| #
2abea9df |
| 01-Jul-2024 |
Philip Paeps <philip@FreeBSD.org> |
openssh: Fix pre-authentication remote code execution in sshd.
Reported by: Qualys Threat Research Unit (TRU)
Approved by: so
Security: FreeBSD-SA-24:04.openssh
Security: CVE-2024-6387
|
|
Revision tags: release/14.1.0, release/13.3.0 |
|
| #
069ac184 |
| 05-Jan-2024 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.6p1
From the release notes,
> This release contains a number of security fixes, some small features
> and bugfixes.
The most significant change in 9.6p1 is a set of fixes
ssh: Update to OpenSSH 9.6p1
From the release notes,
> This release contains a number of security fixes, some small features
> and bugfixes.
The most significant change in 9.6p1 is a set of fixes for a newly-
discovered weakness in the SSH transport protocol. The fix was already
merged into FreeBSD and released as FreeBSD-SA-23:19.openssh.
Full release notes at https://www.openssh.com/txt/release-9.6
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/14.0.0, release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
e9e8876a |
| 19-Dec-2021 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.8p1
OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.
The security update was already
ssh: update to OpenSSH v8.8p1
OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.
The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/12.3.0 |
|
| #
19261079 |
| 08-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new ho
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
show more ...
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
| #
3af64f03 |
| 11-Sep-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r338392 through r338594.
|
| #
190cef3d |
| 10-Sep-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.8p1.
Approved by: re (kib@)
|
|
Revision tags: release/11.2.0 |
|
| #
4f52dfbb |
| 09-May-2018 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. F
Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.
This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.
show more ...
|
|
Revision tags: release/10.4.0 |
|
| #
083c8ded |
| 13-Aug-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r322451
|
| #
0275f9db |
| 11-Aug-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r321383 through r322397.
|
| #
79210755 |
| 04-Aug-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r322057
|
| #
d93a896e |
| 04-Aug-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.5p1.
|
|
Revision tags: release/11.1.0 |
|
| #
076ad2f8 |
| 02-Mar-2017 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.3p1.
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
f9421853 |
| 25-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: The FreeBSD Foundation
|
| #
d9b9dae1 |
| 22-Jan-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r294169 through r294598.
|
| #
009e81b1 |
| 22-Jan-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFH @r294567
|
| #
eccfee6e |
| 20-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.0p1.
|
|
Revision tags: release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0 |
|
| #
064bee34 |
| 30-Oct-2013 |
Peter Grehan <grehan@FreeBSD.org> |
MFC @ r256071
This is just prior to the bhyve_npt_pmap import so will allow
just the change to be merged for easier debug.
|
| #
0bfd163f |
| 18-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r233826 through r256722.
|
| #
3caf0790 |
| 13-Oct-2013 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge head@256284
|
| #
1ccca3b5 |
| 10-Oct-2013 |
Alan Somers <asomers@FreeBSD.org> |
IFC @256277
Approved by: ken (mentor)
|
| #
27650413 |
| 02-Oct-2013 |
Mark Murray <markm@FreeBSD.org> |
MFC - tracking update.
|
|
Revision tags: release/9.2.0 |
|
| #
e4a9863f |
| 21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1.
Approved by: re (gjb)
|
| #
552311f4 |
| 17-Jul-2013 |
Xin LI <delphij@FreeBSD.org> |
IFC @253398
|
| #
cfe30d02 |
| 19-Jun-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge fresh head.
|
|
Revision tags: release/8.4.0 |
|
| #
69e6d7b7 |
| 12-Apr-2013 |
Simon J. Gerraty <sjg@FreeBSD.org> |
sync from head
|