svn commit: r226046 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/usr.sbin/sshd

Dag-Erling Smorgrav des at FreeBSD.org
Wed Oct 5 22:08:18 UTC 2011


Author: des
Date: Wed Oct  5 22:08:17 2011
New Revision: 226046
URL: http://svn.freebsd.org/changeset/base/226046

Log:
  Upgrade to OpenSSH 5.9p1.
  
  MFC after:	3 months

Added:
  head/crypto/openssh/sandbox-darwin.c
     - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-darwin.c
  head/crypto/openssh/sandbox-null.c
     - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-null.c
  head/crypto/openssh/sandbox-rlimit.c
     - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-rlimit.c
  head/crypto/openssh/sandbox-systrace.c
     - copied unchanged from r225834, vendor-crypto/openssh/dist/sandbox-systrace.c
  head/crypto/openssh/ssh-sandbox.h
     - copied unchanged from r225834, vendor-crypto/openssh/dist/ssh-sandbox.h
Deleted:
  head/crypto/openssh/WARNING.RNG
  head/crypto/openssh/ssh-rand-helper.8
  head/crypto/openssh/ssh-rand-helper.c
Modified:
  head/crypto/openssh/ChangeLog
  head/crypto/openssh/INSTALL
  head/crypto/openssh/PROTOCOL.mux
  head/crypto/openssh/README
  head/crypto/openssh/aclocal.m4
  head/crypto/openssh/audit-linux.c   (contents, props changed)
  head/crypto/openssh/auth-rsa.c
  head/crypto/openssh/auth-skey.c
  head/crypto/openssh/auth.c
  head/crypto/openssh/auth.h
  head/crypto/openssh/auth2-gss.c
  head/crypto/openssh/auth2-pubkey.c
  head/crypto/openssh/auth2.c
  head/crypto/openssh/authfd.c
  head/crypto/openssh/authfile.c
  head/crypto/openssh/authfile.h
  head/crypto/openssh/channels.c
  head/crypto/openssh/channels.h
  head/crypto/openssh/clientloop.c
  head/crypto/openssh/clientloop.h
  head/crypto/openssh/config.guess
  head/crypto/openssh/config.h
  head/crypto/openssh/config.h.in
  head/crypto/openssh/defines.h
  head/crypto/openssh/entropy.c
  head/crypto/openssh/gss-serv.c
  head/crypto/openssh/key.c
  head/crypto/openssh/log.c
  head/crypto/openssh/log.h
  head/crypto/openssh/mac.c
  head/crypto/openssh/misc.c
  head/crypto/openssh/misc.h
  head/crypto/openssh/moduli.5
  head/crypto/openssh/monitor.c
  head/crypto/openssh/monitor.h
  head/crypto/openssh/monitor_wrap.c
  head/crypto/openssh/monitor_wrap.h
  head/crypto/openssh/mux.c
  head/crypto/openssh/myproposal.h
  head/crypto/openssh/openbsd-compat/bsd-cygwin_util.c
  head/crypto/openssh/openbsd-compat/bsd-cygwin_util.h
  head/crypto/openssh/openbsd-compat/openssl-compat.c
  head/crypto/openssh/openbsd-compat/openssl-compat.h
  head/crypto/openssh/openbsd-compat/port-linux.c
  head/crypto/openssh/openbsd-compat/port-linux.h
  head/crypto/openssh/packet.c
  head/crypto/openssh/packet.h
  head/crypto/openssh/pathnames.h
  head/crypto/openssh/readconf.c
  head/crypto/openssh/readconf.h
  head/crypto/openssh/servconf.c
  head/crypto/openssh/servconf.h
  head/crypto/openssh/serverloop.c
  head/crypto/openssh/session.c
  head/crypto/openssh/sftp-server.c
  head/crypto/openssh/sftp.1
  head/crypto/openssh/ssh-add.c
  head/crypto/openssh/ssh-agent.c
  head/crypto/openssh/ssh-keygen.1
  head/crypto/openssh/ssh-keygen.c
  head/crypto/openssh/ssh-keyscan.c
  head/crypto/openssh/ssh-keysign.c
  head/crypto/openssh/ssh-pkcs11-helper.c
  head/crypto/openssh/ssh-pkcs11.c
  head/crypto/openssh/ssh.1
  head/crypto/openssh/ssh.c
  head/crypto/openssh/ssh_config
  head/crypto/openssh/ssh_config.5
  head/crypto/openssh/ssh_namespace.h
  head/crypto/openssh/sshconnect.c
  head/crypto/openssh/sshconnect2.c
  head/crypto/openssh/sshd.8
  head/crypto/openssh/sshd.c
  head/crypto/openssh/sshd_config
  head/crypto/openssh/sshd_config.5
  head/crypto/openssh/version.h
  head/secure/usr.sbin/sshd/Makefile
Directory Properties:
  head/crypto/openssh/   (props changed)
  head/crypto/openssh/bufec.c   (props changed)
  head/crypto/openssh/kexecdh.c   (props changed)
  head/crypto/openssh/kexecdhc.c   (props changed)
  head/crypto/openssh/kexecdhs.c   (props changed)
  head/crypto/openssh/openbsd-compat/charclass.h   (props changed)
  head/crypto/openssh/openbsd-compat/sha2.c   (props changed)
  head/crypto/openssh/openbsd-compat/sha2.h   (props changed)
  head/crypto/openssh/openbsd-compat/strptime.c   (props changed)
  head/crypto/openssh/openbsd-compat/timingsafe_bcmp.c   (props changed)
  head/crypto/openssh/ssh-ecdsa.c   (props changed)

Modified: head/crypto/openssh/ChangeLog
==============================================================================
--- head/crypto/openssh/ChangeLog	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/ChangeLog	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,13 +1,463 @@
-20110403
+20110906
+ - (djm) [README version.h] Correct version
+ - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
+ - (djm) Respin OpenSSH-5.9p1 release
+
+20110905
  - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
-   [contrib/suse/openssh.spec] Prepare for 5.8p2 release.
- - (djm) [version.h] crank version
- - Release 5.8p2
-
-20110329
- - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
-   noticed by tmraz AT redhat.com
- 
+   [contrib/suse/openssh.spec] Update version numbers.
+
+20110904
+ - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
+   regress errors for the sandbox to warnings. ok tim dtucker
+ - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
+   ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
+   support.
+
+20110829
+ - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
+   to switch SELinux context away from unconfined_t, based on patch from
+   Jan Chadima; bz#1919 ok dtucker@
+
+20110827
+ - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
+
+20110818
+ - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
+
+20110817
+ - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
+   OpenSSL 0.9.7. ok djm
+ - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
+   binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
+ - (djm) [configure.ac] error out if the host lacks the necessary bits for
+   an explicitly requested sandbox type
+ - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
+   bisson AT archlinux.org
+ - (djm) OpenBSD CVS Sync
+   - dtucker at cvs.openbsd.org 2011/06/03 05:35:10
+     [regress/cfgmatch.sh]
+     use OBJ to find test configs, patch from Tim Rice
+   - markus at cvs.openbsd.org 2011/06/30 22:44:43
+     [regress/connect-privsep.sh]
+     test with sandbox enabled; ok djm@
+   - djm at cvs.openbsd.org 2011/08/02 01:23:41
+     [regress/cipher-speed.sh regress/try-ciphers.sh]
+     add SHA256/SHA512 based HMAC modes
+ - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
+   MAC tests for platforms that hack EVP_SHA2 support
+
+20110812
+ - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
+   change error by reporting old and new context names  Patch from
+   jchadima at redhat.
+ - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
+   [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
+   init scrips from imorgan AT nas.nasa.gov; bz#1920
+ - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
+   identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
+   AT gmail.com; ok dtucker@
+
+20110807
+ - (dtucker) OpenBSD CVS Sync
+   - jmc at cvs.openbsd.org 2008/06/26 06:59:39
+     [moduli.5]
+     tweak previous;
+   - sobrado at cvs.openbsd.org 2009/10/28 08:56:54
+     [moduli.5]
+     "Diffie-Hellman" is the usual spelling for the cryptographic protocol
+     first published by Whitfield Diffie and Martin Hellman in 1976.
+     ok jmc@
+   - jmc at cvs.openbsd.org 2010/10/14 20:41:28
+     [moduli.5]
+     probabalistic -> probabilistic; from naddy
+   - dtucker at cvs.openbsd.org 2011/08/07 12:55:30
+     [sftp.1]
+     typo, fix from Laurent Gautrot
+
+20110805
+ - OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/06/23 23:35:42
+     [monitor.c]
+     ignore EINTR errors from poll()
+   - tedu at cvs.openbsd.org 2011/07/06 18:09:21
+     [authfd.c]
+     bzero the agent address.  the kernel was for a while very cranky about
+     these things.  evne though that's fixed, always good to initialize
+     memory.  ok deraadt djm
+   - djm at cvs.openbsd.org 2011/07/29 14:42:45
+     [sandbox-systrace.c]
+     fail open(2) with EPERM rather than SIGKILLing the whole process. libc
+     will call open() to do strerror() when NLS is enabled;
+     feedback and ok markus@
+   - markus at cvs.openbsd.org 2011/08/01 19:18:15
+     [gss-serv.c]
+     prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
+     report Adam Zabrock; ok djm@, deraadt@
+   - djm at cvs.openbsd.org 2011/08/02 01:22:11
+     [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
+     Add new SHA256 and SHA512 based HMAC modes from
+     http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
+     Patch from mdb AT juniper.net; feedback and ok markus@
+   - djm at cvs.openbsd.org 2011/08/02 23:13:01
+     [version.h]
+     crank now, release later
+   - djm at cvs.openbsd.org 2011/08/02 23:15:03
+     [ssh.c]
+     typo in comment
+
+20110624
+ - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
+   Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
+   markus@
+
+20110623
+ - OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/06/22 21:47:28
+     [servconf.c]
+     reuse the multistate option arrays to pretty-print options for "sshd -T"
+   - djm at cvs.openbsd.org 2011/06/22 21:57:01
+     [servconf.c servconf.h sshd.c sshd_config.5]
+     [configure.ac Makefile.in]
+     introduce sandboxing of the pre-auth privsep child using systrace(4).
+     
+     This introduces a new "UsePrivilegeSeparation=sandbox" option for
+     sshd_config that applies mandatory restrictions on the syscalls the
+     privsep child can perform. This prevents a compromised privsep child
+     from being used to attack other hosts (by opening sockets and proxying)
+     or probing local kernel attack surface.
+     
+     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
+     mode, where a list of permitted syscalls is supplied. Any syscall not
+     on the list results in SIGKILL being sent to the privsep child. Note
+     that this requires a kernel with the new SYSTR_POLICY_KILL option.
+     
+     UsePrivilegeSeparation=sandbox will become the default in the future
+     so please start testing it now.
+     
+     feedback dtucker@; ok markus@
+   - djm at cvs.openbsd.org 2011/06/22 22:08:42
+     [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
+     hook up a channel confirm callback to warn the user then requested X11
+     forwarding was refused by the server; ok markus@
+   - djm at cvs.openbsd.org 2011/06/23 09:34:13
+     [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
+     [sandbox-null.c]
+     rename sandbox.h => ssh-sandbox.h to make things easier for portable
+ - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
+   setrlimit(2)
+
+20110620
+ - OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/06/04 00:10:26
+     [ssh_config.5]
+     explain IdentifyFile's semantics a little better, prompted by bz#1898
+     ok dtucker jmc
+   - markus at cvs.openbsd.org 2011/06/14 22:49:18
+     [authfile.c]
+     make sure key_parse_public/private_rsa1() no longer consumes its input
+     buffer.  fixes ssh-add for passphrase-protected ssh1-keys;
+     noted by naddy@; ok djm@
+   - djm at cvs.openbsd.org 2011/06/17 21:44:31
+     [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
+     make the pre-auth privsep slave log via a socketpair shared with the
+     monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
+   - djm at cvs.openbsd.org 2011/06/17 21:46:16
+     [sftp-server.c]
+     the protocol version should be unsigned; bz#1913 reported by mb AT
+     smartftp.com
+   - djm at cvs.openbsd.org 2011/06/17 21:47:35
+     [servconf.c]
+     factor out multi-choice option parsing into a parse_multistate label
+     and some support structures; ok dtucker@
+   - djm at cvs.openbsd.org 2011/06/17 21:57:25
+     [clientloop.c]
+     setproctitle for a mux master that has been gracefully stopped;
+     bz#1911 from Bert.Wesarg AT googlemail.com
+
+20110603
+ - (dtucker) [README version.h contrib/caldera/openssh.spec
+   contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
+   bumps from the 5.8p2 branch into HEAD.  ok djm.
+ - (tim) [configure.ac defines.h] Run test program to detect system mail
+   directory. Add --with-maildir option to override. Fixed OpenServer 6
+   getting it wrong. Fixed many systems having MAIL=/var/mail//username
+   ok dtucker
+ - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case.  We use socketpair
+   unconditionally in other places and the survey data we have does not show
+   any systems that use it.  "nuke it" djm@
+ - (djm) [configure.ac] enable setproctitle emulation for OS X
+ - (djm) OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/06/03 00:54:38
+     [ssh.c]
+     bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
+     AT googlemail.com; ok dtucker@
+     NB. includes additional portability code to enable setproctitle emulation
+     on platforms that don't support it.
+   - dtucker at cvs.openbsd.org 2011/06/03 01:37:40
+     [ssh-agent.c]
+     Check current parent process ID against saved one to determine if the parent
+     has exited, rather than attempting to send a zero signal, since the latter
+     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
+     Gillmor, ok djm@
+    - dtucker at cvs.openbsd.org 2011/05/31 02:01:58
+     [regress/dynamic-forward.sh]
+     back out revs 1.6 and 1.5 since it's not reliable
+   - dtucker at cvs.openbsd.org 2011/05/31 02:03:34
+     [regress/dynamic-forward.sh]
+     work around startup and teardown races; caught by deraadt
+   - dtucker at cvs.openbsd.org 2011/06/03 00:29:52
+     [regress/dynamic-forward.sh]
+     Retry establishing the port forwarding after a small delay, should make
+     the tests less flaky when the previous test is slow to shut down and free
+     up the port.
+ - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
+
+20110529
+ - (djm) OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/05/23 03:30:07
+     [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
+     [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
+     allow AuthorizedKeysFile to specify multiple files, separated by spaces.
+     Bring back authorized_keys2 as a default search path (to avoid breaking
+     existing users of this file), but override this in sshd_config so it will
+     be no longer used on fresh installs. Maybe in 2015 we can remove it
+     entierly :)
+     
+     feedback and ok markus@ dtucker@
+   - djm at cvs.openbsd.org 2011/05/23 03:33:38
+     [auth.c]
+     make secure_filename() spam debug logs less
+   - djm at cvs.openbsd.org 2011/05/23 03:52:55
+     [sshconnect.c]
+     remove extra newline
+   - jmc at cvs.openbsd.org 2011/05/23 07:10:21
+     [sshd.8 sshd_config.5]
+     tweak previous; ok djm
+   - djm at cvs.openbsd.org 2011/05/23 07:24:57
+     [authfile.c]
+     read in key comments for v.2 keys (though note that these are not
+     passed over the agent protocol); bz#439, based on patch from binder
+     AT arago.de; ok markus@
+   - djm at cvs.openbsd.org 2011/05/24 07:15:47
+     [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
+     Remove undocumented legacy options UserKnownHostsFile2 and
+     GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
+     accept multiple paths per line and making their defaults include
+     known_hosts2; ok markus
+   - djm at cvs.openbsd.org 2011/05/23 03:31:31
+     [regress/cfgmatch.sh]
+     include testing of multiple/overridden AuthorizedKeysFiles
+     refactor to simply daemon start/stop and get rid of racy constructs
+
+20110520
+ - (djm) [session.c] call setexeccon() before executing passwd for pw
+   changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
+ - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
+   options, we should corresponding -W-option when trying to determine
+   whether it is accepted.  Also includes a warning fix on the program
+   fragment uses (bad main() return type).
+   bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
+ - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
+ - OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/05/15 08:09:01
+     [authfd.c monitor.c serverloop.c]
+     use FD_CLOEXEC consistently; patch from zion AT x96.org
+   - djm at cvs.openbsd.org 2011/05/17 07:13:31
+     [key.c]
+     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+     and fix the regress test that was trying to generate them :)
+   - djm at cvs.openbsd.org 2011/05/20 00:55:02
+     [servconf.c]
+     the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
+     and AuthorizedPrincipalsFile were not being correctly applied in
+     Match blocks, despite being overridable there; ok dtucker@
+   - dtucker at cvs.openbsd.org 2011/05/20 02:00:19
+     [servconf.c]
+     Add comment documenting what should be after the preauth check.  ok djm
+   - djm at cvs.openbsd.org 2011/05/20 03:25:45
+     [monitor.c monitor_wrap.c servconf.c servconf.h]
+     use a macro to define which string options to copy between configs
+     for Match. This avoids problems caused by forgetting to keep three
+     code locations in perfect sync and ordering
+     
+     "this is at once beautiful and horrible" + ok dtucker@
+   - djm at cvs.openbsd.org 2011/05/17 07:13:31
+     [regress/cert-userkey.sh]
+     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
+     and fix the regress test that was trying to generate them :)
+   - djm at cvs.openbsd.org 2011/05/20 02:43:36
+     [cert-hostkey.sh]
+     another attempt to generate a v00 ECDSA key that broke the test
+     ID sync only - portable already had this somehow
+   - dtucker at cvs.openbsd.org 2011/05/20 05:19:50
+     [dynamic-forward.sh]
+     Prevent races in dynamic forwarding test; ok djm
+   - dtucker at cvs.openbsd.org 2011/05/20 06:32:30
+     [dynamic-forward.sh]
+     fix dumb error in dynamic-forward test
+
+20110515
+ - (djm) OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/05/05 05:12:08
+     [mux.c]
+     gracefully fall back when ControlPath is too large for a
+     sockaddr_un. ok markus@ as part of a larger diff
+   - dtucker at cvs.openbsd.org 2011/05/06 01:03:35
+     [sshd_config]
+     clarify language about overriding defaults.  bz#1892, from Petr Cerny
+   - djm at cvs.openbsd.org 2011/05/06 01:09:53
+     [sftp.1]
+     mention that IPv6 addresses must be enclosed in square brackets;
+     bz#1845
+   - djm at cvs.openbsd.org 2011/05/06 02:05:41
+     [sshconnect2.c]
+     fix memory leak; bz#1849 ok dtucker@
+   - djm at cvs.openbsd.org 2011/05/06 21:14:05
+     [packet.c packet.h]
+     set traffic class for IPv6 traffic as we do for IPv4 TOS;
+     patch from lionel AT mamane.lu via Colin Watson in bz#1855;
+     ok markus@
+   - djm at cvs.openbsd.org 2011/05/06 21:18:02
+     [ssh.c ssh_config.5]
+     add a %L expansion (short-form of the local host name) for ControlPath;
+     sync some more expansions with LocalCommand; ok markus@
+   - djm at cvs.openbsd.org 2011/05/06 21:31:38
+     [readconf.c ssh_config.5]
+     support negated Host matching, e.g.
+     
+     Host *.example.org !c.example.org
+        User mekmitasdigoat
+     
+     Will match "a.example.org", "b.example.org", but not "c.example.org"
+     ok markus@
+   - djm at cvs.openbsd.org 2011/05/06 21:34:32
+     [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
+     Add a RequestTTY ssh_config option to allow configuration-based
+     control over tty allocation (like -t/-T); ok markus@
+   - djm at cvs.openbsd.org 2011/05/06 21:38:58
+     [ssh.c]
+     fix dropping from previous diff
+   - djm at cvs.openbsd.org 2011/05/06 22:20:10
+     [PROTOCOL.mux]
+     fix numbering; from bert.wesarg AT googlemail.com
+   - jmc at cvs.openbsd.org 2011/05/07 23:19:39
+     [ssh_config.5]
+     - tweak previous
+     - come consistency fixes
+     ok djm
+   - jmc at cvs.openbsd.org 2011/05/07 23:20:25
+     [ssh.1]
+     +.It RequestTTY
+   - djm at cvs.openbsd.org 2011/05/08 12:52:01
+     [PROTOCOL.mux clientloop.c clientloop.h mux.c]
+     improve our behaviour when TTY allocation fails: if we are in
+     RequestTTY=auto mode (the default), then do not treat at TTY
+     allocation error as fatal but rather just restore the local TTY
+     to cooked mode and continue. This is more graceful on devices that
+     never allocate TTYs.
+     
+     If RequestTTY is set to "yes" or "force", then failure to allocate
+     a TTY is fatal.
+     
+     ok markus@
+   - djm at cvs.openbsd.org 2011/05/10 05:46:46
+     [authfile.c]
+     despam debug() logs by detecting that we are trying to load a private key
+     in key_try_load_public() and returning early; ok markus@
+   - djm at cvs.openbsd.org 2011/05/11 04:47:06
+     [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
+     remove support for authorized_keys2; it is a relic from the early days
+     of protocol v.2 support and has been undocumented for many years;
+     ok markus@
+   - djm at cvs.openbsd.org 2011/05/13 00:05:36
+     [authfile.c]
+     warn on unexpected key type in key_parse_private_type()
+ - (djm) [packet.c] unbreak portability #endif
+
+20110510
+ - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
+   --with-ssl-engine which was broken with the change from deprecated
+   SSLeay_add_all_algorithms().  ok djm
+
+20110506
+ - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
+   for closefrom() in test code.  Report from Dan Wallis via Gentoo.
+
+20110505
+ - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
+   definitions. From des AT des.no
+ - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
+   [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
+   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
+   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
+   [regress/README.regress] Remove ssh-rand-helper and all its
+   tentacles. PRNGd seeding has been rolled into entropy.c directly.
+   Thanks to tim@ for testing on affected platforms.
+ - OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/03/10 02:52:57
+     [auth2-gss.c auth2.c auth.h]
+     allow GSSAPI authentication to detect when a server-side failure causes
+     authentication failure and don't count such failures against MaxAuthTries;
+     bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
+   - okan at cvs.openbsd.org 2011/03/15 10:36:02
+     [ssh-keyscan.c]
+     use timerclear macro
+     ok djm@
+   - stevesk at cvs.openbsd.org 2011/03/23 15:16:22
+     [ssh-keygen.1 ssh-keygen.c]
+     Add -A option.  For each of the key types (rsa1, rsa, dsa and ecdsa)
+     for which host keys do not exist, generate the host keys with the
+     default key file path, an empty passphrase, default bits for the key
+     type, and default comment.  This will be used by /etc/rc to generate
+     new host keys.  Idea from deraadt.
+     ok deraadt
+   - stevesk at cvs.openbsd.org 2011/03/23 16:24:56
+     [ssh-keygen.1]
+     -q not used in /etc/rc now so remove statement.
+   - stevesk at cvs.openbsd.org 2011/03/23 16:50:04
+     [ssh-keygen.c]
+     remove -d, documentation removed >10 years ago; ok markus
+   - jmc at cvs.openbsd.org 2011/03/24 15:29:30
+     [ssh-keygen.1]
+     zap trailing whitespace;
+   - stevesk at cvs.openbsd.org 2011/03/24 22:14:54
+     [ssh-keygen.c]
+     use strcasecmp() for "clear" cert permission option also; ok djm
+   - stevesk at cvs.openbsd.org 2011/03/29 18:54:17
+     [misc.c misc.h servconf.c]
+     print ipqos friendly string for sshd -T; ok markus
+     # sshd -Tf sshd_config|grep ipqos
+     ipqos lowdelay throughput
+   - djm at cvs.openbsd.org 2011/04/12 04:23:50
+     [ssh-keygen.c]
+     fix -Wshadow
+   - djm at cvs.openbsd.org 2011/04/12 05:32:49
+     [sshd.c]
+     exit with 0 status on SIGTERM; bz#1879
+   - djm at cvs.openbsd.org 2011/04/13 04:02:48
+     [ssh-keygen.1]
+     improve wording; bz#1861
+   - djm at cvs.openbsd.org 2011/04/13 04:09:37
+     [ssh-keygen.1]
+     mention valid -b sizes for ECDSA keys; bz#1862
+   - djm at cvs.openbsd.org 2011/04/17 22:42:42
+     [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
+     allow graceful shutdown of multiplexing: request that a mux server
+     removes its listener socket and refuse future multiplexing requests;
+     ok markus@
+   - djm at cvs.openbsd.org 2011/04/18 00:46:05
+     [ssh-keygen.c]
+     certificate options are supposed to be packed in lexical order of
+     option name (though we don't actually enforce this at present).
+     Move one up that was out of sequence
+   - djm at cvs.openbsd.org 2011/05/04 21:15:29
+     [authfile.c authfile.h ssh-add.c]
+     allow "ssh-add - < key"; feedback and ok markus@
+ - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
+   so autoreconf 2.68 is happy.
+ - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
+
 20110221
  - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
    Cygwin-specific service installer script ssh-host-config.  The actual
@@ -19,6 +469,13 @@
    The new script also is more thorough to inform the user why the
    script failed.  Patch from vinschen at redhat com.
 
+20110218
+ - OpenBSD CVS Sync
+   - djm at cvs.openbsd.org 2011/02/16 00:31:14
+     [ssh-keysign.c]
+     make hostbased auth with ECDSA keys work correctly. Based on patch
+     by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
+
 20110206
  - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
    selinux code.  Patch from Leonardo Chiquitto 
@@ -46,6 +503,14 @@
    succeeded before using its result. Patch from cjwatson AT debian.org;
    bz#1851
 
+20110127
+ - (tim) [config.guess config.sub] Sync with upstream.
+ - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
+   AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
+   AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
+   space changes for consistency/readability. Makes autoconf 2.68 happy.
+   "Nice work" djm
+
 20110125
  - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
    openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
@@ -1256,4 +1721,3 @@
      (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
      
      ok markus@
-

Modified: head/crypto/openssh/INSTALL
==============================================================================
--- head/crypto/openssh/INSTALL	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/INSTALL	Wed Oct  5 22:08:17 2011	(r226046)
@@ -16,9 +16,7 @@ The remaining items are optional.
 
 NB. If you operating system supports /dev/random, you should configure
 OpenSSL to use it. OpenSSH relies on OpenSSL's direct support of
-/dev/random, or failing that, either prngd or egd.  If you don't have
-any of these you will have to rely on ssh-rand-helper, which is inferior
-to a good kernel-based solution or prngd.
+/dev/random, or failing that, either prngd or egd
 
 PRNGD:
 
@@ -262,4 +260,4 @@ Please refer to the "reporting bugs" sec
 http://www.openssh.com/
 
 
-$Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $
+$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $

Modified: head/crypto/openssh/PROTOCOL.mux
==============================================================================
--- head/crypto/openssh/PROTOCOL.mux	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/PROTOCOL.mux	Wed Oct  5 22:08:17 2011	(r226046)
@@ -73,6 +73,13 @@ non-multiplexed ssh(1) connection. Two a
 client must cope with are it receiving a signal itself and the
 server disconnecting without sending an exit message.
 
+A master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE
+if remote TTY allocation was unsuccessful. The client may use this to
+return its local tty to "cooked" mode.
+
+	uint32	MUX_S_TTY_ALLOC_FAIL
+	uint32	session id
+
 3. Health checks
 
 The client may request a health check/PID report from a server:
@@ -149,10 +156,21 @@ The client then sends its standard input
 
 The contents of "reserved" are currently ignored.
 
-A server may reply with a MUX_S_SESSION_OPEED, a MUX_S_PERMISSION_DENIED
+A server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED
 or a MUX_S_FAILURE.
 
-8. Status messages
+8. Requesting shutdown of mux listener
+
+A client may request the master to stop accepting new multiplexing requests
+and remove its listener socket.
+
+	uint32	MUX_C_STOP_LISTENING
+	uint32	request id
+
+A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a
+MUX_S_FAILURE.
+
+9. Status messages
 
 The MUX_S_OK message is empty:
 
@@ -169,7 +187,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA
 	uint32	client request id
 	string	reason
 
-9. Protocol numbers
+10. Protocol numbers
 
 #define MUX_MSG_HELLO		0x00000001
 #define MUX_C_NEW_SESSION	0x10000002
@@ -178,6 +196,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA
 #define MUX_C_OPEN_FWD		0x10000006
 #define MUX_C_CLOSE_FWD		0x10000007
 #define MUX_C_NEW_STDIO_FWD	0x10000008
+#define MUX_C_STOP_LISTENING	0x10000009
 #define MUX_S_OK		0x80000001
 #define MUX_S_PERMISSION_DENIED	0x80000002
 #define MUX_S_FAILURE		0x80000003
@@ -185,6 +204,7 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA
 #define MUX_S_ALIVE		0x80000005
 #define MUX_S_SESSION_OPENED	0x80000006
 #define MUX_S_REMOTE_PORT	0x80000007
+#define MUX_S_TTY_ALLOC_FAIL	0x80000008
 
 #define MUX_FWD_LOCAL	1
 #define MUX_FWD_REMOTE	2
@@ -192,12 +212,10 @@ The MUX_S_PERMISSION_DENIED and MUX_S_FA
 
 XXX TODO
 XXX extended status (e.g. report open channels / forwards)
-XXX graceful close (delete listening socket, but keep existing sessions active)
 XXX lock (maybe)
 XXX watch in/out traffic (pre/post crypto)
 XXX inject packet (what about replies)
 XXX server->client error/warning notifications
-XXX port0 rfwd (need custom response message)
 XXX send signals via mux
 
-$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $
+$OpenBSD: PROTOCOL.mux,v 1.7 2011/05/08 12:52:01 djm Exp $

Modified: head/crypto/openssh/README
==============================================================================
--- head/crypto/openssh/README	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/README	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-5.8p2 for the release notes.
+See http://www.openssh.com/txt/release-5.9 for the release notes.
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
 [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
 [7] http://www.openssh.com/faq.html
 
-$Id: README,v 1.75.4.2 2011/05/03 00:04:21 djm Exp $
+$Id: README,v 1.77.2.2 2011/09/06 23:11:20 djm Exp $

Modified: head/crypto/openssh/aclocal.m4
==============================================================================
--- head/crypto/openssh/aclocal.m4	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/aclocal.m4	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,8 +1,26 @@
-dnl $Id: aclocal.m4,v 1.6 2005/09/19 16:33:39 tim Exp $
+dnl $Id: aclocal.m4,v 1.8 2011/05/20 01:45:25 djm Exp $
 dnl
 dnl OpenSSH-specific autoconf macros
 dnl
 
+dnl OSSH_CHECK_CFLAG_COMPILE(check_flag[, define_flag])
+dnl Check that $CC accepts a flag 'check_flag'. If it is supported append
+dnl 'define_flag' to $CFLAGS. If 'define_flag' is not specified, then append
+dnl 'check_flag'.
+AC_DEFUN([OSSH_CHECK_CFLAG_COMPILE], [{
+	AC_MSG_CHECKING([if $CC supports $1])
+	saved_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $1"
+	_define_flag="$2"
+	test "x$_define_flag" = "x" && _define_flag="$1"
+	AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
+		[ AC_MSG_RESULT([yes])
+		  CFLAGS="$saved_CFLAGS $_define_flag"],
+		[ AC_MSG_RESULT([no])
+		  CFLAGS="$saved_CFLAGS" ]
+	)
+}])
+
 
 dnl OSSH_CHECK_HEADER_FOR_FIELD(field, header, symbol)
 dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
@@ -33,16 +51,6 @@ AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
 	fi
 ])
 
-dnl OSSH_PATH_ENTROPY_PROG(variablename, command):
-dnl Tidiness function, sets 'undef' if not found, and does the AC_SUBST
-AC_DEFUN(OSSH_PATH_ENTROPY_PROG, [
-	AC_PATH_PROG($1, $2)
-	if test -z "[$]$1" ; then
-		$1="undef"
-	fi
-	AC_SUBST($1)
-])
-
 dnl Check for socklen_t: historically on BSD it is an int, and in
 dnl POSIX 1g it is a type of its own, but some platforms use different
 dnl types for the argument to getsockopt, getpeername, etc.  So we

Modified: head/crypto/openssh/audit-linux.c
==============================================================================
--- head/crypto/openssh/audit-linux.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/audit-linux.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $Id$ */
+/* $Id: audit-linux.c,v 1.1 2011/01/17 10:15:30 dtucker Exp $ */
 
 /*
  * Copyright 2010 Red Hat, Inc.  All rights reserved.

Modified: head/crypto/openssh/auth-rsa.c
==============================================================================
--- head/crypto/openssh/auth-rsa.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth-rsa.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rsa.c,v 1.79 2010/12/03 23:55:27 djm Exp $ */
+/* $OpenBSD: auth-rsa.c,v 1.80 2011/05/23 03:30:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -160,44 +160,27 @@ auth_rsa_challenge_dialog(Key *key)
 	return (success);
 }
 
-/*
- * check if there's user key matching client_n,
- * return key if login is allowed, NULL otherwise
- */
-
-int
-auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
+static int
+rsa_key_allowed_in_file(struct passwd *pw, char *file,
+    const BIGNUM *client_n, Key **rkey)
 {
-	char line[SSH_MAX_PUBKEY_BYTES], *file;
+	char line[SSH_MAX_PUBKEY_BYTES];
 	int allowed = 0;
 	u_int bits;
 	FILE *f;
 	u_long linenum = 0;
 	Key *key;
 
-	/* Temporarily use the user's uid. */
-	temporarily_use_uid(pw);
-
-	/* The authorized keys. */
-	file = authorized_keys_file(pw);
 	debug("trying public RSA key file %s", file);
-	f = auth_openkeyfile(file, pw, options.strict_modes);
-	if (!f) {
-		xfree(file);
-		restore_uid();
-		return (0);
-	}
-
-	/* Flag indicating whether the key is allowed. */
-	allowed = 0;
-
-	key = key_new(KEY_RSA1);
+	if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
+		return 0;
 
 	/*
 	 * Go though the accepted keys, looking for the current key.  If
 	 * found, perform a challenge-response dialog to verify that the
 	 * user really has the corresponding private key.
 	 */
+	key = key_new(KEY_RSA1);
 	while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
 		char *cp;
 		char *key_options;
@@ -235,7 +218,10 @@ auth_rsa_key_allowed(struct passwd *pw, 
 		}
 		/* cp now points to the comment part. */
 
-		/* Check if the we have found the desired key (identified by its modulus). */
+		/*
+		 * Check if the we have found the desired key (identified
+		 * by its modulus).
+		 */
 		if (BN_cmp(key->rsa->n, client_n) != 0)
 			continue;
 
@@ -264,11 +250,7 @@ auth_rsa_key_allowed(struct passwd *pw, 
 		break;
 	}
 
-	/* Restore the privileged uid. */
-	restore_uid();
-
 	/* Close the file. */
-	xfree(file);
 	fclose(f);
 
 	/* return key if allowed */
@@ -276,7 +258,33 @@ auth_rsa_key_allowed(struct passwd *pw, 
 		*rkey = key;
 	else
 		key_free(key);
-	return (allowed);
+
+	return allowed;
+}
+
+/*
+ * check if there's user key matching client_n,
+ * return key if login is allowed, NULL otherwise
+ */
+
+int
+auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey)
+{
+	char *file;
+	u_int i, allowed = 0;
+
+	temporarily_use_uid(pw);
+
+	for (i = 0; !allowed && i < options.num_authkeys_files; i++) {
+		file = expand_authorized_keys(
+		    options.authorized_keys_files[i], pw);
+		allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey);
+		xfree(file);
+	}
+
+	restore_uid();
+
+	return allowed;
 }
 
 /*

Modified: head/crypto/openssh/auth-skey.c
==============================================================================
--- head/crypto/openssh/auth-skey.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth-skey.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -39,6 +39,7 @@
 #include "hostfile.h"
 #include "auth.h"
 #include "ssh-gss.h"
+#include "log.h"
 #include "monitor_wrap.h"
 
 static void *

Modified: head/crypto/openssh/auth.c
==============================================================================
--- head/crypto/openssh/auth.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.91 2010/11/29 23:45:51 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -332,7 +332,7 @@ auth_root_allowed(char *method)
  *
  * This returns a buffer allocated by xmalloc.
  */
-static char *
+char *
 expand_authorized_keys(const char *filename, struct passwd *pw)
 {
 	char *file, ret[MAXPATHLEN];
@@ -356,18 +356,6 @@ expand_authorized_keys(const char *filen
 }
 
 char *
-authorized_keys_file(struct passwd *pw)
-{
-	return expand_authorized_keys(options.authorized_keys_file, pw);
-}
-
-char *
-authorized_keys_file2(struct passwd *pw)
-{
-	return expand_authorized_keys(options.authorized_keys_file2, pw);
-}
-
-char *
 authorized_principals_file(struct passwd *pw)
 {
 	if (options.authorized_principals_file == NULL)
@@ -469,7 +457,6 @@ secure_filename(FILE *f, const char *fil
 		}
 		strlcpy(buf, cp, sizeof(buf));
 
-		debug3("secure_filename: checking '%s'", buf);
 		if (stat(buf, &st) < 0 ||
 		    (st.st_uid != 0 && st.st_uid != uid) ||
 		    (st.st_mode & 022) != 0) {
@@ -479,11 +466,9 @@ secure_filename(FILE *f, const char *fil
 		}
 
 		/* If are past the homedir then we can stop */
-		if (comparehome && strcmp(homedir, buf) == 0) {
-			debug3("secure_filename: terminating check at '%s'",
-			    buf);
+		if (comparehome && strcmp(homedir, buf) == 0)
 			break;
-		}
+
 		/*
 		 * dirname should always complete with a "/" path,
 		 * but we can be paranoid and check for "." too

Modified: head/crypto/openssh/auth.h
==============================================================================
--- head/crypto/openssh/auth.h	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth.h	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.66 2010/05/07 11:30:29 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -53,6 +53,7 @@ struct Authctxt {
 	int		 valid;		/* user exists and is allowed to login */
 	int		 attempt;
 	int		 failures;
+	int		 server_caused_failure; 
 	int		 force_pwchange;
 	char		*user;		/* username sent by the client */
 	char		*service;
@@ -167,8 +168,7 @@ char	*get_challenge(Authctxt *);
 int	verify_response(Authctxt *, const char *);
 void	abandon_challenge_response(Authctxt *);
 
-char	*authorized_keys_file(struct passwd *);
-char	*authorized_keys_file2(struct passwd *);
+char	*expand_authorized_keys(const char *, struct passwd *pw);
 char	*authorized_principals_file(struct passwd *);
 
 FILE	*auth_openkeyfile(const char *, struct passwd *, int);

Modified: head/crypto/openssh/auth2-gss.c
==============================================================================
--- head/crypto/openssh/auth2-gss.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth2-gss.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.17 2011/03/10 02:52:57 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -102,6 +102,7 @@ userauth_gssapi(Authctxt *authctxt)
 
 	if (!present) {
 		xfree(doid);
+		authctxt->server_caused_failure = 1;
 		return (0);
 	}
 
@@ -109,6 +110,7 @@ userauth_gssapi(Authctxt *authctxt)
 		if (ctxt != NULL)
 			ssh_gssapi_delete_ctx(&ctxt);
 		xfree(doid);
+		authctxt->server_caused_failure = 1;
 		return (0);
 	}
 

Modified: head/crypto/openssh/auth2-pubkey.c
==============================================================================
--- head/crypto/openssh/auth2-pubkey.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth2-pubkey.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.27 2010/11/20 05:12:38 deraadt Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -436,7 +436,7 @@ user_cert_trusted_ca(struct passwd *pw, 
 int
 user_key_allowed(struct passwd *pw, Key *key)
 {
-	int success;
+	u_int success, i;
 	char *file;
 
 	if (auth_key_is_revoked(key))
@@ -448,16 +448,13 @@ user_key_allowed(struct passwd *pw, Key 
 	if (success)
 		return success;
 
-	file = authorized_keys_file(pw);
-	success = user_key_allowed2(pw, key, file);
-	xfree(file);
-	if (success)
-		return success;
+	for (i = 0; !success && i < options.num_authkeys_files; i++) {
+		file = expand_authorized_keys(
+		    options.authorized_keys_files[i], pw);
+		success = user_key_allowed2(pw, key, file);
+		xfree(file);
+	}
 
-	/* try suffix "2" for backward compat, too */
-	file = authorized_keys_file2(pw);
-	success = user_key_allowed2(pw, key, file);
-	xfree(file);
 	return success;
 }
 

Modified: head/crypto/openssh/auth2.c
==============================================================================
--- head/crypto/openssh/auth2.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/auth2.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.122 2010/08/31 09:58:37 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -304,6 +304,7 @@ input_userauth_request(int type, u_int32
 #endif
 
 	authctxt->postponed = 0;
+	authctxt->server_caused_failure = 0;
 
 	/* try to authenticate user */
 	m = authmethod_lookup(method);
@@ -376,7 +377,8 @@ userauth_finish(Authctxt *authctxt, int 
 	} else {
 
 		/* Allow initial try of "none" auth without failure penalty */
-		if (authctxt->attempt > 1 || strcmp(method, "none") != 0)
+		if (!authctxt->server_caused_failure &&
+		    (authctxt->attempt > 1 || strcmp(method, "none") != 0))
 			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS

Modified: head/crypto/openssh/authfd.c
==============================================================================
--- head/crypto/openssh/authfd.c	Wed Oct  5 20:00:50 2011	(r226045)
+++ head/crypto/openssh/authfd.c	Wed Oct  5 22:08:17 2011	(r226046)
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.84 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: authfd.c,v 1.86 2011/07/06 18:09:21 tedu Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -102,6 +102,7 @@ ssh_get_authentication_socket(void)
 	if (!authsocket)
 		return -1;
 
+	bzero(&sunaddr, sizeof(sunaddr));
 	sunaddr.sun_family = AF_UNIX;
 	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
 
@@ -110,7 +111,7 @@ ssh_get_authentication_socket(void)
 		return -1;
 
 	/* close on exec */
-	if (fcntl(sock, F_SETFD, 1) == -1) {

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***


More information about the svn-src-head mailing list