Cross Reference: /freebsd-10.3-release/crypto/openssh/readconf.c

History log of /freebsd-10.3-release/crypto/openssh/readconf.c
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
# 296853	14-Mar-2016	des	MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius)
# 296853	14-Mar-2016	des	MFS (r296781): MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) /freebsd-10.3-release/crypto/openssh/ChangeLog /freebsd-10.3-release/crypto/openssh/FREEBSD-upgrade /freebsd-10.3-release/crypto/openssh/Makefile.in /freebsd-10.3-release/crypto/openssh/README /freebsd-10.3-release/crypto/openssh/README.platform /freebsd-10.3-release/crypto/openssh/auth-bsdauth.c /freebsd-10.3-release/crypto/openssh/auth-krb5.c /freebsd-10.3-release/crypto/openssh/auth-options.c /freebsd-10.3-release/crypto/openssh/auth-pam.c /freebsd-10.3-release/crypto/openssh/auth.h /freebsd-10.3-release/crypto/openssh/auth2-pubkey.c /freebsd-10.3-release/crypto/openssh/authfd.c /freebsd-10.3-release/crypto/openssh/authfd.h /freebsd-10.3-release/crypto/openssh/authfile.c /freebsd-10.3-release/crypto/openssh/channels.c /freebsd-10.3-release/crypto/openssh/cipher.c /freebsd-10.3-release/crypto/openssh/clientloop.c /freebsd-10.3-release/crypto/openssh/clientloop.h /freebsd-10.3-release/crypto/openssh/config.h /freebsd-10.3-release/crypto/openssh/configure.ac /freebsd-10.3-release/crypto/openssh/contrib/redhat/openssh.spec /freebsd-10.3-release/crypto/openssh/contrib/ssh-copy-id /freebsd-10.3-release/crypto/openssh/contrib/ssh-copy-id.1 /freebsd-10.3-release/crypto/openssh/contrib/suse/openssh.spec /freebsd-10.3-release/crypto/openssh/defines.h /freebsd-10.3-release/crypto/openssh/dh.h /freebsd-10.3-release/crypto/openssh/includes.h /freebsd-10.3-release/crypto/openssh/kex.c /freebsd-10.3-release/crypto/openssh/kex.h /freebsd-10.3-release/crypto/openssh/kexc25519s.c /freebsd-10.3-release/crypto/openssh/kexdhs.c /freebsd-10.3-release/crypto/openssh/kexecdhs.c /freebsd-10.3-release/crypto/openssh/kexgexs.c /freebsd-10.3-release/crypto/openssh/key.c /freebsd-10.3-release/crypto/openssh/key.h /freebsd-10.3-release/crypto/openssh/krl.c /freebsd-10.3-release/crypto/openssh/krl.h /freebsd-10.3-release/crypto/openssh/loginrec.c /freebsd-10.3-release/crypto/openssh/misc.c /freebsd-10.3-release/crypto/openssh/monitor.c /freebsd-10.3-release/crypto/openssh/monitor_wrap.c /freebsd-10.3-release/crypto/openssh/monitor_wrap.h /freebsd-10.3-release/crypto/openssh/mux.c /freebsd-10.3-release/crypto/openssh/myproposal.h /freebsd-10.3-release/crypto/openssh/opacket.c /freebsd-10.3-release/crypto/openssh/opacket.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/bsd-misc.c /freebsd-10.3-release/crypto/openssh/openbsd-compat/bsd-misc.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/bsd-poll.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/glob.c /freebsd-10.3-release/crypto/openssh/openbsd-compat/glob.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/openbsd-compat.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/port-solaris.c /freebsd-10.3-release/crypto/openssh/openbsd-compat/port-solaris.h /freebsd-10.3-release/crypto/openssh/openbsd-compat/realpath.c /freebsd-10.3-release/crypto/openssh/packet.c /freebsd-10.3-release/crypto/openssh/packet.h /freebsd-10.3-release/crypto/openssh/platform-pledge.c /freebsd-10.3-release/crypto/openssh/platform.h /freebsd-10.3-release/crypto/openssh/readconf.c /freebsd-10.3-release/crypto/openssh/readconf.h /freebsd-10.3-release/crypto/openssh/readpass.c /freebsd-10.3-release/crypto/openssh/regress/Makefile /freebsd-10.3-release/crypto/openssh/regress/agent-ptrace.sh /freebsd-10.3-release/crypto/openssh/regress/cert-file.sh /freebsd-10.3-release/crypto/openssh/regress/check-perm.c /freebsd-10.3-release/crypto/openssh/regress/dhgex.sh /freebsd-10.3-release/crypto/openssh/regress/hostkey-rotate.sh /freebsd-10.3-release/crypto/openssh/regress/keys-command.sh /freebsd-10.3-release/crypto/openssh/regress/keyscan.sh /freebsd-10.3-release/crypto/openssh/regress/limit-keytype.sh /freebsd-10.3-release/crypto/openssh/regress/principals-command.sh /freebsd-10.3-release/crypto/openssh/regress/proxy-connect.sh /freebsd-10.3-release/crypto/openssh/regress/rekey.sh /freebsd-10.3-release/crypto/openssh/regress/setuid-allowed.c /freebsd-10.3-release/crypto/openssh/regress/sftp-chroot.sh /freebsd-10.3-release/crypto/openssh/regress/unittests/sshkey/test_file.c /freebsd-10.3-release/crypto/openssh/regress/unittests/sshkey/test_fuzz.c /freebsd-10.3-release/crypto/openssh/regress/unittests/sshkey/test_sshkey.c /freebsd-10.3-release/crypto/openssh/roaming.h /freebsd-10.3-release/crypto/openssh/roaming_client.c /freebsd-10.3-release/crypto/openssh/roaming_common.c /freebsd-10.3-release/crypto/openssh/roaming_dummy.c /freebsd-10.3-release/crypto/openssh/roaming_serv.c /freebsd-10.3-release/crypto/openssh/sandbox-pledge.c /freebsd-10.3-release/crypto/openssh/sandbox-seccomp-filter.c /freebsd-10.3-release/crypto/openssh/sandbox-solaris.c /freebsd-10.3-release/crypto/openssh/sandbox-systrace.c /freebsd-10.3-release/crypto/openssh/scp.1 /freebsd-10.3-release/crypto/openssh/scp.c /freebsd-10.3-release/crypto/openssh/servconf.c /freebsd-10.3-release/crypto/openssh/serverloop.c /freebsd-10.3-release/crypto/openssh/session.c /freebsd-10.3-release/crypto/openssh/sftp-client.c /freebsd-10.3-release/crypto/openssh/sftp-client.h /freebsd-10.3-release/crypto/openssh/sftp-server-main.c /freebsd-10.3-release/crypto/openssh/sftp-server.c /freebsd-10.3-release/crypto/openssh/sftp.1 /freebsd-10.3-release/crypto/openssh/sftp.c /freebsd-10.3-release/crypto/openssh/ssh-add.c /freebsd-10.3-release/crypto/openssh/ssh-agent.1 /freebsd-10.3-release/crypto/openssh/ssh-agent.c /freebsd-10.3-release/crypto/openssh/ssh-dss.c /freebsd-10.3-release/crypto/openssh/ssh-ecdsa.c /freebsd-10.3-release/crypto/openssh/ssh-keygen.1 /freebsd-10.3-release/crypto/openssh/ssh-keygen.c /freebsd-10.3-release/crypto/openssh/ssh-keyscan.1 /freebsd-10.3-release/crypto/openssh/ssh-keyscan.c /freebsd-10.3-release/crypto/openssh/ssh-keysign.8 /freebsd-10.3-release/crypto/openssh/ssh-keysign.c /freebsd-10.3-release/crypto/openssh/ssh-pkcs11-client.c /freebsd-10.3-release/crypto/openssh/ssh-pkcs11-helper.c /freebsd-10.3-release/crypto/openssh/ssh-pkcs11.c /freebsd-10.3-release/crypto/openssh/ssh-rsa.c /freebsd-10.3-release/crypto/openssh/ssh.1 /freebsd-10.3-release/crypto/openssh/ssh.c /freebsd-10.3-release/crypto/openssh/ssh.h /freebsd-10.3-release/crypto/openssh/ssh2.h /freebsd-10.3-release/crypto/openssh/ssh_api.c /freebsd-10.3-release/crypto/openssh/ssh_config /freebsd-10.3-release/crypto/openssh/ssh_config.5 /freebsd-10.3-release/crypto/openssh/ssh_namespace.h /freebsd-10.3-release/crypto/openssh/sshbuf-getput-basic.c /freebsd-10.3-release/crypto/openssh/sshbuf.c /freebsd-10.3-release/crypto/openssh/sshbuf.h /freebsd-10.3-release/crypto/openssh/sshconnect.c /freebsd-10.3-release/crypto/openssh/sshconnect.h /freebsd-10.3-release/crypto/openssh/sshconnect1.c /freebsd-10.3-release/crypto/openssh/sshconnect2.c /freebsd-10.3-release/crypto/openssh/sshd.8 /freebsd-10.3-release/crypto/openssh/sshd.c /freebsd-10.3-release/crypto/openssh/sshd_config /freebsd-10.3-release/crypto/openssh/sshd_config.5 /freebsd-10.3-release/crypto/openssh/ssherr.c /freebsd-10.3-release/crypto/openssh/sshkey.c /freebsd-10.3-release/crypto/openssh/sshkey.h /freebsd-10.3-release/crypto/openssh/sshlogin.c /freebsd-10.3-release/crypto/openssh/uidswap.c /freebsd-10.3-release/crypto/openssh/version.h /freebsd-10.3-release/crypto/openssh/xmalloc.c /freebsd-10.3-release/crypto/openssh/xmalloc.h /freebsd-10.3-release/lib/libpam/modules/pam_ssh/Makefile /freebsd-10.3-release/lib/libpam/modules/pam_ssh/pam_ssh.c /freebsd-10.3-release/secure/lib/libssh/Makefile /freebsd-10.3-release/secure/libexec/sftp-server/Makefile /freebsd-10.3-release/secure/libexec/ssh-keysign/Makefile /freebsd-10.3-release/secure/libexec/ssh-pkcs11-helper/Makefile /freebsd-10.3-release/secure/usr.bin/scp/Makefile /freebsd-10.3-release/secure/usr.bin/sftp/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-add/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-agent/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-keygen/Makefile /freebsd-10.3-release/secure/usr.bin/ssh-keyscan/Makefile /freebsd-10.3-release/secure/usr.bin/ssh/Makefile /freebsd-10.3-release/secure/usr.sbin/sshd/Makefile
# 296373	04-Mar-2016	marius	- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch. Approved by: re (implicit) /freebsd-10.3-release/etc/pkg/FreeBSD.conf /freebsd-10.3-release/release/pkg_repos/release-dvd.conf /freebsd-10.3-release/sys/conf/newvers.sh /freebsd-10.3-release/sys/gnu/dts /freebsd-10.3-release/sys/sys/param.h
# 295367	07-Feb-2016	des	MFH (r265214, r294333, r294407, r294467): misc prop fixes MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2 Approved by: re (gjb) Relnotes: yes
# 294693	24-Jan-2016	des	MFH (r291198, r291260, r291261, r291375, r294325, r294335, r294563) Remove the HPN and None cipher patches.
# 294666	24-Jan-2016	des	MFH (r263234, r263691, r266465, r290671, r290672, r290673, r290674, r294320, r294322, r294324, r294330, r294469, r294494, r294466) Reduce diffs to head in preparation for removing HPN and None.
# 294049	14-Jan-2016	glebius	Merge r294048: fix OpenSSH client information leak. Security: SA-16:07.openssh Security: CVE-2016-0777
# 264377	12-Apr-2014	des	MFH (r263712): upgrade openssh to 6.6p1 MFH (r264308): restore p level in debugging output
# 262566	27-Feb-2014	des	MFH (r261320): upgrade openssh to 6.5p1 MFH (r261340): enable sandboxing by default
# 256281	10-Oct-2013	gjb	Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
# 255767	21-Sep-2013	des	Upgrade to 6.3p1. Approved by: re (gjb)
# 255461	10-Sep-2013	des	Change the default value of VerifyHostKeyDNS to "yes" if compiled with LDNS. With that setting, OpenSSH will silently accept host keys that match verified SSHFP records. If an SSHFP record exists but could not be verified, OpenSSH will print a message and prompt the user as usual. Approved by: re (blanket)
# 249839	24-Apr-2013	des	Merge updated "no such identity file" patch. PR: bin/178060
# 249016	02-Apr-2013	des	Merge upstream patch to silence spurious "no such identity file" warnings.
# 240075	03-Sep-2012	des	Upgrade OpenSSH to 6.1p1.
# 231584	13-Feb-2012	ed	Polish diff against upstream. - Revert unneeded whitespace changes. - Revert modifications to loginrec.c, as the upstream version already does the right thing. - Fix indentation and whitespace of local changes. Approved by: des MFC after: 1 month
# 226046	05-Oct-2011	des	Upgrade to OpenSSH 5.9p1. MFC after: 3 months
# 224638	03-Aug-2011	brooks	Add support for dynamically adjusted buffers to allow the full use of the bandwidth of long fat pipes (i.e. 100Mbps+ trans-oceanic or trans-continental links). Bandwidth-delay products up to 64MB are supported. Also add support (not compiled by default) for the None cypher. The None cypher can only be enabled on non-interactive sessions (those without a pty where -T was not used) and must be enabled in both the client and server configuration files and on the client command line. Additionally, the None cypher will only be activated after authentication is complete. To enable the None cypher you must add -DNONE_CIPHER_ENABLED to CFLAGS via the make command line or in /etc/make.conf. This code is a style(9) compliant version of these features extracted from the patches published at: http://www.psc.edu/networking/projects/hpn-ssh/ Merging this patch has been a collaboration between me and Bjoern. Reviewed by: bz Approved by: re (kib), des (maintainer)
# 221420	04-May-2011	des	Upgrade to OpenSSH 5.8p2.
# 215116	11-Nov-2010	des	Upgrade to OpenSSH 5.6p1.
# 204917	09-Mar-2010	des	Upgrade to OpenSSH 5.4p1. MFC after: 1 month
# 197679	01-Oct-2009	des	Upgrade to OpenSSH 5.3p1.
# 192595	22-May-2009	des	Upgrade to OpenSSH 5.2p1. MFC after: 3 months
# 181918	20-Aug-2008	des	Use net.inet.ip.portrange.reservedhigh instead of IPPORT_RESERVED. Submitted upstream, no reaction. Submitted by: delphij@ MFC after: 2 weeks
# 181111	01-Aug-2008	des	Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
# 181097	01-Aug-2008	des	Consistently set svn:eol-style.
# 162856	30-Sep-2006	des	Merge conflicts. MFC after: 1 week
# 157019	22-Mar-2006	des	Merge conflicts.
# 149753	03-Sep-2005	des	Resolve conflicts.
# 147005	05-Jun-2005	des	Resolve conflicts.
# 137019	28-Oct-2004	des	Resolve conflicts
# 128461	20-Apr-2004	des	One more conflict.
# 128460	20-Apr-2004	des	Resolve conflicts.
# 126277	26-Feb-2004	des	Resolve conflicts.
# 124211	07-Jan-2004	des	Resolve conflicts and remove obsolete files. Sponsored by: registrar.no
# 113911	23-Apr-2003	des	Resolve conflicts.
# 106130	29-Oct-2002	des	Resolve conflicts.
# 99048	29-Jun-2002	des	Apply FreeBSD's configuration defaults. Sponsored by: DARPA, NAI Labs
# 98941	27-Jun-2002	des	Forcibly revert to mainline.
# 98684	23-Jun-2002	des	Resolve conflicts. Known issues: - sshd fails to set TERM correctly. - privilege separation may break PAM and is currently turned off. - man pages have not yet been updated I will have these issues resolved, and privilege separation turned on by default, in time for DP2. Sponsored by: DARPA, NAI Labs
# 93698	02-Apr-2002	des	Make the various ssh clients understand the VersionAddendum option. Submitted by: pb
# 92559	18-Mar-2002	des	Fix conflicts.
# 76262	04-May-2001	green	Fix conflicts for OpenSSH 2.9.
# 73400	04-Mar-2001	assar	Add code for being compatible with ssh.com's krb5 authentication. It is done by using the same ssh messages for v4 and v5 authentication (since the ssh.com does not now anything about v4) and looking at the contents after unpacking it to see if it is v4 or v5. Based on code from Björn Grönvall <bg@sics.se> PR: misc/20504
# 69591	05-Dec-2000	green	Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0 new features description elided in favor of checking out their website. Important new FreeBSD-version stuff: PAM support has been worked in, partially from the "Unix" OpenSSH version, and a lot due to the work of Eivind Eklend, too. This requires at least the following in pam.conf: sshd auth sufficient pam_skey.so sshd auth required pam_unix.so try_first_pass sshd session required pam_permit.so Parts by: Eivind Eklend <eivind@FreeBSD.org>
# 65674	10-Sep-2000	kris	Resolve conflicts and update for OpenSSH 2.2.0 Reviewed by: gshapiro, peter, green
# 62940	11-Jul-2000	peter	Make FallBackToRsh off by default. Falling back to rsh by default is silly in this day and age. Approved by: kris
# 61203	03-Jun-2000	kris	Bring vendor patches onto the main branch, and resolve conflicts.
# 60576	15-May-2000	kris	Resolve conflicts and update for FreeBSD.
# 57708	03-Mar-2000	green	Turn off X11 forwarding in the client. X11 forwarding in the server by default should probably also get turned on, now. Requested by: kris Obtained from: OpenBSD
# 57565	28-Feb-2000	markm	1) Add kerberos5 functionality. by Daniel Kouril <kouril@informatics.muni.cz> 2) Add full LOGIN_CAP capability by Andrey Chernov
# 57465	25-Feb-2000	green	Make "CheckHostIP" default to off. This was proposed on -security and earlier IRC, but despite my inital feeling against it, this seems the more proper thing to do. Proposed by: rwatson
# 57430	24-Feb-2000	markm	This commit was generated by cvs2svn to compensate for changes in r57429, which included commits to RCS files with non-trunk default branches.
# 57429	24-Feb-2000	markm	Vendor import of OpenSSH.

MFS (r296781):
MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug)
MFH (r296634): re-add aes-cbc to server-side default cipher list
MFH (r296651, r296657): fix gcc build of pam_ssh

PR: 207679
Security: CVE-2016-3115
Approved by: re (marius)