Author: des Date: Tue Feb 5 15:03:53 2019 New Revision: 343774 URL: https://svnweb.freebsd.org/changeset/base/343774
Log: Vendor import of OpenSSH 7.9p1. Added: vendor-crypto/openssh/dist/regress/misc/fuzz-harness/authopt_fuzz.cc vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1 vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha1.pub vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512 vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub vendor-crypto/openssh/dist/regress/unittests/sshkey/testdata/rsa_1_sha512.pub Modified: vendor-crypto/openssh/dist/.depend vendor-crypto/openssh/dist/.skipped-commit-ids vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/Makefile.in vendor-crypto/openssh/dist/PROTOCOL vendor-crypto/openssh/dist/PROTOCOL.krl vendor-crypto/openssh/dist/PROTOCOL.mux vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/auth-options.c vendor-crypto/openssh/dist/auth-passwd.c vendor-crypto/openssh/dist/auth.c vendor-crypto/openssh/dist/auth2-hostbased.c vendor-crypto/openssh/dist/auth2-pubkey.c vendor-crypto/openssh/dist/authfile.c vendor-crypto/openssh/dist/channels.c vendor-crypto/openssh/dist/channels.h vendor-crypto/openssh/dist/clientloop.c vendor-crypto/openssh/dist/config.h.in vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/dh.c vendor-crypto/openssh/dist/groupaccess.c vendor-crypto/openssh/dist/kexgexs.c vendor-crypto/openssh/dist/krl.c vendor-crypto/openssh/dist/krl.h vendor-crypto/openssh/dist/misc.c vendor-crypto/openssh/dist/misc.h vendor-crypto/openssh/dist/moduli vendor-crypto/openssh/dist/mux.c vendor-crypto/openssh/dist/myproposal.h vendor-crypto/openssh/dist/nchan.c vendor-crypto/openssh/dist/openbsd-compat/bsd-asprintf.c vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.c vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.c vendor-crypto/openssh/dist/openbsd-compat/port-linux.c vendor-crypto/openssh/dist/openbsd-compat/port-uw.c vendor-crypto/openssh/dist/openbsd-compat/setproctitle.c vendor-crypto/openssh/dist/openbsd-compat/xcrypt.c vendor-crypto/openssh/dist/readconf.c vendor-crypto/openssh/dist/readconf.h vendor-crypto/openssh/dist/regress/README.regress vendor-crypto/openssh/dist/regress/krl.sh vendor-crypto/openssh/dist/regress/misc/fuzz-harness/Makefile vendor-crypto/openssh/dist/regress/unittests/sshkey/common.c vendor-crypto/openssh/dist/regress/unittests/sshkey/mktestdata.sh vendor-crypto/openssh/dist/regress/unittests/sshkey/test_file.c vendor-crypto/openssh/dist/regress/unittests/sshkey/test_sshkey.c vendor-crypto/openssh/dist/regress/unittests/test_helper/fuzz.c vendor-crypto/openssh/dist/regress/unittests/test_helper/test_helper.c vendor-crypto/openssh/dist/sandbox-seccomp-filter.c vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/scp.1 vendor-crypto/openssh/dist/scp.c vendor-crypto/openssh/dist/servconf.c vendor-crypto/openssh/dist/servconf.h vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/session.h vendor-crypto/openssh/dist/sftp-common.c vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/sftp.1 vendor-crypto/openssh/dist/sftp.c vendor-crypto/openssh/dist/ssh-add.c vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keygen.1 vendor-crypto/openssh/dist/ssh-keygen.c vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.1 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/ssh_config.5 vendor-crypto/openssh/dist/sshconnect.c vendor-crypto/openssh/dist/sshconnect2.c vendor-crypto/openssh/dist/sshd.c vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/sshd_config.5 vendor-crypto/openssh/dist/sshkey.c vendor-crypto/openssh/dist/sshkey.h vendor-crypto/openssh/dist/version.h Modified: vendor-crypto/openssh/dist/.depend ============================================================================== --- vendor-crypto/openssh/dist/.depend Tue Feb 5 13:48:26 2019 (r343773) +++ vendor-crypto/openssh/dist/.depend Tue Feb 5 15:03:53 2019 (r343774) @@ -83,8 +83,8 @@ match.o: includes.h config.h defines.h platform.h open md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h -monitor.o: rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h +monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h +monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h @@ -156,7 +156,7 @@ sshd.o: includes.h config.h defines.h platform.h openb sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h +sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h Modified: vendor-crypto/openssh/dist/.skipped-commit-ids ============================================================================== --- vendor-crypto/openssh/dist/.skipped-commit-ids Tue Feb 5 13:48:26 2019 (r343773) +++ vendor-crypto/openssh/dist/.skipped-commit-ids Tue Feb 5 15:03:53 2019 (r343774) @@ -4,6 +4,7 @@ f2c9feb26963615c4fece921906cf72e248b61ee more Makefile fa728823ba21c4b45212750e1d3a4b2086fd1a62 more Makefile refactoring 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e moduli update 814b2f670df75759e1581ecef530980b2b3d7e0f remove redundant make defs +04431e8e7872f49a2129bf080a6b73c19d576d40 moduli update Old upstream tree: Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Tue Feb 5 13:48:26 2019 (r343773) +++ vendor-crypto/openssh/dist/ChangeLog Tue Feb 5 15:03:53 2019 (r343774) @@ -1,3 +1,827 @@ +commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d +Author: Damien Miller <d...@mindrot.org> +Date: Wed Oct 17 11:01:20 2018 +1100 + + Require OpenSSL 1.1.x series 1.1.0g or greater + + Previous versions have a bug with EVP_CipherInit() when passed a + NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 + + ok dtucker@ + +commit 08300c211409c212e010fe2e2f2883e573a04ce2 +Author: Damien Miller <d...@mindrot.org> +Date: Wed Oct 17 08:12:02 2018 +1100 + + unbreak compilation with --with-ssl-engine + + Missing last argument to OPENSSL_init_crypto() + +commit 1673274aee67ce0eb6f00578b6f3d2bcbd58f937 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Tue Oct 16 14:45:57 2018 +1100 + + Remove gcc spectre mitigation flags. + + Current impementions of the gcc spectre mitigation flags cause + miscompilations when combined with other flags and do not provide much + protection. Found by fweimer at redhat.com, ok djm@ + +commit 4e23deefd7959ef83c73ed9cce574423438f6133 +Author: Damien Miller <d...@mindrot.org> +Date: Tue Oct 16 10:51:52 2018 +1100 + + Avoid deprecated OPENSSL_config when using 1.1.x + + OpenSSL 1.1.x soft-deprecated OPENSSL_config in favour of + OPENSSL_init_crypto; pointed out by Jakub Jelen + +commit 797cdd9c8468ed1125ce60d590ae3f1397866af4 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Fri Oct 12 16:58:47 2018 +1100 + + Don't avoid our *sprintf replacements. + + Don't let systems with broken printf(3) avoid our replacements + via asprintf(3)/vasprintf(3) calling libc internally. From djm@ + +commit e526127cbd2f8ad88fb41229df0c9b850c722830 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Fri Oct 12 16:43:35 2018 +1100 + + Check if snprintf understands %zu. + + If the platforms snprintf and friends don't understand %zu, use the + compat replacement. Prevents segfaults on those platforms. + +commit cf39f875191708c5f2f1a3c1c9019f106e74aea3 +Author: Damien Miller <d...@mindrot.org> +Date: Fri Oct 12 09:48:05 2018 +1100 + + remove stale link, tweak + +commit a7205e68decf7de2005810853b4ce6b222b65e2a +Author: Damien Miller <d...@mindrot.org> +Date: Fri Oct 12 09:47:20 2018 +1100 + + update version numbers ahead of release + +commit 1a4a9cf80f5b92b9d1dadd0bfa8867c04d195391 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Oct 11 03:48:04 2018 +0000 + + upstream: don't send new-style rsa-sha2-*-cert-...@openssh.com names to + + older OpenSSH that can't handle them. spotted by Adam Eijdenberg; ok dtucker + + OpenBSD-Commit-ID: 662bbc402e3d7c9b6c322806269698106a6ae631 + +commit dc8ddcdf1a95e011c263486c25869bb5bf4e30ec +Author: Damien Miller <d...@mindrot.org> +Date: Thu Oct 11 13:08:59 2018 +1100 + + update depends + +commit 26841ac265603fd2253e6832e03602823dbb4022 +Author: Damien Miller <d...@mindrot.org> +Date: Thu Oct 11 13:02:11 2018 +1100 + + some more duplicated key algorithm lines + + From Adam Eijdenberg + +commit 5d9d17603bfbb620195a4581025052832b4c4adc +Author: Damien Miller <d...@mindrot.org> +Date: Thu Oct 11 11:56:36 2018 +1100 + + fix duplicated algorithm specification lines + + Spotted by Adam Eijdenberg + +commit ebfafd9c7a5b2a7fb515ee95dbe0e44e11d0a663 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Oct 11 00:52:46 2018 +0000 + + upstream: typo in plain RSA algorithm counterpart names for + + certificates; spotted by Adam Eijdenberg; ok dtucker@ + + OpenBSD-Commit-ID: bfcdeb6f4fc9e7607f5096574c8f118f2e709e00 + +commit c29b111e7d87c2324ff71c80653dd8da168c13b9 +Author: Damien Miller <d...@mindrot.org> +Date: Thu Oct 11 11:29:35 2018 +1100 + + check pw_passwd != NULL here too + + Again, for systems with broken NIS implementations. + + Prompted by coolbugcheckers AT gmail.com + +commit fe8e8f349a553ef4c567acd418aac769a82b7729 +Author: Damien Miller <d...@mindrot.org> +Date: Thu Oct 11 11:03:15 2018 +1100 + + check for NULL return from shadow_pw() + + probably unreachable on this platform; pointed out by + coolbugcheckers AT gmail.com + +commit acc59cbe7a1fb169e1c3caba65a39bd74d6e030d +Author: dera...@openbsd.org <dera...@openbsd.org> +Date: Wed Oct 10 16:43:49 2018 +0000 + + upstream: introducing openssh 7.9 + + OpenBSD-Commit-ID: 42d526a9fe01a40dd299ac58014d3349adf40e25 + +commit 12731158c75c8760a8bea06350eeb3e763fe1a07 +Author: Damien Miller <d...@mindrot.org> +Date: Thu Oct 11 10:29:29 2018 +1100 + + supply callback to PEM_read_bio_PrivateKey + + OpenSSL 1.1.0i has changed the behaviour of their PEM APIs, + so that empty passphrases are interpreted differently. This + probabalistically breaks loading some keys, because the PEM format + is terrible and doesn't include a proper MAC. + + Avoid this by providing a basic callback to avoid passing empty + passphrases to OpenSSL in cases where one is required. + + Based on patch from Jakub Jelen in bz#2913; ok dtucker@ + +commit d1d301a1dd5d6cc3a9ed93ab7ab09dda4cb456e0 +Author: Damien Miller <d...@mindrot.org> +Date: Wed Oct 10 14:57:00 2018 +1100 + + in pick_salt() avoid dereference of NULL passwords + + Apparently some NIS implementations can leave pw->pw_passwd (or the + shadow equivalent) NULL. + + bz#2909; based on patch from Todd Eigenschink + +commit edbb6febccee084d212fdc0cb05b40cb1c646ab1 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Tue Oct 9 05:42:23 2018 +0000 + + upstream: Treat all PEM_read_bio_PrivateKey() errors when a passphrase + + is specified as "incorrect passphrase" instead of trying to choose between + that and "invalid format". + + libcrypto can return ASN1 parsing errors rather than the expected + decrypt error in certain infrequent cases when trying to decrypt/parse + PEM private keys when supplied with an invalid passphrase. + + Report and repro recipe from Thomas Deutschmann in bz#2901 + + ok markus@ + + OpenBSD-Commit-ID: b1d4cd92395f9743f81c0d23aab2524109580870 + +commit 2581333d564d8697837729b3d07d45738eaf5a54 +Author: na...@openbsd.org <na...@openbsd.org> +Date: Fri Oct 5 14:26:09 2018 +0000 + + upstream: Support using service names for port numbers. + + * Try to resolve a port specification with getservbyname(3) if a + numeric conversion fails. + * Make the "Port" option in ssh_config handle its argument as a + port rather than a plain integer. + + ok dtucker@ deraadt@ + + OpenBSD-Commit-ID: e7f03633133205ab3dfbc67f9df7475fabae660d + +commit e0d6501e86734c48c8c503f81e1c0926e98c5c4c +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Oct 4 07:47:35 2018 +0000 + + upstream: when the peer sends a channel-close message, make sure we + + close the local extended read fd (stderr) along with the regular read fd + (stdout). Avoids weird stuck processed in multiplexing mode. + + Report and analysis by Nelson Elhage and Geoffrey Thomas in bz#2863 + + ok dtucker@ markus@ + + OpenBSD-Commit-ID: a48a2467fe938de4de69d2e7193d5fa701f12ae9 + +commit 6f1aabb128246f445e33b8844fad3de9cb1d18cb +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Oct 4 01:04:52 2018 +0000 + + upstream: factor out channel status formatting from + + channel_open_message() so we can use it in other debug messages + + OpenBSD-Commit-ID: 9c3903ca28fcabad57f566c9d0045b41ab7d52ba + +commit f1dd179e122bdfdb7ca3072d9603607740efda05 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Oct 4 00:10:11 2018 +0000 + + upstream: include a little more information about the status and + + disposition of channel's extended (stderr) fd; makes debugging some things a + bit easier. No behaviour change. + + OpenBSD-Commit-ID: 483eb6467dc7d5dbca8eb109c453e7a43075f7ce + +commit 2d1428b11c8b6f616f070f2ecedce12328526944 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Oct 4 00:04:41 2018 +0000 + + upstream: explicit_bzero here to be consistent with other kex*.c; + + report from coolbugcheckers AT gmail.com + + OpenBSD-Commit-ID: a90f146c5b5f5b1408700395e394f70b440856cb + +commit 5eff5b858e717e901e6af6596306a114de9f79f2 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Oct 3 06:38:35 2018 +0000 + + upstream: Allow ssh_config IdentityAgent directive to accept + + environment variable names as well as explicit paths. ok dtucker@ + + OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b + +commit a46ac4d86b25414d78b632e8173578b37e5f8a83 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Tue Oct 2 12:51:58 2018 +0000 + + upstream: mention i...@openssh.com for sending SIGINFO + + OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900 + +commit ff3a411cae0b484274b7900ef52ff4dad3e12876 +Author: Damien Miller <d...@mindrot.org> +Date: Tue Oct 2 22:49:40 2018 +1000 + + only support SIGINFO on systems with SIGINFO + +commit cd98925c6405e972dc9f211afc7e75e838abe81c +Author: d...@openbsd.org <d...@openbsd.org> +Date: Tue Oct 2 12:40:07 2018 +0000 + + upstream: Add server support for signalling sessions via the SSH + + channel/ session protocol. Signalling is only supported to sesssions that are + not subsystems and were not started with a forced command. + + Long requested in bz#1424 + + Based on a patch from markus@ and reworked by dtucker@; + ok markus@ dtucker@ + + OpenBSD-Commit-ID: 4bea826f575862eaac569c4bedd1056a268be1c3 + +commit dba50258333f2604a87848762af07ba2cc40407a +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 26 07:32:44 2018 +0000 + + upstream: remove big ugly TODO comment from start of file. Some of + + the mentioned tasks are obsolete and, of the remainder, most are already + captured in PROTOCOL.mux where they better belong + + OpenBSD-Commit-ID: 16d9d76dee42a5bb651c9d6740f7f0ef68aeb407 + +commit 92b61a38ee9b765f5049f03cd1143e13f3878905 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 26 07:30:05 2018 +0000 + + upstream: Document mux proxy mode; added by Markus in openssh-7.4 + + Also add a little bit of information about the overall packet format + + OpenBSD-Commit-ID: bdb6f6ea8580ef96792e270cae7857786ad84a95 + +commit 9d883a1ce4f89b175fd77405ff32674620703fb2 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 26 01:48:57 2018 +0000 + + upstream: s/process_mux_master/mux_master_process/ in mux master + + function names, + + Gives better symmetry with the existing mux_client_*() names and makes + it more obvious when a message comes from the master vs client (they + are interleved in ControlMaster=auto mode). + + no functional change beyond prefixing a could of log messages with + __func__ where they were previously lacking. + + OpenBSD-Commit-ID: b01f7c3fdf92692e1713a822a89dc499333daf75 + +commit c2fa53cd6462da82d3a851dc3a4a3f6b920337c8 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Sat Sep 22 14:41:24 2018 +1000 + + Remove unused variable in _ssh_compat_fflush. + +commit d1b3540c21212624af907488960d703c7d987b42 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Thu Sep 20 18:08:43 2018 +1000 + + Import updated moduli. + +commit b5e412a8993ad17b9e1141c78408df15d3d987e1 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 21 12:46:22 2018 +0000 + + upstream: Allow ssh_config ForwardX11Timeout=0 to disable the + + timeout and allow X11 connections in untrusted mode indefinitely. ok dtucker@ + + OpenBSD-Commit-ID: ea1ceed3f540b48e5803f933e59a03b20db10c69 + +commit cb24d9fcc901429d77211f274031653476864ec6 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 21 12:23:17 2018 +0000 + + upstream: when compiled with GSSAPI support, cache supported method + + OIDs by calling ssh_gssapi_prepare_supported_oids() regardless of whether + GSSAPI authentication is enabled in the main config. + + This avoids sandbox violations for configurations that enable GSSAPI + auth later, e.g. + + Match user djm + GSSAPIAuthentication yes + + bz#2107; ok dtucker@ + + OpenBSD-Commit-ID: a5dd42d87c74e27cfb712b15b0f97ab20e0afd1d + +commit bbc8af72ba68da014d4de6e21a85eb5123384226 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 21 12:20:12 2018 +0000 + + upstream: In sshkey_in_file(), ignore keys that are considered for + + being too short (i.e. SSH_ERR_KEY_LENGTH). These keys will not be considered + to be "in the file". This allows key revocation lists to contain short keys + without the entire revocation list being considered invalid. + + bz#2897; ok dtucker + + OpenBSD-Commit-ID: d9f3d857d07194a42ad7e62889a74dc3f9d9924b + +commit 383a33d160cefbfd1b40fef81f72eadbf9303a66 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 21 03:11:36 2018 +0000 + + upstream: Treat connections with ProxyJump specified the same as ones + + with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't + try to canonicalise the hostname unless CanonicalizeHostname is set to + 'always'). + + Patch from Sven Wegener via bz#2896 + + OpenBSD-Commit-ID: 527ff501cf98bf65fb4b29ed0cb847dda10f4d37 + +commit 0cbed248ed81584129b67c348dbb801660f25a6a +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 20 23:40:16 2018 +0000 + + upstream: actually make CASignatureAlgorithms available as a config + + option + + OpenBSD-Commit-ID: 93fa7ff58314ed7b1ab7744090a6a91232e6ae52 + +commit 62528870c0ec48cd86a37dd7320fb85886c3e6ee +Author: dtuc...@openbsd.org <dtuc...@openbsd.org> +Date: Thu Sep 20 08:07:03 2018 +0000 + + upstream: Import updated moduli. + + OpenBSD-Commit-ID: 04431e8e7872f49a2129bf080a6b73c19d576d40 + +commit e6933a2ffa0659d57f3c7b7c457b2c62b2a84613 +Author: j...@openbsd.org <j...@openbsd.org> +Date: Thu Sep 20 06:58:48 2018 +0000 + + upstream: reorder CASignatureAlgorithms, and add them to the + + various -o lists; ok djm + + OpenBSD-Commit-ID: ecb88baecc3c54988b4d1654446ea033da359288 + +commit aa083aa9624ea7b764d5a81c4c676719a1a3e42b +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 20 03:31:49 2018 +0000 + + upstream: fix "ssh -Q sig" to show correct signature algorithm list + + (it was erroneously showing certificate algorithms); prompted by markus@ + + OpenBSD-Commit-ID: 1cdee002f2f0c21456979deeb887fc889afb154d + +commit ecac7e1f7add6b28874959a11f2238d149dc2c07 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 20 03:30:44 2018 +0000 + + upstream: add CASignatureAlgorithms option for the client, allowing + + it to specify which signature algorithms may be used by CAs when signing + certificates. Useful if you want to ban RSA/SHA1; ok markus@ + + OpenBSD-Commit-ID: 9159e5e9f67504829bf53ff222057307a6e3230f + +commit 86e5737c39153af134158f24d0cab5827cbd5852 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 20 03:28:06 2018 +0000 + + upstream: Add sshd_config CASignatureAlgorithms option to allow + + control over which signature algorithms a CA may use when signing + certificates. In particular, this allows a sshd to ban certificates signed + with RSA/SHA1. + + ok markus@ + + OpenBSD-Commit-ID: b05c86ef8b52b913ed48d54a9b9c1a7714d96bac + +commit f80e68ea7d62e2dfafc12f1a60ab544ae4033a0f +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 19 02:03:02 2018 +0000 + + upstream: Make "ssh-add -q" do what it says on the tin: silence + + output from successful operations. + + Based on patch from Thijs van Dijk; ok dtucker@ deraadt@ + + OpenBSD-Commit-ID: c4f754ecc055c10af166116ce7515104aa8522e1 + +commit 5e532320e9e51de720d5f3cc2596e95d29f6e98f +Author: mill...@openbsd.org <mill...@openbsd.org> +Date: Mon Sep 17 15:40:14 2018 +0000 + + upstream: When choosing a prime from the moduli file, avoid + + re-using the linenum variable for something that is not a line number to + avoid the confusion that resulted in the bug in rev. 1.64. This also lets us + pass the actual linenum to parse_prime() so the error messages include the + correct line number. OK markus@ some time ago. + + OpenBSD-Commit-ID: 4d8e5d3e924d6e8eb70053e3defa23c151a00084 + +commit cce8cbe0ed7d1ba3a575310e0b63c193326ae616 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Sat Sep 15 19:44:06 2018 +1000 + + Fix openssl-1.1 fallout for --without-openssl. + + ok djm@ + +commit 149519b9f201dac755f3cba4789f4d76fecf0ee1 +Author: Damien Miller <d...@mindrot.org> +Date: Sat Sep 15 19:37:48 2018 +1000 + + add futex(2) syscall to seccomp sandbox + + Apparently needed for some glibc/openssl combinations. + + Patch from Arkadiusz Miśkiewicz + +commit 4488ae1a6940af704c4dbf70f55bf2f756a16536 +Author: Damien Miller <d...@mindrot.org> +Date: Sat Sep 15 19:36:55 2018 +1000 + + really add source for authopt_fuzz this time + +commit 9201784b4a257c8345fbd740bcbdd70054885707 +Author: Damien Miller <d...@mindrot.org> +Date: Sat Sep 15 19:35:40 2018 +1000 + + remove accidentally checked-in authopt_fuzz binary + +commit beb9e522dc7717df08179f9e59f36b361bfa14ab +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 14 05:26:27 2018 +0000 + + upstream: second try, deals properly with missing and private-only + + Use consistent format in debug log for keys readied, offered and + received during public key authentication. + + This makes it a little easier to see what is going on, as each message + now contains (where available) the key filename, its type and fingerprint, + and whether the key is hosted in an agent or a token. + + OpenBSD-Commit-ID: f1c6a8e9cfc4e108c359db77f24f9a40e1e25ea7 + +commit 6bc5a24ac867bfdc3ed615589d69ac640f51674b +Author: Damien Miller <d...@mindrot.org> +Date: Fri Sep 14 15:16:34 2018 +1000 + + fuzzer harness for authorized_keys option parsing + +commit 6c8b82fc6929b6a9a3f645151b6ec26c5507d9ef +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 14 04:44:04 2018 +0000 + + upstream: revert following; deals badly with agent keys + + revision 1.285 + date: 2018/09/14 04:17:12; author: djm; state: Exp; lines: +47 -26; commitid: lflGFcNb2X2HebaK; + Use consistent format in debug log for keys readied, offered and + received during public key authentication. + + This makes it a little easier to see what is going on, as each message + now contains the key filename, its type and fingerprint, and whether + the key is hosted in an agent or a token. + + OpenBSD-Commit-ID: e496bd004e452d4b051f33ed9ae6a54ab918f56d + +commit 6da046f9c3374ce7e269ded15d8ff8bc45017301 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 14 04:17:44 2018 +0000 + + upstream: garbage-collect moribund ssh_new_private() API. + + OpenBSD-Commit-ID: 7c05bf13b094093dfa01848a9306c82eb6e95f6c + +commit 1f24ac5fc05252ceb1c1d0e8cab6a283b883c780 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 14 04:17:12 2018 +0000 + + upstream: Use consistent format in debug log for keys readied, + + offered and received during public key authentication. + + This makes it a little easier to see what is going on, as each message + now contains the key filename, its type and fingerprint, and whether + the key is hosted in an agent or a token. + + OpenBSD-Commit-ID: 2a01d59285a8a7e01185bb0a43316084b4f06a1f + +commit 488c9325bb7233e975dbfbf89fa055edc3d3eddc +Author: mill...@openbsd.org <mill...@openbsd.org> +Date: Thu Sep 13 15:23:32 2018 +0000 + + upstream: Fix warnings caused by user_from_uid() and group_from_gid() + + now returning const char *. + + OpenBSD-Commit-ID: b5fe571ea77cfa7b9035062829ab05eb87d7cc6f + +commit 0aa1f230846ebce698e52051a107f3127024a05a +Author: Damien Miller <d...@mindrot.org> +Date: Fri Sep 14 10:31:47 2018 +1000 + + allow SIGUSR1 as synonym for SIGINFO + + Lets users on those unfortunate operating systems that lack SIGINFO + still be able to obtain progress information from unit tests :) + +commit d64e78526596f098096113fcf148216798c327ff +Author: Damien Miller <d...@mindrot.org> +Date: Thu Sep 13 19:05:48 2018 +1000 + + add compat header + +commit a3fd8074e2e2f06602e25618721f9556c731312c +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 13 09:03:20 2018 +0000 + + upstream: missed a bit of openssl-1.0.x API in this unittest + + OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9 + +commit 86e0a9f3d249d5580390daf58e015e68b01cef10 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 13 05:06:51 2018 +0000 + + upstream: use only openssl-1.1.x API here too + + OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f + +commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc +Author: Damien Miller <d...@mindrot.org> +Date: Thu Sep 13 12:13:50 2018 +1000 + + adapt -portable to OpenSSL 1.1x API + + Polyfill missing API with replacement functions extracted from LibreSSL + +commit 86112951d63d48839f035b5795be62635a463f99 +Author: Damien Miller <d...@mindrot.org> +Date: Thu Sep 13 12:12:42 2018 +1000 + + forgot to stage these test files in commit d70d061 + +commit 482d23bcacdd3664f21cc82a5135f66fc598275f +Author: d...@openbsd.org <d...@openbsd.org> +Date: Thu Sep 13 02:08:33 2018 +0000 + + upstream: hold our collective noses and use the openssl-1.1.x API in + + OpenSSH; feedback and ok tb@ jsing@ markus@ + + OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417 + +commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:36:45 2018 +0000 + + upstream: Include certs with multiple RSA signature variants in + + test data Ensure that cert->signature_key is populated correctly + + OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a + +commit f803b2682992cfededd40c91818b653b5d923ef5 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:23:48 2018 +0000 + + upstream: test revocation by explicit hash and by fingerprint + + OpenBSD-Regress-ID: 079c18a9ab9663f4af419327c759fc1e2bc78fd8 + +commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:22:43 2018 +0000 + + upstream: s/sshkey_demote/sshkey_from_private/g + + OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4 + +commit 41c115a5ea1cb79a6a3182773c58a23f760e8076 +Author: Damien Miller <d...@mindrot.org> +Date: Wed Sep 12 16:50:01 2018 +1000 + + delete the correct thing; kexfuzz binary + +commit f0fcd7e65087db8c2496f13ed39d772f8e38b088 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 06:18:59 2018 +0000 + + upstream: fix edit mistake; spotted by jmc@ + + OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6 + +commit 4cc259bac699f4d2a5c52b92230f9e488c88a223 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:34:02 2018 +0000 + + upstream: add SSH_ALLOWED_CA_SIGALGS - the default list of + + signature algorithms that are allowed for CA signatures. Notably excludes + ssh-dsa. + + ok markus@ + + OpenBSD-Commit-ID: 1628e4181dc8ab71909378eafe5d06159a22deb4 + +commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:32:54 2018 +0000 + + upstream: add sshkey_check_cert_sigtype() that checks a + + cert->signature_type against a supplied whitelist; ok markus + + OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302 + +commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:31:30 2018 +0000 + + upstream: add cert->signature_type field and keep it in sync with + + certificate signature wrt loading and certification operations; ok markus@ + + OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3 + +commit 357128ac48630a9970e3af0e6ff820300a28da47 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:30:10 2018 +0000 + + upstream: Add "ssh -Q sig" to allow listing supported signature + + algorithms ok markus@ + + OpenBSD-Commit-ID: 7a8c6eb6c249dc37823ba5081fce64876d10fe2b + +commit 9405c6214f667be604a820c6823b27d0ea77937d +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:21:34 2018 +0000 + + upstream: allow key revocation by SHA256 hash and allow ssh-keygen + + to create KRLs using SHA256/base64 key fingerprints; ok markus@ + + OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94 + +commit 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Wed Sep 12 01:19:12 2018 +0000 + + upstream: log certificate fingerprint in authentication + + success/failure message (previously we logged only key ID and CA key + fingerprint). + + ok markus@ + + OpenBSD-Commit-ID: a8ef2d172b7f1ddbcce26d6434b2de6d94f6c05d + +commit de37ca909487d23e5844aca289b3f5e75d3f1e1f +Author: dtuc...@openbsd.org <dtuc...@openbsd.org> +Date: Fri Sep 7 04:26:56 2018 +0000 + + upstream: Add FALLTHROUGH comments where appropriate. Patch from + + jjelen at redhat via bz#2687. + + OpenBSD-Commit-ID: c48eb457be697a19d6d2950c6d0879f3ccc851d3 + +commit 247766cd3111d5d8c6ea39833a3257ca8fb820f2 +Author: d...@openbsd.org <d...@openbsd.org> +Date: Fri Sep 7 01:42:54 2018 +0000 + + upstream: ssh -MM requires confirmation for all operations that + + change the multiplexing state, not just new sessions. + + mention that confirmation is checked via ssh-askpass + + OpenBSD-Commit-ID: 0f1b45551ebb9cc5c9a4fe54ad3b23ce90f1f5c2 + +commit db8bb80e3ac1bcb3e1305d846cd98c6b869bf03f +Author: mes...@openbsd.org <mes...@openbsd.org> +Date: Tue Aug 28 12:25:53 2018 +0000 + + upstream: fix misplaced parenthesis inside if-clause. it's harmless + + and the only issue is showing an unknown error (since it's not defined) + during fatal(), if it ever an error occurs inside that condition. + + OK deraadt@ markus@ djm@ + + OpenBSD-Commit-ID: acb0a8e6936bfbe590504752d01d1d251a7101d8 + +commit 086cc614f550b7d4f100c95e472a6b6b823938ab +Author: mes...@openbsd.org <mes...@openbsd.org> +Date: Tue Aug 28 12:17:45 2018 +0000 + + upstream: fix build with DEBUG_PK enabled + + OK dtucker@ + + OpenBSD-Commit-ID: ec1568cf27726e9638a0415481c20c406e7b441c + +commit 2678833013e97f8b18f09779b7f70bcbf5eb2ab2 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Fri Sep 7 14:41:53 2018 +1000 + + Handle ngroups>_SC_NGROUPS_MAX. + + Based on github pull request #99 from Darren Maffat at Oracle: Solaris' + getgrouplist considers _SC_NGROUPS_MAX more of a guideline and can return + a larger number of groups. In this case, retry getgrouplist with a + larger array and defer allocating groups_byname. ok djm@ + +commit 039bf2a81797b8f3af6058d34005a4896a363221 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Fri Sep 7 14:06:57 2018 +1000 + + Initial len for the fmt=NULL case. + + Patch from jjelen at redhat via bz#2687. (OpenSSH never calls + setproctitle with a null format so len is always initialized). + +commit ea9c06e11d2e8fb2f4d5e02f8a41e23d2bd31ca9 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Fri Sep 7 14:01:39 2018 +1000 + + Include stdlib.h. + + Patch from jjelen at redhat via bz#2687. + +commit 9617816dbe73ec4d65075f4d897443f63a97c87f +Author: Damien Miller <d...@mindrot.org> +Date: Mon Aug 27 13:08:01 2018 +1000 + + document some more regress control env variables + + Specifically SKIP_UNIT, USE_VALGRING and LTESTS. Sort the list of + environment variables. + + Based on patch from Jakub Jelen + commit 71508e06fab14bc415a79a08f5535ad7bffa93d9 Author: Damien Miller <d...@mindrot.org> Date: Thu Aug 23 15:41:42 2018 +1000 @@ -8880,862 +9704,3 @@ Date: Thu Oct 20 03:42:09 2016 +1100 Remote channels .orig and .rej files. These files were incorrectly added during an OpenBSD sync. - -commit 246aa842a4ad368d8ce030495e657ef3a0e1f95c -Author: dtuc...@openbsd.org <dtuc...@openbsd.org> -Date: Tue Oct 18 17:32:54 2016 +0000 - - upstream commit - - Remove channel_input_port_forward_request(); the only caller - was the recently-removed SSH1 server code so it's now dead code. ok markus@ - - Upstream-ID: 05453983230a1f439562535fec2818f63f297af9 - -commit 2c6697c443d2c9c908260eed73eb9143223e3ec9 -Author: mill...@openbsd.org <mill...@openbsd.org> -Date: Tue Oct 18 12:41:22 2016 +0000 - - upstream commit - - Install a signal handler for tty-generated signals and - wait for the ssh child to suspend before suspending sftp. This lets ssh - restore the terminal mode as needed when it is suspended at the password - prompt. OK dtucker@ - - Upstream-ID: a31c1f42aa3e2985dcc91e46e6a17bd22e372d69 - -commit fd2a8f1033fa2316fff719fd5176968277560158 -Author: j...@openbsd.org <j...@openbsd.org> -Date: Sat Oct 15 19:56:25 2016 +0000 - - upstream commit - - various formatting fixes, specifically removing Dq; - - Upstream-ID: 81e85df2b8e474f5f93d66e61d9a4419ce87347c - -commit 8f866d8a57b9a2dc5dd04504e27f593b551618e3 -Author: Darren Tucker <dtuc...@zip.com.au> -Date: Wed Oct 19 03:26:09 2016 +1100 - - Import readpassphrase.c rev 1.26. - - Author: mil...@openbsd.org: - Avoid generate SIGTTOU when restoring the terminal mode. If we get - SIGTTOU it means the process is not in the foreground process group - which, in most cases, means that the shell has taken control of the tty. - Requiring the user the fg the process in this case doesn't make sense - and can result in both SIGTSTP and SIGTTOU being sent which can lead to - the process being suspended again immediately after being brought into - the foreground. - -commit f901440cc844062c9bab0183d133f7ccc58ac3a5 -Author: Darren Tucker <dtuc...@zip.com.au> -Date: Wed Oct 19 03:23:16 2016 +1100 - - Import readpassphrase.c rev 1.25. - - Wrap <readpassphrase.h> so internal calls go direct and - readpassphrase is weak. - - (DEF_WEAK is a no-op in portable.) - -commit 032147b69527e5448a511049b2d43dbcae582624 -Author: Darren Tucker <dtuc...@zip.com.au> -Date: Sat Oct 15 05:51:12 2016 +1100 - - Move DEF_WEAK into defines.h. - - As well pull in more recent changes from OpenBSD these will start to - arrive so put it where the definition is shared. - -commit e0259a82ddd950cfb109ddee86fcebbc09c6bd04 -Author: Darren Tucker <dtuc...@zip.com.au> -Date: Sat Oct 15 04:34:46 2016 +1100 - - Remove do_pam_set_tty which is dead code. - - The callers of do_pam_set_tty were removed in 2008, so this is now dead - code. bz#2604, pointed out by jjelen at redhat.com. - -commit ca04de83f210959ad2ed870a30ba1732c3ae00e3 -Author: Damien Miller <d...@mindrot.org> -Date: Thu Oct 13 18:53:43 2016 +1100 - - unbreak principals-command test - - Undo inconsistetly updated variable name. - -commit 1723ec92eb485ce06b4cbf49712d21975d873909 -Author: d...@openbsd.org <d...@openbsd.org> -Date: Tue Oct 11 21:49:54 2016 +0000 - - upstream commit - - fix the KEX fuzzer - the previous method of obtaining the - packet contents was broken. This now uses the new per-packet input hook, so - it sees exact post-decrypt packets and doesn't have to pass packet integrity - checks. ok markus@ - - Upstream-Regress-ID: 402fb6ffabd97de590e8e57b25788949dce8d2fd - -commit 09f997893f109799cddbfce6d7e67f787045cbb2 -Author: nat...@openbsd.org <nat...@openbsd.org> -Date: Thu Oct 6 09:31:38 2016 +0000 - - upstream commit - - Move USER out of the way to unbreak the BUILDUSER - mechanism. ok tb - - Upstream-Regress-ID: 74ab9687417dd071d62316eaadd20ddad1d5af3c - -commit 3049a012c482a7016f674db168f23fd524edce27 -Author: bl...@openbsd.org <bl...@openbsd.org> -Date: Fri Sep 30 11:55:20 2016 +0000 - - upstream commit - - In ssh tests set REGRESS_FAIL_EARLY with ?= so that the - environment can change it. OK djm@ - - Upstream-Regress-ID: 77bcb50e47b68c7209c7f0a5a020d73761e5143b - -commit 39af7b444db28c1cb01b7ea468a4f574a44f375b -Author: d...@openbsd.org <d...@openbsd.org> -Date: Tue Oct 11 21:47:45 2016 +0000 - - upstream commit - - Add a per-packet input hook that is called with the - decrypted packet contents. This will be used for fuzzing; ok markus@ - - Upstream-ID: a3221cee6b1725dd4ae1dd2c13841b4784cb75dc - -commit ec165c392ca54317dbe3064a8c200de6531e89ad *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"