summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2019-10-09 22:59:48 +0100
committerColin Watson <cjwatson@debian.org>2019-10-09 22:59:48 +0100
commit4213eec74e74de6310c27a40c3e9759a08a73996 (patch)
treee97a6dcafc6763aea7c804e4e113c2750cb1400d /ChangeLog
parent102062f825fb26a74295a1c089c00c4c4c76b68a (diff)
parentcdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff)
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog4934
1 files changed, 2531 insertions, 2403 deletions
diff --git a/ChangeLog b/ChangeLog
index fdc0a0619..baa9a3fb1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,2534 @@
1commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c
2Author: Damien Miller <djm@mindrot.org>
3Date: Wed Oct 9 11:31:03 2019 +1100
4
5 prepare for 8.1 release
6
7commit 3b4e56d740b74324e2d7542957cad5a11518f455
8Author: djm@openbsd.org <djm@openbsd.org>
9Date: Wed Oct 9 00:04:57 2019 +0000
10
11 upstream: openssh-8.1
12
13 OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
14
15commit 29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81
16Author: djm@openbsd.org <djm@openbsd.org>
17Date: Wed Oct 9 00:04:42 2019 +0000
18
19 upstream: fix an unreachable integer overflow similar to the XMSS
20
21 case, and some other NULL dereferences found by fuzzing.
22
23 fix with and ok markus@
24
25 OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
26
27commit a546b17bbaeb12beac4c9aeed56f74a42b18a93a
28Author: djm@openbsd.org <djm@openbsd.org>
29Date: Wed Oct 9 00:02:57 2019 +0000
30
31 upstream: fix integer overflow in XMSS private key parsing.
32
33 Reported by Adam Zabrocki via SecuriTeam's SSH program.
34
35 Note that this code is experimental and not compiled by default.
36
37 ok markus@
38
39 OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
40
41commit c2cc25480ba36ab48c1a577bebb12493865aad87
42Author: dtucker@openbsd.org <dtucker@openbsd.org>
43Date: Tue Oct 8 22:40:39 2019 +0000
44
45 upstream: Correct type for end-of-list sentinel; fixes initializer
46
47 warnings on some platforms. ok deraadt.
48
49 OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
50
51commit e827aedf8818e75c0016b47ed8fc231427457c43
52Author: djm@openbsd.org <djm@openbsd.org>
53Date: Mon Oct 7 23:10:38 2019 +0000
54
55 upstream: reversed test yielded incorrect debug message
56
57 OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
58
59commit 8ca491d29fbe26e5909ce22b344c0a848dc28d55
60Author: Damien Miller <djm@mindrot.org>
61Date: Tue Oct 8 17:05:57 2019 +1100
62
63 depend
64
65commit 86a0323374cbd404629e75bb320b3fa1c16aaa6b
66Author: Darren Tucker <dtucker@dtucker.net>
67Date: Wed Oct 9 09:36:06 2019 +1100
68
69 Make MAKE_CLONE no-op macro more correct.
70
71 Similar to the previous change to DEF_WEAK, some compilers don't like
72 the empty statement, so convert into a no-op function prototype.
73
74commit cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf
75Author: Damien Miller <djm@mindrot.org>
76Date: Wed Oct 9 09:06:35 2019 +1100
77
78 wrap stdint.h include in HAVE_STDINT_H
79
80 make the indenting a little more consistent too..
81
82 Fixes Solaris 2.6; reported by Tom G. Christensen
83
84commit 13b3369830a43b89a503915216a23816d1b25744
85Author: Damien Miller <djm@mindrot.org>
86Date: Tue Oct 8 15:32:02 2019 +1100
87
88 avoid "return (value)" in void-declared function
89
90 spotted by Tim Rice; ok dtucker
91
92commit 0c7f8d2326d812b371f7afd63aff846973ec80a4
93Author: Darren Tucker <dtucker@dtucker.net>
94Date: Tue Oct 8 14:44:50 2019 +1100
95
96 Make DEF_WEAK more likely to be correct.
97
98 Completely nop-ing out DEF_WEAK leaves an empty statemment which some
99 compilers don't like. Replace with a no-op function template. ok djm@
100
101commit b1e79ea8fae9c252399677a28707661d85c7d00c
102Author: dtucker@openbsd.org <dtucker@openbsd.org>
103Date: Sun Oct 6 11:49:50 2019 +0000
104
105 upstream: Instead of running sed over the whole log to remove CRs,
106
107 remove them only where it's needed (and confuses test(1) on at least OS X in
108 portable).
109
110 OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
111
112commit 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c
113Author: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
114Date: Tue May 9 13:33:30 2017 -0300
115
116 Enable specific ioctl call for EP11 crypto card (s390)
117
118 The EP11 crypto card needs to make an ioctl call, which receives an
119 specific argument. This crypto card is for s390 only.
120
121 Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
122
123commit 07f2c7f34951c04d2cd796ac6c80e47c56c4969e
124Author: djm@openbsd.org <djm@openbsd.org>
125Date: Fri Oct 4 04:31:59 2019 +0000
126
127 upstream: fix memory leak in error path; bz#3074 patch from
128
129 krishnaiah.bommu@intel.com, ok dtucker
130
131 OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
132
133commit b7fbc75e119170f4d15c94a7fda4a1050e0871d6
134Author: djm@openbsd.org <djm@openbsd.org>
135Date: Fri Oct 4 04:13:39 2019 +0000
136
137 upstream: space
138
139 OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
140
141commit 643ab68c79ac1644f4a31e36928c2bfc8a51db3c
142Author: djm@openbsd.org <djm@openbsd.org>
143Date: Fri Oct 4 03:39:19 2019 +0000
144
145 upstream: more sshsig regress tests: check key revocation, the
146
147 check-novalidate signature test mode and signing keys in ssh-agent.
148
149 From Sebastian Kinne (slightly tweaked)
150
151 OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
152
153commit 714031a10bbe378a395a93cf1040f4ee1451f45f
154Author: dtucker@openbsd.org <dtucker@openbsd.org>
155Date: Fri Oct 4 03:26:58 2019 +0000
156
157 upstream: Check for gmtime failure in moduli generation. Based on
158
159 patch from krishnaiah.bommu@intel.com, ok djm@
160
161 OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
162
163commit 6918974405cc28ed977f802fd97a9c9a9b2e141b
164Author: jmc@openbsd.org <jmc@openbsd.org>
165Date: Thu Oct 3 17:07:50 2019 +0000
166
167 upstream: use a more common options order in SYNOPSIS and sync
168
169 usage(); while here, no need for Bk/Ek;
170
171 ok dtucker
172
173 OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
174
175commit feff96b7d4c0b99307f0459cbff128aede4a8984
176Author: djm@openbsd.org <djm@openbsd.org>
177Date: Wed Oct 2 09:50:50 2019 +0000
178
179 upstream: thinko in previous; spotted by Mantas
180
181 =?UTF-8?q?=20Mikul=C4=97nas?=
182 MIME-Version: 1.0
183 Content-Type: text/plain; charset=UTF-8
184 Content-Transfer-Encoding: 8bit
185
186 OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
187
188commit b5a89eec410967d6b712665f8cf0cb632928d74b
189Author: djm@openbsd.org <djm@openbsd.org>
190Date: Wed Oct 2 08:07:13 2019 +0000
191
192 upstream: make signature format match PROTOCO
193
194 =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
195 =?UTF-8?q?s=20Mikul=C4=97nas?=
196 MIME-Version: 1.0
197 Content-Type: text/plain; charset=UTF-8
198 Content-Transfer-Encoding: 8bit
199
200 OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
201
202commit dc6f81ee94995deb11bbf7e19801022c5f6fd90a
203Author: djm@openbsd.org <djm@openbsd.org>
204Date: Wed Oct 2 08:05:50 2019 +0000
205
206 upstream: ban empty namespace strings for s
207
208 =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?=
209 MIME-Version: 1.0
210 Content-Type: text/plain; charset=UTF-8
211 Content-Transfer-Encoding: 8bit
212
213 OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
214
215commit fa5bd8107e0e2b3e1e184f55d0f9320c119f65f0
216Author: Darren Tucker <dtucker@dtucker.net>
217Date: Wed Oct 2 14:30:55 2019 +1000
218
219 Put ssherr.h back as it's actually needed.
220
221commit 3ef92a657444f172b61f92d5da66d94fa8265602
222Author: Lonnie Abelbeck <lonnie@abelbeck.com>
223Date: Tue Oct 1 09:05:09 2019 -0500
224
225 Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
226
227 New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt
228 in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
229
230commit edd1d3a6261aecbf9a55944fd7be1db83571b46e
231Author: Damien Miller <djm@mindrot.org>
232Date: Wed Oct 2 10:54:28 2019 +1000
233
234 remove duplicate #includes
235
236 Prompted by Jakub Jelen
237
238commit 13c508dfed9f25e6e54c984ad00a74ef08539e70
239Author: Damien Miller <djm@mindrot.org>
240Date: Wed Oct 2 10:51:15 2019 +1000
241
242 typo in comment
243
244commit d0c3ac427f6c52b872d6617421421dd791664445
245Author: djm@openbsd.org <djm@openbsd.org>
246Date: Wed Oct 2 00:42:30 2019 +0000
247
248 upstream: remove some duplicate #includes
249
250 OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
251
252commit 084682786d9275552ee93857cb36e43c446ce92c
253Author: djm@openbsd.org <djm@openbsd.org>
254Date: Tue Oct 1 10:22:53 2019 +0000
255
256 upstream: revert unconditional forced login implemented in r1.41 of
257
258 ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
259 token returns no objects and this is less disruptive for users of tokens
260 directly in ssh (rather than via ssh-agent) and in ssh-keygen
261
262 bz3006, patch from Jakub Jelen; ok markus
263
264 OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
265
266commit 6c91d42cce3f055917dc3fd2c305dfc5b3b584b3
267Author: jmc@openbsd.org <jmc@openbsd.org>
268Date: Sun Sep 29 16:31:57 2019 +0000
269
270 upstream: group and sort single letter options; ok deraadt
271
272 OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
273
274commit 3b44bf39ff4d7ef5d50861e2e9dda62d2926d2fe
275Author: jmc@openbsd.org <jmc@openbsd.org>
276Date: Fri Sep 27 20:03:24 2019 +0000
277
278 upstream: fix the DH-GEX text in -a; because this required a comma,
279
280 i added a comma to the first part, for balance...
281
282 OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
283
284commit 3e53ef28fab53094e3b19622ba0e9c3d5fe71273
285Author: deraadt@openbsd.org <deraadt@openbsd.org>
286Date: Tue Sep 24 12:50:46 2019 +0000
287
288 upstream: identity_file[] should be PATH_MAX, not the arbitrary
289
290 number 1024
291
292 OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
293
294commit 90d4b2541e8c907793233d9cbd4963f7624f4174
295Author: jmc@openbsd.org <jmc@openbsd.org>
296Date: Fri Sep 20 18:50:58 2019 +0000
297
298 upstream: new sentence, new line;
299
300 OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
301
302commit fbec7dba01b70b49ac47f56031310865dff86200
303Author: Darren Tucker <dtucker@dtucker.net>
304Date: Mon Sep 30 18:01:12 2019 +1000
305
306 Include stdio.h for snprintf.
307
308 Patch from vapier@gentoo.org.
309
310commit 0a403bfde71c4b82147473298d3a60b4171468bd
311Author: Darren Tucker <dtucker@dtucker.net>
312Date: Mon Sep 30 14:11:42 2019 +1000
313
314 Add SKIP_LTESTS for skipping specific tests.
315
316commit 4d59f7a5169c451ebf559aedec031ac9da2bf80c
317Author: dtucker@openbsd.org <dtucker@openbsd.org>
318Date: Fri Sep 27 05:25:12 2019 +0000
319
320 upstream: Test for empty result in expected bits. Remove CRs from log
321
322 as they confuse tools on some platforms. Re-enable the 3des-cbc test.
323
324 OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
325
326commit 7c817d129e2d48fc8a6f7965339313023ec45765
327Author: Darren Tucker <dtucker@dtucker.net>
328Date: Fri Sep 27 15:26:22 2019 +1000
329
330 Re-enable dhgex test.
331
332 Since we've added larger fallback groups to dh.c this test will pass
333 even if there is no moduli file installed on the system.
334
335commit c1e0a32fa852de6d1c82ece4f76add0ab0ca0eae
336Author: Darren Tucker <dtucker@dtucker.net>
337Date: Tue Sep 24 21:17:20 2019 +1000
338
339 Add more ToS bits, currently only used by netcat.
340
341commit 5a273a33ca1410351cb484af7db7c13e8b4e8e4e
342Author: Darren Tucker <dtucker@dtucker.net>
343Date: Thu Sep 19 15:41:23 2019 +1000
344
345 Privsep is now required.
346
347commit 8aa2aa3cd4d27d14e74b247c773696349472ef20
348Author: djm@openbsd.org <djm@openbsd.org>
349Date: Mon Sep 16 03:23:02 2019 +0000
350
351 upstream: Allow testing signature syntax and validity without verifying
352
353 that a signature came from a trusted signer. To discourage accidental or
354 unintentional use, this is invoked by the deliberately ugly option name
355 "check-novalidate"
356
357 from Sebastian Kinne
358
359 OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
360
361commit 7047d5afe3103f0f07966c05b810682d92add359
362Author: djm@openbsd.org <djm@openbsd.org>
363Date: Fri Sep 13 04:52:34 2019 +0000
364
365 upstream: clarify that IdentitiesOnly also applies to the default
366
367 ~/.ssh/id_* keys; bz#3062
368
369 OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
370
371commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75
372Author: dtucker@openbsd.org <dtucker@openbsd.org>
373Date: Fri Sep 13 04:36:43 2019 +0000
374
375 upstream: Plug mem leaks on error paths, based in part on github
376
377 pr#120 from David Carlier. ok djm@.
378
379 OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
380
381commit 2aefdf1aef906cf7548a2e5927d35aacb55948d4
382Author: djm@openbsd.org <djm@openbsd.org>
383Date: Fri Sep 13 04:31:19 2019 +0000
384
385 upstream: whitespace
386
387 OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
388
389commit fbe24b142915331ceb2a3a76be3dc5b6d204fddf
390Author: djm@openbsd.org <djm@openbsd.org>
391Date: Fri Sep 13 04:27:35 2019 +0000
392
393 upstream: allow %n to be expanded in ProxyCommand strings
394
395 From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
396 ok dtucker@
397
398 OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
399
400commit 2ce1d11600e13bee0667d6b717ffcc18a057b821
401Author: djm@openbsd.org <djm@openbsd.org>
402Date: Fri Sep 13 04:07:42 2019 +0000
403
404 upstream: clarify that ConnectTimeout applies both to the TCP
405
406 connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
407 Github PR140
408
409 OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
410
411commit df780114278f406ef7cb2278802a2660092fff09
412Author: dtucker@openbsd.org <dtucker@openbsd.org>
413Date: Mon Sep 9 02:31:19 2019 +0000
414
415 upstream: Fix potential truncation warning. ok deraadt.
416
417 OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
418
419commit ec0e6243660bf2df30c620a6a0d83eded376c9c6
420Author: Damien Miller <djm@mindrot.org>
421Date: Fri Sep 13 13:14:39 2019 +1000
422
423 memleak of buffer in sshpam_query
424
425 coverity report via Ed Maste; ok dtucker@
426
427commit c17e4638e5592688264fc0349f61bfc7b4425aa5
428Author: Damien Miller <djm@mindrot.org>
429Date: Fri Sep 13 13:12:42 2019 +1000
430
431 explicitly test set[ug]id() return values
432
433 Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
434 ok dtucker@
435
436commit 91a2135f32acdd6378476c5bae475a6e7811a6a2
437Author: naddy@openbsd.org <naddy@openbsd.org>
438Date: Fri Sep 6 14:45:34 2019 +0000
439
440 upstream: Allow prepending a list of algorithms to the default set
441
442 by starting the list with the '^' character, e.g.
443
444 HostKeyAlgorithms ^ssh-ed25519
445 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
446
447 ok djm@ dtucker@
448
449 OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
450
451commit c8bdd2db77ac2369d5cdee237656f266c8f41552
452Author: djm@openbsd.org <djm@openbsd.org>
453Date: Fri Sep 6 07:53:40 2019 +0000
454
455 upstream: key conversion should fail for !openssl builds, not fall
456
457 through to the key generation code
458
459 OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
460
461commit 823f6c37eb2d8191d45539f7b6fa877a4cb4ed3d
462Author: djm@openbsd.org <djm@openbsd.org>
463Date: Fri Sep 6 06:08:11 2019 +0000
464
465 upstream: typo in previous
466
467 OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
468
469commit 6a710d3e06fd375e2c2ae02546b9541c488a2cdb
470Author: Damien Miller <djm@mindrot.org>
471Date: Sun Sep 8 14:48:11 2019 +1000
472
473 needs time.h for --without-openssl
474
475commit f61f29afda6c71eda26effa54d3c2e5306fd0833
476Author: Damien Miller <djm@mindrot.org>
477Date: Sat Sep 7 19:25:00 2019 +1000
478
479 make unittests pass for no-openssl case
480
481commit 105e1c9218940eb53473f55a9177652d889ddbad
482Author: djm@openbsd.org <djm@openbsd.org>
483Date: Fri Sep 6 05:59:41 2019 +0000
484
485 upstream: avoid compiling certain files that deeply depend on
486
487 libcrypto when WITH_OPENSSL isn't set
488
489 OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
490
491commit 670104b923dd97b1c06c0659aef7c3e52af571b2
492Author: djm@openbsd.org <djm@openbsd.org>
493Date: Fri Sep 6 05:23:55 2019 +0000
494
495 upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
496
497 OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
498
499commit be02d7cbde3d211ec2ed2320a1f7d86b2339d758
500Author: djm@openbsd.org <djm@openbsd.org>
501Date: Fri Sep 6 04:53:27 2019 +0000
502
503 upstream: lots of things were relying on libcrypto headers to
504
505 transitively include various system headers (mostly stdlib.h); include them
506 explicitly
507
508 OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
509
510commit d05aaaaadcad592abfaa44540928e0c61ef72ebb
511Author: djm@openbsd.org <djm@openbsd.org>
512Date: Fri Sep 6 03:30:42 2019 +0000
513
514 upstream: remove leakmalloc reference; we used this early when
515
516 refactoring but not since
517
518 OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
519
520commit 1268f0bcd8fc844ac6c27167888443c8350005eb
521Author: dtucker@openbsd.org <dtucker@openbsd.org>
522Date: Fri Sep 6 04:24:06 2019 +0000
523
524 upstream: Check for RSA support before using it for the user key,
525
526 otherwise use ed25519 which is supported when built without OpenSSL.
527
528 OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
529
530commit fd7a2dec652b9efc8e97f03f118f935dce732c60
531Author: Darren Tucker <dtucker@dtucker.net>
532Date: Fri Sep 6 14:07:10 2019 +1000
533
534 Provide explicit path to configure-check.
535
536 On some platforms (at least OpenBSD) make won't search VPATH for target
537 files, so building out-of-tree will fail at configure-check. Provide
538 explicit path. ok djm@
539
540commit 00865c29690003b4523cc09a0e104724b9f911a4
541Author: djm@openbsd.org <djm@openbsd.org>
542Date: Fri Sep 6 01:58:50 2019 +0000
543
544 upstream: better error code for bad arguments; inspired by
545
546 OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
547
548commit afdf27f5aceb4973b9f5308f4310c6e3fd8db1fb
549Author: Damien Miller <djm@mindrot.org>
550Date: Thu Sep 5 21:38:40 2019 +1000
551
552 revert config.h/config.h.in freshness checks
553
554 turns out autoreconf and configure don't touch some files if their content
555 doesn't change, so the mtime can't be relied upon in a makefile rule
556
557commit a97609e850c57bd2cc2fe7e175fc35cb865bc834
558Author: Damien Miller <djm@mindrot.org>
559Date: Thu Sep 5 20:54:39 2019 +1000
560
561 extend autoconf freshness test
562
563 make it cover config.h.in and config.h separately
564
565commit 182297c10edb21c4856c6a38326fd04d81de41a5
566Author: Damien Miller <djm@mindrot.org>
567Date: Thu Sep 5 20:34:54 2019 +1000
568
569 check that configure/config.h is up to date
570
571 Ensure they are newer than the configure.ac / aclocal.m4 source
572
573commit 7d6034bd020248e9fc0f8c39c71c858debd0d0c1
574Author: djm@openbsd.org <djm@openbsd.org>
575Date: Thu Sep 5 10:05:51 2019 +0000
576
577 upstream: if a PKCS#11 token returns no keys then try to login and
578
579 refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@
580
581 OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
582
583commit 76f09bd95917862101b740afb19f4db5ccc752bf
584Author: djm@openbsd.org <djm@openbsd.org>
585Date: Thu Sep 5 09:35:19 2019 +0000
586
587 upstream: sprinkle in some explicit errors here, otherwise the
588
589 percolate all the way up to dispatch_run_fatal() and lose all meaninful
590 context
591
592 to help with bz#3063; ok dtucker@
593
594 OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
595
596commit 0ea332497b2b2fc3995f72f6bafe9d664c0195b3
597Author: djm@openbsd.org <djm@openbsd.org>
598Date: Thu Sep 5 09:25:13 2019 +0000
599
600 upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker
601
602 OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
603
604commit f23d91f9fa7f6f42e70404e000fac88aebfe3076
605Author: jmc@openbsd.org <jmc@openbsd.org>
606Date: Thu Sep 5 05:47:23 2019 +0000
607
608 upstream: macro fix; ok djm
609
610 OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e
611
612commit 8b57337c1c1506df2bb9f039d0628a6de618566b
613Author: Damien Miller <djm@mindrot.org>
614Date: Thu Sep 5 15:46:39 2019 +1000
615
616 update fuzzing makefile to more recent clang
617
618commit ae631ad77daf8fd39723d15a687cd4b1482cbae8
619Author: Damien Miller <djm@mindrot.org>
620Date: Thu Sep 5 15:45:32 2019 +1000
621
622 fuzzer for sshsig allowed_signers option parsing
623
624commit 69159afe24120c97e5ebaf81016c85968afb903e
625Author: djm@openbsd.org <djm@openbsd.org>
626Date: Thu Sep 5 05:42:59 2019 +0000
627
628 upstream: memleak on error path; found by libfuzzer
629
630 OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
631
632commit bab6feb01f9924758ca7129dba708298a53dde5f
633Author: djm@openbsd.org <djm@openbsd.org>
634Date: Thu Sep 5 04:55:32 2019 +0000
635
636 upstream: expose allowed_signers options parsing code in header for
637
638 fuzzing
639
640 rename to make more consistent with philosophically-similar auth
641 options parsing API.
642
643 OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
644
645commit 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b
646Author: naddy@openbsd.org <naddy@openbsd.org>
647Date: Wed Sep 4 20:31:15 2019 +0000
648
649 upstream: Call comma-separated lists as such to clarify semantics.
650
651 Options such as Ciphers take values that may be a list of ciphers; the
652 complete list, not indiviual elements, may be prefixed with a dash or plus
653 character to remove from or append to the default list, respectively.
654
655 Users might read the current text as if each elment took an optional prefix,
656 so tweak the wording from "values" to "list" to prevent such ambiguity for
657 all options supporting these semantics.
658
659 Fix instances missed in first commit. ok jmc@ kn@
660
661 OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
662
663commit db1e6f60f03641b2d17e0ab062242609f4ed4598
664Author: jmc@openbsd.org <jmc@openbsd.org>
665Date: Wed Sep 4 05:56:54 2019 +0000
666
667 upstream: tweak previous;
668
669 OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
670
671commit 0f44e5956c7c816f6600f2a47be4d7bb5a8d711d
672Author: naddy@openbsd.org <naddy@openbsd.org>
673Date: Tue Sep 3 20:51:49 2019 +0000
674
675 upstream: repair typo and editing mishap
676
677 OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
678
679commit f4846dfc6a79f84bbc6356ae3184f142bacedc24
680Author: Damien Miller <djm@mindrot.org>
681Date: Thu Sep 5 11:09:28 2019 +1000
682
683 Fuzzer harness for sshsig
684
685commit b08a6bc1cc7750c6f8a425d1cdbd86552fffc637
686Author: Damien Miller <djm@mindrot.org>
687Date: Tue Sep 3 18:45:42 2019 +1000
688
689 oops; missed including the actual file
690
691commit 1a72c0dd89f09754df443c9576dde624a17d7dd0
692Author: Damien Miller <djm@mindrot.org>
693Date: Tue Sep 3 18:44:10 2019 +1000
694
695 portability fixes for sshsig
696
697commit 6d6427d01304d967e58544cf1c71d2b4394c0522
698Author: djm@openbsd.org <djm@openbsd.org>
699Date: Tue Sep 3 08:37:45 2019 +0000
700
701 upstream: regress test for sshsig; feedback and ok markus@
702
703 OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b
704
705commit 59650f0eaf65115afe04c39abfb93a4fc994ec55
706Author: djm@openbsd.org <djm@openbsd.org>
707Date: Tue Sep 3 08:37:06 2019 +0000
708
709 upstream: only add plain keys to prevent any certs laying around
710
711 from confusing the test.
712
713 OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f
714
715commit d637c4aee6f9b5280c13c020d7653444ac1fcaa5
716Author: djm@openbsd.org <djm@openbsd.org>
717Date: Tue Sep 3 08:35:27 2019 +0000
718
719 upstream: sshsig tweaks and improvements from and suggested by
720
721 Markus
722
723 ok markus/me
724
725 OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
726
727commit 2a9c9f7272c1e8665155118fe6536bebdafb6166
728Author: djm@openbsd.org <djm@openbsd.org>
729Date: Tue Sep 3 08:34:19 2019 +0000
730
731 upstream: sshsig: lightweight signature and verification ability
732
733 for OpenSSH
734
735 This adds a simple manual signature scheme to OpenSSH.
736 Signatures can be made and verified using ssh-keygen -Y sign|verify
737
738 Signatures embed the key used to make them. At verification time, this
739 is matched via principal name against an authorized_keys-like list
740 of allowed signers.
741
742 Mostly by Sebastian Kinne w/ some tweaks by me
743
744 ok markus@
745
746 OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
747
748commit 5485f8d50a5bc46aeed829075ebf5d9c617027ea
749Author: djm@openbsd.org <djm@openbsd.org>
750Date: Tue Sep 3 08:32:11 2019 +0000
751
752 upstream: move authorized_keys option parsing helpsers to misc.c
753
754 and make them public; ok markus@
755
756 OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
757
758commit f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
759Author: djm@openbsd.org <djm@openbsd.org>
760Date: Tue Sep 3 08:31:20 2019 +0000
761
762 upstream: make get_sigtype public as sshkey_get_sigtype(); ok
763
764 markus@
765
766 OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
767
768commit dd8002fbe63d903ffea5be7b7f5fc2714acab4a0
769Author: djm@openbsd.org <djm@openbsd.org>
770Date: Tue Sep 3 08:30:47 2019 +0000
771
772 upstream: move advance_past_options to authfile.c and make it
773
774 public; ok markus@
775
776 OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
777
778commit c72d78ccbe642e08591a626e5de18381489716e0
779Author: djm@openbsd.org <djm@openbsd.org>
780Date: Tue Sep 3 08:29:58 2019 +0000
781
782 upstream: move skip_space() to misc.c and make it public; ok
783
784 markus@
785
786 OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
787
788commit 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5
789Author: djm@openbsd.org <djm@openbsd.org>
790Date: Tue Sep 3 08:29:15 2019 +0000
791
792 upstream: authfd: add function to check if key is in agent
793
794 This commit adds a helper function which allows the caller to
795 check if a given public key is present in ssh-agent.
796
797 work by Sebastian Kinne; ok markus@
798
799 OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
800
801commit 2ab5a8464870cc4b29ddbe849bbbc255729437bf
802Author: djm@openbsd.org <djm@openbsd.org>
803Date: Tue Sep 3 08:28:30 2019 +0000
804
805 upstream: fix memleak in ssh_free_identitylist(); ok markus@
806
807 OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
808
809commit 85443f165b4169b2a448b3e24bc1d4dc5b3156a4
810Author: djm@openbsd.org <djm@openbsd.org>
811Date: Tue Sep 3 08:27:52 2019 +0000
812
813 upstream: factor out confirm_overwrite(); ok markus@
814
815 OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400
816
817commit 9a396e33685633581c67d5ad9664570ef95281f2
818Author: djm@openbsd.org <djm@openbsd.org>
819Date: Mon Sep 2 23:46:46 2019 +0000
820
821 upstream: constify an argument
822
823 OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b
824
825commit b52c0c2e64988277a35a955a474d944967059aeb
826Author: djm@openbsd.org <djm@openbsd.org>
827Date: Mon Sep 2 00:19:25 2019 +0000
828
829 upstream: downgrade PKCS#11 "provider returned no slots" warning
830
831 from log level error to debug. This is common when attempting to enumerate
832 keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@
833
834 OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6
835
836commit 0713322e18162463c5ab5ddfb9f935055ca775d8
837Author: djm@openbsd.org <djm@openbsd.org>
838Date: Sun Sep 1 23:47:32 2019 +0000
839
840 upstream: print comment when printing pubkey from private
841
842 bz#3052; ok dtucker
843
844 OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914
845
846commit 368f1cc2fbd6ad10c66bc1b67c2c04aebf8a04a8
847Author: Damien Miller <djm@mindrot.org>
848Date: Mon Sep 2 10:28:42 2019 +1000
849
850 fixed test in OSX closefrom() replacement
851
852 from likan_999.student AT sina.com
853
854commit 6b7c53498def19a14dd9587bf521ab6dbee8988f
855Author: Damien Miller <djm@mindrot.org>
856Date: Mon Sep 2 10:22:02 2019 +1000
857
858 retain Solaris PRIV_FILE_LINK_ANY in sftp-server
859
860 Dropping this privilege removes the ability to create hard links to
861 files owned by other users. This is required for the legacy sftp rename
862 operation.
863
864 bz#3036; approach ok Alex Wilson (the original author of the Solaris
865 sandbox/pledge replacement code)
866
867commit e50f808712393e86d69e42e9847cdf8d473412d7
868Author: dtucker@openbsd.org <dtucker@openbsd.org>
869Date: Fri Aug 30 05:08:28 2019 +0000
870
871 upstream: Use ed25519 for most hostkey rotation tests since it's
872
873 supported even when built without OpenSSL. Use RSA for the secondary type
874 test if supported, otherwise skip it. Fixes this test for !OpenSSL builds.
875
876 OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
877
878commit 5e4796c47dd8d6c38fb2ff0b3e817525fed6040d
879Author: bluhm@openbsd.org <bluhm@openbsd.org>
880Date: Thu Aug 22 21:47:27 2019 +0000
881
882 upstream: Test did not compile due to missing symbols. Add source
883
884 sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl
885
886 OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5
887
888commit e0e7e3d0e26f2c30697e6d0cfc293414908963c7
889Author: Damien Miller <djm@mindrot.org>
890Date: Fri Aug 30 14:26:19 2019 +1000
891
892 tweak warning flags
893
894 Enable -Wextra if compiler supports it
895
896 Set -Wno-error=format-truncation if available to prevent expected
897 string truncations in openbsd-compat from breaking -Werror builds
898
899commit 28744182cf90e0073b76a9e98de58a47e688b2c4
900Author: Damien Miller <djm@mindrot.org>
901Date: Fri Aug 30 13:21:38 2019 +1000
902
903 proc_pidinfo()-based closefrom() for OS X
904
905 Refactor closefrom() to use a single brute-force close() loop fallback.
906
907 Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
908
909commit dc2ca588144f088a54febebfde3414568dc73d5f
910Author: kn@openbsd.org <kn@openbsd.org>
911Date: Fri Aug 16 11:16:32 2019 +0000
912
913 upstream: Call comma-separated lists as such to clarify semantics
914
915 Options such as Ciphers take values that may be a list of ciphers; the
916 complete list, not indiviual elements, may be prefixed with a dash or plus
917 character to remove from or append to the default list respectively.
918
919 Users might read the current text as if each elment took an optional prefix,
920 so tweak the wording from "values" to "list" to prevent such ambiguity for
921 all options supporting this semantics (those that provide a list of
922 available elements via "ssh -Q ...").
923
924 Input and OK jmc
925
926 OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57
927
928commit c4736f39e66729ce2bf5b06ee6b391e092b48f47
929Author: djm@openbsd.org <djm@openbsd.org>
930Date: Fri Aug 16 06:35:27 2019 +0000
931
932 upstream: include sshbuf-misc.c in SRCS_BASE
933
934 OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474
935
936commit d0e51810f332fe44ebdba41113aacf319d35f5a5
937Author: Darren Tucker <dtucker@dtucker.net>
938Date: Sat Aug 24 15:12:11 2019 +1000
939
940 Fix pasto in fallback code.
941
942 There is no parameter called "pathname", it should simply be "path".
943 bz#3059, patch from samuel at cendio.se.
944
945commit e83c989bfd9fc9838b7dfb711d1dc6da81814045
946Author: Damien Miller <djm@mindrot.org>
947Date: Fri Aug 23 10:19:30 2019 +1000
948
949 use SC_ALLOW_ARG_MASK to limit mmap protections
950
951 Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
952
953commit f6906f9bf12c968debec3671bbf19926ff8a235b
954Author: Damien Miller <djm@mindrot.org>
955Date: Fri Aug 23 10:08:48 2019 +1000
956
957 allow mprotect(2) with PROT_(READ|WRITE|NONE) only
958
959 Used by some hardened heap allocators. Requested by Yegor
960 Timoshenko in https://github.com/openssh/openssh-portable/pull/142
961
962commit e3b6c966b79c3ea5d51b923c3bbdc41e13b96ea0
963Author: djm@openbsd.org <djm@openbsd.org>
964Date: Fri Aug 16 06:13:15 2019 +0000
965
966 upstream: switch percent_expand() to use sshbuf instead of a limited
967
968 fixed buffer; ok markus@
969
970 OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
971
972commit 9ab5b9474779ac4f581d402ae397f871ed16b383
973Author: djm@openbsd.org <djm@openbsd.org>
974Date: Fri Aug 9 05:05:54 2019 +0000
975
976 upstream: produce a useful error message if the user's shell is set
977
978 incorrectly during "match exec" processing. bz#2791 reported by Dario
979 Bertini; ok dtucker
980
981 OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d
982
983commit 8fdbc7247f432578abaaca1b72a0dbf5058d67e5
984Author: dtucker@openbsd.org <dtucker@openbsd.org>
985Date: Fri Aug 9 04:24:03 2019 +0000
986
987 upstream: Change description of TCPKeepAlive from "inactive" to
988
989 "unresponsive" to clarify what it checks for. Patch from jblaine at
990 kickflop.net via github pr#129, ok djm@.
991
992 OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9
993
994commit 7afc45c3ed72672690014dc432edc223b23ae288
995Author: dtucker@openbsd.org <dtucker@openbsd.org>
996Date: Thu Aug 8 08:02:57 2019 +0000
997
998 upstream: Allow the maximimum uint32 value for the argument passed to
999
1000 -b which allows better error messages from later validation. bz#3050, ok
1001 djm@
1002
1003 OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673
1004
1005commit c31e4f5fb3915c040061981a67224de7650ab34b
1006Author: naddy@openbsd.org <naddy@openbsd.org>
1007Date: Mon Aug 5 21:45:27 2019 +0000
1008
1009 upstream: Many key types are supported now, so take care to check
1010
1011 the size restrictions and apply the default size only to the matching key
1012 type. tweak and ok dtucker@
1013
1014 OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
1015
1016commit 6b39a7b49ebacec4e70e24bfc8ea2f11057aac22
1017Author: dtucker@openbsd.org <dtucker@openbsd.org>
1018Date: Mon Aug 5 11:50:33 2019 +0000
1019
1020 upstream: Remove now-redundant perm_ok arg since
1021
1022 sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
1023 case. Patch from jitendra.sharma at intel.com, ok djm@
1024
1025 OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
1026
1027commit d46075b923bf25e6f25959a3f5b458852161cb3e
1028Author: Darren Tucker <dtucker@dtucker.net>
1029Date: Mon Aug 5 21:36:48 2019 +1000
1030
1031 Fix mem leak in unit test.
1032
1033 Patch from jitendra.sharma at intel.com.
1034
1035commit c4ffb72593c08921cf9291bc05a5ef1d0aaa6891
1036Author: djm@openbsd.org <djm@openbsd.org>
1037Date: Fri Aug 2 01:41:24 2019 +0000
1038
1039 upstream: fix some memleaks in test_helper code
1040
1041 bz#3037 from Jitendra Sharma
1042
1043 OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
1044
1045commit 6e76e69dc0c7712e9ac599af34bd091b0e7dcdb5
1046Author: djm@openbsd.org <djm@openbsd.org>
1047Date: Fri Aug 2 01:23:19 2019 +0000
1048
1049 upstream: typo; from Christian Hesse
1050
1051 OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3
1052
1053commit 49fa065a1bfaeb88a59abdfa4432d3b9c35b0655
1054Author: djm@openbsd.org <djm@openbsd.org>
1055Date: Tue Jul 30 05:04:49 2019 +0000
1056
1057 upstream: let sshbuf_find/cmp take a void* for the
1058
1059 search/comparison argument, instead of a u_char*. Saves callers needing to
1060 cast.
1061
1062 OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed
1063
1064commit 7adf6c430d6fc17901e167bc0789d31638f5c2f8
1065Author: mestre@openbsd.org <mestre@openbsd.org>
1066Date: Wed Jul 24 08:57:00 2019 +0000
1067
1068 upstream: When using a combination of a Yubikey+GnuPG+remote
1069
1070 forwarding the gpg-agent (and options ControlMaster+RemoteForward in
1071 ssh_config(5)) then the codepath taken will call mux_client_request_session
1072 -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
1073 then pledge(2) kills the process.
1074
1075 The solution is to add "sendfd" to pledge(2), which is not too bad considering
1076 a little bit later we reduce pledge(2) to only "stdio proc tty" in that
1077 codepath.
1078
1079 Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
1080
1081 OK deraadt@
1082
1083 OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
1084
1085commit 0e2fe18acc1da853a9120c2e9af68e8d05e6503e
1086Author: dtucker@openbsd.org <dtucker@openbsd.org>
1087Date: Tue Jul 23 23:06:57 2019 +0000
1088
1089 upstream: Fix typo in CASignatureAlgorithms wherein what should be
1090
1091 a comma is a dot. Patch from hnj2 via github pr#141.
1092
1093 OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0
1094
1095commit e93ffd1a19fc47c49d68ae2fb332433690ecd389
1096Author: Darren Tucker <dtucker@dtucker.net>
1097Date: Mon Jul 29 16:04:01 2019 +1000
1098
1099 Report success of individual tests as well as all.
1100
1101 This puts the "all tests passed" message back at the end where the
1102 test harnesses can find it.
1103
1104commit 2ad5b36b18bddf2965fe60384c29b3f1d451b4ed
1105Author: Damien Miller <djm@mindrot.org>
1106Date: Mon Jul 29 09:49:23 2019 +1000
1107
1108 convert to UTF-8; from Mike Frysinger
1109
1110commit d31e7c937ba0b97534f373cf5dea34675bcec602
1111Author: dtucker@openbsd.org <dtucker@openbsd.org>
1112Date: Fri Jul 26 04:22:21 2019 +0000
1113
1114 upstream: Restrict limit-keytype to types supported by build. This
1115
1116 means we have to skip a couple tests when only one key type is supported.
1117
1118 OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
1119
1120commit 0967a233b8a28907ae8a4a6773c89f21d2ace11b
1121Author: Darren Tucker <dtucker@dtucker.net>
1122Date: Thu Jul 25 18:36:28 2019 +1000
1123
1124 Remove override disabling DH-GEX.
1125
1126 The DH-GEX override doesn't work when build without OpenSSL, and
1127 we'll prefer curve25519 these days, removing the need for it.
1128
1129commit 061407efc19b41ab4a7485e5adcff2a12befacdb
1130Author: dtucker@openbsd.org <dtucker@openbsd.org>
1131Date: Thu Jul 25 09:17:35 2019 +0000
1132
1133 upstream: Only use supported key types during KRL test, preferring
1134
1135 ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.
1136
1137 OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
1138
1139commit 47f8ff1fa5b76790c1d785815fd13ee6009f8012
1140Author: dtucker@openbsd.org <dtucker@openbsd.org>
1141Date: Thu Jul 25 08:48:11 2019 +0000
1142
1143 upstream: Switch keys-command test from rsa to ed25519 since it's
1144
1145 supported for both OpenSSL and non-OpenSSL builds.
1146
1147 OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a
1148
1149commit 1e94afdfa8df774ab7dd3bad52912b636dc31bbd
1150Author: dtucker@openbsd.org <dtucker@openbsd.org>
1151Date: Thu Jul 25 08:28:15 2019 +0000
1152
1153 upstream: Make certificate tests work with the supported key
1154
1155 algorithms. Allows tests to pass when built without OpenSSL.
1156
1157 OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc
1158
1159commit 26bf693661a48b97b6023f702b2af643676ac21a
1160Author: dtucker@openbsd.org <dtucker@openbsd.org>
1161Date: Tue Jul 23 13:49:14 2019 +0000
1162
1163 upstream: Construct list of key types to test based on the types
1164
1165 supported by the binaries.
1166
1167 OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62
1168
1169commit 773c55b3d1230e8f7714a1b33873c37b85049c74
1170Author: dtucker@openbsd.org <dtucker@openbsd.org>
1171Date: Tue Jul 23 13:32:48 2019 +0000
1172
1173 upstream: Only use DSA key type in tests if binaries support it.
1174
1175 OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96
1176
1177commit 159e987a54d92ccd73875e7581ffc64e8927a715
1178Author: Darren Tucker <dtucker@dtucker.net>
1179Date: Wed Jul 24 14:21:19 2019 +1000
1180
1181 Split test targets further.
1182
1183 Splits test into file-tests, t-exec, unit and interop-tests and their
1184 respective dependencies. Should allow running any set individually
1185 without having to build the other dependencies that are not needed
1186 for that specific test.
1187
1188commit 520d4550a2470106d63e30079bb05ce82f3a4f7d
1189Author: Darren Tucker <dtucker@dtucker.net>
1190Date: Wed Jul 24 11:20:18 2019 +1000
1191
1192 Add lib dependencies for regress binary targets.
1193
1194commit 4e8d0dd78d5f6142841a07dc8b8c6b4730eaf587
1195Author: Darren Tucker <dtucker@dtucker.net>
1196Date: Wed Jul 24 00:12:51 2019 +1000
1197
1198 Make "unit" a dependency of "test".
1199
1200commit 4317b2a0480e293e58ba115e47b49d3a384b6568
1201Author: Darren Tucker <dtucker@dtucker.net>
1202Date: Tue Jul 23 23:24:47 2019 +1000
1203
1204 upstream rev 1.28: fix comment typo.
1205
1206commit e0055af2bd39fdb44566ff6594147664e1fac8b8
1207Author: Darren Tucker <dtucker@dtucker.net>
1208Date: Tue Jul 23 23:06:22 2019 +1000
1209
1210 Split regress-binaries into two targets.
1211
1212 Split the binaries for the unit tests out into a regress-unit-binaries
1213 target, and add a dependency on it for only the unit tests. This allows
1214 us to run the integration tests only ("make t-exec") without building
1215 the unit tests, which allows us to run a subset of the tests when
1216 building --without-openssl without trying (and failing) to build the
1217 unit tests.
1218
1219 This means there are two targets for "unit" which I *think* is valid
1220 (it works in testing, and makedepend will generate Makefiles of this
1221 form)a but I could be wrong.
1222
1223commit 7cdf9fdcf11aaaa98c2bd22c92882ea559e772ad
1224Author: dtucker@openbsd.org <dtucker@openbsd.org>
1225Date: Tue Jul 23 08:19:29 2019 +0000
1226
1227 upstream: Skip DH group generation test if binaries don't support
1228
1229 DH-GEX.
1230
1231 OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd
1232
1233commit 3a3eab8bb0da3d2f0f32cb85a1a268bcca6e4d69
1234Author: dtucker@openbsd.org <dtucker@openbsd.org>
1235Date: Tue Jul 23 07:55:29 2019 +0000
1236
1237 upstream: Only test conversion of key types supported by the
1238
1239 binaries.
1240
1241 OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea
1242
1243commit 7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63
1244Author: dtucker@openbsd.org <dtucker@openbsd.org>
1245Date: Tue Jul 23 07:39:43 2019 +0000
1246
1247 upstream: Only add ssh-dss to allowed key types if it's supported
1248
1249 by the binary.
1250
1251 OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413
1252
1253commit fd0684b319e664d8821dc4ca3026126dfea3ccf4
1254Author: Darren Tucker <dtucker@dtucker.net>
1255Date: Tue Jul 23 22:36:39 2019 +1000
1256
1257 Remove sys/cdefs.h include.
1258
1259 It's not needed on -portable (that's handled by includes.h) and not all
1260 platforms have it.
1261
1262commit 9634ffbf29b3c2493e69d10b37077b09a8cbf5ff
1263Author: Darren Tucker <dtucker@dtucker.net>
1264Date: Tue Jul 23 22:25:44 2019 +1000
1265
1266 Add headers to prevent warnings w/out OpenSSL.
1267
1268commit 2ea60312e1c08dea88982fec68244f89a40912ff
1269Author: Darren Tucker <dtucker@dtucker.net>
1270Date: Tue Jul 23 22:11:50 2019 +1000
1271
1272 Include stdlib.h for free() and calloc().
1273
1274commit 11cba2a4523fda447e2554ea457484655bedc831
1275Author: Darren Tucker <dtucker@dtucker.net>
1276Date: Tue Jul 23 21:51:22 2019 +1000
1277
1278 Re-apply portability changes to current sha2.{c,h}.
1279
1280 Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
1281 I imported the current versions directly then re-applied the portability
1282 changes. This also allowed re-syncing digest-libc.c against upstream.
1283
1284commit 09159594a3bbd363429ee6fafde57ce77986dd7c
1285Author: Darren Tucker <dtucker@dtucker.net>
1286Date: Tue Jul 23 20:27:51 2019 +1000
1287
1288 Import current sha2.c and sha2.h from OpenBSD.
1289
1290 These are not changed from their original state, the next commit will
1291 re-apply the portable changes.
1292
1293commit 2e6035b900cc9d7432d95084e03993d1b426f812
1294Author: Darren Tucker <dtucker@dtucker.net>
1295Date: Tue Jul 23 08:11:22 2019 +1000
1296
1297 Rename valgrind "errors" to "failures".
1298
1299 When valgrind is enabled, test-exec.sh counts the number of invocations
1300 that valgrind detects failures in, not the total number of errors detected.
1301 This makes the name to be more accurate.
1302
1303commit e82c9bb9ffa65725cc2e03ea81cb79ce3387f66b
1304Author: Darren Tucker <dtucker@dtucker.net>
1305Date: Fri Jul 19 18:51:18 2019 +1000
1306
1307 Skip running sftp-chroot under Valgrind.
1308
1309commit 41e22c2e05cb950b704945ac9408f6109c9b7848
1310Author: dtucker@openbsd.org <dtucker@openbsd.org>
1311Date: Sat Jul 20 09:50:58 2019 +0000
1312
1313 upstream: Remove the sleeps and thus races from the forwarding
1314
1315 test. They were originally required to work with Protocol 1, but now we can
1316 use ssh -N and the control socket without the sleeps. While there, suppress
1317 output fro the control exit commands.
1318
1319 OpenBSD-Regress-ID: 4c51a1d651242f12c90074c18c61008a74c1c790
1320
1321commit 0423043c5e54293f4dd56041304fd0046c317be9
1322Author: dtucker@openbsd.org <dtucker@openbsd.org>
1323Date: Sat Jul 20 09:37:31 2019 +0000
1324
1325 upstream: Allow SLEEPTIME to be overridden.
1326
1327 OpenBSD-Regress-ID: 1596ab168729954be3d219933b2d01cc93687e76
1328
1329commit d466b6a5cfba17a83c7aae9f584ab164e2ece0a1
1330Author: dtucker@openbsd.org <dtucker@openbsd.org>
1331Date: Sat Jul 20 09:14:40 2019 +0000
1332
1333 upstream: Move sleep time into a variable so that we can increase
1334
1335 it for platforms or configurations that are much slower then usual.
1336
1337 OpenBSD-Regress-ID: 88586cabc800062c260d0b876bdcd4ca3f58a872
1338
1339commit b4a7c9d2b5f928e0b902b580d35dc8b244a3aae0
1340Author: djm@openbsd.org <djm@openbsd.org>
1341Date: Fri Jul 19 03:45:44 2019 +0000
1342
1343 upstream: add regression tests for scp for out-of-destination path file
1344
1345 creation by Harry Sintonen via Jakub Jelen in bz3007
1346
1347 OpenBSD-Regress-ID: 01ae5fbc6ce400b2df5a84dc3152a9e31f354c07
1348
1349commit bca0582063f148c7ddf409ec51435a5a726bee4c
1350Author: djm@openbsd.org <djm@openbsd.org>
1351Date: Fri Jul 19 03:38:01 2019 +0000
1352
1353 upstream: Accept the verbose flag when searching for host keys in known
1354
1355 hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art
1356 signature too. bz#3003 "amusing, pretty" deraadt@
1357
1358 OpenBSD-Commit-ID: 686221a5447d6507f40a2ffba5393984d889891f
1359
1360commit 5299a09fa2879a068af200c91028fcfa9283c0f0
1361Author: Darren Tucker <dtucker@dtucker.net>
1362Date: Fri Jul 19 13:50:25 2019 +1000
1363
1364 Revert one dependency per line change.
1365
1366 It turns out that having such a large number of lines in the .depend
1367 file will cause the memory usage of awk during AC_SUBST to blow up on at
1368 least NetBSD's awk, causing configure to fail.
1369
1370commit 01dddb231f23b4a7b616f9d33a0b9d937f9eaf0e
1371Author: Damien Miller <djm@mindrot.org>
1372Date: Fri Jul 19 13:19:19 2019 +1000
1373
1374 fix SIGWINCH delivery of Solaris for mux sessions
1375
1376 Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH
1377 signals to other sessions. bz#3030; report and fix from Darren Moffat
1378
1379commit 05500af21d27c1a3ddac232b018cc23da7b1ee95
1380Author: Darren Tucker <dtucker@dtucker.net>
1381Date: Fri Jul 19 13:20:03 2019 +1000
1382
1383 Force dependencies one per line.
1384
1385 Force makedepend to output one dependency per line, which will make
1386 reading diffs against it much easier. ok djm@
1387
1388commit b5bc5d016bbb83eb7f8e685390044e78b1ea1427
1389Author: Darren Tucker <dtucker@dtucker.net>
1390Date: Fri Jul 19 13:18:07 2019 +1000
1391
1392 make depend.
1393
1394commit 65333f7454365fe40f7367630e7dd10903b9d99e
1395Author: Darren Tucker <dtucker@dtucker.net>
1396Date: Fri Jul 19 13:16:11 2019 +1000
1397
1398 Show when skipping valgrind for a test.
1399
1400commit fccb7eb3436da8ef3dcd22e5936ba1abc7ae6730
1401Author: Darren Tucker <dtucker@dtucker.net>
1402Date: Fri Jul 19 10:41:56 2019 +1000
1403
1404 Enable connect-privsep test with valgrind.
1405
1406 connect-privsep seems to work OK with valgrind now so don't skip
1407 valgrind on it.
1408
1409commit d7423017265c5ae6d0be39340feb6c9f016b1f71
1410Author: Darren Tucker <dtucker@dtucker.net>
1411Date: Fri Jul 19 07:43:07 2019 +1000
1412
1413 Show valgrind results and error counts.
1414
1415commit 22b9b3e944880db906c6ac5527c4228bd92b293a
1416Author: Darren Tucker <dtucker@dtucker.net>
1417Date: Thu Jul 18 13:40:12 2019 +1000
1418
1419 Fix format string integer type in error message.
1420
1421commit ed46a0c0705895834d3f47a46faa89c2a71b760a
1422Author: djm@openbsd.org <djm@openbsd.org>
1423Date: Thu Jul 18 13:26:00 2019 +0000
1424
1425 upstream: fix off-by-one in sshbuf_dtob64() base64 wrapping that could
1426
1427 cause extra newlines to be appended at the end of the base64 text (ugly, but
1428 harmless). Found and fixed by Sebastian Kinne
1429
1430 OpenBSD-Commit-ID: 9fe290bd68f706ed8f986a7704ca5a2bd32d7b68
1431
1432commit a192021fedead23c375077f92346336d531f8cad
1433Author: Darren Tucker <dtucker@dtucker.net>
1434Date: Thu Jul 18 11:09:38 2019 +1000
1435
1436 Fail tests if Valgrind enabled and reports errors.
1437
1438 Also dump the failing valgrind report to stdout (not the cleanest
1439 solution, but better than nothing).
1440
1441commit d1c491ecb939ee10b341fa7bb6205dff19d297e5
1442Author: Darren Tucker <dtucker@dtucker.net>
1443Date: Thu Jul 18 10:17:54 2019 +1000
1444
1445 Allow low-priv tests to write to pipe dir.
1446
1447 When running regression tests with Valgrind and SUDO, the low-priv agent
1448 tests need to be able to create pipes in the appropriate directory.
1449
1450commit 8a5bb3e78191cc206f970c26d2a26c949971e91a
1451Author: Darren Tucker <dtucker@dtucker.net>
1452Date: Wed Jul 17 21:24:55 2019 +1000
1453
1454 Put valgrind vgdb files to a specific directory.
1455
1456 Valgrind by default puts vgdb files and pipes under /tmp, however it
1457 is not always able to clean them up, which can cause test failures when
1458 there's a pid/file collision. Using a specific directory ensures that
1459 we can clean up and start clean.
1460
1461commit f8829fe57fb0479d6103cfe1190095da3c032c6d
1462Author: djm@openbsd.org <djm@openbsd.org>
1463Date: Tue Jul 16 22:16:49 2019 +0000
1464
1465 upstream: adapt to sshbuf_dtob64() change
1466
1467 OpenBSD-Regress-ID: 82374a83edf0955fd1477169eee3f5d6467405a6
1468
1469commit 1254fcbb2f005f745f2265016ee9fa52e16d37b0
1470Author: dtucker@openbsd.org <dtucker@openbsd.org>
1471Date: Tue Jul 16 03:21:54 2019 +0000
1472
1473 upstream: Remove ssh1 files from CLEANFILES since ssh1 no longer
1474
1475 supported.
1476
1477 OpenBSD-Regress-ID: 5b9ae869dc669bac05939b4a2fdf44ee067acfa0
1478
1479commit 9dc81a5adabc9a7d611ed2e63fbf4c85d43b15c6
1480Author: dtucker@openbsd.org <dtucker@openbsd.org>
1481Date: Tue Jul 16 02:09:29 2019 +0000
1482
1483 upstream: Update names of host key files in CLEANFILES to match
1484
1485 recent changes to the tests.
1486
1487 OpenBSD-Regress-ID: 28743052de3acf70b06f18333561497cd47c4ecf
1488
1489commit e44e4ad1190db22ed407a79f32a8cff5bcd2b815
1490Author: Damien Miller <djm@mindrot.org>
1491Date: Tue Jul 16 23:26:53 2019 +1000
1492
1493 depend
1494
1495commit 16dd8b2c78a0de106c7429e2a294d203f6bda3c7
1496Author: djm@openbsd.org <djm@openbsd.org>
1497Date: Tue Jul 16 13:18:39 2019 +0000
1498
1499 upstream: remove mostly vestigal uuencode.[ch]; moving the only unique
1500
1501 functionality there (wrapping of base64-encoded data) to sshbuf functions;
1502 feedback and ok markus@
1503
1504 OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
1505
1506commit 45478898f9590b5cc8bc7104e573b84be67443b0
1507Author: Darren Tucker <dtucker@dtucker.net>
1508Date: Tue Jul 16 09:20:23 2019 +1000
1509
1510 Hook memmem compat code into build.
1511
1512 This fixes builds on platforms that don't have it (at least old DragonFly,
1513 probably others).
1514
1515commit c7bd4617293a903bd3fac3394a7e72d439af49a5
1516Author: Darren Tucker <dtucker@dtucker.net>
1517Date: Tue Jul 16 09:07:18 2019 +1000
1518
1519 Import memmem.c from OpenBSD.
1520
1521commit 477e2a3be8b10df76e8d76f0427b043280d73d68
1522Author: djm@openbsd.org <djm@openbsd.org>
1523Date: Mon Jul 15 13:12:02 2019 +0000
1524
1525 upstream: unit tests for sshbuf_cmp() and sshbuf_find(); ok markus
1526
1527 OpenBSD-Regress-ID: b52d36bc3ab6dc158c1e59a9a4735f821cf9e1fd
1528
1529commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a
1530Author: djm@openbsd.org <djm@openbsd.org>
1531Date: Mon Jul 15 13:16:29 2019 +0000
1532
1533 upstream: support PKCS8 as an optional format for storage of
1534
1535 private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
1536 private keys to disk.
1537
1538 The OpenSSH native key format remains the default, but PKCS8 is a
1539 superior format to PEM if interoperability with non-OpenSSH software
1540 is required, as it may use a less terrible KDF (IIRC PEM uses a single
1541 round of MD5 as a KDF).
1542
1543 adapted from patch by Jakub Jelen via bz3013; ok markus
1544
1545 OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
1546
1547commit e18a27eedccb024acb3cd9820b650a5dff323f01
1548Author: djm@openbsd.org <djm@openbsd.org>
1549Date: Mon Jul 15 13:11:38 2019 +0000
1550
1551 upstream: two more bounds-checking sshbuf counterparts to common
1552
1553 string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)
1554
1555 feedback and ok markus@
1556
1557 OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a
1558
1559commit bc551dfebb55845537b1095cf3ccd01640a147b7
1560Author: Darren Tucker <dtucker@dtucker.net>
1561Date: Mon Jul 15 12:52:45 2019 +1000
1562
1563 Clear valgrind-out dir to prevent collisions.
1564
1565commit 5db9ba718e983661a9114ae1418f6e412d1f52d5
1566Author: Darren Tucker <dtucker@dtucker.net>
1567Date: Mon Jul 15 12:02:27 2019 +1000
1568
1569 Allow agent tests to write to valgrind dir.
1570
1571commit 121e48fa5305f41f0477d9908e3d862987a68a84
1572Author: djm@openbsd.org <djm@openbsd.org>
1573Date: Sun Jul 14 23:33:19 2019 +0000
1574
1575 upstream: unit tests for sshbuf_peek/poke bounds-checked random access
1576
1577 functions. ok markus@
1578
1579 OpenBSD-Regress-ID: 034c4284b1da6b12e25c762a6b958efacdafbaef
1580
1581commit 101d164723ffbc38f8036b6f3ea3bfef771ba250
1582Author: djm@openbsd.org <djm@openbsd.org>
1583Date: Sun Jul 14 23:32:27 2019 +0000
1584
1585 upstream: add some functions to perform random-access read/write
1586
1587 operations inside buffers with bounds checking. Intended to replace manual
1588 pointer arithmetic wherever possible.
1589
1590 feedback and ok markus@
1591
1592 OpenBSD-Commit-ID: 91771fde7732738f1ffed078aa5d3bee6d198409
1593
1594commit 7250879c72d28275a53f2f220e49646c3e42ef18
1595Author: djm@openbsd.org <djm@openbsd.org>
1596Date: Fri Jul 12 04:08:39 2019 +0000
1597
1598 upstream: include SHA2-variant RSA key algorithms in KEX proposal;
1599
1600 allows ssh-keyscan to harvest keys from servers that disable olde SHA1
1601 ssh-rsa. bz#3029 from Jakub Jelen
1602
1603 OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
1604
1605commit a0876bd994cab9ba6e47ba2a163a4417c7597487
1606Author: djm@openbsd.org <djm@openbsd.org>
1607Date: Fri Jul 12 03:56:21 2019 +0000
1608
1609 upstream: print explicit "not modified" message if a file was
1610
1611 requested for resumed download but was considered already complete.
1612
1613 bz#2978 ok dtucker
1614
1615 OpenBSD-Commit-ID: f32084b26a662f16215ee4ca4a403d67e49ab986
1616
1617commit b9b0f2ac9625933db53a35b1c1ce423876630558
1618Author: tb@openbsd.org <tb@openbsd.org>
1619Date: Wed Jul 10 07:04:27 2019 +0000
1620
1621 upstream: Fix a typo and make <esc><right> move right to the
1622
1623 closest end of a word just like <esc><left> moves left to the closest
1624 beginning of a word.
1625
1626 ok djm
1627
1628 OpenBSD-Commit-ID: 6afe01b05ed52d8b12eb1fda6e9af5afb5e198ee
1629
1630commit 8729498a5d239980a91d32f031b34e8c58c52f62
1631Author: Damien Miller <djm@mindrot.org>
1632Date: Wed Jul 10 09:43:19 2019 +1000
1633
1634 fix typo that prevented detection of Linux VRF
1635
1636 Reported by hexiaowen AT huawei.com
1637
1638commit 5b2b79ff7c057ee101518545727ed3023372891d
1639Author: djm@openbsd.org <djm@openbsd.org>
1640Date: Tue Jul 9 04:15:00 2019 +0000
1641
1642 upstream: cap the number of permiopen/permitlisten directives we're
1643
1644 willing to parse on a single authorized_keys line; ok deraadt@
1645
1646 OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46
1647
1648commit eb0b51dac408fadd1fd13fa6d726ab8fdfcc4152
1649Author: Darren Tucker <dtucker@dtucker.net>
1650Date: Mon Jul 8 17:27:26 2019 +1000
1651
1652 Move log.h include inside ifdefs.
1653
1654 Fixes build on some other platforms that don't have va_list immediately
1655 available (eg NetBSD).
1656
1657commit 43702f8e6fa22a258e25c4dd950baaae0bc656b7
1658Author: Darren Tucker <dtucker@dtucker.net>
1659Date: Sat Jul 6 23:07:04 2019 +1000
1660
1661 Include log.h for debug() and friends.
1662
1663 Should fix some compiler warnings on IRIX (bz#3032).
1664
1665commit 53a6ebf1445a857f5e487b18ee5e5830a9575149
1666Author: Damien Miller <djm@mindrot.org>
1667Date: Mon Jul 8 13:44:32 2019 +1000
1668
1669 sftp-realpath.c needs includes.h
1670
1671commit 4efe1adf05ee5d3fce44320fcff68735891f4ee6
1672Author: Damien Miller <djm@mindrot.org>
1673Date: Mon Jul 8 13:38:39 2019 +1000
1674
1675 remove realpath() compat replacement
1676
1677 We shipped a BSD implementation of realpath() because sftp-server
1678 depended on its behaviour.
1679
1680 OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
1681 so sftp-server now unconditionally requires its own BSD-style realpath
1682 implementation. As such, there is no need to carry another independant
1683 implementation in openbsd-compat.
1684
1685 ok dtucker@
1686
1687commit 696fb4298e80f2ebcd188986a91b49af3b7ca14c
1688Author: dtucker@openbsd.org <dtucker@openbsd.org>
1689Date: Sun Jul 7 01:05:00 2019 +0000
1690
1691 upstream: Remove some set but never used variables. ok daraadt@
1692
1693 OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
1694
1695commit 156e9e85e92b46ca90226605d9eff49e8ec31b22
1696Author: deraadt@openbsd.org <deraadt@openbsd.org>
1697Date: Fri Jul 5 12:35:40 2019 +0000
1698
1699 upstream: still compile uuencode.c, unbreaks build
1700
1701 OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f
1702
1703commit cec9ee527a12b1f6c2e0a1c155fec64a38d71cf6
1704Author: djm@openbsd.org <djm@openbsd.org>
1705Date: Fri Jul 5 07:32:01 2019 +0000
1706
1707 upstream: revert header removal that snuck into previous
1708
1709 OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e
1710
1711commit 569b650f93b561c09c655f83f128e1dfffe74101
1712Author: djm@openbsd.org <djm@openbsd.org>
1713Date: Fri Jul 5 04:55:40 2019 +0000
1714
1715 upstream: add a local implementation of BSD realpath() for
1716
1717 sftp-server use ahead of OpenBSD's realpath changing to match POSIX;
1718
1719 ok deraadt@ (thanks for snaps testing)
1720
1721 OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
1722
1723commit b8e2b797362526437e0642a6c2f2970d794f2561
1724Author: Darren Tucker <dtucker@dtucker.net>
1725Date: Sat Jul 6 13:13:57 2019 +1000
1726
1727 Add prototype for strnlen to prevent warnings.
1728
1729commit 4c3e00b1ed7e596610f34590eb5d54ee50d77878
1730Author: Darren Tucker <dtucker@dtucker.net>
1731Date: Sat Jul 6 13:02:34 2019 +1000
1732
1733 Cast *ID types to unsigned long when printing.
1734
1735 UID and GID types vary by platform so cast to u_long and use %lu when
1736 printing them to prevent warnings.
1737
1738commit 2753521e899f30d1d58b5da0b4e68fde6fcf341e
1739Author: Darren Tucker <dtucker@dtucker.net>
1740Date: Sat Jul 6 12:54:43 2019 +1000
1741
1742 Add prototype for compat strndup.(bz#3032).
1743
1744commit 01a1e21cd55d99293c8ff8ed7c590f2ee440da43
1745Author: Darren Tucker <dtucker@dtucker.net>
1746Date: Sat Jul 6 12:00:41 2019 +1000
1747
1748 Add missing bracket in EGD seeding code.
1749
1750 When configured --with-prngd-socket the code had a missing bracket after
1751 an API change. Fix that and a couple of warnings. bz#3032 , from
1752 ole.weidner at protonmail.ch
1753
1754commit e187b1d4607392cf2c19243afe0d0311a4ff3591
1755Author: dtucker@openbsd.org <dtucker@openbsd.org>
1756Date: Fri Jul 5 04:19:39 2019 +0000
1757
1758 upstream: Add (recently added) rsa_oldfmt to CLEANFILES.
1759
1760 OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3
1761
1762commit 74b541bfabdcb57c1683cd9b3f1d1f4d5e41563e
1763Author: dtucker@openbsd.org <dtucker@openbsd.org>
1764Date: Fri Jul 5 04:12:46 2019 +0000
1765
1766 upstream: Adapt the PuTTY/Conch tests to new key names.
1767
1768 A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
1769 portable) broke the PuTTY and Twisted Conch interop tests, because the
1770 key they want to use is now called ssh-rsa rather than rsa. Adapt the
1771 tests to the new file names. bz#3020, patch from cjwatson at debian.org.
1772
1773 OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e
1774
1775commit de08335a4cfaa9b7081e94ea4a8b7153c230546d
1776Author: dtucker@openbsd.org <dtucker@openbsd.org>
1777Date: Fri Jul 5 04:03:13 2019 +0000
1778
1779 upstream: Add a sleep to allow forwards to come up.
1780
1781 Currently when the multiplex client requests a forward it returns
1782 once the request has been sent but not necessarily when the forward
1783 is up. This causes intermittent text failures due to this race,
1784 so add some sleeps to mitigate this until we can fix it properly.
1785
1786 OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253
1787
1788commit 4d249284729f864faa2e8f3e015f9a41b674544a
1789Author: Darren Tucker <dtucker@dtucker.net>
1790Date: Fri Jul 5 14:58:57 2019 +1000
1791
1792 Remove nc stderr redirection to resync w/OpenBSD.
1793
1794commit c5cfa90e03432181ffcc7ad3f9f815179bd0c626
1795Author: Darren Tucker <dtucker@dtucker.net>
1796Date: Fri Jul 5 13:21:45 2019 +1000
1797
1798 Do not fatal on failed lookup of group "tty".
1799
1800 Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those
1801 cases we will fall back to making the tty device the user's primary
1802 group, so do not fatal if the group lookup fails. ok djm@
1803
1804commit 8b4cc4bdc8a70bf209a274fa2b2a49c1e3c8d8a2
1805Author: deraadt@openbsd.org <deraadt@openbsd.org>
1806Date: Thu Jul 4 16:20:10 2019 +0000
1807
1808 upstream: fatal() if getgrnam() cannot find "tty"
1809
1810 OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048
1811
1812commit 48cccc275c6a1e91d3f80fdb0dc0d5baf529aeca
1813Author: deraadt@openbsd.org <deraadt@openbsd.org>
1814Date: Thu Jul 4 16:16:51 2019 +0000
1815
1816 upstream: stat() returns precisely -1 to indicate error
1817
1818 OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1
1819
1820commit 8142fcaf9ed8ff66252deecbfd29fc59d5f2df4f
1821Author: deraadt@openbsd.org <deraadt@openbsd.org>
1822Date: Wed Jul 3 03:24:02 2019 +0000
1823
1824 upstream: snprintf/vsnprintf return < 0 on error, rather than -1.
1825
1826 OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d
1827
1828commit 4d28fa78abce2890e136281950633fae2066cc29
1829Author: deraadt@openbsd.org <deraadt@openbsd.org>
1830Date: Fri Jun 28 13:35:04 2019 +0000
1831
1832 upstream: When system calls indicate an error they return -1, not
1833
1834 some arbitrary value < 0. errno is only updated in this case. Change all
1835 (most?) callers of syscalls to follow this better, and let's see if this
1836 strictness helps us in the future.
1837
1838 OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
1839
1840commit e8c974043c1648eab0ad67a7ba6a3e444fe79d2d
1841Author: deraadt@openbsd.org <deraadt@openbsd.org>
1842Date: Fri Jun 28 05:44:09 2019 +0000
1843
1844 upstream: asprintf returns -1, not an arbitrary value < 0. Also
1845
1846 upon error the (very sloppy specification) leaves an undefined value in *ret,
1847 so it is wrong to inspect it, the error condition is enough. discussed a
1848 little with nicm, and then much more with millert until we were exasperated
1849
1850 OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
1851
1852commit 1b2d55d15c6240c15a1e1cf4203b82e54a766272
1853Author: deraadt@openbsd.org <deraadt@openbsd.org>
1854Date: Fri Jun 28 01:23:50 2019 +0000
1855
1856 upstream: oops, from asou
1857
1858 OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6
1859
1860commit 5cdbaa78fcb718c39af4522d98016ad89d065427
1861Author: deraadt@openbsd.org <deraadt@openbsd.org>
1862Date: Thu Jun 27 18:03:37 2019 +0000
1863
1864 upstream: Some asprintf() calls were checked < 0, rather than the
1865
1866 precise == -1. ok millert nicm tb, etc
1867
1868 OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
1869
1870commit b2e3e57be4a933d9464bccbe592573725765486f
1871Author: djm@openbsd.org <djm@openbsd.org>
1872Date: Thu Jun 27 06:29:35 2019 +0000
1873
1874 upstream: fix NULL deference (bzero) on err
1875
1876 =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?=
1877 =?UTF-8?q?=20Bj=C3=B6rnsson?=
1878 MIME-Version: 1.0
1879 Content-Type: text/plain; charset=UTF-8
1880 Content-Transfer-Encoding: 8bit
1881
1882 ok deraadt@ markus@ tb@
1883
1884 OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
1885
1886commit 58ceacdcbaebefc77d120712de55c6fc6aa32bb1
1887Author: Jitendra Sharma <jitendra.sharma@intel.com>
1888Date: Fri Jun 21 09:54:17 2019 +0530
1889
1890 Update README doc to include missing test cases
1891
1892 Readme regress document is missing various individual tests,
1893 which are supported currently. Update README to
1894 include those test cases.
1895
1896commit 7959330a554051b5587f8af3fec0c2c0d5820f64
1897Author: dtucker@openbsd.org <dtucker@openbsd.org>
1898Date: Wed Jun 26 22:29:43 2019 +0000
1899
1900 upstream: Remove unneeded unlink of xauthfile o
1901
1902 =?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?=
1903 =?UTF-8?q?b,=20ok=20djm@=20deraadt@?=
1904 MIME-Version: 1.0
1905 Content-Type: text/plain; charset=UTF-8
1906 Content-Transfer-Encoding: 8bit
1907
1908 OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632
1909
1910commit 8de52eb224143783a49f9bddd9ab7800022a8276
1911Author: djm@openbsd.org <djm@openbsd.org>
1912Date: Sun Jun 23 12:21:46 2019 +0000
1913
1914 upstream: fix mismatch proto/decl from key shielding change; spotted
1915
1916 via oss-fuzz
1917
1918 OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
1919
1920commit 1dfadb9b57c2985c95838a0292d1c2f6a501896e
1921Author: djm@openbsd.org <djm@openbsd.org>
1922Date: Fri Jun 21 04:21:45 2019 +0000
1923
1924 upstream: adapt for key shielding API changes (const removal)
1925
1926 OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6
1927
1928commit 4f7a56d5e02e3d04ab69eac1213817a7536d0562
1929Author: djm@openbsd.org <djm@openbsd.org>
1930Date: Fri Jun 21 04:21:04 2019 +0000
1931
1932 upstream: Add protection for private keys at rest in RAM against
1933
1934 speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
1935 and Rambleed. This change encrypts private keys when they are not in use with
1936 a symmetic key that is derived from a relatively large "prekey" consisting of
1937 random data (currently 16KB).
1938
1939 Attackers must recover the entire prekey with high accuracy before
1940 they can attempt to decrypt the shielded private key, but the current
1941 generation of attacks have bit error rates that, when applied
1942 cumulatively to the entire prekey, make this unlikely.
1943
1944 Implementation-wise, keys are encrypted "shielded" when loaded and then
1945 automatically and transparently unshielded when used for signatures or
1946 when being saved/serialised.
1947
1948 Hopefully we can remove this in a few years time when computer
1949 architecture has become less unsafe.
1950
1951 been in snaps for a bit already; thanks deraadt@
1952
1953 ok dtucker@ deraadt@
1954
1955 OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
1956
1957commit 4cd6b12cc9c10bf59c8b425041f3ea5091285a0f
1958Author: djm@openbsd.org <djm@openbsd.org>
1959Date: Fri Jun 21 03:19:59 2019 +0000
1960
1961 upstream: print the correct AuthorizedPrincipalsCommand rather than
1962
1963 an uninitialised variable; spotted by dtucker@
1964
1965 OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
1966
1967commit 5f68ab436b0e01751d564e9a9041e6ac3673e45a
1968Author: jmc@openbsd.org <jmc@openbsd.org>
1969Date: Wed Jun 19 20:12:44 2019 +0000
1970
1971 upstream: from tim: - for reput, it is remote-path which is
1972
1973 optional, not local-path - sync help
1974
1975 from deraadt:
1976 - prefer -R and undocument -r (but add a comment for future editors)
1977
1978 from schwarze:
1979 - prefer -p and undocument -P (as above. the comment was schwarze's too)
1980
1981 more:
1982 - add the -f flag to reput and reget
1983 - sort help (i can;t remember who suggested this originally)
1984
1985 djm and deraadt were ok with earlier versions of this;
1986 tim and schwarze ok
1987
1988 OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
1989
1990commit 99bcbbc77fbd5a5027031f42a5931b21b07c947e
1991Author: djm@openbsd.org <djm@openbsd.org>
1992Date: Fri Jun 14 04:03:48 2019 +0000
1993
1994 upstream: check for convtime() refusing to accept times that
1995
1996 resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker
1997
1998 OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
1999
2000commit e5cccb2410247c9b8151b9510a876abdf5424b24
2001Author: dtucker@openbsd.org <dtucker@openbsd.org>
2002Date: Sun Apr 28 22:53:26 2019 +0000
2003
2004 upstream: Add unit tests for user@host and URI parsing.
2005
2006 OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
2007
2008commit 0bb7e38834e3f9886302bbaea630a6b0f8cfb520
2009Author: dtucker@openbsd.org <dtucker@openbsd.org>
2010Date: Thu Apr 18 18:57:16 2019 +0000
2011
2012 upstream: Add tests for sshd -T -C with Match.
2013
2014 OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
2015
2016commit 73eb6cef41daba0359c1888e4756108d41b4e819
2017Author: Darren Tucker <dtucker@dtucker.net>
2018Date: Sun Jun 16 12:55:27 2019 +1000
2019
2020 Include stdio.h for vsnprintf.
2021
2022 Patch from mforney at mforney.org.
2023
2024commit adcaf40fd0a180e6cb5798317fdf479b52e3c09a
2025Author: Darren Tucker <dtucker@dtucker.net>
2026Date: Sat Jun 8 09:07:04 2019 +1000
2027
2028 upstream rev 1.27: fix integer overflow.
2029
2030 Cast bitcount to u_in64_t before bit shifting to prevent integer overflow
2031 on 32bit platforms which cause incorrect results when adding a block
2032 >=512M in size. sha1 patch from ante84 at gmail.com via openssh github,
2033 sha2 with djm@, ok tedu@
2034
2035commit 7689048e6103d3c34cba24ac5aeea7bf8405d19a
2036Author: Darren Tucker <dtucker@dtucker.net>
2037Date: Sat Jun 8 09:06:06 2019 +1000
2038
2039 upstream rev 1.25: add DEF_WEAK.
2040
2041 Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct
2042 ok deraadt@
2043
2044commit 55f3153393ac7e072a4b4b21b194864460d8f44a
2045Author: Darren Tucker <dtucker@dtucker.net>
2046Date: Sat Jun 8 09:02:24 2019 +1000
2047
2048 upstream rev 1.25: add sys/types.h
2049
2050commit 10974f986fa842a3a3a693e3d5761072540002b4
2051Author: Darren Tucker <dtucker@dtucker.net>
2052Date: Sat Jun 8 09:01:14 2019 +1000
2053
2054 upstream: Use explicit_bzero instead of memset
2055
2056 in hash Final and End functions. OK deraadt@ djm@
2057
2058commit cb8f56570f70b00abae4267d4bcce2bfae7dfff6
2059Author: djm@openbsd.org <djm@openbsd.org>
2060Date: Fri Jun 14 04:13:58 2019 +0000
2061
2062 upstream: slightly more instructive error message when the user
2063
2064 specifies multiple -J options on the commandline. bz3015 ok dtucker@
2065
2066 OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
2067
2068commit 2317ce4b0ed7d8c4b0c684e2d47bff5006bd1178
2069Author: djm@openbsd.org <djm@openbsd.org>
2070Date: Fri Jun 14 03:51:47 2019 +0000
2071
2072 upstream: process agent requests for RSA certificate private keys using
2073
2074 correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
2075 ok dtucker markus
2076
2077 OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
2078
2079commit c95b90d40170473825904be561b1eafba354f376
2080Author: djm@openbsd.org <djm@openbsd.org>
2081Date: Fri Jun 14 03:39:59 2019 +0000
2082
2083 upstream: for public key authentication, check AuthorizedKeysFiles
2084
2085 files before consulting AuthorizedKeysCommand; ok dtucker markus
2086
2087 OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
2088
2089commit a5a53914989ddd3521b6edc452bc3291784a4f4f
2090Author: djm@openbsd.org <djm@openbsd.org>
2091Date: Fri Jun 14 03:28:19 2019 +0000
2092
2093 upstream: if passed a bad fd, log what it was
2094
2095 OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140
2096
2097commit 7349149da1074d82b71722338e05b6a282f126cc
2098Author: jmc@openbsd.org <jmc@openbsd.org>
2099Date: Wed Jun 12 11:31:50 2019 +0000
2100
2101 upstream: Hostname->HostName cleanup; from lauri tirkkonen ok
2102
2103 dtucker
2104
2105 OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
2106
2107commit 76af9c57387243556d38935555c227d0b34062c5
2108Author: jmc@openbsd.org <jmc@openbsd.org>
2109Date: Wed Jun 12 05:53:21 2019 +0000
2110
2111 upstream: deraadt noticed some inconsistency in the way we denote
2112
2113 the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent
2114 (effectively reversing my commit of yesterday);
2115
2116 ok deraadt markus djm
2117
2118 OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667
2119
2120commit d1bbfdd932db9b9b799db865ee1ff50060dfc895
2121Author: jmc@openbsd.org <jmc@openbsd.org>
2122Date: Tue Jun 11 13:39:40 2019 +0000
2123
2124 upstream: consistent lettering for "HostName" keyword; from lauri
2125
2126 tirkkonen
2127
2128 OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563
2129
2130commit fc0340f7c4ee29bfb12bd1de9f99defa797e16b4
2131Author: Darren Tucker <dtucker@dtucker.net>
2132Date: Sat Jun 8 00:10:59 2019 +1000
2133
2134 Typo fixes in error messages.
2135
2136 Patch from knweiss at gmail.com via github pull req #97 (portable-
2137 specific parts).
2138
2139commit 4b7dd22b02b64b1ededd3c0e98a6e7ae21e31d38
2140Author: dtucker@openbsd.org <dtucker@openbsd.org>
2141Date: Fri Jun 7 14:18:48 2019 +0000
2142
2143 upstream: Typo and spelling fixes in comments and error messages.
2144
2145 Patch from knweiss at gmail.com via -portable.
2146
2147 OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
2148
2149commit 130ef0695e1731392ca33831939fe89e8b70cc17
2150Author: Darren Tucker <dtucker@dtucker.net>
2151Date: Sat Jun 8 00:47:07 2019 +1000
2152
2153 Include missed bits from previous sync.
2154
2155commit 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
2156Author: dtucker@openbsd.org <dtucker@openbsd.org>
2157Date: Fri Jun 7 03:47:12 2019 +0000
2158
2159 upstream: Check for user@host when parsing sftp target. This
2160
2161 allows user@[1.2.3.4] to work without a path in addition to with one.
2162 bz#2999, ok djm@
2163
2164 OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b
2165
2166commit 0323d9b619d512f80c57575b810a05791891f657
2167Author: otto@openbsd.org <otto@openbsd.org>
2168Date: Thu Jun 6 05:13:13 2019 +0000
2169
2170 upstream: Replace calls to ssh_malloc_init() by a static init of
2171
2172 malloc_options. Prepares for changes in the way malloc is initialized. ok
2173 guenther@ dtucker@
2174
2175 OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
2176
2177commit c586d2d3129265ea64b12960c379d634bccb6535
2178Author: djm@openbsd.org <djm@openbsd.org>
2179Date: Fri May 31 03:20:07 2019 +0000
2180
2181 upstream: fix ssh-keysign fd handling problem introduced in r1.304
2182
2183 caused by a typo (STDIN_FILENO vs STDERR_FILENO)
2184
2185 OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
2186
2187commit 410b231aa41ff830b2f5b09b5aaf5e5cdc1ab86b
2188Author: lum@openbsd.org <lum@openbsd.org>
2189Date: Wed May 29 08:30:26 2019 +0000
2190
2191 upstream: Make the standard output messages of both methods of
2192
2193 changing a key pair's comments (using -c and -C) more applicable to both
2194 methods. ok and suggestions djm@ dtucker@
2195
2196 OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6
2197
2198commit 2b3402dc9f1d9b0df70291b424f36e436cdfa7e0
2199Author: Darren Tucker <dtucker@dtucker.net>
2200Date: Sat Jun 8 00:03:07 2019 +1000
2201
2202 Always clean up before and after utimensat test.
2203
2204commit 182898192d4b720e4faeafd5b39c2cfb3b92aa21
2205Author: Darren Tucker <dtucker@dtucker.net>
2206Date: Fri Jun 7 23:47:37 2019 +1000
2207
2208 Update utimensat test.
2209
2210 POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should
2211 update the symlink and not the destination. The compat code doesn't
2212 have a way to do this, so where possible it fails instead of following a
2213 symlink when explicitly asked not to. Instead of checking for an explicit
2214 failure, check that it does not update the destination, which both the
2215 real and compat implmentations should honour.
2216
2217 Inspired by github pull req #125 from chutzpah at gentoo.org.
2218
2219commit d220b675205185e0b4d6b6524acc2e5c599ef0e2
2220Author: Darren Tucker <dtucker@dtucker.net>
2221Date: Fri Jun 7 14:26:54 2019 +1000
2222
2223 Have pthread_create return errno on failure.
2224
2225 According to POSIX, pthread_create returns the failure reason in
2226 the non-zero function return code so make the fork wrapper do that.
2227 Matches previous change.
2228
2229commit 1bd4f7f25f653e0cadb2e6f25d79bc3c35c6aa4d
2230Author: Elliott Hughes <enh@google.com>
2231Date: Thu Apr 25 13:36:27 2019 -0700
2232
2233 pthread_create(3) returns positive values on failure.
2234
2235 Found by inspection after finding similar bugs in other code used by
2236 Android.
2237
2238commit b3a77b25e5f7880222b179431a74fad76d2cf60c
2239Author: Harald Freudenberger <freude@linux.ibm.com>
2240Date: Fri May 24 10:11:15 2019 +0200
2241
2242 allow s390 specific ioctl for ecc hardware support
2243
2244 Adding another s390 specific ioctl to be able to support ECC hardware
2245 acceleration to the sandbox seccomp filter rules.
2246
2247 Now the ibmca openssl engine provides elliptic curve cryptography
2248 support with the help of libica and CCA crypto cards. This is done via
2249 jet another ioctl call to the zcrypt device driver and so there is a
2250 need to enable this on the openssl sandbox.
2251
2252 Code is s390 specific and has been tested, verified and reviewed.
2253
2254 Please note that I am also the originator of the previous changes in
2255 that area. I posted these changes to Eduardo and he forwarded the
2256 patches to the openssl community.
2257
2258 Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
2259 Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
2260
2261commit 2459df9aa11820f8092a8651aeb381af7ebbccb1
2262Author: Sorin Adrian Savu <sorin25@users.noreply.github.com>
2263Date: Sun May 26 21:50:08 2019 +0300
2264
2265 openssl-devel is obsoleted by libssl-devel
2266
2267 openssl-devel is no longer installable via the cygwin setup and
2268 it's hidden by default, so you can't see the replacement very easy.
2269
2270commit 85ceb0e64bff672558fc87958cd548f135c83cdd
2271Author: jmc@openbsd.org <jmc@openbsd.org>
2272Date: Mon May 20 06:01:59 2019 +0000
2273
2274 upstream: tweak previous;
2275
2276 OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c
2277
2278commit 30615295609f5c57b3137b3021fe63bfa45c1985
2279Author: djm@openbsd.org <djm@openbsd.org>
2280Date: Mon May 20 00:25:55 2019 +0000
2281
2282 upstream: embiggen format buffer size for certificate serial number so
2283
2284 that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior
2285
2286 OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
2287
2288commit 476e3551b2952ef73acc43d995e832539bf9bc4d
2289Author: djm@openbsd.org <djm@openbsd.org>
2290Date: Mon May 20 00:20:35 2019 +0000
2291
2292 upstream: When signing certificates with an RSA key, default to
2293
2294 using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
2295 will therefore be incompatible with OpenSSH < 7.2 unless the default is
2296 overridden.
2297
2298 Document the ability of the ssh-keygen -t flag to override the
2299 signature algorithm when signing certificates, and the new default.
2300
2301 ok deraadt@
2302
2303 OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
2304
2305commit 606077ee1e77af5908431d003fb28461ef7be092
2306Author: Darren Tucker <dtucker@dtucker.net>
2307Date: Fri May 17 13:14:12 2019 +1000
2308
2309 Add no-op implementation of pam_putenv.
2310
2311 Some platforms such as HP-UX do not have pam_putenv. Currently the
2312 calls are ifdef'ed out, but a new one was recently added. Remove the
2313 ifdefs and add a no-op implementation. bz#3008, ok djm.
2314
2315commit 1ac98be8724c9789d770ddb8e7f0dbf1b55e05a0
2316Author: Darren Tucker <dtucker@dtucker.net>
2317Date: Fri May 17 12:42:17 2019 +1000
2318
2319 Use the correct macro for SSH_ALLOWED_CA_SIGALGS.
2320
2321commit 97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf
2322Author: Darren Tucker <dtucker@dtucker.net>
2323Date: Fri May 17 10:54:51 2019 +1000
2324
2325 Fix building w/out ECC.
2326
2327 Ifdef out ECC specific code so that that it'll build against an OpenSSL
2328 configured w/out ECC. With & ok djm@
2329
2330commit 633703babf8d9a88da85f23b800e1b88dec7cdbd
2331Author: Darren Tucker <dtucker@dtucker.net>
2332Date: Fri May 17 10:50:29 2019 +1000
2333
2334 Conditionalize ECDH methods in CA algos.
2335
2336 When building against an OpenSSL configured without ECC, don't include
2337 those algos in CASignatureAlgorithms. ok djm@
2338
2339commit 5c8d14c512f5d413095b22bdba08a6bb990f1e97
2340Author: dtucker@openbsd.org <dtucker@openbsd.org>
2341Date: Thu May 16 08:47:27 2019 +0000
2342
2343 upstream: Move a variable declaration to the block where it's used
2344
2345 to make things a little tidier for -portable.
2346
2347 OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
2348
2349commit a1d29cc36a5e6eeabc935065a8780e1ba5b67014
2350Author: deraadt@openbsd.org <deraadt@openbsd.org>
2351Date: Wed May 15 04:43:31 2019 +0000
2352
2353 upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
2354
2355 the socket into fd3, so as to not mistakenly leak other fd forward
2356 accidentally. ok djm
2357
2358 OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
2359
2360commit db7606d4a62fee67b0cb2f32dfcbd7b3642bfef5
2361Author: schwarze@openbsd.org <schwarze@openbsd.org>
2362Date: Tue May 14 12:47:17 2019 +0000
2363
2364 upstream: Delete some .Sx macros that were used in a wrong way.
2365
2366 Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>.
2367
2368 OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
2369
2370commit cb4accb1233865d9151f8a50cc5f0c61a3fd4077
2371Author: florian@openbsd.org <florian@openbsd.org>
2372Date: Fri May 10 18:55:17 2019 +0000
2373
2374 upstream: For PermitOpen violations add the remote host and port to
2375
2376 be able to find out from where the request was comming.
2377
2378 Add the same logging for PermitListen violations which where not
2379 logged at all.
2380
2381 Pointed out by Robert Kisteleki (robert AT ripe.net)
2382
2383 input markus
2384 OK deraadt
2385
2386 OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
2387
2388commit cd16aceec148d55088fc8df6be88335578d85258
2389Author: Darren Tucker <dtucker@dtucker.net>
2390Date: Thu May 16 07:53:20 2019 +1000
2391
2392 Add OpenSSL 1.1.1 to the supported list.
2393
2394 Clarify the language around prngd and egd.
2395
2396commit 6fd4aa2aafbce90acb11a328ca0aa0696cb01c6b
2397Author: Darren Tucker <dtucker@dtucker.net>
2398Date: Wed May 15 16:19:14 2019 +1000
2399
2400 Fix typo in man page formatter selector.
2401
2402commit 285546b73e2c172565c992a695927ac8cf3b4cc6
2403Author: Darren Tucker <dtucker@dtucker.net>
2404Date: Fri May 10 15:04:42 2019 +1000
2405
2406 Use "doc" man page format if mandoc present.
2407
2408 Previously configure would not select the "doc" man page format if
2409 mandoc was present but nroff was not. This checks for mandoc first
2410 and removes a now-superflous AC_PATH_PROG. Based on a patch from
2411 vehk at vehk.de and feedback from schwarze at usta.de.
2412
2413commit 62dd70613b77b229f53db3cc1c3e8a206fa2b582
2414Author: dtucker@openbsd.org <dtucker@openbsd.org>
2415Date: Fri May 3 06:06:30 2019 +0000
2416
2417 upstream: Use the correct (according to POSIX) format for
2418
2419 left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok
2420 markus@.
2421
2422 OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
2423
2424commit 62be1ffe5ffc68cfaac183320503c00a8c72e0b1
2425Author: dtucker@openbsd.org <dtucker@openbsd.org>
2426Date: Fri May 3 04:11:00 2019 +0000
2427
2428 upstream: Free channel objects on exit path. Patch from markus at
2429
2430 blueflash.cc, ok deraadt
2431
2432 OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
2433
2434commit 1c554a5d94b9de6bd5374e2992a5662746cc39ba
2435Author: dtucker@openbsd.org <dtucker@openbsd.org>
2436Date: Fri May 3 03:27:38 2019 +0000
2437
2438 upstream: Free host on exit path. Patch from markus at
2439
2440 blueflash.cc, ok djm@
2441
2442 OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
2443
2444commit 99043bd64e5e0f427173f4fa83ef25a4676624a3
2445Author: dtucker@openbsd.org <dtucker@openbsd.org>
2446Date: Fri May 3 03:25:18 2019 +0000
2447
2448 upstream: Wrap XMSS including in ifdef. Patch from markus at
2449
2450 blueflash.cc, ok djm
2451
2452 OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
2453
2454commit 8fcfb7789c43a19d24162a7a4055cd09ee951b34
2455Author: dtucker@openbsd.org <dtucker@openbsd.org>
2456Date: Fri Apr 26 08:37:17 2019 +0000
2457
2458 upstream: Import regenerated moduli.
2459
2460 OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff
2461
2462commit 3a7db919d5dd09f797971b3cf8ee301767459774
2463Author: dtucker@openbsd.org <dtucker@openbsd.org>
2464Date: Tue Apr 23 11:56:41 2019 +0000
2465
2466 upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@
2467
2468 OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
2469
2470commit d7c6e38b87efab1f140745fd8b1106b82e6e4a68
2471Author: dtucker@openbsd.org <dtucker@openbsd.org>
2472Date: Fri Apr 19 05:47:44 2019 +0000
2473
2474 upstream: Document new default RSA key size. From
2475
2476 sebastiaanlokhorst at gmail.com via bz#2997.
2477
2478 OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1
2479
2480commit e826bbcafe26dac349a8593da5569e82faa45ab8
2481Author: dtucker@openbsd.org <dtucker@openbsd.org>
2482Date: Thu Apr 18 18:56:16 2019 +0000
2483
2484 upstream: When running sshd -T, assume any attibute not provided by
2485
2486 -C does not match, which allows it to work when sshd_config contains a Match
2487 directive with or without -C. bz#2858, ok djm@
2488
2489 OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb
2490
2491commit 5696512d7ad57e85e89f8011ce8dec617be686aa
2492Author: dtucker@openbsd.org <dtucker@openbsd.org>
2493Date: Thu Apr 18 07:32:56 2019 +0000
2494
2495 upstream: Remove crc32.{c,h} which were only used by the now-gone
2496
2497 SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.
2498
2499 OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
2500
2501commit 34e87fb5d9ce607f5701ab4c31d837ad8133e2d1
2502Author: Darren Tucker <dtucker@dtucker.net>
2503Date: Tue Apr 30 12:27:57 2019 +1000
2504
2505 Remove unused variables from RLIMIT_NOFILE test.
2506
2507commit 35e82e62c1ef53cfa457473a4c4d957d6197371a
2508Author: Darren Tucker <dtucker@dtucker.net>
2509Date: Fri Apr 26 18:38:27 2019 +1000
2510
2511 Import regenerated moduli.
2512
2513commit 5590f53f99219e95dc23b0ebd220f19a6f46b101
2514Author: Darren Tucker <dtucker@dtucker.net>
2515Date: Fri Apr 26 18:22:10 2019 +1000
2516
2517 Whitespace resync w/OpenBSD.
2518
2519 Patch from markus at blueflash.cc via openssh-unix-dev.
2520
2521commit b7b8334914fb9397a6725f3b5d2de999b0bb69ac
2522Author: Darren Tucker <dtucker@dtucker.net>
2523Date: Fri Apr 26 18:06:34 2019 +1000
2524
2525 Don't install duplicate STREAMS modules on Solaris
2526
2527 Check if STREAMS modules are already installed on pty before installing
2528 since when compiling with XPG>=4 they will likely be installed already.
2529 Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998,
2530 patch from djm@
2531
1commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d 2532commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d
2Author: Damien Miller <djm@mindrot.org> 2533Author: Damien Miller <djm@mindrot.org>
3Date: Thu Apr 18 08:52:57 2019 +1000 2534Date: Thu Apr 18 08:52:57 2019 +1000
@@ -7937,2406 +10468,3 @@ Date: Thu Oct 5 12:56:50 2017 +0000
7937 %C is hashed; from klemens nanni ok markus 10468 %C is hashed; from klemens nanni ok markus
7938 10469
7939 Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 10470 Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
7940
7941commit a66714508b86d6814e9055fefe362d9fe4d49ab3
7942Author: djm@openbsd.org <djm@openbsd.org>
7943Date: Wed Oct 4 18:50:23 2017 +0000
7944
7945 upstream commit
7946
7947 exercise PermitOpen a little more thoroughly
7948
7949 Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
7950
7951commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6
7952Author: dtucker@openbsd.org <dtucker@openbsd.org>
7953Date: Tue Sep 26 22:39:25 2017 +0000
7954
7955 upstream commit
7956
7957 UsePrivilegeSeparation is gone, stop trying to test it.
7958
7959 Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
7960
7961commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b
7962Author: djm@openbsd.org <djm@openbsd.org>
7963Date: Wed Oct 4 18:49:30 2017 +0000
7964
7965 upstream commit
7966
7967 fix (another) problem in PermitOpen introduced during the
7968 channels.c refactor: the third and subsequent arguments to PermitOpen were
7969 being silently ignored; ok markus@
7970
7971 Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
7972
7973commit 66bf74a92131b7effe49fb0eefe5225151869dc5
7974Author: djm@openbsd.org <djm@openbsd.org>
7975Date: Mon Oct 2 19:33:20 2017 +0000
7976
7977 upstream commit
7978
7979 Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
7980
7981 Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
7982
7983commit d63b38160a59039708fd952adc75a0b3da141560
7984Author: Damien Miller <djm@mindrot.org>
7985Date: Sun Oct 1 10:32:25 2017 +1100
7986
7987 update URL again
7988
7989 I spotted a typo in the draft so uploaded a new version...
7990
7991commit 6f64f596430cd3576c529f07acaaf2800aa17d58
7992Author: Damien Miller <djm@mindrot.org>
7993Date: Sun Oct 1 10:01:56 2017 +1100
7994
7995 sync release notes URL
7996
7997commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d
7998Author: Damien Miller <djm@mindrot.org>
7999Date: Sun Oct 1 10:01:25 2017 +1100
8000
8001 sync contrib/ssh-copy-id with upstream
8002
8003commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66
8004Author: Damien Miller <djm@mindrot.org>
8005Date: Sun Oct 1 09:59:19 2017 +1100
8006
8007 update version in RPM spec files
8008
8009commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d
8010Author: Damien Miller <djm@mindrot.org>
8011Date: Sun Oct 1 09:58:24 2017 +1100
8012
8013 update agent draft URL
8014
8015commit e4a798f001d2ecd8bf025c1d07658079f27cc604
8016Author: djm@openbsd.org <djm@openbsd.org>
8017Date: Sat Sep 30 22:26:33 2017 +0000
8018
8019 upstream commit
8020
8021 openssh-7.6; ok deraadt@
8022
8023 Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
8024
8025commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d
8026Author: jmc@openbsd.org <jmc@openbsd.org>
8027Date: Wed Sep 27 06:45:53 2017 +0000
8028
8029 upstream commit
8030
8031 tweak EposeAuthinfo; diff from lars nooden
8032
8033 tweaked by sthen; ok djm dtucker
8034
8035 Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
8036
8037commit bba69c246f0331f657fd6ec97724df99fc1ad174
8038Author: Damien Miller <djm@mindrot.org>
8039Date: Thu Sep 28 16:06:21 2017 -0700
8040
8041 don't fatal ./configure for LibreSSL
8042
8043commit 04dc070e8b4507d9d829f910b29be7e3b2414913
8044Author: Damien Miller <djm@mindrot.org>
8045Date: Thu Sep 28 14:54:34 2017 -0700
8046
8047 abort in configure when only openssl-1.1.x found
8048
8049 We don't support openssl-1.1.x yet (see multiple threads on the
8050 openssh-unix-dev@ mailing list for the reason), but previously
8051 ./configure would accept it and the compilation would subsequently
8052 fail. This makes ./configure display an explicit error message and
8053 abort.
8054
8055 ok dtucker@
8056
8057commit 74c1c3660acf996d9dc329e819179418dc115f2c
8058Author: Darren Tucker <dtucker@zip.com.au>
8059Date: Wed Sep 27 07:44:41 2017 +1000
8060
8061 Check for and handle calloc(p, 0) = NULL.
8062
8063 On some platforms (AIX, maybe others) allocating zero bytes of memory
8064 via the various *alloc functions returns NULL, which is permitted
8065 by the standards. Autoconf has some macros for detecting this (with
8066 the exception of calloc for some reason) so use these and if necessary
8067 activate shims for them. ok djm@
8068
8069commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5
8070Author: markus@openbsd.org <markus@openbsd.org>
8071Date: Thu Sep 21 19:18:12 2017 +0000
8072
8073 upstream commit
8074
8075 test reverse dynamic forwarding with SOCKS
8076
8077 Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
8078
8079commit 1b9f321605733754df60fac8c1d3283c89b74455
8080Author: Damien Miller <djm@mindrot.org>
8081Date: Tue Sep 26 16:55:55 2017 +1000
8082
8083 sync missing changes in dynamic-forward.sh
8084
8085commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb
8086Author: Darren Tucker <dtucker@zip.com.au>
8087Date: Mon Sep 25 09:48:10 2017 +1000
8088
8089 Add minimal strsignal for platforms without it.
8090
8091commit 218e6f98df566fb9bd363f6aa47018cb65ede196
8092Author: djm@openbsd.org <djm@openbsd.org>
8093Date: Sun Sep 24 13:45:34 2017 +0000
8094
8095 upstream commit
8096
8097 fix inverted test on channel open failure path that
8098 "upgraded" a transient failure into a fatal error; reported by sthen and also
8099 seen by benno@; ok sthen@
8100
8101 Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
8102
8103commit c704f641f7b8777497dc82e81f2ac89afec7e401
8104Author: djm@openbsd.org <djm@openbsd.org>
8105Date: Sun Sep 24 09:50:01 2017 +0000
8106
8107 upstream commit
8108
8109 write the correct buffer when tunnel forwarding; doesn't
8110 matter on OpenBSD (they are the same) but does matter on portable where we
8111 use an output filter to translate os-specific tun/tap headers
8112
8113 Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
8114
8115commit 55486f5cef117354f0c64f991895835077b7c7f7
8116Author: djm@openbsd.org <djm@openbsd.org>
8117Date: Sat Sep 23 22:04:07 2017 +0000
8118
8119 upstream commit
8120
8121 fix tunnel forwarding problem introduced in refactor;
8122 reported by stsp@ ok markus@
8123
8124 Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
8125
8126commit 609d7a66ce578abf259da2d5f6f68795c2bda731
8127Author: markus@openbsd.org <markus@openbsd.org>
8128Date: Thu Sep 21 19:16:53 2017 +0000
8129
8130 upstream commit
8131
8132 Add 'reverse' dynamic forwarding which combines dynamic
8133 forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
8134 expects SOCKS-requests.
8135
8136 The SSH server code is unchanged and the parsing happens at the SSH
8137 clients side. Thus the full SOCKS-request is sent over the forwarded
8138 channel and the client parses c->output. Parsing happens in
8139 channel_before_prepare_select(), _before_ the select bitmask is
8140 computed in the pre[] handlers, but after network input processing
8141 in the post[] handlers.
8142
8143 help and ok djm@
8144
8145 Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
8146
8147commit 36945fa103176c00b39731e1fc1919a0d0808b81
8148Author: dtucker@openbsd.org <dtucker@openbsd.org>
8149Date: Wed Sep 20 05:19:00 2017 +0000
8150
8151 upstream commit
8152
8153 Use strsignal in debug message instead of casting for the
8154 benefit of portable where sig_atomic_t might not be int. "much nicer"
8155 deraadt@
8156
8157 Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
8158
8159commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e
8160Author: millert@openbsd.org <millert@openbsd.org>
8161Date: Tue Sep 19 12:10:30 2017 +0000
8162
8163 upstream commit
8164
8165 Use explicit_bzero() instead of bzero() before free() to
8166 prevent the compiler from optimizing away the bzero() call. OK djm@
8167
8168 Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
8169
8170commit 5b8da1f53854c0923ec6e927e86709e4d72737b6
8171Author: djm@openbsd.org <djm@openbsd.org>
8172Date: Tue Sep 19 04:24:22 2017 +0000
8173
8174 upstream commit
8175
8176 fix use-after-free in ~^Z escape handler path, introduced
8177 in channels.c refactor; spotted by millert@ "makes sense" deraadt@
8178
8179 Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
8180
8181commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e
8182Author: dtucker@openbsd.org <dtucker@openbsd.org>
8183Date: Mon Sep 18 12:03:24 2017 +0000
8184
8185 upstream commit
8186
8187 Prevent type mismatch warning in debug on platforms where
8188 sig_atomic_t != int. ok djm@
8189
8190 Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
8191
8192commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc
8193Author: dtucker@openbsd.org <dtucker@openbsd.org>
8194Date: Mon Sep 18 09:41:52 2017 +0000
8195
8196 upstream commit
8197
8198 Add braces missing after channels refactor. ok markus@
8199
8200 Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
8201
8202commit b79569190b9b76dfacc6d996faa482f16e8fc026
8203Author: Damien Miller <djm@mindrot.org>
8204Date: Tue Sep 19 12:29:23 2017 +1000
8205
8206 add freezero(3) replacement
8207
8208 ok dtucker@
8209
8210commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e
8211Author: Damien Miller <djm@mindrot.org>
8212Date: Tue Sep 19 10:18:56 2017 +1000
8213
8214 move FORTIFY_SOURCE into hardening options group
8215
8216 It's still on by default, but now it's possible to turn it off using
8217 --without-hardening. This is useful since it's known to cause problems
8218 with some -fsanitize options. ok dtucker@
8219
8220commit 09eacf856e0fe1a6e3fe597ec8032b7046292914
8221Author: bluhm@openbsd.org <bluhm@openbsd.org>
8222Date: Wed Sep 13 14:58:26 2017 +0000
8223
8224 upstream commit
8225
8226 Print SKIPPED if sudo and doas configuration is missing.
8227 Prevents that running the regression test with wrong environment is reported
8228 as failure. Keep the fatal there to avoid interfering with other setups for
8229 portable ssh. OK dtucker@
8230
8231 Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
8232
8233commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a
8234Author: dtucker@openbsd.org <dtucker@openbsd.org>
8235Date: Mon Aug 7 03:52:55 2017 +0000
8236
8237 upstream commit
8238
8239 Remove obsolete privsep=no fallback test.
8240
8241 Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
8242
8243commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8
8244Author: dtucker@openbsd.org <dtucker@openbsd.org>
8245Date: Mon Aug 7 00:53:51 2017 +0000
8246
8247 upstream commit
8248
8249 Remove non-privsep test since disabling privsep is now
8250 deprecated.
8251
8252 Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
8253
8254commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e
8255Author: dtucker@openbsd.org <dtucker@openbsd.org>
8256Date: Fri Jul 28 10:32:08 2017 +0000
8257
8258 upstream commit
8259
8260 Don't call fatal from stop_sshd since it calls cleanup
8261 which calls stop_sshd which will probably fail in the same way. Instead,
8262 just bail. Differentiate between sshd dying without cleanup and not shutting
8263 down.
8264
8265 Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
8266
8267commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba
8268Author: djm@openbsd.org <djm@openbsd.org>
8269Date: Thu Sep 14 04:32:21 2017 +0000
8270
8271 upstream commit
8272
8273 Revert commitid: gJtIN6rRTS3CHy9b.
8274
8275 -------------
8276 identify the case where SSHFP records are missing but other DNS RR
8277 types are present and display a more useful error message for this
8278 case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
8279 -------------
8280
8281 This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
8282 are missing but the user already has the key in known_hosts
8283
8284 Spotted by dtucker@
8285
8286 Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
8287
8288commit 871f1e4374420b07550041b329627c474abc3010
8289Author: Damien Miller <djm@mindrot.org>
8290Date: Tue Sep 12 18:01:35 2017 +1000
8291
8292 adapt portable to channels API changes
8293
8294commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb
8295Author: djm@openbsd.org <djm@openbsd.org>
8296Date: Tue Sep 12 07:55:48 2017 +0000
8297
8298 upstream commit
8299
8300 unused variable
8301
8302 Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
8303
8304commit 9145a73ce2ba30c82bbf91d7205bfd112529449f
8305Author: djm@openbsd.org <djm@openbsd.org>
8306Date: Tue Sep 12 07:32:04 2017 +0000
8307
8308 upstream commit
8309
8310 fix tun/tap forwarding case in previous
8311
8312 Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
8313
8314commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e
8315Author: djm@openbsd.org <djm@openbsd.org>
8316Date: Tue Sep 12 06:35:31 2017 +0000
8317
8318 upstream commit
8319
8320 Make remote channel ID a u_int
8321
8322 Previously we tracked the remote channel IDs in an int, but this is
8323 strictly incorrect: the wire protocol uses uint32 and there is nothing
8324 in-principle stopping a SSH implementation from sending, say, 0xffff0000.
8325
8326 In practice everyone numbers their channels sequentially, so this has
8327 never been a problem.
8328
8329 ok markus@
8330
8331 Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
8332
8333commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16
8334Author: djm@openbsd.org <djm@openbsd.org>
8335Date: Tue Sep 12 06:32:07 2017 +0000
8336
8337 upstream commit
8338
8339 refactor channels.c
8340
8341 Move static state to a "struct ssh_channels" that is allocated at
8342 runtime and tracked as a member of struct ssh.
8343
8344 Explicitly pass "struct ssh" to all channels functions.
8345
8346 Replace use of the legacy packet APIs in channels.c.
8347
8348 Rework sshd_config PermitOpen handling: previously the configuration
8349 parser would call directly into the channels layer. After the refactor
8350 this is not possible, as the channels structures are allocated at
8351 connection time and aren't available when the configuration is parsed.
8352 The server config parser now tracks PermitOpen itself and explicitly
8353 configures the channels code later.
8354
8355 ok markus@
8356
8357 Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
8358
8359commit abd59663df37a42152e37980113ccaa405b9a282
8360Author: djm@openbsd.org <djm@openbsd.org>
8361Date: Thu Sep 7 23:48:09 2017 +0000
8362
8363 upstream commit
8364
8365 typo in comment
8366
8367 Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
8368
8369commit 149a8cd24ce9dd47c36f571738681df5f31a326c
8370Author: jmc@openbsd.org <jmc@openbsd.org>
8371Date: Mon Sep 4 06:34:43 2017 +0000
8372
8373 upstream commit
8374
8375 tweak previous;
8376
8377 Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
8378
8379commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8
8380Author: Damien Miller <djm@mindrot.org>
8381Date: Fri Sep 8 12:44:13 2017 +1000
8382
8383 Fuzzer harnesses for sig verify and pubkey parsing
8384
8385 These are some basic clang libfuzzer harnesses for signature
8386 verification and public key parsing. Some assembly (metaphorical)
8387 required.
8388
8389commit de35c382894964a896a63ecd5607d3a3b93af75d
8390Author: Damien Miller <djm@mindrot.org>
8391Date: Fri Sep 8 12:38:31 2017 +1000
8392
8393 Give configure ability to set CFLAGS/LDFLAGS later
8394
8395 Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
8396 in particular santization and fuzzer options that break assumptions
8397 about memory and file descriptor dispositions.
8398
8399 This adds two flags to configure --with-cflags-after and
8400 --with-ldflags-after that allow specifying additional compiler and
8401 linker options that are added to the resultant Makefiles but not
8402 used in the configure run itself.
8403
8404 E.g.
8405
8406 env CC=clang-3.9 ./configure \
8407 --with-cflags-after=-fsantize=address \
8408 --with-ldflags-after="-g -fsanitize=address"
8409
8410commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7
8411Author: djm@openbsd.org <djm@openbsd.org>
8412Date: Sun Sep 3 23:33:13 2017 +0000
8413
8414 upstream commit
8415
8416 Expand ssh_config's StrictModes option with two new
8417 settings:
8418
8419 StrictModes=accept-new will automatically accept hitherto-unseen keys
8420 but will refuse connections for changed or invalid hostkeys.
8421
8422 StrictModes=off is the same as StrictModes=no
8423
8424 Motivation:
8425
8426 StrictModes=no combines two behaviours for host key processing:
8427 automatically learning new hostkeys and continuing to connect to hosts
8428 with invalid/changed hostkeys. The latter behaviour is quite dangerous
8429 since it removes most of the protections the SSH protocol is supposed to
8430 provide.
8431
8432 Quite a few users want to automatically learn hostkeys however, so
8433 this makes that feature available with less danger.
8434
8435 At some point in the future, StrictModes=no will change to be a synonym
8436 for accept-new, with its current behaviour remaining available via
8437 StrictModes=off.
8438
8439 bz#2400, suggested by Michael Samuel; ok markus
8440
8441 Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
8442
8443commit ff3c42384033514e248ba5d7376aa033f4a2b99a
8444Author: jmc@openbsd.org <jmc@openbsd.org>
8445Date: Fri Sep 1 15:41:26 2017 +0000
8446
8447 upstream commit
8448
8449 remove blank line;
8450
8451 Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
8452
8453commit b828605d51f57851316d7ba402b4ae06cf37c55d
8454Author: djm@openbsd.org <djm@openbsd.org>
8455Date: Fri Sep 1 05:53:56 2017 +0000
8456
8457 upstream commit
8458
8459 identify the case where SSHFP records are missing but
8460 other DNS RR types are present and display a more useful error message for
8461 this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
8462
8463 Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
8464
8465commit 8042bad97e2789a50e8f742c3bcd665ebf0add32
8466Author: djm@openbsd.org <djm@openbsd.org>
8467Date: Fri Sep 1 05:50:48 2017 +0000
8468
8469 upstream commit
8470
8471 document available AuthenticationMethods; bz#2453 ok
8472 dtucker@
8473
8474 Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
8475
8476commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58
8477Author: djm@openbsd.org <djm@openbsd.org>
8478Date: Wed Aug 30 03:59:08 2017 +0000
8479
8480 upstream commit
8481
8482 pass packet state down to some of the channels function
8483 (more to come...); ok markus@
8484
8485 Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
8486
8487commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5
8488Author: jmc@openbsd.org <jmc@openbsd.org>
8489Date: Tue Aug 29 13:05:58 2017 +0000
8490
8491 upstream commit
8492
8493 sort options;
8494
8495 Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
8496
8497commit 530591a5795a02d01c78877d58604723918aac87
8498Author: dlg@openbsd.org <dlg@openbsd.org>
8499Date: Tue Aug 29 09:42:29 2017 +0000
8500
8501 upstream commit
8502
8503 add a -q option to ssh-add to make it quiet on success.
8504
8505 if you want to silence ssh-add without this you generally redirect
8506 the output to /dev/null, but that can hide error output which you
8507 should see.
8508
8509 ok djm@
8510
8511 Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
8512
8513commit a54eb27dd64b5eca3ba94e15cec3535124bd5029
8514Author: dtucker@openbsd.org <dtucker@openbsd.org>
8515Date: Sun Aug 27 00:38:41 2017 +0000
8516
8517 upstream commit
8518
8519 Increase the buffer sizes for user prompts to ensure that
8520 they won't be truncated by snprintf. Based on patch from cjwatson at
8521 debian.org via bz#2768, ok djm@
8522
8523 Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
8524
8525commit dd9d9b3381a4597b840d480b043823112039327e
8526Author: Darren Tucker <dtucker@zip.com.au>
8527Date: Mon Aug 28 16:48:27 2017 +1000
8528
8529 Switch Capsicum header to sys/capsicum.h.
8530
8531 FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to
8532 avoid future conflicts with POSIX capabilities (the last release that
8533 didn't have it was 9.3) so switch to that. Patch from des at des.no.
8534
8535commit f5e917ab105af5dd6429348d9bc463e52b263f92
8536Author: Darren Tucker <dtucker@zip.com.au>
8537Date: Sun Aug 27 08:55:40 2017 +1000
8538
8539 Add missing includes for bsd-err.c.
8540
8541 Patch from cjwatson at debian.org via bz#2767.
8542
8543commit 878e029797cfc9754771d6f6ea17f8c89e11d225
8544Author: Damien Miller <djm@mindrot.org>
8545Date: Fri Aug 25 13:25:01 2017 +1000
8546
8547 Split platform_sys_dir_uid into its own file
8548
8549 platform.o is too heavy for libssh.a use; it calls into the server on
8550 many platforms. Move just the function needed by misc.c into its own
8551 file.
8552
8553commit 07949bfe9133234eddd01715592aa0dde67745f0
8554Author: Damien Miller <djm@mindrot.org>
8555Date: Wed Aug 23 20:13:18 2017 +1000
8556
8557 misc.c needs functions from platform.c now
8558
8559commit b074c3c3f820000a21953441cea7699c4b17d72f
8560Author: djm@openbsd.org <djm@openbsd.org>
8561Date: Fri Aug 18 05:48:04 2017 +0000
8562
8563 upstream commit
8564
8565 add a "quiet" flag to exited_cleanly() that supresses
8566 errors about exit status (failure due to signal is still reported)
8567
8568 Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
8569
8570commit de4ae07f12dabf8815ecede54235fce5d22e3f63
8571Author: djm@openbsd.org <djm@openbsd.org>
8572Date: Fri Aug 18 05:36:45 2017 +0000
8573
8574 upstream commit
8575
8576 Move several subprocess-related functions from various
8577 locations to misc.c. Extend subprocess() to offer a little more control over
8578 stdio disposition.
8579
8580 feedback & ok dtucker@
8581
8582 Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
8583
8584commit 643c2ad82910691b2240551ea8b14472f60b5078
8585Author: djm@openbsd.org <djm@openbsd.org>
8586Date: Sat Aug 12 06:46:01 2017 +0000
8587
8588 upstream commit
8589
8590 make "--" before the hostname terminate command-line
8591 option processing completely; previous behaviour would not prevent further
8592 options appearing after the hostname (ssh has a supported options after the
8593 hostname for >20 years, so that's too late to change).
8594
8595 ok deraadt@
8596
8597 Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
8598
8599commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2
8600Author: djm@openbsd.org <djm@openbsd.org>
8601Date: Sat Aug 12 06:42:52 2017 +0000
8602
8603 upstream commit
8604
8605 Switch from aes256-cbc to aes256-ctr for encrypting
8606 new-style private keys. The latter having the advantage of being supported
8607 for no-OpenSSL builds; bz#2754 ok markus@
8608
8609 Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
8610
8611commit c4972d0a9bd6f898462906b4827e09b7caea2d9b
8612Author: djm@openbsd.org <djm@openbsd.org>
8613Date: Fri Aug 11 04:47:12 2017 +0000
8614
8615 upstream commit
8616
8617 refuse to a private keys when its corresponding .pub key
8618 does not match. bz#2737 ok dtucker@
8619
8620 Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
8621
8622commit 4b3ecbb663c919132dddb3758e17a23089413519
8623Author: djm@openbsd.org <djm@openbsd.org>
8624Date: Fri Aug 11 04:41:08 2017 +0000
8625
8626 upstream commit
8627
8628 don't print verbose error message when ssh disconnects
8629 under sftp; bz#2750; ok dtucker@
8630
8631 Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370
8632
8633commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34
8634Author: dtucker@openbsd.org <dtucker@openbsd.org>
8635Date: Fri Aug 11 04:16:35 2017 +0000
8636
8637 upstream commit
8638
8639 Tweak previous keepalive commit: if last_time + keepalive
8640 <= now instead of just "<" so client_alive_check will fire if the select
8641 happens to return on exact second of the timeout. ok djm@
8642
8643 Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc
8644
8645commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a
8646Author: dtucker@openbsd.org <dtucker@openbsd.org>
8647Date: Fri Aug 11 03:58:36 2017 +0000
8648
8649 upstream commit
8650
8651 Keep track of the last time we actually heard from the
8652 client and use this to also schedule a client_alive_check(). Prevents
8653 activity on a forwarded port from indefinitely preventing the select timeout
8654 so that client_alive_check() will eventually (although not optimally) be
8655 called.
8656
8657 Analysis by willchan at google com via bz#2756, feedback & ok djm@
8658
8659 Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e
8660
8661commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f
8662Author: Damien Miller <djm@mindrot.org>
8663Date: Fri Jul 28 14:50:59 2017 +1000
8664
8665 Expose list of completed auth methods to PAM
8666
8667 bz#2408; ok dtucker@
8668
8669commit c78e6eec78c88acf8d51db90ae05a3e39458603d
8670Author: Damien Miller <djm@mindrot.org>
8671Date: Fri Jul 21 14:38:16 2017 +1000
8672
8673 fix problems in tunnel forwarding portability code
8674
8675 This fixes a few problems in the tun forwarding code, mostly to do
8676 with host/network byte order confusion.
8677
8678 Based on a report and patch by stepe AT centaurus.uberspace.de;
8679 bz#2735; ok dtucker@
8680
8681commit 2985d4062ebf4204bbd373456a810d558698f9f5
8682Author: dtucker@openbsd.org <dtucker@openbsd.org>
8683Date: Tue Jul 25 09:22:25 2017 +0000
8684
8685 upstream commit
8686
8687 Make WinSCP patterns for SSH_OLD_DHGEX more specific to
8688 exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@
8689
8690 Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
8691
8692commit 9f0e44e1a0439ff4646495d5735baa61138930a9
8693Author: djm@openbsd.org <djm@openbsd.org>
8694Date: Mon Jul 24 04:34:28 2017 +0000
8695
8696 upstream commit
8697
8698 g/c unused variable; make a little more portable
8699
8700 Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
8701
8702commit 51676ec61491ec6d7cbd06082034e29b377b3bf6
8703Author: djm@openbsd.org <djm@openbsd.org>
8704Date: Sun Jul 23 23:37:02 2017 +0000
8705
8706 upstream commit
8707
8708 Allow IPQoS=none in ssh/sshd to not set an explicit
8709 ToS/DSCP value and just use the operating system default; ok dtucker@
8710
8711 Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
8712
8713commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d
8714Author: Damien Miller <djm@mindrot.org>
8715Date: Fri Jul 21 14:24:26 2017 +1000
8716
8717 mention libedit
8718
8719commit dc2bd308768386b02c7337120203ca477e67ba62
8720Author: markus@openbsd.org <markus@openbsd.org>
8721Date: Wed Jul 19 08:30:41 2017 +0000
8722
8723 upstream commit
8724
8725 fix support for unknown key types; ok djm@
8726
8727 Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
8728
8729commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9
8730Author: djm@openbsd.org <djm@openbsd.org>
8731Date: Wed Jul 19 01:15:02 2017 +0000
8732
8733 upstream commit
8734
8735 switch from select() to poll() for the ssh-agent
8736 mainloop; ok markus
8737
8738 Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
8739
8740commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3
8741Author: dtucker@openbsd.org <dtucker@openbsd.org>
8742Date: Fri Jul 14 03:18:21 2017 +0000
8743
8744 upstream commit
8745
8746 Make ""Killed by signal 1" LogLevel verbose so it's not
8747 shown at the default level. Prevents it from appearing during ssh -J and
8748 equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@
8749
8750 Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
8751
8752commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498
8753Author: jmc@openbsd.org <jmc@openbsd.org>
8754Date: Thu Jul 13 19:16:33 2017 +0000
8755
8756 upstream commit
8757
8758 man pages with pseudo synopses which list filenames end
8759 up creating very ugly output in man -k; after some discussion with ingo, we
8760 feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly
8761 helpful at page top, is contained already in FILES, and there are
8762 sufficiently few that just zapping them is simple;
8763
8764 ok schwarze, who also helpfully ran things through a build to check
8765 output;
8766
8767 Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
8768
8769commit 7f13a4827fb28957161de4249bd6d71954f1f2ed
8770Author: espie@openbsd.org <espie@openbsd.org>
8771Date: Mon Jul 10 14:09:59 2017 +0000
8772
8773 upstream commit
8774
8775 zap redundant Makefile variables. okay djm@
8776
8777 Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604
8778
8779commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0
8780Author: jmc@openbsd.org <jmc@openbsd.org>
8781Date: Sat Jul 8 18:32:54 2017 +0000
8782
8783 upstream commit
8784
8785 slightly rework previous, to avoid an article issue;
8786
8787 Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
8788
8789commit 853edbe057a84ebd0024c8003e4da21bf2b469f7
8790Author: djm@openbsd.org <djm@openbsd.org>
8791Date: Fri Jul 7 03:53:12 2017 +0000
8792
8793 upstream commit
8794
8795 When generating all hostkeys (ssh-keygen -A), clobber
8796 existing keys if they exist but are zero length. zero-length keys could
8797 previously be made if ssh-keygen failed part way through generating them, so
8798 avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
8799
8800 Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
8801
8802commit 43616876ba68a2ffaece6a6c792def4b039f2d6e
8803Author: djm@openbsd.org <djm@openbsd.org>
8804Date: Sat Jul 1 22:55:44 2017 +0000
8805
8806 upstream commit
8807
8808 actually remove these files
8809
8810 Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac
8811
8812commit 83fa3a044891887369ce8b487ce88d713a04df48
8813Author: djm@openbsd.org <djm@openbsd.org>
8814Date: Sat Jul 1 13:50:45 2017 +0000
8815
8816 upstream commit
8817
8818 remove post-SSHv1 removal dead code from rsa.c and merge
8819 the remaining bit that it still used into ssh-rsa.c; ok markus
8820
8821 Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
8822
8823commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0
8824Author: Damien Miller <djm@mindrot.org>
8825Date: Fri Jul 14 14:26:36 2017 +1000
8826
8827 make explicit_bzero/memset safe for sz=0
8828
8829commit 8433d51e067e0829f5521c0c646b6fd3fe17e732
8830Author: Tim Rice <tim@multitalents.net>
8831Date: Tue Jul 11 18:47:56 2017 -0700
8832
8833 modified: configure.ac
8834 UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris
8835 Analysis by Robbie Zhang
8836
8837commit ff3507aea9c7d30cd098e7801e156c68faff7cc7
8838Author: Damien Miller <djm@mindrot.org>
8839Date: Fri Jul 7 11:21:27 2017 +1000
8840
8841 typo
8842
8843commit d79bceb9311a9c137d268f5bc481705db4151810
8844Author: dtucker@openbsd.org <dtucker@openbsd.org>
8845Date: Fri Jun 30 04:17:23 2017 +0000
8846
8847 upstream commit
8848
8849 Only call close once in confree(). ssh_packet_close will
8850 close the FD so only explicitly close non-SSH channels. bz#2734, from
8851 bagajjal at microsoft.com, ok djm@
8852
8853 Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
8854
8855commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075
8856Author: Darren Tucker <dtucker@zip.com.au>
8857Date: Thu Jun 29 15:40:25 2017 +1000
8858
8859 Update link for my patches.
8860
8861commit a98339edbc1fc21342a390f345179a9c3031bef7
8862Author: djm@openbsd.org <djm@openbsd.org>
8863Date: Wed Jun 28 01:09:22 2017 +0000
8864
8865 upstream commit
8866
8867 Allow ssh-keygen to use a key held in ssh-agent as a CA when
8868 signing certificates. bz#2377 ok markus
8869
8870 Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
8871
8872commit c9cdef35524bd59007e17d5bd2502dade69e2dfb
8873Author: djm@openbsd.org <djm@openbsd.org>
8874Date: Sat Jun 24 06:35:24 2017 +0000
8875
8876 upstream commit
8877
8878 regress test for ExposeAuthInfo
8879
8880 Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
8881
8882commit f17ee61cad25d210edab69d04ed447ad55fe80c1
8883Author: djm@openbsd.org <djm@openbsd.org>
8884Date: Sat Jun 24 07:08:57 2017 +0000
8885
8886 upstream commit
8887
8888 correct env var name
8889
8890 Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
8891
8892commit 40962198e3b132cecdb32e9350acd4294e6a1082
8893Author: jmc@openbsd.org <jmc@openbsd.org>
8894Date: Sat Jun 24 06:57:04 2017 +0000
8895
8896 upstream commit
8897
8898 spelling;
8899
8900 Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
8901
8902commit 33f86265d7e8a0e88d3a81745d746efbdd397370
8903Author: djm@openbsd.org <djm@openbsd.org>
8904Date: Sat Jun 24 06:38:11 2017 +0000
8905
8906 upstream commit
8907
8908 don't pass pointer to struct sshcipher between privsep
8909 processes, just redo the lookup in each using the already-passed cipher name.
8910 bz#2704 based on patch from Brooks Davis; ok markus dtucker
8911
8912 Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
8913
8914commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0
8915Author: djm@openbsd.org <djm@openbsd.org>
8916Date: Sat Jun 24 06:34:38 2017 +0000
8917
8918 upstream commit
8919
8920 refactor authentication logging
8921
8922 optionally record successful auth methods and public credentials
8923 used in a file accessible to user sessions
8924
8925 feedback and ok markus@
8926
8927 Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
8928
8929commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba
8930Author: jmc@openbsd.org <jmc@openbsd.org>
8931Date: Sat Jun 24 06:28:50 2017 +0000
8932
8933 upstream commit
8934
8935 word fix;
8936
8937 Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5
8938
8939commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513
8940Author: djm@openbsd.org <djm@openbsd.org>
8941Date: Sat Jun 24 05:37:44 2017 +0000
8942
8943 upstream commit
8944
8945 switch sshconnect.c from (slightly abused) select() to
8946 poll(); ok deraadt@ a while back
8947
8948 Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175
8949
8950commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765
8951Author: djm@openbsd.org <djm@openbsd.org>
8952Date: Sat Jun 24 05:35:05 2017 +0000
8953
8954 upstream commit
8955
8956 use HostKeyAlias if specified instead of hostname for
8957 matching host certificate principal names; bz#2728; ok dtucker@
8958
8959 Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
8960
8961commit 8904ffce057b80a7472955f1ec00d7d5c250076c
8962Author: djm@openbsd.org <djm@openbsd.org>
8963Date: Sat Jun 24 05:24:11 2017 +0000
8964
8965 upstream commit
8966
8967 no need to call log_init to reinitialise logged PID in
8968 child sessions, since we haven't called openlog() in log_init() since 1999;
8969 ok markus@
8970
8971 Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
8972
8973commit e238645d789cd7eb47541b66aea2a887ea122c9b
8974Author: mestre@openbsd.org <mestre@openbsd.org>
8975Date: Fri Jun 23 07:24:48 2017 +0000
8976
8977 upstream commit
8978
8979 When using the escape sequence &~ the code path is
8980 client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork()
8981 and the pledge for this path lacks the proc promise and therefore aborts the
8982 process. The solution is to just add proc the promise to this specific
8983 pledge.
8984
8985 Reported by Gregoire Jadi gjadi ! omecha.info
8986 Insight with tb@, OK jca@
8987
8988 Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b
8989
8990commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3
8991Author: dtucker@openbsd.org <dtucker@openbsd.org>
8992Date: Fri Jun 23 03:30:42 2017 +0000
8993
8994 upstream commit
8995
8996 Import regenerated moduli.
8997
8998 Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95
8999
9000commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f
9001Author: dtucker@openbsd.org <dtucker@openbsd.org>
9002Date: Fri Jun 23 03:25:53 2017 +0000
9003
9004 upstream commit
9005
9006 Run the screen twice so we end up with more candidate
9007 groups. ok djm@
9008
9009 Upstream-ID: b92c93266d8234d493857bb822260dacf4366157
9010
9011commit 4626e39c7053c6486c1c8b708ec757e464623f5f
9012Author: dtucker@openbsd.org <dtucker@openbsd.org>
9013Date: Wed Jun 14 00:31:38 2017 +0000
9014
9015 upstream commit
9016
9017 Add user@host prefix to client's "Permisison denied"
9018 messages, useful in particular when using "stacked" connections where it's
9019 not clear which host is denying. bz#2720, ok djm@ markus@
9020
9021 Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
9022
9023commit c948030d54911b2d3cddb96a7a8e9269e15d11cd
9024Author: djm@openbsd.org <djm@openbsd.org>
9025Date: Tue Jun 13 12:13:59 2017 +0000
9026
9027 upstream commit
9028
9029 Do not require that unknown EXT_INFO extension values not
9030 contain \0 characters. This would cause fatal connection errors if an
9031 implementation sent e.g. string-encoded sub-values inside a value.
9032
9033 Reported by Denis Bider; ok markus@
9034
9035 Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c
9036
9037commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e
9038Author: djm@openbsd.org <djm@openbsd.org>
9039Date: Tue Jun 13 11:22:15 2017 +0000
9040
9041 upstream commit
9042
9043 missing prototype.
9044
9045 Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9
9046
9047commit bcd1485075aa72ba9418003f5cc27af2b049c51b
9048Author: Damien Miller <djm@mindrot.org>
9049Date: Sat Jun 10 23:41:25 2017 +1000
9050
9051 portability for sftp globbed ls sort by mtime
9052
9053 Include replacement timespeccmp() for systems that lack it.
9054 Support time_t struct stat->st_mtime in addition to
9055 timespec stat->st_mtim, as well as unsorted fallback.
9056
9057commit 072e172f1d302d2a2c6043ecbfb4004406717b96
9058Author: djm@openbsd.org <djm@openbsd.org>
9059Date: Sat Jun 10 06:36:46 2017 +0000
9060
9061 upstream commit
9062
9063 print '?' instead of incorrect link count (that the
9064 protocol doesn't provide) for remote listings. bz#2710 ok dtucker@
9065
9066 Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e
9067
9068commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505
9069Author: djm@openbsd.org <djm@openbsd.org>
9070Date: Sat Jun 10 06:33:34 2017 +0000
9071
9072 upstream commit
9073
9074 implement sorting for globbed ls; bz#2649 ok dtucker@
9075
9076 Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8
9077
9078commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721
9079Author: djm@openbsd.org <djm@openbsd.org>
9080Date: Fri Jun 9 06:47:13 2017 +0000
9081
9082 upstream commit
9083
9084 return failure rather than fatal() for more cases during
9085 mux negotiations. Causes the session to fall back to a non-mux connection if
9086 they occur. bz#2707 ok dtucker@
9087
9088 Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
9089
9090commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976
9091Author: djm@openbsd.org <djm@openbsd.org>
9092Date: Fri Jun 9 06:43:01 2017 +0000
9093
9094 upstream commit
9095
9096 in description of public key authentication, mention that
9097 the server will send debug messages to the client for some error conditions
9098 after authentication has completed. bz#2709 ok dtucker
9099
9100 Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
9101
9102commit 2076e4adb986512ce8c415dd194fd4e52136c4b4
9103Author: djm@openbsd.org <djm@openbsd.org>
9104Date: Fri Jun 9 06:40:24 2017 +0000
9105
9106 upstream commit
9107
9108 better translate libcrypto errors by looking deeper in
9109 the accursed error stack for codes that indicate the wrong passphrase was
9110 supplied for a PEM key. bz#2699 ok dtucker@
9111
9112 Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
9113
9114commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c
9115Author: dtucker@openbsd.org <dtucker@openbsd.org>
9116Date: Fri Jun 9 04:40:04 2017 +0000
9117
9118 upstream commit
9119
9120 Add comments referring to the relevant RFC sections for
9121 rekeying behaviour.
9122
9123 Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40
9124
9125commit ce9134260b9b1247e2385a1afed00c26112ba479
9126Author: Damien Miller <djm@mindrot.org>
9127Date: Fri Jun 9 14:43:47 2017 +1000
9128
9129 drop two more privileges in the Solaris sandbox
9130
9131 Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO.
9132 Patch from huieying.lee AT oracle.com via bz#2723
9133
9134commit e0f609c8a2ab940374689ab8c854199c3c285a76
9135Author: Darren Tucker <dtucker@zip.com.au>
9136Date: Fri Jun 9 13:36:29 2017 +1000
9137
9138 Wrap stdint.h include in #ifdef.
9139
9140commit 1de5e47a85850526a4fdaf77185134046c050f75
9141Author: djm@openbsd.org <djm@openbsd.org>
9142Date: Wed Jun 7 01:48:15 2017 +0000
9143
9144 upstream commit
9145
9146 unbreak after sshv1 purge
9147
9148 Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b
9149
9150commit 550c053168123fcc0791f9952abad684704b5760
9151Author: dtucker@openbsd.org <dtucker@openbsd.org>
9152Date: Tue Jun 6 09:12:17 2017 +0000
9153
9154 upstream commit
9155
9156 Fix compression output stats broken in rev 1.201. Patch
9157 originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok
9158 djm@
9159
9160 Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016
9161
9162commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39
9163Author: djm@openbsd.org <djm@openbsd.org>
9164Date: Fri Jun 2 06:06:10 2017 +0000
9165
9166 upstream commit
9167
9168 rationalise the long list of manual CDIAGFLAGS that we
9169 add; most of these were redundant to -Wall -Wextra
9170
9171 Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c
9172
9173commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1
9174Author: djm@openbsd.org <djm@openbsd.org>
9175Date: Thu Jun 1 06:59:21 2017 +0000
9176
9177 upstream commit
9178
9179 no need to bzero allocated space now that we use use
9180 recallocarray; ok deraadt@
9181
9182 Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8
9183
9184commit cc812baf39b93d5355565da98648d8c31f955990
9185Author: djm@openbsd.org <djm@openbsd.org>
9186Date: Thu Jun 1 06:58:25 2017 +0000
9187
9188 upstream commit
9189
9190 unconditionally zero init size of buffer; ok markus@
9191 deraadt@
9192
9193 Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29
9194
9195commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226
9196Author: Damien Miller <djm@mindrot.org>
9197Date: Thu Jun 1 16:25:09 2017 +1000
9198
9199 avoid compiler warning
9200
9201commit 2d75d74272dc2a0521fce13cfe6388800c9a2406
9202Author: djm@openbsd.org <djm@openbsd.org>
9203Date: Thu Jun 1 06:16:43 2017 +0000
9204
9205 upstream commit
9206
9207 some warnings spotted by clang; ok markus@
9208
9209 Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b
9210
9211commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e
9212Author: Damien Miller <djm@mindrot.org>
9213Date: Thu Jun 1 15:25:13 2017 +1000
9214
9215 add recallocarray replacement and dependency
9216
9217 recallocarray() needs getpagesize() so add a tiny replacement for that.
9218
9219commit 01e6f78924da308447e71e9a32c8a6104ef4e888
9220Author: Damien Miller <djm@mindrot.org>
9221Date: Thu Jun 1 15:16:24 2017 +1000
9222
9223 add *.0 manpage droppings
9224
9225commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36
9226Author: djm@openbsd.org <djm@openbsd.org>
9227Date: Thu Jun 1 04:51:58 2017 +0000
9228
9229 upstream commit
9230
9231 fix casts re constness
9232
9233 Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266
9234
9235commit 75b8af8de805c0694b37fcf80ce82783b2acc86f
9236Author: markus@openbsd.org <markus@openbsd.org>
9237Date: Wed May 31 10:54:00 2017 +0000
9238
9239 upstream commit
9240
9241 make sure we don't pass a NULL string to vfprintf
9242 (triggered by the principals-command regress test); ok bluhm
9243
9244 Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
9245
9246commit 84008608c9ee944d9f72f5100f31ccff743b10f2
9247Author: markus@openbsd.org <markus@openbsd.org>
9248Date: Wed May 31 10:04:29 2017 +0000
9249
9250 upstream commit
9251
9252 use SO_ZEROIZE for privsep communication (if available)
9253
9254 Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
9255
9256commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11
9257Author: deraadt@openbsd.org <deraadt@openbsd.org>
9258Date: Wed May 31 09:15:42 2017 +0000
9259
9260 upstream commit
9261
9262 Switch to recallocarray() for a few operations. Both
9263 growth and shrinkage are handled safely, and there also is no need for
9264 preallocation dances. Future changes in this area will be less error prone.
9265 Review and one bug found by markus
9266
9267 Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
9268
9269commit dc5dc45662773c0f7745c29cf77ae2d52723e55e
9270Author: deraadt@openbsd.org <deraadt@openbsd.org>
9271Date: Wed May 31 08:58:52 2017 +0000
9272
9273 upstream commit
9274
9275 These shutdown() SHUT_RDWR are not needed before close()
9276 ok djm markus claudio
9277
9278 Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
9279
9280commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e
9281Author: markus@openbsd.org <markus@openbsd.org>
9282Date: Wed May 31 08:09:45 2017 +0000
9283
9284 upstream commit
9285
9286 clear session keys from memory; ok djm@
9287
9288 Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
9289
9290commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8
9291Author: markus@openbsd.org <markus@openbsd.org>
9292Date: Wed May 31 07:00:13 2017 +0000
9293
9294 upstream commit
9295
9296 remove now obsolete ctx from ssh_dispatch_run; ok djm@
9297
9298 Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
9299
9300commit 17ad5b346043c5bbc5befa864d0dbeb76be39390
9301Author: markus@openbsd.org <markus@openbsd.org>
9302Date: Wed May 31 05:34:14 2017 +0000
9303
9304 upstream commit
9305
9306 use the ssh_dispatch_run_fatal variant
9307
9308 Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
9309
9310commit 39896b777320a6574dd06707aebac5fb98e666da
9311Author: djm@openbsd.org <djm@openbsd.org>
9312Date: Wed May 31 05:08:46 2017 +0000
9313
9314 upstream commit
9315
9316 another ctx => ssh conversion (in GSSAPI code)
9317
9318 Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
9319
9320commit 6116bd4ed354a71a733c8fd0f0467ce612f12911
9321Author: Damien Miller <djm@mindrot.org>
9322Date: Wed May 31 14:56:07 2017 +1000
9323
9324 fix conversion of kexc25519s.c to struct ssh too
9325
9326 git cvsimport missed this commit for some reason
9327
9328commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7
9329Author: djm@openbsd.org <djm@openbsd.org>
9330Date: Wed May 31 04:29:44 2017 +0000
9331
9332 upstream commit
9333
9334 spell out that custom options/extensions should follow the
9335 usual SSH naming rules, e.g. "extension@example.com"
9336
9337 Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d
9338
9339commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b
9340Author: djm@openbsd.org <djm@openbsd.org>
9341Date: Wed May 31 04:17:12 2017 +0000
9342
9343 upstream commit
9344
9345 one more void *ctx => struct ssh *ssh conversion
9346
9347 Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2
9348
9349commit c04e979503e97f52b750d3b98caa6fe004ab2ab9
9350Author: djm@openbsd.org <djm@openbsd.org>
9351Date: Wed May 31 00:43:04 2017 +0000
9352
9353 upstream commit
9354
9355 fix possible OOB strlen() in SOCKS4A hostname parsing;
9356 ok markus@
9357
9358 Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
9359
9360commit a3bb250c93bfe556838c46ed965066afce61cffa
9361Author: jmc@openbsd.org <jmc@openbsd.org>
9362Date: Tue May 30 19:38:17 2017 +0000
9363
9364 upstream commit
9365
9366 tweak previous;
9367
9368 Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031
9369
9370commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc
9371Author: bluhm@openbsd.org <bluhm@openbsd.org>
9372Date: Tue May 30 18:58:37 2017 +0000
9373
9374 upstream commit
9375
9376 Add RemoteCommand option to specify a command in the
9377 ssh config file instead of giving it on the client's command line. This
9378 command will be executed on the remote host. The feature allows to automate
9379 tasks using ssh config. OK markus@
9380
9381 Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
9382
9383commit eb272ea4099fd6157846f15c129ac5727933aa69
9384Author: markus@openbsd.org <markus@openbsd.org>
9385Date: Tue May 30 14:29:59 2017 +0000
9386
9387 upstream commit
9388
9389 switch auth2 to ssh_dispatch API; ok djm@
9390
9391 Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
9392
9393commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9
9394Author: markus@openbsd.org <markus@openbsd.org>
9395Date: Tue May 30 14:27:22 2017 +0000
9396
9397 upstream commit
9398
9399 switch auth2-none.c to modern APIs; ok djm@
9400
9401 Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b
9402
9403commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2
9404Author: markus@openbsd.org <markus@openbsd.org>
9405Date: Tue May 30 14:26:49 2017 +0000
9406
9407 upstream commit
9408
9409 switch auth2-passwd.c to modern APIs; ok djm@
9410
9411 Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7
9412
9413commit eb76698b91338bd798c978d4db2d6af624d185e4
9414Author: markus@openbsd.org <markus@openbsd.org>
9415Date: Tue May 30 14:25:42 2017 +0000
9416
9417 upstream commit
9418
9419 switch auth2-hostbased.c to modern APIs; ok djm@
9420
9421 Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e
9422
9423commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd
9424Author: markus@openbsd.org <markus@openbsd.org>
9425Date: Tue May 30 14:23:52 2017 +0000
9426
9427 upstream commit
9428
9429 protocol handlers all get struct ssh passed; ok djm@
9430
9431 Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
9432
9433commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6
9434Author: markus@openbsd.org <markus@openbsd.org>
9435Date: Tue May 30 14:19:15 2017 +0000
9436
9437 upstream commit
9438
9439 ssh: pass struct ssh to auth functions, too; ok djm@
9440
9441 Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd
9442
9443commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b
9444Author: markus@openbsd.org <markus@openbsd.org>
9445Date: Tue May 30 14:18:15 2017 +0000
9446
9447 upstream commit
9448
9449 sshd: pass struct ssh to auth functions; ok djm@
9450
9451 Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
9452
9453commit 7da5df11ac788bc1133d8d598d298e33500524cc
9454Author: markus@openbsd.org <markus@openbsd.org>
9455Date: Tue May 30 14:16:41 2017 +0000
9456
9457 upstream commit
9458
9459 remove unused wrapper functions from key.[ch]; ok djm@
9460
9461 Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
9462
9463commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5
9464Author: markus@openbsd.org <markus@openbsd.org>
9465Date: Tue May 30 14:15:17 2017 +0000
9466
9467 upstream commit
9468
9469 sshkey_new() might return NULL (pkcs#11 code only); ok
9470 djm@
9471
9472 Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
9473
9474commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef
9475Author: markus@openbsd.org <markus@openbsd.org>
9476Date: Tue May 30 14:13:40 2017 +0000
9477
9478 upstream commit
9479
9480 switch sshconnect.c to modern APIs; ok djm@
9481
9482 Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad
9483
9484commit 00ed75c92d1f95fe50032835106c368fa22f0f02
9485Author: markus@openbsd.org <markus@openbsd.org>
9486Date: Tue May 30 14:10:53 2017 +0000
9487
9488 upstream commit
9489
9490 switch auth2-pubkey.c to modern APIs; with & ok djm@
9491
9492 Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
9493
9494commit 54d90ace1d3535b44d92a8611952dc109a74a031
9495Author: markus@openbsd.org <markus@openbsd.org>
9496Date: Tue May 30 08:52:19 2017 +0000
9497
9498 upstream commit
9499
9500 switch from Key typedef with struct sshkey; ok djm@
9501
9502 Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
9503
9504commit c221219b1fbee47028dcaf66613f4f8d6b7640e9
9505Author: markus@openbsd.org <markus@openbsd.org>
9506Date: Tue May 30 08:49:58 2017 +0000
9507
9508 upstream commit
9509
9510 remove ssh1 references; ok djm@
9511
9512 Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
9513
9514commit afbfa68fa18081ef05a9cd294958509a5d3cda8b
9515Author: markus@openbsd.org <markus@openbsd.org>
9516Date: Tue May 30 08:49:32 2017 +0000
9517
9518 upstream commit
9519
9520 revise sshkey_load_public(): remove ssh1 related
9521 comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if
9522 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@
9523
9524 Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca
9525
9526commit 813f55336a24fdfc45e7ed655fccc7d792e8f859
9527Author: markus@openbsd.org <markus@openbsd.org>
9528Date: Fri May 26 20:34:49 2017 +0000
9529
9530 upstream commit
9531
9532 sshbuf_consume: reset empty buffer; ok djm@
9533
9534 Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821
9535
9536commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb
9537Author: markus@openbsd.org <markus@openbsd.org>
9538Date: Fri May 26 19:35:50 2017 +0000
9539
9540 upstream commit
9541
9542 remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@
9543
9544 Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
9545
9546commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8
9547Author: markus@openbsd.org <markus@openbsd.org>
9548Date: Fri May 26 19:34:12 2017 +0000
9549
9550 upstream commit
9551
9552 remove channel_input_close_confirmation (ssh1 only); ok
9553 djm@
9554
9555 Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
9556
9557commit 8ba0fd40082751dbbc23a830433488bbfb1abdca
9558Author: djm@openbsd.org <djm@openbsd.org>
9559Date: Fri May 26 01:40:07 2017 +0000
9560
9561 upstream commit
9562
9563 fix references to obsolete v00 cert format; spotted by
9564 Jakub Jelen
9565
9566 Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f
9567
9568commit dcc714c65cfb81eb6903095b4590719e8690f3da
9569Author: Mike Frysinger <vapier@chromium.org>
9570Date: Wed May 24 23:21:19 2017 -0400
9571
9572 configure: actually set cache vars when cross-compiling
9573
9574 The cross-compiling fallback message says it's assuming the test
9575 passed, but it didn't actually set the cache var which causes
9576 later tests to fail.
9577
9578commit 947a3e829a5b8832a4768fd764283709a4ca7955
9579Author: djm@openbsd.org <djm@openbsd.org>
9580Date: Sat May 20 02:35:47 2017 +0000
9581
9582 upstream commit
9583
9584 there's no reason to artificially limit the key path
9585 here, just check that it fits PATH_MAX; spotted by Matthew Patton
9586
9587 Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
9588
9589commit 773224802d7cb250bb8b461546fcce10567b4b2e
9590Author: djm@openbsd.org <djm@openbsd.org>
9591Date: Fri May 19 21:07:17 2017 +0000
9592
9593 upstream commit
9594
9595 Now that we no longer support SSHv1, replace the contents
9596 of this file with a pointer to
9597 https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
9598 doesn't need to document stuff we no longer implement and does document stuff
9599 that we do implement (RSA SHA256/512 signature flags)
9600
9601 Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e
9602
9603commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899
9604Author: djm@openbsd.org <djm@openbsd.org>
9605Date: Wed May 17 01:24:17 2017 +0000
9606
9607 upstream commit
9608
9609 allow LogLevel in sshd_config Match blocks; ok dtucker
9610 bz#2717
9611
9612 Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
9613
9614commit 277abcda3f1b08d2376686f0ef20320160d4c8ab
9615Author: djm@openbsd.org <djm@openbsd.org>
9616Date: Tue May 16 16:56:15 2017 +0000
9617
9618 upstream commit
9619
9620 remove duplicate check; spotted by Jakub Jelen
9621
9622 Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0
9623
9624commit adb47ce839c977fa197e770c1be8f852508d65aa
9625Author: djm@openbsd.org <djm@openbsd.org>
9626Date: Tue May 16 16:54:05 2017 +0000
9627
9628 upstream commit
9629
9630 mention that Ed25519 keys are valid as CA keys; spotted
9631 by Jakub Jelen
9632
9633 Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4
9634
9635commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6
9636Author: Damien Miller <djm@mindrot.org>
9637Date: Tue May 9 14:35:03 2017 +1000
9638
9639 clean up regress files and add a .gitignore
9640
9641commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b
9642Author: djm@openbsd.org <djm@openbsd.org>
9643Date: Mon May 8 22:57:38 2017 +0000
9644
9645 upstream commit
9646
9647 remove hmac-ripemd160; ok dtucker
9648
9649 Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d
9650
9651commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554
9652Author: djm@openbsd.org <djm@openbsd.org>
9653Date: Mon May 8 06:11:06 2017 +0000
9654
9655 upstream commit
9656
9657 make requesting bad ECDSA bits yield the same error
9658 (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA
9659
9660 Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
9661
9662commit d757a4b633e8874629a1442c7c2e7b1b55d28c19
9663Author: djm@openbsd.org <djm@openbsd.org>
9664Date: Mon May 8 06:08:42 2017 +0000
9665
9666 upstream commit
9667
9668 fix for new SSH_ERR_KEY_LENGTH error value
9669
9670 Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc
9671
9672commit 2e58a69508ac49c02d1bb6057300fa6a76db1045
9673Author: djm@openbsd.org <djm@openbsd.org>
9674Date: Mon May 8 06:03:39 2017 +0000
9675
9676 upstream commit
9677
9678 helps if I commit the correct version of the file. fix
9679 missing return statement.
9680
9681 Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c
9682
9683commit effaf526bfa57c0ac9056ca236becf52385ce8af
9684Author: djm@openbsd.org <djm@openbsd.org>
9685Date: Mon May 8 01:52:49 2017 +0000
9686
9687 upstream commit
9688
9689 remove arcfour, blowfish and CAST here too
9690
9691 Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920
9692
9693commit 7461a5bc571696273252df28a1f1578968cae506
9694Author: djm@openbsd.org <djm@openbsd.org>
9695Date: Mon May 8 00:21:36 2017 +0000
9696
9697 upstream commit
9698
9699 I was too aggressive with the scalpel in the last commit;
9700 unbreak sshd, spotted quickly by naddy@
9701
9702 Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf
9703
9704commit bd636f40911094a39c2920bf87d2ec340533c152
9705Author: djm@openbsd.org <djm@openbsd.org>
9706Date: Sun May 7 23:15:59 2017 +0000
9707
9708 upstream commit
9709
9710 Refuse RSA keys <1024 bits in length. Improve reporting
9711 for keys that do not meet this requirement. ok markus@
9712
9713 Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
9714
9715commit 70c1218fc45757a030285051eb4d209403f54785
9716Author: djm@openbsd.org <djm@openbsd.org>
9717Date: Sun May 7 23:13:42 2017 +0000
9718
9719 upstream commit
9720
9721 Don't offer CBC ciphers by default in the client. ok
9722 markus@
9723
9724 Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef
9725
9726commit acaf34fd823235d549c633c0146ee03ac5956e82
9727Author: djm@openbsd.org <djm@openbsd.org>
9728Date: Sun May 7 23:12:57 2017 +0000
9729
9730 upstream commit
9731
9732 As promised in last release announcement: remove
9733 support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
9734
9735 Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
9736
9737commit 3e371bd2124427403971db853fb2e36ce789b6fd
9738Author: naddy@openbsd.org <naddy@openbsd.org>
9739Date: Fri May 5 10:42:49 2017 +0000
9740
9741 upstream commit
9742
9743 more simplification and removal of SSHv1-related code;
9744 ok djm@
9745
9746 Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
9747
9748commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd
9749Author: naddy@openbsd.org <naddy@openbsd.org>
9750Date: Fri May 5 10:41:58 2017 +0000
9751
9752 upstream commit
9753
9754 remove superfluous protocol 2 mentions; ok jmc@
9755
9756 Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
9757
9758commit 744bde79c3361e2153cb395a2ecdcee6c713585d
9759Author: djm@openbsd.org <djm@openbsd.org>
9760Date: Thu May 4 06:10:57 2017 +0000
9761
9762 upstream commit
9763
9764 since a couple of people have asked, leave a comment
9765 explaining why we retain SSH v.1 support in the "delete all keys from agent"
9766 path.
9767
9768 Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
9769
9770commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee
9771Author: djm@openbsd.org <djm@openbsd.org>
9772Date: Thu May 4 01:33:21 2017 +0000
9773
9774 upstream commit
9775
9776 another tentacle: cipher_set_key_string() was only ever
9777 used for SSHv1
9778
9779 Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
9780
9781commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f
9782Author: naddy@openbsd.org <naddy@openbsd.org>
9783Date: Wed May 3 21:49:18 2017 +0000
9784
9785 upstream commit
9786
9787 restore mistakenly deleted description of the
9788 ConnectionAttempts option ok markus@
9789
9790 Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
9791
9792commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3
9793Author: naddy@openbsd.org <naddy@openbsd.org>
9794Date: Wed May 3 21:08:09 2017 +0000
9795
9796 upstream commit
9797
9798 remove miscellaneous SSH1 leftovers; ok markus@
9799
9800 Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
9801
9802commit 1a1b24f8229bf7a21f89df21987433283265527a
9803Author: jmc@openbsd.org <jmc@openbsd.org>
9804Date: Wed May 3 10:01:44 2017 +0000
9805
9806 upstream commit
9807
9808 more protocol 1 bits removed; ok djm
9809
9810 Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9
9811
9812commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5
9813Author: jmc@openbsd.org <jmc@openbsd.org>
9814Date: Wed May 3 06:32:02 2017 +0000
9815
9816 upstream commit
9817
9818 more protocol 1 stuff to go; ok djm
9819
9820 Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
9821
9822commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093
9823Author: jmc@openbsd.org <jmc@openbsd.org>
9824Date: Tue May 2 17:04:09 2017 +0000
9825
9826 upstream commit
9827
9828 rsa1 is no longer valid;
9829
9830 Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
9831
9832commit 42b690b4fd0faef78c4d68225948b6e5c46c5163
9833Author: jmc@openbsd.org <jmc@openbsd.org>
9834Date: Tue May 2 14:06:37 2017 +0000
9835
9836 upstream commit
9837
9838 add PubKeyAcceptedKeyTypes to the -o list: scp(1) has
9839 it, so i guess this should too;
9840
9841 Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c
9842
9843commit d852603214defd93e054de2877b20cc79c19d0c6
9844Author: jmc@openbsd.org <jmc@openbsd.org>
9845Date: Tue May 2 13:44:51 2017 +0000
9846
9847 upstream commit
9848
9849 remove now obsolete protocol1 options from the -o
9850 lists;
9851
9852 Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
9853
9854commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74
9855Author: jmc@openbsd.org <jmc@openbsd.org>
9856Date: Tue May 2 09:05:58 2017 +0000
9857
9858 upstream commit
9859
9860 more -O shuffle; ok djm
9861
9862 Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
9863
9864commit 3575f0b12afe6b561681582fd3c34067d1196231
9865Author: djm@openbsd.org <djm@openbsd.org>
9866Date: Tue May 2 08:54:19 2017 +0000
9867
9868 upstream commit
9869
9870 remove -1 / -2 options; pointed out by jmc@
9871
9872 Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa
9873
9874commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f
9875Author: jmc@openbsd.org <jmc@openbsd.org>
9876Date: Tue May 2 08:06:33 2017 +0000
9877
9878 upstream commit
9879
9880 remove options -12 from usage();
9881
9882 Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
9883
9884commit 6b84897f7fd39956b849eac7810319d8a9958568
9885Author: jmc@openbsd.org <jmc@openbsd.org>
9886Date: Tue May 2 07:13:31 2017 +0000
9887
9888 upstream commit
9889
9890 tidy up -O somewhat; ok djm
9891
9892 Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
9893
9894commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868
9895Author: djm@openbsd.org <djm@openbsd.org>
9896Date: Mon May 1 22:09:48 2017 +0000
9897
9898 upstream commit
9899
9900 when freeing a bitmap, zero all it bytes; spotted by Ilya
9901 Kaliman
9902
9903 Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4
9904
9905commit 0f163983016c2988a92e039d18a7569f9ea8e071
9906Author: djm@openbsd.org <djm@openbsd.org>
9907Date: Mon May 1 14:08:26 2017 +0000
9908
9909 upstream commit
9910
9911 this one I did forget to "cvs rm"
9912
9913 Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913
9914
9915commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed
9916Author: djm@openbsd.org <djm@openbsd.org>
9917Date: Mon May 1 09:27:45 2017 +0000
9918
9919 upstream commit
9920
9921 don't know why cvs didn't exterminate these the first
9922 time around, I use rm -f and everuthing...
9923
9924 pointed out by sobrado@
9925
9926 Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d
9927
9928commit d29ba6f45086703fdcb894532848ada3427dfde6
9929Author: Darren Tucker <dtucker@zip.com.au>
9930Date: Mon May 1 13:53:07 2017 +1000
9931
9932 Define INT32_MAX and INT64_MAX if needed.
9933
9934commit 329037e389f02ec95c8e16bf93ffede94d3d44ce
9935Author: Darren Tucker <dtucker@zip.com.au>
9936Date: Mon May 1 13:19:41 2017 +1000
9937
9938 Wrap stdint.h in HAVE_STDINT_H
9939
9940commit f382362e8dfb6b277f16779ab1936399d7f2af78
9941Author: djm@openbsd.org <djm@openbsd.org>
9942Date: Mon May 1 02:27:11 2017 +0000
9943
9944 upstream commit
9945
9946 remove unused variable
9947
9948 Upstream-ID: 66011f00819d0e71b14700449a98414033284516
9949
9950commit dd369320d2435b630a5974ab270d686dcd92d024
9951Author: djm@openbsd.org <djm@openbsd.org>
9952Date: Sun Apr 30 23:34:55 2017 +0000
9953
9954 upstream commit
9955
9956 eliminate explicit specification of protocol in tests and
9957 loops over protocol. We only support SSHv2 now.
9958
9959 Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
9960
9961commit 557f921aad004be15805e09fd9572969eb3d9321
9962Author: djm@openbsd.org <djm@openbsd.org>
9963Date: Sun Apr 30 23:33:48 2017 +0000
9964
9965 upstream commit
9966
9967 remove SSHv1 support from unit tests
9968
9969 Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe
9970
9971commit e77e1562716fb3da413e4c2397811017b762f5e3
9972Author: djm@openbsd.org <djm@openbsd.org>
9973Date: Mon May 1 00:03:18 2017 +0000
9974
9975 upstream commit
9976
9977 fixup setting ciphercontext->plaintext (lost in SSHv1 purge),
9978 though it isn't really used for much anymore.
9979
9980 Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747
9981
9982commit f7849e6c83a4e0f602dea6c834a24091c622d68e
9983Author: Damien Miller <djm@mindrot.org>
9984Date: Mon May 1 09:55:56 2017 +1000
9985
9986 remove configure --with-ssh1
9987
9988commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043
9989Author: djm@openbsd.org <djm@openbsd.org>
9990Date: Sun Apr 30 23:29:10 2017 +0000
9991
9992 upstream commit
9993
9994 flense SSHv1 support from ssh-agent, considerably
9995 simplifying it
9996
9997 ok markus
9998
9999 Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365
10000
10001commit 930e8d2827853bc2e196c20c3e000263cc87fb75
10002Author: djm@openbsd.org <djm@openbsd.org>
10003Date: Sun Apr 30 23:28:41 2017 +0000
10004
10005 upstream commit
10006
10007 obliterate ssh1.h and some dead code that used it
10008
10009 ok markus@
10010
10011 Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
10012
10013commit a3710d5d529a34b8f56aa62db798c70e85d576a0
10014Author: djm@openbsd.org <djm@openbsd.org>
10015Date: Sun Apr 30 23:28:12 2017 +0000
10016
10017 upstream commit
10018
10019 exterminate the -1 flag from scp
10020
10021 ok markus@
10022
10023 Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
10024
10025commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4
10026Author: djm@openbsd.org <djm@openbsd.org>
10027Date: Sun Apr 30 23:26:54 2017 +0000
10028
10029 upstream commit
10030
10031 purge the last traces of SSHv1 from the TTY modes
10032 handling code
10033
10034 ok markus
10035
10036 Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195
10037
10038commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a
10039Author: djm@openbsd.org <djm@openbsd.org>
10040Date: Sun Apr 30 23:26:16 2017 +0000
10041
10042 upstream commit
10043
10044 remove the (in)famous SSHv1 CRC compensation attack
10045 detector.
10046
10047 Despite your cameo in The Matrix movies, you will not be missed.
10048
10049 ok markus
10050
10051 Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0
10052
10053commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6
10054Author: djm@openbsd.org <djm@openbsd.org>
10055Date: Sun Apr 30 23:25:03 2017 +0000
10056
10057 upstream commit
10058
10059 undo some local debugging stuff that I committed by
10060 accident
10061
10062 Upstream-ID: fe5b31f69a60d47171836911f144acff77810217
10063
10064commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14
10065Author: djm@openbsd.org <djm@openbsd.org>
10066Date: Sun Apr 30 23:23:54 2017 +0000
10067
10068 upstream commit
10069
10070 remove SSHv1 support from packet and buffer APIs
10071
10072 ok markus@
10073
10074 Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9
10075
10076commit 05164358577c82de18ed7373196bc7dbd8a3f79c
10077Author: djm@openbsd.org <djm@openbsd.org>
10078Date: Sun Apr 30 23:21:54 2017 +0000
10079
10080 upstream commit
10081
10082 remove SSHv1-related buffers from client code
10083
10084 Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd
10085
10086commit 873d3e7d9a4707d0934fb4c4299354418f91b541
10087Author: djm@openbsd.org <djm@openbsd.org>
10088Date: Sun Apr 30 23:18:44 2017 +0000
10089
10090 upstream commit
10091
10092 remove KEY_RSA1
10093
10094 ok markus@
10095
10096 Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
10097
10098commit 788ac799a6efa40517f2ac0d895a610394298ffc
10099Author: djm@openbsd.org <djm@openbsd.org>
10100Date: Sun Apr 30 23:18:22 2017 +0000
10101
10102 upstream commit
10103
10104 remove SSHv1 configuration options and man pages bits
10105
10106 ok markus@
10107
10108 Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
10109
10110commit e6882463a8ae0594aacb6d6575a6318a41973d84
10111Author: djm@openbsd.org <djm@openbsd.org>
10112Date: Sun Apr 30 23:17:37 2017 +0000
10113
10114 upstream commit
10115
10116 remove SSH1 make flag and associated files ok markus@
10117
10118 Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
10119
10120commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833
10121Author: djm@openbsd.org <djm@openbsd.org>
10122Date: Sun Apr 30 23:15:04 2017 +0000
10123
10124 upstream commit
10125
10126 remove SSHv1 ciphers; ok markus@
10127
10128 Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
10129
10130commit 97f4d3083b036ce3e68d6346a6140a22123d5864
10131Author: djm@openbsd.org <djm@openbsd.org>
10132Date: Sun Apr 30 23:13:25 2017 +0000
10133
10134 upstream commit
10135
10136 remove compat20/compat13/compat15 variables
10137
10138 ok markus@
10139
10140 Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
10141
10142commit 99f95ba82673d33215dce17bfa1512b57f54ec09
10143Author: djm@openbsd.org <djm@openbsd.org>
10144Date: Sun Apr 30 23:11:45 2017 +0000
10145
10146 upstream commit
10147
10148 remove options.protocol and client Protocol
10149 configuration knob
10150
10151 ok markus@
10152
10153 Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
10154
10155commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740
10156Author: djm@openbsd.org <djm@openbsd.org>
10157Date: Sun Apr 30 23:10:43 2017 +0000
10158
10159 upstream commit
10160
10161 unifdef WITH_SSH1 ok markus@
10162
10163 Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
10164
10165commit d4084cd230f7319056559b00db8b99296dad49d5
10166Author: jmc@openbsd.org <jmc@openbsd.org>
10167Date: Sat Apr 29 06:06:01 2017 +0000
10168
10169 upstream commit
10170
10171 tweak previous;
10172
10173 Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
10174
10175commit 249516e428e8461b46340a5df5d5ed1fbad2ccce
10176Author: djm@openbsd.org <djm@openbsd.org>
10177Date: Sat Apr 29 04:12:25 2017 +0000
10178
10179 upstream commit
10180
10181 allow ssh-keygen to include arbitrary string or flag
10182 certificate extensions and critical options. ok markus@ dtucker@
10183
10184 Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
10185
10186commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9
10187Author: jmc@openbsd.org <jmc@openbsd.org>
10188Date: Fri Apr 28 06:15:03 2017 +0000
10189
10190 upstream commit
10191
10192 sort;
10193
10194 Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
10195
10196commit 36465a76a79ad5040800711b41cf5f32249d5120
10197Author: Darren Tucker <dtucker@zip.com.au>
10198Date: Fri Apr 28 14:44:28 2017 +1000
10199
10200 Typo.
10201
10202 Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
10203
10204commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed
10205Author: Darren Tucker <dtucker@zip.com.au>
10206Date: Fri Apr 28 14:41:17 2017 +1000
10207
10208 Add 2 regress commits I applied by hand.
10209
10210 Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c
10211 Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
10212
10213commit 9504ea6b27f9f0ece64e88582ebb9235e664a100
10214Author: Darren Tucker <dtucker@zip.com.au>
10215Date: Fri Apr 28 14:33:43 2017 +1000
10216
10217 Merge integrity.sh rev 1.22.
10218
10219 Merge missing bits from Colin Watson's patch in bz#2658 which make integrity
10220 tests more robust against timeouts. ok djm@
10221
10222commit 06ec837a34542627e2183a412d6a9d2236f22140
10223Author: Darren Tucker <dtucker@zip.com.au>
10224Date: Fri Apr 28 14:30:03 2017 +1000
10225
10226 Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes
10227
10228commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8
10229Author: jsg@openbsd.org <jsg@openbsd.org>
10230Date: Mon Apr 17 11:02:31 2017 +0000
10231
10232 upstream commit
10233
10234 Change COMPILER_VERSION tests which limited additional
10235 warnings to gcc4 to instead skip them on gcc3 as clang can handle
10236 -Wpointer-sign and -Wold-style-definition.
10237
10238 Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
10239
10240commit 6830be90e71f46bcd182a9202b151eaf2b299434
10241Author: djm@openbsd.org <djm@openbsd.org>
10242Date: Fri Apr 28 03:24:53 2017 +0000
10243
10244 upstream commit
10245
10246 include key fingerprint in "Offering public key" debug
10247 message
10248
10249 Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
10250
10251commit 066437187e16dcafcbc19f9402ef0e6575899b1d
10252Author: millert@openbsd.org <millert@openbsd.org>
10253Date: Fri Apr 28 03:21:12 2017 +0000
10254
10255 upstream commit
10256
10257 Avoid relying on implementation-specific behavior when
10258 detecting whether the timestamp or file size overflowed. If time_t and off_t
10259 are not either 32-bit or 64-bit scp will exit with an error. OK djm@
10260
10261 Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
10262
10263commit 68d3a2a059183ebd83b15e54984ffaced04d2742
10264Author: dtucker@openbsd.org <dtucker@openbsd.org>
10265Date: Fri Apr 28 03:20:27 2017 +0000
10266
10267 upstream commit
10268
10269 Add SyslogFacility option to ssh(1) matching the
10270 equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok
10271 djm@
10272
10273 Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
10274
10275commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14
10276Author: jsg@openbsd.org <jsg@openbsd.org>
10277Date: Thu Apr 27 13:40:05 2017 +0000
10278
10279 upstream commit
10280
10281 remove a static array unused since rev 1.306 spotted by
10282 clang ok djm@
10283
10284 Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
10285
10286commit 91bd2181866659f00714903e78e1c3edd4c45f3d
10287Author: millert@openbsd.org <millert@openbsd.org>
10288Date: Thu Apr 27 11:53:12 2017 +0000
10289
10290 upstream commit
10291
10292 Avoid potential signed int overflow when parsing the file
10293 size. Use strtoul() instead of parsing manually. OK djm@
10294
10295 Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
10296
10297commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4
10298Author: Darren Tucker <dtucker@zip.com.au>
10299Date: Tue Apr 25 08:32:27 2017 +1000
10300
10301 Fix typo in "socketcall".
10302
10303 Pointed out by jjelen at redhat.com.
10304
10305commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd
10306Author: Darren Tucker <dtucker@zip.com.au>
10307Date: Mon Apr 24 19:40:31 2017 +1000
10308
10309 Deny socketcall in seccomp filter on ppc64le.
10310
10311 OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
10312 in privsep child. The socket() syscall is already denied in the seccomp
10313 filter, but in ppc64le kernel, it is implemented using socketcall()
10314 syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
10315 therefore fails hard.
10316
10317 Patch from jjelen at redhat.com.
10318
10319commit f8500b2be599053daa05248a86a743232ec6a536
10320Author: schwarze@openbsd.org <schwarze@openbsd.org>
10321Date: Mon Apr 17 14:31:23 2017 +0000
10322
10323 upstream commit
10324
10325 Recognize nl_langinfo(CODESET) return values "646" and ""
10326 as aliases for "US-ASCII", useful for different versions of NetBSD and
10327 Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot
10328 com>. OK dtucker@ deraadt@
10329
10330 Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
10331
10332commit 7480dfedf8c5c93baaabef444b3def9331e86ad5
10333Author: jsg@openbsd.org <jsg@openbsd.org>
10334Date: Mon Apr 17 11:02:31 2017 +0000
10335
10336 upstream commit
10337
10338 Change COMPILER_VERSION tests which limited additional
10339 warnings to gcc4 to instead skip them on gcc3 as clang can handle
10340 -Wpointer-sign and -Wold-style-definition.
10341
10342 Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a