#
733bf3b1 |
|
09-Nov-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update comment text to match upstream Reported by: bz Obtained from: OpenSSH dffa64480163
|
#
4232f36e |
|
06-Nov-2022 |
Ed Maste <emaste@FreeBSD.org> |
sshd: sync tracing disable with upstream Old versions of FreeBSD do not support using id 0 to refer to the current pid for procctl, so pass getpid() explicitly. Although this is not required in current FreeBSD branches I am merging it to reduce differences with upstream. Obtained from: OpenSSH commit 0f7e1eba5525
|
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
e38610ab |
|
31-Jan-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove unused header Fixes: 0746301c4995 ("ssh: pass 0 to procctl(2) to operate...") Sponsored by: The FreeBSD Foundation |
#
0746301c |
|
20-Jan-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: pass 0 to procctl(2) to operate on self As of f833ab9dd187 procctl(2) allows idtype P_PID with id = 0 as a shortcut for the calling process ID. The shortcut also bypasses the p_cansee / p_candebug test (since the process is able to act on itself.) At present if the security.bsd.unprivileged_proc_debug sysctl is 0 then procctl(P_PID, getpid(), ... for a process to act on itself will fail, but procctl(P_PID, 0, ... will succeed. This should likely be addressed with a kernel change. In any case the id = 0 shortcut is a tiny optimization for a process to act on itself and allows the self-procctl to succeed, so use it in ssh. Reported by: Shawn Webb Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33970 |
#
e9e8876a |
|
19-Dec-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.8p1 OpenSSH v8.8p1 was motivated primarily by a security update and deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes. The security update was already applied to FreeBSD as an independent change, and the RSA/SHA1 deprecation is excluded from this commit but will immediately follow. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
e38610ab |
|
31-Jan-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove unused header Fixes: 0746301c4995 ("ssh: pass 0 to procctl(2) to operate...") Sponsored by: The FreeBSD Foundation
|
#
0746301c |
|
20-Jan-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: pass 0 to procctl(2) to operate on self As of f833ab9dd187 procctl(2) allows idtype P_PID with id = 0 as a shortcut for the calling process ID. The shortcut also bypasses the p_cansee / p_candebug test (since the process is able to act on itself.) At present if the security.bsd.unprivileged_proc_debug sysctl is 0 then procctl(P_PID, getpid(), ... for a process to act on itself will fail, but procctl(P_PID, 0, ... will succeed. This should likely be addressed with a kernel change. In any case the id = 0 shortcut is a tiny optimization for a process to act on itself and allows the self-procctl to succeed, so use it in ssh. Reported by: Shawn Webb Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33970
|
#
e9e8876a |
|
19-Dec-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.8p1 OpenSSH v8.8p1 was motivated primarily by a security update and deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes. The security update was already applied to FreeBSD as an independent change, and the RSA/SHA1 deprecation is excluded from this commit but will immediately follow. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|