Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssh/lib merge local changes between ...



details:   https://anonhg.NetBSD.org/src/rev/c1d61dcf0277
branches:  trunk
changeset: 981247:c1d61dcf0277
user:      christos <christos%NetBSD.org@localhost>
date:      Fri Mar 05 17:47:15 2021 +0000

description:
merge local changes between openssh 8.4 and 8.5

diffstat:

 crypto/external/bsd/openssh/bin/sshd/Makefile             |     4 +-
 crypto/external/bsd/openssh/dist/PROTOCOL                 |    64 +-
 crypto/external/bsd/openssh/dist/PROTOCOL.agent           |     6 +-
 crypto/external/bsd/openssh/dist/addr.c                   |     4 +
 crypto/external/bsd/openssh/dist/addrmatch.c              |   351 +----
 crypto/external/bsd/openssh/dist/auth-krb5.c              |     5 +-
 crypto/external/bsd/openssh/dist/auth-options.c           |    20 +-
 crypto/external/bsd/openssh/dist/auth-passwd.c            |    10 +-
 crypto/external/bsd/openssh/dist/auth-rhosts.c            |    11 +-
 crypto/external/bsd/openssh/dist/auth.c                   |   199 +--
 crypto/external/bsd/openssh/dist/auth.h                   |    16 +-
 crypto/external/bsd/openssh/dist/auth2-chall.c            |    42 +-
 crypto/external/bsd/openssh/dist/auth2-gss.c              |    33 +-
 crypto/external/bsd/openssh/dist/auth2-hostbased.c        |    65 +-
 crypto/external/bsd/openssh/dist/auth2-kbdint.c           |     9 +-
 crypto/external/bsd/openssh/dist/auth2-none.c             |     8 +-
 crypto/external/bsd/openssh/dist/auth2-passwd.c           |     9 +-
 crypto/external/bsd/openssh/dist/auth2-pubkey.c           |   136 +-
 crypto/external/bsd/openssh/dist/auth2.c                  |    68 +-
 crypto/external/bsd/openssh/dist/authfd.c                 |    72 +-
 crypto/external/bsd/openssh/dist/canohost.c               |    13 +-
 crypto/external/bsd/openssh/dist/channels.c               |   496 ++---
 crypto/external/bsd/openssh/dist/cipher.c                 |     9 +-
 crypto/external/bsd/openssh/dist/clientloop.c             |   568 ++++--
 crypto/external/bsd/openssh/dist/compat.c                 |    61 +-
 crypto/external/bsd/openssh/dist/compat.h                 |    14 +-
 crypto/external/bsd/openssh/dist/crypto_api.h             |    20 +-
 crypto/external/bsd/openssh/dist/dh.c                     |    11 +-
 crypto/external/bsd/openssh/dist/digest-openssl.c         |    15 +-
 crypto/external/bsd/openssh/dist/digest.h                 |     2 +-
 crypto/external/bsd/openssh/dist/dns.c                    |    11 +-
 crypto/external/bsd/openssh/dist/fatal.c                  |    12 +-
 crypto/external/bsd/openssh/dist/gss-genr.c               |    21 +-
 crypto/external/bsd/openssh/dist/hostfile.c               |   207 +-
 crypto/external/bsd/openssh/dist/hostfile.h               |    26 +-
 crypto/external/bsd/openssh/dist/kex.c                    |   138 +-
 crypto/external/bsd/openssh/dist/kex.h                    |    20 +-
 crypto/external/bsd/openssh/dist/kexdh.c                  |     7 +-
 crypto/external/bsd/openssh/dist/kexgen.c                 |    27 +-
 crypto/external/bsd/openssh/dist/kexgexc.c                |    19 +-
 crypto/external/bsd/openssh/dist/kexgexs.c                |    12 +-
 crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c |   220 --
 crypto/external/bsd/openssh/dist/krl.c                    |   103 +-
 crypto/external/bsd/openssh/dist/log.c                    |   194 +-
 crypto/external/bsd/openssh/dist/log.h                    |    89 +-
 crypto/external/bsd/openssh/dist/match.c                  |    12 +-
 crypto/external/bsd/openssh/dist/misc.c                   |   375 +++-
 crypto/external/bsd/openssh/dist/misc.h                   |    34 +-
 crypto/external/bsd/openssh/dist/moduli-gen/Makefile      |     3 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048   |   147 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072   |   146 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096   |   163 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144   |   145 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680   |   131 +-
 crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192   |   125 +-
 crypto/external/bsd/openssh/dist/monitor.c                |   387 ++--
 crypto/external/bsd/openssh/dist/monitor_fdpass.c         |    25 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.c           |   252 +-
 crypto/external/bsd/openssh/dist/monitor_wrap.h           |     7 +-
 crypto/external/bsd/openssh/dist/msg.c                    |    20 +-
 crypto/external/bsd/openssh/dist/mux.c                    |   566 +++---
 crypto/external/bsd/openssh/dist/myproposal.h             |    16 +-
 crypto/external/bsd/openssh/dist/namespace.h              |     9 +-
 crypto/external/bsd/openssh/dist/nchan.c                  |    72 +-
 crypto/external/bsd/openssh/dist/packet.c                 |    94 +-
 crypto/external/bsd/openssh/dist/readconf.c               |   755 ++++++--
 crypto/external/bsd/openssh/dist/readconf.h               |    20 +-
 crypto/external/bsd/openssh/dist/readpass.c               |    75 +-
 crypto/external/bsd/openssh/dist/sandbox-pledge.c         |    13 +-
 crypto/external/bsd/openssh/dist/sandbox-rlimit.c         |    20 +-
 crypto/external/bsd/openssh/dist/scp.1                    |    19 +-
 crypto/external/bsd/openssh/dist/scp.c                    |    21 +-
 crypto/external/bsd/openssh/dist/servconf.c               |   204 +-
 crypto/external/bsd/openssh/dist/servconf.h               |    19 +-
 crypto/external/bsd/openssh/dist/serverloop.c             |    90 +-
 crypto/external/bsd/openssh/dist/session.c                |   141 +-
 crypto/external/bsd/openssh/dist/sftp-client.c            |   238 +-
 crypto/external/bsd/openssh/dist/sftp-client.h            |    17 +-
 crypto/external/bsd/openssh/dist/sftp-common.c            |     9 +-
 crypto/external/bsd/openssh/dist/sftp-server.c            |   167 +-
 crypto/external/bsd/openssh/dist/sftp.1                   |    43 +-
 crypto/external/bsd/openssh/dist/sftp.c                   |    93 +-
 crypto/external/bsd/openssh/dist/sk-usbhid.c              |    13 +-
 crypto/external/bsd/openssh/dist/sntrup4591761.c          |  1084 -------------
 crypto/external/bsd/openssh/dist/sntrup4591761.sh         |    57 -
 crypto/external/bsd/openssh/dist/srclimit.c               |     4 +
 crypto/external/bsd/openssh/dist/ssh-add.c                |    44 +-
 crypto/external/bsd/openssh/dist/ssh-agent.c              |   659 ++++---
 crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c         |    10 +-
 crypto/external/bsd/openssh/dist/ssh-ed25519.c            |     7 +-
 crypto/external/bsd/openssh/dist/ssh-gss.h                |     6 +-
 crypto/external/bsd/openssh/dist/ssh-keygen.1             |    25 +-
 crypto/external/bsd/openssh/dist/ssh-keygen.c             |   324 +--
 crypto/external/bsd/openssh/dist/ssh-keyscan.c            |    32 +-
 crypto/external/bsd/openssh/dist/ssh-keysign.c            |    59 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c      |    58 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c      |    77 +-
 crypto/external/bsd/openssh/dist/ssh-pkcs11.c             |   104 +-
 crypto/external/bsd/openssh/dist/ssh-sk-client.c          |    82 +-
 crypto/external/bsd/openssh/dist/ssh-sk-helper.c          |    51 +-
 crypto/external/bsd/openssh/dist/ssh-sk.c                 |   102 +-
 crypto/external/bsd/openssh/dist/ssh-xmss.c               |    14 +-
 crypto/external/bsd/openssh/dist/ssh.1                    |    12 +-
 crypto/external/bsd/openssh/dist/ssh.c                    |   460 ++--
 crypto/external/bsd/openssh/dist/ssh2.h                   |     6 +-
 crypto/external/bsd/openssh/dist/ssh_api.c                |    37 +-
 crypto/external/bsd/openssh/dist/ssh_config.5             |   271 ++-
 crypto/external/bsd/openssh/dist/sshconnect.c             |   548 ++++-
 crypto/external/bsd/openssh/dist/sshconnect.h             |    49 +-
 crypto/external/bsd/openssh/dist/sshconnect2.c            |   376 ++--
 crypto/external/bsd/openssh/dist/sshd.c                   |   243 +-
 crypto/external/bsd/openssh/dist/sshd_config.5            |   117 +-
 crypto/external/bsd/openssh/dist/sshkey-xmss.c            |    60 +-
 crypto/external/bsd/openssh/dist/sshkey-xmss.h            |     9 +-
 crypto/external/bsd/openssh/dist/sshkey.c                 |    70 +-
 crypto/external/bsd/openssh/dist/sshkey.h                 |    17 +-
 crypto/external/bsd/openssh/dist/sshlogin.c               |    13 +-
 crypto/external/bsd/openssh/dist/sshsig.c                 |   124 +-
 crypto/external/bsd/openssh/dist/ttymodes.c               |    48 +-
 crypto/external/bsd/openssh/dist/version.h                |     8 +-
 crypto/external/bsd/openssh/lib/Makefile                  |     9 +-
 crypto/external/bsd/openssh/lib/shlib_version             |     4 +-
 122 files changed, 6489 insertions(+), 6924 deletions(-)

diffs (truncated from 29578 to 300 lines):

diff -r 41037bcef289 -r c1d61dcf0277 crypto/external/bsd/openssh/bin/sshd/Makefile
--- a/crypto/external/bsd/openssh/bin/sshd/Makefile     Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/bin/sshd/Makefile     Fri Mar 05 17:47:15 2021 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.22 2020/06/15 01:57:29 christos Exp $
+#      $NetBSD: Makefile,v 1.23 2021/03/05 17:47:15 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -13,7 +13,7 @@
        auth-krb5.c auth2-chall.c groupaccess.c \
        auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
        auth2-none.c auth2-passwd.c auth2-pubkey.c \
-       monitor.c monitor_wrap.c \
+       monitor.c monitor_wrap.c srclimit.c \
        kexgexs.c sftp-server.c sftp-common.c \
        sftp-realpath.c sandbox-rlimit.c pfilter.c
 
diff -r 41037bcef289 -r c1d61dcf0277 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Fri Mar 05 17:47:15 2021 +0000
@@ -292,6 +292,7 @@
 
        byte            SSH_MSG_GLOBAL_REQUEST
        string          "hostkeys-00%openssh.com@localhost"
+       char            0 /* want-reply */
        string[]        hostkeys
 
 Upon receiving this message, a client should check which of the
@@ -465,6 +466,65 @@
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
+3.7. sftp: Extension request "lsetstat%openssh.com@localhost"
+
+This request is like the "setstat" command, but sets file attributes on
+symlinks.  It is implemented as a SSH_FXP_EXTENDED request with the
+following format:
+
+       uint32          id
+       string          "lsetstat%openssh.com@localhost"
+       string          path
+       ATTRS           attrs
+
+See the "setstat" command for more details.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+3.8. sftp: Extension request "limits%openssh.com@localhost"
+
+This request is used to determine various limits the server might impose.
+Clients should not attempt to exceed these limits as the server might sever
+the connection immediately.
+
+       uint32          id
+       string          "limits%openssh.com@localhost"
+
+The server will respond with a SSH_FXP_EXTENDED_REPLY reply:
+
+       uint32          id
+       uint64          max-packet-length
+       uint64          max-read-length
+       uint64          max-write-length
+       uint64          max-open-handles
+
+The 'max-packet-length' applies to the total number of bytes in a
+single SFTP packet.  Servers SHOULD set this at least to 34000.
+
+The 'max-read-length' is the largest length in a SSH_FXP_READ packet.
+Even if the client requests a larger size, servers will usually respond
+with a shorter SSH_FXP_DATA packet.  Servers SHOULD set this at least to
+32768.
+
+The 'max-write-length' is the largest length in a SSH_FXP_WRITE packet
+the server will accept.  Servers SHOULD set this at least to 32768.
+
+The 'max-open-handles' is the maximum number of active handles that the
+server allows (e.g. handles created by SSH_FXP_OPEN and SSH_FXP_OPENDIR
+packets).  Servers MAY count internal file handles against this limit
+(e.g. system logging or stdout/stderr), so clients SHOULD NOT expect to
+open this many handles in practice.
+
+If the server doesn't enforce a specific limit, then the field may be
+set to 0.  This implies the server relies on the OS to enforce limits
+(e.g. available memory or file handles), and such limits might be
+dynamic.  The client SHOULD take care to not try to exceed reasonable
+limits.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
 4. Miscellaneous changes
 
 4.1 Public key format
@@ -496,5 +556,5 @@
 PROTOCOL.mux over a Unix domain socket for communications between a
 master instance and later clients.
 
-$OpenBSD: PROTOCOL,v 1.38 2020/07/05 23:59:45 djm Exp $
-$NetBSD: PROTOCOL,v 1.15 2020/12/04 18:42:49 christos Exp $
+$OpenBSD: PROTOCOL,v 1.41 2021/02/18 02:49:35 djm Exp $
+$NetBSD: PROTOCOL,v 1.16 2021/03/05 17:47:15 christos Exp $
diff -r 41037bcef289 -r c1d61dcf0277 crypto/external/bsd/openssh/dist/PROTOCOL.agent
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent   Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent   Fri Mar 05 17:47:15 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: PROTOCOL.agent,v 1.10 2020/12/04 18:42:49 christos Exp $
+$NetBSD: PROTOCOL.agent,v 1.11 2021/03/05 17:47:15 christos Exp $
 This file used to contain a description of the SSH agent protocol
 implemented by OpenSSH. It has since been superseded by
-https://tools.ietf.org/html/draft-miller-ssh-agent-00
+https://tools.ietf.org/html/draft-miller-ssh-agent-04
 
-$OpenBSD: PROTOCOL.agent,v 1.13 2020/08/31 00:17:41 djm Exp $
+$OpenBSD: PROTOCOL.agent,v 1.14 2020/10/06 07:12:04 dtucker Exp $
diff -r 41037bcef289 -r c1d61dcf0277 crypto/external/bsd/openssh/dist/addr.c
--- a/crypto/external/bsd/openssh/dist/addr.c   Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/addr.c   Fri Mar 05 17:47:15 2021 +0000
@@ -1,3 +1,4 @@
+/*     $NetBSD: addr.c,v 1.2 2021/03/05 17:47:15 christos Exp $        */
 /* $OpenBSD: addr.c,v 1.1 2021/01/09 11:58:50 dtucker Exp $ */
 
 /*
@@ -16,6 +17,9 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include "includes.h"
+__RCSID("$NetBSD: addr.c,v 1.2 2021/03/05 17:47:15 christos Exp $");
+
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
diff -r 41037bcef289 -r c1d61dcf0277 crypto/external/bsd/openssh/dist/addrmatch.c
--- a/crypto/external/bsd/openssh/dist/addrmatch.c      Fri Mar 05 17:45:25 2021 +0000
+++ b/crypto/external/bsd/openssh/dist/addrmatch.c      Fri Mar 05 17:47:15 2021 +0000
@@ -1,5 +1,5 @@
-/*     $NetBSD: addrmatch.c,v 1.13 2019/01/27 02:08:33 pgoyette Exp $  */
-/*     $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
+/*     $NetBSD: addrmatch.c,v 1.14 2021/03/05 17:47:15 christos Exp $  */
+/*     $OpenBSD: addrmatch.c,v 1.16 2021/01/09 11:58:50 dtucker Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm%mindrot.org@localhost>
@@ -18,7 +18,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: addrmatch.c,v 1.13 2019/01/27 02:08:33 pgoyette Exp $");
+__RCSID("$NetBSD: addrmatch.c,v 1.14 2021/03/05 17:47:15 christos Exp $");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -30,335 +30,10 @@
 #include <stdio.h>
 #include <stdarg.h>
 
+#include "addr.h"
 #include "match.h"
 #include "log.h"
 
-struct xaddr {
-       sa_family_t     af;
-       union {
-               struct in_addr          v4;
-               struct in6_addr         v6;
-               u_int8_t                addr8[16];
-               u_int32_t               addr32[4];
-       } xa;               /* 128-bit address */
-       u_int32_t       scope_id;       /* iface scope id for v6 */
-#define v4     xa.v4
-#define v6     xa.v6
-#define addr8  xa.addr8
-#define addr32 xa.addr32
-};
-
-static int
-addr_unicast_masklen(int af)
-{
-       switch (af) {
-       case AF_INET:
-               return 32;
-       case AF_INET6:
-               return 128;
-       default:
-               return -1;
-       }
-}
-
-static inline int
-masklen_valid(int af, u_int masklen)
-{
-       switch (af) {
-       case AF_INET:
-               return masklen <= 32 ? 0 : -1;
-       case AF_INET6:
-               return masklen <= 128 ? 0 : -1;
-       default:
-               return -1;
-       }
-}
-
-/*
- * Convert struct sockaddr to struct xaddr
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
-{
-       struct sockaddr_in *in4 = (struct sockaddr_in *)(void *)sa;
-       struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)(void *)sa;
-
-       memset(xa, '\0', sizeof(*xa));
-
-       switch (sa->sa_family) {
-       case AF_INET:
-               if (slen < (socklen_t)sizeof(*in4))
-                       return -1;
-               xa->af = AF_INET;
-               memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
-               break;
-       case AF_INET6:
-               if (slen < (socklen_t)sizeof(*in6))
-                       return -1;
-               xa->af = AF_INET6;
-               memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
-               xa->scope_id = in6->sin6_scope_id;
-               break;
-       default:
-               return -1;
-       }
-
-       return 0;
-}
-
-/*
- * Calculate a netmask of length 'l' for address family 'af' and
- * store it in 'n'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_netmask(int af, u_int l, struct xaddr *n)
-{
-       int i;
-
-       if (masklen_valid(af, l) != 0 || n == NULL)
-               return -1;
-
-       memset(n, '\0', sizeof(*n));
-       switch (af) {
-       case AF_INET:
-               n->af = AF_INET;
-               if (l == 0)
-                       return 0;
-               n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
-               return 0;
-       case AF_INET6:
-               n->af = AF_INET6;
-               for (i = 0; i < 4 && l >= 32; i++, l -= 32)
-                       n->addr32[i] = 0xffffffffU;
-               if (i < 4 && l != 0)
-                       n->addr32[i] = htonl((0xffffffff << (32 - l)) &
-                           0xffffffff);
-               return 0;
-       default:
-               return -1;
-       }
-}
-
-/*
- * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
-{
-       int i;
-
-       if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
-               return -1;
-
-       memcpy(dst, a, sizeof(*dst));
-       switch (a->af) {
-       case AF_INET:
-               dst->v4.s_addr &= b->v4.s_addr;
-               return 0;
-       case AF_INET6:
-               dst->scope_id = a->scope_id;
-               for (i = 0; i < 4; i++)
-                       dst->addr32[i] &= b->addr32[i];
-               return 0;
-       default:
-               return -1;
-       }
-}
-
-/*
- * Compare addresses 'a' and 'b'
- * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)



Home | Main Index | Thread Index | Old Index