- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Upgrade OpenSSH to 6.1p1.

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.6p1.

Upgrade to OpenSSH 5.4p1.

MFC after: 1 month

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Remove svn:keywords except on files that need it. This makes diffs
against the vendor branch much more readable.

Consistently set svn:eol-style.

Revert an old hack I put in to replace S/Key with OPIE. We haven't used
that code in ages - we use pam_opie(8) instead - so this is a NOP.

Resolve conflicts.

Merge conflicts.

MFC after: 1 week

Merge vendor patch for BSM problem in protocol version 1.

MFC after: 1 week

Merge conflicts.

Resolve conflicts.

Resolve conflicts.

Resolve conflicts

Resolve conflicts.

Resolve conflicts.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Resolve conflicts.

Fix keyboard-interactive authentication for ssh1. The problem was twofold:

- The PAM kbdint device sometimes doesn't know authentication succeeded
until you re-query it. The ssh1 kbdint code would never re-query the
device, so authentication would always fail. This patch has been
submitted to the OpenSSH developers.

- The monitor code for PAM sometimes forgot to tell the monitor that
authentication had succeeded. This caused the monitor to veto the
privsep child's decision to allow the connection.

These patches have been tested with OpenSSH clients on -STABLE, NetBSD and
Linux, and with ssh.com's ssh1 on Solaris.

Sponsored by: DARPA, NAI Labs

Resolve conflicts.

sshd didn't handle actual size of struct sockaddr correctly,
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.

Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days

Don't forget to clear the buffer before reusing it.

Fix a braino in mm_answer_pam_respond() which would cause sshd to abort if
PAM authentication failed due to an incorrect response.

Resolve conflicts.

Sponsored by: DARPA, NAI Labs

PAM support, the FreeBSD way.

Sponsored by: DARPA, NAI Labs

Support OPIE as an alternative to S/Key.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

This commit was generated by cvs2svn to compensate for changes in r98675,
which included commits to RCS files with non-trunk default branches.

Vendor import of OpenSSH 3.3.