Module Name: src Committed By: christos Date: Sat Oct 12 15:14:22 UTC 2019
Update of /cvsroot/src/crypto/external/bsd/openssh/dist In directory ivanova.netbsd.org:/tmp/cvs-serv21796 Log Message: OpenSSH 8.1 was released on 2019-10-09. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html Security ======== * ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): an exploitable integer overflow bug was found in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. This bug was found by Adam Zabrocki and reported via SecuriTeam's SSD program. * ssh(1), sshd(8), ssh-agent(1): add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Potentially-incompatible changes ================================ This release includes a number of changes that may affect existing configurations: * ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ..."). Status: Vendor Tag: OPENSSH Release Tags: v81-20191009 C src/crypto/external/bsd/openssh/dist/match.c U src/crypto/external/bsd/openssh/dist/LICENCE U src/crypto/external/bsd/openssh/dist/OVERVIEW U src/crypto/external/bsd/openssh/dist/PROTOCOL U src/crypto/external/bsd/openssh/dist/PROTOCOL.agent U src/crypto/external/bsd/openssh/dist/PROTOCOL.certkeys U src/crypto/external/bsd/openssh/dist/PROTOCOL.chacha20poly1305 U src/crypto/external/bsd/openssh/dist/PROTOCOL.key U src/crypto/external/bsd/openssh/dist/PROTOCOL.krl U src/crypto/external/bsd/openssh/dist/PROTOCOL.mux N src/crypto/external/bsd/openssh/dist/PROTOCOL.sshsig U src/crypto/external/bsd/openssh/dist/README U src/crypto/external/bsd/openssh/dist/addrmatch.c U src/crypto/external/bsd/openssh/dist/atomicio.c U src/crypto/external/bsd/openssh/dist/atomicio.h U src/crypto/external/bsd/openssh/dist/auth-bsdauth.c U src/crypto/external/bsd/openssh/dist/auth-krb5.c C src/crypto/external/bsd/openssh/dist/auth-options.c C src/crypto/external/bsd/openssh/dist/auth-options.h C src/crypto/external/bsd/openssh/dist/krl.h U src/crypto/external/bsd/openssh/dist/auth-passwd.c C src/crypto/external/bsd/openssh/dist/auth-rhosts.c C src/crypto/external/bsd/openssh/dist/auth.c C src/crypto/external/bsd/openssh/dist/auth.h C src/crypto/external/bsd/openssh/dist/auth2-chall.c U src/crypto/external/bsd/openssh/dist/auth2-gss.c C src/crypto/external/bsd/openssh/dist/auth2-hostbased.c C src/crypto/external/bsd/openssh/dist/auth2-kbdint.c U src/crypto/external/bsd/openssh/dist/auth2-none.c C src/crypto/external/bsd/openssh/dist/auth2-passwd.c C src/crypto/external/bsd/openssh/dist/auth2-pubkey.c C src/crypto/external/bsd/openssh/dist/auth2.c C src/crypto/external/bsd/openssh/dist/authfd.c C src/crypto/external/bsd/openssh/dist/authfd.h C src/crypto/external/bsd/openssh/dist/authfile.c C src/crypto/external/bsd/openssh/dist/authfile.h U src/crypto/external/bsd/openssh/dist/bitmap.c U src/crypto/external/bsd/openssh/dist/bitmap.h C src/crypto/external/bsd/openssh/dist/canohost.c U src/crypto/external/bsd/openssh/dist/canohost.h U src/crypto/external/bsd/openssh/dist/chacha.c U src/crypto/external/bsd/openssh/dist/chacha.h C src/crypto/external/bsd/openssh/dist/channels.c U src/crypto/external/bsd/openssh/dist/channels.h U src/crypto/external/bsd/openssh/dist/cipher-aesctr.c U src/crypto/external/bsd/openssh/dist/cipher-aesctr.h U src/crypto/external/bsd/openssh/dist/cipher-chachapoly.c U src/crypto/external/bsd/openssh/dist/cipher-chachapoly.h C src/crypto/external/bsd/openssh/dist/cipher.c C src/crypto/external/bsd/openssh/dist/cipher.h U src/crypto/external/bsd/openssh/dist/cleanup.c C src/crypto/external/bsd/openssh/dist/clientloop.c U src/crypto/external/bsd/openssh/dist/clientloop.h U src/crypto/external/bsd/openssh/dist/compat.c U src/crypto/external/bsd/openssh/dist/compat.h U src/crypto/external/bsd/openssh/dist/crypto_api.h C src/crypto/external/bsd/openssh/dist/dh.c C src/crypto/external/bsd/openssh/dist/dh.h U src/crypto/external/bsd/openssh/dist/digest-libc.c U src/crypto/external/bsd/openssh/dist/digest-openssl.c U src/crypto/external/bsd/openssh/dist/digest.h U src/crypto/external/bsd/openssh/dist/dispatch.c U src/crypto/external/bsd/openssh/dist/dispatch.h U src/crypto/external/bsd/openssh/dist/dns.c U src/crypto/external/bsd/openssh/dist/dns.h U src/crypto/external/bsd/openssh/dist/ed25519.c U src/crypto/external/bsd/openssh/dist/fatal.c U src/crypto/external/bsd/openssh/dist/fe25519.c U src/crypto/external/bsd/openssh/dist/fe25519.h U src/crypto/external/bsd/openssh/dist/ge25519.c U src/crypto/external/bsd/openssh/dist/ge25519.h U src/crypto/external/bsd/openssh/dist/ge25519_base.data U src/crypto/external/bsd/openssh/dist/groupaccess.c U src/crypto/external/bsd/openssh/dist/groupaccess.h U src/crypto/external/bsd/openssh/dist/gss-genr.c U src/crypto/external/bsd/openssh/dist/gss-serv-krb5.c U src/crypto/external/bsd/openssh/dist/gss-serv.c U src/crypto/external/bsd/openssh/dist/hash.c C src/crypto/external/bsd/openssh/dist/hmac.c U src/crypto/external/bsd/openssh/dist/hmac.h C src/crypto/external/bsd/openssh/dist/hostfile.c U src/crypto/external/bsd/openssh/dist/hostfile.h C src/crypto/external/bsd/openssh/dist/kex.c C src/crypto/external/bsd/openssh/dist/kex.h U src/crypto/external/bsd/openssh/dist/kexc25519.c U src/crypto/external/bsd/openssh/dist/kexdh.c U src/crypto/external/bsd/openssh/dist/kexecdh.c C src/crypto/external/bsd/openssh/dist/kexgen.c U src/crypto/external/bsd/openssh/dist/kexgex.c U src/crypto/external/bsd/openssh/dist/kexgexc.c U src/crypto/external/bsd/openssh/dist/kexgexs.c U src/crypto/external/bsd/openssh/dist/kexsntrup4591761x25519.c C src/crypto/external/bsd/openssh/dist/krl.c U src/crypto/external/bsd/openssh/dist/log.c C src/crypto/external/bsd/openssh/dist/log.h C src/crypto/external/bsd/openssh/dist/mac.c U src/crypto/external/bsd/openssh/dist/mac.h U src/crypto/external/bsd/openssh/dist/match.h C src/crypto/external/bsd/openssh/dist/misc.c C src/crypto/external/bsd/openssh/dist/misc.h C src/crypto/external/bsd/openssh/dist/moduli.c C src/crypto/external/bsd/openssh/dist/monitor.c U src/crypto/external/bsd/openssh/dist/monitor.h U src/crypto/external/bsd/openssh/dist/monitor_fdpass.c U src/crypto/external/bsd/openssh/dist/monitor_fdpass.h C src/crypto/external/bsd/openssh/dist/monitor_wrap.c C src/crypto/external/bsd/openssh/dist/monitor_wrap.h U src/crypto/external/bsd/openssh/dist/msg.c U src/crypto/external/bsd/openssh/dist/msg.h C src/crypto/external/bsd/openssh/dist/mux.c U src/crypto/external/bsd/openssh/dist/myproposal.h C src/crypto/external/bsd/openssh/dist/nchan.c U src/crypto/external/bsd/openssh/dist/nchan.ms U src/crypto/external/bsd/openssh/dist/nchan2.ms C src/crypto/external/bsd/openssh/dist/packet.c C src/crypto/external/bsd/openssh/dist/packet.h U src/crypto/external/bsd/openssh/dist/pathnames.h U src/crypto/external/bsd/openssh/dist/pkcs11.h U src/crypto/external/bsd/openssh/dist/poly1305.c U src/crypto/external/bsd/openssh/dist/poly1305.h C src/crypto/external/bsd/openssh/dist/progressmeter.c U src/crypto/external/bsd/openssh/dist/progressmeter.h C src/crypto/external/bsd/openssh/dist/readconf.c U src/crypto/external/bsd/openssh/dist/readconf.h C src/crypto/external/bsd/openssh/dist/readpass.c U src/crypto/external/bsd/openssh/dist/rijndael.c U src/crypto/external/bsd/openssh/dist/rijndael.h U src/crypto/external/bsd/openssh/dist/sandbox-pledge.c U src/crypto/external/bsd/openssh/dist/sandbox-rlimit.c U src/crypto/external/bsd/openssh/dist/sc25519.c U src/crypto/external/bsd/openssh/dist/sc25519.h C src/crypto/external/bsd/openssh/dist/scp.1 C src/crypto/external/bsd/openssh/dist/scp.c C src/crypto/external/bsd/openssh/dist/servconf.c C src/crypto/external/bsd/openssh/dist/servconf.h C src/crypto/external/bsd/openssh/dist/serverloop.c U src/crypto/external/bsd/openssh/dist/serverloop.h C src/crypto/external/bsd/openssh/dist/session.c U src/crypto/external/bsd/openssh/dist/session.h C src/crypto/external/bsd/openssh/dist/sftp-client.c U src/crypto/external/bsd/openssh/dist/sftp-client.h C src/crypto/external/bsd/openssh/dist/sftp-glob.c U src/crypto/external/bsd/openssh/dist/sftp-common.c U src/crypto/external/bsd/openssh/dist/sftp-common.h N src/crypto/external/bsd/openssh/dist/sftp-realpath.c C src/crypto/external/bsd/openssh/dist/sftp-server-main.c U src/crypto/external/bsd/openssh/dist/sftp-server.8 C src/crypto/external/bsd/openssh/dist/sftp-server.c C src/crypto/external/bsd/openssh/dist/sftp.1 C src/crypto/external/bsd/openssh/dist/sftp.c U src/crypto/external/bsd/openssh/dist/sftp.h U src/crypto/external/bsd/openssh/dist/smult_curve25519_ref.c U src/crypto/external/bsd/openssh/dist/sntrup4591761.c U src/crypto/external/bsd/openssh/dist/sntrup4591761.sh U src/crypto/external/bsd/openssh/dist/ssh-add.1 C src/crypto/external/bsd/openssh/dist/ssh-add.c U src/crypto/external/bsd/openssh/dist/ssh-agent.1 C src/crypto/external/bsd/openssh/dist/ssh-agent.c U src/crypto/external/bsd/openssh/dist/ssh-dss.c U src/crypto/external/bsd/openssh/dist/ssh-ecdsa.c U src/crypto/external/bsd/openssh/dist/ssh-ed25519.c U src/crypto/external/bsd/openssh/dist/ssh-gss.h C src/crypto/external/bsd/openssh/dist/ssh-keygen.1 C src/crypto/external/bsd/openssh/dist/ssh-keygen.c U src/crypto/external/bsd/openssh/dist/ssh-rsa.c U src/crypto/external/bsd/openssh/dist/ssh-keyscan.1 C src/crypto/external/bsd/openssh/dist/ssh-keyscan.c U src/crypto/external/bsd/openssh/dist/ssh-keysign.8 C src/crypto/external/bsd/openssh/dist/ssh-keysign.c U src/crypto/external/bsd/openssh/dist/ssh-pkcs11-client.c U src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.8 C src/crypto/external/bsd/openssh/dist/ssh-pkcs11-helper.c C src/crypto/external/bsd/openssh/dist/ssh-pkcs11.c U src/crypto/external/bsd/openssh/dist/ssh-pkcs11.h U src/crypto/external/bsd/openssh/dist/ssh-sandbox.h U src/crypto/external/bsd/openssh/dist/ssh-xmss.c C src/crypto/external/bsd/openssh/dist/ssh.1 C src/crypto/external/bsd/openssh/dist/ssh.c U src/crypto/external/bsd/openssh/dist/ssh.h U src/crypto/external/bsd/openssh/dist/ssh2.h C src/crypto/external/bsd/openssh/dist/ssh_api.c U src/crypto/external/bsd/openssh/dist/ssh_api.h U src/crypto/external/bsd/openssh/dist/ssh_config C src/crypto/external/bsd/openssh/dist/ssh_config.5 C src/crypto/external/bsd/openssh/dist/sshbuf-getput-basic.c U src/crypto/external/bsd/openssh/dist/sshbuf-getput-crypto.c C src/crypto/external/bsd/openssh/dist/sshbuf-misc.c U src/crypto/external/bsd/openssh/dist/sshbuf.c C src/crypto/external/bsd/openssh/dist/sshbuf.h C src/crypto/external/bsd/openssh/dist/sshconnect.c C src/crypto/external/bsd/openssh/dist/sshconnect.h C src/crypto/external/bsd/openssh/dist/sshconnect2.c U src/crypto/external/bsd/openssh/dist/sshd.8 C src/crypto/external/bsd/openssh/dist/sshd.c U src/crypto/external/bsd/openssh/dist/sshd_config C src/crypto/external/bsd/openssh/dist/sshd_config.5 U src/crypto/external/bsd/openssh/dist/ssherr.c U src/crypto/external/bsd/openssh/dist/ssherr.h C src/crypto/external/bsd/openssh/dist/sshkey-xmss.c U src/crypto/external/bsd/openssh/dist/sshkey-xmss.h C src/crypto/external/bsd/openssh/dist/sshkey.c C src/crypto/external/bsd/openssh/dist/sshkey.h C src/crypto/external/bsd/openssh/dist/sshlogin.c U src/crypto/external/bsd/openssh/dist/sshlogin.h C src/crypto/external/bsd/openssh/dist/sshpty.c U src/crypto/external/bsd/openssh/dist/sshpty.h N src/crypto/external/bsd/openssh/dist/sshsig.c N src/crypto/external/bsd/openssh/dist/sshsig.h U src/crypto/external/bsd/openssh/dist/sshtty.c U src/crypto/external/bsd/openssh/dist/ttymodes.c U src/crypto/external/bsd/openssh/dist/ttymodes.h U src/crypto/external/bsd/openssh/dist/umac.c C src/crypto/external/bsd/openssh/dist/uidswap.c U src/crypto/external/bsd/openssh/dist/uidswap.h C src/crypto/external/bsd/openssh/dist/umac.h U src/crypto/external/bsd/openssh/dist/umac128.c U src/crypto/external/bsd/openssh/dist/utf8.c U src/crypto/external/bsd/openssh/dist/utf8.h U src/crypto/external/bsd/openssh/dist/verify.c C src/crypto/external/bsd/openssh/dist/version.h C src/crypto/external/bsd/openssh/dist/xmalloc.c C src/crypto/external/bsd/openssh/dist/xmalloc.h U src/crypto/external/bsd/openssh/dist/xmss_commons.c U src/crypto/external/bsd/openssh/dist/xmss_commons.h U src/crypto/external/bsd/openssh/dist/xmss_fast.c U src/crypto/external/bsd/openssh/dist/xmss_fast.h U src/crypto/external/bsd/openssh/dist/xmss_hash.c U src/crypto/external/bsd/openssh/dist/xmss_hash.h U src/crypto/external/bsd/openssh/dist/xmss_hash_address.c U src/crypto/external/bsd/openssh/dist/xmss_hash_address.h U src/crypto/external/bsd/openssh/dist/xmss_wots.c U src/crypto/external/bsd/openssh/dist/xmss_wots.h U src/crypto/external/bsd/openssh/dist/moduli-gen/Makefile U src/crypto/external/bsd/openssh/dist/moduli-gen/moduli-gen.sh C src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.2048 C src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.3072 C src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.4096 C src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.6144 C src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.7680 C src/crypto/external/bsd/openssh/dist/moduli-gen/moduli.8192 93 conflicts created by this import. Use the following command to help the merge: cvs checkout -jOPENSSH:yesterday -jOPENSSH src/crypto/external/bsd/openssh/dist
