xref: /freebsd/crypto/openssh/ChangeLog (revision a0ee8cc636cd5c2374ec44ca71226564ea0bca95)
120131006
2 - (djm) Release OpenSSH-6.7
3
420141003
5 - (djm) [sshd_config.5] typo; from Iain Morgan
6
720141001
8 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c]
9   [openbsd-compat/openbsd-compat.h] Kludge around bad glibc
10   _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets;
11   ok dtucker@
12
1320140910
14 - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc;
15   patch from Felix von Leitner; ok dtucker
16
1720140908
18 - (dtucker) [INSTALL] Update info about egd.  ok djm@
19
2020140904
21 - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG
22
2320140903
24 - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and
25   conditionalise to avoid duplicate definition.
26 - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to
27   permissions/ACLs; from Corinna Vinschen
28
2920140830
30 - (djm) [openbsd-compat/openssl-compat.h] add
31   OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them
32 - (djm) [misc.c] Missing newline between functions
33 - (djm) [openbsd-compat/openssl-compat.h] add include guard
34 - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@
35
3620140827
37 - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
38   [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
39   [regress/unittests/sshkey/common.c]
40   [regress/unittests/sshkey/test_file.c]
41   [regress/unittests/sshkey/test_fuzz.c]
42   [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h
43   on !ECC OpenSSL systems
44 - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
45   monitor, not preauth; bz#2263
46 - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
47   using memset_s() where possible; improve fallback to indirect bzero
48   via a volatile pointer to give it more of a chance to avoid being
49   optimised away.
50
5120140825
52 - (djm) [bufec.c] Skip this file on !ECC OpenSSL
53 - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL,
54   update OpenSSL version requirement.
55
5620140824
57 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not
58   PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen
59
6020140823
61 - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
62   lastlog writing on platforms with high UIDs; bz#2263
63 - (djm) [configure.ac] We now require a working vsnprintf everywhere (not
64   just for systems that lack asprintf); check for it always and extend
65   test to catch more brokenness. Fixes builds on Solaris <= 9
66
6720140822
68 - (djm) [configure.ac] include leading zero characters in OpenSSL version
69   number; fixes test for unsupported versions
70 - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC
71 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/
72   definition mismatch) and warning for broken/missing snprintf case.
73 - (djm) [configure.ac] double braces to appease autoconf
74
7520140821
76 - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too.
77 - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL
78 - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that
79   don't set __progname. Diagnosed by Tom Christensen.
80
8120140820
82 - (djm) [configure.ac] Check OpenSSL version is supported at configure time;
83   suggested by Kevin Brott
84 - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than
85   -L/-l; fixes linking problems on some platforms
86 - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC
87 - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna
88
8920140819
90 - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen
91 - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC.
92 - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG
93 - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README]
94   [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions
95   of TCP wrappers.
96
9720140811
98 - (djm) [myproposal.h] Make curve25519 KEX dependent on
99   HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC.
100
10120140810
102 - (djm) [README contrib/caldera/openssh.spec]
103   [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions
104
10520140801
106 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need
107   a better solution, but this will have to do for now.
108 - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin
109   is closed; avoid regress failures when stdin is /dev/null
110 - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate
111   nc from stdin, it's more portable
112
11320140730
114 - OpenBSD CVS Sync
115   - millert@cvs.openbsd.org 2014/07/24 22:57:10
116     [ssh.1]
117     Mention UNIX-domain socket forwarding too.  OK jmc@ deraadt@
118   - dtucker@cvs.openbsd.org 2014/07/25 21:22:03
119     [ssh-agent.c]
120     Clear buffer used for handling messages.  This prevents keys being
121     left in memory after they have been expired or deleted in some cases
122     (but note that ssh-agent is setgid so you would still need root to
123     access them).  Pointed out by Kevin Burns, ok deraadt
124   - schwarze@cvs.openbsd.org 2014/07/28 15:40:08
125     [sftp-server.8 sshd_config.5]
126     some systems no longer need /dev/log;
127     issue noticed by jirib;
128     ok deraadt
129
13020140725
131 - (djm) [regress/multiplex.sh] restore incorrectly deleted line;
132   pointed out by Christian Hesse
133
13420140722
135 - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow;
136   put it back
137 - (djm) [regress/multiplex.sh] change the test for still-open Unix
138   domain sockets to be robust against nc implementations that produce
139   error messages.
140 - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa-
141   specific tests inside OPENSSL_HAS_ECC.
142 - (dtucker) OpenBSD CVS Sync
143   - dtucker@cvs.openbsd.org 2014/07/22 01:18:50
144     [key.c]
145     Prevent spam from key_load_private_pem during hostbased auth.  ok djm@
146   - guenther@cvs.openbsd.org 2014/07/22 07:13:42
147     [umac.c]
148     Convert from <sys/endian.h> to the shiney new <endian.h>
149     ok dtucker@, who also confirmed that -portable handles this already
150     (ID sync only, includes.h pulls in endian.h if available.)
151   - djm@cvs.openbsd.org 2014/07/22 01:32:12
152     [regress/multiplex.sh]
153     change the test for still-open Unix domain sockets to be robust against
154     nc implementations that produce error messages. from -portable
155     (Id sync only)
156   - dtucker@cvs.openbsd.org 2014/07/22 23:23:22
157     [regress/unittests/sshkey/mktestdata.sh]
158     Sign test certs with ed25519 instead of ecdsa so that they'll work in
159     -portable on platforms that don't have ECDSA in their OpenSSL.  ok djm
160   - dtucker@cvs.openbsd.org 2014/07/22 23:57:40
161     [regress/unittests/sshkey/mktestdata.sh]
162     Add $OpenBSD tag to make syncs easier
163   - dtucker@cvs.openbsd.org 2014/07/22 23:35:38
164     [regress/unittests/sshkey/testdata/*]
165     Regenerate test keys with certs signed with ed25519 instead of ecdsa.
166     These can be used in -portable on platforms that don't support ECDSA.
167
16820140721
169 - OpenBSD CVS Sync
170   - millert@cvs.openbsd.org 2014/07/15 15:54:15
171     [forwarding.sh multiplex.sh]
172     Add support for Unix domain socket forwarding.  A remote TCP port
173     may be forwarded to a local Unix domain socket and vice versa or
174     both ends may be a Unix domain socket.  This is a reimplementation
175     of the streamlocal patches by William Ahern from:
176         http://www.25thandclement.com/~william/projects/streamlocal.html
177     OK djm@ markus@
178 - (djm) [regress/multiplex.sh] Not all netcat accept the -N option.
179 - (dtucker) [sshkey.c] ifdef out unused variable when compiling without
180   OPENSSL_HAS_ECC.
181
18220140721
183 - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits
184   needed to build AES CTR mode against OpenSSL 0.9.8f and above.  ok djm
185 - (dtucker) [regress/unittests/sshkey/
186   {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in
187   ifdefs.
188
18920140719
190 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used
191   in servconf.h.
192
19320140718
194 - OpenBSD CVS Sync
195   - millert@cvs.openbsd.org 2014/07/15 15:54:14
196     [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
197     [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
198     [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h]
199     [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c]
200     [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c]
201     [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c]
202     [sshd_config.5 sshlogin.c]
203     Add support for Unix domain socket forwarding.  A remote TCP port
204     may be forwarded to a local Unix domain socket and vice versa or
205     both ends may be a Unix domain socket.  This is a reimplementation
206     of the streamlocal patches by William Ahern from:
207         http://www.25thandclement.com/~william/projects/streamlocal.html
208     OK djm@ markus@
209   - jmc@cvs.openbsd.org 2014/07/16 14:48:57
210     [ssh.1]
211     add the streamlocal* options to ssh's -o list; millert says they're
212     irrelevant for scp/sftp;
213     ok markus millert
214   - djm@cvs.openbsd.org 2014/07/17 00:10:56
215     [sandbox-systrace.c]
216     ifdef SYS_sendsyslog so this will compile without patching on -stable
217   - djm@cvs.openbsd.org 2014/07/17 00:10:18
218     [mux.c]
219     preserve errno across syscall
220   - djm@cvs.openbsd.org 2014/07/17 00:12:03
221     [key.c]
222     silence "incorrect passphrase" error spam; reported and ok dtucker@
223   - djm@cvs.openbsd.org 2014/07/17 07:22:19
224     [mux.c ssh.c]
225     reflect stdio-forward ("ssh -W host:port ...") failures in exit status.
226     previously we were always returning 0. bz#2255 reported by Brendan
227     Germain; ok dtucker
228   - djm@cvs.openbsd.org 2014/07/18 02:46:01
229     [ssh-agent.c]
230     restore umask around listener socket creation (dropped in streamlocal patch
231     merge)
232 - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used
233   in servconf.h.
234 - (dtucker) [Makefile.in] Add a t-exec target to run just the executable
235   tests.
236 - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC.
237
23820140717
239 - (djm) [digest-openssl.c] Preserve array order when disabling digests.
240   Reported by Petr Lautrbach.
241 - OpenBSD CVS Sync
242   - deraadt@cvs.openbsd.org 2014/07/11 08:09:54
243     [sandbox-systrace.c]
244     Permit use of SYS_sendsyslog from inside the sandbox.  Clock is ticking,
245     update your kernels and sshd soon.. libc will start using sendsyslog()
246     in about 4 days.
247   - tedu@cvs.openbsd.org 2014/07/11 13:54:34
248     [myproposal.h]
249     by popular demand, add back hamc-sha1 to server proposal for better compat
250     with many clients still in use. ok deraadt
251
25220140715
253 - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto
254   has been located; fixes builds agains libressl-portable
255
25620140711
257 - OpenBSD CVS Sync
258   - benno@cvs.openbsd.org 2014/07/09 14:15:56
259     [ssh-add.c]
260     fix ssh-add crash while loading more than one key
261     ok markus@
262
26320140709
264 - OpenBSD CVS Sync
265   - djm@cvs.openbsd.org 2014/07/07 08:19:12
266     [ssh_config.5]
267     mention that ProxyCommand is executed using shell "exec" to avoid
268     a lingering process; bz#1977
269   - djm@cvs.openbsd.org 2014/07/09 01:45:10
270     [sftp.c]
271     more useful error message when GLOB_NOSPACE occurs;
272     bz#2254, patch from Orion Poplawski
273   - djm@cvs.openbsd.org 2014/07/09 03:02:15
274     [key.c]
275     downgrade more error() to debug() to better match what old authfile.c
276     did; suppresses spurious errors with hostbased authentication enabled
277   - djm@cvs.openbsd.org 2014/07/06 07:42:03
278     [multiplex.sh test-exec.sh]
279     add a hook to the cleanup() function to kill $SSH_PID if it is set
280
281     use it to kill the mux master started in multiplex.sh (it was being left
282     around on fatal failures)
283   - djm@cvs.openbsd.org 2014/07/07 08:15:26
284     [multiplex.sh]
285     remove forced-fatal that I stuck in there to test the new cleanup
286     logic and forgot to remove...
287
28820140706
289 - OpenBSD CVS Sync
290   - djm@cvs.openbsd.org 2014/07/03 23:18:35
291     [authfile.h]
292     remove leakmalloc droppings
293   - djm@cvs.openbsd.org 2014/07/05 23:11:48
294     [channels.c]
295     fix remote-forward cancel regression; ok markus@
296
29720140704
298 - OpenBSD CVS Sync
299   - jsing@cvs.openbsd.org 2014/07/03 12:42:16
300     [cipher-chachapoly.c]
301     Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this
302     makes it easier to verify that chacha_encrypt_bytes() is only called once
303     per chacha_ivsetup() call.
304     ok djm@
305   - djm@cvs.openbsd.org 2014/07/03 22:23:46
306     [sshconnect.c]
307     when rekeying, skip file/DNS lookup if it is the same as the key sent
308     during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@
309   - djm@cvs.openbsd.org 2014/07/03 22:33:41
310     [channels.c]
311     allow explicit ::1 and 127.0.0.1 forwarding bind addresses when
312     GatewayPorts=no; allows client to choose address family;
313     bz#2222 ok markus@
314   - djm@cvs.openbsd.org 2014/07/03 22:40:43
315     [servconf.c servconf.h session.c sshd.8 sshd_config.5]
316     Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is
317     executed, mirroring the no-user-rc authorized_keys option;
318     bz#2160; ok markus@
319
32020140703
321 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
322   doesn't support it.
323 - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist;
324   bz#2237
325 - OpenBSD CVS Sync
326   - djm@cvs.openbsd.org 2014/07/03 01:45:38
327     [sshkey.c]
328     make Ed25519 keys' title fit properly in the randomart border; bz#2247
329     based on patch from Christian Hesse
330   - djm@cvs.openbsd.org 2014/07/03 03:11:03
331     [ssh-agent.c]
332     Only cleanup agent socket in the main agent process and not in any
333     subprocesses it may have started (e.g. forked askpass). Fixes
334     agent sockets being zapped when askpass processes fatal();
335     bz#2236 patch from Dmitry V. Levin
336   - djm@cvs.openbsd.org 2014/07/03 03:15:01
337     [ssh-add.c]
338     make stdout line-buffered; saves partial output getting lost when
339     ssh-add fatal()s part-way through (e.g. when listing keys from an
340     agent that supports key types that ssh-add doesn't);
341     bz#2234, reported by Phil Pennock
342   - djm@cvs.openbsd.org 2014/07/03 03:26:43
343     [digest-openssl.c]
344     use EVP_Digest() for one-shot hash instead of creating, updating,
345     finalising and destroying a context.
346     bz#2231, based on patch from Timo Teras
347   - djm@cvs.openbsd.org 2014/07/03 03:34:09
348     [gss-serv.c session.c ssh-keygen.c]
349     standardise on NI_MAXHOST for gethostname() string lengths; about
350     1/2 the cases were using it already. Fixes bz#2239 en passant
351   - djm@cvs.openbsd.org 2014/07/03 03:47:27
352     [ssh-keygen.c]
353     When hashing or removing hosts using ssh-keygen, don't choke on
354     @revoked markers and don't remove @cert-authority markers;
355     bz#2241, reported by mlindgren AT runelind.net
356   - djm@cvs.openbsd.org 2014/07/03 04:36:45
357     [digest.h]
358     forward-declare struct sshbuf so consumers don't need to include sshbuf.h
359   - djm@cvs.openbsd.org 2014/07/03 05:32:36
360     [ssh_config.5]
361     mention '%%' escape sequence in HostName directives and how it may
362     be used to specify IPv6 link-local addresses
363   - djm@cvs.openbsd.org 2014/07/03 05:38:17
364     [ssh.1]
365     document that -g will only work in the multiplexed case if applied to
366     the mux master
367   - djm@cvs.openbsd.org 2014/07/03 06:39:19
368     [ssh.c ssh_config.5]
369     Add a %C escape sequence for LocalCommand and ControlPath that expands
370     to a unique identifer based on a has of the tuple of (local host,
371     remote user, hostname, port).
372
373     Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
374     control paths.
375
376     bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
377   - jmc@cvs.openbsd.org 2014/07/03 07:45:27
378     [ssh_config.5]
379     escape %C since groff thinks it part of an Rs/Re block;
380   - djm@cvs.openbsd.org 2014/07/03 11:16:55
381     [auth.c auth.h auth1.c auth2.c]
382     make the "Too many authentication failures" message include the
383     user, source address, port and protocol in a format similar to the
384     authentication success / failure messages; bz#2199, ok dtucker
385
38620140702
387 - OpenBSD CVS Sync
388   - deraadt@cvs.openbsd.org 2014/06/13 08:26:29
389     [sandbox-systrace.c]
390     permit SYS_getentropy
391     from matthew
392   - matthew@cvs.openbsd.org 2014/06/18 02:59:13
393     [sandbox-systrace.c]
394     Now that we have a dedicated getentropy(2) system call for
395     arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace
396     sandbox.
397
398     ok djm
399   - naddy@cvs.openbsd.org 2014/06/18 15:42:09
400     [sshbuf-getput-crypto.c]
401     The ssh_get_bignum functions must accept the same range of bignums
402     the corresponding ssh_put_bignum functions create.  This fixes the
403     use of 16384-bit RSA keys (bug reported by Eivind Evensen).
404     ok djm@
405   - djm@cvs.openbsd.org 2014/06/24 00:52:02
406     [krl.c]
407     fix bug in KRL generation: multiple consecutive revoked certificate
408     serial number ranges could be serialised to an invalid format.
409
410     Readers of a broken KRL caused by this bug will fail closed, so no
411     should-have-been-revoked key will be accepted.
412   - djm@cvs.openbsd.org 2014/06/24 01:13:21
413     [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c
414     [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c
415     [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h
416     [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h
417     [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h
418     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c
419     [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c
420     [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c
421     [sshconnect2.c sshd.c sshkey.c sshkey.h
422     [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h]
423     New key API: refactor key-related functions to be more library-like,
424     existing API is offered as a set of wrappers.
425
426     with and ok markus@
427
428     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
429     Dempsky and Ron Bowes for a detailed review a few months ago.
430     NB. This commit also removes portable OpenSSH support for OpenSSL
431     <0.9.8e.
432   - djm@cvs.openbsd.org 2014/06/24 02:19:48
433     [ssh.c]
434     don't fatal() when hostname canonicalisation fails with a
435     ProxyCommand in use; continue and allow the ProxyCommand to
436     connect anyway (e.g. to a host with a name outside the DNS
437     behind a bastion)
438   - djm@cvs.openbsd.org 2014/06/24 02:21:01
439     [scp.c]
440     when copying local->remote fails during read, don't send uninitialised
441     heap to the remote end. Reported by Jann Horn
442   - deraadt@cvs.openbsd.org 2014/06/25 14:16:09
443     [sshbuf.c]
444     unblock SIGSEGV before raising it
445     ok djm
446   - markus@cvs.openbsd.org 2014/06/27 16:41:56
447     [channels.c channels.h clientloop.c ssh.c]
448     fix remote fwding with same listen port but different listen address
449     with gerhard@, ok djm@
450   - markus@cvs.openbsd.org 2014/06/27 18:50:39
451     [ssh-add.c]
452     fix loading of private keys
453   - djm@cvs.openbsd.org 2014/06/30 12:54:39
454     [key.c]
455     suppress spurious error message when loading key with a passphrase;
456     reported by kettenis@ ok markus@
457   - djm@cvs.openbsd.org 2014/07/02 04:59:06
458     [cipher-3des1.c]
459     fix ssh protocol 1 on the server that regressed with the sshkey change
460     (sometimes fatal() after auth completed), make file return useful status
461     codes.
462     NB. Id sync only for these two. They were bundled into the sshkey merge
463     above, since it was easier to sync the entire file and then apply
464     portable-specific changed atop it.
465   - djm@cvs.openbsd.org 2014/04/30 05:32:00
466     [regress/Makefile]
467     unit tests for new buffer API; including basic fuzz testing
468     NB. Id sync only.
469   - djm@cvs.openbsd.org 2014/05/21 07:04:21
470     [regress/integrity.sh]
471     when failing because of unexpected output, show the offending output
472   - djm@cvs.openbsd.org 2014/06/24 01:04:43
473     [regress/krl.sh]
474     regress test for broken consecutive revoked serial number ranges
475   - djm@cvs.openbsd.org 2014/06/24 01:14:17
476     [Makefile.in regress/Makefile regress/unittests/Makefile]
477     [regress/unittests/sshkey/Makefile]
478     [regress/unittests/sshkey/common.c]
479     [regress/unittests/sshkey/common.h]
480     [regress/unittests/sshkey/mktestdata.sh]
481     [regress/unittests/sshkey/test_file.c]
482     [regress/unittests/sshkey/test_fuzz.c]
483     [regress/unittests/sshkey/test_sshkey.c]
484     [regress/unittests/sshkey/tests.c]
485     [regress/unittests/sshkey/testdata/dsa_1]
486     [regress/unittests/sshkey/testdata/dsa_1-cert.fp]
487     [regress/unittests/sshkey/testdata/dsa_1-cert.pub]
488     [regress/unittests/sshkey/testdata/dsa_1.fp]
489     [regress/unittests/sshkey/testdata/dsa_1.fp.bb]
490     [regress/unittests/sshkey/testdata/dsa_1.param.g]
491     [regress/unittests/sshkey/testdata/dsa_1.param.priv]
492     [regress/unittests/sshkey/testdata/dsa_1.param.pub]
493     [regress/unittests/sshkey/testdata/dsa_1.pub]
494     [regress/unittests/sshkey/testdata/dsa_1_pw]
495     [regress/unittests/sshkey/testdata/dsa_2]
496     [regress/unittests/sshkey/testdata/dsa_2.fp]
497     [regress/unittests/sshkey/testdata/dsa_2.fp.bb]
498     [regress/unittests/sshkey/testdata/dsa_2.pub]
499     [regress/unittests/sshkey/testdata/dsa_n]
500     [regress/unittests/sshkey/testdata/dsa_n_pw]
501     [regress/unittests/sshkey/testdata/ecdsa_1]
502     [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp]
503     [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub]
504     [regress/unittests/sshkey/testdata/ecdsa_1.fp]
505     [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb]
506     [regress/unittests/sshkey/testdata/ecdsa_1.param.curve]
507     [regress/unittests/sshkey/testdata/ecdsa_1.param.priv]
508     [regress/unittests/sshkey/testdata/ecdsa_1.param.pub]
509     [regress/unittests/sshkey/testdata/ecdsa_1.pub]
510     [regress/unittests/sshkey/testdata/ecdsa_1_pw]
511     [regress/unittests/sshkey/testdata/ecdsa_2]
512     [regress/unittests/sshkey/testdata/ecdsa_2.fp]
513     [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb]
514     [regress/unittests/sshkey/testdata/ecdsa_2.param.curve]
515     [regress/unittests/sshkey/testdata/ecdsa_2.param.priv]
516     [regress/unittests/sshkey/testdata/ecdsa_2.param.pub]
517     [regress/unittests/sshkey/testdata/ecdsa_2.pub]
518     [regress/unittests/sshkey/testdata/ecdsa_n]
519     [regress/unittests/sshkey/testdata/ecdsa_n_pw]
520     [regress/unittests/sshkey/testdata/ed25519_1]
521     [regress/unittests/sshkey/testdata/ed25519_1-cert.fp]
522     [regress/unittests/sshkey/testdata/ed25519_1-cert.pub]
523     [regress/unittests/sshkey/testdata/ed25519_1.fp]
524     [regress/unittests/sshkey/testdata/ed25519_1.fp.bb]
525     [regress/unittests/sshkey/testdata/ed25519_1.pub]
526     [regress/unittests/sshkey/testdata/ed25519_1_pw]
527     [regress/unittests/sshkey/testdata/ed25519_2]
528     [regress/unittests/sshkey/testdata/ed25519_2.fp]
529     [regress/unittests/sshkey/testdata/ed25519_2.fp.bb]
530     [regress/unittests/sshkey/testdata/ed25519_2.pub]
531     [regress/unittests/sshkey/testdata/pw]
532     [regress/unittests/sshkey/testdata/rsa1_1]
533     [regress/unittests/sshkey/testdata/rsa1_1.fp]
534     [regress/unittests/sshkey/testdata/rsa1_1.fp.bb]
535     [regress/unittests/sshkey/testdata/rsa1_1.param.n]
536     [regress/unittests/sshkey/testdata/rsa1_1.pub]
537     [regress/unittests/sshkey/testdata/rsa1_1_pw]
538     [regress/unittests/sshkey/testdata/rsa1_2]
539     [regress/unittests/sshkey/testdata/rsa1_2.fp]
540     [regress/unittests/sshkey/testdata/rsa1_2.fp.bb]
541     [regress/unittests/sshkey/testdata/rsa1_2.param.n]
542     [regress/unittests/sshkey/testdata/rsa1_2.pub]
543     [regress/unittests/sshkey/testdata/rsa_1]
544     [regress/unittests/sshkey/testdata/rsa_1-cert.fp]
545     [regress/unittests/sshkey/testdata/rsa_1-cert.pub]
546     [regress/unittests/sshkey/testdata/rsa_1.fp]
547     [regress/unittests/sshkey/testdata/rsa_1.fp.bb]
548     [regress/unittests/sshkey/testdata/rsa_1.param.n]
549     [regress/unittests/sshkey/testdata/rsa_1.param.p]
550     [regress/unittests/sshkey/testdata/rsa_1.param.q]
551     [regress/unittests/sshkey/testdata/rsa_1.pub]
552     [regress/unittests/sshkey/testdata/rsa_1_pw]
553     [regress/unittests/sshkey/testdata/rsa_2]
554     [regress/unittests/sshkey/testdata/rsa_2.fp]
555     [regress/unittests/sshkey/testdata/rsa_2.fp.bb]
556     [regress/unittests/sshkey/testdata/rsa_2.param.n]
557     [regress/unittests/sshkey/testdata/rsa_2.param.p]
558     [regress/unittests/sshkey/testdata/rsa_2.param.q]
559     [regress/unittests/sshkey/testdata/rsa_2.pub]
560     [regress/unittests/sshkey/testdata/rsa_n]
561     [regress/unittests/sshkey/testdata/rsa_n_pw]
562     unit and fuzz tests for new key API
563 - (djm) [sshkey.c] Conditionalise inclusion of util.h
564 - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test
565
56620140618
567 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare
568
56920140617
570 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}
571   openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}]
572   Move the OpenSSL header/library version test into its own function and add
573   tests for it. Fix it to allow fix version upgrades (but not downgrades).
574   Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150).
575   ok djm@ chl@
576
57720140616
578 - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR.  From rak at debian via
579   OpenSMTPD and chl@
580
58120140612
582 - (dtucker) [configure.ac] Remove tcpwrappers support, support has already
583   been removed from sshd.c.
584
58520140611
586 - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from
587   openbsd-compat/bsd-asprintf.c.
588 - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*]
589   Wrap stdlib.h include an ifdef for platforms that don't have it.
590 - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for
591   u_intXX_t types.
592
59320140610
594 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
595   regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256
596   curve tests if OpenSSL has them.
597 - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
598   the proposal if the version of OpenSSL we're using doesn't support ECC.
599 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef
600   ECC variable too.
601 - (dtucker) OpenBSD CVS Sync
602   - djm@cvs.openbsd.org 2014/06/05 22:17:50
603     [sshconnect2.c]
604     fix inverted test that caused PKCS#11 keys that were explicitly listed
605     not to be preferred. Reported by Dirk-Willem van Gulik
606   - dtucker@cvs.openbsd.org 2014/06/10 21:46:11
607     [sshbuf.h]
608     Group ECC functions together to make things a little easier in -portable.
609     "doesn't bother me" deraadt@
610 - (dtucker) [sshbuf.h] Only declare ECC functions if building without
611   OpenSSL or if OpenSSL has ECC.
612 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an
613   assigment that might get optimized out.  ok djm@
614 - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for
615   compat stuff, specifically whether or not OpenSSL has ECC.
616
61720140527
618 - (djm) [cipher.c] Fix merge botch.
619 - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config
620   from Corinna Vinschen, fixing a number of bugs and preparing for
621   Cygwin 1.7.30.
622 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]
623   [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege
624   separation user at runtime, since it may need to be a domain account.
625   Patch from Corinna Vinschen.
626
62720140522
628 - (djm) [Makefile.in] typo in path
629
63020140521
631 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
632   vhangup on Linux. It doens't work for non-root users, and for them
633   it just messes up the tty settings.
634 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC
635   when it is available. It takes into account time spent suspended,
636   thereby ensuring timeouts (e.g. for expiring agent keys) fire
637   correctly. bz#2228 reported by John Haxby
638
63920140519
640 - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine
641   OpenBSD
642 - OpenBSD CVS Sync
643   - logan@cvs.openbsd.org 2014/04/20 09:24:26
644     [dns.c dns.h ssh-keygen.c]
645     Add support for SSHFP DNS records for ED25519 key types.
646     OK from djm@
647   - logan@cvs.openbsd.org 2014/04/21 14:36:16
648     [sftp-client.c sftp-client.h sftp.c]
649     Implement sftp upload resume support.
650     OK from djm@, with input from guenther@, mlarkin@ and
651     okan@
652   - logan@cvs.openbsd.org 2014/04/22 10:07:12
653     [sftp.c]
654     Sort the sftp command list.
655     OK from djm@
656   - logan@cvs.openbsd.org 2014/04/22 12:42:04
657     [sftp.1]
658     Document sftp upload resume.
659     OK from djm@, with feedback from okan@.
660   - jmc@cvs.openbsd.org 2014/04/22 14:16:30
661     [sftp.1]
662     zap eol whitespace;
663   - djm@cvs.openbsd.org 2014/04/23 12:42:34
664     [readconf.c]
665     don't record duplicate IdentityFiles
666   - djm@cvs.openbsd.org 2014/04/28 03:09:18
667     [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h]
668     [ssh-keygen.c]
669     buffer_get_string_ptr's return should be const to remind
670     callers that futzing with it will futz with the actual buffer
671     contents
672   - djm@cvs.openbsd.org 2014/04/29 13:10:30
673     [clientloop.c serverloop.c]
674     bz#1818 - don't send channel success/failre replies on channels that
675     have sent a close already; analysis and patch from Simon Tatham;
676     ok markus@
677   - markus@cvs.openbsd.org 2014/04/29 18:01:49
678     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
679     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
680     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
681     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
682     make compiling against OpenSSL optional (make OPENSSL=no);
683     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
684     allows us to explore further options; with and ok djm
685   - dtucker@cvs.openbsd.org 2014/04/29 19:58:50
686     [sftp.c]
687     Move nulling of variable next to where it's freed.  ok markus@
688   - dtucker@cvs.openbsd.org 2014/04/29 20:36:51
689     [sftp.c]
690     Don't attempt to append a nul quote char to the filename.  Should prevent
691     fatal'ing with "el_insertstr failed" when there's a single quote char
692     somewhere in the string.  bz#2238, ok markus@
693   - djm@cvs.openbsd.org 2014/04/30 05:29:56
694     [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c]
695     [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c]
696     [ssherr.h]
697     New buffer API; the first installment of the conversion/replacement
698     of OpenSSH's internals to make them usable as a standalone library.
699
700     This includes a set of wrappers to make it compatible with the
701     existing buffer API so replacement can occur incrementally.
702
703     With and ok markus@
704
705     Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew
706     Dempsky and Ron Bowes for a detailed review.
707   - naddy@cvs.openbsd.org 2014/04/30 19:07:48
708     [mac.c myproposal.h umac.c]
709     UMAC can use our local fallback implementation of AES when OpenSSL isn't
710     available.  Glue code straight from Ted Krovetz's original umac.c.
711     ok markus@
712   - djm@cvs.openbsd.org 2014/05/02 03:27:54
713     [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c]
714     [misc.h poly1305.h ssh-pkcs11.c defines.h]
715     revert __bounded change; it causes way more problems for portable than
716     it solves; pointed out by dtucker@
717   - markus@cvs.openbsd.org 2014/05/03 17:20:34
718     [monitor.c packet.c packet.h]
719     unbreak compression, by re-init-ing the compression code in the
720     post-auth child. the new buffer code is more strict, and requires
721     buffer_init() while the old code was happy after a bzero();
722     originally from djm@
723   - logan@cvs.openbsd.org 2014/05/05 07:02:30
724     [sftp.c]
725     Zap extra whitespace.
726
727     OK from djm@ and dtucker@
728 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write
729   portability glue to support building without libcrypto
730 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]
731   [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
732 - OpenBSD CVS Sync
733   - djm@cvs.openbsd.org 2014/03/13 20:44:49
734     [login-timeout.sh]
735     this test is a sorry mess of race conditions; add another sleep
736     to avoid a failure on slow machines (at least until I find a
737     better way)
738   - djm@cvs.openbsd.org 2014/04/21 22:15:37
739     [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh]
740     repair regress tests broken by server-side default cipher/kex/mac changes
741     by ensuring that the option under test is included in the server's
742     algorithm list
743   - dtucker@cvs.openbsd.org 2014/05/03 18:46:14
744     [proxy-connect.sh]
745     Add tests for with and without compression, with and without privsep.
746   - logan@cvs.openbsd.org 2014/05/04 10:40:59
747     [connect-privsep.sh]
748     Remove the Z flag from the list of malloc options as it
749     was removed from malloc.c 10 days ago.
750
751     OK from miod@
752 - (djm) [regress/unittests/Makefile]
753   [regress/unittests/Makefile.inc]
754   [regress/unittests/sshbuf/Makefile]
755   [regress/unittests/sshbuf/test_sshbuf.c]
756   [regress/unittests/sshbuf/test_sshbuf_fixed.c]
757   [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
758   [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
759   [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
760   [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
761   [regress/unittests/sshbuf/test_sshbuf_misc.c]
762   [regress/unittests/sshbuf/tests.c]
763   [regress/unittests/test_helper/Makefile]
764   [regress/unittests/test_helper/fuzz.c]
765   [regress/unittests/test_helper/test_helper.c]
766   [regress/unittests/test_helper/test_helper.h]
767   Import new unit tests from OpenBSD; not yet hooked up to build.
768 - (djm) [regress/Makefile Makefile.in]
769   [regress/unittests/sshbuf/test_sshbuf.c
770   [regress/unittests/sshbuf/test_sshbuf_fixed.c]
771   [regress/unittests/sshbuf/test_sshbuf_fuzz.c]
772   [regress/unittests/sshbuf/test_sshbuf_getput_basic.c]
773   [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c]
774   [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c]
775   [regress/unittests/sshbuf/test_sshbuf_misc.c]
776   [regress/unittests/sshbuf/tests.c]
777   [regress/unittests/test_helper/fuzz.c]
778   [regress/unittests/test_helper/test_helper.c]
779   Hook new unit tests into the build and "make tests"
780 - (djm) [sshbuf.c] need __predict_false
781
78220140430
783 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already
784   have it.  Only attempt to use __attribute__(__bounded__) for gcc.
785
78620140420
787 - OpenBSD CVS Sync
788   - djm@cvs.openbsd.org 2014/03/03 22:22:30
789     [session.c]
790     ignore enviornment variables with embedded '=' or '\0' characters;
791     spotted by Jann Horn; ok deraadt@
792     Id sync only - portable already has this.
793   - djm@cvs.openbsd.org 2014/03/12 04:44:58
794     [ssh-keyscan.c]
795     scan for Ed25519 keys by default too
796   - djm@cvs.openbsd.org 2014/03/12 04:50:32
797     [auth-bsdauth.c ssh-keygen.c]
798     don't count on things that accept arguments by reference to clear
799     things for us on error; most things do, but it's unsafe form.
800   - djm@cvs.openbsd.org 2014/03/12 04:51:12
801     [authfile.c]
802     correct test that kdf name is not "none" or "bcrypt"
803   - naddy@cvs.openbsd.org 2014/03/12 13:06:59
804     [ssh-keyscan.1]
805     scan for Ed25519 keys by default too
806   - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
807     [ssh-agent.c ssh-keygen.1 ssh-keygen.c]
808     Improve usage() and documentation towards the standard form.
809     In particular, this line saves a lot of man page reading time.
810       usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
811                         [-N new_passphrase] [-C comment] [-f output_keyfile]
812     ok schwarze jmc
813   - tedu@cvs.openbsd.org 2014/03/17 19:44:10
814     [ssh.1]
815     old descriptions of des and blowfish are old. maybe ok deraadt
816   - tedu@cvs.openbsd.org 2014/03/19 14:42:44
817     [scp.1]
818     there is no need for rcp anymore
819     ok deraadt millert
820   - markus@cvs.openbsd.org 2014/03/25 09:40:03
821     [myproposal.h]
822     trimm default proposals.
823
824     This commit removes the weaker pre-SHA2 hashes, the broken ciphers
825     (arcfour), and the broken modes (CBC) from the default configuration
826     (the patch only changes the default, all the modes are still available
827     for the config files).
828
829     ok djm@, reminded by tedu@ & naddy@ and discussed with many
830   - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
831     [myproposal.h]
832     The current sharing of myproposal[] between both client and server code
833     makes the previous diff highly unpallatable.  We want to go in that
834     direction for the server, but not for the client.  Sigh.
835     Brought up by naddy.
836   - markus@cvs.openbsd.org 2014/03/27 23:01:27
837     [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
838     disable weak proposals in sshd, but keep them in ssh; ok djm@
839   - djm@cvs.openbsd.org 2014/03/26 04:55:35
840     [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c
841     [misc.h poly1305.h ssh-pkcs11.c]
842     use __bounded(...) attribute recently added to sys/cdefs.h instead of
843     longform __attribute__(__bounded(...));
844
845     for brevity and a warning free compilation with llvm/clang
846   - tedu@cvs.openbsd.org 2014/03/26 19:58:37
847     [sshd.8 sshd.c]
848     remove libwrap support. ok deraadt djm mfriedl
849   - naddy@cvs.openbsd.org 2014/03/28 05:17:11
850     [ssh_config.5 sshd_config.5]
851     sync available and default algorithms, improve algorithm list formatting
852     help from jmc@ and schwarze@, ok deraadt@
853   - jmc@cvs.openbsd.org 2014/03/31 13:39:34
854     [ssh-keygen.1]
855     the text for the -K option was inserted in the wrong place in -r1.108;
856     fix From: Matthew Clarke
857   - djm@cvs.openbsd.org 2014/04/01 02:05:27
858     [ssh-keysign.c]
859     include fingerprint of key not found
860     use arc4random_buf() instead of loop+arc4random()
861   - djm@cvs.openbsd.org 2014/04/01 03:34:10
862     [sshconnect.c]
863     When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
864     certificate keys to plain keys and attempt SSHFP resolution.
865
866     Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
867     dialog by offering only certificate keys.
868
869     Reported by mcv21 AT cam.ac.uk
870   - djm@cvs.openbsd.org 2014/04/01 05:32:57
871     [packet.c]
872     demote a debug3 to PACKET_DEBUG; ok markus@
873   - djm@cvs.openbsd.org 2014/04/12 04:55:53
874     [sshd.c]
875     avoid crash at exit: check that pmonitor!=NULL before dereferencing;
876     bz#2225, patch from kavi AT juniper.net
877   - djm@cvs.openbsd.org 2014/04/16 23:22:45
878     [bufaux.c]
879     skip leading zero bytes in buffer_put_bignum2_from_string();
880     reported by jan AT mojzis.com; ok markus@
881   - djm@cvs.openbsd.org 2014/04/16 23:28:12
882     [ssh-agent.1]
883     remove the identity files from this manpage - ssh-agent doesn't deal
884     with them at all and the same information is duplicated in ssh-add.1
885     (which does deal with them); prodded by deraadt@
886   - djm@cvs.openbsd.org 2014/04/18 23:52:25
887     [compat.c compat.h sshconnect2.c sshd.c version.h]
888     OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
889     using the curve25519-sha256@libssh.org KEX exchange method to fail
890     when connecting with something that implements the spec properly.
891
892     Disable this KEX method when speaking to one of the affected
893     versions.
894
895     reported by Aris Adamantiadis; ok markus@
896   - djm@cvs.openbsd.org 2014/04/19 05:54:59
897     [compat.c]
898     missing wildcard; pointed out by naddy@
899   - tedu@cvs.openbsd.org 2014/04/19 14:53:48
900     [ssh-keysign.c sshd.c]
901     Delete futile calls to RAND_seed. ok djm
902     NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
903   - tedu@cvs.openbsd.org 2014/04/19 18:15:16
904     [sshd.8]
905     remove some really old rsh references
906   - tedu@cvs.openbsd.org 2014/04/19 18:42:19
907     [ssh.1]
908     delete .xr to hosts.equiv. there's still an unfortunate amount of
909     documentation referring to rhosts equivalency in here.
910   - djm@cvs.openbsd.org 2014/04/20 02:30:25
911     [misc.c misc.h umac.c]
912     use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on
913     strict-alignment architectures; reported by and ok stsp@
914   - djm@cvs.openbsd.org 2014/04/20 02:49:32
915     [compat.c]
916     add a canonical 6.6 + curve25519 bignum fix fake version that I can
917     recommend people use ahead of the openssh-6.7 release
918
91920140401
920 - (djm) On platforms that support it, use prctl() to prevent sftp-server
921   from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net
922 - (djm) Use full release (e.g. 6.5p1) in debug output rather than just
923   version. From des@des.no
924
92520140317
926 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to
927   remind myself to add sandbox violation logging via the log socket.
928
92920140314
930 - (tim) [opensshd.init.in] Add support for ed25519
931
93220140313
933 - (djm) Release OpenSSH 6.6
934
93520140304
936 - OpenBSD CVS Sync
937   - djm@cvs.openbsd.org 2014/03/03 22:22:30
938     [session.c]
939     ignore enviornment variables with embedded '=' or '\0' characters;
940     spotted by Jann Horn; ok deraadt@
941
94220140301
943 - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
944   no moduli file exists at the expected location.
945
94620140228
947 - OpenBSD CVS Sync
948   - djm@cvs.openbsd.org 2014/02/27 00:41:49
949     [bufbn.c]
950     fix unsigned overflow that could lead to reading a short ssh protocol
951     1 bignum value; found by Ben Hawkes; ok deraadt@
952   - djm@cvs.openbsd.org 2014/02/27 08:25:09
953     [bufbn.c]
954     off by one in range check
955   - djm@cvs.openbsd.org 2014/02/27 22:47:07
956     [sshd_config.5]
957     bz#2184 clarify behaviour of a keyword that appears in multiple
958     matching Match blocks; ok dtucker@
959   - djm@cvs.openbsd.org 2014/02/27 22:57:40
960     [version.h]
961     openssh-6.6
962   - dtucker@cvs.openbsd.org 2014/01/19 23:43:02
963     [regress/sftp-chroot.sh]
964     Don't use -q on sftp as it suppresses logging, instead redirect the
965     output to the regress logfile.
966   - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
967     [sregress/ftp-chroot.sh]
968     append to rather than truncating the log file
969   - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
970     [regress/Makefile regress/dhgex.sh]
971     Add a test for DH GEX sizes
972   - djm@cvs.openbsd.org 2014/01/26 10:22:10
973     [regress/cert-hostkey.sh]
974     automatically generate revoked keys from listed keys rather than
975     manually specifying each type; from portable
976     (Id sync only)
977   - djm@cvs.openbsd.org 2014/01/26 10:49:17
978     [scp-ssh-wrapper.sh scp.sh]
979     make sure $SCP is tested on the remote end rather than whichever one
980     happens to be in $PATH; from portable
981     (Id sync only)
982   - djm@cvs.openbsd.org 2014/02/27 20:04:16
983     [login-timeout.sh]
984     remove any existing LoginGraceTime from sshd_config before adding
985     a specific one for the test back in
986   - djm@cvs.openbsd.org 2014/02/27 21:21:25
987     [agent-ptrace.sh agent.sh]
988     keep return values that are printed in error messages;
989     from portable
990     (Id sync only)
991 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
992   [contrib/suse/openssh.spec] Crank version numbers
993 - (djm) [regress/host-expand.sh] Add RCS Id
994
99520140227
996 - OpenBSD CVS Sync
997   - djm@cvs.openbsd.org 2014/02/26 20:18:37
998     [ssh.c]
999     bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
1000     ok dtucker@ markus@
1001   - djm@cvs.openbsd.org 2014/02/26 20:28:44
1002     [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
1003     bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
1004     sandboxing, as running this code in the sandbox can cause violations;
1005     ok markus@
1006   - djm@cvs.openbsd.org 2014/02/26 20:29:29
1007     [channels.c]
1008     don't assume that the socks4 username is \0 terminated;
1009     spotted by Ben Hawkes; ok markus@
1010   - markus@cvs.openbsd.org 2014/02/26 21:53:37
1011     [sshd.c]
1012     ssh_gssapi_prepare_supported_oids needs GSSAPI
1013
101420140224
1015 - OpenBSD CVS Sync
1016   - djm@cvs.openbsd.org 2014/02/07 06:55:54
1017     [cipher.c mac.c]
1018     remove some logging that makes ssh debugging output very verbose;
1019     ok markus
1020   - djm@cvs.openbsd.org 2014/02/15 23:05:36
1021     [channels.c]
1022     avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
1023     bz#2200, debian#738692 via Colin Watson; ok dtucker@
1024   - djm@cvs.openbsd.org 2014/02/22 01:32:19
1025     [readconf.c]
1026     when processing Match blocks, skip 'exec' clauses if previous predicates
1027     failed to match; ok markus@
1028   - djm@cvs.openbsd.org 2014/02/23 20:03:42
1029     [ssh-ed25519.c]
1030     check for unsigned overflow; not reachable in OpenSSH but others might
1031     copy our code...
1032   - djm@cvs.openbsd.org 2014/02/23 20:11:36
1033     [readconf.c readconf.h ssh.c ssh_config.5]
1034     reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
1035     the hostname. This allows users to write configurations that always
1036     refer to canonical hostnames, e.g.
1037
1038     CanonicalizeHostname yes
1039     CanonicalDomains int.example.org example.org
1040     CanonicalizeFallbackLocal no
1041
1042     Host *.int.example.org
1043         Compression off
1044     Host *.example.org
1045         User djm
1046
1047     ok markus@
1048
104920140213
1050 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]  Add compat
1051   code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
1052
105320140207
1054 - OpenBSD CVS Sync
1055   - naddy@cvs.openbsd.org 2014/02/05 20:13:25
1056     [ssh-keygen.1 ssh-keygen.c]
1057     tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
1058     while here, fix ordering in usage(); requested by jmc@
1059   - djm@cvs.openbsd.org 2014/02/06 22:21:01
1060     [sshconnect.c]
1061     in ssh_create_socket(), only do the getaddrinfo for BindAddress when
1062     BindAddress is actually specified. Fixes regression in 6.5 for
1063     UsePrivilegedPort=yes; patch from Corinna Vinschen
1064
106520140206
1066 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
1067   before freeing since free(NULL) is a no-op.  ok djm.
1068 - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
1069   __NR_shutdown; some go via the socketcall(2) multiplexer.
1070
107120140205
1072 - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
1073   headers/libc but not supported by the kernel. Patch from Loganaden
1074   Velvindron @ AfriNIC
1075
107620140204
1077 - OpenBSD CVS Sync
1078   - markus@cvs.openbsd.org 2014/01/27 18:58:14
1079     [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
1080     replace openssl HMAC with an implementation based on our ssh_digest_*
1081     ok and feedback djm@
1082   - markus@cvs.openbsd.org 2014/01/27 19:18:54
1083     [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
1084     replace openssl MD5 with our ssh_digest_*; ok djm@
1085   - markus@cvs.openbsd.org 2014/01/27 20:13:46
1086     [digest.c digest-openssl.c digest-libc.c Makefile.in]
1087     rename digest.c to digest-openssl.c and add libc variant; ok djm@
1088   - jmc@cvs.openbsd.org 2014/01/28 14:13:39
1089     [ssh-keyscan.1]
1090     kill some bad Pa;
1091     From: Jan Stary
1092   - djm@cvs.openbsd.org 2014/01/29 00:19:26
1093     [sshd.c]
1094     use kill(0, ...) instead of killpg(0, ...); on most operating systems
1095     they are equivalent, but SUSv2 describes the latter as having undefined
1096     behaviour; from portable; ok dtucker
1097     (Id sync only; change is already in portable)
1098   - djm@cvs.openbsd.org 2014/01/29 06:18:35
1099     [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
1100     [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
1101     [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
1102     remove experimental, never-enabled JPAKE code; ok markus@
1103   - jmc@cvs.openbsd.org 2014/01/29 14:04:51
1104     [sshd_config.5]
1105     document kbdinteractiveauthentication;
1106     requested From: Ross L Richardson
1107
1108     dtucker/markus helped explain its workings;
1109   - djm@cvs.openbsd.org 2014/01/30 22:26:14
1110     [sandbox-systrace.c]
1111     allow shutdown(2) syscall in sandbox - it may be called by packet_close()
1112     from portable
1113     (Id sync only; change is already in portable)
1114   - tedu@cvs.openbsd.org 2014/01/31 16:39:19
1115     [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
1116     [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
1117     [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
1118     [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
1119     [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
1120     replace most bzero with explicit_bzero, except a few that cna be memset
1121     ok djm dtucker
1122   - djm@cvs.openbsd.org 2014/02/02 03:44:32
1123     [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
1124     [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
1125     [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
1126     [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
1127     [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
1128     [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
1129     [sshd.c]
1130     convert memset of potentially-private data to explicit_bzero()
1131   - djm@cvs.openbsd.org 2014/02/03 23:28:00
1132     [ssh-ecdsa.c]
1133     fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
1134     DSA_SIG_new. Reported by Batz Spear; ok markus@
1135   - djm@cvs.openbsd.org 2014/02/02 03:44:31
1136     [digest-libc.c digest-openssl.c]
1137     convert memset of potentially-private data to explicit_bzero()
1138   - djm@cvs.openbsd.org 2014/02/04 00:24:29
1139     [ssh.c]
1140     delay lowercasing of hostname until right before hostname
1141     canonicalisation to unbreak case-sensitive matching of ssh_config;
1142     reported by Ike Devolder; ok markus@
1143 - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
1144 - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
1145
114620140131
1147 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
1148   syscall from sandboxes; it may be called by packet_close.
1149 - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros.  Fixes
1150   build with HP-UX's compiler.  Patch from Kevin Brott.
1151 - (tim) [Makefile.in] build regress/setuid-allow.
1152
115320140130
1154 - (djm) [configure.ac] Only check for width-specified integer types
1155   in headers that actually exist. patch from Tom G. Christensen;
1156   ok dtucker@
1157 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering
1158   different symbols for 'read' when various compiler flags are
1159   in use, causing atomicio.c comparisons against it to break and
1160   read/write operations to hang; ok dtucker
1161 - (djm) Release openssh-6.5p1
1162
116320140129
1164 - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from
1165   Tom G. Christensen
1166
116720140128
1168 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl;
1169   ok dtucker
1170 - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the
1171   latter being specified to have undefined behaviour in SUSv3;
1172   ok dtucker
1173 - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable
1174   when used as an error message inside an if statement so we display the
1175   correct into. agent.sh patch from Petr Lautrbach.
1176
117720140127
1178 - (dtucker) [Makefile.in] Remove trailing backslash which some make
1179   implementations (eg older Solaris) do not cope with.
1180
118120140126
1182 - OpenBSD CVS Sync
1183   - dtucker@cvs.openbsd.org 2014/01/25 10:12:50
1184     [cipher.c cipher.h kex.c kex.h kexgexc.c]
1185     Add a special case for the DH group size for 3des-cbc, which has an
1186     effective strength much lower than the key size.  This causes problems
1187     with some cryptlib implementations, which don't support group sizes larger
1188     than 4k but also don't use the largest group size it does support as
1189     specified in the RFC.  Based on a patch from Petr Lautrbach at Redhat,
1190     reduced by me with input from Markus.  ok djm@ markus@
1191   - markus@cvs.openbsd.org 2014/01/25 20:35:37
1192     [kex.c]
1193     dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len)
1194     ok dtucker@, noted by mancha
1195  - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable
1196    RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations,
1197    libc will attempt to open additional file descriptors for crypto
1198    offload and crash if they cannot be opened.
1199 - (djm) [configure.ac] correct AC_DEFINE for previous.
1200
120120140125
1202 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD
1203 - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless
1204   sys/capability.h exists and cap_rights_limit is in libc. Fixes
1205   build on FreeBSD9x which provides the header but not the libc
1206   support.
1207 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test
1208   against the correct thing.
1209
121020140124
1211 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make
1212   the scp regress test actually test the built scp rather than the one
1213   in $PATH. ok dtucker@
1214
121520140123
1216 - (tim) [session.c] Improve error reporting on set_id().
1217 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously
1218   incompatible with OpenBSD's despite post-dating it by more than a decade.
1219   Declare it as broken, and document FreeBSD's as the same.  ok djm@
1220
122120140122
1222 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a
1223   platform that is expected to use the reuse-argv style setproctitle
1224   hack surprises us by providing a setproctitle in libc; ok dtucker
1225 - (djm) [configure.ac] Unless specifically requested, only attempt
1226   to build Position Independent Executables on gcc >= 4.x; ok dtucker
1227 - (djm) [configure.ac aclocal.m4] More tests to detect fallout from
1228   platform hardening options: include some long long int arithmatic
1229   to detect missing support functions for -ftrapv in libgcc and
1230   equivalents, actually test linking when -ftrapv is supplied and
1231   set either both -pie/-fPIE or neither. feedback and ok dtucker@
1232
123320140121
1234 - (dtucker) [configure.ac] Make PIE a configure-time option which defaults
1235   to on platforms where it's known to be reliably detected and off elsewhere.
1236   Works around platforms such as FreeBSD 9.1 where it does not interop with
1237   -ftrapv (it seems to work but fails when trying to link ssh).  ok djm@
1238 - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time
1239   tests in the configure output.  ok djm.
1240 - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced
1241   with sftp chroot support. Move set_id call after chroot.
1242 - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE
1243   and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of
1244   detecting toolchain-related problems; ok dtucker
1245
124620140120
1247 - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos
1248   implementation does not have krb5_cc_new_unique, similar to what we do
1249   in auth-krb5.c.
1250 - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that
1251   skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@
1252 - (djm) OpenBSD CVS Sync
1253   - djm@cvs.openbsd.org 2014/01/20 00:08:48
1254     [digest.c]
1255     memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@
1256
125720140119
1258 - (dtucker) OpenBSD CVS Sync
1259   - dtucker@cvs.openbsd.org 2014/01/17 06:23:24
1260     [sftp-server.c]
1261     fix log message statvfs.  ok djm
1262   - dtucker@cvs.openbsd.org 2014/01/18 09:36:26
1263     [session.c]
1264     explicitly define USE_PIPES to 1 to prevent redefinition warnings in
1265     portable on platforms that use pipes for everything.  From vinschen at
1266     redhat.
1267   - dtucker@cvs.openbsd.org 2014/01/19 04:17:29
1268     [canohost.c addrmatch.c]
1269     Cast socklen_t when comparing to size_t and use socklen_t to iterate over
1270     the ip options, both to prevent signed/unsigned comparison warnings.
1271     Patch from vinschen at redhat via portable openssh, begrudging ok deraadt.
1272   - djm@cvs.openbsd.org 2014/01/19 04:48:08
1273     [ssh_config.5]
1274     fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal
1275   - dtucker@cvs.openbsd.org 2014/01/19 11:21:51
1276     [addrmatch.c]
1277     Cast the sizeof to socklen_t so it'll work even if the supplied len is
1278     negative.  Suggested by and ok djm, ok deraadt.
1279
128020140118
1281 - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin.  Patch
1282   from vinschen at redhat.com
1283 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function
1284   declarations that stopped being included when we stopped including
1285   <windows.h> from openbsd-compat/bsd-cygwin_util.h.  Patch from vinschen at
1286   redhat.com.
1287 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,
1288   optind) are defined in getopt.h already.  Unfortunately they are defined as
1289   "declspec(dllimport)" for historical reasons, because the GNU linker didn't
1290   allow auto-import on PE/COFF targets way back when.  The problem is the
1291   dllexport attributes collide with the definitions in the various source
1292   files in OpenSSH, which obviousy define the variables without
1293   declspec(dllimport).  The least intrusive way to get rid of these warnings
1294   is to disable warnings for GCC compiler attributes when building on Cygwin.
1295   Patch from vinschen at redhat.com.
1296 - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the
1297   return value check for cap_enter() consistent with the other uses in
1298   FreeBSD.  From by Loganaden Velvindron @ AfriNIC via bz#2140.
1299
130020140117
1301 - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain
1302   hardening flags including -fstack-protector-strong.  These default to on
1303   if the toolchain supports them, but there is a configure-time knob
1304   (--without-hardening) to disable them if necessary.  ok djm@
1305 - (djm) [sftp-client.c] signed/unsigned comparison fix
1306 - (dtucker) [loginrec.c] Cast to the types specfied in the format
1307    specification to prevent warnings.
1308 - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
1309 - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.
1310 - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include
1311   includes.h to pull in all of the compatibility stuff.
1312 - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside
1313   #ifdef HAVE_STDINT_H.
1314 - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that
1315   don't have them.
1316 - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into
1317   separate lines and alphabetize for easier diffing of changes.
1318 - (dtucker) OpenBSD CVS Sync
1319   - djm@cvs.openbsd.org 2014/01/17 00:21:06
1320     [sftp-client.c]
1321     signed/unsigned comparison warning fix; from portable (Id sync only)
1322   - dtucker@cvs.openbsd.org 2014/01/17 05:26:41
1323     [digest.c]
1324     remove unused includes.  ok djm@
1325 - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]
1326   [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c]
1327   [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing
1328   using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling
1329   Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
1330 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c
1331   openbsd-compat/openssl-compat.h]  Add compatibility layer for older
1332   openssl versions.  ok djm@
1333 - (dtucker) Fix typo in #ifndef.
1334 - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c
1335   openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs
1336   to be useful (and for the regression tests to pass) on platforms that
1337   have statfs and fstatfs.  ok djm@
1338 - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we
1339   need them to cut down on the name collisions.
1340 - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.
1341 - (dtucker) [configure.ac] Have --without-hardening not turn off
1342   stack-protector since that has a separate flag that's been around a while.
1343 - (dtucker) [readconf.c] Wrap paths.h inside an ifdef.  Allows building on
1344   Solaris.
1345 - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after
1346   they're defined if we have to define them ourselves.  Fixes builds on old
1347   AIX.
1348
134920140118
1350 - (djm) OpenBSD CVS Sync
1351   - djm@cvs.openbsd.org 2014/01/16 07:31:09
1352     [sftp-client.c]
1353     needless and incorrect cast to size_t can break resumption of
1354     large download; patch from tobias@
1355   - djm@cvs.openbsd.org 2014/01/16 07:32:00
1356     [version.h]
1357     openssh-6.5
1358 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1359   [contrib/suse/openssh.spec] Crank RPM spec version numbers.
1360 - (djm) [README] update release notes URL.
1361
136220140112
1363 - (djm) OpenBSD CVS Sync
1364   - djm@cvs.openbsd.org 2014/01/10 05:59:19
1365     [sshd_config]
1366     the /etc/ssh/ssh_host_ed25519_key is loaded by default too
1367   - djm@cvs.openbsd.org 2014/01/12 08:13:13
1368     [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c]
1369     [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c]
1370     avoid use of OpenSSL BIGNUM type and functions for KEX with
1371     Curve25519 by adding a buffer_put_bignum2_from_string() that stores
1372     a string using the bignum encoding rules. Will make it easier to
1373     build a reduced-feature OpenSSH without OpenSSL in the future;
1374     ok markus@
1375
137620140110
1377 - (djm) OpenBSD CVS Sync
1378   - tedu@cvs.openbsd.org 2014/01/04 17:50:55
1379     [mac.c monitor_mm.c monitor_mm.h xmalloc.c]
1380     use standard types and formats for size_t like variables. ok dtucker
1381   - guenther@cvs.openbsd.org 2014/01/09 03:26:00
1382     [sftp-common.c]
1383     When formating the time for "ls -l"-style output, show dates in the future
1384     with the year, and rearrange a comparison to avoid a potentional signed
1385     arithmetic overflow that would give the wrong result.
1386     ok djm@
1387   - djm@cvs.openbsd.org 2014/01/09 23:20:00
1388     [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
1389     [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
1390     [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
1391     [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
1392     Introduce digest API and use it to perform all hashing operations
1393     rather than calling OpenSSL EVP_Digest* directly. Will make it easier
1394     to build a reduced-feature OpenSSH without OpenSSL in future;
1395     feedback, ok markus@
1396   - djm@cvs.openbsd.org 2014/01/09 23:26:48
1397     [sshconnect.c sshd.c]
1398     ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient,
1399     deranged and might make some attacks on KEX easier; ok markus@
1400
140120140108
1402 - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@
1403
140420131231
1405 - (djm) OpenBSD CVS Sync
1406   - djm@cvs.openbsd.org 2013/12/30 23:52:28
1407     [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c]
1408     [sshconnect.c sshconnect2.c sshd.c]
1409     refuse RSA keys from old proprietary clients/servers that use the
1410     obsolete RSA+MD5 signature scheme. it will still be possible to connect
1411     with these clients/servers but only DSA keys will be accepted, and we'll
1412     deprecate them entirely in a future release. ok markus@
1413
141420131229
1415 - (djm) [loginrec.c] Check for username truncation when looking up lastlog
1416   entries
1417 - (djm) [regress/Makefile] Add some generated files for cleaning
1418 - (djm) OpenBSD CVS Sync
1419   - djm@cvs.openbsd.org 2013/12/19 00:10:30
1420     [ssh-add.c]
1421     skip requesting smartcard PIN when removing keys from agent; bz#2187
1422     patch from jay AT slushpupie.com; ok dtucker
1423   - dtucker@cvs.openbsd.org 2013/12/19 00:19:12
1424     [serverloop.c]
1425     Cast client_alive_interval to u_int64_t before assinging to
1426     max_time_milliseconds to avoid potential integer overflow in the timeout.
1427     bz#2170, patch from Loganaden Velvindron, ok djm@
1428   - djm@cvs.openbsd.org 2013/12/19 00:27:57
1429     [auth-options.c]
1430     simplify freeing of source-address certificate restriction
1431   - djm@cvs.openbsd.org 2013/12/19 01:04:36
1432     [channels.c]
1433     bz#2147: fix multiple remote forwardings with dynamically assigned
1434     listen ports. In the s->c message to open the channel we were sending
1435     zero (the magic number to request a dynamic port) instead of the actual
1436     listen port. The client therefore had no way of discriminating between
1437     them.
1438
1439     Diagnosis and fix by ronf AT timeheart.net
1440   - djm@cvs.openbsd.org 2013/12/19 01:19:41
1441     [ssh-agent.c]
1442     bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent
1443     that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com;
1444     ok dtucker
1445   - djm@cvs.openbsd.org 2013/12/19 22:57:13
1446     [poly1305.c poly1305.h]
1447     use full name for author, with his permission
1448   - tedu@cvs.openbsd.org 2013/12/21 07:10:47
1449     [ssh-keygen.1]
1450     small typo
1451   - djm@cvs.openbsd.org 2013/12/27 22:30:17
1452     [ssh-dss.c ssh-ecdsa.c ssh-rsa.c]
1453     make the original RSA and DSA signing/verification code look more like
1454     the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type
1455     rather than tediously listing all variants, use __func__ for debug/
1456     error messages
1457   - djm@cvs.openbsd.org 2013/12/27 22:37:18
1458     [ssh-rsa.c]
1459     correct comment
1460   - djm@cvs.openbsd.org 2013/12/29 02:28:10
1461     [key.c]
1462     allow ed25519 keys to appear as certificate authorities
1463   - djm@cvs.openbsd.org 2013/12/29 02:37:04
1464     [key.c]
1465     correct comment for key_to_certified()
1466   - djm@cvs.openbsd.org 2013/12/29 02:49:52
1467     [key.c]
1468     correct comment for key_drop_cert()
1469   - djm@cvs.openbsd.org 2013/12/29 04:20:04
1470     [key.c]
1471     to make sure we don't omit any key types as valid CA keys again,
1472     factor the valid key type check into a key_type_is_valid_ca()
1473     function
1474   - djm@cvs.openbsd.org 2013/12/29 04:29:25
1475     [authfd.c]
1476     allow deletion of ed25519 keys from the agent
1477   - djm@cvs.openbsd.org 2013/12/29 04:35:50
1478     [authfile.c]
1479     don't refuse to load Ed25519 certificates
1480   - djm@cvs.openbsd.org 2013/12/29 05:42:16
1481     [ssh.c]
1482     don't forget to load Ed25519 certs too
1483   - djm@cvs.openbsd.org 2013/12/29 05:57:02
1484     [sshconnect.c]
1485     when showing other hostkeys, don't forget Ed25519 keys
1486
148720131221
1488 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types.
1489
149020131219
1491 - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions
1492   greater than 11 either rather than just 11.  Patch from Tomas Kuthan.
1493 - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item().
1494   Patch from Loganaden Velvindron.
1495
149620131218
1497 - (djm) OpenBSD CVS Sync
1498   - djm@cvs.openbsd.org 2013/12/07 08:08:26
1499     [ssh-keygen.1]
1500     document -a and -o wrt new key format
1501   - naddy@cvs.openbsd.org 2013/12/07 11:58:46
1502     [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
1503     [ssh_config.5 sshd.8 sshd_config.5]
1504     add missing mentions of ed25519; ok djm@
1505   - dtucker@cvs.openbsd.org 2013/12/08 09:53:27
1506     [sshd_config.5]
1507     Use a literal for the default value of KEXAlgorithms.  ok deraadt jmc
1508   - markus@cvs.openbsd.org 2013/12/09 11:03:45
1509     [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
1510     [ge25519_base.data hash.c sc25519.c sc25519.h verify.c]
1511     Add Authors for the public domain ed25519/nacl code.
1512     see also http://nacl.cr.yp.to/features.html
1513        All of the NaCl software is in the public domain.
1514     and http://ed25519.cr.yp.to/software.html
1515        The Ed25519 software is in the public domain.
1516   - markus@cvs.openbsd.org 2013/12/09 11:08:17
1517     [crypto_api.h]
1518     remove unused defines
1519   - pascal@cvs.openbsd.org 2013/12/15 18:17:26
1520     [ssh-add.c]
1521     Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page.
1522     ok markus@
1523   - djm@cvs.openbsd.org 2013/12/15 21:42:35
1524     [cipher-chachapoly.c]
1525     add some comments and constify a constant
1526   - markus@cvs.openbsd.org 2013/12/17 10:36:38
1527     [crypto_api.h]
1528     I've assempled the header file by cut&pasting from generated headers
1529     and the source files.
1530
153120131208
1532 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
1533   Vinschen
1534 - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh]
1535   [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid
1536   filesystem before running agent-ptrace.sh; ok dtucker
1537
153820131207
1539 - (djm) OpenBSD CVS Sync
1540   - djm@cvs.openbsd.org 2013/12/05 22:59:45
1541     [sftp-client.c]
1542     fix memory leak in error path in do_readdir(); pointed out by
1543     Loganaden Velvindron @ AfriNIC in bz#2163
1544   - djm@cvs.openbsd.org 2013/12/06 03:40:51
1545     [ssh-keygen.c]
1546     remove duplicated character ('g') in getopt() string;
1547     document the (few) remaining option characters so we don't have to
1548     rummage next time.
1549   - markus@cvs.openbsd.org 2013/12/06 13:30:08
1550     [authfd.c key.c key.h ssh-agent.c]
1551     move private key (de)serialization to key.c; ok djm
1552   - markus@cvs.openbsd.org 2013/12/06 13:34:54
1553     [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
1554     [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
1555     default; details in PROTOCOL.key; feedback and lots help from djm;
1556     ok djm@
1557   - markus@cvs.openbsd.org 2013/12/06 13:39:49
1558     [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c]
1559     [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c]
1560     [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c]
1561     [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c]
1562     [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c]
1563     support ed25519 keys (hostkeys and user identities) using the public
1564     domain ed25519 reference code from SUPERCOP, see
1565     http://ed25519.cr.yp.to/software.html
1566     feedback, help & ok djm@
1567   - jmc@cvs.openbsd.org 2013/12/06 15:29:07
1568     [sshd.8]
1569     missing comma;
1570   - djm@cvs.openbsd.org 2013/12/07 00:19:15
1571     [key.c]
1572     set k->cert = NULL after freeing it
1573   - markus@cvs.openbsd.org 2013/12/06 13:52:46
1574     [regress/Makefile regress/agent.sh regress/cert-hostkey.sh]
1575     [regress/cert-userkey.sh regress/keytype.sh]
1576     test ed25519 support; from djm@
1577 - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h]
1578   [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
1579 - (djm) [Makefile.in] Add ed25519 sources
1580 - (djm) [authfile.c] Conditionalise inclusion of util.h
1581 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
1582   [openbsd-compat/blf.h openbsd-compat/blowfish.c]
1583   [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
1584   portable.
1585 - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in]
1586   [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on
1587   Linux
1588 - (djm) [regress/cert-hostkey.sh] Fix merge botch
1589 - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from
1590   Loganaden Velvindron @ AfriNIC in bz#2179
1591
159220131205
1593 - (djm) OpenBSD CVS Sync
1594   - jmc@cvs.openbsd.org 2013/11/21 08:05:09
1595     [ssh_config.5 sshd_config.5]
1596     no need for .Pp before displays;
1597   - deraadt@cvs.openbsd.org 2013/11/25 18:04:21
1598     [ssh.1 ssh.c]
1599     improve -Q usage and such.  One usage change is that the option is now
1600     case-sensitive
1601     ok dtucker markus djm
1602   - jmc@cvs.openbsd.org 2013/11/26 12:14:54
1603     [ssh.1 ssh.c]
1604     - put -Q in the right place
1605     - Ar was a poor choice for the arguments to -Q. i've chosen an
1606       admittedly equally poor Cm, at least consistent with the rest
1607       of the docs. also no need for multiple instances
1608     - zap a now redundant Nm
1609     - usage() sync
1610   - deraadt@cvs.openbsd.org 2013/11/26 19:15:09
1611     [pkcs11.h]
1612     cleanup 1 << 31 idioms.  Resurrection of this issue pointed out by
1613     Eitan Adler ok markus for ssh, implies same change in kerberosV
1614   - djm@cvs.openbsd.org 2013/12/01 23:19:05
1615     [PROTOCOL]
1616     mention curve25519-sha256@libssh.org key exchange algorithm
1617   - djm@cvs.openbsd.org 2013/12/02 02:50:27
1618     [PROTOCOL.chacha20poly1305]
1619     typo; from Jon Cave
1620   - djm@cvs.openbsd.org 2013/12/02 02:56:17
1621     [ssh-pkcs11-helper.c]
1622     use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC
1623   - djm@cvs.openbsd.org 2013/12/02 03:09:22
1624     [key.c]
1625     make key_to_blob() return a NULL blob on failure; part of
1626     bz#2175 from Loganaden Velvindron @ AfriNIC
1627   - djm@cvs.openbsd.org 2013/12/02 03:13:14
1628     [cipher.c]
1629     correct bzero of chacha20+poly1305 key context. bz#2177 from
1630     Loganaden Velvindron @ AfriNIC
1631
1632     Also make it a memset for consistency with the rest of cipher.c
1633   - djm@cvs.openbsd.org 2013/12/04 04:20:01
1634     [sftp-client.c]
1635     bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
1636     AfriNIC
1637   - djm@cvs.openbsd.org 2013/12/05 01:16:41
1638     [servconf.c servconf.h]
1639     bz#2161 - fix AuthorizedKeysCommand inside a Match block and
1640     rearrange things so the same error is harder to make next time;
1641     with and ok dtucker@
1642 - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
1643   -L location for libedit.  Patch from Serge van den Boom.
1644
164520131121
1646 - (djm) OpenBSD CVS Sync
1647   - dtucker@cvs.openbsd.org 2013/11/08 11:15:19
1648     [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
1649     [uidswap.c] Include stdlib.h for free() as per the man page.
1650   - markus@cvs.openbsd.org 2013/11/13 13:48:20
1651     [ssh-pkcs11.c]
1652     add missing braces found by pedro
1653   - djm@cvs.openbsd.org 2013/11/20 02:19:01
1654     [sshd.c]
1655     delay closure of in/out fds until after "Bad protocol version
1656     identification..." message, as get_remote_ipaddr/get_remote_port
1657     require them open.
1658   - deraadt@cvs.openbsd.org 2013/11/20 20:53:10
1659     [scp.c]
1660     unsigned casts for ctype macros where neccessary
1661     ok guenther millert markus
1662   - deraadt@cvs.openbsd.org 2013/11/20 20:54:10
1663     [canohost.c clientloop.c match.c readconf.c sftp.c]
1664     unsigned casts for ctype macros where neccessary
1665     ok guenther millert markus
1666   - djm@cvs.openbsd.org 2013/11/21 00:45:44
1667     [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c]
1668     [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h]
1669     [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1]
1670     [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport
1671     cipher "chacha20-poly1305@openssh.com" that combines Daniel
1672     Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an
1673     authenticated encryption mode.
1674
1675     Inspired by and similar to Adam Langley's proposal for TLS:
1676     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
1677     but differs in layout used for the MAC calculation and the use of a
1678     second ChaCha20 instance to separately encrypt packet lengths.
1679     Details are in the PROTOCOL.chacha20poly1305 file.
1680
1681     Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC
1682     ok markus@ naddy@
1683   - naddy@cvs.openbsd.org 2013/11/18 05:09:32
1684     [regress/forward-control.sh]
1685     bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164)
1686     to successfully run this; ok djm@
1687   - djm@cvs.openbsd.org 2013/11/21 03:15:46
1688     [regress/krl.sh]
1689     add some reminders for additional tests that I'd like to implement
1690   - djm@cvs.openbsd.org 2013/11/21 03:16:47
1691     [regress/modpipe.c]
1692     use unsigned long long instead of u_int64_t here to avoid warnings
1693     on some systems portable OpenSSH is built on.
1694   - djm@cvs.openbsd.org 2013/11/21 03:18:51
1695     [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh]
1696     [regress/try-ciphers.sh]
1697     use new "ssh -Q cipher-auth" query to obtain lists of authenticated
1698     encryption ciphers instead of specifying them manually; ensures that
1699     the new chacha20poly1305@openssh.com mode is tested;
1700
1701     ok markus@ and naddy@ as part of the diff to add
1702     chacha20poly1305@openssh.com
1703
170420131110
1705 - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by
1706   querying the ones that are compiled in.
1707
170820131109
1709 - (dtucker) OpenBSD CVS Sync
1710   - dtucker@cvs.openbsd.org 2013/11/09 05:41:34
1711     [regress/test-exec.sh regress/rekey.sh]
1712     Use smaller test data files to speed up tests.  Grow test datafiles
1713     where necessary for a specific test.
1714 - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of
1715   NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the
1716   latter actually works before using it.  Fedora (at least) has NID_secp521r1
1717   that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897).
1718 - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test.
1719 - (dtucker) [configure.ac] Add missing "test".
1720 - (dtucker) [key.c] Check for the correct defines for NID_secp521r1.
1721
172220131108
1723 - (dtucker) OpenBSD CVS Sync
1724    - dtucker@cvs.openbsd.org 2013/11/08 01:06:14
1725      [regress/rekey.sh]
1726      Rekey less frequently during tests to speed them up
1727 - (djm) OpenBSD CVS Sync
1728   - dtucker@cvs.openbsd.org 2013/11/07 11:58:27
1729     [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c]
1730     Output the effective values of Ciphers, MACs and KexAlgorithms when
1731     the default has not been overridden.  ok markus@
1732   - djm@cvs.openbsd.org 2013/11/08 00:39:15
1733     [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
1734     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
1735     [sftp-client.c sftp-glob.c]
1736     use calloc for all structure allocations; from markus@
1737   - djm@cvs.openbsd.org 2013/11/08 01:38:11
1738     [version.h]
1739     openssh-6.4
1740 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1741   [contrib/suse/openssh.spec] Update version numbers following release.
1742 - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of
1743   arc4random_stir for platforms that have arc4random but don't have
1744   arc4random_stir (right now this is only OpenBSD -current).
1745 - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have
1746   EVP_sha256.
1747 - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256.
1748 - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile
1749   warnings.
1750 - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform
1751   and pass in TEST_ENV.  use stderr to get polluted
1752   and the stderr-data test to fail.
1753 - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation:
1754   rather than testing and generating each key, call ssh-keygen -A.
1755   Patch from vinschen at redhat.com.
1756 - (dtucker) OpenBSD CVS Sync
1757   - dtucker@cvs.openbsd.org 2013/11/09 05:41:34
1758     [regress/test-exec.sh regress/rekey.sh]
1759     Use smaller test data files to speed up tests.  Grow test datafiles
1760     where necessary for a specific test.
1761
176220131107
1763 - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5)
1764   that got lost in recent merge.
1765 - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff
1766 - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these
1767 - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms
1768   that lack it but have arc4random_uniform()
1769 - (djm) OpenBSD CVS Sync
1770   - markus@cvs.openbsd.org 2013/11/04 11:51:16
1771     [monitor.c]
1772     fix rekeying for KEX_C25519_SHA256; noted by dtucker@
1773     RCSID sync only; I thought this was a merge botch and fixed it already
1774   - markus@cvs.openbsd.org 2013/11/06 16:52:11
1775     [monitor_wrap.c]
1776     fix rekeying for AES-GCM modes; ok deraadt
1777   - djm@cvs.openbsd.org 2013/11/06 23:05:59
1778     [ssh-pkcs11.c]
1779     from portable: s/true/true_val/ to avoid name collisions on dump platforms
1780     RCSID sync only
1781 - (dtucker) OpenBSD CVS Sync
1782   - djm@cvs.openbsd.org 2013/10/09 23:44:14
1783     [regress/Makefile] (ID sync only)
1784     regression test for sftp request white/blacklisting and readonly mode.
1785   - markus@cvs.openbsd.org 2013/11/02 22:39:53
1786     [regress/kextype.sh]
1787     add curve25519-sha256@libssh.org
1788   - dtucker@cvs.openbsd.org 2013/11/04 12:27:42
1789     [regress/rekey.sh]
1790     Test rekeying with all KexAlgorithms.
1791   - dtucker@cvs.openbsd.org 2013/11/07 00:12:05
1792     [regress/rekey.sh]
1793     Test rekeying for every Cipher, MAC and KEX, plus test every KEX with
1794     the GCM ciphers.
1795   - dtucker@cvs.openbsd.org 2013/11/07 01:12:51
1796     [regress/rekey.sh]
1797     Factor out the data transfer rekey tests
1798   - dtucker@cvs.openbsd.org 2013/11/07 02:48:38
1799     [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh]
1800     Use ssh -Q instead of hardcoding lists of ciphers or MACs.
1801   - dtucker@cvs.openbsd.org 2013/11/07 03:55:41
1802     [regress/kextype.sh]
1803     Use ssh -Q to get kex types instead of a static list.
1804   - dtucker@cvs.openbsd.org 2013/11/07 04:26:56
1805     [regress/kextype.sh]
1806     trailing space
1807 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment
1808   variable.  It's no longer used now that we get the supported MACs from
1809   ssh -Q.
1810
181120131104
1812 - (djm) OpenBSD CVS Sync
1813   - markus@cvs.openbsd.org 2013/11/02 20:03:54
1814     [ssh-pkcs11.c]
1815     support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys;
1816     fixes bz#1908; based on patch from Laurent Barbe; ok djm
1817   - markus@cvs.openbsd.org 2013/11/02 21:59:15
1818     [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
1819     use curve25519 for default key exchange (curve25519-sha256@libssh.org);
1820     initial patch from Aris Adamantiadis; ok djm@
1821   - markus@cvs.openbsd.org 2013/11/02 22:10:15
1822     [kexdhs.c kexecdhs.c]
1823     no need to include monitor_wrap.h
1824   - markus@cvs.openbsd.org 2013/11/02 22:24:24
1825     [kexdhs.c kexecdhs.c]
1826     no need to include ssh-gss.h
1827   - markus@cvs.openbsd.org 2013/11/02 22:34:01
1828     [auth-options.c]
1829     no need to include monitor_wrap.h and ssh-gss.h
1830   - markus@cvs.openbsd.org 2013/11/02 22:39:19
1831     [ssh_config.5 sshd_config.5]
1832     the default kex is now curve25519-sha256@libssh.org
1833   - djm@cvs.openbsd.org 2013/11/03 10:37:19
1834     [roaming_common.c]
1835     fix a couple of function definitions foo() -> foo(void)
1836     (-Wold-style-definition)
1837 - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from
1838   KEX/curve25519 change
1839
184020131103
1841 - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep.
1842   From OpenSMTPD where it prevents "implicit declaration" warnings (it's
1843   a no-op in OpenSSH).  From chl at openbsd.
1844 - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd
1845   vsnprintf.  From eric at openbsd via chl@.
1846 - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t
1847   for platforms that don't have them.
1848
184920131030
1850 - (djm) OpenBSD CVS Sync
1851   - djm@cvs.openbsd.org 2013/10/29 09:42:11
1852     [key.c key.h]
1853     fix potential stack exhaustion caused by nested certificates;
1854     report by Mateusz Kocielski; ok dtucker@ markus@
1855   - djm@cvs.openbsd.org 2013/10/29 09:48:02
1856     [servconf.c servconf.h session.c sshd_config sshd_config.5]
1857     shd_config PermitTTY to disallow TTY allocation, mirroring the
1858     longstanding no-pty authorized_keys option;
1859     bz#2070, patch from Teran McKinney; ok markus@
1860   - jmc@cvs.openbsd.org 2013/10/29 18:49:32
1861     [sshd_config.5]
1862     pty(4), not pty(7);
1863
186420131026
1865 - (djm) OpenBSD CVS Sync
1866   - djm@cvs.openbsd.org 2013/10/25 23:04:51
1867     [ssh.c]
1868     fix crash when using ProxyCommand caused by previous commit - was calling
1869     freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@
1870
187120131025
1872 - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove
1873   unnecessary arc4random_stir() calls. The only ones left are to ensure
1874   that the PRNG gets a different state after fork() for platforms that
1875   have broken the API.
1876
187720131024
1878 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check
1879   rather than full client name which may be of form user@REALM;
1880   patch from Miguel Sanders; ok dtucker@
1881 - (djm) OpenBSD CVS Sync
1882   - dtucker@cvs.openbsd.org 2013/10/23 05:40:58
1883     [servconf.c]
1884     fix comment
1885   - djm@cvs.openbsd.org 2013/10/23 23:35:32
1886     [sshd.c]
1887     include local address and port in "Connection from ..." message (only
1888     shown at loglevel>=verbose)
1889   - dtucker@cvs.openbsd.org 2013/10/24 00:49:49
1890     [moduli.c]
1891     Periodically print progress and, if possible, expected time to completion
1892     when screening moduli for DH groups.  ok deraadt djm
1893   - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
1894     [readconf.c servconf.c ssh_config.5 sshd_config.5]
1895     Disallow empty Match statements and add "Match all" which matches
1896     everything.  ok djm, man page help jmc@
1897   - djm@cvs.openbsd.org 2013/10/24 08:19:36
1898     [ssh.c]
1899     fix bug introduced in hostname canonicalisation commit: don't try to
1900     resolve hostnames when a ProxyCommand is set unless the user has forced
1901     canonicalisation; spotted by Iain Morgan
1902 - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd"
1903
190420131023
1905 - (djm) OpenBSD CVS Sync
1906   - djm@cvs.openbsd.org 2013/10/20 04:39:28
1907     [ssh_config.5]
1908     document % expansions performed by "Match command ..."
1909   - djm@cvs.openbsd.org 2013/10/20 06:19:28
1910     [readconf.c ssh_config.5]
1911     rename "command" subclause of the recently-added "Match" keyword to
1912     "exec"; it's shorter, clearer in intent and we might want to add the
1913     ability to match against the command being executed at the remote end in
1914     the future.
1915   - djm@cvs.openbsd.org 2013/10/20 09:51:26
1916     [scp.1 sftp.1]
1917     add canonicalisation options to -o lists
1918   - jmc@cvs.openbsd.org 2013/10/20 18:00:13
1919     [ssh_config.5]
1920     tweak the "exec" description, as worded by djm;
1921   - djm@cvs.openbsd.org 2013/10/23 03:03:07
1922     [readconf.c]
1923     Hostname may have %h sequences that should be expanded prior to Match
1924     evaluation; spotted by Iain Morgan
1925   - djm@cvs.openbsd.org 2013/10/23 03:05:19
1926     [readconf.c ssh.c]
1927     comment
1928   - djm@cvs.openbsd.org 2013/10/23 04:16:22
1929     [ssh-keygen.c]
1930     Make code match documentation: relative-specified certificate expiry time
1931     should be relative to current time and not the validity start time.
1932     Reported by Petr Lautrbach; ok deraadt@
1933
193420131018
1935 - (djm) OpenBSD CVS Sync
1936   - djm@cvs.openbsd.org 2013/10/09 23:44:14
1937     [regress/Makefile regress/sftp-perm.sh]
1938     regression test for sftp request white/blacklisting and readonly mode.
1939   - jmc@cvs.openbsd.org 2013/10/17 07:35:48
1940     [sftp.1 sftp.c]
1941     tweak previous;
1942   - djm@cvs.openbsd.org 2013/10/17 22:08:04
1943     [sshd.c]
1944     include remote port in bad banner message; bz#2162
1945
194620131017
1947 - (djm) OpenBSD CVS Sync
1948   - jmc@cvs.openbsd.org 2013/10/15 14:10:25
1949     [ssh.1 ssh_config.5]
1950     tweak previous;
1951   - djm@cvs.openbsd.org 2013/10/16 02:31:47
1952     [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5]
1953     [sshconnect.c sshconnect.h]
1954     Implement client-side hostname canonicalisation to allow an explicit
1955     search path of domain suffixes to use to convert unqualified host names
1956     to fully-qualified ones for host key matching.
1957     This is particularly useful for host certificates, which would otherwise
1958     need to list unqualified names alongside fully-qualified ones (and this
1959     causes a number of problems).
1960     "looks fine" markus@
1961   - jmc@cvs.openbsd.org 2013/10/16 06:42:25
1962     [ssh_config.5]
1963     tweak previous;
1964   - djm@cvs.openbsd.org 2013/10/16 22:49:39
1965     [readconf.c readconf.h ssh.1 ssh.c ssh_config.5]
1966     s/canonicalise/canonicalize/ for consistency with existing spelling,
1967     e.g. authorized_keys; pointed out by naddy@
1968   - djm@cvs.openbsd.org 2013/10/16 22:58:01
1969     [ssh.c ssh_config.5]
1970     one I missed in previous: s/isation/ization/
1971   - djm@cvs.openbsd.org 2013/10/17 00:30:13
1972     [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c]
1973     fsync@openssh.com protocol extension for sftp-server
1974     client support to allow calling fsync() faster successful transfer
1975     patch mostly by imorgan AT nas.nasa.gov; bz#1798
1976     "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
1977   - djm@cvs.openbsd.org 2013/10/17 00:46:49
1978     [ssh.c]
1979     rearrange check to reduce diff against -portable
1980     (Id sync only)
1981
198220131015
1983 - (djm) OpenBSD CVS Sync
1984   - djm@cvs.openbsd.org 2013/10/09 23:42:17
1985     [sftp-server.8 sftp-server.c]
1986     Add ability to whitelist and/or blacklist sftp protocol requests by name.
1987     Refactor dispatch loop and consolidate read-only mode checks.
1988     Make global variables static, since sftp-server is linked into sshd(8).
1989     ok dtucker@
1990   - djm@cvs.openbsd.org 2013/10/10 00:53:25
1991     [sftp-server.c]
1992     add -Q, -P and -p to usage() before jmc@ catches me
1993   - djm@cvs.openbsd.org 2013/10/10 01:43:03
1994     [sshd.c]
1995     bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly
1996     updated; ok dtucker@
1997   - djm@cvs.openbsd.org 2013/10/11 02:45:36
1998     [sftp-client.c]
1999     rename flag arguments to be more clear and consistent.
2000     reorder some internal function arguments to make adding additional flags
2001     easier.
2002     no functional change
2003   - djm@cvs.openbsd.org 2013/10/11 02:52:23
2004     [sftp-client.c]
2005     missed one arg reorder
2006   - djm@cvs.openbsd.org 2013/10/11 02:53:45
2007     [sftp-client.h]
2008     obsolete comment
2009   - jmc@cvs.openbsd.org 2013/10/14 14:18:56
2010     [sftp-server.8 sftp-server.c]
2011     tweak previous;
2012     ok djm
2013   - djm@cvs.openbsd.org 2013/10/14 21:20:52
2014     [session.c session.h]
2015     Add logging of session starts in a useful format; ok markus@ feedback and
2016     ok dtucker@
2017   - djm@cvs.openbsd.org 2013/10/14 22:22:05
2018     [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5]
2019     add a "Match" keyword to ssh_config that allows matching on hostname,
2020     user and result of arbitrary commands. "nice work" markus@
2021   - djm@cvs.openbsd.org 2013/10/14 23:28:23
2022     [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c]
2023     refactor client config code a little:
2024     add multistate option partsing to readconf.c, similar to servconf.c's
2025     existing code.
2026     move checking of options that accept "none" as an argument to readconf.c
2027     add a lowercase() function and use it instead of explicit tolower() in
2028     loops
2029     part of a larger diff that was ok markus@
2030   - djm@cvs.openbsd.org 2013/10/14 23:31:01
2031     [ssh.c]
2032     whitespace at EOL; pointed out by markus@
2033 - [ssh.c] g/c unused variable.
2034
203520131010
2036 - (dtucker) OpenBSD CVS Sync
2037   - sthen@cvs.openbsd.org 2013/09/16 11:35:43
2038     [ssh_config]
2039     Remove gssapi config parts from ssh_config, as was already done for
2040     sshd_config.  Req by/ok ajacoutot@
2041     ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2042   - djm@cvs.openbsd.org 2013/09/19 00:24:52
2043     [progressmeter.c]
2044     store the initial file offset so the progress meter doesn't freak out
2045     when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@`
2046   - djm@cvs.openbsd.org 2013/09/19 00:49:12
2047     [sftp-client.c]
2048     fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan
2049   - djm@cvs.openbsd.org 2013/09/19 01:24:46
2050     [channels.c]
2051     bz#1297 - tell the client (via packet_send_debug) when their preferred
2052     listen address has been overridden by the server's GatewayPorts;
2053     ok dtucker@
2054   - djm@cvs.openbsd.org 2013/09/19 01:26:29
2055     [sshconnect.c]
2056     bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from
2057     swp AT swp.pp.ru; ok dtucker@
2058   - dtucker@cvs.openbsd.org 2013/10/08 11:42:13
2059     [dh.c dh.h]
2060     Increase the size of the Diffie-Hellman groups requested for a each
2061     symmetric key size.  New values from NIST Special Publication 800-57 with
2062     the upper limit specified by RFC4419.  Pointed out by Peter Backes, ok
2063     djm@.
2064
206520131009
2066 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull
2067   in OpenBSD implementation of arc4random, shortly to replace the existing
2068   bsd-arc4random.c
2069 - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c]
2070   [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random
2071   implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@,
2072   tested tim@
2073
207420130922
2075 - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj
2076   setting when handling SIGHUP to maintain behaviour over retart.  Patch
2077   from Matthew Ife.
2078
207920130918
2080 - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu.
2081
208220130914
2083 - (djm) OpenBSD CVS Sync
2084   - djm@cvs.openbsd.org 2013/08/22 19:02:21
2085     [sshd.c]
2086     Stir PRNG after post-accept fork. The child gets a different PRNG state
2087     anyway via rexec and explicit privsep reseeds, but it's good to be sure.
2088     ok markus@
2089   - mikeb@cvs.openbsd.org 2013/08/28 12:34:27
2090     [ssh-keygen.c]
2091     improve batch processing a bit by making use of the quite flag a bit
2092     more often and exit with a non zero code if asked to find a hostname
2093     in a known_hosts file and it wasn't there;
2094     originally from reyk@,  ok djm
2095   - djm@cvs.openbsd.org 2013/08/31 00:13:54
2096     [sftp.c]
2097     make ^w match ksh behaviour (delete previous word instead of entire line)
2098   - deraadt@cvs.openbsd.org 2013/09/02 22:00:34
2099     [ssh-keygen.c sshconnect1.c sshd.c]
2100     All the instances of arc4random_stir() are bogus, since arc4random()
2101     does this itself, inside itself, and has for a very long time..  Actually,
2102     this was probably reducing the entropy available.
2103     ok djm
2104     ID SYNC ONLY for portable; we don't trust other arc4random implementations
2105     to do this right.
2106   - sthen@cvs.openbsd.org 2013/09/07 13:53:11
2107     [sshd_config]
2108     Remove commented-out kerberos/gssapi config options from sample config,
2109     kerberos support is currently not enabled in ssh in OpenBSD. Discussed with
2110     various people; ok deraadt@
2111     ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular
2112   - djm@cvs.openbsd.org 2013/09/12 01:41:12
2113     [clientloop.c]
2114     fix connection crash when sending break (~B) on ControlPersist'd session;
2115     ok dtucker@
2116   - djm@cvs.openbsd.org 2013/09/13 06:54:34
2117     [channels.c]
2118     avoid unaligned access in code that reused a buffer to send a
2119     struct in_addr in a reply; simpler just use use buffer_put_int();
2120     from portable; spotted by and ok dtucker@
2121
212220130828
2123 - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the
2124   'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we
2125   start to use them in the future.
2126 - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits
2127   until we have configure support.
2128
212920130821
2130 - (djm) OpenBSD CVS Sync
2131   - djm@cvs.openbsd.org 2013/08/06 23:03:49
2132     [sftp.c]
2133     fix some whitespace at EOL
2134     make list of commands an enum rather than a long list of defines
2135     add -a to usage()
2136   - djm@cvs.openbsd.org 2013/08/06 23:05:01
2137     [sftp.1]
2138     document top-level -a option (the -a option to 'get' was already
2139     documented)
2140   - djm@cvs.openbsd.org 2013/08/06 23:06:01
2141     [servconf.c]
2142     add cast to avoid format warning; from portable
2143   - jmc@cvs.openbsd.org 2013/08/07 06:24:51
2144     [sftp.1 sftp.c]
2145     sort -a;
2146   - djm@cvs.openbsd.org 2013/08/08 04:52:04
2147     [sftp.c]
2148     fix two year old regression: symlinking a file would incorrectly
2149     canonicalise the target path. bz#2129 report from delphij AT freebsd.org
2150   - djm@cvs.openbsd.org 2013/08/08 05:04:03
2151     [sftp-client.c sftp-client.h sftp.c]
2152     add a "-l" flag for the rename command to force it to use the silly
2153     standard SSH_FXP_RENAME command instead of the POSIX-rename- like
2154     posix-rename@openssh.com extension.
2155
2156     intended for use in regress tests, so no documentation.
2157   - djm@cvs.openbsd.org 2013/08/09 03:37:25
2158     [sftp.c]
2159     do getopt parsing for all sftp commands (with an empty optstring for
2160     commands without arguments) to ensure consistent behaviour
2161   - djm@cvs.openbsd.org 2013/08/09 03:39:13
2162     [sftp-client.c]
2163     two problems found by a to-be-committed regress test: 1) msg_id was not
2164     being initialised so was starting at a random value from the heap
2165     (harmless, but confusing). 2) some error conditions were not being
2166     propagated back to the caller
2167   - djm@cvs.openbsd.org 2013/08/09 03:56:42
2168     [sftp.c]
2169     enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word;
2170     matching ksh's relatively recent change.
2171   - djm@cvs.openbsd.org 2013/08/13 18:32:08
2172     [ssh-keygen.c]
2173     typo in error message; from Stephan Rickauer
2174   - djm@cvs.openbsd.org 2013/08/13 18:33:08
2175     [ssh-keygen.c]
2176     another of the same typo
2177   - jmc@cvs.openbsd.org 2013/08/14 08:39:27
2178     [scp.1 ssh.1]
2179     some Bx/Ox conversion;
2180     From: Jan Stary
2181   - djm@cvs.openbsd.org 2013/08/20 00:11:38
2182     [readconf.c readconf.h ssh_config.5 sshconnect.c]
2183     Add a ssh_config ProxyUseFDPass option that supports the use of
2184     ProxyCommands that establish a connection and then pass a connected
2185     file descriptor back to ssh(1). This allows the ProxyCommand to exit
2186     rather than have to shuffle data back and forth and enables ssh to use
2187     getpeername, etc. to obtain address information just like it does with
2188     regular directly-connected sockets. ok markus@
2189   - jmc@cvs.openbsd.org 2013/08/20 06:56:07
2190     [ssh.1 ssh_config.5]
2191     some proxyusefdpass tweaks;
2192
219320130808
2194 - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
2195   since some platforms (eg really old FreeBSD) don't have it.  Instead,
2196   run "make clean" before a complete regress run.  ok djm.
2197 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
2198   CLOCK_MONOTONIC...) fails.  Some older versions of RHEL have the
2199   CLOCK_MONOTONIC define but don't actually support it.  Found and tested
2200   by Kevin Brott, ok djm.
2201 - (dtucker) [misc.c] Remove define added for fallback testing that was
2202   mistakenly included in the previous commit.
2203 - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
2204   removal.  The "make clean" removes modpipe which is built by the top-level
2205   directory before running the tests.  Spotted by tim@
2206 - (djm) Release 6.3p1
2207
220820130804
2209 - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
2210   for building with older Heimdal versions.  ok djm.
2211
221220130801
2213 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
2214   blocking connecting socket will clear any stored errno that might
2215   otherwise have been retrievable via getsockopt(). A hack to limit writes
2216   to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
2217   it in an #ifdef. Diagnosis and patch from Ivo Raisr.
2218 - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
2219
222020130725
2221 - (djm) OpenBSD CVS Sync
2222   - djm@cvs.openbsd.org 2013/07/20 22:20:42
2223     [krl.c]
2224     fix verification error in (as-yet usused) KRL signature checking path
2225   - djm@cvs.openbsd.org 2013/07/22 05:00:17
2226     [umac.c]
2227     make MAC key, data to be hashed and nonce for final hash const;
2228     checked with -Wcast-qual
2229   - djm@cvs.openbsd.org 2013/07/22 12:20:02
2230     [umac.h]
2231     oops, forgot to commit corresponding header change;
2232     spotted by jsg and jasper
2233   - djm@cvs.openbsd.org 2013/07/25 00:29:10
2234     [ssh.c]
2235     daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
2236     it is fully detached from its controlling terminal. based on debugging
2237   - djm@cvs.openbsd.org 2013/07/25 00:56:52
2238     [sftp-client.c sftp-client.h sftp.1 sftp.c]
2239     sftp support for resuming partial downloads; patch mostly by Loganaden
2240     Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
2241     "Just be careful" deraadt@
2242   - djm@cvs.openbsd.org 2013/07/25 00:57:37
2243     [version.h]
2244     openssh-6.3 for release
2245   - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
2246     [regress/test-exec.sh]
2247     use ssh and sshd as testdata since it needs to be >256k for the rekey test
2248   - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
2249     [regress/forwarding.sh]
2250     Add test for forward config parsing
2251   - djm@cvs.openbsd.org 2013/06/21 02:26:26
2252     [regress/sftp-cmds.sh regress/test-exec.sh]
2253     unbreak sftp-cmds for renamed test data (s/ls/data/)
2254 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
2255   Solaris and UnixWare. Feedback and OK djm@
2256 - (tim) [regress/forwarding.sh] Fix for building outside source tree.
2257
225820130720
2259 - (djm) OpenBSD CVS Sync
2260   - markus@cvs.openbsd.org 2013/07/19 07:37:48
2261     [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
2262     [servconf.h session.c sshd.c sshd_config.5]
2263     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
2264     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
2265     ok djm@
2266   - djm@cvs.openbsd.org 2013/07/20 01:43:46
2267     [umac.c]
2268     use a union to ensure correct alignment; ok deraadt
2269   - djm@cvs.openbsd.org 2013/07/20 01:44:37
2270     [ssh-keygen.c ssh.c]
2271     More useful error message on missing current user in /etc/passwd
2272   - djm@cvs.openbsd.org 2013/07/20 01:50:20
2273     [ssh-agent.c]
2274     call cleanup_handler on SIGINT when in debug mode to ensure sockets
2275     are cleaned up on manual exit; bz#2120
2276   - djm@cvs.openbsd.org 2013/07/20 01:55:13
2277     [auth-krb5.c gss-serv-krb5.c gss-serv.c]
2278     fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
2279
228020130718
2281 - (djm) OpenBSD CVS Sync
2282   - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
2283     [readconf.c]
2284     revert 1.203 while we investigate crashes reported by okan@
2285   - guenther@cvs.openbsd.org 2013/06/17 04:48:42
2286     [scp.c]
2287     Handle time_t values as long long's when formatting them and when
2288     parsing them from remote servers.
2289     Improve error checking in parsing of 'T' lines.
2290     ok dtucker@ deraadt@
2291   - markus@cvs.openbsd.org 2013/06/20 19:15:06
2292     [krl.c]
2293     don't leak the rdata blob on errors; ok djm@
2294   - djm@cvs.openbsd.org 2013/06/21 00:34:49
2295     [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
2296     for hostbased authentication, print the client host and user on
2297     the auth success/failure line; bz#2064, ok dtucker@
2298   - djm@cvs.openbsd.org 2013/06/21 00:37:49
2299     [ssh_config.5]
2300     explicitly mention that IdentitiesOnly can be used with IdentityFile
2301     to control which keys are offered from an agent.
2302   - djm@cvs.openbsd.org 2013/06/21 05:42:32
2303     [dh.c]
2304     sprinkle in some error() to explain moduli(5) parse failures
2305   - djm@cvs.openbsd.org 2013/06/21 05:43:10
2306     [scp.c]
2307     make this -Wsign-compare clean after time_t conversion
2308   - djm@cvs.openbsd.org 2013/06/22 06:31:57
2309     [scp.c]
2310     improved time_t overflow check suggested by guenther@
2311   - jmc@cvs.openbsd.org 2013/06/27 14:05:37
2312     [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2313     do not use Sx for sections outwith the man page - ingo informs me that
2314     stuff like html will render with broken links;
2315     issue reported by Eric S. Raymond, via djm
2316   - markus@cvs.openbsd.org 2013/07/02 12:31:43
2317     [dh.c]
2318     remove extra whitespace
2319   - djm@cvs.openbsd.org 2013/07/12 00:19:59
2320     [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
2321     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
2322     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2323   - djm@cvs.openbsd.org 2013/07/12 00:20:00
2324     [sftp.c ssh-keygen.c ssh-pkcs11.c]
2325     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
2326   - djm@cvs.openbsd.org 2013/07/12 00:43:50
2327     [misc.c]
2328     in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
2329     errno == 0. Avoids confusing error message in some broken resolver
2330     cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
2331   - djm@cvs.openbsd.org 2013/07/12 05:42:03
2332     [ssh-keygen.c]
2333     do_print_resource_record() can never be called with a NULL filename, so
2334     don't attempt (and bungle) asking for one if it has not been specified
2335     bz#2127 ok dtucker@
2336   - djm@cvs.openbsd.org 2013/07/12 05:48:55
2337     [ssh.c]
2338     set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
2339   - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
2340     [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
2341     use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
2342   - djm@cvs.openbsd.org 2013/07/18 01:12:26
2343     [ssh.1]
2344     be more exact wrt perms for ~/.ssh/config; bz#2078
2345
234620130702
2347 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
2348   contrib/cygwin/ssh-user-config] Modernizes and improve readability of
2349   the Cygwin README file (which hasn't been updated for ages), drop
2350   unsupported OSes from the ssh-host-config help text, and drop an
2351   unneeded option from ssh-user-config.  Patch from vinschen at redhat com.
2352
235320130610
2354 - (djm) OpenBSD CVS Sync
2355   - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
2356     [channels.c channels.h clientloop.c]
2357     Add an "ABANDONED" channel state and use for mux sessions that are
2358     disconnected via the ~. escape sequence.  Channels in this state will
2359     be able to close if the server responds, but do not count as active channels.
2360     This means that if you ~. all of the mux clients when using ControlPersist
2361     on a broken network, the backgrounded mux master will exit when the
2362     Control Persist time expires rather than hanging around indefinitely.
2363     bz#1917, also reported and tested by tedu@.  ok djm@ markus@.
2364 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
2365   algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
2366 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
2367   the required OpenSSL support.  Patch from naddy at freebsd.
2368 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
2369   and add some comments so it's clear what goes where.
2370
237120130605
2372 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
2373   the necessary functions, not from the openssl version.
2374 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
2375   Patch from cjwatson at debian.
2376 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
2377   forwarding test is extremely slow copying data on some machines so switch
2378   back to copying the much smaller ls binary until we can figure out why
2379   this is.
2380 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
2381   modpipe in case there's anything in there we need.
2382 - (dtucker) OpenBSD CVS Sync
2383   - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
2384     [channels.h]
2385     typo in comment
2386   - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
2387     [clientloop.h clientloop.c mux.c]
2388     No need for the mux cleanup callback to be visible so restore it to static
2389     and call it through the detach_user function pointer.  ok djm@
2390   - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
2391     [mac.c]
2392     force the MAC output to be 64-bit aligned so umac won't see unaligned
2393     accesses on strict-alignment architectures.  bz#2101, patch from
2394     tomas.kuthan at oracle.com, ok djm@
2395   - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
2396     [scp.c]
2397     use MAXPATHLEN for buffer size instead of fixed value.  ok markus
2398   - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
2399     [sftp.c]
2400     Make sftp's libedit interface marginally multibyte aware by building up
2401     the quoted string by character instead of by byte.  Prevents failures
2402     when linked against a libedit built with wide character support (bz#1990).
2403     "looks ok" djm
2404   - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
2405     [mux.c]
2406     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
2407     ok djm
2408   - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
2409     [sshd.c]
2410     When running sshd -D, close stderr unless we have explicitly requesting
2411     logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
2412     so, err, ok dtucker.
2413   - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
2414     [sshconnect2.c]
2415     Fix memory leaks found by Zhenbo Xu and the Melton tool.  bz#1967, ok djm
2416   - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
2417     [readconf.c]
2418     plug another memleak.  bz#1967, from Zhenbo Xu, detected by Melton, ok djm
2419 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
2420    platforms that don't have multibyte character support (specifically,
2421    mblen).
2422
242320130602
2424 - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
2425   linking regress/modpipe.
2426 - (dtucker) OpenBSD CVS Sync
2427   - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
2428     [progressmeter.c]
2429     Add misc.h for monotime prototype. (ID sync only).
2430   - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
2431     [ssh-agent.c]
2432     Make parent_alive_interval time_t to avoid signed/unsigned comparison
2433 - (dtucker) [configure.ac]  sys/un.h needs sys/socket.h on some platforms
2434   to prevent noise from configure. Patch from Nathan Osman. (bz#2114).
2435 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
2436   Patch from Nathan Osman.
2437 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
2438   need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
2439   dealing with shell portability issues in regression tests, we let
2440   configure find us a capable shell on those platforms with an old /bin/sh.
2441 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
2442   feedback and ok dtucker
2443 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
2444 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
2445 - (dtucker) [configure.ac] Some other platforms need sys/types.h before
2446   sys/socket.h.
2447
244820130601
2449 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
2450   using openssl's DES_crypt function on platorms that don't have a native
2451   one, eg Android.  Based on a patch from Nathan Osman.
2452 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
2453   rather than trying to enumerate the plaforms that don't have them.
2454   Based on a patch from Nathan Osman, with help from tim@.
2455 - (dtucker) OpenBSD CVS Sync
2456   - djm@cvs.openbsd.org 2013/05/17 00:13:13
2457     [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
2458     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
2459     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
2460     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
2461     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
2462     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
2463     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
2464     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
2465     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
2466     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
2467     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
2468     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
2469     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
2470     dns.c packet.c readpass.c authfd.c moduli.c]
2471     bye, bye xfree(); ok markus@
2472   - djm@cvs.openbsd.org 2013/05/19 02:38:28
2473     [auth2-pubkey.c]
2474     fix failure to recognise cert-authority keys if a key of a different type
2475     appeared in authorized_keys before it; ok markus@
2476   - djm@cvs.openbsd.org 2013/05/19 02:42:42
2477     [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
2478     Standardise logging of supplemental information during userauth. Keys
2479     and ruser is now logged in the auth success/failure message alongside
2480     the local username, remote host/port and protocol in use. Certificates
2481     contents and CA are logged too.
2482     Pushing all logging onto a single line simplifies log analysis as it is
2483     no longer necessary to relate information scattered across multiple log
2484     entries. "I like it" markus@
2485   - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
2486     [ssh-agent.c]
2487     Use time_t where appropriate.  ok djm
2488   - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
2489     [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
2490     channels.c sandbox-systrace.c]
2491     Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
2492     keepalives and rekeying will work properly over clock steps.  Suggested by
2493     markus@, "looks good" djm@.
2494   - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
2495     [scp.c sftp-client.c]
2496     Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.  Patch
2497     from Nathan Osman via bz#2085.  ok deraadt.
2498   - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
2499     [sftp-client.c]
2500     Update progressmeter when data is acked, not when it's sent.  bz#2108, from
2501     Debian via Colin Watson, ok djm@
2502 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
2503   groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
2504   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
2505   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
2506   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
2507   with the equivalent calls to free.
2508 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
2509   back to time(NULL) if we can't find it anywhere.
2510 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
2511
251220130529
2513  - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
2514    implementation of endgrent for platforms that don't have it (eg Android).
2515    Loosely based on a patch from Nathan Osman, ok djm
2516
2517 20130517
2518 - (dtucker) OpenBSD CVS Sync
2519   - djm@cvs.openbsd.org 2013/03/07 00:20:34
2520     [regress/proxy-connect.sh]
2521     repeat test with a style appended to the username
2522   - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
2523     [regress/test-exec.sh]
2524     Only regenerate host keys if they don't exist or if ssh-keygen has changed
2525     since they were.  Reduces test runtime by 5-30% depending on machine
2526     speed.
2527   - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
2528     [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
2529     regress/multiplex.sh Makefile regress/cfgmatch.sh]
2530     Split the regress log into 3 parts: the debug output from ssh, the debug
2531     log from sshd and the output from the client command (ssh, scp or sftp).
2532     Somewhat functional now, will become more useful when ssh/sshd -E is added.
2533   - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
2534     [regress/Makefile regress/rekey.sh regress/integrity.sh
2535     regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
2536     use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
2537     save the output from any failing tests.  If a test fails the debug output
2538     from ssh and sshd for the failing tests (and only the failing tests) should
2539     be available in failed-ssh{,d}.log.
2540   - djm@cvs.openbsd.org 2013/04/18 02:46:12
2541     [regress/Makefile regress/sftp-chroot.sh]
2542     test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
2543   - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
2544     [regress/multiplex.sh]
2545     Write mux master logs to regress.log instead of ssh.log to keep separate
2546   - djm@cvs.openbsd.org 2013/05/10 03:46:14
2547     [regress/modpipe.c]
2548     sync some portability changes from portable OpenSSH (id sync only)
2549   - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
2550     [regress/rekey.sh]
2551     Add test for time-based rekeying
2552   - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
2553     [regress/rekey.sh]
2554     test rekeying when there's no data being transferred
2555   - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
2556     [regress/rekey.sh]
2557     add server-side rekey test
2558   - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
2559     [regress/rekey.sh]
2560     add tests for RekeyLimit parsing
2561   - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
2562     [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
2563     regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
2564     regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
2565     regress/ssh-com.sh]
2566     replace 'echo -n' with 'printf' since it's more portable
2567     also remove "echon" hack.
2568   - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
2569     [regress/agent-timeout.sh]
2570     Pull back some portability changes from -portable:
2571      - TIMEOUT is a read-only variable in some shells
2572      - not all greps have -q so redirect to /dev/null instead.
2573     (ID sync only)
2574   - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
2575     [regress/integrity.sh]
2576     don't print output from ssh before getting it (it's available in ssh.log)
2577   - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
2578     [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
2579     regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
2580     regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
2581     regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
2582     regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
2583     regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
2584     regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
2585     regress/multiplex.sh]
2586     Move the setting of DATA and COPY into test-exec.sh
2587   - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
2588     [regress/try-ciphers.sh]
2589     use expr for math to keep diffs vs portable down
2590     (id sync only)
2591   - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
2592     [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
2593     Use SUDO when cat'ing pid files and running the sshd log wrapper so that
2594     it works with a restrictive umask and the pid files are not world readable.
2595     Changes from -portable.  (id sync only)
2596   - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
2597     [regress/localcommand.sh]
2598     use backticks for portability. (id sync only)
2599   - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
2600     [regress/sftp-badcmds.sh]
2601     remove unused BATCH variable. (id sync only)
2602   - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
2603     [regress/sftp.sh]
2604     only compare copied data if sftp succeeds.  from portable (id sync only)
2605   - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
2606     [regress/test-exec.sh]
2607     wait a bit longer for startup and use case for absolute path.
2608     from portable (id sync only)
2609   - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
2610     [regress/agent-getpeereid.sh]
2611     don't redirect stdout from sudo.  from portable (id sync only)
2612   - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
2613     [regress/portnum.sh]
2614     use a more portable negated if structure.  from portable (id sync only)
2615   - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
2616     [regress/scp.sh]
2617     use a file extention that's not special on some platforms.  from portable
2618     (id sync only)
2619 - (dtucker) [regress/bsd.regress.mk] Remove unused file.  We've never used it
2620   in portable and it's long gone in openbsd.
2621 - (dtucker) [regress/integrity.sh].  Force fixed Diffie-Hellman key exchange
2622   methods.  When the openssl version doesn't support ECDH then next one on
2623   the list is DH group exchange, but that causes a bit more traffic which can
2624   mean that the tests flip bits in the initial exchange rather than the MACed
2625   traffic and we get different errors to what the tests look for.
2626 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
2627 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
2628 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
2629 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
2630   Move the jot helper function to portable-specific part of test-exec.sh.
2631 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
2632   together and add a couple of missing lines from openbsd.
2633 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
2634   helper function to the portable part of test-exec.sh.
2635 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
2636 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
2637   rev 1.6 which calls wait.
2638
263920130516
2640 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
2641    executed if mktemp failed; bz#2105 ok dtucker@
2642 - (dtucker) OpenBSD CVS Sync
2643   - tedu@cvs.openbsd.org 2013/04/23 17:49:45
2644     [misc.c]
2645     use xasprintf instead of a series of strlcats and strdup. ok djm
2646   - tedu@cvs.openbsd.org 2013/04/24 16:01:46
2647     [misc.c]
2648     remove extra parens noticed by nicm
2649   - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
2650     [sftp-server.8]
2651     Reference the version of the sftp draft we actually implement.  ok djm@
2652   - djm@cvs.openbsd.org 2013/05/10 03:40:07
2653     [sshconnect2.c]
2654     fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
2655     Colin Watson
2656   - djm@cvs.openbsd.org 2013/05/10 04:08:01
2657     [key.c]
2658     memleak in cert_free(), wasn't actually freeing the struct;
2659     bz#2096 from shm AT digitalsun.pl
2660   - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
2661     [ssh-pkcs11-helper.c]
2662     remove unused extern optarg.  ok markus@
2663   - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
2664     [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
2665     ssh_config.5 packet.h]
2666     Add an optional second argument to RekeyLimit in the client to allow
2667     rekeying based on elapsed time in addition to amount of traffic.
2668     with djm@ jmc@, ok djm
2669   - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
2670     [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
2671     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
2672     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
2673     page.
2674   - djm@cvs.openbsd.org 2013/05/16 04:27:50
2675     [ssh_config.5 readconf.h readconf.c]
2676     add the ability to ignore specific unrecognised ssh_config options;
2677     bz#866; ok markus@
2678   - jmc@cvs.openbsd.org 2013/05/16 06:28:45
2679     [ssh_config.5]
2680     put IgnoreUnknown in the right place;
2681   - jmc@cvs.openbsd.org 2013/05/16 06:30:06
2682     [sshd_config.5]
2683     oops! avoid Xr to self;
2684   - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
2685     [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
2686     Fix some "unused result" warnings found via clang and -portable.
2687     ok markus@
2688   - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
2689     [readconf.c servconf.c]
2690     switch RekeyLimit traffic volume parsing to scan_scaled.  ok djm@
2691   - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
2692     [servconf.c readconf.c]
2693     remove now-unused variables
2694   - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
2695     [servconf.c]
2696     remove another now-unused variable
2697 - (dtucker) [configure.ac readconf.c servconf.c
2698     openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
2699
270020130510
2701 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
2702   supports it.  Mentioned by Colin Watson in bz#2100, ok djm.
2703 - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
2704   getopt.c.  Preprocessed source is identical other than line numbers.
2705 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD.  No
2706   portability changes yet.
2707 - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
2708   openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
2709   portability code to getopt_long.c and switch over Makefile and the ugly
2710   hack in modpipe.c.  Fixes bz#1448.
2711 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
2712   openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
2713   in to use it when we're using our own getopt.
2714 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
2715   underlying libraries support them.
2716 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
2717   we don't get a warning on compilers that *don't* support it.  Add
2718   -Wno-unknown-warning-option.  Move both to the start of the list for
2719   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
2720
272120130423
2722 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
2723   platforms, such as Android, that lack struct passwd.pw_gecos. Report
2724   and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
2725 - (djm) OpenBSD CVS Sync
2726   - markus@cvs.openbsd.org 2013/03/05 20:16:09
2727     [sshconnect2.c]
2728     reset pubkey order on partial success; ok djm@
2729   - djm@cvs.openbsd.org 2013/03/06 23:35:23
2730     [session.c]
2731     fatal() when ChrootDirectory specified by running without root privileges;
2732     ok markus@
2733   - djm@cvs.openbsd.org 2013/03/06 23:36:53
2734     [readconf.c]
2735     g/c unused variable (-Wunused)
2736   - djm@cvs.openbsd.org 2013/03/07 00:19:59
2737     [auth2-pubkey.c monitor.c]
2738     reconstruct the original username that was sent by the client, which may
2739     have included a style (e.g. "root:skey") when checking public key
2740     signatures. Fixes public key and hostbased auth when the client specified
2741     a style; ok markus@
2742   - markus@cvs.openbsd.org 2013/03/07 19:27:25
2743     [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
2744     add submethod support to AuthenticationMethods; ok and freedback djm@
2745   - djm@cvs.openbsd.org 2013/03/08 06:32:58
2746     [ssh.c]
2747     allow "ssh -f none ..." ok markus@
2748   - djm@cvs.openbsd.org 2013/04/05 00:14:00
2749     [auth2-gss.c krl.c sshconnect2.c]
2750     hush some {unused, printf type} warnings
2751   - djm@cvs.openbsd.org 2013/04/05 00:31:49
2752     [pathnames.h]
2753     use the existing _PATH_SSH_USER_RC define to construct the other
2754     pathnames; bz#2077, ok dtucker@ (no binary change)
2755   - djm@cvs.openbsd.org 2013/04/05 00:58:51
2756     [mux.c]
2757     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
2758     (in addition to ones already in OPEN); bz#2079, ok dtucker@
2759   - markus@cvs.openbsd.org 2013/04/06 16:07:00
2760     [channels.c sshd.c]
2761     handle ECONNABORTED for accept(); ok deraadt some time ago...
2762   - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
2763     [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
2764     Add -E option to ssh and sshd to append debugging logs to a specified file
2765     instead of stderr or syslog.  ok markus@, man page help jmc@
2766   - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
2767     [sshd.8]
2768     clarify -e text. suggested by & ok jmc@
2769   - djm@cvs.openbsd.org 2013/04/11 02:27:50
2770     [packet.c]
2771     quiet disconnect notifications on the server from error() back to logit()
2772     if it is a normal client closure; bz#2057 ok+feedback dtucker@
2773   - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
2774     [session.c]
2775     revert rev 1.262; it fails because uid is already set here.  ok djm@
2776   - djm@cvs.openbsd.org 2013/04/18 02:16:07
2777     [sftp.c]
2778     make "sftp -q" do what it says on the sticker: hush everything but errors;
2779     ok dtucker@
2780   - djm@cvs.openbsd.org 2013/04/19 01:00:10
2781     [sshd_config.5]
2782     document the requirment that the AuthorizedKeysCommand be owned by root;
2783     ok dtucker@ markus@
2784   - djm@cvs.openbsd.org 2013/04/19 01:01:00
2785     [ssh-keygen.c]
2786     fix some memory leaks; bz#2088 ok dtucker@
2787   - djm@cvs.openbsd.org 2013/04/19 01:03:01
2788     [session.c]
2789     reintroduce 1.262 without the connection-killing bug:
2790     fatal() when ChrootDirectory specified by running without root privileges;
2791     ok markus@
2792   - djm@cvs.openbsd.org 2013/04/19 01:06:50
2793     [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
2794     [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
2795     add the ability to query supported ciphers, MACs, key type and KEX
2796     algorithms to ssh. Includes some refactoring of KEX and key type handling
2797     to be table-driven; ok markus@
2798   - djm@cvs.openbsd.org 2013/04/19 11:10:18
2799     [ssh.c]
2800     add -Q to usage; reminded by jmc@
2801   - djm@cvs.openbsd.org 2013/04/19 12:07:08
2802     [kex.c]
2803     remove duplicated list entry pointed out by naddy@
2804   - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
2805     [mux.c]
2806     typo in debug output: evitval->exitval
2807
280820130418
2809 - (djm) [config.guess config.sub] Update to last versions before they switch
2810   to GPL3. ok dtucker@
2811 - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
2812   unused argument warnings (in particular, -fno-builtin-memset) from clang.
2813
281420130404
2815 - (dtucker) OpenBSD CVS Sync
2816   - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
2817     [readconf.c ssh.c readconf.h sshconnect2.c]
2818     Keep track of which IndentityFile options were manually supplied and which
2819     were default options, and don't warn if the latter are missing.
2820     ok markus@
2821   - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
2822     [krl.c]
2823     Remove bogus include.  ok djm
2824   - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
2825     [ssh.c readconf.c readconf.h]
2826     Don't complain if IdentityFiles specified in system-wide configs are
2827     missing.  ok djm, deraadt.
2828   - markus@cvs.openbsd.org 2013/02/22 19:13:56
2829     [sshconnect.c]
2830     support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
2831   - djm@cvs.openbsd.org 2013/02/22 22:09:01
2832     [ssh.c]
2833     Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
2834     version)
2835
283620130401
2837 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
2838   to avoid conflicting definitions of __int64, adding the required bits.
2839   Patch from Corinna Vinschen.
2840
284120130323
2842 - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
2843
284420130322
2845 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
2846   Hands' greatly revised version.
2847 - (djm) Release 6.2p1
2848 - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
2849 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
2850   defining it again.  Prevents warnings if someone, eg, sets it in CFLAGS.
2851
285220130318
2853 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
2854   [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
2855   so mark it as broken. Patch from des AT des.no
2856
285720130317
2858 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
2859   of the bits the configure test looks for.
2860
286120130316
2862 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
2863   is unable to successfully compile them. Based on patch from des AT
2864   des.no
2865 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
2866   Add a usleep replacement for platforms that lack it; ok dtucker
2867 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
2868   occur after UID switch; patch from John Marshall via des AT des.no;
2869   ok dtucker@
2870
287120130312
2872 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
2873   Improve portability of cipher-speed test, based mostly on a patch from
2874   Iain Morgan.
2875 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
2876   in addition to root as an owner of system directories on AIX and HP-UX.
2877   ok djm@
2878
287920130307
2880 - (dtucker) [INSTALL] Bump documented autoconf version to what we're
2881   currently using.
2882 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
2883   was removed in configure.ac rev 1.481 as it was redundant.
2884 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
2885   ago.
2886 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
2887   chance to complete on broken systems; ok dtucker@
2888
288920130306
2890 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
2891  connection to start so that the test works on slower machines.
2892 - (dtucker) [configure.ac] test that we can set number of file descriptors
2893   to zero with setrlimit before enabling the rlimit sandbox.  This affects
2894   (at least) HPUX 11.11.
2895
289620130305
2897 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
2898   HP/UX. Spotted by Kevin Brott
2899 - (dtucker) [configure.ac] use "=" for shell test and not "==".  Spotted by
2900   Amit Kulkarni and Kevin Brott.
2901 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
2902   build breakage on (at least) HP-UX 11.11.  Found by Amit Kulkarni and Kevin
2903   Brott.
2904 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
2905
290620130227
2907 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2908   [contrib/suse/openssh.spec] Crank version numbers
2909 - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
2910 - (tim) [regress/integrity.sh] shell portability fix.
2911 - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
2912 - (tim) [regress/krl.sh] keep old solaris awk from hanging.
2913
291420130226
2915 - OpenBSD CVS Sync
2916   - djm@cvs.openbsd.org 2013/02/20 08:27:50
2917     [integrity.sh]
2918     Add an option to modpipe that warns if the modification offset it not
2919     reached in it's stream and turn it on for t-integrity. This should catch
2920     cases where the session is not fuzzed for being too short (cf. my last
2921     "oops" commit)
2922 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
2923   for UsePAM=yes configuration
2924
292520130225
2926 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
2927   to use Solaris native GSS libs.  Patch from Pierre Ossman.
2928
292920130223
2930 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
2931   bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
2932   ok tim
2933
293420130222
2935 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
2936   ssh(1) since they're not needed.  Patch from Pierre Ossman, ok djm.
2937 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
2938   libgss too.  Patch from Pierre Ossman, ok djm.
2939 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
2940   seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
2941   ok dtucker
2942
294320130221
2944 - (tim) [regress/forward-control.sh] shell portability fix.
2945
294620130220
2947 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
2948 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
2949   err.h include from krl.c. Additional portability fixes for modpipe. OK djm
2950 - OpenBSD CVS Sync
2951   - djm@cvs.openbsd.org 2013/02/20 08:27:50
2952     [regress/integrity.sh regress/modpipe.c]
2953     Add an option to modpipe that warns if the modification offset it not
2954     reached in it's stream and turn it on for t-integrity. This should catch
2955     cases where the session is not fuzzed for being too short (cf. my last
2956     "oops" commit)
2957   - djm@cvs.openbsd.org 2013/02/20 08:29:27
2958     [regress/modpipe.c]
2959     s/Id/OpenBSD/ in RCS tag
2960
296120130219
2962 - OpenBSD CVS Sync
2963   - djm@cvs.openbsd.org 2013/02/18 22:26:47
2964     [integrity.sh]
2965     crank the offset yet again; it was still fuzzing KEX one of Darren's
2966     portable test hosts at 2800
2967   - djm@cvs.openbsd.org 2013/02/19 02:14:09
2968     [integrity.sh]
2969     oops, forgot to increase the output of the ssh command to ensure that
2970     we actually reach $offset
2971 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
2972   lack support for SHA2.
2973 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
2974   that do not have them.
2975
297620130217
2977 - OpenBSD CVS Sync
2978   - djm@cvs.openbsd.org 2013/02/17 23:16:55
2979     [integrity.sh]
2980     make the ssh command generates some output to ensure that there are at
2981     least offset+tries bytes in the stream.
2982
298320130216
2984 - OpenBSD CVS Sync
2985   - djm@cvs.openbsd.org 2013/02/16 06:08:45
2986     [integrity.sh]
2987     make sure the fuzz offset is actually past the end of KEX for all KEX
2988     types. diffie-hellman-group-exchange-sha256 requires an offset around
2989     2700. Noticed via test failures in portable OpenSSH on platforms that
2990     lack ECC and this the more byte-frugal ECDH KEX algorithms.
2991
299220130215
2993 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
2994   Iain Morgan
2995 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
2996   Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
2997 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
2998   openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
2999   platforms that don't have it.
3000 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
3001   group strto* function prototypes together.
3002 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
3003   an argument.  Pointed out by djm.
3004 - (djm) OpenBSD CVS Sync
3005   - djm@cvs.openbsd.org 2013/02/14 21:35:59
3006     [auth2-pubkey.c]
3007     Correct error message that had a typo and was logging the wrong thing;
3008     patch from Petr Lautrbach
3009   - dtucker@cvs.openbsd.org 2013/02/15 00:21:01
3010     [sshconnect2.c]
3011     Warn more loudly if an IdentityFile provided by the user cannot be read.
3012     bz #1981, ok djm@
3013
301420130214
3015 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
3016 - (djm) [regress/krl.sh] typo; found by Iain Morgan
3017 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
3018   of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
3019   Iain Morgan
3020
302120130212
3022 - (djm) OpenBSD CVS Sync
3023   - djm@cvs.openbsd.org 2013/01/24 21:45:37
3024     [krl.c]
3025     fix handling of (unused) KRL signatures; skip string in correct buffer
3026   - djm@cvs.openbsd.org 2013/01/24 22:08:56
3027     [krl.c]
3028     skip serial lookup when cert's serial number is zero
3029   - krw@cvs.openbsd.org 2013/01/25 05:00:27
3030     [krl.c]
3031     Revert last. Breaks due to likely typo. Let djm@ fix later.
3032     ok djm@ via dlg@
3033   - djm@cvs.openbsd.org 2013/01/25 10:22:19
3034     [krl.c]
3035     redo last commit without the vi-vomit that snuck in:
3036     skip serial lookup when cert's serial number is zero
3037     (now with 100% better comment)
3038   - djm@cvs.openbsd.org 2013/01/26 06:11:05
3039     [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
3040     [openbsd-compat/openssl-compat.h]
3041     remove ACSS, now that it is gone from libcrypto too
3042   - djm@cvs.openbsd.org 2013/01/27 10:06:12
3043     [krl.c]
3044     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
3045   - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
3046     [servconf.c sshd_config sshd_config.5]
3047     Change default of MaxStartups to 10:30:100 to start doing random early
3048     drop at 10 connections up to 100 connections.  This will make it harder
3049     to DoS as CPUs have come a long way since the original value was set
3050     back in 2000.  Prompted by nion at debian org, ok markus@
3051   - dtucker@cvs.openbsd.org 2013/02/06 00:22:21
3052     [auth.c]
3053     Fix comment, from jfree.e1 at gmail
3054   - djm@cvs.openbsd.org 2013/02/08 00:41:12
3055     [sftp.c]
3056     fix NULL deref when built without libedit and control characters
3057     entered as command; debugging and patch from Iain Morgan an
3058     Loganaden Velvindron in bz#1956
3059   - markus@cvs.openbsd.org 2013/02/10 21:19:34
3060     [version.h]
3061     openssh 6.2
3062   - djm@cvs.openbsd.org 2013/02/10 23:32:10
3063     [ssh-keygen.c]
3064     append to moduli file when screening candidates rather than overwriting.
3065     allows resumption of interrupted screen; patch from Christophe Garault
3066     in bz#1957; ok dtucker@
3067   - djm@cvs.openbsd.org 2013/02/10 23:35:24
3068     [packet.c]
3069     record "Received disconnect" messages at ERROR rather than INFO priority,
3070     since they are abnormal and result in a non-zero ssh exit status; patch
3071     from Iain Morgan in bz#2057; ok dtucker@
3072   - dtucker@cvs.openbsd.org 2013/02/11 21:21:58
3073     [sshd.c]
3074     Add openssl version to debug output similar to the client.  ok markus@
3075   - djm@cvs.openbsd.org 2013/02/11 23:58:51
3076     [regress/try-ciphers.sh]
3077     remove acss here too
3078 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
3079
308020130211
3081 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
3082   libcrypto that lacks EVP_CIPHER_CTX_ctrl
3083
308420130208
3085 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
3086   patch from Iain Morgan in bz#2059
3087 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
3088   __attribute__ on return values and work around if necessary.  ok djm@
3089
309020130207
3091 - (djm) [configure.ac] Don't probe seccomp capability of running kernel
3092   at configure time; the seccomp sandbox will fall back to rlimit at
3093   runtime anyway. Patch from plautrba AT redhat.com in bz#2011
3094
309520130120
3096 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
3097   Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
3098   prototypes for openssl-1.0.0-fips.
3099 - (djm) OpenBSD CVS Sync
3100   - jmc@cvs.openbsd.org 2013/01/18 07:57:47
3101     [ssh-keygen.1]
3102     tweak previous;
3103   - jmc@cvs.openbsd.org 2013/01/18 07:59:46
3104     [ssh-keygen.c]
3105     -u before -V in usage();
3106   - jmc@cvs.openbsd.org 2013/01/18 08:00:49
3107     [sshd_config.5]
3108     tweak previous;
3109   - jmc@cvs.openbsd.org 2013/01/18 08:39:04
3110     [ssh-keygen.1]
3111     add -Q to the options list; ok djm
3112   - jmc@cvs.openbsd.org 2013/01/18 21:48:43
3113     [ssh-keygen.1]
3114     command-line (adj.) -> command line (n.);
3115   - jmc@cvs.openbsd.org 2013/01/19 07:13:25
3116     [ssh-keygen.1]
3117     fix some formatting; ok djm
3118   - markus@cvs.openbsd.org 2013/01/19 12:34:55
3119     [krl.c]
3120     RB_INSERT does not remove existing elments; ok djm@
3121 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
3122   version.
3123 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
3124
312520130118
3126 - (djm) OpenBSD CVS Sync
3127   - djm@cvs.openbsd.org 2013/01/17 23:00:01
3128     [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
3129     [krl.c krl.h PROTOCOL.krl]
3130     add support for Key Revocation Lists (KRLs). These are a compact way to
3131     represent lists of revoked keys and certificates, taking as little as
3132     a single bit of incremental cost to revoke a certificate by serial number.
3133     KRLs are loaded via the existing RevokedKeys sshd_config option.
3134     feedback and ok markus@
3135   - djm@cvs.openbsd.org 2013/01/18 00:45:29
3136     [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
3137     Tests for Key Revocation Lists (KRLs)
3138   - djm@cvs.openbsd.org 2013/01/18 03:00:32
3139     [krl.c]
3140     fix KRL generation bug for list sections
3141
314220130117
3143 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
3144   check for GCM support before testing GCM ciphers.
3145
314620130112
3147 - (djm) OpenBSD CVS Sync
3148   - djm@cvs.openbsd.org 2013/01/12 11:22:04
3149     [cipher.c]
3150     improve error message for integrity failure in AES-GCM modes; ok markus@
3151   - djm@cvs.openbsd.org 2013/01/12 11:23:53
3152     [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
3153     test AES-GCM modes; feedback markus@
3154 - (djm) [regress/integrity.sh] repair botched merge
3155
315620130109
3157 - (djm) OpenBSD CVS Sync
3158   - dtucker@cvs.openbsd.org 2012/12/14 05:26:43
3159     [auth.c]
3160     use correct string in error message; from rustybsd at gmx.fr
3161   - djm@cvs.openbsd.org 2013/01/02 00:32:07
3162     [clientloop.c mux.c]
3163     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
3164     bz#2055 reported by mathieu.lacage AT gmail.com
3165   - djm@cvs.openbsd.org 2013/01/02 00:33:49
3166     [PROTOCOL.agent]
3167     correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
3168     bz#2051 from david AT lechnology.com
3169   - djm@cvs.openbsd.org 2013/01/03 05:49:36
3170     [servconf.h]
3171     add a couple of ServerOptions members that should be copied to the privsep
3172     child (for consistency, in this case they happen only to be accessed in
3173     the monitor); ok dtucker@
3174   - djm@cvs.openbsd.org 2013/01/03 12:49:01
3175     [PROTOCOL]
3176     fix description of MAC calculation for EtM modes; ok markus@
3177   - djm@cvs.openbsd.org 2013/01/03 12:54:49
3178     [sftp-server.8 sftp-server.c]
3179     allow specification of an alternate start directory for sftp-server(8)
3180     "I like this" markus@
3181   - djm@cvs.openbsd.org 2013/01/03 23:22:58
3182     [ssh-keygen.c]
3183     allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
3184     ok markus@
3185   - jmc@cvs.openbsd.org 2013/01/04 19:26:38
3186     [sftp-server.8 sftp-server.c]
3187     sftp-server.8: add argument name to -d
3188     sftp-server.c: add -d to usage()
3189     ok djm
3190   - markus@cvs.openbsd.org 2013/01/08 18:49:04
3191     [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
3192     [myproposal.h packet.c ssh_config.5 sshd_config.5]
3193     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
3194     ok and feedback djm@
3195   - djm@cvs.openbsd.org 2013/01/09 05:40:17
3196     [ssh-keygen.c]
3197     correctly initialise fingerprint type for fingerprinting PKCS#11 keys
3198 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
3199   Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
3200   cipher compat code to openssl-compat.h
3201
320220121217
3203 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
3204   tests will work with VPATH directories.
3205
320620121213
3207 - (djm) OpenBSD CVS Sync
3208   - markus@cvs.openbsd.org 2012/12/12 16:45:52
3209     [packet.c]
3210     reset incoming_packet buffer for each new packet in EtM-case, too;
3211     this happens if packets are parsed only parially (e.g. ignore
3212     messages sent when su/sudo turn off echo); noted by sthen/millert
3213   - naddy@cvs.openbsd.org 2012/12/12 16:46:10
3214     [cipher.c]
3215     use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
3216     counter mode code; ok djm@
3217 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
3218   compat code for older OpenSSL
3219 - (djm) [cipher.c] Fix missing prototype for compat code
3220
322120121212
3222 - (djm) OpenBSD CVS Sync
3223   - markus@cvs.openbsd.org 2012/12/11 22:16:21
3224     [monitor.c]
3225     drain the log messages after receiving the keystate from the unpriv
3226     child. otherwise it might block while sending. ok djm@
3227   - markus@cvs.openbsd.org 2012/12/11 22:31:18
3228     [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
3229     [packet.c ssh_config.5 sshd_config.5]
3230     add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
3231     that change the packet format and compute the MAC over the encrypted
3232     message (including the packet size) instead of the plaintext data;
3233     these EtM modes are considered more secure and used by default.
3234     feedback and ok djm@
3235   - sthen@cvs.openbsd.org 2012/12/11 22:51:45
3236     [mac.c]
3237     fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
3238   - markus@cvs.openbsd.org 2012/12/11 22:32:56
3239     [regress/try-ciphers.sh]
3240     add etm modes
3241   - markus@cvs.openbsd.org 2012/12/11 22:42:11
3242     [regress/Makefile regress/modpipe.c regress/integrity.sh]
3243     test the integrity of the packets; with djm@
3244   - markus@cvs.openbsd.org 2012/12/11 23:12:13
3245     [try-ciphers.sh]
3246     add hmac-ripemd160-etm@openssh.com
3247 - (djm) [mac.c] fix merge botch
3248 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
3249   work on platforms without 'jot'
3250 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
3251 - (djm) [regress/Makefile] fix t-exec rule
3252
325320121207
3254 - (dtucker) OpenBSD CVS Sync
3255   - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
3256     [regress/keys-command.sh]
3257     Fix some problems with the keys-command test:
3258      - use string comparison rather than numeric comparison
3259      - check for existing KEY_COMMAND file and don't clobber if it exists
3260      - clean up KEY_COMMAND file if we do create it.
3261      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
3262        is mounted noexec).
3263     ok djm.
3264   - jmc@cvs.openbsd.org 2012/12/03 08:33:03
3265     [ssh-add.1 sshd_config.5]
3266     tweak previous;
3267   - markus@cvs.openbsd.org 2012/12/05 15:42:52
3268     [ssh-add.c]
3269     prevent double-free of comment; ok djm@
3270   - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
3271     [serverloop.c]
3272     Cast signal to int for logging.  A no-op on openbsd (they're always ints)
3273     but will prevent warnings in portable.  ok djm@
3274
327520121205
3276 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
3277
327820121203
3279 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
3280   TAILQ_FOREACH_SAFE needed for upcoming changes.
3281 - (djm) OpenBSD CVS Sync
3282   - djm@cvs.openbsd.org 2012/12/02 20:26:11
3283     [ssh_config.5 sshconnect2.c]
3284     Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
3285     This allows control of which keys are offered from tokens using
3286     IdentityFile. ok markus@
3287   - djm@cvs.openbsd.org 2012/12/02 20:42:15
3288     [ssh-add.1 ssh-add.c]
3289     make deleting explicit keys "ssh-add -d" symmetric with adding keys -
3290     try to delete the corresponding certificate too and respect the -k option
3291     to allow deleting of the key only; feedback and ok markus@
3292   - djm@cvs.openbsd.org 2012/12/02 20:46:11
3293     [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
3294     [sshd_config.5]
3295     make AllowTcpForwarding accept "local" and "remote" in addition to its
3296     current "yes"/"no" to allow the server to specify whether just local or
3297     remote TCP forwarding is enabled. ok markus@
3298   - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
3299     [regress/cipher-speed.sh regress/try-ciphers.sh]
3300     Add umac-128@openssh.com to the list of MACs to be tested
3301   - djm@cvs.openbsd.org 2012/10/19 05:10:42
3302     [regress/cert-userkey.sh]
3303     include a serial number when generating certs
3304   - djm@cvs.openbsd.org 2012/11/22 22:49:30
3305     [regress/Makefile regress/keys-command.sh]
3306     regress for AuthorizedKeysCommand; hints from markus@
3307   - djm@cvs.openbsd.org 2012/12/02 20:47:48
3308     [Makefile regress/forward-control.sh]
3309     regress for AllowTcpForwarding local/remote; ok markus@
3310   - djm@cvs.openbsd.org 2012/12/03 00:14:06
3311     [auth2-chall.c ssh-keygen.c]
3312     Fix compilation with -Wall -Werror (trivial type fixes)
3313 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
3314   debugging. ok dtucker@
3315 - (djm) [configure.ac] Revert previous. configure.ac already does this
3316   for us.
3317
331820121114
3319 - (djm) OpenBSD CVS Sync
3320   - djm@cvs.openbsd.org 2012/11/14 02:24:27
3321     [auth2-pubkey.c]
3322     fix username passed to helper program
3323     prepare stdio fds before closefrom()
3324     spotted by landry@
3325   - djm@cvs.openbsd.org 2012/11/14 02:32:15
3326     [ssh-keygen.c]
3327     allow the full range of unsigned serial numbers; 'fine' deraadt@
3328   - djm@cvs.openbsd.org 2012/12/02 20:34:10
3329     [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
3330     [monitor.c monitor.h]
3331     Fixes logging of partial authentication when privsep is enabled
3332     Previously, we recorded "Failed xxx" since we reset authenticated before
3333     calling auth_log() in auth2.c. This adds an explcit "Partial" state.
3334
3335     Add a "submethod" to auth_log() to report which submethod is used
3336     for keyboard-interactive.
3337
3338     Fix multiple authentication when one of the methods is
3339     keyboard-interactive.
3340
3341     ok markus@
3342   - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
3343     [regress/multiplex.sh]
3344     Use 'kill -0' to test for the presence of a pid since it's more portable
3345
334620121107
3347 - (djm) OpenBSD CVS Sync
3348   - eric@cvs.openbsd.org 2011/11/28 08:46:27
3349     [moduli.5]
3350     fix formula
3351     ok djm@
3352   - jmc@cvs.openbsd.org 2012/09/26 17:34:38
3353     [moduli.5]
3354     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
3355     references into a STANDARDS section;
3356
335720121105
3358 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
3359   openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
3360   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
3361   and gids from uidswap.c to the compat library, which allows it to work with
3362   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
3363 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
3364   don't have it.  Spotted by tim@.
3365
336620121104
3367 - (djm) OpenBSD CVS Sync
3368   - jmc@cvs.openbsd.org 2012/10/31 08:04:50
3369     [sshd_config.5]
3370     tweak previous;
3371   - djm@cvs.openbsd.org 2012/11/04 10:38:43
3372     [auth2-pubkey.c sshd.c sshd_config.5]
3373     Remove default of AuthorizedCommandUser. Administrators are now expected
3374     to explicitly specify a user. feedback and ok markus@
3375   - djm@cvs.openbsd.org 2012/11/04 11:09:15
3376     [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
3377     [sshd_config.5]
3378     Support multiple required authentication via an AuthenticationMethods
3379     option. This option lists one or more comma-separated lists of
3380     authentication method names. Successful completion of all the methods in
3381     any list is required for authentication to complete;
3382     feedback and ok markus@
3383
338420121030
3385 - (djm) OpenBSD CVS Sync
3386   - markus@cvs.openbsd.org 2012/10/05 12:34:39
3387     [sftp.c]
3388     fix signed vs unsigned warning; feedback & ok: djm@
3389   - djm@cvs.openbsd.org 2012/10/30 21:29:55
3390     [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
3391     [sshd.c sshd_config sshd_config.5]
3392     new sshd_config option AuthorizedKeysCommand to support fetching
3393     authorized_keys from a command in addition to (or instead of) from
3394     the filesystem. The command is run as the target server user unless
3395     another specified via a new AuthorizedKeysCommandUser option.
3396
3397     patch originally by jchadima AT redhat.com, reworked by me; feedback
3398     and ok markus@
3399
340020121019
3401 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
3402   the generated file as intended.
3403
340420121005
3405 - (dtucker) OpenBSD CVS Sync
3406   - djm@cvs.openbsd.org 2012/09/17 09:54:44
3407     [sftp.c]
3408     an XXX for later
3409   - markus@cvs.openbsd.org 2012/09/17 13:04:11
3410     [packet.c]
3411     clear old keys on rekeing; ok djm
3412   - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
3413     [sftp.c]
3414     Add bounds check on sftp tab-completion.  Part of a patch from from
3415     Jean-Marc Robert via tech@, ok djm
3416   - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
3417     [sftp.c]
3418     Fix improper handling of absolute paths when PWD is part of the completed
3419     path.  Patch from Jean-Marc Robert via tech@, ok djm.
3420  - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
3421     [sftp.c]
3422     Fix handling of filenames containing escaped globbing characters and
3423     escape "#" and "*".  Patch from Jean-Marc Robert via tech@, ok djm.
3424   - jmc@cvs.openbsd.org 2012/09/26 16:12:13
3425     [ssh.1]
3426     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
3427     references into a STANDARDS section;
3428   - naddy@cvs.openbsd.org 2012/10/01 13:59:51
3429     [monitor_wrap.c]
3430     pasto; ok djm@
3431   - djm@cvs.openbsd.org 2012/10/02 07:07:45
3432     [ssh-keygen.c]
3433     fix -z option, broken in revision 1.215
3434   - markus@cvs.openbsd.org 2012/10/04 13:21:50
3435     [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
3436     add umac128 variant; ok djm@ at n2k12
3437  - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
3438     [regress/try-ciphers.sh]
3439     Restore missing space.  (Id sync only).
3440   - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
3441     [regress/multiplex.sh]
3442     Add test for ssh -Ostop
3443   - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
3444     [regress/multiplex.sh]
3445     Log -O cmd output to the log file and make logging consistent with the
3446     other tests.  Test clean shutdown of an existing channel when testing
3447     "stop".
3448   - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
3449     [regress/multiplex.sh]
3450     use -Ocheck and waiting for completions by PID to make multiplexing test
3451     less racy and (hopefully) more reliable on slow hardware.
3452 - [Makefile umac.c] Add special-case target to build umac128.o.
3453 - [umac.c] Enforce allowed umac output sizes.  From djm@.
3454 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
3455
345620120917
3457 - (dtucker) OpenBSD CVS Sync
3458   - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
3459     [servconf.c]
3460     Fix comment line length
3461   - markus@cvs.openbsd.org 2012/09/14 16:51:34
3462     [sshconnect.c]
3463     remove unused variable
3464
346520120907
3466 - (dtucker) OpenBSD CVS Sync
3467   - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
3468     [clientloop.c]
3469     Make the escape command help (~?) context sensitive so that only commands
3470     that will work in the current session are shown.  ok markus@
3471   - jmc@cvs.openbsd.org 2012/09/06 13:57:42
3472     [ssh.1]
3473     missing letter in previous;
3474   - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
3475     [clientloop.c]
3476     Print '^Z' instead of a raw ^Z when the sequence is not supported.  ok djm@
3477   - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
3478     [clientloop.c]
3479     Merge escape help text for ~v and ~V; ok djm@
3480   - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
3481     [clientloop.c]
3482     when muxmaster is run with -N, make it shut down gracefully when a client
3483     sends it "-O stop" rather than hanging around (bz#1985).  ok djm@
3484
348520120906
3486 - (dtucker) OpenBSD CVS Sync
3487   - jmc@cvs.openbsd.org 2012/08/15 18:25:50
3488     [ssh-keygen.1]
3489     a little more info on certificate validity;
3490     requested by Ross L Richardson, and provided by djm
3491   - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
3492     [clientloop.c clientloop.h mux.c]
3493     Force a clean shutdown of ControlMaster client sessions when the ~. escape
3494     sequence is used.  This means that ~. should now work in mux clients even
3495     if the server is no longer responding.  Found by tedu, ok djm.
3496   - djm@cvs.openbsd.org 2012/08/17 01:22:56
3497     [kex.c]
3498     add some comments about better handling first-KEX-follows notifications
3499     from the server. Nothing uses these right now. No binary change
3500   - djm@cvs.openbsd.org 2012/08/17 01:25:58
3501     [ssh-keygen.c]
3502     print details of which host lines were deleted when using
3503     "ssh-keygen -R host"; ok markus@
3504   - djm@cvs.openbsd.org 2012/08/17 01:30:00
3505     [compat.c sshconnect.c]
3506     Send client banner immediately, rather than waiting for the server to
3507     move first for SSH protocol 2 connections (the default). Patch based on
3508     one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
3509   - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
3510     [clientloop.c log.c ssh.1 log.h]
3511     Add ~v and ~V escape sequences to raise and lower the logging level
3512     respectively. Man page help from jmc, ok deraadt jmc
3513
351420120830
3515 - (dtucker) [moduli] Import new moduli file.
3516
351720120828
3518 - (djm) Release openssh-6.1
3519
352020120828
3521 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
3522   for compatibility with future mingw-w64 headers.  Patch from vinschen at
3523   redhat com.
3524
352520120822
3526 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3527   [contrib/suse/openssh.spec] Update version numbers
3528
352920120731
3530 - (djm) OpenBSD CVS Sync
3531   - jmc@cvs.openbsd.org 2012/07/06 06:38:03
3532     [ssh-keygen.c]
3533     missing full stop in usage();
3534   - djm@cvs.openbsd.org 2012/07/10 02:19:15
3535     [servconf.c servconf.h sshd.c sshd_config]
3536     Turn on systrace sandboxing of pre-auth sshd by default for new installs
3537     by shipping a config that overrides the current UsePrivilegeSeparation=yes
3538     default. Make it easier to flip the default in the future by adding too.
3539     prodded markus@ feedback dtucker@ "get it in" deraadt@
3540   - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
3541     [servconf.c]
3542     handle long comments in config files better.  bz#2025, ok markus
3543   - markus@cvs.openbsd.org 2012/07/22 18:19:21
3544     [version.h]
3545     openssh 6.1
3546
354720120720
3548 - (dtucker) Import regened moduli file.
3549
355020120706
3551 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
3552   not available. Allows use of sshd compiled on host with a filter-capable
3553   kernel on hosts that lack the support. bz#2011 ok dtucker@
3554 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
3555   unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
3556   esperi.org.uk; ok dtucker@
3557- (djm) OpenBSD CVS Sync
3558   - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
3559     [moduli.c ssh-keygen.1 ssh-keygen.c]
3560     Add options to specify starting line number and number of lines to process
3561     when screening moduli candidates.  This allows processing of different
3562     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
3563   - djm@cvs.openbsd.org 2012/07/06 01:37:21
3564     [mux.c]
3565     fix memory leak of passed-in environment variables and connection
3566     context when new session message is malformed; bz#2003 from Bert.Wesarg
3567     AT googlemail.com
3568   - djm@cvs.openbsd.org 2012/07/06 01:47:38
3569     [ssh.c]
3570     move setting of tty_flag to after config parsing so RequestTTY options
3571     are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
3572     ok dtucker@
3573
357420120704
3575 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
3576   platforms that don't have it.  "looks good" tim@
3577
357820120703
3579 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
3580   setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
3581 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
3582   setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported.  Its
3583   benefit is minor, so it's not worth disabling the sandbox if it doesn't
3584   work.
3585
358620120702
3587- (dtucker) OpenBSD CVS Sync
3588   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
3589     [ssh_config.5 sshd_config.5]
3590     match the documented MAC order of preference to the actual one;
3591     ok dtucker@
3592   - markus@cvs.openbsd.org 2012/06/30 14:35:09
3593     [sandbox-systrace.c sshd.c]
3594     fix a during the load of the sandbox policies (child can still make
3595     the read-syscall and wait forever for systrace-answers) by replacing
3596     the read/write synchronisation with SIGSTOP/SIGCONT;
3597     report and help hshoexer@; ok djm@, dtucker@
3598   - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
3599     [ssh.c]
3600     set interactive ToS for forwarded X11 sessions.  ok djm@
3601   - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
3602     [ssh-pkcs11-helper.c sftp-client.c]
3603     fix a couple of "assigned but not used" warnings.  ok markus@
3604   - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
3605     [regress/connect-privsep.sh]
3606     remove exit from end of test since it prevents reporting failure
3607 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
3608   Move cygwin detection to test-exec and use to skip reexec test on cygwin.
3609 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
3610
361120120629
3612 - OpenBSD CVS Sync
3613   - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
3614     [addrmatch.c]
3615     fix strlcpy truncation check.  from carsten at debian org, ok markus
3616   - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
3617     [monitor.c sshconnect2.c]
3618     remove dead code following 'for (;;)' loops.
3619     From Steve.McClellan at radisys com, ok markus@
3620   - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
3621     [sftp.c]
3622     Remove unused variable leftover from tab-completion changes.
3623     From Steve.McClellan at radisys com, ok markus@
3624   - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
3625     [sandbox-systrace.c]
3626     Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
3627     sandbox" since malloc now uses it.  From johnw.mail at gmail com.
3628   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
3629     [mac.c myproposal.h ssh_config.5 sshd_config.5]
3630     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
3631     from draft6 of the spec and will not be in the RFC when published.  Patch
3632     from mdb at juniper net via bz#2023, ok markus.
3633   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
3634     [ssh_config.5 sshd_config.5]
3635     match the documented MAC order of preference to the actual one; ok dtucker@
3636   - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
3637     [regress/addrmatch.sh]
3638     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
3639     to match.  Feedback and ok djm@ markus@.
3640   - djm@cvs.openbsd.org 2012/06/01 00:47:35
3641     [regress/multiplex.sh regress/forwarding.sh]
3642     append to rather than truncate test log; bz#2013 from openssh AT
3643     roumenpetrov.info
3644   - djm@cvs.openbsd.org 2012/06/01 00:52:52
3645     [regress/sftp-cmds.sh]
3646     don't delete .* on cleanup due to unintended env expansion; pointed out in
3647     bz#2014 by openssh AT roumenpetrov.info
3648   - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
3649     [regress/connect-privsep.sh]
3650     test sandbox with every malloc option
3651   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
3652     [regress/try-ciphers.sh regress/cipher-speed.sh]
3653     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
3654     from draft6 of the spec and will not be in the RFC when published.  Patch
3655     from mdb at juniper net via bz#2023, ok markus.
3656 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
3657 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
3658   the required functions in libcrypto.
3659
366020120628
3661 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
3662   pointer deref in the client when built with LDNS and using DNSSEC with a
3663   CNAME.  Patch from gregdlg+mr at hochet info.
3664
366520120622
3666 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
3667   can logon as a service.  Patch from vinschen at redhat com.
3668
366920120620
3670 - (djm) OpenBSD CVS Sync
3671   - djm@cvs.openbsd.org 2011/12/02 00:41:56
3672     [mux.c]
3673     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
3674     ok dtucker@
3675   - djm@cvs.openbsd.org 2011/12/04 23:16:12
3676     [mux.c]
3677     revert:
3678     > revision 1.32
3679     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
3680     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
3681     > ok dtucker@
3682     it interacts badly with ControlPersist
3683   - djm@cvs.openbsd.org 2012/01/07 21:11:36
3684     [mux.c]
3685     fix double-free in new session handler
3686     NB. Id sync only
3687   - djm@cvs.openbsd.org 2012/05/23 03:28:28
3688     [dns.c dns.h key.c key.h ssh-keygen.c]
3689     add support for RFC6594 SSHFP DNS records for ECDSA key types.
3690     patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
3691     (Original authors Ondřej Surý,  Ondřej Caletka and Daniel Black)
3692   - djm@cvs.openbsd.org 2012/06/01 00:49:35
3693     [PROTOCOL.mux]
3694     correct types of port numbers (integers, not strings); bz#2004 from
3695     bert.wesarg AT googlemail.com
3696   - djm@cvs.openbsd.org 2012/06/01 01:01:22
3697     [mux.c]
3698     fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
3699     AT googlemail.com
3700   - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
3701     [jpake.c]
3702     correct sizeof usage.  patch from saw at online.de, ok deraadt
3703   - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
3704     [ssh_config.5]
3705     RSA instead of DSA twice.  From Steve.McClellan at radisys com
3706   - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
3707     [ssh.1 sshd.8]
3708     Remove mention of 'three' key files since there are now four.  From
3709     Steve.McClellan at radisys com.
3710   - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
3711     [ssh.1]
3712     Clarify description of -W.  Noted by Steve.McClellan at radisys com,
3713     ok jmc
3714   - markus@cvs.openbsd.org 2012/06/19 18:25:28
3715     [servconf.c servconf.h sshd_config.5]
3716     sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
3717     this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
3718     ok djm@ (back in March)
3719   - jmc@cvs.openbsd.org 2012/06/19 21:35:54
3720     [sshd_config.5]
3721     tweak previous; ok markus
3722   - djm@cvs.openbsd.org 2012/06/20 04:42:58
3723     [clientloop.c serverloop.c]
3724     initialise accept() backoff timer to avoid EINVAL from select(2) in
3725     rekeying
3726
372720120519
3728 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct.  Patch
3729   from cjwatson at debian org.
3730 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
3731   pkg-config so it does the right thing when cross-compiling.  Patch from
3732   cjwatson at debian org.
3733- (dtucker) OpenBSD CVS Sync
3734   - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
3735     [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
3736     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
3737     to match.  Feedback and ok djm@ markus@.
3738   - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
3739     [sshd_config.5]
3740     Document PermitOpen none.  bz#2001, patch from Loganaden Velvindron
3741
374220120504
3743 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
3744   to fix building on some plaforms.  Fom bowman at math utah edu and
3745   des at des no.
3746
374720120427
3748 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
3749   platform rather than exiting early, so that we still clean up and return
3750   success or failure to test-exec.sh
3751
375220120426
3753 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
3754   via Niels
3755 - (djm) [auth-krb5.c] Save errno across calls that might modify it;
3756   ok dtucker@
3757
375820120423
3759 - OpenBSD CVS Sync
3760   - djm@cvs.openbsd.org 2012/04/23 08:18:17
3761     [channels.c]
3762     fix function proto/source mismatch
3763
376420120422
3765 - OpenBSD CVS Sync
3766   - djm@cvs.openbsd.org 2012/02/29 11:21:26
3767     [ssh-keygen.c]
3768     allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
3769   - guenther@cvs.openbsd.org 2012/03/15 03:10:27
3770     [session.c]
3771     root should always be excluded from the test for /etc/nologin instead
3772     of having it always enforced even when marked as ignorenologin.  This
3773     regressed when the logic was incompletely flipped around in rev 1.251
3774     ok halex@ millert@
3775   - djm@cvs.openbsd.org 2012/03/28 07:23:22
3776     [PROTOCOL.certkeys]
3777     explain certificate extensions/crit split rationale. Mention requirement
3778     that each appear at most once per cert.
3779   - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
3780     [channels.c channels.h servconf.c]
3781     Add PermitOpen none option based on patch from Loganaden Velvindron
3782     (bz #1949).  ok djm@
3783   - djm@cvs.openbsd.org 2012/04/11 13:16:19
3784     [channels.c channels.h clientloop.c serverloop.c]
3785     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
3786     while; ok deraadt@ markus@
3787   - djm@cvs.openbsd.org 2012/04/11 13:17:54
3788     [auth.c]
3789     Support "none" as an argument for AuthorizedPrincipalsFile to indicate
3790     no file should be read.
3791   - djm@cvs.openbsd.org 2012/04/11 13:26:40
3792     [sshd.c]
3793     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
3794     while; ok deraadt@ markus@
3795   - djm@cvs.openbsd.org 2012/04/11 13:34:17
3796     [ssh-keyscan.1 ssh-keyscan.c]
3797     now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
3798     look for them by default; bz#1971
3799   - djm@cvs.openbsd.org 2012/04/12 02:42:32
3800     [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
3801     VersionAddendum option to allow server operators to append some arbitrary
3802     text to the SSH-... banner; ok deraadt@ "don't care" markus@
3803   - djm@cvs.openbsd.org 2012/04/12 02:43:55
3804     [sshd_config sshd_config.5]
3805     mention AuthorizedPrincipalsFile=none default
3806   - djm@cvs.openbsd.org 2012/04/20 03:24:23
3807     [sftp.c]
3808     setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
3809   - jmc@cvs.openbsd.org 2012/04/20 16:26:22
3810     [ssh.1]
3811     use "brackets" instead of "braces", for consistency;
3812
381320120420
3814 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3815   [contrib/suse/openssh.spec] Update for release 6.0
3816 - (djm) [README] Update URL to release notes.
3817 - (djm) Release openssh-6.0
3818