xref: /freebsd/crypto/openssh/ChangeLog (revision f18d3c411697ff46d85e579a72be54ca0cc67dd0)
120131108
2 - (djm) OpenBSD CVS Sync
3   - markus@cvs.openbsd.org 2013/11/06 16:52:11
4     [monitor_wrap.c]
5     fix rekeying for AES-GCM modes; ok deraadt
6   - djm@cvs.openbsd.org 2013/11/08 00:39:15
7     [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c]
8     [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c]
9     [sftp-client.c sftp-glob.c]
10     use calloc for all structure allocations; from markus@
11 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
12   [contrib/suse/openssh.spec] update version numbers
13   - djm@cvs.openbsd.org 2013/11/08 01:38:11
14     [version.h]
15     openssh-6.4
16 - (djm) Release 6.4p1
17
1820130913
19 - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code;
20   ok dtucker@
21 - (djm) [channels.c] sigh, typo s/buffet_/buffer_/
22 - (djm) Release 6.3p1
23
2420130808
25 - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
26   since some platforms (eg really old FreeBSD) don't have it.  Instead,
27   run "make clean" before a complete regress run.  ok djm.
28 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
29   CLOCK_MONOTONIC...) fails.  Some older versions of RHEL have the
30   CLOCK_MONOTONIC define but don't actually support it.  Found and tested
31   by Kevin Brott, ok djm.
32 - (dtucker) [misc.c] Remove define added for fallback testing that was
33   mistakenly included in the previous commit.
34 - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
35   removal.  The "make clean" removes modpipe which is built by the top-level
36   directory before running the tests.  Spotted by tim@
37
3820130804
39 - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
40   for building with older Heimdal versions.  ok djm.
41
4220130801
43 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
44   blocking connecting socket will clear any stored errno that might
45   otherwise have been retrievable via getsockopt(). A hack to limit writes
46   to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
47   it in an #ifdef. Diagnosis and patch from Ivo Raisr.
48 - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
49
5020130725
51 - (djm) OpenBSD CVS Sync
52   - djm@cvs.openbsd.org 2013/07/20 22:20:42
53     [krl.c]
54     fix verification error in (as-yet usused) KRL signature checking path
55   - djm@cvs.openbsd.org 2013/07/22 05:00:17
56     [umac.c]
57     make MAC key, data to be hashed and nonce for final hash const;
58     checked with -Wcast-qual
59   - djm@cvs.openbsd.org 2013/07/22 12:20:02
60     [umac.h]
61     oops, forgot to commit corresponding header change;
62     spotted by jsg and jasper
63   - djm@cvs.openbsd.org 2013/07/25 00:29:10
64     [ssh.c]
65     daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
66     it is fully detached from its controlling terminal. based on debugging
67   - djm@cvs.openbsd.org 2013/07/25 00:56:52
68     [sftp-client.c sftp-client.h sftp.1 sftp.c]
69     sftp support for resuming partial downloads; patch mostly by Loganaden
70     Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
71     "Just be careful" deraadt@
72   - djm@cvs.openbsd.org 2013/07/25 00:57:37
73     [version.h]
74     openssh-6.3 for release
75   - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
76     [regress/test-exec.sh]
77     use ssh and sshd as testdata since it needs to be >256k for the rekey test
78   - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
79     [regress/forwarding.sh]
80     Add test for forward config parsing
81   - djm@cvs.openbsd.org 2013/06/21 02:26:26
82     [regress/sftp-cmds.sh regress/test-exec.sh]
83     unbreak sftp-cmds for renamed test data (s/ls/data/)
84 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
85   Solaris and UnixWare. Feedback and OK djm@
86 - (tim) [regress/forwarding.sh] Fix for building outside source tree.
87
8820130720
89 - (djm) OpenBSD CVS Sync
90   - markus@cvs.openbsd.org 2013/07/19 07:37:48
91     [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
92     [servconf.h session.c sshd.c sshd_config.5]
93     add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
94     or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
95     ok djm@
96   - djm@cvs.openbsd.org 2013/07/20 01:43:46
97     [umac.c]
98     use a union to ensure correct alignment; ok deraadt
99   - djm@cvs.openbsd.org 2013/07/20 01:44:37
100     [ssh-keygen.c ssh.c]
101     More useful error message on missing current user in /etc/passwd
102   - djm@cvs.openbsd.org 2013/07/20 01:50:20
103     [ssh-agent.c]
104     call cleanup_handler on SIGINT when in debug mode to ensure sockets
105     are cleaned up on manual exit; bz#2120
106   - djm@cvs.openbsd.org 2013/07/20 01:55:13
107     [auth-krb5.c gss-serv-krb5.c gss-serv.c]
108     fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
109
11020130718
111 - (djm) OpenBSD CVS Sync
112   - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
113     [readconf.c]
114     revert 1.203 while we investigate crashes reported by okan@
115   - guenther@cvs.openbsd.org 2013/06/17 04:48:42
116     [scp.c]
117     Handle time_t values as long long's when formatting them and when
118     parsing them from remote servers.
119     Improve error checking in parsing of 'T' lines.
120     ok dtucker@ deraadt@
121   - markus@cvs.openbsd.org 2013/06/20 19:15:06
122     [krl.c]
123     don't leak the rdata blob on errors; ok djm@
124   - djm@cvs.openbsd.org 2013/06/21 00:34:49
125     [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
126     for hostbased authentication, print the client host and user on
127     the auth success/failure line; bz#2064, ok dtucker@
128   - djm@cvs.openbsd.org 2013/06/21 00:37:49
129     [ssh_config.5]
130     explicitly mention that IdentitiesOnly can be used with IdentityFile
131     to control which keys are offered from an agent.
132   - djm@cvs.openbsd.org 2013/06/21 05:42:32
133     [dh.c]
134     sprinkle in some error() to explain moduli(5) parse failures
135   - djm@cvs.openbsd.org 2013/06/21 05:43:10
136     [scp.c]
137     make this -Wsign-compare clean after time_t conversion
138   - djm@cvs.openbsd.org 2013/06/22 06:31:57
139     [scp.c]
140     improved time_t overflow check suggested by guenther@
141   - jmc@cvs.openbsd.org 2013/06/27 14:05:37
142     [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
143     do not use Sx for sections outwith the man page - ingo informs me that
144     stuff like html will render with broken links;
145     issue reported by Eric S. Raymond, via djm
146   - markus@cvs.openbsd.org 2013/07/02 12:31:43
147     [dh.c]
148     remove extra whitespace
149   - djm@cvs.openbsd.org 2013/07/12 00:19:59
150     [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
151     [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
152     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
153   - djm@cvs.openbsd.org 2013/07/12 00:20:00
154     [sftp.c ssh-keygen.c ssh-pkcs11.c]
155     fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
156   - djm@cvs.openbsd.org 2013/07/12 00:43:50
157     [misc.c]
158     in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
159     errno == 0. Avoids confusing error message in some broken resolver
160     cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
161   - djm@cvs.openbsd.org 2013/07/12 05:42:03
162     [ssh-keygen.c]
163     do_print_resource_record() can never be called with a NULL filename, so
164     don't attempt (and bungle) asking for one if it has not been specified
165     bz#2127 ok dtucker@
166   - djm@cvs.openbsd.org 2013/07/12 05:48:55
167     [ssh.c]
168     set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
169   - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
170     [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
171     use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
172   - djm@cvs.openbsd.org 2013/07/18 01:12:26
173     [ssh.1]
174     be more exact wrt perms for ~/.ssh/config; bz#2078
175
17620130702
177 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
178   contrib/cygwin/ssh-user-config] Modernizes and improve readability of
179   the Cygwin README file (which hasn't been updated for ages), drop
180   unsupported OSes from the ssh-host-config help text, and drop an
181   unneeded option from ssh-user-config.  Patch from vinschen at redhat com.
182
18320130610
184 - (djm) OpenBSD CVS Sync
185   - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
186     [channels.c channels.h clientloop.c]
187     Add an "ABANDONED" channel state and use for mux sessions that are
188     disconnected via the ~. escape sequence.  Channels in this state will
189     be able to close if the server responds, but do not count as active channels.
190     This means that if you ~. all of the mux clients when using ControlPersist
191     on a broken network, the backgrounded mux master will exit when the
192     Control Persist time expires rather than hanging around indefinitely.
193     bz#1917, also reported and tested by tedu@.  ok djm@ markus@.
194 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
195   algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
196 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
197   the required OpenSSL support.  Patch from naddy at freebsd.
198 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
199   and add some comments so it's clear what goes where.
200
20120130605
202 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
203   the necessary functions, not from the openssl version.
204 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
205   Patch from cjwatson at debian.
206 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
207   forwarding test is extremely slow copying data on some machines so switch
208   back to copying the much smaller ls binary until we can figure out why
209   this is.
210 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
211   modpipe in case there's anything in there we need.
212 - (dtucker) OpenBSD CVS Sync
213   - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
214     [channels.h]
215     typo in comment
216   - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
217     [clientloop.h clientloop.c mux.c]
218     No need for the mux cleanup callback to be visible so restore it to static
219     and call it through the detach_user function pointer.  ok djm@
220   - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
221     [mac.c]
222     force the MAC output to be 64-bit aligned so umac won't see unaligned
223     accesses on strict-alignment architectures.  bz#2101, patch from
224     tomas.kuthan at oracle.com, ok djm@
225   - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
226     [scp.c]
227     use MAXPATHLEN for buffer size instead of fixed value.  ok markus
228   - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
229     [sftp.c]
230     Make sftp's libedit interface marginally multibyte aware by building up
231     the quoted string by character instead of by byte.  Prevents failures
232     when linked against a libedit built with wide character support (bz#1990).
233     "looks ok" djm
234   - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
235     [mux.c]
236     fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
237     ok djm
238   - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
239     [sshd.c]
240     When running sshd -D, close stderr unless we have explicitly requesting
241     logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
242     so, err, ok dtucker.
243   - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
244     [sshconnect2.c]
245     Fix memory leaks found by Zhenbo Xu and the Melton tool.  bz#1967, ok djm
246   - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
247     [readconf.c]
248     plug another memleak.  bz#1967, from Zhenbo Xu, detected by Melton, ok djm
249 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
250    platforms that don't have multibyte character support (specifically,
251    mblen).
252
25320130602
254 - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
255   linking regress/modpipe.
256 - (dtucker) OpenBSD CVS Sync
257   - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
258     [progressmeter.c]
259     Add misc.h for monotime prototype. (ID sync only).
260   - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
261     [ssh-agent.c]
262     Make parent_alive_interval time_t to avoid signed/unsigned comparison
263 - (dtucker) [configure.ac]  sys/un.h needs sys/socket.h on some platforms
264   to prevent noise from configure. Patch from Nathan Osman. (bz#2114).
265 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
266   Patch from Nathan Osman.
267 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
268   need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
269   dealing with shell portability issues in regression tests, we let
270   configure find us a capable shell on those platforms with an old /bin/sh.
271 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
272   feedback and ok dtucker
273 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
274 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
275 - (dtucker) [configure.ac] Some other platforms need sys/types.h before
276   sys/socket.h.
277
27820130601
279 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
280   using openssl's DES_crypt function on platorms that don't have a native
281   one, eg Android.  Based on a patch from Nathan Osman.
282 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
283   rather than trying to enumerate the plaforms that don't have them.
284   Based on a patch from Nathan Osman, with help from tim@.
285 - (dtucker) OpenBSD CVS Sync
286   - djm@cvs.openbsd.org 2013/05/17 00:13:13
287     [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
288     ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
289     gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
290     auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
291     servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
292     auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
293     sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
294     kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
295     kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
296     monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
297     ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
298     sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
299     ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
300     dns.c packet.c readpass.c authfd.c moduli.c]
301     bye, bye xfree(); ok markus@
302   - djm@cvs.openbsd.org 2013/05/19 02:38:28
303     [auth2-pubkey.c]
304     fix failure to recognise cert-authority keys if a key of a different type
305     appeared in authorized_keys before it; ok markus@
306   - djm@cvs.openbsd.org 2013/05/19 02:42:42
307     [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
308     Standardise logging of supplemental information during userauth. Keys
309     and ruser is now logged in the auth success/failure message alongside
310     the local username, remote host/port and protocol in use. Certificates
311     contents and CA are logged too.
312     Pushing all logging onto a single line simplifies log analysis as it is
313     no longer necessary to relate information scattered across multiple log
314     entries. "I like it" markus@
315   - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
316     [ssh-agent.c]
317     Use time_t where appropriate.  ok djm
318   - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
319     [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
320     channels.c sandbox-systrace.c]
321     Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
322     keepalives and rekeying will work properly over clock steps.  Suggested by
323     markus@, "looks good" djm@.
324   - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
325     [scp.c sftp-client.c]
326     Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.  Patch
327     from Nathan Osman via bz#2085.  ok deraadt.
328   - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
329     [sftp-client.c]
330     Update progressmeter when data is acked, not when it's sent.  bz#2108, from
331     Debian via Colin Watson, ok djm@
332 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
333   groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
334   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
335   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
336   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
337   with the equivalent calls to free.
338 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
339   back to time(NULL) if we can't find it anywhere.
340 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
341
34220130529
343  - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
344    implementation of endgrent for platforms that don't have it (eg Android).
345    Loosely based on a patch from Nathan Osman, ok djm
346
347 20130517
348 - (dtucker) OpenBSD CVS Sync
349   - djm@cvs.openbsd.org 2013/03/07 00:20:34
350     [regress/proxy-connect.sh]
351     repeat test with a style appended to the username
352   - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
353     [regress/test-exec.sh]
354     Only regenerate host keys if they don't exist or if ssh-keygen has changed
355     since they were.  Reduces test runtime by 5-30% depending on machine
356     speed.
357   - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
358     [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
359     regress/multiplex.sh Makefile regress/cfgmatch.sh]
360     Split the regress log into 3 parts: the debug output from ssh, the debug
361     log from sshd and the output from the client command (ssh, scp or sftp).
362     Somewhat functional now, will become more useful when ssh/sshd -E is added.
363   - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
364     [regress/Makefile regress/rekey.sh regress/integrity.sh
365     regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
366     use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
367     save the output from any failing tests.  If a test fails the debug output
368     from ssh and sshd for the failing tests (and only the failing tests) should
369     be available in failed-ssh{,d}.log.
370   - djm@cvs.openbsd.org 2013/04/18 02:46:12
371     [regress/Makefile regress/sftp-chroot.sh]
372     test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
373   - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
374     [regress/multiplex.sh]
375     Write mux master logs to regress.log instead of ssh.log to keep separate
376   - djm@cvs.openbsd.org 2013/05/10 03:46:14
377     [regress/modpipe.c]
378     sync some portability changes from portable OpenSSH (id sync only)
379   - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
380     [regress/rekey.sh]
381     Add test for time-based rekeying
382   - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
383     [regress/rekey.sh]
384     test rekeying when there's no data being transferred
385   - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
386     [regress/rekey.sh]
387     add server-side rekey test
388   - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
389     [regress/rekey.sh]
390     add tests for RekeyLimit parsing
391   - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
392     [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
393     regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
394     regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
395     regress/ssh-com.sh]
396     replace 'echo -n' with 'printf' since it's more portable
397     also remove "echon" hack.
398   - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
399     [regress/agent-timeout.sh]
400     Pull back some portability changes from -portable:
401      - TIMEOUT is a read-only variable in some shells
402      - not all greps have -q so redirect to /dev/null instead.
403     (ID sync only)
404   - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
405     [regress/integrity.sh]
406     don't print output from ssh before getting it (it's available in ssh.log)
407   - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
408     [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
409     regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
410     regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
411     regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
412     regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
413     regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
414     regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
415     regress/multiplex.sh]
416     Move the setting of DATA and COPY into test-exec.sh
417   - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
418     [regress/try-ciphers.sh]
419     use expr for math to keep diffs vs portable down
420     (id sync only)
421   - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
422     [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
423     Use SUDO when cat'ing pid files and running the sshd log wrapper so that
424     it works with a restrictive umask and the pid files are not world readable.
425     Changes from -portable.  (id sync only)
426   - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
427     [regress/localcommand.sh]
428     use backticks for portability. (id sync only)
429   - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
430     [regress/sftp-badcmds.sh]
431     remove unused BATCH variable. (id sync only)
432   - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
433     [regress/sftp.sh]
434     only compare copied data if sftp succeeds.  from portable (id sync only)
435   - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
436     [regress/test-exec.sh]
437     wait a bit longer for startup and use case for absolute path.
438     from portable (id sync only)
439   - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
440     [regress/agent-getpeereid.sh]
441     don't redirect stdout from sudo.  from portable (id sync only)
442   - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
443     [regress/portnum.sh]
444     use a more portable negated if structure.  from portable (id sync only)
445   - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
446     [regress/scp.sh]
447     use a file extention that's not special on some platforms.  from portable
448     (id sync only)
449 - (dtucker) [regress/bsd.regress.mk] Remove unused file.  We've never used it
450   in portable and it's long gone in openbsd.
451 - (dtucker) [regress/integrity.sh].  Force fixed Diffie-Hellman key exchange
452   methods.  When the openssl version doesn't support ECDH then next one on
453   the list is DH group exchange, but that causes a bit more traffic which can
454   mean that the tests flip bits in the initial exchange rather than the MACed
455   traffic and we get different errors to what the tests look for.
456 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
457 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
458 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
459 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
460   Move the jot helper function to portable-specific part of test-exec.sh.
461 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
462   together and add a couple of missing lines from openbsd.
463 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
464   helper function to the portable part of test-exec.sh.
465 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
466 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
467   rev 1.6 which calls wait.
468
46920130516
470 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
471    executed if mktemp failed; bz#2105 ok dtucker@
472 - (dtucker) OpenBSD CVS Sync
473   - tedu@cvs.openbsd.org 2013/04/23 17:49:45
474     [misc.c]
475     use xasprintf instead of a series of strlcats and strdup. ok djm
476   - tedu@cvs.openbsd.org 2013/04/24 16:01:46
477     [misc.c]
478     remove extra parens noticed by nicm
479   - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
480     [sftp-server.8]
481     Reference the version of the sftp draft we actually implement.  ok djm@
482   - djm@cvs.openbsd.org 2013/05/10 03:40:07
483     [sshconnect2.c]
484     fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
485     Colin Watson
486   - djm@cvs.openbsd.org 2013/05/10 04:08:01
487     [key.c]
488     memleak in cert_free(), wasn't actually freeing the struct;
489     bz#2096 from shm AT digitalsun.pl
490   - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
491     [ssh-pkcs11-helper.c]
492     remove unused extern optarg.  ok markus@
493   - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
494     [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
495     ssh_config.5 packet.h]
496     Add an optional second argument to RekeyLimit in the client to allow
497     rekeying based on elapsed time in addition to amount of traffic.
498     with djm@ jmc@, ok djm
499   - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
500     [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
501     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
502     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
503     page.
504   - djm@cvs.openbsd.org 2013/05/16 04:27:50
505     [ssh_config.5 readconf.h readconf.c]
506     add the ability to ignore specific unrecognised ssh_config options;
507     bz#866; ok markus@
508   - jmc@cvs.openbsd.org 2013/05/16 06:28:45
509     [ssh_config.5]
510     put IgnoreUnknown in the right place;
511   - jmc@cvs.openbsd.org 2013/05/16 06:30:06
512     [sshd_config.5]
513     oops! avoid Xr to self;
514   - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
515     [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
516     Fix some "unused result" warnings found via clang and -portable.
517     ok markus@
518   - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
519     [readconf.c servconf.c]
520     switch RekeyLimit traffic volume parsing to scan_scaled.  ok djm@
521   - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
522     [servconf.c readconf.c]
523     remove now-unused variables
524   - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
525     [servconf.c]
526     remove another now-unused variable
527 - (dtucker) [configure.ac readconf.c servconf.c
528     openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
529
53020130510
531 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
532   supports it.  Mentioned by Colin Watson in bz#2100, ok djm.
533 - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
534   getopt.c.  Preprocessed source is identical other than line numbers.
535 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD.  No
536   portability changes yet.
537 - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
538   openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
539   portability code to getopt_long.c and switch over Makefile and the ugly
540   hack in modpipe.c.  Fixes bz#1448.
541 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
542   openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
543   in to use it when we're using our own getopt.
544 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
545   underlying libraries support them.
546 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
547   we don't get a warning on compilers that *don't* support it.  Add
548   -Wno-unknown-warning-option.  Move both to the start of the list for
549   maximum noise suppression.  Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
550
55120130423
552 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
553   platforms, such as Android, that lack struct passwd.pw_gecos. Report
554   and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
555 - (djm) OpenBSD CVS Sync
556   - markus@cvs.openbsd.org 2013/03/05 20:16:09
557     [sshconnect2.c]
558     reset pubkey order on partial success; ok djm@
559   - djm@cvs.openbsd.org 2013/03/06 23:35:23
560     [session.c]
561     fatal() when ChrootDirectory specified by running without root privileges;
562     ok markus@
563   - djm@cvs.openbsd.org 2013/03/06 23:36:53
564     [readconf.c]
565     g/c unused variable (-Wunused)
566   - djm@cvs.openbsd.org 2013/03/07 00:19:59
567     [auth2-pubkey.c monitor.c]
568     reconstruct the original username that was sent by the client, which may
569     have included a style (e.g. "root:skey") when checking public key
570     signatures. Fixes public key and hostbased auth when the client specified
571     a style; ok markus@
572   - markus@cvs.openbsd.org 2013/03/07 19:27:25
573     [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
574     add submethod support to AuthenticationMethods; ok and freedback djm@
575   - djm@cvs.openbsd.org 2013/03/08 06:32:58
576     [ssh.c]
577     allow "ssh -f none ..." ok markus@
578   - djm@cvs.openbsd.org 2013/04/05 00:14:00
579     [auth2-gss.c krl.c sshconnect2.c]
580     hush some {unused, printf type} warnings
581   - djm@cvs.openbsd.org 2013/04/05 00:31:49
582     [pathnames.h]
583     use the existing _PATH_SSH_USER_RC define to construct the other
584     pathnames; bz#2077, ok dtucker@ (no binary change)
585   - djm@cvs.openbsd.org 2013/04/05 00:58:51
586     [mux.c]
587     cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
588     (in addition to ones already in OPEN); bz#2079, ok dtucker@
589   - markus@cvs.openbsd.org 2013/04/06 16:07:00
590     [channels.c sshd.c]
591     handle ECONNABORTED for accept(); ok deraadt some time ago...
592   - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
593     [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
594     Add -E option to ssh and sshd to append debugging logs to a specified file
595     instead of stderr or syslog.  ok markus@, man page help jmc@
596   - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
597     [sshd.8]
598     clarify -e text. suggested by & ok jmc@
599   - djm@cvs.openbsd.org 2013/04/11 02:27:50
600     [packet.c]
601     quiet disconnect notifications on the server from error() back to logit()
602     if it is a normal client closure; bz#2057 ok+feedback dtucker@
603   - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
604     [session.c]
605     revert rev 1.262; it fails because uid is already set here.  ok djm@
606   - djm@cvs.openbsd.org 2013/04/18 02:16:07
607     [sftp.c]
608     make "sftp -q" do what it says on the sticker: hush everything but errors;
609     ok dtucker@
610   - djm@cvs.openbsd.org 2013/04/19 01:00:10
611     [sshd_config.5]
612     document the requirment that the AuthorizedKeysCommand be owned by root;
613     ok dtucker@ markus@
614   - djm@cvs.openbsd.org 2013/04/19 01:01:00
615     [ssh-keygen.c]
616     fix some memory leaks; bz#2088 ok dtucker@
617   - djm@cvs.openbsd.org 2013/04/19 01:03:01
618     [session.c]
619     reintroduce 1.262 without the connection-killing bug:
620     fatal() when ChrootDirectory specified by running without root privileges;
621     ok markus@
622   - djm@cvs.openbsd.org 2013/04/19 01:06:50
623     [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
624     [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
625     add the ability to query supported ciphers, MACs, key type and KEX
626     algorithms to ssh. Includes some refactoring of KEX and key type handling
627     to be table-driven; ok markus@
628   - djm@cvs.openbsd.org 2013/04/19 11:10:18
629     [ssh.c]
630     add -Q to usage; reminded by jmc@
631   - djm@cvs.openbsd.org 2013/04/19 12:07:08
632     [kex.c]
633     remove duplicated list entry pointed out by naddy@
634   - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
635     [mux.c]
636     typo in debug output: evitval->exitval
637
63820130418
639 - (djm) [config.guess config.sub] Update to last versions before they switch
640   to GPL3. ok dtucker@
641 - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
642   unused argument warnings (in particular, -fno-builtin-memset) from clang.
643
64420130404
645 - (dtucker) OpenBSD CVS Sync
646   - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
647     [readconf.c ssh.c readconf.h sshconnect2.c]
648     Keep track of which IndentityFile options were manually supplied and which
649     were default options, and don't warn if the latter are missing.
650     ok markus@
651   - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
652     [krl.c]
653     Remove bogus include.  ok djm
654   - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
655     [ssh.c readconf.c readconf.h]
656     Don't complain if IdentityFiles specified in system-wide configs are
657     missing.  ok djm, deraadt.
658   - markus@cvs.openbsd.org 2013/02/22 19:13:56
659     [sshconnect.c]
660     support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
661   - djm@cvs.openbsd.org 2013/02/22 22:09:01
662     [ssh.c]
663     Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
664     version)
665
66620130401
667 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
668   to avoid conflicting definitions of __int64, adding the required bits.
669   Patch from Corinna Vinschen.
670
67120120323
672 - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
673
67420120322
675 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
676   Hands' greatly revised version.
677 - (djm) Release 6.2p1
678 - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
679 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
680   defining it again.  Prevents warnings if someone, eg, sets it in CFLAGS.
681
68220120318
683 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
684   [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
685   so mark it as broken. Patch from des AT des.no
686
68720120317
688 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
689   of the bits the configure test looks for.
690
69120120316
692 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
693   is unable to successfully compile them. Based on patch from des AT
694   des.no
695 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
696   Add a usleep replacement for platforms that lack it; ok dtucker
697 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
698   occur after UID switch; patch from John Marshall via des AT des.no;
699   ok dtucker@
700
70120120312
702 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
703   Improve portability of cipher-speed test, based mostly on a patch from
704   Iain Morgan.
705 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
706   in addition to root as an owner of system directories on AIX and HP-UX.
707   ok djm@
708
70920130307
710 - (dtucker) [INSTALL] Bump documented autoconf version to what we're
711   currently using.
712 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
713   was removed in configure.ac rev 1.481 as it was redundant.
714 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
715   ago.
716 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
717   chance to complete on broken systems; ok dtucker@
718
71920130306
720 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
721  connection to start so that the test works on slower machines.
722 - (dtucker) [configure.ac] test that we can set number of file descriptors
723   to zero with setrlimit before enabling the rlimit sandbox.  This affects
724   (at least) HPUX 11.11.
725
72620130305
727 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
728   HP/UX. Spotted by Kevin Brott
729 - (dtucker) [configure.ac] use "=" for shell test and not "==".  Spotted by
730   Amit Kulkarni and Kevin Brott.
731 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
732   build breakage on (at least) HP-UX 11.11.  Found by Amit Kulkarni and Kevin
733   Brott.
734 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
735
73620130227
737 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
738   [contrib/suse/openssh.spec] Crank version numbers
739 - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
740 - (tim) [regress/integrity.sh] shell portability fix.
741 - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
742 - (tim) [regress/krl.sh] keep old solaris awk from hanging.
743
74420130226
745 - OpenBSD CVS Sync
746   - djm@cvs.openbsd.org 2013/02/20 08:27:50
747     [integrity.sh]
748     Add an option to modpipe that warns if the modification offset it not
749     reached in it's stream and turn it on for t-integrity. This should catch
750     cases where the session is not fuzzed for being too short (cf. my last
751     "oops" commit)
752 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
753   for UsePAM=yes configuration
754
75520130225
756 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
757   to use Solaris native GSS libs.  Patch from Pierre Ossman.
758
75920130223
760 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
761   bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
762   ok tim
763
76420130222
765 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
766   ssh(1) since they're not needed.  Patch from Pierre Ossman, ok djm.
767 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
768   libgss too.  Patch from Pierre Ossman, ok djm.
769 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
770   seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
771   ok dtucker
772
77320130221
774 - (tim) [regress/forward-control.sh] shell portability fix.
775
77620130220
777 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
778 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
779   err.h include from krl.c. Additional portability fixes for modpipe. OK djm
780 - OpenBSD CVS Sync
781   - djm@cvs.openbsd.org 2013/02/20 08:27:50
782     [regress/integrity.sh regress/modpipe.c]
783     Add an option to modpipe that warns if the modification offset it not
784     reached in it's stream and turn it on for t-integrity. This should catch
785     cases where the session is not fuzzed for being too short (cf. my last
786     "oops" commit)
787   - djm@cvs.openbsd.org 2013/02/20 08:29:27
788     [regress/modpipe.c]
789     s/Id/OpenBSD/ in RCS tag
790
79120130219
792 - OpenBSD CVS Sync
793   - djm@cvs.openbsd.org 2013/02/18 22:26:47
794     [integrity.sh]
795     crank the offset yet again; it was still fuzzing KEX one of Darren's
796     portable test hosts at 2800
797   - djm@cvs.openbsd.org 2013/02/19 02:14:09
798     [integrity.sh]
799     oops, forgot to increase the output of the ssh command to ensure that
800     we actually reach $offset
801 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
802   lack support for SHA2.
803 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
804   that do not have them.
805
80620130217
807 - OpenBSD CVS Sync
808   - djm@cvs.openbsd.org 2013/02/17 23:16:55
809     [integrity.sh]
810     make the ssh command generates some output to ensure that there are at
811     least offset+tries bytes in the stream.
812
81320130216
814 - OpenBSD CVS Sync
815   - djm@cvs.openbsd.org 2013/02/16 06:08:45
816     [integrity.sh]
817     make sure the fuzz offset is actually past the end of KEX for all KEX
818     types. diffie-hellman-group-exchange-sha256 requires an offset around
819     2700. Noticed via test failures in portable OpenSSH on platforms that
820     lack ECC and this the more byte-frugal ECDH KEX algorithms.
821
82220130215
823 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
824   Iain Morgan
825 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
826   Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
827 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
828   openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
829   platforms that don't have it.
830 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
831   group strto* function prototypes together.
832 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
833   an argument.  Pointed out by djm.
834 - (djm) OpenBSD CVS Sync
835   - djm@cvs.openbsd.org 2013/02/14 21:35:59
836     [auth2-pubkey.c]
837     Correct error message that had a typo and was logging the wrong thing;
838     patch from Petr Lautrbach
839   - dtucker@cvs.openbsd.org 2013/02/15 00:21:01
840     [sshconnect2.c]
841     Warn more loudly if an IdentityFile provided by the user cannot be read.
842     bz #1981, ok djm@
843
84420130214
845 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
846 - (djm) [regress/krl.sh] typo; found by Iain Morgan
847 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
848   of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
849   Iain Morgan
850
85120130212
852 - (djm) OpenBSD CVS Sync
853   - djm@cvs.openbsd.org 2013/01/24 21:45:37
854     [krl.c]
855     fix handling of (unused) KRL signatures; skip string in correct buffer
856   - djm@cvs.openbsd.org 2013/01/24 22:08:56
857     [krl.c]
858     skip serial lookup when cert's serial number is zero
859   - krw@cvs.openbsd.org 2013/01/25 05:00:27
860     [krl.c]
861     Revert last. Breaks due to likely typo. Let djm@ fix later.
862     ok djm@ via dlg@
863   - djm@cvs.openbsd.org 2013/01/25 10:22:19
864     [krl.c]
865     redo last commit without the vi-vomit that snuck in:
866     skip serial lookup when cert's serial number is zero
867     (now with 100% better comment)
868   - djm@cvs.openbsd.org 2013/01/26 06:11:05
869     [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
870     [openbsd-compat/openssl-compat.h]
871     remove ACSS, now that it is gone from libcrypto too
872   - djm@cvs.openbsd.org 2013/01/27 10:06:12
873     [krl.c]
874     actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
875   - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
876     [servconf.c sshd_config sshd_config.5]
877     Change default of MaxStartups to 10:30:100 to start doing random early
878     drop at 10 connections up to 100 connections.  This will make it harder
879     to DoS as CPUs have come a long way since the original value was set
880     back in 2000.  Prompted by nion at debian org, ok markus@
881   - dtucker@cvs.openbsd.org 2013/02/06 00:22:21
882     [auth.c]
883     Fix comment, from jfree.e1 at gmail
884   - djm@cvs.openbsd.org 2013/02/08 00:41:12
885     [sftp.c]
886     fix NULL deref when built without libedit and control characters
887     entered as command; debugging and patch from Iain Morgan an
888     Loganaden Velvindron in bz#1956
889   - markus@cvs.openbsd.org 2013/02/10 21:19:34
890     [version.h]
891     openssh 6.2
892   - djm@cvs.openbsd.org 2013/02/10 23:32:10
893     [ssh-keygen.c]
894     append to moduli file when screening candidates rather than overwriting.
895     allows resumption of interrupted screen; patch from Christophe Garault
896     in bz#1957; ok dtucker@
897   - djm@cvs.openbsd.org 2013/02/10 23:35:24
898     [packet.c]
899     record "Received disconnect" messages at ERROR rather than INFO priority,
900     since they are abnormal and result in a non-zero ssh exit status; patch
901     from Iain Morgan in bz#2057; ok dtucker@
902   - dtucker@cvs.openbsd.org 2013/02/11 21:21:58
903     [sshd.c]
904     Add openssl version to debug output similar to the client.  ok markus@
905   - djm@cvs.openbsd.org 2013/02/11 23:58:51
906     [regress/try-ciphers.sh]
907     remove acss here too
908 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
909
91020130211
911 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
912   libcrypto that lacks EVP_CIPHER_CTX_ctrl
913
91420130208
915 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
916   patch from Iain Morgan in bz#2059
917 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
918   __attribute__ on return values and work around if necessary.  ok djm@
919
92020130207
921 - (djm) [configure.ac] Don't probe seccomp capability of running kernel
922   at configure time; the seccomp sandbox will fall back to rlimit at
923   runtime anyway. Patch from plautrba AT redhat.com in bz#2011
924
92520130120
926 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
927   Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
928   prototypes for openssl-1.0.0-fips.
929 - (djm) OpenBSD CVS Sync
930   - jmc@cvs.openbsd.org 2013/01/18 07:57:47
931     [ssh-keygen.1]
932     tweak previous;
933   - jmc@cvs.openbsd.org 2013/01/18 07:59:46
934     [ssh-keygen.c]
935     -u before -V in usage();
936   - jmc@cvs.openbsd.org 2013/01/18 08:00:49
937     [sshd_config.5]
938     tweak previous;
939   - jmc@cvs.openbsd.org 2013/01/18 08:39:04
940     [ssh-keygen.1]
941     add -Q to the options list; ok djm
942   - jmc@cvs.openbsd.org 2013/01/18 21:48:43
943     [ssh-keygen.1]
944     command-line (adj.) -> command line (n.);
945   - jmc@cvs.openbsd.org 2013/01/19 07:13:25
946     [ssh-keygen.1]
947     fix some formatting; ok djm
948   - markus@cvs.openbsd.org 2013/01/19 12:34:55
949     [krl.c]
950     RB_INSERT does not remove existing elments; ok djm@
951 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
952   version.
953 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
954
95520130118
956 - (djm) OpenBSD CVS Sync
957   - djm@cvs.openbsd.org 2013/01/17 23:00:01
958     [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
959     [krl.c krl.h PROTOCOL.krl]
960     add support for Key Revocation Lists (KRLs). These are a compact way to
961     represent lists of revoked keys and certificates, taking as little as
962     a single bit of incremental cost to revoke a certificate by serial number.
963     KRLs are loaded via the existing RevokedKeys sshd_config option.
964     feedback and ok markus@
965   - djm@cvs.openbsd.org 2013/01/18 00:45:29
966     [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
967     Tests for Key Revocation Lists (KRLs)
968   - djm@cvs.openbsd.org 2013/01/18 03:00:32
969     [krl.c]
970     fix KRL generation bug for list sections
971
97220130117
973 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
974   check for GCM support before testing GCM ciphers.
975
97620130112
977 - (djm) OpenBSD CVS Sync
978   - djm@cvs.openbsd.org 2013/01/12 11:22:04
979     [cipher.c]
980     improve error message for integrity failure in AES-GCM modes; ok markus@
981   - djm@cvs.openbsd.org 2013/01/12 11:23:53
982     [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
983     test AES-GCM modes; feedback markus@
984 - (djm) [regress/integrity.sh] repair botched merge
985
98620130109
987 - (djm) OpenBSD CVS Sync
988   - dtucker@cvs.openbsd.org 2012/12/14 05:26:43
989     [auth.c]
990     use correct string in error message; from rustybsd at gmx.fr
991   - djm@cvs.openbsd.org 2013/01/02 00:32:07
992     [clientloop.c mux.c]
993     channel_setup_local_fwd_listener() returns 0 on failure, not -ve
994     bz#2055 reported by mathieu.lacage AT gmail.com
995   - djm@cvs.openbsd.org 2013/01/02 00:33:49
996     [PROTOCOL.agent]
997     correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
998     bz#2051 from david AT lechnology.com
999   - djm@cvs.openbsd.org 2013/01/03 05:49:36
1000     [servconf.h]
1001     add a couple of ServerOptions members that should be copied to the privsep
1002     child (for consistency, in this case they happen only to be accessed in
1003     the monitor); ok dtucker@
1004   - djm@cvs.openbsd.org 2013/01/03 12:49:01
1005     [PROTOCOL]
1006     fix description of MAC calculation for EtM modes; ok markus@
1007   - djm@cvs.openbsd.org 2013/01/03 12:54:49
1008     [sftp-server.8 sftp-server.c]
1009     allow specification of an alternate start directory for sftp-server(8)
1010     "I like this" markus@
1011   - djm@cvs.openbsd.org 2013/01/03 23:22:58
1012     [ssh-keygen.c]
1013     allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
1014     ok markus@
1015   - jmc@cvs.openbsd.org 2013/01/04 19:26:38
1016     [sftp-server.8 sftp-server.c]
1017     sftp-server.8: add argument name to -d
1018     sftp-server.c: add -d to usage()
1019     ok djm
1020   - markus@cvs.openbsd.org 2013/01/08 18:49:04
1021     [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
1022     [myproposal.h packet.c ssh_config.5 sshd_config.5]
1023     support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
1024     ok and feedback djm@
1025   - djm@cvs.openbsd.org 2013/01/09 05:40:17
1026     [ssh-keygen.c]
1027     correctly initialise fingerprint type for fingerprinting PKCS#11 keys
1028 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
1029   Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
1030   cipher compat code to openssl-compat.h
1031
103220121217
1033 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
1034   tests will work with VPATH directories.
1035
103620121213
1037 - (djm) OpenBSD CVS Sync
1038   - markus@cvs.openbsd.org 2012/12/12 16:45:52
1039     [packet.c]
1040     reset incoming_packet buffer for each new packet in EtM-case, too;
1041     this happens if packets are parsed only parially (e.g. ignore
1042     messages sent when su/sudo turn off echo); noted by sthen/millert
1043   - naddy@cvs.openbsd.org 2012/12/12 16:46:10
1044     [cipher.c]
1045     use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
1046     counter mode code; ok djm@
1047 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
1048   compat code for older OpenSSL
1049 - (djm) [cipher.c] Fix missing prototype for compat code
1050
105120121212
1052 - (djm) OpenBSD CVS Sync
1053   - markus@cvs.openbsd.org 2012/12/11 22:16:21
1054     [monitor.c]
1055     drain the log messages after receiving the keystate from the unpriv
1056     child. otherwise it might block while sending. ok djm@
1057   - markus@cvs.openbsd.org 2012/12/11 22:31:18
1058     [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
1059     [packet.c ssh_config.5 sshd_config.5]
1060     add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
1061     that change the packet format and compute the MAC over the encrypted
1062     message (including the packet size) instead of the plaintext data;
1063     these EtM modes are considered more secure and used by default.
1064     feedback and ok djm@
1065   - sthen@cvs.openbsd.org 2012/12/11 22:51:45
1066     [mac.c]
1067     fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
1068   - markus@cvs.openbsd.org 2012/12/11 22:32:56
1069     [regress/try-ciphers.sh]
1070     add etm modes
1071   - markus@cvs.openbsd.org 2012/12/11 22:42:11
1072     [regress/Makefile regress/modpipe.c regress/integrity.sh]
1073     test the integrity of the packets; with djm@
1074   - markus@cvs.openbsd.org 2012/12/11 23:12:13
1075     [try-ciphers.sh]
1076     add hmac-ripemd160-etm@openssh.com
1077 - (djm) [mac.c] fix merge botch
1078 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
1079   work on platforms without 'jot'
1080 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
1081 - (djm) [regress/Makefile] fix t-exec rule
1082
108320121207
1084 - (dtucker) OpenBSD CVS Sync
1085   - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
1086     [regress/keys-command.sh]
1087     Fix some problems with the keys-command test:
1088      - use string comparison rather than numeric comparison
1089      - check for existing KEY_COMMAND file and don't clobber if it exists
1090      - clean up KEY_COMMAND file if we do create it.
1091      - check that KEY_COMMAND is executable (which it won't be if eg /var/run
1092        is mounted noexec).
1093     ok djm.
1094   - jmc@cvs.openbsd.org 2012/12/03 08:33:03
1095     [ssh-add.1 sshd_config.5]
1096     tweak previous;
1097   - markus@cvs.openbsd.org 2012/12/05 15:42:52
1098     [ssh-add.c]
1099     prevent double-free of comment; ok djm@
1100   - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
1101     [serverloop.c]
1102     Cast signal to int for logging.  A no-op on openbsd (they're always ints)
1103     but will prevent warnings in portable.  ok djm@
1104
110520121205
1106 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
1107
110820121203
1109 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
1110   TAILQ_FOREACH_SAFE needed for upcoming changes.
1111 - (djm) OpenBSD CVS Sync
1112   - djm@cvs.openbsd.org 2012/12/02 20:26:11
1113     [ssh_config.5 sshconnect2.c]
1114     Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
1115     This allows control of which keys are offered from tokens using
1116     IdentityFile. ok markus@
1117   - djm@cvs.openbsd.org 2012/12/02 20:42:15
1118     [ssh-add.1 ssh-add.c]
1119     make deleting explicit keys "ssh-add -d" symmetric with adding keys -
1120     try to delete the corresponding certificate too and respect the -k option
1121     to allow deleting of the key only; feedback and ok markus@
1122   - djm@cvs.openbsd.org 2012/12/02 20:46:11
1123     [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
1124     [sshd_config.5]
1125     make AllowTcpForwarding accept "local" and "remote" in addition to its
1126     current "yes"/"no" to allow the server to specify whether just local or
1127     remote TCP forwarding is enabled. ok markus@
1128   - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
1129     [regress/cipher-speed.sh regress/try-ciphers.sh]
1130     Add umac-128@openssh.com to the list of MACs to be tested
1131   - djm@cvs.openbsd.org 2012/10/19 05:10:42
1132     [regress/cert-userkey.sh]
1133     include a serial number when generating certs
1134   - djm@cvs.openbsd.org 2012/11/22 22:49:30
1135     [regress/Makefile regress/keys-command.sh]
1136     regress for AuthorizedKeysCommand; hints from markus@
1137   - djm@cvs.openbsd.org 2012/12/02 20:47:48
1138     [Makefile regress/forward-control.sh]
1139     regress for AllowTcpForwarding local/remote; ok markus@
1140   - djm@cvs.openbsd.org 2012/12/03 00:14:06
1141     [auth2-chall.c ssh-keygen.c]
1142     Fix compilation with -Wall -Werror (trivial type fixes)
1143 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
1144   debugging. ok dtucker@
1145 - (djm) [configure.ac] Revert previous. configure.ac already does this
1146   for us.
1147
114820121114
1149 - (djm) OpenBSD CVS Sync
1150   - djm@cvs.openbsd.org 2012/11/14 02:24:27
1151     [auth2-pubkey.c]
1152     fix username passed to helper program
1153     prepare stdio fds before closefrom()
1154     spotted by landry@
1155   - djm@cvs.openbsd.org 2012/11/14 02:32:15
1156     [ssh-keygen.c]
1157     allow the full range of unsigned serial numbers; 'fine' deraadt@
1158   - djm@cvs.openbsd.org 2012/12/02 20:34:10
1159     [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
1160     [monitor.c monitor.h]
1161     Fixes logging of partial authentication when privsep is enabled
1162     Previously, we recorded "Failed xxx" since we reset authenticated before
1163     calling auth_log() in auth2.c. This adds an explcit "Partial" state.
1164
1165     Add a "submethod" to auth_log() to report which submethod is used
1166     for keyboard-interactive.
1167
1168     Fix multiple authentication when one of the methods is
1169     keyboard-interactive.
1170
1171     ok markus@
1172   - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
1173     [regress/multiplex.sh]
1174     Use 'kill -0' to test for the presence of a pid since it's more portable
1175
117620121107
1177 - (djm) OpenBSD CVS Sync
1178   - eric@cvs.openbsd.org 2011/11/28 08:46:27
1179     [moduli.5]
1180     fix formula
1181     ok djm@
1182   - jmc@cvs.openbsd.org 2012/09/26 17:34:38
1183     [moduli.5]
1184     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
1185     references into a STANDARDS section;
1186
118720121105
1188 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
1189   openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
1190   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
1191   and gids from uidswap.c to the compat library, which allows it to work with
1192   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
1193 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
1194   don't have it.  Spotted by tim@.
1195
119620121104
1197 - (djm) OpenBSD CVS Sync
1198   - jmc@cvs.openbsd.org 2012/10/31 08:04:50
1199     [sshd_config.5]
1200     tweak previous;
1201   - djm@cvs.openbsd.org 2012/11/04 10:38:43
1202     [auth2-pubkey.c sshd.c sshd_config.5]
1203     Remove default of AuthorizedCommandUser. Administrators are now expected
1204     to explicitly specify a user. feedback and ok markus@
1205   - djm@cvs.openbsd.org 2012/11/04 11:09:15
1206     [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
1207     [sshd_config.5]
1208     Support multiple required authentication via an AuthenticationMethods
1209     option. This option lists one or more comma-separated lists of
1210     authentication method names. Successful completion of all the methods in
1211     any list is required for authentication to complete;
1212     feedback and ok markus@
1213
121420121030
1215 - (djm) OpenBSD CVS Sync
1216   - markus@cvs.openbsd.org 2012/10/05 12:34:39
1217     [sftp.c]
1218     fix signed vs unsigned warning; feedback & ok: djm@
1219   - djm@cvs.openbsd.org 2012/10/30 21:29:55
1220     [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
1221     [sshd.c sshd_config sshd_config.5]
1222     new sshd_config option AuthorizedKeysCommand to support fetching
1223     authorized_keys from a command in addition to (or instead of) from
1224     the filesystem. The command is run as the target server user unless
1225     another specified via a new AuthorizedKeysCommandUser option.
1226
1227     patch originally by jchadima AT redhat.com, reworked by me; feedback
1228     and ok markus@
1229
123020121019
1231 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
1232   the generated file as intended.
1233
123420121005
1235 - (dtucker) OpenBSD CVS Sync
1236   - djm@cvs.openbsd.org 2012/09/17 09:54:44
1237     [sftp.c]
1238     an XXX for later
1239   - markus@cvs.openbsd.org 2012/09/17 13:04:11
1240     [packet.c]
1241     clear old keys on rekeing; ok djm
1242   - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
1243     [sftp.c]
1244     Add bounds check on sftp tab-completion.  Part of a patch from from
1245     Jean-Marc Robert via tech@, ok djm
1246   - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
1247     [sftp.c]
1248     Fix improper handling of absolute paths when PWD is part of the completed
1249     path.  Patch from Jean-Marc Robert via tech@, ok djm.
1250  - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
1251     [sftp.c]
1252     Fix handling of filenames containing escaped globbing characters and
1253     escape "#" and "*".  Patch from Jean-Marc Robert via tech@, ok djm.
1254   - jmc@cvs.openbsd.org 2012/09/26 16:12:13
1255     [ssh.1]
1256     last stage of rfc changes, using consistent Rs/Re blocks, and moving the
1257     references into a STANDARDS section;
1258   - naddy@cvs.openbsd.org 2012/10/01 13:59:51
1259     [monitor_wrap.c]
1260     pasto; ok djm@
1261   - djm@cvs.openbsd.org 2012/10/02 07:07:45
1262     [ssh-keygen.c]
1263     fix -z option, broken in revision 1.215
1264   - markus@cvs.openbsd.org 2012/10/04 13:21:50
1265     [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
1266     add umac128 variant; ok djm@ at n2k12
1267  - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
1268     [regress/try-ciphers.sh]
1269     Restore missing space.  (Id sync only).
1270   - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
1271     [regress/multiplex.sh]
1272     Add test for ssh -Ostop
1273   - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
1274     [regress/multiplex.sh]
1275     Log -O cmd output to the log file and make logging consistent with the
1276     other tests.  Test clean shutdown of an existing channel when testing
1277     "stop".
1278   - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
1279     [regress/multiplex.sh]
1280     use -Ocheck and waiting for completions by PID to make multiplexing test
1281     less racy and (hopefully) more reliable on slow hardware.
1282 - [Makefile umac.c] Add special-case target to build umac128.o.
1283 - [umac.c] Enforce allowed umac output sizes.  From djm@.
1284 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
1285
128620120917
1287 - (dtucker) OpenBSD CVS Sync
1288   - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
1289     [servconf.c]
1290     Fix comment line length
1291   - markus@cvs.openbsd.org 2012/09/14 16:51:34
1292     [sshconnect.c]
1293     remove unused variable
1294
129520120907
1296 - (dtucker) OpenBSD CVS Sync
1297   - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
1298     [clientloop.c]
1299     Make the escape command help (~?) context sensitive so that only commands
1300     that will work in the current session are shown.  ok markus@
1301   - jmc@cvs.openbsd.org 2012/09/06 13:57:42
1302     [ssh.1]
1303     missing letter in previous;
1304   - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
1305     [clientloop.c]
1306     Print '^Z' instead of a raw ^Z when the sequence is not supported.  ok djm@
1307   - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
1308     [clientloop.c]
1309     Merge escape help text for ~v and ~V; ok djm@
1310   - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
1311     [clientloop.c]
1312     when muxmaster is run with -N, make it shut down gracefully when a client
1313     sends it "-O stop" rather than hanging around (bz#1985).  ok djm@
1314
131520120906
1316 - (dtucker) OpenBSD CVS Sync
1317   - jmc@cvs.openbsd.org 2012/08/15 18:25:50
1318     [ssh-keygen.1]
1319     a little more info on certificate validity;
1320     requested by Ross L Richardson, and provided by djm
1321   - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
1322     [clientloop.c clientloop.h mux.c]
1323     Force a clean shutdown of ControlMaster client sessions when the ~. escape
1324     sequence is used.  This means that ~. should now work in mux clients even
1325     if the server is no longer responding.  Found by tedu, ok djm.
1326   - djm@cvs.openbsd.org 2012/08/17 01:22:56
1327     [kex.c]
1328     add some comments about better handling first-KEX-follows notifications
1329     from the server. Nothing uses these right now. No binary change
1330   - djm@cvs.openbsd.org 2012/08/17 01:25:58
1331     [ssh-keygen.c]
1332     print details of which host lines were deleted when using
1333     "ssh-keygen -R host"; ok markus@
1334   - djm@cvs.openbsd.org 2012/08/17 01:30:00
1335     [compat.c sshconnect.c]
1336     Send client banner immediately, rather than waiting for the server to
1337     move first for SSH protocol 2 connections (the default). Patch based on
1338     one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
1339   - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
1340     [clientloop.c log.c ssh.1 log.h]
1341     Add ~v and ~V escape sequences to raise and lower the logging level
1342     respectively. Man page help from jmc, ok deraadt jmc
1343
134420120830
1345 - (dtucker) [moduli] Import new moduli file.
1346
134720120828
1348 - (djm) Release openssh-6.1
1349
135020120828
1351 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
1352   for compatibility with future mingw-w64 headers.  Patch from vinschen at
1353   redhat com.
1354
135520120822
1356 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1357   [contrib/suse/openssh.spec] Update version numbers
1358
135920120731
1360 - (djm) OpenBSD CVS Sync
1361   - jmc@cvs.openbsd.org 2012/07/06 06:38:03
1362     [ssh-keygen.c]
1363     missing full stop in usage();
1364   - djm@cvs.openbsd.org 2012/07/10 02:19:15
1365     [servconf.c servconf.h sshd.c sshd_config]
1366     Turn on systrace sandboxing of pre-auth sshd by default for new installs
1367     by shipping a config that overrides the current UsePrivilegeSeparation=yes
1368     default. Make it easier to flip the default in the future by adding too.
1369     prodded markus@ feedback dtucker@ "get it in" deraadt@
1370   - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
1371     [servconf.c]
1372     handle long comments in config files better.  bz#2025, ok markus
1373   - markus@cvs.openbsd.org 2012/07/22 18:19:21
1374     [version.h]
1375     openssh 6.1
1376
137720120720
1378 - (dtucker) Import regened moduli file.
1379
138020120706
1381 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
1382   not available. Allows use of sshd compiled on host with a filter-capable
1383   kernel on hosts that lack the support. bz#2011 ok dtucker@
1384 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
1385   unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
1386   esperi.org.uk; ok dtucker@
1387- (djm) OpenBSD CVS Sync
1388   - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
1389     [moduli.c ssh-keygen.1 ssh-keygen.c]
1390     Add options to specify starting line number and number of lines to process
1391     when screening moduli candidates.  This allows processing of different
1392     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
1393   - djm@cvs.openbsd.org 2012/07/06 01:37:21
1394     [mux.c]
1395     fix memory leak of passed-in environment variables and connection
1396     context when new session message is malformed; bz#2003 from Bert.Wesarg
1397     AT googlemail.com
1398   - djm@cvs.openbsd.org 2012/07/06 01:47:38
1399     [ssh.c]
1400     move setting of tty_flag to after config parsing so RequestTTY options
1401     are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
1402     ok dtucker@
1403
140420120704
1405 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
1406   platforms that don't have it.  "looks good" tim@
1407
140820120703
1409 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
1410   setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
1411 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
1412   setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported.  Its
1413   benefit is minor, so it's not worth disabling the sandbox if it doesn't
1414   work.
1415
141620120702
1417- (dtucker) OpenBSD CVS Sync
1418   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
1419     [ssh_config.5 sshd_config.5]
1420     match the documented MAC order of preference to the actual one;
1421     ok dtucker@
1422   - markus@cvs.openbsd.org 2012/06/30 14:35:09
1423     [sandbox-systrace.c sshd.c]
1424     fix a during the load of the sandbox policies (child can still make
1425     the read-syscall and wait forever for systrace-answers) by replacing
1426     the read/write synchronisation with SIGSTOP/SIGCONT;
1427     report and help hshoexer@; ok djm@, dtucker@
1428   - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
1429     [ssh.c]
1430     set interactive ToS for forwarded X11 sessions.  ok djm@
1431   - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
1432     [ssh-pkcs11-helper.c sftp-client.c]
1433     fix a couple of "assigned but not used" warnings.  ok markus@
1434   - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
1435     [regress/connect-privsep.sh]
1436     remove exit from end of test since it prevents reporting failure
1437 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
1438   Move cygwin detection to test-exec and use to skip reexec test on cygwin.
1439 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
1440
144120120629
1442 - OpenBSD CVS Sync
1443   - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
1444     [addrmatch.c]
1445     fix strlcpy truncation check.  from carsten at debian org, ok markus
1446   - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
1447     [monitor.c sshconnect2.c]
1448     remove dead code following 'for (;;)' loops.
1449     From Steve.McClellan at radisys com, ok markus@
1450   - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
1451     [sftp.c]
1452     Remove unused variable leftover from tab-completion changes.
1453     From Steve.McClellan at radisys com, ok markus@
1454   - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
1455     [sandbox-systrace.c]
1456     Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
1457     sandbox" since malloc now uses it.  From johnw.mail at gmail com.
1458   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
1459     [mac.c myproposal.h ssh_config.5 sshd_config.5]
1460     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
1461     from draft6 of the spec and will not be in the RFC when published.  Patch
1462     from mdb at juniper net via bz#2023, ok markus.
1463   - naddy@cvs.openbsd.org 2012/06/29 13:57:25
1464     [ssh_config.5 sshd_config.5]
1465     match the documented MAC order of preference to the actual one; ok dtucker@
1466   - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
1467     [regress/addrmatch.sh]
1468     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
1469     to match.  Feedback and ok djm@ markus@.
1470   - djm@cvs.openbsd.org 2012/06/01 00:47:35
1471     [regress/multiplex.sh regress/forwarding.sh]
1472     append to rather than truncate test log; bz#2013 from openssh AT
1473     roumenpetrov.info
1474   - djm@cvs.openbsd.org 2012/06/01 00:52:52
1475     [regress/sftp-cmds.sh]
1476     don't delete .* on cleanup due to unintended env expansion; pointed out in
1477     bz#2014 by openssh AT roumenpetrov.info
1478   - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
1479     [regress/connect-privsep.sh]
1480     test sandbox with every malloc option
1481   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
1482     [regress/try-ciphers.sh regress/cipher-speed.sh]
1483     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
1484     from draft6 of the spec and will not be in the RFC when published.  Patch
1485     from mdb at juniper net via bz#2023, ok markus.
1486 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
1487 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
1488   the required functions in libcrypto.
1489
149020120628
1491 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
1492   pointer deref in the client when built with LDNS and using DNSSEC with a
1493   CNAME.  Patch from gregdlg+mr at hochet info.
1494
149520120622
1496 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
1497   can logon as a service.  Patch from vinschen at redhat com.
1498
149920120620
1500 - (djm) OpenBSD CVS Sync
1501   - djm@cvs.openbsd.org 2011/12/02 00:41:56
1502     [mux.c]
1503     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1504     ok dtucker@
1505   - djm@cvs.openbsd.org 2011/12/04 23:16:12
1506     [mux.c]
1507     revert:
1508     > revision 1.32
1509     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
1510     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1511     > ok dtucker@
1512     it interacts badly with ControlPersist
1513   - djm@cvs.openbsd.org 2012/01/07 21:11:36
1514     [mux.c]
1515     fix double-free in new session handler
1516     NB. Id sync only
1517   - djm@cvs.openbsd.org 2012/05/23 03:28:28
1518     [dns.c dns.h key.c key.h ssh-keygen.c]
1519     add support for RFC6594 SSHFP DNS records for ECDSA key types.
1520     patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
1521     (Original authors Ondřej Surý,  Ondřej Caletka and Daniel Black)
1522   - djm@cvs.openbsd.org 2012/06/01 00:49:35
1523     [PROTOCOL.mux]
1524     correct types of port numbers (integers, not strings); bz#2004 from
1525     bert.wesarg AT googlemail.com
1526   - djm@cvs.openbsd.org 2012/06/01 01:01:22
1527     [mux.c]
1528     fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
1529     AT googlemail.com
1530   - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
1531     [jpake.c]
1532     correct sizeof usage.  patch from saw at online.de, ok deraadt
1533   - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
1534     [ssh_config.5]
1535     RSA instead of DSA twice.  From Steve.McClellan at radisys com
1536   - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
1537     [ssh.1 sshd.8]
1538     Remove mention of 'three' key files since there are now four.  From
1539     Steve.McClellan at radisys com.
1540   - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
1541     [ssh.1]
1542     Clarify description of -W.  Noted by Steve.McClellan at radisys com,
1543     ok jmc
1544   - markus@cvs.openbsd.org 2012/06/19 18:25:28
1545     [servconf.c servconf.h sshd_config.5]
1546     sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
1547     this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
1548     ok djm@ (back in March)
1549   - jmc@cvs.openbsd.org 2012/06/19 21:35:54
1550     [sshd_config.5]
1551     tweak previous; ok markus
1552   - djm@cvs.openbsd.org 2012/06/20 04:42:58
1553     [clientloop.c serverloop.c]
1554     initialise accept() backoff timer to avoid EINVAL from select(2) in
1555     rekeying
1556
155720120519
1558 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct.  Patch
1559   from cjwatson at debian org.
1560 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
1561   pkg-config so it does the right thing when cross-compiling.  Patch from
1562   cjwatson at debian org.
1563- (dtucker) OpenBSD CVS Sync
1564   - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
1565     [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
1566     Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
1567     to match.  Feedback and ok djm@ markus@.
1568   - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
1569     [sshd_config.5]
1570     Document PermitOpen none.  bz#2001, patch from Loganaden Velvindron
1571
157220120504
1573 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
1574   to fix building on some plaforms.  Fom bowman at math utah edu and
1575   des at des no.
1576
157720120427
1578 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
1579   platform rather than exiting early, so that we still clean up and return
1580   success or failure to test-exec.sh
1581
158220120426
1583 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
1584   via Niels
1585 - (djm) [auth-krb5.c] Save errno across calls that might modify it;
1586   ok dtucker@
1587
158820120423
1589 - OpenBSD CVS Sync
1590   - djm@cvs.openbsd.org 2012/04/23 08:18:17
1591     [channels.c]
1592     fix function proto/source mismatch
1593
159420120422
1595 - OpenBSD CVS Sync
1596   - djm@cvs.openbsd.org 2012/02/29 11:21:26
1597     [ssh-keygen.c]
1598     allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
1599   - guenther@cvs.openbsd.org 2012/03/15 03:10:27
1600     [session.c]
1601     root should always be excluded from the test for /etc/nologin instead
1602     of having it always enforced even when marked as ignorenologin.  This
1603     regressed when the logic was incompletely flipped around in rev 1.251
1604     ok halex@ millert@
1605   - djm@cvs.openbsd.org 2012/03/28 07:23:22
1606     [PROTOCOL.certkeys]
1607     explain certificate extensions/crit split rationale. Mention requirement
1608     that each appear at most once per cert.
1609   - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
1610     [channels.c channels.h servconf.c]
1611     Add PermitOpen none option based on patch from Loganaden Velvindron
1612     (bz #1949).  ok djm@
1613   - djm@cvs.openbsd.org 2012/04/11 13:16:19
1614     [channels.c channels.h clientloop.c serverloop.c]
1615     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
1616     while; ok deraadt@ markus@
1617   - djm@cvs.openbsd.org 2012/04/11 13:17:54
1618     [auth.c]
1619     Support "none" as an argument for AuthorizedPrincipalsFile to indicate
1620     no file should be read.
1621   - djm@cvs.openbsd.org 2012/04/11 13:26:40
1622     [sshd.c]
1623     don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
1624     while; ok deraadt@ markus@
1625   - djm@cvs.openbsd.org 2012/04/11 13:34:17
1626     [ssh-keyscan.1 ssh-keyscan.c]
1627     now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
1628     look for them by default; bz#1971
1629   - djm@cvs.openbsd.org 2012/04/12 02:42:32
1630     [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
1631     VersionAddendum option to allow server operators to append some arbitrary
1632     text to the SSH-... banner; ok deraadt@ "don't care" markus@
1633   - djm@cvs.openbsd.org 2012/04/12 02:43:55
1634     [sshd_config sshd_config.5]
1635     mention AuthorizedPrincipalsFile=none default
1636   - djm@cvs.openbsd.org 2012/04/20 03:24:23
1637     [sftp.c]
1638     setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
1639   - jmc@cvs.openbsd.org 2012/04/20 16:26:22
1640     [ssh.1]
1641     use "brackets" instead of "braces", for consistency;
1642
164320120420
1644 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1645   [contrib/suse/openssh.spec] Update for release 6.0
1646 - (djm) [README] Update URL to release notes.
1647 - (djm) Release openssh-6.0
1648
164920120419
1650 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
1651   contains openpty() but not login()
1652
165320120404
1654 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
1655   mode for Linux's new seccomp filter; patch from Will Drewry; feedback
1656   and ok dtucker@
1657
165820120330
1659 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
1660   file from spec file.  From crighter at nuclioss com.
1661 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
1662   openssh binaries on a newer fix release than they were compiled on.
1663   with and ok dtucker@
1664 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
1665   assumptions when building on Cygwin; patch from Corinna Vinschen
1666
166720120309
1668 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
1669   systems where sshd is run in te wrong context. Patch from Sven
1670   Vermeulen; ok dtucker@
1671 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
1672   addressed connections. ok dtucker@
1673
167420120224
1675 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
1676   audit breakage in Solaris 11.  Patch from Magnus Johansson.
1677
167820120215
1679 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
1680   unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
1681   ok dtucker@
1682 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
1683   it actually works.
1684 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
1685   to work. Spotted by Angel Gonzalez
1686
168720120214
1688 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
1689   preserved Cygwin environment variables; from Corinna Vinschen
1690
169120120211
1692 - (djm) OpenBSD CVS Sync
1693   - djm@cvs.openbsd.org 2012/01/05 00:16:56
1694     [monitor.c]
1695     memleak on error path
1696   - djm@cvs.openbsd.org 2012/01/07 21:11:36
1697     [mux.c]
1698     fix double-free in new session handler
1699   - miod@cvs.openbsd.org 2012/01/08 13:17:11
1700     [ssh-ecdsa.c]
1701     Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
1702     ok markus@
1703   - miod@cvs.openbsd.org 2012/01/16 20:34:09
1704     [ssh-pkcs11-client.c]
1705     Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
1706     While there, be sure to buffer_clear() between send_msg() and recv_msg().
1707     ok markus@
1708   - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
1709     [clientloop.c]
1710     Ensure that $DISPLAY contains only valid characters before using it to
1711     extract xauth data so that it can't be used to play local shell
1712     metacharacter games.  Report from r00t_ati at ihteam.net, ok markus.
1713   - markus@cvs.openbsd.org 2012/01/25 19:26:43
1714     [packet.c]
1715     do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
1716     ok dtucker@, djm@
1717   - markus@cvs.openbsd.org 2012/01/25 19:36:31
1718     [authfile.c]
1719     memleak in key_load_file(); from Jan Klemkow
1720   - markus@cvs.openbsd.org 2012/01/25 19:40:09
1721     [packet.c packet.h]
1722     packet_read_poll() is not used anymore.
1723   - markus@cvs.openbsd.org 2012/02/09 20:00:18
1724     [version.h]
1725     move from 6.0-beta to 6.0
1726
172720120206
1728 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
1729   that don't support ECC. Patch from Phil Oleson
1730
173120111219
1732 - OpenBSD CVS Sync
1733   - djm@cvs.openbsd.org 2011/12/02 00:41:56
1734     [mux.c]
1735     fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1736     ok dtucker@
1737   - djm@cvs.openbsd.org 2011/12/02 00:43:57
1738     [mac.c]
1739     fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
1740     HMAC_init (this change in policy seems insane to me)
1741     ok dtucker@
1742   - djm@cvs.openbsd.org 2011/12/04 23:16:12
1743     [mux.c]
1744     revert:
1745     > revision 1.32
1746     > date: 2011/12/02 00:41:56;  author: djm;  state: Exp;  lines: +4 -1
1747     > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1748     > ok dtucker@
1749     it interacts badly with ControlPersist
1750   - djm@cvs.openbsd.org 2011/12/07 05:44:38
1751     [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
1752     fix some harmless and/or unreachable int overflows;
1753     reported Xi Wang, ok markus@
1754
175520111125
1756 - OpenBSD CVS Sync
1757   - oga@cvs.openbsd.org 2011/11/16 12:24:28
1758     [sftp.c]
1759     Don't leak list in complete_cmd_parse if there are no commands found.
1760     Discovered when I was ``borrowing'' this code for something else.
1761     ok djm@
1762
176320111121
1764 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE.  ok djm@
1765
176620111104
1767 - (dtucker) OpenBSD CVS Sync
1768   - djm@cvs.openbsd.org 2011/10/18 05:15:28
1769     [ssh.c]
1770     ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
1771   - djm@cvs.openbsd.org 2011/10/18 23:37:42
1772     [ssh-add.c]
1773     add -k to usage(); reminded by jmc@
1774   - djm@cvs.openbsd.org 2011/10/19 00:06:10
1775     [moduli.c]
1776     s/tmpfile/tmp/ to make this -Wshadow clean
1777   - djm@cvs.openbsd.org 2011/10/19 10:39:48
1778     [umac.c]
1779     typo in comment; patch from Michael W. Bombardieri
1780   - djm@cvs.openbsd.org 2011/10/24 02:10:46
1781     [ssh.c]
1782     bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
1783     was incorrectly requesting the forward in both the control master and
1784     slave. skip requesting it in the master to fix. ok markus@
1785   - djm@cvs.openbsd.org 2011/10/24 02:13:13
1786     [session.c]
1787     bz#1859: send tty break to pty master instead of (probably already
1788     closed) slave side; "looks good" markus@
1789   - dtucker@cvs.openbsd.org 011/11/04 00:09:39
1790     [moduli]
1791     regenerated moduli file; ok deraadt
1792 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
1793   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
1794   bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
1795   which supports DNSSEC.  Patch from Simon Vallet (svallet at genoscope cns fr)
1796   with some rework from myself and djm.  ok djm.
1797
179820111025
1799 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
1800   fails.  Patch from Corinna Vinschen.
1801
180220111018
1803 - (djm) OpenBSD CVS Sync
1804   - djm@cvs.openbsd.org 2011/10/04 14:17:32
1805     [sftp-glob.c]
1806     silence error spam for "ls */foo" in directory with files; bz#1683
1807   - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
1808     [moduli.c ssh-keygen.1 ssh-keygen.c]
1809     Add optional checkpoints for moduli screening.  feedback & ok deraadt
1810   - jmc@cvs.openbsd.org 2011/10/16 15:02:41
1811     [ssh-keygen.c]
1812     put -K in the right place (usage());
1813   - stsp@cvs.openbsd.org 2011/10/16 15:51:39
1814     [moduli.c]
1815     add missing includes to unbreak tree; fix from rpointel
1816   - djm@cvs.openbsd.org 2011/10/18 04:58:26
1817     [auth-options.c key.c]
1818     remove explict search for \0 in packet strings, this job is now done
1819     implicitly by buffer_get_cstring; ok markus
1820   - djm@cvs.openbsd.org 2011/10/18 05:00:48
1821     [ssh-add.1 ssh-add.c]
1822     new "ssh-add -k" option to load plain keys (skipping certificates);
1823     "looks ok" markus@
1824
182520111001
1826 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning.  ok djm
1827 - (dtucker) OpenBSD CVS Sync
1828   - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
1829     [channels.c auth-options.c servconf.c channels.h sshd.8]
1830     Add wildcard support to PermitOpen, allowing things like "PermitOpen
1831     localhost:*".  bz #1857, ok djm markus.
1832   - markus@cvs.openbsd.org 2011/09/23 07:45:05
1833     [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
1834     version.h]
1835     unbreak remote portforwarding with dynamic allocated listen ports:
1836     1) send the actual listen port in the open message (instead of 0).
1837        this allows multiple forwardings with a dynamic listen port
1838     2) update the matching permit-open entry, so we can identify where
1839        to connect to
1840     report: den at skbkontur.ru and P. Szczygielski
1841     feedback and ok djm@
1842   - djm@cvs.openbsd.org 2011/09/25 05:44:47
1843     [auth2-pubkey.c]
1844     improve the AuthorizedPrincipalsFile debug log message to include
1845     file and line number
1846   - dtucker@cvs.openbsd.org 2011/09/30 00:47:37
1847     [sshd.c]
1848     don't attempt privsep cleanup when not using privsep; ok markus@
1849   - djm@cvs.openbsd.org 2011/09/30 21:22:49
1850     [sshd.c]
1851     fix inverted test that caused logspam; spotted by henning@
1852
185320110929
1854 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
1855   from des AT des.no
1856 - (dtucker) [configure.ac openbsd-compat/Makefile.in
1857   openbsd-compat/strnlen.c] Add strnlen to the compat library.
1858
185920110923
1860 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
1861   longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
1862   want this longhand version)
1863 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
1864   upstream version is YPified and we don't want this
1865 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
1866   The file was totally rewritten between what we had in tree and -current.
1867 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
1868   marker. The upstream API has changed (function and structure names)
1869   enough to put it out of sync with other providers of this interface.
1870 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
1871   of static __findenv() function from upstream setenv.c
1872 - OpenBSD CVS Sync
1873   - millert@cvs.openbsd.org 2006/05/05 15:27:38
1874     [openbsd-compat/strlcpy.c]
1875     Convert do {} while loop -> while {} for clarity.  No binary change
1876     on most architectures.  From Oliver Smith.  OK deraadt@ and henning@
1877   - tobias@cvs.openbsd.org 2007/10/21 11:09:30
1878     [openbsd-compat/mktemp.c]
1879     Comment fix about time consumption of _gettemp.
1880     FreeBSD did this in revision 1.20.
1881     OK deraadt@, krw@
1882   - deraadt@cvs.openbsd.org 2008/07/22 21:47:45
1883     [openbsd-compat/mktemp.c]
1884     use arc4random_uniform(); ok djm millert
1885   - millert@cvs.openbsd.org 2008/08/21 16:54:44
1886     [openbsd-compat/mktemp.c]
1887     Remove useless code, the kernel will set errno appropriately if an
1888     element in the path does not exist.  OK deraadt@ pvalchev@
1889   - otto@cvs.openbsd.org 2008/12/09 19:38:38
1890     [openbsd-compat/inet_ntop.c]
1891     fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
1892
189320110922
1894 - OpenBSD CVS Sync
1895   - pyr@cvs.openbsd.org 2011/05/12 07:15:10
1896     [openbsd-compat/glob.c]
1897     When the max number of items for a directory has reached GLOB_LIMIT_READDIR
1898     an error is returned but closedir() is not called.
1899     spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
1900     ok otto@, millert@
1901   - stsp@cvs.openbsd.org 2011/09/20 10:18:46
1902     [glob.c]
1903     In glob(3), limit recursion during matching attempts. Similar to
1904     fnmatch fix. Also collapse consecutive '*' (from NetBSD).
1905     ok miod deraadt
1906   - djm@cvs.openbsd.org 2011/09/22 06:27:29
1907     [glob.c]
1908     fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
1909     applied only to the gl_pathv vector and not the corresponding gl_statv
1910     array. reported in OpenSSH bz#1935; feedback and okay matthew@
1911   - djm@cvs.openbsd.org 2011/08/26 01:45:15
1912     [ssh.1]
1913     Add some missing ssh_config(5) options that can be used in ssh(1)'s
1914     -o argument. Patch from duclare AT guu.fi
1915   - djm@cvs.openbsd.org 2011/09/05 05:56:13
1916     [scp.1 sftp.1]
1917     mention ControlPersist and KbdInteractiveAuthentication in the -o
1918     verbiage in these pages too (prompted by jmc@)
1919   - djm@cvs.openbsd.org 2011/09/05 05:59:08
1920     [misc.c]
1921     fix typo in IPQoS parsing: there is no "AF14" class, but there is
1922     an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1923   - jmc@cvs.openbsd.org 2011/09/05 07:01:44
1924     [scp.1]
1925     knock out a useless Ns;
1926   - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
1927     [ssh-keygen.1]
1928     typo (they vs the) found by Lawrence Teo
1929   - djm@cvs.openbsd.org 2011/09/09 00:43:00
1930     [ssh_config.5 sshd_config.5]
1931     fix typo in IPQoS parsing: there is no "AF14" class, but there is
1932     an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1933   - djm@cvs.openbsd.org 2011/09/09 00:44:07
1934     [PROTOCOL.mux]
1935     MUX_C_CLOSE_FWD includes forward type in message (though it isn't
1936     implemented anyway)
1937   - djm@cvs.openbsd.org 2011/09/09 22:37:01
1938     [scp.c]
1939     suppress adding '--' to remote commandlines when the first argument
1940     does not start with '-'. saves breakage on some difficult-to-upgrade
1941     embedded/router platforms; feedback & ok dtucker ok markus
1942   - djm@cvs.openbsd.org 2011/09/09 22:38:21
1943     [sshd.c]
1944     kill the preauth privsep child on fatal errors in the monitor;
1945     ok markus@
1946   - djm@cvs.openbsd.org 2011/09/09 22:46:44
1947     [channels.c channels.h clientloop.h mux.c ssh.c]
1948     support for cancelling local and remote port forwards via the multiplex
1949     socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
1950     the cancellation of the specified forwardings; ok markus@
1951   - markus@cvs.openbsd.org 2011/09/10 22:26:34
1952     [channels.c channels.h clientloop.c ssh.1]
1953     support cancellation of local/dynamic forwardings from ~C commandline;
1954     ok & feedback djm@
1955   - okan@cvs.openbsd.org 2011/09/11 06:59:05
1956     [ssh.1]
1957     document new -O cancel command; ok djm@
1958   - markus@cvs.openbsd.org 2011/09/11 16:07:26
1959     [sftp-client.c]
1960     fix leaks in do_hardlink() and do_readlink(); bz#1921
1961     from Loganaden Velvindron
1962   - markus@cvs.openbsd.org 2011/09/12 08:46:15
1963     [sftp-client.c]
1964     fix leak in do_lsreaddir(); ok djm
1965   - djm@cvs.openbsd.org 2011/09/22 06:29:03
1966     [sftp.c]
1967     don't let remote_glob() implicitly sort its results in do_globbed_ls() -
1968     in all likelihood, they will be resorted anyway
1969
197020110909
1971 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng.  From
1972   Colin Watson.
1973
197420110906
1975 - (djm) [README version.h] Correct version
1976 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
1977 - (djm) Respin OpenSSH-5.9p1 release
1978
197920110905
1980 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1981   [contrib/suse/openssh.spec] Update version numbers.
1982
198320110904
1984 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
1985   regress errors for the sandbox to warnings. ok tim dtucker
1986 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
1987   ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
1988   support.
1989
199020110829
1991 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
1992   to switch SELinux context away from unconfined_t, based on patch from
1993   Jan Chadima; bz#1919 ok dtucker@
1994
199520110827
1996 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
1997
199820110818
1999 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
2000
200120110817
2002 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
2003   OpenSSL 0.9.7. ok djm
2004 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
2005   binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
2006 - (djm) [configure.ac] error out if the host lacks the necessary bits for
2007   an explicitly requested sandbox type
2008 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
2009   bisson AT archlinux.org
2010 - (djm) OpenBSD CVS Sync
2011   - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
2012     [regress/cfgmatch.sh]
2013     use OBJ to find test configs, patch from Tim Rice
2014   - markus@cvs.openbsd.org 2011/06/30 22:44:43
2015     [regress/connect-privsep.sh]
2016     test with sandbox enabled; ok djm@
2017   - djm@cvs.openbsd.org 2011/08/02 01:23:41
2018     [regress/cipher-speed.sh regress/try-ciphers.sh]
2019     add SHA256/SHA512 based HMAC modes
2020 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
2021   MAC tests for platforms that hack EVP_SHA2 support
2022
202320110812
2024 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
2025   change error by reporting old and new context names  Patch from
2026   jchadima at redhat.
2027 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
2028   [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
2029   init scrips from imorgan AT nas.nasa.gov; bz#1920
2030 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
2031   identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
2032   AT gmail.com; ok dtucker@
2033
203420110807
2035 - (dtucker) OpenBSD CVS Sync
2036   - jmc@cvs.openbsd.org 2008/06/26 06:59:39
2037     [moduli.5]
2038     tweak previous;
2039   - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
2040     [moduli.5]
2041     "Diffie-Hellman" is the usual spelling for the cryptographic protocol
2042     first published by Whitfield Diffie and Martin Hellman in 1976.
2043     ok jmc@
2044   - jmc@cvs.openbsd.org 2010/10/14 20:41:28
2045     [moduli.5]
2046     probabalistic -> probabilistic; from naddy
2047   - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
2048     [sftp.1]
2049     typo, fix from Laurent Gautrot
2050
205120110805
2052 - OpenBSD CVS Sync
2053   - djm@cvs.openbsd.org 2011/06/23 23:35:42
2054     [monitor.c]
2055     ignore EINTR errors from poll()
2056   - tedu@cvs.openbsd.org 2011/07/06 18:09:21
2057     [authfd.c]
2058     bzero the agent address.  the kernel was for a while very cranky about
2059     these things.  evne though that's fixed, always good to initialize
2060     memory.  ok deraadt djm
2061   - djm@cvs.openbsd.org 2011/07/29 14:42:45
2062     [sandbox-systrace.c]
2063     fail open(2) with EPERM rather than SIGKILLing the whole process. libc
2064     will call open() to do strerror() when NLS is enabled;
2065     feedback and ok markus@
2066   - markus@cvs.openbsd.org 2011/08/01 19:18:15
2067     [gss-serv.c]
2068     prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
2069     report Adam Zabrock; ok djm@, deraadt@
2070   - djm@cvs.openbsd.org 2011/08/02 01:22:11
2071     [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2072     Add new SHA256 and SHA512 based HMAC modes from
2073     http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
2074     Patch from mdb AT juniper.net; feedback and ok markus@
2075   - djm@cvs.openbsd.org 2011/08/02 23:13:01
2076     [version.h]
2077     crank now, release later
2078   - djm@cvs.openbsd.org 2011/08/02 23:15:03
2079     [ssh.c]
2080     typo in comment
2081
208220110624
2083 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
2084   Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
2085   markus@
2086
208720110623
2088 - OpenBSD CVS Sync
2089   - djm@cvs.openbsd.org 2011/06/22 21:47:28
2090     [servconf.c]
2091     reuse the multistate option arrays to pretty-print options for "sshd -T"
2092   - djm@cvs.openbsd.org 2011/06/22 21:57:01
2093     [servconf.c servconf.h sshd.c sshd_config.5]
2094     [configure.ac Makefile.in]
2095     introduce sandboxing of the pre-auth privsep child using systrace(4).
2096
2097     This introduces a new "UsePrivilegeSeparation=sandbox" option for
2098     sshd_config that applies mandatory restrictions on the syscalls the
2099     privsep child can perform. This prevents a compromised privsep child
2100     from being used to attack other hosts (by opening sockets and proxying)
2101     or probing local kernel attack surface.
2102
2103     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
2104     mode, where a list of permitted syscalls is supplied. Any syscall not
2105     on the list results in SIGKILL being sent to the privsep child. Note
2106     that this requires a kernel with the new SYSTR_POLICY_KILL option.
2107
2108     UsePrivilegeSeparation=sandbox will become the default in the future
2109     so please start testing it now.
2110
2111     feedback dtucker@; ok markus@
2112   - djm@cvs.openbsd.org 2011/06/22 22:08:42
2113     [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
2114     hook up a channel confirm callback to warn the user then requested X11
2115     forwarding was refused by the server; ok markus@
2116   - djm@cvs.openbsd.org 2011/06/23 09:34:13
2117     [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
2118     [sandbox-null.c]
2119     rename sandbox.h => ssh-sandbox.h to make things easier for portable
2120 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
2121   setrlimit(2)
2122
212320110620
2124 - OpenBSD CVS Sync
2125   - djm@cvs.openbsd.org 2011/06/04 00:10:26
2126     [ssh_config.5]
2127     explain IdentifyFile's semantics a little better, prompted by bz#1898
2128     ok dtucker jmc
2129   - markus@cvs.openbsd.org 2011/06/14 22:49:18
2130     [authfile.c]
2131     make sure key_parse_public/private_rsa1() no longer consumes its input
2132     buffer.  fixes ssh-add for passphrase-protected ssh1-keys;
2133     noted by naddy@; ok djm@
2134   - djm@cvs.openbsd.org 2011/06/17 21:44:31
2135     [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
2136     make the pre-auth privsep slave log via a socketpair shared with the
2137     monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
2138   - djm@cvs.openbsd.org 2011/06/17 21:46:16
2139     [sftp-server.c]
2140     the protocol version should be unsigned; bz#1913 reported by mb AT
2141     smartftp.com
2142   - djm@cvs.openbsd.org 2011/06/17 21:47:35
2143     [servconf.c]
2144     factor out multi-choice option parsing into a parse_multistate label
2145     and some support structures; ok dtucker@
2146   - djm@cvs.openbsd.org 2011/06/17 21:57:25
2147     [clientloop.c]
2148     setproctitle for a mux master that has been gracefully stopped;
2149     bz#1911 from Bert.Wesarg AT googlemail.com
2150
215120110603
2152 - (dtucker) [README version.h contrib/caldera/openssh.spec
2153   contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
2154   bumps from the 5.8p2 branch into HEAD.  ok djm.
2155 - (tim) [configure.ac defines.h] Run test program to detect system mail
2156   directory. Add --with-maildir option to override. Fixed OpenServer 6
2157   getting it wrong. Fixed many systems having MAIL=/var/mail//username
2158   ok dtucker
2159 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case.  We use socketpair
2160   unconditionally in other places and the survey data we have does not show
2161   any systems that use it.  "nuke it" djm@
2162 - (djm) [configure.ac] enable setproctitle emulation for OS X
2163 - (djm) OpenBSD CVS Sync
2164   - djm@cvs.openbsd.org 2011/06/03 00:54:38
2165     [ssh.c]
2166     bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
2167     AT googlemail.com; ok dtucker@
2168     NB. includes additional portability code to enable setproctitle emulation
2169     on platforms that don't support it.
2170   - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
2171     [ssh-agent.c]
2172     Check current parent process ID against saved one to determine if the parent
2173     has exited, rather than attempting to send a zero signal, since the latter
2174     won't work if the parent has changed privs.  bz#1905, patch from Daniel Kahn
2175     Gillmor, ok djm@
2176    - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
2177     [regress/dynamic-forward.sh]
2178     back out revs 1.6 and 1.5 since it's not reliable
2179   - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
2180     [regress/dynamic-forward.sh]
2181     work around startup and teardown races; caught by deraadt
2182   - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
2183     [regress/dynamic-forward.sh]
2184     Retry establishing the port forwarding after a small delay, should make
2185     the tests less flaky when the previous test is slow to shut down and free
2186     up the port.
2187 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
2188
218920110529
2190 - (djm) OpenBSD CVS Sync
2191   - djm@cvs.openbsd.org 2011/05/23 03:30:07
2192     [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
2193     [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
2194     allow AuthorizedKeysFile to specify multiple files, separated by spaces.
2195     Bring back authorized_keys2 as a default search path (to avoid breaking
2196     existing users of this file), but override this in sshd_config so it will
2197     be no longer used on fresh installs. Maybe in 2015 we can remove it
2198     entierly :)
2199
2200     feedback and ok markus@ dtucker@
2201   - djm@cvs.openbsd.org 2011/05/23 03:33:38
2202     [auth.c]
2203     make secure_filename() spam debug logs less
2204   - djm@cvs.openbsd.org 2011/05/23 03:52:55
2205     [sshconnect.c]
2206     remove extra newline
2207   - jmc@cvs.openbsd.org 2011/05/23 07:10:21
2208     [sshd.8 sshd_config.5]
2209     tweak previous; ok djm
2210   - djm@cvs.openbsd.org 2011/05/23 07:24:57
2211     [authfile.c]
2212     read in key comments for v.2 keys (though note that these are not
2213     passed over the agent protocol); bz#439, based on patch from binder
2214     AT arago.de; ok markus@
2215   - djm@cvs.openbsd.org 2011/05/24 07:15:47
2216     [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
2217     Remove undocumented legacy options UserKnownHostsFile2 and
2218     GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
2219     accept multiple paths per line and making their defaults include
2220     known_hosts2; ok markus
2221   - djm@cvs.openbsd.org 2011/05/23 03:31:31
2222     [regress/cfgmatch.sh]
2223     include testing of multiple/overridden AuthorizedKeysFiles
2224     refactor to simply daemon start/stop and get rid of racy constructs
2225
222620110520
2227 - (djm) [session.c] call setexeccon() before executing passwd for pw
2228   changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
2229 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
2230   options, we should corresponding -W-option when trying to determine
2231   whether it is accepted.  Also includes a warning fix on the program
2232   fragment uses (bad main() return type).
2233   bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
2234 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
2235 - OpenBSD CVS Sync
2236   - djm@cvs.openbsd.org 2011/05/15 08:09:01
2237     [authfd.c monitor.c serverloop.c]
2238     use FD_CLOEXEC consistently; patch from zion AT x96.org
2239   - djm@cvs.openbsd.org 2011/05/17 07:13:31
2240     [key.c]
2241     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
2242     and fix the regress test that was trying to generate them :)
2243   - djm@cvs.openbsd.org 2011/05/20 00:55:02
2244     [servconf.c]
2245     the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
2246     and AuthorizedPrincipalsFile were not being correctly applied in
2247     Match blocks, despite being overridable there; ok dtucker@
2248   - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
2249     [servconf.c]
2250     Add comment documenting what should be after the preauth check.  ok djm
2251   - djm@cvs.openbsd.org 2011/05/20 03:25:45
2252     [monitor.c monitor_wrap.c servconf.c servconf.h]
2253     use a macro to define which string options to copy between configs
2254     for Match. This avoids problems caused by forgetting to keep three
2255     code locations in perfect sync and ordering
2256
2257     "this is at once beautiful and horrible" + ok dtucker@
2258   - djm@cvs.openbsd.org 2011/05/17 07:13:31
2259     [regress/cert-userkey.sh]
2260     fatal() if asked to generate a legacy ECDSA cert (these don't exist)
2261     and fix the regress test that was trying to generate them :)
2262   - djm@cvs.openbsd.org 2011/05/20 02:43:36
2263     [cert-hostkey.sh]
2264     another attempt to generate a v00 ECDSA key that broke the test
2265     ID sync only - portable already had this somehow
2266   - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
2267     [dynamic-forward.sh]
2268     Prevent races in dynamic forwarding test; ok djm
2269   - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
2270     [dynamic-forward.sh]
2271     fix dumb error in dynamic-forward test
2272
227320110515
2274 - (djm) OpenBSD CVS Sync
2275   - djm@cvs.openbsd.org 2011/05/05 05:12:08
2276     [mux.c]
2277     gracefully fall back when ControlPath is too large for a
2278     sockaddr_un. ok markus@ as part of a larger diff
2279   - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
2280     [sshd_config]
2281     clarify language about overriding defaults.  bz#1892, from Petr Cerny
2282   - djm@cvs.openbsd.org 2011/05/06 01:09:53
2283     [sftp.1]
2284     mention that IPv6 addresses must be enclosed in square brackets;
2285     bz#1845
2286   - djm@cvs.openbsd.org 2011/05/06 02:05:41
2287     [sshconnect2.c]
2288     fix memory leak; bz#1849 ok dtucker@
2289   - djm@cvs.openbsd.org 2011/05/06 21:14:05
2290     [packet.c packet.h]
2291     set traffic class for IPv6 traffic as we do for IPv4 TOS;
2292     patch from lionel AT mamane.lu via Colin Watson in bz#1855;
2293     ok markus@
2294   - djm@cvs.openbsd.org 2011/05/06 21:18:02
2295     [ssh.c ssh_config.5]
2296     add a %L expansion (short-form of the local host name) for ControlPath;
2297     sync some more expansions with LocalCommand; ok markus@
2298   - djm@cvs.openbsd.org 2011/05/06 21:31:38
2299     [readconf.c ssh_config.5]
2300     support negated Host matching, e.g.
2301
2302     Host *.example.org !c.example.org
2303        User mekmitasdigoat
2304
2305     Will match "a.example.org", "b.example.org", but not "c.example.org"
2306     ok markus@
2307   - djm@cvs.openbsd.org 2011/05/06 21:34:32
2308     [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
2309     Add a RequestTTY ssh_config option to allow configuration-based
2310     control over tty allocation (like -t/-T); ok markus@
2311   - djm@cvs.openbsd.org 2011/05/06 21:38:58
2312     [ssh.c]
2313     fix dropping from previous diff
2314   - djm@cvs.openbsd.org 2011/05/06 22:20:10
2315     [PROTOCOL.mux]
2316     fix numbering; from bert.wesarg AT googlemail.com
2317   - jmc@cvs.openbsd.org 2011/05/07 23:19:39
2318     [ssh_config.5]
2319     - tweak previous
2320     - come consistency fixes
2321     ok djm
2322   - jmc@cvs.openbsd.org 2011/05/07 23:20:25
2323     [ssh.1]
2324     +.It RequestTTY
2325   - djm@cvs.openbsd.org 2011/05/08 12:52:01
2326     [PROTOCOL.mux clientloop.c clientloop.h mux.c]
2327     improve our behaviour when TTY allocation fails: if we are in
2328     RequestTTY=auto mode (the default), then do not treat at TTY
2329     allocation error as fatal but rather just restore the local TTY
2330     to cooked mode and continue. This is more graceful on devices that
2331     never allocate TTYs.
2332
2333     If RequestTTY is set to "yes" or "force", then failure to allocate
2334     a TTY is fatal.
2335
2336     ok markus@
2337   - djm@cvs.openbsd.org 2011/05/10 05:46:46
2338     [authfile.c]
2339     despam debug() logs by detecting that we are trying to load a private key
2340     in key_try_load_public() and returning early; ok markus@
2341   - djm@cvs.openbsd.org 2011/05/11 04:47:06
2342     [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
2343     remove support for authorized_keys2; it is a relic from the early days
2344     of protocol v.2 support and has been undocumented for many years;
2345     ok markus@
2346   - djm@cvs.openbsd.org 2011/05/13 00:05:36
2347     [authfile.c]
2348     warn on unexpected key type in key_parse_private_type()
2349 - (djm) [packet.c] unbreak portability #endif
2350
235120110510
2352 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
2353   --with-ssl-engine which was broken with the change from deprecated
2354   SSLeay_add_all_algorithms().  ok djm
2355
235620110506
2357 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
2358   for closefrom() in test code.  Report from Dan Wallis via Gentoo.
2359
236020110505
2361 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
2362   definitions. From des AT des.no
2363 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
2364   [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
2365   [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
2366   [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
2367   [regress/README.regress] Remove ssh-rand-helper and all its
2368   tentacles. PRNGd seeding has been rolled into entropy.c directly.
2369   Thanks to tim@ for testing on affected platforms.
2370 - OpenBSD CVS Sync
2371   - djm@cvs.openbsd.org 2011/03/10 02:52:57
2372     [auth2-gss.c auth2.c auth.h]
2373     allow GSSAPI authentication to detect when a server-side failure causes
2374     authentication failure and don't count such failures against MaxAuthTries;
2375     bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
2376   - okan@cvs.openbsd.org 2011/03/15 10:36:02
2377     [ssh-keyscan.c]
2378     use timerclear macro
2379     ok djm@
2380   - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
2381     [ssh-keygen.1 ssh-keygen.c]
2382     Add -A option.  For each of the key types (rsa1, rsa, dsa and ecdsa)
2383     for which host keys do not exist, generate the host keys with the
2384     default key file path, an empty passphrase, default bits for the key
2385     type, and default comment.  This will be used by /etc/rc to generate
2386     new host keys.  Idea from deraadt.
2387     ok deraadt
2388   - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
2389     [ssh-keygen.1]
2390     -q not used in /etc/rc now so remove statement.
2391   - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
2392     [ssh-keygen.c]
2393     remove -d, documentation removed >10 years ago; ok markus
2394   - jmc@cvs.openbsd.org 2011/03/24 15:29:30
2395     [ssh-keygen.1]
2396     zap trailing whitespace;
2397   - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
2398     [ssh-keygen.c]
2399     use strcasecmp() for "clear" cert permission option also; ok djm
2400   - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
2401     [misc.c misc.h servconf.c]
2402     print ipqos friendly string for sshd -T; ok markus
2403     # sshd -Tf sshd_config|grep ipqos
2404     ipqos lowdelay throughput
2405   - djm@cvs.openbsd.org 2011/04/12 04:23:50
2406     [ssh-keygen.c]
2407     fix -Wshadow
2408   - djm@cvs.openbsd.org 2011/04/12 05:32:49
2409     [sshd.c]
2410     exit with 0 status on SIGTERM; bz#1879
2411   - djm@cvs.openbsd.org 2011/04/13 04:02:48
2412     [ssh-keygen.1]
2413     improve wording; bz#1861
2414   - djm@cvs.openbsd.org 2011/04/13 04:09:37
2415     [ssh-keygen.1]
2416     mention valid -b sizes for ECDSA keys; bz#1862
2417   - djm@cvs.openbsd.org 2011/04/17 22:42:42
2418     [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
2419     allow graceful shutdown of multiplexing: request that a mux server
2420     removes its listener socket and refuse future multiplexing requests;
2421     ok markus@
2422   - djm@cvs.openbsd.org 2011/04/18 00:46:05
2423     [ssh-keygen.c]
2424     certificate options are supposed to be packed in lexical order of
2425     option name (though we don't actually enforce this at present).
2426     Move one up that was out of sequence
2427   - djm@cvs.openbsd.org 2011/05/04 21:15:29
2428     [authfile.c authfile.h ssh-add.c]
2429     allow "ssh-add - < key"; feedback and ok markus@
2430 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
2431   so autoreconf 2.68 is happy.
2432 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
2433
243420110221
2435 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
2436   Cygwin-specific service installer script ssh-host-config.  The actual
2437   functionality is the same, the revisited version is just more
2438   exact when it comes to check for problems which disallow to run
2439   certain aspects of the script.  So, part of this script and the also
2440   rearranged service helper script library "csih" is to check if all
2441   the tools required to run the script are available on the system.
2442   The new script also is more thorough to inform the user why the
2443   script failed.  Patch from vinschen at redhat com.
2444
244520110218
2446 - OpenBSD CVS Sync
2447   - djm@cvs.openbsd.org 2011/02/16 00:31:14
2448     [ssh-keysign.c]
2449     make hostbased auth with ECDSA keys work correctly. Based on patch
2450     by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
2451
245220110206
2453 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
2454   selinux code.  Patch from Leonardo Chiquitto
2455 - (dtucker) [contrib/cygwin/ssh-{host,user}-config]  Add ECDSA key
2456   generation and simplify.  Patch from Corinna Vinschen.
2457
245820110204
2459 - OpenBSD CVS Sync
2460   - djm@cvs.openbsd.org 2011/01/31 21:42:15
2461     [PROTOCOL.mux]
2462     cut'n'pasto; from bert.wesarg AT googlemail.com
2463   - djm@cvs.openbsd.org 2011/02/04 00:44:21
2464     [key.c]
2465     fix uninitialised nonce variable; reported by Mateusz Kocielski
2466   - djm@cvs.openbsd.org 2011/02/04 00:44:43
2467     [version.h]
2468     openssh-5.8
2469 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2470   [contrib/suse/openssh.spec] update versions in docs and spec files.
2471 - Release OpenSSH 5.8p1
2472
247320110128
2474 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
2475   before attempting setfscreatecon(). Check whether matchpathcon()
2476   succeeded before using its result. Patch from cjwatson AT debian.org;
2477   bz#1851
2478
247920110127
2480 - (tim) [config.guess config.sub] Sync with upstream.
2481 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
2482   AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
2483   AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
2484   space changes for consistency/readability. Makes autoconf 2.68 happy.
2485   "Nice work" djm
2486
248720110125
2488 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
2489   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
2490   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
2491   building with SELinux support to avoid linking failure; report from
2492   amk AT spamfence.net; ok dtucker
2493
249420110122
2495 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
2496   RSA_get_default_method() for the benefit of openssl versions that don't
2497   have it (at least openssl-engine-0.9.6b).  Found and tested by Kevin Brott,
2498   ok djm@.
2499 - OpenBSD CVS Sync
2500   - djm@cvs.openbsd.org 2011/01/22 09:18:53
2501     [version.h]
2502     crank to OpenSSH-5.7
2503 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2504   [contrib/suse/openssh.spec] update versions in docs and spec files.
2505 - (djm) Release 5.7p1
2506
250720110119
2508 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
2509   of RPM so build completes. Signatures were changed to .asc since 4.1p1.
2510 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
2511   0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
2512   release testing (random crashes and failure to load ECC keys).
2513   ok dtucker@
2514
251520110117
2516 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
2517   $PATH, fix cleanup of droppings; reported by openssh AT
2518   roumenpetrov.info; ok dtucker@
2519 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
2520   its unique snowflake of a gdb error to the ones we look for.
2521 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
2522   ssh-add to avoid $SUDO failures on Linux
2523 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
2524   Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
2525   to the old values.  Feedback from vapier at gentoo org and djm, ok djm.
2526 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
2527   [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
2528   disabled on platforms that do not support them; add a "config_defined()"
2529   shell function that greps for defines in config.h and use them to decide
2530   on feature tests.
2531   Convert a couple of existing grep's over config.h to use the new function
2532   Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
2533   backslash characters in filenames, enable it for Cygwin and use it to turn
2534   of tests for quotes backslashes in sftp-glob.sh.
2535   based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
2536 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
2537 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
2538   the tinderbox.
2539 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
2540   configure.ac defines.h loginrec.c]  Bug #1402: add linux audit subsystem
2541   support, based on patches from Tomas Mraz and jchadima at redhat.
2542
254320110116
2544 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
2545   on configurations that don't have it.
2546 - OpenBSD CVS Sync
2547   - djm@cvs.openbsd.org 2011/01/16 11:50:05
2548     [clientloop.c]
2549     Use atomicio when flushing protocol 1 std{out,err} buffers at
2550     session close. This was a latent bug exposed by setting a SIGCHLD
2551     handler and spotted by kevin.brott AT gmail.com; ok dtucker@
2552   - djm@cvs.openbsd.org 2011/01/16 11:50:36
2553     [sshconnect.c]
2554     reset the SIGPIPE handler when forking to execute child processes;
2555     ok dtucker@
2556   - djm@cvs.openbsd.org 2011/01/16 12:05:59
2557     [clientloop.c]
2558     a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
2559     now that we use atomicio(), convert them from while loops to if statements
2560     add test and cast to compile cleanly with -Wsigned
2561
256220110114
2563 - OpenBSD CVS Sync
2564   - djm@cvs.openbsd.org 2011/01/13 21:54:53
2565     [mux.c]
2566     correct error messages; patch from bert.wesarg AT googlemail.com
2567   - djm@cvs.openbsd.org 2011/01/13 21:55:25
2568     [PROTOCOL.mux]
2569     correct protocol names and add a couple of missing protocol number
2570     defines; patch from bert.wesarg AT googlemail.com
2571 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
2572   host-key-force target rather than a substitution that is replaced with a
2573   comment so that the Makefile.in is still a syntactically valid Makefile
2574   (useful to run the distprep target)
2575 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
2576 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
2577   ecdsa bits.
2578
257920110113
2580 - (djm) [misc.c] include time.h for nanosleep() prototype
2581 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
2582 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
2583   ecdsa keys. ok djm.
2584 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
2585   gcc warning on platforms where it defaults to int
2586 - (djm) [regress/Makefile] add a few more generated files to the clean
2587   target
2588 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
2589   #define that was causing diffie-hellman-group-exchange-sha256 to be
2590   incorrectly disabled
2591 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
2592   should not depend on ECC support
2593
259420110112
2595 - OpenBSD CVS Sync
2596   - nicm@cvs.openbsd.org 2010/10/08 21:48:42
2597     [openbsd-compat/glob.c]
2598     Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
2599     from ARG_MAX to 64K.
2600     Fixes glob-using programs (notably ftp) able to be triggered to hit
2601     resource limits.
2602     Idea from a similar NetBSD change, original problem reported by jasper@.
2603     ok millert tedu jasper
2604   - djm@cvs.openbsd.org 2011/01/12 01:53:14
2605     avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
2606     and sanity check arguments (these will be unnecessary when we switch
2607     struct glob members from being type into to size_t in the future);
2608     "looks ok" tedu@ feedback guenther@
2609 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
2610   silly warnings on write() calls we don't care succeed or not.
2611 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
2612   flag tests that don't depend on gcc version at all; suggested by and
2613   ok dtucker@
2614
261520110111
2616 - (tim) [regress/host-expand.sh] Fix for building outside of read only
2617   source tree.
2618 - (djm) [platform.c] Some missing includes that show up under -Werror
2619 - OpenBSD CVS Sync
2620   - djm@cvs.openbsd.org 2011/01/08 10:51:51
2621     [clientloop.c]
2622     use host and not options.hostname, as the latter may have unescaped
2623     substitution characters
2624   - djm@cvs.openbsd.org 2011/01/11 06:06:09
2625     [sshlogin.c]
2626     fd leak on error paths; from zinovik@
2627     NB. Id sync only; we use loginrec.c that was also audited and fixed
2628     recently
2629   - djm@cvs.openbsd.org 2011/01/11 06:13:10
2630     [clientloop.c ssh-keygen.c sshd.c]
2631     some unsigned long long casts that make things a bit easier for
2632     portable without resorting to dropping PRIu64 formats everywhere
2633
263420110109
2635 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
2636   openssh AT roumenpetrov.info
2637
263820110108
2639 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
2640   test on OSX and others. Reported by imorgan AT nas.nasa.gov
2641
264220110107
2643 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
2644   for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2645   - djm@cvs.openbsd.org 2011/01/06 22:23:53
2646     [ssh.c]
2647     unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
2648     googlemail.com; ok markus@
2649   - djm@cvs.openbsd.org 2011/01/06 22:23:02
2650     [clientloop.c]
2651     when exiting due to ServerAliveTimeout, mention the hostname that caused
2652     it (useful with backgrounded controlmaster)
2653   - djm@cvs.openbsd.org 2011/01/06 22:46:21
2654     [regress/Makefile regress/host-expand.sh]
2655     regress test for LocalCommand %n expansion from bert.wesarg AT
2656     googlemail.com; ok markus@
2657   - djm@cvs.openbsd.org 2011/01/06 23:01:35
2658     [sshconnect.c]
2659     reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
2660     ok markus@
2661
266220110106
2663 - (djm) OpenBSD CVS Sync
2664   - markus@cvs.openbsd.org 2010/12/08 22:46:03
2665     [scp.1 scp.c]
2666     add a new -3 option to scp: Copies between two remote hosts are
2667     transferred through the local host.  Without this option the data
2668     is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
2669   - jmc@cvs.openbsd.org 2010/12/09 14:13:33
2670     [scp.1 scp.c]
2671     scp.1: grammer fix
2672     scp.c: add -3 to usage()
2673   - markus@cvs.openbsd.org 2010/12/14 11:59:06
2674     [sshconnect.c]
2675     don't mention key type in key-changed-warning, since we also print
2676     this warning if a new key type appears. ok djm@
2677   - djm@cvs.openbsd.org 2010/12/15 00:49:27
2678     [readpass.c]
2679     fix ControlMaster=ask regression
2680     reset SIGCHLD handler before fork (and restore it after) so we don't miss
2681     the the askpass child's exit status. Correct test for exit status/signal to
2682     account for waitpid() failure; with claudio@ ok claudio@ markus@
2683   - djm@cvs.openbsd.org 2010/12/24 21:41:48
2684     [auth-options.c]
2685     don't send the actual forced command in a debug message; ok markus deraadt
2686   - otto@cvs.openbsd.org 2011/01/04 20:44:13
2687     [ssh-keyscan.c]
2688     handle ecdsa-sha2 with various key lengths; hint and ok djm@
2689
269020110104
2691 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
2692   formatter if it is present, followed by nroff and groff respectively.
2693   Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
2694   in favour of mandoc). feedback and ok tim
2695
269620110103
2697 - (djm) [Makefile.in] revert local hack I didn't intend to commit
2698
269920110102
2700 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2701 - (djm) [configure.ac] Check whether libdes is needed when building
2702   with Heimdal krb5 support. On OpenBSD this library no longer exists,
2703   so linking it unconditionally causes a build failure; ok dtucker
2704
270520101226
2706 - (dtucker) OpenBSD CVS Sync
2707   - djm@cvs.openbsd.org 2010/12/08 04:02:47
2708     [ssh_config.5 sshd_config.5]
2709     explain that IPQoS arguments are separated by whitespace; iirc requested
2710     by jmc@ a while back
2711
271220101205
2713 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
2714   debugging.  Spotted by djm.
2715 - (dtucker) OpenBSD CVS Sync
2716   - djm@cvs.openbsd.org 2010/12/03 23:49:26
2717     [schnorr.c]
2718     check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
2719     (this code is still disabled, but apprently people are treating it as
2720     a reference implementation)
2721   - djm@cvs.openbsd.org 2010/12/03 23:55:27
2722     [auth-rsa.c]
2723     move check for revoked keys to run earlier (in auth_rsa_key_allowed)
2724     bz#1829; patch from ldv AT altlinux.org; ok markus@
2725   - djm@cvs.openbsd.org 2010/12/04 00:18:01
2726     [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
2727     add a protocol extension to support a hard link operation. It is
2728     available through the "ln" command in the client. The old "ln"
2729     behaviour of creating a symlink is available using its "-s" option
2730     or through the preexisting "symlink" command; based on a patch from
2731     miklos AT szeredi.hu in bz#1555; ok markus@
2732   - djm@cvs.openbsd.org 2010/12/04 13:31:37
2733     [hostfile.c]
2734     fix fd leak; spotted and ok dtucker
2735   - djm@cvs.openbsd.org 2010/12/04 00:21:19
2736     [regress/sftp-cmds.sh]
2737     adjust for hard-link support
2738 - (dtucker) [regress/Makefile] Id sync.
2739
274020101204
2741 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
2742   instead of (arc4random() % range)
2743 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}]  Add
2744   shims for the new, non-deprecated OpenSSL key generation functions for
2745   platforms that don't have the new interfaces.
2746
274720101201
2748 - OpenBSD CVS Sync
2749   - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
2750     [auth2-pubkey.c]
2751     clean up cases of ;;
2752   - djm@cvs.openbsd.org 2010/11/21 01:01:13
2753     [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
2754     honour $TMPDIR for client xauth and ssh-agent temporary directories;
2755     feedback and ok markus@
2756   - djm@cvs.openbsd.org 2010/11/21 10:57:07
2757     [authfile.c]
2758     Refactor internals of private key loading and saving to work on memory
2759     buffers rather than directly on files. This will make a few things
2760     easier to do in the future; ok markus@
2761   - djm@cvs.openbsd.org 2010/11/23 02:35:50
2762     [auth.c]
2763     use strict_modes already passed as function argument over referencing
2764     global options.strict_modes
2765   - djm@cvs.openbsd.org 2010/11/23 23:57:24
2766     [clientloop.c]
2767     avoid NULL deref on receiving a channel request on an unknown or invalid
2768     channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2769   - djm@cvs.openbsd.org 2010/11/24 01:24:14
2770     [channels.c]
2771     remove a debug() that pollutes stderr on client connecting to a server
2772     in debug mode (channel_close_fds is called transitively from the session
2773     code post-fork); bz#1719, ok dtucker
2774   - djm@cvs.openbsd.org 2010/11/25 04:10:09
2775     [session.c]
2776     replace close() loop for fds 3->64 with closefrom();
2777     ok markus deraadt dtucker
2778   - djm@cvs.openbsd.org 2010/11/26 05:52:49
2779     [scp.c]
2780     Pass through ssh command-line flags and options when doing remote-remote
2781     transfers, e.g. to enable agent forwarding which is particularly useful
2782     in this case; bz#1837 ok dtucker@
2783   - markus@cvs.openbsd.org 2010/11/29 18:57:04
2784     [authfile.c]
2785     correctly load comment for encrypted rsa1 keys;
2786     report/fix Joachim Schipper; ok djm@
2787   - djm@cvs.openbsd.org 2010/11/29 23:45:51
2788     [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
2789     [sshconnect.h sshconnect2.c]
2790     automatically order the hostkeys requested by the client based on
2791     which hostkeys are already recorded in known_hosts. This avoids
2792     hostkey warnings when connecting to servers with new ECDSA keys
2793     that are preferred by default; with markus@
2794
279520101124
2796 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
2797   into the platform-specific code  Only affects SCO, tested by and ok tim@.
2798 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
2799   group read/write. ok dtucker@
2800 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2801 - (djm) [defines.h] Add IP DSCP defines
2802
280320101122
2804 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
2805   from vapier at gentoo org.
2806
280720101120
2808 - OpenBSD CVS Sync
2809   - djm@cvs.openbsd.org 2010/11/05 02:46:47
2810     [packet.c]
2811     whitespace KNF
2812   - djm@cvs.openbsd.org 2010/11/10 01:33:07
2813     [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
2814     use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
2815     these have been around for years by this time. ok markus
2816   - djm@cvs.openbsd.org 2010/11/13 23:27:51
2817     [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
2818     [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
2819     allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
2820     hardcoding lowdelay/throughput.
2821
2822     bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2823   - jmc@cvs.openbsd.org 2010/11/15 07:40:14
2824     [ssh_config.5]
2825     libary -> library;
2826   - jmc@cvs.openbsd.org 2010/11/18 15:01:00
2827     [scp.1 sftp.1 ssh.1 sshd_config.5]
2828     add IPQoS to the various -o lists, and zap some trailing whitespace;
2829
283020101111
2831 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
2832   platforms that don't support ECC. Fixes some spurious warnings reported
2833   by tim@
2834
283520101109
2836 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
2837   Feedback from dtucker@
2838 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
2839   support for platforms missing isblank(). ok djm@
2840
284120101108
2842 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
2843   tree.
2844 - (tim) [regress/kextype.sh] Shell portability fix.
2845
284620101107
2847 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
2848   the correct typedefs.
2849
285020101105
2851 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
2852   int. Should fix bz#1817 cleanly; ok dtucker@
2853 - OpenBSD CVS Sync
2854   - djm@cvs.openbsd.org 2010/09/22 12:26:05
2855     [regress/Makefile regress/kextype.sh]
2856     regress test for each of the key exchange algorithms that we support
2857   - djm@cvs.openbsd.org 2010/10/28 11:22:09
2858     [authfile.c key.c key.h ssh-keygen.c]
2859     fix a possible NULL deref on loading a corrupt ECDH key
2860
2861     store ECDH group information in private keys files as "named groups"
2862     rather than as a set of explicit group parameters (by setting
2863     the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
2864     retrieves the group's OpenSSL NID that we need for various things.
2865   - jmc@cvs.openbsd.org 2010/10/28 18:33:28
2866     [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2867     knock out some "-*- nroff -*-" lines;
2868   - djm@cvs.openbsd.org 2010/11/04 02:45:34
2869     [sftp-server.c]
2870     umask should be parsed as octal. reported by candland AT xmission.com;
2871     ok markus@
2872 - (dtucker) [configure.ac platform.{c,h} session.c
2873   openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
2874   Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
2875   ok djm@
2876 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
2877   after the user's groups are established and move the selinux calls into it.
2878 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
2879   platform.c
2880 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2881 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
2882   retain previous behavior.
2883 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
2884   the LOGIN_CAP case into platform.c.
2885 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
2886   platform.c
2887 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
2888 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
2889   platform.c.
2890 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
2891   non-LOGIN_CAP case into platform.c.
2892 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
2893   check into platform.c
2894 - (dtucker) [regress/keytype.sh] Import new test.
2895 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
2896   Import recent changes to regress/Makefile, pass a flag to enable ECC tests
2897   from configure through to regress/Makefile and use it in the tests.
2898 - (dtucker) [regress/kextype.sh] Add missing "test".
2899 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC.  This is not
2900   strictly correct since while ECC requires sha256 the reverse is not true
2901   however it does prevent spurious test failures.
2902 - (dtucker) [platform.c] Need servconf.h and extern options.
2903
290420101025
2905 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
2906   1.12 to unbreak Solaris build.
2907   ok djm@
2908 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
2909   native one.
2910
291120101024
2912 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
2913 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
2914   which don't have ECC support in libcrypto.
2915 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
2916   which don't have ECC support in libcrypto.
2917 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
2918   have it.
2919 - (dtucker) OpenBSD CVS Sync
2920   - sthen@cvs.openbsd.org 2010/10/23 22:06:12
2921     [sftp.c]
2922     escape '[' in filename tab-completion; fix a type while there.
2923     ok djm@
2924
292520101021
2926 - OpenBSD CVS Sync
2927   - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
2928     [mux.c]
2929     Typo in confirmation message.  bz#1827, patch from imorgan at
2930     nas nasa gov
2931   - djm@cvs.openbsd.org 2010/08/31 12:24:09
2932     [regress/cert-hostkey.sh regress/cert-userkey.sh]
2933     tests for ECDSA certificates
2934
293520101011
2936 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
2937   bz#1825, reported by foo AT mailinator.com
2938 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
2939
294020101011
2941 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
2942   dr AT vasco.com
2943
294420101007
2945 - (djm) [ssh-agent.c] Fix type for curve name.
2946 - (djm) OpenBSD CVS Sync
2947   - matthew@cvs.openbsd.org 2010/09/24 13:33:00
2948     [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
2949     [openbsd-compat/timingsafe_bcmp.c]
2950     Add timingsafe_bcmp(3) to libc, mention that it's already in the
2951     kernel in kern(9), and remove it from OpenSSH.
2952     ok deraadt@, djm@
2953     NB. re-added under openbsd-compat/ for portable OpenSSH
2954   - djm@cvs.openbsd.org 2010/09/25 09:30:16
2955     [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
2956     make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
2957     rountrips to fetch per-file stat(2) information.
2958     NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
2959     match.
2960   - djm@cvs.openbsd.org 2010/09/26 22:26:33
2961     [sftp.c]
2962     when performing an "ls" in columnated (short) mode, only call
2963     ioctl(TIOCGWINSZ) once to get the window width instead of per-
2964     filename
2965   - djm@cvs.openbsd.org 2010/09/30 11:04:51
2966     [servconf.c]
2967     prevent free() of string in .rodata when overriding AuthorizedKeys in
2968     a Match block; patch from rein AT basefarm.no
2969   - djm@cvs.openbsd.org 2010/10/01 23:05:32
2970     [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
2971     adapt to API changes in openssl-1.0.0a
2972     NB. contains compat code to select correct API for older OpenSSL
2973   - djm@cvs.openbsd.org 2010/10/05 05:13:18
2974     [sftp.c sshconnect.c]
2975     use default shell /bin/sh if $SHELL is ""; ok markus@
2976   - djm@cvs.openbsd.org 2010/10/06 06:39:28
2977     [clientloop.c ssh.c sshconnect.c sshconnect.h]
2978     kill proxy command on fatal() (we already kill it on clean exit);
2979     ok markus@
2980   - djm@cvs.openbsd.org 2010/10/06 21:10:21
2981     [sshconnect.c]
2982     swapped args to kill(2)
2983 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
2984 - (djm) [cipher-acss.c] Add missing header.
2985 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2986
298720100924
2988 - (djm) OpenBSD CVS Sync
2989   - naddy@cvs.openbsd.org 2010/09/10 15:19:29
2990     [ssh-keygen.1]
2991     * mention ECDSA in more places
2992     * less repetition in FILES section
2993     * SSHv1 keys are still encrypted with 3DES
2994     help and ok jmc@
2995   - djm@cvs.openbsd.org 2010/09/11 21:44:20
2996     [ssh.1]
2997     mention RFC 5656 for ECC stuff
2998   - jmc@cvs.openbsd.org 2010/09/19 21:30:05
2999     [sftp.1]
3000     more wacky macro fixing;
3001   - djm@cvs.openbsd.org 2010/09/20 04:41:47
3002     [ssh.c]
3003     install a SIGCHLD handler to reap expiried child process; ok markus@
3004   - djm@cvs.openbsd.org 2010/09/20 04:50:53
3005     [jpake.c schnorr.c]
3006     check that received values are smaller than the group size in the
3007     disabled and unfinished J-PAKE code.
3008     avoids catastrophic security failure found by Sebastien Martini
3009   - djm@cvs.openbsd.org 2010/09/20 04:54:07
3010     [jpake.c]
3011     missing #include
3012   - djm@cvs.openbsd.org 2010/09/20 07:19:27
3013     [mux.c]
3014     "atomically" create the listening mux socket by binding it on a temorary
3015     name and then linking it into position after listen() has succeeded.
3016     this allows the mux clients to determine that the server socket is
3017     either ready or stale without races. stale server sockets are now
3018     automatically removed
3019     ok deraadt
3020   - djm@cvs.openbsd.org 2010/09/22 05:01:30
3021     [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
3022     [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
3023     add a KexAlgorithms knob to the client and server configuration to allow
3024     selection of which key exchange methods are used by ssh(1) and sshd(8)
3025     and their order of preference.
3026     ok markus@
3027   - jmc@cvs.openbsd.org 2010/09/22 08:30:08
3028     [ssh.1 ssh_config.5]
3029     ssh.1: add kexalgorithms to the -o list
3030     ssh_config.5: format the kexalgorithms in a more consistent
3031     (prettier!) way
3032     ok djm
3033   - djm@cvs.openbsd.org 2010/09/22 22:58:51
3034     [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
3035     [sftp-client.h sftp.1 sftp.c]
3036     add an option per-read/write callback to atomicio
3037
3038     factor out bandwidth limiting code from scp(1) into a generic bandwidth
3039     limiter that can be attached using the atomicio callback mechanism
3040
3041     add a bandwidth limit option to sftp(1) using the above
3042     "very nice" markus@
3043   - jmc@cvs.openbsd.org 2010/09/23 13:34:43
3044     [sftp.c]
3045     add [-l limit] to usage();
3046   - jmc@cvs.openbsd.org 2010/09/23 13:36:46
3047     [scp.1 sftp.1]
3048     add KexAlgorithms to the -o list;
3049
305020100910
3051 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
3052   return code since it can apparently return -1 under some conditions.  From
3053   openssh bugs werbittewas de, ok djm@
3054 - OpenBSD CVS Sync
3055   - djm@cvs.openbsd.org 2010/08/31 12:33:38
3056     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
3057     reintroduce commit from tedu@, which I pulled out for release
3058     engineering:
3059       OpenSSL_add_all_algorithms is the name of the function we have a
3060       man page for, so use that.  ok djm
3061   - jmc@cvs.openbsd.org 2010/08/31 17:40:54
3062     [ssh-agent.1]
3063     fix some macro abuse;
3064   - jmc@cvs.openbsd.org 2010/08/31 21:14:58
3065     [ssh.1]
3066     small text tweak to accommodate previous;
3067   - naddy@cvs.openbsd.org 2010/09/01 15:21:35
3068     [servconf.c]
3069     pick up ECDSA host key by default; ok djm@
3070   - markus@cvs.openbsd.org 2010/09/02 16:07:25
3071     [ssh-keygen.c]
3072     permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
3073   - markus@cvs.openbsd.org 2010/09/02 16:08:39
3074     [ssh.c]
3075     unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
3076   - naddy@cvs.openbsd.org 2010/09/02 17:21:50
3077     [ssh-keygen.c]
3078     Switch ECDSA default key size to 256 bits, which according to RFC5656
3079     should still be better than our current RSA-2048 default.
3080     ok djm@, markus@
3081   - jmc@cvs.openbsd.org 2010/09/03 11:09:29
3082     [scp.1]
3083     add an EXIT STATUS section for /usr/bin;
3084   - jmc@cvs.openbsd.org 2010/09/04 09:38:34
3085     [ssh-add.1 ssh.1]
3086     two more EXIT STATUS sections;
3087   - naddy@cvs.openbsd.org 2010/09/06 17:10:19
3088     [sshd_config]
3089     add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
3090     <mattieu.b@gmail.com>
3091     ok deraadt@
3092   - djm@cvs.openbsd.org 2010/09/08 03:54:36
3093     [authfile.c]
3094     typo
3095   - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
3096     [compress.c]
3097     work around name-space collisions some buggy compilers (looking at you
3098     gcc, at least in earlier versions, but this does not forgive your current
3099     transgressions) seen between zlib and openssl
3100     ok djm
3101   - djm@cvs.openbsd.org 2010/09/09 10:45:45
3102     [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
3103     ECDH/ECDSA compliance fix: these methods vary the hash function they use
3104     (SHA256/384/512) depending on the length of the curve in use. The previous
3105     code incorrectly used SHA256 in all cases.
3106
3107     This fix will cause authentication failure when using 384 or 521-bit curve
3108     keys if one peer hasn't been upgraded and the other has. (256-bit curve
3109     keys work ok). In particular you may need to specify HostkeyAlgorithms
3110     when connecting to a server that has not been upgraded from an upgraded
3111     client.
3112
3113     ok naddy@
3114 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
3115   [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
3116   [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
3117   platforms that don't have the requisite OpenSSL support. ok dtucker@
3118 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
3119   for missing headers and compiler warnings.
3120
312120100831
3122 - OpenBSD CVS Sync
3123   - jmc@cvs.openbsd.org 2010/08/08 19:36:30
3124     [ssh-keysign.8 ssh.1 sshd.8]
3125     use the same template for all FILES sections; i.e. -compact/.Pp where we
3126     have multiple items, and .Pa for path names;
3127   - tedu@cvs.openbsd.org 2010/08/12 23:34:39
3128     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
3129     OpenSSL_add_all_algorithms is the name of the function we have a man page
3130     for, so use that.  ok djm
3131   - djm@cvs.openbsd.org 2010/08/16 04:06:06
3132     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
3133     backout previous temporarily; discussed with deraadt@
3134   - djm@cvs.openbsd.org 2010/08/31 09:58:37
3135     [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
3136     [packet.h ssh-dss.c ssh-rsa.c]
3137     Add buffer_get_cstring() and related functions that verify that the
3138     string extracted from the buffer contains no embedded \0 characters*
3139     This prevents random (possibly malicious) crap from being appended to
3140     strings where it would not be noticed if the string is used with
3141     a string(3) function.
3142
3143     Use the new API in a few sensitive places.
3144
3145     * actually, we allow a single one at the end of the string for now because
3146     we don't know how many deployed implementations get this wrong, but don't
3147     count on this to remain indefinitely.
3148   - djm@cvs.openbsd.org 2010/08/31 11:54:45
3149     [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
3150     [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
3151     [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
3152     [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
3153     [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
3154     [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
3155     [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
3156     Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
3157     host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
3158     better performance than plain DH and DSA at the same equivalent symmetric
3159     key length, as well as much shorter keys.
3160
3161     Only the mandatory sections of RFC5656 are implemented, specifically the
3162     three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
3163     ECDSA. Point compression (optional in RFC5656 is NOT implemented).
3164
3165     Certificate host and user keys using the new ECDSA key types are supported.
3166
3167     Note that this code has not been tested for interoperability and may be
3168     subject to change.
3169
3170     feedback and ok markus@
3171 - (djm) [Makefile.in] Add new ECC files
3172 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
3173   includes.h
3174
317520100827
3176 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
3177   remove.  Patch from martynas at venck us
3178
317920100823
3180 - (djm) Release OpenSSH-5.6p1
3181
318220100816
3183 - (dtucker) [configure.ac openbsd-compat/Makefile.in
3184   openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
3185   the compat library which helps on platforms like old IRIX.  Based on work
3186   by djm, tested by Tom Christensen.
3187 - OpenBSD CVS Sync
3188   - djm@cvs.openbsd.org 2010/08/12 21:49:44
3189     [ssh.c]
3190     close any extra file descriptors inherited from parent at start and
3191     reopen stdin/stdout to /dev/null when forking for ControlPersist.
3192
3193     prevents tools that fork and run a captive ssh for communication from
3194     failing to exit when the ssh completes while they wait for these fds to
3195     close. The inherited fds may persist arbitrarily long if a background
3196     mux master has been started by ControlPersist. cvs and scp were effected
3197     by this.
3198
3199     "please commit" markus@
3200 - (djm) [regress/README.regress] typo
3201
320220100812
3203 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
3204   regress/test-exec.sh] Under certain conditions when testing with sudo
3205   tests would fail because the pidfile could not be read by a regular user.
3206   "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
3207   Make sure cat is run by $SUDO.  no objection from me. djm@
3208 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
3209
321020100809
3211 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
3212   already set. Makes FreeBSD user openable tunnels useful; patch from
3213   richard.burakowski+ossh AT mrburak.net, ok dtucker@
3214 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
3215   based in part on a patch from Colin Watson, ok djm@
3216
321720100809
3218 - OpenBSD CVS Sync
3219   - djm@cvs.openbsd.org 2010/08/08 16:26:42
3220     [version.h]
3221     crank to 5.6
3222 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3223   [contrib/suse/openssh.spec] Crank version numbers
3224
322520100805
3226 - OpenBSD CVS Sync
3227   - djm@cvs.openbsd.org 2010/08/04 05:37:01
3228     [ssh.1 ssh_config.5 sshd.8]
3229     Remove mentions of weird "addr/port" alternate address format for IPv6
3230     addresses combinations. It hasn't worked for ages and we have supported
3231     the more commen "[addr]:port" format for a long time. ok jmc@ markus@
3232   - djm@cvs.openbsd.org 2010/08/04 05:40:39
3233     [PROTOCOL.certkeys ssh-keygen.c]
3234     tighten the rules for certificate encoding by requiring that options
3235     appear in lexical order and make our ssh-keygen comply. ok markus@
3236   - djm@cvs.openbsd.org 2010/08/04 05:42:47
3237     [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
3238     [ssh-keysign.c ssh.c]
3239     enable certificates for hostbased authentication, from Iain Morgan;
3240     "looks ok" markus@
3241   - djm@cvs.openbsd.org 2010/08/04 05:49:22
3242     [authfile.c]
3243     commited the wrong version of the hostbased certificate diff; this
3244     version replaces some strlc{py,at} verbosity with xasprintf() at
3245     the request of markus@
3246   - djm@cvs.openbsd.org 2010/08/04 06:07:11
3247     [ssh-keygen.1 ssh-keygen.c]
3248     Support CA keys in PKCS#11 tokens; feedback and ok markus@
3249   - djm@cvs.openbsd.org 2010/08/04 06:08:40
3250     [ssh-keysign.c]
3251     clean for -Wuninitialized (Id sync only; portable had this change)
3252   - djm@cvs.openbsd.org 2010/08/05 13:08:42
3253     [channels.c]
3254     Fix a trio of bugs in the local/remote window calculation for datagram
3255     data channels (i.e. TunnelForward):
3256
3257     Calculate local_consumed correctly in channel_handle_wfd() by measuring
3258     the delta to buffer_len(c->output) from when we start to when we finish.
3259     The proximal problem here is that the output_filter we use in portable
3260     modified the length of the dequeued datagram (to futz with the headers
3261     for !OpenBSD).
3262
3263     In channel_output_poll(), don't enqueue datagrams that won't fit in the
3264     peer's advertised packet size (highly unlikely to ever occur) or which
3265     won't fit in the peer's remaining window (more likely).
3266
3267     In channel_input_data(), account for the 4-byte string header in
3268     datagram packets that we accept from the peer and enqueue in c->output.
3269
3270     report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
3271     "looks good" markus@
3272
327320100803
3274 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
3275   PAM to sane values in case the PAM method doesn't write to them.  Spotted by
3276   Bitman Zhou, ok djm@.
3277 - OpenBSD CVS Sync
3278   - djm@cvs.openbsd.org 2010/07/16 04:45:30
3279     [ssh-keygen.c]
3280     avoid bogus compiler warning
3281   - djm@cvs.openbsd.org 2010/07/16 14:07:35
3282     [ssh-rsa.c]
3283     more timing paranoia - compare all parts of the expected decrypted
3284     data before returning. AFAIK not exploitable in the SSH protocol.
3285     "groovy" deraadt@
3286   - djm@cvs.openbsd.org 2010/07/19 03:16:33
3287     [sftp-client.c]
3288     bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
3289     upload depth checks and causing verbose printing of transfers to always
3290     be turned on; patch from imorgan AT nas.nasa.gov
3291   - djm@cvs.openbsd.org 2010/07/19 09:15:12
3292     [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
3293     add a "ControlPersist" option that automatically starts a background
3294     ssh(1) multiplex master when connecting. This connection can stay alive
3295     indefinitely, or can be set to automatically close after a user-specified
3296     duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
3297     further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
3298     martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
3299   - djm@cvs.openbsd.org 2010/07/21 02:10:58
3300     [misc.c]
3301     sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
3302   - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
3303     [ssh.1]
3304     Ciphers is documented in ssh_config(5) these days
3305
330620100819
3307 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
3308   details about its behaviour WRT existing directories.  Patch from
3309   asguthrie at gmail com, ok djm.
3310
331120100716
3312 - (djm) OpenBSD CVS Sync
3313   - djm@cvs.openbsd.org 2010/07/02 04:32:44
3314     [misc.c]
3315     unbreak strdelim() skipping past quoted strings, e.g.
3316     AllowUsers "blah blah" blah
3317     was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
3318     ok dtucker;
3319   - djm@cvs.openbsd.org 2010/07/12 22:38:52
3320     [ssh.c]
3321     Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
3322     for protocol 2. ok markus@
3323   - djm@cvs.openbsd.org 2010/07/12 22:41:13
3324     [ssh.c ssh_config.5]
3325     expand %h to the hostname in ssh_config Hostname options. While this
3326     sounds useless, it is actually handy for working with unqualified
3327     hostnames:
3328
3329     Host *.*
3330        Hostname %h
3331     Host *
3332        Hostname %h.example.org
3333
3334     "I like it" markus@
3335   - djm@cvs.openbsd.org 2010/07/13 11:52:06
3336     [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
3337     [packet.c ssh-rsa.c]
3338     implement a timing_safe_cmp() function to compare memory without leaking
3339     timing information by short-circuiting like memcmp() and use it for
3340     some of the more sensitive comparisons (though nothing high-value was
3341     readily attackable anyway); "looks ok" markus@
3342   - djm@cvs.openbsd.org 2010/07/13 23:13:16
3343     [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
3344     [ssh-rsa.c]
3345     s/timing_safe_cmp/timingsafe_bcmp/g
3346   - jmc@cvs.openbsd.org 2010/07/14 17:06:58
3347     [ssh.1]
3348     finally ssh synopsis looks nice again! this commit just removes a ton of
3349     hacks we had in place to make it work with old groff;
3350   - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
3351     [ssh-keygen.1]
3352     repair incorrect block nesting, which screwed up indentation;
3353     problem reported and fix OK by jmc@
3354
335520100714
3356 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
3357   (line 77) should have been for no_x11_askpass.
3358
335920100702
3360 - (djm) OpenBSD CVS Sync
3361   - jmc@cvs.openbsd.org 2010/06/26 00:57:07
3362     [ssh_config.5]
3363     tweak previous;
3364   - djm@cvs.openbsd.org 2010/06/26 23:04:04
3365     [ssh.c]
3366     oops, forgot to #include <canohost.h>; spotted and patch from chl@
3367   - djm@cvs.openbsd.org 2010/06/29 23:15:30
3368     [ssh-keygen.1 ssh-keygen.c]
3369     allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
3370     bz#1749; ok markus@
3371   - djm@cvs.openbsd.org 2010/06/29 23:16:46
3372     [auth2-pubkey.c sshd_config.5]
3373     allow key options (command="..." and friends) in AuthorizedPrincipals;
3374     ok markus@
3375   - jmc@cvs.openbsd.org 2010/06/30 07:24:25
3376     [ssh-keygen.1]
3377     tweak previous;
3378   - jmc@cvs.openbsd.org 2010/06/30 07:26:03
3379     [ssh-keygen.c]
3380     sort usage();
3381   - jmc@cvs.openbsd.org 2010/06/30 07:28:34
3382     [sshd_config.5]
3383     tweak previous;
3384   - millert@cvs.openbsd.org 2010/07/01 13:06:59
3385     [scp.c]
3386     Fix a longstanding problem where if you suspend scp at the
3387     password/passphrase prompt the terminal mode is not restored.
3388     OK djm@
3389   - phessler@cvs.openbsd.org 2010/06/27 19:19:56
3390     [regress/Makefile]
3391     fix how we run the tests so we can successfully use SUDO='sudo -E'
3392     in our env
3393   - djm@cvs.openbsd.org 2010/06/29 23:59:54
3394     [cert-userkey.sh]
3395     regress tests for key options in AuthorizedPrincipals
3396
339720100627
3398 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
3399   key.h.
3400
340120100626
3402 - (djm) OpenBSD CVS Sync
3403   - djm@cvs.openbsd.org 2010/05/21 05:00:36
3404     [misc.c]
3405     colon() returns char*, so s/return (0)/return NULL/
3406   - markus@cvs.openbsd.org 2010/06/08 21:32:19
3407     [ssh-pkcs11.c]
3408     check length of value returned  C_GetAttributValue for != 0
3409     from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
3410   - djm@cvs.openbsd.org 2010/06/17 07:07:30
3411     [mux.c]
3412     Correct sizing of object to be allocated by calloc(), replacing
3413     sizeof(state) with sizeof(*state). This worked by accident since
3414     the struct contained a single int at present, but could have broken
3415     in the future. patch from hyc AT symas.com
3416   - djm@cvs.openbsd.org 2010/06/18 00:58:39
3417     [sftp.c]
3418     unbreak ls in working directories that contains globbing characters in
3419     their pathnames. bz#1655 reported by vgiffin AT apple.com
3420   - djm@cvs.openbsd.org 2010/06/18 03:16:03
3421     [session.c]
3422     Missing check for chroot_director == "none" (we already checked against
3423     NULL); bz#1564 from Jan.Pechanec AT Sun.COM
3424   - djm@cvs.openbsd.org 2010/06/18 04:43:08
3425     [sftp-client.c]
3426     fix memory leak in do_realpath() error path; bz#1771, patch from
3427     anicka AT suse.cz
3428   - djm@cvs.openbsd.org 2010/06/22 04:22:59
3429     [servconf.c sshd_config.5]
3430     expose some more sshd_config options inside Match blocks:
3431       AuthorizedKeysFile AuthorizedPrincipalsFile
3432       HostbasedUsesNameFromPacketOnly PermitTunnel
3433     bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
3434   - djm@cvs.openbsd.org 2010/06/22 04:32:06
3435     [ssh-keygen.c]
3436     standardise error messages when attempting to open private key
3437     files to include "progname: filename: error reason"
3438     bz#1783; ok dtucker@
3439   - djm@cvs.openbsd.org 2010/06/22 04:49:47
3440     [auth.c]
3441     queue auth debug messages for bad ownership or permissions on the user's
3442     keyfiles. These messages will be sent after the user has successfully
3443     authenticated (where our client will display them with LogLevel=debug).
3444     bz#1554; ok dtucker@
3445   - djm@cvs.openbsd.org 2010/06/22 04:54:30
3446     [ssh-keyscan.c]
3447     replace verbose and overflow-prone Linebuf code with read_keyfile_line()
3448     based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
3449   - djm@cvs.openbsd.org 2010/06/22 04:59:12
3450     [session.c]
3451     include the user name on "subsystem request for ..." log messages;
3452     bz#1571; ok dtucker@
3453   - djm@cvs.openbsd.org 2010/06/23 02:59:02
3454     [ssh-keygen.c]
3455     fix printing of extensions in v01 certificates that I broke in r1.190
3456   - djm@cvs.openbsd.org 2010/06/25 07:14:46
3457     [channels.c mux.c readconf.c readconf.h ssh.h]
3458     bz#1327: remove hardcoded limit of 100 permitopen clauses and port
3459     forwards per direction; ok markus@ stevesk@
3460   - djm@cvs.openbsd.org 2010/06/25 07:20:04
3461     [channels.c session.c]
3462     bz#1750: fix requirement for /dev/null inside ChrootDirectory for
3463     internal-sftp accidentally introduced in r1.253 by removing the code
3464     that opens and dup /dev/null to stderr and modifying the channels code
3465     to read stderr but discard it instead; ok markus@
3466   - djm@cvs.openbsd.org 2010/06/25 08:46:17
3467     [auth1.c auth2-none.c]
3468     skip the initial check for access with an empty password when
3469     PermitEmptyPasswords=no; bz#1638; ok markus@
3470   - djm@cvs.openbsd.org 2010/06/25 23:10:30
3471     [ssh.c]
3472     log the hostname and address that we connected to at LogLevel=verbose
3473     after authentication is successful to mitigate "phishing" attacks by
3474     servers with trusted keys that accept authentication silently and
3475     automatically before presenting fake password/passphrase prompts;
3476     "nice!" markus@
3477   - djm@cvs.openbsd.org 2010/06/25 23:10:30
3478     [ssh.c]
3479     log the hostname and address that we connected to at LogLevel=verbose
3480     after authentication is successful to mitigate "phishing" attacks by
3481     servers with trusted keys that accept authentication silently and
3482     automatically before presenting fake password/passphrase prompts;
3483     "nice!" markus@
3484
348520100622
3486 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
3487   bz#1579; ok dtucker
3488
348920100618
3490 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
3491   rather than assuming that $CWD == $HOME. bz#1500, patch from
3492   timothy AT gelter.com
3493
349420100617
3495 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
3496   minires-devel package, and to add the reference to the libedit-devel
3497   package since CYgwin now provides libedit. Patch from Corinna Vinschen.
3498
349920100521
3500 - (djm) OpenBSD CVS Sync
3501   - djm@cvs.openbsd.org 2010/05/07 11:31:26
3502     [regress/Makefile regress/cert-userkey.sh]
3503     regress tests for AuthorizedPrincipalsFile and "principals=" key option.
3504     feedback and ok markus@
3505   - djm@cvs.openbsd.org 2010/05/11 02:58:04
3506     [auth-rsa.c]
3507     don't accept certificates marked as "cert-authority" here; ok markus@
3508   - djm@cvs.openbsd.org 2010/05/14 00:47:22
3509     [ssh-add.c]
3510     check that the certificate matches the corresponding private key before
3511     grafting it on
3512   - djm@cvs.openbsd.org 2010/05/14 23:29:23
3513     [channels.c channels.h mux.c ssh.c]
3514     Pause the mux channel while waiting for reply from aynch callbacks.
3515     Prevents misordering of replies if new requests arrive while waiting.
3516
3517     Extend channel open confirm callback to allow signalling failure
3518     conditions as well as success. Use this to 1) fix a memory leak, 2)
3519     start using the above pause mechanism and 3) delay sending a success/
3520     failure message on mux slave session open until we receive a reply from
3521     the server.
3522
3523     motivated by and with feedback from markus@
3524   - markus@cvs.openbsd.org 2010/05/16 12:55:51
3525     [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
3526     mux support for remote forwarding with dynamic port allocation,
3527     use with
3528        LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
3529     feedback and ok djm@
3530   - djm@cvs.openbsd.org 2010/05/20 11:25:26
3531     [auth2-pubkey.c]
3532     fix logspam when key options (from="..." especially) deny non-matching
3533     keys; reported by henning@ also bz#1765; ok markus@ dtucker@
3534   - djm@cvs.openbsd.org 2010/05/20 23:46:02
3535     [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
3536     Move the permit-* options to the non-critical "extensions" field for v01
3537     certificates. The logic is that if another implementation fails to
3538     implement them then the connection just loses features rather than fails
3539     outright.
3540
3541     ok markus@
3542
354320100511
3544 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
3545   circular dependency problem on old or odd platforms.  From Tom Lane, ok
3546   djm@.
3547 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
3548   libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
3549   already. ok dtucker@
3550
355120100510
3552 - OpenBSD CVS Sync
3553   - djm@cvs.openbsd.org 2010/04/23 01:47:41
3554     [ssh-keygen.c]
3555     bz#1740: display a more helpful error message when $HOME is
3556     inaccessible while trying to create .ssh directory. Based on patch
3557     from jchadima AT redhat.com; ok dtucker@
3558   - djm@cvs.openbsd.org 2010/04/23 22:27:38
3559     [mux.c]
3560     set "detach_close" flag when registering channel cleanup callbacks.
3561     This causes the channel to close normally when its fds close and
3562     hangs when terminating a mux slave using ~. bz#1758; ok markus@
3563   - djm@cvs.openbsd.org 2010/04/23 22:42:05
3564     [session.c]
3565     set stderr to /dev/null for subsystems rather than just closing it.
3566     avoids hangs if a subsystem or shell initialisation writes to stderr.
3567     bz#1750; ok markus@
3568   - djm@cvs.openbsd.org 2010/04/23 22:48:31
3569     [ssh-keygen.c]
3570     refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
3571     since we would refuse to use them anyway. bz#1516; ok dtucker@
3572   - djm@cvs.openbsd.org 2010/04/26 22:28:24
3573     [sshconnect2.c]
3574     bz#1502: authctxt.success is declared as an int, but passed by
3575     reference to function that accepts sig_atomic_t*. Convert it to
3576     the latter; ok markus@ dtucker@
3577   - djm@cvs.openbsd.org 2010/05/01 02:50:50
3578     [PROTOCOL.certkeys]
3579     typo; jmeltzer@
3580   - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
3581     [sftp.c]
3582     restore mput and mget which got lost in the tab-completion changes.
3583     found by Kenneth Whitaker, ok djm@
3584   - djm@cvs.openbsd.org 2010/05/07 11:30:30
3585     [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
3586     [key.c servconf.c servconf.h sshd.8 sshd_config.5]
3587     add some optional indirection to matching of principal names listed
3588     in certificates. Currently, a certificate must include the a user's name
3589     to be accepted for authentication. This change adds the ability to
3590     specify a list of certificate principal names that are acceptable.
3591
3592     When authenticating using a CA trusted through ~/.ssh/authorized_keys,
3593     this adds a new principals="name1[,name2,...]" key option.
3594
3595     For CAs listed through sshd_config's TrustedCAKeys option, a new config
3596     option "AuthorizedPrincipalsFile" specifies a per-user file containing
3597     the list of acceptable names.
3598
3599     If either option is absent, the current behaviour of requiring the
3600     username to appear in principals continues to apply.
3601
3602     These options are useful for role accounts, disjoint account namespaces
3603     and "user@realm"-style naming policies in certificates.
3604
3605     feedback and ok markus@
3606   - jmc@cvs.openbsd.org 2010/05/07 12:49:17
3607     [sshd_config.5]
3608     tweak previous;
3609
361020100423
3611 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
3612   in the openssl install directory (some newer openssl versions do this on at
3613   least some amd64 platforms).
3614
361520100418
3616 - OpenBSD CVS Sync
3617   - jmc@cvs.openbsd.org 2010/04/16 06:45:01
3618     [ssh_config.5]
3619     tweak previous; ok djm
3620   - jmc@cvs.openbsd.org 2010/04/16 06:47:04
3621     [ssh-keygen.1 ssh-keygen.c]
3622     tweak previous; ok djm
3623   - djm@cvs.openbsd.org 2010/04/16 21:14:27
3624     [sshconnect.c]
3625     oops, %r => remote username, not %u
3626   - djm@cvs.openbsd.org 2010/04/16 01:58:45
3627     [regress/cert-hostkey.sh regress/cert-userkey.sh]
3628     regression tests for v01 certificate format
3629     includes interop tests for v00 certs
3630 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
3631   file.
3632
363320100416
3634 - (djm) Release openssh-5.5p1
3635 - OpenBSD CVS Sync
3636   - djm@cvs.openbsd.org 2010/03/26 03:13:17
3637     [bufaux.c]
3638     allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
3639     argument to allow skipping past values in a buffer
3640   - jmc@cvs.openbsd.org 2010/03/26 06:54:36
3641     [ssh.1]
3642     tweak previous;
3643   - jmc@cvs.openbsd.org 2010/03/27 14:26:55
3644     [ssh_config.5]
3645     tweak previous; ok dtucker
3646   - djm@cvs.openbsd.org 2010/04/10 00:00:16
3647     [ssh.c]
3648     bz#1746 - suppress spurious tty warning when using -O and stdin
3649     is not a tty; ok dtucker@ markus@
3650   - djm@cvs.openbsd.org 2010/04/10 00:04:30
3651     [sshconnect.c]
3652     fix terminology: we didn't find a certificate in known_hosts, we found
3653     a CA key
3654   - djm@cvs.openbsd.org 2010/04/10 02:08:44
3655     [clientloop.c]
3656     bz#1698: kill channel when pty allocation requests fail. Fixed
3657     stuck client if the server refuses pty allocation.
3658     ok dtucker@ "think so" markus@
3659   - djm@cvs.openbsd.org 2010/04/10 02:10:56
3660     [sshconnect2.c]
3661     show the key type that we are offering in debug(), helps distinguish
3662     between certs and plain keys as the path to the private key is usually
3663     the same.
3664   - djm@cvs.openbsd.org 2010/04/10 05:48:16
3665     [mux.c]
3666     fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
3667   - djm@cvs.openbsd.org 2010/04/14 22:27:42
3668     [ssh_config.5 sshconnect.c]
3669     expand %r => remote username in ssh_config:ProxyCommand;
3670     ok deraadt markus
3671   - markus@cvs.openbsd.org 2010/04/15 20:32:55
3672     [ssh-pkcs11.c]
3673     retry lookup for private key if there's no matching key with CKA_SIGN
3674     attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
3675     ok djm@
3676   - djm@cvs.openbsd.org 2010/04/16 01:47:26
3677     [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
3678     [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
3679     [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
3680     [sshconnect.c sshconnect2.c sshd.c]
3681     revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
3682     following changes:
3683
3684     move the nonce field to the beginning of the certificate where it can
3685     better protect against chosen-prefix attacks on the signature hash
3686
3687     Rename "constraints" field to "critical options"
3688
3689     Add a new non-critical "extensions" field
3690
3691     Add a serial number
3692
3693     The older format is still support for authentication and cert generation
3694     (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
3695
3696     ok markus@
3697