The NetBSD Project

CVS log for src/crypto/external/bsd/openssh/dist/authfd.h

[BACK] Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.16 / (download) - annotate - [select for diffs], Wed Feb 23 19:07:20 2022 UTC (11 months, 1 week ago) by christos
Branch: MAIN
CVS Tags: netbsd-10-base, netbsd-10, HEAD
Changes since 1.15: +31 -4 lines
Diff to previous 1.15 (colored)

Merge differences between openssh-8.8 and openssh-8.9

Revision 1.1.1.12 / (download) - annotate - [select for diffs] (vendor branch), Wed Feb 23 19:04:25 2022 UTC (11 months, 1 week ago) by christos
Branch: OPENSSH
CVS Tags: v91-20221004, v90-20220408, v89-20220223
Changes since 1.1.1.11: +31 -4 lines
Diff to previous 1.1.1.11 (colored)

Import OpenSSH 8.9.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.

Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path@openssh.com" to support
this.

Security Near Miss
==================

 * sshd(8): fix an integer overflow in the user authentication path
   that, in conjunction with other logic errors, could have yielded
   unauthenticated access under difficult to exploit conditions.

   This situation is not exploitable because of independent checks in
   the privilege separation monitor. Privilege separation has been
   enabled by default in since openssh-3.2.2 (released in 2002) and
   has been mandatory since openssh-7.5 (released in 2017). Moreover,
   portable OpenSSH has used toolchain features available in most
   modern compilers to abort on signed integer overflow since
   openssh-6.5 (released in 2014).

   Thanks to Malcolm Stagg for finding and reporting this bug.

Potentially-incompatible changes
================================

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

 * This release modifies the FIDO security key middleware interface
   and increments SSH_SK_VERSION_MAJOR.

Changes since OpenSSH 8.8
=========================

This release includes a number of new features.

New features
------------

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)
   A detailed description of the feature is available at
   https://www.openssh.com/agent-restrict.html and the protocol
   extensions are documented in the PROTOCOL and PROTOCOL.agent
   files in the source release.

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * ssh-keygen(1): when downloading resident keys from a FIDO token,
   pass back the user ID that was used when the key was created and
   append it to the filename the key is written to (if it is not the
   default). Avoids keys being clobbered if the user created multiple
   resident keys with the same application string but different user
   IDs.

 * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
   on tokens that provide user verification (UV) on the device itself,
   including biometric keys, avoiding unnecessary PIN prompts.

 * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
   perform matching of principals names against an allowed signers
   file. To be used towards a TOFU model for SSH signatures in git.

 * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
   to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
   authentication time.

 * ssh-keygen(1): allow selection of hash at sshsig signing time
   (either sha512 (default) or sha256).

 * ssh(1), sshd(8): read network data directly to the packet input
   buffer instead indirectly via a small stack buffer. Provides a
   modest performance improvement.

 * ssh(1), sshd(8): read data directly to the channel input buffer,
   providing a similar modest performance improvement.

 * ssh(1): extend the PubkeyAuthentication configuration directive to
   accept yes|no|unbound|host-bound to allow control over one of the
   protocol extensions used to implement agent-restricted keys.

Bugfixes
--------

 * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
   PubkeyAuthOptions can be used in a Match block. PR#277.

 * sshd(8): fix possible string truncation when constructing paths to
   .rhosts/.shosts files with very long user home directory names.

 * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
   exchange hashes

 * ssh(1): don't put the TTY into raw mode when SessionType=none,
   avoids ^C being unable to kill such a session. bz3360

 * scp(1): fix some corner-case bugs in SFTP-mode handling of
   ~-prefixed paths.

 * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
   select RSA keys when only RSA/SHA2 signature algorithms are
   configured (this is the default case). Previously RSA keys were
   not being considered in the default case.

 * ssh-keysign(1): make ssh-keysign use the requested signature
   algorithm and not the default for the key type. Part of unbreaking
   hostbased auth for RSA/SHA2 keys.

 * ssh(1): stricter UpdateHostkey signature verification logic on
   the client- side. Require RSA/SHA2 signatures for RSA hostkeys
   except when RSA/SHA1 was explicitly negotiated during initial
   KEX; bz3375

 * ssh(1), sshd(8): fix signature algorithm selection logic for
   UpdateHostkeys on the server side. The previous code tried to
   prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
   cases. This will use RSA/SHA2 signatures for RSA keys if the
   client proposed these algorithms in initial KEX. bz3375

 * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
   This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
   and sftp-server(8), as well as the sshd(8) listen loop and all
   other FD read/writability checks. On platforms with missing or
   broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
   available.

 * ssh-keygen(1): the "-Y find-principals" command was verifying key
   validity when using ca certs but not with simple key lifetimes
   within the allowed signers file.

 * ssh-keygen(1): make sshsig verify-time argument parsing optional

 * sshd(8): fix truncation in rhosts/shosts path construction.

 * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
   keys (we already did this for RSA keys). Avoids fatal errors for
   PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
   "cryptoauthlib"; bz#3364

 * ssh(1), ssh-agent(1): improve the testing of credentials against
   inserted FIDO: ask the token whether a particular key belongs to
   it in cases where the token supports on-token user-verification
   (e.g. biometrics) rather than just assuming that it will accept it.

   Will reduce spurious "Confirm user presence" notifications for key
   handles that relate to FIDO keys that are not currently inserted in at
   least some cases. bz3366

 * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
   allow for the preceding two ECN bits. bz#3373

 * ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
   option.

 * ssh-keygen(1): fix a NULL deref when using the find-principals
   function, when matching an allowed_signers line that contains a
   namespace restriction, but no restriction specified on the
   command-line

 * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
   issue #42719

 * ssh(1): suppress "Connection to xxx closed" messages when LogLevel
   is set to "error" or above. bz3378

 * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
   compressed packet data. bz3372

 * scp(1): when recursively transferring files in SFTP mode, create the
   destination directory if it doesn't already exist to match scp(1) in
   legacy RCP mode behaviour.

 * scp(1): many improvements in error message consistency between scp(1)
   in SFTP mode vs legacy RCP mode.

 * sshd(8): fix potential race in SIGTERM handling PR#289

 * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
   end of the default list of public keys so that they will be tried
   last. PR#295

 * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
   wildcard principals in allowed_signers files

Portability
-----------

 * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
   implementation does not work in a chroot when the kernel does not
   have close_range(2). It tries to read from /proc/self/fd and when
   that fails dies with an assertion of sorts. Instead, call
   close_range(2) directly from our compat code and fall back if
   that fails.  bz#3349,

 * OS X poll(2) is broken; use compat replacement. For character-
   special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
   when polled with POLLIN. Apparently this is Apple bug 3710161 -
   not public but a websearch will find other OSS projects
   rediscovering it periodically since it was first identified in
   2005.

 * Correct handling of exceptfds/POLLPRI in our select(2)-based
   poll(2)/ppoll(2) compat implementation.

 * Cygwin: correct checking of mbstowcs() return value.

 * Add a basic SECURITY.md that refers people to the openssh.com
   website.

 * Enable additional compiler warnings and toolchain hardening flags,
   including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
   -fzero-call-used-regs and -ftrivial-auto-var-init.

 * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
   is not reliable.

Revision 1.15 / (download) - annotate - [select for diffs], Fri Dec 4 18:42:50 2020 UTC (2 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)

Merge conflicts

Revision 1.1.1.11 / (download) - annotate - [select for diffs] (vendor branch), Fri Dec 4 18:40:05 2020 UTC (2 years, 1 month ago) by christos
Branch: OPENSSH
CVS Tags: v88-20210926, v87-20210820, v86-20210419, v85_20210303, v84-20200927
Changes since 1.1.1.10: +3 -3 lines
Diff to previous 1.1.1.10 (colored)

OpenSSH 8.4 was released on 2020-09-27. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

We intend to enable UpdateHostKeys by default in the next OpenSSH
release. This will assist the client by automatically migrating to
better algorithms. Users may consider enabling this option manually.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * ssh-agent(1): restrict ssh-agent from signing web challenges for
   FIDO/U2F keys.

   When signing messages in ssh-agent using a FIDO key that has an
   application string that does not start with "ssh:", ensure that the
   message being signed is one of the forms expected for the SSH protocol
   (currently public key authentication and sshsig signatures).

   This prevents ssh-agent forwarding on a host that has FIDO keys
   attached granting the ability for the remote side to sign challenges
   for web authentication using those keys too.

   Note that the converse case of web browsers signing SSH challenges is
   already precluded because no web RP can have the "ssh:" prefix in the
   application string that we require.

 * ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating
   a FIDO resident key.

   The recent FIDO 2.1 Client to Authenticator Protocol introduced a
   "credProtect" feature to better protect resident keys. We use this
   option to require a PIN prior to all operations that may retrieve
   a resident key from a FIDO token.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * For FIDO/U2F support, OpenSSH recommends the use of libfido2 1.5.0
   or greater. Older libraries have limited support at the expense of
   disabling particular features. These include resident keys, PIN-
   required keys and multiple attached tokens.

 * ssh-keygen(1): the format of the attestation information optionally
   recorded when a FIDO key is generated has changed. It now includes
   the authenticator data needed to validate attestation signatures.

 * The API between OpenSSH and the FIDO token middleware has changed
   and the SSH_SK_VERSION_MAJOR version has been incremented as a
   result. Third-party middleware libraries must support the current
   API version (7) to work with OpenSSH 8.4.

 * The portable OpenSSH distribution now requires automake to rebuild
   the configure script and supporting files. This is not required when
   simply building portable OpenSSH from a release tar file.

Changes since OpenSSH 8.3
=========================

New features
------------

 * ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for
   each use. These keys may be generated using ssh-keygen using a new
   "verify-required" option. When a PIN-required key is used, the user
   will be prompted for a PIN to complete the signature operation.

 * sshd(8): authorized_keys now supports a new "verify-required"
   option to require FIDO signatures assert that the token verified
   that the user was present before making the signature. The FIDO
   protocol supports multiple methods for user-verification, but
   currently OpenSSH only supports PIN verification.

 * sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn
   signatures. Webauthn is a standard for using FIDO keys in web
   browsers. These signatures are a slightly different format to plain
   FIDO signatures and thus require explicit support.

 * ssh(1): allow some keywords to expand shell-style ${ENV}
   environment variables. The supported keywords are CertificateFile,
   ControlPath, IdentityAgent and IdentityFile, plus LocalForward and
   RemoteForward when used for Unix domain socket paths. bz#3140

 * ssh(1), ssh-agent(1): allow some additional control over the use of
   ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable,
   including forcibly enabling and disabling its use. bz#69

 * ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time
   limit for keys in addition to its current flag options. Time-
   limited keys will automatically be removed from ssh-agent after
   their expiry time has passed.

 * scp(1), sftp(1): allow the -A flag to explicitly enable agent
   forwarding in scp and sftp. The default remains to not forward an
   agent, even when ssh_config enables it.

 * ssh(1): add a '%k' TOKEN that expands to the effective HostKey of
   the destination. This allows, e.g., keeping host keys in individual
   files using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k". bz#1654

 * ssh(1): add %-TOKEN, environment variable and tilde expansion to
   the UserKnownHostsFile directive, allowing the path to be
   completed by the configuration (e.g. bz#1654)

 * ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted
   from stdin. bz#3180

 * sshd(8): improve logging for MaxStartups connection throttling.
   sshd will now log when it starts and stops throttling and periodically
   while in this state. bz#3055

Bugfixes
--------

 * ssh(1), ssh-keygen(1): better support for multiple attached FIDO
   tokens. In cases where OpenSSH cannot unambiguously determine which
   token to direct a request to, the user is now required to select a
   token by touching it. In cases of operations that require a PIN to
   be verified, this avoids sending the wrong PIN to the wrong token
   and incrementing the token's PIN failure counter (tokens
   effectively erase their keys after too many PIN failures).

 * sshd(8): fix Include before Match in sshd_config; bz#3122

 * ssh(1): close stdin/out/error when forking after authentication
   completes ("ssh -f ...") bz#3137

 * ssh(1), sshd(8): limit the amount of channel input data buffered,
   avoiding peers that advertise large windows but are slow to read
   from causing high memory consumption.

 * ssh-agent(1): handle multiple requests sent in a single write() to
   the agent.

 * sshd(8): allow sshd_config longer than 256k

 * sshd(8): avoid spurious "Unable to load host key" message when sshd
   load a private key but no public counterpart

 * ssh(1): prefer the default hostkey algorithm list whenever we have
   a hostkey that matches its best-preference algorithm.

 * sshd(1): when ordering the hostkey algorithms to request from a
   server, prefer certificate types if the known_hosts files contain a key
   marked as a @cert-authority; bz#3157

 * ssh(1): perform host key fingerprint comparisons for the "Are you
   sure you want to continue connecting (yes/no/[fingerprint])?"
   prompt with case sensitivity.

 * sshd(8): ensure that address/masklen mismatches in sshd_config
   yield fatal errors at daemon start time rather than later when
   they are evaluated.

 * ssh-keygen(1): ensure that certificate extensions are lexically
   sorted. Previously if the user specified a custom extension then
   the everything would be in order except the custom ones. bz#3198

 * ssh(1): also compare username when checking for JumpHost loops.
   bz#3057

 * ssh-keygen(1): preserve group/world read permission on known_hosts
   files across runs of "ssh-keygen -Rf /path". The old behaviour was
   to remove all rights for group/other. bz#3146

 * ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen
   manual page and usage().

 * sshd(8): explicitly construct path to ~/.ssh/rc rather than
   relying on it being relative to the current directory, so that it
   can still be found if the shell startup changes its directory.
   bz#3185

 * sshd(8): when redirecting sshd's log output to a file, undo this
   redirection after the session child process is forked(). Fixes
   missing log messages when using this feature under some
   circumstances.

 * sshd(8): start ClientAliveInterval bookkeeping before first pass
   through select() loop; fixed theoretical case where busy sshd may
   ignore timeouts from client.

 * ssh(1): only reset the ServerAliveInterval check when we receive
   traffic from the server and ignore traffic from a port forwarding
   client, preventing a client from keeping a connection alive when
   it should be terminated. bz#2265

 * ssh-keygen(1): avoid spurious error message when ssh-keygen
   creates files outside ~/.ssh

 * sftp-client(1): fix off-by-one error that caused sftp downloads to
   make one more concurrent request that desired. This prevented using
   sftp(1) in unpipelined request/response mode, which is useful when
   debugging. bz#3054

 * ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect()
   helpers. bz#3071

 * ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to
   write to it so we don't leave an empty .ssh directory when it's not
   needed. bz#3156

 * ssh(1), sshd(8): fix multiplier when parsing time specifications
   when handling seconds after other units. bz#3171

Portability
-----------

 * sshd(8): always send any PAM account messages. If the PAM account
   stack returns any messages, always send them to the user and not
   just if the check succeeds. bz#2049

 * Implement some backwards compatibility for libfido2 libraries
   older than 1.5.0. Note that use of an older library will result
   in the loss of certain features including resident key support,
   PIN support and support for multiple attached tokens.

 * configure fixes for XCode 12

 * gnome-ssh-askpass3: ensure the "close" button is not focused by
   default for SSH_ASKPASS_PROMPT=none prompts. Avoids space/enter
   accidentally dismissing FIDO touch notifications.

 * gnome-ssh-askpass3: allow some control over textarea colour via
   $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR
   environment variables.

 * sshd(8): document another PAM spec problem in a frustrated comment

 * sshd(8): support NetBSD's utmpx.ut_ss address field. bz#960

 * Add the ssh-sk-helper binary and its manpage to the RPM spec file

 * Detect the Frankenstein monster of Linux/X32 and allow the sandbox
   to function there. bz#3085

Revision 1.10.2.2 / (download) - annotate - [select for diffs], Mon Apr 13 07:45:20 2020 UTC (2 years, 9 months ago) by martin
Branch: phil-wifi
Changes since 1.10.2.1: +8 -4 lines
Diff to previous 1.10.2.1 (colored) to branchpoint 1.10 (colored) next main 1.11 (colored)

Mostly merge changes from HEAD upto 20200411

Revision 1.14 / (download) - annotate - [select for diffs], Thu Feb 27 00:24:40 2020 UTC (2 years, 11 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, is-mlppp-base, is-mlppp
Changes since 1.13: +5 -2 lines
Diff to previous 1.13 (colored)

Merge conflicts

Revision 1.1.1.10 / (download) - annotate - [select for diffs] (vendor branch), Thu Feb 27 00:21:35 2020 UTC (2 years, 11 months ago) by christos
Branch: OPENSSH
CVS Tags: v83-20200527, v82-20200214
Changes since 1.1.1.9: +5 -2 lines
Diff to previous 1.1.1.9 (colored)

OpenSSH 8.2/8.2p1 (2020-02-14)
OpenSSH 8.2 was released on 2020-02-14. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 hash algorithm for less than USD$50K. For this reason, we will
be disabling the "ssh-rsa" public key signature algorithm that depends
on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
   (RSA/SHA1) algorithm from those accepted for certificate signatures
   (i.e. the client and server CASignatureAlgorithms option) and will
   use the rsa-sha2-512 signature algorithm by default when the
   ssh-keygen(1) CA signs new certificates.

   Certificates are at special risk to the aforementioned SHA1
   collision vulnerability as an attacker has effectively unlimited
   time in which to craft a collision that yields them a valid
   certificate, far more than the relatively brief LoginGraceTime
   window that they have to forge a host key signature.

   The OpenSSH certificate format includes a CA-specified (typically
   random) nonce value near the start of the certificate that should
   make exploitation of chosen-prefix collisions in this context
   challenging, as the attacker does not have full control over the
   prefix that actually gets signed. Nonetheless, SHA1 is now a
   demonstrably broken algorithm and futher improvements in attacks
   are highly likely.

   OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2
   algorithms and will refuse to accept certificates signed by an
   OpenSSH 8.2+ CA using RSA keys unless the unsafe algorithm is
   explicitly selected during signing ("ssh-keygen -t ssh-rsa").
   Older clients/servers may use another CA key type such as
   ssh-ed25519 (supported since OpenSSH 6.5) or one of the
   ecdsa-sha2-nistp256/384/521 types (supported since OpenSSH 5.7)
   instead if they cannot be upgraded.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
   CASignatureAlgorithms list.

 * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
   from the default key exchange proposal for both the client and
   server.

 * ssh-keygen(1): the command-line options related to the generation
   and screening of safe prime numbers used by the
   diffie-hellman-group-exchange-* key exchange algorithms have
   changed. Most options have been folded under the -O flag.

 * sshd(8): the sshd listener process title visible to ps(1) has
   changed to include information about the number of connections that
   are currently attempting authentication and the limits configured
   by MaxStartups.

 * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
   support to provide address-space isolation for token middleware
   libraries (including the internal one). It needs to be installed
   in the expected path, typically under /usr/libexec or similar.

Changes since OpenSSH 8.1
=========================

This release contains some significant new features.

FIDO/U2F Support
----------------

This release adds support for FIDO/U2F hardware authenticators to
OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
authentication hardware that are widely used for website
authentication.  In OpenSSH FIDO devices are supported by new public
key types "ecdsa-sk" and "ed25519-sk", along with corresponding
certificate types.

ssh-keygen(1) may be used to generate a FIDO token-backed key, after
which they may be used much like any other key type supported by
OpenSSH, so long as the hardware token is attached when the keys are
used. FIDO tokens also generally require the user explicitly authorise
operations by touching or tapping them.

Generating a FIDO key requires the token be attached, and will usually
require the user tap the token to confirm the operation:

  $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
  Generating public/private ecdsa-sk key pair.
  You may need to touch your security key to authorize key generation.
  Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
  Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub

This will yield a public and private key-pair. The private key file
should be useless to an attacker who does not have access to the
physical token. After generation, this key may be used like any other
supported key in OpenSSH and may be listed in authorized_keys, added
to ssh-agent(1), etc. The only additional stipulation is that the FIDO
token that the key belongs to must be attached when the key is used.

FIDO tokens are most commonly connected via USB but may be attached
via other means such as Bluetooth or NFC. In OpenSSH, communication
with the token is managed via a middleware library, specified by the
SecurityKeyProvider directive in ssh/sshd_config(5) or the
$SSH_SK_PROVIDER environment variable for ssh-keygen(1) and
ssh-add(1). The API for this middleware is documented in the sk-api.h
and PROTOCOL.u2f files in the source distribution.

OpenSSH includes a middleware ("SecurityKeyProvider=internal") with
support for USB tokens. It is automatically enabled in OpenBSD and may
be enabled in portable OpenSSH via the configure flag
--with-security-key-builtin. If the internal middleware is enabled
then it is automatically used by default. This internal middleware
requires that libfido2 (https://github.com/Yubico/libfido2) and its
dependencies be installed. We recommend that packagers of portable
OpenSSH enable the built-in middleware, as it provides the
lowest-friction experience for users.

Note: FIDO/U2F tokens are required to implement the ECDSA-P256
"ecdsa-sk" key type, but hardware support for Ed25519 "ed25519-sk" is
less common. Similarly, not all hardware tokens support some of the
optional features such as resident keys.

The protocol-level changes to support FIDO/U2F keys in SSH are
documented in the PROTOCOL.u2f file in the OpenSSH source
distribution.

There are a number of supporting changes to this feature:

 * ssh-keygen(1): add a "no-touch-required" option when generating
   FIDO-hosted keys, that disables their default behaviour of
   requiring a physical touch/tap on the token during authentication.
   Note: not all tokens support disabling the touch requirement.

 * sshd(8): add a sshd_config PubkeyAuthOptions directive that
   collects miscellaneous public key authentication-related options
   for sshd(8). At present it supports only a single option
   "no-touch-required". This causes sshd to skip its default check for
   FIDO/U2F keys that the signature was authorised by a touch or press
   event on the token hardware.

 * ssh(1), sshd(8), ssh-keygen(1): add a "no-touch-required" option
   for authorized_keys and a similar extension for certificates. This
   option disables the default requirement that FIDO key signatures
   attest that the user touched their key to authorize them, mirroring
   the similar PubkeyAuthOptions sshd_config option.

 * ssh-keygen(1): add support for the writing the FIDO attestation
   information that is returned when new keys are generated via the
   "-O write-attestation=/path" option. FIDO attestation certificates
   may be used to verify that a FIDO key is hosted in trusted
   hardware. OpenSSH does not currently make use of this information,
   beyond optionally writing it to disk.

FIDO2 resident keys
-------------------

FIDO/U2F OpenSSH keys consist of two parts: a "key handle" part stored
in the private key file on disk, and a per-device private key that is
unique to each FIDO/U2F token and that cannot be exported from the
token hardware. These are combined by the hardware at authentication
time to derive the real key that is used to sign authentication
challenges.

For tokens that are required to move between computers, it can be
cumbersome to have to move the private key file first. To avoid this
requirement, tokens implementing the newer FIDO2 standard support
"resident keys", where it is possible to effectively retrieve the key
handle part of the key from the hardware.

OpenSSH supports this feature, allowing resident keys to be generated
using the ssh-keygen(1) "-O resident" flag. This will produce a
public/private key pair as usual, but it will be possible to retrieve
the private key part from the token later. This may be done using
"ssh-keygen -K", which will download all available resident keys from
the tokens attached to the host and write public/private key files
for them. It is also possible to download and add resident keys
directly to ssh-agent(1) without writing files to the file-system
using "ssh-add -K".

Resident keys are indexed on the token by the application string and
user ID. By default, OpenSSH uses an application string of "ssh:" and
an empty user ID. If multiple resident keys on a single token are
desired then it may be necessary to override one or both of these
defaults using the ssh-keygen(1) "-O application=" or "-O user="
options. Note: OpenSSH will only download and use resident keys whose
application string begins with "ssh:"

Storing both parts of a key on a FIDO token increases the likelihood
of an attacker being able to use a stolen token device. For this
reason, tokens should enforce PIN authentication before allowing
download of keys, and users should set a PIN on their tokens before
creating any resident keys.

Other New Features
------------------

 * sshd(8): add an Include sshd_config keyword that allows including
   additional configuration files via glob(3) patterns. bz2468

 * ssh(1)/sshd(8): make the LE (low effort) DSCP code point available
   via the IPQoS directive; bz2986,

 * ssh(1): when AddKeysToAgent=yes is set and the key contains no
   comment, add the key to the agent with the key's path as the
   comment. bz2564

 * ssh-keygen(1), ssh-agent(1): expose PKCS#11 key labels and X.509
   subjects as key comments, rather than simply listing the PKCS#11
   provider library path. PR138

 * ssh-keygen(1): allow PEM export of DSA and ECDSA keys; bz3091

 * ssh(1), sshd(8): make zlib compile-time optional, available via the
   Makefile.inc ZLIB flag on OpenBSD or via the --with-zlib configure
   option for OpenSSH portable.

 * sshd(8): when clients get denied by MaxStartups, send a
   notification prior to the SSH2 protocol banner according to
   RFC4253 section 4.2.

 * ssh(1), ssh-agent(1): when invoking the $SSH_ASKPASS prompt
   program, pass a hint to the program to describe the type of
   desired prompt.  The possible values are "confirm" (indicating
   that a yes/no confirmation dialog with no text entry should be
   shown), "none" (to indicate an informational message only), or
   blank for the original ssh-askpass behaviour of requesting a
   password/phrase.

 * ssh(1): allow forwarding a different agent socket to the path
   specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
   option to accepting an explicit path or the name of an environment
   variable in addition to yes/no.

 * ssh-keygen(1): add a new signature operations "find-principals" to
   look up the principal associated with a signature from an allowed-
   signers file.

 * sshd(8): expose the number of currently-authenticating connections
   along with the MaxStartups limit in the process title visible to
   "ps".

Bugfixes
--------

 * sshd(8): make ClientAliveCountMax=0 have sensible semantics: it
   will now disable connection killing entirely rather than the
   current behaviour of instantly killing the connection after the
   first liveness test regardless of success. bz2627

 * sshd(8): clarify order of AllowUsers / DenyUsers vs AllowGroups /
   DenyGroups in the sshd(8) manual page. bz1690

 * sshd(8): better describe HashKnownHosts in the manual page. bz2560

 * sshd(8): clarify that that permitopen=/PermitOpen do no name or
   address translation in the manual page. bz3099

 * sshd(8): allow the UpdateHostKeys feature to function when
   multiple known_hosts files are in use. When updating host keys,
   ssh will now search subsequent known_hosts files, but will add
   updated host keys to the first specified file only. bz2738

 * All: replace all calls to signal(2) with a wrapper around
   sigaction(2). This wrapper blocks all other signals during the
   handler preventing races between handlers, and sets SA_RESTART
   which should reduce the potential for short read/write operations.

 * sftp(1): fix a race condition in the SIGCHILD handler that could
   turn in to a kill(-1); bz3084

 * sshd(8): fix a case where valid (but extremely large) SSH channel
   IDs were being incorrectly rejected. bz3098

 * ssh(1): when checking host key fingerprints as answers to new
   hostkey prompts, ignore whitespace surrounding the fingerprint
   itself.

 * All: wait for file descriptors to be readable or writeable during
   non-blocking connect, not just readable. Prevents a timeout when
   the server doesn't immediately send a banner (e.g. multiplexers
   like sslh)

 * sshd_config(5): document the sntrup4591761x25519-sha512@tinyssh.org
   key exchange algorithm. PR#151

Revision 1.13 / (download) - annotate - [select for diffs], Sat Oct 12 18:32:22 2019 UTC (3 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-20191119
Changes since 1.12: +4 -3 lines
Diff to previous 1.12 (colored)

merge openssh-8.1

Revision 1.1.1.9 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 12 15:13:57 2019 UTC (3 years, 3 months ago) by christos
Branch: OPENSSH
CVS Tags: v81-20191009
Changes since 1.1.1.8: +3 -2 lines
Diff to previous 1.1.1.8 (colored)

OpenSSH 8.1 was released on 2019-10-09. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Security
========

 * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer
   overflow bug was found in the private key parsing code for the XMSS
   key type. This key type is still experimental and support for it is
   not compiled by default. No user-facing autoconf option exists in
   portable OpenSSH to enable it. This bug was found by Adam Zabrocki
   and reported via SecuriTeam's SSD program.

 * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
   rest in RAM against speculation and memory side-channel attacks like
   Spectre, Meltdown and Rambleed. This release encrypts private keys
   when they are not in use with a symmetric key that is derived from a
   relatively large "prekey" consisting of random data (currently 16KB).

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh-keygen(1): when acting as a CA and signing certificates with
   an RSA key, default to using the rsa-sha2-512 signature algorithm.
   Certificates signed by RSA keys will therefore be incompatible
   with OpenSSH versions prior to 7.2 unless the default is
   overridden (using "ssh-keygen -t ssh-rsa -s ...").

Revision 1.10.2.1 / (download) - annotate - [select for diffs], Mon Jun 10 21:41:11 2019 UTC (3 years, 7 months ago) by christos
Branch: phil-wifi
Changes since 1.10: +2 -4 lines
Diff to previous 1.10 (colored)

Sync with HEAD

Revision 1.12 / (download) - annotate - [select for diffs], Sat Apr 20 17:16:40 2019 UTC (3 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-20190609, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, netbsd-9
Changes since 1.11: +0 -0 lines
Diff to previous 1.11 (colored)

merge conflicts.

Revision 1.9.2.2 / (download) - annotate - [select for diffs], Thu Sep 6 06:51:33 2018 UTC (4 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.9.2.1: +2 -4 lines
Diff to previous 1.9.2.1 (colored) to branchpoint 1.9 (colored) next main 1.10 (colored)

Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)

Revision 1.11 / (download) - annotate - [select for diffs], Sun Aug 26 07:46:36 2018 UTC (4 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906
Changes since 1.10: +1 -3 lines
Diff to previous 1.10 (colored)

merge conflicts

Revision 1.1.1.8 / (download) - annotate - [select for diffs] (vendor branch), Sun Aug 26 07:39:57 2018 UTC (4 years, 5 months ago) by christos
Branch: OPENSSH
CVS Tags: v80-20190417, v78-20180824
Changes since 1.1.1.7: +1 -3 lines
Diff to previous 1.1.1.7 (colored)

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.

 * sshd(8): remove internal support for S/Key multiple factor
   authentication. S/Key may still be used via PAM or BSD auth.

 * ssh(1): remove vestigal support for running ssh(1) as setuid. This
   used to be required for hostbased authentication and the (long
   gone) rhosts-style authentication, but has not been necessary for
   a long time. Attempting to execute ssh as a setuid binary, or with
   uid != effective uid will now yield a fatal error at runtime.

 * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
   HostbasedAcceptedKeyTypes options have changed. These now specify
   signature algorithms that are accepted for their respective
   authentication mechanism, where previously they specified accepted
   key types. This distinction matters when using the RSA/SHA2
   signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
   certificate counterparts. Configurations that override these
   options but omit these algorithm names may cause unexpected
   authentication failures (no action is required for configurations
   that accept the default for these options).

 * sshd(8): the precedence of session environment variables has
   changed. ~/.ssh/environment and environment="..." options in
   authorized_keys files can no longer override SSH_* variables set
   implicitly by sshd.

 * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
   They will now use DSCP AF21 for interactive traffic and CS1 for
   bulk.  For a detailed rationale, please see the commit message:
   https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284

Revision 1.9.2.1 / (download) - annotate - [select for diffs], Sat Apr 7 04:11:48 2018 UTC (4 years, 9 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.9: +5 -4 lines
Diff to previous 1.9 (colored)

Sync with HEAD.  77 conflicts resolved - all of them $NetBSD$

Revision 1.10 / (download) - annotate - [select for diffs], Fri Apr 6 18:58:59 2018 UTC (4 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: phil-wifi-base, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407
Branch point for: phil-wifi
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)

merge conflicts

Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 6 18:56:06 2018 UTC (4 years, 9 months ago) by christos
Branch: OPENSSH
CVS Tags: v77-20180405
Changes since 1.1.1.6: +4 -3 lines
Diff to previous 1.1.1.6 (colored)

OpenSSH 7.7 was released on 2018-04-02. It is available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.

Changes since OpenSSH 7.6
=========================

This is primarily a bugfix release.

New Features
------------

 * All: Add experimental support for PQC XMSS keys (Extended Hash-
   Based Signatures) based on the algorithm described in
   https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
   The XMSS signature code is experimental and not compiled in by
   default.

 * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
   to allow conditional configuration that depends on which routing
   domain a connection was received on (currently supported on OpenBSD
   and Linux).

 * sshd_config(5): Add an optional rdomain qualifier to the
   ListenAddress directive to allow listening on different routing
   domains. This is supported only on OpenBSD and Linux at present.

 * sshd_config(5): Add RDomain directive to allow the authenticated
   session to be placed in an explicit routing domain. This is only
   supported on OpenBSD at present.

 * sshd(8): Add "expiry-time" option for authorized_keys files to
   allow for expiring keys.

 * ssh(1): Add a BindInterface option to allow binding the outgoing
   connection to an interface's address (basically a more usable
   BindAddress)

 * ssh(1): Expose device allocated for tun/tap forwarding via a new
   %T expansion for LocalCommand. This allows LocalCommand to be used
   to prepare the interface.

 * sshd(8): Expose the device allocated for tun/tap forwarding via a
   new SSH_TUNNEL environment variable. This allows automatic setup of
   the interface and surrounding network configuration automatically on
   the server.

 * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
   ssh://user@host or sftp://user@host/path.  Additional connection
   parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
   implemented since the ssh fingerprint format in the draft uses the
   deprecated MD5 hash with no way to specify the any other algorithm.

 * ssh-keygen(1): Allow certificate validity intervals that specify
   only a start or stop time (instead of both or neither).

 * sftp(1): Allow "cd" and "lcd" commands with no explicit path
   argument. lcd will change to the local user's home directory as
   usual. cd will change to the starting directory for session (because
   the protocol offers no way to obtain the remote user's home
   directory). bz#2760

 * sshd(8): When doing a config test with sshd -T, only require the
   attributes that are actually used in Match criteria rather than (an
   incomplete list of) all criteria.

Bugfixes
--------

 * ssh(1)/sshd(8): More strictly check signature types during key
   exchange against what was negotiated. Prevents downgrade of RSA
   signatures made with SHA-256/512 to SHA-1.

 * sshd(8): Fix support for client that advertise a protocol version
   of "1.99" (indicating that they are prepared to accept both SSHv1 and
   SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
   support. bz#2810

 * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
   a rsa-sha2-256/512 signature was requested. This condition is possible
   when an old or non-OpenSSH agent is in use. bz#2799

 * ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
   to fatally exit if presented an invalid signature request message.

 * sshd_config(5): Accept yes/no flag options case-insensitively, as
   has been the case in ssh_config(5) for a long time. bz#2664

 * ssh(1): Improve error reporting for failures during connection.
   Under some circumstances misleading errors were being shown. bz#2814

 * ssh-keyscan(1): Add -D option to allow printing of results directly
   in SSHFP format. bz#2821

 * regress tests: fix PuTTY interop test broken in last release's SSHv1
   removal. bz#2823

 * ssh(1): Compatibility fix for some servers that erroneously drop the
   connection when the IUTF8 (RFC8160) option is sent.

 * scp(1): Disable RemoteCommand and RequestTTY in the ssh session
   started by scp (sftp was already doing this.)

 * ssh-keygen(1): Refuse to create a certificate with an unusable
   number of principals.

 * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
   public key during key generation. Previously it would silently
   ignore errors writing the comment and terminating newline.

 * ssh(1): Do not modify hostname arguments that are addresses by
   automatically forcing them to lower-case. Instead canonicalise them
   to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
   against known_hosts. bz#2763

 * ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
   prompts. bz#2803

 * sftp(1): Have sftp print a warning about shell cleanliness when
   decoding the first packet fails, which is usually caused by shells
   polluting stdout of non-interactive startups. bz#2800

 * ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
   time to monotonic time, allowing the packet layer to better function
   over a clock step and avoiding possible integer overflows during
   steps.

 * Numerous manual page fixes and improvements.

Portability
-----------

 * sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
   sandbox violations on some environments.

 * sshd(8): Remove UNICOS support. The hardware and software are literal
   museum pieces and support in sshd is too intrusive to justify
   maintaining.

 * All: Build and link with "retpoline" flags when available to mitigate
   the "branch target injection" style (variant 2) of the Spectre
   branch-prediction vulnerability.

 * All: Add auto-generated dependency information to Makefile.

 * Numerous fixed to the RPM spec files.

Checksums:
==========

- SHA1 (openssh-7.7.tar.gz) = 24812e05fa233014c847c7775748316e7f8a836c
- SHA256 (openssh-7.7.tar.gz) = T4ua1L/vgAYqwB0muRahvnm5ZUr3PLY9nPljaG8egvo=

- SHA1 (openssh-7.7p1.tar.gz) = 446fe9ed171f289f0d62197dffdbfdaaf21c49f2
- SHA256 (openssh-7.7p1.tar.gz) = 1zvn5oTpnvzQJL4Vowv/y+QbASsvezyQhK7WIXdea48=

Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

Revision 1.8.4.1 / (download) - annotate - [select for diffs], Mon Dec 4 10:55:18 2017 UTC (5 years, 1 month ago) by snj
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1
Changes since 1.8: +4 -5 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)

Pull up following revision(s) (requested by sevan in ticket #320):
	distrib/sets/lists/base/shl.mi: 1.822
	distrib/sets/lists/debug/shl.mi: 1.184
	doc/3RDPARTY: 1.1475
	crypto/external/bsd/openssh/Makefile.inc: up to 1.10
	crypto/external/bsd/openssh/bin/ssh/Makefile: up to 1.12
	crypto/external/bsd/openssh/dist/LICENCE: up to 1.6
	crypto/external/bsd/openssh/dist/PROTOCOL: up to 1.10
	crypto/external/bsd/openssh/dist/PROTOCOL.agent: up to 1.9
	crypto/external/bsd/openssh/dist/PROTOCOL.certkeys: up to 1.8
	crypto/external/bsd/openssh/dist/auth-options.c: up to 1.16
	crypto/external/bsd/openssh/dist/auth-options.h: up to 1.9
	crypto/external/bsd/openssh/dist/auth-pam.c: up to 1.12
	crypto/external/bsd/openssh/dist/auth.c: up to 1.20
	crypto/external/bsd/openssh/dist/auth.h: up to 1.16
	crypto/external/bsd/openssh/dist/auth2-chall.c: up to 1.13
	crypto/external/bsd/openssh/dist/auth2-gss.c: up to 1.11
	crypto/external/bsd/openssh/dist/auth2-hostbased.c: up to 1.12
	crypto/external/bsd/openssh/dist/auth2-kbdint.c: up to 1.8
	crypto/external/bsd/openssh/dist/auth2-krb5.c: up to 1.7
	crypto/external/bsd/openssh/dist/auth2-none.c: up to 1.8
	crypto/external/bsd/openssh/dist/auth2-passwd.c: up to 1.8
	crypto/external/bsd/openssh/dist/auth2-pubkey.c: up to 1.18
	crypto/external/bsd/openssh/dist/auth2.c: up to 1.15
	crypto/external/bsd/openssh/dist/authfd.c: up to 1.14
	crypto/external/bsd/openssh/dist/authfd.h: up to 1.9
	crypto/external/bsd/openssh/dist/authfile.c: up to 1.17
	crypto/external/bsd/openssh/dist/bitmap.c: up to 1.6
	crypto/external/bsd/openssh/dist/bufbn.c: up to 1.9
	crypto/external/bsd/openssh/dist/buffer.h: up to 1.10
	crypto/external/bsd/openssh/dist/channels.c: up to 1.20
	crypto/external/bsd/openssh/dist/channels.h: up to 1.14
	crypto/external/bsd/openssh/dist/cipher-3des1.c: delete
	crypto/external/bsd/openssh/dist/cipher-bf1.c: delete
	crypto/external/bsd/openssh/dist/cipher.c: up to 1.11
	crypto/external/bsd/openssh/dist/cipher.h: up to 1.11
	crypto/external/bsd/openssh/dist/clientloop.c: up to 1.22
	crypto/external/bsd/openssh/dist/clientloop.h: up to 1.15
	crypto/external/bsd/openssh/dist/compat.c: up to 1.17
	crypto/external/bsd/openssh/dist/compat.h: up to 1.10
	crypto/external/bsd/openssh/dist/deattack.c: delete
	crypto/external/bsd/openssh/dist/deattack.h: delete
	crypto/external/bsd/openssh/dist/digest-libc.c: up to 1.7
	crypto/external/bsd/openssh/dist/digest-openssl.c: up to 1.6
	crypto/external/bsd/openssh/dist/digest.h: up to 1.1.1.3
	crypto/external/bsd/openssh/dist/dispatch.c: up to 1.9
	crypto/external/bsd/openssh/dist/dispatch.h: up to 1.7
	crypto/external/bsd/openssh/dist/dns.c: up to 1.15
	crypto/external/bsd/openssh/dist/dns.h: up to 1.10
	crypto/external/bsd/openssh/dist/gss-serv.c: up to 1.11
	crypto/external/bsd/openssh/dist/hostfile.c: up to 1.11
	crypto/external/bsd/openssh/dist/includes.h: up to 1.7
	crypto/external/bsd/openssh/dist/kex.c: up to 1.19
	crypto/external/bsd/openssh/dist/kex.h: up to 1.16
	crypto/external/bsd/openssh/dist/kexc25519c.c: up to 1.7
	crypto/external/bsd/openssh/dist/kexc25519s.c: up to 1.9
	crypto/external/bsd/openssh/dist/kexdhc.c: up to 1.10
	crypto/external/bsd/openssh/dist/kexdhs.c: up to 1.13
	crypto/external/bsd/openssh/dist/kexecdhc.c: up to 1.8
	crypto/external/bsd/openssh/dist/kexecdhs.c: up to 1.9
	crypto/external/bsd/openssh/dist/kexgexc.c: up to 1.10
	crypto/external/bsd/openssh/dist/kexgexs.c: up to 1.14
	crypto/external/bsd/openssh/dist/key.c: up to 1.22
	crypto/external/bsd/openssh/dist/key.h: up to 1.14
	crypto/external/bsd/openssh/dist/krl.c: up to 1.11
	crypto/external/bsd/openssh/dist/log.c: up to 1.17
	crypto/external/bsd/openssh/dist/log.h: up to 1.13
	crypto/external/bsd/openssh/dist/mac.c: up to 1.15
	crypto/external/bsd/openssh/dist/misc.c: up to 1.16
	crypto/external/bsd/openssh/dist/misc.h: up to 1.13
	crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh: up to 1.1.1.2
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192: up to 1.3
	crypto/external/bsd/openssh/dist/monitor.c: up to 1.23
	crypto/external/bsd/openssh/dist/monitor_wrap.c: up to 1.18
	crypto/external/bsd/openssh/dist/monitor_wrap.h: up to 1.14
	crypto/external/bsd/openssh/dist/mux.c: up to 1.19
	crypto/external/bsd/openssh/dist/myproposal.h: up to 1.17
	crypto/external/bsd/openssh/dist/nchan.c: up to 1.9
	crypto/external/bsd/openssh/dist/opacket.c: up to 1.8
	crypto/external/bsd/openssh/dist/opacket.h: up to 1.8
	crypto/external/bsd/openssh/dist/packet.c: up to 1.29
	crypto/external/bsd/openssh/dist/packet.h: up to 1.16
	crypto/external/bsd/openssh/dist/pathnames.h: up to 1.13
	crypto/external/bsd/openssh/dist/pfilter.c: up to 1.4
	crypto/external/bsd/openssh/dist/readconf.c: up to 1.22
	crypto/external/bsd/openssh/dist/readconf.h: up to 1.19
	crypto/external/bsd/openssh/dist/recallocarray.c: up to 1.1
	crypto/external/bsd/openssh/dist/rsa.c: delete
	crypto/external/bsd/openssh/dist/rsa.h: delete
	crypto/external/bsd/openssh/dist/scp.1: up to 1.15
	crypto/external/bsd/openssh/dist/scp.c: up to 1.17
	crypto/external/bsd/openssh/dist/servconf.c: up to 1.25
	crypto/external/bsd/openssh/dist/servconf.h: up to 1.16
	crypto/external/bsd/openssh/dist/serverloop.c: up to 1.18
	crypto/external/bsd/openssh/dist/serverloop.h: up to 1.7
	crypto/external/bsd/openssh/dist/session.c: up to 1.23
	crypto/external/bsd/openssh/dist/session.h: up to 1.8
	crypto/external/bsd/openssh/dist/sftp-client.c: up to 1.19
	crypto/external/bsd/openssh/dist/sftp-common.c: up to 1.10
	crypto/external/bsd/openssh/dist/sftp-server.c: up to 1.17
	crypto/external/bsd/openssh/dist/sftp.1: up to 1.16
	crypto/external/bsd/openssh/dist/sftp.c: up to 1.22
	crypto/external/bsd/openssh/dist/ssh-add.1: up to 1.13
	crypto/external/bsd/openssh/dist/ssh-add.c: up to 1.16
	crypto/external/bsd/openssh/dist/ssh-agent.c: up to 1.21
	crypto/external/bsd/openssh/dist/ssh-gss.h: up to 1.8
	crypto/external/bsd/openssh/dist/ssh-keygen.1: up to 1.20
	crypto/external/bsd/openssh/dist/ssh-keygen.c: up to 1.28
	crypto/external/bsd/openssh/dist/ssh-keyscan.1: up to 1.14
	crypto/external/bsd/openssh/dist/ssh-keyscan.c: up to 1.20
	crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c: up to 1.10
	crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c: up to 1.13
	crypto/external/bsd/openssh/dist/ssh-pkcs11.c: up to 1.13
	crypto/external/bsd/openssh/dist/ssh-rsa.c: up to 1.13
	crypto/external/bsd/openssh/dist/ssh.1: up to 1.21
	crypto/external/bsd/openssh/dist/ssh.c: up to 1.26
	crypto/external/bsd/openssh/dist/ssh.h: up to 1.10
	crypto/external/bsd/openssh/dist/ssh1.h: delete
	crypto/external/bsd/openssh/dist/ssh_api.c: up to 1.7
	crypto/external/bsd/openssh/dist/ssh_config: up to 1.11
	crypto/external/bsd/openssh/dist/ssh_config.5: up to 1.21
	crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c: up to 1.8
	crypto/external/bsd/openssh/dist/sshbuf.c: up to 1.8
	crypto/external/bsd/openssh/dist/sshbuf.h: up to 1.8
	crypto/external/bsd/openssh/dist/sshconnect.c: up to 1.20
	crypto/external/bsd/openssh/dist/sshconnect.h: up to 1.10
	crypto/external/bsd/openssh/dist/sshconnect1.c: delete
	crypto/external/bsd/openssh/dist/sshconnect2.c: up to 1.29
	crypto/external/bsd/openssh/dist/sshd.8: up to 1.19
	crypto/external/bsd/openssh/dist/sshd.c: up to 1.28
	crypto/external/bsd/openssh/dist/sshd_config.5: up to 1.25
	crypto/external/bsd/openssh/dist/ssherr.c: up to 1.7
	crypto/external/bsd/openssh/dist/ssherr.h: up to 1.1.1.3
	crypto/external/bsd/openssh/dist/sshkey.c: up to 1.11
	crypto/external/bsd/openssh/dist/sshkey.h: up to 1.6
	crypto/external/bsd/openssh/dist/ttymodes.c: up to 1.8
	crypto/external/bsd/openssh/dist/ttymodes.h: up to 1.8
	crypto/external/bsd/openssh/dist/umac.c: up to 1.14
	crypto/external/bsd/openssh/dist/utf8.c: up to 1.6
	crypto/external/bsd/openssh/dist/version.h: up to 1.24
	crypto/external/bsd/openssh/dist/xmalloc.c: up to 1.10
	crypto/external/bsd/openssh/dist/xmalloc.h: up to 1.10
	crypto/external/bsd/openssh/lib/Makefile: up to 1.23
	crypto/external/bsd/openssh/lib/shlib_version: up to 1.20
Update OpenSSH to 7.6.

Revision 1.9 / (download) - annotate - [select for diffs], Sat Oct 7 19:39:19 2017 UTC (5 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-compat-base, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Changes since 1.8: +3 -4 lines
Diff to previous 1.8 (colored)

merge conflicts.

Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Sat Oct 7 19:36:11 2017 UTC (5 years, 3 months ago) by christos
Branch: OPENSSH
CVS Tags: v76-20171003
Changes since 1.1.1.5: +3 -4 lines
Diff to previous 1.1.1.5 (colored)

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1): delete SSH protocol version 1 support, associated
   configuration options and documentation.

 * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

 * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
   ciphers.

 * Refuse RSA keys <1024 bits in length and improve reporting for keys
   that do not meet this requirement.

 * ssh(1): do not offer CBC ciphers by default.

Changes since OpenSSH 7.5
=========================

This is primarily a bugfix release. It also contains substantial
internal refactoring.

Security
--------

 * sftp-server(8): in read-only mode, sftp-server was incorrectly
   permitting creation of zero-length files. Reported by Michal
   Zalewski.

New Features
------------

 * ssh(1): add RemoteCommand option to specify a command in the ssh
   config file instead of giving it on the client's command line. This
   allows the configuration file to specify the command that will be
   executed on the remote host.

 * sshd(8): add ExposeAuthInfo option that enables writing details of
   the authentication methods used (including public keys where
   applicable) to a file that is exposed via a $SSH_USER_AUTH
   environment variable in the subsequent session.

 * ssh(1): add support for reverse dynamic forwarding. In this mode,
   ssh will act as a SOCKS4/5 proxy and forward connections
   to destinations requested by the remote SOCKS client. This mode
   is requested using extended syntax for the -R and RemoteForward
   options and, because it is implemented solely at the client,
   does not require the server be updated to be supported.

 * sshd(8): allow LogLevel directive in sshd_config Match blocks;
   bz#2717

 * ssh-keygen(1): allow inclusion of arbitrary string or flag
   certificate extensions and critical options.

 * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
   a CA when signing certificates. bz#2377

 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
   ToS/DSCP value and just use the operating system default.

 * ssh-add(1): added -q option to make ssh-add quiet on success.

 * ssh(1): expand the StrictHostKeyChecking option with two new
   settings. The first "accept-new" will automatically accept
   hitherto-unseen keys but will refuse connections for changed or
   invalid hostkeys. This is a safer subset of the current behaviour
   of StrictHostKeyChecking=no. The second setting "off", is a synonym
   for the current behaviour of StrictHostKeyChecking=no: accept new
   host keys, and continue connection for hosts with incorrect
   hostkeys. A future release will change the meaning of
   StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

 * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
   option in sshd(8). bz#2705

Bugfixes
--------

 * ssh(1): use HostKeyAlias if specified instead of hostname for
   matching host certificate principal names; bz#2728

 * sftp(1): implement sorting for globbed ls; bz#2649

 * ssh(1): add a user@host prefix to client's "Permission denied"
   messages, useful in particular when using "stacked" connections
   (e.g. ssh -J) where it's not clear which host is denying. bz#2720

 * ssh(1): accept unknown EXT_INFO extension values that contain \0
   characters. These are legal, but would previously cause fatal
   connection errors if received.

 * ssh(1)/sshd(8): repair compression statistics printed at
   connection exit

 * sftp(1): print '?' instead of incorrect link count (that the
   protocol doesn't provide) for remote listings. bz#2710

 * ssh(1): return failure rather than fatal() for more cases during
   session multiplexing negotiations. Causes the session to fall back
   to a non-mux connection if they occur. bz#2707

 * ssh(1): mention that the server may send debug messages to explain
   public key authentication problems under some circumstances; bz#2709

 * Translate OpenSSL error codes to better report incorrect passphrase
   errors when loading private keys; bz#2699

 * sshd(8): adjust compatibility patterns for WinSCP to correctly
   identify versions that implement only the legacy DH group exchange
   scheme. bz#2748

 * ssh(1): print the "Killed by signal 1" message only at LogLevel
   verbose so that it is not shown at the default level; prevents it
   from appearing during ssh -J and equivalent ProxyCommand configs.
   bz#1906, bz#2744

 * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
   existing keys if they exist but are zero length. zero-length keys
   could previously be made if ssh-keygen failed or was interrupted part
   way through generating them. bz#2561

 * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
   place the current session in the background.

 * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

 * sshd(8): avoid reliance on shared use of pointers shared between
   monitor and child sshd processes. bz#2704

 * sshd_config(8): document available AuthenticationMethods; bz#2453

 * ssh(1): avoid truncation in some login prompts; bz#2768

 * sshd(8): Fix various compilations failures, inc bz#2767

 * ssh(1): make "--" before the hostname terminate argument processing
   after the hostname too.

 * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
   new-style private keys. Fixes problems related to private key
   handling for no-OpenSSL builds. bz#2754

 * ssh(1): warn and do not attempt to use keys when the public and
   private halves do not match. bz#2737

 * sftp(1): don't print verbose error message when ssh disconnects
   from under sftp. bz#2750

 * sshd(8): fix keepalive scheduling problem: activity on a forwarded
   port from preventing the keepalive from being sent; bz#2756

 * sshd(8): when started without root privileges, don't require the
   privilege separation user or path to exist. Makes running the
   regression tests easier without touching the filesystem.

 * Make integrity.sh regression tests more robust against timeouts.
   bz#2658

 * ssh(1)/sshd(8): correctness fix for channels implementation: accept
   channel IDs greater than 0x7FFFFFFF.

Portability
-----------

 * sshd(9): drop two more privileges in the Solaris sandbox:
   PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

 * sshd(8): expose list of completed authentication methods to PAM
   via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

 * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
   mostly to do with host/network byte order confusion. bz#2735

 * Add --with-cflags-after and --with-ldflags-after configure flags to
   allow setting CFLAGS/LDFLAGS after configure has completed. These
   are useful for setting sanitiser/fuzzing options that may interfere
   with configure's operation.

 * sshd(8): avoid Linux seccomp violations on ppc64le over the
   socketcall syscall.

 * Fix use of ldns when using ldns-config; bz#2697

 * configure: set cache variables when cross-compiling. The cross-
   compiling fallback message was saying it assumed the test passed,
   but it wasn't actually set the cache variables and this would
   cause later tests to fail.

 * Add clang libFuzzer harnesses for public key parsing and signature
   verification.

Revision 1.3.8.1 / (download) - annotate - [select for diffs], Tue Aug 15 05:27:51 2017 UTC (5 years, 5 months ago) by snj
Branch: netbsd-6
Changes since 1.3: +31 -33 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.

Revision 1.3.22.1 / (download) - annotate - [select for diffs], Tue Aug 15 04:40:16 2017 UTC (5 years, 5 months ago) by snj
Branch: netbsd-6-1
Changes since 1.3: +31 -33 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.

Revision 1.3.14.1 / (download) - annotate - [select for diffs], Tue Aug 15 04:39:20 2017 UTC (5 years, 5 months ago) by snj
Branch: netbsd-6-0
Changes since 1.3: +31 -33 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.

Revision 1.6.2.2 / (download) - annotate - [select for diffs], Wed Apr 26 02:52:14 2017 UTC (5 years, 9 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.6.2.1: +1 -1 lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)

Sync with HEAD

Revision 1.7.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:50:56 2017 UTC (5 years, 9 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.7: +1 -1 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)

Sync with HEAD

Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 18 18:41:46 2017 UTC (5 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-20170426, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-8-base, matt-nb8-mediatek-base, matt-nb8-mediatek, bouyer-socketcan-base1
Branch point for: netbsd-8
Changes since 1.7: +0 -0 lines
Diff to previous 1.7 (colored)

merge conflicts

Revision 1.6.2.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:53:41 2017 UTC (6 years ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)

Sync with HEAD.  (Note that most of these changes are simply $NetBSD$
tag issues.)

Revision 1.7 / (download) - annotate - [select for diffs], Sun Dec 25 00:07:46 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-20170320, pgoyette-localcount-20170107, bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.6: +0 -0 lines
Diff to previous 1.6 (colored)

merge conflicts

Revision 1.6 / (download) - annotate - [select for diffs], Fri Mar 11 01:55:00 2016 UTC (6 years, 10 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-base, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.5: +4 -2 lines
Diff to previous 1.5 (colored)

merge conflicts

Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Fri Mar 11 01:49:57 2016 UTC (6 years, 10 months ago) by christos
Branch: OPENSSH
CVS Tags: v75-20170418, v74-20161219, v73-20160802, v72-20160310
Changes since 1.1.1.4: +4 -2 lines
Diff to previous 1.1.1.4 (colored)

Future deprecation notice
=========================

We plan on retiring more legacy cryptography in a near-future
release, specifically:

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release disables a number of legacy cryptographic algorithms
by default in ssh:

 * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
   and the rijndael-cbc aliases for AES.

 * MD5-based and truncated HMAC algorithms.

These algorithms are already disabled by default in sshd.

Changes since OpenSSH 7.1p2
===========================

This is primarily a bugfix release.

Security
--------

 * ssh(1), sshd(8): remove unfinished and unused roaming code (was
   already forcibly disabled in OpenSSH 7.1p2).

 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY
   extension.

 * ssh(1), sshd(8): increase the minimum modulus size supported for
   diffie-hellman-group-exchange to 2048 bits.

 * sshd(8): pre-auth sandboxing is now enabled by default (previous
   releases enabled it for new installations via sshd_config).

New Features
------------

 * all: add support for RSA signatures using SHA-256/512 hash
   algorithms based on draft-rsa-dsa-sha2-256-03.txt and
   draft-ssh-ext-info-04.txt.

 * ssh(1): Add an AddKeysToAgent client option which can be set to
   'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When
   enabled, a private key that is used during authentication will be
   added to ssh-agent if it is running (with confirmation enabled if
   set to 'confirm').

 * sshd(8): add a new authorized_keys option "restrict" that includes
   all current and future key restrictions (no-*-forwarding, etc.).
   Also add permissive versions of the existing restrictions, e.g.
   "no-pty" -> "pty". This simplifies the task of setting up
   restricted keys and ensures they are maximally-restricted,
   regardless of any permissions we might implement in the future.

 * ssh(1): add ssh_config CertificateFile option to explicitly list
   certificates. bz#2436

 * ssh-keygen(1): allow ssh-keygen to change the key comment for all
   supported formats.

 * ssh-keygen(1): allow fingerprinting from standard input, e.g.
   "ssh-keygen -lf -"

 * ssh-keygen(1): allow fingerprinting multiple public keys in a
   file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319

 * sshd(8): support "none" as an argument for sshd_config
   Foreground and ChrootDirectory. Useful inside Match blocks to
   override a global default. bz#2486

 * ssh-keygen(1): support multiple certificates (one per line) and
   reading from standard input (using "-f -") for "ssh-keygen -L"

 * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching
   certificates instead of plain keys.

 * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
   hostname canonicalisation - treat them as already canonical and
   remove the trailing '.' before matching ssh_config.

Bugfixes
--------

 * sftp(1): existing destination directories should not terminate
   recursive uploads (regression in openssh 6.8) bz#2528

 * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
   replies to unexpected messages during key exchange. bz#2949

 * ssh(1): refuse attempts to set ConnectionAttempts=0, which does
   not make sense and would cause ssh to print an uninitialised stack
   variable. bz#2500

 * ssh(1): fix errors when attempting to connect to scoped IPv6
   addresses with hostname canonicalisation enabled.

 * sshd_config(5): list a couple more options usable in Match blocks.
   bz#2489

 * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block.

 * ssh(1): expand tilde characters in filenames passed to -i options
   before checking whether or not the identity file exists. Avoids
   confusion for cases where shell doesn't expand (e.g. "-i ~/file"
   vs. "-i~/file"). bz#2481

 * ssh(1): do not prepend "exec" to the shell command run by "Match
   exec" in a config file, which could cause some commands to fail
   in certain environments. bz#2471

 * ssh-keyscan(1): fix output for multiple hosts/addrs on one line
   when host hashing or a non standard port is in use bz#2479

 * sshd(8): skip "Could not chdir to home directory" message when
   ChrootDirectory is active. bz#2485

 * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.

 * sshd(8): avoid changing TunnelForwarding device flags if they are
   already what is needed; makes it possible to use tun/tap
   networking as non-root user if device permissions and interface
   flags are pre-established

 * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
   bz#2521

 * ssh(1): fix multiplexing master failure to notice client exit.

 * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present
   empty key IDs. bz#1773

 * sshd(8): avoid printf of NULL argument. bz#2535

 * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521

 * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature
   support.

 * ssh(1), sshd(8): fix connections with peers that use the key
   exchange guess feature of the protocol. bz#2515

 * sshd(8): include remote port number in log messages. bz#2503

 * ssh(1): don't try to load SSHv1 private key when compiled without
   SSHv1 support. bz#2505

 * ssh-agent(1), ssh(1): fix incorrect error messages during key
   loading and signing errors. bz#2507

 * ssh-keygen(1): don't leave empty temporary files when performing
   known_hosts file edits when known_hosts doesn't exist.

 * sshd(8): correct packet format for tcpip-forward replies for
   requests that don't allocate a port bz#2509

 * ssh(1), sshd(8): fix possible hang on closed output. bz#2469

 * ssh(1): expand %i in ControlPath to UID. bz#2449

 * ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460

 * ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182

 * ssh(1): add a some debug output before DNS resolution; it's a
   place where ssh could previously silently stall in cases of
   unresponsive DNS servers. bz#2433

 * ssh(1): remove spurious newline in visual hostkey. bz#2686

 * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...

 * ssh(1): fix expansion of HostkeyAlgorithms=+...

Documentation
-------------

 * ssh_config(5), sshd_config(5): update default algorithm lists to
   match current reality. bz#2527

 * ssh(1): mention -Q key-plain and -Q key-cert query options.
   bz#2455

 * sshd_config(8): more clearly describe what AuthorizedKeysFile=none
   does.

 * ssh_config(5): better document ExitOnForwardFailure. bz#2444

 * sshd(5): mention internal DH-GEX fallback groups in manual.
   bz#2302

 * sshd_config(5): better description for MaxSessions option.
   bz#2531

Portability
-----------

 * ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/
   Solaris fine-grained privileges. Including a pre-auth privsep
   sandbox and several pledge() emulations. bz#2511

 * Renovate redhat/openssh.spec, removing deprecated options and
   syntax.

 * configure: allow --without-ssl-engine with --without-openssl

 * sshd(8): fix multiple authentication using S/Key. bz#2502

 * sshd(8): read back from libcrypto RAND_* before dropping
   privileges.  Avoids sandboxing violations with BoringSSL.

 * Fix name collision with system-provided glob(3) functions.
   bz#2463

 * Adapt Makefile to use ssh-keygen -A when generating host keys.
   bz#2459

 * configure: correct default value for --with-ssh1 bz#2457

 * configure: better detection of _res symbol bz#2259

 * support getrandom() syscall on Linux

Revision 1.3.26.1 / (download) - annotate - [select for diffs], Thu Apr 30 06:07:30 2015 UTC (7 years, 9 months ago) by riz
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0
Changes since 1.3: +29 -33 lines
Diff to previous 1.3 (colored) next main 1.4 (colored)

Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c    up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c       up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key   up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h          up to 1.1
crypto/external/bsd/openssh/dist/blocks.c       up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c     up to 1.2
crypto/external/bsd/openssh/dist/chacha.c       up to 1.3
crypto/external/bsd/openssh/dist/chacha.h       up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h   up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c  up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h       up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c      up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c      up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h      up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c      up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h      up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c         up to 1.3
crypto/external/bsd/openssh/dist/hmac.c         up to 1.3
crypto/external/bsd/openssh/dist/hmac.h         up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c   up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c   up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c     up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h     up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c     up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h     up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c      up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h      up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c  up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c  up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c       up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h       up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c       up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h       up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c       up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h       up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c       up to 1.3
crypto/external/bsd/openssh/dist/opacket.c      up to 1.2
crypto/external/bsd/openssh/dist/umac128.c      up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c      up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h      up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h       up to 1.2
crypto/external/bsd/openssh/dist/opacket.h      up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c      up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h      up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c  delete
crypto/external/bsd/openssh/dist/compress.c     delete
crypto/external/bsd/openssh/dist/compress.h     delete
crypto/external/bsd/openssh/dist/jpake.c        delete
crypto/external/bsd/openssh/dist/jpake.h        delete
crypto/external/bsd/openssh/dist/schnorr.c      delete
crypto/external/bsd/openssh/dist/schnorr.h      delete
crypto/external/bsd/openssh/dist/strtonum.c     1.1
crypto/external/bsd/openssh/Makefile.inc        up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc    up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile   up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL       up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl   up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c    up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c     up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c   up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c    up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c  up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c  up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c  up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c     up to 1.10
crypto/external/bsd/openssh/dist/auth.c         up to 1.12
crypto/external/bsd/openssh/dist/auth.h         up to 1.10
crypto/external/bsd/openssh/dist/auth1.c        up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c  up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c    up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c   up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c   up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c        up to 1.11
crypto/external/bsd/openssh/dist/authfd.c       up to 1.8
crypto/external/bsd/openssh/dist/authfd.h       up to 1.5
crypto/external/bsd/openssh/dist/authfile.c     up to 1.10
crypto/external/bsd/openssh/dist/authfile.h     up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c       up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c        up to 1.5
crypto/external/bsd/openssh/dist/bufec.c        up to 1.5
crypto/external/bsd/openssh/dist/buffer.c       up to 1.6
crypto/external/bsd/openssh/dist/buffer.h       up to 1.7
crypto/external/bsd/openssh/dist/canohost.c     up to 1.8
crypto/external/bsd/openssh/dist/channels.c     up to 1.13
crypto/external/bsd/openssh/dist/channels.h     up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c   up to 1.6
crypto/external/bsd/openssh/dist/cipher.c       up to 1.7
crypto/external/bsd/openssh/dist/cipher.h       up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c   up to 1.13
crypto/external/bsd/openssh/dist/compat.c       up to 1.9
crypto/external/bsd/openssh/dist/compat.h       up to 1.6
crypto/external/bsd/openssh/dist/deattack.c     up to 1.4
crypto/external/bsd/openssh/dist/deattack.h     up to 1.4
crypto/external/bsd/openssh/dist/dh.c           up to 1.8
crypto/external/bsd/openssh/dist/dh.h           up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c     up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h     up to 1.4
crypto/external/bsd/openssh/dist/dns.c          up to 1.11
crypto/external/bsd/openssh/dist/dns.h          up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c  up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c     up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c     up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c     up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h     up to 1.7
crypto/external/bsd/openssh/dist/includes.h     up to 1.4
crypto/external/bsd/openssh/dist/kex.c          up to 1.10
crypto/external/bsd/openssh/dist/kex.h          up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c        up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c       up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c       up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c      up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c     up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c     up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c       up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c      up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c      up to 1.8
crypto/external/bsd/openssh/dist/key.c          up to 1.16
crypto/external/bsd/openssh/dist/key.h          up to 1.9
crypto/external/bsd/openssh/dist/krl.c          up to 1.5
crypto/external/bsd/openssh/dist/krl.h          up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c          up to 1.11
crypto/external/bsd/openssh/dist/mac.h          up to 1.5
crypto/external/bsd/openssh/dist/match.c        up to 1.5
crypto/external/bsd/openssh/dist/misc.c         up to 1.10
crypto/external/bsd/openssh/dist/misc.h         up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c       up to 1.8
crypto/external/bsd/openssh/dist/monitor.c      up to 1.14
crypto/external/bsd/openssh/dist/monitor.h      up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c   up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h   up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c          up to 1.4
crypto/external/bsd/openssh/dist/msg.h          up to 1.4
crypto/external/bsd/openssh/dist/mux.c          up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h   up to 1.10
crypto/external/bsd/openssh/dist/namespace.h    up to 1.5
crypto/external/bsd/openssh/dist/packet.c       up to 1.18
crypto/external/bsd/openssh/dist/packet.h       up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h    up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h       up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c     up to 1.13
crypto/external/bsd/openssh/dist/readconf.h     up to 1.12
crypto/external/bsd/openssh/dist/readpass.c     up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c          up to 1.5
crypto/external/bsd/openssh/dist/rsa.h          up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1          up to 1.9
crypto/external/bsd/openssh/dist/scp.c          up to 1.11
crypto/external/bsd/openssh/dist/servconf.c     up to 1.17
crypto/external/bsd/openssh/dist/servconf.h     up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c   up to 1.12
crypto/external/bsd/openssh/dist/session.c      up to 1.14
crypto/external/bsd/openssh/dist/session.h      up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c  up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h  up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c  up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h  up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c    up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8  up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c  up to 1.11
crypto/external/bsd/openssh/dist/sftp.1         up to 1.11
crypto/external/bsd/openssh/dist/sftp.c         up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1      up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c      up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1    up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c    up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c      up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c    up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h      up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1   up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c   up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1  up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c  up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8  up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c  up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c   up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h   up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c      up to 1.7
crypto/external/bsd/openssh/dist/ssh.1          up to 1.14
crypto/external/bsd/openssh/dist/ssh.c          up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h         up to 1.6
crypto/external/bsd/openssh/dist/ssh_config     up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5   up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c   up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h   up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c  up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c  up to 1.19
crypto/external/bsd/openssh/dist/sshd.8         up to 1.13
crypto/external/bsd/openssh/dist/sshd.c         up to 1.18
crypto/external/bsd/openssh/dist/sshd_config    up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5  up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c     up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c       up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c      up to 1.4
crypto/external/bsd/openssh/dist/umac.c         up to 1.9
crypto/external/bsd/openssh/dist/version.h      up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c      up to 1.5
crypto/external/bsd/openssh/lib/Makefile        up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version   up to 1.13
distrib/sets/lists/base/ad.aarch64		patch
distrib/sets/lists/base/ad.arm			patch
distrib/sets/lists/base/ad.mips			patch
distrib/sets/lists/base/ad.powerpc		patch
distrib/sets/lists/base/md.amd64		patch
distrib/sets/lists/base/md.sparc64		patch
distrib/sets/lists/base/mi			patch
distrib/sets/lists/base/shl.mi			patch
distrib/sets/lists/comp/ad.aarch64		patch
distrib/sets/lists/comp/ad.arm			patch
distrib/sets/lists/comp/ad.mips			patch
distrib/sets/lists/comp/ad.powerpc		patch
distrib/sets/lists/comp/md.amd64		patch
distrib/sets/lists/comp/md.sparc64		patch
distrib/sets/lists/comp/mi			patch
distrib/sets/lists/comp/shl.mi			patch
distrib/sets/lists/debug/ad.aarch64		patch
distrib/sets/lists/debug/ad.arm			patch
distrib/sets/lists/debug/ad.mips		patch
distrib/sets/lists/debug/ad.powerpc		patch
distrib/sets/lists/debug/md.amd64		patch
distrib/sets/lists/debug/md.sparc64		patch
distrib/sets/lists/debug/shl.mi			patch
distrib/sets/lists/etc/mi			patch
distrib/sets/lists/man/mi			patch
etc/defaults/rc.conf				1.130
etc/mtree/NetBSD.dist.base			1.142
external/bsd/Makefile                           up to 1.48
external/bsd/blacklist/bin/Makefile             up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8       up to 1.6
external/bsd/blacklist/bin/blacklistctl.c       up to 1.17
external/bsd/blacklist/bin/blacklistd.8         up to 1.10
external/bsd/blacklist/bin/blacklistd.c         up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5    up to 1.2
external/bsd/blacklist/bin/conf.c               up to 1.18
external/bsd/blacklist/bin/conf.h               up to 1.6
external/bsd/blacklist/bin/internal.c           up to 1.5
external/bsd/blacklist/bin/internal.h           up to 1.12
external/bsd/blacklist/bin/run.c                up to 1.12
external/bsd/blacklist/bin/run.h                up to 1.5
external/bsd/blacklist/bin/state.c              up to 1.15
external/bsd/blacklist/bin/state.h              up to 1.5
external/bsd/blacklist/bin/support.c            up to 1.6
external/bsd/blacklist/bin/support.h            up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile        up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd      up to 1.1
external/bsd/blacklist/etc/Makefile             up to 1.3
external/bsd/blacklist/etc/blacklistd.conf      up to 1.3
external/bsd/blacklist/etc/npf.conf             up to 1.1
external/bsd/blacklist/Makefile                 up to 1.2
external/bsd/blacklist/Makefile.inc             up to 1.3
external/bsd/blacklist/README                   up to 1.7
external/bsd/blacklist/TODO                     up to 1.7
external/bsd/blacklist/diff/ftpd.diff           up to 1.1
external/bsd/blacklist/diff/named.diff          up to 1.6
external/bsd/blacklist/diff/ssh.diff            up to 1.6
external/bsd/blacklist/include/Makefile         up to 1.1
external/bsd/blacklist/include/bl.h             up to 1.12
external/bsd/blacklist/include/blacklist.h      up to 1.3
external/bsd/blacklist/include/config.h		new
external/bsd/blacklist/lib/Makefile             up to 1.3
external/bsd/blacklist/lib/bl.c                 up to 1.24
external/bsd/blacklist/lib/blacklist.c          up to 1.5
external/bsd/blacklist/lib/libblacklist.3       up to 1.3
external/bsd/blacklist/lib/shlib_version        up to 1.1
external/bsd/blacklist/libexec/Makefile         up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore       up to 1.1
external/bsd/blacklist/port/Makefile.am         up to 1.4
external/bsd/blacklist/port/_strtoi.h           up to 1.1
external/bsd/blacklist/port/clock_gettime.c     up to 1.2
external/bsd/blacklist/port/configure.ac        up to 1.7
external/bsd/blacklist/port/fgetln.c            up to 1.1
external/bsd/blacklist/port/fparseln.c          up to 1.1
external/bsd/blacklist/port/getprogname.c       up to 1.4
external/bsd/blacklist/port/pidfile.c           up to 1.1
external/bsd/blacklist/port/popenve.c           up to 1.2
external/bsd/blacklist/port/port.h              up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c           up to 1.2
external/bsd/blacklist/port/strlcpy.c           up to 1.2
external/bsd/blacklist/port/strtoi.c            up to 1.3
external/bsd/blacklist/test/Makefile            up to 1.2
external/bsd/blacklist/test/cltest.c            up to 1.6
external/bsd/blacklist/test/srvtest.c           up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c            up to 1.23
libexec/ftpd/pfilter.c                          up to 1.1
libexec/ftpd/pfilter.h                          up to 1.1
libexec/ftpd/Makefile                           up to 1.64
libexec/ftpd/ftpd.c                             up to 1.201

	Add blacklistd(8), a daemon to block and release network ports
	on demand to mitigate abuse, and related changes to system daemons
	to support it.
	[christos, ticket #711]

Revision 1.5 / (download) - annotate - [select for diffs], Fri Apr 3 23:58:19 2015 UTC (7 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.4: +28 -32 lines
Diff to previous 1.4 (colored)

Merge conflicts

Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 3 23:49:22 2015 UTC (7 years, 10 months ago) by christos
Branch: OPENSSH
CVS Tags: v71-20150821, v70-20150812, v69-20150630, v68-20150318
Changes since 1.1.1.3: +28 -32 lines
Diff to previous 1.1.1.3 (colored)

Changes since OpenSSH 6.7
=========================

This is a major release, containing a number of new features as
well as a large internal re-factoring.

Potentially-incompatible changes
--------------------------------

 * sshd(8): UseDNS now defaults to 'no'. Configurations that match
   against the client host name (via sshd_config or authorized_keys)
   may need to re-enable it or convert to matching against addresses.

New Features
------------

 * Much of OpenSSH's internal code has been re-factored to be more
   library-like. These changes are mostly not user-visible, but
   have greatly improved OpenSSH's testability and internal layout.

 * Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
   command-line flags to the other tools to control algorithm used
   for key fingerprints. The default changes from MD5 to SHA256 and
   format from hex to base64.

   Fingerprints now have the hash algorithm prepended. An example of
   the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
   Please note that visual host keys will also be different.

 * ssh(1), sshd(8): Experimental host key rotation support. Add a
   protocol extension for a server to inform a client of all its
   available host keys after authentication has completed. The client
   may record the keys in known_hosts, allowing it to upgrade to better
   host key algorithms and a server to gracefully rotate its keys.

   The client side of this is controlled by a UpdateHostkeys config
   option (default off).

 * ssh(1): Add a ssh_config HostbasedKeyType option to control which
   host public key types are tried during host-based authentication.

 * ssh(1), sshd(8): fix connection-killing host key mismatch errors
   when sshd offers multiple ECDSA keys of different lengths.

 * ssh(1): when host name canonicalisation is enabled, try to
   parse host names as addresses before looking them up for
   canonicalisation. fixes bz#2074 and avoiding needless DNS
   lookups in some cases.

 * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer
   require OpenSSH to be compiled with OpenSSL support.

 * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
   authentication.

 * sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
   Bleichenbacher Side Channel Attack. Fake up a bignum key before
   RSA decryption.

 * sshd(8): Remember which public keys have been used for
   authentication and refuse to accept previously-used keys.
   This allows AuthenticationMethods=publickey,publickey to require
   that users authenticate using two _different_ public keys.

 * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
   PubkeyAcceptedKeyTypes options to allow sshd to control what
   public key types will be accepted. Currently defaults to all.

 * sshd(8): Don't count partial authentication success as a failure
   against MaxAuthTries.

 * ssh(1): Add RevokedHostKeys option for the client to allow
   text-file or KRL-based revocation of host keys.

 * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by
   serial number or key ID without scoping to a particular CA.

 * ssh(1): Add a "Match canonical" criteria that allows ssh_config
   Match blocks to trigger only in the second config pass.

 * ssh(1): Add a -G option to ssh that causes it to parse its
   configuration and dump the result to stdout, similar to "sshd -T".

 * ssh(1): Allow Match criteria to be negated. E.g. "Match !host".

 * The regression test suite has been extended to cover more OpenSSH
   features. The unit tests have been expanded and now cover key
   exchange.

Bugfixes

 * ssh-keyscan(1): ssh-keyscan has been made much more robust again
   servers that hang or violate the SSH protocol.

 * ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
   being lost as comment fields.

 * ssh(1): Allow ssh_config Port options set in the second config
   parse phase to be applied (they were being ignored). bz#2286

 * ssh(1): Tweak config re-parsing with host canonicalisation - make
   the second pass through the config files always run when host name
   canonicalisation is enabled (and not whenever the host name
   changes) bz#2267

 * ssh(1): Fix passing of wildcard forward bind addresses when
   connection multiplexing is in use; bz#2324;

 * ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
   formats; bz#2345.

 * ssh-keygen(1): Fix KRL generation bug when multiple CAs are in
   use.

 * Various fixes to manual pages: bz#2288, bz#2316, bz#2273

Portable OpenSSH

 * Support --without-openssl at configure time

   Disables and removes dependency on OpenSSL. Many features,
   including SSH protocol 1 are not supported and the set of crypto
   options is greatly restricted. This will only work on systems
   with native arc4random or /dev/urandom.

   Considered highly experimental for now.

 * Support --without-ssh1 option at configure time

   Allows disabling support for SSH protocol 1.

 * sshd(8): Fix compilation on systems with IPv6 support in utmpx; bz#2296

 * Allow custom service name for sshd on Cygwin. Permits the use of
   multiple sshd running with different service names.

Checksums:
==========

 - SHA1 (openssh-6.8.tar.gz) = 99903c6ca76e0a2c044711017f81127e12459d37
 - SHA256 (openssh-6.8.tar.gz) = N1uzVarFbrm2CzAwuDu3sRoszmqpK+5phAChP/QNyuw=

 - SHA1 (openssh-6.8p1.tar.gz) = cdbc51e46a902b30d263b05fdc71340920e91c92
 - SHA256 (openssh-6.8p1.tar.gz) = P/ZM5z7hJEgLW/dnuYMNfTwDu8tqvnFrePAZLDfOFg4=

Please note that the PGP key used to sign releases was recently rotated.
The new key has been signed by the old key to provide continuity. It is
available from the mirror sites as RELEASE_KEY.asc.

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

Revision 1.4 / (download) - annotate - [select for diffs], Sun Oct 19 16:30:58 2014 UTC (8 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.3: +0 -0 lines
Diff to previous 1.3 (colored)

merge openssh-6.7

Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Sun Jul 24 15:08:16 2011 UTC (11 years, 6 months ago) by christos
Branch: OPENSSH
CVS Tags: v67-20141018, v64-20131107, v62-20130321, v61-20120828, v60-20120421, v59-20110906, v58-20110724
Changes since 1.1.1.2: +0 -1 lines
Diff to previous 1.1.1.2 (colored)

from ftp.openbsd.org

Revision 1.3 / (download) - annotate - [select for diffs], Sun Nov 21 18:29:48 2010 UTC (12 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, tls-maxphys-base, tls-maxphys, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, netbsd-7-base, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, matt-mips64-premerge-20101231, khorben-n900, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver
Branch point for: netbsd-7, netbsd-6-1, netbsd-6-0, netbsd-6
Changes since 1.2: +2 -3 lines
Diff to previous 1.2 (colored)

Resolve conflicts

Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 21 17:05:38 2010 UTC (12 years, 2 months ago) by adam
Branch: OPENSSH
CVS Tags: v56-20101121
Changes since 1.1.1.1: +1 -2 lines
Diff to previous 1.1.1.1 (colored)

Imported openssh-5.6

Revision 1.2 / (download) - annotate - [select for diffs], Sun Jun 7 22:38:46 2009 UTC (13 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: matt-premerge-20091211
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Merge in our changes:
- conditionalize login_cap
- conditionalize bsd_auth
- bring in pam from portable
- restore krb5, krb4, afs, skey
- bring in hpn patches, disable mt aes cipher, keep speedups and cipher none
- add ignore root rhosts option
- fix ctype macro arguments
- umac is broken, disable it
- better ~homedir handling
- netbsd style tunnels
- urandom, xhome, chrootdir, rescuedir NetBSD handling
- utmp/utmpx handling
- handle tty posix_vdisable properly
- handle setuid and unsetuid the posix way instead of setresuid()
- add all missing functions
- add new moduli
- add build glue

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Jun 7 22:19:04 2009 UTC (13 years, 7 months ago) by christos
Branch: OPENSSH
CVS Tags: v53-20091226, v52-20090607
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

import 5.2 from ftp.openbsd.org

Revision 1.1 / (download) - annotate - [select for diffs], Sun Jun 7 22:19:04 2009 UTC (13 years, 7 months ago) by christos
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>