120110403 2 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 3 [contrib/suse/openssh.spec] Prepare for 5.8p2 release. 4 - (djm) [version.h] crank version 5 - Release 5.8p2 6 720110329 8 - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds 9 noticed by tmraz AT redhat.com 10 1120110221 12 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the 13 Cygwin-specific service installer script ssh-host-config. The actual 14 functionality is the same, the revisited version is just more 15 exact when it comes to check for problems which disallow to run 16 certain aspects of the script. So, part of this script and the also 17 rearranged service helper script library "csih" is to check if all 18 the tools required to run the script are available on the system. 19 The new script also is more thorough to inform the user why the 20 script failed. Patch from vinschen at redhat com. 21 2220110206 23 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in 24 selinux code. Patch from Leonardo Chiquitto 25 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key 26 generation and simplify. Patch from Corinna Vinschen. 27 2820110204 29 - OpenBSD CVS Sync 30 - djm@cvs.openbsd.org 2011/01/31 21:42:15 31 [PROTOCOL.mux] 32 cut'n'pasto; from bert.wesarg AT googlemail.com 33 - djm@cvs.openbsd.org 2011/02/04 00:44:21 34 [key.c] 35 fix uninitialised nonce variable; reported by Mateusz Kocielski 36 - djm@cvs.openbsd.org 2011/02/04 00:44:43 37 [version.h] 38 openssh-5.8 39 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 40 [contrib/suse/openssh.spec] update versions in docs and spec files. 41 - Release OpenSSH 5.8p1 42 4320110128 44 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled 45 before attempting setfscreatecon(). Check whether matchpathcon() 46 succeeded before using its result. Patch from cjwatson AT debian.org; 47 bz#1851 48 4920110125 50 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 51 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to 52 port-linux.c to avoid compilation errors. Add -lselinux to ssh when 53 building with SELinux support to avoid linking failure; report from 54 amk AT spamfence.net; ok dtucker 55 5620110122 57 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 58 RSA_get_default_method() for the benefit of openssl versions that don't 59 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, 60 ok djm@. 61 - OpenBSD CVS Sync 62 - djm@cvs.openbsd.org 2011/01/22 09:18:53 63 [version.h] 64 crank to OpenSSH-5.7 65 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 66 [contrib/suse/openssh.spec] update versions in docs and spec files. 67 - (djm) Release 5.7p1 68 6920110119 70 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead 71 of RPM so build completes. Signatures were changed to .asc since 4.1p1. 72 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 73 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- 74 release testing (random crashes and failure to load ECC keys). 75 ok dtucker@ 76 7720110117 78 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in 79 $PATH, fix cleanup of droppings; reported by openssh AT 80 roumenpetrov.info; ok dtucker@ 81 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding 82 its unique snowflake of a gdb error to the ones we look for. 83 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running 84 ssh-add to avoid $SUDO failures on Linux 85 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new 86 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback 87 to the old values. Feedback from vapier at gentoo org and djm, ok djm. 88 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 89 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are 90 disabled on platforms that do not support them; add a "config_defined()" 91 shell function that greps for defines in config.h and use them to decide 92 on feature tests. 93 Convert a couple of existing grep's over config.h to use the new function 94 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent 95 backslash characters in filenames, enable it for Cygwin and use it to turn 96 of tests for quotes backslashes in sftp-glob.sh. 97 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 98 - (tim) [regress/agent-getpeereid.sh] shell portability fix. 99 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on 100 the tinderbox. 101 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 102 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem 103 support, based on patches from Tomas Mraz and jchadima at redhat. 104 10520110116 106 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 107 on configurations that don't have it. 108 - OpenBSD CVS Sync 109 - djm@cvs.openbsd.org 2011/01/16 11:50:05 110 [clientloop.c] 111 Use atomicio when flushing protocol 1 std{out,err} buffers at 112 session close. This was a latent bug exposed by setting a SIGCHLD 113 handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 114 - djm@cvs.openbsd.org 2011/01/16 11:50:36 115 [sshconnect.c] 116 reset the SIGPIPE handler when forking to execute child processes; 117 ok dtucker@ 118 - djm@cvs.openbsd.org 2011/01/16 12:05:59 119 [clientloop.c] 120 a couple more tweaks to the post-close protocol 1 stderr/stdout flush: 121 now that we use atomicio(), convert them from while loops to if statements 122 add test and cast to compile cleanly with -Wsigned 123 12420110114 125 - OpenBSD CVS Sync 126 - djm@cvs.openbsd.org 2011/01/13 21:54:53 127 [mux.c] 128 correct error messages; patch from bert.wesarg AT googlemail.com 129 - djm@cvs.openbsd.org 2011/01/13 21:55:25 130 [PROTOCOL.mux] 131 correct protocol names and add a couple of missing protocol number 132 defines; patch from bert.wesarg AT googlemail.com 133 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in 134 host-key-force target rather than a substitution that is replaced with a 135 comment so that the Makefile.in is still a syntactically valid Makefile 136 (useful to run the distprep target) 137 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 138 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some 139 ecdsa bits. 140 14120110113 142 - (djm) [misc.c] include time.h for nanosleep() prototype 143 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 144 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 145 ecdsa keys. ok djm. 146 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid 147 gcc warning on platforms where it defaults to int 148 - (djm) [regress/Makefile] add a few more generated files to the clean 149 target 150 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad 151 #define that was causing diffie-hellman-group-exchange-sha256 to be 152 incorrectly disabled 153 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 154 should not depend on ECC support 155 15620110112 157 - OpenBSD CVS Sync 158 - nicm@cvs.openbsd.org 2010/10/08 21:48:42 159 [openbsd-compat/glob.c] 160 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit 161 from ARG_MAX to 64K. 162 Fixes glob-using programs (notably ftp) able to be triggered to hit 163 resource limits. 164 Idea from a similar NetBSD change, original problem reported by jasper@. 165 ok millert tedu jasper 166 - djm@cvs.openbsd.org 2011/01/12 01:53:14 167 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS 168 and sanity check arguments (these will be unnecessary when we switch 169 struct glob members from being type into to size_t in the future); 170 "looks ok" tedu@ feedback guenther@ 171 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 172 silly warnings on write() calls we don't care succeed or not. 173 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 174 flag tests that don't depend on gcc version at all; suggested by and 175 ok dtucker@ 176 17720110111 178 - (tim) [regress/host-expand.sh] Fix for building outside of read only 179 source tree. 180 - (djm) [platform.c] Some missing includes that show up under -Werror 181 - OpenBSD CVS Sync 182 - djm@cvs.openbsd.org 2011/01/08 10:51:51 183 [clientloop.c] 184 use host and not options.hostname, as the latter may have unescaped 185 substitution characters 186 - djm@cvs.openbsd.org 2011/01/11 06:06:09 187 [sshlogin.c] 188 fd leak on error paths; from zinovik@ 189 NB. Id sync only; we use loginrec.c that was also audited and fixed 190 recently 191 - djm@cvs.openbsd.org 2011/01/11 06:13:10 192 [clientloop.c ssh-keygen.c sshd.c] 193 some unsigned long long casts that make things a bit easier for 194 portable without resorting to dropping PRIu64 formats everywhere 195 19620110109 197 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by 198 openssh AT roumenpetrov.info 199 20020110108 201 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress 202 test on OSX and others. Reported by imorgan AT nas.nasa.gov 203 20420110107 205 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test 206 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com 207 - djm@cvs.openbsd.org 2011/01/06 22:23:53 208 [ssh.c] 209 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT 210 googlemail.com; ok markus@ 211 - djm@cvs.openbsd.org 2011/01/06 22:23:02 212 [clientloop.c] 213 when exiting due to ServerAliveTimeout, mention the hostname that caused 214 it (useful with backgrounded controlmaster) 215 - djm@cvs.openbsd.org 2011/01/06 22:46:21 216 [regress/Makefile regress/host-expand.sh] 217 regress test for LocalCommand %n expansion from bert.wesarg AT 218 googlemail.com; ok markus@ 219 - djm@cvs.openbsd.org 2011/01/06 23:01:35 220 [sshconnect.c] 221 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; 222 ok markus@ 223 22420110106 225 - (djm) OpenBSD CVS Sync 226 - markus@cvs.openbsd.org 2010/12/08 22:46:03 227 [scp.1 scp.c] 228 add a new -3 option to scp: Copies between two remote hosts are 229 transferred through the local host. Without this option the data 230 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) 231 - jmc@cvs.openbsd.org 2010/12/09 14:13:33 232 [scp.1 scp.c] 233 scp.1: grammer fix 234 scp.c: add -3 to usage() 235 - markus@cvs.openbsd.org 2010/12/14 11:59:06 236 [sshconnect.c] 237 don't mention key type in key-changed-warning, since we also print 238 this warning if a new key type appears. ok djm@ 239 - djm@cvs.openbsd.org 2010/12/15 00:49:27 240 [readpass.c] 241 fix ControlMaster=ask regression 242 reset SIGCHLD handler before fork (and restore it after) so we don't miss 243 the the askpass child's exit status. Correct test for exit status/signal to 244 account for waitpid() failure; with claudio@ ok claudio@ markus@ 245 - djm@cvs.openbsd.org 2010/12/24 21:41:48 246 [auth-options.c] 247 don't send the actual forced command in a debug message; ok markus deraadt 248 - otto@cvs.openbsd.org 2011/01/04 20:44:13 249 [ssh-keyscan.c] 250 handle ecdsa-sha2 with various key lengths; hint and ok djm@ 251 25220110104 253 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 254 formatter if it is present, followed by nroff and groff respectively. 255 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports 256 in favour of mandoc). feedback and ok tim 257 25820110103 259 - (djm) [Makefile.in] revert local hack I didn't intend to commit 260 26120110102 262 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 263 - (djm) [configure.ac] Check whether libdes is needed when building 264 with Heimdal krb5 support. On OpenBSD this library no longer exists, 265 so linking it unconditionally causes a build failure; ok dtucker 266 26720101226 268 - (dtucker) OpenBSD CVS Sync 269 - djm@cvs.openbsd.org 2010/12/08 04:02:47 270 [ssh_config.5 sshd_config.5] 271 explain that IPQoS arguments are separated by whitespace; iirc requested 272 by jmc@ a while back 273 27420101205 275 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from 276 debugging. Spotted by djm. 277 - (dtucker) OpenBSD CVS Sync 278 - djm@cvs.openbsd.org 2010/12/03 23:49:26 279 [schnorr.c] 280 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao 281 (this code is still disabled, but apprently people are treating it as 282 a reference implementation) 283 - djm@cvs.openbsd.org 2010/12/03 23:55:27 284 [auth-rsa.c] 285 move check for revoked keys to run earlier (in auth_rsa_key_allowed) 286 bz#1829; patch from ldv AT altlinux.org; ok markus@ 287 - djm@cvs.openbsd.org 2010/12/04 00:18:01 288 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] 289 add a protocol extension to support a hard link operation. It is 290 available through the "ln" command in the client. The old "ln" 291 behaviour of creating a symlink is available using its "-s" option 292 or through the preexisting "symlink" command; based on a patch from 293 miklos AT szeredi.hu in bz#1555; ok markus@ 294 - djm@cvs.openbsd.org 2010/12/04 13:31:37 295 [hostfile.c] 296 fix fd leak; spotted and ok dtucker 297 - djm@cvs.openbsd.org 2010/12/04 00:21:19 298 [regress/sftp-cmds.sh] 299 adjust for hard-link support 300 - (dtucker) [regress/Makefile] Id sync. 301 30220101204 303 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) 304 instead of (arc4random() % range) 305 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 306 shims for the new, non-deprecated OpenSSL key generation functions for 307 platforms that don't have the new interfaces. 308 30920101201 310 - OpenBSD CVS Sync 311 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 312 [auth2-pubkey.c] 313 clean up cases of ;; 314 - djm@cvs.openbsd.org 2010/11/21 01:01:13 315 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] 316 honour $TMPDIR for client xauth and ssh-agent temporary directories; 317 feedback and ok markus@ 318 - djm@cvs.openbsd.org 2010/11/21 10:57:07 319 [authfile.c] 320 Refactor internals of private key loading and saving to work on memory 321 buffers rather than directly on files. This will make a few things 322 easier to do in the future; ok markus@ 323 - djm@cvs.openbsd.org 2010/11/23 02:35:50 324 [auth.c] 325 use strict_modes already passed as function argument over referencing 326 global options.strict_modes 327 - djm@cvs.openbsd.org 2010/11/23 23:57:24 328 [clientloop.c] 329 avoid NULL deref on receiving a channel request on an unknown or invalid 330 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 331 - djm@cvs.openbsd.org 2010/11/24 01:24:14 332 [channels.c] 333 remove a debug() that pollutes stderr on client connecting to a server 334 in debug mode (channel_close_fds is called transitively from the session 335 code post-fork); bz#1719, ok dtucker 336 - djm@cvs.openbsd.org 2010/11/25 04:10:09 337 [session.c] 338 replace close() loop for fds 3->64 with closefrom(); 339 ok markus deraadt dtucker 340 - djm@cvs.openbsd.org 2010/11/26 05:52:49 341 [scp.c] 342 Pass through ssh command-line flags and options when doing remote-remote 343 transfers, e.g. to enable agent forwarding which is particularly useful 344 in this case; bz#1837 ok dtucker@ 345 - markus@cvs.openbsd.org 2010/11/29 18:57:04 346 [authfile.c] 347 correctly load comment for encrypted rsa1 keys; 348 report/fix Joachim Schipper; ok djm@ 349 - djm@cvs.openbsd.org 2010/11/29 23:45:51 350 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] 351 [sshconnect.h sshconnect2.c] 352 automatically order the hostkeys requested by the client based on 353 which hostkeys are already recorded in known_hosts. This avoids 354 hostkey warnings when connecting to servers with new ECDSA keys 355 that are preferred by default; with markus@ 356 35720101124 358 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 359 into the platform-specific code Only affects SCO, tested by and ok tim@. 360 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow 361 group read/write. ok dtucker@ 362 - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 363 - (djm) [defines.h] Add IP DSCP defines 364 36520101122 366 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch 367 from vapier at gentoo org. 368 36920101120 370 - OpenBSD CVS Sync 371 - djm@cvs.openbsd.org 2010/11/05 02:46:47 372 [packet.c] 373 whitespace KNF 374 - djm@cvs.openbsd.org 2010/11/10 01:33:07 375 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] 376 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. 377 these have been around for years by this time. ok markus 378 - djm@cvs.openbsd.org 2010/11/13 23:27:51 379 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] 380 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] 381 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of 382 hardcoding lowdelay/throughput. 383 384 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 385 - jmc@cvs.openbsd.org 2010/11/15 07:40:14 386 [ssh_config.5] 387 libary -> library; 388 - jmc@cvs.openbsd.org 2010/11/18 15:01:00 389 [scp.1 sftp.1 ssh.1 sshd_config.5] 390 add IPQoS to the various -o lists, and zap some trailing whitespace; 391 39220101111 393 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on 394 platforms that don't support ECC. Fixes some spurious warnings reported 395 by tim@ 396 39720101109 398 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. 399 Feedback from dtucker@ 400 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 401 support for platforms missing isblank(). ok djm@ 402 40320101108 404 - (tim) [regress/Makefile] Fixes to allow building/testing outside source 405 tree. 406 - (tim) [regress/kextype.sh] Shell portability fix. 407 40820101107 409 - (dtucker) [platform.c] includes.h instead of defines.h so that we get 410 the correct typedefs. 411 41220101105 413 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 414 int. Should fix bz#1817 cleanly; ok dtucker@ 415 - OpenBSD CVS Sync 416 - djm@cvs.openbsd.org 2010/09/22 12:26:05 417 [regress/Makefile regress/kextype.sh] 418 regress test for each of the key exchange algorithms that we support 419 - djm@cvs.openbsd.org 2010/10/28 11:22:09 420 [authfile.c key.c key.h ssh-keygen.c] 421 fix a possible NULL deref on loading a corrupt ECDH key 422 423 store ECDH group information in private keys files as "named groups" 424 rather than as a set of explicit group parameters (by setting 425 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and 426 retrieves the group's OpenSSL NID that we need for various things. 427 - jmc@cvs.openbsd.org 2010/10/28 18:33:28 428 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 429 knock out some "-*- nroff -*-" lines; 430 - djm@cvs.openbsd.org 2010/11/04 02:45:34 431 [sftp-server.c] 432 umask should be parsed as octal. reported by candland AT xmission.com; 433 ok markus@ 434 - (dtucker) [configure.ac platform.{c,h} session.c 435 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. 436 Patch from cory.erickson at csu mnscu edu with a bit of rework from me. 437 ok djm@ 438 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 439 after the user's groups are established and move the selinux calls into it. 440 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 441 platform.c 442 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 443 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to 444 retain previous behavior. 445 - (dtucker) [platform.c session.c] Move the PAM credential establishment for 446 the LOGIN_CAP case into platform.c. 447 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 448 platform.c 449 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. 450 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 451 platform.c. 452 - (dtucker) [platform.c session.c] Move PAM credential establishment for the 453 non-LOGIN_CAP case into platform.c. 454 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 455 check into platform.c 456 - (dtucker) [regress/keytype.sh] Import new test. 457 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 458 Import recent changes to regress/Makefile, pass a flag to enable ECC tests 459 from configure through to regress/Makefile and use it in the tests. 460 - (dtucker) [regress/kextype.sh] Add missing "test". 461 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not 462 strictly correct since while ECC requires sha256 the reverse is not true 463 however it does prevent spurious test failures. 464 - (dtucker) [platform.c] Need servconf.h and extern options. 465 46620101025 467 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 468 1.12 to unbreak Solaris build. 469 ok djm@ 470 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a 471 native one. 472 47320101024 474 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 475 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms 476 which don't have ECC support in libcrypto. 477 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms 478 which don't have ECC support in libcrypto. 479 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't 480 have it. 481 - (dtucker) OpenBSD CVS Sync 482 - sthen@cvs.openbsd.org 2010/10/23 22:06:12 483 [sftp.c] 484 escape '[' in filename tab-completion; fix a type while there. 485 ok djm@ 486 48720101021 488 - OpenBSD CVS Sync 489 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 490 [mux.c] 491 Typo in confirmation message. bz#1827, patch from imorgan at 492 nas nasa gov 493 - djm@cvs.openbsd.org 2010/08/31 12:24:09 494 [regress/cert-hostkey.sh regress/cert-userkey.sh] 495 tests for ECDSA certificates 496 49720101011 498 - (djm) [canohost.c] Zero a4 instead of addr to better match type. 499 bz#1825, reported by foo AT mailinator.com 500 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 501 50220101011 503 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 504 dr AT vasco.com 505 50620101007 507 - (djm) [ssh-agent.c] Fix type for curve name. 508 - (djm) OpenBSD CVS Sync 509 - matthew@cvs.openbsd.org 2010/09/24 13:33:00 510 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] 511 [openbsd-compat/timingsafe_bcmp.c] 512 Add timingsafe_bcmp(3) to libc, mention that it's already in the 513 kernel in kern(9), and remove it from OpenSSH. 514 ok deraadt@, djm@ 515 NB. re-added under openbsd-compat/ for portable OpenSSH 516 - djm@cvs.openbsd.org 2010/09/25 09:30:16 517 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] 518 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server 519 rountrips to fetch per-file stat(2) information. 520 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to 521 match. 522 - djm@cvs.openbsd.org 2010/09/26 22:26:33 523 [sftp.c] 524 when performing an "ls" in columnated (short) mode, only call 525 ioctl(TIOCGWINSZ) once to get the window width instead of per- 526 filename 527 - djm@cvs.openbsd.org 2010/09/30 11:04:51 528 [servconf.c] 529 prevent free() of string in .rodata when overriding AuthorizedKeys in 530 a Match block; patch from rein AT basefarm.no 531 - djm@cvs.openbsd.org 2010/10/01 23:05:32 532 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] 533 adapt to API changes in openssl-1.0.0a 534 NB. contains compat code to select correct API for older OpenSSL 535 - djm@cvs.openbsd.org 2010/10/05 05:13:18 536 [sftp.c sshconnect.c] 537 use default shell /bin/sh if $SHELL is ""; ok markus@ 538 - djm@cvs.openbsd.org 2010/10/06 06:39:28 539 [clientloop.c ssh.c sshconnect.c sshconnect.h] 540 kill proxy command on fatal() (we already kill it on clean exit); 541 ok markus@ 542 - djm@cvs.openbsd.org 2010/10/06 21:10:21 543 [sshconnect.c] 544 swapped args to kill(2) 545 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 546 - (djm) [cipher-acss.c] Add missing header. 547 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 548 54920100924 550 - (djm) OpenBSD CVS Sync 551 - naddy@cvs.openbsd.org 2010/09/10 15:19:29 552 [ssh-keygen.1] 553 * mention ECDSA in more places 554 * less repetition in FILES section 555 * SSHv1 keys are still encrypted with 3DES 556 help and ok jmc@ 557 - djm@cvs.openbsd.org 2010/09/11 21:44:20 558 [ssh.1] 559 mention RFC 5656 for ECC stuff 560 - jmc@cvs.openbsd.org 2010/09/19 21:30:05 561 [sftp.1] 562 more wacky macro fixing; 563 - djm@cvs.openbsd.org 2010/09/20 04:41:47 564 [ssh.c] 565 install a SIGCHLD handler to reap expiried child process; ok markus@ 566 - djm@cvs.openbsd.org 2010/09/20 04:50:53 567 [jpake.c schnorr.c] 568 check that received values are smaller than the group size in the 569 disabled and unfinished J-PAKE code. 570 avoids catastrophic security failure found by Sebastien Martini 571 - djm@cvs.openbsd.org 2010/09/20 04:54:07 572 [jpake.c] 573 missing #include 574 - djm@cvs.openbsd.org 2010/09/20 07:19:27 575 [mux.c] 576 "atomically" create the listening mux socket by binding it on a temorary 577 name and then linking it into position after listen() has succeeded. 578 this allows the mux clients to determine that the server socket is 579 either ready or stale without races. stale server sockets are now 580 automatically removed 581 ok deraadt 582 - djm@cvs.openbsd.org 2010/09/22 05:01:30 583 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] 584 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] 585 add a KexAlgorithms knob to the client and server configuration to allow 586 selection of which key exchange methods are used by ssh(1) and sshd(8) 587 and their order of preference. 588 ok markus@ 589 - jmc@cvs.openbsd.org 2010/09/22 08:30:08 590 [ssh.1 ssh_config.5] 591 ssh.1: add kexalgorithms to the -o list 592 ssh_config.5: format the kexalgorithms in a more consistent 593 (prettier!) way 594 ok djm 595 - djm@cvs.openbsd.org 2010/09/22 22:58:51 596 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] 597 [sftp-client.h sftp.1 sftp.c] 598 add an option per-read/write callback to atomicio 599 600 factor out bandwidth limiting code from scp(1) into a generic bandwidth 601 limiter that can be attached using the atomicio callback mechanism 602 603 add a bandwidth limit option to sftp(1) using the above 604 "very nice" markus@ 605 - jmc@cvs.openbsd.org 2010/09/23 13:34:43 606 [sftp.c] 607 add [-l limit] to usage(); 608 - jmc@cvs.openbsd.org 2010/09/23 13:36:46 609 [scp.1 sftp.1] 610 add KexAlgorithms to the -o list; 611 61220100910 613 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact 614 return code since it can apparently return -1 under some conditions. From 615 openssh bugs werbittewas de, ok djm@ 616 - OpenBSD CVS Sync 617 - djm@cvs.openbsd.org 2010/08/31 12:33:38 618 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 619 reintroduce commit from tedu@, which I pulled out for release 620 engineering: 621 OpenSSL_add_all_algorithms is the name of the function we have a 622 man page for, so use that. ok djm 623 - jmc@cvs.openbsd.org 2010/08/31 17:40:54 624 [ssh-agent.1] 625 fix some macro abuse; 626 - jmc@cvs.openbsd.org 2010/08/31 21:14:58 627 [ssh.1] 628 small text tweak to accommodate previous; 629 - naddy@cvs.openbsd.org 2010/09/01 15:21:35 630 [servconf.c] 631 pick up ECDSA host key by default; ok djm@ 632 - markus@cvs.openbsd.org 2010/09/02 16:07:25 633 [ssh-keygen.c] 634 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 635 - markus@cvs.openbsd.org 2010/09/02 16:08:39 636 [ssh.c] 637 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 638 - naddy@cvs.openbsd.org 2010/09/02 17:21:50 639 [ssh-keygen.c] 640 Switch ECDSA default key size to 256 bits, which according to RFC5656 641 should still be better than our current RSA-2048 default. 642 ok djm@, markus@ 643 - jmc@cvs.openbsd.org 2010/09/03 11:09:29 644 [scp.1] 645 add an EXIT STATUS section for /usr/bin; 646 - jmc@cvs.openbsd.org 2010/09/04 09:38:34 647 [ssh-add.1 ssh.1] 648 two more EXIT STATUS sections; 649 - naddy@cvs.openbsd.org 2010/09/06 17:10:19 650 [sshd_config] 651 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste 652 <mattieu.b@gmail.com> 653 ok deraadt@ 654 - djm@cvs.openbsd.org 2010/09/08 03:54:36 655 [authfile.c] 656 typo 657 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 658 [compress.c] 659 work around name-space collisions some buggy compilers (looking at you 660 gcc, at least in earlier versions, but this does not forgive your current 661 transgressions) seen between zlib and openssl 662 ok djm 663 - djm@cvs.openbsd.org 2010/09/09 10:45:45 664 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] 665 ECDH/ECDSA compliance fix: these methods vary the hash function they use 666 (SHA256/384/512) depending on the length of the curve in use. The previous 667 code incorrectly used SHA256 in all cases. 668 669 This fix will cause authentication failure when using 384 or 521-bit curve 670 keys if one peer hasn't been upgraded and the other has. (256-bit curve 671 keys work ok). In particular you may need to specify HostkeyAlgorithms 672 when connecting to a server that has not been upgraded from an upgraded 673 client. 674 675 ok naddy@ 676 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 677 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] 678 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on 679 platforms that don't have the requisite OpenSSL support. ok dtucker@ 680 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 681 for missing headers and compiler warnings. 682 68320100831 684 - OpenBSD CVS Sync 685 - jmc@cvs.openbsd.org 2010/08/08 19:36:30 686 [ssh-keysign.8 ssh.1 sshd.8] 687 use the same template for all FILES sections; i.e. -compact/.Pp where we 688 have multiple items, and .Pa for path names; 689 - tedu@cvs.openbsd.org 2010/08/12 23:34:39 690 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 691 OpenSSL_add_all_algorithms is the name of the function we have a man page 692 for, so use that. ok djm 693 - djm@cvs.openbsd.org 2010/08/16 04:06:06 694 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 695 backout previous temporarily; discussed with deraadt@ 696 - djm@cvs.openbsd.org 2010/08/31 09:58:37 697 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] 698 [packet.h ssh-dss.c ssh-rsa.c] 699 Add buffer_get_cstring() and related functions that verify that the 700 string extracted from the buffer contains no embedded \0 characters* 701 This prevents random (possibly malicious) crap from being appended to 702 strings where it would not be noticed if the string is used with 703 a string(3) function. 704 705 Use the new API in a few sensitive places. 706 707 * actually, we allow a single one at the end of the string for now because 708 we don't know how many deployed implementations get this wrong, but don't 709 count on this to remain indefinitely. 710 - djm@cvs.openbsd.org 2010/08/31 11:54:45 711 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] 712 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] 713 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] 714 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] 715 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] 716 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] 717 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] 718 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and 719 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer 720 better performance than plain DH and DSA at the same equivalent symmetric 721 key length, as well as much shorter keys. 722 723 Only the mandatory sections of RFC5656 are implemented, specifically the 724 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and 725 ECDSA. Point compression (optional in RFC5656 is NOT implemented). 726 727 Certificate host and user keys using the new ECDSA key types are supported. 728 729 Note that this code has not been tested for interoperability and may be 730 subject to change. 731 732 feedback and ok markus@ 733 - (djm) [Makefile.in] Add new ECC files 734 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include 735 includes.h 736 73720100827 738 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, 739 remove. Patch from martynas at venck us 740 74120100823 742 - (djm) Release OpenSSH-5.6p1 743 74420100816 745 - (dtucker) [configure.ac openbsd-compat/Makefile.in 746 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to 747 the compat library which helps on platforms like old IRIX. Based on work 748 by djm, tested by Tom Christensen. 749 - OpenBSD CVS Sync 750 - djm@cvs.openbsd.org 2010/08/12 21:49:44 751 [ssh.c] 752 close any extra file descriptors inherited from parent at start and 753 reopen stdin/stdout to /dev/null when forking for ControlPersist. 754 755 prevents tools that fork and run a captive ssh for communication from 756 failing to exit when the ssh completes while they wait for these fds to 757 close. The inherited fds may persist arbitrarily long if a background 758 mux master has been started by ControlPersist. cvs and scp were effected 759 by this. 760 761 "please commit" markus@ 762 - (djm) [regress/README.regress] typo 763 76420100812 765 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh 766 regress/test-exec.sh] Under certain conditions when testing with sudo 767 tests would fail because the pidfile could not be read by a regular user. 768 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" 769 Make sure cat is run by $SUDO. no objection from me. djm@ 770 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. 771 77220100809 773 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is 774 already set. Makes FreeBSD user openable tunnels useful; patch from 775 richard.burakowski+ossh AT mrburak.net, ok dtucker@ 776 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. 777 based in part on a patch from Colin Watson, ok djm@ 778 77920100809 780 - OpenBSD CVS Sync 781 - djm@cvs.openbsd.org 2010/08/08 16:26:42 782 [version.h] 783 crank to 5.6 784 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 785 [contrib/suse/openssh.spec] Crank version numbers 786 78720100805 788 - OpenBSD CVS Sync 789 - djm@cvs.openbsd.org 2010/08/04 05:37:01 790 [ssh.1 ssh_config.5 sshd.8] 791 Remove mentions of weird "addr/port" alternate address format for IPv6 792 addresses combinations. It hasn't worked for ages and we have supported 793 the more commen "[addr]:port" format for a long time. ok jmc@ markus@ 794 - djm@cvs.openbsd.org 2010/08/04 05:40:39 795 [PROTOCOL.certkeys ssh-keygen.c] 796 tighten the rules for certificate encoding by requiring that options 797 appear in lexical order and make our ssh-keygen comply. ok markus@ 798 - djm@cvs.openbsd.org 2010/08/04 05:42:47 799 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] 800 [ssh-keysign.c ssh.c] 801 enable certificates for hostbased authentication, from Iain Morgan; 802 "looks ok" markus@ 803 - djm@cvs.openbsd.org 2010/08/04 05:49:22 804 [authfile.c] 805 commited the wrong version of the hostbased certificate diff; this 806 version replaces some strlc{py,at} verbosity with xasprintf() at 807 the request of markus@ 808 - djm@cvs.openbsd.org 2010/08/04 06:07:11 809 [ssh-keygen.1 ssh-keygen.c] 810 Support CA keys in PKCS#11 tokens; feedback and ok markus@ 811 - djm@cvs.openbsd.org 2010/08/04 06:08:40 812 [ssh-keysign.c] 813 clean for -Wuninitialized (Id sync only; portable had this change) 814 - djm@cvs.openbsd.org 2010/08/05 13:08:42 815 [channels.c] 816 Fix a trio of bugs in the local/remote window calculation for datagram 817 data channels (i.e. TunnelForward): 818 819 Calculate local_consumed correctly in channel_handle_wfd() by measuring 820 the delta to buffer_len(c->output) from when we start to when we finish. 821 The proximal problem here is that the output_filter we use in portable 822 modified the length of the dequeued datagram (to futz with the headers 823 for !OpenBSD). 824 825 In channel_output_poll(), don't enqueue datagrams that won't fit in the 826 peer's advertised packet size (highly unlikely to ever occur) or which 827 won't fit in the peer's remaining window (more likely). 828 829 In channel_input_data(), account for the 4-byte string header in 830 datagram packets that we accept from the peer and enqueue in c->output. 831 832 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; 833 "looks good" markus@ 834 83520100803 836 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from 837 PAM to sane values in case the PAM method doesn't write to them. Spotted by 838 Bitman Zhou, ok djm@. 839 - OpenBSD CVS Sync 840 - djm@cvs.openbsd.org 2010/07/16 04:45:30 841 [ssh-keygen.c] 842 avoid bogus compiler warning 843 - djm@cvs.openbsd.org 2010/07/16 14:07:35 844 [ssh-rsa.c] 845 more timing paranoia - compare all parts of the expected decrypted 846 data before returning. AFAIK not exploitable in the SSH protocol. 847 "groovy" deraadt@ 848 - djm@cvs.openbsd.org 2010/07/19 03:16:33 849 [sftp-client.c] 850 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive 851 upload depth checks and causing verbose printing of transfers to always 852 be turned on; patch from imorgan AT nas.nasa.gov 853 - djm@cvs.openbsd.org 2010/07/19 09:15:12 854 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] 855 add a "ControlPersist" option that automatically starts a background 856 ssh(1) multiplex master when connecting. This connection can stay alive 857 indefinitely, or can be set to automatically close after a user-specified 858 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but 859 further hacked on by wmertens AT cisco.com, apb AT cequrux.com, 860 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ 861 - djm@cvs.openbsd.org 2010/07/21 02:10:58 862 [misc.c] 863 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern 864 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 865 [ssh.1] 866 Ciphers is documented in ssh_config(5) these days 867 86820100819 869 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more 870 details about its behaviour WRT existing directories. Patch from 871 asguthrie at gmail com, ok djm. 872 87320100716 874 - (djm) OpenBSD CVS Sync 875 - djm@cvs.openbsd.org 2010/07/02 04:32:44 876 [misc.c] 877 unbreak strdelim() skipping past quoted strings, e.g. 878 AllowUsers "blah blah" blah 879 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com 880 ok dtucker; 881 - djm@cvs.openbsd.org 2010/07/12 22:38:52 882 [ssh.c] 883 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") 884 for protocol 2. ok markus@ 885 - djm@cvs.openbsd.org 2010/07/12 22:41:13 886 [ssh.c ssh_config.5] 887 expand %h to the hostname in ssh_config Hostname options. While this 888 sounds useless, it is actually handy for working with unqualified 889 hostnames: 890 891 Host *.* 892 Hostname %h 893 Host * 894 Hostname %h.example.org 895 896 "I like it" markus@ 897 - djm@cvs.openbsd.org 2010/07/13 11:52:06 898 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] 899 [packet.c ssh-rsa.c] 900 implement a timing_safe_cmp() function to compare memory without leaking 901 timing information by short-circuiting like memcmp() and use it for 902 some of the more sensitive comparisons (though nothing high-value was 903 readily attackable anyway); "looks ok" markus@ 904 - djm@cvs.openbsd.org 2010/07/13 23:13:16 905 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] 906 [ssh-rsa.c] 907 s/timing_safe_cmp/timingsafe_bcmp/g 908 - jmc@cvs.openbsd.org 2010/07/14 17:06:58 909 [ssh.1] 910 finally ssh synopsis looks nice again! this commit just removes a ton of 911 hacks we had in place to make it work with old groff; 912 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 913 [ssh-keygen.1] 914 repair incorrect block nesting, which screwed up indentation; 915 problem reported and fix OK by jmc@ 916 91720100714 918 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass 919 (line 77) should have been for no_x11_askpass. 920 92120100702 922 - (djm) OpenBSD CVS Sync 923 - jmc@cvs.openbsd.org 2010/06/26 00:57:07 924 [ssh_config.5] 925 tweak previous; 926 - djm@cvs.openbsd.org 2010/06/26 23:04:04 927 [ssh.c] 928 oops, forgot to #include <canohost.h>; spotted and patch from chl@ 929 - djm@cvs.openbsd.org 2010/06/29 23:15:30 930 [ssh-keygen.1 ssh-keygen.c] 931 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; 932 bz#1749; ok markus@ 933 - djm@cvs.openbsd.org 2010/06/29 23:16:46 934 [auth2-pubkey.c sshd_config.5] 935 allow key options (command="..." and friends) in AuthorizedPrincipals; 936 ok markus@ 937 - jmc@cvs.openbsd.org 2010/06/30 07:24:25 938 [ssh-keygen.1] 939 tweak previous; 940 - jmc@cvs.openbsd.org 2010/06/30 07:26:03 941 [ssh-keygen.c] 942 sort usage(); 943 - jmc@cvs.openbsd.org 2010/06/30 07:28:34 944 [sshd_config.5] 945 tweak previous; 946 - millert@cvs.openbsd.org 2010/07/01 13:06:59 947 [scp.c] 948 Fix a longstanding problem where if you suspend scp at the 949 password/passphrase prompt the terminal mode is not restored. 950 OK djm@ 951 - phessler@cvs.openbsd.org 2010/06/27 19:19:56 952 [regress/Makefile] 953 fix how we run the tests so we can successfully use SUDO='sudo -E' 954 in our env 955 - djm@cvs.openbsd.org 2010/06/29 23:59:54 956 [cert-userkey.sh] 957 regress tests for key options in AuthorizedPrincipals 958 95920100627 960 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs 961 key.h. 962 96320100626 964 - (djm) OpenBSD CVS Sync 965 - djm@cvs.openbsd.org 2010/05/21 05:00:36 966 [misc.c] 967 colon() returns char*, so s/return (0)/return NULL/ 968 - markus@cvs.openbsd.org 2010/06/08 21:32:19 969 [ssh-pkcs11.c] 970 check length of value returned C_GetAttributValue for != 0 971 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ 972 - djm@cvs.openbsd.org 2010/06/17 07:07:30 973 [mux.c] 974 Correct sizing of object to be allocated by calloc(), replacing 975 sizeof(state) with sizeof(*state). This worked by accident since 976 the struct contained a single int at present, but could have broken 977 in the future. patch from hyc AT symas.com 978 - djm@cvs.openbsd.org 2010/06/18 00:58:39 979 [sftp.c] 980 unbreak ls in working directories that contains globbing characters in 981 their pathnames. bz#1655 reported by vgiffin AT apple.com 982 - djm@cvs.openbsd.org 2010/06/18 03:16:03 983 [session.c] 984 Missing check for chroot_director == "none" (we already checked against 985 NULL); bz#1564 from Jan.Pechanec AT Sun.COM 986 - djm@cvs.openbsd.org 2010/06/18 04:43:08 987 [sftp-client.c] 988 fix memory leak in do_realpath() error path; bz#1771, patch from 989 anicka AT suse.cz 990 - djm@cvs.openbsd.org 2010/06/22 04:22:59 991 [servconf.c sshd_config.5] 992 expose some more sshd_config options inside Match blocks: 993 AuthorizedKeysFile AuthorizedPrincipalsFile 994 HostbasedUsesNameFromPacketOnly PermitTunnel 995 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ 996 - djm@cvs.openbsd.org 2010/06/22 04:32:06 997 [ssh-keygen.c] 998 standardise error messages when attempting to open private key 999 files to include "progname: filename: error reason" 1000 bz#1783; ok dtucker@ 1001 - djm@cvs.openbsd.org 2010/06/22 04:49:47 1002 [auth.c] 1003 queue auth debug messages for bad ownership or permissions on the user's 1004 keyfiles. These messages will be sent after the user has successfully 1005 authenticated (where our client will display them with LogLevel=debug). 1006 bz#1554; ok dtucker@ 1007 - djm@cvs.openbsd.org 2010/06/22 04:54:30 1008 [ssh-keyscan.c] 1009 replace verbose and overflow-prone Linebuf code with read_keyfile_line() 1010 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ 1011 - djm@cvs.openbsd.org 2010/06/22 04:59:12 1012 [session.c] 1013 include the user name on "subsystem request for ..." log messages; 1014 bz#1571; ok dtucker@ 1015 - djm@cvs.openbsd.org 2010/06/23 02:59:02 1016 [ssh-keygen.c] 1017 fix printing of extensions in v01 certificates that I broke in r1.190 1018 - djm@cvs.openbsd.org 2010/06/25 07:14:46 1019 [channels.c mux.c readconf.c readconf.h ssh.h] 1020 bz#1327: remove hardcoded limit of 100 permitopen clauses and port 1021 forwards per direction; ok markus@ stevesk@ 1022 - djm@cvs.openbsd.org 2010/06/25 07:20:04 1023 [channels.c session.c] 1024 bz#1750: fix requirement for /dev/null inside ChrootDirectory for 1025 internal-sftp accidentally introduced in r1.253 by removing the code 1026 that opens and dup /dev/null to stderr and modifying the channels code 1027 to read stderr but discard it instead; ok markus@ 1028 - djm@cvs.openbsd.org 2010/06/25 08:46:17 1029 [auth1.c auth2-none.c] 1030 skip the initial check for access with an empty password when 1031 PermitEmptyPasswords=no; bz#1638; ok markus@ 1032 - djm@cvs.openbsd.org 2010/06/25 23:10:30 1033 [ssh.c] 1034 log the hostname and address that we connected to at LogLevel=verbose 1035 after authentication is successful to mitigate "phishing" attacks by 1036 servers with trusted keys that accept authentication silently and 1037 automatically before presenting fake password/passphrase prompts; 1038 "nice!" markus@ 1039 - djm@cvs.openbsd.org 2010/06/25 23:10:30 1040 [ssh.c] 1041 log the hostname and address that we connected to at LogLevel=verbose 1042 after authentication is successful to mitigate "phishing" attacks by 1043 servers with trusted keys that accept authentication silently and 1044 automatically before presenting fake password/passphrase prompts; 1045 "nice!" markus@ 1046 104720100622 1048 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 1049 bz#1579; ok dtucker 1050 105120100618 1052 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ 1053 rather than assuming that $CWD == $HOME. bz#1500, patch from 1054 timothy AT gelter.com 1055 105620100617 1057 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete 1058 minires-devel package, and to add the reference to the libedit-devel 1059 package since CYgwin now provides libedit. Patch from Corinna Vinschen. 1060 106120100521 1062 - (djm) OpenBSD CVS Sync 1063 - djm@cvs.openbsd.org 2010/05/07 11:31:26 1064 [regress/Makefile regress/cert-userkey.sh] 1065 regress tests for AuthorizedPrincipalsFile and "principals=" key option. 1066 feedback and ok markus@ 1067 - djm@cvs.openbsd.org 2010/05/11 02:58:04 1068 [auth-rsa.c] 1069 don't accept certificates marked as "cert-authority" here; ok markus@ 1070 - djm@cvs.openbsd.org 2010/05/14 00:47:22 1071 [ssh-add.c] 1072 check that the certificate matches the corresponding private key before 1073 grafting it on 1074 - djm@cvs.openbsd.org 2010/05/14 23:29:23 1075 [channels.c channels.h mux.c ssh.c] 1076 Pause the mux channel while waiting for reply from aynch callbacks. 1077 Prevents misordering of replies if new requests arrive while waiting. 1078 1079 Extend channel open confirm callback to allow signalling failure 1080 conditions as well as success. Use this to 1) fix a memory leak, 2) 1081 start using the above pause mechanism and 3) delay sending a success/ 1082 failure message on mux slave session open until we receive a reply from 1083 the server. 1084 1085 motivated by and with feedback from markus@ 1086 - markus@cvs.openbsd.org 2010/05/16 12:55:51 1087 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] 1088 mux support for remote forwarding with dynamic port allocation, 1089 use with 1090 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` 1091 feedback and ok djm@ 1092 - djm@cvs.openbsd.org 2010/05/20 11:25:26 1093 [auth2-pubkey.c] 1094 fix logspam when key options (from="..." especially) deny non-matching 1095 keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 1096 - djm@cvs.openbsd.org 2010/05/20 23:46:02 1097 [PROTOCOL.certkeys auth-options.c ssh-keygen.c] 1098 Move the permit-* options to the non-critical "extensions" field for v01 1099 certificates. The logic is that if another implementation fails to 1100 implement them then the connection just loses features rather than fails 1101 outright. 1102 1103 ok markus@ 1104 110520100511 1106 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve 1107 circular dependency problem on old or odd platforms. From Tom Lane, ok 1108 djm@. 1109 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older 1110 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't 1111 already. ok dtucker@ 1112 111320100510 1114 - OpenBSD CVS Sync 1115 - djm@cvs.openbsd.org 2010/04/23 01:47:41 1116 [ssh-keygen.c] 1117 bz#1740: display a more helpful error message when $HOME is 1118 inaccessible while trying to create .ssh directory. Based on patch 1119 from jchadima AT redhat.com; ok dtucker@ 1120 - djm@cvs.openbsd.org 2010/04/23 22:27:38 1121 [mux.c] 1122 set "detach_close" flag when registering channel cleanup callbacks. 1123 This causes the channel to close normally when its fds close and 1124 hangs when terminating a mux slave using ~. bz#1758; ok markus@ 1125 - djm@cvs.openbsd.org 2010/04/23 22:42:05 1126 [session.c] 1127 set stderr to /dev/null for subsystems rather than just closing it. 1128 avoids hangs if a subsystem or shell initialisation writes to stderr. 1129 bz#1750; ok markus@ 1130 - djm@cvs.openbsd.org 2010/04/23 22:48:31 1131 [ssh-keygen.c] 1132 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, 1133 since we would refuse to use them anyway. bz#1516; ok dtucker@ 1134 - djm@cvs.openbsd.org 2010/04/26 22:28:24 1135 [sshconnect2.c] 1136 bz#1502: authctxt.success is declared as an int, but passed by 1137 reference to function that accepts sig_atomic_t*. Convert it to 1138 the latter; ok markus@ dtucker@ 1139 - djm@cvs.openbsd.org 2010/05/01 02:50:50 1140 [PROTOCOL.certkeys] 1141 typo; jmeltzer@ 1142 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 1143 [sftp.c] 1144 restore mput and mget which got lost in the tab-completion changes. 1145 found by Kenneth Whitaker, ok djm@ 1146 - djm@cvs.openbsd.org 2010/05/07 11:30:30 1147 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] 1148 [key.c servconf.c servconf.h sshd.8 sshd_config.5] 1149 add some optional indirection to matching of principal names listed 1150 in certificates. Currently, a certificate must include the a user's name 1151 to be accepted for authentication. This change adds the ability to 1152 specify a list of certificate principal names that are acceptable. 1153 1154 When authenticating using a CA trusted through ~/.ssh/authorized_keys, 1155 this adds a new principals="name1[,name2,...]" key option. 1156 1157 For CAs listed through sshd_config's TrustedCAKeys option, a new config 1158 option "AuthorizedPrincipalsFile" specifies a per-user file containing 1159 the list of acceptable names. 1160 1161 If either option is absent, the current behaviour of requiring the 1162 username to appear in principals continues to apply. 1163 1164 These options are useful for role accounts, disjoint account namespaces 1165 and "user@realm"-style naming policies in certificates. 1166 1167 feedback and ok markus@ 1168 - jmc@cvs.openbsd.org 2010/05/07 12:49:17 1169 [sshd_config.5] 1170 tweak previous; 1171 117220100423 1173 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 1174 in the openssl install directory (some newer openssl versions do this on at 1175 least some amd64 platforms). 1176 117720100418 1178 - OpenBSD CVS Sync 1179 - jmc@cvs.openbsd.org 2010/04/16 06:45:01 1180 [ssh_config.5] 1181 tweak previous; ok djm 1182 - jmc@cvs.openbsd.org 2010/04/16 06:47:04 1183 [ssh-keygen.1 ssh-keygen.c] 1184 tweak previous; ok djm 1185 - djm@cvs.openbsd.org 2010/04/16 21:14:27 1186 [sshconnect.c] 1187 oops, %r => remote username, not %u 1188 - djm@cvs.openbsd.org 2010/04/16 01:58:45 1189 [regress/cert-hostkey.sh regress/cert-userkey.sh] 1190 regression tests for v01 certificate format 1191 includes interop tests for v00 certs 1192 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 1193 file. 1194 119520100416 1196 - (djm) Release openssh-5.5p1 1197 - OpenBSD CVS Sync 1198 - djm@cvs.openbsd.org 2010/03/26 03:13:17 1199 [bufaux.c] 1200 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer 1201 argument to allow skipping past values in a buffer 1202 - jmc@cvs.openbsd.org 2010/03/26 06:54:36 1203 [ssh.1] 1204 tweak previous; 1205 - jmc@cvs.openbsd.org 2010/03/27 14:26:55 1206 [ssh_config.5] 1207 tweak previous; ok dtucker 1208 - djm@cvs.openbsd.org 2010/04/10 00:00:16 1209 [ssh.c] 1210 bz#1746 - suppress spurious tty warning when using -O and stdin 1211 is not a tty; ok dtucker@ markus@ 1212 - djm@cvs.openbsd.org 2010/04/10 00:04:30 1213 [sshconnect.c] 1214 fix terminology: we didn't find a certificate in known_hosts, we found 1215 a CA key 1216 - djm@cvs.openbsd.org 2010/04/10 02:08:44 1217 [clientloop.c] 1218 bz#1698: kill channel when pty allocation requests fail. Fixed 1219 stuck client if the server refuses pty allocation. 1220 ok dtucker@ "think so" markus@ 1221 - djm@cvs.openbsd.org 2010/04/10 02:10:56 1222 [sshconnect2.c] 1223 show the key type that we are offering in debug(), helps distinguish 1224 between certs and plain keys as the path to the private key is usually 1225 the same. 1226 - djm@cvs.openbsd.org 2010/04/10 05:48:16 1227 [mux.c] 1228 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au 1229 - djm@cvs.openbsd.org 2010/04/14 22:27:42 1230 [ssh_config.5 sshconnect.c] 1231 expand %r => remote username in ssh_config:ProxyCommand; 1232 ok deraadt markus 1233 - markus@cvs.openbsd.org 2010/04/15 20:32:55 1234 [ssh-pkcs11.c] 1235 retry lookup for private key if there's no matching key with CKA_SIGN 1236 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) 1237 ok djm@ 1238 - djm@cvs.openbsd.org 2010/04/16 01:47:26 1239 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] 1240 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] 1241 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] 1242 [sshconnect.c sshconnect2.c sshd.c] 1243 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the 1244 following changes: 1245 1246 move the nonce field to the beginning of the certificate where it can 1247 better protect against chosen-prefix attacks on the signature hash 1248 1249 Rename "constraints" field to "critical options" 1250 1251 Add a new non-critical "extensions" field 1252 1253 Add a serial number 1254 1255 The older format is still support for authentication and cert generation 1256 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) 1257 1258 ok markus@ 1259 1260