diff options
author | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-09-14 15:43:03 +0100 |
commit | 8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch) | |
tree | e6cb74192adb00fda5e4d1457547851d7e0d86af /ChangeLog | |
parent | 328b60656f29db6306994d7498dede386ec2d1c3 (diff) | |
parent | c41345ad7ee5a22689e2c009595e85fa27b4b39a (diff) |
merge 6.3p1
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 631 |
1 files changed, 624 insertions, 7 deletions
@@ -1,17 +1,628 @@ | |||
1 | 20130913 | ||
2 | - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code; | ||
3 | ok dtucker@ | ||
4 | - (djm) [channels.c] sigh, typo s/buffet_/buffer_/ | ||
5 | - (djm) Release 6.3p1 | ||
6 | |||
7 | 20130808 | ||
8 | - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt | ||
9 | since some platforms (eg really old FreeBSD) don't have it. Instead, | ||
10 | run "make clean" before a complete regress run. ok djm. | ||
11 | - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime( | ||
12 | CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the | ||
13 | CLOCK_MONOTONIC define but don't actually support it. Found and tested | ||
14 | by Kevin Brott, ok djm. | ||
15 | - (dtucker) [misc.c] Remove define added for fallback testing that was | ||
16 | mistakenly included in the previous commit. | ||
17 | - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt | ||
18 | removal. The "make clean" removes modpipe which is built by the top-level | ||
19 | directory before running the tests. Spotted by tim@ | ||
20 | |||
21 | 20130804 | ||
22 | - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support | ||
23 | for building with older Heimdal versions. ok djm. | ||
24 | |||
25 | 20130801 | ||
26 | - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non- | ||
27 | blocking connecting socket will clear any stored errno that might | ||
28 | otherwise have been retrievable via getsockopt(). A hack to limit writes | ||
29 | to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap | ||
30 | it in an #ifdef. Diagnosis and patch from Ivo Raisr. | ||
31 | - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134 | ||
32 | |||
33 | 20130725 | ||
34 | - (djm) OpenBSD CVS Sync | ||
35 | - djm@cvs.openbsd.org 2013/07/20 22:20:42 | ||
36 | [krl.c] | ||
37 | fix verification error in (as-yet usused) KRL signature checking path | ||
38 | - djm@cvs.openbsd.org 2013/07/22 05:00:17 | ||
39 | [umac.c] | ||
40 | make MAC key, data to be hashed and nonce for final hash const; | ||
41 | checked with -Wcast-qual | ||
42 | - djm@cvs.openbsd.org 2013/07/22 12:20:02 | ||
43 | [umac.h] | ||
44 | oops, forgot to commit corresponding header change; | ||
45 | spotted by jsg and jasper | ||
46 | - djm@cvs.openbsd.org 2013/07/25 00:29:10 | ||
47 | [ssh.c] | ||
48 | daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure | ||
49 | it is fully detached from its controlling terminal. based on debugging | ||
50 | - djm@cvs.openbsd.org 2013/07/25 00:56:52 | ||
51 | [sftp-client.c sftp-client.h sftp.1 sftp.c] | ||
52 | sftp support for resuming partial downloads; patch mostly by Loganaden | ||
53 | Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@ | ||
54 | "Just be careful" deraadt@ | ||
55 | - djm@cvs.openbsd.org 2013/07/25 00:57:37 | ||
56 | [version.h] | ||
57 | openssh-6.3 for release | ||
58 | - dtucker@cvs.openbsd.org 2013/05/30 20:12:32 | ||
59 | [regress/test-exec.sh] | ||
60 | use ssh and sshd as testdata since it needs to be >256k for the rekey test | ||
61 | - dtucker@cvs.openbsd.org 2013/06/10 21:56:43 | ||
62 | [regress/forwarding.sh] | ||
63 | Add test for forward config parsing | ||
64 | - djm@cvs.openbsd.org 2013/06/21 02:26:26 | ||
65 | [regress/sftp-cmds.sh regress/test-exec.sh] | ||
66 | unbreak sftp-cmds for renamed test data (s/ls/data/) | ||
67 | - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on | ||
68 | Solaris and UnixWare. Feedback and OK djm@ | ||
69 | - (tim) [regress/forwarding.sh] Fix for building outside source tree. | ||
70 | |||
71 | 20130720 | ||
72 | - (djm) OpenBSD CVS Sync | ||
73 | - markus@cvs.openbsd.org 2013/07/19 07:37:48 | ||
74 | [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c] | ||
75 | [servconf.h session.c sshd.c sshd_config.5] | ||
76 | add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, | ||
77 | or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974 | ||
78 | ok djm@ | ||
79 | - djm@cvs.openbsd.org 2013/07/20 01:43:46 | ||
80 | [umac.c] | ||
81 | use a union to ensure correct alignment; ok deraadt | ||
82 | - djm@cvs.openbsd.org 2013/07/20 01:44:37 | ||
83 | [ssh-keygen.c ssh.c] | ||
84 | More useful error message on missing current user in /etc/passwd | ||
85 | - djm@cvs.openbsd.org 2013/07/20 01:50:20 | ||
86 | [ssh-agent.c] | ||
87 | call cleanup_handler on SIGINT when in debug mode to ensure sockets | ||
88 | are cleaned up on manual exit; bz#2120 | ||
89 | - djm@cvs.openbsd.org 2013/07/20 01:55:13 | ||
90 | [auth-krb5.c gss-serv-krb5.c gss-serv.c] | ||
91 | fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@ | ||
92 | |||
93 | 20130718 | ||
94 | - (djm) OpenBSD CVS Sync | ||
95 | - dtucker@cvs.openbsd.org 2013/06/10 19:19:44 | ||
96 | [readconf.c] | ||
97 | revert 1.203 while we investigate crashes reported by okan@ | ||
98 | - guenther@cvs.openbsd.org 2013/06/17 04:48:42 | ||
99 | [scp.c] | ||
100 | Handle time_t values as long long's when formatting them and when | ||
101 | parsing them from remote servers. | ||
102 | Improve error checking in parsing of 'T' lines. | ||
103 | ok dtucker@ deraadt@ | ||
104 | - markus@cvs.openbsd.org 2013/06/20 19:15:06 | ||
105 | [krl.c] | ||
106 | don't leak the rdata blob on errors; ok djm@ | ||
107 | - djm@cvs.openbsd.org 2013/06/21 00:34:49 | ||
108 | [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c] | ||
109 | for hostbased authentication, print the client host and user on | ||
110 | the auth success/failure line; bz#2064, ok dtucker@ | ||
111 | - djm@cvs.openbsd.org 2013/06/21 00:37:49 | ||
112 | [ssh_config.5] | ||
113 | explicitly mention that IdentitiesOnly can be used with IdentityFile | ||
114 | to control which keys are offered from an agent. | ||
115 | - djm@cvs.openbsd.org 2013/06/21 05:42:32 | ||
116 | [dh.c] | ||
117 | sprinkle in some error() to explain moduli(5) parse failures | ||
118 | - djm@cvs.openbsd.org 2013/06/21 05:43:10 | ||
119 | [scp.c] | ||
120 | make this -Wsign-compare clean after time_t conversion | ||
121 | - djm@cvs.openbsd.org 2013/06/22 06:31:57 | ||
122 | [scp.c] | ||
123 | improved time_t overflow check suggested by guenther@ | ||
124 | - jmc@cvs.openbsd.org 2013/06/27 14:05:37 | ||
125 | [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
126 | do not use Sx for sections outwith the man page - ingo informs me that | ||
127 | stuff like html will render with broken links; | ||
128 | issue reported by Eric S. Raymond, via djm | ||
129 | - markus@cvs.openbsd.org 2013/07/02 12:31:43 | ||
130 | [dh.c] | ||
131 | remove extra whitespace | ||
132 | - djm@cvs.openbsd.org 2013/07/12 00:19:59 | ||
133 | [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c] | ||
134 | [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c] | ||
135 | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | ||
136 | - djm@cvs.openbsd.org 2013/07/12 00:20:00 | ||
137 | [sftp.c ssh-keygen.c ssh-pkcs11.c] | ||
138 | fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@ | ||
139 | - djm@cvs.openbsd.org 2013/07/12 00:43:50 | ||
140 | [misc.c] | ||
141 | in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when | ||
142 | errno == 0. Avoids confusing error message in some broken resolver | ||
143 | cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker | ||
144 | - djm@cvs.openbsd.org 2013/07/12 05:42:03 | ||
145 | [ssh-keygen.c] | ||
146 | do_print_resource_record() can never be called with a NULL filename, so | ||
147 | don't attempt (and bungle) asking for one if it has not been specified | ||
148 | bz#2127 ok dtucker@ | ||
149 | - djm@cvs.openbsd.org 2013/07/12 05:48:55 | ||
150 | [ssh.c] | ||
151 | set TCP nodelay for connections started with -N; bz#2124 ok dtucker@ | ||
152 | - schwarze@cvs.openbsd.org 2013/07/16 00:07:52 | ||
153 | [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8] | ||
154 | use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@ | ||
155 | - djm@cvs.openbsd.org 2013/07/18 01:12:26 | ||
156 | [ssh.1] | ||
157 | be more exact wrt perms for ~/.ssh/config; bz#2078 | ||
158 | |||
159 | 20130702 | ||
160 | - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config | ||
161 | contrib/cygwin/ssh-user-config] Modernizes and improve readability of | ||
162 | the Cygwin README file (which hasn't been updated for ages), drop | ||
163 | unsupported OSes from the ssh-host-config help text, and drop an | ||
164 | unneeded option from ssh-user-config. Patch from vinschen at redhat com. | ||
165 | |||
166 | 20130610 | ||
167 | - (djm) OpenBSD CVS Sync | ||
168 | - dtucker@cvs.openbsd.org 2013/06/07 15:37:52 | ||
169 | [channels.c channels.h clientloop.c] | ||
170 | Add an "ABANDONED" channel state and use for mux sessions that are | ||
171 | disconnected via the ~. escape sequence. Channels in this state will | ||
172 | be able to close if the server responds, but do not count as active channels. | ||
173 | This means that if you ~. all of the mux clients when using ControlPersist | ||
174 | on a broken network, the backgrounded mux master will exit when the | ||
175 | Control Persist time expires rather than hanging around indefinitely. | ||
176 | bz#1917, also reported and tested by tedu@. ok djm@ markus@. | ||
177 | - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported | ||
178 | algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. | ||
179 | - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have | ||
180 | the required OpenSSL support. Patch from naddy at freebsd. | ||
181 | - (dtucker) [myproposal.h] Make the conditional algorithm support consistent | ||
182 | and add some comments so it's clear what goes where. | ||
183 | |||
184 | 20130605 | ||
185 | - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of | ||
186 | the necessary functions, not from the openssl version. | ||
187 | - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test. | ||
188 | Patch from cjwatson at debian. | ||
189 | - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the | ||
190 | forwarding test is extremely slow copying data on some machines so switch | ||
191 | back to copying the much smaller ls binary until we can figure out why | ||
192 | this is. | ||
193 | - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building | ||
194 | modpipe in case there's anything in there we need. | ||
195 | - (dtucker) OpenBSD CVS Sync | ||
196 | - dtucker@cvs.openbsd.org 2013/06/02 21:01:51 | ||
197 | [channels.h] | ||
198 | typo in comment | ||
199 | - dtucker@cvs.openbsd.org 2013/06/02 23:36:29 | ||
200 | [clientloop.h clientloop.c mux.c] | ||
201 | No need for the mux cleanup callback to be visible so restore it to static | ||
202 | and call it through the detach_user function pointer. ok djm@ | ||
203 | - dtucker@cvs.openbsd.org 2013/06/03 00:03:18 | ||
204 | [mac.c] | ||
205 | force the MAC output to be 64-bit aligned so umac won't see unaligned | ||
206 | accesses on strict-alignment architectures. bz#2101, patch from | ||
207 | tomas.kuthan at oracle.com, ok djm@ | ||
208 | - dtucker@cvs.openbsd.org 2013/06/04 19:12:23 | ||
209 | [scp.c] | ||
210 | use MAXPATHLEN for buffer size instead of fixed value. ok markus | ||
211 | - dtucker@cvs.openbsd.org 2013/06/04 20:42:36 | ||
212 | [sftp.c] | ||
213 | Make sftp's libedit interface marginally multibyte aware by building up | ||
214 | the quoted string by character instead of by byte. Prevents failures | ||
215 | when linked against a libedit built with wide character support (bz#1990). | ||
216 | "looks ok" djm | ||
217 | - dtucker@cvs.openbsd.org 2013/06/05 02:07:29 | ||
218 | [mux.c] | ||
219 | fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967, | ||
220 | ok djm | ||
221 | - dtucker@cvs.openbsd.org 2013/06/05 02:27:50 | ||
222 | [sshd.c] | ||
223 | When running sshd -D, close stderr unless we have explicitly requesting | ||
224 | logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch | ||
225 | so, err, ok dtucker. | ||
226 | - dtucker@cvs.openbsd.org 2013/06/05 12:52:38 | ||
227 | [sshconnect2.c] | ||
228 | Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm | ||
229 | - dtucker@cvs.openbsd.org 2013/06/05 22:00:28 | ||
230 | [readconf.c] | ||
231 | plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm | ||
232 | - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for | ||
233 | platforms that don't have multibyte character support (specifically, | ||
234 | mblen). | ||
235 | |||
236 | 20130602 | ||
237 | - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy | ||
238 | linking regress/modpipe. | ||
239 | - (dtucker) OpenBSD CVS Sync | ||
240 | - dtucker@cvs.openbsd.org 2013/06/02 13:33:05 | ||
241 | [progressmeter.c] | ||
242 | Add misc.h for monotime prototype. (ID sync only). | ||
243 | - dtucker@cvs.openbsd.org 2013/06/02 13:35:58 | ||
244 | [ssh-agent.c] | ||
245 | Make parent_alive_interval time_t to avoid signed/unsigned comparison | ||
246 | - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms | ||
247 | to prevent noise from configure. Patch from Nathan Osman. (bz#2114). | ||
248 | - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android. | ||
249 | Patch from Nathan Osman. | ||
250 | - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we | ||
251 | need a shell that can handle "[ file1 -nt file2 ]". Rather than keep | ||
252 | dealing with shell portability issues in regression tests, we let | ||
253 | configure find us a capable shell on those platforms with an old /bin/sh. | ||
254 | - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr. | ||
255 | feedback and ok dtucker | ||
256 | - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker | ||
257 | - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h. | ||
258 | - (dtucker) [configure.ac] Some other platforms need sys/types.h before | ||
259 | sys/socket.h. | ||
260 | |||
261 | 20130601 | ||
262 | - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to | ||
263 | using openssl's DES_crypt function on platorms that don't have a native | ||
264 | one, eg Android. Based on a patch from Nathan Osman. | ||
265 | - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS | ||
266 | rather than trying to enumerate the plaforms that don't have them. | ||
267 | Based on a patch from Nathan Osman, with help from tim@. | ||
268 | - (dtucker) OpenBSD CVS Sync | ||
269 | - djm@cvs.openbsd.org 2013/05/17 00:13:13 | ||
270 | [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c | ||
271 | ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c | ||
272 | gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c | ||
273 | auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c | ||
274 | servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c | ||
275 | auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c | ||
276 | sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c | ||
277 | kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c | ||
278 | kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c | ||
279 | monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c | ||
280 | ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c | ||
281 | sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c | ||
282 | ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c | ||
283 | dns.c packet.c readpass.c authfd.c moduli.c] | ||
284 | bye, bye xfree(); ok markus@ | ||
285 | - djm@cvs.openbsd.org 2013/05/19 02:38:28 | ||
286 | [auth2-pubkey.c] | ||
287 | fix failure to recognise cert-authority keys if a key of a different type | ||
288 | appeared in authorized_keys before it; ok markus@ | ||
289 | - djm@cvs.openbsd.org 2013/05/19 02:42:42 | ||
290 | [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h] | ||
291 | Standardise logging of supplemental information during userauth. Keys | ||
292 | and ruser is now logged in the auth success/failure message alongside | ||
293 | the local username, remote host/port and protocol in use. Certificates | ||
294 | contents and CA are logged too. | ||
295 | Pushing all logging onto a single line simplifies log analysis as it is | ||
296 | no longer necessary to relate information scattered across multiple log | ||
297 | entries. "I like it" markus@ | ||
298 | - dtucker@cvs.openbsd.org 2013/05/31 12:28:10 | ||
299 | [ssh-agent.c] | ||
300 | Use time_t where appropriate. ok djm | ||
301 | - dtucker@cvs.openbsd.org 2013/06/01 13:15:52 | ||
302 | [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c | ||
303 | channels.c sandbox-systrace.c] | ||
304 | Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like | ||
305 | keepalives and rekeying will work properly over clock steps. Suggested by | ||
306 | markus@, "looks good" djm@. | ||
307 | - dtucker@cvs.openbsd.org 2013/06/01 20:59:25 | ||
308 | [scp.c sftp-client.c] | ||
309 | Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch | ||
310 | from Nathan Osman via bz#2085. ok deraadt. | ||
311 | - dtucker@cvs.openbsd.org 2013/06/01 22:34:50 | ||
312 | [sftp-client.c] | ||
313 | Update progressmeter when data is acked, not when it's sent. bz#2108, from | ||
314 | Debian via Colin Watson, ok djm@ | ||
315 | - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c | ||
316 | groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c | ||
317 | sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c | ||
318 | openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c | ||
319 | openbsd-compat/port-linux.c] Replace portable-specific instances of xfree | ||
320 | with the equivalent calls to free. | ||
321 | - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall | ||
322 | back to time(NULL) if we can't find it anywhere. | ||
323 | - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday. | ||
324 | |||
325 | 20130529 | ||
326 | - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null | ||
327 | implementation of endgrent for platforms that don't have it (eg Android). | ||
328 | Loosely based on a patch from Nathan Osman, ok djm | ||
329 | |||
330 | 20130517 | ||
331 | - (dtucker) OpenBSD CVS Sync | ||
332 | - djm@cvs.openbsd.org 2013/03/07 00:20:34 | ||
333 | [regress/proxy-connect.sh] | ||
334 | repeat test with a style appended to the username | ||
335 | - dtucker@cvs.openbsd.org 2013/03/23 11:09:43 | ||
336 | [regress/test-exec.sh] | ||
337 | Only regenerate host keys if they don't exist or if ssh-keygen has changed | ||
338 | since they were. Reduces test runtime by 5-30% depending on machine | ||
339 | speed. | ||
340 | - dtucker@cvs.openbsd.org 2013/04/06 06:00:22 | ||
341 | [regress/rekey.sh regress/test-exec.sh regress/integrity.sh | ||
342 | regress/multiplex.sh Makefile regress/cfgmatch.sh] | ||
343 | Split the regress log into 3 parts: the debug output from ssh, the debug | ||
344 | log from sshd and the output from the client command (ssh, scp or sftp). | ||
345 | Somewhat functional now, will become more useful when ssh/sshd -E is added. | ||
346 | - dtucker@cvs.openbsd.org 2013/04/07 02:16:03 | ||
347 | [regress/Makefile regress/rekey.sh regress/integrity.sh | ||
348 | regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh] | ||
349 | use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and | ||
350 | save the output from any failing tests. If a test fails the debug output | ||
351 | from ssh and sshd for the failing tests (and only the failing tests) should | ||
352 | be available in failed-ssh{,d}.log. | ||
353 | - djm@cvs.openbsd.org 2013/04/18 02:46:12 | ||
354 | [regress/Makefile regress/sftp-chroot.sh] | ||
355 | test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@ | ||
356 | - dtucker@cvs.openbsd.org 2013/04/22 07:23:08 | ||
357 | [regress/multiplex.sh] | ||
358 | Write mux master logs to regress.log instead of ssh.log to keep separate | ||
359 | - djm@cvs.openbsd.org 2013/05/10 03:46:14 | ||
360 | [regress/modpipe.c] | ||
361 | sync some portability changes from portable OpenSSH (id sync only) | ||
362 | - dtucker@cvs.openbsd.org 2013/05/16 02:10:35 | ||
363 | [regress/rekey.sh] | ||
364 | Add test for time-based rekeying | ||
365 | - dtucker@cvs.openbsd.org 2013/05/16 03:33:30 | ||
366 | [regress/rekey.sh] | ||
367 | test rekeying when there's no data being transferred | ||
368 | - dtucker@cvs.openbsd.org 2013/05/16 04:26:10 | ||
369 | [regress/rekey.sh] | ||
370 | add server-side rekey test | ||
371 | - dtucker@cvs.openbsd.org 2013/05/16 05:48:31 | ||
372 | [regress/rekey.sh] | ||
373 | add tests for RekeyLimit parsing | ||
374 | - dtucker@cvs.openbsd.org 2013/05/17 00:37:40 | ||
375 | [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh | ||
376 | regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh | ||
377 | regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh | ||
378 | regress/ssh-com.sh] | ||
379 | replace 'echo -n' with 'printf' since it's more portable | ||
380 | also remove "echon" hack. | ||
381 | - dtucker@cvs.openbsd.org 2013/05/17 01:16:09 | ||
382 | [regress/agent-timeout.sh] | ||
383 | Pull back some portability changes from -portable: | ||
384 | - TIMEOUT is a read-only variable in some shells | ||
385 | - not all greps have -q so redirect to /dev/null instead. | ||
386 | (ID sync only) | ||
387 | - dtucker@cvs.openbsd.org 2013/05/17 01:32:11 | ||
388 | [regress/integrity.sh] | ||
389 | don't print output from ssh before getting it (it's available in ssh.log) | ||
390 | - dtucker@cvs.openbsd.org 2013/05/17 04:29:14 | ||
391 | [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh | ||
392 | regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh | ||
393 | regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh | ||
394 | regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh | ||
395 | regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh | ||
396 | regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh | ||
397 | regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh | ||
398 | regress/multiplex.sh] | ||
399 | Move the setting of DATA and COPY into test-exec.sh | ||
400 | - dtucker@cvs.openbsd.org 2013/05/17 10:16:26 | ||
401 | [regress/try-ciphers.sh] | ||
402 | use expr for math to keep diffs vs portable down | ||
403 | (id sync only) | ||
404 | - dtucker@cvs.openbsd.org 2013/05/17 10:23:52 | ||
405 | [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh] | ||
406 | Use SUDO when cat'ing pid files and running the sshd log wrapper so that | ||
407 | it works with a restrictive umask and the pid files are not world readable. | ||
408 | Changes from -portable. (id sync only) | ||
409 | - dtucker@cvs.openbsd.org 2013/05/17 10:24:48 | ||
410 | [regress/localcommand.sh] | ||
411 | use backticks for portability. (id sync only) | ||
412 | - dtucker@cvs.openbsd.org 2013/05/17 10:26:26 | ||
413 | [regress/sftp-badcmds.sh] | ||
414 | remove unused BATCH variable. (id sync only) | ||
415 | - dtucker@cvs.openbsd.org 2013/05/17 10:28:11 | ||
416 | [regress/sftp.sh] | ||
417 | only compare copied data if sftp succeeds. from portable (id sync only) | ||
418 | - dtucker@cvs.openbsd.org 2013/05/17 10:30:07 | ||
419 | [regress/test-exec.sh] | ||
420 | wait a bit longer for startup and use case for absolute path. | ||
421 | from portable (id sync only) | ||
422 | - dtucker@cvs.openbsd.org 2013/05/17 10:33:09 | ||
423 | [regress/agent-getpeereid.sh] | ||
424 | don't redirect stdout from sudo. from portable (id sync only) | ||
425 | - dtucker@cvs.openbsd.org 2013/05/17 10:34:30 | ||
426 | [regress/portnum.sh] | ||
427 | use a more portable negated if structure. from portable (id sync only) | ||
428 | - dtucker@cvs.openbsd.org 2013/05/17 10:35:43 | ||
429 | [regress/scp.sh] | ||
430 | use a file extention that's not special on some platforms. from portable | ||
431 | (id sync only) | ||
432 | - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it | ||
433 | in portable and it's long gone in openbsd. | ||
434 | - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange | ||
435 | methods. When the openssl version doesn't support ECDH then next one on | ||
436 | the list is DH group exchange, but that causes a bit more traffic which can | ||
437 | mean that the tests flip bits in the initial exchange rather than the MACed | ||
438 | traffic and we get different errors to what the tests look for. | ||
439 | - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits. | ||
440 | - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd. | ||
441 | - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd. | ||
442 | - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh] | ||
443 | Move the jot helper function to portable-specific part of test-exec.sh. | ||
444 | - (dtucker) [regress/test-exec.sh] Move the portable-specific functions | ||
445 | together and add a couple of missing lines from openbsd. | ||
446 | - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5 | ||
447 | helper function to the portable part of test-exec.sh. | ||
448 | - (dtucker) [regress/runtests.sh] Remove obsolete test driver script. | ||
449 | - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by | ||
450 | rev 1.6 which calls wait. | ||
451 | |||
1 | 20130516 | 452 | 20130516 |
2 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be | 453 | - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be |
3 | executed if mktemp failed; bz#2105 ok dtucker@ | 454 | executed if mktemp failed; bz#2105 ok dtucker@ |
4 | - (djm) Release 6.2p2 | 455 | - (dtucker) OpenBSD CVS Sync |
456 | - tedu@cvs.openbsd.org 2013/04/23 17:49:45 | ||
457 | [misc.c] | ||
458 | use xasprintf instead of a series of strlcats and strdup. ok djm | ||
459 | - tedu@cvs.openbsd.org 2013/04/24 16:01:46 | ||
460 | [misc.c] | ||
461 | remove extra parens noticed by nicm | ||
462 | - dtucker@cvs.openbsd.org 2013/05/06 07:35:12 | ||
463 | [sftp-server.8] | ||
464 | Reference the version of the sftp draft we actually implement. ok djm@ | ||
465 | - djm@cvs.openbsd.org 2013/05/10 03:40:07 | ||
466 | [sshconnect2.c] | ||
467 | fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from | ||
468 | Colin Watson | ||
469 | - djm@cvs.openbsd.org 2013/05/10 04:08:01 | ||
470 | [key.c] | ||
471 | memleak in cert_free(), wasn't actually freeing the struct; | ||
472 | bz#2096 from shm AT digitalsun.pl | ||
473 | - dtucker@cvs.openbsd.org 2013/05/10 10:13:50 | ||
474 | [ssh-pkcs11-helper.c] | ||
475 | remove unused extern optarg. ok markus@ | ||
476 | - dtucker@cvs.openbsd.org 2013/05/16 02:00:34 | ||
477 | [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c | ||
478 | ssh_config.5 packet.h] | ||
479 | Add an optional second argument to RekeyLimit in the client to allow | ||
480 | rekeying based on elapsed time in addition to amount of traffic. | ||
481 | with djm@ jmc@, ok djm | ||
482 | - dtucker@cvs.openbsd.org 2013/05/16 04:09:14 | ||
483 | [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config | ||
484 | sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing | ||
485 | rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man | ||
486 | page. | ||
487 | - djm@cvs.openbsd.org 2013/05/16 04:27:50 | ||
488 | [ssh_config.5 readconf.h readconf.c] | ||
489 | add the ability to ignore specific unrecognised ssh_config options; | ||
490 | bz#866; ok markus@ | ||
491 | - jmc@cvs.openbsd.org 2013/05/16 06:28:45 | ||
492 | [ssh_config.5] | ||
493 | put IgnoreUnknown in the right place; | ||
494 | - jmc@cvs.openbsd.org 2013/05/16 06:30:06 | ||
495 | [sshd_config.5] | ||
496 | oops! avoid Xr to self; | ||
497 | - dtucker@cvs.openbsd.org 2013/05/16 09:08:41 | ||
498 | [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c] | ||
499 | Fix some "unused result" warnings found via clang and -portable. | ||
500 | ok markus@ | ||
501 | - dtucker@cvs.openbsd.org 2013/05/16 09:12:31 | ||
502 | [readconf.c servconf.c] | ||
503 | switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@ | ||
504 | - dtucker@cvs.openbsd.org 2013/05/16 10:43:34 | ||
505 | [servconf.c readconf.c] | ||
506 | remove now-unused variables | ||
507 | - dtucker@cvs.openbsd.org 2013/05/16 10:44:06 | ||
508 | [servconf.c] | ||
509 | remove another now-unused variable | ||
510 | - (dtucker) [configure.ac readconf.c servconf.c | ||
511 | openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled. | ||
5 | 512 | ||
6 | 20130510 | 513 | 20130510 |
7 | - (djm) OpenBSD CVS Cherrypick | 514 | - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler |
515 | supports it. Mentioned by Colin Watson in bz#2100, ok djm. | ||
516 | - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to | ||
517 | getopt.c. Preprocessed source is identical other than line numbers. | ||
518 | - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No | ||
519 | portability changes yet. | ||
520 | - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c | ||
521 | openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add | ||
522 | portability code to getopt_long.c and switch over Makefile and the ugly | ||
523 | hack in modpipe.c. Fixes bz#1448. | ||
524 | - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c | ||
525 | openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb | ||
526 | in to use it when we're using our own getopt. | ||
527 | - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the | ||
528 | underlying libraries support them. | ||
529 | - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so | ||
530 | we don't get a warning on compilers that *don't* support it. Add | ||
531 | -Wno-unknown-warning-option. Move both to the start of the list for | ||
532 | maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9. | ||
533 | |||
534 | 20130423 | ||
535 | - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support | ||
536 | platforms, such as Android, that lack struct passwd.pw_gecos. Report | ||
537 | and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@ | ||
538 | - (djm) OpenBSD CVS Sync | ||
539 | - markus@cvs.openbsd.org 2013/03/05 20:16:09 | ||
540 | [sshconnect2.c] | ||
541 | reset pubkey order on partial success; ok djm@ | ||
542 | - djm@cvs.openbsd.org 2013/03/06 23:35:23 | ||
543 | [session.c] | ||
544 | fatal() when ChrootDirectory specified by running without root privileges; | ||
545 | ok markus@ | ||
546 | - djm@cvs.openbsd.org 2013/03/06 23:36:53 | ||
547 | [readconf.c] | ||
548 | g/c unused variable (-Wunused) | ||
549 | - djm@cvs.openbsd.org 2013/03/07 00:19:59 | ||
550 | [auth2-pubkey.c monitor.c] | ||
551 | reconstruct the original username that was sent by the client, which may | ||
552 | have included a style (e.g. "root:skey") when checking public key | ||
553 | signatures. Fixes public key and hostbased auth when the client specified | ||
554 | a style; ok markus@ | ||
555 | - markus@cvs.openbsd.org 2013/03/07 19:27:25 | ||
556 | [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5] | ||
557 | add submethod support to AuthenticationMethods; ok and freedback djm@ | ||
558 | - djm@cvs.openbsd.org 2013/03/08 06:32:58 | ||
559 | [ssh.c] | ||
560 | allow "ssh -f none ..." ok markus@ | ||
561 | - djm@cvs.openbsd.org 2013/04/05 00:14:00 | ||
562 | [auth2-gss.c krl.c sshconnect2.c] | ||
563 | hush some {unused, printf type} warnings | ||
564 | - djm@cvs.openbsd.org 2013/04/05 00:31:49 | ||
565 | [pathnames.h] | ||
566 | use the existing _PATH_SSH_USER_RC define to construct the other | ||
567 | pathnames; bz#2077, ok dtucker@ (no binary change) | ||
568 | - djm@cvs.openbsd.org 2013/04/05 00:58:51 | ||
569 | [mux.c] | ||
570 | cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too | ||
571 | (in addition to ones already in OPEN); bz#2079, ok dtucker@ | ||
572 | - markus@cvs.openbsd.org 2013/04/06 16:07:00 | ||
573 | [channels.c sshd.c] | ||
574 | handle ECONNABORTED for accept(); ok deraadt some time ago... | ||
575 | - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 | ||
576 | [log.c log.h ssh.1 ssh.c sshd.8 sshd.c] | ||
577 | Add -E option to ssh and sshd to append debugging logs to a specified file | ||
578 | instead of stderr or syslog. ok markus@, man page help jmc@ | ||
579 | - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 | ||
580 | [sshd.8] | ||
581 | clarify -e text. suggested by & ok jmc@ | ||
8 | - djm@cvs.openbsd.org 2013/04/11 02:27:50 | 582 | - djm@cvs.openbsd.org 2013/04/11 02:27:50 |
9 | [packet.c] | 583 | [packet.c] |
10 | quiet disconnect notifications on the server from error() back to logit() | 584 | quiet disconnect notifications on the server from error() back to logit() |
11 | if it is a normal client closure; bz#2057 ok+feedback dtucker@ | 585 | if it is a normal client closure; bz#2057 ok+feedback dtucker@ |
12 | - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | 586 | - dtucker@cvs.openbsd.org 2013/04/17 09:04:09 |
13 | [contrib/suse/openssh.spec] Crank version numbers for release. | 587 | [session.c] |
14 | - (djm) [README] Update release notes URL | 588 | revert rev 1.262; it fails because uid is already set here. ok djm@ |
589 | - djm@cvs.openbsd.org 2013/04/18 02:16:07 | ||
590 | [sftp.c] | ||
591 | make "sftp -q" do what it says on the sticker: hush everything but errors; | ||
592 | ok dtucker@ | ||
593 | - djm@cvs.openbsd.org 2013/04/19 01:00:10 | ||
594 | [sshd_config.5] | ||
595 | document the requirment that the AuthorizedKeysCommand be owned by root; | ||
596 | ok dtucker@ markus@ | ||
597 | - djm@cvs.openbsd.org 2013/04/19 01:01:00 | ||
598 | [ssh-keygen.c] | ||
599 | fix some memory leaks; bz#2088 ok dtucker@ | ||
600 | - djm@cvs.openbsd.org 2013/04/19 01:03:01 | ||
601 | [session.c] | ||
602 | reintroduce 1.262 without the connection-killing bug: | ||
603 | fatal() when ChrootDirectory specified by running without root privileges; | ||
604 | ok markus@ | ||
605 | - djm@cvs.openbsd.org 2013/04/19 01:06:50 | ||
606 | [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c] | ||
607 | [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c] | ||
608 | add the ability to query supported ciphers, MACs, key type and KEX | ||
609 | algorithms to ssh. Includes some refactoring of KEX and key type handling | ||
610 | to be table-driven; ok markus@ | ||
611 | - djm@cvs.openbsd.org 2013/04/19 11:10:18 | ||
612 | [ssh.c] | ||
613 | add -Q to usage; reminded by jmc@ | ||
614 | - djm@cvs.openbsd.org 2013/04/19 12:07:08 | ||
615 | [kex.c] | ||
616 | remove duplicated list entry pointed out by naddy@ | ||
617 | - dtucker@cvs.openbsd.org 2013/04/22 01:17:18 | ||
618 | [mux.c] | ||
619 | typo in debug output: evitval->exitval | ||
620 | |||
621 | 20130418 | ||
622 | - (djm) [config.guess config.sub] Update to last versions before they switch | ||
623 | to GPL3. ok dtucker@ | ||
624 | - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from | ||
625 | unused argument warnings (in particular, -fno-builtin-memset) from clang. | ||
15 | 626 | ||
16 | 20130404 | 627 | 20130404 |
17 | - (dtucker) OpenBSD CVS Sync | 628 | - (dtucker) OpenBSD CVS Sync |
@@ -40,10 +651,16 @@ | |||
40 | to avoid conflicting definitions of __int64, adding the required bits. | 651 | to avoid conflicting definitions of __int64, adding the required bits. |
41 | Patch from Corinna Vinschen. | 652 | Patch from Corinna Vinschen. |
42 | 653 | ||
654 | 20120323 | ||
655 | - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. | ||
656 | |||
43 | 20120322 | 657 | 20120322 |
44 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil | 658 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil |
45 | Hands' greatly revised version. | 659 | Hands' greatly revised version. |
46 | - (djm) Release 6.2p1 | 660 | - (djm) Release 6.2p1 |
661 | - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. | ||
662 | - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before | ||
663 | defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. | ||
47 | 664 | ||
48 | 20120318 | 665 | 20120318 |
49 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] | 666 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] |