CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: snj Date: Tue May 17 18:50:35 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: session.c Log Message: Pull up following revision(s) (requested by christos in ticket #1168): crypto/external/bsd/openssh/dist/session.c: revision 1.19 If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755 XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.2 \ src/crypto/external/bsd/openssh/dist/session.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/session.c diff -u src/crypto/external/bsd/openssh/dist/session.c:1.12.4.1 src/crypto/external/bsd/openssh/dist/session.c:1.12.4.2 --- src/crypto/external/bsd/openssh/dist/session.c:1.12.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/session.c Tue May 17 18:50:34 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: session.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: session.c,v 1.12.4.2 2016/05/17 18:50:34 snj Exp $ */ /* $OpenBSD: session.c,v 1.277 2015/01/16 06:40:12 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen, Espoo, Finland @@ -35,7 +35,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: session.c,v 1.12.4.2 2016/05/17 18:50:34 snj Exp $"); #include #include #include @@ -1223,7 +1223,7 @@ do_setup_env(Session *s, const char *she * Pull in any environment variables that may have * been set by PAM. */ - if (options.use_pam) { + if (options.use_pam && !options.use_login) { char **p; p = fetch_pam_child_environment();
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: martin Date: Fri Mar 11 12:22:42 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: channels.c channels.h clientloop.c sshpty.c Log Message: Apply the following changes, requested by snj in #1138: - Refuse ForwardX11Trusted=no connections attempted after ForwardX11Timeout expires. (CVE-2015-5352) - Fix TTY permissions to not be world-writable. (CVE-2015-6565) To generate a diff of this commit: cvs rdiff -u -r1.11.4.1 -r1.11.4.2 \ src/crypto/external/bsd/openssh/dist/channels.c cvs rdiff -u -r1.8.4.1 -r1.8.4.2 \ src/crypto/external/bsd/openssh/dist/channels.h cvs rdiff -u -r1.10.4.1 -r1.10.4.2 \ src/crypto/external/bsd/openssh/dist/clientloop.c cvs rdiff -u -r1.2.26.1 -r1.2.26.2 \ src/crypto/external/bsd/openssh/dist/sshpty.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/channels.c diff -u src/crypto/external/bsd/openssh/dist/channels.c:1.11.4.1 src/crypto/external/bsd/openssh/dist/channels.c:1.11.4.2 --- src/crypto/external/bsd/openssh/dist/channels.c:1.11.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/channels.c Fri Mar 11 12:22:42 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: channels.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: channels.c,v 1.11.4.2 2016/03/11 12:22:42 martin Exp $ */ /* $OpenBSD: channels.c,v 1.341 2015/02/06 23:21:59 millert Exp $ */ /* * Author: Tatu Ylonen@@ -41,7 +41,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: channels.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: channels.c,v 1.11.4.2 2016/03/11 12:22:42 martin Exp $"); #include #include #include /* MIN MAX */ @@ -163,6 +163,9 @@ static char *x11_saved_proto = NULL; static char *x11_saved_data = NULL; static u_int x11_saved_data_len = 0; +/* Deadline after which all X11 connections are refused */ +static u_int x11_refuse_time; + /* * Fake X11 authentication data. This is what the server will be sending us; * we should replace any occurrences of this by the real data. @@ -938,6 +941,13 @@ x11_open_helper(Buffer *b) u_char *ucp; u_int proto_len, data_len; + /* Is this being called after the refusal deadline? */ + if (x11_refuse_time != 0 && (u_int)monotime() >= x11_refuse_time) { + verbose("Rejected X11 connection after ForwardX11Timeout " + "expired"); + return -1; + } + /* Check if the fixed size part of the packet is in buffer. */ if (buffer_len(b) < 12) return 0; @@ -1509,6 +1519,12 @@ channel_set_reuseaddr(int fd) error("setsockopt SO_REUSEADDR fd %d: %s", fd, strerror(errno)); } +void +channel_set_x11_refuse_time(u_int refuse_time) +{ + x11_refuse_time = refuse_time; +} + /* * This socket is listening for connections to a forwarded TCP/IP port. */ Index: src/crypto/external/bsd/openssh/dist/channels.h diff -u src/crypto/external/bsd/openssh/dist/channels.h:1.8.4.1 src/crypto/external/bsd/openssh/dist/channels.h:1.8.4.2 --- src/crypto/external/bsd/openssh/dist/channels.h:1.8.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/channels.h Fri Mar 11 12:22:42 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: channels.h,v 1.8.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: channels.h,v 1.8.4.2 2016/03/11 12:22:42 martin Exp $ */ /* $OpenBSD: channels.h,v 1.116 2015/01/19 20:07:45 markus Exp $ */ /* @@ -287,6 +287,7 @@ int permitopen_port(const char *); /* x11 forwarding */ +void channel_set_x11_refuse_time(u_int); int x11_connect_display(void); int x11_create_display_inet(int, int, int, u_int *, int **); int x11_input_open(int, u_int32_t, void *); Index: src/crypto/external/bsd/openssh/dist/clientloop.c diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.10.4.1 src/crypto/external/bsd/openssh/dist/clientloop.c:1.10.4.2 --- src/crypto/external/bsd/openssh/dist/clientloop.c:1.10.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/clientloop.c Fri Mar 11 12:22:42 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: clientloop.c,v 1.10.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: clientloop.c,v 1.10.4.2 2016/03/11 12:22:42 martin Exp $ */ /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ /* * Author: Tatu Ylonen @@ -61,7 +61,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: clientloop.c,v 1.10.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: clientloop.c,v 1.10.4.2 2016/03/11 12:22:42 martin Exp $"); #include /* MIN MAX */ #include @@ -159,7 +159,7 @@ static int connection_in; /* Connection static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed; /* In SSH2: login session closed. */ -static int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ +static u_int
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: snj Date: Mon Feb 22 11:23:29 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: readconf.c ssh.c Log Message: Pull up following revision(s) (requested by christos in ticket #1075): crypto/external/bsd/openssh/dist/readconf.c: patch crypto/external/bsd/openssh/dist/ssh.c: patch Fix CVE CVE-2016-0777 by disabling roaming completely. To generate a diff of this commit: cvs rdiff -u -r1.11.4.1 -r1.11.4.2 \ src/crypto/external/bsd/openssh/dist/readconf.c cvs rdiff -u -r1.14.4.1 -r1.14.4.2 src/crypto/external/bsd/openssh/dist/ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/readconf.c diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.11.4.1 src/crypto/external/bsd/openssh/dist/readconf.c:1.11.4.2 --- src/crypto/external/bsd/openssh/dist/readconf.c:1.11.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/readconf.c Mon Feb 22 11:23:29 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: readconf.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: readconf.c,v 1.11.4.2 2016/02/22 11:23:29 snj Exp $ */ /* $OpenBSD: readconf.c,v 1.232 2015/02/16 22:13:32 djm Exp $ */ /* * Author: Tatu Ylonen@@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readconf.c,v 1.11.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: readconf.c,v 1.11.4.2 2016/02/22 11:23:29 snj Exp $"); #include #include #include @@ -1745,7 +1745,7 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; - options->use_roaming = -1; + options->use_roaming = 0; options->visual_host_key = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; @@ -1960,8 +1960,7 @@ fill_default_options(Options * options) options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; - if (options->use_roaming == -1) - options->use_roaming = 1; + options->use_roaming = 0; if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) Index: src/crypto/external/bsd/openssh/dist/ssh.c diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.14.4.1 src/crypto/external/bsd/openssh/dist/ssh.c:1.14.4.2 --- src/crypto/external/bsd/openssh/dist/ssh.c:1.14.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/ssh.c Mon Feb 22 11:23:29 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh.c,v 1.14.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: ssh.c,v 1.14.4.2 2016/02/22 11:23:29 snj Exp $ */ /* $OpenBSD: ssh.c,v 1.416 2015/03/03 06:48:58 djm Exp $ */ /* * Author: Tatu Ylonen @@ -42,7 +42,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh.c,v 1.14.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: ssh.c,v 1.14.4.2 2016/02/22 11:23:29 snj Exp $"); #include #include #include @@ -1963,9 +1963,6 @@ ssh_session2(void) fork_postauth(); } - if (options.use_roaming) - request_roaming(); - return client_loop(tty_flag, tty_flag ? options.escape_char : SSH_ESCAPECHAR_NONE, id); }
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: riz Date: Tue Jan 26 01:29:35 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: sftp.c Log Message: Pull up following revision(s) (requested by snj in ticket #1066): crypto/external/bsd/openssh/dist/sftp.c: revision 1.17 PR/50564: Rin Okuyama: sftp: filename completion is broken To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.2 \ src/crypto/external/bsd/openssh/dist/sftp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp.c diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.12.4.1 src/crypto/external/bsd/openssh/dist/sftp.c:1.12.4.2 --- src/crypto/external/bsd/openssh/dist/sftp.c:1.12.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/sftp.c Tue Jan 26 01:29:35 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: sftp.c,v 1.12.4.2 2016/01/26 01:29:35 riz Exp $ */ /* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller@@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $"); +__RCSID("$NetBSD: sftp.c,v 1.12.4.2 2016/01/26 01:29:35 riz Exp $"); #include /* MIN MAX */ #include #include @@ -1845,8 +1845,8 @@ complete_match(EditLine *el, struct sftp if (remote != LOCAL) { tmp = make_absolute(tmp, remote_path); remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, ); + } else glob(tmp, GLOB_LIMIT|GLOB_DOOFFS|GLOB_MARK, NULL, ); - } /* Determine length of pwd so we can trim completion display */ for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) {
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: msaitoh Date: Fri Aug 14 05:32:40 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: monitor.c Log Message: Pull up following revision(s) (requested by christos in ticket #950): crypto/external/bsd/openssh/dist/monitor.c patch OpenSSH PAM fix (BFS-SA-2015-002). To generate a diff of this commit: cvs rdiff -u -r1.12.4.1 -r1.12.4.2 \ src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.12.4.1 src/crypto/external/bsd/openssh/dist/monitor.c:1.12.4.2 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.12.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/monitor.c Fri Aug 14 05:32:39 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: monitor.c,v 1.12.4.2 2015/08/14 05:32:39 msaitoh Exp $ */ /* $OpenBSD: monitor.c,v 1.145 2015/02/20 22:17:21 djm Exp $ */ /* * Copyright 2002 Niels Provos pro...@citi.umich.edu @@ -27,7 +27,7 @@ */ #include includes.h -__RCSID($NetBSD: monitor.c,v 1.12.4.1 2015/04/30 06:07:30 riz Exp $); +__RCSID($NetBSD: monitor.c,v 1.12.4.2 2015/08/14 05:32:39 msaitoh Exp $); #include sys/types.h #include sys/wait.h #include sys/socket.h @@ -1061,9 +1061,7 @@ extern KbdintDevice sshpam_device; int mm_answer_pam_init_ctx(int sock, Buffer *m) { - debug3(%s, __func__); - authctxt-user = buffer_get_string(m, NULL); sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); sshpam_authok = NULL; buffer_clear(m); @@ -1145,13 +1143,15 @@ mm_answer_pam_respond(int sock, Buffer * int mm_answer_pam_free_ctx(int sock, Buffer *m) { + int r = sshpam_authok != NULL sshpam_authok == sshpam_ctxt; debug3(%s, __func__); (sshpam_device.free_ctx)(sshpam_ctxt); + sshpam_ctxt = sshpam_authok = NULL; buffer_clear(m); mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); auth_method = keyboard-interactive/pam; - return (sshpam_authok == sshpam_ctxt); + return r; } #endif
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: snj Date: Fri Jul 31 16:49:41 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: auth2-chall.c Log Message: Pull up following revision(s) (requested by christos in ticket #916): crypto/external/bsd/openssh/dist/auth2-chall.c: revision 1.8 From FreeBSD: A remote attacker may effectively bypass MaxAuthTries settings, which would enable them to brute force passwords. [CVE-2015-5600] To generate a diff of this commit: cvs rdiff -u -r1.5.4.1 -r1.5.4.2 \ src/crypto/external/bsd/openssh/dist/auth2-chall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2-chall.c diff -u src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.1 src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.2 --- src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.5.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/auth2-chall.c Fri Jul 31 16:49:41 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: auth2-chall.c,v 1.5.4.2 2015/07/31 16:49:41 snj Exp $ */ /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include includes.h -__RCSID($NetBSD: auth2-chall.c,v 1.5.4.1 2015/04/30 06:07:30 riz Exp $); +__RCSID($NetBSD: auth2-chall.c,v 1.5.4.2 2015/07/31 16:49:41 snj Exp $); #include sys/types.h #include stdio.h @@ -83,6 +83,7 @@ struct KbdintAuthctxt void *ctxt; KbdintDevice *device; u_int nreq; + u_int devices_done; }; #ifdef USE_PAM @@ -170,11 +171,15 @@ kbdint_next_device(Authctxt *authctxt, K if (len == 0) break; for (i = 0; devices[i]; i++) { - if (!auth2_method_allowed(authctxt, + if ((kbdintctxt-devices_done (1 i)) != 0 || + !auth2_method_allowed(authctxt, keyboard-interactive, devices[i]-name)) continue; - if (strncmp(kbdintctxt-devices, devices[i]-name, len) == 0) + if (strncmp(kbdintctxt-devices, devices[i]-name, + len) == 0) { kbdintctxt-device = devices[i]; +kbdintctxt-devices_done |= 1 i; + } } t = kbdintctxt-devices; kbdintctxt-devices = t[len] ? xstrdup(t+len+1) : NULL;
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: snj Date: Sat May 16 18:05:07 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: compat.c Log Message: Pull up following revision(s) (requested by christos in ticket #783): crypto/external/bsd/openssh/dist/compat.c: revision 1.10 Pass the correct length to match_patter_list; from Hanno Boeck. To generate a diff of this commit: cvs rdiff -u -r1.6.4.1 -r1.6.4.2 \ src/crypto/external/bsd/openssh/dist/compat.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/compat.c diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.6.4.1 src/crypto/external/bsd/openssh/dist/compat.c:1.6.4.2 --- src/crypto/external/bsd/openssh/dist/compat.c:1.6.4.1 Thu Apr 30 06:07:30 2015 +++ src/crypto/external/bsd/openssh/dist/compat.c Sat May 16 18:05:06 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: compat.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $ */ +/* $NetBSD: compat.c,v 1.6.4.2 2015/05/16 18:05:06 snj Exp $ */ /* $OpenBSD: compat.c,v 1.87 2015/01/19 20:20:20 markus Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: compat.c,v 1.6.4.1 2015/04/30 06:07:30 riz Exp $); +__RCSID($NetBSD: compat.c,v 1.6.4.2 2015/05/16 18:05:06 snj Exp $); #include sys/types.h #include stdlib.h @@ -242,7 +242,7 @@ filter_proposal(const char *proposal, co buffer_init(b); tmp = orig_prop = xstrdup(proposal); while ((cp = strsep(tmp, ,)) != NULL) { - if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) { + if (match_pattern_list(cp, filter, strlen(filter), 0) != 1) { if (buffer_len(b) 0) buffer_append(b, ,, 1); buffer_append(b, cp, strlen(cp));
CVS commit: [netbsd-7] src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: martin Date: Fri Oct 17 16:12:36 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist [netbsd-7]: auth.c Log Message: Pull up following revision(s) (requested by christos in ticket #145): crypto/external/bsd/openssh/dist/auth.c: revision 1.9 for consistency use options.use_dns when getting the canonical hostname. [we do the same below for hosts.allow and deny] reported by rudolf. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.8.4.1 src/crypto/external/bsd/openssh/dist/auth.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth.c diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.8 src/crypto/external/bsd/openssh/dist/auth.c:1.8.4.1 --- src/crypto/external/bsd/openssh/dist/auth.c:1.8 Fri Nov 8 19:18:24 2013 +++ src/crypto/external/bsd/openssh/dist/auth.c Fri Oct 17 16:12:36 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: auth.c,v 1.8 2013/11/08 19:18:24 christos Exp $ */ +/* $NetBSD: auth.c,v 1.8.4.1 2014/10/17 16:12:36 martin Exp $ */ /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: auth.c,v 1.8 2013/11/08 19:18:24 christos Exp $); +__RCSID($NetBSD: auth.c,v 1.8.4.1 2014/10/17 16:12:36 martin Exp $); #include sys/types.h #include sys/stat.h #include sys/param.h @@ -101,7 +101,7 @@ allowed_user(struct passwd * pw) return 0; #ifdef HAVE_LOGIN_CAP - hostname = get_canonical_hostname(1); + hostname = get_canonical_hostname(options.use_dns); ipaddr = get_remote_ipaddr(); lc = login_getclass(pw-pw_class);