Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

ssh: update to OpenSSH 9.1p1

Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used. bz3438

* ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.

New features
------------

* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).

* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.

* sftp(1): use "users-groups-by-id@openssh.com" sftp-server
extension (when available) to fill in user/group names for
directory listings.

* sftp-server(8): support the "home-directory" extension request
defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.

* ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.

Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow. bz3468

* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"

* ssh-keygen(1): allow the existing -U (use agent) flag to work
with "-Y sign" operations, where it will be interpreted to require
that the private keys is hosted in an agent; bz3429

MFC after: 2 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

ssh: move common Makefile boilerplate to a new ssh.mk

This moves SSHDIR and ssh_namespace.h handling to a common location,
and will simplify future work such as adding U2F support (D32509).

Reviewed by: kevans
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32808

MFH

Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.2p2.

MFH r289384-r293170

Sponsored by: The FreeBSD Foundation

Replace unneeded manual dependency on header by adding it to SRCS.

bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if
there is not yet a depend file. The headers in SRCS are never built or
installed. After 'make depend' the header was already added as a proper
dependency on the objects where needed.

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division

Finish merging from head, messed up in previous attempt

Remove remnant from USEPRIVATELIB removal

Sponsored by: gandi.net

Move ssh into a dedicated package
Flag config files as "to be merged on upgrade"

Reduce overlinking
The framework now ensure by itself that pthread is added to the link chain
as the last component if linked to kerberos hence avoid with out any explicit
addition prevent issue like CVE-2014-8475

Convert to LIBADD
Reduce overlinking

Rework privatelib/internallib

Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric: https://phabric.freebsd.org/D553
Reviewed by: imp, emaste

Replace all uses of libncurses and libtermcap with their wide character
variants. This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run: antoine
PR: 189842
Discussed with: bapt
Sponsored by: DARPA, AFRL

Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.

Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.

Approved by: re (blanket)

Make libldns and libssh private.

Approved by: re (blanket)

Upgrade to OpenSSH 5.3p1.

Fix static compilation.

Add a manual dependency on ssh_namespace.h.

Discussed with: ru

Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by: lukem@netbsd.org
MFC after: 6 weeks

Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by: ru

Make libssh an INTERNALLIB like it is in {Net,Open}BSD.

Update for OpenSSH 4.1p1.

Update for 3.8p1, including workaround for a bug in gss-genr.c.

Update Makefiles for OpenSSH 3.7.1p2.

Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by: des

No guts, no glory. Switch to OpenSSH-portable.

Sponsored by: DARPA, NAI Labs

My previous style commits weren't entirely right. Fix some bugs I
introduced, and a few more I hadn't yet fixed.

Submitted by: bde

Adjust for OpenSSH 3.1.

Sponsored by: DARPA, NAI Labs

Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by: markm

Add pam_ssh support to the static PAM library, libpam.a:

- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
dynamic linkage with -lssh.

Reviewed by: des, markm
Approved by: markm

Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).

ssh: move common Makefile boilerplate to a new ssh.mk

This moves SSHDIR and ssh_namespace.h handling to a common location,
and will simplify future work such as adding U2F support (D32509).

Reviewed by: kevans
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32808

Replace unneeded manual dependency on header by adding it to SRCS.

bsd.lib.mk and bsd.prog.mk already depend all objs on headers in SRCS if
there is not yet a depend file. The headers in SRCS are never built or
installed. After 'make depend' the header was already added as a proper
dependency on the objects where needed.

MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division

Remove remnant from USEPRIVATELIB removal

Sponsored by: gandi.net

Move ssh into a dedicated package
Flag config files as "to be merged on upgrade"

Reduce overlinking
The framework now ensure by itself that pthread is added to the link chain
as the last component if linked to kerberos hence avoid with out any explicit
addition prevent issue like CVE-2014-8475

Convert to LIBADD
Reduce overlinking

Rework privatelib/internallib

Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.

Phabric: https://phabric.freebsd.org/D553
Reviewed by: imp, emaste

Replace all uses of libncurses and libtermcap with their wide character
variants. This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run: antoine
PR: 189842
Discussed with: bapt
Sponsored by: DARPA, AFRL

Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.

Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.

Approved by: re (blanket)

Make libldns and libssh private.

Approved by: re (blanket)

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

MFH OpenSSH 5.4p1

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Fix static compilation.

Add a manual dependency on ssh_namespace.h.

Discussed with: ru

Introduce a namespace munging hack inspired by NetBSD to avoid polluting
the namespace of applications which inadvertantly link in libssh (usually
through pam_ssh)

Suggested by: lukem@netbsd.org
MFC after: 6 weeks

Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by: ru

Make libssh an INTERNALLIB like it is in {Net,Open}BSD.

Update for OpenSSH 4.1p1.

Update for 3.8p1, including workaround for a bug in gss-genr.c.

Update Makefiles for OpenSSH 3.7.1p2.

Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by: des

No guts, no glory. Switch to OpenSSH-portable.

Sponsored by: DARPA, NAI Labs

My previous style commits weren't entirely right. Fix some bugs I
introduced, and a few more I hadn't yet fixed.

Submitted by: bde

Adjust for OpenSSH 3.1.

Sponsored by: DARPA, NAI Labs

Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by: markm

Add pam_ssh support to the static PAM library, libpam.a:

- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
dynamic linkage with -lssh.

Reviewed by: des, markm
Approved by: markm

Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).