Release notes are available at https://www.openssh.com/txt/release-9.2
OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.
Some other notable items from the release notes:
* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.
* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.
* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.
* sshd(8): add a -V (version) option to sshd like the ssh client has.
* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.
* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976
* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This update contains only documentation changes (new main repository
URL and changed mail address of the program author) and changes to
the build system that do not affect the FreeBSD base system build.
MFC after: 3 days
Introduced in commit 613fe53, _REVISION was redefined to be just the
major version (14) instead of major.minor (14.0) iff:
- PKG_VERSION was not overridden (default), and
- Branch was -CURRENT, -STABLE, or -PRERELEASE.
This introduced side effects in other parts of the code which expected
_REVISION to be major.minor:
- make-pkg-package.sh target triple became amd64-portbld-freebsd14
(should be amd64-portbld-freebsd14.0);
- Versioned cross dev symlink name became amd64-freebsd14-<tool>
(should be amd64-freebsd14.0-<tool>)
Also, compounded with commit ea9a92d (which was introduced afterward
and removed minor version from _REVISION incorrectly using :S with a
regex) this also caused pkgbase repo to use a wrong PKG_ABI with a minor
version (FreeBSD:14.0:amd64) when a custom PKG_VERSION was specified.
(Note, without a custom PKG_VERSION the bug was not triggered because in
that case _REVISION was already major-only.)
This commit fixes both problems by introducing and using MAJOR_REVISION
instead of redefining _REVISION. Existing uses of _REVISION now see
major.minor again, except PKG_ABI (ex: FreeBSD:14:amd64, as described
above) and PKG_VERSION (ex: 14.snap20220311121531) need only the major
version and now use MAJOR_REVISION instead.
PR: 262600, 262601
Reviewed by: imp, emaste
Pull Request: https://github.com/freebsd/freebsd-src/pull/592
The testloop function is called with various parameters, but those
were ignored in the coreutils-c-test script. This was an oversight
and is fixed by passing the option to all invocations of the hash
functions in this test script.
Reported by: des
MFC after: 3 days
Largely untested, as we can't really do anything with user probes
without an implementation of fasttrap. However, this is enough to
generate an embedded dtrace program with `dtrace -G` and link the
generated ELF file.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38301
Pretty trivial following other implementations. The existing
dtrace_getustack_common() does most of the work.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38303
The unwind logic was copied from AArch64 which follows the peculiar
AACPS (where, unlike typical RISC architectures, its frame pointer
follows an x86/stack machine-like convention where the frame pointer
points at the bottom of the frame record, not the top). Delete the
pointless riscv_frame struct and fix this.
Reviewed by: mhorne
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D28054
We must detect the correct amount to increment sepc, as it may have been
a compressed instruction that triggered the fault.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38299
In order to read or write userspace memory without generating an access
fault, we must first enable the SUM bit in the sstatus CSR.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38298
