Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed

upstream) and a number of security fixes which we had already backported. MFC after: 1 week
author: des <des@FreeBSD.org> 2016-01-19 16:18:26 +0000
committer: des <des@FreeBSD.org> 2016-01-19 16:18:26 +0000
commit: 14172c52f89fa504003826ed2e4e2c0ac246505d (patch)
tree: bc48bd740145eea64393ed391fc1d972c83f991c /crypto/openssh/ssh-keyscan.c
parent: 456370e53073cd38d0ddc4001283f1c131d1428e (diff)
parent: 64c731d52472fb486558425128009691392e0bef (diff)
download: FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.zip
FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/crypto/openssh/ssh-keyscan.c b/crypto/openssh/ssh-keyscan.c
index 8d0a6b8..3fabfba 100644
--- a/crypto/openssh/ssh-keyscan.c
+++ b/crypto/openssh/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.89 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.92 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -58,7 +58,7 @@ int ssh_port = SSH_DEFAULT_PORT;
 #define KT_ECDSA	8
 #define KT_ED25519	16
 
-int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
+int get_keytypes = KT_RSA|KT_ECDSA|KT_ED25519;
 
 int hash_hosts = 0;		/* Hash hostname on output */
 
@@ -182,6 +182,7 @@ strnnsep(char **stringp, char *delim)
 	return (tok);
 }
 
+#ifdef WITH_SSH1
 static Key *
 keygrab_ssh1(con *c)
 {
@@ -215,6 +216,7 @@ keygrab_ssh1(con *c)
 
 	return (rsa);
 }
+#endif
 
 static int
 hostjump(Key *hostkey)
@@ -242,6 +244,7 @@ ssh2_capable(int remote_major, int remote_minor)
 static Key *
 keygrab_ssh2(con *c)
 {
+	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	int j;
 
 	packet_set_connection(c->c_fd, c->c_fd);
@@ -252,11 +255,13 @@ keygrab_ssh2(con *c)
 	    (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
 	    "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
 	c->c_kex = kex_setup(myproposal);
+#ifdef WITH_OPENSSL
 	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
 	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
 	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
 	c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+#endif
 	c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 	c->c_kex->verify_host_key = hostjump;
 
@@ -506,10 +511,12 @@ conread(int s)
 			c->c_data = xmalloc(c->c_len);
 			c->c_status = CS_KEYS;
 			break;
+#ifdef WITH_SSH1
 		case CS_KEYS:
 			keyprint(c, keygrab_ssh1(c));
 			confree(s);
 			return;
+#endif
 		default:
 			fatal("conread: invalid status %d", c->c_status);
 			break;
author	des <des@FreeBSD.org>	2016-01-19 16:18:26 +0000
committer	des <des@FreeBSD.org>	2016-01-19 16:18:26 +0000
commit	14172c52f89fa504003826ed2e4e2c0ac246505d (patch)
tree	bc48bd740145eea64393ed391fc1d972c83f991c /crypto/openssh/ssh-keyscan.c
parent	456370e53073cd38d0ddc4001283f1c131d1428e (diff)
parent	64c731d52472fb486558425128009691392e0bef (diff)
download	FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.zip FreeBSD-src-14172c52f89fa504003826ed2e4e2c0ac246505d.tar.gz