xref: /freebsd/crypto/openssh/ChangeLog (revision ddd5b8e9b4d8957fce018c520657cdfa4ecffad3)
120120322
2 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
3   Hands' greatly revised version.
4 - (djm) Release 6.2p1
5
620120318
7 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
8   [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
9   so mark it as broken. Patch from des AT des.no
10
1120120317
12 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
13   of the bits the configure test looks for.
14
1520120316
16 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
17   is unable to successfully compile them. Based on patch from des AT
18   des.no
19 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
20   Add a usleep replacement for platforms that lack it; ok dtucker
21 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
22   occur after UID switch; patch from John Marshall via des AT des.no;
23   ok dtucker@
24
2520120312
26 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
27   Improve portability of cipher-speed test, based mostly on a patch from
28   Iain Morgan.
29 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
30   in addition to root as an owner of system directories on AIX and HP-UX.
31   ok djm@
32
3320130307
34 - (dtucker) [INSTALL] Bump documented autoconf version to what we're
35   currently using.
36 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
37   was removed in configure.ac rev 1.481 as it was redundant.
38 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
39   ago.
40 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
41   chance to complete on broken systems; ok dtucker@
42
4320130306
44 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
45  connection to start so that the test works on slower machines.
46 - (dtucker) [configure.ac] test that we can set number of file descriptors
47   to zero with setrlimit before enabling the rlimit sandbox.  This affects
48   (at least) HPUX 11.11.
49
5020130305
51 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
52   HP/UX. Spotted by Kevin Brott
53 - (dtucker) [configure.ac] use "=" for shell test and not "==".  Spotted by
54   Amit Kulkarni and Kevin Brott.
55 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
56   build breakage on (at least) HP-UX 11.11.  Found by Amit Kulkarni and Kevin
57   Brott.
58 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
59
6020130227
61 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
62   [contrib/suse/openssh.spec] Crank version numbers
63 - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
64 - (tim) [regress/integrity.sh] shell portability fix.
65 - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
66 - (tim) [regress/krl.sh] keep old solaris awk from hanging.
67
6820130226
69 - OpenBSD CVS Sync
70   - djm@cvs.openbsd.org 2013/02/20 08:27:50
71     [integrity.sh]
72     Add an option to modpipe that warns if the modification offset it not
73     reached in it's stream and turn it on for t-integrity. This should catch
74     cases where the session is not fuzzed for being too short (cf. my last
75     "oops" commit)
76 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
77   for UsePAM=yes configuration
78
7920130225
80 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
81   to use Solaris native GSS libs.  Patch from Pierre Ossman.
82
8320130223
84 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
85   bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
86   ok tim
87
8820130222
89 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
90   ssh(1) since they're not needed.  Patch from Pierre Ossman, ok djm.
91 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
92   libgss too.  Patch from Pierre Ossman, ok djm.
93 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
94   seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
95   ok dtucker
96
9720130221
98 - (tim) [regress/forward-control.sh] shell portability fix.
99
10020130220
101 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
102 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
103   err.h include from krl.c. Additional portability fixes for modpipe. OK djm
104 - OpenBSD CVS Sync
105   - djm@cvs.openbsd.org 2013/02/20 08:27:50
106     [regress/integrity.sh regress/modpipe.c]
107     Add an option to modpipe that warns if the modification offset it not
108     reached in it's stream and turn it on for t-integrity. This should catch
109     cases where the session is not fuzzed for being too short (cf. my last
110     "oops" commit)
111   - djm@cvs.openbsd.org 2013/02/20 08:29:27
112     [regress/modpipe.c]
113     s/Id/OpenBSD/ in RCS tag
114
11520130219
116 - OpenBSD CVS Sync
117   - djm@cvs.openbsd.org 2013/02/18 22:26:47
118     [integrity.sh]
119     crank the offset yet again; it was still fuzzing KEX one of Darren's
120     portable test hosts at 2800
121   - djm@cvs.openbsd.org 2013/02/19 02:14:09
122     [integrity.sh]
123     oops, forgot to increase the output of the ssh command to ensure that
124     we actually reach $offset
125 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
126   lack support for SHA2.
127 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
128   that do not have them.
129
13020130217
131 - OpenBSD CVS Sync
132   - djm@cvs.openbsd.org 2013/02/17 23:16:55
133     [integrity.sh]
134     make the ssh command generates some output to ensure that there are at
135     least offset+tries bytes in the stream.
136
13720130216
138 - OpenBSD CVS Sync
139   - djm@cvs.openbsd.org 2013/02/16 06:08:45
140     [integrity.sh]
141     make sure the fuzz offset is actually past the end of KEX for all KEX
142     types. diffie-hellman-group-exchange-sha256 requires an offset around
143     2700. Noticed via test failures in portable OpenSSH on platforms that
144     lack ECC and this the more byte-frugal ECDH KEX algorithms.
145
14620130215
147 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
148   Iain Morgan
149 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
150   Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
151 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
152   openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
153   platforms that don't have it.
154 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
155   group strto* function prototypes together.
156 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
157   an argument.  Pointed out by djm.
158 - (djm) OpenBSD CVS Sync
159   - djm@cvs.openbsd.org 2013/02/14 21:35:59
160     [auth2-pubkey.c]
161     Correct error message that had a typo and was logging the wrong thing;
162     patch from Petr Lautrbach
163   - dtucker@cvs.openbsd.org 2013/02/15 00:21:01
164     [sshconnect2.c]
165     Warn more loudly if an IdentityFile provided by the user cannot be read.
166     bz #1981, ok djm@
167
16820130214
169 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
170 - (djm) [regress/krl.sh] typo; found by Iain Morgan
171 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
172   of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
173   Iain Morgan
174
17520130212
176 - (djm) OpenBSD CVS Sync
177   - djm@cvs.openbsd.org 2013/01/24 21:45:37
178     [krl.c]
179     fix handling of (unused) KRL signatures; skip string in correct buffer
180   - djm@cvs.openbsd.org 2013/01/24 22:08:56
181     [krl.c]
182     skip serial lookup when cert's serial number is zero
183   - krw@cvs.openbsd.org 2013/01/25 05:00:27
184     [krl.c]
185     Revert last. Breaks due to likely typo. Let djm@ fix later.
186     ok djm@ via dlg@
187   - djm@cvs.openbsd.org 2013/01/25 10:22:19
188     [krl.c]
189     redo last commit without the vi-vomit that snuck in:
190     skip serial lookup when cert's serial number is zero
191     (now with 100% better comment)
192   - djm@cvs.openbsd.org 2013/01/26 06:11:05
193     [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
194     [openbsd-compat/openssl-compat.h]
195     remove ACSS, now that it is gone from libcrypto too
196   - djm@cvs.openbsd.org 2013/01/27 10:06:12
197     [krl.c]
198     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
199   - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
200     [servconf.c sshd_config sshd_config.5]
201     Change default of MaxStartups to 10:30:100 to start doing random early
202     drop at 10 connections up to 100 connections.  This will make it harder
203     to DoS as CPUs have come a long way since the original value was set
204     back in 2000.  Prompted by nion at debian org, ok markus@
205   - dtucker@cvs.openbsd.org 2013/02/06 00:22:21
206     [auth.c]
207     Fix comment, from jfree.e1 at gmail
208   - djm@cvs.openbsd.org 2013/02/08 00:41:12
209     [sftp.c]
210     fix NULL deref when built without libedit and control characters
211     entered as command; debugging and patch from Iain Morgan an
212     Loganaden Velvindron in bz#1956
213   - markus@cvs.openbsd.org 2013/02/10 21:19:34
214     [version.h]
215     openssh 6.2
216   - djm@cvs.openbsd.org 2013/02/10 23:32:10
217     [ssh-keygen.c]
218     append to moduli file when screening candidates rather than overwriting.
219     allows resumption of interrupted screen; patch from Christophe Garault
220     in bz#1957; ok dtucker@
221   - djm@cvs.openbsd.org 2013/02/10 23:35:24
222     [packet.c]
223     record "Received disconnect" messages at ERROR rather than INFO priority,
224     since they are abnormal and result in a non-zero ssh exit status; patch
225     from Iain Morgan in bz#2057; ok dtucker@
226   - dtucker@cvs.openbsd.org 2013/02/11 21:21:58
227     [sshd.c]
228     Add openssl version to debug output similar to the client.  ok markus@
229   - djm@cvs.openbsd.org 2013/02/11 23:58:51
230     [regress/try-ciphers.sh]
231     remove acss here too
232 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
233
23420130211
235 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
236   libcrypto that lacks EVP_CIPHER_CTX_ctrl
237
23820130208
239 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
240   patch from Iain Morgan in bz#2059
241 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
242   __attribute__ on return values and work around if necessary.  ok djm@
243
24420130207
245 - (djm) [configure.ac] Don't probe seccomp capability of running kernel
246   at configure time; the seccomp sandbox will fall back to rlimit at
247   runtime anyway. Patch from plautrba AT redhat.com in bz#2011
248
24920130120
250 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
251   Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
252   prototypes for openssl-1.0.0-fips.
253 - (djm) OpenBSD CVS Sync
254   - jmc@cvs.openbsd.org 2013/01/18 07:57:47
255     [ssh-keygen.1]
256     tweak previous;
257   - jmc@cvs.openbsd.org 2013/01/18 07:59:46
258     [ssh-keygen.c]
259     -u before -V in usage();
260   - jmc@cvs.openbsd.org 2013/01/18 08:00:49
261     [sshd_config.5]
262     tweak previous;
263   - jmc@cvs.openbsd.org 2013/01/18 08:39:04
264     [ssh-keygen.1]
265     add -Q to the options list; ok djm
266   - jmc@cvs.openbsd.org 2013/01/18 21:48:43
267     [ssh-keygen.1]
268     command-line (adj.) -> command line (n.);
269   - jmc@cvs.openbsd.org 2013/01/19 07:13:25
270     [ssh-keygen.1]
271     fix some formatting; ok djm
272   - markus@cvs.openbsd.org 2013/01/19 12:34:55
273     [krl.c]
274     RB_INSERT does not remove existing elments; ok djm@
275 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
276   version.
277 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
278
27920130118
280 - (djm) OpenBSD CVS Sync
281   - djm@cvs.openbsd.org 2013/01/17 23:00:01
282     [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
283     [krl.c krl.h PROTOCOL.krl]
284     add support for Key Revocation Lists (KRLs). These are a compact way to
285     represent lists of revoked keys and certificates, taking as little as
286     a single bit of incremental cost to revoke a certificate by serial number.
287     KRLs are loaded via the existing RevokedKeys sshd_config option.
288     feedback and ok markus@
289   - djm@cvs.openbsd.org 2013/01/18 00:45:29
290     [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
291     Tests for Key Revocation Lists (KRLs)
292   - djm@cvs.openbsd.org 2013/01/18 03:00:32
293     [krl.c]
294     fix KRL generation bug for list sections
295
29620130117
297 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
298   check for GCM support before testing GCM ciphers.
299
30020130112
301 - (djm) OpenBSD CVS Sync
302   - djm@cvs.openbsd.org 2013/01/12 11:22:04
303     [cipher.c]
304     improve error message for integrity failure in AES-GCM modes; ok markus@
305   - djm@cvs.openbsd.org 2013/01/12 11:23:53
306     [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
307     test AES-GCM modes; feedback markus@
308 - (djm) [regress/integrity.sh] repair botched merge
309
31020130109
311 - (djm) OpenBSD CVS Sync
312   - dtucker@cvs.openbsd.org 2012/12/14 05:26:43
313     [auth.c]
314     use correct string in error message; from rustybsd at gmx.fr
315   - djm@cvs.openbsd.org 2013/01/02 00:32:07
316     [clientloop.c mux.c]
317     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
318     bz#2055 reported by mathieu.lacage AT gmail.com
319   - djm@cvs.openbsd.org 2013/01/02 00:33:49
320     [PROTOCOL.agent]
321     correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
322     bz#2051 from david AT lechnology.com
323   - djm@cvs.openbsd.org 2013/01/03 05:49:36
324     [servconf.h]
325     add a couple of ServerOptions members that should be copied to the privsep
326     child (for consistency, in this case they happen only to be accessed in
327     the monitor); ok dtucker@
328   - djm@cvs.openbsd.org 2013/01/03 12:49:01
329     [PROTOCOL]
330     fix description of MAC calculation for EtM modes; ok markus@
331   - djm@cvs.openbsd.org 2013/01/03 12:54:49
332     [sftp-server.8 sftp-server.c]
333     allow specification of an alternate start directory for sftp-server(8)
334     "I like this" markus@
335   - djm@cvs.openbsd.org 2013/01/03 23:22:58
336     [ssh-keygen.c]
337     allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
338     ok markus@
339   - jmc@cvs.openbsd.org 2013/01/04 19:26:38
340     [sftp-server.8 sftp-server.c]
341     sftp-server.8: add argument name to -d
342     sftp-server.c: add -d to usage()
343     ok djm
344   - markus@cvs.openbsd.org 2013/01/08 18:49:04
345     [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
346     [myproposal.h packet.c ssh_config.5 sshd_config.5]
347     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
348     ok and feedback djm@
349   - djm@cvs.openbsd.org 2013/01/09 05:40:17
350     [ssh-keygen.c]
351     correctly initialise fingerprint type for fingerprinting PKCS#11 keys
352 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
353   Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
354   cipher compat code to openssl-compat.h
355
35620121217
357 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
358   tests will work with VPATH directories.
359
36020121213
361 - (djm) OpenBSD CVS Sync
362   - markus@cvs.openbsd.org 2012/12/12 16:45:52
363     [packet.c]
364     reset incoming_packet buffer for each new packet in EtM-case, too;
365     this happens if packets are parsed only parially (e.g. ignore
366     messages sent when su/sudo turn off echo); noted by sthen/millert
367   - naddy@cvs.openbsd.org 2012/12/12 16:46:10
368     [cipher.c]
369     use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
370     counter mode code; ok djm@
371 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
372   compat code for older OpenSSL
373 - (djm) [cipher.c] Fix missing prototype for compat code
374
37520121212
376 - (djm) OpenBSD CVS Sync
377   - markus@cvs.openbsd.org 2012/12/11 22:16:21
378     [monitor.c]
379     drain the log messages after receiving the keystate from the unpriv
380     child. otherwise it might block while sending. ok djm@
381   - markus@cvs.openbsd.org 2012/12/11 22:31:18
382     [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
383     [packet.c ssh_config.5 sshd_config.5]
384     add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
385     that change the packet format and compute the MAC over the encrypted
386     message (including the packet size) instead of the plaintext data;
387     these EtM modes are considered more secure and used by default.
388     feedback and ok djm@
389   - sthen@cvs.openbsd.org 2012/12/11 22:51:45
390     [mac.c]
391     fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
392   - markus@cvs.openbsd.org 2012/12/11 22:32:56
393     [regress/try-ciphers.sh]
394     add etm modes
395   - markus@cvs.openbsd.org 2012/12/11 22:42:11
396     [regress/Makefile regress/modpipe.c regress/integrity.sh]
397     test the integrity of the packets; with djm@
398   - markus@cvs.openbsd.org 2012/12/11 23:12:13
399     [try-ciphers.sh]
400     add hmac-ripemd160-etm@openssh.com
401 - (djm) [mac.c] fix merge botch
402 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
403   work on platforms without 'jot'
404 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
405 - (djm) [regress/Makefile] fix t-exec rule
406
40720121207
408 - (dtucker) OpenBSD CVS Sync
409   - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
410     [regress/keys-command.sh]
411     Fix some problems with the keys-command test:
412      - use string comparison rather than numeric comparison
413      - check for existing KEY_COMMAND file and don't clobber if it exists
414      - clean up KEY_COMMAND file if we do create it.
415      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
416        is mounted noexec).
417     ok djm.
418   - jmc@cvs.openbsd.org 2012/12/03 08:33:03
419     [ssh-add.1 sshd_config.5]
420     tweak previous;
421   - markus@cvs.openbsd.org 2012/12/05 15:42:52
422     [ssh-add.c]
423     prevent double-free of comment; ok djm@
424   - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
425     [serverloop.c]
426     Cast signal to int for logging.  A no-op on openbsd (they're always ints)
427     but will prevent warnings in portable.  ok djm@
428
42920121205
430 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
431
43220121203
433 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
434   TAILQ_FOREACH_SAFE needed for upcoming changes.
435 - (djm) OpenBSD CVS Sync
436   - djm@cvs.openbsd.org 2012/12/02 20:26:11
437     [ssh_config.5 sshconnect2.c]
438     Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
439     This allows control of which keys are offered from tokens using
440     IdentityFile. ok markus@
441   - djm@cvs.openbsd.org 2012/12/02 20:42:15
442     [ssh-add.1 ssh-add.c]
443     make deleting explicit keys "ssh-add -d" symmetric with adding keys -
444     try to delete the corresponding certificate too and respect the -k option
445     to allow deleting of the key only; feedback and ok markus@
446   - djm@cvs.openbsd.org 2012/12/02 20:46:11
447     [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
448     [sshd_config.5]
449     make AllowTcpForwarding accept "local" and "remote" in addition to its
450     current "yes"/"no" to allow the server to specify whether just local or
451     remote TCP forwarding is enabled. ok markus@
452   - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
453     [regress/cipher-speed.sh regress/try-ciphers.sh]
454     Add umac-128@openssh.com to the list of MACs to be tested
455   - djm@cvs.openbsd.org 2012/10/19 05:10:42
456     [regress/cert-userkey.sh]
457     include a serial number when generating certs
458   - djm@cvs.openbsd.org 2012/11/22 22:49:30
459     [regress/Makefile regress/keys-command.sh]
460     regress for AuthorizedKeysCommand; hints from markus@
461   - djm@cvs.openbsd.org 2012/12/02 20:47:48
462     [Makefile regress/forward-control.sh]
463     regress for AllowTcpForwarding local/remote; ok markus@
464   - djm@cvs.openbsd.org 2012/12/03 00:14:06
465     [auth2-chall.c ssh-keygen.c]
466     Fix compilation with -Wall -Werror (trivial type fixes)
467 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
468   debugging. ok dtucker@
469 - (djm) [configure.ac] Revert previous. configure.ac already does this
470   for us.
471
47220121114
473 - (djm) OpenBSD CVS Sync
474   - djm@cvs.openbsd.org 2012/11/14 02:24:27
475     [auth2-pubkey.c]
476     fix username passed to helper program
477     prepare stdio fds before closefrom()
478     spotted by landry@
479   - djm@cvs.openbsd.org 2012/11/14 02:32:15
480     [ssh-keygen.c]
481     allow the full range of unsigned serial numbers; 'fine' deraadt@
482   - djm@cvs.openbsd.org 2012/12/02 20:34:10
483     [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
484     [monitor.c monitor.h]
485     Fixes logging of partial authentication when privsep is enabled
486     Previously, we recorded "Failed xxx" since we reset authenticated before
487     calling auth_log() in auth2.c. This adds an explcit "Partial" state.
488
489     Add a "submethod" to auth_log() to report which submethod is used
490     for keyboard-interactive.
491
492     Fix multiple authentication when one of the methods is
493     keyboard-interactive.
494
495     ok markus@
496   - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
497     [regress/multiplex.sh]
498     Use 'kill -0' to test for the presence of a pid since it's more portable
499
50020121107
501 - (djm) OpenBSD CVS Sync
502   - eric@cvs.openbsd.org 2011/11/28 08:46:27
503     [moduli.5]
504     fix formula
505     ok djm@
506   - jmc@cvs.openbsd.org 2012/09/26 17:34:38
507     [moduli.5]
508     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
509     references into a STANDARDS section;
510
51120121105
512 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
513   openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
514   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
515   and gids from uidswap.c to the compat library, which allows it to work with
516   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
517 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
518   don't have it.  Spotted by tim@.
519
52020121104
521 - (djm) OpenBSD CVS Sync
522   - jmc@cvs.openbsd.org 2012/10/31 08:04:50
523     [sshd_config.5]
524     tweak previous;
525   - djm@cvs.openbsd.org 2012/11/04 10:38:43
526     [auth2-pubkey.c sshd.c sshd_config.5]
527     Remove default of AuthorizedCommandUser. Administrators are now expected
528     to explicitly specify a user. feedback and ok markus@
529   - djm@cvs.openbsd.org 2012/11/04 11:09:15
530     [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
531     [sshd_config.5]
532     Support multiple required authentication via an AuthenticationMethods
533     option. This option lists one or more comma-separated lists of
534     authentication method names. Successful completion of all the methods in
535     any list is required for authentication to complete;
536     feedback and ok markus@
537
53820121030
539 - (djm) OpenBSD CVS Sync
540   - markus@cvs.openbsd.org 2012/10/05 12:34:39
541     [sftp.c]
542     fix signed vs unsigned warning; feedback & ok: djm@
543   - djm@cvs.openbsd.org 2012/10/30 21:29:55
544     [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
545     [sshd.c sshd_config sshd_config.5]
546     new sshd_config option AuthorizedKeysCommand to support fetching
547     authorized_keys from a command in addition to (or instead of) from
548     the filesystem. The command is run as the target server user unless
549     another specified via a new AuthorizedKeysCommandUser option.
550
551     patch originally by jchadima AT redhat.com, reworked by me; feedback
552     and ok markus@
553
55420121019
555 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
556   the generated file as intended.
557
55820121005
559 - (dtucker) OpenBSD CVS Sync
560   - djm@cvs.openbsd.org 2012/09/17 09:54:44
561     [sftp.c]
562     an XXX for later
563   - markus@cvs.openbsd.org 2012/09/17 13:04:11
564     [packet.c]
565     clear old keys on rekeing; ok djm
566   - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
567     [sftp.c]
568     Add bounds check on sftp tab-completion.  Part of a patch from from
569     Jean-Marc Robert via tech@, ok djm
570   - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
571     [sftp.c]
572     Fix improper handling of absolute paths when PWD is part of the completed
573     path.  Patch from Jean-Marc Robert via tech@, ok djm.
574  - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
575     [sftp.c]
576     Fix handling of filenames containing escaped globbing characters and
577     escape "#" and "*".  Patch from Jean-Marc Robert via tech@, ok djm.
578   - jmc@cvs.openbsd.org 2012/09/26 16:12:13
579     [ssh.1]
580     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
581     references into a STANDARDS section;
582   - naddy@cvs.openbsd.org 2012/10/01 13:59:51
583     [monitor_wrap.c]
584     pasto; ok djm@
585   - djm@cvs.openbsd.org 2012/10/02 07:07:45
586     [ssh-keygen.c]
587     fix -z option, broken in revision 1.215
588   - markus@cvs.openbsd.org 2012/10/04 13:21:50
589     [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
590     add umac128 variant; ok djm@ at n2k12
591  - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
592     [regress/try-ciphers.sh]
593     Restore missing space.  (Id sync only).
594   - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
595     [regress/multiplex.sh]
596     Add test for ssh -Ostop
597   - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
598     [regress/multiplex.sh]
599     Log -O cmd output to the log file and make logging consistent with the
600     other tests.  Test clean shutdown of an existing channel when testing
601     "stop".
602   - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
603     [regress/multiplex.sh]
604     use -Ocheck and waiting for completions by PID to make multiplexing test
605     less racy and (hopefully) more reliable on slow hardware.
606 - [Makefile umac.c] Add special-case target to build umac128.o.
607 - [umac.c] Enforce allowed umac output sizes.  From djm@.
608 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
609
61020120917
611 - (dtucker) OpenBSD CVS Sync
612   - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
613     [servconf.c]
614     Fix comment line length
615   - markus@cvs.openbsd.org 2012/09/14 16:51:34
616     [sshconnect.c]
617     remove unused variable
618
61920120907
620 - (dtucker) OpenBSD CVS Sync
621   - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
622     [clientloop.c]
623     Make the escape command help (~?) context sensitive so that only commands
624     that will work in the current session are shown.  ok markus@
625   - jmc@cvs.openbsd.org 2012/09/06 13:57:42
626     [ssh.1]
627     missing letter in previous;
628   - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
629     [clientloop.c]
630     Print '^Z' instead of a raw ^Z when the sequence is not supported.  ok djm@
631   - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
632     [clientloop.c]
633     Merge escape help text for ~v and ~V; ok djm@
634   - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
635     [clientloop.c]
636     when muxmaster is run with -N, make it shut down gracefully when a client
637     sends it "-O stop" rather than hanging around (bz#1985).  ok djm@
638
63920120906
640 - (dtucker) OpenBSD CVS Sync
641   - jmc@cvs.openbsd.org 2012/08/15 18:25:50
642     [ssh-keygen.1]
643     a little more info on certificate validity;
644     requested by Ross L Richardson, and provided by djm
645   - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
646     [clientloop.c clientloop.h mux.c]
647     Force a clean shutdown of ControlMaster client sessions when the ~. escape
648     sequence is used.  This means that ~. should now work in mux clients even
649     if the server is no longer responding.  Found by tedu, ok djm.
650   - djm@cvs.openbsd.org 2012/08/17 01:22:56
651     [kex.c]
652     add some comments about better handling first-KEX-follows notifications
653     from the server. Nothing uses these right now. No binary change
654   - djm@cvs.openbsd.org 2012/08/17 01:25:58
655     [ssh-keygen.c]
656     print details of which host lines were deleted when using
657     "ssh-keygen -R host"; ok markus@
658   - djm@cvs.openbsd.org 2012/08/17 01:30:00
659     [compat.c sshconnect.c]
660     Send client banner immediately, rather than waiting for the server to
661     move first for SSH protocol 2 connections (the default). Patch based on
662     one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
663   - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
664     [clientloop.c log.c ssh.1 log.h]
665     Add ~v and ~V escape sequences to raise and lower the logging level
666     respectively. Man page help from jmc, ok deraadt jmc
667
66820120830
669 - (dtucker) [moduli] Import new moduli file.
670
67120120828
672 - (djm) Release openssh-6.1
673
67420120828
675 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
676   for compatibility with future mingw-w64 headers.  Patch from vinschen at
677   redhat com.
678
67920120822
680 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
681   [contrib/suse/openssh.spec] Update version numbers
682
68320120731
684 - (djm) OpenBSD CVS Sync
685   - jmc@cvs.openbsd.org 2012/07/06 06:38:03
686     [ssh-keygen.c]
687     missing full stop in usage();
688   - djm@cvs.openbsd.org 2012/07/10 02:19:15
689     [servconf.c servconf.h sshd.c sshd_config]
690     Turn on systrace sandboxing of pre-auth sshd by default for new installs
691     by shipping a config that overrides the current UsePrivilegeSeparation=yes
692     default. Make it easier to flip the default in the future by adding too.
693     prodded markus@ feedback dtucker@ "get it in" deraadt@
694   - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
695     [servconf.c]
696     handle long comments in config files better.  bz#2025, ok markus
697   - markus@cvs.openbsd.org 2012/07/22 18:19:21
698     [version.h]
699     openssh 6.1
700
70120120720
702 - (dtucker) Import regened moduli file.
703
70420120706
705 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
706   not available. Allows use of sshd compiled on host with a filter-capable
707   kernel on hosts that lack the support. bz#2011 ok dtucker@
708 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
709   unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
710   esperi.org.uk; ok dtucker@
711- (djm) OpenBSD CVS Sync
712   - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
713     [moduli.c ssh-keygen.1 ssh-keygen.c]
714     Add options to specify starting line number and number of lines to process
715     when screening moduli candidates.  This allows processing of different
716     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
717   - djm@cvs.openbsd.org 2012/07/06 01:37:21
718     [mux.c]
719     fix memory leak of passed-in environment variables and connection
720     context when new session message is malformed; bz#2003 from Bert.Wesarg
721     AT googlemail.com
722   - djm@cvs.openbsd.org 2012/07/06 01:47:38
723     [ssh.c]
724     move setting of tty_flag to after config parsing so RequestTTY options
725     are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
726     ok dtucker@
727
72820120704
729 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
730   platforms that don't have it.  "looks good" tim@
731
73220120703
733 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
734   setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
735 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
736   setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported.  Its
737   benefit is minor, so it's not worth disabling the sandbox if it doesn't
738   work.
739
74020120702
741- (dtucker) OpenBSD CVS Sync
742   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
743     [ssh_config.5 sshd_config.5]
744     match the documented MAC order of preference to the actual one;
745     ok dtucker@
746   - markus@cvs.openbsd.org 2012/06/30 14:35:09
747     [sandbox-systrace.c sshd.c]
748     fix a during the load of the sandbox policies (child can still make
749     the read-syscall and wait forever for systrace-answers) by replacing
750     the read/write synchronisation with SIGSTOP/SIGCONT;
751     report and help hshoexer@; ok djm@, dtucker@
752   - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
753     [ssh.c]
754     set interactive ToS for forwarded X11 sessions.  ok djm@
755   - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
756     [ssh-pkcs11-helper.c sftp-client.c]
757     fix a couple of "assigned but not used" warnings.  ok markus@
758   - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
759     [regress/connect-privsep.sh]
760     remove exit from end of test since it prevents reporting failure
761 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
762   Move cygwin detection to test-exec and use to skip reexec test on cygwin.
763 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
764
76520120629
766 - OpenBSD CVS Sync
767   - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
768     [addrmatch.c]
769     fix strlcpy truncation check.  from carsten at debian org, ok markus
770   - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
771     [monitor.c sshconnect2.c]
772     remove dead code following 'for (;;)' loops.
773     From Steve.McClellan at radisys com, ok markus@
774   - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
775     [sftp.c]
776     Remove unused variable leftover from tab-completion changes.
777     From Steve.McClellan at radisys com, ok markus@
778   - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
779     [sandbox-systrace.c]
780     Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
781     sandbox" since malloc now uses it.  From johnw.mail at gmail com.
782   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
783     [mac.c myproposal.h ssh_config.5 sshd_config.5]
784     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
785     from draft6 of the spec and will not be in the RFC when published.  Patch
786     from mdb at juniper net via bz#2023, ok markus.
787   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
788     [ssh_config.5 sshd_config.5]
789     match the documented MAC order of preference to the actual one; ok dtucker@
790   - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
791     [regress/addrmatch.sh]
792     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
793     to match.  Feedback and ok djm@ markus@.
794   - djm@cvs.openbsd.org 2012/06/01 00:47:35
795     [regress/multiplex.sh regress/forwarding.sh]
796     append to rather than truncate test log; bz#2013 from openssh AT
797     roumenpetrov.info
798   - djm@cvs.openbsd.org 2012/06/01 00:52:52
799     [regress/sftp-cmds.sh]
800     don't delete .* on cleanup due to unintended env expansion; pointed out in
801     bz#2014 by openssh AT roumenpetrov.info
802   - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
803     [regress/connect-privsep.sh]
804     test sandbox with every malloc option
805   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
806     [regress/try-ciphers.sh regress/cipher-speed.sh]
807     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
808     from draft6 of the spec and will not be in the RFC when published.  Patch
809     from mdb at juniper net via bz#2023, ok markus.
810 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
811 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
812   the required functions in libcrypto.
813
81420120628
815 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
816   pointer deref in the client when built with LDNS and using DNSSEC with a
817   CNAME.  Patch from gregdlg+mr at hochet info.
818
81920120622
820 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
821   can logon as a service.  Patch from vinschen at redhat com.
822
82320120620
824 - (djm) OpenBSD CVS Sync
825   - djm@cvs.openbsd.org 2011/12/02 00:41:56
826     [mux.c]
827     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
828     ok dtucker@
829   - djm@cvs.openbsd.org 2011/12/04 23:16:12
830     [mux.c]
831     revert:
832     > revision 1.32
833     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
834     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
835     > ok dtucker@
836     it interacts badly with ControlPersist
837   - djm@cvs.openbsd.org 2012/01/07 21:11:36
838     [mux.c]
839     fix double-free in new session handler
840     NB. Id sync only
841   - djm@cvs.openbsd.org 2012/05/23 03:28:28
842     [dns.c dns.h key.c key.h ssh-keygen.c]
843     add support for RFC6594 SSHFP DNS records for ECDSA key types.
844     patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
845     (Original authors Ondřej Surý,  Ondřej Caletka and Daniel Black)
846   - djm@cvs.openbsd.org 2012/06/01 00:49:35
847     [PROTOCOL.mux]
848     correct types of port numbers (integers, not strings); bz#2004 from
849     bert.wesarg AT googlemail.com
850   - djm@cvs.openbsd.org 2012/06/01 01:01:22
851     [mux.c]
852     fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
853     AT googlemail.com
854   - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
855     [jpake.c]
856     correct sizeof usage.  patch from saw at online.de, ok deraadt
857   - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
858     [ssh_config.5]
859     RSA instead of DSA twice.  From Steve.McClellan at radisys com
860   - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
861     [ssh.1 sshd.8]
862     Remove mention of 'three' key files since there are now four.  From
863     Steve.McClellan at radisys com.
864   - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
865     [ssh.1]
866     Clarify description of -W.  Noted by Steve.McClellan at radisys com,
867     ok jmc
868   - markus@cvs.openbsd.org 2012/06/19 18:25:28
869     [servconf.c servconf.h sshd_config.5]
870     sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
871     this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
872     ok djm@ (back in March)
873   - jmc@cvs.openbsd.org 2012/06/19 21:35:54
874     [sshd_config.5]
875     tweak previous; ok markus
876   - djm@cvs.openbsd.org 2012/06/20 04:42:58
877     [clientloop.c serverloop.c]
878     initialise accept() backoff timer to avoid EINVAL from select(2) in
879     rekeying
880
88120120519
882 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct.  Patch
883   from cjwatson at debian org.
884 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
885   pkg-config so it does the right thing when cross-compiling.  Patch from
886   cjwatson at debian org.
887- (dtucker) OpenBSD CVS Sync
888   - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
889     [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
890     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
891     to match.  Feedback and ok djm@ markus@.
892   - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
893     [sshd_config.5]
894     Document PermitOpen none.  bz#2001, patch from Loganaden Velvindron
895
89620120504
897 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
898   to fix building on some plaforms.  Fom bowman at math utah edu and
899   des at des no.
900
90120120427
902 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
903   platform rather than exiting early, so that we still clean up and return
904   success or failure to test-exec.sh
905
90620120426
907 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
908   via Niels
909 - (djm) [auth-krb5.c] Save errno across calls that might modify it;
910   ok dtucker@
911
91220120423
913 - OpenBSD CVS Sync
914   - djm@cvs.openbsd.org 2012/04/23 08:18:17
915     [channels.c]
916     fix function proto/source mismatch
917
91820120422
919 - OpenBSD CVS Sync
920   - djm@cvs.openbsd.org 2012/02/29 11:21:26
921     [ssh-keygen.c]
922     allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
923   - guenther@cvs.openbsd.org 2012/03/15 03:10:27
924     [session.c]
925     root should always be excluded from the test for /etc/nologin instead
926     of having it always enforced even when marked as ignorenologin.  This
927     regressed when the logic was incompletely flipped around in rev 1.251
928     ok halex@ millert@
929   - djm@cvs.openbsd.org 2012/03/28 07:23:22
930     [PROTOCOL.certkeys]
931     explain certificate extensions/crit split rationale. Mention requirement
932     that each appear at most once per cert.
933   - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
934     [channels.c channels.h servconf.c]
935     Add PermitOpen none option based on patch from Loganaden Velvindron
936     (bz #1949).  ok djm@
937   - djm@cvs.openbsd.org 2012/04/11 13:16:19
938     [channels.c channels.h clientloop.c serverloop.c]
939     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
940     while; ok deraadt@ markus@
941   - djm@cvs.openbsd.org 2012/04/11 13:17:54
942     [auth.c]
943     Support "none" as an argument for AuthorizedPrincipalsFile to indicate
944     no file should be read.
945   - djm@cvs.openbsd.org 2012/04/11 13:26:40
946     [sshd.c]
947     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
948     while; ok deraadt@ markus@
949   - djm@cvs.openbsd.org 2012/04/11 13:34:17
950     [ssh-keyscan.1 ssh-keyscan.c]
951     now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
952     look for them by default; bz#1971
953   - djm@cvs.openbsd.org 2012/04/12 02:42:32
954     [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
955     VersionAddendum option to allow server operators to append some arbitrary
956     text to the SSH-... banner; ok deraadt@ "don't care" markus@
957   - djm@cvs.openbsd.org 2012/04/12 02:43:55
958     [sshd_config sshd_config.5]
959     mention AuthorizedPrincipalsFile=none default
960   - djm@cvs.openbsd.org 2012/04/20 03:24:23
961     [sftp.c]
962     setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
963   - jmc@cvs.openbsd.org 2012/04/20 16:26:22
964     [ssh.1]
965     use "brackets" instead of "braces", for consistency;
966
96720120420
968 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
969   [contrib/suse/openssh.spec] Update for release 6.0
970 - (djm) [README] Update URL to release notes.
971 - (djm) Release openssh-6.0
972
97320120419
974 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
975   contains openpty() but not login()
976
97720120404
978 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
979   mode for Linux's new seccomp filter; patch from Will Drewry; feedback
980   and ok dtucker@
981
98220120330
983 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
984   file from spec file.  From crighter at nuclioss com.
985 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
986   openssh binaries on a newer fix release than they were compiled on.
987   with and ok dtucker@
988 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
989   assumptions when building on Cygwin; patch from Corinna Vinschen
990
99120120309
992 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
993   systems where sshd is run in te wrong context. Patch from Sven
994   Vermeulen; ok dtucker@
995 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
996   addressed connections. ok dtucker@
997
99820120224
999 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
1000   audit breakage in Solaris 11.  Patch from Magnus Johansson.
1001
100220120215
1003 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
1004   unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
1005   ok dtucker@
1006 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
1007   it actually works.
1008 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
1009   to work. Spotted by Angel Gonzalez
1010
101120120214
1012 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
1013   preserved Cygwin environment variables; from Corinna Vinschen
1014
101520120211
1016 - (djm) OpenBSD CVS Sync
1017   - djm@cvs.openbsd.org 2012/01/05 00:16:56
1018     [monitor.c]
1019     memleak on error path
1020   - djm@cvs.openbsd.org 2012/01/07 21:11:36
1021     [mux.c]
1022     fix double-free in new session handler
1023   - miod@cvs.openbsd.org 2012/01/08 13:17:11
1024     [ssh-ecdsa.c]
1025     Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
1026     ok markus@
1027   - miod@cvs.openbsd.org 2012/01/16 20:34:09
1028     [ssh-pkcs11-client.c]
1029     Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
1030     While there, be sure to buffer_clear() between send_msg() and recv_msg().
1031     ok markus@
1032   - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
1033     [clientloop.c]
1034     Ensure that $DISPLAY contains only valid characters before using it to
1035     extract xauth data so that it can't be used to play local shell
1036     metacharacter games.  Report from r00t_ati at ihteam.net, ok markus.
1037   - markus@cvs.openbsd.org 2012/01/25 19:26:43
1038     [packet.c]
1039     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
1040     ok dtucker@, djm@
1041   - markus@cvs.openbsd.org 2012/01/25 19:36:31
1042     [authfile.c]
1043     memleak in key_load_file(); from Jan Klemkow
1044   - markus@cvs.openbsd.org 2012/01/25 19:40:09
1045     [packet.c packet.h]
1046     packet_read_poll() is not used anymore.
1047   - markus@cvs.openbsd.org 2012/02/09 20:00:18
1048     [version.h]
1049     move from 6.0-beta to 6.0
1050
105120120206
1052 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
1053   that don't support ECC. Patch from Phil Oleson
1054
105520111219
1056 - OpenBSD CVS Sync
1057   - djm@cvs.openbsd.org 2011/12/02 00:41:56
1058     [mux.c]
1059     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1060     ok dtucker@
1061   - djm@cvs.openbsd.org 2011/12/02 00:43:57
1062     [mac.c]
1063     fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
1064     HMAC_init (this change in policy seems insane to me)
1065     ok dtucker@
1066   - djm@cvs.openbsd.org 2011/12/04 23:16:12
1067     [mux.c]
1068     revert:
1069     > revision 1.32
1070     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
1071     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1072     > ok dtucker@
1073     it interacts badly with ControlPersist
1074   - djm@cvs.openbsd.org 2011/12/07 05:44:38
1075     [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
1076     fix some harmless and/or unreachable int overflows;
1077     reported Xi Wang, ok markus@
1078
107920111125
1080 - OpenBSD CVS Sync
1081   - oga@cvs.openbsd.org 2011/11/16 12:24:28
1082     [sftp.c]
1083     Don't leak list in complete_cmd_parse if there are no commands found.
1084     Discovered when I was ``borrowing'' this code for something else.
1085     ok djm@
1086
108720111121
1088 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE.  ok djm@
1089
109020111104
1091 - (dtucker) OpenBSD CVS Sync
1092   - djm@cvs.openbsd.org 2011/10/18 05:15:28
1093     [ssh.c]
1094     ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
1095   - djm@cvs.openbsd.org 2011/10/18 23:37:42
1096     [ssh-add.c]
1097     add -k to usage(); reminded by jmc@
1098   - djm@cvs.openbsd.org 2011/10/19 00:06:10
1099     [moduli.c]
1100     s/tmpfile/tmp/ to make this -Wshadow clean
1101   - djm@cvs.openbsd.org 2011/10/19 10:39:48
1102     [umac.c]
1103     typo in comment; patch from Michael W. Bombardieri
1104   - djm@cvs.openbsd.org 2011/10/24 02:10:46
1105     [ssh.c]
1106     bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
1107     was incorrectly requesting the forward in both the control master and
1108     slave. skip requesting it in the master to fix. ok markus@
1109   - djm@cvs.openbsd.org 2011/10/24 02:13:13
1110     [session.c]
1111     bz#1859: send tty break to pty master instead of (probably already
1112     closed) slave side; "looks good" markus@
1113   - dtucker@cvs.openbsd.org 011/11/04 00:09:39
1114     [moduli]
1115     regenerated moduli file; ok deraadt
1116 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
1117   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
1118   bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
1119   which supports DNSSEC.  Patch from Simon Vallet (svallet at genoscope cns fr)
1120   with some rework from myself and djm.  ok djm.
1121
112220111025
1123 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
1124   fails.  Patch from Corinna Vinschen.
1125
112620111018
1127 - (djm) OpenBSD CVS Sync
1128   - djm@cvs.openbsd.org 2011/10/04 14:17:32
1129     [sftp-glob.c]
1130     silence error spam for "ls */foo" in directory with files; bz#1683
1131   - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
1132     [moduli.c ssh-keygen.1 ssh-keygen.c]
1133     Add optional checkpoints for moduli screening.  feedback & ok deraadt
1134   - jmc@cvs.openbsd.org 2011/10/16 15:02:41
1135     [ssh-keygen.c]
1136     put -K in the right place (usage());
1137   - stsp@cvs.openbsd.org 2011/10/16 15:51:39
1138     [moduli.c]
1139     add missing includes to unbreak tree; fix from rpointel
1140   - djm@cvs.openbsd.org 2011/10/18 04:58:26
1141     [auth-options.c key.c]
1142     remove explict search for \0 in packet strings, this job is now done
1143     implicitly by buffer_get_cstring; ok markus
1144   - djm@cvs.openbsd.org 2011/10/18 05:00:48
1145     [ssh-add.1 ssh-add.c]
1146     new "ssh-add -k" option to load plain keys (skipping certificates);
1147     "looks ok" markus@
1148
114920111001
1150 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning.  ok djm
1151 - (dtucker) OpenBSD CVS Sync
1152   - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
1153     [channels.c auth-options.c servconf.c channels.h sshd.8]
1154     Add wildcard support to PermitOpen, allowing things like "PermitOpen
1155     localhost:*".  bz #1857, ok djm markus.
1156   - markus@cvs.openbsd.org 2011/09/23 07:45:05
1157     [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
1158     version.h]
1159     unbreak remote portforwarding with dynamic allocated listen ports:
1160     1) send the actual listen port in the open message (instead of 0).
1161        this allows multiple forwardings with a dynamic listen port
1162     2) update the matching permit-open entry, so we can identify where
1163        to connect to
1164     report: den at skbkontur.ru and P. Szczygielski
1165     feedback and ok djm@
1166   - djm@cvs.openbsd.org 2011/09/25 05:44:47
1167     [auth2-pubkey.c]
1168     improve the AuthorizedPrincipalsFile debug log message to include
1169     file and line number
1170   - dtucker@cvs.openbsd.org 2011/09/30 00:47:37
1171     [sshd.c]
1172     don't attempt privsep cleanup when not using privsep; ok markus@
1173   - djm@cvs.openbsd.org 2011/09/30 21:22:49
1174     [sshd.c]
1175     fix inverted test that caused logspam; spotted by henning@
1176
117720110929
1178 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
1179   from des AT des.no
1180 - (dtucker) [configure.ac openbsd-compat/Makefile.in
1181   openbsd-compat/strnlen.c] Add strnlen to the compat library.
1182
118320110923
1184 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
1185   longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
1186   want this longhand version)
1187 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
1188   upstream version is YPified and we don't want this
1189 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
1190   The file was totally rewritten between what we had in tree and -current.
1191 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
1192   marker. The upstream API has changed (function and structure names)
1193   enough to put it out of sync with other providers of this interface.
1194 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
1195   of static __findenv() function from upstream setenv.c
1196 - OpenBSD CVS Sync
1197   - millert@cvs.openbsd.org 2006/05/05 15:27:38
1198     [openbsd-compat/strlcpy.c]
1199     Convert do {} while loop -> while {} for clarity.  No binary change
1200     on most architectures.  From Oliver Smith.  OK deraadt@ and henning@
1201   - tobias@cvs.openbsd.org 2007/10/21 11:09:30
1202     [openbsd-compat/mktemp.c]
1203     Comment fix about time consumption of _gettemp.
1204     FreeBSD did this in revision 1.20.
1205     OK deraadt@, krw@
1206   - deraadt@cvs.openbsd.org 2008/07/22 21:47:45
1207     [openbsd-compat/mktemp.c]
1208     use arc4random_uniform(); ok djm millert
1209   - millert@cvs.openbsd.org 2008/08/21 16:54:44
1210     [openbsd-compat/mktemp.c]
1211     Remove useless code, the kernel will set errno appropriately if an
1212     element in the path does not exist.  OK deraadt@ pvalchev@
1213   - otto@cvs.openbsd.org 2008/12/09 19:38:38
1214     [openbsd-compat/inet_ntop.c]
1215     fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
1216
121720110922
1218 - OpenBSD CVS Sync
1219   - pyr@cvs.openbsd.org 2011/05/12 07:15:10
1220     [openbsd-compat/glob.c]
1221     When the max number of items for a directory has reached GLOB_LIMIT_READDIR
1222     an error is returned but closedir() is not called.
1223     spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
1224     ok otto@, millert@
1225   - stsp@cvs.openbsd.org 2011/09/20 10:18:46
1226     [glob.c]
1227     In glob(3), limit recursion during matching attempts. Similar to
1228     fnmatch fix. Also collapse consecutive '*' (from NetBSD).
1229     ok miod deraadt
1230   - djm@cvs.openbsd.org 2011/09/22 06:27:29
1231     [glob.c]
1232     fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
1233     applied only to the gl_pathv vector and not the corresponding gl_statv
1234     array. reported in OpenSSH bz#1935; feedback and okay matthew@
1235   - djm@cvs.openbsd.org 2011/08/26 01:45:15
1236     [ssh.1]
1237     Add some missing ssh_config(5) options that can be used in ssh(1)'s
1238     -o argument. Patch from duclare AT guu.fi
1239   - djm@cvs.openbsd.org 2011/09/05 05:56:13
1240     [scp.1 sftp.1]
1241     mention ControlPersist and KbdInteractiveAuthentication in the -o
1242     verbiage in these pages too (prompted by jmc@)
1243   - djm@cvs.openbsd.org 2011/09/05 05:59:08
1244     [misc.c]
1245     fix typo in IPQoS parsing: there is no "AF14" class, but there is
1246     an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1247   - jmc@cvs.openbsd.org 2011/09/05 07:01:44
1248     [scp.1]
1249     knock out a useless Ns;
1250   - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
1251     [ssh-keygen.1]
1252     typo (they vs the) found by Lawrence Teo
1253   - djm@cvs.openbsd.org 2011/09/09 00:43:00
1254     [ssh_config.5 sshd_config.5]
1255     fix typo in IPQoS parsing: there is no "AF14" class, but there is
1256     an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1257   - djm@cvs.openbsd.org 2011/09/09 00:44:07
1258     [PROTOCOL.mux]
1259     MUX_C_CLOSE_FWD includes forward type in message (though it isn't
1260     implemented anyway)
1261   - djm@cvs.openbsd.org 2011/09/09 22:37:01
1262     [scp.c]
1263     suppress adding '--' to remote commandlines when the first argument
1264     does not start with '-'. saves breakage on some difficult-to-upgrade
1265     embedded/router platforms; feedback & ok dtucker ok markus
1266   - djm@cvs.openbsd.org 2011/09/09 22:38:21
1267     [sshd.c]
1268     kill the preauth privsep child on fatal errors in the monitor;
1269     ok markus@
1270   - djm@cvs.openbsd.org 2011/09/09 22:46:44
1271     [channels.c channels.h clientloop.h mux.c ssh.c]
1272     support for cancelling local and remote port forwards via the multiplex
1273     socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
1274     the cancellation of the specified forwardings; ok markus@
1275   - markus@cvs.openbsd.org 2011/09/10 22:26:34
1276     [channels.c channels.h clientloop.c ssh.1]
1277     support cancellation of local/dynamic forwardings from ~C commandline;
1278     ok & feedback djm@
1279   - okan@cvs.openbsd.org 2011/09/11 06:59:05
1280     [ssh.1]
1281     document new -O cancel command; ok djm@
1282   - markus@cvs.openbsd.org 2011/09/11 16:07:26
1283     [sftp-client.c]
1284     fix leaks in do_hardlink() and do_readlink(); bz#1921
1285     from Loganaden Velvindron
1286   - markus@cvs.openbsd.org 2011/09/12 08:46:15
1287     [sftp-client.c]
1288     fix leak in do_lsreaddir(); ok djm
1289   - djm@cvs.openbsd.org 2011/09/22 06:29:03
1290     [sftp.c]
1291     don't let remote_glob() implicitly sort its results in do_globbed_ls() -
1292     in all likelihood, they will be resorted anyway
1293
129420110909
1295 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng.  From
1296   Colin Watson.
1297
129820110906
1299 - (djm) [README version.h] Correct version
1300 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
1301 - (djm) Respin OpenSSH-5.9p1 release
1302
130320110905
1304 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1305   [contrib/suse/openssh.spec] Update version numbers.
1306
130720110904
1308 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
1309   regress errors for the sandbox to warnings. ok tim dtucker
1310 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
1311   ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
1312   support.
1313
131420110829
1315 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
1316   to switch SELinux context away from unconfined_t, based on patch from
1317   Jan Chadima; bz#1919 ok dtucker@
1318
131920110827
1320 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
1321
132220110818
1323 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
1324
132520110817
1326 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
1327   OpenSSL 0.9.7. ok djm
1328 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
1329   binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
1330 - (djm) [configure.ac] error out if the host lacks the necessary bits for
1331   an explicitly requested sandbox type
1332 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
1333   bisson AT archlinux.org
1334 - (djm) OpenBSD CVS Sync
1335   - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
1336     [regress/cfgmatch.sh]
1337     use OBJ to find test configs, patch from Tim Rice
1338   - markus@cvs.openbsd.org 2011/06/30 22:44:43
1339     [regress/connect-privsep.sh]
1340     test with sandbox enabled; ok djm@
1341   - djm@cvs.openbsd.org 2011/08/02 01:23:41
1342     [regress/cipher-speed.sh regress/try-ciphers.sh]
1343     add SHA256/SHA512 based HMAC modes
1344 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
1345   MAC tests for platforms that hack EVP_SHA2 support
1346
134720110812
1348 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
1349   change error by reporting old and new context names  Patch from
1350   jchadima at redhat.
1351 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
1352   [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
1353   init scrips from imorgan AT nas.nasa.gov; bz#1920
1354 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
1355   identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
1356   AT gmail.com; ok dtucker@
1357
135820110807
1359 - (dtucker) OpenBSD CVS Sync
1360   - jmc@cvs.openbsd.org 2008/06/26 06:59:39
1361     [moduli.5]
1362     tweak previous;
1363   - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
1364     [moduli.5]
1365     "Diffie-Hellman" is the usual spelling for the cryptographic protocol
1366     first published by Whitfield Diffie and Martin Hellman in 1976.
1367     ok jmc@
1368   - jmc@cvs.openbsd.org 2010/10/14 20:41:28
1369     [moduli.5]
1370     probabalistic -> probabilistic; from naddy
1371   - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
1372     [sftp.1]
1373     typo, fix from Laurent Gautrot
1374
137520110805
1376 - OpenBSD CVS Sync
1377   - djm@cvs.openbsd.org 2011/06/23 23:35:42
1378     [monitor.c]
1379     ignore EINTR errors from poll()
1380   - tedu@cvs.openbsd.org 2011/07/06 18:09:21
1381     [authfd.c]
1382     bzero the agent address.  the kernel was for a while very cranky about
1383     these things.  evne though that's fixed, always good to initialize
1384     memory.  ok deraadt djm
1385   - djm@cvs.openbsd.org 2011/07/29 14:42:45
1386     [sandbox-systrace.c]
1387     fail open(2) with EPERM rather than SIGKILLing the whole process. libc
1388     will call open() to do strerror() when NLS is enabled;
1389     feedback and ok markus@
1390   - markus@cvs.openbsd.org 2011/08/01 19:18:15
1391     [gss-serv.c]
1392     prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
1393     report Adam Zabrock; ok djm@, deraadt@
1394   - djm@cvs.openbsd.org 2011/08/02 01:22:11
1395     [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
1396     Add new SHA256 and SHA512 based HMAC modes from
1397     http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
1398     Patch from mdb AT juniper.net; feedback and ok markus@
1399   - djm@cvs.openbsd.org 2011/08/02 23:13:01
1400     [version.h]
1401     crank now, release later
1402   - djm@cvs.openbsd.org 2011/08/02 23:15:03
1403     [ssh.c]
1404     typo in comment
1405
140620110624
1407 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
1408   Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
1409   markus@
1410
141120110623
1412 - OpenBSD CVS Sync
1413   - djm@cvs.openbsd.org 2011/06/22 21:47:28
1414     [servconf.c]
1415     reuse the multistate option arrays to pretty-print options for "sshd -T"
1416   - djm@cvs.openbsd.org 2011/06/22 21:57:01
1417     [servconf.c servconf.h sshd.c sshd_config.5]
1418     [configure.ac Makefile.in]
1419     introduce sandboxing of the pre-auth privsep child using systrace(4).
1420
1421     This introduces a new "UsePrivilegeSeparation=sandbox" option for
1422     sshd_config that applies mandatory restrictions on the syscalls the
1423     privsep child can perform. This prevents a compromised privsep child
1424     from being used to attack other hosts (by opening sockets and proxying)
1425     or probing local kernel attack surface.
1426
1427     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
1428     mode, where a list of permitted syscalls is supplied. Any syscall not
1429     on the list results in SIGKILL being sent to the privsep child. Note
1430     that this requires a kernel with the new SYSTR_POLICY_KILL option.
1431
1432     UsePrivilegeSeparation=sandbox will become the default in the future
1433     so please start testing it now.
1434
1435     feedback dtucker@; ok markus@
1436   - djm@cvs.openbsd.org 2011/06/22 22:08:42
1437     [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
1438     hook up a channel confirm callback to warn the user then requested X11
1439     forwarding was refused by the server; ok markus@
1440   - djm@cvs.openbsd.org 2011/06/23 09:34:13
1441     [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
1442     [sandbox-null.c]
1443     rename sandbox.h => ssh-sandbox.h to make things easier for portable
1444 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
1445   setrlimit(2)
1446
144720110620
1448 - OpenBSD CVS Sync
1449   - djm@cvs.openbsd.org 2011/06/04 00:10:26
1450     [ssh_config.5]
1451     explain IdentifyFile's semantics a little better, prompted by bz#1898
1452     ok dtucker jmc
1453   - markus@cvs.openbsd.org 2011/06/14 22:49:18
1454     [authfile.c]
1455     make sure key_parse_public/private_rsa1() no longer consumes its input
1456     buffer.  fixes ssh-add for passphrase-protected ssh1-keys;
1457     noted by naddy@; ok djm@
1458   - djm@cvs.openbsd.org 2011/06/17 21:44:31
1459     [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
1460     make the pre-auth privsep slave log via a socketpair shared with the
1461     monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
1462   - djm@cvs.openbsd.org 2011/06/17 21:46:16
1463     [sftp-server.c]
1464     the protocol version should be unsigned; bz#1913 reported by mb AT
1465     smartftp.com
1466   - djm@cvs.openbsd.org 2011/06/17 21:47:35
1467     [servconf.c]
1468     factor out multi-choice option parsing into a parse_multistate label
1469     and some support structures; ok dtucker@
1470   - djm@cvs.openbsd.org 2011/06/17 21:57:25
1471     [clientloop.c]
1472     setproctitle for a mux master that has been gracefully stopped;
1473     bz#1911 from Bert.Wesarg AT googlemail.com
1474
147520110603
1476 - (dtucker) [README version.h contrib/caldera/openssh.spec
1477   contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
1478   bumps from the 5.8p2 branch into HEAD.  ok djm.
1479 - (tim) [configure.ac defines.h] Run test program to detect system mail
1480   directory. Add --with-maildir option to override. Fixed OpenServer 6
1481   getting it wrong. Fixed many systems having MAIL=/var/mail//username
1482   ok dtucker
1483 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case.  We use socketpair
1484   unconditionally in other places and the survey data we have does not show
1485   any systems that use it.  "nuke it" djm@
1486 - (djm) [configure.ac] enable setproctitle emulation for OS X
1487 - (djm) OpenBSD CVS Sync
1488   - djm@cvs.openbsd.org 2011/06/03 00:54:38
1489     [ssh.c]
1490     bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
1491     AT googlemail.com; ok dtucker@
1492     NB. includes additional portability code to enable setproctitle emulation
1493     on platforms that don't support it.
1494   - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
1495     [ssh-agent.c]
1496     Check current parent process ID against saved one to determine if the parent
1497     has exited, rather than attempting to send a zero signal, since the latter
1498     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
1499     Gillmor, ok djm@
1500    - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
1501     [regress/dynamic-forward.sh]
1502     back out revs 1.6 and 1.5 since it's not reliable
1503   - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
1504     [regress/dynamic-forward.sh]
1505     work around startup and teardown races; caught by deraadt
1506   - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
1507     [regress/dynamic-forward.sh]
1508     Retry establishing the port forwarding after a small delay, should make
1509     the tests less flaky when the previous test is slow to shut down and free
1510     up the port.
1511 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
1512
151320110529
1514 - (djm) OpenBSD CVS Sync
1515   - djm@cvs.openbsd.org 2011/05/23 03:30:07
1516     [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
1517     [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
1518     allow AuthorizedKeysFile to specify multiple files, separated by spaces.
1519     Bring back authorized_keys2 as a default search path (to avoid breaking
1520     existing users of this file), but override this in sshd_config so it will
1521     be no longer used on fresh installs. Maybe in 2015 we can remove it
1522     entierly :)
1523
1524     feedback and ok markus@ dtucker@
1525   - djm@cvs.openbsd.org 2011/05/23 03:33:38
1526     [auth.c]
1527     make secure_filename() spam debug logs less
1528   - djm@cvs.openbsd.org 2011/05/23 03:52:55
1529     [sshconnect.c]
1530     remove extra newline
1531   - jmc@cvs.openbsd.org 2011/05/23 07:10:21
1532     [sshd.8 sshd_config.5]
1533     tweak previous; ok djm
1534   - djm@cvs.openbsd.org 2011/05/23 07:24:57
1535     [authfile.c]
1536     read in key comments for v.2 keys (though note that these are not
1537     passed over the agent protocol); bz#439, based on patch from binder
1538     AT arago.de; ok markus@
1539   - djm@cvs.openbsd.org 2011/05/24 07:15:47
1540     [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
1541     Remove undocumented legacy options UserKnownHostsFile2 and
1542     GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
1543     accept multiple paths per line and making their defaults include
1544     known_hosts2; ok markus
1545   - djm@cvs.openbsd.org 2011/05/23 03:31:31
1546     [regress/cfgmatch.sh]
1547     include testing of multiple/overridden AuthorizedKeysFiles
1548     refactor to simply daemon start/stop and get rid of racy constructs
1549
155020110520
1551 - (djm) [session.c] call setexeccon() before executing passwd for pw
1552   changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
1553 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
1554   options, we should corresponding -W-option when trying to determine
1555   whether it is accepted.  Also includes a warning fix on the program
1556   fragment uses (bad main() return type).
1557   bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
1558 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
1559 - OpenBSD CVS Sync
1560   - djm@cvs.openbsd.org 2011/05/15 08:09:01
1561     [authfd.c monitor.c serverloop.c]
1562     use FD_CLOEXEC consistently; patch from zion AT x96.org
1563   - djm@cvs.openbsd.org 2011/05/17 07:13:31
1564     [key.c]
1565     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1566     and fix the regress test that was trying to generate them :)
1567   - djm@cvs.openbsd.org 2011/05/20 00:55:02
1568     [servconf.c]
1569     the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
1570     and AuthorizedPrincipalsFile were not being correctly applied in
1571     Match blocks, despite being overridable there; ok dtucker@
1572   - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
1573     [servconf.c]
1574     Add comment documenting what should be after the preauth check.  ok djm
1575   - djm@cvs.openbsd.org 2011/05/20 03:25:45
1576     [monitor.c monitor_wrap.c servconf.c servconf.h]
1577     use a macro to define which string options to copy between configs
1578     for Match. This avoids problems caused by forgetting to keep three
1579     code locations in perfect sync and ordering
1580
1581     "this is at once beautiful and horrible" + ok dtucker@
1582   - djm@cvs.openbsd.org 2011/05/17 07:13:31
1583     [regress/cert-userkey.sh]
1584     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1585     and fix the regress test that was trying to generate them :)
1586   - djm@cvs.openbsd.org 2011/05/20 02:43:36
1587     [cert-hostkey.sh]
1588     another attempt to generate a v00 ECDSA key that broke the test
1589     ID sync only - portable already had this somehow
1590   - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
1591     [dynamic-forward.sh]
1592     Prevent races in dynamic forwarding test; ok djm
1593   - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
1594     [dynamic-forward.sh]
1595     fix dumb error in dynamic-forward test
1596
159720110515
1598 - (djm) OpenBSD CVS Sync
1599   - djm@cvs.openbsd.org 2011/05/05 05:12:08
1600     [mux.c]
1601     gracefully fall back when ControlPath is too large for a
1602     sockaddr_un. ok markus@ as part of a larger diff
1603   - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
1604     [sshd_config]
1605     clarify language about overriding defaults.  bz#1892, from Petr Cerny
1606   - djm@cvs.openbsd.org 2011/05/06 01:09:53
1607     [sftp.1]
1608     mention that IPv6 addresses must be enclosed in square brackets;
1609     bz#1845
1610   - djm@cvs.openbsd.org 2011/05/06 02:05:41
1611     [sshconnect2.c]
1612     fix memory leak; bz#1849 ok dtucker@
1613   - djm@cvs.openbsd.org 2011/05/06 21:14:05
1614     [packet.c packet.h]
1615     set traffic class for IPv6 traffic as we do for IPv4 TOS;
1616     patch from lionel AT mamane.lu via Colin Watson in bz#1855;
1617     ok markus@
1618   - djm@cvs.openbsd.org 2011/05/06 21:18:02
1619     [ssh.c ssh_config.5]
1620     add a %L expansion (short-form of the local host name) for ControlPath;
1621     sync some more expansions with LocalCommand; ok markus@
1622   - djm@cvs.openbsd.org 2011/05/06 21:31:38
1623     [readconf.c ssh_config.5]
1624     support negated Host matching, e.g.
1625
1626     Host *.example.org !c.example.org
1627        User mekmitasdigoat
1628
1629     Will match "a.example.org", "b.example.org", but not "c.example.org"
1630     ok markus@
1631   - djm@cvs.openbsd.org 2011/05/06 21:34:32
1632     [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
1633     Add a RequestTTY ssh_config option to allow configuration-based
1634     control over tty allocation (like -t/-T); ok markus@
1635   - djm@cvs.openbsd.org 2011/05/06 21:38:58
1636     [ssh.c]
1637     fix dropping from previous diff
1638   - djm@cvs.openbsd.org 2011/05/06 22:20:10
1639     [PROTOCOL.mux]
1640     fix numbering; from bert.wesarg AT googlemail.com
1641   - jmc@cvs.openbsd.org 2011/05/07 23:19:39
1642     [ssh_config.5]
1643     - tweak previous
1644     - come consistency fixes
1645     ok djm
1646   - jmc@cvs.openbsd.org 2011/05/07 23:20:25
1647     [ssh.1]
1648     +.It RequestTTY
1649   - djm@cvs.openbsd.org 2011/05/08 12:52:01
1650     [PROTOCOL.mux clientloop.c clientloop.h mux.c]
1651     improve our behaviour when TTY allocation fails: if we are in
1652     RequestTTY=auto mode (the default), then do not treat at TTY
1653     allocation error as fatal but rather just restore the local TTY
1654     to cooked mode and continue. This is more graceful on devices that
1655     never allocate TTYs.
1656
1657     If RequestTTY is set to "yes" or "force", then failure to allocate
1658     a TTY is fatal.
1659
1660     ok markus@
1661   - djm@cvs.openbsd.org 2011/05/10 05:46:46
1662     [authfile.c]
1663     despam debug() logs by detecting that we are trying to load a private key
1664     in key_try_load_public() and returning early; ok markus@
1665   - djm@cvs.openbsd.org 2011/05/11 04:47:06
1666     [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
1667     remove support for authorized_keys2; it is a relic from the early days
1668     of protocol v.2 support and has been undocumented for many years;
1669     ok markus@
1670   - djm@cvs.openbsd.org 2011/05/13 00:05:36
1671     [authfile.c]
1672     warn on unexpected key type in key_parse_private_type()
1673 - (djm) [packet.c] unbreak portability #endif
1674
167520110510
1676 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
1677   --with-ssl-engine which was broken with the change from deprecated
1678   SSLeay_add_all_algorithms().  ok djm
1679
168020110506
1681 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
1682   for closefrom() in test code.  Report from Dan Wallis via Gentoo.
1683
168420110505
1685 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
1686   definitions. From des AT des.no
1687 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
1688   [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
1689   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
1690   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
1691   [regress/README.regress] Remove ssh-rand-helper and all its
1692   tentacles. PRNGd seeding has been rolled into entropy.c directly.
1693   Thanks to tim@ for testing on affected platforms.
1694 - OpenBSD CVS Sync
1695   - djm@cvs.openbsd.org 2011/03/10 02:52:57
1696     [auth2-gss.c auth2.c auth.h]
1697     allow GSSAPI authentication to detect when a server-side failure causes
1698     authentication failure and don't count such failures against MaxAuthTries;
1699     bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
1700   - okan@cvs.openbsd.org 2011/03/15 10:36:02
1701     [ssh-keyscan.c]
1702     use timerclear macro
1703     ok djm@
1704   - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
1705     [ssh-keygen.1 ssh-keygen.c]
1706     Add -A option.  For each of the key types (rsa1, rsa, dsa and ecdsa)
1707     for which host keys do not exist, generate the host keys with the
1708     default key file path, an empty passphrase, default bits for the key
1709     type, and default comment.  This will be used by /etc/rc to generate
1710     new host keys.  Idea from deraadt.
1711     ok deraadt
1712   - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
1713     [ssh-keygen.1]
1714     -q not used in /etc/rc now so remove statement.
1715   - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
1716     [ssh-keygen.c]
1717     remove -d, documentation removed >10 years ago; ok markus
1718   - jmc@cvs.openbsd.org 2011/03/24 15:29:30
1719     [ssh-keygen.1]
1720     zap trailing whitespace;
1721   - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
1722     [ssh-keygen.c]
1723     use strcasecmp() for "clear" cert permission option also; ok djm
1724   - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
1725     [misc.c misc.h servconf.c]
1726     print ipqos friendly string for sshd -T; ok markus
1727     # sshd -Tf sshd_config|grep ipqos
1728     ipqos lowdelay throughput
1729   - djm@cvs.openbsd.org 2011/04/12 04:23:50
1730     [ssh-keygen.c]
1731     fix -Wshadow
1732   - djm@cvs.openbsd.org 2011/04/12 05:32:49
1733     [sshd.c]
1734     exit with 0 status on SIGTERM; bz#1879
1735   - djm@cvs.openbsd.org 2011/04/13 04:02:48
1736     [ssh-keygen.1]
1737     improve wording; bz#1861
1738   - djm@cvs.openbsd.org 2011/04/13 04:09:37
1739     [ssh-keygen.1]
1740     mention valid -b sizes for ECDSA keys; bz#1862
1741   - djm@cvs.openbsd.org 2011/04/17 22:42:42
1742     [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
1743     allow graceful shutdown of multiplexing: request that a mux server
1744     removes its listener socket and refuse future multiplexing requests;
1745     ok markus@
1746   - djm@cvs.openbsd.org 2011/04/18 00:46:05
1747     [ssh-keygen.c]
1748     certificate options are supposed to be packed in lexical order of
1749     option name (though we don't actually enforce this at present).
1750     Move one up that was out of sequence
1751   - djm@cvs.openbsd.org 2011/05/04 21:15:29
1752     [authfile.c authfile.h ssh-add.c]
1753     allow "ssh-add - < key"; feedback and ok markus@
1754 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
1755   so autoreconf 2.68 is happy.
1756 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
1757
175820110221
1759 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
1760   Cygwin-specific service installer script ssh-host-config.  The actual
1761   functionality is the same, the revisited version is just more
1762   exact when it comes to check for problems which disallow to run
1763   certain aspects of the script.  So, part of this script and the also
1764   rearranged service helper script library "csih" is to check if all
1765   the tools required to run the script are available on the system.
1766   The new script also is more thorough to inform the user why the
1767   script failed.  Patch from vinschen at redhat com.
1768
176920110218
1770 - OpenBSD CVS Sync
1771   - djm@cvs.openbsd.org 2011/02/16 00:31:14
1772     [ssh-keysign.c]
1773     make hostbased auth with ECDSA keys work correctly. Based on patch
1774     by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
1775
177620110206
1777 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
1778   selinux code.  Patch from Leonardo Chiquitto
1779 - (dtucker) [contrib/cygwin/ssh-{host,user}-config]  Add ECDSA key
1780   generation and simplify.  Patch from Corinna Vinschen.
1781
178220110204
1783 - OpenBSD CVS Sync
1784   - djm@cvs.openbsd.org 2011/01/31 21:42:15
1785     [PROTOCOL.mux]
1786     cut'n'pasto; from bert.wesarg AT googlemail.com
1787   - djm@cvs.openbsd.org 2011/02/04 00:44:21
1788     [key.c]
1789     fix uninitialised nonce variable; reported by Mateusz Kocielski
1790   - djm@cvs.openbsd.org 2011/02/04 00:44:43
1791     [version.h]
1792     openssh-5.8
1793 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1794   [contrib/suse/openssh.spec] update versions in docs and spec files.
1795 - Release OpenSSH 5.8p1
1796
179720110128
1798 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
1799   before attempting setfscreatecon(). Check whether matchpathcon()
1800   succeeded before using its result. Patch from cjwatson AT debian.org;
1801   bz#1851
1802
180320110127
1804 - (tim) [config.guess config.sub] Sync with upstream.
1805 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
1806   AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
1807   AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
1808   space changes for consistency/readability. Makes autoconf 2.68 happy.
1809   "Nice work" djm
1810
181120110125
1812 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
1813   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
1814   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
1815   building with SELinux support to avoid linking failure; report from
1816   amk AT spamfence.net; ok dtucker
1817
181820110122
1819 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
1820   RSA_get_default_method() for the benefit of openssl versions that don't
1821   have it (at least openssl-engine-0.9.6b).  Found and tested by Kevin Brott,
1822   ok djm@.
1823 - OpenBSD CVS Sync
1824   - djm@cvs.openbsd.org 2011/01/22 09:18:53
1825     [version.h]
1826     crank to OpenSSH-5.7
1827 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1828   [contrib/suse/openssh.spec] update versions in docs and spec files.
1829 - (djm) Release 5.7p1
1830
183120110119
1832 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
1833   of RPM so build completes. Signatures were changed to .asc since 4.1p1.
1834 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
1835   0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
1836   release testing (random crashes and failure to load ECC keys).
1837   ok dtucker@
1838
183920110117
1840 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
1841   $PATH, fix cleanup of droppings; reported by openssh AT
1842   roumenpetrov.info; ok dtucker@
1843 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
1844   its unique snowflake of a gdb error to the ones we look for.
1845 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
1846   ssh-add to avoid $SUDO failures on Linux
1847 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
1848   Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
1849   to the old values.  Feedback from vapier at gentoo org and djm, ok djm.
1850 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
1851   [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
1852   disabled on platforms that do not support them; add a "config_defined()"
1853   shell function that greps for defines in config.h and use them to decide
1854   on feature tests.
1855   Convert a couple of existing grep's over config.h to use the new function
1856   Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
1857   backslash characters in filenames, enable it for Cygwin and use it to turn
1858   of tests for quotes backslashes in sftp-glob.sh.
1859   based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
1860 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
1861 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
1862   the tinderbox.
1863 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
1864   configure.ac defines.h loginrec.c]  Bug #1402: add linux audit subsystem
1865   support, based on patches from Tomas Mraz and jchadima at redhat.
1866
186720110116
1868 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
1869   on configurations that don't have it.
1870 - OpenBSD CVS Sync
1871   - djm@cvs.openbsd.org 2011/01/16 11:50:05
1872     [clientloop.c]
1873     Use atomicio when flushing protocol 1 std{out,err} buffers at
1874     session close. This was a latent bug exposed by setting a SIGCHLD
1875     handler and spotted by kevin.brott AT gmail.com; ok dtucker@
1876   - djm@cvs.openbsd.org 2011/01/16 11:50:36
1877     [sshconnect.c]
1878     reset the SIGPIPE handler when forking to execute child processes;
1879     ok dtucker@
1880   - djm@cvs.openbsd.org 2011/01/16 12:05:59
1881     [clientloop.c]
1882     a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
1883     now that we use atomicio(), convert them from while loops to if statements
1884     add test and cast to compile cleanly with -Wsigned
1885
188620110114
1887 - OpenBSD CVS Sync
1888   - djm@cvs.openbsd.org 2011/01/13 21:54:53
1889     [mux.c]
1890     correct error messages; patch from bert.wesarg AT googlemail.com
1891   - djm@cvs.openbsd.org 2011/01/13 21:55:25
1892     [PROTOCOL.mux]
1893     correct protocol names and add a couple of missing protocol number
1894     defines; patch from bert.wesarg AT googlemail.com
1895 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
1896   host-key-force target rather than a substitution that is replaced with a
1897   comment so that the Makefile.in is still a syntactically valid Makefile
1898   (useful to run the distprep target)
1899 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
1900 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
1901   ecdsa bits.
1902
190320110113
1904 - (djm) [misc.c] include time.h for nanosleep() prototype
1905 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
1906 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
1907   ecdsa keys. ok djm.
1908 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
1909   gcc warning on platforms where it defaults to int
1910 - (djm) [regress/Makefile] add a few more generated files to the clean
1911   target
1912 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
1913   #define that was causing diffie-hellman-group-exchange-sha256 to be
1914   incorrectly disabled
1915 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
1916   should not depend on ECC support
1917
191820110112
1919 - OpenBSD CVS Sync
1920   - nicm@cvs.openbsd.org 2010/10/08 21:48:42
1921     [openbsd-compat/glob.c]
1922     Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
1923     from ARG_MAX to 64K.
1924     Fixes glob-using programs (notably ftp) able to be triggered to hit
1925     resource limits.
1926     Idea from a similar NetBSD change, original problem reported by jasper@.
1927     ok millert tedu jasper
1928   - djm@cvs.openbsd.org 2011/01/12 01:53:14
1929     avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
1930     and sanity check arguments (these will be unnecessary when we switch
1931     struct glob members from being type into to size_t in the future);
1932     "looks ok" tedu@ feedback guenther@
1933 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
1934   silly warnings on write() calls we don't care succeed or not.
1935 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
1936   flag tests that don't depend on gcc version at all; suggested by and
1937   ok dtucker@
1938
193920110111
1940 - (tim) [regress/host-expand.sh] Fix for building outside of read only
1941   source tree.
1942 - (djm) [platform.c] Some missing includes that show up under -Werror
1943 - OpenBSD CVS Sync
1944   - djm@cvs.openbsd.org 2011/01/08 10:51:51
1945     [clientloop.c]
1946     use host and not options.hostname, as the latter may have unescaped
1947     substitution characters
1948   - djm@cvs.openbsd.org 2011/01/11 06:06:09
1949     [sshlogin.c]
1950     fd leak on error paths; from zinovik@
1951     NB. Id sync only; we use loginrec.c that was also audited and fixed
1952     recently
1953   - djm@cvs.openbsd.org 2011/01/11 06:13:10
1954     [clientloop.c ssh-keygen.c sshd.c]
1955     some unsigned long long casts that make things a bit easier for
1956     portable without resorting to dropping PRIu64 formats everywhere
1957
195820110109
1959 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
1960   openssh AT roumenpetrov.info
1961
196220110108
1963 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
1964   test on OSX and others. Reported by imorgan AT nas.nasa.gov
1965
196620110107
1967 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
1968   for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
1969   - djm@cvs.openbsd.org 2011/01/06 22:23:53
1970     [ssh.c]
1971     unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
1972     googlemail.com; ok markus@
1973   - djm@cvs.openbsd.org 2011/01/06 22:23:02
1974     [clientloop.c]
1975     when exiting due to ServerAliveTimeout, mention the hostname that caused
1976     it (useful with backgrounded controlmaster)
1977   - djm@cvs.openbsd.org 2011/01/06 22:46:21
1978     [regress/Makefile regress/host-expand.sh]
1979     regress test for LocalCommand %n expansion from bert.wesarg AT
1980     googlemail.com; ok markus@
1981   - djm@cvs.openbsd.org 2011/01/06 23:01:35
1982     [sshconnect.c]
1983     reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
1984     ok markus@
1985
198620110106
1987 - (djm) OpenBSD CVS Sync
1988   - markus@cvs.openbsd.org 2010/12/08 22:46:03
1989     [scp.1 scp.c]
1990     add a new -3 option to scp: Copies between two remote hosts are
1991     transferred through the local host.  Without this option the data
1992     is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
1993   - jmc@cvs.openbsd.org 2010/12/09 14:13:33
1994     [scp.1 scp.c]
1995     scp.1: grammer fix
1996     scp.c: add -3 to usage()
1997   - markus@cvs.openbsd.org 2010/12/14 11:59:06
1998     [sshconnect.c]
1999     don't mention key type in key-changed-warning, since we also print
2000     this warning if a new key type appears. ok djm@
2001   - djm@cvs.openbsd.org 2010/12/15 00:49:27
2002     [readpass.c]
2003     fix ControlMaster=ask regression
2004     reset SIGCHLD handler before fork (and restore it after) so we don't miss
2005     the the askpass child's exit status. Correct test for exit status/signal to
2006     account for waitpid() failure; with claudio@ ok claudio@ markus@
2007   - djm@cvs.openbsd.org 2010/12/24 21:41:48
2008     [auth-options.c]
2009     don't send the actual forced command in a debug message; ok markus deraadt
2010   - otto@cvs.openbsd.org 2011/01/04 20:44:13
2011     [ssh-keyscan.c]
2012     handle ecdsa-sha2 with various key lengths; hint and ok djm@
2013
201420110104
2015 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
2016   formatter if it is present, followed by nroff and groff respectively.
2017   Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
2018   in favour of mandoc). feedback and ok tim
2019
202020110103
2021 - (djm) [Makefile.in] revert local hack I didn't intend to commit
2022
202320110102
2024 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2025 - (djm) [configure.ac] Check whether libdes is needed when building
2026   with Heimdal krb5 support. On OpenBSD this library no longer exists,
2027   so linking it unconditionally causes a build failure; ok dtucker
2028
202920101226
2030 - (dtucker) OpenBSD CVS Sync
2031   - djm@cvs.openbsd.org 2010/12/08 04:02:47
2032     [ssh_config.5 sshd_config.5]
2033     explain that IPQoS arguments are separated by whitespace; iirc requested
2034     by jmc@ a while back
2035
203620101205
2037 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
2038   debugging.  Spotted by djm.
2039 - (dtucker) OpenBSD CVS Sync
2040   - djm@cvs.openbsd.org 2010/12/03 23:49:26
2041     [schnorr.c]
2042     check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
2043     (this code is still disabled, but apprently people are treating it as
2044     a reference implementation)
2045   - djm@cvs.openbsd.org 2010/12/03 23:55:27
2046     [auth-rsa.c]
2047     move check for revoked keys to run earlier (in auth_rsa_key_allowed)
2048     bz#1829; patch from ldv AT altlinux.org; ok markus@
2049   - djm@cvs.openbsd.org 2010/12/04 00:18:01
2050     [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
2051     add a protocol extension to support a hard link operation. It is
2052     available through the "ln" command in the client. The old "ln"
2053     behaviour of creating a symlink is available using its "-s" option
2054     or through the preexisting "symlink" command; based on a patch from
2055     miklos AT szeredi.hu in bz#1555; ok markus@
2056   - djm@cvs.openbsd.org 2010/12/04 13:31:37
2057     [hostfile.c]
2058     fix fd leak; spotted and ok dtucker
2059   - djm@cvs.openbsd.org 2010/12/04 00:21:19
2060     [regress/sftp-cmds.sh]
2061     adjust for hard-link support
2062 - (dtucker) [regress/Makefile] Id sync.
2063
206420101204
2065 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
2066   instead of (arc4random() % range)
2067 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}]  Add
2068   shims for the new, non-deprecated OpenSSL key generation functions for
2069   platforms that don't have the new interfaces.
2070
207120101201
2072 - OpenBSD CVS Sync
2073   - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
2074     [auth2-pubkey.c]
2075     clean up cases of ;;
2076   - djm@cvs.openbsd.org 2010/11/21 01:01:13
2077     [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
2078     honour $TMPDIR for client xauth and ssh-agent temporary directories;
2079     feedback and ok markus@
2080   - djm@cvs.openbsd.org 2010/11/21 10:57:07
2081     [authfile.c]
2082     Refactor internals of private key loading and saving to work on memory
2083     buffers rather than directly on files. This will make a few things
2084     easier to do in the future; ok markus@
2085   - djm@cvs.openbsd.org 2010/11/23 02:35:50
2086     [auth.c]
2087     use strict_modes already passed as function argument over referencing
2088     global options.strict_modes
2089   - djm@cvs.openbsd.org 2010/11/23 23:57:24
2090     [clientloop.c]
2091     avoid NULL deref on receiving a channel request on an unknown or invalid
2092     channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2093   - djm@cvs.openbsd.org 2010/11/24 01:24:14
2094     [channels.c]
2095     remove a debug() that pollutes stderr on client connecting to a server
2096     in debug mode (channel_close_fds is called transitively from the session
2097     code post-fork); bz#1719, ok dtucker
2098   - djm@cvs.openbsd.org 2010/11/25 04:10:09
2099     [session.c]
2100     replace close() loop for fds 3->64 with closefrom();
2101     ok markus deraadt dtucker
2102   - djm@cvs.openbsd.org 2010/11/26 05:52:49
2103     [scp.c]
2104     Pass through ssh command-line flags and options when doing remote-remote
2105     transfers, e.g. to enable agent forwarding which is particularly useful
2106     in this case; bz#1837 ok dtucker@
2107   - markus@cvs.openbsd.org 2010/11/29 18:57:04
2108     [authfile.c]
2109     correctly load comment for encrypted rsa1 keys;
2110     report/fix Joachim Schipper; ok djm@
2111   - djm@cvs.openbsd.org 2010/11/29 23:45:51
2112     [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
2113     [sshconnect.h sshconnect2.c]
2114     automatically order the hostkeys requested by the client based on
2115     which hostkeys are already recorded in known_hosts. This avoids
2116     hostkey warnings when connecting to servers with new ECDSA keys
2117     that are preferred by default; with markus@
2118
211920101124
2120 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
2121   into the platform-specific code  Only affects SCO, tested by and ok tim@.
2122 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
2123   group read/write. ok dtucker@
2124 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2125 - (djm) [defines.h] Add IP DSCP defines
2126
212720101122
2128 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
2129   from vapier at gentoo org.
2130
213120101120
2132 - OpenBSD CVS Sync
2133   - djm@cvs.openbsd.org 2010/11/05 02:46:47
2134     [packet.c]
2135     whitespace KNF
2136   - djm@cvs.openbsd.org 2010/11/10 01:33:07
2137     [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
2138     use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
2139     these have been around for years by this time. ok markus
2140   - djm@cvs.openbsd.org 2010/11/13 23:27:51
2141     [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
2142     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
2143     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
2144     hardcoding lowdelay/throughput.
2145
2146     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2147   - jmc@cvs.openbsd.org 2010/11/15 07:40:14
2148     [ssh_config.5]
2149     libary -> library;
2150   - jmc@cvs.openbsd.org 2010/11/18 15:01:00
2151     [scp.1 sftp.1 ssh.1 sshd_config.5]
2152     add IPQoS to the various -o lists, and zap some trailing whitespace;
2153
215420101111
2155 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
2156   platforms that don't support ECC. Fixes some spurious warnings reported
2157   by tim@
2158
215920101109
2160 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
2161   Feedback from dtucker@
2162 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
2163   support for platforms missing isblank(). ok djm@
2164
216520101108
2166 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
2167   tree.
2168 - (tim) [regress/kextype.sh] Shell portability fix.
2169
217020101107
2171 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
2172   the correct typedefs.
2173
217420101105
2175 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
2176   int. Should fix bz#1817 cleanly; ok dtucker@
2177 - OpenBSD CVS Sync
2178   - djm@cvs.openbsd.org 2010/09/22 12:26:05
2179     [regress/Makefile regress/kextype.sh]
2180     regress test for each of the key exchange algorithms that we support
2181   - djm@cvs.openbsd.org 2010/10/28 11:22:09
2182     [authfile.c key.c key.h ssh-keygen.c]
2183     fix a possible NULL deref on loading a corrupt ECDH key
2184
2185     store ECDH group information in private keys files as "named groups"
2186     rather than as a set of explicit group parameters (by setting
2187     the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
2188     retrieves the group's OpenSSL NID that we need for various things.
2189   - jmc@cvs.openbsd.org 2010/10/28 18:33:28
2190     [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2191     knock out some "-*- nroff -*-" lines;
2192   - djm@cvs.openbsd.org 2010/11/04 02:45:34
2193     [sftp-server.c]
2194     umask should be parsed as octal. reported by candland AT xmission.com;
2195     ok markus@
2196 - (dtucker) [configure.ac platform.{c,h} session.c
2197   openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
2198   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
2199   ok djm@
2200 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
2201   after the user's groups are established and move the selinux calls into it.
2202 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
2203   platform.c
2204 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2205 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
2206   retain previous behavior.
2207 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
2208   the LOGIN_CAP case into platform.c.
2209 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
2210   platform.c
2211 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
2212 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
2213   platform.c.
2214 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
2215   non-LOGIN_CAP case into platform.c.
2216 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
2217   check into platform.c
2218 - (dtucker) [regress/keytype.sh] Import new test.
2219 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
2220   Import recent changes to regress/Makefile, pass a flag to enable ECC tests
2221   from configure through to regress/Makefile and use it in the tests.
2222 - (dtucker) [regress/kextype.sh] Add missing "test".
2223 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC.  This is not
2224   strictly correct since while ECC requires sha256 the reverse is not true
2225   however it does prevent spurious test failures.
2226 - (dtucker) [platform.c] Need servconf.h and extern options.
2227
222820101025
2229 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
2230   1.12 to unbreak Solaris build.
2231   ok djm@
2232 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
2233   native one.
2234
223520101024
2236 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
2237 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
2238   which don't have ECC support in libcrypto.
2239 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
2240   which don't have ECC support in libcrypto.
2241 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
2242   have it.
2243 - (dtucker) OpenBSD CVS Sync
2244   - sthen@cvs.openbsd.org 2010/10/23 22:06:12
2245     [sftp.c]
2246     escape '[' in filename tab-completion; fix a type while there.
2247     ok djm@
2248
224920101021
2250 - OpenBSD CVS Sync
2251   - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
2252     [mux.c]
2253     Typo in confirmation message.  bz#1827, patch from imorgan at
2254     nas nasa gov
2255   - djm@cvs.openbsd.org 2010/08/31 12:24:09
2256     [regress/cert-hostkey.sh regress/cert-userkey.sh]
2257     tests for ECDSA certificates
2258
225920101011
2260 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
2261   bz#1825, reported by foo AT mailinator.com
2262 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
2263
226420101011
2265 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
2266   dr AT vasco.com
2267
226820101007
2269 - (djm) [ssh-agent.c] Fix type for curve name.
2270 - (djm) OpenBSD CVS Sync
2271   - matthew@cvs.openbsd.org 2010/09/24 13:33:00
2272     [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
2273     [openbsd-compat/timingsafe_bcmp.c]
2274     Add timingsafe_bcmp(3) to libc, mention that it's already in the
2275     kernel in kern(9), and remove it from OpenSSH.
2276     ok deraadt@, djm@
2277     NB. re-added under openbsd-compat/ for portable OpenSSH
2278   - djm@cvs.openbsd.org 2010/09/25 09:30:16
2279     [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
2280     make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
2281     rountrips to fetch per-file stat(2) information.
2282     NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
2283     match.
2284   - djm@cvs.openbsd.org 2010/09/26 22:26:33
2285     [sftp.c]
2286     when performing an "ls" in columnated (short) mode, only call
2287     ioctl(TIOCGWINSZ) once to get the window width instead of per-
2288     filename
2289   - djm@cvs.openbsd.org 2010/09/30 11:04:51
2290     [servconf.c]
2291     prevent free() of string in .rodata when overriding AuthorizedKeys in
2292     a Match block; patch from rein AT basefarm.no
2293   - djm@cvs.openbsd.org 2010/10/01 23:05:32
2294     [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
2295     adapt to API changes in openssl-1.0.0a
2296     NB. contains compat code to select correct API for older OpenSSL
2297   - djm@cvs.openbsd.org 2010/10/05 05:13:18
2298     [sftp.c sshconnect.c]
2299     use default shell /bin/sh if $SHELL is ""; ok markus@
2300   - djm@cvs.openbsd.org 2010/10/06 06:39:28
2301     [clientloop.c ssh.c sshconnect.c sshconnect.h]
2302     kill proxy command on fatal() (we already kill it on clean exit);
2303     ok markus@
2304   - djm@cvs.openbsd.org 2010/10/06 21:10:21
2305     [sshconnect.c]
2306     swapped args to kill(2)
2307 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
2308 - (djm) [cipher-acss.c] Add missing header.
2309 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2310
231120100924
2312 - (djm) OpenBSD CVS Sync
2313   - naddy@cvs.openbsd.org 2010/09/10 15:19:29
2314     [ssh-keygen.1]
2315     * mention ECDSA in more places
2316     * less repetition in FILES section
2317     * SSHv1 keys are still encrypted with 3DES
2318     help and ok jmc@
2319   - djm@cvs.openbsd.org 2010/09/11 21:44:20
2320     [ssh.1]
2321     mention RFC 5656 for ECC stuff
2322   - jmc@cvs.openbsd.org 2010/09/19 21:30:05
2323     [sftp.1]
2324     more wacky macro fixing;
2325   - djm@cvs.openbsd.org 2010/09/20 04:41:47
2326     [ssh.c]
2327     install a SIGCHLD handler to reap expiried child process; ok markus@
2328   - djm@cvs.openbsd.org 2010/09/20 04:50:53
2329     [jpake.c schnorr.c]
2330     check that received values are smaller than the group size in the
2331     disabled and unfinished J-PAKE code.
2332     avoids catastrophic security failure found by Sebastien Martini
2333   - djm@cvs.openbsd.org 2010/09/20 04:54:07
2334     [jpake.c]
2335     missing #include
2336   - djm@cvs.openbsd.org 2010/09/20 07:19:27
2337     [mux.c]
2338     "atomically" create the listening mux socket by binding it on a temorary
2339     name and then linking it into position after listen() has succeeded.
2340     this allows the mux clients to determine that the server socket is
2341     either ready or stale without races. stale server sockets are now
2342     automatically removed
2343     ok deraadt
2344   - djm@cvs.openbsd.org 2010/09/22 05:01:30
2345     [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
2346     [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
2347     add a KexAlgorithms knob to the client and server configuration to allow
2348     selection of which key exchange methods are used by ssh(1) and sshd(8)
2349     and their order of preference.
2350     ok markus@
2351   - jmc@cvs.openbsd.org 2010/09/22 08:30:08
2352     [ssh.1 ssh_config.5]
2353     ssh.1: add kexalgorithms to the -o list
2354     ssh_config.5: format the kexalgorithms in a more consistent
2355     (prettier!) way
2356     ok djm
2357   - djm@cvs.openbsd.org 2010/09/22 22:58:51
2358     [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
2359     [sftp-client.h sftp.1 sftp.c]
2360     add an option per-read/write callback to atomicio
2361
2362     factor out bandwidth limiting code from scp(1) into a generic bandwidth
2363     limiter that can be attached using the atomicio callback mechanism
2364
2365     add a bandwidth limit option to sftp(1) using the above
2366     "very nice" markus@
2367   - jmc@cvs.openbsd.org 2010/09/23 13:34:43
2368     [sftp.c]
2369     add [-l limit] to usage();
2370   - jmc@cvs.openbsd.org 2010/09/23 13:36:46
2371     [scp.1 sftp.1]
2372     add KexAlgorithms to the -o list;
2373
237420100910
2375 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
2376   return code since it can apparently return -1 under some conditions.  From
2377   openssh bugs werbittewas de, ok djm@
2378 - OpenBSD CVS Sync
2379   - djm@cvs.openbsd.org 2010/08/31 12:33:38
2380     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2381     reintroduce commit from tedu@, which I pulled out for release
2382     engineering:
2383       OpenSSL_add_all_algorithms is the name of the function we have a
2384       man page for, so use that.  ok djm
2385   - jmc@cvs.openbsd.org 2010/08/31 17:40:54
2386     [ssh-agent.1]
2387     fix some macro abuse;
2388   - jmc@cvs.openbsd.org 2010/08/31 21:14:58
2389     [ssh.1]
2390     small text tweak to accommodate previous;
2391   - naddy@cvs.openbsd.org 2010/09/01 15:21:35
2392     [servconf.c]
2393     pick up ECDSA host key by default; ok djm@
2394   - markus@cvs.openbsd.org 2010/09/02 16:07:25
2395     [ssh-keygen.c]
2396     permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
2397   - markus@cvs.openbsd.org 2010/09/02 16:08:39
2398     [ssh.c]
2399     unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
2400   - naddy@cvs.openbsd.org 2010/09/02 17:21:50
2401     [ssh-keygen.c]
2402     Switch ECDSA default key size to 256 bits, which according to RFC5656
2403     should still be better than our current RSA-2048 default.
2404     ok djm@, markus@
2405   - jmc@cvs.openbsd.org 2010/09/03 11:09:29
2406     [scp.1]
2407     add an EXIT STATUS section for /usr/bin;
2408   - jmc@cvs.openbsd.org 2010/09/04 09:38:34
2409     [ssh-add.1 ssh.1]
2410     two more EXIT STATUS sections;
2411   - naddy@cvs.openbsd.org 2010/09/06 17:10:19
2412     [sshd_config]
2413     add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
2414     <mattieu.b@gmail.com>
2415     ok deraadt@
2416   - djm@cvs.openbsd.org 2010/09/08 03:54:36
2417     [authfile.c]
2418     typo
2419   - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
2420     [compress.c]
2421     work around name-space collisions some buggy compilers (looking at you
2422     gcc, at least in earlier versions, but this does not forgive your current
2423     transgressions) seen between zlib and openssl
2424     ok djm
2425   - djm@cvs.openbsd.org 2010/09/09 10:45:45
2426     [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
2427     ECDH/ECDSA compliance fix: these methods vary the hash function they use
2428     (SHA256/384/512) depending on the length of the curve in use. The previous
2429     code incorrectly used SHA256 in all cases.
2430
2431     This fix will cause authentication failure when using 384 or 521-bit curve
2432     keys if one peer hasn't been upgraded and the other has. (256-bit curve
2433     keys work ok). In particular you may need to specify HostkeyAlgorithms
2434     when connecting to a server that has not been upgraded from an upgraded
2435     client.
2436
2437     ok naddy@
2438 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
2439   [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
2440   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
2441   platforms that don't have the requisite OpenSSL support. ok dtucker@
2442 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
2443   for missing headers and compiler warnings.
2444
244520100831
2446 - OpenBSD CVS Sync
2447   - jmc@cvs.openbsd.org 2010/08/08 19:36:30
2448     [ssh-keysign.8 ssh.1 sshd.8]
2449     use the same template for all FILES sections; i.e. -compact/.Pp where we
2450     have multiple items, and .Pa for path names;
2451   - tedu@cvs.openbsd.org 2010/08/12 23:34:39
2452     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2453     OpenSSL_add_all_algorithms is the name of the function we have a man page
2454     for, so use that.  ok djm
2455   - djm@cvs.openbsd.org 2010/08/16 04:06:06
2456     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2457     backout previous temporarily; discussed with deraadt@
2458   - djm@cvs.openbsd.org 2010/08/31 09:58:37
2459     [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
2460     [packet.h ssh-dss.c ssh-rsa.c]
2461     Add buffer_get_cstring() and related functions that verify that the
2462     string extracted from the buffer contains no embedded \0 characters*
2463     This prevents random (possibly malicious) crap from being appended to
2464     strings where it would not be noticed if the string is used with
2465     a string(3) function.
2466
2467     Use the new API in a few sensitive places.
2468
2469     * actually, we allow a single one at the end of the string for now because
2470     we don't know how many deployed implementations get this wrong, but don't
2471     count on this to remain indefinitely.
2472   - djm@cvs.openbsd.org 2010/08/31 11:54:45
2473     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
2474     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
2475     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
2476     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
2477     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
2478     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
2479     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
2480     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
2481     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
2482     better performance than plain DH and DSA at the same equivalent symmetric
2483     key length, as well as much shorter keys.
2484
2485     Only the mandatory sections of RFC5656 are implemented, specifically the
2486     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
2487     ECDSA. Point compression (optional in RFC5656 is NOT implemented).
2488
2489     Certificate host and user keys using the new ECDSA key types are supported.
2490
2491     Note that this code has not been tested for interoperability and may be
2492     subject to change.
2493
2494     feedback and ok markus@
2495 - (djm) [Makefile.in] Add new ECC files
2496 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
2497   includes.h
2498
249920100827
2500 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
2501   remove.  Patch from martynas at venck us
2502
250320100823
2504 - (djm) Release OpenSSH-5.6p1
2505
250620100816
2507 - (dtucker) [configure.ac openbsd-compat/Makefile.in
2508   openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
2509   the compat library which helps on platforms like old IRIX.  Based on work
2510   by djm, tested by Tom Christensen.
2511 - OpenBSD CVS Sync
2512   - djm@cvs.openbsd.org 2010/08/12 21:49:44
2513     [ssh.c]
2514     close any extra file descriptors inherited from parent at start and
2515     reopen stdin/stdout to /dev/null when forking for ControlPersist.
2516
2517     prevents tools that fork and run a captive ssh for communication from
2518     failing to exit when the ssh completes while they wait for these fds to
2519     close. The inherited fds may persist arbitrarily long if a background
2520     mux master has been started by ControlPersist. cvs and scp were effected
2521     by this.
2522
2523     "please commit" markus@
2524 - (djm) [regress/README.regress] typo
2525
252620100812
2527 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
2528   regress/test-exec.sh] Under certain conditions when testing with sudo
2529   tests would fail because the pidfile could not be read by a regular user.
2530   "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
2531   Make sure cat is run by $SUDO.  no objection from me. djm@
2532 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
2533
253420100809
2535 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
2536   already set. Makes FreeBSD user openable tunnels useful; patch from
2537   richard.burakowski+ossh AT mrburak.net, ok dtucker@
2538 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
2539   based in part on a patch from Colin Watson, ok djm@
2540
254120100809
2542 - OpenBSD CVS Sync
2543   - djm@cvs.openbsd.org 2010/08/08 16:26:42
2544     [version.h]
2545     crank to 5.6
2546 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2547   [contrib/suse/openssh.spec] Crank version numbers
2548
254920100805
2550 - OpenBSD CVS Sync
2551   - djm@cvs.openbsd.org 2010/08/04 05:37:01
2552     [ssh.1 ssh_config.5 sshd.8]
2553     Remove mentions of weird "addr/port" alternate address format for IPv6
2554     addresses combinations. It hasn't worked for ages and we have supported
2555     the more commen "[addr]:port" format for a long time. ok jmc@ markus@
2556   - djm@cvs.openbsd.org 2010/08/04 05:40:39
2557     [PROTOCOL.certkeys ssh-keygen.c]
2558     tighten the rules for certificate encoding by requiring that options
2559     appear in lexical order and make our ssh-keygen comply. ok markus@
2560   - djm@cvs.openbsd.org 2010/08/04 05:42:47
2561     [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
2562     [ssh-keysign.c ssh.c]
2563     enable certificates for hostbased authentication, from Iain Morgan;
2564     "looks ok" markus@
2565   - djm@cvs.openbsd.org 2010/08/04 05:49:22
2566     [authfile.c]
2567     commited the wrong version of the hostbased certificate diff; this
2568     version replaces some strlc{py,at} verbosity with xasprintf() at
2569     the request of markus@
2570   - djm@cvs.openbsd.org 2010/08/04 06:07:11
2571     [ssh-keygen.1 ssh-keygen.c]
2572     Support CA keys in PKCS#11 tokens; feedback and ok markus@
2573   - djm@cvs.openbsd.org 2010/08/04 06:08:40
2574     [ssh-keysign.c]
2575     clean for -Wuninitialized (Id sync only; portable had this change)
2576   - djm@cvs.openbsd.org 2010/08/05 13:08:42
2577     [channels.c]
2578     Fix a trio of bugs in the local/remote window calculation for datagram
2579     data channels (i.e. TunnelForward):
2580
2581     Calculate local_consumed correctly in channel_handle_wfd() by measuring
2582     the delta to buffer_len(c->output) from when we start to when we finish.
2583     The proximal problem here is that the output_filter we use in portable
2584     modified the length of the dequeued datagram (to futz with the headers
2585     for !OpenBSD).
2586
2587     In channel_output_poll(), don't enqueue datagrams that won't fit in the
2588     peer's advertised packet size (highly unlikely to ever occur) or which
2589     won't fit in the peer's remaining window (more likely).
2590
2591     In channel_input_data(), account for the 4-byte string header in
2592     datagram packets that we accept from the peer and enqueue in c->output.
2593
2594     report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
2595     "looks good" markus@
2596
259720100803
2598 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
2599   PAM to sane values in case the PAM method doesn't write to them.  Spotted by
2600   Bitman Zhou, ok djm@.
2601 - OpenBSD CVS Sync
2602   - djm@cvs.openbsd.org 2010/07/16 04:45:30
2603     [ssh-keygen.c]
2604     avoid bogus compiler warning
2605   - djm@cvs.openbsd.org 2010/07/16 14:07:35
2606     [ssh-rsa.c]
2607     more timing paranoia - compare all parts of the expected decrypted
2608     data before returning. AFAIK not exploitable in the SSH protocol.
2609     "groovy" deraadt@
2610   - djm@cvs.openbsd.org 2010/07/19 03:16:33
2611     [sftp-client.c]
2612     bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
2613     upload depth checks and causing verbose printing of transfers to always
2614     be turned on; patch from imorgan AT nas.nasa.gov
2615   - djm@cvs.openbsd.org 2010/07/19 09:15:12
2616     [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
2617     add a "ControlPersist" option that automatically starts a background
2618     ssh(1) multiplex master when connecting. This connection can stay alive
2619     indefinitely, or can be set to automatically close after a user-specified
2620     duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
2621     further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
2622     martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
2623   - djm@cvs.openbsd.org 2010/07/21 02:10:58
2624     [misc.c]
2625     sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
2626   - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
2627     [ssh.1]
2628     Ciphers is documented in ssh_config(5) these days
2629
263020100819
2631 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
2632   details about its behaviour WRT existing directories.  Patch from
2633   asguthrie at gmail com, ok djm.
2634
263520100716
2636 - (djm) OpenBSD CVS Sync
2637   - djm@cvs.openbsd.org 2010/07/02 04:32:44
2638     [misc.c]
2639     unbreak strdelim() skipping past quoted strings, e.g.
2640     AllowUsers "blah blah" blah
2641     was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
2642     ok dtucker;
2643   - djm@cvs.openbsd.org 2010/07/12 22:38:52
2644     [ssh.c]
2645     Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
2646     for protocol 2. ok markus@
2647   - djm@cvs.openbsd.org 2010/07/12 22:41:13
2648     [ssh.c ssh_config.5]
2649     expand %h to the hostname in ssh_config Hostname options. While this
2650     sounds useless, it is actually handy for working with unqualified
2651     hostnames:
2652
2653     Host *.*
2654        Hostname %h
2655     Host *
2656        Hostname %h.example.org
2657
2658     "I like it" markus@
2659   - djm@cvs.openbsd.org 2010/07/13 11:52:06
2660     [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
2661     [packet.c ssh-rsa.c]
2662     implement a timing_safe_cmp() function to compare memory without leaking
2663     timing information by short-circuiting like memcmp() and use it for
2664     some of the more sensitive comparisons (though nothing high-value was
2665     readily attackable anyway); "looks ok" markus@
2666   - djm@cvs.openbsd.org 2010/07/13 23:13:16
2667     [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
2668     [ssh-rsa.c]
2669     s/timing_safe_cmp/timingsafe_bcmp/g
2670   - jmc@cvs.openbsd.org 2010/07/14 17:06:58
2671     [ssh.1]
2672     finally ssh synopsis looks nice again! this commit just removes a ton of
2673     hacks we had in place to make it work with old groff;
2674   - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
2675     [ssh-keygen.1]
2676     repair incorrect block nesting, which screwed up indentation;
2677     problem reported and fix OK by jmc@
2678
267920100714
2680 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
2681   (line 77) should have been for no_x11_askpass.
2682
268320100702
2684 - (djm) OpenBSD CVS Sync
2685   - jmc@cvs.openbsd.org 2010/06/26 00:57:07
2686     [ssh_config.5]
2687     tweak previous;
2688   - djm@cvs.openbsd.org 2010/06/26 23:04:04
2689     [ssh.c]
2690     oops, forgot to #include <canohost.h>; spotted and patch from chl@
2691   - djm@cvs.openbsd.org 2010/06/29 23:15:30
2692     [ssh-keygen.1 ssh-keygen.c]
2693     allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
2694     bz#1749; ok markus@
2695   - djm@cvs.openbsd.org 2010/06/29 23:16:46
2696     [auth2-pubkey.c sshd_config.5]
2697     allow key options (command="..." and friends) in AuthorizedPrincipals;
2698     ok markus@
2699   - jmc@cvs.openbsd.org 2010/06/30 07:24:25
2700     [ssh-keygen.1]
2701     tweak previous;
2702   - jmc@cvs.openbsd.org 2010/06/30 07:26:03
2703     [ssh-keygen.c]
2704     sort usage();
2705   - jmc@cvs.openbsd.org 2010/06/30 07:28:34
2706     [sshd_config.5]
2707     tweak previous;
2708   - millert@cvs.openbsd.org 2010/07/01 13:06:59
2709     [scp.c]
2710     Fix a longstanding problem where if you suspend scp at the
2711     password/passphrase prompt the terminal mode is not restored.
2712     OK djm@
2713   - phessler@cvs.openbsd.org 2010/06/27 19:19:56
2714     [regress/Makefile]
2715     fix how we run the tests so we can successfully use SUDO='sudo -E'
2716     in our env
2717   - djm@cvs.openbsd.org 2010/06/29 23:59:54
2718     [cert-userkey.sh]
2719     regress tests for key options in AuthorizedPrincipals
2720
272120100627
2722 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
2723   key.h.
2724
272520100626
2726 - (djm) OpenBSD CVS Sync
2727   - djm@cvs.openbsd.org 2010/05/21 05:00:36
2728     [misc.c]
2729     colon() returns char*, so s/return (0)/return NULL/
2730   - markus@cvs.openbsd.org 2010/06/08 21:32:19
2731     [ssh-pkcs11.c]
2732     check length of value returned  C_GetAttributValue for != 0
2733     from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
2734   - djm@cvs.openbsd.org 2010/06/17 07:07:30
2735     [mux.c]
2736     Correct sizing of object to be allocated by calloc(), replacing
2737     sizeof(state) with sizeof(*state). This worked by accident since
2738     the struct contained a single int at present, but could have broken
2739     in the future. patch from hyc AT symas.com
2740   - djm@cvs.openbsd.org 2010/06/18 00:58:39
2741     [sftp.c]
2742     unbreak ls in working directories that contains globbing characters in
2743     their pathnames. bz#1655 reported by vgiffin AT apple.com
2744   - djm@cvs.openbsd.org 2010/06/18 03:16:03
2745     [session.c]
2746     Missing check for chroot_director == "none" (we already checked against
2747     NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2748   - djm@cvs.openbsd.org 2010/06/18 04:43:08
2749     [sftp-client.c]
2750     fix memory leak in do_realpath() error path; bz#1771, patch from
2751     anicka AT suse.cz
2752   - djm@cvs.openbsd.org 2010/06/22 04:22:59
2753     [servconf.c sshd_config.5]
2754     expose some more sshd_config options inside Match blocks:
2755       AuthorizedKeysFile AuthorizedPrincipalsFile
2756       HostbasedUsesNameFromPacketOnly PermitTunnel
2757     bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
2758   - djm@cvs.openbsd.org 2010/06/22 04:32:06
2759     [ssh-keygen.c]
2760     standardise error messages when attempting to open private key
2761     files to include "progname: filename: error reason"
2762     bz#1783; ok dtucker@
2763   - djm@cvs.openbsd.org 2010/06/22 04:49:47
2764     [auth.c]
2765     queue auth debug messages for bad ownership or permissions on the user's
2766     keyfiles. These messages will be sent after the user has successfully
2767     authenticated (where our client will display them with LogLevel=debug).
2768     bz#1554; ok dtucker@
2769   - djm@cvs.openbsd.org 2010/06/22 04:54:30
2770     [ssh-keyscan.c]
2771     replace verbose and overflow-prone Linebuf code with read_keyfile_line()
2772     based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
2773   - djm@cvs.openbsd.org 2010/06/22 04:59:12
2774     [session.c]
2775     include the user name on "subsystem request for ..." log messages;
2776     bz#1571; ok dtucker@
2777   - djm@cvs.openbsd.org 2010/06/23 02:59:02
2778     [ssh-keygen.c]
2779     fix printing of extensions in v01 certificates that I broke in r1.190
2780   - djm@cvs.openbsd.org 2010/06/25 07:14:46
2781     [channels.c mux.c readconf.c readconf.h ssh.h]
2782     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
2783     forwards per direction; ok markus@ stevesk@
2784   - djm@cvs.openbsd.org 2010/06/25 07:20:04
2785     [channels.c session.c]
2786     bz#1750: fix requirement for /dev/null inside ChrootDirectory for
2787     internal-sftp accidentally introduced in r1.253 by removing the code
2788     that opens and dup /dev/null to stderr and modifying the channels code
2789     to read stderr but discard it instead; ok markus@
2790   - djm@cvs.openbsd.org 2010/06/25 08:46:17
2791     [auth1.c auth2-none.c]
2792     skip the initial check for access with an empty password when
2793     PermitEmptyPasswords=no; bz#1638; ok markus@
2794   - djm@cvs.openbsd.org 2010/06/25 23:10:30
2795     [ssh.c]
2796     log the hostname and address that we connected to at LogLevel=verbose
2797     after authentication is successful to mitigate "phishing" attacks by
2798     servers with trusted keys that accept authentication silently and
2799     automatically before presenting fake password/passphrase prompts;
2800     "nice!" markus@
2801   - djm@cvs.openbsd.org 2010/06/25 23:10:30
2802     [ssh.c]
2803     log the hostname and address that we connected to at LogLevel=verbose
2804     after authentication is successful to mitigate "phishing" attacks by
2805     servers with trusted keys that accept authentication silently and
2806     automatically before presenting fake password/passphrase prompts;
2807     "nice!" markus@
2808
280920100622
2810 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
2811   bz#1579; ok dtucker
2812
281320100618
2814 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
2815   rather than assuming that $CWD == $HOME. bz#1500, patch from
2816   timothy AT gelter.com
2817
281820100617
2819 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
2820   minires-devel package, and to add the reference to the libedit-devel
2821   package since CYgwin now provides libedit. Patch from Corinna Vinschen.
2822
282320100521
2824 - (djm) OpenBSD CVS Sync
2825   - djm@cvs.openbsd.org 2010/05/07 11:31:26
2826     [regress/Makefile regress/cert-userkey.sh]
2827     regress tests for AuthorizedPrincipalsFile and "principals=" key option.
2828     feedback and ok markus@
2829   - djm@cvs.openbsd.org 2010/05/11 02:58:04
2830     [auth-rsa.c]
2831     don't accept certificates marked as "cert-authority" here; ok markus@
2832   - djm@cvs.openbsd.org 2010/05/14 00:47:22
2833     [ssh-add.c]
2834     check that the certificate matches the corresponding private key before
2835     grafting it on
2836   - djm@cvs.openbsd.org 2010/05/14 23:29:23
2837     [channels.c channels.h mux.c ssh.c]
2838     Pause the mux channel while waiting for reply from aynch callbacks.
2839     Prevents misordering of replies if new requests arrive while waiting.
2840
2841     Extend channel open confirm callback to allow signalling failure
2842     conditions as well as success. Use this to 1) fix a memory leak, 2)
2843     start using the above pause mechanism and 3) delay sending a success/
2844     failure message on mux slave session open until we receive a reply from
2845     the server.
2846
2847     motivated by and with feedback from markus@
2848   - markus@cvs.openbsd.org 2010/05/16 12:55:51
2849     [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
2850     mux support for remote forwarding with dynamic port allocation,
2851     use with
2852        LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
2853     feedback and ok djm@
2854   - djm@cvs.openbsd.org 2010/05/20 11:25:26
2855     [auth2-pubkey.c]
2856     fix logspam when key options (from="..." especially) deny non-matching
2857     keys; reported by henning@ also bz#1765; ok markus@ dtucker@
2858   - djm@cvs.openbsd.org 2010/05/20 23:46:02
2859     [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
2860     Move the permit-* options to the non-critical "extensions" field for v01
2861     certificates. The logic is that if another implementation fails to
2862     implement them then the connection just loses features rather than fails
2863     outright.
2864
2865     ok markus@
2866
286720100511
2868 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
2869   circular dependency problem on old or odd platforms.  From Tom Lane, ok
2870   djm@.
2871 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
2872   libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
2873   already. ok dtucker@
2874
287520100510
2876 - OpenBSD CVS Sync
2877   - djm@cvs.openbsd.org 2010/04/23 01:47:41
2878     [ssh-keygen.c]
2879     bz#1740: display a more helpful error message when $HOME is
2880     inaccessible while trying to create .ssh directory. Based on patch
2881     from jchadima AT redhat.com; ok dtucker@
2882   - djm@cvs.openbsd.org 2010/04/23 22:27:38
2883     [mux.c]
2884     set "detach_close" flag when registering channel cleanup callbacks.
2885     This causes the channel to close normally when its fds close and
2886     hangs when terminating a mux slave using ~. bz#1758; ok markus@
2887   - djm@cvs.openbsd.org 2010/04/23 22:42:05
2888     [session.c]
2889     set stderr to /dev/null for subsystems rather than just closing it.
2890     avoids hangs if a subsystem or shell initialisation writes to stderr.
2891     bz#1750; ok markus@
2892   - djm@cvs.openbsd.org 2010/04/23 22:48:31
2893     [ssh-keygen.c]
2894     refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
2895     since we would refuse to use them anyway. bz#1516; ok dtucker@
2896   - djm@cvs.openbsd.org 2010/04/26 22:28:24
2897     [sshconnect2.c]
2898     bz#1502: authctxt.success is declared as an int, but passed by
2899     reference to function that accepts sig_atomic_t*. Convert it to
2900     the latter; ok markus@ dtucker@
2901   - djm@cvs.openbsd.org 2010/05/01 02:50:50
2902     [PROTOCOL.certkeys]
2903     typo; jmeltzer@
2904   - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
2905     [sftp.c]
2906     restore mput and mget which got lost in the tab-completion changes.
2907     found by Kenneth Whitaker, ok djm@
2908   - djm@cvs.openbsd.org 2010/05/07 11:30:30
2909     [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
2910     [key.c servconf.c servconf.h sshd.8 sshd_config.5]
2911     add some optional indirection to matching of principal names listed
2912     in certificates. Currently, a certificate must include the a user's name
2913     to be accepted for authentication. This change adds the ability to
2914     specify a list of certificate principal names that are acceptable.
2915
2916     When authenticating using a CA trusted through ~/.ssh/authorized_keys,
2917     this adds a new principals="name1[,name2,...]" key option.
2918
2919     For CAs listed through sshd_config's TrustedCAKeys option, a new config
2920     option "AuthorizedPrincipalsFile" specifies a per-user file containing
2921     the list of acceptable names.
2922
2923     If either option is absent, the current behaviour of requiring the
2924     username to appear in principals continues to apply.
2925
2926     These options are useful for role accounts, disjoint account namespaces
2927     and "user@realm"-style naming policies in certificates.
2928
2929     feedback and ok markus@
2930   - jmc@cvs.openbsd.org 2010/05/07 12:49:17
2931     [sshd_config.5]
2932     tweak previous;
2933
293420100423
2935 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
2936   in the openssl install directory (some newer openssl versions do this on at
2937   least some amd64 platforms).
2938
293920100418
2940 - OpenBSD CVS Sync
2941   - jmc@cvs.openbsd.org 2010/04/16 06:45:01
2942     [ssh_config.5]
2943     tweak previous; ok djm
2944   - jmc@cvs.openbsd.org 2010/04/16 06:47:04
2945     [ssh-keygen.1 ssh-keygen.c]
2946     tweak previous; ok djm
2947   - djm@cvs.openbsd.org 2010/04/16 21:14:27
2948     [sshconnect.c]
2949     oops, %r => remote username, not %u
2950   - djm@cvs.openbsd.org 2010/04/16 01:58:45
2951     [regress/cert-hostkey.sh regress/cert-userkey.sh]
2952     regression tests for v01 certificate format
2953     includes interop tests for v00 certs
2954 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
2955   file.
2956
295720100416
2958 - (djm) Release openssh-5.5p1
2959 - OpenBSD CVS Sync
2960   - djm@cvs.openbsd.org 2010/03/26 03:13:17
2961     [bufaux.c]
2962     allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
2963     argument to allow skipping past values in a buffer
2964   - jmc@cvs.openbsd.org 2010/03/26 06:54:36
2965     [ssh.1]
2966     tweak previous;
2967   - jmc@cvs.openbsd.org 2010/03/27 14:26:55
2968     [ssh_config.5]
2969     tweak previous; ok dtucker
2970   - djm@cvs.openbsd.org 2010/04/10 00:00:16
2971     [ssh.c]
2972     bz#1746 - suppress spurious tty warning when using -O and stdin
2973     is not a tty; ok dtucker@ markus@
2974   - djm@cvs.openbsd.org 2010/04/10 00:04:30
2975     [sshconnect.c]
2976     fix terminology: we didn't find a certificate in known_hosts, we found
2977     a CA key
2978   - djm@cvs.openbsd.org 2010/04/10 02:08:44
2979     [clientloop.c]
2980     bz#1698: kill channel when pty allocation requests fail. Fixed
2981     stuck client if the server refuses pty allocation.
2982     ok dtucker@ "think so" markus@
2983   - djm@cvs.openbsd.org 2010/04/10 02:10:56
2984     [sshconnect2.c]
2985     show the key type that we are offering in debug(), helps distinguish
2986     between certs and plain keys as the path to the private key is usually
2987     the same.
2988   - djm@cvs.openbsd.org 2010/04/10 05:48:16
2989     [mux.c]
2990     fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
2991   - djm@cvs.openbsd.org 2010/04/14 22:27:42
2992     [ssh_config.5 sshconnect.c]
2993     expand %r => remote username in ssh_config:ProxyCommand;
2994     ok deraadt markus
2995   - markus@cvs.openbsd.org 2010/04/15 20:32:55
2996     [ssh-pkcs11.c]
2997     retry lookup for private key if there's no matching key with CKA_SIGN
2998     attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
2999     ok djm@
3000   - djm@cvs.openbsd.org 2010/04/16 01:47:26
3001     [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
3002     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
3003     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
3004     [sshconnect.c sshconnect2.c sshd.c]
3005     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
3006     following changes:
3007
3008     move the nonce field to the beginning of the certificate where it can
3009     better protect against chosen-prefix attacks on the signature hash
3010
3011     Rename "constraints" field to "critical options"
3012
3013     Add a new non-critical "extensions" field
3014
3015     Add a serial number
3016
3017     The older format is still support for authentication and cert generation
3018     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
3019
3020     ok markus@
3021