CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Mar 5 17:53:51 UTC 2021 Modified Files: src/crypto/external/bsd/openssh/dist: scp.c Log Message: remove __UNCONST, initialize To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/scp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/scp.c diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.29 src/crypto/external/bsd/openssh/dist/scp.c:1.30 --- src/crypto/external/bsd/openssh/dist/scp.c:1.29 Fri Mar 5 12:47:16 2021 +++ src/crypto/external/bsd/openssh/dist/scp.c Fri Mar 5 12:53:51 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: scp.c,v 1.29 2021/03/05 17:47:16 christos Exp $ */ +/* $NetBSD: scp.c,v 1.30 2021/03/05 17:53:51 christos Exp $ */ /* $OpenBSD: scp.c,v 1.213 2020/10/18 11:32:01 djm Exp $ */ /* @@ -74,7 +74,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: scp.c,v 1.29 2021/03/05 17:47:16 christos Exp $"); +__RCSID("$NetBSD: scp.c,v 1.30 2021/03/05 17:53:51 christos Exp $"); #include /* roundup MAX */ #include @@ -877,7 +877,7 @@ brace_expand(const char *pattern, char * void toremote(int argc, char **argv) { - char *suser = NULL, *host = NULL, *src; + char *suser = NULL, *host = NULL, *src = NULL; char *bp, *tuser, *thost, *targ; int sport = -1, tport = -1; arglist alist; @@ -911,7 +911,7 @@ toremote(int argc, char **argv) for (i = 0; i < argc - 1; i++) { free(suser); free(host); - free(__UNCONST(src)); + free(src); r = parse_scp_uri(argv[i], , , , ); if (r == -1) { fmprintf(stderr, "%s: invalid uri\n", argv[i]); @@ -989,16 +989,16 @@ toremote(int argc, char **argv) out: free(tuser); free(thost); - free(__UNCONST(targ)); + free(targ); free(suser); free(host); - free(__UNCONST(src)); + free(src); } static void tolocal(int argc, char **argv) { - char *bp, *host = NULL, *suser = NULL, *src; + char *bp, *host = NULL, *suser = NULL, *src = NULL; arglist alist; int i, r, sport = -1; @@ -1008,7 +1008,7 @@ tolocal(int argc, char **argv) for (i = 0; i < argc - 1; i++) { free(suser); free(host); - free(__UNCONST(src)); + free(src); r = parse_scp_uri(argv[i], , , , ); if (r == -1) { fmprintf(stderr, "%s: invalid uri\n", argv[i]); @@ -1050,7 +1050,7 @@ tolocal(int argc, char **argv) } free(suser); free(host); - free(__UNCONST(src)); + free(src); } void
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Nov 12 19:43:19 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: getrrsetbyname.c Log Message: eliminate direct use of _res for threaded programs. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssh/dist/getrrsetbyname.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/getrrsetbyname.c diff -u src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.5 src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.6 --- src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.5 Tue Apr 18 14:41:46 2017 +++ src/crypto/external/bsd/openssh/dist/getrrsetbyname.c Thu Nov 12 14:43:18 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: getrrsetbyname.c,v 1.5 2017/04/18 18:41:46 christos Exp $ */ +/* $NetBSD: getrrsetbyname.c,v 1.6 2020/11/12 19:43:18 christos Exp $ */ /* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */ /* @@ -47,7 +47,7 @@ /* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */ #include "includes.h" -__RCSID("$NetBSD: getrrsetbyname.c,v 1.5 2017/04/18 18:41:46 christos Exp $"); +__RCSID("$NetBSD: getrrsetbyname.c,v 1.6 2020/11/12 19:43:18 christos Exp $"); #ifndef HAVE_GETRRSETBYNAME @@ -189,8 +189,9 @@ getrrsetbyname(const char *hostname, uns unsigned int rdtype, unsigned int flags, struct rrsetinfo **res) { - struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res); + struct __res_state *_resp; int result; + unsigned long options; struct rrsetinfo *rrset = NULL; struct dns_response *response = NULL; struct dns_rr *rr; @@ -201,27 +202,33 @@ getrrsetbyname(const char *hostname, uns /* check for invalid class and type */ if (rdclass > 0x || rdtype > 0x) { - result = ERRSET_INVAL; - goto fail; + return ERRSET_INVAL; } /* don't allow queries of class or type ANY */ if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - goto fail; + return ERRSET_INVAL; } /* don't allow flags yet, unimplemented */ if (flags) { - result = ERRSET_INVAL; - goto fail; + return ERRSET_INVAL; } +#ifndef __NetBSD__ + _resp = _THREAD_PRIVATE(_res, _res, &_res); /* initialize resolver */ if ((_resp->options & RES_INIT) == 0 && res_init() == -1) { result = ERRSET_FAIL; goto fail; } +#else + _resp = __res_get_state(); + if (_resp == NULL) { + return ERRSET_FAIL; + } +#endif + options = _resp->options; #ifdef DEBUG _resp->options |= RES_DEBUG; @@ -234,8 +241,8 @@ getrrsetbyname(const char *hostname, uns #endif /* RES_USE_DNSEC */ /* make query */ - length = res_query(hostname, (signed int) rdclass, (signed int) rdtype, - answer, sizeof(answer)); + length = res_nquery(_resp, hostname, (signed int) rdclass, + (signed int) rdtype, answer, sizeof(answer)); if (length < 0) { switch(h_errno) { case HOST_NOT_FOUND: @@ -335,9 +342,17 @@ getrrsetbyname(const char *hostname, uns free_dns_response(response); *res = rrset; + _resp->options = options; +#ifdef __NetBSD__ + __res_put_state(_resp); +#endif return (ERRSET_SUCCESS); fail: + _resp->options = options; +#ifdef __NetBSD__ + __res_put_state(_resp); +#endif if (rrset != NULL) freerrset(rrset); if (response != NULL) @@ -466,7 +481,7 @@ parse_dns_qsection(const u_char *answer, /* name */ length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); + (int)sizeof(name)); if (length < 0) { free_dns_query(head); return (NULL); @@ -513,7 +528,7 @@ parse_dns_rrsection(const u_char *answer /* name */ length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); + (int)sizeof(name)); if (length < 0) { free_dns_rr(head); return (NULL);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri May 29 12:14:49 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: scp.c Log Message: Fix printf format error. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/scp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/scp.c diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.26 src/crypto/external/bsd/openssh/dist/scp.c:1.27 --- src/crypto/external/bsd/openssh/dist/scp.c:1.26 Thu May 28 13:05:49 2020 +++ src/crypto/external/bsd/openssh/dist/scp.c Fri May 29 08:14:49 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: scp.c,v 1.26 2020/05/28 17:05:49 christos Exp $ */ +/* $NetBSD: scp.c,v 1.27 2020/05/29 12:14:49 christos Exp $ */ /* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which @@ -73,7 +73,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: scp.c,v 1.26 2020/05/28 17:05:49 christos Exp $"); +__RCSID("$NetBSD: scp.c,v 1.27 2020/05/29 12:14:49 christos Exp $"); #include /* roundup MAX */ #include @@ -366,7 +366,7 @@ __dead static void lostconn(int); int okname(char *); void run_err(const char *,...) __printflike(1, 2); void run_err(const char *,...) __printflike(1, 2); -int note_err(const char *,...); +int note_err(const char *,...) __printflike(1, 2); void verifydir(char *); struct passwd *pwd; @@ -1503,7 +1503,7 @@ bad: run_err("%s: %s", np, strerror(er } } if (close(ofd) == -1) - note_err(np, "%s: close: %s", np, strerror(errno)); + note_err("%s: close: %s", np, strerror(errno)); (void) response(); if (showprogress) stop_progress_meter();
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sun Mar 1 14:51:06 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-sk-client.c Log Message: fix a sign-compare issue (for the pam module) To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-sk-client.c diff -u src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.2 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.3 --- src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.2 Wed Feb 26 19:24:40 2020 +++ src/crypto/external/bsd/openssh/dist/ssh-sk-client.c Sun Mar 1 09:51:06 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-sk-client.c,v 1.2 2020/02/27 00:24:40 christos Exp $ */ +/* $NetBSD: ssh-sk-client.c,v 1.3 2020/03/01 14:51:06 christos Exp $ */ /* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */ /* * Copyright (c) 2019 Google LLC @@ -16,7 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -__RCSID("$NetBSD: ssh-sk-client.c,v 1.2 2020/02/27 00:24:40 christos Exp $"); +__RCSID("$NetBSD: ssh-sk-client.c,v 1.3 2020/03/01 14:51:06 christos Exp $"); #include #include @@ -160,7 +160,7 @@ client_converse(struct sshbuf *msg, stru ll = log_level_get(); if ((r = sshbuf_put_u32(req, type)) != 0 || (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 || - (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 || + (r = sshbuf_put_u32(req, (uint32_t)(ll < 0 ? 0 : ll))) != 0 || (r = sshbuf_putb(req, msg)) != 0) { error("%s: build: %s", __func__, ssh_err(r)); goto out;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kim Date: Sun Mar 1 08:21:38 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: ssh_config sshd_config Log Message: Sync with OpenSSH 8.2p1 sample configs - Add GSSAPIAuthentication and related options - Add KerberosAuthentication and related options - Bring in the lengthy but useful comment block about the side-effect of UsePAM with regards to PermitRootLogin. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh_config cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/sshd_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh_config diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.13 src/crypto/external/bsd/openssh/dist/ssh_config:1.14 --- src/crypto/external/bsd/openssh/dist/ssh_config:1.13 Fri Feb 28 10:41:48 2020 +++ src/crypto/external/bsd/openssh/dist/ssh_config Sun Mar 1 08:21:38 2020 @@ -1,4 +1,4 @@ -# $NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $ +# $NetBSD: ssh_config,v 1.14 2020/03/01 08:21:38 kim Exp $ # $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See @@ -27,6 +27,8 @@ Host *.netbsd.org *.NetBSD.org # ForwardX11 no # PasswordAuthentication yes # HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any Index: src/crypto/external/bsd/openssh/dist/sshd_config diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.24 src/crypto/external/bsd/openssh/dist/sshd_config:1.25 --- src/crypto/external/bsd/openssh/dist/sshd_config:1.24 Fri Feb 28 10:59:58 2020 +++ src/crypto/external/bsd/openssh/dist/sshd_config Sun Mar 1 08:21:38 2020 @@ -1,4 +1,4 @@ -# $NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $ +# $NetBSD: sshd_config,v 1.25 2020/03/01 08:21:38 kim Exp $ # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See @@ -60,6 +60,27 @@ AuthorizedKeysFile .ssh/authorized_keys # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no @@ -72,7 +93,6 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -UsePAM yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: tnn Date: Sat Feb 29 14:03:17 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: xmalloc.h Log Message: annotate xvasprintf w/ format string attribute To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/xmalloc.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/xmalloc.h diff -u src/crypto/external/bsd/openssh/dist/xmalloc.h:1.12 src/crypto/external/bsd/openssh/dist/xmalloc.h:1.13 --- src/crypto/external/bsd/openssh/dist/xmalloc.h:1.12 Thu Feb 27 00:24:40 2020 +++ src/crypto/external/bsd/openssh/dist/xmalloc.h Sat Feb 29 14:03:17 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: xmalloc.h,v 1.12 2020/02/27 00:24:40 christos Exp $ */ +/* $NetBSD: xmalloc.h,v 1.13 2020/02/29 14:03:17 tnn Exp $ */ /* $OpenBSD: xmalloc.h,v 1.19 2019/11/12 22:32:48 djm Exp $ */ /* @@ -26,4 +26,5 @@ int xasprintf(char **, const char *, .. __attribute__((__format__ (printf, 2, 3))) __attribute__((__nonnull__ (2))); int xvasprintf(char **, const char *, va_list) +__attribute__((__format__ (printf, 2, 0))) __attribute__((__nonnull__ (2)));
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kim Date: Fri Feb 28 17:50:29 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: version.h Log Message: Remove unreferenced SSH_RELEASE To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/version.h diff -u src/crypto/external/bsd/openssh/dist/version.h:1.31 src/crypto/external/bsd/openssh/dist/version.h:1.32 --- src/crypto/external/bsd/openssh/dist/version.h:1.31 Thu Feb 27 00:27:44 2020 +++ src/crypto/external/bsd/openssh/dist/version.h Fri Feb 28 17:50:29 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.31 2020/02/27 00:27:44 christos Exp $ */ +/* $NetBSD: version.h,v 1.32 2020/02/28 17:50:29 kim Exp $ */ /* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */ #define __OPENSSH_VERSION "OpenSSH_8.2" @@ -10,4 +10,3 @@ * used for bug compatibility operation. present NetBSD SSH version as comment */ #define SSH_VERSION __OPENSSH_VERSION " " __NETBSDSSH_VERSION SSH_HPN SSH_LPK -#define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kim Date: Fri Feb 28 17:27:34 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: readconf.c Log Message: Fix duplicate entries in the keywords list. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/readconf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/readconf.c diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.29 src/crypto/external/bsd/openssh/dist/readconf.c:1.30 --- src/crypto/external/bsd/openssh/dist/readconf.c:1.29 Thu Feb 27 00:24:40 2020 +++ src/crypto/external/bsd/openssh/dist/readconf.c Fri Feb 28 17:27:34 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: readconf.c,v 1.29 2020/02/27 00:24:40 christos Exp $ */ +/* $NetBSD: readconf.c,v 1.30 2020/02/28 17:27:34 kim Exp $ */ /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ /* * Author: Tatu Ylonen @@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readconf.c,v 1.29 2020/02/27 00:24:40 christos Exp $"); +__RCSID("$NetBSD: readconf.c,v 1.30 2020/02/28 17:27:34 kim Exp $"); #include #include #include @@ -196,9 +196,25 @@ static struct { { "useprivilegedport", oDeprecated }, /* Unsupported options */ +#ifdef AFS + { "afstokenpassing", oAFSTokenPassing }, +#else { "afstokenpassing", oUnsupported }, +#endif +#if defined(KRB4) || defined(KRB5) + { "kerberosauthentication", oKerberosAuthentication }, +#else { "kerberosauthentication", oUnsupported }, +#endif +#if defined(AFS) || defined(KRB5) + { "kerberostgtpassing", oKerberosTgtPassing }, + { "kerberos5tgtpassing", oKerberosTgtPassing }, /* alias */ + { "kerberos4tgtpassing", oKerberosTgtPassing }, /* alias */ +#else { "kerberostgtpassing", oUnsupported }, + { "kerberos5tgtpassing", oUnsupported }, + { "kerberos4tgtpassing", oUnsupported }, +#endif { "rsaauthentication", oUnsupported }, { "rhostsrsaauthentication", oUnsupported }, { "compressionlevel", oUnsupported }, @@ -235,17 +251,6 @@ static struct { { "challengeresponseauthentication", oChallengeResponseAuthentication }, { "skeyauthentication", oChallengeResponseAuthentication }, /* alias */ { "tisauthentication", oChallengeResponseAuthentication }, /* alias */ -#if defined(KRB4) || defined(KRB5) - { "kerberosauthentication", oKerberosAuthentication }, -#endif -#if defined(AFS) || defined(KRB5) - { "kerberostgtpassing", oKerberosTgtPassing }, - { "kerberos5tgtpassing", oKerberosTgtPassing }, /* alias */ - { "kerberos4tgtpassing", oKerberosTgtPassing }, /* alias */ -#endif -#ifdef AFS - { "afstokenpassing", oAFSTokenPassing }, -#endif #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, { "gssapidelegatecredentials", oGssDelegateCreds },
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kim Date: Fri Feb 28 10:59:58 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: sshd_config Log Message: Cleanup - Match the case of the UsePAM keyword used in the manual page and code, to aid case-sensitive grep etc. - Remove references to obsole UseLogin and UsePrivilegeSeparation keywords. - Whitespace police To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/sshd_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshd_config diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.23 src/crypto/external/bsd/openssh/dist/sshd_config:1.24 --- src/crypto/external/bsd/openssh/dist/sshd_config:1.23 Sun Aug 26 07:46:37 2018 +++ src/crypto/external/bsd/openssh/dist/sshd_config Fri Feb 28 10:59:58 2020 @@ -1,4 +1,4 @@ -# $NetBSD: sshd_config,v 1.23 2018/08/26 07:46:37 christos Exp $ +# $NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $ # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See @@ -53,7 +53,7 @@ AuthorizedKeysFile .ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes -# To disable password authentication, set this and UsePam to no +# To disable password authentication, set this and UsePAM to no #PasswordAuthentication yes #PermitEmptyPasswords no @@ -72,9 +72,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -UsePam yes +UsePAM yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 @@ -121,7 +119,6 @@ Subsystem sftp /usr/libexec/sftp-server # buffer size for hpn to non-hpn connections #HPNBufferSize 2048 - # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kim Date: Fri Feb 28 10:41:49 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: ssh_config Log Message: Move NetBSD.org-specific entry above the match-all entry The first matching entry that sets an option "wins." Therefore more specific matches should be provided before the "Host *" entry that matches everything. This way options set in the more specific entry will not be accidentally made ineffective by the match-all entry. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh_config diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.12 src/crypto/external/bsd/openssh/dist/ssh_config:1.13 --- src/crypto/external/bsd/openssh/dist/ssh_config:1.12 Sat Apr 20 17:16:40 2019 +++ src/crypto/external/bsd/openssh/dist/ssh_config Fri Feb 28 10:41:48 2020 @@ -1,4 +1,4 @@ -# $NetBSD: ssh_config,v 1.12 2019/04/20 17:16:40 christos Exp $ +# $NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $ # $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See @@ -18,6 +18,10 @@ # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. +# NetBSD.org DNS provides SSHFP records - use them when possible +Host *.netbsd.org *.NetBSD.org +VerifyHostKeyDNS ask + # Host * # ForwardAgent no # ForwardX11 no @@ -45,7 +49,3 @@ # If you use xorg from pkgsrc then uncomment the following line. # XAuthLocation /usr/pkg/bin/xauth - -# NetBSD.org DNS provides SSHFP records - use them when possible -Host *.netbsd.org *.NetBSD.org -VerifyHostKeyDNS ask
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Feb 27 00:27:44 UTC 2020 Modified Files: src/crypto/external/bsd/openssh/dist: version.h Log Message: fix date To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/version.h diff -u src/crypto/external/bsd/openssh/dist/version.h:1.30 src/crypto/external/bsd/openssh/dist/version.h:1.31 --- src/crypto/external/bsd/openssh/dist/version.h:1.30 Wed Feb 26 19:24:40 2020 +++ src/crypto/external/bsd/openssh/dist/version.h Wed Feb 26 19:27:44 2020 @@ -1,8 +1,8 @@ -/* $NetBSD: version.h,v 1.30 2020/02/27 00:24:40 christos Exp $ */ +/* $NetBSD: version.h,v 1.31 2020/02/27 00:27:44 christos Exp $ */ /* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */ #define __OPENSSH_VERSION "OpenSSH_8.2" -#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-2020025" +#define __NETBSDSSH_VERSION "NetBSD_Secure_Shell-20200225" #define SSH_HPN "-hpn13v14" #define SSH_LPK "-lpk" /*
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Dec 7 16:38:42 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: monitor.c Log Message: need pfilter.h To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.31 src/crypto/external/bsd/openssh/dist/monitor.c:1.32 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.31 Sat Dec 7 11:32:22 2019 +++ src/crypto/external/bsd/openssh/dist/monitor.c Sat Dec 7 11:38:42 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $ */ +/* $NetBSD: monitor.c,v 1.32 2019/12/07 16:38:42 christos Exp $ */ /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $"); +__RCSID("$NetBSD: monitor.c,v 1.32 2019/12/07 16:38:42 christos Exp $"); #include #include #include @@ -85,6 +85,8 @@ __RCSID("$NetBSD: monitor.c,v 1.31 2019/ #include "match.h" #include "ssherr.h" +#include "pfilter.h" + #ifdef GSSAPI static Gssctxt *gsscontext = NULL; #endif
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Dec 7 16:32:22 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: auth2.c monitor.c Log Message: Add some more pfilter_notify() calls where authentication attempts fail. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/auth2.c cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2.c diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.20 src/crypto/external/bsd/openssh/dist/auth2.c:1.21 --- src/crypto/external/bsd/openssh/dist/auth2.c:1.20 Sat Oct 12 14:32:22 2019 +++ src/crypto/external/bsd/openssh/dist/auth2.c Sat Dec 7 11:32:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $ */ +/* $NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $ */ /* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $"); +__RCSID("$NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $"); #include #include @@ -440,8 +440,10 @@ userauth_finish(struct ssh *ssh, int aut } else { /* Allow initial try of "none" auth without failure penalty */ if (!partial && !authctxt->server_caused_failure && - (authctxt->attempt > 1 || strcmp(method, "none") != 0)) + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) { authctxt->failures++; + pfilter_notify(1); + } if (authctxt->failures >= options.max_authtries) auth_maxtries_exceeded(ssh); methods = authmethods_get(authctxt); Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.30 src/crypto/external/bsd/openssh/dist/monitor.c:1.31 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.30 Sat Oct 12 14:32:22 2019 +++ src/crypto/external/bsd/openssh/dist/monitor.c Sat Dec 7 11:32:22 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $ */ +/* $NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $ */ /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $"); +__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $"); #include #include #include @@ -320,8 +320,10 @@ monitor_child_preauth(struct ssh *ssh, s if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { auth_log(ssh, authenticated, partial, auth_method, auth_submethod); - if (!partial && !authenticated) + if (!partial && !authenticated) { +pfilter_notify(1); authctxt->failures++; + } if (authenticated || partial) { auth2_update_session_info(authctxt, auth_method, auth_submethod); @@ -1223,6 +1225,7 @@ mm_answer_keyallowed(struct ssh *ssh, in } else { /* Log failed attempt */ auth_log(ssh, 0, 0, auth_method, NULL); + pfilter_notify(1); free(cuser); free(chost); }
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Dec 7 16:25:36 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: auth.c Log Message: don't call pfilter_notify() from authz_log(). Logging should not have side effects (kim@) To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/auth.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth.c diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.25 src/crypto/external/bsd/openssh/dist/auth.c:1.26 --- src/crypto/external/bsd/openssh/dist/auth.c:1.25 Sat Oct 12 14:32:22 2019 +++ src/crypto/external/bsd/openssh/dist/auth.c Sat Dec 7 11:25:36 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $ */ +/* $NetBSD: auth.c,v 1.26 2019/12/07 16:25:36 christos Exp $ */ /* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $"); +__RCSID("$NetBSD: auth.c,v 1.26 2019/12/07 16:25:36 christos Exp $"); #include #include #include @@ -408,8 +408,6 @@ auth_log(struct ssh *ssh, int authentica extra != NULL ? extra : ""); free(extra); - if (!authctxt->postponed) - pfilter_notify(!authenticated); } void
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Dec 7 16:25:05 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: sshd.c Log Message: don't call pfilter_notify() twice in grace_alarm_handler(). (kim@) To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshd.c diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.36 src/crypto/external/bsd/openssh/dist/sshd.c:1.37 --- src/crypto/external/bsd/openssh/dist/sshd.c:1.36 Sat Oct 12 14:32:22 2019 +++ src/crypto/external/bsd/openssh/dist/sshd.c Sat Dec 7 11:25:05 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: sshd.c,v 1.36 2019/10/12 18:32:22 christos Exp $ */ +/* $NetBSD: sshd.c,v 1.37 2019/12/07 16:25:05 christos Exp $ */ /* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */ /* * Author: Tatu Ylonen @@ -44,7 +44,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshd.c,v 1.36 2019/10/12 18:32:22 christos Exp $"); +__RCSID("$NetBSD: sshd.c,v 1.37 2019/12/07 16:25:05 christos Exp $"); #include #include #include @@ -370,7 +370,6 @@ grace_alarm_handler(int sig) /* XXX pre-format ipaddr/port so we don't need to access active_state */ /* Log error and exit. */ - pfilter_notify(1); sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(the_active_state), ssh_remote_port(the_active_state));
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sun Apr 28 14:45:13 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: monitor.h Log Message: one more noreturn To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/monitor.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.h diff -u src/crypto/external/bsd/openssh/dist/monitor.h:1.11 src/crypto/external/bsd/openssh/dist/monitor.h:1.12 --- src/crypto/external/bsd/openssh/dist/monitor.h:1.11 Sat Apr 20 13:16:40 2019 +++ src/crypto/external/bsd/openssh/dist/monitor.h Sun Apr 28 10:45:13 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.h,v 1.11 2019/04/20 17:16:40 christos Exp $ */ +/* $NetBSD: monitor.h,v 1.12 2019/04/28 14:45:13 christos Exp $ */ /* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */ /* @@ -92,7 +92,8 @@ void monitor_reinit(struct monitor *); struct Authctxt; void monitor_child_preauth(struct ssh *, struct monitor *); -void monitor_child_postauth(struct ssh *, struct monitor *); +void monitor_child_postauth(struct ssh *, struct monitor *) +__attribute__((__noreturn__)); void monitor_clear_keystate(struct ssh *, struct monitor *); void monitor_apply_keystate(struct ssh *, struct monitor *);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Apr 26 01:51:55 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: packet.c packet.h Log Message: attribute police To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/crypto/external/bsd/openssh/dist/packet.c cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/packet.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.37 src/crypto/external/bsd/openssh/dist/packet.c:1.38 --- src/crypto/external/bsd/openssh/dist/packet.c:1.37 Sat Apr 20 13:16:40 2019 +++ src/crypto/external/bsd/openssh/dist/packet.c Thu Apr 25 21:51:55 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.37 2019/04/20 17:16:40 christos Exp $ */ +/* $NetBSD: packet.c,v 1.38 2019/04/26 01:51:55 christos Exp $ */ /* $OpenBSD: packet.c,v 1.283 2019/03/01 03:29:32 djm Exp $ */ /* * Author: Tatu Ylonen @@ -39,7 +39,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.37 2019/04/20 17:16:40 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.38 2019/04/26 01:51:55 christos Exp $"); #include /* MIN roundup */ #include @@ -1767,7 +1767,7 @@ ssh_packet_remaining(struct ssh *ssh) * authentication problems. The length of the formatted message must not * exceed 1024 bytes. This will automatically call ssh_packet_write_wait. */ -void +void __attribute__((__format__ (__printf__, 2, 3))) ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...) { char buf[1024]; @@ -1804,7 +1804,8 @@ sshpkt_fmt_connection_id(struct ssh *ssh /* * Pretty-print connection-terminating errors and exit. */ -static void +static void __attribute__((__format__ (__printf__, 3, 0))) +__attribute__((__noreturn__)) sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap) { char *tag = NULL, remote_id[512]; @@ -1854,7 +1855,8 @@ sshpkt_vfatal(struct ssh *ssh, int r, co } } -void +void __attribute__((__format__ (__printf__, 3, 4))) +__attribute__((__noreturn__)) sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...) { va_list ap; Index: src/crypto/external/bsd/openssh/dist/packet.h diff -u src/crypto/external/bsd/openssh/dist/packet.h:1.19 src/crypto/external/bsd/openssh/dist/packet.h:1.20 --- src/crypto/external/bsd/openssh/dist/packet.h:1.19 Sat Apr 20 13:16:40 2019 +++ src/crypto/external/bsd/openssh/dist/packet.h Thu Apr 25 21:51:55 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.h,v 1.19 2019/04/20 17:16:40 christos Exp $ */ +/* $NetBSD: packet.h,v 1.20 2019/04/26 01:51:55 christos Exp $ */ /* $OpenBSD: packet.h,v 1.90 2019/01/21 10:35:09 djm Exp $ */ /* @@ -167,7 +167,7 @@ int sshpkt_disconnect(struct ssh *, __attribute__((format(printf, 2, 3))); int sshpkt_add_padding(struct ssh *, u_char); void sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...) - __attribute__((format(printf, 3, 4))); + __attribute__((format(printf, 3, 4))) __attribute__((__noreturn__)); int sshpkt_msg_ignore(struct ssh *, u_int); int sshpkt_put(struct ssh *ssh, const void *v, size_t len);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kre Date: Sun Apr 21 01:32:04 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: sshconnect2.c Log Message: Put declaration of 'userauth_kerberos' inside #if KRB5 where it belongs. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/sshconnect2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.33 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.34 --- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.33 Sat Apr 20 17:16:40 2019 +++ src/crypto/external/bsd/openssh/dist/sshconnect2.c Sun Apr 21 01:32:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: sshconnect2.c,v 1.33 2019/04/20 17:16:40 christos Exp $ */ +/* $NetBSD: sshconnect2.c,v 1.34 2019/04/21 01:32:04 kre Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect2.c,v 1.33 2019/04/20 17:16:40 christos Exp $"); +__RCSID("$NetBSD: sshconnect2.c,v 1.34 2019/04/21 01:32:04 kre Exp $"); #include #include #include @@ -79,7 +79,9 @@ const char *auth_get_canonical_hostn #ifdef GSSAPI #include "ssh-gss.h" #endif +#ifdef KRB5 static int userauth_kerberos(struct ssh *); +#endif /* import */ extern char *client_version_string;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Apr 20 17:28:19 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: version.h Log Message: put back hpn/lpk strings To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/version.h diff -u src/crypto/external/bsd/openssh/dist/version.h:1.27 src/crypto/external/bsd/openssh/dist/version.h:1.28 --- src/crypto/external/bsd/openssh/dist/version.h:1.27 Sat Apr 20 13:16:40 2019 +++ src/crypto/external/bsd/openssh/dist/version.h Sat Apr 20 13:28:19 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: version.h,v 1.27 2019/04/20 17:16:40 christos Exp $ */ +/* $NetBSD: version.h,v 1.28 2019/04/20 17:28:19 christos Exp $ */ /* $OpenBSD: version.h,v 1.84 2019/04/03 15:48:45 djm Exp $ */ #define __OPENSSH_VERSION "OpenSSH_8.0" @@ -9,5 +9,5 @@ * it is important to retain OpenSSH version identification part, it is * used for bug compatibility operation. present NetBSD SSH version as comment */ -#define SSH_VERSION __OPENSSH_VERSION " " __NETBSDSSH_VERSION +#define SSH_VERSION __OPENSSH_VERSION " " __NETBSDSSH_VERSION SSH_HPN SSH_LPK #define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Mar 8 20:34:24 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: recallocarray.c Log Message: Replace our buggy recallocarray implementation one with the portable one from OpenBSD. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/dist/recallocarray.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/recallocarray.c diff -u src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1 src/crypto/external/bsd/openssh/dist/recallocarray.c:1.2 --- src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1 Sat Oct 7 17:14:59 2017 +++ src/crypto/external/bsd/openssh/dist/recallocarray.c Fri Mar 8 15:34:24 2019 @@ -1,51 +1,91 @@ -/* $NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $ */ -/* $OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $ */ +/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */ -/*- - * Copyright (c) 2015 The NetBSD Foundation, Inc. - * All rights reserved. +/* + * Copyright (c) 2008, 2017 Otto Moerbeek * - * This code is derived from software contributed to The NetBSD Foundation - * by Christos Zoulas. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - *notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - *notice, this list of conditions and the following disclaimer in the - *documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */ + #include "includes.h" -#include -__RCSID("$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $"); +#ifndef HAVE_RECALLOCARRAY #include -#include #include +#ifdef HAVE_STDINT_H +#include +#endif +#include +#include + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) void * -recallocarray(void *optr, size_t omemb, size_t nmemb, size_t size) +recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) { - char *nptr = reallocarray(optr, nmemb, size); + size_t oldsize, newsize; + void *newptr; + + if (ptr == NULL) + return calloc(newnmemb, size); - if (nptr == NULL || omemb >= nmemb) - return nptr; + if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + newnmemb > 0 && SIZE_MAX / newnmemb < size) { + errno = ENOMEM; + return NULL; + } + newsize = newnmemb * size; + + if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { + errno = EINVAL; + return NULL; + } + oldsize = oldnmemb * size; + + /* + * Don't bother too much if we're shrinking just a bit, + * we do not shrink for series of small steps, oh well. + */ + if (newsize <= oldsize) { + size_t d = oldsize - newsize; + + if (d < oldsize / 2 && d < (size_t)getpagesize()) { + memset((char *)ptr + newsize, 0, d); + return ptr; + } + } + + newptr = malloc(newsize); + if (newptr == NULL) + return NULL; + +
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Jan 25 14:29:05 UTC 2019 Modified Files: src/crypto/external/bsd/openssh/dist: auth-pam.c Log Message: PR/53908: Alex Raschi: Include for socketpair(2) To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/auth-pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-pam.c diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.18 --- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17 Mon Aug 27 13:47:48 2018 +++ src/crypto/external/bsd/openssh/dist/auth-pam.c Fri Jan 25 09:29:05 2019 @@ -51,7 +51,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.17 2018/08/27 17:47:48 tnn Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.18 2019/01/25 14:29:05 christos Exp $"); #define _LIB_PTHREAD_H #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H @@ -65,6 +65,7 @@ void sshpam_password_change_required(int /* end NetBSD local changes */ #include +#include #include #include
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Tue Oct 2 22:44:07 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: log.c Log Message: Don't treat mostly connection closed events as filtering events. There a a failed to negotiate instance too, but I don't want to generate more diff. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/log.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/log.c diff -u src/crypto/external/bsd/openssh/dist/log.c:1.18 src/crypto/external/bsd/openssh/dist/log.c:1.19 --- src/crypto/external/bsd/openssh/dist/log.c:1.18 Sun Aug 26 03:46:36 2018 +++ src/crypto/external/bsd/openssh/dist/log.c Tue Oct 2 18:44:07 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: log.c,v 1.18 2018/08/26 07:46:36 christos Exp $ */ +/* $NetBSD: log.c,v 1.19 2018/10/02 22:44:07 christos Exp $ */ /* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */ /* @@ -37,7 +37,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: log.c,v 1.18 2018/08/26 07:46:36 christos Exp $"); +__RCSID("$NetBSD: log.c,v 1.19 2018/10/02 22:44:07 christos Exp $"); #include #include @@ -183,7 +183,7 @@ logdie(const char *fmt,...) va_start(args, fmt); do_log(SYSLOG_LEVEL_INFO, fmt, args); va_end(args); - cleanup_exit(255); + cleanup_exit(254); } /* Log this message (information that usually should go to the log). */
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Tue Oct 2 22:40:29 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: monitor_wrap.c packet.c serverloop.c Log Message: Undo previous change. It made filtering a lot more aggressive. To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 \ src/crypto/external/bsd/openssh/dist/monitor_wrap.c \ src/crypto/external/bsd/openssh/dist/serverloop.c cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.23 --- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22 Sat Sep 29 11:10:44 2018 +++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c Tue Oct 2 18:40:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $ */ +/* $NetBSD: monitor_wrap.c,v 1.23 2018/10/02 22:40:28 christos Exp $ */ /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ /* @@ -28,7 +28,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $"); +__RCSID("$NetBSD: monitor_wrap.c,v 1.23 2018/10/02 22:40:28 christos Exp $"); #include #include #include @@ -151,7 +151,7 @@ mm_request_receive(int sock, struct sshb if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { if (errno == EPIPE) - cleanup_exit(255); + cleanup_exit(254); fatal("%s: read: %s", __func__, strerror(errno)); } msg_len = PEEK_U32(buf); Index: src/crypto/external/bsd/openssh/dist/serverloop.c diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.22 src/crypto/external/bsd/openssh/dist/serverloop.c:1.23 --- src/crypto/external/bsd/openssh/dist/serverloop.c:1.22 Sat Sep 29 11:10:44 2018 +++ src/crypto/external/bsd/openssh/dist/serverloop.c Tue Oct 2 18:40:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $ */ +/* $NetBSD: serverloop.c,v 1.23 2018/10/02 22:40:28 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ /* @@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $"); +__RCSID("$NetBSD: serverloop.c,v 1.23 2018/10/02 22:40:28 christos Exp $"); #include /* MIN MAX */ #include @@ -343,7 +343,7 @@ process_input(struct ssh *ssh, fd_set *r "%.100s port %d: %.100s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), strerror(errno)); -cleanup_exit(255); +cleanup_exit(254); } } else { /* Buffer any received data. */ @@ -440,7 +440,7 @@ server_loop2(struct ssh *ssh, Authctxt * if (received_sigterm) { logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ - cleanup_exit(255); + cleanup_exit(254); } collect_children(ssh); Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.34 src/crypto/external/bsd/openssh/dist/packet.c:1.35 --- src/crypto/external/bsd/openssh/dist/packet.c:1.34 Sat Sep 29 11:10:44 2018 +++ src/crypto/external/bsd/openssh/dist/packet.c Tue Oct 2 18:40:28 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $ */ +/* $NetBSD: packet.c,v 1.35 2018/10/02 22:40:28 christos Exp $ */ /* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */ /* @@ -40,7 +40,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.35 2018/10/02 22:40:28 christos Exp $"); #include /* MIN roundup */ #include @@ -1883,7 +1883,7 @@ ssh_packet_disconnect(struct ssh *ssh, c /* Close the connection. */ ssh_packet_close(ssh); - cleanup_exit(255); + cleanup_exit(254); } /*
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Sep 29 15:10:45 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: monitor_wrap.c packet.c serverloop.c Log Message: be less aggressive about blocking connections from disconnected sessions. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 \ src/crypto/external/bsd/openssh/dist/monitor_wrap.c \ src/crypto/external/bsd/openssh/dist/serverloop.c cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.21 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22 --- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.21 Sun Aug 26 03:46:36 2018 +++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c Sat Sep 29 11:10:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor_wrap.c,v 1.21 2018/08/26 07:46:36 christos Exp $ */ +/* $NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $ */ /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */ /* @@ -28,7 +28,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_wrap.c,v 1.21 2018/08/26 07:46:36 christos Exp $"); +__RCSID("$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $"); #include #include #include @@ -151,7 +151,7 @@ mm_request_receive(int sock, struct sshb if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { if (errno == EPIPE) - cleanup_exit(254); + cleanup_exit(255); fatal("%s: read: %s", __func__, strerror(errno)); } msg_len = PEEK_U32(buf); Index: src/crypto/external/bsd/openssh/dist/serverloop.c diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.21 src/crypto/external/bsd/openssh/dist/serverloop.c:1.22 --- src/crypto/external/bsd/openssh/dist/serverloop.c:1.21 Sun Aug 26 03:46:36 2018 +++ src/crypto/external/bsd/openssh/dist/serverloop.c Sat Sep 29 11:10:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: serverloop.c,v 1.21 2018/08/26 07:46:36 christos Exp $ */ +/* $NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ /* @@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: serverloop.c,v 1.21 2018/08/26 07:46:36 christos Exp $"); +__RCSID("$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $"); #include /* MIN MAX */ #include @@ -343,7 +343,7 @@ process_input(struct ssh *ssh, fd_set *r "%.100s port %d: %.100s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), strerror(errno)); -cleanup_exit(254); +cleanup_exit(255); } } else { /* Buffer any received data. */ @@ -440,7 +440,7 @@ server_loop2(struct ssh *ssh, Authctxt * if (received_sigterm) { logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ - cleanup_exit(254); + cleanup_exit(255); } collect_children(ssh); Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.33 src/crypto/external/bsd/openssh/dist/packet.c:1.34 --- src/crypto/external/bsd/openssh/dist/packet.c:1.33 Sun Aug 26 03:46:36 2018 +++ src/crypto/external/bsd/openssh/dist/packet.c Sat Sep 29 11:10:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.33 2018/08/26 07:46:36 christos Exp $ */ +/* $NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $ */ /* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */ /* @@ -40,7 +40,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.33 2018/08/26 07:46:36 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $"); #include /* MIN roundup */ #include @@ -1883,7 +1883,7 @@ ssh_packet_disconnect(struct ssh *ssh, c /* Close the connection. */ ssh_packet_close(ssh); - cleanup_exit(254); + cleanup_exit(255); } /*
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: tnn Date: Mon Aug 27 17:47:48 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: auth-pam.c Log Message: annotate pthread_exit as __dead (to appease clang) To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/auth-pam.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-pam.c diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.16 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17 --- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.16 Sun Aug 26 07:46:36 2018 +++ src/crypto/external/bsd/openssh/dist/auth-pam.c Mon Aug 27 17:47:48 2018 @@ -51,7 +51,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.16 2018/08/26 07:46:36 christos Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.17 2018/08/27 17:47:48 tnn Exp $"); #define _LIB_PTHREAD_H #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H @@ -194,7 +194,7 @@ sshpam_sigchld_handler(int sig) } /* ARGSUSED */ -static void +__dead static void pthread_exit(void *value) { _exit(0);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Aug 13 09:55:20 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: monitor.c Log Message: add another exit 254 to avoid blacklistd notification To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.25 src/crypto/external/bsd/openssh/dist/monitor.c:1.26 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.25 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/monitor.c Mon Aug 13 05:55:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.25 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: monitor.c,v 1.26 2018/08/13 09:55:20 christos Exp $ */ /* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor.c,v 1.25 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: monitor.c,v 1.26 2018/08/13 09:55:20 christos Exp $"); #include #include #include @@ -1383,7 +1383,7 @@ mm_record_login(Session *s, struct passw if (getpeername(packet_get_connection_in(), (struct sockaddr *), ) < 0) { debug("getpeername: %.100s", strerror(errno)); - cleanup_exit(255); + cleanup_exit(254); } } /* Record that there was a login on that tty from the remote host. */
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Aug 9 08:32:41 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: monitor_wrap.c mux.c packet.c serverloop.c session.c Log Message: change some 255's to 254's to avoid being too aggressive blacklisting. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 \ src/crypto/external/bsd/openssh/dist/monitor_wrap.c \ src/crypto/external/bsd/openssh/dist/mux.c \ src/crypto/external/bsd/openssh/dist/serverloop.c cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/packet.c cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/session.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.19 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.20 --- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.19 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c Thu Aug 9 04:32:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor_wrap.c,v 1.19 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: monitor_wrap.c,v 1.20 2018/08/09 08:32:41 christos Exp $ */ /* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright 2002 Niels Provos @@ -27,7 +27,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor_wrap.c,v 1.19 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: monitor_wrap.c,v 1.20 2018/08/09 08:32:41 christos Exp $"); #include #include #include @@ -149,7 +149,7 @@ mm_request_receive(int sock, Buffer *m) if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) { if (errno == EPIPE) - cleanup_exit(255); + cleanup_exit(254); fatal("%s: read: %s", __func__, strerror(errno)); } msg_len = get_u32(buf); Index: src/crypto/external/bsd/openssh/dist/mux.c diff -u src/crypto/external/bsd/openssh/dist/mux.c:1.19 src/crypto/external/bsd/openssh/dist/mux.c:1.20 --- src/crypto/external/bsd/openssh/dist/mux.c:1.19 Sat Oct 7 15:39:19 2017 +++ src/crypto/external/bsd/openssh/dist/mux.c Thu Aug 9 04:32:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: mux.c,v 1.19 2017/10/07 19:39:19 christos Exp $ */ +/* $NetBSD: mux.c,v 1.20 2018/08/09 08:32:41 christos Exp $ */ /* $OpenBSD: mux.c,v 1.69 2017/09/20 05:19:00 dtucker Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller @@ -32,7 +32,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: mux.c,v 1.19 2017/10/07 19:39:19 christos Exp $"); +__RCSID("$NetBSD: mux.c,v 1.20 2018/08/09 08:32:41 christos Exp $"); #include #include #include @@ -1324,7 +1324,7 @@ muxserver_listen(struct ssh *ssh) return; } else { /* unix_listener() logs the error */ - cleanup_exit(255); + cleanup_exit(254); } } Index: src/crypto/external/bsd/openssh/dist/serverloop.c diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.19 src/crypto/external/bsd/openssh/dist/serverloop.c:1.20 --- src/crypto/external/bsd/openssh/dist/serverloop.c:1.19 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/serverloop.c Thu Aug 9 04:32:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: serverloop.c,v 1.19 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: serverloop.c,v 1.20 2018/08/09 08:32:41 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen @@ -37,7 +37,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: serverloop.c,v 1.19 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: serverloop.c,v 1.20 2018/08/09 08:32:41 christos Exp $"); #include /* MIN MAX */ #include @@ -331,7 +331,7 @@ process_input(struct ssh *ssh, fd_set *r "%.100s port %d: %.100s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), strerror(errno)); -cleanup_exit(255); +cleanup_exit(254); } } else { /* Buffer any received data. */ @@ -428,7 +428,7 @@ server_loop2(struct ssh *ssh, Authctxt * if (received_sigterm) { logit("Exiting on signal %d", (int)received_sigterm); /* Clean up sessions, utmp, etc. */ - cleanup_exit(255); + cleanup_exit(254); } collect_children(ssh); Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.31 src/crypto/external/bsd/openssh/dist/packet.c:1.32 --- src/crypto/external/bsd/openssh/dist/packet.c:1.31 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/packet.c Thu Aug 9 04:32:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.31 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: packet.c,v 1.32 2018/08/09 08:32:41 christos Exp $ */ /* $OpenBSD: packet.c,v 1.269 2017/12/18 23:13:42 djm Exp $ */ /* * Author: Tatu Ylonen @@ -39,7 +39,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.31 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.32
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kre Date: Fri Aug 3 12:49:41 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: sshkey.c Log Message: Add a "gcc is stupid" comment to the previous change, as even the most cursory analysis shows that the var ("eg") is not (cannot be) used unitialialised, just gcc is too dumb to work it out. In this case, the code could be rewritten easily enough to appease even gcc, but that would cause unnecessary code churn, and some minor duplication, so just put up with the nonsense init... To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sshkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshkey.c diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.15 src/crypto/external/bsd/openssh/dist/sshkey.c:1.16 --- src/crypto/external/bsd/openssh/dist/sshkey.c:1.15 Fri Aug 3 04:32:12 2018 +++ src/crypto/external/bsd/openssh/dist/sshkey.c Fri Aug 3 12:49:41 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $ */ +/* $NetBSD: sshkey.c,v 1.16 2018/08/03 12:49:41 kre Exp $ */ /* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $"); +__RCSID("$NetBSD: sshkey.c,v 1.16 2018/08/03 12:49:41 kre Exp $"); #include #include @@ -1641,7 +1641,7 @@ dsa_generate_private_key(u_int bits, DSA int sshkey_ecdsa_key_to_nid(EC_KEY *k) { - EC_GROUP *eg = NULL; + EC_GROUP *eg = NULL; /* XXXGCC: unneeded init */ int nids[] = { NID_X9_62_prime256v1, NID_secp384r1,
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: kamil Date: Fri Aug 3 04:32:12 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: sshkey.c Log Message: Appease GCC in the openssh code when built with UBSan Initialize eg to NULL in sshkey_ecdsa_key_to_nid(). The compiler warns that it might be uninitialized. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sshkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshkey.c diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.14 src/crypto/external/bsd/openssh/dist/sshkey.c:1.15 --- src/crypto/external/bsd/openssh/dist/sshkey.c:1.14 Fri Apr 6 18:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/sshkey.c Fri Aug 3 04:32:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sshkey.c,v 1.14 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $ */ /* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: sshkey.c,v 1.14 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $"); #include #include @@ -1641,7 +1641,7 @@ dsa_generate_private_key(u_int bits, DSA int sshkey_ecdsa_key_to_nid(EC_KEY *k) { - EC_GROUP *eg; + EC_GROUP *eg = NULL; int nids[] = { NID_X9_62_prime256v1, NID_secp384r1,
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: wiz Date: Wed Jul 18 16:42:49 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-agent.1 Log Message: Fix Dd argument. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh-agent.1 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1 diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.14 --- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13 Tue Jul 10 22:12:08 2018 +++ src/crypto/external/bsd/openssh/dist/ssh-agent.1 Wed Jul 18 16:42:49 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-agent.1,v 1.13 2018/07/10 22:12:08 sevan Exp $ +.\" $NetBSD: ssh-agent.1,v 1.14 2018/07/18 16:42:49 wiz Exp $ .\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $ .\" .\" @@ -36,7 +36,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 30 2016 +.Dd July 10, 2018 .Dt SSH-AGENT 1 .Os .Sh NAME
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: sevan Date: Tue Jul 10 22:12:08 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-agent.1 ssh-agent.c Log Message: Amend whitelisted filesystem paths ssh-agent will look for PKCS11 related libraries so that things work out of the box with pkgsrc without having to explicitly whitelist things. ok christos To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-agent.1 cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/ssh-agent.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1 diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.12 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13 --- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.12 Tue Apr 18 18:41:46 2017 +++ src/crypto/external/bsd/openssh/dist/ssh-agent.1 Tue Jul 10 22:12:08 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: ssh-agent.1,v 1.12 2017/04/18 18:41:46 christos Exp $ +.\" $NetBSD: ssh-agent.1,v 1.13 2018/07/10 22:12:08 sevan Exp $ .\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $ .\" .\" @@ -131,7 +131,7 @@ that may be added using the option to .Xr ssh-add 1 . The default is to allow loading PKCS#11 libraries from -.Dq /usr/lib/*,/usr/local/lib/* . +.Dq /usr/lib/*,/usr/pkg/lib/* . PKCS#11 libraries that do not match the whitelist will be refused. See PATTERNS in .Xr ssh_config 5 Index: src/crypto/external/bsd/openssh/dist/ssh-agent.c diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.22 src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.23 --- src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.22 Fri Apr 6 18:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/ssh-agent.c Tue Jul 10 22:12:08 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-agent.c,v 1.22 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: ssh-agent.c,v 1.23 2018/07/10 22:12:08 sevan Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen @@ -36,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-agent.c,v 1.22 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: ssh-agent.c,v 1.23 2018/07/10 22:12:08 sevan Exp $"); #include /* MIN MAX */ #include @@ -82,7 +82,7 @@ __RCSID("$NetBSD: ssh-agent.c,v 1.22 201 #endif #ifndef DEFAULT_PKCS11_WHITELIST -# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*" +# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/pkg/lib*/*" #endif /* Maximum accepted message length */
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sun Jun 24 15:36:31 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: pfilter.c Log Message: Since now we are called from cleanup_exit() make sure that we have a state to work with. Found by ASAN. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/pfilter.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/pfilter.c diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.5 src/crypto/external/bsd/openssh/dist/pfilter.c:1.6 --- src/crypto/external/bsd/openssh/dist/pfilter.c:1.5 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/pfilter.c Sun Jun 24 11:36:31 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: pfilter.c,v 1.5 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: pfilter.c,v 1.6 2018/06/24 15:36:31 christos Exp $ */ #include "namespace.h" #include "includes.h" #include "ssh.h" @@ -12,7 +12,7 @@ static struct blacklist *blstate; #endif #include "includes.h" -__RCSID("$NetBSD: pfilter.c,v 1.5 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: pfilter.c,v 1.6 2018/06/24 15:36:31 christos Exp $"); void pfilter_init() @@ -27,6 +27,8 @@ pfilter_notify(int a) { #ifndef SMALL int fd; + if (active_state == NULL) + return; if (blstate == NULL) pfilter_init(); if (blstate == NULL)
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: riastradh Date: Thu Jun 7 15:26:09 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: servconf.c Log Message: Disable loading XMSS keys by default too. Nobody should be using XMSS host keys without an explicit decision, because they're qualitatively different from all other types of host keys in that they require keeping state. This also eliminates a harmless but confusing warning that began after we stopped generating XMSS keys by default. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/servconf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/servconf.c diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.27 src/crypto/external/bsd/openssh/dist/servconf.c:1.28 --- src/crypto/external/bsd/openssh/dist/servconf.c:1.27 Sun Apr 8 21:56:48 2018 +++ src/crypto/external/bsd/openssh/dist/servconf.c Thu Jun 7 15:26:09 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $ */ +/* $NetBSD: servconf.c,v 1.28 2018/06/07 15:26:09 riastradh Exp $ */ /* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */ /* @@ -13,7 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $"); +__RCSID("$NetBSD: servconf.c,v 1.28 2018/06/07 15:26:09 riastradh Exp $"); #include #include #include @@ -294,10 +294,6 @@ fill_default_server_options(ServerOption _PATH_HOST_ECDSA_KEY_FILE); servconf_add_hostkey("[default]", 0, options, _PATH_HOST_ED25519_KEY_FILE); -#ifdef WITH_XMSS - servconf_add_hostkey("[default]", 0, options, - _PATH_HOST_XMSS_KEY_FILE); -#endif /* WITH_XMSS */ } /* No certificates by default */ if (options->num_ports == 0)
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed May 23 16:04:13 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: auth-pam.c sshd.c Log Message: Increase strictness of blacklistd patches to include timeouts, operating system errors, and pam failures. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-pam.c cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-pam.c diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.15 --- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 Fri Apr 6 14:58:59 2018 +++ src/crypto/external/bsd/openssh/dist/auth-pam.c Wed May 23 12:04:13 2018 @@ -50,7 +50,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $"); #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H #define HAVE_PAM_GETENVLIST @@ -552,6 +552,7 @@ sshpam_thread(void *ctxtp) ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, ); else ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, ); + pfilter_notify(1); buffer_free(); pthread_exit(NULL); @@ -830,6 +831,7 @@ sshpam_query(void *ctx, char **name, cha free(msg); return (0); } + pfilter_notify(1); error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", sshpam_authctxt->user, Index: src/crypto/external/bsd/openssh/dist/sshd.c diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.30 src/crypto/external/bsd/openssh/dist/sshd.c:1.31 --- src/crypto/external/bsd/openssh/dist/sshd.c:1.30 Sun Apr 8 17:56:48 2018 +++ src/crypto/external/bsd/openssh/dist/sshd.c Wed May 23 12:04:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $ */ +/* $NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $ */ /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen@@ -44,7 +44,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $"); +__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $"); #include #include #include @@ -344,6 +344,7 @@ main_sigchld_handler(int sig) __dead static void grace_alarm_handler(int sig) { + pfilter_notify(1); if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) kill(pmonitor->m_pid, SIGALRM); @@ -356,7 +357,6 @@ grace_alarm_handler(int sig) killpg(0, SIGTERM); } - pfilter_notify(1); /* Log error and exit. */ sigdie("Timeout before authentication for %s port %d", ssh_remote_ipaddr(active_state), ssh_remote_port(active_state)); @@ -2193,6 +2193,9 @@ cleanup_exit(int i) { struct ssh *ssh = active_state; /* XXX */ + if (i == 255) + pfilter_notify(1); + if (the_authctxt) { do_cleanup(ssh, the_authctxt); if (use_privsep && privsep_is_preauth &&
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Sun Apr 8 21:56:48 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: servconf.c sshd.c Log Message: Fix clang build by adding __dead annotations. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/servconf.c cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/servconf.c diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.26 src/crypto/external/bsd/openssh/dist/servconf.c:1.27 --- src/crypto/external/bsd/openssh/dist/servconf.c:1.26 Fri Apr 6 18:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/servconf.c Sun Apr 8 21:56:48 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: servconf.c,v 1.26 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $ */ /* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */ /* @@ -13,7 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: servconf.c,v 1.26 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $"); #include #include #include @@ -1053,7 +1053,7 @@ out: return result; } -static void +__dead static void match_test_missing_fatal(const char *criteria, const char *attrib) { fatal("'Match %s' in configuration but '%s' not in connection " Index: src/crypto/external/bsd/openssh/dist/sshd.c diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.29 src/crypto/external/bsd/openssh/dist/sshd.c:1.30 --- src/crypto/external/bsd/openssh/dist/sshd.c:1.29 Fri Apr 6 18:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/sshd.c Sun Apr 8 21:56:48 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sshd.c,v 1.29 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $ */ /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen@@ -44,7 +44,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshd.c,v 1.29 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $"); #include #include #include @@ -1338,6 +1338,9 @@ check_ip_options(struct ssh *ssh) } /* Set the routing domain for this process */ +#if !defined(__OpenBSD__) +__dead +#endif static void set_process_rdomain(struct ssh *ssh, const char *name) {
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sun Apr 8 13:39:42 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: auth2-pubkey.c Log Message: fix compilation for non LDAP remove error comment To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 \ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.19 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.20 --- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.19 Fri Apr 6 14:58:59 2018 +++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c Sun Apr 8 09:39:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-pubkey.c,v 1.19 2018/04/06 18:58:59 christos Exp $ */ +/* $NetBSD: auth2-pubkey.c,v 1.20 2018/04/08 13:39:42 christos Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-pubkey.c,v 1.19 2018/04/06 18:58:59 christos Exp $"); +__RCSID("$NetBSD: auth2-pubkey.c,v 1.20 2018/04/08 13:39:42 christos Exp $"); #include #include @@ -692,9 +692,9 @@ check_authkeys_file(struct ssh *ssh, str char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256]; int found_key = 0; u_long linenum = 0; - struct sshkey *found = NULL; struct sshauthopt *opts = NULL; #ifdef WITH_LDAP_PUBKEY + struct sshkey *found = NULL; ldap_key_t * k; unsigned int i = 0; const char *reason; @@ -780,7 +780,6 @@ check_authkeys_file(struct ssh *ssh, str continue; /* Skip leading whitespace, empty and comment lines. */ -/*###782 [cc] error: 'cp' undeclared (first use in this function)%%%*/ cp = line; skip_space(); if (!*cp || *cp == '\n' || *cp == '#')
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Apr 7 00:36:55 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: readconf.c scp.c Log Message: fix unconst To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/readconf.c cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/scp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/readconf.c diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.23 src/crypto/external/bsd/openssh/dist/readconf.c:1.24 --- src/crypto/external/bsd/openssh/dist/readconf.c:1.23 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/readconf.c Fri Apr 6 20:36:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: readconf.c,v 1.23 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: readconf.c,v 1.24 2018/04/07 00:36:55 christos Exp $ */ /* $OpenBSD: readconf.c,v 1.283 2018/02/23 15:58:37 markus Exp $ */ /* * Author: Tatu Ylonen@@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: readconf.c,v 1.23 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: readconf.c,v 1.24 2018/04/07 00:36:55 christos Exp $"); #include #include #include @@ -2440,7 +2440,7 @@ parse_jump(const char *s, Options *o, in int parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp) { - char *path; + const char *path; int r; r = parse_uri("ssh", uri, userp, hostp, portp, ); Index: src/crypto/external/bsd/openssh/dist/scp.c diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.18 src/crypto/external/bsd/openssh/dist/scp.c:1.19 --- src/crypto/external/bsd/openssh/dist/scp.c:1.18 Fri Apr 6 14:59:00 2018 +++ src/crypto/external/bsd/openssh/dist/scp.c Fri Apr 6 20:36:55 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: scp.c,v 1.18 2018/04/06 18:59:00 christos Exp $ */ +/* $NetBSD: scp.c,v 1.19 2018/04/07 00:36:55 christos Exp $ */ /* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which @@ -73,7 +73,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: scp.c,v 1.18 2018/04/06 18:59:00 christos Exp $"); +__RCSID("$NetBSD: scp.c,v 1.19 2018/04/07 00:36:55 christos Exp $"); #include /* roundup MAX */ #include @@ -600,7 +600,7 @@ do_times(int fd, int verb, const struct static int parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp, - char **pathp) + const char **pathp) { int r; @@ -613,8 +613,10 @@ parse_scp_uri(const char *uri, char **us void toremote(int argc, char **argv) { - char *suser = NULL, *host = NULL, *src = NULL; - char *bp, *tuser, *thost, *targ; + char *suser = NULL, *host = NULL; + const char *src = NULL; + char *bp, *tuser, *thost; + const char *targ; int sport = -1, tport = -1; arglist alist; int i, r; @@ -647,7 +649,7 @@ toremote(int argc, char **argv) for (i = 0; i < argc - 1; i++) { free(suser); free(host); - free(src); + free(__UNCONST(src)); r = parse_scp_uri(argv[i], , , , ); if (r == -1) { fmprintf(stderr, "%s: invalid uri\n", argv[i]); @@ -725,16 +727,17 @@ toremote(int argc, char **argv) out: free(tuser); free(thost); - free(targ); + free(__UNCONST(targ)); free(suser); free(host); - free(src); + free(__UNCONST(src)); } static void tolocal(int argc, char **argv) { - char *bp, *host = NULL, *src = NULL, *suser = NULL; + char *bp, *host = NULL, *suser = NULL; + const char *src = NULL; arglist alist; int i, r, sport = -1; @@ -744,7 +747,7 @@ tolocal(int argc, char **argv) for (i = 0; i < argc - 1; i++) { free(suser); free(host); - free(src); + free(__UNCONST(src)); r = parse_scp_uri(argv[i], , , , ); if (r == -1) { fmprintf(stderr, "%s: invalid uri\n", argv[i]); @@ -786,7 +789,7 @@ tolocal(int argc, char **argv) } free(suser); free(host); - free(src); + free(__UNCONST(src)); } void
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Apr 7 00:26:12 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: auth-passwd.c Log Message: restore default xx salt. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth-passwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-passwd.c diff -u src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.8 src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.9 --- src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.8 Fri Apr 6 14:58:59 2018 +++ src/crypto/external/bsd/openssh/dist/auth-passwd.c Fri Apr 6 20:26:12 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-passwd.c,v 1.8 2018/04/06 18:58:59 christos Exp $ */ +/* $NetBSD: auth-passwd.c,v 1.9 2018/04/07 00:26:12 christos Exp $ */ /* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */ /* * Author: Tatu Ylonen@@ -38,7 +38,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth-passwd.c,v 1.8 2018/04/06 18:58:59 christos Exp $"); +__RCSID("$NetBSD: auth-passwd.c,v 1.9 2018/04/07 00:26:12 christos Exp $"); #include #include @@ -189,7 +189,7 @@ sys_auth_passwd(struct ssh *ssh, const c */ if (authctxt->valid && pw_password[0] && pw_password[1]) salt = pw_password; - encrypted_password = xcrypt(password, salt); + encrypted_password = xcrypt(password, salt ? salt : "xx"); /* * Authentication is accepted if the encrypted passwords
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: martin Date: Tue Feb 13 09:51:33 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: sshkey.c Log Message: Fix copy & pasto (dsa code vs. rsa code) in previous, fixes PR lib/53012 and recentish sshfs test failures. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/sshkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshkey.c diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.12 src/crypto/external/bsd/openssh/dist/sshkey.c:1.13 --- src/crypto/external/bsd/openssh/dist/sshkey.c:1.12 Mon Feb 5 00:13:50 2018 +++ src/crypto/external/bsd/openssh/dist/sshkey.c Tue Feb 13 09:51:33 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: sshkey.c,v 1.12 2018/02/05 00:13:50 christos Exp $ */ +/* $NetBSD: sshkey.c,v 1.13 2018/02/13 09:51:33 martin Exp $ */ /* $OpenBSD: sshkey.c,v 1.56 2017/08/12 06:42:52 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -__RCSID("$NetBSD: sshkey.c,v 1.12 2018/02/05 00:13:50 christos Exp $"); +__RCSID("$NetBSD: sshkey.c,v 1.13 2018/02/13 09:51:33 martin Exp $"); #include #include @@ -258,7 +258,7 @@ sshkey_size(const struct sshkey *k) #if OPENSSL_VERSION_NUMBER >= 0x1010UL return RSA_bits(k->rsa); #else - return BN_num_bits(k->rsa->p); + return BN_num_bits(k->rsa->n); #endif case KEY_DSA: case KEY_DSA_CERT:
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Feb 8 23:04:13 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: kex.c Log Message: need openssl/dh.h To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/kex.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/kex.c diff -u src/crypto/external/bsd/openssh/dist/kex.c:1.19 src/crypto/external/bsd/openssh/dist/kex.c:1.20 --- src/crypto/external/bsd/openssh/dist/kex.c:1.19 Sat Oct 7 15:39:19 2017 +++ src/crypto/external/bsd/openssh/dist/kex.c Thu Feb 8 18:04:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: kex.c,v 1.19 2017/10/07 19:39:19 christos Exp $ */ +/* $NetBSD: kex.c,v 1.20 2018/02/08 23:04:13 christos Exp $ */ /* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kex.c,v 1.19 2017/10/07 19:39:19 christos Exp $"); +__RCSID("$NetBSD: kex.c,v 1.20 2018/02/08 23:04:13 christos Exp $"); #include /* MAX roundup */ #include @@ -35,6 +35,7 @@ __RCSID("$NetBSD: kex.c,v 1.19 2017/10/0 #ifdef WITH_OPENSSL #include +#include #endif #include "ssh2.h"
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: maya Date: Tue Feb 6 10:56:35 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-dss.c Log Message: style: remove spurious {} added in 1.12 To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-dss.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-dss.c diff -u src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.12 src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.13 --- src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.12 Mon Feb 5 00:13:50 2018 +++ src/crypto/external/bsd/openssh/dist/ssh-dss.c Tue Feb 6 10:56:35 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-dss.c,v 1.12 2018/02/05 00:13:50 christos Exp $ */ +/* $NetBSD: ssh-dss.c,v 1.13 2018/02/06 10:56:35 maya Exp $ */ /* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-dss.c,v 1.12 2018/02/05 00:13:50 christos Exp $"); +__RCSID("$NetBSD: ssh-dss.c,v 1.13 2018/02/06 10:56:35 maya Exp $"); #include #include @@ -175,7 +175,6 @@ ssh_dss_verify(const struct sshkey *key, } /* parse signature */ - { BIGNUM *r=NULL, *s=NULL; if ((sig = DSA_SIG_new()) == NULL || (r = BN_new()) == NULL || @@ -194,7 +193,6 @@ ssh_dss_verify(const struct sshkey *key, } DSA_SIG_set0(sig, r, s); r = s = NULL; - } /* sha1 the data */ if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Feb 5 00:13:50 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: auth-pam.c cipher.c cipher.h dh.c dh.h digest-openssl.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c monitor.c ssh-dss.c ssh-ecdsa.c ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11.c ssh-rsa.c sshkey.c Log Message: patch for OpenSSL-1.1 To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth-pam.c \ src/crypto/external/bsd/openssh/dist/dh.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/cipher.c \ src/crypto/external/bsd/openssh/dist/cipher.h \ src/crypto/external/bsd/openssh/dist/ssh-dss.c \ src/crypto/external/bsd/openssh/dist/sshkey.c cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/dh.h cvs rdiff -u -r1.6 -r1.7 \ src/crypto/external/bsd/openssh/dist/digest-openssl.c cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/kexdhc.c \ src/crypto/external/bsd/openssh/dist/kexgexc.c \ src/crypto/external/bsd/openssh/dist/ssh-ecdsa.c \ src/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/kexdhs.c \ src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c \ src/crypto/external/bsd/openssh/dist/ssh-rsa.c cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/kexgexs.c cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/monitor.c cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/ssh-keygen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-pam.c diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.12 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.13 --- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.12 Sat Oct 7 15:39:19 2017 +++ src/crypto/external/bsd/openssh/dist/auth-pam.c Sun Feb 4 19:13:50 2018 @@ -50,7 +50,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.12 2017/10/07 19:39:19 christos Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.13 2018/02/05 00:13:50 christos Exp $"); #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H #define HAVE_PAM_GETENVLIST @@ -142,6 +142,11 @@ extern u_int utmp_len; typedef pthread_t sp_pthread_t; #else typedef pid_t sp_pthread_t; +# undef pthread_exit +# define pthread_create(a, b, c, d)_ssh_compat_pthread_create(a, b, c, d) +# define pthread_exit(a) _ssh_compat_pthread_exit(a) +# define pthread_cancel(a) _ssh_compat_pthread_cancel(a) +# define pthread_join(a, b)_ssh_compat_pthread_join(a, b) #endif struct pam_ctxt { Index: src/crypto/external/bsd/openssh/dist/dh.c diff -u src/crypto/external/bsd/openssh/dist/dh.c:1.12 src/crypto/external/bsd/openssh/dist/dh.c:1.13 --- src/crypto/external/bsd/openssh/dist/dh.c:1.12 Tue Apr 18 14:41:46 2017 +++ src/crypto/external/bsd/openssh/dist/dh.c Sun Feb 4 19:13:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: dh.c,v 1.12 2017/04/18 18:41:46 christos Exp $ */ +/* $NetBSD: dh.c,v 1.13 2018/02/05 00:13:50 christos Exp $ */ /* $OpenBSD: dh.c,v 1.62 2016/12/15 21:20:41 dtucker Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: dh.c,v 1.12 2017/04/18 18:41:46 christos Exp $"); +__RCSID("$NetBSD: dh.c,v 1.13 2018/02/05 00:13:50 christos Exp $"); #include /* MIN */ #include @@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max /* diffie-hellman-groupN-sha1 */ int -dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) +dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) { int i; int n = BN_num_bits(dh_pub); int bits_set = 0; BIGNUM *tmp; + const BIGNUM *p; - if (dh_pub->neg) { + if (BN_is_negative(dh_pub)) { logit("invalid public DH value: negative"); return 0; } @@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) error("%s: BN_new failed", __func__); return 0; } - if (!BN_sub(tmp, dh->p, BN_value_one()) || + DH_get0_pqg(dh, , NULL, NULL); + if (!BN_sub(tmp, p, BN_value_one()) || BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); @@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; - debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); + debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); /* * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial */ if (bits_set < 4) { logit("invalid public DH value (%d/%d)", - bits_set, BN_num_bits(dh->p)); + bits_set, BN_num_bits(p)); return 0; } return 1; @@ -264,9 +266,12 @@ int dh_gen_key(DH *dh, int need) { int pbits; + const BIGNUM *p, *pub_key, *priv_key; - if (need < 0 || dh->p == NULL || - (pbits =
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: maya Date: Mon Jan 15 05:04:58 UTC 2018 Modified Files: src/crypto/external/bsd/openssh/dist: packet.c Log Message: Move spammy debug message to debug2. Similarly spammy messages exist in this debug level. Requested by gson in PR bin/52898: ssh -v prints debug message on every keystroke To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.29 src/crypto/external/bsd/openssh/dist/packet.c:1.30 --- src/crypto/external/bsd/openssh/dist/packet.c:1.29 Mon Oct 9 12:07:03 2017 +++ src/crypto/external/bsd/openssh/dist/packet.c Mon Jan 15 05:04:58 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $ */ +/* $NetBSD: packet.c,v 1.30 2018/01/15 05:04:58 maya Exp $ */ /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */ /* * Author: Tatu Ylonen@@ -39,7 +39,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.30 2018/01/15 05:04:58 maya Exp $"); #include /* MIN roundup */ #include @@ -1117,7 +1117,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh len, padlen, aadlen)); /* compute MAC over seqnr and packet(length fields, payload, padding) */ -debug("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1); +debug2("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1); if (mac && mac->enabled && !mac->etm) { if ((r = mac_compute(mac, state->p_send.seqnr, sshbuf_ptr(state->outgoing_packet), len,
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Oct 9 12:07:03 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: channels.c packet.c Log Message: PR/52604: Tatoku Ogaito: Fix x11 session forwarding. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/channels.c cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/channels.c diff -u src/crypto/external/bsd/openssh/dist/channels.c:1.19 src/crypto/external/bsd/openssh/dist/channels.c:1.20 --- src/crypto/external/bsd/openssh/dist/channels.c:1.19 Sat Oct 7 15:39:19 2017 +++ src/crypto/external/bsd/openssh/dist/channels.c Mon Oct 9 08:07:03 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: channels.c,v 1.19 2017/10/07 19:39:19 christos Exp $ */ +/* $NetBSD: channels.c,v 1.20 2017/10/09 12:07:03 christos Exp $ */ /* $OpenBSD: channels.c,v 1.375 2017/09/24 13:45:34 djm Exp $ */ /* * Author: Tatu Ylonen@@ -41,7 +41,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: channels.c,v 1.19 2017/10/07 19:39:19 christos Exp $"); +__RCSID("$NetBSD: channels.c,v 1.20 2017/10/09 12:07:03 christos Exp $"); #include #include #include @@ -3733,10 +3733,11 @@ channel_request_remote_forwarding(struct "streamlocal-forw...@openssh.com")) != 0 || (r = sshpkt_put_u8(ssh, 1)) != 0 || /* want reply */ (r = sshpkt_put_cstring(ssh, fwd->listen_path)) != 0 || - (r = sshpkt_send(ssh)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) fatal("%s: request streamlocal: %s", __func__, ssh_err(r)); + if ((r = ssh_packet_write_wait(ssh)) < 0) + sshpkt_fatal(ssh, __func__, r); } else { if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 || (r = sshpkt_put_cstring(ssh, "tcpip-forward")) != 0 || @@ -3744,10 +3745,11 @@ channel_request_remote_forwarding(struct (r = sshpkt_put_cstring(ssh, channel_rfwd_bind_host(fwd->listen_host))) != 0 || (r = sshpkt_put_u32(ssh, fwd->listen_port)) != 0 || - (r = sshpkt_send(ssh)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) fatal("%s: request tcpip-forward: %s", __func__, ssh_err(r)); + if ((r = ssh_packet_write_wait(ssh)) < 0) + sshpkt_fatal(ssh, __func__, r); } /* Assume that server accepts the request */ success = 1; @@ -4691,8 +4693,11 @@ x11_request_forwarding_with_spoofing(str (r = sshpkt_put_cstring(ssh, proto)) != 0 || (r = sshpkt_put_cstring(ssh, new_data)) != 0 || (r = sshpkt_put_u32(ssh, screen_number)) != 0 || - (r = sshpkt_send(ssh)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) fatal("%s: send x11-req: %s", __func__, ssh_err(r)); + + if ((r = ssh_packet_write_wait(ssh)) < 0) + sshpkt_fatal(ssh, __func__, r); + free(new_data); } Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.28 src/crypto/external/bsd/openssh/dist/packet.c:1.29 --- src/crypto/external/bsd/openssh/dist/packet.c:1.28 Sat Oct 7 15:39:19 2017 +++ src/crypto/external/bsd/openssh/dist/packet.c Mon Oct 9 08:07:03 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.28 2017/10/07 19:39:19 christos Exp $ */ +/* $NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $ */ /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */ /* * Author: Tatu Ylonen @@ -39,7 +39,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.28 2017/10/07 19:39:19 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $"); #include /* MIN roundup */ #include @@ -1779,9 +1779,10 @@ ssh_packet_send_debug(struct ssh *ssh, c (r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */ (r = sshpkt_put_cstring(ssh, buf)) != 0 || (r = sshpkt_put_cstring(ssh, "")) != 0 || - (r = sshpkt_send(ssh)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = sshpkt_send(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); + if ((r = ssh_packet_write_wait(ssh)) < 0) + sshpkt_fatal(ssh, __func__, r); } static void
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Sun Oct 8 20:19:05 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keygen.c Log Message: Mark do_ca_sign as dead. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/ssh-keygen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.27 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.28 --- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.27 Sat Oct 7 19:39:19 2017 +++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c Sun Oct 8 20:19:05 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keygen.c,v 1.27 2017/10/07 19:39:19 christos Exp $ */ +/* $NetBSD: ssh-keygen.c,v 1.28 2017/10/08 20:19:05 joerg Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.307 2017/07/07 03:53:12 djm Exp $ */ /* * Author: Tatu Ylonen@@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keygen.c,v 1.27 2017/10/07 19:39:19 christos Exp $"); +__RCSID("$NetBSD: ssh-keygen.c,v 1.28 2017/10/08 20:19:05 joerg Exp $"); #include #include #include @@ -1638,7 +1638,7 @@ agent_signer(const struct sshkey *key, u data, datalen, alg, compat); } -static void +__dead static void do_ca_sign(struct passwd *pw, int argc, char **argv) { int r, i, fd, found, agent_fd = -1;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Jun 26 17:10:39 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: pfilter.c Log Message: If we've authenticated, we are already in the child and we don't need the socket anymore. XXX: pullup-7, pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/dist/pfilter.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/pfilter.c diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.3 src/crypto/external/bsd/openssh/dist/pfilter.c:1.4 --- src/crypto/external/bsd/openssh/dist/pfilter.c:1.3 Fri Jan 22 19:03:30 2016 +++ src/crypto/external/bsd/openssh/dist/pfilter.c Mon Jun 26 13:10:39 2017 @@ -30,6 +30,10 @@ pfilter_notify(int a) // XXX: 3? fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3; (void)blacklist_r(blstate, a, fd, "ssh"); + if (a == 0) { + blacklist_close(blstate); + blstate = NULL; + } #else __USE(a); #endif
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Thu Apr 20 13:22:59 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: servconf.c Log Message: GC multistate_privsep. To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/servconf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/servconf.c diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.23 src/crypto/external/bsd/openssh/dist/servconf.c:1.24 --- src/crypto/external/bsd/openssh/dist/servconf.c:1.23 Tue Apr 18 18:41:46 2017 +++ src/crypto/external/bsd/openssh/dist/servconf.c Thu Apr 20 13:22:59 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: servconf.c,v 1.23 2017/04/18 18:41:46 christos Exp $ */ +/* $NetBSD: servconf.c,v 1.24 2017/04/20 13:22:59 joerg Exp $ */ /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */ /* @@ -13,7 +13,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: servconf.c,v 1.23 2017/04/18 18:41:46 christos Exp $"); +__RCSID("$NetBSD: servconf.c,v 1.24 2017/04/20 13:22:59 joerg Exp $"); #include #include #include @@ -1066,13 +1066,6 @@ static const struct multistate multistat { "no",0 }, { NULL, -1 } }; -static const struct multistate multistate_privsep[] = { - { "yes", PRIVSEP_NOSANDBOX }, - { "sandbox", PRIVSEP_ON }, - { "nosandbox", PRIVSEP_NOSANDBOX }, - { "no",PRIVSEP_OFF }, - { NULL, -1 } -}; static const struct multistate multistate_tcpfwd[] = { { "yes", FORWARD_ALLOW }, { "all", FORWARD_ALLOW },
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Apr 19 15:34:25 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: sshd_config Log Message: fix conflict. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshd_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshd_config diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.20 src/crypto/external/bsd/openssh/dist/sshd_config:1.21 --- src/crypto/external/bsd/openssh/dist/sshd_config:1.20 Tue Apr 18 14:41:46 2017 +++ src/crypto/external/bsd/openssh/dist/sshd_config Wed Apr 19 11:34:25 2017 @@ -1,4 +1,4 @@ -# $NetBSD: sshd_config,v 1.20 2017/04/18 18:41:46 christos Exp $ +# $NetBSD: sshd_config,v 1.21 2017/04/19 15:34:25 christos Exp $ # $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $ # This is the sshd server system-wide configuration file. See @@ -74,11 +74,8 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -<<< sshd_config #UsePrivilegeSeparation sandbox UsePam yes -=== ->>> 1.1.1.15 #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Feb 16 17:56:07 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: auth2-pubkey.c Log Message: PR/51973: Use proper fd for AuthorizedKeysCommand To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 \ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.15 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.16 --- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.15 Sat Dec 24 19:07:46 2016 +++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c Thu Feb 16 12:56:07 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $ */ +/* $NetBSD: auth2-pubkey.c,v 1.16 2017/02/16 17:56:07 christos Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $"); +__RCSID("$NetBSD: auth2-pubkey.c,v 1.16 2017/02/16 17:56:07 christos Exp $"); #include #include #include @@ -839,13 +839,6 @@ check_authkeys_file(FILE *f, char *file, } } #endif - debug("trying public key file %s", file); - f = auth_openkeyfile(file, pw, options.strict_modes); - - if (!f) { - restore_uid(); - return 0; - } found_key = 0;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Feb 1 14:27:37 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: sshd_config Log Message: match the man page, and explain why. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/sshd_config Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshd_config diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.18 src/crypto/external/bsd/openssh/dist/sshd_config:1.19 --- src/crypto/external/bsd/openssh/dist/sshd_config:1.18 Sat Dec 24 19:07:47 2016 +++ src/crypto/external/bsd/openssh/dist/sshd_config Wed Feb 1 09:27:37 2017 @@ -1,4 +1,4 @@ -# $NetBSD: sshd_config,v 1.18 2016/12/25 00:07:47 christos Exp $ +# $NetBSD: sshd_config,v 1.19 2017/02/01 14:27:37 christos Exp $ # $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ # This is the sshd server system-wide configuration file. See @@ -28,7 +28,8 @@ # Authentication: -#LoginGraceTime 2m +# For slow CPUs, bumped from 2 minutes to 10 +LoginGraceTime 600 #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Tue Jan 10 13:53:26 UTC 2017 Modified Files: src/crypto/external/bsd/openssh/dist: monitor.c Log Message: include for close, pipe, dup2 etc. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.20 src/crypto/external/bsd/openssh/dist/monitor.c:1.21 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.20 Sat Dec 24 19:07:47 2016 +++ src/crypto/external/bsd/openssh/dist/monitor.c Tue Jan 10 08:53:26 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $ */ +/* $NetBSD: monitor.c,v 1.21 2017/01/10 13:53:26 christos Exp $ */ /* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */ /* @@ -28,7 +28,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $"); +__RCSID("$NetBSD: monitor.c,v 1.21 2017/01/10 13:53:26 christos Exp $"); #include #include #include @@ -47,6 +47,7 @@ __RCSID("$NetBSD: monitor.c,v 1.20 2016/ #include #include #include +#include #include #include #include
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: jakllsch Date: Wed Aug 3 15:24:28 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: utf8.c utf8.h Log Message: Add some missing __attribute__((format(printf annotations. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/utf8.c cvs rdiff -u -r1.1.1.1 -r1.2 src/crypto/external/bsd/openssh/dist/utf8.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/utf8.c diff -u src/crypto/external/bsd/openssh/dist/utf8.c:1.2 src/crypto/external/bsd/openssh/dist/utf8.c:1.3 --- src/crypto/external/bsd/openssh/dist/utf8.c:1.2 Tue Aug 2 13:45:12 2016 +++ src/crypto/external/bsd/openssh/dist/utf8.c Wed Aug 3 15:24:28 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: utf8.c,v 1.2 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $ */ /* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */ /* * Copyright (c) 2016 Ingo Schwarze@@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: utf8.c,v 1.2 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $"); /* * Utility functions for multibyte-character handling, * in particular to sanitize untrusted strings for terminal output. @@ -37,7 +37,8 @@ __RCSID("$NetBSD: utf8.c,v 1.2 2016/08/0 static int dangerous_locale(void); static int grow_dst(char **, size_t *, size_t, char **, size_t); -static int vasnmprintf(char **, size_t, int *, const char *, va_list); +static int vasnmprintf(char **, size_t, int *, const char *, va_list) + __attribute__((format(printf, 4, 0))); /* Index: src/crypto/external/bsd/openssh/dist/utf8.h diff -u src/crypto/external/bsd/openssh/dist/utf8.h:1.1.1.1 src/crypto/external/bsd/openssh/dist/utf8.h:1.2 --- src/crypto/external/bsd/openssh/dist/utf8.h:1.1.1.1 Tue Aug 2 13:30:06 2016 +++ src/crypto/external/bsd/openssh/dist/utf8.h Wed Aug 3 15:24:28 2016 @@ -19,6 +19,7 @@ int mprintf(const char *, ...) __attribute__((format(printf, 1, 2))); int fmprintf(FILE *, const char *, ...) __attribute__((format(printf, 2, 3))); -int vfmprintf(FILE *, const char *, va_list); +int vfmprintf(FILE *, const char *, va_list) + __attribute__((format(printf, 2, 0))); int snmprintf(char *, size_t, int *, const char *, ...) __attribute__((format(printf, 4, 5)));
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Tue Aug 2 13:53:45 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: canohost.c Log Message: remove unused code To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/canohost.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/canohost.c diff -u src/crypto/external/bsd/openssh/dist/canohost.c:1.9 src/crypto/external/bsd/openssh/dist/canohost.c:1.10 --- src/crypto/external/bsd/openssh/dist/canohost.c:1.9 Tue Aug 2 09:45:12 2016 +++ src/crypto/external/bsd/openssh/dist/canohost.c Tue Aug 2 09:53:44 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: canohost.c,v 1.9 2016/08/02 13:45:12 christos Exp $ */ +/* $NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $ */ /* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */ /* * Author: Tatu Ylonen@@ -14,7 +14,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: canohost.c,v 1.9 2016/08/02 13:45:12 christos Exp $"); +__RCSID("$NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $"); #include #include #include @@ -36,173 +36,6 @@ __RCSID("$NetBSD: canohost.c,v 1.9 2016/ #include "canohost.h" #include "misc.h" -#if removeme -static void check_ip_options(int, char *); -static char *canonical_host_ip = NULL; -static int cached_port = -1; - -/* - * Return the canonical name of the host at the other end of the socket. The - * caller should free the returned string. - */ - -static char * -get_remote_hostname(int sock, int use_dns) -{ - struct sockaddr_storage from; - socklen_t fromlen; - struct addrinfo hints, *ai, *aitop; - char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST]; - - /* Get IP address of client. */ - fromlen = sizeof(from); - memset(, 0, sizeof(from)); - if (getpeername(sock, (struct sockaddr *), ) < 0) { - debug("getpeername failed: %.100s", strerror(errno)); - cleanup_exit(255); - } - - if (getnameinfo((struct sockaddr *), fromlen, ntop, sizeof(ntop), - NULL, 0, NI_NUMERICHOST) != 0) - fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); - - if (from.ss_family == AF_INET) - check_ip_options(sock, ntop); - - if (!use_dns) - return xstrdup(ntop); - - debug3("Trying to reverse map address %.100s.", ntop); - /* Map the IP address to a host name. */ - if (getnameinfo((struct sockaddr *), fromlen, name, sizeof(name), - NULL, 0, NI_NAMEREQD) != 0) { - /* Host name not found. Use ip address. */ - return xstrdup(ntop); - } - - /* - * if reverse lookup result looks like a numeric hostname, - * someone is trying to trick us by PTR record like following: - * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 - */ - memset(, 0, sizeof(hints)); - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - hints.ai_flags = AI_NUMERICHOST; - if (getaddrinfo(name, NULL, , ) == 0) { - logit("Nasty PTR record \"%s\" is set up for %s, ignoring", - name, ntop); - freeaddrinfo(ai); - return xstrdup(ntop); - } - - /* Names are stores in lowercase. */ - lowercase(name); - - /* - * Map it back to an IP address and check that the given - * address actually is an address of this host. This is - * necessary because anyone with access to a name server can - * define arbitrary names for an IP address. Mapping from - * name to IP address can be trusted better (but can still be - * fooled if the intruder has access to the name server of - * the domain). - */ - memset(, 0, sizeof(hints)); - hints.ai_family = from.ss_family; - hints.ai_socktype = SOCK_STREAM; - if (getaddrinfo(name, NULL, , ) != 0) { - logit("reverse mapping checking getaddrinfo for %.700s " - "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop); - return xstrdup(ntop); - } - /* Look for the address from the list of addresses. */ - for (ai = aitop; ai; ai = ai->ai_next) { - if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, - sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && - (strcmp(ntop, ntop2) == 0)) -break; - } - freeaddrinfo(aitop); - /* If we reached the end of the list, the address was not there. */ - if (!ai) { - /* Address not found for the host name. */ - logit("Address %.100s maps to %.600s, but this does not " - "map back to the address - POSSIBLE BREAK-IN ATTEMPT!", - ntop, name); - return xstrdup(ntop); - } - return xstrdup(name); -} - -/* - * If IP options are supported, make sure there are none (log and - * disconnect them if any are found). Basically we are worried about - * source routing; it can be used to pretend you are somebody - * (ip-address) you are not. That itself may be "almost acceptable" - * under certain circumstances, but rhosts autentication is useless - * if source routing is accepted. Notice also that if we just dropped - * source routing here, the other side could use IP spoofing to do - * rest of the interaction and could still
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Apr 14 16:42:09 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: session.c Log Message: If PAM is configured to read user-specified environment variables and UseLogin=yes in sshd_config, then a hostile local user may attack /bin/login via LD_PRELOAD or similar environment variables set via PAM. CVE-2015-8325, found by Shayan Sadigh, via Colin Watson https://anongit.mindrot.org/openssh.git/commit/?\ id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755 XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/session.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/session.c diff -u src/crypto/external/bsd/openssh/dist/session.c:1.18 src/crypto/external/bsd/openssh/dist/session.c:1.19 --- src/crypto/external/bsd/openssh/dist/session.c:1.18 Thu Mar 10 20:55:00 2016 +++ src/crypto/external/bsd/openssh/dist/session.c Thu Apr 14 12:42:09 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $ */ /* $OpenBSD: session.c,v 1.280 2016/02/16 03:37:48 djm Exp $ */ /* @@ -36,7 +36,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $"); #include #include #include @@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she * Pull in any environment variables that may have * been set by PAM. */ - if (options.use_pam) { + if (options.use_pam && !options.use_login) { char **p; p = fetch_pam_child_environment();
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Mar 16 21:06:06 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: kex.c Log Message: CID 1356388: Prevent DoS from Tainted scalar To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/kex.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/kex.c diff -u src/crypto/external/bsd/openssh/dist/kex.c:1.14 src/crypto/external/bsd/openssh/dist/kex.c:1.15 --- src/crypto/external/bsd/openssh/dist/kex.c:1.14 Thu Mar 10 20:55:00 2016 +++ src/crypto/external/bsd/openssh/dist/kex.c Wed Mar 16 17:06:06 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: kex.c,v 1.14 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: kex.c,v 1.15 2016/03/16 21:06:06 christos Exp $ */ /* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */ /* @@ -26,7 +26,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: kex.c,v 1.14 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: kex.c,v 1.15 2016/03/16 21:06:06 christos Exp $"); #include /* MAX roundup */ #include @@ -364,6 +364,10 @@ kex_input_ext_info(int type, u_int32_t s ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, _protocol_error); if ((r = sshpkt_get_u32(ssh, )) != 0) return r; + if (ninfo > 1024) { + fatal("%s: too many %u fields", __func__, ninfo); + return SSH_ERR_INTERNAL_ERROR; + } for (i = 0; i < ninfo; i++) { if ((r = sshpkt_get_cstring(ssh, , NULL)) != 0) return r;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Mar 16 21:41:25 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keygen.c Log Message: remove unused variable To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/ssh-keygen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.23 --- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22 Wed Mar 16 17:07:59 2016 +++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c Wed Mar 16 17:41:25 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $ */ +/* $NetBSD: ssh-keygen.c,v 1.23 2016/03/16 21:41:25 christos Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -15,7 +15,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $"); +__RCSID("$NetBSD: ssh-keygen.c,v 1.23 2016/03/16 21:41:25 christos Exp $"); #include #include #include @@ -1906,7 +1906,6 @@ __dead static void do_show_cert(struct passwd *pw) { struct sshkey *key = NULL; - struct stat st; int r, is_stdin = 0, ok = 0; FILE *f; char *cp, line[SSH_MAX_PUBKEY_BYTES];
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Mar 16 20:55:54 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: packet.c Log Message: CID 1018734: Unitialized variable To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.23 src/crypto/external/bsd/openssh/dist/packet.c:1.24 --- src/crypto/external/bsd/openssh/dist/packet.c:1.23 Thu Mar 10 20:55:00 2016 +++ src/crypto/external/bsd/openssh/dist/packet.c Wed Mar 16 16:55:54 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.23 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: packet.c,v 1.24 2016/03/16 20:55:54 christos Exp $ */ /* $OpenBSD: packet.c,v 1.229 2016/02/17 22:20:14 djm Exp $ */ /* @@ -40,7 +40,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: packet.c,v 1.23 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: packet.c,v 1.24 2016/03/16 20:55:54 christos Exp $"); #include /* MIN roundup */ #include #include @@ -1387,7 +1387,7 @@ int ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; - int len, r, ms_remain; + int len, r, ms_remain = 0; fd_set *setp; char buf[8192]; struct timeval timeout, start, *timeoutp = NULL;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Mar 16 21:07:59 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keygen.c Log Message: CID 1356389: Remove TOCTOU. To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/ssh-keygen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22 --- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21 Fri Mar 11 08:15:02 2016 +++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c Wed Mar 16 17:07:59 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $ */ +/* $NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -15,7 +15,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $"); +__RCSID("$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $"); #include #include #include @@ -1915,8 +1915,6 @@ do_show_cert(struct passwd *pw) if (!have_identity) ask_filename(pw, "Enter file in which the key is"); - if (strcmp(identity_file, "-") != 0 && stat(identity_file, ) < 0) - fatal("%s: %s: %s", __progname, identity_file, strerror(errno)); path = identity_file; if (strcmp(path, "-") == 0) {
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Mar 16 21:00:37 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: sshconnect.c Log Message: CID 1356386: Don't leak sock To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sshconnect.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshconnect.c diff -u src/crypto/external/bsd/openssh/dist/sshconnect.c:1.16 src/crypto/external/bsd/openssh/dist/sshconnect.c:1.17 --- src/crypto/external/bsd/openssh/dist/sshconnect.c:1.16 Thu Mar 10 20:55:00 2016 +++ src/crypto/external/bsd/openssh/dist/sshconnect.c Wed Mar 16 17:00:37 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: sshconnect.c,v 1.16 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $ */ /* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */ /* @@ -16,7 +16,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sshconnect.c,v 1.16 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $"); #include /* roundup */ #include #include @@ -1552,4 +1552,6 @@ maybe_add_key_to_agent(char *authfile, K debug("identity added to agent: %s", authfile); else debug("could not add identity to agent: %s (%d)", authfile, r); + + close(auth_sock); }
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Mar 16 20:57:46 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keyscan.c Log Message: CID 1356384: Check returns To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.15 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.16 --- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.15 Thu Mar 10 20:55:00 2016 +++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c Wed Mar 16 16:57:46 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keyscan.c,v 1.15 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh-keyscan.c,v 1.16 2016/03/16 20:57:46 christos Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -10,7 +10,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keyscan.c,v 1.15 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-keyscan.c,v 1.16 2016/03/16 20:57:46 christos Exp $"); #include #include @@ -307,6 +307,7 @@ static void keyprint_one(char *host, struct sshkey *key) { char *hostport; + int r; if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) fatal("host_hash failed"); @@ -314,7 +315,9 @@ keyprint_one(char *host, struct sshkey * hostport = put_host_port(host, ssh_port); if (!get_cert) fprintf(stdout, "%s ", hostport); - sshkey_write(key, stdout); + if ((r = sshkey_write(key, stdout)) != 0) + error("key_write failed: %s", ssh_err(r)); + fputs("\n", stdout); free(hostport); }
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Mar 11 13:15:02 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keygen.c Log Message: Add more __dead; pointed out by clang (from tnn@) To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/ssh-keygen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.20 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21 --- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.20 Thu Mar 10 20:55:00 2016 +++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c Fri Mar 11 08:15:02 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keygen.c,v 1.20 2016/03/11 01:55:00 christos Exp $ */ +/* $NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */ /* @@ -15,7 +15,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: ssh-keygen.c,v 1.20 2016/03/11 01:55:00 christos Exp $"); +__RCSID("$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $"); #include #include #include @@ -821,7 +821,7 @@ try_read_key(char **cpp) return NULL; } -static __dead void +static void fingerprint_one_key(const struct sshkey *public, const char *comment) { char *fp = NULL, *ra = NULL; @@ -866,7 +866,7 @@ fingerprint_private(const char *path) free(comment); } -static void +__dead static void do_fingerprint(struct passwd *pw) { FILE *f; @@ -1902,7 +1902,7 @@ print_cert(struct sshkey *key) } } -static void +__dead static void do_show_cert(struct passwd *pw) { struct sshkey *key = NULL;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Mar 11 03:54:27 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: sshkey.h Log Message: fix pam build. To generate a diff of this commit: cvs rdiff -u -r1.1.1.5 -r1.2 src/crypto/external/bsd/openssh/dist/sshkey.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshkey.h diff -u src/crypto/external/bsd/openssh/dist/sshkey.h:1.1.1.5 src/crypto/external/bsd/openssh/dist/sshkey.h:1.2 --- src/crypto/external/bsd/openssh/dist/sshkey.h:1.1.1.5 Thu Mar 10 20:50:02 2016 +++ src/crypto/external/bsd/openssh/dist/sshkey.h Thu Mar 10 22:54:27 2016 @@ -26,6 +26,7 @@ #ifndef SSHKEY_H #define SSHKEY_H +#include "includes.h" #include #ifdef WITH_OPENSSL
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: seanb Date: Thu Feb 4 15:04:11 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: session.c Log Message: - Avoid uninitialized variable usage in do_nologin() when HAVE_LOGIN_CAP isn't defined (which doesn't apply to NetBSD but...) and a root login is being evaluated. - From upstream. To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/session.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/session.c diff -u src/crypto/external/bsd/openssh/dist/session.c:1.16 src/crypto/external/bsd/openssh/dist/session.c:1.17 --- src/crypto/external/bsd/openssh/dist/session.c:1.16 Mon Jul 6 15:09:17 2015 +++ src/crypto/external/bsd/openssh/dist/session.c Thu Feb 4 15:04:11 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $ */ +/* $NetBSD: session.c,v 1.17 2016/02/04 15:04:11 seanb Exp $ */ /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen, Espoo, Finland @@ -35,7 +35,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $"); +__RCSID("$NetBSD: session.c,v 1.17 2016/02/04 15:04:11 seanb Exp $"); #include #include #include @@ -1339,16 +1339,17 @@ do_nologin(struct passwd *pw) if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0) return; nl = login_getcapstr(lc, "nologin", def_nl, def_nl); - +#else + if (pw->pw_uid == 0) + return; + nl = def_nl; +#endif if (stat(nl, ) == -1) { if (nl != def_nl) free(nl); return; } -#else - if (pw->pw_uid) - nl = def_nl; -#endif + /* /etc/nologin exists. Print its contents if we can and exit. */ logit("User %.100s not allowed because %s exists", pw->pw_name, nl); if ((f = fopen(nl, "r")) != NULL) {
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Jan 23 00:03:30 UTC 2016 Modified Files: src/crypto/external/bsd/openssh/dist: auth-pam.c auth.c auth1.c pfilter.c Log Message: add more blacklist rejection points. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth-pam.c cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/auth.c cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth1.c cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/pfilter.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth-pam.c diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.8 --- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7 Thu Jul 2 20:59:59 2015 +++ src/crypto/external/bsd/openssh/dist/auth-pam.c Fri Jan 22 19:03:30 2016 @@ -50,7 +50,7 @@ /* * NetBSD local changes */ -__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $"); +__RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $"); #undef USE_POSIX_THREADS /* Not yet */ #define HAVE_SECURITY_PAM_APPL_H #define HAVE_PAM_GETENVLIST @@ -114,6 +114,7 @@ void sshpam_password_change_required(int #include "ssh-gss.h" #endif #include "monitor_wrap.h" +#include "pfilter.h" extern ServerOptions options; extern Buffer loginmsg; @@ -809,6 +810,7 @@ sshpam_query(void *ctx, char **name, cha free(msg); return (0); } + pfilter_notify(1); error("PAM: %s for %s%.100s from %.100s", msg, sshpam_authctxt->valid ? "" : "illegal user ", sshpam_authctxt->user, Index: src/crypto/external/bsd/openssh/dist/auth.c diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.15 src/crypto/external/bsd/openssh/dist/auth.c:1.16 --- src/crypto/external/bsd/openssh/dist/auth.c:1.15 Fri Aug 21 04:20:59 2015 +++ src/crypto/external/bsd/openssh/dist/auth.c Fri Jan 22 19:03:30 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $ */ +/* $NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $ */ /* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $"); +__RCSID("$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $"); #include #include @@ -656,6 +656,7 @@ getpwnamallow(const char *user) pw = getpwnam(user); if (pw == NULL) { + pfilter_notify(1); logit("Invalid user %.100s from %.100s", user, get_remote_ipaddr()); return (NULL); Index: src/crypto/external/bsd/openssh/dist/auth1.c diff -u src/crypto/external/bsd/openssh/dist/auth1.c:1.12 src/crypto/external/bsd/openssh/dist/auth1.c:1.13 --- src/crypto/external/bsd/openssh/dist/auth1.c:1.12 Thu Jul 2 20:59:59 2015 +++ src/crypto/external/bsd/openssh/dist/auth1.c Fri Jan 22 19:03:30 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */ +/* $NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $ */ /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen, Espoo, Finland @@ -12,7 +12,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $"); +__RCSID("$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $"); #include #include @@ -376,6 +376,7 @@ do_authloop(Authctxt *authctxt) char *msg; size_t len; + pfilter_notify(1); error("Access denied for user %s by PAM account " "configuration", authctxt->user); len = buffer_len(); Index: src/crypto/external/bsd/openssh/dist/pfilter.c diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.2 src/crypto/external/bsd/openssh/dist/pfilter.c:1.3 --- src/crypto/external/bsd/openssh/dist/pfilter.c:1.2 Sun Jan 25 22:57:17 2015 +++ src/crypto/external/bsd/openssh/dist/pfilter.c Fri Jan 22 19:03:30 2016 @@ -1,4 +1,5 @@ #include "namespace.h" +#include "includes.h" #include "ssh.h" #include "packet.h" #include "log.h"
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Dec 16 13:23:38 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: sftp.c Log Message: PR/50564: Rin Okuyama: sftp: filename completion is broken To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sftp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp.c diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.16 src/crypto/external/bsd/openssh/dist/sftp.c:1.17 --- src/crypto/external/bsd/openssh/dist/sftp.c:1.16 Fri Aug 21 04:20:59 2015 +++ src/crypto/external/bsd/openssh/dist/sftp.c Wed Dec 16 08:23:38 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $ */ +/* $NetBSD: sftp.c,v 1.17 2015/12/16 13:23:38 christos Exp $ */ /* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller@@ -17,7 +17,7 @@ */ #include "includes.h" -__RCSID("$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $"); +__RCSID("$NetBSD: sftp.c,v 1.17 2015/12/16 13:23:38 christos Exp $"); #include /* MIN MAX */ #include #include @@ -1845,8 +1845,8 @@ complete_match(EditLine *el, struct sftp if (remote != LOCAL) { tmp = make_absolute(tmp, remote_path); remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, ); + } else glob(tmp, GLOB_LIMIT|GLOB_DOOFFS|GLOB_MARK, NULL, ); - } /* Determine length of pwd so we can trim completion display */ for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) {
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Nov 12 20:14:55 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: moduli Log Message: put back the old ones until the rest is generated To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/moduli Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/moduli diff -u src/crypto/external/bsd/openssh/dist/moduli:1.5 src/crypto/external/bsd/openssh/dist/moduli:1.6 --- src/crypto/external/bsd/openssh/dist/moduli:1.5 Thu Nov 12 13:28:34 2015 +++ src/crypto/external/bsd/openssh/dist/moduli Thu Nov 12 15:14:55 2015 @@ -1,42 +1,187 @@ -# $NetBSD: moduli,v 1.5 2015/11/12 18:28:34 christos Exp $ +# $NetBSD: moduli,v 1.6 2015/11/12 20:14:55 christos Exp $ +# $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20151112182404 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AE85A87 -20151112182405 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AED242B -20151112182405 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AF6D7BF -20151112182406 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B038613 -20151112182406 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B0FE1E7 -20151112182408 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B3BC8CB -20151112182408 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B3BFB9B -20151112182409 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B519C9F -20151112182409 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B619623 -20151112182410 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B74C0F7 -20151112182412 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BB00937 -20151112182412 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BB071BF -20151112182413 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BC061A7 -20151112182413 2 6 100 1023 2
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Nov 12 18:28:34 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: moduli Log Message: Regen; it's been a *long* while. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/moduli Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/moduli diff -u src/crypto/external/bsd/openssh/dist/moduli:1.4 src/crypto/external/bsd/openssh/dist/moduli:1.5 --- src/crypto/external/bsd/openssh/dist/moduli:1.4 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/moduli Thu Nov 12 13:28:34 2015 @@ -1,187 +1,42 @@ -# $NetBSD: moduli,v 1.4 2015/04/03 23:58:19 christos Exp $ -# $OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $ +# $NetBSD: moduli,v 1.5 2015/11/12 18:28:34 christos Exp $ # Time Type Tests Tries Size Generator Modulus -20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB -20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7 -20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97 -20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7 -20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B -20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3 -20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3 -20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB -20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383 -20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F -20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B -20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F -20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B -20031210005548 2 6 100 1023 2
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Fri Aug 21 08:20:59 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: auth.c compat.c dns.c mux.c packet.c sftp-server.c sftp.c ssh-keygen.1 ssh-keygen.c ssh-pkcs11-helper.c ssh_config.5 sshconnect.c sshd.c sshd_config.5 sshkey.c version.h Log Message: merge conflicts To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth.c \ src/crypto/external/bsd/openssh/dist/ssh-keygen.1 cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/compat.c \ src/crypto/external/bsd/openssh/dist/mux.c \ src/crypto/external/bsd/openssh/dist/sftp-server.c \ src/crypto/external/bsd/openssh/dist/sshconnect.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/dns.c cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/packet.c cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sftp.c \ src/crypto/external/bsd/openssh/dist/ssh_config.5 cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/ssh-keygen.c cvs rdiff -u -r1.8 -r1.9 \ src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/sshd.c cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/sshd_config.5 cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/sshkey.c cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/version.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth.c diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.14 src/crypto/external/bsd/openssh/dist/auth.c:1.15 --- src/crypto/external/bsd/openssh/dist/auth.c:1.14 Thu Aug 13 06:33:21 2015 +++ src/crypto/external/bsd/openssh/dist/auth.c Fri Aug 21 04:20:59 2015 @@ -1,5 +1,5 @@ -/* $NetBSD: auth.c,v 1.14 2015/08/13 10:33:21 christos Exp $ */ -/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */ +/* $NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $ */ +/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: auth.c,v 1.14 2015/08/13 10:33:21 christos Exp $); +__RCSID($NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $); #include sys/types.h #include sys/stat.h @@ -392,7 +392,7 @@ auth_root_allowed(const char *method) case PERMIT_NO_PASSWD: if (strcmp(method, publickey) == 0 || strcmp(method, hostbased) == 0 || - strcmp(method, gssapi-with-mic)) + strcmp(method, gssapi-with-mic) == 0) return 1; break; case PERMIT_FORCED_ONLY: Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.1 diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.14 src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.15 --- src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.14 Thu Aug 13 06:33:21 2015 +++ src/crypto/external/bsd/openssh/dist/ssh-keygen.1 Fri Aug 21 04:20:59 2015 @@ -1,5 +1,5 @@ -.\ $NetBSD: ssh-keygen.1,v 1.14 2015/08/13 10:33:21 christos Exp $ -.\ $OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $ +.\ $NetBSD: ssh-keygen.1,v 1.15 2015/08/21 08:20:59 christos Exp $ +.\ $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $ .\ .\ -*- nroff -*- .\ @@ -38,7 +38,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd July 3 2015 +.Dd August 20 2015 .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -686,7 +686,7 @@ and identifying the CA key by providing to .Fl s : .Pp -.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub +.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub .Pp In all cases, .Ar key_id @@ -699,7 +699,7 @@ By default, generated certificates are v To generate a certificate for a specified set of principals: .Pp .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub -.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub +.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub .Pp Additional limitations on the validity and use of user certificates may be specified through certificate options. Index: src/crypto/external/bsd/openssh/dist/compat.c diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.12 src/crypto/external/bsd/openssh/dist/compat.c:1.13 --- src/crypto/external/bsd/openssh/dist/compat.c:1.12 Thu Aug 13 06:33:21 2015 +++ src/crypto/external/bsd/openssh/dist/compat.c Fri Aug 21 04:20:59 2015 @@ -1,5 +1,5 @@ -/* $NetBSD: compat.c,v 1.12 2015/08/13 10:33:21 christos Exp $ */ -/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */ +/* $NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $ */ +/* $OpenBSD: compat.c,v 1.97 2015/08/19
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Thu Aug 13 10:33:21 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: OVERVIEW PROTOCOL PROTOCOL.mux addrmatch.c auth-options.c auth.c auth2-chall.c authfd.c authfile.c cipher.h clientloop.c compat.c kex.c kex.h key.c key.h krl.c log.c monitor.c myproposal.h packet.c readconf.c readconf.h scp.1 servconf.c servconf.h ssh-add.c ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh-pkcs11.c ssh.1 ssh.c ssh.h ssh_config.5 sshconnect2.c sshd.8 sshd.c sshd_config sshd_config.5 sshkey.c sshpty.c version.h Log Message: merge conflicts To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/OVERVIEW \ src/crypto/external/bsd/openssh/dist/sshkey.c \ src/crypto/external/bsd/openssh/dist/sshpty.c cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/PROTOCOL \ src/crypto/external/bsd/openssh/dist/krl.c cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/PROTOCOL.mux \ src/crypto/external/bsd/openssh/dist/cipher.h cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/addrmatch.c \ src/crypto/external/bsd/openssh/dist/auth2-chall.c \ src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c cvs rdiff -u -r1.10 -r1.11 \ src/crypto/external/bsd/openssh/dist/auth-options.c cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/auth.c \ src/crypto/external/bsd/openssh/dist/ssh-keygen.1 cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/authfd.c \ src/crypto/external/bsd/openssh/dist/kex.h \ src/crypto/external/bsd/openssh/dist/key.h \ src/crypto/external/bsd/openssh/dist/scp.1 \ src/crypto/external/bsd/openssh/dist/ssh-keysign.c cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/authfile.c \ src/crypto/external/bsd/openssh/dist/compat.c \ src/crypto/external/bsd/openssh/dist/kex.c \ src/crypto/external/bsd/openssh/dist/myproposal.h \ src/crypto/external/bsd/openssh/dist/ssh-add.c cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/clientloop.c \ src/crypto/external/bsd/openssh/dist/ssh_config.5 \ src/crypto/external/bsd/openssh/dist/sshd.8 \ src/crypto/external/bsd/openssh/dist/sshd_config cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/key.c cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/log.c \ src/crypto/external/bsd/openssh/dist/readconf.h \ src/crypto/external/bsd/openssh/dist/servconf.h cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/monitor.c \ src/crypto/external/bsd/openssh/dist/readconf.c \ src/crypto/external/bsd/openssh/dist/ssh-agent.c \ src/crypto/external/bsd/openssh/dist/ssh.1 \ src/crypto/external/bsd/openssh/dist/version.h cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/packet.c cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/servconf.c \ src/crypto/external/bsd/openssh/dist/ssh.c \ src/crypto/external/bsd/openssh/dist/sshd_config.5 cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/ssh-keygen.c cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/ssh.h cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/sshconnect2.c cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/OVERVIEW diff -u src/crypto/external/bsd/openssh/dist/OVERVIEW:1.4 src/crypto/external/bsd/openssh/dist/OVERVIEW:1.5 --- src/crypto/external/bsd/openssh/dist/OVERVIEW:1.4 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/OVERVIEW Thu Aug 13 06:33:21 2015 @@ -65,8 +65,8 @@ these programs. packets. CRC code comes from crc32.c. - The code in packet.c calls the buffer manipulation routines - (buffer.c, bufaux.c), compression routines (compress.c, zlib), - and the encryption routines. + (buffer.c, bufaux.c), compression routines (zlib), and the + encryption routines. X11, TCP/IP, and Agent forwarding @@ -165,5 +165,5 @@ these programs. uidswap.cuid-swapping xmalloc.csafe malloc routines -$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $ -$NetBSD: OVERVIEW,v 1.4 2015/04/03 23:58:19 christos Exp $ +$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $ +$NetBSD: OVERVIEW,v 1.5 2015/08/13 10:33:21 christos Exp $ Index: src/crypto/external/bsd/openssh/dist/sshkey.c diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.4 src/crypto/external/bsd/openssh/dist/sshkey.c:1.5 --- src/crypto/external/bsd/openssh/dist/sshkey.c:1.4 Thu Jul 2 21:00:00 2015 +++ src/crypto/external/bsd/openssh/dist/sshkey.c Thu Aug 13 06:33:21 2015 @@ -1,5 +1,5 @@ -/* $NetBSD: sshkey.c,v 1.4 2015/07/03 01:00:00
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Jul 29 15:04:40 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: auth2-chall.c Log Message: From FreeBSD: A remote attacker may effectively bypass MaxAuthTries settings, which would enable them to brute force passwords. [CVE-2015-5600] XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth2-chall.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2-chall.c diff -u src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.7 src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.8 --- src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.7 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/auth2-chall.c Wed Jul 29 11:04:40 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $ */ /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include includes.h -__RCSID($NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $); #include sys/types.h #include stdio.h @@ -83,6 +83,7 @@ struct KbdintAuthctxt void *ctxt; KbdintDevice *device; u_int nreq; + u_int devices_done; }; #ifdef USE_PAM @@ -170,11 +171,15 @@ kbdint_next_device(Authctxt *authctxt, K if (len == 0) break; for (i = 0; devices[i]; i++) { - if (!auth2_method_allowed(authctxt, + if ((kbdintctxt-devices_done (1 i)) != 0 || + !auth2_method_allowed(authctxt, keyboard-interactive, devices[i]-name)) continue; - if (strncmp(kbdintctxt-devices, devices[i]-name, len) == 0) + if (strncmp(kbdintctxt-devices, devices[i]-name, + len) == 0) { kbdintctxt-device = devices[i]; +kbdintctxt-devices_done |= 1 i; + } } t = kbdintctxt-devices; kbdintctxt-devices = t[len] ? xstrdup(t+len+1) : NULL;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Jul 6 15:09:17 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: auth2-pubkey.c readconf.c session.c ssh.c sshconnect2.c sshd.c Log Message: CID 1309355: check error return from closefrom(3) where appropriate. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 \ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/readconf.c cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/session.c cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/ssh.c cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshconnect2.c cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.12 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.13 --- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.12 Thu Jul 2 20:59:59 2015 +++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c Mon Jul 6 11:09:17 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $ */ +/* $NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $ */ /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $); +__RCSID($NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $); #include sys/types.h #include sys/stat.h #include sys/wait.h @@ -474,7 +474,10 @@ subprocess(const char *tag, struct passw error(%s: dup2: %s, tag, strerror(errno)); _exit(1); } - closefrom(STDERR_FILENO + 1); + if (closefrom(STDERR_FILENO + 1) == -1) { + error(closefrom: %s, strerror(errno)); + _exit(1); + } /* Don't use permanently_set_uid() here to avoid fatal() */ if (setgid(pw-pw_gid) == -1) { Index: src/crypto/external/bsd/openssh/dist/readconf.c diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.14 src/crypto/external/bsd/openssh/dist/readconf.c:1.15 --- src/crypto/external/bsd/openssh/dist/readconf.c:1.14 Thu Jul 2 21:00:00 2015 +++ src/crypto/external/bsd/openssh/dist/readconf.c Mon Jul 6 11:09:17 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $ */ /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -14,7 +14,7 @@ */ #include includes.h -__RCSID($NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $); +__RCSID($NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $); #include sys/types.h #include sys/stat.h #include sys/socket.h @@ -467,7 +467,8 @@ execute_in_shell(const char *cmd) fatal(dup2: %s, strerror(errno)); if (devnull STDERR_FILENO) close(devnull); - closefrom(STDERR_FILENO + 1); + if (closefrom(STDERR_FILENO + 1) == -1) + fatal(closefrom: %s, strerror(errno)); argv[0] = __UNCONST(shell); argv[1] = __UNCONST(-c); Index: src/crypto/external/bsd/openssh/dist/session.c diff -u src/crypto/external/bsd/openssh/dist/session.c:1.15 src/crypto/external/bsd/openssh/dist/session.c:1.16 --- src/crypto/external/bsd/openssh/dist/session.c:1.15 Thu Jul 2 21:00:00 2015 +++ src/crypto/external/bsd/openssh/dist/session.c Mon Jul 6 11:09:17 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $ */ +/* $NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $ */ /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland @@ -35,7 +35,7 @@ */ #include includes.h -__RCSID($NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $); +__RCSID($NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $); #include sys/types.h #include sys/wait.h #include sys/un.h @@ -1557,7 +1557,7 @@ child_close_fds(void) * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ - closefrom(STDERR_FILENO + 1); + (void)closefrom(STDERR_FILENO + 1); } /* @@ -1688,7 +1688,7 @@ do_child(Session *s, const char *command exit(1); } - closefrom(STDERR_FILENO + 1); + (void)closefrom(STDERR_FILENO + 1); if (!options.use_login) do_rc_files(s, shell); Index: src/crypto/external/bsd/openssh/dist/ssh.c diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.17 src/crypto/external/bsd/openssh/dist/ssh.c:1.18 --- src/crypto/external/bsd/openssh/dist/ssh.c:1.17 Thu Jul 2 21:00:00 2015 +++ src/crypto/external/bsd/openssh/dist/ssh.c Mon Jul 6 11:09:17 2015 @@ -1,4 +1,4 @@ -/*
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat May 16 14:17:28 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: compat.c Log Message: Pass the correct length to match_patter_list; from Hanno Boeck. XXX: pullup-7 To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/compat.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/compat.c diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.9 src/crypto/external/bsd/openssh/dist/compat.c:1.10 --- src/crypto/external/bsd/openssh/dist/compat.c:1.9 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/compat.c Sat May 16 10:17:28 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: compat.c,v 1.9 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: compat.c,v 1.10 2015/05/16 14:17:28 christos Exp $ */ /* $OpenBSD: compat.c,v 1.87 2015/01/19 20:20:20 markus Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: compat.c,v 1.9 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: compat.c,v 1.10 2015/05/16 14:17:28 christos Exp $); #include sys/types.h #include stdlib.h @@ -242,7 +242,7 @@ filter_proposal(const char *proposal, co buffer_init(b); tmp = orig_prop = xstrdup(proposal); while ((cp = strsep(tmp, ,)) != NULL) { - if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) { + if (match_pattern_list(cp, filter, strlen(filter), 0) != 1) { if (buffer_len(b) 0) buffer_append(b, ,, 1); buffer_append(b, cp, strlen(cp));
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Apr 13 17:35:16 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: sftp.c Log Message: CID 996110: Fix memory leak To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sftp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp.c diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.14 src/crypto/external/bsd/openssh/dist/sftp.c:1.15 --- src/crypto/external/bsd/openssh/dist/sftp.c:1.14 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/sftp.c Mon Apr 13 13:35:16 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp.c,v 1.14 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: sftp.c,v 1.15 2015/04/13 17:35:16 christos Exp $ */ /* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org @@ -17,7 +17,7 @@ */ #include includes.h -__RCSID($NetBSD: sftp.c,v 1.14 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: sftp.c,v 1.15 2015/04/13 17:35:16 christos Exp $); #include sys/param.h /* MIN MAX */ #include sys/types.h #include sys/ioctl.h @@ -732,6 +732,8 @@ process_put(struct sftp_conn *conn, char fflag || global_fflag) == -1) err = -1; } + free(abs_dst); + abs_dst = NULL; } out:
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Apr 13 17:54:52 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keyscan.c Log Message: CID 1293644: Check returns To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.13 --- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12 Sat Apr 4 09:59:20 2015 +++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c Mon Apr 13 13:54:52 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $ */ +/* $NetBSD: ssh-keyscan.c,v 1.13 2015/04/13 17:54:52 christos Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres d...@lcs.mit.edu. @@ -9,7 +9,7 @@ */ #include includes.h -__RCSID($NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $); +__RCSID($NetBSD: ssh-keyscan.c,v 1.13 2015/04/13 17:54:52 christos Exp $); #include sys/param.h #include sys/types.h @@ -284,6 +284,7 @@ static void keyprint(con *c, struct sshkey *key) { char *host = c-c_output_name ? c-c_output_name : c-c_name; + int r; if (!key) return; @@ -291,7 +292,9 @@ keyprint(con *c, struct sshkey *key) fatal(host_hash failed); fprintf(stdout, %s , host); - sshkey_write(key, stdout); + if ((r = sshkey_write(key, stdout)) != 0) + fprintf(stderr, key_write failed: %s, ssh_err(r)); + fputs(\n, stdout); }
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Apr 13 17:59:21 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: clientloop.c Log Message: CID 1293652: Forward NULL deref To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/clientloop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/clientloop.c diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.12 src/crypto/external/bsd/openssh/dist/clientloop.c:1.13 --- src/crypto/external/bsd/openssh/dist/clientloop.c:1.12 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/clientloop.c Mon Apr 13 13:59:21 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: clientloop.c,v 1.12 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: clientloop.c,v 1.13 2015/04/13 17:59:21 christos Exp $ */ /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -61,7 +61,7 @@ */ #include includes.h -__RCSID($NetBSD: clientloop.c,v 1.12 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: clientloop.c,v 1.13 2015/04/13 17:59:21 christos Exp $); #include sys/param.h /* MIN MAX */ #include sys/types.h @@ -1594,7 +1594,8 @@ client_loop(int have_pty, int escape_cha channel_after_select(readset, writeset); if (need_rekeying || packet_need_rekeying()) { debug(need rekeying); -active_state-kex-done = 0; +if (active_state-kex != NULL) + active_state-kex-done = 0; if ((r = kex_send_kexinit(active_state)) != 0) fatal(%s: kex_send_kexinit: %s, __func__, ssh_err(r));
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Apr 13 17:38:20 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: packet.c Log Message: CID 1018734: Fix uninit To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.17 src/crypto/external/bsd/openssh/dist/packet.c:1.18 --- src/crypto/external/bsd/openssh/dist/packet.c:1.17 Wed Apr 8 11:49:46 2015 +++ src/crypto/external/bsd/openssh/dist/packet.c Mon Apr 13 13:38:20 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $ */ +/* $NetBSD: packet.c,v 1.18 2015/04/13 17:38:20 christos Exp $ */ /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -39,7 +39,7 @@ */ #include includes.h -__RCSID($NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $); +__RCSID($NetBSD: packet.c,v 1.18 2015/04/13 17:38:20 christos Exp $); #include sys/param.h /* MIN roundup */ #include sys/types.h #include sys/queue.h @@ -1262,7 +1262,7 @@ int ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh-state; - int len, r, ms_remain, cont; + int len, r, ms_remain = 0, cont; fd_set *setp; char buf[8192]; struct timeval timeout, start, *timeoutp = NULL;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Apr 13 18:00:48 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: serverloop.c Log Message: CID 1293655: Forward NULL deref To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/serverloop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/serverloop.c diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.11 src/crypto/external/bsd/openssh/dist/serverloop.c:1.12 --- src/crypto/external/bsd/openssh/dist/serverloop.c:1.11 Mon Apr 13 13:50:31 2015 +++ src/crypto/external/bsd/openssh/dist/serverloop.c Mon Apr 13 14:00:47 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $ */ +/* $NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -37,7 +37,7 @@ */ #include includes.h -__RCSID($NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $); +__RCSID($NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $); #include sys/param.h /* MIN MAX */ #include sys/types.h #include sys/wait.h @@ -863,8 +863,9 @@ server_loop2(Authctxt *authctxt) if (packet_need_rekeying()) { int r; debug(need rekeying); -active_state-kex-done = 0; - if ((r = kex_send_kexinit(active_state)) != 0) +if (active_state-kex) + active_state-kex-done = 0; +if ((r = kex_send_kexinit(active_state)) != 0) logit(%s: kex_send_kexinit: %s, __func__, ssh_err(r)); }
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Apr 13 17:50:31 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: serverloop.c Log Message: CID 1293642: Check returns To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/serverloop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/serverloop.c diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.10 src/crypto/external/bsd/openssh/dist/serverloop.c:1.11 --- src/crypto/external/bsd/openssh/dist/serverloop.c:1.10 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/serverloop.c Mon Apr 13 13:50:31 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: serverloop.c,v 1.10 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -37,7 +37,7 @@ */ #include includes.h -__RCSID($NetBSD: serverloop.c,v 1.10 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $); #include sys/param.h /* MIN MAX */ #include sys/types.h #include sys/wait.h @@ -861,9 +861,12 @@ server_loop2(Authctxt *authctxt) if (!rekeying) { channel_after_select(readset, writeset); if (packet_need_rekeying()) { +int r; debug(need rekeying); active_state-kex-done = 0; -kex_send_kexinit(active_state); + if ((r = kex_send_kexinit(active_state)) != 0) + logit(%s: kex_send_kexinit: %s, + __func__, ssh_err(r)); } } process_input(readset);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Sat Apr 11 21:14:31 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: packet.h ssh-keygen.c Log Message: Use __dead. To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/packet.h cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/ssh-keygen.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/packet.h diff -u src/crypto/external/bsd/openssh/dist/packet.h:1.10 src/crypto/external/bsd/openssh/dist/packet.h:1.11 --- src/crypto/external/bsd/openssh/dist/packet.h:1.10 Fri Apr 3 23:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/packet.h Sat Apr 11 21:14:31 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.h,v 1.10 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: packet.h,v 1.11 2015/04/11 21:14:31 joerg Exp $ */ /* $OpenBSD: packet.h,v 1.66 2015/01/30 01:13:33 djm Exp $ */ /* @@ -151,7 +151,7 @@ int sshpkt_sendx(struct ssh *ssh); int sshpkt_disconnect(struct ssh *, const char *fmt, ...) __attribute__((format(printf, 2, 3))); int sshpkt_add_padding(struct ssh *, u_char); -void sshpkt_fatal(struct ssh *ssh, const char *tag, int r); +void sshpkt_fatal(struct ssh *ssh, const char *tag, int r) __dead; int sshpkt_put(struct ssh *ssh, const void *v, size_t len); int sshpkt_putb(struct ssh *ssh, const struct sshbuf *b); Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.15 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.16 --- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.15 Fri Apr 3 23:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c Sat Apr 11 21:14:31 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keygen.c,v 1.15 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: ssh-keygen.c,v 1.16 2015/04/11 21:14:31 joerg Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.266 2015/02/26 20:45:47 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -14,7 +14,7 @@ */ #include includes.h -__RCSID($NetBSD: ssh-keygen.c,v 1.15 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: ssh-keygen.c,v 1.16 2015/04/11 21:14:31 joerg Exp $); #include sys/types.h #include sys/socket.h #include sys/stat.h @@ -291,7 +291,7 @@ load_identity(char *filename) #define SSH_COM_PRIVATE_KEY_MAGIC 0x3f6ff9eb #ifdef WITH_OPENSSL -static void +__dead static void do_convert_to_ssh2(struct passwd *pw, struct sshkey *k) { size_t len;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Apr 8 15:49:47 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: dispatch.c packet.c Log Message: ssh_packet_write_wait() returns number of bytes now; check for negative for error instead of 0. Fixes ssh command restrictions, reported by Tobias Nygren. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/dispatch.c cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/dispatch.c diff -u src/crypto/external/bsd/openssh/dist/dispatch.c:1.4 src/crypto/external/bsd/openssh/dist/dispatch.c:1.5 --- src/crypto/external/bsd/openssh/dist/dispatch.c:1.4 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/dispatch.c Wed Apr 8 11:49:46 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: dispatch.c,v 1.4 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: dispatch.c,v 1.5 2015/04/08 15:49:46 christos Exp $ */ /* $OpenBSD: dispatch.c,v 1.26 2015/02/12 20:34:19 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: dispatch.c,v 1.4 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: dispatch.c,v 1.5 2015/04/08 15:49:46 christos Exp $); #include sys/types.h #include signal.h @@ -51,7 +51,7 @@ dispatch_protocol_error(int type, u_int3 if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || (r = sshpkt_put_u32(ssh, seq)) != 0 || (r = sshpkt_send(ssh)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) sshpkt_fatal(ssh, __func__, r); return 0; } Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.16 src/crypto/external/bsd/openssh/dist/packet.c:1.17 --- src/crypto/external/bsd/openssh/dist/packet.c:1.16 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/packet.c Wed Apr 8 11:49:46 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.16 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $ */ /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -39,7 +39,7 @@ */ #include includes.h -__RCSID($NetBSD: packet.c,v 1.16 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $); #include sys/param.h /* MIN roundup */ #include sys/types.h #include sys/queue.h @@ -1452,7 +1452,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u if (emsg != NULL) { error(%s, emsg); if ((r = sshpkt_disconnect(ssh, %s, emsg)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1487,7 +1487,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u error(%s: len %d != sshbuf_len %zd, __func__, len, sshbuf_len(state-incoming_packet)); if ((r = sshpkt_disconnect(ssh, invalid packet length)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1497,7 +1497,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u if (checksum != stored_checksum) { error(Corrupted check bytes on input); if ((r = sshpkt_disconnect(ssh, connection corrupted)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1521,7 +1521,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u if (*typep SSH_MSG_MIN || *typep SSH_MSG_MAX) { error(Invalid ssh1 packet type: %d, *typep); if ((r = sshpkt_disconnect(ssh, invalid packet type)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) return r; return SSH_ERR_PROTOCOL_ERROR; } @@ -1694,7 +1694,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u if (padlen 4) { if ((r = sshpkt_disconnect(ssh, Corrupted padlen %d on input., padlen)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) return r; return SSH_ERR_CONN_CORRUPT; } @@ -1727,7 +1727,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u if (*typep SSH2_MSG_MIN || *typep = SSH2_MSG_LOCAL_MIN) { if ((r = sshpkt_disconnect(ssh, Invalid ssh2 packet type: %d, *typep)) != 0 || - (r = ssh_packet_write_wait(ssh)) != 0) + (r = ssh_packet_write_wait(ssh)) 0) return r; return SSH_ERR_PROTOCOL_ERROR; } @@ -1896,7 +1896,7 @@ ssh_packet_send_debug(struct ssh *ssh, c (r = sshpkt_send(ssh)) != 0) fatal(%s: %s, __func__, ssh_err(r)); } - if ((r = ssh_packet_write_wait(ssh)) != 0) + if ((r = ssh_packet_write_wait(ssh)) 0) fatal(%s: %s,
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Apr 4 13:59:20 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: ssh-keyscan.c Log Message: Alpha is the only platform where sig_atomic_t isn't int... OpenBSD does not compile OpenSSH on the alpha anymore? To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.11 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12 --- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.11 Fri Apr 3 19:58:19 2015 +++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c Sat Apr 4 09:59:20 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-keyscan.c,v 1.11 2015/04/03 23:58:19 christos Exp $ */ +/* $NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $ */ /* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */ /* * Copyright 1995, 1996 by David Mazieres d...@lcs.mit.edu. @@ -9,7 +9,7 @@ */ #include includes.h -__RCSID($NetBSD: ssh-keyscan.c,v 1.11 2015/04/03 23:58:19 christos Exp $); +__RCSID($NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $); #include sys/param.h #include sys/types.h @@ -91,7 +91,7 @@ typedef struct Connection { int c_len; /* Total bytes which must be read. */ int c_off; /* Length of data read so far. */ int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */ - int c_done; /* SSH2 done */ + sig_atomic_t c_done; /* SSH2 done */ char *c_namebase; /* Address to free for c_name and c_namelist */ char *c_name; /* Hostname of connection for errors */ char *c_namelist; /* Pointer to other possible addresses */
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Feb 14 15:41:21 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: auth1.c auth2.c Log Message: Also mark as bad attempts those who come in a bad users (Frank Kardel) To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/auth1.c \ src/crypto/external/bsd/openssh/dist/auth2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth1.c diff -u src/crypto/external/bsd/openssh/dist/auth1.c:1.9 src/crypto/external/bsd/openssh/dist/auth1.c:1.10 --- src/crypto/external/bsd/openssh/dist/auth1.c:1.9 Sun Oct 19 12:30:58 2014 +++ src/crypto/external/bsd/openssh/dist/auth1.c Sat Feb 14 10:41:21 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: auth1.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */ +/* $NetBSD: auth1.c,v 1.10 2015/02/14 15:41:21 christos Exp $ */ /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland @@ -12,7 +12,7 @@ */ #include includes.h -__RCSID($NetBSD: auth1.c,v 1.9 2014/10/19 16:30:58 christos Exp $); +__RCSID($NetBSD: auth1.c,v 1.10 2015/02/14 15:41:21 christos Exp $); #include sys/types.h #include sys/queue.h @@ -41,6 +41,7 @@ __RCSID($NetBSD: auth1.c,v 1.9 2014/10/ #endif #include monitor_wrap.h #include buffer.h +#include pfilter.h /* import */ extern ServerOptions options; @@ -445,6 +446,7 @@ do_authentication(Authctxt *authctxt) else { debug(do_authentication: invalid user %s, user); authctxt-pw = fakepw(); + pfilter_notify(1); } /* Configuration may have changed as a result of Match */ Index: src/crypto/external/bsd/openssh/dist/auth2.c diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.9 src/crypto/external/bsd/openssh/dist/auth2.c:1.10 --- src/crypto/external/bsd/openssh/dist/auth2.c:1.9 Sun Oct 19 12:30:58 2014 +++ src/crypto/external/bsd/openssh/dist/auth2.c Sat Feb 14 10:41:21 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: auth2.c,v 1.9 2014/10/19 16:30:58 christos Exp $ */ +/* $NetBSD: auth2.c,v 1.10 2015/02/14 15:41:21 christos Exp $ */ /* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: auth2.c,v 1.9 2014/10/19 16:30:58 christos Exp $); +__RCSID($NetBSD: auth2.c,v 1.10 2015/02/14 15:41:21 christos Exp $); #include sys/types.h #include sys/stat.h #include sys/uio.h @@ -52,6 +52,7 @@ __RCSID($NetBSD: auth2.c,v 1.9 2014/10/ #include pathnames.h #include buffer.h #include canohost.h +#include pfilter.h #ifdef GSSAPI #include ssh-gss.h @@ -256,6 +257,7 @@ input_userauth_request(int type, u_int32 } else { logit(input_userauth_request: invalid user %s, user); authctxt-pw = fakepw(); + pfilter_notify(1); } #ifdef USE_PAM if (options.use_pam)
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sat Feb 14 19:05:29 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: sshd.c Log Message: initialize the pfilter for the privilege-separated copy (Frank Kardel) To generate a diff of this commit: cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshd.c diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.16 src/crypto/external/bsd/openssh/dist/sshd.c:1.17 --- src/crypto/external/bsd/openssh/dist/sshd.c:1.16 Sun Jan 25 10:52:44 2015 +++ src/crypto/external/bsd/openssh/dist/sshd.c Sat Feb 14 14:05:29 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: sshd.c,v 1.16 2015/01/25 15:52:44 christos Exp $ */ +/* $NetBSD: sshd.c,v 1.17 2015/02/14 19:05:29 christos Exp $ */ /* $OpenBSD: sshd.c,v 1.428 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -44,7 +44,7 @@ */ #include includes.h -__RCSID($NetBSD: sshd.c,v 1.16 2015/01/25 15:52:44 christos Exp $); +__RCSID($NetBSD: sshd.c,v 1.17 2015/02/14 19:05:29 christos Exp $); #include sys/types.h #include sys/param.h #include sys/ioctl.h @@ -628,6 +628,8 @@ privsep_preauth_child(void) explicit_bzero(pw-pw_passwd, strlen(pw-pw_passwd)); endpwent(); + pfilter_init(); + /* Change our root directory */ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal(chroot(\%s\): %s, _PATH_PRIVSEP_CHROOT_DIR,
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Wed Jan 21 02:05:47 UTC 2015 Modified Files: src/crypto/external/bsd/openssh/dist: packet.c Log Message: don't print a return on debug messages To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/packet.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/packet.c diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.14 src/crypto/external/bsd/openssh/dist/packet.c:1.15 --- src/crypto/external/bsd/openssh/dist/packet.c:1.14 Sun Oct 19 23:05:13 2014 +++ src/crypto/external/bsd/openssh/dist/packet.c Tue Jan 20 21:05:47 2015 @@ -1,4 +1,4 @@ -/* $NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $ */ +/* $NetBSD: packet.c,v 1.15 2015/01/21 02:05:47 christos Exp $ */ /* $OpenBSD: packet.c,v 1.198 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -39,7 +39,7 @@ */ #include includes.h -__RCSID($NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $); +__RCSID($NetBSD: packet.c,v 1.15 2015/01/21 02:05:47 christos Exp $); #include sys/types.h #include sys/queue.h #include sys/socket.h @@ -944,7 +944,7 @@ packet_send2_wrapped(void) len, padlen, aadlen)); /* compute MAC over seqnr and packet(length fields, payload, padding) */ -debug(mac %p, %d %d\n, mac, mac? mac-enabled : -1, mac ? mac-etm : -1); +debug(mac %p, %d %d, mac, mac? mac-enabled : -1, mac ? mac-etm : -1); if (mac mac-enabled !mac-etm) { macbuf = mac_compute(mac, active_state-p_send.seqnr, buffer_ptr(active_state-outgoing_packet), len);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Tue Oct 28 21:35:57 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: sshbuf.h Log Message: Mark sshbuf_putfv as __printflike. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/sshbuf.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshbuf.h diff -u src/crypto/external/bsd/openssh/dist/sshbuf.h:1.2 src/crypto/external/bsd/openssh/dist/sshbuf.h:1.3 --- src/crypto/external/bsd/openssh/dist/sshbuf.h:1.2 Sun Oct 19 16:30:59 2014 +++ src/crypto/external/bsd/openssh/dist/sshbuf.h Tue Oct 28 21:35:56 2014 @@ -161,7 +161,8 @@ int sshbuf_putb(struct sshbuf *buf, cons /* Append using a printf(3) format */ int sshbuf_putf(struct sshbuf *buf, const char *fmt, ...) __attribute__((format(printf, 2, 3))); -int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap); +int sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap) + __printflike(2, 0); /* Functions to extract or store big-endian words of various sizes */ int sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Tue Oct 28 21:36:16 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: sshd.c Log Message: sighup_handler is not dead. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sshd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sshd.c diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.14 src/crypto/external/bsd/openssh/dist/sshd.c:1.15 --- src/crypto/external/bsd/openssh/dist/sshd.c:1.14 Sun Oct 19 16:30:59 2014 +++ src/crypto/external/bsd/openssh/dist/sshd.c Tue Oct 28 21:36:16 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: sshd.c,v 1.14 2014/10/19 16:30:59 christos Exp $ */ +/* $NetBSD: sshd.c,v 1.15 2014/10/28 21:36:16 joerg Exp $ */ /* $OpenBSD: sshd.c,v 1.428 2014/07/15 15:54:14 millert Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -44,7 +44,7 @@ */ #include includes.h -__RCSID($NetBSD: sshd.c,v 1.14 2014/10/19 16:30:59 christos Exp $); +__RCSID($NetBSD: sshd.c,v 1.15 2014/10/28 21:36:16 joerg Exp $); #include sys/types.h #include sys/param.h #include sys/ioctl.h @@ -287,7 +287,7 @@ close_startup_pipes(void) */ /*ARGSUSED*/ -__dead static void +static void sighup_handler(int sig) { int save_errno = errno;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Tue Oct 28 21:36:30 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: umac.c Log Message: xor32 may be unused, mark it so. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/umac.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/umac.c diff -u src/crypto/external/bsd/openssh/dist/umac.c:1.7 src/crypto/external/bsd/openssh/dist/umac.c:1.8 --- src/crypto/external/bsd/openssh/dist/umac.c:1.7 Mon Oct 20 10:31:32 2014 +++ src/crypto/external/bsd/openssh/dist/umac.c Tue Oct 28 21:36:30 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $ */ +/* $NetBSD: umac.c,v 1.8 2014/10/28 21:36:30 joerg Exp $ */ /* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ /* --- * @@ -67,7 +67,7 @@ /* -- */ #include includes.h -__RCSID($NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $); +__RCSID($NetBSD: umac.c,v 1.8 2014/10/28 21:36:30 joerg Exp $); #include sys/types.h #include sys/endian.h #include string.h @@ -239,7 +239,7 @@ xor64(uint8_t *dp, int di, uint8_t *sp, memcpy(dp + sizeof(dst) * di, dst, sizeof(dst)); } -static inline void +__unused static inline void xor32(uint8_t *dp, int di, uint8_t *sp, int si) { uint32_t dst, src;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: martin Date: Mon Oct 20 10:31:32 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: umac.c Log Message: Try to make this buildable on big endian machines. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/umac.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/umac.c diff -u src/crypto/external/bsd/openssh/dist/umac.c:1.6 src/crypto/external/bsd/openssh/dist/umac.c:1.7 --- src/crypto/external/bsd/openssh/dist/umac.c:1.6 Mon Oct 20 03:05:13 2014 +++ src/crypto/external/bsd/openssh/dist/umac.c Mon Oct 20 10:31:32 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: umac.c,v 1.6 2014/10/20 03:05:13 christos Exp $ */ +/* $NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $ */ /* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */ /* --- * @@ -67,7 +67,7 @@ /* -- */ #include includes.h -__RCSID($NetBSD: umac.c,v 1.6 2014/10/20 03:05:13 christos Exp $); +__RCSID($NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $); #include sys/types.h #include sys/endian.h #include string.h @@ -565,6 +565,7 @@ static void nh_transform(nh_ctx *hc, con /* -- */ +#if (__LITTLE_ENDIAN__) static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes) /* We endian convert the keys on little-endian computers to */ /* compensate for the lack of big-endian memory reads during hashing. */ @@ -587,7 +588,6 @@ static void endian_convert(void *buf, UW } while (--iters); } } -#if (__LITTLE_ENDIAN__) #define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z)) #else #define endian_convert_if_le(x,y,z) do{}while(0) /* Do nothing */
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Oct 20 18:14:37 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: myproposal.h sshconnect2.c Log Message: re-enable the none cipher, now that it has been tested. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/myproposal.h cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/sshconnect2.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/myproposal.h diff -u src/crypto/external/bsd/openssh/dist/myproposal.h:1.8 src/crypto/external/bsd/openssh/dist/myproposal.h:1.9 --- src/crypto/external/bsd/openssh/dist/myproposal.h:1.8 Sun Oct 19 12:30:58 2014 +++ src/crypto/external/bsd/openssh/dist/myproposal.h Mon Oct 20 14:14:37 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: myproposal.h,v 1.8 2014/10/19 16:30:58 christos Exp $ */ +/* $NetBSD: myproposal.h,v 1.9 2014/10/20 18:14:37 christos Exp $ */ /* $OpenBSD: myproposal.h,v 1.41 2014/07/11 13:54:34 tedu Exp $ */ /* @@ -64,8 +64,6 @@ arcfour256,arcfour128, \ aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, \ aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se -#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \ - ,none #define KEX_SERVER_MAC \ umac-64-...@openssh.com, \ @@ -118,14 +116,19 @@ #endif /* WITH_OPENSSL */ +#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \ + ,none +#define KEX_SERVER_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT \ + ,none + #define KEX_DEFAULT_COMP none,z...@openssh.com,zlib #define KEX_DEFAULT_LANG #define KEX_CLIENT \ KEX_CLIENT_KEX, \ KEX_DEFAULT_PK_ALG, \ - KEX_CLIENT_ENCRYPT, \ - KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \ + KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \ KEX_CLIENT_MAC, \ KEX_CLIENT_MAC, \ KEX_DEFAULT_COMP, \ @@ -136,8 +139,8 @@ #define KEX_SERVER \ KEX_SERVER_KEX, \ KEX_DEFAULT_PK_ALG, \ - KEX_SERVER_ENCRYPT, \ - KEX_SERVER_ENCRYPT, \ + KEX_SERVER_ENCRYPT_INCLUDE_NONE, \ + KEX_SERVER_ENCRYPT_INCLUDE_NONE, \ KEX_SERVER_MAC, \ KEX_SERVER_MAC, \ KEX_DEFAULT_COMP, \ Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.17 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.18 --- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.17 Sun Oct 19 23:05:13 2014 +++ src/crypto/external/bsd/openssh/dist/sshconnect2.c Mon Oct 20 14:14:37 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $ */ +/* $NetBSD: sshconnect2.c,v 1.18 2014/10/20 18:14:37 christos Exp $ */ /* $OpenBSD: sshconnect2.c,v 1.210 2014/07/15 15:54:14 millert Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -26,7 +26,7 @@ */ #include includes.h -__RCSID($NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $); +__RCSID($NetBSD: sshconnect2.c,v 1.18 2014/10/20 18:14:37 christos Exp $); #include sys/types.h #include sys/socket.h #include sys/wait.h @@ -435,9 +435,9 @@ ssh_userauth2(const char *local_user, co /* tty allocated */ if ((options.none_switch == 1) (options.none_enabled == 1)) { -#ifdef notyet if (!tty_flag) /* no null on tty sessions */ { + const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; debug(Requesting none rekeying...); myproposal[PROPOSAL_ENC_ALGS_STOC] = none; myproposal[PROPOSAL_ENC_ALGS_CTOS] = none; @@ -451,7 +451,6 @@ ssh_userauth2(const char *local_user, co debug(Cannot switch to NONE cipher with tty allocated); fprintf(stderr, NONE cipher switch disabled when a TTY is allocated\n); } -#endif } debug(Authentication succeeded (%s)., authctxt.method-name); }
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Sun Oct 19 16:31:47 UTC 2014 Added Files: src/crypto/external/bsd/openssh/dist: bcrypt_pbkdf.c blf.h blowfish.c Log Message: add new files To generate a diff of this commit: cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c \ src/crypto/external/bsd/openssh/dist/blf.h \ src/crypto/external/bsd/openssh/dist/blowfish.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Added files: Index: src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c diff -u /dev/null src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c:1.1 --- /dev/null Sun Oct 19 12:31:47 2014 +++ src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c Sun Oct 19 12:31:47 2014 @@ -0,0 +1,174 @@ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */ +/* + * Copyright (c) 2013 Ted Unangst t...@openbsd.org + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include includes.h +__RCSID($NetBSD: bcrypt_pbkdf.c,v 1.1 2014/10/19 16:31:47 christos Exp $); + +#ifndef HAVE_BCRYPT_PBKDF + +#include sys/types.h +#include sys/param.h + +#ifdef HAVE_STDLIB_H +# include stdlib.h +#endif +#include string.h + +#ifdef HAVE_BLF_H +# include blf.h +#endif + +#include crypto_api.h +#include stdio.h +#include time.h +#include misc.h +#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES + +/* + * pkcs #5 pbkdf2 implementation using the bcrypt hash + * + * The bcrypt hash function is derived from the bcrypt password hashing + * function with the following modifications: + * 1. The input password and salt are preprocessed with SHA512. + * 2. The output length is expanded to 256 bits. + * 3. Subsequently the magic string to be encrypted is lengthened and modifed + *to OxychromaticBlowfishSwatDynamite + * 4. The hash function is defined to perform 64 rounds of initial state + *expansion. (More rounds are performed by iterating the hash.) + * + * Note that this implementation pulls the SHA512 operations into the caller + * as a performance optimization. + * + * One modification from official pbkdf2. Instead of outputting key material + * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to + * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an + * attacker can merely run once through the outer loop below, but the user + * always runs it twice. Shuffling output bytes requires computing the + * entirety of the key material to assemble any subkey. This is something a + * wise caller could do; we just do it for you. + */ + +#define BCRYPT_BLOCKS 8 +#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4) + +static void +bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out) +{ + blf_ctx state; + u_int8_t ciphertext[BCRYPT_HASHSIZE] = + OxychromaticBlowfishSwatDynamite; + uint32_t cdata[BCRYPT_BLOCKS]; + int i; + uint16_t j; + size_t shalen = SHA512_DIGEST_LENGTH; + + /* key expansion */ + Blowfish_initstate(state); + Blowfish_expandstate(state, sha2salt, shalen, sha2pass, shalen); + for (i = 0; i 64; i++) { + Blowfish_expand0state(state, sha2salt, shalen); + Blowfish_expand0state(state, sha2pass, shalen); + } + + /* encryption */ + j = 0; + for (i = 0; i BCRYPT_BLOCKS; i++) + cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), + j); + for (i = 0; i 64; i++) + blf_enc(state, cdata, sizeof(cdata) / sizeof(uint64_t)); + + /* copy out */ + for (i = 0; i BCRYPT_BLOCKS; i++) { + out[4 * i + 3] = (cdata[i] 24) 0xff; + out[4 * i + 2] = (cdata[i] 16) 0xff; + out[4 * i + 1] = (cdata[i] 8) 0xff; + out[4 * i + 0] = cdata[i] 0xff; + } + + /* zap */ + memset(ciphertext, 0, sizeof(ciphertext)); + memset(cdata, 0, sizeof(cdata)); + memset(state, 0, sizeof(state)); +} + +int +bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen, +u_int8_t *key, size_t keylen, unsigned int rounds) +{ + u_int8_t sha2pass[SHA512_DIGEST_LENGTH]; + u_int8_t sha2salt[SHA512_DIGEST_LENGTH]; + u_int8_t out[BCRYPT_HASHSIZE]; + u_int8_t tmpout[BCRYPT_HASHSIZE]; + u_int8_t *countsalt; + size_t i, j, amt, stride; + uint32_t count; + + /* nothing crazy */ + if (rounds 1) + return -1; + if (passlen == 0 || saltlen == 0 || keylen == 0 || +
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Tue Oct 14 16:15:18 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: auth.c Log Message: for consistency use options.use_dns when getting the canonical hostname. [we do the same below for hosts.allow and deny] reported by rudolf. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/auth.c diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.8 src/crypto/external/bsd/openssh/dist/auth.c:1.9 --- src/crypto/external/bsd/openssh/dist/auth.c:1.8 Fri Nov 8 14:18:24 2013 +++ src/crypto/external/bsd/openssh/dist/auth.c Tue Oct 14 12:15:18 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: auth.c,v 1.8 2013/11/08 19:18:24 christos Exp $ */ +/* $NetBSD: auth.c,v 1.9 2014/10/14 16:15:18 christos Exp $ */ /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,7 +25,7 @@ */ #include includes.h -__RCSID($NetBSD: auth.c,v 1.8 2013/11/08 19:18:24 christos Exp $); +__RCSID($NetBSD: auth.c,v 1.9 2014/10/14 16:15:18 christos Exp $); #include sys/types.h #include sys/stat.h #include sys/param.h @@ -101,7 +101,7 @@ allowed_user(struct passwd * pw) return 0; #ifdef HAVE_LOGIN_CAP - hostname = get_canonical_hostname(1); + hostname = get_canonical_hostname(options.use_dns); ipaddr = get_remote_ipaddr(); lc = login_getclass(pw-pw_class);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: gson Date: Thu Feb 20 08:20:05 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: ssh.c Log Message: Don't print an empty line after the debug message Enabled Dynamic Window Scaling. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/ssh.c diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.13 src/crypto/external/bsd/openssh/dist/ssh.c:1.14 --- src/crypto/external/bsd/openssh/dist/ssh.c:1.13 Fri Nov 8 19:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/ssh.c Thu Feb 20 08:20:05 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh.c,v 1.13 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: ssh.c,v 1.14 2014/02/20 08:20:05 gson Exp $ */ /* $OpenBSD: ssh.c,v 1.381 2013/07/25 00:29:10 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -42,7 +42,7 @@ */ #include includes.h -__RCSID($NetBSD: ssh.c,v 1.13 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: ssh.c,v 1.14 2014/02/20 08:20:05 gson Exp $); #include sys/types.h #include sys/param.h #include sys/ioctl.h @@ -1456,7 +1456,7 @@ ssh_session2_open(void) if ((options.tcp_rcv_buf_poll 0) (!options.hpn_disabled)) { c-dynamic_window = 1; - debug (Enabled Dynamic Window Scaling\n); + debug (Enabled Dynamic Window Scaling); } debug3(ssh_session2_open: channel_new: %d, c-self);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: martin Date: Tue Jan 28 22:06:39 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: servconf.c Log Message: Mark a potentially unused variable (depending on #ifdef) To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/servconf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/servconf.c diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.14 src/crypto/external/bsd/openssh/dist/servconf.c:1.15 --- src/crypto/external/bsd/openssh/dist/servconf.c:1.14 Sun Dec 15 10:42:52 2013 +++ src/crypto/external/bsd/openssh/dist/servconf.c Tue Jan 28 22:06:39 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $ */ +/* $NetBSD: servconf.c,v 1.15 2014/01/28 22:06:39 martin Exp $ */ /* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland @@ -12,7 +12,7 @@ */ #include includes.h -__RCSID($NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $); +__RCSID($NetBSD: servconf.c,v 1.15 2014/01/28 22:06:39 martin Exp $); #include sys/types.h #include sys/socket.h #include sys/queue.h @@ -959,7 +959,7 @@ process_server_config_line(ServerOptions #ifdef WITH_LDAP_PUBKEY unsigned long lvalue; #endif - time_t *timetptr; + time_t *timetptr __unused; ServerOpCodes opcode; u_int i, flags = 0; size_t len;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: joerg Date: Tue Jan 7 02:13:39 UTC 2014 Modified Files: src/crypto/external/bsd/openssh/dist: log.h Log Message: Format string checks for do_log. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/log.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/log.h diff -u src/crypto/external/bsd/openssh/dist/log.h:1.6 src/crypto/external/bsd/openssh/dist/log.h:1.7 --- src/crypto/external/bsd/openssh/dist/log.h:1.6 Fri Nov 8 19:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/log.h Tue Jan 7 02:13:39 2014 @@ -1,4 +1,4 @@ -/* $NetBSD: log.h,v 1.6 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: log.h,v 1.7 2014/01/07 02:13:39 joerg Exp $ */ /* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */ /* @@ -71,6 +71,7 @@ void debug3(const char *, ...) __att void set_log_handler(log_handler_fn *, void *); void do_log2(LogLevel, const char *, ...) __attribute__((format(printf, 2, 3))); -void do_log(LogLevel, const char *, va_list); +void do_log(LogLevel, const char *, va_list) +__attribute__((format(printf, 2, 0))); void cleanup_exit(int) __attribute__((noreturn)); #endif
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: spz Date: Sun Dec 15 10:42:52 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: servconf.c Log Message: Coverity issues 996120 and 996121, Use after free Use the M_CP_STROPT definition exclusive to servconf.c twice and you have freed your original string. servconf.h won copying authorized_keys_command and authorized_keys_command_user in COPY_MATCH_STRING_OPTS in 1.107, but servconf.c didn't drop its own, so it walks into this trap. Remove the duplicate copies, and disarm the trap. Note this is on a code path where authorized_keys_command and authorized_keys_command_user don't actually get used except for a debug dump of the config, and dump_cfg_string protects itself against trying to print NULL pointers, so all you get is sshd -T -C ... giving wrong results, which is rather insignificant as far as security issues go. To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/servconf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/servconf.c diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.13 src/crypto/external/bsd/openssh/dist/servconf.c:1.14 --- src/crypto/external/bsd/openssh/dist/servconf.c:1.13 Fri Nov 8 19:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/servconf.c Sun Dec 15 10:42:52 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: servconf.c,v 1.13 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $ */ /* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland @@ -12,7 +12,7 @@ */ #include includes.h -__RCSID($NetBSD: servconf.c,v 1.13 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $); #include sys/types.h #include sys/socket.h #include sys/queue.h @@ -2012,7 +2012,7 @@ int server_match_spec_complete(struct co dst-n = src-n; \ } while (0) #define M_CP_STROPT(n) do {\ - if (src-n != NULL) { \ + if (src-n != NULL dst-n != src-n) { \ free(dst-n); \ dst-n = src-n; \ } \ @@ -2043,8 +2043,6 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(hostbased_uses_name_from_packet_only); M_CP_INTOPT(kbd_interactive_authentication); M_CP_INTOPT(zero_knowledge_password_authentication); - M_CP_STROPT(authorized_keys_command); - M_CP_STROPT(authorized_keys_command_user); M_CP_INTOPT(permit_root_login); M_CP_INTOPT(permit_empty_passwd);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: spz Date: Tue Dec 3 17:14:35 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: monitor.c Log Message: Coverity fix: 979928 Use after free debug3 line moved to before one of its arguments is freed To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/monitor.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/monitor.c diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.11 src/crypto/external/bsd/openssh/dist/monitor.c:1.12 --- src/crypto/external/bsd/openssh/dist/monitor.c:1.11 Fri Nov 8 19:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/monitor.c Tue Dec 3 17:14:35 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: monitor.c,v 1.11 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: monitor.c,v 1.12 2013/12/03 17:14:35 spz Exp $ */ /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */ /* * Copyright 2002 Niels Provos pro...@citi.umich.edu @@ -27,7 +27,7 @@ */ #include includes.h -__RCSID($NetBSD: monitor.c,v 1.11 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: monitor.c,v 1.12 2013/12/03 17:14:35 spz Exp $); #include sys/types.h #include sys/wait.h #include sys/socket.h @@ -1181,6 +1181,9 @@ mm_answer_keyallowed(int sock, Buffer *m break; } } + debug3(%s: key %p is %s, + __func__, key, allowed ? allowed : not allowed); + if (key != NULL) key_free(key); @@ -1202,9 +1205,6 @@ mm_answer_keyallowed(int sock, Buffer *m free(chost); } - debug3(%s: key %p is %s, - __func__, key, allowed ? allowed : not allowed); - buffer_clear(m); buffer_put_int(m, allowed); buffer_put_int(m, forced_command != NULL);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Tue Nov 19 16:58:16 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: sftp-client.c Log Message: CID 1129615: close argument can't be negative To generate a diff of this commit: cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/sftp-client.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp-client.c diff -u src/crypto/external/bsd/openssh/dist/sftp-client.c:1.10 src/crypto/external/bsd/openssh/dist/sftp-client.c:1.11 --- src/crypto/external/bsd/openssh/dist/sftp-client.c:1.10 Mon Nov 11 11:46:20 2013 +++ src/crypto/external/bsd/openssh/dist/sftp-client.c Tue Nov 19 11:58:16 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-client.c,v 1.10 2013/11/11 16:46:20 christos Exp $ */ +/* $NetBSD: sftp-client.c,v 1.11 2013/11/19 16:58:16 christos Exp $ */ /* $OpenBSD: sftp-client.c,v 1.101.2.1 2013/11/08 01:33:56 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org @@ -22,7 +22,7 @@ /* XXX: copy between two remote sites */ #include includes.h -__RCSID($NetBSD: sftp-client.c,v 1.10 2013/11/11 16:46:20 christos Exp $); +__RCSID($NetBSD: sftp-client.c,v 1.11 2013/11/19 16:58:16 christos Exp $); #include sys/types.h #include sys/poll.h #include sys/queue.h @@ -1069,7 +1069,8 @@ do_download(struct sftp_conn *conn, char do_close(conn, handle, handle_len); buffer_free(msg); free(handle); - close(local_fd); + if (local_fd != -1) +close(local_fd); return -1; } offset = highwater = st.st_size;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Nov 11 16:32:10 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: key.c ssh-pkcs11-helper.c Log Message: CID-1128381: Avoid use after free To generate a diff of this commit: cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/key.c cvs rdiff -u -r1.5 -r1.6 \ src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/key.c diff -u src/crypto/external/bsd/openssh/dist/key.c:1.13 src/crypto/external/bsd/openssh/dist/key.c:1.14 --- src/crypto/external/bsd/openssh/dist/key.c:1.13 Fri Nov 8 14:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/key.c Mon Nov 11 11:32:10 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.13 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: key.c,v 1.14 2013/11/11 16:32:10 christos Exp $ */ /* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */ /* * read_bignum(): @@ -36,7 +36,7 @@ */ #include includes.h -__RCSID($NetBSD: key.c,v 1.13 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: key.c,v 1.14 2013/11/11 16:32:10 christos Exp $); #include sys/param.h #include sys/types.h @@ -1512,6 +1512,8 @@ to_blob(const Key *key, u_char **blobp, Buffer b; int len, type; + if (blobp) + *blobp = NULL; if (key == NULL) { error(key_to_blob: key == NULL); return 0; Index: src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c diff -u src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.5 src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.6 --- src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.5 Fri Nov 8 14:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c Mon Nov 11 11:32:10 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: ssh-pkcs11-helper.c,v 1.5 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: ssh-pkcs11-helper.c,v 1.6 2013/11/11 16:32:10 christos Exp $ */ /* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. @@ -16,7 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include includes.h -__RCSID($NetBSD: ssh-pkcs11-helper.c,v 1.5 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: ssh-pkcs11-helper.c,v 1.6 2013/11/11 16:32:10 christos Exp $); #include sys/queue.h #include sys/types.h @@ -124,7 +124,8 @@ process_add(void) buffer_put_char(msg, SSH2_AGENT_IDENTITIES_ANSWER); buffer_put_int(msg, nkeys); for (i = 0; i nkeys; i++) { - key_to_blob(keys[i], blob, blen); + if (key_to_blob(keys[i], blob, blen) == 0) +continue; buffer_put_string(msg, blob, blen); buffer_put_cstring(msg, name); free(blob);
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Nov 11 16:43:26 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: sftp-client.c Log Message: CID 1092473: Fix file descriptor leak To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/sftp-client.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/sftp-client.c diff -u src/crypto/external/bsd/openssh/dist/sftp-client.c:1.8 src/crypto/external/bsd/openssh/dist/sftp-client.c:1.9 --- src/crypto/external/bsd/openssh/dist/sftp-client.c:1.8 Fri Nov 8 14:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/sftp-client.c Mon Nov 11 11:43:26 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: sftp-client.c,v 1.8 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: sftp-client.c,v 1.9 2013/11/11 16:43:26 christos Exp $ */ /* $OpenBSD: sftp-client.c,v 1.101.2.1 2013/11/08 01:33:56 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org @@ -22,7 +22,7 @@ /* XXX: copy between two remote sites */ #include includes.h -__RCSID($NetBSD: sftp-client.c,v 1.8 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: sftp-client.c,v 1.9 2013/11/11 16:43:26 christos Exp $); #include sys/types.h #include sys/poll.h #include sys/queue.h @@ -1069,6 +1069,7 @@ do_download(struct sftp_conn *conn, char do_close(conn, handle, handle_len); buffer_free(msg); free(handle); + close(local_fd); return -1; } offset = highwater = st.st_size;
CVS commit: src/crypto/external/bsd/openssh/dist
Module Name:src Committed By: christos Date: Mon Nov 11 16:44:43 UTC 2013 Modified Files: src/crypto/external/bsd/openssh/dist: serverloop.c Log Message: CID 1092495: Widen operation to prevent overflow To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/serverloop.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/crypto/external/bsd/openssh/dist/serverloop.c diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.7 src/crypto/external/bsd/openssh/dist/serverloop.c:1.8 --- src/crypto/external/bsd/openssh/dist/serverloop.c:1.7 Fri Nov 8 14:18:25 2013 +++ src/crypto/external/bsd/openssh/dist/serverloop.c Mon Nov 11 11:44:43 2013 @@ -1,4 +1,4 @@ -/* $NetBSD: serverloop.c,v 1.7 2013/11/08 19:18:25 christos Exp $ */ +/* $NetBSD: serverloop.c,v 1.8 2013/11/11 16:44:43 christos Exp $ */ /* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */ /* * Author: Tatu Ylonen y...@cs.hut.fi @@ -37,7 +37,7 @@ */ #include includes.h -__RCSID($NetBSD: serverloop.c,v 1.7 2013/11/08 19:18:25 christos Exp $); +__RCSID($NetBSD: serverloop.c,v 1.8 2013/11/11 16:44:43 christos Exp $); #include sys/types.h #include sys/wait.h #include sys/socket.h @@ -313,7 +313,7 @@ wait_until_can_do_something(fd_set **rea if (compat20 max_time_milliseconds == 0 options.client_alive_interval) { client_alive_scheduled = 1; - max_time_milliseconds = options.client_alive_interval * 1000; + max_time_milliseconds = options.client_alive_interval * 1000ULL; } if (compat20) {