#
e600fc72 |
|
18-Mar-2024 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove deprecated client VersionAddendum Support for a client VersionAddendum was removed in bffe60ead024, but the option was retained (as oDeprecated) as a transition aid. Sufficient time has passed that it can be removed. Sponsored by: The FreeBSD Foundation
|
#
14e78a36 |
|
15-Aug-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Remove note about memory leak now resolved upstream OpenSSH 9.4p1 (updated in commit 535af610a4fd) includes the memory leak fix that we originally applied in 69c72a57af84 ("sftp: avoid leaking path arg in calls to make_absolute_pwd_glob."). Sponsored by: The FreeBSD Foundation
|
#
348bea10 |
|
02-Aug-2023 |
Ed Maste <emaste@FreeBSD.org> |
openssh: retire HPN option handling The HPN patch set was removed from base system SSH in January 2016, in commit 60c59fad8806. We retained the option parsing (using OpenSSH's support for deprecated options) to avoid breaking existing installations upon upgrade, but sufficient time has now passed that we can remove this special case. Approved by: des Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D41291
|
#
d5e2d0f1 |
|
17-Jul-2023 |
Ed Maste <emaste@FreeBSD.org> |
openssh: document a locally-applied workaround We have a local hacky workaround for an issue caused by a hacky upstream autoconf test. Reported upstream on the OpenSSH mailing list: https://lists.mindrot.org/pipermail/openssh-unix-dev/2022-May/040242.html PR: 209441 Sponsored by: The FreeBSD Foundation
|
#
9faa27f2 |
|
29-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update FREEBSD-upgrade for upstream CheckHostIP default change We changed the CheckHostIP default to "no" years ago. Upstream has now made the same change, so do not list it as a local change any longer. I did not just remove the "Modified client-side defaults" section to avoid having to renumber everything, and we may add a new local change in the future. Sponsored by: The FreeBSD Foundation
|
#
c888b3b2 |
|
21-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
sftp: add description of memory leak fix
|
#
6834ca8a |
|
23-Feb-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update FREEBSD-upgrade instructions Make it clear that the 'freebsd-configure.sh' and 'freebsd-namespace.sh' scripts are run from the crypto/openssh directory. Sponsored by: The FreeBSD Foundation
|
#
41ff5ea2 |
|
16-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: default VerifyHostKeyDNS to no, following upstream Revert to upstream's default. Using VerifyHostKeyDNS may depend on a trusted nameserver and network path. This reverts commit 83c6a5242c80160fff76fb85454938761645b0c4. Reported by: David Leadbeater, G-Research Reviewed by: gordon Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D38648
|
#
232b4f33 |
|
07-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: add information on hostname canonicalization patch We introduced hostname canonicalization in 2002, while upstream OpenSSH added similar support in 2014. It would be good to review our handling of CNAMEs in hostname canonicalization. Sponsored by: The FreeBSD Foundation
|
#
77934b7a |
|
14-Nov-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: default X11Forwarding to no, following upstream Administrators can enable it if required. Reviewed by: bz, kevans Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D37411
|
#
c755a7cc |
|
05-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove old reference from update instructions ssh_config and ssh_config.5 no longer contain the VersionAddendum, so remove instructions to update these files. Fixes: bffe60ead024 ("ssh: retire client VersionAddendum") Sponsored By: The FreeBSD Foundation
|
#
9b7eddfe |
|
16-Jan-2023 |
Ed Maste <emaste@FreeBSD.org> |
openssh: remove mention of now-unused svn:keywords Reported by: gshapiro
|
#
8974fa45 |
|
13-Dec-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: describe two additional changes present in base system ssh Sponsored by: The FreeBSD Foundation
|
#
a752e011 |
|
12-Dec-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove note about local change to [Use]PrivilegeSeparation We documented "[Use]PrivilegeSeparation defaults to sandbox" as one of our modifications to ssh's server-side defaults, but this is not (any longer) a difference from upstream. Sponsored by: The FreeBSD Foundation
|
#
c72f2597 |
|
14-Nov-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove VersionAddendum from list of client side config changes Fixes: bffe60ead024 ("ssh: retire client VersionAddendum") Sponsored by: The FreeBSD Foundation
|
#
fca7ac55 |
|
06-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove pre- and post-merge update steps We no longer use the pre- and post-merge scripts to strip/add RCS tags. The tags have been removed from main, but persist on older branches. While here renumber the steps in the update documentation using a more conventional scheme. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36904
|
#
a1e39f96 |
|
10-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
nanobsd: remove unmodified copies of ssh config files Nanobsd included copies of ssh_config and sshd_config. The former is identical to the one provided by the base system, and the latter is identical except for PermitRootLogin, which is updated by nanobsd's cust_allow_ssh_root anyhow. Remove nanobsd's copies and use the existing base system ones. Reported by: Jose Luis Duran <jlduran@gmail.com> in D34937 Reviewed by: Jose Luis Duran <jlduran@gmail.com>, imp Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36933
|
#
6f7bc8e7 |
|
19-Aug-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: describe deprecated options in general in update doc Rename "HPN" to more general "Retired patches." We handle two now- removed patches the same way: to avoid breaking existing configurations we accept, but ignore, the option. Sponsored by: The FreeBSD Foundation
|
#
97be6fce |
|
19-Aug-2022 |
Ed Maste <emaste@FreeBSD.org> |
openssh: Remove description of VersionAddendum in upgrade doc
|
#
835ee05f |
|
22-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: drop $FreeBSD$ from crypto/openssh After we moved to git $FreeBSD$ is no longer expanded and serves no purpose. Remove them from OpenSSH to reduce diffs against upstream. Sponsored by: The FreeBSD Foundation
|
#
9340d69e |
|
01-Mar-2022 |
Mark Johnston <markj@FreeBSD.org> |
openssh: Add a note to check for deprecated and removed config options Suggested by: emaste MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
ab7d0959 |
|
23-Feb-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: add command to push tag to FREEBSD-upgrade instructions Because it appears `git push --follow-tags` may push extra, undesired tags document both techniques (pushing the specific vendor/openssh/X.YpZ tag and pushing all with --follow-tags, using --dry-run first). Discussed with: imp, lwhsu Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33605
|
#
2e6ec1e4 |
|
23-Feb-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove 11.x from FREEBSD-upgrade instructions 11.x is no longer supported.
|
#
438fd19d |
|
20-Nov-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: mention nanobsd config files in upgrade instructions Sponsored by: The FreeBSD Foundation
|
#
b645ee18 |
|
09-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: remove update notes about upstreamed changes Two local changes were committed upstream and are present in OpenSSH 8.7p1. Remove references from FREEBSD-upgrade now that we have updated to that version.
|
#
f3fd8850 |
|
01-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update note about class-based login restrictions
|
#
35a03425 |
|
30-Aug-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: add information about a local change
|
#
576b477b |
|
23-Apr-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: add a note about pushing vendor updates Sponsored by: The FreeBSD Foundation
|
#
519496a5 |
|
22-Feb-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: document two changes that are now upstream These patches can be removed once we update to 8.5p1 or later.
|
#
74c59ab7 |
|
09-Feb-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: port upgrade doc and script to git Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D28564
|
#
952d18a2 |
|
27-Jul-2020 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Remove AES-CBC ciphers from default server and client lists A base system OpenSSH update in 2016 or so removed a number of ciphers from the default lists offered by the server/client, due to known weaknesses. This caused POLA issues for some users and prompted PR207679; the ciphers were restored to the default lists in r296634. When upstream removed these ciphers from the default server list, they moved them to the client-only default list. They were subsequently removed from the client default, in OpenSSH 7.9p1. The change has persisted long enough. Remove these extra ciphers from both the server and client default lists, in advance of FreeBSD 13. Reviewed by: markm, rgrimes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25833
|
#
99b201c3 |
|
25-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Add a note about deleted files in OpenSSH upgrade instructions
|
#
9fcda2f4 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Update OpenSSH upgrade instructions to use https, not ftp ftp://ftp.openbsd.org/ does not work.
|
#
e491358c |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
sshd: add upgrade process note about TCP wrappers We need to add user-facing deprecation notices for TCP wrappers; start with a note in the upgrade process docmentation. Sponsored by: The FreeBSD Foundation
|
#
4c3ccd96 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
openssh: add a note about libwrap in config.h LIBWRAP is defined by the Makefile based on MK_TCP_WRAPPERS and should not be defined in config.h. PR: 210141 Sponsored by: The FreeBSD Foundation
|
#
b23ddc58 |
|
06-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update the repository URLs.
|
#
9ded3306 |
|
03-Aug-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove DSA from default cipher list and disable SSH1. Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for reasons which boil down to POLA. Now is a good time to catch up. MFC after: 3 days Relnotes: yes
|
#
c3c6c935 |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Re-add AES-CBC ciphers to the default cipher list on the server. PR: 207679
|
#
c4cd1fa4 |
|
27-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Switch UseDNS back on
|
#
0591b689 |
|
20-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update the instructions and the list of major local modifications.
|
#
cf783db1 |
|
24-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a pre-merge script which reverts mechanical changes such as added $FreeBSD$ tags and man page dates. Add a post-merge script which reapplies these changes. Run both scripts to normalize the existing code base. As a result, many files which should have had $FreeBSD$ tags but didn't now have them. Partly rewrite the upgrade instructions and remove the now outdated list of tricks.
|
#
0085282b |
|
23-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise. Approved by: re (marius)
|
#
009fd5a7 |
|
23-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert r247892 now that this has been fixed upstream.
|
#
d9bb67e8 |
|
06-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Explicitly disable lastlog, utmp and wtmp.
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
cb7b8027 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Catch up with reality.
|
#
1c71974b |
|
06-Feb-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix the Xlist so it actually works with 'tar -X', and update the upgrade instructions accordingly.
|
#
e66498cd |
|
01-Oct-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update configure options and add some missing steps. The section about our local changes needs reviewing, and some of those changes should probably be reconsidered (such as preferring DSA over RSA, which made sense when RSA was encumbered but probably doesn't any more)
|
#
e1fe3dba |
|
17-Mar-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Reimplementation of world/kernel build options. For details, see: http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html The src.conf(5) manpage is to follow in a few days. Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
#
6dbd30e7 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update for 4.1p1.
|
#
d49dad04 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Better Xlist command line.
|
#
3ee07a3a |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Document recently changed configuration defaults.
|
#
c880b043 |
|
25-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update the "overview of FreeBSD changes to OpenSSH-portable" to reflect reality.
|
#
e2fb0b2a |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Update to reflect changes since the last version.
|
#
2d61bc67 |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Nit.
|
#
d73be2d9 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correct shell code to expand globs in FREEBSD-Xlist
|
#
b8110726 |
|
08-Sep-2002 |
Jun Kuriyama <kuriyama@FreeBSD.org> |
Fix typo (s@src/crypto/openssh-portable@src/crypto/openssh@).
|
#
21f19a0c |
|
05-Jul-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
(forgot to commit) We don't need --with-opie since PAM takes care of it.
|
#
ba11afcc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Document the upgrade process.
|