120131006 2 - (djm) Release OpenSSH-6.7 3 420141003 5 - (djm) [sshd_config.5] typo; from Iain Morgan 6 720141001 8 - (djm) [openbsd-compat/Makefile.in openbsd-compat/kludge-fd_set.c] 9 [openbsd-compat/openbsd-compat.h] Kludge around bad glibc 10 _FORTIFY_SOURCE check that doesn't grok heap-allocated fd_sets; 11 ok dtucker@ 12 1320140910 14 - (djm) [sandbox-seccomp-filter.c] Allow mremap and exit for DietLibc; 15 patch from Felix von Leitner; ok dtucker 16 1720140908 18 - (dtucker) [INSTALL] Update info about egd. ok djm@ 19 2020140904 21 - (djm) [openbsd-compat/arc4random.c] Zero seed after keying PRNG 22 2320140903 24 - (djm) [defines.h sshbuf.c] Move __predict_true|false to defines.h and 25 conditionalise to avoid duplicate definition. 26 - (djm) [contrib/cygwin/ssh-host-config] Fix old code leading to 27 permissions/ACLs; from Corinna Vinschen 28 2920140830 30 - (djm) [openbsd-compat/openssl-compat.h] add 31 OPENSSL_[RD]SA_MAX_MODULUS_BITS defines for OpenSSL that lacks them 32 - (djm) [misc.c] Missing newline between functions 33 - (djm) [openbsd-compat/openssl-compat.h] add include guard 34 - (djm) [Makefile.in] Make TEST_SHELL a variable; "good idea" tim@ 35 3620140827 37 - (djm) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] 38 [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] 39 [regress/unittests/sshkey/common.c] 40 [regress/unittests/sshkey/test_file.c] 41 [regress/unittests/sshkey/test_fuzz.c] 42 [regress/unittests/sshkey/test_sshkey.c] Don't include openssl/ec.h 43 on !ECC OpenSSL systems 44 - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth 45 monitor, not preauth; bz#2263 46 - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero() 47 using memset_s() where possible; improve fallback to indirect bzero 48 via a volatile pointer to give it more of a chance to avoid being 49 optimised away. 50 5120140825 52 - (djm) [bufec.c] Skip this file on !ECC OpenSSL 53 - (djm) [INSTALL] Recommend libcrypto be built -fPIC, mention LibreSSL, 54 update OpenSSL version requirement. 55 5620140824 57 - (djm) [sftp-server.c] Some systems (e.g. Irix) have prctl() but not 58 PR_SET_DUMPABLE, so adjust ifdef; reported by Tom Christensen 59 6020140823 61 - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on 62 lastlog writing on platforms with high UIDs; bz#2263 63 - (djm) [configure.ac] We now require a working vsnprintf everywhere (not 64 just for systems that lack asprintf); check for it always and extend 65 test to catch more brokenness. Fixes builds on Solaris <= 9 66 6720140822 68 - (djm) [configure.ac] include leading zero characters in OpenSSL version 69 number; fixes test for unsupported versions 70 - (djm) [sshbuf-getput-crypto.c] Fix compilation when OpenSSL lacks ECC 71 - (djm) [openbsd-compat/bsd-snprintf.c] Fix compilation failure (prototype/ 72 definition mismatch) and warning for broken/missing snprintf case. 73 - (djm) [configure.ac] double braces to appease autoconf 74 7520140821 76 - (djm) [Makefile.in] fix reference to libtest_helper.a in sshkey test too. 77 - (djm) [key.h] Fix ifdefs for no-ECC OpenSSL 78 - (djm) [regress/unittests/test_helper/test_helper.c] Fix for systems that 79 don't set __progname. Diagnosed by Tom Christensen. 80 8120140820 82 - (djm) [configure.ac] Check OpenSSL version is supported at configure time; 83 suggested by Kevin Brott 84 - (djm) [Makefile.in] refer to libtest_helper.a by explicit path rather than 85 -L/-l; fixes linking problems on some platforms 86 - (djm) [sshkey.h] Fix compilation when OpenSSL lacks ECC 87 - (djm) [contrib/cygwin/README] Correct build instructions; from Corinna 88 8920140819 90 - (djm) [serverloop.c] Fix syntax error on Cygwin; from Corinna Vinschen 91 - (djm) [sshbuf.h] Fix compilation on systems without OPENSSL_HAS_ECC. 92 - (djm) [ssh-dss.c] Include openssl/dsa.h for DSA_SIG 93 - (djm) [INSTALL contrib/caldera/openssh.spec contrib/cygwin/README] 94 [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Remove mentions 95 of TCP wrappers. 96 9720140811 98 - (djm) [myproposal.h] Make curve25519 KEX dependent on 99 HAVE_EVP_SHA256 instead of OPENSSL_HAS_ECC. 100 10120140810 102 - (djm) [README contrib/caldera/openssh.spec] 103 [contrib/redhat/openssh.spec contrib/suse/openssh.spec] Update versions 104 10520140801 106 - (djm) [regress/multiplex.sh] Skip test for non-OpenBSD netcat. We need 107 a better solution, but this will have to do for now. 108 - (djm) [regress/multiplex.sh] Instruct nc not to quit as soon as stdin 109 is closed; avoid regress failures when stdin is /dev/null 110 - (djm) [regress/multiplex.sh] Use -d (detach stdin) flag to disassociate 111 nc from stdin, it's more portable 112 11320140730 114 - OpenBSD CVS Sync 115 - millert@cvs.openbsd.org 2014/07/24 22:57:10 116 [ssh.1] 117 Mention UNIX-domain socket forwarding too. OK jmc@ deraadt@ 118 - dtucker@cvs.openbsd.org 2014/07/25 21:22:03 119 [ssh-agent.c] 120 Clear buffer used for handling messages. This prevents keys being 121 left in memory after they have been expired or deleted in some cases 122 (but note that ssh-agent is setgid so you would still need root to 123 access them). Pointed out by Kevin Burns, ok deraadt 124 - schwarze@cvs.openbsd.org 2014/07/28 15:40:08 125 [sftp-server.8 sshd_config.5] 126 some systems no longer need /dev/log; 127 issue noticed by jirib; 128 ok deraadt 129 13020140725 131 - (djm) [regress/multiplex.sh] restore incorrectly deleted line; 132 pointed out by Christian Hesse 133 13420140722 135 - (djm) [regress/multiplex.sh] ssh mux master lost -N somehow; 136 put it back 137 - (djm) [regress/multiplex.sh] change the test for still-open Unix 138 domain sockets to be robust against nc implementations that produce 139 error messages. 140 - (dtucker) [regress/unittests/sshkey/test_{file,fuzz,sshkey}.c] Wrap ecdsa- 141 specific tests inside OPENSSL_HAS_ECC. 142 - (dtucker) OpenBSD CVS Sync 143 - dtucker@cvs.openbsd.org 2014/07/22 01:18:50 144 [key.c] 145 Prevent spam from key_load_private_pem during hostbased auth. ok djm@ 146 - guenther@cvs.openbsd.org 2014/07/22 07:13:42 147 [umac.c] 148 Convert from <sys/endian.h> to the shiney new <endian.h> 149 ok dtucker@, who also confirmed that -portable handles this already 150 (ID sync only, includes.h pulls in endian.h if available.) 151 - djm@cvs.openbsd.org 2014/07/22 01:32:12 152 [regress/multiplex.sh] 153 change the test for still-open Unix domain sockets to be robust against 154 nc implementations that produce error messages. from -portable 155 (Id sync only) 156 - dtucker@cvs.openbsd.org 2014/07/22 23:23:22 157 [regress/unittests/sshkey/mktestdata.sh] 158 Sign test certs with ed25519 instead of ecdsa so that they'll work in 159 -portable on platforms that don't have ECDSA in their OpenSSL. ok djm 160 - dtucker@cvs.openbsd.org 2014/07/22 23:57:40 161 [regress/unittests/sshkey/mktestdata.sh] 162 Add $OpenBSD tag to make syncs easier 163 - dtucker@cvs.openbsd.org 2014/07/22 23:35:38 164 [regress/unittests/sshkey/testdata/*] 165 Regenerate test keys with certs signed with ed25519 instead of ecdsa. 166 These can be used in -portable on platforms that don't support ECDSA. 167 16820140721 169 - OpenBSD CVS Sync 170 - millert@cvs.openbsd.org 2014/07/15 15:54:15 171 [forwarding.sh multiplex.sh] 172 Add support for Unix domain socket forwarding. A remote TCP port 173 may be forwarded to a local Unix domain socket and vice versa or 174 both ends may be a Unix domain socket. This is a reimplementation 175 of the streamlocal patches by William Ahern from: 176 http://www.25thandclement.com/~william/projects/streamlocal.html 177 OK djm@ markus@ 178 - (djm) [regress/multiplex.sh] Not all netcat accept the -N option. 179 - (dtucker) [sshkey.c] ifdef out unused variable when compiling without 180 OPENSSL_HAS_ECC. 181 18220140721 183 - (dtucker) [cipher.c openbsd-compat/openssl-compat.h] Restore the bits 184 needed to build AES CTR mode against OpenSSL 0.9.8f and above. ok djm 185 - (dtucker) [regress/unittests/sshkey/ 186 {common,test_file,test_fuzz,test_sshkey}.c] Wrap stdint.h includes in 187 ifdefs. 188 18920140719 190 - (tim) [openbsd-compat/port-uw.c] Include misc.h for fwd_opts, used 191 in servconf.h. 192 19320140718 194 - OpenBSD CVS Sync 195 - millert@cvs.openbsd.org 2014/07/15 15:54:14 196 [PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] 197 [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] 198 [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] 199 [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] 200 [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] 201 [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] 202 [sshd_config.5 sshlogin.c] 203 Add support for Unix domain socket forwarding. A remote TCP port 204 may be forwarded to a local Unix domain socket and vice versa or 205 both ends may be a Unix domain socket. This is a reimplementation 206 of the streamlocal patches by William Ahern from: 207 http://www.25thandclement.com/~william/projects/streamlocal.html 208 OK djm@ markus@ 209 - jmc@cvs.openbsd.org 2014/07/16 14:48:57 210 [ssh.1] 211 add the streamlocal* options to ssh's -o list; millert says they're 212 irrelevant for scp/sftp; 213 ok markus millert 214 - djm@cvs.openbsd.org 2014/07/17 00:10:56 215 [sandbox-systrace.c] 216 ifdef SYS_sendsyslog so this will compile without patching on -stable 217 - djm@cvs.openbsd.org 2014/07/17 00:10:18 218 [mux.c] 219 preserve errno across syscall 220 - djm@cvs.openbsd.org 2014/07/17 00:12:03 221 [key.c] 222 silence "incorrect passphrase" error spam; reported and ok dtucker@ 223 - djm@cvs.openbsd.org 2014/07/17 07:22:19 224 [mux.c ssh.c] 225 reflect stdio-forward ("ssh -W host:port ...") failures in exit status. 226 previously we were always returning 0. bz#2255 reported by Brendan 227 Germain; ok dtucker 228 - djm@cvs.openbsd.org 2014/07/18 02:46:01 229 [ssh-agent.c] 230 restore umask around listener socket creation (dropped in streamlocal patch 231 merge) 232 - (dtucker) [auth2-gss.c gss-serv-krb5.c] Include misc.h for fwd_opts, used 233 in servconf.h. 234 - (dtucker) [Makefile.in] Add a t-exec target to run just the executable 235 tests. 236 - (dtucker) [key.c sshkey.c] Put new ecdsa bits inside ifdef OPENSSL_HAS_ECC. 237 23820140717 239 - (djm) [digest-openssl.c] Preserve array order when disabling digests. 240 Reported by Petr Lautrbach. 241 - OpenBSD CVS Sync 242 - deraadt@cvs.openbsd.org 2014/07/11 08:09:54 243 [sandbox-systrace.c] 244 Permit use of SYS_sendsyslog from inside the sandbox. Clock is ticking, 245 update your kernels and sshd soon.. libc will start using sendsyslog() 246 in about 4 days. 247 - tedu@cvs.openbsd.org 2014/07/11 13:54:34 248 [myproposal.h] 249 by popular demand, add back hamc-sha1 to server proposal for better compat 250 with many clients still in use. ok deraadt 251 25220140715 253 - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto 254 has been located; fixes builds agains libressl-portable 255 25620140711 257 - OpenBSD CVS Sync 258 - benno@cvs.openbsd.org 2014/07/09 14:15:56 259 [ssh-add.c] 260 fix ssh-add crash while loading more than one key 261 ok markus@ 262 26320140709 264 - OpenBSD CVS Sync 265 - djm@cvs.openbsd.org 2014/07/07 08:19:12 266 [ssh_config.5] 267 mention that ProxyCommand is executed using shell "exec" to avoid 268 a lingering process; bz#1977 269 - djm@cvs.openbsd.org 2014/07/09 01:45:10 270 [sftp.c] 271 more useful error message when GLOB_NOSPACE occurs; 272 bz#2254, patch from Orion Poplawski 273 - djm@cvs.openbsd.org 2014/07/09 03:02:15 274 [key.c] 275 downgrade more error() to debug() to better match what old authfile.c 276 did; suppresses spurious errors with hostbased authentication enabled 277 - djm@cvs.openbsd.org 2014/07/06 07:42:03 278 [multiplex.sh test-exec.sh] 279 add a hook to the cleanup() function to kill $SSH_PID if it is set 280 281 use it to kill the mux master started in multiplex.sh (it was being left 282 around on fatal failures) 283 - djm@cvs.openbsd.org 2014/07/07 08:15:26 284 [multiplex.sh] 285 remove forced-fatal that I stuck in there to test the new cleanup 286 logic and forgot to remove... 287 28820140706 289 - OpenBSD CVS Sync 290 - djm@cvs.openbsd.org 2014/07/03 23:18:35 291 [authfile.h] 292 remove leakmalloc droppings 293 - djm@cvs.openbsd.org 2014/07/05 23:11:48 294 [channels.c] 295 fix remote-forward cancel regression; ok markus@ 296 29720140704 298 - OpenBSD CVS Sync 299 - jsing@cvs.openbsd.org 2014/07/03 12:42:16 300 [cipher-chachapoly.c] 301 Call chacha_ivsetup() immediately before chacha_encrypt_bytes() - this 302 makes it easier to verify that chacha_encrypt_bytes() is only called once 303 per chacha_ivsetup() call. 304 ok djm@ 305 - djm@cvs.openbsd.org 2014/07/03 22:23:46 306 [sshconnect.c] 307 when rekeying, skip file/DNS lookup if it is the same as the key sent 308 during initial key exchange. bz#2154 patch from Iain Morgan; ok markus@ 309 - djm@cvs.openbsd.org 2014/07/03 22:33:41 310 [channels.c] 311 allow explicit ::1 and 127.0.0.1 forwarding bind addresses when 312 GatewayPorts=no; allows client to choose address family; 313 bz#2222 ok markus@ 314 - djm@cvs.openbsd.org 2014/07/03 22:40:43 315 [servconf.c servconf.h session.c sshd.8 sshd_config.5] 316 Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is 317 executed, mirroring the no-user-rc authorized_keys option; 318 bz#2160; ok markus@ 319 32020140703 321 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto 322 doesn't support it. 323 - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist; 324 bz#2237 325 - OpenBSD CVS Sync 326 - djm@cvs.openbsd.org 2014/07/03 01:45:38 327 [sshkey.c] 328 make Ed25519 keys' title fit properly in the randomart border; bz#2247 329 based on patch from Christian Hesse 330 - djm@cvs.openbsd.org 2014/07/03 03:11:03 331 [ssh-agent.c] 332 Only cleanup agent socket in the main agent process and not in any 333 subprocesses it may have started (e.g. forked askpass). Fixes 334 agent sockets being zapped when askpass processes fatal(); 335 bz#2236 patch from Dmitry V. Levin 336 - djm@cvs.openbsd.org 2014/07/03 03:15:01 337 [ssh-add.c] 338 make stdout line-buffered; saves partial output getting lost when 339 ssh-add fatal()s part-way through (e.g. when listing keys from an 340 agent that supports key types that ssh-add doesn't); 341 bz#2234, reported by Phil Pennock 342 - djm@cvs.openbsd.org 2014/07/03 03:26:43 343 [digest-openssl.c] 344 use EVP_Digest() for one-shot hash instead of creating, updating, 345 finalising and destroying a context. 346 bz#2231, based on patch from Timo Teras 347 - djm@cvs.openbsd.org 2014/07/03 03:34:09 348 [gss-serv.c session.c ssh-keygen.c] 349 standardise on NI_MAXHOST for gethostname() string lengths; about 350 1/2 the cases were using it already. Fixes bz#2239 en passant 351 - djm@cvs.openbsd.org 2014/07/03 03:47:27 352 [ssh-keygen.c] 353 When hashing or removing hosts using ssh-keygen, don't choke on 354 @revoked markers and don't remove @cert-authority markers; 355 bz#2241, reported by mlindgren AT runelind.net 356 - djm@cvs.openbsd.org 2014/07/03 04:36:45 357 [digest.h] 358 forward-declare struct sshbuf so consumers don't need to include sshbuf.h 359 - djm@cvs.openbsd.org 2014/07/03 05:32:36 360 [ssh_config.5] 361 mention '%%' escape sequence in HostName directives and how it may 362 be used to specify IPv6 link-local addresses 363 - djm@cvs.openbsd.org 2014/07/03 05:38:17 364 [ssh.1] 365 document that -g will only work in the multiplexed case if applied to 366 the mux master 367 - djm@cvs.openbsd.org 2014/07/03 06:39:19 368 [ssh.c ssh_config.5] 369 Add a %C escape sequence for LocalCommand and ControlPath that expands 370 to a unique identifer based on a has of the tuple of (local host, 371 remote user, hostname, port). 372 373 Helps avoid exceeding sockaddr_un's miserly pathname limits for mux 374 control paths. 375 376 bz#2220, based on patch from mancha1 AT zoho.com; ok markus@ 377 - jmc@cvs.openbsd.org 2014/07/03 07:45:27 378 [ssh_config.5] 379 escape %C since groff thinks it part of an Rs/Re block; 380 - djm@cvs.openbsd.org 2014/07/03 11:16:55 381 [auth.c auth.h auth1.c auth2.c] 382 make the "Too many authentication failures" message include the 383 user, source address, port and protocol in a format similar to the 384 authentication success / failure messages; bz#2199, ok dtucker 385 38620140702 387 - OpenBSD CVS Sync 388 - deraadt@cvs.openbsd.org 2014/06/13 08:26:29 389 [sandbox-systrace.c] 390 permit SYS_getentropy 391 from matthew 392 - matthew@cvs.openbsd.org 2014/06/18 02:59:13 393 [sandbox-systrace.c] 394 Now that we have a dedicated getentropy(2) system call for 395 arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace 396 sandbox. 397 398 ok djm 399 - naddy@cvs.openbsd.org 2014/06/18 15:42:09 400 [sshbuf-getput-crypto.c] 401 The ssh_get_bignum functions must accept the same range of bignums 402 the corresponding ssh_put_bignum functions create. This fixes the 403 use of 16384-bit RSA keys (bug reported by Eivind Evensen). 404 ok djm@ 405 - djm@cvs.openbsd.org 2014/06/24 00:52:02 406 [krl.c] 407 fix bug in KRL generation: multiple consecutive revoked certificate 408 serial number ranges could be serialised to an invalid format. 409 410 Readers of a broken KRL caused by this bug will fail closed, so no 411 should-have-been-revoked key will be accepted. 412 - djm@cvs.openbsd.org 2014/06/24 01:13:21 413 [Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c 414 [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c 415 [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h 416 [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h 417 [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h 418 [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c 419 [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c 420 [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c 421 [sshconnect2.c sshd.c sshkey.c sshkey.h 422 [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] 423 New key API: refactor key-related functions to be more library-like, 424 existing API is offered as a set of wrappers. 425 426 with and ok markus@ 427 428 Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew 429 Dempsky and Ron Bowes for a detailed review a few months ago. 430 NB. This commit also removes portable OpenSSH support for OpenSSL 431 <0.9.8e. 432 - djm@cvs.openbsd.org 2014/06/24 02:19:48 433 [ssh.c] 434 don't fatal() when hostname canonicalisation fails with a 435 ProxyCommand in use; continue and allow the ProxyCommand to 436 connect anyway (e.g. to a host with a name outside the DNS 437 behind a bastion) 438 - djm@cvs.openbsd.org 2014/06/24 02:21:01 439 [scp.c] 440 when copying local->remote fails during read, don't send uninitialised 441 heap to the remote end. Reported by Jann Horn 442 - deraadt@cvs.openbsd.org 2014/06/25 14:16:09 443 [sshbuf.c] 444 unblock SIGSEGV before raising it 445 ok djm 446 - markus@cvs.openbsd.org 2014/06/27 16:41:56 447 [channels.c channels.h clientloop.c ssh.c] 448 fix remote fwding with same listen port but different listen address 449 with gerhard@, ok djm@ 450 - markus@cvs.openbsd.org 2014/06/27 18:50:39 451 [ssh-add.c] 452 fix loading of private keys 453 - djm@cvs.openbsd.org 2014/06/30 12:54:39 454 [key.c] 455 suppress spurious error message when loading key with a passphrase; 456 reported by kettenis@ ok markus@ 457 - djm@cvs.openbsd.org 2014/07/02 04:59:06 458 [cipher-3des1.c] 459 fix ssh protocol 1 on the server that regressed with the sshkey change 460 (sometimes fatal() after auth completed), make file return useful status 461 codes. 462 NB. Id sync only for these two. They were bundled into the sshkey merge 463 above, since it was easier to sync the entire file and then apply 464 portable-specific changed atop it. 465 - djm@cvs.openbsd.org 2014/04/30 05:32:00 466 [regress/Makefile] 467 unit tests for new buffer API; including basic fuzz testing 468 NB. Id sync only. 469 - djm@cvs.openbsd.org 2014/05/21 07:04:21 470 [regress/integrity.sh] 471 when failing because of unexpected output, show the offending output 472 - djm@cvs.openbsd.org 2014/06/24 01:04:43 473 [regress/krl.sh] 474 regress test for broken consecutive revoked serial number ranges 475 - djm@cvs.openbsd.org 2014/06/24 01:14:17 476 [Makefile.in regress/Makefile regress/unittests/Makefile] 477 [regress/unittests/sshkey/Makefile] 478 [regress/unittests/sshkey/common.c] 479 [regress/unittests/sshkey/common.h] 480 [regress/unittests/sshkey/mktestdata.sh] 481 [regress/unittests/sshkey/test_file.c] 482 [regress/unittests/sshkey/test_fuzz.c] 483 [regress/unittests/sshkey/test_sshkey.c] 484 [regress/unittests/sshkey/tests.c] 485 [regress/unittests/sshkey/testdata/dsa_1] 486 [regress/unittests/sshkey/testdata/dsa_1-cert.fp] 487 [regress/unittests/sshkey/testdata/dsa_1-cert.pub] 488 [regress/unittests/sshkey/testdata/dsa_1.fp] 489 [regress/unittests/sshkey/testdata/dsa_1.fp.bb] 490 [regress/unittests/sshkey/testdata/dsa_1.param.g] 491 [regress/unittests/sshkey/testdata/dsa_1.param.priv] 492 [regress/unittests/sshkey/testdata/dsa_1.param.pub] 493 [regress/unittests/sshkey/testdata/dsa_1.pub] 494 [regress/unittests/sshkey/testdata/dsa_1_pw] 495 [regress/unittests/sshkey/testdata/dsa_2] 496 [regress/unittests/sshkey/testdata/dsa_2.fp] 497 [regress/unittests/sshkey/testdata/dsa_2.fp.bb] 498 [regress/unittests/sshkey/testdata/dsa_2.pub] 499 [regress/unittests/sshkey/testdata/dsa_n] 500 [regress/unittests/sshkey/testdata/dsa_n_pw] 501 [regress/unittests/sshkey/testdata/ecdsa_1] 502 [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] 503 [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] 504 [regress/unittests/sshkey/testdata/ecdsa_1.fp] 505 [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] 506 [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] 507 [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] 508 [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] 509 [regress/unittests/sshkey/testdata/ecdsa_1.pub] 510 [regress/unittests/sshkey/testdata/ecdsa_1_pw] 511 [regress/unittests/sshkey/testdata/ecdsa_2] 512 [regress/unittests/sshkey/testdata/ecdsa_2.fp] 513 [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] 514 [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] 515 [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] 516 [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] 517 [regress/unittests/sshkey/testdata/ecdsa_2.pub] 518 [regress/unittests/sshkey/testdata/ecdsa_n] 519 [regress/unittests/sshkey/testdata/ecdsa_n_pw] 520 [regress/unittests/sshkey/testdata/ed25519_1] 521 [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] 522 [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] 523 [regress/unittests/sshkey/testdata/ed25519_1.fp] 524 [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] 525 [regress/unittests/sshkey/testdata/ed25519_1.pub] 526 [regress/unittests/sshkey/testdata/ed25519_1_pw] 527 [regress/unittests/sshkey/testdata/ed25519_2] 528 [regress/unittests/sshkey/testdata/ed25519_2.fp] 529 [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] 530 [regress/unittests/sshkey/testdata/ed25519_2.pub] 531 [regress/unittests/sshkey/testdata/pw] 532 [regress/unittests/sshkey/testdata/rsa1_1] 533 [regress/unittests/sshkey/testdata/rsa1_1.fp] 534 [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] 535 [regress/unittests/sshkey/testdata/rsa1_1.param.n] 536 [regress/unittests/sshkey/testdata/rsa1_1.pub] 537 [regress/unittests/sshkey/testdata/rsa1_1_pw] 538 [regress/unittests/sshkey/testdata/rsa1_2] 539 [regress/unittests/sshkey/testdata/rsa1_2.fp] 540 [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] 541 [regress/unittests/sshkey/testdata/rsa1_2.param.n] 542 [regress/unittests/sshkey/testdata/rsa1_2.pub] 543 [regress/unittests/sshkey/testdata/rsa_1] 544 [regress/unittests/sshkey/testdata/rsa_1-cert.fp] 545 [regress/unittests/sshkey/testdata/rsa_1-cert.pub] 546 [regress/unittests/sshkey/testdata/rsa_1.fp] 547 [regress/unittests/sshkey/testdata/rsa_1.fp.bb] 548 [regress/unittests/sshkey/testdata/rsa_1.param.n] 549 [regress/unittests/sshkey/testdata/rsa_1.param.p] 550 [regress/unittests/sshkey/testdata/rsa_1.param.q] 551 [regress/unittests/sshkey/testdata/rsa_1.pub] 552 [regress/unittests/sshkey/testdata/rsa_1_pw] 553 [regress/unittests/sshkey/testdata/rsa_2] 554 [regress/unittests/sshkey/testdata/rsa_2.fp] 555 [regress/unittests/sshkey/testdata/rsa_2.fp.bb] 556 [regress/unittests/sshkey/testdata/rsa_2.param.n] 557 [regress/unittests/sshkey/testdata/rsa_2.param.p] 558 [regress/unittests/sshkey/testdata/rsa_2.param.q] 559 [regress/unittests/sshkey/testdata/rsa_2.pub] 560 [regress/unittests/sshkey/testdata/rsa_n] 561 [regress/unittests/sshkey/testdata/rsa_n_pw] 562 unit and fuzz tests for new key API 563 - (djm) [sshkey.c] Conditionalise inclusion of util.h 564 - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz test 565 56620140618 567 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWare 568 56920140617 570 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h} 571 openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] 572 Move the OpenSSL header/library version test into its own function and add 573 tests for it. Fix it to allow fix version upgrades (but not downgrades). 574 Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). 575 ok djm@ chl@ 576 57720140616 578 - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian via 579 OpenSMTPD and chl@ 580 58120140612 582 - (dtucker) [configure.ac] Remove tcpwrappers support, support has already 583 been removed from sshd.c. 584 58520140611 586 - (dtucker) [defines.h] Add va_copy if we don't already have it, taken from 587 openbsd-compat/bsd-asprintf.c. 588 - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*] 589 Wrap stdlib.h include an ifdef for platforms that don't have it. 590 - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h for 591 u_intXX_t types. 592 59320140610 594 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c 595 regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 596 curve tests if OpenSSL has them. 597 - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in 598 the proposal if the version of OpenSSL we're using doesn't support ECC. 599 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdef 600 ECC variable too. 601 - (dtucker) OpenBSD CVS Sync 602 - djm@cvs.openbsd.org 2014/06/05 22:17:50 603 [sshconnect2.c] 604 fix inverted test that caused PKCS#11 keys that were explicitly listed 605 not to be preferred. Reported by Dirk-Willem van Gulik 606 - dtucker@cvs.openbsd.org 2014/06/10 21:46:11 607 [sshbuf.h] 608 Group ECC functions together to make things a little easier in -portable. 609 "doesn't bother me" deraadt@ 610 - (dtucker) [sshbuf.h] Only declare ECC functions if building without 611 OpenSSL or if OpenSSL has ECC. 612 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of an 613 assigment that might get optimized out. ok djm@ 614 - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h for 615 compat stuff, specifically whether or not OpenSSL has ECC. 616 61720140527 618 - (djm) [cipher.c] Fix merge botch. 619 - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-config 620 from Corinna Vinschen, fixing a number of bugs and preparing for 621 Cygwin 1.7.30. 622 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c] 623 [openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege 624 separation user at runtime, since it may need to be a domain account. 625 Patch from Corinna Vinschen. 626 62720140522 628 - (djm) [Makefile.in] typo in path 629 63020140521 631 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use 632 vhangup on Linux. It doens't work for non-root users, and for them 633 it just messes up the tty settings. 634 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC 635 when it is available. It takes into account time spent suspended, 636 thereby ensuring timeouts (e.g. for expiring agent keys) fire 637 correctly. bz#2228 reported by John Haxby 638 63920140519 640 - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine 641 OpenBSD 642 - OpenBSD CVS Sync 643 - logan@cvs.openbsd.org 2014/04/20 09:24:26 644 [dns.c dns.h ssh-keygen.c] 645 Add support for SSHFP DNS records for ED25519 key types. 646 OK from djm@ 647 - logan@cvs.openbsd.org 2014/04/21 14:36:16 648 [sftp-client.c sftp-client.h sftp.c] 649 Implement sftp upload resume support. 650 OK from djm@, with input from guenther@, mlarkin@ and 651 okan@ 652 - logan@cvs.openbsd.org 2014/04/22 10:07:12 653 [sftp.c] 654 Sort the sftp command list. 655 OK from djm@ 656 - logan@cvs.openbsd.org 2014/04/22 12:42:04 657 [sftp.1] 658 Document sftp upload resume. 659 OK from djm@, with feedback from okan@. 660 - jmc@cvs.openbsd.org 2014/04/22 14:16:30 661 [sftp.1] 662 zap eol whitespace; 663 - djm@cvs.openbsd.org 2014/04/23 12:42:34 664 [readconf.c] 665 don't record duplicate IdentityFiles 666 - djm@cvs.openbsd.org 2014/04/28 03:09:18 667 [authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] 668 [ssh-keygen.c] 669 buffer_get_string_ptr's return should be const to remind 670 callers that futzing with it will futz with the actual buffer 671 contents 672 - djm@cvs.openbsd.org 2014/04/29 13:10:30 673 [clientloop.c serverloop.c] 674 bz#1818 - don't send channel success/failre replies on channels that 675 have sent a close already; analysis and patch from Simon Tatham; 676 ok markus@ 677 - markus@cvs.openbsd.org 2014/04/29 18:01:49 678 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] 679 [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] 680 [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] 681 [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] 682 make compiling against OpenSSL optional (make OPENSSL=no); 683 reduces algorithms to curve25519, aes-ctr, chacha, ed25519; 684 allows us to explore further options; with and ok djm 685 - dtucker@cvs.openbsd.org 2014/04/29 19:58:50 686 [sftp.c] 687 Move nulling of variable next to where it's freed. ok markus@ 688 - dtucker@cvs.openbsd.org 2014/04/29 20:36:51 689 [sftp.c] 690 Don't attempt to append a nul quote char to the filename. Should prevent 691 fatal'ing with "el_insertstr failed" when there's a single quote char 692 somewhere in the string. bz#2238, ok markus@ 693 - djm@cvs.openbsd.org 2014/04/30 05:29:56 694 [bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] 695 [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] 696 [ssherr.h] 697 New buffer API; the first installment of the conversion/replacement 698 of OpenSSH's internals to make them usable as a standalone library. 699 700 This includes a set of wrappers to make it compatible with the 701 existing buffer API so replacement can occur incrementally. 702 703 With and ok markus@ 704 705 Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew 706 Dempsky and Ron Bowes for a detailed review. 707 - naddy@cvs.openbsd.org 2014/04/30 19:07:48 708 [mac.c myproposal.h umac.c] 709 UMAC can use our local fallback implementation of AES when OpenSSL isn't 710 available. Glue code straight from Ted Krovetz's original umac.c. 711 ok markus@ 712 - djm@cvs.openbsd.org 2014/05/02 03:27:54 713 [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] 714 [misc.h poly1305.h ssh-pkcs11.c defines.h] 715 revert __bounded change; it causes way more problems for portable than 716 it solves; pointed out by dtucker@ 717 - markus@cvs.openbsd.org 2014/05/03 17:20:34 718 [monitor.c packet.c packet.h] 719 unbreak compression, by re-init-ing the compression code in the 720 post-auth child. the new buffer code is more strict, and requires 721 buffer_init() while the old code was happy after a bzero(); 722 originally from djm@ 723 - logan@cvs.openbsd.org 2014/05/05 07:02:30 724 [sftp.c] 725 Zap extra whitespace. 726 727 OK from djm@ and dtucker@ 728 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we write 729 portability glue to support building without libcrypto 730 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c] 731 [sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes 732 - OpenBSD CVS Sync 733 - djm@cvs.openbsd.org 2014/03/13 20:44:49 734 [login-timeout.sh] 735 this test is a sorry mess of race conditions; add another sleep 736 to avoid a failure on slow machines (at least until I find a 737 better way) 738 - djm@cvs.openbsd.org 2014/04/21 22:15:37 739 [dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh] 740 repair regress tests broken by server-side default cipher/kex/mac changes 741 by ensuring that the option under test is included in the server's 742 algorithm list 743 - dtucker@cvs.openbsd.org 2014/05/03 18:46:14 744 [proxy-connect.sh] 745 Add tests for with and without compression, with and without privsep. 746 - logan@cvs.openbsd.org 2014/05/04 10:40:59 747 [connect-privsep.sh] 748 Remove the Z flag from the list of malloc options as it 749 was removed from malloc.c 10 days ago. 750 751 OK from miod@ 752 - (djm) [regress/unittests/Makefile] 753 [regress/unittests/Makefile.inc] 754 [regress/unittests/sshbuf/Makefile] 755 [regress/unittests/sshbuf/test_sshbuf.c] 756 [regress/unittests/sshbuf/test_sshbuf_fixed.c] 757 [regress/unittests/sshbuf/test_sshbuf_fuzz.c] 758 [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] 759 [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] 760 [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] 761 [regress/unittests/sshbuf/test_sshbuf_misc.c] 762 [regress/unittests/sshbuf/tests.c] 763 [regress/unittests/test_helper/Makefile] 764 [regress/unittests/test_helper/fuzz.c] 765 [regress/unittests/test_helper/test_helper.c] 766 [regress/unittests/test_helper/test_helper.h] 767 Import new unit tests from OpenBSD; not yet hooked up to build. 768 - (djm) [regress/Makefile Makefile.in] 769 [regress/unittests/sshbuf/test_sshbuf.c 770 [regress/unittests/sshbuf/test_sshbuf_fixed.c] 771 [regress/unittests/sshbuf/test_sshbuf_fuzz.c] 772 [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] 773 [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] 774 [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] 775 [regress/unittests/sshbuf/test_sshbuf_misc.c] 776 [regress/unittests/sshbuf/tests.c] 777 [regress/unittests/test_helper/fuzz.c] 778 [regress/unittests/test_helper/test_helper.c] 779 Hook new unit tests into the build and "make tests" 780 - (djm) [sshbuf.c] need __predict_false 781 78220140430 783 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't already 784 have it. Only attempt to use __attribute__(__bounded__) for gcc. 785 78620140420 787 - OpenBSD CVS Sync 788 - djm@cvs.openbsd.org 2014/03/03 22:22:30 789 [session.c] 790 ignore enviornment variables with embedded '=' or '\0' characters; 791 spotted by Jann Horn; ok deraadt@ 792 Id sync only - portable already has this. 793 - djm@cvs.openbsd.org 2014/03/12 04:44:58 794 [ssh-keyscan.c] 795 scan for Ed25519 keys by default too 796 - djm@cvs.openbsd.org 2014/03/12 04:50:32 797 [auth-bsdauth.c ssh-keygen.c] 798 don't count on things that accept arguments by reference to clear 799 things for us on error; most things do, but it's unsafe form. 800 - djm@cvs.openbsd.org 2014/03/12 04:51:12 801 [authfile.c] 802 correct test that kdf name is not "none" or "bcrypt" 803 - naddy@cvs.openbsd.org 2014/03/12 13:06:59 804 [ssh-keyscan.1] 805 scan for Ed25519 keys by default too 806 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 807 [ssh-agent.c ssh-keygen.1 ssh-keygen.c] 808 Improve usage() and documentation towards the standard form. 809 In particular, this line saves a lot of man page reading time. 810 usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] 811 [-N new_passphrase] [-C comment] [-f output_keyfile] 812 ok schwarze jmc 813 - tedu@cvs.openbsd.org 2014/03/17 19:44:10 814 [ssh.1] 815 old descriptions of des and blowfish are old. maybe ok deraadt 816 - tedu@cvs.openbsd.org 2014/03/19 14:42:44 817 [scp.1] 818 there is no need for rcp anymore 819 ok deraadt millert 820 - markus@cvs.openbsd.org 2014/03/25 09:40:03 821 [myproposal.h] 822 trimm default proposals. 823 824 This commit removes the weaker pre-SHA2 hashes, the broken ciphers 825 (arcfour), and the broken modes (CBC) from the default configuration 826 (the patch only changes the default, all the modes are still available 827 for the config files). 828 829 ok djm@, reminded by tedu@ & naddy@ and discussed with many 830 - deraadt@cvs.openbsd.org 2014/03/26 17:16:26 831 [myproposal.h] 832 The current sharing of myproposal[] between both client and server code 833 makes the previous diff highly unpallatable. We want to go in that 834 direction for the server, but not for the client. Sigh. 835 Brought up by naddy. 836 - markus@cvs.openbsd.org 2014/03/27 23:01:27 837 [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] 838 disable weak proposals in sshd, but keep them in ssh; ok djm@ 839 - djm@cvs.openbsd.org 2014/03/26 04:55:35 840 [chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c 841 [misc.h poly1305.h ssh-pkcs11.c] 842 use __bounded(...) attribute recently added to sys/cdefs.h instead of 843 longform __attribute__(__bounded(...)); 844 845 for brevity and a warning free compilation with llvm/clang 846 - tedu@cvs.openbsd.org 2014/03/26 19:58:37 847 [sshd.8 sshd.c] 848 remove libwrap support. ok deraadt djm mfriedl 849 - naddy@cvs.openbsd.org 2014/03/28 05:17:11 850 [ssh_config.5 sshd_config.5] 851 sync available and default algorithms, improve algorithm list formatting 852 help from jmc@ and schwarze@, ok deraadt@ 853 - jmc@cvs.openbsd.org 2014/03/31 13:39:34 854 [ssh-keygen.1] 855 the text for the -K option was inserted in the wrong place in -r1.108; 856 fix From: Matthew Clarke 857 - djm@cvs.openbsd.org 2014/04/01 02:05:27 858 [ssh-keysign.c] 859 include fingerprint of key not found 860 use arc4random_buf() instead of loop+arc4random() 861 - djm@cvs.openbsd.org 2014/04/01 03:34:10 862 [sshconnect.c] 863 When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any 864 certificate keys to plain keys and attempt SSHFP resolution. 865 866 Prevents a server from skipping SSHFP lookup and forcing a new-hostkey 867 dialog by offering only certificate keys. 868 869 Reported by mcv21 AT cam.ac.uk 870 - djm@cvs.openbsd.org 2014/04/01 05:32:57 871 [packet.c] 872 demote a debug3 to PACKET_DEBUG; ok markus@ 873 - djm@cvs.openbsd.org 2014/04/12 04:55:53 874 [sshd.c] 875 avoid crash at exit: check that pmonitor!=NULL before dereferencing; 876 bz#2225, patch from kavi AT juniper.net 877 - djm@cvs.openbsd.org 2014/04/16 23:22:45 878 [bufaux.c] 879 skip leading zero bytes in buffer_put_bignum2_from_string(); 880 reported by jan AT mojzis.com; ok markus@ 881 - djm@cvs.openbsd.org 2014/04/16 23:28:12 882 [ssh-agent.1] 883 remove the identity files from this manpage - ssh-agent doesn't deal 884 with them at all and the same information is duplicated in ssh-add.1 885 (which does deal with them); prodded by deraadt@ 886 - djm@cvs.openbsd.org 2014/04/18 23:52:25 887 [compat.c compat.h sshconnect2.c sshd.c version.h] 888 OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections 889 using the curve25519-sha256@libssh.org KEX exchange method to fail 890 when connecting with something that implements the spec properly. 891 892 Disable this KEX method when speaking to one of the affected 893 versions. 894 895 reported by Aris Adamantiadis; ok markus@ 896 - djm@cvs.openbsd.org 2014/04/19 05:54:59 897 [compat.c] 898 missing wildcard; pointed out by naddy@ 899 - tedu@cvs.openbsd.org 2014/04/19 14:53:48 900 [ssh-keysign.c sshd.c] 901 Delete futile calls to RAND_seed. ok djm 902 NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon 903 - tedu@cvs.openbsd.org 2014/04/19 18:15:16 904 [sshd.8] 905 remove some really old rsh references 906 - tedu@cvs.openbsd.org 2014/04/19 18:42:19 907 [ssh.1] 908 delete .xr to hosts.equiv. there's still an unfortunate amount of 909 documentation referring to rhosts equivalency in here. 910 - djm@cvs.openbsd.org 2014/04/20 02:30:25 911 [misc.c misc.h umac.c] 912 use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on 913 strict-alignment architectures; reported by and ok stsp@ 914 - djm@cvs.openbsd.org 2014/04/20 02:49:32 915 [compat.c] 916 add a canonical 6.6 + curve25519 bignum fix fake version that I can 917 recommend people use ahead of the openssh-6.7 release 918 91920140401 920 - (djm) On platforms that support it, use prctl() to prevent sftp-server 921 from accessing /proc/self/{mem,maps}; patch from jann AT thejh.net 922 - (djm) Use full release (e.g. 6.5p1) in debug output rather than just 923 version. From des@des.no 924 92520140317 926 - (djm) [sandbox-seccomp-filter.c] Soft-fail stat() syscalls. Add XXX to 927 remind myself to add sandbox violation logging via the log socket. 928 92920140314 930 - (tim) [opensshd.init.in] Add support for ed25519 931 93220140313 933 - (djm) Release OpenSSH 6.6 934 93520140304 936 - OpenBSD CVS Sync 937 - djm@cvs.openbsd.org 2014/03/03 22:22:30 938 [session.c] 939 ignore enviornment variables with embedded '=' or '\0' characters; 940 spotted by Jann Horn; ok deraadt@ 941 94220140301 943 - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when 944 no moduli file exists at the expected location. 945 94620140228 947 - OpenBSD CVS Sync 948 - djm@cvs.openbsd.org 2014/02/27 00:41:49 949 [bufbn.c] 950 fix unsigned overflow that could lead to reading a short ssh protocol 951 1 bignum value; found by Ben Hawkes; ok deraadt@ 952 - djm@cvs.openbsd.org 2014/02/27 08:25:09 953 [bufbn.c] 954 off by one in range check 955 - djm@cvs.openbsd.org 2014/02/27 22:47:07 956 [sshd_config.5] 957 bz#2184 clarify behaviour of a keyword that appears in multiple 958 matching Match blocks; ok dtucker@ 959 - djm@cvs.openbsd.org 2014/02/27 22:57:40 960 [version.h] 961 openssh-6.6 962 - dtucker@cvs.openbsd.org 2014/01/19 23:43:02 963 [regress/sftp-chroot.sh] 964 Don't use -q on sftp as it suppresses logging, instead redirect the 965 output to the regress logfile. 966 - dtucker@cvs.openbsd.org 2014/01/20 00:00:30 967 [sregress/ftp-chroot.sh] 968 append to rather than truncating the log file 969 - dtucker@cvs.openbsd.org 2014/01/25 04:35:32 970 [regress/Makefile regress/dhgex.sh] 971 Add a test for DH GEX sizes 972 - djm@cvs.openbsd.org 2014/01/26 10:22:10 973 [regress/cert-hostkey.sh] 974 automatically generate revoked keys from listed keys rather than 975 manually specifying each type; from portable 976 (Id sync only) 977 - djm@cvs.openbsd.org 2014/01/26 10:49:17 978 [scp-ssh-wrapper.sh scp.sh] 979 make sure $SCP is tested on the remote end rather than whichever one 980 happens to be in $PATH; from portable 981 (Id sync only) 982 - djm@cvs.openbsd.org 2014/02/27 20:04:16 983 [login-timeout.sh] 984 remove any existing LoginGraceTime from sshd_config before adding 985 a specific one for the test back in 986 - djm@cvs.openbsd.org 2014/02/27 21:21:25 987 [agent-ptrace.sh agent.sh] 988 keep return values that are printed in error messages; 989 from portable 990 (Id sync only) 991 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 992 [contrib/suse/openssh.spec] Crank version numbers 993 - (djm) [regress/host-expand.sh] Add RCS Id 994 99520140227 996 - OpenBSD CVS Sync 997 - djm@cvs.openbsd.org 2014/02/26 20:18:37 998 [ssh.c] 999 bz#2205: avoid early hostname lookups unless canonicalisation is enabled; 1000 ok dtucker@ markus@ 1001 - djm@cvs.openbsd.org 2014/02/26 20:28:44 1002 [auth2-gss.c gss-serv.c ssh-gss.h sshd.c] 1003 bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep 1004 sandboxing, as running this code in the sandbox can cause violations; 1005 ok markus@ 1006 - djm@cvs.openbsd.org 2014/02/26 20:29:29 1007 [channels.c] 1008 don't assume that the socks4 username is \0 terminated; 1009 spotted by Ben Hawkes; ok markus@ 1010 - markus@cvs.openbsd.org 2014/02/26 21:53:37 1011 [sshd.c] 1012 ssh_gssapi_prepare_supported_oids needs GSSAPI 1013 101420140224 1015 - OpenBSD CVS Sync 1016 - djm@cvs.openbsd.org 2014/02/07 06:55:54 1017 [cipher.c mac.c] 1018 remove some logging that makes ssh debugging output very verbose; 1019 ok markus 1020 - djm@cvs.openbsd.org 2014/02/15 23:05:36 1021 [channels.c] 1022 avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; 1023 bz#2200, debian#738692 via Colin Watson; ok dtucker@ 1024 - djm@cvs.openbsd.org 2014/02/22 01:32:19 1025 [readconf.c] 1026 when processing Match blocks, skip 'exec' clauses if previous predicates 1027 failed to match; ok markus@ 1028 - djm@cvs.openbsd.org 2014/02/23 20:03:42 1029 [ssh-ed25519.c] 1030 check for unsigned overflow; not reachable in OpenSSH but others might 1031 copy our code... 1032 - djm@cvs.openbsd.org 2014/02/23 20:11:36 1033 [readconf.c readconf.h ssh.c ssh_config.5] 1034 reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes 1035 the hostname. This allows users to write configurations that always 1036 refer to canonical hostnames, e.g. 1037 1038 CanonicalizeHostname yes 1039 CanonicalDomains int.example.org example.org 1040 CanonicalizeFallbackLocal no 1041 1042 Host *.int.example.org 1043 Compression off 1044 Host *.example.org 1045 User djm 1046 1047 ok markus@ 1048 104920140213 1050 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat 1051 code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex. 1052 105320140207 1054 - OpenBSD CVS Sync 1055 - naddy@cvs.openbsd.org 2014/02/05 20:13:25 1056 [ssh-keygen.1 ssh-keygen.c] 1057 tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ 1058 while here, fix ordering in usage(); requested by jmc@ 1059 - djm@cvs.openbsd.org 2014/02/06 22:21:01 1060 [sshconnect.c] 1061 in ssh_create_socket(), only do the getaddrinfo for BindAddress when 1062 BindAddress is actually specified. Fixes regression in 6.5 for 1063 UsePrivilegedPort=yes; patch from Corinna Vinschen 1064 106520140206 1066 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL 1067 before freeing since free(NULL) is a no-op. ok djm. 1068 - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define 1069 __NR_shutdown; some go via the socketcall(2) multiplexer. 1070 107120140205 1072 - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by 1073 headers/libc but not supported by the kernel. Patch from Loganaden 1074 Velvindron @ AfriNIC 1075 107620140204 1077 - OpenBSD CVS Sync 1078 - markus@cvs.openbsd.org 2014/01/27 18:58:14 1079 [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] 1080 replace openssl HMAC with an implementation based on our ssh_digest_* 1081 ok and feedback djm@ 1082 - markus@cvs.openbsd.org 2014/01/27 19:18:54 1083 [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c] 1084 replace openssl MD5 with our ssh_digest_*; ok djm@ 1085 - markus@cvs.openbsd.org 2014/01/27 20:13:46 1086 [digest.c digest-openssl.c digest-libc.c Makefile.in] 1087 rename digest.c to digest-openssl.c and add libc variant; ok djm@ 1088 - jmc@cvs.openbsd.org 2014/01/28 14:13:39 1089 [ssh-keyscan.1] 1090 kill some bad Pa; 1091 From: Jan Stary 1092 - djm@cvs.openbsd.org 2014/01/29 00:19:26 1093 [sshd.c] 1094 use kill(0, ...) instead of killpg(0, ...); on most operating systems 1095 they are equivalent, but SUSv2 describes the latter as having undefined 1096 behaviour; from portable; ok dtucker 1097 (Id sync only; change is already in portable) 1098 - djm@cvs.openbsd.org 2014/01/29 06:18:35 1099 [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c] 1100 [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h] 1101 [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c] 1102 remove experimental, never-enabled JPAKE code; ok markus@ 1103 - jmc@cvs.openbsd.org 2014/01/29 14:04:51 1104 [sshd_config.5] 1105 document kbdinteractiveauthentication; 1106 requested From: Ross L Richardson 1107 1108 dtucker/markus helped explain its workings; 1109 - djm@cvs.openbsd.org 2014/01/30 22:26:14 1110 [sandbox-systrace.c] 1111 allow shutdown(2) syscall in sandbox - it may be called by packet_close() 1112 from portable 1113 (Id sync only; change is already in portable) 1114 - tedu@cvs.openbsd.org 2014/01/31 16:39:19 1115 [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c] 1116 [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c] 1117 [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c] 1118 [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c] 1119 [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h] 1120 replace most bzero with explicit_bzero, except a few that cna be memset 1121 ok djm dtucker 1122 - djm@cvs.openbsd.org 2014/02/02 03:44:32 1123 [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c] 1124 [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c] 1125 [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c] 1126 [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c] 1127 [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c] 1128 [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c] 1129 [sshd.c] 1130 convert memset of potentially-private data to explicit_bzero() 1131 - djm@cvs.openbsd.org 2014/02/03 23:28:00 1132 [ssh-ecdsa.c] 1133 fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike 1134 DSA_SIG_new. Reported by Batz Spear; ok markus@ 1135 - djm@cvs.openbsd.org 2014/02/02 03:44:31 1136 [digest-libc.c digest-openssl.c] 1137 convert memset of potentially-private data to explicit_bzero() 1138 - djm@cvs.openbsd.org 2014/02/04 00:24:29 1139 [ssh.c] 1140 delay lowercasing of hostname until right before hostname 1141 canonicalisation to unbreak case-sensitive matching of ssh_config; 1142 reported by Ike Devolder; ok markus@ 1143 - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o 1144 - (djm) [regress/setuid-allowed.c] Missing string.h for strerror() 1145 114620140131 1147 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2) 1148 syscall from sandboxes; it may be called by packet_close. 1149 - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes 1150 build with HP-UX's compiler. Patch from Kevin Brott. 1151 - (tim) [Makefile.in] build regress/setuid-allow. 1152 115320140130 1154 - (djm) [configure.ac] Only check for width-specified integer types 1155 in headers that actually exist. patch from Tom G. Christensen; 1156 ok dtucker@ 1157 - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering 1158 different symbols for 'read' when various compiler flags are 1159 in use, causing atomicio.c comparisons against it to break and 1160 read/write operations to hang; ok dtucker 1161 - (djm) Release openssh-6.5p1 1162 116320140129 1164 - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from 1165 Tom G. Christensen 1166 116720140128 1168 - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; 1169 ok dtucker 1170 - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the 1171 latter being specified to have undefined behaviour in SUSv3; 1172 ok dtucker 1173 - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable 1174 when used as an error message inside an if statement so we display the 1175 correct into. agent.sh patch from Petr Lautrbach. 1176 117720140127 1178 - (dtucker) [Makefile.in] Remove trailing backslash which some make 1179 implementations (eg older Solaris) do not cope with. 1180 118120140126 1182 - OpenBSD CVS Sync 1183 - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 1184 [cipher.c cipher.h kex.c kex.h kexgexc.c] 1185 Add a special case for the DH group size for 3des-cbc, which has an 1186 effective strength much lower than the key size. This causes problems 1187 with some cryptlib implementations, which don't support group sizes larger 1188 than 4k but also don't use the largest group size it does support as 1189 specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, 1190 reduced by me with input from Markus. ok djm@ markus@ 1191 - markus@cvs.openbsd.org 2014/01/25 20:35:37 1192 [kex.c] 1193 dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) 1194 ok dtucker@, noted by mancha 1195 - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable 1196 RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, 1197 libc will attempt to open additional file descriptors for crypto 1198 offload and crash if they cannot be opened. 1199 - (djm) [configure.ac] correct AC_DEFINE for previous. 1200 120120140125 1202 - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD 1203 - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless 1204 sys/capability.h exists and cap_rights_limit is in libc. Fixes 1205 build on FreeBSD9x which provides the header but not the libc 1206 support. 1207 - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test 1208 against the correct thing. 1209 121020140124 1211 - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make 1212 the scp regress test actually test the built scp rather than the one 1213 in $PATH. ok dtucker@ 1214 121520140123 1216 - (tim) [session.c] Improve error reporting on set_id(). 1217 - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously 1218 incompatible with OpenBSD's despite post-dating it by more than a decade. 1219 Declare it as broken, and document FreeBSD's as the same. ok djm@ 1220 122120140122 1222 - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a 1223 platform that is expected to use the reuse-argv style setproctitle 1224 hack surprises us by providing a setproctitle in libc; ok dtucker 1225 - (djm) [configure.ac] Unless specifically requested, only attempt 1226 to build Position Independent Executables on gcc >= 4.x; ok dtucker 1227 - (djm) [configure.ac aclocal.m4] More tests to detect fallout from 1228 platform hardening options: include some long long int arithmatic 1229 to detect missing support functions for -ftrapv in libgcc and 1230 equivalents, actually test linking when -ftrapv is supplied and 1231 set either both -pie/-fPIE or neither. feedback and ok dtucker@ 1232 123320140121 1234 - (dtucker) [configure.ac] Make PIE a configure-time option which defaults 1235 to on platforms where it's known to be reliably detected and off elsewhere. 1236 Works around platforms such as FreeBSD 9.1 where it does not interop with 1237 -ftrapv (it seems to work but fails when trying to link ssh). ok djm@ 1238 - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time 1239 tests in the configure output. ok djm. 1240 - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced 1241 with sftp chroot support. Move set_id call after chroot. 1242 - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE 1243 and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of 1244 detecting toolchain-related problems; ok dtucker 1245 124620140120 1247 - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos 1248 implementation does not have krb5_cc_new_unique, similar to what we do 1249 in auth-krb5.c. 1250 - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that 1251 skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@ 1252 - (djm) OpenBSD CVS Sync 1253 - djm@cvs.openbsd.org 2014/01/20 00:08:48 1254 [digest.c] 1255 memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@ 1256 125720140119 1258 - (dtucker) OpenBSD CVS Sync 1259 - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 1260 [sftp-server.c] 1261 fix log message statvfs. ok djm 1262 - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 1263 [session.c] 1264 explicitly define USE_PIPES to 1 to prevent redefinition warnings in 1265 portable on platforms that use pipes for everything. From vinschen at 1266 redhat. 1267 - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 1268 [canohost.c addrmatch.c] 1269 Cast socklen_t when comparing to size_t and use socklen_t to iterate over 1270 the ip options, both to prevent signed/unsigned comparison warnings. 1271 Patch from vinschen at redhat via portable openssh, begrudging ok deraadt. 1272 - djm@cvs.openbsd.org 2014/01/19 04:48:08 1273 [ssh_config.5] 1274 fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal 1275 - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 1276 [addrmatch.c] 1277 Cast the sizeof to socklen_t so it'll work even if the supplied len is 1278 negative. Suggested by and ok djm, ok deraadt. 1279 128020140118 1281 - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch 1282 from vinschen at redhat.com 1283 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function 1284 declarations that stopped being included when we stopped including 1285 <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at 1286 redhat.com. 1287 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs, 1288 optind) are defined in getopt.h already. Unfortunately they are defined as 1289 "declspec(dllimport)" for historical reasons, because the GNU linker didn't 1290 allow auto-import on PE/COFF targets way back when. The problem is the 1291 dllexport attributes collide with the definitions in the various source 1292 files in OpenSSH, which obviousy define the variables without 1293 declspec(dllimport). The least intrusive way to get rid of these warnings 1294 is to disable warnings for GCC compiler attributes when building on Cygwin. 1295 Patch from vinschen at redhat.com. 1296 - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the 1297 return value check for cap_enter() consistent with the other uses in 1298 FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. 1299 130020140117 1301 - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain 1302 hardening flags including -fstack-protector-strong. These default to on 1303 if the toolchain supports them, but there is a configure-time knob 1304 (--without-hardening) to disable them if necessary. ok djm@ 1305 - (djm) [sftp-client.c] signed/unsigned comparison fix 1306 - (dtucker) [loginrec.c] Cast to the types specfied in the format 1307 specification to prevent warnings. 1308 - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 1309 - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. 1310 - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include 1311 includes.h to pull in all of the compatibility stuff. 1312 - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside 1313 #ifdef HAVE_STDINT_H. 1314 - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that 1315 don't have them. 1316 - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into 1317 separate lines and alphabetize for easier diffing of changes. 1318 - (dtucker) OpenBSD CVS Sync 1319 - djm@cvs.openbsd.org 2014/01/17 00:21:06 1320 [sftp-client.c] 1321 signed/unsigned comparison warning fix; from portable (Id sync only) 1322 - dtucker@cvs.openbsd.org 2014/01/17 05:26:41 1323 [digest.c] 1324 remove unused includes. ok djm@ 1325 - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] 1326 [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] 1327 [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing 1328 using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling 1329 Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@ 1330 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c 1331 openbsd-compat/openssl-compat.h] Add compatibility layer for older 1332 openssl versions. ok djm@ 1333 - (dtucker) Fix typo in #ifndef. 1334 - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c 1335 openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs 1336 to be useful (and for the regression tests to pass) on platforms that 1337 have statfs and fstatfs. ok djm@ 1338 - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we 1339 need them to cut down on the name collisions. 1340 - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. 1341 - (dtucker) [configure.ac] Have --without-hardening not turn off 1342 stack-protector since that has a separate flag that's been around a while. 1343 - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on 1344 Solaris. 1345 - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after 1346 they're defined if we have to define them ourselves. Fixes builds on old 1347 AIX. 1348 134920140118 1350 - (djm) OpenBSD CVS Sync 1351 - djm@cvs.openbsd.org 2014/01/16 07:31:09 1352 [sftp-client.c] 1353 needless and incorrect cast to size_t can break resumption of 1354 large download; patch from tobias@ 1355 - djm@cvs.openbsd.org 2014/01/16 07:32:00 1356 [version.h] 1357 openssh-6.5 1358 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1359 [contrib/suse/openssh.spec] Crank RPM spec version numbers. 1360 - (djm) [README] update release notes URL. 1361 136220140112 1363 - (djm) OpenBSD CVS Sync 1364 - djm@cvs.openbsd.org 2014/01/10 05:59:19 1365 [sshd_config] 1366 the /etc/ssh/ssh_host_ed25519_key is loaded by default too 1367 - djm@cvs.openbsd.org 2014/01/12 08:13:13 1368 [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] 1369 [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] 1370 avoid use of OpenSSL BIGNUM type and functions for KEX with 1371 Curve25519 by adding a buffer_put_bignum2_from_string() that stores 1372 a string using the bignum encoding rules. Will make it easier to 1373 build a reduced-feature OpenSSH without OpenSSL in the future; 1374 ok markus@ 1375 137620140110 1377 - (djm) OpenBSD CVS Sync 1378 - tedu@cvs.openbsd.org 2014/01/04 17:50:55 1379 [mac.c monitor_mm.c monitor_mm.h xmalloc.c] 1380 use standard types and formats for size_t like variables. ok dtucker 1381 - guenther@cvs.openbsd.org 2014/01/09 03:26:00 1382 [sftp-common.c] 1383 When formating the time for "ls -l"-style output, show dates in the future 1384 with the year, and rearrange a comparison to avoid a potentional signed 1385 arithmetic overflow that would give the wrong result. 1386 ok djm@ 1387 - djm@cvs.openbsd.org 2014/01/09 23:20:00 1388 [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] 1389 [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] 1390 [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] 1391 [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] 1392 Introduce digest API and use it to perform all hashing operations 1393 rather than calling OpenSSL EVP_Digest* directly. Will make it easier 1394 to build a reduced-feature OpenSSH without OpenSSL in future; 1395 feedback, ok markus@ 1396 - djm@cvs.openbsd.org 2014/01/09 23:26:48 1397 [sshconnect.c sshd.c] 1398 ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, 1399 deranged and might make some attacks on KEX easier; ok markus@ 1400 140120140108 1402 - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@ 1403 140420131231 1405 - (djm) OpenBSD CVS Sync 1406 - djm@cvs.openbsd.org 2013/12/30 23:52:28 1407 [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] 1408 [sshconnect.c sshconnect2.c sshd.c] 1409 refuse RSA keys from old proprietary clients/servers that use the 1410 obsolete RSA+MD5 signature scheme. it will still be possible to connect 1411 with these clients/servers but only DSA keys will be accepted, and we'll 1412 deprecate them entirely in a future release. ok markus@ 1413 141420131229 1415 - (djm) [loginrec.c] Check for username truncation when looking up lastlog 1416 entries 1417 - (djm) [regress/Makefile] Add some generated files for cleaning 1418 - (djm) OpenBSD CVS Sync 1419 - djm@cvs.openbsd.org 2013/12/19 00:10:30 1420 [ssh-add.c] 1421 skip requesting smartcard PIN when removing keys from agent; bz#2187 1422 patch from jay AT slushpupie.com; ok dtucker 1423 - dtucker@cvs.openbsd.org 2013/12/19 00:19:12 1424 [serverloop.c] 1425 Cast client_alive_interval to u_int64_t before assinging to 1426 max_time_milliseconds to avoid potential integer overflow in the timeout. 1427 bz#2170, patch from Loganaden Velvindron, ok djm@ 1428 - djm@cvs.openbsd.org 2013/12/19 00:27:57 1429 [auth-options.c] 1430 simplify freeing of source-address certificate restriction 1431 - djm@cvs.openbsd.org 2013/12/19 01:04:36 1432 [channels.c] 1433 bz#2147: fix multiple remote forwardings with dynamically assigned 1434 listen ports. In the s->c message to open the channel we were sending 1435 zero (the magic number to request a dynamic port) instead of the actual 1436 listen port. The client therefore had no way of discriminating between 1437 them. 1438 1439 Diagnosis and fix by ronf AT timeheart.net 1440 - djm@cvs.openbsd.org 2013/12/19 01:19:41 1441 [ssh-agent.c] 1442 bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent 1443 that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; 1444 ok dtucker 1445 - djm@cvs.openbsd.org 2013/12/19 22:57:13 1446 [poly1305.c poly1305.h] 1447 use full name for author, with his permission 1448 - tedu@cvs.openbsd.org 2013/12/21 07:10:47 1449 [ssh-keygen.1] 1450 small typo 1451 - djm@cvs.openbsd.org 2013/12/27 22:30:17 1452 [ssh-dss.c ssh-ecdsa.c ssh-rsa.c] 1453 make the original RSA and DSA signing/verification code look more like 1454 the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type 1455 rather than tediously listing all variants, use __func__ for debug/ 1456 error messages 1457 - djm@cvs.openbsd.org 2013/12/27 22:37:18 1458 [ssh-rsa.c] 1459 correct comment 1460 - djm@cvs.openbsd.org 2013/12/29 02:28:10 1461 [key.c] 1462 allow ed25519 keys to appear as certificate authorities 1463 - djm@cvs.openbsd.org 2013/12/29 02:37:04 1464 [key.c] 1465 correct comment for key_to_certified() 1466 - djm@cvs.openbsd.org 2013/12/29 02:49:52 1467 [key.c] 1468 correct comment for key_drop_cert() 1469 - djm@cvs.openbsd.org 2013/12/29 04:20:04 1470 [key.c] 1471 to make sure we don't omit any key types as valid CA keys again, 1472 factor the valid key type check into a key_type_is_valid_ca() 1473 function 1474 - djm@cvs.openbsd.org 2013/12/29 04:29:25 1475 [authfd.c] 1476 allow deletion of ed25519 keys from the agent 1477 - djm@cvs.openbsd.org 2013/12/29 04:35:50 1478 [authfile.c] 1479 don't refuse to load Ed25519 certificates 1480 - djm@cvs.openbsd.org 2013/12/29 05:42:16 1481 [ssh.c] 1482 don't forget to load Ed25519 certs too 1483 - djm@cvs.openbsd.org 2013/12/29 05:57:02 1484 [sshconnect.c] 1485 when showing other hostkeys, don't forget Ed25519 keys 1486 148720131221 1488 - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. 1489 149020131219 1491 - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions 1492 greater than 11 either rather than just 11. Patch from Tomas Kuthan. 1493 - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item(). 1494 Patch from Loganaden Velvindron. 1495 149620131218 1497 - (djm) OpenBSD CVS Sync 1498 - djm@cvs.openbsd.org 2013/12/07 08:08:26 1499 [ssh-keygen.1] 1500 document -a and -o wrt new key format 1501 - naddy@cvs.openbsd.org 2013/12/07 11:58:46 1502 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] 1503 [ssh_config.5 sshd.8 sshd_config.5] 1504 add missing mentions of ed25519; ok djm@ 1505 - dtucker@cvs.openbsd.org 2013/12/08 09:53:27 1506 [sshd_config.5] 1507 Use a literal for the default value of KEXAlgorithms. ok deraadt jmc 1508 - markus@cvs.openbsd.org 2013/12/09 11:03:45 1509 [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] 1510 [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] 1511 Add Authors for the public domain ed25519/nacl code. 1512 see also http://nacl.cr.yp.to/features.html 1513 All of the NaCl software is in the public domain. 1514 and http://ed25519.cr.yp.to/software.html 1515 The Ed25519 software is in the public domain. 1516 - markus@cvs.openbsd.org 2013/12/09 11:08:17 1517 [crypto_api.h] 1518 remove unused defines 1519 - pascal@cvs.openbsd.org 2013/12/15 18:17:26 1520 [ssh-add.c] 1521 Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page. 1522 ok markus@ 1523 - djm@cvs.openbsd.org 2013/12/15 21:42:35 1524 [cipher-chachapoly.c] 1525 add some comments and constify a constant 1526 - markus@cvs.openbsd.org 2013/12/17 10:36:38 1527 [crypto_api.h] 1528 I've assempled the header file by cut&pasting from generated headers 1529 and the source files. 1530 153120131208 1532 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna 1533 Vinschen 1534 - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh] 1535 [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid 1536 filesystem before running agent-ptrace.sh; ok dtucker 1537 153820131207 1539 - (djm) OpenBSD CVS Sync 1540 - djm@cvs.openbsd.org 2013/12/05 22:59:45 1541 [sftp-client.c] 1542 fix memory leak in error path in do_readdir(); pointed out by 1543 Loganaden Velvindron @ AfriNIC in bz#2163 1544 - djm@cvs.openbsd.org 2013/12/06 03:40:51 1545 [ssh-keygen.c] 1546 remove duplicated character ('g') in getopt() string; 1547 document the (few) remaining option characters so we don't have to 1548 rummage next time. 1549 - markus@cvs.openbsd.org 2013/12/06 13:30:08 1550 [authfd.c key.c key.h ssh-agent.c] 1551 move private key (de)serialization to key.c; ok djm 1552 - markus@cvs.openbsd.org 2013/12/06 13:34:54 1553 [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] 1554 [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by 1555 default; details in PROTOCOL.key; feedback and lots help from djm; 1556 ok djm@ 1557 - markus@cvs.openbsd.org 2013/12/06 13:39:49 1558 [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] 1559 [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] 1560 [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] 1561 [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] 1562 [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] 1563 support ed25519 keys (hostkeys and user identities) using the public 1564 domain ed25519 reference code from SUPERCOP, see 1565 http://ed25519.cr.yp.to/software.html 1566 feedback, help & ok djm@ 1567 - jmc@cvs.openbsd.org 2013/12/06 15:29:07 1568 [sshd.8] 1569 missing comma; 1570 - djm@cvs.openbsd.org 2013/12/07 00:19:15 1571 [key.c] 1572 set k->cert = NULL after freeing it 1573 - markus@cvs.openbsd.org 2013/12/06 13:52:46 1574 [regress/Makefile regress/agent.sh regress/cert-hostkey.sh] 1575 [regress/cert-userkey.sh regress/keytype.sh] 1576 test ed25519 support; from djm@ 1577 - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] 1578 [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents 1579 - (djm) [Makefile.in] Add ed25519 sources 1580 - (djm) [authfile.c] Conditionalise inclusion of util.h 1581 - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c] 1582 [openbsd-compat/blf.h openbsd-compat/blowfish.c] 1583 [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in 1584 portable. 1585 - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in] 1586 [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on 1587 Linux 1588 - (djm) [regress/cert-hostkey.sh] Fix merge botch 1589 - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from 1590 Loganaden Velvindron @ AfriNIC in bz#2179 1591 159220131205 1593 - (djm) OpenBSD CVS Sync 1594 - jmc@cvs.openbsd.org 2013/11/21 08:05:09 1595 [ssh_config.5 sshd_config.5] 1596 no need for .Pp before displays; 1597 - deraadt@cvs.openbsd.org 2013/11/25 18:04:21 1598 [ssh.1 ssh.c] 1599 improve -Q usage and such. One usage change is that the option is now 1600 case-sensitive 1601 ok dtucker markus djm 1602 - jmc@cvs.openbsd.org 2013/11/26 12:14:54 1603 [ssh.1 ssh.c] 1604 - put -Q in the right place 1605 - Ar was a poor choice for the arguments to -Q. i've chosen an 1606 admittedly equally poor Cm, at least consistent with the rest 1607 of the docs. also no need for multiple instances 1608 - zap a now redundant Nm 1609 - usage() sync 1610 - deraadt@cvs.openbsd.org 2013/11/26 19:15:09 1611 [pkcs11.h] 1612 cleanup 1 << 31 idioms. Resurrection of this issue pointed out by 1613 Eitan Adler ok markus for ssh, implies same change in kerberosV 1614 - djm@cvs.openbsd.org 2013/12/01 23:19:05 1615 [PROTOCOL] 1616 mention curve25519-sha256@libssh.org key exchange algorithm 1617 - djm@cvs.openbsd.org 2013/12/02 02:50:27 1618 [PROTOCOL.chacha20poly1305] 1619 typo; from Jon Cave 1620 - djm@cvs.openbsd.org 2013/12/02 02:56:17 1621 [ssh-pkcs11-helper.c] 1622 use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC 1623 - djm@cvs.openbsd.org 2013/12/02 03:09:22 1624 [key.c] 1625 make key_to_blob() return a NULL blob on failure; part of 1626 bz#2175 from Loganaden Velvindron @ AfriNIC 1627 - djm@cvs.openbsd.org 2013/12/02 03:13:14 1628 [cipher.c] 1629 correct bzero of chacha20+poly1305 key context. bz#2177 from 1630 Loganaden Velvindron @ AfriNIC 1631 1632 Also make it a memset for consistency with the rest of cipher.c 1633 - djm@cvs.openbsd.org 2013/12/04 04:20:01 1634 [sftp-client.c] 1635 bz#2171: don't leak local_fd on error; from Loganaden Velvindron @ 1636 AfriNIC 1637 - djm@cvs.openbsd.org 2013/12/05 01:16:41 1638 [servconf.c servconf.h] 1639 bz#2161 - fix AuthorizedKeysCommand inside a Match block and 1640 rearrange things so the same error is harder to make next time; 1641 with and ok dtucker@ 1642 - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct 1643 -L location for libedit. Patch from Serge van den Boom. 1644 164520131121 1646 - (djm) OpenBSD CVS Sync 1647 - dtucker@cvs.openbsd.org 2013/11/08 11:15:19 1648 [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c] 1649 [uidswap.c] Include stdlib.h for free() as per the man page. 1650 - markus@cvs.openbsd.org 2013/11/13 13:48:20 1651 [ssh-pkcs11.c] 1652 add missing braces found by pedro 1653 - djm@cvs.openbsd.org 2013/11/20 02:19:01 1654 [sshd.c] 1655 delay closure of in/out fds until after "Bad protocol version 1656 identification..." message, as get_remote_ipaddr/get_remote_port 1657 require them open. 1658 - deraadt@cvs.openbsd.org 2013/11/20 20:53:10 1659 [scp.c] 1660 unsigned casts for ctype macros where neccessary 1661 ok guenther millert markus 1662 - deraadt@cvs.openbsd.org 2013/11/20 20:54:10 1663 [canohost.c clientloop.c match.c readconf.c sftp.c] 1664 unsigned casts for ctype macros where neccessary 1665 ok guenther millert markus 1666 - djm@cvs.openbsd.org 2013/11/21 00:45:44 1667 [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] 1668 [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] 1669 [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] 1670 [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport 1671 cipher "chacha20-poly1305@openssh.com" that combines Daniel 1672 Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an 1673 authenticated encryption mode. 1674 1675 Inspired by and similar to Adam Langley's proposal for TLS: 1676 http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 1677 but differs in layout used for the MAC calculation and the use of a 1678 second ChaCha20 instance to separately encrypt packet lengths. 1679 Details are in the PROTOCOL.chacha20poly1305 file. 1680 1681 Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC 1682 ok markus@ naddy@ 1683 - naddy@cvs.openbsd.org 2013/11/18 05:09:32 1684 [regress/forward-control.sh] 1685 bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164) 1686 to successfully run this; ok djm@ 1687 - djm@cvs.openbsd.org 2013/11/21 03:15:46 1688 [regress/krl.sh] 1689 add some reminders for additional tests that I'd like to implement 1690 - djm@cvs.openbsd.org 2013/11/21 03:16:47 1691 [regress/modpipe.c] 1692 use unsigned long long instead of u_int64_t here to avoid warnings 1693 on some systems portable OpenSSH is built on. 1694 - djm@cvs.openbsd.org 2013/11/21 03:18:51 1695 [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh] 1696 [regress/try-ciphers.sh] 1697 use new "ssh -Q cipher-auth" query to obtain lists of authenticated 1698 encryption ciphers instead of specifying them manually; ensures that 1699 the new chacha20poly1305@openssh.com mode is tested; 1700 1701 ok markus@ and naddy@ as part of the diff to add 1702 chacha20poly1305@openssh.com 1703 170420131110 1705 - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by 1706 querying the ones that are compiled in. 1707 170820131109 1709 - (dtucker) OpenBSD CVS Sync 1710 - dtucker@cvs.openbsd.org 2013/11/09 05:41:34 1711 [regress/test-exec.sh regress/rekey.sh] 1712 Use smaller test data files to speed up tests. Grow test datafiles 1713 where necessary for a specific test. 1714 - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of 1715 NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the 1716 latter actually works before using it. Fedora (at least) has NID_secp521r1 1717 that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897). 1718 - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test. 1719 - (dtucker) [configure.ac] Add missing "test". 1720 - (dtucker) [key.c] Check for the correct defines for NID_secp521r1. 1721 172220131108 1723 - (dtucker) OpenBSD CVS Sync 1724 - dtucker@cvs.openbsd.org 2013/11/08 01:06:14 1725 [regress/rekey.sh] 1726 Rekey less frequently during tests to speed them up 1727 - (djm) OpenBSD CVS Sync 1728 - dtucker@cvs.openbsd.org 2013/11/07 11:58:27 1729 [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c] 1730 Output the effective values of Ciphers, MACs and KexAlgorithms when 1731 the default has not been overridden. ok markus@ 1732 - djm@cvs.openbsd.org 2013/11/08 00:39:15 1733 [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] 1734 [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] 1735 [sftp-client.c sftp-glob.c] 1736 use calloc for all structure allocations; from markus@ 1737 - djm@cvs.openbsd.org 2013/11/08 01:38:11 1738 [version.h] 1739 openssh-6.4 1740 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1741 [contrib/suse/openssh.spec] Update version numbers following release. 1742 - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of 1743 arc4random_stir for platforms that have arc4random but don't have 1744 arc4random_stir (right now this is only OpenBSD -current). 1745 - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have 1746 EVP_sha256. 1747 - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256. 1748 - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile 1749 warnings. 1750 - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform 1751 and pass in TEST_ENV. use stderr to get polluted 1752 and the stderr-data test to fail. 1753 - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation: 1754 rather than testing and generating each key, call ssh-keygen -A. 1755 Patch from vinschen at redhat.com. 1756 - (dtucker) OpenBSD CVS Sync 1757 - dtucker@cvs.openbsd.org 2013/11/09 05:41:34 1758 [regress/test-exec.sh regress/rekey.sh] 1759 Use smaller test data files to speed up tests. Grow test datafiles 1760 where necessary for a specific test. 1761 176220131107 1763 - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5) 1764 that got lost in recent merge. 1765 - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff 1766 - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these 1767 - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms 1768 that lack it but have arc4random_uniform() 1769 - (djm) OpenBSD CVS Sync 1770 - markus@cvs.openbsd.org 2013/11/04 11:51:16 1771 [monitor.c] 1772 fix rekeying for KEX_C25519_SHA256; noted by dtucker@ 1773 RCSID sync only; I thought this was a merge botch and fixed it already 1774 - markus@cvs.openbsd.org 2013/11/06 16:52:11 1775 [monitor_wrap.c] 1776 fix rekeying for AES-GCM modes; ok deraadt 1777 - djm@cvs.openbsd.org 2013/11/06 23:05:59 1778 [ssh-pkcs11.c] 1779 from portable: s/true/true_val/ to avoid name collisions on dump platforms 1780 RCSID sync only 1781 - (dtucker) OpenBSD CVS Sync 1782 - djm@cvs.openbsd.org 2013/10/09 23:44:14 1783 [regress/Makefile] (ID sync only) 1784 regression test for sftp request white/blacklisting and readonly mode. 1785 - markus@cvs.openbsd.org 2013/11/02 22:39:53 1786 [regress/kextype.sh] 1787 add curve25519-sha256@libssh.org 1788 - dtucker@cvs.openbsd.org 2013/11/04 12:27:42 1789 [regress/rekey.sh] 1790 Test rekeying with all KexAlgorithms. 1791 - dtucker@cvs.openbsd.org 2013/11/07 00:12:05 1792 [regress/rekey.sh] 1793 Test rekeying for every Cipher, MAC and KEX, plus test every KEX with 1794 the GCM ciphers. 1795 - dtucker@cvs.openbsd.org 2013/11/07 01:12:51 1796 [regress/rekey.sh] 1797 Factor out the data transfer rekey tests 1798 - dtucker@cvs.openbsd.org 2013/11/07 02:48:38 1799 [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh] 1800 Use ssh -Q instead of hardcoding lists of ciphers or MACs. 1801 - dtucker@cvs.openbsd.org 2013/11/07 03:55:41 1802 [regress/kextype.sh] 1803 Use ssh -Q to get kex types instead of a static list. 1804 - dtucker@cvs.openbsd.org 2013/11/07 04:26:56 1805 [regress/kextype.sh] 1806 trailing space 1807 - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment 1808 variable. It's no longer used now that we get the supported MACs from 1809 ssh -Q. 1810 181120131104 1812 - (djm) OpenBSD CVS Sync 1813 - markus@cvs.openbsd.org 2013/11/02 20:03:54 1814 [ssh-pkcs11.c] 1815 support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys; 1816 fixes bz#1908; based on patch from Laurent Barbe; ok djm 1817 - markus@cvs.openbsd.org 2013/11/02 21:59:15 1818 [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] 1819 use curve25519 for default key exchange (curve25519-sha256@libssh.org); 1820 initial patch from Aris Adamantiadis; ok djm@ 1821 - markus@cvs.openbsd.org 2013/11/02 22:10:15 1822 [kexdhs.c kexecdhs.c] 1823 no need to include monitor_wrap.h 1824 - markus@cvs.openbsd.org 2013/11/02 22:24:24 1825 [kexdhs.c kexecdhs.c] 1826 no need to include ssh-gss.h 1827 - markus@cvs.openbsd.org 2013/11/02 22:34:01 1828 [auth-options.c] 1829 no need to include monitor_wrap.h and ssh-gss.h 1830 - markus@cvs.openbsd.org 2013/11/02 22:39:19 1831 [ssh_config.5 sshd_config.5] 1832 the default kex is now curve25519-sha256@libssh.org 1833 - djm@cvs.openbsd.org 2013/11/03 10:37:19 1834 [roaming_common.c] 1835 fix a couple of function definitions foo() -> foo(void) 1836 (-Wold-style-definition) 1837 - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from 1838 KEX/curve25519 change 1839 184020131103 1841 - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep. 1842 From OpenSMTPD where it prevents "implicit declaration" warnings (it's 1843 a no-op in OpenSSH). From chl at openbsd. 1844 - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd 1845 vsnprintf. From eric at openbsd via chl@. 1846 - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t 1847 for platforms that don't have them. 1848 184920131030 1850 - (djm) OpenBSD CVS Sync 1851 - djm@cvs.openbsd.org 2013/10/29 09:42:11 1852 [key.c key.h] 1853 fix potential stack exhaustion caused by nested certificates; 1854 report by Mateusz Kocielski; ok dtucker@ markus@ 1855 - djm@cvs.openbsd.org 2013/10/29 09:48:02 1856 [servconf.c servconf.h session.c sshd_config sshd_config.5] 1857 shd_config PermitTTY to disallow TTY allocation, mirroring the 1858 longstanding no-pty authorized_keys option; 1859 bz#2070, patch from Teran McKinney; ok markus@ 1860 - jmc@cvs.openbsd.org 2013/10/29 18:49:32 1861 [sshd_config.5] 1862 pty(4), not pty(7); 1863 186420131026 1865 - (djm) OpenBSD CVS Sync 1866 - djm@cvs.openbsd.org 2013/10/25 23:04:51 1867 [ssh.c] 1868 fix crash when using ProxyCommand caused by previous commit - was calling 1869 freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@ 1870 187120131025 1872 - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove 1873 unnecessary arc4random_stir() calls. The only ones left are to ensure 1874 that the PRNG gets a different state after fork() for platforms that 1875 have broken the API. 1876 187720131024 1878 - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check 1879 rather than full client name which may be of form user@REALM; 1880 patch from Miguel Sanders; ok dtucker@ 1881 - (djm) OpenBSD CVS Sync 1882 - dtucker@cvs.openbsd.org 2013/10/23 05:40:58 1883 [servconf.c] 1884 fix comment 1885 - djm@cvs.openbsd.org 2013/10/23 23:35:32 1886 [sshd.c] 1887 include local address and port in "Connection from ..." message (only 1888 shown at loglevel>=verbose) 1889 - dtucker@cvs.openbsd.org 2013/10/24 00:49:49 1890 [moduli.c] 1891 Periodically print progress and, if possible, expected time to completion 1892 when screening moduli for DH groups. ok deraadt djm 1893 - dtucker@cvs.openbsd.org 2013/10/24 00:51:48 1894 [readconf.c servconf.c ssh_config.5 sshd_config.5] 1895 Disallow empty Match statements and add "Match all" which matches 1896 everything. ok djm, man page help jmc@ 1897 - djm@cvs.openbsd.org 2013/10/24 08:19:36 1898 [ssh.c] 1899 fix bug introduced in hostname canonicalisation commit: don't try to 1900 resolve hostnames when a ProxyCommand is set unless the user has forced 1901 canonicalisation; spotted by Iain Morgan 1902 - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd" 1903 190420131023 1905 - (djm) OpenBSD CVS Sync 1906 - djm@cvs.openbsd.org 2013/10/20 04:39:28 1907 [ssh_config.5] 1908 document % expansions performed by "Match command ..." 1909 - djm@cvs.openbsd.org 2013/10/20 06:19:28 1910 [readconf.c ssh_config.5] 1911 rename "command" subclause of the recently-added "Match" keyword to 1912 "exec"; it's shorter, clearer in intent and we might want to add the 1913 ability to match against the command being executed at the remote end in 1914 the future. 1915 - djm@cvs.openbsd.org 2013/10/20 09:51:26 1916 [scp.1 sftp.1] 1917 add canonicalisation options to -o lists 1918 - jmc@cvs.openbsd.org 2013/10/20 18:00:13 1919 [ssh_config.5] 1920 tweak the "exec" description, as worded by djm; 1921 - djm@cvs.openbsd.org 2013/10/23 03:03:07 1922 [readconf.c] 1923 Hostname may have %h sequences that should be expanded prior to Match 1924 evaluation; spotted by Iain Morgan 1925 - djm@cvs.openbsd.org 2013/10/23 03:05:19 1926 [readconf.c ssh.c] 1927 comment 1928 - djm@cvs.openbsd.org 2013/10/23 04:16:22 1929 [ssh-keygen.c] 1930 Make code match documentation: relative-specified certificate expiry time 1931 should be relative to current time and not the validity start time. 1932 Reported by Petr Lautrbach; ok deraadt@ 1933 193420131018 1935 - (djm) OpenBSD CVS Sync 1936 - djm@cvs.openbsd.org 2013/10/09 23:44:14 1937 [regress/Makefile regress/sftp-perm.sh] 1938 regression test for sftp request white/blacklisting and readonly mode. 1939 - jmc@cvs.openbsd.org 2013/10/17 07:35:48 1940 [sftp.1 sftp.c] 1941 tweak previous; 1942 - djm@cvs.openbsd.org 2013/10/17 22:08:04 1943 [sshd.c] 1944 include remote port in bad banner message; bz#2162 1945 194620131017 1947 - (djm) OpenBSD CVS Sync 1948 - jmc@cvs.openbsd.org 2013/10/15 14:10:25 1949 [ssh.1 ssh_config.5] 1950 tweak previous; 1951 - djm@cvs.openbsd.org 2013/10/16 02:31:47 1952 [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5] 1953 [sshconnect.c sshconnect.h] 1954 Implement client-side hostname canonicalisation to allow an explicit 1955 search path of domain suffixes to use to convert unqualified host names 1956 to fully-qualified ones for host key matching. 1957 This is particularly useful for host certificates, which would otherwise 1958 need to list unqualified names alongside fully-qualified ones (and this 1959 causes a number of problems). 1960 "looks fine" markus@ 1961 - jmc@cvs.openbsd.org 2013/10/16 06:42:25 1962 [ssh_config.5] 1963 tweak previous; 1964 - djm@cvs.openbsd.org 2013/10/16 22:49:39 1965 [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] 1966 s/canonicalise/canonicalize/ for consistency with existing spelling, 1967 e.g. authorized_keys; pointed out by naddy@ 1968 - djm@cvs.openbsd.org 2013/10/16 22:58:01 1969 [ssh.c ssh_config.5] 1970 one I missed in previous: s/isation/ization/ 1971 - djm@cvs.openbsd.org 2013/10/17 00:30:13 1972 [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c] 1973 fsync@openssh.com protocol extension for sftp-server 1974 client support to allow calling fsync() faster successful transfer 1975 patch mostly by imorgan AT nas.nasa.gov; bz#1798 1976 "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@ 1977 - djm@cvs.openbsd.org 2013/10/17 00:46:49 1978 [ssh.c] 1979 rearrange check to reduce diff against -portable 1980 (Id sync only) 1981 198220131015 1983 - (djm) OpenBSD CVS Sync 1984 - djm@cvs.openbsd.org 2013/10/09 23:42:17 1985 [sftp-server.8 sftp-server.c] 1986 Add ability to whitelist and/or blacklist sftp protocol requests by name. 1987 Refactor dispatch loop and consolidate read-only mode checks. 1988 Make global variables static, since sftp-server is linked into sshd(8). 1989 ok dtucker@ 1990 - djm@cvs.openbsd.org 2013/10/10 00:53:25 1991 [sftp-server.c] 1992 add -Q, -P and -p to usage() before jmc@ catches me 1993 - djm@cvs.openbsd.org 2013/10/10 01:43:03 1994 [sshd.c] 1995 bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly 1996 updated; ok dtucker@ 1997 - djm@cvs.openbsd.org 2013/10/11 02:45:36 1998 [sftp-client.c] 1999 rename flag arguments to be more clear and consistent. 2000 reorder some internal function arguments to make adding additional flags 2001 easier. 2002 no functional change 2003 - djm@cvs.openbsd.org 2013/10/11 02:52:23 2004 [sftp-client.c] 2005 missed one arg reorder 2006 - djm@cvs.openbsd.org 2013/10/11 02:53:45 2007 [sftp-client.h] 2008 obsolete comment 2009 - jmc@cvs.openbsd.org 2013/10/14 14:18:56 2010 [sftp-server.8 sftp-server.c] 2011 tweak previous; 2012 ok djm 2013 - djm@cvs.openbsd.org 2013/10/14 21:20:52 2014 [session.c session.h] 2015 Add logging of session starts in a useful format; ok markus@ feedback and 2016 ok dtucker@ 2017 - djm@cvs.openbsd.org 2013/10/14 22:22:05 2018 [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5] 2019 add a "Match" keyword to ssh_config that allows matching on hostname, 2020 user and result of arbitrary commands. "nice work" markus@ 2021 - djm@cvs.openbsd.org 2013/10/14 23:28:23 2022 [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] 2023 refactor client config code a little: 2024 add multistate option partsing to readconf.c, similar to servconf.c's 2025 existing code. 2026 move checking of options that accept "none" as an argument to readconf.c 2027 add a lowercase() function and use it instead of explicit tolower() in 2028 loops 2029 part of a larger diff that was ok markus@ 2030 - djm@cvs.openbsd.org 2013/10/14 23:31:01 2031 [ssh.c] 2032 whitespace at EOL; pointed out by markus@ 2033 - [ssh.c] g/c unused variable. 2034 203520131010 2036 - (dtucker) OpenBSD CVS Sync 2037 - sthen@cvs.openbsd.org 2013/09/16 11:35:43 2038 [ssh_config] 2039 Remove gssapi config parts from ssh_config, as was already done for 2040 sshd_config. Req by/ok ajacoutot@ 2041 ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular 2042 - djm@cvs.openbsd.org 2013/09/19 00:24:52 2043 [progressmeter.c] 2044 store the initial file offset so the progress meter doesn't freak out 2045 when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@` 2046 - djm@cvs.openbsd.org 2013/09/19 00:49:12 2047 [sftp-client.c] 2048 fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan 2049 - djm@cvs.openbsd.org 2013/09/19 01:24:46 2050 [channels.c] 2051 bz#1297 - tell the client (via packet_send_debug) when their preferred 2052 listen address has been overridden by the server's GatewayPorts; 2053 ok dtucker@ 2054 - djm@cvs.openbsd.org 2013/09/19 01:26:29 2055 [sshconnect.c] 2056 bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from 2057 swp AT swp.pp.ru; ok dtucker@ 2058 - dtucker@cvs.openbsd.org 2013/10/08 11:42:13 2059 [dh.c dh.h] 2060 Increase the size of the Diffie-Hellman groups requested for a each 2061 symmetric key size. New values from NIST Special Publication 800-57 with 2062 the upper limit specified by RFC4419. Pointed out by Peter Backes, ok 2063 djm@. 2064 206520131009 2066 - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull 2067 in OpenBSD implementation of arc4random, shortly to replace the existing 2068 bsd-arc4random.c 2069 - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c] 2070 [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random 2071 implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@, 2072 tested tim@ 2073 207420130922 2075 - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj 2076 setting when handling SIGHUP to maintain behaviour over retart. Patch 2077 from Matthew Ife. 2078 207920130918 2080 - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu. 2081 208220130914 2083 - (djm) OpenBSD CVS Sync 2084 - djm@cvs.openbsd.org 2013/08/22 19:02:21 2085 [sshd.c] 2086 Stir PRNG after post-accept fork. The child gets a different PRNG state 2087 anyway via rexec and explicit privsep reseeds, but it's good to be sure. 2088 ok markus@ 2089 - mikeb@cvs.openbsd.org 2013/08/28 12:34:27 2090 [ssh-keygen.c] 2091 improve batch processing a bit by making use of the quite flag a bit 2092 more often and exit with a non zero code if asked to find a hostname 2093 in a known_hosts file and it wasn't there; 2094 originally from reyk@, ok djm 2095 - djm@cvs.openbsd.org 2013/08/31 00:13:54 2096 [sftp.c] 2097 make ^w match ksh behaviour (delete previous word instead of entire line) 2098 - deraadt@cvs.openbsd.org 2013/09/02 22:00:34 2099 [ssh-keygen.c sshconnect1.c sshd.c] 2100 All the instances of arc4random_stir() are bogus, since arc4random() 2101 does this itself, inside itself, and has for a very long time.. Actually, 2102 this was probably reducing the entropy available. 2103 ok djm 2104 ID SYNC ONLY for portable; we don't trust other arc4random implementations 2105 to do this right. 2106 - sthen@cvs.openbsd.org 2013/09/07 13:53:11 2107 [sshd_config] 2108 Remove commented-out kerberos/gssapi config options from sample config, 2109 kerberos support is currently not enabled in ssh in OpenBSD. Discussed with 2110 various people; ok deraadt@ 2111 ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular 2112 - djm@cvs.openbsd.org 2013/09/12 01:41:12 2113 [clientloop.c] 2114 fix connection crash when sending break (~B) on ControlPersist'd session; 2115 ok dtucker@ 2116 - djm@cvs.openbsd.org 2013/09/13 06:54:34 2117 [channels.c] 2118 avoid unaligned access in code that reused a buffer to send a 2119 struct in_addr in a reply; simpler just use use buffer_put_int(); 2120 from portable; spotted by and ok dtucker@ 2121 212220130828 2123 - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the 2124 'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we 2125 start to use them in the future. 2126 - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits 2127 until we have configure support. 2128 212920130821 2130 - (djm) OpenBSD CVS Sync 2131 - djm@cvs.openbsd.org 2013/08/06 23:03:49 2132 [sftp.c] 2133 fix some whitespace at EOL 2134 make list of commands an enum rather than a long list of defines 2135 add -a to usage() 2136 - djm@cvs.openbsd.org 2013/08/06 23:05:01 2137 [sftp.1] 2138 document top-level -a option (the -a option to 'get' was already 2139 documented) 2140 - djm@cvs.openbsd.org 2013/08/06 23:06:01 2141 [servconf.c] 2142 add cast to avoid format warning; from portable 2143 - jmc@cvs.openbsd.org 2013/08/07 06:24:51 2144 [sftp.1 sftp.c] 2145 sort -a; 2146 - djm@cvs.openbsd.org 2013/08/08 04:52:04 2147 [sftp.c] 2148 fix two year old regression: symlinking a file would incorrectly 2149 canonicalise the target path. bz#2129 report from delphij AT freebsd.org 2150 - djm@cvs.openbsd.org 2013/08/08 05:04:03 2151 [sftp-client.c sftp-client.h sftp.c] 2152 add a "-l" flag for the rename command to force it to use the silly 2153 standard SSH_FXP_RENAME command instead of the POSIX-rename- like 2154 posix-rename@openssh.com extension. 2155 2156 intended for use in regress tests, so no documentation. 2157 - djm@cvs.openbsd.org 2013/08/09 03:37:25 2158 [sftp.c] 2159 do getopt parsing for all sftp commands (with an empty optstring for 2160 commands without arguments) to ensure consistent behaviour 2161 - djm@cvs.openbsd.org 2013/08/09 03:39:13 2162 [sftp-client.c] 2163 two problems found by a to-be-committed regress test: 1) msg_id was not 2164 being initialised so was starting at a random value from the heap 2165 (harmless, but confusing). 2) some error conditions were not being 2166 propagated back to the caller 2167 - djm@cvs.openbsd.org 2013/08/09 03:56:42 2168 [sftp.c] 2169 enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word; 2170 matching ksh's relatively recent change. 2171 - djm@cvs.openbsd.org 2013/08/13 18:32:08 2172 [ssh-keygen.c] 2173 typo in error message; from Stephan Rickauer 2174 - djm@cvs.openbsd.org 2013/08/13 18:33:08 2175 [ssh-keygen.c] 2176 another of the same typo 2177 - jmc@cvs.openbsd.org 2013/08/14 08:39:27 2178 [scp.1 ssh.1] 2179 some Bx/Ox conversion; 2180 From: Jan Stary 2181 - djm@cvs.openbsd.org 2013/08/20 00:11:38 2182 [readconf.c readconf.h ssh_config.5 sshconnect.c] 2183 Add a ssh_config ProxyUseFDPass option that supports the use of 2184 ProxyCommands that establish a connection and then pass a connected 2185 file descriptor back to ssh(1). This allows the ProxyCommand to exit 2186 rather than have to shuffle data back and forth and enables ssh to use 2187 getpeername, etc. to obtain address information just like it does with 2188 regular directly-connected sockets. ok markus@ 2189 - jmc@cvs.openbsd.org 2013/08/20 06:56:07 2190 [ssh.1 ssh_config.5] 2191 some proxyusefdpass tweaks; 2192 219320130808 2194 - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt 2195 since some platforms (eg really old FreeBSD) don't have it. Instead, 2196 run "make clean" before a complete regress run. ok djm. 2197 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime( 2198 CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the 2199 CLOCK_MONOTONIC define but don't actually support it. Found and tested 2200 by Kevin Brott, ok djm. 2201 - (dtucker) [misc.c] Remove define added for fallback testing that was 2202 mistakenly included in the previous commit. 2203 - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt 2204 removal. The "make clean" removes modpipe which is built by the top-level 2205 directory before running the tests. Spotted by tim@ 2206 - (djm) Release 6.3p1 2207 220820130804 2209 - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support 2210 for building with older Heimdal versions. ok djm. 2211 221220130801 2213 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non- 2214 blocking connecting socket will clear any stored errno that might 2215 otherwise have been retrievable via getsockopt(). A hack to limit writes 2216 to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap 2217 it in an #ifdef. Diagnosis and patch from Ivo Raisr. 2218 - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 2219 222020130725 2221 - (djm) OpenBSD CVS Sync 2222 - djm@cvs.openbsd.org 2013/07/20 22:20:42 2223 [krl.c] 2224 fix verification error in (as-yet usused) KRL signature checking path 2225 - djm@cvs.openbsd.org 2013/07/22 05:00:17 2226 [umac.c] 2227 make MAC key, data to be hashed and nonce for final hash const; 2228 checked with -Wcast-qual 2229 - djm@cvs.openbsd.org 2013/07/22 12:20:02 2230 [umac.h] 2231 oops, forgot to commit corresponding header change; 2232 spotted by jsg and jasper 2233 - djm@cvs.openbsd.org 2013/07/25 00:29:10 2234 [ssh.c] 2235 daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure 2236 it is fully detached from its controlling terminal. based on debugging 2237 - djm@cvs.openbsd.org 2013/07/25 00:56:52 2238 [sftp-client.c sftp-client.h sftp.1 sftp.c] 2239 sftp support for resuming partial downloads; patch mostly by Loganaden 2240 Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@ 2241 "Just be careful" deraadt@ 2242 - djm@cvs.openbsd.org 2013/07/25 00:57:37 2243 [version.h] 2244 openssh-6.3 for release 2245 - dtucker@cvs.openbsd.org 2013/05/30 20:12:32 2246 [regress/test-exec.sh] 2247 use ssh and sshd as testdata since it needs to be >256k for the rekey test 2248 - dtucker@cvs.openbsd.org 2013/06/10 21:56:43 2249 [regress/forwarding.sh] 2250 Add test for forward config parsing 2251 - djm@cvs.openbsd.org 2013/06/21 02:26:26 2252 [regress/sftp-cmds.sh regress/test-exec.sh] 2253 unbreak sftp-cmds for renamed test data (s/ls/data/) 2254 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on 2255 Solaris and UnixWare. Feedback and OK djm@ 2256 - (tim) [regress/forwarding.sh] Fix for building outside source tree. 2257 225820130720 2259 - (djm) OpenBSD CVS Sync 2260 - markus@cvs.openbsd.org 2013/07/19 07:37:48 2261 [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c] 2262 [servconf.h session.c sshd.c sshd_config.5] 2263 add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, 2264 or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 2265 ok djm@ 2266 - djm@cvs.openbsd.org 2013/07/20 01:43:46 2267 [umac.c] 2268 use a union to ensure correct alignment; ok deraadt 2269 - djm@cvs.openbsd.org 2013/07/20 01:44:37 2270 [ssh-keygen.c ssh.c] 2271 More useful error message on missing current user in /etc/passwd 2272 - djm@cvs.openbsd.org 2013/07/20 01:50:20 2273 [ssh-agent.c] 2274 call cleanup_handler on SIGINT when in debug mode to ensure sockets 2275 are cleaned up on manual exit; bz#2120 2276 - djm@cvs.openbsd.org 2013/07/20 01:55:13 2277 [auth-krb5.c gss-serv-krb5.c gss-serv.c] 2278 fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ 2279 228020130718 2281 - (djm) OpenBSD CVS Sync 2282 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44 2283 [readconf.c] 2284 revert 1.203 while we investigate crashes reported by okan@ 2285 - guenther@cvs.openbsd.org 2013/06/17 04:48:42 2286 [scp.c] 2287 Handle time_t values as long long's when formatting them and when 2288 parsing them from remote servers. 2289 Improve error checking in parsing of 'T' lines. 2290 ok dtucker@ deraadt@ 2291 - markus@cvs.openbsd.org 2013/06/20 19:15:06 2292 [krl.c] 2293 don't leak the rdata blob on errors; ok djm@ 2294 - djm@cvs.openbsd.org 2013/06/21 00:34:49 2295 [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] 2296 for hostbased authentication, print the client host and user on 2297 the auth success/failure line; bz#2064, ok dtucker@ 2298 - djm@cvs.openbsd.org 2013/06/21 00:37:49 2299 [ssh_config.5] 2300 explicitly mention that IdentitiesOnly can be used with IdentityFile 2301 to control which keys are offered from an agent. 2302 - djm@cvs.openbsd.org 2013/06/21 05:42:32 2303 [dh.c] 2304 sprinkle in some error() to explain moduli(5) parse failures 2305 - djm@cvs.openbsd.org 2013/06/21 05:43:10 2306 [scp.c] 2307 make this -Wsign-compare clean after time_t conversion 2308 - djm@cvs.openbsd.org 2013/06/22 06:31:57 2309 [scp.c] 2310 improved time_t overflow check suggested by guenther@ 2311 - jmc@cvs.openbsd.org 2013/06/27 14:05:37 2312 [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 2313 do not use Sx for sections outwith the man page - ingo informs me that 2314 stuff like html will render with broken links; 2315 issue reported by Eric S. Raymond, via djm 2316 - markus@cvs.openbsd.org 2013/07/02 12:31:43 2317 [dh.c] 2318 remove extra whitespace 2319 - djm@cvs.openbsd.org 2013/07/12 00:19:59 2320 [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] 2321 [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] 2322 fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ 2323 - djm@cvs.openbsd.org 2013/07/12 00:20:00 2324 [sftp.c ssh-keygen.c ssh-pkcs11.c] 2325 fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ 2326 - djm@cvs.openbsd.org 2013/07/12 00:43:50 2327 [misc.c] 2328 in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when 2329 errno == 0. Avoids confusing error message in some broken resolver 2330 cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker 2331 - djm@cvs.openbsd.org 2013/07/12 05:42:03 2332 [ssh-keygen.c] 2333 do_print_resource_record() can never be called with a NULL filename, so 2334 don't attempt (and bungle) asking for one if it has not been specified 2335 bz#2127 ok dtucker@ 2336 - djm@cvs.openbsd.org 2013/07/12 05:48:55 2337 [ssh.c] 2338 set TCP nodelay for connections started with -N; bz#2124 ok dtucker@ 2339 - schwarze@cvs.openbsd.org 2013/07/16 00:07:52 2340 [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8] 2341 use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ 2342 - djm@cvs.openbsd.org 2013/07/18 01:12:26 2343 [ssh.1] 2344 be more exact wrt perms for ~/.ssh/config; bz#2078 2345 234620130702 2347 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config 2348 contrib/cygwin/ssh-user-config] Modernizes and improve readability of 2349 the Cygwin README file (which hasn't been updated for ages), drop 2350 unsupported OSes from the ssh-host-config help text, and drop an 2351 unneeded option from ssh-user-config. Patch from vinschen at redhat com. 2352 235320130610 2354 - (djm) OpenBSD CVS Sync 2355 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52 2356 [channels.c channels.h clientloop.c] 2357 Add an "ABANDONED" channel state and use for mux sessions that are 2358 disconnected via the ~. escape sequence. Channels in this state will 2359 be able to close if the server responds, but do not count as active channels. 2360 This means that if you ~. all of the mux clients when using ControlPersist 2361 on a broken network, the backgrounded mux master will exit when the 2362 Control Persist time expires rather than hanging around indefinitely. 2363 bz#1917, also reported and tested by tedu@. ok djm@ markus@. 2364 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported 2365 algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. 2366 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have 2367 the required OpenSSL support. Patch from naddy at freebsd. 2368 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent 2369 and add some comments so it's clear what goes where. 2370 237120130605 2372 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of 2373 the necessary functions, not from the openssl version. 2374 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test. 2375 Patch from cjwatson at debian. 2376 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the 2377 forwarding test is extremely slow copying data on some machines so switch 2378 back to copying the much smaller ls binary until we can figure out why 2379 this is. 2380 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building 2381 modpipe in case there's anything in there we need. 2382 - (dtucker) OpenBSD CVS Sync 2383 - dtucker@cvs.openbsd.org 2013/06/02 21:01:51 2384 [channels.h] 2385 typo in comment 2386 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29 2387 [clientloop.h clientloop.c mux.c] 2388 No need for the mux cleanup callback to be visible so restore it to static 2389 and call it through the detach_user function pointer. ok djm@ 2390 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18 2391 [mac.c] 2392 force the MAC output to be 64-bit aligned so umac won't see unaligned 2393 accesses on strict-alignment architectures. bz#2101, patch from 2394 tomas.kuthan at oracle.com, ok djm@ 2395 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23 2396 [scp.c] 2397 use MAXPATHLEN for buffer size instead of fixed value. ok markus 2398 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36 2399 [sftp.c] 2400 Make sftp's libedit interface marginally multibyte aware by building up 2401 the quoted string by character instead of by byte. Prevents failures 2402 when linked against a libedit built with wide character support (bz#1990). 2403 "looks ok" djm 2404 - dtucker@cvs.openbsd.org 2013/06/05 02:07:29 2405 [mux.c] 2406 fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, 2407 ok djm 2408 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50 2409 [sshd.c] 2410 When running sshd -D, close stderr unless we have explicitly requesting 2411 logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch 2412 so, err, ok dtucker. 2413 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38 2414 [sshconnect2.c] 2415 Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm 2416 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28 2417 [readconf.c] 2418 plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm 2419 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for 2420 platforms that don't have multibyte character support (specifically, 2421 mblen). 2422 242320130602 2424 - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy 2425 linking regress/modpipe. 2426 - (dtucker) OpenBSD CVS Sync 2427 - dtucker@cvs.openbsd.org 2013/06/02 13:33:05 2428 [progressmeter.c] 2429 Add misc.h for monotime prototype. (ID sync only). 2430 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58 2431 [ssh-agent.c] 2432 Make parent_alive_interval time_t to avoid signed/unsigned comparison 2433 - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms 2434 to prevent noise from configure. Patch from Nathan Osman. (bz#2114). 2435 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android. 2436 Patch from Nathan Osman. 2437 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we 2438 need a shell that can handle "[ file1 -nt file2 ]". Rather than keep 2439 dealing with shell portability issues in regression tests, we let 2440 configure find us a capable shell on those platforms with an old /bin/sh. 2441 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr. 2442 feedback and ok dtucker 2443 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker 2444 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. 2445 - (dtucker) [configure.ac] Some other platforms need sys/types.h before 2446 sys/socket.h. 2447 244820130601 2449 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to 2450 using openssl's DES_crypt function on platorms that don't have a native 2451 one, eg Android. Based on a patch from Nathan Osman. 2452 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS 2453 rather than trying to enumerate the plaforms that don't have them. 2454 Based on a patch from Nathan Osman, with help from tim@. 2455 - (dtucker) OpenBSD CVS Sync 2456 - djm@cvs.openbsd.org 2013/05/17 00:13:13 2457 [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c 2458 ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c 2459 gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c 2460 auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c 2461 servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c 2462 auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c 2463 sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c 2464 kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c 2465 kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c 2466 monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c 2467 ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c 2468 sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c 2469 ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c 2470 dns.c packet.c readpass.c authfd.c moduli.c] 2471 bye, bye xfree(); ok markus@ 2472 - djm@cvs.openbsd.org 2013/05/19 02:38:28 2473 [auth2-pubkey.c] 2474 fix failure to recognise cert-authority keys if a key of a different type 2475 appeared in authorized_keys before it; ok markus@ 2476 - djm@cvs.openbsd.org 2013/05/19 02:42:42 2477 [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] 2478 Standardise logging of supplemental information during userauth. Keys 2479 and ruser is now logged in the auth success/failure message alongside 2480 the local username, remote host/port and protocol in use. Certificates 2481 contents and CA are logged too. 2482 Pushing all logging onto a single line simplifies log analysis as it is 2483 no longer necessary to relate information scattered across multiple log 2484 entries. "I like it" markus@ 2485 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10 2486 [ssh-agent.c] 2487 Use time_t where appropriate. ok djm 2488 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 2489 [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c 2490 channels.c sandbox-systrace.c] 2491 Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like 2492 keepalives and rekeying will work properly over clock steps. Suggested by 2493 markus@, "looks good" djm@. 2494 - dtucker@cvs.openbsd.org 2013/06/01 20:59:25 2495 [scp.c sftp-client.c] 2496 Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch 2497 from Nathan Osman via bz#2085. ok deraadt. 2498 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50 2499 [sftp-client.c] 2500 Update progressmeter when data is acked, not when it's sent. bz#2108, from 2501 Debian via Colin Watson, ok djm@ 2502 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c 2503 groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c 2504 sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c 2505 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c 2506 openbsd-compat/port-linux.c] Replace portable-specific instances of xfree 2507 with the equivalent calls to free. 2508 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall 2509 back to time(NULL) if we can't find it anywhere. 2510 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. 2511 251220130529 2513 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null 2514 implementation of endgrent for platforms that don't have it (eg Android). 2515 Loosely based on a patch from Nathan Osman, ok djm 2516 2517 20130517 2518 - (dtucker) OpenBSD CVS Sync 2519 - djm@cvs.openbsd.org 2013/03/07 00:20:34 2520 [regress/proxy-connect.sh] 2521 repeat test with a style appended to the username 2522 - dtucker@cvs.openbsd.org 2013/03/23 11:09:43 2523 [regress/test-exec.sh] 2524 Only regenerate host keys if they don't exist or if ssh-keygen has changed 2525 since they were. Reduces test runtime by 5-30% depending on machine 2526 speed. 2527 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 2528 [regress/rekey.sh regress/test-exec.sh regress/integrity.sh 2529 regress/multiplex.sh Makefile regress/cfgmatch.sh] 2530 Split the regress log into 3 parts: the debug output from ssh, the debug 2531 log from sshd and the output from the client command (ssh, scp or sftp). 2532 Somewhat functional now, will become more useful when ssh/sshd -E is added. 2533 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 2534 [regress/Makefile regress/rekey.sh regress/integrity.sh 2535 regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh] 2536 use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and 2537 save the output from any failing tests. If a test fails the debug output 2538 from ssh and sshd for the failing tests (and only the failing tests) should 2539 be available in failed-ssh{,d}.log. 2540 - djm@cvs.openbsd.org 2013/04/18 02:46:12 2541 [regress/Makefile regress/sftp-chroot.sh] 2542 test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@ 2543 - dtucker@cvs.openbsd.org 2013/04/22 07:23:08 2544 [regress/multiplex.sh] 2545 Write mux master logs to regress.log instead of ssh.log to keep separate 2546 - djm@cvs.openbsd.org 2013/05/10 03:46:14 2547 [regress/modpipe.c] 2548 sync some portability changes from portable OpenSSH (id sync only) 2549 - dtucker@cvs.openbsd.org 2013/05/16 02:10:35 2550 [regress/rekey.sh] 2551 Add test for time-based rekeying 2552 - dtucker@cvs.openbsd.org 2013/05/16 03:33:30 2553 [regress/rekey.sh] 2554 test rekeying when there's no data being transferred 2555 - dtucker@cvs.openbsd.org 2013/05/16 04:26:10 2556 [regress/rekey.sh] 2557 add server-side rekey test 2558 - dtucker@cvs.openbsd.org 2013/05/16 05:48:31 2559 [regress/rekey.sh] 2560 add tests for RekeyLimit parsing 2561 - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 2562 [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh 2563 regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh 2564 regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh 2565 regress/ssh-com.sh] 2566 replace 'echo -n' with 'printf' since it's more portable 2567 also remove "echon" hack. 2568 - dtucker@cvs.openbsd.org 2013/05/17 01:16:09 2569 [regress/agent-timeout.sh] 2570 Pull back some portability changes from -portable: 2571 - TIMEOUT is a read-only variable in some shells 2572 - not all greps have -q so redirect to /dev/null instead. 2573 (ID sync only) 2574 - dtucker@cvs.openbsd.org 2013/05/17 01:32:11 2575 [regress/integrity.sh] 2576 don't print output from ssh before getting it (it's available in ssh.log) 2577 - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 2578 [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh 2579 regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh 2580 regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh 2581 regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh 2582 regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh 2583 regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh 2584 regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh 2585 regress/multiplex.sh] 2586 Move the setting of DATA and COPY into test-exec.sh 2587 - dtucker@cvs.openbsd.org 2013/05/17 10:16:26 2588 [regress/try-ciphers.sh] 2589 use expr for math to keep diffs vs portable down 2590 (id sync only) 2591 - dtucker@cvs.openbsd.org 2013/05/17 10:23:52 2592 [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh] 2593 Use SUDO when cat'ing pid files and running the sshd log wrapper so that 2594 it works with a restrictive umask and the pid files are not world readable. 2595 Changes from -portable. (id sync only) 2596 - dtucker@cvs.openbsd.org 2013/05/17 10:24:48 2597 [regress/localcommand.sh] 2598 use backticks for portability. (id sync only) 2599 - dtucker@cvs.openbsd.org 2013/05/17 10:26:26 2600 [regress/sftp-badcmds.sh] 2601 remove unused BATCH variable. (id sync only) 2602 - dtucker@cvs.openbsd.org 2013/05/17 10:28:11 2603 [regress/sftp.sh] 2604 only compare copied data if sftp succeeds. from portable (id sync only) 2605 - dtucker@cvs.openbsd.org 2013/05/17 10:30:07 2606 [regress/test-exec.sh] 2607 wait a bit longer for startup and use case for absolute path. 2608 from portable (id sync only) 2609 - dtucker@cvs.openbsd.org 2013/05/17 10:33:09 2610 [regress/agent-getpeereid.sh] 2611 don't redirect stdout from sudo. from portable (id sync only) 2612 - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 2613 [regress/portnum.sh] 2614 use a more portable negated if structure. from portable (id sync only) 2615 - dtucker@cvs.openbsd.org 2013/05/17 10:35:43 2616 [regress/scp.sh] 2617 use a file extention that's not special on some platforms. from portable 2618 (id sync only) 2619 - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it 2620 in portable and it's long gone in openbsd. 2621 - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange 2622 methods. When the openssl version doesn't support ECDH then next one on 2623 the list is DH group exchange, but that causes a bit more traffic which can 2624 mean that the tests flip bits in the initial exchange rather than the MACed 2625 traffic and we get different errors to what the tests look for. 2626 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. 2627 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. 2628 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd. 2629 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh] 2630 Move the jot helper function to portable-specific part of test-exec.sh. 2631 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions 2632 together and add a couple of missing lines from openbsd. 2633 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5 2634 helper function to the portable part of test-exec.sh. 2635 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. 2636 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by 2637 rev 1.6 which calls wait. 2638 263920130516 2640 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be 2641 executed if mktemp failed; bz#2105 ok dtucker@ 2642 - (dtucker) OpenBSD CVS Sync 2643 - tedu@cvs.openbsd.org 2013/04/23 17:49:45 2644 [misc.c] 2645 use xasprintf instead of a series of strlcats and strdup. ok djm 2646 - tedu@cvs.openbsd.org 2013/04/24 16:01:46 2647 [misc.c] 2648 remove extra parens noticed by nicm 2649 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12 2650 [sftp-server.8] 2651 Reference the version of the sftp draft we actually implement. ok djm@ 2652 - djm@cvs.openbsd.org 2013/05/10 03:40:07 2653 [sshconnect2.c] 2654 fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from 2655 Colin Watson 2656 - djm@cvs.openbsd.org 2013/05/10 04:08:01 2657 [key.c] 2658 memleak in cert_free(), wasn't actually freeing the struct; 2659 bz#2096 from shm AT digitalsun.pl 2660 - dtucker@cvs.openbsd.org 2013/05/10 10:13:50 2661 [ssh-pkcs11-helper.c] 2662 remove unused extern optarg. ok markus@ 2663 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34 2664 [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c 2665 ssh_config.5 packet.h] 2666 Add an optional second argument to RekeyLimit in the client to allow 2667 rekeying based on elapsed time in addition to amount of traffic. 2668 with djm@ jmc@, ok djm 2669 - dtucker@cvs.openbsd.org 2013/05/16 04:09:14 2670 [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config 2671 sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing 2672 rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man 2673 page. 2674 - djm@cvs.openbsd.org 2013/05/16 04:27:50 2675 [ssh_config.5 readconf.h readconf.c] 2676 add the ability to ignore specific unrecognised ssh_config options; 2677 bz#866; ok markus@ 2678 - jmc@cvs.openbsd.org 2013/05/16 06:28:45 2679 [ssh_config.5] 2680 put IgnoreUnknown in the right place; 2681 - jmc@cvs.openbsd.org 2013/05/16 06:30:06 2682 [sshd_config.5] 2683 oops! avoid Xr to self; 2684 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41 2685 [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c] 2686 Fix some "unused result" warnings found via clang and -portable. 2687 ok markus@ 2688 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31 2689 [readconf.c servconf.c] 2690 switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@ 2691 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34 2692 [servconf.c readconf.c] 2693 remove now-unused variables 2694 - dtucker@cvs.openbsd.org 2013/05/16 10:44:06 2695 [servconf.c] 2696 remove another now-unused variable 2697 - (dtucker) [configure.ac readconf.c servconf.c 2698 openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled. 2699 270020130510 2701 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler 2702 supports it. Mentioned by Colin Watson in bz#2100, ok djm. 2703 - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to 2704 getopt.c. Preprocessed source is identical other than line numbers. 2705 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No 2706 portability changes yet. 2707 - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c 2708 openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add 2709 portability code to getopt_long.c and switch over Makefile and the ugly 2710 hack in modpipe.c. Fixes bz#1448. 2711 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c 2712 openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb 2713 in to use it when we're using our own getopt. 2714 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the 2715 underlying libraries support them. 2716 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so 2717 we don't get a warning on compilers that *don't* support it. Add 2718 -Wno-unknown-warning-option. Move both to the start of the list for 2719 maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9. 2720 272120130423 2722 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support 2723 platforms, such as Android, that lack struct passwd.pw_gecos. Report 2724 and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@ 2725 - (djm) OpenBSD CVS Sync 2726 - markus@cvs.openbsd.org 2013/03/05 20:16:09 2727 [sshconnect2.c] 2728 reset pubkey order on partial success; ok djm@ 2729 - djm@cvs.openbsd.org 2013/03/06 23:35:23 2730 [session.c] 2731 fatal() when ChrootDirectory specified by running without root privileges; 2732 ok markus@ 2733 - djm@cvs.openbsd.org 2013/03/06 23:36:53 2734 [readconf.c] 2735 g/c unused variable (-Wunused) 2736 - djm@cvs.openbsd.org 2013/03/07 00:19:59 2737 [auth2-pubkey.c monitor.c] 2738 reconstruct the original username that was sent by the client, which may 2739 have included a style (e.g. "root:skey") when checking public key 2740 signatures. Fixes public key and hostbased auth when the client specified 2741 a style; ok markus@ 2742 - markus@cvs.openbsd.org 2013/03/07 19:27:25 2743 [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5] 2744 add submethod support to AuthenticationMethods; ok and freedback djm@ 2745 - djm@cvs.openbsd.org 2013/03/08 06:32:58 2746 [ssh.c] 2747 allow "ssh -f none ..." ok markus@ 2748 - djm@cvs.openbsd.org 2013/04/05 00:14:00 2749 [auth2-gss.c krl.c sshconnect2.c] 2750 hush some {unused, printf type} warnings 2751 - djm@cvs.openbsd.org 2013/04/05 00:31:49 2752 [pathnames.h] 2753 use the existing _PATH_SSH_USER_RC define to construct the other 2754 pathnames; bz#2077, ok dtucker@ (no binary change) 2755 - djm@cvs.openbsd.org 2013/04/05 00:58:51 2756 [mux.c] 2757 cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too 2758 (in addition to ones already in OPEN); bz#2079, ok dtucker@ 2759 - markus@cvs.openbsd.org 2013/04/06 16:07:00 2760 [channels.c sshd.c] 2761 handle ECONNABORTED for accept(); ok deraadt some time ago... 2762 - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 2763 [log.c log.h ssh.1 ssh.c sshd.8 sshd.c] 2764 Add -E option to ssh and sshd to append debugging logs to a specified file 2765 instead of stderr or syslog. ok markus@, man page help jmc@ 2766 - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 2767 [sshd.8] 2768 clarify -e text. suggested by & ok jmc@ 2769 - djm@cvs.openbsd.org 2013/04/11 02:27:50 2770 [packet.c] 2771 quiet disconnect notifications on the server from error() back to logit() 2772 if it is a normal client closure; bz#2057 ok+feedback dtucker@ 2773 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 2774 [session.c] 2775 revert rev 1.262; it fails because uid is already set here. ok djm@ 2776 - djm@cvs.openbsd.org 2013/04/18 02:16:07 2777 [sftp.c] 2778 make "sftp -q" do what it says on the sticker: hush everything but errors; 2779 ok dtucker@ 2780 - djm@cvs.openbsd.org 2013/04/19 01:00:10 2781 [sshd_config.5] 2782 document the requirment that the AuthorizedKeysCommand be owned by root; 2783 ok dtucker@ markus@ 2784 - djm@cvs.openbsd.org 2013/04/19 01:01:00 2785 [ssh-keygen.c] 2786 fix some memory leaks; bz#2088 ok dtucker@ 2787 - djm@cvs.openbsd.org 2013/04/19 01:03:01 2788 [session.c] 2789 reintroduce 1.262 without the connection-killing bug: 2790 fatal() when ChrootDirectory specified by running without root privileges; 2791 ok markus@ 2792 - djm@cvs.openbsd.org 2013/04/19 01:06:50 2793 [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] 2794 [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] 2795 add the ability to query supported ciphers, MACs, key type and KEX 2796 algorithms to ssh. Includes some refactoring of KEX and key type handling 2797 to be table-driven; ok markus@ 2798 - djm@cvs.openbsd.org 2013/04/19 11:10:18 2799 [ssh.c] 2800 add -Q to usage; reminded by jmc@ 2801 - djm@cvs.openbsd.org 2013/04/19 12:07:08 2802 [kex.c] 2803 remove duplicated list entry pointed out by naddy@ 2804 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18 2805 [mux.c] 2806 typo in debug output: evitval->exitval 2807 280820130418 2809 - (djm) [config.guess config.sub] Update to last versions before they switch 2810 to GPL3. ok dtucker@ 2811 - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from 2812 unused argument warnings (in particular, -fno-builtin-memset) from clang. 2813 281420130404 2815 - (dtucker) OpenBSD CVS Sync 2816 - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 2817 [readconf.c ssh.c readconf.h sshconnect2.c] 2818 Keep track of which IndentityFile options were manually supplied and which 2819 were default options, and don't warn if the latter are missing. 2820 ok markus@ 2821 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 2822 [krl.c] 2823 Remove bogus include. ok djm 2824 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 2825 [ssh.c readconf.c readconf.h] 2826 Don't complain if IdentityFiles specified in system-wide configs are 2827 missing. ok djm, deraadt. 2828 - markus@cvs.openbsd.org 2013/02/22 19:13:56 2829 [sshconnect.c] 2830 support ProxyCommand=- (stdin/out already point to the proxy); ok djm@ 2831 - djm@cvs.openbsd.org 2013/02/22 22:09:01 2832 [ssh.c] 2833 Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier 2834 version) 2835 283620130401 2837 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h 2838 to avoid conflicting definitions of __int64, adding the required bits. 2839 Patch from Corinna Vinschen. 2840 284120130323 2842 - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. 2843 284420130322 2845 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 2846 Hands' greatly revised version. 2847 - (djm) Release 6.2p1 2848 - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. 2849 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before 2850 defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. 2851 285220130318 2853 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 2854 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's 2855 so mark it as broken. Patch from des AT des.no 2856 285720130317 2858 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 2859 of the bits the configure test looks for. 2860 286120130316 2862 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 2863 is unable to successfully compile them. Based on patch from des AT 2864 des.no 2865 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 2866 Add a usleep replacement for platforms that lack it; ok dtucker 2867 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 2868 occur after UID switch; patch from John Marshall via des AT des.no; 2869 ok dtucker@ 2870 287120130312 2872 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 2873 Improve portability of cipher-speed test, based mostly on a patch from 2874 Iain Morgan. 2875 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 2876 in addition to root as an owner of system directories on AIX and HP-UX. 2877 ok djm@ 2878 287920130307 2880 - (dtucker) [INSTALL] Bump documented autoconf version to what we're 2881 currently using. 2882 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it 2883 was removed in configure.ac rev 1.481 as it was redundant. 2884 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 2885 ago. 2886 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 2887 chance to complete on broken systems; ok dtucker@ 2888 288920130306 2890 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 2891 connection to start so that the test works on slower machines. 2892 - (dtucker) [configure.ac] test that we can set number of file descriptors 2893 to zero with setrlimit before enabling the rlimit sandbox. This affects 2894 (at least) HPUX 11.11. 2895 289620130305 2897 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 2898 HP/UX. Spotted by Kevin Brott 2899 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 2900 Amit Kulkarni and Kevin Brott. 2901 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 2902 build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin 2903 Brott. 2904 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 2905 290620130227 2907 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2908 [contrib/suse/openssh.spec] Crank version numbers 2909 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 2910 - (tim) [regress/integrity.sh] shell portability fix. 2911 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 2912 - (tim) [regress/krl.sh] keep old solaris awk from hanging. 2913 291420130226 2915 - OpenBSD CVS Sync 2916 - djm@cvs.openbsd.org 2013/02/20 08:27:50 2917 [integrity.sh] 2918 Add an option to modpipe that warns if the modification offset it not 2919 reached in it's stream and turn it on for t-integrity. This should catch 2920 cases where the session is not fuzzed for being too short (cf. my last 2921 "oops" commit) 2922 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 2923 for UsePAM=yes configuration 2924 292520130225 2926 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 2927 to use Solaris native GSS libs. Patch from Pierre Ossman. 2928 292920130223 2930 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 2931 bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. 2932 ok tim 2933 293420130222 2935 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 2936 ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. 2937 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 2938 libgss too. Patch from Pierre Ossman, ok djm. 2939 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 2940 seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; 2941 ok dtucker 2942 294320130221 2944 - (tim) [regress/forward-control.sh] shell portability fix. 2945 294620130220 2947 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 2948 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 2949 err.h include from krl.c. Additional portability fixes for modpipe. OK djm 2950 - OpenBSD CVS Sync 2951 - djm@cvs.openbsd.org 2013/02/20 08:27:50 2952 [regress/integrity.sh regress/modpipe.c] 2953 Add an option to modpipe that warns if the modification offset it not 2954 reached in it's stream and turn it on for t-integrity. This should catch 2955 cases where the session is not fuzzed for being too short (cf. my last 2956 "oops" commit) 2957 - djm@cvs.openbsd.org 2013/02/20 08:29:27 2958 [regress/modpipe.c] 2959 s/Id/OpenBSD/ in RCS tag 2960 296120130219 2962 - OpenBSD CVS Sync 2963 - djm@cvs.openbsd.org 2013/02/18 22:26:47 2964 [integrity.sh] 2965 crank the offset yet again; it was still fuzzing KEX one of Darren's 2966 portable test hosts at 2800 2967 - djm@cvs.openbsd.org 2013/02/19 02:14:09 2968 [integrity.sh] 2969 oops, forgot to increase the output of the ssh command to ensure that 2970 we actually reach $offset 2971 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 2972 lack support for SHA2. 2973 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms 2974 that do not have them. 2975 297620130217 2977 - OpenBSD CVS Sync 2978 - djm@cvs.openbsd.org 2013/02/17 23:16:55 2979 [integrity.sh] 2980 make the ssh command generates some output to ensure that there are at 2981 least offset+tries bytes in the stream. 2982 298320130216 2984 - OpenBSD CVS Sync 2985 - djm@cvs.openbsd.org 2013/02/16 06:08:45 2986 [integrity.sh] 2987 make sure the fuzz offset is actually past the end of KEX for all KEX 2988 types. diffie-hellman-group-exchange-sha256 requires an offset around 2989 2700. Noticed via test failures in portable OpenSSH on platforms that 2990 lack ECC and this the more byte-frugal ECDH KEX algorithms. 2991 299220130215 2993 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 2994 Iain Morgan 2995 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 2996 Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). 2997 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 2998 openbsd-compat/openbsd-compat.h] Add strtoull to compat library for 2999 platforms that don't have it. 3000 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 3001 group strto* function prototypes together. 3002 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 3003 an argument. Pointed out by djm. 3004 - (djm) OpenBSD CVS Sync 3005 - djm@cvs.openbsd.org 2013/02/14 21:35:59 3006 [auth2-pubkey.c] 3007 Correct error message that had a typo and was logging the wrong thing; 3008 patch from Petr Lautrbach 3009 - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 3010 [sshconnect2.c] 3011 Warn more loudly if an IdentityFile provided by the user cannot be read. 3012 bz #1981, ok djm@ 3013 301420130214 3015 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 3016 - (djm) [regress/krl.sh] typo; found by Iain Morgan 3017 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 3018 of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by 3019 Iain Morgan 3020 302120130212 3022 - (djm) OpenBSD CVS Sync 3023 - djm@cvs.openbsd.org 2013/01/24 21:45:37 3024 [krl.c] 3025 fix handling of (unused) KRL signatures; skip string in correct buffer 3026 - djm@cvs.openbsd.org 2013/01/24 22:08:56 3027 [krl.c] 3028 skip serial lookup when cert's serial number is zero 3029 - krw@cvs.openbsd.org 2013/01/25 05:00:27 3030 [krl.c] 3031 Revert last. Breaks due to likely typo. Let djm@ fix later. 3032 ok djm@ via dlg@ 3033 - djm@cvs.openbsd.org 2013/01/25 10:22:19 3034 [krl.c] 3035 redo last commit without the vi-vomit that snuck in: 3036 skip serial lookup when cert's serial number is zero 3037 (now with 100% better comment) 3038 - djm@cvs.openbsd.org 2013/01/26 06:11:05 3039 [Makefile.in acss.c acss.h cipher-acss.c cipher.c] 3040 [openbsd-compat/openssl-compat.h] 3041 remove ACSS, now that it is gone from libcrypto too 3042 - djm@cvs.openbsd.org 2013/01/27 10:06:12 3043 [krl.c] 3044 actually use the xrealloc() return value; spotted by xi.wang AT gmail.com 3045 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 3046 [servconf.c sshd_config sshd_config.5] 3047 Change default of MaxStartups to 10:30:100 to start doing random early 3048 drop at 10 connections up to 100 connections. This will make it harder 3049 to DoS as CPUs have come a long way since the original value was set 3050 back in 2000. Prompted by nion at debian org, ok markus@ 3051 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 3052 [auth.c] 3053 Fix comment, from jfree.e1 at gmail 3054 - djm@cvs.openbsd.org 2013/02/08 00:41:12 3055 [sftp.c] 3056 fix NULL deref when built without libedit and control characters 3057 entered as command; debugging and patch from Iain Morgan an 3058 Loganaden Velvindron in bz#1956 3059 - markus@cvs.openbsd.org 2013/02/10 21:19:34 3060 [version.h] 3061 openssh 6.2 3062 - djm@cvs.openbsd.org 2013/02/10 23:32:10 3063 [ssh-keygen.c] 3064 append to moduli file when screening candidates rather than overwriting. 3065 allows resumption of interrupted screen; patch from Christophe Garault 3066 in bz#1957; ok dtucker@ 3067 - djm@cvs.openbsd.org 2013/02/10 23:35:24 3068 [packet.c] 3069 record "Received disconnect" messages at ERROR rather than INFO priority, 3070 since they are abnormal and result in a non-zero ssh exit status; patch 3071 from Iain Morgan in bz#2057; ok dtucker@ 3072 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 3073 [sshd.c] 3074 Add openssl version to debug output similar to the client. ok markus@ 3075 - djm@cvs.openbsd.org 2013/02/11 23:58:51 3076 [regress/try-ciphers.sh] 3077 remove acss here too 3078 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 3079 308020130211 3081 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 3082 libcrypto that lacks EVP_CIPHER_CTX_ctrl 3083 308420130208 3085 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 3086 patch from Iain Morgan in bz#2059 3087 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 3088 __attribute__ on return values and work around if necessary. ok djm@ 3089 309020130207 3091 - (djm) [configure.ac] Don't probe seccomp capability of running kernel 3092 at configure time; the seccomp sandbox will fall back to rlimit at 3093 runtime anyway. Patch from plautrba AT redhat.com in bz#2011 3094 309520130120 3096 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 3097 Move prototypes for replacement ciphers to openssl-compat.h; fix EVP 3098 prototypes for openssl-1.0.0-fips. 3099 - (djm) OpenBSD CVS Sync 3100 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 3101 [ssh-keygen.1] 3102 tweak previous; 3103 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 3104 [ssh-keygen.c] 3105 -u before -V in usage(); 3106 - jmc@cvs.openbsd.org 2013/01/18 08:00:49 3107 [sshd_config.5] 3108 tweak previous; 3109 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 3110 [ssh-keygen.1] 3111 add -Q to the options list; ok djm 3112 - jmc@cvs.openbsd.org 2013/01/18 21:48:43 3113 [ssh-keygen.1] 3114 command-line (adj.) -> command line (n.); 3115 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 3116 [ssh-keygen.1] 3117 fix some formatting; ok djm 3118 - markus@cvs.openbsd.org 2013/01/19 12:34:55 3119 [krl.c] 3120 RB_INSERT does not remove existing elments; ok djm@ 3121 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 3122 version. 3123 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 3124 312520130118 3126 - (djm) OpenBSD CVS Sync 3127 - djm@cvs.openbsd.org 2013/01/17 23:00:01 3128 [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] 3129 [krl.c krl.h PROTOCOL.krl] 3130 add support for Key Revocation Lists (KRLs). These are a compact way to 3131 represent lists of revoked keys and certificates, taking as little as 3132 a single bit of incremental cost to revoke a certificate by serial number. 3133 KRLs are loaded via the existing RevokedKeys sshd_config option. 3134 feedback and ok markus@ 3135 - djm@cvs.openbsd.org 2013/01/18 00:45:29 3136 [regress/Makefile regress/cert-userkey.sh regress/krl.sh] 3137 Tests for Key Revocation Lists (KRLs) 3138 - djm@cvs.openbsd.org 2013/01/18 03:00:32 3139 [krl.c] 3140 fix KRL generation bug for list sections 3141 314220130117 3143 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 3144 check for GCM support before testing GCM ciphers. 3145 314620130112 3147 - (djm) OpenBSD CVS Sync 3148 - djm@cvs.openbsd.org 2013/01/12 11:22:04 3149 [cipher.c] 3150 improve error message for integrity failure in AES-GCM modes; ok markus@ 3151 - djm@cvs.openbsd.org 2013/01/12 11:23:53 3152 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 3153 test AES-GCM modes; feedback markus@ 3154 - (djm) [regress/integrity.sh] repair botched merge 3155 315620130109 3157 - (djm) OpenBSD CVS Sync 3158 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 3159 [auth.c] 3160 use correct string in error message; from rustybsd at gmx.fr 3161 - djm@cvs.openbsd.org 2013/01/02 00:32:07 3162 [clientloop.c mux.c] 3163 channel_setup_local_fwd_listener() returns 0 on failure, not -ve 3164 bz#2055 reported by mathieu.lacage AT gmail.com 3165 - djm@cvs.openbsd.org 2013/01/02 00:33:49 3166 [PROTOCOL.agent] 3167 correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 3168 bz#2051 from david AT lechnology.com 3169 - djm@cvs.openbsd.org 2013/01/03 05:49:36 3170 [servconf.h] 3171 add a couple of ServerOptions members that should be copied to the privsep 3172 child (for consistency, in this case they happen only to be accessed in 3173 the monitor); ok dtucker@ 3174 - djm@cvs.openbsd.org 2013/01/03 12:49:01 3175 [PROTOCOL] 3176 fix description of MAC calculation for EtM modes; ok markus@ 3177 - djm@cvs.openbsd.org 2013/01/03 12:54:49 3178 [sftp-server.8 sftp-server.c] 3179 allow specification of an alternate start directory for sftp-server(8) 3180 "I like this" markus@ 3181 - djm@cvs.openbsd.org 2013/01/03 23:22:58 3182 [ssh-keygen.c] 3183 allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... 3184 ok markus@ 3185 - jmc@cvs.openbsd.org 2013/01/04 19:26:38 3186 [sftp-server.8 sftp-server.c] 3187 sftp-server.8: add argument name to -d 3188 sftp-server.c: add -d to usage() 3189 ok djm 3190 - markus@cvs.openbsd.org 2013/01/08 18:49:04 3191 [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] 3192 [myproposal.h packet.c ssh_config.5 sshd_config.5] 3193 support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) 3194 ok and feedback djm@ 3195 - djm@cvs.openbsd.org 2013/01/09 05:40:17 3196 [ssh-keygen.c] 3197 correctly initialise fingerprint type for fingerprinting PKCS#11 keys 3198 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 3199 Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little 3200 cipher compat code to openssl-compat.h 3201 320220121217 3203 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 3204 tests will work with VPATH directories. 3205 320620121213 3207 - (djm) OpenBSD CVS Sync 3208 - markus@cvs.openbsd.org 2012/12/12 16:45:52 3209 [packet.c] 3210 reset incoming_packet buffer for each new packet in EtM-case, too; 3211 this happens if packets are parsed only parially (e.g. ignore 3212 messages sent when su/sudo turn off echo); noted by sthen/millert 3213 - naddy@cvs.openbsd.org 2012/12/12 16:46:10 3214 [cipher.c] 3215 use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled 3216 counter mode code; ok djm@ 3217 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 3218 compat code for older OpenSSL 3219 - (djm) [cipher.c] Fix missing prototype for compat code 3220 322120121212 3222 - (djm) OpenBSD CVS Sync 3223 - markus@cvs.openbsd.org 2012/12/11 22:16:21 3224 [monitor.c] 3225 drain the log messages after receiving the keystate from the unpriv 3226 child. otherwise it might block while sending. ok djm@ 3227 - markus@cvs.openbsd.org 2012/12/11 22:31:18 3228 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] 3229 [packet.c ssh_config.5 sshd_config.5] 3230 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms 3231 that change the packet format and compute the MAC over the encrypted 3232 message (including the packet size) instead of the plaintext data; 3233 these EtM modes are considered more secure and used by default. 3234 feedback and ok djm@ 3235 - sthen@cvs.openbsd.org 2012/12/11 22:51:45 3236 [mac.c] 3237 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ 3238 - markus@cvs.openbsd.org 2012/12/11 22:32:56 3239 [regress/try-ciphers.sh] 3240 add etm modes 3241 - markus@cvs.openbsd.org 2012/12/11 22:42:11 3242 [regress/Makefile regress/modpipe.c regress/integrity.sh] 3243 test the integrity of the packets; with djm@ 3244 - markus@cvs.openbsd.org 2012/12/11 23:12:13 3245 [try-ciphers.sh] 3246 add hmac-ripemd160-etm@openssh.com 3247 - (djm) [mac.c] fix merge botch 3248 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 3249 work on platforms without 'jot' 3250 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 3251 - (djm) [regress/Makefile] fix t-exec rule 3252 325320121207 3254 - (dtucker) OpenBSD CVS Sync 3255 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54 3256 [regress/keys-command.sh] 3257 Fix some problems with the keys-command test: 3258 - use string comparison rather than numeric comparison 3259 - check for existing KEY_COMMAND file and don't clobber if it exists 3260 - clean up KEY_COMMAND file if we do create it. 3261 - check that KEY_COMMAND is executable (which it won't be if eg /var/run 3262 is mounted noexec). 3263 ok djm. 3264 - jmc@cvs.openbsd.org 2012/12/03 08:33:03 3265 [ssh-add.1 sshd_config.5] 3266 tweak previous; 3267 - markus@cvs.openbsd.org 2012/12/05 15:42:52 3268 [ssh-add.c] 3269 prevent double-free of comment; ok djm@ 3270 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 3271 [serverloop.c] 3272 Cast signal to int for logging. A no-op on openbsd (they're always ints) 3273 but will prevent warnings in portable. ok djm@ 3274 327520121205 3276 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@. 3277 327820121203 3279 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get 3280 TAILQ_FOREACH_SAFE needed for upcoming changes. 3281 - (djm) OpenBSD CVS Sync 3282 - djm@cvs.openbsd.org 2012/12/02 20:26:11 3283 [ssh_config.5 sshconnect2.c] 3284 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. 3285 This allows control of which keys are offered from tokens using 3286 IdentityFile. ok markus@ 3287 - djm@cvs.openbsd.org 2012/12/02 20:42:15 3288 [ssh-add.1 ssh-add.c] 3289 make deleting explicit keys "ssh-add -d" symmetric with adding keys - 3290 try to delete the corresponding certificate too and respect the -k option 3291 to allow deleting of the key only; feedback and ok markus@ 3292 - djm@cvs.openbsd.org 2012/12/02 20:46:11 3293 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] 3294 [sshd_config.5] 3295 make AllowTcpForwarding accept "local" and "remote" in addition to its 3296 current "yes"/"no" to allow the server to specify whether just local or 3297 remote TCP forwarding is enabled. ok markus@ 3298 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 3299 [regress/cipher-speed.sh regress/try-ciphers.sh] 3300 Add umac-128@openssh.com to the list of MACs to be tested 3301 - djm@cvs.openbsd.org 2012/10/19 05:10:42 3302 [regress/cert-userkey.sh] 3303 include a serial number when generating certs 3304 - djm@cvs.openbsd.org 2012/11/22 22:49:30 3305 [regress/Makefile regress/keys-command.sh] 3306 regress for AuthorizedKeysCommand; hints from markus@ 3307 - djm@cvs.openbsd.org 2012/12/02 20:47:48 3308 [Makefile regress/forward-control.sh] 3309 regress for AllowTcpForwarding local/remote; ok markus@ 3310 - djm@cvs.openbsd.org 2012/12/03 00:14:06 3311 [auth2-chall.c ssh-keygen.c] 3312 Fix compilation with -Wall -Werror (trivial type fixes) 3313 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation 3314 debugging. ok dtucker@ 3315 - (djm) [configure.ac] Revert previous. configure.ac already does this 3316 for us. 3317 331820121114 3319 - (djm) OpenBSD CVS Sync 3320 - djm@cvs.openbsd.org 2012/11/14 02:24:27 3321 [auth2-pubkey.c] 3322 fix username passed to helper program 3323 prepare stdio fds before closefrom() 3324 spotted by landry@ 3325 - djm@cvs.openbsd.org 2012/11/14 02:32:15 3326 [ssh-keygen.c] 3327 allow the full range of unsigned serial numbers; 'fine' deraadt@ 3328 - djm@cvs.openbsd.org 2012/12/02 20:34:10 3329 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] 3330 [monitor.c monitor.h] 3331 Fixes logging of partial authentication when privsep is enabled 3332 Previously, we recorded "Failed xxx" since we reset authenticated before 3333 calling auth_log() in auth2.c. This adds an explcit "Partial" state. 3334 3335 Add a "submethod" to auth_log() to report which submethod is used 3336 for keyboard-interactive. 3337 3338 Fix multiple authentication when one of the methods is 3339 keyboard-interactive. 3340 3341 ok markus@ 3342 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30 3343 [regress/multiplex.sh] 3344 Use 'kill -0' to test for the presence of a pid since it's more portable 3345 334620121107 3347 - (djm) OpenBSD CVS Sync 3348 - eric@cvs.openbsd.org 2011/11/28 08:46:27 3349 [moduli.5] 3350 fix formula 3351 ok djm@ 3352 - jmc@cvs.openbsd.org 2012/09/26 17:34:38 3353 [moduli.5] 3354 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 3355 references into a STANDARDS section; 3356 335720121105 3358 - (dtucker) [uidswap.c openbsd-compat/Makefile.in 3359 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h 3360 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids 3361 and gids from uidswap.c to the compat library, which allows it to work with 3362 the new setresuid calls in auth2-pubkey. with tim@, ok djm@ 3363 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that 3364 don't have it. Spotted by tim@. 3365 336620121104 3367 - (djm) OpenBSD CVS Sync 3368 - jmc@cvs.openbsd.org 2012/10/31 08:04:50 3369 [sshd_config.5] 3370 tweak previous; 3371 - djm@cvs.openbsd.org 2012/11/04 10:38:43 3372 [auth2-pubkey.c sshd.c sshd_config.5] 3373 Remove default of AuthorizedCommandUser. Administrators are now expected 3374 to explicitly specify a user. feedback and ok markus@ 3375 - djm@cvs.openbsd.org 2012/11/04 11:09:15 3376 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] 3377 [sshd_config.5] 3378 Support multiple required authentication via an AuthenticationMethods 3379 option. This option lists one or more comma-separated lists of 3380 authentication method names. Successful completion of all the methods in 3381 any list is required for authentication to complete; 3382 feedback and ok markus@ 3383 338420121030 3385 - (djm) OpenBSD CVS Sync 3386 - markus@cvs.openbsd.org 2012/10/05 12:34:39 3387 [sftp.c] 3388 fix signed vs unsigned warning; feedback & ok: djm@ 3389 - djm@cvs.openbsd.org 2012/10/30 21:29:55 3390 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] 3391 [sshd.c sshd_config sshd_config.5] 3392 new sshd_config option AuthorizedKeysCommand to support fetching 3393 authorized_keys from a command in addition to (or instead of) from 3394 the filesystem. The command is run as the target server user unless 3395 another specified via a new AuthorizedKeysCommandUser option. 3396 3397 patch originally by jchadima AT redhat.com, reworked by me; feedback 3398 and ok markus@ 3399 340020121019 3401 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in 3402 the generated file as intended. 3403 340420121005 3405 - (dtucker) OpenBSD CVS Sync 3406 - djm@cvs.openbsd.org 2012/09/17 09:54:44 3407 [sftp.c] 3408 an XXX for later 3409 - markus@cvs.openbsd.org 2012/09/17 13:04:11 3410 [packet.c] 3411 clear old keys on rekeing; ok djm 3412 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 3413 [sftp.c] 3414 Add bounds check on sftp tab-completion. Part of a patch from from 3415 Jean-Marc Robert via tech@, ok djm 3416 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 3417 [sftp.c] 3418 Fix improper handling of absolute paths when PWD is part of the completed 3419 path. Patch from Jean-Marc Robert via tech@, ok djm. 3420 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 3421 [sftp.c] 3422 Fix handling of filenames containing escaped globbing characters and 3423 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. 3424 - jmc@cvs.openbsd.org 2012/09/26 16:12:13 3425 [ssh.1] 3426 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 3427 references into a STANDARDS section; 3428 - naddy@cvs.openbsd.org 2012/10/01 13:59:51 3429 [monitor_wrap.c] 3430 pasto; ok djm@ 3431 - djm@cvs.openbsd.org 2012/10/02 07:07:45 3432 [ssh-keygen.c] 3433 fix -z option, broken in revision 1.215 3434 - markus@cvs.openbsd.org 2012/10/04 13:21:50 3435 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] 3436 add umac128 variant; ok djm@ at n2k12 3437 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07 3438 [regress/try-ciphers.sh] 3439 Restore missing space. (Id sync only). 3440 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25 3441 [regress/multiplex.sh] 3442 Add test for ssh -Ostop 3443 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21 3444 [regress/multiplex.sh] 3445 Log -O cmd output to the log file and make logging consistent with the 3446 other tests. Test clean shutdown of an existing channel when testing 3447 "stop". 3448 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19 3449 [regress/multiplex.sh] 3450 use -Ocheck and waiting for completions by PID to make multiplexing test 3451 less racy and (hopefully) more reliable on slow hardware. 3452 - [Makefile umac.c] Add special-case target to build umac128.o. 3453 - [umac.c] Enforce allowed umac output sizes. From djm@. 3454 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom". 3455 345620120917 3457 - (dtucker) OpenBSD CVS Sync 3458 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36 3459 [servconf.c] 3460 Fix comment line length 3461 - markus@cvs.openbsd.org 2012/09/14 16:51:34 3462 [sshconnect.c] 3463 remove unused variable 3464 346520120907 3466 - (dtucker) OpenBSD CVS Sync 3467 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13 3468 [clientloop.c] 3469 Make the escape command help (~?) context sensitive so that only commands 3470 that will work in the current session are shown. ok markus@ 3471 - jmc@cvs.openbsd.org 2012/09/06 13:57:42 3472 [ssh.1] 3473 missing letter in previous; 3474 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19 3475 [clientloop.c] 3476 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ 3477 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21 3478 [clientloop.c] 3479 Merge escape help text for ~v and ~V; ok djm@ 3480 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21 3481 [clientloop.c] 3482 when muxmaster is run with -N, make it shut down gracefully when a client 3483 sends it "-O stop" rather than hanging around (bz#1985). ok djm@ 3484 348520120906 3486 - (dtucker) OpenBSD CVS Sync 3487 - jmc@cvs.openbsd.org 2012/08/15 18:25:50 3488 [ssh-keygen.1] 3489 a little more info on certificate validity; 3490 requested by Ross L Richardson, and provided by djm 3491 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 3492 [clientloop.c clientloop.h mux.c] 3493 Force a clean shutdown of ControlMaster client sessions when the ~. escape 3494 sequence is used. This means that ~. should now work in mux clients even 3495 if the server is no longer responding. Found by tedu, ok djm. 3496 - djm@cvs.openbsd.org 2012/08/17 01:22:56 3497 [kex.c] 3498 add some comments about better handling first-KEX-follows notifications 3499 from the server. Nothing uses these right now. No binary change 3500 - djm@cvs.openbsd.org 2012/08/17 01:25:58 3501 [ssh-keygen.c] 3502 print details of which host lines were deleted when using 3503 "ssh-keygen -R host"; ok markus@ 3504 - djm@cvs.openbsd.org 2012/08/17 01:30:00 3505 [compat.c sshconnect.c] 3506 Send client banner immediately, rather than waiting for the server to 3507 move first for SSH protocol 2 connections (the default). Patch based on 3508 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ 3509 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39 3510 [clientloop.c log.c ssh.1 log.h] 3511 Add ~v and ~V escape sequences to raise and lower the logging level 3512 respectively. Man page help from jmc, ok deraadt jmc 3513 351420120830 3515 - (dtucker) [moduli] Import new moduli file. 3516 351720120828 3518 - (djm) Release openssh-6.1 3519 352020120828 3521 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN 3522 for compatibility with future mingw-w64 headers. Patch from vinschen at 3523 redhat com. 3524 352520120822 3526 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 3527 [contrib/suse/openssh.spec] Update version numbers 3528 352920120731 3530 - (djm) OpenBSD CVS Sync 3531 - jmc@cvs.openbsd.org 2012/07/06 06:38:03 3532 [ssh-keygen.c] 3533 missing full stop in usage(); 3534 - djm@cvs.openbsd.org 2012/07/10 02:19:15 3535 [servconf.c servconf.h sshd.c sshd_config] 3536 Turn on systrace sandboxing of pre-auth sshd by default for new installs 3537 by shipping a config that overrides the current UsePrivilegeSeparation=yes 3538 default. Make it easier to flip the default in the future by adding too. 3539 prodded markus@ feedback dtucker@ "get it in" deraadt@ 3540 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 3541 [servconf.c] 3542 handle long comments in config files better. bz#2025, ok markus 3543 - markus@cvs.openbsd.org 2012/07/22 18:19:21 3544 [version.h] 3545 openssh 6.1 3546 354720120720 3548 - (dtucker) Import regened moduli file. 3549 355020120706 3551 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is 3552 not available. Allows use of sshd compiled on host with a filter-capable 3553 kernel on hosts that lack the support. bz#2011 ok dtucker@ 3554 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no 3555 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT 3556 esperi.org.uk; ok dtucker@ 3557- (djm) OpenBSD CVS Sync 3558 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 3559 [moduli.c ssh-keygen.1 ssh-keygen.c] 3560 Add options to specify starting line number and number of lines to process 3561 when screening moduli candidates. This allows processing of different 3562 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ 3563 - djm@cvs.openbsd.org 2012/07/06 01:37:21 3564 [mux.c] 3565 fix memory leak of passed-in environment variables and connection 3566 context when new session message is malformed; bz#2003 from Bert.Wesarg 3567 AT googlemail.com 3568 - djm@cvs.openbsd.org 2012/07/06 01:47:38 3569 [ssh.c] 3570 move setting of tty_flag to after config parsing so RequestTTY options 3571 are correctly picked up. bz#1995 patch from przemoc AT gmail.com; 3572 ok dtucker@ 3573 357420120704 3575 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 3576 platforms that don't have it. "looks good" tim@ 3577 357820120703 3579 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with 3580 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. 3581 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not 3582 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its 3583 benefit is minor, so it's not worth disabling the sandbox if it doesn't 3584 work. 3585 358620120702 3587- (dtucker) OpenBSD CVS Sync 3588 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 3589 [ssh_config.5 sshd_config.5] 3590 match the documented MAC order of preference to the actual one; 3591 ok dtucker@ 3592 - markus@cvs.openbsd.org 2012/06/30 14:35:09 3593 [sandbox-systrace.c sshd.c] 3594 fix a during the load of the sandbox policies (child can still make 3595 the read-syscall and wait forever for systrace-answers) by replacing 3596 the read/write synchronisation with SIGSTOP/SIGCONT; 3597 report and help hshoexer@; ok djm@, dtucker@ 3598 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 3599 [ssh.c] 3600 set interactive ToS for forwarded X11 sessions. ok djm@ 3601 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 3602 [ssh-pkcs11-helper.c sftp-client.c] 3603 fix a couple of "assigned but not used" warnings. ok markus@ 3604 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 3605 [regress/connect-privsep.sh] 3606 remove exit from end of test since it prevents reporting failure 3607 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] 3608 Move cygwin detection to test-exec and use to skip reexec test on cygwin. 3609 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. 3610 361120120629 3612 - OpenBSD CVS Sync 3613 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 3614 [addrmatch.c] 3615 fix strlcpy truncation check. from carsten at debian org, ok markus 3616 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 3617 [monitor.c sshconnect2.c] 3618 remove dead code following 'for (;;)' loops. 3619 From Steve.McClellan at radisys com, ok markus@ 3620 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 3621 [sftp.c] 3622 Remove unused variable leftover from tab-completion changes. 3623 From Steve.McClellan at radisys com, ok markus@ 3624 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 3625 [sandbox-systrace.c] 3626 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation 3627 sandbox" since malloc now uses it. From johnw.mail at gmail com. 3628 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 3629 [mac.c myproposal.h ssh_config.5 sshd_config.5] 3630 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 3631 from draft6 of the spec and will not be in the RFC when published. Patch 3632 from mdb at juniper net via bz#2023, ok markus. 3633 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 3634 [ssh_config.5 sshd_config.5] 3635 match the documented MAC order of preference to the actual one; ok dtucker@ 3636 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 3637 [regress/addrmatch.sh] 3638 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 3639 to match. Feedback and ok djm@ markus@. 3640 - djm@cvs.openbsd.org 2012/06/01 00:47:35 3641 [regress/multiplex.sh regress/forwarding.sh] 3642 append to rather than truncate test log; bz#2013 from openssh AT 3643 roumenpetrov.info 3644 - djm@cvs.openbsd.org 2012/06/01 00:52:52 3645 [regress/sftp-cmds.sh] 3646 don't delete .* on cleanup due to unintended env expansion; pointed out in 3647 bz#2014 by openssh AT roumenpetrov.info 3648 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 3649 [regress/connect-privsep.sh] 3650 test sandbox with every malloc option 3651 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 3652 [regress/try-ciphers.sh regress/cipher-speed.sh] 3653 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 3654 from draft6 of the spec and will not be in the RFC when published. Patch 3655 from mdb at juniper net via bz#2023, ok markus. 3656 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. 3657 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have 3658 the required functions in libcrypto. 3659 366020120628 3661 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null 3662 pointer deref in the client when built with LDNS and using DNSSEC with a 3663 CNAME. Patch from gregdlg+mr at hochet info. 3664 366520120622 3666 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as 3667 can logon as a service. Patch from vinschen at redhat com. 3668 366920120620 3670 - (djm) OpenBSD CVS Sync 3671 - djm@cvs.openbsd.org 2011/12/02 00:41:56 3672 [mux.c] 3673 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 3674 ok dtucker@ 3675 - djm@cvs.openbsd.org 2011/12/04 23:16:12 3676 [mux.c] 3677 revert: 3678 > revision 1.32 3679 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 3680 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 3681 > ok dtucker@ 3682 it interacts badly with ControlPersist 3683 - djm@cvs.openbsd.org 2012/01/07 21:11:36 3684 [mux.c] 3685 fix double-free in new session handler 3686 NB. Id sync only 3687 - djm@cvs.openbsd.org 2012/05/23 03:28:28 3688 [dns.c dns.h key.c key.h ssh-keygen.c] 3689 add support for RFC6594 SSHFP DNS records for ECDSA key types. 3690 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ 3691 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black) 3692 - djm@cvs.openbsd.org 2012/06/01 00:49:35 3693 [PROTOCOL.mux] 3694 correct types of port numbers (integers, not strings); bz#2004 from 3695 bert.wesarg AT googlemail.com 3696 - djm@cvs.openbsd.org 2012/06/01 01:01:22 3697 [mux.c] 3698 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg 3699 AT googlemail.com 3700 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 3701 [jpake.c] 3702 correct sizeof usage. patch from saw at online.de, ok deraadt 3703 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 3704 [ssh_config.5] 3705 RSA instead of DSA twice. From Steve.McClellan at radisys com 3706 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 3707 [ssh.1 sshd.8] 3708 Remove mention of 'three' key files since there are now four. From 3709 Steve.McClellan at radisys com. 3710 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 3711 [ssh.1] 3712 Clarify description of -W. Noted by Steve.McClellan at radisys com, 3713 ok jmc 3714 - markus@cvs.openbsd.org 2012/06/19 18:25:28 3715 [servconf.c servconf.h sshd_config.5] 3716 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} 3717 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' 3718 ok djm@ (back in March) 3719 - jmc@cvs.openbsd.org 2012/06/19 21:35:54 3720 [sshd_config.5] 3721 tweak previous; ok markus 3722 - djm@cvs.openbsd.org 2012/06/20 04:42:58 3723 [clientloop.c serverloop.c] 3724 initialise accept() backoff timer to avoid EINVAL from select(2) in 3725 rekeying 3726 372720120519 3728 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch 3729 from cjwatson at debian org. 3730 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find 3731 pkg-config so it does the right thing when cross-compiling. Patch from 3732 cjwatson at debian org. 3733- (dtucker) OpenBSD CVS Sync 3734 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 3735 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] 3736 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 3737 to match. Feedback and ok djm@ markus@. 3738 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 3739 [sshd_config.5] 3740 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron 3741 374220120504 3743 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> 3744 to fix building on some plaforms. Fom bowman at math utah edu and 3745 des at des no. 3746 374720120427 3748 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 3749 platform rather than exiting early, so that we still clean up and return 3750 success or failure to test-exec.sh 3751 375220120426 3753 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters 3754 via Niels 3755 - (djm) [auth-krb5.c] Save errno across calls that might modify it; 3756 ok dtucker@ 3757 375820120423 3759 - OpenBSD CVS Sync 3760 - djm@cvs.openbsd.org 2012/04/23 08:18:17 3761 [channels.c] 3762 fix function proto/source mismatch 3763 376420120422 3765 - OpenBSD CVS Sync 3766 - djm@cvs.openbsd.org 2012/02/29 11:21:26 3767 [ssh-keygen.c] 3768 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ 3769 - guenther@cvs.openbsd.org 2012/03/15 03:10:27 3770 [session.c] 3771 root should always be excluded from the test for /etc/nologin instead 3772 of having it always enforced even when marked as ignorenologin. This 3773 regressed when the logic was incompletely flipped around in rev 1.251 3774 ok halex@ millert@ 3775 - djm@cvs.openbsd.org 2012/03/28 07:23:22 3776 [PROTOCOL.certkeys] 3777 explain certificate extensions/crit split rationale. Mention requirement 3778 that each appear at most once per cert. 3779 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 3780 [channels.c channels.h servconf.c] 3781 Add PermitOpen none option based on patch from Loganaden Velvindron 3782 (bz #1949). ok djm@ 3783 - djm@cvs.openbsd.org 2012/04/11 13:16:19 3784 [channels.c channels.h clientloop.c serverloop.c] 3785 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 3786 while; ok deraadt@ markus@ 3787 - djm@cvs.openbsd.org 2012/04/11 13:17:54 3788 [auth.c] 3789 Support "none" as an argument for AuthorizedPrincipalsFile to indicate 3790 no file should be read. 3791 - djm@cvs.openbsd.org 2012/04/11 13:26:40 3792 [sshd.c] 3793 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 3794 while; ok deraadt@ markus@ 3795 - djm@cvs.openbsd.org 2012/04/11 13:34:17 3796 [ssh-keyscan.1 ssh-keyscan.c] 3797 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also 3798 look for them by default; bz#1971 3799 - djm@cvs.openbsd.org 2012/04/12 02:42:32 3800 [servconf.c servconf.h sshd.c sshd_config sshd_config.5] 3801 VersionAddendum option to allow server operators to append some arbitrary 3802 text to the SSH-... banner; ok deraadt@ "don't care" markus@ 3803 - djm@cvs.openbsd.org 2012/04/12 02:43:55 3804 [sshd_config sshd_config.5] 3805 mention AuthorizedPrincipalsFile=none default 3806 - djm@cvs.openbsd.org 2012/04/20 03:24:23 3807 [sftp.c] 3808 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) 3809 - jmc@cvs.openbsd.org 2012/04/20 16:26:22 3810 [ssh.1] 3811 use "brackets" instead of "braces", for consistency; 3812 381320120420 3814 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 3815 [contrib/suse/openssh.spec] Update for release 6.0 3816 - (djm) [README] Update URL to release notes. 3817 - (djm) Release openssh-6.0 3818