From owner-svn-src-all@FreeBSD.ORG Thu Feb 17 11:49:48 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E08C5106566C; Thu, 17 Feb 2011 11:49:48 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id CECE48FC12; Thu, 17 Feb 2011 11:49:48 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id p1HBnmLP007250; Thu, 17 Feb 2011 11:49:48 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id p1HBnmxB007220; Thu, 17 Feb 2011 11:49:48 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201102171149.p1HBnmxB007220@svn.freebsd.org> From: Dag-Erling Smorgrav Date: Thu, 17 Feb 2011 11:49:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r218769 - in vendor-crypto/openssh/dist: . contrib/caldera contrib/redhat contrib/suse openbsd-compat X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Feb 2011 11:49:49 -0000 Author: des Date: Thu Feb 17 11:49:48 2011 New Revision: 218769 URL: http://svn.freebsd.org/changeset/base/218769 Log: Vendor import of OpenSSH 5.8p1 Modified: vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/Makefile.in vendor-crypto/openssh/dist/PROTOCOL.mux vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/caldera/openssh.spec vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/key.c vendor-crypto/openssh/dist/moduli.0 vendor-crypto/openssh/dist/openbsd-compat/port-linux.c vendor-crypto/openssh/dist/openbsd-compat/port-linux.h vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/sftp-server.0 vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/ssh-add.0 vendor-crypto/openssh/dist/ssh-agent.0 vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keyscan.0 vendor-crypto/openssh/dist/ssh-keysign.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 vendor-crypto/openssh/dist/ssh-rand-helper.0 vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/sshd.0 vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/version.h Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ChangeLog Thu Feb 17 11:49:48 2011 (r218769) @@ -1,3 +1,31 @@ +20110204 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/01/31 21:42:15 + [PROTOCOL.mux] + cut'n'pasto; from bert.wesarg AT googlemail.com + - djm@cvs.openbsd.org 2011/02/04 00:44:21 + [key.c] + fix uninitialised nonce variable; reported by Mateusz Kocielski + - djm@cvs.openbsd.org 2011/02/04 00:44:43 + [version.h] + openssh-5.8 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] update versions in docs and spec files. + - Release OpenSSH 5.8p1 + +20110128 + - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled + before attempting setfscreatecon(). Check whether matchpathcon() + succeeded before using its result. Patch from cjwatson AT debian.org; + bz#1851 + +20110125 + - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c + openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to + port-linux.c to avoid compilation errors. Add -lselinux to ssh when + building with SELinux support to avoid linking failure; report from + amk AT spamfence.net; ok dtucker + 20110122 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add RSA_get_default_method() for the benefit of openssl versions that don't Modified: vendor-crypto/openssh/dist/Makefile.in ============================================================================== --- vendor-crypto/openssh/dist/Makefile.in Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/Makefile.in Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ +# $Id: Makefile.in,v 1.320.4.1 2011/02/04 00:42:13 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -46,6 +46,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +SSHLIBS=@SSHLIBS@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ @@ -142,7 +143,7 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) Modified: vendor-crypto/openssh/dist/PROTOCOL.mux ============================================================================== --- vendor-crypto/openssh/dist/PROTOCOL.mux Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/PROTOCOL.mux Thu Feb 17 11:49:48 2011 (r218769) @@ -122,7 +122,7 @@ For dynamically allocated listen port th Note: currently unimplemented (server will always reply with MUX_S_FAILURE). -A client may request the master to establish a port forward: +A client may request the master to close a port forward: uint32 MUX_C_CLOSE_FWD uint32 request id @@ -200,4 +200,4 @@ XXX server->client error/warning notific XXX port0 rfwd (need custom response message) XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.3 2011/01/13 21:55:25 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $ Modified: vendor-crypto/openssh/dist/README ============================================================================== --- vendor-crypto/openssh/dist/README Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/README Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.7 for the release notes. +See http://www.openssh.com/txt/release-5.8 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.75 2011/01/22 09:23:12 djm Exp $ +$Id: README,v 1.75.4.1 2011/02/04 00:57:50 djm Exp $ Modified: vendor-crypto/openssh/dist/configure ============================================================================== --- vendor-crypto/openssh/dist/configure Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/configure Thu Feb 17 11:49:48 2011 (r218769) @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.ac Revision: 1.469 . +# From configure.ac Revision: 1.469.4.1 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61 for OpenSSH Portable. # @@ -696,7 +696,6 @@ STARTUP_SCRIPT_SHELL LOGIN_PROGRAM_FALLBACK PATH_PASSWD_PROG LD -SSHDLIBS PKGCONFIG LIBEDIT TEST_SSH_SHA256 @@ -721,6 +720,8 @@ PROG_UPTIME PROG_IPCS PROG_TAIL INSTALL_SSH_PRNG_CMDS +SSHLIBS +SSHDLIBS KRB5CONF PRIVSEP_PATH xauth_path @@ -9047,7 +9048,6 @@ cat >>confdefs.h <<\_ACEOF _ACEOF SSHDLIBS="$SSHDLIBS -lcontract" - SPC_MSG="yes" fi @@ -9126,7 +9126,6 @@ cat >>confdefs.h <<\_ACEOF _ACEOF SSHDLIBS="$SSHDLIBS -lproject" - SP_MSG="yes" fi @@ -27806,6 +27805,7 @@ echo "$as_me: error: SELinux support req { (exit 1); exit 1; }; } fi + SSHLIBS="$SSHLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX" @@ -27908,6 +27908,8 @@ done fi + + # Check whether user wants Kerberos 5 support KRB5_MSG="no" @@ -31416,7 +31418,6 @@ STARTUP_SCRIPT_SHELL!$STARTUP_SCRIPT_SHE LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim LD!$LD$ac_delim -SSHDLIBS!$SSHDLIBS$ac_delim PKGCONFIG!$PKGCONFIG$ac_delim LIBEDIT!$LIBEDIT$ac_delim TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim @@ -31433,6 +31434,7 @@ PROG_PS!$PROG_PS$ac_delim PROG_SAR!$PROG_SAR$ac_delim PROG_W!$PROG_W$ac_delim PROG_WHO!$PROG_WHO$ac_delim +PROG_LAST!$PROG_LAST$ac_delim _ACEOF if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then @@ -31474,7 +31476,6 @@ _ACEOF ac_delim='%!_!# ' for ac_last_try in false false false false false :; do cat >conf$$subs.sed <<_ACEOF -PROG_LAST!$PROG_LAST$ac_delim PROG_LASTLOG!$PROG_LASTLOG$ac_delim PROG_DF!$PROG_DF$ac_delim PROG_VMSTAT!$PROG_VMSTAT$ac_delim @@ -31482,6 +31483,8 @@ PROG_UPTIME!$PROG_UPTIME$ac_delim PROG_IPCS!$PROG_IPCS$ac_delim PROG_TAIL!$PROG_TAIL$ac_delim INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim +SSHLIBS!$SSHLIBS$ac_delim +SSHDLIBS!$SSHDLIBS$ac_delim KRB5CONF!$KRB5CONF$ac_delim PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim xauth_path!$xauth_path$ac_delim @@ -31496,7 +31499,7 @@ LIBOBJS!$LIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 @@ -31993,6 +31996,9 @@ echo " Libraries: ${LIBS}" if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${SSHLIBS}"; then +echo " +for ssh: ${SSHLIBS}" +fi echo "" Modified: vendor-crypto/openssh/dist/configure.ac ============================================================================== --- vendor-crypto/openssh/dist/configure.ac Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/configure.ac Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ +# $Id: configure.ac,v 1.469.4.1 2011/02/04 00:42:14 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.469 $) +AC_REVISION($Revision: 1.469.4.1 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4) [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, [Define if you have Solaris process contracts]) SSHDLIBS="$SSHDLIBS -lcontract" - AC_SUBST(SSHDLIBS) SPC_MSG="yes" ], ) ], ) @@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4) [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, [Define if you have Solaris projects]) SSHDLIBS="$SSHDLIBS -lproject" - AC_SUBST(SSHDLIBS) SP_MSG="yes" ], ) ], ) @@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux, LIBS="$LIBS -lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + SSHLIBS="$SSHLIBS $LIBSELINUX" SSHDLIBS="$SSHDLIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) LIBS="$save_LIBS" fi ] ) +AC_SUBST(SSHLIBS) +AC_SUBST(SSHDLIBS) # Check whether user wants Kerberos 5 support KRB5_MSG="no" @@ -4341,6 +4342,9 @@ echo " Libraries: ${LIBS}" if test ! -z "${SSHDLIBS}"; then echo " +for sshd: ${SSHDLIBS}" fi +if test ! -z "${SSHLIBS}"; then +echo " +for ssh: ${SSHLIBS}" +fi echo "" Modified: vendor-crypto/openssh/dist/contrib/caldera/openssh.spec ============================================================================== --- vendor-crypto/openssh/dist/contrib/caldera/openssh.spec Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/contrib/caldera/openssh.spec Thu Feb 17 11:49:48 2011 (r218769) @@ -16,7 +16,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 -%define version 5.7p1 +%define version 5.8p1 %if %{use_stable} %define cvs %{nil} %define release 1 @@ -363,4 +363,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.73 2011/01/22 09:23:33 djm Exp $ +$Id: openssh.spec,v 1.73.4.1 2011/02/04 00:57:54 djm Exp $ Modified: vendor-crypto/openssh/dist/contrib/redhat/openssh.spec ============================================================================== --- vendor-crypto/openssh/dist/contrib/redhat/openssh.spec Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/contrib/redhat/openssh.spec Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -%define ver 5.7p1 +%define ver 5.8p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID Modified: vendor-crypto/openssh/dist/contrib/suse/openssh.spec ============================================================================== --- vendor-crypto/openssh/dist/contrib/suse/openssh.spec Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/contrib/suse/openssh.spec Thu Feb 17 11:49:48 2011 (r218769) @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 5.7p1 +Version: 5.8p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz Modified: vendor-crypto/openssh/dist/key.c ============================================================================== --- vendor-crypto/openssh/dist/key.c Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/key.c Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */ +/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1886,10 +1886,9 @@ key_certify(Key *k, Key *ca) buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); /* -v01 certs put nonce first */ - if (!key_cert_is_legacy(k)) { - arc4random_buf(&nonce, sizeof(nonce)); + arc4random_buf(&nonce, sizeof(nonce)); + if (!key_cert_is_legacy(k)) buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); - } switch (k->type) { case KEY_DSA_CERT_V00: Modified: vendor-crypto/openssh/dist/moduli.0 ============================================================================== --- vendor-crypto/openssh/dist/moduli.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/moduli.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -69,4 +69,4 @@ SEE ALSO Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, 2006. -OpenBSD 4.8 June 26, 2008 OpenBSD 4.8 +OpenBSD 4.9 June 26, 2008 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/openbsd-compat/port-linux.c ============================================================================== --- vendor-crypto/openssh/dist/openbsd-compat/port-linux.c Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/openbsd-compat/port-linux.c Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -205,6 +205,22 @@ ssh_selinux_change_context(const char *n xfree(oldctx); xfree(newctx); } + +void +ssh_selinux_setfscreatecon(const char *path) +{ + security_context_t context; + + if (!ssh_selinux_enabled()) + return; + if (path == NULL) + setfscreatecon(NULL); + return; + } + if (matchpathcon(path, 0700, &context) == 0) + setfscreatecon(context); +} + #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST Modified: vendor-crypto/openssh/dist/openbsd-compat/port-linux.h ============================================================================== --- vendor-crypto/openssh/dist/openbsd-compat/port-linux.h Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/openbsd-compat/port-linux.h Thu Feb 17 11:49:48 2011 (r218769) @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */ /* * Copyright (c) 2006 Damien Miller @@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); void ssh_selinux_change_context(const char *); +void ssh_selinux_setfscreatecon(const char *); #endif #ifdef LINUX_OOM_ADJUST Modified: vendor-crypto/openssh/dist/scp.0 ============================================================================== --- vendor-crypto/openssh/dist/scp.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/scp.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -153,4 +153,4 @@ AUTHORS Timo Rinne Tatu Ylonen -OpenBSD 4.8 December 9, 2010 OpenBSD 4.8 +OpenBSD 4.9 December 9, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/sftp-server.0 ============================================================================== --- vendor-crypto/openssh/dist/sftp-server.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/sftp-server.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -61,4 +61,4 @@ HISTORY AUTHORS Markus Friedl -OpenBSD 4.8 January 9, 2010 OpenBSD 4.8 +OpenBSD 4.9 January 9, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/sftp.0 ============================================================================== --- vendor-crypto/openssh/dist/sftp.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/sftp.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -328,4 +328,4 @@ SEE ALSO draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress material. -OpenBSD 4.8 December 4, 2010 OpenBSD 4.8 +OpenBSD 4.9 December 4, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-add.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-add.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-add.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -112,4 +112,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 +OpenBSD 4.9 October 28, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-agent.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-agent.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-agent.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -120,4 +120,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.8 November 21, 2010 OpenBSD 4.8 +OpenBSD 4.9 November 21, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-keygen.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-keygen.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-keygen.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -440,4 +440,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 +OpenBSD 4.9 October 28, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-keyscan.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-keyscan.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-keyscan.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -106,4 +106,4 @@ BUGS This is because it opens a connection to the ssh port, reads the public key, and drops the connection as soon as it gets the key. -OpenBSD 4.8 August 31, 2010 OpenBSD 4.8 +OpenBSD 4.9 August 31, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-keysign.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-keysign.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-keysign.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -48,4 +48,4 @@ HISTORY AUTHORS Markus Friedl -OpenBSD 4.8 August 31, 2010 OpenBSD 4.8 +OpenBSD 4.9 August 31, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -22,4 +22,4 @@ HISTORY AUTHORS Markus Friedl -OpenBSD 4.8 February 10, 2010 OpenBSD 4.8 +OpenBSD 4.9 February 10, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh-rand-helper.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh-rand-helper.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh-rand-helper.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -48,4 +48,4 @@ AUTHORS SEE ALSO ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) -OpenBSD 4.8 April 14, 2002 OpenBSD 4.8 +OpenBSD 4.9 April 14, 2002 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -895,4 +895,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.8 November 18, 2010 OpenBSD 4.8 +OpenBSD 4.9 November 18, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/ssh.c ============================================================================== --- vendor-crypto/openssh/dist/ssh.c Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh.c Thu Feb 17 11:49:48 2011 (r218769) @@ -852,15 +852,12 @@ main(int ac, char **av) strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { #ifdef WITH_SELINUX - char *scon; - - matchpathcon(buf, 0700, &scon); - setfscreatecon(scon); + ssh_selinux_setfscreatecon(buf); #endif if (mkdir(buf, 0700) < 0) error("Could not create directory '%.200s'.", buf); #ifdef WITH_SELINUX - setfscreatecon(NULL); + ssh_selinux_setfscreatecon(NULL); #endif } /* load options.identity_files */ Modified: vendor-crypto/openssh/dist/ssh_config.0 ============================================================================== --- vendor-crypto/openssh/dist/ssh_config.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/ssh_config.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -741,4 +741,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 4.8 December 8, 2010 OpenBSD 4.8 +OpenBSD 4.9 December 8, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/sshd.0 ============================================================================== --- vendor-crypto/openssh/dist/sshd.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/sshd.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -631,4 +631,4 @@ CAVEATS System security is not improved unless rshd, rlogind, and rexecd are disabled (thus completely disabling rlogin and rsh into the machine). -OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 +OpenBSD 4.9 October 28, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/sshd_config.0 ============================================================================== --- vendor-crypto/openssh/dist/sshd_config.0 Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/sshd_config.0 Thu Feb 17 11:49:48 2011 (r218769) @@ -710,4 +710,4 @@ AUTHORS versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 4.8 December 8, 2010 OpenBSD 4.8 +OpenBSD 4.9 December 8, 2010 OpenBSD 4.9 Modified: vendor-crypto/openssh/dist/version.h ============================================================================== --- vendor-crypto/openssh/dist/version.h Thu Feb 17 11:48:58 2011 (r218768) +++ vendor-crypto/openssh/dist/version.h Thu Feb 17 11:49:48 2011 (r218769) @@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.60 2011/01/22 09:18:53 djm Exp $ */ +/* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */ -#define SSH_VERSION "OpenSSH_5.7" +#define SSH_VERSION "OpenSSH_5.8" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE