FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F13.4.0 2024-01-08T13:57:12Z 2024-01-08T13:57:12Z Ed Maste emaste@FreeBSD.org 2024-01-05T03:16:30Z urn:sha1:2cd20d9bc80743d6562cb6165dc07b8391dddc27 From the release notes, > This release contains a number of security fixes, some small features > and bugfixes. The most significant change in 9.6p1 is a set of fixes for a newly- discovered weakness in the SSH transport protocol. The fix was already merged into FreeBSD and released as FreeBSD-SA-23:19.openssh. Full release notes at https://www.openssh.com/txt/release-9.6 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 069ac18495ad8fde2748bc94b0f80a50250bb01d) (cherry picked from commit a25789646d7130f5be166cac63d5c8b2b07c4706) 2023-09-11T17:16:21Z Jung-uk Kim jkim@FreeBSD.org 2023-09-11T17:16:21Z urn:sha1:ab5435791cc727316bb504b15fa019fcd134a007 2023-08-23T17:43:30Z Warner Losh imp@FreeBSD.org 2023-08-22T01:32:01Z urn:sha1:023fc80ee38a117fa65b2ccb2abf8bdc7dbd6fd9 Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit d0b2dbfa0ecf) 2023-08-01T16:48:23Z Jung-uk Kim jkim@FreeBSD.org 2023-08-01T16:48:23Z urn:sha1:ad5cea201d5dc5417fbae5bb8cb797729641a2c8 2023-05-30T16:52:04Z Jung-uk Kim jkim@FreeBSD.org 2023-05-30T15:03:10Z urn:sha1:cf3a76018cadf9bb39c90badb13e779415bafe37 (cherry picked from commit 5b1268252c56d96d3858969108a8cd6add9d5776) 2023-02-07T22:40:12Z Jung-uk Kim jkim@FreeBSD.org 2023-02-07T19:01:15Z urn:sha1:4f0087aa7c0d7a57c39f7ca8f6c6784ebd5e0b85 (cherry picked from commit eb9b98fb5aea1b20d71b0be948454f472b024da7) 2022-11-18T02:43:54Z Jung-uk Kim jkim@FreeBSD.org 2022-11-01T23:38:40Z urn:sha1:f529bc93a4be0a64ae1d8065300fc8cbe97c7124 (cherry picked from commit 93381ae06bb043a85d6b26459b511ccacc2045e2) 2022-10-26T16:42:37Z Ed Maste emaste@FreeBSD.org 2022-10-19T14:27:11Z urn:sha1:75f9d5c7e36b452f4f76356dfeb8bba51d64e51b Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 38a52bd3b5cac3da6f7f6eef3dd050e6aa08ebb3) 2022-07-05T16:27:33Z Jung-uk Kim jkim@FreeBSD.org 2022-07-05T16:01:07Z urn:sha1:7b456c97430589df5ebc742a78ecd58e781628bc (cherry picked from commit 25fb2515923796b329329b5c1c17d200ff416e84) 2022-06-21T22:49:31Z Jung-uk Kim jkim@FreeBSD.org 2022-06-21T18:22:28Z urn:sha1:5ecc007e426bab52c918745e1bb3585d77ffc40c (cherry picked from commit b4bdc8f9253d9db46f598f17cc546c2fe0f8038d)