diff options
author | Colin Watson <cjwatson@debian.org> | 2019-06-05 06:41:44 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-06-09 22:09:07 +0100 |
commit | 865a97e05b6aab1619e1c8eeb33ccb8f9a9e48d3 (patch) | |
tree | 7bb2128eb663180bacfabca88f26d26bf0733824 /ChangeLog | |
parent | ba627ba172d6649919baedff5ba2789610da382a (diff) | |
parent | 7d50f9e5be88179325983a1f58c9d51bb58f025a (diff) |
New upstream release (8.0p1)
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 4562 |
1 files changed, 2599 insertions, 1963 deletions
@@ -1,3 +1,2602 @@ | |||
1 | commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d | ||
2 | Author: Damien Miller <djm@mindrot.org> | ||
3 | Date: Thu Apr 18 08:52:57 2019 +1000 | ||
4 | |||
5 | makedepend | ||
6 | |||
7 | commit 5de397a876b587ba05a9169237deffdc71f273b0 | ||
8 | Author: Damien Miller <djm@mindrot.org> | ||
9 | Date: Fri Apr 5 11:29:51 2019 -0700 | ||
10 | |||
11 | second thoughts: leave README in place | ||
12 | |||
13 | A number of contrib/* files refer to the existing README so let's leave | ||
14 | it in place for release and add the new markdown version in parallel. | ||
15 | |||
16 | I'll get rid of README after release. | ||
17 | |||
18 | commit 5d3127d9274519b25ed10e320f45045ba8d7f3be | ||
19 | Author: Damien Miller <djm@mindrot.org> | ||
20 | Date: Fri Apr 5 11:29:31 2019 -0700 | ||
21 | |||
22 | Revert "rewrite README" | ||
23 | |||
24 | This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f. | ||
25 | |||
26 | commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f | ||
27 | Author: Damien Miller <djm@mindrot.org> | ||
28 | Date: Fri Apr 5 11:21:48 2019 -0700 | ||
29 | |||
30 | rewrite README | ||
31 | |||
32 | Include basic build instructions and comments on commonly-used build- | ||
33 | time flags, links to the manual pages and other resources. | ||
34 | |||
35 | Now in Markdown format for better viewing on github, etc. | ||
36 | |||
37 | commit a924de0c4908902433813ba205bee1446bd1a157 | ||
38 | Author: Damien Miller <djm@mindrot.org> | ||
39 | Date: Fri Apr 5 03:41:52 2019 +1100 | ||
40 | |||
41 | update versions | ||
42 | |||
43 | commit 312dcee739bca5d6878c536537b2a8a497314b75 | ||
44 | Author: djm@openbsd.org <djm@openbsd.org> | ||
45 | Date: Wed Apr 3 15:48:45 2019 +0000 | ||
46 | |||
47 | upstream: openssh-8.0 | ||
48 | |||
49 | OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b | ||
50 | |||
51 | commit 885bc114692046d55e2a170b932bdc0092fa3456 | ||
52 | Author: Damien Miller <djm@mindrot.org> | ||
53 | Date: Thu Apr 4 02:47:40 2019 +1100 | ||
54 | |||
55 | session: Do not use removed API | ||
56 | |||
57 | from Jakub Jelen | ||
58 | |||
59 | commit 9d7b2882b0c9a5e9bf8312ce4075bf178e2b98be | ||
60 | Author: djm@openbsd.org <djm@openbsd.org> | ||
61 | Date: Fri Mar 29 11:31:40 2019 +0000 | ||
62 | |||
63 | upstream: when logging/fataling on error, include a bit more detail | ||
64 | |||
65 | than just the function name and the error message | ||
66 | |||
67 | OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f | ||
68 | |||
69 | commit 79a87d32783d6c9db40af8f35e091d9d30365ae7 | ||
70 | Author: Darren Tucker <dtucker@dtucker.net> | ||
71 | Date: Wed Apr 3 06:27:45 2019 +1100 | ||
72 | |||
73 | Remove "struct ssh" from sys_auth_record_login. | ||
74 | |||
75 | It's not needed, and is not available from the call site in loginrec.c | ||
76 | Should only affect AIX, spotted by Kevin Brott. | ||
77 | |||
78 | commit 138c0d52cdc90f9895333b82fc57d81cce7a3d90 | ||
79 | Author: Darren Tucker <dtucker@dtucker.net> | ||
80 | Date: Tue Apr 2 18:21:35 2019 +1100 | ||
81 | |||
82 | Adapt custom_failed_login to new prototype. | ||
83 | |||
84 | Spotted by Kevin Brott. | ||
85 | |||
86 | commit a0ca4009ab2f0b1007ec8ab6864dbf9b760a8ed5 | ||
87 | Author: Darren Tucker <dtucker@dtucker.net> | ||
88 | Date: Mon Apr 1 20:07:23 2019 +1100 | ||
89 | |||
90 | Add includes.h for compat layer. | ||
91 | |||
92 | Should fix build on AIX 7.2. | ||
93 | |||
94 | commit 00991151786ce9b1d577bdad1f83a81d19c8236d | ||
95 | Author: Tim Rice <tim@multitalents.net> | ||
96 | Date: Sun Mar 31 22:14:22 2019 -0700 | ||
97 | |||
98 | Stop USL compilers for erroring with "integral constant expression expected" | ||
99 | |||
100 | commit 43f47ebbdd4037b569c23b8f4f7981f53b567f1d | ||
101 | Author: Tim Rice <tim@multitalents.net> | ||
102 | Date: Sun Mar 31 19:22:19 2019 -0700 | ||
103 | |||
104 | Only use O_NOFOLLOW in fchownat and fchmodat if defined | ||
105 | |||
106 | commit 342d6e51589b184c337cccfc4c788b60ff8b3765 | ||
107 | Author: Jakub Jelen <jjelen@redhat.com> | ||
108 | Date: Fri Mar 29 12:29:41 2019 +0100 | ||
109 | |||
110 | Adjust softhsm2 path on Fedora Linux for regress | ||
111 | |||
112 | The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so | ||
113 | |||
114 | commit f5abb05f8c7358dacdcb866fe2813f6d8efd5830 | ||
115 | Author: Darren Tucker <dtucker@dtucker.net> | ||
116 | Date: Thu Mar 28 09:26:14 2019 +1100 | ||
117 | |||
118 | Only use O_NOFOLLOW in utimensat if defined. | ||
119 | |||
120 | Fixes build on systems that don't have it (Solaris <=9) Found by | ||
121 | Tom G. Christensen. | ||
122 | |||
123 | commit 786cd4c1837fdc3fe7b4befe54a3f37db7df8715 | ||
124 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
125 | Date: Wed Mar 27 18:18:21 2019 +0100 | ||
126 | |||
127 | drop old Cygwin considerations | ||
128 | |||
129 | - Cygwin supports non-DOS characters in filenames | ||
130 | - Cygwin does not support Windows XP anymore | ||
131 | |||
132 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
133 | |||
134 | commit 21da87f439b48a85b951ef1518fe85ac0273e719 | ||
135 | Author: djm@openbsd.org <djm@openbsd.org> | ||
136 | Date: Wed Mar 27 09:29:14 2019 +0000 | ||
137 | |||
138 | upstream: fix interaction between ClientAliveInterval and RekeyLimit | ||
139 | |||
140 | that could cause connection to close incorrectly; Report and patch from Jakub | ||
141 | Jelen in bz#2757; ok dtucker@ markus@ | ||
142 | |||
143 | OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb | ||
144 | |||
145 | commit 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56 | ||
146 | Author: djm@openbsd.org <djm@openbsd.org> | ||
147 | Date: Mon Mar 25 22:34:52 2019 +0000 | ||
148 | |||
149 | upstream: Fix authentication failures when "AuthenticationMethods | ||
150 | |||
151 | any" in a Match block overrides a more restrictive global default. | ||
152 | |||
153 | Spotted by jmc@, ok markus@ | ||
154 | |||
155 | OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666 | ||
156 | |||
157 | commit d6e5def308610f194c0ec3ef97a34a3e9630e190 | ||
158 | Author: djm@openbsd.org <djm@openbsd.org> | ||
159 | Date: Mon Mar 25 22:33:44 2019 +0000 | ||
160 | |||
161 | upstream: whitespace | ||
162 | |||
163 | OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07 | ||
164 | |||
165 | commit 26e0cef07b04479537c971dec898741df1290fe5 | ||
166 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
167 | Date: Mon Mar 25 16:19:44 2019 +0000 | ||
168 | |||
169 | upstream: Expand comment to document rationale for default key | ||
170 | |||
171 | sizes. "seems worthwhile" deraadt. | ||
172 | |||
173 | OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456 | ||
174 | |||
175 | commit f47269ea67eb4ff87454bf0d2a03e55532786482 | ||
176 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
177 | Date: Mon Mar 25 15:49:00 2019 +0000 | ||
178 | |||
179 | upstream: Increase the default RSA key size to 3072 bits. Based on | ||
180 | |||
181 | the estimates from NIST Special Publication 800-57, 3k bits provides security | ||
182 | equivalent to 128 bits which is the smallest symmetric cipher we enable by | ||
183 | default. ok markus@ deraadt@ | ||
184 | |||
185 | OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b | ||
186 | |||
187 | commit 62949c5b37af28d8490d94866e314a76be683a5e | ||
188 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
189 | Date: Fri Mar 22 20:58:34 2019 +0000 | ||
190 | |||
191 | upstream: full stop in the wrong place; | ||
192 | |||
193 | OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4 | ||
194 | |||
195 | commit 1b1332b5bb975d759a50b37f0e8bc8cfb07a0bb0 | ||
196 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
197 | Date: Sat Mar 16 19:14:21 2019 +0000 | ||
198 | |||
199 | upstream: benno helped me clean up the tcp forwarding section; | ||
200 | |||
201 | OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08 | ||
202 | |||
203 | commit 2aee9a49f668092ac5c9d34e904ef7a9722e541d | ||
204 | Author: markus@openbsd.org <markus@openbsd.org> | ||
205 | Date: Fri Mar 8 17:24:43 2019 +0000 | ||
206 | |||
207 | upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL | ||
208 | |||
209 | OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c | ||
210 | |||
211 | commit 9edbd7821e6837e98e7e95546cede804dac96754 | ||
212 | Author: Darren Tucker <dtucker@dtucker.net> | ||
213 | Date: Thu Mar 14 10:17:28 2019 +1100 | ||
214 | |||
215 | Fix build when configured --without-openssl. | ||
216 | |||
217 | ok djm@ | ||
218 | |||
219 | commit 825ab32f0d04a791e9d19d743c61ff8ed9b4d8e5 | ||
220 | Author: Darren Tucker <dtucker@dtucker.net> | ||
221 | Date: Thu Mar 14 08:51:17 2019 +1100 | ||
222 | |||
223 | On Cygwin run sshd as SYSTEM where possible. | ||
224 | |||
225 | Seteuid now creates user token using S4U. We don't create a token | ||
226 | from scratch anymore, so we don't need the "Create a process token" | ||
227 | privilege. The service can run under SYSTEM again... | ||
228 | |||
229 | ...unless Cygwin is running on Windows Vista or Windows 7 in the | ||
230 | WOW64 32 bit emulation layer. It turns out that WOW64 on these systems | ||
231 | didn't implement MsV1_0 S4U Logon so we still need the fallback | ||
232 | to NtCreateToken for these systems. | ||
233 | |||
234 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
235 | |||
236 | commit a212107bfdf4d3e870ab7a443e4d906e5b9578c3 | ||
237 | Author: Darren Tucker <dtucker@dtucker.net> | ||
238 | Date: Wed Mar 13 10:49:16 2019 +1100 | ||
239 | |||
240 | Replace alloca with xcalloc. | ||
241 | |||
242 | The latter checks for memory exhaustion and integer overflow and may be | ||
243 | at a less predictable place. Sanity check by vinschen at redhat.com, ok | ||
244 | djm@ | ||
245 | |||
246 | commit daa7505aadca68ba1a2c70cbdfce423208eb91ee | ||
247 | Author: Darren Tucker <dtucker@dtucker.net> | ||
248 | Date: Tue Mar 12 09:19:19 2019 +1100 | ||
249 | |||
250 | Use Cygwin-specific matching only for users+groups. | ||
251 | |||
252 | Patch from vinschen at redhat.com, updated a little by me. | ||
253 | |||
254 | commit fd10cf027b56f9aaa80c9e3844626a05066589a4 | ||
255 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
256 | Date: Wed Mar 6 22:14:23 2019 +0000 | ||
257 | |||
258 | upstream: Move checks for lists of users or groups into their own | ||
259 | |||
260 | function. This is a no-op on OpenBSD but will make things easier in | ||
261 | -portable, eg on systems where these checks should be case-insensitive. ok | ||
262 | djm@ | ||
263 | |||
264 | OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e | ||
265 | |||
266 | commit ab5fee8eb6a011002fd9e32b1597f02aa8804a25 | ||
267 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
268 | Date: Wed Mar 6 21:06:59 2019 +0000 | ||
269 | |||
270 | upstream: Reset last-seen time when sending a keepalive. Prevents | ||
271 | |||
272 | sending two keepalives successively and prematurely terminating connection | ||
273 | when ClientAliveCount=1. While there, collapse two similar tests into one. | ||
274 | ok markus@ | ||
275 | |||
276 | OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd | ||
277 | |||
278 | commit c13b74530f9f1d9df7aeae012004b31b2de4438e | ||
279 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
280 | Date: Tue Mar 5 16:17:12 2019 +0000 | ||
281 | |||
282 | upstream: PKCS#11 support is no longer limited to RSA; ok benno@ | ||
283 | |||
284 | kn@ | ||
285 | |||
286 | OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826 | ||
287 | |||
288 | commit e9552d6043db7cd170ac6ba1b4d2c7a5eb2c3201 | ||
289 | Author: djm@openbsd.org <djm@openbsd.org> | ||
290 | Date: Fri Mar 1 03:29:32 2019 +0000 | ||
291 | |||
292 | upstream: in ssh_set_newkeys(), mention the direction that we're | ||
293 | |||
294 | keying in debug messages. Previously it would be difficult to tell which | ||
295 | direction it was talking about | ||
296 | |||
297 | OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d | ||
298 | |||
299 | commit 76a24b3fa193a9ca3e47a8779d497cb06500798b | ||
300 | Author: djm@openbsd.org <djm@openbsd.org> | ||
301 | Date: Fri Mar 1 02:32:39 2019 +0000 | ||
302 | |||
303 | upstream: Fix two race conditions in sshd relating to SIGHUP: | ||
304 | |||
305 | 1. Recently-forked child processes will briefly remain listening to | ||
306 | listen_socks. If the main server sshd process completes its restart | ||
307 | via execv() before these sockets are closed by the child processes | ||
308 | then it can fail to listen at the desired addresses/ports and/or | ||
309 | fail to restart. | ||
310 | |||
311 | 2. When a SIGHUP is received, there may be forked child processes that | ||
312 | are awaiting their reexecution state. If the main server sshd | ||
313 | process restarts before passing this state, these child processes | ||
314 | will yield errors and use a fallback path of reading the current | ||
315 | sshd_config from the filesystem rather than use the one that sshd | ||
316 | was started with. | ||
317 | |||
318 | To fix both of these cases, we reuse the startup_pipes that are shared | ||
319 | between the main server sshd and forked children. Previously this was | ||
320 | used solely to implement tracking of pre-auth child processes for | ||
321 | MaxStartups, but this extends the messaging over these pipes to include | ||
322 | a child->parent message that the parent process is safe to restart. This | ||
323 | message is sent from the child after it has completed its preliminaries: | ||
324 | closing listen_socks and receiving its reexec state. | ||
325 | |||
326 | bz#2953, reported by Michal Koutný; ok markus@ dtucker@ | ||
327 | |||
328 | OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab | ||
329 | |||
330 | commit de817e9dfab99473017d28cdf69e60397d00ea21 | ||
331 | Author: djm@openbsd.org <djm@openbsd.org> | ||
332 | Date: Fri Mar 1 02:16:47 2019 +0000 | ||
333 | |||
334 | upstream: mention PKCS11Provide=none, reword a little and remove | ||
335 | |||
336 | mention of RSA keys only (since we support ECDSA now and might support others | ||
337 | in the future). Inspired by Jakub Jelen via bz#2974 | ||
338 | |||
339 | OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5 | ||
340 | |||
341 | commit 95a8058c1a90a27acbb91392ba206854abc85226 | ||
342 | Author: djm@openbsd.org <djm@openbsd.org> | ||
343 | Date: Fri Mar 1 02:08:50 2019 +0000 | ||
344 | |||
345 | upstream: let PKCS11Provider=none do what users expect | ||
346 | |||
347 | print PKCS11Provider instead of obsolete SmartcardDevice in config dump. | ||
348 | |||
349 | bz#2974 ok dtucker@ | ||
350 | |||
351 | OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846 | ||
352 | |||
353 | commit 8e7bac35aa576d2fd7560836da83733e864ce649 | ||
354 | Author: markus@openbsd.org <markus@openbsd.org> | ||
355 | Date: Wed Feb 27 19:37:01 2019 +0000 | ||
356 | |||
357 | upstream: dup stdout/in for proxycommand=-, otherwise stdout might | ||
358 | |||
359 | be redirected to /dev/null; ok djm@ | ||
360 | |||
361 | OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595 | ||
362 | |||
363 | commit 9b61130fbd95d196bce81ebeca94a4cb7c0d5ba0 | ||
364 | Author: djm@openbsd.org <djm@openbsd.org> | ||
365 | Date: Sat Feb 23 08:20:43 2019 +0000 | ||
366 | |||
367 | upstream: openssh-7.9 accidentally reused the server's algorithm lists | ||
368 | |||
369 | in the client for KEX, ciphers and MACs. The ciphers and MACs were identical | ||
370 | between the client and server, but the error accidentially disabled the | ||
371 | diffie-hellman-group-exchange-sha1 KEX method. | ||
372 | |||
373 | This fixes the client code to use the correct method list, but | ||
374 | because nobody complained, it also disables the | ||
375 | diffie-hellman-group-exchange-sha1 KEX method. | ||
376 | |||
377 | Reported by nuxi AT vault24.org via bz#2697; ok dtucker | ||
378 | |||
379 | OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57 | ||
380 | |||
381 | commit 37638c752041d591371900df820f070037878a2d | ||
382 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
383 | Date: Wed Feb 20 13:41:25 2019 +0100 | ||
384 | |||
385 | Cygwin: implement case-insensitive Unicode user and group name matching | ||
386 | |||
387 | The previous revert enabled case-insensitive user names again. This | ||
388 | patch implements the case-insensitive user and group name matching. | ||
389 | To allow Unicode chars, implement the matcher using wchar_t chars in | ||
390 | Cygwin-specific code. Keep the generic code changes as small as possible. | ||
391 | Cygwin: implement case-insensitive Unicode user and group name matching | ||
392 | |||
393 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
394 | |||
395 | commit bed1d43698807a07bb4ddb93a46b0bd84b9970b3 | ||
396 | Author: Darren Tucker <dtucker@dtucker.net> | ||
397 | Date: Fri Feb 22 15:21:21 2019 +1100 | ||
398 | |||
399 | Revert unintended parts of previous commit. | ||
400 | |||
401 | commit f02afa350afac1b2f2d1413259a27a4ba1e2ca24 | ||
402 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
403 | Date: Wed Feb 20 13:41:24 2019 +0100 | ||
404 | |||
405 | Revert "[auth.c] On Cygwin, refuse usernames that have differences in case" | ||
406 | |||
407 | This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c. | ||
408 | |||
409 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
410 | |||
411 | commit 4c55b674835478eb80a1a7aeae588aa654e2a433 | ||
412 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
413 | Date: Sat Feb 16 14:13:43 2019 +0100 | ||
414 | |||
415 | Add tags to .gitignore | ||
416 | |||
417 | Signed-off-by: Corinna Vinschen <vinschen@redhat.com> | ||
418 | |||
419 | commit 625b62634c33eaef4b80d07529954fe5c6435fe5 | ||
420 | Author: djm@openbsd.org <djm@openbsd.org> | ||
421 | Date: Fri Feb 22 03:37:11 2019 +0000 | ||
422 | |||
423 | upstream: perform removal of agent-forwarding directory in forward | ||
424 | |||
425 | setup error path with user's privileged. This is a no-op as this code always | ||
426 | runs with user privilege now that we no longer support running sshd with | ||
427 | privilege separation disabled, but as long as the privsep skeleton is there | ||
428 | we should follow the rules. | ||
429 | MIME-Version: 1.0 | ||
430 | Content-Type: text/plain; charset=UTF-8 | ||
431 | Content-Transfer-Encoding: 8bit | ||
432 | |||
433 | bz#2969 with patch from Erik Sjölund | ||
434 | |||
435 | OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846 | ||
436 | |||
437 | commit d9ecfaba0b2f1887d20e4368230632e709ca83be | ||
438 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
439 | Date: Mon Feb 18 07:02:34 2019 +0000 | ||
440 | |||
441 | upstream: sync the description of ~/.ssh/config with djm's updated | ||
442 | |||
443 | description in ssh.1; issue pointed out by andreas kahari | ||
444 | |||
445 | ok dtucker djm | ||
446 | |||
447 | OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c | ||
448 | |||
449 | commit 38e83e4f219c752ebb1560633b73f06f0392018b | ||
450 | Author: djm@openbsd.org <djm@openbsd.org> | ||
451 | Date: Tue Feb 12 23:53:10 2019 +0000 | ||
452 | |||
453 | upstream: fix regression in r1.302 reported by naddy@ - only the first | ||
454 | |||
455 | public key from the agent was being attempted for use. | ||
456 | |||
457 | OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d | ||
458 | |||
459 | commit 5c68ea8da790d711e6dd5f4c30d089c54032c59a | ||
460 | Author: djm@openbsd.org <djm@openbsd.org> | ||
461 | Date: Mon Feb 11 09:44:42 2019 +0000 | ||
462 | |||
463 | upstream: cleanup GSSAPI authentication context after completion of the | ||
464 | |||
465 | authmethod. Move function-static GSSAPI state to the client Authctxt | ||
466 | structure. Make static a bunch of functions that aren't used outside this | ||
467 | file. | ||
468 | |||
469 | Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@ | ||
470 | |||
471 | OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5 | ||
472 | |||
473 | commit a8c807f1956f81a92a758d3d0237d0ff06d0be5d | ||
474 | Author: benno@openbsd.org <benno@openbsd.org> | ||
475 | Date: Sun Feb 10 16:35:41 2019 +0000 | ||
476 | |||
477 | upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11 | ||
478 | |||
479 | interactive, so it can ask for the smartcards PIN. ok markus@ | ||
480 | |||
481 | OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab | ||
482 | |||
483 | commit 3d896c157c722bc47adca51a58dca859225b5874 | ||
484 | Author: djm@openbsd.org <djm@openbsd.org> | ||
485 | Date: Sun Feb 10 11:15:52 2019 +0000 | ||
486 | |||
487 | upstream: when checking that filenames sent by the server side | ||
488 | |||
489 | match what the client requested, be prepared to handle shell-style brace | ||
490 | alternations, e.g. "{foo,bar}". | ||
491 | |||
492 | "looks good to me" millert@ + in snaps for the last week courtesy | ||
493 | deraadt@ | ||
494 | |||
495 | OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e | ||
496 | |||
497 | commit 318e4f8548a4f5c0c913f61e27d4fc21ffb1eaae | ||
498 | Author: djm@openbsd.org <djm@openbsd.org> | ||
499 | Date: Sun Feb 10 11:10:57 2019 +0000 | ||
500 | |||
501 | upstream: syslog when connection is dropped for attempting to run a | ||
502 | |||
503 | command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@ | ||
504 | |||
505 | OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8 | ||
506 | |||
507 | commit 2ff2e19653b8c0798b8b8eff209651bdb1be2761 | ||
508 | Author: Damien Miller <djm@mindrot.org> | ||
509 | Date: Fri Feb 8 14:53:35 2019 +1100 | ||
510 | |||
511 | don't set $MAIL if UsePam=yes | ||
512 | |||
513 | PAM typically specifies the user environment if it's enabled, so don't | ||
514 | second guess. bz#2937; ok dtucker@ | ||
515 | |||
516 | commit 03e92dd27d491fe6d1a54e7b2f44ef1b0a916e52 | ||
517 | Author: Damien Miller <djm@mindrot.org> | ||
518 | Date: Fri Feb 8 14:50:36 2019 +1100 | ||
519 | |||
520 | use same close logic for stderr as stdout | ||
521 | |||
522 | Avoids sending SIGPIPE to child processes after their parent exits | ||
523 | if they attempt to write to stderr. | ||
524 | |||
525 | Analysis and patch from JD Paul; patch reworked by Jakub Jelen and | ||
526 | myself. bz#2071; ok dtucker@ | ||
527 | |||
528 | commit 8c53d409baeeaf652c0c125a9b164edc9dbeb6de | ||
529 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
530 | Date: Tue Feb 5 11:35:56 2019 +0000 | ||
531 | |||
532 | upstream: Adapt code in the non-USE_PIPES codepath to the new packet | ||
533 | |||
534 | API. This code is not normally reachable since USE_PIPES is always defined. | ||
535 | bz#2961, patch from adrian.fita at gmail com. | ||
536 | |||
537 | OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a | ||
538 | |||
539 | commit 7a7fdca78de4b4774950be056099e579ef595414 | ||
540 | Author: djm@openbsd.org <djm@openbsd.org> | ||
541 | Date: Mon Feb 4 23:37:54 2019 +0000 | ||
542 | |||
543 | upstream: fix NULL-deref crash in PKCS#11 code when attempting | ||
544 | |||
545 | login to a token requiring a PIN; reported by benno@ fix mostly by markus@ | ||
546 | |||
547 | OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31 | ||
548 | |||
549 | commit cac302a4b42a988e54d32eb254b29b79b648dbf5 | ||
550 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
551 | Date: Mon Feb 4 02:39:42 2019 +0000 | ||
552 | |||
553 | upstream: Remove obsolete "Protocol" from commented out examples. Patch | ||
554 | |||
555 | from samy.mahmoudi at gmail com. | ||
556 | |||
557 | OpenBSD-Commit-ID: 16aede33dae299725a03abdac5dcb4d73f5d0cbf | ||
558 | |||
559 | commit 483b3b638500fd498b4b529356e5a0e18cf76891 | ||
560 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
561 | Date: Fri Feb 1 03:52:23 2019 +0000 | ||
562 | |||
563 | upstream: Save connection timeout and restore for 2nd and | ||
564 | |||
565 | subsequent attempts, preventing them from having no timeout. bz#2918, ok | ||
566 | djm@ | ||
567 | |||
568 | OpenBSD-Commit-ID: 4977f1d0521d9b6bba0c9a20d3d226cefac48292 | ||
569 | |||
570 | commit 5f004620fdc1b2108139300ee12f4014530fb559 | ||
571 | Author: markus@openbsd.org <markus@openbsd.org> | ||
572 | Date: Wed Jan 30 19:51:15 2019 +0000 | ||
573 | |||
574 | upstream: Add authors for public domain sntrup4591761 code; | ||
575 | |||
576 | confirmed by Daniel J. Bernstein | ||
577 | |||
578 | OpenBSD-Commit-ID: b4621f22b8b8ef13e063c852af5e54dbbfa413c1 | ||
579 | |||
580 | commit 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8 | ||
581 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
582 | Date: Sun Jan 27 07:14:11 2019 +0000 | ||
583 | |||
584 | upstream: add -T to usage(); | ||
585 | |||
586 | OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899 | ||
587 | |||
588 | commit 19a0f0529d3df04118da829528cac7ceff380b24 | ||
589 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
590 | Date: Mon Jan 28 03:50:39 2019 +0000 | ||
591 | |||
592 | upstream: The test sshd_config in in $OBJ. | ||
593 | |||
594 | OpenBSD-Regress-ID: 1e5d908a286d8e7de3a15a0020c8857f3a7c9172 | ||
595 | |||
596 | commit 8fe25440206319d15b52d12b948a5dfdec14dca3 | ||
597 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
598 | Date: Mon Jan 28 03:28:10 2019 +0000 | ||
599 | |||
600 | upstream: Remove leftover debugging. | ||
601 | |||
602 | OpenBSD-Regress-ID: 3d86c3d4867e46b35af3fd2ac8c96df0ffdcfeb9 | ||
603 | |||
604 | commit e30d32364d12c351eec9e14be6c61116f9d6cc90 | ||
605 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
606 | Date: Mon Jan 28 00:12:36 2019 +0000 | ||
607 | |||
608 | upstream: Enable ssh-dss for the agent test. Disable it for the | ||
609 | |||
610 | certificate test. | ||
611 | |||
612 | OpenBSD-Regress-ID: 388c1e03e1def539d350f139b37d69f12334668d | ||
613 | |||
614 | commit ffdde469ed56249f5dc8af98da468dde35531398 | ||
615 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
616 | Date: Mon Jan 28 00:08:26 2019 +0000 | ||
617 | |||
618 | upstream: Count the number of key types instead of assuming there | ||
619 | |||
620 | are only two. | ||
621 | |||
622 | OpenBSD-Regress-ID: 0998702c41235782cf0beee396ec49b5056eaed9 | ||
623 | |||
624 | commit 1d05b4adcba08ab068466e5c08dee2f5417ec53a | ||
625 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
626 | Date: Sat Jan 26 23:42:40 2019 +0100 | ||
627 | |||
628 | Cygwin: only tweak sshd_config file if it's new, drop creating sshd user | ||
629 | |||
630 | The sshd_config tweaks were executed even if the old file was | ||
631 | still in place. Fix that. Also disable sshd user creation. | ||
632 | It's not used on Cygwin. | ||
633 | |||
634 | commit 89843de0c4c733501f6b4f988098e6e06963df37 | ||
635 | Author: Corinna Vinschen <vinschen@redhat.com> | ||
636 | Date: Sat Jan 26 23:03:12 2019 +0100 | ||
637 | |||
638 | Cygwin: Change service name to cygsshd | ||
639 | |||
640 | Microsoft hijacked the sshd service name without asking. | ||
641 | |||
642 | commit 2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 | ||
643 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
644 | Date: Sun Jan 27 06:30:53 2019 +0000 | ||
645 | |||
646 | upstream: Generate all key supported key types and enable for keyscan | ||
647 | |||
648 | test. | ||
649 | |||
650 | OpenBSD-Regress-ID: 72f72ff49946c61bc949e1692dd9e3d71370891b | ||
651 | |||
652 | commit 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc | ||
653 | Author: djm@openbsd.org <djm@openbsd.org> | ||
654 | Date: Sat Jan 26 22:41:28 2019 +0000 | ||
655 | |||
656 | upstream: check in scp client that filenames sent during | ||
657 | |||
658 | remote->local directory copies satisfy the wildcard specified by the user. | ||
659 | |||
660 | This checking provides some protection against a malicious server | ||
661 | sending unexpected filenames, but it comes at a risk of rejecting wanted | ||
662 | files due to differences between client and server wildcard expansion rules. | ||
663 | |||
664 | For this reason, this also adds a new -T flag to disable the check. | ||
665 | |||
666 | reported by Harry Sintonen | ||
667 | fix approach suggested by markus@; | ||
668 | has been in snaps for ~1wk courtesy deraadt@ | ||
669 | |||
670 | OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda | ||
671 | |||
672 | commit c2c18a39683db382a15b438632afab3f551d50ce | ||
673 | Author: djm@openbsd.org <djm@openbsd.org> | ||
674 | Date: Sat Jan 26 22:35:01 2019 +0000 | ||
675 | |||
676 | upstream: make ssh-keyscan return a non-zero exit status if it | ||
677 | |||
678 | finds no keys. bz#2903 | ||
679 | |||
680 | OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488 | ||
681 | |||
682 | commit 05b9a466700b44d49492edc2aa415fc2e8913dfe | ||
683 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
684 | Date: Thu Jan 24 17:00:29 2019 +0000 | ||
685 | |||
686 | upstream: Accept the host key fingerprint as a synonym for "yes" | ||
687 | |||
688 | when accepting an unknown host key. This allows you to paste a fingerprint | ||
689 | obtained out of band into the yes/no prompt and have the client do the | ||
690 | comparison for you. ok markus@ djm@ | ||
691 | |||
692 | OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767 | ||
693 | |||
694 | commit bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb | ||
695 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
696 | Date: Thu Jan 24 16:52:17 2019 +0000 | ||
697 | |||
698 | upstream: Have progressmeter force an update at the beginning and | ||
699 | |||
700 | end of each transfer. Fixes the problem recently introduces where very quick | ||
701 | transfers do not display the progressmeter at all. Spotted by naddy@ | ||
702 | |||
703 | OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a | ||
704 | |||
705 | commit 258e6ca003e47f944688ad8b8de087b58a7d966c | ||
706 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
707 | Date: Thu Jan 24 02:42:23 2019 +0000 | ||
708 | |||
709 | upstream: Check for both EAGAIN and EWOULDBLOCK. This is a no-op | ||
710 | |||
711 | in OpenBSD (they are the same value) but makes things easier in -portable | ||
712 | where they may be distinct values. "sigh ok" deraadt@ | ||
713 | |||
714 | (ID sync only, portable already had this change). | ||
715 | |||
716 | OpenBSD-Commit-ID: 91f2bc7c0ecec905915ed59fa37feb9cc90e17d7 | ||
717 | |||
718 | commit 281ce042579b834cdc1e74314f1fb2eeb75d2612 | ||
719 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
720 | Date: Thu Jan 24 02:34:52 2019 +0000 | ||
721 | |||
722 | upstream: Always initialize 2nd arg to hpdelim2. It populates that | ||
723 | |||
724 | *ONLY IF* there's a delimiter. If there's not (the common case) it checked | ||
725 | uninitialized memory, which usually passed, but if not would cause spurious | ||
726 | failures when the uninitialized memory happens to contain "/". ok deraadt. | ||
727 | |||
728 | OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3 | ||
729 | |||
730 | commit d05ea255678d9402beda4416cd0360f3e5dfe938 | ||
731 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
732 | Date: Wed Jan 23 21:50:56 2019 +0000 | ||
733 | |||
734 | upstream: Remove support for obsolete host/port syntax. | ||
735 | |||
736 | host/port was added in 2001 as an alternative to host:port syntax for | ||
737 | the benefit of IPv6 users. These days there are establised standards | ||
738 | for this like [::1]:22 and the slash syntax is easily mistaken for CIDR | ||
739 | notation, which OpenSSH now supports for some things. Remove the slash | ||
740 | notation from ListenAddress and PermitOpen. bz#2335, patch from jjelen | ||
741 | at redhat.com, ok markus@ | ||
742 | |||
743 | OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7 | ||
744 | |||
745 | commit 177d6c80c557a5e060cd343a0c116a2f1a7f43db | ||
746 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
747 | Date: Wed Jan 23 20:48:52 2019 +0000 | ||
748 | |||
749 | upstream: Remove duplicate word. bz#2958, patch from jjelen at | ||
750 | |||
751 | redhat.com | ||
752 | |||
753 | OpenBSD-Commit-ID: cca3965a8333f2b6aae48b79ec1d72f7a830dd2c | ||
754 | |||
755 | commit be3e6cba95dffe5fcf190c713525b48c837e7875 | ||
756 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
757 | Date: Wed Jan 23 09:49:00 2019 +0000 | ||
758 | |||
759 | upstream: Remove 3 as a guess for possible generator during moduli | ||
760 | |||
761 | generation. It's not mentioned in RFC4419 and it's not possible for | ||
762 | Sophie-Germain primes greater than 5. bz#2330, from Christian Wittenhorst , | ||
763 | ok djm@ tb@ | ||
764 | |||
765 | OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd | ||
766 | |||
767 | commit 8976f1c4b2721c26e878151f52bdf346dfe2d54c | ||
768 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
769 | Date: Wed Jan 23 08:01:46 2019 +0000 | ||
770 | |||
771 | upstream: Sanitize scp filenames via snmprintf. To do this we move | ||
772 | |||
773 | the progressmeter formatting outside of signal handler context and have the | ||
774 | atomicio callback called for EINTR too. bz#2434 with contributions from djm | ||
775 | and jjelen at redhat.com, ok djm@ | ||
776 | |||
777 | OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8 | ||
778 | |||
779 | commit 6249451f381755f792c6b9e2c2f80cdc699c14e2 | ||
780 | Author: Darren Tucker <dtucker@dtucker.net> | ||
781 | Date: Thu Jan 24 10:00:20 2019 +1100 | ||
782 | |||
783 | For broken read/readv comparisons, poll(RW). | ||
784 | |||
785 | In the cases where we can't compare to read or readv function pointers | ||
786 | for some reason we currently ifdef out the poll() used to block while | ||
787 | waiting for reads or writes, falling back to busy waiting. This restores | ||
788 | the poll() in this case, but has it always check for read or write, | ||
789 | removing an inline ifdef in the process. | ||
790 | |||
791 | commit 5cb503dff4db251520e8bf7d23b9c97c06eee031 | ||
792 | Author: Darren Tucker <dtucker@dtucker.net> | ||
793 | Date: Thu Jan 24 09:55:16 2019 +1100 | ||
794 | |||
795 | Include unistd.h for strmode(). | ||
796 | |||
797 | commit f236ca2741f29b5c443c0b2db3aa9afb9ad9befe | ||
798 | Author: Darren Tucker <dtucker@dtucker.net> | ||
799 | Date: Thu Jan 24 09:50:58 2019 +1100 | ||
800 | |||
801 | Also undef SIMPLEQ_FOREACH_SAFE. | ||
802 | |||
803 | Prevents macro redefinition warning on at least NetBSD 6.1. | ||
804 | |||
805 | commit be063945e4e7d46b1734d973bf244c350fae172a | ||
806 | Author: djm@openbsd.org <djm@openbsd.org> | ||
807 | Date: Wed Jan 23 04:51:02 2019 +0000 | ||
808 | |||
809 | upstream: allow auto-incrementing certificate serial number for certs | ||
810 | |||
811 | signed in a single commandline. | ||
812 | |||
813 | OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b | ||
814 | |||
815 | commit 851f80328931975fe68f71af363c4537cb896da2 | ||
816 | Author: djm@openbsd.org <djm@openbsd.org> | ||
817 | Date: Wed Jan 23 04:16:22 2019 +0000 | ||
818 | |||
819 | upstream: move a bunch of global flag variables to main(); make the | ||
820 | |||
821 | rest static | ||
822 | |||
823 | OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc | ||
824 | |||
825 | commit 2265402dc7d701a9aca9f8a7b7b0fd45b65c479f | ||
826 | Author: Damien Miller <djm@mindrot.org> | ||
827 | Date: Wed Jan 23 13:03:16 2019 +1100 | ||
828 | |||
829 | depend | ||
830 | |||
831 | commit 2c223878e53cc46def760add459f5f7c4fb43e35 | ||
832 | Author: djm@openbsd.org <djm@openbsd.org> | ||
833 | Date: Wed Jan 23 02:01:10 2019 +0000 | ||
834 | |||
835 | upstream: switch mainloop from select(2) to poll(2); ok deraadt@ | ||
836 | |||
837 | OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e | ||
838 | |||
839 | commit bb956eaa94757ad058ff43631c3a7d6c94d38c2f | ||
840 | Author: djm@openbsd.org <djm@openbsd.org> | ||
841 | Date: Wed Jan 23 00:30:41 2019 +0000 | ||
842 | |||
843 | upstream: pass most arguments to the KEX hash functions as sshbuf | ||
844 | |||
845 | rather than pointer+length; ok markus@ | ||
846 | |||
847 | OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7 | ||
848 | |||
849 | commit d691588b8e29622c66abf8932362b522cf7f4051 | ||
850 | Author: djm@openbsd.org <djm@openbsd.org> | ||
851 | Date: Tue Jan 22 22:58:50 2019 +0000 | ||
852 | |||
853 | upstream: backoff reading messages from active connections when the | ||
854 | |||
855 | input buffer is too full to read one, or if the output buffer is too full to | ||
856 | enqueue a response; feedback & ok dtucker@ | ||
857 | |||
858 | OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8 | ||
859 | |||
860 | commit f99ef8de967949a1fc25a5c28263ea32736e5943 | ||
861 | Author: djm@openbsd.org <djm@openbsd.org> | ||
862 | Date: Tue Jan 22 20:48:01 2019 +0000 | ||
863 | |||
864 | upstream: add -m to usage(); reminded by jmc@ | ||
865 | |||
866 | OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e | ||
867 | |||
868 | commit 41923ce06ac149453debe472238e0cca7d5a2e5f | ||
869 | Author: djm@openbsd.org <djm@openbsd.org> | ||
870 | Date: Tue Jan 22 12:03:58 2019 +0000 | ||
871 | |||
872 | upstream: Correct some bugs in PKCS#11 token PIN handling at | ||
873 | |||
874 | initial login, the attempt at reading the PIN could be skipped in some cases | ||
875 | especially on devices with integrated PIN readers. | ||
876 | |||
877 | based on patch from Daniel Kucera in bz#2652; ok markus@ | ||
878 | |||
879 | OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e | ||
880 | |||
881 | commit 2162171ad517501ba511fa9f8191945d01857bb4 | ||
882 | Author: djm@openbsd.org <djm@openbsd.org> | ||
883 | Date: Tue Jan 22 12:00:50 2019 +0000 | ||
884 | |||
885 | upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by | ||
886 | |||
887 | requring a fresh login after the C_SignInit operation. | ||
888 | |||
889 | based on patch from Jakub Jelen in bz#2638; ok markus | ||
890 | |||
891 | OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661 | ||
892 | |||
893 | commit 7a2cb18a215b2cb335da3dc99489c52a91f4925b | ||
894 | Author: djm@openbsd.org <djm@openbsd.org> | ||
895 | Date: Tue Jan 22 11:51:25 2019 +0000 | ||
896 | |||
897 | upstream: Mention that configuration for the destination host is | ||
898 | |||
899 | not applied to any ProxyJump/-J hosts. This has confused a few people... | ||
900 | |||
901 | OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b | ||
902 | |||
903 | commit ecd2f33cb772db4fa76776543599f1c1ab6f9fa0 | ||
904 | Author: djm@openbsd.org <djm@openbsd.org> | ||
905 | Date: Tue Jan 22 11:40:42 2019 +0000 | ||
906 | |||
907 | upstream: Include -m in the synopsis for a few more commands that | ||
908 | |||
909 | support it | ||
910 | |||
911 | Be more explicit in the description of -m about where it may be used | ||
912 | |||
913 | Prompted by Jakub Jelen in bz2904 | ||
914 | |||
915 | OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c | ||
916 | |||
917 | commit ff5d2cf4ca373bb4002eef395ed2cbe2ff0826c1 | ||
918 | Author: djm@openbsd.org <djm@openbsd.org> | ||
919 | Date: Tue Jan 22 11:26:16 2019 +0000 | ||
920 | |||
921 | upstream: print the full pubkey being attempted at loglevel >= | ||
922 | |||
923 | debug2; bz2939 | ||
924 | |||
925 | OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290 | ||
926 | |||
927 | commit 180b520e2bab33b566b4b0cbac7d5f9940935011 | ||
928 | Author: djm@openbsd.org <djm@openbsd.org> | ||
929 | Date: Tue Jan 22 11:19:42 2019 +0000 | ||
930 | |||
931 | upstream: clarify: ssh-keygen -e only writes public keys, never | ||
932 | |||
933 | private | ||
934 | |||
935 | OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb | ||
936 | |||
937 | commit c45616a199c322ca674315de88e788f1d2596e26 | ||
938 | Author: djm@openbsd.org <djm@openbsd.org> | ||
939 | Date: Tue Jan 22 11:00:15 2019 +0000 | ||
940 | |||
941 | upstream: mention the new vs. old key formats in the introduction | ||
942 | |||
943 | and give some hints on how keys may be converted or written in the old | ||
944 | format. | ||
945 | |||
946 | OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823 | ||
947 | |||
948 | commit fd8eb1383a34c986a00ef13d745ae9bd3ea21760 | ||
949 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
950 | Date: Tue Jan 22 06:58:31 2019 +0000 | ||
951 | |||
952 | upstream: tweak previous; | ||
953 | |||
954 | OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8 | ||
955 | |||
956 | commit 68e924d5473c00057f8532af57741d258c478223 | ||
957 | Author: tb@openbsd.org <tb@openbsd.org> | ||
958 | Date: Mon Jan 21 23:55:12 2019 +0000 | ||
959 | |||
960 | upstream: Forgot to add -J to the synopsis. | ||
961 | |||
962 | OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e | ||
963 | |||
964 | commit 622dedf1a884f2927a9121e672bd9955e12ba108 | ||
965 | Author: tb@openbsd.org <tb@openbsd.org> | ||
966 | Date: Mon Jan 21 22:50:42 2019 +0000 | ||
967 | |||
968 | upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1) | ||
969 | |||
970 | and sftp(1) to match ssh(1)'s interface. | ||
971 | |||
972 | ok djm | ||
973 | |||
974 | OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc | ||
975 | |||
976 | commit c882d74652800150d538e22c80dd2bd3cdd5fae2 | ||
977 | Author: Darren Tucker <dtucker@dtucker.net> | ||
978 | Date: Tue Jan 22 20:38:40 2019 +1100 | ||
979 | |||
980 | Allow building against OpenSSL dev (3.x) version. | ||
981 | |||
982 | commit d5520393572eb24aa0e001a1c61f49b104396e45 | ||
983 | Author: Damien Miller <djm@mindrot.org> | ||
984 | Date: Tue Jan 22 10:50:40 2019 +1100 | ||
985 | |||
986 | typo | ||
987 | |||
988 | commit 2de9cec54230998ab10161576f77860a2559ccb7 | ||
989 | Author: Damien Miller <djm@mindrot.org> | ||
990 | Date: Tue Jan 22 10:49:52 2019 +1100 | ||
991 | |||
992 | add missing header | ||
993 | |||
994 | commit 533cfb01e49a2a30354e191669dc3159e03e99a7 | ||
995 | Author: djm@openbsd.org <djm@openbsd.org> | ||
996 | Date: Mon Jan 21 22:18:24 2019 +0000 | ||
997 | |||
998 | upstream: switch sntrup implementation source from supercop to | ||
999 | |||
1000 | libpqcrypto; the latter is almost identical but doesn't rely on signed | ||
1001 | underflow to implement an optimised integer sort; from markus@ | ||
1002 | |||
1003 | OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8 | ||
1004 | |||
1005 | commit d50ab3cd6fb859888a26b4d4e333239b4f6bf573 | ||
1006 | Author: Damien Miller <djm@mindrot.org> | ||
1007 | Date: Tue Jan 22 00:02:23 2019 +1100 | ||
1008 | |||
1009 | new files need includes.h | ||
1010 | |||
1011 | commit c7670b091a7174760d619ef6738b4f26b2093301 | ||
1012 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1013 | Date: Mon Jan 21 12:53:35 2019 +0000 | ||
1014 | |||
1015 | upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up | ||
1016 | |||
1017 | debug verbosity. | ||
1018 | |||
1019 | Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run | ||
1020 | in debug mode ("ssh-agent -d"), so we get to see errors from the | ||
1021 | PKCS#11 code. | ||
1022 | |||
1023 | ok markus@ | ||
1024 | |||
1025 | OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d | ||
1026 | |||
1027 | commit 49d8c8e214d39acf752903566b105d06c565442a | ||
1028 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1029 | Date: Mon Jan 21 12:50:12 2019 +0000 | ||
1030 | |||
1031 | upstream: adapt to changes in KEX APIs and file removals | ||
1032 | |||
1033 | OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca | ||
1034 | |||
1035 | commit 35ecc53a83f8e8baab2e37549addfd05c73c30f1 | ||
1036 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1037 | Date: Mon Jan 21 12:35:20 2019 +0000 | ||
1038 | |||
1039 | upstream: adapt to changes in KEX API and file removals | ||
1040 | |||
1041 | OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7 | ||
1042 | |||
1043 | commit 7d69aae64c35868cc4f644583ab973113a79480e | ||
1044 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1045 | Date: Mon Jan 21 12:29:35 2019 +0000 | ||
1046 | |||
1047 | upstream: adapt to bignum1 API removal and bignum2 API change | ||
1048 | |||
1049 | OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63 | ||
1050 | |||
1051 | commit beab553f0a9578ef9bffe28b2c779725e77b39ec | ||
1052 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1053 | Date: Mon Jan 21 09:13:41 2019 +0000 | ||
1054 | |||
1055 | upstream: remove hack to use non-system libcrypto | ||
1056 | |||
1057 | OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f | ||
1058 | |||
1059 | commit 4dc06bd57996f1a46b4c3bababe0d09bc89098f7 | ||
1060 | Author: Damien Miller <djm@mindrot.org> | ||
1061 | Date: Mon Jan 21 23:14:04 2019 +1100 | ||
1062 | |||
1063 | depend | ||
1064 | |||
1065 | commit 70edd73edc4df54e5eee50cd27c25427b34612f8 | ||
1066 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1067 | Date: Mon Jan 21 12:08:13 2019 +0000 | ||
1068 | |||
1069 | upstream: fix reversed arguments to kex_load_hostkey(); manifested as | ||
1070 | |||
1071 | errors in cert-hostkey.sh regress failures. | ||
1072 | |||
1073 | OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba | ||
1074 | |||
1075 | commit f1185abbf0c9108e639297addc77f8757ee00eb3 | ||
1076 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1077 | Date: Mon Jan 21 11:22:00 2019 +0000 | ||
1078 | |||
1079 | upstream: forgot to cvs add this file in previous series of commits; | ||
1080 | |||
1081 | grrr | ||
1082 | |||
1083 | OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0 | ||
1084 | |||
1085 | commit 7bef390b625bdc080f0fd4499ef03cef60fca4fa | ||
1086 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1087 | Date: Mon Jan 21 10:44:21 2019 +0000 | ||
1088 | |||
1089 | upstream: nothing shall escape this purge | ||
1090 | |||
1091 | OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217 | ||
1092 | |||
1093 | commit aaca72d6f1279b842066e07bff797019efeb2c23 | ||
1094 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1095 | Date: Mon Jan 21 10:40:11 2019 +0000 | ||
1096 | |||
1097 | upstream: rename kex->kem_client_pub -> kex->client_pub now that | ||
1098 | |||
1099 | KEM has been renamed to kexgen | ||
1100 | |||
1101 | from markus@ ok djm@ | ||
1102 | |||
1103 | OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8 | ||
1104 | |||
1105 | commit 70867e1ca2eb08bbd494fe9c568df4fd3b35b867 | ||
1106 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1107 | Date: Mon Jan 21 10:38:54 2019 +0000 | ||
1108 | |||
1109 | upstream: merge kexkem[cs] into kexgen | ||
1110 | |||
1111 | from markus@ ok djm@ | ||
1112 | |||
1113 | OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89 | ||
1114 | |||
1115 | commit 71e67fff946396caa110a7964da23480757258ff | ||
1116 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1117 | Date: Mon Jan 21 10:35:09 2019 +0000 | ||
1118 | |||
1119 | upstream: pass values used in KEX hash computation as sshbuf | ||
1120 | |||
1121 | rather than pointer+len | ||
1122 | |||
1123 | suggested by me; implemented by markus@ ok me | ||
1124 | |||
1125 | OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0 | ||
1126 | |||
1127 | commit 4b83e2a2cc0c12e671a77eaba1c1245894f4e884 | ||
1128 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1129 | Date: Mon Jan 21 10:33:49 2019 +0000 | ||
1130 | |||
1131 | upstream: remove kex_derive_keys_bn wrapper; no unused since the | ||
1132 | |||
1133 | DH-like KEX methods have moved to KEM | ||
1134 | |||
1135 | from markus@ ok djm@ | ||
1136 | |||
1137 | OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060 | ||
1138 | |||
1139 | commit 92dda34e373832f34a1944e5d9ebbebb184dedc1 | ||
1140 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1141 | Date: Mon Jan 21 10:29:56 2019 +0000 | ||
1142 | |||
1143 | upstream: use KEM API for vanilla ECDH | ||
1144 | |||
1145 | from markus@ ok djm@ | ||
1146 | |||
1147 | OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c | ||
1148 | |||
1149 | commit b72357217cbe510a3ae155307a7be6b9181f1d1b | ||
1150 | Author: Damien Miller <djm@mindrot.org> | ||
1151 | Date: Mon Jan 21 23:11:21 2019 +1100 | ||
1152 | |||
1153 | fixup missing ssherr.h | ||
1154 | |||
1155 | commit 9c9c97e14fe190931f341876ad98213e1e1dc19f | ||
1156 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1157 | Date: Mon Jan 21 10:28:01 2019 +0000 | ||
1158 | |||
1159 | upstream: use KEM API for vanilla DH KEX | ||
1160 | |||
1161 | from markus@ ok djm@ | ||
1162 | |||
1163 | OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9 | ||
1164 | |||
1165 | commit 2f6a9ddbbf6ca8623c53c323ff17fb6d68d66970 | ||
1166 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1167 | Date: Mon Jan 21 10:24:09 2019 +0000 | ||
1168 | |||
1169 | upstream: use KEM API for vanilla c25519 KEX | ||
1170 | |||
1171 | OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f | ||
1172 | |||
1173 | commit dfd591618cdf2c96727ac0eb65f89cf54af0d97e | ||
1174 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1175 | Date: Mon Jan 21 10:20:12 2019 +0000 | ||
1176 | |||
1177 | upstream: Add support for a PQC KEX/KEM: | ||
1178 | |||
1179 | sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime | ||
1180 | 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not | ||
1181 | enabled by default. | ||
1182 | |||
1183 | introduce KEM API; a simplified framework for DH-ish KEX methods. | ||
1184 | |||
1185 | from markus@ feedback & ok djm@ | ||
1186 | |||
1187 | OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7 | ||
1188 | |||
1189 | commit b1b2ff4ed559051d1035419f8f236275fa66d5d6 | ||
1190 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1191 | Date: Mon Jan 21 10:07:22 2019 +0000 | ||
1192 | |||
1193 | upstream: factor out kex_verify_hostkey() - again, duplicated | ||
1194 | |||
1195 | almost exactly across client and server for several KEX methods. | ||
1196 | |||
1197 | from markus@ ok djm@ | ||
1198 | |||
1199 | OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c | ||
1200 | |||
1201 | commit bb39bafb6dc520cc097780f4611a52da7f19c3e2 | ||
1202 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1203 | Date: Mon Jan 21 10:05:09 2019 +0000 | ||
1204 | |||
1205 | upstream: factor out kex_load_hostkey() - this is duplicated in | ||
1206 | |||
1207 | both the client and server implementations for most KEX methods. | ||
1208 | |||
1209 | from markus@ ok djm@ | ||
1210 | |||
1211 | OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c | ||
1212 | |||
1213 | commit dec5e9d33891e3bc3f1395d7db0e56fdc7f86dfc | ||
1214 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1215 | Date: Mon Jan 21 10:03:37 2019 +0000 | ||
1216 | |||
1217 | upstream: factor out kex_dh_compute_key() - it's shared between | ||
1218 | |||
1219 | plain DH KEX and DH GEX in both the client and server implementations | ||
1220 | |||
1221 | from markus@ ok djm@ | ||
1222 | |||
1223 | OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec | ||
1224 | |||
1225 | commit e93bd98eab79b9a78f64ee8dd4dffc4d3979c7ae | ||
1226 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1227 | Date: Mon Jan 21 10:00:23 2019 +0000 | ||
1228 | |||
1229 | upstream: factor out DH keygen; it's identical between the client | ||
1230 | |||
1231 | and the server | ||
1232 | |||
1233 | from markus@ ok djm@ | ||
1234 | |||
1235 | OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9 | ||
1236 | |||
1237 | commit 5ae3f6d314465026d028af82609c1d49ad197655 | ||
1238 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1239 | Date: Mon Jan 21 09:55:52 2019 +0000 | ||
1240 | |||
1241 | upstream: save the derived session id in kex_derive_keys() rather | ||
1242 | |||
1243 | than making each kex method implementation do it. | ||
1244 | |||
1245 | from markus@ ok djm@ | ||
1246 | |||
1247 | OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673 | ||
1248 | |||
1249 | commit 7be8572b32a15d5c3dba897f252e2e04e991c307 | ||
1250 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1251 | Date: Mon Jan 21 09:54:11 2019 +0000 | ||
1252 | |||
1253 | upstream: Make sshpkt_get_bignum2() allocate the bignum it is | ||
1254 | |||
1255 | parsing rather than make the caller do it. Saves a lot of boilerplate code. | ||
1256 | |||
1257 | from markus@ ok djm@ | ||
1258 | |||
1259 | OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9 | ||
1260 | |||
1261 | commit 803178bd5da7e72be94ba5b4c4c196d4b542da4d | ||
1262 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1263 | Date: Mon Jan 21 09:52:25 2019 +0000 | ||
1264 | |||
1265 | upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1 | ||
1266 | |||
1267 | functions | ||
1268 | |||
1269 | from markus@ ok djm@ | ||
1270 | |||
1271 | OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e | ||
1272 | |||
1273 | commit f3ebaffd8714be31d4345f90af64992de4b3bba2 | ||
1274 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1275 | Date: Mon Jan 21 09:49:37 2019 +0000 | ||
1276 | |||
1277 | upstream: fix all-zero check in kexc25519_shared_key | ||
1278 | |||
1279 | from markus@ ok djm@ | ||
1280 | |||
1281 | OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d | ||
1282 | |||
1283 | commit 9d1a9771d0ad3a83af733bf3d2650b53f43c269f | ||
1284 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1285 | Date: Mon Jan 21 07:09:10 2019 +0000 | ||
1286 | |||
1287 | upstream: - -T was added to the first synopsis by mistake - since | ||
1288 | |||
1289 | "..." denotes optional, no need to surround it in [] | ||
1290 | |||
1291 | ok djm | ||
1292 | |||
1293 | OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25 | ||
1294 | |||
1295 | commit 2f0bad2bf85391dbb41315ab55032ec522660617 | ||
1296 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1297 | Date: Mon Jan 21 21:28:27 2019 +1100 | ||
1298 | |||
1299 | Make --with-rpath take a flag instead of yes/no. | ||
1300 | |||
1301 | Linkers need various flags for -rpath and similar, so make --with-rpath | ||
1302 | take an optional flag argument which is passed to the linker. ok djm@ | ||
1303 | |||
1304 | commit 23490a6c970ea1d03581a3b4208f2eb7a675f453 | ||
1305 | Author: Damien Miller <djm@mindrot.org> | ||
1306 | Date: Mon Jan 21 15:05:43 2019 +1100 | ||
1307 | |||
1308 | fix previous test | ||
1309 | |||
1310 | commit b6dd3277f2c49f9584a2097bc792e8f480397e87 | ||
1311 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1312 | Date: Mon Jan 21 13:50:17 2019 +1100 | ||
1313 | |||
1314 | Wrap ECC static globals in EC_KEY_METHOD_NEW too. | ||
1315 | |||
1316 | commit b2eb9db35b7191613f2f4b934d57b25938bb34b3 | ||
1317 | Author: Damien Miller <djm@mindrot.org> | ||
1318 | Date: Mon Jan 21 12:53:40 2019 +1100 | ||
1319 | |||
1320 | pass TEST_SSH_SSHPKCS11HELPER to regress tests | ||
1321 | |||
1322 | commit ba58a529f45b3dae2db68607d8c54ae96e90e705 | ||
1323 | Author: Damien Miller <djm@mindrot.org> | ||
1324 | Date: Mon Jan 21 12:31:29 2019 +1100 | ||
1325 | |||
1326 | make agent-pkcs11 search harder for softhsm2.so | ||
1327 | |||
1328 | commit 662be40c62339ab645113c930ce689466f028938 | ||
1329 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1330 | Date: Mon Jan 21 02:05:38 2019 +0000 | ||
1331 | |||
1332 | upstream: always print the caller's error message in ossl_error(), | ||
1333 | |||
1334 | even when there are no libcrypto errors to report. | ||
1335 | |||
1336 | OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a | ||
1337 | |||
1338 | commit ce46c3a077dfb4c531ccffcfff03f37775725b75 | ||
1339 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1340 | Date: Mon Jan 21 02:01:03 2019 +0000 | ||
1341 | |||
1342 | upstream: get the ex_data (pkcs11_key object) back from the keys at | ||
1343 | |||
1344 | the index at which it was inserted, rather than assuming index 0 | ||
1345 | |||
1346 | OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8 | ||
1347 | |||
1348 | commit 0a5f2ea35626022299ece3c8817a1abe8cf37b3e | ||
1349 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1350 | Date: Mon Jan 21 01:05:00 2019 +0000 | ||
1351 | |||
1352 | upstream: GSSAPI code got missed when converting to new packet API | ||
1353 | |||
1354 | OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851 | ||
1355 | |||
1356 | commit 2efcf812b4c1555ca3aff744820a3b3bccd68298 | ||
1357 | Author: Damien Miller <djm@mindrot.org> | ||
1358 | Date: Mon Jan 21 11:57:21 2019 +1100 | ||
1359 | |||
1360 | Fix -Wunused when compiling PKCS#11 without ECDSA | ||
1361 | |||
1362 | commit 3c0c657ed7cd335fc05c0852d88232ca7e92a5d9 | ||
1363 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1364 | Date: Sun Jan 20 23:26:44 2019 +0000 | ||
1365 | |||
1366 | upstream: allow override of ssh-pkcs11-helper binary via | ||
1367 | |||
1368 | $TEST_SSH_SSHPKCS11HELPER from markus@ | ||
1369 | |||
1370 | OpenBSD-Regress-ID: 7382a3d76746f5a792d106912a5819fd5e49e469 | ||
1371 | |||
1372 | commit 760ae37b4505453c6fa4faf1aa39a8671ab053af | ||
1373 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1374 | Date: Sun Jan 20 23:25:25 2019 +0000 | ||
1375 | |||
1376 | upstream: adapt agent-pkcs11.sh test to softhsm2 and add support | ||
1377 | |||
1378 | for ECDSA keys | ||
1379 | |||
1380 | work by markus@, ok djm@ | ||
1381 | |||
1382 | OpenBSD-Regress-ID: 1ebc2be0e88eff1b6d8be2f9c00cdc60723509fe | ||
1383 | |||
1384 | commit b2ce8b31a1f974a13e6d12e0a0c132b50bc45115 | ||
1385 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1386 | Date: Sun Jan 20 23:24:19 2019 +0000 | ||
1387 | |||
1388 | upstream: add "extra:" target to run some extra tests that are not | ||
1389 | |||
1390 | enabled by default (currently includes agent-pkcs11.sh); from markus@ | ||
1391 | |||
1392 | OpenBSD-Regress-ID: 9a969e1adcd117fea174d368dcb9c61eb50a2a3c | ||
1393 | |||
1394 | commit 632976418d60b7193597bbc6ac7ca33981a41aab | ||
1395 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1396 | Date: Mon Jan 21 00:47:34 2019 +0000 | ||
1397 | |||
1398 | upstream: use ECDSA_SIG_set0() instead of poking signature values into | ||
1399 | |||
1400 | structure directly; the latter works on LibreSSL but not on OpenSSL. From | ||
1401 | portable. | ||
1402 | |||
1403 | OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a029167f70a481891c6 | ||
1404 | |||
1405 | commit 5de6ac2bad11175135d9b819b3546db0ca0b4878 | ||
1406 | Author: Damien Miller <djm@mindrot.org> | ||
1407 | Date: Mon Jan 21 11:44:19 2019 +1100 | ||
1408 | |||
1409 | remove HAVE_DLOPEN that snuck in | ||
1410 | |||
1411 | portable doesn't use this | ||
1412 | |||
1413 | commit e2cb445d786f7572da2af93e3433308eaed1093a | ||
1414 | Author: Damien Miller <djm@mindrot.org> | ||
1415 | Date: Mon Jan 21 11:32:28 2019 +1100 | ||
1416 | |||
1417 | conditionalise ECDSA PKCS#11 support | ||
1418 | |||
1419 | Require EC_KEY_METHOD support in libcrypto, evidenced by presence | ||
1420 | of EC_KEY_METHOD_new() function. | ||
1421 | |||
1422 | commit fcb1b0937182d0137a3c357c89735d0dc5869d54 | ||
1423 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1424 | Date: Sun Jan 20 23:12:35 2019 +0000 | ||
1425 | |||
1426 | upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD | ||
1427 | |||
1428 | now, so there is no need to keep a copy of each in the pkcs11_key object. | ||
1429 | |||
1430 | work by markus@, ok djm@ | ||
1431 | |||
1432 | OpenBSD-Commit-ID: 43b4856516e45c0595f17a8e95b2daee05f12faa | ||
1433 | |||
1434 | commit 6529409e85890cd6df7e5e81d04e393b1d2e4b0b | ||
1435 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1436 | Date: Sun Jan 20 23:11:11 2019 +0000 | ||
1437 | |||
1438 | upstream: KNF previous; from markus@ | ||
1439 | |||
1440 | OpenBSD-Commit-ID: 3dfe35e25b310c3968b1e4e53a0cb1d03bda5395 | ||
1441 | |||
1442 | commit 58622a8c82f4e2aad630580543f51ba537c1f39e | ||
1443 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1444 | Date: Sun Jan 20 23:10:33 2019 +0000 | ||
1445 | |||
1446 | upstream: use OpenSSL's RSA reference counting hooks to | ||
1447 | |||
1448 | implicitly clean up pkcs11_key objects when their owning RSA object's | ||
1449 | reference count drops to zero. Simplifies the cleanup path and makes it more | ||
1450 | like ECDSA's | ||
1451 | |||
1452 | work by markus@, ok djm@ | ||
1453 | |||
1454 | OpenBSD-Commit-ID: 74b9c98f405cd78f7148e9e4a4982336cd3df25c | ||
1455 | |||
1456 | commit f118542fc82a3b3ab0360955b33bc5a271ea709f | ||
1457 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1458 | Date: Sun Jan 20 23:08:24 2019 +0000 | ||
1459 | |||
1460 | upstream: make the PKCS#11 RSA code more like the new PKCS#11 | ||
1461 | |||
1462 | ECDSA code: use a single custom RSA_METHOD instead of a method per key | ||
1463 | |||
1464 | suggested by me, but markus@ did all the work. | ||
1465 | ok djm@ | ||
1466 | |||
1467 | OpenBSD-Commit-ID: 8aafcebe923dc742fc5537a995cee549d07e4b2e | ||
1468 | |||
1469 | commit 445cfce49dfc904c6b8ab25afa2f43130296c1a5 | ||
1470 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1471 | Date: Sun Jan 20 23:05:52 2019 +0000 | ||
1472 | |||
1473 | upstream: fix leak of ECDSA pkcs11_key objects | ||
1474 | |||
1475 | work by markus, ok djm@ | ||
1476 | |||
1477 | OpenBSD-Commit-ID: 9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1 | ||
1478 | |||
1479 | commit 8a2467583f0b5760787273796ec929190c3f16ee | ||
1480 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1481 | Date: Sun Jan 20 23:03:26 2019 +0000 | ||
1482 | |||
1483 | upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of | ||
1484 | |||
1485 | EC_KEY internals as that won't work on OpenSSL | ||
1486 | |||
1487 | work by markus@, feedback and ok djm@ | ||
1488 | |||
1489 | OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700 | ||
1490 | |||
1491 | commit 24757c1ae309324e98d50e5935478655be04e549 | ||
1492 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1493 | Date: Sun Jan 20 23:01:59 2019 +0000 | ||
1494 | |||
1495 | upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned | ||
1496 | |||
1497 | object should never have a DER header | ||
1498 | |||
1499 | work by markus; feedback and ok djm@ | ||
1500 | |||
1501 | OpenBSD-Commit-ID: b617fa585eddbbf0b1245b58b7a3c4b8d613db17 | ||
1502 | |||
1503 | commit 749aef30321595435ddacef2f31d7a8f2b289309 | ||
1504 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1505 | Date: Sun Jan 20 23:00:12 2019 +0000 | ||
1506 | |||
1507 | upstream: cleanup unnecessary code in ECDSA pkcs#11 signature | ||
1508 | |||
1509 | work by markus@, feedback and ok djm@ | ||
1510 | |||
1511 | OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d | ||
1512 | |||
1513 | commit 0c50992af49b562970dd0ba3f8f151f1119e260e | ||
1514 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1515 | Date: Sun Jan 20 22:57:45 2019 +0000 | ||
1516 | |||
1517 | upstream: cleanup pkcs#11 client code: use sshkey_new in instead | ||
1518 | |||
1519 | of stack- allocating a sshkey | ||
1520 | |||
1521 | work by markus@, ok djm@ | ||
1522 | |||
1523 | OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91 | ||
1524 | |||
1525 | commit 854bd8674ee5074a239f7cadf757d55454802e41 | ||
1526 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1527 | Date: Sun Jan 20 22:54:30 2019 +0000 | ||
1528 | |||
1529 | upstream: allow override of the pkcs#11 helper binary via | ||
1530 | |||
1531 | $SSH_PKCS11_HELPER; needed for regress tests. | ||
1532 | |||
1533 | work by markus@, ok me | ||
1534 | |||
1535 | OpenBSD-Commit-ID: f78d8185500bd7c37aeaf7bd27336db62f0f7a83 | ||
1536 | |||
1537 | commit 93f02107f44d63a016d8c23ebd2ca9205c495c48 | ||
1538 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1539 | Date: Sun Jan 20 22:51:37 2019 +0000 | ||
1540 | |||
1541 | upstream: add support for ECDSA keys in PKCS#11 tokens | ||
1542 | |||
1543 | Work by markus@ and Pedro Martelletto, feedback and ok me@ | ||
1544 | |||
1545 | OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424 | ||
1546 | |||
1547 | commit aa22c20e0c36c2fc610cfcc793b0d14079c38814 | ||
1548 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1549 | Date: Sun Jan 20 22:03:29 2019 +0000 | ||
1550 | |||
1551 | upstream: add option to test whether keys in an agent are usable, | ||
1552 | |||
1553 | by performing a signature and a verification using each key "ssh-add -T | ||
1554 | pubkey [...]" | ||
1555 | |||
1556 | work by markus@, ok djm@ | ||
1557 | |||
1558 | OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b | ||
1559 | |||
1560 | commit a36b0b14a12971086034d53c0c3dfbad07665abe | ||
1561 | Author: tb@openbsd.org <tb@openbsd.org> | ||
1562 | Date: Sun Jan 20 02:01:59 2019 +0000 | ||
1563 | |||
1564 | upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on | ||
1565 | |||
1566 | error. | ||
1567 | |||
1568 | Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd | ||
1569 | by David Benjamin. | ||
1570 | |||
1571 | ok djm, dtucker | ||
1572 | |||
1573 | OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8 | ||
1574 | |||
1575 | commit ec4776bb01dd8d61fddc7d2a31ab10bf3d3d829a | ||
1576 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1577 | Date: Sun Jan 20 01:12:40 2019 +0000 | ||
1578 | |||
1579 | upstream: DH-GEX min value is now specified in RFC8270. ok djm@ | ||
1580 | |||
1581 | OpenBSD-Commit-ID: 1229d0feb1d0ecefe05bf67a17578b263e991acc | ||
1582 | |||
1583 | commit c90a7928c4191303e76a8c58b9008d464287ae1b | ||
1584 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1585 | Date: Mon Jan 21 09:22:36 2019 +1100 | ||
1586 | |||
1587 | Check for cc before gcc. | ||
1588 | |||
1589 | If cc is something other than gcc and is the system compiler prefer using | ||
1590 | that, unless otherwise told via $CC. ok djm@ | ||
1591 | |||
1592 | commit 9b655dc9c9a353f0a527f0c6c43a5e35653c9503 | ||
1593 | Author: Damien Miller <djm@mindrot.org> | ||
1594 | Date: Sun Jan 20 14:55:27 2019 +1100 | ||
1595 | |||
1596 | last bits of old packet API / active_state global | ||
1597 | |||
1598 | commit 3f0786bbe73609ac96e5a0d91425ee21129f8e04 | ||
1599 | Author: Damien Miller <djm@mindrot.org> | ||
1600 | Date: Sun Jan 20 10:22:18 2019 +1100 | ||
1601 | |||
1602 | remove PAM dependencies on old packet API | ||
1603 | |||
1604 | Requires some caching of values, because the PAM code isn't | ||
1605 | always called with packet context. | ||
1606 | |||
1607 | commit 08f66d9f17e12c1140d1f1cf5c4dce67e915d3cc | ||
1608 | Author: Damien Miller <djm@mindrot.org> | ||
1609 | Date: Sun Jan 20 09:58:45 2019 +1100 | ||
1610 | |||
1611 | remove vestiges of old packet API from loginrec.c | ||
1612 | |||
1613 | commit c327813ea1d740e3e367109c17873815aba1328e | ||
1614 | Author: Damien Miller <djm@mindrot.org> | ||
1615 | Date: Sun Jan 20 09:45:38 2019 +1100 | ||
1616 | |||
1617 | depend | ||
1618 | |||
1619 | commit 135e302cfdbe91817294317c337cc38c3ff01cba | ||
1620 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1621 | Date: Sat Jan 19 22:30:52 2019 +0000 | ||
1622 | |||
1623 | upstream: fix error in refactor: use ssh_packet_disconnect() instead of | ||
1624 | |||
1625 | sshpkt_error(). The first one logs the error and exits (what we want) instead | ||
1626 | of just logging and blundering on. | ||
1627 | |||
1628 | OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae | ||
1629 | |||
1630 | commit 245c6a0b220b58686ee35bc5fc1c359e9be2faaa | ||
1631 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1632 | Date: Sat Jan 19 21:45:31 2019 +0000 | ||
1633 | |||
1634 | upstream: remove last traces of old packet API! | ||
1635 | |||
1636 | with & ok markus@ | ||
1637 | |||
1638 | OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d | ||
1639 | |||
1640 | commit 04c091fc199f17dacf8921df0a06634b454e2722 | ||
1641 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1642 | Date: Sat Jan 19 21:43:56 2019 +0000 | ||
1643 | |||
1644 | upstream: remove last references to active_state | ||
1645 | |||
1646 | with & ok markus@ | ||
1647 | |||
1648 | OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2 | ||
1649 | |||
1650 | commit ec00f918b8ad90295044266c433340a8adc93452 | ||
1651 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1652 | Date: Sat Jan 19 21:43:07 2019 +0000 | ||
1653 | |||
1654 | upstream: convert monitor.c to new packet API | ||
1655 | |||
1656 | with & ok markus@ | ||
1657 | |||
1658 | OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5 | ||
1659 | |||
1660 | commit 6350e0316981489d4205952d6904d6fedba5bfe0 | ||
1661 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1662 | Date: Sat Jan 19 21:42:30 2019 +0000 | ||
1663 | |||
1664 | upstream: convert sshd.c to new packet API | ||
1665 | |||
1666 | with & ok markus@ | ||
1667 | |||
1668 | OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891 | ||
1669 | |||
1670 | commit a5e2ad88acff2b7d131ee6d5dc5d339b0f8c6a6d | ||
1671 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1672 | Date: Sat Jan 19 21:41:53 2019 +0000 | ||
1673 | |||
1674 | upstream: convert session.c to new packet API | ||
1675 | |||
1676 | with & ok markus@ | ||
1677 | |||
1678 | OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e | ||
1679 | |||
1680 | commit 3a00a921590d4c4b7e96df11bb10e6f9253ad45e | ||
1681 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1682 | Date: Sat Jan 19 21:41:18 2019 +0000 | ||
1683 | |||
1684 | upstream: convert auth.c to new packet API | ||
1685 | |||
1686 | with & ok markus@ | ||
1687 | |||
1688 | OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4 | ||
1689 | |||
1690 | commit 7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d | ||
1691 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1692 | Date: Sat Jan 19 21:40:48 2019 +0000 | ||
1693 | |||
1694 | upstream: convert serverloop.c to new packet API | ||
1695 | |||
1696 | with & ok markus@ | ||
1697 | |||
1698 | OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885 | ||
1699 | |||
1700 | commit 64c9598ac05332d1327cbf55334dee4172d216c4 | ||
1701 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1702 | Date: Sat Jan 19 21:40:21 2019 +0000 | ||
1703 | |||
1704 | upstream: convert the remainder of sshconnect2.c to new packet | ||
1705 | |||
1706 | API | ||
1707 | |||
1708 | with & ok markus@ | ||
1709 | |||
1710 | OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71 | ||
1711 | |||
1712 | commit bc5e1169d101d16e3a5962a928db2bc49a8ef5a3 | ||
1713 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1714 | Date: Sat Jan 19 21:39:12 2019 +0000 | ||
1715 | |||
1716 | upstream: convert the remainder of clientloop.c to new packet API | ||
1717 | |||
1718 | with & ok markus@ | ||
1719 | |||
1720 | OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e | ||
1721 | |||
1722 | commit 5ebce136a6105f084db8f0d7ee41981d42daec40 | ||
1723 | Author: Damien Miller <djm@mindrot.org> | ||
1724 | Date: Sun Jan 20 09:44:53 2019 +1100 | ||
1725 | |||
1726 | upstream: convert auth2.c to new packet API | ||
1727 | |||
1728 | OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999 | ||
1729 | |||
1730 | commit 172a592a53ebe8649c4ac0d7946e6c08eb151af6 | ||
1731 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1732 | Date: Sat Jan 19 21:37:48 2019 +0000 | ||
1733 | |||
1734 | upstream: convert servconf.c to new packet API | ||
1735 | |||
1736 | with & ok markus@ | ||
1737 | |||
1738 | OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4 | ||
1739 | |||
1740 | commit 8cc7a679d29cf6ecccfa08191e688c7f81ef95c2 | ||
1741 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1742 | Date: Sat Jan 19 21:37:13 2019 +0000 | ||
1743 | |||
1744 | upstream: convert channels.c to new packet API | ||
1745 | |||
1746 | with & ok markus@ | ||
1747 | |||
1748 | OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c | ||
1749 | |||
1750 | commit 06232038c794c7dfcb087be0ab0b3e65b09fd396 | ||
1751 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1752 | Date: Sat Jan 19 21:36:38 2019 +0000 | ||
1753 | |||
1754 | upstream: convert sshconnect.c to new packet API | ||
1755 | |||
1756 | with & ok markus@ | ||
1757 | |||
1758 | OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f | ||
1759 | |||
1760 | commit 25b2ed667216314471bb66752442c55b95792dc3 | ||
1761 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1762 | Date: Sat Jan 19 21:36:06 2019 +0000 | ||
1763 | |||
1764 | upstream: convert ssh.c to new packet API | ||
1765 | |||
1766 | with & ok markus@ | ||
1767 | |||
1768 | OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21 | ||
1769 | |||
1770 | commit e3128b38623eef2fa8d6e7ae934d3bd08c7e973e | ||
1771 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1772 | Date: Sat Jan 19 21:35:25 2019 +0000 | ||
1773 | |||
1774 | upstream: convert mux.c to new packet API | ||
1775 | |||
1776 | with & ok markus@ | ||
1777 | |||
1778 | OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802 | ||
1779 | |||
1780 | commit ed1df7226caf3a943a36d580d4d4e9275f8a61ee | ||
1781 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1782 | Date: Sat Jan 19 21:34:45 2019 +0000 | ||
1783 | |||
1784 | upstream: convert sshconnect2.c to new packet API | ||
1785 | |||
1786 | with & ok markus@ | ||
1787 | |||
1788 | OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58 | ||
1789 | |||
1790 | commit 23f22a4aaa923c61ec49a99ebaa383656e87fa40 | ||
1791 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1792 | Date: Sat Jan 19 21:33:57 2019 +0000 | ||
1793 | |||
1794 | upstream: convert clientloop.c to new packet API | ||
1795 | |||
1796 | with & ok markus@ | ||
1797 | |||
1798 | OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa | ||
1799 | |||
1800 | commit ad60b1179c9682ca5aef0b346f99ef68cbbbc4e5 | ||
1801 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1802 | Date: Sat Jan 19 21:33:13 2019 +0000 | ||
1803 | |||
1804 | upstream: allow sshpkt_fatal() to take a varargs format; we'll | ||
1805 | |||
1806 | use this to give packet-related fatal error messages more context (esp. the | ||
1807 | remote endpoint) ok markus@ | ||
1808 | |||
1809 | OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50 | ||
1810 | |||
1811 | commit 0fa174ebe129f3d0aeaf4e2d1dd8de745870d0ff | ||
1812 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1813 | Date: Sat Jan 19 21:31:32 2019 +0000 | ||
1814 | |||
1815 | upstream: begin landing remaining refactoring of packet parsing | ||
1816 | |||
1817 | API, started almost exactly six years ago. | ||
1818 | |||
1819 | This change stops including the old packet_* API by default and makes | ||
1820 | each file that requires the old API include it explicitly. We will | ||
1821 | commit file-by-file refactoring to remove the old API in consistent | ||
1822 | steps. | ||
1823 | |||
1824 | with & ok markus@ | ||
1825 | |||
1826 | OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4 | ||
1827 | |||
1828 | commit 4ae7f80dfd02f2bde912a67c9f338f61e90fa79f | ||
1829 | Author: tb@openbsd.org <tb@openbsd.org> | ||
1830 | Date: Sat Jan 19 04:15:56 2019 +0000 | ||
1831 | |||
1832 | upstream: Print an \r in front of the password prompt so parts of | ||
1833 | |||
1834 | a password that was entered too early are likely clobbered by the prompt. | ||
1835 | Idea from doas. | ||
1836 | |||
1837 | from and ok djm | ||
1838 | "i like it" deraadt | ||
1839 | |||
1840 | OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e | ||
1841 | |||
1842 | commit a6258e5dc314c7d504ac9f0fbc3be96475581dbe | ||
1843 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1844 | Date: Fri Jan 18 11:09:01 2019 +1100 | ||
1845 | |||
1846 | Add minimal fchownat and fchmodat implementations. | ||
1847 | |||
1848 | Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10. | ||
1849 | |||
1850 | commit 091093d25802b87d3b2b09f2c88d9f33e1ae5562 | ||
1851 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1852 | Date: Fri Jan 18 12:11:42 2019 +1300 | ||
1853 | |||
1854 | Add a minimal implementation of utimensat(). | ||
1855 | |||
1856 | Some systems (eg older OS X) do not have utimensat, so provide minimal | ||
1857 | implementation in compat layer. Fixes build on at least El Capitan. | ||
1858 | |||
1859 | commit 609644027dde1f82213699cb6599e584c7efcb75 | ||
1860 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1861 | Date: Tue Jan 1 22:20:16 2019 +0000 | ||
1862 | |||
1863 | upstream: regress bits for banner processing refactor (this test was | ||
1864 | |||
1865 | depending on ssh returning a particular error message for banner parsing | ||
1866 | failure) | ||
1867 | |||
1868 | reminded by bluhm@ | ||
1869 | |||
1870 | OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575 | ||
1871 | |||
1872 | commit f47d72ddad75b93d3cbc781718b0fa9046c03df8 | ||
1873 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1874 | Date: Thu Jan 17 04:45:09 2019 +0000 | ||
1875 | |||
1876 | upstream: tun_fwd_ifnames variable should b | ||
1877 | |||
1878 | =?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?= | ||
1879 | MIME-Version: 1.0 | ||
1880 | Content-Type: text/plain; charset=UTF-8 | ||
1881 | Content-Transfer-Encoding: 8bit | ||
1882 | |||
1883 | OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271 | ||
1884 | |||
1885 | commit 943d0965263cae1c080ce5a9d0b5aa341885e55d | ||
1886 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1887 | Date: Thu Jan 17 04:20:53 2019 +0000 | ||
1888 | |||
1889 | upstream: include time.h for time(3)/nanosleep(2); from Ian | ||
1890 | |||
1891 | McKellar | ||
1892 | |||
1893 | OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51 | ||
1894 | |||
1895 | commit dbb4dec6d5d671b5e9d67ef02162a610ad052068 | ||
1896 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1897 | Date: Thu Jan 17 01:50:24 2019 +0000 | ||
1898 | |||
1899 | upstream: many of the global variables in this file can be made static; | ||
1900 | |||
1901 | patch from Markus Schmidt | ||
1902 | |||
1903 | OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737 | ||
1904 | |||
1905 | commit 60d8c84e0887514c99c9ce071965fafaa1c3d34a | ||
1906 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1907 | Date: Wed Jan 16 23:23:45 2019 +0000 | ||
1908 | |||
1909 | upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to | ||
1910 | |||
1911 | request they do not follow symlinks. Requires recently-committed | ||
1912 | lsetstat@openssh.com extension on the server side. | ||
1913 | |||
1914 | ok markus@ dtucker@ | ||
1915 | |||
1916 | OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604 | ||
1917 | |||
1918 | commit dbbc7e0eab7262f34b8e0cd6efecd1c77b905ed0 | ||
1919 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1920 | Date: Wed Jan 16 23:22:10 2019 +0000 | ||
1921 | |||
1922 | upstream: add support for a "lsetstat@openssh.com" extension. This | ||
1923 | |||
1924 | replicates the functionality of the existing SSH2_FXP_SETSTAT operation but | ||
1925 | does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but | ||
1926 | with more attribute modifications supported. | ||
1927 | |||
1928 | ok markus@ dtucker@ | ||
1929 | |||
1930 | OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80 | ||
1931 | |||
1932 | commit 4a526941d328fc3d97068c6a4cbd9b71b70fe5e1 | ||
1933 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1934 | Date: Fri Jan 4 03:27:50 2019 +0000 | ||
1935 | |||
1936 | upstream: eliminate function-static attempt counters for | ||
1937 | |||
1938 | passwd/kbdint authmethods by moving them to the client authctxt; Patch from | ||
1939 | Markus Schmidt, ok markus@ | ||
1940 | |||
1941 | OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f | ||
1942 | |||
1943 | commit 8a8183474c41bd6cebaa917346b549af2239ba2f | ||
1944 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1945 | Date: Fri Jan 4 03:23:00 2019 +0000 | ||
1946 | |||
1947 | upstream: fix memory leak of ciphercontext when rekeying; bz#2942 | ||
1948 | |||
1949 | Patch from Markus Schmidt; ok markus@ | ||
1950 | |||
1951 | OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd | ||
1952 | |||
1953 | commit 5bed70afce0907b6217418d0655724c99b683d93 | ||
1954 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1955 | Date: Tue Jan 1 23:10:53 2019 +0000 | ||
1956 | |||
1957 | upstream: static on global vars, const on handler tables that contain | ||
1958 | |||
1959 | function pointers; from Mike Frysinger | ||
1960 | |||
1961 | OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0 | ||
1962 | |||
1963 | commit 007a88b48c97d092ed2f501bbdcb70d9925277be | ||
1964 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1965 | Date: Thu Dec 27 23:02:11 2018 +0000 | ||
1966 | |||
1967 | upstream: Request RSA-SHA2 signatures for | ||
1968 | |||
1969 | rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@ | ||
1970 | |||
1971 | OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033 | ||
1972 | |||
1973 | commit eb347d086c35428c47fe52b34588cbbc9b49d9a6 | ||
1974 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1975 | Date: Thu Dec 27 03:37:49 2018 +0000 | ||
1976 | |||
1977 | upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so | ||
1978 | |||
1979 | don't do explicit kex_free() beforehand | ||
1980 | |||
1981 | OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf | ||
1982 | |||
1983 | commit bb542f0cf6f7511a22a08c492861e256a82376a9 | ||
1984 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
1985 | Date: Sat Dec 15 00:50:21 2018 +0000 | ||
1986 | |||
1987 | upstream: remove unused and problematic sudo clean. ok espie | ||
1988 | |||
1989 | OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b | ||
1990 | |||
1991 | commit 0a843d9a0e805f14653a555f5c7a8ba99d62c12d | ||
1992 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1993 | Date: Thu Dec 27 03:25:24 2018 +0000 | ||
1994 | |||
1995 | upstream: move client/server SSH-* banners to buffers under | ||
1996 | |||
1997 | ssh->kex and factor out the banner exchange. This eliminates some common code | ||
1998 | from the client and server. | ||
1999 | |||
2000 | Also be more strict about handling \r characters - these should only | ||
2001 | be accepted immediately before \n (pointed out by Jann Horn). | ||
2002 | |||
2003 | Inspired by a patch from Markus Schmidt. | ||
2004 | (lots of) feedback and ok markus@ | ||
2005 | |||
2006 | OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b | ||
2007 | |||
2008 | commit 434b587afe41c19391821e7392005068fda76248 | ||
2009 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2010 | Date: Fri Dec 7 04:36:09 2018 +0000 | ||
2011 | |||
2012 | upstream: Fix calculation of initial bandwidth limits. Account for | ||
2013 | |||
2014 | written bytes before the initial timer check so that the first buffer written | ||
2015 | is accounted. Set the threshold after which the timer is checked such that | ||
2016 | the limit starts being computed as soon as possible, ie after the second | ||
2017 | buffer is written. This prevents an initial burst of traffic and provides a | ||
2018 | more accurate bandwidth limit. bz#2927, ok djm. | ||
2019 | |||
2020 | OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6 | ||
2021 | |||
2022 | commit a6a0788cbbe8dfce2819ee43b09c80725742e21c | ||
2023 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2024 | Date: Fri Dec 7 03:39:40 2018 +0000 | ||
2025 | |||
2026 | upstream: only consider the ext-info-c extension during the initial | ||
2027 | |||
2028 | KEX. It shouldn't be sent in subsequent ones, but if it is present we should | ||
2029 | ignore it. | ||
2030 | |||
2031 | This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy | ||
2032 | these clients. Reported by Jakub Jelen via bz2929; ok dtucker@ | ||
2033 | |||
2034 | OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9 | ||
2035 | |||
2036 | commit 63bba57a32c5bb6158d57cf4c47022daf89c14a0 | ||
2037 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2038 | Date: Fri Dec 7 03:33:18 2018 +0000 | ||
2039 | |||
2040 | upstream: fix option letter pasto in previous | ||
2041 | |||
2042 | OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39 | ||
2043 | |||
2044 | commit 737e4edd82406595815efadc28ed5161b8b0c01a | ||
2045 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2046 | Date: Fri Dec 7 03:32:26 2018 +0000 | ||
2047 | |||
2048 | upstream: mention that the ssh-keygen -F (find host in | ||
2049 | |||
2050 | authorized_keys) and -R (remove host from authorized_keys) options may accept | ||
2051 | either a bare hostname or a [hostname]:port combo. bz#2935 | ||
2052 | |||
2053 | OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780 | ||
2054 | |||
2055 | commit 8a22ffaa13391cfe5b40316d938fe0fb931e9296 | ||
2056 | Author: Damien Miller <djm@mindrot.org> | ||
2057 | Date: Fri Dec 7 15:41:16 2018 +1100 | ||
2058 | |||
2059 | expose $SSH_CONNECTION in the PAM environment | ||
2060 | |||
2061 | This makes the connection 4-tuple available to PAM modules that | ||
2062 | wish to use it in decision-making. bz#2741 | ||
2063 | |||
2064 | commit a784fa8c7a7b084d63bae82ccfea902131bb45c5 | ||
2065 | Author: Kevin Adler <kadler@us.ibm.com> | ||
2066 | Date: Wed Dec 12 22:12:45 2018 -0600 | ||
2067 | |||
2068 | Don't pass loginmsg by address now that it's an sshbuf* | ||
2069 | |||
2070 | In 120a1ec74, loginmsg was changed from the legacy Buffer type | ||
2071 | to struct sshbuf*, but it missed changing calls to | ||
2072 | sys_auth_allowed_user and sys_auth_record_login which passed | ||
2073 | loginmsg by address. Now that it's a pointer, just pass it directly. | ||
2074 | |||
2075 | This only affects AIX, unless there are out of tree users. | ||
2076 | |||
2077 | commit 285310b897969a63ef224d39e7cc2b7316d86940 | ||
2078 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2079 | Date: Fri Dec 7 02:31:20 2018 +0000 | ||
2080 | |||
2081 | upstream: no need to allocate channels_pre/channels_post in | ||
2082 | |||
2083 | channel_init_channels() as we do it anyway in channel_handler_init() that we | ||
2084 | call at the end of the function. Fix from Markus Schmidt via bz#2938 | ||
2085 | |||
2086 | OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed | ||
2087 | |||
2088 | commit 87d6cf1cbc91df6815db8fe0acc7c910bc3d18e4 | ||
2089 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2090 | Date: Fri Nov 30 02:24:52 2018 +0000 | ||
2091 | |||
2092 | upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293 | ||
2093 | |||
2094 | OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929 | ||
2095 | |||
2096 | commit 91b19198c3f604f5eef2c56dbe36f29478243141 | ||
2097 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2098 | Date: Wed Nov 28 06:00:38 2018 +0000 | ||
2099 | |||
2100 | upstream: don't truncate user or host name in "user@host's | ||
2101 | |||
2102 | OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360 | ||
2103 | |||
2104 | commit dd0cf6318d9b4b3533bda1e3bc021b2cd7246b7a | ||
2105 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2106 | Date: Fri Nov 23 06:58:28 2018 +0000 | ||
2107 | |||
2108 | upstream: tweak previous; | ||
2109 | |||
2110 | OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f | ||
2111 | |||
2112 | commit 8a85f5458d1c802471ca899c97f89946f6666e61 | ||
2113 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2114 | Date: Sun Nov 25 21:44:05 2018 +1100 | ||
2115 | |||
2116 | Include stdio.h for FILE if needed. | ||
2117 | |||
2118 | commit 16fb23f25454991272bfe4598cc05d20fcd25116 | ||
2119 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2120 | Date: Sun Nov 25 14:05:57 2018 +1100 | ||
2121 | |||
2122 | Reverse order of OpenSSL init functions. | ||
2123 | |||
2124 | Try the new init function (OPENSSL_init_crypto) before falling back to | ||
2125 | the old one (OpenSSL_add_all_algorithms). | ||
2126 | |||
2127 | commit 98f878d2272bf8dff21f2a0265d963c29e33fed2 | ||
2128 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2129 | Date: Sun Nov 25 14:05:08 2018 +1100 | ||
2130 | |||
2131 | Improve OpenSSL_add_all_algorithms check. | ||
2132 | |||
2133 | OpenSSL_add_all_algorithms() may be a macro so check for that too. | ||
2134 | |||
2135 | commit 9e34e0c59ab04514f9de9934a772283f7f372afe | ||
2136 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2137 | Date: Fri Nov 23 05:08:07 2018 +0000 | ||
2138 | |||
2139 | upstream: add a ssh_config "Match final" predicate | ||
2140 | |||
2141 | Matches in same pass as "Match canonical" but doesn't require | ||
2142 | hostname canonicalisation be enabled. bz#2906 ok markus | ||
2143 | |||
2144 | OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa | ||
2145 | |||
2146 | commit 4da58d58736b065b1182b563d10ad6765d811c6d | ||
2147 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2148 | Date: Fri Nov 23 02:53:57 2018 +0000 | ||
2149 | |||
2150 | upstream: Remove now-unneeded ifdef SIGINFO around handler since it is | ||
2151 | |||
2152 | now always used for SIGUSR1 even when SIGINFO is not defined. This will make | ||
2153 | things simpler in -portable. | ||
2154 | |||
2155 | OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f | ||
2156 | |||
2157 | commit c721d5877509875c8515df0215fa1dab862013bc | ||
2158 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2159 | Date: Fri Nov 23 14:11:20 2018 +1100 | ||
2160 | |||
2161 | Move RANDOM_SEED_SIZE outside ifdef. | ||
2162 | |||
2163 | RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code | ||
2164 | This fixes the build with configureed --without-openssl. | ||
2165 | |||
2166 | commit deb51552c3ce7ce72c8d0232e4f36f2e7c118c7d | ||
2167 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2168 | Date: Thu Nov 22 19:59:28 2018 +1100 | ||
2169 | |||
2170 | Resync with OpenBSD by pulling in an ifdef SIGINFO. | ||
2171 | |||
2172 | commit 28c7b2cd050f4416bfcf3869a20e3ea138aa52fe | ||
2173 | Author: Damien Miller <djm@mindrot.org> | ||
2174 | Date: Fri Nov 23 10:45:20 2018 +1100 | ||
2175 | |||
2176 | fix configure test for OpenSSL version | ||
2177 | |||
2178 | square brackets in case statements may be eaten by autoconf. | ||
2179 | |||
2180 | Report and fix from Filipp Gunbin; tweaked by naddy@ | ||
2181 | |||
2182 | commit 42c5ec4b97b6a1bae70f323952d0646af16ce710 | ||
2183 | Author: Damien Miller <djm@mindrot.org> | ||
2184 | Date: Fri Nov 23 10:40:06 2018 +1100 | ||
2185 | |||
2186 | refactor libcrypto initialisation | ||
2187 | |||
2188 | Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually | ||
2189 | supports it. | ||
2190 | |||
2191 | Move all libcrypto initialisation to a single function, and call that | ||
2192 | from seed_rng() that is called early in each tool's main(). | ||
2193 | |||
2194 | Prompted by patch from Rosen Penev | ||
2195 | |||
2196 | commit 5b60b6c02009547a3e2a99d4886965de2a4719da | ||
2197 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2198 | Date: Thu Nov 22 08:59:11 2018 +0000 | ||
2199 | |||
2200 | upstream: Output info on SIGUSR1 as well as | ||
2201 | |||
2202 | SIGINFO to resync with portable. (ID sync only). | ||
2203 | |||
2204 | OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16 | ||
2205 | |||
2206 | commit e4ae345dc75b34fd870c2e8690d831d2c1088eb7 | ||
2207 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2208 | Date: Thu Nov 22 08:48:32 2018 +0000 | ||
2209 | |||
2210 | upstream: Append pid to temp files in /var/run and set a cleanup | ||
2211 | |||
2212 | trap for them. This allows multiple instances of tests to run without | ||
2213 | colliding. | ||
2214 | |||
2215 | OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c | ||
2216 | |||
2217 | commit f72d0f52effca5aa20a193217346615ecd3eed53 | ||
2218 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2219 | Date: Wed Oct 31 11:09:27 2018 +0000 | ||
2220 | |||
2221 | upstream: UsePrivilegeSeparation no is deprecated | ||
2222 | |||
2223 | test "yes" and "sandbox". | ||
2224 | |||
2225 | OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da | ||
2226 | |||
2227 | commit 35d0e5fefc419bddcbe09d7fc163d8cd3417125b | ||
2228 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2229 | Date: Wed Oct 17 23:28:05 2018 +0000 | ||
2230 | |||
2231 | upstream: add some knobs: | ||
2232 | |||
2233 | UNITTEST_FAST?= no # Skip slow tests (e.g. less intensive fuzzing). | ||
2234 | UNITTEST_SLOW?= no # Include slower tests (e.g. more intensive fuzzing). | ||
2235 | UNITTEST_VERBOSE?= no # Verbose test output (inc. per-test names). | ||
2236 | |||
2237 | useful if you want to run the tests as a smoke test to exercise the | ||
2238 | functionality without waiting for all the fuzzers to run. | ||
2239 | |||
2240 | OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e | ||
2241 | |||
2242 | commit c1941293d9422a14dda372b4c21895e72aa7a063 | ||
2243 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2244 | Date: Thu Nov 22 15:52:26 2018 +1100 | ||
2245 | |||
2246 | Resync Makefile.inc with upstream. | ||
2247 | |||
2248 | It's unused in -portable, but having it out of sync makes other syncs | ||
2249 | fail to apply. | ||
2250 | |||
2251 | commit 928f1231f65f88cd4c73e6e0edd63d2cf6295d77 | ||
2252 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2253 | Date: Mon Nov 19 04:12:32 2018 +0000 | ||
2254 | |||
2255 | upstream: silence (to log level debug2) failure messages when | ||
2256 | |||
2257 | loading the default hostkeys. Hostkeys explicitly specified in the | ||
2258 | configuration or on the command-line are still reported as errors, and | ||
2259 | failure to load at least one host key remains a fatal error. | ||
2260 | MIME-Version: 1.0 | ||
2261 | Content-Type: text/plain; charset=UTF-8 | ||
2262 | Content-Transfer-Encoding: 8bit | ||
2263 | |||
2264 | Based on patch from Dag-Erling Smørgrav via | ||
2265 | https://github.com/openssh/openssh-portable/pull/103 | ||
2266 | |||
2267 | ok markus@ | ||
2268 | |||
2269 | OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684 | ||
2270 | |||
2271 | commit 7fca94edbe8ca9f879da9fdd2afd959c4180f4c7 | ||
2272 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2273 | Date: Sun Nov 18 22:43:29 2018 +0000 | ||
2274 | |||
2275 | upstream: Fix inverted logic for redirecting ProxyCommand stderr to | ||
2276 | |||
2277 | /dev/null. Fixes mosh in proxycommand mode that was broken by the previous | ||
2278 | ProxyCommand change that was reported by matthieu@. ok djm@ danj@ | ||
2279 | |||
2280 | OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6 | ||
2281 | |||
2282 | commit ccef7c4faf914993b53035cd2b25ce02ab039c9d | ||
2283 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2284 | Date: Fri Nov 16 06:17:38 2018 +0000 | ||
2285 | |||
2286 | upstream: redirect stderr of ProxyCommands to /dev/null when ssh is | ||
2287 | |||
2288 | started with ControlPersist; based on patch from Steffen Prohaska | ||
2289 | |||
2290 | OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957 | ||
2291 | |||
2292 | commit 15182fd96845a03216d7ac5a2cf31c4e77e406e3 | ||
2293 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2294 | Date: Fri Nov 16 06:10:29 2018 +0000 | ||
2295 | |||
2296 | upstream: make grandparent-parent-child sshbuf chains robust to | ||
2297 | |||
2298 | use-after-free faults if the ancestors are freed before the descendents. | ||
2299 | Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn | ||
2300 | |||
2301 | OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2 | ||
2302 | |||
2303 | commit 2a35862e664afde774d4a72497d394fe7306ccb5 | ||
2304 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2305 | Date: Fri Nov 16 03:26:01 2018 +0000 | ||
2306 | |||
2307 | upstream: use path_absolute() for pathname checks; from Manoj Ampalam | ||
2308 | |||
2309 | OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925 | ||
2310 | |||
2311 | commit d0d1dfa55be1c5c0d77ab3096b198a64235f936d | ||
2312 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2313 | Date: Fri Nov 16 14:11:44 2018 +1100 | ||
2314 | |||
2315 | Test for OPENSSL_init_crypto before using. | ||
2316 | |||
2317 | Check for the presence of OPENSSL_init_crypto and all the flags we want | ||
2318 | before trying to use it (bz#2931). | ||
2319 | |||
2320 | commit 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 | ||
2321 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2322 | Date: Fri Nov 16 03:03:10 2018 +0000 | ||
2323 | |||
2324 | upstream: disallow empty incoming filename or ones that refer to the | ||
2325 | |||
2326 | current directory; based on report/patch from Harry Sintonen | ||
2327 | |||
2328 | OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9 | ||
2329 | |||
2330 | commit aaed635e3a401cfcc4cc97f33788179c458901c3 | ||
2331 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2332 | Date: Fri Nov 16 02:46:20 2018 +0000 | ||
2333 | |||
2334 | upstream: fix bug in client that was keeping a redundant ssh-agent | ||
2335 | |||
2336 | socket around for the life of the connection; bz#2912; reported by Simon | ||
2337 | Tatham; ok dtucker@ | ||
2338 | |||
2339 | OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478 | ||
2340 | |||
2341 | commit e76135e3007f1564427b2956c628923d8dc2f75a | ||
2342 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2343 | Date: Fri Nov 16 02:43:56 2018 +0000 | ||
2344 | |||
2345 | upstream: fix bug in HostbasedAcceptedKeyTypes and | ||
2346 | |||
2347 | PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were | ||
2348 | specified, then authentication would always fail for RSA keys as the monitor | ||
2349 | checks only the base key (not the signature algorithm) type against | ||
2350 | *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker | ||
2351 | |||
2352 | OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b | ||
2353 | |||
2354 | commit 5c1a63562cac0574c226224075b0829a50b48c9d | ||
2355 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2356 | Date: Fri Nov 16 02:30:20 2018 +0000 | ||
2357 | |||
2358 | upstream: support a prefix of '@' to suppress echo of sftp batch | ||
2359 | |||
2360 | commands; bz#2926; ok dtucker@ | ||
2361 | |||
2362 | OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d | ||
2363 | |||
2364 | commit 90ef45f7aac33eaf55ec344e101548a01e570f29 | ||
2365 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
2366 | Date: Tue Nov 13 07:22:45 2018 +0000 | ||
2367 | |||
2368 | upstream: fix markup error (missing blank before delimiter); from | ||
2369 | |||
2370 | Mike Frysinger <vapier at gentoo dot org> | ||
2371 | |||
2372 | OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9 | ||
2373 | |||
2374 | commit 960e7c672dc106f3b759c081de3edb4d1138b36e | ||
2375 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2376 | Date: Fri Nov 9 02:57:58 2018 +0000 | ||
2377 | |||
2378 | upstream: typo in error message; caught by Debian lintian, via | ||
2379 | |||
2380 | Colin Watson | ||
2381 | |||
2382 | OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758 | ||
2383 | |||
2384 | commit 81f1620c836e6c79c0823ba44acca605226a80f1 | ||
2385 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2386 | Date: Fri Nov 9 02:56:22 2018 +0000 | ||
2387 | |||
2388 | upstream: correct local variable name; from yawang AT microsoft.com | ||
2389 | |||
2390 | OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87 | ||
2391 | |||
2392 | commit 1293740e800fa2e5ccd38842a2e4970c6f3b9831 | ||
2393 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2394 | Date: Wed Oct 31 11:20:05 2018 +0000 | ||
2395 | |||
2396 | upstream: Import new moduli. | ||
2397 | |||
2398 | OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403 | ||
2399 | |||
2400 | commit 46925ae28e53fc9add336a4fcdb7ed4b86c3591c | ||
2401 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2402 | Date: Fri Oct 26 01:23:03 2018 +0000 | ||
2403 | |||
2404 | upstream: mention ssh-ed25519-cert-v01@openssh.com in list of cert | ||
2405 | |||
2406 | key type at start of doc | ||
2407 | |||
2408 | OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324 | ||
2409 | |||
2410 | commit 8d8340e2c215155637fe19cb1a837f71b2d55f7b | ||
2411 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2412 | Date: Fri Nov 16 13:32:13 2018 +1100 | ||
2413 | |||
2414 | Remove fallback check for /usr/local/ssl. | ||
2415 | |||
2416 | If configure could not find a working OpenSSL installation it would | ||
2417 | fall back to checking in /usr/local/ssl. This made sense back when | ||
2418 | systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't | ||
2419 | use that as a default any more. The fallback behaviour also meant | ||
2420 | that if you pointed --with-ssl-dir at a specific directory and it | ||
2421 | didn't work, it would silently use either the system libs or the ones | ||
2422 | in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to | ||
2423 | pass configure --with-ssl-dir=/usr/local/ssl. ok djm@ | ||
2424 | |||
2425 | commit ce93472134fb22eff73edbcd173a21ae38889331 | ||
2426 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2427 | Date: Fri Nov 16 12:44:01 2018 +1100 | ||
2428 | |||
2429 | Fix check for OpenSSL 1.0.1 exactly. | ||
2430 | |||
2431 | Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix | ||
2432 | compile-time check for 1.0.1 to match. | ||
2433 | |||
2434 | commit f2970868f86161a22b2c377057fa3891863a692a | ||
2435 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2436 | Date: Sun Nov 11 15:58:20 2018 +1100 | ||
2437 | |||
2438 | Improve warnings in cygwin service setup. | ||
2439 | |||
2440 | bz#2922, patch from vinschen at redhat.com. | ||
2441 | |||
2442 | commit bd2d54fc1eee84bf87158a1277a50e6c8a303339 | ||
2443 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2444 | Date: Sun Nov 11 15:54:54 2018 +1100 | ||
2445 | |||
2446 | Remove hardcoded service name in cygwin setup. | ||
2447 | |||
2448 | bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check | ||
2449 | by vinschen at redhat.com. | ||
2450 | |||
2451 | commit d0153c77bf7964e694f1d26c56c41a571b8e9466 | ||
2452 | Author: Dag-Erling Smørgrav <des@des.no> | ||
2453 | Date: Tue Oct 9 23:03:40 2018 +0200 | ||
2454 | |||
2455 | AC_CHECK_SIZEOF() no longer needs a second argument. | ||
2456 | |||
2457 | commit 9b47b083ca9d866249ada9f02dbd57c87b13806e | ||
2458 | Author: Manoj Ampalam <manojamp@microsoft.com> | ||
2459 | Date: Thu Nov 8 22:41:59 2018 -0800 | ||
2460 | |||
2461 | Fix error message w/out nistp521. | ||
2462 | |||
2463 | Correct error message when OpenSSL doesn't support certain ECDSA key | ||
2464 | lengths. | ||
2465 | |||
2466 | commit 624d19ac2d56fa86a22417c35536caceb3be346f | ||
2467 | Author: Eneas U de Queiroz <cote2004-github@yahoo.com> | ||
2468 | Date: Tue Oct 9 16:17:42 2018 -0300 | ||
2469 | |||
2470 | fix compilation with openssl built without ECC | ||
2471 | |||
2472 | ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be | ||
2473 | guarded by OPENSSL_HAS_ECC | ||
2474 | |||
2475 | Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> | ||
2476 | |||
2477 | commit 1801cd11d99d05a66ab5248c0555f55909a355ce | ||
2478 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2479 | Date: Thu Nov 8 15:03:11 2018 +1100 | ||
2480 | |||
2481 | Simplify OpenSSL 1.1 function checks. | ||
2482 | |||
2483 | Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single | ||
2484 | AC_CHECK_FUNCS. ok djm@ | ||
2485 | |||
2486 | commit bc32f118d484e4d71d2a0828fd4eab7e4176c9af | ||
2487 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2488 | Date: Mon Nov 5 17:31:24 2018 +1100 | ||
2489 | |||
2490 | Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV. | ||
2491 | |||
2492 | Prevents unnecessary redefinition. Patch from mforney at mforney.org. | ||
2493 | |||
2494 | commit 3719df60c66abc4b47200d41f571d67772f293ba | ||
2495 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2496 | Date: Wed Oct 31 22:21:03 2018 +1100 | ||
2497 | |||
2498 | Import new moduli. | ||
2499 | |||
2500 | commit 595605d4abede475339d6a1f07a8cc674c11d1c3 | ||
2501 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2502 | Date: Sun Oct 28 15:18:13 2018 +1100 | ||
2503 | |||
2504 | Update check for minimum OpenSSL version. | ||
2505 | |||
2506 | commit 6ab75aba340d827140d7ba719787aabaf39a0355 | ||
2507 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2508 | Date: Sun Oct 28 15:16:31 2018 +1100 | ||
2509 | |||
2510 | Update required OpenSSL versions to match current. | ||
2511 | |||
2512 | commit c801b0e38eae99427f37869370151b78f8e15c5d | ||
2513 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2514 | Date: Sun Oct 28 14:34:12 2018 +1100 | ||
2515 | |||
2516 | Use detected version functions in openssl compat. | ||
2517 | |||
2518 | Use detected functions in compat layer instead of guessing based on | ||
2519 | versions. Really fixes builds with LibreSSL, not just configure. | ||
2520 | |||
2521 | commit 262d81a259d4aa1507c709ec9d5caa21c7740722 | ||
2522 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2523 | Date: Sat Oct 27 16:45:59 2018 +1100 | ||
2524 | |||
2525 | Check for the existence of openssl version funcs. | ||
2526 | |||
2527 | Check for the existence of openssl version functions and use the ones | ||
2528 | detected instead of trying to guess based on the int32 version | ||
2529 | identifier. Fixes builds with LibreSSL. | ||
2530 | |||
2531 | commit 406a24b25d6a2bdd70cacd16de7e899dcb2a8829 | ||
2532 | Author: Damien Miller <djm@mindrot.org> | ||
2533 | Date: Fri Oct 26 13:43:28 2018 +1100 | ||
2534 | |||
2535 | fix builds on OpenSSL <= 1.0.x | ||
2536 | |||
2537 | I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API | ||
2538 | to obtain version number, but they don't. | ||
2539 | |||
2540 | commit 859754bdeb41373d372e36b5dc89c547453addb3 | ||
2541 | Author: Damien Miller <djm@mindrot.org> | ||
2542 | Date: Tue Oct 23 17:10:41 2018 +1100 | ||
2543 | |||
2544 | remove remaining references to SSLeay | ||
2545 | |||
2546 | Prompted by Rosen Penev | ||
2547 | |||
2548 | commit b9fea45a68946c8dfeace72ad1f6657c18f2a98a | ||
2549 | Author: Damien Miller <djm@mindrot.org> | ||
2550 | Date: Tue Oct 23 17:10:35 2018 +1100 | ||
2551 | |||
2552 | regen depend | ||
2553 | |||
2554 | commit a65784c9f9c5d00cf1a0e235090170abc8d07c73 | ||
2555 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2556 | Date: Tue Oct 23 05:56:35 2018 +0000 | ||
2557 | |||
2558 | upstream: refer to OpenSSL not SSLeay; | ||
2559 | |||
2560 | we're old, but we don't have to act it | ||
2561 | |||
2562 | OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec | ||
2563 | |||
2564 | commit c0a35265907533be10ca151ac797f34ae0d68969 | ||
2565 | Author: Damien Miller <djm@mindrot.org> | ||
2566 | Date: Mon Oct 22 11:22:50 2018 +1100 | ||
2567 | |||
2568 | fix compile for openssl 1.0.x w/ --with-ssl-engine | ||
2569 | |||
2570 | bz#2921, patch from cotequeiroz | ||
2571 | |||
2572 | commit 31b49525168245abe16ad49d7b7f519786b53a38 | ||
2573 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2574 | Date: Mon Oct 22 20:05:18 2018 +1100 | ||
2575 | |||
2576 | Include openssl compatibility. | ||
2577 | |||
2578 | Patch from rosenp at gmail.com via openssh-unix-dev. | ||
2579 | |||
2580 | commit a4fc253f5f44f0e4c47aafe2a17d2c46481d3c04 | ||
2581 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2582 | Date: Fri Oct 19 03:12:42 2018 +0000 | ||
2583 | |||
2584 | upstream: when printing certificate contents "ssh-keygen -Lf | ||
2585 | |||
2586 | /path/certificate", include the algorithm that the CA used to sign the cert. | ||
2587 | |||
2588 | OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd | ||
2589 | |||
2590 | commit 83b3d99d2b47321b7ebb8db6f6ea04f3808bc069 | ||
2591 | Author: florian@openbsd.org <florian@openbsd.org> | ||
2592 | Date: Mon Oct 15 11:28:50 2018 +0000 | ||
2593 | |||
2594 | upstream: struct sockaddr_storage is guaranteed to be large enough, | ||
2595 | |||
2596 | no need to check the size. OK kn, deraadt | ||
2597 | |||
2598 | OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439 | ||
2599 | |||
1 | commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d | 2600 | commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d |
2 | Author: Damien Miller <djm@mindrot.org> | 2601 | Author: Damien Miller <djm@mindrot.org> |
3 | Date: Wed Oct 17 11:01:20 2018 +1100 | 2602 | Date: Wed Oct 17 11:01:20 2018 +1100 |
@@ -7741,1966 +10340,3 @@ Date: Mon Apr 17 11:02:31 2017 +0000 | |||
7741 | -Wpointer-sign and -Wold-style-definition. | 10340 | -Wpointer-sign and -Wold-style-definition. |
7742 | 10341 | ||
7743 | Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a | 10342 | Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a |
7744 | |||
7745 | commit 4d827f0d75a53d3952288ab882efbddea7ffadfe | ||
7746 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7747 | Date: Tue Apr 4 00:24:56 2017 +0000 | ||
7748 | |||
7749 | upstream commit | ||
7750 | |||
7751 | disallow creation (of empty files) in read-only mode; | ||
7752 | reported by Michal Zalewski, feedback & ok deraadt@ | ||
7753 | |||
7754 | Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b | ||
7755 | |||
7756 | commit ef47843af0a904a21c920e619c5aec97b65dd9ac | ||
7757 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
7758 | Date: Sun Mar 26 00:18:52 2017 +0000 | ||
7759 | |||
7760 | upstream commit | ||
7761 | |||
7762 | incorrect renditions of this quote bother me | ||
7763 | |||
7764 | Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49 | ||
7765 | |||
7766 | commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02 | ||
7767 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7768 | Date: Fri Mar 31 11:04:43 2017 +1100 | ||
7769 | |||
7770 | Check for and use gcc's -pipe. | ||
7771 | |||
7772 | Speeds up configure and build by a couple of percent. ok djm@ | ||
7773 | |||
7774 | commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb | ||
7775 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7776 | Date: Wed Mar 29 16:34:44 2017 +1100 | ||
7777 | |||
7778 | Import fmt_scaled.c rev 1.16 from OpenBSD. | ||
7779 | |||
7780 | Fix overly-conservative overflow checks on mulitplications and add checks | ||
7781 | on additions. This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN | ||
7782 | will still be flagged as a range error). ok millert@ | ||
7783 | |||
7784 | commit c73a229e4edf98920f395e19fd310684fc6bb951 | ||
7785 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7786 | Date: Wed Mar 29 16:34:02 2017 +1100 | ||
7787 | |||
7788 | Import fmt_scaled.c rev 1.15 from OpenBSD. | ||
7789 | |||
7790 | Collapse underflow and overflow checks into a single block. | ||
7791 | ok djm@ millert@ | ||
7792 | |||
7793 | commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af | ||
7794 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7795 | Date: Wed Mar 29 16:32:57 2017 +1100 | ||
7796 | |||
7797 | Import fmt_scaled.c rev 1.14 from OpenBSD. | ||
7798 | |||
7799 | Catch integer underflow in scan_scaled reported by Nicolas Iooss. | ||
7800 | ok deraadt@ djm@ | ||
7801 | |||
7802 | commit d13281f2964abc5f2e535e1613c77fc61b0c53e7 | ||
7803 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7804 | Date: Wed Mar 29 12:39:39 2017 +1100 | ||
7805 | |||
7806 | Don't check privsep user or path when unprivileged | ||
7807 | |||
7808 | If running with privsep (mandatory now) as a non-privileged user, we | ||
7809 | don't chroot or change to an unprivileged user however we still checked | ||
7810 | the existence of the user and directory. Don't do those checks if we're | ||
7811 | not going to use them. Based in part on a patch from Lionel Fourquaux | ||
7812 | via Corinna Vinschen, ok djm@ | ||
7813 | |||
7814 | commit f2742a481fe151e493765a3fbdef200df2ea7037 | ||
7815 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7816 | Date: Wed Mar 29 10:50:31 2017 +1100 | ||
7817 | |||
7818 | Remove SHA256 EVP wrapper implementation. | ||
7819 | |||
7820 | All supported versions of OpenSSL should now have SHA256 so remove our | ||
7821 | EVP wrapper implementaion. ok djm@ | ||
7822 | |||
7823 | commit 5346f271fc76549caf4a8e65b5fba319be422fe9 | ||
7824 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7825 | Date: Wed Mar 29 10:23:58 2017 +1100 | ||
7826 | |||
7827 | Remove check for OpenSSL < 0.9.8g. | ||
7828 | |||
7829 | We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC | ||
7830 | in OpenSSL < 0.9.8g. | ||
7831 | |||
7832 | commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1 | ||
7833 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7834 | Date: Wed Mar 29 10:16:15 2017 +1100 | ||
7835 | |||
7836 | Remove compat code for OpenSSL < 0.9.7. | ||
7837 | |||
7838 | Resyncs that code with OpenBSD upstream. | ||
7839 | |||
7840 | commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3 | ||
7841 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7842 | Date: Wed Mar 29 09:50:54 2017 +1100 | ||
7843 | |||
7844 | Remove SSHv1 code path. | ||
7845 | |||
7846 | Server-side support for Protocol 1 has been removed so remove !compat20 | ||
7847 | PAM code path. | ||
7848 | |||
7849 | commit 7af27bf538cbc493d609753f9a6d43168d438f1b | ||
7850 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7851 | Date: Fri Mar 24 09:44:56 2017 +1100 | ||
7852 | |||
7853 | Enable ldns when using ldns-config. | ||
7854 | |||
7855 | Actually enable ldns when attempting to use ldns-config. bz#2697, patch | ||
7856 | from fredrik at fornwall.net. | ||
7857 | |||
7858 | commit 58b8cfa2a062b72139d7229ae8de567f55776f24 | ||
7859 | Author: Damien Miller <djm@mindrot.org> | ||
7860 | Date: Wed Mar 22 12:43:02 2017 +1100 | ||
7861 | |||
7862 | Missing header on Linux/s390 | ||
7863 | |||
7864 | Patch from Jakub Jelen | ||
7865 | |||
7866 | commit 096fb65084593f9f3c1fc91b6d9052759a272a00 | ||
7867 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7868 | Date: Mon Mar 20 22:08:06 2017 +0000 | ||
7869 | |||
7870 | upstream commit | ||
7871 | |||
7872 | remove /usr/bin/time calls around tests, makes diffing test | ||
7873 | runs harder. Based on patch from Mike Frysinger | ||
7874 | |||
7875 | Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c | ||
7876 | |||
7877 | commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 | ||
7878 | Author: Damien Miller <djm@mindrot.org> | ||
7879 | Date: Tue Mar 21 08:47:55 2017 +1100 | ||
7880 | |||
7881 | Fix syntax error on Linux/X32 | ||
7882 | |||
7883 | Patch from Mike Frysinger | ||
7884 | |||
7885 | commit d38f05dbdd291212bc95ea80648b72b7177e9f4e | ||
7886 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7887 | Date: Mon Mar 20 13:38:27 2017 +1100 | ||
7888 | |||
7889 | Add llabs() implementation. | ||
7890 | |||
7891 | commit 72536316a219b7394996a74691a5d4ec197480f7 | ||
7892 | Author: Damien Miller <djm@mindrot.org> | ||
7893 | Date: Mon Mar 20 12:23:04 2017 +1100 | ||
7894 | |||
7895 | crank version numbers | ||
7896 | |||
7897 | commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f | ||
7898 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7899 | Date: Mon Mar 20 01:18:59 2017 +0000 | ||
7900 | |||
7901 | upstream commit | ||
7902 | |||
7903 | openssh-7.5 | ||
7904 | |||
7905 | Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 | ||
7906 | |||
7907 | commit db84e52fe9cfad57f22e7e23c5fbf00092385129 | ||
7908 | Author: Damien Miller <djm@mindrot.org> | ||
7909 | Date: Mon Mar 20 12:07:20 2017 +1100 | ||
7910 | |||
7911 | I'm a doofus. | ||
7912 | |||
7913 | Unbreak obvious syntax error. | ||
7914 | |||
7915 | commit 89f04852db27643717c9c3a2b0dde97ae50099ee | ||
7916 | Author: Damien Miller <djm@mindrot.org> | ||
7917 | Date: Mon Mar 20 11:53:34 2017 +1100 | ||
7918 | |||
7919 | on Cygwin, check paths from server for backslashes | ||
7920 | |||
7921 | Pointed out by Jann Horn of Google Project Zero | ||
7922 | |||
7923 | commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 | ||
7924 | Author: Damien Miller <djm@mindrot.org> | ||
7925 | Date: Mon Mar 20 11:48:34 2017 +1100 | ||
7926 | |||
7927 | Yet another synonym for ASCII: "646" | ||
7928 | |||
7929 | Used by NetBSD; this unbreaks mprintf() and friends there for the C | ||
7930 | locale (caught by dtucker@ and his menagerie of test systems). | ||
7931 | |||
7932 | commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b | ||
7933 | Author: Damien Miller <djm@mindrot.org> | ||
7934 | Date: Mon Mar 20 09:58:34 2017 +1100 | ||
7935 | |||
7936 | create test mux socket in /tmp | ||
7937 | |||
7938 | Creating the socket in $OBJ could blow past the (quite limited) | ||
7939 | path limit for Unix domain sockets. As a bandaid for bz#2660, | ||
7940 | reported by Colin Watson; ok dtucker@ | ||
7941 | |||
7942 | commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 | ||
7943 | Author: markus@openbsd.org <markus@openbsd.org> | ||
7944 | Date: Wed Mar 15 07:07:39 2017 +0000 | ||
7945 | |||
7946 | upstream commit | ||
7947 | |||
7948 | disallow KEXINIT before NEWKEYS; ok djm; report by | ||
7949 | vegard.nossum at oracle.com | ||
7950 | |||
7951 | Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 | ||
7952 | |||
7953 | commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c | ||
7954 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7955 | Date: Thu Mar 16 14:05:46 2017 +1100 | ||
7956 | |||
7957 | Include includes.h for compat bits. | ||
7958 | |||
7959 | commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad | ||
7960 | Author: Darren Tucker <dtucker@zip.com.au> | ||
7961 | Date: Thu Mar 16 13:45:17 2017 +1100 | ||
7962 | |||
7963 | Wrap stdint.h in #ifdef HAVE_STDINT_H | ||
7964 | |||
7965 | commit 55a1117d7342a0bf8b793250cf314bab6b482b99 | ||
7966 | Author: Damien Miller <djm@mindrot.org> | ||
7967 | Date: Thu Mar 16 11:22:42 2017 +1100 | ||
7968 | |||
7969 | Adapt Cygwin config script to privsep knob removal | ||
7970 | |||
7971 | Patch from Corinna Vinschen. | ||
7972 | |||
7973 | commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 | ||
7974 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
7975 | Date: Wed Mar 15 03:52:30 2017 +0000 | ||
7976 | |||
7977 | upstream commit | ||
7978 | |||
7979 | accidents happen to the best of us; ok djm | ||
7980 | |||
7981 | Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 | ||
7982 | |||
7983 | commit 25f837646be8c2017c914d34be71ca435dfc0e07 | ||
7984 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7985 | Date: Wed Mar 15 02:25:09 2017 +0000 | ||
7986 | |||
7987 | upstream commit | ||
7988 | |||
7989 | fix regression in 7.4: deletion of PKCS#11-hosted keys | ||
7990 | would fail unless they were specified by full physical pathname. Report and | ||
7991 | fix from Jakub Jelen via bz#2682; ok dtucker@ | ||
7992 | |||
7993 | Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 | ||
7994 | |||
7995 | commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f | ||
7996 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7997 | Date: Wed Mar 15 02:19:09 2017 +0000 | ||
7998 | |||
7999 | upstream commit | ||
8000 | |||
8001 | Fix segfault when sshd attempts to load RSA1 keys (can | ||
8002 | only happen when protocol v.1 support is enabled for the client). Reported by | ||
8003 | Jakub Jelen in bz#2686; ok dtucker | ||
8004 | |||
8005 | Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 | ||
8006 | |||
8007 | commit 66705948c0639a7061a0d0753266da7685badfec | ||
8008 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8009 | Date: Tue Mar 14 07:19:07 2017 +0000 | ||
8010 | |||
8011 | upstream commit | ||
8012 | |||
8013 | Mark the sshd_config UsePrivilegeSeparation option as | ||
8014 | deprecated, effectively making privsep mandatory in sandboxing mode. ok | ||
8015 | markus@ deraadt@ | ||
8016 | |||
8017 | (note: this doesn't remove the !privsep code paths, though that will | ||
8018 | happen eventually). | ||
8019 | |||
8020 | Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a | ||
8021 | |||
8022 | commit f86586b03fe6cd8f595289bde200a94bc2c191af | ||
8023 | Author: Damien Miller <djm@mindrot.org> | ||
8024 | Date: Tue Mar 14 18:26:29 2017 +1100 | ||
8025 | |||
8026 | Make seccomp-bpf sandbox work on Linux/X32 | ||
8027 | |||
8028 | Allow clock_gettime syscall with X32 bit masked off. Apparently | ||
8029 | this is required for at least some kernel versions. bz#2142 | ||
8030 | Patch mostly by Colin Watson. ok dtucker@ | ||
8031 | |||
8032 | commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 | ||
8033 | Author: Damien Miller <djm@mindrot.org> | ||
8034 | Date: Tue Mar 14 18:01:52 2017 +1100 | ||
8035 | |||
8036 | require OpenSSL >=1.0.1 | ||
8037 | |||
8038 | commit e3ea335abeab731c68f2b2141bee85a4b0bf680f | ||
8039 | Author: Damien Miller <djm@mindrot.org> | ||
8040 | Date: Tue Mar 14 17:48:43 2017 +1100 | ||
8041 | |||
8042 | Remove macro trickery; no binary change | ||
8043 | |||
8044 | This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros | ||
8045 | prepending __NR_ to the syscall number parameter and just makes | ||
8046 | them explicit in the macro invocations. | ||
8047 | |||
8048 | No binary change in stripped object file before/after. | ||
8049 | |||
8050 | commit 5f1596e11d55539678c41f68aed358628d33d86f | ||
8051 | Author: Damien Miller <djm@mindrot.org> | ||
8052 | Date: Tue Mar 14 13:15:18 2017 +1100 | ||
8053 | |||
8054 | support ioctls for ICA crypto card on Linux/s390 | ||
8055 | |||
8056 | Based on patch from Eduardo Barretto; ok dtucker@ | ||
8057 | |||
8058 | commit b1b22dd0df2668b322dda174e501dccba2cf5c44 | ||
8059 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8060 | Date: Tue Mar 14 14:19:36 2017 +1100 | ||
8061 | |||
8062 | Plumb conversion test into makefile. | ||
8063 | |||
8064 | commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 | ||
8065 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8066 | Date: Tue Mar 14 01:20:29 2017 +0000 | ||
8067 | |||
8068 | upstream commit | ||
8069 | |||
8070 | Add unit test for convtime(). | ||
8071 | |||
8072 | Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 | ||
8073 | |||
8074 | commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c | ||
8075 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8076 | Date: Tue Mar 14 01:10:07 2017 +0000 | ||
8077 | |||
8078 | upstream commit | ||
8079 | |||
8080 | Add ASSERT_LONG_* helpers. | ||
8081 | |||
8082 | Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 | ||
8083 | |||
8084 | commit c6774d21185220c0ba11e8fd204bf0ad1a432071 | ||
8085 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8086 | Date: Tue Mar 14 00:55:37 2017 +0000 | ||
8087 | |||
8088 | upstream commit | ||
8089 | |||
8090 | Fix convtime() overflow test on boundary condition, | ||
8091 | spotted by & ok djm. | ||
8092 | |||
8093 | Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 | ||
8094 | |||
8095 | commit f5746b40cfe6d767c8e128fe50c43274b31cd594 | ||
8096 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8097 | Date: Tue Mar 14 00:25:03 2017 +0000 | ||
8098 | |||
8099 | upstream commit | ||
8100 | |||
8101 | Check for integer overflow when parsing times in | ||
8102 | convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ | ||
8103 | |||
8104 | Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 | ||
8105 | |||
8106 | commit f5907982f42a8d88a430b8a46752cbb7859ba979 | ||
8107 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8108 | Date: Tue Mar 14 13:38:15 2017 +1100 | ||
8109 | |||
8110 | Add a "unit" target to run only unit tests. | ||
8111 | |||
8112 | commit 9e96b41682aed793fadbea5ccd472f862179fb02 | ||
8113 | Author: Damien Miller <djm@mindrot.org> | ||
8114 | Date: Tue Mar 14 12:24:47 2017 +1100 | ||
8115 | |||
8116 | Fix weakness in seccomp-bpf sandbox arg inspection | ||
8117 | |||
8118 | Syscall arguments are passed via an array of 64-bit values in struct | ||
8119 | seccomp_data, but we were only inspecting the bottom 32 bits and not | ||
8120 | even those correctly for BE systems. | ||
8121 | |||
8122 | Fortunately, the only case argument inspection was used was in the | ||
8123 | socketcall filtering so using this for sandbox escape seems | ||
8124 | impossible. | ||
8125 | |||
8126 | ok dtucker | ||
8127 | |||
8128 | commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 | ||
8129 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8130 | Date: Sat Mar 11 23:44:16 2017 +0000 | ||
8131 | |||
8132 | upstream commit | ||
8133 | |||
8134 | regress tests for loading certificates without public keys; | ||
8135 | bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ | ||
8136 | |||
8137 | Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 | ||
8138 | |||
8139 | commit 1e24552716194db8f2f620587b876158a9ef56ad | ||
8140 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8141 | Date: Sat Mar 11 23:40:26 2017 +0000 | ||
8142 | |||
8143 | upstream commit | ||
8144 | |||
8145 | allow ssh to use certificates accompanied by a private | ||
8146 | key file but no corresponding plain *.pub public key. bz#2617 based on patch | ||
8147 | from Adam Eijdenberg; ok dtucker@ markus@ | ||
8148 | |||
8149 | Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 | ||
8150 | |||
8151 | commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e | ||
8152 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8153 | Date: Sat Mar 11 13:07:35 2017 +0000 | ||
8154 | |||
8155 | upstream commit | ||
8156 | |||
8157 | Don't count the initial block twice when computing how | ||
8158 | many bytes to discard for the work around for the attacks against CBC-mode. | ||
8159 | ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL | ||
8160 | |||
8161 | Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 | ||
8162 | |||
8163 | commit ef653dd5bd5777132d9f9ee356225f9ee3379504 | ||
8164 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8165 | Date: Fri Mar 10 07:18:32 2017 +0000 | ||
8166 | |||
8167 | upstream commit | ||
8168 | |||
8169 | krl.c | ||
8170 | |||
8171 | Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 | ||
8172 | |||
8173 | commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 | ||
8174 | Author: Damien Miller <djm@mindrot.org> | ||
8175 | Date: Sun Mar 12 10:48:14 2017 +1100 | ||
8176 | |||
8177 | sync fmt_scaled.c with OpenBSD | ||
8178 | |||
8179 | revision 1.13 | ||
8180 | date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; | ||
8181 | fix signed integer overflow in scan_scaled. Found by Nicolas Iooss | ||
8182 | using AFL against ssh_config. ok deraadt@ millert@ | ||
8183 | ---------------------------- | ||
8184 | revision 1.12 | ||
8185 | date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; | ||
8186 | fairly simple unsigned char casts for ctype | ||
8187 | ok krw | ||
8188 | ---------------------------- | ||
8189 | revision 1.11 | ||
8190 | date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; | ||
8191 | make scan_scaled set errno to EINVAL rather than ERANGE if it encounters | ||
8192 | an invalid multiplier, like the man page says it should | ||
8193 | |||
8194 | "looks sensible" deraadt@, ok ian@ | ||
8195 | ---------------------------- | ||
8196 | revision 1.10 | ||
8197 | date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; | ||
8198 | use llabs instead of the home-grown version; and some comment changes | ||
8199 | ok ian@, millert@ | ||
8200 | ---------------------------- | ||
8201 | |||
8202 | commit 894221a63fa061e52e414ca58d47edc5fe645968 | ||
8203 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8204 | Date: Fri Mar 10 05:01:13 2017 +0000 | ||
8205 | |||
8206 | upstream commit | ||
8207 | |||
8208 | When updating hostkeys, accept RSA keys if | ||
8209 | HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA | ||
8210 | keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms | ||
8211 | nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok | ||
8212 | dtucker@ | ||
8213 | |||
8214 | Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 | ||
8215 | |||
8216 | commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c | ||
8217 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8218 | Date: Fri Mar 10 04:24:55 2017 +0000 | ||
8219 | |||
8220 | upstream commit | ||
8221 | |||
8222 | make hostname matching really insensitive to case; | ||
8223 | bz#2685, reported by Petr Cerny; ok dtucker@ | ||
8224 | |||
8225 | Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 | ||
8226 | |||
8227 | commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f | ||
8228 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8229 | Date: Fri Mar 10 03:52:48 2017 +0000 | ||
8230 | |||
8231 | upstream commit | ||
8232 | |||
8233 | reword a comment to make it fit 80 columns | ||
8234 | |||
8235 | Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 | ||
8236 | |||
8237 | commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc | ||
8238 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8239 | Date: Fri Mar 10 04:27:32 2017 +0000 | ||
8240 | |||
8241 | upstream commit | ||
8242 | |||
8243 | better match sshd config parser behaviour: fatal() if | ||
8244 | line is overlong, increase line buffer to match sshd's; bz#2651 reported by | ||
8245 | Don Fong; ok dtucker@ | ||
8246 | |||
8247 | Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 | ||
8248 | |||
8249 | commit db2597207e69912f2592cd86a1de8e948a9d7ffb | ||
8250 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8251 | Date: Fri Mar 10 04:26:06 2017 +0000 | ||
8252 | |||
8253 | upstream commit | ||
8254 | |||
8255 | ensure hostname is lower-case before hashing it; | ||
8256 | bz#2591 reported by Griff Miller II; ok dtucker@ | ||
8257 | |||
8258 | Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 | ||
8259 | |||
8260 | commit df9936936c695f85c1038bd706d62edf752aca4b | ||
8261 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8262 | Date: Fri Mar 10 04:24:55 2017 +0000 | ||
8263 | |||
8264 | upstream commit | ||
8265 | |||
8266 | make hostname matching really insensitive to case; | ||
8267 | bz#2685, reported by Petr Cerny; ok dtucker@ | ||
8268 | |||
8269 | Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 | ||
8270 | |||
8271 | commit 67eed24bfa7645d88fa0b883745fccb22a0e527e | ||
8272 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8273 | Date: Fri Mar 10 04:11:00 2017 +0000 | ||
8274 | |||
8275 | upstream commit | ||
8276 | |||
8277 | Remove old null check from config dumper. Patch from | ||
8278 | jjelen at redhat.com vi bz#2687, ok djm@ | ||
8279 | |||
8280 | Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 | ||
8281 | |||
8282 | commit 183ba55aaaecca0206184b854ad6155df237adbe | ||
8283 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8284 | Date: Fri Mar 10 04:07:20 2017 +0000 | ||
8285 | |||
8286 | upstream commit | ||
8287 | |||
8288 | fix regression in 7.4 server-sig-algs, where we were | ||
8289 | accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno | ||
8290 | Goncalves; ok dtucker@ | ||
8291 | |||
8292 | Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 | ||
8293 | |||
8294 | commit 66be4fe8c4435af5bbc82998501a142a831f1181 | ||
8295 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8296 | Date: Fri Mar 10 03:53:11 2017 +0000 | ||
8297 | |||
8298 | upstream commit | ||
8299 | |||
8300 | Check for NULL return value from key_new. Patch from | ||
8301 | jjelen at redhat.com via bz#2687, ok djm@ | ||
8302 | |||
8303 | Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e | ||
8304 | |||
8305 | commit ec2892b5c7fea199914cb3a6afb3af38f84990bf | ||
8306 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8307 | Date: Fri Mar 10 03:52:48 2017 +0000 | ||
8308 | |||
8309 | upstream commit | ||
8310 | |||
8311 | reword a comment to make it fit 80 columns | ||
8312 | |||
8313 | Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 | ||
8314 | |||
8315 | commit 7fadbb6da3f4122de689165651eb39985e1cba85 | ||
8316 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8317 | Date: Fri Mar 10 03:48:57 2017 +0000 | ||
8318 | |||
8319 | upstream commit | ||
8320 | |||
8321 | Check for NULL argument to sshkey_read. Patch from | ||
8322 | jjelen at redhat.com via bz#2687, ok djm@ | ||
8323 | |||
8324 | Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e | ||
8325 | |||
8326 | commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 | ||
8327 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8328 | Date: Fri Mar 10 03:45:40 2017 +0000 | ||
8329 | |||
8330 | upstream commit | ||
8331 | |||
8332 | Plug some mem leaks mostly on error paths. From jjelen | ||
8333 | at redhat.com via bz#2687, ok djm@ | ||
8334 | |||
8335 | Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 | ||
8336 | |||
8337 | commit f6edbe9febff8121f26835996b1229b5064d31b7 | ||
8338 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8339 | Date: Fri Mar 10 03:24:48 2017 +0000 | ||
8340 | |||
8341 | upstream commit | ||
8342 | |||
8343 | Plug mem leak on GLOB_NOMATCH case. From jjelen at | ||
8344 | redhat.com via bz#2687, ok djm@ | ||
8345 | |||
8346 | Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d | ||
8347 | |||
8348 | commit 566b3a46e89a2fda2db46f04f2639e92da64a120 | ||
8349 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8350 | Date: Fri Mar 10 03:22:40 2017 +0000 | ||
8351 | |||
8352 | upstream commit | ||
8353 | |||
8354 | Plug descriptor leaks of auth_sock. From jjelen at | ||
8355 | redhat.com via bz#2687, ok djm@ | ||
8356 | |||
8357 | Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 | ||
8358 | |||
8359 | commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 | ||
8360 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8361 | Date: Fri Mar 10 03:18:24 2017 +0000 | ||
8362 | |||
8363 | upstream commit | ||
8364 | |||
8365 | correctly hash hosts with a port number. Reported by Josh | ||
8366 | Powers in bz#2692; ok dtucker@ | ||
8367 | |||
8368 | Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 | ||
8369 | |||
8370 | commit 9747b9c742de409633d4753bf1a752cbd211e2d3 | ||
8371 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8372 | Date: Fri Mar 10 03:15:58 2017 +0000 | ||
8373 | |||
8374 | upstream commit | ||
8375 | |||
8376 | don't truncate off \r\n from long stderr lines; bz#2688, | ||
8377 | reported by Brian Dyson; ok dtucker@ | ||
8378 | |||
8379 | Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 | ||
8380 | |||
8381 | commit 4a4b75adac862029a1064577eb5af299b1580cdd | ||
8382 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8383 | Date: Fri Mar 10 02:59:51 2017 +0000 | ||
8384 | |||
8385 | upstream commit | ||
8386 | |||
8387 | Validate digest arg in ssh_digest_final; from jjelen at | ||
8388 | redhat.com via bz#2687, ok djm@ | ||
8389 | |||
8390 | Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 | ||
8391 | |||
8392 | commit bee0167be2340d8de4bdc1ab1064ec957c85a447 | ||
8393 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8394 | Date: Fri Mar 10 13:40:18 2017 +1100 | ||
8395 | |||
8396 | Check for NULL from malloc. | ||
8397 | |||
8398 | Part of bz#2687, from jjelen at redhat.com. | ||
8399 | |||
8400 | commit da39b09d43b137a5a3d071b51589e3efb3701238 | ||
8401 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8402 | Date: Fri Mar 10 13:22:32 2017 +1100 | ||
8403 | |||
8404 | If OSX is using launchd, remove screen no. | ||
8405 | |||
8406 | Check for socket with and without screen number. From Apple and Jakob | ||
8407 | Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ | ||
8408 | |||
8409 | commit 8fb15311a011517eb2394bb95a467c209b8b336c | ||
8410 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8411 | Date: Wed Mar 8 12:07:47 2017 +0000 | ||
8412 | |||
8413 | upstream commit | ||
8414 | |||
8415 | quote [host]:port in generated ProxyJump commandline; the | ||
8416 | [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri | ||
8417 | Tirkkonen via bugs@ | ||
8418 | |||
8419 | Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 | ||
8420 | |||
8421 | commit 18501151cf272a15b5f2c5e777f2e0933633c513 | ||
8422 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8423 | Date: Mon Mar 6 02:03:20 2017 +0000 | ||
8424 | |||
8425 | upstream commit | ||
8426 | |||
8427 | Check l->hosts before dereferencing; fixes potential null | ||
8428 | pointer deref. ok djm@ | ||
8429 | |||
8430 | Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 | ||
8431 | |||
8432 | commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 | ||
8433 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8434 | Date: Mon Mar 6 00:44:51 2017 +0000 | ||
8435 | |||
8436 | upstream commit | ||
8437 | |||
8438 | linenum is unsigned long so use %lu in log formats. ok | ||
8439 | deraadt@ | ||
8440 | |||
8441 | Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 | ||
8442 | |||
8443 | commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 | ||
8444 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8445 | Date: Fri Mar 3 06:13:11 2017 +0000 | ||
8446 | |||
8447 | upstream commit | ||
8448 | |||
8449 | fix ssh-keygen -H accidentally corrupting known_hosts that | ||
8450 | contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by | ||
8451 | hostkeys_foreach() when hostname matching is in use, so we need to look for | ||
8452 | the hash marker explicitly. | ||
8453 | |||
8454 | Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 | ||
8455 | |||
8456 | commit d7abb771bd5a941b26144ba400a34563a1afa589 | ||
8457 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8458 | Date: Tue Feb 28 06:10:08 2017 +0000 | ||
8459 | |||
8460 | upstream commit | ||
8461 | |||
8462 | small memleak: free fd_set on connection timeout (though | ||
8463 | we are heading to exit anyway). From Tom Rix in bz#2683 | ||
8464 | |||
8465 | Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 | ||
8466 | |||
8467 | commit 78142e3ab3887e53a968d6e199bcb18daaf2436e | ||
8468 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8469 | Date: Mon Feb 27 14:30:33 2017 +0000 | ||
8470 | |||
8471 | upstream commit | ||
8472 | |||
8473 | errant dot; from klemens nanni | ||
8474 | |||
8475 | Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 | ||
8476 | |||
8477 | commit 8071a6924c12bb51406a9a64a4b2892675112c87 | ||
8478 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8479 | Date: Fri Feb 24 03:16:34 2017 +0000 | ||
8480 | |||
8481 | upstream commit | ||
8482 | |||
8483 | might as well set the listener socket CLOEXEC | ||
8484 | |||
8485 | Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 | ||
8486 | |||
8487 | commit d5499190559ebe374bcdfa8805408646ceffad64 | ||
8488 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8489 | Date: Sun Feb 19 00:11:29 2017 +0000 | ||
8490 | |||
8491 | upstream commit | ||
8492 | |||
8493 | add test cases for C locale; ok schwarze@ | ||
8494 | |||
8495 | Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 | ||
8496 | |||
8497 | commit 011c8ffbb0275281a0cf330054cf21be10c43e37 | ||
8498 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8499 | Date: Sun Feb 19 00:10:57 2017 +0000 | ||
8500 | |||
8501 | upstream commit | ||
8502 | |||
8503 | Add a common nl_langinfo(CODESET) alias for US-ASCII | ||
8504 | "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for | ||
8505 | non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ | ||
8506 | |||
8507 | Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 | ||
8508 | |||
8509 | commit 0c4430a19b73058a569573492f55e4c9eeaae67b | ||
8510 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8511 | Date: Tue Feb 7 23:03:11 2017 +0000 | ||
8512 | |||
8513 | upstream commit | ||
8514 | |||
8515 | Remove deprecated SSH1 options RSAAuthentication and | ||
8516 | RhostsRSAAuthentication from regression test sshd_config. | ||
8517 | |||
8518 | Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 | ||
8519 | |||
8520 | commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 | ||
8521 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8522 | Date: Fri Feb 17 02:32:05 2017 +0000 | ||
8523 | |||
8524 | upstream commit | ||
8525 | |||
8526 | Do not show rsa1 key type in usage when compiled without | ||
8527 | SSH1 support. | ||
8528 | |||
8529 | Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 | ||
8530 | |||
8531 | commit ecc35893715f969e98fee118481f404772de4132 | ||
8532 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8533 | Date: Fri Feb 17 02:31:14 2017 +0000 | ||
8534 | |||
8535 | upstream commit | ||
8536 | |||
8537 | ifdef out "rsa1" from the list of supported keytypes when | ||
8538 | compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ | ||
8539 | |||
8540 | Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f | ||
8541 | |||
8542 | commit 10577c6d96a55b877a960b2d0b75edef1b9945af | ||
8543 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8544 | Date: Fri Feb 17 02:04:15 2017 +0000 | ||
8545 | |||
8546 | upstream commit | ||
8547 | |||
8548 | For ProxyJump/-J, surround host name with brackets to | ||
8549 | allow literal IPv6 addresses. From Dick Visser; ok dtucker@ | ||
8550 | |||
8551 | Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 | ||
8552 | |||
8553 | commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 | ||
8554 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
8555 | Date: Wed Feb 15 23:38:31 2017 +0000 | ||
8556 | |||
8557 | upstream commit | ||
8558 | |||
8559 | Fix memory leaks in match_filter_list() error paths. | ||
8560 | |||
8561 | ok dtucker@ markus@ | ||
8562 | |||
8563 | Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e | ||
8564 | |||
8565 | commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 | ||
8566 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8567 | Date: Wed Feb 15 01:46:47 2017 +0000 | ||
8568 | |||
8569 | upstream commit | ||
8570 | |||
8571 | fix division by zero crash in "df" output when server | ||
8572 | returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok | ||
8573 | dtucker@ | ||
8574 | |||
8575 | Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f | ||
8576 | |||
8577 | commit bd5d7d239525d595ecea92765334af33a45d9d63 | ||
8578 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8579 | Date: Sun Feb 12 15:45:15 2017 +1100 | ||
8580 | |||
8581 | ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR | ||
8582 | |||
8583 | EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out | ||
8584 | for the benefit of OpenSSL versions prior to that. | ||
8585 | |||
8586 | commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe | ||
8587 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8588 | Date: Fri Feb 10 04:34:50 2017 +0000 | ||
8589 | |||
8590 | upstream commit | ||
8591 | |||
8592 | bring back r1.34 that was backed out for problems loading | ||
8593 | public keys: | ||
8594 | |||
8595 | translate OpenSSL error codes to something more | ||
8596 | meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ | ||
8597 | |||
8598 | with additional fix from Jakub Jelen to solve the backout. | ||
8599 | bz#2525 bz#2523 re-ok dtucker@ | ||
8600 | |||
8601 | Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 | ||
8602 | |||
8603 | commit a287c5ad1e0bf9811c7b9221979b969255076019 | ||
8604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8605 | Date: Fri Feb 10 03:36:40 2017 +0000 | ||
8606 | |||
8607 | upstream commit | ||
8608 | |||
8609 | Sanitise escape sequences in key comments sent to printf | ||
8610 | but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ | ||
8611 | |||
8612 | Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e | ||
8613 | |||
8614 | commit e40269be388972848aafcca7060111c70aab5b87 | ||
8615 | Author: millert@openbsd.org <millert@openbsd.org> | ||
8616 | Date: Wed Feb 8 20:32:43 2017 +0000 | ||
8617 | |||
8618 | upstream commit | ||
8619 | |||
8620 | Avoid printf %s NULL. From semarie@, OK djm@ | ||
8621 | |||
8622 | Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c | ||
8623 | |||
8624 | commit 5b90709ab8704dafdb31e5651073b259d98352bc | ||
8625 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8626 | Date: Mon Feb 6 09:22:51 2017 +0000 | ||
8627 | |||
8628 | upstream commit | ||
8629 | |||
8630 | Restore \r\n newline sequence for server ident string. The CR | ||
8631 | got lost in the flensing of SSHv1. Pointed out by Stef Bon | ||
8632 | |||
8633 | Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac | ||
8634 | |||
8635 | commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc | ||
8636 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8637 | Date: Fri Feb 3 23:01:42 2017 +0000 | ||
8638 | |||
8639 | upstream commit | ||
8640 | |||
8641 | unit test for match_filter_list() function; still want a | ||
8642 | better name for this... | ||
8643 | |||
8644 | Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a | ||
8645 | |||
8646 | commit f1a193464a7b77646f0d0cedc929068e4a413ab4 | ||
8647 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8648 | Date: Fri Feb 3 23:05:57 2017 +0000 | ||
8649 | |||
8650 | upstream commit | ||
8651 | |||
8652 | use ssh_packet_set_log_preamble() to include connection | ||
8653 | username in packet log messages, e.g. | ||
8654 | |||
8655 | Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] | ||
8656 | |||
8657 | ok markus@ bz#113 | ||
8658 | |||
8659 | Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 | ||
8660 | |||
8661 | commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 | ||
8662 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8663 | Date: Fri Feb 3 23:03:33 2017 +0000 | ||
8664 | |||
8665 | upstream commit | ||
8666 | |||
8667 | add ssh_packet_set_log_preamble() to allow inclusion of a | ||
8668 | preamble string in disconnect messages; ok markus@ | ||
8669 | |||
8670 | Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead | ||
8671 | |||
8672 | commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 | ||
8673 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8674 | Date: Fri Feb 3 23:01:19 2017 +0000 | ||
8675 | |||
8676 | upstream commit | ||
8677 | |||
8678 | support =- for removing methods from algorithms lists, | ||
8679 | e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like | ||
8680 | it" markus@ | ||
8681 | |||
8682 | Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d | ||
8683 | |||
8684 | commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e | ||
8685 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8686 | Date: Fri Feb 3 05:05:56 2017 +0000 | ||
8687 | |||
8688 | upstream commit | ||
8689 | |||
8690 | allow form-feed characters at EOL; bz#2431 ok dtucker@ | ||
8691 | |||
8692 | Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 | ||
8693 | |||
8694 | commit 523db8540b720c4d21ab0ff6f928476c70c38aab | ||
8695 | Author: Damien Miller <djm@mindrot.org> | ||
8696 | Date: Fri Feb 3 16:01:22 2017 +1100 | ||
8697 | |||
8698 | prefer to use ldns-config to find libldns | ||
8699 | |||
8700 | Should fix bz#2603 - "Build with ldns and without kerberos support | ||
8701 | fails if ldns compiled with kerberos support" by including correct | ||
8702 | cflags/libs | ||
8703 | |||
8704 | ok dtucker@ | ||
8705 | |||
8706 | commit c998bf0afa1a01257a53793eba57941182e9e0b7 | ||
8707 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8708 | Date: Fri Feb 3 02:56:00 2017 +0000 | ||
8709 | |||
8710 | upstream commit | ||
8711 | |||
8712 | Make ssh_packet_set_rekey_limits take u32 for the number of | ||
8713 | seconds until rekeying (negative values are rejected at config parse time). | ||
8714 | This allows the removal of some casts and a signed vs unsigned comparison | ||
8715 | warning. | ||
8716 | |||
8717 | rekey_time is cast to int64 for the comparison which is a no-op | ||
8718 | on OpenBSD, but should also do the right thing in -portable on | ||
8719 | anything still using 32bit time_t (until the system time actually | ||
8720 | wraps, anyway). | ||
8721 | |||
8722 | some early guidance deraadt@, ok djm@ | ||
8723 | |||
8724 | Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c | ||
8725 | |||
8726 | commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 | ||
8727 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
8728 | Date: Thu Feb 2 10:54:25 2017 +0000 | ||
8729 | |||
8730 | upstream commit | ||
8731 | |||
8732 | In vasnmprintf() return an error if malloc fails and | ||
8733 | don't set a function argument to the address of free'd memory. | ||
8734 | |||
8735 | ok djm@ | ||
8736 | |||
8737 | Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 | ||
8738 | |||
8739 | commit 858252fb1d451ebb0969cf9749116c8f0ee42753 | ||
8740 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8741 | Date: Wed Feb 1 02:59:09 2017 +0000 | ||
8742 | |||
8743 | upstream commit | ||
8744 | |||
8745 | Return true reason for port forwarding failures where | ||
8746 | feasible rather than always "administratively prohibited". bz#2674, ok djm@ | ||
8747 | |||
8748 | Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 | ||
8749 | |||
8750 | commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 | ||
8751 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8752 | Date: Mon Jan 30 23:27:39 2017 +0000 | ||
8753 | |||
8754 | upstream commit | ||
8755 | |||
8756 | Small correction to the known_hosts section on when it is | ||
8757 | updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at | ||
8758 | sdf.org | ||
8759 | |||
8760 | Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 | ||
8761 | |||
8762 | commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 | ||
8763 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8764 | Date: Fri Feb 3 14:10:34 2017 +1100 | ||
8765 | |||
8766 | Remove _XOPEN_SOURCE from wide char detection. | ||
8767 | |||
8768 | Having _XOPEN_SOURCE unconditionally causes problems on some platforms | ||
8769 | and configurations, notably Solaris 64-bit binaries. It was there for | ||
8770 | the benefit of Linux put the required bits in the *-*linux* section. | ||
8771 | |||
8772 | Patch from yvoinov at gmail.com. | ||
8773 | |||
8774 | commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd | ||
8775 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8776 | Date: Mon Jan 30 05:22:14 2017 +0000 | ||
8777 | |||
8778 | upstream commit | ||
8779 | |||
8780 | fully unbreak: some $SSH invocations did not have -F | ||
8781 | specified and could pick up the ~/.ssh/config of the user running the tests | ||
8782 | |||
8783 | Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 | ||
8784 | |||
8785 | commit 6956e21fb26652887475fe77ea40d2efcf25908b | ||
8786 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8787 | Date: Mon Jan 30 04:54:07 2017 +0000 | ||
8788 | |||
8789 | upstream commit | ||
8790 | |||
8791 | partially unbreak: was not specifying hostname on some | ||
8792 | $SSH invocations | ||
8793 | |||
8794 | Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc | ||
8795 | |||
8796 | commit 52763dd3fe0a4678dafdf7aeb32286e514130afc | ||
8797 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8798 | Date: Mon Jan 30 01:03:00 2017 +0000 | ||
8799 | |||
8800 | upstream commit | ||
8801 | |||
8802 | revise keys/principals command hang fix (bz#2655) to | ||
8803 | consume entire output, avoiding sending SIGPIPE to subprocesses early; ok | ||
8804 | dtucker@ | ||
8805 | |||
8806 | Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc | ||
8807 | |||
8808 | commit 381a2615a154a82c4c53b787f4a564ef894fe9ac | ||
8809 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8810 | Date: Mon Jan 30 00:38:50 2017 +0000 | ||
8811 | |||
8812 | upstream commit | ||
8813 | |||
8814 | small cleanup post SSHv1 removal: | ||
8815 | |||
8816 | remove SSHv1-isms in commented examples | ||
8817 | |||
8818 | reorder token table to group deprecated and compile-time conditional tokens | ||
8819 | better | ||
8820 | |||
8821 | fix config dumping code for some compile-time conditional options that | ||
8822 | weren't being correctly skipped (SSHv1 and PKCS#11) | ||
8823 | |||
8824 | Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 | ||
8825 | |||
8826 | commit 4833d01591b7eb049489d9558b65f5553387ed43 | ||
8827 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8828 | Date: Mon Jan 30 00:34:01 2017 +0000 | ||
8829 | |||
8830 | upstream commit | ||
8831 | |||
8832 | some explicit NULL tests when dumping configured | ||
8833 | forwardings; from Karsten Weiss | ||
8834 | |||
8835 | Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d | ||
8836 | |||
8837 | commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 | ||
8838 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8839 | Date: Mon Jan 30 00:32:28 2017 +0000 | ||
8840 | |||
8841 | upstream commit | ||
8842 | |||
8843 | misplaced braces in test; from Karsten Weiss | ||
8844 | |||
8845 | Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae | ||
8846 | |||
8847 | commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb | ||
8848 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8849 | Date: Mon Jan 30 00:32:03 2017 +0000 | ||
8850 | |||
8851 | upstream commit | ||
8852 | |||
8853 | don't dereference authctxt before testing != NULL, it | ||
8854 | causes compilers to make assumptions; from Karsten Weiss | ||
8855 | |||
8856 | Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 | ||
8857 | |||
8858 | commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 | ||
8859 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8860 | Date: Fri Jan 6 02:51:16 2017 +0000 | ||
8861 | |||
8862 | upstream commit | ||
8863 | |||
8864 | use correct ssh-add program; bz#2654, from Colin Watson | ||
8865 | |||
8866 | Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 | ||
8867 | |||
8868 | commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 | ||
8869 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8870 | Date: Fri Jan 6 02:26:10 2017 +0000 | ||
8871 | |||
8872 | upstream commit | ||
8873 | |||
8874 | Account for timeouts in the integrity tests as failures. | ||
8875 | |||
8876 | If the first test in a series for a given MAC happens to modify the low | ||
8877 | bytes of a packet length, then ssh will time out and this will be | ||
8878 | interpreted as a test failure. Patch from cjwatson at debian.org via | ||
8879 | bz#2658. | ||
8880 | |||
8881 | Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 | ||
8882 | |||
8883 | commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 | ||
8884 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8885 | Date: Fri Jan 6 02:09:25 2017 +0000 | ||
8886 | |||
8887 | upstream commit | ||
8888 | |||
8889 | Make forwarding test less racy by using unix domain | ||
8890 | sockets instead of TCP ports where possible. Patch from cjwatson at | ||
8891 | debian.org via bz#2659. | ||
8892 | |||
8893 | Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 | ||
8894 | |||
8895 | commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 | ||
8896 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8897 | Date: Sun Jan 29 21:35:23 2017 +0000 | ||
8898 | |||
8899 | upstream commit | ||
8900 | |||
8901 | Fix typo in ~C error message for bad port forward | ||
8902 | cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's | ||
8903 | bugtracker. | ||
8904 | |||
8905 | Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af | ||
8906 | |||
8907 | commit 4ba15462ca38883b8a61a1eccc093c79462d5414 | ||
8908 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
8909 | Date: Sat Jan 21 11:32:04 2017 +0000 | ||
8910 | |||
8911 | upstream commit | ||
8912 | |||
8913 | The POSIX APIs that that sockaddrs all ignore the s*_len | ||
8914 | field in the incoming socket, so userspace doesn't need to set it unless it | ||
8915 | has its own reasons for tracking the size along with the sockaddr. | ||
8916 | |||
8917 | ok phessler@ deraadt@ florian@ | ||
8918 | |||
8919 | Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 | ||
8920 | |||
8921 | commit a1187bd3ef3e4940af849ca953a1b849dae78445 | ||
8922 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8923 | Date: Fri Jan 6 16:28:12 2017 +0000 | ||
8924 | |||
8925 | upstream commit | ||
8926 | |||
8927 | keep the tokens list sorted; | ||
8928 | |||
8929 | Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 | ||
8930 | |||
8931 | commit b64077f9767634715402014f509e58decf1e140d | ||
8932 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8933 | Date: Fri Jan 6 09:27:52 2017 +0000 | ||
8934 | |||
8935 | upstream commit | ||
8936 | |||
8937 | fix previous | ||
8938 | |||
8939 | Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 | ||
8940 | |||
8941 | commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de | ||
8942 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8943 | Date: Fri Jan 6 03:53:58 2017 +0000 | ||
8944 | |||
8945 | upstream commit | ||
8946 | |||
8947 | show a useful error message when included config files | ||
8948 | can't be opened; bz#2653, ok dtucker@ | ||
8949 | |||
8950 | Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b | ||
8951 | |||
8952 | commit 13bd2e2d622d01dc85d22b94520a5b243d006049 | ||
8953 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8954 | Date: Fri Jan 6 03:45:41 2017 +0000 | ||
8955 | |||
8956 | upstream commit | ||
8957 | |||
8958 | sshd_config is documented to set | ||
8959 | GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. | ||
8960 | bz#2637 ok dtucker | ||
8961 | |||
8962 | Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 | ||
8963 | |||
8964 | commit f89b928534c9e77f608806a217d39a2960cc7fd0 | ||
8965 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8966 | Date: Fri Jan 6 03:41:58 2017 +0000 | ||
8967 | |||
8968 | upstream commit | ||
8969 | |||
8970 | Avoid confusing error message when attempting to use | ||
8971 | ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 | ||
8972 | |||
8973 | Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 | ||
8974 | |||
8975 | commit 0999533014784579aa6f01c2d3a06e3e8804b680 | ||
8976 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8977 | Date: Fri Jan 6 02:34:54 2017 +0000 | ||
8978 | |||
8979 | upstream commit | ||
8980 | |||
8981 | Re-add '%k' token for AuthorizedKeysCommand which was | ||
8982 | lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. | ||
8983 | |||
8984 | Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 | ||
8985 | |||
8986 | commit 51045869fa084cdd016fdd721ea760417c0a3bf3 | ||
8987 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8988 | Date: Wed Jan 4 05:37:40 2017 +0000 | ||
8989 | |||
8990 | upstream commit | ||
8991 | |||
8992 | unbreak Unix domain socket forwarding for root; ok | ||
8993 | markus@ | ||
8994 | |||
8995 | Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 | ||
8996 | |||
8997 | commit 58fca12ba967ea5c768653535604e1522d177e44 | ||
8998 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8999 | Date: Mon Jan 16 09:08:32 2017 +1100 | ||
9000 | |||
9001 | Remove LOGIN_PROGRAM. | ||
9002 | |||
9003 | UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org | ||
9004 | |||
9005 | commit b108ce92aae0ca0376dce9513d953be60e449ae1 | ||
9006 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9007 | Date: Wed Jan 4 02:21:43 2017 +0000 | ||
9008 | |||
9009 | upstream commit | ||
9010 | |||
9011 | relax PKCS#11 whitelist a bit to allow libexec as well as | ||
9012 | lib directories. | ||
9013 | |||
9014 | Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 | ||
9015 | |||
9016 | commit c7995f296b9222df2846f56ecf61e5ae13d7a53d | ||
9017 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9018 | Date: Tue Jan 3 05:46:51 2017 +0000 | ||
9019 | |||
9020 | upstream commit | ||
9021 | |||
9022 | check number of entries in SSH2_FXP_NAME response; avoids | ||
9023 | unreachable overflow later. Reported by Jann Horn | ||
9024 | |||
9025 | Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f | ||
9026 | |||
9027 | commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 | ||
9028 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9029 | Date: Fri Dec 30 22:08:02 2016 +0000 | ||
9030 | |||
9031 | upstream commit | ||
9032 | |||
9033 | fix deadlock when keys/principals command produces a lot of | ||
9034 | output and a key is matched early; bz#2655, patch from jboning AT gmail.com | ||
9035 | |||
9036 | Upstream-ID: e19456429bf99087ea994432c16d00a642060afe | ||
9037 | |||
9038 | commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f | ||
9039 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9040 | Date: Tue Dec 20 12:16:11 2016 +1100 | ||
9041 | |||
9042 | Re-add missing "Prerequisites" header and fix typo | ||
9043 | |||
9044 | Patch from HARUYAMA Seigo <haruyama at unixuser org>. | ||
9045 | |||
9046 | commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 | ||
9047 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9048 | Date: Mon Dec 19 22:35:23 2016 +0000 | ||
9049 | |||
9050 | upstream commit | ||
9051 | |||
9052 | use standard /bin/sh equality test; from Mike Frysinger | ||
9053 | |||
9054 | Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 | ||
9055 | |||
9056 | commit 4a354fc231174901f2629437c2a6e924a2dd6772 | ||
9057 | Author: Damien Miller <djm@mindrot.org> | ||
9058 | Date: Mon Dec 19 15:59:26 2016 +1100 | ||
9059 | |||
9060 | crank version numbers for release | ||
9061 | |||
9062 | commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9 | ||
9063 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9064 | Date: Mon Dec 19 04:55:51 2016 +0000 | ||
9065 | |||
9066 | upstream commit | ||
9067 | |||
9068 | openssh-7.4 | ||
9069 | |||
9070 | Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79 | ||
9071 | |||
9072 | commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b | ||
9073 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9074 | Date: Mon Dec 19 04:55:18 2016 +0000 | ||
9075 | |||
9076 | upstream commit | ||
9077 | |||
9078 | remove testcase that depends on exact output and | ||
9079 | behaviour of snprintf(..., "%s", NULL) | ||
9080 | |||
9081 | Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f | ||
9082 | |||
9083 | commit eae735a82d759054f6ec7b4e887fb7a5692c66d7 | ||
9084 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9085 | Date: Mon Dec 19 03:32:57 2016 +0000 | ||
9086 | |||
9087 | upstream commit | ||
9088 | |||
9089 | Use LOGNAME to get current user and fall back to whoami if | ||
9090 | not set. Mainly to benefit -portable since some platforms don't have whoami. | ||
9091 | |||
9092 | Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa | ||
9093 | |||
9094 | commit 0d2f88428487518eea60602bd593989013831dcf | ||
9095 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9096 | Date: Fri Dec 16 03:51:19 2016 +0000 | ||
9097 | |||
9098 | upstream commit | ||
9099 | |||
9100 | Add regression test for AllowUsers and DenyUsers. Patch from | ||
9101 | Zev Weiss <zev at bewilderbeest.net> | ||
9102 | |||
9103 | Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9 | ||
9104 | |||
9105 | commit 3bc8180a008929f6fe98af4a56fb37d04444b417 | ||
9106 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9107 | Date: Fri Dec 16 15:02:24 2016 +1100 | ||
9108 | |||
9109 | Add missing monitor.h include. | ||
9110 | |||
9111 | Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net> | ||
9112 | |||
9113 | commit 410681f9015d76cc7b137dd90dac897f673244a0 | ||
9114 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9115 | Date: Fri Dec 16 02:48:55 2016 +0000 | ||
9116 | |||
9117 | upstream commit | ||
9118 | |||
9119 | revert to rev1.2; the new bits in this test depend on changes | ||
9120 | to ssh that aren't yet committed | ||
9121 | |||
9122 | Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123 | ||
9123 | |||
9124 | commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e | ||
9125 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9126 | Date: Fri Dec 16 01:06:27 2016 +0000 | ||
9127 | |||
9128 | upstream commit | ||
9129 | |||
9130 | Move the "stop sshd" code into its own helper function. | ||
9131 | Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@ | ||
9132 | |||
9133 | Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329 | ||
9134 | |||
9135 | commit e15e7152331e3976b35475fd4e9c72897ad0f074 | ||
9136 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9137 | Date: Fri Dec 16 01:01:07 2016 +0000 | ||
9138 | |||
9139 | upstream commit | ||
9140 | |||
9141 | regression test for certificates along with private key | ||
9142 | with no public half. bz#2617, mostly from Adam Eijdenberg | ||
9143 | |||
9144 | Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115 | ||
9145 | |||
9146 | commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500 | ||
9147 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9148 | Date: Thu Dec 15 23:50:37 2016 +0000 | ||
9149 | |||
9150 | upstream commit | ||
9151 | |||
9152 | Use $SUDO to read pidfile in case root's umask is | ||
9153 | restricted. From portable. | ||
9154 | |||
9155 | Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98 | ||
9156 | |||
9157 | commit fe06b68f824f8f55670442fb31f2c03526dd326c | ||
9158 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9159 | Date: Thu Dec 15 21:29:05 2016 +0000 | ||
9160 | |||
9161 | upstream commit | ||
9162 | |||
9163 | Add missing braces in DenyUsers code. Patch from zev at | ||
9164 | bewilderbeest.net, ok deraadt@ | ||
9165 | |||
9166 | Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e | ||
9167 | |||
9168 | commit dcc7d74242a574fd5c4afbb4224795b1644321e7 | ||
9169 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9170 | Date: Thu Dec 15 21:20:41 2016 +0000 | ||
9171 | |||
9172 | upstream commit | ||
9173 | |||
9174 | Fix text in error message. Patch from zev at | ||
9175 | bewilderbeest.net. | ||
9176 | |||
9177 | Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6 | ||
9178 | |||
9179 | commit b737e4d7433577403a31cff6614f6a1b0b5e22f4 | ||
9180 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9181 | Date: Wed Dec 14 00:36:34 2016 +0000 | ||
9182 | |||
9183 | upstream commit | ||
9184 | |||
9185 | disable Unix-domain socket forwarding when privsep is | ||
9186 | disabled | ||
9187 | |||
9188 | Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0 | ||
9189 | |||
9190 | commit 08a1e7014d65c5b59416a0e138c1f73f417496eb | ||
9191 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9192 | Date: Fri Dec 9 03:04:29 2016 +0000 | ||
9193 | |||
9194 | upstream commit | ||
9195 | |||
9196 | log connections dropped in excess of MaxStartups at | ||
9197 | verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@ | ||
9198 | |||
9199 | Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b | ||
9200 | |||
9201 | commit 10e290ec00964b2bf70faab15a10a5574bb80527 | ||
9202 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9203 | Date: Tue Dec 13 13:51:32 2016 +1100 | ||
9204 | |||
9205 | Get default of TEST_SSH_UTF8 from environment. | ||
9206 | |||
9207 | commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104 | ||
9208 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9209 | Date: Tue Dec 13 12:56:40 2016 +1100 | ||
9210 | |||
9211 | Remove commented-out includes. | ||
9212 | |||
9213 | These commented-out includes have "Still needed?" comments. Since | ||
9214 | they've been commented out for ~13 years I assert that they're not. | ||
9215 | |||
9216 | commit 25275f1c9d5f01a0877d39444e8f90521a598ea0 | ||
9217 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9218 | Date: Tue Dec 13 12:54:23 2016 +1100 | ||
9219 | |||
9220 | Add prototype for strcasestr in compat library. | ||
9221 | |||
9222 | commit afec07732aa2985142f3e0b9a01eb6391f523dec | ||
9223 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9224 | Date: Tue Dec 13 10:23:03 2016 +1100 | ||
9225 | |||
9226 | Add strcasestr to compat library. | ||
9227 | |||
9228 | Fixes build on (at least) Solaris 10. | ||
9229 | |||
9230 | commit dda78a03af32e7994f132d923c2046e98b7c56c8 | ||
9231 | Author: Damien Miller <djm@mindrot.org> | ||
9232 | Date: Mon Dec 12 13:57:10 2016 +1100 | ||
9233 | |||
9234 | Force Turkish locales back to C/POSIX; bz#2643 | ||
9235 | |||
9236 | Turkish locales are unique in their handling of the letters 'i' and | ||
9237 | 'I' (yes, they are different letters) and OpenSSH isn't remotely | ||
9238 | prepared to deal with that. For now, the best we can do is to force | ||
9239 | OpenSSH to use the C/POSIX locale and try to preserve the UTF-8 | ||
9240 | encoding if possible. | ||
9241 | |||
9242 | ok dtucker@ | ||
9243 | |||
9244 | commit c35995048f41239fc8895aadc3374c5f75180554 | ||
9245 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9246 | Date: Fri Dec 9 12:52:02 2016 +1100 | ||
9247 | |||
9248 | exit is in stdlib.h not unistd.h (that's _exit). | ||
9249 | |||
9250 | commit d399a8b914aace62418c0cfa20341aa37a192f98 | ||
9251 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9252 | Date: Fri Dec 9 12:33:25 2016 +1100 | ||
9253 | |||
9254 | Include <unistd.h> for exit in utf8 locale test. | ||
9255 | |||
9256 | commit 47b8c99ab3221188ad3926108dd9d36da3b528ec | ||
9257 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9258 | Date: Thu Dec 8 15:48:34 2016 +1100 | ||
9259 | |||
9260 | Check for utf8 local support before testing it. | ||
9261 | |||
9262 | Check for utf8 local support and if not found, do not attempt to run the | ||
9263 | utf8 tests. Suggested by djm@ | ||
9264 | |||
9265 | commit 4089fc1885b3a2822204effbb02b74e3da58240d | ||
9266 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9267 | Date: Thu Dec 8 12:57:24 2016 +1100 | ||
9268 | |||
9269 | Use AC_PATH_TOOL for krb5-config. | ||
9270 | |||
9271 | This will use the host-prefixed version when cross compiling; patch from | ||
9272 | david.michael at coreos.com. | ||
9273 | |||
9274 | commit b4867e0712c89b93be905220c82f0a15e6865d1e | ||
9275 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9276 | Date: Tue Dec 6 07:48:01 2016 +0000 | ||
9277 | |||
9278 | upstream commit | ||
9279 | |||
9280 | make IdentityFile successfully load and use certificates that | ||
9281 | have no corresponding bare public key. E.g. just a private id_rsa and | ||
9282 | certificate id_rsa-cert.pub (and no id_rsa.pub). | ||
9283 | |||
9284 | bz#2617 ok dtucker@ | ||
9285 | |||
9286 | Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604 | ||
9287 | |||
9288 | commit c9792783a98881eb7ed295680013ca97a958f8ac | ||
9289 | Author: Damien Miller <djm@mindrot.org> | ||
9290 | Date: Fri Nov 25 14:04:21 2016 +1100 | ||
9291 | |||
9292 | Add a gnome-ssh-askpass3 target for GTK+3 version | ||
9293 | |||
9294 | Based on patch from Colin Watson via bz#2640 | ||
9295 | |||
9296 | commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763 | ||
9297 | Author: Damien Miller <djm@mindrot.org> | ||
9298 | Date: Fri Nov 25 14:03:53 2016 +1100 | ||
9299 | |||
9300 | Make gnome-ssh-askpass2.c GTK+3-friendly | ||
9301 | |||
9302 | Patch from Colin Watson via bz#2640 | ||
9303 | |||
9304 | commit b9844a45c7f0162fd1b5465683879793d4cc4aaa | ||
9305 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9306 | Date: Sun Dec 4 23:54:02 2016 +0000 | ||
9307 | |||
9308 | upstream commit | ||
9309 | |||
9310 | Fix public key authentication when multiple | ||
9311 | authentication is in use. Instead of deleting and re-preparing the entire | ||
9312 | keys list, just reset the 'used' flags; the keys list is already in a good | ||
9313 | order (with already- tried keys at the back) | ||
9314 | |||
9315 | Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@ | ||
9316 | |||
9317 | Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176 | ||
9318 | |||
9319 | commit f2398eb774075c687b13af5bc22009eb08889abe | ||
9320 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9321 | Date: Sun Dec 4 22:27:25 2016 +0000 | ||
9322 | |||
9323 | upstream commit | ||
9324 | |||
9325 | Unlink PidFile on SIGHUP and always recreate it when the | ||
9326 | new sshd starts. Regression tests (and possibly other things) depend on the | ||
9327 | pidfile being recreated after SIGHUP, and unlinking it means it won't contain | ||
9328 | a stale pid if sshd fails to restart. ok djm@ markus@ | ||
9329 | |||
9330 | Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870 | ||
9331 | |||
9332 | commit 85aa2efeba51a96bf6834f9accf2935d96150296 | ||
9333 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9334 | Date: Wed Nov 30 03:01:33 2016 +0000 | ||
9335 | |||
9336 | upstream commit | ||
9337 | |||
9338 | test new behaviour of cert force-command restriction vs. | ||
9339 | authorized_key/ principals | ||
9340 | |||
9341 | Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c | ||
9342 | |||
9343 | commit 5d333131cd8519d022389cfd3236280818dae1bc | ||
9344 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9345 | Date: Wed Nov 30 06:54:26 2016 +0000 | ||
9346 | |||
9347 | upstream commit | ||
9348 | |||
9349 | tweak previous; while here fix up FILES and AUTHORS; | ||
9350 | |||
9351 | Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa | ||
9352 | |||
9353 | commit 786d5994da79151180cb14a6cf157ebbba61c0cc | ||
9354 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9355 | Date: Wed Nov 30 03:07:37 2016 +0000 | ||
9356 | |||
9357 | upstream commit | ||
9358 | |||
9359 | add a whitelist of paths from which ssh-agent will load | ||
9360 | (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@ | ||
9361 | |||
9362 | Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f | ||
9363 | |||
9364 | commit 7844f357cdd90530eec81340847783f1f1da010b | ||
9365 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9366 | Date: Wed Nov 30 03:00:05 2016 +0000 | ||
9367 | |||
9368 | upstream commit | ||
9369 | |||
9370 | Add a sshd_config DisableForwaring option that disables | ||
9371 | X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as | ||
9372 | anything else we might implement in the future. | ||
9373 | |||
9374 | This, like the 'restrict' authorized_keys flag, is intended to be a | ||
9375 | simple and future-proof way of restricting an account. Suggested as | ||
9376 | a complement to 'restrict' by Jann Horn; ok markus@ | ||
9377 | |||
9378 | Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7 | ||
9379 | |||
9380 | commit fd6dcef2030d23c43f986d26979f84619c10589d | ||
9381 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9382 | Date: Wed Nov 30 02:57:40 2016 +0000 | ||
9383 | |||
9384 | upstream commit | ||
9385 | |||
9386 | When a forced-command appears in both a certificate and | ||
9387 | an authorized keys/principals command= restriction, refuse to accept the | ||
9388 | certificate unless they are identical. | ||
9389 | |||
9390 | The previous (documented) behaviour of having the certificate forced- | ||
9391 | command override the other could be a bit confused and more error-prone. | ||
9392 | |||
9393 | Pointed out by Jann Horn of Project Zero; ok dtucker@ | ||
9394 | |||
9395 | Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f | ||
9396 | |||
9397 | commit 7fc4766ac78abae81ee75b22b7550720bfa28a33 | ||
9398 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9399 | Date: Wed Nov 30 00:28:31 2016 +0000 | ||
9400 | |||
9401 | upstream commit | ||
9402 | |||
9403 | On startup, check to see if sshd is already daemonized | ||
9404 | and if so, skip the call to daemon() and do not rewrite the PidFile. This | ||
9405 | means that when sshd re-execs itself on SIGHUP the process ID will no longer | ||
9406 | change. Should address bz#2641. ok djm@ markus@. | ||
9407 | |||
9408 | Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9 | ||
9409 | |||
9410 | commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc | ||
9411 | Author: Damien Miller <djm@mindrot.org> | ||
9412 | Date: Wed Nov 30 13:51:49 2016 +1100 | ||
9413 | |||
9414 | factor out common PRNG reseed before privdrop | ||
9415 | |||
9416 | Add a call to RAND_poll() to ensure than more than pid+time gets | ||
9417 | stirred into child processes states. Prompted by analysis from Jann | ||
9418 | Horn at Project Zero. ok dtucker@ | ||
9419 | |||
9420 | commit 79e4829ec81dead1b30999e1626eca589319a47f | ||
9421 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9422 | Date: Fri Nov 25 03:02:01 2016 +0000 | ||
9423 | |||
9424 | upstream commit | ||
9425 | |||
9426 | Allow PuTTY interop tests to run unattended. bz#2639, | ||
9427 | patch from cjwatson at debian.org. | ||
9428 | |||
9429 | Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0 | ||
9430 | |||
9431 | commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc | ||
9432 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9433 | Date: Fri Nov 25 02:56:49 2016 +0000 | ||
9434 | |||
9435 | upstream commit | ||
9436 | |||
9437 | Reverse args to sshd-log-wrapper. Matches change in | ||
9438 | portable, where it allows sshd do be optionally run under Valgrind. | ||
9439 | |||
9440 | Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906 | ||
9441 | |||
9442 | commit bd13017736ec2f8f9ca498fe109fb0035f322733 | ||
9443 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9444 | Date: Fri Nov 25 02:49:18 2016 +0000 | ||
9445 | |||
9446 | upstream commit | ||
9447 | |||
9448 | Fix typo in trace message; from portable. | ||
9449 | |||
9450 | Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a | ||
9451 | |||
9452 | commit 7da751d8b007c7f3e814fd5737c2351440d78b4c | ||
9453 | Author: tb@openbsd.org <tb@openbsd.org> | ||
9454 | Date: Tue Nov 1 13:43:27 2016 +0000 | ||
9455 | |||
9456 | upstream commit | ||
9457 | |||
9458 | Clean up MALLOC_OPTIONS. For the unittests, move | ||
9459 | MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc. | ||
9460 | |||
9461 | ok otto | ||
9462 | |||
9463 | Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12 | ||
9464 | |||
9465 | commit 36f58e68221bced35e06d1cca8d97c48807a8b71 | ||
9466 | Author: tb@openbsd.org <tb@openbsd.org> | ||
9467 | Date: Mon Oct 31 23:45:08 2016 +0000 | ||
9468 | |||
9469 | upstream commit | ||
9470 | |||
9471 | Remove the obsolete A and P flags from MALLOC_OPTIONS. | ||
9472 | |||
9473 | ok dtucker | ||
9474 | |||
9475 | Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59 | ||
9476 | |||
9477 | commit b0899ee26a6630883c0f2350098b6a35e647f512 | ||
9478 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9479 | Date: Tue Nov 29 03:54:50 2016 +0000 | ||
9480 | |||
9481 | upstream commit | ||
9482 | |||
9483 | Factor out code to disconnect from controlling terminal | ||
9484 | into its own function. ok djm@ | ||
9485 | |||
9486 | Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885 | ||
9487 | |||
9488 | commit 54d022026aae4f53fa74cc636e4a032d9689b64d | ||
9489 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9490 | Date: Fri Nov 25 23:24:45 2016 +0000 | ||
9491 | |||
9492 | upstream commit | ||
9493 | |||
9494 | use sshbuf_allocate() to pre-allocate the buffer used for | ||
9495 | loading keys. This avoids implicit realloc inside the buffer code, which | ||
9496 | might theoretically leave fragments of the key on the heap. This doesn't | ||
9497 | appear to happen in practice for normal sized keys, but was observed for | ||
9498 | novelty oversize ones. | ||
9499 | |||
9500 | Pointed out by Jann Horn of Project Zero; ok markus@ | ||
9501 | |||
9502 | Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1 | ||
9503 | |||
9504 | commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e | ||
9505 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9506 | Date: Fri Nov 25 23:22:04 2016 +0000 | ||
9507 | |||
9508 | upstream commit | ||
9509 | |||
9510 | split allocation out of sshbuf_reserve() into a separate | ||
9511 | sshbuf_allocate() function; ok markus@ | ||
9512 | |||
9513 | Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2 | ||
9514 | |||
9515 | commit f0ddedee460486fa0e32fefb2950548009e5026e | ||
9516 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9517 | Date: Wed Nov 23 23:14:15 2016 +0000 | ||
9518 | |||
9519 | upstream commit | ||
9520 | |||
9521 | allow ClientAlive{Interval,CountMax} in Match; ok dtucker, | ||
9522 | djm | ||
9523 | |||
9524 | Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55 | ||
9525 | |||
9526 | commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a | ||
9527 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9528 | Date: Tue Nov 8 22:04:34 2016 +0000 | ||
9529 | |||
9530 | upstream commit | ||
9531 | |||
9532 | unbreak DenyUsers; reported by henning@ | ||
9533 | |||
9534 | Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2 | ||
9535 | |||
9536 | commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a | ||
9537 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9538 | Date: Sun Nov 6 05:46:37 2016 +0000 | ||
9539 | |||
9540 | upstream commit | ||
9541 | |||
9542 | Validate address ranges for AllowUser/DenyUsers at | ||
9543 | configuration load time and refuse to accept bad ones. It was previously | ||
9544 | possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and | ||
9545 | these would always match. | ||
9546 | |||
9547 | Thanks to Laurence Parry for a detailed bug report. ok markus (for | ||
9548 | a previous diff version) | ||
9549 | |||
9550 | Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb | ||
9551 | |||
9552 | commit efb494e81d1317209256b38b49f4280897c61e69 | ||
9553 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9554 | Date: Fri Oct 28 03:33:52 2016 +0000 | ||
9555 | |||
9556 | upstream commit | ||
9557 | |||
9558 | Improve pkcs11_add_provider() logging: demote some | ||
9559 | excessively verbose error()s to debug()s, include PKCS#11 provider name and | ||
9560 | slot in log messages where possible. bz#2610, based on patch from Jakub Jelen | ||
9561 | |||
9562 | Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d | ||
9563 | |||
9564 | commit 5ee3fb5affd7646f141749483205ade5fc54adaf | ||
9565 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9566 | Date: Tue Nov 1 08:12:33 2016 +1100 | ||
9567 | |||
9568 | Use ptrace(PT_DENY_ATTACH, ..) on OS X. | ||
9569 | |||
9570 | commit 315d2a4e674d0b7115574645cb51f968420ebb34 | ||
9571 | Author: Damien Miller <djm@mindrot.org> | ||
9572 | Date: Fri Oct 28 14:34:07 2016 +1100 | ||
9573 | |||
9574 | Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL | ||
9575 | |||
9576 | ok dtucker@ | ||
9577 | |||
9578 | commit a9ff3950b8e80ff971b4d44bbce96df27aed28af | ||
9579 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9580 | Date: Fri Oct 28 14:26:58 2016 +1100 | ||
9581 | |||
9582 | Move OPENSSL_NO_RIPEMD160 to compat. | ||
9583 | |||
9584 | Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the | ||
9585 | ripemd160 MACs. | ||
9586 | |||
9587 | commit bce58885160e5db2adda3054c3b81fe770f7285a | ||
9588 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9589 | Date: Fri Oct 28 13:52:31 2016 +1100 | ||
9590 | |||
9591 | Check if RIPEMD160 is disabled in OpenSSL. | ||
9592 | |||
9593 | commit d924640d4c355d1b5eca1f4cc60146a9975dbbff | ||
9594 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9595 | Date: Fri Oct 28 13:38:19 2016 +1100 | ||
9596 | |||
9597 | Skip ssh1 specfic ciphers. | ||
9598 | |||
9599 | cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try | ||
9600 | to compile them when Protocol 1 is not enabled. | ||
9601 | |||
9602 | commit 79d078e7a49caef746516d9710ec369ba45feab6 | ||
9603 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
9604 | Date: Tue Oct 25 04:08:13 2016 +0000 | ||
9605 | |||
9606 | upstream commit | ||
9607 | |||
9608 | Fix logic in add_local_forward() that inverted a test | ||
9609 | when code was refactored out into bind_permitted(). This broke ssh port | ||
9610 | forwarding for non-priv ports as a non root user. | ||
9611 | |||
9612 | ok dtucker@ 'looks good' deraadt@ | ||
9613 | |||
9614 | Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9 | ||
9615 | |||
9616 | commit a903e315dee483e555c8a3a02c2946937f9b4e5d | ||
9617 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9618 | Date: Mon Oct 24 01:09:17 2016 +0000 | ||
9619 | |||
9620 | upstream commit | ||
9621 | |||
9622 | Remove dead breaks, found via opencoverage.net. ok | ||
9623 | deraadt@ | ||
9624 | |||
9625 | Upstream-ID: ad9cc655829d67fad219762810770787ba913069 | ||
9626 | |||
9627 | commit b4e96b4c9bea4182846e4942ba2048e6d708ee54 | ||
9628 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9629 | Date: Wed Oct 26 08:43:25 2016 +1100 | ||
9630 | |||
9631 | Use !=NULL instead of >0 for getdefaultproj. | ||
9632 | |||
9633 | getdefaultproj() returns a pointer so test it for NULL inequality | ||
9634 | instead of >0. Fixes compiler warning and is more correct. Patch from | ||
9635 | David Binderman. | ||
9636 | |||
9637 | commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5 | ||
9638 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9639 | Date: Sun Oct 23 22:04:05 2016 +0000 | ||
9640 | |||
9641 | upstream commit | ||
9642 | |||
9643 | Factor out "can bind to low ports" check into its own function. This will | ||
9644 | make it easier for Portable to support platforms with permissions models | ||
9645 | other than uid==0 (eg bz#2625). ok djm@, "doesn't offend me too much" | ||
9646 | deraadt@. | ||
9647 | |||
9648 | Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface | ||
9649 | |||
9650 | commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894 | ||
9651 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9652 | Date: Wed Oct 19 23:21:56 2016 +0000 | ||
9653 | |||
9654 | upstream commit | ||
9655 | |||
9656 | When tearing down ControlMaster connecctions, don't | ||
9657 | pollute stderr when LogLevel=quiet. Patch from Tim Kuijsten via tech@. | ||
9658 | |||
9659 | Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced | ||
9660 | |||
9661 | commit 09e6a7d8354224933febc08ddcbc2010f542284e | ||
9662 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9663 | Date: Mon Oct 24 09:06:18 2016 +1100 | ||
9664 | |||
9665 | Wrap stdint.h include in ifdef. | ||
9666 | |||
9667 | commit 08d9e9516e587b25127545c029e5464b2e7f2919 | ||
9668 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9669 | Date: Fri Oct 21 09:46:46 2016 +1100 | ||
9670 | |||
9671 | Fix formatting. | ||
9672 | |||
9673 | commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d | ||
9674 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9675 | Date: Fri Oct 21 06:55:58 2016 +1100 | ||
9676 | |||
9677 | Update links to https. | ||
9678 | |||
9679 | www.openssh.com now supports https and ftp.openbsd.org no longer | ||
9680 | supports ftp. Make all links to these https. | ||
9681 | |||
9682 | commit dd4e7212a6141f37742de97795e79db51e4427ad | ||
9683 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9684 | Date: Fri Oct 21 06:48:46 2016 +1100 | ||
9685 | |||
9686 | Update host key generation examples. | ||
9687 | |||
9688 | Remove ssh1 host key generation, add ssh-keygen -A | ||
9689 | |||
9690 | commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639 | ||
9691 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9692 | Date: Fri Oct 21 05:22:55 2016 +1100 | ||
9693 | |||
9694 | Update links. | ||
9695 | |||
9696 | Make links to openssh.com HTTPS now that it's supported, point release | ||
9697 | notes link to the HTML release notes page, and update a couple of other | ||
9698 | links and bits of text. | ||
9699 | |||
9700 | commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6 | ||
9701 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9702 | Date: Thu Oct 20 03:42:09 2016 +1100 | ||
9703 | |||
9704 | Remote channels .orig and .rej files. | ||
9705 | |||
9706 | These files were incorrectly added during an OpenBSD sync. | ||