ssh: Update to OpenSSH 9.4p1

Excerpts from the release notes:

* ssh-agent(1): PKCS#11 modules must now be specified by their full
paths. Previously dlopen(3) could search for them in system
library directories.

* ssh(1): allow forwarding Unix Domain sockets via ssh -W.

* ssh(1): add support for configuration tags to ssh(1).
This adds a ssh_config(5) "Tag" directive and corresponding
"Match tag" predicate that may be used to select blocks of
configuration similar to the pf.conf(5) keywords of the same
name.

* ssh(1): add a "match localnetwork" predicate. This allows matching
on the addresses of available network interfaces and may be used to
vary the effective client configuration based on network location.

* ssh-agent(1): improve isolation between loaded PKCS#11 modules
by running separate ssh-pkcs11-helpers for each loaded provider.

* ssh-agent(1), ssh(1): improve defences against invalid PKCS#11
modules being loaded by checking that the requested module
contains the required symbol before loading it.

* ssh(1): don't incorrectly disable hostname canonicalization when
CanonicalizeHostname=yes and ProxyJump was expicitly set to
"none". bz3567

Full release notes at https://www.openssh.com/txt/release-9.4

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH 9.1p1

Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used. bz3438

* ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.

New features
------------

* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).

* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

* sftp(1): use "users-groups-by-id@openssh.com" sftp-server
extension (when available) to fill in user/group names for
directory listings.

* sftp-server(8): support the "home-directory" extension request
defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.

* ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow. bz3468

* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"

* ssh-keygen(1): allow the existing -U (use agent) flag to work
with "-Y sign" operations, where it will be interpreted to require
that the private keys is hosted in an agent; bz3429

MFC after: 2 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

Upgrade to OpenSSH 7.9p1.

MFC after: 2 months
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 7.0p1.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Upgrade to OpenSSH 6.6p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.

Silence printf format warnings.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

ssh: update to OpenSSH 9.1p1

Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used. bz3438

* ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.

New features
------------

* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).

* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

* sftp(1): use "users-groups-by-id@openssh.com" sftp-server
extension (when available) to fill in user/group names for
directory listings.

* sftp-server(8): support the "home-directory" extension request
defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.

* ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow. bz3468

* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"

* ssh-keygen(1): allow the existing -U (use agent) flag to work
with "-Y sign" operations, where it will be interpreted to require
that the private keys is hosted in an agent; bz3429

MFC after: 2 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

Upgrade to OpenSSH 7.9p1.

MFC after: 2 months
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 7.0p1.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Upgrade to OpenSSH 6.6p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.

Silence printf format warnings.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

ssh: update to OpenSSH 9.1p1

Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used. bz3438

* ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.

New features
------------

* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).

* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

* sftp(1): use "users-groups-by-id@openssh.com" sftp-server
extension (when available) to fill in user/group names for
directory listings.

* sftp-server(8): support the "home-directory" extension request
defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.

* ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow. bz3468

* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"

* ssh-keygen(1): allow the existing -U (use agent) flag to work
with "-Y sign" operations, where it will be interpreted to require
that the private keys is hosted in an agent; bz3429

MFC after: 2 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

Upgrade to OpenSSH 7.9p1.

MFC after: 2 months
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 7.0p1.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Upgrade to OpenSSH 6.6p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.

Silence printf format warnings.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

Upgrade to OpenSSH 7.9p1.

MFC after: 2 months
Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

Upgrade to OpenSSH 7.5p1.

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.2p2.

Upgrade to OpenSSH 7.0p1.

Upgrade to OpenSSH 6.9p1.

Upgrade to OpenSSH 6.8p1.

Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after: 1 week

Upgrade to OpenSSH 6.6p1.

Upgrade to 6.3p1.

Approved by: re (gjb)

Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.

Silence printf format warnings.

Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.

Silence printf format warnings.