Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssh merge conflicts.
details: https://anonhg.NetBSD.org/src/rev/1940380bab8f
branches: trunk
changeset: 816916:1940380bab8f
user: christos <christos%NetBSD.org@localhost>
date: Tue Aug 02 13:45:12 2016 +0000
description:
merge conflicts.
diffstat:
crypto/external/bsd/openssh/bin/ssh/Makefile | 5 +-
crypto/external/bsd/openssh/dist/PROTOCOL | 6 +-
crypto/external/bsd/openssh/dist/PROTOCOL.agent | 26 +-
crypto/external/bsd/openssh/dist/PROTOCOL.certkeys | 44 ++-
crypto/external/bsd/openssh/dist/auth-krb5.c | 7 +-
crypto/external/bsd/openssh/dist/auth-options.c | 18 +-
crypto/external/bsd/openssh/dist/auth-pam.c | 11 +-
crypto/external/bsd/openssh/dist/auth-passwd.c | 11 +-
crypto/external/bsd/openssh/dist/auth-rh-rsa.c | 15 +-
crypto/external/bsd/openssh/dist/auth-rhosts.c | 16 +-
crypto/external/bsd/openssh/dist/auth.c | 150 ++++++++-
crypto/external/bsd/openssh/dist/auth.h | 9 +-
crypto/external/bsd/openssh/dist/auth2-chall.c | 10 +-
crypto/external/bsd/openssh/dist/auth2-hostbased.c | 11 +-
crypto/external/bsd/openssh/dist/auth2.c | 13 +-
crypto/external/bsd/openssh/dist/authfile.c | 39 +-
crypto/external/bsd/openssh/dist/bufbn.c | 4 +-
crypto/external/bsd/openssh/dist/canohost.c | 96 +----
crypto/external/bsd/openssh/dist/canohost.h | 15 +-
crypto/external/bsd/openssh/dist/channels.c | 17 +-
crypto/external/bsd/openssh/dist/clientloop.c | 17 +-
crypto/external/bsd/openssh/dist/compat.c | 6 +-
crypto/external/bsd/openssh/dist/dh.c | 120 +++++-
crypto/external/bsd/openssh/dist/dh.h | 6 +-
crypto/external/bsd/openssh/dist/kex.c | 17 +-
crypto/external/bsd/openssh/dist/kex.h | 19 +-
crypto/external/bsd/openssh/dist/kexc25519.c | 8 +-
crypto/external/bsd/openssh/dist/kexc25519c.c | 6 +-
crypto/external/bsd/openssh/dist/kexc25519s.c | 8 +-
crypto/external/bsd/openssh/dist/kexdh.c | 13 +-
crypto/external/bsd/openssh/dist/kexdhc.c | 14 +-
crypto/external/bsd/openssh/dist/kexdhs.c | 15 +-
crypto/external/bsd/openssh/dist/kexgexs.c | 9 +-
crypto/external/bsd/openssh/dist/key.c | 9 +-
crypto/external/bsd/openssh/dist/log.c | 18 +-
crypto/external/bsd/openssh/dist/log.h | 6 +-
crypto/external/bsd/openssh/dist/mac.c | 27 +-
crypto/external/bsd/openssh/dist/mac.h | 6 +-
crypto/external/bsd/openssh/dist/misc.c | 141 +++++++-
crypto/external/bsd/openssh/dist/misc.h | 8 +-
crypto/external/bsd/openssh/dist/monitor.c | 40 +-
crypto/external/bsd/openssh/dist/monitor_fdpass.c | 12 +-
crypto/external/bsd/openssh/dist/monitor_wrap.c | 17 +-
crypto/external/bsd/openssh/dist/monitor_wrap.h | 12 +-
crypto/external/bsd/openssh/dist/mux.c | 17 +-
crypto/external/bsd/openssh/dist/myproposal.h | 10 +-
crypto/external/bsd/openssh/dist/opacket.h | 6 +-
crypto/external/bsd/openssh/dist/packet.c | 147 +++++---
crypto/external/bsd/openssh/dist/packet.h | 10 +-
crypto/external/bsd/openssh/dist/pathnames.h | 6 +-
crypto/external/bsd/openssh/dist/progressmeter.c | 25 +-
crypto/external/bsd/openssh/dist/readconf.c | 263 ++++++++++++++-
crypto/external/bsd/openssh/dist/readconf.h | 16 +-
crypto/external/bsd/openssh/dist/sandbox-systrace.c | 205 ------------
crypto/external/bsd/openssh/dist/scp.1 | 10 +-
crypto/external/bsd/openssh/dist/scp.c | 58 ++-
crypto/external/bsd/openssh/dist/servconf.c | 65 +++-
crypto/external/bsd/openssh/dist/serverloop.c | 46 +-
crypto/external/bsd/openssh/dist/session.c | 79 +++-
crypto/external/bsd/openssh/dist/session.h | 6 +-
crypto/external/bsd/openssh/dist/sftp-client.c | 19 +-
crypto/external/bsd/openssh/dist/sftp.1 | 10 +-
crypto/external/bsd/openssh/dist/sftp.c | 82 ++--
crypto/external/bsd/openssh/dist/ssh-agent.c | 23 +-
crypto/external/bsd/openssh/dist/ssh-dss.c | 10 +-
crypto/external/bsd/openssh/dist/ssh-ecdsa.c | 10 +-
crypto/external/bsd/openssh/dist/ssh-ed25519.c | 7 +-
crypto/external/bsd/openssh/dist/ssh-keygen.1 | 14 +-
crypto/external/bsd/openssh/dist/ssh-keygen.c | 23 +-
crypto/external/bsd/openssh/dist/ssh-keyscan.c | 10 +-
crypto/external/bsd/openssh/dist/ssh-rsa.c | 10 +-
crypto/external/bsd/openssh/dist/ssh.1 | 35 +-
crypto/external/bsd/openssh/dist/ssh.c | 145 ++++++--
crypto/external/bsd/openssh/dist/ssh1.h | 5 +-
crypto/external/bsd/openssh/dist/ssh2.h | 8 +-
crypto/external/bsd/openssh/dist/ssh_api.c | 14 +-
crypto/external/bsd/openssh/dist/ssh_config.5 | 79 ++++-
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c | 6 +-
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c | 2 +-
crypto/external/bsd/openssh/dist/sshbuf-misc.c | 27 +-
crypto/external/bsd/openssh/dist/sshbuf.h | 9 +-
crypto/external/bsd/openssh/dist/sshconnect1.c | 20 +-
crypto/external/bsd/openssh/dist/sshconnect2.c | 106 ++---
crypto/external/bsd/openssh/dist/sshd.c | 186 +++++++---
crypto/external/bsd/openssh/dist/sshd_config | 5 +-
crypto/external/bsd/openssh/dist/sshd_config.5 | 30 +-
crypto/external/bsd/openssh/dist/sshkey.c | 49 +-
crypto/external/bsd/openssh/dist/sshkey.h | 4 +-
crypto/external/bsd/openssh/dist/ttymodes.c | 7 +-
crypto/external/bsd/openssh/dist/ttymodes.h | 7 +-
crypto/external/bsd/openssh/dist/utf8.c | 6 +
crypto/external/bsd/openssh/dist/version.h | 8 +-
crypto/external/bsd/openssh/lib/Makefile | 3 +-
crypto/external/bsd/openssh/lib/shlib_version | 4 +-
94 files changed, 1946 insertions(+), 1083 deletions(-)
diffs (truncated from 7271 to 300 lines):
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/bin/ssh/Makefile
--- a/crypto/external/bsd/openssh/bin/ssh/Makefile Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/bin/ssh/Makefile Tue Aug 02 13:45:12 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.9 2016/01/14 22:30:04 christos Exp $
+# $NetBSD: Makefile,v 1.10 2016/08/02 13:45:12 christos Exp $
.include <bsd.own.mk>
@@ -6,8 +6,9 @@
PROG= ssh
SRCS= ssh.c readconf.c clientloop.c sshtty.c \
- sshconnect.c sshconnect1.c sshconnect2.c mux.c
+ sshconnect.c sshconnect1.c sshconnect2.c mux.c auth.c
+COPTS.auth.c= -DHOST_ONLY
COPTS.sshconnect1.c= -fno-strict-aliasing
COPTS.mux.c= -Wno-pointer-sign
COPTS.sshconnect2.c= -Wno-pointer-sign
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/dist/PROTOCOL
--- a/crypto/external/bsd/openssh/dist/PROTOCOL Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL Tue Aug 02 13:45:12 2016 +0000
@@ -247,6 +247,8 @@
uint32 initial window size
uint32 maximum packet size
string socket path
+ string reserved
+ uint32 reserved
Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
server when the client has previously send the server a streamlocal-forward
@@ -452,5 +454,5 @@
This extension is advertised in the SSH_FXP_VERSION hello with version
"1".
-$OpenBSD: PROTOCOL,v 1.29 2015/07/17 03:09:19 djm Exp $
-$NetBSD: PROTOCOL,v 1.7 2015/08/13 10:33:21 christos Exp $
+$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $
+$NetBSD: PROTOCOL,v 1.8 2016/08/02 13:45:12 christos Exp $
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/dist/PROTOCOL.agent
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.agent Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.agent Tue Aug 02 13:45:12 2016 +0000
@@ -206,6 +206,28 @@
string key_comment
constraint[] key_constraints
+ED25519 keys may be added using the following request
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-ed25519"
+ string ed25519_public_key
+ string ed25519_private_key || ed25519_public_key
+ string key_comment
+ constraint[] key_constraints
+
+ED25519 certificates may be added with:
+ byte SSH2_AGENTC_ADD_IDENTITY or
+ SSH2_AGENTC_ADD_ID_CONSTRAINED
+ string "ssh-ed25519-cert-v01%openssh.com@localhost"
+ string certificate
+ string ed25519_public_key
+ string ed25519_private_key || ed25519_public_key
+ string key_comment
+ constraint[] key_constraints
+
+For both ssh-ed25519 and ssh-ed25519-cert-v01%openssh.com@localhost keys, the private
+key has the public key appended (for historical reasons).
+
RSA keys may be added with this request:
byte SSH2_AGENTC_ADD_IDENTITY or
@@ -557,5 +579,5 @@
SSH_AGENT_CONSTRAIN_LIFETIME 1
SSH_AGENT_CONSTRAIN_CONFIRM 2
-$OpenBSD: PROTOCOL.agent,v 1.8 2015/05/08 03:56:51 djm Exp $
-$NetBSD: PROTOCOL.agent,v 1.6 2015/07/03 00:59:59 christos Exp $
+$OpenBSD: PROTOCOL.agent,v 1.11 2016/05/19 07:45:32 djm Exp $
+$NetBSD: PROTOCOL.agent,v 1.7 2016/08/02 13:45:12 christos Exp $
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/dist/PROTOCOL.certkeys
--- a/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys Tue Aug 02 13:45:12 2016 +0000
@@ -100,9 +100,9 @@
ECDSA certificate
- string "ecdsa-sha2-nistp256%openssh.com@localhost" |
- "ecdsa-sha2-nistp384%openssh.com@localhost" |
- "ecdsa-sha2-nistp521%openssh.com@localhost"
+ string "ecdsa-sha2-nistp256-v01%openssh.com@localhost" |
+ "ecdsa-sha2-nistp384-v01%openssh.com@localhost" |
+ "ecdsa-sha2-nistp521-v01%openssh.com@localhost"
string nonce
string curve
string public_key
@@ -118,6 +118,23 @@
string signature key
string signature
+ED25519 certificate
+
+ string "ssh-ed25519-cert-v01%openssh.com@localhost"
+ string nonce
+ string pk
+ uint64 serial
+ uint32 type
+ string key id
+ string valid principals
+ uint64 valid after
+ uint64 valid before
+ string critical options
+ string extensions
+ string reserved
+ string signature key
+ string signature
+
The nonce field is a CA-provided random bitstring of arbitrary length
(but typically 16 or 32 bytes) included to make attacks that depend on
inducing collisions in the signature hash infeasible.
@@ -129,6 +146,9 @@
curve and public key are respectively the ECDSA "[identifier]" and "Q"
defined in section 3.1 of RFC5656.
+pk is the encoded Ed25519 public key as defined by
+draft-josefsson-eddsa-ed25519-03.
+
serial is an optional certificate serial number set by the CA to
provide an abbreviated way to refer to certificates from that CA.
If a CA does not wish to number its certificates it must set this
@@ -146,7 +166,7 @@
certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
zero-length "valid principals" field means the certificate is valid for
-any principal of the specified type. XXX DNS wildcards?
+any principal of the specified type.
"valid after" and "valid before" specify a validity period for the
certificate. Each represents a time in seconds since 1970-01-01
@@ -183,7 +203,7 @@
up to, and including the signature key. Signatures are computed and
encoded according to the rules defined for the CA's public key algorithm
(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
-types).
+types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
Critical options
----------------
@@ -203,8 +223,9 @@
"critical", if an implementation does not recognise a option
then the validating party should refuse to accept the certificate.
-The supported options and the contents and structure of their
-data fields are:
+No critical options are defined for host certificates at present. The
+supported user certificate options and the contents and structure of
+their data fields are:
Name Format Description
-----------------------------------------------------------------------------
@@ -233,8 +254,9 @@
If an implementation does not recognise an extension, then it should
ignore it.
-The supported extensions and the contents and structure of their data
-fields are:
+No extensions are defined for host certificates at present. The
+supported user certificate extensions and the contents and structure of
+their data fields are:
Name Format Description
-----------------------------------------------------------------------------
@@ -262,5 +284,5 @@
of this script will not be permitted if
this option is not present.
-$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $
-$NetBSD: PROTOCOL.certkeys,v 1.5 2015/04/03 23:58:19 christos Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $
+$NetBSD: PROTOCOL.certkeys,v 1.6 2016/08/02 13:45:12 christos Exp $
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/dist/auth-krb5.c
--- a/crypto/external/bsd/openssh/dist/auth-krb5.c Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-krb5.c Tue Aug 02 13:45:12 2016 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: auth-krb5.c,v 1.8 2016/03/11 01:55:00 christos Exp $ */
-/* $OpenBSD: auth-krb5.c,v 1.21 2016/01/27 06:44:58 djm Exp $ */
+/* $NetBSD: auth-krb5.c,v 1.9 2016/08/02 13:45:12 christos Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.22 2016/05/04 14:22:33 markus Exp $ */
/*
* Kerberos v5 authentication and ticket-passing routines.
@@ -31,7 +31,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-krb5.c,v 1.8 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: auth-krb5.c,v 1.9 2016/08/02 13:45:12 christos Exp $");
#include <sys/types.h>
#include <pwd.h>
#include <stdarg.h>
@@ -39,7 +39,6 @@
#include "xmalloc.h"
#include "ssh.h"
-#include "ssh1.h"
#include "packet.h"
#include "log.h"
#include "buffer.h"
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/dist/auth-options.c
--- a/crypto/external/bsd/openssh/dist/auth-options.c Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-options.c Tue Aug 02 13:45:12 2016 +0000
@@ -1,6 +1,5 @@
-/* $NetBSD: auth-options.c,v 1.12 2016/03/11 01:55:00 christos Exp $ */
-/* $OpenBSD: auth-options.c,v 1.70 2015/12/10 17:08:40 mmcc Exp $ */
-
+/* $NetBSD: auth-options.c,v 1.13 2016/08/02 13:45:12 christos Exp $ */
+/* $OpenBSD: auth-options.c,v 1.71 2016/03/07 19:02:43 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
* Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -13,7 +12,7 @@
*/
#include "includes.h"
-__RCSID("$NetBSD: auth-options.c,v 1.12 2016/03/11 01:55:00 christos Exp $");
+__RCSID("$NetBSD: auth-options.c,v 1.13 2016/08/02 13:45:12 christos Exp $");
#include <sys/types.h>
#include <sys/queue.h>
@@ -31,6 +30,7 @@
#include "ssherr.h"
#include "log.h"
#include "canohost.h"
+#include "packet.h"
#include "sshbuf.h"
#include "misc.h"
#include "channels.h"
@@ -123,6 +123,7 @@
auth_parse_options(struct passwd *pw, const char *opts, const char *file,
u_long linenum)
{
+ struct ssh *ssh = active_state; /* XXX */
const char *cp;
int i, r;
@@ -276,9 +277,9 @@
}
cp = "from=\"";
if (strncasecmp(opts, cp, strlen(cp)) == 0) {
- const char *remote_ip = get_remote_ipaddr();
- const char *remote_host = get_canonical_hostname(
- options.use_dns);
+ const char *remote_ip = ssh_remote_ipaddr(ssh);
+ const char *remote_host = auth_get_canonical_hostname(
+ ssh, options.use_dns);
char *patterns = xmalloc(strlen(opts) + 1);
opts += strlen(cp);
@@ -460,6 +461,7 @@
char **cert_forced_command,
int *cert_source_address_done)
{
+ struct ssh *ssh = active_state; /* XXX */
char *command, *allowed;
const char *remote_ip;
char *name = NULL;
@@ -533,7 +535,7 @@
free(allowed);
goto out;
}
- remote_ip = get_remote_ipaddr();
+ remote_ip = ssh_remote_ipaddr(ssh);
result = addr_match_cidr_list(remote_ip,
allowed);
free(allowed);
diff -r f6d3db70c406 -r 1940380bab8f crypto/external/bsd/openssh/dist/auth-pam.c
--- a/crypto/external/bsd/openssh/dist/auth-pam.c Tue Aug 02 13:30:06 2016 +0000
+++ b/crypto/external/bsd/openssh/dist/auth-pam.c Tue Aug 02 13:45:12 2016 +0000
@@ -50,7 +50,7 @@
/*
* NetBSD local changes
*/
-__RCSID("$NetBSD: auth-pam.c,v 1.8 2016/01/23 00:03:30 christos Exp $");
+__RCSID("$NetBSD: auth-pam.c,v 1.9 2016/08/02 13:45:12 christos Exp $");
#undef USE_POSIX_THREADS /* Not yet */
#define HAVE_SECURITY_PAM_APPL_H
#define HAVE_PAM_GETENVLIST
@@ -108,6 +108,8 @@
#include "packet.h"
#include "misc.h"
#include "servconf.h"
+#include "channels.h"
+#include "session.h"
#include "ssh2.h"
#include "auth-options.h"
#ifdef GSSAPI
@@ -640,6 +642,7 @@
{
const char *pam_rhost, *pam_user, *user = authctxt->user;
const char **ptr_pam_user = &pam_user;
Home |
Main Index |
Thread Index |
Old Index