git: vendor/OPENSSH vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1
Antonio Huete Jimenez
tuxillo at crater.dragonflybsd.org
Mon Nov 28 10:37:17 PST 2022
commit ee11649955f6d79a768fb07c92b27e3ea6ebbd2a
Author: Antonio Huete Jimenez <tuxillo at quantumachine.net>
Date: Sun Nov 27 18:51:33 2022 +0100
vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1
Summary of notable changes:
* sshd(8): fix an integer overflow in the user authentication path
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
* ssh(1): unbreak hostbased auth using RSA keys.
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512 at openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers.
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
* scp(1): fix a memory leak in argument processing.
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code;
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* sftp-server(8): add a "users-groups-by-id at openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
* sshd(8): improve logging of errors when opening authorized_keys
files.
For a detailed list of changes, please check:
https://www.openssh.com/releasenotes.html
Summary of changes:
crypto/openssh/LICENCE | 22 +-
crypto/openssh/PROTOCOL | 171 +++-
crypto/openssh/PROTOCOL.agent | 85 +-
crypto/openssh/PROTOCOL.key | 12 +-
crypto/openssh/PROTOCOL.mux | 6 +-
crypto/openssh/README | 2 +-
crypto/openssh/addr.c | 32 +-
crypto/openssh/atomicio.c | 1 -
crypto/openssh/auth-options.c | 4 +-
crypto/openssh/auth-rhosts.c | 41 +-
crypto/openssh/auth.c | 221 +-----
crypto/openssh/auth.h | 29 +-
crypto/openssh/auth2-hostbased.c | 16 +-
crypto/openssh/auth2-kbdint.c | 5 +-
crypto/openssh/auth2-none.c | 5 +-
crypto/openssh/auth2-passwd.c | 13 +-
crypto/openssh/auth2-pubkey.c | 392 ++--------
crypto/openssh/auth2-pubkeyfile.c | 501 ++++++++++++
crypto/openssh/auth2.c | 70 +-
crypto/openssh/authfd.c | 117 ++-
crypto/openssh/authfd.h | 35 +-
crypto/openssh/authfile.c | 21 +-
crypto/openssh/channels.c | 604 +++++++++-----
crypto/openssh/channels.h | 33 +-
crypto/openssh/cipher.c | 13 -
crypto/openssh/clientloop.c | 246 +++---
crypto/openssh/compat.c | 15 +-
crypto/openssh/defines.h | 39 +-
crypto/openssh/dns.c | 4 +-
crypto/openssh/hostfile.c | 22 +-
crypto/openssh/includes.h | 1 -
crypto/openssh/kex.c | 48 +-
crypto/openssh/kex.h | 13 +-
crypto/openssh/kexgen.c | 35 +-
crypto/openssh/kexgexc.c | 24 +-
crypto/openssh/kexgexs.c | 14 +-
crypto/openssh/kexsntrup761x25519.c | 4 +-
crypto/openssh/krl.c | 4 +-
crypto/openssh/loginrec.c | 3 +-
crypto/openssh/misc.c | 156 ++--
crypto/openssh/misc.h | 6 +-
crypto/openssh/moduli | 868 ++++++++++-----------
crypto/openssh/moduli.5 | 9 +-
crypto/openssh/moduli.c | 14 +-
crypto/openssh/monitor.c | 40 +-
crypto/openssh/monitor_wrap.c | 2 +-
crypto/openssh/monitor_wrap.h | 4 +-
crypto/openssh/mux.c | 13 +-
crypto/openssh/myproposal.h | 3 +-
crypto/openssh/nchan.c | 10 +-
crypto/openssh/packet.c | 105 +--
crypto/openssh/packet.h | 3 +-
crypto/openssh/platform.c | 51 ++
crypto/openssh/platform.h | 1 +
crypto/openssh/readconf.c | 85 +-
crypto/openssh/readconf.h | 17 +-
crypto/openssh/readpass.c | 5 +-
crypto/openssh/rijndael.h | 5 +-
crypto/openssh/scp.1 | 25 +-
crypto/openssh/scp.c | 99 ++-
crypto/openssh/servconf.c | 45 +-
crypto/openssh/servconf.h | 5 +-
crypto/openssh/serverloop.c | 158 ++--
crypto/openssh/session.c | 5 +-
crypto/openssh/sftp-client.c | 531 ++++++++++---
crypto/openssh/sftp-client.h | 31 +-
crypto/openssh/sftp-common.c | 18 +-
crypto/openssh/sftp-common.h | 5 +-
crypto/openssh/sftp-glob.c | 8 +-
crypto/openssh/sftp-server-main.c | 2 -
crypto/openssh/sftp-server.c | 269 ++++++-
crypto/openssh/sftp-usergroup.c | 239 ++++++
.../openssh/{platform-misc.c => sftp-usergroup.h} | 26 +-
crypto/openssh/sftp.1 | 27 +-
crypto/openssh/sftp.c | 216 +++--
crypto/openssh/sk-api.h | 9 +-
crypto/openssh/ssh-add.1 | 88 ++-
crypto/openssh/ssh-add.c | 222 +++++-
crypto/openssh/ssh-agent.1 | 8 +-
crypto/openssh/ssh-agent.c | 711 ++++++++++++++++-
crypto/openssh/ssh-ed25519.c | 8 +-
crypto/openssh/ssh-keygen.1 | 255 ++++--
crypto/openssh/ssh-keygen.c | 431 ++++++----
crypto/openssh/ssh-keyscan.1 | 10 +-
crypto/openssh/ssh-keyscan.c | 84 +-
crypto/openssh/ssh-keysign.8 | 6 +-
crypto/openssh/ssh-keysign.c | 44 +-
crypto/openssh/ssh-pkcs11-helper.8 | 23 +-
crypto/openssh/ssh-pkcs11-helper.c | 4 +-
crypto/openssh/ssh-sk-client.c | 98 ++-
crypto/openssh/ssh-sk.h | 14 +-
crypto/openssh/ssh.1 | 24 +-
crypto/openssh/ssh.c | 50 +-
crypto/openssh/ssh_config.5 | 45 +-
crypto/openssh/sshbuf-getput-basic.c | 2 +-
crypto/openssh/sshbuf-getput-crypto.c | 2 +-
crypto/openssh/sshbuf-misc.c | 39 +-
crypto/openssh/sshbuf.c | 9 +-
crypto/openssh/sshbuf.h | 8 +-
crypto/openssh/sshconnect.c | 8 +-
crypto/openssh/sshconnect2.c | 151 ++--
crypto/openssh/sshd.8 | 14 +-
crypto/openssh/sshd.c | 123 +--
crypto/openssh/sshd_config.5 | 35 +-
crypto/openssh/sshkey.c | 125 +--
crypto/openssh/sshkey.h | 7 +-
crypto/openssh/sshlogin.c | 1 +
crypto/openssh/sshsig.c | 296 ++++---
crypto/openssh/sshsig.h | 6 +-
crypto/openssh/umac.c | 4 +-
crypto/openssh/umac.h | 4 +-
crypto/openssh/version.h | 4 +-
crypto/openssh/xmalloc.c | 5 +-
113 files changed, 6184 insertions(+), 2822 deletions(-)
create mode 100644 crypto/openssh/auth2-pubkeyfile.c
create mode 100644 crypto/openssh/sftp-usergroup.c
copy crypto/openssh/{platform-misc.c => sftp-usergroup.h} (63%)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ee11649955f6d79a768fb07c92b27e3ea6ebbd2a
--
DragonFly BSD source repository
More information about the Commits
mailing list