/Makefile.inc | 10 +
external/bsd/blacklist/README | 103 +
external/bsd/blacklist/TODO | 21 +
external/bsd/blacklist/bin/Makefile | 20 +
external/bsd/blacklist/bin/blacklistctl.8 | 81 +
external/bsd/blacklist/bin/blacklistctl.c | 145 +
external/bsd/blacklist/bin/blacklistd.8 | 164 +
external/bsd/blacklist/bin/blacklistd.c | 532 +
external/bsd/blacklist/bin/blacklistd.conf.5 | 222 +
external/bsd/blacklist/bin/conf.c | 1167 +++
external/bsd/blacklist/bin/conf.h | 65 +
external/bsd/blacklist/bin/internal.c | 48 +
external/bsd/blacklist/bin/internal.h | 53 +
external/bsd/blacklist/bin/run.c | 144 +
external/bsd/blacklist/bin/run.h | 41 +
external/bsd/blacklist/bin/state.c | 240 +
external/bsd/blacklist/bin/state.h | 62 +
external/bsd/blacklist/bin/support.c | 133 +
external/bsd/blacklist/bin/support.h | 43 +
external/bsd/blacklist/diff/ftpd.diff | 91 +
external/bsd/blacklist/diff/named.diff | 216 +
external/bsd/blacklist/diff/ssh.diff | 177 +
external/bsd/blacklist/etc/Makefile | 10 +
external/bsd/blacklist/etc/blacklistd.conf | 18 +
external/bsd/blacklist/etc/npf.conf | 15 +
external/bsd/blacklist/etc/rc.d/Makefile | 6 +
external/bsd/blacklist/etc/rc.d/blacklistd | 57 +
external/bsd/blacklist/include/Makefile | 10 +
external/bsd/blacklist/include/bl.h | 76 +
external/bsd/blacklist/include/blacklist.h | 46 +
external/bsd/blacklist/include/config.h | 6 +
external/bsd/blacklist/lib/Makefile | 15 +
external/bsd/blacklist/lib/bl.c | 473 +
external/bsd/blacklist/lib/blacklist.c | 88 +
external/bsd/blacklist/lib/libblacklist.3 | 125 +
external/bsd/blacklist/lib/shlib_version | 2 +
external/bsd/blacklist/libexec/Makefile | 6 +
external/bsd/blacklist/libexec/blacklistd-helper | 26 +
external/bsd/blacklist/port/Makefile.am | 25 +
external/bsd/blacklist/port/_strtoi.h | 93 +
external/bsd/blacklist/port/clock_gettime.c | 17 +
external/bsd/blacklist/port/configure.ac | 91 +
external/bsd/blacklist/port/fgetln.c | 106 +
external/bsd/blacklist/port/fparseln.c | 236 +
external/bsd/blacklist/port/getprogname.c | 24 +
external/bsd/blacklist/port/m4/.cvsignore | 1 +
external/bsd/blacklist/port/pidfile.c | 180 +
external/bsd/blacklist/port/popenve.c | 274 +
external/bsd/blacklist/port/port.h | 84 +
external/bsd/blacklist/port/sockaddr_snprintf.c | 380 +
external/bsd/blacklist/port/strlcat.c | 96 +
external/bsd/blacklist/port/strlcpy.c | 78 +
external/bsd/blacklist/port/strtoi.c | 61 +
external/bsd/blacklist/test/Makefile | 11 +
external/bsd/blacklist/test/cltest.c | 136 +
external/bsd/blacklist/test/srvtest.c | 208 +
lib/Makefile | 3 +-
lib/libpam/modules/pam_ssh/pam_ssh.c | 16 +-
libexec/ftpd/Makefile | 6 +-
libexec/ftpd/ftpd.c | 10 +-
libexec/ftpd/pfilter.c | 24 +
libexec/ftpd/pfilter.h | 2 +
343 files changed, 40120 insertions(+), 16268 deletions(-)
diffs (truncated from 76592 to 300 lines):
diff -r cdb9e997e171 -r 0769ab85259f crypto/external/bsd/openssh/Makefile.inc
--- a/crypto/external/bsd/openssh/Makefile.inc Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/Makefile.inc Thu Apr 30 06:07:29 2015 +0000
@@ -1,21 +1,22 @@
-# $NetBSD: Makefile.inc,v 1.5.22.1 2015/03/09 07:46:05 snj Exp $
+# $NetBSD: Makefile.inc,v 1.5.22.2 2015/04/30 06:07:29 riz Exp $
WARNS?= 4
.include <bsd.own.mk>
USE_FORT?= yes # network client/server
+WITH_OPENSSL=1
SSHDIST?= ${NETBSDSRCDIR}/crypto/external/bsd/openssh/dist
CPPFLAGS+=-I${SSHDIST}
-CPPFLAGS+= -DHAVE_HEADER_AD
-CPPFLAGS+= -DHAVE_LOGIN_CAP
-CPPFLAGS+= -DHAVE_MMAP
-CPPFLAGS+= -DHAVE_OPENPTY
+CPPFLAGS+=-DHAVE_DLOPEN
+CPPFLAGS+=-DHAVE_HEADER_AD
+CPPFLAGS+=-DHAVE_LOGIN_CAP
+CPPFLAGS+=-DHAVE_STDLIB_H
-CPPFLAGS+=-DENABLE_PKCS11
+CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
.if !defined(NOPIC)
CPPFLAGS+=-DHAVE_DLOPEN
.endif
diff -r cdb9e997e171 -r 0769ab85259f crypto/external/bsd/openssh/bin/Makefile.inc
--- a/crypto/external/bsd/openssh/bin/Makefile.inc Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/bin/Makefile.inc Thu Apr 30 06:07:29 2015 +0000
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile.inc,v 1.2 2009/12/19 18:00:26 christos Exp $
+# $NetBSD: Makefile.inc,v 1.2.26.1 2015/04/30 06:07:29 riz Exp $
+CPPFLAGS+=-DWITH_OPENSSL
LDADD+= -lssh -lcrypto -lcrypt -lz
DPADD+= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ}
diff -r cdb9e997e171 -r 0769ab85259f crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile Thu Apr 30 06:07:29 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.1 2009/06/07 22:38:45 christos Exp $
+# $NetBSD: Makefile,v 1.1.26.1 2015/04/30 06:07:29 riz Exp $
BINDIR= /usr/bin
PROG= ssh-keyscan
-SRCS= ssh-keyscan.c
+SRCS= ssh-keyscan.c ssh_api.c kexdhs.c kexgexs.c kexecdhs.c
MAN= ssh-keyscan.1
.include <bsd.prog.mk>
diff -r cdb9e997e171 -r 0769ab85259f crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile Thu Apr 30 06:07:29 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.9 2012/08/10 12:20:12 joerg Exp $
+# $NetBSD: Makefile,v 1.9.12.1 2015/04/30 06:07:29 riz Exp $
.include <bsd.own.mk>
@@ -15,8 +15,7 @@
auth2-none.c auth2-passwd.c auth2-pubkey.c \
monitor_mm.c monitor.c monitor_wrap.c \
kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
- auth2-jpake.c \
- roaming_common.c roaming_serv.c sandbox-rlimit.c
+ roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
COPTS.auth-options.c= -Wno-pointer-sign
COPTS.ldapauth.c= -Wno-format-nonliteral # XXX: should fix
@@ -69,3 +68,10 @@
LDADD+= -lwrap
DPADD+= ${LIBWRAP}
+
+.ifdef CRUNCHEDPROG
+CPPFLAGS+=-DSMALL
+.else
+LDADD+= -lblacklist
+DPADD+= ${LIBBLACKLIST}
+.endif
diff -r cdb9e997e171 -r 0769ab85259f crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Wed Apr 29 20:35:02 2015 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Thu Apr 30 06:07:29 2015 +0000
@@ -40,8 +40,8 @@
"ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost"
OpenSSH introduces new public key algorithms to support certificate
-authentication for users and hostkeys. These methods are documented in
-the file PROTOCOL.certkeys
+authentication for users and host keys. These methods are documented
+in the file PROTOCOL.certkeys
1.4. transport: Elliptic Curve cryptography
@@ -91,6 +91,17 @@
the exchanged MAC algorithms are ignored and there doesn't have to be
a matching MAC.
+1.7 transport: chacha20-poly1305%openssh.com@localhost authenticated encryption
+
+OpenSSH supports authenticated encryption using ChaCha20 and Poly1305
+as described in PROTOCOL.chacha20poly1305.
+
+1.8 transport: curve25519-sha256%libssh.org@localhost key exchange algorithm
+
+OpenSSH supports the use of ECDH in Curve25519 for key exchange as
+described at:
+http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256%libssh.org.txt@localhost?h=curve25519
+
2. Connection protocol changes
2.1. connection: Channel write close extension "eow%openssh.com@localhost"
@@ -221,6 +232,103 @@
The "frame" field contains an IEEE 802.3 Ethernet frame, including
header.
+2.4. connection: Unix domain socket forwarding
+
+OpenSSH supports local and remote Unix domain socket forwarding
+using the "streamlocal" extension. Forwarding is initiated as per
+TCP sockets but with a single path instead of a host and port.
+
+Similar to direct-tcpip, direct-streamlocal is sent by the client
+to request that the server make a connection to a Unix domain socket.
+
+ byte SSH_MSG_CHANNEL_OPEN
+ string "direct-streamlocal%openssh.com@localhost"
+ uint32 sender channel
+ uint32 initial window size
+ uint32 maximum packet size
+ string socket path
+ string reserved for future use
+
+Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
+server when the client has previously send the server a streamlocal-forward
+GLOBAL_REQUEST.
+
+ byte SSH_MSG_CHANNEL_OPEN
+ string "forwarded-streamlocal%openssh.com@localhost"
+ uint32 sender channel
+ uint32 initial window size
+ uint32 maximum packet size
+ string socket path
+ string reserved for future use
+
+The reserved field is not currently defined and is ignored on the
+remote end. It is intended to be used in the future to pass
+information about the socket file, such as ownership and mode.
+The client currently sends the empty string for this field.
+
+Similar to tcpip-forward, streamlocal-forward is sent by the client
+to request remote forwarding of a Unix domain socket.
+
+ byte SSH2_MSG_GLOBAL_REQUEST
+ string "streamlocal-forward%openssh.com@localhost"
+ boolean TRUE
+ string socket path
+
+Similar to cancel-tcpip-forward, cancel-streamlocal-forward is sent
+by the client cancel the forwarding of a Unix domain socket.
+
+ byte SSH2_MSG_GLOBAL_REQUEST
+ string "cancel-streamlocal-forward%openssh.com@localhost"
+ boolean FALSE
+ string socket path
+
+2.5. connection: hostkey update and rotation "hostkeys-00%openssh.com@localhost"
+and "hostkeys-prove-00%openssh.com@localhost"
+
+OpenSSH supports a protocol extension allowing a server to inform
+a client of all its protocol v.2 host keys after user-authentication
+has completed.
+
+ byte SSH_MSG_GLOBAL_REQUEST
+ string "hostkeys-00%openssh.com@localhost"
+ string[] hostkeys
+
+Upon receiving this message, a client should check which of the
+supplied host keys are present in known_hosts. For keys that are
+not present, it should send a "hostkeys-prove%openssh.com@localhost" message
+to request the server prove ownership of the private half of the
+key.
+
+ byte SSH_MSG_GLOBAL_REQUEST
+ string "hostkeys-prove-00%openssh.com@localhost"
+ char 1 /* want-reply */
+ string[] hostkeys
+
+When a server receives this message, it should generate a signature
+using each requested key over the following:
+
+ string "hostkeys-prove-00%openssh.com@localhost"
+ string session identifier
+ string hostkey
+
+These signatures should be included in the reply, in the order matching
+the hostkeys in the request:
+
+ byte SSH_MSG_REQUEST_SUCCESS
+ string[] signatures
+
+When the client receives this reply (and not a failure), it should
+validate the signatures and may update its known_hosts file, adding keys
+that it has not seen before and deleting keys for the server host that
+are no longer offered.
+
+These extensions let a client learn key types that it had not previously
+encountered, thereby allowing it to potentially upgrade from weaker
+key algorithms to better ones. It also supports graceful key rotation:
+a server may offer multiple keys of the same type for a period (to
+give clients an opportunity to learn them using this extension) before
+removing the deprecated key from those offered.
+
3. SFTP protocol changes
3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
@@ -331,5 +439,19 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.20 2013/01/08 18:49:04 markus Exp $
-$NetBSD: PROTOCOL,v 1.3 2013/03/29 16:19:44 christos Exp $
+10. sftp: Extension request "fsync%openssh.com@localhost"
+
+This request asks the server to call fsync(2) on an open file handle.
+
+ uint32 id
+ string "fsync%openssh.com@localhost"
+ string handle
+
+One receiving this request, a server will call fsync(handle_fd) and will
+respond with a SSH_FXP_STATUS message.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+$OpenBSD: PROTOCOL,v 1.27 2015/02/20 22:17:21 djm Exp $
+$NetBSD: PROTOCOL,v 1.3.8.1 2015/04/30 06:07:30 riz Exp $
diff -r cdb9e997e171 -r 0769ab85259f crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 Thu Apr 30 06:07:29 2015 +0000
@@ -0,0 +1,105 @@
+This document describes the chacha20-poly1305%openssh.com@localhost authenticated
+encryption cipher supported by OpenSSH.
+
+Background
+----------
+
+ChaCha20 is a stream cipher designed by Daniel Bernstein and described
+in [1]. It operates by permuting 128 fixed bits, 128 or 256 bits of key,
+a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output
+is used as a keystream, with any unused bytes simply discarded.
+
+Poly1305[2], also by Daniel Bernstein, is a one-time Carter-Wegman MAC
+that computes a 128 bit integrity tag given a message and a single-use
+256 bit secret key.
+
+The chacha20-poly1305%openssh.com@localhost combines these two primitives into an
+authenticated encryption mode. The construction used is based on that
+proposed for TLS by Adam Langley in [3], but differs in the layout of
+data passed to the MAC and in the addition of encyption of the packet
+lengths.
+
+Negotiation
+-----------
+
+The chacha20-poly1305%openssh.com@localhost offers both encryption and
+authentication. As such, no separate MAC is required. If the
+chacha20-poly1305%openssh.com@localhost cipher is selected in key exchange,
+the offered MAC algorithms are ignored and no MAC is required to be
+negotiated.
+
+Detailed Construction
+---------------------
+
+The chacha20-poly1305%openssh.com@localhost cipher requires 512 bits of key
+material as output from the SSH key exchange. This forms two 256 bit
+keys (K_1 and K_2), used by two separate instances of chacha20.
+
+The instance keyed by K_1 is a stream cipher that is used only
+to encrypt the 4 byte packet length field. The second instance,
+keyed by K_2, is used in conjunction with poly1305 to build an AEAD
+(Authenticated Encryption with Associated Data) that is used to encrypt
+and authenticate the entire packet.
+
+Two separate cipher instances are used here so as to keep the packet
+lengths confidential but not create an oracle for the packet payload
+cipher by decrypting and using the packet length prior to checking
+the MAC. By using an independently-keyed cipher instance to encrypt the
+length, an active attacker seeking to exploit the packet input handling
+as a decryption oracle can learn nothing about the payload contents or
+its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure).
Home |
Main Index |
Thread Index |
Old Index