CVS commit: src/crypto/external/bsd/openssh

2021-04-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 19 14:40:16 UTC 2021

Modified Files:
src/crypto/external/bsd/openssh/dist: addrmatch.c auth-krb5.c
auth-options.c auth.c auth2-pubkey.c auth2.c chacha.h channels.c
channels.h cipher.c clientloop.c dh.c dh.h hostfile.c kex.c
kexgen.c log.c log.h misc.c misc.h monitor.c monitor_wrap.c
monitor_wrap.h mux.c packet.c readconf.c scp.c servconf.c
servconf.h serverloop.c session.c sftp-client.c sftp-client.h
sftp-server.c sftp.c srclimit.c ssh-add.c ssh-agent.c ssh-keygen.c
ssh-sk-client.c ssh.c ssh_api.c ssh_config.5 sshconnect.c
sshconnect2.c sshd.8 sshd.c sshd_config.5 sshkey-xmss.c
sshkey-xmss.h sshkey.c umac.c utf8.h version.h xmalloc.h
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.2048
moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: shlib_version

Log Message:
Merge local changes between 8.5 and 8.6


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/addrmatch.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/auth-krb5.c
cvs rdiff -u -r1.25 -r1.26 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/channels.c \
src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c \
src/crypto/external/bsd/openssh/dist/ssh_config.5 \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.27 -r1.28 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/auth2.c \
src/crypto/external/bsd/openssh/dist/sftp-server.c \
src/crypto/external/bsd/openssh/dist/sshd.8
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/chacha.h \
src/crypto/external/bsd/openssh/dist/srclimit.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/channels.h
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/cipher.c \
src/crypto/external/bsd/openssh/dist/dh.c \
src/crypto/external/bsd/openssh/dist/hostfile.c \
src/crypto/external/bsd/openssh/dist/umac.c
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/clientloop.c \
src/crypto/external/bsd/openssh/dist/sftp.c \
src/crypto/external/bsd/openssh/dist/ssh-agent.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/dh.h \
src/crypto/external/bsd/openssh/dist/sftp-client.h \
src/crypto/external/bsd/openssh/dist/ssh_api.c
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/kexgen.c
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/log.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/log.h
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/misc.h
cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/openssh/dist/monitor.c
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.h
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/mux.c
cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/readconf.c \
src/crypto/external/bsd/openssh/dist/session.c \
src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/scp.c
cvs rdiff -u -r1.35 -r1.36 src/crypto/external/bsd/openssh/dist/servconf.c \
src/crypto/external/bsd/openssh/dist/ssh.c \
src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/servconf.h \
src/crypto/external/bsd/openssh/dist/ssh-add.c
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/sftp-client.c
cvs rdiff -u -r1.38 -r1.39 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c \
src/crypto/external/bsd/openssh/dist/utf8.h
cvs rdiff -u -r1.39 -r1.40 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.41 -r1.42 src/crypto/external/bsd/openssh/dist/sshd.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/sshkey-xmss.c
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/dist/sshkey-xmss.h
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/xmalloc.h
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048
cvs rdiff -u -r1.11 -r1.12 \
src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 \
src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 \

CVS commit: src/crypto/external/bsd/openssh

2021-04-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 19 14:07:36 UTC 2021

Modified Files:
src/crypto/external/bsd/openssh: openssh2netbsd

Log Message:
Force user to specify source dir. Too dangerous to run in random places.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/openssh2netbsd

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/openssh2netbsd
diff -u src/crypto/external/bsd/openssh/openssh2netbsd:1.3 src/crypto/external/bsd/openssh/openssh2netbsd:1.4
--- src/crypto/external/bsd/openssh/openssh2netbsd:1.3	Fri Dec  4 13:42:49 2020
+++ src/crypto/external/bsd/openssh/openssh2netbsd	Mon Apr 19 10:07:36 2021
@@ -1,6 +1,6 @@
 #! /bin/sh
 #
-#	$NetBSD: openssh2netbsd,v 1.3 2020/12/04 18:42:49 christos Exp $
+#	$NetBSD: openssh2netbsd,v 1.4 2021/04/19 14:07:36 christos Exp $
 #
 # Copyright (c) 2001 The NetBSD Foundation, Inc.
 # All rights reserved.
@@ -28,6 +28,14 @@
 #
 # openssh2netbsd:  convert a openssh source tree into netbsd openssh tree
 
+if [ -z "$1" ]; then
+	echo "Usage: $0 " 1>&2
+	exit 1
+fi
+
+set -e
+cd "$1"
+
 ### Remove CVS
 find . -name CVS -print | xargs rm -r

CVS commit: src/crypto/external/bsd/openssh/dist

2021-03-05 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar  5 17:53:51 UTC 2021

Modified Files:
src/crypto/external/bsd/openssh/dist: scp.c

Log Message:
remove __UNCONST, initialize


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/scp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.29 src/crypto/external/bsd/openssh/dist/scp.c:1.30
--- src/crypto/external/bsd/openssh/dist/scp.c:1.29	Fri Mar  5 12:47:16 2021
+++ src/crypto/external/bsd/openssh/dist/scp.c	Fri Mar  5 12:53:51 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.29 2021/03/05 17:47:16 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.30 2021/03/05 17:53:51 christos Exp $	*/
 /* $OpenBSD: scp.c,v 1.213 2020/10/18 11:32:01 djm Exp $ */
 
 /*
@@ -74,7 +74,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.29 2021/03/05 17:47:16 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.30 2021/03/05 17:53:51 christos Exp $");
 
 #include 	/* roundup MAX */
 #include 
@@ -877,7 +877,7 @@ brace_expand(const char *pattern, char *
 void
 toremote(int argc, char **argv)
 {
-	char *suser = NULL, *host = NULL, *src;
+	char *suser = NULL, *host = NULL, *src = NULL;
 	char *bp, *tuser, *thost, *targ;
 	int sport = -1, tport = -1;
 	arglist alist;
@@ -911,7 +911,7 @@ toremote(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(__UNCONST(src));
+		free(src);
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -989,16 +989,16 @@ toremote(int argc, char **argv)
 out:
 	free(tuser);
 	free(thost);
-	free(__UNCONST(targ));
+	free(targ);
 	free(suser);
 	free(host);
-	free(__UNCONST(src));
+	free(src);
 }
 
 static void
 tolocal(int argc, char **argv)
 {
-	char *bp, *host = NULL, *suser = NULL, *src;
+	char *bp, *host = NULL, *suser = NULL, *src = NULL;
 	arglist alist;
 	int i, r, sport = -1;
 
@@ -1008,7 +1008,7 @@ tolocal(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(__UNCONST(src));
+		free(src);
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -1050,7 +1050,7 @@ tolocal(int argc, char **argv)
 	}
 	free(suser);
 	free(host);
-	free(__UNCONST(src));
+	free(src);
 }
 
 void

CVS commit: src/crypto/external/bsd/openssh

2021-03-05 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar  5 17:47:16 UTC 2021

Modified Files:
src/crypto/external/bsd/openssh/bin/sshd: Makefile
src/crypto/external/bsd/openssh/dist: PROTOCOL PROTOCOL.agent addr.c
addrmatch.c auth-krb5.c auth-options.c auth-passwd.c auth-rhosts.c
auth.c auth.h auth2-chall.c auth2-gss.c auth2-hostbased.c
auth2-kbdint.c auth2-none.c auth2-passwd.c auth2-pubkey.c auth2.c
authfd.c canohost.c channels.c cipher.c clientloop.c compat.c
compat.h crypto_api.h dh.c digest-openssl.c digest.h dns.c fatal.c
gss-genr.c hostfile.c hostfile.h kex.c kex.h kexdh.c kexgen.c
kexgexc.c kexgexs.c krl.c log.c log.h match.c misc.c misc.h
monitor.c monitor_fdpass.c monitor_wrap.c monitor_wrap.h msg.c
mux.c myproposal.h namespace.h nchan.c packet.c readconf.c
readconf.h readpass.c sandbox-pledge.c sandbox-rlimit.c scp.1 scp.c
servconf.c servconf.h serverloop.c session.c sftp-client.c
sftp-client.h sftp-common.c sftp-server.c sftp.1 sftp.c sk-usbhid.c
srclimit.c ssh-add.c ssh-agent.c ssh-ed25519-sk.c ssh-ed25519.c
ssh-gss.h ssh-keygen.1 ssh-keygen.c ssh-keyscan.c ssh-keysign.c
ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
ssh-sk-client.c ssh-sk-helper.c ssh-sk.c ssh-xmss.c ssh.1 ssh.c
ssh2.h ssh_api.c ssh_config.5 sshconnect.c sshconnect.h
sshconnect2.c sshd.c sshd_config.5 sshkey-xmss.c sshkey-xmss.h
sshkey.c sshkey.h sshlogin.c sshsig.c ttymodes.c version.h
src/crypto/external/bsd/openssh/dist/moduli-gen: Makefile moduli.2048
moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: Makefile shlib_version
Removed Files:
src/crypto/external/bsd/openssh/dist: kexsntrup4591761x25519.c
sntrup4591761.c sntrup4591761.sh

Log Message:
merge local changes between openssh 8.4 and 8.5


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/bin/sshd/Makefile
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/kexgexc.c \
src/crypto/external/bsd/openssh/dist/log.h \
src/crypto/external/bsd/openssh/dist/readpass.c \
src/crypto/external/bsd/openssh/dist/sshconnect.h
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssh/dist/PROTOCOL.agent \
src/crypto/external/bsd/openssh/dist/gss-genr.c \
src/crypto/external/bsd/openssh/dist/hostfile.h \
src/crypto/external/bsd/openssh/dist/msg.c
cvs rdiff -u -r1.1.1.1 -r1.2 src/crypto/external/bsd/openssh/dist/addr.c \
src/crypto/external/bsd/openssh/dist/srclimit.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/addrmatch.c \
src/crypto/external/bsd/openssh/dist/auth2-passwd.c \
src/crypto/external/bsd/openssh/dist/canohost.c \
src/crypto/external/bsd/openssh/dist/compat.h \
src/crypto/external/bsd/openssh/dist/sshkey.h
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-krb5.c \
src/crypto/external/bsd/openssh/dist/auth2-gss.c \
src/crypto/external/bsd/openssh/dist/match.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/auth-passwd.c \
src/crypto/external/bsd/openssh/dist/auth2-none.c \
src/crypto/external/bsd/openssh/dist/nchan.c \
src/crypto/external/bsd/openssh/dist/sftp-client.h \
src/crypto/external/bsd/openssh/dist/sftp-common.c \
src/crypto/external/bsd/openssh/dist/ssh_api.c \
src/crypto/external/bsd/openssh/dist/ttymodes.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth-rhosts.c \
src/crypto/external/bsd/openssh/dist/auth2-kbdint.c \
src/crypto/external/bsd/openssh/dist/ssh2.h \
src/crypto/external/bsd/openssh/dist/sshlogin.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/channels.c \
src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/scp.c \
src/crypto/external/bsd/openssh/dist/serverloop.c \
src/crypto/external/bsd/openssh/dist/ssh.1 \
src/crypto/external/bsd/openssh/dist/ssh_config.5 \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/auth.h \
src/crypto/external/bsd/openssh/dist/monitor_wrap.h \
src/crypto/external/bsd/openssh/dist/myproposal.h \
src/crypto/external/bsd/openssh/dist/ssh-keysign.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/auth2-chall.c \

CVS commit: src/crypto/external/bsd/openssh

2020-12-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Dec  4 18:42:50 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh: openssh2netbsd
src/crypto/external/bsd/openssh/dist: PROTOCOL PROTOCOL.agent
auth-options.c auth-options.h auth.c auth2-pubkey.c authfd.c
authfd.h authfile.c channels.c channels.h clientloop.c compat.c
compat.h hostfile.c hostfile.h kex.c kexdh.c krl.c log.c match.c
match.h misc.c misc.h monitor.c monitor_wrap.c monitor_wrap.h msg.c
mux.c packet.c readconf.c readconf.h readpass.c scp.1 scp.c
servconf.c servconf.h serverloop.c session.c sftp-client.c
sftp-server.8 sftp-server.c sftp.1 sftp.c sk-usbhid.c ssh-add.1
ssh-add.c ssh-agent.1 ssh-agent.c ssh-ecdsa-sk.c ssh-keygen.1
ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-pkcs11.c
ssh-sk-helper.c ssh-sk.c ssh.1 ssh.c ssh.h ssh_api.c ssh_config
ssh_config.5 sshbuf-getput-basic.c sshbuf-misc.c sshbuf.h
sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5 sshkey.c
sshkey.h sshsig.c version.h
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.2048
moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: shlib_version
Removed Files:
src/crypto/external/bsd/openssh/dist/ssh-sk-helper: Makefile

Log Message:
Merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/openssh2netbsd
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/authfd.h \
src/crypto/external/bsd/openssh/dist/readpass.c \
src/crypto/external/bsd/openssh/dist/ssh_config \
src/crypto/external/bsd/openssh/dist/sshbuf.h
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/PROTOCOL.agent \
src/crypto/external/bsd/openssh/dist/hostfile.h \
src/crypto/external/bsd/openssh/dist/msg.c
cvs rdiff -u -r1.23 -r1.24 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/openssh/dist/auth-options.h \
src/crypto/external/bsd/openssh/dist/match.c
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/channels.c \
src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/scp.c \
src/crypto/external/bsd/openssh/dist/serverloop.c \
src/crypto/external/bsd/openssh/dist/ssh.1 \
src/crypto/external/bsd/openssh/dist/ssh_config.5 \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.25 -r1.26 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/authfd.c \
src/crypto/external/bsd/openssh/dist/scp.1 \
src/crypto/external/bsd/openssh/dist/sftp-server.c
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/authfile.c \
src/crypto/external/bsd/openssh/dist/readconf.h \
src/crypto/external/bsd/openssh/dist/sftp-client.c
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/channels.h \
src/crypto/external/bsd/openssh/dist/hostfile.c \
src/crypto/external/bsd/openssh/dist/krl.c
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/clientloop.c \
src/crypto/external/bsd/openssh/dist/sftp.c \
src/crypto/external/bsd/openssh/dist/ssh-agent.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/compat.c \
src/crypto/external/bsd/openssh/dist/log.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/compat.h \
src/crypto/external/bsd/openssh/dist/sftp-server.8 \
src/crypto/external/bsd/openssh/dist/ssh.h \
src/crypto/external/bsd/openssh/dist/sshkey.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/kexdh.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/match.h \
src/crypto/external/bsd/openssh/dist/ssh_api.c \
src/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/misc.h
cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssh/dist/monitor.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.h \
src/crypto/external/bsd/openssh/dist/ssh-keysign.c
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/mux.c \
src/crypto/external/bsd/openssh/dist/ssh-keygen.1 \
src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
cvs rdiff -u -r1.41 -r1.42 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/readconf.c \

CVS commit: src/crypto/external/bsd/openssh/dist

2020-11-12 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Nov 12 19:43:19 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: getrrsetbyname.c

Log Message:
eliminate direct use of _res for threaded programs.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssh/dist/getrrsetbyname.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/getrrsetbyname.c
diff -u src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.5 src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.6
--- src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.5	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/getrrsetbyname.c	Thu Nov 12 14:43:18 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: getrrsetbyname.c,v 1.5 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: getrrsetbyname.c,v 1.6 2020/11/12 19:43:18 christos Exp $	*/
 /* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
 
 /*
@@ -47,7 +47,7 @@
 /* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
 
 #include "includes.h"
-__RCSID("$NetBSD: getrrsetbyname.c,v 1.5 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: getrrsetbyname.c,v 1.6 2020/11/12 19:43:18 christos Exp $");
 
 #ifndef HAVE_GETRRSETBYNAME
 
@@ -189,8 +189,9 @@ getrrsetbyname(const char *hostname, uns
 unsigned int rdtype, unsigned int flags,
 struct rrsetinfo **res)
 {
-	struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
+	struct __res_state *_resp;
 	int result;
+	unsigned long options;
 	struct rrsetinfo *rrset = NULL;
 	struct dns_response *response = NULL;
 	struct dns_rr *rr;
@@ -201,27 +202,33 @@ getrrsetbyname(const char *hostname, uns
 
 	/* check for invalid class and type */
 	if (rdclass > 0x || rdtype > 0x) {
-		result = ERRSET_INVAL;
-		goto fail;
+		return ERRSET_INVAL;
 	}
 
 	/* don't allow queries of class or type ANY */
 	if (rdclass == 0xff || rdtype == 0xff) {
-		result = ERRSET_INVAL;
-		goto fail;
+		return ERRSET_INVAL;
 	}
 
 	/* don't allow flags yet, unimplemented */
 	if (flags) {
-		result = ERRSET_INVAL;
-		goto fail;
+		return ERRSET_INVAL;
 	}
 
+#ifndef __NetBSD__
+	_resp = _THREAD_PRIVATE(_res, _res, &_res);
 	/* initialize resolver */
 	if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
 		result = ERRSET_FAIL;
 		goto fail;
 	}
+#else
+	_resp = __res_get_state();
+	if (_resp == NULL) {
+		return ERRSET_FAIL;
+	}
+#endif
+	options = _resp->options;
 
 #ifdef DEBUG
 	_resp->options |= RES_DEBUG;
@@ -234,8 +241,8 @@ getrrsetbyname(const char *hostname, uns
 #endif /* RES_USE_DNSEC */
 
 	/* make query */
-	length = res_query(hostname, (signed int) rdclass, (signed int) rdtype,
-	answer, sizeof(answer));
+	length = res_nquery(_resp, hostname, (signed int) rdclass,
+	(signed int) rdtype, answer, sizeof(answer));
 	if (length < 0) {
 		switch(h_errno) {
 		case HOST_NOT_FOUND:
@@ -335,9 +342,17 @@ getrrsetbyname(const char *hostname, uns
 	free_dns_response(response);
 
 	*res = rrset;
+	_resp->options = options;
+#ifdef __NetBSD__
+	__res_put_state(_resp);
+#endif
 	return (ERRSET_SUCCESS);
 
 fail:
+	_resp->options = options;
+#ifdef __NetBSD__
+	__res_put_state(_resp);
+#endif
 	if (rrset != NULL)
 		freerrset(rrset);
 	if (response != NULL)
@@ -466,7 +481,7 @@ parse_dns_qsection(const u_char *answer,
 
 		/* name */
 		length = dn_expand(answer, answer + size, *cp, name,
-		sizeof(name));
+		(int)sizeof(name));
 		if (length < 0) {
 			free_dns_query(head);
 			return (NULL);
@@ -513,7 +528,7 @@ parse_dns_rrsection(const u_char *answer
 
 		/* name */
 		length = dn_expand(answer, answer + size, *cp, name,
-		sizeof(name));
+		(int)sizeof(name));
 		if (length < 0) {
 			free_dns_rr(head);
 			return (NULL);

CVS commit: src/crypto/external/bsd/openssh/bin/scp

2020-05-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri May 29 12:15:30 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/bin/scp: Makefile

Log Message:
delete previous and fix bug instead.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/bin/scp/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/bin/scp/Makefile
diff -u src/crypto/external/bsd/openssh/bin/scp/Makefile:1.4 src/crypto/external/bsd/openssh/bin/scp/Makefile:1.5
--- src/crypto/external/bsd/openssh/bin/scp/Makefile:1.4	Fri May 29 06:01:23 2020
+++ src/crypto/external/bsd/openssh/bin/scp/Makefile	Fri May 29 08:15:30 2020
@@ -1,9 +1,7 @@
-#	$NetBSD: Makefile,v 1.4 2020/05/29 10:01:23 kamil Exp $
+#	$NetBSD: Makefile,v 1.5 2020/05/29 12:15:30 christos Exp $
 
 BINDIR=/usr/bin
 
 PROG=	scp
 
-COPTS.scp.c += -Wno-format-nonliteral
-
 .include

CVS commit: src/crypto/external/bsd/openssh/dist

2020-05-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri May 29 12:14:49 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: scp.c

Log Message:
Fix printf format error.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/scp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.26 src/crypto/external/bsd/openssh/dist/scp.c:1.27
--- src/crypto/external/bsd/openssh/dist/scp.c:1.26	Thu May 28 13:05:49 2020
+++ src/crypto/external/bsd/openssh/dist/scp.c	Fri May 29 08:14:49 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.26 2020/05/28 17:05:49 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.27 2020/05/29 12:14:49 christos Exp $	*/
 /* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@@ -73,7 +73,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.26 2020/05/28 17:05:49 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.27 2020/05/29 12:14:49 christos Exp $");
 
 #include 	/* roundup MAX */
 #include 
@@ -366,7 +366,7 @@ __dead static void lostconn(int);
 int okname(char *);
 void run_err(const char *,...) __printflike(1, 2);
 void run_err(const char *,...) __printflike(1, 2);
-int note_err(const char *,...);
+int note_err(const char *,...) __printflike(1, 2);
 void verifydir(char *);
 
 struct passwd *pwd;
@@ -1503,7 +1503,7 @@ bad:			run_err("%s: %s", np, strerror(er
 }
 		}
 		if (close(ofd) == -1)
-			note_err(np, "%s: close: %s", np, strerror(errno));
+			note_err("%s: close: %s", np, strerror(errno));
 		(void) response();
 		if (showprogress)
 			stop_progress_meter();

CVS commit: src/crypto/external/bsd/openssh/bin/scp

2020-05-29 Thread Kamil Rytarowski 
Module Name:src
Committed By:   kamil
Date:   Fri May 29 10:01:23 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/bin/scp: Makefile

Log Message:
Specify -Wno-format-nonlitera for scp.c (OpenSSH)

Fixes build with Clang/LLVM.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/bin/scp/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/bin/scp/Makefile
diff -u src/crypto/external/bsd/openssh/bin/scp/Makefile:1.3 src/crypto/external/bsd/openssh/bin/scp/Makefile:1.4
--- src/crypto/external/bsd/openssh/bin/scp/Makefile:1.3	Sun Mar  1 20:59:52 2020
+++ src/crypto/external/bsd/openssh/bin/scp/Makefile	Fri May 29 10:01:23 2020
@@ -1,7 +1,9 @@
-#	$NetBSD: Makefile,v 1.3 2020/03/01 20:59:52 christos Exp $
+#	$NetBSD: Makefile,v 1.4 2020/05/29 10:01:23 kamil Exp $
 
 BINDIR=/usr/bin
 
 PROG=	scp
 
+COPTS.scp.c += -Wno-format-nonliteral
+
 .include

CVS commit: src/crypto/external/bsd/openssh

2020-05-28 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu May 28 17:05:50 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: PROTOCOL PROTOCOL.mux
auth-options.c auth-rhosts.c auth2-chall.c auth2-passwd.c auth2.c
authfd.c authfile.c channels.c cipher-chachapoly.c
cipher-chachapoly.h cipher.c clientloop.c clientloop.h
digest-libc.c gss-serv.c hmac.c hostfile.c kex.c krl.c krl.h misc.c
monitor.c mux.c packet.c packet.h readconf.c readconf.h scp.1 scp.c
servconf.c servconf.h session.c sftp.1 sftp.c sk-usbhid.c ssh-add.c
ssh-agent.c ssh-dss.c ssh-ed25519-sk.c ssh-ed25519.c ssh-keygen.1
ssh-keygen.c ssh-pkcs11-helper.c ssh-pkcs11.c ssh-sk.c ssh-xmss.c
ssh.1 ssh.c ssh_config.5 sshbuf-misc.c sshbuf.c sshbuf.h
sshconnect.c sshconnect2.c sshd.c sshd_config.5 sshkey.c sshkey.h
sshsig.c umac.c utf8.c utf8.h version.h
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.2048
moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: shlib_version

Log Message:
Merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/sshbuf.h
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/PROTOCOL.mux \
src/crypto/external/bsd/openssh/dist/sshbuf-misc.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/auth-rhosts.c \
src/crypto/external/bsd/openssh/dist/sshbuf.c \
src/crypto/external/bsd/openssh/dist/sshkey.h
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/auth2-chall.c \
src/crypto/external/bsd/openssh/dist/cipher.c \
src/crypto/external/bsd/openssh/dist/clientloop.h
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssh/dist/auth2-passwd.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/auth2.c \
src/crypto/external/bsd/openssh/dist/packet.h \
src/crypto/external/bsd/openssh/dist/servconf.h \
src/crypto/external/bsd/openssh/dist/sftp.1 \
src/crypto/external/bsd/openssh/dist/ssh-add.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/authfd.c \
src/crypto/external/bsd/openssh/dist/scp.1
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/authfile.c \
src/crypto/external/bsd/openssh/dist/readconf.h
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/channels.c \
src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/ssh.1 \
src/crypto/external/bsd/openssh/dist/ssh_config.5 \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssh/dist/cipher-chachapoly.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssh/dist/cipher-chachapoly.h \
src/crypto/external/bsd/openssh/dist/sk-usbhid.c \
src/crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c \
src/crypto/external/bsd/openssh/dist/ssh-sk.c \
src/crypto/external/bsd/openssh/dist/ssh-xmss.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/clientloop.c \
src/crypto/external/bsd/openssh/dist/sftp.c \
src/crypto/external/bsd/openssh/dist/ssh-agent.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/digest-libc.c \
src/crypto/external/bsd/openssh/dist/hmac.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/gss-serv.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/hostfile.c \
src/crypto/external/bsd/openssh/dist/krl.c \
src/crypto/external/bsd/openssh/dist/ssh-dss.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/krl.h
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/monitor.c
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/mux.c \
src/crypto/external/bsd/openssh/dist/scp.c \
src/crypto/external/bsd/openssh/dist/ssh-keygen.1
cvs rdiff -u -r1.40 -r1.41 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/readconf.c \
src/crypto/external/bsd/openssh/dist/session.c \
src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.32 -r1.33 src/crypto/external/bsd/openssh/dist/servconf.c \
src/crypto/external/bsd/openssh/dist/ssh.c \
src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/ssh-ed25519.c
cvs rdiff -u -r1.35 -r1.36 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.18 -r1.19 \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c \
src/crypto/external/bsd/openssh/dist/umac.c
cvs rdiff -u -r1.19 -r1.20

CVS commit: src/crypto/external/bsd/openssh/libexec/ssh-sk-helper

2020-03-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar  4 17:30:40 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/libexec/ssh-sk-helper: Makefile

Log Message:
Add a libm dependency


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile
diff -u src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile:1.2 src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile:1.3
--- src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile:1.2	Mon Mar  2 19:43:20 2020
+++ src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile	Wed Mar  4 12:30:40 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.2 2020/03/03 00:43:20 christos Exp $
+#	$NetBSD: Makefile,v 1.3 2020/03/04 17:30:40 christos Exp $
 
 BINDIR=	/usr/libexec
 
@@ -6,7 +6,7 @@ PROG=	ssh-sk-helper
 SRCS=	ssh-sk-helper.c ssh-sk.c sk-usbhid.c
 MAN=	ssh-sk-helper.8
 
-LDADD+=-lfido2 -lcbor -lusbhid
-DPADD+=${LIBFIDO2} ${LIBCBOR} ${LIBUSBHID}
+LDADD+=-lfido2 -lcbor -lusbhid -lm
+DPADD+=${LIBFIDO2} ${LIBCBOR} ${LIBUSBHID} ${LIBM}
 
 .include

CVS commit: src/crypto/external/bsd/openssh

2020-03-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Mar  3 00:43:21 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh: Makefile
src/crypto/external/bsd/openssh/libexec/ssh-sk-helper: Makefile

Log Message:
Enable ssh-sk-helper


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/Makefile
diff -u src/crypto/external/bsd/openssh/Makefile:1.2 src/crypto/external/bsd/openssh/Makefile:1.3
--- src/crypto/external/bsd/openssh/Makefile:1.2	Wed Feb 26 19:24:38 2020
+++ src/crypto/external/bsd/openssh/Makefile	Mon Mar  2 19:43:20 2020
@@ -1,5 +1,5 @@
-#	$NetBSD: Makefile,v 1.2 2020/02/27 00:24:38 christos Exp $
+#	$NetBSD: Makefile,v 1.3 2020/03/03 00:43:20 christos Exp $
 
-SUBDIR=		lib .WAIT bin # libexec
+SUBDIR=		lib .WAIT bin libexec
 
 .include 

Index: src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile
diff -u src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile:1.1 src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile:1.2
--- src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile:1.1	Wed Feb 26 19:24:41 2020
+++ src/crypto/external/bsd/openssh/libexec/ssh-sk-helper/Makefile	Mon Mar  2 19:43:20 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.1 2020/02/27 00:24:41 christos Exp $
+#	$NetBSD: Makefile,v 1.2 2020/03/03 00:43:20 christos Exp $
 
 BINDIR=	/usr/libexec
 
@@ -6,7 +6,7 @@ PROG=	ssh-sk-helper
 SRCS=	ssh-sk-helper.c ssh-sk.c sk-usbhid.c
 MAN=	ssh-sk-helper.8
 
-LDADD+=-lfido2 -lusbhid
-DPADD+=${LIBFIDO2} ${LIBUSBHID}
+LDADD+=-lfido2 -lcbor -lusbhid
+DPADD+=${LIBFIDO2} ${LIBCBOR} ${LIBUSBHID}
 
 .include

CVS commit: src/crypto/external/bsd/openssh

2020-03-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Mar  2 15:23:17 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh: Makefile.inc

Log Message:
Enable compression


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/Makefile.inc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/Makefile.inc
diff -u src/crypto/external/bsd/openssh/Makefile.inc:1.14 src/crypto/external/bsd/openssh/Makefile.inc:1.15
--- src/crypto/external/bsd/openssh/Makefile.inc:1.14	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/Makefile.inc	Mon Mar  2 10:23:17 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.14 2018/04/06 18:58:59 christos Exp $
+#	$NetBSD: Makefile.inc,v 1.15 2020/03/02 15:23:17 christos Exp $
 
 WARNS?=	4
 
@@ -11,6 +11,7 @@ SSHDIST?= ${NETBSDSRCDIR}/crypto/externa
 
 CPPFLAGS+=-I${SSHDIST}
 
+CPPFLAGS+=-D_OPENBSD_SOURCE 
 CPPFLAGS+=-DHAVE_DLOPEN
 CPPFLAGS+=-DHAVE_HEADER_AD
 CPPFLAGS+=-DHAVE_LOGIN_CAP
@@ -19,7 +20,7 @@ CPPFLAGS+=-DHAVE_STDLIB_H
 CPPFLAGS+=-DOPENSSL_API_COMPAT=0x1010L
 .endif
 
-CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE -DWITH_XMSS
+CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -DWITH_XMSS -DWITH_ZLIB
 .if !defined(NOPIC)
 CPPFLAGS+=-DHAVE_DLOPEN
 .endif

CVS commit: src/crypto/external/bsd/openssh/dist

2020-03-01 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Mar  1 14:51:06 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-sk-client.c

Log Message:
fix a sign-compare issue (for the pam module)


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-sk-client.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.2 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.3
--- src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.2	Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/ssh-sk-client.c	Sun Mar  1 09:51:06 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-sk-client.c,v 1.2 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: ssh-sk-client.c,v 1.3 2020/03/01 14:51:06 christos Exp $	*/
 /* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
@@ -16,7 +16,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: ssh-sk-client.c,v 1.2 2020/02/27 00:24:40 christos Exp $");
+__RCSID("$NetBSD: ssh-sk-client.c,v 1.3 2020/03/01 14:51:06 christos Exp $");
 
 #include 
 #include 
@@ -160,7 +160,7 @@ client_converse(struct sshbuf *msg, stru
 	ll = log_level_get();
 	if ((r = sshbuf_put_u32(req, type)) != 0 ||
 	   (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
-	   (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
+	   (r = sshbuf_put_u32(req, (uint32_t)(ll < 0 ? 0 : ll))) != 0 ||
 	   (r = sshbuf_putb(req, msg)) != 0) {
 		error("%s: build: %s", __func__, ssh_err(r));
 		goto out;

CVS commit: src/crypto/external/bsd/openssh/dist

2020-03-01 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Sun Mar  1 08:21:38 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh_config sshd_config

Log Message:
Sync with OpenSSH 8.2p1 sample configs

- Add GSSAPIAuthentication and related options
- Add KerberosAuthentication and related options
- Bring in the lengthy but useful comment block about
  the side-effect of UsePAM with regards to PermitRootLogin.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh_config
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh_config
diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.13 src/crypto/external/bsd/openssh/dist/ssh_config:1.14
--- src/crypto/external/bsd/openssh/dist/ssh_config:1.13	Fri Feb 28 10:41:48 2020
+++ src/crypto/external/bsd/openssh/dist/ssh_config	Sun Mar  1 08:21:38 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
+#	$NetBSD: ssh_config,v 1.14 2020/03/01 08:21:38 kim Exp $
 #	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -27,6 +27,8 @@ Host *.netbsd.org *.NetBSD.org
 #   ForwardX11 no
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.24 src/crypto/external/bsd/openssh/dist/sshd_config:1.25
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.24	Fri Feb 28 10:59:58 2020
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Sun Mar  1 08:21:38 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
+#	$NetBSD: sshd_config,v 1.25 2020/03/01 08:21:38 kim Exp $
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -60,6 +60,27 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
 
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
@@ -72,7 +93,6 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
-UsePAM yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

CVS commit: src/crypto/external/bsd/openssh/lib

2020-02-29 Thread Michał Górny 
Module Name:src
Committed By:   mgorny
Date:   Sat Feb 29 20:44:16 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/lib: Makefile

Log Message:
Workaround build failure due to -Werror=format-nonliteral

Reviewed by kamil.


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/lib/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/lib/Makefile
diff -u src/crypto/external/bsd/openssh/lib/Makefile:1.31 src/crypto/external/bsd/openssh/lib/Makefile:1.32
--- src/crypto/external/bsd/openssh/lib/Makefile:1.31	Thu Feb 27 00:24:40 2020
+++ src/crypto/external/bsd/openssh/lib/Makefile	Sat Feb 29 20:44:15 2020
@@ -1,10 +1,11 @@
-#	$NetBSD: Makefile,v 1.31 2020/02/27 00:24:40 christos Exp $
+#	$NetBSD: Makefile,v 1.32 2020/02/29 20:44:15 mgorny Exp $
 
 .include 
 
 .include "../Makefile.inc"
 
 CWARNFLAGS.clang+=	-Wno-error=sizeof-array-div
+CWARNFLAGS.clang+=	-Wno-error=format-nonliteral
 LIB=	ssh
 SRCS=\
 addrmatch.c \

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-29 Thread Tobias Nygren 
Module Name:src
Committed By:   tnn
Date:   Sat Feb 29 14:03:17 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: xmalloc.h

Log Message:
annotate xvasprintf w/ format string attribute


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/xmalloc.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/xmalloc.h
diff -u src/crypto/external/bsd/openssh/dist/xmalloc.h:1.12 src/crypto/external/bsd/openssh/dist/xmalloc.h:1.13
--- src/crypto/external/bsd/openssh/dist/xmalloc.h:1.12	Thu Feb 27 00:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/xmalloc.h	Sat Feb 29 14:03:17 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: xmalloc.h,v 1.12 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: xmalloc.h,v 1.13 2020/02/29 14:03:17 tnn Exp $	*/
 /* $OpenBSD: xmalloc.h,v 1.19 2019/11/12 22:32:48 djm Exp $ */
 
 /*
@@ -26,4 +26,5 @@ int	 xasprintf(char **, const char *, ..
 __attribute__((__format__ (printf, 2, 3)))
 __attribute__((__nonnull__ (2)));
 int	 xvasprintf(char **, const char *, va_list)
+__attribute__((__format__ (printf, 2, 0)))
 		__attribute__((__nonnull__ (2)));

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 17:50:29 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: version.h

Log Message:
Remove unreferenced SSH_RELEASE


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.31 src/crypto/external/bsd/openssh/dist/version.h:1.32
--- src/crypto/external/bsd/openssh/dist/version.h:1.31	Thu Feb 27 00:27:44 2020
+++ src/crypto/external/bsd/openssh/dist/version.h	Fri Feb 28 17:50:29 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.31 2020/02/27 00:27:44 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.32 2020/02/28 17:50:29 kim Exp $	*/
 /* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.2"
@@ -10,4 +10,3 @@
  * used for bug compatibility operation.  present NetBSD SSH version as comment
  */
 #define SSH_VERSION	__OPENSSH_VERSION " " __NETBSDSSH_VERSION SSH_HPN SSH_LPK
-#define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 17:27:34 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: readconf.c

Log Message:
Fix duplicate entries in the keywords list.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/readconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/readconf.c
diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.29 src/crypto/external/bsd/openssh/dist/readconf.c:1.30
--- src/crypto/external/bsd/openssh/dist/readconf.c:1.29	Thu Feb 27 00:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/readconf.c	Fri Feb 28 17:27:34 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.29 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.30 2020/02/28 17:27:34 kim Exp $	*/
 /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: readconf.c,v 1.29 2020/02/27 00:24:40 christos Exp $");
+__RCSID("$NetBSD: readconf.c,v 1.30 2020/02/28 17:27:34 kim Exp $");
 #include 
 #include 
 #include 
@@ -196,9 +196,25 @@ static struct {
 	{ "useprivilegedport", oDeprecated },
 
 	/* Unsupported options */
+#ifdef AFS
+	{ "afstokenpassing", oAFSTokenPassing },
+#else
 	{ "afstokenpassing", oUnsupported },
+#endif
+#if defined(KRB4) || defined(KRB5)
+	{ "kerberosauthentication", oKerberosAuthentication },
+#else
 	{ "kerberosauthentication", oUnsupported },
+#endif
+#if defined(AFS) || defined(KRB5)
+	{ "kerberostgtpassing", oKerberosTgtPassing },
+	{ "kerberos5tgtpassing", oKerberosTgtPassing },		/* alias */
+	{ "kerberos4tgtpassing", oKerberosTgtPassing },		/* alias */
+#else
 	{ "kerberostgtpassing", oUnsupported },
+	{ "kerberos5tgtpassing", oUnsupported },
+	{ "kerberos4tgtpassing", oUnsupported },
+#endif
 	{ "rsaauthentication", oUnsupported },
 	{ "rhostsrsaauthentication", oUnsupported },
 	{ "compressionlevel", oUnsupported },
@@ -235,17 +251,6 @@ static struct {
 	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
 	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
-	{ "kerberosauthentication", oKerberosAuthentication },
-#endif
-#if defined(AFS) || defined(KRB5)
-	{ "kerberostgtpassing", oKerberosTgtPassing },
-	{ "kerberos5tgtpassing", oKerberosTgtPassing },		/* alias */
-	{ "kerberos4tgtpassing", oKerberosTgtPassing },		/* alias */
-#endif
-#ifdef AFS
-	{ "afstokenpassing", oAFSTokenPassing },
-#endif
 #if defined(GSSAPI)
 	{ "gssapiauthentication", oGssAuthentication },
 	{ "gssapidelegatecredentials", oGssDelegateCreds },

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 10:59:58 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd_config

Log Message:
Cleanup

- Match the case of the UsePAM keyword used in the manual page and code,
  to aid case-sensitive grep etc.
- Remove references to obsole UseLogin and UsePrivilegeSeparation keywords.
- Whitespace police


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.23 src/crypto/external/bsd/openssh/dist/sshd_config:1.24
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.23	Sun Aug 26 07:46:37 2018
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Fri Feb 28 10:59:58 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.23 2018/08/26 07:46:37 christos Exp $
+#	$NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -53,7 +53,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 
-# To disable password authentication, set this and UsePam to no
+# To disable password authentication, set this and UsePAM to no
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
@@ -72,9 +72,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation sandbox
-UsePam yes
+UsePAM yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
@@ -121,7 +119,6 @@ Subsystem	sftp	/usr/libexec/sftp-server
 # buffer size for hpn to non-hpn connections
 #HPNBufferSize 2048
 
-
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 10:41:49 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh_config

Log Message:
Move NetBSD.org-specific entry above the match-all entry

The first matching entry that sets an option "wins." Therefore more
specific matches should be provided before the "Host *" entry that
matches everything. This way options set in the more specific entry will
not be accidentally made ineffective by the match-all entry.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh_config
diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.12 src/crypto/external/bsd/openssh/dist/ssh_config:1.13
--- src/crypto/external/bsd/openssh/dist/ssh_config:1.12	Sat Apr 20 17:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/ssh_config	Fri Feb 28 10:41:48 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.12 2019/04/20 17:16:40 christos Exp $
+#	$NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
 #	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -18,6 +18,10 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
 
+# NetBSD.org DNS provides SSHFP records - use them when possible
+Host *.netbsd.org *.NetBSD.org
+VerifyHostKeyDNS ask
+
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
@@ -45,7 +49,3 @@
 
 # If you use xorg from pkgsrc then uncomment the following line.
 #   XAuthLocation /usr/pkg/bin/xauth
-
-# NetBSD.org DNS provides SSHFP records - use them when possible
-Host *.netbsd.org *.NetBSD.org
-VerifyHostKeyDNS ask

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-26 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb 27 00:27:44 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: version.h

Log Message:
fix date


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.30 src/crypto/external/bsd/openssh/dist/version.h:1.31
--- src/crypto/external/bsd/openssh/dist/version.h:1.30	Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/version.h	Wed Feb 26 19:27:44 2020
@@ -1,8 +1,8 @@
-/*	$NetBSD: version.h,v 1.30 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.31 2020/02/27 00:27:44 christos Exp $	*/
 /* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.2"
-#define __NETBSDSSH_VERSION	"NetBSD_Secure_Shell-2020025"
+#define __NETBSDSSH_VERSION	"NetBSD_Secure_Shell-20200225"
 #define SSH_HPN "-hpn13v14"
 #define SSH_LPK		"-lpk"
 /*

CVS commit: src/crypto/external/bsd/openssh

2020-02-26 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb 27 00:24:41 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh: Makefile
src/crypto/external/bsd/openssh/bin/scp: Makefile
src/crypto/external/bsd/openssh/bin/sftp: Makefile
src/crypto/external/bsd/openssh/bin/sftp-server: Makefile
src/crypto/external/bsd/openssh/bin/ssh: Makefile
src/crypto/external/bsd/openssh/bin/ssh-add: Makefile
src/crypto/external/bsd/openssh/bin/ssh-agent: Makefile
src/crypto/external/bsd/openssh/bin/ssh-keygen: Makefile
src/crypto/external/bsd/openssh/bin/ssh-keyscan: Makefile
src/crypto/external/bsd/openssh/bin/ssh-keysign: Makefile
src/crypto/external/bsd/openssh/bin/ssh-pkcs11-helper: Makefile
src/crypto/external/bsd/openssh/bin/sshd: Makefile
src/crypto/external/bsd/openssh/dist: PROTOCOL.certkeys auth-options.c
auth-options.h auth.c auth2-chall.c auth2-gss.c auth2-hostbased.c
auth2-kbdint.c auth2-pubkey.c authfd.c authfd.h authfile.c
authfile.h channels.c channels.h cipher.c cipher.h clientloop.c
gss-serv.c hash.c hostfile.c kex.c kexgen.c kexgexc.c krl.c match.c
misc.c misc.h moduli.c monitor.c monitor_wrap.c monitor_wrap.h
msg.c mux.c myproposal.h packet.c pathnames.h progressmeter.c
readconf.c readconf.h readpass.c scp.1 scp.c servconf.c servconf.h
serverloop.c session.c sftp-glob.c sftp-realpath.c sftp-server.8
sftp.1 sftp.c sk-usbhid.c ssh-add.1 ssh-add.c ssh-agent.1
ssh-agent.c ssh-ecdsa-sk.c ssh-ed25519-sk.c ssh-keygen.1
ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8
ssh-keysign.c ssh-pkcs11-client.c ssh-pkcs11-helper.8
ssh-pkcs11-helper.c ssh-pkcs11.c ssh-pkcs11.h ssh-sk-client.c
ssh-sk-helper.c ssh-sk.c ssh.1 ssh.c ssh_api.c ssh_config.5
sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-io.c
sshbuf-misc.c sshbuf.c sshbuf.h sshconnect.c sshconnect.h
sshconnect2.c sshd.8 sshd.c sshd_config.5 ssherr.c ssherr.h
sshkey-xmss.c sshkey.c sshkey.h sshsig.c umac.c version.h xmalloc.c
xmalloc.h
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.2048
moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: Makefile shlib_version
Added Files:
src/crypto/external/bsd/openssh/libexec: Makefile Makefile.inc
src/crypto/external/bsd/openssh/libexec/ssh-sk-helper: Makefile

Log Message:
Merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/Makefile
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/bin/scp/Makefile
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/bin/sftp/Makefile
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssh/bin/sftp-server/Makefile
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/bin/ssh/Makefile
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/bin/ssh-add/Makefile
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssh/bin/ssh-agent/Makefile
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssh/bin/ssh-keygen/Makefile
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/crypto/external/bsd/openssh/bin/ssh-keysign/Makefile
cvs rdiff -u -r1.1 -r1.2 \
src/crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/bin/sshd/Makefile
cvs rdiff -u -r1.11 -r1.12 \
src/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys \
src/crypto/external/bsd/openssh/dist/auth2-kbdint.c \
src/crypto/external/bsd/openssh/dist/sftp-glob.c \
src/crypto/external/bsd/openssh/dist/sftp-server.8 \
src/crypto/external/bsd/openssh/dist/xmalloc.c \
src/crypto/external/bsd/openssh/dist/xmalloc.h
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sshd.8 \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssh/dist/auth-options.h \
src/crypto/external/bsd/openssh/dist/match.c \
src/crypto/external/bsd/openssh/dist/progressmeter.c \
src/crypto/external/bsd/openssh/dist/ssh-keysign.8 \
src/crypto/external/bsd/openssh/dist/sshbuf.h
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/auth2-chall.c \
src/crypto/external/bsd/openssh/dist/channels.h \
src/crypto/external/bsd/openssh/dist/cipher.c
cvs rdiff -u -r1.13 -r1.14

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:38:42 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
need pfilter.h


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.31 src/crypto/external/bsd/openssh/dist/monitor.c:1.32
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.31	Sat Dec  7 11:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Sat Dec  7 11:38:42 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.32 2019/12/07 16:38:42 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.32 2019/12/07 16:38:42 christos Exp $");
 #include 
 #include 
 #include 
@@ -85,6 +85,8 @@ __RCSID("$NetBSD: monitor.c,v 1.31 2019/
 #include "match.h"
 #include "ssherr.h"
 
+#include "pfilter.h"
+
 #ifdef GSSAPI
 static Gssctxt *gsscontext = NULL;
 #endif

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:32:22 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2.c monitor.c

Log Message:
Add some more pfilter_notify() calls where authentication attempts fail.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/auth2.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2.c
diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.20 src/crypto/external/bsd/openssh/dist/auth2.c:1.21
--- src/crypto/external/bsd/openssh/dist/auth2.c:1.20	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/auth2.c	Sat Dec  7 11:32:22 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $	*/
 /* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $");
 
 #include 
 #include 
@@ -440,8 +440,10 @@ userauth_finish(struct ssh *ssh, int aut
 	} else {
 		/* Allow initial try of "none" auth without failure penalty */
 		if (!partial && !authctxt->server_caused_failure &&
-		(authctxt->attempt > 1 || strcmp(method, "none") != 0))
+		(authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
 			authctxt->failures++;
+			pfilter_notify(1);
+		}
 		if (authctxt->failures >= options.max_authtries)
 			auth_maxtries_exceeded(ssh);
 		methods = authmethods_get(authctxt);

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.30 src/crypto/external/bsd/openssh/dist/monitor.c:1.31
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.30	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Sat Dec  7 11:32:22 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $");
 #include 
 #include 
 #include 
@@ -320,8 +320,10 @@ monitor_child_preauth(struct ssh *ssh, s
 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
 			auth_log(ssh, authenticated, partial,
 			auth_method, auth_submethod);
-			if (!partial && !authenticated)
+			if (!partial && !authenticated) {
+pfilter_notify(1);
 authctxt->failures++;
+			}
 			if (authenticated || partial) {
 auth2_update_session_info(authctxt,
 auth_method, auth_submethod);
@@ -1223,6 +1225,7 @@ mm_answer_keyallowed(struct ssh *ssh, in
 	} else {
 		/* Log failed attempt */
 		auth_log(ssh, 0, 0, auth_method, NULL);
+		pfilter_notify(1);
 		free(cuser);
 		free(chost);
 	}

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:25:36 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: auth.c

Log Message:
don't call pfilter_notify() from authz_log(). Logging should not have side
effects (kim@)


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/auth.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.25 src/crypto/external/bsd/openssh/dist/auth.c:1.26
--- src/crypto/external/bsd/openssh/dist/auth.c:1.25	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/auth.c	Sat Dec  7 11:25:36 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: auth.c,v 1.26 2019/12/07 16:25:36 christos Exp $	*/
 /* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.26 2019/12/07 16:25:36 christos Exp $");
 #include 
 #include 
 #include 
@@ -408,8 +408,6 @@ auth_log(struct ssh *ssh, int authentica
 	extra != NULL ? extra : "");
 
 	free(extra);
-	if (!authctxt->postponed)
-		pfilter_notify(!authenticated);
 }
 
 void

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:25:05 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd.c

Log Message:
don't call pfilter_notify() twice in grace_alarm_handler(). (kim@)


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.36 src/crypto/external/bsd/openssh/dist/sshd.c:1.37
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.36	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Sat Dec  7 11:25:05 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.36 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.37 2019/12/07 16:25:05 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.36 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.37 2019/12/07 16:25:05 christos Exp $");
 #include 
 #include 
 #include 
@@ -370,7 +370,6 @@ grace_alarm_handler(int sig)
 
 	/* XXX pre-format ipaddr/port so we don't need to access active_state */
 	/* Log error and exit. */
-	pfilter_notify(1);
 	sigdie("Timeout before authentication for %s port %d",
 	ssh_remote_ipaddr(the_active_state),
 	ssh_remote_port(the_active_state));

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-28 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Apr 28 14:45:13 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.h

Log Message:
one  more noreturn


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/monitor.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.h
diff -u src/crypto/external/bsd/openssh/dist/monitor.h:1.11 src/crypto/external/bsd/openssh/dist/monitor.h:1.12
--- src/crypto/external/bsd/openssh/dist/monitor.h:1.11	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/monitor.h	Sun Apr 28 10:45:13 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.h,v 1.11 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: monitor.h,v 1.12 2019/04/28 14:45:13 christos Exp $	*/
 /* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */
 
 /*
@@ -92,7 +92,8 @@ void monitor_reinit(struct monitor *);
 
 struct Authctxt;
 void monitor_child_preauth(struct ssh *, struct monitor *);
-void monitor_child_postauth(struct ssh *, struct monitor *);
+void monitor_child_postauth(struct ssh *, struct monitor *)
+__attribute__((__noreturn__));
 
 void monitor_clear_keystate(struct ssh *, struct monitor *);
 void monitor_apply_keystate(struct ssh *, struct monitor *);

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-25 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Apr 26 01:51:55 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c packet.h

Log Message:
attribute police


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/packet.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.37 src/crypto/external/bsd/openssh/dist/packet.c:1.38
--- src/crypto/external/bsd/openssh/dist/packet.c:1.37	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/packet.c	Thu Apr 25 21:51:55 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.37 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.38 2019/04/26 01:51:55 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.283 2019/03/01 03:29:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.37 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.38 2019/04/26 01:51:55 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1767,7 +1767,7 @@ ssh_packet_remaining(struct ssh *ssh)
  * authentication problems.   The length of the formatted message must not
  * exceed 1024 bytes.  This will automatically call ssh_packet_write_wait.
  */
-void
+void __attribute__((__format__ (__printf__, 2, 3)))
 ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
 {
 	char buf[1024];
@@ -1804,7 +1804,8 @@ sshpkt_fmt_connection_id(struct ssh *ssh
 /*
  * Pretty-print connection-terminating errors and exit.
  */
-static void
+static void __attribute__((__format__ (__printf__, 3, 0)))
+__attribute__((__noreturn__))
 sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
 {
 	char *tag = NULL, remote_id[512];
@@ -1854,7 +1855,8 @@ sshpkt_vfatal(struct ssh *ssh, int r, co
 	}
 }
 
-void
+void __attribute__((__format__ (__printf__, 3, 4)))
+__attribute__((__noreturn__))
 sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
 {
 	va_list ap;

Index: src/crypto/external/bsd/openssh/dist/packet.h
diff -u src/crypto/external/bsd/openssh/dist/packet.h:1.19 src/crypto/external/bsd/openssh/dist/packet.h:1.20
--- src/crypto/external/bsd/openssh/dist/packet.h:1.19	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/packet.h	Thu Apr 25 21:51:55 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.h,v 1.19 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: packet.h,v 1.20 2019/04/26 01:51:55 christos Exp $	*/
 /* $OpenBSD: packet.h,v 1.90 2019/01/21 10:35:09 djm Exp $ */
 
 /*
@@ -167,7 +167,7 @@ int sshpkt_disconnect(struct ssh *, 
 	__attribute__((format(printf, 2, 3)));
 int	sshpkt_add_padding(struct ssh *, u_char);
 void	sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
-	__attribute__((format(printf, 3, 4)));
+	__attribute__((format(printf, 3, 4))) __attribute__((__noreturn__));
 int	sshpkt_msg_ignore(struct ssh *, u_int);
 
 int	sshpkt_put(struct ssh *ssh, const void *v, size_t len);

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-20 Thread Robert Elz 
Module Name:src
Committed By:   kre
Date:   Sun Apr 21 01:32:04 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: sshconnect2.c

Log Message:
Put declaration of 'userauth_kerberos' inside #if KRB5 where it belongs.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/sshconnect2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.33 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.34
--- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.33	Sat Apr 20 17:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/sshconnect2.c	Sun Apr 21 01:32:04 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect2.c,v 1.33 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.34 2019/04/21 01:32:04 kre Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.33 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.34 2019/04/21 01:32:04 kre Exp $");
 #include 
 #include 
 #include 
@@ -79,7 +79,9 @@ const char *auth_get_canonical_hostn
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
+#ifdef KRB5
 static int userauth_kerberos(struct ssh *);
+#endif
 
 /* import */
 extern char *client_version_string;

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-20 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr 20 17:28:19 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: version.h

Log Message:
put back hpn/lpk strings


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.27 src/crypto/external/bsd/openssh/dist/version.h:1.28
--- src/crypto/external/bsd/openssh/dist/version.h:1.27	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/version.h	Sat Apr 20 13:28:19 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.27 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.28 2019/04/20 17:28:19 christos Exp $	*/
 /* $OpenBSD: version.h,v 1.84 2019/04/03 15:48:45 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.0"
@@ -9,5 +9,5 @@
  * it is important to retain OpenSSH version identification part, it is
  * used for bug compatibility operation.  present NetBSD SSH version as comment
  */
-#define SSH_VERSION	__OPENSSH_VERSION " " __NETBSDSSH_VERSION
+#define SSH_VERSION	__OPENSSH_VERSION " " __NETBSDSSH_VERSION SSH_HPN SSH_LPK
 #define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK

CVS commit: src/crypto/external/bsd/openssh

2019-04-20 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr 20 17:16:41 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/bin/ssh-keyscan: Makefile
src/crypto/external/bsd/openssh/bin/sshd: Makefile
src/crypto/external/bsd/openssh/dist: OVERVIEW PROTOCOL
PROTOCOL.certkeys PROTOCOL.mux atomicio.c atomicio.h auth-krb5.c
auth-options.c auth-pam.c auth-pam.h auth.c auth.h
auth2-hostbased.c auth2-krb5.c auth2-pubkey.c auth2.c authfd.c
authfd.h authfile.c channels.c channels.h cipher.c cipher.h
clientloop.c crypto_api.h dh.c dh.h digest-openssl.c dispatch.c
dispatch.h groupaccess.c kex.c kex.h kexc25519.c kexdh.c kexecdh.c
kexgen.c kexgex.c kexgexc.c kexgexs.c kexsntrup4591761x25519.c
krl.c krl.h match.c match.h misc.c misc.h moduli.c monitor.c
monitor.h monitor_wrap.c monitor_wrap.h mux.c myproposal.h
namespace.h nchan.c packet.c packet.h pfilter.c progressmeter.c
progressmeter.h readconf.c readconf.h readpass.c scp.1 scp.c
servconf.c servconf.h serverloop.c session.c session.h
sftp-client.c sftp-client.h sftp-common.c sftp-server.c sftp.1
sftp.c sntrup4591761.c ssh-add.1 ssh-add.c ssh-agent.c ssh-dss.c
ssh-ecdsa.c ssh-keygen.1 ssh-keygen.c ssh-keyscan.c ssh-keysign.c
ssh-pkcs11-client.c ssh-pkcs11-helper.8 ssh-pkcs11-helper.c
ssh-pkcs11.c ssh-pkcs11.h ssh-rsa.c ssh.1 ssh.c ssh.h ssh2.h
ssh_api.c ssh_config ssh_config.5 sshbuf-getput-crypto.c sshbuf.c
sshbuf.h sshconnect.c sshconnect.h sshconnect2.c sshd.c
sshd_config.5 sshkey.c sshkey.h version.h
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.3072
moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: Makefile shlib_version
Removed Files:
src/crypto/external/bsd/openssh/dist: kexc25519c.c kexc25519s.c
kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c opacket.c opacket.h

Log Message:
merge conflicts.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/bin/sshd/Makefile
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/OVERVIEW \
src/crypto/external/bsd/openssh/dist/atomicio.h \
src/crypto/external/bsd/openssh/dist/digest-openssl.c \
src/crypto/external/bsd/openssh/dist/dispatch.h \
src/crypto/external/bsd/openssh/dist/kexc25519.c \
src/crypto/external/bsd/openssh/dist/kexdh.c \
src/crypto/external/bsd/openssh/dist/kexecdh.c \
src/crypto/external/bsd/openssh/dist/namespace.h \
src/crypto/external/bsd/openssh/dist/ssh_api.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/cipher.h \
src/crypto/external/bsd/openssh/dist/moduli.c \
src/crypto/external/bsd/openssh/dist/sshconnect.h
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys \
src/crypto/external/bsd/openssh/dist/dh.h \
src/crypto/external/bsd/openssh/dist/match.c \
src/crypto/external/bsd/openssh/dist/monitor.h \
src/crypto/external/bsd/openssh/dist/progressmeter.c \
src/crypto/external/bsd/openssh/dist/sftp-client.h \
src/crypto/external/bsd/openssh/dist/sftp-common.c \
src/crypto/external/bsd/openssh/dist/sshbuf.h
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/PROTOCOL.mux \
src/crypto/external/bsd/openssh/dist/dispatch.c \
src/crypto/external/bsd/openssh/dist/match.h \
src/crypto/external/bsd/openssh/dist/nchan.c \
src/crypto/external/bsd/openssh/dist/sshbuf.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/atomicio.c \
src/crypto/external/bsd/openssh/dist/auth-pam.h \
src/crypto/external/bsd/openssh/dist/auth2-krb5.c \
src/crypto/external/bsd/openssh/dist/groupaccess.c \
src/crypto/external/bsd/openssh/dist/session.h \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 \
src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c \
src/crypto/external/bsd/openssh/dist/sshkey.h
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/auth-krb5.c \
src/crypto/external/bsd/openssh/dist/kexgexc.c \
src/crypto/external/bsd/openssh/dist/krl.c \
src/crypto/external/bsd/openssh/dist/ssh-add.1 \
src/crypto/external/bsd/openssh/dist/ssh-ecdsa.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/sftp-server.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/auth-pam.c \
src/crypto/external/bsd/openssh/dist/auth.h \
src/crypto/external/bsd/openssh/dist/auth2.c \

CVS commit: src/crypto/external/bsd/openssh/dist

2019-03-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar  8 20:34:24 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: recallocarray.c

Log Message:
Replace our buggy recallocarray implementation one with the portable one
from OpenBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/dist/recallocarray.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/recallocarray.c
diff -u src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1 src/crypto/external/bsd/openssh/dist/recallocarray.c:1.2
--- src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1	Sat Oct  7 17:14:59 2017
+++ src/crypto/external/bsd/openssh/dist/recallocarray.c	Fri Mar  8 15:34:24 2019
@@ -1,51 +1,91 @@
-/*	$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $	*/
-/*	$OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $	*/
+/*	$OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $	*/
 
-/*-
- * Copyright (c) 2015 The NetBSD Foundation, Inc.
- * All rights reserved.
+/*
+ * Copyright (c) 2008, 2017 Otto Moerbeek 
  *
- * This code is derived from software contributed to The NetBSD Foundation
- * by Christos Zoulas.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *notice, this list of conditions and the following disclaimer in the
- *documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */
+
 #include "includes.h"
-#include 
-__RCSID("$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $");
+#ifndef HAVE_RECALLOCARRAY
 
 #include 
-#include 
 #include 
+#ifdef HAVE_STDINT_H
+#include 
+#endif
+#include 
+#include 
+
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
 
 void *
-recallocarray(void *optr, size_t omemb, size_t nmemb, size_t size)
+recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
 {
-	char *nptr = reallocarray(optr, nmemb, size);
+	size_t oldsize, newsize;
+	void *newptr;
+
+	if (ptr == NULL)
+		return calloc(newnmemb, size);
 
-	if (nptr == NULL || omemb >= nmemb)
-		return nptr;
+	if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	newnmemb > 0 && SIZE_MAX / newnmemb < size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	newsize = newnmemb * size;
+
+	if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
+		errno = EINVAL;
+		return NULL;
+	}
+	oldsize = oldnmemb * size;
+	
+	/*
+	 * Don't bother too much if we're shrinking just a bit,
+	 * we do not shrink for series of small steps, oh well.
+	 */
+	if (newsize <= oldsize) {
+		size_t d = oldsize - newsize;
+
+		if (d < oldsize / 2 && d < (size_t)getpagesize()) {
+			memset((char *)ptr + newsize, 0, d);
+			return ptr;
+		}
+	}
+
+	newptr = malloc(newsize);
+	if (newptr == NULL)
+		return NULL;
+
+

CVS commit: src/crypto/external/bsd/openssh/dist

2019-01-25 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Jan 25 14:29:05 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c

Log Message:
PR/53908: Alex Raschi: Include  for socketpair(2)


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/auth-pam.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.18
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17	Mon Aug 27 13:47:48 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Fri Jan 25 09:29:05 2019
@@ -51,7 +51,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.17 2018/08/27 17:47:48 tnn Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.18 2019/01/25 14:29:05 christos Exp $");
 #define _LIB_PTHREAD_H
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
@@ -65,6 +65,7 @@ void sshpam_password_change_required(int
 /* end NetBSD local changes */
 
 #include 
+#include 
 #include 
 #include

CVS commit: src/crypto/external/bsd/openssh/dist

2018-10-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Oct  2 22:44:07 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: log.c

Log Message:
Don't treat mostly connection closed events as filtering events.
There a a failed to negotiate instance too, but I don't want to generate
more diff.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/log.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/log.c
diff -u src/crypto/external/bsd/openssh/dist/log.c:1.18 src/crypto/external/bsd/openssh/dist/log.c:1.19
--- src/crypto/external/bsd/openssh/dist/log.c:1.18	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/log.c	Tue Oct  2 18:44:07 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: log.c,v 1.18 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: log.c,v 1.19 2018/10/02 22:44:07 christos Exp $	*/
 /* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */
 
 /*
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: log.c,v 1.18 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: log.c,v 1.19 2018/10/02 22:44:07 christos Exp $");
 #include 
 #include 
 
@@ -183,7 +183,7 @@ logdie(const char *fmt,...)
 	va_start(args, fmt);
 	do_log(SYSLOG_LEVEL_INFO, fmt, args);
 	va_end(args);
-	cleanup_exit(255);
+	cleanup_exit(254);
 }
 
 /* Log this message (information that usually should go to the log). */

CVS commit: src/crypto/external/bsd/openssh/dist

2018-10-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Oct  2 22:40:29 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor_wrap.c packet.c
serverloop.c

Log Message:
Undo previous change. It made filtering a lot more aggressive.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.23
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22	Sat Sep 29 11:10:44 2018
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c	Tue Oct  2 18:40:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
+/*	$NetBSD: monitor_wrap.c,v 1.23 2018/10/02 22:40:28 christos Exp $	*/
 /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.23 2018/10/02 22:40:28 christos Exp $");
 #include 
 #include 
 #include 
@@ -151,7 +151,7 @@ mm_request_receive(int sock, struct sshb
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
-			cleanup_exit(255);
+			cleanup_exit(254);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = PEEK_U32(buf);
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.22 src/crypto/external/bsd/openssh/dist/serverloop.c:1.23
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.22	Sat Sep 29 11:10:44 2018
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Tue Oct  2 18:40:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.23 2018/10/02 22:40:28 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
 
 /*
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.23 2018/10/02 22:40:28 christos Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -343,7 +343,7 @@ process_input(struct ssh *ssh, fd_set *r
 "%.100s port %d: %.100s",
 ssh_remote_ipaddr(ssh),
 ssh_remote_port(ssh), strerror(errno));
-cleanup_exit(255);
+cleanup_exit(254);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -440,7 +440,7 @@ server_loop2(struct ssh *ssh, Authctxt *
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
 			/* Clean up sessions, utmp, etc. */
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 
 		collect_children(ssh);

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.34 src/crypto/external/bsd/openssh/dist/packet.c:1.35
--- src/crypto/external/bsd/openssh/dist/packet.c:1.34	Sat Sep 29 11:10:44 2018
+++ src/crypto/external/bsd/openssh/dist/packet.c	Tue Oct  2 18:40:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.35 2018/10/02 22:40:28 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.35 2018/10/02 22:40:28 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1883,7 +1883,7 @@ ssh_packet_disconnect(struct ssh *ssh, c
 
 	/* Close the connection. */
 	ssh_packet_close(ssh);
-	cleanup_exit(255);
+	cleanup_exit(254);
 }
 
 /*

CVS commit: src/crypto/external/bsd/openssh/dist

2018-09-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Sep 29 15:10:45 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor_wrap.c packet.c
serverloop.c

Log Message:
be less aggressive about blocking connections from disconnected sessions.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.21 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.21	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c	Sat Sep 29 11:10:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor_wrap.c,v 1.21 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
 /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.21 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
 #include 
 #include 
 #include 
@@ -151,7 +151,7 @@ mm_request_receive(int sock, struct sshb
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
-			cleanup_exit(254);
+			cleanup_exit(255);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = PEEK_U32(buf);
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.21 src/crypto/external/bsd/openssh/dist/serverloop.c:1.22
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.21	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Sat Sep 29 11:10:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.21 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
 
 /*
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.21 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -343,7 +343,7 @@ process_input(struct ssh *ssh, fd_set *r
 "%.100s port %d: %.100s",
 ssh_remote_ipaddr(ssh),
 ssh_remote_port(ssh), strerror(errno));
-cleanup_exit(254);
+cleanup_exit(255);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -440,7 +440,7 @@ server_loop2(struct ssh *ssh, Authctxt *
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
 			/* Clean up sessions, utmp, etc. */
-			cleanup_exit(254);
+			cleanup_exit(255);
 		}
 
 		collect_children(ssh);

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.33 src/crypto/external/bsd/openssh/dist/packet.c:1.34
--- src/crypto/external/bsd/openssh/dist/packet.c:1.33	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/packet.c	Sat Sep 29 11:10:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.33 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.33 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1883,7 +1883,7 @@ ssh_packet_disconnect(struct ssh *ssh, c
 
 	/* Close the connection. */
 	ssh_packet_close(ssh);
-	cleanup_exit(254);
+	cleanup_exit(255);
 }
 
 /*

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-27 Thread Tobias Nygren 
Module Name:src
Committed By:   tnn
Date:   Mon Aug 27 17:47:48 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c

Log Message:
annotate pthread_exit as __dead (to appease clang)


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/auth-pam.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.16 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.16	Sun Aug 26 07:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Mon Aug 27 17:47:48 2018
@@ -51,7 +51,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.16 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.17 2018/08/27 17:47:48 tnn Exp $");
 #define _LIB_PTHREAD_H
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
@@ -194,7 +194,7 @@ sshpam_sigchld_handler(int sig)
 }
 
 /* ARGSUSED */
-static void
+__dead static void
 pthread_exit(void *value)
 {
 	_exit(0);

CVS commit: src/crypto/external/bsd/openssh

2018-08-26 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Aug 26 07:46:37 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh: openssh2netbsd
src/crypto/external/bsd/openssh/dist: OVERVIEW PROTOCOL
PROTOCOL.certkeys addrmatch.c auth-bsdauth.c auth-krb5.c
auth-options.c auth-options.h auth-pam.c auth-pam.h auth-passwd.c
auth-rhosts.c auth.c auth.h auth2-chall.c auth2-gss.c
auth2-hostbased.c auth2-kbdint.c auth2-krb5.c auth2-none.c
auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c
channels.c channels.h clientloop.c clientloop.h compat.c compat.h
dh.c gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c kex.h
kexdhs.c kexgexs.c log.c log.h match.c match.h misc.c misc.h
monitor.c monitor.h monitor_wrap.c monitor_wrap.h msg.c mux.c
myproposal.h opacket.h packet.c packet.h readconf.c readconf.h
readpass.c scp.1 scp.c servconf.c servconf.h serverloop.c session.c
sftp-client.c sftp-server.c sftp.1 sftp.c ssh-agent.c ssh-gss.h
ssh-keygen.1 ssh-keygen.c ssh-keyscan.c ssh-keysign.c
ssh-pkcs11-client.c ssh-rsa.c ssh.1 ssh.c ssh.h ssh_api.h
ssh_config.5 sshbuf.c sshbuf.h sshconnect.c sshconnect.h
sshconnect2.c sshd.8 sshd.c sshd_config sshd_config.5 ssherr.c
ssherr.h sshkey-xmss.c sshkey.c sshkey.h sshlogin.c ttymodes.c
uidswap.c uidswap.h umac.c umac128.c utf8.c version.h xmss_wots.c
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.3072
moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: Makefile shlib_version
Removed Files:
src/crypto/external/bsd/openssh/dist: bufaux.c bufbn.c bufec.c buffer.c
buffer.h key.c key.h

Log Message:
merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/openssh2netbsd
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/OVERVIEW \
src/crypto/external/bsd/openssh/dist/msg.c \
src/crypto/external/bsd/openssh/dist/uidswap.h \
src/crypto/external/bsd/openssh/dist/utf8.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/addrmatch.c \
src/crypto/external/bsd/openssh/dist/auth-krb5.c \
src/crypto/external/bsd/openssh/dist/auth2-gss.c \
src/crypto/external/bsd/openssh/dist/compat.h \
src/crypto/external/bsd/openssh/dist/gss-serv.c \
src/crypto/external/bsd/openssh/dist/hostfile.c \
src/crypto/external/bsd/openssh/dist/sshconnect.h
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys \
src/crypto/external/bsd/openssh/dist/auth-passwd.c \
src/crypto/external/bsd/openssh/dist/auth2-none.c \
src/crypto/external/bsd/openssh/dist/auth2-passwd.c \
src/crypto/external/bsd/openssh/dist/gss-genr.c \
src/crypto/external/bsd/openssh/dist/monitor.h \
src/crypto/external/bsd/openssh/dist/opacket.h \
src/crypto/external/bsd/openssh/dist/readpass.c \
src/crypto/external/bsd/openssh/dist/sshbuf.h \
src/crypto/external/bsd/openssh/dist/sshlogin.c \
src/crypto/external/bsd/openssh/dist/ttymodes.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth-bsdauth.c \
src/crypto/external/bsd/openssh/dist/auth-pam.h \
src/crypto/external/bsd/openssh/dist/auth2-krb5.c \
src/crypto/external/bsd/openssh/dist/ssherr.c \
src/crypto/external/bsd/openssh/dist/sshkey.h \
src/crypto/external/bsd/openssh/dist/uidswap.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/auth.h \
src/crypto/external/bsd/openssh/dist/log.c \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/myproposal.h \
src/crypto/external/bsd/openssh/dist/packet.h \
src/crypto/external/bsd/openssh/dist/servconf.h \
src/crypto/external/bsd/openssh/dist/sftp-server.c \
src/crypto/external/bsd/openssh/dist/sftp.1
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssh/dist/auth-options.h \
src/crypto/external/bsd/openssh/dist/authfd.h \
src/crypto/external/bsd/openssh/dist/gss-serv-krb5.c \
src/crypto/external/bsd/openssh/dist/ssh.h
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/auth-pam.c \
src/crypto/external/bsd/openssh/dist/authfd.c \
src/crypto/external/bsd/openssh/dist/kexdhs.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.h \
src/crypto/external/bsd/openssh/dist/ssh-rsa.c \
src/crypto/external/bsd/openssh/dist/umac.c
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth-rhosts.c \
src/crypto/external/bsd/openssh/dist/auth2-kbdint.c \
src/crypto/external/bsd/openssh/dist/match.c \
src/crypto/external/bsd/openssh/dist/match.h

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Aug 13 09:55:20 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
add another exit 254 to avoid blacklistd notification


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.25 src/crypto/external/bsd/openssh/dist/monitor.c:1.26
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.25	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Mon Aug 13 05:55:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.25 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.26 2018/08/13 09:55:20 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.25 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.26 2018/08/13 09:55:20 christos Exp $");
 #include 
 #include 
 #include 
@@ -1383,7 +1383,7 @@ mm_record_login(Session *s, struct passw
 		if (getpeername(packet_get_connection_in(),
 		(struct sockaddr *), ) < 0) {
 			debug("getpeername: %.100s", strerror(errno));
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 	}
 	/* Record that there was a login on that tty from the remote host. */

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-09 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Aug  9 08:32:41 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor_wrap.c mux.c packet.c
serverloop.c session.c

Log Message:
change some 255's to 254's to avoid being too aggressive blacklisting.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/mux.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.19 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.20
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.19	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor_wrap.c,v 1.19 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: monitor_wrap.c,v 1.20 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.19 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.20 2018/08/09 08:32:41 christos Exp $");
 #include 
 #include 
 #include 
@@ -149,7 +149,7 @@ mm_request_receive(int sock, Buffer *m)
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
-			cleanup_exit(255);
+			cleanup_exit(254);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = get_u32(buf);
Index: src/crypto/external/bsd/openssh/dist/mux.c
diff -u src/crypto/external/bsd/openssh/dist/mux.c:1.19 src/crypto/external/bsd/openssh/dist/mux.c:1.20
--- src/crypto/external/bsd/openssh/dist/mux.c:1.19	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/mux.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: mux.c,v 1.19 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: mux.c,v 1.20 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: mux.c,v 1.69 2017/09/20 05:19:00 dtucker Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller 
@@ -32,7 +32,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: mux.c,v 1.19 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: mux.c,v 1.20 2018/08/09 08:32:41 christos Exp $");
 #include 
 #include 
 #include 
@@ -1324,7 +1324,7 @@ muxserver_listen(struct ssh *ssh)
 			return;
 		} else {
 			/* unix_listener() logs the error */
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 	}
 
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.19 src/crypto/external/bsd/openssh/dist/serverloop.c:1.20
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.19	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.19 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.20 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.19 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.20 2018/08/09 08:32:41 christos Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -331,7 +331,7 @@ process_input(struct ssh *ssh, fd_set *r
 "%.100s port %d: %.100s",
 ssh_remote_ipaddr(ssh),
 ssh_remote_port(ssh), strerror(errno));
-cleanup_exit(255);
+cleanup_exit(254);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -428,7 +428,7 @@ server_loop2(struct ssh *ssh, Authctxt *
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
 			/* Clean up sessions, utmp, etc. */
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 
 		collect_children(ssh);

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.31 src/crypto/external/bsd/openssh/dist/packet.c:1.32
--- src/crypto/external/bsd/openssh/dist/packet.c:1.31	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/packet.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.31 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.32 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.269 2017/12/18 23:13:42 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.31 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.32

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-03 Thread Robert Elz 
Module Name:src
Committed By:   kre
Date:   Fri Aug  3 12:49:41 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c

Log Message:
Add a "gcc is stupid" comment to the previous change, as even
the most cursory analysis shows that the var ("eg") is not (cannot
be) used unitialialised, just gcc is too dumb to work it out.

In this case, the code could be rewritten easily enough to
appease even gcc, but that would cause unnecessary code churn,
and some minor duplication, so just put up with the nonsense init...


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sshkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.15 src/crypto/external/bsd/openssh/dist/sshkey.c:1.16
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.15	Fri Aug  3 04:32:12 2018
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Fri Aug  3 12:49:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $	*/
+/*	$NetBSD: sshkey.c,v 1.16 2018/08/03 12:49:41 kre Exp $	*/
 /* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $");
+__RCSID("$NetBSD: sshkey.c,v 1.16 2018/08/03 12:49:41 kre Exp $");
 
 #include 
 #include 
@@ -1641,7 +1641,7 @@ dsa_generate_private_key(u_int bits, DSA
 int
 sshkey_ecdsa_key_to_nid(EC_KEY *k)
 {
-	EC_GROUP *eg = NULL;
+	EC_GROUP *eg = NULL;		/* XXXGCC: unneeded init */
 	int nids[] = {
 		NID_X9_62_prime256v1,
 		NID_secp384r1,

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-02 Thread Kamil Rytarowski 
Module Name:src
Committed By:   kamil
Date:   Fri Aug  3 04:32:12 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c

Log Message:
Appease GCC in the openssh code when built with UBSan

Initialize eg to NULL in sshkey_ecdsa_key_to_nid().
The compiler warns that it might be uninitialized.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sshkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.14 src/crypto/external/bsd/openssh/dist/sshkey.c:1.15
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.14	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Fri Aug  3 04:32:12 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey.c,v 1.14 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $	*/
 /* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey.c,v 1.14 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $");
 
 #include 
 #include 
@@ -1641,7 +1641,7 @@ dsa_generate_private_key(u_int bits, DSA
 int
 sshkey_ecdsa_key_to_nid(EC_KEY *k)
 {
-	EC_GROUP *eg;
+	EC_GROUP *eg = NULL;
 	int nids[] = {
 		NID_X9_62_prime256v1,
 		NID_secp384r1,

CVS commit: src/crypto/external/bsd/openssh/dist

2018-07-18 Thread Thomas Klausner 
Module Name:src
Committed By:   wiz
Date:   Wed Jul 18 16:42:49 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-agent.1

Log Message:
Fix Dd argument.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh-agent.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.14
--- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13	Tue Jul 10 22:12:08 2018
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.1	Wed Jul 18 16:42:49 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ssh-agent.1,v 1.13 2018/07/10 22:12:08 sevan Exp $
+.\"	$NetBSD: ssh-agent.1,v 1.14 2018/07/18 16:42:49 wiz Exp $
 .\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $
 .\"
 .\"
@@ -36,7 +36,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 30 2016
+.Dd July 10, 2018
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME

CVS commit: src/crypto/external/bsd/openssh/dist

2018-07-10 Thread Sevan Janiyan 
Module Name:src
Committed By:   sevan
Date:   Tue Jul 10 22:12:08 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-agent.1 ssh-agent.c

Log Message:
Amend whitelisted filesystem paths ssh-agent will look for PKCS11 related
libraries so that things work out of the box with pkgsrc without having to
explicitly whitelist things.

ok christos


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-agent.1
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/ssh-agent.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.12 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13
--- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.12	Tue Apr 18 18:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.1	Tue Jul 10 22:12:08 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ssh-agent.1,v 1.12 2017/04/18 18:41:46 christos Exp $
+.\"	$NetBSD: ssh-agent.1,v 1.13 2018/07/10 22:12:08 sevan Exp $
 .\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $
 .\"
 .\"
@@ -131,7 +131,7 @@ that may be added using the
 option to
 .Xr ssh-add 1 .
 The default is to allow loading PKCS#11 libraries from
-.Dq /usr/lib/*,/usr/local/lib/* .
+.Dq /usr/lib/*,/usr/pkg/lib/* .
 PKCS#11 libraries that do not match the whitelist will be refused.
 See PATTERNS in
 .Xr ssh_config 5

Index: src/crypto/external/bsd/openssh/dist/ssh-agent.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.22 src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.23
--- src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.22	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.c	Tue Jul 10 22:12:08 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-agent.c,v 1.22 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: ssh-agent.c,v 1.23 2018/07/10 22:12:08 sevan Exp $	*/
 /* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-agent.c,v 1.22 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: ssh-agent.c,v 1.23 2018/07/10 22:12:08 sevan Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -82,7 +82,7 @@ __RCSID("$NetBSD: ssh-agent.c,v 1.22 201
 #endif
 
 #ifndef DEFAULT_PKCS11_WHITELIST
-# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/pkg/lib*/*"
 #endif
 
 /* Maximum accepted message length */

CVS commit: src/crypto/external/bsd/openssh/dist

2018-06-24 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Jun 24 15:36:31 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: pfilter.c

Log Message:
Since now we are called from cleanup_exit() make sure that we have a state
to work with. Found by ASAN.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/pfilter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.5 src/crypto/external/bsd/openssh/dist/pfilter.c:1.6
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.5	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/pfilter.c	Sun Jun 24 11:36:31 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: pfilter.c,v 1.5 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: pfilter.c,v 1.6 2018/06/24 15:36:31 christos Exp $	*/
 #include "namespace.h"
 #include "includes.h"
 #include "ssh.h"
@@ -12,7 +12,7 @@ static struct blacklist *blstate;
 #endif
 
 #include "includes.h"
-__RCSID("$NetBSD: pfilter.c,v 1.5 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: pfilter.c,v 1.6 2018/06/24 15:36:31 christos Exp $");
 
 void
 pfilter_init()
@@ -27,6 +27,8 @@ pfilter_notify(int a)
 {
 #ifndef SMALL
 	int fd;
+	if (active_state == NULL)
+		return;
 	if (blstate == NULL)
 		pfilter_init();
 	if (blstate == NULL)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-06-07 Thread Taylor R Campbell 
Module Name:src
Committed By:   riastradh
Date:   Thu Jun  7 15:26:09 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
Disable loading XMSS keys by default too.

Nobody should be using XMSS host keys without an explicit decision,
because they're qualitatively different from all other types of host
keys in that they require keeping state.

This also eliminates a harmless but confusing warning that began
after we stopped generating XMSS keys by default.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.27 src/crypto/external/bsd/openssh/dist/servconf.c:1.28
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.27	Sun Apr  8 21:56:48 2018
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Thu Jun  7 15:26:09 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $	*/
+/*	$NetBSD: servconf.c,v 1.28 2018/06/07 15:26:09 riastradh Exp $	*/
 
 /* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */
 /*
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.28 2018/06/07 15:26:09 riastradh Exp $");
 #include 
 #include 
 #include 
@@ -294,10 +294,6 @@ fill_default_server_options(ServerOption
 		_PATH_HOST_ECDSA_KEY_FILE);
 		servconf_add_hostkey("[default]", 0, options,
 		_PATH_HOST_ED25519_KEY_FILE);
-#ifdef WITH_XMSS
-		servconf_add_hostkey("[default]", 0, options,
-		_PATH_HOST_XMSS_KEY_FILE);
-#endif /* WITH_XMSS */
 	}
 	/* No certificates by default */
 	if (options->num_ports == 0)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-05-23 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed May 23 16:04:13 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c sshd.c

Log Message:
Increase strictness of blacklistd patches to include timeouts, operating
system errors, and pam failures.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Wed May 23 12:04:13 2018
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -552,6 +552,7 @@ sshpam_thread(void *ctxtp)
 		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, );
 	else
 		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, );
+	pfilter_notify(1);
 	buffer_free();
 	pthread_exit(NULL);
 
@@ -830,6 +831,7 @@ sshpam_query(void *ctx, char **name, cha
 free(msg);
 return (0);
 			}
+			pfilter_notify(1);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			sshpam_authctxt->valid ? "" : "illegal user ",
 			sshpam_authctxt->user,

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.30 src/crypto/external/bsd/openssh/dist/sshd.c:1.31
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.30	Sun Apr  8 17:56:48 2018
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Wed May 23 12:04:13 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $	*/
+/*	$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $");
 #include 
 #include 
 #include 
@@ -344,6 +344,7 @@ main_sigchld_handler(int sig)
 __dead static void
 grace_alarm_handler(int sig)
 {
+	pfilter_notify(1);
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
 		kill(pmonitor->m_pid, SIGALRM);
 
@@ -356,7 +357,6 @@ grace_alarm_handler(int sig)
 		killpg(0, SIGTERM);
 	}
 
-	pfilter_notify(1);
 	/* Log error and exit. */
 	sigdie("Timeout before authentication for %s port %d",
 	ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
@@ -2193,6 +2193,9 @@ cleanup_exit(int i)
 {
 	struct ssh *ssh = active_state; /* XXX */
 
+	if (i == 255)
+		pfilter_notify(1);
+
 	if (the_authctxt) {
 		do_cleanup(ssh, the_authctxt);
 		if (use_privsep && privsep_is_preauth &&

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-08 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Sun Apr  8 21:56:48 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c sshd.c

Log Message:
Fix clang build by adding __dead annotations.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/servconf.c
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.26 src/crypto/external/bsd/openssh/dist/servconf.c:1.27
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.26	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Sun Apr  8 21:56:48 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.26 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $	*/
 
 /* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */
 /*
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.26 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1053,7 +1053,7 @@ out:
 	return result;
 }
 
-static void
+__dead static void
 match_test_missing_fatal(const char *criteria, const char *attrib)
 {
 	fatal("'Match %s' in configuration but '%s' not in connection "

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.29 src/crypto/external/bsd/openssh/dist/sshd.c:1.30
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.29	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Sun Apr  8 21:56:48 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.29 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $	*/
 /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.29 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1338,6 +1338,9 @@ check_ip_options(struct ssh *ssh)
 }
 
 /* Set the routing domain for this process */
+#if !defined(__OpenBSD__)
+__dead
+#endif
 static void
 set_process_rdomain(struct ssh *ssh, const char *name)
 {

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Apr  8 13:39:42 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-pubkey.c

Log Message:
fix compilation for non LDAP
remove error comment


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.19 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.20
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.19	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Sun Apr  8 09:39:42 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.19 2018/04/06 18:58:59 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.20 2018/04/08 13:39:42 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.19 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.20 2018/04/08 13:39:42 christos Exp $");
 #include 
 #include 
 
@@ -692,9 +692,9 @@ check_authkeys_file(struct ssh *ssh, str
 	char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256];
 	int found_key = 0;
 	u_long linenum = 0;
-	struct sshkey *found = NULL;
 	struct sshauthopt *opts = NULL;
 #ifdef WITH_LDAP_PUBKEY
+	struct sshkey *found = NULL;
 	ldap_key_t * k;
 	unsigned int i = 0;
 	const char *reason;
@@ -780,7 +780,6 @@ check_authkeys_file(struct ssh *ssh, str
 			continue;
 
 		/* Skip leading whitespace, empty and comment lines. */
-/*###782 [cc] error: 'cp' undeclared (first use in this function)%%%*/
 		cp = line;
 		skip_space();
 		if (!*cp || *cp == '\n' || *cp == '#')

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr  7 00:36:55 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: readconf.c scp.c

Log Message:
fix unconst


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/readconf.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/scp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/readconf.c
diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.23 src/crypto/external/bsd/openssh/dist/readconf.c:1.24
--- src/crypto/external/bsd/openssh/dist/readconf.c:1.23	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/readconf.c	Fri Apr  6 20:36:55 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.23 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.24 2018/04/07 00:36:55 christos Exp $	*/
 /* $OpenBSD: readconf.c,v 1.283 2018/02/23 15:58:37 markus Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: readconf.c,v 1.23 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: readconf.c,v 1.24 2018/04/07 00:36:55 christos Exp $");
 #include 
 #include 
 #include 
@@ -2440,7 +2440,7 @@ parse_jump(const char *s, Options *o, in
 int
 parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp)
 {
-	char *path;
+	const char *path;
 	int r;
 
 	r = parse_uri("ssh", uri, userp, hostp, portp, );

Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.18 src/crypto/external/bsd/openssh/dist/scp.c:1.19
--- src/crypto/external/bsd/openssh/dist/scp.c:1.18	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/scp.c	Fri Apr  6 20:36:55 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.18 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.19 2018/04/07 00:36:55 christos Exp $	*/
 /* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@@ -73,7 +73,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.18 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.19 2018/04/07 00:36:55 christos Exp $");
 
 #include 	/* roundup MAX */
 #include 
@@ -600,7 +600,7 @@ do_times(int fd, int verb, const struct 
 
 static int
 parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp,
- char **pathp)
+ const char **pathp)
 {
 	int r;
 
@@ -613,8 +613,10 @@ parse_scp_uri(const char *uri, char **us
 void
 toremote(int argc, char **argv)
 {
-	char *suser = NULL, *host = NULL, *src = NULL;
-	char *bp, *tuser, *thost, *targ;
+	char *suser = NULL, *host = NULL;
+	const char *src = NULL;
+	char *bp, *tuser, *thost;
+	const char *targ;
 	int sport = -1, tport = -1;
 	arglist alist;
 	int i, r;
@@ -647,7 +649,7 @@ toremote(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(src);
+		free(__UNCONST(src));
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -725,16 +727,17 @@ toremote(int argc, char **argv)
 out:
 	free(tuser);
 	free(thost);
-	free(targ);
+	free(__UNCONST(targ));
 	free(suser);
 	free(host);
-	free(src);
+	free(__UNCONST(src));
 }
 
 static void
 tolocal(int argc, char **argv)
 {
-	char *bp, *host = NULL, *src = NULL, *suser = NULL;
+	char *bp, *host = NULL, *suser = NULL;
+	const char *src = NULL;
 	arglist alist;
 	int i, r, sport = -1;
 
@@ -744,7 +747,7 @@ tolocal(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(src);
+		free(__UNCONST(src));
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -786,7 +789,7 @@ tolocal(int argc, char **argv)
 	}
 	free(suser);
 	free(host);
-	free(src);
+	free(__UNCONST(src));
 }
 
 void

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr  7 00:26:12 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-passwd.c

Log Message:
restore default xx salt.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth-passwd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-passwd.c
diff -u src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.8 src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.9
--- src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.8	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth-passwd.c	Fri Apr  6 20:26:12 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-passwd.c,v 1.8 2018/04/06 18:58:59 christos Exp $	*/
+/*	$NetBSD: auth-passwd.c,v 1.9 2018/04/07 00:26:12 christos Exp $	*/
 /* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-passwd.c,v 1.8 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-passwd.c,v 1.9 2018/04/07 00:26:12 christos Exp $");
 #include 
 
 #include 
@@ -189,7 +189,7 @@ sys_auth_passwd(struct ssh *ssh, const c
 	 */
 	if (authctxt->valid && pw_password[0] && pw_password[1])
 		salt = pw_password;
-	encrypted_password = xcrypt(password, salt);
+	encrypted_password = xcrypt(password, salt ? salt : "xx");
 
 	/*
 	 * Authentication is accepted if the encrypted passwords

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-13 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Tue Feb 13 09:51:33 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c

Log Message:
Fix copy & pasto (dsa code vs. rsa code) in previous, fixes PR lib/53012
and recentish sshfs test failures.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/sshkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.12 src/crypto/external/bsd/openssh/dist/sshkey.c:1.13
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.12	Mon Feb  5 00:13:50 2018
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Tue Feb 13 09:51:33 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey.c,v 1.12 2018/02/05 00:13:50 christos Exp $	*/
+/*	$NetBSD: sshkey.c,v 1.13 2018/02/13 09:51:33 martin Exp $	*/
 /* $OpenBSD: sshkey.c,v 1.56 2017/08/12 06:42:52 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey.c,v 1.12 2018/02/05 00:13:50 christos Exp $");
+__RCSID("$NetBSD: sshkey.c,v 1.13 2018/02/13 09:51:33 martin Exp $");
 
 #include 
 #include 
@@ -258,7 +258,7 @@ sshkey_size(const struct sshkey *k)
 #if OPENSSL_VERSION_NUMBER >= 0x1010UL
 		return RSA_bits(k->rsa);
 #else
-		return BN_num_bits(k->rsa->p);
+		return BN_num_bits(k->rsa->n);
 #endif
 	case KEY_DSA:
 	case KEY_DSA_CERT:

CVS commit: src/crypto/external/bsd/openssh

2018-02-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Feb  9 01:54:46 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh: Makefile.inc

Log Message:
only set the compat version for OpenSSL-1.0


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/Makefile.inc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/Makefile.inc
diff -u src/crypto/external/bsd/openssh/Makefile.inc:1.12 src/crypto/external/bsd/openssh/Makefile.inc:1.13
--- src/crypto/external/bsd/openssh/Makefile.inc:1.12	Tue Feb  6 15:10:36 2018
+++ src/crypto/external/bsd/openssh/Makefile.inc	Thu Feb  8 20:54:46 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.12 2018/02/06 20:10:36 christos Exp $
+#	$NetBSD: Makefile.inc,v 1.13 2018/02/09 01:54:46 christos Exp $
 
 WARNS?=	4
 
@@ -15,7 +15,9 @@ CPPFLAGS+=-DHAVE_DLOPEN
 CPPFLAGS+=-DHAVE_HEADER_AD
 CPPFLAGS+=-DHAVE_LOGIN_CAP
 CPPFLAGS+=-DHAVE_STDLIB_H
+.if ${HAVE_OPENSSL} < 11
 CPPFLAGS+=-DOPENSSL_API_COMPAT=0x1010L
+.endif
 
 CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
 .if !defined(NOPIC)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb  8 23:04:13 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: kex.c

Log Message:
need openssl/dh.h


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/kex.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/kex.c
diff -u src/crypto/external/bsd/openssh/dist/kex.c:1.19 src/crypto/external/bsd/openssh/dist/kex.c:1.20
--- src/crypto/external/bsd/openssh/dist/kex.c:1.19	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/kex.c	Thu Feb  8 18:04:13 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: kex.c,v 1.19 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: kex.c,v 1.20 2018/02/08 23:04:13 christos Exp $	*/
 /* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: kex.c,v 1.19 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: kex.c,v 1.20 2018/02/08 23:04:13 christos Exp $");
 
 #include 	/* MAX roundup */
 #include 
@@ -35,6 +35,7 @@ __RCSID("$NetBSD: kex.c,v 1.19 2017/10/0
 
 #ifdef WITH_OPENSSL
 #include 
+#include 
 #endif
 
 #include "ssh2.h"

CVS commit: src/crypto/external/bsd/openssh

2018-02-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Feb  6 20:10:36 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh: Makefile.inc

Log Message:
use OPENSSL_API_COMPAT


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/Makefile.inc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/Makefile.inc
diff -u src/crypto/external/bsd/openssh/Makefile.inc:1.11 src/crypto/external/bsd/openssh/Makefile.inc:1.12
--- src/crypto/external/bsd/openssh/Makefile.inc:1.11	Mon Feb  5 06:57:28 2018
+++ src/crypto/external/bsd/openssh/Makefile.inc	Tue Feb  6 15:10:36 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.11 2018/02/05 11:57:28 christos Exp $
+#	$NetBSD: Makefile.inc,v 1.12 2018/02/06 20:10:36 christos Exp $
 
 WARNS?=	4
 
@@ -15,7 +15,7 @@ CPPFLAGS+=-DHAVE_DLOPEN
 CPPFLAGS+=-DHAVE_HEADER_AD
 CPPFLAGS+=-DHAVE_LOGIN_CAP
 CPPFLAGS+=-DHAVE_STDLIB_H
-CPPFLAGS+=-DOPENSSL_VERSION_NUMBER=0x1010L
+CPPFLAGS+=-DOPENSSL_API_COMPAT=0x1010L
 
 CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
 .if !defined(NOPIC)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-06 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Tue Feb  6 10:56:35 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-dss.c

Log Message:
style: remove spurious {} added in 1.12


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-dss.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-dss.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.12 src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.13
--- src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.12	Mon Feb  5 00:13:50 2018
+++ src/crypto/external/bsd/openssh/dist/ssh-dss.c	Tue Feb  6 10:56:35 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-dss.c,v 1.12 2018/02/05 00:13:50 christos Exp $	*/
+/*	$NetBSD: ssh-dss.c,v 1.13 2018/02/06 10:56:35 maya Exp $	*/
 /* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-dss.c,v 1.12 2018/02/05 00:13:50 christos Exp $");
+__RCSID("$NetBSD: ssh-dss.c,v 1.13 2018/02/06 10:56:35 maya Exp $");
 #include 
 
 #include 
@@ -175,7 +175,6 @@ ssh_dss_verify(const struct sshkey *key,
 	}
 
 	/* parse signature */
-	{
 	BIGNUM *r=NULL, *s=NULL;
 	if ((sig = DSA_SIG_new()) == NULL ||
 	(r = BN_new()) == NULL ||
@@ -194,7 +193,6 @@ ssh_dss_verify(const struct sshkey *key,
 	}
 	DSA_SIG_set0(sig, r, s);
 	r = s = NULL;
-	}
 
 	/* sha1 the data */
 	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,

CVS commit: src/crypto/external/bsd/openssh

2018-02-05 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Feb  5 11:57:28 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh: Makefile.inc

Log Message:
pretend we have openssl-1.1


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/Makefile.inc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/Makefile.inc
diff -u src/crypto/external/bsd/openssh/Makefile.inc:1.10 src/crypto/external/bsd/openssh/Makefile.inc:1.11
--- src/crypto/external/bsd/openssh/Makefile.inc:1.10	Mon Nov  6 05:26:13 2017
+++ src/crypto/external/bsd/openssh/Makefile.inc	Mon Feb  5 06:57:28 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.10 2017/11/06 10:26:13 snj Exp $
+#	$NetBSD: Makefile.inc,v 1.11 2018/02/05 11:57:28 christos Exp $
 
 WARNS?=	4
 
@@ -15,6 +15,7 @@ CPPFLAGS+=-DHAVE_DLOPEN
 CPPFLAGS+=-DHAVE_HEADER_AD
 CPPFLAGS+=-DHAVE_LOGIN_CAP
 CPPFLAGS+=-DHAVE_STDLIB_H
+CPPFLAGS+=-DOPENSSL_VERSION_NUMBER=0x1010L
 
 CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
 .if !defined(NOPIC)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Feb  5 00:13:50 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c cipher.c cipher.h dh.c
dh.h digest-openssl.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c
monitor.c ssh-dss.c ssh-ecdsa.c ssh-keygen.c ssh-pkcs11-client.c
ssh-pkcs11.c ssh-rsa.c sshkey.c

Log Message:
patch for OpenSSL-1.1


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth-pam.c \
src/crypto/external/bsd/openssh/dist/dh.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/cipher.c \
src/crypto/external/bsd/openssh/dist/cipher.h \
src/crypto/external/bsd/openssh/dist/ssh-dss.c \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/dh.h
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssh/dist/digest-openssl.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/kexdhc.c \
src/crypto/external/bsd/openssh/dist/kexgexc.c \
src/crypto/external/bsd/openssh/dist/ssh-ecdsa.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/kexdhs.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c \
src/crypto/external/bsd/openssh/dist/ssh-rsa.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/kexgexs.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/monitor.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.12 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.12	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Sun Feb  4 19:13:50 2018
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.12 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.13 2018/02/05 00:13:50 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -142,6 +142,11 @@ extern u_int utmp_len;
 typedef pthread_t sp_pthread_t;
 #else
 typedef pid_t sp_pthread_t;
+# undef pthread_exit
+# define pthread_create(a, b, c, d)_ssh_compat_pthread_create(a, b, c, d)
+# define pthread_exit(a)   _ssh_compat_pthread_exit(a)
+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a)
+# define pthread_join(a, b)_ssh_compat_pthread_join(a, b)
 #endif
 
 struct pam_ctxt {
Index: src/crypto/external/bsd/openssh/dist/dh.c
diff -u src/crypto/external/bsd/openssh/dist/dh.c:1.12 src/crypto/external/bsd/openssh/dist/dh.c:1.13
--- src/crypto/external/bsd/openssh/dist/dh.c:1.12	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/dh.c	Sun Feb  4 19:13:50 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: dh.c,v 1.12 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: dh.c,v 1.13 2018/02/05 00:13:50 christos Exp $	*/
 /* $OpenBSD: dh.c,v 1.62 2016/12/15 21:20:41 dtucker Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: dh.c,v 1.12 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: dh.c,v 1.13 2018/02/05 00:13:50 christos Exp $");
 
 #include 	/* MIN */
 #include 
@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max
 /* diffie-hellman-groupN-sha1 */
 
 int
-dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
 {
 	int i;
 	int n = BN_num_bits(dh_pub);
 	int bits_set = 0;
 	BIGNUM *tmp;
+	const BIGNUM *p;
 
-	if (dh_pub->neg) {
+	if (BN_is_negative(dh_pub)) {
 		logit("invalid public DH value: negative");
 		return 0;
 	}
@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 		error("%s: BN_new failed", __func__);
 		return 0;
 	}
-	if (!BN_sub(tmp, dh->p, BN_value_one()) ||
+	DH_get0_pqg(dh, , NULL, NULL);
+	if (!BN_sub(tmp, p, BN_value_one()) ||
 	BN_cmp(dh_pub, tmp) != -1) {		/* pub_exp > p-2 */
 		BN_clear_free(tmp);
 		logit("invalid public DH value: >= p-1");
@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 	for (i = 0; i <= n; i++)
 		if (BN_is_bit_set(dh_pub, i))
 			bits_set++;
-	debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
+	debug2("bits set: %d/%d", bits_set, BN_num_bits(p));
 
 	/*
 	 * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
 	 */
 	if (bits_set < 4) {
 		logit("invalid public DH value (%d/%d)",
-		   bits_set, BN_num_bits(dh->p));
+		   bits_set, BN_num_bits(p));
 		return 0;
 	}
 	return 1;
@@ -264,9 +266,12 @@ int
 dh_gen_key(DH *dh, int need)
 {
 	int pbits;
+	const BIGNUM *p, *pub_key, *priv_key;
 
-	if (need < 0 || dh->p == NULL ||
-	(pbits =

CVS commit: src/crypto/external/bsd/openssh/dist

2018-01-14 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Mon Jan 15 05:04:58 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
Move spammy debug message to debug2.
Similarly spammy messages exist in this debug level.

Requested by gson in PR bin/52898:
ssh -v prints debug message on every keystroke


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.29 src/crypto/external/bsd/openssh/dist/packet.c:1.30
--- src/crypto/external/bsd/openssh/dist/packet.c:1.29	Mon Oct  9 12:07:03 2017
+++ src/crypto/external/bsd/openssh/dist/packet.c	Mon Jan 15 05:04:58 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.30 2018/01/15 05:04:58 maya Exp $	*/
 /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.30 2018/01/15 05:04:58 maya Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1117,7 +1117,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh
 	len, padlen, aadlen));
 
 	/* compute MAC over seqnr and packet(length fields, payload, padding) */
-debug("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1);
+debug2("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1);
 	if (mac && mac->enabled && !mac->etm) {
 		if ((r = mac_compute(mac, state->p_send.seqnr,
 		sshbuf_ptr(state->outgoing_packet), len,

CVS commit: src/crypto/external/bsd/openssh

2017-11-06 Thread Soren Jacobsen 
Module Name:src
Committed By:   snj
Date:   Mon Nov  6 10:26:13 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh: Makefile.inc

Log Message:
no more ssh1 code in openssh, so no use defining WITH_SSH1


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/Makefile.inc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/Makefile.inc
diff -u src/crypto/external/bsd/openssh/Makefile.inc:1.9 src/crypto/external/bsd/openssh/Makefile.inc:1.10
--- src/crypto/external/bsd/openssh/Makefile.inc:1.9	Thu Jul 23 08:03:25 2015
+++ src/crypto/external/bsd/openssh/Makefile.inc	Mon Nov  6 10:26:13 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.9 2015/07/23 08:03:25 mrg Exp $
+#	$NetBSD: Makefile.inc,v 1.10 2017/11/06 10:26:13 snj Exp $
 
 WARNS?=	4
 
@@ -16,7 +16,7 @@ CPPFLAGS+=-DHAVE_HEADER_AD
 CPPFLAGS+=-DHAVE_LOGIN_CAP
 CPPFLAGS+=-DHAVE_STDLIB_H
 
-CPPFLAGS+=-DWITH_SSH1 -DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
+CPPFLAGS+=-DWITH_OPENSSL -DENABLE_PKCS11 -D_OPENBSD_SOURCE
 .if !defined(NOPIC)
 CPPFLAGS+=-DHAVE_DLOPEN
 .endif

CVS commit: src/crypto/external/bsd/openssh/dist

2017-10-09 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Oct  9 12:07:03 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: channels.c packet.c

Log Message:
PR/52604: Tatoku Ogaito: Fix x11 session forwarding.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/channels.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/channels.c
diff -u src/crypto/external/bsd/openssh/dist/channels.c:1.19 src/crypto/external/bsd/openssh/dist/channels.c:1.20
--- src/crypto/external/bsd/openssh/dist/channels.c:1.19	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/channels.c	Mon Oct  9 08:07:03 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: channels.c,v 1.19 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: channels.c,v 1.20 2017/10/09 12:07:03 christos Exp $	*/
 /* $OpenBSD: channels.c,v 1.375 2017/09/24 13:45:34 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -41,7 +41,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: channels.c,v 1.19 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: channels.c,v 1.20 2017/10/09 12:07:03 christos Exp $");
 #include 
 #include 
 #include 
@@ -3733,10 +3733,11 @@ channel_request_remote_forwarding(struct
 		"streamlocal-forw...@openssh.com")) != 0 ||
 		(r = sshpkt_put_u8(ssh, 1)) != 0 || /* want reply */
 		(r = sshpkt_put_cstring(ssh, fwd->listen_path)) != 0 ||
-		(r = sshpkt_send(ssh)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = sshpkt_send(ssh)) != 0)
 			fatal("%s: request streamlocal: %s",
 			__func__, ssh_err(r));
+		if ((r = ssh_packet_write_wait(ssh)) < 0)
+			sshpkt_fatal(ssh, __func__, r);
 	} else {
 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
 		(r = sshpkt_put_cstring(ssh, "tcpip-forward")) != 0 ||
@@ -3744,10 +3745,11 @@ channel_request_remote_forwarding(struct
 		(r = sshpkt_put_cstring(ssh,
 		channel_rfwd_bind_host(fwd->listen_host))) != 0 ||
 		(r = sshpkt_put_u32(ssh, fwd->listen_port)) != 0 ||
-		(r = sshpkt_send(ssh)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = sshpkt_send(ssh)) != 0)
 			fatal("%s: request tcpip-forward: %s",
 			__func__, ssh_err(r));
+		if ((r = ssh_packet_write_wait(ssh)) < 0)
+			sshpkt_fatal(ssh, __func__, r);
 	}
 	/* Assume that server accepts the request */
 	success = 1;
@@ -4691,8 +4693,11 @@ x11_request_forwarding_with_spoofing(str
 	(r = sshpkt_put_cstring(ssh, proto)) != 0 ||
 	(r = sshpkt_put_cstring(ssh, new_data)) != 0 ||
 	(r = sshpkt_put_u32(ssh, screen_number)) != 0 ||
-	(r = sshpkt_send(ssh)) != 0 ||
-	(r = ssh_packet_write_wait(ssh)) != 0)
+	(r = sshpkt_send(ssh)) != 0)
 		fatal("%s: send x11-req: %s", __func__, ssh_err(r));
+
+	if ((r = ssh_packet_write_wait(ssh)) < 0)
+		sshpkt_fatal(ssh, __func__, r);
+
 	free(new_data);
 }

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.28 src/crypto/external/bsd/openssh/dist/packet.c:1.29
--- src/crypto/external/bsd/openssh/dist/packet.c:1.28	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/packet.c	Mon Oct  9 08:07:03 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.28 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.28 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1779,9 +1779,10 @@ ssh_packet_send_debug(struct ssh *ssh, c
 	(r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */
 	(r = sshpkt_put_cstring(ssh, buf)) != 0 ||
 	(r = sshpkt_put_cstring(ssh, "")) != 0 ||
-	(r = sshpkt_send(ssh)) != 0 ||
-	(r = ssh_packet_write_wait(ssh)) != 0)
+	(r = sshpkt_send(ssh)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
+	if ((r = ssh_packet_write_wait(ssh)) < 0)
+		sshpkt_fatal(ssh, __func__, r);
 }
 
 static void

CVS commit: src/crypto/external/bsd/openssh/dist

2017-10-08 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Sun Oct  8 20:19:05 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
Mark do_ca_sign as dead.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.27 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.28
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.27	Sat Oct  7 19:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Sun Oct  8 20:19:05 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.27 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.28 2017/10/08 20:19:05 joerg Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.307 2017/07/07 03:53:12 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.27 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.28 2017/10/08 20:19:05 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1638,7 +1638,7 @@ agent_signer(const struct sshkey *key, u
 	data, datalen, alg, compat);
 }
 
-static void
+__dead static void
 do_ca_sign(struct passwd *pw, int argc, char **argv)
 {
 	int r, i, fd, found, agent_fd = -1;

CVS commit: src/crypto/external/bsd/openssh

2017-10-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Oct  7 21:14:59 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: includes.h
src/crypto/external/bsd/openssh/lib: Makefile
Added Files:
src/crypto/external/bsd/openssh/dist: recallocarray.c

Log Message:
define recallocarray locally.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/includes.h
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/openssh/dist/recallocarray.c
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/lib/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/includes.h
diff -u src/crypto/external/bsd/openssh/dist/includes.h:1.6 src/crypto/external/bsd/openssh/dist/includes.h:1.7
--- src/crypto/external/bsd/openssh/dist/includes.h:1.6	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/includes.h	Sat Oct  7 17:14:59 2017
@@ -1,9 +1,11 @@
-/*	$NetBSD: includes.h,v 1.6 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: includes.h,v 1.7 2017/10/07 21:14:59 christos Exp $	*/
 #include 
 #ifndef __OpenBSD__
 #define __bounded__(a, b, c)
 #define explicit_bzero(a, b) explicit_memset((a), 0, (b))
 #define timingsafe_bcmp(a, b, c) (!consttime_memequal((a), (b), (c)))
+#include 
+void	*recallocarray(void *, size_t, size_t, size_t);
 #endif
 
 #include "namespace.h"

Index: src/crypto/external/bsd/openssh/lib/Makefile
diff -u src/crypto/external/bsd/openssh/lib/Makefile:1.22 src/crypto/external/bsd/openssh/lib/Makefile:1.23
--- src/crypto/external/bsd/openssh/lib/Makefile:1.22	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/lib/Makefile	Sat Oct  7 17:14:59 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.22 2017/10/07 19:39:19 christos Exp $
+#	$NetBSD: Makefile,v 1.23 2017/10/07 21:14:59 christos Exp $
 
 .include 
 
@@ -57,6 +57,7 @@ packet.c \
 poly1305.c \
 progressmeter.c \
 readpass.c \
+recallocarray.c \
 sc25519.c \
 smult_curve25519_ref.c \
 sshbuf-getput-basic.c \

Added files:

Index: src/crypto/external/bsd/openssh/dist/recallocarray.c
diff -u /dev/null src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1
--- /dev/null	Sat Oct  7 17:14:59 2017
+++ src/crypto/external/bsd/openssh/dist/recallocarray.c	Sat Oct  7 17:14:59 2017
@@ -0,0 +1,51 @@
+/*	$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $	*/
+/*	$OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $	*/
+
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *notice, this list of conditions and the following disclaimer in the
+ *documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#include 
+__RCSID("$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $");
+
+#include 
+#include 
+#include 
+
+void *
+recallocarray(void *optr, size_t omemb, size_t nmemb, size_t size)
+{
+	char *nptr = reallocarray(optr, nmemb, size);
+
+	if (nptr == NULL || omemb >= nmemb)
+		return nptr;
+
+	memset(nptr + omemb * size, 0, (nmemb - omemb) * size);
+	return nptr;
+}

CVS commit: src/crypto/external/bsd/openssh

2017-10-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Oct  7 19:39:20 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/bin/ssh: Makefile
src/crypto/external/bsd/openssh/dist: LICENCE PROTOCOL PROTOCOL.agent
PROTOCOL.certkeys auth-options.c auth-options.h auth-pam.c auth.c
auth.h auth2-chall.c auth2-gss.c auth2-hostbased.c auth2-kbdint.c
auth2-krb5.c auth2-none.c auth2-passwd.c auth2-pubkey.c auth2.c
authfd.c authfd.h authfile.c bitmap.c bufbn.c buffer.h channels.c
channels.h cipher.c cipher.h clientloop.c clientloop.h compat.c
compat.h digest-libc.c digest-openssl.c dispatch.c dispatch.h dns.c
dns.h gss-serv.c hostfile.c kex.c kex.h kexc25519c.c kexc25519s.c
kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c key.c
key.h krl.c log.c log.h mac.c misc.c misc.h monitor.c
monitor_wrap.c monitor_wrap.h mux.c myproposal.h nchan.c opacket.c
opacket.h packet.c packet.h pathnames.h readconf.c readconf.h scp.1
scp.c servconf.c servconf.h serverloop.c serverloop.h session.c
session.h sftp-client.c sftp-common.c sftp-server.c sftp.1 sftp.c
ssh-add.1 ssh-add.c ssh-agent.c ssh-gss.h ssh-keygen.1 ssh-keygen.c
ssh-keyscan.1 ssh-keyscan.c ssh-pkcs11-client.c ssh-pkcs11-helper.c
ssh-pkcs11.c ssh-rsa.c ssh.1 ssh.c ssh.h ssh_api.c ssh_config
ssh_config.5 sshbuf-getput-basic.c sshbuf.c sshbuf.h sshconnect.c
sshconnect.h sshconnect2.c sshd.8 sshd.c sshd_config.5 ssherr.c
sshkey.c sshkey.h ttymodes.c ttymodes.h umac.c utf8.c version.h
xmalloc.c xmalloc.h
src/crypto/external/bsd/openssh/dist/moduli-gen: moduli.2048
moduli.3072 moduli.4096 moduli.6144 moduli.7680 moduli.8192
src/crypto/external/bsd/openssh/lib: Makefile shlib_version
Removed Files:
src/crypto/external/bsd/openssh/dist: cipher-3des1.c cipher-bf1.c
deattack.c deattack.h rsa.c rsa.h ssh1.h sshconnect1.c

Log Message:
merge conflicts.


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/bin/ssh/Makefile
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/LICENCE \
src/crypto/external/bsd/openssh/dist/bitmap.c \
src/crypto/external/bsd/openssh/dist/digest-openssl.c \
src/crypto/external/bsd/openssh/dist/sshkey.h \
src/crypto/external/bsd/openssh/dist/utf8.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/buffer.h \
src/crypto/external/bsd/openssh/dist/compat.h \
src/crypto/external/bsd/openssh/dist/dns.h \
src/crypto/external/bsd/openssh/dist/kexdhc.c \
src/crypto/external/bsd/openssh/dist/kexgexc.c \
src/crypto/external/bsd/openssh/dist/sftp-common.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c \
src/crypto/external/bsd/openssh/dist/ssh.h \
src/crypto/external/bsd/openssh/dist/sshconnect.h \
src/crypto/external/bsd/openssh/dist/xmalloc.c \
src/crypto/external/bsd/openssh/dist/xmalloc.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/PROTOCOL.agent \
src/crypto/external/bsd/openssh/dist/auth-options.h \
src/crypto/external/bsd/openssh/dist/authfd.h \
src/crypto/external/bsd/openssh/dist/bufbn.c \
src/crypto/external/bsd/openssh/dist/dispatch.c \
src/crypto/external/bsd/openssh/dist/kexc25519s.c \
src/crypto/external/bsd/openssh/dist/kexecdhs.c \
src/crypto/external/bsd/openssh/dist/nchan.c
cvs rdiff -u -r1.7 -r1.8 \
src/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys \
src/crypto/external/bsd/openssh/dist/auth2-kbdint.c \
src/crypto/external/bsd/openssh/dist/auth2-none.c \
src/crypto/external/bsd/openssh/dist/auth2-passwd.c \
src/crypto/external/bsd/openssh/dist/kexecdhc.c \
src/crypto/external/bsd/openssh/dist/opacket.c \
src/crypto/external/bsd/openssh/dist/opacket.h \
src/crypto/external/bsd/openssh/dist/session.h \
src/crypto/external/bsd/openssh/dist/ssh-gss.h \
src/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c \
src/crypto/external/bsd/openssh/dist/sshbuf.c \
src/crypto/external/bsd/openssh/dist/sshbuf.h \
src/crypto/external/bsd/openssh/dist/ttymodes.c \
src/crypto/external/bsd/openssh/dist/ttymodes.h
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/openssh/dist/auth-options.c \
src/crypto/external/bsd/openssh/dist/auth.h \
src/crypto/external/bsd/openssh/dist/kex.h \
src/crypto/external/bsd/openssh/dist/misc.c \
src/crypto/external/bsd/openssh/dist/packet.h \
src/crypto/external/bsd/openssh/dist/servconf.h \
src/crypto/external/bsd/openssh/dist/sftp.1 \
src/crypto/external/bsd/openssh/dist/ssh-add.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/auth-pam.c \

CVS commit: src/crypto/external/bsd/openssh/dist

2017-06-26 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Jun 26 17:10:39 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: pfilter.c

Log Message:
If we've authenticated, we are already in the child and we don't need the
socket anymore.
XXX: pullup-7, pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/dist/pfilter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.3 src/crypto/external/bsd/openssh/dist/pfilter.c:1.4
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.3	Fri Jan 22 19:03:30 2016
+++ src/crypto/external/bsd/openssh/dist/pfilter.c	Mon Jun 26 13:10:39 2017
@@ -30,6 +30,10 @@ pfilter_notify(int a)
 	// XXX: 3?
  	fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
 	(void)blacklist_r(blstate, a, fd, "ssh");
+	if (a == 0) {
+		blacklist_close(blstate);
+		blstate = NULL;
+	}
 #else
 	__USE(a);
 #endif

CVS commit: src/crypto/external/bsd/openssh/dist

2017-04-20 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Thu Apr 20 13:22:59 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
GC multistate_privsep.


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.23 src/crypto/external/bsd/openssh/dist/servconf.c:1.24
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.23	Tue Apr 18 18:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Thu Apr 20 13:22:59 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.23 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: servconf.c,v 1.24 2017/04/20 13:22:59 joerg Exp $	*/
 
 /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
 /*
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.23 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.24 2017/04/20 13:22:59 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1066,13 +1066,6 @@ static const struct multistate multistat
 	{ "no",0 },
 	{ NULL, -1 }
 };
-static const struct multistate multistate_privsep[] = {
-	{ "yes",			PRIVSEP_NOSANDBOX },
-	{ "sandbox",			PRIVSEP_ON },
-	{ "nosandbox",			PRIVSEP_NOSANDBOX },
-	{ "no",PRIVSEP_OFF },
-	{ NULL, -1 }
-};
 static const struct multistate multistate_tcpfwd[] = {
 	{ "yes",			FORWARD_ALLOW },
 	{ "all",			FORWARD_ALLOW },

CVS commit: src/crypto/external/bsd/openssh/dist

2017-04-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Apr 19 15:34:25 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd_config

Log Message:
fix conflict.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.20 src/crypto/external/bsd/openssh/dist/sshd_config:1.21
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.20	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Wed Apr 19 11:34:25 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.20 2017/04/18 18:41:46 christos Exp $
+#	$NetBSD: sshd_config,v 1.21 2017/04/19 15:34:25 christos Exp $
 #	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -74,11 +74,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-<<< sshd_config
 #UsePrivilegeSeparation sandbox
 UsePam yes
-===
->>> 1.1.1.15
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

CVS commit: src/crypto/external/bsd/openssh/lib

2017-04-18 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Apr 18 18:41:59 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/lib: shlib_version

Log Message:
bump


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/lib/shlib_version

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/lib/shlib_version
diff -u src/crypto/external/bsd/openssh/lib/shlib_version:1.18 src/crypto/external/bsd/openssh/lib/shlib_version:1.19
--- src/crypto/external/bsd/openssh/lib/shlib_version:1.18	Sat Dec 24 19:07:47 2016
+++ src/crypto/external/bsd/openssh/lib/shlib_version	Tue Apr 18 14:41:59 2017
@@ -1,5 +1,5 @@
-#	$NetBSD: shlib_version,v 1.18 2016/12/25 00:07:47 christos Exp $
+#	$NetBSD: shlib_version,v 1.19 2017/04/18 18:41:59 christos Exp $
 #	Remember to update distrib/sets/lists/base/shl.* when changing
 #
-major=29
+major=30
 minor=0

CVS commit: src/crypto/external/bsd/openssh/dist

2017-02-16 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb 16 17:56:07 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-pubkey.c

Log Message:
PR/51973: Use proper fd for AuthorizedKeysCommand


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.15 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.16
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.15	Sat Dec 24 19:07:46 2016
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Thu Feb 16 12:56:07 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.16 2017/02/16 17:56:07 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.16 2017/02/16 17:56:07 christos Exp $");
 #include 
 #include 
 #include 
@@ -839,13 +839,6 @@ check_authkeys_file(FILE *f, char *file,
 	}
 	}
 #endif
-	debug("trying public key file %s", file);
-	f = auth_openkeyfile(file, pw, options.strict_modes);
-
-	if (!f) {
-		restore_uid();
-		return 0;
-	}
 
 	found_key = 0;

CVS commit: src/crypto/external/bsd/openssh/dist

2017-02-01 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Feb  1 14:27:37 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd_config

Log Message:
match the man page, and explain why.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.18 src/crypto/external/bsd/openssh/dist/sshd_config:1.19
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.18	Sat Dec 24 19:07:47 2016
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Wed Feb  1 09:27:37 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.18 2016/12/25 00:07:47 christos Exp $
+#	$NetBSD: sshd_config,v 1.19 2017/02/01 14:27:37 christos Exp $
 #	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -28,7 +28,8 @@
 
 # Authentication:
 
-#LoginGraceTime 2m
+# For slow CPUs, bumped from 2 minutes to 10
+LoginGraceTime 600
 #PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6

CVS commit: src/crypto/external/bsd/openssh/bin

2017-01-28 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Jan 28 23:38:48 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/bin/ssh: Makefile
src/crypto/external/bsd/openssh/bin/sshd: Makefile

Log Message:
krb5 needs sqlite3 now


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/bin/ssh/Makefile
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/bin/sshd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/bin/ssh/Makefile
diff -u src/crypto/external/bsd/openssh/bin/ssh/Makefile:1.10 src/crypto/external/bsd/openssh/bin/ssh/Makefile:1.11
--- src/crypto/external/bsd/openssh/bin/ssh/Makefile:1.10	Tue Aug  2 09:45:12 2016
+++ src/crypto/external/bsd/openssh/bin/ssh/Makefile	Sat Jan 28 18:38:48 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.10 2016/08/02 13:45:12 christos Exp $
+#	$NetBSD: Makefile,v 1.11 2017/01/28 23:38:48 christos Exp $
 
 .include 
 
@@ -29,8 +29,8 @@ DPADD+=	${LIBKRB5} ${LIBHX509} ${LIBHEIM
 LDADD+=	-lkafs -lasn1 -lcrypt
 DPADD+=	${LIBKAFS} ${LIBASN1} ${LIBCRYPT}
 
-LDADD+=	-lcom_err -lroken -lutil
-DPADD+=	${LIBCOM_ERR} ${LIBROKEN} ${LIBUTIL}
+LDADD+=	-lcom_err -lroken -lsqlite3 -lutil
+DPADD+=	${LIBCOM_ERR} ${LIBROKEN} ${LIBSQLITE3} ${LIBUTIL}
 .endif
 
 .include 

Index: src/crypto/external/bsd/openssh/bin/sshd/Makefile
diff -u src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.14 src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.15
--- src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.14	Sat Dec 24 19:07:46 2016
+++ src/crypto/external/bsd/openssh/bin/sshd/Makefile	Sat Jan 28 18:38:48 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.14 2016/12/25 00:07:46 christos Exp $
+#	$NetBSD: Makefile,v 1.15 2017/01/28 23:38:48 christos Exp $
 
 .include 
 
@@ -51,8 +51,8 @@ SRCS+=	auth2-krb5.c
 LDADD+=	-lkrb5 -lasn1
 DPADD+=	${LIBKRB5} ${LIBASN1}
 
-LDADD+=	-lcom_err -lroken
-DPADD+=	${LIBCOM_ERR} ${LIBROKEN}
+LDADD+=	-lcom_err -lroken -lsqlite3
+DPADD+=	${LIBCOM_ERR} ${LIBROKEN} ${LIBSQLITE3}
 .endif
 
 .if (${USE_LDAP} != "no")

CVS commit: src/crypto/external/bsd/openssh/dist

2017-01-10 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Jan 10 13:53:26 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
include  for close, pipe, dup2 etc.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.20 src/crypto/external/bsd/openssh/dist/monitor.c:1.21
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.20	Sat Dec 24 19:07:47 2016
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Tue Jan 10 08:53:26 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.21 2017/01/10 13:53:26 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.21 2017/01/10 13:53:26 christos Exp $");
 #include 
 #include 
 #include 
@@ -47,6 +47,7 @@ __RCSID("$NetBSD: monitor.c,v 1.20 2016/
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include

CVS commit: src/crypto/external/bsd/openssh/dist

2016-08-03 Thread Jonathan A. Kollasch 
Module Name:src
Committed By:   jakllsch
Date:   Wed Aug  3 15:24:28 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: utf8.c utf8.h

Log Message:
Add some missing __attribute__((format(printf annotations.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/utf8.c
cvs rdiff -u -r1.1.1.1 -r1.2 src/crypto/external/bsd/openssh/dist/utf8.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/utf8.c
diff -u src/crypto/external/bsd/openssh/dist/utf8.c:1.2 src/crypto/external/bsd/openssh/dist/utf8.c:1.3
--- src/crypto/external/bsd/openssh/dist/utf8.c:1.2	Tue Aug  2 13:45:12 2016
+++ src/crypto/external/bsd/openssh/dist/utf8.c	Wed Aug  3 15:24:28 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: utf8.c,v 1.2 2016/08/02 13:45:12 christos Exp $	*/
+/*	$NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $	*/
 /* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */
 /*
  * Copyright (c) 2016 Ingo Schwarze 
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: utf8.c,v 1.2 2016/08/02 13:45:12 christos Exp $");
+__RCSID("$NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $");
 /*
  * Utility functions for multibyte-character handling,
  * in particular to sanitize untrusted strings for terminal output.
@@ -37,7 +37,8 @@ __RCSID("$NetBSD: utf8.c,v 1.2 2016/08/0
 
 static int	 dangerous_locale(void);
 static int	 grow_dst(char **, size_t *, size_t, char **, size_t);
-static int	 vasnmprintf(char **, size_t, int *, const char *, va_list);
+static int	 vasnmprintf(char **, size_t, int *, const char *, va_list)
+		 __attribute__((format(printf, 4, 0)));
 
 
 /*

Index: src/crypto/external/bsd/openssh/dist/utf8.h
diff -u src/crypto/external/bsd/openssh/dist/utf8.h:1.1.1.1 src/crypto/external/bsd/openssh/dist/utf8.h:1.2
--- src/crypto/external/bsd/openssh/dist/utf8.h:1.1.1.1	Tue Aug  2 13:30:06 2016
+++ src/crypto/external/bsd/openssh/dist/utf8.h	Wed Aug  3 15:24:28 2016
@@ -19,6 +19,7 @@ int	 mprintf(const char *, ...)
 	 __attribute__((format(printf, 1, 2)));
 int	 fmprintf(FILE *, const char *, ...)
 	 __attribute__((format(printf, 2, 3)));
-int	 vfmprintf(FILE *, const char *, va_list);
+int	 vfmprintf(FILE *, const char *, va_list)
+	 __attribute__((format(printf, 2, 0)));
 int	 snmprintf(char *, size_t, int *, const char *, ...)
 	 __attribute__((format(printf, 4, 5)));

CVS commit: src/crypto/external/bsd/openssh/dist

2016-08-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Aug  2 13:53:45 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: canohost.c

Log Message:
remove unused code


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/canohost.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/canohost.c
diff -u src/crypto/external/bsd/openssh/dist/canohost.c:1.9 src/crypto/external/bsd/openssh/dist/canohost.c:1.10
--- src/crypto/external/bsd/openssh/dist/canohost.c:1.9	Tue Aug  2 09:45:12 2016
+++ src/crypto/external/bsd/openssh/dist/canohost.c	Tue Aug  2 09:53:44 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: canohost.c,v 1.9 2016/08/02 13:45:12 christos Exp $	*/
+/*	$NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $	*/
 /* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: canohost.c,v 1.9 2016/08/02 13:45:12 christos Exp $");
+__RCSID("$NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $");
 #include 
 #include 
 #include 
@@ -36,173 +36,6 @@ __RCSID("$NetBSD: canohost.c,v 1.9 2016/
 #include "canohost.h"
 #include "misc.h"
 
-#if removeme
-static void check_ip_options(int, char *);
-static char *canonical_host_ip = NULL;
-static int cached_port = -1;
-
-/*
- * Return the canonical name of the host at the other end of the socket. The
- * caller should free the returned string.
- */
-
-static char *
-get_remote_hostname(int sock, int use_dns)
-{
-	struct sockaddr_storage from;
-	socklen_t fromlen;
-	struct addrinfo hints, *ai, *aitop;
-	char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST];
-
-	/* Get IP address of client. */
-	fromlen = sizeof(from);
-	memset(, 0, sizeof(from));
-	if (getpeername(sock, (struct sockaddr *), ) < 0) {
-		debug("getpeername failed: %.100s", strerror(errno));
-		cleanup_exit(255);
-	}
-
-	if (getnameinfo((struct sockaddr *), fromlen, ntop, sizeof(ntop),
-	NULL, 0, NI_NUMERICHOST) != 0)
-		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
-
-	if (from.ss_family == AF_INET)
-		check_ip_options(sock, ntop);
-
-	if (!use_dns)
-		return xstrdup(ntop);
-
-	debug3("Trying to reverse map address %.100s.", ntop);
-	/* Map the IP address to a host name. */
-	if (getnameinfo((struct sockaddr *), fromlen, name, sizeof(name),
-	NULL, 0, NI_NAMEREQD) != 0) {
-		/* Host name not found.  Use ip address. */
-		return xstrdup(ntop);
-	}
-
-	/*
-	 * if reverse lookup result looks like a numeric hostname,
-	 * someone is trying to trick us by PTR record like following:
-	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
-	 */
-	memset(, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
-	hints.ai_flags = AI_NUMERICHOST;
-	if (getaddrinfo(name, NULL, , ) == 0) {
-		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
-		name, ntop);
-		freeaddrinfo(ai);
-		return xstrdup(ntop);
-	}
-
-	/* Names are stores in lowercase. */
-	lowercase(name);
-
-	/*
-	 * Map it back to an IP address and check that the given
-	 * address actually is an address of this host.  This is
-	 * necessary because anyone with access to a name server can
-	 * define arbitrary names for an IP address. Mapping from
-	 * name to IP address can be trusted better (but can still be
-	 * fooled if the intruder has access to the name server of
-	 * the domain).
-	 */
-	memset(, 0, sizeof(hints));
-	hints.ai_family = from.ss_family;
-	hints.ai_socktype = SOCK_STREAM;
-	if (getaddrinfo(name, NULL, , ) != 0) {
-		logit("reverse mapping checking getaddrinfo for %.700s "
-		"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
-		return xstrdup(ntop);
-	}
-	/* Look for the address from the list of addresses. */
-	for (ai = aitop; ai; ai = ai->ai_next) {
-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
-		sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
-		(strcmp(ntop, ntop2) == 0))
-break;
-	}
-	freeaddrinfo(aitop);
-	/* If we reached the end of the list, the address was not there. */
-	if (!ai) {
-		/* Address not found for the host name. */
-		logit("Address %.100s maps to %.600s, but this does not "
-		"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
-		ntop, name);
-		return xstrdup(ntop);
-	}
-	return xstrdup(name);
-}
-
-/*
- * If IP options are supported, make sure there are none (log and
- * disconnect them if any are found).  Basically we are worried about
- * source routing; it can be used to pretend you are somebody
- * (ip-address) you are not. That itself may be "almost acceptable"
- * under certain circumstances, but rhosts autentication is useless
- * if source routing is accepted. Notice also that if we just dropped
- * source routing here, the other side could use IP spoofing to do
- * rest of the interaction and could still

CVS commit: src/crypto/external/bsd/openssh/dist

2016-04-14 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Apr 14 16:42:09 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: session.c

Log Message:
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.

CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
https://anongit.mindrot.org/openssh.git/commit/?\
id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.18 src/crypto/external/bsd/openssh/dist/session.c:1.19
--- src/crypto/external/bsd/openssh/dist/session.c:1.18	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/session.c	Thu Apr 14 12:42:09 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.280 2016/02/16 03:37:48 djm Exp $ */
 
 /*
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $");
 #include 
 #include 
 #include 
@@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she
 	 * Pull in any environment variables that may have
 	 * been set by PAM.
 	 */
-	if (options.use_pam) {
+	if (options.use_pam && !options.use_login) {
 		char **p;
 
 		p = fetch_pam_child_environment();

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:06:06 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: kex.c

Log Message:
CID 1356388: Prevent DoS from Tainted scalar


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/kex.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/kex.c
diff -u src/crypto/external/bsd/openssh/dist/kex.c:1.14 src/crypto/external/bsd/openssh/dist/kex.c:1.15
--- src/crypto/external/bsd/openssh/dist/kex.c:1.14	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/kex.c	Wed Mar 16 17:06:06 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: kex.c,v 1.14 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: kex.c,v 1.15 2016/03/16 21:06:06 christos Exp $	*/
 /* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: kex.c,v 1.14 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: kex.c,v 1.15 2016/03/16 21:06:06 christos Exp $");
 #include 	/* MAX roundup */
 
 #include 
@@ -364,6 +364,10 @@ kex_input_ext_info(int type, u_int32_t s
 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, _protocol_error);
 	if ((r = sshpkt_get_u32(ssh, )) != 0)
 		return r;
+	if (ninfo > 1024) {
+		fatal("%s: too many %u fields", __func__, ninfo);
+		return SSH_ERR_INTERNAL_ERROR;
+	}
 	for (i = 0; i < ninfo; i++) {
 		if ((r = sshpkt_get_cstring(ssh, , NULL)) != 0)
 			return r;

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:41:25 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
remove unused variable


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.23
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22	Wed Mar 16 17:07:59 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Wed Mar 16 17:41:25 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.23 2016/03/16 21:41:25 christos Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.23 2016/03/16 21:41:25 christos Exp $");
 #include 
 #include 
 #include 
@@ -1906,7 +1906,6 @@ __dead static void
 do_show_cert(struct passwd *pw)
 {
 	struct sshkey *key = NULL;
-	struct stat st;
 	int r, is_stdin = 0, ok = 0;
 	FILE *f;
 	char *cp, line[SSH_MAX_PUBKEY_BYTES];

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 20:55:54 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
CID 1018734: Unitialized variable


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.23 src/crypto/external/bsd/openssh/dist/packet.c:1.24
--- src/crypto/external/bsd/openssh/dist/packet.c:1.23	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/packet.c	Wed Mar 16 16:55:54 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.23 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.24 2016/03/16 20:55:54 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.229 2016/02/17 22:20:14 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.23 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.24 2016/03/16 20:55:54 christos Exp $");
 #include 	/* MIN roundup */
 #include 
 #include 
@@ -1387,7 +1387,7 @@ int
 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
 	struct session_state *state = ssh->state;
-	int len, r, ms_remain;
+	int len, r, ms_remain = 0;
 	fd_set *setp;
 	char buf[8192];
 	struct timeval timeout, start, *timeoutp = NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:07:59 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
CID 1356389: Remove TOCTOU.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21	Fri Mar 11 08:15:02 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Wed Mar 16 17:07:59 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $");
 #include 
 #include 
 #include 
@@ -1915,8 +1915,6 @@ do_show_cert(struct passwd *pw)
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (strcmp(identity_file, "-") != 0 && stat(identity_file, ) < 0)
-		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 
 	path = identity_file;
 	if (strcmp(path, "-") == 0) {

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:00:37 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: sshconnect.c

Log Message:
CID 1356386: Don't leak sock


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sshconnect.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshconnect.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect.c:1.16 src/crypto/external/bsd/openssh/dist/sshconnect.c:1.17
--- src/crypto/external/bsd/openssh/dist/sshconnect.c:1.16	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/sshconnect.c	Wed Mar 16 17:00:37 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect.c,v 1.16 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $	*/
 /* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */
 
 /*
@@ -16,7 +16,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect.c,v 1.16 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $");
 #include 	/* roundup */
 #include 
 #include 
@@ -1552,4 +1552,6 @@ maybe_add_key_to_agent(char *authfile, K
 		debug("identity added to agent: %s", authfile);
 	else
 		debug("could not add identity to agent: %s (%d)", authfile, r);
+
+	close(auth_sock);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-18 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 20:57:46 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keyscan.c

Log Message:
CID 1356384: Check returns


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.15 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.16
--- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.15	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	Wed Mar 16 16:57:46 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keyscan.c,v 1.15 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: ssh-keyscan.c,v 1.16 2016/03/16 20:57:46 christos Exp $	*/
 /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keyscan.c,v 1.15 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: ssh-keyscan.c,v 1.16 2016/03/16 20:57:46 christos Exp $");
 
 #include 
 #include 
@@ -307,6 +307,7 @@ static void
 keyprint_one(char *host, struct sshkey *key)
 {
 	char *hostport;
+	int r;
 
 	if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
 		fatal("host_hash failed");
@@ -314,7 +315,9 @@ keyprint_one(char *host, struct sshkey *
 	hostport = put_host_port(host, ssh_port);
 	if (!get_cert)
 		fprintf(stdout, "%s ", hostport);
-	sshkey_write(key, stdout);
+	if ((r = sshkey_write(key, stdout)) != 0)
+		error("key_write failed: %s", ssh_err(r));
+
 	fputs("\n", stdout);
 	free(hostport);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-11 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar 11 13:15:02 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
Add more __dead; pointed out by clang (from tnn@)


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.20 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.20	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Fri Mar 11 08:15:02 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.20 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.20 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $");
 #include 
 #include 
 #include 
@@ -821,7 +821,7 @@ try_read_key(char **cpp)
 	return NULL;
 }
 
-static __dead void
+static void
 fingerprint_one_key(const struct sshkey *public, const char *comment)
 {
 	char *fp = NULL, *ra = NULL;
@@ -866,7 +866,7 @@ fingerprint_private(const char *path)
 	free(comment);
 }
 
-static void
+__dead static void
 do_fingerprint(struct passwd *pw)
 {
 	FILE *f;
@@ -1902,7 +1902,7 @@ print_cert(struct sshkey *key)
 	}
 }
 
-static void
+__dead static void
 do_show_cert(struct passwd *pw)
 {
 	struct sshkey *key = NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-10 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar 11 03:54:27 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.h

Log Message:
fix pam build.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/crypto/external/bsd/openssh/dist/sshkey.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.h
diff -u src/crypto/external/bsd/openssh/dist/sshkey.h:1.1.1.5 src/crypto/external/bsd/openssh/dist/sshkey.h:1.2
--- src/crypto/external/bsd/openssh/dist/sshkey.h:1.1.1.5	Thu Mar 10 20:50:02 2016
+++ src/crypto/external/bsd/openssh/dist/sshkey.h	Thu Mar 10 22:54:27 2016
@@ -26,6 +26,7 @@
 #ifndef SSHKEY_H
 #define SSHKEY_H
 
+#include "includes.h"
 #include 
 
 #ifdef WITH_OPENSSL

CVS commit: src/crypto/external/bsd/openssh/dist

2016-02-04 Thread Sean Boudreau 
Module Name:src
Committed By:   seanb
Date:   Thu Feb  4 15:04:11 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: session.c

Log Message:
- Avoid uninitialized variable usage in do_nologin() when HAVE_LOGIN_CAP
  isn't defined (which doesn't apply to NetBSD but...) and a root
  login is being evaluated.
- From upstream.


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.16 src/crypto/external/bsd/openssh/dist/session.c:1.17
--- src/crypto/external/bsd/openssh/dist/session.c:1.16	Mon Jul  6 15:09:17 2015
+++ src/crypto/external/bsd/openssh/dist/session.c	Thu Feb  4 15:04:11 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.17 2016/02/04 15:04:11 seanb Exp $	*/
 /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.17 2016/02/04 15:04:11 seanb Exp $");
 #include 
 #include 
 #include 
@@ -1339,16 +1339,17 @@ do_nologin(struct passwd *pw)
 	if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
 		return;
 	nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
-
+#else
+	if (pw->pw_uid == 0)
+		return;
+	nl = def_nl;
+#endif
 	if (stat(nl, ) == -1) {
 		if (nl != def_nl)
 			free(nl);
 		return;
 	}
-#else
-	if (pw->pw_uid)
-		nl = def_nl;
-#endif
+
 	/* /etc/nologin exists.  Print its contents if we can and exit. */
 	logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
 	if ((f = fopen(nl, "r")) != NULL) {

CVS commit: src/crypto/external/bsd/openssh/dist

2016-01-22 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Jan 23 00:03:30 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c auth.c auth1.c
pfilter.c

Log Message:
add more blacklist rejection points.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/auth.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth1.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/pfilter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.8
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7	Thu Jul  2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Fri Jan 22 19:03:30 2016
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -114,6 +114,7 @@ void sshpam_password_change_required(int
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "pfilter.h"
 
 extern ServerOptions options;
 extern Buffer loginmsg;
@@ -809,6 +810,7 @@ sshpam_query(void *ctx, char **name, cha
 free(msg);
 return (0);
 			}
+			pfilter_notify(1);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			sshpam_authctxt->valid ? "" : "illegal user ",
 			sshpam_authctxt->user,

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.15 src/crypto/external/bsd/openssh/dist/auth.c:1.16
--- src/crypto/external/bsd/openssh/dist/auth.c:1.15	Fri Aug 21 04:20:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth.c	Fri Jan 22 19:03:30 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $	*/
+/*	$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $	*/
 /* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $");
 #include 
 #include 
 
@@ -656,6 +656,7 @@ getpwnamallow(const char *user)
 
 	pw = getpwnam(user);
 	if (pw == NULL) {
+		pfilter_notify(1);
 		logit("Invalid user %.100s from %.100s",
 		user, get_remote_ipaddr());
 		return (NULL);

Index: src/crypto/external/bsd/openssh/dist/auth1.c
diff -u src/crypto/external/bsd/openssh/dist/auth1.c:1.12 src/crypto/external/bsd/openssh/dist/auth1.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth1.c:1.12	Thu Jul  2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth1.c	Fri Jan 22 19:03:30 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $	*/
+/*	$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $	*/
 /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $");
 #include 
 #include 
 
@@ -376,6 +376,7 @@ do_authloop(Authctxt *authctxt)
 			char *msg;
 			size_t len;
 
+			pfilter_notify(1);
 			error("Access denied for user %s by PAM account "
 			"configuration", authctxt->user);
 			len = buffer_len();

Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.2 src/crypto/external/bsd/openssh/dist/pfilter.c:1.3
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.2	Sun Jan 25 22:57:17 2015
+++ src/crypto/external/bsd/openssh/dist/pfilter.c	Fri Jan 22 19:03:30 2016
@@ -1,4 +1,5 @@
 #include "namespace.h"
+#include "includes.h"
 #include "ssh.h"
 #include "packet.h"
 #include "log.h"

CVS commit: src/crypto/external/bsd/openssh

2016-01-14 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Jan 14 22:30:05 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/bin/ssh: Makefile
src/crypto/external/bsd/openssh/bin/sshd: Makefile
src/crypto/external/bsd/openssh/dist: clientloop.c kex.c kex.h
monitor.c monitor_wrap.c opacket.c opacket.h packet.c readconf.c
readconf.h serverloop.c ssh.c ssh2.h sshconnect.c sshconnect2.c
sshd.c version.h
src/crypto/external/bsd/openssh/lib: Makefile shlib_version
Removed Files:
src/crypto/external/bsd/openssh/dist: roaming.h roaming_client.c
roaming_common.c roaming_dummy.c roaming_serv.c

Log Message:
get rid of roaming (CVE-2016-0777)


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/bin/ssh/Makefile
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/bin/sshd/Makefile
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/clientloop.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/kex.h
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/monitor.c \
src/crypto/external/bsd/openssh/dist/readconf.c
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/dist/opacket.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/opacket.h
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/readconf.h \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.6 -r0 src/crypto/external/bsd/openssh/dist/roaming.h
cvs rdiff -u -r1.7 -r0 src/crypto/external/bsd/openssh/dist/roaming_client.c
cvs rdiff -u -r1.9 -r0 src/crypto/external/bsd/openssh/dist/roaming_common.c
cvs rdiff -u -r1.4 -r0 src/crypto/external/bsd/openssh/dist/roaming_dummy.c \
src/crypto/external/bsd/openssh/dist/roaming_serv.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/ssh.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/ssh2.h
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/sshconnect2.c \
src/crypto/external/bsd/openssh/dist/sshd.c
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/lib/Makefile
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/lib/shlib_version

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/bin/ssh/Makefile
diff -u src/crypto/external/bsd/openssh/bin/ssh/Makefile:1.8 src/crypto/external/bsd/openssh/bin/ssh/Makefile:1.9
--- src/crypto/external/bsd/openssh/bin/ssh/Makefile:1.8	Fri Aug 10 08:20:12 2012
+++ src/crypto/external/bsd/openssh/bin/ssh/Makefile	Thu Jan 14 17:30:04 2016
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.8 2012/08/10 12:20:12 joerg Exp $
+#	$NetBSD: Makefile,v 1.9 2016/01/14 22:30:04 christos Exp $
 
 .include 
 
@@ -6,8 +6,7 @@ BINDIR = /usr/bin
 
 PROG=	ssh
 SRCS=	ssh.c readconf.c clientloop.c sshtty.c \
-	sshconnect.c sshconnect1.c sshconnect2.c mux.c \
-	roaming_common.c roaming_client.c
+	sshconnect.c sshconnect1.c sshconnect2.c mux.c
 
 COPTS.sshconnect1.c=	-fno-strict-aliasing
 COPTS.mux.c=		-Wno-pointer-sign

Index: src/crypto/external/bsd/openssh/bin/sshd/Makefile
diff -u src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.12 src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.13
--- src/crypto/external/bsd/openssh/bin/sshd/Makefile:1.12	Sun Jan 25 22:57:17 2015
+++ src/crypto/external/bsd/openssh/bin/sshd/Makefile	Thu Jan 14 17:30:04 2016
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.12 2015/01/26 03:57:17 christos Exp $
+#	$NetBSD: Makefile,v 1.13 2016/01/14 22:30:04 christos Exp $
 
 .include 
 
@@ -15,7 +15,7 @@ SRCS=	sshd.c auth-rhosts.c auth-passwd.c
 	auth2-none.c auth2-passwd.c auth2-pubkey.c \
 	monitor_mm.c monitor.c monitor_wrap.c \
 	kexdhs.c kexgexs.c kexecdhs.c sftp-server.c sftp-common.c \
-	roaming_common.c roaming_serv.c sandbox-rlimit.c pfilter.c
+	sandbox-rlimit.c pfilter.c
 
 COPTS.auth-options.c=	-Wno-pointer-sign
 COPTS.ldapauth.c=	-Wno-format-nonliteral	# XXX: should fix

Index: src/crypto/external/bsd/openssh/dist/clientloop.c
diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.15 src/crypto/external/bsd/openssh/dist/clientloop.c:1.16
--- src/crypto/external/bsd/openssh/dist/clientloop.c:1.15	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/clientloop.c	Thu Jan 14 17:30:04 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: clientloop.c,v 1.15 2015/08/13 10:33:21 christos Exp $	*/
+/*	$NetBSD: clientloop.c,v 1.16 2016/01/14 22:30:04 christos Exp $	*/
 /* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
 /*
  * Author: Tatu

CVS commit: src/crypto/external/bsd/openssh/dist

2015-12-16 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Dec 16 13:23:38 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: sftp.c

Log Message:
PR/50564: Rin Okuyama: sftp: filename completion is broken


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sftp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp.c
diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.16 src/crypto/external/bsd/openssh/dist/sftp.c:1.17
--- src/crypto/external/bsd/openssh/dist/sftp.c:1.16	Fri Aug 21 04:20:59 2015
+++ src/crypto/external/bsd/openssh/dist/sftp.c	Wed Dec 16 08:23:38 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $	*/
+/*	$NetBSD: sftp.c,v 1.17 2015/12/16 13:23:38 christos Exp $	*/
 /* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller 
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: sftp.c,v 1.17 2015/12/16 13:23:38 christos Exp $");
 #include 	/* MIN MAX */
 #include 
 #include 
@@ -1845,8 +1845,8 @@ complete_match(EditLine *el, struct sftp
 	if (remote != LOCAL) {
 		tmp = make_absolute(tmp, remote_path);
 		remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, );
+	} else
 		glob(tmp, GLOB_LIMIT|GLOB_DOOFFS|GLOB_MARK, NULL, );
-	}
 	
 	/* Determine length of pwd so we can trim completion display */
 	for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) {

CVS commit: src/crypto/external/bsd/openssh/dist

2015-11-12 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Nov 12 20:14:55 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: moduli

Log Message:
put back the old ones until the rest is generated


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/moduli

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/moduli
diff -u src/crypto/external/bsd/openssh/dist/moduli:1.5 src/crypto/external/bsd/openssh/dist/moduli:1.6
--- src/crypto/external/bsd/openssh/dist/moduli:1.5	Thu Nov 12 13:28:34 2015
+++ src/crypto/external/bsd/openssh/dist/moduli	Thu Nov 12 15:14:55 2015
@@ -1,42 +1,187 @@
-#	$NetBSD: moduli,v 1.5 2015/11/12 18:28:34 christos Exp $
+#	$NetBSD: moduli,v 1.6 2015/11/12 20:14:55 christos Exp $
+#	$OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $
 
 # Time Type Tests Tries Size Generator Modulus
-20151112182404 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AE85A87
-20151112182405 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AED242B
-20151112182405 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AF6D7BF
-20151112182406 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B038613
-20151112182406 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B0FE1E7
-20151112182408 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B3BC8CB
-20151112182408 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B3BFB9B
-20151112182409 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B519C9F
-20151112182409 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B619623
-20151112182410 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B74C0F7
-20151112182412 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BB00937
-20151112182412 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BB071BF
-20151112182413 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BC061A7
-20151112182413 2 6 100 1023 2

CVS commit: src/crypto/external/bsd/openssh/dist

2015-11-12 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Nov 12 18:28:34 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: moduli

Log Message:
Regen; it's been a *long* while.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/moduli

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/moduli
diff -u src/crypto/external/bsd/openssh/dist/moduli:1.4 src/crypto/external/bsd/openssh/dist/moduli:1.5
--- src/crypto/external/bsd/openssh/dist/moduli:1.4	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/moduli	Thu Nov 12 13:28:34 2015
@@ -1,187 +1,42 @@
-#	$NetBSD: moduli,v 1.4 2015/04/03 23:58:19 christos Exp $
-#	$OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $
+#	$NetBSD: moduli,v 1.5 2015/11/12 18:28:34 christos Exp $
 
 # Time Type Tests Tries Size Generator Modulus
-20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB
-20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7
-20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97
-20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7
-20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B
-20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3
-20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3
-20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB
-20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383
-20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F
-20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B
-20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F
-20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B
-20031210005548 2 6 100 1023 2

CVS commit: src/crypto/external/bsd/openssh/dist

2015-08-21 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Aug 21 08:20:59 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth.c compat.c dns.c mux.c
packet.c sftp-server.c sftp.c ssh-keygen.1 ssh-keygen.c
ssh-pkcs11-helper.c ssh_config.5 sshconnect.c sshd.c sshd_config.5
sshkey.c version.h

Log Message:
merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/ssh-keygen.1
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/compat.c \
src/crypto/external/bsd/openssh/dist/mux.c \
src/crypto/external/bsd/openssh/dist/sftp-server.c \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/dns.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sftp.c \
src/crypto/external/bsd/openssh/dist/ssh_config.5
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/sshd.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.14 src/crypto/external/bsd/openssh/dist/auth.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth.c:1.14	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/auth.c	Fri Aug 21 04:20:59 2015
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth.c,v 1.14 2015/08/13 10:33:21 christos Exp $	*/
-/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
+/*	$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $	*/
+/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth.c,v 1.14 2015/08/13 10:33:21 christos Exp $);
+__RCSID($NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 
@@ -392,7 +392,7 @@ auth_root_allowed(const char *method)
 	case PERMIT_NO_PASSWD:
 		if (strcmp(method, publickey) == 0 ||
 		strcmp(method, hostbased) == 0 ||
-		strcmp(method, gssapi-with-mic))
+		strcmp(method, gssapi-with-mic) == 0)
 			return 1;
 		break;
 	case PERMIT_FORCED_ONLY:
Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.14 src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.15
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.14	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.1	Fri Aug 21 04:20:59 2015
@@ -1,5 +1,5 @@
-.\	$NetBSD: ssh-keygen.1,v 1.14 2015/08/13 10:33:21 christos Exp $
-.\	$OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $
+.\	$NetBSD: ssh-keygen.1,v 1.15 2015/08/21 08:20:59 christos Exp $
+.\	$OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
 .\
 .\  -*- nroff -*-
 .\
@@ -38,7 +38,7 @@
 .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\
-.Dd July 3 2015
+.Dd August 20 2015
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -686,7 +686,7 @@ and identifying the CA key by providing 
 to
 .Fl s :
 .Pp
-.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
 .Pp
 In all cases,
 .Ar key_id
@@ -699,7 +699,7 @@ By default, generated certificates are v
 To generate a certificate for a specified set of principals:
 .Pp
 .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
-.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
 .Pp
 Additional limitations on the validity and use of user certificates may
 be specified through certificate options.

Index: src/crypto/external/bsd/openssh/dist/compat.c
diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.12 src/crypto/external/bsd/openssh/dist/compat.c:1.13
--- src/crypto/external/bsd/openssh/dist/compat.c:1.12	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/compat.c	Fri Aug 21 04:20:59 2015
@@ -1,5 +1,5 @@
-/*	$NetBSD: compat.c,v 1.12 2015/08/13 10:33:21 christos Exp $	*/
-/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
+/*	$NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $	*/
+/* $OpenBSD: compat.c,v 1.97 2015/08/19

CVS commit: src/crypto/external/bsd/openssh/lib

2015-08-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Aug 13 10:32:36 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/lib: shlib_version

Log Message:
bump version


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/lib/shlib_version

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/lib/shlib_version
diff -u src/crypto/external/bsd/openssh/lib/shlib_version:1.14 src/crypto/external/bsd/openssh/lib/shlib_version:1.15
--- src/crypto/external/bsd/openssh/lib/shlib_version:1.14	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/lib/shlib_version	Thu Aug 13 06:32:36 2015
@@ -1,5 +1,5 @@
-#	$NetBSD: shlib_version,v 1.14 2015/07/03 01:00:00 christos Exp $
+#	$NetBSD: shlib_version,v 1.15 2015/08/13 10:32:36 christos Exp $
 #	Remember to update distrib/sets/lists/base/shl.* when changing
 #
-major=25
+major=26
 minor=0

CVS commit: src/crypto/external/bsd/openssh/dist

2015-08-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Aug 13 10:33:21 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: OVERVIEW PROTOCOL PROTOCOL.mux
addrmatch.c auth-options.c auth.c auth2-chall.c authfd.c authfile.c
cipher.h clientloop.c compat.c kex.c kex.h key.c key.h krl.c log.c
monitor.c myproposal.h packet.c readconf.c readconf.h scp.1
servconf.c servconf.h ssh-add.c ssh-agent.c ssh-keygen.1
ssh-keygen.c ssh-keysign.c ssh-pkcs11.c ssh.1 ssh.c ssh.h
ssh_config.5 sshconnect2.c sshd.8 sshd.c sshd_config sshd_config.5
sshkey.c sshpty.c version.h

Log Message:
merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/OVERVIEW \
src/crypto/external/bsd/openssh/dist/sshkey.c \
src/crypto/external/bsd/openssh/dist/sshpty.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/krl.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/PROTOCOL.mux \
src/crypto/external/bsd/openssh/dist/cipher.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/addrmatch.c \
src/crypto/external/bsd/openssh/dist/auth2-chall.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssh/dist/auth-options.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/ssh-keygen.1
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/authfd.c \
src/crypto/external/bsd/openssh/dist/kex.h \
src/crypto/external/bsd/openssh/dist/key.h \
src/crypto/external/bsd/openssh/dist/scp.1 \
src/crypto/external/bsd/openssh/dist/ssh-keysign.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/authfile.c \
src/crypto/external/bsd/openssh/dist/compat.c \
src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/myproposal.h \
src/crypto/external/bsd/openssh/dist/ssh-add.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/clientloop.c \
src/crypto/external/bsd/openssh/dist/ssh_config.5 \
src/crypto/external/bsd/openssh/dist/sshd.8 \
src/crypto/external/bsd/openssh/dist/sshd_config
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/key.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/log.c \
src/crypto/external/bsd/openssh/dist/readconf.h \
src/crypto/external/bsd/openssh/dist/servconf.h
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/monitor.c \
src/crypto/external/bsd/openssh/dist/readconf.c \
src/crypto/external/bsd/openssh/dist/ssh-agent.c \
src/crypto/external/bsd/openssh/dist/ssh.1 \
src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/servconf.c \
src/crypto/external/bsd/openssh/dist/ssh.c \
src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/ssh.h
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/OVERVIEW
diff -u src/crypto/external/bsd/openssh/dist/OVERVIEW:1.4 src/crypto/external/bsd/openssh/dist/OVERVIEW:1.5
--- src/crypto/external/bsd/openssh/dist/OVERVIEW:1.4	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/OVERVIEW	Thu Aug 13 06:33:21 2015
@@ -65,8 +65,8 @@ these programs.
   packets.  CRC code comes from crc32.c.
 
 - The code in packet.c calls the buffer manipulation routines
-  (buffer.c, bufaux.c), compression routines (compress.c, zlib),
-  and the encryption routines.
+  (buffer.c, bufaux.c), compression routines (zlib), and the
+  encryption routines.
 
   X11, TCP/IP, and Agent forwarding
 
@@ -165,5 +165,5 @@ these programs.
 	uidswap.cuid-swapping
 	xmalloc.csafe malloc routines
 
-$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
-$NetBSD: OVERVIEW,v 1.4 2015/04/03 23:58:19 christos Exp $
+$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $
+$NetBSD: OVERVIEW,v 1.5 2015/08/13 10:33:21 christos Exp $
Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.4 src/crypto/external/bsd/openssh/dist/sshkey.c:1.5
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.4	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Thu Aug 13 06:33:21 2015
@@ -1,5 +1,5 @@
-/*	$NetBSD: sshkey.c,v 1.4 2015/07/03 01:00:00

CVS commit: src/crypto/external/bsd/openssh/dist

2015-07-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Jul 29 15:04:40 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-chall.c

Log Message:
From FreeBSD:
A remote attacker may effectively bypass MaxAuthTries settings, which would
enable them to brute force passwords. [CVE-2015-5600]
XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth2-chall.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-chall.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.7 src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.8
--- src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.7	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/auth2-chall.c	Wed Jul 29 11:04:40 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $	*/
 /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $);
 #include sys/types.h
 
 #include stdio.h
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
 	void *ctxt;
 	KbdintDevice *device;
 	u_int nreq;
+	u_int devices_done;
 };
 
 #ifdef USE_PAM
@@ -170,11 +171,15 @@ kbdint_next_device(Authctxt *authctxt, K
 		if (len == 0)
 			break;
 		for (i = 0; devices[i]; i++) {
-			if (!auth2_method_allowed(authctxt,
+			if ((kbdintctxt-devices_done  (1  i)) != 0 ||
+			!auth2_method_allowed(authctxt,
 			keyboard-interactive, devices[i]-name))
 continue;
-			if (strncmp(kbdintctxt-devices, devices[i]-name, len) == 0)
+			if (strncmp(kbdintctxt-devices, devices[i]-name,
+			len) == 0) {
 kbdintctxt-device = devices[i];
+kbdintctxt-devices_done |= 1  i;
+			}
 		}
 		t = kbdintctxt-devices;
 		kbdintctxt-devices = t[len] ? xstrdup(t+len+1) : NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2015-07-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Jul  6 15:09:17 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-pubkey.c readconf.c
session.c ssh.c sshconnect2.c sshd.c

Log Message:
CID 1309355: check error return from closefrom(3) where appropriate.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/readconf.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/session.c
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/ssh.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.12 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.12	Thu Jul  2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $);
+__RCSID($NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 #include sys/wait.h
@@ -474,7 +474,10 @@ subprocess(const char *tag, struct passw
 			error(%s: dup2: %s, tag, strerror(errno));
 			_exit(1);
 		}
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1) {
+			error(closefrom: %s, strerror(errno));
+			_exit(1);
+		}
 
 		/* Don't use permanently_set_uid() here to avoid fatal() */
 		if (setgid(pw-pw_gid) == -1) {

Index: src/crypto/external/bsd/openssh/dist/readconf.c
diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.14 src/crypto/external/bsd/openssh/dist/readconf.c:1.15
--- src/crypto/external/bsd/openssh/dist/readconf.c:1.14	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/readconf.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -14,7 +14,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $);
+__RCSID($NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 #include sys/socket.h
@@ -467,7 +467,8 @@ execute_in_shell(const char *cmd)
 			fatal(dup2: %s, strerror(errno));
 		if (devnull  STDERR_FILENO)
 			close(devnull);
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1)
+			fatal(closefrom: %s, strerror(errno));
 
 		argv[0] = __UNCONST(shell);
 		argv[1] = __UNCONST(-c);

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.15 src/crypto/external/bsd/openssh/dist/session.c:1.16
--- src/crypto/external/bsd/openssh/dist/session.c:1.15	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/session.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland
@@ -35,7 +35,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $);
+__RCSID($NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $);
 #include sys/types.h
 #include sys/wait.h
 #include sys/un.h
@@ -1557,7 +1557,7 @@ child_close_fds(void)
 	 * initgroups, because at least on Solaris 2.3 it leaves file
 	 * descriptors open.
 	 */
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 }
 
 /*
@@ -1688,7 +1688,7 @@ do_child(Session *s, const char *command
 			exit(1);
 	}
 
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 
 	if (!options.use_login)
 		do_rc_files(s, shell);

Index: src/crypto/external/bsd/openssh/dist/ssh.c
diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.17 src/crypto/external/bsd/openssh/dist/ssh.c:1.18
--- src/crypto/external/bsd/openssh/dist/ssh.c:1.17	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/ssh.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*

CVS commit: src/crypto/external/bsd/openssh/dist

2015-05-16 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat May 16 14:17:28 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: compat.c

Log Message:
Pass the correct length to match_patter_list; from Hanno Boeck.
XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/compat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/compat.c
diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.9 src/crypto/external/bsd/openssh/dist/compat.c:1.10
--- src/crypto/external/bsd/openssh/dist/compat.c:1.9	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/compat.c	Sat May 16 10:17:28 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: compat.c,v 1.9 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: compat.c,v 1.10 2015/05/16 14:17:28 christos Exp $	*/
 /* $OpenBSD: compat.c,v 1.87 2015/01/19 20:20:20 markus Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: compat.c,v 1.9 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: compat.c,v 1.10 2015/05/16 14:17:28 christos Exp $);
 #include sys/types.h
 
 #include stdlib.h
@@ -242,7 +242,7 @@ filter_proposal(const char *proposal, co
 	buffer_init(b);
 	tmp = orig_prop = xstrdup(proposal);
 	while ((cp = strsep(tmp, ,)) != NULL) {
-		if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
+		if (match_pattern_list(cp, filter, strlen(filter), 0) != 1) {
 			if (buffer_len(b)  0)
 buffer_append(b, ,, 1);
 			buffer_append(b, cp, strlen(cp));

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:35:16 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: sftp.c

Log Message:
CID 996110: Fix memory leak


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sftp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp.c
diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.14 src/crypto/external/bsd/openssh/dist/sftp.c:1.15
--- src/crypto/external/bsd/openssh/dist/sftp.c:1.14	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/sftp.c	Mon Apr 13 13:35:16 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp.c,v 1.14 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: sftp.c,v 1.15 2015/04/13 17:35:16 christos Exp $	*/
 /* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org
@@ -17,7 +17,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sftp.c,v 1.14 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: sftp.c,v 1.15 2015/04/13 17:35:16 christos Exp $);
 #include sys/param.h	/* MIN MAX */
 #include sys/types.h
 #include sys/ioctl.h
@@ -732,6 +732,8 @@ process_put(struct sftp_conn *conn, char
 			fflag || global_fflag) == -1)
 err = -1;
 		}
+		free(abs_dst);
+		abs_dst = NULL;
 	}
 
 out:

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:54:52 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keyscan.c

Log Message:
CID 1293644: Check returns


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.13
--- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12	Sat Apr  4 09:59:20 2015
+++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	Mon Apr 13 13:54:52 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $	*/
+/*	$NetBSD: ssh-keyscan.c,v 1.13 2015/04/13 17:54:52 christos Exp $	*/
 /* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres d...@lcs.mit.edu.
@@ -9,7 +9,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $);
+__RCSID($NetBSD: ssh-keyscan.c,v 1.13 2015/04/13 17:54:52 christos Exp $);
 
 #include sys/param.h
 #include sys/types.h
@@ -284,6 +284,7 @@ static void
 keyprint(con *c, struct sshkey *key)
 {
 	char *host = c-c_output_name ? c-c_output_name : c-c_name;
+	int r;
 
 	if (!key)
 		return;
@@ -291,7 +292,9 @@ keyprint(con *c, struct sshkey *key)
 		fatal(host_hash failed);
 
 	fprintf(stdout, %s , host);
-	sshkey_write(key, stdout);
+	if ((r = sshkey_write(key, stdout)) != 0)
+		fprintf(stderr, key_write failed: %s, ssh_err(r));
+
 	fputs(\n, stdout);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:59:21 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: clientloop.c

Log Message:
CID 1293652: Forward NULL deref


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/clientloop.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/clientloop.c
diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.12 src/crypto/external/bsd/openssh/dist/clientloop.c:1.13
--- src/crypto/external/bsd/openssh/dist/clientloop.c:1.12	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/clientloop.c	Mon Apr 13 13:59:21 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: clientloop.c,v 1.12 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: clientloop.c,v 1.13 2015/04/13 17:59:21 christos Exp $	*/
 /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -61,7 +61,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: clientloop.c,v 1.12 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: clientloop.c,v 1.13 2015/04/13 17:59:21 christos Exp $);
 
 #include sys/param.h	/* MIN MAX */
 #include sys/types.h
@@ -1594,7 +1594,8 @@ client_loop(int have_pty, int escape_cha
 			channel_after_select(readset, writeset);
 			if (need_rekeying || packet_need_rekeying()) {
 debug(need rekeying);
-active_state-kex-done = 0;
+if (active_state-kex != NULL)
+	active_state-kex-done = 0;
 if ((r = kex_send_kexinit(active_state)) != 0)
 	fatal(%s: kex_send_kexinit: %s,
 	__func__, ssh_err(r));

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:38:20 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
CID 1018734: Fix uninit


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.17 src/crypto/external/bsd/openssh/dist/packet.c:1.18
--- src/crypto/external/bsd/openssh/dist/packet.c:1.17	Wed Apr  8 11:49:46 2015
+++ src/crypto/external/bsd/openssh/dist/packet.c	Mon Apr 13 13:38:20 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.18 2015/04/13 17:38:20 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -39,7 +39,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $);
+__RCSID($NetBSD: packet.c,v 1.18 2015/04/13 17:38:20 christos Exp $);
 #include sys/param.h	/* MIN roundup */
 #include sys/types.h
 #include sys/queue.h
@@ -1262,7 +1262,7 @@ int
 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
 	struct session_state *state = ssh-state;
-	int len, r, ms_remain, cont;
+	int len, r, ms_remain = 0, cont;
 	fd_set *setp;
 	char buf[8192];
 	struct timeval timeout, start, *timeoutp = NULL;

  1   2   3   >