|
Revision tags: release/14.0.0, release/13.2.0, release/12.4.0 |
|
| #
38a52bd3 |
| 19-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.1p1
Release notes are available at https://www.openssh.com/txt/release-9.1
9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the c
ssh: update to OpenSSH 9.1p1
Release notes are available at https://www.openssh.com/txt/release-9.1
9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.
Some highlights copied from the release notes:
Potentially-incompatible changes
--------------------------------
* ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
are now first-match-wins to match other directives. Previously
if an environment variable was multiply specified the last set
value would have been used. bz3438
* ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have
not been used by default for some years.
New features
------------
* ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
RSA key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8).
* sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
* sftp(1): use "users-groups-by-id@openssh.com" sftp-server
extension (when available) to fill in user/group names for
directory listings.
* sftp-server(8): support the "home-directory" extension request
defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
a bit with the existing "expand-path@openssh.com", but some other
clients support it.
* ssh-keygen(1), sshd(8): allow certificate validity intervals,
sshsig verification times and authorized_keys expiry-time options
to accept dates in the UTC time zone in addition to the default
of interpreting them in the system time zone. YYYYMMDD and
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
with a 'Z' character.
Also allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
is intended for use by regress tests and other tools that call
ssh-keygen as part of a CA workflow. bz3468
* sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3"
* ssh-keygen(1): allow the existing -U (use agent) flag to work
with "-Y sign" operations, where it will be interpreted to require
that the private keys is hosted in an agent; bz3429
MFC after: 2 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
b626f5a7 |
| 04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170
Sponsored by: The FreeBSD Foundation
|
| #
a5d8944a |
| 19-Nov-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Catch up with head (r291075).
|
| #
5b71b2eb |
| 11-Nov-2015 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Su
Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
show more ...
|
|
Revision tags: release/10.2.0, release/10.1.0, release/9.3.0 |
|
| #
6cec9cad |
| 03-Jun-2014 |
Peter Grehan <grehan@FreeBSD.org> |
MFC @ r266724
An SVM update will follow this.
|
| #
3b8f0845 |
| 28-Apr-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge head
|
| #
84e51a1b |
| 23-Apr-2014 |
Alan Somers <asomers@FreeBSD.org> |
IFC @264767
|
| #
1709ccf9 |
| 29-Mar-2014 |
Martin Matuska <mm@FreeBSD.org> |
Merge head up to r263906.
|
| #
cf783db1 |
| 24-Mar-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the exi
Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.
Add a post-merge script which reapplies these changes.
Run both scripts to normalize the existing code base. As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.
Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
show more ...
|
|
Revision tags: release/10.0.0, release/9.2.0 |
|
| #
552311f4 |
| 17-Jul-2013 |
Xin LI <delphij@FreeBSD.org> |
IFC @253398
|
| #
cfe30d02 |
| 19-Jun-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge fresh head.
|
|
Revision tags: release/8.4.0 |
|
| #
69e6d7b7 |
| 12-Apr-2013 |
Simon J. Gerraty <sjg@FreeBSD.org> |
sync from head
|
| #
6888a9be |
| 22-Mar-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
|
|
Revision tags: release/9.1.0, release/8.3.0_cvs, release/8.3.0 |
|
| #
8fa0b743 |
| 23-Jan-2012 |
Xin LI <delphij@FreeBSD.org> |
IFC @230489 (pending review).
|
|
Revision tags: release/9.0.0 |
|
| #
70d8f36a |
| 27-Oct-2011 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r226824
|
| #
e146993e |
| 06-Oct-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
|
|
Revision tags: release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0 |
|
| #
d2997dab |
| 02-Jun-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Missing commas in Dd
Approved by: re (kib@)
|
| #
e252e85c |
| 02-Jun-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
More commas
|
|
Revision tags: release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
| #
a29f9ec5 |
| 29-Sep-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Our groff doesn't understand $Mdocdate$, so replace them with bare dates.
MFC after: 3 days
|
| #
d4af9e69 |
| 01-Aug-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went a
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
show more ...
|
|
Revision tags: release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
| #
a29f9ec5 |
| 29-Sep-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Our groff doesn't understand $Mdocdate$, so replace them with bare dates.
MFC after: 3 days
|
| #
d4af9e69 |
| 01-Aug-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went a
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
show more ...
|