Projects
openEuler:Mainline
openssh
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 11
View file
_service:tar_scm:openssh.spec
Changed
@@ -6,10 +6,10 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 6 +%global openssh_release 1 Name: openssh -Version: 9.1p1 +Version: 9.3p1 Release: %{openssh_release} URL: http://www.openssh.com/portable.html License: BSD @@ -30,7 +30,8 @@ Source12: sshd.tmpfiles Source13: sshd-keygen.target Source14: ssh-agent.service -Source15: ssh-keygen-bash-completion.sh +Source15: ssh-agent.socket +Source16: ssh-keygen-bash-completion.sh Patch0: openssh-6.7p1-coverity.patch Patch1: openssh-7.6p1-audit.patch Patch2: openssh-7.1p2-audit-race-condition.patch @@ -40,77 +41,63 @@ Patch6: pam_ssh_agent_auth-0.9.3-agent_structure.patch Patch7: pam_ssh_agent_auth-0.10.2-compat.patch Patch8: pam_ssh_agent_auth-0.10.2-dereference.patch -Patch9: openssh-7.8p1-role-mls.patch -Patch10: openssh-6.6p1-privsep-selinux.patch -Patch12: openssh-6.6p1-keycat.patch -Patch13: openssh-6.6p1-allow-ip-opts.patch -Patch15: openssh-5.9p1-ipv6man.patch -Patch16: openssh-5.8p2-sigpipe.patch -Patch17: openssh-7.2p2-x11.patch -Patch19: openssh-5.1p1-askpass-progress.patch -Patch20: openssh-4.3p2-askpass-grab-info.patch -Patch21: openssh-7.7p1.patch -Patch22: openssh-7.8p1-UsePAM-warning.patch -Patch26: openssh-8.0p1-gssapi-keyex.patch -Patch27: openssh-6.6p1-force_krb.patch -Patch28: openssh-6.6p1-GSSAPIEnablek5users.patch -Patch29: openssh-7.7p1-gssapi-new-unique.patch -Patch30: openssh-7.2p2-k5login_directory.patch -Patch31: openssh-6.6p1-kuserok.patch -Patch32: openssh-6.4p1-fromto-remote.patch -Patch33: openssh-6.6.1p1-selinux-contexts.patch -Patch34: openssh-6.6.1p1-log-in-chroot.patch -Patch35: openssh-6.6.1p1-scp-non-existing-directory.patch -Patch36: openssh-6.8p1-sshdT-output.patch -Patch37: openssh-6.7p1-sftp-force-permission.patch -Patch38: openssh-7.2p2-s390-closefrom.patch -Patch39: openssh-7.3p1-x11-max-displays.patch -Patch40: openssh-7.4p1-systemd.patch -Patch41: openssh-7.6p1-cleanup-selinux.patch -Patch42: openssh-7.5p1-sandbox.patch -Patch43: openssh-8.0p1-pkcs11-uri.patch -Patch44: openssh-7.8p1-scp-ipv6.patch -Patch46: openssh-8.0p1-crypto-policies.patch -Patch47: openssh-8.0p1-openssl-evp.patch -Patch48: openssh-8.0p1-openssl-kdf.patch -Patch49: openssh-8.2p1-visibility.patch -Patch50: openssh-8.2p1-x11-without-ipv6.patch -Patch51: openssh-8.0p1-keygen-strip-doseol.patch -Patch52: openssh-8.0p1-preserve-pam-errors.patch -Patch53: openssh-8.7p1-scp-kill-switch.patch -Patch54: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch -Patch56: bugfix-openssh-add-option-check-username-splash.patch -Patch57: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch -Patch58: bugfix-openssh-fix-sftpserver.patch -Patch59: set-sshd-config.patch -Patch60: feature-add-SMx-support.patch -Patch63: add-loongarch.patch -Patch65: openssh-Add-sw64-architecture.patch +Patch9: pam_ssh_agent_auth-0.10.4-rsasha2.patch +Patch10: pam_ssh_agent-configure-c99.patch +Patch11: openssh-7.8p1-role-mls.patch +Patch12: openssh-6.6p1-privsep-selinux.patch +Patch14: openssh-6.6p1-keycat.patch +Patch15: openssh-6.6p1-allow-ip-opts.patch +Patch17: openssh-5.9p1-ipv6man.patch +Patch18: openssh-5.8p2-sigpipe.patch +Patch19: openssh-7.2p2-x11.patch +Patch21: openssh-5.1p1-askpass-progress.patch +Patch22: openssh-4.3p2-askpass-grab-info.patch +Patch23: openssh-7.7p1.patch +Patch24: openssh-7.8p1-UsePAM-warning.patch +Patch28: openssh-8.0p1-gssapi-keyex.patch +Patch29: openssh-6.6p1-force_krb.patch +Patch30: openssh-6.6p1-GSSAPIEnablek5users.patch +Patch31: openssh-7.7p1-gssapi-new-unique.patch +Patch32: openssh-7.2p2-k5login_directory.patch +Patch33: openssh-6.6p1-kuserok.patch +Patch34: openssh-6.4p1-fromto-remote.patch +Patch35: openssh-6.6.1p1-selinux-contexts.patch +Patch36: openssh-6.6.1p1-log-in-chroot.patch +Patch37: openssh-6.6.1p1-scp-non-existing-directory.patch +Patch38: openssh-6.8p1-sshdT-output.patch +Patch39: openssh-6.7p1-sftp-force-permission.patch +Patch40: openssh-7.2p2-s390-closefrom.patch +Patch41: openssh-7.3p1-x11-max-displays.patch +Patch42: openssh-7.4p1-systemd.patch +Patch43: openssh-7.6p1-cleanup-selinux.patch +Patch44: openssh-7.5p1-sandbox.patch +Patch45: openssh-8.0p1-pkcs11-uri.patch +Patch46: openssh-7.8p1-scp-ipv6.patch +Patch48: openssh-8.0p1-crypto-policies.patch +Patch49: openssh-9.3p1-merged-openssl-evp.patch +Patch50: openssh-8.0p1-openssl-kdf.patch +Patch51: openssh-8.2p1-visibility.patch +Patch52: openssh-8.2p1-x11-without-ipv6.patch +Patch53: openssh-8.0p1-keygen-strip-doseol.patch +Patch54: openssh-8.0p1-preserve-pam-errors.patch +Patch55: openssh-8.7p1-scp-kill-switch.patch +Patch56: openssh-8.7p1-recursive-scp.patch +Patch57: openssh-8.7p1-minrsabits.patch +Patch58: openssh-8.7p1-ibmca.patch +Patch60: openssh-8.7p1-ssh-manpage.patch +Patch61: openssh-8.7p1-negotiate-supported-algs.patch +Patch65: openssh-9.3p1-upstream-cve-2023-38408.patch +Patch66: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch +Patch67: bugfix-openssh-add-option-check-username-splash.patch +Patch68: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch +Patch69: bugfix-openssh-fix-sftpserver.patch +Patch70: set-sshd-config.patch +Patch71: feature-add-SMx-support.patch +Patch72: add-loongarch.patch +Patch73: openssh-Add-sw64-architecture.patch Patch74: add-strict-scp-check-for-CVE-2020-15778.patch -Patch77: skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch -Patch78: backport-upstream-CVE-2023-25136-fix-double-free-caused.patch -Patch79: set-ssh-config.patch -Patch80: backport-upstream-honour-user-s-umask-if-it-is-more-restricti.patch -Patch81: backport-upstream-use-correct-type-with-sizeof-ok-djm.patch -Patch82: backport-Defer-seed_rng-until-after-closefrom-call.patch -Patch83: backport-upstream-Handle-dynamic-remote-port-forwarding-in-es.patch -Patch84: backport-upstream-The-idiomatic-way-of-coping-with-signed-cha.patch -Patch85: backport-upstream-Clear-signal-mask-early-in-main-sshd-may-ha.patch -Patch86: backport-upstream-fix-bug-in-PermitRemoteOpen-which-caused-it.patch -Patch87: backport-upstream-regression-test-for-PermitRemoteOpen.patch -Patch88: backport-upstream-Copy-bytes-from-the_banana-rather-than-bana.patch -Patch89: backport-upstream-When-OpenSSL-is-not-available-skip-parts-of.patch -Patch90: backport-don-t-test-IPv6-addresses-if-platform-lacks-support.patch -Patch91: backport-upstream-avoid-printf-s-NULL-if-using-ssh.patch -Patch92: backport-upstream-Add-scp-s-path-to-test-sshd-s-PATH.patch -Patch93: backport-upstream-Instead-of-skipping-the-all-tokens-test-if-.patch -Patch94: backport-upstream-Shell-syntax-fix.-From-ren-mingshuai-vi-git.patch -Patch95: backport-Allow-writev-is-seccomp-sandbox.patch -Patch96: backport-upstream-Ensure-that-there-is-a-terminating-newline-.patch -Patch97: backport-upstream-when-restoring-non-blocking-mode-to-stdio-f.patch -Patch98: backport-upstream-test-compat_kex_proposal-by-dtucker.patch -Patch99: backport-adapt-compat_kex_proposal-test-to-portable.patch -Patch100: backport-upstream-Move-scp-path-setting-to-a-helper-function.patch +Patch75: skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch +Patch77: set-ssh-config.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -193,84 +180,71 @@ %patch7 -p2 -b .psaa-compat %patch6 -p2 -b .psaa-agent %patch8 -p2 -b .psaa-deref +%patch9 -p2 -b .rsasha2 +%patch10 -p1 -b .psaa-configure-c99 # Remove duplicate headers and library files rm -f $(cat %{SOURCE4}) popd -%patch9 -p1 -b .role-mls -%patch10 -p1 -b .privsep-selinux -%patch12 -p1 -b .keycat -%patch13 -p1 -b .ip-opts -%patch15 -p1 -b .ipv6man -%patch16 -p1 -b .sigpipe -%patch17 -p1 -b .x11 -%patch19 -p1 -b .progress -%patch20 -p1 -b .grab-info -%patch21 -p1 -%patch22 -p1 -b .log-usepam-no -%patch26 -p1 -b .gsskex -%patch27 -p1 -b .force_krb -%patch29 -p1 -b .ccache_name -%patch30 -p1 -b .k5login -%patch31 -p1 -b .kuserok -%patch32 -p1 -b .fromto-remote -%patch33 -p1 -b .contexts -%patch34 -p1 -b .log-in-chroot -%patch35 -p1 -b .scp -%patch28 -p1 -b .GSSAPIEnablek5users -%patch36 -p1 -b .sshdt -%patch37 -p1 -b .sftp-force-mode -%patch38 -p1 -b .s390-dev -%patch39 -p1 -b .x11max -%patch40 -p1 -b .systemd -%patch41 -p1 -b .refactor -%patch42 -p1 -b .sandbox -%patch43 -p1 -b .pkcs11-uri -%patch44 -p1 -b .scp-ipv6 -%patch46 -p1 -b .crypto-policies -%patch47 -p1 -b .openssl-evp -%patch48 -p1 -b .openssl-kdf
View file
_service:tar_scm:backport-Allow-writev-is-seccomp-sandbox.patch
Deleted
@@ -1,30 +0,0 @@ -From 6283f4bd83eee714d0f5fc55802eff836b06fea8 Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@dtucker.net> -Date: Sat, 14 Jan 2023 22:02:44 +1100 -Subject: PATCH Allow writev is seccomp sandbox. - -This seems to be used by recent glibcs at least in some configurations. -From bz#3512, ok djm@ -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=6283f4bd83eee714d0f5fc55802eff836b06fea8 ---- - sandbox-seccomp-filter.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index cec43c46..4ab49eb6 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -312,6 +312,9 @@ static const struct sock_filter preauth_insns = { - #ifdef __NR_write - SC_ALLOW(__NR_write), - #endif -+#ifdef __NR_writev -+ SC_ALLOW(__NR_writev), -+#endif - #ifdef __NR_socketcall - SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), - SC_DENY(__NR_socketcall, EACCES), --- -2.27.0 -
View file
_service:tar_scm:backport-Defer-seed_rng-until-after-closefrom-call.patch
Deleted
@@ -1,39 +0,0 @@ -From cf1a9852d7fc93e4abc4168aed09529a57427cdc Mon Sep 17 00:00:00 2001 -From: Darren Tucker <dtucker@dtucker.net> -Date: Wed, 9 Nov 2022 09:23:47 +1100 -Subject: PATCH Defer seed_rng until after closefrom call. - -seed_rng will initialize OpenSSL, and some engine providers (eg Intel's -QAT) will open descriptors for their own use. bz#3483, patch from -joel.d.schuetze at intel.com, ok djm@ -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=cf1a9852d7fc93e4abc4168aed09529a57427cdc ---- - sshd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/sshd.c b/sshd.c -index b4bb7d65..808d91ef 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -1580,8 +1580,6 @@ main(int ac, char **av) - /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ - sanitise_stdfd(); - -- seed_rng(); -- - /* Initialize configuration options to their default values. */ - initialize_server_options(&options); - -@@ -1703,6 +1701,8 @@ main(int ac, char **av) - else - closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); - -+ seed_rng(); -+ - /* If requested, redirect the logs to the specified logfile. */ - if (logfile != NULL) - log_redirect_stderr_to(logfile); --- -2.27.0 -
View file
_service:tar_scm:backport-adapt-compat_kex_proposal-test-to-portable.patch
Deleted
@@ -1,51 +0,0 @@ -From 9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 Mon Sep 17 00:00:00 2001 -From: Damien Miller <djm@mindrot.org> -Date: Thu, 2 Feb 2023 23:17:49 +1100 -Subject: PATCH adapt compat_kex_proposal() test to portable - -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=9fe207565b4ab0fe5d1ac5bb85e39188d96fb214 ---- - Makefile.in | 1 + - regress/unittests/kex/test_proposal.c | 6 +++++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/Makefile.in b/Makefile.in -index 18f6ac9e..c0ebfa04 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -616,6 +616,7 @@ regress/unittests/conversion/test_conversion$(EXEEXT): \ - UNITTESTS_TEST_KEX_OBJS=\ - regress/unittests/kex/tests.o \ - regress/unittests/kex/test_kex.o \ -+ regress/unittests/kex/test_proposal.o \ - $(SKOBJS) - - regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ -diff --git a/regress/unittests/kex/test_proposal.c b/regress/unittests/kex/test_proposal.c -index b89ff59b..d6cf0f5d 100644 ---- a/regress/unittests/kex/test_proposal.c -+++ b/regress/unittests/kex/test_proposal.c -@@ -5,14 +5,18 @@ - * Placed in the public domain - */ - -+#include "includes.h" -+ - #include <sys/types.h> - #include <signal.h> - #include <stdio.h> -+#ifdef HAVE_STDINT_H - #include <stdint.h> -+#endif - #include <stdlib.h> - #include <string.h> - --#include "test_helper.h" -+#include "../test_helper/test_helper.h" - - #include "compat.h" - #include "ssherr.h" --- -2.27.0 -
View file
_service:tar_scm:backport-don-t-test-IPv6-addresses-if-platform-lacks-support.patch
Deleted
@@ -1,52 +0,0 @@ -From dd1249bd5c45128a908395c61b26996a70f82205 Mon Sep 17 00:00:00 2001 -From: Damien Miller <djm@mindrot.org> -Date: Sun, 8 Jan 2023 12:08:59 +1100 -Subject: PATCH don't test IPv6 addresses if platform lacks support - -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=dd1249bd5c45128a908395c61b26996a70f82205 - ---- - regress/dynamic-forward.sh | 15 +++++++++++---- - 1 file changed, 11 insertions(+), 4 deletions(-) - -diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh -index f6c2393..1bfe05a 100644 ---- a/regress/dynamic-forward.sh -+++ b/regress/dynamic-forward.sh -@@ -17,6 +17,11 @@ else - fi - trace "will use ProxyCommand $proxycmd" - -+# This is a reasonable proxy for IPv6 support. -+if ! config_defined HAVE_STRUCT_IN6_ADDR ; then -+ SKIP_IPV6=yes -+fi -+ - start_ssh() { - direction="$1" - arg="$2" -@@ -96,14 +101,16 @@ for d in D R; do - stop_ssh - - verbose "PermitRemoteOpen=explicit" -- start_ssh $d \ -- PermitRemoteOpen="127.0.0.1:$PORT ::1:$PORT localhost:$PORT" -+ permit="127.0.0.1:$PORT ::1:$PORT localhost:$PORT" -+ test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT" -+ start_ssh $d PermitRemoteOpen="$permit" - check_socks $d Y - stop_ssh - - verbose "PermitRemoteOpen=disallowed" -- start_ssh $d \ -- PermitRemoteOpen="127.0.0.1:1 ::1:1 localhost:1" -+ permit="127.0.0.1:1 ::1:1 localhost:1" -+ test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1" -+ start_ssh $d PermitRemoteOpen="$permit" - check_socks $d N - stop_ssh - done --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-Add-scp-s-path-to-test-sshd-s-PATH.patch
Deleted
@@ -1,37 +0,0 @@ -From 6e6f88647042b3cde54a628545c2f5fb656a9327 Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Fri, 13 Jan 2023 04:23:00 +0000 -Subject: PATCH upstream: Add scp's path to test sshd's PATH. - -If the scp we're testing is fully qualified (eg it's not in the system -PATH) then add its path to the under-test sshd's PATH so we can find -it. Prompted by bz#3518. - -OpenBSD-Regress-ID: 7df4f5a0be3aa135495b7e5a6719d3cbc26cc4c0 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=6e6f88647042b3cde54a628545c2f5fb656a9327 ---- - regress/test-exec.sh | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/regress/test-exec.sh b/regress/test-exec.sh -index c51f8eac..5a6afac5 100644 ---- a/regress/test-exec.sh -+++ b/regress/test-exec.sh -@@ -529,6 +529,13 @@ cat << EOF > $OBJ/sshd_config - Subsystem sftp $SFTPSERVER - EOF - -+# If we're testing a non-installed scp, add its directory to sshd's PATH -+# so we can test it. -+case "$SCP" in -+/*) PATH_WITH_SCP="`dirname $SCP`:$PATH" -+ echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_config ;; -+esac -+ - # This may be necessary if /usr/src and/or /usr/obj are group-writable, - # but if you aren't careful with permissions then the unit tests could - # be abused to locally escalate privileges. --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-CVE-2023-25136-fix-double-free-caused.patch
Deleted
@@ -1,63 +0,0 @@ -From 12da7823336434a403f25c7cc0c2c6aed0737a35 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Thu, 2 Feb 2023 12:10:05 +0000 -Subject: PATCH upstream: fix double-free caused by compat_kex_proposal(); - bz3522 - -by dtucker@, ok me - -OpenBSD-Commit-ID: 2bfc37cd2d41f67dad64c17a64cf2cd3806a5c80 - -Reference:https://anongit.mindrot.org/openssh.git/patch/?id=12da7823336434a403f25c7cc0c2c6aed0737a35 -Conflict:NA ---- - compat.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/compat.c b/compat.c -index 46dfe3a9..478a9403 100644 ---- a/compat.c -+++ b/compat.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: compat.c,v 1.120 2022/07/01 03:35:45 dtucker Exp $ */ -+/* $OpenBSD: compat.c,v 1.121 2023/02/02 12:10:05 djm Exp $ */ - /* - * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. - * -@@ -190,26 +190,26 @@ compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) - char * - compat_kex_proposal(struct ssh *ssh, char *p) - { -- char *cp = NULL; -+ char *cp = NULL, *cp2 = NULL; - - if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) - return xstrdup(p); - debug2_f("original KEX proposal: %s", p); - if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) -- if ((p = match_filter_denylist(p, -+ if ((cp = match_filter_denylist(p, - "curve25519-sha256@libssh.org")) == NULL) - fatal("match_filter_denylist failed"); - if ((ssh->compat & SSH_OLD_DHGEX) != 0) { -- cp = p; -- if ((p = match_filter_denylist(p, -+ if ((cp2 = match_filter_denylist(cp ? cp : p, - "diffie-hellman-group-exchange-sha256," - "diffie-hellman-group-exchange-sha1")) == NULL) - fatal("match_filter_denylist failed"); - free(cp); -+ cp = cp2; - } -- debug2_f("compat KEX proposal: %s", p); -- if (*p == '\0') -+ if (cp == NULL || *cp == '\0') - fatal("No supported key exchange algorithms found"); -- return p; -+ debug2_f("compat KEX proposal: %s", cp); -+ return cp; - } - --- -2.23.0 -
View file
_service:tar_scm:backport-upstream-Clear-signal-mask-early-in-main-sshd-may-ha.patch
Deleted
@@ -1,52 +0,0 @@ -From 93f2ce8c050a7a2a628646c00b40b9b53fef93ef Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Fri, 16 Dec 2022 06:56:47 +0000 -Subject: PATCH upstream: Clear signal mask early in main(); sshd may have - been - -started with one or more signals masked (sigprocmask(2) is not cleared -on fork/exec) and this could interfere with various things, e.g. the -login grace timer. - -Execution environments that fail to clear the signal mask before running -sshd are clearly broken, but apparently they do exist. - -Reported by Sreedhar Balasubramanian; ok dtucker@ - -OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=93f2ce8c050a7a2a628646c00b40b9b53fef93ef ---- - sshd.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/sshd.c b/sshd.c -index cd42bd5..da39226 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: sshd.c,v 1.591 2022/09/17 10:34:29 djm Exp $ */ -+/* $OpenBSD: sshd.c,v 1.594 2022/12/16 06:56:47 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -1650,12 +1650,16 @@ main(int ac, char **av) - int keytype; - Authctxt *authctxt; - struct connection_info *connection_info = NULL; -+ sigset_t sigmask; - - #ifdef HAVE_SECUREWARE - (void)set_auth_parameters(ac, av); - #endif - __progname = ssh_get_progname(av0); - -+ sigemptyset(&sigmask); -+ sigprocmask(SIG_SETMASK, &sigmask, NULL); -+ - /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ - saved_argc = ac; - rexec_argc = ac; --- -2.23.0 -
View file
_service:tar_scm:backport-upstream-Copy-bytes-from-the_banana-rather-than-bana.patch
Deleted
@@ -1,32 +0,0 @@ -From 018d671d78145f03d6f07ae9d64d51321da70325 Mon Sep 17 00:00:00 2001 -From: "tb@openbsd.org" <tb@openbsd.org> -Date: Wed, 4 Jan 2023 22:48:57 +0000 -Subject: PATCH upstream: Copy bytes from the_banana rather than banana() - -Fixes test failure due to segfault seen on arm64 with xonly snap. - -ok djm - -OpenBSD-Regress-ID: 86e2aa4bbd1dff1bc4ebb2969c0d6474485be046 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=018d671d78145f03d6f07ae9d64d51321da70325 ---- - regress/unittests/sshkey/test_sshkey.c | 2 +- - 1 file changed, 1 insertions(+), 1 deletions(-) - -diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c -index 982907ce..cc359aea 100644 ---- a/regress/unittests/sshkey/test_sshkey.c -+++ b/regress/unittests/sshkey/test_sshkey.c -@@ -144,7 +144,7 @@ banana(u_char *s, size_t l) - memcpy(s + o, "nanananana", l - o); - break; - } -- memcpy(s + o, banana, sizeof(the_banana)); -+ memcpy(s + o, the_banana, sizeof(the_banana)); - } - } - --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-Ensure-that-there-is-a-terminating-newline-.patch
Deleted
@@ -1,48 +0,0 @@ -From 3c379c9a849a635cc7f05cbe49fe473ccf469ef9 Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Thu, 9 Feb 2023 09:54:11 +0000 -Subject: PATCH upstream: Ensure that there is a terminating newline when - adding a new - -entry to known_hosts. bz#3529, with git+openssh at limpsquid.nl, ok deraadt@ -markus@ - -OpenBSD-Commit-ID: fa8d90698da1886570512b96f051e266eac105e0 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=3c379c9a849a635cc7f05cbe49fe473ccf469ef9 ---- - hostfile.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/hostfile.c b/hostfile.c -index bd49e3ac..f5fa8084 100644 ---- a/hostfile.c -+++ b/hostfile.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: hostfile.c,v 1.93 2022/01/06 22:02:52 djm Exp $ */ -+/* $OpenBSD: hostfile.c,v 1.94 2023/02/09 09:54:11 dtucker Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -520,9 +520,17 @@ add_host_to_hostfile(const char *filename, const char *host, - if (key == NULL) - return 1; /* XXX ? */ - hostfile_create_user_ssh_dir(filename, 0); -- f = fopen(filename, "a"); -+ f = fopen(filename, "a+"); - if (!f) - return 0; -+ /* Make sure we have a terminating newline. */ -+ if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n') -+ if (fputc('\n', f) != '\n') { -+ error("Failed to add terminating newline to %s: %s", -+ filename, strerror(errno)); -+ fclose(f); -+ return 0; -+ } - success = write_host_entry(f, host, NULL, key, store_hash); - fclose(f); - return success; --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-Handle-dynamic-remote-port-forwarding-in-es.patch
Deleted
@@ -1,46 +0,0 @@ -From 650de7ecd3567b5a5dbf16dd1eb598bd8c20bca8 Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Thu, 10 Nov 2022 23:03:10 +0000 -Subject: PATCH upstream: Handle dynamic remote port forwarding in escape - commandline's - --R processing. bz#3499, ok djm@ - -OpenBSD-Commit-ID: 194ee4cfe7ed0e2b8ad0727f493c798a50454208 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=650de7ecd3567b5a5dbf16dd1eb598bd8c20bca8 ---- - clientloop.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/clientloop.c b/clientloop.c -index 289d0b68..02349ccb 100644 ---- a/clientloop.c -+++ b/clientloop.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: clientloop.c,v 1.380 2022/06/03 04:30:46 djm Exp $ */ -+/* $OpenBSD: clientloop.c,v 1.382 2022/11/10 23:03:10 dtucker Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -846,8 +846,15 @@ process_cmdline(struct ssh *ssh) - } - logit("Canceled forwarding."); - } else { -- if (!parse_forward(&fwd, s, dynamic, remote)) { -- logit("Bad forwarding specification."); -+ /* -R specs can be both dynamic or not, so check both. */ -+ if (remote) { -+ if (!parse_forward(&fwd, s, 0, remote) && -+ !parse_forward(&fwd, s, 1, remote)) { -+ logit("Bad remote forwarding specification."); -+ goto out; -+ } -+ } else if (!parse_forward(&fwd, s, dynamic, remote)) { -+ logit("Bad local forwarding specification."); - goto out; - } - if (local || dynamic) { --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-Instead-of-skipping-the-all-tokens-test-if-.patch
Deleted
@@ -1,44 +0,0 @@ -From 4d87a00f704e0365e11c3c38b170c1275ec461fc Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Sat, 14 Jan 2023 09:57:08 +0000 -Subject: PATCH upstream: Instead of skipping the all-tokens test if we don't - have - -OpenSSL (since we use it to compute the hash), put the hash at the end and -just omit it if we don't have it. Prompted by bz#3521. - -OpenBSD-Regress-ID: c79ecba64250ed3b6417294b6c965e6b12ca5eea -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=4d87a00f704e0365e11c3c38b170c1275ec461fc ---- -diff --git a/regress/percent.sh b/regress/percent.sh -index ed5c604d..3dfa8d2d 100644 ---- a/regress/percent.sh -+++ b/regress/percent.sh -@@ -12,6 +12,7 @@ USER=`id -u -n` - USERID=`id -u` - HOST=`hostname | cut -f1 -d.` - HOSTNAME=`hostname` -+HASH="" - - # Localcommand is evaluated after connection because %T is not available - # until then. Because of this we use a different method of exercising it, -@@ -98,10 +99,13 @@ for i in matchexec localcommand remotecommand controlpath identityagent \ - # containing %d for UserKnownHostsFile - if "$i" != "userknownhostsfile" ; then - trial $i '%d' $HOME -+ in='%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' -+ out="%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" - if ! -z "${HASH}" ; then -- trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \ -- "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" -+ in="$in/%C" -+ out="$out/$HASH" - fi -+ trial $i "$in" "$out" - fi - done - --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-Move-scp-path-setting-to-a-helper-function.patch
Deleted
@@ -1,150 +0,0 @@ -From 625f6bc39840167dafb3bf5b6a3e18503ac986e8 Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Fri, 13 Jan 2023 04:47:34 +0000 -Subject: PATCH upstream: Move scp path setting to a helper function. -The - previous - -commit to add scp to the test sshd's path causes the t-envpass test to -fail -when the test scp is given using a fully qualified path. Put this in a -helper function and only call it from the scp tests. - -OpenBSD-Regress-ID: 7533dc1c4265c1de716abb062957994195b36df4 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=625f6bc39840167dafb3bf5b6a3e18503ac986e8 ---- - regress/multiplex.sh | 3 ++- - regress/scp-uri.sh | 4 +++- - regress/scp.sh | 4 +++- - regress/scp3.sh | 6 ++++-- - regress/test-exec.sh | 21 +++++++++++++-------- - 5 files changed, 25 insertions(+), 13 deletions(-) - -diff --git a/regress/multiplex.sh b/regress/multiplex.sh -index 6317099..046194c 100644 ---- a/regress/multiplex.sh -+++ b/regress/multiplex.sh -@@ -1,4 +1,4 @@ --# $OpenBSD: multiplex.sh,v 1.34 2022/06/03 04:31:54 djm Exp $ -+# $OpenBSD: multiplex.sh,v 1.35 2023/01/13 04:47:34 dtucker Exp $ - # Placed in the Public Domain. - - make_tmpdir -@@ -24,6 +24,7 @@ wait_for_mux_master_ready() - fatal "mux master never becomes ready" - } - -+maybe_add_scp_path_to_sshd - start_sshd - - start_mux_master() -diff --git a/regress/scp-uri.sh b/regress/scp-uri.sh -index 20ac3c8..eacbd45 100644 ---- a/regress/scp-uri.sh -+++ b/regress/scp-uri.sh -@@ -1,4 +1,4 @@ --# $OpenBSD: scp-uri.sh,v 1.4 2021/08/10 03:35:45 djm Exp $ -+# $OpenBSD: scp-uri.sh,v 1.5 2023/01/13 04:47:34 dtucker Exp $ - # Placed in the Public Domain. - - tid="scp-uri" -@@ -9,6 +9,8 @@ COPY2=${OBJ}/copy2 - DIR=${COPY}.dd - DIR2=${COPY}.dd2 - -+maybe_add_scp_path_to_sshd -+ - SRC=`dirname ${SCRIPT}` - cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp - chmod 755 ${OBJ}/scp-ssh-wrapper.scp -diff --git a/regress/scp.sh b/regress/scp.sh -index f47c594..ef4399e 100644 ---- a/regress/scp.sh -+++ b/regress/scp.sh -@@ -1,4 +1,4 @@ --# $OpenBSD: scp.sh,v 1.14 2022/05/15 23:48:07 djm Exp $ -+# $OpenBSD: scp.sh,v 1.18 2023/01/13 04:47:34 dtucker Exp $ - # Placed in the Public Domain. - - tid="scp" -@@ -16,6 +16,8 @@ COPY2=${OBJ}/copy2 - DIR=${COPY}.dd - DIR2=${COPY}.dd2 - -+maybe_add_scp_path_to_sshd -+ - SRC=`dirname ${SCRIPT}` - cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp - chmod 755 ${OBJ}/scp-ssh-wrapper.scp -diff --git a/regress/scp3.sh b/regress/scp3.sh -index 47db47c..dfb2d2f 100644 ---- a/regress/scp3.sh -+++ b/regress/scp3.sh -@@ -1,9 +1,9 @@ --# $OpenBSD: scp3.sh,v 1.3 2021/08/10 03:35:45 djm Exp $ -+# $OpenBSD: scp3.sh,v 1.4 2023/01/13 04:47:34 dtucker Exp $ - # Placed in the Public Domain. - - tid="scp3" - --#set -x -+set -x - - COPY2=${OBJ}/copy2 - DIR=${COPY}.dd -@@ -15,6 +15,8 @@ if $? -eq 1 ; then - skip "No scp on remote path." - fi - -+maybe_add_scp_path_to_sshd -+ - SRC=`dirname ${SCRIPT}` - cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp - chmod 755 ${OBJ}/scp-ssh-wrapper.scp -diff --git a/regress/test-exec.sh b/regress/test-exec.sh -index 7e311e8..df43f02 100644 ---- a/regress/test-exec.sh -+++ b/regress/test-exec.sh -@@ -1,4 +1,4 @@ --# $OpenBSD: test-exec.sh,v 1.92 2022/07/25 07:12:45 dtucker Exp $ -+# $OpenBSD: test-exec.sh,v 1.94 2023/01/13 04:47:34 dtucker Exp $ - # Placed in the Public Domain. - - #SUDO=sudo -@@ -509,6 +509,18 @@ skip () - exit $RESULT - } - -+maybe_add_scp_path_to_sshd () -+{ -+ # If we're testing a non-installed scp, add its directory to sshd's -+ # PATH so we can test it. We don't do this for all tests as it -+ # breaks the SetEnv tests. -+ case "$SCP" in -+ /*) PATH_WITH_SCP="`dirname $SCP`:$PATH" -+ echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_config -+ echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_proxy ;; -+ esac -+} -+ - RESULT=0 - PIDFILE=$OBJ/pidfile - -@@ -529,13 +541,6 @@ cat << EOF > $OBJ/sshd_config - Subsystem sftp $SFTPSERVER - EOF - --# If we're testing a non-installed scp, add its directory to sshd's PATH --# so we can test it. --case "$SCP" in --/*) PATH_WITH_SCP="`dirname $SCP`:$PATH" -- echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_config ;; --esac -- - # This may be necessary if /usr/src and/or /usr/obj are group-writable, - # but if you aren't careful with permissions then the unit tests could - # be abused to locally escalate privileges. --- -2.23.0 -
View file
_service:tar_scm:backport-upstream-Shell-syntax-fix.-From-ren-mingshuai-vi-git.patch
Deleted
@@ -1,26 +0,0 @@ -From 923c3f437f439cfca238fba37e97a7041782f615 Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Sat, 14 Jan 2023 10:05:54 +0000 -Subject: PATCH upstream: Shell syntax fix. From ren mingshuai vi github - PR#369. - -OpenBSD-Regress-ID: 6696b2eeefe128099fc3d7ea9f23252cc35156f9 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=923c3f437f439cfca238fba37e97a7041782f615 ---- -diff --git a/regress/yes-head.sh b/regress/yes-head.sh -index 2759eb8c..1bde504f 100644 ---- a/regress/yes-head.sh -+++ b/regress/yes-head.sh -@@ -6,7 +6,7 @@ tid="yes pipe head" - lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` - if $? -ne 0 ; then - fail "yes|head test failed" -- lines = 0; -++ lines=0 - fi - if $lines -ne 2000 ; then - fail "yes|head returns $lines lines instead of 2000" --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-The-idiomatic-way-of-coping-with-signed-cha.patch
Deleted
@@ -1,40 +0,0 @@ -From 5a7a7acab2f466dc1d7467b5d05d35268c3137aa Mon Sep 17 00:00:00 2001 -From: "deraadt@openbsd.org" <deraadt@openbsd.org> -Date: Thu, 15 Dec 2022 18:20:39 +0000 -Subject: PATCH upstream: The idiomatic way of coping with signed char vs - unsigned - -char (which did not come from stdio read functions) in the presence of -ctype macros, is to always cast to (unsigned char). casting to (int) -for a "macro" which is documented to take int, is weird. And sadly wrong, -because of the sing extension risk.. same diff from florian - -OpenBSD-Commit-ID: 65b9a49a68e22ff3a0ebd593f363e9f22dd73fea -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=5a7a7acab2f466dc1d7467b5d05d35268c3137aa ---- - misc.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/misc.c b/misc.c -index 977c097e..41244da9 100644 ---- a/misc.c -+++ b/misc.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: misc.c,v 1.177 2022/08/11 01:56:51 djm Exp $ */ -+/* $OpenBSD: misc.c,v 1.179 2022/12/15 18:20:39 deraadt Exp $ */ - /* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2005-2020 Damien Miller. All rights reserved. -@@ -95,7 +95,7 @@ rtrim(char *s) - if ((i = strlen(s)) == 0) - return; - for (i--; i > 0; i--) { -- if (isspace((int)si)) -+ if (isspace((unsigned char)si)) - si = '\0'; - } - } --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-When-OpenSSL-is-not-available-skip-parts-of.patch
Deleted
@@ -1,51 +0,0 @@ -From d77fc611a62f2dfee0b654c31a50a814b13310dd Mon Sep 17 00:00:00 2001 -From: "dtucker@openbsd.org" <dtucker@openbsd.org> -Date: Fri, 6 Jan 2023 12:33:33 +0000 -Subject: PATCH upstream: When OpenSSL is not available, skip parts of - percent test - -that require it. Based on github pr#368 from ren mingshuai. - -OpenBSD-Regress-ID: 49a375b2cf61ccb95b52e75e2e025cd10988ebb2 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=d77fc611a62f2dfee0b654c31a50a814b13310dd ---- - regress/percent.sh | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/regress/percent.sh b/regress/percent.sh -index bb81779a..ed5c604d 100644 ---- a/regress/percent.sh -+++ b/regress/percent.sh -@@ -79,10 +79,12 @@ for i in matchexec localcommand remotecommand controlpath identityagent \ - trial $i '%T' NONE - fi - # Matches implementation in readconf.c:ssh_connection_hash() -- HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | -- $OPENSSL_BIN sha1 | cut -f2 -d' '` -+ if ! -z "${OPENSSL_BIN}" ; then -+ HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | -+ $OPENSSL_BIN sha1 | cut -f2 -d' '` -+ trial $i '%C' $HASH -+ fi - trial $i '%%' '%' -- trial $i '%C' $HASH - trial $i '%i' $USERID - trial $i '%h' 127.0.0.1 - trial $i '%L' $HOST -@@ -96,8 +98,10 @@ for i in matchexec localcommand remotecommand controlpath identityagent \ - # containing %d for UserKnownHostsFile - if "$i" != "userknownhostsfile" ; then - trial $i '%d' $HOME -- trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \ -- "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" -+ if ! -z "${HASH}" ; then -+ trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \ -+ "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" -+ fi - fi - done - --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-avoid-printf-s-NULL-if-using-ssh.patch
Deleted
@@ -1,42 +0,0 @@ -From f673b49f3be3eb51074fbb8a405beb6cd0f7d93e Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Fri, 13 Jan 2023 02:44:02 +0000 -Subject: PATCH upstream: avoid printf("%s", NULL) if using ssh - --oUserKnownHostsFile=none and a hostkey in one of the system known hosts file -changes; ok dtucker@ - -OpenBSD-Commit-ID: 7ca87614bfc6da491315536a7f2301434a9fe614 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=f673b49f3be3eb51074fbb8a405beb6cd0f7d93e ---- - sshconnect.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/sshconnect.c b/sshconnect.c -index 0fca52b2..792bc34b 100644 ---- a/sshconnect.c -+++ b/sshconnect.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ -+/* $OpenBSD: sshconnect.c,v 1.361 2023/01/13 02:44:02 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -1276,8 +1276,11 @@ check_host_key(char *hostname, const struct ssh_conn_info *cinfo, - } - /* The host key has changed. */ - warn_changed_key(host_key); -- error("Add correct host key in %.100s to get rid of this message.", -- user_hostfiles0); -+ if (num_user_hostfiles > 0 || num_system_hostfiles > 0) { -+ error("Add correct host key in %.100s to get rid " -+ "of this message.", num_user_hostfiles > 0 ? -+ user_hostfiles0 : system_hostfiles0); -+ } - error("Offending %s key in %s:%lu", - sshkey_type(host_found->key), - host_found->file, host_found->line); --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-fix-bug-in-PermitRemoteOpen-which-caused-it.patch
Deleted
@@ -1,113 +0,0 @@ -From b3daa8dc582348d6ab8150bc1e571b7aa08c5388 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Mon, 2 Jan 2023 07:03:30 +0000 -Subject: PATCH upstream: fix bug in PermitRemoteOpen which caused it -to - ignore its - -first argument unless it was one of the special keywords "any" or -"none". - -Reported by Georges Chaudy in bz3515; ok dtucker@ - -OpenBSD-Commit-ID: c5678a39f1ff79993d5ae3cfac5746a4ae148ea5 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=b3daa8dc582348d6ab8150bc1e571b7aa08c5388 ---- - readconf.c | 67 +++++++++++++++++++++++++++++------------------------- - 1 file changed, 36 insertions(+), 31 deletions(-) - -diff --git a/readconf.c b/readconf.c -index 284da26..ccac632 100644 ---- a/readconf.c -+++ b/readconf.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */ -+/* $OpenBSD: readconf.c,v 1.371 2023/01/02 07:03:30 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -1613,45 +1613,50 @@ parse_pubkey_algos: - case oPermitRemoteOpen: - uintptr = &options->num_permitted_remote_opens; - cppptr = &options->permitted_remote_opens; -- arg = argv_next(&ac, &av); -- if (!arg || *arg == '\0') -- fatal("%s line %d: missing %s specification", -- filename, linenum, lookup_opcode_name(opcode)); - uvalue = *uintptr; /* modified later */ -- if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { -- if (*activep && uvalue == 0) { -- *uintptr = 1; -- *cppptr = xcalloc(1, sizeof(**cppptr)); -- (*cppptr)0 = xstrdup(arg); -- } -- break; -- } -+ i = 0; - while ((arg = argv_next(&ac, &av)) != NULL) { - arg2 = xstrdup(arg); -- p = hpdelim(&arg); -- if (p == NULL) { -- fatal("%s line %d: missing host in %s", -- filename, linenum, -- lookup_opcode_name(opcode)); -- } -- p = cleanhostname(p); -- /* -- * don't want to use permitopen_port to avoid -- * dependency on channels.ch here. -- */ -- if (arg == NULL || -- (strcmp(arg, "*") != 0 && a2port(arg) <= 0)) { -- fatal("%s line %d: bad port number in %s", -- filename, linenum, -- lookup_opcode_name(opcode)); -- } -- if (*activep && uvalue == 0) { -+ /* Allow any/none only in first position */ -+ if (strcasecmp(arg, "none") == 0 || -+ strcasecmp(arg, "any") == 0) { -+ if (i > 0 || ac > 0) { -+ error("%s line %d: keyword %s \"%s\" " -+ "argument must appear alone.", -+ filename, linenum, keyword, arg); -+ goto out; -+ } -+ } else { -+ p = hpdelim(&arg); -+ if (p == NULL) { -+ fatal("%s line %d: missing host in %s", -+ filename, linenum, -+ lookup_opcode_name(opcode)); -+ } -+ p = cleanhostname(p); -+ /* -+ * don't want to use permitopen_port to avoid -+ * dependency on channels.ch here. -+ */ -+ if (arg == NULL || (strcmp(arg, "*") != 0 && -+ a2port(arg) <= 0)) { -+ fatal("%s line %d: bad port number " -+ "in %s", filename, linenum, -+ lookup_opcode_name(opcode)); -+ } -+ } -+ -+ if (*activep && uvalue == 0) { - opt_array_append(filename, linenum, - lookup_opcode_name(opcode), - cppptr, uintptr, arg2); - } - free(arg2); -+ i++; - } -+ if (i == 0) -+ fatal("%s line %d: missing %s specification", -+ filename, linenum, lookup_opcode_name(opcode)); - break; - - case oClearAllForwardings: --- -2.23.0 -
View file
_service:tar_scm:backport-upstream-honour-user-s-umask-if-it-is-more-restricti.patch
Deleted
@@ -1,37 +0,0 @@ -From 5ee2b8ccfcf4b606f450eb0ff2305e311f68b0be Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Thu, 6 Oct 2022 22:42:37 +0000 -Subject: PATCH upstream: honour user's umask if it is more restrictive then - the ssh - -default (022); based on patch from Alex Henrie, ok dtucker@ deraadt@ - -OpenBSD-Commit-ID: fe1b9e15fc9a4f49fc338e848ce14d8727abe82d -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=5ee2b8ccfcf4b606f450eb0ff2305e311f68b0be ---- - ssh.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ssh.c b/ssh.c -index 25be53d5..e711dbd2 100644 ---- a/ssh.c -+++ b/ssh.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: ssh.c,v 1.576 2022/09/17 10:33:18 djm Exp $ */ -+/* $OpenBSD: ssh.c,v 1.577 2022/10/06 22:42:37 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -679,7 +679,7 @@ main(int ac, char **av) - * writable only by the owner, which is ok for all files for which we - * don't set the modes explicitly. - */ -- umask(022); -+ umask(022 | umask(077)); - - msetlocale(); - --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-regression-test-for-PermitRemoteOpen.patch
Deleted
@@ -1,138 +0,0 @@ -From 845ceecea2ac311b0c267f9ecbd34862e1876fc6 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Mon, 2 Jan 2023 07:03:57 +0000 -Subject: PATCH upstream: regression test for PermitRemoteOpen - -OpenBSD-Regress-ID: 8271aafbf5c21950cd5bf966f08e585cebfe630c -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=845ceecea2ac311b0c267f9ecbd34862e1876fc6 ---- - regress/dynamic-forward.sh | 84 ++++++++++++++++++++++++++++++-------- - 1 file changed, 66 insertions(+), 18 deletions(-) - -diff --git a/regress/dynamic-forward.sh b/regress/dynamic-forward.sh -index 84f8ee19..f6c2393d 100644 ---- a/regress/dynamic-forward.sh -+++ b/regress/dynamic-forward.sh -@@ -1,10 +1,12 @@ --# $OpenBSD: dynamic-forward.sh,v 1.13 2017/09/21 19:18:12 markus Exp $ -+# $OpenBSD: dynamic-forward.sh,v 1.14 2023/01/02 07:03:57 djm Exp $ - # Placed in the Public Domain. - - tid="dynamic forwarding" - - FWDPORT=`expr $PORT + 1` - -+cp $OBJ/ssh_config $OBJ/ssh_config.orig -+ - if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then - proxycmd="nc -x 127.0.0.1:$FWDPORT -X" - elif have_prog connect; then -@@ -15,16 +17,16 @@ else - fi - trace "will use ProxyCommand $proxycmd" - --start_sshd -- --for d in D R; do -+start_ssh() { -+ direction="$1" -+ arg="$2" - n=0 - error="1" -- trace "start dynamic forwarding, fork to background" -- -+ trace "start dynamic -$direction forwarding, fork to background" -+ (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config - while "$error" -ne 0 -a "$n" -lt 3 ; do - n=`expr $n + 1` -- ${SSH} -F $OBJ/ssh_config -f -$d $FWDPORT -q \ -+ ${SSH} -F $OBJ/ssh_config -f -$direction $FWDPORT -q \ - -oExitOnForwardFailure=yes somehost exec sh -c \ - \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' - error=$? -@@ -36,18 +38,9 @@ for d in D R; do - if "$error" -ne 0 ; then - fatal "failed to start dynamic forwarding" - fi -+} - -- for s in 4 5; do -- for h in 127.0.0.1 localhost; do -- trace "testing ssh socks version $s host $h (-$d)" -- ${SSH} -F $OBJ/ssh_config \ -- -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ -- somehost cat ${DATA} > ${COPY} -- test -f ${COPY} || fail "failed copy ${DATA}" -- cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" -- done -- done -- -+stop_ssh() { - if -f $OBJ/remote_pid ; then - remote=`cat $OBJ/remote_pid` - trace "terminate remote shell, pid $remote" -@@ -57,5 +50,60 @@ for d in D R; do - else - fail "no pid file: $OBJ/remote_pid" - fi -+} -+ -+check_socks() { -+ direction=$1 -+ expect_success=$2 -+ for s in 4 5; do -+ for h in 127.0.0.1 localhost; do -+ trace "testing ssh socks version $s host $h (-$direction)" -+ ${SSH} -F $OBJ/ssh_config \ -+ -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ -+ somehost cat ${DATA} > ${COPY} -+ r=$? -+ if "x$expect_success" = "xY" ; then -+ if $r -ne 0 ; then -+ fail "ssh failed with exit status $r" -+ fi -+ test -f ${COPY} || fail "failed copy ${DATA}" -+ cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" -+ elif $r -eq 0 ; then -+ fail "ssh unexpectedly succeeded" -+ fi -+ done -+ done -+} -+ -+start_sshd -+ -+for d in D R; do -+ verbose "test -$d forwarding" -+ start_ssh $d -+ check_socks $d Y -+ stop_ssh -+ test "x$d" = "xR" || continue -+ -+ # Test PermitRemoteOpen -+ verbose "PermitRemoteOpen=any" -+ start_ssh $d PermitRemoteOpen=any -+ check_socks $d Y -+ stop_ssh -+ -+ verbose "PermitRemoteOpen=none" -+ start_ssh $d PermitRemoteOpen=none -+ check_socks $d N -+ stop_ssh -+ -+ verbose "PermitRemoteOpen=explicit" -+ start_ssh $d \ -+ PermitRemoteOpen="127.0.0.1:$PORT ::1:$PORT localhost:$PORT" -+ check_socks $d Y -+ stop_ssh - -+ verbose "PermitRemoteOpen=disallowed" -+ start_ssh $d \ -+ PermitRemoteOpen="127.0.0.1:1 ::1:1 localhost:1" -+ check_socks $d N -+ stop_ssh - done --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-test-compat_kex_proposal-by-dtucker.patch
Deleted
@@ -1,125 +0,0 @@ -From 903c556b938fff2d7bff8da2cc460254430963c5 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Thu, 2 Feb 2023 12:12:52 +0000 -Subject: PATCH upstream: test compat_kex_proposal(); by dtucker@ - -OpenBSD-Regress-ID: 0e404ee264db546f9fdbf53390689ab5f8d38bf2 - -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=903c556b938fff2d7bff8da2cc460254430963c5 ---- - regress/unittests/kex/test_proposal.c | 79 +++++++++++++++++++++++++++ - regress/unittests/kex/tests.c | 4 +- - 2 files changed, 82 insertions(+), 1 deletion(-) - create mode 100644 regress/unittests/kex/test_proposal.c - -diff --git a/regress/unittests/kex/test_proposal.c b/regress/unittests/kex/test_proposal.c -new file mode 100644 -index 0000000..b89ff59 ---- /dev/null -+++ b/regress/unittests/kex/test_proposal.c -@@ -0,0 +1,79 @@ -+/* $OpenBSD: test_proposal.c,v 1.1 2023/02/02 12:12:52 djm Exp $ */ -+/* -+ * Regress test KEX -+ * -+ * Placed in the public domain -+ */ -+ -+#include <sys/types.h> -+#include <signal.h> -+#include <stdio.h> -+#include <stdint.h> -+#include <stdlib.h> -+#include <string.h> -+ -+#include "test_helper.h" -+ -+#include "compat.h" -+#include "ssherr.h" -+#include "sshbuf.h" -+#include "kex.h" -+#include "packet.h" -+#include "xmalloc.h" -+ -+void kex_proposal(void); -+ -+#define CURVE25519 "curve25519-sha256@libssh.org" -+#define DHGEX1 "diffie-hellman-group-exchange-sha1" -+#define DHGEX256 "diffie-hellman-group-exchange-sha256" -+#define KEXALGOS CURVE25519","DHGEX256","DHGEX1 -+void -+kex_proposal(void) -+{ -+ size_t i; -+ struct ssh ssh; -+ char *result, *out, *in; -+ struct { -+ char *in; /* TODO: make this const */ -+ char *out; -+ int compat; -+ } tests = { -+ { KEXALGOS, KEXALGOS, 0}, -+ { KEXALGOS, DHGEX256","DHGEX1, SSH_BUG_CURVE25519PAD }, -+ { KEXALGOS, CURVE25519, SSH_OLD_DHGEX }, -+ { "a,"KEXALGOS, "a", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, -+ /* TODO: enable once compat_kex_proposal doesn't fatal() */ -+ /* { KEXALGOS, "", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, */ -+ }; -+ -+ TEST_START("compat_kex_proposal"); -+ for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) { -+ ssh.compat = testsi.compat; -+ /* match entire string */ -+ result = compat_kex_proposal(&ssh, testsi.in); -+ ASSERT_STRING_EQ(result, testsi.out); -+ free(result); -+ /* match at end */ -+ in = kex_names_cat("a", testsi.in); -+ out = kex_names_cat("a", testsi.out); -+ result = compat_kex_proposal(&ssh, in); -+ ASSERT_STRING_EQ(result, out); -+ free(result); free(in); free(out); -+ /* match at start */ -+ in = kex_names_cat(testsi.in, "a"); -+ out = kex_names_cat(testsi.out, "a"); -+ result = compat_kex_proposal(&ssh, in); -+ ASSERT_STRING_EQ(result, out); -+ free(result); free(in); free(out); -+ /* match in middle */ -+ xasprintf(&in, "a,%s,b", testsi.in); -+ if (*(testsi.out) == '\0') -+ out = xstrdup("a,b"); -+ else -+ xasprintf(&out, "a,%s,b", testsi.out); -+ result = compat_kex_proposal(&ssh, in); -+ ASSERT_STRING_EQ(result, out); -+ free(result); free(in); free(out); -+ } -+ TEST_DONE(); -+} -diff --git a/regress/unittests/kex/tests.c b/regress/unittests/kex/tests.c -index e7036ec..2a83daf 100644 ---- a/regress/unittests/kex/tests.c -+++ b/regress/unittests/kex/tests.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: tests.c,v 1.1 2015/01/15 23:41:29 markus Exp $ */ -+/* $OpenBSD: tests.c,v 1.2 2023/02/02 12:12:52 djm Exp $ */ - /* - * Placed in the public domain - */ -@@ -6,9 +6,11 @@ - #include "../test_helper/test_helper.h" - - void kex_tests(void); -+void kex_proposal(void); - - void - tests(void) - { - kex_tests(); -+ kex_proposal(); - } --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-use-correct-type-with-sizeof-ok-djm.patch
Deleted
@@ -1,34 +0,0 @@ -From 18376847b8043ba967eabbe23692ef74c9a3fddc Mon Sep 17 00:00:00 2001 -From: "jsg@openbsd.org" <jsg@openbsd.org> -Date: Thu, 13 Oct 2022 09:09:28 +0000 -Subject: PATCH upstream: use correct type with sizeof ok djm@ - -OpenBSD-Commit-ID: d6c882c2e8a42ff831a5b3cbc2c961ecb2dd6143 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=18376847b8043ba967eabbe23692ef74c9a3fddc ---- - ssh.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ssh.c b/ssh.c -index e711dbd2..21cbd7c3 100644 ---- a/ssh.c -+++ b/ssh.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: ssh.c,v 1.577 2022/10/06 22:42:37 djm Exp $ */ -+/* $OpenBSD: ssh.c,v 1.578 2022/10/13 09:09:28 jsg Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -1579,7 +1579,7 @@ main(int ac, char **av) - if (options.hostbased_authentication) { - sensitive_data.nkeys = 10; - sensitive_data.keys = xcalloc(sensitive_data.nkeys, -- sizeof(struct sshkey)); -+ sizeof(*sensitive_data.keys)); - - /* XXX check errors? */ - #define L_PUBKEY(p,o) do { \ --- -2.27.0 -
View file
_service:tar_scm:backport-upstream-when-restoring-non-blocking-mode-to-stdio-f.patch
Deleted
@@ -1,92 +0,0 @@ -From 35253af01d8c0ab444c8377402121816e71c71f5 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Wed, 18 Jan 2023 02:00:10 +0000 -Subject: PATCH upstream: when restoring non-blocking mode to stdio -fds, - restore - -exactly the flags that ssh started with and don't just clobber them with -zero, as this could also remove the append flag from the set; - -bz3523; ok dtucker@ - -OpenBSD-Commit-ID: 1336b03e881db7564a4b66014eb24c5230e9a0c0 -Conflict:NA -Reference:https://anongit.mindrot.org/openssh.git/commit?id=35253af01d8c0ab444c8377402121816e71c71f5 ---- - channels.c | 19 ++++++++++++++----- - channels.h | 3 ++- - 2 files changed, 16 insertions(+), 6 deletions(-) - -diff --git a/channels.c b/channels.c -index ea4d8da..cee4d2c 100644 ---- a/channels.c -+++ b/channels.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: channels.c,v 1.420 2022/09/19 08:49:50 djm Exp $ */ -+/* $OpenBSD: channels.c,v 1.427 2023/01/18 02:00:10 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -337,16 +337,19 @@ channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd, - */ - if (rfd != -1 && !isatty(rfd) && - (val = fcntl(rfd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { -+ c->restore_flags0 = val; - c->restore_block |= CHANNEL_RESTORE_RFD; - set_nonblock(rfd); - } - if (wfd != -1 && !isatty(wfd) && - (val = fcntl(wfd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { -+ c->restore_flags1 = val; - c->restore_block |= CHANNEL_RESTORE_WFD; - set_nonblock(wfd); - } - if (efd != -1 && !isatty(efd) && - (val = fcntl(efd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { -+ c->restore_flags2 = val; - c->restore_block |= CHANNEL_RESTORE_EFD; - set_nonblock(efd); - } -@@ -428,10 +431,16 @@ channel_close_fd(struct ssh *ssh, Channel *c, int *fdp) - if (fd == -1) - return 0; - -- if ((*fdp == c->rfd && (c->restore_block & CHANNEL_RESTORE_RFD) != 0) || -- (*fdp == c->wfd && (c->restore_block & CHANNEL_RESTORE_WFD) != 0) || -- (*fdp == c->efd && (c->restore_block & CHANNEL_RESTORE_EFD) != 0)) -- (void)fcntl(*fdp, F_SETFL, 0); /* restore blocking */ -+ /* restore blocking */ -+ if (*fdp == c->rfd && -+ (c->restore_block & CHANNEL_RESTORE_RFD) != 0) -+ (void)fcntl(*fdp, F_SETFL, c->restore_flags0); -+ else if (*fdp == c->wfd && -+ (c->restore_block & CHANNEL_RESTORE_WFD) != 0) -+ (void)fcntl(*fdp, F_SETFL, c->restore_flags1); -+ else if (*fdp == c->efd && -+ (c->restore_block & CHANNEL_RESTORE_EFD) != 0) -+ (void)fcntl(*fdp, F_SETFL, c->restore_flags2); - - if (*fdp == c->rfd) { - c->io_want &= ~SSH_CHAN_IO_RFD; -diff --git a/channels.h b/channels.h -index 7d8a83e..9b1b11e 100644 ---- a/channels.h -+++ b/channels.h -@@ -1,4 +1,4 @@ --/* $OpenBSD: channels.h,v 1.143 2022/05/05 00:56:58 djm Exp $ */ -+/* $OpenBSD: channels.h,v 1.148 2023/01/18 02:00:10 djm Exp $ */ - - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> -@@ -153,6 +153,7 @@ struct Channel { - * this way post-IO handlers are not - * accidentally called if a FD gets reused */ - int restore_block; /* fd mask to restore blocking status */ -+ int restore_flags3; /* flags to restore */ - struct sshbuf *input; /* data read from socket, to be sent over - * encrypted connection */ - struct sshbuf *output; /* data received over encrypted connection for --- -2.23.0 -
View file
_service:tar_scm:bugfix-openssh-add-option-check-username-splash.patch
Changed
@@ -14,10 +14,10 @@ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/auth2.c b/auth2.c -index 203ba01..284ea19 100644 +index 4d574bb..c480aab 100644 --- a/auth2.c +++ b/auth2.c -@@ -281,11 +281,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) +@@ -278,11 +278,13 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) debug("userauth-request for user %s service %s method %s", user, service, method); debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); @@ -33,10 +33,10 @@ *style++ = 0; diff --git a/servconf.c b/servconf.c -index d72fb62..6888971 100644 +index bcf69fd..b8340d8 100644 --- a/servconf.c +++ b/servconf.c -@@ -201,6 +201,7 @@ initialize_server_options(ServerOptions *options) +@@ -199,6 +199,7 @@ initialize_server_options(ServerOptions *options) options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; @@ -44,7 +44,7 @@ options->fingerprint_hash = -1; options->disable_forwarding = -1; options->expose_userauth_info = -1; -@@ -460,6 +461,8 @@ fill_default_server_options(ServerOptions *options) +@@ -456,6 +457,8 @@ fill_default_server_options(ServerOptions *options) options->ip_qos_bulk = IPTOS_DSCP_CS1; if (options->version_addendum == NULL) options->version_addendum = xstrdup(""); @@ -53,15 +53,15 @@ if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) options->fwd_opts.streamlocal_bind_mask = 0177; if (options->fwd_opts.streamlocal_bind_unlink == -1) -@@ -553,6 +556,7 @@ typedef enum { +@@ -557,6 +560,7 @@ typedef enum { sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, - sRequiredRSASize, -+ sCheckUserSplash, + sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout, ++ sCheckUserSplash, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; -@@ -726,6 +730,7 @@ static struct { +@@ -730,6 +734,7 @@ static struct { { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, { "exposeauthinfo", sExposeAuthInfo, SSHCFG_ALL }, @@ -69,7 +69,7 @@ { "rdomain", sRDomain, SSHCFG_ALL }, { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, -@@ -1384,6 +1389,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, +@@ -1443,6 +1448,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, case sUsePAM: intptr = &options->use_pam; goto parse_flag; @@ -80,19 +80,19 @@ /* Standard Options */ case sBadOption: diff --git a/servconf.h b/servconf.h -index 77fd779..694addf 100644 +index ccc0181..cb57dac 100644 --- a/servconf.h +++ b/servconf.h @@ -237,6 +237,7 @@ typedef struct { int fingerprint_hash; int expose_userauth_info; u_int64_t timing_secret; -+ int check_user_splash; /* check whether splash exists in username, if exist, disable login */ ++ int check_user_splash; /* check whether splash exists in username, if exist, disable login */ char *sk_provider; int required_rsa_size; /* minimum size of RSA keys */ - } ServerOptions; + diff --git a/sshd_config b/sshd_config -index 6d47368..973aecf 100644 +index 9851748..d57f11d 100644 --- a/sshd_config +++ b/sshd_config @@ -128,3 +128,5 @@ Subsystem sftp /usr/libexec/sftp-server @@ -102,5 +102,5 @@ +#CheckUserSplash yes + -- -2.27.0 +2.23.0
View file
_service:tar_scm:feature-add-SMx-support.patch
Changed
@@ -1,13 +1,7 @@ -From 93b312c0263cbf40f66448ff7ddbea7a2def1953 Mon Sep 17 00:00:00 2001 -From: kircher <majun65@huawei.com> -Date: Fri, 29 Jul 2022 10:45:08 +0800 -Subject: PATCH add SMx support in openssh -HostKeyAlgorithms sm2 -KexAlgorithms sm2-sm3 -MACs hmac-sm3 -Ciphers sm4-ctr -PubkeyAcceptedAlgorithms sm2 -FingerprintHash sm3 +From d2e28809c673f914b49147ca3fa31e08b9e885d7 Mon Sep 17 00:00:00 2001 +From: renmingshuai <renmingshuai@huawei.com> +Date: Sat, 29 Jul 2023 10:50:29 +0800 +Subject: PATCH feature add sm2 --- Makefile.in | 4 +- @@ -31,21 +25,21 @@ ssh-ecdsa.c | 6 +- ssh-keygen.c | 12 +- ssh-keyscan.c | 12 +- - ssh-sm2.c | 230 +++++++++++++++ + ssh-sm2.c | 381 ++++++++++++++++++++++++ ssh_api.c | 2 + sshconnect2.c | 1 + sshd.c | 7 + - sshkey.c | 62 +++- - sshkey.h | 9 + - 27 files changed, 794 insertions(+), 16 deletions(-) + sshkey.c | 21 ++ + sshkey.h | 2 + + 27 files changed, 899 insertions(+), 14 deletions(-) create mode 100644 kexsm2.c create mode 100644 ssh-sm2.c diff --git a/Makefile.in b/Makefile.in -index 07bf440..1393190 100644 +index 5fec5b3..7dcda3e 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -100,14 +100,14 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ +@@ -102,14 +102,14 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ log.o match.o moduli.o nchan.o packet.o \ readpass.o ttymodes.o xmalloc.o addr.o addrmatch.o \ atomicio.o dispatch.o mac.o misc.o utf8.o \ @@ -56,17 +50,17 @@ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \ ssh-ed25519.o digest-openssl.o digest-libc.o \ - hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ + hmac.o ed25519.o hash.o \ - kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ + kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o kexsm2.o \ kexgexc.o kexgexs.o \ kexsntrup761x25519.o sntrup761.o kexgen.o \ kexgssc.o \ diff --git a/authfd.c b/authfd.c -index 9f092f7..163b4b5 100644 +index 25a3636..bcc25a7 100644 --- a/authfd.c +++ b/authfd.c -@@ -512,6 +512,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, +@@ -583,6 +583,8 @@ ssh_add_identity_constrained(int sock, struct sshkey *key, case KEY_DSA_CERT: case KEY_ECDSA: case KEY_ECDSA_CERT: @@ -76,10 +70,10 @@ case KEY_ECDSA_SK_CERT: #endif diff --git a/authfile.c b/authfile.c -index 666730b..dce1e84 100644 +index 445f2dd..3884031 100644 --- a/authfile.c +++ b/authfile.c -@@ -343,6 +343,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, +@@ -332,6 +332,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase, case KEY_RSA: case KEY_DSA: case KEY_ECDSA: @@ -88,10 +82,10 @@ case KEY_ED25519: case KEY_XMSS: diff --git a/cipher.c b/cipher.c -index b54b994..039e414 100644 +index 609450d..7f98413 100644 --- a/cipher.c +++ b/cipher.c -@@ -88,6 +88,7 @@ static const struct sshcipher ciphers = { +@@ -86,6 +86,7 @@ static const struct sshcipher ciphers = { #endif { "chacha20-poly1305@openssh.com", 8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL }, @@ -126,10 +120,10 @@ struct sshbuf; struct ssh_digest_ctx; diff --git a/kex.c b/kex.c -index d0a9dee..6284f90 100644 +index 0fbd0ca..e9dfcc2 100644 --- a/kex.c +++ b/kex.c -@@ -124,6 +124,7 @@ static const struct kexalg kexalgs = { +@@ -125,6 +125,7 @@ static const struct kexalg kexalgs = { SSH_DIGEST_SHA512 }, #endif #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */ @@ -138,7 +132,7 @@ }; static const struct kexalg gss_kexalgs = { diff --git a/kex.h b/kex.h -index d26ba26..8b95227 100644 +index 0fac9d3..044ec18 100644 --- a/kex.h +++ b/kex.h @@ -102,6 +102,7 @@ enum kex_exchange { @@ -149,7 +143,7 @@ #ifdef GSSAPI KEX_GSS_GRP1_SHA1, KEX_GSS_GRP14_SHA1, -@@ -277,6 +278,8 @@ int kexc25519_shared_key_ext(const u_char keyCURVE25519_SIZE, +@@ -287,6 +288,8 @@ int kexc25519_shared_key_ext(const u_char keyCURVE25519_SIZE, __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); @@ -223,7 +217,7 @@ kex->ec_client_key = NULL; return r; diff --git a/kexgen.c b/kexgen.c -index 31f90f5..f3eff47 100644 +index ca70484..4855d5c 100644 --- a/kexgen.c +++ b/kexgen.c @@ -111,6 +111,7 @@ kex_gen_client(struct ssh *ssh) @@ -242,7 +236,7 @@ r = kex_ecdh_dec(kex, server_blob, &shared_secret); break; #endif -@@ -280,6 +282,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) +@@ -298,6 +300,7 @@ input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh) &shared_secret); break; case KEX_ECDH_SHA2: @@ -687,7 +681,7 @@ /* * Configuration file in user's home directory. This file need not be diff --git a/regress/agent.sh b/regress/agent.sh -index f187b67..42a5124 100644 +index 5f10606..3ab40b4 100644 --- a/regress/agent.sh +++ b/regress/agent.sh @@ -87,9 +87,18 @@ fi @@ -764,10 +758,10 @@ sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details); sshkey_sig_details_free(details); diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c -index 3bd71a9..312e8f2 100644 +index c26761e..d335b29 100644 --- a/regress/unittests/kex/test_kex.c +++ b/regress/unittests/kex/test_kex.c -@@ -152,6 +152,7 @@ do_kex_with_key(char *kex, int keytype, int bits) +@@ -151,6 +151,7 @@ do_kex_with_key(char *kex, int keytype, int bits) #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ server2->kex->kexKEX_C25519_SHA256 = kex_gen_server; @@ -775,7 +769,7 @@ server2->kex->kexKEX_KEM_SNTRUP761X25519_SHA512 = kex_gen_server; server2->kex->load_host_public_key = server->kex->load_host_public_key; server2->kex->load_host_private_key = server->kex->load_host_private_key; -@@ -186,6 +187,7 @@ do_kex(char *kex) +@@ -185,6 +186,7 @@ do_kex(char *kex) #endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ do_kex_with_key(kex, KEY_ED25519, 256); @@ -783,7 +777,7 @@ } void -@@ -202,6 +204,7 @@ kex_tests(void) +@@ -201,6 +203,7 @@ kex_tests(void) do_kex("diffie-hellman-group-exchange-sha1"); do_kex("diffie-hellman-group14-sha1"); do_kex("diffie-hellman-group1-sha1"); @@ -792,10 +786,10 @@ do_kex("sntrup761x25519-sha512@openssh.com"); # endif /* USE_SNTRUP761X25519 */ diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c -index b036796..6697be6 100644 +index b705157..5445ab5 100644 --- a/ssh-ecdsa.c +++ b/ssh-ecdsa.c -@@ -66,7 +66,8 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, +@@ -256,7 +256,8 @@ ssh_ecdsa_sign(struct sshkey *key, *sigp = NULL; if (key == NULL || key->ecdsa == NULL || @@ -805,21 +799,21 @@ return SSH_ERR_INVALID_ARGUMENT; if ((hash_alg = sshkey_ec_nid_to_hash_alg(key->ecdsa_nid)) == -1) -@@ -133,7 +134,8 @@ ssh_ecdsa_verify(const struct sshkey *key,
View file
_service:tar_scm:openssh-5.8p2-sigpipe.patch
Changed
@@ -1,4 +1,3 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-5.8p2-sigpipe.patch diff -up openssh-5.8p2/ssh-keyscan.c.sigpipe openssh-5.8p2/ssh-keyscan.c --- openssh-5.8p2/ssh-keyscan.c.sigpipe 2011-08-23 18:30:33.873025916 +0200 +++ openssh-5.8p2/ssh-keyscan.c 2011-08-23 18:32:24.574025362 +0200
View file
_service:tar_scm:openssh-6.6.1p1-log-in-chroot.patch
Changed
@@ -1,4 +1,3 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6.1p1-log-in-chroot.patch diff -up openssh-8.6p1/log.c.log-in-chroot openssh-8.6p1/log.c --- openssh-8.6p1/log.c.log-in-chroot 2021-04-16 05:55:25.000000000 +0200 +++ openssh-8.6p1/log.c 2021-04-19 14:43:08.544843434 +0200
View file
_service:tar_scm:openssh-6.6p1-allow-ip-opts.patch
Changed
@@ -1,7 +1,7 @@ diff -up openssh/sshd.c.ip-opts openssh/sshd.c --- openssh/sshd.c.ip-opts 2016-07-25 13:58:48.998507834 +0200 +++ openssh/sshd.c 2016-07-25 14:01:28.346469878 +0200 -@@ -1507,12 +1507,29 @@ check_ip_options(struct ssh *ssh) +@@ -1507,12 +1507,32 @@ check_ip_options(struct ssh *ssh) if (getsockopt(sock_in, IPPROTO_IP, IP_OPTIONS, opts, &option_size) >= 0 && option_size != 0) { @@ -21,11 +21,14 @@ + case 130: + case 133: + case 134: -+ i += optsi + 1; -+ break; ++ if (i + 1 < option_size && optsi + 1 >= 2) { ++ i += optsi + 1; ++ break; ++ } ++ /* FALLTHROUGH */ + default: + /* Fail, fatally, if we detect either loose or strict -+ * source routing options. */ ++ * or incorrect source routing options. */ + text0 = '\0'; + for (i = 0; i < option_size; i++) + snprintf(text + i*3, sizeof(text) - i*3,
View file
_service:tar_scm:openssh-6.6p1-keycat.patch
Changed
@@ -1,4 +1,3 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.6p1-keycat.patch diff -up openssh/misc.c.keycat openssh/misc.c --- openssh/misc.c.keycat 2015-06-24 10:57:50.158849606 +0200 +++ openssh/misc.c 2015-06-24 11:04:23.989868638 +0200 @@ -65,7 +64,7 @@ $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) $(CHANNELLIBS) +ssh-keycat$(EXEEXT): $(LIBCOMPAT) $(SSHDOBJS) libssh.a ssh-keycat.o uidswap.o -+ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS) $(CHANNELLIBS) ++ $(LD) -o $@ ssh-keycat.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(KEYCATLIBS) $(LIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS) $(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) $(CHANNELLIBS)
View file
_service:tar_scm:openssh-6.6p1-kuserok.patch
Changed
@@ -91,7 +91,7 @@ + * configuring krb5.conf or using a suitable plugin to meet the needs of the + * given environment. + * -+ * The Fedora and RHEL version of openssh contain two patches which modify the ++ * The openEuler version of openssh contain two patches which modify the + * access control behavior: + * - openssh-6.6p1-kuserok.patch + * - openssh-6.6p1-force_krb.patch @@ -106,8 +106,8 @@ + * rejected. Nevertheless the patch ignores the fact that krb5_kuserok() does + * no only check .k5login but other sources as well and checking .k5login can + * be disabled for all applications in krb5.conf as well. With this new -+ * option KerberosUseKuserok set to 'no' (and this is the default for RHEL7 -+ * and Fedora 21) openssh can only use krb5_aname_to_localname() with the ++ * option KerberosUseKuserok set to 'no' (and this is the default for ++ * openEuler) openssh can only use krb5_aname_to_localname() with the + * restrictions mentioned above. + * + * openssh-6.6p1-force_krb.patch adds a ksu like behaviour to ssh, i.e. when @@ -196,11 +196,11 @@ sPort, sHostKeyFile, sLoginGraceTime, sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, -- sKerberosGetAFSToken, sKerberosUniqueCCache, -+ sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok, - sPasswordAuthentication, - sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, - sPrintMotd, sPrintLastLog, sIgnoreRhosts, +- sKerberosGetAFSToken, sKerberosUniqueCCache, sPasswordAuthentication, ++ sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok, sPasswordAuthentication, + sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, + sPrintMotd, sPrintLastLog, sIgnoreRhosts, + sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, @@ -478,12 +481,14 @@ static struct { { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, #endif
View file
_service:tar_scm:openssh-6.7p1-coverity.patch
Changed
@@ -1,38 +1,7 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-6.7p1-coverity.patch - ---- - auth-krb5.c | 2 ++ - auth-options.c | 1 + - channels.c | 6 ++++-- - dns.c | 1 + - gss-genr.c | 3 ++- - kexgssc.c | 4 +++- - krl.c | 4 ++++ - loginrec.c | 4 ++++ - misc.c | 3 +++ - moduli.c | 1 + - monitor.c | 4 ++-- - monitor_wrap.c | 6 +++--- - openbsd-compat/bindresvport.c | 2 +- - openbsd-compat/bsd-pselect.c | 8 ++++---- - readconf.c | 1 + - scp.c | 4 ++-- - servconf.c | 5 +++-- - serverloop.c | 2 +- - session.c | 2 ++ - sftp.c | 3 ++- - ssh-agent.c | 5 +++-- - ssh-keygen.c | 7 +++++++ - ssh.c | 1 + - sshd.c | 9 +++++++-- - sshsig.c | 1 + - 25 files changed, 65 insertions(+), 24 deletions(-) - -diff --git a/auth-krb5.c b/auth-krb5.c -index d80c3ab..71ea1e3 100644 ---- a/auth-krb5.c -+++ b/auth-krb5.c -@@ -426,6 +426,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx, krb5_ccache *ccache, int *need_environm +diff -up openssh-8.5p1/auth-krb5.c.coverity openssh-8.5p1/auth-krb5.c +--- openssh-8.5p1/auth-krb5.c.coverity 2021-03-24 12:03:33.724967756 +0100 ++++ openssh-8.5p1/auth-krb5.c 2021-03-24 12:03:33.782968159 +0100 +@@ -426,6 +426,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx, umask(old_umask); if (tmpfd == -1) { logit("mkstemp(): %.100s", strerror(oerrno)); @@ -40,7 +9,7 @@ return oerrno; } -@@ -433,6 +434,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx, krb5_ccache *ccache, int *need_environm +@@ -433,6 +434,7 @@ ssh_krb5_cc_new_unique(krb5_context ctx, oerrno = errno; logit("fchmod(): %.100s", strerror(oerrno)); close(tmpfd); @@ -48,11 +17,10 @@ return oerrno; } /* make sure the KRB5CCNAME is set for non-standard location */ -diff --git a/auth-options.c b/auth-options.c -index 7cb2a64..a4b1db4 100644 ---- a/auth-options.c -+++ b/auth-options.c -@@ -723,6 +723,7 @@ serialise_array(struct sshbuf *m, char **a, size_t n) +diff -up openssh-8.5p1/auth-options.c.coverity openssh-8.5p1/auth-options.c +--- openssh-8.5p1/auth-options.c.coverity 2021-03-02 11:31:47.000000000 +0100 ++++ openssh-8.5p1/auth-options.c 2021-03-24 12:03:33.782968159 +0100 +@@ -706,6 +708,7 @@ serialise_array(struct sshbuf *m, char * return r; } /* success */ @@ -60,54 +28,10 @@ return 0; } -diff --git a/channels.c b/channels.c -index 300c753..ea4d8da 100644 ---- a/channels.c -+++ b/channels.c -@@ -4081,7 +4081,7 @@ int - channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) - { - int r, success = 0, idx = -1; -- char *host_to_connect, *listen_host, *listen_path; -+ char *host_to_connect = NULL, *listen_host = NULL, *listen_path = NULL; - int port_to_connect, listen_port; - - /* Send the forward request to the remote side. */ -@@ -4109,7 +4109,6 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) - success = 1; - if (success) { - /* Record that connection to this host/port is permitted. */ -- host_to_connect = listen_host = listen_path = NULL; - port_to_connect = listen_port = 0; - if (fwd->connect_path != NULL) { - host_to_connect = xstrdup(fwd->connect_path); -@@ -4130,6 +4129,9 @@ channel_request_remote_forwarding(struct ssh *ssh, struct Forward *fwd) - host_to_connect, port_to_connect, - listen_host, listen_path, listen_port, NULL); - } -+ free(host_to_connect); -+ free(listen_host); -+ free(listen_path); - return idx; - } - -diff --git a/dns.c b/dns.c -index f2310be..15218f1 100644 ---- a/dns.c -+++ b/dns.c -@@ -259,6 +259,7 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, - &hostkey_digest, &hostkey_digest_len, hostkey)) { - error("Error calculating key fingerprint."); - freerrset(fingerprints); -+ free(dnskey_digest); - return -1; - } - -diff --git a/gss-genr.c b/gss-genr.c -index 9f9745b..810b382 100644 ---- a/gss-genr.c -+++ b/gss-genr.c -@@ -168,8 +168,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, +diff -up openssh-8.5p1/gss-genr.c.coverity openssh-8.5p1/gss-genr.c +--- openssh-8.5p1/gss-genr.c.coverity 2021-03-26 11:52:46.613942552 +0100 ++++ openssh-8.5p1/gss-genr.c 2021-03-26 11:54:37.881726318 +0100 +@@ -167,8 +167,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup enclen = __b64_ntop(digest, ssh_digest_bytes(SSH_DIGEST_MD5), encoded, ssh_digest_bytes(SSH_DIGEST_MD5) * 2); @@ -118,10 +42,9 @@ for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { if (sshbuf_len(buf) != 0 && -diff --git a/kexgssc.c b/kexgssc.c -index 1c62740..080cf04 100644 ---- a/kexgssc.c -+++ b/kexgssc.c +diff -up openssh-8.5p1/kexgssc.c.coverity openssh-8.5p1/kexgssc.c +--- openssh-8.5p1/kexgssc.c.coverity 2021-03-24 12:03:33.711967665 +0100 ++++ openssh-8.5p1/kexgssc.c 2021-03-24 12:03:33.783968166 +0100 @@ -98,8 +98,10 @@ kexgss_client(struct ssh *ssh) default: fatal_f("Unexpected KEX type %d", kex->kex_type); @@ -134,11 +57,10 @@ token_ptr = GSS_C_NO_BUFFER; -diff --git a/krl.c b/krl.c -index 473a9d7..ae19762 100644 ---- a/krl.c -+++ b/krl.c -@@ -1209,6 +1209,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, +diff -up openssh-8.5p1/krl.c.coverity openssh-8.5p1/krl.c +--- openssh-8.5p1/krl.c.coverity 2021-03-02 11:31:47.000000000 +0100 ++++ openssh-8.5p1/krl.c 2021-03-24 12:03:33.783968166 +0100 +@@ -1209,6 +1209,7 @@ ssh_krl_from_blob(struct sshbuf *buf, st sshkey_free(key); sshbuf_free(copy); sshbuf_free(sect); @@ -146,7 +68,7 @@ return r; } -@@ -1261,6 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) +@@ -1261,6 +1262,7 @@ is_key_revoked(struct ssh_krl *krl, cons return r; erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); free(rb.blob); @@ -154,7 +76,7 @@ if (erb != NULL) { KRL_DBG(("revoked by key SHA1")); return SSH_ERR_KEY_REVOKED; -@@ -1271,6 +1273,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) +@@ -1271,6 +1273,7 @@ is_key_revoked(struct ssh_krl *krl, cons return r; erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb); free(rb.blob); @@ -162,7 +84,7 @@ if (erb != NULL) { KRL_DBG(("revoked by key SHA256")); return SSH_ERR_KEY_REVOKED; -@@ -1282,6 +1285,7 @@ is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) +@@ -1282,6 +1285,7 @@ is_key_revoked(struct ssh_krl *krl, cons return r; erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); free(rb.blob); @@ -170,11 +92,10 @@ if (erb != NULL) { KRL_DBG(("revoked by explicit key")); return SSH_ERR_KEY_REVOKED; -diff --git a/loginrec.c b/loginrec.c -index 4f21499..e0606be 100644 ---- a/loginrec.c -+++ b/loginrec.c -@@ -691,9 +691,11 @@ construct_utmp(struct logininfo *li, +diff -up openssh-8.5p1/loginrec.c.coverity openssh-8.5p1/loginrec.c +--- openssh-8.5p1/loginrec.c.coverity 2021-03-24 13:18:53.793225885 +0100 ++++ openssh-8.5p1/loginrec.c 2021-03-24 13:21:27.948404751 +0100 +@@ -690,9 +690,11 @@ construct_utmp(struct logininfo *li, */ /* Use strncpy because we don't necessarily want null termination */
View file
_service:tar_scm:openssh-7.3p1-x11-max-displays.patch
Changed
@@ -1,19 +1,7 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.3p1-x11-max-displays.patch - ---- - channels.c | 23 ++++++++++++++--------- - channels.h | 2 +- - servconf.c | 12 +++++++++++- - servconf.h | 2 ++ - session.c | 5 +++-- - sshd_config.5 | 7 +++++++ - 6 files changed, 38 insertions(+), 13 deletions(-) - -diff --git a/channels.c b/channels.c -index 7230540..040a4c6 100644 ---- a/channels.c -+++ b/channels.c -@@ -101,8 +101,8 @@ +diff -up openssh-7.4p1/channels.c.x11max openssh-7.4p1/channels.c +--- openssh-7.4p1/channels.c.x11max 2016-12-23 15:46:32.071506625 +0100 ++++ openssh-7.4p1/channels.c 2016-12-23 15:46:32.139506636 +0100 +@@ -152,8 +152,8 @@ static int all_opens_permitted = 0; #define FWD_PERMIT_ANY_HOST "*" /* -- X11 forwarding */ @@ -24,7 +12,7 @@ /* Per-channel callback for pre/post IO actions */ typedef void chan_fn(struct ssh *, Channel *c); -@@ -4801,7 +4801,7 @@ rdynamic_connect_finish(struct ssh *ssh, Channel *c) +@@ -4228,7 +4228,7 @@ channel_send_window_changes(void) */ int x11_create_display_inet(struct ssh *ssh, int x11_display_offset, @@ -33,7 +21,7 @@ u_int *display_numberp, int **chanids) { Channel *nc = NULL; -@@ -4814,10 +4814,15 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, +@@ -4240,10 +4241,15 @@ x11_create_display_inet(int x11_display_ if (chanids == NULL) return -1; @@ -51,7 +39,7 @@ memset(&hints, 0, sizeof(hints)); hints.ai_family = ssh->chanctxt->IPv4or6; hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE; -@@ -4870,7 +4875,7 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset, +@@ -4295,7 +4301,7 @@ x11_create_display_inet(int x11_display_ if (num_socks > 0) break; } @@ -60,7 +48,7 @@ error("Failed to allocate internet-domain X11 display socket."); return -1; } -@@ -5054,7 +5059,7 @@ x11_connect_display(struct ssh *ssh) +@@ -4441,7 +4447,7 @@ x11_connect_display(void) memset(&hints, 0, sizeof(hints)); hints.ai_family = ssh->chanctxt->IPv4or6; hints.ai_socktype = SOCK_STREAM; @@ -69,7 +57,7 @@ if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) { error("%.100s: unknown host. (%s)", buf, ssh_gai_strerror(gaierr)); -@@ -5070,7 +5075,7 @@ x11_connect_display(struct ssh *ssh) +@@ -4457,7 +4463,7 @@ x11_connect_display(void) /* Connect it to the display. */ if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) { debug2("connect %.100s port %u: %.100s", buf, @@ -78,33 +66,33 @@ close(sock); continue; } -@@ -5080,7 +5085,7 @@ x11_connect_display(struct ssh *ssh) +@@ -4466,8 +4472,8 @@ x11_connect_display(void) + } freeaddrinfo(aitop); if (!ai) { - error("connect %.100s port %u: %.100s", buf, +- error("connect %.100s port %u: %.100s", buf, - 6000 + display_number, strerror(errno)); ++ error("connect %.100s port %u: %.100s", buf, + X11_PORT_MIN + display_number, strerror(errno)); return -1; } set_nodelay(sock); -diff --git a/channels.h b/channels.h -index 828c1b6..7d8a83e 100644 ---- a/channels.h -+++ b/channels.h -@@ -361,7 +361,7 @@ int permitopen_port(const char *); +diff -up openssh-7.4p1/channels.h.x11max openssh-7.4p1/channels.h +--- openssh-7.4p1/channels.h.x11max 2016-12-19 05:59:41.000000000 +0100 ++++ openssh-7.4p1/channels.h 2016-12-23 15:46:32.139506636 +0100 +@@ -293,7 +293,7 @@ int permitopen_port(const char *); - void channel_set_x11_refuse_time(struct ssh *, u_int); + void channel_set_x11_refuse_time(struct ssh *, time_t); int x11_connect_display(struct ssh *); -int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **); +int x11_create_display_inet(struct ssh *, int, int, int, int, u_int *, int **); void x11_request_forwarding_with_spoofing(struct ssh *, int, const char *, const char *, const char *, int); -diff --git a/servconf.c b/servconf.c -index 13c4a08..fdba127 100644 ---- a/servconf.c -+++ b/servconf.c -@@ -115,6 +115,7 @@ initialize_server_options(ServerOptions *options) +diff -up openssh-7.4p1/servconf.c.x11max openssh-7.4p1/servconf.c +--- openssh-7.4p1/servconf.c.x11max 2016-12-23 15:46:32.133506635 +0100 ++++ openssh-7.4p1/servconf.c 2016-12-23 15:47:27.320519121 +0100 +@@ -95,6 +95,7 @@ initialize_server_options(ServerOptions options->print_lastlog = -1; options->x11_forwarding = -1; options->x11_display_offset = -1; @@ -112,7 +100,7 @@ options->x11_use_localhost = -1; options->permit_tty = -1; options->permit_user_rc = -1; -@@ -330,6 +331,8 @@ fill_default_server_options(ServerOptions *options) +@@ -243,6 +244,8 @@ fill_default_server_options(ServerOption options->x11_forwarding = 0; if (options->x11_display_offset == -1) options->x11_display_offset = 10; @@ -121,16 +109,16 @@ if (options->x11_use_localhost == -1) options->x11_use_localhost = 1; if (options->xauth_location == NULL) -@@ -518,7 +521,7 @@ typedef enum { - sPasswordAuthentication, - sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, - sPrintMotd, sPrintLastLog, sIgnoreRhosts, +@@ -419,7 +422,7 @@ typedef enum { + sKerberosGetAFSToken, sKerberosUniqueCCache, sKerberosUseKuserok, sPasswordAuthentication, + sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, + sPrintMotd, sPrintLastLog, sIgnoreRhosts, - sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, + sX11Forwarding, sX11DisplayOffset, sX11MaxDisplays, sX11UseLocalhost, sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive, sPermitUserEnvironment, sAllowTcpForwarding, sCompression, sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, -@@ -652,6 +655,7 @@ static struct { +@@ -540,6 +543,7 @@ static struct { { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL }, { "x11forwarding", sX11Forwarding, SSHCFG_ALL }, { "x11displayoffset", sX11DisplayOffset, SSHCFG_ALL }, @@ -138,7 +126,7 @@ { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, -@@ -1680,6 +1684,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, +@@ -1316,6 +1320,10 @@ process_server_config_line(ServerOptions *intptr = value; break; @@ -149,7 +137,7 @@ case sX11UseLocalhost: intptr = &options->x11_use_localhost; goto parse_flag; -@@ -2678,6 +2686,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) +@@ -2063,6 +2071,7 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(fwd_opts.streamlocal_bind_unlink); M_CP_INTOPT(x11_display_offset); M_CP_INTOPT(x11_forwarding); @@ -157,7 +145,7 @@ M_CP_INTOPT(x11_use_localhost); M_CP_INTOPT(permit_tty); M_CP_INTOPT(permit_user_rc); -@@ -2953,6 +2962,7 @@ dump_config(ServerOptions *o) +@@ -2315,6 +2324,7 @@ dump_config(ServerOptions *o) #endif dump_cfg_int(sLoginGraceTime, o->login_grace_time); dump_cfg_int(sX11DisplayOffset, o->x11_display_offset); @@ -165,11 +153,10 @@ dump_cfg_int(sMaxAuthTries, o->max_authtries); dump_cfg_int(sMaxSessions, o->max_sessions); dump_cfg_int(sClientAliveInterval, o->client_alive_interval); -diff --git a/servconf.h b/servconf.h -index 37d3a6f..77fd779 100644 ---- a/servconf.h -+++ b/servconf.h -@@ -45,6 +45,7 @@ +diff -up openssh-7.4p1/servconf.h.x11max openssh-7.4p1/servconf.h +--- openssh-7.4p1/servconf.h.x11max 2016-12-23 15:46:32.133506635 +0100 ++++ openssh-7.4p1/servconf.h 2016-12-23 15:46:32.140506636 +0100 +@@ -55,6 +55,7 @@ #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ #define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */ @@ -177,7 +164,7 @@ /* Magic name for internal sftp-server */ #define INTERNAL_SFTP_NAME "internal-sftp" -@@ -105,6 +106,7 @@ typedef struct { +@@ -85,6 +86,7 @@ typedef struct { int x11_forwarding; /* If true, permit inet (spoofing) X11 fwd. */ int x11_display_offset; /* What DISPLAY number to start * searching at */ @@ -185,14 +172,13 @@
View file
_service:tar_scm:openssh-7.4p1-systemd.patch
Changed
@@ -1,17 +1,14 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.4p1-systemd.patch +commit 0e22b79bfde45a7cf7a2e51a68ec11c4285f3b31 +Author: Jakub Jelen <jjelen@redhat.com> +Date: Mon Nov 21 15:04:06 2016 +0100 ---- - configure.ac | 24 ++++++++++++++++++++++++ - contrib/sshd.service | 16 ++++++++++++++++ - sshd.c | 9 +++++++++ - 3 files changed, 49 insertions(+) - create mode 100644 contrib/sshd.service + systemd stuff diff --git a/configure.ac b/configure.ac -index bbe133e..6f7dc48 100644 +index 2ffc369..162ce92 100644 --- a/configure.ac +++ b/configure.ac -@@ -4822,6 +4822,29 @@ AC_SUBST(GSSLIBS) +@@ -4265,6 +4265,30 @@ AC_ARG_WITH(kerberos5, AC_SUBST(K5LIBS) AC_SUBST(CHANNELLIBS) @@ -38,10 +35,11 @@ + fi +) + ++ # Looking for programs, paths and files PRIVSEP_PATH=/var/empty -@@ -5621,6 +5644,7 @@ echo " libldns support: $LDNS_MSG" +@@ -5097,6 +5121,7 @@ echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " Solaris privilege support: $SPP_MSG" @@ -72,10 +70,10 @@ +WantedBy=multi-user.target + diff --git a/sshd.c b/sshd.c -index 0d4cfef..2a9b96d 100644 +index 816611c..b8b9d13 100644 --- a/sshd.c +++ b/sshd.c -@@ -88,6 +88,10 @@ +@@ -85,6 +85,10 @@ #include <prot.h> #endif @@ -86,7 +84,7 @@ #include "xmalloc.h" #include "ssh.h" #include "ssh2.h" -@@ -2121,6 +2125,11 @@ main(int ac, char **av) +@@ -1888,6 +1892,11 @@ main(int ac, char **av) } } @@ -98,6 +96,3 @@ /* Accept a connection and return in a forked child */ server_accept_loop(&sock_in, &sock_out, &newsock, config_s); --- -2.27.0 -
View file
_service:tar_scm:openssh-7.5p1-sandbox.patch
Changed
@@ -21,7 +21,7 @@ + SC_ALLOW(__NR_flock), +#endif #ifdef __NR_futex - SC_ALLOW(__NR_futex), + SC_FUTEX(__NR_futex), #endif @@ -178,6 +181,9 @@ static const struct sock_filter preauth_insns = { #ifdef __NR_gettimeofday
View file
_service:tar_scm:openssh-7.6p1-audit.patch
Changed
@@ -1,55 +1,7 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.6p1-audit.patch - ---- - Makefile.in | 2 +- - audit-bsm.c | 45 ++++++- - audit-linux.c | 301 +++++++++++++++++++++++++++++++++++++++++++--- - audit.c | 129 ++++++++++++++++++-- - audit.h | 22 +++- - auditstub.c | 52 ++++++++ - auth.c | 3 - - auth.h | 5 + - auth2-hostbased.c | 16 ++- - auth2-pubkey.c | 16 ++- - auth2.c | 3 - - cipher.c | 21 +--- - cipher.h | 20 ++- - kex.c | 61 ++++++++-- - kex.h | 2 + - mac.c | 14 +++ - mac.h | 1 + - monitor.c | 194 ++++++++++++++++++++++++++++-- - monitor.h | 8 +- - monitor_wrap.c | 130 +++++++++++++++++++- - monitor_wrap.h | 11 +- - packet.c | 98 +++++++++++++-- - packet.h | 1 + - session.c | 84 +++++++++++-- - session.h | 10 +- - sshd.c | 103 +++++++++++++--- - sshkey.c | 32 +++++ - sshkey.h | 1 + - 28 files changed, 1274 insertions(+), 111 deletions(-) - create mode 100644 auditstub.c - -diff --git a/Makefile.in b/Makefile.in -index 45f7a93..9b4c06b 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -114,7 +114,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ - kexsntrup761x25519.o sntrup761.o kexgen.o \ - kexgssc.o \ - sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \ -- sshbuf-io.o -+ sshbuf-io.o auditstub.o - - SKOBJS= ssh-sk-client.o - -diff --git a/audit-bsm.c b/audit-bsm.c -index ccfcf6f..a49abb9 100644 ---- a/audit-bsm.c -+++ b/audit-bsm.c -@@ -373,12 +373,25 @@ audit_connection_from(const char *host, int port) +diff -up openssh-8.6p1/audit-bsm.c.audit openssh-8.6p1/audit-bsm.c +--- openssh-8.6p1/audit-bsm.c.audit 2021-04-16 05:55:25.000000000 +0200 ++++ openssh-8.6p1/audit-bsm.c 2021-04-19 16:47:35.753062106 +0200 +@@ -373,13 +373,26 @@ audit_connection_from(const char *host, #endif } @@ -67,16 +19,17 @@ /* not implemented */ } -+void + void +audit_count_session_open(void) +{ + /* not necessary */ +} + - void ++void audit_session_open(struct logininfo *li) { -@@ -391,6 +404,12 @@ audit_session_close(struct logininfo *li) + /* not implemented */ +@@ -391,6 +404,12 @@ audit_session_close(struct logininfo *li /* not implemented */ } @@ -89,7 +42,7 @@ void audit_event(struct ssh *ssh, ssh_audit_event_t event) { -@@ -452,4 +471,28 @@ audit_event(struct ssh *ssh, ssh_audit_event_t event) +@@ -452,4 +471,28 @@ audit_event(struct ssh *ssh, ssh_audit_e debug("%s: unhandled event %d", __func__, event); } } @@ -118,10 +71,234 @@ + /* not implemented */ +} #endif /* BSM */ -diff --git a/audit-linux.c b/audit-linux.c -index 3fcbe5c..a823c30 100644 ---- a/audit-linux.c -+++ b/audit-linux.c +diff -up openssh-8.6p1/audit.c.audit openssh-8.6p1/audit.c +--- openssh-8.6p1/audit.c.audit 2021-04-16 05:55:25.000000000 +0200 ++++ openssh-8.6p1/audit.c 2021-04-19 16:47:35.753062106 +0200 +@@ -34,6 +34,12 @@ + #include "log.h" + #include "hostfile.h" + #include "auth.h" ++#include "ssh-gss.h" ++#include "monitor_wrap.h" ++#include "xmalloc.h" ++#include "misc.h" ++#include "servconf.h" ++#include "ssherr.h" + + /* + * Care must be taken when using this since it WILL NOT be initialized when +@@ -41,6 +47,7 @@ + * audit_event(CONNECTION_ABANDON) is called. Test for NULL before using. + */ + extern Authctxt *the_authctxt; ++extern ServerOptions options; + + /* Maybe add the audit class to struct Authmethod? */ + ssh_audit_event_t +@@ -69,13 +76,10 @@ audit_classify_auth(const char *method) + const char * + audit_username(void) + { +- static const char unknownuser = "(unknown user)"; +- static const char invaliduser = "(invalid user)"; ++ static const char unknownuser = "(unknown)"; + +- if (the_authctxt == NULL || the_authctxt->user == NULL) ++ if (the_authctxt == NULL || the_authctxt->user == NULL || !the_authctxt->valid) + return (unknownuser); +- if (!the_authctxt->valid) +- return (invaliduser); + return (the_authctxt->user); + } + +@@ -109,6 +113,35 @@ audit_event_lookup(ssh_audit_event_t ev) + return(event_lookupi.name); + } + ++void ++audit_key(struct ssh *ssh, int host_user, int *rv, const struct sshkey *key) ++{ ++ char *fp; ++ ++ fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX); ++ if (audit_keyusage(ssh, host_user, fp, (*rv == 0)) == 0) ++ *rv = -SSH_ERR_INTERNAL_ERROR; ++ free(fp); ++} ++ ++void ++audit_unsupported(struct ssh *ssh, int what) ++{ ++ PRIVSEP(audit_unsupported_body(ssh, what)); ++} ++ ++void ++audit_kex(struct ssh *ssh, int ctos, char *enc, char *mac, char *comp, char *pfs) ++{ ++ PRIVSEP(audit_kex_body(ssh, ctos, enc, mac, comp, pfs, getpid(), getuid())); ++} ++ ++void ++audit_session_key_free(struct ssh *ssh, int ctos) ++{ ++ PRIVSEP(audit_session_key_free_body(ssh, ctos, getpid(), getuid())); ++} ++ + # ifndef CUSTOM_SSH_AUDIT_EVENTS + /* + * Null implementations of audit functions. +@@ -138,6 +171,17 @@ audit_event(struct ssh *ssh, ssh_audit_e + } + + /* ++ * Called when a child process has called, or will soon call, ++ * audit_session_open. ++ */ ++void ++audit_count_session_open(void) ++{ ++ debug("audit count session open euid %d user %s", geteuid(), ++ audit_username()); ++} ++ ++/* + * Called when a user session is started. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * +@@ -172,13 +216,82 @@ audit_session_close(struct logininfo *li + /* + * This will be called when a user runs a non-interactive command. Note that + * it may be called multiple times for a single connection since SSH2 allows +- * multiple sessions within a single connection. ++ * multiple sessions within a single connection. Returns a "handle" for ++ * audit_end_command. + */
View file
_service:tar_scm:openssh-7.7p1-gssapi-new-unique.patch
Changed
@@ -503,13 +503,12 @@ if (options->gss_authentication == -1) options->gss_authentication = 0; if (options->gss_keyex == -1) -@@ -506,7 +509,8 @@ typedef enum { +@@ -506,7 +509,7 @@ typedef enum { sPort, sHostKeyFile, sLoginGraceTime, sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose, sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, - sKerberosGetAFSToken, sPasswordAuthentication, -+ sKerberosGetAFSToken, sKerberosUniqueCCache, -+ sPasswordAuthentication, ++ sKerberosGetAFSToken, sKerberosUniqueCCache, sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sAddressFamily, sPrintMotd, sPrintLastLog, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
View file
_service:tar_scm:openssh-7.7p1.patch
Changed
@@ -15,7 +15,7 @@ diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat --- openssh/ssh_config_redhat.redhat 2020-02-13 18:13:39.180641839 +0100 +++ openssh/ssh_config_redhat 2020-02-13 18:13:39.180641839 +0100 -@@ -0,0 +1,21 @@ +@@ -0,0 +1,15 @@ +# The options here are in the "Match final block" to be applied as the last +# options and could be potentially overwritten by the user configuration +Match final all @@ -29,12 +29,6 @@ +# mode correctly we set this to yes. + ForwardX11Trusted yes + -+# Send locale-related environment variables -+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE -+ SendEnv XMODIFIERS -+ +# Uncomment this if you want to use .local domain +# Host *.local diff -up openssh/sshd_config.0.redhat openssh/sshd_config.0 @@ -86,7 +80,7 @@ diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat --- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100 +++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100 -@@ -0,0 +1,28 @@ +@@ -0,0 +1,22 @@ +# This system is following system-wide crypto policy. The changes to +# crypto properties (Ciphers, MACs, ...) will not have any effect in +# this or following included files. To override some configuration option, @@ -109,9 +103,3 @@ +# as it is more configurable and versatile than the built-in version. +PrintMotd no + -+# Accept locale-related environment variables -+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -+AcceptEnv XMODIFIERS -+
View file
_service:tar_scm:openssh-7.8p1-UsePAM-warning.patch
Changed
@@ -1,4 +1,3 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-7.8p1-UsePAM-warning.patch diff -up openssh-8.6p1/sshd.c.log-usepam-no openssh-8.6p1/sshd.c --- openssh-8.6p1/sshd.c.log-usepam-no 2021-04-19 14:00:45.099735129 +0200 +++ openssh-8.6p1/sshd.c 2021-04-19 14:03:21.140920974 +0200
View file
_service:tar_scm:openssh-8.0p1-crypto-policies.patch
Changed
@@ -1,8 +1,7 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-crypto-policies.patch -diff --color -ru a/ssh_config.5 b/ssh_config.5 ---- a/ssh_config.5 2022-07-12 15:05:22.550013071 +0200 -+++ b/ssh_config.5 2022-07-12 15:17:20.016704545 +0200 -@@ -373,17 +373,13 @@ +diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/ssh_config.5 openssh-9.3p1-patched/ssh_config.5 +--- openssh-9.3p1/ssh_config.5 2023-06-07 10:26:48.284590156 +0200 ++++ openssh-9.3p1-patched/ssh_config.5 2023-06-07 10:26:00.623052194 +0200 +@@ -378,17 +378,13 @@ causes no CNAMEs to be considered for canonicalization. This is the default behaviour. .It Cm CASignatureAlgorithms @@ -25,7 +24,7 @@ If the specified list begins with a .Sq + character, then the specified algorithms will be appended to the default set -@@ -445,20 +441,25 @@ +@@ -450,20 +446,25 @@ (the default), the check will not be executed. .It Cm Ciphers @@ -55,7 +54,7 @@ .Pp The supported ciphers are: .Bd -literal -offset indent -@@ -474,13 +475,6 @@ +@@ -479,13 +480,6 @@ chacha20-poly1305@openssh.com .Ed .Pp @@ -69,7 +68,7 @@ The list of available ciphers may also be obtained using .Qq ssh -Q cipher . .It Cm ClearAllForwardings -@@ -874,6 +868,11 @@ +@@ -885,6 +879,11 @@ The default is .Dq no . .It Cm GSSAPIKexAlgorithms @@ -81,7 +80,7 @@ The list of key exchange algorithms that are offered for GSSAPI key exchange. Possible values are .Bd -literal -offset 3n -@@ -886,10 +885,8 @@ +@@ -897,10 +896,8 @@ gss-curve25519-sha256- .Ed .Pp @@ -93,7 +92,7 @@ .It Cm HashKnownHosts Indicates that .Xr ssh 1 -@@ -913,36 +910,25 @@ +@@ -919,36 +916,25 @@ but may be manually hashed using .Xr ssh-keygen 1 . .It Cm HostbasedAcceptedAlgorithms @@ -138,7 +137,25 @@ .Pp The .Fl Q -@@ -1219,30 +1216,25 @@ +@@ -1001,6 +987,17 @@ + .Pp + The list of available signature algorithms may also be obtained using + .Qq ssh -Q HostKeyAlgorithms . ++.Pp ++The proposed ++.Cm HostKeyAlgorithms ++during KEX are limited to the set of algorithms that is defined in ++.Cm PubkeyAcceptedAlgorithms ++and therefore they are indirectly affected by system-wide ++.Xr crypto_policies 7 . ++.Xr crypto_policies 7 can not handle the list of host key algorithms directly as doing so ++would break the order given by the ++.Pa known_hosts ++file. + .It Cm HostKeyAlias + Specifies an alias that should be used instead of the + real host name when looking up or saving the host key +@@ -1232,30 +1229,25 @@ and .Cm pam . .It Cm KexAlgorithms @@ -178,7 +195,7 @@ .Pp The list of available key exchange algorithms may also be obtained using .Qq ssh -Q kex . -@@ -1351,37 +1344,33 @@ +@@ -1365,37 +1357,33 @@ file. This option is intended for debugging and no overrides are enabled by default. .It Cm MACs @@ -225,7 +242,7 @@ The list of available MAC algorithms may also be obtained using .Qq ssh -Q mac . .It Cm NoHostAuthenticationForLocalhost -@@ -1553,36 +1542,25 @@ +@@ -1567,39 +1555,31 @@ The default is .Cm no . .It Cm PubkeyAcceptedAlgorithms @@ -271,7 +288,13 @@ .Pp The list of available signature algorithms may also be obtained using .Qq ssh -Q PubkeyAcceptedAlgorithms . -@@ -2237,7 +2207,9 @@ for those users who do not have a config ++.Pp ++This option affects also ++.Cm HostKeyAlgorithms + .It Cm PubkeyAuthentication + Specifies whether to try public key authentication. + The argument to this keyword must be +@@ -2265,7 +2245,9 @@ This file must be world-readable. .El .Sh SEE ALSO @@ -282,10 +305,10 @@ .Sh AUTHORS .An -nosplit OpenSSH is a derivative of the original and free -diff --color -ru a/sshd_config.5 b/sshd_config.5 ---- a/sshd_config.5 2022-07-12 15:05:22.535012771 +0200 -+++ b/sshd_config.5 2022-07-12 15:15:33.394809258 +0200 -@@ -373,17 +373,13 @@ +diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/sshd_config.5 openssh-9.3p1-patched/sshd_config.5 +--- openssh-9.3p1/sshd_config.5 2023-06-07 10:26:48.277590077 +0200 ++++ openssh-9.3p1-patched/sshd_config.5 2023-06-07 10:26:00.592051845 +0200 +@@ -379,17 +379,13 @@ then no banner is displayed. By default, no banner is displayed. .It Cm CASignatureAlgorithms @@ -308,7 +331,7 @@ If the specified list begins with a .Sq + character, then the specified algorithms will be appended to the default set -@@ -450,20 +446,25 @@ +@@ -525,20 +521,25 @@ indicating not to .Xr chroot 2 . .It Cm Ciphers @@ -338,7 +361,7 @@ .Pp The supported ciphers are: .Pp -@@ -490,13 +491,6 @@ +@@ -565,13 +566,6 @@ chacha20-poly1305@openssh.com .El .Pp @@ -352,7 +375,7 @@ The list of available ciphers may also be obtained using .Qq ssh -Q cipher . .It Cm ClientAliveCountMax -@@ -685,53 +679,43 @@ +@@ -766,53 +760,43 @@ .Cm GSSAPIKeyExchange needs to be enabled in the server and also used by the client. .It Cm GSSAPIKexAlgorithms @@ -425,7 +448,7 @@ .Pp The list of available signature algorithms may also be obtained using .Qq ssh -Q HostbasedAcceptedAlgorithms . -@@ -799,25 +794,14 @@ +@@ -879,25 +863,14 @@ .Ev SSH_AUTH_SOCK environment variable. .It Cm HostKeyAlgorithms @@ -456,7 +479,7 @@ The list of available signature algorithms may also be obtained using .Qq ssh -Q HostKeyAlgorithms . .It Cm IgnoreRhosts -@@ -965,20 +947,25 @@ +@@ -1044,20 +1017,25 @@ The default is .Cm yes . .It Cm KexAlgorithms @@ -486,7 +509,7 @@ The supported algorithms are: .Pp .Bl -item -compact -offset indent -@@ -1010,16 +997,6 @@ +@@ -1089,16 +1067,6 @@ sntrup761x25519-sha512@openssh.com .El .Pp @@ -503,7 +526,7 @@ The list of available key exchange algorithms may also be obtained using .Qq ssh -Q KexAlgorithms . .It Cm ListenAddress -@@ -1104,21 +1082,26 @@ +@@ -1184,21 +1152,26 @@ file. This option is intended for debugging and no overrides are enabled by default. .It Cm MACs @@ -534,7 +557,7 @@ .Pp The algorithms that contain .Qq -etm
View file
_service:tar_scm:openssh-8.0p1-gssapi-keyex.patch
Changed
@@ -1,52 +1,8 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-gssapi-keyex.patch - ---- - Makefile.in | 3 +- - auth.c | 94 +------- - auth2-gss.c | 56 ++++- - auth2.c | 2 + - canohost.c | 93 ++++++++ - canohost.h | 3 + - clientloop.c | 11 + - configure.ac | 24 ++ - gss-genr.c | 297 +++++++++++++++++++++++- - gss-serv-krb5.c | 97 +++++++- - gss-serv.c | 205 +++++++++++++++-- - kex.c | 66 +++++- - kex.h | 29 +++ - kexdh.c | 10 + - kexgen.c | 2 +- - kexgssc.c | 599 ++++++++++++++++++++++++++++++++++++++++++++++++ - kexgsss.c | 474 ++++++++++++++++++++++++++++++++++++++ - monitor.c | 138 ++++++++++- - monitor.h | 2 + - monitor_wrap.c | 57 ++++- - monitor_wrap.h | 4 +- - readconf.c | 70 ++++++ - readconf.h | 6 + - servconf.c | 47 ++++ - servconf.h | 3 + - session.c | 10 +- - ssh-gss.h | 54 ++++- - ssh.1 | 8 + - ssh.c | 6 +- - ssh_config | 2 + - ssh_config.5 | 58 +++++ - sshconnect2.c | 156 ++++++++++++- - sshd.c | 62 ++++- - sshd_config | 2 + - sshd_config.5 | 31 +++ - sshkey.c | 3 +- - sshkey.h | 1 + - 37 files changed, 2623 insertions(+), 162 deletions(-) - create mode 100644 kexgssc.c - create mode 100644 kexgsss.c - diff --git a/Makefile.in b/Makefile.in -index f4c7540..8229885 100644 +index e7549470..b68c1710 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -112,6 +112,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ +@@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexgexc.o kexgexs.o \ kexsntrup761x25519.o sntrup761.o kexgen.o \ @@ -54,7 +10,7 @@ sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \ sshbuf-io.o -@@ -128,7 +129,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ +@@ -125,7 +126,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-pubkeyfile.o \ monitor.o monitor_wrap.o auth-krb5.o \ @@ -63,11 +19,19 @@ loginrec.o auth-pam.o auth-shadow.o auth-sia.o \ srclimit.o sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ -diff --git a/auth.c b/auth.c -index 13e8d79..a449f27 100644 ---- a/auth.c -+++ b/auth.c -@@ -358,7 +358,8 @@ auth_root_allowed(struct ssh *ssh, const char *method) +@@ -523,7 +523,7 @@ regress-prep: + ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile + + REGRESSLIBS=libssh.a $(LIBCOMPAT) +-TESTLIBS=$(LIBS) $(CHANNELLIBS) ++TESTLIBS=$(LIBS) $(CHANNELLIBS) $(GSSLIBS) + + regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \ +diff -up a/auth.c.gsskex b/auth.c +--- a/auth.c.gsskex 2021-08-20 06:03:49.000000000 +0200 ++++ b/auth.c 2021-08-27 12:41:51.262788953 +0200 +@@ -402,7 +402,8 @@ auth_root_allowed(struct ssh *ssh, const case PERMIT_NO_PASSWD: if (strcmp(method, "publickey") == 0 || strcmp(method, "hostbased") == 0 || @@ -77,11 +41,10 @@ return 1; break; case PERMIT_FORCED_ONLY: -@@ -639,97 +640,6 @@ fakepw(void) - return (&fake); +@@ -730,97 +731,6 @@ fakepw(void) } --/* + /* - * Returns the remote DNS hostname as a string. The returned string must not - * be freed. NB. this will usually trigger a DNS query the first time it is - * called. @@ -172,11 +135,12 @@ - return xstrdup(name); -} - - /* +-/* * Return the canonical name of the host in the other side of the current * connection. The host name is cached, so it is efficient to call this + * several times. diff --git a/auth2-gss.c b/auth2-gss.c -index d9b192c..cd6487c 100644 +index 9351e042..d6446c0c 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -1,7 +1,7 @@ @@ -188,7 +152,7 @@ * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions -@@ -55,6 +55,48 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); +@@ -54,6 +54,48 @@ static int input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh); static int input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh); static int input_gssapi_errtok(int, u_int32_t, struct ssh *); @@ -237,7 +201,7 @@ /* * We only support those mechanisms that we know about (ie ones that we know * how to check local user kuserok and the like) -@@ -261,7 +303,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) +@@ -260,7 +302,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, struct ssh *ssh) if ((r = sshpkt_get_end(ssh)) != 0) fatal_fr(r, "parse packet"); @@ -247,7 +211,7 @@ if ((!use_privsep || mm_is_monitor()) && (displayname = ssh_gssapi_displayname()) != NULL) -@@ -314,7 +357,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) +@@ -306,7 +349,8 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) gssbuf.length = sshbuf_len(b); if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) @@ -257,7 +221,7 @@ else logit("GSSAPI MIC check failed"); -@@ -336,6 +380,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) +@@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t plen, struct ssh *ssh) return 0; } @@ -269,12 +233,12 @@ + Authmethod method_gssapi = { "gssapi-with-mic", - NULL, + NULL, diff --git a/auth2.c b/auth2.c -index 15ae306..7510c25 100644 +index 0e776224..1c217268 100644 --- a/auth2.c +++ b/auth2.c -@@ -71,6 +71,7 @@ extern Authmethod method_passwd; +@@ -73,6 +73,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; #ifdef GSSAPI @@ -282,7 +246,7 @@ extern Authmethod method_gssapi; #endif -@@ -78,6 +79,7 @@ Authmethod *authmethods = { +@@ -80,6 +81,7 @@ Authmethod *authmethods = { &method_none, &method_pubkey, #ifdef GSSAPI @@ -291,7 +255,7 @@ #endif &method_passwd, diff --git a/canohost.c b/canohost.c -index a810da0..fe337d7 100644 +index abea9c6e..8e81b519 100644 --- a/canohost.c +++ b/canohost.c @@ -35,6 +35,99 @@ @@ -395,7 +359,7 @@ ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { diff --git a/canohost.h b/canohost.h -index 26d6285..0cadc9f 100644 +index 26d62855..0cadc9f1 100644 --- a/canohost.h +++ b/canohost.h @@ -15,6 +15,9 @@ @@ -409,10 +373,10 @@ int get_peer_port(int); char *get_local_ipaddr(int);
View file
_service:tar_scm:openssh-8.0p1-openssl-evp.patch
Deleted
@@ -1,720 +0,0 @@ -From ed7ec0cdf577ffbb0b15145340cf51596ca3eb89 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen <jjelen@redhat.com> -Date: Tue, 14 May 2019 10:45:45 +0200 -Subject: PATCH Use high-level OpenSSL API for signatures - ---- - digest-openssl.c | 16 ++++ - digest.h | 6 ++ - ssh-dss.c | 65 ++++++++++------ - ssh-ecdsa.c | 69 ++++++++++------- - ssh-rsa.c | 193 +++++++++-------------------------------------- - sshkey.c | 77 +++++++++++++++++++ - sshkey.h | 4 + - 7 files changed, 221 insertions(+), 209 deletions(-) - -diff --git a/digest-openssl.c b/digest-openssl.c -index da7ed72bc..6a21d8adb 100644 ---- a/digest-openssl.c -+++ b/digest-openssl.c -@@ -63,6 +63,22 @@ const struct ssh_digest digests = { - { -1, NULL, 0, NULL }, - }; - -+const EVP_MD * -+ssh_digest_to_md(int digest_type) -+{ -+ switch (digest_type) { -+ case SSH_DIGEST_SHA1: -+ return EVP_sha1(); -+ case SSH_DIGEST_SHA256: -+ return EVP_sha256(); -+ case SSH_DIGEST_SHA384: -+ return EVP_sha384(); -+ case SSH_DIGEST_SHA512: -+ return EVP_sha512(); -+ } -+ return NULL; -+} -+ - static const struct ssh_digest * - ssh_digest_by_alg(int alg) - { -diff --git a/digest.h b/digest.h -index 274574d0e..c7ceeb36f 100644 ---- a/digest.h -+++ b/digest.h -@@ -32,6 +32,12 @@ - struct sshbuf; - struct ssh_digest_ctx; - -+#ifdef WITH_OPENSSL -+#include <openssl/evp.h> -+/* Converts internal digest representation to the OpenSSL one */ -+const EVP_MD *ssh_digest_to_md(int digest_type); -+#endif -+ - /* Looks up a digest algorithm by name */ - int ssh_digest_alg_by_name(const char *name); - -diff --git a/ssh-dss.c b/ssh-dss.c -index a23c383dc..ea45e7275 100644 ---- a/ssh-dss.c -+++ b/ssh-dss.c -@@ -52,11 +52,15 @@ int - ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) - { -+ EVP_PKEY *pkey = NULL; - DSA_SIG *sig = NULL; - const BIGNUM *sig_r, *sig_s; -- u_char digestSSH_DIGEST_MAX_LENGTH, sigblobSIGBLOB_LEN; -- size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); -+ u_char sigblobSIGBLOB_LEN; -+ size_t rlen, slen; -+ int len; - struct sshbuf *b = NULL; -+ u_char *sigb = NULL; -+ const u_char *psig = NULL; - int ret = SSH_ERR_INVALID_ARGUMENT; - - if (lenp != NULL) -@@ -67,17 +71,24 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA) - return SSH_ERR_INVALID_ARGUMENT; -- if (dlen == 0) -- return SSH_ERR_INTERNAL_ERROR; - -- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, -- digest, sizeof(digest))) != 0) -+ if ((pkey = EVP_PKEY_new()) == NULL || -+ EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) -+ return SSH_ERR_ALLOC_FAIL; -+ ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len, -+ data, datalen); -+ EVP_PKEY_free(pkey); -+ if (ret < 0) { - goto out; -+ } - -- if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { -+ psig = sigb; -+ if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -+ free(sigb); -+ sigb = NULL; - - DSA_SIG_get0(sig, &sig_r, &sig_s); - rlen = BN_num_bytes(sig_r); -@@ -110,7 +121,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - *lenp = len; - ret = 0; - out: -- explicit_bzero(digest, sizeof(digest)); -+ free(sigb); - DSA_SIG_free(sig); - sshbuf_free(b); - return ret; -@@ -121,20 +132,20 @@ ssh_dss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) - { -+ EVP_PKEY *pkey = NULL; - DSA_SIG *sig = NULL; - BIGNUM *sig_r = NULL, *sig_s = NULL; -- u_char digestSSH_DIGEST_MAX_LENGTH, *sigblob = NULL; -- size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); -+ u_char *sigblob = NULL; -+ size_t len, slen; - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL; - char *ktype = NULL; -+ u_char *sigb = NULL, *psig = NULL; - - if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA || - signature == NULL || signaturelen == 0) - return SSH_ERR_INVALID_ARGUMENT; -- if (dlen == 0) -- return SSH_ERR_INTERNAL_ERROR; - - /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) -@@ -176,25 +187,31 @@ ssh_dss_verify(const struct sshkey *key, - } - sig_r = sig_s = NULL; /* transferred */ - -- /* sha1 the data */ -- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, -- digest, sizeof(digest))) != 0) -+ if ((slen = i2d_DSA_SIG(sig, NULL)) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; -- -- switch (DSA_do_verify(digest, dlen, sig, key->dsa)) { -- case 1: -- ret = 0; -- break; -- case 0: -- ret = SSH_ERR_SIGNATURE_INVALID; -+ } -+ if ((sigb = malloc(slen)) == NULL) { -+ ret = SSH_ERR_ALLOC_FAIL; - goto out; -- default: -+ } -+ psig = sigb; -+ if ((slen = i2d_DSA_SIG(sig, &psig)) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - -+ if ((pkey = EVP_PKEY_new()) == NULL || -+ EVP_PKEY_set1_DSA(pkey, key->dsa) != 1) { -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } -+ ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, datalen, -+ sigb, slen); -+ EVP_PKEY_free(pkey); -+ - out: -- explicit_bzero(digest, sizeof(digest)); -+ free(sigb); - DSA_SIG_free(sig); - BN_clear_free(sig_r); - BN_clear_free(sig_s); -diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c -index 599c7199d..b036796e8 100644 ---- a/ssh-ecdsa.c -+++ b/ssh-ecdsa.c -@@ -50,11 +50,13 @@ int - ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) - { -+ EVP_PKEY *pkey = NULL; - ECDSA_SIG *sig = NULL;
View file
_service:tar_scm:openssh-8.0p1-pkcs11-uri.patch
Changed
@@ -1,98 +1,7 @@ -Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.0p1-pkcs11-uri.patch - ---- - Makefile.in | 20 +- - configure.ac | 37 ++ - regress/agent-pkcs11.sh | 2 +- - regress/pkcs11.sh | 349 +++++++++++++++ - regress/unittests/pkcs11/tests.c | 337 +++++++++++++++ - ssh-add.c | 44 +- - ssh-agent.c | 101 ++++- - ssh-keygen.c | 7 +- - ssh-pkcs11-client.c | 3 + - ssh-pkcs11-uri.c | 419 ++++++++++++++++++ - ssh-pkcs11-uri.h | 42 ++ - ssh-pkcs11.c | 715 +++++++++++++++++++++++-------- - ssh-pkcs11.h | 4 + - ssh.c | 104 +++-- - ssh_config.5 | 15 + - 15 files changed, 1961 insertions(+), 238 deletions(-) - create mode 100644 regress/pkcs11.sh - create mode 100644 regress/unittests/pkcs11/tests.c - create mode 100644 ssh-pkcs11-uri.c - create mode 100644 ssh-pkcs11-uri.h - -diff --git a/Makefile.in b/Makefile.in -index 8229885..45f7a93 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -105,7 +105,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ - monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \ - ssh-ed25519-sk.o ssh-rsa.o dh.o \ - msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ -- ssh-pkcs11.o smult_curve25519_ref.o \ -+ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \ - poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \ - ssh-ed25519.o digest-openssl.o digest-libc.o \ - hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ -@@ -299,6 +299,8 @@ clean: regressclean - rm -f regress/unittests/sshsig/test_sshsig$(EXEEXT) - rm -f regress/unittests/utf8/*.o - rm -f regress/unittests/utf8/test_utf8$(EXEEXT) -+ rm -f regress/unittests/pkcs11/*.o -+ rm -f regress/unittests/pkcs11/test_pkcs11$(EXEEXT) - rm -f regress/misc/sk-dummy/*.o - rm -f regress/misc/sk-dummy/*.lo - rm -f regress/misc/sk-dummy/sk-dummy.so -@@ -336,6 +338,8 @@ distclean: regressclean - rm -f regress/unittests/sshsig/test_sshsig - rm -f regress/unittests/utf8/*.o - rm -f regress/unittests/utf8/test_utf8 -+ rm -f regress/unittests/pkcs11/*.o -+ rm -f regress/unittests/pkcs11/test_pkcs11 - rm -f regress/misc/sk-dummy/*.o - rm -f regress/misc/sk-dummy/*.lo - rm -f regress/misc/sk-dummy/sk-dummy.so -@@ -513,6 +517,7 @@ regress-prep: - $(MKDIR_P) `pwd`/regress/unittests/sshkey - $(MKDIR_P) `pwd`/regress/unittests/sshsig - $(MKDIR_P) `pwd`/regress/unittests/utf8 -+ $(MKDIR_P) `pwd`/regress/unittests/pkcs11 - $(MKDIR_P) `pwd`/regress/misc/sk-dummy - -f `pwd`/regress/Makefile || \ - ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile -@@ -679,6 +684,16 @@ regress/unittests/utf8/test_utf8$(EXEEXT): \ - regress/unittests/test_helper/libtest_helper.a \ - -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) - -+UNITTESTS_TEST_PKCS11_OBJS=\ -+ regress/unittests/pkcs11/tests.o -+ -+regress/unittests/pkcs11/test_pkcs11$(EXEEXT): \ -+ ${UNITTESTS_TEST_PKCS11_OBJS} \ -+ regress/unittests/test_helper/libtest_helper.a libssh.a -+ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_PKCS11_OBJS) \ -+ regress/unittests/test_helper/libtest_helper.a \ -+ -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) -+ - # These all need to be compiled -fPIC, so they are treated differently. - SK_DUMMY_OBJS=\ - regress/misc/sk-dummy/sk-dummy.lo \ -@@ -713,7 +728,8 @@ regress-unit-binaries: regress-prep $(REGRESSLIBS) \ - regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ - regress/unittests/sshkey/test_sshkey$(EXEEXT) \ - regress/unittests/sshsig/test_sshsig$(EXEEXT) \ -- regress/unittests/utf8/test_utf8$(EXEEXT) -+ regress/unittests/utf8/test_utf8$(EXEEXT) \ -+ regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \ - - tests: file-tests t-exec interop-tests unit - echo all tests passed -diff --git a/configure.ac b/configure.ac -index 6f7dc48..b57d0a5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2035,12 +2035,14 @@ AC_LINK_IFELSE( +diff -up openssh-8.7p1/configure.ac.pkcs11-uri openssh-8.7p1/configure.ac +--- openssh-8.7p1/configure.ac.pkcs11-uri 2021-08-30 13:07:43.646699953 +0200 ++++ openssh-8.7p1/configure.ac 2021-08-30 13:07:43.662700088 +0200 +@@ -1985,12 +1985,14 @@ AC_LINK_IFELSE( AC_DEFINE(HAVE_ISBLANK, 1, Define if you have isblank(3C).) ) @@ -107,7 +16,7 @@ fi ) -@@ -2064,6 +2066,40 @@ AC_SEARCH_LIBS(dlopen, dl) +@@ -2019,6 +2021,40 @@ AC_SEARCH_LIBS(dlopen, dl) AC_CHECK_FUNCS(dlopen) AC_CHECK_DECL(RTLD_NOW, , , #include <dlfcn.h>) @@ -148,7 +57,7 @@ # IRIX has a const char return value for gai_strerror() AC_CHECK_FUNCS(gai_strerror, AC_DEFINE(HAVE_GAI_STRERROR) -@@ -5651,6 +5687,7 @@ echo " BSD Auth support: $BSD_AUTH_MSG" +@@ -5624,6 +5660,7 @@ echo " BSD Auth support echo " Random number source: $RAND_MSG" echo " Privsep sandbox style: $SANDBOX_STYLE" echo " PKCS#11 support: $enable_pkcs11" @@ -156,10 +65,74 @@ echo " U2F/FIDO support: $enable_sk" echo "" -diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh -index 268a70d..72efa3b 100644 ---- a/regress/agent-pkcs11.sh -+++ b/regress/agent-pkcs11.sh +diff -up openssh-8.7p1/Makefile.in.pkcs11-uri openssh-8.7p1/Makefile.in +--- openssh-8.7p1/Makefile.in.pkcs11-uri 2021-08-30 13:07:43.571699324 +0200 ++++ openssh-8.7p1/Makefile.in 2021-08-30 13:07:43.663700096 +0200 +@@ -103,7 +103,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \ + ssh-ed25519-sk.o ssh-rsa.o dh.o \ + msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ +- ssh-pkcs11.o smult_curve25519_ref.o \ ++ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \ + poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \ + ssh-ed25519.o digest-openssl.o digest-libc.o \ + hmac.o ed25519.o hash.o \ +@@ -302,6 +302,8 @@ clean: regressclean + rm -f regress/unittests/sshsig/test_sshsig$(EXEEXT) + rm -f regress/unittests/utf8/*.o + rm -f regress/unittests/utf8/test_utf8$(EXEEXT) ++ rm -f regress/unittests/pkcs11/*.o ++ rm -f regress/unittests/pkcs11/test_pkcs11$(EXEEXT) + rm -f regress/misc/sk-dummy/*.o + rm -f regress/misc/sk-dummy/*.lo + rm -f regress/misc/sk-dummy/sk-dummy.so +@@ -339,6 +341,8 @@ distclean: regressclean + rm -f regress/unittests/sshsig/test_sshsig + rm -f regress/unittests/utf8/*.o + rm -f regress/unittests/utf8/test_utf8 ++ rm -f regress/unittests/pkcs11/*.o ++ rm -f regress/unittests/pkcs11/test_pkcs11 + rm -f regress/misc/sk-dummy/*.o + rm -f regress/misc/sk-dummy/*.lo + rm -f regress/misc/sk-dummy/sk-dummy.so +@@ -513,6 +517,7 @@ regress-prep: + $(MKDIR_P) `pwd`/regress/unittests/sshkey + $(MKDIR_P) `pwd`/regress/unittests/sshsig + $(MKDIR_P) `pwd`/regress/unittests/utf8 ++ $(MKDIR_P) `pwd`/regress/unittests/pkcs11 + $(MKDIR_P) `pwd`/regress/misc/sk-dummy + -f `pwd`/regress/Makefile || \ + ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile +@@ -677,6 +682,16 @@ regress/unittests/utf8/test_utf8$(EXEEXT + regress/unittests/test_helper/libtest_helper.a \ + -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) + ++UNITTESTS_TEST_PKCS11_OBJS=\ ++ regress/unittests/pkcs11/tests.o ++ ++regress/unittests/pkcs11/test_pkcs11$(EXEEXT): \ ++ ${UNITTESTS_TEST_PKCS11_OBJS} \ ++ regress/unittests/test_helper/libtest_helper.a libssh.a ++ $(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_PKCS11_OBJS) \ ++ regress/unittests/test_helper/libtest_helper.a \ ++ -lssh -lopenbsd-compat -lcrypto $(LIBS) ++ + # These all need to be compiled -fPIC, so they are treated differently. + SK_DUMMY_OBJS=\ + regress/misc/sk-dummy/sk-dummy.lo \ +@@ -711,7 +726,8 @@ regress-unit-binaries: regress-prep $(RE + regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \ + regress/unittests/sshkey/test_sshkey$(EXEEXT) \ + regress/unittests/sshsig/test_sshsig$(EXEEXT) \ +- regress/unittests/utf8/test_utf8$(EXEEXT) ++ regress/unittests/utf8/test_utf8$(EXEEXT) \ ++ regress/unittests/pkcs11/test_pkcs11$(EXEEXT) \ + + tests: file-tests t-exec interop-tests unit + echo all tests passed +diff -up openssh-8.7p1/regress/agent-pkcs11.sh.pkcs11-uri openssh-8.7p1/regress/agent-pkcs11.sh +--- openssh-8.7p1/regress/agent-pkcs11.sh.pkcs11-uri 2021-08-20 06:03:49.000000000 +0200 ++++ openssh-8.7p1/regress/agent-pkcs11.sh 2021-08-30 13:07:43.663700096 +0200 @@ -113,7 +113,7 @@ else done
View file
_service:tar_scm:openssh-8.7p1-ibmca.patch
Added
@@ -0,0 +1,12 @@ +Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-8.7p1-ibmca.patch +--- openssh-8.7p1/openbsd-compat/bsd-closefrom.c.orig 2022-04-12 15:47:03.815044607 +0200 ++++ openssh-8.7p1/openbsd-compat/bsd-closefrom.c 2022-04-12 15:48:12.464963511 +0200 +@@ -16,7 +16,7 @@ + + #include "includes.h" + +-#if !defined(HAVE_CLOSEFROM) || defined(BROKEN_CLOSEFROM) ++#if !defined(HAVE_CLOSEFROM) || defined(BROKEN_CLOSEFROM) || (defined __s390__) + + #include <sys/types.h> + #include <unistd.h>
View file
_service:tar_scm:openssh-8.7p1-minrsabits.patch
Added
@@ -0,0 +1,24 @@ +diff --git a/readconf.c b/readconf.c +index 7f26c680..42be690b 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -320,6 +320,7 @@ static struct { + { "securitykeyprovider", oSecurityKeyProvider }, + { "knownhostscommand", oKnownHostsCommand }, + { "requiredrsasize", oRequiredRSASize }, ++ { "rsaminsize", oRequiredRSASize }, /* alias */ + { "enableescapecommandline", oEnableEscapeCommandline }, + + { NULL, oBadOption } +diff --git a/servconf.c b/servconf.c +index 29df0463..423772b1 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -676,6 +680,7 @@ static struct { + { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, + { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, + { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, ++ { "rsaminsize", sRequiredRSASize, SSHCFG_ALL }, /* alias */ + { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, + { "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL }, + { NULL, sBadOption, 0 }
View file
_service:tar_scm:openssh-8.7p1-negotiate-supported-algs.patch
Added
@@ -0,0 +1,117 @@ +diff -up openssh-9.3p1/regress/hostkey-agent.sh.xxx openssh-9.3p1/regress/hostkey-agent.sh +--- openssh-9.3p1/regress/hostkey-agent.sh.xxx 2023-05-29 18:15:56.311236887 +0200 ++++ openssh-9.3p1/regress/hostkey-agent.sh 2023-05-29 18:16:07.598503551 +0200 +@@ -17,8 +17,21 @@ trace "make CA key" + + ${SSHKEYGEN} -qt ed25519 -f $OBJ/agent-ca -N '' || fatal "ssh-keygen CA" + ++PUBKEY_ACCEPTED_ALGOS=`$SSH -G "example.com" | \ ++ grep -i "PubkeyAcceptedAlgorithms" | cut -d ' ' -f2- | tr "," "|"` ++SSH_ACCEPTED_KEYTYPES=`echo "$SSH_KEYTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"` ++echo $PUBKEY_ACCEPTED_ALGOS | grep "rsa" ++r=$? ++if $r == 0 ; then ++echo $SSH_ACCEPTED_KEYTYPES | grep "rsa" ++r=$? ++if $r -ne 0 ; then ++SSH_ACCEPTED_KEYTYPES="$SSH_ACCEPTED_KEYTYPES ssh-rsa" ++fi ++fi ++ + trace "load hostkeys" +-for k in $SSH_KEYTYPES ; do ++for k in $SSH_ACCEPTED_KEYTYPES ; do + ${SSHKEYGEN} -qt $k -f $OBJ/agent-key.$k -N '' || fatal "ssh-keygen $k" + ${SSHKEYGEN} -s $OBJ/agent-ca -qh -n localhost-with-alias \ + -I localhost-with-alias $OBJ/agent-key.$k.pub || \ +@@ -32,12 +48,16 @@ rm $OBJ/agent-ca # Don't need CA private + + unset SSH_AUTH_SOCK + +-for k in $SSH_KEYTYPES ; do ++for k in $SSH_ACCEPTED_KEYTYPES ; do + verbose "key type $k" ++ hka=$k ++ if $k = "ssh-rsa" ; then ++ hka="rsa-sha2-512" ++ fi + cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy +- echo "HostKeyAlgorithms $k" >> $OBJ/sshd_proxy ++ echo "HostKeyAlgorithms $hka" >> $OBJ/sshd_proxy + echo "Hostkey $OBJ/agent-key.${k}" >> $OBJ/sshd_proxy +- opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" ++ opts="-oHostKeyAlgorithms=$hka -F $OBJ/ssh_proxy" + ( printf 'localhost-with-alias,127.0.0.1,::1 ' ; + cat $OBJ/agent-key.$k.pub) > $OBJ/known_hosts + SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` +@@ -50,15 +70,16 @@ for k in $SSH_KEYTYPES ; do + done + + SSH_CERTTYPES=`ssh -Q key-sig | grep 'cert-v01@openssh.com'` ++SSH_ACCEPTED_CERTTYPES=`echo "$SSH_CERTTYPES" | egrep "$PUBKEY_ACCEPTED_ALGOS"` + + # Prepare sshd_proxy for certificates. + cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy + HOSTKEYALGS="" +-for k in $SSH_CERTTYPES ; do ++for k in $SSH_ACCEPTED_CERTTYPES ; do + test -z "$HOSTKEYALGS" || HOSTKEYALGS="${HOSTKEYALGS}," + HOSTKEYALGS="${HOSTKEYALGS}${k}" + done +-for k in $SSH_KEYTYPES ; do ++for k in $SSH_ACCEPTED_KEYTYPES ; do + echo "Hostkey $OBJ/agent-key.${k}.pub" >> $OBJ/sshd_proxy + echo "HostCertificate $OBJ/agent-key.${k}-cert.pub" >> $OBJ/sshd_proxy + test -f $OBJ/agent-key.${k}.pub || fatal "no $k key" +@@ -70,7 +93,7 @@ echo "HostKeyAlgorithms $HOSTKEYALGS" >> + ( printf '@cert-authority localhost-with-alias ' ; + cat $OBJ/agent-ca.pub) > $OBJ/known_hosts + +-for k in $SSH_CERTTYPES ; do ++for k in $SSH_ACCEPTED_CERTTYPES ; do + verbose "cert type $k" + opts="-oHostKeyAlgorithms=$k -F $OBJ/ssh_proxy" + SSH_CONNECTION=`${SSH} $opts host 'echo $SSH_CONNECTION'` +diff -up openssh-9.3p1/sshconnect2.c.xxx openssh-9.3p1/sshconnect2.c +--- openssh-9.3p1/sshconnect2.c.xxx 2023-04-26 17:37:35.100827792 +0200 ++++ openssh-9.3p1/sshconnect2.c 2023-04-26 17:50:31.860748877 +0200 +@@ -221,7 +221,7 @@ ssh_kex2(struct ssh *ssh, char *host, st + const struct ssh_conn_info *cinfo) + { + char *myproposalPROPOSAL_MAX; +- char *s, *all_key, *hkalgs = NULL; ++ char *s, *all_key, *hkalgs = NULL, *filtered_algs = NULL; + int r, use_known_hosts_order = 0; + + #if defined(GSSAPI) && defined(WITH_OPENSSL) +@@ -260,9 +260,21 @@ ssh_kex2(struct ssh *ssh, char *host, st + if (use_known_hosts_order) + hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo); + ++ filtered_algs = hkalgs ? match_filter_allowlist(hkalgs, options.pubkey_accepted_algos) ++ : match_filter_allowlist(options.hostkeyalgorithms, ++ options.pubkey_accepted_algos); ++ if (filtered_algs == NULL) { ++ if (hkalgs) ++ fatal_f("No match between algorithms for %s (host %s) and pubkey accepted algorithms %s", ++ hkalgs, host, options.pubkey_accepted_algos); ++ else ++ fatal_f("No match between host key algorithms %s and pubkey accepted algorithms %s", ++ options.hostkeyalgorithms, options.pubkey_accepted_algos); ++ } ++ + kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers, + options.macs, compression_alg_list(options.compression), +- hkalgs ? hkalgs : options.hostkeyalgorithms); ++ filtered_algs); + + #if defined(GSSAPI) && defined(WITH_OPENSSL) + if (options.gss_keyex) { +@@ -303,6 +315,7 @@ ssh_kex2(struct ssh *ssh, char *host, st + #endif + + free(hkalgs); ++ free(filtered_algs); + + /* start key exchange */ + if ((r = kex_setup(ssh, myproposal)) != 0)
View file
_service:tar_scm:openssh-8.7p1-recursive-scp.patch
Added
@@ -0,0 +1,181 @@ +diff -up openssh-8.7p1/scp.c.scp-sftpdirs openssh-8.7p1/scp.c +--- openssh-8.7p1/scp.c.scp-sftpdirs 2022-02-07 12:31:07.407740407 +0100 ++++ openssh-8.7p1/scp.c 2022-02-07 12:31:07.409740424 +0100 +@@ -1324,7 +1324,7 @@ source_sftp(int argc, char *src, char *t + + if (src_is_dir && iamrecursive) { + if (upload_dir(conn, src, abs_dst, pflag, +- SFTP_PROGRESS_ONLY, 0, 0, 1, 1) != 0) { ++ SFTP_PROGRESS_ONLY, 0, 0, 1, 1, 1) != 0) { + error("failed to upload directory %s to %s", src, targ); + errs = 1; + } +diff -up openssh-8.7p1/sftp-client.c.scp-sftpdirs openssh-8.7p1/sftp-client.c +--- openssh-8.7p1/sftp-client.c.scp-sftpdirs 2021-08-20 06:03:49.000000000 +0200 ++++ openssh-8.7p1/sftp-client.c 2022-02-07 12:47:59.117516131 +0100 +@@ -971,7 +971,7 @@ do_fsetstat(struct sftp_conn *conn, cons + + /* Implements both the realpath and expand-path operations */ + static char * +-do_realpath_expand(struct sftp_conn *conn, const char *path, int expand) ++do_realpath_expand(struct sftp_conn *conn, const char *path, int expand, int create_dir) + { + struct sshbuf *msg; + u_int expected_id, count, id; +@@ -1033,11 +1033,43 @@ do_realpath_expand(struct sftp_conn *con + if ((r = sshbuf_get_u32(msg, &status)) != 0 || + (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0) + fatal_fr(r, "parse status"); +- error("%s %s: %s", expand ? "expand" : "realpath", +- path, *errmsg == '\0' ? fx2txt(status) : errmsg); +- free(errmsg); +- sshbuf_free(msg); +- return NULL; ++ if ((status == SSH2_FX_NO_SUCH_FILE) && create_dir) { ++ memset(&a, '\0', sizeof(a)); ++ if ((r = do_mkdir(conn, path, &a, 0)) != 0) { ++ sshbuf_free(msg); ++ return NULL; ++ } ++ debug2("Sending SSH2_FXP_REALPATH \"%s\" - create dir", path); ++ send_string_request(conn, id, SSH2_FXP_REALPATH, ++ path, strlen(path)); ++ ++ get_msg(conn, msg); ++ if ((r = sshbuf_get_u8(msg, &type)) != 0 || ++ (r = sshbuf_get_u32(msg, &id)) != 0) ++ fatal_fr(r, "parse"); ++ ++ if (id != expected_id) ++ fatal("ID mismatch (%u != %u)", id, expected_id); ++ ++ if (type == SSH2_FXP_STATUS) { ++ free(errmsg); ++ ++ if ((r = sshbuf_get_u32(msg, &status)) != 0 || ++ (r = sshbuf_get_cstring(msg, &errmsg, NULL)) != 0) ++ fatal_fr(r, "parse status"); ++ error("%s %s: %s", expand ? "expand" : "realpath", ++ path, *errmsg == '\0' ? fx2txt(status) : errmsg); ++ free(errmsg); ++ sshbuf_free(msg); ++ return NULL; ++ } ++ } else { ++ error("%s %s: %s", expand ? "expand" : "realpath", ++ path, *errmsg == '\0' ? fx2txt(status) : errmsg); ++ free(errmsg); ++ sshbuf_free(msg); ++ return NULL; ++ } + } else if (type != SSH2_FXP_NAME) + fatal("Expected SSH2_FXP_NAME(%u) packet, got %u", + SSH2_FXP_NAME, type); +@@ -1039,9 +1067,9 @@ do_realpath_expand(struct sftp_conn *con + } + + char * +-do_realpath(struct sftp_conn *conn, const char *path) ++do_realpath(struct sftp_conn *conn, const char *path, int create_dir) + { +- return do_realpath_expand(conn, path, 0); ++ return do_realpath_expand(conn, path, 0, create_dir); + } + + int +@@ -1055,9 +1083,9 @@ do_expand_path(struct sftp_conn *conn, c + { + if (!can_expand_path(conn)) { + debug3_f("no server support, fallback to realpath"); +- return do_realpath_expand(conn, path, 0); ++ return do_realpath_expand(conn, path, 0, 0); + } +- return do_realpath_expand(conn, path, 1); ++ return do_realpath_expand(conn, path, 1, 0); + } + + int +@@ -1807,7 +1835,7 @@ download_dir(struct sftp_conn *conn, con + char *src_canon; + int ret; + +- if ((src_canon = do_realpath(conn, src)) == NULL) { ++ if ((src_canon = do_realpath(conn, src, 0)) == NULL) { + error("download \"%s\": path canonicalization failed", src); + return -1; + } +@@ -2115,12 +2143,12 @@ upload_dir_internal(struct sftp_conn *co + int + upload_dir(struct sftp_conn *conn, const char *src, const char *dst, + int preserve_flag, int print_flag, int resume, int fsync_flag, +- int follow_link_flag, int inplace_flag) ++ int follow_link_flag, int inplace_flag, int create_dir) + { + char *dst_canon; + int ret; + +- if ((dst_canon = do_realpath(conn, dst)) == NULL) { ++ if ((dst_canon = do_realpath(conn, dst, create_dir)) == NULL) { + error("upload \"%s\": path canonicalization failed", dst); + return -1; + } +@@ -2557,7 +2585,7 @@ crossload_dir(struct sftp_conn *from, st + char *from_path_canon; + int ret; + +- if ((from_path_canon = do_realpath(from, from_path)) == NULL) { ++ if ((from_path_canon = do_realpath(from, from_path, 0)) == NULL) { + error("crossload \"%s\": path canonicalization failed", + from_path); + return -1; +diff -up openssh-8.7p1/sftp-client.h.scp-sftpdirs openssh-8.7p1/sftp-client.h +--- openssh-8.7p1/sftp-client.h.scp-sftpdirs 2021-08-20 06:03:49.000000000 +0200 ++++ openssh-8.7p1/sftp-client.h 2022-02-07 12:31:07.410740433 +0100 +@@ -111,7 +111,7 @@ int do_fsetstat(struct sftp_conn *, cons + int do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a); + + /* Canonicalise 'path' - caller must free result */ +-char *do_realpath(struct sftp_conn *, const char *); ++char *do_realpath(struct sftp_conn *, const char *, int); + + /* Canonicalisation with tilde expansion (requires server extension) */ + char *do_expand_path(struct sftp_conn *, const char *); +@@ -159,7 +159,7 @@ int do_upload(struct sftp_conn *, const + * times if 'pflag' is set + */ + int upload_dir(struct sftp_conn *, const char *, const char *, +- int, int, int, int, int, int); ++ int, int, int, int, int, int, int); + + /* + * Download a 'from_path' from the 'from' connection and upload it to +diff -up openssh-8.7p1/sftp.c.scp-sftpdirs openssh-8.7p1/sftp.c +--- openssh-8.7p1/sftp.c.scp-sftpdirs 2021-08-20 06:03:49.000000000 +0200 ++++ openssh-8.7p1/sftp.c 2022-02-07 12:31:07.411740442 +0100 +@@ -760,7 +760,7 @@ process_put(struct sftp_conn *conn, cons + if (globpath_is_dir(g.gl_pathvi) && (rflag || global_rflag)) { + if (upload_dir(conn, g.gl_pathvi, abs_dst, + pflag || global_pflag, 1, resume, +- fflag || global_fflag, 0, 0) == -1) ++ fflag || global_fflag, 0, 0, 0) == -1) + err = -1; + } else { + if (do_upload(conn, g.gl_pathvi, abs_dst, +@@ -1577,7 +1577,7 @@ parse_dispatch_command(struct sftp_conn + if (path1 == NULL || *path1 == '\0') + path1 = xstrdup(startdir); + path1 = make_absolute(path1, *pwd); +- if ((tmp = do_realpath(conn, path1)) == NULL) { ++ if ((tmp = do_realpath(conn, path1, 0)) == NULL) { + err = 1; + break; + } +@@ -2160,7 +2160,7 @@ interactive_loop(struct sftp_conn *conn, + } + #endif /* USE_LIBEDIT */ + +- remote_path = do_realpath(conn, "."); ++ remote_path = do_realpath(conn, ".", 0); + if (remote_path == NULL) + fatal("Need cwd"); + startdir = xstrdup(remote_path);
View file
_service:tar_scm:openssh-8.7p1-scp-kill-switch.patch
Changed
@@ -13,8 +13,8 @@ --- openssh-8.7p1/scp.1.kill-scp 2021-09-16 12:09:02.646714578 +0200 +++ openssh-8.7p1/scp.1 2021-09-16 12:26:49.978628226 +0200 @@ -278,6 +278,13 @@ to print debugging messages about their - This is helpful in - debugging connection, authentication, and configuration problems. + By default a 32KB buffer is used. + .El .El +.Pp +Usage of SCP protocol can be blocked by creating a world-readable
View file
_service:tar_scm:openssh-8.7p1-ssh-manpage.patch
Added
@@ -0,0 +1,53 @@ +diff --color -ru a/ssh.1 b/ssh.1 +--- a/ssh.1 2022-07-12 11:47:51.307295880 +0200 ++++ b/ssh.1 2022-07-12 11:50:28.793363263 +0200 +@@ -493,6 +493,7 @@ + .It AddressFamily + .It BatchMode + .It BindAddress ++.It BindInterface + .It CanonicalDomains + .It CanonicalizeFallbackLocal + .It CanonicalizeHostname +@@ -510,6 +511,7 @@ + .It ControlPath + .It ControlPersist + .It DynamicForward ++.It EnableSSHKeysign + .It EnableEscapeCommandline + .It EscapeChar + .It ExitOnForwardFailure +@@ -538,6 +540,8 @@ + .It IdentitiesOnly + .It IdentityAgent + .It IdentityFile ++.It IgnoreUnknown ++.It Include + .It IPQoS + .It KbdInteractiveAuthentication + .It KbdInteractiveDevices +@@ -546,6 +550,7 @@ + .It LocalCommand + .It LocalForward + .It LogLevel ++.It LogVerbose + .It MACs + .It Match + .It NoHostAuthenticationForLocalhost +@@ -566,6 +571,8 @@ + .It RemoteCommand + .It RemoteForward + .It RequestTTY ++.It RevokedHostKeys ++.It SecurityKeyProvider + .It RequiredRSASize + .It SendEnv + .It ServerAliveInterval +@@ -575,6 +582,7 @@ + .It StreamLocalBindMask + .It StreamLocalBindUnlink + .It StrictHostKeyChecking ++.It SyslogFacility + .It TCPKeepAlive + .It Tunnel + .It TunnelDevice
View file
_service:tar_scm:openssh-9.3p1-merged-openssl-evp.patch
Added
@@ -0,0 +1,1228 @@ +diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/digest.h openssh-9.3p1-patched/digest.h +--- openssh-9.3p1/digest.h 2023-03-15 22:28:19.000000000 +0100 ++++ openssh-9.3p1-patched/digest.h 2023-06-06 15:52:25.602551466 +0200 +@@ -32,6 +32,12 @@ + struct sshbuf; + struct ssh_digest_ctx; + ++#ifdef WITH_OPENSSL ++#include <openssl/evp.h> ++/* Converts internal digest representation to the OpenSSL one */ ++const EVP_MD *ssh_digest_to_md(int digest_type); ++#endif ++ + /* Looks up a digest algorithm by name */ + int ssh_digest_alg_by_name(const char *name); + +diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/digest-openssl.c openssh-9.3p1-patched/digest-openssl.c +--- openssh-9.3p1/digest-openssl.c 2023-03-15 22:28:19.000000000 +0100 ++++ openssh-9.3p1-patched/digest-openssl.c 2023-06-06 15:52:25.601551454 +0200 +@@ -64,6 +64,22 @@ + { -1, NULL, 0, NULL }, + }; + ++const EVP_MD * ++ssh_digest_to_md(int digest_type) ++{ ++ switch (digest_type) { ++ case SSH_DIGEST_SHA1: ++ return EVP_sha1(); ++ case SSH_DIGEST_SHA256: ++ return EVP_sha256(); ++ case SSH_DIGEST_SHA384: ++ return EVP_sha384(); ++ case SSH_DIGEST_SHA512: ++ return EVP_sha512(); ++ } ++ return NULL; ++} ++ + static const struct ssh_digest * + ssh_digest_by_alg(int alg) + { +diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x config.status -x configure~ -x configure.ac openssh-9.3p1/ssh-dss.c openssh-9.3p1-patched/ssh-dss.c +--- openssh-9.3p1/ssh-dss.c 2023-03-15 22:28:19.000000000 +0100 ++++ openssh-9.3p1-patched/ssh-dss.c 2023-06-06 15:52:25.624551743 +0200 +@@ -32,6 +32,8 @@ + #include <openssl/bn.h> + #include <openssl/dsa.h> + #include <openssl/evp.h> ++#include <openssl/core_names.h> ++#include <openssl/param_build.h> + + #include <stdarg.h> + #include <string.h> +@@ -261,11 +263,15 @@ + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) + { ++ EVP_PKEY *pkey = NULL; + DSA_SIG *sig = NULL; + const BIGNUM *sig_r, *sig_s; +- u_char digestSSH_DIGEST_MAX_LENGTH, sigblobSIGBLOB_LEN; +- size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); ++ u_char sigblobSIGBLOB_LEN; ++ size_t rlen, slen; ++ int len; + struct sshbuf *b = NULL; ++ u_char *sigb = NULL; ++ const u_char *psig = NULL; + int ret = SSH_ERR_INVALID_ARGUMENT; + + if (lenp != NULL) +@@ -276,17 +282,23 @@ + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA) + return SSH_ERR_INVALID_ARGUMENT; +- if (dlen == 0) +- return SSH_ERR_INTERNAL_ERROR; + +- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, +- digest, sizeof(digest))) != 0) ++ if ((ret = ssh_create_evp_dss(key, &pkey)) != 0) ++ return ret; ++ ret = sshkey_calculate_signature(pkey, SSH_DIGEST_SHA1, &sigb, &len, ++ data, datalen); ++ EVP_PKEY_free(pkey); ++ if (ret < 0) { + goto out; ++ } + +- if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) { ++ psig = sigb; ++ if ((sig = d2i_DSA_SIG(NULL, &psig, len)) == NULL) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } ++ free(sigb); ++ sigb = NULL; + + DSA_SIG_get0(sig, &sig_r, &sig_s); + rlen = BN_num_bytes(sig_r); +@@ -319,7 +331,7 @@ + *lenp = len; + ret = 0; + out: +- explicit_bzero(digest, sizeof(digest)); ++ free(sigb); + DSA_SIG_free(sig); + sshbuf_free(b); + return ret; +@@ -331,20 +343,20 @@ + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) + { ++ EVP_PKEY *pkey = NULL; + DSA_SIG *dsig = NULL; + BIGNUM *sig_r = NULL, *sig_s = NULL; +- u_char digestSSH_DIGEST_MAX_LENGTH, *sigblob = NULL; +- size_t len, hlen = ssh_digest_bytes(SSH_DIGEST_SHA1); ++ u_char *sigblob = NULL; ++ size_t len, slen; + int ret = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + char *ktype = NULL; ++ u_char *sigb = NULL, *psig = NULL; + + if (key == NULL || key->dsa == NULL || + sshkey_type_plain(key->type) != KEY_DSA || + sig == NULL || siglen == 0) + return SSH_ERR_INVALID_ARGUMENT; +- if (hlen == 0) +- return SSH_ERR_INTERNAL_ERROR; + + /* fetch signature */ + if ((b = sshbuf_from(sig, siglen)) == NULL) +@@ -386,25 +398,28 @@ + } + sig_r = sig_s = NULL; /* transferred */ + +- /* sha1 the data */ +- if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, dlen, +- digest, sizeof(digest))) != 0) ++ if ((slen = i2d_DSA_SIG(dsig, NULL)) == 0) { ++ ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; +- +- switch (DSA_do_verify(digest, hlen, dsig, key->dsa)) { +- case 1: +- ret = 0; +- break; +- case 0: +- ret = SSH_ERR_SIGNATURE_INVALID; ++ } ++ if ((sigb = malloc(slen)) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; + goto out; +- default: ++ } ++ psig = sigb; ++ if ((slen = i2d_DSA_SIG(dsig, &psig)) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + ++ if ((ret = ssh_create_evp_dss(key, &pkey)) != 0) ++ goto out; ++ ret = sshkey_verify_signature(pkey, SSH_DIGEST_SHA1, data, dlen, ++ sigb, slen); ++ EVP_PKEY_free(pkey); ++ + out: +- explicit_bzero(digest, sizeof(digest)); ++ free(sigb); + DSA_SIG_free(dsig); + BN_clear_free(sig_r); + BN_clear_free(sig_s); +@@ -415,6 +430,65 @@ + return ret; + } + ++int ++ssh_create_evp_dss(const struct sshkey *k, EVP_PKEY **pkey) ++{ ++ OSSL_PARAM_BLD *param_bld = NULL; ++ EVP_PKEY_CTX *ctx = NULL; ++ const BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; ++ int ret = 0; ++ ++ if (k == NULL) ++ return SSH_ERR_INVALID_ARGUMENT; ++ if ((ctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) == NULL || ++ (param_bld = OSSL_PARAM_BLD_new()) == NULL) { ++ ret = SSH_ERR_ALLOC_FAIL; ++ goto out; ++ } ++ ++ DSA_get0_pqg(k->dsa, &p, &q, &g); ++ DSA_get0_key(k->dsa, &pub, &priv); ++
View file
_service:tar_scm:openssh-9.3p1-upstream-cve-2023-38408.patch
Added
@@ -0,0 +1,130 @@ +diff --git a/ssh-agent.c b/ssh-agent.c +index 618bb198..8ea831f4 100644 +diff -up openssh-9.3p1/ssh-agent.c.cve openssh-9.3p1/ssh-agent.c +--- openssh-9.3p1/ssh-agent.c.cve 2023-07-21 15:38:13.237276580 +0200 ++++ openssh-9.3p1/ssh-agent.c 2023-07-21 15:41:30.269943569 +0200 +@@ -169,6 +169,12 @@ char socket_dirPATH_MAX; + /* Pattern-list of allowed PKCS#11/Security key paths */ + static char *allowed_providers; + ++/* ++ * Allows PKCS11 providers or SK keys that use non-internal providers to ++ * be added over a remote connection (identified by session-bind@openssh.com). ++ */ ++static int remote_add_provider; ++ + /* locking */ + #define LOCK_SIZE 32 + #define LOCK_SALT_SIZE 16 +@@ -1228,6 +1234,12 @@ process_add_identity(SocketEntry *e) + if (strcasecmp(sk_provider, "internal") == 0) { + debug_f("internal provider"); + } else { ++ if (e->nsession_ids != 0 && !remote_add_provider) { ++ verbose("failed add of SK provider \"%.100s\": " ++ "remote addition of providers is disabled", ++ sk_provider); ++ goto out; ++ } + if (realpath(sk_provider, canonical_provider) == NULL) { + verbose("failed provider \"%.100s\": " + "realpath: %s", sk_provider, +@@ -1368,7 +1380,7 @@ no_identities(SocketEntry *e) + + #ifdef ENABLE_PKCS11 + static char * +-sanitize_pkcs11_provider(const char *provider) ++sanitize_pkcs11_provider(SocketEntry *e, const char *provider) + { + struct pkcs11_uri *uri = NULL; + char *sane_uri, *module_path = NULL; /* default path */ +@@ -1399,6 +1411,11 @@ sanitize_pkcs11_provider(const char *pro + module_path = strdup(provider); /* simple path */ + + if (module_path != NULL) { /* do not validate default NULL path in URI */ ++ if (e->nsession_ids != 0 && !remote_add_provider) { ++ verbose("failed PKCS#11 add of \"%.100s\": remote addition of " ++ "providers is disabled", provider); ++ return NULL; ++ } + if (realpath(module_path, canonical_provider) == NULL) { + verbose("failed PKCS#11 provider \"%.100s\": realpath: %s", + module_path, strerror(errno)); +@@ -1455,7 +1472,7 @@ process_add_smartcard_key(SocketEntry *e + goto send; + } + +- sane_uri = sanitize_pkcs11_provider(provider); ++ sane_uri = sanitize_pkcs11_provider(e, provider); + if (sane_uri == NULL) + goto send; + +@@ -1516,7 +1533,7 @@ process_remove_smartcard_key(SocketEntry + } + free(pin); + +- sane_uri = sanitize_pkcs11_provider(provider); ++ sane_uri = sanitize_pkcs11_provider(e, provider); + if (sane_uri == NULL) + goto send; + +@@ -2108,7 +2125,9 @@ main(int ac, char **av) + break; + case 'O': + if (strcmp(optarg, "no-restrict-websafe") == 0) +- restrict_websafe = 0; ++ restrict_websafe = 0; ++ else if (strcmp(optarg, "allow-remote-pkcs11") == 0) ++ remote_add_provider = 1; + else + fatal("Unknown -O option"); + break; +diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c +index 6be647ec..ebddf6c3 100644 +--- a/ssh-pkcs11.c ++++ b/ssh-pkcs11.c +@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin, + error("dlopen %s failed: %s", provider_module, dlerror()); + goto fail; + } +- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { +- error("dlsym(C_GetFunctionList) failed: %s", dlerror()); +- goto fail; +- } ++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) ++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); + + p->module->handle = handle; + /* setup the pkcs11 callbacks */ +--- a/ssh-agent.1 2023-03-15 22:28:19.000000000 +0100 ++++ b/ssh-agent.1 2023-07-19 21:39:17.981406432 +0200 +@@ -107,9 +107,27 @@ + .It Fl O Ar option + Specify an option when starting + .Nm . +-Currently only one option is supported: ++Currently two options are supported: ++.Cm allow-remote-pkcs11 ++and + .Cm no-restrict-websafe . +-This instructs ++.Pp ++The ++.Cm allow-remote-pkcs11 ++option allows clients of a forwarded ++.Nm ++to load PKCS#11 or FIDO provider libraries. ++By default only local clients may perform this operation. ++Note that signalling that a ++.Nm ++client remote is performed by ++.Xr ssh 1 , ++and use of other tools to forward access to the agent socket may circumvent ++this restriction. ++.Pp ++The ++.Cm no-restrict-websafe , ++instructs + .Nm + to permit signatures using FIDO keys that might be web authentication + requests.
View file
_service:tar_scm:pam_ssh_agent-configure-c99.patch
Added
@@ -0,0 +1,249 @@ +configure.ac: Improve C99 compatibility + +Future compilers will not support implicit declarations and implicit +ints by default. This means that configure probes which rely on them +will fail unconditionally, without actually testing anything. + +The changes mostly mirror what has been implemented in the openssh +repository, but had to be adapted somewhat because of drift between +the two versions of configure.ac. + +Sam James has submitted similar fixes upstream: + + <https://github.com/jbeverly/pam_ssh_agent_auth/pull/41> + +diff --git a/configure.ac b/configure.ac +index 6496679..d927b62 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -500,10 +500,10 @@ int main(void) { exit(0); } + AC_DEFINE(HAVE_BUNDLE, 1, Define if your system uses bundles instead of ELF shared objects) + AC_MSG_CHECKING(if we have working getaddrinfo) + AC_TRY_RUN(#include <mach-o/dyld.h> +-main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) +- exit(0); ++int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) ++ return 0; + else +- exit(1); ++ return 1; + }, AC_MSG_RESULT(working), + AC_MSG_RESULT(buggy) + AC_DEFINE(BROKEN_GETADDRINFO, 1, getaddrinfo is broken (if present)), +@@ -917,8 +917,8 @@ AC_SUBST(LDFLAGS_SHARED) + AC_MSG_CHECKING(compiler and flags for sanity) + AC_RUN_IFELSE( + AC_LANG_SOURCE( +-#include <stdio.h> +-int main(){exit(0);} ++#include <stdlib.h> ++int main(void){exit(0);} + ), + AC_MSG_RESULT(yes) , + +@@ -951,9 +951,9 @@ int main(int argc, char **argv) { + strncpy(buf,"/etc", 32); + s = dirname(buf); + if (!s || strncmp(s, "/", 32) != 0) { +- exit(1); ++ return 1; + } else { +- exit(0); ++ return 0; + } + } + ), +@@ -1102,7 +1102,7 @@ AC_RUN_IFELSE( + AC_LANG_SOURCE( + #include <sys/types.h> + #include <dirent.h> +-int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} ++int main(void){struct dirent d;return sizeof(d.d_name)<=sizeof(char);} + ), + AC_MSG_RESULT(yes), + +@@ -1327,8 +1327,10 @@ AC_CHECK_FUNCS(setresuid, + AC_MSG_CHECKING(if setresuid seems to work) + AC_RUN_IFELSE( + AC_LANG_SOURCE( ++#define _GNU_SOURCE + #include <stdlib.h> + #include <errno.h> ++#include <unistd.h> + int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} + ), + AC_MSG_RESULT(yes), +@@ -1344,8 +1346,10 @@ AC_CHECK_FUNCS(setresgid, + AC_MSG_CHECKING(if setresgid seems to work) + AC_RUN_IFELSE( + AC_LANG_SOURCE( ++#define _GNU_SOURCE + #include <stdlib.h> + #include <errno.h> ++#include <unistd.h> + int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} + ), + AC_MSG_RESULT(yes), +@@ -1384,7 +1388,7 @@ if test "x$ac_cv_func_snprintf" = "xyes" ; then + AC_RUN_IFELSE( + AC_LANG_SOURCE( + #include <stdio.h> +-int main(void){char b5;snprintf(b,5,"123456789");exit(b4!='\0');} ++int main(void){char b5;snprintf(b,5,"123456789");return b4!='\0';} + ), + AC_MSG_RESULT(yes), + +@@ -1418,7 +1422,7 @@ int x_snprintf(char *str,size_t count,const char *fmt,...) + int main(void) + { + char x1; +- exit(x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1); ++ return x_snprintf(x, 1, "%s %d", "hello", 12345) == 11 ? 0 : 1; + } ), + AC_MSG_RESULT(yes), + +@@ -1467,7 +1471,8 @@ AC_MSG_CHECKING(for (overly) strict mkstemp) + AC_RUN_IFELSE( + AC_LANG_SOURCE( + #include <stdlib.h> +-main() { char template="conftest.mkstemp-test"; ++#include <unistd.h> ++int main(void) { char template="conftest.mkstemp-test"; + if (mkstemp(template) == -1) + exit(1); + unlink(template); exit(0); +@@ -1492,10 +1497,14 @@ if test ! -z "$check_for_openpty_ctty_bug"; then + AC_MSG_CHECKING(if openpty correctly handles controlling tty) + AC_RUN_IFELSE( + AC_LANG_SOURCE( ++#include <stdlib.h> + #include <stdio.h> + #include <sys/fcntl.h> + #include <sys/types.h> + #include <sys/wait.h> ++#ifdef HAVE_PTY_H ++#include <pty.h> ++#endif + + int + main() +@@ -1543,6 +1552,7 @@ if test "x$ac_cv_func_getaddrinfo" = "xyes" && \ + AC_RUN_IFELSE( + AC_LANG_SOURCE( + #include <stdio.h> ++#include <stdlib.h> + #include <sys/socket.h> + #include <netdb.h> + #include <errno.h> +@@ -1748,6 +1758,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL, 1, + AC_MSG_CHECKING(OpenSSL header version) + AC_RUN_IFELSE( + AC_LANG_SOURCE( ++#include <stdlib.h> + #include <stdio.h> + #include <string.h> + #include <openssl/opensslv.h> +@@ -1794,12 +1805,12 @@ int main(void) { + + fd = fopen(DATA,"w"); + if(fd == NULL) +- exit(1); ++ return 1; + + if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0) +- exit(1); ++ return 1; + +- exit(0); ++ return 0; + } + ), + +@@ -1829,7 +1840,7 @@ AC_RUN_IFELSE( + AC_LANG_SOURCE( + #include <string.h> + #include <openssl/opensslv.h> +-int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ++int main(void) { return SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1; } + ), + + AC_MSG_RESULT(yes) +@@ -2598,7 +2609,7 @@ dnl test snprintf (broken on SCO w/gcc) + #include <stdio.h> + #include <string.h> + #ifdef HAVE_SNPRINTF +-main() ++int main(void) + { + char buf50; + char expected_out50; +@@ -2611,11 +2622,11 @@ main() + strcpy(expected_out, "9223372036854775807"); + snprintf(buf, mazsize, "%lld", num); + if(strcmp(buf, expected_out) != 0) +- exit(1); +- exit(0); ++ return 1; ++ return 0; + } + #else +-main() { exit(0); } ++int main(void) { return 0; } + #endif + ), true , AC_DEFINE(BROKEN_SNPRINTF) , + AC_MSG_WARN(cross compiling: Assuming working snprintf()) +@@ -2746,11 +2757,11 @@ AC_CACHE_CHECK(for msg_accrights field in struct msghdr, + int main() { + #ifdef msg_accrights + #error "msg_accrights is a macro" +-exit(1);
View file
_service:tar_scm:pam_ssh_agent_auth-0.10.4-rsasha2.patch
Added
@@ -0,0 +1,19 @@ +diff -up openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c +--- openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 2022-07-15 15:08:12.865585410 +0200 ++++ openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c 2022-07-15 15:16:25.164282372 +0200 +@@ -87,8 +87,13 @@ userauth_pubkey_from_id(const char *ruse + (r = sshbuf_put_string(b, pkblob, blen)) != 0) + fatal("%s: buffer error: %s", __func__, ssh_err(r)); + +- if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0) +- goto user_auth_clean_exit; ++ if (sshkey_type_plain(id->key->type) == KEY_RSA ++ && ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), "rsa-sha2-256", 0) == 0) { ++ /* Do nothing */ ++ } else { ++ if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0) ++ goto user_auth_clean_exit; ++ } + + /* test for correct signature */ + if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)
View file
_service:tar_scm:openssh-9.1p1.tar.gz.asc
Deleted
@@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmM6+qUACgkQKj9BTnNg -YLqLSxAAi+hmachTcy9O2GNbCq4uPFlFqQ8hjZ697nhNvkIJtrtc2WSIg17ImN4E -3ucWQLEqbytwsj67J1UFC4NyOmGo2mfsZ3BEDsgkkd0Tp2YO7UhkrVzTD0l0Wl7/ -qe0biPaYOLFptL+88wC3OdamNkWgHAtSYBizgHK4k2uEtLYsEXuC+0nnfqykL2vq -UEB3MZ7C00JYmBVHFfMjtmGmt+Z3ahv5LSzFsj//c6hwkhdJHtv/V4UlCIVrrMdG -XyTumREl+y5zuP5oGxsRU/LZNo7ncXYDUg2qE/FpR4o8giF9d1fm/aHuAmr+g03E -Ev3uUcrgA+Kq95bbv7ubtO2JxFnuzUmJkUy6SNIcE1o4naxGejxlEw7nvtvf7auV -BPqomw1yOWyQzbhXtD18OiSi1IJMXyDCei9HcsO+oM3aq8YQc9Bsed7UPhA36e6b -GjuAIOPtee+JqxDj3psN39G+y4YUcxSPqC4gKL8cKfImbP2DlSoHPmZ1fDf/pKPj -hWdNiA+a+KzsXR2fjBWMeUIkSvx2BYZC9NKFS/zN4X86jEdyOJtQJ4WQcIvekLIA -Z/yP6UrzM+2jYYqix4PBocP1utEakFDYfLPJu0G2pK9meU4dz6EzNUT7J3daF2h7 -eaibQUZ0+wg+sI+MPys3INcqcKwv/5OVDl6wi7g2iNOdOII49VM= -=xfW+ ------END PGP SIGNATURE-----
View file
_service:tar_scm:openssh-9.1p1.tar.gz/fe25519.c
Deleted
@@ -1,337 +0,0 @@ -/* $OpenBSD: fe25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c - */ - -#include "includes.h" - -#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ -#define WINDOWMASK ((1<<WINDOWSIZE)-1) - -#include "fe25519.h" - -static crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - crypto_uint32 x = a ^ b; /* 0: yes; 1..65535: no */ - x -= 1; /* 4294967295: yes; 0..65534: no */ - x >>= 31; /* 1: yes; 0: no */ - return x; -} - -static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - unsigned int x = a; - x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ - x >>= 31; /* 0: yes; 1: no */ - x ^= 1; /* 1: yes; 0: no */ - return x; -} - -static crypto_uint32 times19(crypto_uint32 a) -{ - return (a << 4) + (a << 1) + a; -} - -static crypto_uint32 times38(crypto_uint32 a) -{ - return (a << 5) + (a << 2) + (a << 1); -} - -static void reduce_add_sub(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<4;rep++) - { - t = r->v31 >> 7; - r->v31 &= 127; - t = times19(t); - r->v0 += t; - for(i=0;i<31;i++) - { - t = r->vi >> 8; - r->vi+1 += t; - r->vi &= 255; - } - } -} - -static void reduce_mul(fe25519 *r) -{ - crypto_uint32 t; - int i,rep; - - for(rep=0;rep<2;rep++) - { - t = r->v31 >> 7; - r->v31 &= 127; - t = times19(t); - r->v0 += t; - for(i=0;i<31;i++) - { - t = r->vi >> 8; - r->vi+1 += t; - r->vi &= 255; - } - } -} - -/* reduction modulo 2^255-19 */ -void fe25519_freeze(fe25519 *r) -{ - int i; - crypto_uint32 m = equal(r->v31,127); - for(i=30;i>0;i--) - m &= equal(r->vi,255); - m &= ge(r->v0,237); - - m = -m; - - r->v31 -= m&127; - for(i=30;i>0;i--) - r->vi -= m&255; - r->v0 -= m&237; -} - -void fe25519_unpack(fe25519 *r, const unsigned char x32) -{ - int i; - for(i=0;i<32;i++) r->vi = xi; - r->v31 &= 127; -} - -/* Assumes input x being reduced below 2^255 */ -void fe25519_pack(unsigned char r32, const fe25519 *x) -{ - int i; - fe25519 y = *x; - fe25519_freeze(&y); - for(i=0;i<32;i++) - ri = y.vi; -} - -int fe25519_iszero(const fe25519 *x) -{ - int i; - int r; - fe25519 t = *x; - fe25519_freeze(&t); - r = equal(t.v0,0); - for(i=1;i<32;i++) - r &= equal(t.vi,0); - return r; -} - -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y) -{ - int i; - fe25519 t1 = *x; - fe25519 t2 = *y; - fe25519_freeze(&t1); - fe25519_freeze(&t2); - for(i=0;i<32;i++) - if(t1.vi != t2.vi) return 0; - return 1; -} - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b) -{ - int i; - crypto_uint32 mask = b; - mask = -mask; - for(i=0;i<32;i++) r->vi ^= mask & (x->vi ^ r->vi); -} - -unsigned char fe25519_getparity(const fe25519 *x) -{ - fe25519 t = *x; - fe25519_freeze(&t); - return t.v0 & 1; -} - -void fe25519_setone(fe25519 *r) -{ - int i; - r->v0 = 1; - for(i=1;i<32;i++) r->vi=0; -} - -void fe25519_setzero(fe25519 *r) -{ - int i; - for(i=0;i<32;i++) r->vi=0; -} - -void fe25519_neg(fe25519 *r, const fe25519 *x) -{ - fe25519 t; - int i; - for(i=0;i<32;i++) t.vi=x->vi; - fe25519_setzero(r); - fe25519_sub(r, r, &t); -} - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - for(i=0;i<32;i++) r->vi = x->vi + y->vi; - reduce_add_sub(r); -} - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i; - crypto_uint32 t32; - t0 = x->v0 + 0x1da; - t31 = x->v31 + 0xfe; - for(i=1;i<31;i++) ti = x->vi + 0x1fe; - for(i=0;i<32;i++) r->vi = ti - y->vi; - reduce_add_sub(r); -} - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) -{ - int i,j; - crypto_uint32 t63;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/fe25519.h
Deleted
@@ -1,70 +0,0 @@ -/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h - */ - -#ifndef FE25519_H -#define FE25519_H - -#include "crypto_api.h" - -#define fe25519 crypto_sign_ed25519_ref_fe25519 -#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze -#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack -#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack -#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero -#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime -#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov -#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone -#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero -#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg -#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity -#define fe25519_add crypto_sign_ed25519_ref_fe25519_add -#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub -#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul -#define fe25519_square crypto_sign_ed25519_ref_fe25519_square -#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert -#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 - -typedef struct -{ - crypto_uint32 v32; -} -fe25519; - -void fe25519_freeze(fe25519 *r); - -void fe25519_unpack(fe25519 *r, const unsigned char x32); - -void fe25519_pack(unsigned char r32, const fe25519 *x); - -int fe25519_iszero(const fe25519 *x); - -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); - -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); - -void fe25519_setone(fe25519 *r); - -void fe25519_setzero(fe25519 *r); - -void fe25519_neg(fe25519 *r, const fe25519 *x); - -unsigned char fe25519_getparity(const fe25519 *x); - -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); - -void fe25519_square(fe25519 *r, const fe25519 *x); - -void fe25519_invert(fe25519 *r, const fe25519 *x); - -void fe25519_pow2523(fe25519 *r, const fe25519 *x); - -#endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ge25519.c
Deleted
@@ -1,321 +0,0 @@ -/* $OpenBSD: ge25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c - */ - -#include "includes.h" - -#include "fe25519.h" -#include "sc25519.h" -#include "ge25519.h" - -/* - * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 - * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 - * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); - */ - -/* d */ -static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, - 0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}}; -/* 2*d */ -static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, - 0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}}; -/* sqrt(-1) */ -static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, - 0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}}; - -#define ge25519_p3 ge25519 - -typedef struct -{ - fe25519 x; - fe25519 z; - fe25519 y; - fe25519 t; -} ge25519_p1p1; - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; -} ge25519_p2; - -typedef struct -{ - fe25519 x; - fe25519 y; -} ge25519_aff; - - -/* Packed coordinates of the base point */ -const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, - 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}}, - {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, - 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}}; - -/* Multiples of the base point in affine representation */ -static const ge25519_aff ge25519_base_multiples_affine425 = { -#include "ge25519_base.data" -}; - -static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) -{ - fe25519_mul(&r->x, &p->x, &p->t); - fe25519_mul(&r->y, &p->y, &p->z); - fe25519_mul(&r->z, &p->z, &p->t); -} - -static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) -{ - p1p1_to_p2((ge25519_p2 *)r, p); - fe25519_mul(&r->t, &p->x, &p->y); -} - -static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q) -{ - fe25519 a,b,t1,t2,c,d,e,f,g,h,qt; - fe25519_mul(&qt, &q->x, &q->y); - fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */ - fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */ - fe25519_sub(&t1, &q->y, &q->x); - fe25519_add(&t2, &q->y, &q->x); - fe25519_mul(&a, &a, &t1); - fe25519_mul(&b, &b, &t2); - fe25519_sub(&e, &b, &a); /* E = B-A */ - fe25519_add(&h, &b, &a); /* H = B+A */ - fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */ - fe25519_mul(&c, &c, &ge25519_ec2d); - fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */ - fe25519_sub(&f, &d, &c); /* F = D-C */ - fe25519_add(&g, &d, &c); /* G = D+C */ - fe25519_mul(&r->x, &e, &f); - fe25519_mul(&r->y, &h, &g); - fe25519_mul(&r->z, &g, &f); - fe25519_mul(&r->t, &e, &h); -} - -static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) -{ - fe25519 a, b, c, d, t; - - fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */ - fe25519_sub(&t, &q->y, &q->x); - fe25519_mul(&a, &a, &t); - fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */ - fe25519_add(&t, &q->x, &q->y); - fe25519_mul(&b, &b, &t); - fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */ - fe25519_mul(&c, &c, &ge25519_ec2d); - fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */ - fe25519_add(&d, &d, &d); - fe25519_sub(&r->x, &b, &a); /* E = B-A */ - fe25519_sub(&r->t, &d, &c); /* F = D-C */ - fe25519_add(&r->z, &d, &c); /* G = D+C */ - fe25519_add(&r->y, &b, &a); /* H = B+A */ -} - -/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */ -static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) -{ - fe25519 a,b,c,d; - fe25519_square(&a, &p->x); - fe25519_square(&b, &p->y); - fe25519_square(&c, &p->z); - fe25519_add(&c, &c, &c); - fe25519_neg(&d, &a); - - fe25519_add(&r->x, &p->x, &p->y); - fe25519_square(&r->x, &r->x); - fe25519_sub(&r->x, &r->x, &a); - fe25519_sub(&r->x, &r->x, &b); - fe25519_add(&r->z, &d, &b); - fe25519_sub(&r->t, &r->z, &c); - fe25519_sub(&r->y, &d, &b); -} - -/* Constant-time version of: if(b) r = p */ -static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b) -{ - fe25519_cmov(&r->x, &p->x, b); - fe25519_cmov(&r->y, &p->y, b); -} - -static unsigned char equal(signed char b,signed char c) -{ - unsigned char ub = b; - unsigned char uc = c; - unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ - crypto_uint32 y = x; /* 0: yes; 1..255: no */ - y -= 1; /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ - return y; -} - -static unsigned char negative(signed char b) -{ - unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ - x >>= 63; /* 1: yes; 0: no */ - return x; -} - -static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b) -{ - /* constant time */ - fe25519 v; - *t = ge25519_base_multiples_affine5*pos+0; - cmov_aff(t, &ge25519_base_multiples_affine5*pos+1,equal(b,1) | equal(b,-1)); - cmov_aff(t, &ge25519_base_multiples_affine5*pos+2,equal(b,2) | equal(b,-2)); - cmov_aff(t, &ge25519_base_multiples_affine5*pos+3,equal(b,3) | equal(b,-3)); - cmov_aff(t, &ge25519_base_multiples_affine5*pos+4,equal(b,-4)); - fe25519_neg(&v, &t->x); - fe25519_cmov(&t->x, &v, negative(b)); -} - -static void setneutral(ge25519 *r) -{ - fe25519_setzero(&r->x); - fe25519_setone(&r->y); - fe25519_setone(&r->z); - fe25519_setzero(&r->t); -} - -/* ******************************************************************** - * EXPORTED FUNCTIONS - ******************************************************************** */ - -/* return 0 on success, -1 otherwise */ -int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p32) -{ - unsigned char par; - fe25519 t, chk, num, den, den2, den4, den6;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ge25519.h
Deleted
@@ -1,43 +0,0 @@ -/* $OpenBSD: ge25519.h,v 1.4 2015/02/16 18:26:26 miod Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h - */ - -#ifndef GE25519_H -#define GE25519_H - -#include "fe25519.h" -#include "sc25519.h" - -#define ge25519 crypto_sign_ed25519_ref_ge25519 -#define ge25519_base crypto_sign_ed25519_ref_ge25519_base -#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime -#define ge25519_pack crypto_sign_ed25519_ref_pack -#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime -#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime -#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base - -typedef struct -{ - fe25519 x; - fe25519 y; - fe25519 z; - fe25519 t; -} ge25519; - -extern const ge25519 ge25519_base; - -int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p32); - -void ge25519_pack(unsigned char r32, const ge25519 *p); - -int ge25519_isneutral_vartime(const ge25519 *p); - -void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2); - -void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); - -#endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ge25519_base.data
Deleted
@@ -1,858 +0,0 @@ -/* $OpenBSD: ge25519_base.data,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519_base.data - */ - -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} , - {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}}, -{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} , - {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}}, -{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} , - {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}}, -{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} , - {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} , - {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}}, -{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} , - {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}}, -{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} , - {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}}, -{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} , - {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} , - {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}}, -{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} , - {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}}, -{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} , - {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}}, -{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} , - {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} , - {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}}, -{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} , - {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}}, -{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} , - {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}}, -{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} , - {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} , - {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}}, -{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} , - {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}}, -{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} , - {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}}, -{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} , - {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} , - {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}}, -{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} , - {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}}, -{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} , - {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}}, -{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} , - {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} , - {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}}, -{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} , - {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}}, -{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} , - {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}}, -{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} , - {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} , - {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}}, -{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} , - {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}}, -{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} , - {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}}, -{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} , - {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} , - {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}}, -{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} , - {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}}, -{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} , - {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}}, -{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} , - {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} , - {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}}, -{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} , - {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}}, -{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} , - {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}}, -{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} , - {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} , - {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}}, -{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} , - {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}}, -{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} , - {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}}, -{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} , - {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} , - {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}}, -{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} , - {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}}, -{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} , - {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}}, -{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} , - {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} , - {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}}, -{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} , - {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}}, -{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} , - {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}}, -{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} , - {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} , - {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}}, -{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} , - {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}}, -{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} , - {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}}, -{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} , - {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} , - {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}}, -{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} , - {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}}, -{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} , - {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}}, -{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} , - {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} , - {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}}, -{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} , - {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}}, -{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} , - {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}}, -{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} , - {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} , - {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}}, -{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} , - {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}}, -{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} , - {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}}, -{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} , - {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} , - {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}}, -{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} , - {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}}, -{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} , - {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}}, -{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} , - {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, - {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}}, -{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} , - {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}}, -{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} , - {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}}, -{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} , - {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}}, -{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} , - {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}}, -{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/sshd-log-wrapper.sh
Deleted
@@ -1,12 +0,0 @@ -#!/bin/sh -# $OpenBSD: sshd-log-wrapper.sh,v 1.5 2022/01/04 08:38:53 dtucker Exp $ -# Placed in the Public Domain. -# -# simple wrapper for sshd proxy mode to catch stderr output -# sh sshd-log-wrapper.sh /path/to/logfile /path/to/sshd args... - -log=$1 -shift - -echo "Executing: $@" >>$log -exec "$@" -E$log
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sc25519.c
Deleted
@@ -1,308 +0,0 @@ -/* $OpenBSD: sc25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c - */ - -#include "includes.h" - -#include "sc25519.h" - -/*Arithmetic modulo the group order m = 2^252 + 27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */ - -static const crypto_uint32 m32 = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10}; - -static const crypto_uint32 mu33 = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, - 0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F}; - -static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ -{ - unsigned int x = a; - x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */ - x >>= 31; /* 0: no; 1: yes */ - return x; -} - -/* Reduce coefficients of r before calling reduce_add_sub */ -static void reduce_add_sub(sc25519 *r) -{ - crypto_uint32 pb = 0; - crypto_uint32 b; - crypto_uint32 mask; - int i; - unsigned char t32; - - for(i=0;i<32;i++) - { - pb += mi; - b = lt(r->vi,pb); - ti = r->vi-pb+(b<<8); - pb = b; - } - mask = b - 1; - for(i=0;i<32;i++) - r->vi ^= mask & (r->vi ^ ti); -} - -/* Reduce coefficients of x before calling barrett_reduce */ -static void barrett_reduce(sc25519 *r, const crypto_uint32 x64) -{ - /* See HAC, Alg. 14.42 */ - int i,j; - crypto_uint32 q266; - crypto_uint32 *q3 = q2 + 33; - crypto_uint32 r133; - crypto_uint32 r233; - crypto_uint32 carry; - crypto_uint32 pb = 0; - crypto_uint32 b; - - for (i = 0;i < 66;++i) q2i = 0; - for (i = 0;i < 33;++i) r2i = 0; - - for(i=0;i<33;i++) - for(j=0;j<33;j++) - if(i+j >= 31) q2i+j += mui*xj+31; - carry = q231 >> 8; - q232 += carry; - carry = q232 >> 8; - q233 += carry; - - for(i=0;i<33;i++)r1i = xi; - for(i=0;i<32;i++) - for(j=0;j<33;j++) - if(i+j < 33) r2i+j += mi*q3j; - - for(i=0;i<32;i++) - { - carry = r2i >> 8; - r2i+1 += carry; - r2i &= 0xff; - } - - for(i=0;i<32;i++) - { - pb += r2i; - b = lt(r1i,pb); - r->vi = r1i-pb+(b<<8); - pb = b; - } - - /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 - * If so: Handle it here! - */ - - reduce_add_sub(r); - reduce_add_sub(r); -} - -void sc25519_from32bytes(sc25519 *r, const unsigned char x32) -{ - int i; - crypto_uint32 t64; - for(i=0;i<32;i++) ti = xi; - for(i=32;i<64;++i) ti = 0; - barrett_reduce(r, t); -} - -void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x16) -{ - int i; - for(i=0;i<16;i++) r->vi = xi; -} - -void sc25519_from64bytes(sc25519 *r, const unsigned char x64) -{ - int i; - crypto_uint32 t64; - for(i=0;i<64;i++) ti = xi; - barrett_reduce(r, t); -} - -void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x) -{ - int i; - for(i=0;i<16;i++) - r->vi = x->vi; - for(i=0;i<16;i++) - r->v16+i = 0; -} - -void sc25519_to32bytes(unsigned char r32, const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) ri = x->vi; -} - -int sc25519_iszero_vartime(const sc25519 *x) -{ - int i; - for(i=0;i<32;i++) - if(x->vi != 0) return 0; - return 1; -} - -int sc25519_isshort_vartime(const sc25519 *x) -{ - int i; - for(i=31;i>15;i--) - if(x->vi != 0) return 0; - return 1; -} - -int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y) -{ - int i; - for(i=31;i>=0;i--) - { - if(x->vi < y->vi) return 1; - if(x->vi > y->vi) return 0; - } - return 0; -} - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i, carry; - for(i=0;i<32;i++) r->vi = x->vi + y->vi; - for(i=0;i<31;i++) - { - carry = r->vi >> 8; - r->vi+1 += carry; - r->vi &= 0xff; - } - reduce_add_sub(r); -} - -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - crypto_uint32 b = 0; - crypto_uint32 t; - int i; - for(i=0;i<32;i++) - { - t = x->vi - y->vi - b; - r->vi = t & 255; - b = (t >> 8) & 1; - } -} - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y) -{ - int i,j,carry; - crypto_uint32 t64; - for(i=0;i<64;i++)ti = 0; - - for(i=0;i<32;i++)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sc25519.h
Deleted
@@ -1,80 +0,0 @@ -/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h - */ - -#ifndef SC25519_H -#define SC25519_H - -#include "crypto_api.h" - -#define sc25519 crypto_sign_ed25519_ref_sc25519 -#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 -#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes -#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes -#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes -#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc -#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes -#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime -#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime -#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime -#define sc25519_add crypto_sign_ed25519_ref_sc25519_add -#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored -#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul -#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc -#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 -#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 -#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 - -typedef struct -{ - crypto_uint32 v32; -} -sc25519; - -typedef struct -{ - crypto_uint32 v16; -} -shortsc25519; - -void sc25519_from32bytes(sc25519 *r, const unsigned char x32); - -void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x16); - -void sc25519_from64bytes(sc25519 *r, const unsigned char x64); - -void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); - -void sc25519_to32bytes(unsigned char r32, const sc25519 *x); - -int sc25519_iszero_vartime(const sc25519 *x); - -int sc25519_isshort_vartime(const sc25519 *x); - -int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); - -void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); - -void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); - -/* Convert s into a representation of the form \sum_{i=0}^{84}ri2^3 - * with ri in {-4,...,3} - */ -void sc25519_window3(signed char r85, const sc25519 *s); - -/* Convert s into a representation of the form \sum_{i=0}^{50}ri2^5 - * with ri in {-16,...,15} - */ -void sc25519_window5(signed char r51, const sc25519 *s); - -void sc25519_2interleave2(unsigned char r127, const sc25519 *s1, const sc25519 *s2); - -#endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/verify.c
Deleted
@@ -1,49 +0,0 @@ -/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ - -/* - * Public Domain, Author: Daniel J. Bernstein - * Copied from nacl-20110221/crypto_verify/32/ref/verify.c - */ - -#include "includes.h" - -#include "crypto_api.h" - -int crypto_verify_32(const unsigned char *x,const unsigned char *y) -{ - unsigned int differentbits = 0; -#define F(i) differentbits |= xi ^ yi; - F(0) - F(1) - F(2) - F(3) - F(4) - F(5) - F(6) - F(7) - F(8) - F(9) - F(10) - F(11) - F(12) - F(13) - F(14) - F(15) - F(16) - F(17) - F(18) - F(19) - F(20) - F(21) - F(22) - F(23) - F(24) - F(25) - F(26) - F(27) - F(28) - F(29) - F(30) - F(31) - return (1 & ((differentbits - 1) >> 8)) - 1; -}
View file
_service:tar_scm:openssh-9.3p1.tar.gz.asc
Added
@@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEcWi5g4FaXu9ZpK39Kj9BTnNgYLoFAmQSOZYACgkQKj9BTnNg +YLrKJg//fSKjNlnb3l75ZwLoWhwpEZQp7poEq5qCCRNvu4dleuU1sMxNPl9/Ow1i +iZVW67OGNjIsJ7FJmHNF3UOgkH50c6OHivmDaTywDtyCLZvUVmaSfOe0own8s8KB +OV7czHqd9giHQlGWWTxg9eVAfOaqpzXugkzo7UoTVqEqJ3Ru/FQ4RGSIjTGzuM/0 +EC+JkKyO+0pP3mr4XfZdxsbYc9WVEG9ZIlT153y9I5MfiWM1SC/0gg4NLz025Xaa +ment5c+BdhIwYjC2f5F/9s0J6+lFHiFBHLQVGx4qq/Tx3XGfP0xBcS1V9Mkhyjzf +ZXj6acQ+T50H8p3OWZyrWn11YNtGjzkwuQWrj8Ue4NPFGqgPbANeH32yOiIWpIh0 +CtpGnRGQP1zF14hEAR5gKangTNCp/IVMBhIs4UL3zI6uS2yRLTGOWcgrnjJv26vg +jb2WmL0AeqYLZw41pbq+zmVizhhg8qk7KPQQsFxnalSFHz35tnHN8oQD5TCDxqtu +f/roTbZhW/nnlaMlEAnB09LO6e1nyDIcJ6hj0CK9cSgIn8pb1q9GdjYx5PNKwsoa +NuD+bqlzF5krjiOHJh+vDw0GKFusflL46Dmry5a4K0vLUGBn6uAUPtuwMdBsLofU +k3a4zBMlOCm6o3WqgAug4fSwCfYkJ9Dc+FaedGC1X4fys4lV/6k= +=deVJ +-----END PGP SIGNATURE-----
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.depend -> _service:tar_scm:openssh-9.3p1.tar.gz/.depend
Changed
@@ -16,21 +16,20 @@ auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h xmalloc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth.o: authfile.h monitor_wrap.h compat.h channels.h +auth.o: authfile.h monitor_wrap.h channels.h auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h -auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h +auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h +auth2-hostbased.o: monitor_wrap.h pathnames.h match.h auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h -auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h +auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h ssh2.h monitor_wrap.h auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h -auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h compat.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h -auth2.o: digest.h -auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h -authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h +auth2-pubkeyfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h log.h ssherr.h misc.h sshkey.h digest.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfile.h match.h +auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h digest.h +authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h log.h ssherr.h atomicio.h misc.h authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h @@ -44,17 +43,15 @@ cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h -compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h +compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h +dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h -ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h +ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h -fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h -ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ssherr.h gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -63,7 +60,7 @@ hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h -kex.o: match.h misc.h monitor.h sshbuf.h digest.h +kex.o: match.h misc.h monitor.h myproposal.h sshbuf.h digest.h xmalloc.h kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h @@ -96,8 +93,8 @@ platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h -readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h -readconf.o: uidswap.h myproposal.h digest.h +readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h uidswap.h +readconf.o: myproposal.h digest.h readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -108,14 +105,13 @@ sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h -sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp.h sftp-common.h sftp-client.h -servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h -servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h -serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h -serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h -session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h -session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h +servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h +servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h +serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h +serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h +session.o: hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h +session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h @@ -128,7 +124,7 @@ sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h hostfile.h -ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h +ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h myproposal.h ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h @@ -136,8 +132,8 @@ ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h -ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h -ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h +ssh-keyscan.o: dispatch.h log.h ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h addr.h +ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h @@ -156,12 +152,12 @@ sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h -sshconnect.o: authfd.h kex.h mac.h crypto_api.h -sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h +sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h authfd.h +sshconnect.o: kex.h mac.h crypto_api.h sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h -sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h +sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h -sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h +sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h ssherr.o: ssherr.h sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h @@ -174,7 +170,6 @@ umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h -verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/ci-status.md -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/ci-status.md
Changed
@@ -1,4 +1,11 @@ -!C/C++ CI(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml) -!C/C++ CI self-hosted(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml) -!Upstream self-hosted(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml) +master : +!C/C++ CI(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:master) +!C/C++ CI self-hosted(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:master) +!Upstream self-hosted(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml?query=branch:master) +!CIFuzz(https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml/badge.svg)(https://github.com/openssh/openssh-portable/actions/workflows/cifuzz.yml) !Fuzzing Status(https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)(https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) +!Coverity Status(https://scan.coverity.com/projects/21341/badge.svg)(https://scan.coverity.com/projects/openssh-portable) + +9.2 : +!C/C++ CI(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg?branch=V_9_2)(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml?query=branch:V_9_2) +!C/C++ CI self-hosted(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg?branch=V_9_2)(https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml?query=branch:V_9_2)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/configs -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/configs
Changed
@@ -9,10 +9,13 @@ # LTESTS config=$1 +if "$config" = "" ; then + config="default" +fi unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO -TEST_TARGET="tests" +TEST_TARGET="tests compat-tests" LTESTS="" SKIP_LTESTS="" SUDO=sudo # run with sudo by default @@ -108,7 +111,7 @@ kitchensink) CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam" CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux" - CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG" + CFLAGS="-DSK_DEBUG -DSANDBOX_SECCOMP_FILTER_DEBUG" ;; hardenedmalloc) CONFIGFLAGS="--with-ldflags=-lhardened_malloc" @@ -141,6 +144,11 @@ ;; openssl-*) LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath," + # OpenSSL 1.1.1 specifically has a bug in its RNG that breaks reexec + # fallback. See https://bugzilla.mindrot.org/show_bug.cgi?id=3483 + if "$config" = "openssl-1.1.1" ; then + SKIP_LTESTS="reexec" + fi ;; selinux) CONFIGFLAGS="--with-selinux" @@ -152,7 +160,7 @@ LIBCRYPTOFLAGS="--without-openssl" TEST_TARGET=t-exec ;; - valgrind-1-4|valgrind-unit) + valgrind-1-5|valgrind-unit) # rlimit sandbox and FORTIFY_SOURCE confuse Valgrind. CONFIGFLAGS="--without-sandbox --without-hardening" CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0" @@ -161,16 +169,19 @@ export TEST_SSH_ELAPSED_TIMES # Valgrind slows things down enough that the agent timeout test # won't reliably pass, and the unit tests run longer than allowed - # by github so split into three separate tests. - tests2="rekey integrity try-ciphers" + # by github so split into separate tests. + tests2="integrity try-ciphers" tests3="krl forward-control sshsig agent-restrict kextype sftp" tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment percent" + tests5="rekey" case "$config" in valgrind-1) - # All tests except agent-timeout (which is flaky under valgrind) + # All tests except agent-timeout (which is flaky under valgrind), + # connection-timeout (which doesn't work since it's so slow) # and hostbased (since valgrind won't let ssh exec keysign). # Slow ones are run separately to increase parallelism. - SKIP_LTESTS="agent-timeout hostbased ${tests2} ${tests3} ${tests4}" + SKIP_LTESTS="agent-timeout connection-timeout hostbased" + SKIP_LTESTS="$SKIP_LTESTS ${tests2} ${tests3} ${tests4} ${tests5}" ;; valgrind-2) LTESTS="${tests2}" @@ -181,6 +192,9 @@ valgrind-4) LTESTS="${tests4}" ;; + valgrind-5) + LTESTS="${tests5}" + ;; valgrind-unit) TEST_TARGET="unit USE_VALGRIND=1" ;; @@ -207,9 +221,13 @@ # test run does not time out. # The agent-restrict test fails due to some quoting issue when run # with sh or ksh so specify bash for now. - TEST_TARGET="t-exec TEST_SHELL=bash" + TEST_TARGET="t-exec unit TEST_SHELL=bash" SKIP_LTESTS="rekey sftp" ;; + debian-riscv64) + # This machine is fairly slow, so skip the unit tests. + TEST_TARGET="t-exec" + ;; dfly58*|dfly60*) # scp 3-way connection hangs on these so skip until sorted. SKIP_LTESTS=scp3 @@ -227,12 +245,15 @@ # test that relies on one. # Also, Minix seems to be very limited in the number of select() # calls that can be operating concurrently, so prune additional tests for that. - T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse connect - connect-uri exit-status forward-control forwarding hostkey-agent - key-options keyscan knownhosts-command login-timeout multiplex + T="addrmatch agent-restrict brokenkeys cfgmatch cfgmatchlisten cfgparse + connect connect-uri exit-status forwarding hostkey-agent + key-options keyscan knownhosts-command login-timeout reconfigure reexec rekey scp scp-uri scp3 sftp sftp-badcmds sftp-batch sftp-cmds sftp-glob sftp-perm sftp-uri stderr-data transfer" + # Unix domain sockets don't work quite like we expect, so also skip any tests + # that use multiplexing. + T="$T connection-timeout dynamic-forward forward-control multiplex" SKIP_LTESTS="$(echo $T)" TEST_TARGET=t-exec SUDO="" @@ -260,6 +281,8 @@ case "`./config.guess`" in *cygwin) SUDO="" + # Don't run compat tests on cygwin as they don't currently compile. + TEST_TARGET="tests" ;; *-darwin*) # Unless specified otherwise, build without OpenSSL on Mac OS since
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/run_test.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/run_test.sh
Changed
@@ -21,7 +21,7 @@ fi output_failed_logs() { - for i in regress/failed*; do + for i in regress/failed*.log; do if -f "$i" ; then echo ------------------------------------------------------------------------- echo LOGFILE $i
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/setup_ci.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/setup_ci.sh
Changed
@@ -7,10 +7,10 @@ case "`./config.guess`" in *cygwin) PACKAGER=setup - echo Setting CYGWIN sustem environment variable. + echo Setting CYGWIN system environment variable. setx CYGWIN "binmode" - chmod -R go-rw /cygdrive/d/a - umask 077 + echo Removing extended ACLs so umask works as expected. + setfacl -b . regress PACKAGES="$PACKAGES,autoconf,automake,cygwin-devel,gcc-core" PACKAGES="$PACKAGES,make,openssl-devel,zlib-devel" ;; @@ -139,16 +139,29 @@ sudo apt-add-repository -y ppa:yubico/stable fi -if "x" != "x$PACKAGES" ; then +tries=3 +while ! -z "$PACKAGES" && "$tries" -gt "0" ; do case "$PACKAGER" in apt) sudo apt update -qq - sudo apt install -qy $PACKAGES + if sudo apt install -qy $PACKAGES; then + PACKAGES="" + fi ;; setup) - /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,` + if /cygdrive/c/setup.exe -q -P `echo "$PACKAGES" | tr ' ' ,`; then + PACKAGES="" + fi ;; esac + if ! -z "$PACKAGES" ; then + sleep 90 + fi + tries=$(($tries - 1)) +done +if ! -z "$PACKAGES" ; then + echo "Package installation failed." + exit 1 fi if "${INSTALL_HARDENED_MALLOC}" = "yes" ; then
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/workflows/c-cpp.yml -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/workflows/c-cpp.yml
Changed
@@ -2,11 +2,9 @@ on: push: - branches: master, ci, V_9_0 - paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' + paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' pull_request: - branches: master - paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' + paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' jobs: ci: @@ -15,104 +13,109 @@ fail-fast: false matrix: # First we test all OSes in the default configuration. - os: ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022 - configs: default + target: ubuntu-20.04, ubuntu-22.04, macos-11, macos-12, windows-2019, windows-2022 + config: default # Then we include any extra configs we want to test for specific VMs. # Valgrind slows things down quite a bit, so start them first. include: - - { os: windows-2019, configs: cygwin-release } - - { os: windows-2022, configs: cygwin-release } - - { os: ubuntu-20.04, configs: valgrind-1 } - - { os: ubuntu-20.04, configs: valgrind-2 } - - { os: ubuntu-20.04, configs: valgrind-3 } - - { os: ubuntu-20.04, configs: valgrind-4 } - - { os: ubuntu-20.04, configs: valgrind-unit } - - { os: ubuntu-20.04, configs: c89 } - - { os: ubuntu-20.04, configs: clang-6.0 } - - { os: ubuntu-20.04, configs: clang-8 } - - { os: ubuntu-20.04, configs: clang-9 } - - { os: ubuntu-20.04, configs: clang-10 } - - { os: ubuntu-20.04, configs: clang-11 } - - { os: ubuntu-20.04, configs: clang-12-Werror } - - { os: ubuntu-20.04, configs: clang-sanitize-address } - - { os: ubuntu-20.04, configs: clang-sanitize-undefined } - - { os: ubuntu-20.04, configs: gcc-sanitize-address } - - { os: ubuntu-20.04, configs: gcc-sanitize-undefined } - - { os: ubuntu-20.04, configs: gcc-7 } - - { os: ubuntu-20.04, configs: gcc-8 } - - { os: ubuntu-20.04, configs: gcc-10 } - - { os: ubuntu-20.04, configs: gcc-11-Werror } - - { os: ubuntu-20.04, configs: pam } - - { os: ubuntu-20.04, configs: kitchensink } - - { os: ubuntu-20.04, configs: hardenedmalloc } - - { os: ubuntu-20.04, configs: tcmalloc } - - { os: ubuntu-20.04, configs: musl } - - { os: ubuntu-latest, configs: libressl-master } - - { os: ubuntu-latest, configs: libressl-2.2.9 } - - { os: ubuntu-latest, configs: libressl-2.8.3 } - - { os: ubuntu-latest, configs: libressl-3.0.2 } - - { os: ubuntu-latest, configs: libressl-3.2.6 } - - { os: ubuntu-latest, configs: libressl-3.3.6 } - - { os: ubuntu-latest, configs: libressl-3.4.3 } - - { os: ubuntu-latest, configs: libressl-3.5.3 } - - { os: ubuntu-latest, configs: openssl-master } - - { os: ubuntu-latest, configs: openssl-noec } - - { os: ubuntu-latest, configs: openssl-1.0.1 } - - { os: ubuntu-latest, configs: openssl-1.0.1u } - - { os: ubuntu-latest, configs: openssl-1.0.2u } - - { os: ubuntu-latest, configs: openssl-1.1.0h } - - { os: ubuntu-latest, configs: openssl-1.1.1 } - - { os: ubuntu-latest, configs: openssl-1.1.1k } - - { os: ubuntu-latest, configs: openssl-1.1.1n } - - { os: ubuntu-latest, configs: openssl-1.1.1p } - - { os: ubuntu-latest, configs: openssl-3.0.0 } - - { os: ubuntu-latest, configs: openssl-3.0.5 } - - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch - - { os: ubuntu-latest, configs: openssl-3.0 } # stable branch - - { os: ubuntu-22.04, configs: pam } - - { os: ubuntu-22.04, configs: krb5 } - - { os: ubuntu-22.04, configs: heimdal } - - { os: ubuntu-22.04, configs: libedit } - - { os: ubuntu-22.04, configs: sk } - - { os: ubuntu-22.04, configs: selinux } - - { os: ubuntu-22.04, configs: kitchensink } - - { os: ubuntu-22.04, configs: without-openssl } - - { os: macos-11, configs: pam } - - { os: macos-12, configs: pam } - runs-on: ${{ matrix.os }} + - { target: windows-2019, config: cygwin-release } + - { target: windows-2022, config: cygwin-release } + - { target: ubuntu-20.04, config: valgrind-1 } + - { target: ubuntu-20.04, config: valgrind-2 } + - { target: ubuntu-20.04, config: valgrind-3 } + - { target: ubuntu-20.04, config: valgrind-4 } + - { target: ubuntu-20.04, config: valgrind-5 } + - { target: ubuntu-20.04, config: valgrind-unit } + - { target: ubuntu-20.04, config: c89 } + - { target: ubuntu-20.04, config: clang-6.0 } + - { target: ubuntu-20.04, config: clang-8 } + - { target: ubuntu-20.04, config: clang-9 } + - { target: ubuntu-20.04, config: clang-10 } + - { target: ubuntu-20.04, config: clang-11 } + - { target: ubuntu-20.04, config: clang-12-Werror } + - { target: ubuntu-20.04, config: clang-sanitize-address } + - { target: ubuntu-20.04, config: clang-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-sanitize-address } + - { target: ubuntu-20.04, config: gcc-sanitize-undefined } + - { target: ubuntu-20.04, config: gcc-7 } + - { target: ubuntu-20.04, config: gcc-8 } + - { target: ubuntu-20.04, config: gcc-10 } + - { target: ubuntu-20.04, config: gcc-11-Werror } + - { target: ubuntu-20.04, config: pam } + - { target: ubuntu-20.04, config: kitchensink } + - { target: ubuntu-20.04, config: hardenedmalloc } + - { target: ubuntu-20.04, config: tcmalloc } + - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: libressl-master } + - { target: ubuntu-latest, config: libressl-2.2.9 } + - { target: ubuntu-latest, config: libressl-2.8.3 } + - { target: ubuntu-latest, config: libressl-3.0.2 } + - { target: ubuntu-latest, config: libressl-3.2.6 } + - { target: ubuntu-latest, config: libressl-3.3.6 } + - { target: ubuntu-latest, config: libressl-3.4.3 } + - { target: ubuntu-latest, config: libressl-3.5.3 } + - { target: ubuntu-latest, config: libressl-3.6.1 } + - { target: ubuntu-latest, config: libressl-3.7.0 } + - { target: ubuntu-latest, config: openssl-master } + - { target: ubuntu-latest, config: openssl-noec } + - { target: ubuntu-latest, config: openssl-1.0.1 } + - { target: ubuntu-latest, config: openssl-1.0.1u } + - { target: ubuntu-latest, config: openssl-1.0.2u } + - { target: ubuntu-latest, config: openssl-1.1.0h } + - { target: ubuntu-latest, config: openssl-1.1.1 } + - { target: ubuntu-latest, config: openssl-1.1.1k } + - { target: ubuntu-latest, config: openssl-1.1.1n } + - { target: ubuntu-latest, config: openssl-1.1.1q } + - { target: ubuntu-latest, config: openssl-1.1.1s } + - { target: ubuntu-latest, config: openssl-3.0.0 } + - { target: ubuntu-latest, config: openssl-3.0.5 } + - { target: ubuntu-latest, config: openssl-3.0.7 } + - { target: ubuntu-latest, config: openssl-1.1.1_stable } + - { target: ubuntu-latest, config: openssl-3.0 } # stable branch + - { target: ubuntu-22.04, config: pam } + - { target: ubuntu-22.04, config: krb5 } + - { target: ubuntu-22.04, config: heimdal } + - { target: ubuntu-22.04, config: libedit } + - { target: ubuntu-22.04, config: sk } + - { target: ubuntu-22.04, config: selinux } + - { target: ubuntu-22.04, config: kitchensink } + - { target: ubuntu-22.04, config: without-openssl } + - { target: macos-11, config: pam } + - { target: macos-12, config: pam } + runs-on: ${{ matrix.target }} steps: - name: set cygwin git params - if: ${{ startsWith(matrix.os, 'windows') }} + if: ${{ startsWith(matrix.target, 'windows') }} run: git config --global core.autocrlf input - name: install cygwin - if: ${{ startsWith(matrix.os, 'windows') }} + if: ${{ startsWith(matrix.target, 'windows') }} uses: cygwin/cygwin-install-action@master - - uses: actions/checkout@v2 + - uses: actions/checkout@main - name: setup CI system - run: sh ./.github/setup_ci.sh ${{ matrix.configs }} + run: sh ./.github/setup_ci.sh ${{ matrix.config }} - name: autoreconf run: sh -c autoreconf - name: configure - run: sh ./.github/configure.sh ${{ matrix.configs }} + run: sh ./.github/configure.sh ${{ matrix.config }} - name: save config - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-config + name: ${{ matrix.target }}-${{ matrix.config }}-config path: config.h - name: make clean run: make clean - name: make run: make -j2 - name: make tests - run: sh ./.github/run_test.sh ${{ matrix.configs }} + run: sh ./.github/run_test.sh ${{ matrix.config }} env: TEST_SSH_UNSAFE_PERMISSIONS: 1 TEST_SSH_HOSTBASED_AUTH: yes - name: save logs if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | config.h config.log @@ -120,3 +123,4 @@ regress/valgrind-out/ regress/asan.log.* regress/msan.log.*
View file
_service:tar_scm:openssh-9.3p1.tar.gz/.github/workflows/cifuzz.yml
Added
@@ -0,0 +1,32 @@ +name: CIFuzz +on: + push: + paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' + pull_request: + paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' + +jobs: + Fuzzing: + if: github.repository != 'openssh/openssh-portable-selfhosted' + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'openssh' + dry-run: false + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'openssh' + fuzz-seconds: 600 + dry-run: false + language: c++ + - name: Upload Crash + uses: actions/upload-artifact@main + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/workflows/selfhosted.yml -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/workflows/selfhosted.yml
Changed
@@ -2,37 +2,36 @@ on: push: - branches: master, ci, V_9_0 - paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', 'Makefile.in', 'configure.ac' + paths: '**.c', '**.h', '**.m4', '**.sh', '.github/**', '**/Makefile.in', 'configure.ac' jobs: selfhosted: if: github.repository == 'openssh/openssh-portable-selfhosted' - runs-on: ${{ matrix.os }} + runs-on: ${{ matrix.host }} + timeout-minutes: 600 env: - TARGET_HOST: ${{ matrix.os }} + HOST: ${{ matrix.host }} + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} strategy: fail-fast: false # We use a matrix in two parts: firstly all of the VMs are tested with the - # default config. "os" corresponds to a label associated with the worker. + # default config. "target" corresponds to a label associated with the + # worker. The default is an ephemeral VM running under libvirt. matrix: - os: - - aix51 - - ARM - - ARM64 + target: - alpine + - centos7 - debian-i386 - - debian-riscv64 - dfly30 - dfly48 - dfly58 - dfly60 + - dfly62 - fbsd10 - fbsd12 - fbsd13 - # - hurd - minix3 - # - nbsd2 - nbsd3 - nbsd4 - nbsd8 @@ -42,67 +41,79 @@ - obsd69 - obsd70 - obsdsnap + - obsdsnap-i386 - openindiana - - openwrt-mips - - openwrt-mipsel - # - rocky84 - sol10 - sol11 - - win10 - configs: + config: - default - # Then we include any extra configs we want to test for specific VMs. + host: + - libvirt include: - - { os: ARM64, configs: pam } - - { os: debian-i386, configs: pam } - - { os: dfly30, configs: without-openssl} - - { os: dfly48, configs: pam } - - { os: dfly58, configs: pam } - - { os: dfly60, configs: pam } - - { os: fbsd10, configs: pam } - - { os: fbsd12, configs: pam } - - { os: fbsd13, configs: pam } - - { os: nbsd8, configs: pam } - - { os: nbsd9, configs: pam } - - { os: openindiana, configs: pam } - # - { os: rocky84, configs: pam } - - { os: sol10, configs: pam } - - { os: sol11, configs: pam-krb5 } - - { os: sol11, configs: sol64 } - # - { os: sol11, configs: sol64-pam } - - { os: win10, configs: cygwin-release } + # Then we include extra libvirt test configs. + - { target: aix51, config: default, host: libvirt } + - { target: centos7, config: pam, host: libvirt } + - { target: debian-i386, config: pam, host: libvirt } + - { target: dfly30, config: without-openssl, host: libvirt} + - { target: dfly48, config: pam ,host: libvirt } + - { target: dfly58, config: pam, host: libvirt } + - { target: dfly60, config: pam, host: libvirt } + - { target: dfly62, config: pam, host: libvirt } + - { target: fbsd10, config: pam, host: libvirt } + - { target: fbsd12, config: pam, host: libvirt } + - { target: fbsd13, config: pam, host: libvirt } + - { target: nbsd8, config: pam, host: libvirt } + - { target: nbsd9, config: pam, host: libvirt } + - { target: openindiana, config: pam, host: libvirt } + - { target: sol10, config: pam, host: libvirt } + - { target: sol11, config: pam-krb5, host: libvirt } + - { target: sol11, config: sol64, host: libvirt } + # VMs with persistent disks that have their own runner. + - { target: win10, config: default, host: win10 } + - { target: win10, config: cygwin-release, host: win10 } + # Physical hosts, with either native runners or remote via ssh. + - { target: ARM, config: default, host: ARM } + - { target: ARM64, config: default, host: ARM64 } + - { target: ARM64, config: pam, host: ARM64 } + - { target: debian-riscv64, config: default, host: debian-riscv64 } + - { target: openwrt-mips, config: default, host: openwrt-mips } + - { target: openwrt-mipsel, config: default, host: openwrt-mipsel } steps: - name: shutdown VM if running run: vmshutdown - - uses: actions/checkout@v2 + working-directory: ${{ runner.temp }} + - uses: actions/checkout@main - name: autoreconf run: autoreconf - name: startup VM run: vmstartup + working-directory: ${{ runner.temp }} - name: configure - run: vmrun ./.github/configure.sh ${{ matrix.configs }} + run: vmrun ./.github/configure.sh ${{ matrix.config }} - name: save config - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-config + name: ${{ matrix.target }}-${{ matrix.config }}-config path: config.h - name: make clean run: vmrun make clean - name: make run: vmrun make - name: make tests - run: vmrun ./.github/run_test.sh ${{ matrix.configs }} + run: vmrun ./.github/run_test.sh ${{ matrix.config }} timeout-minutes: 600 - name: save logs if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | config.h config.log regress/*.log + regress/log/* regress/valgrind-out/ - name: shutdown VM if: always() run: vmshutdown + working-directory: ${{ runner.temp }}
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.github/workflows/upstream.yml -> _service:tar_scm:openssh-9.3p1.tar.gz/.github/workflows/upstream.yml
Changed
@@ -2,46 +2,52 @@ on: push: - branches: master, ci + branches: master paths: '**.c', '**.h', '.github/**' jobs: selfhosted: if: github.repository == 'openssh/openssh-portable-selfhosted' - runs-on: ${{ matrix.os }} + runs-on: 'libvirt' env: - TARGET_HOST: ${{ matrix.os }} + HOST: 'libvirt' + TARGET_HOST: ${{ matrix.target }} + TARGET_CONFIG: ${{ matrix.config }} strategy: fail-fast: false matrix: - os: obsdsnap, obsdsnap-i386 - configs: default, without-openssl, ubsan + target: obsdsnap, obsdsnap-i386 + config: default, without-openssl, ubsan steps: - - uses: actions/checkout@v2 - name: shutdown VM if running run: vmshutdown + working-directory: ${{ runner.temp }} + - uses: actions/checkout@main - name: startup VM run: vmstartup + working-directory: ${{ runner.temp }} - name: update source run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh" - name: make clean - run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean" + run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj" - name: make - run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.configs }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + run: vmrun "cd /usr/src/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" - name: make install run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install" - name: make tests` - run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.configs }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" + run: vmrun "cd /usr/src/regress/usr.bin/ssh && case ${{ matrix.config }} in without-openssl) make OPENSSL=no;; ubsan) make DEBUG='-fsanitize-minimal-runtime -fsanitize=undefined';; *) make; esac" env: SUDO: sudo timeout-minutes: 300 - name: save logs if: failure() - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@main with: - name: ${{ matrix.os }}-${{ matrix.configs }}-logs + name: ${{ matrix.target }}-${{ matrix.config }}-logs path: | - /usr/obj/regress/usr.bin/ssh/*.log + /usr/obj/regress/usr.bin/ssh/obj/*.log + /usr/obj/regress/usr.bin/ssh/obj/log/* - name: shutdown VM if: always() run: vmshutdown + working-directory: ${{ runner.temp }}
View file
_service:tar_scm:openssh-9.1p1.tar.gz/.skipped-commit-ids -> _service:tar_scm:openssh-9.3p1.tar.gz/.skipped-commit-ids
Changed
@@ -25,6 +25,8 @@ 7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b moduli update 6b52cd2b637f3d29ef543f0ce532a2bce6d86af5 makefile change f9a0726d957cf10692a231996a1f34e7f9cdfeb0 moduli update +1e0a2692b7e20b126dda60bf04999d1d30d959d8 sshd relinking makefile changes +e1dc11143f83082e3154d6094f9136d0dc2637ad more relinking makefile tweaks Old upstream tree:
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ChangeLog -> _service:tar_scm:openssh-9.3p1.tar.gz/ChangeLog
Changed
@@ -1,3 +1,2677 @@ +commit cb30fbdbee869f1ce11f06aa97e1cb8717a0b645 +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 16 08:28:19 2023 +1100 + + depend + +commit 1dba63eb10c40b6fda9f5012ed6ae87e2d3d028e +Author: Damien Miller <djm@mindrot.org> +Date: Thu Mar 16 08:27:54 2023 +1100 + + crank version + +commit ba7532d0dac9aaf0ad7270664c43837fc9f64a5f +Author: djm@openbsd.org <djm@openbsd.org> +Date: Wed Mar 15 21:19:57 2023 +0000 + + upstream: openssh-9.3 + + OpenBSD-Commit-ID: 8011495f2449c1029bb316bd015eab2e00509848 + +commit 6fd4daafb949b66bf555f3100f715a9ec64c3390 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 07:28:47 2023 +0000 + + upstream: Free KRL ptr in addition to its contents. + + From Coverity CID 291841, ok djm@ + + OpenBSD-Commit-ID: f146ba08b1b43af4e0d7ad8c4dae3748b4fa31b6 + +commit 1d270bd303afaf6d94e9098cbbf18e5e539e2088 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Tue Mar 14 07:26:25 2023 +0000 + + upstream: Check pointer for NULL before deref. + + None of the existing callers seem to do that, but it's worth checking. + From Coverity CID 291834, ok djm@ + + OpenBSD-Commit-ID: a0a97113f192a7cb1a2c97b932f677f573cda7a4 + +commit d95af508e78c0cd3dce56b83853baaa59ae295cf +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 12 10:40:39 2023 +0000 + + upstream: Limit number of entries in SSH2_MSG_EXT_INFO + + request. This is already constrained by the maximum SSH packet size but this + makes it explicit. Prompted by Coverity CID 291868, ok djm@ markus@ + + OpenBSD-Commit-ID: aea023819aa44a2dcb9dd0fbec10561896fc3a09 + +commit 8f287ba60d342b3e2f750e7332d2131e3ec7ecd0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Sun Mar 12 09:41:18 2023 +0000 + + upstream: calloc can return NULL but xcalloc can't. + + From Coverity CID 291881, ok djm@ + + OpenBSD-Commit-ID: 50204b755f66b2ec7ac3cfe379d07d85ca161d2b + +commit 83a56a49fd50f4acf900f934279482e4ef329715 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 07:17:08 2023 +0000 + + upstream: Explicitly ignore return from fcntl + + (... FD_CLOEXEC) here too. Coverity CID 291853. + + OpenBSD-Commit-ID: 99d8b3da9d0be1d07ca8dd8e98800a890349e9b5 + +commit 0fda9d704d3bbf54a5e64ce02a6fecb11fe7f047 +Author: Damien Miller <djm@mindrot.org> +Date: Fri Mar 10 15:59:46 2023 +1100 + + bounds checking for getrrsetbyname() replacement; + + Spotted by Coverity in CID 405033; ok millert@ + +commit 89b8df518f21677045599df0ad3e5dd0f39909b5 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 04:06:21 2023 +0000 + + upstream: Plug mem leak on error path. Coverity CID 405026, ok djm@. + + OpenBSD-Commit-ID: 8212ca05d01966fb5e72205c592b2257708a2aac + +commit bf4dae0ad192c3e2f03f7223834b00d88ace3d3e +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 10 14:46:57 2023 +1100 + + Add prototypes for mkstemp replacements. + + Should prevent warnings due to our wrapper function. + +commit 4e04d68d6a33cdc73b831fd4b5e6124175555d3d +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 03:01:51 2023 +0000 + + upstream: Expliticly ignore return code from fcntl(.. FD_CLOEXEC) since + + there's not much we can do anyway. From Coverity CID 291857, ok djm@ + + OpenBSD-Commit-ID: 051429dd07af8db3fec10d82cdc78d90bb051729 + +commit d6d38fd77cbe091c59e1bb720c3a494df4990640 +Author: djm@openbsd.org <djm@openbsd.org> +Date: Fri Mar 10 02:32:04 2023 +0000 + + upstream: Like sshd_config, some ssh_config options are not + + first-match-wins. sshd_config.5 was fixed in r1.348, this is the same for + this file + + OpenBSD-Commit-ID: 7be55b9351cde449b136afcc52d07aa4113b215e + +commit 7187d3f86bf8f2066cc9941f217d23b0cacae25e +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Fri Mar 10 02:24:56 2023 +0000 + + upstream: Remove no-op (int) > INT_MAX checks + + since they can never be true. From Coverity CID 405031, ok djm@ + + OpenBSD-Commit-ID: 9df3783b181e056595e2bb9edf7ed41d61cf8e84 + +commit 77adde4305542ebe3005dd456122624fe2347b01 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Fri Mar 10 13:27:29 2023 +1100 + + Wrap mkstemp calls with umask set/restore. + + glibc versions 2.06 and earlier did not set a umask on files created by + mkstemp created the world-writable. Wrap mkstemp to set and restore + the umask. From Coverity (CIDs 291826 291886 291891), ok djm@ + +commit 633d3dc2a1e9e2a013d019a0576a0771c8423713 +Author: jcs@openbsd.org <jcs@openbsd.org> +Date: Thu Mar 9 21:06:24 2023 +0000 + + upstream: modify parentheses in conditionals to make it clearer what is + + being assigned and what is being checked + + ok djm dtucker + + OpenBSD-Commit-ID: 19c10baa46ae559474409f75a5cb3d0eade7a9b8 + +commit 733030840c4772f858de95d5940ec0c37663e8b0 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Thu Mar 9 07:11:05 2023 +0000 + + upstream: Re-split the merge of the reorder-hostkeys test. + + In the kex_proposal_populate_entries change I merged the the check for + reordering hostkeys with the actual reordering, but kex_assemble_names + mutates options.hostkeyalgorithms which renders the check ineffective. + Put the check back where it was. Spotted and tested by jsg@, ok djm@ + + OpenBSD-Commit-ID: a7469f25a738db5567395d1881e32479a7ffc9de + +commit 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed +Author: djm@openbsd.org <djm@openbsd.org> +Date: Thu Mar 9 06:58:26 2023 +0000 + + upstream: include destination constraints for smartcard keys too. + + Spotted by Luci Stanescu; ok deraadt@ markus@ + + OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f + +commit bfd1ad01d974a316b60622759ad17537fa2d92b4 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 9 18:24:54 2023 +1100 + + Limit the number of PAM environment variables. + + xcalloc has its own limits, but these are specific to PAM. From + Coverity CID 405198, ok djm@ + +commit a231414970e01a35f45a295d5f93698fa1249b28 +Author: Darren Tucker <dtucker@dtucker.net> +Date: Thu Mar 9 18:19:44 2023 +1100 + + Limit the number of PAM environment variables. + + From Coverity CID 405194, tweaks and ok djm@ + +commit 36c6c3eff5e4a669ff414b9daf85f919666e8e03 +Author: dtucker@openbsd.org <dtucker@openbsd.org> +Date: Wed Mar 8 06:21:32 2023 +0000 + + upstream: Plug mem leak. Coverity CID 405196, ok djm@ + + OpenBSD-Commit-ID: 175f09349387c292f626da68f65f334faaa085f2 + +commit dfb9b736e1ccf9e6b03eea21cd961f4fd0634c98 +Author: tb@openbsd.org <tb@openbsd.org>
View file
_service:tar_scm:openssh-9.1p1.tar.gz/INSTALL -> _service:tar_scm:openssh-9.3p1.tar.gz/INSTALL
Changed
@@ -17,7 +17,7 @@ A working installation of zlib: Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems): -http://www.gzip.org/zlib/ +https://zlib.net/ libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto is supported but severely restricts the available ciphers and algorithms.
View file
_service:tar_scm:openssh-9.1p1.tar.gz/Makefile.in -> _service:tar_scm:openssh-9.3p1.tar.gz/Makefile.in
Changed
@@ -106,7 +106,7 @@ ssh-pkcs11.o smult_curve25519_ref.o \ poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \ ssh-ed25519.o digest-openssl.o digest-libc.o \ - hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \ + hmac.o ed25519.o hash.o \ kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ kexgexc.o kexgexs.o \ kexsntrup761x25519.o sntrup761.o kexgen.o \ @@ -517,6 +517,10 @@ $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/modpipe.c \ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) +regress/timestamp$(EXEEXT): $(srcdir)/regress/timestamp.c $(REGRESSLIBS) + $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/timestamp.c \ + $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) + regress/setuid-allowed$(EXEEXT): $(srcdir)/regress/setuid-allowed.c $(REGRESSLIBS) $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ $(srcdir)/regress/setuid-allowed.c \ $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(TESTLIBS) @@ -616,6 +620,7 @@ UNITTESTS_TEST_KEX_OBJS=\ regress/unittests/kex/tests.o \ regress/unittests/kex/test_kex.o \ + regress/unittests/kex/test_proposal.o \ $(SKOBJS) regress/unittests/kex/test_kex$(EXEEXT): ${UNITTESTS_TEST_KEX_OBJS} \ @@ -653,7 +658,8 @@ regress/unittests/misc/test_convtime.o \ regress/unittests/misc/test_argv.o \ regress/unittests/misc/test_strdelim.o \ - regress/unittests/misc/test_hpdelim.o + regress/unittests/misc/test_hpdelim.o \ + regress/unittests/misc/test_ptimeout.o regress/unittests/misc/test_misc$(EXEEXT): \ ${UNITTESTS_TEST_MISC_OBJS} \ @@ -676,7 +682,7 @@ SK_DUMMY_OBJS=\ regress/misc/sk-dummy/sk-dummy.lo \ regress/misc/sk-dummy/fatal.lo \ - ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo + ed25519.lo hash.lo SK_DUMMY_LIBRARY=@SK_DUMMY_LIBRARY@ @@ -689,6 +695,7 @@ regress-binaries: regress-prep $(LIBCOMPAT) \ regress/modpipe$(EXEEXT) \ + regress/timestamp$(EXEEXT) \ regress/setuid-allowed$(EXEEXT) \ regress/netcat$(EXEEXT) \ regress/check-perm$(EXEEXT) \ @@ -722,6 +729,7 @@ interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS) cd $(srcdir)/regress || exit $$?; \ EGREP='@EGREP@' \ + OPENSSL_BIN='@OPENSSL_BIN@' \ $(MAKE) \ .CURDIR="$(abs_top_srcdir)/regress" \ .OBJDIR="$(BUILDDIR)/regress" \
View file
_service:tar_scm:openssh-9.1p1.tar.gz/PROTOCOL -> _service:tar_scm:openssh-9.3p1.tar.gz/PROTOCOL
Changed
@@ -637,7 +637,7 @@ 4.12. sftp: Extension request "users-groups-by-id@openssh.com" -This request asks the server to returns user and/or group names that +This request asks the server to return user and/or group names that correspond to one or more IDs (e.g. as returned from a SSH_FXP_STAT request). This may be used by the client to provide usernames in directory listings. @@ -712,4 +712,4 @@ OpenSSH extends the usual agent protocol. These changes are documented in the PROTOCOL.agent file. -$OpenBSD: PROTOCOL,v 1.47 2022/09/19 10:40:52 djm Exp $ +$OpenBSD: PROTOCOL,v 1.48 2022/11/07 01:53:01 dtucker Exp $
View file
_service:tar_scm:openssh-9.1p1.tar.gz/README -> _service:tar_scm:openssh-9.3p1.tar.gz/README
Changed
@@ -1,4 +1,5 @@ -See https://www.openssh.com/releasenotes.html#9.1p1 for the release notes. +See https://www.openssh.com/releasenotes.html#9.3p1 for the release +notes. Please read https://www.openssh.com/report.html for bug reporting instructions and note that we do not use Github for bug reporting or
View file
_service:tar_scm:openssh-9.1p1.tar.gz/README.md -> _service:tar_scm:openssh-9.3p1.tar.gz/README.md
Changed
@@ -2,6 +2,7 @@ !C/C++ CI(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)(https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml) !Fuzzing Status(https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)(https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) +!Coverity Status(https://scan.coverity.com/projects/21341/badge.svg)(https://scan.coverity.com/projects/openssh-portable) OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs. @@ -34,7 +35,7 @@ zlib(https://www.zlib.net/) is optional; without it transport compression is not supported. -FIDO security token support needs libfido2(https://github.com/Yubico/libfido2) and its dependencies. +FIDO security token support needs libfido2(https://github.com/Yubico/libfido2) and its dependencies and will be enabled automatically if they are found. In addition, certain platforms and build-time options may require additional dependencies; see README.platform for details about your platform. @@ -75,7 +76,6 @@ ``--with-libedit`` | Enable libedit(https://www.thrysoee.dk/editline/) support for sftp. ``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both Heimdal(https://www.h5l.org/) and MIT(https://web.mit.edu/kerberos/) Kerberos implementations are supported. ``--with-selinux`` | Enable SELinux(https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support. -``--with-security-key-builtin`` | Include built-in support for U2F/FIDO2 security keys. This requires libfido2(https://github.com/Yubico/libfido2) be installed. ## Development
View file
_service:tar_scm:openssh-9.1p1.tar.gz/aclocal.m4 -> _service:tar_scm:openssh-9.3p1.tar.gz/aclocal.m4
Changed
@@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.3 -*- Autoconf -*- +# generated automatically by aclocal 1.16.5 -*- Autoconf -*- -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it,
View file
_service:tar_scm:openssh-9.1p1.tar.gz/addr.c -> _service:tar_scm:openssh-9.3p1.tar.gz/addr.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: addr.c,v 1.5 2022/04/29 04:55:07 djm Exp $ */ +/* $OpenBSD: addr.c,v 1.6 2022/10/28 02:29:34 djm Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> @@ -228,6 +228,28 @@ } int +addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b) +{ + int i; + + if (dst == NULL || a == NULL || b == NULL || a->af != b->af) + return (-1); + + memcpy(dst, a, sizeof(*dst)); + switch (a->af) { + case AF_INET: + dst->v4.s_addr |= b->v4.s_addr; + return (0); + case AF_INET6: + for (i = 0; i < 4; i++) + dst->addr32i |= b->addr32i; + return (0); + default: + return (-1); + } +} + +int addr_cmp(const struct xaddr *a, const struct xaddr *b) { int i; @@ -278,6 +300,29 @@ } } +/* Increment the specified address. Note, does not do overflow checking */ +void +addr_increment(struct xaddr *a) +{ + int i; + uint32_t n; + + switch (a->af) { + case AF_INET: + a->v4.s_addr = htonl(ntohl(a->v4.s_addr) + 1); + break; + case AF_INET6: + for (i = 0; i < 4; i++) { + /* Increment with carry */ + n = ntohl(a->addr323 - i) + 1; + a->addr323 - i = htonl(n); + if (n != 0) + break; + } + break; + } +} + /* * Test whether host portion of address 'a', as determined by 'masklen' * is all zeros. @@ -297,6 +342,32 @@ return addr_is_all0s(&tmp_result); } +#if 0 +int +addr_host_to_all0s(struct xaddr *a, u_int masklen) +{ + struct xaddr tmp_mask; + + if (addr_netmask(a->af, masklen, &tmp_mask) == -1) + return (-1); + if (addr_and(a, a, &tmp_mask) == -1) + return (-1); + return (0); +} +#endif + +int +addr_host_to_all1s(struct xaddr *a, u_int masklen) +{ + struct xaddr tmp_mask; + + if (addr_hostmask(a->af, masklen, &tmp_mask) == -1) + return (-1); + if (addr_or(a, a, &tmp_mask) == -1) + return (-1); + return (0); +} + /* * Parse string address 'p' into 'n'. * Returns 0 on success, -1 on failure.
View file
_service:tar_scm:openssh-9.1p1.tar.gz/addr.h -> _service:tar_scm:openssh-9.3p1.tar.gz/addr.h
Changed
@@ -52,9 +52,13 @@ int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l); int addr_ntop(const struct xaddr *n, char *p, size_t len); int addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b); +int addr_or(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b); int addr_cmp(const struct xaddr *a, const struct xaddr *b); int addr_is_all0s(const struct xaddr *n); int addr_host_is_all0s(const struct xaddr *n, u_int masklen); +int addr_host_to_all0s(struct xaddr *a, u_int masklen); +int addr_host_to_all1s(struct xaddr *a, u_int masklen); int addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen); +void addr_increment(struct xaddr *a); #endif /* _ADDR_H */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth-pam.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth-pam.c
Changed
@@ -252,7 +252,6 @@ static const char *sshpam_password = NULL; static char *sshpam_rhost = NULL; static char *sshpam_laddr = NULL; -static char *sshpam_conninfo = NULL; /* Some PAM implementations don't implement this */ #ifndef HAVE_PAM_GETENVLIST @@ -352,11 +351,12 @@ /* Import environment from subprocess */ if ((r = sshbuf_get_u32(b, &num_env)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - if (num_env > 1024) - fatal("%s: received %u environment variables, expected <= 1024", - __func__, num_env); + if (num_env > 1024) { + fatal_f("received %u environment variables, expected <= 1024", + num_env); + } sshpam_env = xcalloc(num_env + 1, sizeof(*sshpam_env)); - debug3("PAM: num env strings %d", num_env); + debug3("PAM: num env strings %u", num_env); for(i = 0; i < num_env; i++) { if ((r = sshbuf_get_cstring(b, &(sshpam_envi), NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -366,7 +366,11 @@ /* Import PAM environment from subprocess */ if ((r = sshbuf_get_u32(b, &num_env)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); - debug("PAM: num PAM env strings %d", num_env); + if (num_env > 1024) { + fatal_f("received %u PAM env variables, expected <= 1024", + num_env); + } + debug("PAM: num PAM env strings %u", num_env); for (i = 0; i < num_env; i++) { if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); @@ -688,6 +692,7 @@ { const char *pam_user, *user = authctxt->user; const char **ptr_pam_user = &pam_user; + int r; #if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE) /* Protect buggy PAM implementations from excessively long usernames */ @@ -729,9 +734,6 @@ options.use_dns)); sshpam_laddr = get_local_ipaddr( ssh_packet_get_connection_in(ssh)); - xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", - ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), - sshpam_laddr, ssh_local_port(ssh)); } if (sshpam_rhost != NULL) { debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost); @@ -742,8 +744,17 @@ sshpam_handle = NULL; return (-1); } + } + if (ssh != NULL && sshpam_laddr != NULL) { + char *conninfo; + /* Put SSH_CONNECTION in the PAM environment too */ - pam_putenv(sshpam_handle, sshpam_conninfo); + xasprintf(&conninfo, "SSH_CONNECTION=%.50s %d %.50s %d", + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), + sshpam_laddr, ssh_local_port(ssh)); + if ((r = pam_putenv(sshpam_handle, conninfo)) != PAM_SUCCESS) + logit("pam_putenv: %s", pam_strerror(sshpam_handle, r)); + free(conninfo); } #ifdef PAM_TTY_KLUDGE
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth-rhosts.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth-rhosts.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth-rhosts.c,v 1.56 2022/02/23 21:21:49 djm Exp $ */ +/* $OpenBSD: auth-rhosts.c,v 1.57 2022/12/09 00:17:40 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -19,6 +19,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <errno.h> #include <fcntl.h> #ifdef HAVE_NETGROUP_H # include <netgroup.h> @@ -283,6 +284,7 @@ xasprintf(&path, "%s/%s", pw->pw_dir, rhosts_filesrhosts_file_index); if (stat(path, &st) == -1) { + debug3_f("stat %s: %s", path, strerror(errno)); free(path); continue; }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth-shadow.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth-shadow.c
Changed
@@ -56,13 +56,13 @@ auth_shadow_acctexpired(struct spwd *spw) { time_t today; - int daysleft; + long long daysleft; int r; today = time(NULL) / DAY; daysleft = spw->sp_expire - today; - debug3("%s: today %d sp_expire %d days left %d", __func__, (int)today, - (int)spw->sp_expire, daysleft); + debug3("%s: today %lld sp_expire %lld days left %lld", __func__, + (long long)today, (long long)spw->sp_expire, daysleft); if (spw->sp_expire == -1) { debug3("account expiration disabled"); @@ -70,9 +70,9 @@ logit("Account %.100s has expired", spw->sp_namp); return 1; } else if (daysleft <= spw->sp_warn) { - debug3("account will expire in %d days", daysleft); + debug3("account will expire in %lld days", daysleft); if ((r = sshbuf_putf(loginmsg, - "Your account will expire in %d day%s.\n", daysleft, + "Your account will expire in %lld day%s.\n", daysleft, daysleft == 1 ? "" : "s")) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); } @@ -98,8 +98,8 @@ } today = time(NULL) / DAY; - debug3("%s: today %d sp_lstchg %d sp_max %d", __func__, (int)today, - (int)spw->sp_lstchg, (int)spw->sp_max); + debug3_f("today %lld sp_lstchg %lld sp_max %lld", (long long)today, + (long long)spw->sp_lstchg, (long long)spw->sp_max); #if defined(__hpux) && !defined(HAVE_SECUREWARE) if (iscomsec()) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.158 2022/06/03 04:47:21 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.160 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -74,7 +74,6 @@ #include "authfile.h" #include "monitor_wrap.h" #include "ssherr.h" -#include "compat.h" #include "channels.h" /* import */ @@ -571,14 +570,13 @@ va_list args; int r; - if (auth_debug == NULL) - return; - va_start(args, fmt); vsnprintf(buf, sizeof(buf), fmt, args); va_end(args); - if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) - fatal_fr(r, "sshbuf_put_cstring"); + debug3("%s", buf); + if (auth_debug != NULL) + if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0) + fatal_fr(r, "sshbuf_put_cstring"); } void
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth2-hostbased.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth2-hostbased.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-hostbased.c,v 1.50 2022/09/17 10:34:29 djm Exp $ */ +/* $OpenBSD: auth2-hostbased.c,v 1.52 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -40,7 +40,6 @@ #include "log.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "sshkey.h" #include "hostfile.h" #include "auth.h" @@ -101,12 +100,6 @@ "(received %d, expected %d)", key->type, pktype); goto done; } - if (sshkey_type_plain(key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - error("Refusing RSA key because peer uses unsafe " - "signature format"); - goto done; - } if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) { logit_f("signature algorithm %s not in " "HostbasedAcceptedAlgorithms", pkalg);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth2-none.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth2-none.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-none.c,v 1.24 2021/12/19 22:12:07 djm Exp $ */ +/* $OpenBSD: auth2-none.c,v 1.25 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -44,7 +44,6 @@ #include "log.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "ssh2.h" #include "ssherr.h" #ifdef GSSAPI
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth2-pubkey.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth2-pubkey.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.117 2022/09/17 10:34:29 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.118 2023/02/17 04:22:50 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -153,12 +153,6 @@ "(received %d, expected %d)", key->type, pktype); goto done; } - if (sshkey_type_plain(key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - logit("Refusing RSA key because client uses unsafe " - "signature scheme"); - goto done; - } if (auth2_key_already_used(authctxt, key)) { logit("refusing previously-used %s key", sshkey_type(key)); goto done;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth2-pubkeyfile.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth2-pubkeyfile.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkeyfile.c,v 1.3 2022/07/01 03:52:57 djm Exp $ */ +/* $OpenBSD: auth2-pubkeyfile.c,v 1.4 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -42,7 +42,6 @@ #include "ssh.h" #include "log.h" #include "misc.h" -#include "compat.h" #include "sshkey.h" #include "digest.h" #include "hostfile.h"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/auth2.c -> _service:tar_scm:openssh-9.3p1.tar.gz/auth2.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.166 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -46,7 +46,6 @@ #include "sshbuf.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "sshkey.h" #include "hostfile.h" #include "auth.h" @@ -178,7 +177,6 @@ ssh->authctxt = NULL; } -/*ARGSUSED*/ static int input_service_request(int type, u_int32_t seq, struct ssh *ssh) { @@ -256,7 +254,6 @@ nanosleep(&ts, NULL); } -/*ARGSUSED*/ static int input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/authfd.c -> _service:tar_scm:openssh-9.3p1.tar.gz/authfd.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfd.c,v 1.130 2022/04/27 11:08:55 dtucker Exp $ */ +/* $OpenBSD: authfd.c,v 1.133 2023/03/09 21:06:24 jcs Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -55,7 +55,6 @@ #include "sshkey.h" #include "authfd.h" #include "cipher.h" -#include "compat.h" #include "log.h" #include "atomicio.h" #include "misc.h" @@ -491,8 +490,8 @@ if ((b = sshbuf_new()) == NULL) return SSH_ERR_ALLOC_FAIL; - if ((r = encode_dest_constraint_hop(b, &dc->from) != 0) || - (r = encode_dest_constraint_hop(b, &dc->to) != 0) || + if ((r = encode_dest_constraint_hop(b, &dc->from)) != 0 || + (r = encode_dest_constraint_hop(b, &dc->to)) != 0 || (r = sshbuf_put_string(b, NULL, 0)) != 0) /* reserved */ goto out; if ((r = sshbuf_put_stringb(m, b)) != 0) @@ -666,7 +665,7 @@ struct dest_constraint **dest_constraints, size_t ndest_constraints) { struct sshbuf *msg; - int r, constrained = (life || confirm); + int r, constrained = (life || confirm || dest_constraints); u_char type; if (add) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/authfile.c -> _service:tar_scm:openssh-9.3p1.tar.gz/authfile.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.143 2022/06/21 14:52:13 tobhe Exp $ */ +/* $OpenBSD: authfile.c,v 1.144 2023/03/14 07:26:25 dtucker Exp $ */ /* * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. * @@ -211,6 +211,8 @@ int r; struct sshkey *k = NULL; + if (kp == NULL) + return SSH_ERR_INVALID_ARGUMENT; *kp = NULL; if (commentp != NULL) *commentp = NULL;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/canohost.c -> _service:tar_scm:openssh-9.3p1.tar.gz/canohost.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */ +/* $OpenBSD: canohost.c,v 1.76 2023/03/03 05:00:34 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -72,6 +72,9 @@ char ntopNI_MAXHOST; int r; + if (sock < 0) + return NULL; + /* Get IP address of client. */ addrlen = sizeof(addr); memset(&addr, 0, sizeof(addr));
View file
_service:tar_scm:openssh-9.1p1.tar.gz/channels.c -> _service:tar_scm:openssh-9.3p1.tar.gz/channels.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.420 2022/09/19 08:49:50 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.430 2023/03/10 03:01:51 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -151,6 +151,12 @@ int all_permitted; }; +/* Used to record timeouts per channel type */ +struct ssh_channel_timeout { + char *type_pattern; + u_int timeout_secs; +}; + /* Master structure for channels state */ struct ssh_channels { /* @@ -192,7 +198,7 @@ u_int x11_saved_data_len; /* Deadline after which all X11 connections are refused */ - u_int x11_refuse_time; + time_t x11_refuse_time; /* * Fake X11 authentication data. This is what the server will be @@ -204,6 +210,10 @@ /* AF_UNSPEC or AF_INET or AF_INET6 */ int IPv4or6; + + /* Channel timeouts by type */ + struct ssh_channel_timeout *timeouts; + size_t ntimeouts; }; /* helper */ @@ -297,6 +307,76 @@ } /* + * Add a timeout for open channels whose c->ctype (or c->xctype if it is set) + * match type_pattern. + */ +void +channel_add_timeout(struct ssh *ssh, const char *type_pattern, + u_int timeout_secs) +{ + struct ssh_channels *sc = ssh->chanctxt; + + debug2_f("channel type \"%s\" timeout %u seconds", + type_pattern, timeout_secs); + sc->timeouts = xrecallocarray(sc->timeouts, sc->ntimeouts, + sc->ntimeouts + 1, sizeof(*sc->timeouts)); + sc->timeoutssc->ntimeouts.type_pattern = xstrdup(type_pattern); + sc->timeoutssc->ntimeouts.timeout_secs = timeout_secs; + sc->ntimeouts++; +} + +/* Clears all previously-added channel timeouts */ +void +channel_clear_timeouts(struct ssh *ssh) +{ + struct ssh_channels *sc = ssh->chanctxt; + size_t i; + + debug3_f("clearing"); + for (i = 0; i < sc->ntimeouts; i++) + free(sc->timeoutsi.type_pattern); + free(sc->timeouts); + sc->timeouts = NULL; + sc->ntimeouts = 0; +} + +static u_int +lookup_timeout(struct ssh *ssh, const char *type) +{ + struct ssh_channels *sc = ssh->chanctxt; + size_t i; + + for (i = 0; i < sc->ntimeouts; i++) { + if (match_pattern(type, sc->timeoutsi.type_pattern)) + return sc->timeoutsi.timeout_secs; + } + + return 0; +} + +/* + * Sets "extended type" of a channel; used by session layer to add additional + * information about channel types (e.g. shell, login, subsystem) that can then + * be used to select timeouts. + * Will reset c->inactive_deadline as a side-effect. + */ +void +channel_set_xtype(struct ssh *ssh, int id, const char *xctype) +{ + Channel *c; + + if ((c = channel_by_id(ssh, id)) == NULL) + fatal_f("missing channel %d", id); + if (c->xctype != NULL) + free(c->xctype); + c->xctype = xstrdup(xctype); + /* Type has changed, so look up inactivity deadline again */ + c->inactive_deadline = lookup_timeout(ssh, c->xctype); + debug2_f("labeled channel %d as %s (inactive timeout %u)", id, xctype, + c->inactive_deadline); +} + +/* * Register filedescriptors for a channel, used when allocating a channel or * when the channel consumer/producer is ready, e.g. shell exec'd */ @@ -307,11 +387,11 @@ int val; if (rfd != -1) - fcntl(rfd, F_SETFD, FD_CLOEXEC); + (void)fcntl(rfd, F_SETFD, FD_CLOEXEC); if (wfd != -1 && wfd != rfd) - fcntl(wfd, F_SETFD, FD_CLOEXEC); + (void)fcntl(wfd, F_SETFD, FD_CLOEXEC); if (efd != -1 && efd != rfd && efd != wfd) - fcntl(efd, F_SETFD, FD_CLOEXEC); + (void)fcntl(efd, F_SETFD, FD_CLOEXEC); c->rfd = rfd; c->wfd = wfd; @@ -337,16 +417,19 @@ */ if (rfd != -1 && !isatty(rfd) && (val = fcntl(rfd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { + c->restore_flags0 = val; c->restore_block |= CHANNEL_RESTORE_RFD; set_nonblock(rfd); } if (wfd != -1 && !isatty(wfd) && (val = fcntl(wfd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { + c->restore_flags1 = val; c->restore_block |= CHANNEL_RESTORE_WFD; set_nonblock(wfd); } if (efd != -1 && !isatty(efd) && (val = fcntl(efd, F_GETFL)) != -1 && !(val & O_NONBLOCK)) { + c->restore_flags2 = val; c->restore_block |= CHANNEL_RESTORE_EFD; set_nonblock(efd); } @@ -415,8 +498,10 @@ c->remote_name = xstrdup(remote_name); c->ctl_chan = -1; c->delayed = 1; /* prevent call to channel_post handler */ + c->inactive_deadline = lookup_timeout(ssh, c->ctype); TAILQ_INIT(&c->status_confirms); - debug("channel %d: new %s", found, remote_name); + debug("channel %d: new %s %s (inactive timeout: %u)", + found, c->ctype, remote_name, c->inactive_deadline); return c; } @@ -428,10 +513,16 @@ if (fd == -1) return 0; - if ((*fdp == c->rfd && (c->restore_block & CHANNEL_RESTORE_RFD) != 0) || - (*fdp == c->wfd && (c->restore_block & CHANNEL_RESTORE_WFD) != 0) || - (*fdp == c->efd && (c->restore_block & CHANNEL_RESTORE_EFD) != 0)) - (void)fcntl(*fdp, F_SETFL, 0); /* restore blocking */ + /* restore blocking */ + if (*fdp == c->rfd && + (c->restore_block & CHANNEL_RESTORE_RFD) != 0) + (void)fcntl(*fdp, F_SETFL, c->restore_flags0); + else if (*fdp == c->wfd && + (c->restore_block & CHANNEL_RESTORE_WFD) != 0) + (void)fcntl(*fdp, F_SETFL, c->restore_flags1); + else if (*fdp == c->efd && + (c->restore_block & CHANNEL_RESTORE_EFD) != 0) + (void)fcntl(*fdp, F_SETFL, c->restore_flags2); if (*fdp == c->rfd) { c->io_want &= ~SSH_CHAN_IO_RFD; @@ -656,6 +747,8 @@ c->path = NULL; free(c->listening_addr); c->listening_addr = NULL; + free(c->xctype); + c->xctype = NULL; while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(ssh, c, cc->ctx); @@ -871,9 +964,9 @@ { char *ret = NULL; - xasprintf(&ret, "t%d %s%u i%u/%zu o%u/%zu e%s/%zu " + xasprintf(&ret, "t%d %s %s%u i%u/%zu o%u/%zu e%s/%zu " "fd %d/%d/%d sock %d cc %d io 0x%02x/0x%02x",
View file
_service:tar_scm:openssh-9.1p1.tar.gz/channels.h -> _service:tar_scm:openssh-9.3p1.tar.gz/channels.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.143 2022/05/05 00:56:58 djm Exp $ */ +/* $OpenBSD: channels.h,v 1.149 2023/03/04 03:22:59 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -88,7 +88,7 @@ struct fwd_perm_list; typedef void channel_open_fn(struct ssh *, int, int, void *); -typedef void channel_callback_fn(struct ssh *, int, void *); +typedef void channel_callback_fn(struct ssh *, int, int, void *); typedef int channel_infilter_fn(struct ssh *, struct Channel *, char *, int); typedef void channel_filter_cleanup_fn(struct ssh *, int, void *); typedef u_char *channel_outfilter_fn(struct ssh *, struct Channel *, @@ -153,6 +153,7 @@ * this way post-IO handlers are not * accidentally called if a FD gets reused */ int restore_block; /* fd mask to restore blocking status */ + int restore_flags3;/* flags to restore */ struct sshbuf *input; /* data read from socket, to be sent over * encrypted connection */ struct sshbuf *output; /* data received over encrypted connection for @@ -175,7 +176,8 @@ int extended_usage; int single_connection; - char *ctype; /* type */ + char *ctype; /* const type - NB. not freed on channel_free */ + char *xctype; /* extended type */ /* callback */ channel_open_fn *open_confirm; @@ -202,6 +204,13 @@ void *mux_ctx; int mux_pause; int mux_downstream_id; + + /* Inactivity timeouts */ + + /* Last traffic seen for OPEN channels */ + time_t lastused; + /* Inactivity timeout deadline in seconds (0 = no timeout) */ + u_int inactive_deadline; }; #define CHAN_EXTENDED_IGNORE 0 @@ -281,6 +290,8 @@ void channel_free(struct ssh *, Channel *); void channel_free_all(struct ssh *); void channel_stop_listening(struct ssh *); +void channel_force_close(struct ssh *, Channel *, int); +void channel_set_xtype(struct ssh *, int, const char *); void channel_send_open(struct ssh *, int); void channel_request_start(struct ssh *, int, char *, int); @@ -296,6 +307,10 @@ int channel_close_fd(struct ssh *, Channel *, int *); void channel_send_window_changes(struct ssh *); +/* channel inactivity timeouts */ +void channel_add_timeout(struct ssh *, const char *, u_int); +void channel_clear_timeouts(struct ssh *); + /* mux proxy support */ int channel_proxy_downstream(struct ssh *, Channel *mc); @@ -315,9 +330,10 @@ /* file descriptor handling (read/write) */ struct pollfd; +struct timespec; void channel_prepare_poll(struct ssh *, struct pollfd **, - u_int *, u_int *, u_int, time_t *); + u_int *, u_int *, u_int, struct timespec *); void channel_after_poll(struct ssh *, struct pollfd *, u_int); void channel_output_poll(struct ssh *); @@ -359,7 +375,7 @@ /* x11 forwarding */ -void channel_set_x11_refuse_time(struct ssh *, u_int); +void channel_set_x11_refuse_time(struct ssh *, time_t); int x11_connect_display(struct ssh *); int x11_create_display_inet(struct ssh *, int, int, int, u_int *, int **); void x11_request_forwarding_with_spoofing(struct ssh *, int,
View file
_service:tar_scm:openssh-9.1p1.tar.gz/clientloop.c -> _service:tar_scm:openssh-9.3p1.tar.gz/clientloop.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.380 2022/06/03 04:30:46 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.390 2023/03/08 04:43:12 guenther Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -158,8 +158,10 @@ static int connection_out; /* Connection to server (output). */ static int need_rekeying; /* Set to non-zero if rekeying is requested. */ static int session_closed; /* In SSH2: login session closed. */ -static u_int x11_refuse_time; /* If >0, refuse x11 opens after this time. */ +static time_t x11_refuse_time; /* If >0, refuse x11 opens after this time. */ static time_t server_alive_time; /* Time to do server_alive_check */ +static int hostkeys_update_complete; +static int session_setup_complete; static void client_init_dispatch(struct ssh *ssh); int session_ident = -1; @@ -213,7 +215,6 @@ * Signal handler for the window change signal (SIGWINCH). This just sets a * flag indicating that the window has changed. */ -/*ARGSUSED */ static void window_change_handler(int sig) { @@ -224,7 +225,6 @@ * Signal handler for signals that cause the program to terminate. These * signals must be trapped to restore terminal modes. */ -/*ARGSUSED */ static void signal_handler(int sig) { @@ -374,8 +374,8 @@ if (timeout != 0 && x11_refuse_time == 0) { now = monotime() + 1; - if (UINT_MAX - timeout < now) - x11_refuse_time = UINT_MAX; + if (SSH_TIME_T_MAX - timeout < now) + x11_refuse_time = SSH_TIME_T_MAX; else x11_refuse_time = now + timeout; channel_set_x11_refuse_time(ssh, @@ -516,16 +516,15 @@ u_int *npfd_allocp, u_int *npfd_activep, int rekeying, int *conn_in_readyp, int *conn_out_readyp) { - int timeout_secs, pollwait; - time_t minwait_secs = 0, now = monotime(); + struct timespec timeout; int ret; u_int p; *conn_in_readyp = *conn_out_readyp = 0; /* Prepare channel poll. First two pollfd entries are reserved */ - channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, - &minwait_secs); + ptimeout_init(&timeout); + channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, &timeout); if (*npfd_activep < 2) fatal_f("bad npfd %u", *npfd_activep); /* shouldn't happen */ @@ -549,30 +548,17 @@ * some polled descriptor can be read, written, or has some other * event pending, or a timeout expires. */ - - timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ + set_control_persist_exit_time(ssh); + if (control_persist_exit_time > 0) + ptimeout_deadline_monotime(&timeout, control_persist_exit_time); if (options.server_alive_interval > 0) - timeout_secs = MAXIMUM(server_alive_time - now, 0); - if (options.rekey_interval > 0 && !rekeying) - timeout_secs = MINIMUM(timeout_secs, + ptimeout_deadline_monotime(&timeout, server_alive_time); + if (options.rekey_interval > 0 && !rekeying) { + ptimeout_deadline_sec(&timeout, ssh_packet_get_rekey_timeout(ssh)); - set_control_persist_exit_time(ssh); - if (control_persist_exit_time > 0) { - timeout_secs = MINIMUM(timeout_secs, - control_persist_exit_time - now); - if (timeout_secs < 0) - timeout_secs = 0; - } - if (minwait_secs != 0) - timeout_secs = MINIMUM(timeout_secs, (int)minwait_secs); - if (timeout_secs == INT_MAX) - pollwait = -1; - else if (timeout_secs >= INT_MAX / 1000) - pollwait = INT_MAX; - else - pollwait = timeout_secs * 1000; + } - ret = poll(*pfdp, *npfd_activep, pollwait); + ret = poll(*pfdp, *npfd_activep, ptimeout_get_ms(&timeout)); if (ret == -1) { /* @@ -757,6 +743,72 @@ TAILQ_INSERT_TAIL(&global_confirms, gc, entry); } +/* + * Returns non-zero if the client is able to handle a hostkeys-00@openssh.com + * hostkey update request. + */ +static int +can_update_hostkeys(void) +{ + if (hostkeys_update_complete) + return 0; + if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK && + options.batch_mode) + return 0; /* won't ask in batchmode, so don't even try */ + if (!options.update_hostkeys || options.num_user_hostfiles <= 0) + return 0; + return 1; +} + +static void +client_repledge(void) +{ + debug3_f("enter"); + + /* Might be able to tighten pledge now that session is established */ + if (options.control_master || options.control_path != NULL || + options.forward_x11 || options.fork_after_authentication || + can_update_hostkeys() || + (session_ident != -1 && !session_setup_complete)) { + /* Can't tighten */ + return; + } + /* + * LocalCommand and UpdateHostkeys have finished, so can get rid of + * filesystem. + * + * XXX protocol allows a server can to change hostkeys during the + * connection at rekey time that could trigger a hostkeys update + * but AFAIK no implementations support this. Could improve by + * forcing known_hosts to be read-only or via unveil(2). + */ + if (options.num_local_forwards != 0 || + options.num_remote_forwards != 0 || + options.num_permitted_remote_opens != 0 || + options.enable_escape_commandline != 0) { + /* rfwd needs inet */ + debug("pledge: network"); + if (pledge("stdio unix inet dns proc tty", NULL) == -1) + fatal_f("pledge(): %s", strerror(errno)); + } else if (options.forward_agent != 0) { + /* agent forwarding needs to open $SSH_AUTH_SOCK at will */ + debug("pledge: agent"); + if (pledge("stdio unix proc tty", NULL) == -1) + fatal_f("pledge(): %s", strerror(errno)); + } else { + debug("pledge: fork"); + if (pledge("stdio proc tty", NULL) == -1) + fatal_f("pledge(): %s", strerror(errno)); + } + /* XXX further things to do: + * + * - might be able to get rid of proc if we kill ~^Z + * - ssh -N (no session) + * - stdio forwarding + * - sessions without tty + */ +} + static void process_cmdline(struct ssh *ssh) { @@ -846,8 +898,15 @@ } logit("Canceled forwarding."); } else { - if (!parse_forward(&fwd, s, dynamic, remote)) { - logit("Bad forwarding specification."); + /* -R specs can be both dynamic or not, so check both. */ + if (remote) { + if (!parse_forward(&fwd, s, 0, remote) && + !parse_forward(&fwd, s, 1, remote)) { + logit("Bad remote forwarding specification."); + goto out; + } + } else if (!parse_forward(&fwd, s, dynamic, remote)) { + logit("Bad local forwarding specification."); goto out; } if (local || dynamic) { @@ -880,6 +939,7 @@ #define SUPPRESS_MUXCLIENT 1 /* don't show in mux client sessions */ #define SUPPRESS_MUXMASTER 2 /* don't show in mux master sessions */ #define SUPPRESS_SYSLOG 4 /* don't show when logging to syslog */ +#define SUPPRESS_NOCMDLINE 8 /* don't show when cmdline disabled*/
View file
_service:tar_scm:openssh-9.1p1.tar.gz/compat.c -> _service:tar_scm:openssh-9.3p1.tar.gz/compat.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.120 2022/07/01 03:35:45 dtucker Exp $ */ +/* $OpenBSD: compat.c,v 1.126 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. * @@ -36,7 +36,6 @@ #include "compat.h" #include "log.h" #include "match.h" -#include "kex.h" /* determine bug flags from SSH protocol banner */ void @@ -77,26 +76,8 @@ { "3.0.*", SSH_BUG_DEBUG }, { "3.0 SecureCRT*", SSH_OLD_SESSIONID }, { "1.7 SecureFX*", SSH_OLD_SESSIONID }, - { "1.2.18*," - "1.2.19*," - "1.2.20*," - "1.2.21*," - "1.2.22*", SSH_BUG_IGNOREMSG }, - { "1.3.2*", /* F-Secure */ - SSH_BUG_IGNOREMSG }, { "Cisco-1.*", SSH_BUG_DHGEX_LARGE| SSH_BUG_HOSTKEYS }, - { "*SSH Compatible Server*", /* Netscreen */ - SSH_BUG_PASSWORDPAD }, - { "*OSU_0*," - "OSU_1.0*," - "OSU_1.1*," - "OSU_1.2*," - "OSU_1.3*," - "OSU_1.4*," - "OSU_1.5alpha1*," - "OSU_1.5alpha2*," - "OSU_1.5alpha3*", SSH_BUG_PASSWORDPAD }, { "*SSH_Version_Mapper*", SSH_BUG_SCANNER }, { "PuTTY_Local:*," /* dev versions < Sep 2014 */ @@ -158,58 +139,28 @@ /* Always returns pointer to allocated memory, caller must free. */ char * -compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) +compat_kex_proposal(struct ssh *ssh, const char *p) { - if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) - return xstrdup(cipher_prop); - debug2_f("original cipher proposal: %s", cipher_prop); - if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) - fatal("match_filter_denylist failed"); - debug2_f("compat cipher proposal: %s", cipher_prop); - if (*cipher_prop == '\0') - fatal("No supported ciphers found"); - return cipher_prop; -} - -/* Always returns pointer to allocated memory, caller must free. */ -char * -compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) -{ - if (!(ssh->compat & SSH_BUG_RSASIGMD5)) - return xstrdup(pkalg_prop); - debug2_f("original public key proposal: %s", pkalg_prop); - if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) - fatal("match_filter_denylist failed"); - debug2_f("compat public key proposal: %s", pkalg_prop); - if (*pkalg_prop == '\0') - fatal("No supported PK algorithms found"); - return pkalg_prop; -} - -/* Always returns pointer to allocated memory, caller must free. */ -char * -compat_kex_proposal(struct ssh *ssh, char *p) -{ - char *cp = NULL; + char *cp = NULL, *cp2 = NULL; if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) return xstrdup(p); debug2_f("original KEX proposal: %s", p); if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) - if ((p = match_filter_denylist(p, + if ((cp = match_filter_denylist(p, "curve25519-sha256@libssh.org")) == NULL) fatal("match_filter_denylist failed"); if ((ssh->compat & SSH_OLD_DHGEX) != 0) { - cp = p; - if ((p = match_filter_denylist(p, + if ((cp2 = match_filter_denylist(cp ? cp : p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) fatal("match_filter_denylist failed"); free(cp); + cp = cp2; } - debug2_f("compat KEX proposal: %s", p); - if (*p == '\0') + if (cp == NULL || *cp == '\0') fatal("No supported key exchange algorithms found"); - return p; + debug2_f("compat KEX proposal: %s", cp); + return cp; }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/compat.h -> _service:tar_scm:openssh-9.3p1.tar.gz/compat.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: compat.h,v 1.57 2021/06/06 03:40:39 djm Exp $ */ +/* $OpenBSD: compat.h,v 1.62 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. @@ -35,12 +35,12 @@ /* #define unused 0x00000020 */ #define SSH_BUG_DEBUG 0x00000040 /* #define unused 0x00000080 */ -#define SSH_BUG_IGNOREMSG 0x00000100 +/* #define unused 0x00000100 */ /* #define unused 0x00000200 */ -#define SSH_BUG_PASSWORDPAD 0x00000400 +/* #define unused 0x00000400 */ #define SSH_BUG_SCANNER 0x00000800 -#define SSH_BUG_BIGENDIANAES 0x00001000 -#define SSH_BUG_RSASIGMD5 0x00002000 +/* #define unused 0x00001000 */ +/* #define unused 0x00002000 */ #define SSH_OLD_DHGEX 0x00004000 #define SSH_BUG_NOREKEY 0x00008000 /* #define unused 0x00010000 */ @@ -61,7 +61,5 @@ struct ssh; void compat_banner(struct ssh *, const char *); -char *compat_cipher_proposal(struct ssh *, char *); -char *compat_pkalg_proposal(struct ssh *, char *); -char *compat_kex_proposal(struct ssh *, char *); +char *compat_kex_proposal(struct ssh *, const char *); #endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/config.guess -> _service:tar_scm:openssh-9.3p1.tar.gz/config.guess
Changed
@@ -1,12 +1,14 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2020 Free Software Foundation, Inc. +# Copyright 1992-2022 Free Software Foundation, Inc. -timestamp='2020-04-26' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2022-09-17' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -27,11 +29,19 @@ # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess # # Please send patches to <config-patches@gnu.org>. +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + + me=`echo "$0" | sed -e 's,.*/,,'` usage="\ @@ -50,7 +60,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2020 Free Software Foundation, Inc. +Copyright 1992-2022 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -84,6 +94,9 @@ exit 1 fi +# Just in case it came from the environment. +GUESS= + # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a @@ -102,7 +115,7 @@ # prevent multiple calls if $tmp is already set test "$tmp" && return 0 : "${TMPDIR=/tmp}" - # shellcheck disable=SC2039 + # shellcheck disable=SC2039,SC3028 { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || @@ -112,7 +125,7 @@ ,,) echo "int x;" > "$dummy.c" for driver in cc gcc c89 c99 ; do if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then - CC_FOR_BUILD="$driver" + CC_FOR_BUILD=$driver break fi done @@ -133,14 +146,12 @@ UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "$UNAME_SYSTEM" in +case $UNAME_SYSTEM in Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu + LIBC=unknown set_cc_for_build cat <<-EOF > "$dummy.c" @@ -149,24 +160,37 @@ LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc - #else + #elif defined(__GLIBC__) LIBC=gnu + #else + #include <stdarg.h> + /* First heuristic to detect musl libc. */ + #ifdef __DEFINED_va_list + LIBC=musl + #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "$cc_set_libc" - # If ldd exists, use it to detect musl libc. - if command -v ldd >/dev/null && \ - ldd --version 2>&1 | grep -q ^musl - then - LIBC=musl + # Second heuristic to detect musl libc. + if "$LIBC" = unknown && + command -v ldd >/dev/null && + ldd --version 2>&1 | grep -q ^musl; then + LIBC=musl + fi + + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + if "$LIBC" = unknown ; then + LIBC=gnu fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in +case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -178,12 +202,12 @@ # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - "/sbin/$sysctl" 2>/dev/null || \ - "/usr/sbin/$sysctl" 2>/dev/null || \ + /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ echo unknown)` - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in + aarch64eb) machine=aarch64_be-unknown ;; armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; @@ -192,13 +216,13 @@ earmv*) arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv0-9\).*$,\1,'` endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` - machine="${arch}${endian}"-unknown + machine=${arch}${endian}-unknown ;; - *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + *) machine=$UNAME_MACHINE_ARCH-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) os=netbsdelf ;; @@ -219,7 +243,7 @@ ;; esac # Determine ABI tags. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) expr='s/^earmv0-9/-eabi/;s/eb$//' abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` @@ -230,7 +254,7 @@ # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "$UNAME_VERSION" in + case $UNAME_VERSION in Debian*) release='-gnu' ;; @@ -241,51 +265,57 @@ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "$machine-${os}${release}${abi-}" - exit ;; + GUESS=$machine-${os}${release}${abi-} + ;;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/config.h.in -> _service:tar_scm:openssh-9.3p1.tar.gz/config.h.in
Changed
@@ -1936,6 +1936,9 @@ /* Define as const if snprintf() can declare const char *fmt */ #undef SNPRINTF_CONST +/* sockaddr_in has sin_len */ +#undef SOCK_HAS_LEN + /* Define to a Set Process Title type if your system is supported by bsd-setproctitle.c */ #undef SPT_TYPE
View file
_service:tar_scm:openssh-9.1p1.tar.gz/config.sub -> _service:tar_scm:openssh-9.3p1.tar.gz/config.sub
Changed
@@ -1,12 +1,14 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2020 Free Software Foundation, Inc. +# Copyright 1992-2022 Free Software Foundation, Inc. -timestamp='2020-05-04' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2022-09-17' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -33,7 +35,7 @@ # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub +# https://git.savannah.gnu.org/cgit/config.git/plain/config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -50,6 +52,13 @@ # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + me=`echo "$0" | sed -e 's,.*/,,'` usage="\ @@ -67,7 +76,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2020 Free Software Foundation, Inc. +Copyright 1992-2022 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -112,9 +121,11 @@ # Split fields of configuration type # shellcheck disable=SC2162 +saved_IFS=$IFS IFS="-" read field1 field2 field3 field4 <<EOF $1 EOF +IFS=$saved_IFS # Separate into logical components for further validation case $1 in @@ -124,28 +135,27 @@ ;; *-*-*-*) basic_machine=$field1-$field2 - os=$field3-$field4 + basic_os=$field3-$field4 ;; *-*-*) # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two # parts maybe_os=$field2-$field3 case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \ - | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \ + nto-qnx* | linux-* | uclinux-uclibc* \ | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ - | storm-chaos* | os2-emx* | rtmk-nova*) + | storm-chaos* | os2-emx* | rtmk-nova* | managarm-*) basic_machine=$field1 - os=$maybe_os + basic_os=$maybe_os ;; android-linux) basic_machine=$field1-unknown - os=linux-android + basic_os=linux-android ;; *) basic_machine=$field1-$field2 - os=$field3 + basic_os=$field3 ;; esac ;; @@ -154,7 +164,7 @@ case $field1-$field2 in decstation-3100) basic_machine=mips-dec - os= + basic_os= ;; *-*) # Second component is usually, but not always the OS @@ -162,7 +172,11 @@ # Prevent following clause from handling this valid os sun*os*) basic_machine=$field1 - os=$field2 + basic_os=$field2 + ;; + zephyr*) + basic_machine=$field1-unknown + basic_os=$field2 ;; # Manufacturers dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ @@ -175,11 +189,11 @@ | microblaze* | sim | cisco \ | oki | wec | wrs | winbond) basic_machine=$field1-$field2 - os= + basic_os= ;; *) basic_machine=$field1 - os=$field2 + basic_os=$field2 ;; esac ;; @@ -191,447 +205,451 @@ case $field1 in 386bsd) basic_machine=i386-pc - os=bsd + basic_os=bsd ;; a29khif) basic_machine=a29k-amd - os=udi + basic_os=udi ;; adobe68k) basic_machine=m68010-adobe - os=scout + basic_os=scout ;; alliant) basic_machine=fx80-alliant - os= + basic_os= ;; altos | altos3068) basic_machine=m68k-altos - os= + basic_os= ;; am29k) basic_machine=a29k-none - os=bsd + basic_os=bsd ;; amdahl) basic_machine=580-amdahl - os=sysv + basic_os=sysv ;; amiga) basic_machine=m68k-unknown - os= + basic_os= ;; amigaos | amigados) basic_machine=m68k-unknown - os=amigaos + basic_os=amigaos ;; amigaunix | amix) basic_machine=m68k-unknown - os=sysv4 + basic_os=sysv4 ;; apollo68) basic_machine=m68k-apollo - os=sysv + basic_os=sysv ;; apollo68bsd) basic_machine=m68k-apollo - os=bsd + basic_os=bsd ;; aros) basic_machine=i386-pc - os=aros + basic_os=aros ;;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/configure -> _service:tar_scm:openssh-9.3p1.tar.gz/configure
Changed
@@ -673,6 +673,8 @@ SSH_PRIVSEP_USER LIBFIDO2 SK_DUMMY_LIBRARY +OPENSSL_BIN +openssl_bin PICFLAG LIBEDIT LDNSCONFIG @@ -5991,12 +5993,14 @@ fi openssl=yes +openssl_bin=openssl # Check whether --with-openssl was given. if test ${with_openssl+y} then : withval=$with_openssl; if test "x$withval" = "xno" ; then openssl=no + openssl_bin="" fi @@ -6063,6 +6067,26 @@ CFLAGS="$saved_CFLAGS" if test "$GCC" = "yes" || test "$GCC" = "egcs"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 +printf %s "checking gcc version... " >&6; } + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` + case "$GCC_VER" in + 1.*) no_attrib_nonnull=1 ;; + 2.8* | 2.9*) + no_attrib_nonnull=1 + ;; + 2.*) no_attrib_nonnull=1 ;; + *) ;; + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 +printf "%s\n" "$GCC_VER" >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking clang version" >&5 +printf %s "checking clang version... " >&6; } + CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CLANG_VER" >&5 +printf "%s\n" "$CLANG_VER" >&6; } + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -pipe" >&5 printf %s "checking if $CC supports compile flag -pipe... " >&6; } @@ -7464,7 +7488,69 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext } - { + # clang 15 seems to have a bug in -fzero-call-used-regs=all. See + # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and + # https://github.com/llvm/llvm-project/issues/59242 + case "$CLANG_VER" in + 15.*) { + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=used" >&5 +printf %s "checking if $CC supports compile flag -fzero-call-used-regs=used... " >&6; } + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $WERROR -fzero-call-used-regs=used" + _define_flag="" + test "x$_define_flag" = "x" && _define_flag="-fzero-call-used-regs=used" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include <stdlib.h> +#include <stdio.h> +/* Trivial function to help test for -fzero-call-used-regs */ +void f(int n) {} +int main(int argc, char **argv) { + (void)argv; + /* Some math to catch -ftrapv problems in the toolchain */ + int i = 123 * argc, j = 456 + argc, k = 789 - argc; + float l = i * 2.1; + double m = l / 0.5; + long long int n = argc * 12345LL, o = 12345LL * (long long int)argc; + f(0); + printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o); + /* + * Test fallthrough behaviour. clang 10's -Wimplicit-fallthrough does + * not understand comments and we don't use the "fallthrough" attribute + * that it's looking for. + */ + switch(i){ + case 0: j += i; + /* FALLTHROUGH */ + default: j += k; + } + exit(0); +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + CFLAGS="$saved_CFLAGS $_define_flag" +fi +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + CFLAGS="$saved_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +} ;; + *) { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -fzero-call-used-regs=all" >&5 printf %s "checking if $CC supports compile flag -fzero-call-used-regs=all... " >&6; } saved_CFLAGS="$CFLAGS" @@ -7521,7 +7607,8 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext -} +} ;; + esac { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -ftrivial-auto-var-init=zero" >&5 printf %s "checking if $CC supports compile flag -ftrivial-auto-var-init=zero... " >&6; } @@ -7581,19 +7668,6 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext } fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking gcc version" >&5 -printf %s "checking gcc version... " >&6; } - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) no_attrib_nonnull=1 ;; - 2.8* | 2.9*) - no_attrib_nonnull=1 - ;; - 2.*) no_attrib_nonnull=1 ;; - *) ;; - esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GCC_VER" >&5 -printf "%s\n" "$GCC_VER" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC accepts -fno-builtin-memset" >&5 printf %s "checking if $CC accepts -fno-builtin-memset... " >&6; } @@ -7958,6 +8032,17 @@ fi +if test "x$ac_cv_header_sys_stat_h" != "xyes"; then + unset ac_cv_header_sys_stat_h + ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_stat_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STAT_H 1" >>confdefs.h + +fi + +fi + ac_fn_c_check_header_compile "$LINENO" "blf.h" "ac_cv_header_blf_h" "$ac_includes_default" if test "x$ac_cv_header_blf_h" = xyes then : @@ -8300,12 +8385,6 @@ printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h fi -ac_fn_c_check_header_compile "$LINENO" "sys/stat.h" "ac_cv_header_sys_stat_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_stat_h" = xyes -then : - printf "%s\n" "#define HAVE_SYS_STAT_H 1" >>confdefs.h - -fi ac_fn_c_check_header_compile "$LINENO" "sys/stream.h" "ac_cv_header_sys_stream_h" "$ac_includes_default" if test "x$ac_cv_header_sys_stream_h" = xyes then : @@ -9006,7 +9085,7 @@ #include <mach-o/dyld.h> #include <stdlib.h> -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) +int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) exit(0); else exit(1); @@ -9372,7 +9451,7 @@ no_dev_ptmx=1 use_pie=auto check_for_openpty_ctty_bug=1 - CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" printf "%s\n" "#define BROKEN_CLOSEFROM 1" >>confdefs.h
View file
_service:tar_scm:openssh-9.1p1.tar.gz/configure.ac -> _service:tar_scm:openssh-9.3p1.tar.gz/configure.ac
Changed
@@ -130,10 +130,12 @@ ) openssl=yes +openssl_bin=openssl AC_ARG_WITH(openssl, --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** , if test "x$withval" = "xno" ; then openssl=no + openssl_bin="" fi ) @@ -172,6 +174,22 @@ CFLAGS="$saved_CFLAGS" if test "$GCC" = "yes" || test "$GCC" = "egcs"; then + AC_MSG_CHECKING(gcc version) + GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` + case "$GCC_VER" in + 1.*) no_attrib_nonnull=1 ;; + 2.8* | 2.9*) + no_attrib_nonnull=1 + ;; + 2.*) no_attrib_nonnull=1 ;; + *) ;; + esac + AC_MSG_RESULT($GCC_VER) + + AC_MSG_CHECKING(clang version) + CLANG_VER=`$CC -v 2>&1 | $AWK '/clang version /{print $3}'` + AC_MSG_RESULT($CLANG_VER) + OSSH_CHECK_CFLAG_COMPILE(-pipe) OSSH_CHECK_CFLAG_COMPILE(-Wunknown-warning-option) OSSH_CHECK_CFLAG_COMPILE(-Wno-error=format-truncation) @@ -203,20 +221,15 @@ # actually links. The test program compiled/linked includes a number # of integer operations that should exercise this. OSSH_CHECK_CFLAG_LINK(-ftrapv) - OSSH_CHECK_CFLAG_COMPILE(-fzero-call-used-regs=all) + # clang 15 seems to have a bug in -fzero-call-used-regs=all. See + # https://bugzilla.mindrot.org/show_bug.cgi?id=3475 and + # https://github.com/llvm/llvm-project/issues/59242 + case "$CLANG_VER" in + 15.*) OSSH_CHECK_CFLAG_COMPILE(-fzero-call-used-regs=used) ;; + *) OSSH_CHECK_CFLAG_COMPILE(-fzero-call-used-regs=all) ;; + esac OSSH_CHECK_CFLAG_COMPILE(-ftrivial-auto-var-init=zero) fi - AC_MSG_CHECKING(gcc version) - GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'` - case $GCC_VER in - 1.*) no_attrib_nonnull=1 ;; - 2.8* | 2.9*) - no_attrib_nonnull=1 - ;; - 2.*) no_attrib_nonnull=1 ;; - *) ;; - esac - AC_MSG_RESULT($GCC_VER) AC_MSG_CHECKING(if $CC accepts -fno-builtin-memset) saved_CFLAGS="$CFLAGS" @@ -417,6 +430,14 @@ ) +dnl On some old platforms, sys/stat.h requires sys/types.h, but autoconf-2.71's +dnl AC_CHECK_INCLUDES_DEFAULT checks for them in the opposite order. If we +dnl haven't detected it, recheck. +if test "x$ac_cv_header_sys_stat_h" != "xyes"; then + unset ac_cv_header_sys_stat_h + AC_CHECK_HEADERS(sys/stat.h) +fi + AC_CHECK_HEADERS( \ blf.h \ bstring.h \ @@ -475,7 +496,6 @@ sys/ptrace.h \ sys/random.h \ sys/select.h \ - sys/stat.h \ sys/stream.h \ sys/stropts.h \ sys/strtio.h \ @@ -713,7 +733,7 @@ AC_RUN_IFELSE(AC_LANG_SOURCE( #include <mach-o/dyld.h> #include <stdlib.h> -main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) +int main(void) { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) exit(0); else exit(1); @@ -863,7 +883,8 @@ check_for_openpty_ctty_bug=1 dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE - CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" + dnl _GNU_SOURCE is needed for setres*id prototypes. + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_GNU_SOURCE" AC_DEFINE(BROKEN_CLOSEFROM, 1, broken in chroots on older kernels) AC_DEFINE(PAM_TTY_KLUDGE, 1, Work around problematic Linux PAM modules handling of PAM_TTY) @@ -1658,7 +1679,7 @@ # include <stdint.h> #endif #include <ldns/ldns.h> -int main() { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } +int main(void) { ldns_status status = ldns_verify_trusted(NULL, NULL, NULL, NULL); status=LDNS_STATUS_OK; exit(0); } ) , AC_MSG_RESULT(yes), @@ -2168,8 +2189,9 @@ AC_MSG_CHECKING(if setresuid seems to work) AC_RUN_IFELSE( AC_LANG_PROGRAM( -#include <stdlib.h> #include <errno.h> +#include <stdlib.h> +#include <unistd.h> , errno=0; setresuid(0,0,0); @@ -2191,8 +2213,9 @@ AC_MSG_CHECKING(if setresgid seems to work) AC_RUN_IFELSE( AC_LANG_PROGRAM( -#include <stdlib.h> #include <errno.h> +#include <stdlib.h> +#include <unistd.h> , errno=0; setresgid(0,0,0); @@ -2373,6 +2396,9 @@ #include <stdio.h> #include <stdlib.h> #include <unistd.h> +#ifdef HAVE_PTY_H +# include <pty.h> +#endif #include <sys/fcntl.h> #include <sys/types.h> #include <sys/wait.h> @@ -2657,6 +2683,7 @@ # Search for OpenSSL saved_CPPFLAGS="$CPPFLAGS" saved_LDFLAGS="$LDFLAGS" +openssl_bin_PATH="$PATH" AC_ARG_WITH(ssl-dir, --with-ssl-dir=PATH Specify path to OpenSSL installation , @@ -2686,9 +2713,12 @@ else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi + openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" fi ) +AC_PATH_PROGS(openssl_bin, openssl, , $openssl_bin_PATH) +AC_SUBST(OPENSSL_BIN, ${openssl_bin}) AC_ARG_WITH(openssl-header-check, --without-openssl-header-check Disable OpenSSL version consistency check, @@ -2812,7 +2842,7 @@ # OpenSSL 3; we use the 1.1x API CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" ;; - 301*) + 301*|302*) # OpenSSL development branch; request 1.1x API CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" ;; @@ -3215,7 +3245,7 @@ Enable for built-in U2F/FIDO support) enable_sk="built-in" saved_LIBS="$LIBS" - LIBS="$LIBS $LIBFIDO2" + LIBS="$LIBFIDO2 $LIBS" AC_CHECK_FUNCS( \ fido_assert_set_clientdata \ fido_cred_prot \ @@ -4259,7 +4289,7 @@ #include <stdlib.h> #include <string.h> #ifdef HAVE_SNPRINTF -main() +int main(void) { char buf50; char expected_out50; @@ -4276,7 +4306,7 @@ exit(0); } #else -main() { exit(0); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/contrib/redhat/openssh.spec -> _service:tar_scm:openssh-9.3p1.tar.gz/contrib/redhat/openssh.spec
Changed
@@ -1,4 +1,4 @@ -%global ver 9.1p1 +%global ver 9.3p1 %global rel 1%{?dist} # OpenSSH privilege separation requires a user & group ID
View file
_service:tar_scm:openssh-9.1p1.tar.gz/contrib/suse/openssh.spec -> _service:tar_scm:openssh-9.3p1.tar.gz/contrib/suse/openssh.spec
Changed
@@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 9.1p1 +Version: 9.3p1 URL: https://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz
View file
_service:tar_scm:openssh-9.1p1.tar.gz/crypto_api.h -> _service:tar_scm:openssh-9.3p1.tar.gz/crypto_api.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: crypto_api.h,v 1.7 2021/01/08 02:33:13 dtucker Exp $ */ +/* $OpenBSD: crypto_api.h,v 1.8 2023/01/15 23:05:32 djm Exp $ */ /* * Assembled from generated headers and source files by Markus Friedl. @@ -32,8 +32,6 @@ int crypto_hash_sha512(unsigned char *, const unsigned char *, unsigned long long); -int crypto_verify_32(const unsigned char *, const unsigned char *); - #define crypto_sign_ed25519_SECRETKEYBYTES 64U #define crypto_sign_ed25519_PUBLICKEYBYTES 32U #define crypto_sign_ed25519_BYTES 64U
View file
_service:tar_scm:openssh-9.1p1.tar.gz/dispatch.c -> _service:tar_scm:openssh-9.3p1.tar.gz/dispatch.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: dispatch.c,v 1.32 2019/01/19 21:33:13 djm Exp $ */ +/* $OpenBSD: dispatch.c,v 1.33 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -34,7 +34,6 @@ #include "log.h" #include "dispatch.h" #include "packet.h" -#include "compat.h" #include "ssherr.h" int
View file
_service:tar_scm:openssh-9.1p1.tar.gz/dns.c -> _service:tar_scm:openssh-9.3p1.tar.gz/dns.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: dns.c,v 1.42 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: dns.c,v 1.44 2023/03/10 04:06:21 dtucker Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -258,6 +258,7 @@ if (!dns_read_key(&hostkey_algorithm, &dnskey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating key fingerprint."); + free(dnskey_digest); freerrset(fingerprints); return -1; } @@ -301,7 +302,8 @@ * Export the fingerprint of a key as a DNS resource record */ int -export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) +export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic, + int alg) { u_int8_t rdata_pubkey_algorithm = 0; u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; @@ -311,6 +313,8 @@ int success = 0; for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { + if (alg != -1 && dtype != alg) + continue; rdata_digest_type = dtype; if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, &rdata_digest, &rdata_digest_len, key)) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/dns.h -> _service:tar_scm:openssh-9.3p1.tar.gz/dns.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: dns.h,v 1.19 2021/07/19 03:13:28 dtucker Exp $ */ +/* $OpenBSD: dns.h,v 1.20 2023/02/10 04:56:30 djm Exp $ */ /* * Copyright (c) 2003 Wesley Griffin. All rights reserved. @@ -54,6 +54,6 @@ int verify_host_key_dns(const char *, struct sockaddr *, struct sshkey *, int *); -int export_dns_rr(const char *, struct sshkey *, FILE *, int); +int export_dns_rr(const char *, struct sshkey *, FILE *, int, int); #endif /* DNS_H */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ed25519.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ed25519.c
Changed
@@ -1,52 +1,1935 @@ -/* $OpenBSD: ed25519.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */ +/* $OpenBSD: ed25519.c,v 1.4 2023/01/15 23:05:32 djm Exp $ */ /* - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, - * Peter Schwabe, Bo-Yin Yang. - * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c + * Public Domain, Authors: + * - Daniel J. Bernstein + * - Niels Duif + * - Tanja Lange + * - lead: Peter Schwabe + * - Bo-Yin Yang */ #include "includes.h" + +#include <string.h> + #include "crypto_api.h" -#include "ge25519.h" +#define int8 crypto_int8 +#define uint8 crypto_uint8 +#define int16 crypto_int16 +#define uint16 crypto_uint16 +#define int32 crypto_int32 +#define uint32 crypto_uint32 +#define int64 crypto_int64 +#define uint64 crypto_uint64 + +/* from supercop-20221122/crypto_verify/32/ref/verify.c */ + +static int crypto_verify_32(const unsigned char *x,const unsigned char *y) +{ + unsigned int differentbits = 0; +#define F(i) differentbits |= xi ^ yi; + F(0) + F(1) + F(2) + F(3) + F(4) + F(5) + F(6) + F(7) + F(8) + F(9) + F(10) + F(11) + F(12) + F(13) + F(14) + F(15) + F(16) + F(17) + F(18) + F(19) + F(20) + F(21) + F(22) + F(23) + F(24) + F(25) + F(26) + F(27) + F(28) + F(29) + F(30) + F(31) + return (1 & ((differentbits - 1) >> 8)) - 1; +} +/* from supercop-20221122/crypto_sign/ed25519/ref/fe25519.h */ +#ifndef FE25519_H +#define FE25519_H + + +#define fe25519 crypto_sign_ed25519_ref_fe25519 +#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze +#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack +#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack +#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero +#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime +#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov +#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone +#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero +#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg +#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity +#define fe25519_add crypto_sign_ed25519_ref_fe25519_add +#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub +#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul +#define fe25519_square crypto_sign_ed25519_ref_fe25519_square +#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert +#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523 + +typedef struct +{ + crypto_uint32 v32; +} +fe25519; + +static void fe25519_freeze(fe25519 *r); + +static void fe25519_unpack(fe25519 *r, const unsigned char x32); + +static void fe25519_pack(unsigned char r32, const fe25519 *x); + +static int fe25519_iszero(const fe25519 *x); + +static int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y); + +static void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b); + +static void fe25519_setone(fe25519 *r); + +static void fe25519_setzero(fe25519 *r); + +static void fe25519_neg(fe25519 *r, const fe25519 *x); + +unsigned char fe25519_getparity(const fe25519 *x); + +static void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y); -static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen) +static void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y); + +static void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y); + +static void fe25519_square(fe25519 *r, const fe25519 *x); + +static void fe25519_invert(fe25519 *r, const fe25519 *x); + +static void fe25519_pow2523(fe25519 *r, const fe25519 *x); + +#endif +/* from supercop-20221122/crypto_sign/ed25519/ref/fe25519.c */ +#define WINDOWSIZE 1 /* Should be 1,2, or 4 */ +#define WINDOWMASK ((1<<WINDOWSIZE)-1) + + +static crypto_uint32 fe25519_equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ +{ + crypto_uint32 x = a ^ b; /* 0: yes; 1..65535: no */ + x -= 1; /* 4294967295: yes; 0..65534: no */ + x >>= 31; /* 1: yes; 0: no */ + return x; +} + +static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */ { - unsigned long long i; + unsigned int x = a; + x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */ + x >>= 31; /* 0: yes; 1: no */ + x ^= 1; /* 1: yes; 0: no */ + return x; +} - for (i = 0;i < 32;++i) playgroundi = smi; - for (i = 32;i < 64;++i) playgroundi = pki-32; - for (i = 64;i < smlen;++i) playgroundi = smi; +static crypto_uint32 times19(crypto_uint32 a) +{ + return (a << 4) + (a << 1) + a; +} - crypto_hash_sha512(hram,playground,smlen); +static crypto_uint32 times38(crypto_uint32 a) +{ + return (a << 5) + (a << 2) + (a << 1); } +static void fe25519_reduce_add_sub(fe25519 *r) +{ + crypto_uint32 t; + int i,rep; + + for(rep=0;rep<4;rep++) + { + t = r->v31 >> 7; + r->v31 &= 127; + t = times19(t); + r->v0 += t; + for(i=0;i<31;i++) + { + t = r->vi >> 8; + r->vi+1 += t; + r->vi &= 255; + } + } +} -int crypto_sign_ed25519_keypair( - unsigned char *pk, - unsigned char *sk - ) +static void reduce_mul(fe25519 *r) +{ + crypto_uint32 t; + int i,rep;
View file
_service:tar_scm:openssh-9.3p1.tar.gz/ed25519.sh
Added
@@ -0,0 +1,119 @@ +#!/bin/sh +# $OpenBSD: ed25519.sh,v 1.1 2023/01/15 23:05:32 djm Exp $ +# Placed in the Public Domain. +# +AUTHOR="supercop-20221122/crypto_sign/ed25519/ref/implementors" +FILES=" + supercop-20221122/crypto_verify/32/ref/verify.c + supercop-20221122/crypto_sign/ed25519/ref/fe25519.h + supercop-20221122/crypto_sign/ed25519/ref/fe25519.c + supercop-20221122/crypto_sign/ed25519/ref/sc25519.h + supercop-20221122/crypto_sign/ed25519/ref/sc25519.c + supercop-20221122/crypto_sign/ed25519/ref/ge25519.h + supercop-20221122/crypto_sign/ed25519/ref/ge25519.c + supercop-20221122/crypto_sign/ed25519/ref/keypair.c + supercop-20221122/crypto_sign/ed25519/ref/sign.c + supercop-20221122/crypto_sign/ed25519/ref/open.c +" +### + +DATA="supercop-20221122/crypto_sign/ed25519/ref/ge25519_base.data" + +set -e +cd $1 +echo -n '/* $' +echo 'OpenBSD: $ */' +echo +echo '/*' +echo ' * Public Domain, Authors:' +sed -e '/Alphabetical order:/d' -e 's/^/ * - /' < $AUTHOR +echo ' */' +echo +echo '#include <string.h>' +echo +echo '#include "crypto_api.h"' +echo +# Map the types used in this code to the ones in crypto_api.h. We use #define +# instead of typedef since some systems have existing intXX types and do not +# permit multiple typedefs even if they do not conflict. +for t in int8 uint8 int16 uint16 int32 uint32 int64 uint64; do + echo "#define $t crypto_${t}" +done +echo +for i in $FILES; do + echo "/* from $i */" + # Changes to all files: + # - inline ge25519_base.data where it is included + # - expand CRYPTO_NAMESPACE() namespacing define + # - remove all includes, we inline everything required. + # - make functions not required elsewhere static. + # - rename the functions we do use. + sed \ + -e "/#include \"ge25519_base.data\"/r $DATA" \ + -e "/#include/d" \ + -e "s/^void /static void /g" \ + -e 's/CRYPTO_NAMESPACE(\(a-zA-Z0-9_*\))/crypto_sign_ed25519_ref_\1/g' \ + $i | \ + case "$i" in + */crypto_verify/32/ref/verify.c) + # rename crypto_verify() to the name that the ed25519 code expects. + sed -e "/^#include.*/d" \ + -e "s/crypto_verify/crypto_verify_32/g" \ + -e "s/^int /static int /g" + ;; + */crypto_sign/ed25519/ref/sign.c) + # rename signing function to the name OpenSSH expects + sed -e "s/crypto_sign/crypto_sign_ed25519/g" + ;; + */crypto_sign/ed25519/ref/keypair.c) + # rename key generation function to the name OpenSSH expects + sed -e "s/crypto_sign_keypair/crypto_sign_ed25519_keypair/g" + ;; + */crypto_sign/ed25519/ref/open.c) + # rename verification function to the name OpenSSH expects + sed -e "s/crypto_sign_open/crypto_sign_ed25519_open/g" + ;; + */crypto_sign/ed25519/ref/fe25519.*) + # avoid a couple of name collions with other files + sed -e "s/reduce_add_sub/fe25519_reduce_add_sub/g" \ + -e "s/ equal(/ fe25519_equal(/g" \ + -e "s/^int /static int /g" + ;; + */crypto_sign/ed25519/ref/sc25519.h) + # Lots of unused prototypes to remove + sed -e "s/^int /static int /g" \ + -e '/shortsc25519_from16bytes/d' \ + -e '/sc25519_iszero_vartime/d' \ + -e '/sc25519_isshort_vartime/d' \ + -e '/sc25519_lt_vartime/d' \ + -e '/sc25519_sub_nored/d' \ + -e '/sc25519_mul_shortsc/d' \ + -e '/sc25519_from_shortsc/d' \ + -e '/sc25519_window5/d' + ;; + */crypto_sign/ed25519/ref/sc25519.c) + # Lots of unused code to remove, some name collisions to avoid + sed -e "s/reduce_add_sub/sc25519_reduce_add_sub/g" \ + -e "s/ equal(/ sc25519_equal(/g" \ + -e "s/^int /static int /g" \ + -e "s/m/sc25519_m/g" \ + -e "s/mu/sc25519_mu/g" \ + -e '/shortsc25519_from16bytes/,/^}$/d' \ + -e '/sc25519_iszero_vartime/,/^}$/d' \ + -e '/sc25519_isshort_vartime/,/^}$/d' \ + -e '/sc25519_lt_vartime/,/^}$/d' \ + -e '/sc25519_sub_nored/,/^}$/d' \ + -e '/sc25519_mul_shortsc/,/^}$/d' \ + -e '/sc25519_from_shortsc/,/^}$/d' \ + -e '/sc25519_window5/,/^}$/d' + ;; + */crypto_sign/ed25519/ref//ge25519.*) + sed -e "s/^int /static int /g" + ;; + # Default: pass through. + *) + cat + ;; + esac | \ + sed -e 's/ *$//' +done
View file
_service:tar_scm:openssh-9.1p1.tar.gz/entropy.c -> _service:tar_scm:openssh-9.3p1.tar.gz/entropy.c
Changed
@@ -57,40 +57,6 @@ * /dev/random), then collect RANDOM_SEED_SIZE bytes of randomness from * PRNGd. */ -#ifndef OPENSSL_PRNG_ONLY - -void -rexec_send_rng_seed(struct sshbuf *m) -{ - u_char bufRANDOM_SEED_SIZE; - size_t len = sizeof(buf); - int r; - - if (RAND_bytes(buf, sizeof(buf)) <= 0) { - error("Couldn't obtain random bytes (error %ld)", - ERR_get_error()); - len = 0; - } - if ((r = sshbuf_put_string(m, buf, len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - explicit_bzero(buf, sizeof(buf)); -} - -void -rexec_recv_rng_seed(struct sshbuf *m) -{ - const u_char *buf = NULL; - size_t len = 0; - int r; - - if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - debug3("rexec_recv_rng_seed: seeding rng with %lu bytes", - (unsigned long)len); - RAND_add(buf, len, len); -} -#endif /* OPENSSL_PRNG_ONLY */ void seed_rng(void)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/hostfile.c -> _service:tar_scm:openssh-9.3p1.tar.gz/hostfile.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: hostfile.c,v 1.93 2022/01/06 22:02:52 djm Exp $ */ +/* $OpenBSD: hostfile.c,v 1.95 2023/02/21 06:48:18 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -515,14 +515,23 @@ const struct sshkey *key, int store_hash) { FILE *f; - int success; + int success, addnl = 0; if (key == NULL) return 1; /* XXX ? */ hostfile_create_user_ssh_dir(filename, 0); - f = fopen(filename, "a"); + f = fopen(filename, "a+"); if (!f) return 0; + /* Make sure we have a terminating newline. */ + if (fseek(f, -1L, SEEK_END) == 0 && fgetc(f) != '\n') + addnl = 1; + if (fseek(f, 0L, SEEK_END) != 0 || (addnl && fputc('\n', f) != '\n')) { + error("Failed to add terminating newline to %s: %s", + filename, strerror(errno)); + fclose(f); + return 0; + } success = write_host_entry(f, host, NULL, key, store_hash); fclose(f); return success;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/install-sh -> _service:tar_scm:openssh-9.3p1.tar.gz/install-sh
Changed
@@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2011-11-20.07; # UTC +scriptversion=2020-11-14.01; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -41,19 +41,15 @@ # This script is compatible with the BSD install script, but was written # from scratch. +tab=' ' nl=' ' -IFS=" "" $nl" +IFS=" $tab$nl" -# set DOITPROG to echo to test this script +# Set DOITPROG to "echo" to test this script. -# Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} -if test -z "$doit"; then - doit_exec=exec -else - doit_exec=$doit -fi +doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. @@ -68,22 +64,16 @@ rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} -posix_glob='?' -initialize_posix_glob=' - test "$posix_glob" != "?" || { - if (set -f) 2>/dev/null; then - posix_glob= - else - posix_glob=: - fi - } -' - posix_mkdir= # Desired mode of installed file. mode=0755 +# Create dirs (including intermediate dirs) using mode 755. +# This is like GNU 'install' as of coreutils 8.32 (2020). +mkdir_umask=22 + +backupsuffix= chgrpcmd= chmodcmd=$chmodprog chowncmd= @@ -97,7 +87,7 @@ dst_arg= copy_on_change=false -no_target_directory= +is_target_a_directory=possibly usage="\ Usage: $0 OPTION... -T SRCFILE DSTFILE @@ -114,18 +104,28 @@ --version display version info and exit. -c (ignored) - -C install only if different (preserve the last data modification time) + -C install only if different (preserve data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. + -p pass -p to $cpprog. -s $stripprog installed files. + -S SUFFIX attempt to back up existing files, with suffix SUFFIX. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG + +By default, rm is invoked with -f; when overridden with RMPROG, +it's up to you to specify -f if you want it. + +If -S is not specified, no backups are attempted. + +Email bug reports to bug-automake@gnu.org. +Automake home page: https://www.gnu.org/software/automake/ " while test $# -ne 0; do @@ -137,46 +137,62 @@ -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - case $mode in - *' '* | *' '* | *' -'* | *'*'* | *'?'* | *''*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *''*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; -o) chowncmd="$chownprog $2" - shift;; + shift;; + + -p) cpprog="$cpprog -p";; -s) stripcmd=$stripprog;; - -t) dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | =\(\)!) dst_arg=./$dst_arg;; - esac - shift;; + -S) backupsuffix="$2" + shift;; - -T) no_target_directory=true;; + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | =\(\)!) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; - --) shift - break;; + --) shift + break;; - -*) echo "$0: invalid option: $1" >&2 - exit 1;; + -*) echo "$0: invalid option: $1" >&2 + exit 1;; *) break;; esac shift done +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. @@ -208,6 +224,15 @@ fi if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 @@ -223,16 +248,16 @@
View file
_service:tar_scm:openssh-9.1p1.tar.gz/kex.c -> _service:tar_scm:openssh-9.3p1.tar.gz/kex.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.c,v 1.172 2022/02/01 23:32:51 djm Exp $ */ +/* $OpenBSD: kex.c,v 1.178 2023/03/12 10:40:39 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -57,10 +57,12 @@ #include "misc.h" #include "dispatch.h" #include "monitor.h" +#include "myproposal.h" #include "ssherr.h" #include "sshbuf.h" #include "digest.h" +#include "xmalloc.h" /* prototype */ static int kex_choose_conf(struct ssh *); @@ -317,6 +319,61 @@ return r; } +/* + * Fill out a proposal array with dynamically allocated values, which may + * be modified as required for compatibility reasons. + * Any of the options may be NULL, in which case the default is used. + * Array contents must be freed by calling kex_proposal_free_entries. + */ +void +kex_proposal_populate_entries(struct ssh *ssh, char *propPROPOSAL_MAX, + const char *kexalgos, const char *ciphers, const char *macs, + const char *comp, const char *hkalgs) +{ + const char *defpropserverPROPOSAL_MAX = { KEX_SERVER }; + const char *defpropclientPROPOSAL_MAX = { KEX_CLIENT }; + const char **defprop = ssh->kex->server ? defpropserver : defpropclient; + u_int i; + + if (prop == NULL) + fatal_f("proposal missing"); + + for (i = 0; i < PROPOSAL_MAX; i++) { + switch(i) { + case PROPOSAL_KEX_ALGS: + propi = compat_kex_proposal(ssh, + kexalgos ? kexalgos : defpropi); + break; + case PROPOSAL_ENC_ALGS_CTOS: + case PROPOSAL_ENC_ALGS_STOC: + propi = xstrdup(ciphers ? ciphers : defpropi); + break; + case PROPOSAL_MAC_ALGS_CTOS: + case PROPOSAL_MAC_ALGS_STOC: + propi = xstrdup(macs ? macs : defpropi); + break; + case PROPOSAL_COMP_ALGS_CTOS: + case PROPOSAL_COMP_ALGS_STOC: + propi = xstrdup(comp ? comp : defpropi); + break; + case PROPOSAL_SERVER_HOST_KEY_ALGS: + propi = xstrdup(hkalgs ? hkalgs : defpropi); + break; + default: + propi = xstrdup(defpropi); + } + } +} + +void +kex_proposal_free_entries(char *propPROPOSAL_MAX) +{ + u_int i; + + for (i = 0; i < PROPOSAL_MAX; i++) + free(propi); +} + /* put algorithm proposal into buffer */ int kex_prop2buf(struct sshbuf *b, char *proposalPROPOSAL_MAX) @@ -404,7 +461,6 @@ free(proposal); } -/* ARGSUSED */ int kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh) { @@ -485,6 +541,11 @@ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) return r; + if (ninfo >= 1024) { + error("SSH2_MSG_EXT_INFO with too many entries, expected " + "<=1024, received %u", ninfo); + return SSH_ERR_INVALID_FORMAT; + } for (i = 0; i < ninfo; i++) { if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) return r; @@ -585,7 +646,6 @@ return 0; } -/* ARGSUSED */ int kex_input_kexinit(int type, u_int32_t seq, struct ssh *ssh) { @@ -1215,7 +1275,7 @@ const char *version_addendum) { int remote_major, remote_minor, mismatch, oerrno = 0; - size_t len, i, n; + size_t len, n; int r, expect_nl; u_char c; struct sshbuf *our_version = ssh->kex->server ? @@ -1271,7 +1331,7 @@ } sshbuf_reset(peer_version); expect_nl = 0; - for (i = 0; ; i++) { + for (;;) { if (timeout_ms > 0) { r = waitrfd(ssh_packet_get_connection_in(ssh), &timeout_ms); @@ -1345,7 +1405,7 @@ } peer_version_string = sshbuf_dup_string(peer_version); if (peer_version_string == NULL) - error_f("sshbuf_dup_string failed"); + fatal_f("sshbuf_dup_string failed"); /* XXX must be same size for sscanf */ if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) { error_f("calloc failed"); @@ -1404,10 +1464,6 @@ r = SSH_ERR_CONN_CLOSED; /* XXX */ goto out; } - if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) { - logit("Remote version \"%.100s\" uses unsafe RSA signature " - "scheme; disabling use of RSA keys", remote_version); - } /* success */ r = 0; out:
View file
_service:tar_scm:openssh-9.1p1.tar.gz/kex.h -> _service:tar_scm:openssh-9.3p1.tar.gz/kex.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.117 2022/01/06 21:55:23 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.118 2023/03/06 12:14:48 dtucker Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -182,6 +182,9 @@ char *kex_alg_list(char); char *kex_names_cat(const char *, const char *); int kex_assemble_names(char **, const char *, const char *); +void kex_proposal_populate_entries(struct ssh *, char *propPROPOSAL_MAX, + const char *, const char *, const char *, const char *, const char *); +void kex_proposal_free_entries(char *propPROPOSAL_MAX); int kex_exchange_identification(struct ssh *, int, const char *);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/kexgexs.c -> _service:tar_scm:openssh-9.3p1.tar.gz/kexgexs.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.44 2021/12/19 22:08:06 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.45 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -46,7 +46,6 @@ #include "packet.h" #include "dh.h" #include "ssh2.h" -#include "compat.h" #ifdef GSSAPI #include "ssh-gss.h" #endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/krl.c -> _service:tar_scm:openssh-9.3p1.tar.gz/krl.c
Changed
@@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.54 2022/04/28 02:53:31 djm Exp $ */ +/* $OpenBSD: krl.c,v 1.55 2023/03/14 07:28:47 dtucker Exp $ */ #include "includes.h" @@ -191,6 +191,7 @@ TAILQ_REMOVE(&krl->revoked_certs, rc, entry); revoked_certs_free(rc); } + free(krl); } void
View file
_service:tar_scm:openssh-9.1p1.tar.gz/misc.c -> _service:tar_scm:openssh-9.3p1.tar.gz/misc.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.177 2022/08/11 01:56:51 djm Exp $ */ +/* $OpenBSD: misc.c,v 1.181 2023/03/03 02:37:58 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005-2020 Damien Miller. All rights reserved. @@ -95,7 +95,7 @@ if ((i = strlen(s)) == 0) return; for (i--; i > 0; i--) { - if (isspace((int)si)) + if (isspace((unsigned char)si)) si = '\0'; } } @@ -278,7 +278,7 @@ debug3_f("set socket %d IP_TOS 0x%02x", fd, tos); if (setsockopt(fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1) { - error("setsockopt socket %d IP_TOS %d: %s:", + error("setsockopt socket %d IP_TOS %d: %s", fd, tos, strerror(errno)); } # endif /* IP_TOS */ @@ -288,7 +288,7 @@ debug3_f("set socket %d IPV6_TCLASS 0x%02x", fd, tos); if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1) { - error("setsockopt socket %d IPV6_TCLASS %d: %.100s:", + error("setsockopt socket %d IPV6_TCLASS %d: %s", fd, tos, strerror(errno)); } # endif /* IPV6_TCLASS */ @@ -2452,9 +2452,6 @@ return 0; } -/* On OpenBSD time_t is int64_t which is long long. */ -/* #define SSH_TIME_T_MAX LLONG_MAX */ - void format_absolute_time(uint64_t t, char *buf, size_t len) { @@ -2826,3 +2823,92 @@ free(name); return ret; } + +/* + * Helpers for managing poll(2)/ppoll(2) timeouts + * Will remember the earliest deadline and return it for use in poll/ppoll. + */ + +/* Initialise a poll/ppoll timeout with an indefinite deadline */ +void +ptimeout_init(struct timespec *pt) +{ + /* + * Deliberately invalid for ppoll(2). + * Will be converted to NULL in ptimeout_get_tspec() later. + */ + pt->tv_sec = -1; + pt->tv_nsec = 0; +} + +/* Specify a poll/ppoll deadline of at most 'sec' seconds */ +void +ptimeout_deadline_sec(struct timespec *pt, long sec) +{ + if (pt->tv_sec == -1 || pt->tv_sec >= sec) { + pt->tv_sec = sec; + pt->tv_nsec = 0; + } +} + +/* Specify a poll/ppoll deadline of at most 'p' (timespec) */ +static void +ptimeout_deadline_tsp(struct timespec *pt, struct timespec *p) +{ + if (pt->tv_sec == -1 || timespeccmp(pt, p, >=)) + *pt = *p; +} + +/* Specify a poll/ppoll deadline of at most 'ms' milliseconds */ +void +ptimeout_deadline_ms(struct timespec *pt, long ms) +{ + struct timespec p; + + p.tv_sec = ms / 1000; + p.tv_nsec = (ms % 1000) * 1000000; + ptimeout_deadline_tsp(pt, &p); +} + +/* Specify a poll/ppoll deadline at wall clock monotime 'when' */ +void +ptimeout_deadline_monotime(struct timespec *pt, time_t when) +{ + struct timespec now, t; + + t.tv_sec = when; + t.tv_nsec = 0; + monotime_ts(&now); + + if (timespeccmp(&now, &t, >=)) + ptimeout_deadline_sec(pt, 0); + else { + timespecsub(&t, &now, &t); + ptimeout_deadline_tsp(pt, &t); + } +} + +/* Get a poll(2) timeout value in milliseconds */ +int +ptimeout_get_ms(struct timespec *pt) +{ + if (pt->tv_sec == -1) + return -1; + if (pt->tv_sec >= (INT_MAX - (pt->tv_nsec / 1000000)) / 1000) + return INT_MAX; + return (pt->tv_sec * 1000) + (pt->tv_nsec / 1000000); +} + +/* Get a ppoll(2) timeout value as a timespec pointer */ +struct timespec * +ptimeout_get_tsp(struct timespec *pt) +{ + return pt->tv_sec == -1 ? NULL : pt; +} + +/* Returns non-zero if a timeout has been set (i.e. is not indefinite) */ +int +ptimeout_isset(struct timespec *pt) +{ + return pt->tv_sec != -1; +}
View file
_service:tar_scm:openssh-9.1p1.tar.gz/misc.h -> _service:tar_scm:openssh-9.3p1.tar.gz/misc.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.100 2022/06/03 04:30:47 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.102 2023/03/03 02:37:58 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -208,6 +208,15 @@ const char *directive, char ***array, int **iarray, u_int *lp, const char *s, int i); +struct timespec; +void ptimeout_init(struct timespec *pt); +void ptimeout_deadline_sec(struct timespec *pt, long sec); +void ptimeout_deadline_ms(struct timespec *pt, long ms); +void ptimeout_deadline_monotime(struct timespec *pt, time_t when); +int ptimeout_get_ms(struct timespec *pt); +struct timespec *ptimeout_get_tsp(struct timespec *pt); +int ptimeout_isset(struct timespec *pt); + /* readpass.c */ #define RP_ECHO 0x0001 @@ -231,4 +240,7 @@ typedef void (*sshsig_t)(int); sshsig_t ssh_signal(int, sshsig_t); +/* On OpenBSD time_t is int64_t which is long long. */ +/* #define SSH_TIME_T_MAX LLONG_MAX */ + #endif /* _MISC_H */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/moduli -> _service:tar_scm:openssh-9.3p1.tar.gz/moduli
Changed
@@ -1,420 +1,425 @@ -# $OpenBSD: moduli,v 1.32 2022/04/20 01:13:47 dtucker Exp $ +# $OpenBSD: moduli,v 1.33 2022/11/07 02:21:21 dtucker Exp $ # Time Type Tests Tries Size Generator Modulus -20220414072358 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5D1B922F -20220414072402 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5D3FAAB3 -20220414072411 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5DA6E2EF -20220414072429 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5E5C2677 -20220414072430 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5E5C4C6F -20220414072435 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5E8EADAB -20220414072436 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5E9B7C6F -20220414072440 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5EBA84AB -20220414072442 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5ECDB22B -20220414072457 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB5F71BAC3 -20220414072517 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6044356F -20220414072521 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB60678097 -20220414072523 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB607297CF -20220414072528 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB60A2A627 -20220414072529 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB60AAC38F -20220414072533 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB60CD7B87 -20220414072538 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB60F9FD4B -20220414072540 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6103C8C7 -20220414072545 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB612FA3CF -20220414072547 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6139A9BF -20220414072548 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB613E9CC7 -20220414072553 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6171EBF3 -20220414072601 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB61BAEA33 -20220414072603 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB61CF5307 -20220414072606 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB61E8149F -20220414072607 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB61EB7577 -20220414072607 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB61ED0BA3 -20220414072611 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB620FE4E3 -20220414072615 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB622D2F63 -20220414072616 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB623847EB -20220414072628 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB62ABB94B -20220414072638 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6312214F -20220414072643 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB633E1C73 -20220414072647 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB63669B3B -20220414072650 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB638220F7 -20220414072653 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6398ADAB -20220414072654 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB639EBE43 -20220414072707 2 6 100 2047 2 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB641D23FB -20220414072710 2 6 100 2047 5 F19C2D09AD49978F8A0C1B84168A4011A26F9CD516815934764A319FDC5975FA514AAF11B747D8CA6B3919532BEFB68FA118079473895674F3770F71FBB742F176883841EB3DE679BEF53C6AFE437A662F228B03C1E34B5A0D3909F608CEAA16C1F8131DE11E67878EFD918A89205E5E4DE323054010CA4711F25D466BB7727A016DD3F9F53BDBCE093055A4F2497ADEFB5A2500F9C5C3B0BCD88C6489F4C1CBC7CFB67BA6EABA0195794E4188CE9060F431041AD52FB9BAC4DF7FA536F585FBE67746CD57BFAD67567E9706C24D95C49BE95B759657C6BB5151E2AEA32F4CD557C40298A5C402101520EE8AAB8DFEED6FFC11AAF8036D6345923CFB6434F4DF -20220414072729 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6436684F -20220414072730 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF643C46A7 -20220414072734 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF64668B47 -20220414072739 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF648F9F5B -20220414072741 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF64973923 -20220414072744 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF64B4BA7B -20220414072749 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF64E993BB -20220414072753 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6515105B -20220414072757 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF65323FDB -20220414072809 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF65A7F357 -20220414072813 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF65CC809F -20220414072817 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF65F46043 -20220414072829 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF666C8F9B -20220414072832 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF668915E3 -20220414072835 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF66A68853 -20220414072848 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF672C226F -20220414072851 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF674E2523 -20220414072854 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF67616DDF -20220414072857 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF677613DF -20220414072900 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6792A07B -20220414072903 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF67AC314F -20220414072905 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF67B61CAB -20220414072907 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF67CB88C3 -20220414072908 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF67CBC62B -20220414072909 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF67D5028B -20220414072925 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6879A003 -20220414072927 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF68874667 -20220414072929 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF68967B9B -20220414072935 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF68D81493 -20220414072953 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF69A1B363 -20220414072957 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF69C2BBA3 -20220414072959 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF69D13857 -20220414073003 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF69EF96CB -20220414073004 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF69F43F4B -20220414073006 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6A06D42B -20220414073016 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6A6A7103 -20220414073018 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6A7B9AFB -20220414073018 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6A7BD38F -20220414073019 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6A7F4A6F -20220414073036 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6B2FC84F -20220414073041 2 6 100 2047 2 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6B67F26B -20220414073055 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6C025837 -20220414073058 2 6 100 2047 5 E28FC4E08A6D57BC5842065F7028D34B56B517A920144E422159168C0CF6F65E1C9CB385AD0BAFFDA8A78C13A1D32CDC4C0E695426E46F524468E9FF7E423C61B626710F9F3BB9F67F058AC00FFD91AFF9061C88EC8D698F974AA4D7070633D1B7982FA906ED686783E607438859AF0E23BA99392DE67A01D4E2CB47E005EFF3C0DEE0AFFA72D80AD54803FA4C341F6B1B8680C6EB9E3B4A93931485B1F0E92ADA1F3D3F049430454E0C51492C5502BE844CF7AFABC9B6ED351B59098B457C17BBDF6E90B63EBA42E0F03818AB4250668C0F55C0DD8F64D5EE5BFB47713E7935129A97C5B3F917972D7F75263D20B9664DEC37045C7659039593F3AF6C19C927 -20220414073921 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB839BF99CF -20220414074048 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83B22A8CB -20220414074055 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83B38DF4B -20220414074204 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83C4E96FB -20220414074223 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83C952457 -20220414074458 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83EF76EDB -20220414074505 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83F0B3E5B -20220414074508 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB83F1192F7 -20220414074657 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB840C320E3 -20220414074757 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB841ACDB2F -20220414074809 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB841D33923 -20220414074813 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB841DCED47 -20220414074823 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB842009833 -20220414074835 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB842257813 -20220414074840 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB8423357CB -20220414074844 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB8423B8E6B -20220414074923 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB842CB64CB -20220414075134 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB844C6295B -20220414075206 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB8453EA8F3 -20220414075228 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB8458F2F8B -20220414075251 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB845E71A57 -20220414075317 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB84648C5EF -20220414075352 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB846C72BBF -20220414075450 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB847A0F4F7 -20220414075521 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB84817FBD3 -20220414075541 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB84866A397 -20220414075556 2 6 100 3071 5 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB8489919F7 -20220414075630 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB84916DB03 -20220414075833 2 6 100 3071 2 C51B2203994018FE66AF950975C59F6B678BD895CBD976250E5513528EF9B03B85B0DD85C17B519B1D41CB11CFCF86F9649C411D746E8ADA9A743D09458BE956D59D6C471945A92E1A6AD2B519D24373242BDD1A13BDE5EAE3518F17F8D2EB158F5340F76212DE07E67816FCC95EABAA1568116D400FC2EE789EB0C097AC9E94DB7B6A861F35B7F57C58934FD6034B4352F83978CB943D63921D8B29BC30A5CB5069A31F550206767EAB17FF80BD34A849F05CEA09CE2B374D70B25DFC31DD546310C948F9DAF4E0C873FA5AC0221EF1D761F581AE4C8C890FCC7D16E5A82B4DB3C9C713A3A13E8039D62AB2DC9B4AD3B1BB721D985C2DD6333E9871F5E4D76AC163D90CC629CC81783087DBC70739200FB5703FF4BEA4202FBEAD26311123672F1E6CBD0DA429CD253E4F579D5FFECEF1DDA78D2AF6B6D8B9818E334D42DFF3F7ACAFD350421BC6C551C004FBE620D397EB602AD2CEDD0D61C9E22D622AF8197393CFEB7250F6D13CBC5CB7625242B0CD23B174F66B00BEDA0E4CB84AFEC0BB -20220414075927 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA416BC45B7 -20220414075956 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4172ADEAF -20220414080014 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4176C3D1B -20220414080031 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA417A81CB7 -20220414080111 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41846F30B -20220414080114 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4184B28B3 -20220414080215 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4193CE3E7 -20220414080230 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41972BB5B -20220414080234 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4197B2B2B -20220414080256 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA419CEB82F -20220414080413 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41B04B177 -20220414080440 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41B6F0F87 -20220414080455 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41BA8FF03 -20220414080531 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41C38E9AF -20220414080538 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41C4CE0D7 -20220414080549 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41C714107 -20220414080559 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41C93CC8F -20220414080612 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41CC0E6F3 -20220414080632 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41D090397 -20220414080739 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41E0CE6AF -20220414080844 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41F0FD883 -20220414080927 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41FAF88C3 -20220414080944 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA41FED798B -20220414081010 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4204E96A3 -20220414081036 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA420AE22CF -20220414081101 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA42108AABF -20220414081119 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4214499C7 -20220414081154 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA421C7C413 -20220414081217 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4221AEE5F -20220414081236 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA42261B5C3 -20220414081253 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4229C2F0F -20220414081339 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4234DEBD3 -20220414081352 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4237ABDBF -20220414081357 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA42388B4CF -20220414081406 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA423A221F7 -20220414081420 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA423D608D3 -20220414081459 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4246BBC83 -20220414081542 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4250E9783 -20220414081700 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA42630DCAB -20220414081734 2 6 100 3071 5 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA426B23DD7 -20220414081825 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA42776DBCB -20220414081912 2 6 100 3071 2 F5A593C9AFA507A500AC0F2C6389F394E8818163FA32B928AC5A46FBC5556CFC88FC789A9EE0E99C002FC4E3DABCAA2BF268FD7FB49A26E986A300CAEEED3C55E43DD1681074B52C4DB264879CE4B96F2CBB172EBBEE34A7E87CC3818AB3E6AAF135C7CDB655F220B93C32B2CB69F538CCE40AF86994CB6D80D0456B3CAA38C46B0D09C0D26C8E67D4EE6E4FE219AC92FF244216E6DCB4267C0DA00E906730792FA9BDA189B9CE5D552B04F1314418936BF02B08FE3AC2033A6B17DF3956D1316FAA6347FD940DDA68FB8AAE1B42E225B2CB8C81BA82DD05A0284F4C08DA48B991DFC1DD08E8ED02AA3FAF82E34CAC009930DDA85040A5D380F8B9B79F69F46D860319636C5931E1C25EF07F5B3D9964ED066E8E0D1C9E73121907C3A27EDCDDBD231B0BAEB124C13F1EBAC60035DE0017D5B0DABA74763096E26F7C9A7394B73BB65A7733F2A69FA6B0D8543CE3D98C083DE93B48BF974556CE3B0230DE2B13D4BA011DB8272BA6DDAF54E0E26E10180C03397156FFCAE19A95ABA4282A042B -20220414083041 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB23411639DA0F7DB -20220414083420 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB23411639F33C3DB -20220414083538 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB23411639FBF5323 -20220414083742 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A0A39C73 -20220414083748 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A0A515CB -20220414083806 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A0BD1AC3 -20220414083844 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A0FE2EEF -20220414083857 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A10F0FBB -20220414084033 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A1B65ABF -20220414084433 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A3641CDB -20220414084513 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A3A411D3 -20220414084808 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A4E0E273 -20220414085212 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A6A1D0B3 -20220414085536 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163A81A77BF -20220414090236 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163AB233EFB -20220414090316 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163AB65D58B -20220414090426 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163ABE1A11F -20220414090629 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163ACC285FB -20220414091059 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163AEC45C03 -20220414091158 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163AF2CCFF3 -20220414091314 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163AFB69BF7 -20220414091552 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B0D7D40F -20220414091928 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B26330CB -20220414092153 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B3673963 -20220414092830 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B62CC3A7 -20220414092943 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B6A8C34F -20220414093010 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B6D25E3F -20220414093441 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B8C7B5FF -20220414093544 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B934C513 -20220414093731 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163B9EC8F87 -20220414093843 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163BA69E11B -20220414093925 2 6 100 4095 2 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163BAB069A3 -20220414094303 2 6 100 4095 5 F32919EC12E2FE5DCC900B63D26BA6DD1030C9D818431D43D7629C26DF0B797B85C4DE6D39A179EFDBF452D6FAEAFF7D89C80E2BF78133324537D863C67C527C8C8D321CCB69E1B4A97675179F0D581560D1BB4CB5FC0EE1BBE740DC53E81D509A2AB1C502E02196CB7910868E93FE8151C148430654A623949C8C985F169D78CF7143FADEA9363103FABE79F14F966061DAE8202CE667C23877B4375148E3FE6969270D90C0BB11983A725320FE2E110452D56CD29924687638285FF60F528FBCC8F9F21D1AF2C150265F6846BABF083F10B43D92FCC02F5794034DE043ED9EDD2088E590314930FDECCAF3BDE0D07ED9DB167BF2AF1634EF88C77D3016BFC17B0903449E3611BE247665FD4A2A4F1D988C67BA1B81B4C9453ADF5C98EEB584C5FB25F8B0EA3606C80A459DD58B0D10E50FE9A7E062E9E918765B1C5D2BE056F846BC7BBA649F2BCE549B2FA5A55D3F31388C1EFEA4E8F2800A2A050E8468E8DDD4DA986C6496159A26E2CA9CA26415EE53F6403DAB022C1F19EC1B311A39495AF6A82BD1FD9AE47BF5C10B013E7CA7DAB015BDA7B60EFA5FF4916BC6CB81C5B6132AA9EF4E49716D98FB66C349CB956DDE33CAAE1BEA93AC395C84B3F58FCDAEF3F58F9DEF5F7EDB527578D1711A754BFE19718A41CA16FAB7C106194455EEAF4E0D4FA29D2BF224B328F7B546382F2FB4E8EE41C96ECAB2341163BC328B97 -20220414094931 2 6 100 4095 5 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818DA7CECB7 -20220414095121 2 6 100 4095 5 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818DB3FEE97 -20220414095821 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818DE590FC3 -20220414100127 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818DFAAB9F3 -20220414100220 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818E005F20B -20220414100244 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818E029D1B3 -20220414100254 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818E034AA33 -20220414100620 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818E1B8C073 -20220414100630 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818E1C2553B -20220414101142 2 6 100 4095 2 E8B371757422F6F4C734F2E4380126789768169B37154E4E3A4A74A3DF6545653A5970CDE0F0BD17CCFDAABBEE7568E1285D5A704BB9739EAB680D7EF59C134D327B55CF4AD69A4128536E2F055F5FBF0DB661C322A4993E382B997B2A0C5E434678B1910862AE385C415FF811BA11727CFE39C559847E710AC2D4BDA8D658F2259887E78D54179287BFE112E9C532CB1D062419DFF6E031F82EC991523A1144385189A813DFACBC63D8DAD98199696715C6BC5A22A1943B2CFC4BDAD8473FBEB7BCEC204EC12CFDB1A9BB66DCF85B3121C9E1C3587960769115B2F27ACEEC29A1CDC717B7505A561051F0E88A3C51798CD829E234ED14C277E9635B3E05EB13FA36F117B46094CA68F45F3667D6E84E0214F1650BF080CC4CC5510D6569E0226E88CD842B2ACFBD31370B136E5FD22C6697090586F38323AB36FB5569FB0FD53BB4AF10C16F0B809C1FB5B1B1C56027244F5A174A37250721197CE425CB5E5C5A51D4A5EA4A1EBEED71511BBE0BFF03CB1AE76968166167A775AB1AD9C9665C6ACC04203E5B2E80AA9F7CF395C28EC432A36A97CDBB354E20BEA600F383D7729DE8B9DF5B16B721BEE8C6ADF51DA8EF5B7B3367EC8E6788F9772835586D09A9F8423AF1221CA87CBD54EC399E0BE49AEF19C017EEF36B3B18517DB2246EABBB21F6DF5CA2F4E1D178D0F42384CA192AA1461452BBC453FB59C54818E40A1E13
View file
_service:tar_scm:openssh-9.1p1.tar.gz/moduli.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/moduli.0
Changed
@@ -71,4 +71,4 @@ M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. -OpenBSD 7.1 April 16, 2022 OpenBSD 7.1 +OpenBSD 7.2 April 16, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/moduli.c -> _service:tar_scm:openssh-9.3p1.tar.gz/moduli.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.38 2022/05/01 23:20:30 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.39 2023/03/02 06:41:56 dtucker Exp $ */ /* * Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> @@ -452,7 +452,7 @@ { FILE *fp; char tmpPATH_MAX; - int r; + int r, writeok, closeok; r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile); if (r < 0 || r >= PATH_MAX) { @@ -469,13 +469,16 @@ close(r); return; } - if (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0 && fclose(fp) == 0 - && rename(tmp, cpfile) == 0) + writeok = (fprintf(fp, "%lu\n", (unsigned long)lineno) > 0); + closeok = (fclose(fp) == 0); + if (writeok && closeok && rename(tmp, cpfile) == 0) { debug3("wrote checkpoint line %lu to '%s'", (unsigned long)lineno, cpfile); - else + } else { logit("failed to write to checkpoint file '%s': %s", cpfile, strerror(errno)); + (void)unlink(tmp); + } } static unsigned long
View file
_service:tar_scm:openssh-9.1p1.tar.gz/monitor.c -> _service:tar_scm:openssh-9.3p1.tar.gz/monitor.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.234 2022/06/15 16:08:25 djm Exp $ */ +/* $OpenBSD: monitor.c,v 1.235 2023/02/17 04:22:50 dtucker Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -1097,6 +1097,10 @@ sshpam_authok = NULL; if ((r = sshbuf_get_u32(m, &num)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); + if (num > PAM_MAX_NUM_MSG) { + fatal_f("Too many PAM messages, got %u, expected <= %u", + num, (unsigned)PAM_MAX_NUM_MSG); + } if (num > 0) { resp = xcalloc(num, sizeof(char *)); for (i = 0; i < num; ++i) { @@ -1161,11 +1165,6 @@ fatal_fr(r, "parse"); if (key != NULL && authctxt->valid) { - /* These should not make it past the privsep child */ - if (sshkey_type_plain(key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) - fatal_f("passed a SSH_BUG_RSASIGMD5 key"); - switch (type) { case MM_USERKEY: auth_method = "publickey";
View file
_service:tar_scm:openssh-9.1p1.tar.gz/monitor_wrap.c -> _service:tar_scm:openssh-9.3p1.tar.gz/monitor_wrap.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: monitor_wrap.c,v 1.125 2022/06/15 16:08:25 djm Exp $ */ +/* $OpenBSD: monitor_wrap.c,v 1.126 2023/01/06 02:47:18 djm Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * Copyright 2002 Markus Friedl <markus@openbsd.org> @@ -339,6 +339,7 @@ for (i = 0; i < options.num_log_verbose; i++) log_verbose_add(options.log_verbosei); process_permitopen(ssh, &options); + process_channel_timeouts(ssh, &options); free(newopts); sshbuf_free(m);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/mux.c -> _service:tar_scm:openssh-9.3p1.tar.gz/mux.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: mux.c,v 1.94 2022/06/03 04:30:47 djm Exp $ */ +/* $OpenBSD: mux.c,v 1.96 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org> * @@ -186,9 +186,8 @@ }; /* Cleanup callback fired on closure of mux client _session_ channel */ -/* ARGSUSED */ static void -mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused) +mux_master_session_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused) { Channel *cc, *c = channel_by_id(ssh, cid); @@ -208,9 +207,8 @@ } /* Cleanup callback fired on closure of mux client _control_ channel */ -/* ARGSUSED */ static void -mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused) +mux_master_control_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused) { Channel *sc, *c = channel_by_id(ssh, cid);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/arc4random.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/arc4random.c
Changed
@@ -44,13 +44,15 @@ #ifndef HAVE_ARC4RANDOM /* - * If we're not using a native getentropy, use the one from bsd-getentropy.c - * under a different name, so that if in future these binaries are run on - * a system that has a native getentropy OpenSSL cannot call the wrong one. + * Always use the getentropy implementation from bsd-getentropy.c, which + * will call a native getentropy if available then fall back as required. + * We use a different name so that OpenSSL cannot call the wrong getentropy. */ -#ifndef HAVE_GETENTROPY -# define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) +int _ssh_compat_getentropy(void *, size_t); +#ifdef getentropy +# undef getentropy #endif +#define getentropy(x, y) (_ssh_compat_getentropy((x), (y))) #include "log.h"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/arc4random.h -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/arc4random.h
Changed
@@ -63,6 +63,7 @@ static inline int _rs_allocate(struct _rs **rsp, struct _rsx **rsxp) { +#if defined(MAP_ANON) && defined(MAP_PRIVATE) if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) return (-1); @@ -73,6 +74,15 @@ *rsp = NULL; return (-1); } +#else + if ((*rsp = calloc(1, sizeof(**rsp))) == NULL) + return (-1); + if ((*rsxp = calloc(1, sizeof(**rsxp))) == NULL) { + free(*rsp); + *rsp = NULL; + return (-1); + } +#endif _ARC4_ATFORK(_rs_forkhandler); return (0);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/bsd-getentropy.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/bsd-getentropy.c
Changed
@@ -18,8 +18,6 @@ #include "includes.h" -#ifndef HAVE_GETENTROPY - #ifndef SSH_RANDOM_DEV # define SSH_RANDOM_DEV "/dev/urandom" #endif /* SSH_RANDOM_DEV */ @@ -52,6 +50,10 @@ ssize_t r; size_t o = 0; +#ifdef HAVE_GETENTROPY + if ((r = getentropy(s, len)) == 0) + return 0; +#endif /* HAVE_GETENTROPY */ #ifdef HAVE_GETRANDOM if ((r = getrandom(s, len, 0)) > 0 && (size_t)r == len) return 0; @@ -79,4 +81,3 @@ #endif /* WITH_OPENSSL */ return 0; } -#endif /* WITH_GETENTROPY */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/bsd-poll.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/bsd-poll.c
Changed
@@ -47,9 +47,8 @@ const sigset_t *sigmask) { nfds_t i; - int saved_errno, ret, fd, maxfd = 0; - fd_set *readfds = NULL, *writefds = NULL, *exceptfds = NULL; - size_t nmemb; + int ret, fd, maxfd = 0; + fd_set readfds, writefds, exceptfds; for (i = 0; i < nfds; i++) { fd = fdsi.fd; @@ -60,30 +59,23 @@ maxfd = MAX(maxfd, fd); } - nmemb = howmany(maxfd + 1 , NFDBITS); - if ((readfds = calloc(nmemb, sizeof(fd_mask))) == NULL || - (writefds = calloc(nmemb, sizeof(fd_mask))) == NULL || - (exceptfds = calloc(nmemb, sizeof(fd_mask))) == NULL) { - saved_errno = ENOMEM; - ret = -1; - goto out; - } - /* populate event bit vectors for the events we're interested in */ + FD_ZERO(&readfds); + FD_ZERO(&writefds); + FD_ZERO(&exceptfds); for (i = 0; i < nfds; i++) { fd = fdsi.fd; if (fd == -1) continue; if (fdsi.events & POLLIN) - FD_SET(fd, readfds); + FD_SET(fd, &readfds); if (fdsi.events & POLLOUT) - FD_SET(fd, writefds); + FD_SET(fd, &writefds); if (fdsi.events & POLLPRI) - FD_SET(fd, exceptfds); + FD_SET(fd, &exceptfds); } - ret = pselect(maxfd + 1, readfds, writefds, exceptfds, tmoutp, sigmask); - saved_errno = errno; + ret = pselect(maxfd + 1, &readfds, &writefds, &exceptfds, tmoutp, sigmask); /* scan through select results and set poll() flags */ for (i = 0; i < nfds; i++) { @@ -91,20 +83,14 @@ fdsi.revents = 0; if (fd == -1) continue; - if ((fdsi.events & POLLIN) && FD_ISSET(fd, readfds)) + if ((fdsi.events & POLLIN) && FD_ISSET(fd, &readfds)) fdsi.revents |= POLLIN; - if ((fdsi.events & POLLOUT) && FD_ISSET(fd, writefds)) + if ((fdsi.events & POLLOUT) && FD_ISSET(fd, &writefds)) fdsi.revents |= POLLOUT; - if ((fdsi.events & POLLPRI) && FD_ISSET(fd, exceptfds)) + if ((fdsi.events & POLLPRI) && FD_ISSET(fd, &exceptfds)) fdsi.revents |= POLLPRI; } -out: - free(readfds); - free(writefds); - free(exceptfds); - if (ret == -1) - errno = saved_errno; return ret; } #endif /* !HAVE_PPOLL || BROKEN_POLL */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/bsd-poll.h -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/bsd-poll.h
Changed
@@ -44,12 +44,25 @@ short revents; } pollfd_t; -#define POLLIN 0x0001 -#define POLLPRI 0x0002 -#define POLLOUT 0x0004 -#define POLLERR 0x0008 -#define POLLHUP 0x0010 -#define POLLNVAL 0x0020 +#ifndef POLLIN +# define POLLIN 0x0001 +#endif +#ifndef POLLPRI +# define POLLPRI 0x0002 +#endif +#ifndef POLLOUT +# define POLLOUT 0x0004 +#endif +#ifndef POLLERR +# define POLLERR 0x0008 +#endif +#ifndef POLLHUP +# define POLLHUP 0x0010 +#endif +#ifndef POLLNVAL +# define POLLNVAL 0x0020 +#endif + #if 0 /* the following are currently not implemented */ #define POLLRDNORM 0x0040
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/bsd-snprintf.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/bsd-snprintf.c
Changed
@@ -35,9 +35,9 @@ * original. Also, there is now a builtin-test, just compile with: * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm * and run snprintf for results. - * + * * Thomas Roessler <roessler@guug.de> 01/27/98 for mutt 0.89i - * The PGP code was using unsigned hexadecimal formats. + * The PGP code was using unsigned hexadecimal formats. * Unfortunately, unsigned formats simply didn't work. * * Michael Elkins <me@cs.hmc.edu> 03/05/98 for mutt 0.90.8 @@ -55,20 +55,20 @@ * * date: 2002/12/19 19:56:31; author: herb; state: Exp; lines: +2 -0 * actually print args for %g and %e - * + * * date: 2002/06/03 13:37:52; author: jmcd; state: Exp; lines: +8 -0 * Since includes.h isn't included here, VA_COPY has to be defined here. I don't * see any include file that is guaranteed to be here, so I'm defining it * locally. Fixes AIX and Solaris builds. - * + * * date: 2002/06/03 03:07:24; author: tridge; state: Exp; lines: +5 -13 * put the ifdef for HAVE_VA_COPY in one place rather than in lots of * functions - * + * * date: 2002/05/17 14:51:22; author: jmcd; state: Exp; lines: +21 -4 * Fix usage of va_list passed as an arg. Use __va_copy before using it * when it exists. - * + * * date: 2002/04/16 22:38:04; author: idra; state: Exp; lines: +20 -14 * Fix incorrect zpadlen handling in fmtfp. * Thanks to Ollie Oldham <ollie.oldham@metro-optix.com> for spotting it. @@ -167,7 +167,7 @@ (pos)++; \ } while (0) -static int dopr(char *buffer, size_t maxlen, const char *format, +static int dopr(char *buffer, size_t maxlen, const char *format, va_list args_in); static int fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); @@ -192,19 +192,19 @@ va_list args; VA_COPY(args, args_in); - + state = DP_S_DEFAULT; currlen = flags = cflags = min = 0; max = -1; ch = *format++; - + while (state != DP_S_DONE) { - if (ch == '\0') + if (ch == '\0') state = DP_S_DONE; switch(state) { case DP_S_DEFAULT: - if (ch == '%') + if (ch == '%') state = DP_S_FLAGS; else DOPR_OUTCH(buffer, currlen, maxlen, ch); @@ -253,7 +253,7 @@ if (ch == '.') { state = DP_S_MAX; ch = *format++; - } else { + } else { state = DP_S_MOD; } break; @@ -306,7 +306,7 @@ switch (ch) { case 'd': case 'i': - if (cflags == DP_C_SHORT) + if (cflags == DP_C_SHORT) value = va_arg (args, int); else if (cflags == DP_C_LONG) value = va_arg (args, long int); @@ -489,12 +489,12 @@ } } if (maxlen != 0) { - if (currlen < maxlen - 1) + if (currlen < maxlen - 1) buffercurrlen = '\0'; - else if (maxlen > 0) + else if (maxlen > 0) buffermaxlen - 1 = '\0'; } - + return currlen < INT_MAX ? (int)currlen : -1; } @@ -514,11 +514,11 @@ for (strln = 0; strln < max && valuestrln; ++strln); /* strlen */ padlen = min - strln; - if (padlen < 0) + if (padlen < 0) padlen = 0; - if (flags & DP_F_MINUS) + if (flags & DP_F_MINUS) padlen = -padlen; /* Left Justify */ - + while ((padlen > 0) && (cnt < max)) { DOPR_OUTCH(buffer, *currlen, maxlen, ' '); --padlen; @@ -550,12 +550,12 @@ int spadlen = 0; /* amount to space pad */ int zpadlen = 0; /* amount to zero pad */ int caps = 0; - + if (max < 0) max = 0; - + uvalue = value; - + if(!(flags & DP_F_UNSIGNED)) { if( value < 0 ) { signvalue = '-'; @@ -567,7 +567,7 @@ signvalue = ' '; } } - + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ do { @@ -587,7 +587,7 @@ zpadlen = MAX(zpadlen, spadlen); spadlen = 0; } - if (flags & DP_F_MINUS) + if (flags & DP_F_MINUS) spadlen = -spadlen; /* Left Justifty */ #ifdef DEBUG_SNPRINTF @@ -602,7 +602,7 @@ } /* Sign */ - if (signvalue) + if (signvalue) DOPR_OUTCH(buffer, *currlen, maxlen, signvalue); /* Zeros */ @@ -618,7 +618,7 @@ --place; DOPR_OUTCH(buffer, *currlen, maxlen, convertplace); } - + /* Left Justified spaces */ while (spadlen < 0) { DOPR_OUTCH(buffer, *currlen, maxlen, ' '); @@ -633,19 +633,19 @@ if (value < 0) result = -value; - + return result; } static LDOUBLE POW10(int val) { LDOUBLE result = 1; - + while (val) { result *= 10; val--; } - + return result; } @@ -656,7 +656,7 @@ intpart = (LLONG)value; value = value - intpart; if (value >= 0.5) intpart++; - +
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/bsd-timegm.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/bsd-timegm.c
Changed
@@ -1,34 +1,34 @@ /* * Copyright (c) 1997 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. */ /* @@ -64,10 +64,10 @@ /* invalid tm structure */ return 0; } - + for (i = 70; i < tm->tm_year; ++i) res += is_leap(i) ? 366 : 365; - + for (i = 0; i < tm->tm_mon; ++i) res += ndaysis_leap(tm->tm_year)i; res += tm->tm_mday - 1;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/getopt.h -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/getopt.h
Changed
@@ -40,6 +40,7 @@ #define required_argument 1 #define optional_argument 2 +#if 0 struct option { /* name of long option */ const char *name; @@ -58,6 +59,8 @@ const struct option *, int *); int getopt_long_only(int, char * const *, const char *, const struct option *, int *); +#endif + #ifndef _GETOPT_DEFINED_ #define _GETOPT_DEFINED_ int getopt(int, char * const *, const char *);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/getopt_long.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/getopt_long.c
Changed
@@ -72,6 +72,20 @@ #include "log.h" +struct option { + /* name of long option */ + const char *name; + /* + * one of no_argument, required_argument, and optional_argument: + * whether option takes an argument + */ + int has_arg; + /* if not NULL, set *flag to val when option found */ + int *flag; + /* if flag not NULL, value to set *flag to; else return value */ + int val; +}; + int opterr = 1; /* if error message should be printed */ int optind = 1; /* index into parent argv vector */ int optopt = '?'; /* character checked for validity */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/getrrsetbyname.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/getrrsetbyname.c
Changed
@@ -116,8 +116,14 @@ #if !defined(HAVE__GETSHORT) || !defined(HAVE__GETLONG) || \ !defined(HAVE_DECL__GETSHORT) || HAVE_DECL__GETSHORT == 0 || \ !defined(HAVE_DECL__GETLONG) || HAVE_DECL__GETLONG == 0 -#define _getshort(x) (_ssh_compat_getshort(x)) -#define _getlong(x) (_ssh_compat_getlong(x)) +# ifdef _getshort +# undef _getshort +# endif +# ifdef _getlong +# undef _getlong +# endif +# define _getshort(x) (_ssh_compat_getshort(x)) +# define _getlong(x) (_ssh_compat_getlong(x)) /* * Routines to insert/extract short/long's. */ @@ -138,7 +144,7 @@ GETLONG(u, msgp); return (u); } -#endif +#endif /* missing _getshort/_getlong */ /* ************** */ @@ -384,6 +390,9 @@ struct dns_response *resp; const u_char *cp; + if (size < HFIXEDSZ) + return (NULL); + /* allocate memory for the response */ resp = calloc(1, sizeof(*resp)); if (resp == NULL) @@ -450,14 +459,22 @@ int i, length; char nameMAXDNAME; - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { +#define NEED(need) \ + do { \ + if (*cp + need > answer + size) \ + goto fail; \ + } while (0) - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_query)); - if (curr == NULL) { + for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { + if (*cp >= answer + size) { + fail: free_dns_query(head); return (NULL); } + /* allocate and initialize struct */ + curr = calloc(1, sizeof(struct dns_query)); + if (curr == NULL) + goto fail; if (head == NULL) head = curr; if (prev != NULL) @@ -475,16 +492,20 @@ free_dns_query(head); return (NULL); } + NEED(length); *cp += length; /* type */ + NEED(INT16SZ); curr->type = _getshort(*cp); *cp += INT16SZ; /* class */ + NEED(INT16SZ); curr->class = _getshort(*cp); *cp += INT16SZ; } +#undef NEED return (head); } @@ -497,14 +518,23 @@ int i, length; char nameMAXDNAME; - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { +#define NEED(need) \ + do { \ + if (*cp + need > answer + size) \ + goto fail; \ + } while (0) - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_rr)); - if (curr == NULL) { + for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { + if (*cp >= answer + size) { + fail: free_dns_rr(head); return (NULL); } + + /* allocate and initialize struct */ + curr = calloc(1, sizeof(struct dns_rr)); + if (curr == NULL) + goto fail; if (head == NULL) head = curr; if (prev != NULL) @@ -522,25 +552,31 @@ free_dns_rr(head); return (NULL); } + NEED(length); *cp += length; /* type */ + NEED(INT16SZ); curr->type = _getshort(*cp); *cp += INT16SZ; /* class */ + NEED(INT16SZ); curr->class = _getshort(*cp); *cp += INT16SZ; /* ttl */ + NEED(INT32SZ); curr->ttl = _getlong(*cp); *cp += INT32SZ; /* rdata size */ + NEED(INT16SZ); curr->size = _getshort(*cp); *cp += INT16SZ; /* rdata itself */ + NEED(curr->size); curr->rdata = malloc(curr->size); if (curr->rdata == NULL) { free_dns_rr(head); @@ -549,6 +585,7 @@ memcpy(curr->rdata, *cp, curr->size); *cp += curr->size; } +#undef NEED return (head); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/libressl-api-compat.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/libressl-api-compat.c
Changed
@@ -10,21 +10,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -39,10 +39,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -54,7 +54,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -75,7 +75,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/mktemp.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/mktemp.c
Changed
@@ -34,6 +34,29 @@ #include <ctype.h> #include <unistd.h> +#ifdef mkstemp +#undef mkstemp +#endif +int mkstemp(char *); + +/* + * From glibc man page: 'In glibc versions 2.06 and earlier, the file is + * created with permissions 0666, that is, read and write for all users.' + * Provide a wrapper to make sure the mask is reasonable (POSIX requires + * mode 0600, so mask off any other bits). + */ +int +_ssh_mkstemp(char *template) +{ + mode_t mask; + int ret; + + mask = umask(0177); + ret = mkstemp(template); + (void)umask(mask); + return ret; +} + #if !defined(HAVE_MKDTEMP) #define MKTEMP_NAME 0
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/openbsd-compat.h -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/openbsd-compat.h
Changed
@@ -69,10 +69,6 @@ int ftruncate(int filedes, off_t length); #endif -#if defined(HAVE_DECL_GETENTROPY) && HAVE_DECL_GETENTROPY == 0 -int _ssh_compat_getentropy(void *, size_t); -#endif - #ifndef HAVE_GETLINE #include <stdio.h> ssize_t getline(char **, size_t *, FILE *); @@ -145,6 +141,9 @@ char *mkdtemp(char *path); #endif +#define mkstemp(x) _ssh_mkstemp(x) +int _ssh_mkstemp(char *); + #ifndef HAVE_DAEMON int daemon(int nochdir, int noclose); #endif @@ -343,6 +342,7 @@ #endif #ifndef HAVE_TIMEGM +#include <time.h> time_t timegm(struct tm *); #endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/regress/Makefile.in -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/regress/Makefile.in
Changed
@@ -10,7 +10,8 @@ CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. -I$(srcdir)/../.. @CPPFLAGS@ @DEFS@ EXEEXT=@EXEEXT@ LIBCOMPAT=../libopenbsd-compat.a -LIBS=@LIBS@ +LIBSSH=../../libssh.a +LIBS=@LIBS@ @CHANNELLIBS@ LDFLAGS=@LDFLAGS@ $(LIBCOMPAT) TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \ @@ -18,8 +19,8 @@ all: t-exec ${OTHERTESTS} -%$(EXEEXT): %.c $(LIBCOMPAT) - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBS) +.c: $(LIBCOMPAT) $(LIBSSH) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCOMPAT) $(LIBSSH) $(LIBS) t-exec: $(TESTPROGS) @echo running compat regress tests
View file
_service:tar_scm:openssh-9.1p1.tar.gz/openbsd-compat/regress/opensslvertest.c -> _service:tar_scm:openssh-9.3p1.tar.gz/openbsd-compat/regress/opensslvertest.c
Changed
@@ -56,6 +56,7 @@ int main(void) { +#ifdef WITH_OPENSSL unsigned int i; int res; long hver, lver; @@ -67,5 +68,6 @@ if (ssh_compatible_openssl(hver, lver) != res) fail(hver, lver, res); } +#endif exit(0); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/packet.c -> _service:tar_scm:openssh-9.3p1.tar.gz/packet.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.308 2022/08/31 02:56:40 djm Exp $ */ +/* $OpenBSD: packet.c,v 1.309 2023/03/03 10:23:42 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1324,7 +1324,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u_char *typep, u_int32_t *seqnr_p) { struct session_state *state = ssh->state; - int len, r, ms_remain; + int len, r, ms_remain = 0; struct pollfd pfd; char buf8192; struct timeval start;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/platform-tracing.c -> _service:tar_scm:openssh-9.3p1.tar.gz/platform-tracing.c
Changed
@@ -32,6 +32,7 @@ #include <stdarg.h> #include <stdio.h> #include <string.h> +#include <unistd.h> #include "log.h" @@ -42,7 +43,16 @@ /* On FreeBSD, we should make this process untraceable */ int disable_trace = PROC_TRACE_CTL_DISABLE; - if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict) + /* + * On FreeBSD, we should make this process untraceable. + * pid=0 means "this process" but some older kernels do not + * understand that so retry with our own pid before failing. + */ + if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) == 0) + return; + if (procctl(P_PID, getpid(), PROC_TRACE_CTL, &disable_trace) == 0) + return; + if (strict) fatal("unable to make the process untraceable: %s", strerror(errno)); #endif
View file
_service:tar_scm:openssh-9.1p1.tar.gz/progressmeter.c -> _service:tar_scm:openssh-9.3p1.tar.gz/progressmeter.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: progressmeter.c,v 1.50 2020/01/23 07:10:22 dtucker Exp $ */ +/* $OpenBSD: progressmeter.c,v 1.52 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2003 Nils Nordman. All rights reserved. * @@ -30,8 +30,11 @@ #include <sys/uio.h> #include <errno.h> +#include <limits.h> +#include <signal.h> #include <signal.h> #include <stdarg.h> +#include <stdlib.h> #include <stdio.h> #include <string.h> #include <time.h> @@ -51,10 +54,6 @@ /* determines whether we can output to the terminal */ static int can_output(void); -/* formats and inserts the specified size into the given buffer */ -static void format_size(char *, int, off_t); -static void format_rate(char *, int, off_t); - /* window resizing */ static void sig_winch(int); static void setscreensize(void); @@ -84,10 +83,14 @@ return (getpgrp() == tcgetpgrp(STDOUT_FILENO)); } -static void -format_rate(char *buf, int size, off_t bytes) +/* size needed to format integer type v, using (nbits(v) * log2(10) / 10) */ +#define STRING_SIZE(v) (((sizeof(v) * 8 * 4) / 10) + 1) + +static const char * +format_rate(off_t bytes) { int i; + static char bufSTRING_SIZE(bytes) * 2 + 16; bytes *= 100; for (i = 0; bytes >= 100*1000 && uniti != 'T'; i++) @@ -96,37 +99,40 @@ i++; bytes = (bytes + 512) / 1024; } - snprintf(buf, size, "%3lld.%1lld%c%s", + snprintf(buf, sizeof(buf), "%3lld.%1lld%c%s", (long long) (bytes + 5) / 100, (long long) (bytes + 5) / 10 % 10, uniti, i ? "B" : " "); + return buf; } -static void -format_size(char *buf, int size, off_t bytes) +static const char * +format_size(off_t bytes) { int i; + static char bufSTRING_SIZE(bytes) + 16; for (i = 0; bytes >= 10000 && uniti != 'T'; i++) bytes = (bytes + 512) / 1024; - snprintf(buf, size, "%4lld%c%s", + snprintf(buf, sizeof(buf), "%4lld%c%s", (long long) bytes, uniti, i ? "B" : " "); + return buf; } void refresh_progress_meter(int force_update) { - char bufMAX_WINSIZE + 1; + char *buf = NULL, *obuf = NULL; off_t transferred; double elapsed, now; int percent; off_t bytes_left; int cur_speed; int hours, minutes, seconds; - int file_len; + int file_len, cols; if ((!force_update && !alarm_fired && !win_resized) || !can_output()) return; @@ -164,32 +170,29 @@ } else bytes_per_second = cur_speed; + last_update = now; + + /* Don't bother if we can't even display the completion percentage */ + if (win_size < 4) + return; + /* filename */ - buf0 = '\0'; - file_len = win_size - 36; + file_len = cols = win_size - 36; if (file_len > 0) { - buf0 = '\r'; - snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s", - file_len, file); + asmprintf(&buf, INT_MAX, &cols, "%-*s", file_len, file); + /* If we used fewer columns than expected then pad */ + if (cols < file_len) + xextendf(&buf, NULL, "%*s", file_len - cols, ""); } - /* percent of transfer done */ if (end_pos == 0 || cur_pos == end_pos) percent = 100; else percent = ((float)cur_pos / end_pos) * 100; - snprintf(buf + strlen(buf), win_size - strlen(buf), - " %3d%% ", percent); - - /* amount transferred */ - format_size(buf + strlen(buf), win_size - strlen(buf), - cur_pos); - strlcat(buf, " ", win_size); - /* bandwidth usage */ - format_rate(buf + strlen(buf), win_size - strlen(buf), - (off_t)bytes_per_second); - strlcat(buf, "/s ", win_size); + /* percent / amount transferred / bandwidth usage */ + xextendf(&buf, NULL, " %3d%% %s %s/s ", percent, format_size(cur_pos), + format_rate((off_t)bytes_per_second)); /* ETA */ if (!transferred) @@ -198,9 +201,9 @@ stalled = 0; if (stalled >= STALL_TIME) - strlcat(buf, "- stalled -", win_size); + xextendf(&buf, NULL, "- stalled -"); else if (bytes_per_second == 0 && bytes_left) - strlcat(buf, " --:-- ETA", win_size); + xextendf(&buf, NULL, " --:-- ETA"); else { if (bytes_left > 0) seconds = bytes_left / bytes_per_second; @@ -212,24 +215,29 @@ minutes = seconds / 60; seconds -= minutes * 60; - if (hours != 0) - snprintf(buf + strlen(buf), win_size - strlen(buf), - "%d:%02d:%02d", hours, minutes, seconds); - else - snprintf(buf + strlen(buf), win_size - strlen(buf), - " %02d:%02d", minutes, seconds); + if (hours != 0) { + xextendf(&buf, NULL, "%d:%02d:%02d", + hours, minutes, seconds); + } else + xextendf(&buf, NULL, " %02d:%02d", minutes, seconds); if (bytes_left > 0) - strlcat(buf, " ETA", win_size); + xextendf(&buf, NULL, " ETA"); else - strlcat(buf, " ", win_size); + xextendf(&buf, NULL, " "); } - atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1); - last_update = now; + /* Finally, truncate string at window width */ + cols = win_size - 1; + asmprintf(&obuf, INT_MAX, &cols, " %s", buf); + if (obuf != NULL) { + *obuf = '\r'; /* must insert as asmprintf() would escape it */ + atomicio(vwrite, STDOUT_FILENO, obuf, strlen(obuf)); + } + free(buf); + free(obuf); } -/*ARGSUSED*/ static void sig_alarm(int ignore) { @@ -272,7 +280,6 @@ atomicio(vwrite, STDOUT_FILENO, "\n", 1); } -/*ARGSUSED*/ static void sig_winch(int sig)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/readconf.c -> _service:tar_scm:openssh-9.3p1.tar.gz/readconf.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.369 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.375 2023/03/10 02:24:56 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -54,7 +54,6 @@ #include "xmalloc.h" #include "ssh.h" #include "ssherr.h" -#include "compat.h" #include "cipher.h" #include "pathnames.h" #include "log.h" @@ -175,6 +174,7 @@ oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms, oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump, oSecurityKeyProvider, oKnownHostsCommand, oRequiredRSASize, + oEnableEscapeCommandline, oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported } OpCodes; @@ -321,6 +321,7 @@ { "securitykeyprovider", oSecurityKeyProvider }, { "knownhostscommand", oKnownHostsCommand }, { "requiredrsasize", oRequiredRSASize }, + { "enableescapecommandline", oEnableEscapeCommandline }, { NULL, oBadOption } }; @@ -615,7 +616,7 @@ } arg = criteria = NULL; this_result = 1; - if ((negate = attrib0 == '!')) + if ((negate = (attrib0 == '!'))) attrib++; /* Criterion "all" has no argument and must appear alone */ if (strcasecmp(attrib, "all") == 0) { @@ -1566,37 +1567,37 @@ case oPermitRemoteOpen: uintptr = &options->num_permitted_remote_opens; cppptr = &options->permitted_remote_opens; - arg = argv_next(&ac, &av); - if (!arg || *arg == '\0') - fatal("%s line %d: missing %s specification", - filename, linenum, lookup_opcode_name(opcode)); uvalue = *uintptr; /* modified later */ - if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { - if (*activep && uvalue == 0) { - *uintptr = 1; - *cppptr = xcalloc(1, sizeof(**cppptr)); - (*cppptr)0 = xstrdup(arg); - } - break; - } + i = 0; while ((arg = argv_next(&ac, &av)) != NULL) { arg2 = xstrdup(arg); - p = hpdelim(&arg); - if (p == NULL) { - fatal("%s line %d: missing host in %s", - filename, linenum, - lookup_opcode_name(opcode)); - } - p = cleanhostname(p); - /* - * don't want to use permitopen_port to avoid - * dependency on channels.ch here. - */ - if (arg == NULL || - (strcmp(arg, "*") != 0 && a2port(arg) <= 0)) { - fatal("%s line %d: bad port number in %s", - filename, linenum, - lookup_opcode_name(opcode)); + /* Allow any/none only in first position */ + if (strcasecmp(arg, "none") == 0 || + strcasecmp(arg, "any") == 0) { + if (i > 0 || ac > 0) { + error("%s line %d: keyword %s \"%s\" " + "argument must appear alone.", + filename, linenum, keyword, arg); + goto out; + } + } else { + p = hpdelim(&arg); + if (p == NULL) { + fatal("%s line %d: missing host in %s", + filename, linenum, + lookup_opcode_name(opcode)); + } + p = cleanhostname(p); + /* + * don't want to use permitopen_port to avoid + * dependency on channels.ch here. + */ + if (arg == NULL || (strcmp(arg, "*") != 0 && + a2port(arg) <= 0)) { + fatal("%s line %d: bad port number " + "in %s", filename, linenum, + lookup_opcode_name(opcode)); + } } if (*activep && uvalue == 0) { opt_array_append(filename, linenum, @@ -1604,7 +1605,11 @@ cppptr, uintptr, arg2); } free(arg2); + i++; } + if (i == 0) + fatal("%s line %d: missing %s specification", + filename, linenum, lookup_opcode_name(opcode)); break; case oClearAllForwardings: @@ -2125,15 +2130,13 @@ value2 = 0; /* unlimited lifespan by default */ if (value == 3 && arg2 != NULL) { /* allow "AddKeysToAgent confirm 5m" */ - if ((value2 = convtime(arg2)) == -1 || - value2 > INT_MAX) { + if ((value2 = convtime(arg2)) == -1) { error("%s line %d: invalid time value.", filename, linenum); goto out; } } else if (value == -1 && arg2 == NULL) { - if ((value2 = convtime(arg)) == -1 || - value2 > INT_MAX) { + if ((value2 = convtime(arg)) == -1) { error("%s line %d: unsupported option", filename, linenum); goto out; @@ -2177,6 +2180,10 @@ *charptr = xstrdup(arg); break; + case oEnableEscapeCommandline: + intptr = &options->enable_escape_commandline; + goto parse_flag; + case oRequiredRSASize: intptr = &options->required_rsa_size; goto parse_int; @@ -2317,6 +2324,7 @@ initialize_options(Options * options) { memset(options, 'X', sizeof(*options)); + options->host_arg = NULL; options->forward_agent = -1; options->forward_agent_sock_path = NULL; options->forward_x11 = -1; @@ -2429,6 +2437,7 @@ options->pubkey_accepted_algos = NULL; options->known_hosts_command = NULL; options->required_rsa_size = -1; + options->enable_escape_commandline = -1; } /* @@ -2627,6 +2636,8 @@ #endif if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->enable_escape_commandline == -1) + options->enable_escape_commandline = 0; /* Expand KEX name lists */ all_cipher = cipher_alg_list(',', 0); @@ -3265,6 +3276,7 @@ free(all_key); /* Most interesting options first: user, host, port */ + dump_cfg_string(oHost, o->host_arg); dump_cfg_string(oUser, o->user); dump_cfg_string(oHostname, host); dump_cfg_int(oPort, o->port); @@ -3308,6 +3320,7 @@ dump_cfg_fmtint(oVerifyHostKeyDNS, o->verify_host_key_dns); dump_cfg_fmtint(oVisualHostKey, o->visual_host_key); dump_cfg_fmtint(oUpdateHostkeys, o->update_hostkeys); + dump_cfg_fmtint(oEnableEscapeCommandline, o->enable_escape_commandline); /* Integer options */ dump_cfg_int(oCanonicalizeMaxDots, o->canonicalize_max_dots);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/readconf.h -> _service:tar_scm:openssh-9.3p1.tar.gz/readconf.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.148 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.150 2023/01/13 02:58:20 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -28,6 +28,7 @@ }; typedef struct { + char *host_arg; /* Host arg as specified on command line. */ int forward_agent; /* Forward authentication agent. */ char *forward_agent_sock_path; /* Optional path of the agent. */ int forward_x11; /* Forward X11 display. */ @@ -177,6 +178,7 @@ char *known_hosts_command; int required_rsa_size; /* minimum size of RSA keys */ + int enable_escape_commandline; /* ~C commandline */ char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ } Options;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.120 2022/01/06 21:46:56 dtucker Exp $ +# $OpenBSD: Makefile,v 1.124 2023/03/01 09:29:32 dtucker Exp $ tests: prep file-tests t-exec unit @@ -101,7 +101,9 @@ knownhosts \ knownhosts-command \ agent-restrict \ - hostbased + hostbased \ + channel-timeout \ + connection-timeout INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp @@ -129,14 +131,15 @@ rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ + ssh-agent.log ssh-add.log slow-sftp-server.sh \ ssh-rsa_oldfmt knownhosts_command \ ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ ssh_proxy_* sshd.log sshd_config sshd_config.* \ sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \ sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \ t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \ - t8.out t8.out.pub t9.out t9.out.pub testdata \ - user_*key* user_ca* user_key* + t8.out t8.out.pub t9.out t9.out.pub \ + timestamp testdata user_*key* user_ca* user_key* # Enable all malloc(3) randomisations and checks TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/agent-getpeereid.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/agent-getpeereid.sh
Changed
@@ -1,3 +1,4 @@ +# $OpenBSD: agent-getpeereid.sh,v 1.15 2023/02/08 08:06:03 dtucker Exp $ # $OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $ # Placed in the Public Domain. @@ -6,6 +7,8 @@ UNPRIV=nobody ASOCK=${OBJ}/agent SSH_AUTH_SOCK=/nonexistent +>$OBJ/ssh-agent.log +>$OBJ/ssh-add.log if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then : @@ -25,14 +28,14 @@ esac trace "start agent" -eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` > /dev/null +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s -a ${ASOCK}` >$OBJ/ssh-agent.log 2>&1 r=$? if $r -ne 0 ; then fail "could not start ssh-agent: exit code $r" else chmod 644 ${SSH_AUTH_SOCK} - ${SSHADD} -l > /dev/null 2>&1 + ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 r=$? if $r -ne 1 ; then fail "ssh-add failed with $r != 1" @@ -42,15 +45,16 @@ ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null else # sudo - < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null + < /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -vvv -l >>$OBJ/ssh-add.log 2>&1 fi r=$? if $r -lt 2 ; then fail "ssh-add did not fail for ${UNPRIV}: $r < 2" + cat $OBJ/ssh-add.log fi trace "kill agent" - ${SSHAGENT} -k > /dev/null + ${SSHAGENT} -k >>$OBJ/ssh-agent.log 2>&1 fi rm -f ${OBJ}/agent
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/agent-ptrace.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/agent-ptrace.sh
Changed
@@ -38,6 +38,7 @@ $SUDO chown 0 ${SSHAGENT} $SUDO chgrp 0 ${SSHAGENT} $SUDO chmod 2755 ${SSHAGENT} + trap "$SUDO chown ${USER} ${SSHAGENT}; $SUDO chmod 755 ${SSHAGENT}" 0 fi trace "start agent"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/agent-restrict.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/agent-restrict.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: agent-restrict.sh,v 1.5 2022/01/13 04:53:16 dtucker Exp $ +# $OpenBSD: agent-restrict.sh,v 1.6 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="agent restrictions" @@ -39,14 +39,14 @@ Hostname host_$h HostkeyAlias host_$h IdentityFile $OBJ/user_$h - ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h + ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h _EOF # Variant with no specified keys. cat << _EOF >> $OBJ/ssh_proxy_noid Host host_$h Hostname host_$h HostkeyAlias host_$h - ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy_host_$h + ProxyCommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy_host_$h _EOF done cat $OBJ/ssh_proxy.bak >> $OBJ/ssh_proxy
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/agent.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/agent.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $ +# $OpenBSD: agent.sh,v 1.21 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="simple agent test" @@ -9,7 +9,7 @@ fi trace "start agent, args ${EXTRA_AGENT_ARGS} -s" -eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` > /dev/null +eval `${SSHAGENT} ${EXTRA_AGENT_ARGS} -s` >`ssh_logfile ssh-agent` r=$? if $r -ne 0 ; then fatal "could not start ssh-agent: exit code $r"
View file
_service:tar_scm:openssh-9.3p1.tar.gz/regress/channel-timeout.sh
Added
@@ -0,0 +1,91 @@ +# $OpenBSD: channel-timeout.sh,v 1.1 2023/01/06 08:07:39 djm Exp $ +# Placed in the Public Domain. + +tid="channel timeout" + +# XXX not comprehensive. Still need -R -L agent X11 forwarding + interactive + +rm -f $OBJ/sshd_proxy.orig +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig + +verbose "no timeout" +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if $r -ne 23 ; then + fail "ssh failed" +fi + +verbose "command timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:command=1") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if $r -ne 255 ; then + fail "ssh returned unexpected error code $r" +fi + +verbose "command wildcard timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:*=1") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if $r -ne 255 ; then + fail "ssh returned unexpected error code $r" +fi + +verbose "command irrelevant timeout" +(cat $OBJ/sshd_proxy.orig ; echo "ChannelTimeout session:shell=1") \ + > $OBJ/sshd_proxy +${SSH} -F $OBJ/ssh_proxy somehost "sleep 5 ; exit 23" +r=$? +if $r -ne 23 ; then + fail "ssh failed" +fi + +# Set up a "slow sftp server" that sleeps before executing the real one. +cat > $OBJ/slow-sftp-server.sh << _EOF +#!/bin/sh + +sleep 5 +$SFTPSERVER +_EOF +chmod a+x $OBJ/slow-sftp-server.sh + +verbose "sftp no timeout" +(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; + echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy + +rm -f ${COPY} +$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY +r=$? +if $r -ne 0 ; then + fail "sftp failed" +fi +cmp $DATA $COPY || fail "corrupted copy" + +verbose "sftp timeout" +(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; + echo "ChannelTimeout session:subsystem:sftp=1" ; + echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy + +rm -f ${COPY} +$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY +r=$? +if $r -eq 0 ; then + fail "sftp succeeded unexpectedly" +fi +test -f $COPY && cmp $DATA $COPY && fail "intact copy" + +verbose "sftp irrelevant timeout" +(grep -vi subsystem.*sftp $OBJ/sshd_proxy.orig; + echo "ChannelTimeout session:subsystem:command=1" ; + echo "Subsystem sftp $OBJ/slow-sftp-server.sh" ) > $OBJ/sshd_proxy + +rm -f ${COPY} +$SFTP -qS $SSH -F $OBJ/ssh_proxy somehost:$DATA $COPY +r=$? +if $r -ne 0 ; then + fail "sftp failed" +fi +cmp $DATA $COPY || fail "corrupted copy" +
View file
_service:tar_scm:openssh-9.3p1.tar.gz/regress/connection-timeout.sh
Added
@@ -0,0 +1,87 @@ +# $OpenBSD: connection-timeout.sh,v 1.2 2023/01/17 10:15:10 djm Exp $ +# Placed in the Public Domain. + +tid="unused connection timeout" +if config_defined DISABLE_FD_PASSING ; then + skip "not supported on this platform" +fi + +CTL=$OBJ/ctl-sock +cp $OBJ/sshd_proxy $OBJ/sshd_proxy.orig + +check_ssh() { + test -S $CTL || return 1 + if ! ${REAL_SSH} -qF$OBJ/ssh_proxy -O check \ + -oControlPath=$CTL somehost >/dev/null 2>&1 ; then + return 1 + fi + return 0 +} + +start_ssh() { + trace "start ssh" + ${SSH} -nNfF $OBJ/ssh_proxy "$@" -oExitOnForwardFailure=yes \ + -oControlMaster=yes -oControlPath=$CTL somehost + r=$? + test $r -eq 0 || fatal "failed to start ssh $r" + check_ssh || fatal "ssh process unresponsive" +} + +stop_ssh() { + test -S $CTL || return + check_ssh || fatal "ssh process is unresponsive: cannot close" + if ! ${REAL_SSH} -qF$OBJ/ssh_proxy -O exit \ + -oControlPath=$CTL >/dev/null somehost >/dev/null ; then + fatal "ssh process did not respond to close" + fi + n=0 + while "$n" -lt 20 ; do + test -S $CTL || break + sleep 1 + n=`expr $n + 1` + done + if test -S $CTL ; then + fatal "ssh process did not exit" + fi +} + +trap "stop_ssh" EXIT + +verbose "no timeout" +start_ssh +sleep 5 +check_ssh || fatal "ssh unexpectedly missing" +stop_ssh + +(cat $OBJ/sshd_proxy.orig ; echo "UnusedConnectionTimeout 2") > $OBJ/sshd_proxy + +verbose "timeout" +start_ssh +sleep 8 +check_ssh && fail "ssh unexpectedly present" +stop_ssh + +verbose "session inhibits timeout" +rm -f $OBJ/copy.1 +start_ssh +${REAL_SSH} -qoControlPath=$CTL -oControlMaster=no -Fnone somehost \ + "sleep 8; touch $OBJ/copy.1" & +check_ssh || fail "ssh unexpectedly missing" +wait +test -f $OBJ/copy.1 || fail "missing result file" + +verbose "timeout after session" +# Session should still be running from previous +sleep 8 +check_ssh && fail "ssh unexpectedly present" +stop_ssh + +LPORT=`expr $PORT + 1` +RPORT=`expr $LPORT + 1` +DPORT=`expr $RPORT + 1` +RDPORT=`expr $DPORT + 1` +verbose "timeout with listeners" +start_ssh -L$LPORT:127.0.0.1:$PORT -R$RPORT:127.0.0.1:$PORT -D$DPORT -R$RDPORT +sleep 8 +check_ssh && fail "ssh unexpectedly present" +stop_ssh
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/dhgex.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/dhgex.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: dhgex.sh,v 1.7 2020/12/21 22:48:41 dtucker Exp $ +# $OpenBSD: dhgex.sh,v 1.8 2023/03/02 08:14:52 dtucker Exp $ # Placed in the Public Domain. tid="dhgex" @@ -31,8 +31,8 @@ # check what we request grep "SSH2_MSG_KEX_DH_GEX_REQUEST($groupsz) sent" ${LOG} >/dev/null if $? != 0 ; then - got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}` - fail "$tid unexpected GEX sizes, expected $groupsz, got $got" + got="`egrep 'SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent' ${LOG}`" + fail "$tid unexpected GEX sizes, expected $groupsz, got '$got'" fi # check what we got. gotbits="`awk 'BEGIN{FS="/"}/bits set:/{print $2}' ${LOG} |
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/dynamic-forward.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/dynamic-forward.sh
Changed
@@ -1,61 +1,110 @@ -# $OpenBSD: dynamic-forward.sh,v 1.13 2017/09/21 19:18:12 markus Exp $ +# $OpenBSD: dynamic-forward.sh,v 1.15 2023/01/06 08:50:33 dtucker Exp $ # Placed in the Public Domain. tid="dynamic forwarding" -FWDPORT=`expr $PORT + 1` - -if have_prog nc && nc -h 2>&1 | grep "proxy address" >/dev/null; then - proxycmd="nc -x 127.0.0.1:$FWDPORT -X" -elif have_prog connect; then - proxycmd="connect -S 127.0.0.1:$FWDPORT -" -else - echo "skipped (no suitable ProxyCommand found)" - exit 0 +# This is a reasonable proxy for IPv6 support. +if ! config_defined HAVE_STRUCT_IN6_ADDR ; then + SKIP_IPV6=yes fi -trace "will use ProxyCommand $proxycmd" -start_sshd +FWDPORT=`expr $PORT + 1` +make_tmpdir +CTL=${SSH_REGRESS_TMP}/ctl-sock +cp $OBJ/ssh_config $OBJ/ssh_config.orig +proxycmd="$OBJ/netcat -x 127.0.0.1:$FWDPORT -X" +trace "will use ProxyCommand $proxycmd" -for d in D R; do +start_ssh() { + direction="$1" + arg="$2" n=0 error="1" - trace "start dynamic forwarding, fork to background" + trace "start dynamic -$direction forwarding, fork to background" + (cat $OBJ/ssh_config.orig ; echo "$arg") > $OBJ/ssh_config + ${REAL_SSH} -vvvnNfF $OBJ/ssh_config -E$TEST_SSH_LOGFILE \ + -$direction $FWDPORT -oExitOnForwardFailure=yes \ + -oControlMaster=yes -oControlPath=$CTL somehost + r=$? + test $r -eq 0 || fatal "failed to start dynamic forwarding $r" + if ! ${REAL_SSH} -qF$OBJ/ssh_config -O check \ + -oControlPath=$CTL somehost >/dev/null 2>&1 ; then + fatal "forwarding ssh process unresponsive" + fi +} - while "$error" -ne 0 -a "$n" -lt 3 ; do +stop_ssh() { + test -S $CTL || return + if ! ${REAL_SSH} -qF$OBJ/ssh_config -O exit \ + -oControlPath=$CTL >/dev/null somehost >/dev/null ; then + fatal "forwarding ssh process did not respond to close" + fi + n=0 + while "$n" -lt 20 ; do + test -S $CTL || break + sleep 1 n=`expr $n + 1` - ${SSH} -F $OBJ/ssh_config -f -$d $FWDPORT -q \ - -oExitOnForwardFailure=yes somehost exec sh -c \ - \'"echo \$\$ > $OBJ/remote_pid; exec sleep 444"\' - error=$? - if "$error" -ne 0 ; then - trace "forward failed attempt $n err $error" - sleep $n - fi done - if "$error" -ne 0 ; then - fatal "failed to start dynamic forwarding" + if test -S $CTL ; then + fatal "forwarding ssh process did not exit" fi +} +check_socks() { + direction=$1 + expect_success=$2 for s in 4 5; do for h in 127.0.0.1 localhost; do - trace "testing ssh socks version $s host $h (-$d)" - ${SSH} -F $OBJ/ssh_config \ - -o "ProxyCommand ${proxycmd}${s} $h $PORT" \ + trace "testing ssh socks version $s host $h (-$direction)" + ${REAL_SSH} -q -F $OBJ/ssh_config \ + -o "ProxyCommand ${proxycmd}${s} $h $PORT 2>/dev/null" \ somehost cat ${DATA} > ${COPY} - test -f ${COPY} || fail "failed copy ${DATA}" - cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" + r=$? + if "x$expect_success" = "xY" ; then + if $r -ne 0 ; then + fail "ssh failed with exit status $r" + fi + test -f ${COPY} || fail "failed copy ${DATA}" + cmp ${DATA} ${COPY} || fail "corrupted copy of ${DATA}" + elif $r -eq 0 ; then + fail "ssh unexpectedly succeeded" + fi done done +} - if -f $OBJ/remote_pid ; then - remote=`cat $OBJ/remote_pid` - trace "terminate remote shell, pid $remote" - if $remote -gt 1 ; then - kill -HUP $remote - fi - else - fail "no pid file: $OBJ/remote_pid" - fi +start_sshd +trap "stop_ssh" EXIT + +for d in D R; do + verbose "test -$d forwarding" + start_ssh $d + check_socks $d Y + stop_ssh + test "x$d" = "xR" || continue + + # Test PermitRemoteOpen + verbose "PermitRemoteOpen=any" + start_ssh $d PermitRemoteOpen=any + check_socks $d Y + stop_ssh + + verbose "PermitRemoteOpen=none" + start_ssh $d PermitRemoteOpen=none + check_socks $d N + stop_ssh + + verbose "PermitRemoteOpen=explicit" + permit="127.0.0.1:$PORT ::1:$PORT localhost:$PORT" + test -z "$SKIP_IPV6" || permit="127.0.0.1:$PORT localhost:$PORT" + start_ssh $d PermitRemoteOpen="$permit" + check_socks $d Y + stop_ssh + verbose "PermitRemoteOpen=disallowed" + permit="127.0.0.1:1 ::1:1 localhost:1" + test -z "$SKIP_IPV6" || permit="127.0.0.1:1 localhost:1" + start_ssh $d PermitRemoteOpen="$permit" + check_socks $d N + stop_ssh done
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/hostbased.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/hostbased.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: hostbased.sh,v 1.3 2022/01/08 07:55:26 dtucker Exp $ +# $OpenBSD: hostbased.sh,v 1.4 2022/12/07 11:45:43 dtucker Exp $ # Placed in the Public Domain. # This test requires external setup and thus is skipped unless @@ -8,7 +8,7 @@ # - ssh-keysign must be installed and setuid. # - "EnableSSHKeysign yes" must be in the system ssh_config. # - the system's own real FQDN the system-wide shosts.equiv. -# - the system's real public key fingerprints must me in global ssh_known_hosts. +# - the system's real public key fingerprints must be in global ssh_known_hosts. # tid="hostbased"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/integrity.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/integrity.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: integrity.sh,v 1.24 2020/01/21 08:06:27 djm Exp $ +# $OpenBSD: integrity.sh,v 1.25 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. tid="integrity" @@ -18,7 +18,7 @@ # >> $OBJ/ssh_proxy # sshd-command for proxy (see test-exec.sh) -cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" +cmd="$SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" sh ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" for m in $macs; do trace "test $tid: mac $m"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/keygen-sshfp.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/keygen-sshfp.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: keygen-sshfp.sh,v 1.2 2021/07/19 02:29:28 dtucker Exp $ +# $OpenBSD: keygen-sshfp.sh,v 1.3 2023/02/10 05:06:03 djm Exp $ # Placed in the Public Domain. tid="keygen-sshfp" @@ -16,6 +16,25 @@ fail "keygen fingerprint sha256" fi +# Expect two lines of output without an explicit algorithm +fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | wc -l` +if $(($fp + 0)) -ne 2 ; then + fail "incorrect number of SSHFP records $fp (expected 2)" +fi + +# Test explicit algorithm selection +exp="test IN SSHFP 4 1 8a8647a7567e202ce317e62606c799c53d4c121f" +fp=`${SSHKEYGEN} -Ohashalg=sha1 -r test -f ${SRC}/ed25519_openssh.pub` +if "x$exp" != "x$fp" ; then + fail "incorrect SHA1 SSHFP output" +fi + +exp="test IN SSHFP 4 2 54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" +fp=`${SSHKEYGEN} -Ohashalg=sha256 -r test -f ${SRC}/ed25519_openssh.pub` +if "x$exp" != "x$fp" ; then + fail "incorrect SHA256 SSHFP output" +fi + if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'` if "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ; then @@ -27,3 +46,4 @@ fail "keygen fingerprint sha256" fi fi +
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/knownhosts.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/knownhosts.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: knownhosts.sh,v 1.1 2021/10/01 05:20:20 dtucker Exp $ +# $OpenBSD: knownhosts.sh,v 1.2 2023/02/09 09:55:33 dtucker Exp $ # Placed in the Public Domain. tid="known hosts" @@ -15,3 +15,21 @@ trace "test hashed known hosts" ${SSH} $opts somehost true || fail "reconnect with hashed known hosts" + +trace "no newline at end of known_hosts" +printf "something" >$OBJ/known_hosts +${SSH} $opts -ostricthostkeychecking=no somehost true \ + || fail "hostkey update, missing newline, no strict" +${SSH} $opts -ostricthostkeychecking=yes somehost true \ + || fail "reconnect after adding with missing newline" + +trace "newline at end of known_hosts" +printf "something\n" >$OBJ/known_hosts +${SSH} $opts -ostricthostkeychecking=no somehost true \ + || fail "hostkey update, newline, no strict" +${SSH} $opts -ostricthostkeychecking=yes somehost true \ + || fail "reconnect after adding without missing newline" +lines=`wc -l <$OBJ/known_hosts` +if $lines -ne 2 ; then + fail "expected 2 lines in known_hosts, found $lines" +fi
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/krl.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/krl.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: krl.sh,v 1.11 2019/12/16 02:39:05 djm Exp $ +# $OpenBSD: krl.sh,v 1.12 2023/01/16 04:11:29 djm Exp $ # Placed in the Public Domain. tid="key revocation lists" @@ -175,8 +175,8 @@ KEYID_RESULT=$7 CERTS_RESULT=$8 CA_RESULT=$9 - SERIAL_WRESULT=$10 - KEYID_WRESULT=$11 + SERIAL_WRESULT=${10} + KEYID_WRESULT=${11} verbose "$tid: checking revocations for $TAG" for f in $FILES ; do check_krl $f $OBJ/krl-empty no "$TAG"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/misc/sk-dummy/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/misc/sk-dummy/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2019/11/29 00:13:29 djm Exp $ +# $OpenBSD: Makefile,v 1.3 2023/01/15 23:35:10 djm Exp $ .include <bsd.own.mk> .include <bsd.obj.mk> @@ -11,7 +11,7 @@ SRCS=sk-dummy.c # From usr.bin/ssh -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=ed25519.c hash.c OPENSSL?= yes CFLAGS+= -fPIC
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/multiplex.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/multiplex.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: multiplex.sh,v 1.34 2022/06/03 04:31:54 djm Exp $ +# $OpenBSD: multiplex.sh,v 1.36 2023/03/01 09:29:32 dtucker Exp $ # Placed in the Public Domain. make_tmpdir @@ -24,6 +24,7 @@ fatal "mux master never becomes ready" } +maybe_add_scp_path_to_sshd start_sshd start_mux_master() @@ -86,7 +87,7 @@ rm -f ${COPY} verbose "test $tid: forward" trace "forward over TCP/IP and check result" -$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} > /dev/null & +$NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} >`ssh_logfile nc` & netcat_pid=$! ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1 sleep 1 # XXX remove once race fixed
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/percent.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/percent.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: percent.sh,v 1.14 2022/02/20 03:47:26 dtucker Exp $ +# $OpenBSD: percent.sh,v 1.16 2023/01/14 09:57:08 dtucker Exp $ # Placed in the Public Domain. tid="percent expansions" @@ -12,6 +12,7 @@ USERID=`id -u` HOST=`hostname | cut -f1 -d.` HOSTNAME=`hostname` +HASH="" # Localcommand is evaluated after connection because %T is not available # until then. Because of this we use a different method of exercising it, @@ -79,10 +80,12 @@ trial $i '%T' NONE fi # Matches implementation in readconf.c:ssh_connection_hash() - HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | - $OPENSSL_BIN sha1 | cut -f2 -d' '` + if ! -z "${OPENSSL_BIN}" ; then + HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" | + $OPENSSL_BIN sha1 | cut -f2 -d' '` + trial $i '%C' $HASH + fi trial $i '%%' '%' - trial $i '%C' $HASH trial $i '%i' $USERID trial $i '%h' 127.0.0.1 trial $i '%L' $HOST @@ -96,8 +99,13 @@ # containing %d for UserKnownHostsFile if "$i" != "userknownhostsfile" ; then trial $i '%d' $HOME - trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \ - "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" + in='%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' + out="%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER" + if ! -z "${HASH}" ; then + in="$in/%C" + out="$out/$HASH" + fi + trial $i "$in" "$out" fi done
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/reexec.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/reexec.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: reexec.sh,v 1.12 2017/08/07 03:52:55 dtucker Exp $ +# $OpenBSD: reexec.sh,v 1.13 2023/01/19 07:53:45 dtucker Exp $ # Placed in the Public Domain. tid="reexec tests" @@ -49,7 +49,7 @@ verbose "test reexec fallback" start_sshd_copy -rm -f $SSHD_COPY +$SUDO rm -f $SSHD_COPY copy_tests
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/scp-uri.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/scp-uri.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: scp-uri.sh,v 1.4 2021/08/10 03:35:45 djm Exp $ +# $OpenBSD: scp-uri.sh,v 1.5 2023/01/13 04:47:34 dtucker Exp $ # Placed in the Public Domain. tid="scp-uri" @@ -9,6 +9,8 @@ DIR=${COPY}.dd DIR2=${COPY}.dd2 +maybe_add_scp_path_to_sshd + SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp chmod 755 ${OBJ}/scp-ssh-wrapper.scp
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/scp.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/scp.sh
Changed
@@ -1,20 +1,23 @@ -# $OpenBSD: scp.sh,v 1.14 2022/05/15 23:48:07 djm Exp $ +# $OpenBSD: scp.sh,v 1.18 2023/01/13 04:47:34 dtucker Exp $ # Placed in the Public Domain. tid="scp" #set -x -# Figure out if diff understands "-N" -if diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then - DIFFOPT="-rN" -else - DIFFOPT="-r" -fi - COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 +COPY3=${OBJ}/copy.glob123 +DIR3=${COPY}.dd.glob456 +DIFFOPT="-rN" + +# Figure out if diff does not understand "-N" +if ! diff -N ${SRC}/scp.sh ${SRC}/scp.sh 2>/dev/null; then + DIFFOPT="-r" +fi + +maybe_add_scp_path_to_sshd SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp @@ -22,9 +25,9 @@ export SCP # used in scp-ssh-wrapper.scp scpclean() { - rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} - mkdir ${DIR} ${DIR2} - chmod 755 ${DIR} ${DIR2} + rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2} ${COPY3} ${DIR3} + mkdir ${DIR} ${DIR2} ${DIR3} + chmod 755 ${DIR} ${DIR2} ${DIR3} } for mode in scp sftp ; do @@ -34,7 +37,7 @@ else scpopts="-s -D ${SFTPSERVER}" fi - verbose "tid: simple copy local file to local file" + verbose "$tag: simple copy local file to local file" scpclean $SCP $scpopts ${DATA} ${COPY} || fail "copy failed" cmp ${DATA} ${COPY} || fail "corrupted copy" @@ -113,6 +116,30 @@ $SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed" diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: unmatched glob file local->remote" + scpclean + $SCP $scpopts ${DATA} somehost:${COPY3} || fail "copy failed" + cmp ${DATA} ${COPY3} || fail "corrupted copy" + + verbose "$tag: unmatched glob file remote->local" + # NB. no clean + $SCP $scpopts somehost:${COPY3} ${COPY2} || fail "copy failed" + cmp ${DATA} ${COPY2} || fail "corrupted copy" + + verbose "$tag: unmatched glob dir recursive local->remote" + scpclean + rm -rf ${DIR3} + cp ${DATA} ${DIR}/copy + cp ${DATA} ${DIR}/copy.glob1234 + $SCP $scpopts -r ${DIR} somehost:${DIR3} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR3} || fail "corrupted copy" + + verbose "$tag: unmatched glob dir recursive remote->local" + # NB. no clean + rm -rf ${DIR2} + $SCP $scpopts -r somehost:${DIR3} ${DIR2} || fail "copy failed" + diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy" + verbose "$tag: shell metacharacters" scpclean (cd ${DIR} && \
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/scp3.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/scp3.sh
Changed
@@ -1,19 +1,15 @@ -# $OpenBSD: scp3.sh,v 1.3 2021/08/10 03:35:45 djm Exp $ +# $OpenBSD: scp3.sh,v 1.4 2023/01/13 04:47:34 dtucker Exp $ # Placed in the Public Domain. tid="scp3" -#set -x +set -x COPY2=${OBJ}/copy2 DIR=${COPY}.dd DIR2=${COPY}.dd2 -$SSH -F $OBJ/ssh_proxy somehost \ - 'IFS=":"; for i in $PATH;do -x "$i/scp" && exit 0; done; exit 1' -if $? -eq 1 ; then - skip "No scp on remote path." -fi +maybe_add_scp_path_to_sshd SRC=`dirname ${SCRIPT}` cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/test-exec.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/test-exec.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: test-exec.sh,v 1.92 2022/07/25 07:12:45 dtucker Exp $ +# $OpenBSD: test-exec.sh,v 1.98 2023/03/02 11:10:27 dtucker Exp $ # Placed in the Public Domain. #SUDO=sudo @@ -102,7 +102,8 @@ # Tools used by multiple tests NC=$OBJ/netcat -OPENSSL_BIN="${OPENSSL_BIN:-openssl}" +# Always use the one configure tells us to, even if that's empty. +#OPENSSL_BIN="${OPENSSL_BIN:-openssl}" if "x$TEST_SSH_SSH" != "x" ; then SSH="${TEST_SSH_SSH}" @@ -239,7 +240,13 @@ # Logfiles. # SSH_LOGFILE should be the debug output of ssh(1) only # SSHD_LOGFILE should be the debug output of sshd(8) only -# REGRESS_LOGFILE is the output of the test itself stdout and stderr +# REGRESS_LOGFILE is the log of progress of the regress test itself. +# TEST_SSH_LOGDIR will contain datestamped logs of all binaries run in +# chronological order. +if "x$TEST_SSH_LOGDIR" = "x" ; then + TEST_SSH_LOGDIR=$OBJ/log + mkdir -p $TEST_SSH_LOGDIR +fi if "x$TEST_SSH_LOGFILE" = "x" ; then TEST_SSH_LOGFILE=$OBJ/ssh.log fi @@ -275,20 +282,28 @@ fi # truncate logfiles ->$TEST_SSH_LOGFILE ->$TEST_SSHD_LOGFILE >$TEST_REGRESS_LOGFILE -# Create wrapper ssh with logging. We can't just specify "SSH=ssh -E..." -# because sftp and scp don't handle spaces in arguments. scp and sftp like -# to use -q so we remove those to preserve our debug logging. In the rare -# instance where -q is desirable -qq is equivalent and is not removed. +# Create ssh and sshd wrappers with logging. These create a datestamped +# unique file for every invocation so that we can retain all logs from a +# given test no matter how many times it's invoked. It also leaves a +# symlink with the original name for tests (and people) who look for that. + +# For ssh, e can't just specify "SSH=ssh -E..." because sftp and scp don't +# handle spaces in arguments. scp and sftp like to use -q so we remove those +# to preserve our debug logging. In the rare instance where -q is desirable +# -qq is equivalent and is not removed. SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh cat >$SSHLOGWRAP <<EOD #!/bin/sh -echo "Executing: ${SSH} \$@" >>${TEST_SSH_LOGFILE} +timestamp="\`$OBJ/timestamp\`" +logfile="${TEST_SSH_LOGDIR}/\${timestamp}.ssh.\$\$.log" +echo "Executing: ${SSH} \$@" log \${logfile} >>$TEST_REGRESS_LOGFILE +echo "Executing: ${SSH} \$@" >>\${logfile} for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done -exec ${SSH} -E${TEST_SSH_LOGFILE} "\$@" +rm -f $TEST_SSH_LOGFILE +ln -f -s \${logfile} $TEST_SSH_LOGFILE +exec ${SSH} -E\${logfile} "\$@" EOD chmod a+rx $OBJ/ssh-log-wrapper.sh @@ -296,6 +311,28 @@ REAL_SSHD="$SSHD" SSH="$SSHLOGWRAP" +SSHDLOGWRAP=$OBJ/sshd-log-wrapper.sh +cat >$SSHDLOGWRAP <<EOD +#!/bin/sh +timestamp="\`$OBJ/timestamp\`" +logfile="${TEST_SSH_LOGDIR}/\${timestamp}.sshd.\$\$.log" +rm -f $TEST_SSHD_LOGFILE +ln -f -s \${logfile} $TEST_SSHD_LOGFILE +echo "Executing: ${SSHD} \$@" log \${logfile} >>$TEST_REGRESS_LOGFILE +echo "Executing: ${SSHD} \$@" >>\${logfile} +exec ${SSHD} -E\${logfile} "\$@" +EOD +chmod a+rx $OBJ/sshd-log-wrapper.sh + +ssh_logfile () +{ + tool="$1" + timestamp="`$OBJ/timestamp`" + logfile="${TEST_SSH_LOGDIR}/${timestamp}.$tool.$$.log" + echo "Logging $tool to log \${logfile}" >>$TEST_REGRESS_LOGFILE + echo $logfile +} + # Some test data. We make a copy because some tests will overwrite it. # The tests may assume that $DATA exists and is writable and $COPY does # not exist. Tests requiring larger data files can call increase_datafile_size @@ -450,19 +487,37 @@ start_debug_log () { - echo "trace: $@" >$TEST_REGRESS_LOGFILE - echo "trace: $@" >$TEST_SSH_LOGFILE - echo "trace: $@" >$TEST_SSHD_LOGFILE + echo "trace: $@" >>$TEST_REGRESS_LOGFILE + if -d "$TEST_SSH_LOGDIR" ; then + rm -f $TEST_SSH_LOGDIR/* + fi } save_debug_log () { + testname=`echo $tid | tr ' ' _` + tarname="$OBJ/failed-$testname-logs.tar" + echo $@ >>$TEST_REGRESS_LOGFILE echo $@ >>$TEST_SSH_LOGFILE echo $@ >>$TEST_SSHD_LOGFILE + echo "Saving debug logs to $tarname" >>$TEST_REGRESS_LOGFILE (cat $TEST_REGRESS_LOGFILE; echo) >>$OBJ/failed-regress.log (cat $TEST_SSH_LOGFILE; echo) >>$OBJ/failed-ssh.log (cat $TEST_SSHD_LOGFILE; echo) >>$OBJ/failed-sshd.log + + # Save all logfiles in a tarball. + (cd $OBJ && + logfiles="" + for i in $TEST_REGRESS_LOGFILE $TEST_SSH_LOGFILE $TEST_SSHD_LOGFILE \ + $TEST_SSH_LOGDIR; do + if -e "`basename $i`" ; then + logfiles="$logfiles `basename $i`" + else + logfiles="$logfiles $i" + fi + done + tar cf "$tarname" $logfiles) } trace () @@ -509,6 +564,18 @@ exit $RESULT } +maybe_add_scp_path_to_sshd () +{ + # If we're testing a non-installed scp, add its directory to sshd's + # PATH so we can test it. We don't do this for all tests as it + # breaks the SetEnv tests. + case "$SCP" in + /*) PATH_WITH_SCP="`dirname $SCP`:$PATH" + echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_config + echo " SetEnv PATH='$PATH_WITH_SCP'" >>$OBJ/sshd_proxy ;; + esac +} + RESULT=0 PIDFILE=$OBJ/pidfile @@ -712,7 +779,7 @@ echo "HostName=127.0.0.1" >> ${OBJ}/.putty/sessions/localhost_proxy echo "PortNumber=$PORT" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyMethod=5" >> ${OBJ}/.putty/sessions/localhost_proxy - echo "ProxyTelnetCommand=sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy + echo "ProxyTelnetCommand=${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy" >> ${OBJ}/.putty/sessions/localhost_proxy echo "ProxyLocalhost=1" >> ${OBJ}/.putty/sessions/localhost_proxy PUTTYDIR=${OBJ}/.putty @@ -722,7 +789,7 @@ # create a proxy version of the client config ( cat $OBJ/ssh_config - echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy + echo proxycommand ${SUDO} env SSH_SK_HELPER=\"$SSH_SK_HELPER\" ${OBJ}/sshd-log-wrapper.sh -i -f $OBJ/sshd_proxy ) > $OBJ/ssh_proxy # check proxy config @@ -731,6 +798,7 @@ start_sshd () { # start sshd + logfile="${TEST_SSH_LOGDIR}/sshd.`$OBJ/timestamp`.$$.log" $SUDO ${SSHD} -f $OBJ/sshd_config "$@" -t || fatal "sshd_config broken" $SUDO env SSH_SK_HELPER="$SSH_SK_HELPER" \ ${SSHD} -f $OBJ/sshd_config "$@" -E$TEST_SSHD_LOGFILE
View file
_service:tar_scm:openssh-9.3p1.tar.gz/regress/timestamp.c
Added
@@ -0,0 +1,46 @@ +/* + * Copyright (c) 2023 Darren Tucker <dtucker@openssh.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* $OpenBSD: timestamp.c,v 1.1 2023/03/01 09:29:32 dtucker Exp $ */ + +/* + * Print a microsecond-granularity timestamp to stdout in an ISO8601-ish + * format, which we can then use as the first component of the log file + * so that they'll sort into chronological order. + */ + +#include <sys/time.h> + +#include <stdio.h> +#include <stdlib.h> +#include <time.h> + +int +main(void) +{ + struct timeval tv; + struct tm *tm; + char buf1024; + + if (gettimeofday(&tv, NULL) != 0) + exit(1); + if ((tm = localtime(&tv.tv_sec)) == NULL) + exit(2); + if (strftime(buf, sizeof buf, "%Y%m%dT%H%M%S", tm) <= 0) + exit(3); + printf("%s.%06d\n", buf, (int)tv.tv_usec); + exit(0); +}
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/authopt/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/authopt/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 2021/01/09 12:24:30 dtucker Exp $ +# $OpenBSD: Makefile,v 1.7 2023/01/15 23:35:10 djm Exp $ PROG=test_authopt SRCS=tests.c @@ -11,7 +11,7 @@ SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addr.c addrmatch.c bitmap.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=ed25519.c hash.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c SRCS+=ssh-ed25519-sk.c sk-usbhid.c
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/hostkeys/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/hostkeys/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.9 2021/01/09 12:24:30 dtucker Exp $ +# $OpenBSD: Makefile,v 1.10 2023/01/15 23:35:10 djm Exp $ PROG=test_hostkeys SRCS=tests.c test_iterate.c @@ -9,7 +9,7 @@ SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addr.c addrmatch.c bitmap.c hostfile.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=ed25519.c hash.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c SRCS+=ssh-ed25519-sk.c sk-usbhid.c
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/kex/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/kex/Makefile
Changed
@@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.12 2021/01/09 12:24:30 dtucker Exp $ +# $OpenBSD: Makefile,v 1.14 2023/02/02 12:12:52 djm Exp $ PROG=test_kex -SRCS=tests.c test_kex.c +SRCS=tests.c test_kex.c test_proposal.c # From usr.bin/ssh SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c @@ -9,7 +9,7 @@ SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addr.c addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c -SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=compat.c ed25519.c hash.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c SRCS+=ssh-ed25519-sk.c sk-usbhid.c
View file
_service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/kex/test_proposal.c
Added
@@ -0,0 +1,124 @@ +/* $OpenBSD: test_proposal.c,v 1.2 2023/03/06 12:15:47 dtucker Exp $ */ +/* + * Regress test KEX + * + * Placed in the public domain + */ + +#include "includes.h" + +#include <sys/types.h> +#include <signal.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +#include <stdlib.h> +#include <string.h> + +#include "../test_helper/test_helper.h" + +#include "cipher.h" +#include "compat.h" +#include "ssherr.h" +#include "sshbuf.h" +#include "kex.h" +#include "myproposal.h" +#include "packet.h" +#include "xmalloc.h" + +void kex_proposal_tests(void); +void kex_proposal_populate_tests(void); + +#define CURVE25519 "curve25519-sha256@libssh.org" +#define DHGEX1 "diffie-hellman-group-exchange-sha1" +#define DHGEX256 "diffie-hellman-group-exchange-sha256" +#define KEXALGOS CURVE25519","DHGEX256","DHGEX1 +void +kex_proposal_tests(void) +{ + size_t i; + struct ssh ssh; + char *result, *out, *in; + struct { + char *in; /* TODO: make this const */ + char *out; + int compat; + } tests = { + { KEXALGOS, KEXALGOS, 0}, + { KEXALGOS, DHGEX256","DHGEX1, SSH_BUG_CURVE25519PAD }, + { KEXALGOS, CURVE25519, SSH_OLD_DHGEX }, + { "a,"KEXALGOS, "a", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, + /* TODO: enable once compat_kex_proposal doesn't fatal() */ + /* { KEXALGOS, "", SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX }, */ + }; + + TEST_START("compat_kex_proposal"); + for (i = 0; i < sizeof(tests) / sizeof(*tests); i++) { + ssh.compat = testsi.compat; + /* match entire string */ + result = compat_kex_proposal(&ssh, testsi.in); + ASSERT_STRING_EQ(result, testsi.out); + free(result); + /* match at end */ + in = kex_names_cat("a", testsi.in); + out = kex_names_cat("a", testsi.out); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + /* match at start */ + in = kex_names_cat(testsi.in, "a"); + out = kex_names_cat(testsi.out, "a"); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + /* match in middle */ + xasprintf(&in, "a,%s,b", testsi.in); + if (*(testsi.out) == '\0') + out = xstrdup("a,b"); + else + xasprintf(&out, "a,%s,b", testsi.out); + result = compat_kex_proposal(&ssh, in); + ASSERT_STRING_EQ(result, out); + free(result); free(in); free(out); + } + TEST_DONE(); +} + +void +kex_proposal_populate_tests(void) +{ + char *propPROPOSAL_MAX, *kexalgs, *ciphers, *macs, *hkalgs; + const char *comp = compression_alg_list(0); + int i; + struct ssh ssh; + struct kex kex; + + kexalgs = kex_alg_list(','); + ciphers = cipher_alg_list(',', 0); + macs = mac_alg_list(','); + hkalgs = kex_alg_list(','); + + ssh.kex = &kex; + TEST_START("compat_kex_proposal_populate"); + for (i = 0; i <= 1; i++) { + kex.server = i; + for (ssh.compat = 0; ssh.compat < 0x40000000; ) { + kex_proposal_populate_entries(&ssh, prop, NULL, NULL, + NULL, NULL, NULL); + kex_proposal_free_entries(prop); + kex_proposal_populate_entries(&ssh, prop, kexalgs, + ciphers, macs, hkalgs, comp); + kex_proposal_free_entries(prop); + if (ssh.compat == 0) + ssh.compat = 1; + else + ssh.compat <<= 1; + } + } + + free(kexalgs); + free(ciphers); + free(macs); + free(hkalgs); +}
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/kex/tests.c -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/kex/tests.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.1 2015/01/15 23:41:29 markus Exp $ */ +/* $OpenBSD: tests.c,v 1.3 2023/03/06 12:15:47 dtucker Exp $ */ /* * Placed in the public domain */ @@ -6,9 +6,13 @@ #include "../test_helper/test_helper.h" void kex_tests(void); +void kex_proposal_tests(void); +void kex_proposal_populate_tests(void); void tests(void) { kex_tests(); + kex_proposal_tests(); + kex_proposal_populate_tests(); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/misc/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/misc/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.8 2022/02/04 07:53:44 dtucker Exp $ +# $OpenBSD: Makefile,v 1.9 2023/01/06 02:59:50 djm Exp $ PROG=test_misc SRCS=tests.c @@ -8,6 +8,7 @@ SRCS+= test_argv.c SRCS+= test_strdelim.c SRCS+= test_hpdelim.c +SRCS+= test_ptimeout.c # From usr.bin/ssh/Makefile.inc SRCS+= sshbuf.c
View file
_service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/misc/test_ptimeout.c
Added
@@ -0,0 +1,89 @@ +/* $OpenBSD: test_ptimeout.c,v 1.1 2023/01/06 02:59:50 djm Exp $ */ +/* + * Regress test for misc poll/ppoll timeout helpers. + * + * Placed in the public domain. + */ + +#include "includes.h" + +#include <sys/types.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +# include <stdint.h> +#endif +#include <stdlib.h> +#include <string.h> +#include <poll.h> +#include <time.h> + +#include "../test_helper/test_helper.h" + +#include "log.h" +#include "misc.h" + +void test_ptimeout(void); + +void +test_ptimeout(void) +{ + struct timespec pt, *ts; + + TEST_START("ptimeout_init"); + ptimeout_init(&pt); + ASSERT_PTR_EQ(ptimeout_get_tsp(&pt), NULL); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), -1); + TEST_DONE(); + + TEST_START("ptimeout_deadline_sec"); + ptimeout_deadline_sec(&pt, 100); + ptimeout_deadline_sec(&pt, 200); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 100 * 1000); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 0); + ASSERT_LONG_EQ(ts->tv_sec, 100); + TEST_DONE(); + + TEST_START("ptimeout_deadline_ms"); + ptimeout_deadline_ms(&pt, 50123); + ptimeout_deadline_ms(&pt, 50500); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 50123); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 123 * 1000000); + ASSERT_LONG_EQ(ts->tv_sec, 50); + TEST_DONE(); + + TEST_START("ptimeout zero"); + ptimeout_init(&pt); + ptimeout_deadline_ms(&pt, 0); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 0); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 0); + ASSERT_LONG_EQ(ts->tv_sec, 0); + TEST_DONE(); + + TEST_START("ptimeout_deadline_monotime"); + ptimeout_init(&pt); + ptimeout_deadline_monotime(&pt, monotime() + 100); + ASSERT_INT_GT(ptimeout_get_ms(&pt), 50000); + ASSERT_INT_LT(ptimeout_get_ms(&pt), 200000); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_GT(ts->tv_sec, 50); + ASSERT_LONG_LT(ts->tv_sec, 200); + TEST_DONE(); + + TEST_START("ptimeout_deadline_monotime past"); + ptimeout_init(&pt); + ptimeout_deadline_monotime(&pt, monotime() + 100); + ptimeout_deadline_monotime(&pt, monotime() - 100); + ASSERT_INT_EQ(ptimeout_get_ms(&pt), 0); + ts = ptimeout_get_tsp(&pt); + ASSERT_PTR_NE(ts, NULL); + ASSERT_LONG_EQ(ts->tv_nsec, 0); + ASSERT_LONG_EQ(ts->tv_sec, 0); + TEST_DONE(); +}
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/misc/tests.c -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/misc/tests.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: tests.c,v 1.9 2022/02/04 07:53:44 dtucker Exp $ */ +/* $OpenBSD: tests.c,v 1.10 2023/01/06 02:59:50 djm Exp $ */ /* * Regress test for misc helper functions. * @@ -26,6 +26,7 @@ void test_argv(void); void test_strdelim(void); void test_hpdelim(void); +void test_ptimeout(void); void tests(void) @@ -36,4 +37,5 @@ test_argv(); test_strdelim(); test_hpdelim(); + test_ptimeout(); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/sshkey/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/sshkey/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.11 2021/01/09 12:24:31 dtucker Exp $ +# $OpenBSD: Makefile,v 1.12 2023/01/15 23:35:10 djm Exp $ PROG=test_sshkey SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c @@ -9,7 +9,7 @@ SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addr.c addrmatch.c bitmap.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=ed25519.c hash.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c SRCS+=ssh-ed25519-sk.c sk-usbhid.c
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/sshkey/test_sshkey.c -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/sshkey/test_sshkey.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: test_sshkey.c,v 1.22 2021/12/14 21:25:27 deraadt Exp $ */ +/* $OpenBSD: test_sshkey.c,v 1.23 2023/01/04 22:48:57 tb Exp $ */ /* * Regress test for sshkey.h key management API * @@ -144,7 +144,7 @@ memcpy(s + o, "nanananana", l - o); break; } - memcpy(s + o, banana, sizeof(the_banana)); + memcpy(s + o, the_banana, sizeof(the_banana)); } }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/unittests/sshsig/Makefile -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/unittests/sshsig/Makefile
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2021/01/09 12:24:31 dtucker Exp $ +# $OpenBSD: Makefile,v 1.3 2023/01/15 23:35:10 djm Exp $ PROG=test_sshsig SRCS=tests.c @@ -9,7 +9,7 @@ SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c SRCS+=addr.c addrmatch.c bitmap.c sshsig.c -SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c +SRCS+=ed25519.c hash.c SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c SRCS+=ssh-ed25519-sk.c sk-usbhid.c
View file
_service:tar_scm:openssh-9.1p1.tar.gz/regress/yes-head.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/regress/yes-head.sh
Changed
@@ -1,4 +1,4 @@ -# $OpenBSD: yes-head.sh,v 1.6 2017/04/30 23:34:55 djm Exp $ +# $OpenBSD: yes-head.sh,v 1.7 2023/01/14 10:05:54 dtucker Exp $ # Placed in the Public Domain. tid="yes pipe head" @@ -6,7 +6,7 @@ lines=`${SSH} -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` if $? -ne 0 ; then fail "yes|head test failed" - lines = 0; ++ lines=0 fi if $lines -ne 2000 ; then fail "yes|head returns $lines lines instead of 2000"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sandbox-seccomp-filter.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sandbox-seccomp-filter.c
Changed
@@ -1,5 +1,6 @@ /* * Copyright (c) 2012 Will Drewry <wad@dataspill.org> + * Copyright (c) 2015,2017,2019,2020,2023 Damien Miller <djm@mindrot.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -23,7 +24,7 @@ * E.g. * auditctl -a task,always -F uid=<privsep uid> */ -#define SANDBOX_SECCOMP_FILTER_DEBUG 1 +/* #define SANDBOX_SECCOMP_FILTER_DEBUG 1 */ #if 0 /* @@ -48,6 +49,7 @@ #include <sys/mman.h> #include <sys/syscall.h> +#include <linux/futex.h> #include <linux/net.h> #include <linux/audit.h> #include <linux/filter.h> @@ -132,6 +134,71 @@ /* reload syscall number; all rules expect it in accumulator */ \ BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ offsetof(struct seccomp_data, nr)) +/* Deny unless syscall argument contains only values in mask */ +#define SC_DENY_UNLESS_ARG_MASK(_nr, _arg_nr, _arg_mask, _errno) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \ + /* load, mask and test syscall argument, low word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args(_arg_nr)) + ARG_LO_OFFSET), \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~((_arg_mask) & 0xFFFFFFFF)), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 3), \ + /* load, mask and test syscall argument, high word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args(_arg_nr)) + ARG_HI_OFFSET), \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \ + ~(((uint32_t)((uint64_t)(_arg_mask) >> 32)) & 0xFFFFFFFF)), \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 1, 0), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO|(_errno)), \ + /* reload syscall number; all rules expect it in accumulator */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, nr)) +#define SC_DENY_UNLESS_MASK(_nr, _arg_nr, _arg_val, _errno) \ +/* Special handling for futex(2) that combines a bitmap and operation number */ +#if defined(__NR_futex) || defined(__NR_futex_time64) +#define SC_FUTEX_MASK (FUTEX_PRIVATE_FLAG|FUTEX_CLOCK_REALTIME) +#define SC_ALLOW_FUTEX_OP(_nr, _op) \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \ + /* load syscall argument, low word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args1) + ARG_LO_OFFSET), \ + /* mask off allowed bitmap values, low word */ \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~(SC_FUTEX_MASK & 0xFFFFFFFF)), \ + /* test operation number, low word */ \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ((_op) & 0xFFFFFFFF), 0, 4), \ + /* load syscall argument, high word */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \ + offsetof(struct seccomp_data, args1) + ARG_HI_OFFSET), \ + /* mask off allowed bitmap values, high word */ \ + BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \ + ~(((uint32_t)((uint64_t)SC_FUTEX_MASK >> 32)) & 0xFFFFFFFF)), \ + /* test operation number, high word */ \ + BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \ + (((uint32_t)((uint64_t)(_op) >> 32)) & 0xFFFFFFFF), 0, 1), \ + BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \ + /* reload syscall number; all rules expect it in accumulator */ \ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)) + +/* Use this for both __NR_futex and __NR_futex_time64 */ +# define SC_FUTEX(_nr) \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAIT_BITSET), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_WAKE_BITSET), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_REQUEUE), \ + SC_ALLOW_FUTEX_OP(__NR_futex, FUTEX_CMP_REQUEUE) +#endif /* __NR_futex || __NR_futex_time64 */ + +#if defined(__NR_mmap) || defined(__NR_mmap2) +# ifdef MAP_FIXED_NOREPLACE +# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED|MAP_FIXED_NOREPLACE +# else +# define SC_MMAP_FLAGS MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED +# endif /* MAP_FIXED_NOREPLACE */ +/* Use this for both __NR_mmap and __NR_mmap2 variants */ +# define SC_MMAP(_nr) \ + SC_DENY_UNLESS_ARG_MASK(_nr, 3, SC_MMAP_FLAGS, EINVAL), \ + SC_ALLOW_ARG_MASK(_nr, 2, PROT_READ|PROT_WRITE|PROT_NONE) +#endif /* __NR_mmap || __NR_mmap2 */ /* Syscall filtering set for preauth. */ static const struct sock_filter preauth_insns = { @@ -211,10 +278,10 @@ SC_ALLOW(__NR_exit_group), #endif #ifdef __NR_futex - SC_ALLOW(__NR_futex), + SC_FUTEX(__NR_futex), #endif #ifdef __NR_futex_time64 - SC_ALLOW(__NR_futex_time64), + SC_FUTEX(__NR_futex_time64), #endif #ifdef __NR_geteuid SC_ALLOW(__NR_geteuid), @@ -244,13 +311,29 @@ SC_ALLOW(__NR_getuid32), #endif #ifdef __NR_madvise - SC_ALLOW(__NR_madvise), + SC_ALLOW_ARG(__NR_madvise, 2, MADV_NORMAL), +# ifdef MADV_FREE + SC_ALLOW_ARG(__NR_madvise, 2, MADV_FREE), +# endif +# ifdef MADV_DONTNEED + SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTNEED), +# endif +# ifdef MADV_DONTFORK + SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTFORK), +# endif +# ifdef MADV_DONTDUMP + SC_ALLOW_ARG(__NR_madvise, 2, MADV_DONTDUMP), +# endif +# ifdef MADV_WIPEONFORK + SC_ALLOW_ARG(__NR_madvise, 2, MADV_WIPEONFORK), +# endif + SC_DENY(__NR_madvise, EINVAL), #endif #ifdef __NR_mmap - SC_ALLOW_ARG_MASK(__NR_mmap, 2, PROT_READ|PROT_WRITE|PROT_NONE), + SC_MMAP(__NR_mmap), #endif #ifdef __NR_mmap2 - SC_ALLOW_ARG_MASK(__NR_mmap2, 2, PROT_READ|PROT_WRITE|PROT_NONE), + SC_MMAP(__NR_mmap2), #endif #ifdef __NR_mprotect SC_ALLOW_ARG_MASK(__NR_mprotect, 2, PROT_READ|PROT_WRITE|PROT_NONE), @@ -312,6 +395,9 @@ #ifdef __NR_write SC_ALLOW(__NR_write), #endif +#ifdef __NR_writev + SC_ALLOW(__NR_writev), +#endif #ifdef __NR_socketcall SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN), SC_DENY(__NR_socketcall, EACCES),
View file
_service:tar_scm:openssh-9.1p1.tar.gz/scp.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/scp.0
Changed
@@ -6,13 +6,14 @@ SYNOPSIS scp -346ABCOpqRrsTv -c cipher -D sftp_server_path -F ssh_config -i identity_file -J destination -l limit -o ssh_option - -P port -S program source ... target + -P port -S program -X sftp_option source ... target DESCRIPTION scp copies files between hosts on a network. - It uses ssh(1) for data transfer, and uses the same authentication and - provides the same security as a login session. + scp uses the SFTP protocol over a ssh(1) connection for data transfer, + and uses the same authentication and provides the same security as a + login session. scp will ask for passwords or passphrases if they are needed for authentication. @@ -53,9 +54,9 @@ option is directly passed to ssh(1). -D sftp_server_path - When using the SFTP protocol support via -M, connect directly to - a local SFTP server program rather than a remote one via ssh(1). - This option may be useful in debugging the client and server. + Connect directly to a local SFTP server program rather than a + remote one via ssh(1). This option may be useful in debugging + the client and server. -F ssh_config Specifies an alternative per-user configuration file for ssh. @@ -189,6 +190,21 @@ about their progress. This is helpful in debugging connection, authentication, and configuration problems. + -X sftp_option + Specify an option that controls aspects of SFTP protocol + behaviour. The valid options are: + + nrequests=value + Controls how many concurrent SFTP read or write requests + may be in progress at any point in time during a download + or upload. By default 64 requests may be active + concurrently. + + buffer=value + Controls the maximum buffer size for a single SFTP + read/write operation used during download or upload. By + default a 32KB buffer is used. + EXIT STATUS The scp utility exitsM-BM- 0 on success, andM-BM- >0 if an error occurs. @@ -213,4 +229,4 @@ requires careful quoting of any characters that have special meaning to the remote shell, such as quote characters. -OpenBSD 7.1 September 19, 2022 OpenBSD 7.1 +OpenBSD 7.2 December 16, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/scp.1 -> _service:tar_scm:openssh-9.3p1.tar.gz/scp.1
Changed
@@ -8,9 +8,9 @@ .\" .\" Created: Sun May 7 00:14:37 1995 ylo .\" -.\" $OpenBSD: scp.1,v 1.110 2022/09/19 21:39:16 djm Exp $ +.\" $OpenBSD: scp.1,v 1.112 2022/12/16 07:13:22 djm Exp $ .\" -.Dd $Mdocdate: September 19 2022 $ +.Dd $Mdocdate: December 16 2022 $ .Dt SCP 1 .Os .Sh NAME @@ -28,15 +28,17 @@ .Op Fl o Ar ssh_option .Op Fl P Ar port .Op Fl S Ar program +.Op Fl X Ar sftp_option .Ar source ... target .Sh DESCRIPTION .Nm copies files between hosts on a network. .Pp -It uses +.Nm +uses the SFTP protocol over a .Xr ssh 1 -for data transfer, and uses the same authentication and provides the -same security as a login session. +connection for data transfer, and uses the same authentication and provides +the same security as a login session. .Pp .Nm will ask for passwords or passphrases if they are needed for @@ -110,9 +112,7 @@ This option is directly passed to .Xr ssh 1 . .It Fl D Ar sftp_server_path -When using the SFTP protocol support via -.Fl M , -connect directly to a local SFTP server program rather than a +Connect directly to a local SFTP server program rather than a remote one via .Xr ssh 1 . This option may be useful in debugging the client and server. @@ -278,6 +278,19 @@ to print debugging messages about their progress. This is helpful in debugging connection, authentication, and configuration problems. +.It Fl X Ar sftp_option +Specify an option that controls aspects of SFTP protocol behaviour. +The valid options are: +.Bl -tag -width Ds +.It Cm nrequests Ns = Ns Ar value +Controls how many concurrent SFTP read or write requests may be in progress +at any point in time during a download or upload. +By default 64 requests may be active concurrently. +.It Cm buffer Ns = Ns Ar value +Controls the maximum buffer size for a single SFTP read/write operation used +during download or upload. +By default a 32KB buffer is used. +.El .El .Sh EXIT STATUS .Ex -std scp
View file
_service:tar_scm:openssh-9.1p1.tar.gz/scp.c -> _service:tar_scm:openssh-9.3p1.tar.gz/scp.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.248 2022/05/13 06:31:50 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.253 2023/03/03 03:12:24 dtucker Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -106,6 +106,9 @@ #include <libgen.h> #endif #include <limits.h> +#ifdef HAVE_UTIL_H +# include <util.h> +#endif #include <locale.h> #include <pwd.h> #include <signal.h> @@ -176,6 +179,10 @@ pid_t do_cmd_pid = -1; pid_t do_cmd_pid2 = -1; +/* SFTP copy parameters */ +size_t sftp_copy_buflen; +size_t sftp_nrequests; + /* Needed for sftp */ volatile sig_atomic_t interrupted = 0; @@ -272,7 +279,11 @@ do_cmd(char *program, char *host, char *remuser, int port, int subsystem, char *cmd, int *fdin, int *fdout, pid_t *pid) { - int pin2, pout2, reserved2; +#ifdef USE_PIPES + int pin2, pout2; +#else + int sv2; +#endif if (verbose_mode) fmprintf(stderr, @@ -283,22 +294,14 @@ if (port == -1) port = sshport; - /* - * Reserve two descriptors so that the real pipes won't get - * descriptors 0 and 1 because that will screw up dup2 below. - */ - if (pipe(reserved) == -1) +#ifdef USE_PIPES + if (pipe(pin) == -1 || pipe(pout) == -1) fatal("pipe: %s", strerror(errno)); - +#else /* Create a socket pair for communicating with ssh. */ - if (pipe(pin) == -1) - fatal("pipe: %s", strerror(errno)); - if (pipe(pout) == -1) - fatal("pipe: %s", strerror(errno)); - - /* Free the reserved descriptors. */ - close(reserved0); - close(reserved1); + if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) == -1) + fatal("socketpair: %s", strerror(errno)); +#endif ssh_signal(SIGTSTP, suspchild); ssh_signal(SIGTTIN, suspchild); @@ -306,15 +309,30 @@ /* Fork a child to execute the command on the remote host using ssh. */ *pid = fork(); - if (*pid == 0) { + switch (*pid) { + case -1: + fatal("fork: %s", strerror(errno)); + case 0: /* Child. */ +#ifdef USE_PIPES + if (dup2(pin0, STDIN_FILENO) == -1 || + dup2(pout1, STDOUT_FILENO) == -1) { + error("dup2: %s", strerror(errno)); + _exit(1); + } + close(pin0); close(pin1); close(pout0); - dup2(pin0, 0); - dup2(pout1, 1); - close(pin0); close(pout1); - +#else + if (dup2(sv0, STDIN_FILENO) == -1 || + dup2(sv0, STDOUT_FILENO) == -1) { + error("dup2: %s", strerror(errno)); + _exit(1); + } + close(sv0); + close(sv1); +#endif replacearg(&args, 0, "%s", program); if (port != -1) { addargs(&args, "-p"); @@ -332,19 +350,24 @@ execvp(program, args.list); perror(program); - exit(1); - } else if (*pid == -1) { - fatal("fork: %s", strerror(errno)); + _exit(1); + default: + /* Parent. Close the other side, and return the local side. */ +#ifdef USE_PIPES + close(pin0); + close(pout1); + *fdout = pin1; + *fdin = pout0; +#else + close(sv0); + *fdin = sv1; + *fdout = sv1; +#endif + ssh_signal(SIGTERM, killchild); + ssh_signal(SIGINT, killchild); + ssh_signal(SIGHUP, killchild); + return 0; } - /* Parent. Close the other side, and return the local side. */ - close(pin0); - *fdout = pin1; - close(pout1); - *fdin = pout0; - ssh_signal(SIGTERM, killchild); - ssh_signal(SIGINT, killchild); - ssh_signal(SIGHUP, killchild); - return 0; } /* @@ -371,8 +394,10 @@ /* Fork a child to execute the command on the remote host using ssh. */ pid = fork(); if (pid == 0) { - dup2(fdin, 0); - dup2(fdout, 1); + if (dup2(fdin, 0) == -1) + perror("dup2"); + if (dup2(fdout, 1) == -1) + perror("dup2"); replacearg(&args, 0, "%s", ssh_program); if (port != -1) { @@ -444,13 +469,14 @@ int main(int argc, char **argv) { - int ch, fflag, tflag, status, n; + int ch, fflag, tflag, status, r, n; char **newargv, *argv0; const char *errstr; extern char *optarg; extern int optind; enum scp_mode_e mode = MODE_SFTP; char *sftp_direct = NULL; + long long llv; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -480,7 +506,7 @@ fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, - "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:X:")) != -1) { switch (ch) { /* User-visible flags. */ case '1': @@ -561,6 +587,31 @@ addargs(&remote_remote_args, "-q"); showprogress = 0; break; + case 'X': + /* Please keep in sync with sftp.c -X */ + if (strncmp(optarg, "buffer=", 7) == 0) { + r = scan_scaled(optarg + 7, &llv); + if (r == 0 && (llv <= 0 || llv > 256 * 1024)) { + r = -1; + errno = EINVAL; + } + if (r == -1) { + fatal("Invalid buffer size \"%s\": %s", + optarg + 7, strerror(errno)); + } + sftp_copy_buflen = (size_t)llv; + } else if (strncmp(optarg, "nrequests=", 10) == 0) { + llv = strtonum(optarg + 10, 1, 256 * 1024, + &errstr);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/servconf.c -> _service:tar_scm:openssh-9.3p1.tar.gz/servconf.c
Changed
@@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.386 2022/09/17 10:34:29 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.392 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -54,7 +54,6 @@ #include "sshbuf.h" #include "misc.h" #include "servconf.h" -#include "compat.h" #include "pathnames.h" #include "cipher.h" #include "sshkey.h" @@ -196,6 +195,9 @@ options->disable_forwarding = -1; options->expose_userauth_info = -1; options->required_rsa_size = -1; + options->channel_timeouts = NULL; + options->num_channel_timeouts = 0; + options->unused_connection_timeout = -1; } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ @@ -444,6 +446,8 @@ options->sk_provider = xstrdup("internal"); if (options->required_rsa_size == -1) options->required_rsa_size = SSH_RSA_MINIMUM_MODULUS_SIZE; + if (options->unused_connection_timeout == -1) + options->unused_connection_timeout = 0; assemble_algorithms(options); @@ -458,6 +462,16 @@ v = NULL; \ } \ } while(0) +#define CLEAR_ON_NONE_ARRAY(v, nv, none) \ + do { \ + if (options->nv == 1 && \ + strcasecmp(options->v0, none) == 0) { \ + free(options->v0); \ + free(options->v); \ + options->v = NULL; \ + options->nv = 0; \ + } \ + } while (0) CLEAR_ON_NONE(options->pid_file); CLEAR_ON_NONE(options->xauth_location); CLEAR_ON_NONE(options->banner); @@ -469,19 +483,16 @@ CLEAR_ON_NONE(options->chroot_directory); CLEAR_ON_NONE(options->routing_domain); CLEAR_ON_NONE(options->host_key_agent); + for (i = 0; i < options->num_host_key_files; i++) CLEAR_ON_NONE(options->host_key_filesi); for (i = 0; i < options->num_host_cert_files; i++) CLEAR_ON_NONE(options->host_cert_filesi); -#undef CLEAR_ON_NONE - /* Similar handling for AuthenticationMethods=any */ - if (options->num_auth_methods == 1 && - strcmp(options->auth_methods0, "any") == 0) { - free(options->auth_methods0); - options->auth_methods0 = NULL; - options->num_auth_methods = 0; - } + CLEAR_ON_NONE_ARRAY(channel_timeouts, num_channel_timeouts, "none"); + CLEAR_ON_NONE_ARRAY(auth_methods, num_auth_methods, "any"); +#undef CLEAR_ON_NONE +#undef CLEAR_ON_NONE_ARRAY } /* Keyword tokens. */ @@ -520,7 +531,7 @@ sStreamLocalBindMask, sStreamLocalBindUnlink, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, - sRequiredRSASize, + sRequiredRSASize, sChannelTimeout, sUnusedConnectionTimeout, sDeprecated, sIgnore, sUnsupported } ServerOpCodes; @@ -681,6 +692,8 @@ { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, { "requiredrsasize", sRequiredRSASize, SSHCFG_ALL }, + { "channeltimeout", sChannelTimeout, SSHCFG_ALL }, + { "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL }, { NULL, sBadOption, 0 } }; @@ -944,6 +957,58 @@ options->num_permitted_listens); } +/* Parse a ChannelTimeout clause "pattern=interval" */ +static int +parse_timeout(const char *s, char **typep, u_int *secsp) +{ + char *cp, *sdup; + int secs; + + if (typep != NULL) + *typep = NULL; + if (secsp != NULL) + *secsp = 0; + if (s == NULL) + return -1; + sdup = xstrdup(s); + + if ((cp = strchr(sdup, '=')) == NULL || cp == sdup) { + free(sdup); + return -1; + } + *cp++ = '\0'; + if ((secs = convtime(cp)) < 0) { + free(sdup); + return -1; + } + /* success */ + if (typep != NULL) + *typep = xstrdup(sdup); + if (secsp != NULL) + *secsp = (u_int)secs; + free(sdup); + return 0; +} + +void +process_channel_timeouts(struct ssh *ssh, ServerOptions *options) +{ + u_int i, secs; + char *type; + + debug3_f("setting %u timeouts", options->num_channel_timeouts); + channel_clear_timeouts(ssh); + for (i = 0; i < options->num_channel_timeouts; i++) { + if (parse_timeout(options->channel_timeoutsi, + &type, &secs) != 0) { + fatal_f("internal error: bad timeout %s", + options->channel_timeoutsi); + } + channel_add_timeout(ssh, type, secs); + free(type); + } +} + struct connection_info * get_connection_info(struct ssh *ssh, int populate, int use_dns) { @@ -1918,6 +1983,10 @@ filename, linenum, keyword); else options->max_startups = options->max_startups_begin; + if (options->max_startups <= 0 || + options->max_startups_begin <= 0) + fatal("%s line %d: Invalid %s spec.", + filename, linenum, keyword); break; case sPerSourceNetBlockSize: @@ -2447,6 +2516,41 @@ intptr = &options->required_rsa_size; goto parse_int; + case sChannelTimeout: + uvalue = options->num_channel_timeouts; + i = 0; + while ((arg = argv_next(&ac, &av)) != NULL) { + /* Allow "none" only in first position */ + if (strcasecmp(arg, "none") == 0) { + if (i > 0 || ac > 0) { + error("%s line %d: keyword %s \"none\" " + "argument must appear alone.", + filename, linenum, keyword); + goto out; + } + } else if (parse_timeout(arg, NULL, NULL) != 0) { + fatal("%s line %d: invalid channel timeout %s", + filename, linenum, arg); + } + if (!*activep || uvalue != 0) + continue; + opt_array_append(filename, linenum, keyword, + &options->channel_timeouts, + &options->num_channel_timeouts, arg); + } + break; + + case sUnusedConnectionTimeout: + intptr = &options->unused_connection_timeout; + /* peek at first arg for "none" so we can reuse parse_time */ + if (av0 != NULL && strcasecmp(av0, "none") == 0) { + (void)argv_next(&ac, &av); /* consume arg */ + if (*activep) + *intptr = 0; + break;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/servconf.h -> _service:tar_scm:openssh-9.3p1.tar.gz/servconf.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.157 2022/09/17 10:34:29 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.159 2023/01/17 09:44:48 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -230,6 +230,11 @@ u_int64_t timing_secret; char *sk_provider; int required_rsa_size; /* minimum size of RSA keys */ + + char **channel_timeouts; /* inactivity timeout by channel type */ + u_int num_channel_timeouts; + + int unused_connection_timeout; } ServerOptions; /* Information about the incoming connection as used by Match */ @@ -287,6 +292,7 @@ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \ M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \ + M_CP_STRARRAYOPT(channel_timeouts, num_channel_timeouts); \ M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \ } while (0) @@ -296,6 +302,7 @@ int process_server_config_line(ServerOptions *, char *, const char *, int, int *, struct connection_info *, struct include_list *includes); void process_permitopen(struct ssh *ssh, ServerOptions *options); +void process_channel_timeouts(struct ssh *ssh, ServerOptions *); void load_server_config(const char *, struct sshbuf *); void parse_server_config(ServerOptions *, const char *, struct sshbuf *, struct include_list *includes, struct connection_info *, int);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/serverloop.c -> _service:tar_scm:openssh-9.3p1.tar.gz/serverloop.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.232 2022/04/20 04:19:11 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.236 2023/03/08 04:43:12 guenther Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -69,7 +69,6 @@ #include "canohost.h" #include "sshpty.h" #include "channels.h" -#include "compat.h" #include "ssh2.h" #include "sshkey.h" #include "cipher.h" @@ -113,14 +112,12 @@ return 1; } -/*ARGSUSED*/ static void sigchld_handler(int sig) { child_terminated = 1; } -/*ARGSUSED*/ static void sigterm_handler(int sig) { @@ -168,28 +165,41 @@ static void wait_until_can_do_something(struct ssh *ssh, int connection_in, int connection_out, struct pollfd **pfdp, - u_int *npfd_allocp, u_int *npfd_activep, u_int64_t max_time_ms, - sigset_t *sigsetp, int *conn_in_readyp, int *conn_out_readyp) + u_int *npfd_allocp, u_int *npfd_activep, sigset_t *sigsetp, + int *conn_in_readyp, int *conn_out_readyp) { - struct timespec ts, *tsp; + struct timespec timeout; + char remote_id512; int ret; - time_t minwait_secs = 0; int client_alive_scheduled = 0; u_int p; - /* time we last heard from the client OR sent a keepalive */ - static time_t last_client_time; + time_t now; + static time_t last_client_time, unused_connection_expiry; *conn_in_readyp = *conn_out_readyp = 0; /* Prepare channel poll. First two pollfd entries are reserved */ - channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, - 2, &minwait_secs); + ptimeout_init(&timeout); + channel_prepare_poll(ssh, pfdp, npfd_allocp, npfd_activep, 2, &timeout); + now = monotime(); if (*npfd_activep < 2) fatal_f("bad npfd %u", *npfd_activep); /* shouldn't happen */ + if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh)) { + ptimeout_deadline_sec(&timeout, + ssh_packet_get_rekey_timeout(ssh)); + } - /* XXX need proper deadline system for rekey/client alive */ - if (minwait_secs != 0) - max_time_ms = MINIMUM(max_time_ms, (u_int)minwait_secs * 1000); + /* + * If no channels are open and UnusedConnectionTimeout is set, then + * start the clock to terminate the connection. + */ + if (options.unused_connection_timeout != 0) { + if (channel_still_open(ssh) || unused_connection_expiry == 0) { + unused_connection_expiry = now + + options.unused_connection_timeout; + } + ptimeout_deadline_monotime(&timeout, unused_connection_expiry); + } /* * if using client_alive, set the max timeout accordingly, @@ -200,15 +210,12 @@ * analysis more difficult, but we're not doing it yet. */ if (options.client_alive_interval) { - uint64_t keepalive_ms = - (uint64_t)options.client_alive_interval * 1000; - - if (max_time_ms == 0 || max_time_ms > keepalive_ms) { - max_time_ms = keepalive_ms; - client_alive_scheduled = 1; - } + /* Time we last heard from the client OR sent a keepalive */ if (last_client_time == 0) - last_client_time = monotime(); + last_client_time = now; + ptimeout_deadline_sec(&timeout, options.client_alive_interval); + /* XXX ? deadline_monotime(last_client_time + alive_interval) */ + client_alive_scheduled = 1; } #if 0 @@ -226,19 +233,10 @@ * from it, then read as much as is available and exit. */ if (child_terminated && ssh_packet_not_very_much_data_to_write(ssh)) - if (max_time_ms == 0 || client_alive_scheduled) - max_time_ms = 100; - - if (max_time_ms == 0) - tsp = NULL; - else { - ts.tv_sec = max_time_ms / 1000; - ts.tv_nsec = 1000000 * (max_time_ms % 1000); - tsp = &ts; - } + ptimeout_deadline_ms(&timeout, 100); /* Wait for something to happen, or the timeout to expire. */ - ret = ppoll(*pfdp, *npfd_activep, tsp, sigsetp); + ret = ppoll(*pfdp, *npfd_activep, ptimeout_get_tsp(&timeout), sigsetp); if (ret == -1) { for (p = 0; p < *npfd_activep; p++) @@ -251,19 +249,26 @@ *conn_in_readyp = (*pfdp)0.revents != 0; *conn_out_readyp = (*pfdp)1.revents != 0; + now = monotime(); /* need to reset after ppoll() */ + /* ClientAliveInterval probing */ if (client_alive_scheduled) { - time_t now = monotime(); - - /* - * If the ppoll timed out, or returned for some other reason - * but we haven't heard from the client in time, send keepalive. - */ - if (ret == 0 || (last_client_time != 0 && last_client_time + - options.client_alive_interval <= now)) { + if (ret == 0 && + now > last_client_time + options.client_alive_interval) { + /* ppoll timed out and we're due to probe */ client_alive_check(ssh); last_client_time = now; - } else if (*conn_in_readyp) + } else if (ret != 0 && *conn_in_readyp) { + /* Data from peer; reset probe timer. */ last_client_time = now; + } + } + + /* UnusedConnectionTimeout handling */ + if (unused_connection_expiry != 0 && + now > unused_connection_expiry && !channel_still_open(ssh)) { + sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id)); + logit("terminating inactive connection from %s", remote_id); + cleanup_exit(255); } } @@ -338,7 +343,6 @@ u_int npfd_alloc = 0, npfd_active = 0; int r, conn_in_ready, conn_out_ready; u_int connection_in, connection_out; - u_int64_t rekey_timeout_ms = 0; sigset_t bsigset, osigset; debug("Entering interactive session for SSH2."); @@ -364,13 +368,6 @@ if (!ssh_packet_is_rekeying(ssh) && ssh_packet_not_very_much_data_to_write(ssh)) channel_output_poll(ssh); - if (options.rekey_interval > 0 && - !ssh_packet_is_rekeying(ssh)) { - rekey_timeout_ms = ssh_packet_get_rekey_timeout(ssh) * - 1000; - } else { - rekey_timeout_ms = 0; - } /* * Block SIGCHLD while we check for dead children, then pass @@ -381,7 +378,7 @@ error_f("bsigset sigprocmask: %s", strerror(errno)); collect_children(ssh); wait_until_can_do_something(ssh, connection_in, connection_out, - &pfd, &npfd_alloc, &npfd_active, rekey_timeout_ms, &osigset, + &pfd, &npfd_alloc, &npfd_active, &osigset, &conn_in_ready, &conn_out_ready); if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1) error_f("osigset sigprocmask: %s", strerror(errno));
View file
_service:tar_scm:openssh-9.1p1.tar.gz/session.c -> _service:tar_scm:openssh-9.3p1.tar.gz/session.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.330 2022/02/08 08:59:12 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.335 2023/03/07 06:09:14 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -72,7 +72,6 @@ #include "ssherr.h" #include "match.h" #include "uidswap.h" -#include "compat.h" #include "channels.h" #include "sshkey.h" #include "cipher.h" @@ -222,7 +221,7 @@ goto authsock_err; /* Allocate a channel for the authentication agent socket. */ - nc = channel_new(ssh, "auth socket", + nc = channel_new(ssh, "auth-listener", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "auth socket", 1); @@ -1159,6 +1158,7 @@ } *value++ = '\0'; child_set_env(&env, &envsize, cp, value); + free(cp); } /* SSH_CLIENT deprecated */ @@ -1955,7 +1955,7 @@ { struct stat st; int r, success = 0; - char *prog, *cmd; + char *prog, *cmd, *type; u_int i; if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 || @@ -1978,6 +1978,10 @@ s->is_subsystem = SUBSYSTEM_EXT; debug("subsystem: exec() %s", cmd); } + xasprintf(&type, "session:subsystem:%s", + options.subsystem_namei); + channel_set_xtype(ssh, s->chanid, type); + free(type); success = do_exec(ssh, s, cmd) == 0; break; } @@ -2033,6 +2037,9 @@ if ((r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + + channel_set_xtype(ssh, s->chanid, "session:shell"); + return do_exec(ssh, s, NULL) == 0; } @@ -2047,6 +2054,8 @@ (r = sshpkt_get_end(ssh)) != 0) sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + channel_set_xtype(ssh, s->chanid, "session:command"); + success = do_exec(ssh, s, command) == 0; free(command); return success; @@ -2335,7 +2344,7 @@ } static void -session_close_single_x11(struct ssh *ssh, int id, void *arg) +session_close_single_x11(struct ssh *ssh, int id, int force, void *arg) { Session *s; u_int i; @@ -2469,7 +2478,7 @@ * the session 'child' itself dies */ void -session_close_by_channel(struct ssh *ssh, int id, void *arg) +session_close_by_channel(struct ssh *ssh, int id, int force, void *arg) { Session *s = session_by_channel(id); u_int i; @@ -2482,12 +2491,14 @@ if (s->pid != 0) { debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd); /* - * delay detach of session, but release pty, since - * the fd's to the child are already closed + * delay detach of session (unless this is a forced close), + * but release pty, since the fd's to the child are already + * closed */ if (s->ttyfd != -1) session_pty_cleanup(s); - return; + if (!force) + return; } /* detach by removing callback */ channel_cancel_cleanup(ssh, s->chanid);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/session.h -> _service:tar_scm:openssh-9.3p1.tar.gz/session.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.h,v 1.36 2018/10/02 12:40:07 djm Exp $ */ +/* $OpenBSD: session.h,v 1.37 2023/01/06 02:39:59 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -70,7 +70,7 @@ void session_unused(int); int session_input_channel_req(struct ssh *, Channel *, const char *); void session_close_by_pid(struct ssh *ssh, pid_t, int); -void session_close_by_channel(struct ssh *, int, void *); +void session_close_by_channel(struct ssh *, int, int, void *); void session_destroy_all(struct ssh *, void (*)(Session *)); void session_pty_cleanup2(Session *);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp-client.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp-client.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-client.c,v 1.165 2022/09/19 10:43:12 djm Exp $ */ +/* $OpenBSD: sftp-client.c,v 1.169 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -68,10 +68,10 @@ extern volatile sig_atomic_t interrupted; extern int showprogress; -/* Default size of buffer for up/download */ +/* Default size of buffer for up/download (fix sftp.1 scp.1 if changed) */ #define DEFAULT_COPY_BUFLEN 32768 -/* Default number of concurrent outstanding requests */ +/* Default number of concurrent xfer requests (fix sftp.1 scp.1 if changed) */ #define DEFAULT_NUM_REQUESTS 64 /* Minimum amount of data to read at a time */ @@ -149,7 +149,6 @@ return req; } -/* ARGSUSED */ static int sftpio(void *_bwlimit, size_t amount) { @@ -566,17 +565,26 @@ /* If the caller did not specify, find a good value */ if (transfer_buflen == 0) { - ret->download_buflen = limits.read_length; - ret->upload_buflen = limits.write_length; - debug("Using server download size %u", ret->download_buflen); - debug("Using server upload size %u", ret->upload_buflen); + ret->download_buflen = MINIMUM(limits.read_length, + SFTP_MAX_MSG_LENGTH - 1024); + ret->upload_buflen = MINIMUM(limits.write_length, + SFTP_MAX_MSG_LENGTH - 1024); + ret->download_buflen = MAXIMUM(ret->download_buflen, 64); + ret->upload_buflen = MAXIMUM(ret->upload_buflen, 64); + debug3("server upload/download buffer sizes " + "%llu / %llu; using %u / %u", + (unsigned long long)limits.write_length, + (unsigned long long)limits.read_length, + ret->upload_buflen, ret->download_buflen); } /* Use the server limit to scale down our value only */ if (num_requests == 0 && limits.open_handles) { ret->num_requests = MINIMUM(DEFAULT_NUM_REQUESTS, limits.open_handles); - debug("Server handle limit %llu; using %u", + if (ret->num_requests == 0) + ret->num_requests = 1; + debug3("server handle limit %llu; using %u", (unsigned long long)limits.open_handles, ret->num_requests); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp-glob.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp-glob.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-glob.c,v 1.30 2022/02/25 09:46:24 dtucker Exp $ */ +/* $OpenBSD: sftp-glob.c,v 1.31 2022/10/24 21:51:55 djm Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -137,6 +137,11 @@ remote_glob(struct sftp_conn *conn, const char *pattern, int flags, int (*errfunc)(const char *, int), glob_t *pglob) { + int r; + size_t l; + char *s; + struct stat sb; + pglob->gl_opendir = fudge_opendir; pglob->gl_readdir = (struct dirent *(*)(void *))fudge_readdir; pglob->gl_closedir = (void (*)(void *))fudge_closedir; @@ -146,5 +151,30 @@ memset(&cur, 0, sizeof(cur)); cur.conn = conn; - return(glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)); + if ((r = glob(pattern, flags | GLOB_ALTDIRFUNC, errfunc, pglob)) != 0) + return r; + /* + * When both GLOB_NOCHECK and GLOB_MARK are active, a single gl_pathv + * entry has been returned and that entry has not already been marked, + * then check whether it needs a '/' appended as a directory mark. + * + * This ensures that a NOCHECK result is annotated as a directory. + * The glob(3) spec doesn't promise to mark NOCHECK entries, but doing + * it simplifies our callers (sftp/scp) considerably. + * + * XXX doesn't try to handle gl_offs. + */ + if ((flags & (GLOB_NOCHECK|GLOB_MARK)) == (GLOB_NOCHECK|GLOB_MARK) && + pglob->gl_matchc == 0 && pglob->gl_offs == 0 && + pglob->gl_pathc == 1 && (s = pglob->gl_pathv0) != NULL && + (l = strlen(s)) > 0 && sl-1 != '/') { + if (fudge_stat(s, &sb) == 0 && S_ISDIR(sb.st_mode)) { + /* NOCHECK on a directory; annotate */ + if ((s = realloc(s, l + 2)) != NULL) { + memcpy(s + l, "/", 2); + pglob->gl_pathv0 = s; + } + } + } + return 0; }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp-server.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp-server.0
Changed
@@ -95,4 +95,4 @@ AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 7.1 July 27, 2021 OpenBSD 7.1 +OpenBSD 7.2 July 27, 2021 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp-server.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp-server.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.144 2022/09/19 10:41:58 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.146 2023/03/07 05:37:26 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -819,7 +819,7 @@ } if (len > buflen) { debug3_f("allocate %zu => %u", buflen, len); - if ((buf = realloc(NULL, len)) == NULL) + if ((buf = realloc(buf, len)) == NULL) fatal_f("realloc failed"); buflen = len; } @@ -1745,7 +1745,7 @@ name = user_pw == NULL ? "" : user_pw->pw_name; debug3_f("uid %u => \"%s\"", n, name); if ((r = sshbuf_put_cstring(usernames, name)) != 0) - fatal_fr(r, "assemble gid reply"); + fatal_fr(r, "assemble uid reply"); nusers++; } while (sshbuf_len(gids) != 0) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp.0
Changed
@@ -8,7 +8,7 @@ -D sftp_server_command -F ssh_config -i identity_file -J destination -l limit -o ssh_option -P port -R num_requests -S program -s subsystem | sftp_server - destination + -X sftp_option destination DESCRIPTION sftp is a file transfer program, similar to ftp(1), which performs all @@ -207,6 +207,21 @@ -v Raise logging level. This option is also passed to ssh. + -X sftp_option + Specify an option that controls aspects of SFTP protocol + behaviour. The valid options are: + + nrequests=value + Controls how many concurrent SFTP read or write requests + may be in progress at any point in time during a download + or upload. By default 64 requests may be active + concurrently. + + buffer=value + Controls the maximum buffer size for a single SFTP + read/write operation used during download or upload. By + default a 32KB buffer is used. + INTERACTIVE COMMANDS Once in interactive mode, sftp understands a set of commands similar to those of ftp(1). Commands are case insensitive. Pathnames that contain @@ -420,4 +435,4 @@ T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. -OpenBSD 7.1 September 19, 2022 OpenBSD 7.1 +OpenBSD 7.2 December 16, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp.1 -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp.1
Changed
@@ -1,4 +1,4 @@ -.\" $OpenBSD: sftp.1,v 1.142 2022/09/19 21:39:16 djm Exp $ +.\" $OpenBSD: sftp.1,v 1.143 2022/12/16 03:40:03 djm Exp $ .\" .\" Copyright (c) 2001 Damien Miller. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 19 2022 $ +.Dd $Mdocdate: December 16 2022 $ .Dt SFTP 1 .Os .Sh NAME @@ -44,6 +44,7 @@ .Op Fl R Ar num_requests .Op Fl S Ar program .Op Fl s Ar subsystem | sftp_server +.Op Fl X Ar sftp_option .Ar destination .Sh DESCRIPTION .Nm @@ -320,6 +321,19 @@ .It Fl v Raise logging level. This option is also passed to ssh. +.It Fl X Ar sftp_option +Specify an option that controls aspects of SFTP protocol behaviour. +The valid options are: +.Bl -tag -width Ds +.It Cm nrequests Ns = Ns Ar value +Controls how many concurrent SFTP read or write requests may be in progress +at any point in time during a download or upload. +By default 64 requests may be active concurrently. +.It Cm buffer Ns = Ns Ar value +Controls the maximum buffer size for a single SFTP read/write operation used +during download or upload. +By default a 32KB buffer is used. +.El .El .Sh INTERACTIVE COMMANDS Once in interactive mode,
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sftp.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sftp.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.222 2022/09/19 10:46:00 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.229 2023/03/12 09:41:18 dtucker Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org> * @@ -217,7 +217,6 @@ { NULL, -1, -1, -1 } }; -/* ARGSUSED */ static void killchild(int signo) { @@ -232,7 +231,6 @@ _exit(1); } -/* ARGSUSED */ static void suspchild(int signo) { @@ -244,7 +242,6 @@ kill(getpid(), SIGSTOP); } -/* ARGSUSED */ static void cmd_interrupt(int signo) { @@ -256,14 +253,12 @@ errno = olderrno; } -/* ARGSUSED */ static void read_interrupt(int signo) { interrupted = 1; } -/*ARGSUSED*/ static void sigchld_handler(int sig) { @@ -275,7 +270,8 @@ while ((pid = waitpid(sshpid, NULL, WNOHANG)) == -1 && errno == EINTR) continue; if (pid == sshpid) { - (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); + if (!quiet) + (void)write(STDERR_FILENO, msg, sizeof(msg) - 1); sshpid = -1; } @@ -1011,7 +1007,7 @@ */ for (nentries = 0; g.gl_pathvnentries != NULL; nentries++) ; /* count entries */ - indices = calloc(nentries, sizeof(*indices)); + indices = xcalloc(nentries, sizeof(*indices)); for (i = 0; i < nentries; i++) indicesi = i; @@ -1029,6 +1025,7 @@ if (lflag & LS_LONG_VIEW) { if (g.gl_statvi == NULL) { error("no stat information for %s", fname); + free(fname); continue; } lname = ls_file(fname, g.gl_statvi, 1, @@ -2000,7 +1997,9 @@ memset(&g, 0, sizeof(g)); if (remote != LOCAL) { - tmp = make_absolute_pwd_glob(tmp, remote_path); + tmp2 = make_absolute_pwd_glob(tmp, remote_path); + free(tmp); + tmp = tmp2; remote_glob(conn, tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); } else glob(tmp, GLOB_DOOFFS|GLOB_MARK, NULL, &g); @@ -2410,7 +2409,7 @@ " -D sftp_server_command -F ssh_config -i identity_file\n" " -J destination -l limit -o ssh_option -P port\n" " -R num_requests -S program -s subsystem | sftp_server\n" - " destination\n", + " -X sftp_option destination\n", __progname); exit(1); } @@ -2431,7 +2430,7 @@ struct sftp_conn *conn; size_t copy_buffer_len = 0; size_t num_requests = 0; - long long limit_kbps = 0; + long long llv, limit_kbps = 0; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -2449,7 +2448,7 @@ infile = stdin; while ((ch = getopt(argc, argv, - "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) { + "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:X:")) != -1) { switch (ch) { /* Passed through to ssh(1) */ case 'A': @@ -2546,6 +2545,31 @@ ssh_program = optarg; replacearg(&args, 0, "%s", ssh_program); break; + case 'X': + /* Please keep in sync with ssh.c -X */ + if (strncmp(optarg, "buffer=", 7) == 0) { + r = scan_scaled(optarg + 7, &llv); + if (r == 0 && (llv <= 0 || llv > 256 * 1024)) { + r = -1; + errno = EINVAL; + } + if (r == -1) { + fatal("Invalid buffer size \"%s\": %s", + optarg + 7, strerror(errno)); + } + copy_buffer_len = (size_t)llv; + } else if (strncmp(optarg, "nrequests=", 10) == 0) { + llv = strtonum(optarg + 10, 1, 256 * 1024, + &errstr); + if (errstr != NULL) { + fatal("Invalid number of requests " + "\"%s\": %s", optarg + 10, errstr); + } + num_requests = (size_t)llv; + } else { + fatal("Invalid -X option"); + } + break; case 'h': default: usage();
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sntrup761.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sntrup761.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sntrup761.c,v 1.5 2021/01/08 02:33:13 dtucker Exp $ */ +/* $OpenBSD: sntrup761.c,v 1.6 2023/01/11 02:13:52 djm Exp $ */ /* * Public Domain, Authors: @@ -119,7 +119,7 @@ Time still varies depending on m; user must ensure that m is constant. Time also varies on CPUs where multiplication is variable-time. There could be more CPU issues. -There could also be compiler issues. +There could also be compiler issues. */ static void uint32_divmod_uint14(uint32 *q,uint16 *r,uint32 x,uint16 m) @@ -447,7 +447,7 @@ #ifndef LPR static Fq Fq_recip(Fq a1) -{ +{ int i = 1; Fq ai = a1; @@ -456,7 +456,7 @@ i += 1; } return ai; -} +} #endif @@ -525,11 +525,11 @@ /* returns 0 if recip succeeded; else -1 */ static int R3_recip(small *out,const small *in) -{ +{ small fp+1,gp+1,vp+1,rp+1; int i,loop,delta; int sign,swap,t; - + for (i = 0;i < p+1;++i) vi = 0; for (i = 0;i < p+1;++i) ri = 0; r0 = 1; @@ -537,35 +537,35 @@ f0 = 1; fp-1 = fp = -1; for (i = 0;i < p;++i) gp-1-i = ini; gp = 0; - - delta = 1; + + delta = 1; for (loop = 0;loop < 2*p-1;++loop) { for (i = p;i > 0;--i) vi = vi-1; v0 = 0; - + sign = -g0*f0; swap = int16_negative_mask(-delta) & int16_nonzero_mask(g0); delta ^= swap&(delta^-delta); delta += 1; - + for (i = 0;i < p+1;++i) { t = swap&(fi^gi); fi ^= t; gi ^= t; t = swap&(vi^ri); vi ^= t; ri ^= t; } - + for (i = 0;i < p+1;++i) gi = F3_freeze(gi+sign*fi); for (i = 0;i < p+1;++i) ri = F3_freeze(ri+sign*vi); for (i = 0;i < p;++i) gi = gi+1; gp = 0; } - + sign = f0; for (i = 0;i < p;++i) outi = sign*vp-1-i; - + return int16_nonzero_mask(delta); -} +} #endif @@ -603,14 +603,14 @@ static void Rq_mult3(Fq *h,const Fq *f) { int i; - + for (i = 0;i < p;++i) hi = Fq_freeze(3*fi); } /* out = 1/(3*in) in Rq */ /* returns 0 if recip succeeded; else -1 */ static int Rq_recip3(Fq *out,const small *in) -{ +{ Fq fp+1,gp+1,vp+1,rp+1; int i,loop,delta; int swap,t; @@ -739,7 +739,7 @@ { small gp; Fq finvp; - + for (;;) { Small_random(g); if (R3_recip(ginv,g) == 0) break; @@ -777,7 +777,7 @@ for (i = 0;i < w;++i) ri = ((evi^1)&~mask)^1; for (i = w;i < p;++i) ri = evi&~mask; } - + #endif /* ----- NTRU LPRime Core */ @@ -817,7 +817,7 @@ for (i = 0;i < I;++i) ri = -int16_negative_mask(Fq_freeze(Right(Ti)-aBi+4*w+1)); } - + #endif /* ----- encoding I-bit inputs */ @@ -898,7 +898,7 @@ } #endif - + /* ----- NTRU LPRime Expand */ #ifdef LPR @@ -974,7 +974,7 @@ { uint16 Rp,Mp; int i; - + for (i = 0;i < p;++i) Ri = ri+q12; for (i = 0;i < p;++i) Mi = q; Encode(s,R,M,p); @@ -989,7 +989,7 @@ Decode(R,s,M,p); for (i = 0;i < p;++i) ri = ((Fq)Ri)-q12; } - + #endif /* ----- encoding rounded polynomials */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sntrup761.sh -> _service:tar_scm:openssh-9.3p1.tar.gz/sntrup761.sh
Changed
@@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: sntrup761.sh,v 1.5 2021/01/08 02:33:13 dtucker Exp $ +# $OpenBSD: sntrup761.sh,v 1.7 2023/01/11 02:13:52 djm Exp $ # Placed in the Public Domain. # AUTHOR="supercop-20201130/crypto_kem/sntrup761/ref/implementors" @@ -45,7 +45,7 @@ # - remove all includes, we inline everything required. # - make functions not required elsewhere static. # - rename the functions we do use. - # - remove unneccesary defines and externs. + # - remove unnecessary defines and externs. sed -e "/#include/d" \ -e "s/crypto_kem_/crypto_kem_sntrup761_/g" \ -e "s/^void /static void /g" \ @@ -54,6 +54,7 @@ -e "/^extern /d" \ -e '/CRYPTO_NAMESPACE/d' \ -e "/^#define int32 crypto_int32/d" \ + -e 's/ *$//' \ $i | \ case "$i" in # Use int64_t for intermediate values in int32_MINMAX to prevent signed
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-add.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-add.0
Changed
@@ -200,4 +200,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.1 February 4, 2022 OpenBSD 7.1 +OpenBSD 7.2 February 4, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-add.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-add.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.166 2022/06/18 02:17:16 dtucker Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.167 2023/03/08 00:05:58 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -477,6 +477,7 @@ { struct sshkey *key = NULL; u_char *sig = NULL; + const char *alg = NULL; size_t slen = 0; int r, ret = -1; char data1024; @@ -485,14 +486,16 @@ error_r(r, "Couldn't read public key %s", filename); return -1; } + if (sshkey_type_plain(key->type) == KEY_RSA) + alg = "rsa-sha2-256"; arc4random_buf(data, sizeof(data)); if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data), - NULL, 0)) != 0) { + alg, 0)) != 0) { error_r(r, "Agent signature failed for %s", filename); goto done; } if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL)) != 0) { + alg, 0, NULL)) != 0) { error_r(r, "Signature verification failed for %s", filename); goto done; }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-agent.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-agent.0
Changed
@@ -5,9 +5,9 @@ SYNOPSIS ssh-agent -c | -s -Dd -a bind_address -E fingerprint_hash - -P allowed_providers -t life - ssh-agent -a bind_address -E fingerprint_hash -P allowed_providers - -t life command arg ... + -O option -P allowed_providers -t life + ssh-agent -a bind_address -E fingerprint_hash -O option + -P allowed_providers -t life command arg ... ssh-agent -c | -s -k DESCRIPTION @@ -39,6 +39,18 @@ -k Kill the current agent (given by the SSH_AGENT_PID environment variable). + -O option + Specify an option when starting ssh-agent. Currently only one + option is supported: no-restrict-websafe. This instructs + ssh-agent to permit signatures using FIDO keys that might be web + authentication requests. By default, ssh-agent refuses signature + requests for FIDO keys where the key application string does not + start with M-bM-^@M-^\ssh:M-bM-^@M-^ and when the data to be signed does not appear + to be a ssh(1) user authentication request or a ssh-keygen(1) + signature. The default behaviour prevents forwarded access to a + FIDO key from also implicitly forwarding the ability to + authenticate to websites. + -P allowed_providers Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO authenticator middleware shared libraries that may be @@ -116,4 +128,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.1 March 31, 2022 OpenBSD 7.1 +OpenBSD 7.2 October 7, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-agent.1 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-agent.1
Changed
@@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.73 2022/03/31 17:27:27 naddy Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.75 2022/10/07 06:00:58 jmc Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: October 7 2022 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -46,11 +46,13 @@ .Op Fl \&Dd .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash +.Op Fl O Ar option .Op Fl P Ar allowed_providers .Op Fl t Ar life .Nm ssh-agent .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash +.Op Fl O Ar option .Op Fl P Ar allowed_providers .Op Fl t Ar life .Ar command Op Ar arg ... @@ -102,6 +104,27 @@ Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). +.It Fl O Ar option +Specify an option when starting +.Nm . +Currently only one option is supported: +.Cm no-restrict-websafe . +This instructs +.Nm +to permit signatures using FIDO keys that might be web authentication +requests. +By default, +.Nm +refuses signature requests for FIDO keys where the key application string +does not start with +.Dq ssh: +and when the data to be signed does not appear to be a +.Xr ssh 1 +user authentication request or a +.Xr ssh-keygen 1 +signature. +The default behaviour prevents forwarded access to a FIDO key from also +implicitly forwarding the ability to authenticate to websites. .It Fl P Ar allowed_providers Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO authenticator middleware shared libraries that may be used with the
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-agent.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-agent.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.292 2022/09/17 10:11:29 djm Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.297 2023/03/09 21:06:24 jcs Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -80,14 +80,12 @@ #include "sshbuf.h" #include "sshkey.h" #include "authfd.h" -#include "compat.h" #include "log.h" #include "misc.h" #include "digest.h" #include "ssherr.h" #include "match.h" #include "msg.h" -#include "ssherr.h" #include "pathnames.h" #include "ssh-pkcs11.h" #include "sk-api.h" @@ -1025,8 +1023,8 @@ error_fr(r, "parse"); goto out; } - if ((r = parse_dest_constraint_hop(frombuf, &dc->from) != 0) || - (r = parse_dest_constraint_hop(tobuf, &dc->to) != 0)) + if ((r = parse_dest_constraint_hop(frombuf, &dc->from)) != 0 || + (r = parse_dest_constraint_hop(tobuf, &dc->to)) != 0) goto out; /* already logged */ if (elen != 0) { error_f("unsupported extensions (len %zu)", elen); @@ -1962,7 +1960,6 @@ _exit(i); } -/*ARGSUSED*/ static void cleanup_handler(int sig) { @@ -1992,9 +1989,9 @@ { fprintf(stderr, "usage: ssh-agent -c | -s -Dd -a bind_address -E fingerprint_hash\n" - " -P allowed_providers -t life\n" - " ssh-agent -a bind_address -E fingerprint_hash -P allowed_providers\n" - " -t life command arg ...\n" + " -O option -P allowed_providers -t life\n" + " ssh-agent -a bind_address -E fingerprint_hash -O option\n" + " -P allowed_providers -t life command arg ...\n" " ssh-agent -c | -s -k\n"); exit(1); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-dss.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-dss.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */ +/* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -37,7 +37,6 @@ #include <string.h> #include "sshbuf.h" -#include "compat.h" #include "ssherr.h" #include "digest.h" #define SSHKEY_INTERNAL @@ -48,9 +47,219 @@ #define INTBLOB_LEN 20 #define SIGBLOB_LEN (2*INTBLOB_LEN) -int -ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static u_int +ssh_dss_size(const struct sshkey *key) +{ + const BIGNUM *dsa_p; + + if (key->dsa == NULL) + return 0; + DSA_get0_pqg(key->dsa, &dsa_p, NULL, NULL); + return BN_num_bits(dsa_p); +} + +static int +ssh_dss_alloc(struct sshkey *k) +{ + if ((k->dsa = DSA_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + +static void +ssh_dss_cleanup(struct sshkey *k) +{ + DSA_free(k->dsa); + k->dsa = NULL; +} + +static int +ssh_dss_equal(const struct sshkey *a, const struct sshkey *b) +{ + const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a; + const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b; + + if (a->dsa == NULL || b->dsa == NULL) + return 0; + DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a); + DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b); + DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL); + DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL); + if (dsa_p_a == NULL || dsa_p_b == NULL || + dsa_q_a == NULL || dsa_q_b == NULL || + dsa_g_a == NULL || dsa_g_b == NULL || + dsa_pub_key_a == NULL || dsa_pub_key_b == NULL) + return 0; + if (BN_cmp(dsa_p_a, dsa_p_b) != 0) + return 0; + if (BN_cmp(dsa_q_a, dsa_q_b) != 0) + return 0; + if (BN_cmp(dsa_g_a, dsa_g_b) != 0) + return 0; + if (BN_cmp(dsa_pub_key_a, dsa_pub_key_b) != 0) + return 0; + return 1; +} + +static int +ssh_dss_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; + + if (key->dsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g); + DSA_get0_key(key->dsa, &dsa_pub_key, NULL); + if (dsa_p == NULL || dsa_q == NULL || + dsa_g == NULL || dsa_pub_key == NULL) + return SSH_ERR_INTERNAL_ERROR; + if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 || + (r = sshbuf_put_bignum2(b, dsa_q)) != 0 || + (r = sshbuf_put_bignum2(b, dsa_g)) != 0 || + (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0) + return r; + + return 0; +} + +static int +ssh_dss_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *dsa_priv_key; + + DSA_get0_key(key->dsa, NULL, &dsa_priv_key); + if (!sshkey_is_cert(key)) { + if ((r = ssh_dss_serialize_public(key, b, opts)) != 0) + return r; + } + if ((r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0) + return r; + + return 0; +} + +static int +ssh_dss_generate(struct sshkey *k, int bits) +{ + DSA *private; + + if (bits != 1024) + return SSH_ERR_KEY_LENGTH; + if ((private = DSA_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, + NULL, NULL) || !DSA_generate_key(private)) { + DSA_free(private); + return SSH_ERR_LIBCRYPTO_ERROR; + } + k->dsa = private; + return 0; +} + +static int +ssh_dss_copy_public(const struct sshkey *from, struct sshkey *to) +{ + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; + BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL; + BIGNUM *dsa_pub_key_dup = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + DSA_get0_pqg(from->dsa, &dsa_p, &dsa_q, &dsa_g); + DSA_get0_key(from->dsa, &dsa_pub_key, NULL); + if ((dsa_p_dup = BN_dup(dsa_p)) == NULL || + (dsa_q_dup = BN_dup(dsa_q)) == NULL || + (dsa_g_dup = BN_dup(dsa_g)) == NULL || + (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!DSA_set0_pqg(to->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */ + if (!DSA_set0_key(to->dsa, dsa_pub_key_dup, NULL)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_pub_key_dup = NULL; /* transferred */ + /* success */ + r = 0; + out: + BN_clear_free(dsa_p_dup); + BN_clear_free(dsa_q_dup); + BN_clear_free(dsa_g_dup); + BN_clear_free(dsa_pub_key_dup); + return r; +} + +static int +ssh_dss_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL; + + if (sshbuf_get_bignum2(b, &dsa_p) != 0 || + sshbuf_get_bignum2(b, &dsa_q) != 0 || + sshbuf_get_bignum2(b, &dsa_g) != 0 || + sshbuf_get_bignum2(b, &dsa_pub_key) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_p = dsa_q = dsa_g = NULL; /* transferred */ + if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + dsa_pub_key = NULL; /* transferred */ +#ifdef DEBUG_PK + DSA_print_fp(stderr, key->dsa, 8); +#endif + /* success */ + ret = 0;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-ecdsa-sk.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-ecdsa-sk.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa-sk.c,v 1.8 2020/06/22 23:44:27 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa-sk.c,v 1.18 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -61,6 +61,99 @@ } #else /* OPENSSL_HAS_ECC */ +/* Reuse some ECDSA internals */ +extern struct sshkey_impl_funcs sshkey_ecdsa_funcs; + +static void +ssh_ecdsa_sk_cleanup(struct sshkey *k) +{ + sshkey_sk_cleanup(k); + sshkey_ecdsa_funcs.cleanup(k); +} + +static int +ssh_ecdsa_sk_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (!sshkey_sk_fields_equal(a, b)) + return 0; + if (!sshkey_ecdsa_funcs.equal(a, b)) + return 0; + return 1; +} + +static int +ssh_ecdsa_sk_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshkey_ecdsa_funcs.serialize_public(key, b, opts)) != 0) + return r; + if ((r = sshkey_serialize_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ecdsa_sk_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (!sshkey_is_cert(key)) { + if ((r = sshkey_ecdsa_funcs.serialize_public(key, + b, opts)) != 0) + return r; + } + if ((r = sshkey_serialize_private_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ecdsa_sk_copy_public(const struct sshkey *from, struct sshkey *to) +{ + int r; + + if ((r = sshkey_ecdsa_funcs.copy_public(from, to)) != 0) + return r; + if ((r = sshkey_copy_public_sk(from, to)) != 0) + return r; + return 0; +} + +static int +ssh_ecdsa_sk_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if ((r = sshkey_ecdsa_funcs.deserialize_public(ktype, b, key)) != 0) + return r; + if ((r = sshkey_deserialize_sk(b, key)) != 0) + return r; + return 0; +} + +static int +ssh_ecdsa_sk_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if (!sshkey_is_cert(key)) { + if ((r = sshkey_ecdsa_funcs.deserialize_public(ktype, + b, key)) != 0) + return r; + } + if ((r = sshkey_private_deserialize_sk(b, key)) != 0) + return r; + + return 0; +} + /* * Check FIDO/W3C webauthn signatures clientData field against the expected * format and prepare a hash of it for use in signature verification. @@ -137,14 +230,13 @@ return r; } -/* ARGSUSED */ -int +static int ssh_ecdsa_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, struct sshkey_sig_details **detailsp) { - ECDSA_SIG *sig = NULL; + ECDSA_SIG *esig = NULL; BIGNUM *sig_r = NULL, *sig_s = NULL; u_char sig_flags; u_char msghash32, apphash32, sighash32; @@ -162,14 +254,14 @@ *detailsp = NULL; if (key == NULL || key->ecdsa == NULL || sshkey_type_plain(key->type) != KEY_ECDSA_SK || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; if (key->ecdsa_nid != NID_X9_62_prime256v1) return SSH_ERR_INTERNAL_ERROR; /* fetch signature */ - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((details = calloc(1, sizeof(*details))) == NULL) { ret = SSH_ERR_ALLOC_FAIL; @@ -231,11 +323,11 @@ sshbuf_dump(webauthn_wrapper, stderr); } #endif - if ((sig = ECDSA_SIG_new()) == NULL) { + if ((esig = ECDSA_SIG_new()) == NULL) { ret = SSH_ERR_ALLOC_FAIL; goto out; } - if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) { + if (!ECDSA_SIG_set0(esig, sig_r, sig_s)) { ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -247,11 +339,11 @@ goto out; } if (is_webauthn) { - if ((ret = webauthn_check_prepare_hash(data, datalen, + if ((ret = webauthn_check_prepare_hash(data, dlen, webauthn_origin, webauthn_wrapper, sig_flags, webauthn_exts, msghash, sizeof(msghash))) != 0) goto out; - } else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen, + } else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, dlen, msghash, sizeof(msghash))) != 0) goto out; /* Application value is hashed before signature */ @@ -285,7 +377,7 @@ #endif /* Verify it */ - switch (ECDSA_do_verify(sighash, sizeof(sighash), sig, key->ecdsa)) { + switch (ECDSA_do_verify(sighash, sizeof(sighash), esig, key->ecdsa)) { case 1: ret = 0; break; @@ -314,11 +406,62 @@ sshbuf_free(original_signed); sshbuf_free(sigbuf); sshbuf_free(b); - ECDSA_SIG_free(sig); + ECDSA_SIG_free(esig); BN_clear_free(sig_r); BN_clear_free(sig_s); free(ktype); return ret; } +static const struct sshkey_impl_funcs sshkey_ecdsa_sk_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ecdsa_sk_cleanup, + /* .equal = */ ssh_ecdsa_sk_equal, + /* .ssh_serialize_public = */ ssh_ecdsa_sk_serialize_public, + /* .ssh_deserialize_public = */ ssh_ecdsa_sk_deserialize_public, + /* .ssh_serialize_private = */ ssh_ecdsa_sk_serialize_private, + /* .ssh_deserialize_private = */ ssh_ecdsa_sk_deserialize_private,
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-ecdsa.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-ecdsa.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ecdsa.c,v 1.16 2019/01/21 09:54:11 djm Exp $ */ +/* $OpenBSD: ssh-ecdsa.c,v 1.26 2023/03/08 04:43:12 guenther Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2010 Damien Miller. All rights reserved. @@ -45,16 +45,194 @@ #include "openbsd-compat/openssl-compat.h" -/* ARGSUSED */ -int -ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static u_int +ssh_ecdsa_size(const struct sshkey *key) { - ECDSA_SIG *sig = NULL; + switch (key->ecdsa_nid) { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; +#ifdef OPENSSL_HAS_NISTP521 + case NID_secp521r1: + return 521; +#endif + default: + return 0; + } +} + +static void +ssh_ecdsa_cleanup(struct sshkey *k) +{ + EC_KEY_free(k->ecdsa); + k->ecdsa = NULL; +} + +static int +ssh_ecdsa_equal(const struct sshkey *a, const struct sshkey *b) +{ + const EC_GROUP *grp_a, *grp_b; + const EC_POINT *pub_a, *pub_b; + + if (a->ecdsa == NULL || b->ecdsa == NULL) + return 0; + if ((grp_a = EC_KEY_get0_group(a->ecdsa)) == NULL || + (grp_b = EC_KEY_get0_group(b->ecdsa)) == NULL) + return 0; + if ((pub_a = EC_KEY_get0_public_key(a->ecdsa)) == NULL || + (pub_b = EC_KEY_get0_public_key(b->ecdsa)) == NULL) + return 0; + if (EC_GROUP_cmp(grp_a, grp_b, NULL) != 0) + return 0; + if (EC_POINT_cmp(grp_a, pub_a, pub_b, NULL) != 0) + return 0; + + return 1; +} + +static int +ssh_ecdsa_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->ecdsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_cstring(b, + sshkey_curve_nid_to_name(key->ecdsa_nid))) != 0 || + (r = sshbuf_put_eckey(b, key->ecdsa)) != 0) + return r; + + return 0; +} + +static int +ssh_ecdsa_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (!sshkey_is_cert(key)) { + if ((r = ssh_ecdsa_serialize_public(key, b, opts)) != 0) + return r; + } + if ((r = sshbuf_put_bignum2(b, + EC_KEY_get0_private_key(key->ecdsa))) != 0) + return r; + return 0; +} + +static int +ssh_ecdsa_generate(struct sshkey *k, int bits) +{ + EC_KEY *private; + + if ((k->ecdsa_nid = sshkey_ecdsa_bits_to_nid(bits)) == -1) + return SSH_ERR_KEY_LENGTH; + if ((private = EC_KEY_new_by_curve_name(k->ecdsa_nid)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (EC_KEY_generate_key(private) != 1) { + EC_KEY_free(private); + return SSH_ERR_LIBCRYPTO_ERROR; + } + EC_KEY_set_asn1_flag(private, OPENSSL_EC_NAMED_CURVE); + k->ecdsa = private; + return 0; +} + +static int +ssh_ecdsa_copy_public(const struct sshkey *from, struct sshkey *to) +{ + to->ecdsa_nid = from->ecdsa_nid; + if ((to->ecdsa = EC_KEY_new_by_curve_name(from->ecdsa_nid)) == NULL) + return SSH_ERR_ALLOC_FAIL; + if (EC_KEY_set_public_key(to->ecdsa, + EC_KEY_get0_public_key(from->ecdsa)) != 1) + return SSH_ERR_LIBCRYPTO_ERROR; /* caller will free k->ecdsa */ + return 0; +} + +static int +ssh_ecdsa_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + char *curve = NULL; + + if ((key->ecdsa_nid = sshkey_ecdsa_nid_from_name(ktype)) == -1) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_get_cstring(b, &curve, NULL)) != 0) + goto out; + if (key->ecdsa_nid != sshkey_curve_name_to_nid(curve)) { + r = SSH_ERR_EC_CURVE_MISMATCH; + goto out; + } + EC_KEY_free(key->ecdsa); + key->ecdsa = NULL; + if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshbuf_get_eckey(b, key->ecdsa)) != 0) + goto out; + if (sshkey_ec_validate_public(EC_KEY_get0_group(key->ecdsa), + EC_KEY_get0_public_key(key->ecdsa)) != 0) { + r = SSH_ERR_KEY_INVALID_EC_VALUE; + goto out; + } + /* success */ + r = 0; +#ifdef DEBUG_PK + sshkey_dump_ec_point(EC_KEY_get0_group(key->ecdsa), + EC_KEY_get0_public_key(key->ecdsa)); +#endif + out: + free(curve); + if (r != 0) { + EC_KEY_free(key->ecdsa); + key->ecdsa = NULL; + } + return r; +} + +static int +ssh_ecdsa_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + BIGNUM *exponent = NULL; + + if (!sshkey_is_cert(key)) { + if ((r = ssh_ecdsa_deserialize_public(ktype, b, key)) != 0) + return r; + } + if ((r = sshbuf_get_bignum2(b, &exponent)) != 0) + goto out; + if (EC_KEY_set_private_key(key->ecdsa, exponent) != 1) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + if ((r = sshkey_ec_validate_private(key->ecdsa)) != 0) + goto out; + /* success */ + r = 0; + out: + BN_clear_free(exponent); + return r; +} + +static int +ssh_ecdsa_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t dlen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) +{ + ECDSA_SIG *esig = NULL; const BIGNUM *sig_r, *sig_s;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-ed25519-sk.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-ed25519-sk.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519-sk.c,v 1.6 2020/10/18 11:32:02 djm Exp $ */ +/* $OpenBSD: ssh-ed25519-sk.c,v 1.15 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2019 Markus Friedl. All rights reserved. * @@ -35,10 +35,96 @@ #include "ssh.h" #include "digest.h" -int +/* Reuse some ED25519 internals */ +extern struct sshkey_impl_funcs sshkey_ed25519_funcs; + +static void +ssh_ed25519_sk_cleanup(struct sshkey *k) +{ + sshkey_sk_cleanup(k); + sshkey_ed25519_funcs.cleanup(k); +} + +static int +ssh_ed25519_sk_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (!sshkey_sk_fields_equal(a, b)) + return 0; + if (!sshkey_ed25519_funcs.equal(a, b)) + return 0; + return 1; +} + +static int +ssh_ed25519_sk_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshkey_ed25519_funcs.serialize_public(key, b, opts)) != 0) + return r; + if ((r = sshkey_serialize_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_sk_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshkey_ed25519_funcs.serialize_public(key, b, opts)) != 0) + return r; + if ((r = sshkey_serialize_private_sk(key, b)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_sk_copy_public(const struct sshkey *from, struct sshkey *to) +{ + int r; + + if ((r = sshkey_ed25519_funcs.copy_public(from, to)) != 0) + return r; + if ((r = sshkey_copy_public_sk(from, to)) != 0) + return r; + return 0; +} + +static int +ssh_ed25519_sk_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if ((r = sshkey_ed25519_funcs.deserialize_public(ktype, b, key)) != 0) + return r; + if ((r = sshkey_deserialize_sk(b, key)) != 0) + return r; + return 0; +} + +static int +ssh_ed25519_sk_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + + if ((r = sshkey_ed25519_funcs.deserialize_public(ktype, b, key)) != 0) + return r; + if ((r = sshkey_private_deserialize_sk(b, key)) != 0) + return r; + return 0; +} + +static int ssh_ed25519_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; @@ -63,10 +149,10 @@ if (key == NULL || sshkey_type_plain(key->type) != KEY_ED25519_SK || key->ed25519_pk == NULL || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if (sshbuf_get_cstring(b, &ktype, NULL) != 0 || sshbuf_get_string_direct(b, &sigblob, &len) != 0 || @@ -97,7 +183,7 @@ } if (ssh_digest_memory(SSH_DIGEST_SHA256, key->sk_application, strlen(key->sk_application), apphash, sizeof(apphash)) != 0 || - ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen, + ssh_digest_memory(SSH_DIGEST_SHA256, data, dlen, msghash, sizeof(msghash)) != 0) { r = SSH_ERR_INVALID_ARGUMENT; goto out; @@ -161,3 +247,42 @@ free(ktype); return r; } + +static const struct sshkey_impl_funcs sshkey_ed25519_sk_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ed25519_sk_cleanup, + /* .equal = */ ssh_ed25519_sk_equal, + /* .ssh_serialize_public = */ ssh_ed25519_sk_serialize_public, + /* .ssh_deserialize_public = */ ssh_ed25519_sk_deserialize_public, + /* .ssh_serialize_private = */ ssh_ed25519_sk_serialize_private, + /* .ssh_deserialize_private = */ ssh_ed25519_sk_deserialize_private, + /* .generate = */ NULL, + /* .copy_public = */ ssh_ed25519_sk_copy_public, + /* .sign = */ NULL, + /* .verify = */ ssh_ed25519_sk_verify, +}; + +const struct sshkey_impl sshkey_ed25519_sk_impl = { + /* .name = */ "sk-ssh-ed25519@openssh.com", + /* .shortname = */ "ED25519-SK", + /* .sigalg = */ NULL, + /* .type = */ KEY_ED25519_SK, + /* .nid = */ 0, + /* .cert = */ 0, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ed25519_sk_funcs, +}; + +const struct sshkey_impl sshkey_ed25519_sk_cert_impl = { + /* .name = */ "sk-ssh-ed25519-cert-v01@openssh.com", + /* .shortname = */ "ED25519-SK-CERT", + /* .sigalg = */ NULL, + /* .type = */ KEY_ED25519_SK_CERT, + /* .nid = */ 0, + /* .cert = */ 1, + /* .sigonly = */ 0, + /* .keybits = */ 256, + /* .funcs = */ &sshkey_ed25519_sk_funcs, +};
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-ed25519.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-ed25519.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-ed25519.c,v 1.10 2022/08/26 08:12:56 djm Exp $ */ +/* $OpenBSD: ssh-ed25519.c,v 1.19 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2013 Markus Friedl <markus@openbsd.org> * @@ -32,9 +32,121 @@ #include "ssherr.h" #include "ssh.h" -int -ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static void +ssh_ed25519_cleanup(struct sshkey *k) +{ + freezero(k->ed25519_pk, ED25519_PK_SZ); + freezero(k->ed25519_sk, ED25519_SK_SZ); + k->ed25519_pk = NULL; + k->ed25519_sk = NULL; +} + +static int +ssh_ed25519_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a->ed25519_pk == NULL || b->ed25519_pk == NULL) + return 0; + if (memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) != 0) + return 0; + return 1; +} + +static int +ssh_ed25519_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->ed25519_pk == NULL) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_string(b, key->ed25519_pk, ED25519_PK_SZ)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if ((r = sshbuf_put_string(b, key->ed25519_pk, ED25519_PK_SZ)) != 0 || + (r = sshbuf_put_string(b, key->ed25519_sk, ED25519_SK_SZ)) != 0) + return r; + + return 0; +} + +static int +ssh_ed25519_generate(struct sshkey *k, int bits) +{ + if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL || + (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) + return SSH_ERR_ALLOC_FAIL; + crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); + return 0; +} + +static int +ssh_ed25519_copy_public(const struct sshkey *from, struct sshkey *to) +{ + if (from->ed25519_pk == NULL) + return 0; /* XXX SSH_ERR_INTERNAL_ERROR ? */ + if ((to->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(to->ed25519_pk, from->ed25519_pk, ED25519_PK_SZ); + return 0; +} + +static int +ssh_ed25519_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + u_char *pk = NULL; + size_t len = 0; + int r; + + if ((r = sshbuf_get_string(b, &pk, &len)) != 0) + return r; + if (len != ED25519_PK_SZ) { + freezero(pk, len); + return SSH_ERR_INVALID_FORMAT; + } + key->ed25519_pk = pk; + return 0; +} + +static int +ssh_ed25519_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + size_t sklen = 0; + u_char *ed25519_sk = NULL; + + if ((r = ssh_ed25519_deserialize_public(NULL, b, key)) != 0) + goto out; + if ((r = sshbuf_get_string(b, &ed25519_sk, &sklen)) != 0) + goto out; + if (sklen != ED25519_SK_SZ) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->ed25519_sk = ed25519_sk; + ed25519_sk = NULL; /* transferred */ + /* success */ + r = 0; + out: + freezero(ed25519_sk, sklen); + return r; +} + +static int +ssh_ed25519_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { u_char *sig = NULL; size_t slen = 0, len; @@ -89,10 +201,11 @@ return r; } -int +static int ssh_ed25519_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; char *ktype = NULL; @@ -105,11 +218,11 @@ if (key == NULL || sshkey_type_plain(key->type) != KEY_ED25519 || key->ed25519_pk == NULL || - datalen >= INT_MAX - crypto_sign_ed25519_BYTES || - signature == NULL || signaturelen == 0) + dlen >= INT_MAX - crypto_sign_ed25519_BYTES || + sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; - if ((b = sshbuf_from(signature, signaturelen)) == NULL) + if ((b = sshbuf_from(sig, siglen)) == NULL) return SSH_ERR_ALLOC_FAIL; if ((r = sshbuf_get_cstring(b, &ktype, NULL)) != 0 || (r = sshbuf_get_string_direct(b, &sigblob, &len)) != 0) @@ -126,23 +239,23 @@ r = SSH_ERR_INVALID_FORMAT; goto out; } - if (datalen >= SIZE_MAX - len) { + if (dlen >= SIZE_MAX - len) { r = SSH_ERR_INVALID_ARGUMENT; goto out; } - smlen = len + datalen; + smlen = len + dlen; mlen = smlen; if ((sm = malloc(smlen)) == NULL || (m = malloc(mlen)) == NULL) { r = SSH_ERR_ALLOC_FAIL; goto out; } memcpy(sm, sigblob, len); - memcpy(sm+len, data, datalen); + memcpy(sm+len, data, dlen); if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen, key->ed25519_pk)) != 0) { debug2_f("crypto_sign_ed25519_open failed: %d", ret); } - if (ret != 0 || mlen != datalen) { + if (ret != 0 || mlen != dlen) { r = SSH_ERR_SIGNATURE_INVALID; goto out; } @@ -158,3 +271,43 @@ free(ktype); return r; } + +/* NB. not static; used by ED25519-SK */ +const struct sshkey_impl_funcs sshkey_ed25519_funcs = { + /* .size = */ NULL, + /* .alloc = */ NULL, + /* .cleanup = */ ssh_ed25519_cleanup, + /* .equal = */ ssh_ed25519_equal,
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keygen.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keygen.0
Changed
@@ -278,6 +278,14 @@ suffixed with a Z character, which causes them to be interpreted in the UTC time zone. + When generating SSHFP DNS records from public keys using the -r + flag, the following options are accepted: + + hashalg=algorithm + Selects a hash algorithm to use when printing SSHFP + records using the -D flag. Valid algorithms are M-bM-^@M-^\sha1M-bM-^@M-^ + and M-bM-^@M-^\sha256M-bM-^@M-^. The default is to print both. + The -O option may be specified multiple times. -P passphrase @@ -899,4 +907,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.1 September 10, 2022 OpenBSD 7.1 +OpenBSD 7.2 February 10, 2023 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keygen.1 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keygen.1
Changed
@@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.226 2022/09/10 08:50:53 jsg Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.228 2023/02/10 06:40:48 jmc Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2022 $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -518,6 +518,21 @@ UTC time zone. .El .Pp +When generating SSHFP DNS records from public keys using the +.Fl r +flag, the following options are accepted: +.Bl -tag -width Ds +.It Cm hashalg Ns = Ns Ar algorithm +Selects a hash algorithm to use when printing SSHFP records using the +.Fl D +flag. +Valid algorithms are +.Dq sha1 +and +.Dq sha256 . +The default is to print both. +.El +.Pp The .Fl O option may be specified multiple times.
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keygen.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keygen.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.459 2022/08/11 01:56:51 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.466 2023/03/08 00:05:37 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -476,6 +476,7 @@ { struct sshkey *key = NULL; char *type, *cipher; + const char *alg = NULL; u_char e1, e2, e3, *sig = NULL, data = "abcde12345"; int r, rlen, ktype; u_int magic, i1, i2, i3, i4; @@ -584,6 +585,7 @@ if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0) fatal_fr(r, "generate RSA parameters"); BN_clear_free(rsa_iqmp); + alg = "rsa-sha2-256"; break; } rlen = sshbuf_len(b); @@ -592,10 +594,10 @@ /* try the key */ if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data), - NULL, NULL, NULL, 0)) != 0) + alg, NULL, NULL, 0)) != 0) error_fr(r, "signing with converted key failed"); else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data), - NULL, 0, NULL)) != 0) + alg, 0, NULL)) != 0) error_fr(r, "verification with converted key failed"); if (r != 0) { sshkey_free(key); @@ -1337,7 +1339,7 @@ unlink(tmp); fatal("fdopen: %s", strerror(oerrno)); } - fchmod(fd, sb.st_mode & 0644); + (void)fchmod(fd, sb.st_mode & 0644); inplace = 1; } /* XXX support identity_file == "-" for stdin */ @@ -1479,13 +1481,23 @@ */ static int do_print_resource_record(struct passwd *pw, char *fname, char *hname, - int print_generic) + int print_generic, char * const *opts, size_t nopts) { struct sshkey *public; char *comment = NULL; struct stat st; - int r; + int r, hash = -1; + size_t i; + for (i = 0; i < nopts; i++) { + if (strncasecmp(optsi, "hashalg=", 8) == 0) { + if ((hash = ssh_digest_alg_by_name(optsi + 8)) == -1) + fatal("Unsupported hash algorithm"); + } else { + error("Invalid option \"%s\"", optsi); + return SSH_ERR_INVALID_ARGUMENT; + } + } if (fname == NULL) fatal_f("no filename"); if (stat(fname, &st) == -1) { @@ -1495,7 +1507,7 @@ } if ((r = sshkey_load_public(fname, &public, &comment)) != 0) fatal_r(r, "Failed to read v2 public key from \"%s\"", fname); - export_dns_rr(hname, public, stdout, print_generic); + export_dns_rr(hname, public, stdout, print_generic, hash); sshkey_free(public); free(comment); return 1; @@ -1975,7 +1987,7 @@ cert_valid_to = parse_relative_time(to, now); else if (strcmp(to, "forever") == 0) cert_valid_to = ~(u_int64_t)0; - else if (strncmp(from, "0x", 2) == 0) + else if (strncmp(to, "0x", 2) == 0) parse_hex_u64(to, &cert_valid_to); else if (parse_absolute_time(to, &cert_valid_to) != 0) fatal("Invalid to time \"%s\"", to); @@ -3005,6 +3017,7 @@ } else if (strncmp(optsi, "start-line=", 11) == 0) { start_lineno = strtoul(optsi+11, NULL, 10); } else if (strncmp(optsi, "checkpoint=", 11) == 0) { + free(checkpoint); checkpoint = xstrdup(optsi+11); } else if (strncmp(optsi, "generator=", 10) == 0) { generator_wanted = (u_int32_t)strtonum( @@ -3043,6 +3056,9 @@ generator_wanted, checkpoint, start_lineno, lines_to_process) != 0) fatal("modulus screening failed"); + if (in != stdin) + (void)fclose(in); + free(checkpoint); #else /* WITH_OPENSSL */ fatal("Moduli screening is not supported"); #endif /* WITH_OPENSSL */ @@ -3544,7 +3560,6 @@ else fatal("Unsupported moduli option %s", optarg); break; - case '?': default: usage(); } @@ -3726,7 +3741,7 @@ if (have_identity) { n = do_print_resource_record(pw, identity_file, - rr_hostname, print_generic); + rr_hostname, print_generic, opts, nopts); if (n == 0) fatal("%s: %s", identity_file, strerror(errno)); exit(0); @@ -3734,19 +3749,19 @@ n += do_print_resource_record(pw, _PATH_HOST_RSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_DSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ECDSA_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_ED25519_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); n += do_print_resource_record(pw, _PATH_HOST_XMSS_KEY_FILE, rr_hostname, - print_generic); + print_generic, opts, nopts); if (n == 0) fatal("no keys found."); exit(0);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keyscan.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keyscan.0
Changed
@@ -4,8 +4,8 @@ ssh-keyscan M-bM-^@M-^S gather SSH public keys from servers SYNOPSIS - ssh-keyscan -46cDHv -f file -p port -T timeout -t type - host | addrlist namelist + ssh-keyscan -46cDHv -f file -O option -p port -T timeout + -t type host | addrlist namelist DESCRIPTION ssh-keyscan is a utility for gathering the public SSH host keys of a @@ -21,6 +21,10 @@ login access to the machines that are being scanned, nor does the scanning process involve any encryption. + Hosts to be scanned may be specified by hostname, address or by CIDR + network range (e.g. 192.168.16/28). If a network range is specified, + then all addresses in that range will be scanned. + The options are as follows: -4 Force ssh-keyscan to use IPv4 addresses only. @@ -35,14 +39,30 @@ -f file Read hosts or M-bM-^@M-^\addrlist namelistM-bM-^@M-^ pairs from file, one per line. If M-bM-^@M-^X-M-bM-^@M-^Y is supplied instead of a filename, ssh-keyscan will read - from the standard input. Input is expected in the format: + from the standard input. Names read from a file must start with + an address, hostname or CIDR network range to be scanned. + Addresses and hostnames may optionally be followed by comma- + separated name or address aliases that will be copied to the + output. For example: - 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 + 192.168.11.0/24 + 10.20.1.1 + happy.example.org + 10.0.0.1,sad.example.org -H Hash all hostnames and addresses in the output. Hashed names may be used normally by ssh(1) and sshd(8), but they do not reveal identifying information should the file's contents be disclosed. + -O option + Specify a key/value option. At present, only a single option is + supported: + + hashalg=algorithm + Selects a hash algorithm to use when printing SSHFP + records using the -D flag. Valid algorithms are M-bM-^@M-^\sha1M-bM-^@M-^ + and M-bM-^@M-^\sha256M-bM-^@M-^. The default is to print both. + -p port Connect to port on the remote host. @@ -77,6 +97,10 @@ $ ssh-keyscan -t rsa hostname + Search a network range, printing all supported key types: + + $ ssh-keyscan 192.168.0.64/25 + Find all hosts from the file ssh_hosts which have new or different keys from those in the sorted file ssh_known_hosts: @@ -94,4 +118,4 @@ Davison <wayned@users.sourceforge.net> added support for protocol version 2. -OpenBSD 7.1 June 3, 2022 OpenBSD 7.1 +OpenBSD 7.2 February 10, 2023 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keyscan.1 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keyscan.1
Changed
@@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.46 2022/06/03 04:00:15 dtucker Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.49 2023/02/10 06:41:53 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: June 3 2022 $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -16,6 +16,7 @@ .Nm ssh-keyscan .Op Fl 46cDHv .Op Fl f Ar file +.Op Fl O Ar option .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type @@ -44,6 +45,11 @@ login access to the machines that are being scanned, nor does the scanning process involve any encryption. .Pp +Hosts to be scanned may be specified by hostname, address or by CIDR +network range (e.g. 192.168.16/28). +If a network range is specified, then all addresses in that range will +be scanned. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 4 @@ -73,9 +79,16 @@ is supplied instead of a filename, .Nm will read from the standard input. -Input is expected in the format: +Names read from a file must start with an address, hostname or CIDR network +range to be scanned. +Addresses and hostnames may optionally be followed by comma-separated name +or address aliases that will be copied to the output. +For example: .Bd -literal -1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 +192.168.11.0/24 +10.20.1.1 +happy.example.org +10.0.0.1,sad.example.org .Ed .It Fl H Hash all hostnames and addresses in the output. @@ -85,6 +98,20 @@ .Xr sshd 8 , but they do not reveal identifying information should the file's contents be disclosed. +.It Fl O Ar option +Specify a key/value option. +At present, only a single option is supported: +.Bl -tag -width Ds +.It Cm hashalg Ns = Ns Ar algorithm +Selects a hash algorithm to use when printing SSHFP records using the +.Fl D +flag. +Valid algorithms are +.Dq sha1 +and +.Dq sha256 . +The default is to print both. +.El .It Fl p Ar port Connect to .Ar port @@ -138,6 +165,10 @@ .Pp .Dl $ ssh-keyscan -t rsa hostname .Pp +Search a network range, printing all supported key types: +.Pp +.Dl $ ssh-keyscan 192.168.0.64/25 +.Pp Find all hosts from the file .Pa ssh_hosts which have new or different keys from those in the sorted file
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keyscan.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keyscan.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.146 2022/08/19 04:02:46 dtucker Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.151 2023/02/10 06:41:53 jmc Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -40,6 +40,7 @@ #include "sshbuf.h" #include "sshkey.h" #include "cipher.h" +#include "digest.h" #include "kex.h" #include "compat.h" #include "myproposal.h" @@ -52,6 +53,7 @@ #include "ssherr.h" #include "ssh_api.h" #include "dns.h" +#include "addr.h" /* Flag indicating whether IPv4 or IPv6. This can be set on the command line. Default value is AF_UNSPEC means both IPv4 and IPv6. */ @@ -79,6 +81,8 @@ int found_one = 0; /* Successfully found a key */ +int hashalg = -1; /* Hash for SSHFP records or -1 for all */ + #define MAXMAXFD 256 /* The number of seconds after which to give up on a TCP connection */ @@ -313,7 +317,7 @@ found_one = 1; if (print_sshfp) { - export_dns_rr(host, key, stdout, 0); + export_dns_rr(host, key, stdout, 0, hashalg); return; } @@ -384,7 +388,7 @@ } static int -conalloc(char *iname, char *oname, int keytype) +conalloc(const char *iname, const char *oname, int keytype) { char *namebase, *name, *namelist; int s; @@ -492,7 +496,7 @@ /* * Read the server banner as per RFC4253 section 4.2. The "SSH-" - * protocol identification string may be preceeded by an arbitarily + * protocol identification string may be preceeded by an arbitrarily * large banner which we must read and ignore. Loop while reading * newline-terminated lines until we have one starting with "SSH-". * The ID string cannot be longer than 255 characters although the @@ -629,7 +633,7 @@ } static void -do_host(char *host) +do_one_host(char *host) { char *name = strnnsep(&host, " \t\n"); int j; @@ -645,6 +649,42 @@ } } +static void +do_host(char *host) +{ + char daddr128; + struct xaddr addr, end_addr; + u_int masklen; + + if (host == NULL) + return; + if (addr_pton_cidr(host, &addr, &masklen) != 0) { + /* Assume argument is a hostname */ + do_one_host(host); + } else { + /* Argument is a CIDR range */ + debug("CIDR range %s", host); + end_addr = addr; + if (addr_host_to_all1s(&end_addr, masklen) != 0) + goto badaddr; + /* + * Note: we deliberately include the all-zero/ones addresses. + */ + for (;;) { + if (addr_ntop(&addr, daddr, sizeof(daddr)) != 0) { + badaddr: + error("Invalid address %s", host); + return; + } + debug("CIDR expand: address %s", daddr); + do_one_host(daddr); + if (addr_cmp(&addr, &end_addr) == 0) + break; + addr_increment(&addr); + }; + } +} + void sshfatal(const char *file, const char *func, int line, int showfunc, LogLevel level, const char *suffix, const char *fmt, ...) @@ -661,9 +701,8 @@ usage(void) { fprintf(stderr, - "usage: %s -46cDHv -f file -p port -T timeout -t type\n" - "\t\t host | addrlist namelist\n", - __progname); + "usage: ssh-keyscan -46cDHv -f file -O option -p port -T timeout\n" + " -t type host | addrlist namelist\n"); exit(1); } @@ -689,7 +728,7 @@ if (argc <= 1) usage(); - while ((opt = getopt(argc, argv, "cDHv46p:T:t:f:")) != -1) { + while ((opt = getopt(argc, argv, "cDHv46O:p:T:t:f:")) != -1) { switch (opt) { case 'H': hash_hosts = 1; @@ -729,6 +768,14 @@ optarg = NULL; argvfopt_count++ = optarg; break; + case 'O': + /* Maybe other misc options in the future too */ + if (strncmp(optarg, "hashalg=", 8) != 0) + fatal("Unsupported -O option"); + if ((hashalg = ssh_digest_alg_by_name( + optarg + 8)) == -1) + fatal("Unsupported hash algorithm"); + break; case 't': get_keytypes = 0; tname = strtok(optarg, ","); @@ -770,7 +817,6 @@ case '6': IPv4or6 = AF_INET6; break; - case '?': default: usage(); }
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-keysign.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-keysign.0
Changed
@@ -49,4 +49,4 @@ AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 7.1 March 31, 2022 OpenBSD 7.1 +OpenBSD 7.2 March 31, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-pkcs11-helper.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-pkcs11-helper.0
Changed
@@ -32,4 +32,4 @@ AUTHORS Markus Friedl <markus@openbsd.org> -OpenBSD 7.1 April 29, 2022 OpenBSD 7.1 +OpenBSD 7.2 April 29, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-pkcs11.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-pkcs11.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-pkcs11.c,v 1.55 2021/11/18 21:11:01 djm Exp $ */ +/* $OpenBSD: ssh-pkcs11.c,v 1.56 2023/03/08 05:33:53 tb Exp $ */ /* * Copyright (c) 2010 Markus Friedl. All rights reserved. * Copyright (c) 2014 Pedro Martelletto. All rights reserved. @@ -523,7 +523,7 @@ BIGNUM *r = NULL, *s = NULL; if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) { - ossl_error("EC_KEY_get_key_method_data failed for ec"); + ossl_error("EC_KEY_get_ex_data failed for ec"); return (NULL); } @@ -545,7 +545,7 @@ goto done; } if (siglen < 64 || siglen > 132 || siglen % 2) { - ossl_error("d2i_ECDSA_SIG failed"); + error_f("bad signature length: %lu", (u_long)siglen); goto done; } bnlen = siglen/2; @@ -555,7 +555,7 @@ } if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL || (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) { - ossl_error("d2i_ECDSA_SIG failed"); + ossl_error("BN_bin2bn failed"); ECDSA_SIG_free(ret); ret = NULL; goto done;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-rsa.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-rsa.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-rsa.c,v 1.67 2018/07/03 11:39:54 djm Exp $ */ +/* $OpenBSD: ssh-rsa.c,v 1.79 2023/03/05 05:34:09 dtucker Exp $ */ /* * Copyright (c) 2000, 2003 Markus Friedl <markus@openbsd.org> * @@ -28,7 +28,6 @@ #include <string.h> #include "sshbuf.h" -#include "compat.h" #include "ssherr.h" #define SSHKEY_INTERNAL #include "sshkey.h" @@ -39,6 +38,234 @@ static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); +static u_int +ssh_rsa_size(const struct sshkey *key) +{ + const BIGNUM *rsa_n; + + if (key->rsa == NULL) + return 0; + RSA_get0_key(key->rsa, &rsa_n, NULL, NULL); + return BN_num_bits(rsa_n); +} + +static int +ssh_rsa_alloc(struct sshkey *k) +{ + if ((k->rsa = RSA_new()) == NULL) + return SSH_ERR_ALLOC_FAIL; + return 0; +} + +static void +ssh_rsa_cleanup(struct sshkey *k) +{ + RSA_free(k->rsa); + k->rsa = NULL; +} + +static int +ssh_rsa_equal(const struct sshkey *a, const struct sshkey *b) +{ + const BIGNUM *rsa_e_a, *rsa_n_a; + const BIGNUM *rsa_e_b, *rsa_n_b; + + if (a->rsa == NULL || b->rsa == NULL) + return 0; + RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL); + RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL); + if (rsa_e_a == NULL || rsa_e_b == NULL) + return 0; + if (rsa_n_a == NULL || rsa_n_b == NULL) + return 0; + if (BN_cmp(rsa_e_a, rsa_e_b) != 0) + return 0; + if (BN_cmp(rsa_n_a, rsa_n_b) != 0) + return 0; + return 1; +} + +static int +ssh_rsa_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *rsa_n, *rsa_e; + + if (key->rsa == NULL) + return SSH_ERR_INVALID_ARGUMENT; + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL); + if ((r = sshbuf_put_bignum2(b, rsa_e)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_n)) != 0) + return r; + + return 0; +} + +static int +ssh_rsa_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q; + + RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d); + RSA_get0_factors(key->rsa, &rsa_p, &rsa_q); + RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp); + + if (!sshkey_is_cert(key)) { + /* Note: can't reuse ssh_rsa_serialize_public: e, n vs. n, e */ + if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_e)) != 0) + return r; + } + if ((r = sshbuf_put_bignum2(b, rsa_d)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_p)) != 0 || + (r = sshbuf_put_bignum2(b, rsa_q)) != 0) + return r; + + return 0; +} + +static int +ssh_rsa_generate(struct sshkey *k, int bits) +{ + RSA *private = NULL; + BIGNUM *f4 = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE || + bits > SSHBUF_MAX_BIGNUM * 8) + return SSH_ERR_KEY_LENGTH; + if ((private = RSA_new()) == NULL || (f4 = BN_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!BN_set_word(f4, RSA_F4) || + !RSA_generate_key_ex(private, bits, f4, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + k->rsa = private; + private = NULL; + ret = 0; + out: + RSA_free(private); + BN_free(f4); + return ret; +} + +static int +ssh_rsa_copy_public(const struct sshkey *from, struct sshkey *to) +{ + const BIGNUM *rsa_n, *rsa_e; + BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL; + int r = SSH_ERR_INTERNAL_ERROR; + + RSA_get0_key(from->rsa, &rsa_n, &rsa_e, NULL); + if ((rsa_n_dup = BN_dup(rsa_n)) == NULL || + (rsa_e_dup = BN_dup(rsa_e)) == NULL) { + r = SSH_ERR_ALLOC_FAIL; + goto out; + } + if (!RSA_set0_key(to->rsa, rsa_n_dup, rsa_e_dup, NULL)) { + r = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_n_dup = rsa_e_dup = NULL; /* transferred */ + /* success */ + r = 0; + out: + BN_clear_free(rsa_n_dup); + BN_clear_free(rsa_e_dup); + return r; +} + +static int +ssh_rsa_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int ret = SSH_ERR_INTERNAL_ERROR; + BIGNUM *rsa_n = NULL, *rsa_e = NULL; + + if (sshbuf_get_bignum2(b, &rsa_e) != 0 || + sshbuf_get_bignum2(b, &rsa_n) != 0) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } + rsa_n = rsa_e = NULL; /* transferred */ + if ((ret = sshkey_check_rsa_length(key, 0)) != 0) + goto out; +#ifdef DEBUG_PK + RSA_print_fp(stderr, key->rsa, 8); +#endif + /* success */ + ret = 0; + out: + BN_clear_free(rsa_n); + BN_clear_free(rsa_e); + return ret; +} + +static int +ssh_rsa_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL; + BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL; +
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-sk-helper.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-sk-helper.0
Changed
@@ -31,4 +31,4 @@ AUTHORS Damien Miller <djm@openbsd.org> -OpenBSD 7.1 April 29, 2022 OpenBSD 7.1 +OpenBSD 7.2 April 29, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-sk-helper.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-sk-helper.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-sk-helper.c,v 1.13 2022/04/29 03:16:48 dtucker Exp $ */ +/* $OpenBSD: ssh-sk-helper.c,v 1.14 2022/12/04 11:03:11 dtucker Exp $ */ /* * Copyright (c) 2019 Google LLC * @@ -43,7 +43,6 @@ #include "sshbuf.h" #include "msg.h" #include "uidswap.h" -#include "sshkey.h" #include "ssherr.h" #include "ssh-sk.h"
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh-xmss.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh-xmss.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-xmss.c,v 1.5 2022/04/20 15:59:18 millert Exp $*/ +/* $OpenBSD: ssh-xmss.c,v 1.14 2022/10/28 00:44:44 djm Exp $*/ /* * Copyright (c) 2017 Stefan-Lukas Gazdag. * Copyright (c) 2017 Markus Friedl. @@ -37,9 +37,169 @@ #include "xmss_fast.h" -int -ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat) +static void +ssh_xmss_cleanup(struct sshkey *k) +{ + freezero(k->xmss_pk, sshkey_xmss_pklen(k)); + freezero(k->xmss_sk, sshkey_xmss_sklen(k)); + sshkey_xmss_free_state(k); + free(k->xmss_name); + free(k->xmss_filename); + k->xmss_pk = NULL; + k->xmss_sk = NULL; + k->xmss_name = NULL; + k->xmss_filename = NULL; +} + +static int +ssh_xmss_equal(const struct sshkey *a, const struct sshkey *b) +{ + if (a->xmss_pk == NULL || b->xmss_pk == NULL) + return 0; + if (sshkey_xmss_pklen(a) != sshkey_xmss_pklen(b)) + return 0; + if (memcmp(a->xmss_pk, b->xmss_pk, sshkey_xmss_pklen(a)) != 0) + return 0; + return 1; +} + +static int +ssh_xmss_serialize_public(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->xmss_name == NULL || key->xmss_pk == NULL || + sshkey_xmss_pklen(key) == 0) + return SSH_ERR_INVALID_ARGUMENT; + if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (r = sshbuf_put_string(b, key->xmss_pk, + sshkey_xmss_pklen(key))) != 0 || + (r = sshkey_xmss_serialize_pk_info(key, b, opts)) != 0) + return r; + + return 0; +} + +static int +ssh_xmss_serialize_private(const struct sshkey *key, struct sshbuf *b, + enum sshkey_serialize_rep opts) +{ + int r; + + if (key->xmss_name == NULL) + return SSH_ERR_INVALID_ARGUMENT; + /* Note: can't reuse ssh_xmss_serialize_public because of sk order */ + if ((r = sshbuf_put_cstring(b, key->xmss_name)) != 0 || + (r = sshbuf_put_string(b, key->xmss_pk, + sshkey_xmss_pklen(key))) != 0 || + (r = sshbuf_put_string(b, key->xmss_sk, + sshkey_xmss_sklen(key))) != 0 || + (r = sshkey_xmss_serialize_state_opt(key, b, opts)) != 0) + return r; + + return 0; +} + +static int +ssh_xmss_copy_public(const struct sshkey *from, struct sshkey *to) +{ + int r = SSH_ERR_INTERNAL_ERROR; + u_int32_t left; + size_t pklen; + + if ((r = sshkey_xmss_init(to, from->xmss_name)) != 0) + return r; + if (from->xmss_pk == NULL) + return 0; /* XXX SSH_ERR_INTERNAL_ERROR ? */ + + if ((pklen = sshkey_xmss_pklen(from)) == 0 || + sshkey_xmss_pklen(to) != pklen) + return SSH_ERR_INTERNAL_ERROR; + if ((to->xmss_pk = malloc(pklen)) == NULL) + return SSH_ERR_ALLOC_FAIL; + memcpy(to->xmss_pk, from->xmss_pk, pklen); + /* simulate number of signatures left on pubkey */ + left = sshkey_xmss_signatures_left(from); + if (left) + sshkey_xmss_enable_maxsign(to, left); + return 0; +} + +static int +ssh_xmss_deserialize_public(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + size_t len = 0; + char *xmss_name = NULL; + u_char *pk = NULL; + int ret = SSH_ERR_INTERNAL_ERROR; + + if ((ret = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0) + goto out; + if ((ret = sshkey_xmss_init(key, xmss_name)) != 0) + goto out; + if ((ret = sshbuf_get_string(b, &pk, &len)) != 0) + goto out; + if (len == 0 || len != sshkey_xmss_pklen(key)) { + ret = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->xmss_pk = pk; + pk = NULL; + if (!sshkey_is_cert(key) && + (ret = sshkey_xmss_deserialize_pk_info(key, b)) != 0) + goto out; + /* success */ + ret = 0; + out: + free(xmss_name); + freezero(pk, len); + return ret; +} + +static int +ssh_xmss_deserialize_private(const char *ktype, struct sshbuf *b, + struct sshkey *key) +{ + int r; + char *xmss_name = NULL; + size_t pklen = 0, sklen = 0; + u_char *xmss_pk = NULL, *xmss_sk = NULL; + + /* Note: can't reuse ssh_xmss_deserialize_public because of sk order */ + if ((r = sshbuf_get_cstring(b, &xmss_name, NULL)) != 0 || + (r = sshbuf_get_string(b, &xmss_pk, &pklen)) != 0 || + (r = sshbuf_get_string(b, &xmss_sk, &sklen)) != 0) + goto out; + if (!sshkey_is_cert(key) && + (r = sshkey_xmss_init(key, xmss_name)) != 0) + goto out; + if (pklen != sshkey_xmss_pklen(key) || + sklen != sshkey_xmss_sklen(key)) { + r = SSH_ERR_INVALID_FORMAT; + goto out; + } + key->xmss_pk = xmss_pk; + key->xmss_sk = xmss_sk; + xmss_pk = xmss_sk = NULL; + /* optional internal state */ + if ((r = sshkey_xmss_deserialize_state_opt(key, b)) != 0) + goto out; + /* success */ + r = 0; + out: + free(xmss_name); + freezero(xmss_pk, pklen); + freezero(xmss_sk, sklen); + return r; +} + +static int +ssh_xmss_sign(struct sshkey *key, + u_char **sigp, size_t *lenp, + const u_char *data, size_t datalen, + const char *alg, const char *sk_provider, const char *sk_pin, u_int compat) { u_char *sig = NULL; size_t slen = 0, len = 0, required_siglen; @@ -111,10 +271,11 @@ return r; } -int +static int ssh_xmss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat) + const u_char *sig, size_t siglen, + const u_char *data, size_t dlen, const char *alg, u_int compat, + struct sshkey_sig_details **detailsp) { struct sshbuf *b = NULL; char *ktype = NULL; @@ -128,14 +289,14 @@ sshkey_type_plain(key->type) != KEY_XMSS || key->xmss_pk == NULL || sshkey_xmss_params(key) == NULL || - signature == NULL || signaturelen == 0) + sig == NULL || siglen == 0)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh.0
Changed
@@ -264,6 +264,7 @@ ControlPath ControlPersist DynamicForward + EnableEscapeCommandline EscapeChar ExitOnForwardFailure FingerprintHash @@ -1014,4 +1015,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.1 September 17, 2022 OpenBSD 7.1 +OpenBSD 7.2 November 28, 2022 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh.1 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh.1
Changed
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.432 2022/09/17 10:33:18 djm Exp $ -.Dd $Mdocdate: September 17 2022 $ +.\" $OpenBSD: ssh.1,v 1.433 2022/11/28 01:37:36 djm Exp $ +.Dd $Mdocdate: November 28 2022 $ .Dt SSH 1 .Os .Sh NAME @@ -522,6 +522,7 @@ .It ControlPath .It ControlPersist .It DynamicForward +.It EnableEscapeCommandline .It EscapeChar .It ExitOnForwardFailure .It FingerprintHash
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh.c -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.576 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -251,6 +251,7 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) { char strportNI_MAXSERV; + const char *errstr = NULL; struct addrinfo hints, *res; int gaierr; LogLevel loglevel = SYSLOG_LEVEL_DEBUG1; @@ -276,7 +277,10 @@ return NULL; } if (cname != NULL && res->ai_canonname != NULL) { - if (strlcpy(cname, res->ai_canonname, clen) >= clen) { + if (!valid_domain(res->ai_canonname, 0, &errstr)) { + error("ignoring bad CNAME \"%s\" for host \"%s\": %s", + res->ai_canonname, name, errstr); + } else if (strlcpy(cname, res->ai_canonname, clen) >= clen) { error_f("host \"%s\" cname \"%s\" too long (max %lu)", name, res->ai_canonname, (u_long)clen); if (clen > 0) @@ -628,7 +632,7 @@ struct ssh *ssh = NULL; int i, r, opt, exit_status, use_syslog, direct, timeout_ms; int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0; - char *p, *cp, *line, *argv0, *logfile, *host_arg; + char *p, *cp, *line, *argv0, *logfile; char cnameNI_MAXHOST, thishostNI_MAXHOST; struct stat st; struct passwd *pw; @@ -679,7 +683,7 @@ * writable only by the owner, which is ok for all files for which we * don't set the modes explicitly. */ - umask(022); + umask(022 | umask(077)); msetlocale(); @@ -790,6 +794,7 @@ else if (strcmp(optarg, "key-plain") == 0) cp = sshkey_alg_list(0, 1, 0, '\n'); else if (strcmp(optarg, "key-sig") == 0 || + strcasecmp(optarg, "CASignatureAlgorithms") == 0 || strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */ strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 || strcasecmp(optarg, "HostKeyAlgorithms") == 0 || @@ -882,8 +887,7 @@ case 'V': fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSH_OPENSSL_VERSION); - if (opt == 'V') - exit(0); + exit(0); break; case 'w': if (options.tun_open == -1) @@ -1105,7 +1109,7 @@ if (!host) usage(); - host_arg = xstrdup(host); + options.host_arg = xstrdup(host); /* Initialize the command to execute on remote host. */ if ((command = sshbuf_new()) == NULL) @@ -1153,7 +1157,7 @@ logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION); /* Parse the configuration files */ - process_config_files(host_arg, pw, 0, &want_final_pass); + process_config_files(options.host_arg, pw, 0, &want_final_pass); if (want_final_pass) debug("configuration requests final Match pass"); @@ -1222,7 +1226,7 @@ debug("re-parsing configuration"); free(options.hostname); options.hostname = xstrdup(host); - process_config_files(host_arg, pw, 1, NULL); + process_config_files(options.host_arg, pw, 1, NULL); /* * Address resolution happens early with canonicalisation * enabled and the port number may have changed since, so @@ -1375,10 +1379,10 @@ xasprintf(&cinfo->uidstr, "%llu", (unsigned long long)pw->pw_uid); cinfo->keyalias = xstrdup(options.host_key_alias ? - options.host_key_alias : host_arg); + options.host_key_alias : options.host_arg); cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host, cinfo->portstr, options.user); - cinfo->host_arg = xstrdup(host_arg); + cinfo->host_arg = xstrdup(options.host_arg); cinfo->remhost = xstrdup(host); cinfo->remuser = xstrdup(options.user); cinfo->homedir = xstrdup(pw->pw_dir); @@ -1555,8 +1559,8 @@ timeout_ms = options.connection_timeout * 1000; /* Open a connection to the remote host. */ - if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port, - options.connection_attempts, + if (ssh_connect(ssh, host, options.host_arg, addrs, &hostaddr, + options.port, options.connection_attempts, &timeout_ms, options.tcp_keep_alive) != 0) exit(255); @@ -1577,9 +1581,11 @@ sensitive_data.nkeys = 0; sensitive_data.keys = NULL; if (options.hostbased_authentication) { + int loaded = 0; + sensitive_data.nkeys = 10; sensitive_data.keys = xcalloc(sensitive_data.nkeys, - sizeof(struct sshkey)); + sizeof(*sensitive_data.keys)); /* XXX check errors? */ #define L_PUBKEY(p,o) do { \ @@ -1587,18 +1593,22 @@ fatal_f("pubkey out of array bounds"); \ check_load(sshkey_load_public(p, &(sensitive_data.keyso), NULL), \ &(sensitive_data.keyso), p, "pubkey"); \ - if (sensitive_data.keyso != NULL) \ + if (sensitive_data.keyso != NULL) { \ debug2("hostbased key %d: %s key from \"%s\"", o, \ sshkey_ssh_name(sensitive_data.keyso), p); \ + loaded++; \ + } \ } while (0) #define L_CERT(p,o) do { \ if ((o) >= sensitive_data.nkeys) \ fatal_f("cert out of array bounds"); \ check_load(sshkey_load_cert(p, &(sensitive_data.keyso)), \ &(sensitive_data.keyso), p, "cert"); \ - if (sensitive_data.keyso != NULL) \ + if (sensitive_data.keyso != NULL) { \ debug2("hostbased key %d: %s cert from \"%s\"", o, \ sshkey_ssh_name(sensitive_data.keyso), p); \ + loaded++; \ + } \ } while (0) if (options.hostbased_authentication == 1) { @@ -1612,6 +1622,9 @@ L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7); L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8); L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); + if (loaded == 0) + debug("HostbasedAuthentication enabled but no " + "local public host keys could be loaded."); } } @@ -1842,7 +1855,7 @@ } static void -client_cleanup_stdio_fwd(struct ssh *ssh, int id, void *arg) +client_cleanup_stdio_fwd(struct ssh *ssh, int id, int force, void *arg) { debug("stdio forwarding: done"); cleanup_exit(0); @@ -2028,7 +2041,7 @@ char *proto = NULL, *data = NULL; if (!success) - return; /* No need for error message, channels code sens one */ + return; /* No need for error message, channels code sends one */ display = getenv("DISPLAY"); if (display == NULL && options.forward_x11)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh_config.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh_config.0
Changed
@@ -11,12 +11,12 @@ 2. user's configuration file (~/.ssh/config) 3. system-wide configuration file (/etc/ssh/ssh_config) - For each parameter, the first obtained value will be used. The - configuration files contain sections separated by Host specifications, - and that section is only applied for hosts that match one of the patterns - given in the specification. The matched host name is usually the one - given on the command line (see the CanonicalizeHostname option for - exceptions). + Unless noted otherwise, for each parameter, the first obtained value will + be used. The configuration files contain sections separated by Host + specifications, and that section is only applied for hosts that match one + of the patterns given in the specification. The matched host name is + usually the one given on the command line (see the CanonicalizeHostname + option for exceptions). Since the first obtained value for each parameter is used, more host- specific declarations should be given near the beginning of the file, and @@ -350,6 +350,11 @@ specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. + EnableEscapeCommandline + Enables the command line option in the EscapeChar menu for + interactive sessions (default M-bM-^@M-^X~CM-bM-^@M-^Y). By default, the command + line is disabled. + EnableSSHKeysign Setting this option to yes in the global client configuration file /etc/ssh/ssh_config enables the use of the helper program @@ -589,15 +594,17 @@ IdentityFile Specifies a file from which the user's DSA, ECDSA, authenticator- hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA - authentication identity is read. The default is ~/.ssh/id_rsa, - ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, - ~/.ssh/id_ed25519_sk and ~/.ssh/id_dsa. Additionally, any - identities represented by the authentication agent will be used - for authentication unless IdentitiesOnly is set. If no - certificates have been explicitly specified by CertificateFile, - ssh(1) will try to load certificate information from the filename - obtained by appending -cert.pub to the path of a specified - IdentityFile. + authentication identity is read. You can also specify a public + key file to use the corresponding private key that is loaded in + ssh-agent(1) when the private key file is not present locally. + The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, + ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and + ~/.ssh/id_dsa. Additionally, any identities represented by the + authentication agent will be used for authentication unless + IdentitiesOnly is set. If no certificates have been explicitly + specified by CertificateFile, ssh(1) will try to load certificate + information from the filename obtained by appending -cert.pub to + the path of a specified IdentityFile. Arguments to IdentityFile may use the tilde syntax to refer to a user's home directory or the tokens described in the TOKENS @@ -1177,8 +1184,9 @@ database, separated by whitespace. Each filename may use tilde notation to refer to the user's home directory, the tokens described in the TOKENS section and environment variables as - described in the ENVIRONMENT VARIABLES section. The default is - ~/.ssh/known_hosts, ~/.ssh/known_hosts2. + described in the ENVIRONMENT VARIABLES section. A value of none + causes ssh(1) to ignore any user-specific known hosts files. The + default is ~/.ssh/known_hosts, ~/.ssh/known_hosts2. VerifyHostKeyDNS Specifies whether to verify the remote key using DNS and SSHFP @@ -1315,4 +1323,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.1 September 17, 2022 OpenBSD 7.1 +OpenBSD 7.2 March 10, 2023 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/ssh_config.5 -> _service:tar_scm:openssh-9.3p1.tar.gz/ssh_config.5
Changed
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.374 2022/09/17 10:33:18 djm Exp $ -.Dd $Mdocdate: September 17 2022 $ +.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $ +.Dd $Mdocdate: March 10 2023 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -56,7 +56,7 @@ .Pq Pa /etc/ssh/ssh_config .El .Pp -For each parameter, the first obtained value +Unless noted otherwise, for each parameter, the first obtained value will be used. The configuration files contain sections separated by .Cm Host @@ -643,6 +643,12 @@ Multiple forwardings may be specified, and additional forwardings can be given on the command line. Only the superuser can forward privileged ports. +.It Cm EnableEscapeCommandline +Enables the command line option in the +.Cm EscapeChar +menu for interactive sessions (default +.Ql ~C ) . +By default, the command line is disabled. .It Cm EnableSSHKeysign Setting this option to .Cm yes @@ -1011,6 +1017,10 @@ .It Cm IdentityFile Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. +You can also specify a public key file to use the corresponding +private key that is loaded in +.Xr ssh-agent 1 +when the private key file is not present locally. The default is .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , @@ -1955,6 +1965,11 @@ section and environment variables as described in the .Sx ENVIRONMENT VARIABLES section. +A value of +.Cm none +causes +.Xr ssh 1 +to ignore any user-specific known hosts files. The default is .Pa ~/.ssh/known_hosts , .Pa ~/.ssh/known_hosts2 .
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshbuf.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sshbuf.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.c,v 1.18 2022/05/25 06:03:44 djm Exp $ */ +/* $OpenBSD: sshbuf.c,v 1.19 2022/12/02 04:40:27 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -15,7 +15,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define SSHBUF_INTERNAL #include "includes.h" #include <sys/types.h> @@ -25,9 +24,33 @@ #include <string.h> #include "ssherr.h" +#define SSHBUF_INTERNAL #include "sshbuf.h" #include "misc.h" +#ifdef SSHBUF_DEBUG +# define SSHBUF_TELL(what) do { \ + printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ + __FILE__, __LINE__, __func__, what, \ + buf->size, buf->alloc, buf->off, buf->max_size); \ + fflush(stdout); \ + } while (0) +#else +# define SSHBUF_TELL(what) +#endif + +struct sshbuf { + u_char *d; /* Data */ + const u_char *cd; /* Const data */ + size_t off; /* First available byte is buf->d + buf->off */ + size_t size; /* Last byte is buf->d + buf->size - 1 */ + size_t max_size; /* Maximum size of buffer */ + size_t alloc; /* Total bytes allocated to buf->d */ + int readonly; /* Refers to external, const data */ + u_int refcount; /* Tracks self and number of child buffers */ + struct sshbuf *parent; /* If child, pointer to parent */ +}; + static inline int sshbuf_check_sanity(const struct sshbuf *buf) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshbuf.h -> _service:tar_scm:openssh-9.3p1.tar.gz/sshbuf.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshbuf.h,v 1.27 2022/05/25 06:03:44 djm Exp $ */ +/* $OpenBSD: sshbuf.h,v 1.28 2022/12/02 04:40:27 djm Exp $ */ /* * Copyright (c) 2011 Damien Miller * @@ -33,22 +33,7 @@ #define SSHBUF_MAX_BIGNUM (16384 / 8) /* Max bignum *bytes* */ #define SSHBUF_MAX_ECPOINT ((528 * 2 / 8) + 1) /* Max EC point *bytes* */ -/* - * NB. do not depend on the internals of this. It will be made opaque - * one day. - */ -struct sshbuf { - u_char *d; /* Data */ - const u_char *cd; /* Const data */ - size_t off; /* First available byte is buf->d + buf->off */ - size_t size; /* Last byte is buf->d + buf->size - 1 */ - size_t max_size; /* Maximum size of buffer */ - size_t alloc; /* Total bytes allocated to buf->d */ - int readonly; /* Refers to external, const data */ - int dont_free; /* Kludge to support sshbuf_init */ - u_int refcount; /* Tracks self and number of child buffers */ - struct sshbuf *parent; /* If child, pointer to parent */ -}; +struct sshbuf; /* * Create a new sshbuf buffer. @@ -394,12 +379,6 @@ # endif # ifdef SSHBUF_DEBUG -# define SSHBUF_TELL(what) do { \ - printf("%s:%d %s: %s size %zu alloc %zu off %zu max %zu\n", \ - __FILE__, __LINE__, __func__, what, \ - buf->size, buf->alloc, buf->off, buf->max_size); \ - fflush(stdout); \ - } while (0) # define SSHBUF_DBG(x) do { \ printf("%s:%d %s: ", __FILE__, __LINE__, __func__); \ printf x; \ @@ -407,7 +386,6 @@ fflush(stdout); \ } while (0) # else -# define SSHBUF_TELL(what) # define SSHBUF_DBG(x) # endif #endif /* SSHBUF_INTERNAL */
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshconnect.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sshconnect.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.358 2022/08/26 08:16:27 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -54,7 +54,6 @@ #include "ssh.h" #include "sshbuf.h" #include "packet.h" -#include "compat.h" #include "sshkey.h" #include "sshconnect.h" #include "log.h" @@ -364,7 +363,7 @@ error("socket: %s", strerror(errno)); return -1; } - fcntl(sock, F_SETFD, FD_CLOEXEC); + (void)fcntl(sock, F_SETFD, FD_CLOEXEC); /* Use interactive QOS (if specified) until authentication completed */ if (options.ip_qos_interactive != INT_MAX) @@ -935,7 +934,7 @@ char *ip = NULL, *host = NULL; char hostline1000, *hostp, *fp, *ra; char msg1024; - const char *type, *fail_reason; + const char *type, *fail_reason = NULL; const struct hostkey_entry *host_found = NULL, *ip_found = NULL; int len, cancelled_forwarding = 0, confirmed; int local = sockaddr_is_local(hostaddr); @@ -961,6 +960,17 @@ } /* + * Don't ever try to write an invalid name to a known hosts file. + * Note: do this before get_hostfile_hostname_ipaddr() to catch + * '' or '' in the name before they are added. + */ + if (strcspn(hostname, "@?*#|'\'\"\\") != strlen(hostname)) { + debug_f("invalid hostname \"%s\"; will not record: %s", + hostname, fail_reason); + readonly = RDONLY; + } + + /* * Prepare the hostname and address strings used for hostkey lookup. * In some cases, these will have a port number appended. */ @@ -1265,8 +1275,11 @@ } /* The host key has changed. */ warn_changed_key(host_key); - error("Add correct host key in %.100s to get rid of this message.", - user_hostfiles0); + if (num_user_hostfiles > 0 || num_system_hostfiles > 0) { + error("Add correct host key in %.100s to get rid " + "of this message.", num_user_hostfiles > 0 ? + user_hostfiles0 : system_hostfiles0); + } error("Offending %s key in %s:%lu", sshkey_type(host_found->key), host_found->file, host_found->line);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshconnect2.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sshconnect2.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.361 2022/09/17 10:33:18 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.366 2023/03/09 07:11:05 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -56,7 +56,6 @@ #include "cipher.h" #include "sshkey.h" #include "kex.h" -#include "myproposal.h" #include "sshconnect.h" #include "authfile.h" #include "dh.h" @@ -221,15 +220,18 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, const struct ssh_conn_info *cinfo) { - char *myproposalPROPOSAL_MAX = { KEX_CLIENT }; - char *s, *all_key; - char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; + char *myproposalPROPOSAL_MAX; + char *s, *all_key, *hkalgs = NULL; int r, use_known_hosts_order = 0; xxx_host = host; xxx_hostaddr = hostaddr; xxx_conn_info = cinfo; + if (options.rekey_limit || options.rekey_interval) + ssh_packet_set_rekey_limits(ssh, options.rekey_limit, + options.rekey_interval); + /* * If the user has not specified HostkeyAlgorithms, or has only * appended or removed algorithms from that list then prefer algorithms @@ -249,29 +251,15 @@ if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) fatal_f("kex_names_cat"); - myproposalPROPOSAL_KEX_ALGS = prop_kex = compat_kex_proposal(ssh, s); - myproposalPROPOSAL_ENC_ALGS_CTOS = - myproposalPROPOSAL_ENC_ALGS_STOC = prop_enc = - compat_cipher_proposal(ssh, options.ciphers); - myproposalPROPOSAL_COMP_ALGS_CTOS = - myproposalPROPOSAL_COMP_ALGS_STOC = - (char *)compression_alg_list(options.compression); - myproposalPROPOSAL_MAC_ALGS_CTOS = - myproposalPROPOSAL_MAC_ALGS_STOC = options.macs; - if (use_known_hosts_order) { - /* Query known_hosts and prefer algorithms that appear there */ - myproposalPROPOSAL_SERVER_HOST_KEY_ALGS = prop_hostkey = - compat_pkalg_proposal(ssh, - order_hostkeyalgs(host, hostaddr, port, cinfo)); - } else { - /* Use specified HostkeyAlgorithms exactly */ - myproposalPROPOSAL_SERVER_HOST_KEY_ALGS = prop_hostkey = - compat_pkalg_proposal(ssh, options.hostkeyalgorithms); - } - if (options.rekey_limit || options.rekey_interval) - ssh_packet_set_rekey_limits(ssh, options.rekey_limit, - options.rekey_interval); + if (use_known_hosts_order) + hkalgs = order_hostkeyalgs(host, hostaddr, port, cinfo); + + kex_proposal_populate_entries(ssh, myproposal, s, options.ciphers, + options.macs, compression_alg_list(options.compression), + hkalgs ? hkalgs : options.hostkeyalgorithms); + + free(hkalgs); /* start key exchange */ if ((r = kex_setup(ssh, myproposal)) != 0) @@ -295,6 +283,7 @@ ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done); /* remove ext-info from the KEX proposals for rekeying */ + free(myproposalPROPOSAL_KEX_ALGS); myproposalPROPOSAL_KEX_ALGS = compat_kex_proposal(ssh, options.kex_algorithms); if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) @@ -308,10 +297,7 @@ (r = ssh_packet_write_wait(ssh)) != 0) fatal_fr(r, "send packet"); #endif - /* Free only parts of proposal that were dynamically allocated here. */ - free(prop_kex); - free(prop_enc); - free(prop_hostkey); + kex_proposal_free_entries(myproposal); } /* @@ -506,7 +492,6 @@ } } -/* ARGSUSED */ static int input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh) { @@ -538,7 +523,6 @@ return r; } -/* ARGSUSED */ static int input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) { @@ -583,7 +567,6 @@ } } -/* ARGSUSED */ static int input_userauth_error(int type, u_int32_t seq, struct ssh *ssh) { @@ -591,7 +574,6 @@ return 0; } -/* ARGSUSED */ static int input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh) { @@ -611,7 +593,6 @@ return r; } -/* ARGSUSED */ static int input_userauth_success(int type, u_int32_t seq, struct ssh *ssh) { @@ -644,7 +625,6 @@ } #endif -/* ARGSUSED */ static int input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh) { @@ -705,7 +685,6 @@ return ret; } -/* ARGSUSED */ static int input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh) { @@ -913,7 +892,6 @@ return status; } -/* ARGSUSED */ static int input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh) { @@ -958,7 +936,6 @@ return r; } -/* ARGSUSED */ static int input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh) { @@ -991,7 +968,6 @@ return r; } -/* ARGSUSED */ static int input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh) { @@ -1026,7 +1002,6 @@ return 0; } -/* ARGSUSED */ static int input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) { @@ -1104,7 +1079,6 @@ /* * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST */ -/* ARGSUSED */ static int input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh) { @@ -1875,20 +1849,6 @@ } static int -try_identity(struct ssh *ssh, Identity *id) -{ - if (!id->key) - return (0); - if (sshkey_type_plain(id->key->type) == KEY_RSA && - (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshd.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/sshd.0
Changed
@@ -4,7 +4,7 @@ sshd M-bM-^@M-^S OpenSSH daemon SYNOPSIS - sshd -46DdeiqTt -C connection_spec -c host_certificate_file + sshd -46DdeGiqTtV -C connection_spec -c host_certificate_file -E log_file -f config_file -g login_grace_time -h host_key_file -o option -p port -u len @@ -67,6 +67,12 @@ /etc/ssh/sshd_config. sshd refuses to start if there is no configuration file. + -G Parse and print configuration file. Check the validity of the + configuration file, output the effective configuration to stdout + and then exit. Optionally, Match rules may be applied by + specifying the connection parameters using one or more -C + options. + -g login_grace_time Gives the grace time for clients to authenticate themselves (default 120 seconds). If the client fails to authenticate the @@ -103,7 +109,9 @@ -T Extended test mode. Check the validity of the configuration file, output the effective configuration to stdout and then exit. Optionally, Match rules may be applied by specifying the - connection parameters using one or more -C options. + connection parameters using one or more -C options. This is + similar to the -G flag, but it includes the additional testing + performed by the -t flag. -t Test mode. Only check the validity of the configuration file and sanity of the keys. This is useful for updating sshd reliably as @@ -123,6 +131,8 @@ that require DNS include using a USER@HOST pattern in AllowUsers or DenyUsers. + -V Display the version number and exit. + AUTHENTICATION The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a host-specific key, used to identify the host. Whenever a client @@ -673,4 +683,4 @@ versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 7.1 September 11, 2022 OpenBSD 7.1 +OpenBSD 7.2 February 10, 2023 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshd.8 -> _service:tar_scm:openssh-9.3p1.tar.gz/sshd.8
Changed
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.321 2022/09/11 06:38:11 jmc Exp $ -.Dd $Mdocdate: September 11 2022 $ +.\" $OpenBSD: sshd.8,v 1.324 2023/02/10 06:39:27 jmc Exp $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSHD 8 .Os .Sh NAME @@ -43,7 +43,7 @@ .Sh SYNOPSIS .Nm sshd .Bk -words -.Op Fl 46DdeiqTt +.Op Fl 46DdeGiqTtV .Op Fl C Ar connection_spec .Op Fl c Ar host_certificate_file .Op Fl E Ar log_file @@ -154,6 +154,15 @@ .Pa /etc/ssh/sshd_config . .Nm refuses to start if there is no configuration file. +.It Fl G +Parse and print configuration file. +Check the validity of the configuration file, output the effective configuration +to stdout and then exit. +Optionally, +.Cm Match +rules may be applied by specifying the connection parameters using one or more +.Fl C +options. .It Fl g Ar login_grace_time Gives the grace time for clients to authenticate themselves (default 120 seconds). @@ -208,6 +217,11 @@ rules may be applied by specifying the connection parameters using one or more .Fl C options. +This is similar to the +.Fl G +flag, but it includes the additional testing performed by the +.Fl t +flag. .It Fl t Test mode. Only check the validity of the configuration file and sanity of the keys. @@ -245,6 +259,8 @@ .Cm AllowUsers or .Cm DenyUsers . +.It Fl V +Display the version number and exit. .El .Sh AUTHENTICATION The OpenSSH SSH daemon supports SSH protocol 2 only.
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshd.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sshd.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.591 2022/09/17 10:34:29 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.600 2023/03/08 04:43:12 guenther Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -104,7 +104,6 @@ #include "digest.h" #include "sshkey.h" #include "kex.h" -#include "myproposal.h" #include "authfile.h" #include "pathnames.h" #include "atomicio.h" @@ -295,7 +294,6 @@ * the server key). */ -/*ARGSUSED*/ static void sighup_handler(int sig) { @@ -325,7 +323,6 @@ /* * Generic signal handler for terminating signals in the master daemon. */ -/*ARGSUSED*/ static void sigterm_handler(int sig) { @@ -336,7 +333,6 @@ * SIGCHLD handler. This is called whenever a child dies. This will then * reap any zombies left by exited children. */ -/*ARGSUSED*/ static void main_sigchld_handler(int sig) { @@ -353,7 +349,6 @@ /* * Signal handler for the alarm after the login grace period has expired. */ -/*ARGSUSED*/ static void grace_alarm_handler(int sig) { @@ -901,7 +896,7 @@ { fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSH_OPENSSL_VERSION); fprintf(stderr, -"usage: sshd -46DdeiqTt -C connection_spec -c host_cert_file\n" +"usage: sshd -46DdeGiqTtV -C connection_spec -c host_cert_file\n" " -E log_file -f config_file -g login_grace_time\n" " -h host_key_file -o option -p port -u len\n" ); @@ -937,14 +932,10 @@ * string filename * string contents * } - * string rng_seed (if required) */ if ((r = sshbuf_put_stringb(m, conf)) != 0 || (r = sshbuf_put_stringb(m, inc)) != 0) fatal_fr(r, "compose config"); -#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_send_rng_seed(m); -#endif if (ssh_msg_send(fd, 0, m) == -1) error_f("ssh_msg_send failed"); @@ -977,10 +968,6 @@ (r = sshbuf_get_stringb(m, inc)) != 0) fatal_fr(r, "parse config"); -#if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY) - rexec_recv_rng_seed(m); -#endif - if (conf != NULL && (r = sshbuf_put(conf, cp, len))) fatal_fr(r, "sshbuf_put"); @@ -1514,7 +1501,7 @@ if ((buf = sshbuf_new()) == NULL) fatal_f("could not allocate buffer"); if ((r = sshkey_private_serialize(key, buf)) != 0) - fatal_fr(r, "decode key"); + fatal_fr(r, "encode %s key", sshkey_ssh_name(key)); if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0) fatal_f("ssh_digest_update"); sshbuf_reset(buf); @@ -1532,6 +1519,21 @@ return ret; } +static void +print_config(struct ssh *ssh, struct connection_info *connection_info) +{ + /* + * If no connection info was provided by -C then use + * use a blank one that will cause no predicate to match. + */ + if (connection_info == NULL) + connection_info = get_connection_info(ssh, 0, 0); + connection_info->test = 1; + parse_server_match_config(&options, &includes, connection_info); + dump_config(&options); + exit(0); +} + /* * Main program for the daemon. */ @@ -1541,7 +1543,7 @@ struct ssh *ssh = NULL; extern char *optarg; extern int optind; - int r, opt, on = 1, already_daemon, remote_port; + int r, opt, on = 1, do_dump_cfg = 0, already_daemon, remote_port; int sock_in = -1, sock_out = -1, newsock = -1; const char *remote_ip, *rdomain; char *fp, *line, *laddr, *logfile = NULL; @@ -1554,12 +1556,16 @@ int keytype; Authctxt *authctxt; struct connection_info *connection_info = NULL; + sigset_t sigmask; #ifdef HAVE_SECUREWARE (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av0); + sigemptyset(&sigmask); + sigprocmask(SIG_SETMASK, &sigmask, NULL); + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; @@ -1580,14 +1586,12 @@ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); - seed_rng(); - /* Initialize configuration options to their default values. */ initialize_server_options(&options); /* Parse command-line arguments. */ while ((opt = getopt(ac, av, - "C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrt")) != -1) { + "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) { switch (opt) { case '4': options.address_family = AF_INET; @@ -1612,6 +1616,9 @@ case 'D': no_daemon_flag = 1; break; + case 'G': + do_dump_cfg = 1; + break; case 'E': logfile = optarg; /* FALLTHROUGH */ @@ -1688,7 +1695,10 @@ exit(1); free(line); break; - case '?': + case 'V': + fprintf(stderr, "%s, %s\n", + SSH_VERSION, SSH_OPENSSL_VERSION); + exit(0); default: usage(); break; @@ -1696,13 +1706,15 @@ } if (rexeced_flag || inetd_flag) rexec_flag = 0; - if (!test_flag && rexec_flag && !path_absolute(av0)) + if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av0)) fatal("sshd re-exec requires execution with an absolute path"); if (rexeced_flag) closefrom(REEXEC_MIN_FREE_FD); else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); + seed_rng(); + /* If requested, redirect the logs to the specified logfile. */ if (logfile != NULL) log_redirect_stderr_to(logfile); @@ -1800,6 +1812,9 @@ debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION); + if (do_dump_cfg) + print_config(ssh, connection_info); +
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshd_config -> _service:tar_scm:openssh-9.3p1.tar.gz/sshd_config
Changed
@@ -75,7 +75,7 @@ # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass -# the setting of "PermitRootLogin without-password". +# the setting of "PermitRootLogin prohibit-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'.
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshd_config.0 -> _service:tar_scm:openssh-9.3p1.tar.gz/sshd_config.0
Changed
@@ -6,10 +6,10 @@ DESCRIPTION sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file specified with -f on the command line). The file contains keyword- - argument pairs, one per line. For each keyword, the first obtained value - will be used. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as - comments. Arguments may optionally be enclosed in double quotes (") in - order to represent arguments containing spaces. + argument pairs, one per line. Unless noted otherwise, for each keyword, + the first obtained value will be used. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty + lines are interpreted as comments. Arguments may optionally be enclosed + in double quotes (") in order to represent arguments containing spaces. The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): @@ -49,6 +49,8 @@ following order: DenyGroups, AllowGroups. See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. AllowStreamLocalForwarding Specifies whether StreamLocal (Unix-domain socket) forwarding is @@ -82,6 +84,8 @@ processed in the following order: DenyUsers, AllowUsers. See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. AuthenticationMethods Specifies the authentication methods that must be successfully @@ -222,6 +226,62 @@ Certificates signed using other algorithms will not be accepted for public key or host-based authentication. + ChannelTimeout + Specifies whether and how quickly sshd(8) should close inactive + channels. Timeouts are specified as one or more M-bM-^@M-^\type=intervalM-bM-^@M-^ + pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^ must be a channel + type name (as described in the table below), optionally + containing wildcard characters. + + The timeout value M-bM-^@M-^\intervalM-bM-^@M-^ is specified in seconds or may use + any of the units documented in the TIME FORMATS section. For + example, M-bM-^@M-^\session:*=5mM-bM-^@M-^ would cause all sessions to terminate + after five minutes of inactivity. Specifying a zero value + disables the inactivity timeout. + + The available channel types include: + + agent-connection + Open connections to ssh-agent(1). + + direct-tcpip, direct-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established from a ssh(1) local forwarding, + i.e. LocalForward or DynamicForward. + + forwarded-tcpip, forwarded-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established to a sshd(8) listening on behalf of + a ssh(1) remote forwarding, i.e. RemoteForward. + + session:command + Command execution sessions. + + session:shell + Interactive shell sessions. + + session:subsystem:... + Subsystem sessions, e.g. for sftp(1), which could be + identified as session:subsystem:sftp. + + x11-connection + Open X11 forwarding sessions. + + Note that in all the above cases, terminating an inactive session + does not guarantee to remove all resources associated with the + session, e.g. shell processes or X11 clients relating to the + session may continue to execute. + + Moreover, terminating an inactive channel or session does not + necessarily close the SSH connection, nor does it prevent a + client from requesting another channel of the same type. In + particular, expiring an inactive forwarding session does not + prevent another identical forwarding from being subsequently + created. See also UnusedConnectionTimeout, which may be used in + conjunction with this option. + + The default is not to expire channels of any type for inactivity. + ChrootDirectory Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all @@ -321,6 +381,8 @@ order: DenyGroups, AllowGroups. See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. DenyUsers This keyword can be followed by a list of user name patterns, @@ -335,6 +397,8 @@ following order: DenyUsers, AllowUsers. See PATTERNS in ssh_config(5) for more information on patterns. + This keyword may appear multiple times in sshd_config with each + instance appending to the list. DisableForwarding Disables all forwarding features, including X11, ssh-agent(1), @@ -706,7 +770,7 @@ AuthorizedKeysCommand, AuthorizedKeysCommandUser, AuthorizedKeysFile, AuthorizedPrincipalsCommand, AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, - Banner, CASignatureAlgorithms, ChrootDirectory, + Banner, CASignatureAlgorithms, ChannelTimeout, ChrootDirectory, ClientAliveCountMax, ClientAliveInterval, DenyGroups, DenyUsers, DisableForwarding, ExposeAuthInfo, ForceCommand, GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedAlgorithms, @@ -718,7 +782,8 @@ PermitUserRC, PubkeyAcceptedAlgorithms, PubkeyAuthentication, PubkeyAuthOptions, RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, - X11DisplayOffset, X11Forwarding and X11UseLocalhost. + UnusedConnectionTimeout, X11DisplayOffset, X11Forwarding and + X11UseLocalhost. MaxAuthTries Specifies the maximum number of authentication attempts permitted @@ -1058,6 +1123,27 @@ TrustedUserCAKeys. For more details on certificates, see the CERTIFICATES section in ssh-keygen(1). + UnusedConnectionTimeout + Specifies whether and how quickly sshd(8) should close client + connections with no open channels. Open channels include active + shell, command execution or subsystem sessions, connected + network, socket, agent or X11 forwardings. Forwarding listeners, + such as those from the ssh(1) -R flag, are not considered as open + channels and do not prevent the timeout. The timeout value is + specified in seconds or may use any of the units documented in + the TIME FORMATS section. + + Note that this timeout starts when the client connection + completes user authentication but before the client has an + opportunity to open any channels. Caution should be used when + using short timeout values, as they may not provide sufficient + time for the client to request and open its channels before + terminating the connection. + + The default none is to never expire connections for having no + open channels. This option may be useful in conjunction with + ChannelTimeout. + UseDNS Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. @@ -1197,4 +1283,4 @@ versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. -OpenBSD 7.1 September 17, 2022 OpenBSD 7.1 +OpenBSD 7.2 March 3, 2023 OpenBSD 7.2
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshd_config.5 -> _service:tar_scm:openssh-9.3p1.tar.gz/sshd_config.5
Changed
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.343 2022/09/17 10:34:29 djm Exp $ -.Dd $Mdocdate: September 17 2022 $ +.\" $OpenBSD: sshd_config.5,v 1.348 2023/03/03 04:36:20 djm Exp $ +.Dd $Mdocdate: March 3 2023 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -48,7 +48,7 @@ .Fl f on the command line). The file contains keyword-argument pairs, one per line. -For each keyword, the first obtained value will be used. +Unless noted otherwise, for each keyword, the first obtained value will be used. Lines starting with .Ql # and empty lines are interpreted as comments. @@ -120,6 +120,9 @@ See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm AllowStreamLocalForwarding Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. The available options are @@ -177,6 +180,9 @@ See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. @@ -395,6 +401,75 @@ .Pp Certificates signed using other algorithms will not be accepted for public key or host-based authentication. +.It Cm ChannelTimeout +Specifies whether and how quickly +.Xr sshd 8 +should close inactive channels. +Timeouts are specified as one or more +.Dq type=interval +pairs separated by whitespace, where the +.Dq type +must be a channel type name (as described in the table below), optionally +containing wildcard characters. +.Pp +The timeout value +.Dq interval +is specified in seconds or may use any of the units documented in the +.Sx TIME FORMATS +section. +For example, +.Dq session:*=5m +would cause all sessions to terminate after five minutes of inactivity. +Specifying a zero value disables the inactivity timeout. +.Pp +The available channel types include: +.Bl -tag -width Ds +.It Cm agent-connection +Open connections to +.Xr ssh-agent 1 . +.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com +Open TCP or Unix socket (respectively) connections that have +been established from a +.Xr ssh 1 +local forwarding, i.e.\& +.Cm LocalForward +or +.Cm DynamicForward . +.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com +Open TCP or Unix socket (respectively) connections that have been +established to a +.Xr sshd 8 +listening on behalf of a +.Xr ssh 1 +remote forwarding, i.e.\& +.Cm RemoteForward . +.It Cm session:command +Command execution sessions. +.It Cm session:shell +Interactive shell sessions. +.It Cm session:subsystem:... +Subsystem sessions, e.g. for +.Xr sftp 1 , +which could be identified as +.Cm session:subsystem:sftp . +.It Cm x11-connection +Open X11 forwarding sessions. +.El +.Pp +Note that in all the above cases, terminating an inactive session does not +guarantee to remove all resources associated with the session, e.g. shell +processes or X11 clients relating to the session may continue to execute. +.Pp +Moreover, terminating an inactive channel or session does not necessarily +close the SSH connection, nor does it prevent a client from +requesting another channel of the same type. +In particular, expiring an inactive forwarding session does not prevent +another identical forwarding from being subsequently created. +See also +.Cm UnusedConnectionTimeout , +which may be used in conjunction with this option. +.Pp +The default is not to expire channels of any type for inactivity. .It Cm ChrootDirectory Specifies the pathname of a directory to .Xr chroot 2 @@ -560,6 +635,9 @@ See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm DenyUsers This keyword can be followed by a list of user name patterns, separated by spaces. @@ -578,6 +656,9 @@ See PATTERNS in .Xr ssh_config 5 for more information on patterns. +This keyword may appear multiple times in +.Nm +with each instance appending to the list. .It Cm DisableForwarding Disables all forwarding features, including X11, .Xr ssh-agent 1 , @@ -1190,6 +1271,7 @@ .Cm AuthorizedPrincipalsFile , .Cm Banner , .Cm CASignatureAlgorithms , +.Cm ChannelTimeout , .Cm ChrootDirectory , .Cm ClientAliveCountMax , .Cm ClientAliveInterval , @@ -1229,6 +1311,7 @@ .Cm StreamLocalBindMask , .Cm StreamLocalBindUnlink , .Cm TrustedUserCAKeys , +.Cm UnusedConnectionTimeout , .Cm X11DisplayOffset , .Cm X11Forwarding and @@ -1745,6 +1828,33 @@ .Cm TrustedUserCAKeys . For more details on certificates, see the CERTIFICATES section in .Xr ssh-keygen 1 . +.It Cm UnusedConnectionTimeout +Specifies whether and how quickly +.Xr sshd 8 +should close client connections with no open channels. +Open channels include active shell, command execution or subsystem +sessions, connected network, socket, agent or X11 forwardings. +Forwarding listeners, such as those from the +.Xr ssh 1 +.Fl R +flag, are not considered as open channels and do not prevent the timeout. +The timeout value +is specified in seconds or may use any of the units documented in the +.Sx TIME FORMATS +section. +.Pp +Note that this timeout starts when the client connection completes +user authentication but before the client has an opportunity to open any +channels. +Caution should be used when using short timeout values, as they may not +provide sufficient time for the client to request and open its channels +before terminating the connection. +.Pp +The default +.Cm none +is to never expire connections for having no open channels. +This option may be useful in conjunction with +.Cm ChannelTimeout . .It Cm UseDNS Specifies whether .Xr sshd 8
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshkey-xmss.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sshkey-xmss.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.c,v 1.11 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: sshkey-xmss.c,v 1.12 2022/10/28 00:39:29 djm Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -365,7 +365,7 @@ } int -sshkey_xmss_generate_private_key(struct sshkey *k, u_int bits) +sshkey_xmss_generate_private_key(struct sshkey *k, int bits) { int r; const char *name;
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshkey-xmss.h -> _service:tar_scm:openssh-9.3p1.tar.gz/sshkey-xmss.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey-xmss.h,v 1.3 2021/04/03 06:18:41 djm Exp $ */ +/* $OpenBSD: sshkey-xmss.h,v 1.4 2022/10/28 00:39:29 djm Exp $ */ /* * Copyright (c) 2017 Markus Friedl. All rights reserved. * @@ -34,7 +34,7 @@ size_t sshkey_xmss_sklen(const struct sshkey *); int sshkey_xmss_init(struct sshkey *, const char *); void sshkey_xmss_free_state(struct sshkey *); -int sshkey_xmss_generate_private_key(struct sshkey *, u_int); +int sshkey_xmss_generate_private_key(struct sshkey *, int); int sshkey_xmss_serialize_state(const struct sshkey *, struct sshbuf *); int sshkey_xmss_serialize_state_opt(const struct sshkey *, struct sshbuf *, enum sshkey_serialize_rep);
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshkey.c -> _service:tar_scm:openssh-9.3p1.tar.gz/sshkey.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.122 2022/09/17 10:30:45 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.134 2022/10/28 02:47:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -94,111 +94,140 @@ struct sshkey **keyp, int allow_cert); /* Supported key types */ -struct keytype { - const char *name; - const char *shortname; - const char *sigalg; - int type; - int nid; - int cert; - int sigonly; -}; -static const struct keytype keytypes = { - { "ssh-ed25519", "ED25519", NULL, KEY_ED25519, 0, 0, 0 }, - { "ssh-ed25519-cert-v01@openssh.com", "ED25519-CERT", NULL, - KEY_ED25519_CERT, 0, 1, 0 }, -#ifdef ENABLE_SK - { "sk-ssh-ed25519@openssh.com", "ED25519-SK", NULL, - KEY_ED25519_SK, 0, 0, 0 }, - { "sk-ssh-ed25519-cert-v01@openssh.com", "ED25519-SK-CERT", NULL, - KEY_ED25519_SK_CERT, 0, 1, 0 }, -#endif -#ifdef WITH_XMSS - { "ssh-xmss@openssh.com", "XMSS", NULL, KEY_XMSS, 0, 0, 0 }, - { "ssh-xmss-cert-v01@openssh.com", "XMSS-CERT", NULL, - KEY_XMSS_CERT, 0, 1, 0 }, -#endif /* WITH_XMSS */ +extern const struct sshkey_impl sshkey_ed25519_impl; +extern const struct sshkey_impl sshkey_ed25519_cert_impl; +extern const struct sshkey_impl sshkey_ed25519_sk_impl; +extern const struct sshkey_impl sshkey_ed25519_sk_cert_impl; #ifdef WITH_OPENSSL - { "ssh-rsa", "RSA", NULL, KEY_RSA, 0, 0, 0 }, - { "rsa-sha2-256", "RSA", NULL, KEY_RSA, 0, 0, 1 }, - { "rsa-sha2-512", "RSA", NULL, KEY_RSA, 0, 0, 1 }, - { "ssh-dss", "DSA", NULL, KEY_DSA, 0, 0, 0 }, # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256", "ECDSA", NULL, - KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 }, - { "ecdsa-sha2-nistp384", "ECDSA", NULL, - KEY_ECDSA, NID_secp384r1, 0, 0 }, -# ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521", "ECDSA", NULL, - KEY_ECDSA, NID_secp521r1, 0, 0 }, -# endif /* OPENSSL_HAS_NISTP521 */ # ifdef ENABLE_SK - { "sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL, - KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 0 }, - { "webauthn-sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL, - KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 1 }, +extern const struct sshkey_impl sshkey_ecdsa_sk_impl; +extern const struct sshkey_impl sshkey_ecdsa_sk_cert_impl; +extern const struct sshkey_impl sshkey_ecdsa_sk_webauthn_impl; # endif /* ENABLE_SK */ +extern const struct sshkey_impl sshkey_ecdsa_nistp256_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp256_cert_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp384_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp384_cert_impl; +# ifdef OPENSSL_HAS_NISTP521 +extern const struct sshkey_impl sshkey_ecdsa_nistp521_impl; +extern const struct sshkey_impl sshkey_ecdsa_nistp521_cert_impl; +# endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ - { "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL, - KEY_RSA_CERT, 0, 1, 0 }, - { "rsa-sha2-256-cert-v01@openssh.com", "RSA-CERT", - "rsa-sha2-256", KEY_RSA_CERT, 0, 1, 1 }, - { "rsa-sha2-512-cert-v01@openssh.com", "RSA-CERT", - "rsa-sha2-512", KEY_RSA_CERT, 0, 1, 1 }, - { "ssh-dss-cert-v01@openssh.com", "DSA-CERT", NULL, - KEY_DSA_CERT, 0, 1, 0 }, +extern const struct sshkey_impl sshkey_rsa_impl; +extern const struct sshkey_impl sshkey_rsa_cert_impl; +extern const struct sshkey_impl sshkey_rsa_sha256_impl; +extern const struct sshkey_impl sshkey_rsa_sha256_cert_impl; +extern const struct sshkey_impl sshkey_rsa_sha512_impl; +extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl; +extern const struct sshkey_impl sshkey_dss_impl; +extern const struct sshkey_impl sshkey_dsa_cert_impl; +#endif /* WITH_OPENSSL */ +#ifdef WITH_XMSS +extern const struct sshkey_impl sshkey_xmss_impl; +extern const struct sshkey_impl sshkey_xmss_cert_impl; +#endif + +const struct sshkey_impl * const keyimpls = { + &sshkey_ed25519_impl, + &sshkey_ed25519_cert_impl, +#ifdef ENABLE_SK + &sshkey_ed25519_sk_impl, + &sshkey_ed25519_sk_cert_impl, +#endif +#ifdef WITH_OPENSSL # ifdef OPENSSL_HAS_ECC - { "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 }, - { "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_secp384r1, 1, 0 }, + &sshkey_ecdsa_nistp256_impl, + &sshkey_ecdsa_nistp256_cert_impl, + &sshkey_ecdsa_nistp384_impl, + &sshkey_ecdsa_nistp384_cert_impl, # ifdef OPENSSL_HAS_NISTP521 - { "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL, - KEY_ECDSA_CERT, NID_secp521r1, 1, 0 }, + &sshkey_ecdsa_nistp521_impl, + &sshkey_ecdsa_nistp521_cert_impl, # endif /* OPENSSL_HAS_NISTP521 */ # ifdef ENABLE_SK - { "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL, - KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, + &sshkey_ecdsa_sk_impl, + &sshkey_ecdsa_sk_cert_impl, + &sshkey_ecdsa_sk_webauthn_impl, # endif /* ENABLE_SK */ # endif /* OPENSSL_HAS_ECC */ + &sshkey_dss_impl, + &sshkey_dsa_cert_impl, + &sshkey_rsa_impl, + &sshkey_rsa_cert_impl, + &sshkey_rsa_sha256_impl, + &sshkey_rsa_sha256_cert_impl, + &sshkey_rsa_sha512_impl, + &sshkey_rsa_sha512_cert_impl, #endif /* WITH_OPENSSL */ - { NULL, NULL, NULL, -1, -1, 0, 0 } +#ifdef WITH_XMSS + &sshkey_xmss_impl, + &sshkey_xmss_cert_impl, +#endif + NULL }; +static const struct sshkey_impl * +sshkey_impl_from_type(int type) +{ + int i; + + for (i = 0; keyimplsi != NULL; i++) { + if (keyimplsi->type == type) + return keyimplsi; + } + return NULL; +} + +static const struct sshkey_impl * +sshkey_impl_from_type_nid(int type, int nid) +{ + int i; + + for (i = 0; keyimplsi != NULL; i++) { + if (keyimplsi->type == type && + (keyimplsi->nid == 0 || keyimplsi->nid == nid)) + return keyimplsi; + } + return NULL; +} + +static const struct sshkey_impl * +sshkey_impl_from_key(const struct sshkey *k) +{ + if (k == NULL) + return NULL; + return sshkey_impl_from_type_nid(k->type, k->ecdsa_nid); +} + const char * sshkey_type(const struct sshkey *k) { - const struct keytype *kt; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == k->type) - return kt->shortname; - } - return "unknown"; + if ((impl = sshkey_impl_from_key(k)) == NULL) + return "unknown"; + return impl->shortname; } static const char * sshkey_ssh_name_from_type_nid(int type, int nid) { - const struct keytype *kt; + const struct sshkey_impl *impl; - for (kt = keytypes; kt->type != -1; kt++) { - if (kt->type == type && (kt->nid == 0 || kt->nid == nid)) - return kt->name; - } - return "ssh-unknown";
View file
_service:tar_scm:openssh-9.1p1.tar.gz/sshkey.h -> _service:tar_scm:openssh-9.3p1.tar.gz/sshkey.h
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.h,v 1.52 2022/09/17 10:30:45 djm Exp $ */ +/* $OpenBSD: sshkey.h,v 1.61 2022/10/28 00:44:44 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -164,6 +164,41 @@ uint8_t sk_flags; /* U2F signature flags; see ssh-sk.h */ }; +struct sshkey_impl_funcs { + u_int (*size)(const struct sshkey *); /* optional */ + int (*alloc)(struct sshkey *); /* optional */ + void (*cleanup)(struct sshkey *); /* optional */ + int (*equal)(const struct sshkey *, const struct sshkey *); + int (*serialize_public)(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); + int (*deserialize_public)(const char *, struct sshbuf *, + struct sshkey *); + int (*serialize_private)(const struct sshkey *, struct sshbuf *, + enum sshkey_serialize_rep); + int (*deserialize_private)(const char *, struct sshbuf *, + struct sshkey *); + int (*generate)(struct sshkey *, int); /* optional */ + int (*copy_public)(const struct sshkey *, struct sshkey *); + int (*sign)(struct sshkey *, u_char **, size_t *, + const u_char *, size_t, const char *, + const char *, const char *, u_int); /* optional */ + int (*verify)(const struct sshkey *, const u_char *, size_t, + const u_char *, size_t, const char *, u_int, + struct sshkey_sig_details **); +}; + +struct sshkey_impl { + const char *name; + const char *shortname; + const char *sigalg; + int type; + int nid; + int cert; + int sigonly; + int keybits; + const struct sshkey_impl_funcs *funcs; +}; + struct sshkey *sshkey_new(int); void sshkey_free(struct sshkey *); int sshkey_equal_public(const struct sshkey *, @@ -288,40 +323,17 @@ void sshkey_sig_details_free(struct sshkey_sig_details *); #ifdef SSHKEY_INTERNAL -int ssh_rsa_sign(const struct sshkey *key, - u_char **sigp, size_t *lenp, const u_char *data, size_t datalen, - const char *ident); -int ssh_rsa_verify(const struct sshkey *key, - const u_char *sig, size_t siglen, const u_char *data, size_t datalen, - const char *alg); -int ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_dss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ecdsa_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, - struct sshkey_sig_details **detailsp); -int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_ed25519_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); -int ssh_ed25519_sk_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat, - struct sshkey_sig_details **detailsp); -int ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - const u_char *data, size_t datalen, u_int compat); -int ssh_xmss_verify(const struct sshkey *key, - const u_char *signature, size_t signaturelen, - const u_char *data, size_t datalen, u_int compat); +int sshkey_sk_fields_equal(const struct sshkey *a, const struct sshkey *b); +void sshkey_sk_cleanup(struct sshkey *k); +int sshkey_serialize_sk(const struct sshkey *key, struct sshbuf *b); +int sshkey_copy_public_sk(const struct sshkey *from, struct sshkey *to); +int sshkey_deserialize_sk(struct sshbuf *b, struct sshkey *key); +int sshkey_serialize_private_sk(const struct sshkey *key, + struct sshbuf *buf); +int sshkey_private_deserialize_sk(struct sshbuf *buf, struct sshkey *k); +#ifdef WITH_OPENSSL +int check_rsa_length(const RSA *rsa); /* XXX remove */ +#endif #endif #if !defined(WITH_OPENSSL)
View file
_service:tar_scm:openssh-9.1p1.tar.gz/umac.c -> _service:tar_scm:openssh-9.3p1.tar.gz/umac.c
Changed
@@ -1,4 +1,4 @@ -/* $OpenBSD: umac.c,v 1.22 2022/01/01 05:55:06 jsg Exp $ */ +/* $OpenBSD: umac.c,v 1.23 2023/03/07 01:30:52 djm Exp $ */ /* ----------------------------------------------------------------------- * * umac.c -- C Implementation UMAC Message Authentication @@ -233,7 +233,8 @@ explicit_bzero(buf, sizeof(buf)); } -static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce8, UINT8 buf8) +static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce8, + UINT8 bufUMAC_OUTPUT_LEN) { /* 'ndx' indicates that we'll be using the 0th or 1st eight bytes * of the AES output. If last time around we returned the ndx-1st
View file
_service:tar_scm:openssh-9.1p1.tar.gz/version.h -> _service:tar_scm:openssh-9.3p1.tar.gz/version.h
Changed
@@ -1,6 +1,6 @@ -/* $OpenBSD: version.h,v 1.95 2022/09/26 22:18:40 djm Exp $ */ +/* $OpenBSD: version.h,v 1.97 2023/03/15 21:19:57 djm Exp $ */ -#define SSH_VERSION "OpenSSH_9.1" +#define SSH_VERSION "OpenSSH_9.3" #define SSH_PORTABLE "p1" #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
View file
_service:tar_scm:ssh-agent.service
Changed
@@ -5,10 +5,15 @@ ConditionEnvironment=!SSH_AGENT_PID Description=OpenSSH key agent Documentation=man:ssh-agent(1) man:ssh-add(1) man:ssh(1) +Requires=ssh-agent.socket Service Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket +ExecStartPre=/usr/bin/rm -f $SSH_AUTH_SOCK ExecStart=/usr/bin/ssh-agent -a $SSH_AUTH_SOCK PassEnvironment=SSH_AGENT_PID SuccessExitStatus=2 Type=forking + +Install +Also=ssh-agent.socket
View file
_service:tar_scm:ssh-agent.socket
Added
@@ -0,0 +1,14 @@ +Unit +Description=OpenSSH key agent +Documentation=man:ssh-agent(1) man:ssh-add(1) man:ssh(1) + +Socket +ListenStream=%t/ssh-agent.socket +Service=ssh-agent.service +Priority=6 +Backlog=5 +SocketMode=0600 +DirectoryMode=0700 + +Install +WantedBy=sockets.target
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2