This is a diff of cherry-picking changes from the FreeBSD tree to 8.6p1 and is a rolled-up diff of a number of individual changes in other reviews.
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
INSTALL | ||
---|---|---|
82 | I proposed removing tcpwrappers support, but folks are using it and the patch is not particularly onerous. |
ssh_config | ||
---|---|---|
29 | Default changed in R10:975616f046e2f | |
ssh_config.5 | ||
1972 | Should be .Cm | |
sshd.c | ||
388 | extra blank line | |
sshd_config | ||
36 | commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0 upstream commit change default: PermitRootLogin without-password matching install script changes coming as well ok djm markus Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6 | |
64 | This description could be clarified | |
108 | Another one to ensure remains in sync | |
sshd_config.5 | ||
1808–1811 | Need to update this | |
version.h | ||
9 | Need to update this and make sure all match |
ssh_config.5 | ||
---|---|---|
1972 | With .Dq (patch as uploaded) VersionAddendum With .Cm VersionAddendum Maybe .Dq is actually appropriate here; Cm is documented as Cm keyword ... Command modifiers. Typically used for fixed strings passed as arguments to interactive commands, to commands in interpreted scripts, or to configuration file directives, unless Fl is more appropriate. Perhaps Cm is appropriate for exact fixed strings as arguments (e.g. no, none, without-password) while the default text has no special meaning. |
sshd.c | ||
---|---|---|
2244 | From 25b2ed667216314471bb66752442c55b95792dc3 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" <djm@openbsd.org> Date: Sat, 19 Jan 2019 21:36:06 +0000 Subject: [PATCH 0083/1259] upstream: convert ssh.c to new packet API with & ok markus@ packet_connection_is_on_socket() -> ssh_packet_connection_is_on_socket(ssh) |
- update to 8.7p1
- re-add login class restrictions, from https://github.com/openssh/openssh-portable/pull/262
regen without crypto/openssh/ path prefix to simplify comparison against earlier uploads
Current proposed commit:
commit 401a25ab6abfd607ac8f550c08154938e30c18df (github/openssh-8.7p1-wip) Merge: 686aa9287c6b 66719ee573ac Author: Ed Maste <emaste@FreeBSD.org> Date: Tue Sep 7 15:32:45 2021 -0400 openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
Update to what was committed in 19261079b74319502c6ffa1249920079f0f69a72 against upstream 8.7p1.
(Diff also includes $FreeBSD$ tag cleanup from 0e642632e64a8b8ca740ce3307abe116c990e0b6)
Generated via git diff -U9999 --diff-filter=M vendor/openssh HEAD:crypto/openssh