120120322 2 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 3 Hands' greatly revised version. 4 - (djm) Release 6.2p1 5 620120318 7 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 8 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's 9 so mark it as broken. Patch from des AT des.no 10 1120120317 12 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 13 of the bits the configure test looks for. 14 1520120316 16 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 17 is unable to successfully compile them. Based on patch from des AT 18 des.no 19 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 20 Add a usleep replacement for platforms that lack it; ok dtucker 21 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 22 occur after UID switch; patch from John Marshall via des AT des.no; 23 ok dtucker@ 24 2520120312 26 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 27 Improve portability of cipher-speed test, based mostly on a patch from 28 Iain Morgan. 29 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 30 in addition to root as an owner of system directories on AIX and HP-UX. 31 ok djm@ 32 3320130307 34 - (dtucker) [INSTALL] Bump documented autoconf version to what we're 35 currently using. 36 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it 37 was removed in configure.ac rev 1.481 as it was redundant. 38 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 39 ago. 40 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 41 chance to complete on broken systems; ok dtucker@ 42 4320130306 44 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 45 connection to start so that the test works on slower machines. 46 - (dtucker) [configure.ac] test that we can set number of file descriptors 47 to zero with setrlimit before enabling the rlimit sandbox. This affects 48 (at least) HPUX 11.11. 49 5020130305 51 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 52 HP/UX. Spotted by Kevin Brott 53 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 54 Amit Kulkarni and Kevin Brott. 55 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 56 build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin 57 Brott. 58 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 59 6020130227 61 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 62 [contrib/suse/openssh.spec] Crank version numbers 63 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 64 - (tim) [regress/integrity.sh] shell portability fix. 65 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 66 - (tim) [regress/krl.sh] keep old solaris awk from hanging. 67 6820130226 69 - OpenBSD CVS Sync 70 - djm@cvs.openbsd.org 2013/02/20 08:27:50 71 [integrity.sh] 72 Add an option to modpipe that warns if the modification offset it not 73 reached in it's stream and turn it on for t-integrity. This should catch 74 cases where the session is not fuzzed for being too short (cf. my last 75 "oops" commit) 76 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 77 for UsePAM=yes configuration 78 7920130225 80 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 81 to use Solaris native GSS libs. Patch from Pierre Ossman. 82 8320130223 84 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 85 bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. 86 ok tim 87 8820130222 89 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 90 ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. 91 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 92 libgss too. Patch from Pierre Ossman, ok djm. 93 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 94 seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; 95 ok dtucker 96 9720130221 98 - (tim) [regress/forward-control.sh] shell portability fix. 99 10020130220 101 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 102 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 103 err.h include from krl.c. Additional portability fixes for modpipe. OK djm 104 - OpenBSD CVS Sync 105 - djm@cvs.openbsd.org 2013/02/20 08:27:50 106 [regress/integrity.sh regress/modpipe.c] 107 Add an option to modpipe that warns if the modification offset it not 108 reached in it's stream and turn it on for t-integrity. This should catch 109 cases where the session is not fuzzed for being too short (cf. my last 110 "oops" commit) 111 - djm@cvs.openbsd.org 2013/02/20 08:29:27 112 [regress/modpipe.c] 113 s/Id/OpenBSD/ in RCS tag 114 11520130219 116 - OpenBSD CVS Sync 117 - djm@cvs.openbsd.org 2013/02/18 22:26:47 118 [integrity.sh] 119 crank the offset yet again; it was still fuzzing KEX one of Darren's 120 portable test hosts at 2800 121 - djm@cvs.openbsd.org 2013/02/19 02:14:09 122 [integrity.sh] 123 oops, forgot to increase the output of the ssh command to ensure that 124 we actually reach $offset 125 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 126 lack support for SHA2. 127 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms 128 that do not have them. 129 13020130217 131 - OpenBSD CVS Sync 132 - djm@cvs.openbsd.org 2013/02/17 23:16:55 133 [integrity.sh] 134 make the ssh command generates some output to ensure that there are at 135 least offset+tries bytes in the stream. 136 13720130216 138 - OpenBSD CVS Sync 139 - djm@cvs.openbsd.org 2013/02/16 06:08:45 140 [integrity.sh] 141 make sure the fuzz offset is actually past the end of KEX for all KEX 142 types. diffie-hellman-group-exchange-sha256 requires an offset around 143 2700. Noticed via test failures in portable OpenSSH on platforms that 144 lack ECC and this the more byte-frugal ECDH KEX algorithms. 145 14620130215 147 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 148 Iain Morgan 149 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 150 Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). 151 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 152 openbsd-compat/openbsd-compat.h] Add strtoull to compat library for 153 platforms that don't have it. 154 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 155 group strto* function prototypes together. 156 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 157 an argument. Pointed out by djm. 158 - (djm) OpenBSD CVS Sync 159 - djm@cvs.openbsd.org 2013/02/14 21:35:59 160 [auth2-pubkey.c] 161 Correct error message that had a typo and was logging the wrong thing; 162 patch from Petr Lautrbach 163 - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 164 [sshconnect2.c] 165 Warn more loudly if an IdentityFile provided by the user cannot be read. 166 bz #1981, ok djm@ 167 16820130214 169 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 170 - (djm) [regress/krl.sh] typo; found by Iain Morgan 171 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 172 of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by 173 Iain Morgan 174 17520130212 176 - (djm) OpenBSD CVS Sync 177 - djm@cvs.openbsd.org 2013/01/24 21:45:37 178 [krl.c] 179 fix handling of (unused) KRL signatures; skip string in correct buffer 180 - djm@cvs.openbsd.org 2013/01/24 22:08:56 181 [krl.c] 182 skip serial lookup when cert's serial number is zero 183 - krw@cvs.openbsd.org 2013/01/25 05:00:27 184 [krl.c] 185 Revert last. Breaks due to likely typo. Let djm@ fix later. 186 ok djm@ via dlg@ 187 - djm@cvs.openbsd.org 2013/01/25 10:22:19 188 [krl.c] 189 redo last commit without the vi-vomit that snuck in: 190 skip serial lookup when cert's serial number is zero 191 (now with 100% better comment) 192 - djm@cvs.openbsd.org 2013/01/26 06:11:05 193 [Makefile.in acss.c acss.h cipher-acss.c cipher.c] 194 [openbsd-compat/openssl-compat.h] 195 remove ACSS, now that it is gone from libcrypto too 196 - djm@cvs.openbsd.org 2013/01/27 10:06:12 197 [krl.c] 198 actually use the xrealloc() return value; spotted by xi.wang AT gmail.com 199 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 200 [servconf.c sshd_config sshd_config.5] 201 Change default of MaxStartups to 10:30:100 to start doing random early 202 drop at 10 connections up to 100 connections. This will make it harder 203 to DoS as CPUs have come a long way since the original value was set 204 back in 2000. Prompted by nion at debian org, ok markus@ 205 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 206 [auth.c] 207 Fix comment, from jfree.e1 at gmail 208 - djm@cvs.openbsd.org 2013/02/08 00:41:12 209 [sftp.c] 210 fix NULL deref when built without libedit and control characters 211 entered as command; debugging and patch from Iain Morgan an 212 Loganaden Velvindron in bz#1956 213 - markus@cvs.openbsd.org 2013/02/10 21:19:34 214 [version.h] 215 openssh 6.2 216 - djm@cvs.openbsd.org 2013/02/10 23:32:10 217 [ssh-keygen.c] 218 append to moduli file when screening candidates rather than overwriting. 219 allows resumption of interrupted screen; patch from Christophe Garault 220 in bz#1957; ok dtucker@ 221 - djm@cvs.openbsd.org 2013/02/10 23:35:24 222 [packet.c] 223 record "Received disconnect" messages at ERROR rather than INFO priority, 224 since they are abnormal and result in a non-zero ssh exit status; patch 225 from Iain Morgan in bz#2057; ok dtucker@ 226 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 227 [sshd.c] 228 Add openssl version to debug output similar to the client. ok markus@ 229 - djm@cvs.openbsd.org 2013/02/11 23:58:51 230 [regress/try-ciphers.sh] 231 remove acss here too 232 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 233 23420130211 235 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 236 libcrypto that lacks EVP_CIPHER_CTX_ctrl 237 23820130208 239 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 240 patch from Iain Morgan in bz#2059 241 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 242 __attribute__ on return values and work around if necessary. ok djm@ 243 24420130207 245 - (djm) [configure.ac] Don't probe seccomp capability of running kernel 246 at configure time; the seccomp sandbox will fall back to rlimit at 247 runtime anyway. Patch from plautrba AT redhat.com in bz#2011 248 24920130120 250 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 251 Move prototypes for replacement ciphers to openssl-compat.h; fix EVP 252 prototypes for openssl-1.0.0-fips. 253 - (djm) OpenBSD CVS Sync 254 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 255 [ssh-keygen.1] 256 tweak previous; 257 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 258 [ssh-keygen.c] 259 -u before -V in usage(); 260 - jmc@cvs.openbsd.org 2013/01/18 08:00:49 261 [sshd_config.5] 262 tweak previous; 263 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 264 [ssh-keygen.1] 265 add -Q to the options list; ok djm 266 - jmc@cvs.openbsd.org 2013/01/18 21:48:43 267 [ssh-keygen.1] 268 command-line (adj.) -> command line (n.); 269 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 270 [ssh-keygen.1] 271 fix some formatting; ok djm 272 - markus@cvs.openbsd.org 2013/01/19 12:34:55 273 [krl.c] 274 RB_INSERT does not remove existing elments; ok djm@ 275 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 276 version. 277 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 278 27920130118 280 - (djm) OpenBSD CVS Sync 281 - djm@cvs.openbsd.org 2013/01/17 23:00:01 282 [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] 283 [krl.c krl.h PROTOCOL.krl] 284 add support for Key Revocation Lists (KRLs). These are a compact way to 285 represent lists of revoked keys and certificates, taking as little as 286 a single bit of incremental cost to revoke a certificate by serial number. 287 KRLs are loaded via the existing RevokedKeys sshd_config option. 288 feedback and ok markus@ 289 - djm@cvs.openbsd.org 2013/01/18 00:45:29 290 [regress/Makefile regress/cert-userkey.sh regress/krl.sh] 291 Tests for Key Revocation Lists (KRLs) 292 - djm@cvs.openbsd.org 2013/01/18 03:00:32 293 [krl.c] 294 fix KRL generation bug for list sections 295 29620130117 297 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 298 check for GCM support before testing GCM ciphers. 299 30020130112 301 - (djm) OpenBSD CVS Sync 302 - djm@cvs.openbsd.org 2013/01/12 11:22:04 303 [cipher.c] 304 improve error message for integrity failure in AES-GCM modes; ok markus@ 305 - djm@cvs.openbsd.org 2013/01/12 11:23:53 306 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 307 test AES-GCM modes; feedback markus@ 308 - (djm) [regress/integrity.sh] repair botched merge 309 31020130109 311 - (djm) OpenBSD CVS Sync 312 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 313 [auth.c] 314 use correct string in error message; from rustybsd at gmx.fr 315 - djm@cvs.openbsd.org 2013/01/02 00:32:07 316 [clientloop.c mux.c] 317 channel_setup_local_fwd_listener() returns 0 on failure, not -ve 318 bz#2055 reported by mathieu.lacage AT gmail.com 319 - djm@cvs.openbsd.org 2013/01/02 00:33:49 320 [PROTOCOL.agent] 321 correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 322 bz#2051 from david AT lechnology.com 323 - djm@cvs.openbsd.org 2013/01/03 05:49:36 324 [servconf.h] 325 add a couple of ServerOptions members that should be copied to the privsep 326 child (for consistency, in this case they happen only to be accessed in 327 the monitor); ok dtucker@ 328 - djm@cvs.openbsd.org 2013/01/03 12:49:01 329 [PROTOCOL] 330 fix description of MAC calculation for EtM modes; ok markus@ 331 - djm@cvs.openbsd.org 2013/01/03 12:54:49 332 [sftp-server.8 sftp-server.c] 333 allow specification of an alternate start directory for sftp-server(8) 334 "I like this" markus@ 335 - djm@cvs.openbsd.org 2013/01/03 23:22:58 336 [ssh-keygen.c] 337 allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... 338 ok markus@ 339 - jmc@cvs.openbsd.org 2013/01/04 19:26:38 340 [sftp-server.8 sftp-server.c] 341 sftp-server.8: add argument name to -d 342 sftp-server.c: add -d to usage() 343 ok djm 344 - markus@cvs.openbsd.org 2013/01/08 18:49:04 345 [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] 346 [myproposal.h packet.c ssh_config.5 sshd_config.5] 347 support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) 348 ok and feedback djm@ 349 - djm@cvs.openbsd.org 2013/01/09 05:40:17 350 [ssh-keygen.c] 351 correctly initialise fingerprint type for fingerprinting PKCS#11 keys 352 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 353 Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little 354 cipher compat code to openssl-compat.h 355 35620121217 357 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 358 tests will work with VPATH directories. 359 36020121213 361 - (djm) OpenBSD CVS Sync 362 - markus@cvs.openbsd.org 2012/12/12 16:45:52 363 [packet.c] 364 reset incoming_packet buffer for each new packet in EtM-case, too; 365 this happens if packets are parsed only parially (e.g. ignore 366 messages sent when su/sudo turn off echo); noted by sthen/millert 367 - naddy@cvs.openbsd.org 2012/12/12 16:46:10 368 [cipher.c] 369 use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled 370 counter mode code; ok djm@ 371 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 372 compat code for older OpenSSL 373 - (djm) [cipher.c] Fix missing prototype for compat code 374 37520121212 376 - (djm) OpenBSD CVS Sync 377 - markus@cvs.openbsd.org 2012/12/11 22:16:21 378 [monitor.c] 379 drain the log messages after receiving the keystate from the unpriv 380 child. otherwise it might block while sending. ok djm@ 381 - markus@cvs.openbsd.org 2012/12/11 22:31:18 382 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] 383 [packet.c ssh_config.5 sshd_config.5] 384 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms 385 that change the packet format and compute the MAC over the encrypted 386 message (including the packet size) instead of the plaintext data; 387 these EtM modes are considered more secure and used by default. 388 feedback and ok djm@ 389 - sthen@cvs.openbsd.org 2012/12/11 22:51:45 390 [mac.c] 391 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ 392 - markus@cvs.openbsd.org 2012/12/11 22:32:56 393 [regress/try-ciphers.sh] 394 add etm modes 395 - markus@cvs.openbsd.org 2012/12/11 22:42:11 396 [regress/Makefile regress/modpipe.c regress/integrity.sh] 397 test the integrity of the packets; with djm@ 398 - markus@cvs.openbsd.org 2012/12/11 23:12:13 399 [try-ciphers.sh] 400 add hmac-ripemd160-etm@openssh.com 401 - (djm) [mac.c] fix merge botch 402 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 403 work on platforms without 'jot' 404 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 405 - (djm) [regress/Makefile] fix t-exec rule 406 40720121207 408 - (dtucker) OpenBSD CVS Sync 409 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54 410 [regress/keys-command.sh] 411 Fix some problems with the keys-command test: 412 - use string comparison rather than numeric comparison 413 - check for existing KEY_COMMAND file and don't clobber if it exists 414 - clean up KEY_COMMAND file if we do create it. 415 - check that KEY_COMMAND is executable (which it won't be if eg /var/run 416 is mounted noexec). 417 ok djm. 418 - jmc@cvs.openbsd.org 2012/12/03 08:33:03 419 [ssh-add.1 sshd_config.5] 420 tweak previous; 421 - markus@cvs.openbsd.org 2012/12/05 15:42:52 422 [ssh-add.c] 423 prevent double-free of comment; ok djm@ 424 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 425 [serverloop.c] 426 Cast signal to int for logging. A no-op on openbsd (they're always ints) 427 but will prevent warnings in portable. ok djm@ 428 42920121205 430 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@. 431 43220121203 433 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get 434 TAILQ_FOREACH_SAFE needed for upcoming changes. 435 - (djm) OpenBSD CVS Sync 436 - djm@cvs.openbsd.org 2012/12/02 20:26:11 437 [ssh_config.5 sshconnect2.c] 438 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. 439 This allows control of which keys are offered from tokens using 440 IdentityFile. ok markus@ 441 - djm@cvs.openbsd.org 2012/12/02 20:42:15 442 [ssh-add.1 ssh-add.c] 443 make deleting explicit keys "ssh-add -d" symmetric with adding keys - 444 try to delete the corresponding certificate too and respect the -k option 445 to allow deleting of the key only; feedback and ok markus@ 446 - djm@cvs.openbsd.org 2012/12/02 20:46:11 447 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] 448 [sshd_config.5] 449 make AllowTcpForwarding accept "local" and "remote" in addition to its 450 current "yes"/"no" to allow the server to specify whether just local or 451 remote TCP forwarding is enabled. ok markus@ 452 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 453 [regress/cipher-speed.sh regress/try-ciphers.sh] 454 Add umac-128@openssh.com to the list of MACs to be tested 455 - djm@cvs.openbsd.org 2012/10/19 05:10:42 456 [regress/cert-userkey.sh] 457 include a serial number when generating certs 458 - djm@cvs.openbsd.org 2012/11/22 22:49:30 459 [regress/Makefile regress/keys-command.sh] 460 regress for AuthorizedKeysCommand; hints from markus@ 461 - djm@cvs.openbsd.org 2012/12/02 20:47:48 462 [Makefile regress/forward-control.sh] 463 regress for AllowTcpForwarding local/remote; ok markus@ 464 - djm@cvs.openbsd.org 2012/12/03 00:14:06 465 [auth2-chall.c ssh-keygen.c] 466 Fix compilation with -Wall -Werror (trivial type fixes) 467 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation 468 debugging. ok dtucker@ 469 - (djm) [configure.ac] Revert previous. configure.ac already does this 470 for us. 471 47220121114 473 - (djm) OpenBSD CVS Sync 474 - djm@cvs.openbsd.org 2012/11/14 02:24:27 475 [auth2-pubkey.c] 476 fix username passed to helper program 477 prepare stdio fds before closefrom() 478 spotted by landry@ 479 - djm@cvs.openbsd.org 2012/11/14 02:32:15 480 [ssh-keygen.c] 481 allow the full range of unsigned serial numbers; 'fine' deraadt@ 482 - djm@cvs.openbsd.org 2012/12/02 20:34:10 483 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] 484 [monitor.c monitor.h] 485 Fixes logging of partial authentication when privsep is enabled 486 Previously, we recorded "Failed xxx" since we reset authenticated before 487 calling auth_log() in auth2.c. This adds an explcit "Partial" state. 488 489 Add a "submethod" to auth_log() to report which submethod is used 490 for keyboard-interactive. 491 492 Fix multiple authentication when one of the methods is 493 keyboard-interactive. 494 495 ok markus@ 496 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30 497 [regress/multiplex.sh] 498 Use 'kill -0' to test for the presence of a pid since it's more portable 499 50020121107 501 - (djm) OpenBSD CVS Sync 502 - eric@cvs.openbsd.org 2011/11/28 08:46:27 503 [moduli.5] 504 fix formula 505 ok djm@ 506 - jmc@cvs.openbsd.org 2012/09/26 17:34:38 507 [moduli.5] 508 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 509 references into a STANDARDS section; 510 51120121105 512 - (dtucker) [uidswap.c openbsd-compat/Makefile.in 513 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h 514 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids 515 and gids from uidswap.c to the compat library, which allows it to work with 516 the new setresuid calls in auth2-pubkey. with tim@, ok djm@ 517 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that 518 don't have it. Spotted by tim@. 519 52020121104 521 - (djm) OpenBSD CVS Sync 522 - jmc@cvs.openbsd.org 2012/10/31 08:04:50 523 [sshd_config.5] 524 tweak previous; 525 - djm@cvs.openbsd.org 2012/11/04 10:38:43 526 [auth2-pubkey.c sshd.c sshd_config.5] 527 Remove default of AuthorizedCommandUser. Administrators are now expected 528 to explicitly specify a user. feedback and ok markus@ 529 - djm@cvs.openbsd.org 2012/11/04 11:09:15 530 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] 531 [sshd_config.5] 532 Support multiple required authentication via an AuthenticationMethods 533 option. This option lists one or more comma-separated lists of 534 authentication method names. Successful completion of all the methods in 535 any list is required for authentication to complete; 536 feedback and ok markus@ 537 53820121030 539 - (djm) OpenBSD CVS Sync 540 - markus@cvs.openbsd.org 2012/10/05 12:34:39 541 [sftp.c] 542 fix signed vs unsigned warning; feedback & ok: djm@ 543 - djm@cvs.openbsd.org 2012/10/30 21:29:55 544 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] 545 [sshd.c sshd_config sshd_config.5] 546 new sshd_config option AuthorizedKeysCommand to support fetching 547 authorized_keys from a command in addition to (or instead of) from 548 the filesystem. The command is run as the target server user unless 549 another specified via a new AuthorizedKeysCommandUser option. 550 551 patch originally by jchadima AT redhat.com, reworked by me; feedback 552 and ok markus@ 553 55420121019 555 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in 556 the generated file as intended. 557 55820121005 559 - (dtucker) OpenBSD CVS Sync 560 - djm@cvs.openbsd.org 2012/09/17 09:54:44 561 [sftp.c] 562 an XXX for later 563 - markus@cvs.openbsd.org 2012/09/17 13:04:11 564 [packet.c] 565 clear old keys on rekeing; ok djm 566 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 567 [sftp.c] 568 Add bounds check on sftp tab-completion. Part of a patch from from 569 Jean-Marc Robert via tech@, ok djm 570 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 571 [sftp.c] 572 Fix improper handling of absolute paths when PWD is part of the completed 573 path. Patch from Jean-Marc Robert via tech@, ok djm. 574 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 575 [sftp.c] 576 Fix handling of filenames containing escaped globbing characters and 577 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. 578 - jmc@cvs.openbsd.org 2012/09/26 16:12:13 579 [ssh.1] 580 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 581 references into a STANDARDS section; 582 - naddy@cvs.openbsd.org 2012/10/01 13:59:51 583 [monitor_wrap.c] 584 pasto; ok djm@ 585 - djm@cvs.openbsd.org 2012/10/02 07:07:45 586 [ssh-keygen.c] 587 fix -z option, broken in revision 1.215 588 - markus@cvs.openbsd.org 2012/10/04 13:21:50 589 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] 590 add umac128 variant; ok djm@ at n2k12 591 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07 592 [regress/try-ciphers.sh] 593 Restore missing space. (Id sync only). 594 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25 595 [regress/multiplex.sh] 596 Add test for ssh -Ostop 597 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21 598 [regress/multiplex.sh] 599 Log -O cmd output to the log file and make logging consistent with the 600 other tests. Test clean shutdown of an existing channel when testing 601 "stop". 602 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19 603 [regress/multiplex.sh] 604 use -Ocheck and waiting for completions by PID to make multiplexing test 605 less racy and (hopefully) more reliable on slow hardware. 606 - [Makefile umac.c] Add special-case target to build umac128.o. 607 - [umac.c] Enforce allowed umac output sizes. From djm@. 608 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom". 609 61020120917 611 - (dtucker) OpenBSD CVS Sync 612 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36 613 [servconf.c] 614 Fix comment line length 615 - markus@cvs.openbsd.org 2012/09/14 16:51:34 616 [sshconnect.c] 617 remove unused variable 618 61920120907 620 - (dtucker) OpenBSD CVS Sync 621 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13 622 [clientloop.c] 623 Make the escape command help (~?) context sensitive so that only commands 624 that will work in the current session are shown. ok markus@ 625 - jmc@cvs.openbsd.org 2012/09/06 13:57:42 626 [ssh.1] 627 missing letter in previous; 628 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19 629 [clientloop.c] 630 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ 631 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21 632 [clientloop.c] 633 Merge escape help text for ~v and ~V; ok djm@ 634 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21 635 [clientloop.c] 636 when muxmaster is run with -N, make it shut down gracefully when a client 637 sends it "-O stop" rather than hanging around (bz#1985). ok djm@ 638 63920120906 640 - (dtucker) OpenBSD CVS Sync 641 - jmc@cvs.openbsd.org 2012/08/15 18:25:50 642 [ssh-keygen.1] 643 a little more info on certificate validity; 644 requested by Ross L Richardson, and provided by djm 645 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 646 [clientloop.c clientloop.h mux.c] 647 Force a clean shutdown of ControlMaster client sessions when the ~. escape 648 sequence is used. This means that ~. should now work in mux clients even 649 if the server is no longer responding. Found by tedu, ok djm. 650 - djm@cvs.openbsd.org 2012/08/17 01:22:56 651 [kex.c] 652 add some comments about better handling first-KEX-follows notifications 653 from the server. Nothing uses these right now. No binary change 654 - djm@cvs.openbsd.org 2012/08/17 01:25:58 655 [ssh-keygen.c] 656 print details of which host lines were deleted when using 657 "ssh-keygen -R host"; ok markus@ 658 - djm@cvs.openbsd.org 2012/08/17 01:30:00 659 [compat.c sshconnect.c] 660 Send client banner immediately, rather than waiting for the server to 661 move first for SSH protocol 2 connections (the default). Patch based on 662 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ 663 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39 664 [clientloop.c log.c ssh.1 log.h] 665 Add ~v and ~V escape sequences to raise and lower the logging level 666 respectively. Man page help from jmc, ok deraadt jmc 667 66820120830 669 - (dtucker) [moduli] Import new moduli file. 670 67120120828 672 - (djm) Release openssh-6.1 673 67420120828 675 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN 676 for compatibility with future mingw-w64 headers. Patch from vinschen at 677 redhat com. 678 67920120822 680 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 681 [contrib/suse/openssh.spec] Update version numbers 682 68320120731 684 - (djm) OpenBSD CVS Sync 685 - jmc@cvs.openbsd.org 2012/07/06 06:38:03 686 [ssh-keygen.c] 687 missing full stop in usage(); 688 - djm@cvs.openbsd.org 2012/07/10 02:19:15 689 [servconf.c servconf.h sshd.c sshd_config] 690 Turn on systrace sandboxing of pre-auth sshd by default for new installs 691 by shipping a config that overrides the current UsePrivilegeSeparation=yes 692 default. Make it easier to flip the default in the future by adding too. 693 prodded markus@ feedback dtucker@ "get it in" deraadt@ 694 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 695 [servconf.c] 696 handle long comments in config files better. bz#2025, ok markus 697 - markus@cvs.openbsd.org 2012/07/22 18:19:21 698 [version.h] 699 openssh 6.1 700 70120120720 702 - (dtucker) Import regened moduli file. 703 70420120706 705 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is 706 not available. Allows use of sshd compiled on host with a filter-capable 707 kernel on hosts that lack the support. bz#2011 ok dtucker@ 708 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no 709 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT 710 esperi.org.uk; ok dtucker@ 711- (djm) OpenBSD CVS Sync 712 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 713 [moduli.c ssh-keygen.1 ssh-keygen.c] 714 Add options to specify starting line number and number of lines to process 715 when screening moduli candidates. This allows processing of different 716 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ 717 - djm@cvs.openbsd.org 2012/07/06 01:37:21 718 [mux.c] 719 fix memory leak of passed-in environment variables and connection 720 context when new session message is malformed; bz#2003 from Bert.Wesarg 721 AT googlemail.com 722 - djm@cvs.openbsd.org 2012/07/06 01:47:38 723 [ssh.c] 724 move setting of tty_flag to after config parsing so RequestTTY options 725 are correctly picked up. bz#1995 patch from przemoc AT gmail.com; 726 ok dtucker@ 727 72820120704 729 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 730 platforms that don't have it. "looks good" tim@ 731 73220120703 733 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with 734 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. 735 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not 736 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its 737 benefit is minor, so it's not worth disabling the sandbox if it doesn't 738 work. 739 74020120702 741- (dtucker) OpenBSD CVS Sync 742 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 743 [ssh_config.5 sshd_config.5] 744 match the documented MAC order of preference to the actual one; 745 ok dtucker@ 746 - markus@cvs.openbsd.org 2012/06/30 14:35:09 747 [sandbox-systrace.c sshd.c] 748 fix a during the load of the sandbox policies (child can still make 749 the read-syscall and wait forever for systrace-answers) by replacing 750 the read/write synchronisation with SIGSTOP/SIGCONT; 751 report and help hshoexer@; ok djm@, dtucker@ 752 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 753 [ssh.c] 754 set interactive ToS for forwarded X11 sessions. ok djm@ 755 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 756 [ssh-pkcs11-helper.c sftp-client.c] 757 fix a couple of "assigned but not used" warnings. ok markus@ 758 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 759 [regress/connect-privsep.sh] 760 remove exit from end of test since it prevents reporting failure 761 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] 762 Move cygwin detection to test-exec and use to skip reexec test on cygwin. 763 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. 764 76520120629 766 - OpenBSD CVS Sync 767 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 768 [addrmatch.c] 769 fix strlcpy truncation check. from carsten at debian org, ok markus 770 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 771 [monitor.c sshconnect2.c] 772 remove dead code following 'for (;;)' loops. 773 From Steve.McClellan at radisys com, ok markus@ 774 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 775 [sftp.c] 776 Remove unused variable leftover from tab-completion changes. 777 From Steve.McClellan at radisys com, ok markus@ 778 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 779 [sandbox-systrace.c] 780 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation 781 sandbox" since malloc now uses it. From johnw.mail at gmail com. 782 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 783 [mac.c myproposal.h ssh_config.5 sshd_config.5] 784 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 785 from draft6 of the spec and will not be in the RFC when published. Patch 786 from mdb at juniper net via bz#2023, ok markus. 787 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 788 [ssh_config.5 sshd_config.5] 789 match the documented MAC order of preference to the actual one; ok dtucker@ 790 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 791 [regress/addrmatch.sh] 792 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 793 to match. Feedback and ok djm@ markus@. 794 - djm@cvs.openbsd.org 2012/06/01 00:47:35 795 [regress/multiplex.sh regress/forwarding.sh] 796 append to rather than truncate test log; bz#2013 from openssh AT 797 roumenpetrov.info 798 - djm@cvs.openbsd.org 2012/06/01 00:52:52 799 [regress/sftp-cmds.sh] 800 don't delete .* on cleanup due to unintended env expansion; pointed out in 801 bz#2014 by openssh AT roumenpetrov.info 802 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 803 [regress/connect-privsep.sh] 804 test sandbox with every malloc option 805 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 806 [regress/try-ciphers.sh regress/cipher-speed.sh] 807 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 808 from draft6 of the spec and will not be in the RFC when published. Patch 809 from mdb at juniper net via bz#2023, ok markus. 810 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. 811 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have 812 the required functions in libcrypto. 813 81420120628 815 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null 816 pointer deref in the client when built with LDNS and using DNSSEC with a 817 CNAME. Patch from gregdlg+mr at hochet info. 818 81920120622 820 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as 821 can logon as a service. Patch from vinschen at redhat com. 822 82320120620 824 - (djm) OpenBSD CVS Sync 825 - djm@cvs.openbsd.org 2011/12/02 00:41:56 826 [mux.c] 827 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 828 ok dtucker@ 829 - djm@cvs.openbsd.org 2011/12/04 23:16:12 830 [mux.c] 831 revert: 832 > revision 1.32 833 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 834 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 835 > ok dtucker@ 836 it interacts badly with ControlPersist 837 - djm@cvs.openbsd.org 2012/01/07 21:11:36 838 [mux.c] 839 fix double-free in new session handler 840 NB. Id sync only 841 - djm@cvs.openbsd.org 2012/05/23 03:28:28 842 [dns.c dns.h key.c key.h ssh-keygen.c] 843 add support for RFC6594 SSHFP DNS records for ECDSA key types. 844 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ 845 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black) 846 - djm@cvs.openbsd.org 2012/06/01 00:49:35 847 [PROTOCOL.mux] 848 correct types of port numbers (integers, not strings); bz#2004 from 849 bert.wesarg AT googlemail.com 850 - djm@cvs.openbsd.org 2012/06/01 01:01:22 851 [mux.c] 852 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg 853 AT googlemail.com 854 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 855 [jpake.c] 856 correct sizeof usage. patch from saw at online.de, ok deraadt 857 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 858 [ssh_config.5] 859 RSA instead of DSA twice. From Steve.McClellan at radisys com 860 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 861 [ssh.1 sshd.8] 862 Remove mention of 'three' key files since there are now four. From 863 Steve.McClellan at radisys com. 864 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 865 [ssh.1] 866 Clarify description of -W. Noted by Steve.McClellan at radisys com, 867 ok jmc 868 - markus@cvs.openbsd.org 2012/06/19 18:25:28 869 [servconf.c servconf.h sshd_config.5] 870 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} 871 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' 872 ok djm@ (back in March) 873 - jmc@cvs.openbsd.org 2012/06/19 21:35:54 874 [sshd_config.5] 875 tweak previous; ok markus 876 - djm@cvs.openbsd.org 2012/06/20 04:42:58 877 [clientloop.c serverloop.c] 878 initialise accept() backoff timer to avoid EINVAL from select(2) in 879 rekeying 880 88120120519 882 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch 883 from cjwatson at debian org. 884 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find 885 pkg-config so it does the right thing when cross-compiling. Patch from 886 cjwatson at debian org. 887- (dtucker) OpenBSD CVS Sync 888 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 889 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] 890 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 891 to match. Feedback and ok djm@ markus@. 892 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 893 [sshd_config.5] 894 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron 895 89620120504 897 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> 898 to fix building on some plaforms. Fom bowman at math utah edu and 899 des at des no. 900 90120120427 902 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 903 platform rather than exiting early, so that we still clean up and return 904 success or failure to test-exec.sh 905 90620120426 907 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters 908 via Niels 909 - (djm) [auth-krb5.c] Save errno across calls that might modify it; 910 ok dtucker@ 911 91220120423 913 - OpenBSD CVS Sync 914 - djm@cvs.openbsd.org 2012/04/23 08:18:17 915 [channels.c] 916 fix function proto/source mismatch 917 91820120422 919 - OpenBSD CVS Sync 920 - djm@cvs.openbsd.org 2012/02/29 11:21:26 921 [ssh-keygen.c] 922 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ 923 - guenther@cvs.openbsd.org 2012/03/15 03:10:27 924 [session.c] 925 root should always be excluded from the test for /etc/nologin instead 926 of having it always enforced even when marked as ignorenologin. This 927 regressed when the logic was incompletely flipped around in rev 1.251 928 ok halex@ millert@ 929 - djm@cvs.openbsd.org 2012/03/28 07:23:22 930 [PROTOCOL.certkeys] 931 explain certificate extensions/crit split rationale. Mention requirement 932 that each appear at most once per cert. 933 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 934 [channels.c channels.h servconf.c] 935 Add PermitOpen none option based on patch from Loganaden Velvindron 936 (bz #1949). ok djm@ 937 - djm@cvs.openbsd.org 2012/04/11 13:16:19 938 [channels.c channels.h clientloop.c serverloop.c] 939 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 940 while; ok deraadt@ markus@ 941 - djm@cvs.openbsd.org 2012/04/11 13:17:54 942 [auth.c] 943 Support "none" as an argument for AuthorizedPrincipalsFile to indicate 944 no file should be read. 945 - djm@cvs.openbsd.org 2012/04/11 13:26:40 946 [sshd.c] 947 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 948 while; ok deraadt@ markus@ 949 - djm@cvs.openbsd.org 2012/04/11 13:34:17 950 [ssh-keyscan.1 ssh-keyscan.c] 951 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also 952 look for them by default; bz#1971 953 - djm@cvs.openbsd.org 2012/04/12 02:42:32 954 [servconf.c servconf.h sshd.c sshd_config sshd_config.5] 955 VersionAddendum option to allow server operators to append some arbitrary 956 text to the SSH-... banner; ok deraadt@ "don't care" markus@ 957 - djm@cvs.openbsd.org 2012/04/12 02:43:55 958 [sshd_config sshd_config.5] 959 mention AuthorizedPrincipalsFile=none default 960 - djm@cvs.openbsd.org 2012/04/20 03:24:23 961 [sftp.c] 962 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) 963 - jmc@cvs.openbsd.org 2012/04/20 16:26:22 964 [ssh.1] 965 use "brackets" instead of "braces", for consistency; 966 96720120420 968 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 969 [contrib/suse/openssh.spec] Update for release 6.0 970 - (djm) [README] Update URL to release notes. 971 - (djm) Release openssh-6.0 972 97320120419 974 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil 975 contains openpty() but not login() 976 97720120404 978 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox 979 mode for Linux's new seccomp filter; patch from Will Drewry; feedback 980 and ok dtucker@ 981 98220120330 983 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING 984 file from spec file. From crighter at nuclioss com. 985 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running 986 openssh binaries on a newer fix release than they were compiled on. 987 with and ok dtucker@ 988 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect 989 assumptions when building on Cygwin; patch from Corinna Vinschen 990 99120120309 992 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux 993 systems where sshd is run in te wrong context. Patch from Sven 994 Vermeulen; ok dtucker@ 995 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 996 addressed connections. ok dtucker@ 997 99820120224 999 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM 1000 audit breakage in Solaris 11. Patch from Magnus Johansson. 1001 100220120215 1003 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for 1004 unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c 1005 ok dtucker@ 1006 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so 1007 it actually works. 1008 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote 1009 to work. Spotted by Angel Gonzalez 1010 101120120214 1012 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of 1013 preserved Cygwin environment variables; from Corinna Vinschen 1014 101520120211 1016 - (djm) OpenBSD CVS Sync 1017 - djm@cvs.openbsd.org 2012/01/05 00:16:56 1018 [monitor.c] 1019 memleak on error path 1020 - djm@cvs.openbsd.org 2012/01/07 21:11:36 1021 [mux.c] 1022 fix double-free in new session handler 1023 - miod@cvs.openbsd.org 2012/01/08 13:17:11 1024 [ssh-ecdsa.c] 1025 Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, 1026 ok markus@ 1027 - miod@cvs.openbsd.org 2012/01/16 20:34:09 1028 [ssh-pkcs11-client.c] 1029 Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. 1030 While there, be sure to buffer_clear() between send_msg() and recv_msg(). 1031 ok markus@ 1032 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 1033 [clientloop.c] 1034 Ensure that $DISPLAY contains only valid characters before using it to 1035 extract xauth data so that it can't be used to play local shell 1036 metacharacter games. Report from r00t_ati at ihteam.net, ok markus. 1037 - markus@cvs.openbsd.org 2012/01/25 19:26:43 1038 [packet.c] 1039 do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; 1040 ok dtucker@, djm@ 1041 - markus@cvs.openbsd.org 2012/01/25 19:36:31 1042 [authfile.c] 1043 memleak in key_load_file(); from Jan Klemkow 1044 - markus@cvs.openbsd.org 2012/01/25 19:40:09 1045 [packet.c packet.h] 1046 packet_read_poll() is not used anymore. 1047 - markus@cvs.openbsd.org 2012/02/09 20:00:18 1048 [version.h] 1049 move from 6.0-beta to 6.0 1050 105120120206 1052 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms 1053 that don't support ECC. Patch from Phil Oleson 1054 105520111219 1056 - OpenBSD CVS Sync 1057 - djm@cvs.openbsd.org 2011/12/02 00:41:56 1058 [mux.c] 1059 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1060 ok dtucker@ 1061 - djm@cvs.openbsd.org 2011/12/02 00:43:57 1062 [mac.c] 1063 fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before 1064 HMAC_init (this change in policy seems insane to me) 1065 ok dtucker@ 1066 - djm@cvs.openbsd.org 2011/12/04 23:16:12 1067 [mux.c] 1068 revert: 1069 > revision 1.32 1070 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 1071 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1072 > ok dtucker@ 1073 it interacts badly with ControlPersist 1074 - djm@cvs.openbsd.org 2011/12/07 05:44:38 1075 [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] 1076 fix some harmless and/or unreachable int overflows; 1077 reported Xi Wang, ok markus@ 1078 107920111125 1080 - OpenBSD CVS Sync 1081 - oga@cvs.openbsd.org 2011/11/16 12:24:28 1082 [sftp.c] 1083 Don't leak list in complete_cmd_parse if there are no commands found. 1084 Discovered when I was ``borrowing'' this code for something else. 1085 ok djm@ 1086 108720111121 1088 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 1089 109020111104 1091 - (dtucker) OpenBSD CVS Sync 1092 - djm@cvs.openbsd.org 2011/10/18 05:15:28 1093 [ssh.c] 1094 ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ 1095 - djm@cvs.openbsd.org 2011/10/18 23:37:42 1096 [ssh-add.c] 1097 add -k to usage(); reminded by jmc@ 1098 - djm@cvs.openbsd.org 2011/10/19 00:06:10 1099 [moduli.c] 1100 s/tmpfile/tmp/ to make this -Wshadow clean 1101 - djm@cvs.openbsd.org 2011/10/19 10:39:48 1102 [umac.c] 1103 typo in comment; patch from Michael W. Bombardieri 1104 - djm@cvs.openbsd.org 2011/10/24 02:10:46 1105 [ssh.c] 1106 bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh 1107 was incorrectly requesting the forward in both the control master and 1108 slave. skip requesting it in the master to fix. ok markus@ 1109 - djm@cvs.openbsd.org 2011/10/24 02:13:13 1110 [session.c] 1111 bz#1859: send tty break to pty master instead of (probably already 1112 closed) slave side; "looks good" markus@ 1113 - dtucker@cvs.openbsd.org 011/11/04 00:09:39 1114 [moduli] 1115 regenerated moduli file; ok deraadt 1116 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in 1117 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] 1118 bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library 1119 which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) 1120 with some rework from myself and djm. ok djm. 1121 112220111025 1123 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file 1124 fails. Patch from Corinna Vinschen. 1125 112620111018 1127 - (djm) OpenBSD CVS Sync 1128 - djm@cvs.openbsd.org 2011/10/04 14:17:32 1129 [sftp-glob.c] 1130 silence error spam for "ls */foo" in directory with files; bz#1683 1131 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 1132 [moduli.c ssh-keygen.1 ssh-keygen.c] 1133 Add optional checkpoints for moduli screening. feedback & ok deraadt 1134 - jmc@cvs.openbsd.org 2011/10/16 15:02:41 1135 [ssh-keygen.c] 1136 put -K in the right place (usage()); 1137 - stsp@cvs.openbsd.org 2011/10/16 15:51:39 1138 [moduli.c] 1139 add missing includes to unbreak tree; fix from rpointel 1140 - djm@cvs.openbsd.org 2011/10/18 04:58:26 1141 [auth-options.c key.c] 1142 remove explict search for \0 in packet strings, this job is now done 1143 implicitly by buffer_get_cstring; ok markus 1144 - djm@cvs.openbsd.org 2011/10/18 05:00:48 1145 [ssh-add.1 ssh-add.c] 1146 new "ssh-add -k" option to load plain keys (skipping certificates); 1147 "looks ok" markus@ 1148 114920111001 1150 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm 1151 - (dtucker) OpenBSD CVS Sync 1152 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 1153 [channels.c auth-options.c servconf.c channels.h sshd.8] 1154 Add wildcard support to PermitOpen, allowing things like "PermitOpen 1155 localhost:*". bz #1857, ok djm markus. 1156 - markus@cvs.openbsd.org 2011/09/23 07:45:05 1157 [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c 1158 version.h] 1159 unbreak remote portforwarding with dynamic allocated listen ports: 1160 1) send the actual listen port in the open message (instead of 0). 1161 this allows multiple forwardings with a dynamic listen port 1162 2) update the matching permit-open entry, so we can identify where 1163 to connect to 1164 report: den at skbkontur.ru and P. Szczygielski 1165 feedback and ok djm@ 1166 - djm@cvs.openbsd.org 2011/09/25 05:44:47 1167 [auth2-pubkey.c] 1168 improve the AuthorizedPrincipalsFile debug log message to include 1169 file and line number 1170 - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 1171 [sshd.c] 1172 don't attempt privsep cleanup when not using privsep; ok markus@ 1173 - djm@cvs.openbsd.org 2011/09/30 21:22:49 1174 [sshd.c] 1175 fix inverted test that caused logspam; spotted by henning@ 1176 117720110929 1178 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch 1179 from des AT des.no 1180 - (dtucker) [configure.ac openbsd-compat/Makefile.in 1181 openbsd-compat/strnlen.c] Add strnlen to the compat library. 1182 118320110923 1184 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no 1185 longer want to sync this file (OpenBSD uses a __getcwd syscall now, we 1186 want this longhand version) 1187 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the 1188 upstream version is YPified and we don't want this 1189 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. 1190 The file was totally rewritten between what we had in tree and -current. 1191 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid 1192 marker. The upstream API has changed (function and structure names) 1193 enough to put it out of sync with other providers of this interface. 1194 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion 1195 of static __findenv() function from upstream setenv.c 1196 - OpenBSD CVS Sync 1197 - millert@cvs.openbsd.org 2006/05/05 15:27:38 1198 [openbsd-compat/strlcpy.c] 1199 Convert do {} while loop -> while {} for clarity. No binary change 1200 on most architectures. From Oliver Smith. OK deraadt@ and henning@ 1201 - tobias@cvs.openbsd.org 2007/10/21 11:09:30 1202 [openbsd-compat/mktemp.c] 1203 Comment fix about time consumption of _gettemp. 1204 FreeBSD did this in revision 1.20. 1205 OK deraadt@, krw@ 1206 - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 1207 [openbsd-compat/mktemp.c] 1208 use arc4random_uniform(); ok djm millert 1209 - millert@cvs.openbsd.org 2008/08/21 16:54:44 1210 [openbsd-compat/mktemp.c] 1211 Remove useless code, the kernel will set errno appropriately if an 1212 element in the path does not exist. OK deraadt@ pvalchev@ 1213 - otto@cvs.openbsd.org 2008/12/09 19:38:38 1214 [openbsd-compat/inet_ntop.c] 1215 fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon 1216 121720110922 1218 - OpenBSD CVS Sync 1219 - pyr@cvs.openbsd.org 2011/05/12 07:15:10 1220 [openbsd-compat/glob.c] 1221 When the max number of items for a directory has reached GLOB_LIMIT_READDIR 1222 an error is returned but closedir() is not called. 1223 spotted and fix provided by Frank Denis obsd-tech@pureftpd.org 1224 ok otto@, millert@ 1225 - stsp@cvs.openbsd.org 2011/09/20 10:18:46 1226 [glob.c] 1227 In glob(3), limit recursion during matching attempts. Similar to 1228 fnmatch fix. Also collapse consecutive '*' (from NetBSD). 1229 ok miod deraadt 1230 - djm@cvs.openbsd.org 2011/09/22 06:27:29 1231 [glob.c] 1232 fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being 1233 applied only to the gl_pathv vector and not the corresponding gl_statv 1234 array. reported in OpenSSH bz#1935; feedback and okay matthew@ 1235 - djm@cvs.openbsd.org 2011/08/26 01:45:15 1236 [ssh.1] 1237 Add some missing ssh_config(5) options that can be used in ssh(1)'s 1238 -o argument. Patch from duclare AT guu.fi 1239 - djm@cvs.openbsd.org 2011/09/05 05:56:13 1240 [scp.1 sftp.1] 1241 mention ControlPersist and KbdInteractiveAuthentication in the -o 1242 verbiage in these pages too (prompted by jmc@) 1243 - djm@cvs.openbsd.org 2011/09/05 05:59:08 1244 [misc.c] 1245 fix typo in IPQoS parsing: there is no "AF14" class, but there is 1246 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1247 - jmc@cvs.openbsd.org 2011/09/05 07:01:44 1248 [scp.1] 1249 knock out a useless Ns; 1250 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 1251 [ssh-keygen.1] 1252 typo (they vs the) found by Lawrence Teo 1253 - djm@cvs.openbsd.org 2011/09/09 00:43:00 1254 [ssh_config.5 sshd_config.5] 1255 fix typo in IPQoS parsing: there is no "AF14" class, but there is 1256 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1257 - djm@cvs.openbsd.org 2011/09/09 00:44:07 1258 [PROTOCOL.mux] 1259 MUX_C_CLOSE_FWD includes forward type in message (though it isn't 1260 implemented anyway) 1261 - djm@cvs.openbsd.org 2011/09/09 22:37:01 1262 [scp.c] 1263 suppress adding '--' to remote commandlines when the first argument 1264 does not start with '-'. saves breakage on some difficult-to-upgrade 1265 embedded/router platforms; feedback & ok dtucker ok markus 1266 - djm@cvs.openbsd.org 2011/09/09 22:38:21 1267 [sshd.c] 1268 kill the preauth privsep child on fatal errors in the monitor; 1269 ok markus@ 1270 - djm@cvs.openbsd.org 2011/09/09 22:46:44 1271 [channels.c channels.h clientloop.h mux.c ssh.c] 1272 support for cancelling local and remote port forwards via the multiplex 1273 socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request 1274 the cancellation of the specified forwardings; ok markus@ 1275 - markus@cvs.openbsd.org 2011/09/10 22:26:34 1276 [channels.c channels.h clientloop.c ssh.1] 1277 support cancellation of local/dynamic forwardings from ~C commandline; 1278 ok & feedback djm@ 1279 - okan@cvs.openbsd.org 2011/09/11 06:59:05 1280 [ssh.1] 1281 document new -O cancel command; ok djm@ 1282 - markus@cvs.openbsd.org 2011/09/11 16:07:26 1283 [sftp-client.c] 1284 fix leaks in do_hardlink() and do_readlink(); bz#1921 1285 from Loganaden Velvindron 1286 - markus@cvs.openbsd.org 2011/09/12 08:46:15 1287 [sftp-client.c] 1288 fix leak in do_lsreaddir(); ok djm 1289 - djm@cvs.openbsd.org 2011/09/22 06:29:03 1290 [sftp.c] 1291 don't let remote_glob() implicitly sort its results in do_globbed_ls() - 1292 in all likelihood, they will be resorted anyway 1293 129420110909 1295 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From 1296 Colin Watson. 1297 129820110906 1299 - (djm) [README version.h] Correct version 1300 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon 1301 - (djm) Respin OpenSSH-5.9p1 release 1302 130320110905 1304 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1305 [contrib/suse/openssh.spec] Update version numbers. 1306 130720110904 1308 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal 1309 regress errors for the sandbox to warnings. ok tim dtucker 1310 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations 1311 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen 1312 support. 1313 131420110829 1315 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting 1316 to switch SELinux context away from unconfined_t, based on patch from 1317 Jan Chadima; bz#1919 ok dtucker@ 1318 131920110827 1320 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. 1321 132220110818 1323 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 1324 132520110817 1326 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for 1327 OpenSSL 0.9.7. ok djm 1328 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] 1329 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen 1330 - (djm) [configure.ac] error out if the host lacks the necessary bits for 1331 an explicitly requested sandbox type 1332 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by 1333 bisson AT archlinux.org 1334 - (djm) OpenBSD CVS Sync 1335 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 1336 [regress/cfgmatch.sh] 1337 use OBJ to find test configs, patch from Tim Rice 1338 - markus@cvs.openbsd.org 2011/06/30 22:44:43 1339 [regress/connect-privsep.sh] 1340 test with sandbox enabled; ok djm@ 1341 - djm@cvs.openbsd.org 2011/08/02 01:23:41 1342 [regress/cipher-speed.sh regress/try-ciphers.sh] 1343 add SHA256/SHA512 based HMAC modes 1344 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 1345 MAC tests for platforms that hack EVP_SHA2 support 1346 134720110812 1348 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context 1349 change error by reporting old and new context names Patch from 1350 jchadima at redhat. 1351 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] 1352 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES 1353 init scrips from imorgan AT nas.nasa.gov; bz#1920 1354 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the 1355 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin 1356 AT gmail.com; ok dtucker@ 1357 135820110807 1359 - (dtucker) OpenBSD CVS Sync 1360 - jmc@cvs.openbsd.org 2008/06/26 06:59:39 1361 [moduli.5] 1362 tweak previous; 1363 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 1364 [moduli.5] 1365 "Diffie-Hellman" is the usual spelling for the cryptographic protocol 1366 first published by Whitfield Diffie and Martin Hellman in 1976. 1367 ok jmc@ 1368 - jmc@cvs.openbsd.org 2010/10/14 20:41:28 1369 [moduli.5] 1370 probabalistic -> probabilistic; from naddy 1371 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 1372 [sftp.1] 1373 typo, fix from Laurent Gautrot 1374 137520110805 1376 - OpenBSD CVS Sync 1377 - djm@cvs.openbsd.org 2011/06/23 23:35:42 1378 [monitor.c] 1379 ignore EINTR errors from poll() 1380 - tedu@cvs.openbsd.org 2011/07/06 18:09:21 1381 [authfd.c] 1382 bzero the agent address. the kernel was for a while very cranky about 1383 these things. evne though that's fixed, always good to initialize 1384 memory. ok deraadt djm 1385 - djm@cvs.openbsd.org 2011/07/29 14:42:45 1386 [sandbox-systrace.c] 1387 fail open(2) with EPERM rather than SIGKILLing the whole process. libc 1388 will call open() to do strerror() when NLS is enabled; 1389 feedback and ok markus@ 1390 - markus@cvs.openbsd.org 2011/08/01 19:18:15 1391 [gss-serv.c] 1392 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); 1393 report Adam Zabrock; ok djm@, deraadt@ 1394 - djm@cvs.openbsd.org 2011/08/02 01:22:11 1395 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] 1396 Add new SHA256 and SHA512 based HMAC modes from 1397 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt 1398 Patch from mdb AT juniper.net; feedback and ok markus@ 1399 - djm@cvs.openbsd.org 2011/08/02 23:13:01 1400 [version.h] 1401 crank now, release later 1402 - djm@cvs.openbsd.org 2011/08/02 23:15:03 1403 [ssh.c] 1404 typo in comment 1405 140620110624 1407 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for 1408 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing 1409 markus@ 1410 141120110623 1412 - OpenBSD CVS Sync 1413 - djm@cvs.openbsd.org 2011/06/22 21:47:28 1414 [servconf.c] 1415 reuse the multistate option arrays to pretty-print options for "sshd -T" 1416 - djm@cvs.openbsd.org 2011/06/22 21:57:01 1417 [servconf.c servconf.h sshd.c sshd_config.5] 1418 [configure.ac Makefile.in] 1419 introduce sandboxing of the pre-auth privsep child using systrace(4). 1420 1421 This introduces a new "UsePrivilegeSeparation=sandbox" option for 1422 sshd_config that applies mandatory restrictions on the syscalls the 1423 privsep child can perform. This prevents a compromised privsep child 1424 from being used to attack other hosts (by opening sockets and proxying) 1425 or probing local kernel attack surface. 1426 1427 The sandbox is implemented using systrace(4) in unsupervised "fast-path" 1428 mode, where a list of permitted syscalls is supplied. Any syscall not 1429 on the list results in SIGKILL being sent to the privsep child. Note 1430 that this requires a kernel with the new SYSTR_POLICY_KILL option. 1431 1432 UsePrivilegeSeparation=sandbox will become the default in the future 1433 so please start testing it now. 1434 1435 feedback dtucker@; ok markus@ 1436 - djm@cvs.openbsd.org 2011/06/22 22:08:42 1437 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] 1438 hook up a channel confirm callback to warn the user then requested X11 1439 forwarding was refused by the server; ok markus@ 1440 - djm@cvs.openbsd.org 2011/06/23 09:34:13 1441 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] 1442 [sandbox-null.c] 1443 rename sandbox.h => ssh-sandbox.h to make things easier for portable 1444 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support 1445 setrlimit(2) 1446 144720110620 1448 - OpenBSD CVS Sync 1449 - djm@cvs.openbsd.org 2011/06/04 00:10:26 1450 [ssh_config.5] 1451 explain IdentifyFile's semantics a little better, prompted by bz#1898 1452 ok dtucker jmc 1453 - markus@cvs.openbsd.org 2011/06/14 22:49:18 1454 [authfile.c] 1455 make sure key_parse_public/private_rsa1() no longer consumes its input 1456 buffer. fixes ssh-add for passphrase-protected ssh1-keys; 1457 noted by naddy@; ok djm@ 1458 - djm@cvs.openbsd.org 2011/06/17 21:44:31 1459 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] 1460 make the pre-auth privsep slave log via a socketpair shared with the 1461 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ 1462 - djm@cvs.openbsd.org 2011/06/17 21:46:16 1463 [sftp-server.c] 1464 the protocol version should be unsigned; bz#1913 reported by mb AT 1465 smartftp.com 1466 - djm@cvs.openbsd.org 2011/06/17 21:47:35 1467 [servconf.c] 1468 factor out multi-choice option parsing into a parse_multistate label 1469 and some support structures; ok dtucker@ 1470 - djm@cvs.openbsd.org 2011/06/17 21:57:25 1471 [clientloop.c] 1472 setproctitle for a mux master that has been gracefully stopped; 1473 bz#1911 from Bert.Wesarg AT googlemail.com 1474 147520110603 1476 - (dtucker) [README version.h contrib/caldera/openssh.spec 1477 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version 1478 bumps from the 5.8p2 branch into HEAD. ok djm. 1479 - (tim) [configure.ac defines.h] Run test program to detect system mail 1480 directory. Add --with-maildir option to override. Fixed OpenServer 6 1481 getting it wrong. Fixed many systems having MAIL=/var/mail//username 1482 ok dtucker 1483 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair 1484 unconditionally in other places and the survey data we have does not show 1485 any systems that use it. "nuke it" djm@ 1486 - (djm) [configure.ac] enable setproctitle emulation for OS X 1487 - (djm) OpenBSD CVS Sync 1488 - djm@cvs.openbsd.org 2011/06/03 00:54:38 1489 [ssh.c] 1490 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg 1491 AT googlemail.com; ok dtucker@ 1492 NB. includes additional portability code to enable setproctitle emulation 1493 on platforms that don't support it. 1494 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 1495 [ssh-agent.c] 1496 Check current parent process ID against saved one to determine if the parent 1497 has exited, rather than attempting to send a zero signal, since the latter 1498 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn 1499 Gillmor, ok djm@ 1500 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 1501 [regress/dynamic-forward.sh] 1502 back out revs 1.6 and 1.5 since it's not reliable 1503 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 1504 [regress/dynamic-forward.sh] 1505 work around startup and teardown races; caught by deraadt 1506 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 1507 [regress/dynamic-forward.sh] 1508 Retry establishing the port forwarding after a small delay, should make 1509 the tests less flaky when the previous test is slow to shut down and free 1510 up the port. 1511 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. 1512 151320110529 1514 - (djm) OpenBSD CVS Sync 1515 - djm@cvs.openbsd.org 2011/05/23 03:30:07 1516 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] 1517 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] 1518 allow AuthorizedKeysFile to specify multiple files, separated by spaces. 1519 Bring back authorized_keys2 as a default search path (to avoid breaking 1520 existing users of this file), but override this in sshd_config so it will 1521 be no longer used on fresh installs. Maybe in 2015 we can remove it 1522 entierly :) 1523 1524 feedback and ok markus@ dtucker@ 1525 - djm@cvs.openbsd.org 2011/05/23 03:33:38 1526 [auth.c] 1527 make secure_filename() spam debug logs less 1528 - djm@cvs.openbsd.org 2011/05/23 03:52:55 1529 [sshconnect.c] 1530 remove extra newline 1531 - jmc@cvs.openbsd.org 2011/05/23 07:10:21 1532 [sshd.8 sshd_config.5] 1533 tweak previous; ok djm 1534 - djm@cvs.openbsd.org 2011/05/23 07:24:57 1535 [authfile.c] 1536 read in key comments for v.2 keys (though note that these are not 1537 passed over the agent protocol); bz#439, based on patch from binder 1538 AT arago.de; ok markus@ 1539 - djm@cvs.openbsd.org 2011/05/24 07:15:47 1540 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] 1541 Remove undocumented legacy options UserKnownHostsFile2 and 1542 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile 1543 accept multiple paths per line and making their defaults include 1544 known_hosts2; ok markus 1545 - djm@cvs.openbsd.org 2011/05/23 03:31:31 1546 [regress/cfgmatch.sh] 1547 include testing of multiple/overridden AuthorizedKeysFiles 1548 refactor to simply daemon start/stop and get rid of racy constructs 1549 155020110520 1551 - (djm) [session.c] call setexeccon() before executing passwd for pw 1552 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ 1553 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options 1554 options, we should corresponding -W-option when trying to determine 1555 whether it is accepted. Also includes a warning fix on the program 1556 fragment uses (bad main() return type). 1557 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ 1558 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 1559 - OpenBSD CVS Sync 1560 - djm@cvs.openbsd.org 2011/05/15 08:09:01 1561 [authfd.c monitor.c serverloop.c] 1562 use FD_CLOEXEC consistently; patch from zion AT x96.org 1563 - djm@cvs.openbsd.org 2011/05/17 07:13:31 1564 [key.c] 1565 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1566 and fix the regress test that was trying to generate them :) 1567 - djm@cvs.openbsd.org 2011/05/20 00:55:02 1568 [servconf.c] 1569 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile 1570 and AuthorizedPrincipalsFile were not being correctly applied in 1571 Match blocks, despite being overridable there; ok dtucker@ 1572 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 1573 [servconf.c] 1574 Add comment documenting what should be after the preauth check. ok djm 1575 - djm@cvs.openbsd.org 2011/05/20 03:25:45 1576 [monitor.c monitor_wrap.c servconf.c servconf.h] 1577 use a macro to define which string options to copy between configs 1578 for Match. This avoids problems caused by forgetting to keep three 1579 code locations in perfect sync and ordering 1580 1581 "this is at once beautiful and horrible" + ok dtucker@ 1582 - djm@cvs.openbsd.org 2011/05/17 07:13:31 1583 [regress/cert-userkey.sh] 1584 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1585 and fix the regress test that was trying to generate them :) 1586 - djm@cvs.openbsd.org 2011/05/20 02:43:36 1587 [cert-hostkey.sh] 1588 another attempt to generate a v00 ECDSA key that broke the test 1589 ID sync only - portable already had this somehow 1590 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 1591 [dynamic-forward.sh] 1592 Prevent races in dynamic forwarding test; ok djm 1593 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 1594 [dynamic-forward.sh] 1595 fix dumb error in dynamic-forward test 1596 159720110515 1598 - (djm) OpenBSD CVS Sync 1599 - djm@cvs.openbsd.org 2011/05/05 05:12:08 1600 [mux.c] 1601 gracefully fall back when ControlPath is too large for a 1602 sockaddr_un. ok markus@ as part of a larger diff 1603 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 1604 [sshd_config] 1605 clarify language about overriding defaults. bz#1892, from Petr Cerny 1606 - djm@cvs.openbsd.org 2011/05/06 01:09:53 1607 [sftp.1] 1608 mention that IPv6 addresses must be enclosed in square brackets; 1609 bz#1845 1610 - djm@cvs.openbsd.org 2011/05/06 02:05:41 1611 [sshconnect2.c] 1612 fix memory leak; bz#1849 ok dtucker@ 1613 - djm@cvs.openbsd.org 2011/05/06 21:14:05 1614 [packet.c packet.h] 1615 set traffic class for IPv6 traffic as we do for IPv4 TOS; 1616 patch from lionel AT mamane.lu via Colin Watson in bz#1855; 1617 ok markus@ 1618 - djm@cvs.openbsd.org 2011/05/06 21:18:02 1619 [ssh.c ssh_config.5] 1620 add a %L expansion (short-form of the local host name) for ControlPath; 1621 sync some more expansions with LocalCommand; ok markus@ 1622 - djm@cvs.openbsd.org 2011/05/06 21:31:38 1623 [readconf.c ssh_config.5] 1624 support negated Host matching, e.g. 1625 1626 Host *.example.org !c.example.org 1627 User mekmitasdigoat 1628 1629 Will match "a.example.org", "b.example.org", but not "c.example.org" 1630 ok markus@ 1631 - djm@cvs.openbsd.org 2011/05/06 21:34:32 1632 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] 1633 Add a RequestTTY ssh_config option to allow configuration-based 1634 control over tty allocation (like -t/-T); ok markus@ 1635 - djm@cvs.openbsd.org 2011/05/06 21:38:58 1636 [ssh.c] 1637 fix dropping from previous diff 1638 - djm@cvs.openbsd.org 2011/05/06 22:20:10 1639 [PROTOCOL.mux] 1640 fix numbering; from bert.wesarg AT googlemail.com 1641 - jmc@cvs.openbsd.org 2011/05/07 23:19:39 1642 [ssh_config.5] 1643 - tweak previous 1644 - come consistency fixes 1645 ok djm 1646 - jmc@cvs.openbsd.org 2011/05/07 23:20:25 1647 [ssh.1] 1648 +.It RequestTTY 1649 - djm@cvs.openbsd.org 2011/05/08 12:52:01 1650 [PROTOCOL.mux clientloop.c clientloop.h mux.c] 1651 improve our behaviour when TTY allocation fails: if we are in 1652 RequestTTY=auto mode (the default), then do not treat at TTY 1653 allocation error as fatal but rather just restore the local TTY 1654 to cooked mode and continue. This is more graceful on devices that 1655 never allocate TTYs. 1656 1657 If RequestTTY is set to "yes" or "force", then failure to allocate 1658 a TTY is fatal. 1659 1660 ok markus@ 1661 - djm@cvs.openbsd.org 2011/05/10 05:46:46 1662 [authfile.c] 1663 despam debug() logs by detecting that we are trying to load a private key 1664 in key_try_load_public() and returning early; ok markus@ 1665 - djm@cvs.openbsd.org 2011/05/11 04:47:06 1666 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] 1667 remove support for authorized_keys2; it is a relic from the early days 1668 of protocol v.2 support and has been undocumented for many years; 1669 ok markus@ 1670 - djm@cvs.openbsd.org 2011/05/13 00:05:36 1671 [authfile.c] 1672 warn on unexpected key type in key_parse_private_type() 1673 - (djm) [packet.c] unbreak portability #endif 1674 167520110510 1676 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 1677 --with-ssl-engine which was broken with the change from deprecated 1678 SSLeay_add_all_algorithms(). ok djm 1679 168020110506 1681 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype 1682 for closefrom() in test code. Report from Dan Wallis via Gentoo. 1683 168420110505 1685 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS 1686 definitions. From des AT des.no 1687 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 1688 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] 1689 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] 1690 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] 1691 [regress/README.regress] Remove ssh-rand-helper and all its 1692 tentacles. PRNGd seeding has been rolled into entropy.c directly. 1693 Thanks to tim@ for testing on affected platforms. 1694 - OpenBSD CVS Sync 1695 - djm@cvs.openbsd.org 2011/03/10 02:52:57 1696 [auth2-gss.c auth2.c auth.h] 1697 allow GSSAPI authentication to detect when a server-side failure causes 1698 authentication failure and don't count such failures against MaxAuthTries; 1699 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock 1700 - okan@cvs.openbsd.org 2011/03/15 10:36:02 1701 [ssh-keyscan.c] 1702 use timerclear macro 1703 ok djm@ 1704 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 1705 [ssh-keygen.1 ssh-keygen.c] 1706 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) 1707 for which host keys do not exist, generate the host keys with the 1708 default key file path, an empty passphrase, default bits for the key 1709 type, and default comment. This will be used by /etc/rc to generate 1710 new host keys. Idea from deraadt. 1711 ok deraadt 1712 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 1713 [ssh-keygen.1] 1714 -q not used in /etc/rc now so remove statement. 1715 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 1716 [ssh-keygen.c] 1717 remove -d, documentation removed >10 years ago; ok markus 1718 - jmc@cvs.openbsd.org 2011/03/24 15:29:30 1719 [ssh-keygen.1] 1720 zap trailing whitespace; 1721 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 1722 [ssh-keygen.c] 1723 use strcasecmp() for "clear" cert permission option also; ok djm 1724 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 1725 [misc.c misc.h servconf.c] 1726 print ipqos friendly string for sshd -T; ok markus 1727 # sshd -Tf sshd_config|grep ipqos 1728 ipqos lowdelay throughput 1729 - djm@cvs.openbsd.org 2011/04/12 04:23:50 1730 [ssh-keygen.c] 1731 fix -Wshadow 1732 - djm@cvs.openbsd.org 2011/04/12 05:32:49 1733 [sshd.c] 1734 exit with 0 status on SIGTERM; bz#1879 1735 - djm@cvs.openbsd.org 2011/04/13 04:02:48 1736 [ssh-keygen.1] 1737 improve wording; bz#1861 1738 - djm@cvs.openbsd.org 2011/04/13 04:09:37 1739 [ssh-keygen.1] 1740 mention valid -b sizes for ECDSA keys; bz#1862 1741 - djm@cvs.openbsd.org 2011/04/17 22:42:42 1742 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] 1743 allow graceful shutdown of multiplexing: request that a mux server 1744 removes its listener socket and refuse future multiplexing requests; 1745 ok markus@ 1746 - djm@cvs.openbsd.org 2011/04/18 00:46:05 1747 [ssh-keygen.c] 1748 certificate options are supposed to be packed in lexical order of 1749 option name (though we don't actually enforce this at present). 1750 Move one up that was out of sequence 1751 - djm@cvs.openbsd.org 2011/05/04 21:15:29 1752 [authfile.c authfile.h ssh-add.c] 1753 allow "ssh-add - < key"; feedback and ok markus@ 1754 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE 1755 so autoreconf 2.68 is happy. 1756 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ 1757 175820110221 1759 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the 1760 Cygwin-specific service installer script ssh-host-config. The actual 1761 functionality is the same, the revisited version is just more 1762 exact when it comes to check for problems which disallow to run 1763 certain aspects of the script. So, part of this script and the also 1764 rearranged service helper script library "csih" is to check if all 1765 the tools required to run the script are available on the system. 1766 The new script also is more thorough to inform the user why the 1767 script failed. Patch from vinschen at redhat com. 1768 176920110218 1770 - OpenBSD CVS Sync 1771 - djm@cvs.openbsd.org 2011/02/16 00:31:14 1772 [ssh-keysign.c] 1773 make hostbased auth with ECDSA keys work correctly. Based on patch 1774 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) 1775 177620110206 1777 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in 1778 selinux code. Patch from Leonardo Chiquitto 1779 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key 1780 generation and simplify. Patch from Corinna Vinschen. 1781 178220110204 1783 - OpenBSD CVS Sync 1784 - djm@cvs.openbsd.org 2011/01/31 21:42:15 1785 [PROTOCOL.mux] 1786 cut'n'pasto; from bert.wesarg AT googlemail.com 1787 - djm@cvs.openbsd.org 2011/02/04 00:44:21 1788 [key.c] 1789 fix uninitialised nonce variable; reported by Mateusz Kocielski 1790 - djm@cvs.openbsd.org 2011/02/04 00:44:43 1791 [version.h] 1792 openssh-5.8 1793 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1794 [contrib/suse/openssh.spec] update versions in docs and spec files. 1795 - Release OpenSSH 5.8p1 1796 179720110128 1798 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled 1799 before attempting setfscreatecon(). Check whether matchpathcon() 1800 succeeded before using its result. Patch from cjwatson AT debian.org; 1801 bz#1851 1802 180320110127 1804 - (tim) [config.guess config.sub] Sync with upstream. 1805 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete 1806 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with 1807 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white 1808 space changes for consistency/readability. Makes autoconf 2.68 happy. 1809 "Nice work" djm 1810 181120110125 1812 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 1813 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to 1814 port-linux.c to avoid compilation errors. Add -lselinux to ssh when 1815 building with SELinux support to avoid linking failure; report from 1816 amk AT spamfence.net; ok dtucker 1817 181820110122 1819 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 1820 RSA_get_default_method() for the benefit of openssl versions that don't 1821 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, 1822 ok djm@. 1823 - OpenBSD CVS Sync 1824 - djm@cvs.openbsd.org 2011/01/22 09:18:53 1825 [version.h] 1826 crank to OpenSSH-5.7 1827 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1828 [contrib/suse/openssh.spec] update versions in docs and spec files. 1829 - (djm) Release 5.7p1 1830 183120110119 1832 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead 1833 of RPM so build completes. Signatures were changed to .asc since 4.1p1. 1834 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 1835 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- 1836 release testing (random crashes and failure to load ECC keys). 1837 ok dtucker@ 1838 183920110117 1840 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in 1841 $PATH, fix cleanup of droppings; reported by openssh AT 1842 roumenpetrov.info; ok dtucker@ 1843 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding 1844 its unique snowflake of a gdb error to the ones we look for. 1845 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running 1846 ssh-add to avoid $SUDO failures on Linux 1847 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new 1848 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback 1849 to the old values. Feedback from vapier at gentoo org and djm, ok djm. 1850 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 1851 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are 1852 disabled on platforms that do not support them; add a "config_defined()" 1853 shell function that greps for defines in config.h and use them to decide 1854 on feature tests. 1855 Convert a couple of existing grep's over config.h to use the new function 1856 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent 1857 backslash characters in filenames, enable it for Cygwin and use it to turn 1858 of tests for quotes backslashes in sftp-glob.sh. 1859 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 1860 - (tim) [regress/agent-getpeereid.sh] shell portability fix. 1861 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on 1862 the tinderbox. 1863 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 1864 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem 1865 support, based on patches from Tomas Mraz and jchadima at redhat. 1866 186720110116 1868 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 1869 on configurations that don't have it. 1870 - OpenBSD CVS Sync 1871 - djm@cvs.openbsd.org 2011/01/16 11:50:05 1872 [clientloop.c] 1873 Use atomicio when flushing protocol 1 std{out,err} buffers at 1874 session close. This was a latent bug exposed by setting a SIGCHLD 1875 handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 1876 - djm@cvs.openbsd.org 2011/01/16 11:50:36 1877 [sshconnect.c] 1878 reset the SIGPIPE handler when forking to execute child processes; 1879 ok dtucker@ 1880 - djm@cvs.openbsd.org 2011/01/16 12:05:59 1881 [clientloop.c] 1882 a couple more tweaks to the post-close protocol 1 stderr/stdout flush: 1883 now that we use atomicio(), convert them from while loops to if statements 1884 add test and cast to compile cleanly with -Wsigned 1885 188620110114 1887 - OpenBSD CVS Sync 1888 - djm@cvs.openbsd.org 2011/01/13 21:54:53 1889 [mux.c] 1890 correct error messages; patch from bert.wesarg AT googlemail.com 1891 - djm@cvs.openbsd.org 2011/01/13 21:55:25 1892 [PROTOCOL.mux] 1893 correct protocol names and add a couple of missing protocol number 1894 defines; patch from bert.wesarg AT googlemail.com 1895 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in 1896 host-key-force target rather than a substitution that is replaced with a 1897 comment so that the Makefile.in is still a syntactically valid Makefile 1898 (useful to run the distprep target) 1899 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 1900 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some 1901 ecdsa bits. 1902 190320110113 1904 - (djm) [misc.c] include time.h for nanosleep() prototype 1905 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 1906 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 1907 ecdsa keys. ok djm. 1908 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid 1909 gcc warning on platforms where it defaults to int 1910 - (djm) [regress/Makefile] add a few more generated files to the clean 1911 target 1912 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad 1913 #define that was causing diffie-hellman-group-exchange-sha256 to be 1914 incorrectly disabled 1915 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 1916 should not depend on ECC support 1917 191820110112 1919 - OpenBSD CVS Sync 1920 - nicm@cvs.openbsd.org 2010/10/08 21:48:42 1921 [openbsd-compat/glob.c] 1922 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit 1923 from ARG_MAX to 64K. 1924 Fixes glob-using programs (notably ftp) able to be triggered to hit 1925 resource limits. 1926 Idea from a similar NetBSD change, original problem reported by jasper@. 1927 ok millert tedu jasper 1928 - djm@cvs.openbsd.org 2011/01/12 01:53:14 1929 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS 1930 and sanity check arguments (these will be unnecessary when we switch 1931 struct glob members from being type into to size_t in the future); 1932 "looks ok" tedu@ feedback guenther@ 1933 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 1934 silly warnings on write() calls we don't care succeed or not. 1935 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 1936 flag tests that don't depend on gcc version at all; suggested by and 1937 ok dtucker@ 1938 193920110111 1940 - (tim) [regress/host-expand.sh] Fix for building outside of read only 1941 source tree. 1942 - (djm) [platform.c] Some missing includes that show up under -Werror 1943 - OpenBSD CVS Sync 1944 - djm@cvs.openbsd.org 2011/01/08 10:51:51 1945 [clientloop.c] 1946 use host and not options.hostname, as the latter may have unescaped 1947 substitution characters 1948 - djm@cvs.openbsd.org 2011/01/11 06:06:09 1949 [sshlogin.c] 1950 fd leak on error paths; from zinovik@ 1951 NB. Id sync only; we use loginrec.c that was also audited and fixed 1952 recently 1953 - djm@cvs.openbsd.org 2011/01/11 06:13:10 1954 [clientloop.c ssh-keygen.c sshd.c] 1955 some unsigned long long casts that make things a bit easier for 1956 portable without resorting to dropping PRIu64 formats everywhere 1957 195820110109 1959 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by 1960 openssh AT roumenpetrov.info 1961 196220110108 1963 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress 1964 test on OSX and others. Reported by imorgan AT nas.nasa.gov 1965 196620110107 1967 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test 1968 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com 1969 - djm@cvs.openbsd.org 2011/01/06 22:23:53 1970 [ssh.c] 1971 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT 1972 googlemail.com; ok markus@ 1973 - djm@cvs.openbsd.org 2011/01/06 22:23:02 1974 [clientloop.c] 1975 when exiting due to ServerAliveTimeout, mention the hostname that caused 1976 it (useful with backgrounded controlmaster) 1977 - djm@cvs.openbsd.org 2011/01/06 22:46:21 1978 [regress/Makefile regress/host-expand.sh] 1979 regress test for LocalCommand %n expansion from bert.wesarg AT 1980 googlemail.com; ok markus@ 1981 - djm@cvs.openbsd.org 2011/01/06 23:01:35 1982 [sshconnect.c] 1983 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; 1984 ok markus@ 1985 198620110106 1987 - (djm) OpenBSD CVS Sync 1988 - markus@cvs.openbsd.org 2010/12/08 22:46:03 1989 [scp.1 scp.c] 1990 add a new -3 option to scp: Copies between two remote hosts are 1991 transferred through the local host. Without this option the data 1992 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) 1993 - jmc@cvs.openbsd.org 2010/12/09 14:13:33 1994 [scp.1 scp.c] 1995 scp.1: grammer fix 1996 scp.c: add -3 to usage() 1997 - markus@cvs.openbsd.org 2010/12/14 11:59:06 1998 [sshconnect.c] 1999 don't mention key type in key-changed-warning, since we also print 2000 this warning if a new key type appears. ok djm@ 2001 - djm@cvs.openbsd.org 2010/12/15 00:49:27 2002 [readpass.c] 2003 fix ControlMaster=ask regression 2004 reset SIGCHLD handler before fork (and restore it after) so we don't miss 2005 the the askpass child's exit status. Correct test for exit status/signal to 2006 account for waitpid() failure; with claudio@ ok claudio@ markus@ 2007 - djm@cvs.openbsd.org 2010/12/24 21:41:48 2008 [auth-options.c] 2009 don't send the actual forced command in a debug message; ok markus deraadt 2010 - otto@cvs.openbsd.org 2011/01/04 20:44:13 2011 [ssh-keyscan.c] 2012 handle ecdsa-sha2 with various key lengths; hint and ok djm@ 2013 201420110104 2015 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 2016 formatter if it is present, followed by nroff and groff respectively. 2017 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports 2018 in favour of mandoc). feedback and ok tim 2019 202020110103 2021 - (djm) [Makefile.in] revert local hack I didn't intend to commit 2022 202320110102 2024 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 2025 - (djm) [configure.ac] Check whether libdes is needed when building 2026 with Heimdal krb5 support. On OpenBSD this library no longer exists, 2027 so linking it unconditionally causes a build failure; ok dtucker 2028 202920101226 2030 - (dtucker) OpenBSD CVS Sync 2031 - djm@cvs.openbsd.org 2010/12/08 04:02:47 2032 [ssh_config.5 sshd_config.5] 2033 explain that IPQoS arguments are separated by whitespace; iirc requested 2034 by jmc@ a while back 2035 203620101205 2037 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from 2038 debugging. Spotted by djm. 2039 - (dtucker) OpenBSD CVS Sync 2040 - djm@cvs.openbsd.org 2010/12/03 23:49:26 2041 [schnorr.c] 2042 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao 2043 (this code is still disabled, but apprently people are treating it as 2044 a reference implementation) 2045 - djm@cvs.openbsd.org 2010/12/03 23:55:27 2046 [auth-rsa.c] 2047 move check for revoked keys to run earlier (in auth_rsa_key_allowed) 2048 bz#1829; patch from ldv AT altlinux.org; ok markus@ 2049 - djm@cvs.openbsd.org 2010/12/04 00:18:01 2050 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] 2051 add a protocol extension to support a hard link operation. It is 2052 available through the "ln" command in the client. The old "ln" 2053 behaviour of creating a symlink is available using its "-s" option 2054 or through the preexisting "symlink" command; based on a patch from 2055 miklos AT szeredi.hu in bz#1555; ok markus@ 2056 - djm@cvs.openbsd.org 2010/12/04 13:31:37 2057 [hostfile.c] 2058 fix fd leak; spotted and ok dtucker 2059 - djm@cvs.openbsd.org 2010/12/04 00:21:19 2060 [regress/sftp-cmds.sh] 2061 adjust for hard-link support 2062 - (dtucker) [regress/Makefile] Id sync. 2063 206420101204 2065 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) 2066 instead of (arc4random() % range) 2067 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 2068 shims for the new, non-deprecated OpenSSL key generation functions for 2069 platforms that don't have the new interfaces. 2070 207120101201 2072 - OpenBSD CVS Sync 2073 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 2074 [auth2-pubkey.c] 2075 clean up cases of ;; 2076 - djm@cvs.openbsd.org 2010/11/21 01:01:13 2077 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] 2078 honour $TMPDIR for client xauth and ssh-agent temporary directories; 2079 feedback and ok markus@ 2080 - djm@cvs.openbsd.org 2010/11/21 10:57:07 2081 [authfile.c] 2082 Refactor internals of private key loading and saving to work on memory 2083 buffers rather than directly on files. This will make a few things 2084 easier to do in the future; ok markus@ 2085 - djm@cvs.openbsd.org 2010/11/23 02:35:50 2086 [auth.c] 2087 use strict_modes already passed as function argument over referencing 2088 global options.strict_modes 2089 - djm@cvs.openbsd.org 2010/11/23 23:57:24 2090 [clientloop.c] 2091 avoid NULL deref on receiving a channel request on an unknown or invalid 2092 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 2093 - djm@cvs.openbsd.org 2010/11/24 01:24:14 2094 [channels.c] 2095 remove a debug() that pollutes stderr on client connecting to a server 2096 in debug mode (channel_close_fds is called transitively from the session 2097 code post-fork); bz#1719, ok dtucker 2098 - djm@cvs.openbsd.org 2010/11/25 04:10:09 2099 [session.c] 2100 replace close() loop for fds 3->64 with closefrom(); 2101 ok markus deraadt dtucker 2102 - djm@cvs.openbsd.org 2010/11/26 05:52:49 2103 [scp.c] 2104 Pass through ssh command-line flags and options when doing remote-remote 2105 transfers, e.g. to enable agent forwarding which is particularly useful 2106 in this case; bz#1837 ok dtucker@ 2107 - markus@cvs.openbsd.org 2010/11/29 18:57:04 2108 [authfile.c] 2109 correctly load comment for encrypted rsa1 keys; 2110 report/fix Joachim Schipper; ok djm@ 2111 - djm@cvs.openbsd.org 2010/11/29 23:45:51 2112 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] 2113 [sshconnect.h sshconnect2.c] 2114 automatically order the hostkeys requested by the client based on 2115 which hostkeys are already recorded in known_hosts. This avoids 2116 hostkey warnings when connecting to servers with new ECDSA keys 2117 that are preferred by default; with markus@ 2118 211920101124 2120 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 2121 into the platform-specific code Only affects SCO, tested by and ok tim@. 2122 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow 2123 group read/write. ok dtucker@ 2124 - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 2125 - (djm) [defines.h] Add IP DSCP defines 2126 212720101122 2128 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch 2129 from vapier at gentoo org. 2130 213120101120 2132 - OpenBSD CVS Sync 2133 - djm@cvs.openbsd.org 2010/11/05 02:46:47 2134 [packet.c] 2135 whitespace KNF 2136 - djm@cvs.openbsd.org 2010/11/10 01:33:07 2137 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] 2138 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. 2139 these have been around for years by this time. ok markus 2140 - djm@cvs.openbsd.org 2010/11/13 23:27:51 2141 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] 2142 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] 2143 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of 2144 hardcoding lowdelay/throughput. 2145 2146 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 2147 - jmc@cvs.openbsd.org 2010/11/15 07:40:14 2148 [ssh_config.5] 2149 libary -> library; 2150 - jmc@cvs.openbsd.org 2010/11/18 15:01:00 2151 [scp.1 sftp.1 ssh.1 sshd_config.5] 2152 add IPQoS to the various -o lists, and zap some trailing whitespace; 2153 215420101111 2155 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on 2156 platforms that don't support ECC. Fixes some spurious warnings reported 2157 by tim@ 2158 215920101109 2160 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. 2161 Feedback from dtucker@ 2162 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 2163 support for platforms missing isblank(). ok djm@ 2164 216520101108 2166 - (tim) [regress/Makefile] Fixes to allow building/testing outside source 2167 tree. 2168 - (tim) [regress/kextype.sh] Shell portability fix. 2169 217020101107 2171 - (dtucker) [platform.c] includes.h instead of defines.h so that we get 2172 the correct typedefs. 2173 217420101105 2175 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 2176 int. Should fix bz#1817 cleanly; ok dtucker@ 2177 - OpenBSD CVS Sync 2178 - djm@cvs.openbsd.org 2010/09/22 12:26:05 2179 [regress/Makefile regress/kextype.sh] 2180 regress test for each of the key exchange algorithms that we support 2181 - djm@cvs.openbsd.org 2010/10/28 11:22:09 2182 [authfile.c key.c key.h ssh-keygen.c] 2183 fix a possible NULL deref on loading a corrupt ECDH key 2184 2185 store ECDH group information in private keys files as "named groups" 2186 rather than as a set of explicit group parameters (by setting 2187 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and 2188 retrieves the group's OpenSSL NID that we need for various things. 2189 - jmc@cvs.openbsd.org 2010/10/28 18:33:28 2190 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 2191 knock out some "-*- nroff -*-" lines; 2192 - djm@cvs.openbsd.org 2010/11/04 02:45:34 2193 [sftp-server.c] 2194 umask should be parsed as octal. reported by candland AT xmission.com; 2195 ok markus@ 2196 - (dtucker) [configure.ac platform.{c,h} session.c 2197 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. 2198 Patch from cory.erickson at csu mnscu edu with a bit of rework from me. 2199 ok djm@ 2200 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 2201 after the user's groups are established and move the selinux calls into it. 2202 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 2203 platform.c 2204 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2205 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to 2206 retain previous behavior. 2207 - (dtucker) [platform.c session.c] Move the PAM credential establishment for 2208 the LOGIN_CAP case into platform.c. 2209 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 2210 platform.c 2211 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. 2212 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 2213 platform.c. 2214 - (dtucker) [platform.c session.c] Move PAM credential establishment for the 2215 non-LOGIN_CAP case into platform.c. 2216 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 2217 check into platform.c 2218 - (dtucker) [regress/keytype.sh] Import new test. 2219 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 2220 Import recent changes to regress/Makefile, pass a flag to enable ECC tests 2221 from configure through to regress/Makefile and use it in the tests. 2222 - (dtucker) [regress/kextype.sh] Add missing "test". 2223 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not 2224 strictly correct since while ECC requires sha256 the reverse is not true 2225 however it does prevent spurious test failures. 2226 - (dtucker) [platform.c] Need servconf.h and extern options. 2227 222820101025 2229 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 2230 1.12 to unbreak Solaris build. 2231 ok djm@ 2232 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a 2233 native one. 2234 223520101024 2236 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 2237 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms 2238 which don't have ECC support in libcrypto. 2239 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms 2240 which don't have ECC support in libcrypto. 2241 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't 2242 have it. 2243 - (dtucker) OpenBSD CVS Sync 2244 - sthen@cvs.openbsd.org 2010/10/23 22:06:12 2245 [sftp.c] 2246 escape '[' in filename tab-completion; fix a type while there. 2247 ok djm@ 2248 224920101021 2250 - OpenBSD CVS Sync 2251 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 2252 [mux.c] 2253 Typo in confirmation message. bz#1827, patch from imorgan at 2254 nas nasa gov 2255 - djm@cvs.openbsd.org 2010/08/31 12:24:09 2256 [regress/cert-hostkey.sh regress/cert-userkey.sh] 2257 tests for ECDSA certificates 2258 225920101011 2260 - (djm) [canohost.c] Zero a4 instead of addr to better match type. 2261 bz#1825, reported by foo AT mailinator.com 2262 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 2263 226420101011 2265 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 2266 dr AT vasco.com 2267 226820101007 2269 - (djm) [ssh-agent.c] Fix type for curve name. 2270 - (djm) OpenBSD CVS Sync 2271 - matthew@cvs.openbsd.org 2010/09/24 13:33:00 2272 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] 2273 [openbsd-compat/timingsafe_bcmp.c] 2274 Add timingsafe_bcmp(3) to libc, mention that it's already in the 2275 kernel in kern(9), and remove it from OpenSSH. 2276 ok deraadt@, djm@ 2277 NB. re-added under openbsd-compat/ for portable OpenSSH 2278 - djm@cvs.openbsd.org 2010/09/25 09:30:16 2279 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] 2280 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server 2281 rountrips to fetch per-file stat(2) information. 2282 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to 2283 match. 2284 - djm@cvs.openbsd.org 2010/09/26 22:26:33 2285 [sftp.c] 2286 when performing an "ls" in columnated (short) mode, only call 2287 ioctl(TIOCGWINSZ) once to get the window width instead of per- 2288 filename 2289 - djm@cvs.openbsd.org 2010/09/30 11:04:51 2290 [servconf.c] 2291 prevent free() of string in .rodata when overriding AuthorizedKeys in 2292 a Match block; patch from rein AT basefarm.no 2293 - djm@cvs.openbsd.org 2010/10/01 23:05:32 2294 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] 2295 adapt to API changes in openssl-1.0.0a 2296 NB. contains compat code to select correct API for older OpenSSL 2297 - djm@cvs.openbsd.org 2010/10/05 05:13:18 2298 [sftp.c sshconnect.c] 2299 use default shell /bin/sh if $SHELL is ""; ok markus@ 2300 - djm@cvs.openbsd.org 2010/10/06 06:39:28 2301 [clientloop.c ssh.c sshconnect.c sshconnect.h] 2302 kill proxy command on fatal() (we already kill it on clean exit); 2303 ok markus@ 2304 - djm@cvs.openbsd.org 2010/10/06 21:10:21 2305 [sshconnect.c] 2306 swapped args to kill(2) 2307 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 2308 - (djm) [cipher-acss.c] Add missing header. 2309 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 2310 231120100924 2312 - (djm) OpenBSD CVS Sync 2313 - naddy@cvs.openbsd.org 2010/09/10 15:19:29 2314 [ssh-keygen.1] 2315 * mention ECDSA in more places 2316 * less repetition in FILES section 2317 * SSHv1 keys are still encrypted with 3DES 2318 help and ok jmc@ 2319 - djm@cvs.openbsd.org 2010/09/11 21:44:20 2320 [ssh.1] 2321 mention RFC 5656 for ECC stuff 2322 - jmc@cvs.openbsd.org 2010/09/19 21:30:05 2323 [sftp.1] 2324 more wacky macro fixing; 2325 - djm@cvs.openbsd.org 2010/09/20 04:41:47 2326 [ssh.c] 2327 install a SIGCHLD handler to reap expiried child process; ok markus@ 2328 - djm@cvs.openbsd.org 2010/09/20 04:50:53 2329 [jpake.c schnorr.c] 2330 check that received values are smaller than the group size in the 2331 disabled and unfinished J-PAKE code. 2332 avoids catastrophic security failure found by Sebastien Martini 2333 - djm@cvs.openbsd.org 2010/09/20 04:54:07 2334 [jpake.c] 2335 missing #include 2336 - djm@cvs.openbsd.org 2010/09/20 07:19:27 2337 [mux.c] 2338 "atomically" create the listening mux socket by binding it on a temorary 2339 name and then linking it into position after listen() has succeeded. 2340 this allows the mux clients to determine that the server socket is 2341 either ready or stale without races. stale server sockets are now 2342 automatically removed 2343 ok deraadt 2344 - djm@cvs.openbsd.org 2010/09/22 05:01:30 2345 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] 2346 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] 2347 add a KexAlgorithms knob to the client and server configuration to allow 2348 selection of which key exchange methods are used by ssh(1) and sshd(8) 2349 and their order of preference. 2350 ok markus@ 2351 - jmc@cvs.openbsd.org 2010/09/22 08:30:08 2352 [ssh.1 ssh_config.5] 2353 ssh.1: add kexalgorithms to the -o list 2354 ssh_config.5: format the kexalgorithms in a more consistent 2355 (prettier!) way 2356 ok djm 2357 - djm@cvs.openbsd.org 2010/09/22 22:58:51 2358 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] 2359 [sftp-client.h sftp.1 sftp.c] 2360 add an option per-read/write callback to atomicio 2361 2362 factor out bandwidth limiting code from scp(1) into a generic bandwidth 2363 limiter that can be attached using the atomicio callback mechanism 2364 2365 add a bandwidth limit option to sftp(1) using the above 2366 "very nice" markus@ 2367 - jmc@cvs.openbsd.org 2010/09/23 13:34:43 2368 [sftp.c] 2369 add [-l limit] to usage(); 2370 - jmc@cvs.openbsd.org 2010/09/23 13:36:46 2371 [scp.1 sftp.1] 2372 add KexAlgorithms to the -o list; 2373 237420100910 2375 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact 2376 return code since it can apparently return -1 under some conditions. From 2377 openssh bugs werbittewas de, ok djm@ 2378 - OpenBSD CVS Sync 2379 - djm@cvs.openbsd.org 2010/08/31 12:33:38 2380 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2381 reintroduce commit from tedu@, which I pulled out for release 2382 engineering: 2383 OpenSSL_add_all_algorithms is the name of the function we have a 2384 man page for, so use that. ok djm 2385 - jmc@cvs.openbsd.org 2010/08/31 17:40:54 2386 [ssh-agent.1] 2387 fix some macro abuse; 2388 - jmc@cvs.openbsd.org 2010/08/31 21:14:58 2389 [ssh.1] 2390 small text tweak to accommodate previous; 2391 - naddy@cvs.openbsd.org 2010/09/01 15:21:35 2392 [servconf.c] 2393 pick up ECDSA host key by default; ok djm@ 2394 - markus@cvs.openbsd.org 2010/09/02 16:07:25 2395 [ssh-keygen.c] 2396 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 2397 - markus@cvs.openbsd.org 2010/09/02 16:08:39 2398 [ssh.c] 2399 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 2400 - naddy@cvs.openbsd.org 2010/09/02 17:21:50 2401 [ssh-keygen.c] 2402 Switch ECDSA default key size to 256 bits, which according to RFC5656 2403 should still be better than our current RSA-2048 default. 2404 ok djm@, markus@ 2405 - jmc@cvs.openbsd.org 2010/09/03 11:09:29 2406 [scp.1] 2407 add an EXIT STATUS section for /usr/bin; 2408 - jmc@cvs.openbsd.org 2010/09/04 09:38:34 2409 [ssh-add.1 ssh.1] 2410 two more EXIT STATUS sections; 2411 - naddy@cvs.openbsd.org 2010/09/06 17:10:19 2412 [sshd_config] 2413 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste 2414 <mattieu.b@gmail.com> 2415 ok deraadt@ 2416 - djm@cvs.openbsd.org 2010/09/08 03:54:36 2417 [authfile.c] 2418 typo 2419 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 2420 [compress.c] 2421 work around name-space collisions some buggy compilers (looking at you 2422 gcc, at least in earlier versions, but this does not forgive your current 2423 transgressions) seen between zlib and openssl 2424 ok djm 2425 - djm@cvs.openbsd.org 2010/09/09 10:45:45 2426 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] 2427 ECDH/ECDSA compliance fix: these methods vary the hash function they use 2428 (SHA256/384/512) depending on the length of the curve in use. The previous 2429 code incorrectly used SHA256 in all cases. 2430 2431 This fix will cause authentication failure when using 384 or 521-bit curve 2432 keys if one peer hasn't been upgraded and the other has. (256-bit curve 2433 keys work ok). In particular you may need to specify HostkeyAlgorithms 2434 when connecting to a server that has not been upgraded from an upgraded 2435 client. 2436 2437 ok naddy@ 2438 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 2439 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] 2440 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on 2441 platforms that don't have the requisite OpenSSL support. ok dtucker@ 2442 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 2443 for missing headers and compiler warnings. 2444 244520100831 2446 - OpenBSD CVS Sync 2447 - jmc@cvs.openbsd.org 2010/08/08 19:36:30 2448 [ssh-keysign.8 ssh.1 sshd.8] 2449 use the same template for all FILES sections; i.e. -compact/.Pp where we 2450 have multiple items, and .Pa for path names; 2451 - tedu@cvs.openbsd.org 2010/08/12 23:34:39 2452 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2453 OpenSSL_add_all_algorithms is the name of the function we have a man page 2454 for, so use that. ok djm 2455 - djm@cvs.openbsd.org 2010/08/16 04:06:06 2456 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2457 backout previous temporarily; discussed with deraadt@ 2458 - djm@cvs.openbsd.org 2010/08/31 09:58:37 2459 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] 2460 [packet.h ssh-dss.c ssh-rsa.c] 2461 Add buffer_get_cstring() and related functions that verify that the 2462 string extracted from the buffer contains no embedded \0 characters* 2463 This prevents random (possibly malicious) crap from being appended to 2464 strings where it would not be noticed if the string is used with 2465 a string(3) function. 2466 2467 Use the new API in a few sensitive places. 2468 2469 * actually, we allow a single one at the end of the string for now because 2470 we don't know how many deployed implementations get this wrong, but don't 2471 count on this to remain indefinitely. 2472 - djm@cvs.openbsd.org 2010/08/31 11:54:45 2473 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] 2474 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] 2475 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] 2476 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] 2477 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] 2478 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] 2479 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] 2480 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and 2481 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer 2482 better performance than plain DH and DSA at the same equivalent symmetric 2483 key length, as well as much shorter keys. 2484 2485 Only the mandatory sections of RFC5656 are implemented, specifically the 2486 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and 2487 ECDSA. Point compression (optional in RFC5656 is NOT implemented). 2488 2489 Certificate host and user keys using the new ECDSA key types are supported. 2490 2491 Note that this code has not been tested for interoperability and may be 2492 subject to change. 2493 2494 feedback and ok markus@ 2495 - (djm) [Makefile.in] Add new ECC files 2496 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include 2497 includes.h 2498 249920100827 2500 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, 2501 remove. Patch from martynas at venck us 2502 250320100823 2504 - (djm) Release OpenSSH-5.6p1 2505 250620100816 2507 - (dtucker) [configure.ac openbsd-compat/Makefile.in 2508 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to 2509 the compat library which helps on platforms like old IRIX. Based on work 2510 by djm, tested by Tom Christensen. 2511 - OpenBSD CVS Sync 2512 - djm@cvs.openbsd.org 2010/08/12 21:49:44 2513 [ssh.c] 2514 close any extra file descriptors inherited from parent at start and 2515 reopen stdin/stdout to /dev/null when forking for ControlPersist. 2516 2517 prevents tools that fork and run a captive ssh for communication from 2518 failing to exit when the ssh completes while they wait for these fds to 2519 close. The inherited fds may persist arbitrarily long if a background 2520 mux master has been started by ControlPersist. cvs and scp were effected 2521 by this. 2522 2523 "please commit" markus@ 2524 - (djm) [regress/README.regress] typo 2525 252620100812 2527 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh 2528 regress/test-exec.sh] Under certain conditions when testing with sudo 2529 tests would fail because the pidfile could not be read by a regular user. 2530 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" 2531 Make sure cat is run by $SUDO. no objection from me. djm@ 2532 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. 2533 253420100809 2535 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is 2536 already set. Makes FreeBSD user openable tunnels useful; patch from 2537 richard.burakowski+ossh AT mrburak.net, ok dtucker@ 2538 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. 2539 based in part on a patch from Colin Watson, ok djm@ 2540 254120100809 2542 - OpenBSD CVS Sync 2543 - djm@cvs.openbsd.org 2010/08/08 16:26:42 2544 [version.h] 2545 crank to 5.6 2546 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2547 [contrib/suse/openssh.spec] Crank version numbers 2548 254920100805 2550 - OpenBSD CVS Sync 2551 - djm@cvs.openbsd.org 2010/08/04 05:37:01 2552 [ssh.1 ssh_config.5 sshd.8] 2553 Remove mentions of weird "addr/port" alternate address format for IPv6 2554 addresses combinations. It hasn't worked for ages and we have supported 2555 the more commen "[addr]:port" format for a long time. ok jmc@ markus@ 2556 - djm@cvs.openbsd.org 2010/08/04 05:40:39 2557 [PROTOCOL.certkeys ssh-keygen.c] 2558 tighten the rules for certificate encoding by requiring that options 2559 appear in lexical order and make our ssh-keygen comply. ok markus@ 2560 - djm@cvs.openbsd.org 2010/08/04 05:42:47 2561 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] 2562 [ssh-keysign.c ssh.c] 2563 enable certificates for hostbased authentication, from Iain Morgan; 2564 "looks ok" markus@ 2565 - djm@cvs.openbsd.org 2010/08/04 05:49:22 2566 [authfile.c] 2567 commited the wrong version of the hostbased certificate diff; this 2568 version replaces some strlc{py,at} verbosity with xasprintf() at 2569 the request of markus@ 2570 - djm@cvs.openbsd.org 2010/08/04 06:07:11 2571 [ssh-keygen.1 ssh-keygen.c] 2572 Support CA keys in PKCS#11 tokens; feedback and ok markus@ 2573 - djm@cvs.openbsd.org 2010/08/04 06:08:40 2574 [ssh-keysign.c] 2575 clean for -Wuninitialized (Id sync only; portable had this change) 2576 - djm@cvs.openbsd.org 2010/08/05 13:08:42 2577 [channels.c] 2578 Fix a trio of bugs in the local/remote window calculation for datagram 2579 data channels (i.e. TunnelForward): 2580 2581 Calculate local_consumed correctly in channel_handle_wfd() by measuring 2582 the delta to buffer_len(c->output) from when we start to when we finish. 2583 The proximal problem here is that the output_filter we use in portable 2584 modified the length of the dequeued datagram (to futz with the headers 2585 for !OpenBSD). 2586 2587 In channel_output_poll(), don't enqueue datagrams that won't fit in the 2588 peer's advertised packet size (highly unlikely to ever occur) or which 2589 won't fit in the peer's remaining window (more likely). 2590 2591 In channel_input_data(), account for the 4-byte string header in 2592 datagram packets that we accept from the peer and enqueue in c->output. 2593 2594 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; 2595 "looks good" markus@ 2596 259720100803 2598 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from 2599 PAM to sane values in case the PAM method doesn't write to them. Spotted by 2600 Bitman Zhou, ok djm@. 2601 - OpenBSD CVS Sync 2602 - djm@cvs.openbsd.org 2010/07/16 04:45:30 2603 [ssh-keygen.c] 2604 avoid bogus compiler warning 2605 - djm@cvs.openbsd.org 2010/07/16 14:07:35 2606 [ssh-rsa.c] 2607 more timing paranoia - compare all parts of the expected decrypted 2608 data before returning. AFAIK not exploitable in the SSH protocol. 2609 "groovy" deraadt@ 2610 - djm@cvs.openbsd.org 2010/07/19 03:16:33 2611 [sftp-client.c] 2612 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive 2613 upload depth checks and causing verbose printing of transfers to always 2614 be turned on; patch from imorgan AT nas.nasa.gov 2615 - djm@cvs.openbsd.org 2010/07/19 09:15:12 2616 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] 2617 add a "ControlPersist" option that automatically starts a background 2618 ssh(1) multiplex master when connecting. This connection can stay alive 2619 indefinitely, or can be set to automatically close after a user-specified 2620 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but 2621 further hacked on by wmertens AT cisco.com, apb AT cequrux.com, 2622 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ 2623 - djm@cvs.openbsd.org 2010/07/21 02:10:58 2624 [misc.c] 2625 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern 2626 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 2627 [ssh.1] 2628 Ciphers is documented in ssh_config(5) these days 2629 263020100819 2631 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more 2632 details about its behaviour WRT existing directories. Patch from 2633 asguthrie at gmail com, ok djm. 2634 263520100716 2636 - (djm) OpenBSD CVS Sync 2637 - djm@cvs.openbsd.org 2010/07/02 04:32:44 2638 [misc.c] 2639 unbreak strdelim() skipping past quoted strings, e.g. 2640 AllowUsers "blah blah" blah 2641 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com 2642 ok dtucker; 2643 - djm@cvs.openbsd.org 2010/07/12 22:38:52 2644 [ssh.c] 2645 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") 2646 for protocol 2. ok markus@ 2647 - djm@cvs.openbsd.org 2010/07/12 22:41:13 2648 [ssh.c ssh_config.5] 2649 expand %h to the hostname in ssh_config Hostname options. While this 2650 sounds useless, it is actually handy for working with unqualified 2651 hostnames: 2652 2653 Host *.* 2654 Hostname %h 2655 Host * 2656 Hostname %h.example.org 2657 2658 "I like it" markus@ 2659 - djm@cvs.openbsd.org 2010/07/13 11:52:06 2660 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] 2661 [packet.c ssh-rsa.c] 2662 implement a timing_safe_cmp() function to compare memory without leaking 2663 timing information by short-circuiting like memcmp() and use it for 2664 some of the more sensitive comparisons (though nothing high-value was 2665 readily attackable anyway); "looks ok" markus@ 2666 - djm@cvs.openbsd.org 2010/07/13 23:13:16 2667 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] 2668 [ssh-rsa.c] 2669 s/timing_safe_cmp/timingsafe_bcmp/g 2670 - jmc@cvs.openbsd.org 2010/07/14 17:06:58 2671 [ssh.1] 2672 finally ssh synopsis looks nice again! this commit just removes a ton of 2673 hacks we had in place to make it work with old groff; 2674 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 2675 [ssh-keygen.1] 2676 repair incorrect block nesting, which screwed up indentation; 2677 problem reported and fix OK by jmc@ 2678 267920100714 2680 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass 2681 (line 77) should have been for no_x11_askpass. 2682 268320100702 2684 - (djm) OpenBSD CVS Sync 2685 - jmc@cvs.openbsd.org 2010/06/26 00:57:07 2686 [ssh_config.5] 2687 tweak previous; 2688 - djm@cvs.openbsd.org 2010/06/26 23:04:04 2689 [ssh.c] 2690 oops, forgot to #include <canohost.h>; spotted and patch from chl@ 2691 - djm@cvs.openbsd.org 2010/06/29 23:15:30 2692 [ssh-keygen.1 ssh-keygen.c] 2693 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; 2694 bz#1749; ok markus@ 2695 - djm@cvs.openbsd.org 2010/06/29 23:16:46 2696 [auth2-pubkey.c sshd_config.5] 2697 allow key options (command="..." and friends) in AuthorizedPrincipals; 2698 ok markus@ 2699 - jmc@cvs.openbsd.org 2010/06/30 07:24:25 2700 [ssh-keygen.1] 2701 tweak previous; 2702 - jmc@cvs.openbsd.org 2010/06/30 07:26:03 2703 [ssh-keygen.c] 2704 sort usage(); 2705 - jmc@cvs.openbsd.org 2010/06/30 07:28:34 2706 [sshd_config.5] 2707 tweak previous; 2708 - millert@cvs.openbsd.org 2010/07/01 13:06:59 2709 [scp.c] 2710 Fix a longstanding problem where if you suspend scp at the 2711 password/passphrase prompt the terminal mode is not restored. 2712 OK djm@ 2713 - phessler@cvs.openbsd.org 2010/06/27 19:19:56 2714 [regress/Makefile] 2715 fix how we run the tests so we can successfully use SUDO='sudo -E' 2716 in our env 2717 - djm@cvs.openbsd.org 2010/06/29 23:59:54 2718 [cert-userkey.sh] 2719 regress tests for key options in AuthorizedPrincipals 2720 272120100627 2722 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs 2723 key.h. 2724 272520100626 2726 - (djm) OpenBSD CVS Sync 2727 - djm@cvs.openbsd.org 2010/05/21 05:00:36 2728 [misc.c] 2729 colon() returns char*, so s/return (0)/return NULL/ 2730 - markus@cvs.openbsd.org 2010/06/08 21:32:19 2731 [ssh-pkcs11.c] 2732 check length of value returned C_GetAttributValue for != 0 2733 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ 2734 - djm@cvs.openbsd.org 2010/06/17 07:07:30 2735 [mux.c] 2736 Correct sizing of object to be allocated by calloc(), replacing 2737 sizeof(state) with sizeof(*state). This worked by accident since 2738 the struct contained a single int at present, but could have broken 2739 in the future. patch from hyc AT symas.com 2740 - djm@cvs.openbsd.org 2010/06/18 00:58:39 2741 [sftp.c] 2742 unbreak ls in working directories that contains globbing characters in 2743 their pathnames. bz#1655 reported by vgiffin AT apple.com 2744 - djm@cvs.openbsd.org 2010/06/18 03:16:03 2745 [session.c] 2746 Missing check for chroot_director == "none" (we already checked against 2747 NULL); bz#1564 from Jan.Pechanec AT Sun.COM 2748 - djm@cvs.openbsd.org 2010/06/18 04:43:08 2749 [sftp-client.c] 2750 fix memory leak in do_realpath() error path; bz#1771, patch from 2751 anicka AT suse.cz 2752 - djm@cvs.openbsd.org 2010/06/22 04:22:59 2753 [servconf.c sshd_config.5] 2754 expose some more sshd_config options inside Match blocks: 2755 AuthorizedKeysFile AuthorizedPrincipalsFile 2756 HostbasedUsesNameFromPacketOnly PermitTunnel 2757 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ 2758 - djm@cvs.openbsd.org 2010/06/22 04:32:06 2759 [ssh-keygen.c] 2760 standardise error messages when attempting to open private key 2761 files to include "progname: filename: error reason" 2762 bz#1783; ok dtucker@ 2763 - djm@cvs.openbsd.org 2010/06/22 04:49:47 2764 [auth.c] 2765 queue auth debug messages for bad ownership or permissions on the user's 2766 keyfiles. These messages will be sent after the user has successfully 2767 authenticated (where our client will display them with LogLevel=debug). 2768 bz#1554; ok dtucker@ 2769 - djm@cvs.openbsd.org 2010/06/22 04:54:30 2770 [ssh-keyscan.c] 2771 replace verbose and overflow-prone Linebuf code with read_keyfile_line() 2772 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ 2773 - djm@cvs.openbsd.org 2010/06/22 04:59:12 2774 [session.c] 2775 include the user name on "subsystem request for ..." log messages; 2776 bz#1571; ok dtucker@ 2777 - djm@cvs.openbsd.org 2010/06/23 02:59:02 2778 [ssh-keygen.c] 2779 fix printing of extensions in v01 certificates that I broke in r1.190 2780 - djm@cvs.openbsd.org 2010/06/25 07:14:46 2781 [channels.c mux.c readconf.c readconf.h ssh.h] 2782 bz#1327: remove hardcoded limit of 100 permitopen clauses and port 2783 forwards per direction; ok markus@ stevesk@ 2784 - djm@cvs.openbsd.org 2010/06/25 07:20:04 2785 [channels.c session.c] 2786 bz#1750: fix requirement for /dev/null inside ChrootDirectory for 2787 internal-sftp accidentally introduced in r1.253 by removing the code 2788 that opens and dup /dev/null to stderr and modifying the channels code 2789 to read stderr but discard it instead; ok markus@ 2790 - djm@cvs.openbsd.org 2010/06/25 08:46:17 2791 [auth1.c auth2-none.c] 2792 skip the initial check for access with an empty password when 2793 PermitEmptyPasswords=no; bz#1638; ok markus@ 2794 - djm@cvs.openbsd.org 2010/06/25 23:10:30 2795 [ssh.c] 2796 log the hostname and address that we connected to at LogLevel=verbose 2797 after authentication is successful to mitigate "phishing" attacks by 2798 servers with trusted keys that accept authentication silently and 2799 automatically before presenting fake password/passphrase prompts; 2800 "nice!" markus@ 2801 - djm@cvs.openbsd.org 2010/06/25 23:10:30 2802 [ssh.c] 2803 log the hostname and address that we connected to at LogLevel=verbose 2804 after authentication is successful to mitigate "phishing" attacks by 2805 servers with trusted keys that accept authentication silently and 2806 automatically before presenting fake password/passphrase prompts; 2807 "nice!" markus@ 2808 280920100622 2810 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 2811 bz#1579; ok dtucker 2812 281320100618 2814 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ 2815 rather than assuming that $CWD == $HOME. bz#1500, patch from 2816 timothy AT gelter.com 2817 281820100617 2819 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete 2820 minires-devel package, and to add the reference to the libedit-devel 2821 package since CYgwin now provides libedit. Patch from Corinna Vinschen. 2822 282320100521 2824 - (djm) OpenBSD CVS Sync 2825 - djm@cvs.openbsd.org 2010/05/07 11:31:26 2826 [regress/Makefile regress/cert-userkey.sh] 2827 regress tests for AuthorizedPrincipalsFile and "principals=" key option. 2828 feedback and ok markus@ 2829 - djm@cvs.openbsd.org 2010/05/11 02:58:04 2830 [auth-rsa.c] 2831 don't accept certificates marked as "cert-authority" here; ok markus@ 2832 - djm@cvs.openbsd.org 2010/05/14 00:47:22 2833 [ssh-add.c] 2834 check that the certificate matches the corresponding private key before 2835 grafting it on 2836 - djm@cvs.openbsd.org 2010/05/14 23:29:23 2837 [channels.c channels.h mux.c ssh.c] 2838 Pause the mux channel while waiting for reply from aynch callbacks. 2839 Prevents misordering of replies if new requests arrive while waiting. 2840 2841 Extend channel open confirm callback to allow signalling failure 2842 conditions as well as success. Use this to 1) fix a memory leak, 2) 2843 start using the above pause mechanism and 3) delay sending a success/ 2844 failure message on mux slave session open until we receive a reply from 2845 the server. 2846 2847 motivated by and with feedback from markus@ 2848 - markus@cvs.openbsd.org 2010/05/16 12:55:51 2849 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] 2850 mux support for remote forwarding with dynamic port allocation, 2851 use with 2852 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` 2853 feedback and ok djm@ 2854 - djm@cvs.openbsd.org 2010/05/20 11:25:26 2855 [auth2-pubkey.c] 2856 fix logspam when key options (from="..." especially) deny non-matching 2857 keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 2858 - djm@cvs.openbsd.org 2010/05/20 23:46:02 2859 [PROTOCOL.certkeys auth-options.c ssh-keygen.c] 2860 Move the permit-* options to the non-critical "extensions" field for v01 2861 certificates. The logic is that if another implementation fails to 2862 implement them then the connection just loses features rather than fails 2863 outright. 2864 2865 ok markus@ 2866 286720100511 2868 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve 2869 circular dependency problem on old or odd platforms. From Tom Lane, ok 2870 djm@. 2871 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older 2872 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't 2873 already. ok dtucker@ 2874 287520100510 2876 - OpenBSD CVS Sync 2877 - djm@cvs.openbsd.org 2010/04/23 01:47:41 2878 [ssh-keygen.c] 2879 bz#1740: display a more helpful error message when $HOME is 2880 inaccessible while trying to create .ssh directory. Based on patch 2881 from jchadima AT redhat.com; ok dtucker@ 2882 - djm@cvs.openbsd.org 2010/04/23 22:27:38 2883 [mux.c] 2884 set "detach_close" flag when registering channel cleanup callbacks. 2885 This causes the channel to close normally when its fds close and 2886 hangs when terminating a mux slave using ~. bz#1758; ok markus@ 2887 - djm@cvs.openbsd.org 2010/04/23 22:42:05 2888 [session.c] 2889 set stderr to /dev/null for subsystems rather than just closing it. 2890 avoids hangs if a subsystem or shell initialisation writes to stderr. 2891 bz#1750; ok markus@ 2892 - djm@cvs.openbsd.org 2010/04/23 22:48:31 2893 [ssh-keygen.c] 2894 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, 2895 since we would refuse to use them anyway. bz#1516; ok dtucker@ 2896 - djm@cvs.openbsd.org 2010/04/26 22:28:24 2897 [sshconnect2.c] 2898 bz#1502: authctxt.success is declared as an int, but passed by 2899 reference to function that accepts sig_atomic_t*. Convert it to 2900 the latter; ok markus@ dtucker@ 2901 - djm@cvs.openbsd.org 2010/05/01 02:50:50 2902 [PROTOCOL.certkeys] 2903 typo; jmeltzer@ 2904 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 2905 [sftp.c] 2906 restore mput and mget which got lost in the tab-completion changes. 2907 found by Kenneth Whitaker, ok djm@ 2908 - djm@cvs.openbsd.org 2010/05/07 11:30:30 2909 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] 2910 [key.c servconf.c servconf.h sshd.8 sshd_config.5] 2911 add some optional indirection to matching of principal names listed 2912 in certificates. Currently, a certificate must include the a user's name 2913 to be accepted for authentication. This change adds the ability to 2914 specify a list of certificate principal names that are acceptable. 2915 2916 When authenticating using a CA trusted through ~/.ssh/authorized_keys, 2917 this adds a new principals="name1[,name2,...]" key option. 2918 2919 For CAs listed through sshd_config's TrustedCAKeys option, a new config 2920 option "AuthorizedPrincipalsFile" specifies a per-user file containing 2921 the list of acceptable names. 2922 2923 If either option is absent, the current behaviour of requiring the 2924 username to appear in principals continues to apply. 2925 2926 These options are useful for role accounts, disjoint account namespaces 2927 and "user@realm"-style naming policies in certificates. 2928 2929 feedback and ok markus@ 2930 - jmc@cvs.openbsd.org 2010/05/07 12:49:17 2931 [sshd_config.5] 2932 tweak previous; 2933 293420100423 2935 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 2936 in the openssl install directory (some newer openssl versions do this on at 2937 least some amd64 platforms). 2938 293920100418 2940 - OpenBSD CVS Sync 2941 - jmc@cvs.openbsd.org 2010/04/16 06:45:01 2942 [ssh_config.5] 2943 tweak previous; ok djm 2944 - jmc@cvs.openbsd.org 2010/04/16 06:47:04 2945 [ssh-keygen.1 ssh-keygen.c] 2946 tweak previous; ok djm 2947 - djm@cvs.openbsd.org 2010/04/16 21:14:27 2948 [sshconnect.c] 2949 oops, %r => remote username, not %u 2950 - djm@cvs.openbsd.org 2010/04/16 01:58:45 2951 [regress/cert-hostkey.sh regress/cert-userkey.sh] 2952 regression tests for v01 certificate format 2953 includes interop tests for v00 certs 2954 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 2955 file. 2956 295720100416 2958 - (djm) Release openssh-5.5p1 2959 - OpenBSD CVS Sync 2960 - djm@cvs.openbsd.org 2010/03/26 03:13:17 2961 [bufaux.c] 2962 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer 2963 argument to allow skipping past values in a buffer 2964 - jmc@cvs.openbsd.org 2010/03/26 06:54:36 2965 [ssh.1] 2966 tweak previous; 2967 - jmc@cvs.openbsd.org 2010/03/27 14:26:55 2968 [ssh_config.5] 2969 tweak previous; ok dtucker 2970 - djm@cvs.openbsd.org 2010/04/10 00:00:16 2971 [ssh.c] 2972 bz#1746 - suppress spurious tty warning when using -O and stdin 2973 is not a tty; ok dtucker@ markus@ 2974 - djm@cvs.openbsd.org 2010/04/10 00:04:30 2975 [sshconnect.c] 2976 fix terminology: we didn't find a certificate in known_hosts, we found 2977 a CA key 2978 - djm@cvs.openbsd.org 2010/04/10 02:08:44 2979 [clientloop.c] 2980 bz#1698: kill channel when pty allocation requests fail. Fixed 2981 stuck client if the server refuses pty allocation. 2982 ok dtucker@ "think so" markus@ 2983 - djm@cvs.openbsd.org 2010/04/10 02:10:56 2984 [sshconnect2.c] 2985 show the key type that we are offering in debug(), helps distinguish 2986 between certs and plain keys as the path to the private key is usually 2987 the same. 2988 - djm@cvs.openbsd.org 2010/04/10 05:48:16 2989 [mux.c] 2990 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au 2991 - djm@cvs.openbsd.org 2010/04/14 22:27:42 2992 [ssh_config.5 sshconnect.c] 2993 expand %r => remote username in ssh_config:ProxyCommand; 2994 ok deraadt markus 2995 - markus@cvs.openbsd.org 2010/04/15 20:32:55 2996 [ssh-pkcs11.c] 2997 retry lookup for private key if there's no matching key with CKA_SIGN 2998 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) 2999 ok djm@ 3000 - djm@cvs.openbsd.org 2010/04/16 01:47:26 3001 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] 3002 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] 3003 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] 3004 [sshconnect.c sshconnect2.c sshd.c] 3005 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the 3006 following changes: 3007 3008 move the nonce field to the beginning of the certificate where it can 3009 better protect against chosen-prefix attacks on the signature hash 3010 3011 Rename "constraints" field to "critical options" 3012 3013 Add a new non-critical "extensions" field 3014 3015 Add a serial number 3016 3017 The older format is still support for authentication and cert generation 3018 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) 3019 3020 ok markus@ 3021