Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh merge conflicts
details: https://anonhg.NetBSD.org/src/rev/9e7244776502
branches: trunk
changeset: 992349:9e7244776502
user: christos <christos%NetBSD.org@localhost>
date: Sun Aug 26 07:46:36 2018 +0000
description:
merge conflicts
diffstat:
crypto/external/bsd/openssh/dist/OVERVIEW | 17 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 39 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 24 +-
crypto/external/bsd/openssh/dist/addrmatch.c | 29 +-
crypto/external/bsd/openssh/dist/auth-bsdauth.c | 10 +-
crypto/external/bsd/openssh/dist/auth-krb5.c | 12 +-
crypto/external/bsd/openssh/dist/auth-options.c | 158 +-
crypto/external/bsd/openssh/dist/auth-options.h | 8 +-
crypto/external/bsd/openssh/dist/auth-pam.c | 301 ++--
crypto/external/bsd/openssh/dist/auth-pam.h | 1 +
crypto/external/bsd/openssh/dist/auth-passwd.c | 28 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 10 +-
crypto/external/bsd/openssh/dist/auth.c | 66 +-
crypto/external/bsd/openssh/dist/auth.h | 6 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 73 +-
crypto/external/bsd/openssh/dist/auth2-gss.c | 115 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 21 +-
crypto/external/bsd/openssh/dist/auth2-kbdint.c | 19 +-
crypto/external/bsd/openssh/dist/auth2-krb5.c | 6 +-
crypto/external/bsd/openssh/dist/auth2-none.c | 8 +-
crypto/external/bsd/openssh/dist/auth2-passwd.c | 8 +-
crypto/external/bsd/openssh/dist/auth2-pubkey.c | 73 +-
crypto/external/bsd/openssh/dist/auth2.c | 80 +-
crypto/external/bsd/openssh/dist/authfd.c | 33 +-
crypto/external/bsd/openssh/dist/authfd.h | 6 +-
crypto/external/bsd/openssh/dist/authfile.c | 29 +-
crypto/external/bsd/openssh/dist/bufaux.c | 260 ----
crypto/external/bsd/openssh/dist/bufbn.c | 65 -
crypto/external/bsd/openssh/dist/bufec.c | 73 -
crypto/external/bsd/openssh/dist/buffer.c | 120 --
crypto/external/bsd/openssh/dist/buffer.h | 94 -
crypto/external/bsd/openssh/dist/channels.c | 525 +++++---
crypto/external/bsd/openssh/dist/channels.h | 28 +-
crypto/external/bsd/openssh/dist/clientloop.c | 241 ++-
crypto/external/bsd/openssh/dist/clientloop.h | 6 +-
crypto/external/bsd/openssh/dist/compat.c | 52 +-
crypto/external/bsd/openssh/dist/compat.h | 6 +-
crypto/external/bsd/openssh/dist/dh.c | 22 +-
crypto/external/bsd/openssh/dist/gss-genr.c | 63 +-
crypto/external/bsd/openssh/dist/gss-serv-krb5.c | 11 +-
crypto/external/bsd/openssh/dist/gss-serv.c | 9 +-
crypto/external/bsd/openssh/dist/hostfile.c | 20 +-
crypto/external/bsd/openssh/dist/kex.c | 117 +-
crypto/external/bsd/openssh/dist/kex.h | 11 +-
crypto/external/bsd/openssh/dist/kexdhs.c | 9 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 7 +-
crypto/external/bsd/openssh/dist/key.c | 238 ----
crypto/external/bsd/openssh/dist/key.h | 70 -
crypto/external/bsd/openssh/dist/log.c | 13 +-
crypto/external/bsd/openssh/dist/log.h | 7 +-
crypto/external/bsd/openssh/dist/match.c | 41 +-
crypto/external/bsd/openssh/dist/match.h | 7 +-
crypto/external/bsd/openssh/dist/misc.c | 72 +-
crypto/external/bsd/openssh/dist/misc.h | 7 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 | 157 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 | 132 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 | 137 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 | 146 +-
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 | 141 +-
crypto/external/bsd/openssh/dist/monitor.c | 617 +++++----
crypto/external/bsd/openssh/dist/monitor.h | 10 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 668 ++++++----
crypto/external/bsd/openssh/dist/monitor_wrap.h | 8 +-
crypto/external/bsd/openssh/dist/msg.c | 9 +-
crypto/external/bsd/openssh/dist/mux.c | 931 ++++++++-------
crypto/external/bsd/openssh/dist/myproposal.h | 6 +-
crypto/external/bsd/openssh/dist/opacket.h | 7 +-
crypto/external/bsd/openssh/dist/packet.c | 49 +-
crypto/external/bsd/openssh/dist/packet.h | 9 +-
crypto/external/bsd/openssh/dist/readconf.c | 193 ++-
crypto/external/bsd/openssh/dist/readconf.h | 10 +-
crypto/external/bsd/openssh/dist/readpass.c | 7 +-
crypto/external/bsd/openssh/dist/scp.1 | 8 +-
crypto/external/bsd/openssh/dist/scp.c | 11 +-
crypto/external/bsd/openssh/dist/servconf.c | 320 +++-
crypto/external/bsd/openssh/dist/servconf.h | 26 +-
crypto/external/bsd/openssh/dist/serverloop.c | 38 +-
crypto/external/bsd/openssh/dist/session.c | 181 ++-
crypto/external/bsd/openssh/dist/sftp-client.c | 31 +-
crypto/external/bsd/openssh/dist/sftp-server.c | 13 +-
crypto/external/bsd/openssh/dist/sftp.1 | 24 +-
crypto/external/bsd/openssh/dist/sftp.c | 34 +-
crypto/external/bsd/openssh/dist/ssh-agent.c | 68 +-
crypto/external/bsd/openssh/dist/ssh-gss.h | 11 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 26 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 44 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 17 +-
crypto/external/bsd/openssh/dist/ssh-keysign.c | 13 +-
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c | 141 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 65 +-
crypto/external/bsd/openssh/dist/ssh.1 | 16 +-
crypto/external/bsd/openssh/dist/ssh.c | 314 ++--
crypto/external/bsd/openssh/dist/ssh.h | 11 +-
crypto/external/bsd/openssh/dist/ssh_api.h | 7 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 74 +-
crypto/external/bsd/openssh/dist/sshbuf.c | 24 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 17 +-
crypto/external/bsd/openssh/dist/sshconnect.c | 73 +-
crypto/external/bsd/openssh/dist/sshconnect.h | 26 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 853 ++++++++------
crypto/external/bsd/openssh/dist/sshd.8 | 42 +-
crypto/external/bsd/openssh/dist/sshd.c | 230 ++-
crypto/external/bsd/openssh/dist/sshd_config | 4 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 110 +-
crypto/external/bsd/openssh/dist/ssherr.c | 9 +-
crypto/external/bsd/openssh/dist/ssherr.h | 6 +-
crypto/external/bsd/openssh/dist/sshkey-xmss.c | 13 +-
crypto/external/bsd/openssh/dist/sshkey.c | 101 +-
crypto/external/bsd/openssh/dist/sshkey.h | 7 +-
crypto/external/bsd/openssh/dist/sshlogin.c | 21 +-
crypto/external/bsd/openssh/dist/ttymodes.c | 131 +-
crypto/external/bsd/openssh/dist/uidswap.c | 28 +-
crypto/external/bsd/openssh/dist/uidswap.h | 5 +-
crypto/external/bsd/openssh/dist/umac.c | 19 +-
crypto/external/bsd/openssh/dist/umac128.c | 1 +
crypto/external/bsd/openssh/dist/utf8.c | 18 +-
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/dist/xmss_wots.c | 9 +-
crypto/external/bsd/openssh/lib/Makefile | 7 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
crypto/external/bsd/openssh/openssh2netbsd | 4 +-
121 files changed, 5235 insertions(+), 4639 deletions(-)
diffs (truncated from 18859 to 300 lines):
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/OVERVIEW
--- a/crypto/external/bsd/openssh/dist/OVERVIEW Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/OVERVIEW Sun Aug 26 07:46:36 2018 +0000
@@ -23,9 +23,8 @@
- These provide an arbitrary size buffer, where data can be appended.
Data can be consumed from either end. The code is used heavily
- throughout ssh. The basic buffer manipulation functions are in
- buffer.c (header buffer.h), and additional code to manipulate specific
- data types is in bufaux.c.
+ throughout ssh. The buffer manipulation functions are in
+ sshbuf*.c (header sshbuf.h).
Compression Library
@@ -62,7 +61,7 @@
code in packet.c does not concern itself with packet types or their
execution; it contains code to build packets, to receive them and
extract data from them, and the code to compress and/or encrypt
- packets. CRC code comes from crc32.c.
+ packets.
- The code in packet.c calls the buffer manipulation routines
(buffer.c, bufaux.c), compression routines (zlib), and the
@@ -106,12 +105,6 @@
calls client_loop in clientloop.c. This does the real work for
the session.
- - The client is suid root. It tries to temporarily give up this
- rights while reading the configuration data. The root
- privileges are only used to make the connection (from a
- privileged socket). Any extra privileges are dropped before
- calling ssh_login.
-
Pseudo-tty manipulation and tty modes
- Code to allocate and use a pseudo tty is in pty.c. Code to
@@ -165,5 +158,5 @@
uidswap.c uid-swapping
xmalloc.c "safe" malloc routines
-$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $
-$NetBSD: OVERVIEW,v 1.6 2016/12/25 00:07:46 christos Exp $
+$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
+$NetBSD: OVERVIEW,v 1.7 2018/08/26 07:46:36 christos Exp $
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Sun Aug 26 07:46:36 2018 +0000
@@ -428,7 +428,7 @@
Both the "statvfs%openssh.com@localhost" and "fstatvfs%openssh.com@localhost" extensions are
advertised in the SSH_FXP_VERSION hello with version "2".
-10. sftp: Extension request "hardlink%openssh.com@localhost"
+3.5. sftp: Extension request "hardlink%openssh.com@localhost"
This request is for creating a hard link to a regular file. This
request is implemented as a SSH_FXP_EXTENDED request with the
@@ -444,7 +444,7 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-10. sftp: Extension request "fsync%openssh.com@localhost"
+3.6. sftp: Extension request "fsync%openssh.com@localhost"
This request asks the server to call fsync(2) on an open file handle.
@@ -458,5 +458,36 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $
-$NetBSD: PROTOCOL,v 1.11 2018/04/06 18:58:59 christos Exp $
+4. Miscellaneous changes
+
+4.1 Public key format
+
+OpenSSH public keys, as generated by ssh-keygen(1) and appearing in
+authorized_keys files, are formatted as a single line of text consisting
+of the public key algorithm name followed by a base64-encoded key blob.
+The public key blob (before base64 encoding) is the same format used for
+the encoding of public keys sent on the wire: as described in RFC4253
+section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA keys
+and the "New public key formats" section of PROTOCOL.certkeys for the
+OpenSSH certificate formats.
+
+4.2 Private key format
+
+OpenSSH private keys, as generated by ssh-keygen(1) use the format
+described in PROTOCOL.key by default. As a legacy option, PEM format
+(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys
+and were the default format before OpenSSH 7.8.
+
+4.3 KRL format
+
+OpenSSH supports a compact format for Key Revocation Lists (KRLs). This
+format is described in the PROTOCOL.krl file.
+
+4.4 Connection multiplexing
+
+OpenSSH's connection multiplexing uses messages as described in
+PROTOCOL.mux over a Unix domain socket for communications between a
+master instance and later clients.
+
+$OpenBSD: PROTOCOL,v 1.35 2018/08/10 00:44:01 djm Exp $
+$NetBSD: PROTOCOL,v 1.12 2018/08/26 07:46:36 christos Exp $
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Sun Aug 26 07:46:36 2018 +0000
@@ -25,6 +25,10 @@
acceptance of certified host keys, by adding a similar ability to
specify CA keys in ~/.ssh/known_hosts.
+All certificate types include certification information along with the
+public key that is used to sign challenges. In OpenSSH, ssh-keygen
+performs the CA signing operation.
+
Certified keys are represented using new key types:
ssh-rsa-cert-v01%openssh.com@localhost
@@ -33,9 +37,17 @@
ecdsa-sha2-nistp384-cert-v01%openssh.com@localhost
ecdsa-sha2-nistp521-cert-v01%openssh.com@localhost
-These include certification information along with the public key
-that is used to sign challenges. ssh-keygen performs the CA signing
-operation.
+Two additional types exist for RSA certificates to force use of
+SHA-2 signatures (SHA-256 and SHA-512 respectively):
+
+ rsa-sha2-256-cert-v01%openssh.com@localhost
+ rsa-sha2-512-cert-v01%openssh.com@localhost
+
+These RSA/SHA-2 types should not appear in keys at rest or transmitted
+on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
+field or in the "public key algorithm name" field of a "publickey"
+SSH_USERAUTH_REQUEST to indicate that the signature will use the
+specified algorithm.
Protocol extensions
-------------------
@@ -174,7 +186,7 @@
valid after <= current time < valid before
-criticial options is a set of zero or more key options encoded as
+critical options is a set of zero or more key options encoded as
below. All such options are "critical" in the sense that an implementation
must refuse to authorise a key that has an unrecognised option.
@@ -291,5 +303,5 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.9 2018/04/06 18:58:59 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.10 2018/08/26 07:46:36 christos Exp $
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/addrmatch.c
--- a/crypto/external/bsd/openssh/dist/addrmatch.c Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/addrmatch.c Sun Aug 26 07:46:36 2018 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: addrmatch.c,v 1.11 2017/04/18 18:41:46 christos Exp $ */
-/* $OpenBSD: addrmatch.c,v 1.13 2016/09/21 16:55:42 djm Exp $ */
+/* $NetBSD: addrmatch.c,v 1.12 2018/08/26 07:46:36 christos Exp $ */
+/* $OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
/*
* Copyright (c) 2004-2008 Damien Miller <djm%mindrot.org@localhost>
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: addrmatch.c,v 1.11 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: addrmatch.c,v 1.12 2018/08/26 07:46:36 christos Exp $");
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
@@ -204,25 +204,24 @@
static int
addr_pton(const char *p, struct xaddr *n)
{
- struct addrinfo hints, *ai;
+ struct addrinfo hints, *ai = NULL;
+ int ret = -1;
memset(&hints, '\0', sizeof(hints));
hints.ai_flags = AI_NUMERICHOST;
if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
- return -1;
-
+ goto out;
if (ai == NULL || ai->ai_addr == NULL)
- return -1;
-
- if (n != NULL &&
- addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1) {
+ goto out;
+ if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
+ goto out;
+ /* success */
+ ret = 0;
+ out:
+ if (ai != NULL)
freeaddrinfo(ai);
- return -1;
- }
-
- freeaddrinfo(ai);
- return 0;
+ return ret;
}
/*
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/auth-bsdauth.c
--- a/crypto/external/bsd/openssh/dist/auth-bsdauth.c Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-bsdauth.c Sun Aug 26 07:46:36 2018 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-bsdauth.c,v 1.7 2017/04/18 18:41:46 christos Exp $ */
-/* $OpenBSD: auth-bsdauth.c,v 1.14 2015/10/20 23:24:25 mmcc Exp $ */
+/* $NetBSD: auth-bsdauth.c,v 1.8 2018/08/26 07:46:36 christos Exp $ */
+/* $OpenBSD: auth-bsdauth.c,v 1.15 2018/07/09 21:35:50 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -26,18 +26,18 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-bsdauth.c,v 1.7 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: auth-bsdauth.c,v 1.8 2018/08/26 07:46:36 christos Exp $");
#include <sys/types.h>
#include <stdarg.h>
#include <stdio.h>
#ifdef BSD_AUTH
#include "xmalloc.h"
-#include "key.h"
+#include "sshkey.h"
+#include "sshbuf.h"
#include "hostfile.h"
#include "auth.h"
#include "log.h"
-#include "buffer.h"
#ifdef GSSAPI
#include "ssh-gss.h"
#endif
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/auth-krb5.c
--- a/crypto/external/bsd/openssh/dist/auth-krb5.c Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-krb5.c Sun Aug 26 07:46:36 2018 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-krb5.c,v 1.11 2017/04/18 18:41:46 christos Exp $ */
-/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
+/* $NetBSD: auth-krb5.c,v 1.12 2018/08/26 07:46:36 christos Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
@@ -31,7 +31,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-krb5.c,v 1.11 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: auth-krb5.c,v 1.12 2018/08/26 07:46:36 christos Exp $");
#include <sys/types.h>
#include <pwd.h>
#include <stdarg.h>
@@ -39,13 +39,13 @@
#include "xmalloc.h"
#include "ssh.h"
+#include "misc.h"
#include "packet.h"
#include "log.h"
-#include "buffer.h"
-#include "misc.h"
+#include "sshbuf.h"
+#include "sshkey.h"
#include "servconf.h"
#include "uidswap.h"
-#include "key.h"
#include "hostfile.h"
#include "auth.h"
diff -r 66f68934afe3 -r 9e7244776502 crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Sun Aug 26 07:39:56 2018 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Sun Aug 26 07:46:36 2018 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-options.c,v 1.17 2018/04/06 18:58:59 christos Exp $ */
-/* $OpenBSD: auth-options.c,v 1.78 2018/03/14 05:35:40 djm Exp $ */
+/* $NetBSD: auth-options.c,v 1.18 2018/08/26 07:46:36 christos Exp $ */
+/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */
/*
* Copyright (c) 2018 Damien Miller <djm%mindrot.org@localhost>
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.17 2018/04/06 18:58:59 christos Exp $");
Home |
Main Index |
Thread Index |
Old Index