CVS commit: src/crypto/external/bsd/openssh/dist

2021-03-05 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar  5 17:53:51 UTC 2021

Modified Files:
src/crypto/external/bsd/openssh/dist: scp.c

Log Message:
remove __UNCONST, initialize


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/scp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.29 src/crypto/external/bsd/openssh/dist/scp.c:1.30
--- src/crypto/external/bsd/openssh/dist/scp.c:1.29	Fri Mar  5 12:47:16 2021
+++ src/crypto/external/bsd/openssh/dist/scp.c	Fri Mar  5 12:53:51 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.29 2021/03/05 17:47:16 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.30 2021/03/05 17:53:51 christos Exp $	*/
 /* $OpenBSD: scp.c,v 1.213 2020/10/18 11:32:01 djm Exp $ */
 
 /*
@@ -74,7 +74,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.29 2021/03/05 17:47:16 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.30 2021/03/05 17:53:51 christos Exp $");
 
 #include 	/* roundup MAX */
 #include 
@@ -877,7 +877,7 @@ brace_expand(const char *pattern, char *
 void
 toremote(int argc, char **argv)
 {
-	char *suser = NULL, *host = NULL, *src;
+	char *suser = NULL, *host = NULL, *src = NULL;
 	char *bp, *tuser, *thost, *targ;
 	int sport = -1, tport = -1;
 	arglist alist;
@@ -911,7 +911,7 @@ toremote(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(__UNCONST(src));
+		free(src);
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -989,16 +989,16 @@ toremote(int argc, char **argv)
 out:
 	free(tuser);
 	free(thost);
-	free(__UNCONST(targ));
+	free(targ);
 	free(suser);
 	free(host);
-	free(__UNCONST(src));
+	free(src);
 }
 
 static void
 tolocal(int argc, char **argv)
 {
-	char *bp, *host = NULL, *suser = NULL, *src;
+	char *bp, *host = NULL, *suser = NULL, *src = NULL;
 	arglist alist;
 	int i, r, sport = -1;
 
@@ -1008,7 +1008,7 @@ tolocal(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(__UNCONST(src));
+		free(src);
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -1050,7 +1050,7 @@ tolocal(int argc, char **argv)
 	}
 	free(suser);
 	free(host);
-	free(__UNCONST(src));
+	free(src);
 }
 
 void

CVS commit: src/crypto/external/bsd/openssh/dist

2020-11-12 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Nov 12 19:43:19 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: getrrsetbyname.c

Log Message:
eliminate direct use of _res for threaded programs.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssh/dist/getrrsetbyname.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/getrrsetbyname.c
diff -u src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.5 src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.6
--- src/crypto/external/bsd/openssh/dist/getrrsetbyname.c:1.5	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/getrrsetbyname.c	Thu Nov 12 14:43:18 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: getrrsetbyname.c,v 1.5 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: getrrsetbyname.c,v 1.6 2020/11/12 19:43:18 christos Exp $	*/
 /* $OpenBSD: getrrsetbyname.c,v 1.10 2005/03/30 02:58:28 tedu Exp $ */
 
 /*
@@ -47,7 +47,7 @@
 /* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
 
 #include "includes.h"
-__RCSID("$NetBSD: getrrsetbyname.c,v 1.5 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: getrrsetbyname.c,v 1.6 2020/11/12 19:43:18 christos Exp $");
 
 #ifndef HAVE_GETRRSETBYNAME
 
@@ -189,8 +189,9 @@ getrrsetbyname(const char *hostname, uns
 unsigned int rdtype, unsigned int flags,
 struct rrsetinfo **res)
 {
-	struct __res_state *_resp = _THREAD_PRIVATE(_res, _res, &_res);
+	struct __res_state *_resp;
 	int result;
+	unsigned long options;
 	struct rrsetinfo *rrset = NULL;
 	struct dns_response *response = NULL;
 	struct dns_rr *rr;
@@ -201,27 +202,33 @@ getrrsetbyname(const char *hostname, uns
 
 	/* check for invalid class and type */
 	if (rdclass > 0x || rdtype > 0x) {
-		result = ERRSET_INVAL;
-		goto fail;
+		return ERRSET_INVAL;
 	}
 
 	/* don't allow queries of class or type ANY */
 	if (rdclass == 0xff || rdtype == 0xff) {
-		result = ERRSET_INVAL;
-		goto fail;
+		return ERRSET_INVAL;
 	}
 
 	/* don't allow flags yet, unimplemented */
 	if (flags) {
-		result = ERRSET_INVAL;
-		goto fail;
+		return ERRSET_INVAL;
 	}
 
+#ifndef __NetBSD__
+	_resp = _THREAD_PRIVATE(_res, _res, &_res);
 	/* initialize resolver */
 	if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
 		result = ERRSET_FAIL;
 		goto fail;
 	}
+#else
+	_resp = __res_get_state();
+	if (_resp == NULL) {
+		return ERRSET_FAIL;
+	}
+#endif
+	options = _resp->options;
 
 #ifdef DEBUG
 	_resp->options |= RES_DEBUG;
@@ -234,8 +241,8 @@ getrrsetbyname(const char *hostname, uns
 #endif /* RES_USE_DNSEC */
 
 	/* make query */
-	length = res_query(hostname, (signed int) rdclass, (signed int) rdtype,
-	answer, sizeof(answer));
+	length = res_nquery(_resp, hostname, (signed int) rdclass,
+	(signed int) rdtype, answer, sizeof(answer));
 	if (length < 0) {
 		switch(h_errno) {
 		case HOST_NOT_FOUND:
@@ -335,9 +342,17 @@ getrrsetbyname(const char *hostname, uns
 	free_dns_response(response);
 
 	*res = rrset;
+	_resp->options = options;
+#ifdef __NetBSD__
+	__res_put_state(_resp);
+#endif
 	return (ERRSET_SUCCESS);
 
 fail:
+	_resp->options = options;
+#ifdef __NetBSD__
+	__res_put_state(_resp);
+#endif
 	if (rrset != NULL)
 		freerrset(rrset);
 	if (response != NULL)
@@ -466,7 +481,7 @@ parse_dns_qsection(const u_char *answer,
 
 		/* name */
 		length = dn_expand(answer, answer + size, *cp, name,
-		sizeof(name));
+		(int)sizeof(name));
 		if (length < 0) {
 			free_dns_query(head);
 			return (NULL);
@@ -513,7 +528,7 @@ parse_dns_rrsection(const u_char *answer
 
 		/* name */
 		length = dn_expand(answer, answer + size, *cp, name,
-		sizeof(name));
+		(int)sizeof(name));
 		if (length < 0) {
 			free_dns_rr(head);
 			return (NULL);

CVS commit: src/crypto/external/bsd/openssh/dist

2020-05-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri May 29 12:14:49 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: scp.c

Log Message:
Fix printf format error.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/scp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.26 src/crypto/external/bsd/openssh/dist/scp.c:1.27
--- src/crypto/external/bsd/openssh/dist/scp.c:1.26	Thu May 28 13:05:49 2020
+++ src/crypto/external/bsd/openssh/dist/scp.c	Fri May 29 08:14:49 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.26 2020/05/28 17:05:49 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.27 2020/05/29 12:14:49 christos Exp $	*/
 /* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@@ -73,7 +73,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.26 2020/05/28 17:05:49 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.27 2020/05/29 12:14:49 christos Exp $");
 
 #include 	/* roundup MAX */
 #include 
@@ -366,7 +366,7 @@ __dead static void lostconn(int);
 int okname(char *);
 void run_err(const char *,...) __printflike(1, 2);
 void run_err(const char *,...) __printflike(1, 2);
-int note_err(const char *,...);
+int note_err(const char *,...) __printflike(1, 2);
 void verifydir(char *);
 
 struct passwd *pwd;
@@ -1503,7 +1503,7 @@ bad:			run_err("%s: %s", np, strerror(er
 }
 		}
 		if (close(ofd) == -1)
-			note_err(np, "%s: close: %s", np, strerror(errno));
+			note_err("%s: close: %s", np, strerror(errno));
 		(void) response();
 		if (showprogress)
 			stop_progress_meter();

CVS commit: src/crypto/external/bsd/openssh/dist

2020-03-01 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Mar  1 14:51:06 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-sk-client.c

Log Message:
fix a sign-compare issue (for the pam module)


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-sk-client.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.2 src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.3
--- src/crypto/external/bsd/openssh/dist/ssh-sk-client.c:1.2	Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/ssh-sk-client.c	Sun Mar  1 09:51:06 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-sk-client.c,v 1.2 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: ssh-sk-client.c,v 1.3 2020/03/01 14:51:06 christos Exp $	*/
 /* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
@@ -16,7 +16,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: ssh-sk-client.c,v 1.2 2020/02/27 00:24:40 christos Exp $");
+__RCSID("$NetBSD: ssh-sk-client.c,v 1.3 2020/03/01 14:51:06 christos Exp $");
 
 #include 
 #include 
@@ -160,7 +160,7 @@ client_converse(struct sshbuf *msg, stru
 	ll = log_level_get();
 	if ((r = sshbuf_put_u32(req, type)) != 0 ||
 	   (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
-	   (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
+	   (r = sshbuf_put_u32(req, (uint32_t)(ll < 0 ? 0 : ll))) != 0 ||
 	   (r = sshbuf_putb(req, msg)) != 0) {
 		error("%s: build: %s", __func__, ssh_err(r));
 		goto out;

CVS commit: src/crypto/external/bsd/openssh/dist

2020-03-01 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Sun Mar  1 08:21:38 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh_config sshd_config

Log Message:
Sync with OpenSSH 8.2p1 sample configs

- Add GSSAPIAuthentication and related options
- Add KerberosAuthentication and related options
- Bring in the lengthy but useful comment block about
  the side-effect of UsePAM with regards to PermitRootLogin.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh_config
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh_config
diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.13 src/crypto/external/bsd/openssh/dist/ssh_config:1.14
--- src/crypto/external/bsd/openssh/dist/ssh_config:1.13	Fri Feb 28 10:41:48 2020
+++ src/crypto/external/bsd/openssh/dist/ssh_config	Sun Mar  1 08:21:38 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
+#	$NetBSD: ssh_config,v 1.14 2020/03/01 08:21:38 kim Exp $
 #	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -27,6 +27,8 @@ Host *.netbsd.org *.NetBSD.org
 #   ForwardX11 no
 #   PasswordAuthentication yes
 #   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
 #   BatchMode no
 #   CheckHostIP yes
 #   AddressFamily any

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.24 src/crypto/external/bsd/openssh/dist/sshd_config:1.25
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.24	Fri Feb 28 10:59:58 2020
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Sun Mar  1 08:21:38 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
+#	$NetBSD: sshd_config,v 1.25 2020/03/01 08:21:38 kim Exp $
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -60,6 +60,27 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # Change to no to disable s/key passwords
 #ChallengeResponseAuthentication yes
 
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
@@ -72,7 +93,6 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
-UsePAM yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-29 Thread Tobias Nygren 
Module Name:src
Committed By:   tnn
Date:   Sat Feb 29 14:03:17 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: xmalloc.h

Log Message:
annotate xvasprintf w/ format string attribute


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/xmalloc.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/xmalloc.h
diff -u src/crypto/external/bsd/openssh/dist/xmalloc.h:1.12 src/crypto/external/bsd/openssh/dist/xmalloc.h:1.13
--- src/crypto/external/bsd/openssh/dist/xmalloc.h:1.12	Thu Feb 27 00:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/xmalloc.h	Sat Feb 29 14:03:17 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: xmalloc.h,v 1.12 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: xmalloc.h,v 1.13 2020/02/29 14:03:17 tnn Exp $	*/
 /* $OpenBSD: xmalloc.h,v 1.19 2019/11/12 22:32:48 djm Exp $ */
 
 /*
@@ -26,4 +26,5 @@ int	 xasprintf(char **, const char *, ..
 __attribute__((__format__ (printf, 2, 3)))
 __attribute__((__nonnull__ (2)));
 int	 xvasprintf(char **, const char *, va_list)
+__attribute__((__format__ (printf, 2, 0)))
 		__attribute__((__nonnull__ (2)));

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 17:50:29 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: version.h

Log Message:
Remove unreferenced SSH_RELEASE


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.31 src/crypto/external/bsd/openssh/dist/version.h:1.32
--- src/crypto/external/bsd/openssh/dist/version.h:1.31	Thu Feb 27 00:27:44 2020
+++ src/crypto/external/bsd/openssh/dist/version.h	Fri Feb 28 17:50:29 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.31 2020/02/27 00:27:44 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.32 2020/02/28 17:50:29 kim Exp $	*/
 /* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.2"
@@ -10,4 +10,3 @@
  * used for bug compatibility operation.  present NetBSD SSH version as comment
  */
 #define SSH_VERSION	__OPENSSH_VERSION " " __NETBSDSSH_VERSION SSH_HPN SSH_LPK
-#define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 17:27:34 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: readconf.c

Log Message:
Fix duplicate entries in the keywords list.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/readconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/readconf.c
diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.29 src/crypto/external/bsd/openssh/dist/readconf.c:1.30
--- src/crypto/external/bsd/openssh/dist/readconf.c:1.29	Thu Feb 27 00:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/readconf.c	Fri Feb 28 17:27:34 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.29 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.30 2020/02/28 17:27:34 kim Exp $	*/
 /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: readconf.c,v 1.29 2020/02/27 00:24:40 christos Exp $");
+__RCSID("$NetBSD: readconf.c,v 1.30 2020/02/28 17:27:34 kim Exp $");
 #include 
 #include 
 #include 
@@ -196,9 +196,25 @@ static struct {
 	{ "useprivilegedport", oDeprecated },
 
 	/* Unsupported options */
+#ifdef AFS
+	{ "afstokenpassing", oAFSTokenPassing },
+#else
 	{ "afstokenpassing", oUnsupported },
+#endif
+#if defined(KRB4) || defined(KRB5)
+	{ "kerberosauthentication", oKerberosAuthentication },
+#else
 	{ "kerberosauthentication", oUnsupported },
+#endif
+#if defined(AFS) || defined(KRB5)
+	{ "kerberostgtpassing", oKerberosTgtPassing },
+	{ "kerberos5tgtpassing", oKerberosTgtPassing },		/* alias */
+	{ "kerberos4tgtpassing", oKerberosTgtPassing },		/* alias */
+#else
 	{ "kerberostgtpassing", oUnsupported },
+	{ "kerberos5tgtpassing", oUnsupported },
+	{ "kerberos4tgtpassing", oUnsupported },
+#endif
 	{ "rsaauthentication", oUnsupported },
 	{ "rhostsrsaauthentication", oUnsupported },
 	{ "compressionlevel", oUnsupported },
@@ -235,17 +251,6 @@ static struct {
 	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
 	{ "skeyauthentication", oChallengeResponseAuthentication }, /* alias */
 	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
-#if defined(KRB4) || defined(KRB5)
-	{ "kerberosauthentication", oKerberosAuthentication },
-#endif
-#if defined(AFS) || defined(KRB5)
-	{ "kerberostgtpassing", oKerberosTgtPassing },
-	{ "kerberos5tgtpassing", oKerberosTgtPassing },		/* alias */
-	{ "kerberos4tgtpassing", oKerberosTgtPassing },		/* alias */
-#endif
-#ifdef AFS
-	{ "afstokenpassing", oAFSTokenPassing },
-#endif
 #if defined(GSSAPI)
 	{ "gssapiauthentication", oGssAuthentication },
 	{ "gssapidelegatecredentials", oGssDelegateCreds },

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 10:59:58 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd_config

Log Message:
Cleanup

- Match the case of the UsePAM keyword used in the manual page and code,
  to aid case-sensitive grep etc.
- Remove references to obsole UseLogin and UsePrivilegeSeparation keywords.
- Whitespace police


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.23 src/crypto/external/bsd/openssh/dist/sshd_config:1.24
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.23	Sun Aug 26 07:46:37 2018
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Fri Feb 28 10:59:58 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.23 2018/08/26 07:46:37 christos Exp $
+#	$NetBSD: sshd_config,v 1.24 2020/02/28 10:59:58 kim Exp $
 #	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -53,7 +53,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # Don't read the user's ~/.rhosts and ~/.shosts files
 #IgnoreRhosts yes
 
-# To disable password authentication, set this and UsePam to no
+# To disable password authentication, set this and UsePAM to no
 #PasswordAuthentication yes
 #PermitEmptyPasswords no
 
@@ -72,9 +72,7 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation sandbox
-UsePam yes
+UsePAM yes
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
@@ -121,7 +119,6 @@ Subsystem	sftp	/usr/libexec/sftp-server
 # buffer size for hpn to non-hpn connections
 #HPNBufferSize 2048
 
-
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-28 Thread Kimmo Suominen 
Module Name:src
Committed By:   kim
Date:   Fri Feb 28 10:41:49 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh_config

Log Message:
Move NetBSD.org-specific entry above the match-all entry

The first matching entry that sets an option "wins." Therefore more
specific matches should be provided before the "Host *" entry that
matches everything. This way options set in the more specific entry will
not be accidentally made ineffective by the match-all entry.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh_config
diff -u src/crypto/external/bsd/openssh/dist/ssh_config:1.12 src/crypto/external/bsd/openssh/dist/ssh_config:1.13
--- src/crypto/external/bsd/openssh/dist/ssh_config:1.12	Sat Apr 20 17:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/ssh_config	Fri Feb 28 10:41:48 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: ssh_config,v 1.12 2019/04/20 17:16:40 christos Exp $
+#	$NetBSD: ssh_config,v 1.13 2020/02/28 10:41:48 kim Exp $
 #	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
@@ -18,6 +18,10 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
 
+# NetBSD.org DNS provides SSHFP records - use them when possible
+Host *.netbsd.org *.NetBSD.org
+VerifyHostKeyDNS ask
+
 # Host *
 #   ForwardAgent no
 #   ForwardX11 no
@@ -45,7 +49,3 @@
 
 # If you use xorg from pkgsrc then uncomment the following line.
 #   XAuthLocation /usr/pkg/bin/xauth
-
-# NetBSD.org DNS provides SSHFP records - use them when possible
-Host *.netbsd.org *.NetBSD.org
-VerifyHostKeyDNS ask

CVS commit: src/crypto/external/bsd/openssh/dist

2020-02-26 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb 27 00:27:44 UTC 2020

Modified Files:
src/crypto/external/bsd/openssh/dist: version.h

Log Message:
fix date


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.30 src/crypto/external/bsd/openssh/dist/version.h:1.31
--- src/crypto/external/bsd/openssh/dist/version.h:1.30	Wed Feb 26 19:24:40 2020
+++ src/crypto/external/bsd/openssh/dist/version.h	Wed Feb 26 19:27:44 2020
@@ -1,8 +1,8 @@
-/*	$NetBSD: version.h,v 1.30 2020/02/27 00:24:40 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.31 2020/02/27 00:27:44 christos Exp $	*/
 /* $OpenBSD: version.h,v 1.86 2020/02/14 00:39:20 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.2"
-#define __NETBSDSSH_VERSION	"NetBSD_Secure_Shell-2020025"
+#define __NETBSDSSH_VERSION	"NetBSD_Secure_Shell-20200225"
 #define SSH_HPN "-hpn13v14"
 #define SSH_LPK		"-lpk"
 /*

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:38:42 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
need pfilter.h


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.31 src/crypto/external/bsd/openssh/dist/monitor.c:1.32
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.31	Sat Dec  7 11:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Sat Dec  7 11:38:42 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.32 2019/12/07 16:38:42 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.32 2019/12/07 16:38:42 christos Exp $");
 #include 
 #include 
 #include 
@@ -85,6 +85,8 @@ __RCSID("$NetBSD: monitor.c,v 1.31 2019/
 #include "match.h"
 #include "ssherr.h"
 
+#include "pfilter.h"
+
 #ifdef GSSAPI
 static Gssctxt *gsscontext = NULL;
 #endif

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:32:22 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2.c monitor.c

Log Message:
Add some more pfilter_notify() calls where authentication attempts fail.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/auth2.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2.c
diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.20 src/crypto/external/bsd/openssh/dist/auth2.c:1.21
--- src/crypto/external/bsd/openssh/dist/auth2.c:1.20	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/auth2.c	Sat Dec  7 11:32:22 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $	*/
 /* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2.c,v 1.20 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: auth2.c,v 1.21 2019/12/07 16:32:22 christos Exp $");
 
 #include 
 #include 
@@ -440,8 +440,10 @@ userauth_finish(struct ssh *ssh, int aut
 	} else {
 		/* Allow initial try of "none" auth without failure penalty */
 		if (!partial && !authctxt->server_caused_failure &&
-		(authctxt->attempt > 1 || strcmp(method, "none") != 0))
+		(authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
 			authctxt->failures++;
+			pfilter_notify(1);
+		}
 		if (authctxt->failures >= options.max_authtries)
 			auth_maxtries_exceeded(ssh);
 		methods = authmethods_get(authctxt);

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.30 src/crypto/external/bsd/openssh/dist/monitor.c:1.31
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.30	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Sat Dec  7 11:32:22 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.30 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.31 2019/12/07 16:32:22 christos Exp $");
 #include 
 #include 
 #include 
@@ -320,8 +320,10 @@ monitor_child_preauth(struct ssh *ssh, s
 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
 			auth_log(ssh, authenticated, partial,
 			auth_method, auth_submethod);
-			if (!partial && !authenticated)
+			if (!partial && !authenticated) {
+pfilter_notify(1);
 authctxt->failures++;
+			}
 			if (authenticated || partial) {
 auth2_update_session_info(authctxt,
 auth_method, auth_submethod);
@@ -1223,6 +1225,7 @@ mm_answer_keyallowed(struct ssh *ssh, in
 	} else {
 		/* Log failed attempt */
 		auth_log(ssh, 0, 0, auth_method, NULL);
+		pfilter_notify(1);
 		free(cuser);
 		free(chost);
 	}

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:25:36 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: auth.c

Log Message:
don't call pfilter_notify() from authz_log(). Logging should not have side
effects (kim@)


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/auth.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.25 src/crypto/external/bsd/openssh/dist/auth.c:1.26
--- src/crypto/external/bsd/openssh/dist/auth.c:1.25	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/auth.c	Sat Dec  7 11:25:36 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: auth.c,v 1.26 2019/12/07 16:25:36 christos Exp $	*/
 /* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.25 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.26 2019/12/07 16:25:36 christos Exp $");
 #include 
 #include 
 #include 
@@ -408,8 +408,6 @@ auth_log(struct ssh *ssh, int authentica
 	extra != NULL ? extra : "");
 
 	free(extra);
-	if (!authctxt->postponed)
-		pfilter_notify(!authenticated);
 }
 
 void

CVS commit: src/crypto/external/bsd/openssh/dist

2019-12-07 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Dec  7 16:25:05 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd.c

Log Message:
don't call pfilter_notify() twice in grace_alarm_handler(). (kim@)


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.36 src/crypto/external/bsd/openssh/dist/sshd.c:1.37
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.36	Sat Oct 12 14:32:22 2019
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Sat Dec  7 11:25:05 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.36 2019/10/12 18:32:22 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.37 2019/12/07 16:25:05 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.36 2019/10/12 18:32:22 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.37 2019/12/07 16:25:05 christos Exp $");
 #include 
 #include 
 #include 
@@ -370,7 +370,6 @@ grace_alarm_handler(int sig)
 
 	/* XXX pre-format ipaddr/port so we don't need to access active_state */
 	/* Log error and exit. */
-	pfilter_notify(1);
 	sigdie("Timeout before authentication for %s port %d",
 	ssh_remote_ipaddr(the_active_state),
 	ssh_remote_port(the_active_state));

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-28 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Apr 28 14:45:13 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.h

Log Message:
one  more noreturn


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/monitor.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.h
diff -u src/crypto/external/bsd/openssh/dist/monitor.h:1.11 src/crypto/external/bsd/openssh/dist/monitor.h:1.12
--- src/crypto/external/bsd/openssh/dist/monitor.h:1.11	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/monitor.h	Sun Apr 28 10:45:13 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.h,v 1.11 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: monitor.h,v 1.12 2019/04/28 14:45:13 christos Exp $	*/
 /* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */
 
 /*
@@ -92,7 +92,8 @@ void monitor_reinit(struct monitor *);
 
 struct Authctxt;
 void monitor_child_preauth(struct ssh *, struct monitor *);
-void monitor_child_postauth(struct ssh *, struct monitor *);
+void monitor_child_postauth(struct ssh *, struct monitor *)
+__attribute__((__noreturn__));
 
 void monitor_clear_keystate(struct ssh *, struct monitor *);
 void monitor_apply_keystate(struct ssh *, struct monitor *);

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-25 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Apr 26 01:51:55 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c packet.h

Log Message:
attribute police


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/packet.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.37 src/crypto/external/bsd/openssh/dist/packet.c:1.38
--- src/crypto/external/bsd/openssh/dist/packet.c:1.37	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/packet.c	Thu Apr 25 21:51:55 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.37 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.38 2019/04/26 01:51:55 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.283 2019/03/01 03:29:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.37 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.38 2019/04/26 01:51:55 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1767,7 +1767,7 @@ ssh_packet_remaining(struct ssh *ssh)
  * authentication problems.   The length of the formatted message must not
  * exceed 1024 bytes.  This will automatically call ssh_packet_write_wait.
  */
-void
+void __attribute__((__format__ (__printf__, 2, 3)))
 ssh_packet_send_debug(struct ssh *ssh, const char *fmt,...)
 {
 	char buf[1024];
@@ -1804,7 +1804,8 @@ sshpkt_fmt_connection_id(struct ssh *ssh
 /*
  * Pretty-print connection-terminating errors and exit.
  */
-static void
+static void __attribute__((__format__ (__printf__, 3, 0)))
+__attribute__((__noreturn__))
 sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
 {
 	char *tag = NULL, remote_id[512];
@@ -1854,7 +1855,8 @@ sshpkt_vfatal(struct ssh *ssh, int r, co
 	}
 }
 
-void
+void __attribute__((__format__ (__printf__, 3, 4)))
+__attribute__((__noreturn__))
 sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
 {
 	va_list ap;

Index: src/crypto/external/bsd/openssh/dist/packet.h
diff -u src/crypto/external/bsd/openssh/dist/packet.h:1.19 src/crypto/external/bsd/openssh/dist/packet.h:1.20
--- src/crypto/external/bsd/openssh/dist/packet.h:1.19	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/packet.h	Thu Apr 25 21:51:55 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.h,v 1.19 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: packet.h,v 1.20 2019/04/26 01:51:55 christos Exp $	*/
 /* $OpenBSD: packet.h,v 1.90 2019/01/21 10:35:09 djm Exp $ */
 
 /*
@@ -167,7 +167,7 @@ int sshpkt_disconnect(struct ssh *, 
 	__attribute__((format(printf, 2, 3)));
 int	sshpkt_add_padding(struct ssh *, u_char);
 void	sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
-	__attribute__((format(printf, 3, 4)));
+	__attribute__((format(printf, 3, 4))) __attribute__((__noreturn__));
 int	sshpkt_msg_ignore(struct ssh *, u_int);
 
 int	sshpkt_put(struct ssh *ssh, const void *v, size_t len);

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-20 Thread Robert Elz 
Module Name:src
Committed By:   kre
Date:   Sun Apr 21 01:32:04 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: sshconnect2.c

Log Message:
Put declaration of 'userauth_kerberos' inside #if KRB5 where it belongs.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/sshconnect2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.33 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.34
--- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.33	Sat Apr 20 17:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/sshconnect2.c	Sun Apr 21 01:32:04 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect2.c,v 1.33 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.34 2019/04/21 01:32:04 kre Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.303 2019/02/12 23:53:10 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect2.c,v 1.33 2019/04/20 17:16:40 christos Exp $");
+__RCSID("$NetBSD: sshconnect2.c,v 1.34 2019/04/21 01:32:04 kre Exp $");
 #include 
 #include 
 #include 
@@ -79,7 +79,9 @@ const char *auth_get_canonical_hostn
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
+#ifdef KRB5
 static int userauth_kerberos(struct ssh *);
+#endif
 
 /* import */
 extern char *client_version_string;

CVS commit: src/crypto/external/bsd/openssh/dist

2019-04-20 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr 20 17:28:19 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: version.h

Log Message:
put back hpn/lpk strings


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/version.h
diff -u src/crypto/external/bsd/openssh/dist/version.h:1.27 src/crypto/external/bsd/openssh/dist/version.h:1.28
--- src/crypto/external/bsd/openssh/dist/version.h:1.27	Sat Apr 20 13:16:40 2019
+++ src/crypto/external/bsd/openssh/dist/version.h	Sat Apr 20 13:28:19 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: version.h,v 1.27 2019/04/20 17:16:40 christos Exp $	*/
+/*	$NetBSD: version.h,v 1.28 2019/04/20 17:28:19 christos Exp $	*/
 /* $OpenBSD: version.h,v 1.84 2019/04/03 15:48:45 djm Exp $ */
 
 #define __OPENSSH_VERSION	"OpenSSH_8.0"
@@ -9,5 +9,5 @@
  * it is important to retain OpenSSH version identification part, it is
  * used for bug compatibility operation.  present NetBSD SSH version as comment
  */
-#define SSH_VERSION	__OPENSSH_VERSION " " __NETBSDSSH_VERSION
+#define SSH_VERSION	__OPENSSH_VERSION " " __NETBSDSSH_VERSION SSH_HPN SSH_LPK
 #define SSH_RELEASE SSH_VERSION SSH_HPN SSH_LPK

CVS commit: src/crypto/external/bsd/openssh/dist

2019-03-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar  8 20:34:24 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: recallocarray.c

Log Message:
Replace our buggy recallocarray implementation one with the portable one
from OpenBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/crypto/external/bsd/openssh/dist/recallocarray.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/recallocarray.c
diff -u src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1 src/crypto/external/bsd/openssh/dist/recallocarray.c:1.2
--- src/crypto/external/bsd/openssh/dist/recallocarray.c:1.1	Sat Oct  7 17:14:59 2017
+++ src/crypto/external/bsd/openssh/dist/recallocarray.c	Fri Mar  8 15:34:24 2019
@@ -1,51 +1,91 @@
-/*	$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $	*/
-/*	$OpenBSD: reallocarray.c,v 1.1 2014/05/08 21:43:49 deraadt Exp $	*/
+/*	$OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $	*/
 
-/*-
- * Copyright (c) 2015 The NetBSD Foundation, Inc.
- * All rights reserved.
+/*
+ * Copyright (c) 2008, 2017 Otto Moerbeek 
  *
- * This code is derived from software contributed to The NetBSD Foundation
- * by Christos Zoulas.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *notice, this list of conditions and the following disclaimer in the
- *documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* OPENBSD ORIGINAL: lib/libc/stdlib/recallocarray.c */
+
 #include "includes.h"
-#include 
-__RCSID("$NetBSD: recallocarray.c,v 1.1 2017/10/07 21:14:59 christos Exp $");
+#ifndef HAVE_RECALLOCARRAY
 
 #include 
-#include 
 #include 
+#ifdef HAVE_STDINT_H
+#include 
+#endif
+#include 
+#include 
+
+/*
+ * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
+ * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
+ */
+#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4))
 
 void *
-recallocarray(void *optr, size_t omemb, size_t nmemb, size_t size)
+recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size)
 {
-	char *nptr = reallocarray(optr, nmemb, size);
+	size_t oldsize, newsize;
+	void *newptr;
+
+	if (ptr == NULL)
+		return calloc(newnmemb, size);
 
-	if (nptr == NULL || omemb >= nmemb)
-		return nptr;
+	if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	newnmemb > 0 && SIZE_MAX / newnmemb < size) {
+		errno = ENOMEM;
+		return NULL;
+	}
+	newsize = newnmemb * size;
+
+	if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) &&
+	oldnmemb > 0 && SIZE_MAX / oldnmemb < size) {
+		errno = EINVAL;
+		return NULL;
+	}
+	oldsize = oldnmemb * size;
+	
+	/*
+	 * Don't bother too much if we're shrinking just a bit,
+	 * we do not shrink for series of small steps, oh well.
+	 */
+	if (newsize <= oldsize) {
+		size_t d = oldsize - newsize;
+
+		if (d < oldsize / 2 && d < (size_t)getpagesize()) {
+			memset((char *)ptr + newsize, 0, d);
+			return ptr;
+		}
+	}
+
+	newptr = malloc(newsize);
+	if (newptr == NULL)
+		return NULL;
+
+

CVS commit: src/crypto/external/bsd/openssh/dist

2019-01-25 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Jan 25 14:29:05 UTC 2019

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c

Log Message:
PR/53908: Alex Raschi: Include  for socketpair(2)


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/auth-pam.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.18
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17	Mon Aug 27 13:47:48 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Fri Jan 25 09:29:05 2019
@@ -51,7 +51,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.17 2018/08/27 17:47:48 tnn Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.18 2019/01/25 14:29:05 christos Exp $");
 #define _LIB_PTHREAD_H
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
@@ -65,6 +65,7 @@ void sshpam_password_change_required(int
 /* end NetBSD local changes */
 
 #include 
+#include 
 #include 
 #include

CVS commit: src/crypto/external/bsd/openssh/dist

2018-10-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Oct  2 22:44:07 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: log.c

Log Message:
Don't treat mostly connection closed events as filtering events.
There a a failed to negotiate instance too, but I don't want to generate
more diff.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/log.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/log.c
diff -u src/crypto/external/bsd/openssh/dist/log.c:1.18 src/crypto/external/bsd/openssh/dist/log.c:1.19
--- src/crypto/external/bsd/openssh/dist/log.c:1.18	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/log.c	Tue Oct  2 18:44:07 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: log.c,v 1.18 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: log.c,v 1.19 2018/10/02 22:44:07 christos Exp $	*/
 /* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */
 
 /*
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: log.c,v 1.18 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: log.c,v 1.19 2018/10/02 22:44:07 christos Exp $");
 #include 
 #include 
 
@@ -183,7 +183,7 @@ logdie(const char *fmt,...)
 	va_start(args, fmt);
 	do_log(SYSLOG_LEVEL_INFO, fmt, args);
 	va_end(args);
-	cleanup_exit(255);
+	cleanup_exit(254);
 }
 
 /* Log this message (information that usually should go to the log). */

CVS commit: src/crypto/external/bsd/openssh/dist

2018-10-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Oct  2 22:40:29 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor_wrap.c packet.c
serverloop.c

Log Message:
Undo previous change. It made filtering a lot more aggressive.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.23
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22	Sat Sep 29 11:10:44 2018
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c	Tue Oct  2 18:40:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
+/*	$NetBSD: monitor_wrap.c,v 1.23 2018/10/02 22:40:28 christos Exp $	*/
 /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.23 2018/10/02 22:40:28 christos Exp $");
 #include 
 #include 
 #include 
@@ -151,7 +151,7 @@ mm_request_receive(int sock, struct sshb
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
-			cleanup_exit(255);
+			cleanup_exit(254);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = PEEK_U32(buf);
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.22 src/crypto/external/bsd/openssh/dist/serverloop.c:1.23
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.22	Sat Sep 29 11:10:44 2018
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Tue Oct  2 18:40:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.23 2018/10/02 22:40:28 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
 
 /*
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.23 2018/10/02 22:40:28 christos Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -343,7 +343,7 @@ process_input(struct ssh *ssh, fd_set *r
 "%.100s port %d: %.100s",
 ssh_remote_ipaddr(ssh),
 ssh_remote_port(ssh), strerror(errno));
-cleanup_exit(255);
+cleanup_exit(254);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -440,7 +440,7 @@ server_loop2(struct ssh *ssh, Authctxt *
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
 			/* Clean up sessions, utmp, etc. */
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 
 		collect_children(ssh);

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.34 src/crypto/external/bsd/openssh/dist/packet.c:1.35
--- src/crypto/external/bsd/openssh/dist/packet.c:1.34	Sat Sep 29 11:10:44 2018
+++ src/crypto/external/bsd/openssh/dist/packet.c	Tue Oct  2 18:40:28 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.35 2018/10/02 22:40:28 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.35 2018/10/02 22:40:28 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1883,7 +1883,7 @@ ssh_packet_disconnect(struct ssh *ssh, c
 
 	/* Close the connection. */
 	ssh_packet_close(ssh);
-	cleanup_exit(255);
+	cleanup_exit(254);
 }
 
 /*

CVS commit: src/crypto/external/bsd/openssh/dist

2018-09-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Sep 29 15:10:45 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor_wrap.c packet.c
serverloop.c

Log Message:
be less aggressive about blocking connections from disconnected sessions.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.33 -r1.34 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.21 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.22
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.21	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c	Sat Sep 29 11:10:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor_wrap.c,v 1.21 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
 /* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.21 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
 #include 
 #include 
 #include 
@@ -151,7 +151,7 @@ mm_request_receive(int sock, struct sshb
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
-			cleanup_exit(254);
+			cleanup_exit(255);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = PEEK_U32(buf);
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.21 src/crypto/external/bsd/openssh/dist/serverloop.c:1.22
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.21	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Sat Sep 29 11:10:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.21 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
 
 /*
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.21 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.22 2018/09/29 15:10:44 christos Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -343,7 +343,7 @@ process_input(struct ssh *ssh, fd_set *r
 "%.100s port %d: %.100s",
 ssh_remote_ipaddr(ssh),
 ssh_remote_port(ssh), strerror(errno));
-cleanup_exit(254);
+cleanup_exit(255);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -440,7 +440,7 @@ server_loop2(struct ssh *ssh, Authctxt *
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
 			/* Clean up sessions, utmp, etc. */
-			cleanup_exit(254);
+			cleanup_exit(255);
 		}
 
 		collect_children(ssh);

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.33 src/crypto/external/bsd/openssh/dist/packet.c:1.34
--- src/crypto/external/bsd/openssh/dist/packet.c:1.33	Sun Aug 26 03:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/packet.c	Sat Sep 29 11:10:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.33 2018/08/26 07:46:36 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.33 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.34 2018/09/29 15:10:44 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1883,7 +1883,7 @@ ssh_packet_disconnect(struct ssh *ssh, c
 
 	/* Close the connection. */
 	ssh_packet_close(ssh);
-	cleanup_exit(254);
+	cleanup_exit(255);
 }
 
 /*

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-27 Thread Tobias Nygren 
Module Name:src
Committed By:   tnn
Date:   Mon Aug 27 17:47:48 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c

Log Message:
annotate pthread_exit as __dead (to appease clang)


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/auth-pam.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.16 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.17
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.16	Sun Aug 26 07:46:36 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Mon Aug 27 17:47:48 2018
@@ -51,7 +51,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.16 2018/08/26 07:46:36 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.17 2018/08/27 17:47:48 tnn Exp $");
 #define _LIB_PTHREAD_H
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
@@ -194,7 +194,7 @@ sshpam_sigchld_handler(int sig)
 }
 
 /* ARGSUSED */
-static void
+__dead static void
 pthread_exit(void *value)
 {
 	_exit(0);

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Aug 13 09:55:20 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
add another exit 254 to avoid blacklistd notification


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.25 src/crypto/external/bsd/openssh/dist/monitor.c:1.26
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.25	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Mon Aug 13 05:55:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.25 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.26 2018/08/13 09:55:20 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.180 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.25 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.26 2018/08/13 09:55:20 christos Exp $");
 #include 
 #include 
 #include 
@@ -1383,7 +1383,7 @@ mm_record_login(Session *s, struct passw
 		if (getpeername(packet_get_connection_in(),
 		(struct sockaddr *), ) < 0) {
 			debug("getpeername: %.100s", strerror(errno));
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 	}
 	/* Record that there was a login on that tty from the remote host. */

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-09 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Aug  9 08:32:41 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor_wrap.c mux.c packet.c
serverloop.c session.c

Log Message:
change some 255's to 254's to avoid being too aggressive blacklisting.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssh/dist/monitor_wrap.c \
src/crypto/external/bsd/openssh/dist/mux.c \
src/crypto/external/bsd/openssh/dist/serverloop.c
cvs rdiff -u -r1.31 -r1.32 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.24 -r1.25 src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor_wrap.c
diff -u src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.19 src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.20
--- src/crypto/external/bsd/openssh/dist/monitor_wrap.c:1.19	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/monitor_wrap.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor_wrap.c,v 1.19 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: monitor_wrap.c,v 1.20 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: monitor_wrap.c,v 1.99 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos 
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor_wrap.c,v 1.19 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: monitor_wrap.c,v 1.20 2018/08/09 08:32:41 christos Exp $");
 #include 
 #include 
 #include 
@@ -149,7 +149,7 @@ mm_request_receive(int sock, Buffer *m)
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
-			cleanup_exit(255);
+			cleanup_exit(254);
 		fatal("%s: read: %s", __func__, strerror(errno));
 	}
 	msg_len = get_u32(buf);
Index: src/crypto/external/bsd/openssh/dist/mux.c
diff -u src/crypto/external/bsd/openssh/dist/mux.c:1.19 src/crypto/external/bsd/openssh/dist/mux.c:1.20
--- src/crypto/external/bsd/openssh/dist/mux.c:1.19	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/mux.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: mux.c,v 1.19 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: mux.c,v 1.20 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: mux.c,v 1.69 2017/09/20 05:19:00 dtucker Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller 
@@ -32,7 +32,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: mux.c,v 1.19 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: mux.c,v 1.20 2018/08/09 08:32:41 christos Exp $");
 #include 
 #include 
 #include 
@@ -1324,7 +1324,7 @@ muxserver_listen(struct ssh *ssh)
 			return;
 		} else {
 			/* unix_listener() logs the error */
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 	}
 
Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.19 src/crypto/external/bsd/openssh/dist/serverloop.c:1.20
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.19	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.19 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.20 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.205 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: serverloop.c,v 1.19 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: serverloop.c,v 1.20 2018/08/09 08:32:41 christos Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -331,7 +331,7 @@ process_input(struct ssh *ssh, fd_set *r
 "%.100s port %d: %.100s",
 ssh_remote_ipaddr(ssh),
 ssh_remote_port(ssh), strerror(errno));
-cleanup_exit(255);
+cleanup_exit(254);
 			}
 		} else {
 			/* Buffer any received data. */
@@ -428,7 +428,7 @@ server_loop2(struct ssh *ssh, Authctxt *
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
 			/* Clean up sessions, utmp, etc. */
-			cleanup_exit(255);
+			cleanup_exit(254);
 		}
 
 		collect_children(ssh);

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.31 src/crypto/external/bsd/openssh/dist/packet.c:1.32
--- src/crypto/external/bsd/openssh/dist/packet.c:1.31	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/packet.c	Thu Aug  9 04:32:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.31 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.32 2018/08/09 08:32:41 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.269 2017/12/18 23:13:42 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.31 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.32

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-03 Thread Robert Elz 
Module Name:src
Committed By:   kre
Date:   Fri Aug  3 12:49:41 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c

Log Message:
Add a "gcc is stupid" comment to the previous change, as even
the most cursory analysis shows that the var ("eg") is not (cannot
be) used unitialialised, just gcc is too dumb to work it out.

In this case, the code could be rewritten easily enough to
appease even gcc, but that would cause unnecessary code churn,
and some minor duplication, so just put up with the nonsense init...


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sshkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.15 src/crypto/external/bsd/openssh/dist/sshkey.c:1.16
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.15	Fri Aug  3 04:32:12 2018
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Fri Aug  3 12:49:41 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $	*/
+/*	$NetBSD: sshkey.c,v 1.16 2018/08/03 12:49:41 kre Exp $	*/
 /* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $");
+__RCSID("$NetBSD: sshkey.c,v 1.16 2018/08/03 12:49:41 kre Exp $");
 
 #include 
 #include 
@@ -1641,7 +1641,7 @@ dsa_generate_private_key(u_int bits, DSA
 int
 sshkey_ecdsa_key_to_nid(EC_KEY *k)
 {
-	EC_GROUP *eg = NULL;
+	EC_GROUP *eg = NULL;		/* XXXGCC: unneeded init */
 	int nids[] = {
 		NID_X9_62_prime256v1,
 		NID_secp384r1,

CVS commit: src/crypto/external/bsd/openssh/dist

2018-08-02 Thread Kamil Rytarowski 
Module Name:src
Committed By:   kamil
Date:   Fri Aug  3 04:32:12 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c

Log Message:
Appease GCC in the openssh code when built with UBSan

Initialize eg to NULL in sshkey_ecdsa_key_to_nid().
The compiler warns that it might be uninitialized.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sshkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.14 src/crypto/external/bsd/openssh/dist/sshkey.c:1.15
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.14	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Fri Aug  3 04:32:12 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey.c,v 1.14 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $	*/
 /* $OpenBSD: sshkey.c,v 1.64 2018/03/22 07:05:48 markus Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey.c,v 1.14 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: sshkey.c,v 1.15 2018/08/03 04:32:12 kamil Exp $");
 
 #include 
 #include 
@@ -1641,7 +1641,7 @@ dsa_generate_private_key(u_int bits, DSA
 int
 sshkey_ecdsa_key_to_nid(EC_KEY *k)
 {
-	EC_GROUP *eg;
+	EC_GROUP *eg = NULL;
 	int nids[] = {
 		NID_X9_62_prime256v1,
 		NID_secp384r1,

CVS commit: src/crypto/external/bsd/openssh/dist

2018-07-18 Thread Thomas Klausner 
Module Name:src
Committed By:   wiz
Date:   Wed Jul 18 16:42:49 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-agent.1

Log Message:
Fix Dd argument.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh-agent.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.14
--- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13	Tue Jul 10 22:12:08 2018
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.1	Wed Jul 18 16:42:49 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ssh-agent.1,v 1.13 2018/07/10 22:12:08 sevan Exp $
+.\"	$NetBSD: ssh-agent.1,v 1.14 2018/07/18 16:42:49 wiz Exp $
 .\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $
 .\"
 .\"
@@ -36,7 +36,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 30 2016
+.Dd July 10, 2018
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME

CVS commit: src/crypto/external/bsd/openssh/dist

2018-07-10 Thread Sevan Janiyan 
Module Name:src
Committed By:   sevan
Date:   Tue Jul 10 22:12:08 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-agent.1 ssh-agent.c

Log Message:
Amend whitelisted filesystem paths ssh-agent will look for PKCS11 related
libraries so that things work out of the box with pkgsrc without having to
explicitly whitelist things.

ok christos


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-agent.1
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/ssh-agent.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-agent.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.12 src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.13
--- src/crypto/external/bsd/openssh/dist/ssh-agent.1:1.12	Tue Apr 18 18:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.1	Tue Jul 10 22:12:08 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: ssh-agent.1,v 1.12 2017/04/18 18:41:46 christos Exp $
+.\"	$NetBSD: ssh-agent.1,v 1.13 2018/07/10 22:12:08 sevan Exp $
 .\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $
 .\"
 .\"
@@ -131,7 +131,7 @@ that may be added using the
 option to
 .Xr ssh-add 1 .
 The default is to allow loading PKCS#11 libraries from
-.Dq /usr/lib/*,/usr/local/lib/* .
+.Dq /usr/lib/*,/usr/pkg/lib/* .
 PKCS#11 libraries that do not match the whitelist will be refused.
 See PATTERNS in
 .Xr ssh_config 5

Index: src/crypto/external/bsd/openssh/dist/ssh-agent.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.22 src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.23
--- src/crypto/external/bsd/openssh/dist/ssh-agent.c:1.22	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/ssh-agent.c	Tue Jul 10 22:12:08 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-agent.c,v 1.22 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: ssh-agent.c,v 1.23 2018/07/10 22:12:08 sevan Exp $	*/
 /* $OpenBSD: ssh-agent.c,v 1.228 2018/02/23 15:58:37 markus Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-agent.c,v 1.22 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: ssh-agent.c,v 1.23 2018/07/10 22:12:08 sevan Exp $");
 
 #include 	/* MIN MAX */
 #include 
@@ -82,7 +82,7 @@ __RCSID("$NetBSD: ssh-agent.c,v 1.22 201
 #endif
 
 #ifndef DEFAULT_PKCS11_WHITELIST
-# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/pkg/lib*/*"
 #endif
 
 /* Maximum accepted message length */

CVS commit: src/crypto/external/bsd/openssh/dist

2018-06-24 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Jun 24 15:36:31 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: pfilter.c

Log Message:
Since now we are called from cleanup_exit() make sure that we have a state
to work with. Found by ASAN.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/pfilter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.5 src/crypto/external/bsd/openssh/dist/pfilter.c:1.6
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.5	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/pfilter.c	Sun Jun 24 11:36:31 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: pfilter.c,v 1.5 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: pfilter.c,v 1.6 2018/06/24 15:36:31 christos Exp $	*/
 #include "namespace.h"
 #include "includes.h"
 #include "ssh.h"
@@ -12,7 +12,7 @@ static struct blacklist *blstate;
 #endif
 
 #include "includes.h"
-__RCSID("$NetBSD: pfilter.c,v 1.5 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: pfilter.c,v 1.6 2018/06/24 15:36:31 christos Exp $");
 
 void
 pfilter_init()
@@ -27,6 +27,8 @@ pfilter_notify(int a)
 {
 #ifndef SMALL
 	int fd;
+	if (active_state == NULL)
+		return;
 	if (blstate == NULL)
 		pfilter_init();
 	if (blstate == NULL)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-06-07 Thread Taylor R Campbell 
Module Name:src
Committed By:   riastradh
Date:   Thu Jun  7 15:26:09 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
Disable loading XMSS keys by default too.

Nobody should be using XMSS host keys without an explicit decision,
because they're qualitatively different from all other types of host
keys in that they require keeping state.

This also eliminates a harmless but confusing warning that began
after we stopped generating XMSS keys by default.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.27 src/crypto/external/bsd/openssh/dist/servconf.c:1.28
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.27	Sun Apr  8 21:56:48 2018
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Thu Jun  7 15:26:09 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $	*/
+/*	$NetBSD: servconf.c,v 1.28 2018/06/07 15:26:09 riastradh Exp $	*/
 
 /* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */
 /*
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.28 2018/06/07 15:26:09 riastradh Exp $");
 #include 
 #include 
 #include 
@@ -294,10 +294,6 @@ fill_default_server_options(ServerOption
 		_PATH_HOST_ECDSA_KEY_FILE);
 		servconf_add_hostkey("[default]", 0, options,
 		_PATH_HOST_ED25519_KEY_FILE);
-#ifdef WITH_XMSS
-		servconf_add_hostkey("[default]", 0, options,
-		_PATH_HOST_XMSS_KEY_FILE);
-#endif /* WITH_XMSS */
 	}
 	/* No certificates by default */
 	if (options->num_ports == 0)

CVS commit: src/crypto/external/bsd/openssh/dist

2018-05-23 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed May 23 16:04:13 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c sshd.c

Log Message:
Increase strictness of blacklistd patches to include timeouts, operating
system errors, and pam failures.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.14	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Wed May 23 12:04:13 2018
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.14 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.15 2018/05/23 16:04:13 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -552,6 +552,7 @@ sshpam_thread(void *ctxtp)
 		ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, );
 	else
 		ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, );
+	pfilter_notify(1);
 	buffer_free();
 	pthread_exit(NULL);
 
@@ -830,6 +831,7 @@ sshpam_query(void *ctx, char **name, cha
 free(msg);
 return (0);
 			}
+			pfilter_notify(1);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			sshpam_authctxt->valid ? "" : "illegal user ",
 			sshpam_authctxt->user,

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.30 src/crypto/external/bsd/openssh/dist/sshd.c:1.31
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.30	Sun Apr  8 17:56:48 2018
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Wed May 23 12:04:13 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $	*/
+/*	$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.31 2018/05/23 16:04:13 christos Exp $");
 #include 
 #include 
 #include 
@@ -344,6 +344,7 @@ main_sigchld_handler(int sig)
 __dead static void
 grace_alarm_handler(int sig)
 {
+	pfilter_notify(1);
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
 		kill(pmonitor->m_pid, SIGALRM);
 
@@ -356,7 +357,6 @@ grace_alarm_handler(int sig)
 		killpg(0, SIGTERM);
 	}
 
-	pfilter_notify(1);
 	/* Log error and exit. */
 	sigdie("Timeout before authentication for %s port %d",
 	ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
@@ -2193,6 +2193,9 @@ cleanup_exit(int i)
 {
 	struct ssh *ssh = active_state; /* XXX */
 
+	if (i == 255)
+		pfilter_notify(1);
+
 	if (the_authctxt) {
 		do_cleanup(ssh, the_authctxt);
 		if (use_privsep && privsep_is_preauth &&

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-08 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Sun Apr  8 21:56:48 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c sshd.c

Log Message:
Fix clang build by adding __dead annotations.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/crypto/external/bsd/openssh/dist/servconf.c
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.26 src/crypto/external/bsd/openssh/dist/servconf.c:1.27
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.26	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Sun Apr  8 21:56:48 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.26 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $	*/
 
 /* $OpenBSD: servconf.c,v 1.326 2018/03/01 20:32:16 markus Exp $ */
 /*
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.26 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.27 2018/04/08 21:56:48 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1053,7 +1053,7 @@ out:
 	return result;
 }
 
-static void
+__dead static void
 match_test_missing_fatal(const char *criteria, const char *attrib)
 {
 	fatal("'Match %s' in configuration but '%s' not in connection "

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.29 src/crypto/external/bsd/openssh/dist/sshd.c:1.30
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.29	Fri Apr  6 18:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Sun Apr  8 21:56:48 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.29 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $	*/
 /* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -44,7 +44,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshd.c,v 1.29 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: sshd.c,v 1.30 2018/04/08 21:56:48 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1338,6 +1338,9 @@ check_ip_options(struct ssh *ssh)
 }
 
 /* Set the routing domain for this process */
+#if !defined(__OpenBSD__)
+__dead
+#endif
 static void
 set_process_rdomain(struct ssh *ssh, const char *name)
 {

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Apr  8 13:39:42 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-pubkey.c

Log Message:
fix compilation for non LDAP
remove error comment


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.19 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.20
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.19	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Sun Apr  8 09:39:42 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.19 2018/04/06 18:58:59 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.20 2018/04/08 13:39:42 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.19 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.20 2018/04/08 13:39:42 christos Exp $");
 #include 
 #include 
 
@@ -692,9 +692,9 @@ check_authkeys_file(struct ssh *ssh, str
 	char *cp, line[SSH_MAX_PUBKEY_BYTES], loc[256];
 	int found_key = 0;
 	u_long linenum = 0;
-	struct sshkey *found = NULL;
 	struct sshauthopt *opts = NULL;
 #ifdef WITH_LDAP_PUBKEY
+	struct sshkey *found = NULL;
 	ldap_key_t * k;
 	unsigned int i = 0;
 	const char *reason;
@@ -780,7 +780,6 @@ check_authkeys_file(struct ssh *ssh, str
 			continue;
 
 		/* Skip leading whitespace, empty and comment lines. */
-/*###782 [cc] error: 'cp' undeclared (first use in this function)%%%*/
 		cp = line;
 		skip_space();
 		if (!*cp || *cp == '\n' || *cp == '#')

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr  7 00:36:55 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: readconf.c scp.c

Log Message:
fix unconst


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/readconf.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/scp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/readconf.c
diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.23 src/crypto/external/bsd/openssh/dist/readconf.c:1.24
--- src/crypto/external/bsd/openssh/dist/readconf.c:1.23	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/readconf.c	Fri Apr  6 20:36:55 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.23 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.24 2018/04/07 00:36:55 christos Exp $	*/
 /* $OpenBSD: readconf.c,v 1.283 2018/02/23 15:58:37 markus Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: readconf.c,v 1.23 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: readconf.c,v 1.24 2018/04/07 00:36:55 christos Exp $");
 #include 
 #include 
 #include 
@@ -2440,7 +2440,7 @@ parse_jump(const char *s, Options *o, in
 int
 parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp)
 {
-	char *path;
+	const char *path;
 	int r;
 
 	r = parse_uri("ssh", uri, userp, hostp, portp, );

Index: src/crypto/external/bsd/openssh/dist/scp.c
diff -u src/crypto/external/bsd/openssh/dist/scp.c:1.18 src/crypto/external/bsd/openssh/dist/scp.c:1.19
--- src/crypto/external/bsd/openssh/dist/scp.c:1.18	Fri Apr  6 14:59:00 2018
+++ src/crypto/external/bsd/openssh/dist/scp.c	Fri Apr  6 20:36:55 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.18 2018/04/06 18:59:00 christos Exp $	*/
+/*	$NetBSD: scp.c,v 1.19 2018/04/07 00:36:55 christos Exp $	*/
 /* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@@ -73,7 +73,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: scp.c,v 1.18 2018/04/06 18:59:00 christos Exp $");
+__RCSID("$NetBSD: scp.c,v 1.19 2018/04/07 00:36:55 christos Exp $");
 
 #include 	/* roundup MAX */
 #include 
@@ -600,7 +600,7 @@ do_times(int fd, int verb, const struct 
 
 static int
 parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp,
- char **pathp)
+ const char **pathp)
 {
 	int r;
 
@@ -613,8 +613,10 @@ parse_scp_uri(const char *uri, char **us
 void
 toremote(int argc, char **argv)
 {
-	char *suser = NULL, *host = NULL, *src = NULL;
-	char *bp, *tuser, *thost, *targ;
+	char *suser = NULL, *host = NULL;
+	const char *src = NULL;
+	char *bp, *tuser, *thost;
+	const char *targ;
 	int sport = -1, tport = -1;
 	arglist alist;
 	int i, r;
@@ -647,7 +649,7 @@ toremote(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(src);
+		free(__UNCONST(src));
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -725,16 +727,17 @@ toremote(int argc, char **argv)
 out:
 	free(tuser);
 	free(thost);
-	free(targ);
+	free(__UNCONST(targ));
 	free(suser);
 	free(host);
-	free(src);
+	free(__UNCONST(src));
 }
 
 static void
 tolocal(int argc, char **argv)
 {
-	char *bp, *host = NULL, *src = NULL, *suser = NULL;
+	char *bp, *host = NULL, *suser = NULL;
+	const char *src = NULL;
 	arglist alist;
 	int i, r, sport = -1;
 
@@ -744,7 +747,7 @@ tolocal(int argc, char **argv)
 	for (i = 0; i < argc - 1; i++) {
 		free(suser);
 		free(host);
-		free(src);
+		free(__UNCONST(src));
 		r = parse_scp_uri(argv[i], , , , );
 		if (r == -1) {
 			fmprintf(stderr, "%s: invalid uri\n", argv[i]);
@@ -786,7 +789,7 @@ tolocal(int argc, char **argv)
 	}
 	free(suser);
 	free(host);
-	free(src);
+	free(__UNCONST(src));
 }
 
 void

CVS commit: src/crypto/external/bsd/openssh/dist

2018-04-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr  7 00:26:12 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-passwd.c

Log Message:
restore default xx salt.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth-passwd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-passwd.c
diff -u src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.8 src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.9
--- src/crypto/external/bsd/openssh/dist/auth-passwd.c:1.8	Fri Apr  6 14:58:59 2018
+++ src/crypto/external/bsd/openssh/dist/auth-passwd.c	Fri Apr  6 20:26:12 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-passwd.c,v 1.8 2018/04/06 18:58:59 christos Exp $	*/
+/*	$NetBSD: auth-passwd.c,v 1.9 2018/04/07 00:26:12 christos Exp $	*/
 /* $OpenBSD: auth-passwd.c,v 1.46 2018/03/03 03:15:51 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -38,7 +38,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth-passwd.c,v 1.8 2018/04/06 18:58:59 christos Exp $");
+__RCSID("$NetBSD: auth-passwd.c,v 1.9 2018/04/07 00:26:12 christos Exp $");
 #include 
 
 #include 
@@ -189,7 +189,7 @@ sys_auth_passwd(struct ssh *ssh, const c
 	 */
 	if (authctxt->valid && pw_password[0] && pw_password[1])
 		salt = pw_password;
-	encrypted_password = xcrypt(password, salt);
+	encrypted_password = xcrypt(password, salt ? salt : "xx");
 
 	/*
 	 * Authentication is accepted if the encrypted passwords

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-13 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Tue Feb 13 09:51:33 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c

Log Message:
Fix copy & pasto (dsa code vs. rsa code) in previous, fixes PR lib/53012
and recentish sshfs test failures.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/sshkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.12 src/crypto/external/bsd/openssh/dist/sshkey.c:1.13
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.12	Mon Feb  5 00:13:50 2018
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Tue Feb 13 09:51:33 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshkey.c,v 1.12 2018/02/05 00:13:50 christos Exp $	*/
+/*	$NetBSD: sshkey.c,v 1.13 2018/02/13 09:51:33 martin Exp $	*/
 /* $OpenBSD: sshkey.c,v 1.56 2017/08/12 06:42:52 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: sshkey.c,v 1.12 2018/02/05 00:13:50 christos Exp $");
+__RCSID("$NetBSD: sshkey.c,v 1.13 2018/02/13 09:51:33 martin Exp $");
 
 #include 
 #include 
@@ -258,7 +258,7 @@ sshkey_size(const struct sshkey *k)
 #if OPENSSL_VERSION_NUMBER >= 0x1010UL
 		return RSA_bits(k->rsa);
 #else
-		return BN_num_bits(k->rsa->p);
+		return BN_num_bits(k->rsa->n);
 #endif
 	case KEY_DSA:
 	case KEY_DSA_CERT:

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb  8 23:04:13 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: kex.c

Log Message:
need openssl/dh.h


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/kex.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/kex.c
diff -u src/crypto/external/bsd/openssh/dist/kex.c:1.19 src/crypto/external/bsd/openssh/dist/kex.c:1.20
--- src/crypto/external/bsd/openssh/dist/kex.c:1.19	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/kex.c	Thu Feb  8 18:04:13 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: kex.c,v 1.19 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: kex.c,v 1.20 2018/02/08 23:04:13 christos Exp $	*/
 /* $OpenBSD: kex.c,v 1.134 2017/06/13 12:13:59 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: kex.c,v 1.19 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: kex.c,v 1.20 2018/02/08 23:04:13 christos Exp $");
 
 #include 	/* MAX roundup */
 #include 
@@ -35,6 +35,7 @@ __RCSID("$NetBSD: kex.c,v 1.19 2017/10/0
 
 #ifdef WITH_OPENSSL
 #include 
+#include 
 #endif
 
 #include "ssh2.h"

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-06 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Tue Feb  6 10:56:35 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-dss.c

Log Message:
style: remove spurious {} added in 1.12


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-dss.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-dss.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.12 src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.13
--- src/crypto/external/bsd/openssh/dist/ssh-dss.c:1.12	Mon Feb  5 00:13:50 2018
+++ src/crypto/external/bsd/openssh/dist/ssh-dss.c	Tue Feb  6 10:56:35 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-dss.c,v 1.12 2018/02/05 00:13:50 christos Exp $	*/
+/*	$NetBSD: ssh-dss.c,v 1.13 2018/02/06 10:56:35 maya Exp $	*/
 /* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-dss.c,v 1.12 2018/02/05 00:13:50 christos Exp $");
+__RCSID("$NetBSD: ssh-dss.c,v 1.13 2018/02/06 10:56:35 maya Exp $");
 #include 
 
 #include 
@@ -175,7 +175,6 @@ ssh_dss_verify(const struct sshkey *key,
 	}
 
 	/* parse signature */
-	{
 	BIGNUM *r=NULL, *s=NULL;
 	if ((sig = DSA_SIG_new()) == NULL ||
 	(r = BN_new()) == NULL ||
@@ -194,7 +193,6 @@ ssh_dss_verify(const struct sshkey *key,
 	}
 	DSA_SIG_set0(sig, r, s);
 	r = s = NULL;
-	}
 
 	/* sha1 the data */
 	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,

CVS commit: src/crypto/external/bsd/openssh/dist

2018-02-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Feb  5 00:13:50 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c cipher.c cipher.h dh.c
dh.h digest-openssl.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c
monitor.c ssh-dss.c ssh-ecdsa.c ssh-keygen.c ssh-pkcs11-client.c
ssh-pkcs11.c ssh-rsa.c sshkey.c

Log Message:
patch for OpenSSL-1.1


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth-pam.c \
src/crypto/external/bsd/openssh/dist/dh.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/cipher.c \
src/crypto/external/bsd/openssh/dist/cipher.h \
src/crypto/external/bsd/openssh/dist/ssh-dss.c \
src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/dh.h
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssh/dist/digest-openssl.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/kexdhc.c \
src/crypto/external/bsd/openssh/dist/kexgexc.c \
src/crypto/external/bsd/openssh/dist/ssh-ecdsa.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/kexdhs.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c \
src/crypto/external/bsd/openssh/dist/ssh-rsa.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/kexgexs.c
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/monitor.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.12 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.12	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Sun Feb  4 19:13:50 2018
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.12 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.13 2018/02/05 00:13:50 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -142,6 +142,11 @@ extern u_int utmp_len;
 typedef pthread_t sp_pthread_t;
 #else
 typedef pid_t sp_pthread_t;
+# undef pthread_exit
+# define pthread_create(a, b, c, d)_ssh_compat_pthread_create(a, b, c, d)
+# define pthread_exit(a)   _ssh_compat_pthread_exit(a)
+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a)
+# define pthread_join(a, b)_ssh_compat_pthread_join(a, b)
 #endif
 
 struct pam_ctxt {
Index: src/crypto/external/bsd/openssh/dist/dh.c
diff -u src/crypto/external/bsd/openssh/dist/dh.c:1.12 src/crypto/external/bsd/openssh/dist/dh.c:1.13
--- src/crypto/external/bsd/openssh/dist/dh.c:1.12	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/dh.c	Sun Feb  4 19:13:50 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: dh.c,v 1.12 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: dh.c,v 1.13 2018/02/05 00:13:50 christos Exp $	*/
 /* $OpenBSD: dh.c,v 1.62 2016/12/15 21:20:41 dtucker Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: dh.c,v 1.12 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: dh.c,v 1.13 2018/02/05 00:13:50 christos Exp $");
 
 #include 	/* MIN */
 #include 
@@ -216,14 +216,15 @@ choose_dh(int min, int wantbits, int max
 /* diffie-hellman-groupN-sha1 */
 
 int
-dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
 {
 	int i;
 	int n = BN_num_bits(dh_pub);
 	int bits_set = 0;
 	BIGNUM *tmp;
+	const BIGNUM *p;
 
-	if (dh_pub->neg) {
+	if (BN_is_negative(dh_pub)) {
 		logit("invalid public DH value: negative");
 		return 0;
 	}
@@ -236,7 +237,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 		error("%s: BN_new failed", __func__);
 		return 0;
 	}
-	if (!BN_sub(tmp, dh->p, BN_value_one()) ||
+	DH_get0_pqg(dh, , NULL, NULL);
+	if (!BN_sub(tmp, p, BN_value_one()) ||
 	BN_cmp(dh_pub, tmp) != -1) {		/* pub_exp > p-2 */
 		BN_clear_free(tmp);
 		logit("invalid public DH value: >= p-1");
@@ -247,14 +249,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
 	for (i = 0; i <= n; i++)
 		if (BN_is_bit_set(dh_pub, i))
 			bits_set++;
-	debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
+	debug2("bits set: %d/%d", bits_set, BN_num_bits(p));
 
 	/*
 	 * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
 	 */
 	if (bits_set < 4) {
 		logit("invalid public DH value (%d/%d)",
-		   bits_set, BN_num_bits(dh->p));
+		   bits_set, BN_num_bits(p));
 		return 0;
 	}
 	return 1;
@@ -264,9 +266,12 @@ int
 dh_gen_key(DH *dh, int need)
 {
 	int pbits;
+	const BIGNUM *p, *pub_key, *priv_key;
 
-	if (need < 0 || dh->p == NULL ||
-	(pbits =

CVS commit: src/crypto/external/bsd/openssh/dist

2018-01-14 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Mon Jan 15 05:04:58 UTC 2018

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
Move spammy debug message to debug2.
Similarly spammy messages exist in this debug level.

Requested by gson in PR bin/52898:
ssh -v prints debug message on every keystroke


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.29 src/crypto/external/bsd/openssh/dist/packet.c:1.30
--- src/crypto/external/bsd/openssh/dist/packet.c:1.29	Mon Oct  9 12:07:03 2017
+++ src/crypto/external/bsd/openssh/dist/packet.c	Mon Jan 15 05:04:58 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.30 2018/01/15 05:04:58 maya Exp $	*/
 /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.30 2018/01/15 05:04:58 maya Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1117,7 +1117,7 @@ ssh_packet_send2_wrapped(struct ssh *ssh
 	len, padlen, aadlen));
 
 	/* compute MAC over seqnr and packet(length fields, payload, padding) */
-debug("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1);
+debug2("mac %p, %d %d", mac, mac? mac->enabled : -1, mac ? mac->etm : -1);
 	if (mac && mac->enabled && !mac->etm) {
 		if ((r = mac_compute(mac, state->p_send.seqnr,
 		sshbuf_ptr(state->outgoing_packet), len,

CVS commit: src/crypto/external/bsd/openssh/dist

2017-10-09 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Oct  9 12:07:03 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: channels.c packet.c

Log Message:
PR/52604: Tatoku Ogaito: Fix x11 session forwarding.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/channels.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/channels.c
diff -u src/crypto/external/bsd/openssh/dist/channels.c:1.19 src/crypto/external/bsd/openssh/dist/channels.c:1.20
--- src/crypto/external/bsd/openssh/dist/channels.c:1.19	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/channels.c	Mon Oct  9 08:07:03 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: channels.c,v 1.19 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: channels.c,v 1.20 2017/10/09 12:07:03 christos Exp $	*/
 /* $OpenBSD: channels.c,v 1.375 2017/09/24 13:45:34 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -41,7 +41,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: channels.c,v 1.19 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: channels.c,v 1.20 2017/10/09 12:07:03 christos Exp $");
 #include 
 #include 
 #include 
@@ -3733,10 +3733,11 @@ channel_request_remote_forwarding(struct
 		"streamlocal-forw...@openssh.com")) != 0 ||
 		(r = sshpkt_put_u8(ssh, 1)) != 0 || /* want reply */
 		(r = sshpkt_put_cstring(ssh, fwd->listen_path)) != 0 ||
-		(r = sshpkt_send(ssh)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = sshpkt_send(ssh)) != 0)
 			fatal("%s: request streamlocal: %s",
 			__func__, ssh_err(r));
+		if ((r = ssh_packet_write_wait(ssh)) < 0)
+			sshpkt_fatal(ssh, __func__, r);
 	} else {
 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
 		(r = sshpkt_put_cstring(ssh, "tcpip-forward")) != 0 ||
@@ -3744,10 +3745,11 @@ channel_request_remote_forwarding(struct
 		(r = sshpkt_put_cstring(ssh,
 		channel_rfwd_bind_host(fwd->listen_host))) != 0 ||
 		(r = sshpkt_put_u32(ssh, fwd->listen_port)) != 0 ||
-		(r = sshpkt_send(ssh)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = sshpkt_send(ssh)) != 0)
 			fatal("%s: request tcpip-forward: %s",
 			__func__, ssh_err(r));
+		if ((r = ssh_packet_write_wait(ssh)) < 0)
+			sshpkt_fatal(ssh, __func__, r);
 	}
 	/* Assume that server accepts the request */
 	success = 1;
@@ -4691,8 +4693,11 @@ x11_request_forwarding_with_spoofing(str
 	(r = sshpkt_put_cstring(ssh, proto)) != 0 ||
 	(r = sshpkt_put_cstring(ssh, new_data)) != 0 ||
 	(r = sshpkt_put_u32(ssh, screen_number)) != 0 ||
-	(r = sshpkt_send(ssh)) != 0 ||
-	(r = ssh_packet_write_wait(ssh)) != 0)
+	(r = sshpkt_send(ssh)) != 0)
 		fatal("%s: send x11-req: %s", __func__, ssh_err(r));
+
+	if ((r = ssh_packet_write_wait(ssh)) < 0)
+		sshpkt_fatal(ssh, __func__, r);
+
 	free(new_data);
 }

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.28 src/crypto/external/bsd/openssh/dist/packet.c:1.29
--- src/crypto/external/bsd/openssh/dist/packet.c:1.28	Sat Oct  7 15:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/packet.c	Mon Oct  9 08:07:03 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.28 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.264 2017/09/12 06:32:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.28 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.29 2017/10/09 12:07:03 christos Exp $");
 
 #include 	/* MIN roundup */
 #include 
@@ -1779,9 +1779,10 @@ ssh_packet_send_debug(struct ssh *ssh, c
 	(r = sshpkt_put_u8(ssh, 0)) != 0 || /* always display */
 	(r = sshpkt_put_cstring(ssh, buf)) != 0 ||
 	(r = sshpkt_put_cstring(ssh, "")) != 0 ||
-	(r = sshpkt_send(ssh)) != 0 ||
-	(r = ssh_packet_write_wait(ssh)) != 0)
+	(r = sshpkt_send(ssh)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
+	if ((r = ssh_packet_write_wait(ssh)) < 0)
+		sshpkt_fatal(ssh, __func__, r);
 }
 
 static void

CVS commit: src/crypto/external/bsd/openssh/dist

2017-10-08 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Sun Oct  8 20:19:05 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
Mark do_ca_sign as dead.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.27 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.28
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.27	Sat Oct  7 19:39:19 2017
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Sun Oct  8 20:19:05 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.27 2017/10/07 19:39:19 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.28 2017/10/08 20:19:05 joerg Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.307 2017/07/07 03:53:12 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.27 2017/10/07 19:39:19 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.28 2017/10/08 20:19:05 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1638,7 +1638,7 @@ agent_signer(const struct sshkey *key, u
 	data, datalen, alg, compat);
 }
 
-static void
+__dead static void
 do_ca_sign(struct passwd *pw, int argc, char **argv)
 {
 	int r, i, fd, found, agent_fd = -1;

CVS commit: src/crypto/external/bsd/openssh/dist

2017-06-26 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Jun 26 17:10:39 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: pfilter.c

Log Message:
If we've authenticated, we are already in the child and we don't need the
socket anymore.
XXX: pullup-7, pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/crypto/external/bsd/openssh/dist/pfilter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.3 src/crypto/external/bsd/openssh/dist/pfilter.c:1.4
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.3	Fri Jan 22 19:03:30 2016
+++ src/crypto/external/bsd/openssh/dist/pfilter.c	Mon Jun 26 13:10:39 2017
@@ -30,6 +30,10 @@ pfilter_notify(int a)
 	// XXX: 3?
  	fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3;
 	(void)blacklist_r(blstate, a, fd, "ssh");
+	if (a == 0) {
+		blacklist_close(blstate);
+		blstate = NULL;
+	}
 #else
 	__USE(a);
 #endif

CVS commit: src/crypto/external/bsd/openssh/dist

2017-04-20 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Thu Apr 20 13:22:59 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
GC multistate_privsep.


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.23 src/crypto/external/bsd/openssh/dist/servconf.c:1.24
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.23	Tue Apr 18 18:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Thu Apr 20 13:22:59 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.23 2017/04/18 18:41:46 christos Exp $	*/
+/*	$NetBSD: servconf.c,v 1.24 2017/04/20 13:22:59 joerg Exp $	*/
 
 /* $OpenBSD: servconf.c,v 1.306 2017/03/14 07:19:07 djm Exp $ */
 /*
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: servconf.c,v 1.23 2017/04/18 18:41:46 christos Exp $");
+__RCSID("$NetBSD: servconf.c,v 1.24 2017/04/20 13:22:59 joerg Exp $");
 #include 
 #include 
 #include 
@@ -1066,13 +1066,6 @@ static const struct multistate multistat
 	{ "no",0 },
 	{ NULL, -1 }
 };
-static const struct multistate multistate_privsep[] = {
-	{ "yes",			PRIVSEP_NOSANDBOX },
-	{ "sandbox",			PRIVSEP_ON },
-	{ "nosandbox",			PRIVSEP_NOSANDBOX },
-	{ "no",PRIVSEP_OFF },
-	{ NULL, -1 }
-};
 static const struct multistate multistate_tcpfwd[] = {
 	{ "yes",			FORWARD_ALLOW },
 	{ "all",			FORWARD_ALLOW },

CVS commit: src/crypto/external/bsd/openssh/dist

2017-04-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Apr 19 15:34:25 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd_config

Log Message:
fix conflict.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.20 src/crypto/external/bsd/openssh/dist/sshd_config:1.21
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.20	Tue Apr 18 14:41:46 2017
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Wed Apr 19 11:34:25 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.20 2017/04/18 18:41:46 christos Exp $
+#	$NetBSD: sshd_config,v 1.21 2017/04/19 15:34:25 christos Exp $
 #	$OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -74,11 +74,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
-<<< sshd_config
 #UsePrivilegeSeparation sandbox
 UsePam yes
-===
->>> 1.1.1.15
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0

CVS commit: src/crypto/external/bsd/openssh/dist

2017-02-16 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Feb 16 17:56:07 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-pubkey.c

Log Message:
PR/51973: Use proper fd for AuthorizedKeysCommand


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.15 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.16
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.15	Sat Dec 24 19:07:46 2016
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Thu Feb 16 12:56:07 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.16 2017/02/16 17:56:07 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth2-pubkey.c,v 1.15 2016/12/25 00:07:46 christos Exp $");
+__RCSID("$NetBSD: auth2-pubkey.c,v 1.16 2017/02/16 17:56:07 christos Exp $");
 #include 
 #include 
 #include 
@@ -839,13 +839,6 @@ check_authkeys_file(FILE *f, char *file,
 	}
 	}
 #endif
-	debug("trying public key file %s", file);
-	f = auth_openkeyfile(file, pw, options.strict_modes);
-
-	if (!f) {
-		restore_uid();
-		return 0;
-	}
 
 	found_key = 0;

CVS commit: src/crypto/external/bsd/openssh/dist

2017-02-01 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Feb  1 14:27:37 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd_config

Log Message:
match the man page, and explain why.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/sshd_config

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd_config
diff -u src/crypto/external/bsd/openssh/dist/sshd_config:1.18 src/crypto/external/bsd/openssh/dist/sshd_config:1.19
--- src/crypto/external/bsd/openssh/dist/sshd_config:1.18	Sat Dec 24 19:07:47 2016
+++ src/crypto/external/bsd/openssh/dist/sshd_config	Wed Feb  1 09:27:37 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: sshd_config,v 1.18 2016/12/25 00:07:47 christos Exp $
+#	$NetBSD: sshd_config,v 1.19 2017/02/01 14:27:37 christos Exp $
 #	$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
 
 # This is the sshd server system-wide configuration file.  See
@@ -28,7 +28,8 @@
 
 # Authentication:
 
-#LoginGraceTime 2m
+# For slow CPUs, bumped from 2 minutes to 10
+LoginGraceTime 600
 #PermitRootLogin prohibit-password
 #StrictModes yes
 #MaxAuthTries 6

CVS commit: src/crypto/external/bsd/openssh/dist

2017-01-10 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Jan 10 13:53:26 UTC 2017

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
include  for close, pipe, dup2 etc.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.20 src/crypto/external/bsd/openssh/dist/monitor.c:1.21
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.20	Sat Dec 24 19:07:47 2016
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Tue Jan 10 08:53:26 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.21 2017/01/10 13:53:26 christos Exp $	*/
 /* $OpenBSD: monitor.c,v 1.166 2016/09/28 16:33:06 djm Exp $ */
 
 /*
@@ -28,7 +28,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: monitor.c,v 1.20 2016/12/25 00:07:47 christos Exp $");
+__RCSID("$NetBSD: monitor.c,v 1.21 2017/01/10 13:53:26 christos Exp $");
 #include 
 #include 
 #include 
@@ -47,6 +47,7 @@ __RCSID("$NetBSD: monitor.c,v 1.20 2016/
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include

CVS commit: src/crypto/external/bsd/openssh/dist

2016-08-03 Thread Jonathan A. Kollasch 
Module Name:src
Committed By:   jakllsch
Date:   Wed Aug  3 15:24:28 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: utf8.c utf8.h

Log Message:
Add some missing __attribute__((format(printf annotations.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/utf8.c
cvs rdiff -u -r1.1.1.1 -r1.2 src/crypto/external/bsd/openssh/dist/utf8.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/utf8.c
diff -u src/crypto/external/bsd/openssh/dist/utf8.c:1.2 src/crypto/external/bsd/openssh/dist/utf8.c:1.3
--- src/crypto/external/bsd/openssh/dist/utf8.c:1.2	Tue Aug  2 13:45:12 2016
+++ src/crypto/external/bsd/openssh/dist/utf8.c	Wed Aug  3 15:24:28 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: utf8.c,v 1.2 2016/08/02 13:45:12 christos Exp $	*/
+/*	$NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $	*/
 /* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */
 /*
  * Copyright (c) 2016 Ingo Schwarze 
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: utf8.c,v 1.2 2016/08/02 13:45:12 christos Exp $");
+__RCSID("$NetBSD: utf8.c,v 1.3 2016/08/03 15:24:28 jakllsch Exp $");
 /*
  * Utility functions for multibyte-character handling,
  * in particular to sanitize untrusted strings for terminal output.
@@ -37,7 +37,8 @@ __RCSID("$NetBSD: utf8.c,v 1.2 2016/08/0
 
 static int	 dangerous_locale(void);
 static int	 grow_dst(char **, size_t *, size_t, char **, size_t);
-static int	 vasnmprintf(char **, size_t, int *, const char *, va_list);
+static int	 vasnmprintf(char **, size_t, int *, const char *, va_list)
+		 __attribute__((format(printf, 4, 0)));
 
 
 /*

Index: src/crypto/external/bsd/openssh/dist/utf8.h
diff -u src/crypto/external/bsd/openssh/dist/utf8.h:1.1.1.1 src/crypto/external/bsd/openssh/dist/utf8.h:1.2
--- src/crypto/external/bsd/openssh/dist/utf8.h:1.1.1.1	Tue Aug  2 13:30:06 2016
+++ src/crypto/external/bsd/openssh/dist/utf8.h	Wed Aug  3 15:24:28 2016
@@ -19,6 +19,7 @@ int	 mprintf(const char *, ...)
 	 __attribute__((format(printf, 1, 2)));
 int	 fmprintf(FILE *, const char *, ...)
 	 __attribute__((format(printf, 2, 3)));
-int	 vfmprintf(FILE *, const char *, va_list);
+int	 vfmprintf(FILE *, const char *, va_list)
+	 __attribute__((format(printf, 2, 0)));
 int	 snmprintf(char *, size_t, int *, const char *, ...)
 	 __attribute__((format(printf, 4, 5)));

CVS commit: src/crypto/external/bsd/openssh/dist

2016-08-02 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Aug  2 13:53:45 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: canohost.c

Log Message:
remove unused code


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/canohost.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/canohost.c
diff -u src/crypto/external/bsd/openssh/dist/canohost.c:1.9 src/crypto/external/bsd/openssh/dist/canohost.c:1.10
--- src/crypto/external/bsd/openssh/dist/canohost.c:1.9	Tue Aug  2 09:45:12 2016
+++ src/crypto/external/bsd/openssh/dist/canohost.c	Tue Aug  2 09:53:44 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: canohost.c,v 1.9 2016/08/02 13:45:12 christos Exp $	*/
+/*	$NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $	*/
 /* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */
 /*
  * Author: Tatu Ylonen 
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: canohost.c,v 1.9 2016/08/02 13:45:12 christos Exp $");
+__RCSID("$NetBSD: canohost.c,v 1.10 2016/08/02 13:53:44 christos Exp $");
 #include 
 #include 
 #include 
@@ -36,173 +36,6 @@ __RCSID("$NetBSD: canohost.c,v 1.9 2016/
 #include "canohost.h"
 #include "misc.h"
 
-#if removeme
-static void check_ip_options(int, char *);
-static char *canonical_host_ip = NULL;
-static int cached_port = -1;
-
-/*
- * Return the canonical name of the host at the other end of the socket. The
- * caller should free the returned string.
- */
-
-static char *
-get_remote_hostname(int sock, int use_dns)
-{
-	struct sockaddr_storage from;
-	socklen_t fromlen;
-	struct addrinfo hints, *ai, *aitop;
-	char name[NI_MAXHOST], ntop[NI_MAXHOST], ntop2[NI_MAXHOST];
-
-	/* Get IP address of client. */
-	fromlen = sizeof(from);
-	memset(, 0, sizeof(from));
-	if (getpeername(sock, (struct sockaddr *), ) < 0) {
-		debug("getpeername failed: %.100s", strerror(errno));
-		cleanup_exit(255);
-	}
-
-	if (getnameinfo((struct sockaddr *), fromlen, ntop, sizeof(ntop),
-	NULL, 0, NI_NUMERICHOST) != 0)
-		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
-
-	if (from.ss_family == AF_INET)
-		check_ip_options(sock, ntop);
-
-	if (!use_dns)
-		return xstrdup(ntop);
-
-	debug3("Trying to reverse map address %.100s.", ntop);
-	/* Map the IP address to a host name. */
-	if (getnameinfo((struct sockaddr *), fromlen, name, sizeof(name),
-	NULL, 0, NI_NAMEREQD) != 0) {
-		/* Host name not found.  Use ip address. */
-		return xstrdup(ntop);
-	}
-
-	/*
-	 * if reverse lookup result looks like a numeric hostname,
-	 * someone is trying to trick us by PTR record like following:
-	 *	1.1.1.10.in-addr.arpa.	IN PTR	2.3.4.5
-	 */
-	memset(, 0, sizeof(hints));
-	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
-	hints.ai_flags = AI_NUMERICHOST;
-	if (getaddrinfo(name, NULL, , ) == 0) {
-		logit("Nasty PTR record \"%s\" is set up for %s, ignoring",
-		name, ntop);
-		freeaddrinfo(ai);
-		return xstrdup(ntop);
-	}
-
-	/* Names are stores in lowercase. */
-	lowercase(name);
-
-	/*
-	 * Map it back to an IP address and check that the given
-	 * address actually is an address of this host.  This is
-	 * necessary because anyone with access to a name server can
-	 * define arbitrary names for an IP address. Mapping from
-	 * name to IP address can be trusted better (but can still be
-	 * fooled if the intruder has access to the name server of
-	 * the domain).
-	 */
-	memset(, 0, sizeof(hints));
-	hints.ai_family = from.ss_family;
-	hints.ai_socktype = SOCK_STREAM;
-	if (getaddrinfo(name, NULL, , ) != 0) {
-		logit("reverse mapping checking getaddrinfo for %.700s "
-		"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
-		return xstrdup(ntop);
-	}
-	/* Look for the address from the list of addresses. */
-	for (ai = aitop; ai; ai = ai->ai_next) {
-		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2,
-		sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 &&
-		(strcmp(ntop, ntop2) == 0))
-break;
-	}
-	freeaddrinfo(aitop);
-	/* If we reached the end of the list, the address was not there. */
-	if (!ai) {
-		/* Address not found for the host name. */
-		logit("Address %.100s maps to %.600s, but this does not "
-		"map back to the address - POSSIBLE BREAK-IN ATTEMPT!",
-		ntop, name);
-		return xstrdup(ntop);
-	}
-	return xstrdup(name);
-}
-
-/*
- * If IP options are supported, make sure there are none (log and
- * disconnect them if any are found).  Basically we are worried about
- * source routing; it can be used to pretend you are somebody
- * (ip-address) you are not. That itself may be "almost acceptable"
- * under certain circumstances, but rhosts autentication is useless
- * if source routing is accepted. Notice also that if we just dropped
- * source routing here, the other side could use IP spoofing to do
- * rest of the interaction and could still

CVS commit: src/crypto/external/bsd/openssh/dist

2016-04-14 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Apr 14 16:42:09 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: session.c

Log Message:
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.

CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
https://anongit.mindrot.org/openssh.git/commit/?\
id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755

XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.18 src/crypto/external/bsd/openssh/dist/session.c:1.19
--- src/crypto/external/bsd/openssh/dist/session.c:1.18	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/session.c	Thu Apr 14 12:42:09 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.280 2016/02/16 03:37:48 djm Exp $ */
 
 /*
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.18 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.19 2016/04/14 16:42:09 christos Exp $");
 #include 
 #include 
 #include 
@@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she
 	 * Pull in any environment variables that may have
 	 * been set by PAM.
 	 */
-	if (options.use_pam) {
+	if (options.use_pam && !options.use_login) {
 		char **p;
 
 		p = fetch_pam_child_environment();

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:06:06 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: kex.c

Log Message:
CID 1356388: Prevent DoS from Tainted scalar


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/kex.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/kex.c
diff -u src/crypto/external/bsd/openssh/dist/kex.c:1.14 src/crypto/external/bsd/openssh/dist/kex.c:1.15
--- src/crypto/external/bsd/openssh/dist/kex.c:1.14	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/kex.c	Wed Mar 16 17:06:06 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: kex.c,v 1.14 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: kex.c,v 1.15 2016/03/16 21:06:06 christos Exp $	*/
 /* $OpenBSD: kex.c,v 1.117 2016/02/08 10:57:07 djm Exp $ */
 
 /*
@@ -26,7 +26,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: kex.c,v 1.14 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: kex.c,v 1.15 2016/03/16 21:06:06 christos Exp $");
 #include 	/* MAX roundup */
 
 #include 
@@ -364,6 +364,10 @@ kex_input_ext_info(int type, u_int32_t s
 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, _protocol_error);
 	if ((r = sshpkt_get_u32(ssh, )) != 0)
 		return r;
+	if (ninfo > 1024) {
+		fatal("%s: too many %u fields", __func__, ninfo);
+		return SSH_ERR_INTERNAL_ERROR;
+	}
 	for (i = 0; i < ninfo; i++) {
 		if ((r = sshpkt_get_cstring(ssh, , NULL)) != 0)
 			return r;

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:41:25 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
remove unused variable


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.23
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22	Wed Mar 16 17:07:59 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Wed Mar 16 17:41:25 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.23 2016/03/16 21:41:25 christos Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.23 2016/03/16 21:41:25 christos Exp $");
 #include 
 #include 
 #include 
@@ -1906,7 +1906,6 @@ __dead static void
 do_show_cert(struct passwd *pw)
 {
 	struct sshkey *key = NULL;
-	struct stat st;
 	int r, is_stdin = 0, ok = 0;
 	FILE *f;
 	char *cp, line[SSH_MAX_PUBKEY_BYTES];

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 20:55:54 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
CID 1018734: Unitialized variable


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.23 src/crypto/external/bsd/openssh/dist/packet.c:1.24
--- src/crypto/external/bsd/openssh/dist/packet.c:1.23	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/packet.c	Wed Mar 16 16:55:54 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.23 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.24 2016/03/16 20:55:54 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.229 2016/02/17 22:20:14 djm Exp $ */
 
 /*
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: packet.c,v 1.23 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: packet.c,v 1.24 2016/03/16 20:55:54 christos Exp $");
 #include 	/* MIN roundup */
 #include 
 #include 
@@ -1387,7 +1387,7 @@ int
 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
 	struct session_state *state = ssh->state;
-	int len, r, ms_remain;
+	int len, r, ms_remain = 0;
 	fd_set *setp;
 	char buf[8192];
 	struct timeval timeout, start, *timeoutp = NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:07:59 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
CID 1356389: Remove TOCTOU.


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.22
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21	Fri Mar 11 08:15:02 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Wed Mar 16 17:07:59 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.22 2016/03/16 21:07:59 christos Exp $");
 #include 
 #include 
 #include 
@@ -1915,8 +1915,6 @@ do_show_cert(struct passwd *pw)
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (strcmp(identity_file, "-") != 0 && stat(identity_file, ) < 0)
-		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 
 	path = identity_file;
 	if (strcmp(path, "-") == 0) {

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 21:00:37 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: sshconnect.c

Log Message:
CID 1356386: Don't leak sock


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sshconnect.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshconnect.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect.c:1.16 src/crypto/external/bsd/openssh/dist/sshconnect.c:1.17
--- src/crypto/external/bsd/openssh/dist/sshconnect.c:1.16	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/sshconnect.c	Wed Mar 16 17:00:37 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect.c,v 1.16 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $	*/
 /* $OpenBSD: sshconnect.c,v 1.271 2016/01/14 22:56:56 markus Exp $ */
 
 /*
@@ -16,7 +16,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sshconnect.c,v 1.16 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: sshconnect.c,v 1.17 2016/03/16 21:00:37 christos Exp $");
 #include 	/* roundup */
 #include 
 #include 
@@ -1552,4 +1552,6 @@ maybe_add_key_to_agent(char *authfile, K
 		debug("identity added to agent: %s", authfile);
 	else
 		debug("could not add identity to agent: %s (%d)", authfile, r);
+
+	close(auth_sock);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-18 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Mar 16 20:57:46 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keyscan.c

Log Message:
CID 1356384: Check returns


To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.15 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.16
--- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.15	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	Wed Mar 16 16:57:46 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keyscan.c,v 1.15 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: ssh-keyscan.c,v 1.16 2016/03/16 20:57:46 christos Exp $	*/
 /* $OpenBSD: ssh-keyscan.c,v 1.105 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keyscan.c,v 1.15 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: ssh-keyscan.c,v 1.16 2016/03/16 20:57:46 christos Exp $");
 
 #include 
 #include 
@@ -307,6 +307,7 @@ static void
 keyprint_one(char *host, struct sshkey *key)
 {
 	char *hostport;
+	int r;
 
 	if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
 		fatal("host_hash failed");
@@ -314,7 +315,9 @@ keyprint_one(char *host, struct sshkey *
 	hostport = put_host_port(host, ssh_port);
 	if (!get_cert)
 		fprintf(stdout, "%s ", hostport);
-	sshkey_write(key, stdout);
+	if ((r = sshkey_write(key, stdout)) != 0)
+		error("key_write failed: %s", ssh_err(r));
+
 	fputs("\n", stdout);
 	free(hostport);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-11 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar 11 13:15:02 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keygen.c

Log Message:
Add more __dead; pointed out by clang (from tnn@)


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.20 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.21
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.20	Thu Mar 10 20:55:00 2016
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Fri Mar 11 08:15:02 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.20 2016/03/11 01:55:00 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.288 2016/02/15 09:47:49 dtucker Exp $ */
 
 /*
@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: ssh-keygen.c,v 1.20 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: ssh-keygen.c,v 1.21 2016/03/11 13:15:02 christos Exp $");
 #include 
 #include 
 #include 
@@ -821,7 +821,7 @@ try_read_key(char **cpp)
 	return NULL;
 }
 
-static __dead void
+static void
 fingerprint_one_key(const struct sshkey *public, const char *comment)
 {
 	char *fp = NULL, *ra = NULL;
@@ -866,7 +866,7 @@ fingerprint_private(const char *path)
 	free(comment);
 }
 
-static void
+__dead static void
 do_fingerprint(struct passwd *pw)
 {
 	FILE *f;
@@ -1902,7 +1902,7 @@ print_cert(struct sshkey *key)
 	}
 }
 
-static void
+__dead static void
 do_show_cert(struct passwd *pw)
 {
 	struct sshkey *key = NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2016-03-10 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Mar 11 03:54:27 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.h

Log Message:
fix pam build.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.5 -r1.2 src/crypto/external/bsd/openssh/dist/sshkey.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshkey.h
diff -u src/crypto/external/bsd/openssh/dist/sshkey.h:1.1.1.5 src/crypto/external/bsd/openssh/dist/sshkey.h:1.2
--- src/crypto/external/bsd/openssh/dist/sshkey.h:1.1.1.5	Thu Mar 10 20:50:02 2016
+++ src/crypto/external/bsd/openssh/dist/sshkey.h	Thu Mar 10 22:54:27 2016
@@ -26,6 +26,7 @@
 #ifndef SSHKEY_H
 #define SSHKEY_H
 
+#include "includes.h"
 #include 
 
 #ifdef WITH_OPENSSL

CVS commit: src/crypto/external/bsd/openssh/dist

2016-02-04 Thread Sean Boudreau 
Module Name:src
Committed By:   seanb
Date:   Thu Feb  4 15:04:11 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: session.c

Log Message:
- Avoid uninitialized variable usage in do_nologin() when HAVE_LOGIN_CAP
  isn't defined (which doesn't apply to NetBSD but...) and a root
  login is being evaluated.
- From upstream.


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/session.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.16 src/crypto/external/bsd/openssh/dist/session.c:1.17
--- src/crypto/external/bsd/openssh/dist/session.c:1.16	Mon Jul  6 15:09:17 2015
+++ src/crypto/external/bsd/openssh/dist/session.c	Thu Feb  4 15:04:11 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.17 2016/02/04 15:04:11 seanb Exp $	*/
 /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $");
+__RCSID("$NetBSD: session.c,v 1.17 2016/02/04 15:04:11 seanb Exp $");
 #include 
 #include 
 #include 
@@ -1339,16 +1339,17 @@ do_nologin(struct passwd *pw)
 	if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
 		return;
 	nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
-
+#else
+	if (pw->pw_uid == 0)
+		return;
+	nl = def_nl;
+#endif
 	if (stat(nl, ) == -1) {
 		if (nl != def_nl)
 			free(nl);
 		return;
 	}
-#else
-	if (pw->pw_uid)
-		nl = def_nl;
-#endif
+
 	/* /etc/nologin exists.  Print its contents if we can and exit. */
 	logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
 	if ((f = fopen(nl, "r")) != NULL) {

CVS commit: src/crypto/external/bsd/openssh/dist

2016-01-22 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Jan 23 00:03:30 UTC 2016

Modified Files:
src/crypto/external/bsd/openssh/dist: auth-pam.c auth.c auth1.c
pfilter.c

Log Message:
add more blacklist rejection points.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth-pam.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/auth.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/auth1.c
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/pfilter.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth-pam.c
diff -u src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7 src/crypto/external/bsd/openssh/dist/auth-pam.c:1.8
--- src/crypto/external/bsd/openssh/dist/auth-pam.c:1.7	Thu Jul  2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth-pam.c	Fri Jan 22 19:03:30 2016
@@ -50,7 +50,7 @@
 /*
  * NetBSD local changes
  */
-__RCSID("$NetBSD: auth-pam.c,v 1.7 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $");
 #undef USE_POSIX_THREADS /* Not yet */
 #define HAVE_SECURITY_PAM_APPL_H
 #define HAVE_PAM_GETENVLIST
@@ -114,6 +114,7 @@ void sshpam_password_change_required(int
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
+#include "pfilter.h"
 
 extern ServerOptions options;
 extern Buffer loginmsg;
@@ -809,6 +810,7 @@ sshpam_query(void *ctx, char **name, cha
 free(msg);
 return (0);
 			}
+			pfilter_notify(1);
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			sshpam_authctxt->valid ? "" : "illegal user ",
 			sshpam_authctxt->user,

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.15 src/crypto/external/bsd/openssh/dist/auth.c:1.16
--- src/crypto/external/bsd/openssh/dist/auth.c:1.15	Fri Aug 21 04:20:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth.c	Fri Jan 22 19:03:30 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $	*/
+/*	$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $	*/
 /* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: auth.c,v 1.16 2016/01/23 00:03:30 christos Exp $");
 #include 
 #include 
 
@@ -656,6 +656,7 @@ getpwnamallow(const char *user)
 
 	pw = getpwnam(user);
 	if (pw == NULL) {
+		pfilter_notify(1);
 		logit("Invalid user %.100s from %.100s",
 		user, get_remote_ipaddr());
 		return (NULL);

Index: src/crypto/external/bsd/openssh/dist/auth1.c
diff -u src/crypto/external/bsd/openssh/dist/auth1.c:1.12 src/crypto/external/bsd/openssh/dist/auth1.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth1.c:1.12	Thu Jul  2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth1.c	Fri Jan 22 19:03:30 2016
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $	*/
+/*	$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $	*/
 /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: auth1.c,v 1.12 2015/07/03 00:59:59 christos Exp $");
+__RCSID("$NetBSD: auth1.c,v 1.13 2016/01/23 00:03:30 christos Exp $");
 #include 
 #include 
 
@@ -376,6 +376,7 @@ do_authloop(Authctxt *authctxt)
 			char *msg;
 			size_t len;
 
+			pfilter_notify(1);
 			error("Access denied for user %s by PAM account "
 			"configuration", authctxt->user);
 			len = buffer_len();

Index: src/crypto/external/bsd/openssh/dist/pfilter.c
diff -u src/crypto/external/bsd/openssh/dist/pfilter.c:1.2 src/crypto/external/bsd/openssh/dist/pfilter.c:1.3
--- src/crypto/external/bsd/openssh/dist/pfilter.c:1.2	Sun Jan 25 22:57:17 2015
+++ src/crypto/external/bsd/openssh/dist/pfilter.c	Fri Jan 22 19:03:30 2016
@@ -1,4 +1,5 @@
 #include "namespace.h"
+#include "includes.h"
 #include "ssh.h"
 #include "packet.h"
 #include "log.h"

CVS commit: src/crypto/external/bsd/openssh/dist

2015-12-16 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Dec 16 13:23:38 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: sftp.c

Log Message:
PR/50564: Rin Okuyama: sftp: filename completion is broken


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sftp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp.c
diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.16 src/crypto/external/bsd/openssh/dist/sftp.c:1.17
--- src/crypto/external/bsd/openssh/dist/sftp.c:1.16	Fri Aug 21 04:20:59 2015
+++ src/crypto/external/bsd/openssh/dist/sftp.c	Wed Dec 16 08:23:38 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $	*/
+/*	$NetBSD: sftp.c,v 1.17 2015/12/16 13:23:38 christos Exp $	*/
 /* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller 
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-__RCSID("$NetBSD: sftp.c,v 1.16 2015/08/21 08:20:59 christos Exp $");
+__RCSID("$NetBSD: sftp.c,v 1.17 2015/12/16 13:23:38 christos Exp $");
 #include 	/* MIN MAX */
 #include 
 #include 
@@ -1845,8 +1845,8 @@ complete_match(EditLine *el, struct sftp
 	if (remote != LOCAL) {
 		tmp = make_absolute(tmp, remote_path);
 		remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, );
+	} else
 		glob(tmp, GLOB_LIMIT|GLOB_DOOFFS|GLOB_MARK, NULL, );
-	}
 	
 	/* Determine length of pwd so we can trim completion display */
 	for (hadglob = tmplen = pwdlen = 0; tmp[tmplen] != 0; tmplen++) {

CVS commit: src/crypto/external/bsd/openssh/dist

2015-11-12 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Nov 12 20:14:55 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: moduli

Log Message:
put back the old ones until the rest is generated


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/moduli

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/moduli
diff -u src/crypto/external/bsd/openssh/dist/moduli:1.5 src/crypto/external/bsd/openssh/dist/moduli:1.6
--- src/crypto/external/bsd/openssh/dist/moduli:1.5	Thu Nov 12 13:28:34 2015
+++ src/crypto/external/bsd/openssh/dist/moduli	Thu Nov 12 15:14:55 2015
@@ -1,42 +1,187 @@
-#	$NetBSD: moduli,v 1.5 2015/11/12 18:28:34 christos Exp $
+#	$NetBSD: moduli,v 1.6 2015/11/12 20:14:55 christos Exp $
+#	$OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $
 
 # Time Type Tests Tries Size Generator Modulus
-20151112182404 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AE85A87
-20151112182405 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AED242B
-20151112182405 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1AF6D7BF
-20151112182406 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B038613
-20151112182406 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B0FE1E7
-20151112182408 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B3BC8CB
-20151112182408 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B3BFB9B
-20151112182409 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B519C9F
-20151112182409 2 6 100 1023 2 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B619623
-20151112182410 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1B74C0F7
-20151112182412 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BB00937
-20151112182412 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BB071BF
-20151112182413 2 6 100 1023 5 F4B6E11D2F628682F06FD44603E6290F595E68A4368D9F9C92E776DBCE0B58C6685EB4A465DC8330E7C4431F7B8550F879B82431B36197C05357C0757465E712313E08BEB9CEA4054B718263F65BE3A52C5B5C3029FF709C1CB85BA7F9869C291A43D3AEC639085745426F48404C17BD6AF849C78DA0A94E90D5250B1BC061A7
-20151112182413 2 6 100 1023 2

CVS commit: src/crypto/external/bsd/openssh/dist

2015-11-12 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Nov 12 18:28:34 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: moduli

Log Message:
Regen; it's been a *long* while.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/moduli

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/moduli
diff -u src/crypto/external/bsd/openssh/dist/moduli:1.4 src/crypto/external/bsd/openssh/dist/moduli:1.5
--- src/crypto/external/bsd/openssh/dist/moduli:1.4	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/moduli	Thu Nov 12 13:28:34 2015
@@ -1,187 +1,42 @@
-#	$NetBSD: moduli,v 1.4 2015/04/03 23:58:19 christos Exp $
-#	$OpenBSD: moduli,v 1.2 2004/01/28 04:44:00 dtucker Exp $
+#	$NetBSD: moduli,v 1.5 2015/11/12 18:28:34 christos Exp $
 
 # Time Type Tests Tries Size Generator Modulus
-20031210004503 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22C583AB
-20031210004553 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D0A0D7
-20031210004628 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22D6CB97
-20031210004801 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F2D1B7
-20031210004827 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB22F5615B
-20031210004919 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230138C3
-20031210004952 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2305F6A3
-20031210005018 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230801DB
-20031210005043 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB230A0383
-20031210005147 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB231C3A7F
-20031210005230 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23249C1B
-20031210005301 2 6 100 1023 5 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB23288F0F
-20031210005438 2 6 100 1023 2 DCF93A0B883972EC0E19989AC5A2CE310E1D37717E8D9571BB7623731866E61EF75A2E27898B057F9891C2E27A639C3F29B60814581CD3B2CA3986D2683705577D45C2E7E52DC81C7A171876E5CEA74B1448BFDFAF18828EFD2519F14E45E3826634AF1949E5B535CC829A483B8A76223E5D490A257F05BDFF16F2FB2344EC9B
-20031210005548 2 6 100 1023 2

CVS commit: src/crypto/external/bsd/openssh/dist

2015-08-21 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri Aug 21 08:20:59 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth.c compat.c dns.c mux.c
packet.c sftp-server.c sftp.c ssh-keygen.1 ssh-keygen.c
ssh-pkcs11-helper.c ssh_config.5 sshconnect.c sshd.c sshd_config.5
sshkey.c version.h

Log Message:
merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/ssh-keygen.1
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/compat.c \
src/crypto/external/bsd/openssh/dist/mux.c \
src/crypto/external/bsd/openssh/dist/sftp-server.c \
src/crypto/external/bsd/openssh/dist/sshconnect.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/dns.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/sftp.c \
src/crypto/external/bsd/openssh/dist/ssh_config.5
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/sshd.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/sshkey.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/version.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.14 src/crypto/external/bsd/openssh/dist/auth.c:1.15
--- src/crypto/external/bsd/openssh/dist/auth.c:1.14	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/auth.c	Fri Aug 21 04:20:59 2015
@@ -1,5 +1,5 @@
-/*	$NetBSD: auth.c,v 1.14 2015/08/13 10:33:21 christos Exp $	*/
-/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
+/*	$NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $	*/
+/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth.c,v 1.14 2015/08/13 10:33:21 christos Exp $);
+__RCSID($NetBSD: auth.c,v 1.15 2015/08/21 08:20:59 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 
@@ -392,7 +392,7 @@ auth_root_allowed(const char *method)
 	case PERMIT_NO_PASSWD:
 		if (strcmp(method, publickey) == 0 ||
 		strcmp(method, hostbased) == 0 ||
-		strcmp(method, gssapi-with-mic))
+		strcmp(method, gssapi-with-mic) == 0)
 			return 1;
 		break;
 	case PERMIT_FORCED_ONLY:
Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.1
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.14 src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.15
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.1:1.14	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.1	Fri Aug 21 04:20:59 2015
@@ -1,5 +1,5 @@
-.\	$NetBSD: ssh-keygen.1,v 1.14 2015/08/13 10:33:21 christos Exp $
-.\	$OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $
+.\	$NetBSD: ssh-keygen.1,v 1.15 2015/08/21 08:20:59 christos Exp $
+.\	$OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
 .\
 .\  -*- nroff -*-
 .\
@@ -38,7 +38,7 @@
 .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\
-.Dd July 3 2015
+.Dd August 20 2015
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -686,7 +686,7 @@ and identifying the CA key by providing 
 to
 .Fl s :
 .Pp
-.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
 .Pp
 In all cases,
 .Ar key_id
@@ -699,7 +699,7 @@ By default, generated certificates are v
 To generate a certificate for a specified set of principals:
 .Pp
 .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
-.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
 .Pp
 Additional limitations on the validity and use of user certificates may
 be specified through certificate options.

Index: src/crypto/external/bsd/openssh/dist/compat.c
diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.12 src/crypto/external/bsd/openssh/dist/compat.c:1.13
--- src/crypto/external/bsd/openssh/dist/compat.c:1.12	Thu Aug 13 06:33:21 2015
+++ src/crypto/external/bsd/openssh/dist/compat.c	Fri Aug 21 04:20:59 2015
@@ -1,5 +1,5 @@
-/*	$NetBSD: compat.c,v 1.12 2015/08/13 10:33:21 christos Exp $	*/
-/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
+/*	$NetBSD: compat.c,v 1.13 2015/08/21 08:20:59 christos Exp $	*/
+/* $OpenBSD: compat.c,v 1.97 2015/08/19

CVS commit: src/crypto/external/bsd/openssh/dist

2015-08-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Thu Aug 13 10:33:21 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: OVERVIEW PROTOCOL PROTOCOL.mux
addrmatch.c auth-options.c auth.c auth2-chall.c authfd.c authfile.c
cipher.h clientloop.c compat.c kex.c kex.h key.c key.h krl.c log.c
monitor.c myproposal.h packet.c readconf.c readconf.h scp.1
servconf.c servconf.h ssh-add.c ssh-agent.c ssh-keygen.1
ssh-keygen.c ssh-keysign.c ssh-pkcs11.c ssh.1 ssh.c ssh.h
ssh_config.5 sshconnect2.c sshd.8 sshd.c sshd_config sshd_config.5
sshkey.c sshpty.c version.h

Log Message:
merge conflicts


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/OVERVIEW \
src/crypto/external/bsd/openssh/dist/sshkey.c \
src/crypto/external/bsd/openssh/dist/sshpty.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/PROTOCOL \
src/crypto/external/bsd/openssh/dist/krl.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/PROTOCOL.mux \
src/crypto/external/bsd/openssh/dist/cipher.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/addrmatch.c \
src/crypto/external/bsd/openssh/dist/auth2-chall.c \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssh/dist/auth-options.c
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/auth.c \
src/crypto/external/bsd/openssh/dist/ssh-keygen.1
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/authfd.c \
src/crypto/external/bsd/openssh/dist/kex.h \
src/crypto/external/bsd/openssh/dist/key.h \
src/crypto/external/bsd/openssh/dist/scp.1 \
src/crypto/external/bsd/openssh/dist/ssh-keysign.c
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/authfile.c \
src/crypto/external/bsd/openssh/dist/compat.c \
src/crypto/external/bsd/openssh/dist/kex.c \
src/crypto/external/bsd/openssh/dist/myproposal.h \
src/crypto/external/bsd/openssh/dist/ssh-add.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/clientloop.c \
src/crypto/external/bsd/openssh/dist/ssh_config.5 \
src/crypto/external/bsd/openssh/dist/sshd.8 \
src/crypto/external/bsd/openssh/dist/sshd_config
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/key.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/log.c \
src/crypto/external/bsd/openssh/dist/readconf.h \
src/crypto/external/bsd/openssh/dist/servconf.h
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/monitor.c \
src/crypto/external/bsd/openssh/dist/readconf.c \
src/crypto/external/bsd/openssh/dist/ssh-agent.c \
src/crypto/external/bsd/openssh/dist/ssh.1 \
src/crypto/external/bsd/openssh/dist/version.h
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/packet.c
cvs rdiff -u -r1.18 -r1.19 src/crypto/external/bsd/openssh/dist/servconf.c \
src/crypto/external/bsd/openssh/dist/ssh.c \
src/crypto/external/bsd/openssh/dist/sshd_config.5
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/ssh-keygen.c
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/openssh/dist/ssh.h
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/OVERVIEW
diff -u src/crypto/external/bsd/openssh/dist/OVERVIEW:1.4 src/crypto/external/bsd/openssh/dist/OVERVIEW:1.5
--- src/crypto/external/bsd/openssh/dist/OVERVIEW:1.4	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/OVERVIEW	Thu Aug 13 06:33:21 2015
@@ -65,8 +65,8 @@ these programs.
   packets.  CRC code comes from crc32.c.
 
 - The code in packet.c calls the buffer manipulation routines
-  (buffer.c, bufaux.c), compression routines (compress.c, zlib),
-  and the encryption routines.
+  (buffer.c, bufaux.c), compression routines (zlib), and the
+  encryption routines.
 
   X11, TCP/IP, and Agent forwarding
 
@@ -165,5 +165,5 @@ these programs.
 	uidswap.cuid-swapping
 	xmalloc.csafe malloc routines
 
-$OpenBSD: OVERVIEW,v 1.11 2006/08/03 03:34:41 deraadt Exp $
-$NetBSD: OVERVIEW,v 1.4 2015/04/03 23:58:19 christos Exp $
+$OpenBSD: OVERVIEW,v 1.12 2015/07/08 19:01:15 markus Exp $
+$NetBSD: OVERVIEW,v 1.5 2015/08/13 10:33:21 christos Exp $
Index: src/crypto/external/bsd/openssh/dist/sshkey.c
diff -u src/crypto/external/bsd/openssh/dist/sshkey.c:1.4 src/crypto/external/bsd/openssh/dist/sshkey.c:1.5
--- src/crypto/external/bsd/openssh/dist/sshkey.c:1.4	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/sshkey.c	Thu Aug 13 06:33:21 2015
@@ -1,5 +1,5 @@
-/*	$NetBSD: sshkey.c,v 1.4 2015/07/03 01:00:00

CVS commit: src/crypto/external/bsd/openssh/dist

2015-07-29 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Jul 29 15:04:40 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-chall.c

Log Message:
From FreeBSD:
A remote attacker may effectively bypass MaxAuthTries settings, which would
enable them to brute force passwords. [CVE-2015-5600]
XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/auth2-chall.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-chall.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.7 src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.8
--- src/crypto/external/bsd/openssh/dist/auth2-chall.c:1.7	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/auth2-chall.c	Wed Jul 29 11:04:40 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $	*/
 /* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth2-chall.c,v 1.7 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: auth2-chall.c,v 1.8 2015/07/29 15:04:40 christos Exp $);
 #include sys/types.h
 
 #include stdio.h
@@ -83,6 +83,7 @@ struct KbdintAuthctxt
 	void *ctxt;
 	KbdintDevice *device;
 	u_int nreq;
+	u_int devices_done;
 };
 
 #ifdef USE_PAM
@@ -170,11 +171,15 @@ kbdint_next_device(Authctxt *authctxt, K
 		if (len == 0)
 			break;
 		for (i = 0; devices[i]; i++) {
-			if (!auth2_method_allowed(authctxt,
+			if ((kbdintctxt-devices_done  (1  i)) != 0 ||
+			!auth2_method_allowed(authctxt,
 			keyboard-interactive, devices[i]-name))
 continue;
-			if (strncmp(kbdintctxt-devices, devices[i]-name, len) == 0)
+			if (strncmp(kbdintctxt-devices, devices[i]-name,
+			len) == 0) {
 kbdintctxt-device = devices[i];
+kbdintctxt-devices_done |= 1  i;
+			}
 		}
 		t = kbdintctxt-devices;
 		kbdintctxt-devices = t[len] ? xstrdup(t+len+1) : NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2015-07-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Jul  6 15:09:17 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth2-pubkey.c readconf.c
session.c ssh.c sshconnect2.c sshd.c

Log Message:
CID 1309355: check error return from closefrom(3) where appropriate.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/readconf.c
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/session.c
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/ssh.c
cvs rdiff -u -r1.20 -r1.21 src/crypto/external/bsd/openssh/dist/sshconnect2.c
cvs rdiff -u -r1.19 -r1.20 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth2-pubkey.c
diff -u src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.12 src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.13
--- src/crypto/external/bsd/openssh/dist/auth2-pubkey.c:1.12	Thu Jul  2 20:59:59 2015
+++ src/crypto/external/bsd/openssh/dist/auth2-pubkey.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $	*/
+/*	$NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: auth2-pubkey.c,v 1.53 2015/06/15 18:44:22 jsing Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth2-pubkey.c,v 1.12 2015/07/03 00:59:59 christos Exp $);
+__RCSID($NetBSD: auth2-pubkey.c,v 1.13 2015/07/06 15:09:17 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 #include sys/wait.h
@@ -474,7 +474,10 @@ subprocess(const char *tag, struct passw
 			error(%s: dup2: %s, tag, strerror(errno));
 			_exit(1);
 		}
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1) {
+			error(closefrom: %s, strerror(errno));
+			_exit(1);
+		}
 
 		/* Don't use permanently_set_uid() here to avoid fatal() */
 		if (setgid(pw-pw_gid) == -1) {

Index: src/crypto/external/bsd/openssh/dist/readconf.c
diff -u src/crypto/external/bsd/openssh/dist/readconf.c:1.14 src/crypto/external/bsd/openssh/dist/readconf.c:1.15
--- src/crypto/external/bsd/openssh/dist/readconf.c:1.14	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/readconf.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: readconf.c,v 1.237 2015/06/26 05:13:20 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -14,7 +14,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: readconf.c,v 1.14 2015/07/03 01:00:00 christos Exp $);
+__RCSID($NetBSD: readconf.c,v 1.15 2015/07/06 15:09:17 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 #include sys/socket.h
@@ -467,7 +467,8 @@ execute_in_shell(const char *cmd)
 			fatal(dup2: %s, strerror(errno));
 		if (devnull  STDERR_FILENO)
 			close(devnull);
-		closefrom(STDERR_FILENO + 1);
+		if (closefrom(STDERR_FILENO + 1) == -1)
+			fatal(closefrom: %s, strerror(errno));
 
 		argv[0] = __UNCONST(shell);
 		argv[1] = __UNCONST(-c);

Index: src/crypto/external/bsd/openssh/dist/session.c
diff -u src/crypto/external/bsd/openssh/dist/session.c:1.15 src/crypto/external/bsd/openssh/dist/session.c:1.16
--- src/crypto/external/bsd/openssh/dist/session.c:1.15	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/session.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $	*/
+/*	$NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $	*/
 /* $OpenBSD: session.c,v 1.278 2015/04/24 01:36:00 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland
@@ -35,7 +35,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: session.c,v 1.15 2015/07/03 01:00:00 christos Exp $);
+__RCSID($NetBSD: session.c,v 1.16 2015/07/06 15:09:17 christos Exp $);
 #include sys/types.h
 #include sys/wait.h
 #include sys/un.h
@@ -1557,7 +1557,7 @@ child_close_fds(void)
 	 * initgroups, because at least on Solaris 2.3 it leaves file
 	 * descriptors open.
 	 */
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 }
 
 /*
@@ -1688,7 +1688,7 @@ do_child(Session *s, const char *command
 			exit(1);
 	}
 
-	closefrom(STDERR_FILENO + 1);
+	(void)closefrom(STDERR_FILENO + 1);
 
 	if (!options.use_login)
 		do_rc_files(s, shell);

Index: src/crypto/external/bsd/openssh/dist/ssh.c
diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.17 src/crypto/external/bsd/openssh/dist/ssh.c:1.18
--- src/crypto/external/bsd/openssh/dist/ssh.c:1.17	Thu Jul  2 21:00:00 2015
+++ src/crypto/external/bsd/openssh/dist/ssh.c	Mon Jul  6 11:09:17 2015
@@ -1,4 +1,4 @@
-/*

CVS commit: src/crypto/external/bsd/openssh/dist

2015-05-16 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat May 16 14:17:28 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: compat.c

Log Message:
Pass the correct length to match_patter_list; from Hanno Boeck.
XXX: pullup-7


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/compat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/compat.c
diff -u src/crypto/external/bsd/openssh/dist/compat.c:1.9 src/crypto/external/bsd/openssh/dist/compat.c:1.10
--- src/crypto/external/bsd/openssh/dist/compat.c:1.9	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/compat.c	Sat May 16 10:17:28 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: compat.c,v 1.9 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: compat.c,v 1.10 2015/05/16 14:17:28 christos Exp $	*/
 /* $OpenBSD: compat.c,v 1.87 2015/01/19 20:20:20 markus Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: compat.c,v 1.9 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: compat.c,v 1.10 2015/05/16 14:17:28 christos Exp $);
 #include sys/types.h
 
 #include stdlib.h
@@ -242,7 +242,7 @@ filter_proposal(const char *proposal, co
 	buffer_init(b);
 	tmp = orig_prop = xstrdup(proposal);
 	while ((cp = strsep(tmp, ,)) != NULL) {
-		if (match_pattern_list(cp, filter, strlen(cp), 0) != 1) {
+		if (match_pattern_list(cp, filter, strlen(filter), 0) != 1) {
 			if (buffer_len(b)  0)
 buffer_append(b, ,, 1);
 			buffer_append(b, cp, strlen(cp));

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:35:16 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: sftp.c

Log Message:
CID 996110: Fix memory leak


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sftp.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp.c
diff -u src/crypto/external/bsd/openssh/dist/sftp.c:1.14 src/crypto/external/bsd/openssh/dist/sftp.c:1.15
--- src/crypto/external/bsd/openssh/dist/sftp.c:1.14	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/sftp.c	Mon Apr 13 13:35:16 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp.c,v 1.14 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: sftp.c,v 1.15 2015/04/13 17:35:16 christos Exp $	*/
 /* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org
@@ -17,7 +17,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sftp.c,v 1.14 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: sftp.c,v 1.15 2015/04/13 17:35:16 christos Exp $);
 #include sys/param.h	/* MIN MAX */
 #include sys/types.h
 #include sys/ioctl.h
@@ -732,6 +732,8 @@ process_put(struct sftp_conn *conn, char
 			fflag || global_fflag) == -1)
 err = -1;
 		}
+		free(abs_dst);
+		abs_dst = NULL;
 	}
 
 out:

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:54:52 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keyscan.c

Log Message:
CID 1293644: Check returns


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.13
--- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12	Sat Apr  4 09:59:20 2015
+++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	Mon Apr 13 13:54:52 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $	*/
+/*	$NetBSD: ssh-keyscan.c,v 1.13 2015/04/13 17:54:52 christos Exp $	*/
 /* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres d...@lcs.mit.edu.
@@ -9,7 +9,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $);
+__RCSID($NetBSD: ssh-keyscan.c,v 1.13 2015/04/13 17:54:52 christos Exp $);
 
 #include sys/param.h
 #include sys/types.h
@@ -284,6 +284,7 @@ static void
 keyprint(con *c, struct sshkey *key)
 {
 	char *host = c-c_output_name ? c-c_output_name : c-c_name;
+	int r;
 
 	if (!key)
 		return;
@@ -291,7 +292,9 @@ keyprint(con *c, struct sshkey *key)
 		fatal(host_hash failed);
 
 	fprintf(stdout, %s , host);
-	sshkey_write(key, stdout);
+	if ((r = sshkey_write(key, stdout)) != 0)
+		fprintf(stderr, key_write failed: %s, ssh_err(r));
+
 	fputs(\n, stdout);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:59:21 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: clientloop.c

Log Message:
CID 1293652: Forward NULL deref


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/clientloop.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/clientloop.c
diff -u src/crypto/external/bsd/openssh/dist/clientloop.c:1.12 src/crypto/external/bsd/openssh/dist/clientloop.c:1.13
--- src/crypto/external/bsd/openssh/dist/clientloop.c:1.12	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/clientloop.c	Mon Apr 13 13:59:21 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: clientloop.c,v 1.12 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: clientloop.c,v 1.13 2015/04/13 17:59:21 christos Exp $	*/
 /* $OpenBSD: clientloop.c,v 1.272 2015/02/25 19:54:02 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -61,7 +61,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: clientloop.c,v 1.12 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: clientloop.c,v 1.13 2015/04/13 17:59:21 christos Exp $);
 
 #include sys/param.h	/* MIN MAX */
 #include sys/types.h
@@ -1594,7 +1594,8 @@ client_loop(int have_pty, int escape_cha
 			channel_after_select(readset, writeset);
 			if (need_rekeying || packet_need_rekeying()) {
 debug(need rekeying);
-active_state-kex-done = 0;
+if (active_state-kex != NULL)
+	active_state-kex-done = 0;
 if ((r = kex_send_kexinit(active_state)) != 0)
 	fatal(%s: kex_send_kexinit: %s,
 	__func__, ssh_err(r));

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:38:20 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
CID 1018734: Fix uninit


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.17 src/crypto/external/bsd/openssh/dist/packet.c:1.18
--- src/crypto/external/bsd/openssh/dist/packet.c:1.17	Wed Apr  8 11:49:46 2015
+++ src/crypto/external/bsd/openssh/dist/packet.c	Mon Apr 13 13:38:20 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.18 2015/04/13 17:38:20 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -39,7 +39,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $);
+__RCSID($NetBSD: packet.c,v 1.18 2015/04/13 17:38:20 christos Exp $);
 #include sys/param.h	/* MIN roundup */
 #include sys/types.h
 #include sys/queue.h
@@ -1262,7 +1262,7 @@ int
 ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p)
 {
 	struct session_state *state = ssh-state;
-	int len, r, ms_remain, cont;
+	int len, r, ms_remain = 0, cont;
 	fd_set *setp;
 	char buf[8192];
 	struct timeval timeout, start, *timeoutp = NULL;

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 18:00:48 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: serverloop.c

Log Message:
CID 1293655: Forward NULL deref


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/serverloop.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.11 src/crypto/external/bsd/openssh/dist/serverloop.c:1.12
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.11	Mon Apr 13 13:50:31 2015
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Mon Apr 13 14:00:47 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -37,7 +37,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $);
+__RCSID($NetBSD: serverloop.c,v 1.12 2015/04/13 18:00:47 christos Exp $);
 #include sys/param.h	/* MIN MAX */
 #include sys/types.h
 #include sys/wait.h
@@ -863,8 +863,9 @@ server_loop2(Authctxt *authctxt)
 			if (packet_need_rekeying()) {
 int r;
 debug(need rekeying);
-active_state-kex-done = 0;
- if ((r = kex_send_kexinit(active_state)) != 0)
+if (active_state-kex)
+	active_state-kex-done = 0;
+if ((r = kex_send_kexinit(active_state)) != 0)
 	logit(%s: kex_send_kexinit: %s,
 	__func__, ssh_err(r));
 			}

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-13 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Apr 13 17:50:31 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: serverloop.c

Log Message:
CID 1293642: Check returns


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/serverloop.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.10 src/crypto/external/bsd/openssh/dist/serverloop.c:1.11
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.10	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Mon Apr 13 13:50:31 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.10 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.178 2015/02/20 22:17:21 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -37,7 +37,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: serverloop.c,v 1.10 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: serverloop.c,v 1.11 2015/04/13 17:50:31 christos Exp $);
 #include sys/param.h	/* MIN MAX */
 #include sys/types.h
 #include sys/wait.h
@@ -861,9 +861,12 @@ server_loop2(Authctxt *authctxt)
 		if (!rekeying) {
 			channel_after_select(readset, writeset);
 			if (packet_need_rekeying()) {
+int r;
 debug(need rekeying);
 active_state-kex-done = 0;
-kex_send_kexinit(active_state);
+ if ((r = kex_send_kexinit(active_state)) != 0)
+	logit(%s: kex_send_kexinit: %s,
+	__func__, ssh_err(r));
 			}
 		}
 		process_input(readset);

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-11 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Sat Apr 11 21:14:31 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.h ssh-keygen.c

Log Message:
Use __dead.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/packet.h
cvs rdiff -u -r1.15 -r1.16 src/crypto/external/bsd/openssh/dist/ssh-keygen.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.h
diff -u src/crypto/external/bsd/openssh/dist/packet.h:1.10 src/crypto/external/bsd/openssh/dist/packet.h:1.11
--- src/crypto/external/bsd/openssh/dist/packet.h:1.10	Fri Apr  3 23:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/packet.h	Sat Apr 11 21:14:31 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.h,v 1.10 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: packet.h,v 1.11 2015/04/11 21:14:31 joerg Exp $	*/
 /* $OpenBSD: packet.h,v 1.66 2015/01/30 01:13:33 djm Exp $ */
 
 /*
@@ -151,7 +151,7 @@ int	sshpkt_sendx(struct ssh *ssh);
 int sshpkt_disconnect(struct ssh *, const char *fmt, ...)
 	__attribute__((format(printf, 2, 3)));
 int	sshpkt_add_padding(struct ssh *, u_char);
-void	sshpkt_fatal(struct ssh *ssh, const char *tag, int r);
+void	sshpkt_fatal(struct ssh *ssh, const char *tag, int r) __dead;
 
 int	sshpkt_put(struct ssh *ssh, const void *v, size_t len);
 int	sshpkt_putb(struct ssh *ssh, const struct sshbuf *b);

Index: src/crypto/external/bsd/openssh/dist/ssh-keygen.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.15 src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.16
--- src/crypto/external/bsd/openssh/dist/ssh-keygen.c:1.15	Fri Apr  3 23:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/ssh-keygen.c	Sat Apr 11 21:14:31 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keygen.c,v 1.15 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: ssh-keygen.c,v 1.16 2015/04/11 21:14:31 joerg Exp $	*/
 /* $OpenBSD: ssh-keygen.c,v 1.266 2015/02/26 20:45:47 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -14,7 +14,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: ssh-keygen.c,v 1.15 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: ssh-keygen.c,v 1.16 2015/04/11 21:14:31 joerg Exp $);
 #include sys/types.h
 #include sys/socket.h
 #include sys/stat.h
@@ -291,7 +291,7 @@ load_identity(char *filename)
 #define	SSH_COM_PRIVATE_KEY_MAGIC	0x3f6ff9eb
 
 #ifdef WITH_OPENSSL
-static void
+__dead static void
 do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
 {
 	size_t len;

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-08 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Apr  8 15:49:47 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: dispatch.c packet.c

Log Message:
ssh_packet_write_wait() returns number of bytes now; check for negative
for error instead of 0. Fixes ssh command restrictions, reported by
Tobias Nygren.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssh/dist/dispatch.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/dispatch.c
diff -u src/crypto/external/bsd/openssh/dist/dispatch.c:1.4 src/crypto/external/bsd/openssh/dist/dispatch.c:1.5
--- src/crypto/external/bsd/openssh/dist/dispatch.c:1.4	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/dispatch.c	Wed Apr  8 11:49:46 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: dispatch.c,v 1.4 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: dispatch.c,v 1.5 2015/04/08 15:49:46 christos Exp $	*/
 /* $OpenBSD: dispatch.c,v 1.26 2015/02/12 20:34:19 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: dispatch.c,v 1.4 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: dispatch.c,v 1.5 2015/04/08 15:49:46 christos Exp $);
 #include sys/types.h
 
 #include signal.h
@@ -51,7 +51,7 @@ dispatch_protocol_error(int type, u_int3
 	if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 ||
 	(r = sshpkt_put_u32(ssh, seq)) != 0 ||
 	(r = sshpkt_send(ssh)) != 0 ||
-	(r = ssh_packet_write_wait(ssh)) != 0)
+	(r = ssh_packet_write_wait(ssh))  0)
 		sshpkt_fatal(ssh, __func__, r);
 	return 0;
 }

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.16 src/crypto/external/bsd/openssh/dist/packet.c:1.17
--- src/crypto/external/bsd/openssh/dist/packet.c:1.16	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/packet.c	Wed Apr  8 11:49:46 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.16 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.208 2015/02/13 18:57:00 markus Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -39,7 +39,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: packet.c,v 1.16 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: packet.c,v 1.17 2015/04/08 15:49:46 christos Exp $);
 #include sys/param.h	/* MIN roundup */
 #include sys/types.h
 #include sys/queue.h
@@ -1452,7 +1452,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u
 		if (emsg != NULL) {
 			error(%s, emsg);
 			if ((r = sshpkt_disconnect(ssh, %s, emsg)) != 0 ||
-			(r = ssh_packet_write_wait(ssh)) != 0)
+			(r = ssh_packet_write_wait(ssh))  0)
 	return r;
 			return SSH_ERR_CONN_CORRUPT;
 		}
@@ -1487,7 +1487,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u
 		error(%s: len %d != sshbuf_len %zd, __func__,
 		len, sshbuf_len(state-incoming_packet));
 		if ((r = sshpkt_disconnect(ssh, invalid packet length)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = ssh_packet_write_wait(ssh))  0)
 			return r;
 		return SSH_ERR_CONN_CORRUPT;
 	}
@@ -1497,7 +1497,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u
 	if (checksum != stored_checksum) {
 		error(Corrupted check bytes on input);
 		if ((r = sshpkt_disconnect(ssh, connection corrupted)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = ssh_packet_write_wait(ssh))  0)
 			return r;
 		return SSH_ERR_CONN_CORRUPT;
 	}
@@ -1521,7 +1521,7 @@ ssh_packet_read_poll1(struct ssh *ssh, u
 	if (*typep  SSH_MSG_MIN || *typep  SSH_MSG_MAX) {
 		error(Invalid ssh1 packet type: %d, *typep);
 		if ((r = sshpkt_disconnect(ssh, invalid packet type)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = ssh_packet_write_wait(ssh))  0)
 			return r;
 		return SSH_ERR_PROTOCOL_ERROR;
 	}
@@ -1694,7 +1694,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u
 	if (padlen  4)	{
 		if ((r = sshpkt_disconnect(ssh,
 		Corrupted padlen %d on input., padlen)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = ssh_packet_write_wait(ssh))  0)
 			return r;
 		return SSH_ERR_CONN_CORRUPT;
 	}
@@ -1727,7 +1727,7 @@ ssh_packet_read_poll2(struct ssh *ssh, u
 	if (*typep  SSH2_MSG_MIN || *typep = SSH2_MSG_LOCAL_MIN) {
 		if ((r = sshpkt_disconnect(ssh,
 		Invalid ssh2 packet type: %d, *typep)) != 0 ||
-		(r = ssh_packet_write_wait(ssh)) != 0)
+		(r = ssh_packet_write_wait(ssh))  0)
 			return r;
 		return SSH_ERR_PROTOCOL_ERROR;
 	}
@@ -1896,7 +1896,7 @@ ssh_packet_send_debug(struct ssh *ssh, c
 		(r = sshpkt_send(ssh)) != 0)
 			fatal(%s: %s, __func__, ssh_err(r));
 	}
-	if ((r = ssh_packet_write_wait(ssh)) != 0)
+	if ((r = ssh_packet_write_wait(ssh))  0)
 		fatal(%s: %s,

CVS commit: src/crypto/external/bsd/openssh/dist

2015-04-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Apr  4 13:59:20 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh-keyscan.c

Log Message:
Alpha is the only platform where sig_atomic_t isn't int...
OpenBSD does not compile OpenSSH on the alpha anymore?


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh-keyscan.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.11 src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.12
--- src/crypto/external/bsd/openssh/dist/ssh-keyscan.c:1.11	Fri Apr  3 19:58:19 2015
+++ src/crypto/external/bsd/openssh/dist/ssh-keyscan.c	Sat Apr  4 09:59:20 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-keyscan.c,v 1.11 2015/04/03 23:58:19 christos Exp $	*/
+/*	$NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $	*/
 /* $OpenBSD: ssh-keyscan.c,v 1.99 2015/01/30 10:44:49 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres d...@lcs.mit.edu.
@@ -9,7 +9,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: ssh-keyscan.c,v 1.11 2015/04/03 23:58:19 christos Exp $);
+__RCSID($NetBSD: ssh-keyscan.c,v 1.12 2015/04/04 13:59:20 christos Exp $);
 
 #include sys/param.h
 #include sys/types.h
@@ -91,7 +91,7 @@ typedef struct Connection {
 	int c_len;		/* Total bytes which must be read. */
 	int c_off;		/* Length of data read so far. */
 	int c_keytype;		/* Only one of KT_RSA1, KT_DSA, or KT_RSA */
-	int c_done;		/* SSH2 done */
+	sig_atomic_t c_done;	/* SSH2 done */
 	char *c_namebase;	/* Address to free for c_name and c_namelist */
 	char *c_name;		/* Hostname of connection for errors */
 	char *c_namelist;	/* Pointer to other possible addresses */

CVS commit: src/crypto/external/bsd/openssh/dist

2015-02-14 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Feb 14 15:41:21 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: auth1.c auth2.c

Log Message:
Also mark as bad attempts those who come in a bad users (Frank Kardel)


To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssh/dist/auth1.c \
src/crypto/external/bsd/openssh/dist/auth2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth1.c
diff -u src/crypto/external/bsd/openssh/dist/auth1.c:1.9 src/crypto/external/bsd/openssh/dist/auth1.c:1.10
--- src/crypto/external/bsd/openssh/dist/auth1.c:1.9	Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/auth1.c	Sat Feb 14 10:41:21 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth1.c,v 1.9 2014/10/19 16:30:58 christos Exp $	*/
+/*	$NetBSD: auth1.c,v 1.10 2015/02/14 15:41:21 christos Exp $	*/
 /* $OpenBSD: auth1.c,v 1.82 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland
@@ -12,7 +12,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth1.c,v 1.9 2014/10/19 16:30:58 christos Exp $);
+__RCSID($NetBSD: auth1.c,v 1.10 2015/02/14 15:41:21 christos Exp $);
 #include sys/types.h
 #include sys/queue.h
 
@@ -41,6 +41,7 @@ __RCSID($NetBSD: auth1.c,v 1.9 2014/10/
 #endif
 #include monitor_wrap.h
 #include buffer.h
+#include pfilter.h
 
 /* import */
 extern ServerOptions options;
@@ -445,6 +446,7 @@ do_authentication(Authctxt *authctxt)
 	else {
 		debug(do_authentication: invalid user %s, user);
 		authctxt-pw = fakepw();
+		pfilter_notify(1);
 	}
 
 	/* Configuration may have changed as a result of Match */
Index: src/crypto/external/bsd/openssh/dist/auth2.c
diff -u src/crypto/external/bsd/openssh/dist/auth2.c:1.9 src/crypto/external/bsd/openssh/dist/auth2.c:1.10
--- src/crypto/external/bsd/openssh/dist/auth2.c:1.9	Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/auth2.c	Sat Feb 14 10:41:21 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth2.c,v 1.9 2014/10/19 16:30:58 christos Exp $	*/
+/*	$NetBSD: auth2.c,v 1.10 2015/02/14 15:41:21 christos Exp $	*/
 /* $OpenBSD: auth2.c,v 1.132 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth2.c,v 1.9 2014/10/19 16:30:58 christos Exp $);
+__RCSID($NetBSD: auth2.c,v 1.10 2015/02/14 15:41:21 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 #include sys/uio.h
@@ -52,6 +52,7 @@ __RCSID($NetBSD: auth2.c,v 1.9 2014/10/
 #include pathnames.h
 #include buffer.h
 #include canohost.h
+#include pfilter.h
 
 #ifdef GSSAPI
 #include ssh-gss.h
@@ -256,6 +257,7 @@ input_userauth_request(int type, u_int32
 		} else {
 			logit(input_userauth_request: invalid user %s, user);
 			authctxt-pw = fakepw();
+			pfilter_notify(1);
 		}
 #ifdef USE_PAM
 		if (options.use_pam)

CVS commit: src/crypto/external/bsd/openssh/dist

2015-02-14 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Feb 14 19:05:29 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd.c

Log Message:
initialize the pfilter for the privilege-separated copy (Frank Kardel)


To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.16 src/crypto/external/bsd/openssh/dist/sshd.c:1.17
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.16	Sun Jan 25 10:52:44 2015
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Sat Feb 14 14:05:29 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.16 2015/01/25 15:52:44 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.17 2015/02/14 19:05:29 christos Exp $	*/
 /* $OpenBSD: sshd.c,v 1.428 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -44,7 +44,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sshd.c,v 1.16 2015/01/25 15:52:44 christos Exp $);
+__RCSID($NetBSD: sshd.c,v 1.17 2015/02/14 19:05:29 christos Exp $);
 #include sys/types.h
 #include sys/param.h
 #include sys/ioctl.h
@@ -628,6 +628,8 @@ privsep_preauth_child(void)
 	explicit_bzero(pw-pw_passwd, strlen(pw-pw_passwd));
 	endpwent();
 
+	pfilter_init();
+
 	/* Change our root directory */
 	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
 		fatal(chroot(\%s\): %s, _PATH_PRIVSEP_CHROOT_DIR,

CVS commit: src/crypto/external/bsd/openssh/dist

2015-01-20 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Wed Jan 21 02:05:47 UTC 2015

Modified Files:
src/crypto/external/bsd/openssh/dist: packet.c

Log Message:
don't print a return on debug messages


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/packet.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/packet.c
diff -u src/crypto/external/bsd/openssh/dist/packet.c:1.14 src/crypto/external/bsd/openssh/dist/packet.c:1.15
--- src/crypto/external/bsd/openssh/dist/packet.c:1.14	Sun Oct 19 23:05:13 2014
+++ src/crypto/external/bsd/openssh/dist/packet.c	Tue Jan 20 21:05:47 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $	*/
+/*	$NetBSD: packet.c,v 1.15 2015/01/21 02:05:47 christos Exp $	*/
 /* $OpenBSD: packet.c,v 1.198 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -39,7 +39,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: packet.c,v 1.14 2014/10/20 03:05:13 christos Exp $);
+__RCSID($NetBSD: packet.c,v 1.15 2015/01/21 02:05:47 christos Exp $);
 #include sys/types.h
 #include sys/queue.h
 #include sys/socket.h
@@ -944,7 +944,7 @@ packet_send2_wrapped(void)
 	len, padlen, aadlen));
 
 	/* compute MAC over seqnr and packet(length fields, payload, padding) */
-debug(mac %p, %d %d\n, mac, mac? mac-enabled : -1, mac ? mac-etm : -1);
+debug(mac %p, %d %d, mac, mac? mac-enabled : -1, mac ? mac-etm : -1);
 	if (mac  mac-enabled  !mac-etm) {
 		macbuf = mac_compute(mac, active_state-p_send.seqnr,
 		buffer_ptr(active_state-outgoing_packet), len);

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-28 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Tue Oct 28 21:35:57 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: sshbuf.h

Log Message:
Mark sshbuf_putfv as __printflike.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/crypto/external/bsd/openssh/dist/sshbuf.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshbuf.h
diff -u src/crypto/external/bsd/openssh/dist/sshbuf.h:1.2 src/crypto/external/bsd/openssh/dist/sshbuf.h:1.3
--- src/crypto/external/bsd/openssh/dist/sshbuf.h:1.2	Sun Oct 19 16:30:59 2014
+++ src/crypto/external/bsd/openssh/dist/sshbuf.h	Tue Oct 28 21:35:56 2014
@@ -161,7 +161,8 @@ int	sshbuf_putb(struct sshbuf *buf, cons
 /* Append using a printf(3) format */
 int	sshbuf_putf(struct sshbuf *buf, const char *fmt, ...)
 	__attribute__((format(printf, 2, 3)));
-int	sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap);
+int	sshbuf_putfv(struct sshbuf *buf, const char *fmt, va_list ap)
+	__printflike(2, 0);
 
 /* Functions to extract or store big-endian words of various sizes */
 int	sshbuf_get_u64(struct sshbuf *buf, u_int64_t *valp);

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-28 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Tue Oct 28 21:36:16 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: sshd.c

Log Message:
sighup_handler is not dead.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/sshd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sshd.c
diff -u src/crypto/external/bsd/openssh/dist/sshd.c:1.14 src/crypto/external/bsd/openssh/dist/sshd.c:1.15
--- src/crypto/external/bsd/openssh/dist/sshd.c:1.14	Sun Oct 19 16:30:59 2014
+++ src/crypto/external/bsd/openssh/dist/sshd.c	Tue Oct 28 21:36:16 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshd.c,v 1.14 2014/10/19 16:30:59 christos Exp $	*/
+/*	$NetBSD: sshd.c,v 1.15 2014/10/28 21:36:16 joerg Exp $	*/
 /* $OpenBSD: sshd.c,v 1.428 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -44,7 +44,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sshd.c,v 1.14 2014/10/19 16:30:59 christos Exp $);
+__RCSID($NetBSD: sshd.c,v 1.15 2014/10/28 21:36:16 joerg Exp $);
 #include sys/types.h
 #include sys/param.h
 #include sys/ioctl.h
@@ -287,7 +287,7 @@ close_startup_pipes(void)
  */
 
 /*ARGSUSED*/
-__dead static void
+static void
 sighup_handler(int sig)
 {
 	int save_errno = errno;

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-28 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Tue Oct 28 21:36:30 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: umac.c

Log Message:
xor32 may be unused, mark it so.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/umac.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/umac.c
diff -u src/crypto/external/bsd/openssh/dist/umac.c:1.7 src/crypto/external/bsd/openssh/dist/umac.c:1.8
--- src/crypto/external/bsd/openssh/dist/umac.c:1.7	Mon Oct 20 10:31:32 2014
+++ src/crypto/external/bsd/openssh/dist/umac.c	Tue Oct 28 21:36:30 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $	*/
+/*	$NetBSD: umac.c,v 1.8 2014/10/28 21:36:30 joerg Exp $	*/
 /* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */
 /* ---
  * 
@@ -67,7 +67,7 @@
 /* -- */
 
 #include includes.h
-__RCSID($NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $);
+__RCSID($NetBSD: umac.c,v 1.8 2014/10/28 21:36:30 joerg Exp $);
 #include sys/types.h
 #include sys/endian.h
 #include string.h
@@ -239,7 +239,7 @@ xor64(uint8_t *dp, int di, uint8_t *sp, 
 memcpy(dp + sizeof(dst) * di, dst, sizeof(dst));
 }
 
-static inline void
+__unused static inline void
 xor32(uint8_t *dp, int di, uint8_t *sp, int si)
 {
 uint32_t dst, src;

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-20 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Mon Oct 20 10:31:32 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: umac.c

Log Message:
Try to make this buildable on big endian machines.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/umac.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/umac.c
diff -u src/crypto/external/bsd/openssh/dist/umac.c:1.6 src/crypto/external/bsd/openssh/dist/umac.c:1.7
--- src/crypto/external/bsd/openssh/dist/umac.c:1.6	Mon Oct 20 03:05:13 2014
+++ src/crypto/external/bsd/openssh/dist/umac.c	Mon Oct 20 10:31:32 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: umac.c,v 1.6 2014/10/20 03:05:13 christos Exp $	*/
+/*	$NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $	*/
 /* $OpenBSD: umac.c,v 1.11 2014/07/22 07:13:42 guenther Exp $ */
 /* ---
  * 
@@ -67,7 +67,7 @@
 /* -- */
 
 #include includes.h
-__RCSID($NetBSD: umac.c,v 1.6 2014/10/20 03:05:13 christos Exp $);
+__RCSID($NetBSD: umac.c,v 1.7 2014/10/20 10:31:32 martin Exp $);
 #include sys/types.h
 #include sys/endian.h
 #include string.h
@@ -565,6 +565,7 @@ static void nh_transform(nh_ctx *hc, con
 
 /* -- */
 
+#if (__LITTLE_ENDIAN__)
 static void endian_convert(void *buf, UWORD bpw, UINT32 num_bytes)
 /* We endian convert the keys on little-endian computers to   */
 /* compensate for the lack of big-endian memory reads during hashing. */
@@ -587,7 +588,6 @@ static void endian_convert(void *buf, UW
 } while (--iters);
 }
 }
-#if (__LITTLE_ENDIAN__)
 #define endian_convert_if_le(x,y,z) endian_convert((x),(y),(z))
 #else
 #define endian_convert_if_le(x,y,z) do{}while(0)  /* Do nothing */

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-20 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Oct 20 18:14:37 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: myproposal.h sshconnect2.c

Log Message:
re-enable the none cipher, now that it has been tested.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/myproposal.h
cvs rdiff -u -r1.17 -r1.18 src/crypto/external/bsd/openssh/dist/sshconnect2.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/myproposal.h
diff -u src/crypto/external/bsd/openssh/dist/myproposal.h:1.8 src/crypto/external/bsd/openssh/dist/myproposal.h:1.9
--- src/crypto/external/bsd/openssh/dist/myproposal.h:1.8	Sun Oct 19 12:30:58 2014
+++ src/crypto/external/bsd/openssh/dist/myproposal.h	Mon Oct 20 14:14:37 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: myproposal.h,v 1.8 2014/10/19 16:30:58 christos Exp $	*/
+/*	$NetBSD: myproposal.h,v 1.9 2014/10/20 18:14:37 christos Exp $	*/
 /* $OpenBSD: myproposal.h,v 1.41 2014/07/11 13:54:34 tedu Exp $ */
 
 /*
@@ -64,8 +64,6 @@
 	arcfour256,arcfour128, \
 	aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, \
 	aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
-#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \
-	,none
 
 #define	KEX_SERVER_MAC \
 	umac-64-...@openssh.com, \
@@ -118,14 +116,19 @@
 
 #endif /* WITH_OPENSSL */
 
+#define KEX_CLIENT_ENCRYPT_INCLUDE_NONE KEX_CLIENT_ENCRYPT \
+	,none
+#define KEX_SERVER_ENCRYPT_INCLUDE_NONE KEX_SERVER_ENCRYPT \
+	,none
+
 #define	KEX_DEFAULT_COMP	none,z...@openssh.com,zlib
 #define	KEX_DEFAULT_LANG	
 
 #define KEX_CLIENT \
 	KEX_CLIENT_KEX, \
 	KEX_DEFAULT_PK_ALG, \
-	KEX_CLIENT_ENCRYPT, \
-	KEX_CLIENT_ENCRYPT, \
+	KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \
+	KEX_CLIENT_ENCRYPT_INCLUDE_NONE, \
 	KEX_CLIENT_MAC, \
 	KEX_CLIENT_MAC, \
 	KEX_DEFAULT_COMP, \
@@ -136,8 +139,8 @@
 #define KEX_SERVER \
 	KEX_SERVER_KEX, \
 	KEX_DEFAULT_PK_ALG, \
-	KEX_SERVER_ENCRYPT, \
-	KEX_SERVER_ENCRYPT, \
+	KEX_SERVER_ENCRYPT_INCLUDE_NONE, \
+	KEX_SERVER_ENCRYPT_INCLUDE_NONE, \
 	KEX_SERVER_MAC, \
 	KEX_SERVER_MAC, \
 	KEX_DEFAULT_COMP, \

Index: src/crypto/external/bsd/openssh/dist/sshconnect2.c
diff -u src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.17 src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.18
--- src/crypto/external/bsd/openssh/dist/sshconnect2.c:1.17	Sun Oct 19 23:05:13 2014
+++ src/crypto/external/bsd/openssh/dist/sshconnect2.c	Mon Oct 20 14:14:37 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $	*/
+/*	$NetBSD: sshconnect2.c,v 1.18 2014/10/20 18:14:37 christos Exp $	*/
 /* $OpenBSD: sshconnect2.c,v 1.210 2014/07/15 15:54:14 millert Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: sshconnect2.c,v 1.17 2014/10/20 03:05:13 christos Exp $);
+__RCSID($NetBSD: sshconnect2.c,v 1.18 2014/10/20 18:14:37 christos Exp $);
 #include sys/types.h
 #include sys/socket.h
 #include sys/wait.h
@@ -435,9 +435,9 @@ ssh_userauth2(const char *local_user, co
 	/* tty allocated */
 	if ((options.none_switch == 1)  (options.none_enabled == 1)) 
 	{
-#ifdef notyet
 		if (!tty_flag) /* no null on tty sessions */
 		{
+			const char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 			debug(Requesting none rekeying...);
 			myproposal[PROPOSAL_ENC_ALGS_STOC] = none;
 			myproposal[PROPOSAL_ENC_ALGS_CTOS] = none;
@@ -451,7 +451,6 @@ ssh_userauth2(const char *local_user, co
 			debug(Cannot switch to NONE cipher with tty allocated);
 			fprintf(stderr, NONE cipher switch disabled when a TTY is allocated\n);
 		}
-#endif
 	}
 	debug(Authentication succeeded (%s)., authctxt.method-name);
 }

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sun Oct 19 16:31:47 UTC 2014

Added Files:
src/crypto/external/bsd/openssh/dist: bcrypt_pbkdf.c blf.h blowfish.c

Log Message:
add new files


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c \
src/crypto/external/bsd/openssh/dist/blf.h \
src/crypto/external/bsd/openssh/dist/blowfish.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c
diff -u /dev/null src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c:1.1
--- /dev/null	Sun Oct 19 12:31:47 2014
+++ src/crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c	Sun Oct 19 12:31:47 2014
@@ -0,0 +1,174 @@
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */
+/*
+ * Copyright (c) 2013 Ted Unangst t...@openbsd.org
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include includes.h
+__RCSID($NetBSD: bcrypt_pbkdf.c,v 1.1 2014/10/19 16:31:47 christos Exp $);
+
+#ifndef HAVE_BCRYPT_PBKDF
+
+#include sys/types.h
+#include sys/param.h
+
+#ifdef HAVE_STDLIB_H
+# include stdlib.h
+#endif
+#include string.h
+
+#ifdef HAVE_BLF_H
+# include blf.h
+#endif
+
+#include crypto_api.h
+#include stdio.h
+#include time.h
+#include misc.h
+#define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES
+
+/*
+ * pkcs #5 pbkdf2 implementation using the bcrypt hash
+ *
+ * The bcrypt hash function is derived from the bcrypt password hashing
+ * function with the following modifications:
+ * 1. The input password and salt are preprocessed with SHA512.
+ * 2. The output length is expanded to 256 bits.
+ * 3. Subsequently the magic string to be encrypted is lengthened and modifed
+ *to OxychromaticBlowfishSwatDynamite
+ * 4. The hash function is defined to perform 64 rounds of initial state
+ *expansion. (More rounds are performed by iterating the hash.)
+ *
+ * Note that this implementation pulls the SHA512 operations into the caller
+ * as a performance optimization.
+ *
+ * One modification from official pbkdf2. Instead of outputting key material
+ * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to
+ * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an
+ * attacker can merely run once through the outer loop below, but the user
+ * always runs it twice. Shuffling output bytes requires computing the
+ * entirety of the key material to assemble any subkey. This is something a
+ * wise caller could do; we just do it for you.
+ */
+
+#define BCRYPT_BLOCKS 8
+#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
+
+static void
+bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
+{
+	blf_ctx state;
+	u_int8_t ciphertext[BCRYPT_HASHSIZE] =
+	OxychromaticBlowfishSwatDynamite;
+	uint32_t cdata[BCRYPT_BLOCKS];
+	int i;
+	uint16_t j;
+	size_t shalen = SHA512_DIGEST_LENGTH;
+
+	/* key expansion */
+	Blowfish_initstate(state);
+	Blowfish_expandstate(state, sha2salt, shalen, sha2pass, shalen);
+	for (i = 0; i  64; i++) {
+		Blowfish_expand0state(state, sha2salt, shalen);
+		Blowfish_expand0state(state, sha2pass, shalen);
+	}
+
+	/* encryption */
+	j = 0;
+	for (i = 0; i  BCRYPT_BLOCKS; i++)
+		cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
+		j);
+	for (i = 0; i  64; i++)
+		blf_enc(state, cdata, sizeof(cdata) / sizeof(uint64_t));
+
+	/* copy out */
+	for (i = 0; i  BCRYPT_BLOCKS; i++) {
+		out[4 * i + 3] = (cdata[i]  24)  0xff;
+		out[4 * i + 2] = (cdata[i]  16)  0xff;
+		out[4 * i + 1] = (cdata[i]  8)  0xff;
+		out[4 * i + 0] = cdata[i]  0xff;
+	}
+
+	/* zap */
+	memset(ciphertext, 0, sizeof(ciphertext));
+	memset(cdata, 0, sizeof(cdata));
+	memset(state, 0, sizeof(state));
+}
+
+int
+bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
+u_int8_t *key, size_t keylen, unsigned int rounds)
+{
+	u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
+	u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
+	u_int8_t out[BCRYPT_HASHSIZE];
+	u_int8_t tmpout[BCRYPT_HASHSIZE];
+	u_int8_t *countsalt;
+	size_t i, j, amt, stride;
+	uint32_t count;
+
+	/* nothing crazy */
+	if (rounds  1)
+		return -1;
+	if (passlen == 0 || saltlen == 0 || keylen == 0 ||
+

CVS commit: src/crypto/external/bsd/openssh/dist

2014-10-14 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Oct 14 16:15:18 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: auth.c

Log Message:
for consistency use options.use_dns when getting the canonical hostname.
[we do the same below for hosts.allow and deny] reported by rudolf.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/auth.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/auth.c
diff -u src/crypto/external/bsd/openssh/dist/auth.c:1.8 src/crypto/external/bsd/openssh/dist/auth.c:1.9
--- src/crypto/external/bsd/openssh/dist/auth.c:1.8	Fri Nov  8 14:18:24 2013
+++ src/crypto/external/bsd/openssh/dist/auth.c	Tue Oct 14 12:15:18 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth.c,v 1.8 2013/11/08 19:18:24 christos Exp $	*/
+/*	$NetBSD: auth.c,v 1.9 2014/10/14 16:15:18 christos Exp $	*/
 /* $OpenBSD: auth.c,v 1.103 2013/05/19 02:42:42 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: auth.c,v 1.8 2013/11/08 19:18:24 christos Exp $);
+__RCSID($NetBSD: auth.c,v 1.9 2014/10/14 16:15:18 christos Exp $);
 #include sys/types.h
 #include sys/stat.h
 #include sys/param.h
@@ -101,7 +101,7 @@ allowed_user(struct passwd * pw)
 		return 0;
 
 #ifdef HAVE_LOGIN_CAP
-	hostname = get_canonical_hostname(1);
+	hostname = get_canonical_hostname(options.use_dns);
 	ipaddr = get_remote_ipaddr();
 
 	lc = login_getclass(pw-pw_class);

CVS commit: src/crypto/external/bsd/openssh/dist

2014-02-20 Thread Andreas Gustafsson 
Module Name:src
Committed By:   gson
Date:   Thu Feb 20 08:20:05 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: ssh.c

Log Message:
Don't print an empty line after the debug message Enabled Dynamic
Window Scaling.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/ssh.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/ssh.c
diff -u src/crypto/external/bsd/openssh/dist/ssh.c:1.13 src/crypto/external/bsd/openssh/dist/ssh.c:1.14
--- src/crypto/external/bsd/openssh/dist/ssh.c:1.13	Fri Nov  8 19:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/ssh.c	Thu Feb 20 08:20:05 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh.c,v 1.13 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: ssh.c,v 1.14 2014/02/20 08:20:05 gson Exp $	*/
 /* $OpenBSD: ssh.c,v 1.381 2013/07/25 00:29:10 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -42,7 +42,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: ssh.c,v 1.13 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: ssh.c,v 1.14 2014/02/20 08:20:05 gson Exp $);
 #include sys/types.h
 #include sys/param.h
 #include sys/ioctl.h
@@ -1456,7 +1456,7 @@ ssh_session2_open(void)
 
 	if ((options.tcp_rcv_buf_poll  0)  (!options.hpn_disabled)) {
 		c-dynamic_window = 1;
-		debug (Enabled Dynamic Window Scaling\n);
+		debug (Enabled Dynamic Window Scaling);
 	}
 	debug3(ssh_session2_open: channel_new: %d, c-self);

CVS commit: src/crypto/external/bsd/openssh/dist

2014-01-28 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Tue Jan 28 22:06:39 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
Mark a potentially unused variable (depending on #ifdef)


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.14 src/crypto/external/bsd/openssh/dist/servconf.c:1.15
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.14	Sun Dec 15 10:42:52 2013
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Tue Jan 28 22:06:39 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $	*/
+/*	$NetBSD: servconf.c,v 1.15 2014/01/28 22:06:39 martin Exp $	*/
 /* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland
@@ -12,7 +12,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $);
+__RCSID($NetBSD: servconf.c,v 1.15 2014/01/28 22:06:39 martin Exp $);
 #include sys/types.h
 #include sys/socket.h
 #include sys/queue.h
@@ -959,7 +959,7 @@ process_server_config_line(ServerOptions
 #ifdef WITH_LDAP_PUBKEY
  	unsigned long lvalue;
 #endif
-	time_t *timetptr;
+	time_t *timetptr __unused;
 	ServerOpCodes opcode;
 	u_int i, flags = 0;
 	size_t len;

CVS commit: src/crypto/external/bsd/openssh/dist

2014-01-06 Thread Joerg Sonnenberger 
Module Name:src
Committed By:   joerg
Date:   Tue Jan  7 02:13:39 UTC 2014

Modified Files:
src/crypto/external/bsd/openssh/dist: log.h

Log Message:
Format string checks for do_log.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssh/dist/log.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/log.h
diff -u src/crypto/external/bsd/openssh/dist/log.h:1.6 src/crypto/external/bsd/openssh/dist/log.h:1.7
--- src/crypto/external/bsd/openssh/dist/log.h:1.6	Fri Nov  8 19:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/log.h	Tue Jan  7 02:13:39 2014
@@ -1,4 +1,4 @@
-/*	$NetBSD: log.h,v 1.6 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: log.h,v 1.7 2014/01/07 02:13:39 joerg Exp $	*/
 /* $OpenBSD: log.h,v 1.20 2013/04/07 02:10:33 dtucker Exp $ */
 
 /*
@@ -71,6 +71,7 @@ void debug3(const char *, ...) __att
 void	 set_log_handler(log_handler_fn *, void *);
 void	 do_log2(LogLevel, const char *, ...)
 __attribute__((format(printf, 2, 3)));
-void	 do_log(LogLevel, const char *, va_list);
+void	 do_log(LogLevel, const char *, va_list)
+__attribute__((format(printf, 2, 0)));
 void	 cleanup_exit(int) __attribute__((noreturn));
 #endif

CVS commit: src/crypto/external/bsd/openssh/dist

2013-12-15 Thread S.P.Zeidler 
Module Name:src
Committed By:   spz
Date:   Sun Dec 15 10:42:52 UTC 2013

Modified Files:
src/crypto/external/bsd/openssh/dist: servconf.c

Log Message:
Coverity issues 996120 and 996121, Use after free

Use the M_CP_STROPT definition exclusive to servconf.c twice and
you have freed your original string.

servconf.h won copying authorized_keys_command and
authorized_keys_command_user in COPY_MATCH_STRING_OPTS in 1.107,
but servconf.c didn't drop its own, so it walks into this trap.
Remove the duplicate copies, and disarm the trap.

Note this is on a code path where authorized_keys_command and
authorized_keys_command_user don't actually get used except
for a debug dump of the config, and dump_cfg_string protects
itself against trying to print NULL pointers, so all
you get is sshd -T -C ... giving wrong results, which is rather
insignificant as far as security issues go.


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/servconf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/servconf.c
diff -u src/crypto/external/bsd/openssh/dist/servconf.c:1.13 src/crypto/external/bsd/openssh/dist/servconf.c:1.14
--- src/crypto/external/bsd/openssh/dist/servconf.c:1.13	Fri Nov  8 19:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/servconf.c	Sun Dec 15 10:42:52 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: servconf.c,v 1.13 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $	*/
 /* $OpenBSD: servconf.c,v 1.240 2013/07/19 07:37:48 markus Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen y...@cs.hut.fi, Espoo, Finland
@@ -12,7 +12,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: servconf.c,v 1.13 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: servconf.c,v 1.14 2013/12/15 10:42:52 spz Exp $);
 #include sys/types.h
 #include sys/socket.h
 #include sys/queue.h
@@ -2012,7 +2012,7 @@ int server_match_spec_complete(struct co
 		dst-n = src-n; \
 } while (0)
 #define M_CP_STROPT(n) do {\
-	if (src-n != NULL) { \
+	if (src-n != NULL  dst-n != src-n) { \
 		free(dst-n); \
 		dst-n = src-n; \
 	} \
@@ -2043,8 +2043,6 @@ copy_set_server_options(ServerOptions *d
 	M_CP_INTOPT(hostbased_uses_name_from_packet_only);
 	M_CP_INTOPT(kbd_interactive_authentication);
 	M_CP_INTOPT(zero_knowledge_password_authentication);
-	M_CP_STROPT(authorized_keys_command);
-	M_CP_STROPT(authorized_keys_command_user);
 	M_CP_INTOPT(permit_root_login);
 	M_CP_INTOPT(permit_empty_passwd);

CVS commit: src/crypto/external/bsd/openssh/dist

2013-12-03 Thread S.P.Zeidler 
Module Name:src
Committed By:   spz
Date:   Tue Dec  3 17:14:35 UTC 2013

Modified Files:
src/crypto/external/bsd/openssh/dist: monitor.c

Log Message:
Coverity fix:
979928 Use after free
debug3 line moved to before one of its arguments is freed


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/crypto/external/bsd/openssh/dist/monitor.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/monitor.c
diff -u src/crypto/external/bsd/openssh/dist/monitor.c:1.11 src/crypto/external/bsd/openssh/dist/monitor.c:1.12
--- src/crypto/external/bsd/openssh/dist/monitor.c:1.11	Fri Nov  8 19:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/monitor.c	Tue Dec  3 17:14:35 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: monitor.c,v 1.11 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: monitor.c,v 1.12 2013/12/03 17:14:35 spz Exp $	*/
 /* $OpenBSD: monitor.c,v 1.127 2013/07/19 07:37:48 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos pro...@citi.umich.edu
@@ -27,7 +27,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: monitor.c,v 1.11 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: monitor.c,v 1.12 2013/12/03 17:14:35 spz Exp $);
 #include sys/types.h
 #include sys/wait.h
 #include sys/socket.h
@@ -1181,6 +1181,9 @@ mm_answer_keyallowed(int sock, Buffer *m
 			break;
 		}
 	}
+	debug3(%s: key %p is %s,
+	__func__, key, allowed ? allowed : not allowed);
+
 	if (key != NULL)
 		key_free(key);
 
@@ -1202,9 +1205,6 @@ mm_answer_keyallowed(int sock, Buffer *m
 		free(chost);
 	}
 
-	debug3(%s: key %p is %s,
-	__func__, key, allowed ? allowed : not allowed);
-
 	buffer_clear(m);
 	buffer_put_int(m, allowed);
 	buffer_put_int(m, forced_command != NULL);

CVS commit: src/crypto/external/bsd/openssh/dist

2013-11-19 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Nov 19 16:58:16 UTC 2013

Modified Files:
src/crypto/external/bsd/openssh/dist: sftp-client.c

Log Message:
CID 1129615: close argument can't be negative


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/crypto/external/bsd/openssh/dist/sftp-client.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp-client.c
diff -u src/crypto/external/bsd/openssh/dist/sftp-client.c:1.10 src/crypto/external/bsd/openssh/dist/sftp-client.c:1.11
--- src/crypto/external/bsd/openssh/dist/sftp-client.c:1.10	Mon Nov 11 11:46:20 2013
+++ src/crypto/external/bsd/openssh/dist/sftp-client.c	Tue Nov 19 11:58:16 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp-client.c,v 1.10 2013/11/11 16:46:20 christos Exp $	*/
+/*	$NetBSD: sftp-client.c,v 1.11 2013/11/19 16:58:16 christos Exp $	*/
 /* $OpenBSD: sftp-client.c,v 1.101.2.1 2013/11/08 01:33:56 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org
@@ -22,7 +22,7 @@
 /* XXX: copy between two remote sites */
 
 #include includes.h
-__RCSID($NetBSD: sftp-client.c,v 1.10 2013/11/11 16:46:20 christos Exp $);
+__RCSID($NetBSD: sftp-client.c,v 1.11 2013/11/19 16:58:16 christos Exp $);
 #include sys/types.h
 #include sys/poll.h
 #include sys/queue.h
@@ -1069,7 +1069,8 @@ do_download(struct sftp_conn *conn, char
 			do_close(conn, handle, handle_len);
 			buffer_free(msg);
 			free(handle);
-			close(local_fd);
+			if (local_fd != -1)
+close(local_fd);
 			return -1;
 		}
 		offset = highwater = st.st_size;

CVS commit: src/crypto/external/bsd/openssh/dist

2013-11-11 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Nov 11 16:32:10 UTC 2013

Modified Files:
src/crypto/external/bsd/openssh/dist: key.c ssh-pkcs11-helper.c

Log Message:
CID-1128381: Avoid use after free


To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 src/crypto/external/bsd/openssh/dist/key.c
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/key.c
diff -u src/crypto/external/bsd/openssh/dist/key.c:1.13 src/crypto/external/bsd/openssh/dist/key.c:1.14
--- src/crypto/external/bsd/openssh/dist/key.c:1.13	Fri Nov  8 14:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/key.c	Mon Nov 11 11:32:10 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.13 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: key.c,v 1.14 2013/11/11 16:32:10 christos Exp $	*/
 /* $OpenBSD: key.c,v 1.104 2013/05/19 02:42:42 djm Exp $ */
 /*
  * read_bignum():
@@ -36,7 +36,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: key.c,v 1.13 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: key.c,v 1.14 2013/11/11 16:32:10 christos Exp $);
 #include sys/param.h
 #include sys/types.h
 
@@ -1512,6 +1512,8 @@ to_blob(const Key *key, u_char **blobp, 
 	Buffer b;
 	int len, type;
 
+	if (blobp)
+		*blobp = NULL;
 	if (key == NULL) {
 		error(key_to_blob: key == NULL);
 		return 0;

Index: src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c
diff -u src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.5 src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.6
--- src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c:1.5	Fri Nov  8 14:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c	Mon Nov 11 11:32:10 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-pkcs11-helper.c,v 1.5 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: ssh-pkcs11-helper.c,v 1.6 2013/11/11 16:32:10 christos Exp $	*/
 /* $OpenBSD: ssh-pkcs11-helper.c,v 1.6 2013/05/17 00:13:14 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
@@ -16,7 +16,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 #include includes.h
-__RCSID($NetBSD: ssh-pkcs11-helper.c,v 1.5 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: ssh-pkcs11-helper.c,v 1.6 2013/11/11 16:32:10 christos Exp $);
 
 #include sys/queue.h
 #include sys/types.h
@@ -124,7 +124,8 @@ process_add(void)
 		buffer_put_char(msg, SSH2_AGENT_IDENTITIES_ANSWER);
 		buffer_put_int(msg, nkeys);
 		for (i = 0; i  nkeys; i++) {
-			key_to_blob(keys[i], blob, blen);
+			if (key_to_blob(keys[i], blob, blen) == 0)
+continue;
 			buffer_put_string(msg, blob, blen);
 			buffer_put_cstring(msg, name);
 			free(blob);

CVS commit: src/crypto/external/bsd/openssh/dist

2013-11-11 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Nov 11 16:43:26 UTC 2013

Modified Files:
src/crypto/external/bsd/openssh/dist: sftp-client.c

Log Message:
CID 1092473: Fix file descriptor leak


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/crypto/external/bsd/openssh/dist/sftp-client.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/sftp-client.c
diff -u src/crypto/external/bsd/openssh/dist/sftp-client.c:1.8 src/crypto/external/bsd/openssh/dist/sftp-client.c:1.9
--- src/crypto/external/bsd/openssh/dist/sftp-client.c:1.8	Fri Nov  8 14:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/sftp-client.c	Mon Nov 11 11:43:26 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: sftp-client.c,v 1.8 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: sftp-client.c,v 1.9 2013/11/11 16:43:26 christos Exp $	*/
 /* $OpenBSD: sftp-client.c,v 1.101.2.1 2013/11/08 01:33:56 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller d...@openbsd.org
@@ -22,7 +22,7 @@
 /* XXX: copy between two remote sites */
 
 #include includes.h
-__RCSID($NetBSD: sftp-client.c,v 1.8 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: sftp-client.c,v 1.9 2013/11/11 16:43:26 christos Exp $);
 #include sys/types.h
 #include sys/poll.h
 #include sys/queue.h
@@ -1069,6 +1069,7 @@ do_download(struct sftp_conn *conn, char
 			do_close(conn, handle, handle_len);
 			buffer_free(msg);
 			free(handle);
+			close(local_fd);
 			return -1;
 		}
 		offset = highwater = st.st_size;

CVS commit: src/crypto/external/bsd/openssh/dist

2013-11-11 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Mon Nov 11 16:44:43 UTC 2013

Modified Files:
src/crypto/external/bsd/openssh/dist: serverloop.c

Log Message:
CID 1092495: Widen operation to prevent overflow


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/crypto/external/bsd/openssh/dist/serverloop.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssh/dist/serverloop.c
diff -u src/crypto/external/bsd/openssh/dist/serverloop.c:1.7 src/crypto/external/bsd/openssh/dist/serverloop.c:1.8
--- src/crypto/external/bsd/openssh/dist/serverloop.c:1.7	Fri Nov  8 14:18:25 2013
+++ src/crypto/external/bsd/openssh/dist/serverloop.c	Mon Nov 11 11:44:43 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: serverloop.c,v 1.7 2013/11/08 19:18:25 christos Exp $	*/
+/*	$NetBSD: serverloop.c,v 1.8 2013/11/11 16:44:43 christos Exp $	*/
 /* $OpenBSD: serverloop.c,v 1.168 2013/07/12 00:19:59 djm Exp $ */
 /*
  * Author: Tatu Ylonen y...@cs.hut.fi
@@ -37,7 +37,7 @@
  */
 
 #include includes.h
-__RCSID($NetBSD: serverloop.c,v 1.7 2013/11/08 19:18:25 christos Exp $);
+__RCSID($NetBSD: serverloop.c,v 1.8 2013/11/11 16:44:43 christos Exp $);
 #include sys/types.h
 #include sys/wait.h
 #include sys/socket.h
@@ -313,7 +313,7 @@ wait_until_can_do_something(fd_set **rea
 	if (compat20 
 	max_time_milliseconds == 0  options.client_alive_interval) {
 		client_alive_scheduled = 1;
-		max_time_milliseconds = options.client_alive_interval * 1000;
+		max_time_milliseconds = options.client_alive_interval * 1000ULL;
 	}
 
 	if (compat20) {

  1   2   >