vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1

Summary of notable changes:

* sshd(8): fix an integer overflow in the user authentication path
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a syst

vendor/OPENSSH: upgrade from 8.8p1 top 9.1p1

Summary of notable changes:

* sshd(8): fix an integer overflow in the user authentication path
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
* ssh(1): unbreak hostbased auth using RSA keys.
* sshd(8): fix truncation in rhosts/shosts path construction.
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512@openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers.
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
* scp(1): fix a memory leak in argument processing.
* ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code;
* ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
Reported by Qualys
* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
* sshd(8): improve logging of errors when opening authorized_keys
files.

For a detailed list of changes, please check:
https://www.openssh.com/releasenotes.html

show more ...

Import OpenSSH-8.8p1

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed, openssh 8.1 and later encrypts private
keys when they are not in use with a symmetric key that is derived from
a relatively large "prekey" consisting of random data (currently 16KB)

- ssh(1), sshd(8), ssh-keygen(1): openssh 8.2 removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will
use the rsa-sha2-512 signature algorithm by default when the
ssh-keygen(1) CA signs new certificates

- ssh(1), sshd(8): openssh 8.2 removes diffie-hellman-group14-sha1 from
the default key exchange proposal for both the client and server

- ssh-keygen(1): the command-line options related to the generation and
screening of safe prime numbers used by the diffie-hellman-group-* key
exchange algorithms have changed, most options have been folded under
the -O flag

- support PKCS8 as an optional format for storage of private keys to disk,
native key format remains the default, but PKCS8 is a superior format to
PEM if interoperability with non-OpenSSH software is required

- ssh(1), sshd(8): prefer to use chacha20 from libcrypto

- sshd(8): the sshd listener process title visible to ps(1) has changed
to include information about the number of connections that are
currently attempting authentication and the limits configured
by MaxStartups

- sshd(8): when clients get denied by MaxStartups, send a notification
prior to the SSH2 protocol banner according to RFC4253 section 4.2

- sshd(8): add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns

- sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts

- sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks

- ssh(1), sshd(8): allow prepending a list of algorithms to the default
set by starting the list with the '^' character, e.g.
"HostKeyAlgorithms ^ssh-ed25519"

- ssh(1): allow forwarding a different agent socket to the path specified
by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in
addition to yes/no

- ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding

- ssh(1): allow %n to be expanded in ProxyCommand strings

- sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it

- sftp(1): check for user@host when parsing sftp target, this allows
user@[1.2.3.4] to work without a path

- sftp(1): fix a race condition in the SIGCHILD handler that could
turn in to a kill(-1)

For detailed list of all improvements, enhancements and bugfixes see
release notes:

https://www.openssh.com/releasenotes.html

show more ...

Import OpenSSH-8.0p1

Import OpenSSH-7.6p1

Import OpenSSH-8.8p1

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel

vendor/openssh: upgrade from 8.0p1 to 8.3p1

Summary of notable changes:

- ssh(1), sshd(8), ssh-agent(1): add protection for private keys at
rest in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed, openssh 8.1 and later encrypts private
keys when they are not in use with a symmetric key that is derived from
a relatively large "prekey" consisting of random data (currently 16KB)

- ssh(1), sshd(8), ssh-keygen(1): openssh 8.2 removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will
use the rsa-sha2-512 signature algorithm by default when the
ssh-keygen(1) CA signs new certificates

- ssh(1), sshd(8): openssh 8.2 removes diffie-hellman-group14-sha1 from
the default key exchange proposal for both the client and server

- ssh-keygen(1): the command-line options related to the generation and
screening of safe prime numbers used by the diffie-hellman-group-* key
exchange algorithms have changed, most options have been folded under
the -O flag

- support PKCS8 as an optional format for storage of private keys to disk,
native key format remains the default, but PKCS8 is a superior format to
PEM if interoperability with non-OpenSSH software is required

- ssh(1), sshd(8): prefer to use chacha20 from libcrypto

- sshd(8): the sshd listener process title visible to ps(1) has changed
to include information about the number of connections that are
currently attempting authentication and the limits configured
by MaxStartups

- sshd(8): when clients get denied by MaxStartups, send a notification
prior to the SSH2 protocol banner according to RFC4253 section 4.2

- sshd(8): add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns

- sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
to allow .shosts files but not .rhosts

- sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks

- ssh(1), sshd(8): allow prepending a list of algorithms to the default
set by starting the list with the '^' character, e.g.
"HostKeyAlgorithms ^ssh-ed25519"

- ssh(1): allow forwarding a different agent socket to the path specified
by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to
accepting an explicit path or the name of an environment variable in
addition to yes/no

- ssh(1): add %TOKEN percent expansion for the LocalFoward and
RemoteForward keywords when used for Unix domain socket forwarding

- ssh(1): allow %n to be expanded in ProxyCommand strings

- sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it

- sftp(1): check for user@host when parsing sftp target, this allows
user@[1.2.3.4] to work without a path

- sftp(1): fix a race condition in the SIGCHILD handler that could
turn in to a kill(-1)

For detailed list of all improvements, enhancements and bugfixes see
release notes:

https://www.openssh.com/releasenotes.html

show more ...

Import OpenSSH-8.0p1

Import OpenSSH-7.6p1

* Import OpeNSSH-7.6p1. Couldn't really merge from the vendor branch
so just brought it in.

* Adjustments for WARNS issues

Import OpenSSH-7.6p1

Import OpenSSH-7.3p1.

Import OpenSSH-6.7p1.

Initial import of binutils 2.22 on the new vendor branch

Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.

Import OpenSSH-5.8p1.

* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6.

* Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (

Import OpenSSH-5.8p1.

* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6.

* Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.

* sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command

* scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host. Without this option the
data is copied directly between the two remote hosts.

* ssh(1): automatically order the hostkeys requested by the client
based on which hostkeys are already recorded in known_hosts. This
avoids hostkey warnings when connecting to servers with new ECDSA
keys, since these are now preferred when learning hostkeys for the
first time.

* ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary
TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput.

* ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races. stale server sockets
are now automatically removed.

* ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
configuration to allow selection of which key exchange methods are
used by ssh(1) and sshd(8) and their order of preference.

* sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into
a generic bandwidth limiter that can be attached using the atomicio
callback mechanism and use it to add a bandwidth limit option to
sftp(1).

BugFixes:

* ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories.

* ssh(1): avoid NULL deref on receiving a channel request on an unknown
or invalid channel;

* sshd(8): remove a debug() that pollutes stderr on client connecting
to a server in debug mode

* scp(1): pass through ssh command-line flags and options when doing
remote-remote transfers, e.g. to enable agent forwarding which is
particularly useful in this case;

* sftp-server(8): umask should be parsed as octal

* sftp(1): escape '[' in filename tab-completion

* ssh(1): Typo in confirmation message.

* sshd(8): prevent free() of string in .rodata when overriding
AuthorizedKeys in a Match block

* sshd(8): Use default shell /bin/sh if $SHELL is ""

* ssh(1): kill proxy command on fatal() (we already killed it on
clean exit);

* ssh(1): install a SIGCHLD handler to reap expiried child process;

* sshd(8): Use correct uid_t/pid_t types instead of int.

show more ...

Import OpenSSH-5.6p1.

Upgrade to OpenSSH-5.2p1.

Security:

* This release changes the default cipher order to prefer the AES CTR
modes and the revised "arcfour256" mode to CBC mode ciphers that are
susceptible to

Upgrade to OpenSSH-5.2p1.

Security:

* This release changes the default cipher order to prefer the AES CTR
modes and the revised "arcfour256" mode to CBC mode ciphers that are
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".

* This release also adds countermeasures to mitigate CPNI-957037-style
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
detection of an invalid packet length or Message Authentication
Code, ssh/sshd will continue reading up to the maximum supported
packet length rather than immediately terminating the connection.
This eliminates most of the known differences in behaviour that
leaked information about the plaintext of injected data which formed
the basis of this attack. We believe that these attacks are rendered
infeasible by these changes.

New features:

* Added a -y option to ssh(1) to force logging to syslog rather than
stderr, which is useful when running daemonised (ssh -f)

* The sshd_config(5) ForceCommand directive now accepts commandline
arguments for the internal-sftp server.

* The ssh(1) ~C escape commandline now support runtime creation of
dynamic (-D) port forwards.

* Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
(bz#1482)

* Support remote port forwarding with a listen port of '0'. This
informs the server that it should dynamically allocate a listen
port and report it back to the client. (bz#1003)

* sshd(8) now supports setting PermitEmptyPasswords and
AllowAgentForwarding in Match blocks

Bug and documentation fixes

* Repair a ssh(1) crash introduced in openssh-5.1 when the client is
sent a zero-length banner (bz#1496)

* Due to interoperability problems with certain
broken SSH implementations, the eow@openssh.com and
no-more-sessions@openssh.com protocol extensions are now only sent
to peers that identify themselves as OpenSSH.

* Make ssh(1) send the correct channel number for
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
avoid triggering 'Non-public channel' error messages on sshd(8) in
openssh-5.1.

* Avoid printing 'Non-public channel' warnings in sshd(8), since the
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
a behaviour introduced in openssh-5.1).

* Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)

* Correct fail-on-error behaviour in sftp(1) batchmode for remote
stat operations. (bz#1541)

* Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
connections. (bz#1543)

* Avoid hang in ssh(1) when attempting to connect to a server that
has MaxSessions=0 set.

* Multiple fixes to sshd(8) configuration test (-T) mode

* Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540

* Many manual page improvements.

show more ...

Move openssh-5/ to openssh/. We don't need a versioned directory.