Commit Graph

558 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
acc1a9ef83 Upgrade to OpenSSH 7.2p2. 2016-03-11 00:15:29 +00:00
Dag-Erling Smørgrav
b4245df0a8 Document our modified default value for PermitRootLogin. 2016-02-02 10:02:38 +00:00
Dag-Erling Smørgrav
c4cd1fa410 Switch UseDNS back on 2016-01-27 13:40:44 +00:00
Dag-Erling Smørgrav
6362080245 r294563 was incomplete; re-add the client-side options as well. 2016-01-22 14:22:11 +00:00
Dag-Erling Smørgrav
6f3513465d Instead of removing the NoneEnabled option, mark it as unsupported.
(should have done this in r291198, but didn't think of it until now)
2016-01-22 13:13:46 +00:00
Dag-Erling Smørgrav
0591b689c2 Update the instructions and the list of major local modifications. 2016-01-21 12:42:31 +00:00
Dag-Erling Smørgrav
a067b78c9c Explain why we don't include VersionAddendum in the debug mode banner. 2016-01-21 12:41:02 +00:00
Dag-Erling Smørgrav
fc1ba28a5c Upgrade to OpenSSH 7.1p2. 2016-01-21 11:54:34 +00:00
Dag-Erling Smørgrav
acf8e75eb0 Enable DSA keys by default. They were disabled in OpenSSH 6.9p1.
Noticed by:	glebius
2016-01-21 11:10:14 +00:00
Dag-Erling Smørgrav
ca04c57ca9 Take care not to pick up the wrong version of OpenSSL when running in an
environment that has OpenSSL from ports in addition to the base version.
2016-01-21 10:57:45 +00:00
Dag-Erling Smørgrav
0b0dd5086b Remove RCS tags from files in which we no longer have any local
modifications, and add them to two files in which we do.
2016-01-20 23:23:08 +00:00
Dag-Erling Smørgrav
8688f98d23 Remove a number of generated files which are either out-of-date (because
they are never regenerated to reflect our changes) or in the way of
freebsd-configure.sh.
2016-01-20 23:08:57 +00:00
Dag-Erling Smørgrav
eccfee6ebc Upgrade to OpenSSH 7.0p1. 2016-01-20 22:57:10 +00:00
Dag-Erling Smørgrav
557f75e54a Upgrade to OpenSSH 6.9p1. 2016-01-19 18:55:44 +00:00
Dag-Erling Smørgrav
9860d96e8f Re-add HPN configuration options as deprecated options to avoid breaking
existing configurations that use them.  Note that there is no functional
difference between OpenSSH with HPN and OpenSSH without HPN.
2016-01-19 18:38:17 +00:00
Dag-Erling Smørgrav
bc5531debe Upgrade to OpenSSH 6.8p1. 2016-01-19 18:28:23 +00:00
Dag-Erling Smørgrav
00912a2021 Now that we have local modifications in configure.ac and configure, run
autoheader and autoconf to avoid having to patch configure manually.
2016-01-19 17:20:07 +00:00
Dag-Erling Smørgrav
a0ee8cc636 Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed
upstream) and a number of security fixes which we had already backported.

MFC after:	1 week
2016-01-19 16:18:26 +00:00
Dag-Erling Smørgrav
60c59fad88 As previously threatened, remove the HPN patch from OpenSSH. 2016-01-19 14:38:20 +00:00
Dag-Erling Smørgrav
5ecdd3c4d3 Use 'svn list -R' instead of find, and recognize comments in shell scripts
and {ssh,sshd}_config.
2016-01-19 14:25:22 +00:00
Dag-Erling Smørgrav
c1ea5e1a86 Recognize *roff comments. 2016-01-19 13:15:57 +00:00
Dag-Erling Smørgrav
50356f4843 Update the pre- and post-merge scripts to work correctly after the recent
cleanup.  A round-trip (./freebsd-pre-merge.sh ; ./freebsd-post-merge.sh)
now results in an unchanged working copy.
2016-01-19 12:38:53 +00:00
Gleb Smirnoff
1026c03c28 Fix OpenSSH client information leak.
Security:	SA-16:07.openssh
Security:	CVE-2016-0777
2016-01-14 22:40:46 +00:00
Dag-Erling Smørgrav
22f393c35d Incorrect length in calloc() call, already fixed upstream.
PR:		204769
Submitted by:	David Binderman <dcb314@hotmail.com>
MFC after:	1 week
2015-12-17 19:36:25 +00:00
Dag-Erling Smørgrav
6dd7775dfd r291198 inadvertantly reverted a local patch for the default location
of ssh-askpass and xauth, breaking X11 forwarding.
2015-11-26 23:05:40 +00:00
Dag-Erling Smørgrav
af12673615 Revert inadvertent commit of an incorrect patch 2015-11-24 16:07:03 +00:00
Dag-Erling Smørgrav
db83e5424b Remove description of the now-defunct NoneEnabled option. 2015-11-24 16:06:15 +00:00
Dag-Erling Smørgrav
1765946ba9 Retire the NONE cipher option. 2015-11-23 12:48:13 +00:00
Dag-Erling Smørgrav
f2e553364c Remove dead code. 2015-11-11 13:47:23 +00:00
Dag-Erling Smørgrav
845c9bd1d9 One more $Mdocdate$ 2015-11-11 13:27:58 +00:00
Dag-Erling Smørgrav
5bec830e40 Remove /* $FreeBSD$ */ from files that already have __RCSID("$FreeBSD$"). 2015-11-11 13:26:47 +00:00
Dag-Erling Smørgrav
5b71b2ebe0 Now that we have mandoc, we can leave $Mdocdate$ tags as-is. Unfortunately,
there is (currently) no way to make Subversion generate correct $Mdocdate$
tags, but perhas we can teach mandoc to read Subversion's %d format.
2015-11-11 13:23:07 +00:00
Xin LI
1e415e2992 Fix OpenSSH multiple vulnerabilities by backporting three changes
from OpenSSH-portable master.

Git revisions:	45b0eb752c94954a6de046bfaaf129e518ad4b5b
		5e75f5198769056089fb06c4d738ab0e5abc66f7
		d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
Reviewed by:	des
Security:	FreeBSD-SA-15:22.openssh
2015-08-25 20:48:37 +00:00
Xin LI
3a0b9b7735 Fix multiple OpenSSH vulnerabilities.
Security:	CVE-2014-2653
Security:	CVE-2015-5600
Security:	FreeBSD-SA-15:16.openssh
2015-07-28 19:58:38 +00:00
Eric van Gyzen
3e74849a1e ssh: canonicize the host name before looking it up in the host file
Re-apply r99054 by des in 2002.  This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).

This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c

PR:		198043
Differential Revision:	https://reviews.freebsd.org/D3103
Reviewed by:	des
Approved by:	kib (mentor)
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Dell Inc.
2015-07-16 18:44:18 +00:00
Dag-Erling Smørgrav
8a1ab32008 Import new moduli from OpenBSD. Although there is no reason to distrust
the current set, it is good hygiene to change them once in a while.

MFC after:	1 week
2015-05-26 19:46:41 +00:00
Bryan Drewery
e3bd730f60 Use proper CHAN_TCP_PACKET_DEFAULT for agent forwarding when HPN disabled.
The use of CHAN_TCP_WINDOW_DEFAULT here was fixed in upstream OpenSSH
in CVS 1.4810, git 5baa170d771de9e95cf30b4c469ece684244cf3e:

  - dtucker@cvs.openbsd.org 2007/12/28 22:34:47
    [clientloop.c]
    Use the correct packet maximum sizes for remote port and agent forwarding.
    Prevents the server from killing the connection if too much data is queued
    and an excessively large packet gets sent.  bz #1360, ok djm@.

The change was lost due to the the way the original upstream HPN patch
modified this code. It was re-adding the original OpenSSH code and never
was properly fixed to use the new value.

MFC after:	2 weeks
2015-04-02 18:43:25 +00:00
Bryan Drewery
6e57108113 Document "none" for VersionAddendum.
PR:		193127
MFC after:	2 weeks
2015-03-23 02:45:12 +00:00
Steven Hartland
4b0b2f2d1b Change comment about HPNDisabled to match the style of other options to
avoid confusion.

Sponsored by:	Multiplay
2014-05-20 10:28:19 +00:00
Dag-Erling Smørgrav
30a0343983 Apply upstream patch for EC calculation bug and bump version addendum. 2014-04-20 11:34:33 +00:00
Dag-Erling Smørgrav
b8f726b41c Restore the pX part to the version number printed in debugging mode. 2014-04-09 20:42:00 +00:00
Dag-Erling Smørgrav
b83788ff87 Upgrade to OpenSSH 6.6p1. 2014-03-25 11:05:34 +00:00
Dag-Erling Smørgrav
cf783db152 Add a pre-merge script which reverts mechanical changes such as added
$FreeBSD$ tags and man page dates.

Add a post-merge script which reapplies these changes.

Run both scripts to normalize the existing code base.  As a result, many
files which should have had $FreeBSD$ tags but didn't now have them.

Partly rewrite the upgrade instructions and remove the now outdated
list of tricks.
2014-03-24 19:15:13 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
Pawel Jakub Dawidek
d62289d013 Fix installations that use kernels without CAPABILITIES support.
Approved by:	des
2014-02-04 21:48:09 +00:00
Dag-Erling Smørgrav
2b1970f362 Turn sandboxing on by default. 2014-02-01 00:07:16 +00:00
Dag-Erling Smørgrav
f7167e0ea0 Upgrade to OpenSSH 6.5p1. 2014-01-31 13:12:02 +00:00
Xin LI
0a37d4a300 MFV r257952:
Upgrade to OpenSSH 6.4p1.

Bump VersionAddendum.

Approved by:	des
2013-11-11 09:19:58 +00:00
Dag-Erling Smørgrav
0085282b6a Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
repeat performance by introducing a script that runs configure with and
without Kerberos, diffs the result and generates krb5_config.h, which
contains the preprocessor macros that need to be defined in the Kerberos
case and undefined otherwise.

Approved by:	re (marius)
2013-09-23 20:35:54 +00:00
Dag-Erling Smørgrav
ce3adf4362 Pull in all the OpenSSH bits that we'd previously left out because we
didn't use them.  This will make future merges from the vendor tree much
easier.

Approved by:	re (gjb)
2013-09-21 22:24:10 +00:00
Dag-Erling Smørgrav
e4a9863fb7 Upgrade to 6.3p1.
Approved by:	re (gjb)
2013-09-21 21:36:09 +00:00
Dag-Erling Smørgrav
83c6a5242c Change the default value of VerifyHostKeyDNS to "yes" if compiled with
LDNS.  With that setting, OpenSSH will silently accept host keys that
match verified SSHFP records.  If an SSHFP record exists but could not
be verified, OpenSSH will print a message and prompt the user as usual.

Approved by:	re (blanket)
2013-09-10 22:30:22 +00:00
Dag-Erling Smørgrav
58d839214e These three files appeared in 6.0p1, which was imported into the vendor
branch but never merged to head.  They were inadvertantly left out when
6.1p1 was merged to head.  It didn't make any difference at the time,
because they were unused, but one of them is required for DNS-based host
key verification.

Approved by:	re (blanket)
2013-09-09 13:56:58 +00:00
Dag-Erling Smørgrav
fb0edcbb74 Apply upstream revision 1.151 (fix relative symlinks)
MFC after:	3 days
2013-08-13 09:06:18 +00:00
Dag-Erling Smørgrav
aa0dd44b14 r251088 reverted the default value for UsePrivilegeSeparation from
"sandbox" to "yes", but did not update the documentation to match.
2013-06-28 09:41:59 +00:00
Dag-Erling Smørgrav
c89ea4d72b Revert a local change that sets the default for UsePrivilegeSeparation to
"sandbox" instead of "yes".  In sandbox mode, the privsep child is unable
to load additional libraries and will therefore crash when trying to take
advantage of crypto offloading on CPUs that support it.
2013-05-29 00:19:58 +00:00
Dag-Erling Smørgrav
420bce642c Upgrade to OpenSSH 6.2p2. Mostly a no-op since I had already patched
the issues that affected us.
2013-05-17 09:12:33 +00:00
Bryan Drewery
f13e3f2087 The HPN patch added a new BUG bit for SSH_BUG_LARGEWINDOW
and the update to 6.1 added SSH_BUG_DYNAMIC_RPORT with the
same value.

Fix the HPN SSH_BUG_LARGEWINDOW bit so it is unique.

Approved by:	des
MFC after:	2 weeks
2013-05-13 11:32:20 +00:00
Dag-Erling Smørgrav
733706130a Merge updated "no such identity file" patch.
PR:		bin/178060
2013-04-24 12:36:37 +00:00
Dag-Erling Smørgrav
f29b8a64d0 Silence "received disconnect" in the common case. 2013-04-14 13:06:07 +00:00
Dag-Erling Smørgrav
fa67e83c67 Merge upstream patch to silence spurious "no such identity file" warnings. 2013-04-02 11:44:55 +00:00
Dag-Erling Smørgrav
5992891888 Silence printf format warnings. 2013-04-02 11:42:39 +00:00
Dag-Erling Smørgrav
ee8c73cd06 Silence warnings about redefined macros. 2013-04-01 13:48:30 +00:00
Dag-Erling Smørgrav
009fd5a774 Revert r247892 now that this has been fixed upstream. 2013-03-23 14:52:31 +00:00
Dag-Erling Smørgrav
6888a9be56 Upgrade to OpenSSH 6.2p1. The most important new features are support
for a key revocation list and more fine-grained authentication control.
2013-03-22 17:55:38 +00:00
Dag-Erling Smørgrav
c5c0dc9146 Keep the default AuthorizedKeysFile setting. Although authorized_keys2
has been deprecated for a while, some people still use it and were
unpleasantly surprised by this change.

I may revert this commit at a later date if I can come up with a way
to give users who still have authorized_keys2 files sufficient advance
warning.

MFC after:	ASAP
2013-03-18 10:50:50 +00:00
Dag-Erling Smørgrav
2ec88e9d1b Unlike OpenBSD's, our setusercontext() will intentionally ignore the user's
own umask setting (from ~/.login.conf) unless running with the user's UID.
Therefore, we need to call it again with LOGIN_SETUMASK after changing UID.

PR:		bin/176740
Submitted by:	John Marshall <john.marshall@riverwillow.com.au>
MFC after:	1 week
2013-03-13 09:41:55 +00:00
Dag-Erling Smørgrav
29911fcacc Partially revert r247892 and r247904 since our strnvis() does not
behave the way OpenSSH expects.
2013-03-07 14:38:43 +00:00
Dag-Erling Smørgrav
e9a6213037 Remove strnvis(), strvis(), strvisx(). 2013-03-06 23:22:40 +00:00
Dag-Erling Smørgrav
d9bb67e8ce Explicitly disable lastlog, utmp and wtmp. 2013-03-06 13:46:20 +00:00
Dag-Erling Smørgrav
462c32cb8d Upgrade OpenSSH to 6.1p1. 2012-09-03 16:51:41 +00:00
Xin LI
f2618bb4d1 MFV (r237567):
Fetch both ECDSA and RSA keys by default in ssh-keyscan(1).

Approved by:	des
Obtained from:	OpenSSH portable
MFC after:	1 week
2012-06-25 19:01:04 +00:00
Eygene Ryabinkin
8c0260d62b OpenSSH: allow VersionAddendum to be used again
Prior to this, setting VersionAddendum will be a no-op: one will
always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum
set in the config and a bare BASE_VERSION + VERSION_HPN when there
is no VersionAddendum is set.

HPN patch requires both parties to have the "hpn" inside their
advertized versions, so we add VERSION_HPN to the VERSION_BASE
if HPN is enabled and omitting it if HPN is disabled.

VersionAddendum now uses the following logics:
 * unset (default value): append " " and VERSION_ADDENDUM;
 * VersionAddendum is set and isn't empty: append " "
   and VersionAddendum;
 * VersionAddendum is set and empty: don't append anything.

Approved by: des
Reviewed by: bz
MFC after: 3 days
2012-05-27 06:53:35 +00:00
Ed Schouten
35762f5913 Polish diff against upstream.
- Revert unneeded whitespace changes.
- Revert modifications to loginrec.c, as the upstream version already
  does the right thing.
- Fix indentation and whitespace of local changes.

Approved by:	des
MFC after:	1 month
2012-02-13 11:59:59 +00:00
Dag-Erling Smørgrav
fceeafce68 Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.

MFC after:	1 week
2011-10-07 13:10:16 +00:00
Dag-Erling Smørgrav
e146993e33 Upgrade to OpenSSH 5.9p1.
MFC after:	3 months
2011-10-05 22:08:17 +00:00
Dag-Erling Smørgrav
c177b01465 Belatedly regenerate after application of the HPN patch. 2011-09-28 20:42:22 +00:00
Dag-Erling Smørgrav
45f3db2122 Remove the svn:keywords property and restore the historical $FreeBSD$ tag.
Approved by:	re (kib)
MFC after:	3 weeks
2011-09-16 11:14:10 +00:00
Brooks Davis
8eb43d357c Fix two more $FreeBSD$ keywords.
Reported by:	pluknet
Approved by:	re (implicit)
2011-08-03 20:21:52 +00:00
Brooks Davis
8998619212 Add support for dynamically adjusted buffers to allow the full use of
the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or
trans-continental links).  Bandwidth-delay products up to 64MB are
supported.

Also add support (not compiled by default) for the None cypher.  The
None cypher can only be enabled on non-interactive sessions (those
without a pty where -T was not used) and must be enabled in both
the client and server configuration files and on the client command
line.  Additionally, the None cypher will only be activated after
authentication is complete.  To enable the None cypher you must add
-DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in
/etc/make.conf.

This code is a style(9) compliant version of these features extracted
from the patches published at:

http://www.psc.edu/networking/projects/hpn-ssh/

Merging this patch has been a collaboration between me and Bjoern.

Reviewed by:	bz
Approved by:	re (kib), des (maintainer)
2011-08-03 19:14:22 +00:00
Dag-Erling Smørgrav
faa715d30c Merge two upstream patches from vendor branch. No functional changes. 2011-05-05 08:08:18 +00:00
Dag-Erling Smørgrav
4a421b6336 Upgrade to OpenSSH 5.8p2. 2011-05-04 07:34:44 +00:00
Dag-Erling Smørgrav
e2f6069c09 Upgrade to OpenSSH 5.6p1. 2010-11-11 11:46:19 +00:00
Dag-Erling Smørgrav
c4f213baab Forgot to svn rm this when I imported 5.4p1. 2010-11-10 08:21:25 +00:00
Ed Maste
905571c031 Remove copyright strings printed at login time via login(1) or sshd(8).
It is not clear to what this copyright should apply, and this is in line
with what other operating systems do.

For ssh specifically, printing of the copyright string is not in the
upstream version so this reduces our FreeBSD-local diffs.

Approved by:	core, des (ssh)
2010-09-28 20:57:14 +00:00
Dag-Erling Smørgrav
e252e85c1e More commas 2010-06-01 22:46:57 +00:00
Dag-Erling Smørgrav
afee23fec9 Missing commas 2010-06-01 15:11:29 +00:00
Colin Percival
e9b8779126 Fix .Dd line: FreeBSD's mdoc code doesn't understand OpenBSD's $Mdocdate$.
MFC after:	3 days
2010-05-28 01:06:40 +00:00
Dag-Erling Smørgrav
8ad9b54a6d Upgrade to OpenSSH 5.5p1. 2010-04-28 10:36:33 +00:00
Konstantin Belousov
412ea5c6c5 Enhance r199804 by marking the daemonised child as immune to OOM instead
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.

Submitted by:	Mykola Dzham <i levsha me>
Reviewed by:	attilio
MFC after:	1 week
2010-04-08 12:07:40 +00:00
Dag-Erling Smørgrav
b15c83408c Upgrade to OpenSSH 5.4p1.
MFC after:	1 month
2010-03-09 19:16:43 +00:00
Ed Schouten
9567147bea Add a missing $FreeBSD$ string.
I was requested to add this string to any file that was modified by my
commit, which I forgot to do so.

Requested by:	des
2010-01-13 20:30:16 +00:00
Ed Schouten
b40cdde64c Make OpenSSH work with utmpx.
- Partially revert r184122 (sshd.c). Our ut_host is now big enough to
  fit proper hostnames.

- Change config.h to match reality.

- defines.h requires UTMPX_FILE to be set by <utmpx.h> before it allows
  the utmpx code to work. This makes no sense to me. I've already
  mentioned this upstream.

- Add our own platform-specific handling of lastlog. The version I will
  send to the OpenSSH folks will use proper autoconf generated
  definitions instead of `#if 1'.
2010-01-13 18:43:32 +00:00
Attilio Rao
7a7043c787 Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.

Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.

Obtained from:	Sandvine Incorporated
Reviewed by:	emaste, arch@
Sponsored by:	Sandvine Incorporated
MFC:		1 month
2009-11-25 15:12:24 +00:00
Dag-Erling Smørgrav
0c56c384d6 Fix globbing
Noticed by:	delphij, David Cornejo <dave@dogwood.com>
Forgotten by:	des
2009-11-10 09:45:43 +00:00
Dag-Erling Smørgrav
5972f81bbe Remove dupe. 2009-10-11 14:27:33 +00:00
Dag-Erling Smørgrav
e21bf2c43b Add more symbols that need to be masked:
- initialized and uninitialized data
 - symbols from roaming_dummy.c which end up in pam_ssh

Update the command line used to generate the #defines.
2009-10-05 18:55:13 +00:00
Dag-Erling Smørgrav
7aee6ffee0 Upgrade to OpenSSH 5.3p1. 2009-10-01 17:12:52 +00:00
Dag-Erling Smørgrav
9517e86625 Update and remove CVS-specific items
Approved by:	re (kib)
2009-08-13 06:07:38 +00:00
John Baldwin
5d54b264b7 Use the closefrom(2) system call.
Reviewed by:	des
2009-06-16 15:30:10 +00:00