120100307 2 - (djm) OpenBSD CVS Sync 3 - djm@cvs.openbsd.org 2010/03/07 22:16:01 4 [ssh-keygen.c] 5 make internal strptime string match strftime format; 6 suggested by vinschen AT redhat.com and markus@ 7 - djm@cvs.openbsd.org 2010/03/08 00:28:55 8 [ssh-keygen.1] 9 document permit-agent-forwarding certificate constraint; patch from 10 stevesk@ 11 - djm@cvs.openbsd.org 2010/03/07 22:01:32 12 [version.h] 13 openssh-5.4 14 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 15 crank version numbers 16 - (djm) Release OpenSSH-5.4p1 17 1820100307 19 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that 20 it gets the passwd struct from the LAM that knows about the user which is 21 not necessarily the default. Patch from Alexandre Letourneau. 22 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and 23 do not set real uid, since that's needed for the chroot, and will be set 24 by permanently_set_uid. 25 - (dtucker) [session.c] Also initialize creds to NULL for handing to 26 setpcred. 27 - (dtucker) OpenBSD CVS Sync 28 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13 29 [auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c] 30 Hold authentication debug messages until after successful authentication. 31 Fixes an info leak of environment variables specified in authorized_keys, 32 reported by Jacob Appelbaum. ok djm@ 33 3420100305 35 - OpenBSD CVS Sync 36 - jmc@cvs.openbsd.org 2010/03/04 12:51:25 37 [ssh.1 sshd_config.5] 38 tweak previous; 39 - djm@cvs.openbsd.org 2010/03/04 20:35:08 40 [ssh-keygen.1 ssh-keygen.c] 41 Add a -L flag to print the contents of a certificate; ok markus@ 42 - jmc@cvs.openbsd.org 2010/03/04 22:52:40 43 [ssh-keygen.1] 44 fix Bk/Ek; 45 - djm@cvs.openbsd.org 2010/03/04 23:17:25 46 [sshd_config.5] 47 missing word; spotted by jmc@ 48 - djm@cvs.openbsd.org 2010/03/04 23:19:29 49 [ssh.1 sshd.8] 50 move section on CA and revoked keys from ssh.1 to sshd.8's known hosts 51 format section and rework it a bit; requested by jmc@ 52 - djm@cvs.openbsd.org 2010/03/04 23:27:25 53 [auth-options.c ssh-keygen.c] 54 "force-command" is not spelled "forced-command"; spotted by 55 imorgan AT nas.nasa.gov 56 - djm@cvs.openbsd.org 2010/03/05 02:58:11 57 [auth.c] 58 make the warning for a revoked key louder and more noticable 59 - jmc@cvs.openbsd.org 2010/03/05 06:50:35 60 [ssh.1 sshd.8] 61 tweak previous; 62 - jmc@cvs.openbsd.org 2010/03/05 08:31:20 63 [ssh.1] 64 document certificate authentication; help/ok djm 65 - djm@cvs.openbsd.org 2010/03/05 10:28:21 66 [ssh-add.1 ssh.1 ssh_config.5] 67 mention loading of certificate files from [private]-cert.pub when 68 they are present; feedback and ok jmc@ 69 - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older 70 compilers. OK djm@ 71 - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure 72 on some platforms 73 - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@ 74 7520100304 76 - (djm) [ssh-keygen.c] Use correct local variable, instead of 77 maybe-undefined global "optarg" 78 - (djm) [contrib/redhat/openssh.spec] Replace obsolete BuildPreReq 79 on XFree86-devel with neutral /usr/include/X11/Xlib.h; 80 imorgan AT nas.nasa.gov in bz#1731 81 - (djm) [.cvsignore] Ignore ssh-pkcs11-helper 82 - (djm) [regress/Makefile] Cleanup sshd_proxy_orig 83 - OpenBSD CVS Sync 84 - djm@cvs.openbsd.org 2010/03/03 01:44:36 85 [auth-options.c key.c] 86 reject strings with embedded ASCII nul chars in certificate key IDs, 87 principal names and constraints 88 - djm@cvs.openbsd.org 2010/03/03 22:49:50 89 [sshd.8] 90 the authorized_keys option for CA keys is "cert-authority", not 91 "from=cert-authority". spotted by imorgan AT nas.nasa.gov 92 - djm@cvs.openbsd.org 2010/03/03 22:50:40 93 [PROTOCOL.certkeys] 94 s/similar same/similar/; from imorgan AT nas.nasa.gov 95 - djm@cvs.openbsd.org 2010/03/04 01:44:57 96 [key.c] 97 use buffer_get_string_ptr_ret() where we are checking the return 98 value explicitly instead of the fatal()-causing buffer_get_string_ptr() 99 - djm@cvs.openbsd.org 2010/03/04 10:36:03 100 [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c] 101 [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h] 102 [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5] 103 Add a TrustedUserCAKeys option to sshd_config to specify CA keys that 104 are trusted to authenticate users (in addition than doing it per-user 105 in authorized_keys). 106 107 Add a RevokedKeys option to sshd_config and a @revoked marker to 108 known_hosts to allow keys to me revoked and banned for user or host 109 authentication. 110 111 feedback and ok markus@ 112 - djm@cvs.openbsd.org 2010/03/03 00:47:23 113 [regress/cert-hostkey.sh regress/cert-userkey.sh] 114 add an extra test to ensure that authentication with the wrong 115 certificate fails as it should (and it does) 116 - djm@cvs.openbsd.org 2010/03/04 10:38:23 117 [regress/cert-hostkey.sh regress/cert-userkey.sh] 118 additional regression tests for revoked keys and TrustedUserCAKeys 119 12020100303 121 - (djm) [PROTOCOL.certkeys] Add RCS Ident 122 - OpenBSD CVS Sync 123 - jmc@cvs.openbsd.org 2010/02/26 22:09:28 124 [ssh-keygen.1 ssh.1 sshd.8] 125 tweak previous; 126 - otto@cvs.openbsd.org 2010/03/01 11:07:06 127 [ssh-add.c] 128 zap what seems to be a left-over debug message; ok markus@ 129 - djm@cvs.openbsd.org 2010/03/02 23:20:57 130 [ssh-keygen.c] 131 POSIX strptime is stricter than OpenBSD's so do a little dance to 132 appease it. 133 - (djm) [regress/cert-userkey.sh] s/echo -n/echon/ here too 134 13520100302 136 - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from 137 http://git.savannah.gnu.org/gitweb/ (2009-12-30 and 2010-01-22 138 respectively). 139 14020100301 141 - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace 142 "echo -n" with "echon" for portability. 143 - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM 144 adjust log at verbose only, since according to cjwatson in bug #1470 145 some virtualization platforms don't allow writes. 146 14720100228 148 - (djm) [auth.c] On Cygwin, refuse usernames that have differences in 149 case from that matched in the system password database. On this 150 platform, passwords are stored case-insensitively, but sshd requires 151 exact case matching for Match blocks in sshd_config(5). Based on 152 a patch from vinschen AT redhat.com. 153 - (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions 154 to make older compilers (gcc 2.95) happy. 155 15620100227 157 - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded 158 - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment 159 variables copied into sshd child processes. From vinschen AT redhat.com 160 16120100226 162 - OpenBSD CVS Sync 163 - djm@cvs.openbsd.org 2010/02/26 20:29:54 164 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] 165 [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] 166 [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] 167 [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] 168 [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] 169 [sshconnect2.c sshd.8 sshd.c sshd_config.5] 170 Add support for certificate key types for users and hosts. 171 172 OpenSSH certificate key types are not X.509 certificates, but a much 173 simpler format that encodes a public key, identity information and 174 some validity constraints and signs it with a CA key. CA keys are 175 regular SSH keys. This certificate style avoids the attack surface 176 of X.509 certificates and is very easy to deploy. 177 178 Certified host keys allow automatic acceptance of new host keys 179 when a CA certificate is marked as trusted in ~/.ssh/known_hosts. 180 see VERIFYING HOST KEYS in ssh(1) for details. 181 182 Certified user keys allow authentication of users when the signing 183 CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS 184 FILE FORMAT" in sshd(8) for details. 185 186 Certificates are minted using ssh-keygen(1), documentation is in 187 the "CERTIFICATES" section of that manpage. 188 189 Documentation on the format of certificates is in the file 190 PROTOCOL.certkeys 191 192 feedback and ok markus@ 193 - djm@cvs.openbsd.org 2010/02/26 20:33:21 194 [Makefile regress/cert-hostkey.sh regress/cert-userkey.sh] 195 regression tests for certified keys 196 19720100224 198 - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] 199 [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable 200 - (djm) OpenBSD CVS Sync 201 - djm@cvs.openbsd.org 2010/02/11 20:37:47 202 [pathnames.h] 203 correct comment 204 - dtucker@cvs.openbsd.org 2009/11/09 04:20:04 205 [regress/Makefile] 206 add regression test for ssh-keygen pubkey conversions 207 - dtucker@cvs.openbsd.org 2010/01/11 02:53:44 208 [regress/forwarding.sh] 209 regress test for stdio forwarding 210 - djm@cvs.openbsd.org 2010/02/09 04:57:36 211 [regress/addrmatch.sh] 212 clean up droppings 213 - djm@cvs.openbsd.org 2010/02/09 06:29:02 214 [regress/Makefile] 215 turn on all the malloc(3) checking options when running regression 216 tests. this has caught a few bugs for me in the past; ok dtucker@ 217 - djm@cvs.openbsd.org 2010/02/24 06:21:56 218 [regress/test-exec.sh] 219 wait for sshd to fully stop in cleanup() function; avoids races in tests 220 that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@ 221 - markus@cvs.openbsd.org 2010/02/08 10:52:47 222 [regress/agent-pkcs11.sh] 223 test for PKCS#11 support (currently disabled) 224 - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper 225 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 226 [contrib/suse/openssh.spec] Add PKCS#11 helper binary and manpage 227 22820100212 229 - (djm) OpenBSD CVS Sync 230 - djm@cvs.openbsd.org 2010/02/02 22:49:34 231 [bufaux.c] 232 make buffer_get_string_ret() really non-fatal in all cases (it was 233 using buffer_get_int(), which could fatal() on buffer empty); 234 ok markus dtucker 235 - markus@cvs.openbsd.org 2010/02/08 10:50:20 236 [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] 237 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] 238 replace our obsolete smartcard code with PKCS#11. 239 ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf 240 ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 241 provider (shared library) while ssh-agent(1) delegates PKCS#11 to 242 a forked a ssh-pkcs11-helper process. 243 PKCS#11 is currently a compile time option. 244 feedback and ok djm@; inspired by patches from Alon Bar-Lev 245 - jmc@cvs.openbsd.org 2010/02/08 22:03:05 246 [ssh-add.1 ssh-keygen.1 ssh.1 ssh.c] 247 tweak previous; ok markus 248 - djm@cvs.openbsd.org 2010/02/09 00:50:36 249 [ssh-agent.c] 250 fallout from PKCS#11: unbreak -D 251 - djm@cvs.openbsd.org 2010/02/09 00:50:59 252 [ssh-keygen.c] 253 fix -Wall 254 - djm@cvs.openbsd.org 2010/02/09 03:56:28 255 [buffer.c buffer.h] 256 constify the arguments to buffer_len, buffer_ptr and buffer_dump 257 - djm@cvs.openbsd.org 2010/02/09 06:18:46 258 [auth.c] 259 unbreak ChrootDirectory+internal-sftp by skipping check for executable 260 shell when chrooting; reported by danh AT wzrd.com; ok dtucker@ 261 - markus@cvs.openbsd.org 2010/02/10 23:20:38 262 [ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5] 263 pkcs#11 is no longer optional; improve wording; ok jmc@ 264 - jmc@cvs.openbsd.org 2010/02/11 13:23:29 265 [ssh.1] 266 libarary -> library; 267 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c] 268 [scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] 269 Remove obsolete smartcard support 270 - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] 271 Make it compile on OSX 272 - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c] 273 Use ssh_get_progname to fill __progname 274 - (djm) [configure.ac] Enable PKCS#11 support only when we find a working 275 dlopen() 276 27720100210 278 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for 279 getseuserbyname; patch from calebcase AT gmail.com via 280 cjwatson AT debian.org 281 28220100202 283 - (djm) OpenBSD CVS Sync 284 - djm@cvs.openbsd.org 2010/01/30 21:08:33 285 [sshd.8] 286 debug output goes to stderr, not "the system log"; ok markus dtucker 287 - djm@cvs.openbsd.org 2010/01/30 21:12:08 288 [channels.c] 289 fake local addr:port when stdio fowarding as some servers (Tectia at 290 least) validate that they are well-formed; 291 reported by imorgan AT nas.nasa.gov 292 ok dtucker 293 29420100130 295 - (djm) OpenBSD CVS Sync 296 - djm@cvs.openbsd.org 2010/01/28 00:21:18 297 [clientloop.c] 298 downgrade an error() to a debug() - this particular case can be hit in 299 normal operation for certain sequences of mux slave vs session closure 300 and is harmless 301 - djm@cvs.openbsd.org 2010/01/29 00:20:41 302 [sshd.c] 303 set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com 304 ok dtucker@ 305 - djm@cvs.openbsd.org 2010/01/29 20:16:17 306 [mux.c] 307 kill correct channel (was killing already-dead mux channel, not 308 its session channel) 309 - djm@cvs.openbsd.org 2010/01/30 02:54:53 310 [mux.c] 311 don't mark channel as read failed if it is already closing; suppresses 312 harmless error messages when connecting to SSH.COM Tectia server 313 report by imorgan AT nas.nasa.gov 314 31520100129 316 - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config() 317 after registering the hardware engines, which causes the openssl.cnf file to 318 be processed. See OpenSSL's man page for OPENSSL_config(3) for details. 319 Patch from Solomon Peachy, ok djm@. 320 32120100128 322 - (djm) OpenBSD CVS Sync 323 - djm@cvs.openbsd.org 2010/01/26 02:15:20 324 [mux.c] 325 -Wuninitialized and remove a // comment; from portable 326 (Id sync only) 327 - djm@cvs.openbsd.org 2010/01/27 13:26:17 328 [mux.c] 329 fix bug introduced in mux rewrite: 330 331 In a mux master, when a socket to a mux slave closes before its server 332 session (as may occur when the slave has been signalled), gracefully 333 close the server session rather than deleting its channel immediately. 334 A server may have more messages on that channel to send (e.g. an exit 335 message) that will fatal() the client if they are sent to a channel that 336 has been prematurely deleted. 337 338 spotted by imorgan AT nas.nasa.gov 339 - djm@cvs.openbsd.org 2010/01/27 19:21:39 340 [sftp.c] 341 add missing "p" flag to getopt optstring; 342 bz#1704 from imorgan AT nas.nasa.gov 343 34420100126 345 - (djm) OpenBSD CVS Sync 346 - tedu@cvs.openbsd.org 2010/01/17 21:49:09 347 [ssh-agent.1] 348 Correct and clarify ssh-add's password asking behavior. 349 Improved text dtucker and ok jmc 350 - dtucker@cvs.openbsd.org 2010/01/18 01:50:27 351 [roaming_client.c] 352 s/long long unsigned/unsigned long long/, from tim via portable 353 (Id sync only, change already in portable) 354 - djm@cvs.openbsd.org 2010/01/26 01:28:35 355 [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c] 356 rewrite ssh(1) multiplexing code to a more sensible protocol. 357 358 The new multiplexing code uses channels for the listener and 359 accepted control sockets to make the mux master non-blocking, so 360 no stalls when processing messages from a slave. 361 362 avoid use of fatal() in mux master protocol parsing so an errant slave 363 process cannot take down a running master. 364 365 implement requesting of port-forwards over multiplexed sessions. Any 366 port forwards requested by the slave are added to those the master has 367 established. 368 369 add support for stdio forwarding ("ssh -W host:port ...") in mux slaves. 370 371 document master/slave mux protocol so that other tools can use it to 372 control a running ssh(1). Note: there are no guarantees that this 373 protocol won't be incompatibly changed (though it is versioned). 374 375 feedback Salvador Fandino, dtucker@ 376 channel changes ok markus@ 377 37820100122 379 - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of 380 socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size 381 in Cygwin to 65535. Patch from Corinna Vinschen. 382 38320100117 384 - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too. 385 - (tim) [configure.ac] On SVR5 systems, use the C99-conforming functions 386 snprintf() and vsnprintf() named _xsnprintf() and _xvsnprintf(). 387 38820100116 389 - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h 390 so we correctly detect whether or not we have a native user_from_uid. 391 - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid 392 and group_from_gid. 393 - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by 394 Tim. 395 - (dtucker) OpenBSD CVS Sync 396 - markus@cvs.openbsd.org 2010/01/15 09:24:23 397 [sftp-common.c] 398 unused 399 - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused 400 variable warnings. 401 - (dtucker) [openbsd-compat/openbsd-compat.h] Typo. 402 - (tim) [regress/portnum.sh] Shell portability fix. 403 - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native 404 getaddrinfo() is too old and limited for addr_pton() in addrmatch.c. 405 - (tim) [roaming_client.c] Use of <sys/queue.h> is not really portable so we 406 use "openbsd-compat/sys-queue.h". s/long long unsigned/unsigned long long/ 407 to keep USL compilers happy. 408 40920100115 410 - (dtucker) OpenBSD CVS Sync 411 - jmc@cvs.openbsd.org 2010/01/13 12:48:34 412 [sftp.1 sftp.c] 413 sftp.1: put ls -h in the right place 414 sftp.c: as above, plus add -p to get/put, and shorten their arg names 415 to keep the help usage nicely aligned 416 ok djm 417 - djm@cvs.openbsd.org 2010/01/13 23:47:26 418 [auth.c] 419 when using ChrootDirectory, make sure we test for the existence of the 420 user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu; 421 ok dtucker 422 - dtucker@cvs.openbsd.org 2010/01/14 23:41:49 423 [sftp-common.c] 424 use user_from{uid,gid} to lookup up ids since it keeps a small cache. 425 ok djm 426 - guenther@cvs.openbsd.org 2010/01/15 00:05:22 427 [sftp.c] 428 Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp 429 inherited SIGTERM as ignored it will still be able to kill the ssh it 430 starts. 431 ok dtucker@ 432 - (dtucker) [openbsd-compat/pwcache.c] Pull in pwcache.c from OpenBSD (no 433 changes yet but there will be some to come). 434 - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability 435 for pwcache. Also, added caching of negative hits. 436 43720100114 438 - (djm) [platform.h] Add missing prototype for 439 platform_krb5_get_principal_name 440 44120100113 442 - (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs. 443 - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18: 444 missing restore of SIGTTOU and some whitespace. 445 - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21. 446 - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22. 447 Fixes bz #1590, where sometimes you could not interrupt a connection while 448 ssh was prompting for a passphrase or password. 449 - (dtucker) OpenBSD CVS Sync 450 - dtucker@cvs.openbsd.org 2010/01/13 00:19:04 451 [sshconnect.c auth.c] 452 Fix a couple of typos/mispellings in comments 453 - dtucker@cvs.openbsd.org 2010/01/13 01:10:56 454 [key.c] 455 Ignore and log any Protocol 1 keys where the claimed size is not equal to 456 the actual size. Noted by Derek Martin, ok djm@ 457 - dtucker@cvs.openbsd.org 2010/01/13 01:20:20 458 [canohost.c ssh-keysign.c sshconnect2.c] 459 Make HostBased authentication work with a ProxyCommand. bz #1569, patch 460 from imorgan at nas nasa gov, ok djm@ 461 - djm@cvs.openbsd.org 2010/01/13 01:40:16 462 [sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h] 463 support '-h' (human-readable units) for sftp's ls command, just like 464 ls(1); ok dtucker@ 465 - djm@cvs.openbsd.org 2010/01/13 03:48:13 466 [servconf.c servconf.h sshd.c] 467 avoid run-time failures when specifying hostkeys via a relative 468 path by prepending the cwd in these cases; bz#1290; ok dtucker@ 469 - djm@cvs.openbsd.org 2010/01/13 04:10:50 470 [sftp.c] 471 don't append a space after inserting a completion of a directory (i.e. 472 a path ending in '/') for a slightly better user experience; ok dtucker@ 473 - (dtucker) [sftp-common.c] Wrap include of util.h in an ifdef. 474 - (tim) [defines.h] openbsd-compat/readpassphrase.c now needs _NSIG. 475 feedback and ok dtucker@ 476 47720100112 478 - (dtucker) OpenBSD CVS Sync 479 - dtucker@cvs.openbsd.org 2010/01/11 01:39:46 480 [ssh_config channels.c ssh.1 channels.h ssh.c] 481 Add a 'netcat mode' (ssh -W). This connects stdio on the client to a 482 single port forward on the server. This allows, for example, using ssh as 483 a ProxyCommand to route connections via intermediate servers. 484 bz #1618, man page help from jmc@, ok markus@ 485 - dtucker@cvs.openbsd.org 2010/01/11 04:46:45 486 [authfile.c sshconnect2.c] 487 Do not prompt for a passphrase if we fail to open a keyfile, and log the 488 reason the open failed to debug. 489 bz #1693, found by tj AT castaglia org, ok djm@ 490 - djm@cvs.openbsd.org 2010/01/11 10:51:07 491 [ssh-keygen.c] 492 when converting keys, truncate key comments at 72 chars as per RFC4716; 493 bz#1630 reported by tj AT castaglia.org; ok markus@ 494 - dtucker@cvs.openbsd.org 2010/01/12 00:16:47 495 [authfile.c] 496 Fix bug introduced in r1.78 (incorrect brace location) that broke key auth. 497 Patch from joachim joachimschipper nl. 498 - djm@cvs.openbsd.org 2010/01/12 00:58:25 499 [monitor_fdpass.c] 500 avoid spinning when fd passing on nonblocking sockets by calling poll() 501 in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@ 502 - djm@cvs.openbsd.org 2010/01/12 00:59:29 503 [roaming_common.c] 504 delete with extreme prejudice a debug() that fired with every keypress; 505 ok dtucker deraadt 506 - dtucker@cvs.openbsd.org 2010/01/12 01:31:05 507 [session.c] 508 Do not allow logins if /etc/nologin exists but is not readable by the user 509 logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@ 510 - djm@cvs.openbsd.org 2010/01/12 01:36:08 511 [buffer.h bufaux.c] 512 add a buffer_get_string_ptr_ret() that does the same as 513 buffer_get_string_ptr() but does not fatal() on error; ok dtucker@ 514 - dtucker@cvs.openbsd.org 2010/01/12 08:33:17 515 [session.c] 516 Add explicit stat so we reliably detect nologin with bad perms. 517 ok djm markus 518 51920100110 520 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] 521 Remove hacks add for RoutingDomain in preparation for its removal. 522 - (dtucker) OpenBSD CVS Sync 523 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13 524 [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h 525 ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c 526 readconf.h scp.1 sftp.1 ssh_config.5 misc.h] 527 Remove RoutingDomain from ssh since it's now not needed. It can be 528 replaced with "route exec" or "nc -V" as a proxycommand. "route exec" 529 also ensures that trafic such as DNS lookups stays withing the specified 530 routingdomain. For example (from reyk): 531 # route -T 2 exec /usr/sbin/sshd 532 or inherited from the parent process 533 $ route -T 2 exec sh 534 $ ssh 10.1.2.3 535 ok deraadt@ markus@ stevesk@ reyk@ 536 - dtucker@cvs.openbsd.org 2010/01/10 03:51:17 537 [servconf.c] 538 Add ChrootDirectory to sshd.c test-mode output 539 - dtucker@cvs.openbsd.org 2010/01/10 07:15:56 540 [auth.c] 541 Output a debug if we can't open an existing keyfile. bz#1694, ok djm@ 542 54320100109 544 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't 545 have it. 546 - (dtucker) [defines.h] define PRIu64 for platforms that don't have it. 547 - (dtucker) [roaming_client.c] Wrap inttypes.h in an ifdef. 548 - (dtucker) [loginrec.c] Use the SUSv3 specified name for the user name 549 when using utmpx. Patch from Ed Schouten. 550 - (dtucker) OpenBSD CVS Sync 551 - djm@cvs.openbsd.org 2010/01/09 00:20:26 552 [sftp-server.c sftp-server.8] 553 add a 'read-only' mode to sftp-server(8) that disables open in write mode 554 and all other fs-modifying protocol methods. bz#430 ok dtucker@ 555 - djm@cvs.openbsd.org 2010/01/09 00:57:10 556 [PROTOCOL] 557 tweak language 558 - jmc@cvs.openbsd.org 2010/01/09 03:36:00 559 [sftp-server.8] 560 bad place to forget a comma... 561 - djm@cvs.openbsd.org 2010/01/09 05:04:24 562 [mux.c sshpty.h clientloop.c sshtty.c] 563 quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we 564 usually don't actually have a tty to read/set; bz#1686 ok dtucker@ 565 - dtucker@cvs.openbsd.org 2010/01/09 05:17:00 566 [roaming_client.c] 567 Remove a PRIu64 format string that snuck in with roaming. ok djm@ 568 - dtucker@cvs.openbsd.org 2010/01/09 11:13:02 569 [sftp.c] 570 Prevent sftp from derefing a null pointer when given a "-" without a 571 command. Also, allow whitespace to follow a "-". bz#1691, path from 572 Colin Watson via Debian. ok djm@ deraadt@ 573 - dtucker@cvs.openbsd.org 2010/01/09 11:17:56 574 [sshd.c] 575 Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs 576 itself. Prevents two HUPs in quick succession from resulting in sshd 577 dying. bz#1692, patch from Colin Watson via Ubuntu. 578 - (dtucker) [defines.h] Remove now-undeeded PRIu64 define. 579 58020100108 581 - (dtucker) OpenBSD CVS Sync 582 - andreas@cvs.openbsd.org 2009/10/24 11:11:58 583 [roaming.h] 584 Declarations needed for upcoming changes. 585 ok markus@ 586 - andreas@cvs.openbsd.org 2009/10/24 11:13:54 587 [sshconnect2.c kex.h kex.c] 588 Let the client detect if the server supports roaming by looking 589 for the resume@appgate.com kex algorithm. 590 ok markus@ 591 - andreas@cvs.openbsd.org 2009/10/24 11:15:29 592 [clientloop.c] 593 client_loop() must detect if the session has been suspended and resumed, 594 and take appropriate action in that case. 595 From Martin Forssen, maf at appgate dot com 596 - andreas@cvs.openbsd.org 2009/10/24 11:19:17 597 [ssh2.h] 598 Define the KEX messages used when resuming a suspended connection. 599 ok markus@ 600 - andreas@cvs.openbsd.org 2009/10/24 11:22:37 601 [roaming_common.c] 602 Do the actual suspend/resume in the client. This won't be useful until 603 the server side supports roaming. 604 Most code from Martin Forssen, maf at appgate dot com. Some changes by 605 me and markus@ 606 ok markus@ 607 - andreas@cvs.openbsd.org 2009/10/24 11:23:42 608 [ssh.c] 609 Request roaming to be enabled if UseRoaming is true and the server 610 supports it. 611 ok markus@ 612 - reyk@cvs.openbsd.org 2009/10/28 16:38:18 613 [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c 614 channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1 615 sftp.1 sshd_config.5 readconf.c ssh.c misc.c] 616 Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan. 617 ok markus@ 618 - jmc@cvs.openbsd.org 2009/10/28 21:45:08 619 [sshd_config.5 sftp.1] 620 tweak previous; 621 - djm@cvs.openbsd.org 2009/11/10 02:56:22 622 [ssh_config.5] 623 explain the constraints on LocalCommand some more so people don't 624 try to abuse it. 625 - djm@cvs.openbsd.org 2009/11/10 02:58:56 626 [sshd_config.5] 627 clarify that StrictModes does not apply to ChrootDirectory. Permissions 628 and ownership are always checked when chrooting. bz#1532 629 - dtucker@cvs.openbsd.org 2009/11/10 04:30:45 630 [sshconnect2.c channels.c sshconnect.c] 631 Set close-on-exec on various descriptors so they don't get leaked to 632 child processes. bz #1643, patch from jchadima at redhat, ok deraadt. 633 - markus@cvs.openbsd.org 2009/11/11 21:37:03 634 [channels.c channels.h] 635 fix race condition in x11/agent channel allocation: don't read after 636 the end of the select read/write fdset and make sure a reused FD 637 is not touched before the pre-handlers are called. 638 with and ok djm@ 639 - djm@cvs.openbsd.org 2009/11/17 05:31:44 640 [clientloop.c] 641 fix incorrect exit status when multiplexing and channel ID 0 is recycled 642 bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker 643 - djm@cvs.openbsd.org 2009/11/19 23:39:50 644 [session.c] 645 bz#1606: error when an attempt is made to connect to a server 646 with ForceCommand=internal-sftp with a shell session (i.e. not a 647 subsystem session). Avoids stuck client when attempting to ssh to such a 648 service. ok dtucker@ 649 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41 650 [session.c] 651 Warn but do not fail if stat()ing the subsystem binary fails. This helps 652 with chrootdirectory+forcecommand=sftp-server and restricted shells. 653 bz #1599, ok djm. 654 - djm@cvs.openbsd.org 2009/11/20 00:54:01 655 [sftp.c] 656 bz#1588 change "Connecting to host..." message to "Connected to host." 657 and delay it until after the sftp protocol connection has been established. 658 Avoids confusing sequence of messages when the underlying ssh connection 659 experiences problems. ok dtucker@ 660 - dtucker@cvs.openbsd.org 2009/11/20 00:59:36 661 [sshconnect2.c] 662 Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@ 663 - djm@cvs.openbsd.org 2009/11/20 03:24:07 664 [misc.c] 665 correct off-by-one in percent_expand(): we would fatal() when trying 666 to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually 667 work. Note that nothing in OpenSSH actually uses close to this limit at 668 present. bz#1607 from Jan.Pechanec AT Sun.COM 669 - halex@cvs.openbsd.org 2009/11/22 13:18:00 670 [sftp.c] 671 make passing of zero-length arguments to ssh safe by 672 passing "-<switch>" "<value>" rather than "-<switch><value>" 673 ok dtucker@, guenther@, djm@ 674 - dtucker@cvs.openbsd.org 2009/12/06 23:41:15 675 [sshconnect2.c] 676 zap unused variable and strlen; from Steve McClellan, ok djm 677 - djm@cvs.openbsd.org 2009/12/06 23:53:45 678 [roaming_common.c] 679 use socklen_t for getsockopt optlen parameter; reported by 680 Steve.McClellan AT radisys.com, ok dtucker@ 681 - dtucker@cvs.openbsd.org 2009/12/06 23:53:54 682 [sftp.c] 683 fix potential divide-by-zero in sftp's "df" output when talking to a server 684 that reports zero files on the filesystem (Unix filesystems always have at 685 least the root inode). From Steve McClellan at radisys, ok djm@ 686 - markus@cvs.openbsd.org 2009/12/11 18:16:33 687 [key.c] 688 switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537 689 for the RSA public exponent; discussed with provos; ok djm@ 690 - guenther@cvs.openbsd.org 2009/12/20 07:28:36 691 [ssh.c sftp.c scp.c] 692 When passing user-controlled options with arguments to other programs, 693 pass the option and option argument as separate argv entries and 694 not smashed into one (e.g., as -l foo and not -lfoo). Also, always 695 pass a "--" argument to stop option parsing, so that a positional 696 argument that starts with a '-' isn't treated as an option. This 697 fixes some error cases as well as the handling of hostnames and 698 filenames that start with a '-'. 699 Based on a diff by halex@ 700 ok halex@ djm@ deraadt@ 701 - djm@cvs.openbsd.org 2009/12/20 23:20:40 702 [PROTOCOL] 703 fix an incorrect magic number and typo in PROTOCOL; bz#1688 704 report and fix from ueno AT unixuser.org 705 - stevesk@cvs.openbsd.org 2009/12/25 19:40:21 706 [readconf.c servconf.c misc.h ssh-keyscan.c misc.c] 707 validate routing domain is in range 0-RT_TABLEID_MAX. 708 'Looks right' deraadt@ 709 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41 710 [sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1] 711 Rename RDomain config option to RoutingDomain to be more clear and 712 consistent with other options. 713 NOTE: if you currently use RDomain in the ssh client or server config, 714 or ssh/sshd -o, you must update to use RoutingDomain. 715 ok markus@ djm@ 716 - jmc@cvs.openbsd.org 2009/12/29 18:03:32 717 [sshd_config.5 ssh_config.5] 718 sort previous; 719 - dtucker@cvs.openbsd.org 2010/01/04 01:45:30 720 [sshconnect2.c] 721 Don't escape backslashes in the SSH2 banner. bz#1533, patch from 722 Michal Gorny via Gentoo. 723 - djm@cvs.openbsd.org 2010/01/04 02:03:57 724 [sftp.c] 725 Implement tab-completion of commands, local and remote filenames for sftp. 726 Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009 727 Google Summer of Code) and polished to a fine sheen by myself again. 728 It should deal more-or-less correctly with the ikky corner-cases presented 729 by quoted filenames, but the UI could still be slightly improved. 730 In particular, it is quite slow for remote completion on large directories. 731 bz#200; ok markus@ 732 - djm@cvs.openbsd.org 2010/01/04 02:25:15 733 [sftp-server.c] 734 bz#1566 don't unnecessarily dup() in and out fds for sftp-server; 735 ok markus@ 736 - dtucker@cvs.openbsd.org 2010/01/08 21:50:49 737 [sftp.c] 738 Fix two warnings: possibly used unitialized and use a nul byte instead of 739 NULL pointer. ok djm@ 740 - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new 741 files for roaming and add to Makefile. 742 - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines. 743 - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that 744 don't have libedit. 745 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make 746 RoutingDomain an unsupported option on platforms that don't have it. 747 - (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remote 748 too. 749 - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket to 750 be created. 751 - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN more 752 to eliminate an unused variable warning. 753 - (dtucker) [roaming_serv.c] Include includes.h for u_intXX_t types. 754 75520091226 756 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1 757 Gzip all man pages. Patch from Corinna Vinschen. 758 75920091221 760 - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}] 761 Bug #1583: Use system's kerberos principal name on AIX if it's available. 762 Based on a patch from and tested by Miguel Sanders 763 76420091208 765 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, 766 based on a patch from Vaclav Ovsik and Colin Watson. ok djm. 767 76820091207 769 - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. 770 Tested by Martin Paljak. 771 - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass. 772 77320091121 774 - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it. 775 Bug 1628. OK dtucker@ 776 77720091120 778 - (djm) [ssh-rand-helper.c] Print error and usage() when passed command- 779 line arguments as none are supported. Exit when passed unrecognised 780 commandline flags. bz#1568 from gson AT araneus.fi 781 78220091118 783 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to 784 set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify 785 setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only() 786 bz#1648, report and fix from jan.kratochvil AT redhat.com 787 - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal. 788 bz#1645, patch from jchadima AT redhat.com 789 79020091107 791 - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private 792 keys when built with OpenSSL versions that don't do AES. 793 79420091105 795 - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with 796 older versions of OpenSSL. 797 79820091024 799 - (dtucker) OpenBSD CVS Sync 800 - djm@cvs.openbsd.org 2009/10/11 23:03:15 801 [hostfile.c] 802 mention the host name that we are looking for in check_host_in_hostfile() 803 - sobrado@cvs.openbsd.org 2009/10/17 12:10:39 804 [sftp-server.c] 805 sort flags. 806 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53 807 [ssh.1 ssh-agent.1 ssh-add.1] 808 use the UNIX-related macros (.At and .Ux) where appropriate. 809 ok jmc@ 810 - sobrado@cvs.openbsd.org 2009/10/22 15:02:12 811 [ssh-agent.1 ssh-add.1 ssh.1] 812 write UNIX-domain in a more consistent way; while here, replace a 813 few remaining ".Tn UNIX" macros with ".Ux" ones. 814 pointed out by ratchov@, thanks! 815 ok jmc@ 816 - djm@cvs.openbsd.org 2009/10/22 22:26:13 817 [authfile.c] 818 switch from 3DES to AES-128 for encryption of passphrase-protected 819 SSH protocol 2 private keys; ok several 820 - djm@cvs.openbsd.org 2009/10/23 01:57:11 821 [sshconnect2.c] 822 disallow a hostile server from checking jpake auth by sending an 823 out-of-sequence success message. (doesn't affect code enabled by default) 824 - dtucker@cvs.openbsd.org 2009/10/24 00:48:34 825 [ssh-keygen.1] 826 ssh-keygen now uses AES-128 for private keys 827 - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro. 828 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux 829 is enabled set the security context to "sftpd_t" before running the 830 internal sftp server Based on a patch from jchadima at redhat. 831 83220091011 833 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for 834 dirent d_type and DTTOIF as we've switched OpenBSD to the more portable 835 lstat. 836 - (dtucker) OpenBSD CVS Sync 837 - markus@cvs.openbsd.org 2009/10/08 14:03:41 838 [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5] 839 disable protocol 1 by default (after a transition period of about 10 years) 840 ok deraadt 841 - jmc@cvs.openbsd.org 2009/10/08 20:42:12 842 [sshd_config.5 ssh_config.5 sshd.8 ssh.1] 843 some tweaks now that protocol 1 is not offered by default; ok markus 844 - dtucker@cvs.openbsd.org 2009/10/11 10:41:26 845 [sftp-client.c] 846 d_type isn't portable so use lstat to get dirent modes. Suggested by and 847 "looks sane" deraadt@ 848 - markus@cvs.openbsd.org 2009/10/08 18:04:27 849 [regress/test-exec.sh] 850 re-enable protocol v1 for the tests. 851 85220091007 853 - (dtucker) OpenBSD CVS Sync 854 - djm@cvs.openbsd.org 2009/08/12 00:13:00 855 [sftp.c sftp.1] 856 support most of scp(1)'s commandline arguments in sftp(1), as a first 857 step towards making sftp(1) a drop-in replacement for scp(1). 858 One conflicting option (-P) has not been changed, pending further 859 discussion. 860 Patch from carlosvsilvapt@gmail.com as part of his work in the 861 Google Summer of Code 862 - jmc@cvs.openbsd.org 2009/08/12 06:31:42 863 [sftp.1] 864 sort options; 865 - djm@cvs.openbsd.org 2009/08/13 01:11:19 866 [sftp.1 sftp.c] 867 Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", 868 add "-P port" to match scp(1). Fortunately, the -P option is only really 869 used by our regression scripts. 870 part of larger patch from carlosvsilvapt@gmail.com for his Google Summer 871 of Code work; ok deraadt markus 872 - jmc@cvs.openbsd.org 2009/08/13 13:39:54 873 [sftp.1 sftp.c] 874 sync synopsis and usage(); 875 - djm@cvs.openbsd.org 2009/08/14 18:17:49 876 [sftp-client.c] 877 make the "get_handle: ..." error messages vaguely useful by allowing 878 callers to specify their own error message strings. 879 - fgsch@cvs.openbsd.org 2009/08/15 18:56:34 880 [auth.h] 881 remove unused define. markus@ ok. 882 (Id sync only, Portable still uses this.) 883 - dtucker@cvs.openbsd.org 2009/08/16 23:29:26 884 [sshd_config.5] 885 Add PubkeyAuthentication to the list allowed in a Match block (bz #1577) 886 - djm@cvs.openbsd.org 2009/08/18 18:36:21 887 [sftp-client.h sftp.1 sftp-client.c sftp.c] 888 recursive transfer support for get/put and on the commandline 889 work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code 890 with some tweaks by me; "go for it" deraadt@ 891 - djm@cvs.openbsd.org 2009/08/18 21:15:59 892 [sftp.1] 893 fix "get" command usage, spotted by jmc@ 894 - jmc@cvs.openbsd.org 2009/08/19 04:56:03 895 [sftp.1] 896 ether -> either; 897 - dtucker@cvs.openbsd.org 2009/08/20 23:54:28 898 [mux.c] 899 subsystem_flag is defined in ssh.c so it's extern; ok djm 900 - djm@cvs.openbsd.org 2009/08/27 17:28:52 901 [sftp-server.c] 902 allow setting an explicit umask on the commandline to override whatever 903 default the user has. bz#1229; ok dtucker@ deraadt@ markus@ 904 - djm@cvs.openbsd.org 2009/08/27 17:33:49 905 [ssh-keygen.c] 906 force use of correct hash function for random-art signature display 907 as it was inheriting the wrong one when bubblebabble signatures were 908 activated; bz#1611 report and patch from fwojcik+openssh AT besh.com; 909 ok markus@ 910 - djm@cvs.openbsd.org 2009/08/27 17:43:00 911 [sftp-server.8] 912 allow setting an explicit umask on the commandline to override whatever 913 default the user has. bz#1229; ok dtucker@ deraadt@ markus@ 914 - djm@cvs.openbsd.org 2009/08/27 17:44:52 915 [authfd.c ssh-add.c authfd.h] 916 Do not fall back to adding keys without contraints (ssh-add -c / -t ...) 917 when the agent refuses the constrained add request. This was a useful 918 migration measure back in 2002 when constraints were new, but just 919 adds risk now. 920 bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@ 921 - djm@cvs.openbsd.org 2009/08/31 20:56:02 922 [sftp-server.c] 923 check correct variable for error message, spotted by martynas@ 924 - djm@cvs.openbsd.org 2009/08/31 21:01:29 925 [sftp-server.8] 926 document -e and -h; prodded by jmc@ 927 - djm@cvs.openbsd.org 2009/09/01 14:43:17 928 [ssh-agent.c] 929 fix a race condition in ssh-agent that could result in a wedged or 930 spinning agent: don't read off the end of the allocated fd_sets, and 931 don't issue blocking read/write on agent sockets - just fall back to 932 select() on retriable read/write errors. bz#1633 reported and tested 933 by "noodle10000 AT googlemail.com"; ok dtucker@ markus@ 934 - grunk@cvs.openbsd.org 2009/10/01 11:37:33 935 [dh.c] 936 fix a cast 937 ok djm@ markus@ 938 - djm@cvs.openbsd.org 2009/10/06 04:46:40 939 [session.c] 940 bz#1596: fflush(NULL) before exec() to ensure that everying (motd 941 in particular) has made it out before the streams go away. 942 - djm@cvs.openbsd.org 2008/12/07 22:17:48 943 [regress/addrmatch.sh] 944 match string "passwordauthentication" only at start of line, not anywhere 945 in sshd -T output 946 - dtucker@cvs.openbsd.org 2009/05/05 07:51:36 947 [regress/multiplex.sh] 948 Always specify ssh_config for multiplex tests: prevents breakage caused 949 by options in ~/.ssh/config. From Dan Peterson. 950 - djm@cvs.openbsd.org 2009/08/13 00:57:17 951 [regress/Makefile] 952 regression test for port number parsing. written as part of the a2port 953 change that went into 5.2 but I forgot to commit it at the time... 954 - djm@cvs.openbsd.org 2009/08/13 01:11:55 955 [regress/sftp-batch.sh regress/sftp-badcmds.sh regress/sftp.sh 956 regress/sftp-cmds.sh regres/sftp-glob.sh] 957 date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7 958 Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path", 959 add "-P port" to match scp(1). Fortunately, the -P option is only really 960 used by our regression scripts. 961 part of larger patch from carlosvsilvapt@gmail.com for his Google Summer 962 of Code work; ok deraadt markus 963 - djm@cvs.openbsd.org 2009/08/20 18:43:07 964 [regress/ssh-com-sftp.sh] 965 fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos 966 Silva for Google Summer of Code 967 - dtucker@cvs.openbsd.org 2009/10/06 23:51:49 968 [regress/ssh2putty.sh] 969 Add OpenBSD tag to make syncs easier 970 - (dtucker) [regress/portnum.sh] Import new test. 971 - (dtucker) [configure.ac sftp-client.c] DTOTIF is in fs/ffs/dir.h on at 972 least dragonflybsd. 973 - (dtucker) d_type is not mandated by POSIX, so add fallback code using 974 stat(), needed on at least cygwin. 975 97620091002 977 - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps. 978 spotted by des AT des.no 979 98020090926 981 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 982 [contrib/suse/openssh.spec] Update for release 983 - (djm) [README] update relnotes URL 984 - (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere 985 - (djm) Release 5.3p1 986 98720090911 988 - (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X 989 10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch 990 from jbasney at ncsa uiuc edu. 991 99220090908 993 - (djm) [serverloop.c] Fix test for server-assigned remote forwarding port 994 (-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@ 995 99620090901 997 - (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for 998 krb5-config if it's not in the location specified by --with-kerberos5. 999 Patch from jchadima at redhat. 1000 100120090829 1002 - (dtucker) [README.platform] Add text about development packages, based on 1003 text from Chris Pepper in bug #1631. 1004 100520090828 1006 - dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently 1007 causes problems in some Tru64 configurations. 1008 - (djm) [sshd_config.5] downgrade mention of login.conf to be an example 1009 and mention PAM as another provider for ChallengeResponseAuthentication; 1010 bz#1408; ok dtucker@ 1011 - (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when 1012 attempting atomic rename(); ok dtucker@ 1013 - (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables 1014 in argv, so pass them in the environment; ok dtucker@ 1015 - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on 1016 the pty master on Solaris, since it never succeeds and can hang if large 1017 amounts of data is sent to the slave (eg a copy-paste). Based on a patch 1018 originally from Doke Scott, ok djm@ 1019 - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer 1020 size a compile-time option and set it to 64k on Cygwin, since Corinna 1021 reports that it makes a significant difference to performance. ok djm@ 1022 - (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry. 1023 102420090820 1025 - (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not 1026 using it since the type conflicts can cause problems on FreeBSD. Patch 1027 from Jonathan Chen. 1028 - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move 1029 the setpcred call on AIX to immediately before the permanently_set_uid(). 1030 Ensures that we still have privileges when we call chroot and 1031 pam_open_sesson. Based on a patch from David Leonard. 1032 103320090817 1034 - (dtucker) [configure.ac] Check for headers before libraries for openssl an 1035 zlib, which should make the errors slightly more meaningful on platforms 1036 where there's separate "-devel" packages for those. 1037 - (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make 1038 PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders. 1039 104020090729 1041 - (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error 1042 function. Patch from Corinna Vinschen. 1043 104420090713 1045 - (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it 1046 fits into 16 bits to work around a bug in glibc's resolver where it masks 1047 off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob. 1048 104920090712 1050 - (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test, 1051 prevents configure complaining on older BSDs. 1052 - (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch 1053 from Corinna Vinschen. 1054 - (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on 1055 logout to after the session close. Patch from Anicka Bernathova, 1056 originally from Andreas Schwab via Novelll ok djm. 1057 105820090707 1059 - (dtucker) [contrib/cygwin/ssh-host-config] better support for automated 1060 scripts and fix usage of eval. Patch from Corinna Vinschen. 1061 106220090705 1063 - (dtucker) OpenBSD CVS Sync 1064 - andreas@cvs.openbsd.org 2009/06/27 09:29:06 1065 [packet.h packet.c] 1066 packet_bacup_state() and packet_restore_state() will be used to 1067 temporarily save the current state ren resuming a suspended connection. 1068 ok markus@ 1069 - andreas@cvs.openbsd.org 2009/06/27 09:32:43 1070 [roaming_common.c roaming.h] 1071 It may be necessary to retransmit some data when resuming, so add it 1072 to a buffer when roaming is enabled. 1073 Most of this code was written by Martin Forssen, maf at appgate dot com. 1074 ok markus@ 1075 - andreas@cvs.openbsd.org 2009/06/27 09:35:06 1076 [readconf.h readconf.c] 1077 Add client option UseRoaming. It doesn't do anything yet but will 1078 control whether the client tries to use roaming if enabled on the 1079 server. From Martin Forssen. 1080 ok markus@ 1081 - markus@cvs.openbsd.org 2009/06/30 14:54:40 1082 [version.h] 1083 crank version; ok deraadt 1084 - dtucker@cvs.openbsd.org 2009/07/02 02:11:47 1085 [ssh.c] 1086 allow for long home dir paths (bz #1615). ok deraadt 1087 (based in part on a patch from jchadima at redhat) 1088 - stevesk@cvs.openbsd.org 2009/07/05 19:28:33 1089 [clientloop.c] 1090 only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@ 1091 ok deraadt@ markus@ 1092 109320090622 1094 - (dtucker) OpenBSD CVS Sync 1095 - dtucker@cvs.openbsd.org 2009/06/22 05:39:28 1096 [monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c] 1097 alphabetize includes; reduces diff vs portable and style(9). 1098 ok stevesk djm 1099 (Id sync only; these were already in order in -portable) 1100 110120090621 1102 - (dtucker) OpenBSD CVS Sync 1103 - markus@cvs.openbsd.org 2009/03/17 21:37:00 1104 [ssh.c] 1105 pass correct argv[0] to openlog(); ok djm@ 1106 - jmc@cvs.openbsd.org 2009/03/19 15:15:09 1107 [ssh.1] 1108 for "Ciphers", just point the reader to the keyword in ssh_config(5), just 1109 as we do for "MACs": this stops us getting out of sync when the lists 1110 change; 1111 fixes documentation/6102, submitted by Peter J. Philipp 1112 alternative fix proposed by djm 1113 ok markus 1114 - tobias@cvs.openbsd.org 2009/03/23 08:31:19 1115 [ssh-agent.c] 1116 Fixed a possible out-of-bounds memory access if the environment variable 1117 SHELL is shorter than 3 characters. 1118 with input by and ok dtucker 1119 - tobias@cvs.openbsd.org 2009/03/23 19:38:04 1120 [ssh-agent.c] 1121 My previous commit didn't fix the problem at all, so stick at my first 1122 version of the fix presented to dtucker. 1123 Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de). 1124 ok dtucker 1125 - sobrado@cvs.openbsd.org 2009/03/26 08:38:39 1126 [sftp-server.8 sshd.8 ssh-agent.1] 1127 fix a few typographical errors found by spell(1). 1128 ok dtucker@, jmc@ 1129 - stevesk@cvs.openbsd.org 2009/04/13 19:07:44 1130 [sshd_config.5] 1131 fix possessive; ok djm@ 1132 - stevesk@cvs.openbsd.org 2009/04/14 16:33:42 1133 [sftp-server.c] 1134 remove unused option character from getopt() optstring; ok markus@ 1135 - jj@cvs.openbsd.org 2009/04/14 21:10:54 1136 [servconf.c] 1137 Fixed a few the-the misspellings in comments. Skipped a bunch in 1138 binutils,gcc and so on. ok jmc@ 1139 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06 1140 [session.c] 1141 use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server; 1142 ok djm@ markus@ 1143 - stevesk@cvs.openbsd.org 2009/04/17 19:40:17 1144 [sshd_config.5] 1145 clarify that even internal-sftp needs /dev/log for logging to work; ok 1146 markus@ 1147 - jmc@cvs.openbsd.org 2009/04/18 18:39:10 1148 [sshd_config.5] 1149 tweak previous; ok stevesk 1150 - stevesk@cvs.openbsd.org 2009/04/21 15:13:17 1151 [sshd_config.5] 1152 clarify we cd to user's home after chroot; ok markus@ on 1153 earlier version; tweaks and ok jmc@ 1154 - andreas@cvs.openbsd.org 2009/05/25 06:48:01 1155 [channels.c packet.c clientloop.c packet.h serverloop.c monitor_wrap.c 1156 monitor.c] 1157 Put the globals in packet.c into a struct and don't access it directly 1158 from other files. No functional changes. 1159 ok markus@ djm@ 1160 - andreas@cvs.openbsd.org 2009/05/27 06:31:25 1161 [canohost.h canohost.c] 1162 Add clear_cached_addr(), needed for upcoming changes allowing the peer 1163 address to change. 1164 ok markus@ 1165 - andreas@cvs.openbsd.org 2009/05/27 06:33:39 1166 [clientloop.c] 1167 Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger 1168 change from Martin Forssen, maf at appgate dot com. 1169 ok markus@ 1170 - andreas@cvs.openbsd.org 2009/05/27 06:34:36 1171 [kex.c kex.h] 1172 Move the KEX_COOKIE_LEN define to kex.h 1173 ok markus@ 1174 - andreas@cvs.openbsd.org 2009/05/27 06:36:07 1175 [packet.h packet.c] 1176 Add packet_put_int64() and packet_get_int64(), part of a larger change 1177 from Martin Forssen. 1178 ok markus@ 1179 - andreas@cvs.openbsd.org 2009/05/27 06:38:16 1180 [sshconnect.h sshconnect.c] 1181 Un-static ssh_exchange_identification(), part of a larger change from 1182 Martin Forssen and needed for upcoming changes. 1183 ok markus@ 1184 - andreas@cvs.openbsd.org 2009/05/28 16:50:16 1185 [sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c 1186 monitor.c Added roaming.h roaming_common.c roaming_dummy.c] 1187 Keep track of number of bytes read and written. Needed for upcoming 1188 changes. Most code from Martin Forssen, maf at appgate dot com. 1189 ok markus@ 1190 Also, applied appropriate changes to Makefile.in 1191 - andreas@cvs.openbsd.org 2009/06/12 20:43:22 1192 [monitor.c packet.c] 1193 Fix warnings found by chl@ and djm@ and change roaming_atomicio's 1194 return type to match atomicio's 1195 Diff from djm@, ok markus@ 1196 - andreas@cvs.openbsd.org 2009/06/12 20:58:32 1197 [packet.c] 1198 Move some more statics into session_state 1199 ok markus@ djm@ 1200 - dtucker@cvs.openbsd.org 2009/06/21 07:37:15 1201 [kexdhs.c kexgexs.c] 1202 abort if key_sign fails, preventing possible null deref. Based on report 1203 from Paolo Ganci, ok markus@ djm@ 1204 - dtucker@cvs.openbsd.org 2009/06/21 09:04:03 1205 [roaming.h roaming_common.c roaming_dummy.c] 1206 Add tags for the benefit of the sync scripts 1207 Also: pull in the changes for 1.1->1.2 missed in the previous sync. 1208 - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and 1209 header-order changes to reduce diff vs OpenBSD. 1210 - (dtucker) [servconf.c sshd.c] More whitespace sync. 1211 - (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include <inttypes.h> in 1212 ifdef. 1213 121420090616 1215 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t 1216 is a struct with a __val member. Fixes build on, eg, Redhat 6.2. 1217 121820090504 1219 - (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include 1220 variable declarations. Should prevent unused warnings anywhere it's set 1221 (only Crays as far as I can tell) and be a no-op everywhere else. 1222 122320090318 1224 - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem 1225 that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005. 1226 Based on patch from vinschen at redhat com. 1227 122820090308 1229 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c 1230 auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h} 1231 openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old 1232 version of Cygwin. Patch from vinschen at redhat com. 1233 123420090307 1235 - (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it 1236 exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS 1237 has a /dev/random). 1238 - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add 1239 EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c 1240 to use them. Allows building with older OpenSSL versions. 1241 - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed. 1242 - (dtucker) [configure.ac] Missing comma in type list. 1243 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] 1244 EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg 1245 in openssl 0.9.6) so add an explicit test for it. 1246 124720090306 1248 - (djm) OpenBSD CVS Sync 1249 - djm@cvs.openbsd.org 2009/03/05 07:18:19 1250 [auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c] 1251 [sshconnect2.c] 1252 refactor the (disabled) Schnorr proof code to make it a little more 1253 generally useful 1254 - djm@cvs.openbsd.org 2009/03/05 11:30:50 1255 [uuencode.c] 1256 document what these functions do so I don't ever have to recuse into 1257 b64_pton/ntop to remember their return values 1258 125920090223 1260 - (djm) OpenBSD CVS Sync 1261 - djm@cvs.openbsd.org 2009/02/22 23:50:57 1262 [ssh_config.5 sshd_config.5] 1263 don't advertise experimental options 1264 - djm@cvs.openbsd.org 2009/02/22 23:59:25 1265 [sshd_config.5] 1266 missing period 1267 - djm@cvs.openbsd.org 2009/02/23 00:06:15 1268 [version.h] 1269 openssh-5.2 1270 - (djm) [README] update for 5.2 1271 - (djm) Release openssh-5.2p1 1272 127320090222 1274 - (djm) OpenBSD CVS Sync 1275 - tobias@cvs.openbsd.org 2009/02/21 19:32:04 1276 [misc.c sftp-server-main.c ssh-keygen.c] 1277 Added missing newlines in error messages. 1278 ok dtucker 1279 128020090221 1281 - (djm) OpenBSD CVS Sync 1282 - djm@cvs.openbsd.org 2009/02/17 01:28:32 1283 [ssh_config] 1284 sync with revised default ciphers; pointed out by dkrause@ 1285 - djm@cvs.openbsd.org 2009/02/18 04:31:21 1286 [schnorr.c] 1287 signature should hash over the entire group, not just the generator 1288 (this is still disabled code) 1289 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1290 [contrib/suse/openssh.spec] Prepare for 5.2p1 1291 129220090216 1293 - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh] 1294 [regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled 1295 interop tests from FATAL error to a warning. Allows some interop 1296 tests to proceed if others are missing necessary prerequisites. 1297 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris 1298 systems; patch from Aurelien Jarno via rmh AT aybabtu.com 1299 130020090214 1301 - (djm) OpenBSD CVS Sync 1302 - dtucker@cvs.openbsd.org 2009/02/02 11:15:14 1303 [sftp.c] 1304 Initialize a few variables to prevent spurious "may be used 1305 uninitialized" warnings from newer gcc's. ok djm@ 1306 - djm@cvs.openbsd.org 2009/02/12 03:00:56 1307 [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] 1308 [readconf.h serverloop.c ssh.c] 1309 support remote port forwarding with a zero listen port (-R0:...) to 1310 dyamically allocate a listen port at runtime (this is actually 1311 specified in rfc4254); bz#1003 ok markus@ 1312 - djm@cvs.openbsd.org 2009/02/12 03:16:01 1313 [serverloop.c] 1314 tighten check for -R0:... forwarding: only allow dynamic allocation 1315 if want_reply is set in the packet 1316 - djm@cvs.openbsd.org 2009/02/12 03:26:22 1317 [monitor.c] 1318 some paranoia: check that the serialised key is really KEY_RSA before 1319 diddling its internals 1320 - djm@cvs.openbsd.org 2009/02/12 03:42:09 1321 [ssh.1] 1322 document -R0:... usage 1323 - djm@cvs.openbsd.org 2009/02/12 03:44:25 1324 [ssh.1] 1325 consistency: Dq => Ql 1326 - djm@cvs.openbsd.org 2009/02/12 03:46:17 1327 [ssh_config.5] 1328 document RemoteForward usage with 0 listen port 1329 - jmc@cvs.openbsd.org 2009/02/12 07:34:20 1330 [ssh_config.5] 1331 kill trailing whitespace; 1332 - markus@cvs.openbsd.org 2009/02/13 11:50:21 1333 [packet.c] 1334 check for enc !=NULL in packet_start_discard 1335 - djm@cvs.openbsd.org 2009/02/14 06:35:49 1336 [PROTOCOL] 1337 mention that eow and no-more-sessions extensions are sent only to 1338 OpenSSH peers 1339 134020090212 1341 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically 1342 set ownership and modes, so avoid explicitly setting them 1343 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX. 1344 OSX provides a getlastlogxbyname function that automates the reading of 1345 a lastlog file. Also, the pututxline function will update lastlog so 1346 there is no need for loginrec.c to do it explicitly. Collapse some 1347 overly verbose code while I'm in there. 1348 134920090201 1350 - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in 1351 channels.c too, so move the definition for non-IP6 platforms to defines.h 1352 where it can be shared. 1353 135420090129 1355 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. 1356 If the CYGWIN environment variable is empty, the installer script 1357 should not install the service with an empty CYGWIN variable, but 1358 rather without setting CYGWNI entirely. 1359 - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes. 1360 136120090128 1362 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. 1363 Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x. 1364 The information given for the setting of the CYGWIN environment variable 1365 is wrong for both releases so I just removed it, together with the 1366 unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting. 1367 136820081228 1369 - (djm) OpenBSD CVS Sync 1370 - stevesk@cvs.openbsd.org 2008/12/09 03:20:42 1371 [channels.c servconf.c] 1372 channel_print_adm_permitted_opens() should deal with all the printing 1373 for that config option. suggested by markus@; ok markus@ djm@ 1374 dtucker@ 1375 - djm@cvs.openbsd.org 2008/12/09 04:32:22 1376 [auth2-chall.c] 1377 replace by-hand string building with xasprinf(); ok deraadt@ 1378 - sobrado@cvs.openbsd.org 2008/12/09 15:35:00 1379 [sftp.1 sftp.c] 1380 update for the synopses displayed by the 'help' command, there are a 1381 few missing flags; add 'bye' to the output of 'help'; sorting and spacing. 1382 jmc@ suggested replacing .Oo/.Oc with a single .Op macro. 1383 ok jmc@ 1384 - stevesk@cvs.openbsd.org 2008/12/09 22:37:33 1385 [clientloop.c] 1386 fix typo in error message 1387 - stevesk@cvs.openbsd.org 2008/12/10 03:55:20 1388 [addrmatch.c] 1389 o cannot be NULL here but use xfree() to be consistent; ok djm@ 1390 - stevesk@cvs.openbsd.org 2008/12/29 01:12:36 1391 [ssh-keyscan.1] 1392 fix example, default key type is rsa for 3+ years; from 1393 frederic.perrin@resel.fr 1394 - stevesk@cvs.openbsd.org 2008/12/29 02:23:26 1395 [pathnames.h] 1396 no need to escape single quotes in comments 1397 - okan@cvs.openbsd.org 2008/12/30 00:46:56 1398 [sshd_config.5] 1399 add AllowAgentForwarding to available Match keywords list 1400 ok djm 1401 - djm@cvs.openbsd.org 2009/01/01 21:14:35 1402 [channels.c] 1403 call channel destroy callbacks on receipt of open failure messages. 1404 fixes client hangs when connecting to a server that has MaxSessions=0 1405 set spotted by imorgan AT nas.nasa.gov; ok markus@ 1406 - djm@cvs.openbsd.org 2009/01/01 21:17:36 1407 [kexgexs.c] 1408 fix hash calculation for KEXGEX: hash over the original client-supplied 1409 values and not the sanity checked versions that we acutally use; 1410 bz#1540 reported by john.smith AT arrows.demon.co.uk 1411 ok markus@ 1412 - djm@cvs.openbsd.org 2009/01/14 01:38:06 1413 [channels.c] 1414 support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482; 1415 "looks ok" markus@ 1416 - stevesk@cvs.openbsd.org 2009/01/15 17:38:43 1417 [readconf.c] 1418 1) use obsolete instead of alias for consistency 1419 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is 1420 so move the comment. 1421 3) reorder so like options are together 1422 ok djm@ 1423 - djm@cvs.openbsd.org 2009/01/22 09:46:01 1424 [channels.c channels.h session.c] 1425 make Channel->path an allocated string, saving a few bytes here and 1426 there and fixing bz#1380 in the process; ok markus@ 1427 - djm@cvs.openbsd.org 2009/01/22 09:49:57 1428 [channels.c] 1429 oops! I committed the wrong version of the Channel->path diff, 1430 it was missing some tweaks suggested by stevesk@ 1431 - djm@cvs.openbsd.org 2009/01/22 10:02:34 1432 [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] 1433 [serverloop.c ssh-keyscan.c ssh.c sshd.c] 1434 make a2port() return -1 when it encounters an invalid port number 1435 rather than 0, which it will now treat as valid (needed for future work) 1436 adjust current consumers of a2port() to check its return value is <= 0, 1437 which in turn required some things to be converted from u_short => int 1438 make use of int vs. u_short consistent in some other places too 1439 feedback & ok markus@ 1440 - djm@cvs.openbsd.org 2009/01/22 10:09:16 1441 [auth-options.c] 1442 another chunk of a2port() diff that got away. wtfdjm?? 1443 - djm@cvs.openbsd.org 2009/01/23 07:58:11 1444 [myproposal.h] 1445 prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC 1446 modes; ok markus@ 1447 - naddy@cvs.openbsd.org 2009/01/24 17:10:22 1448 [ssh_config.5 sshd_config.5] 1449 sync list of preferred ciphers; ok djm@ 1450 - markus@cvs.openbsd.org 2009/01/26 09:58:15 1451 [cipher.c cipher.h packet.c] 1452 Work around the CPNI-957037 Plaintext Recovery Attack by always 1453 reading 256K of data on packet size or HMAC errors (in CBC mode only). 1454 Help, feedback and ok djm@ 1455 Feedback from Martin Albrecht and Paterson Kenny 1456 145720090107 1458 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. 1459 Patch based on one from vgiffin AT apple.com; ok dtucker@ 1460 - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via 1461 launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked; 1462 ok dtucker@ 1463 - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make 1464 ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity" 1465 key). Patch from cjwatson AT debian.org 1466 146720090107 1468 - (tim) [configure.ac defines.h openbsd-compat/port-uw.c 1469 openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI. 1470 OK djm@ dtucker@ 1471 - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section. 1472 OpenServer 6 doesn't need libcrypt. 1473 147420081209 1475 - (djm) OpenBSD CVS Sync 1476 - djm@cvs.openbsd.org 2008/12/09 02:38:18 1477 [clientloop.c] 1478 The ~C escape handler does not work correctly for multiplexed sessions - 1479 it opens a commandline on the master session, instead of on the slave 1480 that requested it. Disable it on slave sessions until such time as it 1481 is fixed; bz#1543 report from Adrian Bridgett via Colin Watson 1482 ok markus@ 1483 - djm@cvs.openbsd.org 2008/12/09 02:39:59 1484 [sftp.c] 1485 Deal correctly with failures in remote stat() operation in sftp, 1486 correcting fail-on-error behaviour in batchmode. bz#1541 report and 1487 fix from anedvedicky AT gmail.com; ok markus@ 1488 - djm@cvs.openbsd.org 2008/12/09 02:58:16 1489 [readconf.c] 1490 don't leave junk (free'd) pointers around in Forward *fwd argument on 1491 failure; avoids double-free in ~C -L handler when given an invalid 1492 forwarding specification; bz#1539 report from adejong AT debian.org 1493 via Colin Watson; ok markus@ dtucker@ 1494 - djm@cvs.openbsd.org 2008/12/09 03:02:37 1495 [sftp.1 sftp.c] 1496 correct sftp(1) and corresponding usage syntax; 1497 bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@ 1498 149920081208 1500 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually 1501 use some stack in main(). 1502 Report and suggested fix from vapier AT gentoo.org 1503 - (djm) OpenBSD CVS Sync 1504 - markus@cvs.openbsd.org 2008/12/02 19:01:07 1505 [clientloop.c] 1506 we have to use the recipient's channel number (RFC 4254) for 1507 SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, 1508 otherwise we trigger 'Non-public channel' error messages on sshd 1509 systems with clientkeepalive enabled; noticed by sturm; ok djm; 1510 - markus@cvs.openbsd.org 2008/12/02 19:08:59 1511 [serverloop.c] 1512 backout 1.149, since it's not necessary and openssh clients send 1513 broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@ 1514 - markus@cvs.openbsd.org 2008/12/02 19:09:38 1515 [channels.c] 1516 s/remote_id/id/ to be more consistent with other code; ok djm@ 1517 151820081201 1519 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files 1520 and tweak the is-sshd-running check in ssh-host-config. Patch from 1521 vinschen at redhat com. 1522 - (dtucker) OpenBSD CVS Sync 1523 - markus@cvs.openbsd.org 2008/11/21 15:47:38 1524 [packet.c] 1525 packet_disconnect() on padding error, too. should reduce the success 1526 probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 1527 ok djm@ 1528 - dtucker@cvs.openbsd.org 2008/11/30 11:59:26 1529 [monitor_fdpass.c] 1530 Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@ 1531 153220081123 1533 - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some 1534 declarations, removing an unnecessary union member and adding whitespace. 1535 cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago. 1536 153720081118 1538 - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id 1539 member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and 1540 feedback by djm@ 1541 154220081111 1543 - (dtucker) OpenBSD CVS Sync 1544 - jmc@cvs.openbsd.org 2008/11/05 11:22:54 1545 [servconf.c] 1546 passord -> password; 1547 fixes user/5975 from Rene Maroufi 1548 - stevesk@cvs.openbsd.org 2008/11/07 00:42:12 1549 [ssh-keygen.c] 1550 spelling/typo in comment 1551 - stevesk@cvs.openbsd.org 2008/11/07 18:50:18 1552 [nchan.c] 1553 add space to some log/debug messages for readability; ok djm@ markus@ 1554 - dtucker@cvs.openbsd.org 2008/11/07 23:34:48 1555 [auth2-jpake.c] 1556 Move JPAKE define to make life easier for portable. ok djm@ 1557 - tobias@cvs.openbsd.org 2008/11/09 12:34:47 1558 [session.c ssh.1] 1559 typo fixed (overriden -> overridden) 1560 ok espie, jmc 1561 - stevesk@cvs.openbsd.org 2008/11/11 02:58:09 1562 [servconf.c] 1563 USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing 1564 kerberosgetafstoken. ok dtucker@ 1565 (Id sync only, we still want the ifdef in portable) 1566 - stevesk@cvs.openbsd.org 2008/11/11 03:55:11 1567 [channels.c] 1568 for sshd -T print 'permitopen any' vs. 'permitopen' for case of no 1569 permitopen's; ok and input dtucker@ 1570 - djm@cvs.openbsd.org 2008/11/10 02:06:35 1571 [regress/putty-ciphers.sh] 1572 PuTTY supports AES CTR modes, so interop test against them too 1573 157420081105 1575 - OpenBSD CVS Sync 1576 - djm@cvs.openbsd.org 2008/11/03 08:59:41 1577 [servconf.c] 1578 include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov 1579 - djm@cvs.openbsd.org 2008/11/04 07:58:09 1580 [auth.c] 1581 need unistd.h for close() prototype 1582 (ID sync only) 1583 - djm@cvs.openbsd.org 2008/11/04 08:22:13 1584 [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] 1585 [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] 1586 [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] 1587 [Makefile.in] 1588 Add support for an experimental zero-knowledge password authentication 1589 method using the J-PAKE protocol described in F. Hao, P. Ryan, 1590 "Password Authenticated Key Exchange by Juggling", 16th Workshop on 1591 Security Protocols, Cambridge, April 2008. 1592 1593 This method allows password-based authentication without exposing 1594 the password to the server. Instead, the client and server exchange 1595 cryptographic proofs to demonstrate of knowledge of the password while 1596 revealing nothing useful to an attacker or compromised endpoint. 1597 1598 This is experimental, work-in-progress code and is presently 1599 compiled-time disabled (turn on -DJPAKE in Makefile.inc). 1600 1601 "just commit it. It isn't too intrusive." deraadt@ 1602 - stevesk@cvs.openbsd.org 2008/11/04 19:18:00 1603 [readconf.c] 1604 because parse_forward() is now used to parse all forward types (DLR), 1605 and it malloc's space for host variables, we don't need to malloc 1606 here. fixes small memory leaks. 1607 1608 previously dynamic forwards were not parsed in parse_forward() and 1609 space was not malloc'd in that case. 1610 1611 ok djm@ 1612 - stevesk@cvs.openbsd.org 2008/11/05 03:23:09 1613 [clientloop.c ssh.1] 1614 add dynamic forward escape command line; ok djm@ 1615 161620081103 1617 - OpenBSD CVS Sync 1618 - sthen@cvs.openbsd.org 2008/07/24 23:55:30 1619 [ssh-keygen.1] 1620 Add "ssh-keygen -F -l" to synopsis (displays fingerprint from 1621 known_hosts). ok djm@ 1622 - grunk@cvs.openbsd.org 2008/07/25 06:56:35 1623 [ssh_config] 1624 Add VisualHostKey to example file, ok djm@ 1625 - grunk@cvs.openbsd.org 2008/07/25 07:05:16 1626 [key.c] 1627 In random art visualization, make sure to use the end marker only at the 1628 end. Initial diff by Dirk Loss, tweaks and ok djm@ 1629 - markus@cvs.openbsd.org 2008/07/31 14:48:28 1630 [sshconnect2.c] 1631 don't allocate space for empty banners; report t8m at centrum.cz; 1632 ok deraadt 1633 - krw@cvs.openbsd.org 2008/08/02 04:29:51 1634 [ssh_config.5] 1635 whitepsace -> whitespace. From Matthew Clarke via bugs@. 1636 - djm@cvs.openbsd.org 2008/08/21 04:09:57 1637 [session.c] 1638 allow ForceCommand internal-sftp with arguments. based on patch from 1639 michael.barabanov AT gmail.com; ok markus@ 1640 - djm@cvs.openbsd.org 2008/09/06 12:24:13 1641 [kex.c] 1642 OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our 1643 replacement anymore 1644 (ID sync only for portable - we still need this) 1645 - markus@cvs.openbsd.org 2008/09/11 14:22:37 1646 [compat.c compat.h nchan.c ssh.c] 1647 only send eow and no-more-sessions requests to openssh 5 and newer; 1648 fixes interop problems with broken ssh v2 implementations; ok djm@ 1649 - millert@cvs.openbsd.org 2008/10/02 14:39:35 1650 [session.c] 1651 Convert an unchecked strdup to xstrdup. OK deraadt@ 1652 - jmc@cvs.openbsd.org 2008/10/03 13:08:12 1653 [sshd.8] 1654 do not give an example of how to chmod files: we can presume the user 1655 knows that. removes an ambiguity in the permission of authorized_keys; 1656 ok deraadt 1657 - deraadt@cvs.openbsd.org 2008/10/03 23:56:28 1658 [sshconnect2.c] 1659 Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the 1660 function. 1661 spotted by des@freebsd, who commited an incorrect fix to the freebsd tree 1662 and (as is fairly typical) did not report the problem to us. But this fix 1663 is correct. 1664 ok djm 1665 - djm@cvs.openbsd.org 2008/10/08 23:34:03 1666 [ssh.1 ssh.c] 1667 Add -y option to force logging via syslog rather than stderr. 1668 Useful for daemonised ssh connection (ssh -f). Patch originally from 1669 and ok'd by markus@ 1670 - djm@cvs.openbsd.org 2008/10/09 03:50:54 1671 [servconf.c sshd_config.5] 1672 support setting PermitEmptyPasswords in a Match block 1673 requested in PR3891; ok dtucker@ 1674 - jmc@cvs.openbsd.org 2008/10/09 06:54:22 1675 [ssh.c] 1676 add -y to usage(); 1677 - stevesk@cvs.openbsd.org 2008/10/10 04:55:16 1678 [scp.c] 1679 spelling in comment; ok djm@ 1680 - stevesk@cvs.openbsd.org 2008/10/10 05:00:12 1681 [key.c] 1682 typo in error message; ok djm@ 1683 - stevesk@cvs.openbsd.org 2008/10/10 16:43:27 1684 [ssh_config.5] 1685 use 'Privileged ports can be forwarded only when logging in as root on 1686 the remote machine.' for RemoteForward just like ssh.1 -R. 1687 ok djm@ jmc@ 1688 - stevesk@cvs.openbsd.org 2008/10/14 18:11:33 1689 [sshconnect.c] 1690 use #define ROQUIET here; no binary change. ok dtucker@ 1691 - stevesk@cvs.openbsd.org 2008/10/17 18:36:24 1692 [ssh_config.5] 1693 correct and clarify VisualHostKey; ok jmc@ 1694 - stevesk@cvs.openbsd.org 2008/10/30 19:31:16 1695 [clientloop.c sshd.c] 1696 don't need to #include "monitor_fdpass.h" 1697 - stevesk@cvs.openbsd.org 2008/10/31 15:05:34 1698 [dispatch.c] 1699 remove unused #define DISPATCH_MIN; ok markus@ 1700 - djm@cvs.openbsd.org 2008/11/01 04:50:08 1701 [sshconnect2.c] 1702 sprinkle ARGSUSED on dispatch handlers 1703 nuke stale unusued prototype 1704 - stevesk@cvs.openbsd.org 2008/11/01 06:43:33 1705 [channels.c] 1706 fix some typos in log messages; ok djm@ 1707 - sobrado@cvs.openbsd.org 2008/11/01 11:14:36 1708 [ssh-keyscan.1 ssh-keyscan.c] 1709 the ellipsis is not an optional argument; while here, improve spacing. 1710 - stevesk@cvs.openbsd.org 2008/11/01 17:40:33 1711 [clientloop.c readconf.c readconf.h ssh.c] 1712 merge dynamic forward parsing into parse_forward(); 1713 'i think this is OK' djm@ 1714 - stevesk@cvs.openbsd.org 2008/11/02 00:16:16 1715 [ttymodes.c] 1716 protocol 2 tty modes support is now 7.5 years old so remove these 1717 debug3()s; ok deraadt@ 1718 - stevesk@cvs.openbsd.org 2008/11/03 01:07:02 1719 [readconf.c] 1720 remove valueless comment 1721 - stevesk@cvs.openbsd.org 2008/11/03 02:44:41 1722 [readconf.c] 1723 fix comment 1724 - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd] 1725 Make example scripts generate keys with default sizes rather than fixed, 1726 non-default 1024 bits; patch from imorgan AT nas.nasa.gov 1727 - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam] 1728 [contrib/redhat/sshd.pam] Move pam_nologin to account group from 1729 incorrect auth group in example files; 1730 patch from imorgan AT nas.nasa.gov 1731 173220080906 1733 - (dtucker) [config.guess config.sub] Update to latest versions from 1734 http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16 1735 respectively). 1736 173720080830 1738 - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs 1739 larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch 1740 from Nicholas Marriott. 1741 174220080721 1743 - (djm) OpenBSD CVS Sync 1744 - djm@cvs.openbsd.org 2008/07/23 07:36:55 1745 [servconf.c] 1746 do not try to print options that have been compile-time disabled 1747 in config test mode (sshd -T); report from nix-corp AT esperi.org.uk 1748 ok dtucker@ 1749 - (djm) [servconf.c] Print UsePAM option in config test mode (when it 1750 has been compiled in); report from nix-corp AT esperi.org.uk 1751 ok dtucker@ 1752 175320080721 1754 - (djm) OpenBSD CVS Sync 1755 - jmc@cvs.openbsd.org 2008/07/18 22:51:01 1756 [sftp-server.8] 1757 no need for .Pp before or after .Sh; 1758 - djm@cvs.openbsd.org 2008/07/21 08:19:07 1759 [version.h] 1760 openssh-5.1 1761 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1762 [contrib/suse/openssh.spec] Update version number in README and RPM specs 1763 - (djm) Release OpenSSH-5.1 1764 176520080717 1766 - (djm) OpenBSD CVS Sync 1767 - djm@cvs.openbsd.org 2008/07/17 08:48:00 1768 [sshconnect2.c] 1769 strnvis preauth banner; pointed out by mpf@ ok markus@ 1770 - djm@cvs.openbsd.org 2008/07/17 08:51:07 1771 [auth2-hostbased.c] 1772 strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes 1773 report and patch from res AT qoxp.net (bz#1200); ok markus@ 1774 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat 1775 code, replace with equivalent cygwin library call. Patch from vinschen 1776 at redhat.com, ok djm@. 1777 - (djm) [sshconnect2.c] vis.h isn't available everywhere 1778 177920080716 1780 - OpenBSD CVS Sync 1781 - djm@cvs.openbsd.org 2008/07/15 02:23:14 1782 [sftp.1] 1783 number of pipelined requests is now 64; 1784 prodded by Iain.Morgan AT nasa.gov 1785 - djm@cvs.openbsd.org 2008/07/16 11:51:14 1786 [clientloop.c] 1787 rename variable first_gc -> last_gc (since it is actually the last 1788 in the list). 1789 - djm@cvs.openbsd.org 2008/07/16 11:52:19 1790 [channels.c] 1791 this loop index should be automatic, not static 1792 179320080714 1794 - (djm) OpenBSD CVS Sync 1795 - sthen@cvs.openbsd.org 2008/07/13 21:22:52 1796 [ssh-keygen.c] 1797 Change "ssh-keygen -F [host] -l" to not display random art unless 1798 -v is also specified, making it consistent with the manual and other 1799 uses of -l. 1800 ok grunk@ 1801 - djm@cvs.openbsd.org 2008/07/13 22:13:07 1802 [channels.c] 1803 use struct sockaddr_storage instead of struct sockaddr for accept(2) 1804 address argument. from visibilis AT yahoo.com in bz#1485; ok markus@ 1805 - djm@cvs.openbsd.org 2008/07/13 22:16:03 1806 [sftp.c] 1807 increase number of piplelined requests so they properly fill the 1808 (recently increased) channel window. prompted by rapier AT psc.edu; 1809 ok markus@ 1810 - djm@cvs.openbsd.org 2008/07/14 01:55:56 1811 [sftp-server.8] 1812 mention requirement for /dev/log inside chroot when using sftp-server 1813 with ChrootDirectory 1814 - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to 1815 avoid clash with sin(3) function; reported by 1816 cristian.ionescu-idbohrn AT axis.com 1817 - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close() 1818 prototype; reported by cristian.ionescu-idbohrn AT axis.com 1819 - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash; 1820 reported by cristian.ionescu-idbohrn AT axis.com 1821 - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config] 1822 [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd] 1823 Revamped and simplified Cygwin ssh-host-config script that uses 1824 unified csih configuration tool. Requires recent Cygwin. 1825 Patch from vinschen AT redhat.com 1826 182720080712 1828 - (djm) OpenBSD CVS Sync 1829 - djm@cvs.openbsd.org 2008/07/12 04:52:50 1830 [channels.c] 1831 unbreak; move clearing of cctx struct to before first use 1832 reported by dkrause@ 1833 - djm@cvs.openbsd.org 2008/07/12 05:33:41 1834 [scp.1] 1835 better description for -i flag: 1836 s/RSA authentication/public key authentication/ 1837 - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h] 1838 return EAI_FAMILY when trying to lookup unsupported address family; 1839 from vinschen AT redhat.com 1840 184120080711 1842 - (djm) OpenBSD CVS Sync 1843 - stevesk@cvs.openbsd.org 2008/07/07 00:31:41 1844 [ttymodes.c] 1845 we don't need arg after the debug3() was removed. from lint. 1846 ok djm@ 1847 - stevesk@cvs.openbsd.org 2008/07/07 23:32:51 1848 [key.c] 1849 /*NOTREACHED*/ for lint warning: 1850 warning: function key_equal falls off bottom without returning value 1851 ok djm@ 1852 - markus@cvs.openbsd.org 2008/07/10 18:05:58 1853 [channels.c] 1854 missing bzero; from mickey; ok djm@ 1855 - markus@cvs.openbsd.org 2008/07/10 18:08:11 1856 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] 1857 sync v1 and v2 traffic accounting; add it to sshd, too; 1858 ok djm@, dtucker@ 1859 186020080709 1861 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass 1862 - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM 1863 account check failure path. The vulnerable format buffer is supplied 1864 from PAM and should not contain attacker-supplied data. 1865 - (djm) [auth.c] Missing unistd.h for close() 1866 - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x 1867 186820080705 1869 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed 1870 passwords disabled. bz#1083 report & patch from senthilkumar_sen AT 1871 hotpop.com, w/ dtucker@ 1872 - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for 1873 Tru64. readv doesn't seem to be a comparable object there. 1874 bz#1386, patch from dtucker@ ok me 1875 - (djm) [Makefile.in] Pass though pass to conch for interop tests 1876 - (djm) [configure.ac] unbreak: remove extra closing brace 1877 - (djm) OpenBSD CVS Sync 1878 - djm@cvs.openbsd.org 2008/07/04 23:08:25 1879 [packet.c] 1880 handle EINTR in packet_write_poll()l ok dtucker@ 1881 - djm@cvs.openbsd.org 2008/07/04 23:30:16 1882 [auth1.c auth2.c] 1883 Make protocol 1 MaxAuthTries logic match protocol 2's. 1884 Do not treat the first protocol 2 authentication attempt as 1885 a failure IFF it is for method "none". 1886 Makes MaxAuthTries' user-visible behaviour identical for 1887 protocol 1 vs 2. 1888 ok dtucker@ 1889 - djm@cvs.openbsd.org 2008/07/05 05:16:01 1890 [PROTOCOL] 1891 grammar 1892 189320080704 1894 - (dtucker) OpenBSD CVS Sync 1895 - djm@cvs.openbsd.org 2008/07/02 13:30:34 1896 [auth2.c] 1897 really really remove the freebie "none" auth try for protocol 2 1898 - djm@cvs.openbsd.org 2008/07/02 13:47:39 1899 [ssh.1 ssh.c] 1900 When forking after authentication ("ssh -f") with ExitOnForwardFailure 1901 enabled, delay the fork until after replies for any -R forwards have 1902 been seen. Allows for robust detection of -R forward failure when 1903 using -f (similar to bz#92); ok dtucker@ 1904 - otto@cvs.openbsd.org 2008/07/03 21:46:58 1905 [auth2-pubkey.c] 1906 avoid nasty double free; ok dtucker@ djm@ 1907 - djm@cvs.openbsd.org 2008/07/04 03:44:59 1908 [servconf.c groupaccess.h groupaccess.c] 1909 support negation of groups in "Match group" block (bz#1315); ok dtucker@ 1910 - dtucker@cvs.openbsd.org 2008/07/04 03:47:02 1911 [monitor.c] 1912 Make debug a little clearer. ok djm@ 1913 - djm@cvs.openbsd.org 2008/06/30 08:07:34 1914 [regress/key-options.sh] 1915 shell portability: use "=" instead of "==" in test(1) expressions, 1916 double-quote string with backslash escaped / 1917 - djm@cvs.openbsd.org 2008/06/30 10:31:11 1918 [regress/{putty-transfer,putty-kex,putty-ciphers}.sh] 1919 remove "set -e" left over from debugging 1920 - djm@cvs.openbsd.org 2008/06/30 10:43:03 1921 [regress/conch-ciphers.sh] 1922 explicitly disable conch options that could interfere with the test 1923 - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link 1924 returns EXDEV. Patch from Mike Garrison, ok djm@ 1925 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] 1926 [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] 1927 [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on 1928 some platforms (HP nonstop) it is a distinct errno; 1929 bz#1467 reported by sconeu AT yahoo.com; ok dtucker@ 1930 193120080702 1932 - (dtucker) OpenBSD CVS Sync 1933 - djm@cvs.openbsd.org 2008/06/30 08:05:59 1934 [PROTOCOL.agent] 1935 typo: s/constraint_date/constraint_data/ 1936 - djm@cvs.openbsd.org 2008/06/30 12:15:39 1937 [serverloop.c] 1938 only pass channel requests on session channels through to the session 1939 channel handler, avoiding spurious log messages; ok! markus@ 1940 - djm@cvs.openbsd.org 2008/06/30 12:16:02 1941 [nchan.c] 1942 only send eow@openssh.com notifications for session channels; ok! markus@ 1943 - djm@cvs.openbsd.org 2008/06/30 12:18:34 1944 [PROTOCOL] 1945 clarify that eow@openssh.com is only sent on session channels 1946 - dtucker@cvs.openbsd.org 2008/07/01 07:20:52 1947 [sshconnect.c] 1948 Check ExitOnForwardFailure if forwardings are disabled due to a failed 1949 host key check. ok djm@ 1950 - dtucker@cvs.openbsd.org 2008/07/01 07:24:22 1951 [sshconnect.c sshd.c] 1952 Send CR LF during protocol banner exchanges, but only for Protocol 2 only, 1953 in order to comply with RFC 4253. bz #1443, ok djm@ 1954 - stevesk@cvs.openbsd.org 2008/07/01 23:12:47 1955 [PROTOCOL.agent] 1956 fix some typos; ok djm@ 1957 - djm@cvs.openbsd.org 2008/07/02 02:24:18 1958 [sshd_config sshd_config.5 sshd.8 servconf.c] 1959 increase default size of ssh protocol 1 ephemeral key from 768 to 1024 1960 bits; prodded by & ok dtucker@ ok deraadt@ 1961 - dtucker@cvs.openbsd.org 2008/07/02 12:03:51 1962 [auth-rsa.c auth.c auth2-pubkey.c auth.h] 1963 Merge duplicate host key file checks, based in part on a patch from Rob 1964 Holland via bz #1348 . Also checks for non-regular files during protocol 1965 1 RSA auth. ok djm@ 1966 - djm@cvs.openbsd.org 2008/07/02 12:36:39 1967 [auth2-none.c auth2.c] 1968 Make protocol 2 MaxAuthTries behaviour a little more sensible: 1969 Check whether client has exceeded MaxAuthTries before running 1970 an authentication method and skip it if they have, previously it 1971 would always allow one try (for "none" auth). 1972 Preincrement failure count before post-auth test - previously this 1973 checked and postincremented, also to allow one "none" try. 1974 Together, these two changes always count the "none" auth method 1975 which could be skipped by a malicious client (e.g. an SSH worm) 1976 to get an extra attempt at a real auth method. They also make 1977 MaxAuthTries=0 a useful way to block users entirely (esp. in a 1978 sshd_config Match block). 1979 Also, move sending of any preauth banner from "none" auth method 1980 to the first call to input_userauth_request(), so worms that skip 1981 the "none" method get to see it too. 1982 198320080630 1984 - (djm) OpenBSD CVS Sync 1985 - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 1986 [regress/Makefile regress/key-options.sh] 1987 Add regress test for key options. ok djm@ 1988 - dtucker@cvs.openbsd.org 2008/06/11 23:11:40 1989 [regress/Makefile] 1990 Don't run cipher-speed test by default; mistakenly enabled by me 1991 - djm@cvs.openbsd.org 2008/06/28 13:57:25 1992 [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh] 1993 very basic regress test against Twisted Conch in "make interop" 1994 target (conch is available in ports/devel/py-twisted/conch); 1995 ok markus@ 1996 - (djm) [regress/Makefile] search for conch by path, like we do putty 1997 199820080629 1999 - (djm) OpenBSD CVS Sync 2000 - martynas@cvs.openbsd.org 2008/06/21 07:46:46 2001 [sftp.c] 2002 use optopt to get invalid flag, instead of return value of getopt, 2003 which is always '?'; ok djm@ 2004 - otto@cvs.openbsd.org 2008/06/25 11:13:43 2005 [key.c] 2006 add key length to visual fingerprint; zap magical constants; 2007 ok grunk@ djm@ 2008 - djm@cvs.openbsd.org 2008/06/26 06:10:09 2009 [sftp-client.c sftp-server.c] 2010 allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky 2011 bits. Note that this only affects explicit setting of modes (e.g. via 2012 sftp(1)'s chmod command) and not file transfers. (bz#1310) 2013 ok deraadt@ at c2k8 2014 - djm@cvs.openbsd.org 2008/06/26 09:19:40 2015 [dh.c dh.h moduli.c] 2016 when loading moduli from /etc/moduli in sshd(8), check that they 2017 are of the expected "safe prime" structure and have had 2018 appropriate primality tests performed; 2019 feedback and ok dtucker@ 2020 - grunk@cvs.openbsd.org 2008/06/26 11:46:31 2021 [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] 2022 Move SSH Fingerprint Visualization away from sharing the config option 2023 CheckHostIP to an own config option named VisualHostKey. 2024 While there, fix the behaviour that ssh would draw a random art picture 2025 on every newly seen host even when the option was not enabled. 2026 prodded by deraadt@, discussions, 2027 help and ok markus@ djm@ dtucker@ 2028 - jmc@cvs.openbsd.org 2008/06/26 21:11:46 2029 [ssh.1] 2030 add VisualHostKey to the list of options listed in -o; 2031 - djm@cvs.openbsd.org 2008/06/28 07:25:07 2032 [PROTOCOL] 2033 spelling fixes 2034 - djm@cvs.openbsd.org 2008/06/28 13:58:23 2035 [ssh-agent.c] 2036 refuse to add a key that has unknown constraints specified; 2037 ok markus 2038 - djm@cvs.openbsd.org 2008/06/28 14:05:15 2039 [ssh-agent.c] 2040 reset global compat flag after processing a protocol 2 signature 2041 request with the legacy DSA encoding flag set; ok markus 2042 - djm@cvs.openbsd.org 2008/06/28 14:08:30 2043 [PROTOCOL PROTOCOL.agent] 2044 document the protocol used by ssh-agent; "looks ok" markus@ 2045 204620080628 2047 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] 2048 RFC.nroff lacks a license, remove it (it is long gone in OpenBSD). 2049 205020080626 2051 - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD. 2052 (bz#1372) 2053 - (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2054 [contrib/suse/openssh.spec] Include moduli.5 in RPM spec files. 2055 205620080616 2057 - (dtucker) OpenBSD CVS Sync 2058 - dtucker@cvs.openbsd.org 2008/06/16 13:22:53 2059 [session.c channels.c] 2060 Rename the isatty argument to is_tty so we don't shadow 2061 isatty(3). ok markus@ 2062 - (dtucker) [channels.c] isatty -> is_tty here too. 2063 206420080615 2065 - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. 2066 - OpenBSD CVS Sync 2067 - dtucker@cvs.openbsd.org 2008/06/14 15:49:48 2068 [sshd.c] 2069 wrap long line at 80 chars 2070 - dtucker@cvs.openbsd.org 2008/06/14 17:07:11 2071 [sshd.c] 2072 ensure default umask disallows at least group and world write; ok djm@ 2073 - djm@cvs.openbsd.org 2008/06/14 18:33:43 2074 [session.c] 2075 suppress the warning message from chdir(homedir) failures 2076 when chrooted (bz#1461); ok dtucker 2077 - dtucker@cvs.openbsd.org 2008/06/14 19:42:10 2078 [scp.1] 2079 Mention that scp follows symlinks during -r. bz #1466, 2080 from nectar at apple 2081 - dtucker@cvs.openbsd.org 2008/06/15 16:55:38 2082 [sshd_config.5] 2083 MaxSessions is allowed in a Match block too 2084 - dtucker@cvs.openbsd.org 2008/06/15 16:58:40 2085 [servconf.c sshd_config.5] 2086 Allow MaxAuthTries within a Match block. ok djm@ 2087 - djm@cvs.openbsd.org 2008/06/15 20:06:26 2088 [channels.c channels.h session.c] 2089 don't call isatty() on a pty master, instead pass a flag down to 2090 channel_set_fds() indicating that te fds refer to a tty. Fixes a 2091 hang on exit on Solaris (bz#1463) in portable but is actually 2092 a generic bug; ok dtucker deraadt markus 2093 209420080614 2095 - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction 2096 replacement code; patch from ighighi AT gmail.com in bz#1240; 2097 ok dtucker 2098 209920080613 2100 - (dtucker) OpenBSD CVS Sync 2101 - deraadt@cvs.openbsd.org 2008/06/13 09:44:36 2102 [packet.c] 2103 compile on older gcc; no decl after code 2104 - dtucker@cvs.openbsd.org 2008/06/13 13:56:59 2105 [monitor.c] 2106 Clear key options in the monitor on failed authentication, prevents 2107 applying additional restrictions to non-pubkey authentications in 2108 the case where pubkey fails but another method subsequently succeeds. 2109 bz #1472, found by Colin Watson, ok markus@ djm@ 2110 - dtucker@cvs.openbsd.org 2008/06/13 14:18:51 2111 [auth2-pubkey.c auth-rhosts.c] 2112 Include unistd.h for close(), prevents warnings in -portable 2113 - dtucker@cvs.openbsd.org 2008/06/13 17:21:20 2114 [mux.c] 2115 Friendlier error messages for mux fallback. ok djm@ 2116 - dtucker@cvs.openbsd.org 2008/06/13 18:55:22 2117 [scp.c] 2118 Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@ 2119 - grunk@cvs.openbsd.org 2008/06/13 20:13:26 2120 [ssh.1] 2121 Explain the use of SSH fpr visualization using random art, and cite the 2122 original scientific paper inspiring that technique. 2123 Much help with English and nroff by jmc@, thanks. 2124 - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which 2125 despite its name doesn't seem to implement all of GSSAPI. Patch from 2126 Jan Engelhardt, sanity checked by Simon Wilkinson. 2127 212820080612 2129 - (dtucker) OpenBSD CVS Sync 2130 - jmc@cvs.openbsd.org 2008/06/11 07:30:37 2131 [sshd.8] 2132 kill trailing whitespace; 2133 - grunk@cvs.openbsd.org 2008/06/11 21:01:35 2134 [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c 2135 sshconnect.c] 2136 Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the 2137 graphical hash visualization schemes known as "random art", and by 2138 Dan Kaminsky's musings on the subject during a BlackOp talk at the 2139 23C3 in Berlin. 2140 Scientific publication (original paper): 2141 "Hash Visualization: a New Technique to improve Real-World Security", 2142 Perrig A. and Song D., 1999, International Workshop on Cryptographic 2143 Techniques and E-Commerce (CrypTEC '99) 2144 http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf 2145 The algorithm used here is a worm crawling over a discrete plane, 2146 leaving a trace (augmenting the field) everywhere it goes. 2147 Movement is taken from dgst_raw 2bit-wise. Bumping into walls 2148 makes the respective movement vector be ignored for this turn, 2149 thus switching to the other color of the chessboard. 2150 Graphs are not unambiguous for now, because circles in graphs can be 2151 walked in either direction. 2152 discussions with several people, 2153 help, corrections and ok markus@ djm@ 2154 - grunk@cvs.openbsd.org 2008/06/11 21:38:25 2155 [ssh-keygen.c] 2156 ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub 2157 would not display you the random art as intended, spotted by canacar@ 2158 - grunk@cvs.openbsd.org 2008/06/11 22:20:46 2159 [ssh-keygen.c ssh-keygen.1] 2160 ssh-keygen would write fingerprints to STDOUT, and random art to STDERR, 2161 that is not how it was envisioned. 2162 Also correct manpage saying that -v is needed along with -l for it to work. 2163 spotted by naddy@ 2164 - otto@cvs.openbsd.org 2008/06/11 23:02:22 2165 [key.c] 2166 simpler way of computing the augmentations; ok grunk@ 2167 - grunk@cvs.openbsd.org 2008/06/11 23:03:56 2168 [ssh_config.5] 2169 CheckHostIP set to ``fingerprint'' will display both hex and random art 2170 spotted by naddy@ 2171 - grunk@cvs.openbsd.org 2008/06/11 23:51:57 2172 [key.c] 2173 #define statements that are not atoms need braces around them, else they 2174 will cause trouble in some cases. 2175 Also do a computation of -1 once, and not in a loop several times. 2176 spotted by otto@ 2177 - dtucker@cvs.openbsd.org 2008/06/12 00:03:49 2178 [dns.c canohost.c sshconnect.c] 2179 Do not pass "0" strings as ports to getaddrinfo because the lookups 2180 can slow things down and we never use the service info anyway. bz 2181 #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok 2182 deraadt@ djm@ 2183 djm belives that the reason for the "0" strings is to ensure that 2184 it's not possible to call getaddrinfo with both host and port being 2185 NULL. In the case of canohost.c host is a local array. In the 2186 case of sshconnect.c, it's checked for null immediately before use. 2187 In dns.c it ultimately comes from ssh.c:main() and is guaranteed to 2188 be non-null but it's not obvious, so I added a warning message in 2189 case it is ever passed a null. 2190 - grunk@cvs.openbsd.org 2008/06/12 00:13:55 2191 [sshconnect.c] 2192 Make ssh print the random art also when ssh'ing to a host using IP only. 2193 spotted by naddy@, ok and help djm@ dtucker@ 2194 - otto@cvs.openbsd.org 2008/06/12 00:13:13 2195 [key.c] 2196 use an odd number of rows and columns and a separate start marker, looks 2197 better; ok grunk@ 2198 - djm@cvs.openbsd.org 2008/06/12 03:40:52 2199 [clientloop.h mux.c channels.c clientloop.c channels.h] 2200 Enable ~ escapes for multiplex slave sessions; give each channel 2201 its own escape state and hook the escape filters up to muxed 2202 channels. bz #1331 2203 Mux slaves do not currently support the ~^Z and ~& escapes. 2204 NB. this change cranks the mux protocol version, so a new ssh 2205 mux client will not be able to connect to a running old ssh 2206 mux master. 2207 ok dtucker@ 2208 - djm@cvs.openbsd.org 2008/06/12 04:06:00 2209 [clientloop.h ssh.c clientloop.c] 2210 maintain an ordered queue of outstanding global requests that we 2211 expect replies to, similar to the per-channel confirmation queue. 2212 Use this queue to verify success or failure for remote forward 2213 establishment in a race free way. 2214 ok dtucker@ 2215 - djm@cvs.openbsd.org 2008/06/12 04:17:47 2216 [clientloop.c] 2217 thall shalt not code past the eightieth column 2218 - djm@cvs.openbsd.org 2008/06/12 04:24:06 2219 [ssh.c] 2220 thal shalt not code past the eightieth column 2221 - djm@cvs.openbsd.org 2008/06/12 05:15:41 2222 [PROTOCOL] 2223 document tun@openssh.com forwarding method 2224 - djm@cvs.openbsd.org 2008/06/12 05:32:30 2225 [mux.c] 2226 some more TODO for me 2227 - grunk@cvs.openbsd.org 2008/06/12 05:42:46 2228 [key.c] 2229 supply the key type (rsa1, rsa, dsa) as a caption in the frame of the 2230 random art. while there, stress the fact that the field base should at 2231 least be 8 characters for the pictures to make sense. 2232 comment and ok djm@ 2233 - grunk@cvs.openbsd.org 2008/06/12 06:32:59 2234 [key.c] 2235 We already mark the start of the worm, now also mark the end of the worm 2236 in our random art drawings. 2237 ok djm@ 2238 - djm@cvs.openbsd.org 2008/06/12 15:19:17 2239 [clientloop.h channels.h clientloop.c channels.c mux.c] 2240 The multiplexing escape char handler commit last night introduced a 2241 small memory leak per session; plug it. 2242 - dtucker@cvs.openbsd.org 2008/06/12 16:35:31 2243 [ssh_config.5 ssh.c] 2244 keyword expansion for localcommand. ok djm@ 2245 - jmc@cvs.openbsd.org 2008/06/12 19:10:09 2246 [ssh_config.5 ssh-keygen.1] 2247 tweak the ascii art text; ok grunk 2248 - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 2249 [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] 2250 Make keepalive timeouts apply while waiting for a packet, particularly 2251 during key renegotiation (bz #1363). With djm and Matt Day, ok djm@ 2252 - djm@cvs.openbsd.org 2008/06/12 20:47:04 2253 [sftp-client.c] 2254 print extension revisions for extensions that we understand 2255 - djm@cvs.openbsd.org 2008/06/12 21:06:25 2256 [clientloop.c] 2257 I was coalescing expected global request confirmation replies at 2258 the wrong end of the queue - fix; prompted by markus@ 2259 - grunk@cvs.openbsd.org 2008/06/12 21:14:46 2260 [ssh-keygen.c] 2261 make ssh-keygen -lf show the key type just as ssh-add -l would do it 2262 ok djm@ markus@ 2263 - grunk@cvs.openbsd.org 2008/06/12 22:03:36 2264 [key.c] 2265 add my copyright, ok djm@ 2266 - ian@cvs.openbsd.org 2008/06/12 23:24:58 2267 [sshconnect.c] 2268 tweak wording in message, ok deraadt@ jmc@ 2269 - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 2270 [sftp.h log.h] 2271 replace __dead with __attribute__((noreturn)), makes things 2272 a little easier to port. Also, add it to sigdie(). ok djm@ 2273 - djm@cvs.openbsd.org 2008/06/13 00:16:49 2274 [mux.c] 2275 fall back to creating a new TCP connection on most multiplexing errors 2276 (socket connect fail, invalid version, refused permittion, corrupted 2277 messages, etc.); bz #1329 ok dtucker@ 2278 - dtucker@cvs.openbsd.org 2008/06/13 00:47:53 2279 [mux.c] 2280 upcast size_t to u_long to match format arg; ok djm@ 2281 - dtucker@cvs.openbsd.org 2008/06/13 00:51:47 2282 [mac.c] 2283 upcast another size_t to u_long to match format 2284 - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 2285 [misc.c] 2286 upcast uid to long with matching %ld, prevents warnings in portable 2287 - djm@cvs.openbsd.org 2008/06/13 04:40:22 2288 [auth2-pubkey.c auth-rhosts.c] 2289 refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not 2290 regular files; report from Solar Designer via Colin Watson in bz#1471 2291 ok dtucker@ deraadt 2292 - (dtucker) [clientloop.c serverloop.c] channel_register_filter now 2293 takes 2 more args. with djm@ 2294 - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch 2295 from Todd Vierling. 2296 - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA 2297 systems. Patch from R. Scott Bailey. 2298 - (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used 2299 on big endian machines, so ifdef them for little-endian only to prevent 2300 unused function warnings on big-endians. 2301 - (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent 2302 compiler warnings on some platforms. Based on a discussion with otto@ 2303 230420080611 2305 - (djm) [channels.c configure.ac] 2306 Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) 2307 bz#1464; ok dtucker 2308 230920080610 2310 - (dtucker) OpenBSD CVS Sync 2311 - djm@cvs.openbsd.org 2008/06/10 03:57:27 2312 [servconf.c match.h sshd_config.5] 2313 support CIDR address matching in sshd_config "Match address" blocks, with 2314 full support for negation and fall-back to classic wildcard matching. 2315 For example: 2316 Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* 2317 PasswordAuthentication yes 2318 addrmatch.c code mostly lifted from flowd's addr.c 2319 feedback and ok dtucker@ 2320 - djm@cvs.openbsd.org 2008/06/10 04:17:46 2321 [sshd_config.5] 2322 better reference for pattern-list 2323 - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 2324 [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] 2325 Add extended test mode (-T) and connection parameters for test mode (-C). 2326 -T causes sshd to write its effective configuration to stdout and exit. 2327 -C causes any relevant Match rules to be applied before output. The 2328 combination allows tesing of the parser and config files. ok deraadt djm 2329 - jmc@cvs.openbsd.org 2008/06/10 07:12:00 2330 [sshd_config.5] 2331 tweak previous; 2332 - jmc@cvs.openbsd.org 2008/06/10 08:17:40 2333 [sshd.8 sshd.c] 2334 - update usage() 2335 - fix SYNOPSIS, and sort options 2336 - some minor additional fixes 2337 - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 2338 [regress/test-exec.sh] 2339 Don't generate putty keys if we're not going to use them. ok djm 2340 - dtucker@cvs.openbsd.org 2008/06/10 05:23:32 2341 [regress/addrmatch.sh regress/Makefile] 2342 Regress test for Match CIDR rules. ok djm@ 2343 - dtucker@cvs.openbsd.org 2008/06/10 15:21:41 2344 [test-exec.sh] 2345 Use a more portable construct for checking if we're running a putty test 2346 - dtucker@cvs.openbsd.org 2008/06/10 15:28:49 2347 [test-exec.sh] 2348 Add quotes 2349 - dtucker@cvs.openbsd.org 2008/06/10 18:21:24 2350 [ssh_config.5] 2351 clarify that Host patterns are space-separated. ok deraadt 2352 - djm@cvs.openbsd.org 2008/06/10 22:15:23 2353 [PROTOCOL ssh.c serverloop.c] 2354 Add a no-more-sessions@openssh.com global request extension that the 2355 client sends when it knows that it will never request another session 2356 (i.e. when session multiplexing is disabled). This allows a server to 2357 disallow further session requests and terminate the session. 2358 Why would a non-multiplexing client ever issue additional session 2359 requests? It could have been attacked with something like SSH'jack: 2360 http://www.storm.net.nz/projects/7 2361 feedback & ok markus 2362 - djm@cvs.openbsd.org 2008/06/10 23:06:19 2363 [auth-options.c match.c servconf.c addrmatch.c sshd.8] 2364 support CIDR address matching in .ssh/authorized_keys from="..." stanzas 2365 ok and extensive testing dtucker@ 2366 - dtucker@cvs.openbsd.org 2008/06/10 23:21:34 2367 [bufaux.c] 2368 Use '\0' for a nul byte rather than unadorned 0. ok djm@ 2369 - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 2370 [Makefile regress/key-options.sh] 2371 Add regress test for key options. ok djm@ 2372 - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 2373 since the new CIDR code in addmatch.c references it. 2374 - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 2375 specific tests on platforms that don't do IPv6. 2376 - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well 2377 as environment. 2378 - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now. 2379 238020080609 2381 - (dtucker) OpenBSD CVS Sync 2382 - dtucker@cvs.openbsd.org 2008/06/08 17:04:41 2383 [sftp-server.c] 2384 Add case for ENOSYS in errno_to_portable; ok deraadt 2385 - dtucker@cvs.openbsd.org 2008/06/08 20:15:29 2386 [sftp.c sftp-client.c sftp-client.h] 2387 Have the sftp client store the statvfs replies in wire format, 2388 which prevents problems when the server's native sizes exceed the 2389 client's. 2390 Also extends the sizes of the remaining 32bit wire format to 64bit, 2391 they're specified as unsigned long in the standard. 2392 - dtucker@cvs.openbsd.org 2008/06/09 13:02:39 2393 [sftp-server.c] 2394 Extend 32bit -> 64bit values for statvfs extension missed in previous 2395 commit. 2396 - dtucker@cvs.openbsd.org 2008/06/09 13:38:46 2397 [PROTOCOL] 2398 Use a $OpenBSD tag so our scripts will sync changes. 2399 240020080608 2401 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c 2402 openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h 2403 openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and 2404 fstatvfs and remove #defines around statvfs code. ok djm@ 2405 - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a 2406 macro to convert fsid to unsigned long for platforms where fsid is a 2407 2-member array. 2408 240920080607 2410 - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. 2411 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] 2412 Do not enable statvfs extensions on platforms that do not have statvfs. 2413 - (dtucker) OpenBSD CVS Sync 2414 - djm@cvs.openbsd.org 2008/05/19 06:14:02 2415 [packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@ 2416 - djm@cvs.openbsd.org 2008/05/19 15:45:07 2417 [sshtty.c ttymodes.c sshpty.h] 2418 Fix sending tty modes when stdin is not a tty (bz#1199). Previously 2419 we would send the modes corresponding to a zeroed struct termios, 2420 whereas we should have been sending an empty list of modes. 2421 Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ 2422 - djm@cvs.openbsd.org 2008/05/19 15:46:31 2423 [ssh-keygen.c] 2424 support -l (print fingerprint) in combination with -F (find host) to 2425 search for a host in ~/.ssh/known_hosts and display its fingerprint; 2426 ok markus@ 2427 - djm@cvs.openbsd.org 2008/05/19 20:53:52 2428 [clientloop.c] 2429 unbreak tree by committing this bit that I missed from: 2430 Fix sending tty modes when stdin is not a tty (bz#1199). Previously 2431 we would send the modes corresponding to a zeroed struct termios, 2432 whereas we should have been sending an empty list of modes. 2433 Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ 2434 243520080604 2436 - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias 2437 in arc4random_uniform with upper_bound in (2^30,2*31). Note that 2438 OpenSSH did not make requests with upper bounds in this range. 2439 244020080519 2441 - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] 2442 [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h] 2443 Fix compilation on Linux, including pulling in fmt_scaled(3) 2444 implementation from OpenBSD's libutil. 2445 244620080518 2447 - (djm) OpenBSD CVS Sync 2448 - djm@cvs.openbsd.org 2008/04/04 05:14:38 2449 [sshd_config.5] 2450 ChrootDirectory is supported in Match blocks (in fact, it is most useful 2451 there). Spotted by Minstrel AT minstrel.org.uk 2452 - djm@cvs.openbsd.org 2008/04/04 06:44:26 2453 [sshd_config.5] 2454 oops, some unrelated stuff crept into that commit - backout. 2455 spotted by jmc@ 2456 - djm@cvs.openbsd.org 2008/04/05 02:46:02 2457 [sshd_config.5] 2458 HostbasedAuthentication is supported under Match too 2459 - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] 2460 [configure.ac] Implement arc4random_buf(), import implementation of 2461 arc4random_uniform() from OpenBSD 2462 - (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes 2463 - (djm) [openbsd-compat/port-tun.c] needs sys/queue.h 2464 - (djm) OpenBSD CVS Sync 2465 - djm@cvs.openbsd.org 2008/04/13 00:22:17 2466 [dh.c sshd.c] 2467 Use arc4random_buf() when requesting more than a single word of output 2468 Use arc4random_uniform() when the desired random number upper bound 2469 is not a power of two 2470 ok deraadt@ millert@ 2471 - djm@cvs.openbsd.org 2008/04/18 12:32:11 2472 [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h] 2473 introduce sftp extension methods statvfs@openssh.com and 2474 fstatvfs@openssh.com that implement statvfs(2)-like operations, 2475 based on a patch from miklos AT szeredi.hu (bz#1399) 2476 also add a "df" command to the sftp client that uses the 2477 statvfs@openssh.com to produce a df(1)-like display of filesystem 2478 space and inode utilisation 2479 ok markus@ 2480 - jmc@cvs.openbsd.org 2008/04/18 17:15:47 2481 [sftp.1] 2482 macro fixage; 2483 - djm@cvs.openbsd.org 2008/04/18 22:01:33 2484 [session.c] 2485 remove unneccessary parentheses 2486 - otto@cvs.openbsd.org 2008/04/29 11:20:31 2487 [monitor_mm.h] 2488 garbage collect two unused fields in struct mm_master; ok markus@ 2489 - djm@cvs.openbsd.org 2008/04/30 10:14:03 2490 [ssh-keyscan.1 ssh-keyscan.c] 2491 default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by 2492 larsnooden AT openoffice.org 2493 - pyr@cvs.openbsd.org 2008/05/07 05:49:37 2494 [servconf.c servconf.h session.c sshd_config.5] 2495 Enable the AllowAgentForwarding option in sshd_config (global and match 2496 context), to specify if agents should be permitted on the server. 2497 As the man page states: 2498 ``Note that disabling Agent forwarding does not improve security 2499 unless users are also denied shell access, as they can always install 2500 their own forwarders.'' 2501 ok djm@, ok and a mild frown markus@ 2502 - pyr@cvs.openbsd.org 2008/05/07 06:43:35 2503 [sshd_config] 2504 push the sshd_config bits in, spotted by ajacoutot@ 2505 - jmc@cvs.openbsd.org 2008/05/07 08:00:14 2506 [sshd_config.5] 2507 sort; 2508 - markus@cvs.openbsd.org 2008/05/08 06:59:01 2509 [bufaux.c buffer.h channels.c packet.c packet.h] 2510 avoid extra malloc/copy/free when receiving data over the net; 2511 ~10% speedup for localhost-scp; ok djm@ 2512 - djm@cvs.openbsd.org 2008/05/08 12:02:23 2513 [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] 2514 [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] 2515 [ssh.c sshd.c] 2516 Implement a channel success/failure status confirmation callback 2517 mechanism. Each channel maintains a queue of callbacks, which will 2518 be drained in order (RFC4253 guarantees confirm messages are not 2519 reordered within an channel). 2520 Also includes a abandonment callback to clean up if a channel is 2521 closed without sending confirmation messages. This probably 2522 shouldn't happen in compliant implementations, but it could be 2523 abused to leak memory. 2524 ok markus@ (as part of a larger diff) 2525 - djm@cvs.openbsd.org 2008/05/08 12:21:16 2526 [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] 2527 [sshd_config sshd_config.5] 2528 Make the maximum number of sessions run-time controllable via 2529 a sshd_config MaxSessions knob. This is useful for disabling 2530 login/shell/subsystem access while leaving port-forwarding working 2531 (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or 2532 simply increasing the number of allows multiplexed sessions. 2533 Because some bozos are sure to configure MaxSessions in excess of the 2534 number of available file descriptors in sshd (which, at peak, might be 2535 as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds 2536 on error paths, and make it fail gracefully on out-of-fd conditions - 2537 sending channel errors instead of than exiting with fatal(). 2538 bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com 2539 ok markus@ 2540 - djm@cvs.openbsd.org 2008/05/08 13:06:11 2541 [clientloop.c clientloop.h ssh.c] 2542 Use new channel status confirmation callback system to properly deal 2543 with "important" channel requests that fail, in particular command exec, 2544 shell and subsystem requests. Previously we would optimistically assume 2545 that the requests would always succeed, which could cause hangs if they 2546 did not (e.g. when the server runs out of fds) or were unimplemented by 2547 the server (bz #1384) 2548 Also, properly report failing multiplex channel requests via the mux 2549 client stderr (subject to LogLevel in the mux master) - better than 2550 silently failing. 2551 most bits ok markus@ (as part of a larger diff) 2552 - djm@cvs.openbsd.org 2008/05/09 04:55:56 2553 [channels.c channels.h clientloop.c serverloop.c] 2554 Try additional addresses when connecting to a port forward destination 2555 whose DNS name resolves to more than one address. The previous behaviour 2556 was to try the first address and give up. 2557 Reported by stig AT venaas.com in bz#343 2558 great feedback and ok markus@ 2559 - djm@cvs.openbsd.org 2008/05/09 14:18:44 2560 [clientloop.c clientloop.h ssh.c mux.c] 2561 tidy up session multiplexing code, moving it into its own file and 2562 making the function names more consistent - making ssh.c and 2563 clientloop.c a fair bit more readable. 2564 ok markus@ 2565 - djm@cvs.openbsd.org 2008/05/09 14:26:08 2566 [ssh.c] 2567 dingo stole my diff hunk 2568 - markus@cvs.openbsd.org 2008/05/09 16:16:06 2569 [session.c] 2570 re-add the USE_PIPES code and enable it. 2571 without pipes shutdown-read from the sshd does not trigger 2572 a SIGPIPE when the forked program does a write. 2573 ok djm@ 2574 (Id sync only, USE_PIPES never left portable OpenSSH) 2575 - markus@cvs.openbsd.org 2008/05/09 16:17:51 2576 [channels.c] 2577 error-fd race: don't enable the error fd in the select bitmask 2578 for channels with both in- and output closed, since the channel 2579 will go away before we call select(); 2580 report, lots of debugging help and ok djm@ 2581 - markus@cvs.openbsd.org 2008/05/09 16:21:13 2582 [channels.h clientloop.c nchan.c serverloop.c] 2583 unbreak 2584 ssh -2 localhost od /bin/ls | true 2585 ignoring SIGPIPE by adding a new channel message (EOW) that signals 2586 the peer that we're not interested in any data it might send. 2587 fixes bz #85; discussion, debugging and ok djm@ 2588 - pvalchev@cvs.openbsd.org 2008/05/12 20:52:20 2589 [umac.c] 2590 Ensure nh_result lies on a 64-bit boundary (fixes warnings observed 2591 on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@ 2592 - djm@cvs.openbsd.org 2008/05/15 23:52:24 2593 [nchan2.ms] 2594 document eow message in ssh protocol 2 channel state machine; 2595 feedback and ok markus@ 2596 - djm@cvs.openbsd.org 2008/05/18 21:29:05 2597 [sftp-server.c] 2598 comment extension announcement 2599 - djm@cvs.openbsd.org 2008/05/16 08:30:42 2600 [PROTOCOL] 2601 document our protocol extensions and deviations; ok markus@ 2602 - djm@cvs.openbsd.org 2008/05/17 01:31:56 2603 [PROTOCOL] 2604 grammar and correctness fixes from stevesk@ 2605 260620080403 2607 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- 2608 time warnings on LynxOS. Patch from ops AT iki.fi 2609 - (djm) Force string arguments to replacement setproctitle() though 2610 strnvis first. Ok dtucker@ 2611 261220080403 2613 - (djm) OpenBSD CVS sync: 2614 - markus@cvs.openbsd.org 2008/04/02 15:36:51 2615 [channels.c] 2616 avoid possible hijacking of x11-forwarded connections (back out 1.183) 2617 CVE-2008-1483; ok djm@ 2618 - jmc@cvs.openbsd.org 2008/03/27 22:37:57 2619 [sshd.8] 2620 remove trailing whitespace; 2621 - djm@cvs.openbsd.org 2008/04/03 09:50:14 2622 [version.h] 2623 openssh-5.0 2624 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2625 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files 2626 - (djm) [README] Update link to release notes 2627 - (djm) Release 5.0p1 2628