summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2015-08-19 17:00:17 +0100
committerColin Watson <cjwatson@debian.org>2015-08-19 17:40:32 +0100
commit927d0032b865f05679d3cc052bc13cb0e6490283 (patch)
tree69f782deb79182f26069ff41e9539f17e6e44912 /ChangeLog
parentd35c65e77ab6a6a95fefa2c852827ba08e507f0b (diff)
parent810eecd6b2e03770f21e46b5cb8ce8c7fcd46da8 (diff)
New upstream release (6.9p1).
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog2713
1 files changed, 1532 insertions, 1181 deletions
diff --git a/ChangeLog b/ChangeLog
index 092cc48ef..c63681f16 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,1535 @@
1commit 7de4b03a6e4071d454b72927ffaf52949fa34545
2Author: djm@openbsd.org <djm@openbsd.org>
3Date: Wed Jul 1 02:32:17 2015 +0000
4
5 upstream commit
6
7 twiddle; (this commit marks the openssh-6.9 release)
8
9 Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
10
11commit 1bf477d3cdf1a864646d59820878783d42357a1d
12Author: djm@openbsd.org <djm@openbsd.org>
13Date: Wed Jul 1 02:26:31 2015 +0000
14
15 upstream commit
16
17 better refuse ForwardX11Trusted=no connections attempted
18 after ForwardX11Timeout expires; reported by Jann Horn
19
20 Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
21
22commit 47aa7a0f8551b471fcae0447c1d78464f6dba869
23Author: djm@openbsd.org <djm@openbsd.org>
24Date: Wed Jul 1 01:56:13 2015 +0000
25
26 upstream commit
27
28 put back default PermitRootLogin=no
29
30 Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
31
32commit 984b064fe2a23733733262f88d2e1b2a1a501662
33Author: djm@openbsd.org <djm@openbsd.org>
34Date: Wed Jul 1 01:55:13 2015 +0000
35
36 upstream commit
37
38 openssh-6.9
39
40 Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
41
42commit d921082ed670f516652eeba50705e1e9f6325346
43Author: djm@openbsd.org <djm@openbsd.org>
44Date: Wed Jul 1 01:55:00 2015 +0000
45
46 upstream commit
47
48 reset default PermitRootLogin to 'yes' (momentarily, for
49 release)
50
51 Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
52
53commit 66295e0e1ba860e527f191b6325d2d77dec4dbce
54Author: Damien Miller <djm@mindrot.org>
55Date: Wed Jul 1 11:49:12 2015 +1000
56
57 crank version numbers for release
58
59commit 37035c07d4f26bb1fbe000d2acf78efdb008681d
60Author: Damien Miller <djm@mindrot.org>
61Date: Wed Jul 1 10:49:37 2015 +1000
62
63 s/--with-ssh1/--without-ssh1/
64
65commit 629df770dbadc2accfbe1c81b3f31f876d0acd84
66Author: djm@openbsd.org <djm@openbsd.org>
67Date: Tue Jun 30 05:25:07 2015 +0000
68
69 upstream commit
70
71 fatal() when a remote window update causes the window
72 value to overflow. Reported by Georg Wicherski, ok markus@
73
74 Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
75
76commit f715afebe735d61df3fd30ad72d9ac1c8bd3b5f2
77Author: djm@openbsd.org <djm@openbsd.org>
78Date: Tue Jun 30 05:23:25 2015 +0000
79
80 upstream commit
81
82 Fix math error in remote window calculations that causes
83 eventual stalls for datagram channels. Reported by Georg Wicherski, ok
84 markus@
85
86 Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
87
88commit 52fb6b9b034fcfd24bf88cc7be313e9c31de9889
89Author: Damien Miller <djm@mindrot.org>
90Date: Tue Jun 30 16:05:40 2015 +1000
91
92 skip IPv6-related portions on hosts without IPv6
93
94 with Tim Rice
95
96commit 512caddf590857af6aa12218461b5c0441028cf5
97Author: djm@openbsd.org <djm@openbsd.org>
98Date: Mon Jun 29 22:35:12 2015 +0000
99
100 upstream commit
101
102 add getpid to sandbox, reachable by grace_alarm_handler
103
104 reported by Jakub Jelen; bz#2419
105
106 Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
107
108commit 78c2a4f883ea9aba866358e2acd9793a7f42ca93
109Author: djm@openbsd.org <djm@openbsd.org>
110Date: Fri Jun 26 05:13:20 2015 +0000
111
112 upstream commit
113
114 Fix \-escaping bug that caused forward path parsing to skip
115 two characters and skip past the end of the string.
116
117 Based on patch by Salvador Fandino; ok dtucker@
118
119 Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
120
121commit bc20205c91c9920361d12b15d253d4997dba494a
122Author: Damien Miller <djm@mindrot.org>
123Date: Thu Jun 25 09:51:39 2015 +1000
124
125 add missing pselect6
126
127 patch from Jakub Jelen
128
129commit 9d27fb73b4a4e5e99cb880af790d5b1ce44f720a
130Author: djm@openbsd.org <djm@openbsd.org>
131Date: Wed Jun 24 23:47:23 2015 +0000
132
133 upstream commit
134
135 correct test to sshkey_sign(); spotted by Albert S.
136
137 Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
138
139commit 7ed01a96a1911d8b4a9ef4f3d064e1923bfad7e3
140Author: dtucker@openbsd.org <dtucker@openbsd.org>
141Date: Wed Jun 24 01:49:19 2015 +0000
142
143 upstream commit
144
145 Revert previous commit. We still want to call setgroups
146 in the case where there are zero groups to remove any that we might otherwise
147 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
148 to setgroups is always a static global it's always valid to dereference in
149 this case. ok deraadt@ djm@
150
151 Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
152
153commit 882f8bf94f79528caa65b0ba71c185d705bb7195
154Author: dtucker@openbsd.org <dtucker@openbsd.org>
155Date: Wed Jun 24 01:49:19 2015 +0000
156
157 upstream commit
158
159 Revert previous commit. We still want to call setgroups in
160 the case where there are zero groups to remove any that we might otherwise
161 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
162 to setgroups is always a static global it's always valid to dereference in
163 this case. ok deraadt@ djm@
164
165 Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
166
167commit 9488538a726951e82b3a4374f3c558d72c80a89b
168Author: djm@openbsd.org <djm@openbsd.org>
169Date: Mon Jun 22 23:42:16 2015 +0000
170
171 upstream commit
172
173 Don't count successful partial authentication as failures
174 in monitor; this may have caused the monitor to refuse multiple
175 authentications that would otherwise have successfully completed; ok markus@
176
177 Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3
178
179commit 63b78d003bd8ca111a736e6cea6333da50f5f09b
180Author: dtucker@openbsd.org <dtucker@openbsd.org>
181Date: Mon Jun 22 12:29:57 2015 +0000
182
183 upstream commit
184
185 Don't call setgroups if we have zero groups; there's no
186 guarantee that it won't try to deref the pointer. Based on a patch from mail
187 at quitesimple.org, ok djm deraadt
188
189 Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
190
191commit 5c15e22c691c79a47747bcf5490126656f97cecd
192Author: Damien Miller <djm@mindrot.org>
193Date: Thu Jun 18 15:07:56 2015 +1000
194
195 fix syntax error
196
197commit 596dbca82f3f567fb3d2d69af4b4e1d3ba1e6403
198Author: jsing@openbsd.org <jsing@openbsd.org>
199Date: Mon Jun 15 18:44:22 2015 +0000
200
201 upstream commit
202
203 If AuthorizedPrincipalsCommand is specified, however
204 AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
205 potentially fail due to key_cert_check_authority() failing to locate a
206 principal that matches the username, even though an authorized principal has
207 already been matched in the output of the subprocess. Fix this by using the
208 same logic to determine if pw->pw_name should be passed, as is used to
209 determine if a authorized principal must be matched earlier on.
210
211 ok djm@
212
213 Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
214
215commit aff3e94c0d75d0d0fa84ea392b50ab04f8c57905
216Author: jsing@openbsd.org <jsing@openbsd.org>
217Date: Mon Jun 15 18:42:19 2015 +0000
218
219 upstream commit
220
221 Make the arguments to match_principals_command() similar
222 to match_principals_file(), by changing the last argument a struct
223 sshkey_cert * and dereferencing key->cert in the caller.
224
225 No functional change.
226
227 ok djm@
228
229 Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
230
231commit 97e2e1596c202a4693468378b16b2353fd2d6c5e
232Author: Damien Miller <djm@mindrot.org>
233Date: Wed Jun 17 14:36:54 2015 +1000
234
235 trivial optimisation for seccomp-bpf
236
237 When doing arg inspection and the syscall doesn't match, skip
238 past the instruction that reloads the syscall into the accumulator,
239 since the accumulator hasn't been modified at this point.
240
241commit 99f33d7304893bd9fa04d227cb6e870171cded19
242Author: Damien Miller <djm@mindrot.org>
243Date: Wed Jun 17 10:50:51 2015 +1000
244
245 aarch64 support for seccomp-bpf sandbox
246
247 Also resort and tidy syscall list. Based on patches by Jakub Jelen
248 bz#2361; ok dtucker@
249
250commit 4ef702e1244633c1025ec7cfe044b9ab267097bf
251Author: djm@openbsd.org <djm@openbsd.org>
252Date: Mon Jun 15 01:32:50 2015 +0000
253
254 upstream commit
255
256 return failure on RSA signature error; reported by Albert S
257
258 Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa
259
260commit a170f22baf18af0b1acf2788b8b715605f41a1f9
261Author: Tim Rice <tim@multitalents.net>
262Date: Tue Jun 9 22:41:13 2015 -0700
263
264 Fix t12 rules for out of tree builds.
265
266commit ec04dc4a5515c913121bc04ed261857e68fa5c18
267Author: millert@openbsd.org <millert@openbsd.org>
268Date: Fri Jun 5 15:13:13 2015 +0000
269
270 upstream commit
271
272 For "ssh -L 12345:/tmp/sock" don't fail with "No forward host
273 name." (we have a path, not a host name). Based on a diff from Jared
274 Yanovich. OK djm@
275
276 Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
277
278commit 732d61f417a6aea0aa5308b59cb0f563bcd6edd6
279Author: djm@openbsd.org <djm@openbsd.org>
280Date: Fri Jun 5 03:44:14 2015 +0000
281
282 upstream commit
283
284 typo: accidental repetition; bz#2386
285
286 Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
287
288commit adfb24c69d1b6f5e758db200866c711e25a2ba73
289Author: Darren Tucker <dtucker@zip.com.au>
290Date: Fri Jun 5 14:51:40 2015 +1000
291
292 Add Linux powerpc64le and powerpcle entries.
293
294 Stopgap to resolve bz#2409 because we are so close to release and will
295 update config.guess and friends shortly after the release. ok djm@
296
297commit a1195a0fdc9eddddb04d3e9e44c4775431cb77da
298Merge: 6397eed d2480bc
299Author: Tim Rice <tim@multitalents.net>
300Date: Wed Jun 3 21:43:13 2015 -0700
301
302 Merge branch 'master' of git.mindrot.org:/var/git/openssh
303
304commit 6397eedf953b2b973d2d7cbb504ab501a07f8ddc
305Author: Tim Rice <tim@multitalents.net>
306Date: Wed Jun 3 21:41:11 2015 -0700
307
308 Remove unneeded backslashes. Patch from Ángel González
309
310commit d2480bcac1caf31b03068de877a47d6e1027bf6d
311Author: Darren Tucker <dtucker@zip.com.au>
312Date: Thu Jun 4 14:10:55 2015 +1000
313
314 Remove redundant include of stdarg.h. bz#2410
315
316commit 5e67859a623826ccdf2df284cbb37e2d8e2787eb
317Author: djm@openbsd.org <djm@openbsd.org>
318Date: Tue Jun 2 09:10:40 2015 +0000
319
320 upstream commit
321
322 mention CheckHostIP adding addresses to known_hosts;
323 bz#1993; ok dtucker@
324
325 Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
326
327commit d7a58bbac6583e33fd5eca8e2c2cc70c57617818
328Author: Darren Tucker <dtucker@zip.com.au>
329Date: Tue Jun 2 20:15:26 2015 +1000
330
331 Replace strcpy with strlcpy.
332
333 ok djm, sanity check by Corinna Vinschen.
334
335commit 51a1c2115265c6e80ede8a5c9dccada9aeed7143
336Author: Damien Miller <djm@mindrot.org>
337Date: Fri May 29 18:27:21 2015 +1000
338
339 skip, rather than fatal when run without SUDO set
340
341commit 599f01142a376645b15cbc9349d7e8975e1cf245
342Author: Damien Miller <djm@mindrot.org>
343Date: Fri May 29 18:03:15 2015 +1000
344
345 fix merge botch that left ",," in KEX algs
346
347commit 0c2a81dfc21822f2423edd30751e5ec53467b347
348Author: Damien Miller <djm@mindrot.org>
349Date: Fri May 29 17:08:28 2015 +1000
350
351 re-enable SSH protocol 1 at compile time
352
353commit db438f9285d64282d3ac9e8c0944f59f037c0151
354Author: djm@openbsd.org <djm@openbsd.org>
355Date: Fri May 29 03:05:13 2015 +0000
356
357 upstream commit
358
359 make this work without SUDO set; ok dtucker@
360
361 Upstream-Regress-ID: bca88217b70bce2fe52b23b8e06bdeb82d98c715
362
363commit 1d9a2e2849c9864fe75daabf433436341c968e14
364Author: djm@openbsd.org <djm@openbsd.org>
365Date: Thu May 28 07:37:31 2015 +0000
366
367 upstream commit
368
369 wrap all moduli-related code in #ifdef WITH_OPENSSL.
370 based on patch from Reuben Hawkins; bz#2388 feedback and ok dtucker@
371
372 Upstream-ID: d80cfc8be3e6ec65b3fac9e87c4466533b31b7cf
373
374commit 496aeb25bc2d6c434171292e4714771b594bd00e
375Author: dtucker@openbsd.org <dtucker@openbsd.org>
376Date: Thu May 28 05:41:29 2015 +0000
377
378 upstream commit
379
380 Increase the allowed length of the known host file name
381 in the log message to be consistent with other cases. Part of bz#1993, ok
382 deraadt.
383
384 Upstream-ID: a9e97567be49f25daf286721450968251ff78397
385
386commit dd2cfeb586c646ff8d70eb93567b2e559ace5b14
387Author: dtucker@openbsd.org <dtucker@openbsd.org>
388Date: Thu May 28 05:09:45 2015 +0000
389
390 upstream commit
391
392 Fix typo (keywork->keyword)
393
394 Upstream-ID: 8aacd0f4089c0a244cf43417f4f9045dfaeab534
395
396commit 9cc6842493fbf23025ccc1edab064869640d3bec
397Author: djm@openbsd.org <djm@openbsd.org>
398Date: Thu May 28 04:50:53 2015 +0000
399
400 upstream commit
401
402 add error message on ftruncate failure; bz#2176
403
404 Upstream-ID: cbcc606e0b748520c74a210d8f3cc9718d3148cf
405
406commit d1958793a0072c22be26d136dbda5ae263e717a0
407Author: djm@openbsd.org <djm@openbsd.org>
408Date: Thu May 28 04:40:13 2015 +0000
409
410 upstream commit
411
412 make ssh-keygen default to ed25519 keys when compiled
413 without OpenSSL; bz#2388, ok dtucker@
414
415 Upstream-ID: 85a471fa6d3fa57a7b8e882d22cfbfc1d84cdc71
416
417commit 3ecde664c9fc5fb3667aedf9e6671462600f6496
418Author: dtucker@openbsd.org <dtucker@openbsd.org>
419Date: Wed May 27 23:51:10 2015 +0000
420
421 upstream commit
422
423 Reorder client proposal to prefer
424 diffie-hellman-group-exchange-sha1 over diffie-hellman-group14-sha1. ok djm@
425
426 Upstream-ID: 552c08d47347c3ee1a9a57d88441ab50abe17058
427
428commit 40f64292b907afd0a674fdbf3e4c2356d17a7d68
429Author: dtucker@openbsd.org <dtucker@openbsd.org>
430Date: Wed May 27 23:39:18 2015 +0000
431
432 upstream commit
433
434 Add a stronger (4k bit) fallback group that sshd can use
435 when the moduli file is missing or broken, sourced from RFC3526. bz#2302, ok
436 markus@ (earlier version), djm@
437
438 Upstream-ID: b635215746a25a829d117673d5e5a76d4baee7f4
439
440commit 5ab7d5fa03ad55bc438fab45dfb3aeb30a3c237a
441Author: Darren Tucker <dtucker@zip.com.au>
442Date: Thu May 28 10:03:40 2015 +1000
443
444 New moduli file from OpenBSD, removing 1k groups.
445
446 Remove 1k bit groups. ok deraadt@, markus@
447
448commit a71ba58adf34e599f30cdda6e9b93ae6e3937eea
449Author: djm@openbsd.org <djm@openbsd.org>
450Date: Wed May 27 05:15:02 2015 +0000
451
452 upstream commit
453
454 support PKCS#11 devices with external PIN entry devices
455 bz#2240, based on patch from Dirk-Willem van Gulik; feedback and ok dtucker@
456
457 Upstream-ID: 504568992b55a8fc984375242b1bd505ced61b0d
458
459commit b282fec1aa05246ed3482270eb70fc3ec5f39a00
460Author: dtucker@openbsd.org <dtucker@openbsd.org>
461Date: Tue May 26 23:23:40 2015 +0000
462
463 upstream commit
464
465 Cap DH-GEX group size at 4kbits for Cisco implementations.
466 Some of them will choke when asked for preferred sizes >4k instead of
467 returning the 4k group that they do have. bz#2209, ok djm@
468
469 Upstream-ID: 54b863a19713446b7431f9d06ad0532b4fcfef8d
470
471commit 3e91b4e8b0dc2b4b7e7d42cf6e8994a32e4cb55e
472Author: djm@openbsd.org <djm@openbsd.org>
473Date: Sun May 24 23:39:16 2015 +0000
474
475 upstream commit
476
477 add missing 'c' option to getopt(), case statement was
478 already there; from Felix Bolte
479
480 Upstream-ID: 9b19b4e2e0b54d6fefa0dfac707c51cf4bae3081
481
482commit 64a89ec07660abba4d0da7c0095b7371c98bab62
483Author: jsg@openbsd.org <jsg@openbsd.org>
484Date: Sat May 23 14:28:37 2015 +0000
485
486 upstream commit
487
488 fix a memory leak in an error path ok markus@ dtucker@
489
490 Upstream-ID: bc1da0f205494944918533d8780fde65dff6c598
491
492commit f948737449257d2cb83ffcfe7275eb79b677fd4a
493Author: djm@openbsd.org <djm@openbsd.org>
494Date: Fri May 22 05:28:45 2015 +0000
495
496 upstream commit
497
498 mention ssh-keygen -E for comparing legacy MD5
499 fingerprints; bz#2332
500
501 Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
502
503commit 0882332616e4f0272c31cc47bf2018f9cb258a4e
504Author: djm@openbsd.org <djm@openbsd.org>
505Date: Fri May 22 04:45:52 2015 +0000
506
507 upstream commit
508
509 Reorder EscapeChar option parsing to avoid a single-byte
510 out- of-bounds read. bz#2396 from Jaak Ristioja; ok dtucker@
511
512 Upstream-ID: 1dc6b5b63d1c8d9a88619da0b27ade461d79b060
513
514commit d7c31da4d42c115843edee2074d7d501f8804420
515Author: djm@openbsd.org <djm@openbsd.org>
516Date: Fri May 22 03:50:02 2015 +0000
517
518 upstream commit
519
520 add knob to relax GSSAPI host credential check for
521 multihomed hosts bz#928, patch by Simon Wilkinson; ok dtucker
522 (kerberos/GSSAPI is not compiled by default on OpenBSD)
523
524 Upstream-ID: 15ddf1c6f7fd9d98eea9962f480079ae3637285d
525
526commit aa72196a00be6e0b666215edcffbc10af234cb0e
527Author: Darren Tucker <dtucker@zip.com.au>
528Date: Fri May 22 17:49:46 2015 +1000
529
530 Include signal.h for sig_atomic_t, used by kex.h.
531
532 bz#2402, from tomas.kuthan at oracle com.
533
534commit 8b02481143d75e91c49d1bfae0876ac1fbf9511a
535Author: Darren Tucker <dtucker@zip.com.au>
536Date: Fri May 22 12:47:24 2015 +1000
537
538 Import updated moduli file from OpenBSD.
539
540commit 4739e8d5e1c0be49624082bd9f6b077e9e758db9
541Author: djm@openbsd.org <djm@openbsd.org>
542Date: Thu May 21 12:01:19 2015 +0000
543
544 upstream commit
545
546 Support "ssh-keygen -lF hostname" to find search known_hosts
547 and print key hashes. Already advertised by ssh-keygen(1), but not delivered
548 by code; ok dtucker@
549
550 Upstream-ID: 459e0e2bf39825e41b0811c336db2d56a1c23387
551
552commit e97201feca10b5196da35819ae516d0b87cf3a50
553Author: Damien Miller <djm@mindrot.org>
554Date: Thu May 21 17:55:15 2015 +1000
555
556 conditionalise util.h inclusion
557
558commit 13640798c7dd011ece0a7d02841fe48e94cfa0e0
559Author: djm@openbsd.org <djm@openbsd.org>
560Date: Thu May 21 06:44:25 2015 +0000
561
562 upstream commit
563
564 regress test for AuthorizedPrincipalsCommand
565
566 Upstream-Regress-ID: c658fbf1ab6b6011dc83b73402322e396f1e1219
567
568commit 84452c5d03c21f9bfb28c234e0dc1dc67dd817b1
569Author: djm@openbsd.org <djm@openbsd.org>
570Date: Thu May 21 06:40:02 2015 +0000
571
572 upstream commit
573
574 regress test for AuthorizedKeysCommand arguments
575
576 Upstream-Regress-ID: bbd65c13c6b3be9a442ec115800bff9625898f12
577
578commit bcc50d816187fa9a03907ac1f3a52f04a52e10d1
579Author: djm@openbsd.org <djm@openbsd.org>
580Date: Thu May 21 06:43:30 2015 +0000
581
582 upstream commit
583
584 add AuthorizedPrincipalsCommand that allows getting
585 authorized_principals from a subprocess rather than a file, which is quite
586 useful in deployments with large userbases
587
588 feedback and ok markus@
589
590 Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
591
592commit 24232a3e5ab467678a86aa67968bbb915caffed4
593Author: djm@openbsd.org <djm@openbsd.org>
594Date: Thu May 21 06:38:35 2015 +0000
595
596 upstream commit
597
598 support arguments to AuthorizedKeysCommand
599
600 bz#2081 loosely based on patch by Sami Hartikainen
601 feedback and ok markus@
602
603 Upstream-ID: b080387a14aa67dddd8ece67c00f268d626541f7
604
605commit d80fbe41a57c72420c87a628444da16d09d66ca7
606Author: djm@openbsd.org <djm@openbsd.org>
607Date: Thu May 21 04:55:51 2015 +0000
608
609 upstream commit
610
611 refactor: split base64 encoding of pubkey into its own
612 sshkey_to_base64() function and out of sshkey_write(); ok markus@
613
614 Upstream-ID: 54fc38f5832e9b91028900819bda46c3959a0c1a
615
616commit 7cc44ef74133a473734bbcbd3484f24d6a7328c5
617Author: deraadt@openbsd.org <deraadt@openbsd.org>
618Date: Mon May 18 15:06:05 2015 +0000
619
620 upstream commit
621
622 getentropy() and sendsyslog() have been around long
623 enough. openssh-portable may want the #ifdef's but not base. discussed with
624 djm few weeks back
625
626 Upstream-ID: 0506a4334de108e3fb6c66f8d6e0f9c112866926
627
628commit 9173d0fbe44de7ebcad8a15618e13a8b8d78902e
629Author: dtucker@openbsd.org <dtucker@openbsd.org>
630Date: Fri May 15 05:44:21 2015 +0000
631
632 upstream commit
633
634 Use a salted hash of the lock passphrase instead of plain
635 text and do constant-time comparisons of it. Should prevent leaking any
636 information about it via timing, pointed out by Ryan Castellucci. Add a 0.1s
637 incrementing delay for each failed unlock attempt up to 10s. ok markus@
638 (earlier version), djm@
639
640 Upstream-ID: c599fcc325aa1cc65496b25220b622d22208c85f
641
642commit d028d5d3a697c71b21e4066d8672cacab3caa0a8
643Author: Damien Miller <djm@mindrot.org>
644Date: Tue May 5 19:10:58 2015 +1000
645
646 upstream commit
647
648 - tedu@cvs.openbsd.org 2015/01/12 03:20:04
649 [bcrypt_pbkdf.c]
650 rename blocks to words. bcrypt "blocks" are unrelated to blowfish blocks,
651 nor are they the same size.
652
653commit f6391d4e59b058984163ab28f4e317e7a72478f1
654Author: Damien Miller <djm@mindrot.org>
655Date: Tue May 5 19:10:23 2015 +1000
656
657 upstream commit
658
659 - deraadt@cvs.openbsd.org 2015/01/08 00:30:07
660 [bcrypt_pbkdf.c]
661 declare a local version of MIN(), call it MINIMUM()
662
663commit 8ac6b13cc9113eb47cd9e86c97d7b26b4b71b77f
664Author: Damien Miller <djm@mindrot.org>
665Date: Tue May 5 19:09:46 2015 +1000
666
667 upstream commit
668
669 - djm@cvs.openbsd.org 2014/12/30 01:41:43
670 [bcrypt_pbkdf.c]
671 typo in comment: ouput => output
672
673commit 1f792489d5cf86a4f4e3003e6e9177654033f0f2
674Author: djm@openbsd.org <djm@openbsd.org>
675Date: Mon May 4 06:10:48 2015 +0000
676
677 upstream commit
678
679 Remove pattern length argument from match_pattern_list(), we
680 only ever use it for strlen(pattern).
681
682 Prompted by hanno AT hboeck.de pointing an out-of-bound read
683 error caused by an incorrect pattern length found using AFL
684 and his own tools.
685
686 ok markus@
687
688commit 639d6bc57b1942393ed12fb48f00bc05d4e093e4
689Author: djm@openbsd.org <djm@openbsd.org>
690Date: Fri May 1 07:10:01 2015 +0000
691
692 upstream commit
693
694 refactor ssh_dispatch_run_fatal() to use sshpkt_fatal()
695 to better report error conditions. Teach sshpkt_fatal() about ECONNRESET.
696
697 Improves error messages on TCP connection resets. bz#2257
698
699 ok dtucker@
700
701commit 9559d7de34c572d4d3fd990ca211f8ec99f62c4d
702Author: djm@openbsd.org <djm@openbsd.org>
703Date: Fri May 1 07:08:08 2015 +0000
704
705 upstream commit
706
707 a couple of parse targets were missing activep checks,
708 causing them to be misapplied in match context; bz#2272 diagnosis and
709 original patch from Sami Hartikainen ok dtucker@
710
711commit 7e8528cad04b2775c3b7db08abf8fb42e47e6b2a
712Author: djm@openbsd.org <djm@openbsd.org>
713Date: Fri May 1 04:17:51 2015 +0000
714
715 upstream commit
716
717 make handling of AuthorizedPrincipalsFile=none more
718 consistent with other =none options; bz#2288 from Jakub Jelen; ok dtucker@
719
720commit ca430d4d9cc0f62eca3b1fb1e2928395b7ce80f7
721Author: djm@openbsd.org <djm@openbsd.org>
722Date: Fri May 1 04:03:20 2015 +0000
723
724 upstream commit
725
726 remove failed remote forwards established by muliplexing
727 from the list of active forwards; bz#2363, patch mostly by Yoann Ricordel; ok
728 dtucker@
729
730commit 8312cfb8ad88657517b3e23ac8c56c8e38eb9792
731Author: djm@openbsd.org <djm@openbsd.org>
732Date: Fri May 1 04:01:58 2015 +0000
733
734 upstream commit
735
736 reduce stderr spam when using ssh -S /path/mux -O forward
737 -R 0:... ok dtucker@
738
739commit 179be0f5e62f1f492462571944e45a3da660d82b
740Author: djm@openbsd.org <djm@openbsd.org>
741Date: Fri May 1 03:23:51 2015 +0000
742
743 upstream commit
744
745 prevent authorized_keys options picked up on public key
746 tests without a corresponding private key authentication being applied to
747 other authentication methods. Reported by halex@, ok markus@
748
749commit a42d67be65b719a430b7fcaba2a4e4118382723a
750Author: djm@openbsd.org <djm@openbsd.org>
751Date: Fri May 1 03:20:54 2015 +0000
752
753 upstream commit
754
755 Don't make parsing of authorized_keys' environment=
756 option conditional on PermitUserEnv - always parse it, but only use the
757 result if the option is enabled. This prevents the syntax of authorized_keys
758 changing depending on which sshd_config options were enabled.
759
760 bz#2329; based on patch from coladict AT gmail.com, ok dtucker@
761
762commit e661a86353e11592c7ed6a847e19a83609f49e77
763Author: djm@openbsd.org <djm@openbsd.org>
764Date: Mon May 4 06:10:48 2015 +0000
765
766 upstream commit
767
768 Remove pattern length argument from match_pattern_list(), we
769 only ever use it for strlen(pattern).
770
771 Prompted by hanno AT hboeck.de pointing an out-of-bound read
772 error caused by an incorrect pattern length found using AFL
773 and his own tools.
774
775 ok markus@
776
777commit 0ef1de742be2ee4b10381193fe90730925b7f027
778Author: dtucker@openbsd.org <dtucker@openbsd.org>
779Date: Thu Apr 23 05:01:19 2015 +0000
780
781 upstream commit
782
783 Add a simple regression test for sshd's configuration
784 parser. Right now, all it does is run the output of sshd -T back through
785 itself and ensure the output is valid and invariant.
786
787commit 368f83c793275faa2c52f60eaa9bdac155c4254b
788Author: djm@openbsd.org <djm@openbsd.org>
789Date: Wed Apr 22 01:38:36 2015 +0000
790
791 upstream commit
792
793 use correct key for nested certificate test
794
795commit 8d4d1bfddbbd7d21f545dc6997081d1ea1fbc99a
796Author: djm@openbsd.org <djm@openbsd.org>
797Date: Fri May 1 07:11:47 2015 +0000
798
799 upstream commit
800
801 mention that the user's shell from /etc/passwd is used
802 for commands too; bz#1459 ok dtucker@
803
804commit 5ab283d0016bbc9d4d71e8e5284d011bc5a930cf
805Author: djm@openbsd.org <djm@openbsd.org>
806Date: Fri May 8 07:29:00 2015 +0000
807
808 upstream commit
809
810 whitespace
811
812 Upstream-Regress-ID: 6b708a3e709d5b7fd37890f874bafdff1f597519
813
814commit 8377d5008ad260048192e1e56ad7d15a56d103dd
815Author: djm@openbsd.org <djm@openbsd.org>
816Date: Fri May 8 07:26:13 2015 +0000
817
818 upstream commit
819
820 whitespace at EOL
821
822 Upstream-Regress-ID: 9c48911643d5b05173b36a012041bed4080b8554
823
824commit c28a3436fa8737709ea88e4437f8f23a6ab50359
825Author: djm@openbsd.org <djm@openbsd.org>
826Date: Fri May 8 06:45:13 2015 +0000
827
828 upstream commit
829
830 moar whitespace at eol
831
832 Upstream-ID: 64eaf872a3ba52ed41e494287e80d40aaba4b515
833
834commit 2b64c490468fd4ca35ac8d5cc31c0520dc1508bb
835Author: djm@openbsd.org <djm@openbsd.org>
836Date: Fri May 8 06:41:56 2015 +0000
837
838 upstream commit
839
840 whitespace at EOL
841
842 Upstream-ID: 57bcf67d666c6fc1ad798aee448fdc3f70f7ec2c
843
844commit 4e636cf201ce6e7e3b9088568218f9d4e2c51712
845Author: djm@openbsd.org <djm@openbsd.org>
846Date: Fri May 8 03:56:51 2015 +0000
847
848 upstream commit
849
850 whitespace at EOL
851
852commit 38b8272f823dc1dd4e29dbcee83943ed48bb12fa
853Author: dtucker@openbsd.org <dtucker@openbsd.org>
854Date: Mon May 4 01:47:53 2015 +0000
855
856 upstream commit
857
858 Use diff w/out -u for better portability
859
860commit 297060f42d5189a4065ea1b6f0afdf6371fb0507
861Author: dtucker@openbsd.org <dtucker@openbsd.org>
862Date: Fri May 8 03:25:07 2015 +0000
863
864 upstream commit
865
866 Use xcalloc for permitted_adm_opens instead of xmalloc to
867 ensure it's zeroed. Fixes post-auth crash with permitopen=none. bz#2355, ok
868 djm@
869
870commit 63ebf019be863b2d90492a85e248cf55a6e87403
871Author: djm@openbsd.org <djm@openbsd.org>
872Date: Fri May 8 03:17:49 2015 +0000
873
874 upstream commit
875
876 don't choke on new-format private keys encrypted with an
877 AEAD cipher; bz#2366, patch from Ron Frederick; ok markus@
878
879commit f8484dac678ab3098ae522a5f03bb2530f822987
880Author: dtucker@openbsd.org <dtucker@openbsd.org>
881Date: Wed May 6 05:45:17 2015 +0000
882
883 upstream commit
884
885 Clarify pseudo-terminal request behaviour and use
886 "pseudo-terminal" consistently. bz#1716, ok jmc@ "I like it" deraadt@.
887
888commit ea139507bef8bad26e86ed99a42c7233ad115c38
889Author: dtucker@openbsd.org <dtucker@openbsd.org>
890Date: Wed May 6 04:07:18 2015 +0000
891
892 upstream commit
893
894 Blacklist DH-GEX for specific PuTTY versions known to
895 send non-RFC4419 DH-GEX messages rather than all versions of PuTTY.
896 According to Simon Tatham, 0.65 and newer versions will send RFC4419 DH-GEX
897 messages. ok djm@
898
899commit b58234f00ee3872eb84f6e9e572a9a34e902e36e
900Author: dtucker@openbsd.org <dtucker@openbsd.org>
901Date: Tue May 5 10:17:49 2015 +0000
902
903 upstream commit
904
905 WinSCP doesn't implement RFC4419 DH-GEX so flag it so we
906 don't offer that KEX method. ok markus@
907
908commit d5b1507a207253b39e810e91e68f9598691b7a29
909Author: jsg@openbsd.org <jsg@openbsd.org>
910Date: Tue May 5 02:48:17 2015 +0000
911
912 upstream commit
913
914 use the sizeof the struct not the sizeof a pointer to the
915 struct in ssh_digest_start()
916
917 This file is only used if ssh is built with OPENSSL=no
918
919 ok markus@
920
921commit a647b9b8e616c231594b2710c925d31b1b8afea3
922Author: Darren Tucker <dtucker@zip.com.au>
923Date: Fri May 8 11:07:27 2015 +1000
924
925 Put brackets around mblen() compat constant.
926
927 This might help with the reported problem cross compiling for Android
928 ("error: expected identifier or '(' before numeric constant") but
929 shouldn't hurt in any case.
930
931commit d1680d36e17244d9af3843aeb5025cb8e40d6c07
932Author: Darren Tucker <dtucker@zip.com.au>
933Date: Thu Apr 30 09:18:11 2015 +1000
934
935 xrealloc -> xreallocarray in portable code too.
936
937commit 531a57a3893f9fcd4aaaba8c312b612bbbcc021e
938Author: dtucker@openbsd.org <dtucker@openbsd.org>
939Date: Wed Apr 29 03:48:56 2015 +0000
940
941 upstream commit
942
943 Allow ListenAddress, Port and AddressFamily in any
944 order. bz#68, ok djm@, jmc@ (for the man page bit).
945
946commit c1d5bcf1aaf1209af02f79e48ba1cbc76a87b56f
947Author: jmc@openbsd.org <jmc@openbsd.org>
948Date: Tue Apr 28 13:47:38 2015 +0000
949
950 upstream commit
951
952 enviroment -> environment: apologies to darren for not
953 spotting that first time round...
954
955commit 43beea053db191cac47c2cd8d3dc1930158aff1a
956Author: dtucker@openbsd.org <dtucker@openbsd.org>
957Date: Tue Apr 28 10:25:15 2015 +0000
958
959 upstream commit
960
961 Fix typo in previous
962
963commit 85b96ef41374f3ddc9139581f87da09b2cd9199e
964Author: dtucker@openbsd.org <dtucker@openbsd.org>
965Date: Tue Apr 28 10:17:58 2015 +0000
966
967 upstream commit
968
969 Document that the TERM environment variable is not
970 subject to SendEnv and AcceptEnv. bz#2386, based loosely on a patch from
971 jjelen at redhat, help and ok jmc@
972
973commit 88a7c598a94ff53f76df228eeaae238d2d467565
974Author: djm@openbsd.org <djm@openbsd.org>
975Date: Mon Apr 27 21:42:48 2015 +0000
976
977 upstream commit
978
979 Make sshd default to PermitRootLogin=no; ok deraadt@
980 rpe@
981
982commit 734226b4480a6c736096c729fcf6f391400599c7
983Author: djm@openbsd.org <djm@openbsd.org>
984Date: Mon Apr 27 01:52:30 2015 +0000
985
986 upstream commit
987
988 fix compilation with OPENSSL=no; ok dtucker@
989
990commit a4b9d2ce1eb7703eaf0809b0c8a82ded8aa4f1c6
991Author: dtucker@openbsd.org <dtucker@openbsd.org>
992Date: Mon Apr 27 00:37:53 2015 +0000
993
994 upstream commit
995
996 Include stdio.h for FILE (used in sshkey.h) so it
997 compiles with OPENSSL=no.
998
999commit dbcc652f4ca11fe04e5930c7ef18a219318c6cda
1000Author: djm@openbsd.org <djm@openbsd.org>
1001Date: Mon Apr 27 00:21:21 2015 +0000
1002
1003 upstream commit
1004
1005 allow "sshd -f none" to skip reading the config file,
1006 much like "ssh -F none" does. ok dtucker
1007
1008commit b7ca276fca316c952f0b90f5adb1448c8481eedc
1009Author: jmc@openbsd.org <jmc@openbsd.org>
1010Date: Fri Apr 24 06:26:49 2015 +0000
1011
1012 upstream commit
1013
1014 combine -Dd onto one line and update usage();
1015
1016commit 2ea974630d7017e4c7666d14d9dc939707613e96
1017Author: djm@openbsd.org <djm@openbsd.org>
1018Date: Fri Apr 24 05:26:44 2015 +0000
1019
1020 upstream commit
1021
1022 add ssh-agent -D to leave ssh-agent in foreground
1023 without enabling debug mode; bz#2381 ok dtucker@
1024
1025commit 8ac2ffd7aa06042f6b924c87139f2fea5c5682f7
1026Author: deraadt@openbsd.org <deraadt@openbsd.org>
1027Date: Fri Apr 24 01:36:24 2015 +0000
1028
1029 upstream commit
1030
1031 2*len -> use xreallocarray() ok djm
1032
1033commit 657a5fbc0d0aff309079ff8fb386f17e964963c2
1034Author: deraadt@openbsd.org <deraadt@openbsd.org>
1035Date: Fri Apr 24 01:36:00 2015 +0000
1036
1037 upstream commit
1038
1039 rename xrealloc() to xreallocarray() since it follows
1040 that form. ok djm
1041
1042commit 1108ae242fdd2c304307b68ddf46aebe43ebffaa
1043Author: dtucker@openbsd.org <dtucker@openbsd.org>
1044Date: Thu Apr 23 04:59:10 2015 +0000
1045
1046 upstream commit
1047
1048 Two small fixes for sshd -T: ListenAddress'es are added
1049 to a list head so reverse the order when printing them to ensure the
1050 behaviour remains the same, and print StreamLocalBindMask as octal with
1051 leading zero. ok deraadt@
1052
1053commit bd902b8473e1168f19378d5d0ae68d0c203525df
1054Author: dtucker@openbsd.org <dtucker@openbsd.org>
1055Date: Thu Apr 23 04:53:53 2015 +0000
1056
1057 upstream commit
1058
1059 Check for and reject missing arguments for
1060 VersionAddendum and ForceCommand. bz#2281, patch from plautrba at redhat com,
1061 ok djm@
1062
1063commit ca42c1758575e592239de1d5755140e054b91a0d
1064Author: djm@openbsd.org <djm@openbsd.org>
1065Date: Wed Apr 22 01:24:01 2015 +0000
1066
1067 upstream commit
1068
1069 unknown certificate extensions are non-fatal, so don't
1070 fatal when they are encountered; bz#2387 reported by Bob Van Zant; ok
1071 dtucker@
1072
1073commit 39bfbf7caad231cc4bda6909fb1af0705bca04d8
1074Author: jsg@openbsd.org <jsg@openbsd.org>
1075Date: Tue Apr 21 07:01:00 2015 +0000
1076
1077 upstream commit
1078
1079 Add back a backslash removed in rev 1.42 so
1080 KEX_SERVER_ENCRYPT will include aes again.
1081
1082 ok deraadt@
1083
1084commit 6b0d576bb87eca3efd2b309fcfe4edfefc289f9c
1085Author: djm@openbsd.org <djm@openbsd.org>
1086Date: Fri Apr 17 13:32:09 2015 +0000
1087
1088 upstream commit
1089
1090 s/recommended/required/ that private keys be og-r this
1091 wording change was made a while ago but got accidentally reverted
1092
1093commit 44a8e7ce6f3ab4c2eb1ae49115c210b98e53c4df
1094Author: djm@openbsd.org <djm@openbsd.org>
1095Date: Fri Apr 17 13:25:52 2015 +0000
1096
1097 upstream commit
1098
1099 don't try to cleanup NULL KEX proposals in
1100 kex_prop_free(); found by Jukka Taimisto and Markus Hietava
1101
1102commit 3038a191872d2882052306098c1810d14835e704
1103Author: djm@openbsd.org <djm@openbsd.org>
1104Date: Fri Apr 17 13:19:22 2015 +0000
1105
1106 upstream commit
1107
1108 use error/logit/fatal instead of fprintf(stderr, ...)
1109 and exit(0), fix a few errors that were being printed to stdout instead of
1110 stderr and a few non-errors that were going to stderr instead of stdout
1111 bz#2325; ok dtucker
1112
1113commit a58be33cb6cd24441fa7e634db0e5babdd56f07f
1114Author: djm@openbsd.org <djm@openbsd.org>
1115Date: Fri Apr 17 13:16:48 2015 +0000
1116
1117 upstream commit
1118
1119 debug log missing DISPLAY environment when X11
1120 forwarding requested; bz#1682 ok dtucker@
1121
1122commit 17d4d9d9fbc8fb80e322f94d95eecc604588a474
1123Author: djm@openbsd.org <djm@openbsd.org>
1124Date: Fri Apr 17 04:32:31 2015 +0000
1125
1126 upstream commit
1127
1128 don't call record_login() in monitor when UseLogin is
1129 enabled; bz#278 reported by drk AT sgi.com; ok dtucker
1130
1131commit 40132ff87b6cbc3dc05fb5df2e9d8e3afa06aafd
1132Author: dtucker@openbsd.org <dtucker@openbsd.org>
1133Date: Fri Apr 17 04:12:35 2015 +0000
1134
1135 upstream commit
1136
1137 Add some missing options to sshd -T and fix the output
1138 of VersionAddendum HostCertificate. bz#2346, patch from jjelen at redhat
1139 com, ok djm.
1140
1141commit 6cc7cfa936afde2d829e56ee6528c7ea47a42441
1142Author: dtucker@openbsd.org <dtucker@openbsd.org>
1143Date: Thu Apr 16 23:25:50 2015 +0000
1144
1145 upstream commit
1146
1147 Document "none" for PidFile XAuthLocation
1148 TrustedUserCAKeys and RevokedKeys. bz#2382, feedback from jmc@, ok djm@
1149
1150commit 15fdfc9b1c6808b26bc54d4d61a38b54541763ed
1151Author: dtucker@openbsd.org <dtucker@openbsd.org>
1152Date: Wed Apr 15 23:23:25 2015 +0000
1153
1154 upstream commit
1155
1156 Plug leak of address passed to logging. bz#2373, patch
1157 from jjelen at redhat, ok markus@
1158
1159commit bb2289e2a47d465eaaaeff3dee2a6b7777b4c291
1160Author: dtucker@openbsd.org <dtucker@openbsd.org>
1161Date: Tue Apr 14 04:17:03 2015 +0000
1162
1163 upstream commit
1164
1165 Output remote username in debug output since with Host
1166 and Match it's not always obvious what it will be. bz#2368, ok djm@
1167
1168commit 70860b6d07461906730632f9758ff1b7c98c695a
1169Author: Darren Tucker <dtucker@zip.com.au>
1170Date: Fri Apr 17 10:56:13 2015 +1000
1171
1172 Format UsePAM setting when using sshd -T.
1173
1174 Part of bz#2346, patch from jjelen at redhat com.
1175
1176commit ee15d9c9f0720f5a8b0b34e4b10ecf21f9824814
1177Author: Darren Tucker <dtucker@zip.com.au>
1178Date: Fri Apr 17 10:40:23 2015 +1000
1179
1180 Wrap endian.h include inside ifdef (bz#2370).
1181
1182commit 408f4c2ad4a4c41baa7b9b2b7423d875abbfa70b
1183Author: Darren Tucker <dtucker@zip.com.au>
1184Date: Fri Apr 17 09:39:58 2015 +1000
1185
1186 Look for '${host}-ar' before 'ar'.
1187
1188 This changes configure.ac to look for '${host}-ar' as set by
1189 AC_CANONICAL_HOST before looking for the unprefixed 'ar'.
1190 Useful when cross-compiling when all your binutils are prefixed.
1191
1192 Patch from moben at exherbo org via astrand at lysator liu se and
1193 bz#2352.
1194
1195commit 673a1c16ad078d41558247ce739fe812c960acc8
1196Author: Damien Miller <djm@google.com>
1197Date: Thu Apr 16 11:40:20 2015 +1000
1198
1199 remove dependency on arpa/telnet.h
1200
1201commit 202d443eeda1829d336595a3cfc07827e49f45ed
1202Author: Darren Tucker <dtucker@zip.com.au>
1203Date: Wed Apr 15 15:59:49 2015 +1000
1204
1205 Remove duplicate include of pwd.h. bz#2337, patch from Mordy Ovits.
1206
1207commit 597986493412c499f2bc2209420cb195f97b3668
1208Author: Damien Miller <djm@google.com>
1209Date: Thu Apr 9 10:14:48 2015 +1000
1210
1211 platform's with openpty don't need pty_release
1212
1213commit 318be28cda1fd9108f2e6f2f86b0b7589ba2aed0
1214Author: djm@openbsd.org <djm@openbsd.org>
1215Date: Mon Apr 13 02:04:08 2015 +0000
1216
1217 upstream commit
1218
1219 deprecate ancient, pre-RFC4419 and undocumented
1220 SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message; ok markus@ deraadt@ "seems
1221 reasonable" dtucker@
1222
1223commit d8f391caef62378463a0e6b36f940170dadfe605
1224Author: dtucker@openbsd.org <dtucker@openbsd.org>
1225Date: Fri Apr 10 05:16:50 2015 +0000
1226
1227 upstream commit
1228
1229 Don't send hostkey advertisments
1230 (hostkeys-00@openssh.com) to current versions of Tera Term as they can't
1231 handle them. Newer versions should be OK. Patch from Bryan Drewery and
1232 IWAMOTO Kouichi, ok djm@
1233
1234commit 2c2cfe1a1c97eb9a08cc9817fd0678209680c636
1235Author: djm@openbsd.org <djm@openbsd.org>
1236Date: Fri Apr 10 00:08:55 2015 +0000
1237
1238 upstream commit
1239
1240 include port number if a non-default one has been
1241 specified; based on patch from Michael Handler
1242
1243commit 4492a4f222da4cf1e8eab12689196322e27b08c4
1244Author: djm@openbsd.org <djm@openbsd.org>
1245Date: Tue Apr 7 23:00:42 2015 +0000
1246
1247 upstream commit
1248
1249 treat Protocol=1,2|2,1 as Protocol=2 when compiled
1250 without SSH1 support; ok dtucker@ millert@
1251
1252commit c265e2e6e932efc6d86f6cc885dea33637a67564
1253Author: miod@openbsd.org <miod@openbsd.org>
1254Date: Sun Apr 5 15:43:43 2015 +0000
1255
1256 upstream commit
1257
1258 Do not use int for sig_atomic_t; spotted by
1259 christos@netbsd; ok markus@
1260
1261commit e7bf3a5eda6a1b02bef6096fed78527ee11e54cc
1262Author: Darren Tucker <dtucker@zip.com.au>
1263Date: Tue Apr 7 10:48:04 2015 +1000
1264
1265 Use do{}while(0) for no-op functions.
1266
1267 From FreeBSD.
1268
1269commit bb99844abae2b6447272f79e7fa84134802eb4df
1270Author: Darren Tucker <dtucker@zip.com.au>
1271Date: Tue Apr 7 10:47:15 2015 +1000
1272
1273 Wrap blf.h include in ifdef. From FreeBSD.
1274
1275commit d9b9b43656091cf0ad55c122f08fadb07dad0abd
1276Author: Darren Tucker <dtucker@zip.com.au>
1277Date: Tue Apr 7 09:10:00 2015 +1000
1278
1279 Fix misspellings of regress CONFOPTS env variables.
1280
1281 Patch from Bryan Drewery.
1282
1283commit 3f4ea3c9ab1d32d43c9222c4351f58ca11144156
1284Author: djm@openbsd.org <djm@openbsd.org>
1285Date: Fri Apr 3 22:17:27 2015 +0000
1286
1287 upstream commit
1288
1289 correct return value in pubkey parsing, spotted by Ben Hawkes
1290 ok markus@
1291
1292commit 7da2be0cb9601ed25460c83aa4d44052b967ba0f
1293Author: djm@openbsd.org <djm@openbsd.org>
1294Date: Tue Mar 31 22:59:01 2015 +0000
1295
1296 upstream commit
1297
1298 adapt to recent hostfile.c change: when parsing
1299 known_hosts without fully parsing the keys therein, hostkeys_foreach() will
1300 now correctly identify KEY_RSA1 keys; ok markus@ miod@
1301
1302commit 9e1777a0d1c706714b055811c12ab8cc21033e4a
1303Author: markus@openbsd.org <markus@openbsd.org>
1304Date: Tue Mar 24 20:19:15 2015 +0000
1305
1306 upstream commit
1307
1308 use ${SSH} for -Q instead of installed ssh
1309
1310commit ce1b358ea414a2cc88e4430cd5a2ea7fecd9de57
1311Author: djm@openbsd.org <djm@openbsd.org>
1312Date: Mon Mar 16 22:46:14 2015 +0000
1313
1314 upstream commit
1315
1316 make CLEANFILES clean up more of the tests' droppings
1317
1318commit 398f9ef192d820b67beba01ec234d66faca65775
1319Author: djm@openbsd.org <djm@openbsd.org>
1320Date: Tue Mar 31 22:57:06 2015 +0000
1321
1322 upstream commit
1323
1324 downgrade error() for known_hosts parse errors to debug()
1325 to quiet warnings from ssh1 keys present when compiled !ssh1.
1326
1327 also identify ssh1 keys when scanning, even when compiled !ssh1
1328
1329 ok markus@ miod@
1330
1331commit 9a47ab80030a31f2d122b8fd95bd48c408b9fcd9
1332Author: djm@openbsd.org <djm@openbsd.org>
1333Date: Tue Mar 31 22:55:50 2015 +0000
1334
1335 upstream commit
1336
1337 fd leak for !ssh1 case; found by unittests; ok markus@
1338
1339commit c9a0805a6280681901c270755a7cd630d7c5280e
1340Author: djm@openbsd.org <djm@openbsd.org>
1341Date: Tue Mar 31 22:55:24 2015 +0000
1342
1343 upstream commit
1344
1345 don't fatal when a !ssh1 sshd is reexeced from a w/ssh1
1346 listener; reported by miod@; ok miod@ markus@
1347
1348commit 704d8c88988cae38fb755a6243b119731d223222
1349Author: tobias@openbsd.org <tobias@openbsd.org>
1350Date: Tue Mar 31 11:06:49 2015 +0000
1351
1352 upstream commit
1353
1354 Comments are only supported for RSA1 keys. If a user
1355 tried to add one and entered his passphrase, explicitly clear it before exit.
1356 This is done in all other error paths, too.
1357
1358 ok djm
1359
1360commit 78de1673c05ea2c33e0d4a4b64ecb5186b6ea2e9
1361Author: jmc@openbsd.org <jmc@openbsd.org>
1362Date: Mon Mar 30 18:28:37 2015 +0000
1363
1364 upstream commit
1365
1366 ssh-askpass(1) is the default, overridden by SSH_ASKPASS;
1367 diff originally from jiri b;
1368
1369commit 26e0bcf766fadb4a44fb6199386fb1dcab65ad00
1370Author: djm@openbsd.org <djm@openbsd.org>
1371Date: Mon Mar 30 00:00:29 2015 +0000
1372
1373 upstream commit
1374
1375 fix uninitialised memory read when parsing a config file
1376 consisting of a single nul byte. Found by hanno AT hboeck.de using AFL; ok
1377 dtucker
1378
1379commit fecede00a76fbb33a349f5121c0b2f9fbc04a777
1380Author: markus@openbsd.org <markus@openbsd.org>
1381Date: Thu Mar 26 19:32:19 2015 +0000
1382
1383 upstream commit
1384
1385 sigp and lenp are not optional in ssh_agent_sign(); ok
1386 djm@
1387
1388commit 1b0ef3813244c78669e6d4d54c624f600945327d
1389Author: naddy@openbsd.org <naddy@openbsd.org>
1390Date: Thu Mar 26 12:32:38 2015 +0000
1391
1392 upstream commit
1393
1394 don't try to load .ssh/identity by default if SSH1 is
1395 disabled; ok markus@
1396
1397commit f9b78852379b74a2d14e6fc94fe52af30b7e9c31
1398Author: djm@openbsd.org <djm@openbsd.org>
1399Date: Thu Mar 26 07:00:04 2015 +0000
1400
1401 upstream commit
1402
1403 ban all-zero curve25519 keys as recommended by latest
1404 CFRG curves draft; ok markus
1405
1406commit b8afbe2c1aaf573565e4da775261dfafc8b1ba9c
1407Author: djm@openbsd.org <djm@openbsd.org>
1408Date: Thu Mar 26 06:59:28 2015 +0000
1409
1410 upstream commit
1411
1412 relax bits needed check to allow
1413 diffie-hellman-group1-sha1 key exchange to complete for chacha20-poly1305 was
1414 selected as symmetric cipher; ok markus
1415
1416commit 47842f71e31da130555353c1d57a1e5a8937f1c0
1417Author: markus@openbsd.org <markus@openbsd.org>
1418Date: Wed Mar 25 19:29:58 2015 +0000
1419
1420 upstream commit
1421
1422 ignore v1 errors on ssh-add -D; only try v2 keys on
1423 -l/-L (unless WITH_SSH1) ok djm@
1424
1425commit 5f57e77f91bf2230c09eca96eb5ecec39e5f2da6
1426Author: markus@openbsd.org <markus@openbsd.org>
1427Date: Wed Mar 25 19:21:48 2015 +0000
1428
1429 upstream commit
1430
1431 unbreak ssh_agent_sign (lenp vs *lenp)
1432
1433commit 4daeb67181054f2a377677fac919ee8f9ed3490e
1434Author: markus@openbsd.org <markus@openbsd.org>
1435Date: Tue Mar 24 20:10:08 2015 +0000
1436
1437 upstream commit
1438
1439 don't leak 'setp' on error; noted by Nicholas Lemonias;
1440 ok djm@
1441
1442commit 7d4f96f9de2a18af0d9fa75ea89a4990de0344f5
1443Author: markus@openbsd.org <markus@openbsd.org>
1444Date: Tue Mar 24 20:09:11 2015 +0000
1445
1446 upstream commit
1447
1448 consistent check for NULL as noted by Nicholas
1449 Lemonias; ok djm@
1450
1451commit df100be51354e447d9345cf1ec22e6013c0eed50
1452Author: markus@openbsd.org <markus@openbsd.org>
1453Date: Tue Mar 24 20:03:44 2015 +0000
1454
1455 upstream commit
1456
1457 correct fmt-string for size_t as noted by Nicholas
1458 Lemonias; ok djm@
1459
1460commit a22b9ef21285e81775732436f7c84a27bd3f71e0
1461Author: djm@openbsd.org <djm@openbsd.org>
1462Date: Tue Mar 24 09:17:21 2015 +0000
1463
1464 upstream commit
1465
1466 promote chacha20-poly1305@openssh.com to be the default
1467 cipher; ok markus
1468
1469commit 2aa9da1a3b360cf7b13e96fe1521534b91501fb5
1470Author: djm@openbsd.org <djm@openbsd.org>
1471Date: Tue Mar 24 01:29:19 2015 +0000
1472
1473 upstream commit
1474
1475 Compile-time disable SSH protocol 1. You can turn it
1476 back on using the Makefile.inc knob if you need it to talk to ancient
1477 devices.
1478
1479commit 53097b2022154edf96b4e8526af5666f979503f7
1480Author: djm@openbsd.org <djm@openbsd.org>
1481Date: Tue Mar 24 01:11:12 2015 +0000
1482
1483 upstream commit
1484
1485 fix double-negative error message "ssh1 is not
1486 unsupported"
1487
1488commit 5c27e3b6ec2db711dfcd40e6359c0bcdd0b62ea9
1489Author: djm@openbsd.org <djm@openbsd.org>
1490Date: Mon Mar 23 06:06:38 2015 +0000
1491
1492 upstream commit
1493
1494 for ssh-keygen -A, don't try (and fail) to generate ssh
1495 v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
1496 without OpenSSL based on patch by Mike Frysinger; bz#2369
1497
1498commit 725fd22a8c41db7de73a638539a5157b7e4424ae
1499Author: djm@openbsd.org <djm@openbsd.org>
1500Date: Wed Mar 18 01:44:21 2015 +0000
1501
1502 upstream commit
1503
1504 KRL support doesn't need OpenSSL anymore, remove #ifdefs
1505 from around call
1506
1507commit b07011c18e0b2e172c5fd09d21fb159a0bf5fcc7
1508Author: djm@openbsd.org <djm@openbsd.org>
1509Date: Mon Mar 16 11:09:52 2015 +0000
1510
1511 upstream commit
1512
1513 #if 0 some more arrays used only for decrypting (we don't
1514 use since we only need encrypt for AES-CTR)
1515
1516commit 1cb3016635898d287e9d58b50c430995652d5358
1517Author: jsg@openbsd.org <jsg@openbsd.org>
1518Date: Wed Mar 11 00:48:39 2015 +0000
1519
1520 upstream commit
1521
1522 add back the changes from rev 1.206, djm reverted this by
1523 mistake in rev 1.207
1524
1525commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697
1526Author: Damien Miller <djm@mindrot.org>
1527Date: Fri Mar 20 09:11:59 2015 +1100
1528
1529 remove error() accidentally inserted for debugging
1530
1531 pointed out by Christian Hesse
1532
1commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb 1533commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb
2Author: Tim Rice <tim@multitalents.net> 1534Author: Tim Rice <tim@multitalents.net>
3Date: Mon Mar 16 22:49:20 2015 -0700 1535Date: Mon Mar 16 22:49:20 2015 -0700
@@ -7401,1184 +8933,3 @@ Date: Tue Jul 2 20:06:46 2013 +1000
7401 the Cygwin README file (which hasn't been updated for ages), drop 8933 the Cygwin README file (which hasn't been updated for ages), drop
7402 unsupported OSes from the ssh-host-config help text, and drop an 8934 unsupported OSes from the ssh-host-config help text, and drop an
7403 unneeded option from ssh-user-config. Patch from vinschen at redhat com. 8935 unneeded option from ssh-user-config. Patch from vinschen at redhat com.
7404
7405commit b8ae92d08b91beaef34232c6ef34b9941473fdd6
7406Author: Darren Tucker <dtucker@zip.com.au>
7407Date: Tue Jun 11 12:10:02 2013 +1000
7408
7409 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
7410 and add some comments so it's clear what goes where.
7411
7412commit 97b62f41adcb0dcbeff142d0540793a7ea17c910
7413Author: Darren Tucker <dtucker@zip.com.au>
7414Date: Tue Jun 11 11:47:24 2013 +1000
7415
7416 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
7417 the required OpenSSL support. Patch from naddy at freebsd.
7418
7419commit 6d8bd57448b45b42809da32857d7804444349ee7
7420Author: Darren Tucker <dtucker@zip.com.au>
7421Date: Tue Jun 11 11:26:10 2013 +1000
7422
7423 - (dtucker) [Makefile.in configure.ac fixalgorithms] Remove unsupported
7424 algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
7425
7426commit 36187093ea0b2d2240c043417b8949611687e105
7427Author: Damien Miller <djm@mindrot.org>
7428Date: Mon Jun 10 13:07:11 2013 +1000
7429
7430 - dtucker@cvs.openbsd.org 2013/06/07 15:37:52
7431 [channels.c channels.h clientloop.c]
7432 Add an "ABANDONED" channel state and use for mux sessions that are
7433 disconnected via the ~. escape sequence. Channels in this state will
7434 be able to close if the server responds, but do not count as active channels.
7435 This means that if you ~. all of the mux clients when using ControlPersist
7436 on a broken network, the backgrounded mux master will exit when the
7437 Control Persist time expires rather than hanging around indefinitely.
7438 bz#1917, also reported and tested by tedu@. ok djm@ markus@.
7439
7440commit ae133d4b31af05bb232d797419f498f3ae7e9f2d
7441Author: Darren Tucker <dtucker@zip.com.au>
7442Date: Thu Jun 6 08:30:20 2013 +1000
7443
7444 - (dtucker) [configure.ac sftp.c openbsd-compat/openbsd-compat.h] Cater for
7445 platforms that don't have multibyte character support (specifically,
7446 mblen).
7447
7448commit 408eaf3ab716096f8faf30f091bd54a2c7a17a09
7449Author: Darren Tucker <dtucker@zip.com.au>
7450Date: Thu Jun 6 08:22:46 2013 +1000
7451
7452 - dtucker@cvs.openbsd.org 2013/06/05 22:00:28
7453 [readconf.c]
7454 plug another memleak. bz#1967, from Zhenbo Xu, detected by Melton, ok djm
7455
7456commit e52a260f16888ca75390f97de4606943e61785e8
7457Author: Darren Tucker <dtucker@zip.com.au>
7458Date: Thu Jun 6 08:22:05 2013 +1000
7459
7460 - dtucker@cvs.openbsd.org 2013/06/05 12:52:38
7461 [sshconnect2.c]
7462 Fix memory leaks found by Zhenbo Xu and the Melton tool. bz#1967, ok djm
7463
7464commit 0cca17fa1819d3a0ba06a6db41ab3eaa8d769587
7465Author: Darren Tucker <dtucker@zip.com.au>
7466Date: Thu Jun 6 08:21:14 2013 +1000
7467
7468 - dtucker@cvs.openbsd.org 2013/06/05 02:27:50
7469 [sshd.c]
7470 When running sshd -D, close stderr unless we have explicitly requesting
7471 logging to stderr. From james.hunt at ubuntu.com via bz#1976, djm's patch
7472 so, err, ok dtucker.
7473
7474commit 746e9067bd9b3501876e1c86f38f3c510a12f895
7475Author: Darren Tucker <dtucker@zip.com.au>
7476Date: Thu Jun 6 08:20:13 2013 +1000
7477
7478 - dtucker@cvs.openbsd.org 2013/06/05 02:07:29
7479 [mux.c]
7480 fix leaks in mux error paths, from Zhenbo Xu, found by Melton. bz#1967,
7481 ok djm
7482
7483commit ea64721275a81c4788af36294d94bf4f74012e06
7484Author: Darren Tucker <dtucker@zip.com.au>
7485Date: Thu Jun 6 08:19:09 2013 +1000
7486
7487 - dtucker@cvs.openbsd.org 2013/06/04 20:42:36
7488 [sftp.c]
7489 Make sftp's libedit interface marginally multibyte aware by building up
7490 the quoted string by character instead of by byte. Prevents failures
7491 when linked against a libedit built with wide character support (bz#1990).
7492 "looks ok" djm
7493
7494commit 194454d7a8f8cb8ac55f2b9d0199ef9445788bee
7495Author: Darren Tucker <dtucker@zip.com.au>
7496Date: Thu Jun 6 08:16:04 2013 +1000
7497
7498 - dtucker@cvs.openbsd.org 2013/06/04 19:12:23
7499 [scp.c]
7500 use MAXPATHLEN for buffer size instead of fixed value. ok markus
7501
7502commit 4ac66af091cf6db5a42c18e43738ca9c41e338e5
7503Author: Darren Tucker <dtucker@zip.com.au>
7504Date: Thu Jun 6 08:12:37 2013 +1000
7505
7506 - dtucker@cvs.openbsd.org 2013/06/03 00:03:18
7507 [mac.c]
7508 force the MAC output to be 64-bit aligned so umac won't see unaligned
7509 accesses on strict-alignment architectures. bz#2101, patch from
7510 tomas.kuthan at oracle.com, ok djm@
7511
7512commit ea8342c248ad6c0a4fe1a70de133f954973bd2b2
7513Author: Darren Tucker <dtucker@zip.com.au>
7514Date: Thu Jun 6 08:11:40 2013 +1000
7515
7516 - dtucker@cvs.openbsd.org 2013/06/02 23:36:29
7517 [clientloop.h clientloop.c mux.c]
7518 No need for the mux cleanup callback to be visible so restore it to static
7519 and call it through the detach_user function pointer. ok djm@
7520
7521commit 5d12b8f05d79ba89d0807910a664fa80f6f3bf8c
7522Author: Darren Tucker <dtucker@zip.com.au>
7523Date: Thu Jun 6 08:09:10 2013 +1000
7524
7525 - dtucker@cvs.openbsd.org 2013/06/02 21:01:51
7526 [channels.h]
7527 typo in comment
7528
7529commit dc62edbf121c41e8b5270904091039450206d98a
7530Author: Darren Tucker <dtucker@zip.com.au>
7531Date: Thu Jun 6 05:12:35 2013 +1000
7532
7533 - (dtucker) [Makefile.in] append $CFLAGS to compiler options when building
7534 modpipe in case there's anything in there we need.
7535
7536commit 2a22873cd869679415104bc9f6bb154811ee604c
7537Author: Darren Tucker <dtucker@zip.com.au>
7538Date: Thu Jun 6 01:59:13 2013 +1000
7539
7540 - (dtucker) [regress/forwarding.sh] For (as yet unknown) reason, the
7541 forwarding test is extremely slow copying data on some machines so switch
7542 back to copying the much smaller ls binary until we can figure out why
7543 this is.
7544
7545commit b4e00949f01176cd4fae3e0cef5ffa8dea379042
7546Author: Darren Tucker <dtucker@zip.com.au>
7547Date: Wed Jun 5 22:48:44 2013 +1000
7548
7549 - (dtucker) [contrib/ssh-copy-id] bz#2117: Use portable operator in test.
7550 Patch from cjwatson at debian.
7551
7552commit 2ea9eb77a7fcab3190564ef5a6a5377a600aa391
7553Author: Darren Tucker <dtucker@zip.com.au>
7554Date: Wed Jun 5 15:04:00 2013 +1000
7555
7556 - (dtucker) Enable sha256 kex methods based on the presence of the necessary
7557 functions, not from the openssl version.
7558
7559commit 16cac190ebb9b5612cccea63a7c22ac33bc9a07a
7560Author: Darren Tucker <dtucker@zip.com.au>
7561Date: Tue Jun 4 12:55:24 2013 +1000
7562
7563 - (dtucker) [configure.ac] Some other platforms need sys/types.h before
7564 sys/socket.h.
7565
7566commit 0b43ffe143a5843703c3755fa040b8684fb04134
7567Author: Darren Tucker <dtucker@zip.com.au>
7568Date: Mon Jun 3 09:30:44 2013 +1000
7569
7570 - (dtucker) [configure.ac] Some platforms need sys/types.h before sys/un.h.
7571
7572commit 3f3064c82238c486706471d300217d73dd0f125e
7573Author: Tim Rice <tim@multitalents.net>
7574Date: Sun Jun 2 15:13:09 2013 -0700
7575
7576 - (tim) [regress/sftp-chroot.sh] skip if no sudo. ok dtucker
7577
7578commit 01ec0af301f60fefdd0079647f13ef9abadd2db5
7579Author: Tim Rice <tim@multitalents.net>
7580Date: Sun Jun 2 14:31:27 2013 -0700
7581
7582 - (tim) [aclocal.m4] Enhance OSSH_CHECK_CFLAG_COMPILE to check stderr.
7583 feedback and ok dtucker
7584
7585commit 5ab9b63468100757479534edeb53f788a61fe08b
7586Author: Tim Rice <tim@multitalents.net>
7587Date: Sun Jun 2 14:05:48 2013 -0700
7588
7589 - (tim) [configure.ac regress/Makefile] With rev 1.47 of test-exec.sh we
7590 need a shell that can handle "[ file1 -nt file2 ]". Rather than keep
7591 dealing with shell portability issues in regression tests, we let
7592 configure find us a capable shell on those platforms with an old /bin/sh.
7593
7594commit 898ac935e56a7ac5d8b686c590fdb8b7aca27e59
7595Author: Darren Tucker <dtucker@zip.com.au>
7596Date: Mon Jun 3 02:03:25 2013 +1000
7597
7598 - (dtucker) [configure.ac] bz#2111: don't try to use lastlog on Android.
7599 Patch from Nathan Osman.
7600
7601commit ef4901c3eb98c7ab1342c3cd8f2638da1f4b0678
7602Author: Darren Tucker <dtucker@zip.com.au>
7603Date: Mon Jun 3 01:59:13 2013 +1000
7604
7605 - (dtucker) [configure.ac] sys/un.h needs sys/socket.h on some platforms
7606 to prevent noise from configure. Patch from Nathan Osman.
7607
7608commit 073f795bc1c7728c320e5982c0d417376b0907f5
7609Author: Darren Tucker <dtucker@zip.com.au>
7610Date: Sun Jun 2 23:47:11 2013 +1000
7611
7612 - dtucker@cvs.openbsd.org 2013/06/02 13:35:58
7613 [ssh-agent.c]
7614 Make parent_alive_interval time_t to avoid signed/unsigned comparison
7615
7616commit 00e1abb1ebe13ab24e812f68715f46e65e7c5271
7617Author: Darren Tucker <dtucker@zip.com.au>
7618Date: Sun Jun 2 23:46:24 2013 +1000
7619
7620 - dtucker@cvs.openbsd.org 2013/06/02 13:33:05
7621 [progressmeter.c]
7622 Add misc.h for monotime prototype. (id sync only)
7623
7624commit 86211d1738695e63b2a68f0c3a4f60e1a9d9bda3
7625Author: Tim Rice <tim@multitalents.net>
7626Date: Sat Jun 1 18:38:23 2013 -0700
7627
7628 20130602
7629 - (tim) [Makefile.in] Make Solaris, UnixWare, & OpenServer linkers happy
7630 linking regress/modpipe.
7631
7632commit e9887d1c37940b9d6c72d55cfad7a40de4c6e28d
7633Author: Darren Tucker <dtucker@zip.com.au>
7634Date: Sun Jun 2 09:17:09 2013 +1000
7635
7636 - (dtucker) [sandbox-seccomp-filter.c] Allow clock_gettimeofday.
7637
7638commit 65cf74079a2d563c4ede649116a13ca78c8cc2a4
7639Author: Darren Tucker <dtucker@zip.com.au>
7640Date: Sun Jun 2 09:11:19 2013 +1000
7641
7642 fix typo
7643
7644commit c9a1991b95a4c9f04f9dcef299a8110d2ec80d3e
7645Author: Darren Tucker <dtucker@zip.com.au>
7646Date: Sun Jun 2 08:37:05 2013 +1000
7647
7648 - dtucker@cvs.openbsd.org 2013/06/01 22:34:50
7649 [sftp-client.c]
7650 Update progressmeter when data is acked, not when it's sent. bz#2108, from
7651 Debian via Colin Watson, ok djm@
7652
7653commit a710891659202c82545e84725d4e5cd77aef567c
7654Author: Darren Tucker <dtucker@zip.com.au>
7655Date: Sun Jun 2 08:18:31 2013 +1000
7656
7657 - (dtucker) [configure.ac misc.c] Look for clock_gettime in librt and fall
7658 back to time(NULL) if we can't find it anywhere.
7659
7660commit f60845fde29cead9d75e812db1c04916b4c58ffd
7661Author: Darren Tucker <dtucker@zip.com.au>
7662Date: Sun Jun 2 08:07:31 2013 +1000
7663
7664 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c
7665 groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
7666 sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
7667 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
7668 openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
7669 with the equivalent calls to free.
7670
7671commit 12f6533215c0a36ab29d11ff52a853fce45573b4
7672Author: Darren Tucker <dtucker@zip.com.au>
7673Date: Sun Jun 2 08:01:24 2013 +1000
7674
7675 Remove stray '+' accidentally introduced in sync
7676
7677commit 3750fce6ac6b287f62584ac55a4406df95c71b92
7678Author: Darren Tucker <dtucker@zip.com.au>
7679Date: Sun Jun 2 07:52:21 2013 +1000
7680
7681 - dtucker@cvs.openbsd.org 2013/06/01 20:59:25
7682 [scp.c sftp-client.c]
7683 Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. Patch
7684 from Nathan Osman via bz#2113. ok deraadt.
7685
7686 (note: corrected bug number from 2085)
7687
7688commit b759c9c2efebe7b416ab81093ca8eb17836b6933
7689Author: Darren Tucker <dtucker@zip.com.au>
7690Date: Sun Jun 2 07:46:16 2013 +1000
7691
7692 - dtucker@cvs.openbsd.org 2013/06/01 13:15:52
7693 [ssh-agent.c clientloop.c misc.h packet.c progressmeter.c misc.c
7694 channels.c sandbox-systrace.c]
7695 Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like
7696 keepalives and rekeying will work properly over clock steps. Suggested by
7697 markus@, "looks good" djm@.
7698
7699commit 55119253c64808b0d3b2ab5d2bc67ee9dac3430b
7700Author: Darren Tucker <dtucker@zip.com.au>
7701Date: Sun Jun 2 07:43:59 2013 +1000
7702
7703 - dtucker@cvs.openbsd.org 2013/05/31 12:28:10
7704 [ssh-agent.c]
7705 Use time_t where appropriate. ok djm
7706
7707commit 0acca3797d53d958d240c69a5f222f2aa8444858
7708Author: Darren Tucker <dtucker@zip.com.au>
7709Date: Sun Jun 2 07:41:51 2013 +1000
7710
7711 - djm@cvs.openbsd.org 2013/05/19 02:42:42
7712 [auth.h auth.c key.c monitor.c auth-rsa.c auth2.c auth1.c key.h]
7713 Standardise logging of supplemental information during userauth. Keys
7714 and ruser is now logged in the auth success/failure message alongside
7715 the local username, remote host/port and protocol in use. Certificates
7716 contents and CA are logged too.
7717 Pushing all logging onto a single line simplifies log analysis as it is
7718 no longer necessary to relate information scattered across multiple log
7719 entries. "I like it" markus@
7720
7721commit 74836ae0fabcc1a76b9d9eacd1629c88a054b2d0
7722Author: Darren Tucker <dtucker@zip.com.au>
7723Date: Sun Jun 2 07:32:00 2013 +1000
7724
7725 - djm@cvs.openbsd.org 2013/05/19 02:38:28
7726 [auth2-pubkey.c]
7727 fix failure to recognise cert-authority keys if a key of a different type
7728 appeared in authorized_keys before it; ok markus@
7729
7730commit a627d42e51ffa71e014d7b2d2c07118122fd3ec3
7731Author: Darren Tucker <dtucker@zip.com.au>
7732Date: Sun Jun 2 07:31:17 2013 +1000
7733
7734 - djm@cvs.openbsd.org 2013/05/17 00:13:13
7735 [xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
7736 ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
7737 gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
7738 auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
7739 servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
7740 auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
7741 sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
7742 kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
7743 kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
7744 monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
7745 ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
7746 sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
7747 ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
7748 dns.c packet.c readpass.c authfd.c moduli.c]
7749 bye, bye xfree(); ok markus@
7750
7751commit c7aad0058c957afeb26a3f703e8cb0eddeb62365
7752Author: Darren Tucker <dtucker@zip.com.au>
7753Date: Sun Jun 2 07:18:47 2013 +1000
7754
7755 - (dtucker) [configure.ac defines.h] Test for fd_mask, howmany and NFDBITS
7756 rather than trying to enumerate the plaforms that don't have them.
7757 Based on a patch from Nathan Osman, with help from tim@.
7758
7759commit c0c3373216801797053e123b5f62d35bf41b3611
7760Author: Darren Tucker <dtucker@zip.com.au>
7761Date: Sun Jun 2 06:28:03 2013 +1000
7762
7763 - (dtucker) [configure.ac openbsd-compat/xcrypt.c] bz#2112: fall back to
7764 using openssl's DES_crpyt function on platorms that don't have a native
7765 one, eg Android. Based on a patch from Nathan Osman.
7766
7767commit efdf5342143a887013a1daae583167dadf6752a7
7768Author: Darren Tucker <dtucker@zip.com.au>
7769Date: Thu May 30 08:29:08 2013 +1000
7770
7771 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] bz#2087: Add a null
7772 implementation of endgrent for platforms that don't have it (eg Android).
7773 Loosely based on a patch from Nathan Osman, ok djm
7774
7775commit 9b42d327380e5cd04efde6fb70e1535fecedf0d7
7776Author: Darren Tucker <dtucker@zip.com.au>
7777Date: Fri May 17 20:48:59 2013 +1000
7778
7779 - dtucker@cvs.openbsd.org 2013/05/17 10:35:43
7780 [regress/scp.sh]
7781 use a file extention that's not special on some platforms. from portable
7782 (id sync only)
7783
7784commit 0a404b0ed79ba45ccaf7ed5528a8f5004c3698cb
7785Author: Darren Tucker <dtucker@zip.com.au>
7786Date: Fri May 17 20:47:29 2013 +1000
7787
7788 - dtucker@cvs.openbsd.org 2013/05/17 10:34:30
7789 [regress/portnum.sh]
7790 use a more portable negated if structure. from portable (id sync only)
7791
7792commit 62ee222e6f3f5ee288434f58b5136ae3d56f5164
7793Author: Darren Tucker <dtucker@zip.com.au>
7794Date: Fri May 17 20:46:00 2013 +1000
7795
7796 - dtucker@cvs.openbsd.org 2013/05/17 10:33:09
7797 [regress/agent-getpeereid.sh]
7798 don't redirect stdout from sudo. from portable (id sync only)
7799
7800commit 00478d30cb4bcc18dc1ced8144d16b03cdf790f6
7801Author: Darren Tucker <dtucker@zip.com.au>
7802Date: Fri May 17 20:45:06 2013 +1000
7803
7804 - dtucker@cvs.openbsd.org 2013/05/17 10:30:07
7805 [regress/test-exec.sh]
7806 wait a bit longer for startup and use case for absolute path.
7807 from portable (id sync only)
7808
7809commit 98989eb95eef0aefed7e9fb4e65c2f625be946f6
7810Author: Darren Tucker <dtucker@zip.com.au>
7811Date: Fri May 17 20:44:09 2013 +1000
7812
7813 - dtucker@cvs.openbsd.org 2013/05/17 10:28:11
7814 [regress/sftp.sh]
7815 only compare copied data if sftp succeeds. from portable (id sync only)
7816
7817commit 438f60eb9a5f7cd40bb242cfec865e4fde71b07c
7818Author: Darren Tucker <dtucker@zip.com.au>
7819Date: Fri May 17 20:43:13 2013 +1000
7820
7821 - dtucker@cvs.openbsd.org 2013/05/17 10:26:26
7822 [regress/sftp-badcmds.sh]
7823 remove unused BATCH variable. (id sync only)
7824
7825commit 1466bd25a8d1ff7ae455a795d2d7d52dc17d2938
7826Author: Darren Tucker <dtucker@zip.com.au>
7827Date: Fri May 17 20:42:05 2013 +1000
7828
7829 - dtucker@cvs.openbsd.org 2013/05/17 10:24:48
7830 [localcommand.sh]
7831 use backticks for portability. (id sync only)
7832
7833commit 05b5e518c9969d63471f2ccfd85b1de6e724d30b
7834Author: Darren Tucker <dtucker@zip.com.au>
7835Date: Fri May 17 20:41:07 2013 +1000
7836
7837 - dtucker@cvs.openbsd.org 2013/05/17 10:23:52
7838 [regress/login-timeout.sh regress/reexec.sh regress/test-exec.sh]
7839 Use SUDO when cat'ing pid files and running the sshd log wrapper so that
7840 it works with a restrictive umask and the pid files are not world readable.
7841 Changes from -portable. (id sync only)
7842
7843commit dd669173f93ea8c8397e0af758eaf13ab4f1c591
7844Author: Darren Tucker <dtucker@zip.com.au>
7845Date: Fri May 17 20:39:57 2013 +1000
7846
7847 - dtucker@cvs.openbsd.org 2013/05/17 10:16:26
7848 [regress/try-ciphers.sh]
7849 use expr for math to keep diffs vs portable down
7850 (id sync only)
7851
7852commit 044f32f4c6fd342f9f5949bb0ca77624c0db4494
7853Author: Darren Tucker <dtucker@zip.com.au>
7854Date: Fri May 17 20:12:57 2013 +1000
7855
7856 - (dtucker) [regress/cfgmatch.sh] Remove unneeded sleep renderd obsolete by
7857 rev 1.6 which calls wait.
7858
7859commit 9cc8ff7b63f175661c8807006f6d2649d56ac402
7860Author: Darren Tucker <dtucker@zip.com.au>
7861Date: Fri May 17 20:01:52 2013 +1000
7862
7863 - (dtucker) [regress/runtests.sh] Remove obsolete test driver script.
7864
7865commit f8d5b3451726530a864b172c556c311370c244e1
7866Author: Darren Tucker <dtucker@zip.com.au>
7867Date: Fri May 17 19:53:25 2013 +1000
7868
7869 - (dtucker) [regress/stderr-after-eof.sh regress/test-exec.sh] Move the md5
7870 helper function to the portable part of test-exec.sh.
7871
7872commit 6f66981ed3c6bb83b937959f329323975e356c33
7873Author: Darren Tucker <dtucker@zip.com.au>
7874Date: Fri May 17 19:28:51 2013 +1000
7875
7876 - (dtucker) [regress/test-exec.sh] Move the portable-specific functions
7877 together and add a couple of missing lines from openbsd.
7878
7879commit 5f1a89a3b67264f4aa83e057cd4f74fd60b9ffa4
7880Author: Darren Tucker <dtucker@zip.com.au>
7881Date: Fri May 17 19:17:58 2013 +1000
7882
7883 - (dtucker) [regress/integrity.sh regress/krl.sh regress/test-exec.sh]
7884 Move the jot helper function to portable-specific part of test-exec.sh.
7885
7886commit 96457a54d05dea81f34ecb4e059d2f8b98382b85
7887Author: Darren Tucker <dtucker@zip.com.au>
7888Date: Fri May 17 19:03:38 2013 +1000
7889
7890 - (dtucker) [regress/agent-getpeereid.sh] Resync spaces with openbsd.
7891
7892commit 7f193236594e8328ad133ea05eded31f837b45b5
7893Author: Darren Tucker <dtucker@zip.com.au>
7894Date: Fri May 17 19:02:28 2013 +1000
7895
7896 - (dtucker) [regress/cfgmatch.sh] Resync config file setup with openbsd.
7897
7898commit 8654dd2d737800d09e7730b3dfc2a54411f4cf90
7899Author: Darren Tucker <dtucker@zip.com.au>
7900Date: Fri May 17 16:03:48 2013 +1000
7901
7902 - (dtucker) [openbsd-compat/getopt.h] Remove unneeded bits.
7903
7904commit 59d928d3b47e8298f4a8b4b3fb37fb8c8ce1b098
7905Author: Darren Tucker <dtucker@zip.com.au>
7906Date: Fri May 17 15:32:29 2013 +1000
7907
7908 - dtucker@cvs.openbsd.org 2013/05/17 04:29:14
7909 [regress/sftp.sh regress/putty-ciphers.sh regress/cipher-speed.sh
7910 regress/test-exec.sh regress/sftp-batch.sh regress/dynamic-forward.sh
7911 regress/putty-transfer.sh regress/conch-ciphers.sh regress/sftp-cmds.sh
7912 regress/scp.sh regress/ssh-com-sftp.sh regress/rekey.sh
7913 regress/putty-kex.sh regress/stderr-data.sh regress/stderr-after-eof.sh
7914 regress/sftp-badcmds.sh regress/reexec.sh regress/ssh-com-client.sh
7915 regress/sftp-chroot.sh regress/forwarding.sh regress/transfer.sh
7916 regress/multiplex.sh]
7917 Move the setting of DATA and COPY into test-exec.sh
7918
7919commit 34035be27b7ddd84706fe95c39d37cba7d5c9572
7920Author: Darren Tucker <dtucker@zip.com.au>
7921Date: Fri May 17 14:47:51 2013 +1000
7922
7923 - dtucker@cvs.openbsd.org 2013/05/17 01:32:11
7924 [regress/integrity.sh]
7925 don't print output from ssh before getting it (it's available in ssh.log)
7926
7927commit b8b96b0aa634d440feba4331c80ae4de9dda2081
7928Author: Darren Tucker <dtucker@zip.com.au>
7929Date: Fri May 17 14:46:20 2013 +1000
7930
7931 - dtucker@cvs.openbsd.org 2013/05/17 01:16:09
7932 [regress/agent-timeout.sh]
7933 Pull back some portability changes from -portable:
7934 - TIMEOUT is a read-only variable in some shells
7935 - not all greps have -q so redirect to /dev/null instead.
7936 (ID sync only)
7937
7938commit a40d97ff46831c9081a6a4472036689360847fb1
7939Author: Darren Tucker <dtucker@zip.com.au>
7940Date: Fri May 17 14:44:53 2013 +1000
7941
7942 sync missing ID
7943
7944commit 56347efe796a0506e846621ae65562b978e45f1d
7945Author: Darren Tucker <dtucker@zip.com.au>
7946Date: Fri May 17 13:28:36 2013 +1000
7947
7948 - dtucker@cvs.openbsd.org 2013/05/17 00:37:40
7949 [regress/agent.sh regress/keytype.sh regress/cfgmatch.sh
7950 regress/forcecommand.sh regress/proto-version.sh regress/test-exec.sh
7951 regress/cipher-speed.sh regress/cert-hostkey.sh regress/cert-userkey.sh
7952 regress/ssh-com.sh]
7953 replace 'echo -n' with 'printf' since it's more portable
7954 also remove "echon" hack.
7955
7956commit 91af05c5167fe0aa5bd41d2e4a83757d9f627c18
7957Author: Darren Tucker <dtucker@zip.com.au>
7958Date: Fri May 17 13:16:59 2013 +1000
7959
7960 - (dtucker) [regress/integrity.sh]. Force fixed Diffie-Hellman key exchange
7961 methods. When the openssl version doesn't support ECDH then next one on
7962 the list is DH group exchange, but that causes a bit more traffic which can
7963 mean that the tests flip bits in the initial exchange rather than the MACed
7964 traffic and we get different errors to what the tests look for.
7965
7966commit 6e1e60c3c2e16c32bb7ca0876caaa6182a4e4b2c
7967Author: Darren Tucker <dtucker@zip.com.au>
7968Date: Fri May 17 11:23:41 2013 +1000
7969
7970 - (dtucker) [regress/bsd.regress.mk] Remove unused file. We've never used it
7971 in portable and it's long gone in openbsd.
7972
7973commit 982b0cbc4c2b5ea14725f4b339393cdf343dd0fe
7974Author: Darren Tucker <dtucker@zip.com.au>
7975Date: Fri May 17 09:45:12 2013 +1000
7976
7977 - dtucker@cvs.openbsd.org 2013/05/16 05:48:31
7978 [regress/rekey.sh]
7979 add tests for RekeyLimit parsing
7980
7981commit 14490fe7b0f45b1b19f8a3dc10eb3d214f27f5bd
7982Author: Darren Tucker <dtucker@zip.com.au>
7983Date: Fri May 17 09:44:20 2013 +1000
7984
7985 - dtucker@cvs.openbsd.org 2013/05/16 04:26:10
7986 [regress/rekey.sh]
7987 add server-side rekey test
7988
7989commit c31c8729c15f83fba14ef9da0d66bda6215ff69a
7990Author: Darren Tucker <dtucker@zip.com.au>
7991Date: Fri May 17 09:43:33 2013 +1000
7992
7993 - dtucker@cvs.openbsd.org 2013/05/16 03:33:30
7994 [regress/rekey.sh]
7995 test rekeying when there's no data being transferred
7996
7997commit a8a62fcc46c19997797846197a6256ed9a777a47
7998Author: Darren Tucker <dtucker@zip.com.au>
7999Date: Fri May 17 09:42:34 2013 +1000
8000
8001 - dtucker@cvs.openbsd.org 2013/05/16 02:10:35
8002 [rekey.sh]
8003 Add test for time-based rekeying
8004
8005commit 5e95173715d516e6014485e2b6def1fb3db84036
8006Author: Darren Tucker <dtucker@zip.com.au>
8007Date: Fri May 17 09:41:33 2013 +1000
8008
8009 - djm@cvs.openbsd.org 2013/05/10 03:46:14
8010 [modpipe.c]
8011 sync some portability changes from portable OpenSSH (id sync only)
8012
8013commit a4df65b9fc68a555a7d8781700475fb03ed6e694
8014Author: Darren Tucker <dtucker@zip.com.au>
8015Date: Fri May 17 09:37:31 2013 +1000
8016
8017 - dtucker@cvs.openbsd.org 2013/04/22 07:28:53
8018 [multiplex.sh]
8019 Add tests for -Oforward and -Ocancel for local and remote forwards
8020
8021commit 40aaff7e4bcb05b05e3d24938b6d34885be817da
8022Author: Darren Tucker <dtucker@zip.com.au>
8023Date: Fri May 17 09:36:20 2013 +1000
8024
8025 - dtucker@cvs.openbsd.org 2013/04/22 07:23:08
8026 [multiplex.sh]
8027 Write mux master logs to regress.log instead of ssh.log to keep separate
8028
8029commit f3568fc62b73b50a0a3c8447e4a00f4892cab25e
8030Author: Darren Tucker <dtucker@zip.com.au>
8031Date: Fri May 17 09:35:26 2013 +1000
8032
8033 - djm@cvs.openbsd.org 2013/04/18 02:46:12
8034 [Makefile regress/sftp-chroot.sh]
8035 test sshd ChrootDirectory+internal-sftp; feedback & ok dtucker@
8036
8037commit dfea3bcdd7c980c2335402464b7dd8d8721e426d
8038Author: Darren Tucker <dtucker@zip.com.au>
8039Date: Fri May 17 09:31:39 2013 +1000
8040
8041 - dtucker@cvs.openbsd.org 2013/04/07 02:16:03
8042 [regress/Makefile regress/rekey.sh regress/integrity.sh
8043 regress/sshd-log-wrapper.sh regress/forwarding.sh regress/test-exec.sh]
8044 use -E option for ssh and sshd to write debuging logs to ssh{,d}.log and
8045 save the output from any failing tests. If a test fails the debug output
8046 from ssh and sshd for the failing tests (and only the failing tests) should
8047 be available in failed-ssh{,d}.log.
8048
8049commit 75129025a2d504b630d1718fef0da002f5662f63
8050Author: Darren Tucker <dtucker@zip.com.au>
8051Date: Fri May 17 09:19:10 2013 +1000
8052
8053 - dtucker@cvs.openbsd.org 2013/04/06 06:00:22
8054 [regress/rekey.sh regress/test-exec.sh regress/integrity.sh
8055 regress/multiplex.sh Makefile regress/cfgmatch.sh]
8056 Split the regress log into 3 parts: the debug output from ssh, the debug
8057 log from sshd and the output from the client command (ssh, scp or sftp).
8058 Somewhat functional now, will become more useful when ssh/sshd -E is added.
8059
8060commit 7c8b1e72331293b4707dc6f7f68a69e975a3fa70
8061Author: Darren Tucker <dtucker@zip.com.au>
8062Date: Fri May 17 09:10:20 2013 +1000
8063
8064 - dtucker@cvs.openbsd.org 2013/03/23 11:09:43
8065 [test-exec.sh]
8066 Only regenerate host keys if they don't exist or if ssh-keygen has changed
8067 since they were. Reduces test runtime by 5-30% depending on machine
8068 speed.
8069
8070commit 712de4d1100963b11bc618472f95ce36bf7e2ae3
8071Author: Darren Tucker <dtucker@zip.com.au>
8072Date: Fri May 17 09:07:12 2013 +1000
8073
8074 - djm@cvs.openbsd.org 2013/03/07 00:20:34
8075 [regress/proxy-connect.sh]
8076 repeat test with a style appended to the username
8077
8078commit 09c0f0325b2f538de9a1073e03b8ef26dece4c16
8079Author: Darren Tucker <dtucker@zip.com.au>
8080Date: Thu May 16 20:48:57 2013 +1000
8081
8082 - dtucker@cvs.openbsd.org 2013/05/16 10:44:06
8083 [servconf.c]
8084 remove another now-unused variable
8085
8086commit 9113d0c2381202412c912a20c8083ab7d6824ec9
8087Author: Darren Tucker <dtucker@zip.com.au>
8088Date: Thu May 16 20:48:14 2013 +1000
8089
8090 - dtucker@cvs.openbsd.org 2013/05/16 10:43:34
8091 [servconf.c readconf.c]
8092 remove now-unused variables
8093
8094commit e194ba4111ffd47cd1f4c8be1ddc8a4cb673d005
8095Author: Darren Tucker <dtucker@zip.com.au>
8096Date: Thu May 16 20:47:31 2013 +1000
8097
8098 - (dtucker) [configure.ac readconf.c servconf.c
8099 openbsd-compat/openbsd-compat.h] Add compat bits for scan_scaled.
8100
8101commit b7ee8521448100e5b268111ff90feb017e657e44
8102Author: Darren Tucker <dtucker@zip.com.au>
8103Date: Thu May 16 20:33:10 2013 +1000
8104
8105 - dtucker@cvs.openbsd.org 2013/05/16 09:12:31
8106 [readconf.c servconf.c]
8107 switch RekeyLimit traffic volume parsing to scan_scaled. ok djm@
8108
8109commit dbee308253931f8c1aeebf781d7e7730ff6a0dc1
8110Author: Darren Tucker <dtucker@zip.com.au>
8111Date: Thu May 16 20:32:29 2013 +1000
8112
8113 - dtucker@cvs.openbsd.org 2013/05/16 09:08:41
8114 [log.c scp.c sshd.c serverloop.c schnorr.c sftp.c]
8115 Fix some "unused result" warnings found via clang and -portable.
8116 ok markus@
8117
8118commit 64d22946d664dad8165f1fae9e78b53831ed728d
8119Author: Darren Tucker <dtucker@zip.com.au>
8120Date: Thu May 16 20:31:29 2013 +1000
8121
8122 - jmc@cvs.openbsd.org 2013/05/16 06:30:06
8123 [sshd_config.5]
8124 oops! avoid Xr to self;
8125
8126commit 63e0df2b936770baadc8844617b99e5174b476d0
8127Author: Darren Tucker <dtucker@zip.com.au>
8128Date: Thu May 16 20:30:31 2013 +1000
8129
8130 - jmc@cvs.openbsd.org 2013/05/16 06:28:45
8131 [ssh_config.5]
8132 put IgnoreUnknown in the right place;
8133
8134commit 0763698f71efef8b3f8460c5700758359219eb7c
8135Author: Darren Tucker <dtucker@zip.com.au>
8136Date: Thu May 16 20:30:03 2013 +1000
8137
8138 - djm@cvs.openbsd.org 2013/05/16 04:27:50
8139 [ssh_config.5 readconf.h readconf.c]
8140 add the ability to ignore specific unrecognised ssh_config options;
8141 bz#866; ok markus@
8142
8143commit 5f96f3b4bee11ae2b9b32ff9b881c3693e210f96
8144Author: Darren Tucker <dtucker@zip.com.au>
8145Date: Thu May 16 20:29:28 2013 +1000
8146
8147 - dtucker@cvs.openbsd.org 2013/05/16 04:09:14
8148 [sshd_config.5 servconf.c servconf.h packet.c serverloop.c monitor.c sshd_config
8149 sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
8150 rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
8151 page.
8152
8153commit c53c2af173cf67fd1c26f98e7900299b1b65b6ec
8154Author: Darren Tucker <dtucker@zip.com.au>
8155Date: Thu May 16 20:28:16 2013 +1000
8156
8157 - dtucker@cvs.openbsd.org 2013/05/16 02:00:34
8158 [ssh_config sshconnect2.c packet.c readconf.h readconf.c clientloop.c
8159 ssh_config.5 packet.h]
8160 Add an optional second argument to RekeyLimit in the client to allow
8161 rekeying based on elapsed time in addition to amount of traffic.
8162 with djm@ jmc@, ok djm
8163
8164commit 64c6fceecd27e1739040b42de8f3759454260b39
8165Author: Darren Tucker <dtucker@zip.com.au>
8166Date: Thu May 16 20:27:14 2013 +1000
8167
8168 - dtucker@cvs.openbsd.org 2013/05/10 10:13:50
8169 [ssh-pkcs11-helper.c]
8170 remove unused extern optarg. ok markus@
8171
8172commit caf00109346e4ab6bb495b0e22bc5b1e7ee22f26
8173Author: Darren Tucker <dtucker@zip.com.au>
8174Date: Thu May 16 20:26:18 2013 +1000
8175
8176 - djm@cvs.openbsd.org 2013/05/10 04:08:01
8177 [key.c]
8178 memleak in cert_free(), wasn't actually freeing the struct;
8179 bz#2096 from shm AT digitalsun.pl
8180
8181commit 7e831edbf7a1b0b9aeeb08328b9fceafaad1bf22
8182Author: Darren Tucker <dtucker@zip.com.au>
8183Date: Thu May 16 20:25:40 2013 +1000
8184
8185 add missing attribution
8186
8187commit 54da6be320495604ddf65d10ac4cc8cf7849c533
8188Author: Darren Tucker <dtucker@zip.com.au>
8189Date: Thu May 16 20:25:04 2013 +1000
8190
8191 - djm@cvs.openbsd.org 2013/05/10 03:40:07
8192 [sshconnect2.c]
8193 fix bzero(ptr_to_struct, sizeof(ptr_to_struct)); bz#2100 from
8194
8195commit 5d8b702d95c0dfc338726fecfbb709695afd1377
8196Author: Darren Tucker <dtucker@zip.com.au>
8197Date: Thu May 16 20:24:23 2013 +1000
8198
8199 - dtucker@cvs.openbsd.org 2013/05/06 07:35:12
8200 [sftp-server.8]
8201 Reference the version of the sftp draft we actually implement. ok djm@
8202
8203commit 026d9db3fbe311b5a7e98d62472cb666aa559648
8204Author: Darren Tucker <dtucker@zip.com.au>
8205Date: Thu May 16 20:23:52 2013 +1000
8206
8207 - tedu@cvs.openbsd.org 2013/04/24 16:01:46
8208 [misc.c]
8209 remove extra parens noticed by nicm
8210
8211commit 2ca51bf140ef2c2409fd220778529dc17c11d8fa
8212Author: Darren Tucker <dtucker@zip.com.au>
8213Date: Thu May 16 20:22:46 2013 +1000
8214
8215 - tedu@cvs.openbsd.org 2013/04/23 17:49:45
8216 [misc.c]
8217 use xasprintf instead of a series of strlcats and strdup. ok djm
8218
8219commit 6aa3eacc5e5f39702b6dd5b27970d9fd97bc2383
8220Author: Damien Miller <djm@mindrot.org>
8221Date: Thu May 16 11:10:17 2013 +1000
8222
8223 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
8224 executed if mktemp failed; bz#2105 ok dtucker@
8225
8226commit c54e3e0741a27119b3badd8ff92b1988b7e9bd50
8227Author: Darren Tucker <dtucker@zip.com.au>
8228Date: Fri May 10 18:53:14 2013 +1000
8229
8230 - (dtucker) [configure.ac] Add -Werror to the -Qunused-arguments test so
8231 we don't get a warning on compilers that *don't* support it. Add
8232 -Wno-unknown-warning-option. Move both to the start of the list for
8233 maximum noise suppression. Tested with gcc 4.6.3, gcc 2.95.4 and clang 2.9.
8234
8235commit a75d247a18a5099c60226395354eb252c097ac86
8236Author: Darren Tucker <dtucker@zip.com.au>
8237Date: Fri May 10 18:11:55 2013 +1000
8238
8239 - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
8240 underlying libraries support them.
8241
8242commit 0abfb559e3f79d1f217773510d7626c3722aa3c1
8243Author: Darren Tucker <dtucker@zip.com.au>
8244Date: Fri May 10 18:08:49 2013 +1000
8245
8246 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
8247 openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
8248 in to use it when we're using our own getopt.
8249
8250commit ccfdfceacb7e23d1479ed4cc91976c5ac6e23c56
8251Author: Darren Tucker <dtucker@zip.com.au>
8252Date: Fri May 10 16:28:55 2013 +1000
8253
8254 - (dtucker) [openbsd-compat/Makefile.in openbsd-compat/getopt.c
8255 openbsd-compat/getopt_long.c regress/modpipe.c] Remove getopt.c, add
8256 portability code to getopt_long.c and switch over Makefile and the ugly
8257 hack in modpipe.c. Fixes bz#1448.
8258
8259commit 39332020078aa8fd4fc28e00b336438dc64b0f5a
8260Author: Darren Tucker <dtucker@zip.com.au>
8261Date: Fri May 10 15:38:11 2013 +1000
8262
8263 - (dtucker) [openbsd-compat/getopt_long.c] Import from OpenBSD. No
8264 portability changes yet.
8265
8266commit 35b2fe99bee4f332d1c1efa49107cdb3c67da07a
8267Author: Darren Tucker <dtucker@zip.com.au>
8268Date: Fri May 10 15:35:26 2013 +1000
8269
8270 - (dtucker) [openbsd-compat/getopt.c] Factor out portibility changes to
8271 getopt.c. Preprocessed source is identical other than line numbers.
8272
8273commit abbc7a7c02e45787d023f50a30f62d7a3e14fe9e
8274Author: Darren Tucker <dtucker@zip.com.au>
8275Date: Fri May 10 13:54:23 2013 +1000
8276
8277 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
8278 supports it. Mentioned by Colin Watson in bz#2100, ok djm.
8279
8280commit bc02f163f6e882d390abfb925b47b41e13ae523b
8281Author: Damien Miller <djm@mindrot.org>
8282Date: Tue Apr 23 19:25:49 2013 +1000
8283
8284 - dtucker@cvs.openbsd.org 2013/04/22 01:17:18
8285 [mux.c]
8286 typo in debug output: evitval->exitval
8287
8288commit f8b894e31dc3530c7eb6d0a378848260d54f74c4
8289Author: Damien Miller <djm@mindrot.org>
8290Date: Tue Apr 23 19:25:29 2013 +1000
8291
8292 - djm@cvs.openbsd.org 2013/04/19 12:07:08
8293 [kex.c]
8294 remove duplicated list entry pointed out by naddy@
8295
8296commit 34bd20a1e53b63ceb01f06c1654d9112e6784b0a
8297Author: Damien Miller <djm@mindrot.org>
8298Date: Tue Apr 23 19:25:00 2013 +1000
8299
8300 - djm@cvs.openbsd.org 2013/04/19 11:10:18
8301 [ssh.c]
8302 add -Q to usage; reminded by jmc@
8303
8304commit ea11119eee3c5e2429b1f5f8688b25b028fa991a
8305Author: Damien Miller <djm@mindrot.org>
8306Date: Tue Apr 23 19:24:32 2013 +1000
8307
8308 - djm@cvs.openbsd.org 2013/04/19 01:06:50
8309 [authfile.c cipher.c cipher.h kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c]
8310 [key.c key.h mac.c mac.h packet.c ssh.1 ssh.c]
8311 add the ability to query supported ciphers, MACs, key type and KEX
8312 algorithms to ssh. Includes some refactoring of KEX and key type handling
8313 to be table-driven; ok markus@
8314
8315commit a56086b9903b62c1c4fdedf01b68338fe4dc90e4
8316Author: Damien Miller <djm@mindrot.org>
8317Date: Tue Apr 23 15:24:18 2013 +1000
8318
8319 - djm@cvs.openbsd.org 2013/04/19 01:03:01
8320 [session.c]
8321 reintroduce 1.262 without the connection-killing bug:
8322 fatal() when ChrootDirectory specified by running without root privileges;
8323 ok markus@
8324
8325commit 0d6771b4648889ae5bc4235f9e3fc6cd82b710bd
8326Author: Damien Miller <djm@mindrot.org>
8327Date: Tue Apr 23 15:23:24 2013 +1000
8328
8329 - djm@cvs.openbsd.org 2013/04/19 01:01:00
8330 [ssh-keygen.c]
8331 fix some memory leaks; bz#2088 ok dtucker@
8332
8333commit 467b00c38ba244f9966466e57a89d003f3afb159
8334Author: Damien Miller <djm@mindrot.org>
8335Date: Tue Apr 23 15:23:07 2013 +1000
8336
8337 - djm@cvs.openbsd.org 2013/04/19 01:00:10
8338 [sshd_config.5]
8339 document the requirment that the AuthorizedKeysCommand be owned by root;
8340 ok dtucker@ markus@
8341
8342commit 9303e6527bb5ca7630c765f28624702c212bfd6c
8343Author: Damien Miller <djm@mindrot.org>
8344Date: Tue Apr 23 15:22:40 2013 +1000
8345
8346 - djm@cvs.openbsd.org 2013/04/18 02:16:07
8347 [sftp.c]
8348 make "sftp -q" do what it says on the sticker: hush everything but errors;
8349
8350commit f1a02aea35504e8bef2ed9eef6f9ddeab12bacb3
8351Author: Damien Miller <djm@mindrot.org>
8352Date: Tue Apr 23 15:22:13 2013 +1000
8353
8354 - dtucker@cvs.openbsd.org 2013/04/17 09:04:09
8355 [session.c]
8356 revert rev 1.262; it fails because uid is already set here. ok djm@
8357
8358commit d5edefd27a30768cc7a4817302e964b6cb2f9be7
8359Author: Damien Miller <djm@mindrot.org>
8360Date: Tue Apr 23 15:21:39 2013 +1000
8361
8362 - djm@cvs.openbsd.org 2013/04/11 02:27:50
8363 [packet.c]
8364 quiet disconnect notifications on the server from error() back to logit()
8365 if it is a normal client closure; bz#2057 ok+feedback dtucker@
8366
8367commit 6901032b05291fc5d2bd4067fc47904de3506fda
8368Author: Damien Miller <djm@mindrot.org>
8369Date: Tue Apr 23 15:21:24 2013 +1000
8370
8371 - dtucker@cvs.openbsd.org 2013/04/07 09:40:27
8372 [sshd.8]
8373 clarify -e text. suggested by & ok jmc@
8374
8375commit 03d4d7e60b16f913c75382e32e136ddfa8d6485f
8376Author: Damien Miller <djm@mindrot.org>
8377Date: Tue Apr 23 15:21:06 2013 +1000
8378
8379 - dtucker@cvs.openbsd.org 2013/04/07 02:10:33
8380 [log.c log.h ssh.1 ssh.c sshd.8 sshd.c]
8381 Add -E option to ssh and sshd to append debugging logs to a specified file
8382 instead of stderr or syslog. ok markus@, man page help jmc@
8383
8384commit 37f1c08473b1ef2a188ee178ce2e11e841f88563
8385Author: Damien Miller <djm@mindrot.org>
8386Date: Tue Apr 23 15:20:43 2013 +1000
8387
8388 - markus@cvs.openbsd.org 2013/04/06 16:07:00
8389 [channels.c sshd.c]
8390 handle ECONNABORTED for accept(); ok deraadt some time ago...
8391
8392commit 172859cff7df9fd8a29a1f0a4de568f644bbda50
8393Author: Damien Miller <djm@mindrot.org>
8394Date: Tue Apr 23 15:19:27 2013 +1000
8395
8396 - djm@cvs.openbsd.org 2013/04/05 00:58:51
8397 [mux.c]
8398 cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too
8399 (in addition to ones already in OPEN); bz#2079, ok dtucker@
8400
8401commit 9f12b5dcd5f7772e633fb2786c63bfcbea1f1aea
8402Author: Damien Miller <djm@mindrot.org>
8403Date: Tue Apr 23 15:19:11 2013 +1000
8404
8405 - djm@cvs.openbsd.org 2013/04/05 00:31:49
8406 [pathnames.h]
8407 use the existing _PATH_SSH_USER_RC define to construct the other
8408 pathnames; bz#2077, ok dtucker@ (no binary change)
8409
8410commit d677ad14ff7efedf21745ee1694058350e758e18
8411Author: Damien Miller <djm@mindrot.org>
8412Date: Tue Apr 23 15:18:51 2013 +1000
8413
8414 - djm@cvs.openbsd.org 2013/04/05 00:14:00
8415 [auth2-gss.c krl.c sshconnect2.c]
8416 hush some {unused, printf type} warnings
8417
8418commit 508b6c3d3b95c8ec078fd4801368597ab29b2db9
8419Author: Damien Miller <djm@mindrot.org>
8420Date: Tue Apr 23 15:18:28 2013 +1000
8421
8422 - djm@cvs.openbsd.org 2013/03/08 06:32:58
8423 [ssh.c]
8424 allow "ssh -f none ..." ok markus@
8425
8426commit 91a55f28f35431f9000b95815c343b5a18fda712
8427Author: Damien Miller <djm@mindrot.org>
8428Date: Tue Apr 23 15:18:10 2013 +1000
8429
8430 - markus@cvs.openbsd.org 2013/03/07 19:27:25
8431 [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5]
8432 add submethod support to AuthenticationMethods; ok and freedback djm@
8433
8434commit 4ce189d9108c62090a0dd5dea973d175328440db
8435Author: Damien Miller <djm@mindrot.org>
8436Date: Tue Apr 23 15:17:52 2013 +1000
8437
8438 - djm@cvs.openbsd.org 2013/03/07 00:19:59
8439 [auth2-pubkey.c monitor.c]
8440 reconstruct the original username that was sent by the client, which may
8441 have included a style (e.g. "root:skey") when checking public key
8442 signatures. Fixes public key and hostbased auth when the client specified
8443 a style; ok markus@
8444
8445commit 5cbec4c25954b184e43bf3d3ac09e65eb474f5f9
8446Author: Damien Miller <djm@mindrot.org>
8447Date: Tue Apr 23 15:17:12 2013 +1000
8448
8449 - djm@cvs.openbsd.org 2013/03/06 23:36:53
8450 [readconf.c]
8451 g/c unused variable (-Wunused)
8452
8453commit 998cc56b65682d490c9bbf5977dceb1aa84a0233
8454Author: Damien Miller <djm@mindrot.org>
8455Date: Tue Apr 23 15:16:43 2013 +1000
8456
8457 - djm@cvs.openbsd.org 2013/03/06 23:35:23
8458 [session.c]
8459 fatal() when ChrootDirectory specified by running without root privileges;
8460 ok markus@
8461
8462commit 62e9c4f9b6027620f9091a2f43328e057bdb33f1
8463Author: Damien Miller <djm@mindrot.org>
8464Date: Tue Apr 23 15:15:49 2013 +1000
8465
8466 - (djm) OpenBSD CVS Sync
8467 - markus@cvs.openbsd.org 2013/03/05 20:16:09
8468 [sshconnect2.c]
8469 reset pubkey order on partial success; ok djm@
8470
8471commit 6332da2ae88db623d7da8070dd807efa26d9dfe8
8472Author: Damien Miller <djm@mindrot.org>
8473Date: Tue Apr 23 14:25:52 2013 +1000
8474
8475 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
8476 platforms, such as Android, that lack struct passwd.pw_gecos. Report
8477 and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@
8478
8479commit ce1c9574fcfaf753a062276867335c1e237f725c
8480Author: Darren Tucker <dtucker@zip.com.au>
8481Date: Thu Apr 18 21:36:19 2013 +1000
8482
8483 - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from
8484 unused argument warnings (in particular, -fno-builtin-memset) from clang.
8485
8486commit bc68f2451b836e6a3fa65df8774a8b1f10049ded
8487Author: Damien Miller <djm@mindrot.org>
8488Date: Thu Apr 18 11:26:25 2013 +1000
8489
8490 - (djm) [config.guess config.sub] Update to last versions before they switch
8491 to GPL3. ok dtucker@
8492
8493commit 15fd19c4c9943cf02bc6f462d52c86ee6a8f422e
8494Author: Darren Tucker <dtucker@zip.com.au>
8495Date: Fri Apr 5 11:22:26 2013 +1100
8496
8497 - djm@cvs.openbsd.org 2013/02/22 22:09:01
8498 [ssh.c]
8499 Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
8500 version)
8501
8502commit 5d1d9541a7c83963cd887b6b36e25b46463a05d4
8503Author: Darren Tucker <dtucker@zip.com.au>
8504Date: Fri Apr 5 11:20:00 2013 +1100
8505
8506 - markus@cvs.openbsd.org 2013/02/22 19:13:56
8507 [sshconnect.c]
8508 support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
8509
8510commit aefa3682431f59cf1ad9a0f624114b135135aa44
8511Author: Darren Tucker <dtucker@zip.com.au>
8512Date: Fri Apr 5 11:18:35 2013 +1100
8513
8514 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
8515 [ssh.c readconf.c readconf.h]
8516 Don't complain if IdentityFiles specified in system-wide configs are
8517 missing. ok djm, deraadt
8518
8519commit f3c38142435622d056582e851579d8647a233c7f
8520Author: Darren Tucker <dtucker@zip.com.au>
8521Date: Fri Apr 5 11:16:52 2013 +1100
8522
8523 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
8524 [krl.c]
8525 Remove bogus include. ok djm
8526 (id sync only)
8527
8528commit 1910478c2d2c3d0e1edacaeff21ed388d70759e9
8529Author: Darren Tucker <dtucker@zip.com.au>
8530Date: Fri Apr 5 11:13:08 2013 +1100
8531
8532 - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
8533 [readconf.c ssh.c readconf.h sshconnect2.c]
8534 Keep track of which IndentityFile options were manually supplied and which
8535 were default options, and don't warn if the latter are missing.
8536 ok markus@
8537
8538commit c9627cdbc65b25da943f24e6a953da899f08eefc
8539Author: Darren Tucker <dtucker@zip.com.au>
8540Date: Mon Apr 1 12:40:48 2013 +1100
8541
8542 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
8543 to avoid conflicting definitions of __int64, adding the required bits.
8544 Patch from Corinna Vinschen.
8545
8546commit 75db01d2ce29a85f8e5a2aff2011446896cf3f8a
8547Author: Tim Rice <tim@multitalents.net>
8548Date: Fri Mar 22 10:14:32 2013 -0700
8549
8550 - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit.
8551
8552commit 221b4b2436ac78a65c3b775c25ccd396a1fed208
8553Author: Darren Tucker <dtucker@zip.com.au>
8554Date: Fri Mar 22 12:51:09 2013 +1100
8555
8556 - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before
8557 defining it again. Prevents warnings if someone, eg, sets it in CFLAGS.
8558
8559commit c8a0f27c6d761d1335d13ed84d773e9ddf1d95c8
8560Author: Darren Tucker <dtucker@zip.com.au>
8561Date: Fri Mar 22 12:49:14 2013 +1100
8562
8563 - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype.
8564
8565commit eed8dc261018aea4d6b8606ca3addc9f8cf9ed1e
8566Author: Damien Miller <djm@mindrot.org>
8567Date: Fri Mar 22 10:25:22 2013 +1100
8568
8569 - (djm) Release 6.2p1
8570
8571commit 83efe7c86168cc07b8e6cc6df6b54f7ace3b64a3
8572Author: Damien Miller <djm@mindrot.org>
8573Date: Fri Mar 22 10:17:36 2013 +1100
8574
8575 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
8576 Hands' greatly revised version.
8577
8578commit 63b4bcd04e1c57b77eabb4e4d359508a4b2af685
8579Author: Damien Miller <djm@mindrot.org>
8580Date: Wed Mar 20 12:55:14 2013 +1100
8581
8582 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
8583 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
8584 so mark it as broken. Patch from des AT des.no