external/openssh: update to 6.8p1.
In preparation for some updates to external/openssh to make it work with
BoringSSL, this change updates the code to a recent version. The current
version (5.9p1) is coming up on four years old now.
* Confirmed that f5c67b478bef9992de9e9ec91ce10af4f6205e0d matches
OpenSSH 5.9p1 exactly (save for the removal of the scard
subdirectory).
* Downloaded openssh-6.8p1.tar.gz (SHA256:
3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e)
and verified with PGP signature. (I've verified Damien's key in
person previously.)
* Applied changes between f5c67b478bef9992de9e9ec91ce10af4f6205e0d and
OpenSSH 5.9p1 to 6.8p1 and updated the build as best I can. The
ugliest change is probably the duplication of umac.c to umac128.c
because Android conditionally compiles that file twice. See the
comment in those files.
Change-Id: I63cb07a8118afb5a377f116087a0882914cea486
diff --git a/config.h.in b/config.h.in
index eccd37f..7e7e38e 100644
--- a/config.h.in
+++ b/config.h.in
@@ -1,8 +1,5 @@
/* config.h.in. Generated from configure.ac by autoheader. */
-/* Define if building universal (internal helper macro) */
-#undef AC_APPLE_UNIVERSAL_BUILD
-
/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
*/
#undef AIX_GETNAMEINFO_HACK
@@ -16,6 +13,9 @@
/* Define if your resolver libs need this for getrrsetbyname */
#undef BIND_8_COMPAT
+/* The system has incomplete BSM API */
+#undef BROKEN_BSM_API
+
/* Define if cmsg_type is not passed correctly */
#undef BROKEN_CMSG_TYPE
@@ -44,6 +44,10 @@
/* Can't do comparisons on readv */
#undef BROKEN_READV_COMPARISON
+/* NetBSD read function is sometimes redirected, breaking atomicio comparisons
+ against it */
+#undef BROKEN_READ_COMPARISON
+
/* Define if you have a broken realpath. */
#undef BROKEN_REALPATH
@@ -71,6 +75,9 @@
/* Define if your snprintf is busted */
#undef BROKEN_SNPRINTF
+/* FreeBSD strnvis argument order is swapped compared to OpenBSD */
+#undef BROKEN_STRNVIS
+
/* tcgetattr with ICANON may hang */
#undef BROKEN_TCGETATTR_ICANON
@@ -176,6 +183,9 @@
/* Define to 1 if you have the `arc4random_buf' function. */
#undef HAVE_ARC4RANDOM_BUF
+/* Define to 1 if you have the `arc4random_stir' function. */
+#undef HAVE_ARC4RANDOM_STIR
+
/* Define to 1 if you have the `arc4random_uniform' function. */
#undef HAVE_ARC4RANDOM_UNIFORM
@@ -206,21 +216,51 @@
/* Define to 1 if you have the `bcopy' function. */
#undef HAVE_BCOPY
+/* Define to 1 if you have the `bcrypt_pbkdf' function. */
+#undef HAVE_BCRYPT_PBKDF
+
/* Define to 1 if you have the `bindresvport_sa' function. */
#undef HAVE_BINDRESVPORT_SA
+/* Define to 1 if you have the `blf_enc' function. */
+#undef HAVE_BLF_ENC
+
+/* Define to 1 if you have the <blf.h> header file. */
+#undef HAVE_BLF_H
+
+/* Define to 1 if you have the `Blowfish_expand0state' function. */
+#undef HAVE_BLOWFISH_EXPAND0STATE
+
+/* Define to 1 if you have the `Blowfish_expandstate' function. */
+#undef HAVE_BLOWFISH_EXPANDSTATE
+
+/* Define to 1 if you have the `Blowfish_initstate' function. */
+#undef HAVE_BLOWFISH_INITSTATE
+
+/* Define to 1 if you have the `Blowfish_stream2word' function. */
+#undef HAVE_BLOWFISH_STREAM2WORD
+
/* Define to 1 if you have the `BN_is_prime_ex' function. */
#undef HAVE_BN_IS_PRIME_EX
+/* Define to 1 if you have the <bsd/libutil.h> header file. */
+#undef HAVE_BSD_LIBUTIL_H
+
/* Define to 1 if you have the <bsm/audit.h> header file. */
#undef HAVE_BSM_AUDIT_H
/* Define to 1 if you have the <bstring.h> header file. */
#undef HAVE_BSTRING_H
+/* Define to 1 if you have the `cap_rights_limit' function. */
+#undef HAVE_CAP_RIGHTS_LIMIT
+
/* Define to 1 if you have the `clock' function. */
#undef HAVE_CLOCK
+/* Have clock_gettime */
+#undef HAVE_CLOCK_GETTIME
+
/* define if you have clock_t data type */
#undef HAVE_CLOCK_T
@@ -233,6 +273,9 @@
/* Define if your system uses ancillary data style file descriptor passing */
#undef HAVE_CONTROL_IN_MSGHDR
+/* Define to 1 if you have the `crypt' function. */
+#undef HAVE_CRYPT
+
/* Define to 1 if you have the <crypto/sha2.h> header file. */
#undef HAVE_CRYPTO_SHA2_H
@@ -245,6 +288,10 @@
/* Define if your libraries define daemon() */
#undef HAVE_DAEMON
+/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if
+ you don't. */
+#undef HAVE_DECL_AI_NUMERICSERV
+
/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
don't. */
#undef HAVE_DECL_AUTHENTICATE
@@ -253,6 +300,14 @@
don't. */
#undef HAVE_DECL_GLOB_NOMATCH
+/* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
+ and to 0 if you don't. */
+#undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE
+
+/* Define to 1 if you have the declaration of `howmany', and to 0 if you
+ don't. */
+#undef HAVE_DECL_HOWMANY
+
/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
don't. */
#undef HAVE_DECL_H_ERRNO
@@ -273,6 +328,10 @@
don't. */
#undef HAVE_DECL_MAXSYMLINKS
+/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you
+ don't. */
+#undef HAVE_DECL_NFDBITS
+
/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
don't. */
#undef HAVE_DECL_OFFSETOF
@@ -305,6 +364,9 @@
don't. */
#undef HAVE_DECL__GETSHORT
+/* Define to 1 if you have the `DES_crypt' function. */
+#undef HAVE_DES_CRYPT
+
/* Define if you have /dev/ptmx */
#undef HAVE_DEV_PTMX
@@ -323,6 +385,12 @@
/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
#undef HAVE_DSA_GENERATE_PARAMETERS_EX
+/* Define to 1 if you have the <elf.h> header file. */
+#undef HAVE_ELF_H
+
+/* Define to 1 if you have the `endgrent' function. */
+#undef HAVE_ENDGRENT
+
/* Define to 1 if you have the <endian.h> header file. */
#undef HAVE_ENDIAN_H
@@ -335,12 +403,36 @@
/* Define if your system has /etc/default/login */
#undef HAVE_ETC_DEFAULT_LOGIN
+/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
+#undef HAVE_EVP_CIPHER_CTX_CTRL
+
+/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
+#undef HAVE_EVP_DIGESTFINAL_EX
+
+/* Define to 1 if you have the `EVP_DigestInit_ex' function. */
+#undef HAVE_EVP_DIGESTINIT_EX
+
+/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */
+#undef HAVE_EVP_MD_CTX_CLEANUP
+
+/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
+#undef HAVE_EVP_MD_CTX_COPY_EX
+
+/* Define to 1 if you have the `EVP_MD_CTX_init' function. */
+#undef HAVE_EVP_MD_CTX_INIT
+
+/* Define to 1 if you have the `EVP_ripemd160' function. */
+#undef HAVE_EVP_RIPEMD160
+
/* Define to 1 if you have the `EVP_sha256' function. */
#undef HAVE_EVP_SHA256
/* Define if you have ut_exit in utmp.h */
#undef HAVE_EXIT_IN_UTMP
+/* Define to 1 if you have the `explicit_bzero' function. */
+#undef HAVE_EXPLICIT_BZERO
+
/* Define to 1 if you have the `fchmod' function. */
#undef HAVE_FCHMOD
@@ -353,6 +445,9 @@
/* Define to 1 if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
+/* Define to 1 if the system has the type `fd_mask'. */
+#undef HAVE_FD_MASK
+
/* Define to 1 if you have the <features.h> header file. */
#undef HAVE_FEATURES_H
@@ -371,6 +466,9 @@
/* Define to 1 if the system has the type `fsfilcnt_t'. */
#undef HAVE_FSFILCNT_T
+/* Define to 1 if you have the `fstatfs' function. */
+#undef HAVE_FSTATFS
+
/* Define to 1 if you have the `fstatvfs' function. */
#undef HAVE_FSTATVFS
@@ -425,6 +523,12 @@
/* Define to 1 if you have the `getpeerucred' function. */
#undef HAVE_GETPEERUCRED
+/* Define to 1 if you have the `getpgid' function. */
+#undef HAVE_GETPGID
+
+/* Define to 1 if you have the `getpgrp' function. */
+#undef HAVE_GETPGRP
+
/* Define to 1 if you have the `getpwanam' function. */
#undef HAVE_GETPWANAM
@@ -500,6 +604,9 @@
/* Define if HEADER.ad exists in arpa/nameser.h */
#undef HAVE_HEADER_AD
+/* Define to 1 if you have the `HMAC_CTX_init' function. */
+#undef HAVE_HMAC_CTX_INIT
+
/* Define if you have ut_host in utmp.h */
#undef HAVE_HOST_IN_UTMP
@@ -533,6 +640,9 @@
/* define if you have int64_t data type */
#undef HAVE_INT64_T
+/* Define to 1 if the system has the type `intmax_t'. */
+#undef HAVE_INTMAX_T
+
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
@@ -548,9 +658,21 @@
/* Define if you have isblank(3C). */
#undef HAVE_ISBLANK
+/* Define to 1 if you have the `krb5_cc_new_unique' function. */
+#undef HAVE_KRB5_CC_NEW_UNIQUE
+
+/* Define to 1 if you have the `krb5_free_error_message' function. */
+#undef HAVE_KRB5_FREE_ERROR_MESSAGE
+
+/* Define to 1 if you have the `krb5_get_error_message' function. */
+#undef HAVE_KRB5_GET_ERROR_MESSAGE
+
/* Define to 1 if you have the <lastlog.h> header file. */
#undef HAVE_LASTLOG_H
+/* Define if you want ldns support */
+#undef HAVE_LDNS
+
/* Define to 1 if you have the <libaudit.h> header file. */
#undef HAVE_LIBAUDIT_H
@@ -593,10 +715,22 @@
/* Define to 1 if you have the <limits.h> header file. */
#undef HAVE_LIMITS_H
+/* Define to 1 if you have the <linux/audit.h> header file. */
+#undef HAVE_LINUX_AUDIT_H
+
+/* Define to 1 if you have the <linux/filter.h> header file. */
+#undef HAVE_LINUX_FILTER_H
+
/* Define to 1 if you have the <linux/if_tun.h> header file. */
#undef HAVE_LINUX_IF_TUN_H
-/* Define if your libraries define login() */
+/* Define to 1 if you have the <linux/seccomp.h> header file. */
+#undef HAVE_LINUX_SECCOMP_H
+
+/* Define to 1 if you have the <locale.h> header file. */
+#undef HAVE_LOCALE_H
+
+/* Define to 1 if you have the `login' function. */
#undef HAVE_LOGIN
/* Define to 1 if you have the <login_cap.h> header file. */
@@ -623,6 +757,9 @@
/* Define to 1 if you have the <maillock.h> header file. */
#undef HAVE_MAILLOCK_H
+/* Define to 1 if you have the `mblen' function. */
+#undef HAVE_MBLEN
+
/* Define to 1 if you have the `md5_crypt' function. */
#undef HAVE_MD5_CRYPT
@@ -635,6 +772,9 @@
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
+/* Define to 1 if you have the `memset_s' function. */
+#undef HAVE_MEMSET_S
+
/* Define to 1 if you have the `mkdtemp' function. */
#undef HAVE_MKDTEMP
@@ -729,24 +869,15 @@
/* Define to 1 if you have the `pututxline' function. */
#undef HAVE_PUTUTXLINE
-/* Define if your password has a pw_change field */
-#undef HAVE_PW_CHANGE_IN_PASSWD
-
-/* Define if your password has a pw_gecos field */
-#undef HAVE_PW_GECOS_IN_PASSWD
-
-/* Define if your password has a pw_class field */
-#undef HAVE_PW_CLASS_IN_PASSWD
-
-/* Define if your password has a pw_expire field */
-#undef HAVE_PW_EXPIRE_IN_PASSWD
-
/* Define to 1 if you have the `readpassphrase' function. */
#undef HAVE_READPASSPHRASE
/* Define to 1 if you have the <readpassphrase.h> header file. */
#undef HAVE_READPASSPHRASE_H
+/* Define to 1 if you have the `reallocarray' function. */
+#undef HAVE_REALLOCARRAY
+
/* Define to 1 if you have the `realpath' function. */
#undef HAVE_REALPATH
@@ -777,6 +908,9 @@
/* define if you have sa_family_t data type */
#undef HAVE_SA_FAMILY_T
+/* Define to 1 if you have the `scan_scaled' function. */
+#undef HAVE_SCAN_SCALED
+
/* Define if you have SecureWare-based protected password database */
#undef HAVE_SECUREWARE
@@ -807,6 +941,9 @@
/* Define to 1 if you have the `setgroups' function. */
#undef HAVE_SETGROUPS
+/* Define to 1 if you have the `setlinebuf' function. */
+#undef HAVE_SETLINEBUF
+
/* Define to 1 if you have the `setlogin' function. */
#undef HAVE_SETLOGIN
@@ -933,6 +1070,9 @@
/* Define to 1 if you have the `strmode' function. */
#undef HAVE_STRMODE
+/* Define to 1 if you have the `strnlen' function. */
+#undef HAVE_STRNLEN
+
/* Define to 1 if you have the `strnvis' function. */
#undef HAVE_STRNVIS
@@ -951,22 +1091,37 @@
/* Define to 1 if you have the `strtoul' function. */
#undef HAVE_STRTOUL
+/* Define to 1 if you have the `strtoull' function. */
+#undef HAVE_STRTOULL
+
/* define if you have struct addrinfo data type */
#undef HAVE_STRUCT_ADDRINFO
/* define if you have struct in6_addr data type */
#undef HAVE_STRUCT_IN6_ADDR
+/* Define to 1 if `pw_change' is member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_CHANGE
+
+/* Define to 1 if `pw_class' is member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_CLASS
+
+/* Define to 1 if `pw_expire' is member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_EXPIRE
+
+/* Define to 1 if `pw_gecos' is member of `struct passwd'. */
+#undef HAVE_STRUCT_PASSWD_PW_GECOS
+
/* define if you have struct sockaddr_in6 data type */
#undef HAVE_STRUCT_SOCKADDR_IN6
-/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
+/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */
#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
/* define if you have struct sockaddr_storage data type */
#undef HAVE_STRUCT_SOCKADDR_STORAGE
-/* Define to 1 if `st_blksize' is a member of `struct stat'. */
+/* Define to 1 if `st_blksize' is member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLKSIZE
/* Define to 1 if the system has the type `struct timespec'. */
@@ -993,6 +1148,9 @@
/* Define to 1 if you have the <sys/bsdtty.h> header file. */
#undef HAVE_SYS_BSDTTY_H
+/* Define to 1 if you have the <sys/capability.h> header file. */
+#undef HAVE_SYS_CAPABILITY_H
+
/* Define to 1 if you have the <sys/cdefs.h> header file. */
#undef HAVE_SYS_CDEFS_H
@@ -1107,6 +1265,9 @@
/* Define to 1 if you have the <ucred.h> header file. */
#undef HAVE_UCRED_H
+/* Define to 1 if the system has the type `uintmax_t'. */
+#undef HAVE_UINTMAX_T
+
/* define if you have uintxx_t data type */
#undef HAVE_UINTXX_T
@@ -1131,6 +1292,9 @@
/* Define to 1 if you have the `user_from_uid' function. */
#undef HAVE_USER_FROM_UID
+/* Define to 1 if you have the `usleep' function. */
+#undef HAVE_USLEEP
+
/* Define to 1 if you have the <util.h> header file. */
#undef HAVE_UTIL_H
@@ -1170,9 +1334,6 @@
/* Define if va_copy exists */
#undef HAVE_VA_COPY
-/* Define to 1 if you have the `vhangup' function. */
-#undef HAVE_VHANGUP
-
/* Define to 1 if you have the <vis.h> header file. */
#undef HAVE_VIS_H
@@ -1233,9 +1394,6 @@
/* Define if pututxline updates lastlog too */
#undef LASTLOG_WRITE_PUTUTXLINE
-/* Define if you want TCP Wrappers support */
-#undef LIBWRAP
-
/* Define to whatever link() returns for "not supported" if it doesn't return
EOPNOTSUPP. */
#undef LINK_OPNOTSUPP_ERRNO
@@ -1274,18 +1432,12 @@
/* Set this to your mail directory if you do not have _PATH_MAILDIR */
#undef MAIL_DIRECTORY
-/* Define on *nto-qnx systems */
-#undef MISSING_FD_MASK
-
-/* Define on *nto-qnx systems */
-#undef MISSING_HOWMANY
-
-/* Define on *nto-qnx systems */
-#undef MISSING_NFDBITS
-
/* Need setpgrp to acquire controlling tty */
#undef NEED_SETPGRP
+/* compiler does not accept __attribute__ on return types */
+#undef NO_ATTRIBUTE_ON_RETURN_TYPE
+
/* Define if the concept of ports only accessible to superusers isn't known */
#undef NO_IPPORT_RESERVED_CONCEPT
@@ -1298,13 +1450,28 @@
/* Define if EVP_DigestUpdate returns void */
#undef OPENSSL_EVP_DIGESTUPDATE_VOID
-/* libcrypto includes complete ECC support */
+/* OpenSSL has ECC */
#undef OPENSSL_HAS_ECC
+/* libcrypto has NID_X9_62_prime256v1 */
+#undef OPENSSL_HAS_NISTP256
+
+/* libcrypto has NID_secp384r1 */
+#undef OPENSSL_HAS_NISTP384
+
+/* libcrypto has NID_secp521r1 */
+#undef OPENSSL_HAS_NISTP521
+
+/* libcrypto has EVP AES CTR */
+#undef OPENSSL_HAVE_EVPCTR
+
+/* libcrypto has EVP AES GCM */
+#undef OPENSSL_HAVE_EVPGCM
+
/* libcrypto is missing AES 192 and 256 bit functions */
#undef OPENSSL_LOBOTOMISED_AES
-/* Define if you want OpenSSL's internally seeded PRNG only */
+/* Define if you want the OpenSSL internally seeded PRNG only */
#undef OPENSSL_PRNG_ONLY
/* Define to the address where bug reports for this package should be sent. */
@@ -1319,9 +1486,6 @@
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@@ -1335,6 +1499,9 @@
/* must supply username to passwd */
#undef PASSWD_NEEDS_USERNAME
+/* System dirs owned by bin (uid 2) */
+#undef PLATFORM_SYS_DIR_UID
+
/* Port number of PRNGD/EGD random number socket */
#undef PRNGD_PORT
@@ -1344,6 +1511,9 @@
/* read(1) can return 0 for a non-closed fd */
#undef PTY_ZEROREAD
+/* Sandbox using capsicum */
+#undef SANDBOX_CAPSICUM
+
/* Sandbox using Darwin sandbox_init(3) */
#undef SANDBOX_DARWIN
@@ -1353,15 +1523,24 @@
/* Sandbox using setrlimit(2) */
#undef SANDBOX_RLIMIT
+/* Sandbox using seccomp filter */
+#undef SANDBOX_SECCOMP_FILTER
+
+/* setrlimit RLIMIT_FSIZE works */
+#undef SANDBOX_SKIP_RLIMIT_FSIZE
+
+/* define if setrlimit RLIMIT_NOFILE breaks things */
+#undef SANDBOX_SKIP_RLIMIT_NOFILE
+
/* Sandbox using systrace(4) */
#undef SANDBOX_SYSTRACE
+/* Specify the system call convention in use */
+#undef SECCOMP_AUDIT_ARCH
+
/* Define if your platform breaks doing a seteuid before a setuid */
#undef SETEUID_BREAKS_SETUID
-/* The size of `char', as computed by sizeof. */
-#undef SIZEOF_CHAR
-
/* The size of `int', as computed by sizeof. */
#undef SIZEOF_INT
@@ -1484,20 +1663,18 @@
/* Define if you want IRIX project management */
#undef WITH_IRIX_PROJECT
+/* use libcrypto for cryptography */
+#undef WITH_OPENSSL
+
/* Define if you want SELinux support. */
#undef WITH_SELINUX
-/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
- significant byte first (like Motorola and SPARC, unlike Intel). */
-#if defined AC_APPLE_UNIVERSAL_BUILD
-# if defined __BIG_ENDIAN__
-# define WORDS_BIGENDIAN 1
-# endif
-#else
-# ifndef WORDS_BIGENDIAN
-# undef WORDS_BIGENDIAN
-# endif
-#endif
+/* include SSH protocol version 1 support */
+#undef WITH_SSH1
+
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
/* Define if xauth is found in your path */
#undef XAUTH_PATH