Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFH (r264691): merge upstream patch for EC calculation bug

MFH (r237568, r255422, r255460, r255766, r255767, r255774, r255829,
r256126, r257954, r261320, r261499, r263691, r263712): upgrade to
OpenSSH 6.6p1 via 6.3p1, 6.4p1 and 6.5p1.

Differences relative to head:

- No DNSSEC support since stable/9 does not have LDNS
- Sandboxing off by default, and uses rlimit instead of Capsicum
- ED25519 moved to the bottom of the order of preference to avoid
"new public key" warnings

Pull in OpenSSH 6.2p2 from head.

Pull in OpenSSH 6.1 from head.

OpenSSH: allow VersionAddendum to be used again

Prior to this, setting VersionAddendum will be a no-op: one will
always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum
set in the config and a bare BASE_VERSION + VERSION_HPN when there
is no VersionAddendum is set.

HPN patch requires both parties to have the "hpn" inside their
advertized versions, so we add VERSION_HPN to the VERSION_BASE
if HPN is enabled and omitting it if HPN is disabled.

VersionAddendum now uses the following logics:
* unset (default value): append " " and VERSION_ADDENDUM;
* VersionAddendum is set and isn't empty: append " "
and VersionAddendum;
* VersionAddendum is set and empty: don't append anything.

Approved by: des
Reviewed by: bz

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links). Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher. The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line. Additionally, the None cypher will only be activated after
authentication is complete. To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by: bz
Approved by: re (kib), des (maintainer)

Upgrade to OpenSSH 5.8p2.

Upgrade to OpenSSH 5.6p1.

Enhance r199804 by marking the daemonised child as immune to OOM instead
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.

Submitted by: Mykola Dzham <i levsha me>
Reviewed by: attilio
MFC after: 1 week

Upgrade to OpenSSH 5.4p1.

MFC after: 1 month

Make OpenSSH work with utmpx.

- Partially revert r184122 (sshd.c). Our ut_host is now big enough to
fit proper hostnames.

- Change config.h to match reality.

- defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows
the utmpx code to work. This makes no sense to me. I've already
mentioned this upstream.

- Add our own platform-specific handling of lastlog. The version I will
send to the OpenSSH folks will use proper autoconf generated
definitions instead of `#if 1'.

Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from: Sandvine Incorporated
Reviewed by: emaste, arch@
Sponsored by: Sandvine Incorporated
MFC: 1 month

Upgrade to OpenSSH 5.3p1.

Upgrade to OpenSSH 5.2p1.

MFC after: 3 months

At some point, construct_utmp() was changed to use realhostname() to fill
in the struct utmp due to concerns about the length of the hostname buffer.
However, this breaks the UseDNS option. There is a simpler and better
solution: initialize utmp_len to the correct value (UT_HOSTSIZE instead of
MAXHOSTNAMELEN) and let get_remote_name_or_ip() worry about the size of the
buffer.

PR: bin/97499
Submitted by: Bruce Cran <bruce@cran.org.uk>
MFC after: 1 week

Upgrade to OpenSSH 5.1p1.

I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.

MFC after: 6 weeks

Consistently set svn:eol-style.

Resolve conflicts.

Tweak ifdefs for backward compatibility.

Merge conflicts.

MFC after: 1 week

Merge conflicts.

Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)

Resolve conflicts.

Resolve conflicts.

Resolve conflicts

Resolve conflicts.

Resolve conflicts.

Resolve conflicts and remove obsolete files.

Sponsored by: registrar.no

Fix off-by-one and initialization errors which prevented sshd from
restarting when sent a SIGHUP.

Submitted by: tegge
Approved by: re (jhb)

Resolve conflicts.

Force early initialization of the resolver library, since the resolver
configuration files will no longer be available once sshd is chrooted.

PR: 39953, 40894
Submitted by: dinoex
MFC after: 3 days

Resolve conflicts.

Resolve conflicts.

Sponsored by: DARPA, NAI Labs

Forcibly revert to mainline.

Resolve conflicts. Known issues:

- sshd fails to set TERM correctly.
- privilege separation may break PAM and is currently turned off.
- man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by: DARPA, NAI Labs

Fix conflicts.

Make libssh.so useable (undefined reference to IPv4or6).

Reviewed by: des, markm
Approved by: markm

fix renamed options in some of the code that was #ifdef AFS
also print an error if krb5 ticket passing is disabled

Submitted by: Jonathan Chen <jon@spock.org>

Fix conflicts for OpenSSH 2.9.

Add code for being compatible with ssh.com's krb5 authentication.
It is done by using the same ssh messages for v4 and v5 authentication
(since the ssh.com does not now anything about v4) and looking at the
contents after unpacking it to see if it is v4 or v5.
Based on code from Björn Grönvall <bg@sics.se>

PR: misc/20504

Patches backported from later development version of OpenSSH which prevent
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.

Reviewed by: rwatson

/Really/ deprecate ConnectionsPerPeriod, ripping out the code for it
and giving a dire error to its lingering users.

Fix a long-standing bug that resulted in a dropped session sometimes
when an X11-forwarded client was closed. For some reason, sshd didn't
disable the SIGPIPE exit handler and died a horrible death (well, okay,
a silent death really). Set SIGPIPE's handler to SIG_IGN.

The PAM support for our OpenSSH is sponsored by Enitel ASA.

PAM support by: Eivind Eklund <eivind@FreeBSD.org>

Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0
new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd auth sufficient pam_skey.so
sshd auth required pam_unix.so try_first_pass
sshd session required pam_permit.so

Parts by: Eivind Eklend <eivind@FreeBSD.org>

Fix a few style oddities.

Fix a goof in timevaldiff.

Resolve conflicts and update for OpenSSH 2.2.0

Reviewed by: gshapiro, peter, green

Forced commit. This is to try and help folks that used the international
crypto repo and have slightly different files but with the same version.
cvsup in 'checkout mode' has no trouble with this, but cvs can get really
silly about it.

Allow restarting on SIGHUP when the full path was not given as argv[0].
We do have /proc/curproc/file :)

Also make sure to close the socket that exceeds your rate limit.

Make rate limiting work per-listening-socket. Log better messages than
before for this, requiring a new function (get_ipaddr()). canohost.c
receives a $FreeBSD$ line.

Suggested by: Niels Provos <niels@OpenBSD.org>

Resolve conflicts

Unbreak Kerberos5 compilation. This still remains untested.

Noticed by: obrien

Resolve conflicts and update for FreeBSD.

Resolve conflicts.

Make LOGIN_CAP work properly.

Enable connection logging. FreeBSD's libwrap is IPv6 ready.
OpenSSH is in our source tree, now. It's a time to enable it.

Reviewed by: markm, shin
Approved by: jkh

1) Add kerberos5 functionality.
by Daniel Kouril <kouril@informatics.muni.cz>
2) Add full LOGIN_CAP capability
by Andrey Chernov

Fix a bug that crawled in pretty recently (from the port). It made
sshd coredump :(

Add the patches fom ports (QV: ports/security/openssh/patches/patch-*)

This commit was generated by cvs2svn to compensate for changes in r57429,
which included commits to RCS files with non-trunk default branches.

Vendor import of OpenSSH.