Re: svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto
Bryan Drewerywrites: > Dag-Erling Smørgrav wrote: > > -#PermitRootLogin no > > +#PermitRootLogin prohibit-password > Shouldn't the comments note the default? The default here is still > 'no'. Yes, I kept our local modification but somehow either didn't notice the comment or resolved the conflict incorrectly. > Upstream 7.1p2 does use PERMIT_NO_PASSWD rather than PERMIT_NO that we > have. I think we should make this change: We've always had this turned off, while upstream had it on by default. The new default doesn't work correctly with PAM, and the fix is not trivial. DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto
On 1/20/2016 2:57 PM, Dag-Erling Smørgrav wrote: > Author: des > Date: Wed Jan 20 22:57:10 2016 > New Revision: 294464 > URL: https://svnweb.freebsd.org/changeset/base/294464 > > Log: > Upgrade to OpenSSH 7.0p1. ... > Index: crypto/openssh/sshd_config > === > --- crypto/openssh/sshd_config (revision 294463) > +++ crypto/openssh/sshd_config (revision 294464) > @@ -1,4 +1,4 @@ > -# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $ > +# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ > # $FreeBSD$ > > # This is the sshd server system-wide configuration file. See > @@ -45,7 +45,7 @@ > # Authentication: > > #LoginGraceTime 2m > -#PermitRootLogin no > +#PermitRootLogin prohibit-password > #StrictModes yes > #MaxAuthTries 6 > #MaxSessions 10 Shouldn't the comments note the default? The default here is still 'no'. Upstream 7.1p2 does use PERMIT_NO_PASSWD rather than PERMIT_NO that we have. I think we should make this change: > Index: crypto/openssh/servconf.c > === > --- crypto/openssh/servconf.c (revision 294275) > +++ crypto/openssh/servconf.c (working copy) > @@ -202,7 +202,7 @@ > if (options->key_regeneration_time == -1) > options->key_regeneration_time = 3600; > if (options->permit_root_login == PERMIT_NOT_SET) > - options->permit_root_login = PERMIT_NO; > + options->permit_root_login = PERMIT_NO_PASSWD; > if (options->ignore_rhosts == -1) > options->ignore_rhosts = 1; > if (options->ignore_user_known_hosts == -1) -- Regards, Bryan Drewery signature.asc Description: OpenPGP digital signature
Re: svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto
Craig Rodrigueswrites: > clang is emitting a new warning on this file: > > https://jenkins.freebsd.org/job/FreeBSD_HEAD/62/warnings7Result/new/ > > Is it a legitimate problem which needs to be fixed upstream, or is it > a non-issue? The warning is technically correct, but the error is harmless since the source and destination are fixed buffers of identical size. The code was fixed upstream in October, after 7.1 was released. DES -- Dag-Erling Smørgrav - d...@des.no ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto
On Wed, Jan 20, 2016 at 2:57 PM, Dag-Erling Smørgravwrote: > Author: des > Date: Wed Jan 20 22:57:10 2016 > New Revision: 294464 > URL: https://svnweb.freebsd.org/changeset/base/294464 > > Log: > Upgrade to OpenSSH 7.0p1. > > Modified: > head/crypto/openssh/openbsd-compat/realpath.c > clang is emitting a new warning on this file: https://jenkins.freebsd.org/job/FreeBSD_HEAD/62/warnings7Result/new/ Is it a legitimate problem which needs to be fixed upstream, or is it a non-issue? -- Craig ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r294464 - in head: crypto/openssh crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat crypto/openssh/regress crypto/openssh/regress/unittests crypto/...
Author: des Date: Wed Jan 20 22:57:10 2016 New Revision: 294464 URL: https://svnweb.freebsd.org/changeset/base/294464 Log: Upgrade to OpenSSH 7.0p1. Modified: head/crypto/openssh/ChangeLog head/crypto/openssh/OVERVIEW head/crypto/openssh/PROTOCOL head/crypto/openssh/PROTOCOL.mux head/crypto/openssh/README head/crypto/openssh/addrmatch.c head/crypto/openssh/auth-options.c head/crypto/openssh/auth.c head/crypto/openssh/auth2-chall.c head/crypto/openssh/authfd.c head/crypto/openssh/authfile.c head/crypto/openssh/cipher.h head/crypto/openssh/clientloop.c head/crypto/openssh/compat.c head/crypto/openssh/config.h head/crypto/openssh/config.h.in head/crypto/openssh/configure head/crypto/openssh/configure.ac head/crypto/openssh/contrib/redhat/openssh.spec head/crypto/openssh/contrib/suse/openssh.spec head/crypto/openssh/kex.c head/crypto/openssh/kex.h head/crypto/openssh/key.c head/crypto/openssh/key.h head/crypto/openssh/krl.c head/crypto/openssh/log.c head/crypto/openssh/moduli head/crypto/openssh/moduli.0 head/crypto/openssh/myproposal.h head/crypto/openssh/openbsd-compat/openbsd-compat.h head/crypto/openssh/openbsd-compat/port-linux.c head/crypto/openssh/openbsd-compat/realpath.c head/crypto/openssh/packet.c head/crypto/openssh/readconf.c head/crypto/openssh/readconf.h head/crypto/openssh/regress/cert-hostkey.sh head/crypto/openssh/regress/cert-userkey.sh head/crypto/openssh/regress/hostkey-agent.sh head/crypto/openssh/regress/hostkey-rotate.sh head/crypto/openssh/regress/keygen-knownhosts.sh head/crypto/openssh/regress/keytype.sh head/crypto/openssh/regress/principals-command.sh head/crypto/openssh/regress/unittests/Makefile.inc head/crypto/openssh/regress/unittests/kex/test_kex.c head/crypto/openssh/regress/unittests/sshkey/mktestdata.sh head/crypto/openssh/regress/unittests/sshkey/test_file.c head/crypto/openssh/regress/unittests/sshkey/test_sshkey.c head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1 head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.fp head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1-cert.pub head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.fp.bb head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.g head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.priv head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.param.pub head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1.pub head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_1_pw head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2 head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.fp.bb head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_2.pub head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n head/crypto/openssh/regress/unittests/sshkey/testdata/dsa_n_pw head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1 head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.fp head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1-cert.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.fp.bb head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.priv head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.param.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_1_pw head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2 head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.fp.bb head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.priv head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.param.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_2.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n head/crypto/openssh/regress/unittests/sshkey/testdata/ecdsa_n_pw head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1 head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.fp head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1-cert.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.fp.bb head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1.pub head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_1_pw head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2 head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp head/crypto/openssh/regress/unittests/sshkey/testdata/ed25519_2.fp.bb