FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F13.4.0 2024-02-13T19:15:13Z 2024-02-13T19:15:13Z Kyle Evans kevans@FreeBSD.org 2024-02-11T06:33:12Z urn:sha1:9b7611d9c7b48e68f017c43ec67d4182a4bc11c4 Changes: - One (1) modified - Eight (8) added - One (1) expired, now untrusted MFC after: 3 days (cherry picked from commit 0d3b2bdbf719ac6b5719a47387558ca9c34a4b2c) 2024-01-08T13:57:12Z Ed Maste emaste@FreeBSD.org 2024-01-05T03:16:30Z urn:sha1:2cd20d9bc80743d6562cb6165dc07b8391dddc27 From the release notes, > This release contains a number of security fixes, some small features > and bugfixes. The most significant change in 9.6p1 is a set of fixes for a newly- discovered weakness in the SSH transport protocol. The fix was already merged into FreeBSD and released as FreeBSD-SA-23:19.openssh. Full release notes at https://www.openssh.com/txt/release-9.6 Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit 069ac18495ad8fde2748bc94b0f80a50250bb01d) (cherry picked from commit a25789646d7130f5be166cac63d5c8b2b07c4706) 2023-09-11T22:02:37Z Kyle Evans kevans@FreeBSD.org 2023-08-26T01:01:47Z urn:sha1:25f07248916f0108bd62b3deb58e21bff880b391 Summary: - Six (6) new roots - Four (4) distrusted roots Note that this was intentionally generated with OpenSSL 1.1.1 to avoid mixing updates and non-functional changes -- there will be some churn with OpenSSL 3. The next commit will update the current batch of trusted certs with the format OpenSSL 3 produces, which I've tested against OpenSSL 1.1.1 to be sure that that doesn't hurt us in older branches. This MFC also regenerates all of the trusted certs with OpenSSL 3 to reduce the diff of future ENs -- this update has no existing certs modified, so it's the perfect time. (cherry picked from commit 65fd80909e196c8be2ce5e948775e9cbda2ef069) (cherry picked from commit 8ed0ecf8024d10e9cd21f5880723a6cec4fd4ae6) 2023-09-11T22:02:37Z Kyle Evans kevans@FreeBSD.org 2023-08-26T00:55:32Z urn:sha1:3ff148ad9274a0433ac63582cbe50138517d8744 An update is imminent; drop these now to make it easier to audit the results. (cherry picked from commit 3f84d4b0fe1445bca5f3b6a70fc5641b88c31217) 2023-09-11T22:02:37Z Kyle Evans kevans@FreeBSD.org 2023-08-26T00:55:32Z urn:sha1:3dbc67da504cf318a3f1928aac77d6d2be35001b With this change, we'll drop the "with $FreeBSD$" lines from trusted/ certs in the next update. untrusted/ will need to be done manually, but I'll likely just do them all manually, commit, then run the script and commit any legitimate updates after confirming the output matches what I did manually. Reported by: imp Reviewed by: imp (cherry picked from commit bbc8585ef557be36b3fda75e3a41d725aedb1c1e) 2023-09-11T17:16:21Z Jung-uk Kim jkim@FreeBSD.org 2023-09-11T17:16:21Z urn:sha1:ab5435791cc727316bb504b15fa019fcd134a007 2023-08-23T17:43:35Z John Baldwin jhb@FreeBSD.org 2023-08-22T04:01:48Z urn:sha1:8f54a610e00d946472a3c9b7acee6c0bd08e2f39 Reviewed by: gallatin, ngie, emaste Differential Revision: https://reviews.freebsd.org/D41536 (With ppc assembler stuff removed, since that's no in stable/13 yet) (cherry picked from commit 7a56f5af71851c8b502720ca956629c302821430) 2023-08-23T17:43:30Z Warner Losh imp@FreeBSD.org 2023-08-22T01:32:01Z urn:sha1:023fc80ee38a117fa65b2ccb2abf8bdc7dbd6fd9 Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ Similar commit in main: (cherry picked from commit d0b2dbfa0ecf) 2023-08-23T17:43:26Z Warner Losh imp@FreeBSD.org 2023-08-22T01:31:41Z urn:sha1:3d497e17ebd33fe0f58d773e35ab994d750258d6 Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/ Similar commit in main: (cherry picked from commit 1d386b48a555) 2023-08-23T17:43:23Z Warner Losh imp@FreeBSD.org 2023-08-22T01:31:18Z urn:sha1:8ad303d68cec3ee1133550de37e0009502621e50 Remove /^/[*/]\s*\$FreeBSD\$.*\n/ Similar commit in main: (cherry picked from commit 2a63c3be1582)