120130510 2 - (djm) OpenBSD CVS Cherrypick 3 - djm@cvs.openbsd.org 2013/04/11 02:27:50 4 [packet.c] 5 quiet disconnect notifications on the server from error() back to logit() 6 if it is a normal client closure; bz#2057 ok+feedback dtucker@ 7 - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 8 [contrib/suse/openssh.spec] Crank version numbers for release. 9 1020130404 11 - (dtucker) OpenBSD CVS Sync 12 - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 13 [readconf.c ssh.c readconf.h sshconnect2.c] 14 Keep track of which IndentityFile options were manually supplied and which 15 were default options, and don't warn if the latter are missing. 16 ok markus@ 17 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 18 [krl.c] 19 Remove bogus include. ok djm 20 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 21 [ssh.c readconf.c readconf.h] 22 Don't complain if IdentityFiles specified in system-wide configs are 23 missing. ok djm, deraadt. 24 - markus@cvs.openbsd.org 2013/02/22 19:13:56 25 [sshconnect.c] 26 support ProxyCommand=- (stdin/out already point to the proxy); ok djm@ 27 - djm@cvs.openbsd.org 2013/02/22 22:09:01 28 [ssh.c] 29 Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier 30 version) 31 3220130401 33 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h 34 to avoid conflicting definitions of __int64, adding the required bits. 35 Patch from Corinna Vinschen. 36 3720120322 38 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 39 Hands' greatly revised version. 40 - (djm) Release 6.2p1 41 4220120318 43 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 44 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's 45 so mark it as broken. Patch from des AT des.no 46 4720120317 48 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 49 of the bits the configure test looks for. 50 5120120316 52 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 53 is unable to successfully compile them. Based on patch from des AT 54 des.no 55 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 56 Add a usleep replacement for platforms that lack it; ok dtucker 57 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 58 occur after UID switch; patch from John Marshall via des AT des.no; 59 ok dtucker@ 60 6120120312 62 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 63 Improve portability of cipher-speed test, based mostly on a patch from 64 Iain Morgan. 65 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 66 in addition to root as an owner of system directories on AIX and HP-UX. 67 ok djm@ 68 6920130307 70 - (dtucker) [INSTALL] Bump documented autoconf version to what we're 71 currently using. 72 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it 73 was removed in configure.ac rev 1.481 as it was redundant. 74 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 75 ago. 76 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 77 chance to complete on broken systems; ok dtucker@ 78 7920130306 80 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 81 connection to start so that the test works on slower machines. 82 - (dtucker) [configure.ac] test that we can set number of file descriptors 83 to zero with setrlimit before enabling the rlimit sandbox. This affects 84 (at least) HPUX 11.11. 85 8620130305 87 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 88 HP/UX. Spotted by Kevin Brott 89 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 90 Amit Kulkarni and Kevin Brott. 91 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 92 build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin 93 Brott. 94 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 95 9620130227 97 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 98 [contrib/suse/openssh.spec] Crank version numbers 99 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 100 - (tim) [regress/integrity.sh] shell portability fix. 101 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 102 - (tim) [regress/krl.sh] keep old solaris awk from hanging. 103 10420130226 105 - OpenBSD CVS Sync 106 - djm@cvs.openbsd.org 2013/02/20 08:27:50 107 [integrity.sh] 108 Add an option to modpipe that warns if the modification offset it not 109 reached in it's stream and turn it on for t-integrity. This should catch 110 cases where the session is not fuzzed for being too short (cf. my last 111 "oops" commit) 112 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 113 for UsePAM=yes configuration 114 11520130225 116 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 117 to use Solaris native GSS libs. Patch from Pierre Ossman. 118 11920130223 120 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 121 bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. 122 ok tim 123 12420130222 125 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 126 ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. 127 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 128 libgss too. Patch from Pierre Ossman, ok djm. 129 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 130 seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; 131 ok dtucker 132 13320130221 134 - (tim) [regress/forward-control.sh] shell portability fix. 135 13620130220 137 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 138 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 139 err.h include from krl.c. Additional portability fixes for modpipe. OK djm 140 - OpenBSD CVS Sync 141 - djm@cvs.openbsd.org 2013/02/20 08:27:50 142 [regress/integrity.sh regress/modpipe.c] 143 Add an option to modpipe that warns if the modification offset it not 144 reached in it's stream and turn it on for t-integrity. This should catch 145 cases where the session is not fuzzed for being too short (cf. my last 146 "oops" commit) 147 - djm@cvs.openbsd.org 2013/02/20 08:29:27 148 [regress/modpipe.c] 149 s/Id/OpenBSD/ in RCS tag 150 15120130219 152 - OpenBSD CVS Sync 153 - djm@cvs.openbsd.org 2013/02/18 22:26:47 154 [integrity.sh] 155 crank the offset yet again; it was still fuzzing KEX one of Darren's 156 portable test hosts at 2800 157 - djm@cvs.openbsd.org 2013/02/19 02:14:09 158 [integrity.sh] 159 oops, forgot to increase the output of the ssh command to ensure that 160 we actually reach $offset 161 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 162 lack support for SHA2. 163 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms 164 that do not have them. 165 16620130217 167 - OpenBSD CVS Sync 168 - djm@cvs.openbsd.org 2013/02/17 23:16:55 169 [integrity.sh] 170 make the ssh command generates some output to ensure that there are at 171 least offset+tries bytes in the stream. 172 17320130216 174 - OpenBSD CVS Sync 175 - djm@cvs.openbsd.org 2013/02/16 06:08:45 176 [integrity.sh] 177 make sure the fuzz offset is actually past the end of KEX for all KEX 178 types. diffie-hellman-group-exchange-sha256 requires an offset around 179 2700. Noticed via test failures in portable OpenSSH on platforms that 180 lack ECC and this the more byte-frugal ECDH KEX algorithms. 181 18220130215 183 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 184 Iain Morgan 185 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 186 Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). 187 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 188 openbsd-compat/openbsd-compat.h] Add strtoull to compat library for 189 platforms that don't have it. 190 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 191 group strto* function prototypes together. 192 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 193 an argument. Pointed out by djm. 194 - (djm) OpenBSD CVS Sync 195 - djm@cvs.openbsd.org 2013/02/14 21:35:59 196 [auth2-pubkey.c] 197 Correct error message that had a typo and was logging the wrong thing; 198 patch from Petr Lautrbach 199 - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 200 [sshconnect2.c] 201 Warn more loudly if an IdentityFile provided by the user cannot be read. 202 bz #1981, ok djm@ 203 20420130214 205 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 206 - (djm) [regress/krl.sh] typo; found by Iain Morgan 207 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 208 of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by 209 Iain Morgan 210 21120130212 212 - (djm) OpenBSD CVS Sync 213 - djm@cvs.openbsd.org 2013/01/24 21:45:37 214 [krl.c] 215 fix handling of (unused) KRL signatures; skip string in correct buffer 216 - djm@cvs.openbsd.org 2013/01/24 22:08:56 217 [krl.c] 218 skip serial lookup when cert's serial number is zero 219 - krw@cvs.openbsd.org 2013/01/25 05:00:27 220 [krl.c] 221 Revert last. Breaks due to likely typo. Let djm@ fix later. 222 ok djm@ via dlg@ 223 - djm@cvs.openbsd.org 2013/01/25 10:22:19 224 [krl.c] 225 redo last commit without the vi-vomit that snuck in: 226 skip serial lookup when cert's serial number is zero 227 (now with 100% better comment) 228 - djm@cvs.openbsd.org 2013/01/26 06:11:05 229 [Makefile.in acss.c acss.h cipher-acss.c cipher.c] 230 [openbsd-compat/openssl-compat.h] 231 remove ACSS, now that it is gone from libcrypto too 232 - djm@cvs.openbsd.org 2013/01/27 10:06:12 233 [krl.c] 234 actually use the xrealloc() return value; spotted by xi.wang AT gmail.com 235 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 236 [servconf.c sshd_config sshd_config.5] 237 Change default of MaxStartups to 10:30:100 to start doing random early 238 drop at 10 connections up to 100 connections. This will make it harder 239 to DoS as CPUs have come a long way since the original value was set 240 back in 2000. Prompted by nion at debian org, ok markus@ 241 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 242 [auth.c] 243 Fix comment, from jfree.e1 at gmail 244 - djm@cvs.openbsd.org 2013/02/08 00:41:12 245 [sftp.c] 246 fix NULL deref when built without libedit and control characters 247 entered as command; debugging and patch from Iain Morgan an 248 Loganaden Velvindron in bz#1956 249 - markus@cvs.openbsd.org 2013/02/10 21:19:34 250 [version.h] 251 openssh 6.2 252 - djm@cvs.openbsd.org 2013/02/10 23:32:10 253 [ssh-keygen.c] 254 append to moduli file when screening candidates rather than overwriting. 255 allows resumption of interrupted screen; patch from Christophe Garault 256 in bz#1957; ok dtucker@ 257 - djm@cvs.openbsd.org 2013/02/10 23:35:24 258 [packet.c] 259 record "Received disconnect" messages at ERROR rather than INFO priority, 260 since they are abnormal and result in a non-zero ssh exit status; patch 261 from Iain Morgan in bz#2057; ok dtucker@ 262 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 263 [sshd.c] 264 Add openssl version to debug output similar to the client. ok markus@ 265 - djm@cvs.openbsd.org 2013/02/11 23:58:51 266 [regress/try-ciphers.sh] 267 remove acss here too 268 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 269 27020130211 271 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 272 libcrypto that lacks EVP_CIPHER_CTX_ctrl 273 27420130208 275 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 276 patch from Iain Morgan in bz#2059 277 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 278 __attribute__ on return values and work around if necessary. ok djm@ 279 28020130207 281 - (djm) [configure.ac] Don't probe seccomp capability of running kernel 282 at configure time; the seccomp sandbox will fall back to rlimit at 283 runtime anyway. Patch from plautrba AT redhat.com in bz#2011 284 28520130120 286 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 287 Move prototypes for replacement ciphers to openssl-compat.h; fix EVP 288 prototypes for openssl-1.0.0-fips. 289 - (djm) OpenBSD CVS Sync 290 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 291 [ssh-keygen.1] 292 tweak previous; 293 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 294 [ssh-keygen.c] 295 -u before -V in usage(); 296 - jmc@cvs.openbsd.org 2013/01/18 08:00:49 297 [sshd_config.5] 298 tweak previous; 299 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 300 [ssh-keygen.1] 301 add -Q to the options list; ok djm 302 - jmc@cvs.openbsd.org 2013/01/18 21:48:43 303 [ssh-keygen.1] 304 command-line (adj.) -> command line (n.); 305 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 306 [ssh-keygen.1] 307 fix some formatting; ok djm 308 - markus@cvs.openbsd.org 2013/01/19 12:34:55 309 [krl.c] 310 RB_INSERT does not remove existing elments; ok djm@ 311 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 312 version. 313 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 314 31520130118 316 - (djm) OpenBSD CVS Sync 317 - djm@cvs.openbsd.org 2013/01/17 23:00:01 318 [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] 319 [krl.c krl.h PROTOCOL.krl] 320 add support for Key Revocation Lists (KRLs). These are a compact way to 321 represent lists of revoked keys and certificates, taking as little as 322 a single bit of incremental cost to revoke a certificate by serial number. 323 KRLs are loaded via the existing RevokedKeys sshd_config option. 324 feedback and ok markus@ 325 - djm@cvs.openbsd.org 2013/01/18 00:45:29 326 [regress/Makefile regress/cert-userkey.sh regress/krl.sh] 327 Tests for Key Revocation Lists (KRLs) 328 - djm@cvs.openbsd.org 2013/01/18 03:00:32 329 [krl.c] 330 fix KRL generation bug for list sections 331 33220130117 333 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 334 check for GCM support before testing GCM ciphers. 335 33620130112 337 - (djm) OpenBSD CVS Sync 338 - djm@cvs.openbsd.org 2013/01/12 11:22:04 339 [cipher.c] 340 improve error message for integrity failure in AES-GCM modes; ok markus@ 341 - djm@cvs.openbsd.org 2013/01/12 11:23:53 342 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 343 test AES-GCM modes; feedback markus@ 344 - (djm) [regress/integrity.sh] repair botched merge 345 34620130109 347 - (djm) OpenBSD CVS Sync 348 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 349 [auth.c] 350 use correct string in error message; from rustybsd at gmx.fr 351 - djm@cvs.openbsd.org 2013/01/02 00:32:07 352 [clientloop.c mux.c] 353 channel_setup_local_fwd_listener() returns 0 on failure, not -ve 354 bz#2055 reported by mathieu.lacage AT gmail.com 355 - djm@cvs.openbsd.org 2013/01/02 00:33:49 356 [PROTOCOL.agent] 357 correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 358 bz#2051 from david AT lechnology.com 359 - djm@cvs.openbsd.org 2013/01/03 05:49:36 360 [servconf.h] 361 add a couple of ServerOptions members that should be copied to the privsep 362 child (for consistency, in this case they happen only to be accessed in 363 the monitor); ok dtucker@ 364 - djm@cvs.openbsd.org 2013/01/03 12:49:01 365 [PROTOCOL] 366 fix description of MAC calculation for EtM modes; ok markus@ 367 - djm@cvs.openbsd.org 2013/01/03 12:54:49 368 [sftp-server.8 sftp-server.c] 369 allow specification of an alternate start directory for sftp-server(8) 370 "I like this" markus@ 371 - djm@cvs.openbsd.org 2013/01/03 23:22:58 372 [ssh-keygen.c] 373 allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... 374 ok markus@ 375 - jmc@cvs.openbsd.org 2013/01/04 19:26:38 376 [sftp-server.8 sftp-server.c] 377 sftp-server.8: add argument name to -d 378 sftp-server.c: add -d to usage() 379 ok djm 380 - markus@cvs.openbsd.org 2013/01/08 18:49:04 381 [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] 382 [myproposal.h packet.c ssh_config.5 sshd_config.5] 383 support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) 384 ok and feedback djm@ 385 - djm@cvs.openbsd.org 2013/01/09 05:40:17 386 [ssh-keygen.c] 387 correctly initialise fingerprint type for fingerprinting PKCS#11 keys 388 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 389 Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little 390 cipher compat code to openssl-compat.h 391 39220121217 393 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 394 tests will work with VPATH directories. 395 39620121213 397 - (djm) OpenBSD CVS Sync 398 - markus@cvs.openbsd.org 2012/12/12 16:45:52 399 [packet.c] 400 reset incoming_packet buffer for each new packet in EtM-case, too; 401 this happens if packets are parsed only parially (e.g. ignore 402 messages sent when su/sudo turn off echo); noted by sthen/millert 403 - naddy@cvs.openbsd.org 2012/12/12 16:46:10 404 [cipher.c] 405 use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled 406 counter mode code; ok djm@ 407 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 408 compat code for older OpenSSL 409 - (djm) [cipher.c] Fix missing prototype for compat code 410 41120121212 412 - (djm) OpenBSD CVS Sync 413 - markus@cvs.openbsd.org 2012/12/11 22:16:21 414 [monitor.c] 415 drain the log messages after receiving the keystate from the unpriv 416 child. otherwise it might block while sending. ok djm@ 417 - markus@cvs.openbsd.org 2012/12/11 22:31:18 418 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] 419 [packet.c ssh_config.5 sshd_config.5] 420 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms 421 that change the packet format and compute the MAC over the encrypted 422 message (including the packet size) instead of the plaintext data; 423 these EtM modes are considered more secure and used by default. 424 feedback and ok djm@ 425 - sthen@cvs.openbsd.org 2012/12/11 22:51:45 426 [mac.c] 427 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ 428 - markus@cvs.openbsd.org 2012/12/11 22:32:56 429 [regress/try-ciphers.sh] 430 add etm modes 431 - markus@cvs.openbsd.org 2012/12/11 22:42:11 432 [regress/Makefile regress/modpipe.c regress/integrity.sh] 433 test the integrity of the packets; with djm@ 434 - markus@cvs.openbsd.org 2012/12/11 23:12:13 435 [try-ciphers.sh] 436 add hmac-ripemd160-etm@openssh.com 437 - (djm) [mac.c] fix merge botch 438 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 439 work on platforms without 'jot' 440 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 441 - (djm) [regress/Makefile] fix t-exec rule 442 44320121207 444 - (dtucker) OpenBSD CVS Sync 445 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54 446 [regress/keys-command.sh] 447 Fix some problems with the keys-command test: 448 - use string comparison rather than numeric comparison 449 - check for existing KEY_COMMAND file and don't clobber if it exists 450 - clean up KEY_COMMAND file if we do create it. 451 - check that KEY_COMMAND is executable (which it won't be if eg /var/run 452 is mounted noexec). 453 ok djm. 454 - jmc@cvs.openbsd.org 2012/12/03 08:33:03 455 [ssh-add.1 sshd_config.5] 456 tweak previous; 457 - markus@cvs.openbsd.org 2012/12/05 15:42:52 458 [ssh-add.c] 459 prevent double-free of comment; ok djm@ 460 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 461 [serverloop.c] 462 Cast signal to int for logging. A no-op on openbsd (they're always ints) 463 but will prevent warnings in portable. ok djm@ 464 46520121205 466 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@. 467 46820121203 469 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get 470 TAILQ_FOREACH_SAFE needed for upcoming changes. 471 - (djm) OpenBSD CVS Sync 472 - djm@cvs.openbsd.org 2012/12/02 20:26:11 473 [ssh_config.5 sshconnect2.c] 474 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. 475 This allows control of which keys are offered from tokens using 476 IdentityFile. ok markus@ 477 - djm@cvs.openbsd.org 2012/12/02 20:42:15 478 [ssh-add.1 ssh-add.c] 479 make deleting explicit keys "ssh-add -d" symmetric with adding keys - 480 try to delete the corresponding certificate too and respect the -k option 481 to allow deleting of the key only; feedback and ok markus@ 482 - djm@cvs.openbsd.org 2012/12/02 20:46:11 483 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] 484 [sshd_config.5] 485 make AllowTcpForwarding accept "local" and "remote" in addition to its 486 current "yes"/"no" to allow the server to specify whether just local or 487 remote TCP forwarding is enabled. ok markus@ 488 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 489 [regress/cipher-speed.sh regress/try-ciphers.sh] 490 Add umac-128@openssh.com to the list of MACs to be tested 491 - djm@cvs.openbsd.org 2012/10/19 05:10:42 492 [regress/cert-userkey.sh] 493 include a serial number when generating certs 494 - djm@cvs.openbsd.org 2012/11/22 22:49:30 495 [regress/Makefile regress/keys-command.sh] 496 regress for AuthorizedKeysCommand; hints from markus@ 497 - djm@cvs.openbsd.org 2012/12/02 20:47:48 498 [Makefile regress/forward-control.sh] 499 regress for AllowTcpForwarding local/remote; ok markus@ 500 - djm@cvs.openbsd.org 2012/12/03 00:14:06 501 [auth2-chall.c ssh-keygen.c] 502 Fix compilation with -Wall -Werror (trivial type fixes) 503 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation 504 debugging. ok dtucker@ 505 - (djm) [configure.ac] Revert previous. configure.ac already does this 506 for us. 507 50820121114 509 - (djm) OpenBSD CVS Sync 510 - djm@cvs.openbsd.org 2012/11/14 02:24:27 511 [auth2-pubkey.c] 512 fix username passed to helper program 513 prepare stdio fds before closefrom() 514 spotted by landry@ 515 - djm@cvs.openbsd.org 2012/11/14 02:32:15 516 [ssh-keygen.c] 517 allow the full range of unsigned serial numbers; 'fine' deraadt@ 518 - djm@cvs.openbsd.org 2012/12/02 20:34:10 519 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] 520 [monitor.c monitor.h] 521 Fixes logging of partial authentication when privsep is enabled 522 Previously, we recorded "Failed xxx" since we reset authenticated before 523 calling auth_log() in auth2.c. This adds an explcit "Partial" state. 524 525 Add a "submethod" to auth_log() to report which submethod is used 526 for keyboard-interactive. 527 528 Fix multiple authentication when one of the methods is 529 keyboard-interactive. 530 531 ok markus@ 532 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30 533 [regress/multiplex.sh] 534 Use 'kill -0' to test for the presence of a pid since it's more portable 535 53620121107 537 - (djm) OpenBSD CVS Sync 538 - eric@cvs.openbsd.org 2011/11/28 08:46:27 539 [moduli.5] 540 fix formula 541 ok djm@ 542 - jmc@cvs.openbsd.org 2012/09/26 17:34:38 543 [moduli.5] 544 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 545 references into a STANDARDS section; 546 54720121105 548 - (dtucker) [uidswap.c openbsd-compat/Makefile.in 549 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h 550 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids 551 and gids from uidswap.c to the compat library, which allows it to work with 552 the new setresuid calls in auth2-pubkey. with tim@, ok djm@ 553 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that 554 don't have it. Spotted by tim@. 555 55620121104 557 - (djm) OpenBSD CVS Sync 558 - jmc@cvs.openbsd.org 2012/10/31 08:04:50 559 [sshd_config.5] 560 tweak previous; 561 - djm@cvs.openbsd.org 2012/11/04 10:38:43 562 [auth2-pubkey.c sshd.c sshd_config.5] 563 Remove default of AuthorizedCommandUser. Administrators are now expected 564 to explicitly specify a user. feedback and ok markus@ 565 - djm@cvs.openbsd.org 2012/11/04 11:09:15 566 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] 567 [sshd_config.5] 568 Support multiple required authentication via an AuthenticationMethods 569 option. This option lists one or more comma-separated lists of 570 authentication method names. Successful completion of all the methods in 571 any list is required for authentication to complete; 572 feedback and ok markus@ 573 57420121030 575 - (djm) OpenBSD CVS Sync 576 - markus@cvs.openbsd.org 2012/10/05 12:34:39 577 [sftp.c] 578 fix signed vs unsigned warning; feedback & ok: djm@ 579 - djm@cvs.openbsd.org 2012/10/30 21:29:55 580 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] 581 [sshd.c sshd_config sshd_config.5] 582 new sshd_config option AuthorizedKeysCommand to support fetching 583 authorized_keys from a command in addition to (or instead of) from 584 the filesystem. The command is run as the target server user unless 585 another specified via a new AuthorizedKeysCommandUser option. 586 587 patch originally by jchadima AT redhat.com, reworked by me; feedback 588 and ok markus@ 589 59020121019 591 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in 592 the generated file as intended. 593 59420121005 595 - (dtucker) OpenBSD CVS Sync 596 - djm@cvs.openbsd.org 2012/09/17 09:54:44 597 [sftp.c] 598 an XXX for later 599 - markus@cvs.openbsd.org 2012/09/17 13:04:11 600 [packet.c] 601 clear old keys on rekeing; ok djm 602 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 603 [sftp.c] 604 Add bounds check on sftp tab-completion. Part of a patch from from 605 Jean-Marc Robert via tech@, ok djm 606 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 607 [sftp.c] 608 Fix improper handling of absolute paths when PWD is part of the completed 609 path. Patch from Jean-Marc Robert via tech@, ok djm. 610 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 611 [sftp.c] 612 Fix handling of filenames containing escaped globbing characters and 613 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. 614 - jmc@cvs.openbsd.org 2012/09/26 16:12:13 615 [ssh.1] 616 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 617 references into a STANDARDS section; 618 - naddy@cvs.openbsd.org 2012/10/01 13:59:51 619 [monitor_wrap.c] 620 pasto; ok djm@ 621 - djm@cvs.openbsd.org 2012/10/02 07:07:45 622 [ssh-keygen.c] 623 fix -z option, broken in revision 1.215 624 - markus@cvs.openbsd.org 2012/10/04 13:21:50 625 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] 626 add umac128 variant; ok djm@ at n2k12 627 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07 628 [regress/try-ciphers.sh] 629 Restore missing space. (Id sync only). 630 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25 631 [regress/multiplex.sh] 632 Add test for ssh -Ostop 633 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21 634 [regress/multiplex.sh] 635 Log -O cmd output to the log file and make logging consistent with the 636 other tests. Test clean shutdown of an existing channel when testing 637 "stop". 638 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19 639 [regress/multiplex.sh] 640 use -Ocheck and waiting for completions by PID to make multiplexing test 641 less racy and (hopefully) more reliable on slow hardware. 642 - [Makefile umac.c] Add special-case target to build umac128.o. 643 - [umac.c] Enforce allowed umac output sizes. From djm@. 644 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom". 645 64620120917 647 - (dtucker) OpenBSD CVS Sync 648 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36 649 [servconf.c] 650 Fix comment line length 651 - markus@cvs.openbsd.org 2012/09/14 16:51:34 652 [sshconnect.c] 653 remove unused variable 654 65520120907 656 - (dtucker) OpenBSD CVS Sync 657 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13 658 [clientloop.c] 659 Make the escape command help (~?) context sensitive so that only commands 660 that will work in the current session are shown. ok markus@ 661 - jmc@cvs.openbsd.org 2012/09/06 13:57:42 662 [ssh.1] 663 missing letter in previous; 664 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19 665 [clientloop.c] 666 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ 667 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21 668 [clientloop.c] 669 Merge escape help text for ~v and ~V; ok djm@ 670 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21 671 [clientloop.c] 672 when muxmaster is run with -N, make it shut down gracefully when a client 673 sends it "-O stop" rather than hanging around (bz#1985). ok djm@ 674 67520120906 676 - (dtucker) OpenBSD CVS Sync 677 - jmc@cvs.openbsd.org 2012/08/15 18:25:50 678 [ssh-keygen.1] 679 a little more info on certificate validity; 680 requested by Ross L Richardson, and provided by djm 681 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 682 [clientloop.c clientloop.h mux.c] 683 Force a clean shutdown of ControlMaster client sessions when the ~. escape 684 sequence is used. This means that ~. should now work in mux clients even 685 if the server is no longer responding. Found by tedu, ok djm. 686 - djm@cvs.openbsd.org 2012/08/17 01:22:56 687 [kex.c] 688 add some comments about better handling first-KEX-follows notifications 689 from the server. Nothing uses these right now. No binary change 690 - djm@cvs.openbsd.org 2012/08/17 01:25:58 691 [ssh-keygen.c] 692 print details of which host lines were deleted when using 693 "ssh-keygen -R host"; ok markus@ 694 - djm@cvs.openbsd.org 2012/08/17 01:30:00 695 [compat.c sshconnect.c] 696 Send client banner immediately, rather than waiting for the server to 697 move first for SSH protocol 2 connections (the default). Patch based on 698 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ 699 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39 700 [clientloop.c log.c ssh.1 log.h] 701 Add ~v and ~V escape sequences to raise and lower the logging level 702 respectively. Man page help from jmc, ok deraadt jmc 703 70420120830 705 - (dtucker) [moduli] Import new moduli file. 706 70720120828 708 - (djm) Release openssh-6.1 709 71020120828 711 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN 712 for compatibility with future mingw-w64 headers. Patch from vinschen at 713 redhat com. 714 71520120822 716 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 717 [contrib/suse/openssh.spec] Update version numbers 718 71920120731 720 - (djm) OpenBSD CVS Sync 721 - jmc@cvs.openbsd.org 2012/07/06 06:38:03 722 [ssh-keygen.c] 723 missing full stop in usage(); 724 - djm@cvs.openbsd.org 2012/07/10 02:19:15 725 [servconf.c servconf.h sshd.c sshd_config] 726 Turn on systrace sandboxing of pre-auth sshd by default for new installs 727 by shipping a config that overrides the current UsePrivilegeSeparation=yes 728 default. Make it easier to flip the default in the future by adding too. 729 prodded markus@ feedback dtucker@ "get it in" deraadt@ 730 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 731 [servconf.c] 732 handle long comments in config files better. bz#2025, ok markus 733 - markus@cvs.openbsd.org 2012/07/22 18:19:21 734 [version.h] 735 openssh 6.1 736 73720120720 738 - (dtucker) Import regened moduli file. 739 74020120706 741 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is 742 not available. Allows use of sshd compiled on host with a filter-capable 743 kernel on hosts that lack the support. bz#2011 ok dtucker@ 744 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no 745 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT 746 esperi.org.uk; ok dtucker@ 747- (djm) OpenBSD CVS Sync 748 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 749 [moduli.c ssh-keygen.1 ssh-keygen.c] 750 Add options to specify starting line number and number of lines to process 751 when screening moduli candidates. This allows processing of different 752 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ 753 - djm@cvs.openbsd.org 2012/07/06 01:37:21 754 [mux.c] 755 fix memory leak of passed-in environment variables and connection 756 context when new session message is malformed; bz#2003 from Bert.Wesarg 757 AT googlemail.com 758 - djm@cvs.openbsd.org 2012/07/06 01:47:38 759 [ssh.c] 760 move setting of tty_flag to after config parsing so RequestTTY options 761 are correctly picked up. bz#1995 patch from przemoc AT gmail.com; 762 ok dtucker@ 763 76420120704 765 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 766 platforms that don't have it. "looks good" tim@ 767 76820120703 769 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with 770 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. 771 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not 772 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its 773 benefit is minor, so it's not worth disabling the sandbox if it doesn't 774 work. 775 77620120702 777- (dtucker) OpenBSD CVS Sync 778 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 779 [ssh_config.5 sshd_config.5] 780 match the documented MAC order of preference to the actual one; 781 ok dtucker@ 782 - markus@cvs.openbsd.org 2012/06/30 14:35:09 783 [sandbox-systrace.c sshd.c] 784 fix a during the load of the sandbox policies (child can still make 785 the read-syscall and wait forever for systrace-answers) by replacing 786 the read/write synchronisation with SIGSTOP/SIGCONT; 787 report and help hshoexer@; ok djm@, dtucker@ 788 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 789 [ssh.c] 790 set interactive ToS for forwarded X11 sessions. ok djm@ 791 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 792 [ssh-pkcs11-helper.c sftp-client.c] 793 fix a couple of "assigned but not used" warnings. ok markus@ 794 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 795 [regress/connect-privsep.sh] 796 remove exit from end of test since it prevents reporting failure 797 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] 798 Move cygwin detection to test-exec and use to skip reexec test on cygwin. 799 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. 800 80120120629 802 - OpenBSD CVS Sync 803 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 804 [addrmatch.c] 805 fix strlcpy truncation check. from carsten at debian org, ok markus 806 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 807 [monitor.c sshconnect2.c] 808 remove dead code following 'for (;;)' loops. 809 From Steve.McClellan at radisys com, ok markus@ 810 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 811 [sftp.c] 812 Remove unused variable leftover from tab-completion changes. 813 From Steve.McClellan at radisys com, ok markus@ 814 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 815 [sandbox-systrace.c] 816 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation 817 sandbox" since malloc now uses it. From johnw.mail at gmail com. 818 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 819 [mac.c myproposal.h ssh_config.5 sshd_config.5] 820 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 821 from draft6 of the spec and will not be in the RFC when published. Patch 822 from mdb at juniper net via bz#2023, ok markus. 823 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 824 [ssh_config.5 sshd_config.5] 825 match the documented MAC order of preference to the actual one; ok dtucker@ 826 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 827 [regress/addrmatch.sh] 828 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 829 to match. Feedback and ok djm@ markus@. 830 - djm@cvs.openbsd.org 2012/06/01 00:47:35 831 [regress/multiplex.sh regress/forwarding.sh] 832 append to rather than truncate test log; bz#2013 from openssh AT 833 roumenpetrov.info 834 - djm@cvs.openbsd.org 2012/06/01 00:52:52 835 [regress/sftp-cmds.sh] 836 don't delete .* on cleanup due to unintended env expansion; pointed out in 837 bz#2014 by openssh AT roumenpetrov.info 838 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 839 [regress/connect-privsep.sh] 840 test sandbox with every malloc option 841 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 842 [regress/try-ciphers.sh regress/cipher-speed.sh] 843 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 844 from draft6 of the spec and will not be in the RFC when published. Patch 845 from mdb at juniper net via bz#2023, ok markus. 846 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. 847 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have 848 the required functions in libcrypto. 849 85020120628 851 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null 852 pointer deref in the client when built with LDNS and using DNSSEC with a 853 CNAME. Patch from gregdlg+mr at hochet info. 854 85520120622 856 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as 857 can logon as a service. Patch from vinschen at redhat com. 858 85920120620 860 - (djm) OpenBSD CVS Sync 861 - djm@cvs.openbsd.org 2011/12/02 00:41:56 862 [mux.c] 863 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 864 ok dtucker@ 865 - djm@cvs.openbsd.org 2011/12/04 23:16:12 866 [mux.c] 867 revert: 868 > revision 1.32 869 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 870 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 871 > ok dtucker@ 872 it interacts badly with ControlPersist 873 - djm@cvs.openbsd.org 2012/01/07 21:11:36 874 [mux.c] 875 fix double-free in new session handler 876 NB. Id sync only 877 - djm@cvs.openbsd.org 2012/05/23 03:28:28 878 [dns.c dns.h key.c key.h ssh-keygen.c] 879 add support for RFC6594 SSHFP DNS records for ECDSA key types. 880 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ 881 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black) 882 - djm@cvs.openbsd.org 2012/06/01 00:49:35 883 [PROTOCOL.mux] 884 correct types of port numbers (integers, not strings); bz#2004 from 885 bert.wesarg AT googlemail.com 886 - djm@cvs.openbsd.org 2012/06/01 01:01:22 887 [mux.c] 888 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg 889 AT googlemail.com 890 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 891 [jpake.c] 892 correct sizeof usage. patch from saw at online.de, ok deraadt 893 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 894 [ssh_config.5] 895 RSA instead of DSA twice. From Steve.McClellan at radisys com 896 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 897 [ssh.1 sshd.8] 898 Remove mention of 'three' key files since there are now four. From 899 Steve.McClellan at radisys com. 900 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 901 [ssh.1] 902 Clarify description of -W. Noted by Steve.McClellan at radisys com, 903 ok jmc 904 - markus@cvs.openbsd.org 2012/06/19 18:25:28 905 [servconf.c servconf.h sshd_config.5] 906 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} 907 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' 908 ok djm@ (back in March) 909 - jmc@cvs.openbsd.org 2012/06/19 21:35:54 910 [sshd_config.5] 911 tweak previous; ok markus 912 - djm@cvs.openbsd.org 2012/06/20 04:42:58 913 [clientloop.c serverloop.c] 914 initialise accept() backoff timer to avoid EINVAL from select(2) in 915 rekeying 916 91720120519 918 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch 919 from cjwatson at debian org. 920 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find 921 pkg-config so it does the right thing when cross-compiling. Patch from 922 cjwatson at debian org. 923- (dtucker) OpenBSD CVS Sync 924 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 925 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] 926 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 927 to match. Feedback and ok djm@ markus@. 928 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 929 [sshd_config.5] 930 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron 931 93220120504 933 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> 934 to fix building on some plaforms. Fom bowman at math utah edu and 935 des at des no. 936 93720120427 938 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 939 platform rather than exiting early, so that we still clean up and return 940 success or failure to test-exec.sh 941 94220120426 943 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters 944 via Niels 945 - (djm) [auth-krb5.c] Save errno across calls that might modify it; 946 ok dtucker@ 947 94820120423 949 - OpenBSD CVS Sync 950 - djm@cvs.openbsd.org 2012/04/23 08:18:17 951 [channels.c] 952 fix function proto/source mismatch 953 95420120422 955 - OpenBSD CVS Sync 956 - djm@cvs.openbsd.org 2012/02/29 11:21:26 957 [ssh-keygen.c] 958 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ 959 - guenther@cvs.openbsd.org 2012/03/15 03:10:27 960 [session.c] 961 root should always be excluded from the test for /etc/nologin instead 962 of having it always enforced even when marked as ignorenologin. This 963 regressed when the logic was incompletely flipped around in rev 1.251 964 ok halex@ millert@ 965 - djm@cvs.openbsd.org 2012/03/28 07:23:22 966 [PROTOCOL.certkeys] 967 explain certificate extensions/crit split rationale. Mention requirement 968 that each appear at most once per cert. 969 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 970 [channels.c channels.h servconf.c] 971 Add PermitOpen none option based on patch from Loganaden Velvindron 972 (bz #1949). ok djm@ 973 - djm@cvs.openbsd.org 2012/04/11 13:16:19 974 [channels.c channels.h clientloop.c serverloop.c] 975 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 976 while; ok deraadt@ markus@ 977 - djm@cvs.openbsd.org 2012/04/11 13:17:54 978 [auth.c] 979 Support "none" as an argument for AuthorizedPrincipalsFile to indicate 980 no file should be read. 981 - djm@cvs.openbsd.org 2012/04/11 13:26:40 982 [sshd.c] 983 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 984 while; ok deraadt@ markus@ 985 - djm@cvs.openbsd.org 2012/04/11 13:34:17 986 [ssh-keyscan.1 ssh-keyscan.c] 987 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also 988 look for them by default; bz#1971 989 - djm@cvs.openbsd.org 2012/04/12 02:42:32 990 [servconf.c servconf.h sshd.c sshd_config sshd_config.5] 991 VersionAddendum option to allow server operators to append some arbitrary 992 text to the SSH-... banner; ok deraadt@ "don't care" markus@ 993 - djm@cvs.openbsd.org 2012/04/12 02:43:55 994 [sshd_config sshd_config.5] 995 mention AuthorizedPrincipalsFile=none default 996 - djm@cvs.openbsd.org 2012/04/20 03:24:23 997 [sftp.c] 998 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) 999 - jmc@cvs.openbsd.org 2012/04/20 16:26:22 1000 [ssh.1] 1001 use "brackets" instead of "braces", for consistency; 1002 100320120420 1004 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1005 [contrib/suse/openssh.spec] Update for release 6.0 1006 - (djm) [README] Update URL to release notes. 1007 - (djm) Release openssh-6.0 1008 100920120419 1010 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil 1011 contains openpty() but not login() 1012 101320120404 1014 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox 1015 mode for Linux's new seccomp filter; patch from Will Drewry; feedback 1016 and ok dtucker@ 1017 101820120330 1019 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING 1020 file from spec file. From crighter at nuclioss com. 1021 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running 1022 openssh binaries on a newer fix release than they were compiled on. 1023 with and ok dtucker@ 1024 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect 1025 assumptions when building on Cygwin; patch from Corinna Vinschen 1026 102720120309 1028 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux 1029 systems where sshd is run in te wrong context. Patch from Sven 1030 Vermeulen; ok dtucker@ 1031 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 1032 addressed connections. ok dtucker@ 1033 103420120224 1035 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM 1036 audit breakage in Solaris 11. Patch from Magnus Johansson. 1037 103820120215 1039 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for 1040 unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c 1041 ok dtucker@ 1042 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so 1043 it actually works. 1044 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote 1045 to work. Spotted by Angel Gonzalez 1046 104720120214 1048 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of 1049 preserved Cygwin environment variables; from Corinna Vinschen 1050 105120120211 1052 - (djm) OpenBSD CVS Sync 1053 - djm@cvs.openbsd.org 2012/01/05 00:16:56 1054 [monitor.c] 1055 memleak on error path 1056 - djm@cvs.openbsd.org 2012/01/07 21:11:36 1057 [mux.c] 1058 fix double-free in new session handler 1059 - miod@cvs.openbsd.org 2012/01/08 13:17:11 1060 [ssh-ecdsa.c] 1061 Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, 1062 ok markus@ 1063 - miod@cvs.openbsd.org 2012/01/16 20:34:09 1064 [ssh-pkcs11-client.c] 1065 Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. 1066 While there, be sure to buffer_clear() between send_msg() and recv_msg(). 1067 ok markus@ 1068 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 1069 [clientloop.c] 1070 Ensure that $DISPLAY contains only valid characters before using it to 1071 extract xauth data so that it can't be used to play local shell 1072 metacharacter games. Report from r00t_ati at ihteam.net, ok markus. 1073 - markus@cvs.openbsd.org 2012/01/25 19:26:43 1074 [packet.c] 1075 do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; 1076 ok dtucker@, djm@ 1077 - markus@cvs.openbsd.org 2012/01/25 19:36:31 1078 [authfile.c] 1079 memleak in key_load_file(); from Jan Klemkow 1080 - markus@cvs.openbsd.org 2012/01/25 19:40:09 1081 [packet.c packet.h] 1082 packet_read_poll() is not used anymore. 1083 - markus@cvs.openbsd.org 2012/02/09 20:00:18 1084 [version.h] 1085 move from 6.0-beta to 6.0 1086 108720120206 1088 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms 1089 that don't support ECC. Patch from Phil Oleson 1090 109120111219 1092 - OpenBSD CVS Sync 1093 - djm@cvs.openbsd.org 2011/12/02 00:41:56 1094 [mux.c] 1095 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1096 ok dtucker@ 1097 - djm@cvs.openbsd.org 2011/12/02 00:43:57 1098 [mac.c] 1099 fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before 1100 HMAC_init (this change in policy seems insane to me) 1101 ok dtucker@ 1102 - djm@cvs.openbsd.org 2011/12/04 23:16:12 1103 [mux.c] 1104 revert: 1105 > revision 1.32 1106 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 1107 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1108 > ok dtucker@ 1109 it interacts badly with ControlPersist 1110 - djm@cvs.openbsd.org 2011/12/07 05:44:38 1111 [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] 1112 fix some harmless and/or unreachable int overflows; 1113 reported Xi Wang, ok markus@ 1114 111520111125 1116 - OpenBSD CVS Sync 1117 - oga@cvs.openbsd.org 2011/11/16 12:24:28 1118 [sftp.c] 1119 Don't leak list in complete_cmd_parse if there are no commands found. 1120 Discovered when I was ``borrowing'' this code for something else. 1121 ok djm@ 1122 112320111121 1124 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 1125 112620111104 1127 - (dtucker) OpenBSD CVS Sync 1128 - djm@cvs.openbsd.org 2011/10/18 05:15:28 1129 [ssh.c] 1130 ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ 1131 - djm@cvs.openbsd.org 2011/10/18 23:37:42 1132 [ssh-add.c] 1133 add -k to usage(); reminded by jmc@ 1134 - djm@cvs.openbsd.org 2011/10/19 00:06:10 1135 [moduli.c] 1136 s/tmpfile/tmp/ to make this -Wshadow clean 1137 - djm@cvs.openbsd.org 2011/10/19 10:39:48 1138 [umac.c] 1139 typo in comment; patch from Michael W. Bombardieri 1140 - djm@cvs.openbsd.org 2011/10/24 02:10:46 1141 [ssh.c] 1142 bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh 1143 was incorrectly requesting the forward in both the control master and 1144 slave. skip requesting it in the master to fix. ok markus@ 1145 - djm@cvs.openbsd.org 2011/10/24 02:13:13 1146 [session.c] 1147 bz#1859: send tty break to pty master instead of (probably already 1148 closed) slave side; "looks good" markus@ 1149 - dtucker@cvs.openbsd.org 011/11/04 00:09:39 1150 [moduli] 1151 regenerated moduli file; ok deraadt 1152 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in 1153 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] 1154 bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library 1155 which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) 1156 with some rework from myself and djm. ok djm. 1157 115820111025 1159 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file 1160 fails. Patch from Corinna Vinschen. 1161 116220111018 1163 - (djm) OpenBSD CVS Sync 1164 - djm@cvs.openbsd.org 2011/10/04 14:17:32 1165 [sftp-glob.c] 1166 silence error spam for "ls */foo" in directory with files; bz#1683 1167 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 1168 [moduli.c ssh-keygen.1 ssh-keygen.c] 1169 Add optional checkpoints for moduli screening. feedback & ok deraadt 1170 - jmc@cvs.openbsd.org 2011/10/16 15:02:41 1171 [ssh-keygen.c] 1172 put -K in the right place (usage()); 1173 - stsp@cvs.openbsd.org 2011/10/16 15:51:39 1174 [moduli.c] 1175 add missing includes to unbreak tree; fix from rpointel 1176 - djm@cvs.openbsd.org 2011/10/18 04:58:26 1177 [auth-options.c key.c] 1178 remove explict search for \0 in packet strings, this job is now done 1179 implicitly by buffer_get_cstring; ok markus 1180 - djm@cvs.openbsd.org 2011/10/18 05:00:48 1181 [ssh-add.1 ssh-add.c] 1182 new "ssh-add -k" option to load plain keys (skipping certificates); 1183 "looks ok" markus@ 1184 118520111001 1186 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm 1187 - (dtucker) OpenBSD CVS Sync 1188 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 1189 [channels.c auth-options.c servconf.c channels.h sshd.8] 1190 Add wildcard support to PermitOpen, allowing things like "PermitOpen 1191 localhost:*". bz #1857, ok djm markus. 1192 - markus@cvs.openbsd.org 2011/09/23 07:45:05 1193 [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c 1194 version.h] 1195 unbreak remote portforwarding with dynamic allocated listen ports: 1196 1) send the actual listen port in the open message (instead of 0). 1197 this allows multiple forwardings with a dynamic listen port 1198 2) update the matching permit-open entry, so we can identify where 1199 to connect to 1200 report: den at skbkontur.ru and P. Szczygielski 1201 feedback and ok djm@ 1202 - djm@cvs.openbsd.org 2011/09/25 05:44:47 1203 [auth2-pubkey.c] 1204 improve the AuthorizedPrincipalsFile debug log message to include 1205 file and line number 1206 - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 1207 [sshd.c] 1208 don't attempt privsep cleanup when not using privsep; ok markus@ 1209 - djm@cvs.openbsd.org 2011/09/30 21:22:49 1210 [sshd.c] 1211 fix inverted test that caused logspam; spotted by henning@ 1212 121320110929 1214 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch 1215 from des AT des.no 1216 - (dtucker) [configure.ac openbsd-compat/Makefile.in 1217 openbsd-compat/strnlen.c] Add strnlen to the compat library. 1218 121920110923 1220 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no 1221 longer want to sync this file (OpenBSD uses a __getcwd syscall now, we 1222 want this longhand version) 1223 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the 1224 upstream version is YPified and we don't want this 1225 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. 1226 The file was totally rewritten between what we had in tree and -current. 1227 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid 1228 marker. The upstream API has changed (function and structure names) 1229 enough to put it out of sync with other providers of this interface. 1230 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion 1231 of static __findenv() function from upstream setenv.c 1232 - OpenBSD CVS Sync 1233 - millert@cvs.openbsd.org 2006/05/05 15:27:38 1234 [openbsd-compat/strlcpy.c] 1235 Convert do {} while loop -> while {} for clarity. No binary change 1236 on most architectures. From Oliver Smith. OK deraadt@ and henning@ 1237 - tobias@cvs.openbsd.org 2007/10/21 11:09:30 1238 [openbsd-compat/mktemp.c] 1239 Comment fix about time consumption of _gettemp. 1240 FreeBSD did this in revision 1.20. 1241 OK deraadt@, krw@ 1242 - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 1243 [openbsd-compat/mktemp.c] 1244 use arc4random_uniform(); ok djm millert 1245 - millert@cvs.openbsd.org 2008/08/21 16:54:44 1246 [openbsd-compat/mktemp.c] 1247 Remove useless code, the kernel will set errno appropriately if an 1248 element in the path does not exist. OK deraadt@ pvalchev@ 1249 - otto@cvs.openbsd.org 2008/12/09 19:38:38 1250 [openbsd-compat/inet_ntop.c] 1251 fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon 1252 125320110922 1254 - OpenBSD CVS Sync 1255 - pyr@cvs.openbsd.org 2011/05/12 07:15:10 1256 [openbsd-compat/glob.c] 1257 When the max number of items for a directory has reached GLOB_LIMIT_READDIR 1258 an error is returned but closedir() is not called. 1259 spotted and fix provided by Frank Denis obsd-tech@pureftpd.org 1260 ok otto@, millert@ 1261 - stsp@cvs.openbsd.org 2011/09/20 10:18:46 1262 [glob.c] 1263 In glob(3), limit recursion during matching attempts. Similar to 1264 fnmatch fix. Also collapse consecutive '*' (from NetBSD). 1265 ok miod deraadt 1266 - djm@cvs.openbsd.org 2011/09/22 06:27:29 1267 [glob.c] 1268 fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being 1269 applied only to the gl_pathv vector and not the corresponding gl_statv 1270 array. reported in OpenSSH bz#1935; feedback and okay matthew@ 1271 - djm@cvs.openbsd.org 2011/08/26 01:45:15 1272 [ssh.1] 1273 Add some missing ssh_config(5) options that can be used in ssh(1)'s 1274 -o argument. Patch from duclare AT guu.fi 1275 - djm@cvs.openbsd.org 2011/09/05 05:56:13 1276 [scp.1 sftp.1] 1277 mention ControlPersist and KbdInteractiveAuthentication in the -o 1278 verbiage in these pages too (prompted by jmc@) 1279 - djm@cvs.openbsd.org 2011/09/05 05:59:08 1280 [misc.c] 1281 fix typo in IPQoS parsing: there is no "AF14" class, but there is 1282 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1283 - jmc@cvs.openbsd.org 2011/09/05 07:01:44 1284 [scp.1] 1285 knock out a useless Ns; 1286 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 1287 [ssh-keygen.1] 1288 typo (they vs the) found by Lawrence Teo 1289 - djm@cvs.openbsd.org 2011/09/09 00:43:00 1290 [ssh_config.5 sshd_config.5] 1291 fix typo in IPQoS parsing: there is no "AF14" class, but there is 1292 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1293 - djm@cvs.openbsd.org 2011/09/09 00:44:07 1294 [PROTOCOL.mux] 1295 MUX_C_CLOSE_FWD includes forward type in message (though it isn't 1296 implemented anyway) 1297 - djm@cvs.openbsd.org 2011/09/09 22:37:01 1298 [scp.c] 1299 suppress adding '--' to remote commandlines when the first argument 1300 does not start with '-'. saves breakage on some difficult-to-upgrade 1301 embedded/router platforms; feedback & ok dtucker ok markus 1302 - djm@cvs.openbsd.org 2011/09/09 22:38:21 1303 [sshd.c] 1304 kill the preauth privsep child on fatal errors in the monitor; 1305 ok markus@ 1306 - djm@cvs.openbsd.org 2011/09/09 22:46:44 1307 [channels.c channels.h clientloop.h mux.c ssh.c] 1308 support for cancelling local and remote port forwards via the multiplex 1309 socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request 1310 the cancellation of the specified forwardings; ok markus@ 1311 - markus@cvs.openbsd.org 2011/09/10 22:26:34 1312 [channels.c channels.h clientloop.c ssh.1] 1313 support cancellation of local/dynamic forwardings from ~C commandline; 1314 ok & feedback djm@ 1315 - okan@cvs.openbsd.org 2011/09/11 06:59:05 1316 [ssh.1] 1317 document new -O cancel command; ok djm@ 1318 - markus@cvs.openbsd.org 2011/09/11 16:07:26 1319 [sftp-client.c] 1320 fix leaks in do_hardlink() and do_readlink(); bz#1921 1321 from Loganaden Velvindron 1322 - markus@cvs.openbsd.org 2011/09/12 08:46:15 1323 [sftp-client.c] 1324 fix leak in do_lsreaddir(); ok djm 1325 - djm@cvs.openbsd.org 2011/09/22 06:29:03 1326 [sftp.c] 1327 don't let remote_glob() implicitly sort its results in do_globbed_ls() - 1328 in all likelihood, they will be resorted anyway 1329 133020110909 1331 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From 1332 Colin Watson. 1333 133420110906 1335 - (djm) [README version.h] Correct version 1336 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon 1337 - (djm) Respin OpenSSH-5.9p1 release 1338 133920110905 1340 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1341 [contrib/suse/openssh.spec] Update version numbers. 1342 134320110904 1344 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal 1345 regress errors for the sandbox to warnings. ok tim dtucker 1346 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations 1347 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen 1348 support. 1349 135020110829 1351 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting 1352 to switch SELinux context away from unconfined_t, based on patch from 1353 Jan Chadima; bz#1919 ok dtucker@ 1354 135520110827 1356 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. 1357 135820110818 1359 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 1360 136120110817 1362 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for 1363 OpenSSL 0.9.7. ok djm 1364 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] 1365 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen 1366 - (djm) [configure.ac] error out if the host lacks the necessary bits for 1367 an explicitly requested sandbox type 1368 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by 1369 bisson AT archlinux.org 1370 - (djm) OpenBSD CVS Sync 1371 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 1372 [regress/cfgmatch.sh] 1373 use OBJ to find test configs, patch from Tim Rice 1374 - markus@cvs.openbsd.org 2011/06/30 22:44:43 1375 [regress/connect-privsep.sh] 1376 test with sandbox enabled; ok djm@ 1377 - djm@cvs.openbsd.org 2011/08/02 01:23:41 1378 [regress/cipher-speed.sh regress/try-ciphers.sh] 1379 add SHA256/SHA512 based HMAC modes 1380 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 1381 MAC tests for platforms that hack EVP_SHA2 support 1382 138320110812 1384 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context 1385 change error by reporting old and new context names Patch from 1386 jchadima at redhat. 1387 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] 1388 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES 1389 init scrips from imorgan AT nas.nasa.gov; bz#1920 1390 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the 1391 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin 1392 AT gmail.com; ok dtucker@ 1393 139420110807 1395 - (dtucker) OpenBSD CVS Sync 1396 - jmc@cvs.openbsd.org 2008/06/26 06:59:39 1397 [moduli.5] 1398 tweak previous; 1399 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 1400 [moduli.5] 1401 "Diffie-Hellman" is the usual spelling for the cryptographic protocol 1402 first published by Whitfield Diffie and Martin Hellman in 1976. 1403 ok jmc@ 1404 - jmc@cvs.openbsd.org 2010/10/14 20:41:28 1405 [moduli.5] 1406 probabalistic -> probabilistic; from naddy 1407 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 1408 [sftp.1] 1409 typo, fix from Laurent Gautrot 1410 141120110805 1412 - OpenBSD CVS Sync 1413 - djm@cvs.openbsd.org 2011/06/23 23:35:42 1414 [monitor.c] 1415 ignore EINTR errors from poll() 1416 - tedu@cvs.openbsd.org 2011/07/06 18:09:21 1417 [authfd.c] 1418 bzero the agent address. the kernel was for a while very cranky about 1419 these things. evne though that's fixed, always good to initialize 1420 memory. ok deraadt djm 1421 - djm@cvs.openbsd.org 2011/07/29 14:42:45 1422 [sandbox-systrace.c] 1423 fail open(2) with EPERM rather than SIGKILLing the whole process. libc 1424 will call open() to do strerror() when NLS is enabled; 1425 feedback and ok markus@ 1426 - markus@cvs.openbsd.org 2011/08/01 19:18:15 1427 [gss-serv.c] 1428 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); 1429 report Adam Zabrock; ok djm@, deraadt@ 1430 - djm@cvs.openbsd.org 2011/08/02 01:22:11 1431 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] 1432 Add new SHA256 and SHA512 based HMAC modes from 1433 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt 1434 Patch from mdb AT juniper.net; feedback and ok markus@ 1435 - djm@cvs.openbsd.org 2011/08/02 23:13:01 1436 [version.h] 1437 crank now, release later 1438 - djm@cvs.openbsd.org 2011/08/02 23:15:03 1439 [ssh.c] 1440 typo in comment 1441 144220110624 1443 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for 1444 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing 1445 markus@ 1446 144720110623 1448 - OpenBSD CVS Sync 1449 - djm@cvs.openbsd.org 2011/06/22 21:47:28 1450 [servconf.c] 1451 reuse the multistate option arrays to pretty-print options for "sshd -T" 1452 - djm@cvs.openbsd.org 2011/06/22 21:57:01 1453 [servconf.c servconf.h sshd.c sshd_config.5] 1454 [configure.ac Makefile.in] 1455 introduce sandboxing of the pre-auth privsep child using systrace(4). 1456 1457 This introduces a new "UsePrivilegeSeparation=sandbox" option for 1458 sshd_config that applies mandatory restrictions on the syscalls the 1459 privsep child can perform. This prevents a compromised privsep child 1460 from being used to attack other hosts (by opening sockets and proxying) 1461 or probing local kernel attack surface. 1462 1463 The sandbox is implemented using systrace(4) in unsupervised "fast-path" 1464 mode, where a list of permitted syscalls is supplied. Any syscall not 1465 on the list results in SIGKILL being sent to the privsep child. Note 1466 that this requires a kernel with the new SYSTR_POLICY_KILL option. 1467 1468 UsePrivilegeSeparation=sandbox will become the default in the future 1469 so please start testing it now. 1470 1471 feedback dtucker@; ok markus@ 1472 - djm@cvs.openbsd.org 2011/06/22 22:08:42 1473 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] 1474 hook up a channel confirm callback to warn the user then requested X11 1475 forwarding was refused by the server; ok markus@ 1476 - djm@cvs.openbsd.org 2011/06/23 09:34:13 1477 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] 1478 [sandbox-null.c] 1479 rename sandbox.h => ssh-sandbox.h to make things easier for portable 1480 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support 1481 setrlimit(2) 1482 148320110620 1484 - OpenBSD CVS Sync 1485 - djm@cvs.openbsd.org 2011/06/04 00:10:26 1486 [ssh_config.5] 1487 explain IdentifyFile's semantics a little better, prompted by bz#1898 1488 ok dtucker jmc 1489 - markus@cvs.openbsd.org 2011/06/14 22:49:18 1490 [authfile.c] 1491 make sure key_parse_public/private_rsa1() no longer consumes its input 1492 buffer. fixes ssh-add for passphrase-protected ssh1-keys; 1493 noted by naddy@; ok djm@ 1494 - djm@cvs.openbsd.org 2011/06/17 21:44:31 1495 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] 1496 make the pre-auth privsep slave log via a socketpair shared with the 1497 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ 1498 - djm@cvs.openbsd.org 2011/06/17 21:46:16 1499 [sftp-server.c] 1500 the protocol version should be unsigned; bz#1913 reported by mb AT 1501 smartftp.com 1502 - djm@cvs.openbsd.org 2011/06/17 21:47:35 1503 [servconf.c] 1504 factor out multi-choice option parsing into a parse_multistate label 1505 and some support structures; ok dtucker@ 1506 - djm@cvs.openbsd.org 2011/06/17 21:57:25 1507 [clientloop.c] 1508 setproctitle for a mux master that has been gracefully stopped; 1509 bz#1911 from Bert.Wesarg AT googlemail.com 1510 151120110603 1512 - (dtucker) [README version.h contrib/caldera/openssh.spec 1513 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version 1514 bumps from the 5.8p2 branch into HEAD. ok djm. 1515 - (tim) [configure.ac defines.h] Run test program to detect system mail 1516 directory. Add --with-maildir option to override. Fixed OpenServer 6 1517 getting it wrong. Fixed many systems having MAIL=/var/mail//username 1518 ok dtucker 1519 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair 1520 unconditionally in other places and the survey data we have does not show 1521 any systems that use it. "nuke it" djm@ 1522 - (djm) [configure.ac] enable setproctitle emulation for OS X 1523 - (djm) OpenBSD CVS Sync 1524 - djm@cvs.openbsd.org 2011/06/03 00:54:38 1525 [ssh.c] 1526 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg 1527 AT googlemail.com; ok dtucker@ 1528 NB. includes additional portability code to enable setproctitle emulation 1529 on platforms that don't support it. 1530 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 1531 [ssh-agent.c] 1532 Check current parent process ID against saved one to determine if the parent 1533 has exited, rather than attempting to send a zero signal, since the latter 1534 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn 1535 Gillmor, ok djm@ 1536 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 1537 [regress/dynamic-forward.sh] 1538 back out revs 1.6 and 1.5 since it's not reliable 1539 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 1540 [regress/dynamic-forward.sh] 1541 work around startup and teardown races; caught by deraadt 1542 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 1543 [regress/dynamic-forward.sh] 1544 Retry establishing the port forwarding after a small delay, should make 1545 the tests less flaky when the previous test is slow to shut down and free 1546 up the port. 1547 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. 1548 154920110529 1550 - (djm) OpenBSD CVS Sync 1551 - djm@cvs.openbsd.org 2011/05/23 03:30:07 1552 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] 1553 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] 1554 allow AuthorizedKeysFile to specify multiple files, separated by spaces. 1555 Bring back authorized_keys2 as a default search path (to avoid breaking 1556 existing users of this file), but override this in sshd_config so it will 1557 be no longer used on fresh installs. Maybe in 2015 we can remove it 1558 entierly :) 1559 1560 feedback and ok markus@ dtucker@ 1561 - djm@cvs.openbsd.org 2011/05/23 03:33:38 1562 [auth.c] 1563 make secure_filename() spam debug logs less 1564 - djm@cvs.openbsd.org 2011/05/23 03:52:55 1565 [sshconnect.c] 1566 remove extra newline 1567 - jmc@cvs.openbsd.org 2011/05/23 07:10:21 1568 [sshd.8 sshd_config.5] 1569 tweak previous; ok djm 1570 - djm@cvs.openbsd.org 2011/05/23 07:24:57 1571 [authfile.c] 1572 read in key comments for v.2 keys (though note that these are not 1573 passed over the agent protocol); bz#439, based on patch from binder 1574 AT arago.de; ok markus@ 1575 - djm@cvs.openbsd.org 2011/05/24 07:15:47 1576 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] 1577 Remove undocumented legacy options UserKnownHostsFile2 and 1578 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile 1579 accept multiple paths per line and making their defaults include 1580 known_hosts2; ok markus 1581 - djm@cvs.openbsd.org 2011/05/23 03:31:31 1582 [regress/cfgmatch.sh] 1583 include testing of multiple/overridden AuthorizedKeysFiles 1584 refactor to simply daemon start/stop and get rid of racy constructs 1585 158620110520 1587 - (djm) [session.c] call setexeccon() before executing passwd for pw 1588 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ 1589 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options 1590 options, we should corresponding -W-option when trying to determine 1591 whether it is accepted. Also includes a warning fix on the program 1592 fragment uses (bad main() return type). 1593 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ 1594 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 1595 - OpenBSD CVS Sync 1596 - djm@cvs.openbsd.org 2011/05/15 08:09:01 1597 [authfd.c monitor.c serverloop.c] 1598 use FD_CLOEXEC consistently; patch from zion AT x96.org 1599 - djm@cvs.openbsd.org 2011/05/17 07:13:31 1600 [key.c] 1601 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1602 and fix the regress test that was trying to generate them :) 1603 - djm@cvs.openbsd.org 2011/05/20 00:55:02 1604 [servconf.c] 1605 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile 1606 and AuthorizedPrincipalsFile were not being correctly applied in 1607 Match blocks, despite being overridable there; ok dtucker@ 1608 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 1609 [servconf.c] 1610 Add comment documenting what should be after the preauth check. ok djm 1611 - djm@cvs.openbsd.org 2011/05/20 03:25:45 1612 [monitor.c monitor_wrap.c servconf.c servconf.h] 1613 use a macro to define which string options to copy between configs 1614 for Match. This avoids problems caused by forgetting to keep three 1615 code locations in perfect sync and ordering 1616 1617 "this is at once beautiful and horrible" + ok dtucker@ 1618 - djm@cvs.openbsd.org 2011/05/17 07:13:31 1619 [regress/cert-userkey.sh] 1620 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1621 and fix the regress test that was trying to generate them :) 1622 - djm@cvs.openbsd.org 2011/05/20 02:43:36 1623 [cert-hostkey.sh] 1624 another attempt to generate a v00 ECDSA key that broke the test 1625 ID sync only - portable already had this somehow 1626 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 1627 [dynamic-forward.sh] 1628 Prevent races in dynamic forwarding test; ok djm 1629 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 1630 [dynamic-forward.sh] 1631 fix dumb error in dynamic-forward test 1632 163320110515 1634 - (djm) OpenBSD CVS Sync 1635 - djm@cvs.openbsd.org 2011/05/05 05:12:08 1636 [mux.c] 1637 gracefully fall back when ControlPath is too large for a 1638 sockaddr_un. ok markus@ as part of a larger diff 1639 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 1640 [sshd_config] 1641 clarify language about overriding defaults. bz#1892, from Petr Cerny 1642 - djm@cvs.openbsd.org 2011/05/06 01:09:53 1643 [sftp.1] 1644 mention that IPv6 addresses must be enclosed in square brackets; 1645 bz#1845 1646 - djm@cvs.openbsd.org 2011/05/06 02:05:41 1647 [sshconnect2.c] 1648 fix memory leak; bz#1849 ok dtucker@ 1649 - djm@cvs.openbsd.org 2011/05/06 21:14:05 1650 [packet.c packet.h] 1651 set traffic class for IPv6 traffic as we do for IPv4 TOS; 1652 patch from lionel AT mamane.lu via Colin Watson in bz#1855; 1653 ok markus@ 1654 - djm@cvs.openbsd.org 2011/05/06 21:18:02 1655 [ssh.c ssh_config.5] 1656 add a %L expansion (short-form of the local host name) for ControlPath; 1657 sync some more expansions with LocalCommand; ok markus@ 1658 - djm@cvs.openbsd.org 2011/05/06 21:31:38 1659 [readconf.c ssh_config.5] 1660 support negated Host matching, e.g. 1661 1662 Host *.example.org !c.example.org 1663 User mekmitasdigoat 1664 1665 Will match "a.example.org", "b.example.org", but not "c.example.org" 1666 ok markus@ 1667 - djm@cvs.openbsd.org 2011/05/06 21:34:32 1668 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] 1669 Add a RequestTTY ssh_config option to allow configuration-based 1670 control over tty allocation (like -t/-T); ok markus@ 1671 - djm@cvs.openbsd.org 2011/05/06 21:38:58 1672 [ssh.c] 1673 fix dropping from previous diff 1674 - djm@cvs.openbsd.org 2011/05/06 22:20:10 1675 [PROTOCOL.mux] 1676 fix numbering; from bert.wesarg AT googlemail.com 1677 - jmc@cvs.openbsd.org 2011/05/07 23:19:39 1678 [ssh_config.5] 1679 - tweak previous 1680 - come consistency fixes 1681 ok djm 1682 - jmc@cvs.openbsd.org 2011/05/07 23:20:25 1683 [ssh.1] 1684 +.It RequestTTY 1685 - djm@cvs.openbsd.org 2011/05/08 12:52:01 1686 [PROTOCOL.mux clientloop.c clientloop.h mux.c] 1687 improve our behaviour when TTY allocation fails: if we are in 1688 RequestTTY=auto mode (the default), then do not treat at TTY 1689 allocation error as fatal but rather just restore the local TTY 1690 to cooked mode and continue. This is more graceful on devices that 1691 never allocate TTYs. 1692 1693 If RequestTTY is set to "yes" or "force", then failure to allocate 1694 a TTY is fatal. 1695 1696 ok markus@ 1697 - djm@cvs.openbsd.org 2011/05/10 05:46:46 1698 [authfile.c] 1699 despam debug() logs by detecting that we are trying to load a private key 1700 in key_try_load_public() and returning early; ok markus@ 1701 - djm@cvs.openbsd.org 2011/05/11 04:47:06 1702 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] 1703 remove support for authorized_keys2; it is a relic from the early days 1704 of protocol v.2 support and has been undocumented for many years; 1705 ok markus@ 1706 - djm@cvs.openbsd.org 2011/05/13 00:05:36 1707 [authfile.c] 1708 warn on unexpected key type in key_parse_private_type() 1709 - (djm) [packet.c] unbreak portability #endif 1710 171120110510 1712 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 1713 --with-ssl-engine which was broken with the change from deprecated 1714 SSLeay_add_all_algorithms(). ok djm 1715 171620110506 1717 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype 1718 for closefrom() in test code. Report from Dan Wallis via Gentoo. 1719 172020110505 1721 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS 1722 definitions. From des AT des.no 1723 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 1724 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] 1725 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] 1726 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] 1727 [regress/README.regress] Remove ssh-rand-helper and all its 1728 tentacles. PRNGd seeding has been rolled into entropy.c directly. 1729 Thanks to tim@ for testing on affected platforms. 1730 - OpenBSD CVS Sync 1731 - djm@cvs.openbsd.org 2011/03/10 02:52:57 1732 [auth2-gss.c auth2.c auth.h] 1733 allow GSSAPI authentication to detect when a server-side failure causes 1734 authentication failure and don't count such failures against MaxAuthTries; 1735 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock 1736 - okan@cvs.openbsd.org 2011/03/15 10:36:02 1737 [ssh-keyscan.c] 1738 use timerclear macro 1739 ok djm@ 1740 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 1741 [ssh-keygen.1 ssh-keygen.c] 1742 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) 1743 for which host keys do not exist, generate the host keys with the 1744 default key file path, an empty passphrase, default bits for the key 1745 type, and default comment. This will be used by /etc/rc to generate 1746 new host keys. Idea from deraadt. 1747 ok deraadt 1748 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 1749 [ssh-keygen.1] 1750 -q not used in /etc/rc now so remove statement. 1751 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 1752 [ssh-keygen.c] 1753 remove -d, documentation removed >10 years ago; ok markus 1754 - jmc@cvs.openbsd.org 2011/03/24 15:29:30 1755 [ssh-keygen.1] 1756 zap trailing whitespace; 1757 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 1758 [ssh-keygen.c] 1759 use strcasecmp() for "clear" cert permission option also; ok djm 1760 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 1761 [misc.c misc.h servconf.c] 1762 print ipqos friendly string for sshd -T; ok markus 1763 # sshd -Tf sshd_config|grep ipqos 1764 ipqos lowdelay throughput 1765 - djm@cvs.openbsd.org 2011/04/12 04:23:50 1766 [ssh-keygen.c] 1767 fix -Wshadow 1768 - djm@cvs.openbsd.org 2011/04/12 05:32:49 1769 [sshd.c] 1770 exit with 0 status on SIGTERM; bz#1879 1771 - djm@cvs.openbsd.org 2011/04/13 04:02:48 1772 [ssh-keygen.1] 1773 improve wording; bz#1861 1774 - djm@cvs.openbsd.org 2011/04/13 04:09:37 1775 [ssh-keygen.1] 1776 mention valid -b sizes for ECDSA keys; bz#1862 1777 - djm@cvs.openbsd.org 2011/04/17 22:42:42 1778 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] 1779 allow graceful shutdown of multiplexing: request that a mux server 1780 removes its listener socket and refuse future multiplexing requests; 1781 ok markus@ 1782 - djm@cvs.openbsd.org 2011/04/18 00:46:05 1783 [ssh-keygen.c] 1784 certificate options are supposed to be packed in lexical order of 1785 option name (though we don't actually enforce this at present). 1786 Move one up that was out of sequence 1787 - djm@cvs.openbsd.org 2011/05/04 21:15:29 1788 [authfile.c authfile.h ssh-add.c] 1789 allow "ssh-add - < key"; feedback and ok markus@ 1790 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE 1791 so autoreconf 2.68 is happy. 1792 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ 1793 179420110221 1795 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the 1796 Cygwin-specific service installer script ssh-host-config. The actual 1797 functionality is the same, the revisited version is just more 1798 exact when it comes to check for problems which disallow to run 1799 certain aspects of the script. So, part of this script and the also 1800 rearranged service helper script library "csih" is to check if all 1801 the tools required to run the script are available on the system. 1802 The new script also is more thorough to inform the user why the 1803 script failed. Patch from vinschen at redhat com. 1804 180520110218 1806 - OpenBSD CVS Sync 1807 - djm@cvs.openbsd.org 2011/02/16 00:31:14 1808 [ssh-keysign.c] 1809 make hostbased auth with ECDSA keys work correctly. Based on patch 1810 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) 1811 181220110206 1813 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in 1814 selinux code. Patch from Leonardo Chiquitto 1815 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key 1816 generation and simplify. Patch from Corinna Vinschen. 1817 181820110204 1819 - OpenBSD CVS Sync 1820 - djm@cvs.openbsd.org 2011/01/31 21:42:15 1821 [PROTOCOL.mux] 1822 cut'n'pasto; from bert.wesarg AT googlemail.com 1823 - djm@cvs.openbsd.org 2011/02/04 00:44:21 1824 [key.c] 1825 fix uninitialised nonce variable; reported by Mateusz Kocielski 1826 - djm@cvs.openbsd.org 2011/02/04 00:44:43 1827 [version.h] 1828 openssh-5.8 1829 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1830 [contrib/suse/openssh.spec] update versions in docs and spec files. 1831 - Release OpenSSH 5.8p1 1832 183320110128 1834 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled 1835 before attempting setfscreatecon(). Check whether matchpathcon() 1836 succeeded before using its result. Patch from cjwatson AT debian.org; 1837 bz#1851 1838 183920110127 1840 - (tim) [config.guess config.sub] Sync with upstream. 1841 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete 1842 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with 1843 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white 1844 space changes for consistency/readability. Makes autoconf 2.68 happy. 1845 "Nice work" djm 1846 184720110125 1848 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 1849 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to 1850 port-linux.c to avoid compilation errors. Add -lselinux to ssh when 1851 building with SELinux support to avoid linking failure; report from 1852 amk AT spamfence.net; ok dtucker 1853 185420110122 1855 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 1856 RSA_get_default_method() for the benefit of openssl versions that don't 1857 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, 1858 ok djm@. 1859 - OpenBSD CVS Sync 1860 - djm@cvs.openbsd.org 2011/01/22 09:18:53 1861 [version.h] 1862 crank to OpenSSH-5.7 1863 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1864 [contrib/suse/openssh.spec] update versions in docs and spec files. 1865 - (djm) Release 5.7p1 1866 186720110119 1868 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead 1869 of RPM so build completes. Signatures were changed to .asc since 4.1p1. 1870 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 1871 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- 1872 release testing (random crashes and failure to load ECC keys). 1873 ok dtucker@ 1874 187520110117 1876 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in 1877 $PATH, fix cleanup of droppings; reported by openssh AT 1878 roumenpetrov.info; ok dtucker@ 1879 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding 1880 its unique snowflake of a gdb error to the ones we look for. 1881 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running 1882 ssh-add to avoid $SUDO failures on Linux 1883 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new 1884 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback 1885 to the old values. Feedback from vapier at gentoo org and djm, ok djm. 1886 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 1887 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are 1888 disabled on platforms that do not support them; add a "config_defined()" 1889 shell function that greps for defines in config.h and use them to decide 1890 on feature tests. 1891 Convert a couple of existing grep's over config.h to use the new function 1892 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent 1893 backslash characters in filenames, enable it for Cygwin and use it to turn 1894 of tests for quotes backslashes in sftp-glob.sh. 1895 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 1896 - (tim) [regress/agent-getpeereid.sh] shell portability fix. 1897 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on 1898 the tinderbox. 1899 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 1900 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem 1901 support, based on patches from Tomas Mraz and jchadima at redhat. 1902 190320110116 1904 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 1905 on configurations that don't have it. 1906 - OpenBSD CVS Sync 1907 - djm@cvs.openbsd.org 2011/01/16 11:50:05 1908 [clientloop.c] 1909 Use atomicio when flushing protocol 1 std{out,err} buffers at 1910 session close. This was a latent bug exposed by setting a SIGCHLD 1911 handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 1912 - djm@cvs.openbsd.org 2011/01/16 11:50:36 1913 [sshconnect.c] 1914 reset the SIGPIPE handler when forking to execute child processes; 1915 ok dtucker@ 1916 - djm@cvs.openbsd.org 2011/01/16 12:05:59 1917 [clientloop.c] 1918 a couple more tweaks to the post-close protocol 1 stderr/stdout flush: 1919 now that we use atomicio(), convert them from while loops to if statements 1920 add test and cast to compile cleanly with -Wsigned 1921 192220110114 1923 - OpenBSD CVS Sync 1924 - djm@cvs.openbsd.org 2011/01/13 21:54:53 1925 [mux.c] 1926 correct error messages; patch from bert.wesarg AT googlemail.com 1927 - djm@cvs.openbsd.org 2011/01/13 21:55:25 1928 [PROTOCOL.mux] 1929 correct protocol names and add a couple of missing protocol number 1930 defines; patch from bert.wesarg AT googlemail.com 1931 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in 1932 host-key-force target rather than a substitution that is replaced with a 1933 comment so that the Makefile.in is still a syntactically valid Makefile 1934 (useful to run the distprep target) 1935 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 1936 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some 1937 ecdsa bits. 1938 193920110113 1940 - (djm) [misc.c] include time.h for nanosleep() prototype 1941 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 1942 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 1943 ecdsa keys. ok djm. 1944 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid 1945 gcc warning on platforms where it defaults to int 1946 - (djm) [regress/Makefile] add a few more generated files to the clean 1947 target 1948 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad 1949 #define that was causing diffie-hellman-group-exchange-sha256 to be 1950 incorrectly disabled 1951 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 1952 should not depend on ECC support 1953 195420110112 1955 - OpenBSD CVS Sync 1956 - nicm@cvs.openbsd.org 2010/10/08 21:48:42 1957 [openbsd-compat/glob.c] 1958 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit 1959 from ARG_MAX to 64K. 1960 Fixes glob-using programs (notably ftp) able to be triggered to hit 1961 resource limits. 1962 Idea from a similar NetBSD change, original problem reported by jasper@. 1963 ok millert tedu jasper 1964 - djm@cvs.openbsd.org 2011/01/12 01:53:14 1965 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS 1966 and sanity check arguments (these will be unnecessary when we switch 1967 struct glob members from being type into to size_t in the future); 1968 "looks ok" tedu@ feedback guenther@ 1969 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 1970 silly warnings on write() calls we don't care succeed or not. 1971 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 1972 flag tests that don't depend on gcc version at all; suggested by and 1973 ok dtucker@ 1974 197520110111 1976 - (tim) [regress/host-expand.sh] Fix for building outside of read only 1977 source tree. 1978 - (djm) [platform.c] Some missing includes that show up under -Werror 1979 - OpenBSD CVS Sync 1980 - djm@cvs.openbsd.org 2011/01/08 10:51:51 1981 [clientloop.c] 1982 use host and not options.hostname, as the latter may have unescaped 1983 substitution characters 1984 - djm@cvs.openbsd.org 2011/01/11 06:06:09 1985 [sshlogin.c] 1986 fd leak on error paths; from zinovik@ 1987 NB. Id sync only; we use loginrec.c that was also audited and fixed 1988 recently 1989 - djm@cvs.openbsd.org 2011/01/11 06:13:10 1990 [clientloop.c ssh-keygen.c sshd.c] 1991 some unsigned long long casts that make things a bit easier for 1992 portable without resorting to dropping PRIu64 formats everywhere 1993 199420110109 1995 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by 1996 openssh AT roumenpetrov.info 1997 199820110108 1999 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress 2000 test on OSX and others. Reported by imorgan AT nas.nasa.gov 2001 200220110107 2003 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test 2004 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com 2005 - djm@cvs.openbsd.org 2011/01/06 22:23:53 2006 [ssh.c] 2007 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT 2008 googlemail.com; ok markus@ 2009 - djm@cvs.openbsd.org 2011/01/06 22:23:02 2010 [clientloop.c] 2011 when exiting due to ServerAliveTimeout, mention the hostname that caused 2012 it (useful with backgrounded controlmaster) 2013 - djm@cvs.openbsd.org 2011/01/06 22:46:21 2014 [regress/Makefile regress/host-expand.sh] 2015 regress test for LocalCommand %n expansion from bert.wesarg AT 2016 googlemail.com; ok markus@ 2017 - djm@cvs.openbsd.org 2011/01/06 23:01:35 2018 [sshconnect.c] 2019 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; 2020 ok markus@ 2021 202220110106 2023 - (djm) OpenBSD CVS Sync 2024 - markus@cvs.openbsd.org 2010/12/08 22:46:03 2025 [scp.1 scp.c] 2026 add a new -3 option to scp: Copies between two remote hosts are 2027 transferred through the local host. Without this option the data 2028 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) 2029 - jmc@cvs.openbsd.org 2010/12/09 14:13:33 2030 [scp.1 scp.c] 2031 scp.1: grammer fix 2032 scp.c: add -3 to usage() 2033 - markus@cvs.openbsd.org 2010/12/14 11:59:06 2034 [sshconnect.c] 2035 don't mention key type in key-changed-warning, since we also print 2036 this warning if a new key type appears. ok djm@ 2037 - djm@cvs.openbsd.org 2010/12/15 00:49:27 2038 [readpass.c] 2039 fix ControlMaster=ask regression 2040 reset SIGCHLD handler before fork (and restore it after) so we don't miss 2041 the the askpass child's exit status. Correct test for exit status/signal to 2042 account for waitpid() failure; with claudio@ ok claudio@ markus@ 2043 - djm@cvs.openbsd.org 2010/12/24 21:41:48 2044 [auth-options.c] 2045 don't send the actual forced command in a debug message; ok markus deraadt 2046 - otto@cvs.openbsd.org 2011/01/04 20:44:13 2047 [ssh-keyscan.c] 2048 handle ecdsa-sha2 with various key lengths; hint and ok djm@ 2049 205020110104 2051 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 2052 formatter if it is present, followed by nroff and groff respectively. 2053 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports 2054 in favour of mandoc). feedback and ok tim 2055 205620110103 2057 - (djm) [Makefile.in] revert local hack I didn't intend to commit 2058 205920110102 2060 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 2061 - (djm) [configure.ac] Check whether libdes is needed when building 2062 with Heimdal krb5 support. On OpenBSD this library no longer exists, 2063 so linking it unconditionally causes a build failure; ok dtucker 2064 206520101226 2066 - (dtucker) OpenBSD CVS Sync 2067 - djm@cvs.openbsd.org 2010/12/08 04:02:47 2068 [ssh_config.5 sshd_config.5] 2069 explain that IPQoS arguments are separated by whitespace; iirc requested 2070 by jmc@ a while back 2071 207220101205 2073 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from 2074 debugging. Spotted by djm. 2075 - (dtucker) OpenBSD CVS Sync 2076 - djm@cvs.openbsd.org 2010/12/03 23:49:26 2077 [schnorr.c] 2078 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao 2079 (this code is still disabled, but apprently people are treating it as 2080 a reference implementation) 2081 - djm@cvs.openbsd.org 2010/12/03 23:55:27 2082 [auth-rsa.c] 2083 move check for revoked keys to run earlier (in auth_rsa_key_allowed) 2084 bz#1829; patch from ldv AT altlinux.org; ok markus@ 2085 - djm@cvs.openbsd.org 2010/12/04 00:18:01 2086 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] 2087 add a protocol extension to support a hard link operation. It is 2088 available through the "ln" command in the client. The old "ln" 2089 behaviour of creating a symlink is available using its "-s" option 2090 or through the preexisting "symlink" command; based on a patch from 2091 miklos AT szeredi.hu in bz#1555; ok markus@ 2092 - djm@cvs.openbsd.org 2010/12/04 13:31:37 2093 [hostfile.c] 2094 fix fd leak; spotted and ok dtucker 2095 - djm@cvs.openbsd.org 2010/12/04 00:21:19 2096 [regress/sftp-cmds.sh] 2097 adjust for hard-link support 2098 - (dtucker) [regress/Makefile] Id sync. 2099 210020101204 2101 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) 2102 instead of (arc4random() % range) 2103 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 2104 shims for the new, non-deprecated OpenSSL key generation functions for 2105 platforms that don't have the new interfaces. 2106 210720101201 2108 - OpenBSD CVS Sync 2109 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 2110 [auth2-pubkey.c] 2111 clean up cases of ;; 2112 - djm@cvs.openbsd.org 2010/11/21 01:01:13 2113 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] 2114 honour $TMPDIR for client xauth and ssh-agent temporary directories; 2115 feedback and ok markus@ 2116 - djm@cvs.openbsd.org 2010/11/21 10:57:07 2117 [authfile.c] 2118 Refactor internals of private key loading and saving to work on memory 2119 buffers rather than directly on files. This will make a few things 2120 easier to do in the future; ok markus@ 2121 - djm@cvs.openbsd.org 2010/11/23 02:35:50 2122 [auth.c] 2123 use strict_modes already passed as function argument over referencing 2124 global options.strict_modes 2125 - djm@cvs.openbsd.org 2010/11/23 23:57:24 2126 [clientloop.c] 2127 avoid NULL deref on receiving a channel request on an unknown or invalid 2128 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 2129 - djm@cvs.openbsd.org 2010/11/24 01:24:14 2130 [channels.c] 2131 remove a debug() that pollutes stderr on client connecting to a server 2132 in debug mode (channel_close_fds is called transitively from the session 2133 code post-fork); bz#1719, ok dtucker 2134 - djm@cvs.openbsd.org 2010/11/25 04:10:09 2135 [session.c] 2136 replace close() loop for fds 3->64 with closefrom(); 2137 ok markus deraadt dtucker 2138 - djm@cvs.openbsd.org 2010/11/26 05:52:49 2139 [scp.c] 2140 Pass through ssh command-line flags and options when doing remote-remote 2141 transfers, e.g. to enable agent forwarding which is particularly useful 2142 in this case; bz#1837 ok dtucker@ 2143 - markus@cvs.openbsd.org 2010/11/29 18:57:04 2144 [authfile.c] 2145 correctly load comment for encrypted rsa1 keys; 2146 report/fix Joachim Schipper; ok djm@ 2147 - djm@cvs.openbsd.org 2010/11/29 23:45:51 2148 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] 2149 [sshconnect.h sshconnect2.c] 2150 automatically order the hostkeys requested by the client based on 2151 which hostkeys are already recorded in known_hosts. This avoids 2152 hostkey warnings when connecting to servers with new ECDSA keys 2153 that are preferred by default; with markus@ 2154 215520101124 2156 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 2157 into the platform-specific code Only affects SCO, tested by and ok tim@. 2158 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow 2159 group read/write. ok dtucker@ 2160 - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 2161 - (djm) [defines.h] Add IP DSCP defines 2162 216320101122 2164 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch 2165 from vapier at gentoo org. 2166 216720101120 2168 - OpenBSD CVS Sync 2169 - djm@cvs.openbsd.org 2010/11/05 02:46:47 2170 [packet.c] 2171 whitespace KNF 2172 - djm@cvs.openbsd.org 2010/11/10 01:33:07 2173 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] 2174 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. 2175 these have been around for years by this time. ok markus 2176 - djm@cvs.openbsd.org 2010/11/13 23:27:51 2177 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] 2178 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] 2179 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of 2180 hardcoding lowdelay/throughput. 2181 2182 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 2183 - jmc@cvs.openbsd.org 2010/11/15 07:40:14 2184 [ssh_config.5] 2185 libary -> library; 2186 - jmc@cvs.openbsd.org 2010/11/18 15:01:00 2187 [scp.1 sftp.1 ssh.1 sshd_config.5] 2188 add IPQoS to the various -o lists, and zap some trailing whitespace; 2189 219020101111 2191 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on 2192 platforms that don't support ECC. Fixes some spurious warnings reported 2193 by tim@ 2194 219520101109 2196 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. 2197 Feedback from dtucker@ 2198 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 2199 support for platforms missing isblank(). ok djm@ 2200 220120101108 2202 - (tim) [regress/Makefile] Fixes to allow building/testing outside source 2203 tree. 2204 - (tim) [regress/kextype.sh] Shell portability fix. 2205 220620101107 2207 - (dtucker) [platform.c] includes.h instead of defines.h so that we get 2208 the correct typedefs. 2209 221020101105 2211 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 2212 int. Should fix bz#1817 cleanly; ok dtucker@ 2213 - OpenBSD CVS Sync 2214 - djm@cvs.openbsd.org 2010/09/22 12:26:05 2215 [regress/Makefile regress/kextype.sh] 2216 regress test for each of the key exchange algorithms that we support 2217 - djm@cvs.openbsd.org 2010/10/28 11:22:09 2218 [authfile.c key.c key.h ssh-keygen.c] 2219 fix a possible NULL deref on loading a corrupt ECDH key 2220 2221 store ECDH group information in private keys files as "named groups" 2222 rather than as a set of explicit group parameters (by setting 2223 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and 2224 retrieves the group's OpenSSL NID that we need for various things. 2225 - jmc@cvs.openbsd.org 2010/10/28 18:33:28 2226 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 2227 knock out some "-*- nroff -*-" lines; 2228 - djm@cvs.openbsd.org 2010/11/04 02:45:34 2229 [sftp-server.c] 2230 umask should be parsed as octal. reported by candland AT xmission.com; 2231 ok markus@ 2232 - (dtucker) [configure.ac platform.{c,h} session.c 2233 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. 2234 Patch from cory.erickson at csu mnscu edu with a bit of rework from me. 2235 ok djm@ 2236 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 2237 after the user's groups are established and move the selinux calls into it. 2238 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 2239 platform.c 2240 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2241 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to 2242 retain previous behavior. 2243 - (dtucker) [platform.c session.c] Move the PAM credential establishment for 2244 the LOGIN_CAP case into platform.c. 2245 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 2246 platform.c 2247 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. 2248 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 2249 platform.c. 2250 - (dtucker) [platform.c session.c] Move PAM credential establishment for the 2251 non-LOGIN_CAP case into platform.c. 2252 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 2253 check into platform.c 2254 - (dtucker) [regress/keytype.sh] Import new test. 2255 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 2256 Import recent changes to regress/Makefile, pass a flag to enable ECC tests 2257 from configure through to regress/Makefile and use it in the tests. 2258 - (dtucker) [regress/kextype.sh] Add missing "test". 2259 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not 2260 strictly correct since while ECC requires sha256 the reverse is not true 2261 however it does prevent spurious test failures. 2262 - (dtucker) [platform.c] Need servconf.h and extern options. 2263 226420101025 2265 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 2266 1.12 to unbreak Solaris build. 2267 ok djm@ 2268 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a 2269 native one. 2270 227120101024 2272 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 2273 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms 2274 which don't have ECC support in libcrypto. 2275 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms 2276 which don't have ECC support in libcrypto. 2277 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't 2278 have it. 2279 - (dtucker) OpenBSD CVS Sync 2280 - sthen@cvs.openbsd.org 2010/10/23 22:06:12 2281 [sftp.c] 2282 escape '[' in filename tab-completion; fix a type while there. 2283 ok djm@ 2284 228520101021 2286 - OpenBSD CVS Sync 2287 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 2288 [mux.c] 2289 Typo in confirmation message. bz#1827, patch from imorgan at 2290 nas nasa gov 2291 - djm@cvs.openbsd.org 2010/08/31 12:24:09 2292 [regress/cert-hostkey.sh regress/cert-userkey.sh] 2293 tests for ECDSA certificates 2294 229520101011 2296 - (djm) [canohost.c] Zero a4 instead of addr to better match type. 2297 bz#1825, reported by foo AT mailinator.com 2298 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 2299 230020101011 2301 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 2302 dr AT vasco.com 2303 230420101007 2305 - (djm) [ssh-agent.c] Fix type for curve name. 2306 - (djm) OpenBSD CVS Sync 2307 - matthew@cvs.openbsd.org 2010/09/24 13:33:00 2308 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] 2309 [openbsd-compat/timingsafe_bcmp.c] 2310 Add timingsafe_bcmp(3) to libc, mention that it's already in the 2311 kernel in kern(9), and remove it from OpenSSH. 2312 ok deraadt@, djm@ 2313 NB. re-added under openbsd-compat/ for portable OpenSSH 2314 - djm@cvs.openbsd.org 2010/09/25 09:30:16 2315 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] 2316 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server 2317 rountrips to fetch per-file stat(2) information. 2318 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to 2319 match. 2320 - djm@cvs.openbsd.org 2010/09/26 22:26:33 2321 [sftp.c] 2322 when performing an "ls" in columnated (short) mode, only call 2323 ioctl(TIOCGWINSZ) once to get the window width instead of per- 2324 filename 2325 - djm@cvs.openbsd.org 2010/09/30 11:04:51 2326 [servconf.c] 2327 prevent free() of string in .rodata when overriding AuthorizedKeys in 2328 a Match block; patch from rein AT basefarm.no 2329 - djm@cvs.openbsd.org 2010/10/01 23:05:32 2330 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] 2331 adapt to API changes in openssl-1.0.0a 2332 NB. contains compat code to select correct API for older OpenSSL 2333 - djm@cvs.openbsd.org 2010/10/05 05:13:18 2334 [sftp.c sshconnect.c] 2335 use default shell /bin/sh if $SHELL is ""; ok markus@ 2336 - djm@cvs.openbsd.org 2010/10/06 06:39:28 2337 [clientloop.c ssh.c sshconnect.c sshconnect.h] 2338 kill proxy command on fatal() (we already kill it on clean exit); 2339 ok markus@ 2340 - djm@cvs.openbsd.org 2010/10/06 21:10:21 2341 [sshconnect.c] 2342 swapped args to kill(2) 2343 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 2344 - (djm) [cipher-acss.c] Add missing header. 2345 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 2346 234720100924 2348 - (djm) OpenBSD CVS Sync 2349 - naddy@cvs.openbsd.org 2010/09/10 15:19:29 2350 [ssh-keygen.1] 2351 * mention ECDSA in more places 2352 * less repetition in FILES section 2353 * SSHv1 keys are still encrypted with 3DES 2354 help and ok jmc@ 2355 - djm@cvs.openbsd.org 2010/09/11 21:44:20 2356 [ssh.1] 2357 mention RFC 5656 for ECC stuff 2358 - jmc@cvs.openbsd.org 2010/09/19 21:30:05 2359 [sftp.1] 2360 more wacky macro fixing; 2361 - djm@cvs.openbsd.org 2010/09/20 04:41:47 2362 [ssh.c] 2363 install a SIGCHLD handler to reap expiried child process; ok markus@ 2364 - djm@cvs.openbsd.org 2010/09/20 04:50:53 2365 [jpake.c schnorr.c] 2366 check that received values are smaller than the group size in the 2367 disabled and unfinished J-PAKE code. 2368 avoids catastrophic security failure found by Sebastien Martini 2369 - djm@cvs.openbsd.org 2010/09/20 04:54:07 2370 [jpake.c] 2371 missing #include 2372 - djm@cvs.openbsd.org 2010/09/20 07:19:27 2373 [mux.c] 2374 "atomically" create the listening mux socket by binding it on a temorary 2375 name and then linking it into position after listen() has succeeded. 2376 this allows the mux clients to determine that the server socket is 2377 either ready or stale without races. stale server sockets are now 2378 automatically removed 2379 ok deraadt 2380 - djm@cvs.openbsd.org 2010/09/22 05:01:30 2381 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] 2382 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] 2383 add a KexAlgorithms knob to the client and server configuration to allow 2384 selection of which key exchange methods are used by ssh(1) and sshd(8) 2385 and their order of preference. 2386 ok markus@ 2387 - jmc@cvs.openbsd.org 2010/09/22 08:30:08 2388 [ssh.1 ssh_config.5] 2389 ssh.1: add kexalgorithms to the -o list 2390 ssh_config.5: format the kexalgorithms in a more consistent 2391 (prettier!) way 2392 ok djm 2393 - djm@cvs.openbsd.org 2010/09/22 22:58:51 2394 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] 2395 [sftp-client.h sftp.1 sftp.c] 2396 add an option per-read/write callback to atomicio 2397 2398 factor out bandwidth limiting code from scp(1) into a generic bandwidth 2399 limiter that can be attached using the atomicio callback mechanism 2400 2401 add a bandwidth limit option to sftp(1) using the above 2402 "very nice" markus@ 2403 - jmc@cvs.openbsd.org 2010/09/23 13:34:43 2404 [sftp.c] 2405 add [-l limit] to usage(); 2406 - jmc@cvs.openbsd.org 2010/09/23 13:36:46 2407 [scp.1 sftp.1] 2408 add KexAlgorithms to the -o list; 2409 241020100910 2411 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact 2412 return code since it can apparently return -1 under some conditions. From 2413 openssh bugs werbittewas de, ok djm@ 2414 - OpenBSD CVS Sync 2415 - djm@cvs.openbsd.org 2010/08/31 12:33:38 2416 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2417 reintroduce commit from tedu@, which I pulled out for release 2418 engineering: 2419 OpenSSL_add_all_algorithms is the name of the function we have a 2420 man page for, so use that. ok djm 2421 - jmc@cvs.openbsd.org 2010/08/31 17:40:54 2422 [ssh-agent.1] 2423 fix some macro abuse; 2424 - jmc@cvs.openbsd.org 2010/08/31 21:14:58 2425 [ssh.1] 2426 small text tweak to accommodate previous; 2427 - naddy@cvs.openbsd.org 2010/09/01 15:21:35 2428 [servconf.c] 2429 pick up ECDSA host key by default; ok djm@ 2430 - markus@cvs.openbsd.org 2010/09/02 16:07:25 2431 [ssh-keygen.c] 2432 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 2433 - markus@cvs.openbsd.org 2010/09/02 16:08:39 2434 [ssh.c] 2435 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 2436 - naddy@cvs.openbsd.org 2010/09/02 17:21:50 2437 [ssh-keygen.c] 2438 Switch ECDSA default key size to 256 bits, which according to RFC5656 2439 should still be better than our current RSA-2048 default. 2440 ok djm@, markus@ 2441 - jmc@cvs.openbsd.org 2010/09/03 11:09:29 2442 [scp.1] 2443 add an EXIT STATUS section for /usr/bin; 2444 - jmc@cvs.openbsd.org 2010/09/04 09:38:34 2445 [ssh-add.1 ssh.1] 2446 two more EXIT STATUS sections; 2447 - naddy@cvs.openbsd.org 2010/09/06 17:10:19 2448 [sshd_config] 2449 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste 2450 <mattieu.b@gmail.com> 2451 ok deraadt@ 2452 - djm@cvs.openbsd.org 2010/09/08 03:54:36 2453 [authfile.c] 2454 typo 2455 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 2456 [compress.c] 2457 work around name-space collisions some buggy compilers (looking at you 2458 gcc, at least in earlier versions, but this does not forgive your current 2459 transgressions) seen between zlib and openssl 2460 ok djm 2461 - djm@cvs.openbsd.org 2010/09/09 10:45:45 2462 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] 2463 ECDH/ECDSA compliance fix: these methods vary the hash function they use 2464 (SHA256/384/512) depending on the length of the curve in use. The previous 2465 code incorrectly used SHA256 in all cases. 2466 2467 This fix will cause authentication failure when using 384 or 521-bit curve 2468 keys if one peer hasn't been upgraded and the other has. (256-bit curve 2469 keys work ok). In particular you may need to specify HostkeyAlgorithms 2470 when connecting to a server that has not been upgraded from an upgraded 2471 client. 2472 2473 ok naddy@ 2474 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 2475 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] 2476 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on 2477 platforms that don't have the requisite OpenSSL support. ok dtucker@ 2478 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 2479 for missing headers and compiler warnings. 2480 248120100831 2482 - OpenBSD CVS Sync 2483 - jmc@cvs.openbsd.org 2010/08/08 19:36:30 2484 [ssh-keysign.8 ssh.1 sshd.8] 2485 use the same template for all FILES sections; i.e. -compact/.Pp where we 2486 have multiple items, and .Pa for path names; 2487 - tedu@cvs.openbsd.org 2010/08/12 23:34:39 2488 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2489 OpenSSL_add_all_algorithms is the name of the function we have a man page 2490 for, so use that. ok djm 2491 - djm@cvs.openbsd.org 2010/08/16 04:06:06 2492 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2493 backout previous temporarily; discussed with deraadt@ 2494 - djm@cvs.openbsd.org 2010/08/31 09:58:37 2495 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] 2496 [packet.h ssh-dss.c ssh-rsa.c] 2497 Add buffer_get_cstring() and related functions that verify that the 2498 string extracted from the buffer contains no embedded \0 characters* 2499 This prevents random (possibly malicious) crap from being appended to 2500 strings where it would not be noticed if the string is used with 2501 a string(3) function. 2502 2503 Use the new API in a few sensitive places. 2504 2505 * actually, we allow a single one at the end of the string for now because 2506 we don't know how many deployed implementations get this wrong, but don't 2507 count on this to remain indefinitely. 2508 - djm@cvs.openbsd.org 2010/08/31 11:54:45 2509 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] 2510 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] 2511 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] 2512 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] 2513 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] 2514 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] 2515 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] 2516 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and 2517 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer 2518 better performance than plain DH and DSA at the same equivalent symmetric 2519 key length, as well as much shorter keys. 2520 2521 Only the mandatory sections of RFC5656 are implemented, specifically the 2522 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and 2523 ECDSA. Point compression (optional in RFC5656 is NOT implemented). 2524 2525 Certificate host and user keys using the new ECDSA key types are supported. 2526 2527 Note that this code has not been tested for interoperability and may be 2528 subject to change. 2529 2530 feedback and ok markus@ 2531 - (djm) [Makefile.in] Add new ECC files 2532 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include 2533 includes.h 2534 253520100827 2536 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, 2537 remove. Patch from martynas at venck us 2538 253920100823 2540 - (djm) Release OpenSSH-5.6p1 2541 254220100816 2543 - (dtucker) [configure.ac openbsd-compat/Makefile.in 2544 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to 2545 the compat library which helps on platforms like old IRIX. Based on work 2546 by djm, tested by Tom Christensen. 2547 - OpenBSD CVS Sync 2548 - djm@cvs.openbsd.org 2010/08/12 21:49:44 2549 [ssh.c] 2550 close any extra file descriptors inherited from parent at start and 2551 reopen stdin/stdout to /dev/null when forking for ControlPersist. 2552 2553 prevents tools that fork and run a captive ssh for communication from 2554 failing to exit when the ssh completes while they wait for these fds to 2555 close. The inherited fds may persist arbitrarily long if a background 2556 mux master has been started by ControlPersist. cvs and scp were effected 2557 by this. 2558 2559 "please commit" markus@ 2560 - (djm) [regress/README.regress] typo 2561 256220100812 2563 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh 2564 regress/test-exec.sh] Under certain conditions when testing with sudo 2565 tests would fail because the pidfile could not be read by a regular user. 2566 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" 2567 Make sure cat is run by $SUDO. no objection from me. djm@ 2568 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. 2569 257020100809 2571 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is 2572 already set. Makes FreeBSD user openable tunnels useful; patch from 2573 richard.burakowski+ossh AT mrburak.net, ok dtucker@ 2574 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. 2575 based in part on a patch from Colin Watson, ok djm@ 2576 257720100809 2578 - OpenBSD CVS Sync 2579 - djm@cvs.openbsd.org 2010/08/08 16:26:42 2580 [version.h] 2581 crank to 5.6 2582 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2583 [contrib/suse/openssh.spec] Crank version numbers 2584 258520100805 2586 - OpenBSD CVS Sync 2587 - djm@cvs.openbsd.org 2010/08/04 05:37:01 2588 [ssh.1 ssh_config.5 sshd.8] 2589 Remove mentions of weird "addr/port" alternate address format for IPv6 2590 addresses combinations. It hasn't worked for ages and we have supported 2591 the more commen "[addr]:port" format for a long time. ok jmc@ markus@ 2592 - djm@cvs.openbsd.org 2010/08/04 05:40:39 2593 [PROTOCOL.certkeys ssh-keygen.c] 2594 tighten the rules for certificate encoding by requiring that options 2595 appear in lexical order and make our ssh-keygen comply. ok markus@ 2596 - djm@cvs.openbsd.org 2010/08/04 05:42:47 2597 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] 2598 [ssh-keysign.c ssh.c] 2599 enable certificates for hostbased authentication, from Iain Morgan; 2600 "looks ok" markus@ 2601 - djm@cvs.openbsd.org 2010/08/04 05:49:22 2602 [authfile.c] 2603 commited the wrong version of the hostbased certificate diff; this 2604 version replaces some strlc{py,at} verbosity with xasprintf() at 2605 the request of markus@ 2606 - djm@cvs.openbsd.org 2010/08/04 06:07:11 2607 [ssh-keygen.1 ssh-keygen.c] 2608 Support CA keys in PKCS#11 tokens; feedback and ok markus@ 2609 - djm@cvs.openbsd.org 2010/08/04 06:08:40 2610 [ssh-keysign.c] 2611 clean for -Wuninitialized (Id sync only; portable had this change) 2612 - djm@cvs.openbsd.org 2010/08/05 13:08:42 2613 [channels.c] 2614 Fix a trio of bugs in the local/remote window calculation for datagram 2615 data channels (i.e. TunnelForward): 2616 2617 Calculate local_consumed correctly in channel_handle_wfd() by measuring 2618 the delta to buffer_len(c->output) from when we start to when we finish. 2619 The proximal problem here is that the output_filter we use in portable 2620 modified the length of the dequeued datagram (to futz with the headers 2621 for !OpenBSD). 2622 2623 In channel_output_poll(), don't enqueue datagrams that won't fit in the 2624 peer's advertised packet size (highly unlikely to ever occur) or which 2625 won't fit in the peer's remaining window (more likely). 2626 2627 In channel_input_data(), account for the 4-byte string header in 2628 datagram packets that we accept from the peer and enqueue in c->output. 2629 2630 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; 2631 "looks good" markus@ 2632 263320100803 2634 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from 2635 PAM to sane values in case the PAM method doesn't write to them. Spotted by 2636 Bitman Zhou, ok djm@. 2637 - OpenBSD CVS Sync 2638 - djm@cvs.openbsd.org 2010/07/16 04:45:30 2639 [ssh-keygen.c] 2640 avoid bogus compiler warning 2641 - djm@cvs.openbsd.org 2010/07/16 14:07:35 2642 [ssh-rsa.c] 2643 more timing paranoia - compare all parts of the expected decrypted 2644 data before returning. AFAIK not exploitable in the SSH protocol. 2645 "groovy" deraadt@ 2646 - djm@cvs.openbsd.org 2010/07/19 03:16:33 2647 [sftp-client.c] 2648 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive 2649 upload depth checks and causing verbose printing of transfers to always 2650 be turned on; patch from imorgan AT nas.nasa.gov 2651 - djm@cvs.openbsd.org 2010/07/19 09:15:12 2652 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] 2653 add a "ControlPersist" option that automatically starts a background 2654 ssh(1) multiplex master when connecting. This connection can stay alive 2655 indefinitely, or can be set to automatically close after a user-specified 2656 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but 2657 further hacked on by wmertens AT cisco.com, apb AT cequrux.com, 2658 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ 2659 - djm@cvs.openbsd.org 2010/07/21 02:10:58 2660 [misc.c] 2661 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern 2662 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 2663 [ssh.1] 2664 Ciphers is documented in ssh_config(5) these days 2665 266620100819 2667 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more 2668 details about its behaviour WRT existing directories. Patch from 2669 asguthrie at gmail com, ok djm. 2670 267120100716 2672 - (djm) OpenBSD CVS Sync 2673 - djm@cvs.openbsd.org 2010/07/02 04:32:44 2674 [misc.c] 2675 unbreak strdelim() skipping past quoted strings, e.g. 2676 AllowUsers "blah blah" blah 2677 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com 2678 ok dtucker; 2679 - djm@cvs.openbsd.org 2010/07/12 22:38:52 2680 [ssh.c] 2681 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") 2682 for protocol 2. ok markus@ 2683 - djm@cvs.openbsd.org 2010/07/12 22:41:13 2684 [ssh.c ssh_config.5] 2685 expand %h to the hostname in ssh_config Hostname options. While this 2686 sounds useless, it is actually handy for working with unqualified 2687 hostnames: 2688 2689 Host *.* 2690 Hostname %h 2691 Host * 2692 Hostname %h.example.org 2693 2694 "I like it" markus@ 2695 - djm@cvs.openbsd.org 2010/07/13 11:52:06 2696 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] 2697 [packet.c ssh-rsa.c] 2698 implement a timing_safe_cmp() function to compare memory without leaking 2699 timing information by short-circuiting like memcmp() and use it for 2700 some of the more sensitive comparisons (though nothing high-value was 2701 readily attackable anyway); "looks ok" markus@ 2702 - djm@cvs.openbsd.org 2010/07/13 23:13:16 2703 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] 2704 [ssh-rsa.c] 2705 s/timing_safe_cmp/timingsafe_bcmp/g 2706 - jmc@cvs.openbsd.org 2010/07/14 17:06:58 2707 [ssh.1] 2708 finally ssh synopsis looks nice again! this commit just removes a ton of 2709 hacks we had in place to make it work with old groff; 2710 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 2711 [ssh-keygen.1] 2712 repair incorrect block nesting, which screwed up indentation; 2713 problem reported and fix OK by jmc@ 2714 271520100714 2716 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass 2717 (line 77) should have been for no_x11_askpass. 2718 271920100702 2720 - (djm) OpenBSD CVS Sync 2721 - jmc@cvs.openbsd.org 2010/06/26 00:57:07 2722 [ssh_config.5] 2723 tweak previous; 2724 - djm@cvs.openbsd.org 2010/06/26 23:04:04 2725 [ssh.c] 2726 oops, forgot to #include <canohost.h>; spotted and patch from chl@ 2727 - djm@cvs.openbsd.org 2010/06/29 23:15:30 2728 [ssh-keygen.1 ssh-keygen.c] 2729 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; 2730 bz#1749; ok markus@ 2731 - djm@cvs.openbsd.org 2010/06/29 23:16:46 2732 [auth2-pubkey.c sshd_config.5] 2733 allow key options (command="..." and friends) in AuthorizedPrincipals; 2734 ok markus@ 2735 - jmc@cvs.openbsd.org 2010/06/30 07:24:25 2736 [ssh-keygen.1] 2737 tweak previous; 2738 - jmc@cvs.openbsd.org 2010/06/30 07:26:03 2739 [ssh-keygen.c] 2740 sort usage(); 2741 - jmc@cvs.openbsd.org 2010/06/30 07:28:34 2742 [sshd_config.5] 2743 tweak previous; 2744 - millert@cvs.openbsd.org 2010/07/01 13:06:59 2745 [scp.c] 2746 Fix a longstanding problem where if you suspend scp at the 2747 password/passphrase prompt the terminal mode is not restored. 2748 OK djm@ 2749 - phessler@cvs.openbsd.org 2010/06/27 19:19:56 2750 [regress/Makefile] 2751 fix how we run the tests so we can successfully use SUDO='sudo -E' 2752 in our env 2753 - djm@cvs.openbsd.org 2010/06/29 23:59:54 2754 [cert-userkey.sh] 2755 regress tests for key options in AuthorizedPrincipals 2756 275720100627 2758 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs 2759 key.h. 2760 276120100626 2762 - (djm) OpenBSD CVS Sync 2763 - djm@cvs.openbsd.org 2010/05/21 05:00:36 2764 [misc.c] 2765 colon() returns char*, so s/return (0)/return NULL/ 2766 - markus@cvs.openbsd.org 2010/06/08 21:32:19 2767 [ssh-pkcs11.c] 2768 check length of value returned C_GetAttributValue for != 0 2769 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ 2770 - djm@cvs.openbsd.org 2010/06/17 07:07:30 2771 [mux.c] 2772 Correct sizing of object to be allocated by calloc(), replacing 2773 sizeof(state) with sizeof(*state). This worked by accident since 2774 the struct contained a single int at present, but could have broken 2775 in the future. patch from hyc AT symas.com 2776 - djm@cvs.openbsd.org 2010/06/18 00:58:39 2777 [sftp.c] 2778 unbreak ls in working directories that contains globbing characters in 2779 their pathnames. bz#1655 reported by vgiffin AT apple.com 2780 - djm@cvs.openbsd.org 2010/06/18 03:16:03 2781 [session.c] 2782 Missing check for chroot_director == "none" (we already checked against 2783 NULL); bz#1564 from Jan.Pechanec AT Sun.COM 2784 - djm@cvs.openbsd.org 2010/06/18 04:43:08 2785 [sftp-client.c] 2786 fix memory leak in do_realpath() error path; bz#1771, patch from 2787 anicka AT suse.cz 2788 - djm@cvs.openbsd.org 2010/06/22 04:22:59 2789 [servconf.c sshd_config.5] 2790 expose some more sshd_config options inside Match blocks: 2791 AuthorizedKeysFile AuthorizedPrincipalsFile 2792 HostbasedUsesNameFromPacketOnly PermitTunnel 2793 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ 2794 - djm@cvs.openbsd.org 2010/06/22 04:32:06 2795 [ssh-keygen.c] 2796 standardise error messages when attempting to open private key 2797 files to include "progname: filename: error reason" 2798 bz#1783; ok dtucker@ 2799 - djm@cvs.openbsd.org 2010/06/22 04:49:47 2800 [auth.c] 2801 queue auth debug messages for bad ownership or permissions on the user's 2802 keyfiles. These messages will be sent after the user has successfully 2803 authenticated (where our client will display them with LogLevel=debug). 2804 bz#1554; ok dtucker@ 2805 - djm@cvs.openbsd.org 2010/06/22 04:54:30 2806 [ssh-keyscan.c] 2807 replace verbose and overflow-prone Linebuf code with read_keyfile_line() 2808 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ 2809 - djm@cvs.openbsd.org 2010/06/22 04:59:12 2810 [session.c] 2811 include the user name on "subsystem request for ..." log messages; 2812 bz#1571; ok dtucker@ 2813 - djm@cvs.openbsd.org 2010/06/23 02:59:02 2814 [ssh-keygen.c] 2815 fix printing of extensions in v01 certificates that I broke in r1.190 2816 - djm@cvs.openbsd.org 2010/06/25 07:14:46 2817 [channels.c mux.c readconf.c readconf.h ssh.h] 2818 bz#1327: remove hardcoded limit of 100 permitopen clauses and port 2819 forwards per direction; ok markus@ stevesk@ 2820 - djm@cvs.openbsd.org 2010/06/25 07:20:04 2821 [channels.c session.c] 2822 bz#1750: fix requirement for /dev/null inside ChrootDirectory for 2823 internal-sftp accidentally introduced in r1.253 by removing the code 2824 that opens and dup /dev/null to stderr and modifying the channels code 2825 to read stderr but discard it instead; ok markus@ 2826 - djm@cvs.openbsd.org 2010/06/25 08:46:17 2827 [auth1.c auth2-none.c] 2828 skip the initial check for access with an empty password when 2829 PermitEmptyPasswords=no; bz#1638; ok markus@ 2830 - djm@cvs.openbsd.org 2010/06/25 23:10:30 2831 [ssh.c] 2832 log the hostname and address that we connected to at LogLevel=verbose 2833 after authentication is successful to mitigate "phishing" attacks by 2834 servers with trusted keys that accept authentication silently and 2835 automatically before presenting fake password/passphrase prompts; 2836 "nice!" markus@ 2837 - djm@cvs.openbsd.org 2010/06/25 23:10:30 2838 [ssh.c] 2839 log the hostname and address that we connected to at LogLevel=verbose 2840 after authentication is successful to mitigate "phishing" attacks by 2841 servers with trusted keys that accept authentication silently and 2842 automatically before presenting fake password/passphrase prompts; 2843 "nice!" markus@ 2844 284520100622 2846 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 2847 bz#1579; ok dtucker 2848 284920100618 2850 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ 2851 rather than assuming that $CWD == $HOME. bz#1500, patch from 2852 timothy AT gelter.com 2853 285420100617 2855 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete 2856 minires-devel package, and to add the reference to the libedit-devel 2857 package since CYgwin now provides libedit. Patch from Corinna Vinschen. 2858 285920100521 2860 - (djm) OpenBSD CVS Sync 2861 - djm@cvs.openbsd.org 2010/05/07 11:31:26 2862 [regress/Makefile regress/cert-userkey.sh] 2863 regress tests for AuthorizedPrincipalsFile and "principals=" key option. 2864 feedback and ok markus@ 2865 - djm@cvs.openbsd.org 2010/05/11 02:58:04 2866 [auth-rsa.c] 2867 don't accept certificates marked as "cert-authority" here; ok markus@ 2868 - djm@cvs.openbsd.org 2010/05/14 00:47:22 2869 [ssh-add.c] 2870 check that the certificate matches the corresponding private key before 2871 grafting it on 2872 - djm@cvs.openbsd.org 2010/05/14 23:29:23 2873 [channels.c channels.h mux.c ssh.c] 2874 Pause the mux channel while waiting for reply from aynch callbacks. 2875 Prevents misordering of replies if new requests arrive while waiting. 2876 2877 Extend channel open confirm callback to allow signalling failure 2878 conditions as well as success. Use this to 1) fix a memory leak, 2) 2879 start using the above pause mechanism and 3) delay sending a success/ 2880 failure message on mux slave session open until we receive a reply from 2881 the server. 2882 2883 motivated by and with feedback from markus@ 2884 - markus@cvs.openbsd.org 2010/05/16 12:55:51 2885 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] 2886 mux support for remote forwarding with dynamic port allocation, 2887 use with 2888 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` 2889 feedback and ok djm@ 2890 - djm@cvs.openbsd.org 2010/05/20 11:25:26 2891 [auth2-pubkey.c] 2892 fix logspam when key options (from="..." especially) deny non-matching 2893 keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 2894 - djm@cvs.openbsd.org 2010/05/20 23:46:02 2895 [PROTOCOL.certkeys auth-options.c ssh-keygen.c] 2896 Move the permit-* options to the non-critical "extensions" field for v01 2897 certificates. The logic is that if another implementation fails to 2898 implement them then the connection just loses features rather than fails 2899 outright. 2900 2901 ok markus@ 2902 290320100511 2904 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve 2905 circular dependency problem on old or odd platforms. From Tom Lane, ok 2906 djm@. 2907 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older 2908 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't 2909 already. ok dtucker@ 2910 291120100510 2912 - OpenBSD CVS Sync 2913 - djm@cvs.openbsd.org 2010/04/23 01:47:41 2914 [ssh-keygen.c] 2915 bz#1740: display a more helpful error message when $HOME is 2916 inaccessible while trying to create .ssh directory. Based on patch 2917 from jchadima AT redhat.com; ok dtucker@ 2918 - djm@cvs.openbsd.org 2010/04/23 22:27:38 2919 [mux.c] 2920 set "detach_close" flag when registering channel cleanup callbacks. 2921 This causes the channel to close normally when its fds close and 2922 hangs when terminating a mux slave using ~. bz#1758; ok markus@ 2923 - djm@cvs.openbsd.org 2010/04/23 22:42:05 2924 [session.c] 2925 set stderr to /dev/null for subsystems rather than just closing it. 2926 avoids hangs if a subsystem or shell initialisation writes to stderr. 2927 bz#1750; ok markus@ 2928 - djm@cvs.openbsd.org 2010/04/23 22:48:31 2929 [ssh-keygen.c] 2930 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, 2931 since we would refuse to use them anyway. bz#1516; ok dtucker@ 2932 - djm@cvs.openbsd.org 2010/04/26 22:28:24 2933 [sshconnect2.c] 2934 bz#1502: authctxt.success is declared as an int, but passed by 2935 reference to function that accepts sig_atomic_t*. Convert it to 2936 the latter; ok markus@ dtucker@ 2937 - djm@cvs.openbsd.org 2010/05/01 02:50:50 2938 [PROTOCOL.certkeys] 2939 typo; jmeltzer@ 2940 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 2941 [sftp.c] 2942 restore mput and mget which got lost in the tab-completion changes. 2943 found by Kenneth Whitaker, ok djm@ 2944 - djm@cvs.openbsd.org 2010/05/07 11:30:30 2945 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] 2946 [key.c servconf.c servconf.h sshd.8 sshd_config.5] 2947 add some optional indirection to matching of principal names listed 2948 in certificates. Currently, a certificate must include the a user's name 2949 to be accepted for authentication. This change adds the ability to 2950 specify a list of certificate principal names that are acceptable. 2951 2952 When authenticating using a CA trusted through ~/.ssh/authorized_keys, 2953 this adds a new principals="name1[,name2,...]" key option. 2954 2955 For CAs listed through sshd_config's TrustedCAKeys option, a new config 2956 option "AuthorizedPrincipalsFile" specifies a per-user file containing 2957 the list of acceptable names. 2958 2959 If either option is absent, the current behaviour of requiring the 2960 username to appear in principals continues to apply. 2961 2962 These options are useful for role accounts, disjoint account namespaces 2963 and "user@realm"-style naming policies in certificates. 2964 2965 feedback and ok markus@ 2966 - jmc@cvs.openbsd.org 2010/05/07 12:49:17 2967 [sshd_config.5] 2968 tweak previous; 2969 297020100423 2971 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 2972 in the openssl install directory (some newer openssl versions do this on at 2973 least some amd64 platforms). 2974 297520100418 2976 - OpenBSD CVS Sync 2977 - jmc@cvs.openbsd.org 2010/04/16 06:45:01 2978 [ssh_config.5] 2979 tweak previous; ok djm 2980 - jmc@cvs.openbsd.org 2010/04/16 06:47:04 2981 [ssh-keygen.1 ssh-keygen.c] 2982 tweak previous; ok djm 2983 - djm@cvs.openbsd.org 2010/04/16 21:14:27 2984 [sshconnect.c] 2985 oops, %r => remote username, not %u 2986 - djm@cvs.openbsd.org 2010/04/16 01:58:45 2987 [regress/cert-hostkey.sh regress/cert-userkey.sh] 2988 regression tests for v01 certificate format 2989 includes interop tests for v00 certs 2990 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 2991 file. 2992 299320100416 2994 - (djm) Release openssh-5.5p1 2995 - OpenBSD CVS Sync 2996 - djm@cvs.openbsd.org 2010/03/26 03:13:17 2997 [bufaux.c] 2998 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer 2999 argument to allow skipping past values in a buffer 3000 - jmc@cvs.openbsd.org 2010/03/26 06:54:36 3001 [ssh.1] 3002 tweak previous; 3003 - jmc@cvs.openbsd.org 2010/03/27 14:26:55 3004 [ssh_config.5] 3005 tweak previous; ok dtucker 3006 - djm@cvs.openbsd.org 2010/04/10 00:00:16 3007 [ssh.c] 3008 bz#1746 - suppress spurious tty warning when using -O and stdin 3009 is not a tty; ok dtucker@ markus@ 3010 - djm@cvs.openbsd.org 2010/04/10 00:04:30 3011 [sshconnect.c] 3012 fix terminology: we didn't find a certificate in known_hosts, we found 3013 a CA key 3014 - djm@cvs.openbsd.org 2010/04/10 02:08:44 3015 [clientloop.c] 3016 bz#1698: kill channel when pty allocation requests fail. Fixed 3017 stuck client if the server refuses pty allocation. 3018 ok dtucker@ "think so" markus@ 3019 - djm@cvs.openbsd.org 2010/04/10 02:10:56 3020 [sshconnect2.c] 3021 show the key type that we are offering in debug(), helps distinguish 3022 between certs and plain keys as the path to the private key is usually 3023 the same. 3024 - djm@cvs.openbsd.org 2010/04/10 05:48:16 3025 [mux.c] 3026 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au 3027 - djm@cvs.openbsd.org 2010/04/14 22:27:42 3028 [ssh_config.5 sshconnect.c] 3029 expand %r => remote username in ssh_config:ProxyCommand; 3030 ok deraadt markus 3031 - markus@cvs.openbsd.org 2010/04/15 20:32:55 3032 [ssh-pkcs11.c] 3033 retry lookup for private key if there's no matching key with CKA_SIGN 3034 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) 3035 ok djm@ 3036 - djm@cvs.openbsd.org 2010/04/16 01:47:26 3037 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] 3038 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] 3039 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] 3040 [sshconnect.c sshconnect2.c sshd.c] 3041 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the 3042 following changes: 3043 3044 move the nonce field to the beginning of the certificate where it can 3045 better protect against chosen-prefix attacks on the signature hash 3046 3047 Rename "constraints" field to "critical options" 3048 3049 Add a new non-critical "extensions" field 3050 3051 Add a serial number 3052 3053 The older format is still support for authentication and cert generation 3054 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) 3055 3056 ok markus@ 3057