Import of OpenSSH 4.6p1

diff --git a/openssh/ChangeLog b/openssh/ChangeLog
index 5a6772aaa2bcfa1c34dc384397712f0b7a09b510..e746b83904c9fced6433eb4583e9bb1593aec058 100644 (file)
--- a/openssh/ChangeLog
+++ b/openssh/ChangeLog
@@ -1,3 +1,214 @@
+20070306
+ - (djm) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2007/03/01 16:19:33
+     [sshd_config.5]
+     sort the `match' keywords;
+   - djm@cvs.openbsd.org 2007/03/06 10:13:14
+     [version.h]
+     openssh-4.6; "please" deraadt@
+ - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+   [contrib/suse/openssh.spec] crank spec files for release
+ - (djm) [README] correct link to release notes
+ - (djm) Release 4.6p1
+
+20070304
+ - (djm) [configure.ac] add a --without-openssl-header-check option to
+   configure, as some platforms (OS X) ship OpenSSL headers whose version
+   does not match that of the shipping library. ok dtucker@
+ - (dtucker) [openbsd-compat/openssl-compat.h] Bug #1291: Work around a
+   bug in OpenSSL 0.9.8e that prevents aes256-ctr, aes192-ctr and arcfour256
+   ciphers from working correctly (disconnects with "Bad packet length"
+   errors) as found by Ben Harris.  ok djm@
+
+20070303
+ - (dtucker) [regress/agent-ptrace.sh] Make ttrace gdb error a little more
+   general to cover newer gdb versions on HP-UX.
+
+20070302
+ - (dtucker) [configure.ac] For Cygwin, read files in textmode (which allows
+   CRLF as well as LF lineendings) and write in binary mode.  Patch from
+   vinschen at redhat.com.
+ - (dtucker) [INSTALL] Update to autoconf-2.61.
+
+20070301
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2007/03/01 10:28:02
+     [auth2.c sshd_config.5 servconf.c]
+     Remove ChallengeResponseAuthentication support inside a Match
+     block as its interaction with KbdInteractive makes it difficult to
+     support.  Also, relocate the CR/kbdint option special-case code into
+     servconf.  "please commit" djm@, ok markus@ for the relocation.
+ - (tim) [buildpkg.sh.in openssh.xml.in] Clean up Solaris 10 smf(5) bits.
+   "Looks sane" dtucker@
+
+20070228
+ - (dtucker) OpenBSD CVS Sync
+   - dtucker@cvs.openbsd.org 2007/02/28 00:55:30
+     [ssh-agent.c]
+     Remove expired keys periodically so they don't remain in memory when
+     the agent is entirely idle, as noted by David R. Piegdon.  This is the
+     simple fix, a more efficient one will be done later.  With markus,
+     deraadt, with & ok djm.
+
+20070225
+ - (dtucker) OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2007/02/20 10:25:14
+     [clientloop.c]
+     set maximum packet and window sizes the same for multiplexed clients
+     as normal connections; ok markus@
+   - dtucker@cvs.openbsd.org 2007/02/21 11:00:05
+     [sshd.c]
+     Clear alarm() before restarting sshd on SIGHUP.  Without this, if there's
+     a SIGALRM pending (for SSH1 key regeneration) when sshd is SIGHUP'ed, the
+     newly exec'ed sshd will get the SIGALRM and not have a handler for it,
+     and the default action will terminate the listening sshd.  Analysis and
+     patch from andrew at gaul.org.
+   - dtucker@cvs.openbsd.org 2007/02/22 12:58:40
+     [servconf.c]
+     Check activep so Match and GatewayPorts work together; ok markus@
+   - ray@cvs.openbsd.org 2007/02/24 03:30:11
+     [moduli.c]
+     - strlen returns size_t, not int.
+     - Pass full buffer size to fgets.
+     OK djm@, millert@, and moritz@.
+
+20070219
+  - (dtucker) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2007/01/10 13:23:22
+     [ssh_config.5]
+     do not use a list for SYNOPSIS;
+     this is actually part of a larger report sent by eric s. raymond
+     and forwarded by brad, but i only read half of it. spotted by brad.
+   - jmc@cvs.openbsd.org 2007/01/12 20:20:41
+     [ssh-keygen.1 ssh-keygen.c]
+     more secsh -> rfc 4716 updates;
+     spotted by wiz@netbsd
+     ok markus
+   - dtucker@cvs.openbsd.org 2007/01/17 23:22:52
+     [readconf.c]
+     Honour activep for times (eg ServerAliveInterval) while parsing
+     ssh_config and ~/.ssh/config so they work properly with Host directives.
+     From mario.lorenz@wincor-nixdorf.com via bz #1275.  ok markus@
+   - stevesk@cvs.openbsd.org 2007/01/21 01:41:54
+     [auth-skey.c kex.c ssh-keygen.c session.c clientloop.c]
+     spaces
+   - stevesk@cvs.openbsd.org 2007/01/21 01:45:35
+     [readconf.c]
+     spaces
+   - djm@cvs.openbsd.org 2007/01/22 11:32:50
+     [sftp-client.c]
+     return error from do_upload() when a write fails. fixes bz#1252: zero
+     exit status from sftp when uploading to a full device. report from
+     jirkat AT atlas.cz; ok dtucker@
+   - djm@cvs.openbsd.org 2007/01/22 13:06:21
+     [scp.c]
+     fix detection of whether we should show progress meter or not: scp
+     tested isatty(stderr) but wrote the progress meter to stdout. This patch
+     makes it test stdout. bz#1265 reported by junkmail AT bitsculpture.com;
+     of dtucker@
+   - stevesk@cvs.openbsd.org 2007/02/14 14:32:00
+     [bufbn.c]
+     typos in comments; ok jmc@
+   - dtucker@cvs.openbsd.org 2007/02/19 10:45:58
+     [monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
+     Teach Match how handle config directives that are used before
+     authentication.  This allows configurations such as permitting password
+     authentication from the local net only while requiring pubkey from
+     offsite.  ok djm@, man page bits ok jmc@
+ - (dtucker) [contrib/findssl.sh] Add "which" as a shell function since some
+   platforms don't have it.  Patch from dleonard at vintela.com.
+ - (dtucker) [openbsd-compat/getrrsetbyname.c] Don't attempt to calloc
+   an array for signatures when there are none since "calloc(0, n) returns
+   NULL on some platforms (eg Tru64), which is explicitly permitted by
+   POSIX.  Diagnosis and patch by svallet genoscope.cns.fr.
+
+20070128
+ - (djm) [channels.c serverloop.c] Fix so-called "hang on exit" (bz #52)
+   when closing a tty session when a background process still holds tty
+   fds open. Great detective work and patch by Marc Aurele La France,
+   slightly tweaked by me; ok dtucker@
+
+20070123
+ - (dtucker) [openbsd-compat/bsd-snprintf.c] Static declarations for public
+   library interfaces aren't very helpful. Fix up the DOPR_OUTCH macro
+   so it works properly and modify its callers so that they don't pre or
+   post decrement arguments that are conditionally evaluated. While there,
+   put SNPRINTF_CONST back as it prevents build failures in some
+   configurations.  ok djm@ (for most of it)
+
+20070122
+ - (djm) [ssh-rand-helper.8] manpage nits;
+   from dleonard AT vintela.com (bz#1529)
+
+20070117
+ - (dtucker) [packet.c] Re-remove in_systm.h since it's already in includes.h
+   and multiple including it causes problems on old IRIXes.  (It snuck back
+   in during a sync.)  Found (again) by Georg Schwarz.
+
+20070114
+ - (dtucker) [ssh-keygen.c] av -> argv to match earlier sync.
+ - (djm) [openbsd-compat/bsd-snprintf.c] Fix integer overflow in return
+   value of snprintf replacement, similar to bugs in various libc
+   implementations. This overflow is not exploitable in OpenSSH. 
+   While I'm fiddling with it, make it a fair bit faster by inlining the
+   append-char routine; ok dtucker@
+
+20070105
+ - (djm) OpenBSD CVS Sync
+   - deraadt@cvs.openbsd.org 2006/11/14 19:41:04
+     [ssh-keygen.c]
+     use argc and argv not some made up short form
+   - ray@cvs.openbsd.org 2006/11/23 01:35:11
+     [misc.c sftp.c]
+     Don't access buf[strlen(buf) - 1] for zero-length strings.
+     ``ok by me'' djm@.
+   - markus@cvs.openbsd.org 2006/12/11 21:25:46
+     [ssh-keygen.1 ssh.1]
+     add rfc 4716 (public key format); ok jmc
+   - djm@cvs.openbsd.org 2006/12/12 03:58:42
+     [channels.c compat.c compat.h]
+     bz #1019: some ssh.com versions apparently can't cope with the
+     remote port forwarding bind_address being a hostname, so send
+     them an address for cases where they are not explicitly
+     specified (wildcard or localhost bind).  reported by daveroth AT
+     acm.org; ok dtucker@ deraadt@
+   - dtucker@cvs.openbsd.org 2006/12/13 08:34:39
+     [servconf.c]
+     Make PermitOpen work with multiple values like the man pages says.
+     bz #1267 with details from peter at dmtz.com, with & ok djm@
+   - dtucker@cvs.openbsd.org 2006/12/14 10:01:14
+     [servconf.c]
+     Make "PermitOpen all" first-match within a block to match the way other
+     options work.  ok markus@ djm@
+   - jmc@cvs.openbsd.org 2007/01/02 09:57:25
+     [sshd_config.5]
+     do not use lists for SYNOPSIS;
+     from eric s. raymond via brad
+   - stevesk@cvs.openbsd.org 2007/01/03 00:53:38
+     [ssh-keygen.c]
+     remove small dead code; arnaud.lacombe.1@ulaval.ca via Coverity scan
+   - stevesk@cvs.openbsd.org 2007/01/03 03:01:40
+     [auth2-chall.c channels.c dns.c sftp.c ssh-keygen.c ssh.c]
+     spaces
+   - stevesk@cvs.openbsd.org 2007/01/03 04:09:15
+     [sftp.c]
+     ARGSUSED for lint
+   - stevesk@cvs.openbsd.org 2007/01/03 07:22:36
+     [sftp-server.c]
+     spaces
+
+20061205
+ - (djm) [auth.c] Fix NULL pointer dereference in fakepw().  Crash would
+   occur if the server did not have the privsep user and an invalid user
+   tried to login and both privsep and krb5 auth are disabled; ok dtucker@
+ - (djm) [bsd-asprintf.c] Better test for bad vsnprintf lengths; ok dtucker@
+
+20061108
+ - (dtucker) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2006/11/07 13:02:07
+     [dh.c]
+     BN_hex2bn returns int; from dtucker@
+

 20061107
  - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
    if we absolutely need it.  Pointed out by Corinna, ok djm@
 20061107
  - (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it
    if we absolutely need it.  Pointed out by Corinna, ok djm@


@@ -13,7 +224,6 @@
      dtucker@
  - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
    versions.
      dtucker@
  - (dtucker) [README contrib/{caldera,redhat,contrib}/openssh.spec] Bump
    versions.

- - (dtucker) [dh.c] Type fix for BN_hex2bn; ok markus@

  - (dtucker) Release 4.5p1.
 
 20061105
  - (dtucker) Release 4.5p1.
 
 20061105

diff --git a/openssh/INSTALL b/openssh/INSTALL
index 73b4cc5c02b9c84cc9c493825dc30d84c6548978..92001d4f36acde030b3d7076c8f3af3243ef8b19 100644 (file)
--- a/openssh/INSTALL
+++ b/openssh/INSTALL
@@ -70,8 +70,9 @@ http://sourceforge.net/projects/libedit/
 Autoconf:
 
 If you modify configure.ac or configure doesn't exist (eg if you checked
 Autoconf:
 
 If you modify configure.ac or configure doesn't exist (eg if you checked

-the code out of CVS yourself) then you will need autoconf-2.60 to rebuild
-the automatically generated files by running "autoreconf".
+the code out of CVS yourself) then you will need autoconf-2.61 to rebuild
+the automatically generated files by running "autoreconf".  Earlier
+version may also work but this is not guaranteed.

 
 http://www.gnu.org/software/autoconf/
 
 
 http://www.gnu.org/software/autoconf/
 

diff --git a/openssh/README b/openssh/README
index 2c2c9aae4d6e17e991a7f9ebf10f79707daf882a..2d67d7a6418fa71a15676d94429dc87aa8f8d9fa 100644 (file)
--- a/openssh/README
+++ b/openssh/README
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-4.5 for the release notes.
+See http://www.openssh.com/txt/release-4.6 for the release notes.

 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html
 
 - A Japanese translation of this document and of the OpenSSH FAQ is
 - available at http://www.unixuser.org/~haruyama/security/openssh/index.html

diff --git a/openssh/auth-skey.c b/openssh/auth-skey.c
index 25073dbae0d85464d7af2eee5f4750336aacbcf7..cb43dba485211e9b6eca84cf02e7ba127f8f802a 100644 (file)
--- a/openssh/auth-skey.c
+++ b/openssh/auth-skey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-skey.c,v 1.26 2006/08/05 08:28:24 dtucker Exp $ */
+/* $OpenBSD: auth-skey.c,v 1.27 2007/01/21 01:41:54 stevesk Exp $ */

 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *


@@ -59,8 +59,8 @@ skey_query(void *ctx, char **name, char **infotxt,
            sizeof(challenge)) == -1)
                return -1;
 
            sizeof(challenge)) == -1)
                return -1;
 

-       *name  = xstrdup("");
-       *infotxt  = xstrdup("");
+       *name = xstrdup("");
+       *infotxt = xstrdup("");

        *numprompts = 1;
        *prompts = xcalloc(*numprompts, sizeof(char *));
        *echo_on = xcalloc(*numprompts, sizeof(u_int));
        *numprompts = 1;
        *prompts = xcalloc(*numprompts, sizeof(char *));
        *echo_on = xcalloc(*numprompts, sizeof(u_int));

diff --git a/openssh/auth.c b/openssh/auth.c
index 5d23343b927873167989c40de5c396dbaa088f4c..505102f8ab57be897bf0f8f77657ffdc5680d437 100644 (file)
--- a/openssh/auth.c
+++ b/openssh/auth.c
@@ -569,8 +569,8 @@ fakepw(void)
        fake.pw_passwd =
            "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
        fake.pw_gecos = "NOUSER";
        fake.pw_passwd =
            "$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK";
        fake.pw_gecos = "NOUSER";

-       fake.pw_uid = privsep_pw->pw_uid;
-       fake.pw_gid = privsep_pw->pw_gid;
+       fake.pw_uid = privsep_pw == NULL ? (uid_t)-1 : privsep_pw->pw_uid;
+       fake.pw_gid = privsep_pw == NULL ? (gid_t)-1 : privsep_pw->pw_gid;

 #ifdef HAVE_PW_CLASS_IN_PASSWD
        fake.pw_class = "";
 #endif
 #ifdef HAVE_PW_CLASS_IN_PASSWD
        fake.pw_class = "";
 #endif

diff --git a/openssh/auth2-chall.c b/openssh/auth2-chall.c
index b78b739cdcaf99153fd86640f41c983522fb5468..51059c2bd6e0a63280b4d81025a626fb1881fdb8 100644 (file)
--- a/openssh/auth2-chall.c
+++ b/openssh/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.31 2006/08/05 08:28:24 dtucker Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.32 2007/01/03 03:01:40 stevesk Exp $ */

 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.


@@ -206,7 +206,7 @@ auth2_challenge_stop(Authctxt *authctxt)
 {
        /* unregister callback */
        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
 {
        /* unregister callback */
        dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);

-       if (authctxt->kbdintctxt != NULL)  {
+       if (authctxt->kbdintctxt != NULL) {

                kbdint_free(authctxt->kbdintctxt);
                authctxt->kbdintctxt = NULL;
        }
                kbdint_free(authctxt->kbdintctxt);
                authctxt->kbdintctxt = NULL;
        }

diff --git a/openssh/auth2.c b/openssh/auth2.c
index 2d880b57cf41e6b5b5922906d6e7928d0c5d58fe..b1a4e3635aa76d45282b772bf6cb7543016c47d1 100644 (file)
--- a/openssh/auth2.c
+++ b/openssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.113 2006/08/03 03:34:41 deraadt Exp $ */
+/* $OpenBSD: auth2.c,v 1.114 2007/03/01 10:28:02 dtucker Exp $ */

 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *


@@ -96,10 +96,6 @@ int user_key_allowed(struct passwd *, Key *);
 void
 do_authentication2(Authctxt *authctxt)
 {
 void
 do_authentication2(Authctxt *authctxt)
 {

-       /* challenge-response is implemented via keyboard interactive */
-       if (options.challenge_response_authentication)
-               options.kbd_interactive_authentication = 1;
-

        dispatch_init(&dispatch_protocol_error);
        dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
        dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
        dispatch_init(&dispatch_protocol_error);
        dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
        dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);

diff --git a/openssh/bufbn.c b/openssh/bufbn.c
index 9706ba8a86bb39c15727746e6270d92f90ceeb47..ce8fba5151f97bc4f98c1d8d0f2b9fde5a4085d1 100644 (file)
--- a/openssh/bufbn.c
+++ b/openssh/bufbn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bufbn.c,v 1.4 2006/11/06 21:25:28 markus Exp $*/
+/* $OpenBSD: bufbn.c,v 1.5 2007/02/14 14:32:00 stevesk Exp $*/

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -93,7 +93,7 @@ buffer_put_bignum(Buffer *buffer, const BIGNUM *value)
 }
 
 /*
 }
 
 /*

- * Retrieves an BIGNUM from the buffer.
+ * Retrieves a BIGNUM from the buffer.

  */
 int
 buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
  */
 int
 buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)


@@ -101,7 +101,7 @@ buffer_get_bignum_ret(Buffer *buffer, BIGNUM *value)
        u_int bits, bytes;
        u_char buf[2], *bin;
 
        u_int bits, bytes;
        u_char buf[2], *bin;
 

-       /* Get the number for bits. */
+       /* Get the number of bits. */

        if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
                error("buffer_get_bignum_ret: invalid length");
                return (-1);
        if (buffer_get_ret(buffer, (char *) buf, 2) == -1) {
                error("buffer_get_bignum_ret: invalid length");
                return (-1);


@@ -137,7 +137,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
 }
 
 /*
 }
 
 /*

- * Stores an BIGNUM in the buffer in SSH2 format.
+ * Stores a BIGNUM in the buffer in SSH2 format.

  */
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
  */
 int
 buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)

diff --git a/openssh/buildpkg.sh.in b/openssh/buildpkg.sh.in
index 17349f7fcf3e6981e2d2dbd7f1d796ac6c4395a2..8a96b9050c76553cb098c009cbde91d502a1ebf4 100644 (file)
--- a/openssh/buildpkg.sh.in
+++ b/openssh/buildpkg.sh.in
@@ -48,7 +48,7 @@ PKG_REQUEST_LOCAL=../pkg-request.local
 #
 OPENSSHD=opensshd.init
 OPENSSH_MANIFEST=openssh.xml
 #
 OPENSSHD=opensshd.init
 OPENSSH_MANIFEST=openssh.xml

-OPENSSH_FMRI=svc:/site/openssh:default
+OPENSSH_FMRI=svc:/site/${SYSVINIT_NAME}:default

 
 PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
 PATH_USERADD_PROG=@PATH_USERADD_PROG@
 
 PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
 PATH_USERADD_PROG=@PATH_USERADD_PROG@


@@ -202,8 +202,9 @@ then
        cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
        chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
 
        cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
        chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
 

-       cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
-       chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
+       cat ${OPENSSH_MANIFEST} | sed "s|__SYSVINIT_NAME__|${SYSVINIT_NAME}|" \
+           > $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml
+       chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml

 else
        mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
 
 else
        mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
 


@@ -334,9 +335,8 @@ then
        then
                svccfg delete -f $OPENSSH_FMRI
        fi
        then
                svccfg delete -f $OPENSSH_FMRI
        fi

-       # NOTE, if manifest enables sshd by default, this will actually
-       # start the daemon, which may not be what the user wants.
-       svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
+       # NOTE, The manifest disables sshd by default.
+       svccfg import ${TEST_DIR}/var/svc/manifest/site/${SYSVINIT_NAME}.xml

 else
        if [ "\${USE_SYM_LINKS}" = yes ]
        then
 else
        if [ "\${USE_SYM_LINKS}" = yes ]
        then


@@ -428,8 +428,6 @@ if [ "\${POST_INS_START}" = "yes" ]
 then
        if [ $DO_SMF -eq 1 ]
        then
 then
        if [ $DO_SMF -eq 1 ]
        then

-               # See svccfg import note above.  The service may already
-               # be started.

                svcadm enable $OPENSSH_FMRI
        else
                ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
                svcadm enable $OPENSSH_FMRI
        else
                ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start


@@ -544,7 +542,7 @@ PRE_INS_STOP=no
 POST_INS_START=no
 # determine if should restart the daemon
 if [ -s ${piddir}/sshd.pid  ] && \
 POST_INS_START=no
 # determine if should restart the daemon
 if [ -s ${piddir}/sshd.pid  ] && \

-    /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
+    /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1

 then
        ans=\`ckyorn -d n \
 -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
 then
        ans=\`ckyorn -d n \
 -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?

diff --git a/openssh/channels.c b/openssh/channels.c
index 26b63a1aae9047fb91a97fd412b40f25e85a8cca..c68ad6419f854849574baf8f6e1bcaf89b3babf5 100644 (file)
--- a/openssh/channels.c
+++ b/openssh/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.266 2006/08/29 10:40:18 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.268 2007/01/03 03:01:40 stevesk Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -1052,7 +1052,7 @@ channel_decode_socks5(Channel *c, fd_set *readset, fd_set *writeset)
                if (have < nmethods + 2)
                        return 0;
                /* look for method: "NO AUTHENTICATION REQUIRED" */
                if (have < nmethods + 2)
                        return 0;
                /* look for method: "NO AUTHENTICATION REQUIRED" */

-               for (found = 0, i = 2 ; i < nmethods + 2; i++) {
+               for (found = 0, i = 2; i < nmethods + 2; i++) {

                        if (p[i] == SSH_SOCKS5_NOAUTH) {
                                found = 1;
                                break;
                        if (p[i] == SSH_SOCKS5_NOAUTH) {
                                found = 1;
                                break;


@@ -1449,10 +1449,11 @@ channel_handle_rfd(Channel *c, fd_set *readset, fd_set *writeset)
        int len;
 
        if (c->rfd != -1 &&
        int len;
 
        if (c->rfd != -1 &&

-           FD_ISSET(c->rfd, readset)) {
+           (c->detach_close || FD_ISSET(c->rfd, readset))) {

                errno = 0;
                len = read(c->rfd, buf, sizeof(buf));
                errno = 0;
                len = read(c->rfd, buf, sizeof(buf));

-               if (len < 0 && (errno == EINTR || errno == EAGAIN))
+               if (len < 0 && (errno == EINTR ||
+                   (errno == EAGAIN && !(c->isatty && c->detach_close))))

                        return 1;
 #ifndef PTY_ZEROREAD
                if (len <= 0) {
                        return 1;
 #ifndef PTY_ZEROREAD
                if (len <= 0) {


@@ -1604,11 +1605,12 @@ channel_handle_efd(Channel *c, fd_set *readset, fd_set *writeset)
                                c->local_consumed += len;
                        }
                } else if (c->extended_usage == CHAN_EXTENDED_READ &&
                                c->local_consumed += len;
                        }
                } else if (c->extended_usage == CHAN_EXTENDED_READ &&

-                   FD_ISSET(c->efd, readset)) {
+                   (c->detach_close || FD_ISSET(c->efd, readset))) {

                        len = read(c->efd, buf, sizeof(buf));
                        debug2("channel %d: read %d from efd %d",
                            c->self, len, c->efd);
                        len = read(c->efd, buf, sizeof(buf));
                        debug2("channel %d: read %d from efd %d",
                            c->self, len, c->efd);

-                       if (len < 0 && (errno == EINTR || errno == EAGAIN))
+                       if (len < 0 && (errno == EINTR ||
+                           (errno == EAGAIN && !c->detach_close)))

                                return 1;
                        if (len <= 0) {
                                debug2("channel %d: closing read-efd %d",
                                return 1;
                        if (len <= 0) {
                                debug2("channel %d: closing read-efd %d",


@@ -2525,11 +2527,18 @@ channel_request_remote_forwarding(const char *listen_host, u_short listen_port,
        /* Send the forward request to the remote side. */
        if (compat20) {
                const char *address_to_bind;
        /* Send the forward request to the remote side. */
        if (compat20) {
                const char *address_to_bind;

-               if (listen_host == NULL)
-                       address_to_bind = "localhost";
-               else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0)
-                       address_to_bind = "";
-               else
+               if (listen_host == NULL) {
+                       if (datafellows & SSH_BUG_RFWD_ADDR)
+                               address_to_bind = "127.0.0.1";
+                       else
+                               address_to_bind = "localhost";
+               } else if (*listen_host == '\0' ||
+                          strcmp(listen_host, "*") == 0) {
+                       if (datafellows & SSH_BUG_RFWD_ADDR)
+                               address_to_bind = "0.0.0.0";
+                       else
+                               address_to_bind = "";
+               } else

                        address_to_bind = listen_host;
 
                packet_start(SSH2_MSG_GLOBAL_REQUEST);
                        address_to_bind = listen_host;
 
                packet_start(SSH2_MSG_GLOBAL_REQUEST);

diff --git a/openssh/clientloop.c b/openssh/clientloop.c
index 4c5108199c96000cb9f4179b79392625d3cf1869..c7362caa8ccc3e36e6ef3222dc12025c2916c544 100644 (file)
--- a/openssh/clientloop.c
+++ b/openssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.176 2006/10/11 12:38:03 markus Exp $ */
+/* $OpenBSD: clientloop.c,v 1.178 2007/02/20 10:25:14 djm Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -707,7 +707,7 @@ client_process_control(fd_set *readset)
 {
        Buffer m;
        Channel *c;
 {
        Buffer m;
        Channel *c;

-       int client_fd, new_fd[3], ver, allowed;
+       int client_fd, new_fd[3], ver, allowed, window, packetmax;

        socklen_t addrlen;
        struct sockaddr_storage addr;
        struct confirm_ctx *cctx;
        socklen_t addrlen;
        struct sockaddr_storage addr;
        struct confirm_ctx *cctx;


@@ -900,9 +900,15 @@ client_process_control(fd_set *readset)
 
        set_nonblock(client_fd);
 
 
        set_nonblock(client_fd);
 

+       window = CHAN_SES_WINDOW_DEFAULT;
+       packetmax = CHAN_SES_PACKET_DEFAULT;
+       if (cctx->want_tty) {
+               window >>= 1;
+               packetmax >>= 1;
+       }
+       

        c = channel_new("session", SSH_CHANNEL_OPENING,
        c = channel_new("session", SSH_CHANNEL_OPENING,

-           new_fd[0], new_fd[1], new_fd[2],
-           CHAN_SES_WINDOW_DEFAULT, CHAN_SES_PACKET_DEFAULT,
+           new_fd[0], new_fd[1], new_fd[2], window, packetmax,

            CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
 
        /* XXX */
            CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
 
        /* XXX */


@@ -1757,7 +1763,7 @@ client_request_agent(const char *request_type, int rchan)
                error("Warning: this is probably a break-in attempt by a malicious server.");
                return NULL;
        }
                error("Warning: this is probably a break-in attempt by a malicious server.");
                return NULL;
        }

-       sock =  ssh_get_authentication_socket();
+       sock = ssh_get_authentication_socket();

        if (sock < 0)
                return NULL;
        c = channel_new("authentication agent connection",
        if (sock < 0)
                return NULL;
        c = channel_new("authentication agent connection",

diff --git a/openssh/compat.c b/openssh/compat.c
index da67f9410d1c56a65754ba498d5818f9fea3044b..bc113158144bef3a0dda64a8664e5c87956d79f1 100644 (file)
--- a/openssh/compat.c
+++ b/openssh/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: compat.c,v 1.77 2006/12/12 03:58:42 djm Exp $ */

 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *


@@ -133,7 +133,8 @@ compat_datafellows(const char *version)
                { "2.3.*",              SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
                                        SSH_BUG_FIRSTKEX },
                { "2.4",                SSH_OLD_SESSIONID },    /* Van Dyke */
                { "2.3.*",              SSH_BUG_DEBUG|SSH_BUG_RSASIGMD5|
                                        SSH_BUG_FIRSTKEX },
                { "2.4",                SSH_OLD_SESSIONID },    /* Van Dyke */

-               { "2.*",                SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX },
+               { "2.*",                SSH_BUG_DEBUG|SSH_BUG_FIRSTKEX|
+                                       SSH_BUG_RFWD_ADDR },

                { "3.0.*",              SSH_BUG_DEBUG },
                { "3.0 SecureCRT*",     SSH_OLD_SESSIONID },
                { "1.7 SecureFX*",      SSH_OLD_SESSIONID },
                { "3.0.*",              SSH_BUG_DEBUG },
                { "3.0 SecureCRT*",     SSH_OLD_SESSIONID },
                { "1.7 SecureFX*",      SSH_OLD_SESSIONID },

diff --git a/openssh/compat.h b/openssh/compat.h
index 83d469d539a57d279615505f59224ed6b2fd7abb..4d8ebc908a425891fe3ed7a7c6c5c2797389afaf 100644 (file)
--- a/openssh/compat.h
+++ b/openssh/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.40 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.41 2006/12/12 03:58:42 djm Exp $ */

 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.


@@ -56,6 +56,7 @@
 #define SSH_BUG_PROBE          0x00400000
 #define SSH_BUG_FIRSTKEX       0x00800000
 #define SSH_OLD_FORWARD_ADDR   0x01000000
 #define SSH_BUG_PROBE          0x00400000
 #define SSH_BUG_FIRSTKEX       0x00800000
 #define SSH_OLD_FORWARD_ADDR   0x01000000

+#define SSH_BUG_RFWD_ADDR      0x02000000

 
 void     enable_compat13(void);
 void     enable_compat20(void);
 
 void     enable_compat13(void);
 void     enable_compat20(void);

diff --git a/openssh/configure.ac b/openssh/configure.ac
index e5fb98eb5a76ca391b16649bfc9972aa816c3393..a07aa3c3d75705795abf765a2193e27fb8c1158b 100644 (file)
--- a/openssh/configure.ac
+++ b/openssh/configure.ac
@@ -360,7 +360,7 @@ int main(void) { exit(0); }
        ;;
 *-*-cygwin*)
        check_for_libcrypt_later=1
        ;;
 *-*-cygwin*)
        check_for_libcrypt_later=1

-       LIBS="$LIBS /usr/lib/textmode.o"
+       LIBS="$LIBS /usr/lib/textreadmode.o"

        AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
        AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
        AC_DEFINE(DISABLE_SHADOW, 1,
        AC_DEFINE(HAVE_CYGWIN, 1, [Define if you are on Cygwin])
        AC_DEFINE(USE_PIPES, 1, [Use PIPES instead of a socketpair()])
        AC_DEFINE(DISABLE_SHADOW, 1,


@@ -1857,6 +1857,14 @@ int main(void) {
        ]
 )
 
        ]
 )
 

+AC_ARG_WITH(openssl-header-check,
+       [  --without-openssl-header-check Disable OpenSSL version consistency check],
+       [  if test "x$withval" = "xno" ; then
+               openssl_check_nonfatal=1
+          fi
+       ]
+)
+

 # Sanity check OpenSSL headers
 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
 AC_RUN_IFELSE(
 # Sanity check OpenSSL headers
 AC_MSG_CHECKING([whether OpenSSL's headers match the library])
 AC_RUN_IFELSE(


@@ -1870,9 +1878,18 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); }
        ],
        [
                AC_MSG_RESULT(no)
        ],
        [
                AC_MSG_RESULT(no)

-               AC_MSG_ERROR([Your OpenSSL headers do not match your library.
-Check config.log for details.
+               if test "x$openssl_check_nonfatal" = "x"; then
+                       AC_MSG_ERROR([Your OpenSSL headers do not match your
+library. Check config.log for details.
+If you are sure your installation is consistent, you can disable the check
+by running "./configure --without-openssl-header-check".
+Also see contrib/findssl.sh for help identifying header/library mismatches.
+])
+               else
+                       AC_MSG_WARN([Your OpenSSL headers do not match your
+library. Check config.log for details.

 Also see contrib/findssl.sh for help identifying header/library mismatches.])
 Also see contrib/findssl.sh for help identifying header/library mismatches.])

+               fi

        ],
        [
                AC_MSG_WARN([cross compiling: not checking])
        ],
        [
                AC_MSG_WARN([cross compiling: not checking])

diff --git a/openssh/contrib/caldera/openssh.spec b/openssh/contrib/caldera/openssh.spec
index 54c584dd3f4d83027e7e4f2c308e3c2d96044602..95b9129be59005f1e9eeb19b0efc01c8353d3893 100644 (file)
--- a/openssh/contrib/caldera/openssh.spec
+++ b/openssh/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable     1
 %if %{use_stable}
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable     1
 %if %{use_stable}

-  %define version      4.5p1
+  %define version      4.6p1

   %define cvs          %{nil}
   %define release      1
 %else
   %define cvs          %{nil}
   %define release      1
 %else

diff --git a/openssh/contrib/findssl.sh b/openssh/contrib/findssl.sh
index a4e8f4c83f6584f96eb0ddf62e7c5dccef985d60..128db74c1064b4d46d82df05e72249b7223d0e80 100644 (file)
--- a/openssh/contrib/findssl.sh
+++ b/openssh/contrib/findssl.sh
@@ -89,6 +89,25 @@ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
 LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
 export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
 
 LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
 export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
 

+# not all platforms have a 'which' command
+if which ls >/dev/null 2>/dev/null; then
+    : which is defined
+else
+    which () {
+       saveIFS="$IFS"
+       IFS=:
+       for p in $PATH; do
+           if test -x "$p/$1" -a -f "$p/$1"; then
+               IFS="$saveIFS"
+               echo "$p/$1"
+               return 0
+           fi
+       done
+       IFS="$saveIFS"
+       return 1
+    }
+fi
+

 #
 # Search for OpenSSL headers and print versions
 #
 #
 # Search for OpenSSL headers and print versions
 #

diff --git a/openssh/contrib/redhat/openssh.spec b/openssh/contrib/redhat/openssh.spec
index 52e8676235ba3decf50d4cba5220bfa7eaa96610..08515d2b0ee48a3c36734b386571cb10d22c3b16 100644 (file)
--- a/openssh/contrib/redhat/openssh.spec
+++ b/openssh/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 4.5p1
+%define ver 4.6p1

 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID
 %define rel 1
 
 # OpenSSH privilege separation requires a user & group ID

diff --git a/openssh/contrib/suse/openssh.spec b/openssh/contrib/suse/openssh.spec
index 797964cd258fa06b37332c839ab2222889f6e665..95b394f18873e0cd3c451d5c4233b24120691eaa 100644 (file)
--- a/openssh/contrib/suse/openssh.spec
+++ b/openssh/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 
 Summary:       OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:          openssh
 
 Summary:       OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:          openssh

-Version:       4.5p1
+Version:       4.6p1

 URL:           http://www.openssh.com/
 Release:       1
 Source0:       openssh-%{version}.tar.gz
 URL:           http://www.openssh.com/
 Release:       1
 Source0:       openssh-%{version}.tar.gz

diff --git a/openssh/dh.c b/openssh/dh.c
index 02b9a40816e0d9c7c10b441fd1b21eb63b85759e..78e230b9f2417c4233748c8e5fb6606167284843 100644 (file)
--- a/openssh/dh.c
+++ b/openssh/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.43 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: dh.c,v 1.44 2006/11/07 13:02:07 markus Exp $ */

 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *

diff --git a/openssh/dns.c b/openssh/dns.c
index 92623de72863877b949cd51b436c3250d3b4e958..a89176f882835c2931261ff909a934af7efa4e39 100644 (file)
--- a/openssh/dns.c
+++ b/openssh/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: dns.c,v 1.24 2007/01/03 03:01:40 stevesk Exp $ */

 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.


@@ -217,7 +217,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address,
        if (fingerprints->rri_nrdatas)
                *flags |= DNS_VERIFY_FOUND;
 
        if (fingerprints->rri_nrdatas)
                *flags |= DNS_VERIFY_FOUND;
 

-       for (counter = 0; counter < fingerprints->rri_nrdatas; counter++)  {
+       for (counter = 0; counter < fingerprints->rri_nrdatas; counter++) {

                /*
                 * Extract the key from the answer. Ignore any badly
                 * formatted fingerprints.
                /*
                 * Extract the key from the answer. Ignore any badly
                 * formatted fingerprints.

diff --git a/openssh/kex.c b/openssh/kex.c
index bfc1c11f977b2d971fdd366bf88c9390bf6bac63..b2223c5ffa0fb5f31e5a05b5c18777de706fb6da 100644 (file)
--- a/openssh/kex.c
+++ b/openssh/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.76 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: kex.c,v 1.77 2007/01/21 01:41:54 stevesk Exp $ */

 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *


@@ -552,7 +552,7 @@ dump_digest(char *msg, u_char *digest, int len)
        u_int i;
 
        fprintf(stderr, "%s\n", msg);
        u_int i;
 
        fprintf(stderr, "%s\n", msg);

-       for (i = 0; i< len; i++) {
+       for (i = 0; i < len; i++) {

                fprintf(stderr, "%02x", digest[i]);
                if (i%32 == 31)
                        fprintf(stderr, "\n");
                fprintf(stderr, "%02x", digest[i]);
                if (i%32 == 31)
                        fprintf(stderr, "\n");

diff --git a/openssh/misc.c b/openssh/misc.c
index 78bca2faefa77c782b7968ccaa67b771c7cbdd3f..625a34368f425e676564a26c8b63a5ccb32c11a3 100644 (file)
--- a/openssh/misc.c
+++ b/openssh/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.64 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: misc.c,v 1.65 2006/11/23 01:35:11 ray Exp $ */

 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.


@@ -616,6 +616,8 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz,
    u_long *lineno)
 {
        while (fgets(buf, bufsz, f) != NULL) {
    u_long *lineno)
 {
        while (fgets(buf, bufsz, f) != NULL) {

+               if (buf[0] == '\0')
+                       continue;

                (*lineno)++;
                if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
                        return 0;
                (*lineno)++;
                if (buf[strlen(buf) - 1] == '\n' || feof(f)) {
                        return 0;

diff --git a/openssh/moduli.c b/openssh/moduli.c
index 44e5ddfc0c03347620cb3998c953ac1092f313e8..8fa545daf090aea41121aadcb295ce3a8c0272a8 100644 (file)
--- a/openssh/moduli.c
+++ b/openssh/moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.19 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: moduli.c,v 1.20 2007/02/24 03:30:11 ray Exp $ */

 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>


@@ -490,11 +490,9 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted)
 
        res = 0;
        lp = xmalloc(QLINESIZE + 1);
 
        res = 0;
        lp = xmalloc(QLINESIZE + 1);

-       while (fgets(lp, QLINESIZE, in) != NULL) {
-               int ll = strlen(lp);
-
+       while (fgets(lp, QLINESIZE + 1, in) != NULL) {

                count_in++;
                count_in++;

-               if (ll < 14 || *lp == '!' || *lp == '#') {
+               if (strlen(lp) < 14 || *lp == '!' || *lp == '#') {

                        debug2("%10u: comment or short line", count_in);
                        continue;
                }
                        debug2("%10u: comment or short line", count_in);
                        continue;
                }

diff --git a/openssh/monitor.c b/openssh/monitor.c
index 48ae46cccb4ca6d599e9d0603ba507c911ccf763..02f2dc869171252b768334390b1e30b71824d66a 100644 (file)
--- a/openssh/monitor.c
+++ b/openssh/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.89 2006/11/07 10:31:31 markus Exp $ */
+/* $OpenBSD: monitor.c,v 1.90 2007/02/19 10:45:58 dtucker Exp $ */

 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>


@@ -642,6 +642,9 @@ mm_answer_pwnamallow(int sock, Buffer *m)
 #endif
        buffer_put_cstring(m, pwent->pw_dir);
        buffer_put_cstring(m, pwent->pw_shell);
 #endif
        buffer_put_cstring(m, pwent->pw_dir);
        buffer_put_cstring(m, pwent->pw_shell);

+       buffer_put_string(m, &options, sizeof(options));
+       if (options.banner != NULL)
+               buffer_put_cstring(m, options.banner);

 
  out:
        debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
 
  out:
        debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);

diff --git a/openssh/monitor_wrap.c b/openssh/monitor_wrap.c
index 3865539dfd1a872ace67f26d485a8e023b77068c..27cc1c5f1f91b59432d250e6d222abf4c27a4d73 100644 (file)
--- a/openssh/monitor_wrap.c
+++ b/openssh/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */

 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>


@@ -73,6 +73,7 @@
 
 #include "channels.h"
 #include "session.h"
 
 #include "channels.h"
 #include "session.h"

+#include "servconf.h"

 
 /* Imports */
 extern int compat20;
 
 /* Imports */
 extern int compat20;


@@ -207,7 +208,8 @@ mm_getpwnamallow(const char *username)
 {
        Buffer m;
        struct passwd *pw;
 {
        Buffer m;
        struct passwd *pw;

-       u_int pwlen;
+       u_int len;
+       ServerOptions *newopts;

 
        debug3("%s entering", __func__);
 
 
        debug3("%s entering", __func__);
 


@@ -223,8 +225,8 @@ mm_getpwnamallow(const char *username)
                buffer_free(&m);
                return (NULL);
        }
                buffer_free(&m);
                return (NULL);
        }

-       pw = buffer_get_string(&m, &pwlen);
-       if (pwlen != sizeof(struct passwd))
+       pw = buffer_get_string(&m, &len);
+       if (len != sizeof(struct passwd))

                fatal("%s: struct passwd size mismatch", __func__);
        pw->pw_name = buffer_get_string(&m, NULL);
        pw->pw_passwd = buffer_get_string(&m, NULL);
                fatal("%s: struct passwd size mismatch", __func__);
        pw->pw_name = buffer_get_string(&m, NULL);
        pw->pw_passwd = buffer_get_string(&m, NULL);


@@ -234,6 +236,16 @@ mm_getpwnamallow(const char *username)
 #endif
        pw->pw_dir = buffer_get_string(&m, NULL);
        pw->pw_shell = buffer_get_string(&m, NULL);
 #endif
        pw->pw_dir = buffer_get_string(&m, NULL);
        pw->pw_shell = buffer_get_string(&m, NULL);

+
+       /* copy options block as a Match directive may have changed some */
+       newopts = buffer_get_string(&m, &len);
+       if (len != sizeof(*newopts))
+               fatal("%s: option block size mismatch", __func__);
+       if (newopts->banner != NULL)
+               newopts->banner = buffer_get_string(&m, NULL);
+       copy_set_server_options(&options, newopts, 1);
+       xfree(newopts);
+

        buffer_free(&m);
 
        return (pw);
        buffer_free(&m);
 
        return (pw);

diff --git a/openssh/openbsd-compat/bsd-asprintf.c b/openssh/openbsd-compat/bsd-asprintf.c
index 67480139ebdf42747c67eeeeac3f40d807f76645..00fa0dfd8a7da3bad6684929d0f2550582bc3137 100644 (file)
--- a/openssh/openbsd-compat/bsd-asprintf.c
+++ b/openssh/openbsd-compat/bsd-asprintf.c
@@ -39,7 +39,8 @@
 
 #define INIT_SZ        128
 
 
 #define INIT_SZ        128
 

-int vasprintf(char **str, const char *fmt, va_list ap)
+int
+vasprintf(char **str, const char *fmt, va_list ap)

 {
        int ret = -1;
        va_list ap2;
 {
        int ret = -1;
        va_list ap2;


@@ -53,7 +54,7 @@ int vasprintf(char **str, const char *fmt, va_list ap)
        ret = vsnprintf(string, INIT_SZ, fmt, ap2);
        if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
                *str = string;
        ret = vsnprintf(string, INIT_SZ, fmt, ap2);
        if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */
                *str = string;

-       } else if (ret == INT_MAX) { /* shouldn't happen */
+       } else if (ret == INT_MAX || ret < 0) { /* Bad length */

                goto fail;
        } else {        /* bigger than initial, realloc allowing for nul */
                len = (size_t)ret + 1;
                goto fail;
        } else {        /* bigger than initial, realloc allowing for nul */
                len = (size_t)ret + 1;

diff --git a/openssh/openbsd-compat/bsd-snprintf.c b/openssh/openbsd-compat/bsd-snprintf.c
index 04651e1d438be8e8702d4dc0753e48f90f725358..41d2be23899c14414f28397a307626702cae8d5e 100644 (file)
--- a/openssh/openbsd-compat/bsd-snprintf.c
+++ b/openssh/openbsd-compat/bsd-snprintf.c
@@ -85,6 +85,11 @@
  *
  *    Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even
  *    if the C library has some snprintf functions already.
  *
  *    Move #endif to make sure VA_COPY, LDOUBLE, etc are defined even
  *    if the C library has some snprintf functions already.

+ *
+ * Damien Miller (djm@mindrot.org) Jan 2007
+ *    Fix integer overflows in return value.
+ *    Make formatting quite a bit faster by inlining dopr_outch()
+ *

  **************************************************************/
 
 #include "includes.h"
  **************************************************************/
 
 #include "includes.h"


@@ -112,6 +117,8 @@
 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
 #include <stdlib.h>
 #include <string.h>

+#include <limits.h>
+#include <errno.h>

 
 #ifdef HAVE_LONG_DOUBLE
 # define LDOUBLE long double
 
 #ifdef HAVE_LONG_DOUBLE
 # define LDOUBLE long double


@@ -159,17 +166,28 @@
 # define MAX(p,q) (((p) >= (q)) ? (p) : (q))
 #endif
 
 # define MAX(p,q) (((p) >= (q)) ? (p) : (q))
 #endif
 

-static size_t dopr(char *buffer, size_t maxlen, const char *format, 
-                  va_list args_in);
-static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
-                   char *value, int flags, int min, int max);
-static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
-                   LLONG value, int base, int min, int max, int flags);
-static void fmtfp(char *buffer, size_t *currlen, size_t maxlen,
-                  LDOUBLE fvalue, int min, int max, int flags);
-static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c);
-
-static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)
+#define DOPR_OUTCH(buf, pos, buflen, thechar) \
+       do { \
+               if (pos + 1 >= INT_MAX) { \
+                       errno = ERANGE; \
+                       return -1; \
+               } \
+               if (pos < buflen) \
+                       buf[pos] = thechar; \
+               (pos)++; \
+       } while (0)
+
+static int dopr(char *buffer, size_t maxlen, const char *format, 
+    va_list args_in);
+static int fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+    char *value, int flags, int min, int max);
+static int fmtint(char *buffer, size_t *currlen, size_t maxlen,
+    LLONG value, int base, int min, int max, int flags);
+static int fmtfp(char *buffer, size_t *currlen, size_t maxlen,
+    LDOUBLE fvalue, int min, int max, int flags);
+
+static int
+dopr(char *buffer, size_t maxlen, const char *format, va_list args_in)

 {
        char ch;
        LLONG value;
 {
        char ch;
        LLONG value;


@@ -198,8 +216,8 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                case DP_S_DEFAULT:
                        if (ch == '%') 
                                state = DP_S_FLAGS;
                case DP_S_DEFAULT:
                        if (ch == '%') 
                                state = DP_S_FLAGS;

-                       else 
-                               dopr_outch (buffer, &currlen, maxlen, ch);
+                       else
+                               DOPR_OUTCH(buffer, currlen, maxlen, ch);

                        ch = *format++;
                        break;
                case DP_S_FLAGS:
                        ch = *format++;
                        break;
                case DP_S_FLAGS:


@@ -298,7 +316,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        value = va_arg (args, LLONG);
                                else
                                        value = va_arg (args, int);
                                        value = va_arg (args, LLONG);
                                else
                                        value = va_arg (args, int);

-                               fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+                               if (fmtint(buffer, &currlen, maxlen,
+                                   value, 10, min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'o':
                                flags |= DP_F_UNSIGNED;
                                break;
                        case 'o':
                                flags |= DP_F_UNSIGNED;


@@ -310,7 +330,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        value = (long)va_arg (args, unsigned LLONG);
                                else
                                        value = (long)va_arg (args, unsigned int);
                                        value = (long)va_arg (args, unsigned LLONG);
                                else
                                        value = (long)va_arg (args, unsigned int);

-                               fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags);
+                               if (fmtint(buffer, &currlen, maxlen, value,
+                                   8, min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'u':
                                flags |= DP_F_UNSIGNED;
                                break;
                        case 'u':
                                flags |= DP_F_UNSIGNED;


@@ -322,7 +344,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        value = (LLONG)va_arg (args, unsigned LLONG);
                                else
                                        value = (long)va_arg (args, unsigned int);
                                        value = (LLONG)va_arg (args, unsigned LLONG);
                                else
                                        value = (long)va_arg (args, unsigned int);

-                               fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags);
+                               if (fmtint(buffer, &currlen, maxlen, value,
+                                   10, min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'X':
                                flags |= DP_F_UP;
                                break;
                        case 'X':
                                flags |= DP_F_UP;


@@ -336,15 +360,18 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        value = (LLONG)va_arg (args, unsigned LLONG);
                                else
                                        value = (long)va_arg (args, unsigned int);
                                        value = (LLONG)va_arg (args, unsigned LLONG);
                                else
                                        value = (long)va_arg (args, unsigned int);

-                               fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags);
+                               if (fmtint(buffer, &currlen, maxlen, value,
+                                   16, min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'f':
                                if (cflags == DP_C_LDOUBLE)
                                        fvalue = va_arg (args, LDOUBLE);
                                else
                                        fvalue = va_arg (args, double);
                                break;
                        case 'f':
                                if (cflags == DP_C_LDOUBLE)
                                        fvalue = va_arg (args, LDOUBLE);
                                else
                                        fvalue = va_arg (args, double);

-                               /* um, floating point? */
-                               fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+                               if (fmtfp(buffer, &currlen, maxlen, fvalue,
+                                   min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'E':
                                flags |= DP_F_UP;
                                break;
                        case 'E':
                                flags |= DP_F_UP;


@@ -353,7 +380,9 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        fvalue = va_arg (args, LDOUBLE);
                                else
                                        fvalue = va_arg (args, double);
                                        fvalue = va_arg (args, LDOUBLE);
                                else
                                        fvalue = va_arg (args, double);

-                               fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+                               if (fmtfp(buffer, &currlen, maxlen, fvalue,
+                                   min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'G':
                                flags |= DP_F_UP;
                                break;
                        case 'G':
                                flags |= DP_F_UP;


@@ -362,10 +391,13 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        fvalue = va_arg (args, LDOUBLE);
                                else
                                        fvalue = va_arg (args, double);
                                        fvalue = va_arg (args, LDOUBLE);
                                else
                                        fvalue = va_arg (args, double);

-                               fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags);
+                               if (fmtfp(buffer, &currlen, maxlen, fvalue,
+                                   min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'c':
                                break;
                        case 'c':

-                               dopr_outch (buffer, &currlen, maxlen, va_arg (args, int));
+                               DOPR_OUTCH(buffer, currlen, maxlen,
+                                   va_arg (args, int));

                                break;
                        case 's':
                                strvalue = va_arg (args, char *);
                                break;
                        case 's':
                                strvalue = va_arg (args, char *);


@@ -374,11 +406,15 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                        max = strlen(strvalue);
                                }
                                if (min > 0 && max >= 0 && min > max) max = min;
                                        max = strlen(strvalue);
                                }
                                if (min > 0 && max >= 0 && min > max) max = min;

-                               fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max);
+                               if (fmtstr(buffer, &currlen, maxlen,
+                                   strvalue, flags, min, max) == -1)
+                                       return -1;

                                break;
                        case 'p':
                                strvalue = va_arg (args, void *);
                                break;
                        case 'p':
                                strvalue = va_arg (args, void *);

-                               fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags);
+                               if (fmtint(buffer, &currlen, maxlen,
+                                   (long) strvalue, 16, min, max, flags) == -1)
+                                       return -1;

                                break;
                        case 'n':
                                if (cflags == DP_C_SHORT) {
                                break;
                        case 'n':
                                if (cflags == DP_C_SHORT) {


@@ -400,7 +436,7 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                                }
                                break;
                        case '%':
                                }
                                break;
                        case '%':

-                               dopr_outch (buffer, &currlen, maxlen, ch);
+                               DOPR_OUTCH(buffer, currlen, maxlen, ch);

                                break;
                        case 'w':
                                /* not supported yet, treat as next char */
                                break;
                        case 'w':
                                /* not supported yet, treat as next char */


@@ -429,11 +465,12 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args
                        buffer[maxlen - 1] = '\0';
        }
        
                        buffer[maxlen - 1] = '\0';
        }
        

-       return currlen;
+       return currlen < INT_MAX ? (int)currlen : -1;

 }
 
 }
 

-static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
-                   char *value, int flags, int min, int max)
+static int
+fmtstr(char *buffer, size_t *currlen, size_t maxlen,
+    char *value, int flags, int min, int max)

 {
        int padlen, strln;     /* amount to pad */
        int cnt = 0;
 {
        int padlen, strln;     /* amount to pad */
        int cnt = 0;


@@ -453,24 +490,27 @@ static void fmtstr(char *buffer, size_t *currlen, size_t maxlen,
                padlen = -padlen; /* Left Justify */
        
        while ((padlen > 0) && (cnt < max)) {
                padlen = -padlen; /* Left Justify */
        
        while ((padlen > 0) && (cnt < max)) {

-               dopr_outch (buffer, currlen, maxlen, ' ');
+               DOPR_OUTCH(buffer, *currlen, maxlen, ' ');

                --padlen;
                ++cnt;
        }
        while (*value && (cnt < max)) {
                --padlen;
                ++cnt;
        }
        while (*value && (cnt < max)) {

-               dopr_outch (buffer, currlen, maxlen, *value++);
+               DOPR_OUTCH(buffer, *currlen, maxlen, *value);
+               *value++;

                ++cnt;
        }
        while ((padlen < 0) && (cnt < max)) {
                ++cnt;
        }
        while ((padlen < 0) && (cnt < max)) {

-               dopr_outch (buffer, currlen, maxlen, ' ');
+               DOPR_OUTCH(buffer, *currlen, maxlen, ' ');

                ++padlen;
                ++cnt;
        }
                ++padlen;
                ++cnt;
        }

+       return 0;

 }
 
 /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
 
 }
 
 /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */
 

-static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
+static int
+fmtint(char *buffer, size_t *currlen, size_t maxlen,

                    LLONG value, int base, int min, int max, int flags)
 {
        int signvalue = 0;
                    LLONG value, int base, int min, int max, int flags)
 {
        int signvalue = 0;


@@ -527,31 +567,34 @@ static void fmtint(char *buffer, size_t *currlen, size_t maxlen,
 
        /* Spaces */
        while (spadlen > 0) {
 
        /* Spaces */
        while (spadlen > 0) {

-               dopr_outch (buffer, currlen, maxlen, ' ');
+               DOPR_OUTCH(buffer, *currlen, maxlen, ' ');

                --spadlen;
        }
 
        /* Sign */
        if (signvalue) 
                --spadlen;
        }
 
        /* Sign */
        if (signvalue) 

-               dopr_outch (buffer, currlen, maxlen, signvalue);
+               DOPR_OUTCH(buffer, *currlen, maxlen, signvalue);

 
        /* Zeros */
        if (zpadlen > 0) {
                while (zpadlen > 0) {
 
        /* Zeros */
        if (zpadlen > 0) {
                while (zpadlen > 0) {

-                       dopr_outch (buffer, currlen, maxlen, '0');
+                       DOPR_OUTCH(buffer, *currlen, maxlen, '0');

                        --zpadlen;
                }
        }
 
        /* Digits */
                        --zpadlen;
                }
        }
 
        /* Digits */

-       while (place > 0) 
-               dopr_outch (buffer, currlen, maxlen, convert[--place]);
+       while (place > 0) {
+               --place;
+               DOPR_OUTCH(buffer, *currlen, maxlen, convert[place]);
+       }

   
        /* Left Justified spaces */
        while (spadlen < 0) {
   
        /* Left Justified spaces */
        while (spadlen < 0) {

-               dopr_outch (buffer, currlen, maxlen, ' ');
+               DOPR_OUTCH(buffer, *currlen, maxlen, ' ');

                ++spadlen;
        }
                ++spadlen;
        }

+       return 0;

 }
 
 static LDOUBLE abs_val(LDOUBLE value)
 }
 
 static LDOUBLE abs_val(LDOUBLE value)


@@ -564,13 +607,13 @@ static LDOUBLE abs_val(LDOUBLE value)
        return result;
 }
 
        return result;
 }
 

-static LDOUBLE POW10(int exp)
+static LDOUBLE POW10(int val)

 {
        LDOUBLE result = 1;
        
 {
        LDOUBLE result = 1;
        

-       while (exp) {
+       while (val) {

                result *= 10;
                result *= 10;

-               exp--;
+               val--;

        }
   
        return result;
        }
   
        return result;


@@ -604,7 +647,10 @@ static double my_modf(double x0, double *iptr)
        }
 
        if (i == 100) {
        }
 
        if (i == 100) {

-               /* yikes! the number is beyond what we can handle. What do we do? */
+               /*
+                * yikes! the number is beyond what we can handle.
+                * What do we do?
+                */

                (*iptr) = 0;
                return 0;
        }
                (*iptr) = 0;
                return 0;
        }


@@ -623,8 +669,9 @@ static double my_modf(double x0, double *iptr)
 }
 
 
 }
 
 

-static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
-                  LDOUBLE fvalue, int min, int max, int flags)
+static int
+fmtfp (char *buffer, size_t *currlen, size_t maxlen,
+    LDOUBLE fvalue, int min, int max, int flags)

 {
        int signvalue = 0;
        double ufvalue;
 {
        int signvalue = 0;
        double ufvalue;


@@ -729,24 +776,26 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
        
        if ((flags & DP_F_ZERO) && (padlen > 0)) {
                if (signvalue) {
        
        if ((flags & DP_F_ZERO) && (padlen > 0)) {
                if (signvalue) {

-                       dopr_outch (buffer, currlen, maxlen, signvalue);
+                       DOPR_OUTCH(buffer, *currlen, maxlen, signvalue);

                        --padlen;
                        signvalue = 0;
                }
                while (padlen > 0) {
                        --padlen;
                        signvalue = 0;
                }
                while (padlen > 0) {

-                       dopr_outch (buffer, currlen, maxlen, '0');
+                       DOPR_OUTCH(buffer, *currlen, maxlen, '0');

                        --padlen;
                }
        }
        while (padlen > 0) {
                        --padlen;
                }
        }
        while (padlen > 0) {

-               dopr_outch (buffer, currlen, maxlen, ' ');
+               DOPR_OUTCH(buffer, *currlen, maxlen, ' ');

                --padlen;
        }
        if (signvalue) 
                --padlen;
        }
        if (signvalue) 

-               dopr_outch (buffer, currlen, maxlen, signvalue);
+               DOPR_OUTCH(buffer, *currlen, maxlen, signvalue);

        
        

-       while (iplace > 0) 
-               dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]);
+       while (iplace > 0) {
+               --iplace;
+               DOPR_OUTCH(buffer, *currlen, maxlen, iconvert[iplace]);
+       }

 
 #ifdef DEBUG_SNPRINTF
        printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);
 
 #ifdef DEBUG_SNPRINTF
        printf("fmtfp: fplace=%d zpadlen=%d\n", fplace, zpadlen);


@@ -757,41 +806,38 @@ static void fmtfp (char *buffer, size_t *currlen, size_t maxlen,
         * char to print out.
         */
        if (max > 0) {
         * char to print out.
         */
        if (max > 0) {

-               dopr_outch (buffer, currlen, maxlen, '.');
+               DOPR_OUTCH(buffer, *currlen, maxlen, '.');

                
                while (zpadlen > 0) {
                
                while (zpadlen > 0) {

-                       dopr_outch (buffer, currlen, maxlen, '0');
+                       DOPR_OUTCH(buffer, *currlen, maxlen, '0');

                        --zpadlen;
                }
 
                        --zpadlen;
                }
 

-               while (fplace > 0) 
-                       dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]);
+               while (fplace > 0) {
+                       --fplace;
+                       DOPR_OUTCH(buffer, *currlen, maxlen, fconvert[fplace]);
+               }

        }
 
        while (padlen < 0) {
        }
 
        while (padlen < 0) {

-               dopr_outch (buffer, currlen, maxlen, ' ');
+               DOPR_OUTCH(buffer, *currlen, maxlen, ' ');

                ++padlen;
        }
                ++padlen;
        }

-}
-
-static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c)
-{
-       if (*currlen < maxlen) {
-               buffer[(*currlen)] = c;
-       }
-       (*currlen)++;
+       return 0;

 }
 #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
 
 #if !defined(HAVE_VSNPRINTF)
 }
 #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */
 
 #if !defined(HAVE_VSNPRINTF)

-int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
+int
+vsnprintf (char *str, size_t count, const char *fmt, va_list args)

 {
        return dopr(str, count, fmt, args);
 }
 #endif
 
 #if !defined(HAVE_SNPRINTF)
 {
        return dopr(str, count, fmt, args);
 }
 #endif
 
 #if !defined(HAVE_SNPRINTF)

-int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
+int
+snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)

 {
        size_t ret;
        va_list ap;
 {
        size_t ret;
        va_list ap;


@@ -802,4 +848,3 @@ int snprintf(char *str, size_t count, SNPRINTF_CONST char *fmt, ...)
        return ret;
 }
 #endif
        return ret;
 }
 #endif

-

diff --git a/openssh/openbsd-compat/getrrsetbyname.c b/openssh/openbsd-compat/getrrsetbyname.c
index 6c86e02c2ab0805dbe8c7629ba47bf3b0d9b0a96..07231d005f77394979fba9a2a44495bafc2ac76b 100644 (file)
--- a/openssh/openbsd-compat/getrrsetbyname.c
+++ b/openssh/openbsd-compat/getrrsetbyname.c
@@ -303,10 +303,12 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
        }
 
        /* allocate memory for signatures */
        }
 
        /* allocate memory for signatures */

-       rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
-       if (rrset->rri_sigs == NULL) {
-               result = ERRSET_NOMEMORY;
-               goto fail;
+       if (rrset->rri_nsigs > 0) {
+               rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo));
+               if (rrset->rri_sigs == NULL) {
+                       result = ERRSET_NOMEMORY;
+                       goto fail;
+               }

        }
 
        /* copy answers & signatures */
        }
 
        /* copy answers & signatures */

diff --git a/openssh/openbsd-compat/openssl-compat.h b/openssh/openbsd-compat/openssl-compat.h
index 36a09f6bad7878e49b10eac11fd0bbc343ca6b57..a37f1473a3ba44ea3d43017ea3ace6f324f6bbe2 100644 (file)
--- a/openssh/openbsd-compat/openssl-compat.h
+++ b/openssh/openbsd-compat/openssl-compat.h
@@ -46,6 +46,11 @@ extern const EVP_CIPHER *evp_acss(void);
 # endif
 #endif
 
 # endif
 #endif
 

+/* OpenSSL 0.9.8e returns cipher key len not context key len */
+#if (OPENSSL_VERSION_NUMBER == 0x0090805fL)
+# define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
+#endif
+

 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.
 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.

diff --git a/openssh/openssh.xml.in b/openssh/openssh.xml.in
index 655ee5c9e82d7f19019fa3ac399e8a5aa38bb9e8..2fcdea0a19508506131e33995af7818ef87027de 100644 (file)
--- a/openssh/openssh.xml.in
+++ b/openssh/openssh.xml.in
@@ -23,6 +23,9 @@
         type='service'
         version='1'>
 
         type='service'
         version='1'>
 

+<!--
+       We default to disabled so administrator can decide to enable or not.
+-->

         <create_default_instance enabled='false'/>
 
         <single_instance/>
         <create_default_instance enabled='false'/>
 
         <single_instance/>


@@ -53,7 +56,7 @@
         <exec_method
             name='start'
             type='method'
         <exec_method
             name='start'
             type='method'

-            exec='/lib/svc/method/site/opensshd start'
+            exec='/lib/svc/method/site/__SYSVINIT_NAME__ start'

             timeout_seconds='60'>
             <method_context/>
         </exec_method>
             timeout_seconds='60'>
             <method_context/>
         </exec_method>

diff --git a/openssh/packet.c b/openssh/packet.c
index ab5a01002aac6832cb197624457e33b2709e042b..7d8fab1e90d92257718c4b142cb95da5488967e7 100644 (file)
--- a/openssh/packet.c
+++ b/openssh/packet.c
@@ -47,7 +47,6 @@
 # include <sys/time.h>
 #endif
 
 # include <sys/time.h>
 #endif
 

-#include <netinet/in_systm.h>

 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <netinet/ip.h>
 #include <arpa/inet.h>

diff --git a/openssh/readconf.c b/openssh/readconf.c
index 4cacf6026385526168689218de82252847323813..2485146a0025dfeeb212428172ab907afc1388d7 100644 (file)
--- a/openssh/readconf.c
+++ b/openssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.159 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: readconf.c,v 1.161 2007/01/21 01:45:35 stevesk Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -364,7 +364,7 @@ parse_time:
                if ((value = convtime(arg)) == -1)
                        fatal("%s line %d: invalid time value.",
                            filename, linenum);
                if ((value = convtime(arg)) == -1)
                        fatal("%s line %d: invalid time value.",
                            filename, linenum);

-               if (*intptr == -1)
+               if (*activep && *intptr == -1)

                        *intptr = value;
                break;
 
                        *intptr = value;
                break;
 


@@ -545,7 +545,7 @@ parse_yesnoask:
                        if (*intptr >= SSH_MAX_IDENTITY_FILES)
                                fatal("%.200s line %d: Too many identity files specified (max %d).",
                                    filename, linenum, SSH_MAX_IDENTITY_FILES);
                        if (*intptr >= SSH_MAX_IDENTITY_FILES)
                                fatal("%.200s line %d: Too many identity files specified (max %d).",
                                    filename, linenum, SSH_MAX_IDENTITY_FILES);

-                       charptr =  &options->identity_files[*intptr];
+                       charptr = &options->identity_files[*intptr];

                        *charptr = xstrdup(arg);
                        *intptr = *intptr + 1;
                }
                        *charptr = xstrdup(arg);
                        *intptr = *intptr + 1;
                }

diff --git a/openssh/regress/agent-ptrace.sh b/openssh/regress/agent-ptrace.sh
index 4de2638e4acc97a8e7b9677c5c61f7e32aa64ec0..d5892ed03098f4b9279840107bc7cbbddc84bc42 100644 (file)
--- a/openssh/regress/agent-ptrace.sh
+++ b/openssh/regress/agent-ptrace.sh
@@ -41,7 +41,7 @@ EOF
        if [ $? -ne 0 ]; then
                fail "gdb failed: exit code $?"
        fi
        if [ $? -ne 0 ]; then
                fail "gdb failed: exit code $?"
        fi

-       egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace attach: Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out
+       egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.' >/dev/null ${OBJ}/gdb.out

        r=$?
        rm -f ${OBJ}/gdb.out
        if [ $r -ne 0 ]; then
        r=$?
        rm -f ${OBJ}/gdb.out
        if [ $r -ne 0 ]; then

diff --git a/openssh/scp.c b/openssh/scp.c
index 56a3e79ffa2b5ae1a12dfac1e5486af9866efdcb..a52aaeb12fc5acdb3dfee0c75531dd7140045364 100644 (file)
--- a/openssh/scp.c
+++ b/openssh/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.155 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: scp.c,v 1.156 2007/01/22 13:06:21 djm Exp $ */

 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).


@@ -380,7 +380,7 @@ main(int argc, char **argv)
        if ((pwd = getpwuid(userid = getuid())) == NULL)
                fatal("unknown user %u", (u_int) userid);
 
        if ((pwd = getpwuid(userid = getuid())) == NULL)
                fatal("unknown user %u", (u_int) userid);
 

-       if (!isatty(STDERR_FILENO))
+       if (!isatty(STDOUT_FILENO))

                showprogress = 0;
 
        remin = STDIN_FILENO;
                showprogress = 0;
 
        remin = STDIN_FILENO;

diff --git a/openssh/servconf.c b/openssh/servconf.c
index 1f80de22d3ecefb3a53d66d0ba2b6d37c996a6b3..1e3c213a52abe1cf7d42a5c72c43ecb5aaa316ed 100644 (file)
--- a/openssh/servconf.c
+++ b/openssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.165 2006/08/14 12:40:25 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.170 2007/03/01 10:28:02 dtucker Exp $ */

 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved


@@ -325,14 +325,14 @@ static struct {
        { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
        { "loglevel", sLogLevel, SSHCFG_GLOBAL },
        { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
        { "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
        { "loglevel", sLogLevel, SSHCFG_GLOBAL },
        { "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },

-       { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_GLOBAL },
-       { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_GLOBAL },
+       { "rhostsrsaauthentication", sRhostsRSAAuthentication, SSHCFG_ALL },
+       { "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },

        { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },
        { "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_GLOBAL },

-       { "rsaauthentication", sRSAAuthentication, SSHCFG_GLOBAL },
-       { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },
+       { "rsaauthentication", sRSAAuthentication, SSHCFG_ALL },
+       { "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },

        { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },  /* alias */
 #ifdef KRB5
        { "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL },  /* alias */
 #ifdef KRB5

-       { "kerberosauthentication", sKerberosAuthentication, SSHCFG_GLOBAL },
+       { "kerberosauthentication", sKerberosAuthentication, SSHCFG_ALL },

        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
        { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
 #ifdef USE_AFS
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd, SSHCFG_GLOBAL },
        { "kerberosticketcleanup", sKerberosTicketCleanup, SSHCFG_GLOBAL },
 #ifdef USE_AFS


@@ -341,7 +341,7 @@ static struct {
        { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
 #endif
 #else
        { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
 #endif
 #else

-       { "kerberosauthentication", sUnsupported, SSHCFG_GLOBAL },
+       { "kerberosauthentication", sUnsupported, SSHCFG_ALL },

        { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
        { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
        { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
        { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL },
        { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL },
        { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },


@@ -349,14 +349,14 @@ static struct {
        { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
        { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
 #ifdef GSSAPI
        { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
        { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
 #ifdef GSSAPI

-       { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL },
+       { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },

        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
 #else
        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
 #else

-       { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL },
+       { "gssapiauthentication", sUnsupported, SSHCFG_ALL },

        { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
 #endif
        { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
 #endif

-       { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL },
-       { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL },
+       { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
+       { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },

        { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
        { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
        { "checkmail", sDeprecated, SSHCFG_GLOBAL },
        { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
        { "skeyauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, /* alias */
        { "checkmail", sDeprecated, SSHCFG_GLOBAL },


@@ -389,7 +389,7 @@ static struct {
        { "subsystem", sSubsystem, SSHCFG_GLOBAL },
        { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
        { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
        { "subsystem", sSubsystem, SSHCFG_GLOBAL },
        { "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
        { "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },

-       { "banner", sBanner, SSHCFG_GLOBAL },
+       { "banner", sBanner, SSHCFG_ALL },

        { "usedns", sUseDNS, SSHCFG_GLOBAL },
        { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
        { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
        { "usedns", sUseDNS, SSHCFG_GLOBAL },
        { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
        { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },


@@ -968,7 +968,7 @@ parse_flag:
                else
                        fatal("%s line %d: Bad yes/no/clientspecified "
                            "argument: %s", filename, linenum, arg);
                else
                        fatal("%s line %d: Bad yes/no/clientspecified "
                            "argument: %s", filename, linenum, arg);

-               if (*intptr == -1)
+               if (*activep && *intptr == -1)

                        *intptr = value;
                break;
 
                        *intptr = value;
                break;
 


@@ -1220,13 +1220,16 @@ parse_flag:
                if (!arg || *arg == '\0')
                        fatal("%s line %d: missing PermitOpen specification",
                            filename, linenum);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: missing PermitOpen specification",
                            filename, linenum);

+               n = options->num_permitted_opens;       /* modified later */

                if (strcmp(arg, "any") == 0) {
                if (strcmp(arg, "any") == 0) {

-                       if (*activep) {
+                       if (*activep && n == -1) {

                                channel_clear_adm_permitted_opens();
                                options->num_permitted_opens = 0;
                        }
                        break;
                }
                                channel_clear_adm_permitted_opens();
                                options->num_permitted_opens = 0;
                        }
                        break;
                }

+               if (*activep && n == -1)
+                       channel_clear_adm_permitted_opens();

                for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
                        p = hpdelim(&arg);
                        if (p == NULL)
                for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
                        p = hpdelim(&arg);
                        if (p == NULL)


@@ -1236,11 +1239,9 @@ parse_flag:
                        if (arg == NULL || (port = a2port(arg)) == 0)
                                fatal("%s line %d: bad port number in "
                                    "PermitOpen", filename, linenum);
                        if (arg == NULL || (port = a2port(arg)) == 0)
                                fatal("%s line %d: bad port number in "
                                    "PermitOpen", filename, linenum);

-                       if (*activep && options->num_permitted_opens == -1) {
-                               channel_clear_adm_permitted_opens();
+                       if (*activep && n == -1)

                                options->num_permitted_opens =
                                    channel_add_adm_permitted_opens(p, port);
                                options->num_permitted_opens =
                                    channel_add_adm_permitted_opens(p, port);

-                       }

                }
                break;
 
                }
                break;
 


@@ -1316,30 +1317,55 @@ parse_server_match_config(ServerOptions *options, const char *user,
 
        initialize_server_options(&mo);
        parse_server_config(&mo, "reprocess config", &cfg, user, host, address);
 
        initialize_server_options(&mo);
        parse_server_config(&mo, "reprocess config", &cfg, user, host, address);

-       copy_set_server_options(options, &mo);
+       copy_set_server_options(options, &mo, 0);

 }
 
 }
 

-/* Copy any (supported) values that are set */
+/* Helper macros */
+#define M_CP_INTOPT(n) do {\
+       if (src->n != -1) \
+               dst->n = src->n; \
+} while (0)
+#define M_CP_STROPT(n) do {\
+       if (src->n != NULL) { \
+               if (dst->n != NULL) \
+                       xfree(dst->n); \
+               dst->n = src->n; \
+       } \
+} while(0)
+
+/*
+ * Copy any supported values that are set.
+ *
+ * If the preauth flag is set, we do not bother copying the the string or
+ * array values that are not used pre-authentication, because any that we
+ * do use must be explictly sent in mm_getpwnamallow().
+ */

 void
 void

-copy_set_server_options(ServerOptions *dst, ServerOptions *src)
+copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)

 {
 {

-       if (src->allow_tcp_forwarding != -1)
-               dst->allow_tcp_forwarding = src->allow_tcp_forwarding;
-       if (src->gateway_ports != -1)
-               dst->gateway_ports = src->gateway_ports;
-       if (src->adm_forced_command != NULL) {
-               if (dst->adm_forced_command != NULL)
-                       xfree(dst->adm_forced_command);
-               dst->adm_forced_command = src->adm_forced_command;
-       }
-       if (src->x11_display_offset != -1)
-               dst->x11_display_offset = src->x11_display_offset;
-       if (src->x11_forwarding != -1)
-               dst->x11_forwarding = src->x11_forwarding;
-       if (src->x11_use_localhost != -1)
-               dst->x11_use_localhost = src->x11_use_localhost;
+       M_CP_INTOPT(password_authentication);
+       M_CP_INTOPT(gss_authentication);
+       M_CP_INTOPT(rsa_authentication);
+       M_CP_INTOPT(pubkey_authentication);
+       M_CP_INTOPT(kerberos_authentication);
+       M_CP_INTOPT(hostbased_authentication);
+       M_CP_INTOPT(kbd_interactive_authentication);
+
+       M_CP_INTOPT(allow_tcp_forwarding);
+       M_CP_INTOPT(gateway_ports);
+       M_CP_INTOPT(x11_display_offset);
+       M_CP_INTOPT(x11_forwarding);
+       M_CP_INTOPT(x11_use_localhost);
+
+       M_CP_STROPT(banner);
+       if (preauth)
+               return;
+       M_CP_STROPT(adm_forced_command);

 }
 
 }
 

+#undef M_CP_INTOPT
+#undef M_CP_STROPT
+

 void
 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
     const char *user, const char *host, const char *address)
 void
 parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
     const char *user, const char *host, const char *address)


@@ -1361,4 +1387,8 @@ parse_server_config(ServerOptions *options, const char *filename, Buffer *conf,
        if (bad_options > 0)
                fatal("%s: terminating, %d bad configuration options",
                    filename, bad_options);
        if (bad_options > 0)
                fatal("%s: terminating, %d bad configuration options",
                    filename, bad_options);

+
+       /* challenge-response is implemented via keyboard interactive */
+       if (options->challenge_response_authentication == 1)
+               options->kbd_interactive_authentication = 1;

 }
 }

diff --git a/openssh/servconf.h b/openssh/servconf.h
index ad496f64b9ba7cefad59e7befe8563437c38e675..8a5b950ea071958f34f3d53ea326b8f5a415f720 100644 (file)
--- a/openssh/servconf.h
+++ b/openssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.79 2006/08/14 12:40:25 dtucker Exp $ */
+/* $OpenBSD: servconf.h,v 1.80 2007/02/19 10:45:58 dtucker Exp $ */

 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>


@@ -152,6 +152,6 @@ void         parse_server_config(ServerOptions *, const char *, Buffer *,
             const char *, const char *, const char *);
 void    parse_server_match_config(ServerOptions *, const char *, const char *,
             const char *);
             const char *, const char *, const char *);
 void    parse_server_match_config(ServerOptions *, const char *, const char *,
             const char *);

-void    copy_set_server_options(ServerOptions *, ServerOptions *);
+void    copy_set_server_options(ServerOptions *, ServerOptions *, int);

 
 #endif                         /* SERVCONF_H */
 
 #endif                         /* SERVCONF_H */

diff --git a/openssh/serverloop.c b/openssh/serverloop.c
index 69304b5fadaee20ae80d075d6ba82d0dd2270b78..7e373f01bc59c030b41867b8c7e5664d2127e108 100644 (file)
--- a/openssh/serverloop.c
+++ b/openssh/serverloop.c
@@ -280,6 +280,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
        struct timeval tv, *tvp;
        int ret;
        int client_alive_scheduled = 0;
        struct timeval tv, *tvp;
        int ret;
        int client_alive_scheduled = 0;

+       int program_alive_scheduled = 0;

 
        /*
         * if using client_alive, set the max timeout accordingly,
 
        /*
         * if using client_alive, set the max timeout accordingly,


@@ -317,6 +318,7 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                 * the client, try to get some more data from the program.
                 */
                if (packet_not_very_much_data_to_write()) {
                 * the client, try to get some more data from the program.
                 */
                if (packet_not_very_much_data_to_write()) {

+                       program_alive_scheduled = child_terminated;

                        if (!fdout_eof)
                                FD_SET(fdout, *readsetp);
                        if (!fderr_eof)
                        if (!fdout_eof)
                                FD_SET(fdout, *readsetp);
                        if (!fderr_eof)


@@ -362,8 +364,16 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
                memset(*writesetp, 0, *nallocp);
                if (errno != EINTR)
                        error("select: %.100s", strerror(errno));
                memset(*writesetp, 0, *nallocp);
                if (errno != EINTR)
                        error("select: %.100s", strerror(errno));

-       } else if (ret == 0 && client_alive_scheduled)
-               client_alive_check();
+       } else {
+               if (ret == 0 && client_alive_scheduled)
+                       client_alive_check();
+               if (!compat20 && program_alive_scheduled && fdin_is_tty) {
+                       if (!fdout_eof)
+                               FD_SET(fdout, *readsetp);
+                       if (!fderr_eof)
+                               FD_SET(fderr, *readsetp);
+               }
+       }

 
        notify_done(*readsetp);
 }
 
        notify_done(*readsetp);
 }


@@ -407,7 +417,8 @@ process_input(fd_set *readset)
        if (!fdout_eof && FD_ISSET(fdout, readset)) {
                errno = 0;
                len = read(fdout, buf, sizeof(buf));
        if (!fdout_eof && FD_ISSET(fdout, readset)) {
                errno = 0;
                len = read(fdout, buf, sizeof(buf));

-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 && (errno == EINTR ||
+                   (errno == EAGAIN && !child_terminated))) {

                        /* do nothing */
 #ifndef PTY_ZEROREAD
                } else if (len <= 0) {
                        /* do nothing */
 #ifndef PTY_ZEROREAD
                } else if (len <= 0) {


@@ -425,7 +436,8 @@ process_input(fd_set *readset)
        if (!fderr_eof && FD_ISSET(fderr, readset)) {
                errno = 0;
                len = read(fderr, buf, sizeof(buf));
        if (!fderr_eof && FD_ISSET(fderr, readset)) {
                errno = 0;
                len = read(fderr, buf, sizeof(buf));

-               if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+               if (len < 0 && (errno == EINTR ||
+                   (errno == EAGAIN && !child_terminated))) {

                        /* do nothing */
 #ifndef PTY_ZEROREAD
                } else if (len <= 0) {
                        /* do nothing */
 #ifndef PTY_ZEROREAD
                } else if (len <= 0) {

diff --git a/openssh/session.c b/openssh/session.c
index 69153ad1e3148e19b24e83d90f8fd7568ec9808c..4c97c4a7dddd39bb08a163c688857ae1eae3164e 100644 (file)
--- a/openssh/session.c
+++ b/openssh/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.220 2006/10/09 23:36:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.221 2007/01/21 01:41:54 stevesk Exp $ */

 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved


@@ -2027,7 +2027,7 @@ session_input_channel_req(Channel *c, const char *rtype)
                } else if (strcmp(rtype, "exec") == 0) {
                        success = session_exec_req(s);
                } else if (strcmp(rtype, "pty-req") == 0) {
                } else if (strcmp(rtype, "exec") == 0) {
                        success = session_exec_req(s);
                } else if (strcmp(rtype, "pty-req") == 0) {

-                       success =  session_pty_req(s);
+                       success = session_pty_req(s);

                } else if (strcmp(rtype, "x11-req") == 0) {
                        success = session_x11_req(s);
                } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {
                } else if (strcmp(rtype, "x11-req") == 0) {
                        success = session_x11_req(s);
                } else if (strcmp(rtype, "auth-agent-req@openssh.com") == 0) {


@@ -2152,7 +2152,7 @@ session_close_single_x11(int id, void *arg)
 
        debug3("session_close_single_x11: channel %d", id);
        channel_cancel_cleanup(id);
 
        debug3("session_close_single_x11: channel %d", id);
        channel_cancel_cleanup(id);

-       if ((s  = session_by_x11_channel(id)) == NULL)
+       if ((s = session_by_x11_channel(id)) == NULL)

                fatal("session_close_single_x11: no x11 channel %d", id);
        for (i = 0; s->x11_chanids[i] != -1; i++) {
                debug("session_close_single_x11: session %d: "
                fatal("session_close_single_x11: no x11 channel %d", id);
        for (i = 0; s->x11_chanids[i] != -1; i++) {
                debug("session_close_single_x11: session %d: "

diff --git a/openssh/sftp-client.c b/openssh/sftp-client.c
index 42eb2b41bfce2ddf31224f98502c93a9cf15609e..2746f32457a992db712476ad8966d11ab67ee64a 100644 (file)
--- a/openssh/sftp-client.c
+++ b/openssh/sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.75 2006/10/22 02:25:50 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.76 2007/01/22 11:32:50 djm Exp $ */

 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *


@@ -1140,6 +1140,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
                                close(local_fd);
                                xfree(data);
                                xfree(ack);
                                close(local_fd);
                                xfree(data);
                                xfree(ack);

+                               status = -1;

                                goto done;
                        }
                        debug3("In write loop, ack for %u %u bytes at %llu",
                                goto done;
                        }
                        debug3("In write loop, ack for %u %u bytes at %llu",

diff --git a/openssh/sftp-server.c b/openssh/sftp-server.c
index c57958b0f327fe4cf955ac90efe917b8d36434de..64777beffd5aeb3e9edc539fb0fd4c75b2475ad9 100644 (file)
--- a/openssh/sftp-server.c
+++ b/openssh/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.70 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.71 2007/01/03 07:22:36 stevesk Exp $ */

 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *


@@ -663,7 +663,7 @@ process_fstat(void)
        debug("request %u: fstat \"%s\" (handle %u)",
            id, handle_to_name(handle), handle);
        fd = handle_to_fd(handle);
        debug("request %u: fstat \"%s\" (handle %u)",
            id, handle_to_name(handle), handle);
        fd = handle_to_fd(handle);

-       if (fd  >= 0) {
+       if (fd >= 0) {

                ret = fstat(fd, &st);
                if (ret < 0) {
                        status = errno_to_portable(errno);
                ret = fstat(fd, &st);
                if (ret < 0) {
                        status = errno_to_portable(errno);

diff --git a/openssh/sftp.c b/openssh/sftp.c
index a39c782f70e28af2c508329246ffd474aac9ee40..f0d5dd557e94a42b7060ce8c1a4cd158a150643d 100644 (file)
--- a/openssh/sftp.c
+++ b/openssh/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.93 2006/09/30 17:48:22 ray Exp $ */
+/* $OpenBSD: sftp.c,v 1.96 2007/01/03 04:09:15 stevesk Exp $ */

 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *


@@ -166,6 +166,7 @@ static const struct CMD cmds[] = {
 
 int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
 
 
 int interactive_loop(int fd_in, int fd_out, char *file1, char *file2);
 

+/* ARGSUSED */

 static void
 killchild(int signo)
 {
 static void
 killchild(int signo)
 {


@@ -177,6 +178,7 @@ killchild(int signo)
        _exit(1);
 }
 
        _exit(1);
 }
 

+/* ARGSUSED */

 static void
 cmd_interrupt(int signo)
 {
 static void
 cmd_interrupt(int signo)
 {


@@ -298,11 +300,11 @@ static char *
 path_append(char *p1, char *p2)
 {
        char *ret;
 path_append(char *p1, char *p2)
 {
        char *ret;

-       int len = strlen(p1) + strlen(p2) + 2;
+       size_t len = strlen(p1) + strlen(p2) + 2;

 
        ret = xmalloc(len);
        strlcpy(ret, p1, len);
 
        ret = xmalloc(len);
        strlcpy(ret, p1, len);

-       if (p1[strlen(p1) - 1] != '/')
+       if (p1[0] != '\0' && p1[strlen(p1) - 1] != '/')

                strlcat(ret, "/", len);
        strlcat(ret, p2, len);
 
                strlcat(ret, "/", len);
        strlcat(ret, p2, len);
 


@@ -1566,7 +1568,7 @@ main(int argc, char **argv)
                                fprintf(stderr, "Missing username\n");
                                usage();
                        }
                                fprintf(stderr, "Missing username\n");
                                usage();
                        }

-                       addargs(&args, "-l%s",userhost);
+                       addargs(&args, "-l%s", userhost);

                }
 
                if ((cp = colon(host)) != NULL) {
                }
 
                if ((cp = colon(host)) != NULL) {

diff --git a/openssh/ssh-agent.c b/openssh/ssh-agent.c
index ef95eb878f39b99735eb5417f41d6342cac8b4bc..a3a867c33b70e7a191c1608eb862f11b7ed34988 100644 (file)
--- a/openssh/ssh-agent.c
+++ b/openssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.153 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.154 2007/02/28 00:55:30 dtucker Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -434,6 +434,7 @@ reaper(void)
                for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
                        nxt = TAILQ_NEXT(id, next);
                        if (id->death != 0 && now >= id->death) {
                for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {
                        nxt = TAILQ_NEXT(id, next);
                        if (id->death != 0 && now >= id->death) {

+                               debug("expiring key '%s'", id->comment);

                                TAILQ_REMOVE(&tab->idlist, id, next);
                                free_identity(id);
                                tab->nentries--;
                                TAILQ_REMOVE(&tab->idlist, id, next);
                                free_identity(id);
                                tab->nentries--;


@@ -698,9 +699,6 @@ process_message(SocketEntry *e)
        u_int msg_len, type;
        u_char *cp;
 
        u_int msg_len, type;
        u_char *cp;
 

-       /* kill dead keys */
-       reaper();
-

        if (buffer_len(&e->input) < 5)
                return;         /* Incomplete message. */
        cp = buffer_ptr(&e->input);
        if (buffer_len(&e->input) < 5)
                return;         /* Incomplete message. */
        cp = buffer_ptr(&e->input);


@@ -1016,7 +1014,7 @@ int
 main(int ac, char **av)
 {
        int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;
 main(int ac, char **av)
 {
        int c_flag = 0, d_flag = 0, k_flag = 0, s_flag = 0;

-       int sock, fd, ch;
+       int sock, fd, ch, result, saved_errno;

        u_int nalloc;
        char *shell, *format, *pidstr, *agentsocket = NULL;
        fd_set *readsetp = NULL, *writesetp = NULL;
        u_int nalloc;
        char *shell, *format, *pidstr, *agentsocket = NULL;
        fd_set *readsetp = NULL, *writesetp = NULL;


@@ -1029,6 +1027,7 @@ main(int ac, char **av)
        extern char *optarg;
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];
        extern char *optarg;
        pid_t pid;
        char pidstrbuf[1 + 3 * sizeof pid];

+       struct timeval tv;

 
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
 
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();


@@ -1242,13 +1241,18 @@ skip:
        nalloc = 0;
 
        while (1) {
        nalloc = 0;
 
        while (1) {

+               tv.tv_sec = 10;
+               tv.tv_usec = 0;

                prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);
                prepare_select(&readsetp, &writesetp, &max_fd, &nalloc);

-               if (select(max_fd + 1, readsetp, writesetp, NULL, NULL) < 0) {
-                       if (errno == EINTR)
+               result = select(max_fd + 1, readsetp, writesetp, NULL, &tv);
+               saved_errno = errno;
+               reaper();       /* remove expired keys */
+               if (result < 0) {
+                       if (saved_errno == EINTR)

                                continue;
                                continue;

-                       fatal("select: %s", strerror(errno));
-               }
-               after_select(readsetp, writesetp);
+                       fatal("select: %s", strerror(saved_errno));
+               } else if (result > 0)
+                       after_select(readsetp, writesetp);

        }
        /* NOTREACHED */
 }
        }
        /* NOTREACHED */
 }

diff --git a/openssh/ssh-keygen.1 b/openssh/ssh-keygen.1
index ab16bcd77731f6405a400579f6da4e341d5d4ff5..5a8c8c4715e9cc38de5d709268e0e235e68c5fef 100644 (file)
--- a/openssh/ssh-keygen.1
+++ b/openssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $
+.\"    $OpenBSD: ssh-keygen.1,v 1.74 2007/01/12 20:20:41 jmc Exp $

 .\"
 .\"  -*- nroff -*-
 .\"
 .\"
 .\"  -*- nroff -*-
 .\"


@@ -205,8 +205,8 @@ Download the RSA public key stored in the smartcard in
 .Ar reader .
 .It Fl e
 This option will read a private or public OpenSSH key file and
 .Ar reader .
 .It Fl e
 This option will read a private or public OpenSSH key file and

-print the key in a
-.Sq SECSH Public Key File Format
+print the key in
+RFC 4716 SSH Public Key File Format

 to stdout.
 This option allows exporting keys for use by several commercial
 SSH implementations.
 to stdout.
 This option allows exporting keys for use by several commercial
 SSH implementations.


@@ -253,7 +253,7 @@ in SSH2-compatible format and print an OpenSSH compatible private
 (or public) key to stdout.
 .Nm
 also reads the
 (or public) key to stdout.
 .Nm
 also reads the

-.Sq SECSH Public Key File Format .
+RFC 4716 SSH Public Key File Format.

 This option allows importing keys from several commercial
 SSH implementations.
 .It Fl l
 This option allows importing keys from several commercial
 SSH implementations.
 .It Fl l


@@ -450,12 +450,9 @@ The file format is described in
 .Xr moduli 5 ,
 .Xr sshd 8
 .Rs
 .Xr moduli 5 ,
 .Xr sshd 8
 .Rs

-.%A J. Galbraith
-.%A R. Thayer
-.%T "SECSH Public Key File Format"
-.%N draft-ietf-secsh-publickeyfile-01.txt
-.%D March 2001
-.%O work in progress material
+.%R RFC 4716
+.%T "The Secure Shell (SSH) Public Key File Format"
+.%D 2006

 .Re
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
 .Re
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free

diff --git a/openssh/ssh-keygen.c b/openssh/ssh-keygen.c
index 1f42b93585a583da408b0ec5ab70a2e9ffac29d6..04a9b939ad5db5457a4e4a558e78ddb59ec1b206 100644 (file)
--- a/openssh/ssh-keygen.c
+++ b/openssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.155 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.160 2007/01/21 01:41:54 stevesk Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -241,7 +241,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
        buffer_init(&b);
        buffer_append(&b, blob, blen);
 
        buffer_init(&b);
        buffer_append(&b, blob, blen);
 

-       magic  = buffer_get_int(&b);
+       magic = buffer_get_int(&b);

        if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
                error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
                buffer_free(&b);
        if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
                error("bad magic 0x%x != 0x%x", magic, SSH_COM_PRIVATE_KEY_MAGIC);
                buffer_free(&b);


@@ -253,7 +253,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
        i2 = buffer_get_int(&b);
        i3 = buffer_get_int(&b);
        i4 = buffer_get_int(&b);
        i2 = buffer_get_int(&b);
        i3 = buffer_get_int(&b);
        i4 = buffer_get_int(&b);

-       debug("ignore (%d %d %d %d)", i1,i2,i3,i4);
+       debug("ignore (%d %d %d %d)", i1, i2, i3, i4);

        if (strcmp(cipher, "none") != 0) {
                error("unsupported cipher %s", cipher);
                xfree(cipher);
        if (strcmp(cipher, "none") != 0) {
                error("unsupported cipher %s", cipher);
                xfree(cipher);


@@ -284,7 +284,7 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
                buffer_get_bignum_bits(&b, key->dsa->priv_key);
                break;
        case KEY_RSA:
                buffer_get_bignum_bits(&b, key->dsa->priv_key);
                break;
        case KEY_RSA:

-               e  = buffer_get_char(&b);
+               e = buffer_get_char(&b);

                debug("e %lx", e);
                if (e < 30) {
                        e <<= 8;
                debug("e %lx", e);
                if (e < 30) {
                        e <<= 8;


@@ -346,9 +346,8 @@ get_line(FILE *fp, char *line, size_t len)
                line[pos++] = c;
                line[pos] = '\0';
        }
                line[pos++] = c;
                line[pos] = '\0';
        }

-       if (c == EOF)
-               return -1;
-       return pos;
+       /* We reached EOF */
+       return -1;

 }
 
 static void
 }
 
 static void


@@ -554,7 +553,7 @@ do_fingerprint(struct passwd *pw)
                        for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                                ;
                        if (!*cp || *cp == '\n' || *cp == '#')
                        for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
                                ;
                        if (!*cp || *cp == '\n' || *cp == '#')

-                               continue ;
+                               continue;

                        i = strtol(cp, &ep, 10);
                        if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
                                int quoted = 0;
                        i = strtol(cp, &ep, 10);
                        if (i == 0 || ep == NULL || (*ep != ' ' && *ep != '\t')) {
                                int quoted = 0;


@@ -1017,13 +1016,13 @@ usage(void)
 #ifdef SMARTCARD
        fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
 #endif /* SMARTCARD */
 #ifdef SMARTCARD
        fprintf(stderr, "  -D reader   Download public key from smartcard.\n");
 #endif /* SMARTCARD */

-       fprintf(stderr, "  -e          Convert OpenSSH to IETF SECSH key file.\n");
+       fprintf(stderr, "  -e          Convert OpenSSH to RFC 4716 key file.\n");

        fprintf(stderr, "  -F hostname Find hostname in known hosts file.\n");
        fprintf(stderr, "  -f filename Filename of the key file.\n");
        fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
        fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
        fprintf(stderr, "  -H          Hash names in known_hosts file.\n");
        fprintf(stderr, "  -F hostname Find hostname in known hosts file.\n");
        fprintf(stderr, "  -f filename Filename of the key file.\n");
        fprintf(stderr, "  -G file     Generate candidates for DH-GEX moduli.\n");
        fprintf(stderr, "  -g          Use generic DNS resource record format.\n");
        fprintf(stderr, "  -H          Hash names in known_hosts file.\n");

-       fprintf(stderr, "  -i          Convert IETF SECSH to OpenSSH key file.\n");
+       fprintf(stderr, "  -i          Convert RFC 4716 to OpenSSH key file.\n");

        fprintf(stderr, "  -l          Show fingerprint of key file.\n");
        fprintf(stderr, "  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.\n");
        fprintf(stderr, "  -N phrase   Provide new passphrase.\n");
        fprintf(stderr, "  -l          Show fingerprint of key file.\n");
        fprintf(stderr, "  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.\n");
        fprintf(stderr, "  -N phrase   Provide new passphrase.\n");


@@ -1049,7 +1048,7 @@ usage(void)
  * Main program for key management.
  */
 int
  * Main program for key management.
  */
 int

-main(int ac, char **av)
+main(int argc, char **argv)

 {
        char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
        char out_file[MAXPATHLEN], *reader_id = NULL;
 {
        char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
        char out_file[MAXPATHLEN], *reader_id = NULL;


@@ -1071,10 +1070,10 @@ main(int ac, char **av)
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
 
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
 

-       __progname = ssh_get_progname(av[0]);
+       __progname = ssh_get_progname(argv[0]);

 
        SSLeay_add_all_algorithms();
 
        SSLeay_add_all_algorithms();

-       log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+       log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);

 
        init_rng();
        seed_rng();
 
        init_rng();
        seed_rng();


@@ -1090,7 +1089,7 @@ main(int ac, char **av)
                exit(1);
        }
 
                exit(1);
        }
 

-       while ((opt = getopt(ac, av,
+       while ((opt = getopt(argc, argv,

            "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
                switch (opt) {
                case 'b':
            "degiqpclBHvxXyF:b:f:t:U:D:P:N:C:r:g:R:T:G:M:S:a:W:")) != -1) {
                switch (opt) {
                case 'b':


@@ -1223,9 +1222,9 @@ main(int ac, char **av)
        }
 
        /* reinit */
        }
 
        /* reinit */

-       log_init(av[0], log_level, SYSLOG_FACILITY_USER, 1);
+       log_init(argv[0], log_level, SYSLOG_FACILITY_USER, 1);

 
 

-       if (optind < ac) {
+       if (optind < argc) {

                printf("Too many arguments.\n");
                usage();
        }
                printf("Too many arguments.\n");
                usage();
        }

diff --git a/openssh/ssh-rand-helper.8 b/openssh/ssh-rand-helper.8
index 59c1e0b3d0643a22d8a129b4d505503d0acc6678..cca3c9d5033f2cb0313cc95f5d67d2e95e557ceb 100644 (file)
--- a/openssh/ssh-rand-helper.8
+++ b/openssh/ssh-rand-helper.8
@@ -27,7 +27,7 @@
 .Os
 .Sh NAME
 .Nm ssh-rand-helper
 .Os
 .Sh NAME
 .Nm ssh-rand-helper

-.Nd Random number gatherer for OpenSSH
+.Nd random number gatherer for OpenSSH

 .Sh SYNOPSIS
 .Nm ssh-rand-hlper
 .Op Fl vxXh
 .Sh SYNOPSIS
 .Nm ssh-rand-hlper
 .Op Fl vxXh


@@ -82,7 +82,7 @@ Force output of a binary seed, even if standard output is a tty
 Turn on debugging message. Multiple
 .Fl v
 options will increase the debugging level.
 Turn on debugging message. Multiple
 .Fl v
 options will increase the debugging level.

-.Fl h
+.It Fl h

 Display a summary of options.
 .El
 .Sh AUTHORS
 Display a summary of options.
 .El
 .Sh AUTHORS

diff --git a/openssh/ssh.1 b/openssh/ssh.1
index 93be52f96bf94a76eb1be8e56dc822a72ff94ba6..b87ab417165c325742e72bd7f494ba82c8dce363 100644 (file)
--- a/openssh/ssh.1
+++ b/openssh/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"

-.\" $OpenBSD: ssh.1,v 1.265 2006/10/28 18:08:10 otto Exp $
+.\" $OpenBSD: ssh.1,v 1.266 2006/12/11 21:25:46 markus Exp $

 .Dd September 25, 1999
 .Dt SSH 1
 .Os
 .Dd September 25, 1999
 .Dt SSH 1
 .Os


@@ -1418,6 +1418,11 @@ manual page for more information.
 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
 .%D 2006
 .Re
 .%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
 .%D 2006
 .Re

+.Rs
+.%R RFC 4716
+.%T "The Secure Shell (SSH) Public Key File Format"
+.%D 2006
+.Re

 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
 ssh 1.2.12 release by Tatu Ylonen.
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
 ssh 1.2.12 release by Tatu Ylonen.

diff --git a/openssh/ssh.c b/openssh/ssh.c
index 47297edbb3f021db400199bfcbcba42418009bbe..cfaa1ff227e36fba64e50a6c8e162b00f6186cc2 100644 (file)
--- a/openssh/ssh.c
+++ b/openssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.294 2006/10/06 02:29:19 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.295 2007/01/03 03:01:40 stevesk Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -614,7 +614,7 @@ main(int ac, char **av)
                if (!read_config_file(config, host, &options, 0))
                        fatal("Can't open user config file %.100s: "
                            "%.100s", config, strerror(errno));
                if (!read_config_file(config, host, &options, 0))
                        fatal("Can't open user config file %.100s: "
                            "%.100s", config, strerror(errno));

-       } else  {
+       } else {

                snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
                    _PATH_SSH_USER_CONFFILE);
                (void)read_config_file(buf, host, &options, 1);
                snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
                    _PATH_SSH_USER_CONFFILE);
                (void)read_config_file(buf, host, &options, 1);

diff --git a/openssh/ssh_config.5 b/openssh/ssh_config.5
index 20c58934add92a979b93bdaddfe5a9cff64557b2..c1ad53dcfab1af793becb0b1e02563f80f1e08b6 100644 (file)
--- a/openssh/ssh_config.5
+++ b/openssh/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"

-.\" $OpenBSD: ssh_config.5,v 1.97 2006/07/27 08:00:50 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.98 2007/01/10 13:23:22 jmc Exp $

 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os


@@ -42,10 +42,8 @@
 .Nm ssh_config
 .Nd OpenSSH SSH client configuration files
 .Sh SYNOPSIS
 .Nm ssh_config
 .Nd OpenSSH SSH client configuration files
 .Sh SYNOPSIS

-.Bl -tag -width Ds -compact
-.It Pa ~/.ssh/config
-.It Pa /etc/ssh/ssh_config
-.El
+.Nm ~/.ssh/config
+.Nm /etc/ssh/ssh_config

 .Sh DESCRIPTION
 .Xr ssh 1
 obtains configuration data from the following sources in
 .Sh DESCRIPTION
 .Xr ssh 1
 obtains configuration data from the following sources in

diff --git a/openssh/sshd.c b/openssh/sshd.c
index 4aa1c98ed41704f906ad253ae32903b00a66f717..0a76f2d3ac164d554c06f052677634e338d8ce74 100644 (file)
--- a/openssh/sshd.c
+++ b/openssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.348 2006/11/06 21:25:28 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.349 2007/02/21 11:00:05 dtucker Exp $ */

 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland


@@ -305,6 +305,7 @@ sighup_restart(void)
        logit("Received SIGHUP; restarting.");
        close_listen_socks();
        close_startup_pipes();
        logit("Received SIGHUP; restarting.");
        close_listen_socks();
        close_startup_pipes();

+       alarm(0);  /* alarm timer persists across exec */

        execv(saved_argv[0], saved_argv);
        logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
            strerror(errno));
        execv(saved_argv[0], saved_argv);
        logit("RESTART FAILED: av[0]='%.100s', error: %.100s.", saved_argv[0],
            strerror(errno));

diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5
index 2bcaf22454263eb385e17da44f3c78c0ff0d048c..af12214456ceeafeb9669db60b8cfe6fccd25de4 100644 (file)
--- a/openssh/sshd_config.5
+++ b/openssh/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"

-.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.74 2007/03/01 16:19:33 jmc Exp $

 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os


@@ -42,9 +42,7 @@
 .Nm sshd_config
 .Nd OpenSSH SSH daemon configuration file
 .Sh SYNOPSIS
 .Nm sshd_config
 .Nd OpenSSH SSH daemon configuration file
 .Sh SYNOPSIS

-.Bl -tag -width Ds -compact
-.It Pa /etc/ssh/sshd_config
-.El
+.Nm /etc/ssh/sshd_config

 .Sh DESCRIPTION
 .Xr sshd 8
 reads configuration data from
 .Sh DESCRIPTION
 .Xr sshd 8
 reads configuration data from


@@ -514,9 +512,16 @@ Only a subset of keywords may be used on the lines following a
 keyword.
 Available keywords are
 .Cm AllowTcpForwarding ,
 keyword.
 Available keywords are
 .Cm AllowTcpForwarding ,

+.Cm Banner ,

 .Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm ForceCommand ,
 .Cm GatewayPorts ,

+.Cm GSSApiAuthentication ,
+.Cm KbdInteractiveAuthentication ,
+.Cm KerberosAuthentication ,
+.Cm PasswordAuthentication ,

 .Cm PermitOpen ,
 .Cm PermitOpen ,

+.Cm RhostsRSAAuthentication ,
+.Cm RSAAuthentication ,

 .Cm X11DisplayOffset ,
 .Cm X11Forwarding ,
 and
 .Cm X11DisplayOffset ,
 .Cm X11Forwarding ,
 and

diff --git a/openssh/version.h b/openssh/version.h
index d16990a21b985e9e1a7e4d50f7f812c31cae8af1..0f48111206db4a646b963cb399d866a9535e59b8 100644 (file)
--- a/openssh/version.h
+++ b/openssh/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
+/* $OpenBSD: version.h,v 1.49 2007/03/06 10:13:14 djm Exp $ */

 
 

-#define SSH_VERSION    "OpenSSH_4.5"
+#define SSH_VERSION    "OpenSSH_4.6"

 
 #define SSH_PORTABLE   "p1"
 #define SSH_RELEASE    SSH_VERSION SSH_PORTABLE
 
 #define SSH_PORTABLE   "p1"
 #define SSH_RELEASE    SSH_VERSION SSH_PORTABLE