svn commit: r287158 - in vendor-crypto/openssh/dist: . contrib contrib/redhat contrib/suse
Dag-Erling Smørgrav
des at FreeBSD.org
Wed Aug 26 09:27:13 UTC 2015
Author: des
Date: Wed Aug 26 09:27:05 2015
New Revision: 287158
URL: https://svnweb.freebsd.org/changeset/base/287158
Log:
Vendor import of OpenSSH 7.1p1.
Modified:
vendor-crypto/openssh/dist/ChangeLog
vendor-crypto/openssh/dist/README
vendor-crypto/openssh/dist/auth.c
vendor-crypto/openssh/dist/compat.c
vendor-crypto/openssh/dist/contrib/README
vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
vendor-crypto/openssh/dist/contrib/suse/openssh.spec
vendor-crypto/openssh/dist/dns.c
vendor-crypto/openssh/dist/mux.c
vendor-crypto/openssh/dist/packet.c
vendor-crypto/openssh/dist/sftp-server.c
vendor-crypto/openssh/dist/sftp.c
vendor-crypto/openssh/dist/ssh-keygen.0
vendor-crypto/openssh/dist/ssh-keygen.1
vendor-crypto/openssh/dist/ssh-keygen.c
vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
vendor-crypto/openssh/dist/ssh_config.0
vendor-crypto/openssh/dist/ssh_config.5
vendor-crypto/openssh/dist/sshconnect.c
vendor-crypto/openssh/dist/sshd.c
vendor-crypto/openssh/dist/sshd_config.0
vendor-crypto/openssh/dist/sshd_config.5
vendor-crypto/openssh/dist/sshkey.c
vendor-crypto/openssh/dist/version.h
Modified: vendor-crypto/openssh/dist/ChangeLog
==============================================================================
--- vendor-crypto/openssh/dist/ChangeLog Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ChangeLog Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,3 +1,121 @@
+commit e91346dc2bbf460246df2ab591b7613908c1b0ad
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Aug 21 14:49:03 2015 +1000
+
+ we don't use Github for issues/pull-requests
+
+commit a4f5b507c708cc3dc2c8dd2d02e4416d7514dc23
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Aug 21 14:43:55 2015 +1000
+
+ fix URL for connect.c
+
+commit d026a8d3da0f8186598442997c7d0a28e7275414
+Author: Damien Miller <djm at mindrot.org>
+Date: Fri Aug 21 13:47:10 2015 +1000
+
+ update version numbers for 7.1
+
+commit 78f8f589f0ca1c9f41e5a9bae3cda5ce8a6b42ed
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Aug 21 03:45:26 2015 +0000
+
+ upstream commit
+
+ openssh-7.1
+
+ Upstream-ID: ff7b1ef4b06caddfb45e08ba998128c88be3d73f
+
+commit 32a181980c62fce94f7f9ffaf6a79d90f0c309cf
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Fri Aug 21 03:42:19 2015 +0000
+
+ upstream commit
+
+ fix inverted logic that broke PermitRootLogin; reported
+ by Mantas Mikulenas; ok markus@
+
+ Upstream-ID: 260dd6a904c1bb7e43267e394b1c9cf70bdd5ea5
+
+commit ce445b0ed927e45bd5bdce8f836eb353998dd65c
+Author: deraadt at openbsd.org <deraadt at openbsd.org>
+Date: Thu Aug 20 22:32:42 2015 +0000
+
+ upstream commit
+
+ Do not cast result of malloc/calloc/realloc* if stdlib.h
+ is in scope ok krw millert
+
+ Upstream-ID: 5e50ded78cadf3841556649a16cc4b1cb6c58667
+
+commit 05291e5288704d1a98bacda269eb5a0153599146
+Author: naddy at openbsd.org <naddy at openbsd.org>
+Date: Thu Aug 20 19:20:06 2015 +0000
+
+ upstream commit
+
+ In the certificates section, be consistent about using
+ "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@
+
+ Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
+
+commit 8543d4ef6f2e9f98c3e6b77c894ceec30c5e4ae4
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Aug 19 23:21:42 2015 +0000
+
+ upstream commit
+
+ Better compat matching for WinSCP, add compat matching
+ for FuTTY (fork of PuTTY); ok markus@ deraadt@
+
+ Upstream-ID: 24001d1ac115fa3260fbdc329a4b9aeb283c5389
+
+commit ec6eda16ebab771aa3dfc90629b41953b999cb1e
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Aug 19 23:19:01 2015 +0000
+
+ upstream commit
+
+ fix double-free() in error path of DSA key generation
+ reported by Mateusz Kocielski; ok markus@
+
+ Upstream-ID: 4735d8f888b10599a935fa1b374787089116713c
+
+commit 45b0eb752c94954a6de046bfaaf129e518ad4b5b
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Aug 19 23:18:26 2015 +0000
+
+ upstream commit
+
+ fix free() of uninitialised pointer reported by Mateusz
+ Kocielski; ok markus@
+
+ Upstream-ID: 519552b050618501a06b7b023de5cb104e2c5663
+
+commit c837643b93509a3ef538cb6624b678c5fe32ff79
+Author: djm at openbsd.org <djm at openbsd.org>
+Date: Wed Aug 19 23:17:51 2015 +0000
+
+ upstream commit
+
+ fixed unlink([uninitialised memory]) reported by Mateusz
+ Kocielski; ok markus@
+
+ Upstream-ID: 14a0c4e7d891f5a8dabc4b89d4f6b7c0d5a20109
+
+commit 1f8d3d629cd553031021068eb9c646a5f1e50994
+Author: jmc at openbsd.org <jmc at openbsd.org>
+Date: Fri Aug 14 15:32:41 2015 +0000
+
+ upstream commit
+
+ match myproposal.h order; from brian conway (i snuck in a
+ tweak while here)
+
+ ok dtucker
+
+ Upstream-ID: 35174a19b5237ea36aa3798f042bf5933b772c67
+
commit 1dc8d93ce69d6565747eb44446ed117187621b26
Author: deraadt at openbsd.org <deraadt at openbsd.org>
Date: Thu Aug 6 14:53:21 2015 +0000
@@ -9013,134 +9131,3 @@ Date: Wed Aug 28 12:49:43 2013 +1000
- (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
start to use them in the future.
-
-commit f2f6c315a920a256937e1b6a3702757f3195a592
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:44:58 2013 +1000
-
- - jmc at cvs.openbsd.org 2013/08/20 06:56:07
- [ssh.1 ssh_config.5]
- some proxyusefdpass tweaks;
-
-commit 1262b6638f7d01ab110fd373dd90d915c882fe1a
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:44:24 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/20 00:11:38
- [readconf.c readconf.h ssh_config.5 sshconnect.c]
- Add a ssh_config ProxyUseFDPass option that supports the use of
- ProxyCommands that establish a connection and then pass a connected
- file descriptor back to ssh(1). This allows the ProxyCommand to exit
- rather than have to shuffle data back and forth and enables ssh to use
- getpeername, etc. to obtain address information just like it does with
- regular directly-connected sockets. ok markus@
-
-commit b7727df37efde4dbe4f5a33b19cbf42022aabf66
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:43:49 2013 +1000
-
- - jmc at cvs.openbsd.org 2013/08/14 08:39:27
- [scp.1 ssh.1]
- some Bx/Ox conversion;
- From: Jan Stary
-
-commit d5d9d7b1fdacf0551de4c747728bd159be40590a
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:43:27 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/13 18:33:08
- [ssh-keygen.c]
- another of the same typo
-
-commit d234afb0b3a8de1be78cbeafed5fc86912594c3c
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:42:58 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/13 18:32:08
- [ssh-keygen.c]
- typo in error message; from Stephan Rickauer
-
-commit e0ee727b8281a7c2ae20630ce83f6b200b404059
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:42:35 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/09 03:56:42
- [sftp.c]
- enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
- matching ksh's relatively recent change.
-
-commit fec029f1dc2c338f3fae3fa82aabc988dc07868c
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:42:12 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/09 03:39:13
- [sftp-client.c]
- two problems found by a to-be-committed regress test: 1) msg_id was not
- being initialised so was starting at a random value from the heap
- (harmless, but confusing). 2) some error conditions were not being
- propagated back to the caller
-
-commit 036d30743fc914089f9849ca52d615891d47e616
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:41:46 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/09 03:37:25
- [sftp.c]
- do getopt parsing for all sftp commands (with an empty optstring for
- commands without arguments) to ensure consistent behaviour
-
-commit c7dba12bf95eb1d69711881a153cc286c1987663
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:41:15 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/08 05:04:03
- [sftp-client.c sftp-client.h sftp.c]
- add a "-l" flag for the rename command to force it to use the silly
- standard SSH_FXP_RENAME command instead of the POSIX-rename- like
- posix-rename at openssh.com extension.
-
- intended for use in regress tests, so no documentation.
-
-commit 034f27a0c09e69fe3589045b41f03f6e345b63f5
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:40:44 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/08 04:52:04
- [sftp.c]
- fix two year old regression: symlinking a file would incorrectly
- canonicalise the target path. bz#2129 report from delphij AT freebsd.org
-
-commit c6895c5c67492144dd28589e5788f783be9152ed
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:40:21 2013 +1000
-
- - jmc at cvs.openbsd.org 2013/08/07 06:24:51
- [sftp.1 sftp.c]
- sort -a;
-
-commit a6d6c1f38ac9b4a5e1bd4df889e1020a8370ed55
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:40:01 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/06 23:06:01
- [servconf.c]
- add cast to avoid format warning; from portable
-
-commit eec840673bce3f69ad269672fba7ed8ff05f154f
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:39:39 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/06 23:05:01
- [sftp.1]
- document top-level -a option (the -a option to 'get' was already
- documented)
-
-commit 02e878070d0eddad4e11f2c82644b275418eb112
-Author: Damien Miller <djm at mindrot.org>
-Date: Wed Aug 21 02:38:51 2013 +1000
-
- - djm at cvs.openbsd.org 2013/08/06 23:03:49
- [sftp.c]
- fix some whitespace at EOL
- make list of commands an enum rather than a long list of defines
- add -a to usage()
Modified: vendor-crypto/openssh/dist/README
==============================================================================
--- vendor-crypto/openssh/dist/README Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/README Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,8 @@
-See http://www.openssh.com/txt/release-7.0 for the release notes.
+See http://www.openssh.com/txt/release-7.1 for the release notes.
+
+Please read http://www.openssh.com/report.html for bug reporting
+instructions and note that we do not use Github for bug reporting or
+patch/pull-request management.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
Modified: vendor-crypto/openssh/dist/auth.c
==============================================================================
--- vendor-crypto/openssh/dist/auth.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/auth.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.112 2015/08/06 14:53:21 deraadt Exp $ */
+/* $OpenBSD: auth.c,v 1.113 2015/08/21 03:42:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -354,7 +354,7 @@ auth_root_allowed(const char *method)
case PERMIT_NO_PASSWD:
if (strcmp(method, "publickey") == 0 ||
strcmp(method, "hostbased") == 0 ||
- strcmp(method, "gssapi-with-mic"))
+ strcmp(method, "gssapi-with-mic") == 0)
return 1;
break;
case PERMIT_FORCED_ONLY:
Modified: vendor-crypto/openssh/dist/compat.c
==============================================================================
--- vendor-crypto/openssh/dist/compat.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/compat.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.96 2015/07/28 23:20:42 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.97 2015/08/19 23:21:42 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -176,6 +176,7 @@ compat_datafellows(const char *version)
"PuTTY_Release_0.63*,"
"PuTTY_Release_0.64*",
SSH_OLD_DHGEX },
+ { "FuTTY*", SSH_OLD_DHGEX }, /* Putty Fork */
{ "Probe-*",
SSH_BUG_PROBE },
{ "TeraTerm SSH*,"
@@ -189,7 +190,17 @@ compat_datafellows(const char *version)
"TTSSH/2.70*,"
"TTSSH/2.71*,"
"TTSSH/2.72*", SSH_BUG_HOSTKEYS },
- { "WinSCP*", SSH_OLD_DHGEX },
+ { "WinSCP_release_4*,"
+ "WinSCP_release_5.0*,"
+ "WinSCP_release_5.1*,"
+ "WinSCP_release_5.5*,"
+ "WinSCP_release_5.6*,"
+ "WinSCP_release_5.7,"
+ "WinSCP_release_5.7.1,"
+ "WinSCP_release_5.7.2,"
+ "WinSCP_release_5.7.3,"
+ "WinSCP_release_5.7.4",
+ SSH_OLD_DHGEX },
{ NULL, 0 }
};
Modified: vendor-crypto/openssh/dist/contrib/README
==============================================================================
--- vendor-crypto/openssh/dist/contrib/README Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/contrib/README Wed Aug 26 09:27:05 2015 (r287158)
@@ -11,7 +11,7 @@ which allows the use of outbound SSH fro
https CONNECT style proxy server. His page for connect.c has extensive
documentation on its use as well as compiled versions for Win32.
-http://www.taiyo.co.jp/~gotoh/ssh/connect.html
+https://bitbucket.org/gotoh/connect/wiki/Home
X11 SSH Askpass:
Modified: vendor-crypto/openssh/dist/contrib/redhat/openssh.spec
==============================================================================
--- vendor-crypto/openssh/dist/contrib/redhat/openssh.spec Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/contrib/redhat/openssh.spec Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-%define ver 7.0p1
+%define ver 7.1p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
Modified: vendor-crypto/openssh/dist/contrib/suse/openssh.spec
==============================================================================
--- vendor-crypto/openssh/dist/contrib/suse/openssh.spec Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/contrib/suse/openssh.spec Wed Aug 26 09:27:05 2015 (r287158)
@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 7.0p1
+Version: 7.1p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
Modified: vendor-crypto/openssh/dist/dns.c
==============================================================================
--- vendor-crypto/openssh/dist/dns.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/dns.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.34 2015/01/28 22:36:00 djm Exp $ */
+/* $OpenBSD: dns.c,v 1.35 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -154,7 +154,7 @@ dns_read_rdata(u_int8_t *algorithm, u_in
*digest_len = rdata_len - 2;
if (*digest_len > 0) {
- *digest = (u_char *) xmalloc(*digest_len);
+ *digest = xmalloc(*digest_len);
memcpy(*digest, rdata + 2, *digest_len);
} else {
*digest = (u_char *)xstrdup("");
Modified: vendor-crypto/openssh/dist/mux.c
==============================================================================
--- vendor-crypto/openssh/dist/mux.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/mux.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.53 2015/05/01 04:03:20 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm at openbsd.org>
*
@@ -665,6 +665,8 @@ process_mux_open_fwd(u_int rid, Channel
u_int lport, cport;
int i, ret = 0, freefwd = 1;
+ memset(&fwd, 0, sizeof(fwd));
+
/* XXX - lport/cport check redundant */
if (buffer_get_int_ret(&ftype, m) != 0 ||
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
@@ -832,6 +834,8 @@ process_mux_close_fwd(u_int rid, Channel
int i, ret = 0;
u_int lport, cport;
+ memset(&fwd, 0, sizeof(fwd));
+
if (buffer_get_int_ret(&ftype, m) != 0 ||
(listen_addr = buffer_get_string_ret(m, NULL)) == NULL ||
buffer_get_int_ret(&lport, m) != 0 ||
Modified: vendor-crypto/openssh/dist/packet.c
==============================================================================
--- vendor-crypto/openssh/dist/packet.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/packet.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.213 2015/07/29 04:43:06 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.214 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1272,7 +1272,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u
DBG(debug("packet_read()"));
- setp = (fd_set *)calloc(howmany(state->connection_in + 1,
+ setp = calloc(howmany(state->connection_in + 1,
NFDBITS), sizeof(fd_mask));
if (setp == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -2036,7 +2036,7 @@ ssh_packet_write_wait(struct ssh *ssh)
struct timeval start, timeout, *timeoutp = NULL;
struct session_state *state = ssh->state;
- setp = (fd_set *)calloc(howmany(state->connection_out + 1,
+ setp = calloc(howmany(state->connection_out + 1,
NFDBITS), sizeof(fd_mask));
if (setp == NULL)
return SSH_ERR_ALLOC_FAIL;
Modified: vendor-crypto/openssh/dist/sftp-server.c
==============================================================================
--- vendor-crypto/openssh/dist/sftp-server.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sftp-server.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.106 2015/04/24 01:36:01 deraadt Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.107 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -1632,8 +1632,8 @@ sftp_server_main(int argc, char **argv,
fatal("%s: sshbuf_new failed", __func__);
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
- rset = (fd_set *)xmalloc(set_size);
- wset = (fd_set *)xmalloc(set_size);
+ rset = xmalloc(set_size);
+ wset = xmalloc(set_size);
if (homedir != NULL) {
if (chdir(homedir) != 0) {
Modified: vendor-crypto/openssh/dist/sftp.c
==============================================================================
--- vendor-crypto/openssh/dist/sftp.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sftp.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.170 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: sftp.c,v 1.171 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Copyright (c) 2001-2004 Damien Miller <djm at openbsd.org>
*
@@ -1958,7 +1958,7 @@ complete(EditLine *el, int ch)
/* Figure out which argument the cursor points to */
cursor = lf->cursor - lf->buffer;
- line = (char *)xmalloc(cursor + 1);
+ line = xmalloc(cursor + 1);
memcpy(line, lf->buffer, cursor);
line[cursor] = '\0';
argv = makeargv(line, &carg, 1, "e, &terminated);
@@ -1966,7 +1966,7 @@ complete(EditLine *el, int ch)
/* Get all the arguments on the line */
len = lf->lastchar - lf->buffer;
- line = (char *)xmalloc(len + 1);
+ line = xmalloc(len + 1);
memcpy(line, lf->buffer, len);
line[len] = '\0';
argv = makeargv(line, &argc, 1, NULL, NULL);
Modified: vendor-crypto/openssh/dist/ssh-keygen.0
==============================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.0 Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ssh-keygen.0 Wed Aug 26 09:27:05 2015 (r287158)
@@ -426,7 +426,7 @@ CERTIFICATES
providing the token library using -D and identifying the CA key by
providing its public half as an argument to -s:
- $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+ $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
In all cases, key_id is a "key identifier" that is logged by the server
when the certificate is used for authentication.
@@ -437,7 +437,7 @@ CERTIFICATES
principals:
$ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
- $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+ $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
Additional limitations on the validity and use of user certificates may
be specified through certificate options. A certificate option may
@@ -563,4 +563,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.8 July 3, 2015 OpenBSD 5.8
+OpenBSD 5.8 August 20, 2015 OpenBSD 5.8
Modified: vendor-crypto/openssh/dist/ssh-keygen.1
==============================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.1 Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ssh-keygen.1 Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.126 2015/07/03 03:49:45 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: July 3 2015 $
+.Dd $Mdocdate: August 20 2015 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -680,7 +680,7 @@ and identifying the CA key by providing
to
.Fl s :
.Pp
-.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
+.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
.Pp
In all cases,
.Ar key_id
@@ -693,7 +693,7 @@ By default, generated certificates are v
To generate a certificate for a specified set of principals:
.Pp
.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
-.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
+.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
.Pp
Additional limitations on the validity and use of user certificates may
be specified through certificate options.
Modified: vendor-crypto/openssh/dist/ssh-keygen.c
==============================================================================
--- vendor-crypto/openssh/dist/ssh-keygen.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ssh-keygen.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.276 2015/07/03 03:49:45 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.277 2015/08/19 23:17:51 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1201,7 +1201,8 @@ do_known_hosts(struct passwd *pw, const
exit(1);
} else if (delete_host && !ctx.found_key) {
logit("Host %s not found in %s", name, identity_file);
- unlink(tmp);
+ if (inplace)
+ unlink(tmp);
} else if (inplace) {
/* Backup existing file */
if (unlink(old) == -1 && errno != ENOENT)
Modified: vendor-crypto/openssh/dist/ssh-pkcs11-helper.c
==============================================================================
--- vendor-crypto/openssh/dist/ssh-pkcs11-helper.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.10 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.11 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Copyright (c) 2010 Markus Friedl. All rights reserved.
*
@@ -301,8 +301,8 @@ main(int argc, char **argv)
buffer_init(&oqueue);
set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
- rset = (fd_set *)xmalloc(set_size);
- wset = (fd_set *)xmalloc(set_size);
+ rset = xmalloc(set_size);
+ wset = xmalloc(set_size);
for (;;) {
memset(rset, 0, set_size);
Modified: vendor-crypto/openssh/dist/ssh_config.0
==============================================================================
--- vendor-crypto/openssh/dist/ssh_config.0 Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ssh_config.0 Wed Aug 26 09:27:05 2015 (r287158)
@@ -205,9 +205,9 @@ DESCRIPTION
The default is:
+ chacha20-poly1305 at openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,
- chacha20-poly1305 at openssh.com,
arcfour256,arcfour128,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
aes192-cbc,aes256-cbc,arcfour
@@ -1023,4 +1023,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 5.8 July 30, 2015 OpenBSD 5.8
+OpenBSD 5.8 August 14, 2015 OpenBSD 5.8
Modified: vendor-crypto/openssh/dist/ssh_config.5
==============================================================================
--- vendor-crypto/openssh/dist/ssh_config.5 Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/ssh_config.5 Wed Aug 26 09:27:05 2015 (r287158)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.214 2015/07/30 00:01:34 djm Exp $
-.Dd $Mdocdate: July 30 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
+.Dd $Mdocdate: August 14 2015 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -415,9 +415,9 @@ chacha20-poly1305 at openssh.com
.Pp
The default is:
.Bd -literal -offset indent
+chacha20-poly1305 at openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-gcm at openssh.com,aes256-gcm at openssh.com,
-chacha20-poly1305 at openssh.com,
arcfour256,arcfour128,
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
aes192-cbc,aes256-cbc,arcfour
Modified: vendor-crypto/openssh/dist/sshconnect.c
==============================================================================
--- vendor-crypto/openssh/dist/sshconnect.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sshconnect.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.262 2015/05/28 05:41:29 dtucker Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.263 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -356,7 +356,7 @@ timeout_connect(int sockfd, const struct
goto done;
}
- fdset = (fd_set *)xcalloc(howmany(sockfd + 1, NFDBITS),
+ fdset = xcalloc(howmany(sockfd + 1, NFDBITS),
sizeof(fd_mask));
FD_SET(sockfd, fdset);
ms_to_timeval(&tv, *timeoutp);
Modified: vendor-crypto/openssh/dist/sshd.c
==============================================================================
--- vendor-crypto/openssh/dist/sshd.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sshd.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.457 2015/07/30 00:01:34 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.458 2015/08/20 22:32:42 deraadt Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1253,7 +1253,7 @@ server_accept_loop(int *sock_in, int *so
sighup_restart();
if (fdset != NULL)
free(fdset);
- fdset = (fd_set *)xcalloc(howmany(maxfd + 1, NFDBITS),
+ fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
sizeof(fd_mask));
for (i = 0; i < num_listen_socks; i++)
Modified: vendor-crypto/openssh/dist/sshd_config.0
==============================================================================
--- vendor-crypto/openssh/dist/sshd_config.0 Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sshd_config.0 Wed Aug 26 09:27:05 2015 (r287158)
@@ -286,9 +286,9 @@ DESCRIPTION
The default is:
+ chacha20-poly1305 at openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
- aes128-gcm at openssh.com,aes256-gcm at openssh.com,
- chacha20-poly1305 at openssh.com
+ aes128-gcm at openssh.com,aes256-gcm at openssh.com
The list of available ciphers may also be obtained using the -Q
option of ssh(1) with an argument of M-bM-^@M-^\cipherM-bM-^@M-^].
@@ -927,7 +927,7 @@ DESCRIPTION
If this option is set to M-bM-^@M-^\noM-bM-^@M-^] (the default) then only addresses
and not host names may be used in ~/.ssh/known_hosts from and
- sshd_config(5) Match Host directives.
+ sshd_config Match Host directives.
UseLogin
Specifies whether login(1) is used for interactive login
@@ -1049,4 +1049,4 @@ AUTHORS
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
-OpenBSD 5.8 August 6, 2015 OpenBSD 5.8
+OpenBSD 5.8 August 14, 2015 OpenBSD 5.8
Modified: vendor-crypto/openssh/dist/sshd_config.5
==============================================================================
--- vendor-crypto/openssh/dist/sshd_config.5 Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sshd_config.5 Wed Aug 26 09:27:05 2015 (r287158)
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.210 2015/08/06 14:53:21 deraadt Exp $
-.Dd $Mdocdate: August 6 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
+.Dd $Mdocdate: August 14 2015 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -476,9 +476,9 @@ chacha20-poly1305 at openssh.com
.Pp
The default is:
.Bd -literal -offset indent
+chacha20-poly1305 at openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
-aes128-gcm at openssh.com,aes256-gcm at openssh.com,
-chacha20-poly1305 at openssh.com
+aes128-gcm at openssh.com,aes256-gcm at openssh.com
.Ed
.Pp
The list of available ciphers may also be obtained using the
@@ -1528,7 +1528,7 @@ If this option is set to
.Pa ~/.ssh/known_hosts
.Cm from
and
-.Xr sshd_config 5
+.Nm
.Cm Match
.Cm Host
directives.
Modified: vendor-crypto/openssh/dist/sshkey.c
==============================================================================
--- vendor-crypto/openssh/dist/sshkey.c Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/sshkey.c Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.20 2015/07/03 03:43:18 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.21 2015/08/19 23:19:01 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@@ -1556,7 +1556,6 @@ dsa_generate_private_key(u_int bits, DSA
*dsap = NULL;
if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
NULL, NULL) || !DSA_generate_key(private)) {
- DSA_free(private);
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
Modified: vendor-crypto/openssh/dist/version.h
==============================================================================
--- vendor-crypto/openssh/dist/version.h Wed Aug 26 09:26:01 2015 (r287157)
+++ vendor-crypto/openssh/dist/version.h Wed Aug 26 09:27:05 2015 (r287158)
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.74 2015/08/02 09:56:42 djm Exp $ */
+/* $OpenBSD: version.h,v 1.75 2015/08/21 03:45:26 djm Exp $ */
-#define SSH_VERSION "OpenSSH_7.0"
+#define SSH_VERSION "OpenSSH_7.1"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
More information about the svn-src-all
mailing list