vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1

Summary of notable changes:

* sshd(8): fix an integer overflow in the user authentication path
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a syst

vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1

Summary of notable changes:

* sshd(8): fix an integer overflow in the user authentication path
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
* ssh(1): unbreak hostbased auth using RSA keys.
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512@openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers.
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
* scp(1): fix a memory leak in argument processing.
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code;
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
* sshd(8): improve logging of errors when opening authorized_keys
files.

For a detailed list of changes, please check:
https://www.openssh.com/releasenotes.html

show more ...

Import OpenSSH-8.8p1

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed, openssh 8.1 and later encrypts private
keys when they are not in use with a symmetric key that is derived from
a relatively large "prekey" consisting of random data (currently 16KB)

- ssh(1), sshd(8), ssh-keygen(1): openssh 8.2 removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will
use the rsa-sha2-512 signature algorithm by default when the
ssh-keygen(1) CA signs new certificates

- ssh(1), sshd(8): openssh 8.2 removes diffie-hellman-group14-sha1 from
the default key exchange proposal for both the client and server

- ssh-keygen(1): the command-line options related to the generation and
screening of safe prime numbers used by the diffie-hellman-group-* key
exchange algorithms have changed, most options have been folded under
the -O flag

- support PKCS8 as an optional format for storage of private keys to disk,
native key format remains the default, but PKCS8 is a superior format to
PEM if interoperability with non-OpenSSH software is required

- ssh(1), sshd(8): prefer to use chacha20 from libcrypto

- sshd(8): the sshd listener process title visible to ps(1) has changed
to include information about the number of connections that are
currently attempting authentication and the limits configured
by MaxStartups

- sshd(8): when clients get denied by MaxStartups, send a notification
prior to the SSH2 protocol banner according to RFC4253 section 4.2

- sshd(8): add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns

- sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts

- sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks

- ssh(1), sshd(8): allow prepending a list of algorithms to the default
set by starting the list with the '^' character, e.g.
"HostKeyAlgorithms ^ssh-ed25519"

- ssh(1): allow forwarding a different agent socket to the path specified
by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in
addition to yes/no

- ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding

- ssh(1): allow %n to be expanded in ProxyCommand strings

- sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it

- sftp(1): check for user@host when parsing sftp target, this allows
user@[1.2.3.4] to work without a path

- sftp(1): fix a race condition in the SIGCHILD handler that could
turn in to a kill(-1)

For detailed list of all improvements, enhancements and bugfixes see
release notes:

https://www.openssh.com/releasenotes.html

show more ...

Import OpenSSH-8.0p1

Import OpenSSH-7.6p1

Import OpenSSH-8.8p1

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed, openssh 8.1 and later encrypts private
keys when they are not in use with a symmetric key that is derived from
a relatively large "prekey" consisting of random data (currently 16KB)

- ssh(1), sshd(8), ssh-keygen(1): openssh 8.2 removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will
use the rsa-sha2-512 signature algorithm by default when the
ssh-keygen(1) CA signs new certificates

- ssh(1), sshd(8): openssh 8.2 removes diffie-hellman-group14-sha1 from
the default key exchange proposal for both the client and server

- ssh-keygen(1): the command-line options related to the generation and
screening of safe prime numbers used by the diffie-hellman-group-* key
exchange algorithms have changed, most options have been folded under
the -O flag

- support PKCS8 as an optional format for storage of private keys to disk,
native key format remains the default, but PKCS8 is a superior format to
PEM if interoperability with non-OpenSSH software is required

- ssh(1), sshd(8): prefer to use chacha20 from libcrypto

- sshd(8): the sshd listener process title visible to ps(1) has changed
to include information about the number of connections that are
currently attempting authentication and the limits configured
by MaxStartups

- sshd(8): when clients get denied by MaxStartups, send a notification
prior to the SSH2 protocol banner according to RFC4253 section 4.2

- sshd(8): add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns

- sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts

- sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks

- ssh(1), sshd(8): allow prepending a list of algorithms to the default
set by starting the list with the '^' character, e.g.
"HostKeyAlgorithms ^ssh-ed25519"

- ssh(1): allow forwarding a different agent socket to the path specified
by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in
addition to yes/no

- ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding

- ssh(1): allow %n to be expanded in ProxyCommand strings

- sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it

- sftp(1): check for user@host when parsing sftp target, this allows
user@[1.2.3.4] to work without a path

- sftp(1): fix a race condition in the SIGCHILD handler that could
turn in to a kill(-1)

For detailed list of all improvements, enhancements and bugfixes see
release notes:

https://www.openssh.com/releasenotes.html

show more ...

Import OpenSSH-8.0p1

ssh(1): Restore default behaviour.

This part in ad5056c75c7ccd8379444d5b953c08015846e23c should be handled
ssh_config. There are no reasons to prevent base ssh(1) and sftp(1) to
fallback to passwor

ssh(1): Restore default behaviour.

This part in ad5056c75c7ccd8379444d5b953c08015846e23c should be handled
ssh_config. There are no reasons to prevent base ssh(1) and sftp(1) to
fallback to password authentification (ssh_config is in user control).

show more ...

sshd - Disable tunneled clear text passwords by default

* Reapply 1cb3a32c13b and c866a462b3. sshd on DragonFlyBSD defaults
to disabling cleartext passwords by default.

Reminded-by: ivadasz

Import OpenSSH-7.6p1

* Import OpeNSSH-7.6p1. Couldn't really merge from the vendor branch
so just brought it in.

* Adjustments for WARNS issues

Import OpenSSH-7.6p1

sshd - Fix default password authentication (2)

* Oops, last commit had to change it in servconf.c, not readconf.c

sshd - Fix default password authentication

* The default for PasswordAuthentication somehow got reverted to
being enabled.

* Disable PasswordAuthentication by default.

* Uncomment PasswordAuthen

sshd - Fix default password authentication

* The default for PasswordAuthentication somehow got reverted to
being enabled.

* Disable PasswordAuthentication by default.

* Uncomment PasswordAuthentication in the default sshd_config,
defaulting to 'no', and always overriding sshd's own defaults.

show more ...

Import OpenSSH-7.3p1.

Remove most local modifications from OpenSSH.

This primarily removes the HPN patches. It's become too cumbersome to
maintain these patches as demonstrated by the fact that we haven't
updated OpenSSH

Remove most local modifications from OpenSSH.

This primarily removes the HPN patches. It's become too cumbersome to
maintain these patches as demonstrated by the fact that we haven't
updated OpenSSH in quite some time. If people want additional
functionality in their OpenSSH, it's available in dports
(security/openssh).

Instead of just silently ignoring removed options in people's
configurations, I decided to treat these as errors so that the admin
will need to decide to remove it from their configuration or install the
dport to get the functionality back.

show more ...

ssh - Remove undocumented roaming support CVE-2016-0777 CVE-2016-0778

* Remove client-side 'roaming' feature as per openbsd patch.

* CVE-2016-0777 CVE-2016-0778. A malicious server can trick the c

ssh - Remove undocumented roaming support CVE-2016-0777 CVE-2016-0778

* Remove client-side 'roaming' feature as per openbsd patch.

* CVE-2016-0777 CVE-2016-0778. A malicious server can trick the client
into potentially leaking key material.

show more ...

Update files for OpenSSH-6.7p1 import.

This also updates the HPN patch to the most recent, which brings in the
multi-threaded cipher for improved performance.

Import OpenSSH-6.7p1.

Import OpenSSH-6.1p1.

Features:

* ssh-keygen(1): Add optional checkpoints for moduli screening
* ssh-add(1): new -k option to load plain keys (skipping certificates)
* sshd(8): Add wildcard supp

Import OpenSSH-6.1p1.

Features:

* ssh-keygen(1): Add optional checkpoints for moduli screening
* ssh-add(1): new -k option to load plain keys (skipping certificates)
* sshd(8): Add wildcard support to PermitOpen, allowing things like
"PermitOpen localhost:*". bz #1857
* ssh(1): support for cancelling local and remote port forwards via the
multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
to request the cancellation of the specified forwardings
* support cancellation of local/dynamic forwardings from ~C commandline
* sshd(8): This release turns on pre-auth sandboxing sshd by default for
new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
* ssh-keygen(1): Add options to specify starting line number and number of
lines to process when screening moduli candidates, allowing processing
of different parts of a candidate moduli file in parallel
* sshd(8): The Match directive now supports matching on the local (listen)
address and port upon which the incoming connection was received via
LocalAddress and LocalPort clauses.
* sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
and {Allow,Deny}{Users,Groups}
* Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
* ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
* sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
an argument to refuse all port-forwarding requests.
* sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
* ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
* sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
to append some arbitrary text to the server SSH protocol banner.

Bugfixes:

* ssh(1): ensure that $DISPLAY contains only valid characters before
using it to extract xauth data so that it can't be used to play local
shell metacharacter games.
* ssh(1): unbreak remote portforwarding with dynamic allocated listen ports
* scp(1): uppress adding '--' to remote commandlines when the first
argument does not start with '-'. saves breakage on some
difficult-to-upgrade embedded/router platforms
* ssh(1)/sshd(8): fix typo in IPQoS parsing: there is no "AF14" class,
but there is an "AF21" class
* ssh(1)/sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during
rekeying
* ssh(1): skip attempting to create ~/.ssh when -F is passed
* sshd(8): unbreak stdio forwarding when ControlPersist is in use; bz#1943
* sshd(1): send tty break to pty master instead of (probably already
closed) slave side; bz#1859
* sftp(1): silence error spam for "ls */foo" in directory with files;
bz#1683
* Fixed a number of memory and file descriptor leaks
* ssh(1)/sshd(8): Don't spin in accept() in situations of file
descriptor exhaustion. Instead back off for a while.
* ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
they were removed from the specification. bz#2023,
* sshd(8): Handle long comments in config files better. bz#2025
* ssh(1): Delay setting tty_flag so RequestTTY options are correctly
picked up. bz#1995
* sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
on platforms that use login_cap.

show more ...

Initial import of binutils 2.22 on the new vendor branch

Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.

Import OpenSSH-5.9p1.

* Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the sy

Import OpenSSH-5.9p1.

* Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
This intention is to prevent a compromised privsep child from being
used to attack other hosts (by opening sockets and proxying) or
probing local kernel attack surface.

The rlimit sandbox is a fallback choice for platforms that don't
support a better one; it uses setrlimit() to reset the hard-limit
of file descriptors and processes to zero, which should prevent
the privsep child from forking or opening new network connections.

* Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
and hmac-sha2-512-96, and are available by default in ssh(1) and
sshd(8)

* The pre-authentication sshd(8) privilege separation slave process
now logs via a socket shared with the master process, avoiding the
need to maintain /dev/log inside the chroot.

* ssh(1) now warns when a server refuses X11 forwarding

* sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace. The undocumented AuthorizedKeysFile2
option is deprecated (though the default for AuthorizedKeysFile
includes .ssh/authorized_keys2)

* sshd_config(5): similarly deprecate UserKnownHostsFile2 and
GlobalKnownHostsFile2 by making UserKnownHostsFile and
GlobalKnownHostsFile accept multiple options and default to
include known_hosts2

* Retain key comments when loading v.2 keys. These will be visible
in "ssh-add -l" and other places. bz#439

* ssh(1) and sshd(8): set IPv6 traffic class from IPQoS (as well as
IPv4 ToS/DSCP). bz#1855

* ssh_config(5)'s ControlPath option now expands %L to the host
portion of the destination host name.

* ssh_config(5) "Host" options now support negated Host matching, e.g.

Host *.example.org !c.example.org
User mekmitasdigoat

Will match "a.example.org", "b.example.org", but not "c.example.org"

* ssh_config(5): a new RequestTTY option provides control over when a
TTY is requested for a connection, similar to the existing -t/-tt/-T
ssh(1) commandline options.

* sshd(8): allow GSSAPI authentication to detect when a server-side
failure causes authentication failure and don't count such failures
against MaxAuthTries; bz#1244

* ssh-keygen(1): Add -A option. For each of the key types (rsa1, rsa,
dsa and ecdsa) for which host keys do not exist, generate the host
keys with the default key file path, an empty passphrase, default
bits for the key type, and default comment. This is useful for
system initialization scripts.

* ssh(1): Allow graceful shutdown of multiplexing: request that a mux
server removes its listener socket and refuse future multiplexing
requests but don't kill existing connections. This may be requested
using "ssh -O stop ..."

* ssh-add(1) now accepts keys piped from standard input. E.g.
"ssh-add - < /path/to/key"

* ssh-keysign(8) now signs hostbased authentication
challenges correctly using ECDSA keys; bz#1858

* sftp(1): document that sftp accepts square brackets to delimit
addresses (useful for IPv6); bz#1847a

* ssh(1): when using session multiplexing, the master process will
change its process title to reflect the control path in use and
when a ControlPersist-ed master is waiting to close; bz#1883 and
bz#1911

* Other minor bugs fixed: 1849 1861 1862 1869 1875 1878 1879 1892
1900 1905 1913

show more ...

Import OpenSSH-5.8p1.

* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6.

* Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (

Import OpenSSH-5.8p1.

* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6.

* Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.

* sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command

* scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host. Without this option the
data is copied directly between the two remote hosts.

* ssh(1): automatically order the hostkeys requested by the client
based on which hostkeys are already recorded in known_hosts. This
avoids hostkey warnings when connecting to servers with new ECDSA
keys, since these are now preferred when learning hostkeys for the
first time.

* ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary
TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput.

* ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races. stale server sockets
are now automatically removed.

* ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
configuration to allow selection of which key exchange methods are
used by ssh(1) and sshd(8) and their order of preference.

* sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into
a generic bandwidth limiter that can be attached using the atomicio
callback mechanism and use it to add a bandwidth limit option to
sftp(1).

BugFixes:

* ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories.

* ssh(1): avoid NULL deref on receiving a channel request on an unknown
or invalid channel;

* sshd(8): remove a debug() that pollutes stderr on client connecting
to a server in debug mode

* scp(1): pass through ssh command-line flags and options when doing
remote-remote transfers, e.g. to enable agent forwarding which is
particularly useful in this case;

* sftp-server(8): umask should be parsed as octal

* sftp(1): escape '[' in filename tab-completion

* ssh(1): Typo in confirmation message.

* sshd(8): prevent free() of string in .rodata when overriding
AuthorizedKeys in a Match block

* sshd(8): Use default shell /bin/sh if $SHELL is ""

* ssh(1): kill proxy command on fatal() (we already killed it on
clean exit);

* ssh(1): install a SIGCHLD handler to reap expiried child process;

* sshd(8): Use correct uid_t/pid_t types instead of int.

show more ...

Import OpenSSH-5.6p1.

Upgrade to OpenSSH-5.3p1.

General Bugfixes:

* Do not limit home directory paths to 256 characters. bz#1615
* Several minor documentation and correctness fixes.

Portable OpenSSH Bugfixes:

* Mov

Upgrade to OpenSSH-5.3p1.

General Bugfixes:

* Do not limit home directory paths to 256 characters. bz#1615
* Several minor documentation and correctness fixes.

Portable OpenSSH Bugfixes:

* Move the deletion of PAM credentials on logout to after the
session close. bz#1534
* Accept ENOSYS as a fallback error when attempting
atomic rename(). bz#1535
* Fix detection of krb5-config. bz#1639
* Fix test for server-assigned remote forwarding port for
non-root users. bz#1578

show more ...