#
a91a2465 |
|
18-Mar-2024 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.7p1 This release contains mostly bugfixes. It also makes support for the DSA signature algorithm a compile-time option, with plans to disable it upstream later this year and remove support entirely in 2025. Full release notes at https://www.openssh.com/txt/release-9.7 Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
edf85781 |
|
09-Oct-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.5p1 Excerpts from the release notes: Potentially incompatible changes -------------------------------- * ssh-keygen(1): generate Ed25519 keys by default. [NOTE: This change was already merged into FreeBSD.] * sshd(8): the Subsystem directive now accurately preserves quoting of subsystem commands and arguments. New features ------------ * ssh(1): add keystroke timing obfuscation to the client. * ssh(1), sshd(8): Introduce a transport-level ping facility. * sshd(8): allow override of Sybsystem directives in sshd Match blocks. Full release notes at https://www.openssh.com/txt/release-9.5 Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
4d3fc8b0 |
|
16-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.3p1 This release fixes a number of security bugs and has minor new features and bug fixes. Security fixes, from the release notes (https://www.openssh.com/txt/release-9.3): This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable, but we report most network-reachable memory faults as security bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. Sponsored by: The FreeBSD Foundation
|
#
f374ba41 |
|
06-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.2p1 Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
835ee05f |
|
22-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: drop $FreeBSD$ from crypto/openssh After we moved to git $FreeBSD$ is no longer expanded and serves no purpose. Remove them from OpenSSH to reduce diffs against upstream. Sponsored by: The FreeBSD Foundation |
#
19780592 |
|
18-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove duplicate setting of MAIL env var We already set it earlier in do_setup_env(). Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") MFC after: 1 week Sponsored by: The FreeBSD Foundation |
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days |
#
2f513db7 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Upgrade to OpenSSH 7.9p1. MFC after: 2 months Sponsored by: The FreeBSD Foundation
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
47dd1d1b |
|
11-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.7p1.
|
#
4f52dfbb |
|
08-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1. This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
|
#
d93a896e |
|
03-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH. |
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch |
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option. |
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
6888a9be |
|
22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week |
#
462c32cb |
|
03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) |
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
e2f6069c |
|
11-Nov-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.6p1.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) |
#
8ad9b54a |
|
28-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.5p1.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1. |
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week |
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1. |
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. |
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1. |
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts |
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1. |
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1. |
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no |
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2. |
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com> |
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1. |
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant. |
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days |
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des |
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders) |
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs |
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline. |
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1. |
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs |
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs |
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3. |
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1) |
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs |
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does. |
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24 |
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext() |
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables). |
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf |
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs |
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil. |
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs |
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green |
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days |
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD |
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9. |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions. |
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org> |
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org> |
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release). |
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green |
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 |
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de> |
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD |
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts. |
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com> |
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien |
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD. |
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1. |
#
edf85781 |
|
09-Oct-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.5p1 Excerpts from the release notes: Potentially incompatible changes -------------------------------- * ssh-keygen(1): generate Ed25519 keys by default. [NOTE: This change was already merged into FreeBSD.] * sshd(8): the Subsystem directive now accurately preserves quoting of subsystem commands and arguments. New features ------------ * ssh(1): add keystroke timing obfuscation to the client. * ssh(1), sshd(8): Introduce a transport-level ping facility. * sshd(8): allow override of Sybsystem directives in sshd Match blocks. Full release notes at https://www.openssh.com/txt/release-9.5 Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
4d3fc8b0 |
|
16-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.3p1 This release fixes a number of security bugs and has minor new features and bug fixes. Security fixes, from the release notes (https://www.openssh.com/txt/release-9.3): This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable, but we report most network-reachable memory faults as security bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. Sponsored by: The FreeBSD Foundation
|
#
f374ba41 |
|
06-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.2p1 Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
835ee05f |
|
22-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: drop $FreeBSD$ from crypto/openssh After we moved to git $FreeBSD$ is no longer expanded and serves no purpose. Remove them from OpenSSH to reduce diffs against upstream. Sponsored by: The FreeBSD Foundation |
#
19780592 |
|
18-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove duplicate setting of MAIL env var We already set it earlier in do_setup_env(). Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") MFC after: 1 week Sponsored by: The FreeBSD Foundation |
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days |
#
2f513db7 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Upgrade to OpenSSH 7.9p1. MFC after: 2 months Sponsored by: The FreeBSD Foundation
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
47dd1d1b |
|
11-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.7p1.
|
#
4f52dfbb |
|
08-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1. This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
|
#
d93a896e |
|
03-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH. |
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch |
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option. |
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
6888a9be |
|
22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week |
#
462c32cb |
|
03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) |
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
e2f6069c |
|
11-Nov-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.6p1.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) |
#
8ad9b54a |
|
28-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.5p1.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1. |
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week |
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1. |
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. |
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1. |
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts |
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1. |
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1. |
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no |
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2. |
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com> |
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1. |
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant. |
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days |
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des |
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders) |
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs |
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline. |
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1. |
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs |
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs |
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3. |
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1) |
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs |
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does. |
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24 |
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext() |
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables). |
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf |
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs |
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil. |
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs |
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green |
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days |
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD |
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9. |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions. |
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org> |
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org> |
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release). |
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green |
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 |
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de> |
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD |
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts. |
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com> |
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien |
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD. |
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1. |
#
4d3fc8b0 |
|
16-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.3p1 This release fixes a number of security bugs and has minor new features and bug fixes. Security fixes, from the release notes (https://www.openssh.com/txt/release-9.3): This release contains fixes for a security problem and a memory safety problem. The memory safety problem is not believed to be exploitable, but we report most network-reachable memory faults as security bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer. Sponsored by: The FreeBSD Foundation
|
#
f374ba41 |
|
06-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.2p1 Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
835ee05f |
|
22-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: drop $FreeBSD$ from crypto/openssh After we moved to git $FreeBSD$ is no longer expanded and serves no purpose. Remove them from OpenSSH to reduce diffs against upstream. Sponsored by: The FreeBSD Foundation |
#
19780592 |
|
18-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove duplicate setting of MAIL env var We already set it earlier in do_setup_env(). Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") MFC after: 1 week Sponsored by: The FreeBSD Foundation |
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days |
#
2f513db7 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Upgrade to OpenSSH 7.9p1. MFC after: 2 months Sponsored by: The FreeBSD Foundation
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
47dd1d1b |
|
11-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.7p1.
|
#
4f52dfbb |
|
08-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1. This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
|
#
d93a896e |
|
03-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH. |
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch |
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option. |
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
6888a9be |
|
22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week |
#
462c32cb |
|
03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) |
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
e2f6069c |
|
11-Nov-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.6p1.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) |
#
8ad9b54a |
|
28-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.5p1.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1. |
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week |
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1. |
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. |
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1. |
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts |
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1. |
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1. |
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no |
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2. |
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com> |
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1. |
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant. |
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days |
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des |
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders) |
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs |
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline. |
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1. |
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs |
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs |
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3. |
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1) |
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs |
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does. |
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24 |
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext() |
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables). |
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf |
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs |
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil. |
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs |
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green |
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days |
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD |
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9. |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions. |
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org> |
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org> |
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release). |
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green |
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 |
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de> |
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD |
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts. |
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com> |
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien |
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD. |
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1. |
#
f374ba41 |
|
06-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.2p1 Release notes are available at https://www.openssh.com/txt/release-9.2 OpenSSH 9.2 contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable. These fixes have already been committed to OpenSSH 9.1 in FreeBSD. Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499 MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
835ee05f |
|
22-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: drop $FreeBSD$ from crypto/openssh After we moved to git $FreeBSD$ is no longer expanded and serves no purpose. Remove them from OpenSSH to reduce diffs against upstream. Sponsored by: The FreeBSD Foundation |
#
19780592 |
|
18-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove duplicate setting of MAIL env var We already set it earlier in do_setup_env(). Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") MFC after: 1 week Sponsored by: The FreeBSD Foundation |
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days |
#
2f513db7 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Upgrade to OpenSSH 7.9p1. MFC after: 2 months Sponsored by: The FreeBSD Foundation
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
47dd1d1b |
|
11-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.7p1.
|
#
4f52dfbb |
|
08-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1. This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
|
#
d93a896e |
|
03-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH. |
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch |
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option. |
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
6888a9be |
|
22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week |
#
462c32cb |
|
03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) |
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
e2f6069c |
|
11-Nov-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.6p1.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) |
#
8ad9b54a |
|
28-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.5p1.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1. |
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week |
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1. |
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. |
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1. |
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts |
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1. |
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1. |
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no |
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2. |
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com> |
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1. |
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant. |
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days |
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des |
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders) |
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs |
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline. |
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1. |
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs |
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs |
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3. |
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1) |
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs |
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does. |
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24 |
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext() |
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables). |
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf |
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs |
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil. |
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs |
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green |
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days |
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD |
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9. |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions. |
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org> |
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org> |
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release). |
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green |
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 |
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de> |
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD |
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts. |
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com> |
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien |
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD. |
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1. |
#
835ee05f |
|
22-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: drop $FreeBSD$ from crypto/openssh After we moved to git $FreeBSD$ is no longer expanded and serves no purpose. Remove them from OpenSSH to reduce diffs against upstream. Sponsored by: The FreeBSD Foundation
|
#
19780592 |
|
18-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: remove duplicate setting of MAIL env var We already set it earlier in do_setup_env(). Fixes: 19261079b743 ("openssh: update to OpenSSH v8.7p1") MFC after: 1 week Sponsored by: The FreeBSD Foundation
|
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days |
#
2f513db7 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Upgrade to OpenSSH 7.9p1. MFC after: 2 months Sponsored by: The FreeBSD Foundation
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
47dd1d1b |
|
11-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.7p1.
|
#
4f52dfbb |
|
08-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1. This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
|
#
d93a896e |
|
03-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH. |
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch |
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option. |
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
6888a9be |
|
22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week |
#
462c32cb |
|
03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) |
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
e2f6069c |
|
11-Nov-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.6p1.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) |
#
8ad9b54a |
|
28-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.5p1.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1. |
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week |
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1. |
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. |
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1. |
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts |
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1. |
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1. |
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no |
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2. |
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com> |
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1. |
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant. |
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days |
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des |
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders) |
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs |
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline. |
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1. |
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs |
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs |
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3. |
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1) |
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs |
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does. |
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24 |
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext() |
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables). |
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf |
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs |
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil. |
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs |
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green |
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days |
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD |
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9. |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions. |
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org> |
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org> |
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release). |
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green |
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 |
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de> |
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD |
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts. |
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com> |
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien |
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD. |
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1. |
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days |
#
2f513db7 |
|
14-Feb-2020 |
Ed Maste <emaste@FreeBSD.org> |
Upgrade to OpenSSH 7.9p1. MFC after: 2 months Sponsored by: The FreeBSD Foundation
|
#
190cef3d |
|
10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1. Approved by: re (kib@)
|
#
47dd1d1b |
|
11-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.7p1.
|
#
4f52dfbb |
|
08-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1. This completely removes client-side support for the SSH 1 protocol, which was already disabled in 12 but is still enabled in 11. For that reason, we will not be able to merge 7.6p1 or newer back to 11.
|
#
d93a896e |
|
03-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
#
ca86bcf2 |
|
05-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.4p1.
|
#
076ad2f8 |
|
01-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH. |
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch |
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option. |
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). |
#
b83788ff |
|
25-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.6p1.
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
6888a9be |
|
22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support for a key revocation list and more fine-grained authentication control.
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week |
#
462c32cb |
|
03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
#
e146993e |
|
05-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1. MFC after: 3 months
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer) |
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
e2f6069c |
|
11-Nov-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.6p1.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh) |
#
8ad9b54a |
|
28-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.5p1.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
7aee6ffe |
|
01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
#
cce7d346 |
|
22-May-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.2p1. MFC after: 3 months
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1. |
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week |
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1. |
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. |
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1. |
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts |
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1. |
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1. |
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no |
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2. |
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com> |
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1. |
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant. |
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days |
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des |
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders) |
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs |
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline. |
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1. |
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs |
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs |
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3. |
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1) |
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs |
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does. |
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24 |
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext() |
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables). |
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf |
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs |
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil. |
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs |
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green |
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days |
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD |
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9. |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions. |
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org> |
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org> |
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release). |
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green |
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09 |
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter |
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature. |
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de> |
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD |
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts. |
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com> |
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien |
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD. |
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1. |
#
6d0d51a4 |
|
29-Mar-2020 |
Kyle Evans <kevans@FreeBSD.org> |
openssh: -fno-common fix from upstream f47d72ddad This is currently staged in vendor/ as part of the 8.0p1 import, which isn't quite ready to land. Given that this is a simple one-line fix, apply it now as the fallout will be pretty minimal. -fno-common will become the default in GCC10/LLVM11. MFC after: 3 days
|
#
60c59fad |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
As previously threatened, remove the HPN patch from OpenSSH.
|
#
af126736 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Revert inadvertent commit of an incorrect patch
|
#
db83e542 |
|
24-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove description of the now-defunct NoneEnabled option.
|
#
5bec830e |
|
11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$").
|
#
2ec88e9d |
|
13-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's own umask setting (from ~/.login.conf) unless running with the user's UID. Therefore, we need to call it again with LOGIN_SETUMASK after changing UID. PR: bin/176740 Submitted by: John Marshall <john.marshall@riverwillow.com.au> MFC after: 1 week
|
#
89986192 |
|
03-Aug-2011 |
Brooks Davis <brooks@FreeBSD.org> |
Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer)
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
905571c0 |
|
28-Sep-2010 |
Ed Maste <emaste@FreeBSD.org> |
Remove copyright strings printed at login time via login(1) or sshd(8). It is not clear to what this copyright should apply, and this is in line with what other operating systems do. For ssh specifically, printing of the copyright string is not in the upstream version so this reduces our FreeBSD-local diffs. Approved by: core, des (ssh)
|
#
124981e1 |
|
21-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
MFH OpenSSH 5.4p1
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
62efe23a |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
92eb0aa1 |
|
10-Nov-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.5p1.
|
#
333ee039 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts. MFC after: 1 week
|
#
761efaa7 |
|
30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1.
|
#
b74df5b2 |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge conflicts.
|
#
021d409f |
|
22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1.
|
#
d4ecd108 |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1.
|
#
aa49c926 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
4518870c |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.1p1.
|
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1.
|
#
21e764df |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts
|
#
d74d50a8 |
|
28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1.
|
#
5962c0e9 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
52028650 |
|
20-Apr-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8.1p1.
|
#
1ec0d754 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1.
|
#
cf2b5f3b |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts and remove obsolete files. Sponsored by: registrar.no
|
#
d95e11bf |
|
07-Jan-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.7.1p2.
|
#
b69cd7f2 |
|
17-Sep-2003 |
Jacques Vidrine <nectar@FreeBSD.org> |
Correct more cases of allocation size bookkeeping being updated before calling functions which can potentially fail and cause cleanups to be invoked. Submitted by: Solar Designer <solar@openwall.com>
|
#
e73e9afa |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
d0c8c0bc |
|
23-Apr-2003 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.6.1p1.
|
#
3600b2f4 |
|
14-Dec-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Back out a lastlog-related change which is no longer relevant.
|
#
f388f5ef |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts.
|
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1.
|
#
7ac32603 |
|
09-Sep-2002 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
sshd didn't handle actual size of struct sockaddr correctly, and did copy it as long as just size of struct sockaddr. So, If connection is via IPv6, sshd didn't log hostname into utmp correctly. This problem occured only under FreeBSD because of our hack. However, this is potential problem of OpenSSH-portable, and they agreed to fix this. Though, there is no fixed version of OpenSSH-portable available yet, since this problem is serious for IPv6 users, I commit the fix. Reported by: many people Reviewed by: current@ and stable@ (no objection) MFC after: 3 days
|
#
bccd7616 |
|
05-Aug-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Do login cap calls _before_ descriptors are hardly closed because close may invalidate login cap descriptor. Reviewed by: des
|
#
59ac432a |
|
25-Jul-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Problems addressed: 1) options.print_lastlog was not honored. 2) "Last login: ..." was printed twice. 3) "copyright" was not printed 4) No newline was before motd. Reviewed by: maintainer's silence in 2 weeks (with my constant reminders)
|
#
a82e551f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Sponsored by: DARPA, NAI Labs
|
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1.
|
#
c62005fc |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Make sure the environment variables set by setusercontext() are passed on to the child process. Reviewed by: ache Sponsored by: DARPA, NAI Labs
|
#
989dd127 |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Forcibly revert to mainline.
|
#
83d2307d |
|
27-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3p1.
|
#
6f562d40 |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Correctly export the environment variables set by setusercontext(). Sponsored by: DARPA, NAI Labs
|
#
80628bac |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs
|
#
545d5eca |
|
23-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.3.
|
#
098de0c1 |
|
22-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Proberly conditionalize PAM "last login" printout. 2) For "copyright" case #ifdef HAVE_LOGIN_CAP was placed on too big block, narrow it down. 3) Don't check the same conditions twice (for "copyright" and "welcome"), put them under single block. 4) Print \n between "copyright" and "welcome" as our login does. Reviewed by: des (1)
|
#
6e8ced7f |
|
22-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Don't report last login time in PAM case. (perforce change 10057) Sponsored by: DARPA, NAI Labs
|
#
940bc501 |
|
21-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Move LOGIN_CAP calls before all file descriptors are closed hard, since some descriptors may be used by LOGIN_CAP internally, add login_close(). Use "nocheckmail" LOGIN_CAP capability too like our login does.
|
#
a37da82a |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Fix TZ & TERM handling for use_login case of rev. 1.24
|
#
b36e10ee |
|
20-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Surprisingly, "CheckMail" handling code completely removed from this version, so documented "CheckMail" option exists but does nothing. Bring it back to life adding code back. 2) Cosmetique. Reduce number of args in do_setusercontext()
|
#
32eb065e |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
1) Fix overlook in my prev. commit - forget HAVE_ prefix in one place in old code merge. 2) In addition honor "timezone" and "term" capabilities from login.conf, not overwrite them once they set (they are TZ and TERM variables).
|
#
03df31a6 |
|
19-Apr-2002 |
Andrey A. Chernov <ache@FreeBSD.org> |
Please repeat after me: setusercontext() modifies _current_ environment, but sshd uses separate child_env. So, to make setusercontext() really does something, environment must be switched before call and passed to child_env back after it. The error here was that modified environment not passed back to child_env, so all variables that setusercontext() adds are lost, including ones from ~/.login_conf
|
#
ca991461 |
|
14-Apr-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix some warnings. Don't record logins twice in USE_PAM case. Strip "/dev/" off the tty name before passing it to auth_ttyok or PAM. Inspired by: dinoex Sponsored by: DARPA, NAI Labs
|
#
f2f306b6 |
|
08-Apr-2002 |
Ruslan Ermilov <ru@FreeBSD.org> |
Align for const poisoning in -lutil.
|
#
af12a3e7 |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Fix conflicts.
|
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1
|
#
885a59f2 |
|
27-Feb-2002 |
Brian Feldman <green@FreeBSD.org> |
Use login_getpwclass() instead of login_getclass() so that default mapping of user login classes works. Obtained from: TrustedBSD project Sponsored by: DARPA, NAI Labs
|
#
1c5093bb |
|
02-Dec-2001 |
Jacques Vidrine <nectar@FreeBSD.org> |
Do not pass user-defined environmental variables to /usr/bin/login. Obtained from: OpenBSD Approved by: green
|
#
46fdbb8a |
|
19-Nov-2001 |
David Malone <dwmalone@FreeBSD.org> |
In the "UseLogin yes" case we need env to be NULL to make sure it will be correctly initialised. PR: 32065 Tested by: The Anarcat <anarcat@anarcat.dyndns.org> MFC after: 3 days
|
#
e9fd63df |
|
08-Jun-2001 |
Brian Feldman <green@FreeBSD.org> |
Switch to the user's uid before attempting to unlink the auth forwarding file, nullifying the effects of a race. Obtained from: OpenBSD
|
#
ca3176e7 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Fix conflicts for OpenSSH 2.9.
|
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson
|
#
46c9472c |
|
10-Mar-2001 |
Brian Feldman <green@FreeBSD.org> |
Reenable the SIGPIPE signal handler default in all cases for spawned sessions.
|
#
926581ed |
|
20-Jan-2001 |
Brian Feldman <green@FreeBSD.org> |
Actually propagate back to the rest of the application that a command was specified when using -t mode with the SSH client. Submitted by: Dima Dorfman <dima@unixfreak.org>
|
#
09958426 |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org>
|
#
5b9b2faf |
|
04-Dec-2000 |
Brian Feldman <green@FreeBSD.org> |
Import of OpenSSH 2.3.0 (virgin OpenBSD source release).
|
#
c2d3a559 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green
|
#
b66f2d16 |
|
10-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH post-2.2.0 snapshot dated 2000-09-09
|
#
5ed779ad |
|
04-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
ttyname was not being passed into do_login(), so we were erroneously picking up the function definition from unistd.h instead. Use s->tty instead. Submitted by: peter
|
#
939c3290 |
|
02-Sep-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Err, we weren't even compiling auth1.c with LOGIN_CAP at all. Guess nobody was using this feature.
|
#
fb633b30 |
|
11-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix syntax error in previous commit. Submitted by: Udo Schweigert <ust@cert.siemens.de>
|
#
95e2a710 |
|
10-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Fix security botch in "UseLogin Yes" case: commands are executed with uid 0. Obtained from: OpenBSD
|
#
db1cb46c |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Bring vendor patches onto the main branch, and resolve conflicts.
|
#
fcee55a2 |
|
03-Jun-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Import vendor patch originally submitted by the below author: don't treat failure to create the authentication agent directory in /tmp as a fatal error, but disable agent forwarding. Submitted by: Jan Koum <jkb@yahoo-inc.com>
|
#
b787acb5 |
|
17-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Unbreak Kerberos5 compilation. This still remains untested. Noticed by: obrien
|
#
e8aafc91 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Resolve conflicts and update for FreeBSD.
|
#
a04a10f8 |
|
14-May-2000 |
Kris Kennaway <kris@FreeBSD.org> |
Initial import of OpenSSH v2.1.
|