|
Revision tags: release/14.0.0, release/13.2.0 |
|
| #
4d3fc8b0 |
| 16-Mar-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):
ssh: Update to OpenSSH 9.3p1
This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):
This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
f374ba41 |
| 06-Feb-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.2p1
Release notes are available at https://www.openssh.com/txt/release-9.2
OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory saf
ssh: update to OpenSSH 9.2p1
Release notes are available at https://www.openssh.com/txt/release-9.2
OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.
Some other notable items from the release notes:
* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.
* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.
* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.
* sshd(8): add a -V (version) option to sshd like the ssh client has.
* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.
* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976
* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/12.4.0, release/13.1.0 |
|
| #
87c1498d |
| 15-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v9.0p1
Release notes are available at https://www.openssh.com/txt/release-9.0
Some highlights:
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exch
ssh: update to OpenSSH v9.0p1
Release notes are available at https://www.openssh.com/txt/release-9.0
Some highlights:
* ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("sntrup761x25519-sha512@openssh.com").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange
(the previous default) as a backstop against any weaknesses in
NTRU Prime that may be discovered in the future. The combination
ensures that the hybrid exchange offers at least as good security
as the status quo.
* sftp-server(8): support the "copy-data" extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00. bz2948
* sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
This commit excludes the scp(1) change to use the SFTP protocol by
default; that change will immediately follow.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0 |
|
| #
e477abf7 |
| 27-Nov-2012 |
Alexander Motin <mav@FreeBSD.org> |
MFC @ r241285
|
| #
a10c6f55 |
| 11-Nov-2012 |
Neel Natu <neel@FreeBSD.org> |
IFC @ r242684
|
| #
23090366 |
| 04-Nov-2012 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Sync from head
|
| #
24bf3585 |
| 04-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r233826 through r240095.
|
| #
462c32cb |
| 03-Sep-2012 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade OpenSSH to 6.1p1.
|
|
Revision tags: release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0 |
|
| #
124981e1 |
| 21-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
MFH OpenSSH 5.4p1
|
|
Revision tags: release/7.3.0_cvs, release/7.3.0 |
|
| #
1a0fda2b |
| 04-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
IFH@204581
|
|
Revision tags: release/8.0.0_cvs, release/8.0.0 |
|
| #
1ee774f6 |
| 02-Oct-2009 |
Oleksandr Tymoshenko <gonzo@FreeBSD.org> |
- MFC
|
| #
7aee6ffe |
| 01-Oct-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.3p1.
|
|
Revision tags: release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
| #
d4af9e69 |
| 01-Aug-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went a
Upgrade to OpenSSH 5.1p1.
I have worked hard to reduce diffs against the vendor branch. One
notable change in that respect is that we no longer prefer DSA over
RSA - the reasons for doing so went away years ago. This may cause
some surprises, as ssh will warn about unknown host keys even for
hosts whose keys haven't changed.
MFC after: 6 weeks
show more ...
|
|
Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0, release/6.2.0_cvs, release/6.2.0 |
|
| #
761efaa7 |
| 30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.4p1.
|
| #
a435c625 |
| 30-Sep-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r162852,
which included commits to RCS files with non-trunk default branches.
|
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0 |
|
| #
021d409f |
| 22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.3p1.
|
| #
4f87d658 |
| 22-Mar-2006 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r157016,
which included commits to RCS files with non-trunk default branches.
|
|
Revision tags: release/6.0.0_cvs, release/6.0.0 |
|
| #
043840df |
| 03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1.
|
| #
f8a2a7f1 |
| 03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r149749,
which included commits to RCS files with non-trunk default branches.
|
| #
5e8dbd04 |
| 05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1.
|
| #
1f6afdc0 |
| 05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r146998,
which included commits to RCS files with non-trunk default branches.
|
|
Revision tags: release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0 |
|
| #
d74d50a8 |
| 28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.9p1.
|
| #
3b4228da |
| 28-Oct-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r137015,
which included commits to RCS files with non-trunk default branches.
|
|
Revision tags: release/4.10.0_cvs, release/4.10.0 |
|
| #
efcad6b7 |
| 26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1.
|
| #
6b475b41 |
| 26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
This commit was generated by cvs2svn to compensate for changes in r126274,
which included commits to RCS files with non-trunk default branches.
|