summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-03-20 00:32:39 +0000
committerColin Watson <cjwatson@debian.org>2014-03-20 00:34:16 +0000
commit2ee2de47fd0f684f54218d31b4ec83930e69c18e (patch)
tree86848a7668424b392d48791a0e41e05f9df7b62b /ChangeLog
parentc9947303ad3c432b1cadfbeb1d95a7cd38662d66 (diff)
parent9cbb60f5e4932634db04c330c88abc49cc5567bd (diff)
Merge 6.6p1.
* New upstream release (http://www.openssh.com/txt/release-6.6).
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog222
1 files changed, 222 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index c0dab651b..38de846ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,224 @@
120140313
2 - (djm) Release OpenSSH 6.6
3
420140304
5 - OpenBSD CVS Sync
6 - djm@cvs.openbsd.org 2014/03/03 22:22:30
7 [session.c]
8 ignore enviornment variables with embedded '=' or '\0' characters;
9 spotted by Jann Horn; ok deraadt@
10
1120140301
12 - (djm) [regress/Makefile] Disable dhgex regress test; it breaks when
13 no moduli file exists at the expected location.
14
1520140228
16 - OpenBSD CVS Sync
17 - djm@cvs.openbsd.org 2014/02/27 00:41:49
18 [bufbn.c]
19 fix unsigned overflow that could lead to reading a short ssh protocol
20 1 bignum value; found by Ben Hawkes; ok deraadt@
21 - djm@cvs.openbsd.org 2014/02/27 08:25:09
22 [bufbn.c]
23 off by one in range check
24 - djm@cvs.openbsd.org 2014/02/27 22:47:07
25 [sshd_config.5]
26 bz#2184 clarify behaviour of a keyword that appears in multiple
27 matching Match blocks; ok dtucker@
28 - djm@cvs.openbsd.org 2014/02/27 22:57:40
29 [version.h]
30 openssh-6.6
31 - dtucker@cvs.openbsd.org 2014/01/19 23:43:02
32 [regress/sftp-chroot.sh]
33 Don't use -q on sftp as it suppresses logging, instead redirect the
34 output to the regress logfile.
35 - dtucker@cvs.openbsd.org 2014/01/20 00:00:30
36 [sregress/ftp-chroot.sh]
37 append to rather than truncating the log file
38 - dtucker@cvs.openbsd.org 2014/01/25 04:35:32
39 [regress/Makefile regress/dhgex.sh]
40 Add a test for DH GEX sizes
41 - djm@cvs.openbsd.org 2014/01/26 10:22:10
42 [regress/cert-hostkey.sh]
43 automatically generate revoked keys from listed keys rather than
44 manually specifying each type; from portable
45 (Id sync only)
46 - djm@cvs.openbsd.org 2014/01/26 10:49:17
47 [scp-ssh-wrapper.sh scp.sh]
48 make sure $SCP is tested on the remote end rather than whichever one
49 happens to be in $PATH; from portable
50 (Id sync only)
51 - djm@cvs.openbsd.org 2014/02/27 20:04:16
52 [login-timeout.sh]
53 remove any existing LoginGraceTime from sshd_config before adding
54 a specific one for the test back in
55 - djm@cvs.openbsd.org 2014/02/27 21:21:25
56 [agent-ptrace.sh agent.sh]
57 keep return values that are printed in error messages;
58 from portable
59 (Id sync only)
60 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
61 [contrib/suse/openssh.spec] Crank version numbers
62 - (djm) [regress/host-expand.sh] Add RCS Id
63
6420140227
65 - OpenBSD CVS Sync
66 - djm@cvs.openbsd.org 2014/02/26 20:18:37
67 [ssh.c]
68 bz#2205: avoid early hostname lookups unless canonicalisation is enabled;
69 ok dtucker@ markus@
70 - djm@cvs.openbsd.org 2014/02/26 20:28:44
71 [auth2-gss.c gss-serv.c ssh-gss.h sshd.c]
72 bz#2107 - cache OIDs of supported GSSAPI mechanisms before privsep
73 sandboxing, as running this code in the sandbox can cause violations;
74 ok markus@
75 - djm@cvs.openbsd.org 2014/02/26 20:29:29
76 [channels.c]
77 don't assume that the socks4 username is \0 terminated;
78 spotted by Ben Hawkes; ok markus@
79 - markus@cvs.openbsd.org 2014/02/26 21:53:37
80 [sshd.c]
81 ssh_gssapi_prepare_supported_oids needs GSSAPI
82
8320140224
84 - OpenBSD CVS Sync
85 - djm@cvs.openbsd.org 2014/02/07 06:55:54
86 [cipher.c mac.c]
87 remove some logging that makes ssh debugging output very verbose;
88 ok markus
89 - djm@cvs.openbsd.org 2014/02/15 23:05:36
90 [channels.c]
91 avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W;
92 bz#2200, debian#738692 via Colin Watson; ok dtucker@
93 - djm@cvs.openbsd.org 2014/02/22 01:32:19
94 [readconf.c]
95 when processing Match blocks, skip 'exec' clauses if previous predicates
96 failed to match; ok markus@
97 - djm@cvs.openbsd.org 2014/02/23 20:03:42
98 [ssh-ed25519.c]
99 check for unsigned overflow; not reachable in OpenSSH but others might
100 copy our code...
101 - djm@cvs.openbsd.org 2014/02/23 20:11:36
102 [readconf.c readconf.h ssh.c ssh_config.5]
103 reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes
104 the hostname. This allows users to write configurations that always
105 refer to canonical hostnames, e.g.
106
107 CanonicalizeHostname yes
108 CanonicalDomains int.example.org example.org
109 CanonicalizeFallbackLocal no
110
111 Host *.int.example.org
112 Compression off
113 Host *.example.org
114 User djm
115
116 ok markus@
117
11820140213
119 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat
120 code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
121
12220140207
123 - OpenBSD CVS Sync
124 - naddy@cvs.openbsd.org 2014/02/05 20:13:25
125 [ssh-keygen.1 ssh-keygen.c]
126 tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
127 while here, fix ordering in usage(); requested by jmc@
128 - djm@cvs.openbsd.org 2014/02/06 22:21:01
129 [sshconnect.c]
130 in ssh_create_socket(), only do the getaddrinfo for BindAddress when
131 BindAddress is actually specified. Fixes regression in 6.5 for
132 UsePrivilegedPort=yes; patch from Corinna Vinschen
133
13420140206
135 - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
136 before freeing since free(NULL) is a no-op. ok djm.
137 - (djm) [sandbox-seccomp-filter.c] Not all Linux architectures define
138 __NR_shutdown; some go via the socketcall(2) multiplexer.
139
14020140205
141 - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
142 headers/libc but not supported by the kernel. Patch from Loganaden
143 Velvindron @ AfriNIC
144
14520140204
146 - OpenBSD CVS Sync
147 - markus@cvs.openbsd.org 2014/01/27 18:58:14
148 [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
149 replace openssl HMAC with an implementation based on our ssh_digest_*
150 ok and feedback djm@
151 - markus@cvs.openbsd.org 2014/01/27 19:18:54
152 [auth-rsa.c cipher.c ssh-agent.c sshconnect1.c sshd.c]
153 replace openssl MD5 with our ssh_digest_*; ok djm@
154 - markus@cvs.openbsd.org 2014/01/27 20:13:46
155 [digest.c digest-openssl.c digest-libc.c Makefile.in]
156 rename digest.c to digest-openssl.c and add libc variant; ok djm@
157 - jmc@cvs.openbsd.org 2014/01/28 14:13:39
158 [ssh-keyscan.1]
159 kill some bad Pa;
160 From: Jan Stary
161 - djm@cvs.openbsd.org 2014/01/29 00:19:26
162 [sshd.c]
163 use kill(0, ...) instead of killpg(0, ...); on most operating systems
164 they are equivalent, but SUSv2 describes the latter as having undefined
165 behaviour; from portable; ok dtucker
166 (Id sync only; change is already in portable)
167 - djm@cvs.openbsd.org 2014/01/29 06:18:35
168 [Makefile.in auth.h auth2-jpake.c auth2.c jpake.c jpake.h monitor.c]
169 [monitor.h monitor_wrap.c monitor_wrap.h readconf.c readconf.h]
170 [schnorr.c schnorr.h servconf.c servconf.h ssh2.h sshconnect2.c]
171 remove experimental, never-enabled JPAKE code; ok markus@
172 - jmc@cvs.openbsd.org 2014/01/29 14:04:51
173 [sshd_config.5]
174 document kbdinteractiveauthentication;
175 requested From: Ross L Richardson
176
177 dtucker/markus helped explain its workings;
178 - djm@cvs.openbsd.org 2014/01/30 22:26:14
179 [sandbox-systrace.c]
180 allow shutdown(2) syscall in sandbox - it may be called by packet_close()
181 from portable
182 (Id sync only; change is already in portable)
183 - tedu@cvs.openbsd.org 2014/01/31 16:39:19
184 [auth2-chall.c authfd.c authfile.c bufaux.c bufec.c canohost.c]
185 [channels.c cipher-chachapoly.c clientloop.c configure.ac hostfile.c]
186 [kexc25519.c krl.c monitor.c sandbox-systrace.c session.c]
187 [sftp-client.c ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]
188 [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]
189 replace most bzero with explicit_bzero, except a few that cna be memset
190 ok djm dtucker
191 - djm@cvs.openbsd.org 2014/02/02 03:44:32
192 [auth1.c auth2-chall.c auth2-passwd.c authfile.c bufaux.c bufbn.c]
193 [buffer.c cipher-3des1.c cipher.c clientloop.c gss-serv.c kex.c]
194 [kexdhc.c kexdhs.c kexecdhc.c kexgexc.c kexecdhs.c kexgexs.c key.c]
195 [monitor.c monitor_wrap.c packet.c readpass.c rsa.c serverloop.c]
196 [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c]
197 [ssh-keygen.c ssh-rsa.c sshconnect.c sshconnect1.c sshconnect2.c]
198 [sshd.c]
199 convert memset of potentially-private data to explicit_bzero()
200 - djm@cvs.openbsd.org 2014/02/03 23:28:00
201 [ssh-ecdsa.c]
202 fix memory leak; ECDSA_SIG_new() allocates 'r' and 's' for us, unlike
203 DSA_SIG_new. Reported by Batz Spear; ok markus@
204 - djm@cvs.openbsd.org 2014/02/02 03:44:31
205 [digest-libc.c digest-openssl.c]
206 convert memset of potentially-private data to explicit_bzero()
207 - djm@cvs.openbsd.org 2014/02/04 00:24:29
208 [ssh.c]
209 delay lowercasing of hostname until right before hostname
210 canonicalisation to unbreak case-sensitive matching of ssh_config;
211 reported by Ike Devolder; ok markus@
212 - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
213 - (djm) [regress/setuid-allowed.c] Missing string.h for strerror()
214
21520140131
216 - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
217 syscall from sandboxes; it may be called by packet_close.
218 - (dtucker) [readconf.c] Include <arpa/inet.h> for the hton macros. Fixes
219 build with HP-UX's compiler. Patch from Kevin Brott.
220 - (tim) [Makefile.in] build regress/setuid-allow.
221
120140130 22220140130
2 - (djm) [configure.ac] Only check for width-specified integer types 223 - (djm) [configure.ac] Only check for width-specified integer types
3 in headers that actually exist. patch from Tom G. Christensen; 224 in headers that actually exist. patch from Tom G. Christensen;
@@ -2663,3 +2884,4 @@
2663 [contrib/suse/openssh.spec] Update for release 6.0 2884 [contrib/suse/openssh.spec] Update for release 6.0
2664 - (djm) [README] Update URL to release notes. 2885 - (djm) [README] Update URL to release notes.
2665 - (djm) Release openssh-6.0 2886 - (djm) Release openssh-6.0
2887