o Fix OpenSSH xauth(1) command injection. [SA-16:14]
o Fix incorrect argument validation in sysarch(2). [SA-16:15]
o Fix Hyper-V KVP (Key-Value Pair) daemon indefinite sleep. [EN-16:04]

Errata: FreeBSD-EN-16:04.hyperv
Security: FreeBSD-SA-16:14.openssh-xauth, CVE-2016-3115
Security: FreeBSD-SA-16:15.sysarch, CVE-2016-1885
Approved by: so

Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFH (r263712): upgrade openssh to 6.6p1
MFH (r264308): restore p level in debugging output

MFH (r261320): upgrade openssh to 6.5p1
MFH (r261340): enable sandboxing by default

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.

PR: bin/176740
Submitted by: John Marshall <john.marshall@riverwillow.com.au>
MFC after: 1 week

Upgrade OpenSSH to 6.1p1.

Upgrade to OpenSSH 5.9p1.

MFC after: 3 months

Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by: bz
Approved by: re (kib), des (maintainer)

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.6p1.

Remove copyright strings printed at login time via login(1) or sshd(8).
It is not clear to what this copyright should apply, and this is in line
with what other operating systems do.

For ssh specifically, printing of the copyright string is not in the
upstream version so this reduces our FreeBSD-local diffs.

Approved by: core, des (ssh)

Upgrade to OpenSSH 5.5p1.

Upgrade to OpenSSH 5.4p1.

MFC after: 1 month

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Consistently set svn:eol-style.

Resolve conflicts.

Merge conflicts.

MFC after: 1 week

Merge conflicts.

Resolve conflicts.

Resolve conflicts.

Resolve conflicts

Resolve conflicts.

Resolve conflicts.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Correct more cases of allocation size bookkeeping being updated before
calling functions which can potentially fail and cause cleanups to be
invoked.

Submitted by: Solar Designer <solar@openwall.com>

Resolve conflicts.

Back out a lastlog-related change which is no longer relevant.

Resolve conflicts.

sshd didn't handle actual size of struct sockaddr correctly,
and did copy it as long as just size of struct sockaddr. So,
If connection is via IPv6, sshd didn't log hostname into utmp
correctly.
This problem occured only under FreeBSD because of our hack.
However, this is potential problem of OpenSSH-portable, and
they agreed to fix this.
Though, there is no fixed version of OpenSSH-portable available
yet, since this problem is serious for IPv6 users, I commit the
fix.

Reported by: many people
Reviewed by: current@ and stable@ (no objection)
MFC after: 3 days

Do login cap calls _before_ descriptors are hardly closed because close may
invalidate login cap descriptor.

Reviewed by: des

Problems addressed:

1) options.print_lastlog was not honored.
2) "Last login: ..." was printed twice.
3) "copyright" was not printed
4) No newline was before motd.

Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)

Resolve conflicts.

Sponsored by: DARPA, NAI Labs

Make sure the environment variables set by setusercontext() are passed on
to the child process.

Reviewed by: ache
Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Correctly export the environment variables set by setusercontext().

Sponsored by: DARPA, NAI Labs

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

1) Proberly conditionalize PAM "last login" printout.
2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block,
narrow it down.
3) Don't check the same conditions twice (for "copyright" and "welcome"),
put them under single block.
4) Print \n between "copyright" and "welcome" as our login does.

Reviewed by: des (1)

Don't report last login time in PAM case. (perforce change 10057)

Sponsored by: DARPA, NAI Labs

Move LOGIN_CAP calls before all file descriptors are closed hard, since some
descriptors may be used by LOGIN_CAP internally, add login_close().

Use "nocheckmail" LOGIN_CAP capability too like our login does.

Fix TZ & TERM handling for use_login case of rev. 1.24

1) Surprisingly, "CheckMail" handling code completely removed from this
version, so documented "CheckMail" option exists but does nothing.
Bring it back to life adding code back.

2) Cosmetique. Reduce number of args in do_setusercontext()

1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old
code merge.

2) In addition honor "timezone" and "term" capabilities from login.conf,
not overwrite them once they set (they are TZ and TERM variables).

Please repeat after me: setusercontext() modifies _current_ environment, but
sshd uses separate child_env. So, to make setusercontext() really does
something, environment must be switched before call and passed to child_env
back after it.

The error here was that modified environment not passed back to child_env,
so all variables that setusercontext() adds are lost, including ones from
~/.login_conf

Fix some warnings. Don't record logins twice in USE_PAM case. Strip
"/dev/" off the tty name before passing it to auth_ttyok or PAM.

Inspired by: dinoex
Sponsored by: DARPA, NAI Labs

Align for const poisoning in -lutil.

Fix conflicts.

Use login_getpwclass() instead of login_getclass() so that default
mapping of user login classes works.

Obtained from: TrustedBSD project
Sponsored by: DARPA, NAI Labs

Do not pass user-defined environmental variables to /usr/bin/login.

Obtained from: OpenBSD
Approved by: green

In the "UseLogin yes" case we need env to be NULL to make sure it
will be correctly initialised.

PR: 32065
Tested by: The Anarcat <anarcat@anarcat.dyndns.org>
MFC after: 3 days

Switch to the user's uid before attempting to unlink the auth forwarding
file, nullifying the effects of a race.

Obtained from: OpenBSD

Fix conflicts for OpenSSH 2.9.

Reenable the SIGPIPE signal handler default in all cases for spawned
sessions.

Actually propagate back to the rest of the application that a command
was specified when using -t mode with the SSH client.

Submitted by: Dima Dorfman <dima@unixfreak.org>

The PAM support for our OpenSSH is sponsored by Enitel ASA.

PAM support by: Eivind Eklund <eivind@FreeBSD.org>

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

ttyname was not being passed into do_login(), so we were erroneously picking
up the function definition from unistd.h instead. Use s->tty instead.

Submitted by: peter

Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody
was using this feature.

Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.

Fix syntax error in previous commit.

Submitted by: Udo Schweigert <ust@cert.siemens.de>

Fix security botch in "UseLogin Yes" case: commands are executed with
uid 0.

Obtained from: OpenBSD

Bring vendor patches onto the main branch, and resolve conflicts.

Unbreak Kerberos5 compilation. This still remains untested.

Noticed by: obrien

Resolve conflicts and update for FreeBSD.

This commit was generated by cvs2svn to compensate for changes in r60573,
which included commits to RCS files with non-trunk default branches.

Initial import of OpenSSH v2.1.