Portable OpenSSH
Go to file
Damien Miller eb9c582b71 Switch upstream git repository.
Previously portable OpenSSH has synced against a conversion of OpenBSD's
CVS repository made using the git cvsimport tool, but this has become
increasingly unreliable.

As of this commit, portable OpenSSH now tracks a conversion of the
OpenBSD CVS upstream made using the excellent cvs2gitdump tool from
YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump

cvs2gitdump is considerably more reliable than gitcvsimport and the old
version of cvsps that it uses under the hood, and is the same tool used
to export the entire OpenBSD repository to git (so we know it can cope
with future growth).

These new conversions are mirrored at github, so interested parties can
match portable OpenSSH commits to their upstream counterparts.

https://github.com/djmdjm/openbsd-openssh-src
https://github.com/djmdjm/openbsd-openssh-regress

An unfortunate side effect of switching upstreams is that we must have
a flag day, across which the upstream commit IDs will be inconsistent.
The old commit IDs are recorded with the tags "Upstream-ID" for main
directory commits and "Upstream-Regress-ID" for regress commits.

To make it clear that the commit IDs do not refer to the same
things, the new repository will instead use "OpenBSD-ID" and
"OpenBSD-Regress-ID" tags instead.

Apart from being a longwinded explanation of what is going on, this
commit message also serves to synchronise our tools with the state of
the tree, which happens to be:

OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1
OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
2017-10-31 09:05:16 +11:00
contrib sync contrib/ssh-copy-id with upstream 2017-10-01 10:01:25 +11:00
openbsd-compat fix rdomain compilation errors 2017-10-27 08:42:33 +11:00
regress Fix missed RCSID merges 2017-10-20 13:22:00 +11:00
.gitignore Fuzzer harnesses for sig verify and pubkey parsing 2017-09-08 12:44:13 +10:00
.skipped-commit-ids Switch upstream git repository. 2017-10-31 09:05:16 +11:00
aclocal.m4 Test multiplying two long long ints. 2016-08-17 13:35:43 +10:00
addrmatch.c upstream commit 2016-09-22 03:14:59 +10:00
atomicio.c upstream commit 2016-08-03 15:38:43 +10:00
atomicio.h
audit-bsm.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit-linux.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit.c Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
audit.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
auth2-chall.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-gss.c upstream commit 2017-06-24 16:56:11 +10:00
auth2-hostbased.c upstream commit 2017-06-24 16:56:11 +10:00
auth2-kbdint.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-none.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-passwd.c upstream commit 2017-05-31 10:50:33 +10:00
auth2-pubkey.c upstream commit 2017-09-12 16:42:20 +10:00
auth2.c upstream commit 2017-06-24 16:56:11 +10:00
auth-bsdauth.c upstream commit 2015-10-25 11:42:04 +11:00
auth-krb5.c upstream commit 2016-05-19 17:48:34 +10:00
auth-options.c upstream commit 2017-09-12 17:37:02 +10:00
auth-options.h upstream commit 2017-06-01 14:55:23 +10:00
auth-pam.c Expose list of completed auth methods to PAM 2017-07-28 15:04:00 +10:00
auth-pam.h Remove do_pam_set_tty which is dead code. 2016-10-15 04:34:46 +11:00
auth-passwd.c upstream commit 2016-07-22 13:36:40 +10:00
auth-rhosts.c upstream commit 2016-08-14 11:19:14 +10:00
auth-shadow.c
auth-sia.c
auth-sia.h
auth-skey.c
auth.c upstream commit 2017-09-12 17:37:02 +10:00
auth.h upstream commit 2017-08-23 19:47:06 +10:00
authfd.c upstream commit 2017-07-21 14:17:32 +10:00
authfd.h upstream commit 2017-06-28 11:13:19 +10:00
authfile.c upstream commit 2017-07-21 14:17:32 +10:00
authfile.h
bitmap.c upstream commit 2017-10-20 12:58:35 +11:00
bitmap.h upstream commit 2017-10-20 12:58:35 +11:00
blocks.c
bufaux.c
bufbn.c upstream commit 2017-05-01 10:05:02 +10:00
bufec.c
buffer.c
buffer.h upstream commit 2017-05-01 10:05:02 +10:00
buildpkg.sh.in Update links to https. 2016-10-21 06:55:58 +11:00
canohost.c upstream commit 2016-03-08 06:20:35 +11:00
canohost.h upstream commit 2016-03-08 06:20:35 +11:00
chacha.c
chacha.h upstream commit 2016-08-29 11:20:28 +10:00
channels.c upstream commit 2017-10-25 12:26:06 +11:00
channels.h upstream commit 2017-09-22 09:14:53 +10:00
cipher-aes.c
cipher-aesctr.c
cipher-aesctr.h
cipher-chachapoly.c upstream commit 2016-08-09 09:06:52 +10:00
cipher-chachapoly.h
cipher-ctr.c
cipher.c upstream commit 2017-05-08 09:21:00 +10:00
cipher.h upstream commit 2017-05-08 09:21:00 +10:00
cleanup.c
clientloop.c upstream commit 2017-10-23 16:14:30 +11:00
clientloop.h upstream commit 2017-10-23 16:14:30 +11:00
compat.c upstream commit 2017-07-28 13:08:37 +10:00
compat.h upstream commit 2017-05-01 09:42:37 +10:00
config.guess update config.guess and config.sub to current 2016-08-02 10:48:04 +10:00
config.sub update config.guess and config.sub to current 2016-08-02 10:48:04 +10:00
configure.ac autoconf glue to enable Linux VRF 2017-10-25 14:15:42 +11:00
crc32.c
crc32.h
CREDITS Remove now-obsolete CVS $Id tags from text files. 2016-08-17 13:40:58 +10:00
crypto_api.h
defines.h portability for sftp globbed ls sort by mtime 2017-06-10 23:41:25 +10:00
dh.c upstream commit 2016-12-16 13:12:18 +11:00
dh.h upstream commit 2016-05-02 20:39:32 +10:00
digest-libc.c upstream commit 2017-05-10 11:41:21 +10:00
digest-openssl.c upstream commit 2017-05-10 11:41:21 +10:00
digest.h upstream commit 2017-05-10 11:41:21 +10:00
dispatch.c upstream commit 2017-06-01 14:53:33 +10:00
dispatch.h upstream commit 2017-06-01 14:53:33 +10:00
dns.c upstream commit 2017-09-14 14:33:06 +10:00
dns.h upstream commit 2017-09-14 14:33:06 +10:00
ed25519.c
entropy.c
entropy.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
fatal.c
fe25519.c
fe25519.h
fixalgorithms
fixpaths
fixprogs
ge25519_base.data
ge25519.c
ge25519.h
groupaccess.c upstream commit 2015-05-10 11:38:04 +10:00
groupaccess.h
gss-genr.c upstream commit 2016-09-12 13:46:29 +10:00
gss-serv-krb5.c
gss-serv.c upstream commit 2017-06-24 16:56:11 +10:00
hash.c
hmac.c
hmac.h
hostfile.c upstream commit 2017-06-01 14:55:22 +10:00
hostfile.h
includes.h portability for sftp globbed ls sort by mtime 2017-06-10 23:41:25 +10:00
INSTALL typo 2017-07-07 11:21:39 +10:00
install-sh
kex.c upstream commit 2017-06-13 22:15:08 +10:00
kex.h upstream commit 2017-05-31 10:50:05 +10:00
kexc25519.c upstream commit 2016-05-02 20:35:04 +10:00
kexc25519c.c upstream commit 2017-05-31 14:17:41 +10:00
kexc25519s.c upstream commit 2017-10-20 12:58:18 +11:00
kexdh.c upstream commit 2016-05-02 20:39:32 +10:00
kexdhc.c upstream commit 2017-05-31 10:50:05 +10:00
kexdhs.c upstream commit 2017-05-31 10:50:05 +10:00
kexecdh.c
kexecdhc.c upstream commit 2017-05-31 10:50:05 +10:00
kexecdhs.c upstream commit 2017-05-31 10:50:05 +10:00
kexgex.c
kexgexc.c upstream commit 2017-05-31 10:50:05 +10:00
kexgexs.c upstream commit 2017-05-31 10:50:05 +10:00
key.c upstream commit 2017-05-31 10:49:50 +10:00
key.h upstream commit 2017-05-31 10:49:50 +10:00
krl.c upstream commit 2017-06-01 14:55:22 +10:00
krl.h upstream commit 2016-01-07 20:13:32 +11:00
LICENCE upstream commit 2017-05-01 10:05:04 +10:00
log.c upstream commit 2017-05-17 11:25:22 +10:00
log.h upstream commit 2017-05-17 11:25:22 +10:00
loginrec.c Add sys/time.h for gettimeofday. 2015-12-15 13:59:12 +11:00
loginrec.h
logintest.c
mac.c upstream commit 2017-05-10 11:41:21 +10:00
mac.h upstream commit 2016-07-08 13:50:03 +10:00
Makefile.in Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
match.c upstream commit 2017-03-10 15:35:40 +11:00
match.h upstream commit 2017-02-04 10:08:15 +11:00
md5crypt.c
md5crypt.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
mdoc2man.awk fix mdoc2man.awk formatting for top-level lists 2016-09-28 07:40:33 +10:00
misc.c provide hooks and fallbacks for rdomain support 2017-10-25 13:11:38 +11:00
misc.h upstream commit 2017-10-25 12:26:13 +11:00
mkinstalldirs
moduli Import updated moduli. 2016-08-11 11:42:48 +10:00
moduli.5
moduli.c upstream commit 2016-09-12 13:46:29 +10:00
monitor_fdpass.c upstream commit 2016-03-04 15:12:17 +11:00
monitor_fdpass.h
monitor_wrap.c upstream commit 2017-10-20 12:01:02 +11:00
monitor_wrap.h upstream commit 2017-06-01 14:54:46 +10:00
monitor.c upstream commit 2017-10-20 12:01:02 +11:00
monitor.h upstream commit 2016-09-29 03:11:32 +10:00
msg.c
msg.h
mux.c upstream commit 2017-09-22 09:14:53 +10:00
myproposal.h upstream commit 2017-05-08 09:21:11 +10:00
nchan2.ms
nchan.c upstream commit 2017-09-12 17:37:03 +10:00
nchan.ms
opacket.c upstream commit 2017-10-20 12:58:35 +11:00
opacket.h upstream commit 2017-10-20 12:58:35 +11:00
openssh.xml.in
opensshd.init.in modified: configure.ac opensshd.init.in 2016-08-01 14:31:52 -07:00
OVERVIEW upstream commit 2015-07-15 15:36:21 +10:00
packet.c upstream commit 2017-10-25 12:26:13 +11:00
packet.h upstream commit 2017-10-25 12:26:13 +11:00
pathnames.h upstream commit 2017-05-08 09:18:27 +10:00
pkcs11.h
platform-misc.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform-pledge.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
platform-tracing.c Use ptrace(PT_DENY_ATTACH, ..) on OS X. 2016-11-01 08:12:33 +11:00
platform.c Split platform_sys_dir_uid into its own file 2017-08-25 13:25:01 +10:00
platform.h Remove obsolete CVS $Id from source files. 2016-08-17 14:08:42 +10:00
poly1305.c
poly1305.h
progressmeter.c upstream commit 2016-07-08 13:46:59 +10:00
progressmeter.h
PROTOCOL upstream commit 2017-05-27 15:35:52 +10:00
PROTOCOL.agent update URL again 2017-10-01 10:32:25 +11:00
PROTOCOL.certkeys upstream commit 2017-05-31 14:30:52 +10:00
PROTOCOL.chacha20poly1305 upstream commit 2016-05-04 00:55:21 +10:00
PROTOCOL.key
PROTOCOL.krl
PROTOCOL.mux upstream commit 2015-07-17 13:36:29 +10:00
readconf.c upstream commit 2017-10-23 16:10:08 +11:00
readconf.h upstream commit 2017-10-23 16:10:08 +11:00
README sync release notes URL 2017-10-01 10:01:56 +11:00
README.dns
README.platform Remove now-obsolete CVS $Id tags from text files. 2016-08-17 13:40:58 +10:00
README.privsep Remove portability support for mmap 2016-09-29 03:19:23 +10:00
README.tun
readpass.c upstream commit 2015-12-11 13:23:14 +11:00
rijndael.c
rijndael.h
sandbox-capsicum.c Switch Capsicum header to sys/capsicum.h. 2017-08-28 16:48:27 +10:00
sandbox-darwin.c Add missing monitor.h include. 2016-12-16 15:02:24 +11:00
sandbox-null.c
sandbox-pledge.c s/SANDBOX_TAME/SANDBOX_PLEDGE/g 2015-10-14 09:22:15 -07:00
sandbox-rlimit.c upstream commit 2016-09-12 13:46:29 +10:00
sandbox-seccomp-filter.c Fix typo in "socketcall". 2017-04-25 08:32:27 +10:00
sandbox-solaris.c drop two more privileges in the Solaris sandbox 2017-06-09 14:44:43 +10:00
sandbox-systrace.c (re)wrap SYS_sendsyslog in ifdef. 2015-10-29 20:57:34 +11:00
sc25519.c
sc25519.h
scp.1 upstream commit 2017-10-23 16:10:08 +11:00
scp.c upstream commit 2017-10-23 16:10:08 +11:00
servconf.c fix rdomain compilation errors 2017-10-27 08:42:33 +11:00
servconf.h upstream commit 2017-10-25 12:26:21 +11:00
serverloop.c upstream commit 2017-10-23 16:14:30 +11:00
serverloop.h upstream commit 2017-09-12 17:37:02 +10:00
session.c upstream commit 2017-10-23 16:14:30 +11:00
session.h upstream commit 2017-09-12 17:37:02 +10:00
sftp-client.c upstream commit 2017-08-12 16:47:10 +10:00
sftp-client.h Prevent name collisions with system glob (bz#2463) 2015-10-29 10:48:23 +11:00
sftp-common.c upstream commit 2017-06-10 16:40:11 +10:00
sftp-common.h
sftp-glob.c
sftp-server-main.c upstream commit 2016-02-16 10:44:00 +11:00
sftp-server.8
sftp-server.c upstream commit 2017-04-04 10:26:01 +10:00
sftp.1 upstream commit 2017-10-23 16:10:08 +11:00
sftp.c upstream commit 2017-10-23 16:10:08 +11:00
sftp.h
smult_curve25519_ref.c
ssh2.h upstream commit 2016-05-19 17:48:34 +10:00
ssh_api.c upstream commit 2017-05-01 09:42:37 +10:00
ssh_api.h
ssh_config upstream commit 2017-05-08 09:21:00 +10:00
ssh_config.5 upstream commit 2017-10-25 11:22:23 +11:00
ssh-add.1 upstream commit 2017-09-04 09:38:57 +10:00
ssh-add.c upstream commit 2017-09-04 09:38:57 +10:00
ssh-agent.1 upstream commit 2016-11-30 19:44:25 +11:00
ssh-agent.c upstream commit 2017-07-24 14:49:07 +10:00
ssh-dss.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-ecdsa.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-ed25519.c upstream commit 2016-04-21 16:30:11 +10:00
ssh-gss.h upstream commit 2017-06-24 16:56:11 +10:00
ssh-keygen.1 upstream commit 2017-07-21 14:17:33 +10:00
ssh-keygen.c upstream commit 2017-07-21 14:17:32 +10:00
ssh-keyscan.1 upstream commit 2017-05-08 09:18:05 +10:00
ssh-keyscan.c upstream commit 2017-06-30 16:07:55 +10:00
ssh-keysign.8 upstream commit 2016-02-18 09:24:40 +11:00
ssh-keysign.c upstream commit 2016-02-16 10:44:00 +11:00
ssh-pkcs11-client.c upstream commit 2017-05-31 10:47:31 +10:00
ssh-pkcs11-helper.8
ssh-pkcs11-helper.c upstream commit 2017-05-31 10:47:31 +10:00
ssh-pkcs11.c upstream commit 2017-06-01 14:55:22 +10:00
ssh-pkcs11.h
ssh-rsa.c upstream commit 2017-07-21 14:17:32 +10:00
ssh-sandbox.h
ssh.1 upstream commit 2017-10-23 16:14:30 +11:00
ssh.c upstream commit 2017-10-25 12:26:21 +11:00
ssh.h upstream commit 2017-05-08 09:21:22 +10:00
sshbuf-getput-basic.c upstream commit 2017-06-01 14:55:23 +10:00
sshbuf-getput-crypto.c upstream commit 2016-01-13 10:48:11 +11:00
sshbuf-misc.c upstream commit 2016-05-02 20:35:04 +10:00
sshbuf.c upstream commit 2017-06-07 11:31:15 +10:00
sshbuf.h upstream commit 2017-09-12 17:37:02 +10:00
sshconnect2.c upstream commit 2017-09-04 09:38:57 +10:00
sshconnect.c upstream commit 2017-09-14 14:33:06 +10:00
sshconnect.h upstream commit 2017-09-12 17:37:02 +10:00
sshd_config upstream commit 2017-03-15 11:09:18 +11:00
sshd_config.5 upstream commit 2017-10-25 12:26:21 +11:00
sshd.8 upstream commit 2017-10-25 12:26:21 +11:00
sshd.c provide hooks and fallbacks for rdomain support 2017-10-25 13:11:38 +11:00
ssherr.c upstream commit 2017-09-12 17:37:02 +10:00
ssherr.h upstream commit 2017-09-12 17:37:02 +10:00
sshkey.c upstream commit 2017-10-20 12:01:03 +11:00
sshkey.h upstream commit 2017-07-21 14:17:32 +10:00
sshlogin.c upstream commit 2016-01-07 20:13:31 +11:00
sshlogin.h
sshpty.c upstream commit 2016-11-29 16:51:27 +11:00
sshpty.h upstream commit 2016-11-29 16:51:27 +11:00
sshtty.c
survey.sh.in
TODO Remove portability support for mmap 2016-09-29 03:19:23 +10:00
ttymodes.c upstream commit 2017-05-01 10:05:04 +10:00
ttymodes.h upstream commit 2017-05-01 10:05:04 +10:00
uidswap.c Support Illumos/Solaris fine-grained privileges 2016-01-08 14:29:12 +11:00
uidswap.h
umac.c upstream commit 2017-06-01 14:54:46 +10:00
umac.h
utf8.c upstream commit 2017-06-01 14:55:22 +10:00
utf8.h Force Turkish locales back to C/POSIX; bz#2643 2016-12-12 13:58:59 +11:00
uuencode.c upstream commit 2015-04-29 18:15:24 +10:00
uuencode.h
verify.c
version.h upstream commit 2017-10-01 09:27:30 +11:00
xmalloc.c upstream commit 2017-06-01 14:55:22 +10:00
xmalloc.h upstream commit 2017-06-01 14:55:22 +10:00

See https://www.openssh.com/releasenotes.html#7.6p1 for the release notes.

Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
patch/pull-request management.

- A Japanese translation of this document and of the release notes is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
- Thanks to HARUYAMA Seigo <haruyama@unixuser.org>

This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other
Unices.

OpenSSH is based on the last free version of Tatu Ylonen's sample
implementation with all patent-encumbered algorithms removed (to
external libraries), all known security bugs fixed, new features
reintroduced and many other clean-ups.  OpenSSH has been created by
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt,
and Dug Song. It has a homepage at https://www.openssh.com/

This port consists of the re-introduction of autoconf support, PAM
support, EGD[1]/PRNGD[2] support and replacements for OpenBSD library
functions that are (regrettably) absent from other unices. This port
has been best tested on AIX, Cygwin, HP-UX, Linux, MacOS/X,
NetBSD, OpenBSD, OpenServer, Solaris, Unicos, and UnixWare.

This version actively tracks changes in the OpenBSD CVS repository.

The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
all logins, not just when using password authentication.

OpenSSH depends on Zlib[3], OpenSSL[4], and optionally PAM[5] and
libedit[6]

There is now several mailing lists for this port of OpenSSH. Please
refer to https://www.openssh.com/list.html for details on how to join.

Please send bug reports and patches to the mailing list
openssh-unix-dev@mindrot.org. The list is open to posting by unsubscribed
users.  Code contribution are welcomed, but please follow the OpenBSD
style guidelines[7].

Please refer to the INSTALL document for information on how to install
OpenSSH on your system.

Damien Miller <djm@mindrot.org>

Miscellania -

This version of OpenSSH is based upon code retrieved from the OpenBSD
CVS repository which in turn was based on the last free sample
implementation released by Tatu Ylonen.

References -

[0] https://www.openssh.com/
[1] http://www.lothar.com/tech/crypto/
[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html
[3] http://www.gzip.org/zlib/
[4] http://www.openssl.org/
[5] http://www.openpam.org
    http://www.kernel.org/pub/linux/libs/pam/
    (PAM also is standard on Solaris and HP-UX 11)
[6] http://thrysoee.dk/editline/ (portable version)
[7] http://man.openbsd.org/style.9