git: IMPORT openssh-9.8p1
Matthew Dillon
dillon at crater.dragonflybsd.org
Sun Jul 7 09:15:12 PDT 2024
commit ba1276acd1c8c22d225b1bcf370a14c878644f44
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Thu Jul 4 17:39:39 2024 -0700
IMPORT openssh-9.8p1
* Fixes CVE-2024-6387-openssh
* NOTE that DragonFly is not known to be vulnerable to this CVE, but
because it is a general signal race we are updating sshd anyway,
just in case.
Summary of changes:
crypto/openssh/PROTOCOL | 84 +-
crypto/openssh/PROTOCOL.agent | 40 +-
crypto/openssh/PROTOCOL.key | 4 +-
crypto/openssh/PROTOCOL.krl | 55 +-
crypto/openssh/PROTOCOL.mux | 4 +-
crypto/openssh/README | 3 +-
crypto/openssh/README.DELETED | 711 +-
crypto/openssh/README.DRAGONFLY | 23 +-
crypto/openssh/addr.c | 85 +-
crypto/openssh/addr.h | 4 +
crypto/openssh/audit-bsm.c | 455 +
crypto/openssh/audit-linux.c | 124 +
crypto/openssh/audit.c | 184 +
crypto/openssh/auth-bsdauth.c | 143 +
crypto/openssh/auth-krb5.c | 273 +
crypto/openssh/auth-options.c | 29 +-
crypto/openssh/auth-pam.c | 89 +-
crypto/openssh/auth-pam.h | 2 +-
crypto/openssh/auth-rhosts.c | 5 +-
crypto/openssh/auth-shadow.c | 141 +
crypto/openssh/auth-sia.c | 115 +
crypto/openssh/auth.c | 118 +-
crypto/openssh/auth.h | 15 +-
crypto/openssh/auth2-gss.c | 332 +
crypto/openssh/auth2-hostbased.c | 22 +-
crypto/openssh/auth2-kbdint.c | 7 +-
crypto/openssh/auth2-methods.c | 134 +
crypto/openssh/auth2-none.c | 13 +-
crypto/openssh/auth2-passwd.c | 9 +-
crypto/openssh/auth2-pubkey.c | 54 +-
crypto/openssh/auth2-pubkeyfile.c | 3 +-
crypto/openssh/auth2.c | 109 +-
crypto/openssh/authfd.c | 45 +-
crypto/openssh/authfd.h | 5 +-
crypto/openssh/authfile.c | 4 +-
crypto/openssh/canohost.c | 7 +-
crypto/openssh/chacha.c | 3 +-
crypto/openssh/channels.c | 427 +-
crypto/openssh/channels.h | 34 +-
crypto/openssh/cipher-aes.c | 161 +
crypto/openssh/cipher-aesctr.c | 83 +
crypto/openssh/cipher-chachapoly-libcrypto.c | 3 +-
...-chachapoly-libcrypto.c => cipher-chachapoly.c} | 74 +-
crypto/openssh/cipher.c | 25 +-
crypto/openssh/cipher.h | 3 +-
crypto/openssh/clientloop.c | 470 +-
crypto/openssh/clientloop.h | 3 +-
crypto/openssh/compat.c | 67 +-
crypto/openssh/compat.h | 14 +-
crypto/openssh/config.guess | 1774 ++
crypto/openssh/config.h.in | 2051 ++
crypto/openssh/config.log | 16255 +++++++++++
crypto/openssh/config.sub | 1907 ++
crypto/openssh/configure | 27691 +++++++++++++++++++
crypto/openssh/configure.ac | 5761 ++++
crypto/openssh/contrib/ssh-copy-id | 75 +-
crypto/openssh/contrib/ssh-copy-id.1 | 79 +-
crypto/openssh/crypto_api.h | 4 +-
crypto/openssh/digest-libc.c | 267 +
crypto/openssh/dispatch.c | 3 +-
crypto/openssh/dns.c | 8 +-
crypto/openssh/dns.h | 4 +-
crypto/openssh/ed25519.c | 2048 +-
crypto/openssh/ed25519.sh | 119 +
crypto/openssh/entropy.c | 34 -
crypto/openssh/fe25519.c | 337 -
crypto/openssh/fe25519.h | 70 -
crypto/openssh/ge25519.c | 321 -
crypto/openssh/ge25519.h | 43 -
crypto/openssh/ge25519_base.data | 858 -
crypto/openssh/gss-genr.c | 303 +
crypto/openssh/gss-serv-krb5.c | 211 +
crypto/openssh/gss-serv.c | 404 +
crypto/openssh/hostfile.c | 15 +-
crypto/openssh/install-sh | 541 +
crypto/openssh/kex-names.c | 330 +
crypto/openssh/kex.c | 647 +-
crypto/openssh/kex.h | 23 +-
crypto/openssh/kexgexs.c | 7 +-
crypto/openssh/krl.c | 281 +-
crypto/openssh/krl.h | 10 +-
crypto/openssh/log.c | 19 +-
crypto/openssh/log.h | 9 +-
crypto/openssh/loginrec.c | 4 +-
crypto/openssh/match.c | 5 +-
crypto/openssh/misc.c | 384 +-
crypto/openssh/misc.h | 30 +-
crypto/openssh/moduli | 887 +-
crypto/openssh/moduli.c | 13 +-
crypto/openssh/monitor.c | 74 +-
crypto/openssh/monitor.h | 6 +-
crypto/openssh/monitor_wrap.c | 239 +-
crypto/openssh/monitor_wrap.h | 17 +-
crypto/openssh/msg.c | 5 +-
crypto/openssh/mux.c | 86 +-
crypto/openssh/nchan.c | 4 +-
crypto/openssh/packet.c | 232 +-
crypto/openssh/packet.h | 7 +-
crypto/openssh/pathnames.h | 7 +-
crypto/openssh/platform-listen.c | 84 +
crypto/openssh/platform-pledge.c | 71 +
crypto/openssh/platform-tracing.c | 76 +
crypto/openssh/platform.c | 49 +-
crypto/openssh/platform.h | 12 +-
crypto/openssh/poly1305.c | 3 +-
crypto/openssh/progressmeter.c | 94 +-
crypto/openssh/readconf.c | 443 +-
crypto/openssh/readconf.h | 22 +-
crypto/openssh/readpass.c | 9 +-
crypto/openssh/rijndael.c | 1129 +
crypto/openssh/sandbox-capsicum.c | 128 +
crypto/openssh/sandbox-darwin.c | 99 +
crypto/openssh/sandbox-null.c | 72 +
crypto/openssh/sandbox-pledge.c | 77 +
crypto/openssh/sandbox-seccomp-filter.c | 543 +
crypto/openssh/sandbox-solaris.c | 114 +
crypto/openssh/sandbox-systrace.c | 218 +
crypto/openssh/sc25519.c | 308 -
crypto/openssh/sc25519.h | 80 -
crypto/openssh/scp.1 | 29 +-
crypto/openssh/scp.c | 240 +-
crypto/openssh/servconf.c | 640 +-
crypto/openssh/servconf.h | 51 +-
crypto/openssh/serverloop.c | 149 +-
crypto/openssh/session.c | 98 +-
crypto/openssh/session.h | 4 +-
crypto/openssh/sftp-client.c | 489 +-
crypto/openssh/sftp-client.h | 76 +-
crypto/openssh/sftp-common.c | 4 +-
crypto/openssh/sftp-glob.c | 60 +-
crypto/openssh/sftp-server.c | 16 +-
crypto/openssh/sftp-usergroup.c | 8 +-
crypto/openssh/sftp.1 | 18 +-
crypto/openssh/sftp.c | 242 +-
crypto/openssh/sntrup761.c | 44 +-
crypto/openssh/srclimit.c | 396 +-
crypto/openssh/srclimit.h | 22 +-
crypto/openssh/ssh-add.1 | 22 +-
crypto/openssh/ssh-add.c | 109 +-
crypto/openssh/ssh-agent.1 | 47 +-
crypto/openssh/ssh-agent.c | 319 +-
crypto/openssh/ssh-dss.c | 290 +-
crypto/openssh/ssh-ecdsa-sk.c | 171 +-
crypto/openssh/ssh-ecdsa.c | 320 +-
crypto/openssh/ssh-ed25519-sk.c | 139 +-
crypto/openssh/ssh-ed25519.c | 181 +-
crypto/openssh/ssh-keygen.1 | 39 +-
crypto/openssh/ssh-keygen.c | 91 +-
crypto/openssh/ssh-keyscan.1 | 56 +-
crypto/openssh/ssh-keyscan.c | 166 +-
crypto/openssh/ssh-keysign.8 | 6 +-
crypto/openssh/ssh-keysign.c | 9 +-
crypto/openssh/ssh-pkcs11-client.c | 656 +
crypto/openssh/ssh-pkcs11-helper.0 | 35 +
crypto/openssh/ssh-pkcs11.c | 1901 ++
crypto/openssh/ssh-pkcs11.h | 5 +-
crypto/openssh/ssh-rsa.c | 353 +-
crypto/openssh/ssh-xmss.c | 389 +
crypto/openssh/ssh.1 | 44 +-
crypto/openssh/ssh.c | 178 +-
crypto/openssh/ssh2.h | 8 +-
crypto/openssh/ssh_api.c | 29 +-
crypto/openssh/ssh_config | 4 +-
crypto/openssh/ssh_config.5 | 188 +-
crypto/openssh/sshbuf-getput-crypto.c | 4 +-
crypto/openssh/sshbuf.c | 27 +-
crypto/openssh/sshbuf.h | 26 +-
crypto/openssh/sshconnect.c | 67 +-
crypto/openssh/sshconnect.h | 10 +-
crypto/openssh/sshconnect2.c | 169 +-
crypto/openssh/{sshd.c => sshd-session.c} | 1468 +-
crypto/openssh/sshd.8 | 29 +-
crypto/openssh/sshd.c | 1757 +-
crypto/openssh/sshd_config | 2 +-
crypto/openssh/sshd_config.5 | 253 +-
crypto/openssh/sshkey-xmss.c | 1113 +
crypto/openssh/sshkey-xmss.h | 4 +-
crypto/openssh/sshkey.c | 2076 +-
crypto/openssh/sshkey.h | 85 +-
crypto/openssh/sshsig.c | 43 +-
crypto/openssh/umac.c | 5 +-
crypto/openssh/verify.c | 49 -
crypto/openssh/version.h | 4 +-
crypto/openssh/xmss_commons.c | 36 +
crypto/openssh/xmss_commons.h | 21 +
crypto/openssh/xmss_fast.c | 1106 +
crypto/openssh/xmss_hash.c | 137 +
crypto/openssh/xmss_hash.h | 22 +
crypto/openssh/xmss_hash_address.c | 66 +
crypto/openssh/xmss_hash_address.h | 40 +
crypto/openssh/xmss_wots.c | 192 +
crypto/openssh/xmss_wots.h | 64 +
lib/libssh/Makefile | 64 +-
libexec/Makefile | 1 +
libexec/sshd-session/Makefile | 45 +
.../sshd => libexec/sshd-session}/Makefile.etc | 0
.../sshd-session}/auth-passwd-custom.c | 0
.../sshd-session}/sshd_config_expect | 0
usr.bin/ssh-add/Makefile | 2 +-
usr.bin/ssh-agent/Makefile | 4 +-
usr.bin/ssh-keygen/Makefile | 2 +-
usr.bin/ssh-keyscan/Makefile | 2 +
usr.bin/ssh/Makefile | 1 +
usr.sbin/sshd/Makefile | 22 +-
204 files changed, 80291 insertions(+), 10025 deletions(-)
create mode 100644 crypto/openssh/audit-bsm.c
create mode 100644 crypto/openssh/audit-linux.c
create mode 100644 crypto/openssh/audit.c
create mode 100644 crypto/openssh/auth-bsdauth.c
create mode 100644 crypto/openssh/auth-krb5.c
create mode 100644 crypto/openssh/auth-shadow.c
create mode 100644 crypto/openssh/auth-sia.c
create mode 100644 crypto/openssh/auth2-gss.c
create mode 100644 crypto/openssh/auth2-methods.c
create mode 100644 crypto/openssh/cipher-aes.c
create mode 100644 crypto/openssh/cipher-aesctr.c
copy crypto/openssh/{cipher-chachapoly-libcrypto.c => cipher-chachapoly.c} (64%)
create mode 100755 crypto/openssh/config.guess
create mode 100644 crypto/openssh/config.h.in
create mode 100644 crypto/openssh/config.log
create mode 100755 crypto/openssh/config.sub
create mode 100755 crypto/openssh/configure
create mode 100644 crypto/openssh/configure.ac
create mode 100644 crypto/openssh/digest-libc.c
create mode 100644 crypto/openssh/ed25519.sh
delete mode 100644 crypto/openssh/fe25519.c
delete mode 100644 crypto/openssh/fe25519.h
delete mode 100644 crypto/openssh/ge25519.c
delete mode 100644 crypto/openssh/ge25519.h
delete mode 100644 crypto/openssh/ge25519_base.data
create mode 100644 crypto/openssh/gss-genr.c
create mode 100644 crypto/openssh/gss-serv-krb5.c
create mode 100644 crypto/openssh/gss-serv.c
create mode 100755 crypto/openssh/install-sh
create mode 100644 crypto/openssh/kex-names.c
create mode 100644 crypto/openssh/platform-listen.c
create mode 100644 crypto/openssh/platform-pledge.c
create mode 100644 crypto/openssh/platform-tracing.c
create mode 100644 crypto/openssh/rijndael.c
create mode 100644 crypto/openssh/sandbox-capsicum.c
create mode 100644 crypto/openssh/sandbox-darwin.c
create mode 100644 crypto/openssh/sandbox-null.c
create mode 100644 crypto/openssh/sandbox-pledge.c
create mode 100644 crypto/openssh/sandbox-seccomp-filter.c
create mode 100644 crypto/openssh/sandbox-solaris.c
create mode 100644 crypto/openssh/sandbox-systrace.c
delete mode 100644 crypto/openssh/sc25519.c
delete mode 100644 crypto/openssh/sc25519.h
create mode 100644 crypto/openssh/ssh-pkcs11-client.c
create mode 100644 crypto/openssh/ssh-pkcs11-helper.0
create mode 100644 crypto/openssh/ssh-pkcs11.c
create mode 100644 crypto/openssh/ssh-xmss.c
copy crypto/openssh/{sshd.c => sshd-session.c} (50%)
create mode 100644 crypto/openssh/sshkey-xmss.c
delete mode 100644 crypto/openssh/verify.c
create mode 100644 crypto/openssh/xmss_commons.c
create mode 100644 crypto/openssh/xmss_commons.h
create mode 100644 crypto/openssh/xmss_fast.c
create mode 100644 crypto/openssh/xmss_hash.c
create mode 100644 crypto/openssh/xmss_hash.h
create mode 100644 crypto/openssh/xmss_hash_address.c
create mode 100644 crypto/openssh/xmss_hash_address.h
create mode 100644 crypto/openssh/xmss_wots.c
create mode 100644 crypto/openssh/xmss_wots.h
create mode 100644 libexec/sshd-session/Makefile
copy {usr.sbin/sshd => libexec/sshd-session}/Makefile.etc (100%)
rename {usr.sbin/sshd => libexec/sshd-session}/auth-passwd-custom.c (100%)
copy {usr.sbin/sshd => libexec/sshd-session}/sshd_config_expect (100%)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/ba1276acd1c8c22d225b1bcf370a14c878644f44
--
DragonFly BSD source repository
More information about the Commits
mailing list