From 5a18868b2d506b9e2254047d8d9fb9df5b2a8ae0 Mon Sep 17 00:00:00 2001 From: des Date: Sun, 7 Feb 2016 11:38:54 +0000 Subject: MFH (r265214, r294333, r294407, r294467): misc prop fixes MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2 Approved by: re (gjb) Relnotes: yes --- secure/lib/libssh/Makefile | 28 ++++++++++++++++------------ secure/usr.sbin/sshd/Makefile | 3 +-- 2 files changed, 17 insertions(+), 14 deletions(-) (limited to 'secure') diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 2f73b4c..0d3f05c 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -5,28 +5,32 @@ LIB= ssh PRIVATELIB= true SHLIB_MAJOR= 5 -SRCS= authfd.c authfile.c bufaux.c bufbn.c buffer.c \ - canohost.c channels.c cipher.c cipher-aes.c \ +SRCS= ssh_api.c ssherr.c sshbuf.c sshkey.c sshbuf-getput-basic.c \ + sshbuf-misc.c sshbuf-getput-crypto.c krl.c bitmap.c +SRCS+= authfd.c authfile.c bufaux.c bufbn.c bufec.c buffer.c \ + canohost.c channels.c cipher.c cipher-aes.c cipher-aesctr.c \ cipher-bf1.c cipher-ctr.c cipher-3des1.c cleanup.c \ - compat.c compress.c crc32.c deattack.c fatal.c hostfile.c \ - log.c match.c md-sha256.c moduli.c nchan.c packet.c \ + compat.c crc32.c deattack.c fatal.c hostfile.c \ + log.c match.c md-sha256.c moduli.c nchan.c packet.c opacket.c \ readpass.c rsa.c ttymodes.c xmalloc.c addrmatch.c \ - atomicio.c key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \ + atomicio.c key.c dispatch.c mac.c uidswap.c uuencode.c misc.c \ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \ - kexdh.c kexgex.c kexdhc.c kexgexc.c bufec.c kexecdh.c kexecdhc.c \ msg.c progressmeter.c dns.c entropy.c umac.c umac128.c \ - ssh-pkcs11.c krl.c smult_curve25519_ref.c \ - kexc25519.c kexc25519c.c poly1305.c chacha.c cipher-chachapoly.c \ - ssh-ed25519.c digest-openssl.c hmac.c \ - sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c + ssh-pkcs11.c smult_curve25519_ref.c \ + poly1305.c chacha.c cipher-chachapoly.c \ + ssh-ed25519.c digest-openssl.c digest-libc.c hmac.c \ + sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c blocks.c \ + kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c \ + kexdhc.c kexgexc.c kexecdhc.c kexc25519c.c \ + kexdhs.c kexgexs.c kexecdhs.c kexc25519s.c # gss-genr.c should be in $SRCS but causes linking problems, so it is # compiled directly into sshd instead. # Portability layer SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c explicit_bzero.c fmt_scaled.c \ - glob.c openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \ - vis.c xcrypt.c xmmap.c + glob.c openssl-compat.c port-tun.c reallocarray.c realpath.c strtonum.c \ + timingsafe_bcmp.c vis.c xcrypt.c xmmap.c .if ${MK_LDNS} == "no" SRCS+= getrrsetbyname.c diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index 7e7143a..5fb7084 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -10,8 +10,7 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \ auth-chall.c auth2-chall.c groupaccess.c \ auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ auth2-none.c auth2-passwd.c auth2-pubkey.c \ - monitor_mm.c monitor.c monitor_wrap.c kexdhs.c kexgexs.c kexecdhs.c \ - kexc25519s.c auth-krb5.c \ + monitor_mm.c monitor.c monitor_wrap.c auth-krb5.c \ auth2-gss.c gss-serv.c gss-serv-krb5.c \ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ sftp-server.c sftp-common.c \ -- cgit v1.1