summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-09-14 15:43:03 +0100
committerColin Watson <cjwatson@debian.org>2013-09-14 15:43:03 +0100
commit8faf8c84430cf3c19705b1d9f8889d256e7fd1fd (patch)
treee6cb74192adb00fda5e4d1457547851d7e0d86af /ChangeLog
parent328b60656f29db6306994d7498dede386ec2d1c3 (diff)
parentc41345ad7ee5a22689e2c009595e85fa27b4b39a (diff)
merge 6.3p1
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog631
1 files changed, 624 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index f5e2df0d0..1a0d2545e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,17 +1,628 @@
120130913
2 - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code;
3 ok dtucker@
4 - (djm) [channels.c] sigh, typo s/buffet_/buffer_/
5 - (djm) Release 6.3p1
6
720130808
8 - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
9 since some platforms (eg really old FreeBSD) don't have it. Instead,
10 run "make clean" before a complete regress run. ok djm.
11 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
12 CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
13 CLOCK_MONOTONIC define but don't actually support it. Found and tested
14 by Kevin Brott, ok djm.
15 - (dtucker) [misc.c] Remove define added for fallback testing that was
16 mistakenly included in the previous commit.
17 - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
18 removal. The "make clean" removes modpipe which is built by the top-level
19 directory before running the tests. Spotted by tim@
20
2120130804
22 - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
23 for building with older Heimdal versions. ok djm.
24
2520130801
26 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
27 blocking connecting socket will clear any stored errno that might
28 otherwise have been retrievable via getsockopt(). A hack to limit writes
29 to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
30 it in an #ifdef. Diagnosis and patch from Ivo Raisr.
31 - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
32
3320130725
34 - (djm) OpenBSD CVS Sync
35 - djm@cvs.openbsd.org 2013/07/20 22:20:42
36 [krl.c]
37 fix verification error in (as-yet usused) KRL signature checking path
38 - djm@cvs.openbsd.org 2013/07/22 05:00:17
39 [umac.c]
40 make MAC key, data to be hashed and nonce for final hash const;
41 checked with -Wcast-qual
42 - djm@cvs.openbsd.org 2013/07/22 12:20:02
43 [umac.h]
44 oops, forgot to commit corresponding header change;
45 spotted by jsg and jasper
46 - djm@cvs.openbsd.org 2013/07/25 00:29:10
47 [ssh.c]
48 daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
49 it is fully detached from its controlling terminal. based on debugging
50 - djm@cvs.openbsd.org 2013/07/25 00:56:52
51 [sftp-client.c sftp-client.h sftp.1 sftp.c]
52 sftp support for resuming partial downloads; patch mostly by Loganaden
53 Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
54 "Just be careful" deraadt@
55 - djm@cvs.openbsd.org 2013/07/25 00:57:37
56 [version.h]
57 openssh-6.3 for release
58 - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
59 [regress/test-exec.sh]
60 use ssh and sshd as testdata since it needs to be >256k for the rekey test
61 - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
62 [regress/forwarding.sh]
63 Add test for forward config parsing
64 - djm@cvs.openbsd.org 2013/06/21 02:26:26
65 [regress/sftp-cmds.sh regress/test-exec.sh]
66 unbreak sftp-cmds for renamed test data (s/ls/data/)
67 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
68 Solaris and UnixWare. Feedback and OK djm@
69 - (tim) [regress/forwarding.sh] Fix for building outside source tree.
70
7120130720
72 - (djm) OpenBSD CVS Sync
73 - markus@cvs.openbsd.org 2013/07/19 07:37:48
74 [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
75 [servconf.h session.c sshd.c sshd_config.5]
76 add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
77 or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
78 ok djm@
79 - djm@cvs.openbsd.org 2013/07/20 01:43:46
80 [umac.c]
81 use a union to ensure correct alignment; ok deraadt
82 - djm@cvs.openbsd.org 2013/07/20 01:44:37
83 [ssh-keygen.c ssh.c]
84 More useful error message on missing current user in /etc/passwd
85 - djm@cvs.openbsd.org 2013/07/20 01:50:20
86 [ssh-agent.c]
87 call cleanup_handler on SIGINT when in debug mode to ensure sockets
88 are cleaned up on manual exit; bz#2120
89 - djm@cvs.openbsd.org 2013/07/20 01:55:13
90 [auth-krb5.c gss-serv-krb5.c gss-serv.c]
91 fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
92
9320130718
94 - (djm) OpenBSD CVS Sync
95 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
96 [readconf.c]
97 revert 1.203 while we investigate crashes reported by okan@
98 - guenther@cvs.openbsd.org 2013/06/17 04:48:42
99 [scp.c]
100 Handle time_t values as long long's when formatting them and when
101 parsing them from remote servers.
102 Improve error checking in parsing of 'T' lines.
103 ok dtucker@ deraadt@
104 - markus@cvs.openbsd.org 2013/06/20 19:15:06
105 [krl.c]
106 don't leak the rdata blob on errors; ok djm@
107 - djm@cvs.openbsd.org 2013/06/21 00:34:49
108 [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
109 for hostbased authentication, print the client host and user on
110 the auth success/failure line; bz#2064, ok dtucker@
111 - djm@cvs.openbsd.org 2013/06/21 00:37:49
112 [ssh_config.5]
113 explicitly mention that IdentitiesOnly can be used with IdentityFile
114 to control which keys are offered from an agent.
115 - djm@cvs.openbsd.org 2013/06/21 05:42:32
116 [dh.c]
117 sprinkle in some error() to explain moduli(5) parse failures
118 - djm@cvs.openbsd.org 2013/06/21 05:43:10
119 [scp.c]
120 make this -Wsign-compare clean after time_t conversion
121 - djm@cvs.openbsd.org 2013/06/22 06:31:57
122 [scp.c]
123 improved time_t overflow check suggested by guenther@
124 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
125 [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
126 do not use Sx for sections outwith the man page - ingo informs me that
127 stuff like html will render with broken links;
128 issue reported by Eric S. Raymond, via djm
129 - markus@cvs.openbsd.org 2013/07/02 12:31:43
130 [dh.c]
131 remove extra whitespace
132 - djm@cvs.openbsd.org 2013/07/12 00:19:59
133 [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
134 [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
135 fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
136 - djm@cvs.openbsd.org 2013/07/12 00:20:00
137 [sftp.c ssh-keygen.c ssh-pkcs11.c]
138 fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
139 - djm@cvs.openbsd.org 2013/07/12 00:43:50
140 [misc.c]
141 in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
142 errno == 0. Avoids confusing error message in some broken resolver
143 cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
144 - djm@cvs.openbsd.org 2013/07/12 05:42:03
145 [ssh-keygen.c]
146 do_print_resource_record() can never be called with a NULL filename, so
147 don't attempt (and bungle) asking for one if it has not been specified
148 bz#2127 ok dtucker@
149 - djm@cvs.openbsd.org 2013/07/12 05:48:55
150 [ssh.c]
151 set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
152 - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
153 [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
154 use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
155 - djm@cvs.openbsd.org 2013/07/18 01:12:26
156 [ssh.1]
157 be more exact wrt perms for ~/.ssh/config; bz#2078
158
15920130702
160 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
161 contrib/cygwin/ssh-user-config] Modernizes and improve readability of
162 the Cygwin README file (which hasn't been updated for ages), drop
163 unsupported OSes from the ssh-host-config help text, and drop an
164 unneeded option from ssh-user-config. Patch from vinschen at redhat com.
165
16620130610
167 - (djm) OpenBSD CVS Sync
168 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
169 [channels.c channels.h clientloop.c]
170 Add an "ABANDONED" channel state and use for mux sessions that are
171 disconnected via the ~. escape sequence. Channels in this state will
172 be able to close if the server responds, but do not count as active channels.
173 This means that if you ~. all of the mux clients when using ControlPersist
174 on a broken network, the backgrounded mux master will exit when the
175 Control Persist time expires rather than hanging around indefinitely.
176 bz#1917, also reported and tested by tedu@. ok djm@ markus@.
177 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
178 algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
179 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
180 the required OpenSSL support. Patch from naddy at freebsd.
181 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
182 and add some comments so it's clear what goes where.
183
18420130605
185 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
186 the necessary functions, not from the openssl version.
187 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
188 Patch from cjwatson at debian.
189 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
190 forwarding test is extremely slow copying data on some machines so switch
191 back to copying the much smaller ls binary until we can figure out why
192 this is.
193 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
194 modpipe in case there's anything in there we need.
195 - (dtucker) OpenBSD CVS Sync
196 - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
197 [channels.h]
198 typo in comment
199 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
200 [clientloop.h clientloop.c mux.c]
201 No need for the mux cleanup callback to be visible so restore it to static
202 and call it through the detach_user function pointer. ok djm@
203 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
204 [mac.c]
205 force the MAC output to be 64-bit aligned so umac won't see unaligned
206 accesses on strict-alignment architectures. bz#2101, patch from
207 tomas.kuthan at oracle.com, ok djm@
208 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
209 [scp.c]
210 use MAXPATHLEN for buffer size instead of fixed value. ok markus
211 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
212 [sftp.c]
213 Make sftp's libedit interface marginally multibyte aware by building up
214 the quoted string by character instead of by byte. Prevents failures
215 when linked against a libedit built with wide character support (bz#1990).
216 "looks ok" djm
217 - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
218 [mux.c]
219 fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
220 ok djm
221 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
222 [sshd.c]
223 When running sshd -D, close stderr unless we have explicitly requesting
224 logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
225 so, err, ok dtucker.
226 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
227 [sshconnect2.c]
228 Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
229 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
230 [readconf.c]
231 plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
232 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
233 platforms that don't have multibyte character support (specifically,
234 mblen).
235
23620130602
237 - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
238 linking regress/modpipe.
239 - (dtucker) OpenBSD CVS Sync
240 - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
241 [progressmeter.c]
242 Add misc.h for monotime prototype. (ID sync only).
243 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
244 [ssh-agent.c]
245 Make parent_alive_interval time_t to avoid signed/unsigned comparison
246 - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
247 to prevent noise from configure. Patch from Nathan Osman. (bz#2114).
248 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
249 Patch from Nathan Osman.
250 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
251 need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
252 dealing with shell portability issues in regression tests, we let
253 configure find us a capable shell on those platforms with an old /bin/sh.
254 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
255 feedback and ok dtucker
256 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
257 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
258 - (dtucker) [configure.ac] Some other platforms need sys/types.h before
259 sys/socket.h.
260
26120130601
262 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
263 using openssl's DES_crypt function on platorms that don't have a native
264 one, eg Android. Based on a patch from Nathan Osman.
265 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
266 rather than trying to enumerate the plaforms that don't have them.
267 Based on a patch from Nathan Osman, with help from tim@.
268 - (dtucker) OpenBSD CVS Sync
269 - djm@cvs.openbsd.org 2013/05/17 00:13:13
270 [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
271 ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
272 gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
273 auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
274 servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
275 auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
276 sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
277 kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
278 kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
279 monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
280 ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
281 sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
282 ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
283 dns.c packet.c readpass.c authfd.c moduli.c]
284 bye, bye xfree(); ok markus@
285 - djm@cvs.openbsd.org 2013/05/19 02:38:28
286 [auth2-pubkey.c]
287 fix failure to recognise cert-authority keys if a key of a different type
288 appeared in authorized_keys before it; ok markus@
289 - djm@cvs.openbsd.org 2013/05/19 02:42:42
290 [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
291 Standardise logging of supplemental information during userauth. Keys
292 and ruser is now logged in the auth success/failure message alongside
293 the local username, remote host/port and protocol in use. Certificates
294 contents and CA are logged too.
295 Pushing all logging onto a single line simplifies log analysis as it is
296 no longer necessary to relate information scattered across multiple log
297 entries. "I like it" markus@
298 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
299 [ssh-agent.c]
300 Use time_t where appropriate. ok djm
301 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
302 [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
303 channels.c sandbox-systrace.c]
304 Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
305 keepalives and rekeying will work properly over clock steps. Suggested by
306 markus@, "looks good" djm@.
307 - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
308 [scp.c sftp-client.c]
309 Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
310 from Nathan Osman via bz#2085. ok deraadt.
311 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
312 [sftp-client.c]
313 Update progressmeter when data is acked, not when it's sent. bz#2108, from
314 Debian via Colin Watson, ok djm@
315 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
316 groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
317 sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
318 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
319 openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
320 with the equivalent calls to free.
321 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
322 back to time(NULL) if we can't find it anywhere.
323 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
324
32520130529
326 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
327 implementation of endgrent for platforms that don't have it (eg Android).
328 Loosely based on a patch from Nathan Osman, ok djm
329
330 20130517
331 - (dtucker) OpenBSD CVS Sync
332 - djm@cvs.openbsd.org 2013/03/07 00:20:34
333 [regress/proxy-connect.sh]
334 repeat test with a style appended to the username
335 - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
336 [regress/test-exec.sh]
337 Only regenerate host keys if they don't exist or if ssh-keygen has changed
338 since they were. Reduces test runtime by 5-30% depending on machine
339 speed.
340 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
341 [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
342 regress/multiplex.sh Makefile regress/cfgmatch.sh]
343 Split the regress log into 3 parts: the debug output from ssh, the debug
344 log from sshd and the output from the client command (ssh, scp or sftp).
345 Somewhat functional now, will become more useful when ssh/sshd -E is added.
346 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
347 [regress/Makefile regress/rekey.sh regress/integrity.sh
348 regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
349 use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
350 save the output from any failing tests. If a test fails the debug output
351 from ssh and sshd for the failing tests (and only the failing tests) should
352 be available in failed-ssh{,d}.log.
353 - djm@cvs.openbsd.org 2013/04/18 02:46:12
354 [regress/Makefile regress/sftp-chroot.sh]
355 test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
356 - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
357 [regress/multiplex.sh]
358 Write mux master logs to regress.log instead of ssh.log to keep separate
359 - djm@cvs.openbsd.org 2013/05/10 03:46:14
360 [regress/modpipe.c]
361 sync some portability changes from portable OpenSSH (id sync only)
362 - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
363 [regress/rekey.sh]
364 Add test for time-based rekeying
365 - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
366 [regress/rekey.sh]
367 test rekeying when there's no data being transferred
368 - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
369 [regress/rekey.sh]
370 add server-side rekey test
371 - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
372 [regress/rekey.sh]
373 add tests for RekeyLimit parsing
374 - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
375 [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
376 regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
377 regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
378 regress/ssh-com.sh]
379 replace 'echo -n' with 'printf' since it's more portable
380 also remove "echon" hack.
381 - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
382 [regress/agent-timeout.sh]
383 Pull back some portability changes from -portable:
384 - TIMEOUT is a read-only variable in some shells
385 - not all greps have -q so redirect to /dev/null instead.
386 (ID sync only)
387 - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
388 [regress/integrity.sh]
389 don't print output from ssh before getting it (it's available in ssh.log)
390 - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
391 [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
392 regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
393 regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
394 regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
395 regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
396 regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
397 regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
398 regress/multiplex.sh]
399 Move the setting of DATA and COPY into test-exec.sh
400 - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
401 [regress/try-ciphers.sh]
402 use expr for math to keep diffs vs portable down
403 (id sync only)
404 - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
405 [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
406 Use SUDO when cat'ing pid files and running the sshd log wrapper so that
407 it works with a restrictive umask and the pid files are not world readable.
408 Changes from -portable. (id sync only)
409 - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
410 [regress/localcommand.sh]
411 use backticks for portability. (id sync only)
412 - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
413 [regress/sftp-badcmds.sh]
414 remove unused BATCH variable. (id sync only)
415 - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
416 [regress/sftp.sh]
417 only compare copied data if sftp succeeds. from portable (id sync only)
418 - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
419 [regress/test-exec.sh]
420 wait a bit longer for startup and use case for absolute path.
421 from portable (id sync only)
422 - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
423 [regress/agent-getpeereid.sh]
424 don't redirect stdout from sudo. from portable (id sync only)
425 - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
426 [regress/portnum.sh]
427 use a more portable negated if structure. from portable (id sync only)
428 - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
429 [regress/scp.sh]
430 use a file extention that's not special on some platforms. from portable
431 (id sync only)
432 - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
433 in portable and it's long gone in openbsd.
434 - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
435 methods. When the openssl version doesn't support ECDH then next one on
436 the list is DH group exchange, but that causes a bit more traffic which can
437 mean that the tests flip bits in the initial exchange rather than the MACed
438 traffic and we get different errors to what the tests look for.
439 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
440 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
441 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
442 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
443 Move the jot helper function to portable-specific part of test-exec.sh.
444 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
445 together and add a couple of missing lines from openbsd.
446 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
447 helper function to the portable part of test-exec.sh.
448 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
449 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
450 rev 1.6 which calls wait.
451
120130516 45220130516
2 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be 453 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
3 executed if mktemp failed; bz#2105 ok dtucker@ 454 executed if mktemp failed; bz#2105 ok dtucker@
4 - (djm) Release 6.2p2 455 - (dtucker) OpenBSD CVS Sync
456 - tedu@cvs.openbsd.org 2013/04/23 17:49:45
457 [misc.c]
458 use xasprintf instead of a series of strlcats and strdup. ok djm
459 - tedu@cvs.openbsd.org 2013/04/24 16:01:46
460 [misc.c]
461 remove extra parens noticed by nicm
462 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
463 [sftp-server.8]
464 Reference the version of the sftp draft we actually implement. ok djm@
465 - djm@cvs.openbsd.org 2013/05/10 03:40:07
466 [sshconnect2.c]
467 fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
468 Colin Watson
469 - djm@cvs.openbsd.org 2013/05/10 04:08:01
470 [key.c]
471 memleak in cert_free(), wasn't actually freeing the struct;
472 bz#2096 from shm AT digitalsun.pl
473 - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
474 [ssh-pkcs11-helper.c]
475 remove unused extern optarg. ok markus@
476 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
477 [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
478 ssh_config.5 packet.h]
479 Add an optional second argument to RekeyLimit in the client to allow
480 rekeying based on elapsed time in addition to amount of traffic.
481 with djm@ jmc@, ok djm
482 - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
483 [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
484 sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
485 rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
486 page.
487 - djm@cvs.openbsd.org 2013/05/16 04:27:50
488 [ssh_config.5 readconf.h readconf.c]
489 add the ability to ignore specific unrecognised ssh_config options;
490 bz#866; ok markus@
491 - jmc@cvs.openbsd.org 2013/05/16 06:28:45
492 [ssh_config.5]
493 put IgnoreUnknown in the right place;
494 - jmc@cvs.openbsd.org 2013/05/16 06:30:06
495 [sshd_config.5]
496 oops! avoid Xr to self;
497 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
498 [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
499 Fix some "unused result" warnings found via clang and -portable.
500 ok markus@
501 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
502 [readconf.c servconf.c]
503 switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
504 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
505 [servconf.c readconf.c]
506 remove now-unused variables
507 - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
508 [servconf.c]
509 remove another now-unused variable
510 - (dtucker) [configure.ac readconf.c servconf.c
511 openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
5 512
620130510 51320130510
7 - (djm) OpenBSD CVS Cherrypick 514 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
515 supports it. Mentioned by Colin Watson in bz#2100, ok djm.
516 - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
517 getopt.c. Preprocessed source is identical other than line numbers.
518 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
519 portability changes yet.
520 - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
521 openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
522 portability code to getopt_long.c and switch over Makefile and the ugly
523 hack in modpipe.c. Fixes bz#1448.
524 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
525 openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
526 in to use it when we're using our own getopt.
527 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
528 underlying libraries support them.
529 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
530 we don't get a warning on compilers that *don't* support it. Add
531 -Wno-unknown-warning-option. Move both to the start of the list for
532 maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
533
53420130423
535 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
536 platforms, such as Android, that lack struct passwd.pw_gecos. Report
537 and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
538 - (djm) OpenBSD CVS Sync
539 - markus@cvs.openbsd.org 2013/03/05 20:16:09
540 [sshconnect2.c]
541 reset pubkey order on partial success; ok djm@
542 - djm@cvs.openbsd.org 2013/03/06 23:35:23
543 [session.c]
544 fatal() when ChrootDirectory specified by running without root privileges;
545 ok markus@
546 - djm@cvs.openbsd.org 2013/03/06 23:36:53
547 [readconf.c]
548 g/c unused variable (-Wunused)
549 - djm@cvs.openbsd.org 2013/03/07 00:19:59
550 [auth2-pubkey.c monitor.c]
551 reconstruct the original username that was sent by the client, which may
552 have included a style (e.g. "root:skey") when checking public key
553 signatures. Fixes public key and hostbased auth when the client specified
554 a style; ok markus@
555 - markus@cvs.openbsd.org 2013/03/07 19:27:25
556 [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
557 add submethod support to AuthenticationMethods; ok and freedback djm@
558 - djm@cvs.openbsd.org 2013/03/08 06:32:58
559 [ssh.c]
560 allow "ssh -f none ..." ok markus@
561 - djm@cvs.openbsd.org 2013/04/05 00:14:00
562 [auth2-gss.c krl.c sshconnect2.c]
563 hush some {unused, printf type} warnings
564 - djm@cvs.openbsd.org 2013/04/05 00:31:49
565 [pathnames.h]
566 use the existing _PATH_SSH_USER_RC define to construct the other
567 pathnames; bz#2077, ok dtucker@ (no binary change)
568 - djm@cvs.openbsd.org 2013/04/05 00:58:51
569 [mux.c]
570 cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
571 (in addition to ones already in OPEN); bz#2079, ok dtucker@
572 - markus@cvs.openbsd.org 2013/04/06 16:07:00
573 [channels.c sshd.c]
574 handle ECONNABORTED for accept(); ok deraadt some time ago...
575 - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
576 [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
577 Add -E option to ssh and sshd to append debugging logs to a specified file
578 instead of stderr or syslog. ok markus@, man page help jmc@
579 - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
580 [sshd.8]
581 clarify -e text. suggested by & ok jmc@
8 - djm@cvs.openbsd.org 2013/04/11 02:27:50 582 - djm@cvs.openbsd.org 2013/04/11 02:27:50
9 [packet.c] 583 [packet.c]
10 quiet disconnect notifications on the server from error() back to logit() 584 quiet disconnect notifications on the server from error() back to logit()
11 if it is a normal client closure; bz#2057 ok+feedback dtucker@ 585 if it is a normal client closure; bz#2057 ok+feedback dtucker@
12 - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 586 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
13 [contrib/suse/openssh.spec] Crank version numbers for release. 587 [session.c]
14 - (djm) [README] Update release notes URL 588 revert rev 1.262; it fails because uid is already set here. ok djm@
589 - djm@cvs.openbsd.org 2013/04/18 02:16:07
590 [sftp.c]
591 make "sftp -q" do what it says on the sticker: hush everything but errors;
592 ok dtucker@
593 - djm@cvs.openbsd.org 2013/04/19 01:00:10
594 [sshd_config.5]
595 document the requirment that the AuthorizedKeysCommand be owned by root;
596 ok dtucker@ markus@
597 - djm@cvs.openbsd.org 2013/04/19 01:01:00
598 [ssh-keygen.c]
599 fix some memory leaks; bz#2088 ok dtucker@
600 - djm@cvs.openbsd.org 2013/04/19 01:03:01
601 [session.c]
602 reintroduce 1.262 without the connection-killing bug:
603 fatal() when ChrootDirectory specified by running without root privileges;
604 ok markus@
605 - djm@cvs.openbsd.org 2013/04/19 01:06:50
606 [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
607 [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
608 add the ability to query supported ciphers, MACs, key type and KEX
609 algorithms to ssh. Includes some refactoring of KEX and key type handling
610 to be table-driven; ok markus@
611 - djm@cvs.openbsd.org 2013/04/19 11:10:18
612 [ssh.c]
613 add -Q to usage; reminded by jmc@
614 - djm@cvs.openbsd.org 2013/04/19 12:07:08
615 [kex.c]
616 remove duplicated list entry pointed out by naddy@
617 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
618 [mux.c]
619 typo in debug output: evitval->exitval
620
62120130418
622 - (djm) [config.guess config.sub] Update to last versions before they switch
623 to GPL3. ok dtucker@
624 - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
625 unused argument warnings (in particular, -fno-builtin-memset) from clang.
15 626
1620130404 62720130404
17 - (dtucker) OpenBSD CVS Sync 628 - (dtucker) OpenBSD CVS Sync
@@ -40,10 +651,16 @@
40 to avoid conflicting definitions of __int64, adding the required bits. 651 to avoid conflicting definitions of __int64, adding the required bits.
41 Patch from Corinna Vinschen. 652 Patch from Corinna Vinschen.
42 653
65420120323
655 - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
656
4320120322 65720120322
44 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 658 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
45 Hands' greatly revised version. 659 Hands' greatly revised version.
46 - (djm) Release 6.2p1 660 - (djm) Release 6.2p1
661 - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
662 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
663 defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
47 664
4820120318 66520120318
49 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 666 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]