From: Peter Avalos Date: Tue, 20 Sep 2011 23:58:41 +0000 (-0700) Subject: Update files for OpenSSH-5.9p1 import. X-Git-Url: https://gitweb.dragonflybsd.org/~polachok/dragonfly.git/commitdiff_plain/fa7cb8cead68200ada34caec5db4b217e3db696b Update files for OpenSSH-5.9p1 import. --- diff --git a/crypto/openssh/README.DRAGONFLY b/crypto/openssh/README.DRAGONFLY index b1a9fa8282..88a4a7c82a 100644 --- a/crypto/openssh/README.DRAGONFLY +++ b/crypto/openssh/README.DRAGONFLY @@ -9,6 +9,7 @@ Upgrading notes: Update config.h and version.h in secure/lib/libssh. Update ssh{,d}_config and ssh{,d}_config.5. +Update ssh_namespace.h Used in: lib/pam_module/pam_ssh/ diff --git a/crypto/openssh/ssh-vulnkey.c b/crypto/openssh/ssh-vulnkey.c index e9552e2b7d..e7f20124c8 100644 --- a/crypto/openssh/ssh-vulnkey.c +++ b/crypto/openssh/ssh-vulnkey.c @@ -273,7 +273,6 @@ main(int argc, char **argv) /* We don't need the RNG ourselves, but symbol references here allow * ld to link us properly. */ - init_rng(); seed_rng(); while ((opt = getopt(argc, argv, "ahq")) != -1) { diff --git a/crypto/openssh/ssh_config b/crypto/openssh/ssh_config index cb43fe1d27..d606951cf7 100644 --- a/crypto/openssh/ssh_config +++ b/crypto/openssh/ssh_config @@ -40,7 +40,7 @@ # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ -# VersionAddendum DragonFly-20110408 +# VersionAddendum DragonFly-20110920 # XAuthLocation /usr/pkg/bin/xauth # Tunnel no diff --git a/crypto/openssh/ssh_config.5 b/crypto/openssh/ssh_config.5 index 82a8bf80d3..923b71b948 100644 --- a/crypto/openssh/ssh_config.5 +++ b/crypto/openssh/ssh_config.5 @@ -1216,7 +1216,7 @@ in Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq DragonFly-20110408 . +.Dq DragonFly-20110920 . .It Cm VisualHostKey If this flag is set to .Dq yes , diff --git a/crypto/openssh/ssh_namespace.h b/crypto/openssh/ssh_namespace.h index 7169aebdd9..cfa19594ad 100644 --- a/crypto/openssh/ssh_namespace.h +++ b/crypto/openssh/ssh_namespace.h @@ -211,6 +211,7 @@ #define dispatch_run ssh_dispatch_run #define dispatch_set ssh_dispatch_set #define do_log ssh_do_log +#define do_log2 ssh_do_log2 #define dump_base64 ssh_dump_base64 #define enable_compat13 ssh_enable_compat13 #define enable_compat20 ssh_enable_compat20 @@ -252,6 +253,7 @@ #define incoming_stream ssh_incoming_stream #define init_hostkeys ssh_init_hostkeys #define init_rng ssh_init_rng +#define iptos2str ssh_iptos2str #define ipv64_normalise_mapped ssh_ipv64_normalise_mapped #define key_curve_name_to_nid ssh_key_curve_name_to_nid #define key_curve_nid_to_bits ssh_key_curve_nid_to_bits @@ -301,6 +303,7 @@ #define key_in_file ssh_key_in_file #define key_is_cert ssh_key_is_cert #define key_load_cert ssh_key_load_cert +#define key_load_file ssh_key_load_file #define key_load_private ssh_key_load_private #define key_load_private_cert ssh_key_load_private_cert #define key_load_private_pem ssh_key_load_private_pem @@ -310,6 +313,7 @@ #define key_names_valid2 ssh_key_names_valid2 #define key_new ssh_key_new #define key_new_private ssh_key_new_private +#define key_parse_private ssh_key_parse_private #define key_perm_ok ssh_key_perm_ok #define key_read ssh_key_read #define key_save_private ssh_key_save_private @@ -461,6 +465,7 @@ #define schnorr_verify ssh_schnorr_verify #define schnorr_verify_buf ssh_schnorr_verify_buf #define seed_rng ssh_seed_rng +#define set_log_handler ssh_set_log_handler #define set_newkeys ssh_set_newkeys #define set_nodelay ssh_set_nodelay #define set_nonblock ssh_set_nonblock diff --git a/crypto/openssh/sshd_config b/crypto/openssh/sshd_config index 5fbb77dfa8..bf9968ee81 100644 --- a/crypto/openssh/sshd_config +++ b/crypto/openssh/sshd_config @@ -13,7 +13,7 @@ # Note that some of DragonFly's defaults differ from OpenBSD's, and # DragonFly has a few additional options. -#VersionAddendum DragonFly-20110408 +#VersionAddendum DragonFly-20110920 #Port 22 #AddressFamily any diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 index 244a37eaa3..86f7cfec9b 100644 --- a/crypto/openssh/sshd_config.5 +++ b/crypto/openssh/sshd_config.5 @@ -1114,7 +1114,7 @@ restrictions. Specifies a string to append to the regular version string to identify OS- or site-specific modifications. The default is -.Dq DragonFly-20110408 . +.Dq DragonFly-20110920 . .It Cm X11DisplayOffset Specifies the first display number available for .Xr sshd 8 Ns 's diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 6beb4a859f..f5ef7b5973 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -15,7 +15,8 @@ SRCS= acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c \ msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c jpake.c \ schnorr.c ssh-pkcs11.c # Portability layer -SRCS+= bsd-misc.c getrrsetbyname.c glob.c port-tun.c timingsafe_bcmp.c +SRCS+= bsd-misc.c getrrsetbyname.c glob.c openssl-compat.c \ + port-tun.c timingsafe_bcmp.c # FreeBSD additions SRCS+= version.c diff --git a/secure/lib/libssh/config.h b/secure/lib/libssh/config.h index d3ec45df41..7b44d76dcc 100644 --- a/secure/lib/libssh/config.h +++ b/secure/lib/libssh/config.h @@ -1,6 +1,9 @@ /* config.h. Generated from config.h.in by configure. */ /* config.h.in. Generated from configure.ac by autoheader. */ +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + /* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address */ /* #undef AIX_GETNAMEINFO_HACK */ @@ -121,10 +124,7 @@ #define DISABLE_WTMPX 1 /* Enable for PKCS#11 support */ -#define ENABLE_PKCS11 - -/* Builtin PRNG command timeout */ -#define ENTROPY_TIMEOUT_MSEC 200 +#define ENABLE_PKCS11 /**/ /* File names may not contain backslash characters */ /* #undef FILESYSTEM_NO_BACKSLASH */ @@ -751,6 +751,9 @@ /* Define to 1 if you have the `recvmsg' function. */ #define HAVE_RECVMSG 1 +/* sys/resource.h has RLIMIT_NPROC */ +#define HAVE_RLIMIT_NPROC /**/ + /* Define to 1 if you have the header file. */ #define HAVE_RPC_TYPES_H 1 @@ -763,6 +766,12 @@ /* Define to 1 if you have the `RSA_get_default_method' function. */ #define HAVE_RSA_GET_DEFAULT_METHOD 1 +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SANDBOX_H */ + +/* Define to 1 if you have the `sandbox_init' function. */ +/* #undef HAVE_SANDBOX_INIT */ + /* define if you have sa_family_t data type */ #define HAVE_SA_FAMILY_T 1 @@ -949,13 +958,13 @@ /* define if you have struct sockaddr_in6 data type */ #define HAVE_STRUCT_SOCKADDR_IN6 1 -/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */ +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ #define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 /* define if you have struct sockaddr_storage data type */ #define HAVE_STRUCT_SOCKADDR_STORAGE 1 -/* Define to 1 if `st_blksize' is member of `struct stat'. */ +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ #define HAVE_STRUCT_STAT_ST_BLKSIZE 1 /* Define to 1 if the system has the type `struct timespec'. */ @@ -1121,7 +1130,7 @@ #define HAVE_USER_FROM_UID 1 /* Define to 1 if you have the header file. */ -/* #undef HAVE_UTIL_H */ +#define HAVE_UTIL_H 1 /* Define to 1 if you have the `utimes' function. */ #define HAVE_UTIMES 1 @@ -1260,7 +1269,7 @@ from environment and PATH */ #define LOGIN_PROGRAM_FALLBACK "/usr/bin/login" -/* Set this to your mail directory if you don't have maillock.h */ +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ /* #undef MAIL_DIRECTORY */ /* Define on *nto-qnx systems */ @@ -1330,6 +1339,18 @@ /* read(1) can return 0 for a non-closed fd */ /* #undef PTY_ZEROREAD */ +/* Sandbox using Darwin sandbox_init(3) */ +/* #undef SANDBOX_DARWIN */ + +/* no privsep sandboxing */ +/* #undef SANDBOX_NULL */ + +/* Sandbox using setrlimit(2) */ +#define SANDBOX_RLIMIT 1 + +/* Sandbox using systrace(4) */ +/* #undef SANDBOX_SYSTRACE */ + /* Define if your platform breaks doing a seteuid before a setuid */ /* #undef SETEUID_BREAKS_SETUID */ @@ -1340,6 +1361,7 @@ #define SIZEOF_INT 4 /* The size of `long int', as computed by sizeof. */ +/* This doesn't matter since we have int64_t */ #define SIZEOF_LONG_INT 4 /* The size of `long long int', as computed by sizeof. */ @@ -1461,9 +1483,17 @@ /* Define if you want SELinux support. */ /* #undef WITH_SELINUX */ -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ -/* #undef WORDS_BIGENDIAN */ +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif /* Define if xauth is found in your path */ /* #undef XAUTH_PATH */ diff --git a/secure/lib/libssh/version.h b/secure/lib/libssh/version.h index baca6e3dd6..855204764e 100644 --- a/secure/lib/libssh/version.h +++ b/secure/lib/libssh/version.h @@ -5,8 +5,8 @@ #define SSH_VERSION (ssh_version_get()) #define SSH_RELEASE (ssh_version_get()) -#define SSH_VERSION_BASE "OpenSSH_5.8p1-hpn13v11" -#define SSH_VERSION_ADDENDUM "DragonFly-20110408" +#define SSH_VERSION_BASE "OpenSSH_5.9p1-hpn13v11" +#define SSH_VERSION_ADDENDUM "DragonFly-20110920" const char *ssh_version_get(void); void ssh_version_set_addendum(const char *add); diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index 7894e5e617..4521afac9d 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -15,7 +15,8 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ auth2-gss.c gss-serv.c gss-serv-krb5.c \ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ sftp-server.c sftp-common.c \ - roaming_common.c roaming_serv.c + roaming_common.c roaming_serv.c \ + sandbox-rlimit.c WARNS?= 0