Cross Reference: /freebsd-10.3-release/crypto/openssh/auth-pam.c

History log of /freebsd-10.3-release/crypto/openssh/auth-pam.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
# 296853	14-Mar-2016	des	MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius)
# 296853	14-Mar-2016	des	MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) /freebsd-10.3-release/crypto/openssh/ChangeLog /freebsd-10.3-release/crypto/openssh/FREEBSD-upgrade /freebsd-10.3-release/crypto/openssh/Makefile.in /freebsd-10.3-release/crypto/openssh/README /freebsd-10.3-release/crypto/openssh/README.platform /freebsd-10.3-release/crypto/openssh/auth-bsdauth.c /freebsd-10.3-release/crypto/openssh/auth-krb5.c /freebsd-10.3-release/crypto/openssh/auth-options.c /freebsd-10.3-release/crypto/openssh/auth-pam.c /freebsd-10.3-release/crypto/openssh/auth.h /freebsd-10.3-release/crypto/openssh/auth2-pubkey.c /freebsd-10.3-release/crypto/openssh/authfd.c /freebsd-10.3-release/crypto/openssh/authfd.h /freebsd-10.3-release/crypto/openssh/authfile.c /freebsd-10.3-release/crypto/openssh/channels.c /freebsd-10.3-release/crypto/openssh/cipher.c /freebsd-10.3-release/crypto/openssh/clientloop.c /freebsd-10.3-release/crypto/openssh/clientloop.h /freebsd-10.3-release/crypto/openssh/config.h /freebsd-10.3-release/crypto/openssh/configure.ac /freebsd-10.3-release/crypto/openssh/contrib/redhat/openssh.spec /freebsd-10.3-release/crypto/openssh/contrib/ssh-copy-id /freebsd-10.3-release/crypto/openssh/contrib/ssh-copy-id.1 /freebsd-10.3-release/crypto/openssh/contrib/suse/openssh.spec /freebsd-10.3-release/crypto/openssh/defines.h /freebsd-10.3-release/crypto/openssh/dh.h /freebsd-10.3-release/crypto/openssh/includes.h /freebsd-10.3-release/crypto/openssh/kex.c /freebsd-10.3-release/crypto/openssh/kex.h /freebsd-10.3-release/crypto/openssh/kexc25519s.c /freebsd-10.3-release/crypto/openssh/kexdhs.c /freebsd-10.3-release/crypto/openssh/kexecdhs.c /freebsd-10.3-release/crypto/openssh/kexgexs.c /freebsd-10.3-release/crypto/openssh/key.c /freebsd-10.3-release/crypto/openssh/key.h /freebsd-10.3-release/crypto/openssh/krl.c /freebsd-10.3-release/crypto/openssh/krl.h /freebsd-10.3-release/crypto/openssh/loginrec.c /freebsd-10.3-release/crypto/openssh/misc.c /freebsd-10.3-release/crypto/openssh/monitor.c /freebsd-10.3-release/crypto/openssh/monitor_wrap.c /freebsd-10.3-release/crypto/openssh/monitor_wrap.h /freebsd-10.3-release/crypto/openssh/mux.c /freebsd-10.3-release/crypto/openssh/myproposal.h /freebsd-10.3-release/crypto/openssh/opacket.c /freebsd-10.3-release/crypto/openssh/opacket.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/bsd-misc.c /freebsd-10.3-release/crypto/openssh/openbsd-compat/bsd-misc.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/bsd-poll.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/glob.c /freebsd-10.3-release/crypto/openssh/openbsd-compat/glob.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/openbsd-compat.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/port-solaris.c /freebsd-10.3-release/crypto/openssh/openbsd-compat/port-solaris.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/realpath.c /freebsd-10.3-release/crypto/openssh/packet.c /freebsd-10.3-release/crypto/openssh/packet.h /freebsd-10.3-release/crypto/openssh/platform-pledge.c /freebsd-10.3-release/crypto/openssh/platform.h /freebsd-10.3-release/crypto/openssh/readconf.c /freebsd-10.3-release/crypto/openssh/readconf.h /freebsd-10.3-release/crypto/openssh/readpass.c /freebsd-10.3-release/crypto/openssh/regress/Makefile /freebsd-10.3-release/crypto/openssh/regress/agent-ptrace.sh /freebsd-10.3-release/crypto/openssh/regress/cert-file.sh /freebsd-10.3-release/crypto/openssh/regress/check-perm.c /freebsd-10.3-release/crypto/openssh/regress/dhgex.sh /freebsd-10.3-release/crypto/openssh/regress/hostkey-rotate.sh /freebsd-10.3-release/crypto/openssh/regress/keys-command.sh /freebsd-10.3-release/crypto/openssh/regress/keyscan.sh /freebsd-10.3-release/crypto/openssh/regress/limit-keytype.sh /freebsd-10.3-release/crypto/openssh/regress/principals-command.sh /freebsd-10.3-release/crypto/openssh/regress/proxy-connect.sh /freebsd-10.3-release/crypto/openssh/regress/rekey.sh /freebsd-10.3-release/crypto/openssh/regress/setuid-allowed.c /freebsd-10.3-release/crypto/openssh/regress/sftp-chroot.sh /freebsd-10.3-release/crypto/openssh/regress/unittests/sshkey/test_file.c /freebsd-10.3-release/crypto/openssh/regress/unittests/sshkey/test_fuzz.c /freebsd-10.3-release/crypto/openssh/regress/unittests/sshkey/test_sshkey.c /freebsd-10.3-release/crypto/openssh/roaming.h /freebsd-10.3-release/crypto/openssh/roaming_client.c /freebsd-10.3-release/crypto/openssh/roaming_common.c /freebsd-10.3-release/crypto/openssh/roaming_dummy.c /freebsd-10.3-release/crypto/openssh/roaming_serv.c /freebsd-10.3-release/crypto/openssh/sandbox-pledge.c /freebsd-10.3-release/crypto/openssh/sandbox-seccomp-filter.c /freebsd-10.3-release/crypto/openssh/sandbox-solaris.c /freebsd-10.3-release/crypto/openssh/sandbox-systrace.c /freebsd-10.3-release/crypto/openssh/scp.1 /freebsd-10.3-release/crypto/openssh/scp.c /freebsd-10.3-release/crypto/openssh/servconf.c /freebsd-10.3-release/crypto/openssh/serverloop.c /freebsd-10.3-release/crypto/openssh/session.c /freebsd-10.3-release/crypto/openssh/sftp-client.c /freebsd-10.3-release/crypto/openssh/sftp-client.h /freebsd-10.3-release/crypto/openssh/sftp-server-main.c /freebsd-10.3-release/crypto/openssh/sftp-server.c /freebsd-10.3-release/crypto/openssh/sftp.1 /freebsd-10.3-release/crypto/openssh/sftp.c /freebsd-10.3-release/crypto/openssh/ssh-add.c /freebsd-10.3-release/crypto/openssh/ssh-agent.1 /freebsd-10.3-release/crypto/openssh/ssh-agent.c /freebsd-10.3-release/crypto/openssh/ssh-dss.c /freebsd-10.3-release/crypto/openssh/ssh-ecdsa.c /freebsd-10.3-release/crypto/openssh/ssh-keygen.1 /freebsd-10.3-release/crypto/openssh/ssh-keygen.c /freebsd-10.3-release/crypto/openssh/ssh-keyscan.1 /freebsd-10.3-release/crypto/openssh/ssh-keyscan.c /freebsd-10.3-release/crypto/openssh/ssh-keysign.8 /freebsd-10.3-release/crypto/openssh/ssh-keysign.c /freebsd-10.3-release/crypto/openssh/ssh-pkcs11-client.c /freebsd-10.3-release/crypto/openssh/ssh-pkcs11-helper.c /freebsd-10.3-release/crypto/openssh/ssh-pkcs11.c /freebsd-10.3-release/crypto/openssh/ssh-rsa.c /freebsd-10.3-release/crypto/openssh/ssh.1 /freebsd-10.3-release/crypto/openssh/ssh.c /freebsd-10.3-release/crypto/openssh/ssh.h /freebsd-10.3-release/crypto/openssh/ssh2.h /freebsd-10.3-release/crypto/openssh/ssh_api.c /freebsd-10.3-release/crypto/openssh/ssh_config /freebsd-10.3-release/crypto/openssh/ssh_config.5 /freebsd-10.3-release/crypto/openssh/ssh_namespace.h /freebsd-10.3-release/crypto/openssh/sshbuf-getput-basic.c /freebsd-10.3-release/crypto/openssh/sshbuf.c /freebsd-10.3-release/crypto/openssh/sshbuf.h /freebsd-10.3-release/crypto/openssh/sshconnect.c /freebsd-10.3-release/crypto/openssh/sshconnect.h /freebsd-10.3-release/crypto/openssh/sshconnect1.c /freebsd-10.3-release/crypto/openssh/sshconnect2.c /freebsd-10.3-release/crypto/openssh/sshd.8 /freebsd-10.3-release/crypto/openssh/sshd.c /freebsd-10.3-release/crypto/openssh/sshd_config /freebsd-10.3-release/crypto/openssh/sshd_config.5 /freebsd-10.3-release/crypto/openssh/ssherr.c /freebsd-10.3-release/crypto/openssh/sshkey.c /freebsd-10.3-release/crypto/openssh/sshkey.h /freebsd-10.3-release/crypto/openssh/sshlogin.c /freebsd-10.3-release/crypto/openssh/uidswap.c /freebsd-10.3-release/crypto/openssh/version.h /freebsd-10.3-release/crypto/openssh/xmalloc.c /freebsd-10.3-release/crypto/openssh/xmalloc.h /freebsd-10.3-release/lib/libpam/modules/pam_ssh/Makefile /freebsd-10.3-release/lib/libpam/modules/pam_ssh/pam_ssh.c /freebsd-10.3-release/secure/lib/libssh/Makefile /freebsd-10.3-release/secure/libexec/sftp-server/Makefile /freebsd-10.3-release/secure/libexec/ssh-keysign/Makefile /freebsd-10.3-release/secure/libexec/ssh-pkcs11-helper/Makefile /freebsd-10.3-release/secure/usr.bin/scp/Makefile /freebsd-10.3-release/secure/usr.bin/sftp/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-add/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-agent/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-keygen/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-keyscan/Makefile /freebsd-10.3-release/secure/usr.bin/ssh/Makefile /freebsd-10.3-release/secure/usr.sbin/sshd/Makefile
# 296373	04-Mar-2016	marius	- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch. Approved by: re (implicit) /freebsd-10.3-release/etc/pkg/FreeBSD.conf /freebsd-10.3-release/release/pkg_repos/release-dvd.conf /freebsd-10.3-release/sys/conf/newvers.sh /freebsd-10.3-release/sys/gnu/dts /freebsd-10.3-release/sys/sys/param.h
# 295367	07-Feb-2016	des	MFH (r265214, r294333, r294407, r294467): misc prop fixes MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2 Approved by: re (gjb) Relnotes: yes
# 294693	24-Jan-2016	des	MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563) Remove the HPN and None cipher patches.
# 294666	24-Jan-2016	des	MFH (r263234, r263691, r266465, r290671, r290672, r290673, r290674, r294320, r294322, r294324, r294330, r294469, r294494, r294466) Reduce diffs to head in preparation for removing HPN and None.
# 262566	27-Feb-2014	des	MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
# 256281	10-Oct-2013	gjb	Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
# 255767	21-Sep-2013	des	Upgrade to 6.3p1. Approved by: re (gjb)
# 225614	16-Sep-2011	des	Remove the svn:keywords property and restore the historical $FreeBSD$ tag. Approved by: re (kib) MFC after: 3 weeks
# 197679	01-Oct-2009	des	Upgrade to OpenSSH 5.3p1.
# 192595	22-May-2009	des	Upgrade to OpenSSH 5.2p1. MFC after: 3 months
# 181111	01-Aug-2008	des	Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
# 181103	01-Aug-2008	des	These two files have no local patches except to prevent expansion of the original $FreeBSD$ keywords. Revert those changes, and simply disable keyword expansion.
# 181097	01-Aug-2008	des	Consistently set svn:eol-style.
# 162856	30-Sep-2006	des	Merge conflicts. MFC after: 1 week
# 157019	22-Mar-2006	des	Merge conflicts.
# 149753	03-Sep-2005	des	Resolve conflicts.
# 147005	05-Jun-2005	des	Resolve conflicts.
# 137019	28-Oct-2004	des	Resolve conflicts
# 128460	20-Apr-2004	des	Resolve conflicts.
# 126277	26-Feb-2004	des	Resolve conflicts.
# 124211	07-Jan-2004	des	Resolve conflicts and remove obsolete files. Sponsored by: registrar.no
# 114426	01-May-2003	des	Remove RCSID from files which have no other diffs to the vendor branch.
# 113911	23-Apr-2003	des	Resolve conflicts.
# 106130	29-Oct-2002	des	Resolve conflicts.
# 98941	27-Jun-2002	des	Forcibly revert to mainline.
# 92879	21-Mar-2002	des	Correctly set PAM_RHOST so e.g. pam_login_access(8) can do its job. Sponsored by: DARPA, NAI Labs
# 92559	18-Mar-2002	des	Fix conflicts.
# 76394	09-May-2001	alfred	Fix some of the handling in the pam module, don't unregister things that were never registered. At the same time handle a failure from pam_setcreds with a bit more paranioa than the previous fix. Sync a bit with the "Portable OpenSSH" work to make comparisons a easier.
# 76384	08-May-2001	green	Since PAM is broken, let pam_setcred() failure be non-fatal.
# 76287	05-May-2001	green	Finish committing _more_ somehow-uncommitted OpenSSH 2.9 updates. (Missing Delta Brigade, tally-ho!)
# 69591	05-Dec-2000	green	Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org>

MFS (r296781):
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh

PR: 207679
Security: CVE-2016-3115
Approved by: re (marius)