The NetBSD Project

CVS log for src/crypto/external/bsd/openssh/dist/packet.h

[BACK] Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.28: download - view: text, markup, annotated - select for diffs
Tue Sep 24 21:32:18 2024 UTC (2 months, 2 weeks ago) by christos
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +4 -1 lines
merge conflicts between OpenSSH-9.8 and 9.9

Revision 1.1.1.24 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue Sep 24 21:28:09 2024 UTC (2 months, 2 weeks ago) by christos
Branches: OPENSSH
CVS tags: v99-20240919
Diff to: previous 1.1.1.23: preferred, colored
Changes since revision 1.1.1.23: +4 -1 lines
Import OpenSSH-9.9 (previous was 9.8)

Changes:

Future deprecation notice
=========================

OpenSSH plans to remove support for the DSA signature algorithm in
early 2025. This release disables DSA by default at compile time.

DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.

OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.

This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.

Currently DSA is disabled at compile time. The final step of
removing DSA support entirely is planned for the first OpenSSH
release of 2025.

DSA support may be re-enabled on OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.

Potentially-incompatible changes
--------------------------------

 * ssh(1): remove support for pre-authentication compression.
   OpenSSH has only supported post-authentication compression in
   the server for some years. Compression before authentication
   significantly increases the attack surface of SSH servers and risks
   creating oracles that reveal information about information sent
   during authentication.

 * ssh(1), sshd(8): processing of the arguments to the "Match"
   configuration directive now follows more shell-like rules for
   quoted strings, including allowing nested quotes and \-escaped
   characters. If configurations contained workarounds for the
   previous simplistic quote handling then they may need to be
   adjusted. If this is the case, it's most likely to be in the
   arguments to a "Match exec" confition. In this case, moving the
   command to be evaluated from the Match line to an external shell
   script is easiest way to preserve compatibility with both the old
   and new versions.

Changes since OpenSSH 9.8
=========================

This release contains a number of new features and bugfixes.

New features
------------

 * ssh(1), sshd(8): add support for a new hybrid post-quantum key
   exchange based on the FIPS 203 Module-Lattice Key Enapsulation
   mechanism (ML-KEM) combined with X25519 ECDH as described by
   https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
   This algorithm "mlkem768x25519-sha256" is available by default.

 * ssh(1): the ssh_config "Include" directive can now expand
   environment as well as the same set of %-tokens "Match Exec"
   supports.

 * sshd(8): add a sshd_config "RefuseConnection" option that, if set
   will terminate the connection at the first authentication request.

 * sshd(8): add a "refuseconnection" penalty class to sshd_config
   PerSourcePenalties that is applied when a connection is dropped by
   the new RefuseConnection keyword.

 * sshd(8): add a "Match invalid-user" predicate to sshd_config Match
   options that matches when the target username is not valid on the
   server.

 * ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
   substantially faster implementation.

 * ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key
   exchange algorithm now has an IANA-assigned name in addition to
   the "@openssh.com" vendor extension name. This algorithm is now
   also available under this name "sntrup761x25519-sha512"

 * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
   included in core dump files for most of their lifespans. This is
   in addition to pre-existing controls in ssh-agent(1) and sshd(8)
   that prevented coredumps. This feature is supported on OpenBSD,
   Linux and FreeBSD.

 * All: convert key handling to use the libcrypto EVP_PKEY API, with
   the exception of DSA.

 * sshd(8): add a random amount of jitter (up to 4 seconds) to the
   grace login time to make its expiry unpredictable.

Bugfixes
--------
* sshd(8): relax absolute path requirement back to what it was prior
   to OpenSSH 9.8, which incorrectly required that sshd was started
   with an absolute path in inetd mode. bz3717

 * sshd(8): fix regression introduced in openssh-9.8 that swapped the
   order of source and destination addresses in some sshd log messages.

 * sshd(8): do not apply authorized_keys options when signature
   verification fails. Prevents more restrictive key options being
   incorrectly applied to subsequent keys in authorized_keys. bz3733

 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
   prompts. Helps the user know what's going on when ssh-keygen is
   invoked via other tools. Requested in GHPR503

 * ssh(1), ssh-add(1): make parsing user@host consistently look for
   the last '@' in the string rather than the first. This makes it
   possible to more consistently use usernames that contain '@'
   characters.

 * ssh(1), sshd(8): be more strict in parsing key type names. Only
   allow short names (e.g "rsa") in user-interface code and require
   full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725

 * regress: many performance and correctness improvements to the
   re-keying regression test.

 * ssh-keygen(1): clarify that ed25519 is the default key type
   generated and clarify that rsa-sha2-512 is the default signature
   scheme when RSA is in use. GHPR505

 * sshd(8): fix minor memory leak in Subsystem option parsing; GHPR515

 * All: additional hardening and consistency checks for the sshbuf
   code.

 * sshd(8): reduce default logingrace penalty to ensure that a single
   forgotton login that times out will be below the penalty threshold.

 * ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
   ControlPersist then later has a forwarding added using mux proxy
   connection and the forwarding was used, then when the mux proxy
   session terminated, the mux master process would issue a bad message
   that terminated the connection.

Portability
-----------

 * sync contrib/ssh-copy-id to the latest upstream version.

 * regress: improve portablility for some awk(1) usage (e.g. Solaris)

 * In the contrib/redhat RPM spec file, without_openssl was previously
   incorrectly enabled unconditionally.

 * sshd(8) restore audit call before exit that regressed in openssh-9.8
   Fixes an issue where the SSH_CONNECTION_ABANDON event was not
   recorded.

 * sshd(8): add support for class-imposed loging restrictions on FreeBSD.
   Allowing auth_hostok(3) and auth_timeok(3) to control logins.

 * Build fixes for Musl libc.

 * Fix detection of setres*id on GNU/Hurd

Revision 1.27: download - view: text, markup, annotated - select for diffs
Mon Jul 8 22:33:44 2024 UTC (5 months ago) by christos
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +2 -3 lines
resolve conflicts between 9.7 and 9.8

Revision 1.1.1.23 (vendor branch): download - view: text, markup, annotated - select for diffs
Mon Jul 8 22:27:24 2024 UTC (5 months ago) by christos
Branches: OPENSSH
CVS tags: v98-20240701
Diff to: previous 1.1.1.22: preferred, colored
Changes since revision 1.1.1.22: +2 -3 lines
Import OpenSSH-9.8 (previous was 9.7)

Security
========

This release contains fixes for two security problems, one critical
and one minor.

1) Race condition in sshd(8)

A critical vulnerability in sshd(8) was present in Portable OpenSSH
versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary
code execution with root privileges.

Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to be
possible but has not been demonstrated at this time. It's likely that
these attacks will be improved upon.

Exploitation on non-glibc systems is conceivable but has not been
examined. Systems that lack ASLR or users of downstream Linux
distributions that have modified OpenSSH to disable per-connection
ASLR re-randomisation (yes - this is a thing, no - we don't
understand why) may potentially have an easier path to exploitation.
OpenBSD is not vulnerable.

We thank the Qualys Security Advisory Team for discovering, reporting
and demonstrating exploitability of this problem, and for providing
detailed feedback on additional mitigation measures.

2) Logic error in ssh(1) ObscureKeystrokeTiming

In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an
OpenSSH server version 9.5 or later, a logic error in the ssh(1)
ObscureKeystrokeTiming feature (on by default) rendered this feature
ineffective - a passive observer could still detect which network
packets contained real keystrokes when the countermeasure was active
because both fake and real keystroke packets were being sent
unconditionally.

This bug was found by Philippos Giavridis and also independently by
Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford of the
University of Cambridge Computer Lab.

Worse, the unconditional sending of both fake and real keystroke
packets broke another long-standing timing attack mitigation. Since
OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for
traffic received on TTYs in echo-off mode, such as when entering a
password into su(8) or sudo(8). This bug rendered these fake
keystroke echoes ineffective and could allow a passive observer of
a SSH session to once again detect when echo was off and obtain
fairly limited timing information about keystrokes in this situation
(20ms granularity by default).

This additional implication of the bug was identified by Jacky Wei
En Kung, Daniel Hugenroth and Alastair Beresford and we thank them
for their detailed analysis.

This bug does not affect connections when ObscureKeystrokeTiming
was disabled or sessions where no TTY was requested.

Future deprecation notice
=========================

OpenSSH plans to remove support for the DSA signature algorithm in
early 2025. This release disables DSA by default at compile time.

DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.

OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.

This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.

This release, and its deactivation of DSA by default at compile-time,
marks the second step in our timeline to finally deprecate DSA. The
final step of removing DSA support entirely is planned for the first
OpenSSH release of 2025.

DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.

Potentially-incompatible changes
--------------------------------

 * all: as mentioned above, the DSA signature algorithm is now
   disabled at compile time.

 * sshd(8): the server will now block client addresses that
   repeatedly fail authentication, repeatedly connect without ever
   completing authentication or that crash the server. See the
   discussion of PerSourcePenalties below for more information.
   Operators of servers that accept connections from many users, or
   servers that accept connections from addresses behind NAT or
   proxies may need to consider these settings.

 * sshd(8): the server has been split into a listener binary, sshd(8),
   and a per-session binary "sshd-session". This allows for a much
   smaller listener binary, as it no longer needs to support the SSH
   protocol. As part of this work, support for disabling privilege
   separation (which previously required code changes to disable) and
   disabling re-execution of sshd(8) has been removed. Further
   separation of sshd-session into additional, minimal binaries is
   planned for the future.

 * sshd(8): several log messages have changed. In particular, some
   log messages will be tagged with as originating from a process
   named "sshd-session" rather than "sshd".

 * ssh-keyscan(1): this tool previously emitted comment lines
   containing the hostname and SSH protocol banner to standard error.
   This release now emits them to standard output, but adds a new
   "-q" flag to silence them altogether.

 * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
   as the PAM service name. A new "PAMServiceName" sshd_config(5)
   directive allows selecting the service name at runtime. This
   defaults to "sshd". bz2101

 * (portable OpenSSH only) Automatically-generated files, such as
   configure, config.h.in, etc will now be checked in to the portable
   OpenSSH git release branch (e.g. V_9_8). This should ensure that
   the contents of the signed release branch exactly match the
   contents of the signed release tarball.

Revision 1.20.2.1: download - view: text, markup, annotated - select for diffs
Mon Dec 25 12:31:05 2023 UTC (11 months, 2 weeks ago) by martin
Branches: netbsd-9
CVS tags: netbsd-9-4-RELEASE
Diff to: previous 1.20: preferred, colored; next MAIN 1.21: preferred, colored
Changes since revision 1.20: +17 -6 lines
Pull up the following, requested by kim in ticket #1780:

	crypto/external/bsd/openssh/Makefile.inc        up to 1.15 (+patch)
	crypto/external/bsd/openssh/bin/Makefile.inc    up to 1.4
	crypto/external/bsd/openssh/bin/scp/Makefile    up to 1.6
	crypto/external/bsd/openssh/bin/sftp/Makefile   up to 1.11
	crypto/external/bsd/openssh/bin/sftp-server/Makefile up to 1.4
	crypto/external/bsd/openssh/bin/ssh/Makefile    up to 1.20
	crypto/external/bsd/openssh/bin/ssh-add/Makefile up to 1.3
	crypto/external/bsd/openssh/bin/ssh-agent/Makefile up to 1.7
	crypto/external/bsd/openssh/bin/ssh-keygen/Makefile up to 1.10
	crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.6
	crypto/external/bsd/openssh/bin/ssh-pkcs11-helper/Makefile up to 1.4
	crypto/external/bsd/openssh/bin/sshd/Makefile   up to 1.27 (+patch)
	crypto/external/bsd/openssh/dist/PROTOCOL.sshsig up to 1.1.1.2
	crypto/external/bsd/openssh/dist/srclimit.c     up to 1.3
	crypto/external/bsd/openssh/dist/sftp-realpath.c up to 1.3
	crypto/external/bsd/openssh/dist/sntrup761.c    up to 1.3
	crypto/external/bsd/openssh/dist/sntrup761.sh   up to 1.1.1.2
	crypto/external/bsd/openssh/dist/sshsig.c       up to 1.12
	crypto/external/bsd/openssh/dist/sshsig.h       up to 1.1.1.5
	crypto/external/bsd/openssh/dist/addr.c         up to 1.6
	crypto/external/bsd/openssh/dist/PROTOCOL.u2f   up to 1.1.1.3
	crypto/external/bsd/openssh/dist/sk-api.h       up to 1.1.1.6
	crypto/external/bsd/openssh/dist/sk-usbhid.c    up to 1.9
	crypto/external/bsd/openssh/dist/ssh-ecdsa-sk.c up to 1.4
	crypto/external/bsd/openssh/dist/ssh-ed25519-sk.c up to 1.5
	crypto/external/bsd/openssh/dist/ssh-sk-client.c up to 1.6
	crypto/external/bsd/openssh/dist/ssh-sk-helper.8 up to 1.1.1.2
	crypto/external/bsd/openssh/dist/ssh-sk-helper.c up to 1.7
	crypto/external/bsd/openssh/dist/ssh-sk.c       up to 1.8
	crypto/external/bsd/openssh/dist/ssh-sk.h       up to 1.1.1.2
	crypto/external/bsd/openssh/dist/sshbuf-io.c    up to 1.2
	crypto/external/bsd/openssh/dist/addr.h         up to 1.1.1.2
	crypto/external/bsd/openssh/dist/kexsntrup761x25519.c up to 1.3
	crypto/external/bsd/openssh/dist/cipher-chachapoly-libcrypto.c up to 1.3
	crypto/external/bsd/openssh/dist/srclimit.h     up to 1.1.1.1
	crypto/external/bsd/openssh/dist/auth2-pubkeyfile.c up to 1.3
	crypto/external/bsd/openssh/dist/sftp-usergroup.c up to 1.3
	crypto/external/bsd/openssh/dist/sftp-usergroup.h up to 1.1.1.1
	crypto/external/bsd/openssh/dist/ed25519.sh     up to 1.1.1.1
	crypto/external/bsd/openssh/dist/crc32.c        delete
	crypto/external/bsd/openssh/dist/crc32.h        delete
	crypto/external/bsd/openssh/dist/fe25519.c      delete
	crypto/external/bsd/openssh/dist/fe25519.h      delete
	crypto/external/bsd/openssh/dist/ge25519.c      delete
	crypto/external/bsd/openssh/dist/ge25519.h      delete
	crypto/external/bsd/openssh/dist/ge25519_base.data delete
	crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c delete
	crypto/external/bsd/openssh/dist/sc25519.c      delete
	crypto/external/bsd/openssh/dist/sc25519.h      delete
	crypto/external/bsd/openssh/dist/sntrup4591761.c delete
	crypto/external/bsd/openssh/dist/sntrup4591761.sh delete
	crypto/external/bsd/openssh/dist/uuencode.c     delete
	crypto/external/bsd/openssh/dist/uuencode.h     delete
	crypto/external/bsd/openssh/dist/verify.c       delete
	crypto/external/bsd/openssh/dist/LICENCE        up to 1.7
	crypto/external/bsd/openssh/dist/PROTOCOL       up to 1.23
	crypto/external/bsd/openssh/dist/PROTOCOL.agent up to 1.15
	crypto/external/bsd/openssh/dist/PROTOCOL.certkeys up to 1.13
	crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.4
	crypto/external/bsd/openssh/dist/PROTOCOL.key   up to 1.1.1.3
	crypto/external/bsd/openssh/dist/PROTOCOL.krl   up to 1.1.1.5
	crypto/external/bsd/openssh/dist/PROTOCOL.mux   up to 1.12
	crypto/external/bsd/openssh/dist/addrmatch.c    up to 1.15
	crypto/external/bsd/openssh/dist/auth-krb5.c    up to 1.16
	crypto/external/bsd/openssh/dist/auth-options.c up to 1.29
	crypto/external/bsd/openssh/dist/auth-options.h up to 1.15
	crypto/external/bsd/openssh/dist/auth-pam.c     up to 1.21
	crypto/external/bsd/openssh/dist/auth-passwd.c  up to 1.13
	crypto/external/bsd/openssh/dist/auth-rhosts.c  up to 1.16
	crypto/external/bsd/openssh/dist/auth.c         up to 1.34
	crypto/external/bsd/openssh/dist/auth.h         up to 1.23
	crypto/external/bsd/openssh/dist/auth2-chall.c  up to 1.19
	crypto/external/bsd/openssh/dist/auth2-gss.c    up to 1.17
	crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.23
	crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.15
	crypto/external/bsd/openssh/dist/auth2-krb5.c   up to 1.10
	crypto/external/bsd/openssh/dist/auth2-none.c   up to 1.14
	crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.16
	crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.34
	crypto/external/bsd/openssh/dist/auth2.c        up to 1.29
	crypto/external/bsd/openssh/dist/authfd.c       up to 1.27
	crypto/external/bsd/openssh/dist/authfd.h       up to 1.17
	crypto/external/bsd/openssh/dist/authfile.c     up to 1.28
	crypto/external/bsd/openssh/dist/authfile.h     up to 1.10
	crypto/external/bsd/openssh/dist/canohost.c     up to 1.16
	crypto/external/bsd/openssh/dist/chacha.c       up to 1.6
	crypto/external/bsd/openssh/dist/chacha.h       up to 1.3
	crypto/external/bsd/openssh/dist/channels.c     up to 1.42
	crypto/external/bsd/openssh/dist/channels.h     up to 1.26
	crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.7
	crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.3
	crypto/external/bsd/openssh/dist/cipher.c       up to 1.21
	crypto/external/bsd/openssh/dist/cipher.h       up to 1.17
	crypto/external/bsd/openssh/dist/clientloop.c   up to 1.39
	crypto/external/bsd/openssh/dist/clientloop.h   up to 1.18
	crypto/external/bsd/openssh/dist/compat.c       up to 1.26
	crypto/external/bsd/openssh/dist/compat.h       up to 1.18
	crypto/external/bsd/openssh/dist/crypto_api.h   up to 1.5
	crypto/external/bsd/openssh/dist/dh.c           up to 1.20
	crypto/external/bsd/openssh/dist/dh.h           up to 1.13
	crypto/external/bsd/openssh/dist/digest-libc.c  up to 1.8
	crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.9
	crypto/external/bsd/openssh/dist/dispatch.c     up to 1.11
	crypto/external/bsd/openssh/dist/dns.c          up to 1.23
	crypto/external/bsd/openssh/dist/dns.h          up to 1.13
	crypto/external/bsd/openssh/dist/ed25519.c      up to 1.6
	crypto/external/bsd/openssh/dist/fatal.c        up to 1.7
	crypto/external/bsd/openssh/dist/getrrsetbyname.c up to 1.6
	crypto/external/bsd/openssh/dist/gss-genr.c     up to 1.11
	crypto/external/bsd/openssh/dist/gss-serv.c     up to 1.15
	crypto/external/bsd/openssh/dist/hash.c         up to 1.7
	crypto/external/bsd/openssh/dist/hmac.c         up to 1.8
	crypto/external/bsd/openssh/dist/hostfile.c     up to 1.23
	crypto/external/bsd/openssh/dist/hostfile.h     up to 1.11
	crypto/external/bsd/openssh/dist/includes.h     up to 1.9
	crypto/external/bsd/openssh/dist/kex.c          up to 1.34
	crypto/external/bsd/openssh/dist/kex.h          up to 1.24
	crypto/external/bsd/openssh/dist/kexdh.c        up to 1.10
	crypto/external/bsd/openssh/dist/kexgen.c       up to 1.7
	crypto/external/bsd/openssh/dist/kexgexc.c      up to 1.17
	crypto/external/bsd/openssh/dist/kexgexs.c      up to 1.23
	crypto/external/bsd/openssh/dist/krl.c          up to 1.23
	crypto/external/bsd/openssh/dist/krl.h          up to 1.6
	crypto/external/bsd/openssh/dist/ldapauth.c     up to 1.8
	crypto/external/bsd/openssh/dist/ldapauth.h     up to 1.6
	crypto/external/bsd/openssh/dist/log.c          up to 1.27
	crypto/external/bsd/openssh/dist/log.h          up to 1.17
	crypto/external/bsd/openssh/dist/mac.c          up to 1.16
	crypto/external/bsd/openssh/dist/match.c        up to 1.16
	crypto/external/bsd/openssh/dist/match.h        up to 1.11
	crypto/external/bsd/openssh/dist/misc.c         up to 1.35
	crypto/external/bsd/openssh/dist/misc.h         up to 1.27
	crypto/external/bsd/openssh/dist/moduli         up to 1.10
	crypto/external/bsd/openssh/dist/moduli.c       up to 1.17
	crypto/external/bsd/openssh/dist/monitor.c      up to 1.43
	crypto/external/bsd/openssh/dist/monitor.h      up to 1.13
	crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.9
	crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.34
	crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.23
	crypto/external/bsd/openssh/dist/msg.c          up to 1.11
	crypto/external/bsd/openssh/dist/mux.c          up to 1.35
	crypto/external/bsd/openssh/dist/myproposal.h   up to 1.24
	crypto/external/bsd/openssh/dist/namespace.h    up to 1.10
	crypto/external/bsd/openssh/dist/nchan.c        up to 1.14
	crypto/external/bsd/openssh/dist/packet.c       up to 1.50
	crypto/external/bsd/openssh/dist/packet.h       up to 1.26
	crypto/external/bsd/openssh/dist/pathnames.h    up to 1.15
	crypto/external/bsd/openssh/dist/pfilter.c      up to 1.8 (+patch)
	crypto/external/bsd/openssh/dist/poly1305.c     up to 1.6
	crypto/external/bsd/openssh/dist/progressmeter.c up to 1.15
	crypto/external/bsd/openssh/dist/readconf.c     up to 1.44
	crypto/external/bsd/openssh/dist/readconf.h     up to 1.34
	crypto/external/bsd/openssh/dist/readpass.c     up to 1.18
	crypto/external/bsd/openssh/dist/rijndael.h     up to 1.3
	crypto/external/bsd/openssh/dist/sandbox-pledge.c up to 1.3
	crypto/external/bsd/openssh/dist/sandbox-rlimit.c up to 1.7
	crypto/external/bsd/openssh/dist/scp.1          up to 1.31
	crypto/external/bsd/openssh/dist/scp.c          up to 1.41
	crypto/external/bsd/openssh/dist/servconf.c     up to 1.44
	crypto/external/bsd/openssh/dist/servconf.h     up to 1.30
	crypto/external/bsd/openssh/dist/serverloop.c   up to 1.35
	crypto/external/bsd/openssh/dist/session.c      up to 1.38
	crypto/external/bsd/openssh/dist/session.h      up to 1.10
	crypto/external/bsd/openssh/dist/sftp-client.c  up to 1.35
	crypto/external/bsd/openssh/dist/sftp-client.h  up to 1.18
	crypto/external/bsd/openssh/dist/sftp-common.c  up to 1.14
	crypto/external/bsd/openssh/dist/sftp-common.h  up to 1.8
	crypto/external/bsd/openssh/dist/sftp-glob.c    up to 1.15
	crypto/external/bsd/openssh/dist/sftp-server-main.c up to 1.8
	crypto/external/bsd/openssh/dist/sftp-server.8  up to 1.14
	crypto/external/bsd/openssh/dist/sftp-server.c  up to 1.30
	crypto/external/bsd/openssh/dist/sftp.1         up to 1.30
	crypto/external/bsd/openssh/dist/sftp.c         up to 1.39
	crypto/external/bsd/openssh/dist/ssh-add.1      up to 1.18
	crypto/external/bsd/openssh/dist/ssh-add.c      up to 1.30
	crypto/external/bsd/openssh/dist/ssh-agent.1    up to 1.19
	crypto/external/bsd/openssh/dist/ssh-agent.c    up to 1.37
	crypto/external/bsd/openssh/dist/ssh-dss.c      up to 1.18
	crypto/external/bsd/openssh/dist/ssh-ecdsa.c    up to 1.15
	crypto/external/bsd/openssh/dist/ssh-ed25519.c  up to 1.10
	crypto/external/bsd/openssh/dist/ssh-gss.h      up to 1.10
	crypto/external/bsd/openssh/dist/ssh-keygen.1   up to 1.34
	crypto/external/bsd/openssh/dist/ssh-keygen.c   up to 1.46
	crypto/external/bsd/openssh/dist/ssh-keyscan.1  up to 1.18
	crypto/external/bsd/openssh/dist/ssh-keyscan.c  up to 1.32
	crypto/external/bsd/openssh/dist/ssh-keysign.8  up to 1.14
	crypto/external/bsd/openssh/dist/ssh-keysign.c  up to 1.24
	crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.19
	crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 up to 1.12
	crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.22
	crypto/external/bsd/openssh/dist/ssh-pkcs11.c   up to 1.26
	crypto/external/bsd/openssh/dist/ssh-pkcs11.h   up to 1.9
	crypto/external/bsd/openssh/dist/ssh-rsa.c      up to 1.19
	crypto/external/bsd/openssh/dist/ssh-xmss.c     up to 1.6
	crypto/external/bsd/openssh/dist/ssh.1          up to 1.39
	crypto/external/bsd/openssh/dist/ssh.c          up to 1.45
	crypto/external/bsd/openssh/dist/ssh.h          up to 1.13
	crypto/external/bsd/openssh/dist/ssh2.h         up to 1.15
	crypto/external/bsd/openssh/dist/ssh_api.c      up to 1.15
	crypto/external/bsd/openssh/dist/ssh_config     up to 1.16
	crypto/external/bsd/openssh/dist/ssh_config.5   up to 1.40
	crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.12
	crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.11
	crypto/external/bsd/openssh/dist/sshbuf-misc.c  up to 1.14
	crypto/external/bsd/openssh/dist/sshbuf.c       up to 1.14
	crypto/external/bsd/openssh/dist/sshbuf.h       up to 1.19
	crypto/external/bsd/openssh/dist/sshconnect.c   up to 1.37
	crypto/external/bsd/openssh/dist/sshconnect.h   up to 1.17
	crypto/external/bsd/openssh/dist/sshconnect2.c  up to 1.46
	crypto/external/bsd/openssh/dist/sshd.8         up to 1.31
	crypto/external/bsd/openssh/dist/sshd.c         up to 1.50
	crypto/external/bsd/openssh/dist/sshd_config    up to 1.28
	crypto/external/bsd/openssh/dist/sshd_config.5  up to 1.42
	crypto/external/bsd/openssh/dist/ssherr.c       up to 1.10
	crypto/external/bsd/openssh/dist/ssherr.h       up to 1.4
	crypto/external/bsd/openssh/dist/sshkey-xmss.c  up to 1.10
	crypto/external/bsd/openssh/dist/sshkey-xmss.h  up to 1.5
	crypto/external/bsd/openssh/dist/sshkey.c       up to 1.32
	crypto/external/bsd/openssh/dist/sshkey.h       up to 1.19
	crypto/external/bsd/openssh/dist/sshlogin.c     up to 1.13
	crypto/external/bsd/openssh/dist/sshpty.c       up to 1.8
	crypto/external/bsd/openssh/dist/ttymodes.c     up to 1.12
	crypto/external/bsd/openssh/dist/uidswap.c      up to 1.10
	crypto/external/bsd/openssh/dist/umac.c         up to 1.22
	crypto/external/bsd/openssh/dist/umac.h         up to 1.10
	crypto/external/bsd/openssh/dist/utf8.c         up to 1.9
	crypto/external/bsd/openssh/dist/utf8.h         up to 1.5
	crypto/external/bsd/openssh/dist/version.h      up to 1.44
	crypto/external/bsd/openssh/dist/xmalloc.c      up to 1.13
	crypto/external/bsd/openssh/dist/xmalloc.h      up to 1.16
	crypto/external/bsd/openssh/dist/xmss_hash.c    up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.16
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.18
	crypto/external/bsd/openssh/lib/Makefile        up to 1.38
	crypto/external/bsd/openssh/lib/shlib_version   up to 1.36
	crypto/external/bsd/openssh/openssh2netbsd      up to 1.4
	lib/libpam/modules/pam_ssh/Makefile             up to 1.13
	lib/libpam/modules/pam_ssh/pam_ssh.c            up to 1.30
	distrib/sets/lists/base/shl.mi			(apply patch)
	distrib/sets/lists/debug/shl.mi			(apply patch)
	doc/3RDPARTY					(apply patch)

Update OpenSSH to 9.6.

Revision 1.24.2.2: download - view: text, markup, annotated - select for diffs
Mon Dec 25 12:22:55 2023 UTC (11 months, 2 weeks ago) by martin
Branches: netbsd-10
CVS tags: netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2
Diff to: previous 1.24.2.1: preferred, colored; branchpoint 1.24: preferred, colored; next MAIN 1.25: preferred, colored
Changes since revision 1.24.2.1: +2 -3 lines
Pullup the following, requested by kim in ticket #517:

	crypto/external/bsd/openssh/bin/Makefile.inc    up to 1.4
	crypto/external/bsd/openssh/bin/sftp/Makefile   up to 1.11 (+patch)
	crypto/external/bsd/openssh/bin/ssh/Makefile    up to 1.20 (+patch)
	crypto/external/bsd/openssh/bin/ssh-agent/Makefile up to 1.7 (+patch)
	crypto/external/bsd/openssh/bin/ssh-keygen/Makefile up to 1.10 (+patch)
	crypto/external/bsd/openssh/bin/sshd/Makefile   up to 1.27 (+patch)
	crypto/external/bsd/openssh/dist/PROTOCOL       up to 1.23
	crypto/external/bsd/openssh/dist/PROTOCOL.agent up to 1.15
	crypto/external/bsd/openssh/dist/auth2.c        up to 1.29
	crypto/external/bsd/openssh/dist/authfd.c       up to 1.27
	crypto/external/bsd/openssh/dist/authfd.h       up to 1.17
	crypto/external/bsd/openssh/dist/channels.c     up to 1.42
	crypto/external/bsd/openssh/dist/channels.h     up to 1.26
	crypto/external/bsd/openssh/dist/cipher.c       up to 1.21
	crypto/external/bsd/openssh/dist/cipher.h       up to 1.17
	crypto/external/bsd/openssh/dist/clientloop.c   up to 1.39
	crypto/external/bsd/openssh/dist/kex.c          up to 1.34
	crypto/external/bsd/openssh/dist/kex.h          up to 1.24
	crypto/external/bsd/openssh/dist/log.c          up to 1.27
	crypto/external/bsd/openssh/dist/misc.c         up to 1.35
	crypto/external/bsd/openssh/dist/misc.h         up to 1.27
	crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.34
	crypto/external/bsd/openssh/dist/mux.c          up to 1.35
	crypto/external/bsd/openssh/dist/packet.c       up to 1.50
	crypto/external/bsd/openssh/dist/packet.h       up to 1.26
	crypto/external/bsd/openssh/dist/readconf.c     up to 1.44
	crypto/external/bsd/openssh/dist/readconf.h     up to 1.34
	crypto/external/bsd/openssh/dist/scp.1          up to 1.31
	crypto/external/bsd/openssh/dist/scp.c          up to 1.41
	crypto/external/bsd/openssh/dist/servconf.c     up to 1.44
	crypto/external/bsd/openssh/dist/sftp-client.c  up to 1.35
	crypto/external/bsd/openssh/dist/sftp.1         up to 1.30
	crypto/external/bsd/openssh/dist/ssh-add.1      up to 1.18
	crypto/external/bsd/openssh/dist/ssh-add.c      up to 1.30
	crypto/external/bsd/openssh/dist/ssh-agent.c    up to 1.37
	crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.19
	crypto/external/bsd/openssh/dist/ssh-pkcs11.h   up to 1.9
	crypto/external/bsd/openssh/dist/ssh.1          up to 1.39
	crypto/external/bsd/openssh/dist/ssh.c          up to 1.45
	crypto/external/bsd/openssh/dist/ssh2.h         up to 1.15
	crypto/external/bsd/openssh/dist/ssh_config.5   up to 1.40
	crypto/external/bsd/openssh/dist/sshconnect.c   up to 1.37
	crypto/external/bsd/openssh/dist/sshconnect.h   up to 1.17
	crypto/external/bsd/openssh/dist/sshconnect2.c  up to 1.46
	crypto/external/bsd/openssh/dist/sshd.c         up to 1.50
	crypto/external/bsd/openssh/dist/sshkey.c       up to 1.32
	crypto/external/bsd/openssh/dist/sshsig.c       up to 1.12
	crypto/external/bsd/openssh/dist/version.h      up to 1.44
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.16
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.18
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.18
	crypto/external/bsd/openssh/lib/Makefile        up to 1.38 (+patch)
	crypto/external/bsd/openssh/lib/shlib_version   up to 1.36
	distrib/sets/lists/base/shl.mi			(apply patch)
	distrib/sets/lists/debug/shl.mi			(apply patch)
	doc/3RDPARTY					(apply patch)

Update OpenSSH to 9.6.

Revision 1.26: download - view: text, markup, annotated - select for diffs
Wed Dec 20 17:15:21 2023 UTC (11 months, 2 weeks ago) by christos
Branches: MAIN
CVS tags: perseant-exfatfs-base-20240630, perseant-exfatfs-base, perseant-exfatfs
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +1 -2 lines
Merge conflicts between 9.5 and 9.6

Revision 1.1.1.22 (vendor branch): download - view: text, markup, annotated - select for diffs
Wed Dec 20 17:11:24 2023 UTC (11 months, 2 weeks ago) by christos
Branches: OPENSSH
CVS tags: v97-20240311, v96-20231218
Diff to: previous 1.1.1.21: preferred, colored
Changes since revision 1.1.1.21: +1 -2 lines
Import OpenSSH 9.6/9.6p1 (2023-12-18)
Last was 9.5

Changes since OpenSSH 9.5
=========================

This release contains a number of security fixes, some small features
and bugfixes.

Security
========

This release contains fixes for a newly-discovered weakness in the
SSH transport protocol, a logic error relating to constrained PKCS#11
keys in ssh-agent(1) and countermeasures for programs that invoke
ssh(1) with user or hostnames containing invalid characters.

 * ssh(1), sshd(8): implement protocol extensions to thwart the
   so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
   Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
   limited break of the integrity of the early encrypted SSH transport
   protocol by sending extra messages prior to the commencement of
   encryption, and deleting an equal number of consecutive messages
   immediately after encryption starts. A peer SSH client/server
   would not be able to detect that messages were deleted.

   While cryptographically novel, the security impact of this attack
   is fortunately very limited as it only allows deletion of
   consecutive messages, and deleting most messages at this stage of
   the protocol prevents user user authentication from proceeding and
   results in a stuck connection.

   The most serious identified impact is that it lets a MITM to
   delete the SSH2_MSG_EXT_INFO message sent before authentication
   starts, allowing the attacker to disable a subset of the keystroke
   timing obfuscation features introduced in OpenSSH 9.5. There is no
   other discernable impact to session secrecy or session integrity.

   OpenSSH 9.6 addresses this protocol weakness through a new "strict
   KEX" protocol extension that will be automatically enabled when
   both the client and server support it. This extension makes
   two changes to the SSH transport protocol to improve the integrity
   of the initial key exchange.

   Firstly, it requires endpoints to terminate the connection if any
   unnecessary or unexpected message is received during key exchange
   (including messages that were previously legal but not strictly
   required like SSH2_MSG_DEBUG). This removes most malleability from
   the early protocol.

   Secondly, it resets the Message Authentication Code counter at the
   conclusion of each key exchange, preventing previously inserted
   messages from being able to make persistent changes to the
   sequence number across completion of a key exchange. Either of
   these changes should be sufficient to thwart the Terrapin Attack.

   More details of these changes are in the PROTOCOL file in the
   OpenSSH source distribition.

 * ssh-agent(1): when adding PKCS#11-hosted private keys while
   specifying destination constraints, if the PKCS#11 token returned
   multiple keys then only the first key had the constraints applied.
   Use of regular private keys, FIDO tokens and unconstrained keys
   are unaffected.

 * ssh(1): if an invalid user or hostname that contained shell
   metacharacters was passed to ssh(1), and a ProxyCommand,
   LocalCommand directive or "match exec" predicate referenced the
   user or hostname via %u, %h or similar expansion token, then
   an attacker who could supply arbitrary user/hostnames to ssh(1)
   could potentially perform command injection depending on what
   quoting was present in the user-supplied ssh_config(5) directive.

   This situation could arise in the case of git submodules, where
   a repository could contain a submodule with shell characters in
   its user/hostname. Git does not ban shell metacharacters in user
   or host names when checking out repositories from untrusted
   sources.

   Although we believe it is the user's responsibility to ensure
   validity of arguments passed to ssh(1), especially across a
   security boundary such as the git example above, OpenSSH 9.6 now
   bans most shell metacharacters from user and hostnames supplied
   via the command-line. This countermeasure is not guaranteed to be
   effective in all situations, as it is infeasible for ssh(1) to
   universally filter shell metacharacters potentially relevant to
   user-supplied commands.

   User/hostnames provided via ssh_config(5) are not subject to these
   restrictions, allowing configurations that use strange names to
   continue to be used, under the assumption that the user knows what
   they are doing in their own configuration files.

Potentially incompatible changes
--------------------------------

 * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
   a TCP-like window mechanism that limits the amount of data that
   can be sent without acceptance from the peer. In cases where this
   limit was exceeded by a non-conforming peer SSH implementation,
   ssh(1)/sshd(8) previously discarded the extra data. From OpenSSH
   9.6, ssh(1)/sshd(8) will now terminate the connection if a peer
   exceeds the window limit by more than a small grace factor. This
   change should have no effect of SSH implementations that follow
   the specification.

New features
------------

 * ssh(1): add a %j token that expands to the configured ProxyJump
   hostname (or the empty string if this option is not being used)
   that can be used in a number of ssh_config(5) keywords. bz3610

 * ssh(1): add ChannelTimeout support to the client, mirroring the
   same option in the server and allowing ssh(1) to terminate
   quiescent channels.

 * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): add support for
   reading ED25519 private keys in PEM PKCS8 format. Previously
   only the OpenSSH private key format was supported.

 * ssh(1), sshd(8): introduce a protocol extension to allow
   renegotiation of acceptable signature algorithms for public key
   authentication after the server has learned the username being
   used for authentication. This allows varying sshd_config(5)
   PubkeyAcceptedAlgorithms in a "Match user" block.

 * ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
   specifying certificates when loading PKCS#11 keys. This allows the
   use of certificates backed by PKCS#11 private keys in all OpenSSH
   tools that support ssh-agent(1). Previously only ssh(1) supported
   this use-case.

Bugfixes
--------

 * ssh(1): when deciding whether to enable the keystroke timing
   obfuscation, enable it only if a channel with a TTY is active.

 * ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals
   before checking flags set in signal handler. Avoids potential
   race condition between signaling ssh to exit and polling. bz3531

 * ssh(1): when connecting to a destination with both the
   AddressFamily and CanonicalizeHostname directives in use,
   the AddressFamily directive could be ignored. bz5326

 * sftp(1): correct handling of the limits@openssh.com option when
   the server returned an unexpected message.

 * A number of fixes to the PuTTY and Dropbear regress/integration
   tests.

 * ssh(1): release GSS OIDs only at end of authentication, avoiding
   unnecessary init/cleanup cycles. bz2982

 * ssh_config(5): mention "none" is a valid argument to IdentityFile
   in the manual. bz3080

 * scp(1): improved debugging for paths from the server rejected for
   not matching the client's glob(3) pattern in old SCP/RCP protocol
   mode.

 * ssh-agent(1): refuse signing operations on destination-constrained
   keys if a previous session-bind operation has failed. This may
   prevent a fail-open situation in future if a user uses a mismatched
   ssh(1) client and ssh-agent(1) where the client supports a key type
   that the agent does not support.

Portability
-----------

 * Better identify unsupported and unstable compiler flags, such as
   -fzero-call-used-regs which has been unstable across a several
   clang releases.

 * A number of fixes to regression test reliability and log
   collection.

 * Update the OpenSSL dependency in the RPM specification.

 * sshd(8): for OpenSolaris systems that support privilege limitation
   via the getpflags() interface, prefer using the newer PRIV_XPOLICY
   to PRIV_LIMIT. bz2833

Revision 1.24.2.1: download - view: text, markup, annotated - select for diffs
Thu Nov 2 22:15:21 2023 UTC (13 months, 1 week ago) by sborrill
Branches: netbsd-10
CVS tags: netbsd-10-0-RC1
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +3 -2 lines
Pull up the following revisions(s) (requested by martin in ticket #443):
	crypto/external/bsd/openssh/dist sync with HEAD
	crypto/external/bsd/openssh/dist/PROTOCOL:       up to 1.22
	crypto/external/bsd/openssh/dist/PROTOCOL.agent: up to 1.14
	crypto/external/bsd/openssh/dist/PROTOCOL.krl:   up to 1.1.1.5
	crypto/external/bsd/openssh/dist/addr.c:         up to 1.6
	crypto/external/bsd/openssh/dist/auth-options.c: up to 1.29
	crypto/external/bsd/openssh/dist/auth-pam.c:     up to 1.21
	crypto/external/bsd/openssh/dist/auth2-gss.c:    up to 1.17
	crypto/external/bsd/openssh/dist/auth2-pubkey.c: up to 1.34
	crypto/external/bsd/openssh/dist/auth2.c:        up to 1.28
	crypto/external/bsd/openssh/dist/canohost.c:     up to 1.16
	crypto/external/bsd/openssh/dist/chacha.c:       up to 1.6
	crypto/external/bsd/openssh/dist/channels.c      up to 1.41
	crypto/external/bsd/openssh/dist/channels.h:     up to 1.25
	crypto/external/bsd/openssh/dist/cipher-chachapoly-libcrypto.c: up to 1.3
	crypto/external/bsd/openssh/dist/cipher-chachapoly.c: up to 1.7
	crypto/external/bsd/openssh/dist/clientloop.c:   up to 1.38
	crypto/external/bsd/openssh/dist/kex.c:          up to 1.33
	crypto/external/bsd/openssh/dist/kex.h:          up to 1.23
	crypto/external/bsd/openssh/dist/kexgexs.c:      up to 1.23
	crypto/external/bsd/openssh/dist/krl.c:          up to 1.23
	crypto/external/bsd/openssh/dist/krl.h:          up to 1.6
	crypto/external/bsd/openssh/dist/match.c:        up to 1.16
	crypto/external/bsd/openssh/dist/misc.c;         up to 1.34
	crypto/external/bsd/openssh/dist/misc.h:         up to 1.26
	crypto/external/bsd/openssh/dist/moduli:         up to 1.10
	crypto/external/bsd/openssh/dist/monitor.c:      up to 1.43
	crypto/external/bsd/openssh/dist/monitor_wrap.c: up to 1.33
	crypto/external/bsd/openssh/dist/mux.c:          up to 1.34
	crypto/external/bsd/openssh/dist/packet.c:       up to 1.49
	crypto/external/bsd/openssh/dist/packet.h:       up to 1.25
	crypto/external/bsd/openssh/dist/poly1305.c:     up to 1.6
	crypto/external/bsd/openssh/dist/progressmeter.c: up to 1.15
	crypto/external/bsd/openssh/dist/readconf.c:     up to 1.42
	crypto/external/bsd/openssh/dist/readconf.h:     up to 1.32
	crypto/external/bsd/openssh/dist/scp.c:          up to 1.40
	crypto/external/bsd/openssh/dist/servconf.c:     up to 1.43
	crypto/external/bsd/openssh/dist/servconf.h:     up to 1.30
	crypto/external/bsd/openssh/dist/serverloop.c:   up to 1.35
	crypto/external/bsd/openssh/dist/session.c:      up to 1.38
	crypto/external/bsd/openssh/dist/sftp-client.c:  up to 1.34
	crypto/external/bsd/openssh/dist/sftp-client.h:  up to 1.18
	crypto/external/bsd/openssh/dist/sftp-common.c:  up to 1.14
	crypto/external/bsd/openssh/dist/sftp-glob.c:    up to 1.15
	crypto/external/bsd/openssh/dist/sftp-server.c:  up to 1.30
	crypto/external/bsd/openssh/dist/sftp-usergroup.c: up to 1.3
	crypto/external/bsd/openssh/dist/sftp.c:         up to 1.39
	crypto/external/bsd/openssh/dist/sk-usbhid.c:    up to 1.9
	crypto/external/bsd/openssh/dist/ssh-add.c:      up to 1.29
	crypto/external/bsd/openssh/dist/ssh-agent.1:    up to 1.19
	crypto/external/bsd/openssh/dist/ssh-agent.c:    up to 1.36
	crypto/external/bsd/openssh/dist/ssh-keygen.1:   up to 1.34
	crypto/external/bsd/openssh/dist/ssh-keygen.c:   up to 1.46
	crypto/external/bsd/openssh/dist/ssh-keyscan.c:  up to 1.32
	crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c: up to 1.18
	crypto/external/bsd/openssh/dist/ssh-pkcs11.c:   up to 1.26
	crypto/external/bsd/openssh/dist/ssh-sk.c:       up to 1.8
	crypto/external/bsd/openssh/dist/ssh.1:          up to 1.37
	crypto/external/bsd/openssh/dist/ssh.c:          up to 1.44
	crypto/external/bsd/openssh/dist/ssh2.h:         up to 1.14
	crypto/external/bsd/openssh/dist/ssh_config:     up to 1.16
	crypto/external/bsd/openssh/dist/ssh_config.5:   up to 1.38
	crypto/external/bsd/openssh/dist/sshconnect2.c:  up to 1.45
	crypto/external/bsd/openssh/dist/sshd.8:         up to 1.31
	crypto/external/bsd/openssh/dist/sshd_config.5:  up to 1.42
	crypto/external/bsd/openssh/dist/sshkey.c:       up to 1.31
	crypto/external/bsd/openssh/dist/sshkey.h:       up to 1.19
	crypto/external/bsd/openssh/dist/sshsig.c:       up to 1.11
	crypto/external/bsd/openssh/dist/version.h:      up to 1.43
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048: up to 1.15
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072: up to 1.17
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096: up to 1.17
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144: up to 1.17
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680: up to 1.17
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192: up to 1.17
	crypto/external/bsd/openssh/lib/shlib_version:	1.35
	distrib/sets/lists/base/shl.mi:			1.972 via patch
	distrib/sets/lists/debug/shl.mi:		1.333
	doc/3RDPARTY:					1.1962 via patch

ssh(1): update to OpenSSH 9.5

Revision 1.25: download - view: text, markup, annotated - select for diffs
Wed Oct 25 20:19:57 2023 UTC (13 months, 2 weeks ago) by christos
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +2 -1 lines
Merge conflicts between 9.3 and 9.5

Revision 1.1.1.21 (vendor branch): download - view: text, markup, annotated - select for diffs
Wed Oct 25 20:14:30 2023 UTC (13 months, 2 weeks ago) by christos
Branches: OPENSSH
CVS tags: v95-20231004
Diff to: previous 1.1.1.20: preferred, colored
Changes since revision 1.1.1.20: +2 -1 lines
Import OpenSSH 9.5 (Last was OpenSSH 9.3)

OpenSSH 9.5/9.5p1 (2023-10-04)
OpenSSH 9.5 was released on 2023-10-04. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Changes since OpenSSH 9.4
=========================

This release fixes a number of bugs and adds some small features.

Potentially incompatible changes
--------------------------------

 * ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
   are very convenient due to their small size. Ed25519 keys are
   specified in RFC 8709 and OpenSSH has supported them since version 6.5
   (January 2014).

 * sshd(8): the Subsystem directive now accurately preserves quoting of
   subsystem commands and arguments. This may change behaviour for exotic
   configurations, but the most common subsystem configuration
   (sftp-server) is unlikely to be affected.

New features
------------

 * ssh(1): add keystroke timing obfuscation to the client. This attempts
   to hide inter-keystroke timings by sending interactive traffic at
   fixed intervals (default: every 20ms) when there is only a small
   amount of data being sent. It also sends fake "chaff" keystrokes for
   a random interval after the last real keystroke. These are
   controlled by a new ssh_config ObscureKeystrokeTiming keyword.

 * ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
   a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
   implement a ping capability. These messages use numbers in the "local
   extensions" number space and are advertised using a "ping@openssh.com"
   ext-info message with a string version number of "0".

 * sshd(8): allow override of Subsystem directives in sshd Match blocks.

Bugfixes
--------

 * scp(1): fix scp in SFTP mode recursive upload and download of
   directories that contain symlinks to other directories. In scp mode,
   the links would be followed, but in SFTP mode they were not. bz3611

 * ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
   sshsig signature files.

 * ssh(1): interactive mode for ControlPersist sessions if they
   originally requested a tty.

 * sshd(8): make PerSourceMaxStartups first-match-wins

 * sshd(8): limit artificial login delay to a reasonable maximum (5s)
   and don't delay at all for the "none" authentication mechanism.cw
    bz3602

 * sshd(8): Log errors in kex_exchange_identification() with level
   verbose instead of error to reduce preauth log spam. All of those
   get logged with a more generic error message by sshpkt_fatal().

 * sshd(8): correct math for ClientAliveInterval that caused the probes
    to be sent less frequently than configured.

 * ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
   multiplexed sessions to ignore SIGINT under some circumstances.

Portability
-----------

 * Avoid clang zero-call-used-regs=all bug on Apple compilers, which
   for some reason have version numbers that do not match the upstream
   clang version numbers. bz#3584

 * Fix configure test for zlib 1.3 and later/development versions. bz3604

Checksums:
==========

 - SHA1 (openssh-9.5.tar.gz) = 8a0bd3a91fac338d97d91817af58df731f6509a3
 - SHA256 (openssh-9.5.tar.gz) = sVMxeM3d6g65qBMktJIofxmK4Ipg9dblKif0VnhPeO0=

 - SHA1 (openssh-9.5p1.tar.gz) = 35c16dcc6e7d0a9465faa241476ef24f76b196cc
 - SHA256 (openssh-9.5p1.tar.gz) = 8Cbnt5un+1QPdRgq+W3IqPHbOV+SK7yfbKYDZyaGCGs=

Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available from the mirror sites:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc

Reporting Bugs:
===============

- Please read https://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com
OpenSSH 9.4/9.4p1 (2023-08-10)
OpenSSH 9.4 was released on 2023-08-10. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Changes since OpenSSH 9.3p2
===========================

This release fixes a number of bugs and adds some small features.

Potentially incompatible changes
--------------------------------

 * This release removes support for older versions of libcrypto.
   OpenSSH now requires LibreSSL >= 3.1.0 or OpenSSL >= 1.1.1.
   Note that these versions are already deprecated by their upstream
   vendors.

 * ssh-agent(1): PKCS#11 modules must now be specified by their full
   paths. Previously dlopen(3) could search for them in system
   library directories.

New features
------------

 * ssh(1): allow forwarding Unix Domain sockets via ssh -W.

 * ssh(1): add support for configuration tags to ssh(1).
   This adds a ssh_config(5) "Tag" directive and corresponding
   "Match tag" predicate that may be used to select blocks of
   configuration similar to the pf.conf(5) keywords of the same
   name.

 * ssh(1): add a "match localnetwork" predicate. This allows matching
   on the addresses of available network interfaces and may be used to
   vary the effective client configuration based on network location.

 * ssh(1), sshd(8), ssh-keygen(1): infrastructure support for KRL
   extensions.  This defines wire formats for optional KRL extensions
   and implements parsing of the new submessages. No actual extensions
   are supported at this point.

 * sshd(8): AuthorizedPrincipalsCommand and AuthorizedKeysCommand now
   accept two additional %-expansion sequences: %D which expands to
   the routing domain of the connected session and %C which expands
   to the addresses and port numbers for the source and destination
   of the connection.

 * ssh-keygen(1): increase the default work factor (rounds) for the
   bcrypt KDF used to derive symmetric encryption keys for passphrase
   protected key files by 50%.

Bugfixes
--------

 * ssh-agent(1): improve isolation between loaded PKCS#11 modules
   by running separate ssh-pkcs11-helpers for each loaded provider.

 * ssh(1): make -f (fork after authentication) work correctly with
   multiplexed connections, including ControlPersist. bz3589 bz3589

 * ssh(1): make ConnectTimeout apply to multiplexing sockets and not
   just to network connections.

 * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
   modules being loaded by checking that the requested module
   contains the required symbol before loading it.

 * sshd(8): fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand
   appears before it in sshd_config. Since OpenSSH 8.7 the
   AuthorizedPrincipalsCommand directive was incorrectly ignored in
   this situation. bz3574

 * sshd(8), ssh(1), ssh-keygen(1): remove vestigal support for KRL
   signatures When the KRL format was originally defined, it included
   support for signing of KRL objects. However, the code to sign KRLs
   and verify KRL signatues was never completed in OpenSSH. This
   release removes the partially-implemented code to verify KRLs.
   All OpenSSH tools now ignore KRL_SECTION_SIGNATURE sections in
   KRL files.

 * All: fix a number of memory leaks and unreachable/harmless integer
   overflows.

 * ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11
   modules; GHPR406

 * sshd(8), ssh(1): better validate CASignatureAlgorithms in
   ssh_config and sshd_config. Previously this directive would accept
   certificate algorithm names, but these were unusable in practice as
   OpenSSH does not support CA chains. bz3577

 * ssh(1): make `ssh -Q CASignatureAlgorithms` only list signature
   algorithms that are valid for CA signing. Previous behaviour was
   to list all signing algorithms, including certificate algorithms.

 * ssh-keyscan(1): gracefully handle systems where rlimits or the
   maximum number of open files is larger than INT_MAX; bz3581

 * ssh-keygen(1): fix "no comment" not showing on when running
   `ssh-keygen -l` on multiple keys where one has a comment and other
   following keys do not. bz3580

 * scp(1), sftp(1): adjust ftruncate() logic to handle servers that
   reorder requests. Previously, if the server reordered requests then
   the resultant file would be erroneously truncated.

 * ssh(1): don't incorrectly disable hostname canonicalization when
   CanonicalizeHostname=yes and ProxyJump was expicitly set to
   "none". bz3567

 * scp(1): when copying local->remote, check that the source file
   exists before opening an SFTP connection to the server. Based on
   GHPR#370

Portability
-----------

 * All: a number of build fixes for various platforms and
   configuration combinations.

 * sshd(8): provide a replacement for the SELinux matchpathcon()
   function, which is deprecated.

 * All: relax libcrypto version checks for OpenSSL >=3. Beyond
   OpenSSL 3.0, the ABI compatibility guarantees are wider (only
   the library major must match instead of major and minor in
   earlier versions).  bz#3548.

 * Tests: fix build problems for the sk-dummy.so FIDO provider module
   used in some tests.

Checksums:
==========

 - SHA1 (openssh-9.4.tar.gz) = d88126d8d7b8e5bf4656587ac4a16055560641cc
 - SHA256 (openssh-9.4.tar.gz) = 7eqFjx2hAunw+1Jy7f1JQXq//3AMr9B3dKtASDtq8go=

 - SHA1 (openssh-9.4p1.tar.gz) = 5dea1f3c88f9cfe53a711a3c893ee8b7d3ffecff
 - SHA256 (openssh-9.4p1.tar.gz) = Ngj9kIjbIWPOs+YAyFq3nQ3j0iHlkZLqGSPiMmOGaoU=

Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available from the mirror sites:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc

Reporting Bugs:
===============

- Please read https://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

Revision 1.24: download - view: text, markup, annotated - select for diffs
Wed Feb 23 19:07:20 2022 UTC (2 years, 9 months ago) by christos
Branches: MAIN
CVS tags: netbsd-10-base
Branch point for: netbsd-10
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +2 -1 lines
Merge differences between openssh-8.8 and openssh-8.9

Revision 1.1.1.20 (vendor branch): download - view: text, markup, annotated - select for diffs
Wed Feb 23 19:04:26 2022 UTC (2 years, 9 months ago) by christos
Branches: OPENSSH
CVS tags: v93p2-20230719, v93-20230719, v91-20221004, v90-20220408, v89-20220223
Diff to: previous 1.1.1.19: preferred, colored
Changes since revision 1.1.1.19: +2 -1 lines
Import OpenSSH 8.9.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.

Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path@openssh.com" to support
this.

Security Near Miss
==================

 * sshd(8): fix an integer overflow in the user authentication path
   that, in conjunction with other logic errors, could have yielded
   unauthenticated access under difficult to exploit conditions.

   This situation is not exploitable because of independent checks in
   the privilege separation monitor. Privilege separation has been
   enabled by default in since openssh-3.2.2 (released in 2002) and
   has been mandatory since openssh-7.5 (released in 2017). Moreover,
   portable OpenSSH has used toolchain features available in most
   modern compilers to abort on signed integer overflow since
   openssh-6.5 (released in 2014).

   Thanks to Malcolm Stagg for finding and reporting this bug.

Potentially-incompatible changes
================================

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

 * This release modifies the FIDO security key middleware interface
   and increments SSH_SK_VERSION_MAJOR.

Changes since OpenSSH 8.8
=========================

This release includes a number of new features.

New features
------------

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)
   A detailed description of the feature is available at
   https://www.openssh.com/agent-restrict.html and the protocol
   extensions are documented in the PROTOCOL and PROTOCOL.agent
   files in the source release.

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * ssh-keygen(1): when downloading resident keys from a FIDO token,
   pass back the user ID that was used when the key was created and
   append it to the filename the key is written to (if it is not the
   default). Avoids keys being clobbered if the user created multiple
   resident keys with the same application string but different user
   IDs.

 * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
   on tokens that provide user verification (UV) on the device itself,
   including biometric keys, avoiding unnecessary PIN prompts.

 * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
   perform matching of principals names against an allowed signers
   file. To be used towards a TOFU model for SSH signatures in git.

 * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
   to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
   authentication time.

 * ssh-keygen(1): allow selection of hash at sshsig signing time
   (either sha512 (default) or sha256).

 * ssh(1), sshd(8): read network data directly to the packet input
   buffer instead indirectly via a small stack buffer. Provides a
   modest performance improvement.

 * ssh(1), sshd(8): read data directly to the channel input buffer,
   providing a similar modest performance improvement.

 * ssh(1): extend the PubkeyAuthentication configuration directive to
   accept yes|no|unbound|host-bound to allow control over one of the
   protocol extensions used to implement agent-restricted keys.

Bugfixes
--------

 * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
   PubkeyAuthOptions can be used in a Match block. PR#277.

 * sshd(8): fix possible string truncation when constructing paths to
   .rhosts/.shosts files with very long user home directory names.

 * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
   exchange hashes

 * ssh(1): don't put the TTY into raw mode when SessionType=none,
   avoids ^C being unable to kill such a session. bz3360

 * scp(1): fix some corner-case bugs in SFTP-mode handling of
   ~-prefixed paths.

 * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
   select RSA keys when only RSA/SHA2 signature algorithms are
   configured (this is the default case). Previously RSA keys were
   not being considered in the default case.

 * ssh-keysign(1): make ssh-keysign use the requested signature
   algorithm and not the default for the key type. Part of unbreaking
   hostbased auth for RSA/SHA2 keys.

 * ssh(1): stricter UpdateHostkey signature verification logic on
   the client- side. Require RSA/SHA2 signatures for RSA hostkeys
   except when RSA/SHA1 was explicitly negotiated during initial
   KEX; bz3375

 * ssh(1), sshd(8): fix signature algorithm selection logic for
   UpdateHostkeys on the server side. The previous code tried to
   prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
   cases. This will use RSA/SHA2 signatures for RSA keys if the
   client proposed these algorithms in initial KEX. bz3375

 * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
   This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
   and sftp-server(8), as well as the sshd(8) listen loop and all
   other FD read/writability checks. On platforms with missing or
   broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
   available.

 * ssh-keygen(1): the "-Y find-principals" command was verifying key
   validity when using ca certs but not with simple key lifetimes
   within the allowed signers file.

 * ssh-keygen(1): make sshsig verify-time argument parsing optional

 * sshd(8): fix truncation in rhosts/shosts path construction.

 * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
   keys (we already did this for RSA keys). Avoids fatal errors for
   PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
   "cryptoauthlib"; bz#3364

 * ssh(1), ssh-agent(1): improve the testing of credentials against
   inserted FIDO: ask the token whether a particular key belongs to
   it in cases where the token supports on-token user-verification
   (e.g. biometrics) rather than just assuming that it will accept it.

   Will reduce spurious "Confirm user presence" notifications for key
   handles that relate to FIDO keys that are not currently inserted in at
   least some cases. bz3366

 * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
   allow for the preceding two ECN bits. bz#3373

 * ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
   option.

 * ssh-keygen(1): fix a NULL deref when using the find-principals
   function, when matching an allowed_signers line that contains a
   namespace restriction, but no restriction specified on the
   command-line

 * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
   issue #42719

 * ssh(1): suppress "Connection to xxx closed" messages when LogLevel
   is set to "error" or above. bz3378

 * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
   compressed packet data. bz3372

 * scp(1): when recursively transferring files in SFTP mode, create the
   destination directory if it doesn't already exist to match scp(1) in
   legacy RCP mode behaviour.

 * scp(1): many improvements in error message consistency between scp(1)
   in SFTP mode vs legacy RCP mode.

 * sshd(8): fix potential race in SIGTERM handling PR#289

 * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
   end of the default list of public keys so that they will be tried
   last. PR#295

 * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
   wildcard principals in allowed_signers files

Portability
-----------

 * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
   implementation does not work in a chroot when the kernel does not
   have close_range(2). It tries to read from /proc/self/fd and when
   that fails dies with an assertion of sorts. Instead, call
   close_range(2) directly from our compat code and fall back if
   that fails.  bz#3349,

 * OS X poll(2) is broken; use compat replacement. For character-
   special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
   when polled with POLLIN. Apparently this is Apple bug 3710161 -
   not public but a websearch will find other OSS projects
   rediscovering it periodically since it was first identified in
   2005.

 * Correct handling of exceptfds/POLLPRI in our select(2)-based
   poll(2)/ppoll(2) compat implementation.

 * Cygwin: correct checking of mbstowcs() return value.

 * Add a basic SECURITY.md that refers people to the openssh.com
   website.

 * Enable additional compiler warnings and toolchain hardening flags,
   including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
   -fzero-call-used-regs and -ftrivial-auto-var-init.

 * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
   is not reliable.

Revision 1.23: download - view: text, markup, annotated - select for diffs
Thu Sep 2 11:26:18 2021 UTC (3 years, 3 months ago) by christos
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +2 -1 lines
Merge our changes from OpenSSH-8.6 to OpenSSH-8.7

Revision 1.1.1.19 (vendor branch): download - view: text, markup, annotated - select for diffs
Thu Sep 2 11:22:29 2021 UTC (3 years, 3 months ago) by christos
Branches: OPENSSH
CVS tags: v88-20210926, v87-20210820
Diff to: previous 1.1.1.18: preferred, colored
Changes since revision 1.1.1.18: +2 -1 lines
Import OpenSSH-8.7:

Imminent deprecation notice
===========================

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
hash algorithm in conjunction with the RSA public key algorithm.
It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K.

Note that the deactivation of "ssh-rsa" signatures does not necessarily
require cessation of use for RSA keys. In the SSH protocol, keys may be
capable of signing using multiple algorithms. In particular, "ssh-rsa"
keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
"rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
these is being turned off by default.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs that is still
enabled by default.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The RFC8709 ssh-ed25519 signature algorithm. It has been supported
   in OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

OpenSSH recently enabled the UpdateHostKeys option by default to
assist the client by automatically migrating to better algorithms.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * scp(1): this release changes the behaviour of remote to remote
   copies (e.g. "scp host-a:/path host-b:") to transfer through the
   local host by default. This was previously available via the -3
   flag. This mode avoids the need to expose credentials on the
   origin hop, avoids triplicate interpretation of filenames by the
   shell (by the local system, the copy origin and the destination)
   and, in conjunction with the SFTP support for scp(1) mentioned
   below, allows use of all authentication methods to the remote
   hosts (previously, only non-interactive methods could be used).
   A -R flag has been added to select the old behaviour.

 * ssh(1)/sshd(8): both the client and server are now using a
   stricter configuration file parser. The new parser uses more
   shell-like rules for quotes, space and escape characters. It is
   also more strict in rejecting configurations that include options
   lacking arguments. Previously some options (e.g. DenyUsers) could
   appear on a line with no subsequent arguments. This release will
   reject such configurations. The new parser will also reject
   configurations with unterminated quotes and multiple '='
   characters after the option name.

 * ssh(1): when using SSHFP DNS records for host key verification,
   ssh(1) will verify all matching records instead of just those
   with the specific signature type requested. This may cause host
   key verification problems if stale SSHFP records of a different
   or legacy signature type exist alongside other records for a
   particular host. bz#3322

 * ssh-keygen(1): when generating a FIDO key and specifying an
   explicit attestation challenge (using -Ochallenge), the challenge
   will now be hashed by the builtin security key middleware. This
   removes the (undocumented) requirement that challenges be exactly
   32 bytes in length and matches the expectations of libfido2.

 * sshd(8): environment="..." directives in authorized_keys files are
   now first-match-wins and limited to 1024 discrete environment
   variable names.

Changes since OpenSSH 8.6
=========================

This release contains a mix of new features and bug-fixes.

New features
------------

 - scp(1): experimental support for transfers using the SFTP protocol
   as a replacement for the venerable SCP/RCP protocol that it has
   traditionally used. SFTP offers more predictable filename handling
   and does not require expansion of glob(3) patterns via the shell
   on the remote side.

   SFTP support may be enabled via a temporary scp -s flag. It is
   intended for SFTP to become the default transfer mode in the
   near future, at which time the -s flag will be removed. The -O
   flag exists to force use of the original SCP/RCP protocol for
   cases where SFTP may be unavailable or incompatible.

 - sftp-server(8): add a protocol extension to support expansion of
   ~/ and ~user/ prefixed paths. This was added to support these
   paths when used by scp(1) while in SFTP mode.

 - ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
   the ssh(1) -f flag. GHPR#231

 - ssh(1): add a StdinNull directive to ssh_config(5) that allows the
   config file to do the same thing as -n does on the ssh(1) command-
   line. GHPR#231

 - ssh(1): add a SessionType directive to ssh_config, allowing the
    configuration file to offer equivalent control to the -N (no
    session) and -s (subsystem) command-line flags. GHPR#231

 - ssh-keygen(1): allowed signers files used by ssh-keygen(1)
   signatures now support listing key validity intervals alongside
   they key, and ssh-keygen(1) can optionally check during signature
   verification whether a specified time falls inside this interval.
   This feature is intended for use by git to support signing and
   verifying objects using ssh keys.

 - ssh-keygen(8): support printing of the full public key in a sshsig
   signature via a -Oprint-pubkey flag.

Bugfixes
--------

 * ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
   the client and server mainloops. Previously the re-key timeout
   could expire but re-keying would not start until a packet was sent
   or received, causing a spin in select() if the connection was
   quiescent.

 * ssh-keygen(1): avoid Y2038 problem in printing certificate
   validity lifetimes. Dates past 2^31-1 seconds since epoch were
   displayed incorrectly on some platforms. bz#3329

 * scp(1): allow spaces to appear in usernames for local to remote
   and scp -3 remote to remote copies. bz#1164

 * ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
   in favour of KbdInteractiveAuthentication. The former is what was in
   SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
   treated as somewhat but not entirely equivalent. We retain the old
   name as a deprecated alias so configuration files continue to work
   as well as a reference in the man page for people looking for it.
   bz#3303

 * ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
   when extracting a key from a PKCS#11 certificate. bz#3327

 * ssh(1): restore blocking status on stdio fds before close. ssh(1)
   needs file descriptors in non-blocking mode to operate but it was
   not restoring the original state on exit. This could cause
   problems with fds shared with other programs via the shell,
   bz#3280 and GHPR#246

 * ssh(1)/sshd(8): switch both client and server mainloops from
   select(3) to pselect(3). Avoids race conditions where a signal
   may arrive immediately before select(3) and not be processed until
   an event fires. bz#2158

 * ssh(1): sessions started with ControlPersist were incorrectly
   executing a shell when the -N (no shell) option was specified.
   bz#3290

 * ssh(1): check if IPQoS or TunnelDevice are already set before
   overriding. Prevents values in config files from overriding values
   supplied on the command line. bz#3319

 * ssh(1): fix debug message when finding a private key to match a
   certificate being attempted for user authentication. Previously it
   would print the certificate's path, whereas it was supposed to be
   showing the private key's path. GHPR#247

 * sshd(8): match host certificates against host public keys, not
   private keys. Allows use of certificates with private keys held in
   a ssh-agent.  bz#3524

 * ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
   allows RSA/SHA2 signatures for public key authentication but fails
   to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
   clients of these server to incorrectly match
   PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
   keys. bz#3213

 * sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
   limits@openssh.com extension but fails when the client tries to
   invoke it. bz#3318

 * ssh(1): allow ssh_config SetEnv to override $TERM, which is
   otherwise handled specially by the protocol. Useful in ~/.ssh/config
   to set TERM to something generic (e.g. "xterm" instead of
   "xterm-256color") for destinations that lack terminfo entries.

 * sftp-server(8): the limits@openssh.com extension was incorrectly
   marked as an operation that writes to the filesystem, which made it
   unavailable in sftp-server read-only mode. bz#3318

 * ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
   the update removed more host keys than remain present.

 * many manual page fixes.

Portability
-----------

 * ssh(1): move closefrom() to before first malloc. When built against
   tcmalloc, the closefrom() would stomp on file descriptors created
   for tcmalloc's internal use. bz#3321

 * sshd(8): handle GIDs > 2^31 in getgrouplist. When compiled in 32bit
   mode, the getgrouplist implementation may fail for GIDs greater than
   LONG_MAX.

 * ssh(1): xstrdup environment variable used by ForwardAgent. bz#3328

 * sshd(8): don't sigdie() in signal handler in privsep child process;
   this can end up causing sandbox violations per bz3286

Revision 1.22: download - view: text, markup, annotated - select for diffs
Thu May 28 17:05:49 2020 UTC (4 years, 6 months ago) by christos
Branches: MAIN
CVS tags: cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +3 -2 lines
Merge conflicts

Revision 1.1.1.18 (vendor branch): download - view: text, markup, annotated - select for diffs
Thu May 28 17:02:59 2020 UTC (4 years, 6 months ago) by christos
Branches: OPENSSH
CVS tags: v86-20210419, v85_20210303, v84-20200927, v83-20200527
Diff to: previous 1.1.1.17: preferred, colored
Changes since revision 1.1.1.17: +3 -2 lines
OpenSSH 8.3 was released on 2020-05-27. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html

Future deprecation notice
=========================

It is now possible[1] to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.

This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.

The better alternatives include:

 * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
   algorithms have the advantage of using the same key type as
   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
   supported since OpenSSH 7.2 and are already used by default if the
   client and server support them.

 * The ssh-ed25519 signature algorithm. It has been supported in
   OpenSSH since release 6.5.

 * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
   have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.

A future release of OpenSSH will enable UpdateHostKeys by default
to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually. Vendors of devices
that implement the SSH protocol should ensure that they support the
new signature algorithms for RSA keys.

[1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
    (2020) https://eprint.iacr.org/2020/014.pdf

Security
========

 * scp(1): when receiving files, scp(1) could be become desynchronised
   if a utimes(2) system call failed. This could allow file contents
   to be interpreted as file metadata and thereby permit an adversary
   to craft a file system that, when copied with scp(1) in a
   configuration that caused utimes(2) to fail (e.g. under a SELinux
   policy or syscall sandbox), transferred different file names and
   contents to the actual file system layout.

   Exploitation of this is not likely as utimes(2) does not fail under
   normal circumstances. Successful exploitation is not silent - the
   output of scp(1) would show transfer errors followed by the actual
   file(s) that were received.

   Finally, filenames returned from the peer are (since openssh-8.0)
   matched against the user's requested destination, thereby
   disallowing a successful exploit from writing files outside the
   user's selected target glob (or directory, in the case of a
   recursive transfer). This ensures that this attack can achieve no
   more than a hostile peer is already able to achieve within the scp
   protocol.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * sftp(1): reject an argument of "-1" in the same way as ssh(1) and
   scp(1) do instead of accepting and silently ignoring it.

Changes since OpenSSH 8.2
=========================

The focus of this release is bug fixing.

New Features
------------

 * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
   rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
   to allow .shosts files but not .rhosts.

 * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
   sshd_config, not just before any Match blocks; bz3148

 * ssh(1): add %TOKEN percent expansion for the LocalFoward and
   RemoteForward keywords when used for Unix domain socket forwarding.
   bz#3014

 * all: allow loading public keys from the unencrypted envelope of a
   private key file if no corresponding public key file is present.

 * ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
   possible instead of the (slower) portable C implementation included
   in OpenSSH.

 * ssh-keygen(1): add ability to dump the contents of a binary key
   revocation list via "ssh-keygen -lQf /path" bz#3132

Bugfixes
--------

 * ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
   a PKCS11Provider; bz#3141

 * ssh-keygen(1): avoid NULL dereference when trying to convert an
   invalid RFC4716 private key.

 * scp(1): when performing remote-to-remote copies using "scp -3",
   start the second ssh(1) channel with BatchMode=yes enabled to
   avoid confusing and non-deterministic ordering of prompts.

 * ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
   perform hashing of the message to be signed in the middleware layer
   rather than in OpenSSH code. This permits the use of security key
   middlewares that perform the hashing implicitly, such as Windows
   Hello.

 * ssh(1): fix incorrect error message for "too many known hosts
   files." bz#3149

 * ssh(1): make failures when establishing "Tunnel" forwarding
   terminate the connection when ExitOnForwardFailure is enabled;
   bz#3116

 * ssh-keygen(1): fix printing of fingerprints on private keys and add
   a regression test for same.

 * sshd(8): document order of checking AuthorizedKeysFile (first) and
   AuthorizedKeysCommand (subsequently, if the file doesn't match);
   bz#3134

 * sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
   not considered for HostbasedAuthentication when the target user is
   root; bz#3148

 * ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
   key parsing (oss-fuzz #20074).

 * ssh(1), sshd(8): more consistency between sets of %TOKENS are
   accepted in various configuration options.

 * ssh(1), ssh-keygen(1): improve error messages for some common
   PKCS#11 C_Login failure cases; bz#3130

 * ssh(1), sshd(8): make error messages for problems during SSH banner
   exchange consistent with other SSH transport-layer error messages
   and ensure they include the relevant IP addresses bz#3129

 * various: fix a number of spelling errors in comments and debug/error
   messages

 * ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
   from a token, don't prompt for a PIN until the token has told us
   that it needs one. Avoids double-prompting on devices that
   implement on-device authentication.

 * sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
   should be an extension, not a critical option.

 * ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
   when trying to use a FIDO key function and SecurityKeyProvider is
   empty.

 * ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
   the values allowed by the wire format (u32). Prevents integer
   wraparound of the timeout values. bz#3119

 * ssh(1): detect and prevent trivial configuration loops when using
    ProxyJump. bz#3057.

Portability
-----------

 * Detect systems where signals flagged with SA_RESTART will interrupt
   select(2). POSIX permits implementations to choose whether
   select(2) will return when interrupted with a SA_RESTART-flagged
   signal, but OpenSSH requires interrupting behaviour.

 * Several compilation fixes for HP/UX and AIX.

 * On platforms that do not support setting process-wide routing
   domains (all excepting OpenBSD at present), fail to accept a
   configuration attempts to set one at process start time rather than
   fatally erroring at run time. bz#3126

 * Improve detection of egrep (used in regression tests) on platforms
   that offer a poor default one (e.g. Solaris).

 * A number of shell portability fixes for the regression tests.

 * Fix theoretical infinite loop in the glob(3) replacement
   implementation.

 * Fix seccomp sandbox compilation problems for some Linux
   configurations bz#3085

 * Improved detection of libfido2 and some compilation fixes for some
   configurations when --with-security-key-builtin is selected.

Revision 1.17.2.2: download - view: text, markup, annotated - select for diffs
Mon Apr 13 07:45:20 2020 UTC (4 years, 7 months ago) by martin
Branches: phil-wifi
Diff to: previous 1.17.2.1: preferred, colored; branchpoint 1.17: preferred, colored; next MAIN 1.18: preferred, colored
Changes since revision 1.17.2.1: +12 -4 lines
Mostly merge changes from HEAD upto 20200411

Revision 1.21: download - view: text, markup, annotated - select for diffs
Sat Oct 12 18:32:22 2019 UTC (5 years, 1 month ago) by christos
Branches: MAIN
CVS tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, is-mlppp-base, is-mlppp
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +12 -4 lines
merge openssh-8.1

Revision 1.1.1.17 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Oct 12 15:14:03 2019 UTC (5 years, 1 month ago) by christos
Branches: OPENSSH
CVS tags: v82-20200214, v81-20191009
Diff to: previous 1.1.1.16: preferred, colored
Changes since revision 1.1.1.16: +11 -3 lines
OpenSSH 8.1 was released on 2019-10-09. It is available from the
mirrors listed at https://www.openssh.com/.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Security
========

 * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer
   overflow bug was found in the private key parsing code for the XMSS
   key type. This key type is still experimental and support for it is
   not compiled by default. No user-facing autoconf option exists in
   portable OpenSSH to enable it. This bug was found by Adam Zabrocki
   and reported via SecuriTeam's SSD program.

 * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
   rest in RAM against speculation and memory side-channel attacks like
   Spectre, Meltdown and Rambleed. This release encrypts private keys
   when they are not in use with a symmetric key that is derived from a
   relatively large "prekey" consisting of random data (currently 16KB).

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh-keygen(1): when acting as a CA and signing certificates with
   an RSA key, default to using the rsa-sha2-512 signature algorithm.
   Certificates signed by RSA keys will therefore be incompatible
   with OpenSSH versions prior to 7.2 unless the default is
   overridden (using "ssh-keygen -t ssh-rsa -s ...").

Revision 1.17.2.1: download - view: text, markup, annotated - select for diffs
Mon Jun 10 21:41:12 2019 UTC (5 years, 6 months ago) by christos
Branches: phil-wifi
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +9 -12 lines
Sync with HEAD

Revision 1.20: download - view: text, markup, annotated - select for diffs
Fri Apr 26 01:51:55 2019 UTC (5 years, 7 months ago) by christos
Branches: MAIN
CVS tags: phil-wifi-20190609, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1
Branch point for: netbsd-9
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +2 -2 lines
attribute police

Revision 1.19: download - view: text, markup, annotated - select for diffs
Sat Apr 20 17:16:40 2019 UTC (5 years, 7 months ago) by christos
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +6 -8 lines
merge conflicts.

Revision 1.1.1.16 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Apr 20 17:13:53 2019 UTC (5 years, 7 months ago) by christos
Branches: OPENSSH
CVS tags: v80-20190417
Diff to: previous 1.1.1.15: preferred, colored
Changes since revision 1.1.1.15: +5 -7 lines
Import 8.0:

Security
========

This release contains mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.

This release adds client-side checking that the filenames sent from
the server match the command-line request,

The scp protocol is outdated, inflexible and not readily fixed. We
recommend the use of more modern protocols like sftp and rsync for
file transfer instead.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * scp(1): Relating to the above changes to scp(1); the scp protocol
   relies on the remote shell for wildcard expansion, so there is no
   infallible way for the client's wildcard matching to perfectly
   reflect the server's. If there is a difference between client and
   server wildcard expansion, the client may refuse files from the
   server. For this reason, we have provided a new "-T" flag to scp
   that disables these client-side checks at the risk of
   reintroducing the attack described above.

 * sshd(8): Remove support for obsolete "host/port" syntax. Slash-
   separated host/port was added in 2001 as an alternative to
   host:port syntax for the benefit of IPv6 users. These days there
   are establised standards for this like [::1]:22 and the slash
   syntax is easily mistaken for CIDR notation, which OpenSSH
   supports for some things. Remove the slash notation from
   ListenAddress and PermitOpen; bz#2335

Changes since OpenSSH 7.9
=========================

This release is focused on new features and internal refactoring.

New Features
------------

 * ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
   PKCS#11 tokens.

 * ssh(1), sshd(8): Add experimental quantum-computing resistant
   key exchange method, based on a combination of Streamlined NTRU
   Prime 4591^761 and X25519.

 * ssh-keygen(1): Increase the default RSA key size to 3072 bits,
   following NIST Special Publication 800-57's guidance for a
   128-bit equivalent symmetric security level.

 * ssh(1): Allow "PKCS11Provider=none" to override later instances of
   the PKCS11Provider directive in ssh_config; bz#2974

 * sshd(8): Add a log message for situations where a connection is
   dropped for attempting to run a command but a sshd_config
   ForceCommand=internal-sftp restriction is in effect; bz#2960

 * ssh(1): When prompting whether to record a new host key, accept
   the key fingerprint as a synonym for "yes". This allows the user
   to paste a fingerprint obtained out of band at the prompt and
   have the client do the comparison for you.

 * ssh-keygen(1): When signing multiple certificates on a single
   command-line invocation, allow automatically incrementing the
   certificate serial number.

 * scp(1), sftp(1): Accept -J option as an alias to ProxyJump on
   the scp and sftp command-lines.

 * ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
   command-line flags to increase the verbosity of output; pass
   verbose flags though to subprocesses, such as ssh-pkcs11-helper
   started from ssh-agent.

 * ssh-add(1): Add a "-T" option to allowing testing whether keys in
   an agent are usable by performing a signature and a verification.

 * sftp-server(8): Add a "lsetstat@openssh.com" protocol extension
   that replicates the functionality of the existing SSH2_FXP_SETSTAT
   operation but does not follow symlinks. bz#2067

 * sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request
   they do not follow symlinks.

 * sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes
   the connection 4-tuple available to PAM modules that wish to use
   it in decision-making. bz#2741

 * sshd(8): Add a ssh_config "Match final" predicate Matches in same
   pass as "Match canonical" but doesn't require hostname
   canonicalisation be enabled. bz#2906

 * sftp(1): Support a prefix of '@' to suppress echo of sftp batch
   commands; bz#2926

 * ssh-keygen(1): When printing certificate contents using
   "ssh-keygen -Lf /path/certificate", include the algorithm that
   the CA used to sign the cert.

Bugfixes
--------

 * sshd(8): Fix authentication failures when sshd_config contains
   "AuthenticationMethods any" inside a Match block that overrides
   a more restrictive default.

 * sshd(8): Avoid sending duplicate keepalives when ClientAliveCount
   is enabled.

 * sshd(8): Fix two race conditions related to SIGHUP daemon restart.
   Remnant file descriptors in recently-forked child processes could
   block the parent sshd's attempt to listen(2) to the configured
   addresses. Also, the restarting parent sshd could exit before any
   child processes that were awaiting their re-execution state had
   completed reading it, leaving them in a fallback path.

 * ssh(1): Fix stdout potentially being redirected to /dev/null when
   ProxyCommand=- was in use.

 * sshd(8): Avoid sending SIGPIPE to child processes if they attempt
   to write to stderr after their parent processes have exited;
   bz#2071

 * ssh(1): Fix bad interaction between the ssh_config ConnectTimeout
   and ConnectionAttempts directives - connection attempts after the
   first were ignoring the requested timeout; bz#2918

 * ssh-keyscan(1): Return a non-zero exit status if no keys were
   found; bz#2903

 * scp(1): Sanitize scp filenames to allow UTF-8 characters without
   terminal control sequences;  bz#2434

 * sshd(8): Fix confusion between ClientAliveInterval and time-based
   RekeyLimit that could cause connections to be incorrectly closed.
   bz#2757

 * ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN
   handling at initial token login. The attempt to read the PIN
   could be skipped in some cases, particularly on devices with
   integrated PIN readers. This would lead to an inability to
   retrieve keys from these tokens. bz#2652

 * ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
   CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
   C_SignInit operation. bz#2638

 * ssh(1): Improve documentation for ProxyJump/-J, clarifying that
   local configuration does not apply to jump hosts.

 * ssh-keygen(1): Clarify manual - ssh-keygen -e only writes
   public keys, not private.

 * ssh(1), sshd(8): be more strict in processing protocol banners,
   allowing \r characters only immediately before \n.

 * Various: fix a number of memory leaks, including bz#2942 and
   bz#2938

 * scp(1), sftp(1): fix calculation of initial bandwidth limits.
   Account for bytes written before the timer starts and adjust the
   schedule on which recalculations are performed. Avoids an initial
   burst of traffic and yields more accurate bandwidth limits;
   bz#2927

 * sshd(8): Only consider the ext-info-c extension during the initial
   key eschange. It shouldn't be sent in subsequent ones, but if it
   is present we should ignore it. This prevents sshd from sending a
   SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929

 * ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
   authorized_keys) and -R (remove host from authorized_keys) options
   may accept either a bare hostname or a [hostname]:port combo.
   bz#2935

 * ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936

 * sshd(8): Silence error messages when sshd fails to load some of
   the default host keys. Failure to load an explicitly-configured
   hostkey is still an error, and failure to load any host key is
   still fatal. pr/103

 * ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
   started with ControlPersist; prevents random ProxyCommand output
   from interfering with session output.

 * ssh(1): The ssh client was keeping a redundant ssh-agent socket
   (leftover from authentication) around for the life of the
   connection; bz#2912

 * sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
   PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types
   were specified, then authentication would always fail for RSA keys
   as the monitor checks only the base key (not the signature
   algorithm) type against *AcceptedKeyTypes. bz#2746

 * ssh(1): Request correct signature types from ssh-agent when
   certificate keys and RSA-SHA2 signatures are in use.

Portability
-----------

 * sshd(8): On Cygwin, run as SYSTEM where possible, using S4U for
   token creation if it supports MsV1_0 S4U Logon.

 * sshd(8): On Cygwin, use custom user/group matching code that
   respects the OS' behaviour of case-insensitive matching.

 * sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies
   the user environment if it's enabled; bz#2937

 * sshd(8) Cygwin: Change service name to cygsshd to avoid collision
   with Microsoft's OpenSSH port.

 * Allow building against OpenSSL -dev (3.x)

 * Fix a number of build problems against version configurations and
   versions of OpenSSL. Including bz#2931 and bz#2921

 * Improve warnings in cygwin service setup. bz#2922

 * Remove hardcoded service name in cygwin setup. bz#2922

Revision 1.16.2.2: download - view: text, markup, annotated - select for diffs
Thu Sep 6 06:51:33 2018 UTC (6 years, 3 months ago) by pgoyette
Branches: pgoyette-compat
CVS tags: pgoyette-compat-merge-20190127
Diff to: previous 1.16.2.1: preferred, colored; branchpoint 1.16: preferred, colored; next MAIN 1.17: preferred, colored
Changes since revision 1.16.2.1: +4 -5 lines
Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)

Revision 1.18: download - view: text, markup, annotated - select for diffs
Sun Aug 26 07:46:36 2018 UTC (6 years, 3 months ago) by christos
Branches: MAIN
CVS tags: pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +3 -4 lines
merge conflicts

Revision 1.1.1.15 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Aug 26 07:40:52 2018 UTC (6 years, 3 months ago) by christos
Branches: OPENSSH
CVS tags: v78-20180824
Diff to: previous 1.1.1.14: preferred, colored
Changes since revision 1.1.1.14: +3 -4 lines
Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.

 * sshd(8): remove internal support for S/Key multiple factor
   authentication. S/Key may still be used via PAM or BSD auth.

 * ssh(1): remove vestigal support for running ssh(1) as setuid. This
   used to be required for hostbased authentication and the (long
   gone) rhosts-style authentication, but has not been necessary for
   a long time. Attempting to execute ssh as a setuid binary, or with
   uid != effective uid will now yield a fatal error at runtime.

 * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
   HostbasedAcceptedKeyTypes options have changed. These now specify
   signature algorithms that are accepted for their respective
   authentication mechanism, where previously they specified accepted
   key types. This distinction matters when using the RSA/SHA2
   signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
   certificate counterparts. Configurations that override these
   options but omit these algorithm names may cause unexpected
   authentication failures (no action is required for configurations
   that accept the default for these options).

 * sshd(8): the precedence of session environment variables has
   changed. ~/.ssh/environment and environment="..." options in
   authorized_keys files can no longer override SSH_* variables set
   implicitly by sshd.

 * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
   They will now use DSCP AF21 for interactive traffic and CS1 for
   bulk.  For a detailed rationale, please see the commit message:
   https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284

Revision 1.16.2.1: download - view: text, markup, annotated - select for diffs
Sat Apr 7 04:11:48 2018 UTC (6 years, 8 months ago) by pgoyette
Branches: pgoyette-compat
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +5 -2 lines
Sync with HEAD.  77 conflicts resolved - all of them $NetBSD$

Revision 1.17: download - view: text, markup, annotated - select for diffs
Fri Apr 6 18:59:00 2018 UTC (6 years, 8 months ago) by christos
Branches: MAIN
CVS tags: phil-wifi-base, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407
Branch point for: phil-wifi
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +4 -1 lines
merge conflicts

Revision 1.1.1.14 (vendor branch): download - view: text, markup, annotated - select for diffs
Fri Apr 6 18:56:09 2018 UTC (6 years, 8 months ago) by christos
Branches: OPENSSH
CVS tags: v77-20180405
Diff to: previous 1.1.1.13: preferred, colored
Changes since revision 1.1.1.13: +4 -1 lines
OpenSSH 7.7 was released on 2018-04-02. It is available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.

Changes since OpenSSH 7.6
=========================

This is primarily a bugfix release.

New Features
------------

 * All: Add experimental support for PQC XMSS keys (Extended Hash-
   Based Signatures) based on the algorithm described in
   https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
   The XMSS signature code is experimental and not compiled in by
   default.

 * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
   to allow conditional configuration that depends on which routing
   domain a connection was received on (currently supported on OpenBSD
   and Linux).

 * sshd_config(5): Add an optional rdomain qualifier to the
   ListenAddress directive to allow listening on different routing
   domains. This is supported only on OpenBSD and Linux at present.

 * sshd_config(5): Add RDomain directive to allow the authenticated
   session to be placed in an explicit routing domain. This is only
   supported on OpenBSD at present.

 * sshd(8): Add "expiry-time" option for authorized_keys files to
   allow for expiring keys.

 * ssh(1): Add a BindInterface option to allow binding the outgoing
   connection to an interface's address (basically a more usable
   BindAddress)

 * ssh(1): Expose device allocated for tun/tap forwarding via a new
   %T expansion for LocalCommand. This allows LocalCommand to be used
   to prepare the interface.

 * sshd(8): Expose the device allocated for tun/tap forwarding via a
   new SSH_TUNNEL environment variable. This allows automatic setup of
   the interface and surrounding network configuration automatically on
   the server.

 * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
   ssh://user@host or sftp://user@host/path.  Additional connection
   parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
   implemented since the ssh fingerprint format in the draft uses the
   deprecated MD5 hash with no way to specify the any other algorithm.

 * ssh-keygen(1): Allow certificate validity intervals that specify
   only a start or stop time (instead of both or neither).

 * sftp(1): Allow "cd" and "lcd" commands with no explicit path
   argument. lcd will change to the local user's home directory as
   usual. cd will change to the starting directory for session (because
   the protocol offers no way to obtain the remote user's home
   directory). bz#2760

 * sshd(8): When doing a config test with sshd -T, only require the
   attributes that are actually used in Match criteria rather than (an
   incomplete list of) all criteria.

Bugfixes
--------

 * ssh(1)/sshd(8): More strictly check signature types during key
   exchange against what was negotiated. Prevents downgrade of RSA
   signatures made with SHA-256/512 to SHA-1.

 * sshd(8): Fix support for client that advertise a protocol version
   of "1.99" (indicating that they are prepared to accept both SSHv1 and
   SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
   support. bz#2810

 * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
   a rsa-sha2-256/512 signature was requested. This condition is possible
   when an old or non-OpenSSH agent is in use. bz#2799

 * ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
   to fatally exit if presented an invalid signature request message.

 * sshd_config(5): Accept yes/no flag options case-insensitively, as
   has been the case in ssh_config(5) for a long time. bz#2664

 * ssh(1): Improve error reporting for failures during connection.
   Under some circumstances misleading errors were being shown. bz#2814

 * ssh-keyscan(1): Add -D option to allow printing of results directly
   in SSHFP format. bz#2821

 * regress tests: fix PuTTY interop test broken in last release's SSHv1
   removal. bz#2823

 * ssh(1): Compatibility fix for some servers that erroneously drop the
   connection when the IUTF8 (RFC8160) option is sent.

 * scp(1): Disable RemoteCommand and RequestTTY in the ssh session
   started by scp (sftp was already doing this.)

 * ssh-keygen(1): Refuse to create a certificate with an unusable
   number of principals.

 * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
   public key during key generation. Previously it would silently
   ignore errors writing the comment and terminating newline.

 * ssh(1): Do not modify hostname arguments that are addresses by
   automatically forcing them to lower-case. Instead canonicalise them
   to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
   against known_hosts. bz#2763

 * ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
   prompts. bz#2803

 * sftp(1): Have sftp print a warning about shell cleanliness when
   decoding the first packet fails, which is usually caused by shells
   polluting stdout of non-interactive startups. bz#2800

 * ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
   time to monotonic time, allowing the packet layer to better function
   over a clock step and avoiding possible integer overflows during
   steps.

 * Numerous manual page fixes and improvements.

Portability
-----------

 * sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
   sandbox violations on some environments.

 * sshd(8): Remove UNICOS support. The hardware and software are literal
   museum pieces and support in sshd is too intrusive to justify
   maintaining.

 * All: Build and link with "retpoline" flags when available to mitigate
   the "branch target injection" style (variant 2) of the Spectre
   branch-prediction vulnerability.

 * All: Add auto-generated dependency information to Makefile.

 * Numerous fixed to the RPM spec files.

Checksums:
==========

- SHA1 (openssh-7.7.tar.gz) = 24812e05fa233014c847c7775748316e7f8a836c
- SHA256 (openssh-7.7.tar.gz) = T4ua1L/vgAYqwB0muRahvnm5ZUr3PLY9nPljaG8egvo=

- SHA1 (openssh-7.7p1.tar.gz) = 446fe9ed171f289f0d62197dffdbfdaaf21c49f2
- SHA256 (openssh-7.7p1.tar.gz) = 1zvn5oTpnvzQJL4Vowv/y+QbASsvezyQhK7WIXdea48=

Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

Revision 1.15.4.1: download - view: text, markup, annotated - select for diffs
Mon Dec 4 10:55:18 2017 UTC (7 years ago) by snj
Branches: netbsd-8
CVS tags: netbsd-8-3-RELEASE, netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1
Diff to: previous 1.15: preferred, colored; next MAIN 1.16: preferred, colored
Changes since revision 1.15: +12 -8 lines
Pull up following revision(s) (requested by sevan in ticket #320):
	distrib/sets/lists/base/shl.mi: 1.822
	distrib/sets/lists/debug/shl.mi: 1.184
	doc/3RDPARTY: 1.1475
	crypto/external/bsd/openssh/Makefile.inc: up to 1.10
	crypto/external/bsd/openssh/bin/ssh/Makefile: up to 1.12
	crypto/external/bsd/openssh/dist/LICENCE: up to 1.6
	crypto/external/bsd/openssh/dist/PROTOCOL: up to 1.10
	crypto/external/bsd/openssh/dist/PROTOCOL.agent: up to 1.9
	crypto/external/bsd/openssh/dist/PROTOCOL.certkeys: up to 1.8
	crypto/external/bsd/openssh/dist/auth-options.c: up to 1.16
	crypto/external/bsd/openssh/dist/auth-options.h: up to 1.9
	crypto/external/bsd/openssh/dist/auth-pam.c: up to 1.12
	crypto/external/bsd/openssh/dist/auth.c: up to 1.20
	crypto/external/bsd/openssh/dist/auth.h: up to 1.16
	crypto/external/bsd/openssh/dist/auth2-chall.c: up to 1.13
	crypto/external/bsd/openssh/dist/auth2-gss.c: up to 1.11
	crypto/external/bsd/openssh/dist/auth2-hostbased.c: up to 1.12
	crypto/external/bsd/openssh/dist/auth2-kbdint.c: up to 1.8
	crypto/external/bsd/openssh/dist/auth2-krb5.c: up to 1.7
	crypto/external/bsd/openssh/dist/auth2-none.c: up to 1.8
	crypto/external/bsd/openssh/dist/auth2-passwd.c: up to 1.8
	crypto/external/bsd/openssh/dist/auth2-pubkey.c: up to 1.18
	crypto/external/bsd/openssh/dist/auth2.c: up to 1.15
	crypto/external/bsd/openssh/dist/authfd.c: up to 1.14
	crypto/external/bsd/openssh/dist/authfd.h: up to 1.9
	crypto/external/bsd/openssh/dist/authfile.c: up to 1.17
	crypto/external/bsd/openssh/dist/bitmap.c: up to 1.6
	crypto/external/bsd/openssh/dist/bufbn.c: up to 1.9
	crypto/external/bsd/openssh/dist/buffer.h: up to 1.10
	crypto/external/bsd/openssh/dist/channels.c: up to 1.20
	crypto/external/bsd/openssh/dist/channels.h: up to 1.14
	crypto/external/bsd/openssh/dist/cipher-3des1.c: delete
	crypto/external/bsd/openssh/dist/cipher-bf1.c: delete
	crypto/external/bsd/openssh/dist/cipher.c: up to 1.11
	crypto/external/bsd/openssh/dist/cipher.h: up to 1.11
	crypto/external/bsd/openssh/dist/clientloop.c: up to 1.22
	crypto/external/bsd/openssh/dist/clientloop.h: up to 1.15
	crypto/external/bsd/openssh/dist/compat.c: up to 1.17
	crypto/external/bsd/openssh/dist/compat.h: up to 1.10
	crypto/external/bsd/openssh/dist/deattack.c: delete
	crypto/external/bsd/openssh/dist/deattack.h: delete
	crypto/external/bsd/openssh/dist/digest-libc.c: up to 1.7
	crypto/external/bsd/openssh/dist/digest-openssl.c: up to 1.6
	crypto/external/bsd/openssh/dist/digest.h: up to 1.1.1.3
	crypto/external/bsd/openssh/dist/dispatch.c: up to 1.9
	crypto/external/bsd/openssh/dist/dispatch.h: up to 1.7
	crypto/external/bsd/openssh/dist/dns.c: up to 1.15
	crypto/external/bsd/openssh/dist/dns.h: up to 1.10
	crypto/external/bsd/openssh/dist/gss-serv.c: up to 1.11
	crypto/external/bsd/openssh/dist/hostfile.c: up to 1.11
	crypto/external/bsd/openssh/dist/includes.h: up to 1.7
	crypto/external/bsd/openssh/dist/kex.c: up to 1.19
	crypto/external/bsd/openssh/dist/kex.h: up to 1.16
	crypto/external/bsd/openssh/dist/kexc25519c.c: up to 1.7
	crypto/external/bsd/openssh/dist/kexc25519s.c: up to 1.9
	crypto/external/bsd/openssh/dist/kexdhc.c: up to 1.10
	crypto/external/bsd/openssh/dist/kexdhs.c: up to 1.13
	crypto/external/bsd/openssh/dist/kexecdhc.c: up to 1.8
	crypto/external/bsd/openssh/dist/kexecdhs.c: up to 1.9
	crypto/external/bsd/openssh/dist/kexgexc.c: up to 1.10
	crypto/external/bsd/openssh/dist/kexgexs.c: up to 1.14
	crypto/external/bsd/openssh/dist/key.c: up to 1.22
	crypto/external/bsd/openssh/dist/key.h: up to 1.14
	crypto/external/bsd/openssh/dist/krl.c: up to 1.11
	crypto/external/bsd/openssh/dist/log.c: up to 1.17
	crypto/external/bsd/openssh/dist/log.h: up to 1.13
	crypto/external/bsd/openssh/dist/mac.c: up to 1.15
	crypto/external/bsd/openssh/dist/misc.c: up to 1.16
	crypto/external/bsd/openssh/dist/misc.h: up to 1.13
	crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh: up to 1.1.1.2
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680: up to 1.3
	crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192: up to 1.3
	crypto/external/bsd/openssh/dist/monitor.c: up to 1.23
	crypto/external/bsd/openssh/dist/monitor_wrap.c: up to 1.18
	crypto/external/bsd/openssh/dist/monitor_wrap.h: up to 1.14
	crypto/external/bsd/openssh/dist/mux.c: up to 1.19
	crypto/external/bsd/openssh/dist/myproposal.h: up to 1.17
	crypto/external/bsd/openssh/dist/nchan.c: up to 1.9
	crypto/external/bsd/openssh/dist/opacket.c: up to 1.8
	crypto/external/bsd/openssh/dist/opacket.h: up to 1.8
	crypto/external/bsd/openssh/dist/packet.c: up to 1.29
	crypto/external/bsd/openssh/dist/packet.h: up to 1.16
	crypto/external/bsd/openssh/dist/pathnames.h: up to 1.13
	crypto/external/bsd/openssh/dist/pfilter.c: up to 1.4
	crypto/external/bsd/openssh/dist/readconf.c: up to 1.22
	crypto/external/bsd/openssh/dist/readconf.h: up to 1.19
	crypto/external/bsd/openssh/dist/recallocarray.c: up to 1.1
	crypto/external/bsd/openssh/dist/rsa.c: delete
	crypto/external/bsd/openssh/dist/rsa.h: delete
	crypto/external/bsd/openssh/dist/scp.1: up to 1.15
	crypto/external/bsd/openssh/dist/scp.c: up to 1.17
	crypto/external/bsd/openssh/dist/servconf.c: up to 1.25
	crypto/external/bsd/openssh/dist/servconf.h: up to 1.16
	crypto/external/bsd/openssh/dist/serverloop.c: up to 1.18
	crypto/external/bsd/openssh/dist/serverloop.h: up to 1.7
	crypto/external/bsd/openssh/dist/session.c: up to 1.23
	crypto/external/bsd/openssh/dist/session.h: up to 1.8
	crypto/external/bsd/openssh/dist/sftp-client.c: up to 1.19
	crypto/external/bsd/openssh/dist/sftp-common.c: up to 1.10
	crypto/external/bsd/openssh/dist/sftp-server.c: up to 1.17
	crypto/external/bsd/openssh/dist/sftp.1: up to 1.16
	crypto/external/bsd/openssh/dist/sftp.c: up to 1.22
	crypto/external/bsd/openssh/dist/ssh-add.1: up to 1.13
	crypto/external/bsd/openssh/dist/ssh-add.c: up to 1.16
	crypto/external/bsd/openssh/dist/ssh-agent.c: up to 1.21
	crypto/external/bsd/openssh/dist/ssh-gss.h: up to 1.8
	crypto/external/bsd/openssh/dist/ssh-keygen.1: up to 1.20
	crypto/external/bsd/openssh/dist/ssh-keygen.c: up to 1.28
	crypto/external/bsd/openssh/dist/ssh-keyscan.1: up to 1.14
	crypto/external/bsd/openssh/dist/ssh-keyscan.c: up to 1.20
	crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c: up to 1.10
	crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c: up to 1.13
	crypto/external/bsd/openssh/dist/ssh-pkcs11.c: up to 1.13
	crypto/external/bsd/openssh/dist/ssh-rsa.c: up to 1.13
	crypto/external/bsd/openssh/dist/ssh.1: up to 1.21
	crypto/external/bsd/openssh/dist/ssh.c: up to 1.26
	crypto/external/bsd/openssh/dist/ssh.h: up to 1.10
	crypto/external/bsd/openssh/dist/ssh1.h: delete
	crypto/external/bsd/openssh/dist/ssh_api.c: up to 1.7
	crypto/external/bsd/openssh/dist/ssh_config: up to 1.11
	crypto/external/bsd/openssh/dist/ssh_config.5: up to 1.21
	crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c: up to 1.8
	crypto/external/bsd/openssh/dist/sshbuf.c: up to 1.8
	crypto/external/bsd/openssh/dist/sshbuf.h: up to 1.8
	crypto/external/bsd/openssh/dist/sshconnect.c: up to 1.20
	crypto/external/bsd/openssh/dist/sshconnect.h: up to 1.10
	crypto/external/bsd/openssh/dist/sshconnect1.c: delete
	crypto/external/bsd/openssh/dist/sshconnect2.c: up to 1.29
	crypto/external/bsd/openssh/dist/sshd.8: up to 1.19
	crypto/external/bsd/openssh/dist/sshd.c: up to 1.28
	crypto/external/bsd/openssh/dist/sshd_config.5: up to 1.25
	crypto/external/bsd/openssh/dist/ssherr.c: up to 1.7
	crypto/external/bsd/openssh/dist/ssherr.h: up to 1.1.1.3
	crypto/external/bsd/openssh/dist/sshkey.c: up to 1.11
	crypto/external/bsd/openssh/dist/sshkey.h: up to 1.6
	crypto/external/bsd/openssh/dist/ttymodes.c: up to 1.8
	crypto/external/bsd/openssh/dist/ttymodes.h: up to 1.8
	crypto/external/bsd/openssh/dist/umac.c: up to 1.14
	crypto/external/bsd/openssh/dist/utf8.c: up to 1.6
	crypto/external/bsd/openssh/dist/version.h: up to 1.24
	crypto/external/bsd/openssh/dist/xmalloc.c: up to 1.10
	crypto/external/bsd/openssh/dist/xmalloc.h: up to 1.10
	crypto/external/bsd/openssh/lib/Makefile: up to 1.23
	crypto/external/bsd/openssh/lib/shlib_version: up to 1.20
Update OpenSSH to 7.6.

Revision 1.16: download - view: text, markup, annotated - select for diffs
Sat Oct 7 19:39:19 2017 UTC (7 years, 2 months ago) by christos
Branches: MAIN
CVS tags: pgoyette-compat-base, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +11 -7 lines
merge conflicts.

Revision 1.1.1.13 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Oct 7 19:36:12 2017 UTC (7 years, 2 months ago) by christos
Branches: OPENSSH
CVS tags: v76-20171003
Diff to: previous 1.1.1.12: preferred, colored
Changes since revision 1.1.1.12: +11 -7 lines
Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1): delete SSH protocol version 1 support, associated
   configuration options and documentation.

 * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

 * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
   ciphers.

 * Refuse RSA keys <1024 bits in length and improve reporting for keys
   that do not meet this requirement.

 * ssh(1): do not offer CBC ciphers by default.

Changes since OpenSSH 7.5
=========================

This is primarily a bugfix release. It also contains substantial
internal refactoring.

Security
--------

 * sftp-server(8): in read-only mode, sftp-server was incorrectly
   permitting creation of zero-length files. Reported by Michal
   Zalewski.

New Features
------------

 * ssh(1): add RemoteCommand option to specify a command in the ssh
   config file instead of giving it on the client's command line. This
   allows the configuration file to specify the command that will be
   executed on the remote host.

 * sshd(8): add ExposeAuthInfo option that enables writing details of
   the authentication methods used (including public keys where
   applicable) to a file that is exposed via a $SSH_USER_AUTH
   environment variable in the subsequent session.

 * ssh(1): add support for reverse dynamic forwarding. In this mode,
   ssh will act as a SOCKS4/5 proxy and forward connections
   to destinations requested by the remote SOCKS client. This mode
   is requested using extended syntax for the -R and RemoteForward
   options and, because it is implemented solely at the client,
   does not require the server be updated to be supported.

 * sshd(8): allow LogLevel directive in sshd_config Match blocks;
   bz#2717

 * ssh-keygen(1): allow inclusion of arbitrary string or flag
   certificate extensions and critical options.

 * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
   a CA when signing certificates. bz#2377

 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
   ToS/DSCP value and just use the operating system default.

 * ssh-add(1): added -q option to make ssh-add quiet on success.

 * ssh(1): expand the StrictHostKeyChecking option with two new
   settings. The first "accept-new" will automatically accept
   hitherto-unseen keys but will refuse connections for changed or
   invalid hostkeys. This is a safer subset of the current behaviour
   of StrictHostKeyChecking=no. The second setting "off", is a synonym
   for the current behaviour of StrictHostKeyChecking=no: accept new
   host keys, and continue connection for hosts with incorrect
   hostkeys. A future release will change the meaning of
   StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

 * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
   option in sshd(8). bz#2705

Bugfixes
--------

 * ssh(1): use HostKeyAlias if specified instead of hostname for
   matching host certificate principal names; bz#2728

 * sftp(1): implement sorting for globbed ls; bz#2649

 * ssh(1): add a user@host prefix to client's "Permission denied"
   messages, useful in particular when using "stacked" connections
   (e.g. ssh -J) where it's not clear which host is denying. bz#2720

 * ssh(1): accept unknown EXT_INFO extension values that contain \0
   characters. These are legal, but would previously cause fatal
   connection errors if received.

 * ssh(1)/sshd(8): repair compression statistics printed at
   connection exit

 * sftp(1): print '?' instead of incorrect link count (that the
   protocol doesn't provide) for remote listings. bz#2710

 * ssh(1): return failure rather than fatal() for more cases during
   session multiplexing negotiations. Causes the session to fall back
   to a non-mux connection if they occur. bz#2707

 * ssh(1): mention that the server may send debug messages to explain
   public key authentication problems under some circumstances; bz#2709

 * Translate OpenSSL error codes to better report incorrect passphrase
   errors when loading private keys; bz#2699

 * sshd(8): adjust compatibility patterns for WinSCP to correctly
   identify versions that implement only the legacy DH group exchange
   scheme. bz#2748

 * ssh(1): print the "Killed by signal 1" message only at LogLevel
   verbose so that it is not shown at the default level; prevents it
   from appearing during ssh -J and equivalent ProxyCommand configs.
   bz#1906, bz#2744

 * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
   existing keys if they exist but are zero length. zero-length keys
   could previously be made if ssh-keygen failed or was interrupted part
   way through generating them. bz#2561

 * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
   place the current session in the background.

 * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

 * sshd(8): avoid reliance on shared use of pointers shared between
   monitor and child sshd processes. bz#2704

 * sshd_config(8): document available AuthenticationMethods; bz#2453

 * ssh(1): avoid truncation in some login prompts; bz#2768

 * sshd(8): Fix various compilations failures, inc bz#2767

 * ssh(1): make "--" before the hostname terminate argument processing
   after the hostname too.

 * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
   new-style private keys. Fixes problems related to private key
   handling for no-OpenSSL builds. bz#2754

 * ssh(1): warn and do not attempt to use keys when the public and
   private halves do not match. bz#2737

 * sftp(1): don't print verbose error message when ssh disconnects
   from under sftp. bz#2750

 * sshd(8): fix keepalive scheduling problem: activity on a forwarded
   port from preventing the keepalive from being sent; bz#2756

 * sshd(8): when started without root privileges, don't require the
   privilege separation user or path to exist. Makes running the
   regression tests easier without touching the filesystem.

 * Make integrity.sh regression tests more robust against timeouts.
   bz#2658

 * ssh(1)/sshd(8): correctness fix for channels implementation: accept
   channel IDs greater than 0x7FFFFFFF.

Portability
-----------

 * sshd(9): drop two more privileges in the Solaris sandbox:
   PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

 * sshd(8): expose list of completed authentication methods to PAM
   via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

 * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
   mostly to do with host/network byte order confusion. bz#2735

 * Add --with-cflags-after and --with-ldflags-after configure flags to
   allow setting CFLAGS/LDFLAGS after configure has completed. These
   are useful for setting sanitiser/fuzzing options that may interfere
   with configure's operation.

 * sshd(8): avoid Linux seccomp violations on ppc64le over the
   socketcall syscall.

 * Fix use of ldns when using ldns-config; bz#2697

 * configure: set cache variables when cross-compiling. The cross-
   compiling fallback message was saying it assumed the test passed,
   but it wasn't actually set the cache variables and this would
   cause later tests to fail.

 * Add clang libFuzzer harnesses for public key parsing and signature
   verification.

Revision 1.6.4.1: download - view: text, markup, annotated - select for diffs
Tue Aug 15 05:27:52 2017 UTC (7 years, 3 months ago) by snj
Branches: netbsd-6
Diff to: previous 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6: +167 -96 lines
Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.

Revision 1.6.10.1: download - view: text, markup, annotated - select for diffs
Tue Aug 15 04:40:16 2017 UTC (7 years, 3 months ago) by snj
Branches: netbsd-6-1
Diff to: previous 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6: +167 -96 lines
Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.

Revision 1.6.8.1: download - view: text, markup, annotated - select for diffs
Tue Aug 15 04:39:21 2017 UTC (7 years, 3 months ago) by snj
Branches: netbsd-6-0
Diff to: previous 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6: +167 -96 lines
Apply patch (requested by mrg in ticket #1468):
Update OpenSSH to 7.5.

Revision 1.12.2.3: download - view: text, markup, annotated - select for diffs
Wed Apr 26 02:52:14 2017 UTC (7 years, 7 months ago) by pgoyette
Branches: pgoyette-localcount
Diff to: previous 1.12.2.2: preferred, colored; branchpoint 1.12: preferred, colored; next MAIN 1.13: preferred, colored
Changes since revision 1.12.2.2: +8 -3 lines
Sync with HEAD

Revision 1.14.2.1: download - view: text, markup, annotated - select for diffs
Fri Apr 21 16:50:57 2017 UTC (7 years, 7 months ago) by bouyer
Branches: bouyer-socketcan
Diff to: previous 1.14: preferred, colored; next MAIN 1.15: preferred, colored
Changes since revision 1.14: +8 -3 lines
Sync with HEAD

Revision 1.15: download - view: text, markup, annotated - select for diffs
Tue Apr 18 18:41:46 2017 UTC (7 years, 7 months ago) by christos
Branches: MAIN
CVS tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-20170426, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-8-base, matt-nb8-mediatek-base, matt-nb8-mediatek, bouyer-socketcan-base1
Branch point for: netbsd-8
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +8 -3 lines
merge conflicts

Revision 1.1.1.12 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue Apr 18 18:39:18 2017 UTC (7 years, 7 months ago) by christos
Branches: OPENSSH
CVS tags: v75-20170418
Diff to: previous 1.1.1.11: preferred, colored
Changes since revision 1.1.1.11: +7 -2 lines
OpenSSH 7.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Future deprecation notice
=========================

We plan on retiring more legacy cryptography in future releases,
specifically:

 * In the next major release (expected June-August), removing remaining
   support for the SSH v.1 protocol (currently client-only and compile-
   time disabled).

 * In the same release, removing support for Blowfish and RC4 ciphers
   and the RIPE-MD160 HMAC. (These are currently run-time disabled).

 * In the same release, removing the remaining CBC ciphers from being
   offered by default in the client (These have not been offered in
   sshd by default for several years).

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * This release deprecates the sshd_config UsePrivilegeSeparation
   option, thereby making privilege separation mandatory. Privilege
   separation has been on by default for almost 15 years and
   sandboxing has been on by default for almost the last five.

 * The format of several log messages emitted by the packet code has
   changed to include additional information about the user and
   their authentication state. Software that monitors ssh/sshd logs
   may need to account for these changes. For example:

   Connection closed by user x 1.1.1.1 port 1234 [preauth]
   Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
   Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]

   Affected messages include connection closure, timeout, remote
   disconnection, negotiation failure and some other fatal messages
   generated by the packet code.

 * [Portable OpenSSH only] This version removes support for building
   against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
   versions prior to 1.0.1 over 12 months ago (i.e. they no longer
   receive fixes for security bugs).

Revision 1.12.2.2: download - view: text, markup, annotated - select for diffs
Sat Jan 7 08:53:42 2017 UTC (7 years, 11 months ago) by pgoyette
Branches: pgoyette-localcount
Diff to: previous 1.12.2.1: preferred, colored; branchpoint 1.12: preferred, colored
Changes since revision 1.12.2.1: +11 -7 lines
Sync with HEAD.  (Note that most of these changes are simply $NetBSD$
tag issues.)

Revision 1.14: download - view: text, markup, annotated - select for diffs
Sun Dec 25 00:07:47 2016 UTC (7 years, 11 months ago) by christos
Branches: MAIN
CVS tags: pgoyette-localcount-20170320, pgoyette-localcount-20170107, bouyer-socketcan-base
Branch point for: bouyer-socketcan
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +10 -6 lines
merge conflicts

Revision 1.1.1.11 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Dec 25 00:00:14 2016 UTC (7 years, 11 months ago) by christos
Branches: OPENSSH
CVS tags: v74-20161219
Diff to: previous 1.1.1.10: preferred, colored
Changes since revision 1.1.1.10: +10 -6 lines
Import OpenSSH-7.4

OpenSSH 7.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Future deprecation notice
=========================

We plan on retiring more legacy cryptography in future releases,
specifically:

 * In approximately August 2017, removing remaining support for the
   SSH v.1 protocol (client-only and currently compile-time disabled).

 * In the same release, removing support for Blowfish and RC4 ciphers
   and the RIPE-MD160 HMAC. (These are currently run-time disabled).

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

 * The next release of OpenSSH will remove support for running sshd(8)
   with privilege separation disabled.

 * The next release of portable OpenSSH will remove support for
   OpenSSL version prior to 1.0.1.

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * This release removes server support for the SSH v.1 protocol.

 * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
   block ciphers are not safe in 2016 and we don't want to wait until
   attacks like SWEET32 are extended to SSH. As 3des-cbc was the
   only mandatory cipher in the SSH RFCs, this may cause problems
   connecting to older devices using the default configuration,
   but it's highly likely that such devices already need explicit
   configuration for key exchange and hostkey algorithms already
   anyway.

 * sshd(8): Remove support for pre-authentication compression.
   Doing compression early in the protocol probably seemed reasonable
   in the 1990s, but today it's clearly a bad idea in terms of both
   cryptography (cf. multiple compression oracle attacks in TLS) and
   attack surface. Pre-auth compression support has been disabled by
   default for >10 years. Support remains in the client.

 * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
   of trusted paths by default. The path whitelist may be specified
   at run-time.

 * sshd(8): When a forced-command appears in both a certificate and
   an authorized keys/principals command= restriction, sshd will now
   refuse to accept the certificate unless they are identical.
   The previous (documented) behaviour of having the certificate
   forced-command override the other could be a bit confusing and
   error-prone.

 * sshd(8): Remove the UseLogin configuration directive and support
   for having /bin/login manage login sessions.

Revision 1.12.2.1: download - view: text, markup, annotated - select for diffs
Sat Aug 6 00:18:38 2016 UTC (8 years, 4 months ago) by pgoyette
Branches: pgoyette-localcount
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +7 -3 lines
Sync with HEAD

Revision 1.13: download - view: text, markup, annotated - select for diffs
Tue Aug 2 13:45:12 2016 UTC (8 years, 4 months ago) by christos
Branches: MAIN
CVS tags: pgoyette-localcount-20161104, pgoyette-localcount-20160806, localcount-20160914
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +6 -2 lines
merge conflicts.

Revision 1.1.1.10 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue Aug 2 13:29:50 2016 UTC (8 years, 4 months ago) by christos
Branches: OPENSSH
CVS tags: v73-20160802
Diff to: previous 1.1.1.9: preferred, colored
Changes since revision 1.1.1.9: +6 -2 lines
OpenSSH 7.3 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html

Future deprecation notice
=========================

We plan on retiring more legacy cryptography in a near-future
release, specifically:

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)
 * Removing server-side support for the SSH v.1 protocol (currently
   compile-time disabled).
 * In approximately 1 year, removing all support for the SSH v.1
   protocol (currently compile-time disabled).

This list reflects our current intentions, but please check the final
release notes for future releases.

Changes since OpenSSH 7.2
=========================

This is primarily a bugfix release.

Security
--------

 * sshd(8): Mitigate a potential denial-of-service attack against
   the system's crypt(3) function via sshd(8). An attacker could
   send very long passwords that would cause excessive CPU use in
   crypt(3). sshd(8) now refuses to accept password authentication
   requests of length greater than 1024 characters. Independently
   reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.

 * sshd(8): Mitigate timing differences in password authentication
   that could be used to discern valid from invalid account names
   when long passwords were sent and particular password hashing
   algorithms are in use on the server. CVE-2016-6210, reported by
   EddieEzra.Harari at verint.com

 * ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
   oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
   Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
   are disabled by default and only included for legacy compatibility.

 * ssh(1), sshd(8): Improve operation ordering of MAC verification for
   Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
   MAC before decrypting any ciphertext. This removes the possibility
   of timing differences leaking facts about the plaintext, though no
   such leakage has been observed.  Reported by Jean Paul Degabriele,
   Kenny Paterson, Torben Hansen and Martin Albrecht.

 * sshd(8): (portable only) Ignore PAM environment vars when
   UseLogin=yes. If PAM is configured to read user-specified
   environment variables and UseLogin=yes in sshd_config, then a
   hostile local user may attack /bin/login via LD_PRELOAD or
   similar environment variables set via PAM. CVE-2015-8325,
   found by Shayan Sadigh.

New Features
------------

 * ssh(1): Add a ProxyJump option and corresponding -J command-line
   flag to allow simplified indirection through a one or more SSH
   bastions or "jump hosts".

 * ssh(1): Add an IdentityAgent option to allow specifying specific
   agent sockets instead of accepting one from the environment.

 * ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
   optionally overridden when using ssh -W. bz#2577

 * ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
   per draft-sgtatham-secsh-iutf8-00.

 * ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
   2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.

 * ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
   signatures in certificates;

 * ssh(1): Add an Include directive for ssh_config(5) files.

 * ssh(1): Permit UTF-8 characters in pre-authentication banners sent
   from the server. bz#2058

Bugfixes
--------

 * ssh(1), sshd(8): Reduce the syslog level of some relatively common
   protocol events from LOG_CRIT. bz#2585

 * sshd(8): Refuse AuthenticationMethods="" in configurations and
   accept AuthenticationMethods=any for the default behaviour of not
   requiring multiple authentication. bz#2398

 * sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
   ATTEMPT!" message when forward and reverse DNS don't match. bz#2585

 * ssh(1): Close ControlPersist background process stderr except
   in debug mode or when logging to syslog. bz#1988

 * misc: Make PROTOCOL description for direct-streamlocal@openssh.com
   channel open messages match deployed code. bz#2529

 * ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
   failures when both ExitOnForwardFailure and hostname
   canonicalisation are enabled. bz#2562

 * sshd(8): Remove fallback from moduli to obsolete "primes" file
   that was deprecated in 2001. bz#2559.

 * sshd_config(5): Correct description of UseDNS: it affects ssh
   hostname processing for authorized_keys, not known_hosts; bz#2554

 * ssh(1): Fix authentication using lone certificate keys in an agent
   without corresponding private keys on the filesystem. bz#2550

 * sshd(8): Send ClientAliveInterval pings when a time-based
   RekeyLimit is set; previously keepalive packets were not being
   sent. bz#2252

Portability
-----------

 * ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
   not supported by OpenSSL. bz#2466

 * misc: Fix compilation failures on some versions of AIX's compiler
   related to the definition of the VA_COPY macro. bz#2589

 * sshd(8): Whitelist more architectures to enable the seccomp-bpf
   sandbox. bz#2590

 * ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
   using setpflags(__PROC_PROTECT, ...). bz#2584

 * sshd(8): On Solaris, don't call Solaris setproject() with
   UsePAM=yes it's PAM's responsibility. bz#2425

Checksums:
==========

 - SHA1 (openssh-7.3.tar.gz) = b1641e5265d9ec68a9a19decc3a7edd1203cbd33
 - SHA256 (openssh-7.3.tar.gz) = vS0X35qrX9OOPBkyDMYhOje/DBwHBVEV7nv5rkzw4vM=

 - SHA1 (openssh-7.3p1.tar.gz) = bfade84283fcba885e2084343ab19a08c7d123a5
 - SHA256 (openssh-7.3p1.tar.gz) = P/uYmm3KppWUw7VQ1IVaWi4XGMzd5/XjY4e0JCIPvsw=

Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Fri Mar 11 01:55:00 2016 UTC (8 years, 9 months ago) by christos
Branches: MAIN
CVS tags: pgoyette-localcount-base, pgoyette-localcount-20160726
Branch point for: pgoyette-localcount
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +4 -7 lines
merge conflicts

Revision 1.1.1.9 (vendor branch): download - view: text, markup, annotated - select for diffs
Fri Mar 11 01:50:00 2016 UTC (8 years, 9 months ago) by christos
Branches: OPENSSH
CVS tags: v72-20160310
Diff to: previous 1.1.1.8: preferred, colored
Changes since revision 1.1.1.8: +4 -7 lines
Future deprecation notice
=========================

We plan on retiring more legacy cryptography in a near-future
release, specifically:

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release disables a number of legacy cryptographic algorithms
by default in ssh:

 * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
   and the rijndael-cbc aliases for AES.

 * MD5-based and truncated HMAC algorithms.

These algorithms are already disabled by default in sshd.

Changes since OpenSSH 7.1p2
===========================

This is primarily a bugfix release.

Security
--------

 * ssh(1), sshd(8): remove unfinished and unused roaming code (was
   already forcibly disabled in OpenSSH 7.1p2).

 * ssh(1): eliminate fallback from untrusted X11 forwarding to
   trusted forwarding when the X server disables the SECURITY
   extension.

 * ssh(1), sshd(8): increase the minimum modulus size supported for
   diffie-hellman-group-exchange to 2048 bits.

 * sshd(8): pre-auth sandboxing is now enabled by default (previous
   releases enabled it for new installations via sshd_config).

New Features
------------

 * all: add support for RSA signatures using SHA-256/512 hash
   algorithms based on draft-rsa-dsa-sha2-256-03.txt and
   draft-ssh-ext-info-04.txt.

 * ssh(1): Add an AddKeysToAgent client option which can be set to
   'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.  When
   enabled, a private key that is used during authentication will be
   added to ssh-agent if it is running (with confirmation enabled if
   set to 'confirm').

 * sshd(8): add a new authorized_keys option "restrict" that includes
   all current and future key restrictions (no-*-forwarding, etc.).
   Also add permissive versions of the existing restrictions, e.g.
   "no-pty" -> "pty". This simplifies the task of setting up
   restricted keys and ensures they are maximally-restricted,
   regardless of any permissions we might implement in the future.

 * ssh(1): add ssh_config CertificateFile option to explicitly list
   certificates. bz#2436

 * ssh-keygen(1): allow ssh-keygen to change the key comment for all
   supported formats.

 * ssh-keygen(1): allow fingerprinting from standard input, e.g.
   "ssh-keygen -lf -"

 * ssh-keygen(1): allow fingerprinting multiple public keys in a
   file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319

 * sshd(8): support "none" as an argument for sshd_config
   Foreground and ChrootDirectory. Useful inside Match blocks to
   override a global default. bz#2486

 * ssh-keygen(1): support multiple certificates (one per line) and
   reading from standard input (using "-f -") for "ssh-keygen -L"

 * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching
   certificates instead of plain keys.

 * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
   hostname canonicalisation - treat them as already canonical and
   remove the trailing '.' before matching ssh_config.

Bugfixes
--------

 * sftp(1): existing destination directories should not terminate
   recursive uploads (regression in openssh 6.8) bz#2528

 * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
   replies to unexpected messages during key exchange. bz#2949

 * ssh(1): refuse attempts to set ConnectionAttempts=0, which does
   not make sense and would cause ssh to print an uninitialised stack
   variable. bz#2500

 * ssh(1): fix errors when attempting to connect to scoped IPv6
   addresses with hostname canonicalisation enabled.

 * sshd_config(5): list a couple more options usable in Match blocks.
   bz#2489

 * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block.

 * ssh(1): expand tilde characters in filenames passed to -i options
   before checking whether or not the identity file exists. Avoids
   confusion for cases where shell doesn't expand (e.g. "-i ~/file"
   vs. "-i~/file"). bz#2481

 * ssh(1): do not prepend "exec" to the shell command run by "Match
   exec" in a config file, which could cause some commands to fail
   in certain environments. bz#2471

 * ssh-keyscan(1): fix output for multiple hosts/addrs on one line
   when host hashing or a non standard port is in use bz#2479

 * sshd(8): skip "Could not chdir to home directory" message when
   ChrootDirectory is active. bz#2485

 * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.

 * sshd(8): avoid changing TunnelForwarding device flags if they are
   already what is needed; makes it possible to use tun/tap
   networking as non-root user if device permissions and interface
   flags are pre-established

 * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
   bz#2521

 * ssh(1): fix multiplexing master failure to notice client exit.

 * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present
   empty key IDs. bz#1773

 * sshd(8): avoid printf of NULL argument. bz#2535

 * ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521

 * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature
   support.

 * ssh(1), sshd(8): fix connections with peers that use the key
   exchange guess feature of the protocol. bz#2515

 * sshd(8): include remote port number in log messages. bz#2503

 * ssh(1): don't try to load SSHv1 private key when compiled without
   SSHv1 support. bz#2505

 * ssh-agent(1), ssh(1): fix incorrect error messages during key
   loading and signing errors. bz#2507

 * ssh-keygen(1): don't leave empty temporary files when performing
   known_hosts file edits when known_hosts doesn't exist.

 * sshd(8): correct packet format for tcpip-forward replies for
   requests that don't allocate a port bz#2509

 * ssh(1), sshd(8): fix possible hang on closed output. bz#2469

 * ssh(1): expand %i in ControlPath to UID. bz#2449

 * ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460

 * ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182

 * ssh(1): add a some debug output before DNS resolution; it's a
   place where ssh could previously silently stall in cases of
   unresponsive DNS servers. bz#2433

 * ssh(1): remove spurious newline in visual hostkey. bz#2686

 * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...

 * ssh(1): fix expansion of HostkeyAlgorithms=+...

Documentation
-------------

 * ssh_config(5), sshd_config(5): update default algorithm lists to
   match current reality. bz#2527

 * ssh(1): mention -Q key-plain and -Q key-cert query options.
   bz#2455

 * sshd_config(8): more clearly describe what AuthorizedKeysFile=none
   does.

 * ssh_config(5): better document ExitOnForwardFailure. bz#2444

 * sshd(5): mention internal DH-GEX fallback groups in manual.
   bz#2302

 * sshd_config(5): better description for MaxSessions option.
   bz#2531

Portability
-----------

 * ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/
   Solaris fine-grained privileges. Including a pre-auth privsep
   sandbox and several pledge() emulations. bz#2511

 * Renovate redhat/openssh.spec, removing deprecated options and
   syntax.

 * configure: allow --without-ssl-engine with --without-openssl

 * sshd(8): fix multiple authentication using S/Key. bz#2502

 * sshd(8): read back from libcrypto RAND_* before dropping
   privileges.  Avoids sandboxing violations with BoringSSL.

 * Fix name collision with system-provided glob(3) functions.
   bz#2463

 * Adapt Makefile to use ssh-keygen -A when generating host keys.
   bz#2459

 * configure: correct default value for --with-ssh1 bz#2457

 * configure: better detection of _res symbol bz#2259

 * support getrandom() syscall on Linux

Revision 1.8.4.1: download - view: text, markup, annotated - select for diffs
Thu Apr 30 06:07:30 2015 UTC (9 years, 7 months ago) by riz
Branches: netbsd-7
CVS tags: netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0
Diff to: previous 1.8: preferred, colored; next MAIN 1.9: preferred, colored
Changes since revision 1.8: +157 -96 lines
Pull up blacklistd(8), requested by christos in ticket #711:
crypto/external/bsd/openssh/dist/moduli-gen/Makefile up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1024 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.1536 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 up to 1.1.1.1
crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 up to 1.1.1.1
crypto/external/bsd/openssh/dist/bcrypt_pbkdf.c up to 1.2
crypto/external/bsd/openssh/dist/kexc25519.c    up to 1.3
crypto/external/bsd/openssh/dist/smult_curve25519_ref.c up to 1.3
crypto/external/bsd/openssh/dist/bitmap.c       up to 1.2 plus patch
crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 up to 1.1.1.1
crypto/external/bsd/openssh/dist/PROTOCOL.key   up to 1.1.1.1
crypto/external/bsd/openssh/dist/blf.h          up to 1.1
crypto/external/bsd/openssh/dist/blocks.c       up to 1.3
crypto/external/bsd/openssh/dist/blowfish.c     up to 1.2
crypto/external/bsd/openssh/dist/chacha.c       up to 1.3
crypto/external/bsd/openssh/dist/chacha.h       up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-aesctr.c up to 1.1.1.2
crypto/external/bsd/openssh/dist/cipher-aesctr.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/cipher-chachapoly.c up to 1.3
crypto/external/bsd/openssh/dist/cipher-chachapoly.h up to 1.1.1.1
crypto/external/bsd/openssh/dist/crypto_api.h   up to 1.1.1.1
crypto/external/bsd/openssh/dist/digest-libc.c  up to 1.3
crypto/external/bsd/openssh/dist/digest-openssl.c up to 1.3
crypto/external/bsd/openssh/dist/digest.h       up to 1.1.1.2
crypto/external/bsd/openssh/dist/ed25519.c      up to 1.3
crypto/external/bsd/openssh/dist/fe25519.c      up to 1.3
crypto/external/bsd/openssh/dist/fe25519.h      up to 1.1.1.1
crypto/external/bsd/openssh/dist/ge25519.c      up to 1.3
crypto/external/bsd/openssh/dist/ge25519.h      up to 1.1.1.2
crypto/external/bsd/openssh/dist/ge25519_base.data up to 1.1.1.1
crypto/external/bsd/openssh/dist/hash.c         up to 1.3
crypto/external/bsd/openssh/dist/hmac.c         up to 1.3
crypto/external/bsd/openssh/dist/hmac.h         up to 1.1.1.1
crypto/external/bsd/openssh/dist/kexc25519c.c   up to 1.3
crypto/external/bsd/openssh/dist/kexc25519s.c   up to 1.3
crypto/external/bsd/openssh/dist/poly1305.c     up to 1.3
crypto/external/bsd/openssh/dist/poly1305.h     up to 1.1.1.1
crypto/external/bsd/openssh/dist/rijndael.c     up to 1.1.1.2
crypto/external/bsd/openssh/dist/rijndael.h     up to 1.1.1.1
crypto/external/bsd/openssh/dist/sc25519.c      up to 1.3
crypto/external/bsd/openssh/dist/sc25519.h      up to 1.1.1.1
crypto/external/bsd/openssh/dist/ssh-ed25519.c  up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c up to 1.3
crypto/external/bsd/openssh/dist/sshbuf-misc.c  up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.c       up to 1.3
crypto/external/bsd/openssh/dist/sshbuf.h       up to 1.4
crypto/external/bsd/openssh/dist/ssherr.c       up to 1.3
crypto/external/bsd/openssh/dist/ssherr.h       up to 1.1.1.2
crypto/external/bsd/openssh/dist/sshkey.c       up to 1.3
crypto/external/bsd/openssh/dist/sshkey.h       up to 1.1.1.2
crypto/external/bsd/openssh/dist/verify.c       up to 1.3
crypto/external/bsd/openssh/dist/opacket.c      up to 1.2
crypto/external/bsd/openssh/dist/umac128.c      up to 1.1
crypto/external/bsd/openssh/dist/pfilter.c      up to 1.2
crypto/external/bsd/openssh/dist/pfilter.h      up to 1.1
crypto/external/bsd/openssh/dist/bitmap.h       up to 1.2
crypto/external/bsd/openssh/dist/opacket.h      up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.c      up to 1.2
crypto/external/bsd/openssh/dist/ssh_api.h      up to 1.2
crypto/external/bsd/openssh/dist/auth2-jpake.c  delete
crypto/external/bsd/openssh/dist/compress.c     delete
crypto/external/bsd/openssh/dist/compress.h     delete
crypto/external/bsd/openssh/dist/jpake.c        delete
crypto/external/bsd/openssh/dist/jpake.h        delete
crypto/external/bsd/openssh/dist/schnorr.c      delete
crypto/external/bsd/openssh/dist/schnorr.h      delete
crypto/external/bsd/openssh/dist/strtonum.c     1.1
crypto/external/bsd/openssh/Makefile.inc        up to 1.8
crypto/external/bsd/openssh/bin/Makefile.inc    up to 1.3
crypto/external/bsd/openssh/bin/ssh-keyscan/Makefile up to 1.2
crypto/external/bsd/openssh/bin/sshd/Makefile   up to 1.12
crypto/external/bsd/openssh/dist/PROTOCOL       up to 1.5
crypto/external/bsd/openssh/dist/PROTOCOL.krl   up to 1.1.1.2
crypto/external/bsd/openssh/dist/addrmatch.c    up to 1.8
crypto/external/bsd/openssh/dist/atomicio.c     up to 1.6
crypto/external/bsd/openssh/dist/auth-bsdauth.c up to 1.4
crypto/external/bsd/openssh/dist/auth-chall.c   up to 1.6
crypto/external/bsd/openssh/dist/auth-krb5.c    up to 1.7
crypto/external/bsd/openssh/dist/auth-options.c up to 1.9
crypto/external/bsd/openssh/dist/auth-options.h up to 1.6
crypto/external/bsd/openssh/dist/auth-passwd.c  up to 1.4
crypto/external/bsd/openssh/dist/auth-rh-rsa.c  up to 1.6
crypto/external/bsd/openssh/dist/auth-rhosts.c  up to 1.5
crypto/external/bsd/openssh/dist/auth-rsa.c     up to 1.10
crypto/external/bsd/openssh/dist/auth.c         up to 1.12
crypto/external/bsd/openssh/dist/auth.h         up to 1.10
crypto/external/bsd/openssh/dist/auth1.c        up to 1.11
crypto/external/bsd/openssh/dist/auth2-chall.c  up to 1.7
crypto/external/bsd/openssh/dist/auth2-gss.c    up to 1.8
crypto/external/bsd/openssh/dist/auth2-hostbased.c up to 1.7
crypto/external/bsd/openssh/dist/auth2-kbdint.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-krb5.c   up to 1.4
crypto/external/bsd/openssh/dist/auth2-none.c   up to 1.5
crypto/external/bsd/openssh/dist/auth2-passwd.c up to 1.5
crypto/external/bsd/openssh/dist/auth2-pubkey.c up to 1.11
crypto/external/bsd/openssh/dist/auth2.c        up to 1.11
crypto/external/bsd/openssh/dist/authfd.c       up to 1.8
crypto/external/bsd/openssh/dist/authfd.h       up to 1.5
crypto/external/bsd/openssh/dist/authfile.c     up to 1.10
crypto/external/bsd/openssh/dist/authfile.h     up to 1.6
crypto/external/bsd/openssh/dist/bufaux.c       up to 1.7
crypto/external/bsd/openssh/dist/bufbn.c        up to 1.5
crypto/external/bsd/openssh/dist/bufec.c        up to 1.5
crypto/external/bsd/openssh/dist/buffer.c       up to 1.6
crypto/external/bsd/openssh/dist/buffer.h       up to 1.7
crypto/external/bsd/openssh/dist/canohost.c     up to 1.8
crypto/external/bsd/openssh/dist/channels.c     up to 1.13
crypto/external/bsd/openssh/dist/channels.h     up to 1.10
crypto/external/bsd/openssh/dist/cipher-3des1.c up to 1.7
crypto/external/bsd/openssh/dist/cipher-bf1.c   up to 1.6
crypto/external/bsd/openssh/dist/cipher.c       up to 1.7
crypto/external/bsd/openssh/dist/cipher.h       up to 1.7
crypto/external/bsd/openssh/dist/clientloop.c   up to 1.13
crypto/external/bsd/openssh/dist/compat.c       up to 1.9
crypto/external/bsd/openssh/dist/compat.h       up to 1.6
crypto/external/bsd/openssh/dist/deattack.c     up to 1.4
crypto/external/bsd/openssh/dist/deattack.h     up to 1.4
crypto/external/bsd/openssh/dist/dh.c           up to 1.8
crypto/external/bsd/openssh/dist/dh.h           up to 1.4
crypto/external/bsd/openssh/dist/dispatch.c     up to 1.5
crypto/external/bsd/openssh/dist/dispatch.h     up to 1.4
crypto/external/bsd/openssh/dist/dns.c          up to 1.11
crypto/external/bsd/openssh/dist/dns.h          up to 1.6
crypto/external/bsd/openssh/dist/groupaccess.c  up to 1.5
crypto/external/bsd/openssh/dist/gss-genr.c     up to 1.7
crypto/external/bsd/openssh/dist/gss-serv-krb5.c up to 1.8
crypto/external/bsd/openssh/dist/gss-serv.c     up to 1.7
crypto/external/bsd/openssh/dist/hostfile.c     up to 1.7
crypto/external/bsd/openssh/dist/hostfile.h     up to 1.7
crypto/external/bsd/openssh/dist/includes.h     up to 1.4
crypto/external/bsd/openssh/dist/kex.c          up to 1.10
crypto/external/bsd/openssh/dist/kex.h          up to 1.9
crypto/external/bsd/openssh/dist/kexdh.c        up to 1.4
crypto/external/bsd/openssh/dist/kexdhc.c       up to 1.6
crypto/external/bsd/openssh/dist/kexdhs.c       up to 1.8
crypto/external/bsd/openssh/dist/kexecdh.c      up to 1.5
crypto/external/bsd/openssh/dist/kexecdhc.c     up to 1.5
crypto/external/bsd/openssh/dist/kexecdhs.c     up to 1.5
crypto/external/bsd/openssh/dist/kexgex.c       up to 1.4
crypto/external/bsd/openssh/dist/kexgexc.c      up to 1.6
crypto/external/bsd/openssh/dist/kexgexs.c      up to 1.8
crypto/external/bsd/openssh/dist/key.c          up to 1.16
crypto/external/bsd/openssh/dist/key.h          up to 1.9
crypto/external/bsd/openssh/dist/krl.c          up to 1.5
crypto/external/bsd/openssh/dist/krl.h          up to 1.1.1.2
crypto/external/bsd/openssh/dist/mac.c          up to 1.11
crypto/external/bsd/openssh/dist/mac.h          up to 1.5
crypto/external/bsd/openssh/dist/match.c        up to 1.5
crypto/external/bsd/openssh/dist/misc.c         up to 1.10
crypto/external/bsd/openssh/dist/misc.h         up to 1.9 plus patch
crypto/external/bsd/openssh/dist/moduli.c       up to 1.8
crypto/external/bsd/openssh/dist/monitor.c      up to 1.14
crypto/external/bsd/openssh/dist/monitor.h      up to 1.7
crypto/external/bsd/openssh/dist/monitor_fdpass.c up to 1.5
crypto/external/bsd/openssh/dist/monitor_mm.c   up to 1.6
crypto/external/bsd/openssh/dist/monitor_mm.h   up to 1.4
crypto/external/bsd/openssh/dist/monitor_wrap.c up to 1.11
crypto/external/bsd/openssh/dist/monitor_wrap.h up to 1.8
crypto/external/bsd/openssh/dist/msg.c          up to 1.4
crypto/external/bsd/openssh/dist/msg.h          up to 1.4
crypto/external/bsd/openssh/dist/mux.c          up to 1.11
crypto/external/bsd/openssh/dist/myproposal.h   up to 1.10
crypto/external/bsd/openssh/dist/namespace.h    up to 1.5
crypto/external/bsd/openssh/dist/packet.c       up to 1.18
crypto/external/bsd/openssh/dist/packet.h       up to 1.11
crypto/external/bsd/openssh/dist/pathnames.h    up to 1.9
crypto/external/bsd/openssh/dist/pkcs11.h       up to 1.4
crypto/external/bsd/openssh/dist/progressmeter.c up to 1.7
crypto/external/bsd/openssh/dist/progressmeter.h up to 1.4
crypto/external/bsd/openssh/dist/reallocarray.c new
crypto/external/bsd/openssh/dist/readconf.c     up to 1.13
crypto/external/bsd/openssh/dist/readconf.h     up to 1.12
crypto/external/bsd/openssh/dist/readpass.c     up to 1.6
crypto/external/bsd/openssh/dist/roaming_client.c up to 1.7
crypto/external/bsd/openssh/dist/roaming_common.c up to 1.9
crypto/external/bsd/openssh/dist/roaming_dummy.c up to 1.4
crypto/external/bsd/openssh/dist/rsa.c          up to 1.5
crypto/external/bsd/openssh/dist/rsa.h          up to 1.4
crypto/external/bsd/openssh/dist/sandbox-systrace.c up to 1.1.1.5
crypto/external/bsd/openssh/dist/scp.1          up to 1.9
crypto/external/bsd/openssh/dist/scp.c          up to 1.11
crypto/external/bsd/openssh/dist/servconf.c     up to 1.17
crypto/external/bsd/openssh/dist/servconf.h     up to 1.11
crypto/external/bsd/openssh/dist/serverloop.c   up to 1.12
crypto/external/bsd/openssh/dist/session.c      up to 1.14
crypto/external/bsd/openssh/dist/session.h      up to 1.4
crypto/external/bsd/openssh/dist/sftp-client.c  up to 1.13
crypto/external/bsd/openssh/dist/sftp-client.h  up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.c  up to 1.7
crypto/external/bsd/openssh/dist/sftp-common.h  up to 1.5
crypto/external/bsd/openssh/dist/sftp-glob.c    up to 1.8
crypto/external/bsd/openssh/dist/sftp-server.8  up to 1.9
crypto/external/bsd/openssh/dist/sftp-server.c  up to 1.11
crypto/external/bsd/openssh/dist/sftp.1         up to 1.11
crypto/external/bsd/openssh/dist/sftp.c         up to 1.15
crypto/external/bsd/openssh/dist/ssh-add.1      up to 1.9
crypto/external/bsd/openssh/dist/ssh-add.c      up to 1.10
crypto/external/bsd/openssh/dist/ssh-agent.1    up to 1.8
crypto/external/bsd/openssh/dist/ssh-agent.c    up to 1.14
crypto/external/bsd/openssh/dist/ssh-dss.c      up to 1.7
crypto/external/bsd/openssh/dist/ssh-ecdsa.c    up to 1.6
crypto/external/bsd/openssh/dist/ssh-gss.h      up to 1.5
crypto/external/bsd/openssh/dist/ssh-keygen.1   up to 1.13
crypto/external/bsd/openssh/dist/ssh-keygen.c   up to 1.16
crypto/external/bsd/openssh/dist/ssh-keyscan.1  up to 1.10
crypto/external/bsd/openssh/dist/ssh-keyscan.c  up to 1.13
crypto/external/bsd/openssh/dist/ssh-keysign.8  up to 1.9
crypto/external/bsd/openssh/dist/ssh-keysign.c  up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c up to 1.6
crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c up to 1.8
crypto/external/bsd/openssh/dist/ssh-pkcs11.c   up to 1.7
crypto/external/bsd/openssh/dist/ssh-pkcs11.h   up to 1.4
crypto/external/bsd/openssh/dist/ssh-rsa.c      up to 1.7
crypto/external/bsd/openssh/dist/ssh.1          up to 1.14
crypto/external/bsd/openssh/dist/ssh.c          up to 1.16
crypto/external/bsd/openssh/dist/ssh2.h         up to 1.6
crypto/external/bsd/openssh/dist/ssh_config     up to 1.8
crypto/external/bsd/openssh/dist/ssh_config.5   up to 1.13
crypto/external/bsd/openssh/dist/sshconnect.c   up to 1.11
crypto/external/bsd/openssh/dist/sshconnect.h   up to 1.6
crypto/external/bsd/openssh/dist/sshconnect1.c  up to 1.6
crypto/external/bsd/openssh/dist/sshconnect2.c  up to 1.19
crypto/external/bsd/openssh/dist/sshd.8         up to 1.13
crypto/external/bsd/openssh/dist/sshd.c         up to 1.18
crypto/external/bsd/openssh/dist/sshd_config    up to 1.13
crypto/external/bsd/openssh/dist/sshd_config.5  up to 1.17
crypto/external/bsd/openssh/dist/sshlogin.c     up to 1.6
crypto/external/bsd/openssh/dist/sshpty.c       up to 1.4
crypto/external/bsd/openssh/dist/uidswap.c      up to 1.4
crypto/external/bsd/openssh/dist/umac.c         up to 1.9
crypto/external/bsd/openssh/dist/version.h      up to 1.14
crypto/external/bsd/openssh/dist/xmalloc.c      up to 1.5
crypto/external/bsd/openssh/lib/Makefile        up to 1.17 plus patch
crypto/external/bsd/openssh/lib/shlib_version   up to 1.13
distrib/sets/lists/base/ad.aarch64		patch
distrib/sets/lists/base/ad.arm			patch
distrib/sets/lists/base/ad.mips			patch
distrib/sets/lists/base/ad.powerpc		patch
distrib/sets/lists/base/md.amd64		patch
distrib/sets/lists/base/md.sparc64		patch
distrib/sets/lists/base/mi			patch
distrib/sets/lists/base/shl.mi			patch
distrib/sets/lists/comp/ad.aarch64		patch
distrib/sets/lists/comp/ad.arm			patch
distrib/sets/lists/comp/ad.mips			patch
distrib/sets/lists/comp/ad.powerpc		patch
distrib/sets/lists/comp/md.amd64		patch
distrib/sets/lists/comp/md.sparc64		patch
distrib/sets/lists/comp/mi			patch
distrib/sets/lists/comp/shl.mi			patch
distrib/sets/lists/debug/ad.aarch64		patch
distrib/sets/lists/debug/ad.arm			patch
distrib/sets/lists/debug/ad.mips		patch
distrib/sets/lists/debug/ad.powerpc		patch
distrib/sets/lists/debug/md.amd64		patch
distrib/sets/lists/debug/md.sparc64		patch
distrib/sets/lists/debug/shl.mi			patch
distrib/sets/lists/etc/mi			patch
distrib/sets/lists/man/mi			patch
etc/defaults/rc.conf				1.130
etc/mtree/NetBSD.dist.base			1.142
external/bsd/Makefile                           up to 1.48
external/bsd/blacklist/bin/Makefile             up to 1.11 plus patch
external/bsd/blacklist/bin/blacklistctl.8       up to 1.6
external/bsd/blacklist/bin/blacklistctl.c       up to 1.17
external/bsd/blacklist/bin/blacklistd.8         up to 1.10
external/bsd/blacklist/bin/blacklistd.c         up to 1.32
external/bsd/blacklist/bin/blacklistd.conf.5    up to 1.2
external/bsd/blacklist/bin/conf.c               up to 1.18
external/bsd/blacklist/bin/conf.h               up to 1.6
external/bsd/blacklist/bin/internal.c           up to 1.5
external/bsd/blacklist/bin/internal.h           up to 1.12
external/bsd/blacklist/bin/run.c                up to 1.12
external/bsd/blacklist/bin/run.h                up to 1.5
external/bsd/blacklist/bin/state.c              up to 1.15
external/bsd/blacklist/bin/state.h              up to 1.5
external/bsd/blacklist/bin/support.c            up to 1.6
external/bsd/blacklist/bin/support.h            up to 1.5
external/bsd/blacklist/etc/rc.d/Makefile        up to 1.1
external/bsd/blacklist/etc/rc.d/blacklistd      up to 1.1
external/bsd/blacklist/etc/Makefile             up to 1.3
external/bsd/blacklist/etc/blacklistd.conf      up to 1.3
external/bsd/blacklist/etc/npf.conf             up to 1.1
external/bsd/blacklist/Makefile                 up to 1.2
external/bsd/blacklist/Makefile.inc             up to 1.3
external/bsd/blacklist/README                   up to 1.7
external/bsd/blacklist/TODO                     up to 1.7
external/bsd/blacklist/diff/ftpd.diff           up to 1.1
external/bsd/blacklist/diff/named.diff          up to 1.6
external/bsd/blacklist/diff/ssh.diff            up to 1.6
external/bsd/blacklist/include/Makefile         up to 1.1
external/bsd/blacklist/include/bl.h             up to 1.12
external/bsd/blacklist/include/blacklist.h      up to 1.3
external/bsd/blacklist/include/config.h		new
external/bsd/blacklist/lib/Makefile             up to 1.3
external/bsd/blacklist/lib/bl.c                 up to 1.24
external/bsd/blacklist/lib/blacklist.c          up to 1.5
external/bsd/blacklist/lib/libblacklist.3       up to 1.3
external/bsd/blacklist/lib/shlib_version        up to 1.1
external/bsd/blacklist/libexec/Makefile         up to 1.1
external/bsd/blacklist/libexec/blacklistd-helper up to 1.4
external/bsd/blacklist/port/m4/.cvsignore       up to 1.1
external/bsd/blacklist/port/Makefile.am         up to 1.4
external/bsd/blacklist/port/_strtoi.h           up to 1.1
external/bsd/blacklist/port/clock_gettime.c     up to 1.2
external/bsd/blacklist/port/configure.ac        up to 1.7
external/bsd/blacklist/port/fgetln.c            up to 1.1
external/bsd/blacklist/port/fparseln.c          up to 1.1
external/bsd/blacklist/port/getprogname.c       up to 1.4
external/bsd/blacklist/port/pidfile.c           up to 1.1
external/bsd/blacklist/port/popenve.c           up to 1.2
external/bsd/blacklist/port/port.h              up to 1.6
external/bsd/blacklist/port/sockaddr_snprintf.c up to 1.9
external/bsd/blacklist/port/strlcat.c           up to 1.2
external/bsd/blacklist/port/strlcpy.c           up to 1.2
external/bsd/blacklist/port/strtoi.c            up to 1.3
external/bsd/blacklist/test/Makefile            up to 1.2
external/bsd/blacklist/test/cltest.c            up to 1.6
external/bsd/blacklist/test/srvtest.c           up to 1.9
lib/libpam/modules/pam_ssh/pam_ssh.c            up to 1.23
libexec/ftpd/pfilter.c                          up to 1.1
libexec/ftpd/pfilter.h                          up to 1.1
libexec/ftpd/Makefile                           up to 1.64
libexec/ftpd/ftpd.c                             up to 1.201

	Add blacklistd(8), a daemon to block and release network ports
	on demand to mitigate abuse, and related changes to system daemons
	to support it.
	[christos, ticket #711]

Revision 1.11: download - view: text, markup, annotated - select for diffs
Sat Apr 11 21:14:31 2015 UTC (9 years, 8 months ago) by joerg
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +2 -2 lines
Use __dead.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Fri Apr 3 23:58:19 2015 UTC (9 years, 8 months ago) by christos
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +156 -96 lines
Merge conflicts

Revision 1.1.1.8 (vendor branch): download - view: text, markup, annotated - select for diffs
Fri Apr 3 23:49:24 2015 UTC (9 years, 8 months ago) by christos
Branches: OPENSSH
CVS tags: v71-20150821, v70-20150812, v69-20150630, v68-20150318
Diff to: previous 1.1.1.7: preferred, colored
Changes since revision 1.1.1.7: +153 -94 lines
Changes since OpenSSH 6.7
=========================

This is a major release, containing a number of new features as
well as a large internal re-factoring.

Potentially-incompatible changes
--------------------------------

 * sshd(8): UseDNS now defaults to 'no'. Configurations that match
   against the client host name (via sshd_config or authorized_keys)
   may need to re-enable it or convert to matching against addresses.

New Features
------------

 * Much of OpenSSH's internal code has been re-factored to be more
   library-like. These changes are mostly not user-visible, but
   have greatly improved OpenSSH's testability and internal layout.

 * Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
   command-line flags to the other tools to control algorithm used
   for key fingerprints. The default changes from MD5 to SHA256 and
   format from hex to base64.

   Fingerprints now have the hash algorithm prepended. An example of
   the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
   Please note that visual host keys will also be different.

 * ssh(1), sshd(8): Experimental host key rotation support. Add a
   protocol extension for a server to inform a client of all its
   available host keys after authentication has completed. The client
   may record the keys in known_hosts, allowing it to upgrade to better
   host key algorithms and a server to gracefully rotate its keys.

   The client side of this is controlled by a UpdateHostkeys config
   option (default off).

 * ssh(1): Add a ssh_config HostbasedKeyType option to control which
   host public key types are tried during host-based authentication.

 * ssh(1), sshd(8): fix connection-killing host key mismatch errors
   when sshd offers multiple ECDSA keys of different lengths.

 * ssh(1): when host name canonicalisation is enabled, try to
   parse host names as addresses before looking them up for
   canonicalisation. fixes bz#2074 and avoiding needless DNS
   lookups in some cases.

 * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer
   require OpenSSH to be compiled with OpenSSL support.

 * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
   authentication.

 * sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
   Bleichenbacher Side Channel Attack. Fake up a bignum key before
   RSA decryption.

 * sshd(8): Remember which public keys have been used for
   authentication and refuse to accept previously-used keys.
   This allows AuthenticationMethods=publickey,publickey to require
   that users authenticate using two _different_ public keys.

 * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
   PubkeyAcceptedKeyTypes options to allow sshd to control what
   public key types will be accepted. Currently defaults to all.

 * sshd(8): Don't count partial authentication success as a failure
   against MaxAuthTries.

 * ssh(1): Add RevokedHostKeys option for the client to allow
   text-file or KRL-based revocation of host keys.

 * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by
   serial number or key ID without scoping to a particular CA.

 * ssh(1): Add a "Match canonical" criteria that allows ssh_config
   Match blocks to trigger only in the second config pass.

 * ssh(1): Add a -G option to ssh that causes it to parse its
   configuration and dump the result to stdout, similar to "sshd -T".

 * ssh(1): Allow Match criteria to be negated. E.g. "Match !host".

 * The regression test suite has been extended to cover more OpenSSH
   features. The unit tests have been expanded and now cover key
   exchange.

Bugfixes

 * ssh-keyscan(1): ssh-keyscan has been made much more robust again
   servers that hang or violate the SSH protocol.

 * ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
   being lost as comment fields.

 * ssh(1): Allow ssh_config Port options set in the second config
   parse phase to be applied (they were being ignored). bz#2286

 * ssh(1): Tweak config re-parsing with host canonicalisation - make
   the second pass through the config files always run when host name
   canonicalisation is enabled (and not whenever the host name
   changes) bz#2267

 * ssh(1): Fix passing of wildcard forward bind addresses when
   connection multiplexing is in use; bz#2324;

 * ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
   formats; bz#2345.

 * ssh-keygen(1): Fix KRL generation bug when multiple CAs are in
   use.

 * Various fixes to manual pages: bz#2288, bz#2316, bz#2273

Portable OpenSSH

 * Support --without-openssl at configure time

   Disables and removes dependency on OpenSSL. Many features,
   including SSH protocol 1 are not supported and the set of crypto
   options is greatly restricted. This will only work on systems
   with native arc4random or /dev/urandom.

   Considered highly experimental for now.

 * Support --without-ssh1 option at configure time

   Allows disabling support for SSH protocol 1.

 * sshd(8): Fix compilation on systems with IPv6 support in utmpx; bz#2296

 * Allow custom service name for sshd on Cygwin. Permits the use of
   multiple sshd running with different service names.

Checksums:
==========

 - SHA1 (openssh-6.8.tar.gz) = 99903c6ca76e0a2c044711017f81127e12459d37
 - SHA256 (openssh-6.8.tar.gz) = N1uzVarFbrm2CzAwuDu3sRoszmqpK+5phAChP/QNyuw=

 - SHA1 (openssh-6.8p1.tar.gz) = cdbc51e46a902b30d263b05fdc71340920e91c92
 - SHA256 (openssh-6.8p1.tar.gz) = P/ZM5z7hJEgLW/dnuYMNfTwDu8tqvnFrePAZLDfOFg4=

Please note that the PGP key used to sign releases was recently rotated.
The new key has been signed by the old key to provide continuity. It is
available from the mirror sites as RELEASE_KEY.asc.

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Oct 19 16:30:58 2014 UTC (10 years, 1 month ago) by christos
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +3 -2 lines
merge openssh-6.7

Revision 1.1.1.7 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Oct 19 16:28:36 2014 UTC (10 years, 1 month ago) by christos
Branches: OPENSSH
CVS tags: v67-20141018
Diff to: previous 1.1.1.6: preferred, colored
Changes since revision 1.1.1.6: +3 -2 lines
Changes since OpenSSH 6.6
=========================

Potentially-incompatible changes

 * sshd(8): The default set of ciphers and MACs has been altered to
   remove unsafe algorithms. In particular, CBC ciphers and arcfour*
   are disabled by default.

   The full set of algorithms remains available if configured
   explicitly via the Ciphers and MACs sshd_config options.

 * sshd(8): Support for tcpwrappers/libwrap has been removed.

 * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
   using the curve25519-sha256@libssh.org KEX exchange method to fail
   when connecting with something that implements the specification
   correctly. OpenSSH 6.7 disables this KEX method when speaking to
   one of the affected versions.

New Features

 * Major internal refactoring to begin to make part of OpenSSH usable
   as a library. So far the wire parsing, key handling and KRL code
   has been refactored. Please note that we do not consider the API
   stable yet, nor do we offer the library in separable form.

 * ssh(1), sshd(8): Add support for Unix domain socket forwarding.
   A remote TCP port may be forwarded to a local Unix domain socket
   and vice versa or both ends may be a Unix domain socket.

 * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
   ED25519 key types.

 * sftp(1): Allow resumption of interrupted uploads.

 * ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it
   is the same as the one sent during initial key exchange; bz#2154

 * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind
   addresses when GatewayPorts=no; allows client to choose address
   family; bz#2222

 * sshd(8): Add a sshd_config PermitUserRC option to control whether
   ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys
   option; bz#2160

 * ssh(1): Add a %C escape sequence for LocalCommand and ControlPath
   that expands to a unique identifer based on a hash of the tuple of
   (local host, remote user, hostname, port). Helps avoid exceeding
   miserly pathname limits for Unix domain sockets in multiplexing
   control paths; bz#2220

 * sshd(8): Make the "Too many authentication failures" message
   include the user, source address, port and protocol in a format
   similar to the authentication success / failure messages; bz#2199

 * Added unit and fuzz tests for refactored code. These are run
   automatically in portable OpenSSH via the "make tests" target.

Bugfixes

 * sshd(8): Fix remote forwarding with the same listen port but
   different listen address.

 * ssh(1): Fix inverted test that caused PKCS#11 keys that were
   explicitly listed in ssh_config or on the commandline not to be
   preferred.

 * ssh-keygen(1): Fix bug in KRL generation: multiple consecutive
   revoked certificate serial number ranges could be serialised to an
   invalid format. Readers of a broken KRL caused by this bug will
   fail closed, so no should-have-been-revoked key will be accepted.

 * ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in
   exit status. Previously we were always returning 0; bz#2255

 * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the
   randomart border; bz#2247

 * ssh-agent(1): Only cleanup agent socket in the main agent process
   and not in any subprocesses it may have started (e.g. forked
   askpass). Fixes agent sockets being zapped when askpass processes
   fatal(); bz#2236

 * ssh-add(1): Make stdout line-buffered; saves partial output getting
   lost when ssh-add fatal()s part-way through (e.g. when listing keys
   from an agent that supports key types that ssh-add doesn't);
   bz#2234

 * ssh-keygen(1): When hashing or removing hosts, don't choke on
   @revoked markers and don't remove @cert-authority markers; bz#2241

 * ssh(1): Don't fatal when hostname canonicalisation fails and a
   ProxyCommand is in use; continue and allow the ProxyCommand to
   connect anyway (e.g. to a host with a name outside the DNS behind
   a bastion)

 * scp(1): When copying local->remote fails during read, don't send
   uninitialised heap to the remote end.

 * sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing
   filenames with  a single quote char somewhere in the string;
   bz#2238

 * ssh-keyscan(1): Scan for Ed25519 keys by default.

 * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-
   convert any certificate keys to plain keys and attempt SSHFP
   resolution.  Prevents a server from skipping SSHFP lookup and
   forcing a new-hostkey dialog by offering only certificate keys.

 * sshd(8): Avoid crash at exit via NULL pointer reference; bz#2225

 * Fix some strict-alignment errors.

Portable OpenSSH

 * Portable OpenSSH now supports building against libressl-portable.

 * Portable OpenSSH now requires openssl 0.9.8f or greater. Older
   versions are no longer supported.

 * In the OpenSSL version check, allow fix version upgrades (but not
   downgrades. Debian bug #748150.

 * sshd(8): On Cygwin, determine privilege separation user at runtime,
   since it may need to be a domain account.

 * sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for
   non-root users, and for them it just messes up the tty settings.

 * Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is
   available. It considers time spent suspended, thereby ensuring
   timeouts (e.g. for expiring agent keys) fire correctly.  bz#2228

 * Add support for ed25519 to opensshd.init init script.

 * sftp-server(8): On platforms that support it, use prctl() to
   prevent sftp-server from accessing /proc/self/{mem,maps}

Changes since OpenSSH 6.5
=========================

This is primarily a bugfix release.

Security:

 * sshd(8): when using environment passing with a sshd_config(5)
   AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could be
   tricked into accepting any enviornment variable that contains the
   characters before the wildcard character.

New / changed features:

 * ssh(1), sshd(8): this release removes the J-PAKE authentication code.
   This code was experimental, never enabled and had been unmaintained
   for some time.

 * ssh(1): when processing Match blocks, skip 'exec' clauses other clauses
   predicates failed to match.

 * ssh(1): if hostname canonicalisation is enabled and results in the
   destination hostname being changed, then re-parse ssh_config(5) files
   using the new destination hostname. This gives 'Host' and 'Match'
   directives that use the expanded hostname a chance to be applied.

Bugfixes:

 * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in
   ssh -W. bz#2200, debian#738692

 * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace
   sandbox modes, as it is reachable if the connection is terminated
   during the pre-auth phase.

 * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum
   parsing. Minimum key length checks render this bug unexploitable to
   compromise SSH 1 sessions.

 * sshd_config(5): clarify behaviour of a keyword that appears in
   multiple matching Match blocks. bz#2184

 * ssh(1): avoid unnecessary hostname lookups when canonicalisation is
   disabled. bz#2205

 * sshd(8): avoid sandbox violation crashes in GSSAPI code by caching
   the supported list of GSSAPI mechanism OIDs before entering the
   sandbox. bz#2107

 * ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption
   that the SOCKS username is nul-terminated.

 * ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is
   not specified.

 * ssh(1), sshd(8): fix memory leak in ECDSA signature verification.

 * ssh(1): fix matching of 'Host' directives in ssh_config(5) files
   to be case-insensitive again (regression in 6.5).

Portable OpenSSH:

 * sshd(8): don't fatal if the FreeBSD Capsicum is offered by the
   system headers and libc but is not supported by the kernel.
 * Fix build using the HP-UX compiler.

Changes since OpenSSH 6.4
=========================

This is a feature-focused release.

New features:

 * ssh(1), sshd(8): Add support for key exchange using elliptic-curve
   Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange
   method is the default when both the client and server support it.

 * ssh(1), sshd(8): Add support for Ed25519 as a public key type.
   Ed25519 is a elliptic curve signature scheme that offers
   better security than ECDSA and DSA and good performance. It may be
   used for both user and host keys.

 * Add a new private key format that uses a bcrypt KDF to better
   protect keys at rest. This format is used unconditionally for
   Ed25519 keys, but may be requested when generating or saving
   existing keys of other types via the -o ssh-keygen(1) option.
   We intend to make the new format the default in the near future.
   Details of the new format are in the PROTOCOL.key file.

 * ssh(1), sshd(8): Add a new transport cipher
   "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's
   ChaCha20 stream cipher and Poly1305 MAC to build an authenticated
   encryption mode. Details are in the PROTOCOL.chacha20poly1305 file.

 * ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and
   servers that use the obsolete RSA+MD5 signature scheme. It will
   still be possible to connect with these clients/servers but only
   DSA keys will be accepted, and OpenSSH will refuse connection
   entirely in a future release.

 * ssh(1), sshd(8): Refuse old proprietary clients and servers that
   use a weaker key exchange hash calculation.

 * ssh(1): Increase the size of the Diffie-Hellman groups requested
   for each symmetric key size. New values from NIST Special
   Publication 800-57 with the upper limit specified by RFC4419.

 * ssh(1), ssh-agent(1): Support PKCS#11 tokens that only provide
   X.509 certs instead of raw public keys (requested as bz#1908).

 * ssh(1): Add a ssh_config(5) "Match" keyword that allows
   conditional configuration to be applied by matching on hostname,
   user and result of arbitrary commands.

 * ssh(1): Add support for client-side hostname canonicalisation
   using a set of DNS suffixes and rules in ssh_config(5). This
   allows unqualified names to be canonicalised to fully-qualified
   domain names to eliminate ambiguity when looking up keys in
   known_hosts or checking host certificate names.

 * sftp-server(8): Add the ability to whitelist and/or blacklist sftp
   protocol requests by name.

 * sftp-server(8): Add a sftp "fsync@openssh.com" to support calling
   fsync(2) on an open file handle.

 * sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation,
   mirroring the longstanding no-pty authorized_keys option.

 * ssh(1): Add a ssh_config ProxyUseFDPass option that supports the
   use of ProxyCommands that establish a connection and then pass a
   connected file descriptor back to ssh(1). This allows the
   ProxyCommand to exit rather than staying around to transfer data.

Bugfixes:

 * ssh(1), sshd(8): Fix potential stack exhaustion caused by nested
   certificates.

 * ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.

 * sftp(1): bz#2137: fix the progress meter for resumed transfer.

 * ssh-add(1): bz#2187: do not request smartcard PIN when removing
   keys from ssh-agent.

 * sshd(8): bz#2139: fix re-exec fallback when original sshd binary
   cannot be executed.

 * ssh-keygen(1): Make relative-specified certificate expiry times
   relative to current time and not the validity start time.

 * sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block.

 * sftp(1): bz#2129: symlinking a file would incorrectly canonicalise
   the target path.

 * ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent
   helper executable.

 * sshd(8): Improve logging of sessions to include the user name,
   remote host and port, the session type (shell, command, etc.) and
   allocated TTY (if any).

 * sshd(8): bz#1297: tell the client (via a debug message) when
   their preferred listen address has been overridden by the
   server's GatewayPorts setting.

 * sshd(8): bz#2162: include report port in bad protocol banner
   message.

 * sftp(1): bz#2163: fix memory leak in error path in do_readdir().

 * sftp(1): bz#2171: don't leak file descriptor on error.

 * sshd(8): Include the local address and port in "Connection from
   ..." message (only shown at loglevel>=verbose).

Portable OpenSSH:

 * Please note that this is the last version of Portable OpenSSH that
   will support versions of OpenSSL prior to 0.9.6. Support (i.e.
   SSH_OLD_EVP) will be removed following the 6.5p1 release.

 * Portable OpenSSH will attempt compile and link as a Position
   Independent Executable on Linux, OS X and OpenBSD on recent gcc-
   like compilers. Other platforms and older/other compilers may
   request this using the --with-pie configure flag.

 * A number of other toolchain-related hardening options are used
   automatically if available, including -ftrapv to abort on signed
   integer overflow and options to write-protect dynamic linking
   information.  The use of these options may be disabled using the
   --without-hardening configure flag.

 * If the toolchain supports it, one of the -fstack-protector-strong,
   -fstack-protector-all or -fstack-protector compilation flag are
   used to add guards to mitigate attacks based on stack overflows.
   The use of these options may be disabled using the
   --without-stackprotect configure option.

 * sshd(8): Add support for pre-authentication sandboxing using the
   Capsicum API introduced in FreeBSD 10.

 * Switch to a ChaCha20-based arc4random() PRNG for platforms that do
   not provide their own.

 * sshd(8): bz#2156: restore Linux oom_adj setting when handling
   SIGHUP to maintain behaviour over retart.

 * sshd(8): bz#2032: use local username in krb5_kuserok check rather
   than full client name which may be of form user@REALM.

 * ssh(1), sshd(8): Test for both the presence of ECC NID numbers in
   OpenSSL and that they actually work. Fedora (at least) has
   NID_secp521r1 that doesn't work.

 * bz#2173: use pkg-config --libs to include correct -L location for
   libedit.

Revision 1.7.2.1: download - view: text, markup, annotated - select for diffs
Tue Aug 19 23:45:25 2014 UTC (10 years, 3 months ago) by tls
Branches: tls-maxphys
Diff to: previous 1.7: preferred, colored; next MAIN 1.8: preferred, colored
Changes since revision 1.7: +5 -4 lines
Rebase to HEAD as of a few days ago.

Revision 1.6.2.2: download - view: text, markup, annotated - select for diffs
Thu May 22 13:21:35 2014 UTC (10 years, 6 months ago) by yamt
Branches: yamt-pagecache
Diff to: previous 1.6.2.1: preferred, colored; branchpoint 1.6: preferred, colored; next MAIN 1.7: preferred, colored
Changes since revision 1.6.2.1: +4 -3 lines
sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

Revision 1.8: download - view: text, markup, annotated - select for diffs
Fri Nov 8 19:18:25 2013 UTC (11 years, 1 month ago) by christos
Branches: MAIN
CVS tags: yamt-pagecache-base9, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, netbsd-7-base
Branch point for: netbsd-7
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +5 -4 lines
merge conflicts.

Revision 1.1.1.6 (vendor branch): download - view: text, markup, annotated - select for diffs
Fri Nov 8 17:58:11 2013 UTC (11 years, 1 month ago) by christos
Branches: OPENSSH
CVS tags: v64-20131107
Diff to: previous 1.1.1.5: preferred, colored
Changes since revision 1.1.1.5: +4 -3 lines
Import new openssh to address

Changes since OpenSSH 6.3
=========================

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Checksums:
==========

 - SHA1 (openssh-6.4.tar.gz) = 4caf1a50eb3a3da821c16298c4aaa576fe24210c
 - SHA1 (openssh-6.4p1.tar.gz) = cf5fe0eb118d7e4f9296fbc5d6884965885fc55d

Reporting Bugs:
===============

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

Revision 1.6.2.1: download - view: text, markup, annotated - select for diffs
Wed May 23 10:07:05 2012 UTC (12 years, 6 months ago) by yamt
Branches: yamt-pagecache
CVS tags: yamt-pagecache-tag8
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -3 lines
sync with head.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Wed May 2 02:41:08 2012 UTC (12 years, 7 months ago) by christos
Branches: MAIN
CVS tags: yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, khorben-n900, agc-symver-base, agc-symver
Branch point for: tls-maxphys
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -3 lines
merge OpenSSH 6.0

Features:

 * ssh-keygen(1): Add optional checkpoints for moduli screening
 * ssh-add(1): new -k option to load plain keys (skipping certificates)
 * sshd(8): Add wildcard support to PermitOpen, allowing things like
   "PermitOpen localhost:*".  bz #1857
 * ssh(1): support for cancelling local and remote port forwards via the
   multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
   to request the cancellation of the specified forwardings
 * support cancellation of local/dynamic forwardings from ~C commandline

Bugfixes:

 * ssh(1): ensure that $DISPLAY contains only valid characters before
   using it to extract xauth data so that it can't be used to play local
   shell metacharacter games.
 * ssh(1): unbreak remote portforwarding with dynamic allocated listen ports
 * scp(1): uppress adding '--' to remote commandlines when the first
   argument does not start with '-'. saves breakage on some
   difficult-to-upgrade embedded/router platforms
 * ssh(1)/sshd(8): fix typo in IPQoS parsing: there is no "AF14" class,
   but there is an "AF21" class
 * ssh(1)/sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during
   rekeying
 * ssh(1): skip attempting to create ~/.ssh when -F is passed
 * sshd(8): unbreak stdio forwarding when ControlPersist is in use; bz#1943
 * sshd(1): send tty break to pty master instead of (probably already
   closed) slave side; bz#1859
 * sftp(1): silence error spam for "ls */foo" in directory with files;
   bz#1683
 * Fixed a number of memory and file descriptor leaks

Revision 1.1.1.5 (vendor branch): download - view: text, markup, annotated - select for diffs
Wed May 2 02:13:25 2012 UTC (12 years, 7 months ago) by christos
Branches: OPENSSH
CVS tags: v62-20130321, v61-20120828, v60-20120421
Diff to: previous 1.1.1.4: preferred, colored
Changes since revision 1.1.1.4: +1 -2 lines
from ftp.openbsd.org

Revision 1.6: download - view: text, markup, annotated - select for diffs
Wed Sep 7 17:49:19 2011 UTC (13 years, 3 months ago) by christos
Branches: MAIN
CVS tags: yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus
Branch point for: yamt-pagecache, netbsd-6-1, netbsd-6-0, netbsd-6
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -3 lines
merge openssh-5.9

Revision 1.1.1.4 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue Sep 6 20:17:06 2011 UTC (13 years, 3 months ago) by christos
Branches: OPENSSH
CVS tags: v59-20110906
Diff to: previous 1.1.1.3: preferred, colored
Changes since revision 1.1.1.3: +1 -2 lines
new openssh:
See http://www.openssh.com/txt/release-5.9

Revision 1.5: download - view: text, markup, annotated - select for diffs
Mon Aug 29 21:08:54 2011 UTC (13 years, 3 months ago) by joerg
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -2 lines
Use __dead

Revision 1.4: download - view: text, markup, annotated - select for diffs
Mon Jul 25 03:03:10 2011 UTC (13 years, 4 months ago) by christos
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +7 -3 lines
- Merge conflicts
- WARNS=5

Revision 1.1.1.3 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Jul 24 15:08:33 2011 UTC (13 years, 4 months ago) by christos
Branches: OPENSSH
CVS tags: v58-20110724
Diff to: previous 1.1.1.2: preferred, colored
Changes since revision 1.1.1.2: +6 -3 lines
from ftp.openbsd.org

Revision 1.3: download - view: text, markup, annotated - select for diffs
Sun Dec 27 01:40:47 2009 UTC (14 years, 11 months ago) by christos
Branches: MAIN
CVS tags: matt-mips64-premerge-20101231, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +14 -5 lines
merge changes.

Revision 1.1.1.2 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Dec 27 01:07:01 2009 UTC (14 years, 11 months ago) by christos
Branches: OPENSSH
CVS tags: v56-20101121, v53-20091226
Diff to: previous 1.1.1.1: preferred, colored
Changes since revision 1.1.1.1: +13 -4 lines
import openssh 5.3

Revision 1.2: download - view: text, markup, annotated - select for diffs
Sun Jun 7 22:38:47 2009 UTC (15 years, 6 months ago) by christos
Branches: MAIN
CVS tags: matt-premerge-20091211
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +5 -3 lines
Merge in our changes:
- conditionalize login_cap
- conditionalize bsd_auth
- bring in pam from portable
- restore krb5, krb4, afs, skey
- bring in hpn patches, disable mt aes cipher, keep speedups and cipher none
- add ignore root rhosts option
- fix ctype macro arguments
- umac is broken, disable it
- better ~homedir handling
- netbsd style tunnels
- urandom, xhome, chrootdir, rescuedir NetBSD handling
- utmp/utmpx handling
- handle tty posix_vdisable properly
- handle setuid and unsetuid the posix way instead of setresuid()
- add all missing functions
- add new moduli
- add build glue

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Sun Jun 7 22:19:14 2009 UTC (15 years, 6 months ago) by christos
Branches: OPENSSH
CVS tags: v52-20090607
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
import 5.2 from ftp.openbsd.org

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sun Jun 7 22:19:14 2009 UTC (15 years, 6 months ago) by christos
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>