diff options
author | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2019-10-09 22:59:48 +0100 |
commit | 4213eec74e74de6310c27a40c3e9759a08a73996 (patch) | |
tree | e97a6dcafc6763aea7c804e4e113c2750cb1400d /ChangeLog | |
parent | 102062f825fb26a74295a1c089c00c4c4c76b68a (diff) | |
parent | cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c (diff) |
Import openssh_8.1p1.orig.tar.gz
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 4934 |
1 files changed, 2531 insertions, 2403 deletions
@@ -1,3 +1,2534 @@ | |||
1 | commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c | ||
2 | Author: Damien Miller <djm@mindrot.org> | ||
3 | Date: Wed Oct 9 11:31:03 2019 +1100 | ||
4 | |||
5 | prepare for 8.1 release | ||
6 | |||
7 | commit 3b4e56d740b74324e2d7542957cad5a11518f455 | ||
8 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9 | Date: Wed Oct 9 00:04:57 2019 +0000 | ||
10 | |||
11 | upstream: openssh-8.1 | ||
12 | |||
13 | OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d | ||
14 | |||
15 | commit 29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81 | ||
16 | Author: djm@openbsd.org <djm@openbsd.org> | ||
17 | Date: Wed Oct 9 00:04:42 2019 +0000 | ||
18 | |||
19 | upstream: fix an unreachable integer overflow similar to the XMSS | ||
20 | |||
21 | case, and some other NULL dereferences found by fuzzing. | ||
22 | |||
23 | fix with and ok markus@ | ||
24 | |||
25 | OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b | ||
26 | |||
27 | commit a546b17bbaeb12beac4c9aeed56f74a42b18a93a | ||
28 | Author: djm@openbsd.org <djm@openbsd.org> | ||
29 | Date: Wed Oct 9 00:02:57 2019 +0000 | ||
30 | |||
31 | upstream: fix integer overflow in XMSS private key parsing. | ||
32 | |||
33 | Reported by Adam Zabrocki via SecuriTeam's SSH program. | ||
34 | |||
35 | Note that this code is experimental and not compiled by default. | ||
36 | |||
37 | ok markus@ | ||
38 | |||
39 | OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1 | ||
40 | |||
41 | commit c2cc25480ba36ab48c1a577bebb12493865aad87 | ||
42 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
43 | Date: Tue Oct 8 22:40:39 2019 +0000 | ||
44 | |||
45 | upstream: Correct type for end-of-list sentinel; fixes initializer | ||
46 | |||
47 | warnings on some platforms. ok deraadt. | ||
48 | |||
49 | OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2 | ||
50 | |||
51 | commit e827aedf8818e75c0016b47ed8fc231427457c43 | ||
52 | Author: djm@openbsd.org <djm@openbsd.org> | ||
53 | Date: Mon Oct 7 23:10:38 2019 +0000 | ||
54 | |||
55 | upstream: reversed test yielded incorrect debug message | ||
56 | |||
57 | OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3 | ||
58 | |||
59 | commit 8ca491d29fbe26e5909ce22b344c0a848dc28d55 | ||
60 | Author: Damien Miller <djm@mindrot.org> | ||
61 | Date: Tue Oct 8 17:05:57 2019 +1100 | ||
62 | |||
63 | depend | ||
64 | |||
65 | commit 86a0323374cbd404629e75bb320b3fa1c16aaa6b | ||
66 | Author: Darren Tucker <dtucker@dtucker.net> | ||
67 | Date: Wed Oct 9 09:36:06 2019 +1100 | ||
68 | |||
69 | Make MAKE_CLONE no-op macro more correct. | ||
70 | |||
71 | Similar to the previous change to DEF_WEAK, some compilers don't like | ||
72 | the empty statement, so convert into a no-op function prototype. | ||
73 | |||
74 | commit cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf | ||
75 | Author: Damien Miller <djm@mindrot.org> | ||
76 | Date: Wed Oct 9 09:06:35 2019 +1100 | ||
77 | |||
78 | wrap stdint.h include in HAVE_STDINT_H | ||
79 | |||
80 | make the indenting a little more consistent too.. | ||
81 | |||
82 | Fixes Solaris 2.6; reported by Tom G. Christensen | ||
83 | |||
84 | commit 13b3369830a43b89a503915216a23816d1b25744 | ||
85 | Author: Damien Miller <djm@mindrot.org> | ||
86 | Date: Tue Oct 8 15:32:02 2019 +1100 | ||
87 | |||
88 | avoid "return (value)" in void-declared function | ||
89 | |||
90 | spotted by Tim Rice; ok dtucker | ||
91 | |||
92 | commit 0c7f8d2326d812b371f7afd63aff846973ec80a4 | ||
93 | Author: Darren Tucker <dtucker@dtucker.net> | ||
94 | Date: Tue Oct 8 14:44:50 2019 +1100 | ||
95 | |||
96 | Make DEF_WEAK more likely to be correct. | ||
97 | |||
98 | Completely nop-ing out DEF_WEAK leaves an empty statemment which some | ||
99 | compilers don't like. Replace with a no-op function template. ok djm@ | ||
100 | |||
101 | commit b1e79ea8fae9c252399677a28707661d85c7d00c | ||
102 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
103 | Date: Sun Oct 6 11:49:50 2019 +0000 | ||
104 | |||
105 | upstream: Instead of running sed over the whole log to remove CRs, | ||
106 | |||
107 | remove them only where it's needed (and confuses test(1) on at least OS X in | ||
108 | portable). | ||
109 | |||
110 | OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0 | ||
111 | |||
112 | commit 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c | ||
113 | Author: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | ||
114 | Date: Tue May 9 13:33:30 2017 -0300 | ||
115 | |||
116 | Enable specific ioctl call for EP11 crypto card (s390) | ||
117 | |||
118 | The EP11 crypto card needs to make an ioctl call, which receives an | ||
119 | specific argument. This crypto card is for s390 only. | ||
120 | |||
121 | Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com> | ||
122 | |||
123 | commit 07f2c7f34951c04d2cd796ac6c80e47c56c4969e | ||
124 | Author: djm@openbsd.org <djm@openbsd.org> | ||
125 | Date: Fri Oct 4 04:31:59 2019 +0000 | ||
126 | |||
127 | upstream: fix memory leak in error path; bz#3074 patch from | ||
128 | |||
129 | krishnaiah.bommu@intel.com, ok dtucker | ||
130 | |||
131 | OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c | ||
132 | |||
133 | commit b7fbc75e119170f4d15c94a7fda4a1050e0871d6 | ||
134 | Author: djm@openbsd.org <djm@openbsd.org> | ||
135 | Date: Fri Oct 4 04:13:39 2019 +0000 | ||
136 | |||
137 | upstream: space | ||
138 | |||
139 | OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac | ||
140 | |||
141 | commit 643ab68c79ac1644f4a31e36928c2bfc8a51db3c | ||
142 | Author: djm@openbsd.org <djm@openbsd.org> | ||
143 | Date: Fri Oct 4 03:39:19 2019 +0000 | ||
144 | |||
145 | upstream: more sshsig regress tests: check key revocation, the | ||
146 | |||
147 | check-novalidate signature test mode and signing keys in ssh-agent. | ||
148 | |||
149 | From Sebastian Kinne (slightly tweaked) | ||
150 | |||
151 | OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2 | ||
152 | |||
153 | commit 714031a10bbe378a395a93cf1040f4ee1451f45f | ||
154 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
155 | Date: Fri Oct 4 03:26:58 2019 +0000 | ||
156 | |||
157 | upstream: Check for gmtime failure in moduli generation. Based on | ||
158 | |||
159 | patch from krishnaiah.bommu@intel.com, ok djm@ | ||
160 | |||
161 | OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa | ||
162 | |||
163 | commit 6918974405cc28ed977f802fd97a9c9a9b2e141b | ||
164 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
165 | Date: Thu Oct 3 17:07:50 2019 +0000 | ||
166 | |||
167 | upstream: use a more common options order in SYNOPSIS and sync | ||
168 | |||
169 | usage(); while here, no need for Bk/Ek; | ||
170 | |||
171 | ok dtucker | ||
172 | |||
173 | OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90 | ||
174 | |||
175 | commit feff96b7d4c0b99307f0459cbff128aede4a8984 | ||
176 | Author: djm@openbsd.org <djm@openbsd.org> | ||
177 | Date: Wed Oct 2 09:50:50 2019 +0000 | ||
178 | |||
179 | upstream: thinko in previous; spotted by Mantas | ||
180 | |||
181 | =?UTF-8?q?=20Mikul=C4=97nas?= | ||
182 | MIME-Version: 1.0 | ||
183 | Content-Type: text/plain; charset=UTF-8 | ||
184 | Content-Transfer-Encoding: 8bit | ||
185 | |||
186 | OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d | ||
187 | |||
188 | commit b5a89eec410967d6b712665f8cf0cb632928d74b | ||
189 | Author: djm@openbsd.org <djm@openbsd.org> | ||
190 | Date: Wed Oct 2 08:07:13 2019 +0000 | ||
191 | |||
192 | upstream: make signature format match PROTOCO | ||
193 | |||
194 | =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?= | ||
195 | =?UTF-8?q?s=20Mikul=C4=97nas?= | ||
196 | MIME-Version: 1.0 | ||
197 | Content-Type: text/plain; charset=UTF-8 | ||
198 | Content-Transfer-Encoding: 8bit | ||
199 | |||
200 | OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f | ||
201 | |||
202 | commit dc6f81ee94995deb11bbf7e19801022c5f6fd90a | ||
203 | Author: djm@openbsd.org <djm@openbsd.org> | ||
204 | Date: Wed Oct 2 08:05:50 2019 +0000 | ||
205 | |||
206 | upstream: ban empty namespace strings for s | ||
207 | |||
208 | =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?= | ||
209 | MIME-Version: 1.0 | ||
210 | Content-Type: text/plain; charset=UTF-8 | ||
211 | Content-Transfer-Encoding: 8bit | ||
212 | |||
213 | OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698 | ||
214 | |||
215 | commit fa5bd8107e0e2b3e1e184f55d0f9320c119f65f0 | ||
216 | Author: Darren Tucker <dtucker@dtucker.net> | ||
217 | Date: Wed Oct 2 14:30:55 2019 +1000 | ||
218 | |||
219 | Put ssherr.h back as it's actually needed. | ||
220 | |||
221 | commit 3ef92a657444f172b61f92d5da66d94fa8265602 | ||
222 | Author: Lonnie Abelbeck <lonnie@abelbeck.com> | ||
223 | Date: Tue Oct 1 09:05:09 2019 -0500 | ||
224 | |||
225 | Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child. | ||
226 | |||
227 | New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt | ||
228 | in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox. | ||
229 | |||
230 | commit edd1d3a6261aecbf9a55944fd7be1db83571b46e | ||
231 | Author: Damien Miller <djm@mindrot.org> | ||
232 | Date: Wed Oct 2 10:54:28 2019 +1000 | ||
233 | |||
234 | remove duplicate #includes | ||
235 | |||
236 | Prompted by Jakub Jelen | ||
237 | |||
238 | commit 13c508dfed9f25e6e54c984ad00a74ef08539e70 | ||
239 | Author: Damien Miller <djm@mindrot.org> | ||
240 | Date: Wed Oct 2 10:51:15 2019 +1000 | ||
241 | |||
242 | typo in comment | ||
243 | |||
244 | commit d0c3ac427f6c52b872d6617421421dd791664445 | ||
245 | Author: djm@openbsd.org <djm@openbsd.org> | ||
246 | Date: Wed Oct 2 00:42:30 2019 +0000 | ||
247 | |||
248 | upstream: remove some duplicate #includes | ||
249 | |||
250 | OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c | ||
251 | |||
252 | commit 084682786d9275552ee93857cb36e43c446ce92c | ||
253 | Author: djm@openbsd.org <djm@openbsd.org> | ||
254 | Date: Tue Oct 1 10:22:53 2019 +0000 | ||
255 | |||
256 | upstream: revert unconditional forced login implemented in r1.41 of | ||
257 | |||
258 | ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the | ||
259 | token returns no objects and this is less disruptive for users of tokens | ||
260 | directly in ssh (rather than via ssh-agent) and in ssh-keygen | ||
261 | |||
262 | bz3006, patch from Jakub Jelen; ok markus | ||
263 | |||
264 | OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e | ||
265 | |||
266 | commit 6c91d42cce3f055917dc3fd2c305dfc5b3b584b3 | ||
267 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
268 | Date: Sun Sep 29 16:31:57 2019 +0000 | ||
269 | |||
270 | upstream: group and sort single letter options; ok deraadt | ||
271 | |||
272 | OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f | ||
273 | |||
274 | commit 3b44bf39ff4d7ef5d50861e2e9dda62d2926d2fe | ||
275 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
276 | Date: Fri Sep 27 20:03:24 2019 +0000 | ||
277 | |||
278 | upstream: fix the DH-GEX text in -a; because this required a comma, | ||
279 | |||
280 | i added a comma to the first part, for balance... | ||
281 | |||
282 | OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58 | ||
283 | |||
284 | commit 3e53ef28fab53094e3b19622ba0e9c3d5fe71273 | ||
285 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
286 | Date: Tue Sep 24 12:50:46 2019 +0000 | ||
287 | |||
288 | upstream: identity_file[] should be PATH_MAX, not the arbitrary | ||
289 | |||
290 | number 1024 | ||
291 | |||
292 | OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7 | ||
293 | |||
294 | commit 90d4b2541e8c907793233d9cbd4963f7624f4174 | ||
295 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
296 | Date: Fri Sep 20 18:50:58 2019 +0000 | ||
297 | |||
298 | upstream: new sentence, new line; | ||
299 | |||
300 | OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698 | ||
301 | |||
302 | commit fbec7dba01b70b49ac47f56031310865dff86200 | ||
303 | Author: Darren Tucker <dtucker@dtucker.net> | ||
304 | Date: Mon Sep 30 18:01:12 2019 +1000 | ||
305 | |||
306 | Include stdio.h for snprintf. | ||
307 | |||
308 | Patch from vapier@gentoo.org. | ||
309 | |||
310 | commit 0a403bfde71c4b82147473298d3a60b4171468bd | ||
311 | Author: Darren Tucker <dtucker@dtucker.net> | ||
312 | Date: Mon Sep 30 14:11:42 2019 +1000 | ||
313 | |||
314 | Add SKIP_LTESTS for skipping specific tests. | ||
315 | |||
316 | commit 4d59f7a5169c451ebf559aedec031ac9da2bf80c | ||
317 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
318 | Date: Fri Sep 27 05:25:12 2019 +0000 | ||
319 | |||
320 | upstream: Test for empty result in expected bits. Remove CRs from log | ||
321 | |||
322 | as they confuse tools on some platforms. Re-enable the 3des-cbc test. | ||
323 | |||
324 | OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250 | ||
325 | |||
326 | commit 7c817d129e2d48fc8a6f7965339313023ec45765 | ||
327 | Author: Darren Tucker <dtucker@dtucker.net> | ||
328 | Date: Fri Sep 27 15:26:22 2019 +1000 | ||
329 | |||
330 | Re-enable dhgex test. | ||
331 | |||
332 | Since we've added larger fallback groups to dh.c this test will pass | ||
333 | even if there is no moduli file installed on the system. | ||
334 | |||
335 | commit c1e0a32fa852de6d1c82ece4f76add0ab0ca0eae | ||
336 | Author: Darren Tucker <dtucker@dtucker.net> | ||
337 | Date: Tue Sep 24 21:17:20 2019 +1000 | ||
338 | |||
339 | Add more ToS bits, currently only used by netcat. | ||
340 | |||
341 | commit 5a273a33ca1410351cb484af7db7c13e8b4e8e4e | ||
342 | Author: Darren Tucker <dtucker@dtucker.net> | ||
343 | Date: Thu Sep 19 15:41:23 2019 +1000 | ||
344 | |||
345 | Privsep is now required. | ||
346 | |||
347 | commit 8aa2aa3cd4d27d14e74b247c773696349472ef20 | ||
348 | Author: djm@openbsd.org <djm@openbsd.org> | ||
349 | Date: Mon Sep 16 03:23:02 2019 +0000 | ||
350 | |||
351 | upstream: Allow testing signature syntax and validity without verifying | ||
352 | |||
353 | that a signature came from a trusted signer. To discourage accidental or | ||
354 | unintentional use, this is invoked by the deliberately ugly option name | ||
355 | "check-novalidate" | ||
356 | |||
357 | from Sebastian Kinne | ||
358 | |||
359 | OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b | ||
360 | |||
361 | commit 7047d5afe3103f0f07966c05b810682d92add359 | ||
362 | Author: djm@openbsd.org <djm@openbsd.org> | ||
363 | Date: Fri Sep 13 04:52:34 2019 +0000 | ||
364 | |||
365 | upstream: clarify that IdentitiesOnly also applies to the default | ||
366 | |||
367 | ~/.ssh/id_* keys; bz#3062 | ||
368 | |||
369 | OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa | ||
370 | |||
371 | commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75 | ||
372 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
373 | Date: Fri Sep 13 04:36:43 2019 +0000 | ||
374 | |||
375 | upstream: Plug mem leaks on error paths, based in part on github | ||
376 | |||
377 | pr#120 from David Carlier. ok djm@. | ||
378 | |||
379 | OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e | ||
380 | |||
381 | commit 2aefdf1aef906cf7548a2e5927d35aacb55948d4 | ||
382 | Author: djm@openbsd.org <djm@openbsd.org> | ||
383 | Date: Fri Sep 13 04:31:19 2019 +0000 | ||
384 | |||
385 | upstream: whitespace | ||
386 | |||
387 | OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700 | ||
388 | |||
389 | commit fbe24b142915331ceb2a3a76be3dc5b6d204fddf | ||
390 | Author: djm@openbsd.org <djm@openbsd.org> | ||
391 | Date: Fri Sep 13 04:27:35 2019 +0000 | ||
392 | |||
393 | upstream: allow %n to be expanded in ProxyCommand strings | ||
394 | |||
395 | From Zachary Harmany via github.com/openssh/openssh-portable/pull/118 | ||
396 | ok dtucker@ | ||
397 | |||
398 | OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6 | ||
399 | |||
400 | commit 2ce1d11600e13bee0667d6b717ffcc18a057b821 | ||
401 | Author: djm@openbsd.org <djm@openbsd.org> | ||
402 | Date: Fri Sep 13 04:07:42 2019 +0000 | ||
403 | |||
404 | upstream: clarify that ConnectTimeout applies both to the TCP | ||
405 | |||
406 | connection and to the protocol handshake/KEX. From Jean-Charles Longuet via | ||
407 | Github PR140 | ||
408 | |||
409 | OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf | ||
410 | |||
411 | commit df780114278f406ef7cb2278802a2660092fff09 | ||
412 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
413 | Date: Mon Sep 9 02:31:19 2019 +0000 | ||
414 | |||
415 | upstream: Fix potential truncation warning. ok deraadt. | ||
416 | |||
417 | OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff | ||
418 | |||
419 | commit ec0e6243660bf2df30c620a6a0d83eded376c9c6 | ||
420 | Author: Damien Miller <djm@mindrot.org> | ||
421 | Date: Fri Sep 13 13:14:39 2019 +1000 | ||
422 | |||
423 | memleak of buffer in sshpam_query | ||
424 | |||
425 | coverity report via Ed Maste; ok dtucker@ | ||
426 | |||
427 | commit c17e4638e5592688264fc0349f61bfc7b4425aa5 | ||
428 | Author: Damien Miller <djm@mindrot.org> | ||
429 | Date: Fri Sep 13 13:12:42 2019 +1000 | ||
430 | |||
431 | explicitly test set[ug]id() return values | ||
432 | |||
433 | Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste | ||
434 | ok dtucker@ | ||
435 | |||
436 | commit 91a2135f32acdd6378476c5bae475a6e7811a6a2 | ||
437 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
438 | Date: Fri Sep 6 14:45:34 2019 +0000 | ||
439 | |||
440 | upstream: Allow prepending a list of algorithms to the default set | ||
441 | |||
442 | by starting the list with the '^' character, e.g. | ||
443 | |||
444 | HostKeyAlgorithms ^ssh-ed25519 | ||
445 | Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com | ||
446 | |||
447 | ok djm@ dtucker@ | ||
448 | |||
449 | OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97 | ||
450 | |||
451 | commit c8bdd2db77ac2369d5cdee237656f266c8f41552 | ||
452 | Author: djm@openbsd.org <djm@openbsd.org> | ||
453 | Date: Fri Sep 6 07:53:40 2019 +0000 | ||
454 | |||
455 | upstream: key conversion should fail for !openssl builds, not fall | ||
456 | |||
457 | through to the key generation code | ||
458 | |||
459 | OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9 | ||
460 | |||
461 | commit 823f6c37eb2d8191d45539f7b6fa877a4cb4ed3d | ||
462 | Author: djm@openbsd.org <djm@openbsd.org> | ||
463 | Date: Fri Sep 6 06:08:11 2019 +0000 | ||
464 | |||
465 | upstream: typo in previous | ||
466 | |||
467 | OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e | ||
468 | |||
469 | commit 6a710d3e06fd375e2c2ae02546b9541c488a2cdb | ||
470 | Author: Damien Miller <djm@mindrot.org> | ||
471 | Date: Sun Sep 8 14:48:11 2019 +1000 | ||
472 | |||
473 | needs time.h for --without-openssl | ||
474 | |||
475 | commit f61f29afda6c71eda26effa54d3c2e5306fd0833 | ||
476 | Author: Damien Miller <djm@mindrot.org> | ||
477 | Date: Sat Sep 7 19:25:00 2019 +1000 | ||
478 | |||
479 | make unittests pass for no-openssl case | ||
480 | |||
481 | commit 105e1c9218940eb53473f55a9177652d889ddbad | ||
482 | Author: djm@openbsd.org <djm@openbsd.org> | ||
483 | Date: Fri Sep 6 05:59:41 2019 +0000 | ||
484 | |||
485 | upstream: avoid compiling certain files that deeply depend on | ||
486 | |||
487 | libcrypto when WITH_OPENSSL isn't set | ||
488 | |||
489 | OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061 | ||
490 | |||
491 | commit 670104b923dd97b1c06c0659aef7c3e52af571b2 | ||
492 | Author: djm@openbsd.org <djm@openbsd.org> | ||
493 | Date: Fri Sep 6 05:23:55 2019 +0000 | ||
494 | |||
495 | upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@ | ||
496 | |||
497 | OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f | ||
498 | |||
499 | commit be02d7cbde3d211ec2ed2320a1f7d86b2339d758 | ||
500 | Author: djm@openbsd.org <djm@openbsd.org> | ||
501 | Date: Fri Sep 6 04:53:27 2019 +0000 | ||
502 | |||
503 | upstream: lots of things were relying on libcrypto headers to | ||
504 | |||
505 | transitively include various system headers (mostly stdlib.h); include them | ||
506 | explicitly | ||
507 | |||
508 | OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080 | ||
509 | |||
510 | commit d05aaaaadcad592abfaa44540928e0c61ef72ebb | ||
511 | Author: djm@openbsd.org <djm@openbsd.org> | ||
512 | Date: Fri Sep 6 03:30:42 2019 +0000 | ||
513 | |||
514 | upstream: remove leakmalloc reference; we used this early when | ||
515 | |||
516 | refactoring but not since | ||
517 | |||
518 | OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c | ||
519 | |||
520 | commit 1268f0bcd8fc844ac6c27167888443c8350005eb | ||
521 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
522 | Date: Fri Sep 6 04:24:06 2019 +0000 | ||
523 | |||
524 | upstream: Check for RSA support before using it for the user key, | ||
525 | |||
526 | otherwise use ed25519 which is supported when built without OpenSSL. | ||
527 | |||
528 | OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7 | ||
529 | |||
530 | commit fd7a2dec652b9efc8e97f03f118f935dce732c60 | ||
531 | Author: Darren Tucker <dtucker@dtucker.net> | ||
532 | Date: Fri Sep 6 14:07:10 2019 +1000 | ||
533 | |||
534 | Provide explicit path to configure-check. | ||
535 | |||
536 | On some platforms (at least OpenBSD) make won't search VPATH for target | ||
537 | files, so building out-of-tree will fail at configure-check. Provide | ||
538 | explicit path. ok djm@ | ||
539 | |||
540 | commit 00865c29690003b4523cc09a0e104724b9f911a4 | ||
541 | Author: djm@openbsd.org <djm@openbsd.org> | ||
542 | Date: Fri Sep 6 01:58:50 2019 +0000 | ||
543 | |||
544 | upstream: better error code for bad arguments; inspired by | ||
545 | |||
546 | OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a | ||
547 | |||
548 | commit afdf27f5aceb4973b9f5308f4310c6e3fd8db1fb | ||
549 | Author: Damien Miller <djm@mindrot.org> | ||
550 | Date: Thu Sep 5 21:38:40 2019 +1000 | ||
551 | |||
552 | revert config.h/config.h.in freshness checks | ||
553 | |||
554 | turns out autoreconf and configure don't touch some files if their content | ||
555 | doesn't change, so the mtime can't be relied upon in a makefile rule | ||
556 | |||
557 | commit a97609e850c57bd2cc2fe7e175fc35cb865bc834 | ||
558 | Author: Damien Miller <djm@mindrot.org> | ||
559 | Date: Thu Sep 5 20:54:39 2019 +1000 | ||
560 | |||
561 | extend autoconf freshness test | ||
562 | |||
563 | make it cover config.h.in and config.h separately | ||
564 | |||
565 | commit 182297c10edb21c4856c6a38326fd04d81de41a5 | ||
566 | Author: Damien Miller <djm@mindrot.org> | ||
567 | Date: Thu Sep 5 20:34:54 2019 +1000 | ||
568 | |||
569 | check that configure/config.h is up to date | ||
570 | |||
571 | Ensure they are newer than the configure.ac / aclocal.m4 source | ||
572 | |||
573 | commit 7d6034bd020248e9fc0f8c39c71c858debd0d0c1 | ||
574 | Author: djm@openbsd.org <djm@openbsd.org> | ||
575 | Date: Thu Sep 5 10:05:51 2019 +0000 | ||
576 | |||
577 | upstream: if a PKCS#11 token returns no keys then try to login and | ||
578 | |||
579 | refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@ | ||
580 | |||
581 | OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43 | ||
582 | |||
583 | commit 76f09bd95917862101b740afb19f4db5ccc752bf | ||
584 | Author: djm@openbsd.org <djm@openbsd.org> | ||
585 | Date: Thu Sep 5 09:35:19 2019 +0000 | ||
586 | |||
587 | upstream: sprinkle in some explicit errors here, otherwise the | ||
588 | |||
589 | percolate all the way up to dispatch_run_fatal() and lose all meaninful | ||
590 | context | ||
591 | |||
592 | to help with bz#3063; ok dtucker@ | ||
593 | |||
594 | OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a | ||
595 | |||
596 | commit 0ea332497b2b2fc3995f72f6bafe9d664c0195b3 | ||
597 | Author: djm@openbsd.org <djm@openbsd.org> | ||
598 | Date: Thu Sep 5 09:25:13 2019 +0000 | ||
599 | |||
600 | upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker | ||
601 | |||
602 | OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63 | ||
603 | |||
604 | commit f23d91f9fa7f6f42e70404e000fac88aebfe3076 | ||
605 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
606 | Date: Thu Sep 5 05:47:23 2019 +0000 | ||
607 | |||
608 | upstream: macro fix; ok djm | ||
609 | |||
610 | OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e | ||
611 | |||
612 | commit 8b57337c1c1506df2bb9f039d0628a6de618566b | ||
613 | Author: Damien Miller <djm@mindrot.org> | ||
614 | Date: Thu Sep 5 15:46:39 2019 +1000 | ||
615 | |||
616 | update fuzzing makefile to more recent clang | ||
617 | |||
618 | commit ae631ad77daf8fd39723d15a687cd4b1482cbae8 | ||
619 | Author: Damien Miller <djm@mindrot.org> | ||
620 | Date: Thu Sep 5 15:45:32 2019 +1000 | ||
621 | |||
622 | fuzzer for sshsig allowed_signers option parsing | ||
623 | |||
624 | commit 69159afe24120c97e5ebaf81016c85968afb903e | ||
625 | Author: djm@openbsd.org <djm@openbsd.org> | ||
626 | Date: Thu Sep 5 05:42:59 2019 +0000 | ||
627 | |||
628 | upstream: memleak on error path; found by libfuzzer | ||
629 | |||
630 | OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7 | ||
631 | |||
632 | commit bab6feb01f9924758ca7129dba708298a53dde5f | ||
633 | Author: djm@openbsd.org <djm@openbsd.org> | ||
634 | Date: Thu Sep 5 04:55:32 2019 +0000 | ||
635 | |||
636 | upstream: expose allowed_signers options parsing code in header for | ||
637 | |||
638 | fuzzing | ||
639 | |||
640 | rename to make more consistent with philosophically-similar auth | ||
641 | options parsing API. | ||
642 | |||
643 | OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c | ||
644 | |||
645 | commit 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b | ||
646 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
647 | Date: Wed Sep 4 20:31:15 2019 +0000 | ||
648 | |||
649 | upstream: Call comma-separated lists as such to clarify semantics. | ||
650 | |||
651 | Options such as Ciphers take values that may be a list of ciphers; the | ||
652 | complete list, not indiviual elements, may be prefixed with a dash or plus | ||
653 | character to remove from or append to the default list, respectively. | ||
654 | |||
655 | Users might read the current text as if each elment took an optional prefix, | ||
656 | so tweak the wording from "values" to "list" to prevent such ambiguity for | ||
657 | all options supporting these semantics. | ||
658 | |||
659 | Fix instances missed in first commit. ok jmc@ kn@ | ||
660 | |||
661 | OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417 | ||
662 | |||
663 | commit db1e6f60f03641b2d17e0ab062242609f4ed4598 | ||
664 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
665 | Date: Wed Sep 4 05:56:54 2019 +0000 | ||
666 | |||
667 | upstream: tweak previous; | ||
668 | |||
669 | OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27 | ||
670 | |||
671 | commit 0f44e5956c7c816f6600f2a47be4d7bb5a8d711d | ||
672 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
673 | Date: Tue Sep 3 20:51:49 2019 +0000 | ||
674 | |||
675 | upstream: repair typo and editing mishap | ||
676 | |||
677 | OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e | ||
678 | |||
679 | commit f4846dfc6a79f84bbc6356ae3184f142bacedc24 | ||
680 | Author: Damien Miller <djm@mindrot.org> | ||
681 | Date: Thu Sep 5 11:09:28 2019 +1000 | ||
682 | |||
683 | Fuzzer harness for sshsig | ||
684 | |||
685 | commit b08a6bc1cc7750c6f8a425d1cdbd86552fffc637 | ||
686 | Author: Damien Miller <djm@mindrot.org> | ||
687 | Date: Tue Sep 3 18:45:42 2019 +1000 | ||
688 | |||
689 | oops; missed including the actual file | ||
690 | |||
691 | commit 1a72c0dd89f09754df443c9576dde624a17d7dd0 | ||
692 | Author: Damien Miller <djm@mindrot.org> | ||
693 | Date: Tue Sep 3 18:44:10 2019 +1000 | ||
694 | |||
695 | portability fixes for sshsig | ||
696 | |||
697 | commit 6d6427d01304d967e58544cf1c71d2b4394c0522 | ||
698 | Author: djm@openbsd.org <djm@openbsd.org> | ||
699 | Date: Tue Sep 3 08:37:45 2019 +0000 | ||
700 | |||
701 | upstream: regress test for sshsig; feedback and ok markus@ | ||
702 | |||
703 | OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b | ||
704 | |||
705 | commit 59650f0eaf65115afe04c39abfb93a4fc994ec55 | ||
706 | Author: djm@openbsd.org <djm@openbsd.org> | ||
707 | Date: Tue Sep 3 08:37:06 2019 +0000 | ||
708 | |||
709 | upstream: only add plain keys to prevent any certs laying around | ||
710 | |||
711 | from confusing the test. | ||
712 | |||
713 | OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f | ||
714 | |||
715 | commit d637c4aee6f9b5280c13c020d7653444ac1fcaa5 | ||
716 | Author: djm@openbsd.org <djm@openbsd.org> | ||
717 | Date: Tue Sep 3 08:35:27 2019 +0000 | ||
718 | |||
719 | upstream: sshsig tweaks and improvements from and suggested by | ||
720 | |||
721 | Markus | ||
722 | |||
723 | ok markus/me | ||
724 | |||
725 | OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9 | ||
726 | |||
727 | commit 2a9c9f7272c1e8665155118fe6536bebdafb6166 | ||
728 | Author: djm@openbsd.org <djm@openbsd.org> | ||
729 | Date: Tue Sep 3 08:34:19 2019 +0000 | ||
730 | |||
731 | upstream: sshsig: lightweight signature and verification ability | ||
732 | |||
733 | for OpenSSH | ||
734 | |||
735 | This adds a simple manual signature scheme to OpenSSH. | ||
736 | Signatures can be made and verified using ssh-keygen -Y sign|verify | ||
737 | |||
738 | Signatures embed the key used to make them. At verification time, this | ||
739 | is matched via principal name against an authorized_keys-like list | ||
740 | of allowed signers. | ||
741 | |||
742 | Mostly by Sebastian Kinne w/ some tweaks by me | ||
743 | |||
744 | ok markus@ | ||
745 | |||
746 | OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb | ||
747 | |||
748 | commit 5485f8d50a5bc46aeed829075ebf5d9c617027ea | ||
749 | Author: djm@openbsd.org <djm@openbsd.org> | ||
750 | Date: Tue Sep 3 08:32:11 2019 +0000 | ||
751 | |||
752 | upstream: move authorized_keys option parsing helpsers to misc.c | ||
753 | |||
754 | and make them public; ok markus@ | ||
755 | |||
756 | OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2 | ||
757 | |||
758 | commit f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a | ||
759 | Author: djm@openbsd.org <djm@openbsd.org> | ||
760 | Date: Tue Sep 3 08:31:20 2019 +0000 | ||
761 | |||
762 | upstream: make get_sigtype public as sshkey_get_sigtype(); ok | ||
763 | |||
764 | markus@ | ||
765 | |||
766 | OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8 | ||
767 | |||
768 | commit dd8002fbe63d903ffea5be7b7f5fc2714acab4a0 | ||
769 | Author: djm@openbsd.org <djm@openbsd.org> | ||
770 | Date: Tue Sep 3 08:30:47 2019 +0000 | ||
771 | |||
772 | upstream: move advance_past_options to authfile.c and make it | ||
773 | |||
774 | public; ok markus@ | ||
775 | |||
776 | OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c | ||
777 | |||
778 | commit c72d78ccbe642e08591a626e5de18381489716e0 | ||
779 | Author: djm@openbsd.org <djm@openbsd.org> | ||
780 | Date: Tue Sep 3 08:29:58 2019 +0000 | ||
781 | |||
782 | upstream: move skip_space() to misc.c and make it public; ok | ||
783 | |||
784 | markus@ | ||
785 | |||
786 | OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae | ||
787 | |||
788 | commit 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5 | ||
789 | Author: djm@openbsd.org <djm@openbsd.org> | ||
790 | Date: Tue Sep 3 08:29:15 2019 +0000 | ||
791 | |||
792 | upstream: authfd: add function to check if key is in agent | ||
793 | |||
794 | This commit adds a helper function which allows the caller to | ||
795 | check if a given public key is present in ssh-agent. | ||
796 | |||
797 | work by Sebastian Kinne; ok markus@ | ||
798 | |||
799 | OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13 | ||
800 | |||
801 | commit 2ab5a8464870cc4b29ddbe849bbbc255729437bf | ||
802 | Author: djm@openbsd.org <djm@openbsd.org> | ||
803 | Date: Tue Sep 3 08:28:30 2019 +0000 | ||
804 | |||
805 | upstream: fix memleak in ssh_free_identitylist(); ok markus@ | ||
806 | |||
807 | OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf | ||
808 | |||
809 | commit 85443f165b4169b2a448b3e24bc1d4dc5b3156a4 | ||
810 | Author: djm@openbsd.org <djm@openbsd.org> | ||
811 | Date: Tue Sep 3 08:27:52 2019 +0000 | ||
812 | |||
813 | upstream: factor out confirm_overwrite(); ok markus@ | ||
814 | |||
815 | OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400 | ||
816 | |||
817 | commit 9a396e33685633581c67d5ad9664570ef95281f2 | ||
818 | Author: djm@openbsd.org <djm@openbsd.org> | ||
819 | Date: Mon Sep 2 23:46:46 2019 +0000 | ||
820 | |||
821 | upstream: constify an argument | ||
822 | |||
823 | OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b | ||
824 | |||
825 | commit b52c0c2e64988277a35a955a474d944967059aeb | ||
826 | Author: djm@openbsd.org <djm@openbsd.org> | ||
827 | Date: Mon Sep 2 00:19:25 2019 +0000 | ||
828 | |||
829 | upstream: downgrade PKCS#11 "provider returned no slots" warning | ||
830 | |||
831 | from log level error to debug. This is common when attempting to enumerate | ||
832 | keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@ | ||
833 | |||
834 | OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6 | ||
835 | |||
836 | commit 0713322e18162463c5ab5ddfb9f935055ca775d8 | ||
837 | Author: djm@openbsd.org <djm@openbsd.org> | ||
838 | Date: Sun Sep 1 23:47:32 2019 +0000 | ||
839 | |||
840 | upstream: print comment when printing pubkey from private | ||
841 | |||
842 | bz#3052; ok dtucker | ||
843 | |||
844 | OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914 | ||
845 | |||
846 | commit 368f1cc2fbd6ad10c66bc1b67c2c04aebf8a04a8 | ||
847 | Author: Damien Miller <djm@mindrot.org> | ||
848 | Date: Mon Sep 2 10:28:42 2019 +1000 | ||
849 | |||
850 | fixed test in OSX closefrom() replacement | ||
851 | |||
852 | from likan_999.student AT sina.com | ||
853 | |||
854 | commit 6b7c53498def19a14dd9587bf521ab6dbee8988f | ||
855 | Author: Damien Miller <djm@mindrot.org> | ||
856 | Date: Mon Sep 2 10:22:02 2019 +1000 | ||
857 | |||
858 | retain Solaris PRIV_FILE_LINK_ANY in sftp-server | ||
859 | |||
860 | Dropping this privilege removes the ability to create hard links to | ||
861 | files owned by other users. This is required for the legacy sftp rename | ||
862 | operation. | ||
863 | |||
864 | bz#3036; approach ok Alex Wilson (the original author of the Solaris | ||
865 | sandbox/pledge replacement code) | ||
866 | |||
867 | commit e50f808712393e86d69e42e9847cdf8d473412d7 | ||
868 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
869 | Date: Fri Aug 30 05:08:28 2019 +0000 | ||
870 | |||
871 | upstream: Use ed25519 for most hostkey rotation tests since it's | ||
872 | |||
873 | supported even when built without OpenSSL. Use RSA for the secondary type | ||
874 | test if supported, otherwise skip it. Fixes this test for !OpenSSL builds. | ||
875 | |||
876 | OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109 | ||
877 | |||
878 | commit 5e4796c47dd8d6c38fb2ff0b3e817525fed6040d | ||
879 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
880 | Date: Thu Aug 22 21:47:27 2019 +0000 | ||
881 | |||
882 | upstream: Test did not compile due to missing symbols. Add source | ||
883 | |||
884 | sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl | ||
885 | |||
886 | OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5 | ||
887 | |||
888 | commit e0e7e3d0e26f2c30697e6d0cfc293414908963c7 | ||
889 | Author: Damien Miller <djm@mindrot.org> | ||
890 | Date: Fri Aug 30 14:26:19 2019 +1000 | ||
891 | |||
892 | tweak warning flags | ||
893 | |||
894 | Enable -Wextra if compiler supports it | ||
895 | |||
896 | Set -Wno-error=format-truncation if available to prevent expected | ||
897 | string truncations in openbsd-compat from breaking -Werror builds | ||
898 | |||
899 | commit 28744182cf90e0073b76a9e98de58a47e688b2c4 | ||
900 | Author: Damien Miller <djm@mindrot.org> | ||
901 | Date: Fri Aug 30 13:21:38 2019 +1000 | ||
902 | |||
903 | proc_pidinfo()-based closefrom() for OS X | ||
904 | |||
905 | Refactor closefrom() to use a single brute-force close() loop fallback. | ||
906 | |||
907 | Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@ | ||
908 | |||
909 | commit dc2ca588144f088a54febebfde3414568dc73d5f | ||
910 | Author: kn@openbsd.org <kn@openbsd.org> | ||
911 | Date: Fri Aug 16 11:16:32 2019 +0000 | ||
912 | |||
913 | upstream: Call comma-separated lists as such to clarify semantics | ||
914 | |||
915 | Options such as Ciphers take values that may be a list of ciphers; the | ||
916 | complete list, not indiviual elements, may be prefixed with a dash or plus | ||
917 | character to remove from or append to the default list respectively. | ||
918 | |||
919 | Users might read the current text as if each elment took an optional prefix, | ||
920 | so tweak the wording from "values" to "list" to prevent such ambiguity for | ||
921 | all options supporting this semantics (those that provide a list of | ||
922 | available elements via "ssh -Q ..."). | ||
923 | |||
924 | Input and OK jmc | ||
925 | |||
926 | OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57 | ||
927 | |||
928 | commit c4736f39e66729ce2bf5b06ee6b391e092b48f47 | ||
929 | Author: djm@openbsd.org <djm@openbsd.org> | ||
930 | Date: Fri Aug 16 06:35:27 2019 +0000 | ||
931 | |||
932 | upstream: include sshbuf-misc.c in SRCS_BASE | ||
933 | |||
934 | OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474 | ||
935 | |||
936 | commit d0e51810f332fe44ebdba41113aacf319d35f5a5 | ||
937 | Author: Darren Tucker <dtucker@dtucker.net> | ||
938 | Date: Sat Aug 24 15:12:11 2019 +1000 | ||
939 | |||
940 | Fix pasto in fallback code. | ||
941 | |||
942 | There is no parameter called "pathname", it should simply be "path". | ||
943 | bz#3059, patch from samuel at cendio.se. | ||
944 | |||
945 | commit e83c989bfd9fc9838b7dfb711d1dc6da81814045 | ||
946 | Author: Damien Miller <djm@mindrot.org> | ||
947 | Date: Fri Aug 23 10:19:30 2019 +1000 | ||
948 | |||
949 | use SC_ALLOW_ARG_MASK to limit mmap protections | ||
950 | |||
951 | Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC | ||
952 | |||
953 | commit f6906f9bf12c968debec3671bbf19926ff8a235b | ||
954 | Author: Damien Miller <djm@mindrot.org> | ||
955 | Date: Fri Aug 23 10:08:48 2019 +1000 | ||
956 | |||
957 | allow mprotect(2) with PROT_(READ|WRITE|NONE) only | ||
958 | |||
959 | Used by some hardened heap allocators. Requested by Yegor | ||
960 | Timoshenko in https://github.com/openssh/openssh-portable/pull/142 | ||
961 | |||
962 | commit e3b6c966b79c3ea5d51b923c3bbdc41e13b96ea0 | ||
963 | Author: djm@openbsd.org <djm@openbsd.org> | ||
964 | Date: Fri Aug 16 06:13:15 2019 +0000 | ||
965 | |||
966 | upstream: switch percent_expand() to use sshbuf instead of a limited | ||
967 | |||
968 | fixed buffer; ok markus@ | ||
969 | |||
970 | OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711 | ||
971 | |||
972 | commit 9ab5b9474779ac4f581d402ae397f871ed16b383 | ||
973 | Author: djm@openbsd.org <djm@openbsd.org> | ||
974 | Date: Fri Aug 9 05:05:54 2019 +0000 | ||
975 | |||
976 | upstream: produce a useful error message if the user's shell is set | ||
977 | |||
978 | incorrectly during "match exec" processing. bz#2791 reported by Dario | ||
979 | Bertini; ok dtucker | ||
980 | |||
981 | OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d | ||
982 | |||
983 | commit 8fdbc7247f432578abaaca1b72a0dbf5058d67e5 | ||
984 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
985 | Date: Fri Aug 9 04:24:03 2019 +0000 | ||
986 | |||
987 | upstream: Change description of TCPKeepAlive from "inactive" to | ||
988 | |||
989 | "unresponsive" to clarify what it checks for. Patch from jblaine at | ||
990 | kickflop.net via github pr#129, ok djm@. | ||
991 | |||
992 | OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9 | ||
993 | |||
994 | commit 7afc45c3ed72672690014dc432edc223b23ae288 | ||
995 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
996 | Date: Thu Aug 8 08:02:57 2019 +0000 | ||
997 | |||
998 | upstream: Allow the maximimum uint32 value for the argument passed to | ||
999 | |||
1000 | -b which allows better error messages from later validation. bz#3050, ok | ||
1001 | djm@ | ||
1002 | |||
1003 | OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673 | ||
1004 | |||
1005 | commit c31e4f5fb3915c040061981a67224de7650ab34b | ||
1006 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1007 | Date: Mon Aug 5 21:45:27 2019 +0000 | ||
1008 | |||
1009 | upstream: Many key types are supported now, so take care to check | ||
1010 | |||
1011 | the size restrictions and apply the default size only to the matching key | ||
1012 | type. tweak and ok dtucker@ | ||
1013 | |||
1014 | OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e | ||
1015 | |||
1016 | commit 6b39a7b49ebacec4e70e24bfc8ea2f11057aac22 | ||
1017 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1018 | Date: Mon Aug 5 11:50:33 2019 +0000 | ||
1019 | |||
1020 | upstream: Remove now-redundant perm_ok arg since | ||
1021 | |||
1022 | sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that | ||
1023 | case. Patch from jitendra.sharma at intel.com, ok djm@ | ||
1024 | |||
1025 | OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77 | ||
1026 | |||
1027 | commit d46075b923bf25e6f25959a3f5b458852161cb3e | ||
1028 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1029 | Date: Mon Aug 5 21:36:48 2019 +1000 | ||
1030 | |||
1031 | Fix mem leak in unit test. | ||
1032 | |||
1033 | Patch from jitendra.sharma at intel.com. | ||
1034 | |||
1035 | commit c4ffb72593c08921cf9291bc05a5ef1d0aaa6891 | ||
1036 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1037 | Date: Fri Aug 2 01:41:24 2019 +0000 | ||
1038 | |||
1039 | upstream: fix some memleaks in test_helper code | ||
1040 | |||
1041 | bz#3037 from Jitendra Sharma | ||
1042 | |||
1043 | OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751 | ||
1044 | |||
1045 | commit 6e76e69dc0c7712e9ac599af34bd091b0e7dcdb5 | ||
1046 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1047 | Date: Fri Aug 2 01:23:19 2019 +0000 | ||
1048 | |||
1049 | upstream: typo; from Christian Hesse | ||
1050 | |||
1051 | OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3 | ||
1052 | |||
1053 | commit 49fa065a1bfaeb88a59abdfa4432d3b9c35b0655 | ||
1054 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1055 | Date: Tue Jul 30 05:04:49 2019 +0000 | ||
1056 | |||
1057 | upstream: let sshbuf_find/cmp take a void* for the | ||
1058 | |||
1059 | search/comparison argument, instead of a u_char*. Saves callers needing to | ||
1060 | cast. | ||
1061 | |||
1062 | OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed | ||
1063 | |||
1064 | commit 7adf6c430d6fc17901e167bc0789d31638f5c2f8 | ||
1065 | Author: mestre@openbsd.org <mestre@openbsd.org> | ||
1066 | Date: Wed Jul 24 08:57:00 2019 +0000 | ||
1067 | |||
1068 | upstream: When using a combination of a Yubikey+GnuPG+remote | ||
1069 | |||
1070 | forwarding the gpg-agent (and options ControlMaster+RemoteForward in | ||
1071 | ssh_config(5)) then the codepath taken will call mux_client_request_session | ||
1072 | -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath | ||
1073 | then pledge(2) kills the process. | ||
1074 | |||
1075 | The solution is to add "sendfd" to pledge(2), which is not too bad considering | ||
1076 | a little bit later we reduce pledge(2) to only "stdio proc tty" in that | ||
1077 | codepath. | ||
1078 | |||
1079 | Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org> | ||
1080 | |||
1081 | OK deraadt@ | ||
1082 | |||
1083 | OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac | ||
1084 | |||
1085 | commit 0e2fe18acc1da853a9120c2e9af68e8d05e6503e | ||
1086 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1087 | Date: Tue Jul 23 23:06:57 2019 +0000 | ||
1088 | |||
1089 | upstream: Fix typo in CASignatureAlgorithms wherein what should be | ||
1090 | |||
1091 | a comma is a dot. Patch from hnj2 via github pr#141. | ||
1092 | |||
1093 | OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0 | ||
1094 | |||
1095 | commit e93ffd1a19fc47c49d68ae2fb332433690ecd389 | ||
1096 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1097 | Date: Mon Jul 29 16:04:01 2019 +1000 | ||
1098 | |||
1099 | Report success of individual tests as well as all. | ||
1100 | |||
1101 | This puts the "all tests passed" message back at the end where the | ||
1102 | test harnesses can find it. | ||
1103 | |||
1104 | commit 2ad5b36b18bddf2965fe60384c29b3f1d451b4ed | ||
1105 | Author: Damien Miller <djm@mindrot.org> | ||
1106 | Date: Mon Jul 29 09:49:23 2019 +1000 | ||
1107 | |||
1108 | convert to UTF-8; from Mike Frysinger | ||
1109 | |||
1110 | commit d31e7c937ba0b97534f373cf5dea34675bcec602 | ||
1111 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1112 | Date: Fri Jul 26 04:22:21 2019 +0000 | ||
1113 | |||
1114 | upstream: Restrict limit-keytype to types supported by build. This | ||
1115 | |||
1116 | means we have to skip a couple tests when only one key type is supported. | ||
1117 | |||
1118 | OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e | ||
1119 | |||
1120 | commit 0967a233b8a28907ae8a4a6773c89f21d2ace11b | ||
1121 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1122 | Date: Thu Jul 25 18:36:28 2019 +1000 | ||
1123 | |||
1124 | Remove override disabling DH-GEX. | ||
1125 | |||
1126 | The DH-GEX override doesn't work when build without OpenSSL, and | ||
1127 | we'll prefer curve25519 these days, removing the need for it. | ||
1128 | |||
1129 | commit 061407efc19b41ab4a7485e5adcff2a12befacdb | ||
1130 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1131 | Date: Thu Jul 25 09:17:35 2019 +0000 | ||
1132 | |||
1133 | upstream: Only use supported key types during KRL test, preferring | ||
1134 | |||
1135 | ed25519 since it's supported by both OpenSSL and non-OpenSSL builds. | ||
1136 | |||
1137 | OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa | ||
1138 | |||
1139 | commit 47f8ff1fa5b76790c1d785815fd13ee6009f8012 | ||
1140 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1141 | Date: Thu Jul 25 08:48:11 2019 +0000 | ||
1142 | |||
1143 | upstream: Switch keys-command test from rsa to ed25519 since it's | ||
1144 | |||
1145 | supported for both OpenSSL and non-OpenSSL builds. | ||
1146 | |||
1147 | OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a | ||
1148 | |||
1149 | commit 1e94afdfa8df774ab7dd3bad52912b636dc31bbd | ||
1150 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1151 | Date: Thu Jul 25 08:28:15 2019 +0000 | ||
1152 | |||
1153 | upstream: Make certificate tests work with the supported key | ||
1154 | |||
1155 | algorithms. Allows tests to pass when built without OpenSSL. | ||
1156 | |||
1157 | OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc | ||
1158 | |||
1159 | commit 26bf693661a48b97b6023f702b2af643676ac21a | ||
1160 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1161 | Date: Tue Jul 23 13:49:14 2019 +0000 | ||
1162 | |||
1163 | upstream: Construct list of key types to test based on the types | ||
1164 | |||
1165 | supported by the binaries. | ||
1166 | |||
1167 | OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62 | ||
1168 | |||
1169 | commit 773c55b3d1230e8f7714a1b33873c37b85049c74 | ||
1170 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1171 | Date: Tue Jul 23 13:32:48 2019 +0000 | ||
1172 | |||
1173 | upstream: Only use DSA key type in tests if binaries support it. | ||
1174 | |||
1175 | OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96 | ||
1176 | |||
1177 | commit 159e987a54d92ccd73875e7581ffc64e8927a715 | ||
1178 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1179 | Date: Wed Jul 24 14:21:19 2019 +1000 | ||
1180 | |||
1181 | Split test targets further. | ||
1182 | |||
1183 | Splits test into file-tests, t-exec, unit and interop-tests and their | ||
1184 | respective dependencies. Should allow running any set individually | ||
1185 | without having to build the other dependencies that are not needed | ||
1186 | for that specific test. | ||
1187 | |||
1188 | commit 520d4550a2470106d63e30079bb05ce82f3a4f7d | ||
1189 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1190 | Date: Wed Jul 24 11:20:18 2019 +1000 | ||
1191 | |||
1192 | Add lib dependencies for regress binary targets. | ||
1193 | |||
1194 | commit 4e8d0dd78d5f6142841a07dc8b8c6b4730eaf587 | ||
1195 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1196 | Date: Wed Jul 24 00:12:51 2019 +1000 | ||
1197 | |||
1198 | Make "unit" a dependency of "test". | ||
1199 | |||
1200 | commit 4317b2a0480e293e58ba115e47b49d3a384b6568 | ||
1201 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1202 | Date: Tue Jul 23 23:24:47 2019 +1000 | ||
1203 | |||
1204 | upstream rev 1.28: fix comment typo. | ||
1205 | |||
1206 | commit e0055af2bd39fdb44566ff6594147664e1fac8b8 | ||
1207 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1208 | Date: Tue Jul 23 23:06:22 2019 +1000 | ||
1209 | |||
1210 | Split regress-binaries into two targets. | ||
1211 | |||
1212 | Split the binaries for the unit tests out into a regress-unit-binaries | ||
1213 | target, and add a dependency on it for only the unit tests. This allows | ||
1214 | us to run the integration tests only ("make t-exec") without building | ||
1215 | the unit tests, which allows us to run a subset of the tests when | ||
1216 | building --without-openssl without trying (and failing) to build the | ||
1217 | unit tests. | ||
1218 | |||
1219 | This means there are two targets for "unit" which I *think* is valid | ||
1220 | (it works in testing, and makedepend will generate Makefiles of this | ||
1221 | form)a but I could be wrong. | ||
1222 | |||
1223 | commit 7cdf9fdcf11aaaa98c2bd22c92882ea559e772ad | ||
1224 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1225 | Date: Tue Jul 23 08:19:29 2019 +0000 | ||
1226 | |||
1227 | upstream: Skip DH group generation test if binaries don't support | ||
1228 | |||
1229 | DH-GEX. | ||
1230 | |||
1231 | OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd | ||
1232 | |||
1233 | commit 3a3eab8bb0da3d2f0f32cb85a1a268bcca6e4d69 | ||
1234 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1235 | Date: Tue Jul 23 07:55:29 2019 +0000 | ||
1236 | |||
1237 | upstream: Only test conversion of key types supported by the | ||
1238 | |||
1239 | binaries. | ||
1240 | |||
1241 | OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea | ||
1242 | |||
1243 | commit 7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63 | ||
1244 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1245 | Date: Tue Jul 23 07:39:43 2019 +0000 | ||
1246 | |||
1247 | upstream: Only add ssh-dss to allowed key types if it's supported | ||
1248 | |||
1249 | by the binary. | ||
1250 | |||
1251 | OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413 | ||
1252 | |||
1253 | commit fd0684b319e664d8821dc4ca3026126dfea3ccf4 | ||
1254 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1255 | Date: Tue Jul 23 22:36:39 2019 +1000 | ||
1256 | |||
1257 | Remove sys/cdefs.h include. | ||
1258 | |||
1259 | It's not needed on -portable (that's handled by includes.h) and not all | ||
1260 | platforms have it. | ||
1261 | |||
1262 | commit 9634ffbf29b3c2493e69d10b37077b09a8cbf5ff | ||
1263 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1264 | Date: Tue Jul 23 22:25:44 2019 +1000 | ||
1265 | |||
1266 | Add headers to prevent warnings w/out OpenSSL. | ||
1267 | |||
1268 | commit 2ea60312e1c08dea88982fec68244f89a40912ff | ||
1269 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1270 | Date: Tue Jul 23 22:11:50 2019 +1000 | ||
1271 | |||
1272 | Include stdlib.h for free() and calloc(). | ||
1273 | |||
1274 | commit 11cba2a4523fda447e2554ea457484655bedc831 | ||
1275 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1276 | Date: Tue Jul 23 21:51:22 2019 +1000 | ||
1277 | |||
1278 | Re-apply portability changes to current sha2.{c,h}. | ||
1279 | |||
1280 | Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 | ||
1281 | I imported the current versions directly then re-applied the portability | ||
1282 | changes. This also allowed re-syncing digest-libc.c against upstream. | ||
1283 | |||
1284 | commit 09159594a3bbd363429ee6fafde57ce77986dd7c | ||
1285 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1286 | Date: Tue Jul 23 20:27:51 2019 +1000 | ||
1287 | |||
1288 | Import current sha2.c and sha2.h from OpenBSD. | ||
1289 | |||
1290 | These are not changed from their original state, the next commit will | ||
1291 | re-apply the portable changes. | ||
1292 | |||
1293 | commit 2e6035b900cc9d7432d95084e03993d1b426f812 | ||
1294 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1295 | Date: Tue Jul 23 08:11:22 2019 +1000 | ||
1296 | |||
1297 | Rename valgrind "errors" to "failures". | ||
1298 | |||
1299 | When valgrind is enabled, test-exec.sh counts the number of invocations | ||
1300 | that valgrind detects failures in, not the total number of errors detected. | ||
1301 | This makes the name to be more accurate. | ||
1302 | |||
1303 | commit e82c9bb9ffa65725cc2e03ea81cb79ce3387f66b | ||
1304 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1305 | Date: Fri Jul 19 18:51:18 2019 +1000 | ||
1306 | |||
1307 | Skip running sftp-chroot under Valgrind. | ||
1308 | |||
1309 | commit 41e22c2e05cb950b704945ac9408f6109c9b7848 | ||
1310 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1311 | Date: Sat Jul 20 09:50:58 2019 +0000 | ||
1312 | |||
1313 | upstream: Remove the sleeps and thus races from the forwarding | ||
1314 | |||
1315 | test. They were originally required to work with Protocol 1, but now we can | ||
1316 | use ssh -N and the control socket without the sleeps. While there, suppress | ||
1317 | output fro the control exit commands. | ||
1318 | |||
1319 | OpenBSD-Regress-ID: 4c51a1d651242f12c90074c18c61008a74c1c790 | ||
1320 | |||
1321 | commit 0423043c5e54293f4dd56041304fd0046c317be9 | ||
1322 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1323 | Date: Sat Jul 20 09:37:31 2019 +0000 | ||
1324 | |||
1325 | upstream: Allow SLEEPTIME to be overridden. | ||
1326 | |||
1327 | OpenBSD-Regress-ID: 1596ab168729954be3d219933b2d01cc93687e76 | ||
1328 | |||
1329 | commit d466b6a5cfba17a83c7aae9f584ab164e2ece0a1 | ||
1330 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1331 | Date: Sat Jul 20 09:14:40 2019 +0000 | ||
1332 | |||
1333 | upstream: Move sleep time into a variable so that we can increase | ||
1334 | |||
1335 | it for platforms or configurations that are much slower then usual. | ||
1336 | |||
1337 | OpenBSD-Regress-ID: 88586cabc800062c260d0b876bdcd4ca3f58a872 | ||
1338 | |||
1339 | commit b4a7c9d2b5f928e0b902b580d35dc8b244a3aae0 | ||
1340 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1341 | Date: Fri Jul 19 03:45:44 2019 +0000 | ||
1342 | |||
1343 | upstream: add regression tests for scp for out-of-destination path file | ||
1344 | |||
1345 | creation by Harry Sintonen via Jakub Jelen in bz3007 | ||
1346 | |||
1347 | OpenBSD-Regress-ID: 01ae5fbc6ce400b2df5a84dc3152a9e31f354c07 | ||
1348 | |||
1349 | commit bca0582063f148c7ddf409ec51435a5a726bee4c | ||
1350 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1351 | Date: Fri Jul 19 03:38:01 2019 +0000 | ||
1352 | |||
1353 | upstream: Accept the verbose flag when searching for host keys in known | ||
1354 | |||
1355 | hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art | ||
1356 | signature too. bz#3003 "amusing, pretty" deraadt@ | ||
1357 | |||
1358 | OpenBSD-Commit-ID: 686221a5447d6507f40a2ffba5393984d889891f | ||
1359 | |||
1360 | commit 5299a09fa2879a068af200c91028fcfa9283c0f0 | ||
1361 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1362 | Date: Fri Jul 19 13:50:25 2019 +1000 | ||
1363 | |||
1364 | Revert one dependency per line change. | ||
1365 | |||
1366 | It turns out that having such a large number of lines in the .depend | ||
1367 | file will cause the memory usage of awk during AC_SUBST to blow up on at | ||
1368 | least NetBSD's awk, causing configure to fail. | ||
1369 | |||
1370 | commit 01dddb231f23b4a7b616f9d33a0b9d937f9eaf0e | ||
1371 | Author: Damien Miller <djm@mindrot.org> | ||
1372 | Date: Fri Jul 19 13:19:19 2019 +1000 | ||
1373 | |||
1374 | fix SIGWINCH delivery of Solaris for mux sessions | ||
1375 | |||
1376 | Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH | ||
1377 | signals to other sessions. bz#3030; report and fix from Darren Moffat | ||
1378 | |||
1379 | commit 05500af21d27c1a3ddac232b018cc23da7b1ee95 | ||
1380 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1381 | Date: Fri Jul 19 13:20:03 2019 +1000 | ||
1382 | |||
1383 | Force dependencies one per line. | ||
1384 | |||
1385 | Force makedepend to output one dependency per line, which will make | ||
1386 | reading diffs against it much easier. ok djm@ | ||
1387 | |||
1388 | commit b5bc5d016bbb83eb7f8e685390044e78b1ea1427 | ||
1389 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1390 | Date: Fri Jul 19 13:18:07 2019 +1000 | ||
1391 | |||
1392 | make depend. | ||
1393 | |||
1394 | commit 65333f7454365fe40f7367630e7dd10903b9d99e | ||
1395 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1396 | Date: Fri Jul 19 13:16:11 2019 +1000 | ||
1397 | |||
1398 | Show when skipping valgrind for a test. | ||
1399 | |||
1400 | commit fccb7eb3436da8ef3dcd22e5936ba1abc7ae6730 | ||
1401 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1402 | Date: Fri Jul 19 10:41:56 2019 +1000 | ||
1403 | |||
1404 | Enable connect-privsep test with valgrind. | ||
1405 | |||
1406 | connect-privsep seems to work OK with valgrind now so don't skip | ||
1407 | valgrind on it. | ||
1408 | |||
1409 | commit d7423017265c5ae6d0be39340feb6c9f016b1f71 | ||
1410 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1411 | Date: Fri Jul 19 07:43:07 2019 +1000 | ||
1412 | |||
1413 | Show valgrind results and error counts. | ||
1414 | |||
1415 | commit 22b9b3e944880db906c6ac5527c4228bd92b293a | ||
1416 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1417 | Date: Thu Jul 18 13:40:12 2019 +1000 | ||
1418 | |||
1419 | Fix format string integer type in error message. | ||
1420 | |||
1421 | commit ed46a0c0705895834d3f47a46faa89c2a71b760a | ||
1422 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1423 | Date: Thu Jul 18 13:26:00 2019 +0000 | ||
1424 | |||
1425 | upstream: fix off-by-one in sshbuf_dtob64() base64 wrapping that could | ||
1426 | |||
1427 | cause extra newlines to be appended at the end of the base64 text (ugly, but | ||
1428 | harmless). Found and fixed by Sebastian Kinne | ||
1429 | |||
1430 | OpenBSD-Commit-ID: 9fe290bd68f706ed8f986a7704ca5a2bd32d7b68 | ||
1431 | |||
1432 | commit a192021fedead23c375077f92346336d531f8cad | ||
1433 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1434 | Date: Thu Jul 18 11:09:38 2019 +1000 | ||
1435 | |||
1436 | Fail tests if Valgrind enabled and reports errors. | ||
1437 | |||
1438 | Also dump the failing valgrind report to stdout (not the cleanest | ||
1439 | solution, but better than nothing). | ||
1440 | |||
1441 | commit d1c491ecb939ee10b341fa7bb6205dff19d297e5 | ||
1442 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1443 | Date: Thu Jul 18 10:17:54 2019 +1000 | ||
1444 | |||
1445 | Allow low-priv tests to write to pipe dir. | ||
1446 | |||
1447 | When running regression tests with Valgrind and SUDO, the low-priv agent | ||
1448 | tests need to be able to create pipes in the appropriate directory. | ||
1449 | |||
1450 | commit 8a5bb3e78191cc206f970c26d2a26c949971e91a | ||
1451 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1452 | Date: Wed Jul 17 21:24:55 2019 +1000 | ||
1453 | |||
1454 | Put valgrind vgdb files to a specific directory. | ||
1455 | |||
1456 | Valgrind by default puts vgdb files and pipes under /tmp, however it | ||
1457 | is not always able to clean them up, which can cause test failures when | ||
1458 | there's a pid/file collision. Using a specific directory ensures that | ||
1459 | we can clean up and start clean. | ||
1460 | |||
1461 | commit f8829fe57fb0479d6103cfe1190095da3c032c6d | ||
1462 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1463 | Date: Tue Jul 16 22:16:49 2019 +0000 | ||
1464 | |||
1465 | upstream: adapt to sshbuf_dtob64() change | ||
1466 | |||
1467 | OpenBSD-Regress-ID: 82374a83edf0955fd1477169eee3f5d6467405a6 | ||
1468 | |||
1469 | commit 1254fcbb2f005f745f2265016ee9fa52e16d37b0 | ||
1470 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1471 | Date: Tue Jul 16 03:21:54 2019 +0000 | ||
1472 | |||
1473 | upstream: Remove ssh1 files from CLEANFILES since ssh1 no longer | ||
1474 | |||
1475 | supported. | ||
1476 | |||
1477 | OpenBSD-Regress-ID: 5b9ae869dc669bac05939b4a2fdf44ee067acfa0 | ||
1478 | |||
1479 | commit 9dc81a5adabc9a7d611ed2e63fbf4c85d43b15c6 | ||
1480 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1481 | Date: Tue Jul 16 02:09:29 2019 +0000 | ||
1482 | |||
1483 | upstream: Update names of host key files in CLEANFILES to match | ||
1484 | |||
1485 | recent changes to the tests. | ||
1486 | |||
1487 | OpenBSD-Regress-ID: 28743052de3acf70b06f18333561497cd47c4ecf | ||
1488 | |||
1489 | commit e44e4ad1190db22ed407a79f32a8cff5bcd2b815 | ||
1490 | Author: Damien Miller <djm@mindrot.org> | ||
1491 | Date: Tue Jul 16 23:26:53 2019 +1000 | ||
1492 | |||
1493 | depend | ||
1494 | |||
1495 | commit 16dd8b2c78a0de106c7429e2a294d203f6bda3c7 | ||
1496 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1497 | Date: Tue Jul 16 13:18:39 2019 +0000 | ||
1498 | |||
1499 | upstream: remove mostly vestigal uuencode.[ch]; moving the only unique | ||
1500 | |||
1501 | functionality there (wrapping of base64-encoded data) to sshbuf functions; | ||
1502 | feedback and ok markus@ | ||
1503 | |||
1504 | OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c | ||
1505 | |||
1506 | commit 45478898f9590b5cc8bc7104e573b84be67443b0 | ||
1507 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1508 | Date: Tue Jul 16 09:20:23 2019 +1000 | ||
1509 | |||
1510 | Hook memmem compat code into build. | ||
1511 | |||
1512 | This fixes builds on platforms that don't have it (at least old DragonFly, | ||
1513 | probably others). | ||
1514 | |||
1515 | commit c7bd4617293a903bd3fac3394a7e72d439af49a5 | ||
1516 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1517 | Date: Tue Jul 16 09:07:18 2019 +1000 | ||
1518 | |||
1519 | Import memmem.c from OpenBSD. | ||
1520 | |||
1521 | commit 477e2a3be8b10df76e8d76f0427b043280d73d68 | ||
1522 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1523 | Date: Mon Jul 15 13:12:02 2019 +0000 | ||
1524 | |||
1525 | upstream: unit tests for sshbuf_cmp() and sshbuf_find(); ok markus | ||
1526 | |||
1527 | OpenBSD-Regress-ID: b52d36bc3ab6dc158c1e59a9a4735f821cf9e1fd | ||
1528 | |||
1529 | commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a | ||
1530 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1531 | Date: Mon Jul 15 13:16:29 2019 +0000 | ||
1532 | |||
1533 | upstream: support PKCS8 as an optional format for storage of | ||
1534 | |||
1535 | private keys, enabled via "ssh-keygen -m PKCS8" on operations that save | ||
1536 | private keys to disk. | ||
1537 | |||
1538 | The OpenSSH native key format remains the default, but PKCS8 is a | ||
1539 | superior format to PEM if interoperability with non-OpenSSH software | ||
1540 | is required, as it may use a less terrible KDF (IIRC PEM uses a single | ||
1541 | round of MD5 as a KDF). | ||
1542 | |||
1543 | adapted from patch by Jakub Jelen via bz3013; ok markus | ||
1544 | |||
1545 | OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1 | ||
1546 | |||
1547 | commit e18a27eedccb024acb3cd9820b650a5dff323f01 | ||
1548 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1549 | Date: Mon Jul 15 13:11:38 2019 +0000 | ||
1550 | |||
1551 | upstream: two more bounds-checking sshbuf counterparts to common | ||
1552 | |||
1553 | string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like) | ||
1554 | |||
1555 | feedback and ok markus@ | ||
1556 | |||
1557 | OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a | ||
1558 | |||
1559 | commit bc551dfebb55845537b1095cf3ccd01640a147b7 | ||
1560 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1561 | Date: Mon Jul 15 12:52:45 2019 +1000 | ||
1562 | |||
1563 | Clear valgrind-out dir to prevent collisions. | ||
1564 | |||
1565 | commit 5db9ba718e983661a9114ae1418f6e412d1f52d5 | ||
1566 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1567 | Date: Mon Jul 15 12:02:27 2019 +1000 | ||
1568 | |||
1569 | Allow agent tests to write to valgrind dir. | ||
1570 | |||
1571 | commit 121e48fa5305f41f0477d9908e3d862987a68a84 | ||
1572 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1573 | Date: Sun Jul 14 23:33:19 2019 +0000 | ||
1574 | |||
1575 | upstream: unit tests for sshbuf_peek/poke bounds-checked random access | ||
1576 | |||
1577 | functions. ok markus@ | ||
1578 | |||
1579 | OpenBSD-Regress-ID: 034c4284b1da6b12e25c762a6b958efacdafbaef | ||
1580 | |||
1581 | commit 101d164723ffbc38f8036b6f3ea3bfef771ba250 | ||
1582 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1583 | Date: Sun Jul 14 23:32:27 2019 +0000 | ||
1584 | |||
1585 | upstream: add some functions to perform random-access read/write | ||
1586 | |||
1587 | operations inside buffers with bounds checking. Intended to replace manual | ||
1588 | pointer arithmetic wherever possible. | ||
1589 | |||
1590 | feedback and ok markus@ | ||
1591 | |||
1592 | OpenBSD-Commit-ID: 91771fde7732738f1ffed078aa5d3bee6d198409 | ||
1593 | |||
1594 | commit 7250879c72d28275a53f2f220e49646c3e42ef18 | ||
1595 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1596 | Date: Fri Jul 12 04:08:39 2019 +0000 | ||
1597 | |||
1598 | upstream: include SHA2-variant RSA key algorithms in KEX proposal; | ||
1599 | |||
1600 | allows ssh-keyscan to harvest keys from servers that disable olde SHA1 | ||
1601 | ssh-rsa. bz#3029 from Jakub Jelen | ||
1602 | |||
1603 | OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a | ||
1604 | |||
1605 | commit a0876bd994cab9ba6e47ba2a163a4417c7597487 | ||
1606 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1607 | Date: Fri Jul 12 03:56:21 2019 +0000 | ||
1608 | |||
1609 | upstream: print explicit "not modified" message if a file was | ||
1610 | |||
1611 | requested for resumed download but was considered already complete. | ||
1612 | |||
1613 | bz#2978 ok dtucker | ||
1614 | |||
1615 | OpenBSD-Commit-ID: f32084b26a662f16215ee4ca4a403d67e49ab986 | ||
1616 | |||
1617 | commit b9b0f2ac9625933db53a35b1c1ce423876630558 | ||
1618 | Author: tb@openbsd.org <tb@openbsd.org> | ||
1619 | Date: Wed Jul 10 07:04:27 2019 +0000 | ||
1620 | |||
1621 | upstream: Fix a typo and make <esc><right> move right to the | ||
1622 | |||
1623 | closest end of a word just like <esc><left> moves left to the closest | ||
1624 | beginning of a word. | ||
1625 | |||
1626 | ok djm | ||
1627 | |||
1628 | OpenBSD-Commit-ID: 6afe01b05ed52d8b12eb1fda6e9af5afb5e198ee | ||
1629 | |||
1630 | commit 8729498a5d239980a91d32f031b34e8c58c52f62 | ||
1631 | Author: Damien Miller <djm@mindrot.org> | ||
1632 | Date: Wed Jul 10 09:43:19 2019 +1000 | ||
1633 | |||
1634 | fix typo that prevented detection of Linux VRF | ||
1635 | |||
1636 | Reported by hexiaowen AT huawei.com | ||
1637 | |||
1638 | commit 5b2b79ff7c057ee101518545727ed3023372891d | ||
1639 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1640 | Date: Tue Jul 9 04:15:00 2019 +0000 | ||
1641 | |||
1642 | upstream: cap the number of permiopen/permitlisten directives we're | ||
1643 | |||
1644 | willing to parse on a single authorized_keys line; ok deraadt@ | ||
1645 | |||
1646 | OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46 | ||
1647 | |||
1648 | commit eb0b51dac408fadd1fd13fa6d726ab8fdfcc4152 | ||
1649 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1650 | Date: Mon Jul 8 17:27:26 2019 +1000 | ||
1651 | |||
1652 | Move log.h include inside ifdefs. | ||
1653 | |||
1654 | Fixes build on some other platforms that don't have va_list immediately | ||
1655 | available (eg NetBSD). | ||
1656 | |||
1657 | commit 43702f8e6fa22a258e25c4dd950baaae0bc656b7 | ||
1658 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1659 | Date: Sat Jul 6 23:07:04 2019 +1000 | ||
1660 | |||
1661 | Include log.h for debug() and friends. | ||
1662 | |||
1663 | Should fix some compiler warnings on IRIX (bz#3032). | ||
1664 | |||
1665 | commit 53a6ebf1445a857f5e487b18ee5e5830a9575149 | ||
1666 | Author: Damien Miller <djm@mindrot.org> | ||
1667 | Date: Mon Jul 8 13:44:32 2019 +1000 | ||
1668 | |||
1669 | sftp-realpath.c needs includes.h | ||
1670 | |||
1671 | commit 4efe1adf05ee5d3fce44320fcff68735891f4ee6 | ||
1672 | Author: Damien Miller <djm@mindrot.org> | ||
1673 | Date: Mon Jul 8 13:38:39 2019 +1000 | ||
1674 | |||
1675 | remove realpath() compat replacement | ||
1676 | |||
1677 | We shipped a BSD implementation of realpath() because sftp-server | ||
1678 | depended on its behaviour. | ||
1679 | |||
1680 | OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), | ||
1681 | so sftp-server now unconditionally requires its own BSD-style realpath | ||
1682 | implementation. As such, there is no need to carry another independant | ||
1683 | implementation in openbsd-compat. | ||
1684 | |||
1685 | ok dtucker@ | ||
1686 | |||
1687 | commit 696fb4298e80f2ebcd188986a91b49af3b7ca14c | ||
1688 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1689 | Date: Sun Jul 7 01:05:00 2019 +0000 | ||
1690 | |||
1691 | upstream: Remove some set but never used variables. ok daraadt@ | ||
1692 | |||
1693 | OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7 | ||
1694 | |||
1695 | commit 156e9e85e92b46ca90226605d9eff49e8ec31b22 | ||
1696 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1697 | Date: Fri Jul 5 12:35:40 2019 +0000 | ||
1698 | |||
1699 | upstream: still compile uuencode.c, unbreaks build | ||
1700 | |||
1701 | OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f | ||
1702 | |||
1703 | commit cec9ee527a12b1f6c2e0a1c155fec64a38d71cf6 | ||
1704 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1705 | Date: Fri Jul 5 07:32:01 2019 +0000 | ||
1706 | |||
1707 | upstream: revert header removal that snuck into previous | ||
1708 | |||
1709 | OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e | ||
1710 | |||
1711 | commit 569b650f93b561c09c655f83f128e1dfffe74101 | ||
1712 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1713 | Date: Fri Jul 5 04:55:40 2019 +0000 | ||
1714 | |||
1715 | upstream: add a local implementation of BSD realpath() for | ||
1716 | |||
1717 | sftp-server use ahead of OpenBSD's realpath changing to match POSIX; | ||
1718 | |||
1719 | ok deraadt@ (thanks for snaps testing) | ||
1720 | |||
1721 | OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55 | ||
1722 | |||
1723 | commit b8e2b797362526437e0642a6c2f2970d794f2561 | ||
1724 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1725 | Date: Sat Jul 6 13:13:57 2019 +1000 | ||
1726 | |||
1727 | Add prototype for strnlen to prevent warnings. | ||
1728 | |||
1729 | commit 4c3e00b1ed7e596610f34590eb5d54ee50d77878 | ||
1730 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1731 | Date: Sat Jul 6 13:02:34 2019 +1000 | ||
1732 | |||
1733 | Cast *ID types to unsigned long when printing. | ||
1734 | |||
1735 | UID and GID types vary by platform so cast to u_long and use %lu when | ||
1736 | printing them to prevent warnings. | ||
1737 | |||
1738 | commit 2753521e899f30d1d58b5da0b4e68fde6fcf341e | ||
1739 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1740 | Date: Sat Jul 6 12:54:43 2019 +1000 | ||
1741 | |||
1742 | Add prototype for compat strndup.(bz#3032). | ||
1743 | |||
1744 | commit 01a1e21cd55d99293c8ff8ed7c590f2ee440da43 | ||
1745 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1746 | Date: Sat Jul 6 12:00:41 2019 +1000 | ||
1747 | |||
1748 | Add missing bracket in EGD seeding code. | ||
1749 | |||
1750 | When configured --with-prngd-socket the code had a missing bracket after | ||
1751 | an API change. Fix that and a couple of warnings. bz#3032 , from | ||
1752 | ole.weidner at protonmail.ch | ||
1753 | |||
1754 | commit e187b1d4607392cf2c19243afe0d0311a4ff3591 | ||
1755 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1756 | Date: Fri Jul 5 04:19:39 2019 +0000 | ||
1757 | |||
1758 | upstream: Add (recently added) rsa_oldfmt to CLEANFILES. | ||
1759 | |||
1760 | OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3 | ||
1761 | |||
1762 | commit 74b541bfabdcb57c1683cd9b3f1d1f4d5e41563e | ||
1763 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1764 | Date: Fri Jul 5 04:12:46 2019 +0000 | ||
1765 | |||
1766 | upstream: Adapt the PuTTY/Conch tests to new key names. | ||
1767 | |||
1768 | A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in | ||
1769 | portable) broke the PuTTY and Twisted Conch interop tests, because the | ||
1770 | key they want to use is now called ssh-rsa rather than rsa. Adapt the | ||
1771 | tests to the new file names. bz#3020, patch from cjwatson at debian.org. | ||
1772 | |||
1773 | OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e | ||
1774 | |||
1775 | commit de08335a4cfaa9b7081e94ea4a8b7153c230546d | ||
1776 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1777 | Date: Fri Jul 5 04:03:13 2019 +0000 | ||
1778 | |||
1779 | upstream: Add a sleep to allow forwards to come up. | ||
1780 | |||
1781 | Currently when the multiplex client requests a forward it returns | ||
1782 | once the request has been sent but not necessarily when the forward | ||
1783 | is up. This causes intermittent text failures due to this race, | ||
1784 | so add some sleeps to mitigate this until we can fix it properly. | ||
1785 | |||
1786 | OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253 | ||
1787 | |||
1788 | commit 4d249284729f864faa2e8f3e015f9a41b674544a | ||
1789 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1790 | Date: Fri Jul 5 14:58:57 2019 +1000 | ||
1791 | |||
1792 | Remove nc stderr redirection to resync w/OpenBSD. | ||
1793 | |||
1794 | commit c5cfa90e03432181ffcc7ad3f9f815179bd0c626 | ||
1795 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1796 | Date: Fri Jul 5 13:21:45 2019 +1000 | ||
1797 | |||
1798 | Do not fatal on failed lookup of group "tty". | ||
1799 | |||
1800 | Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those | ||
1801 | cases we will fall back to making the tty device the user's primary | ||
1802 | group, so do not fatal if the group lookup fails. ok djm@ | ||
1803 | |||
1804 | commit 8b4cc4bdc8a70bf209a274fa2b2a49c1e3c8d8a2 | ||
1805 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1806 | Date: Thu Jul 4 16:20:10 2019 +0000 | ||
1807 | |||
1808 | upstream: fatal() if getgrnam() cannot find "tty" | ||
1809 | |||
1810 | OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048 | ||
1811 | |||
1812 | commit 48cccc275c6a1e91d3f80fdb0dc0d5baf529aeca | ||
1813 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1814 | Date: Thu Jul 4 16:16:51 2019 +0000 | ||
1815 | |||
1816 | upstream: stat() returns precisely -1 to indicate error | ||
1817 | |||
1818 | OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1 | ||
1819 | |||
1820 | commit 8142fcaf9ed8ff66252deecbfd29fc59d5f2df4f | ||
1821 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1822 | Date: Wed Jul 3 03:24:02 2019 +0000 | ||
1823 | |||
1824 | upstream: snprintf/vsnprintf return < 0 on error, rather than -1. | ||
1825 | |||
1826 | OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d | ||
1827 | |||
1828 | commit 4d28fa78abce2890e136281950633fae2066cc29 | ||
1829 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1830 | Date: Fri Jun 28 13:35:04 2019 +0000 | ||
1831 | |||
1832 | upstream: When system calls indicate an error they return -1, not | ||
1833 | |||
1834 | some arbitrary value < 0. errno is only updated in this case. Change all | ||
1835 | (most?) callers of syscalls to follow this better, and let's see if this | ||
1836 | strictness helps us in the future. | ||
1837 | |||
1838 | OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075 | ||
1839 | |||
1840 | commit e8c974043c1648eab0ad67a7ba6a3e444fe79d2d | ||
1841 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1842 | Date: Fri Jun 28 05:44:09 2019 +0000 | ||
1843 | |||
1844 | upstream: asprintf returns -1, not an arbitrary value < 0. Also | ||
1845 | |||
1846 | upon error the (very sloppy specification) leaves an undefined value in *ret, | ||
1847 | so it is wrong to inspect it, the error condition is enough. discussed a | ||
1848 | little with nicm, and then much more with millert until we were exasperated | ||
1849 | |||
1850 | OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e | ||
1851 | |||
1852 | commit 1b2d55d15c6240c15a1e1cf4203b82e54a766272 | ||
1853 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1854 | Date: Fri Jun 28 01:23:50 2019 +0000 | ||
1855 | |||
1856 | upstream: oops, from asou | ||
1857 | |||
1858 | OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6 | ||
1859 | |||
1860 | commit 5cdbaa78fcb718c39af4522d98016ad89d065427 | ||
1861 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
1862 | Date: Thu Jun 27 18:03:37 2019 +0000 | ||
1863 | |||
1864 | upstream: Some asprintf() calls were checked < 0, rather than the | ||
1865 | |||
1866 | precise == -1. ok millert nicm tb, etc | ||
1867 | |||
1868 | OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53 | ||
1869 | |||
1870 | commit b2e3e57be4a933d9464bccbe592573725765486f | ||
1871 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1872 | Date: Thu Jun 27 06:29:35 2019 +0000 | ||
1873 | |||
1874 | upstream: fix NULL deference (bzero) on err | ||
1875 | |||
1876 | =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?= | ||
1877 | =?UTF-8?q?=20Bj=C3=B6rnsson?= | ||
1878 | MIME-Version: 1.0 | ||
1879 | Content-Type: text/plain; charset=UTF-8 | ||
1880 | Content-Transfer-Encoding: 8bit | ||
1881 | |||
1882 | ok deraadt@ markus@ tb@ | ||
1883 | |||
1884 | OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd | ||
1885 | |||
1886 | commit 58ceacdcbaebefc77d120712de55c6fc6aa32bb1 | ||
1887 | Author: Jitendra Sharma <jitendra.sharma@intel.com> | ||
1888 | Date: Fri Jun 21 09:54:17 2019 +0530 | ||
1889 | |||
1890 | Update README doc to include missing test cases | ||
1891 | |||
1892 | Readme regress document is missing various individual tests, | ||
1893 | which are supported currently. Update README to | ||
1894 | include those test cases. | ||
1895 | |||
1896 | commit 7959330a554051b5587f8af3fec0c2c0d5820f64 | ||
1897 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1898 | Date: Wed Jun 26 22:29:43 2019 +0000 | ||
1899 | |||
1900 | upstream: Remove unneeded unlink of xauthfile o | ||
1901 | |||
1902 | =?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?= | ||
1903 | =?UTF-8?q?b,=20ok=20djm@=20deraadt@?= | ||
1904 | MIME-Version: 1.0 | ||
1905 | Content-Type: text/plain; charset=UTF-8 | ||
1906 | Content-Transfer-Encoding: 8bit | ||
1907 | |||
1908 | OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632 | ||
1909 | |||
1910 | commit 8de52eb224143783a49f9bddd9ab7800022a8276 | ||
1911 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1912 | Date: Sun Jun 23 12:21:46 2019 +0000 | ||
1913 | |||
1914 | upstream: fix mismatch proto/decl from key shielding change; spotted | ||
1915 | |||
1916 | via oss-fuzz | ||
1917 | |||
1918 | OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7 | ||
1919 | |||
1920 | commit 1dfadb9b57c2985c95838a0292d1c2f6a501896e | ||
1921 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1922 | Date: Fri Jun 21 04:21:45 2019 +0000 | ||
1923 | |||
1924 | upstream: adapt for key shielding API changes (const removal) | ||
1925 | |||
1926 | OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6 | ||
1927 | |||
1928 | commit 4f7a56d5e02e3d04ab69eac1213817a7536d0562 | ||
1929 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1930 | Date: Fri Jun 21 04:21:04 2019 +0000 | ||
1931 | |||
1932 | upstream: Add protection for private keys at rest in RAM against | ||
1933 | |||
1934 | speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer | ||
1935 | and Rambleed. This change encrypts private keys when they are not in use with | ||
1936 | a symmetic key that is derived from a relatively large "prekey" consisting of | ||
1937 | random data (currently 16KB). | ||
1938 | |||
1939 | Attackers must recover the entire prekey with high accuracy before | ||
1940 | they can attempt to decrypt the shielded private key, but the current | ||
1941 | generation of attacks have bit error rates that, when applied | ||
1942 | cumulatively to the entire prekey, make this unlikely. | ||
1943 | |||
1944 | Implementation-wise, keys are encrypted "shielded" when loaded and then | ||
1945 | automatically and transparently unshielded when used for signatures or | ||
1946 | when being saved/serialised. | ||
1947 | |||
1948 | Hopefully we can remove this in a few years time when computer | ||
1949 | architecture has become less unsafe. | ||
1950 | |||
1951 | been in snaps for a bit already; thanks deraadt@ | ||
1952 | |||
1953 | ok dtucker@ deraadt@ | ||
1954 | |||
1955 | OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4 | ||
1956 | |||
1957 | commit 4cd6b12cc9c10bf59c8b425041f3ea5091285a0f | ||
1958 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1959 | Date: Fri Jun 21 03:19:59 2019 +0000 | ||
1960 | |||
1961 | upstream: print the correct AuthorizedPrincipalsCommand rather than | ||
1962 | |||
1963 | an uninitialised variable; spotted by dtucker@ | ||
1964 | |||
1965 | OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638 | ||
1966 | |||
1967 | commit 5f68ab436b0e01751d564e9a9041e6ac3673e45a | ||
1968 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1969 | Date: Wed Jun 19 20:12:44 2019 +0000 | ||
1970 | |||
1971 | upstream: from tim: - for reput, it is remote-path which is | ||
1972 | |||
1973 | optional, not local-path - sync help | ||
1974 | |||
1975 | from deraadt: | ||
1976 | - prefer -R and undocument -r (but add a comment for future editors) | ||
1977 | |||
1978 | from schwarze: | ||
1979 | - prefer -p and undocument -P (as above. the comment was schwarze's too) | ||
1980 | |||
1981 | more: | ||
1982 | - add the -f flag to reput and reget | ||
1983 | - sort help (i can;t remember who suggested this originally) | ||
1984 | |||
1985 | djm and deraadt were ok with earlier versions of this; | ||
1986 | tim and schwarze ok | ||
1987 | |||
1988 | OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd | ||
1989 | |||
1990 | commit 99bcbbc77fbd5a5027031f42a5931b21b07c947e | ||
1991 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1992 | Date: Fri Jun 14 04:03:48 2019 +0000 | ||
1993 | |||
1994 | upstream: check for convtime() refusing to accept times that | ||
1995 | |||
1996 | resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker | ||
1997 | |||
1998 | OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0 | ||
1999 | |||
2000 | commit e5cccb2410247c9b8151b9510a876abdf5424b24 | ||
2001 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2002 | Date: Sun Apr 28 22:53:26 2019 +0000 | ||
2003 | |||
2004 | upstream: Add unit tests for user@host and URI parsing. | ||
2005 | |||
2006 | OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68 | ||
2007 | |||
2008 | commit 0bb7e38834e3f9886302bbaea630a6b0f8cfb520 | ||
2009 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2010 | Date: Thu Apr 18 18:57:16 2019 +0000 | ||
2011 | |||
2012 | upstream: Add tests for sshd -T -C with Match. | ||
2013 | |||
2014 | OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7 | ||
2015 | |||
2016 | commit 73eb6cef41daba0359c1888e4756108d41b4e819 | ||
2017 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2018 | Date: Sun Jun 16 12:55:27 2019 +1000 | ||
2019 | |||
2020 | Include stdio.h for vsnprintf. | ||
2021 | |||
2022 | Patch from mforney at mforney.org. | ||
2023 | |||
2024 | commit adcaf40fd0a180e6cb5798317fdf479b52e3c09a | ||
2025 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2026 | Date: Sat Jun 8 09:07:04 2019 +1000 | ||
2027 | |||
2028 | upstream rev 1.27: fix integer overflow. | ||
2029 | |||
2030 | Cast bitcount to u_in64_t before bit shifting to prevent integer overflow | ||
2031 | on 32bit platforms which cause incorrect results when adding a block | ||
2032 | >=512M in size. sha1 patch from ante84 at gmail.com via openssh github, | ||
2033 | sha2 with djm@, ok tedu@ | ||
2034 | |||
2035 | commit 7689048e6103d3c34cba24ac5aeea7bf8405d19a | ||
2036 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2037 | Date: Sat Jun 8 09:06:06 2019 +1000 | ||
2038 | |||
2039 | upstream rev 1.25: add DEF_WEAK. | ||
2040 | |||
2041 | Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct | ||
2042 | ok deraadt@ | ||
2043 | |||
2044 | commit 55f3153393ac7e072a4b4b21b194864460d8f44a | ||
2045 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2046 | Date: Sat Jun 8 09:02:24 2019 +1000 | ||
2047 | |||
2048 | upstream rev 1.25: add sys/types.h | ||
2049 | |||
2050 | commit 10974f986fa842a3a3a693e3d5761072540002b4 | ||
2051 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2052 | Date: Sat Jun 8 09:01:14 2019 +1000 | ||
2053 | |||
2054 | upstream: Use explicit_bzero instead of memset | ||
2055 | |||
2056 | in hash Final and End functions. OK deraadt@ djm@ | ||
2057 | |||
2058 | commit cb8f56570f70b00abae4267d4bcce2bfae7dfff6 | ||
2059 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2060 | Date: Fri Jun 14 04:13:58 2019 +0000 | ||
2061 | |||
2062 | upstream: slightly more instructive error message when the user | ||
2063 | |||
2064 | specifies multiple -J options on the commandline. bz3015 ok dtucker@ | ||
2065 | |||
2066 | OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179 | ||
2067 | |||
2068 | commit 2317ce4b0ed7d8c4b0c684e2d47bff5006bd1178 | ||
2069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2070 | Date: Fri Jun 14 03:51:47 2019 +0000 | ||
2071 | |||
2072 | upstream: process agent requests for RSA certificate private keys using | ||
2073 | |||
2074 | correct signature algorithm when requested. Patch from Jakub Jelen in bz3016 | ||
2075 | ok dtucker markus | ||
2076 | |||
2077 | OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624 | ||
2078 | |||
2079 | commit c95b90d40170473825904be561b1eafba354f376 | ||
2080 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2081 | Date: Fri Jun 14 03:39:59 2019 +0000 | ||
2082 | |||
2083 | upstream: for public key authentication, check AuthorizedKeysFiles | ||
2084 | |||
2085 | files before consulting AuthorizedKeysCommand; ok dtucker markus | ||
2086 | |||
2087 | OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3 | ||
2088 | |||
2089 | commit a5a53914989ddd3521b6edc452bc3291784a4f4f | ||
2090 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2091 | Date: Fri Jun 14 03:28:19 2019 +0000 | ||
2092 | |||
2093 | upstream: if passed a bad fd, log what it was | ||
2094 | |||
2095 | OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140 | ||
2096 | |||
2097 | commit 7349149da1074d82b71722338e05b6a282f126cc | ||
2098 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2099 | Date: Wed Jun 12 11:31:50 2019 +0000 | ||
2100 | |||
2101 | upstream: Hostname->HostName cleanup; from lauri tirkkonen ok | ||
2102 | |||
2103 | dtucker | ||
2104 | |||
2105 | OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4 | ||
2106 | |||
2107 | commit 76af9c57387243556d38935555c227d0b34062c5 | ||
2108 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2109 | Date: Wed Jun 12 05:53:21 2019 +0000 | ||
2110 | |||
2111 | upstream: deraadt noticed some inconsistency in the way we denote | ||
2112 | |||
2113 | the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent | ||
2114 | (effectively reversing my commit of yesterday); | ||
2115 | |||
2116 | ok deraadt markus djm | ||
2117 | |||
2118 | OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667 | ||
2119 | |||
2120 | commit d1bbfdd932db9b9b799db865ee1ff50060dfc895 | ||
2121 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2122 | Date: Tue Jun 11 13:39:40 2019 +0000 | ||
2123 | |||
2124 | upstream: consistent lettering for "HostName" keyword; from lauri | ||
2125 | |||
2126 | tirkkonen | ||
2127 | |||
2128 | OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563 | ||
2129 | |||
2130 | commit fc0340f7c4ee29bfb12bd1de9f99defa797e16b4 | ||
2131 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2132 | Date: Sat Jun 8 00:10:59 2019 +1000 | ||
2133 | |||
2134 | Typo fixes in error messages. | ||
2135 | |||
2136 | Patch from knweiss at gmail.com via github pull req #97 (portable- | ||
2137 | specific parts). | ||
2138 | |||
2139 | commit 4b7dd22b02b64b1ededd3c0e98a6e7ae21e31d38 | ||
2140 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2141 | Date: Fri Jun 7 14:18:48 2019 +0000 | ||
2142 | |||
2143 | upstream: Typo and spelling fixes in comments and error messages. | ||
2144 | |||
2145 | Patch from knweiss at gmail.com via -portable. | ||
2146 | |||
2147 | OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b | ||
2148 | |||
2149 | commit 130ef0695e1731392ca33831939fe89e8b70cc17 | ||
2150 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2151 | Date: Sat Jun 8 00:47:07 2019 +1000 | ||
2152 | |||
2153 | Include missed bits from previous sync. | ||
2154 | |||
2155 | commit 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6 | ||
2156 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2157 | Date: Fri Jun 7 03:47:12 2019 +0000 | ||
2158 | |||
2159 | upstream: Check for user@host when parsing sftp target. This | ||
2160 | |||
2161 | allows user@[1.2.3.4] to work without a path in addition to with one. | ||
2162 | bz#2999, ok djm@ | ||
2163 | |||
2164 | OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b | ||
2165 | |||
2166 | commit 0323d9b619d512f80c57575b810a05791891f657 | ||
2167 | Author: otto@openbsd.org <otto@openbsd.org> | ||
2168 | Date: Thu Jun 6 05:13:13 2019 +0000 | ||
2169 | |||
2170 | upstream: Replace calls to ssh_malloc_init() by a static init of | ||
2171 | |||
2172 | malloc_options. Prepares for changes in the way malloc is initialized. ok | ||
2173 | guenther@ dtucker@ | ||
2174 | |||
2175 | OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b | ||
2176 | |||
2177 | commit c586d2d3129265ea64b12960c379d634bccb6535 | ||
2178 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2179 | Date: Fri May 31 03:20:07 2019 +0000 | ||
2180 | |||
2181 | upstream: fix ssh-keysign fd handling problem introduced in r1.304 | ||
2182 | |||
2183 | caused by a typo (STDIN_FILENO vs STDERR_FILENO) | ||
2184 | |||
2185 | OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0 | ||
2186 | |||
2187 | commit 410b231aa41ff830b2f5b09b5aaf5e5cdc1ab86b | ||
2188 | Author: lum@openbsd.org <lum@openbsd.org> | ||
2189 | Date: Wed May 29 08:30:26 2019 +0000 | ||
2190 | |||
2191 | upstream: Make the standard output messages of both methods of | ||
2192 | |||
2193 | changing a key pair's comments (using -c and -C) more applicable to both | ||
2194 | methods. ok and suggestions djm@ dtucker@ | ||
2195 | |||
2196 | OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6 | ||
2197 | |||
2198 | commit 2b3402dc9f1d9b0df70291b424f36e436cdfa7e0 | ||
2199 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2200 | Date: Sat Jun 8 00:03:07 2019 +1000 | ||
2201 | |||
2202 | Always clean up before and after utimensat test. | ||
2203 | |||
2204 | commit 182898192d4b720e4faeafd5b39c2cfb3b92aa21 | ||
2205 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2206 | Date: Fri Jun 7 23:47:37 2019 +1000 | ||
2207 | |||
2208 | Update utimensat test. | ||
2209 | |||
2210 | POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should | ||
2211 | update the symlink and not the destination. The compat code doesn't | ||
2212 | have a way to do this, so where possible it fails instead of following a | ||
2213 | symlink when explicitly asked not to. Instead of checking for an explicit | ||
2214 | failure, check that it does not update the destination, which both the | ||
2215 | real and compat implmentations should honour. | ||
2216 | |||
2217 | Inspired by github pull req #125 from chutzpah at gentoo.org. | ||
2218 | |||
2219 | commit d220b675205185e0b4d6b6524acc2e5c599ef0e2 | ||
2220 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2221 | Date: Fri Jun 7 14:26:54 2019 +1000 | ||
2222 | |||
2223 | Have pthread_create return errno on failure. | ||
2224 | |||
2225 | According to POSIX, pthread_create returns the failure reason in | ||
2226 | the non-zero function return code so make the fork wrapper do that. | ||
2227 | Matches previous change. | ||
2228 | |||
2229 | commit 1bd4f7f25f653e0cadb2e6f25d79bc3c35c6aa4d | ||
2230 | Author: Elliott Hughes <enh@google.com> | ||
2231 | Date: Thu Apr 25 13:36:27 2019 -0700 | ||
2232 | |||
2233 | pthread_create(3) returns positive values on failure. | ||
2234 | |||
2235 | Found by inspection after finding similar bugs in other code used by | ||
2236 | Android. | ||
2237 | |||
2238 | commit b3a77b25e5f7880222b179431a74fad76d2cf60c | ||
2239 | Author: Harald Freudenberger <freude@linux.ibm.com> | ||
2240 | Date: Fri May 24 10:11:15 2019 +0200 | ||
2241 | |||
2242 | allow s390 specific ioctl for ecc hardware support | ||
2243 | |||
2244 | Adding another s390 specific ioctl to be able to support ECC hardware | ||
2245 | acceleration to the sandbox seccomp filter rules. | ||
2246 | |||
2247 | Now the ibmca openssl engine provides elliptic curve cryptography | ||
2248 | support with the help of libica and CCA crypto cards. This is done via | ||
2249 | jet another ioctl call to the zcrypt device driver and so there is a | ||
2250 | need to enable this on the openssl sandbox. | ||
2251 | |||
2252 | Code is s390 specific and has been tested, verified and reviewed. | ||
2253 | |||
2254 | Please note that I am also the originator of the previous changes in | ||
2255 | that area. I posted these changes to Eduardo and he forwarded the | ||
2256 | patches to the openssl community. | ||
2257 | |||
2258 | Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> | ||
2259 | Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com> | ||
2260 | |||
2261 | commit 2459df9aa11820f8092a8651aeb381af7ebbccb1 | ||
2262 | Author: Sorin Adrian Savu <sorin25@users.noreply.github.com> | ||
2263 | Date: Sun May 26 21:50:08 2019 +0300 | ||
2264 | |||
2265 | openssl-devel is obsoleted by libssl-devel | ||
2266 | |||
2267 | openssl-devel is no longer installable via the cygwin setup and | ||
2268 | it's hidden by default, so you can't see the replacement very easy. | ||
2269 | |||
2270 | commit 85ceb0e64bff672558fc87958cd548f135c83cdd | ||
2271 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2272 | Date: Mon May 20 06:01:59 2019 +0000 | ||
2273 | |||
2274 | upstream: tweak previous; | ||
2275 | |||
2276 | OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c | ||
2277 | |||
2278 | commit 30615295609f5c57b3137b3021fe63bfa45c1985 | ||
2279 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2280 | Date: Mon May 20 00:25:55 2019 +0000 | ||
2281 | |||
2282 | upstream: embiggen format buffer size for certificate serial number so | ||
2283 | |||
2284 | that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior | ||
2285 | |||
2286 | OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b | ||
2287 | |||
2288 | commit 476e3551b2952ef73acc43d995e832539bf9bc4d | ||
2289 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2290 | Date: Mon May 20 00:20:35 2019 +0000 | ||
2291 | |||
2292 | upstream: When signing certificates with an RSA key, default to | ||
2293 | |||
2294 | using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys | ||
2295 | will therefore be incompatible with OpenSSH < 7.2 unless the default is | ||
2296 | overridden. | ||
2297 | |||
2298 | Document the ability of the ssh-keygen -t flag to override the | ||
2299 | signature algorithm when signing certificates, and the new default. | ||
2300 | |||
2301 | ok deraadt@ | ||
2302 | |||
2303 | OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95 | ||
2304 | |||
2305 | commit 606077ee1e77af5908431d003fb28461ef7be092 | ||
2306 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2307 | Date: Fri May 17 13:14:12 2019 +1000 | ||
2308 | |||
2309 | Add no-op implementation of pam_putenv. | ||
2310 | |||
2311 | Some platforms such as HP-UX do not have pam_putenv. Currently the | ||
2312 | calls are ifdef'ed out, but a new one was recently added. Remove the | ||
2313 | ifdefs and add a no-op implementation. bz#3008, ok djm. | ||
2314 | |||
2315 | commit 1ac98be8724c9789d770ddb8e7f0dbf1b55e05a0 | ||
2316 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2317 | Date: Fri May 17 12:42:17 2019 +1000 | ||
2318 | |||
2319 | Use the correct macro for SSH_ALLOWED_CA_SIGALGS. | ||
2320 | |||
2321 | commit 97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf | ||
2322 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2323 | Date: Fri May 17 10:54:51 2019 +1000 | ||
2324 | |||
2325 | Fix building w/out ECC. | ||
2326 | |||
2327 | Ifdef out ECC specific code so that that it'll build against an OpenSSL | ||
2328 | configured w/out ECC. With & ok djm@ | ||
2329 | |||
2330 | commit 633703babf8d9a88da85f23b800e1b88dec7cdbd | ||
2331 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2332 | Date: Fri May 17 10:50:29 2019 +1000 | ||
2333 | |||
2334 | Conditionalize ECDH methods in CA algos. | ||
2335 | |||
2336 | When building against an OpenSSL configured without ECC, don't include | ||
2337 | those algos in CASignatureAlgorithms. ok djm@ | ||
2338 | |||
2339 | commit 5c8d14c512f5d413095b22bdba08a6bb990f1e97 | ||
2340 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2341 | Date: Thu May 16 08:47:27 2019 +0000 | ||
2342 | |||
2343 | upstream: Move a variable declaration to the block where it's used | ||
2344 | |||
2345 | to make things a little tidier for -portable. | ||
2346 | |||
2347 | OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75 | ||
2348 | |||
2349 | commit a1d29cc36a5e6eeabc935065a8780e1ba5b67014 | ||
2350 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
2351 | Date: Wed May 15 04:43:31 2019 +0000 | ||
2352 | |||
2353 | upstream: When doing the fork+exec'ing for ssh-keysign, rearrange | ||
2354 | |||
2355 | the socket into fd3, so as to not mistakenly leak other fd forward | ||
2356 | accidentally. ok djm | ||
2357 | |||
2358 | OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296 | ||
2359 | |||
2360 | commit db7606d4a62fee67b0cb2f32dfcbd7b3642bfef5 | ||
2361 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
2362 | Date: Tue May 14 12:47:17 2019 +0000 | ||
2363 | |||
2364 | upstream: Delete some .Sx macros that were used in a wrong way. | ||
2365 | |||
2366 | Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>. | ||
2367 | |||
2368 | OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7 | ||
2369 | |||
2370 | commit cb4accb1233865d9151f8a50cc5f0c61a3fd4077 | ||
2371 | Author: florian@openbsd.org <florian@openbsd.org> | ||
2372 | Date: Fri May 10 18:55:17 2019 +0000 | ||
2373 | |||
2374 | upstream: For PermitOpen violations add the remote host and port to | ||
2375 | |||
2376 | be able to find out from where the request was comming. | ||
2377 | |||
2378 | Add the same logging for PermitListen violations which where not | ||
2379 | logged at all. | ||
2380 | |||
2381 | Pointed out by Robert Kisteleki (robert AT ripe.net) | ||
2382 | |||
2383 | input markus | ||
2384 | OK deraadt | ||
2385 | |||
2386 | OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8 | ||
2387 | |||
2388 | commit cd16aceec148d55088fc8df6be88335578d85258 | ||
2389 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2390 | Date: Thu May 16 07:53:20 2019 +1000 | ||
2391 | |||
2392 | Add OpenSSL 1.1.1 to the supported list. | ||
2393 | |||
2394 | Clarify the language around prngd and egd. | ||
2395 | |||
2396 | commit 6fd4aa2aafbce90acb11a328ca0aa0696cb01c6b | ||
2397 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2398 | Date: Wed May 15 16:19:14 2019 +1000 | ||
2399 | |||
2400 | Fix typo in man page formatter selector. | ||
2401 | |||
2402 | commit 285546b73e2c172565c992a695927ac8cf3b4cc6 | ||
2403 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2404 | Date: Fri May 10 15:04:42 2019 +1000 | ||
2405 | |||
2406 | Use "doc" man page format if mandoc present. | ||
2407 | |||
2408 | Previously configure would not select the "doc" man page format if | ||
2409 | mandoc was present but nroff was not. This checks for mandoc first | ||
2410 | and removes a now-superflous AC_PATH_PROG. Based on a patch from | ||
2411 | vehk at vehk.de and feedback from schwarze at usta.de. | ||
2412 | |||
2413 | commit 62dd70613b77b229f53db3cc1c3e8a206fa2b582 | ||
2414 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2415 | Date: Fri May 3 06:06:30 2019 +0000 | ||
2416 | |||
2417 | upstream: Use the correct (according to POSIX) format for | ||
2418 | |||
2419 | left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok | ||
2420 | markus@. | ||
2421 | |||
2422 | OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7 | ||
2423 | |||
2424 | commit 62be1ffe5ffc68cfaac183320503c00a8c72e0b1 | ||
2425 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2426 | Date: Fri May 3 04:11:00 2019 +0000 | ||
2427 | |||
2428 | upstream: Free channel objects on exit path. Patch from markus at | ||
2429 | |||
2430 | blueflash.cc, ok deraadt | ||
2431 | |||
2432 | OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117 | ||
2433 | |||
2434 | commit 1c554a5d94b9de6bd5374e2992a5662746cc39ba | ||
2435 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2436 | Date: Fri May 3 03:27:38 2019 +0000 | ||
2437 | |||
2438 | upstream: Free host on exit path. Patch from markus at | ||
2439 | |||
2440 | blueflash.cc, ok djm@ | ||
2441 | |||
2442 | OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a | ||
2443 | |||
2444 | commit 99043bd64e5e0f427173f4fa83ef25a4676624a3 | ||
2445 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2446 | Date: Fri May 3 03:25:18 2019 +0000 | ||
2447 | |||
2448 | upstream: Wrap XMSS including in ifdef. Patch from markus at | ||
2449 | |||
2450 | blueflash.cc, ok djm | ||
2451 | |||
2452 | OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5 | ||
2453 | |||
2454 | commit 8fcfb7789c43a19d24162a7a4055cd09ee951b34 | ||
2455 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2456 | Date: Fri Apr 26 08:37:17 2019 +0000 | ||
2457 | |||
2458 | upstream: Import regenerated moduli. | ||
2459 | |||
2460 | OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff | ||
2461 | |||
2462 | commit 3a7db919d5dd09f797971b3cf8ee301767459774 | ||
2463 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2464 | Date: Tue Apr 23 11:56:41 2019 +0000 | ||
2465 | |||
2466 | upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@ | ||
2467 | |||
2468 | OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a | ||
2469 | |||
2470 | commit d7c6e38b87efab1f140745fd8b1106b82e6e4a68 | ||
2471 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2472 | Date: Fri Apr 19 05:47:44 2019 +0000 | ||
2473 | |||
2474 | upstream: Document new default RSA key size. From | ||
2475 | |||
2476 | sebastiaanlokhorst at gmail.com via bz#2997. | ||
2477 | |||
2478 | OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1 | ||
2479 | |||
2480 | commit e826bbcafe26dac349a8593da5569e82faa45ab8 | ||
2481 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2482 | Date: Thu Apr 18 18:56:16 2019 +0000 | ||
2483 | |||
2484 | upstream: When running sshd -T, assume any attibute not provided by | ||
2485 | |||
2486 | -C does not match, which allows it to work when sshd_config contains a Match | ||
2487 | directive with or without -C. bz#2858, ok djm@ | ||
2488 | |||
2489 | OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb | ||
2490 | |||
2491 | commit 5696512d7ad57e85e89f8011ce8dec617be686aa | ||
2492 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2493 | Date: Thu Apr 18 07:32:56 2019 +0000 | ||
2494 | |||
2495 | upstream: Remove crc32.{c,h} which were only used by the now-gone | ||
2496 | |||
2497 | SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt. | ||
2498 | |||
2499 | OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240 | ||
2500 | |||
2501 | commit 34e87fb5d9ce607f5701ab4c31d837ad8133e2d1 | ||
2502 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2503 | Date: Tue Apr 30 12:27:57 2019 +1000 | ||
2504 | |||
2505 | Remove unused variables from RLIMIT_NOFILE test. | ||
2506 | |||
2507 | commit 35e82e62c1ef53cfa457473a4c4d957d6197371a | ||
2508 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2509 | Date: Fri Apr 26 18:38:27 2019 +1000 | ||
2510 | |||
2511 | Import regenerated moduli. | ||
2512 | |||
2513 | commit 5590f53f99219e95dc23b0ebd220f19a6f46b101 | ||
2514 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2515 | Date: Fri Apr 26 18:22:10 2019 +1000 | ||
2516 | |||
2517 | Whitespace resync w/OpenBSD. | ||
2518 | |||
2519 | Patch from markus at blueflash.cc via openssh-unix-dev. | ||
2520 | |||
2521 | commit b7b8334914fb9397a6725f3b5d2de999b0bb69ac | ||
2522 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2523 | Date: Fri Apr 26 18:06:34 2019 +1000 | ||
2524 | |||
2525 | Don't install duplicate STREAMS modules on Solaris | ||
2526 | |||
2527 | Check if STREAMS modules are already installed on pty before installing | ||
2528 | since when compiling with XPG>=4 they will likely be installed already. | ||
2529 | Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998, | ||
2530 | patch from djm@ | ||
2531 | |||
1 | commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d | 2532 | commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d |
2 | Author: Damien Miller <djm@mindrot.org> | 2533 | Author: Damien Miller <djm@mindrot.org> |
3 | Date: Thu Apr 18 08:52:57 2019 +1000 | 2534 | Date: Thu Apr 18 08:52:57 2019 +1000 |
@@ -7937,2406 +10468,3 @@ Date: Thu Oct 5 12:56:50 2017 +0000 | |||
7937 | %C is hashed; from klemens nanni ok markus | 10468 | %C is hashed; from klemens nanni ok markus |
7938 | 10469 | ||
7939 | Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 | 10470 | Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 |
7940 | |||
7941 | commit a66714508b86d6814e9055fefe362d9fe4d49ab3 | ||
7942 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7943 | Date: Wed Oct 4 18:50:23 2017 +0000 | ||
7944 | |||
7945 | upstream commit | ||
7946 | |||
7947 | exercise PermitOpen a little more thoroughly | ||
7948 | |||
7949 | Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac | ||
7950 | |||
7951 | commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6 | ||
7952 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
7953 | Date: Tue Sep 26 22:39:25 2017 +0000 | ||
7954 | |||
7955 | upstream commit | ||
7956 | |||
7957 | UsePrivilegeSeparation is gone, stop trying to test it. | ||
7958 | |||
7959 | Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191 | ||
7960 | |||
7961 | commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b | ||
7962 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7963 | Date: Wed Oct 4 18:49:30 2017 +0000 | ||
7964 | |||
7965 | upstream commit | ||
7966 | |||
7967 | fix (another) problem in PermitOpen introduced during the | ||
7968 | channels.c refactor: the third and subsequent arguments to PermitOpen were | ||
7969 | being silently ignored; ok markus@ | ||
7970 | |||
7971 | Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd | ||
7972 | |||
7973 | commit 66bf74a92131b7effe49fb0eefe5225151869dc5 | ||
7974 | Author: djm@openbsd.org <djm@openbsd.org> | ||
7975 | Date: Mon Oct 2 19:33:20 2017 +0000 | ||
7976 | |||
7977 | upstream commit | ||
7978 | |||
7979 | Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@ | ||
7980 | |||
7981 | Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c | ||
7982 | |||
7983 | commit d63b38160a59039708fd952adc75a0b3da141560 | ||
7984 | Author: Damien Miller <djm@mindrot.org> | ||
7985 | Date: Sun Oct 1 10:32:25 2017 +1100 | ||
7986 | |||
7987 | update URL again | ||
7988 | |||
7989 | I spotted a typo in the draft so uploaded a new version... | ||
7990 | |||
7991 | commit 6f64f596430cd3576c529f07acaaf2800aa17d58 | ||
7992 | Author: Damien Miller <djm@mindrot.org> | ||
7993 | Date: Sun Oct 1 10:01:56 2017 +1100 | ||
7994 | |||
7995 | sync release notes URL | ||
7996 | |||
7997 | commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d | ||
7998 | Author: Damien Miller <djm@mindrot.org> | ||
7999 | Date: Sun Oct 1 10:01:25 2017 +1100 | ||
8000 | |||
8001 | sync contrib/ssh-copy-id with upstream | ||
8002 | |||
8003 | commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66 | ||
8004 | Author: Damien Miller <djm@mindrot.org> | ||
8005 | Date: Sun Oct 1 09:59:19 2017 +1100 | ||
8006 | |||
8007 | update version in RPM spec files | ||
8008 | |||
8009 | commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d | ||
8010 | Author: Damien Miller <djm@mindrot.org> | ||
8011 | Date: Sun Oct 1 09:58:24 2017 +1100 | ||
8012 | |||
8013 | update agent draft URL | ||
8014 | |||
8015 | commit e4a798f001d2ecd8bf025c1d07658079f27cc604 | ||
8016 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8017 | Date: Sat Sep 30 22:26:33 2017 +0000 | ||
8018 | |||
8019 | upstream commit | ||
8020 | |||
8021 | openssh-7.6; ok deraadt@ | ||
8022 | |||
8023 | Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0 | ||
8024 | |||
8025 | commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d | ||
8026 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8027 | Date: Wed Sep 27 06:45:53 2017 +0000 | ||
8028 | |||
8029 | upstream commit | ||
8030 | |||
8031 | tweak EposeAuthinfo; diff from lars nooden | ||
8032 | |||
8033 | tweaked by sthen; ok djm dtucker | ||
8034 | |||
8035 | Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748 | ||
8036 | |||
8037 | commit bba69c246f0331f657fd6ec97724df99fc1ad174 | ||
8038 | Author: Damien Miller <djm@mindrot.org> | ||
8039 | Date: Thu Sep 28 16:06:21 2017 -0700 | ||
8040 | |||
8041 | don't fatal ./configure for LibreSSL | ||
8042 | |||
8043 | commit 04dc070e8b4507d9d829f910b29be7e3b2414913 | ||
8044 | Author: Damien Miller <djm@mindrot.org> | ||
8045 | Date: Thu Sep 28 14:54:34 2017 -0700 | ||
8046 | |||
8047 | abort in configure when only openssl-1.1.x found | ||
8048 | |||
8049 | We don't support openssl-1.1.x yet (see multiple threads on the | ||
8050 | openssh-unix-dev@ mailing list for the reason), but previously | ||
8051 | ./configure would accept it and the compilation would subsequently | ||
8052 | fail. This makes ./configure display an explicit error message and | ||
8053 | abort. | ||
8054 | |||
8055 | ok dtucker@ | ||
8056 | |||
8057 | commit 74c1c3660acf996d9dc329e819179418dc115f2c | ||
8058 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8059 | Date: Wed Sep 27 07:44:41 2017 +1000 | ||
8060 | |||
8061 | Check for and handle calloc(p, 0) = NULL. | ||
8062 | |||
8063 | On some platforms (AIX, maybe others) allocating zero bytes of memory | ||
8064 | via the various *alloc functions returns NULL, which is permitted | ||
8065 | by the standards. Autoconf has some macros for detecting this (with | ||
8066 | the exception of calloc for some reason) so use these and if necessary | ||
8067 | activate shims for them. ok djm@ | ||
8068 | |||
8069 | commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5 | ||
8070 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8071 | Date: Thu Sep 21 19:18:12 2017 +0000 | ||
8072 | |||
8073 | upstream commit | ||
8074 | |||
8075 | test reverse dynamic forwarding with SOCKS | ||
8076 | |||
8077 | Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79 | ||
8078 | |||
8079 | commit 1b9f321605733754df60fac8c1d3283c89b74455 | ||
8080 | Author: Damien Miller <djm@mindrot.org> | ||
8081 | Date: Tue Sep 26 16:55:55 2017 +1000 | ||
8082 | |||
8083 | sync missing changes in dynamic-forward.sh | ||
8084 | |||
8085 | commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb | ||
8086 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8087 | Date: Mon Sep 25 09:48:10 2017 +1000 | ||
8088 | |||
8089 | Add minimal strsignal for platforms without it. | ||
8090 | |||
8091 | commit 218e6f98df566fb9bd363f6aa47018cb65ede196 | ||
8092 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8093 | Date: Sun Sep 24 13:45:34 2017 +0000 | ||
8094 | |||
8095 | upstream commit | ||
8096 | |||
8097 | fix inverted test on channel open failure path that | ||
8098 | "upgraded" a transient failure into a fatal error; reported by sthen and also | ||
8099 | seen by benno@; ok sthen@ | ||
8100 | |||
8101 | Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472 | ||
8102 | |||
8103 | commit c704f641f7b8777497dc82e81f2ac89afec7e401 | ||
8104 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8105 | Date: Sun Sep 24 09:50:01 2017 +0000 | ||
8106 | |||
8107 | upstream commit | ||
8108 | |||
8109 | write the correct buffer when tunnel forwarding; doesn't | ||
8110 | matter on OpenBSD (they are the same) but does matter on portable where we | ||
8111 | use an output filter to translate os-specific tun/tap headers | ||
8112 | |||
8113 | Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284 | ||
8114 | |||
8115 | commit 55486f5cef117354f0c64f991895835077b7c7f7 | ||
8116 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8117 | Date: Sat Sep 23 22:04:07 2017 +0000 | ||
8118 | |||
8119 | upstream commit | ||
8120 | |||
8121 | fix tunnel forwarding problem introduced in refactor; | ||
8122 | reported by stsp@ ok markus@ | ||
8123 | |||
8124 | Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04 | ||
8125 | |||
8126 | commit 609d7a66ce578abf259da2d5f6f68795c2bda731 | ||
8127 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8128 | Date: Thu Sep 21 19:16:53 2017 +0000 | ||
8129 | |||
8130 | upstream commit | ||
8131 | |||
8132 | Add 'reverse' dynamic forwarding which combines dynamic | ||
8133 | forwarding (-D) with remote forwarding (-R) where the remote-forwarded port | ||
8134 | expects SOCKS-requests. | ||
8135 | |||
8136 | The SSH server code is unchanged and the parsing happens at the SSH | ||
8137 | clients side. Thus the full SOCKS-request is sent over the forwarded | ||
8138 | channel and the client parses c->output. Parsing happens in | ||
8139 | channel_before_prepare_select(), _before_ the select bitmask is | ||
8140 | computed in the pre[] handlers, but after network input processing | ||
8141 | in the post[] handlers. | ||
8142 | |||
8143 | help and ok djm@ | ||
8144 | |||
8145 | Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89 | ||
8146 | |||
8147 | commit 36945fa103176c00b39731e1fc1919a0d0808b81 | ||
8148 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8149 | Date: Wed Sep 20 05:19:00 2017 +0000 | ||
8150 | |||
8151 | upstream commit | ||
8152 | |||
8153 | Use strsignal in debug message instead of casting for the | ||
8154 | benefit of portable where sig_atomic_t might not be int. "much nicer" | ||
8155 | deraadt@ | ||
8156 | |||
8157 | Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79 | ||
8158 | |||
8159 | commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e | ||
8160 | Author: millert@openbsd.org <millert@openbsd.org> | ||
8161 | Date: Tue Sep 19 12:10:30 2017 +0000 | ||
8162 | |||
8163 | upstream commit | ||
8164 | |||
8165 | Use explicit_bzero() instead of bzero() before free() to | ||
8166 | prevent the compiler from optimizing away the bzero() call. OK djm@ | ||
8167 | |||
8168 | Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d | ||
8169 | |||
8170 | commit 5b8da1f53854c0923ec6e927e86709e4d72737b6 | ||
8171 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8172 | Date: Tue Sep 19 04:24:22 2017 +0000 | ||
8173 | |||
8174 | upstream commit | ||
8175 | |||
8176 | fix use-after-free in ~^Z escape handler path, introduced | ||
8177 | in channels.c refactor; spotted by millert@ "makes sense" deraadt@ | ||
8178 | |||
8179 | Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22 | ||
8180 | |||
8181 | commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e | ||
8182 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8183 | Date: Mon Sep 18 12:03:24 2017 +0000 | ||
8184 | |||
8185 | upstream commit | ||
8186 | |||
8187 | Prevent type mismatch warning in debug on platforms where | ||
8188 | sig_atomic_t != int. ok djm@ | ||
8189 | |||
8190 | Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed | ||
8191 | |||
8192 | commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc | ||
8193 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8194 | Date: Mon Sep 18 09:41:52 2017 +0000 | ||
8195 | |||
8196 | upstream commit | ||
8197 | |||
8198 | Add braces missing after channels refactor. ok markus@ | ||
8199 | |||
8200 | Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980 | ||
8201 | |||
8202 | commit b79569190b9b76dfacc6d996faa482f16e8fc026 | ||
8203 | Author: Damien Miller <djm@mindrot.org> | ||
8204 | Date: Tue Sep 19 12:29:23 2017 +1000 | ||
8205 | |||
8206 | add freezero(3) replacement | ||
8207 | |||
8208 | ok dtucker@ | ||
8209 | |||
8210 | commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e | ||
8211 | Author: Damien Miller <djm@mindrot.org> | ||
8212 | Date: Tue Sep 19 10:18:56 2017 +1000 | ||
8213 | |||
8214 | move FORTIFY_SOURCE into hardening options group | ||
8215 | |||
8216 | It's still on by default, but now it's possible to turn it off using | ||
8217 | --without-hardening. This is useful since it's known to cause problems | ||
8218 | with some -fsanitize options. ok dtucker@ | ||
8219 | |||
8220 | commit 09eacf856e0fe1a6e3fe597ec8032b7046292914 | ||
8221 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
8222 | Date: Wed Sep 13 14:58:26 2017 +0000 | ||
8223 | |||
8224 | upstream commit | ||
8225 | |||
8226 | Print SKIPPED if sudo and doas configuration is missing. | ||
8227 | Prevents that running the regression test with wrong environment is reported | ||
8228 | as failure. Keep the fatal there to avoid interfering with other setups for | ||
8229 | portable ssh. OK dtucker@ | ||
8230 | |||
8231 | Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e | ||
8232 | |||
8233 | commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a | ||
8234 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8235 | Date: Mon Aug 7 03:52:55 2017 +0000 | ||
8236 | |||
8237 | upstream commit | ||
8238 | |||
8239 | Remove obsolete privsep=no fallback test. | ||
8240 | |||
8241 | Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df | ||
8242 | |||
8243 | commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8 | ||
8244 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8245 | Date: Mon Aug 7 00:53:51 2017 +0000 | ||
8246 | |||
8247 | upstream commit | ||
8248 | |||
8249 | Remove non-privsep test since disabling privsep is now | ||
8250 | deprecated. | ||
8251 | |||
8252 | Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8 | ||
8253 | |||
8254 | commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e | ||
8255 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8256 | Date: Fri Jul 28 10:32:08 2017 +0000 | ||
8257 | |||
8258 | upstream commit | ||
8259 | |||
8260 | Don't call fatal from stop_sshd since it calls cleanup | ||
8261 | which calls stop_sshd which will probably fail in the same way. Instead, | ||
8262 | just bail. Differentiate between sshd dying without cleanup and not shutting | ||
8263 | down. | ||
8264 | |||
8265 | Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4 | ||
8266 | |||
8267 | commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba | ||
8268 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8269 | Date: Thu Sep 14 04:32:21 2017 +0000 | ||
8270 | |||
8271 | upstream commit | ||
8272 | |||
8273 | Revert commitid: gJtIN6rRTS3CHy9b. | ||
8274 | |||
8275 | ------------- | ||
8276 | identify the case where SSHFP records are missing but other DNS RR | ||
8277 | types are present and display a more useful error message for this | ||
8278 | case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ | ||
8279 | ------------- | ||
8280 | |||
8281 | This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results | ||
8282 | are missing but the user already has the key in known_hosts | ||
8283 | |||
8284 | Spotted by dtucker@ | ||
8285 | |||
8286 | Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920 | ||
8287 | |||
8288 | commit 871f1e4374420b07550041b329627c474abc3010 | ||
8289 | Author: Damien Miller <djm@mindrot.org> | ||
8290 | Date: Tue Sep 12 18:01:35 2017 +1000 | ||
8291 | |||
8292 | adapt portable to channels API changes | ||
8293 | |||
8294 | commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb | ||
8295 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8296 | Date: Tue Sep 12 07:55:48 2017 +0000 | ||
8297 | |||
8298 | upstream commit | ||
8299 | |||
8300 | unused variable | ||
8301 | |||
8302 | Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1 | ||
8303 | |||
8304 | commit 9145a73ce2ba30c82bbf91d7205bfd112529449f | ||
8305 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8306 | Date: Tue Sep 12 07:32:04 2017 +0000 | ||
8307 | |||
8308 | upstream commit | ||
8309 | |||
8310 | fix tun/tap forwarding case in previous | ||
8311 | |||
8312 | Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53 | ||
8313 | |||
8314 | commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e | ||
8315 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8316 | Date: Tue Sep 12 06:35:31 2017 +0000 | ||
8317 | |||
8318 | upstream commit | ||
8319 | |||
8320 | Make remote channel ID a u_int | ||
8321 | |||
8322 | Previously we tracked the remote channel IDs in an int, but this is | ||
8323 | strictly incorrect: the wire protocol uses uint32 and there is nothing | ||
8324 | in-principle stopping a SSH implementation from sending, say, 0xffff0000. | ||
8325 | |||
8326 | In practice everyone numbers their channels sequentially, so this has | ||
8327 | never been a problem. | ||
8328 | |||
8329 | ok markus@ | ||
8330 | |||
8331 | Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73 | ||
8332 | |||
8333 | commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16 | ||
8334 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8335 | Date: Tue Sep 12 06:32:07 2017 +0000 | ||
8336 | |||
8337 | upstream commit | ||
8338 | |||
8339 | refactor channels.c | ||
8340 | |||
8341 | Move static state to a "struct ssh_channels" that is allocated at | ||
8342 | runtime and tracked as a member of struct ssh. | ||
8343 | |||
8344 | Explicitly pass "struct ssh" to all channels functions. | ||
8345 | |||
8346 | Replace use of the legacy packet APIs in channels.c. | ||
8347 | |||
8348 | Rework sshd_config PermitOpen handling: previously the configuration | ||
8349 | parser would call directly into the channels layer. After the refactor | ||
8350 | this is not possible, as the channels structures are allocated at | ||
8351 | connection time and aren't available when the configuration is parsed. | ||
8352 | The server config parser now tracks PermitOpen itself and explicitly | ||
8353 | configures the channels code later. | ||
8354 | |||
8355 | ok markus@ | ||
8356 | |||
8357 | Upstream-ID: 11828f161656b965cc306576422613614bea2d8f | ||
8358 | |||
8359 | commit abd59663df37a42152e37980113ccaa405b9a282 | ||
8360 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8361 | Date: Thu Sep 7 23:48:09 2017 +0000 | ||
8362 | |||
8363 | upstream commit | ||
8364 | |||
8365 | typo in comment | ||
8366 | |||
8367 | Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47 | ||
8368 | |||
8369 | commit 149a8cd24ce9dd47c36f571738681df5f31a326c | ||
8370 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8371 | Date: Mon Sep 4 06:34:43 2017 +0000 | ||
8372 | |||
8373 | upstream commit | ||
8374 | |||
8375 | tweak previous; | ||
8376 | |||
8377 | Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b | ||
8378 | |||
8379 | commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8 | ||
8380 | Author: Damien Miller <djm@mindrot.org> | ||
8381 | Date: Fri Sep 8 12:44:13 2017 +1000 | ||
8382 | |||
8383 | Fuzzer harnesses for sig verify and pubkey parsing | ||
8384 | |||
8385 | These are some basic clang libfuzzer harnesses for signature | ||
8386 | verification and public key parsing. Some assembly (metaphorical) | ||
8387 | required. | ||
8388 | |||
8389 | commit de35c382894964a896a63ecd5607d3a3b93af75d | ||
8390 | Author: Damien Miller <djm@mindrot.org> | ||
8391 | Date: Fri Sep 8 12:38:31 2017 +1000 | ||
8392 | |||
8393 | Give configure ability to set CFLAGS/LDFLAGS later | ||
8394 | |||
8395 | Some CFLAGS/LDFLAGS may disrupt the configure script's operation, | ||
8396 | in particular santization and fuzzer options that break assumptions | ||
8397 | about memory and file descriptor dispositions. | ||
8398 | |||
8399 | This adds two flags to configure --with-cflags-after and | ||
8400 | --with-ldflags-after that allow specifying additional compiler and | ||
8401 | linker options that are added to the resultant Makefiles but not | ||
8402 | used in the configure run itself. | ||
8403 | |||
8404 | E.g. | ||
8405 | |||
8406 | env CC=clang-3.9 ./configure \ | ||
8407 | --with-cflags-after=-fsantize=address \ | ||
8408 | --with-ldflags-after="-g -fsanitize=address" | ||
8409 | |||
8410 | commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7 | ||
8411 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8412 | Date: Sun Sep 3 23:33:13 2017 +0000 | ||
8413 | |||
8414 | upstream commit | ||
8415 | |||
8416 | Expand ssh_config's StrictModes option with two new | ||
8417 | settings: | ||
8418 | |||
8419 | StrictModes=accept-new will automatically accept hitherto-unseen keys | ||
8420 | but will refuse connections for changed or invalid hostkeys. | ||
8421 | |||
8422 | StrictModes=off is the same as StrictModes=no | ||
8423 | |||
8424 | Motivation: | ||
8425 | |||
8426 | StrictModes=no combines two behaviours for host key processing: | ||
8427 | automatically learning new hostkeys and continuing to connect to hosts | ||
8428 | with invalid/changed hostkeys. The latter behaviour is quite dangerous | ||
8429 | since it removes most of the protections the SSH protocol is supposed to | ||
8430 | provide. | ||
8431 | |||
8432 | Quite a few users want to automatically learn hostkeys however, so | ||
8433 | this makes that feature available with less danger. | ||
8434 | |||
8435 | At some point in the future, StrictModes=no will change to be a synonym | ||
8436 | for accept-new, with its current behaviour remaining available via | ||
8437 | StrictModes=off. | ||
8438 | |||
8439 | bz#2400, suggested by Michael Samuel; ok markus | ||
8440 | |||
8441 | Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64 | ||
8442 | |||
8443 | commit ff3c42384033514e248ba5d7376aa033f4a2b99a | ||
8444 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8445 | Date: Fri Sep 1 15:41:26 2017 +0000 | ||
8446 | |||
8447 | upstream commit | ||
8448 | |||
8449 | remove blank line; | ||
8450 | |||
8451 | Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423 | ||
8452 | |||
8453 | commit b828605d51f57851316d7ba402b4ae06cf37c55d | ||
8454 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8455 | Date: Fri Sep 1 05:53:56 2017 +0000 | ||
8456 | |||
8457 | upstream commit | ||
8458 | |||
8459 | identify the case where SSHFP records are missing but | ||
8460 | other DNS RR types are present and display a more useful error message for | ||
8461 | this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@ | ||
8462 | |||
8463 | Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244 | ||
8464 | |||
8465 | commit 8042bad97e2789a50e8f742c3bcd665ebf0add32 | ||
8466 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8467 | Date: Fri Sep 1 05:50:48 2017 +0000 | ||
8468 | |||
8469 | upstream commit | ||
8470 | |||
8471 | document available AuthenticationMethods; bz#2453 ok | ||
8472 | dtucker@ | ||
8473 | |||
8474 | Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0 | ||
8475 | |||
8476 | commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58 | ||
8477 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8478 | Date: Wed Aug 30 03:59:08 2017 +0000 | ||
8479 | |||
8480 | upstream commit | ||
8481 | |||
8482 | pass packet state down to some of the channels function | ||
8483 | (more to come...); ok markus@ | ||
8484 | |||
8485 | Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b | ||
8486 | |||
8487 | commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5 | ||
8488 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8489 | Date: Tue Aug 29 13:05:58 2017 +0000 | ||
8490 | |||
8491 | upstream commit | ||
8492 | |||
8493 | sort options; | ||
8494 | |||
8495 | Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c | ||
8496 | |||
8497 | commit 530591a5795a02d01c78877d58604723918aac87 | ||
8498 | Author: dlg@openbsd.org <dlg@openbsd.org> | ||
8499 | Date: Tue Aug 29 09:42:29 2017 +0000 | ||
8500 | |||
8501 | upstream commit | ||
8502 | |||
8503 | add a -q option to ssh-add to make it quiet on success. | ||
8504 | |||
8505 | if you want to silence ssh-add without this you generally redirect | ||
8506 | the output to /dev/null, but that can hide error output which you | ||
8507 | should see. | ||
8508 | |||
8509 | ok djm@ | ||
8510 | |||
8511 | Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c | ||
8512 | |||
8513 | commit a54eb27dd64b5eca3ba94e15cec3535124bd5029 | ||
8514 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8515 | Date: Sun Aug 27 00:38:41 2017 +0000 | ||
8516 | |||
8517 | upstream commit | ||
8518 | |||
8519 | Increase the buffer sizes for user prompts to ensure that | ||
8520 | they won't be truncated by snprintf. Based on patch from cjwatson at | ||
8521 | debian.org via bz#2768, ok djm@ | ||
8522 | |||
8523 | Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e | ||
8524 | |||
8525 | commit dd9d9b3381a4597b840d480b043823112039327e | ||
8526 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8527 | Date: Mon Aug 28 16:48:27 2017 +1000 | ||
8528 | |||
8529 | Switch Capsicum header to sys/capsicum.h. | ||
8530 | |||
8531 | FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to | ||
8532 | avoid future conflicts with POSIX capabilities (the last release that | ||
8533 | didn't have it was 9.3) so switch to that. Patch from des at des.no. | ||
8534 | |||
8535 | commit f5e917ab105af5dd6429348d9bc463e52b263f92 | ||
8536 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8537 | Date: Sun Aug 27 08:55:40 2017 +1000 | ||
8538 | |||
8539 | Add missing includes for bsd-err.c. | ||
8540 | |||
8541 | Patch from cjwatson at debian.org via bz#2767. | ||
8542 | |||
8543 | commit 878e029797cfc9754771d6f6ea17f8c89e11d225 | ||
8544 | Author: Damien Miller <djm@mindrot.org> | ||
8545 | Date: Fri Aug 25 13:25:01 2017 +1000 | ||
8546 | |||
8547 | Split platform_sys_dir_uid into its own file | ||
8548 | |||
8549 | platform.o is too heavy for libssh.a use; it calls into the server on | ||
8550 | many platforms. Move just the function needed by misc.c into its own | ||
8551 | file. | ||
8552 | |||
8553 | commit 07949bfe9133234eddd01715592aa0dde67745f0 | ||
8554 | Author: Damien Miller <djm@mindrot.org> | ||
8555 | Date: Wed Aug 23 20:13:18 2017 +1000 | ||
8556 | |||
8557 | misc.c needs functions from platform.c now | ||
8558 | |||
8559 | commit b074c3c3f820000a21953441cea7699c4b17d72f | ||
8560 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8561 | Date: Fri Aug 18 05:48:04 2017 +0000 | ||
8562 | |||
8563 | upstream commit | ||
8564 | |||
8565 | add a "quiet" flag to exited_cleanly() that supresses | ||
8566 | errors about exit status (failure due to signal is still reported) | ||
8567 | |||
8568 | Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0 | ||
8569 | |||
8570 | commit de4ae07f12dabf8815ecede54235fce5d22e3f63 | ||
8571 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8572 | Date: Fri Aug 18 05:36:45 2017 +0000 | ||
8573 | |||
8574 | upstream commit | ||
8575 | |||
8576 | Move several subprocess-related functions from various | ||
8577 | locations to misc.c. Extend subprocess() to offer a little more control over | ||
8578 | stdio disposition. | ||
8579 | |||
8580 | feedback & ok dtucker@ | ||
8581 | |||
8582 | Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049 | ||
8583 | |||
8584 | commit 643c2ad82910691b2240551ea8b14472f60b5078 | ||
8585 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8586 | Date: Sat Aug 12 06:46:01 2017 +0000 | ||
8587 | |||
8588 | upstream commit | ||
8589 | |||
8590 | make "--" before the hostname terminate command-line | ||
8591 | option processing completely; previous behaviour would not prevent further | ||
8592 | options appearing after the hostname (ssh has a supported options after the | ||
8593 | hostname for >20 years, so that's too late to change). | ||
8594 | |||
8595 | ok deraadt@ | ||
8596 | |||
8597 | Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89 | ||
8598 | |||
8599 | commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2 | ||
8600 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8601 | Date: Sat Aug 12 06:42:52 2017 +0000 | ||
8602 | |||
8603 | upstream commit | ||
8604 | |||
8605 | Switch from aes256-cbc to aes256-ctr for encrypting | ||
8606 | new-style private keys. The latter having the advantage of being supported | ||
8607 | for no-OpenSSL builds; bz#2754 ok markus@ | ||
8608 | |||
8609 | Upstream-ID: 54179a2afd28f93470471030567ac40431e56909 | ||
8610 | |||
8611 | commit c4972d0a9bd6f898462906b4827e09b7caea2d9b | ||
8612 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8613 | Date: Fri Aug 11 04:47:12 2017 +0000 | ||
8614 | |||
8615 | upstream commit | ||
8616 | |||
8617 | refuse to a private keys when its corresponding .pub key | ||
8618 | does not match. bz#2737 ok dtucker@ | ||
8619 | |||
8620 | Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913 | ||
8621 | |||
8622 | commit 4b3ecbb663c919132dddb3758e17a23089413519 | ||
8623 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8624 | Date: Fri Aug 11 04:41:08 2017 +0000 | ||
8625 | |||
8626 | upstream commit | ||
8627 | |||
8628 | don't print verbose error message when ssh disconnects | ||
8629 | under sftp; bz#2750; ok dtucker@ | ||
8630 | |||
8631 | Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370 | ||
8632 | |||
8633 | commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34 | ||
8634 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8635 | Date: Fri Aug 11 04:16:35 2017 +0000 | ||
8636 | |||
8637 | upstream commit | ||
8638 | |||
8639 | Tweak previous keepalive commit: if last_time + keepalive | ||
8640 | <= now instead of just "<" so client_alive_check will fire if the select | ||
8641 | happens to return on exact second of the timeout. ok djm@ | ||
8642 | |||
8643 | Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc | ||
8644 | |||
8645 | commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a | ||
8646 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8647 | Date: Fri Aug 11 03:58:36 2017 +0000 | ||
8648 | |||
8649 | upstream commit | ||
8650 | |||
8651 | Keep track of the last time we actually heard from the | ||
8652 | client and use this to also schedule a client_alive_check(). Prevents | ||
8653 | activity on a forwarded port from indefinitely preventing the select timeout | ||
8654 | so that client_alive_check() will eventually (although not optimally) be | ||
8655 | called. | ||
8656 | |||
8657 | Analysis by willchan at google com via bz#2756, feedback & ok djm@ | ||
8658 | |||
8659 | Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e | ||
8660 | |||
8661 | commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f | ||
8662 | Author: Damien Miller <djm@mindrot.org> | ||
8663 | Date: Fri Jul 28 14:50:59 2017 +1000 | ||
8664 | |||
8665 | Expose list of completed auth methods to PAM | ||
8666 | |||
8667 | bz#2408; ok dtucker@ | ||
8668 | |||
8669 | commit c78e6eec78c88acf8d51db90ae05a3e39458603d | ||
8670 | Author: Damien Miller <djm@mindrot.org> | ||
8671 | Date: Fri Jul 21 14:38:16 2017 +1000 | ||
8672 | |||
8673 | fix problems in tunnel forwarding portability code | ||
8674 | |||
8675 | This fixes a few problems in the tun forwarding code, mostly to do | ||
8676 | with host/network byte order confusion. | ||
8677 | |||
8678 | Based on a report and patch by stepe AT centaurus.uberspace.de; | ||
8679 | bz#2735; ok dtucker@ | ||
8680 | |||
8681 | commit 2985d4062ebf4204bbd373456a810d558698f9f5 | ||
8682 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8683 | Date: Tue Jul 25 09:22:25 2017 +0000 | ||
8684 | |||
8685 | upstream commit | ||
8686 | |||
8687 | Make WinSCP patterns for SSH_OLD_DHGEX more specific to | ||
8688 | exclude WinSCP 5.10.x and up. bz#2748, from martin at winscp.net, ok djm@ | ||
8689 | |||
8690 | Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a | ||
8691 | |||
8692 | commit 9f0e44e1a0439ff4646495d5735baa61138930a9 | ||
8693 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8694 | Date: Mon Jul 24 04:34:28 2017 +0000 | ||
8695 | |||
8696 | upstream commit | ||
8697 | |||
8698 | g/c unused variable; make a little more portable | ||
8699 | |||
8700 | Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea | ||
8701 | |||
8702 | commit 51676ec61491ec6d7cbd06082034e29b377b3bf6 | ||
8703 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8704 | Date: Sun Jul 23 23:37:02 2017 +0000 | ||
8705 | |||
8706 | upstream commit | ||
8707 | |||
8708 | Allow IPQoS=none in ssh/sshd to not set an explicit | ||
8709 | ToS/DSCP value and just use the operating system default; ok dtucker@ | ||
8710 | |||
8711 | Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e | ||
8712 | |||
8713 | commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d | ||
8714 | Author: Damien Miller <djm@mindrot.org> | ||
8715 | Date: Fri Jul 21 14:24:26 2017 +1000 | ||
8716 | |||
8717 | mention libedit | ||
8718 | |||
8719 | commit dc2bd308768386b02c7337120203ca477e67ba62 | ||
8720 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8721 | Date: Wed Jul 19 08:30:41 2017 +0000 | ||
8722 | |||
8723 | upstream commit | ||
8724 | |||
8725 | fix support for unknown key types; ok djm@ | ||
8726 | |||
8727 | Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48 | ||
8728 | |||
8729 | commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9 | ||
8730 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8731 | Date: Wed Jul 19 01:15:02 2017 +0000 | ||
8732 | |||
8733 | upstream commit | ||
8734 | |||
8735 | switch from select() to poll() for the ssh-agent | ||
8736 | mainloop; ok markus | ||
8737 | |||
8738 | Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448 | ||
8739 | |||
8740 | commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3 | ||
8741 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8742 | Date: Fri Jul 14 03:18:21 2017 +0000 | ||
8743 | |||
8744 | upstream commit | ||
8745 | |||
8746 | Make ""Killed by signal 1" LogLevel verbose so it's not | ||
8747 | shown at the default level. Prevents it from appearing during ssh -J and | ||
8748 | equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@ | ||
8749 | |||
8750 | Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28 | ||
8751 | |||
8752 | commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498 | ||
8753 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8754 | Date: Thu Jul 13 19:16:33 2017 +0000 | ||
8755 | |||
8756 | upstream commit | ||
8757 | |||
8758 | man pages with pseudo synopses which list filenames end | ||
8759 | up creating very ugly output in man -k; after some discussion with ingo, we | ||
8760 | feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly | ||
8761 | helpful at page top, is contained already in FILES, and there are | ||
8762 | sufficiently few that just zapping them is simple; | ||
8763 | |||
8764 | ok schwarze, who also helpfully ran things through a build to check | ||
8765 | output; | ||
8766 | |||
8767 | Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c | ||
8768 | |||
8769 | commit 7f13a4827fb28957161de4249bd6d71954f1f2ed | ||
8770 | Author: espie@openbsd.org <espie@openbsd.org> | ||
8771 | Date: Mon Jul 10 14:09:59 2017 +0000 | ||
8772 | |||
8773 | upstream commit | ||
8774 | |||
8775 | zap redundant Makefile variables. okay djm@ | ||
8776 | |||
8777 | Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604 | ||
8778 | |||
8779 | commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0 | ||
8780 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8781 | Date: Sat Jul 8 18:32:54 2017 +0000 | ||
8782 | |||
8783 | upstream commit | ||
8784 | |||
8785 | slightly rework previous, to avoid an article issue; | ||
8786 | |||
8787 | Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30 | ||
8788 | |||
8789 | commit 853edbe057a84ebd0024c8003e4da21bf2b469f7 | ||
8790 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8791 | Date: Fri Jul 7 03:53:12 2017 +0000 | ||
8792 | |||
8793 | upstream commit | ||
8794 | |||
8795 | When generating all hostkeys (ssh-keygen -A), clobber | ||
8796 | existing keys if they exist but are zero length. zero-length keys could | ||
8797 | previously be made if ssh-keygen failed part way through generating them, so | ||
8798 | avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ | ||
8799 | |||
8800 | Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044 | ||
8801 | |||
8802 | commit 43616876ba68a2ffaece6a6c792def4b039f2d6e | ||
8803 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8804 | Date: Sat Jul 1 22:55:44 2017 +0000 | ||
8805 | |||
8806 | upstream commit | ||
8807 | |||
8808 | actually remove these files | ||
8809 | |||
8810 | Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac | ||
8811 | |||
8812 | commit 83fa3a044891887369ce8b487ce88d713a04df48 | ||
8813 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8814 | Date: Sat Jul 1 13:50:45 2017 +0000 | ||
8815 | |||
8816 | upstream commit | ||
8817 | |||
8818 | remove post-SSHv1 removal dead code from rsa.c and merge | ||
8819 | the remaining bit that it still used into ssh-rsa.c; ok markus | ||
8820 | |||
8821 | Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f | ||
8822 | |||
8823 | commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0 | ||
8824 | Author: Damien Miller <djm@mindrot.org> | ||
8825 | Date: Fri Jul 14 14:26:36 2017 +1000 | ||
8826 | |||
8827 | make explicit_bzero/memset safe for sz=0 | ||
8828 | |||
8829 | commit 8433d51e067e0829f5521c0c646b6fd3fe17e732 | ||
8830 | Author: Tim Rice <tim@multitalents.net> | ||
8831 | Date: Tue Jul 11 18:47:56 2017 -0700 | ||
8832 | |||
8833 | modified: configure.ac | ||
8834 | UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris | ||
8835 | Analysis by Robbie Zhang | ||
8836 | |||
8837 | commit ff3507aea9c7d30cd098e7801e156c68faff7cc7 | ||
8838 | Author: Damien Miller <djm@mindrot.org> | ||
8839 | Date: Fri Jul 7 11:21:27 2017 +1000 | ||
8840 | |||
8841 | typo | ||
8842 | |||
8843 | commit d79bceb9311a9c137d268f5bc481705db4151810 | ||
8844 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8845 | Date: Fri Jun 30 04:17:23 2017 +0000 | ||
8846 | |||
8847 | upstream commit | ||
8848 | |||
8849 | Only call close once in confree(). ssh_packet_close will | ||
8850 | close the FD so only explicitly close non-SSH channels. bz#2734, from | ||
8851 | bagajjal at microsoft.com, ok djm@ | ||
8852 | |||
8853 | Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02 | ||
8854 | |||
8855 | commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075 | ||
8856 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8857 | Date: Thu Jun 29 15:40:25 2017 +1000 | ||
8858 | |||
8859 | Update link for my patches. | ||
8860 | |||
8861 | commit a98339edbc1fc21342a390f345179a9c3031bef7 | ||
8862 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8863 | Date: Wed Jun 28 01:09:22 2017 +0000 | ||
8864 | |||
8865 | upstream commit | ||
8866 | |||
8867 | Allow ssh-keygen to use a key held in ssh-agent as a CA when | ||
8868 | signing certificates. bz#2377 ok markus | ||
8869 | |||
8870 | Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f | ||
8871 | |||
8872 | commit c9cdef35524bd59007e17d5bd2502dade69e2dfb | ||
8873 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8874 | Date: Sat Jun 24 06:35:24 2017 +0000 | ||
8875 | |||
8876 | upstream commit | ||
8877 | |||
8878 | regress test for ExposeAuthInfo | ||
8879 | |||
8880 | Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd | ||
8881 | |||
8882 | commit f17ee61cad25d210edab69d04ed447ad55fe80c1 | ||
8883 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8884 | Date: Sat Jun 24 07:08:57 2017 +0000 | ||
8885 | |||
8886 | upstream commit | ||
8887 | |||
8888 | correct env var name | ||
8889 | |||
8890 | Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313 | ||
8891 | |||
8892 | commit 40962198e3b132cecdb32e9350acd4294e6a1082 | ||
8893 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8894 | Date: Sat Jun 24 06:57:04 2017 +0000 | ||
8895 | |||
8896 | upstream commit | ||
8897 | |||
8898 | spelling; | ||
8899 | |||
8900 | Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25 | ||
8901 | |||
8902 | commit 33f86265d7e8a0e88d3a81745d746efbdd397370 | ||
8903 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8904 | Date: Sat Jun 24 06:38:11 2017 +0000 | ||
8905 | |||
8906 | upstream commit | ||
8907 | |||
8908 | don't pass pointer to struct sshcipher between privsep | ||
8909 | processes, just redo the lookup in each using the already-passed cipher name. | ||
8910 | bz#2704 based on patch from Brooks Davis; ok markus dtucker | ||
8911 | |||
8912 | Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0 | ||
8913 | |||
8914 | commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0 | ||
8915 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8916 | Date: Sat Jun 24 06:34:38 2017 +0000 | ||
8917 | |||
8918 | upstream commit | ||
8919 | |||
8920 | refactor authentication logging | ||
8921 | |||
8922 | optionally record successful auth methods and public credentials | ||
8923 | used in a file accessible to user sessions | ||
8924 | |||
8925 | feedback and ok markus@ | ||
8926 | |||
8927 | Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb | ||
8928 | |||
8929 | commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba | ||
8930 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
8931 | Date: Sat Jun 24 06:28:50 2017 +0000 | ||
8932 | |||
8933 | upstream commit | ||
8934 | |||
8935 | word fix; | ||
8936 | |||
8937 | Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5 | ||
8938 | |||
8939 | commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513 | ||
8940 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8941 | Date: Sat Jun 24 05:37:44 2017 +0000 | ||
8942 | |||
8943 | upstream commit | ||
8944 | |||
8945 | switch sshconnect.c from (slightly abused) select() to | ||
8946 | poll(); ok deraadt@ a while back | ||
8947 | |||
8948 | Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175 | ||
8949 | |||
8950 | commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765 | ||
8951 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8952 | Date: Sat Jun 24 05:35:05 2017 +0000 | ||
8953 | |||
8954 | upstream commit | ||
8955 | |||
8956 | use HostKeyAlias if specified instead of hostname for | ||
8957 | matching host certificate principal names; bz#2728; ok dtucker@ | ||
8958 | |||
8959 | Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd | ||
8960 | |||
8961 | commit 8904ffce057b80a7472955f1ec00d7d5c250076c | ||
8962 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8963 | Date: Sat Jun 24 05:24:11 2017 +0000 | ||
8964 | |||
8965 | upstream commit | ||
8966 | |||
8967 | no need to call log_init to reinitialise logged PID in | ||
8968 | child sessions, since we haven't called openlog() in log_init() since 1999; | ||
8969 | ok markus@ | ||
8970 | |||
8971 | Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e | ||
8972 | |||
8973 | commit e238645d789cd7eb47541b66aea2a887ea122c9b | ||
8974 | Author: mestre@openbsd.org <mestre@openbsd.org> | ||
8975 | Date: Fri Jun 23 07:24:48 2017 +0000 | ||
8976 | |||
8977 | upstream commit | ||
8978 | |||
8979 | When using the escape sequence &~ the code path is | ||
8980 | client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork() | ||
8981 | and the pledge for this path lacks the proc promise and therefore aborts the | ||
8982 | process. The solution is to just add proc the promise to this specific | ||
8983 | pledge. | ||
8984 | |||
8985 | Reported by Gregoire Jadi gjadi ! omecha.info | ||
8986 | Insight with tb@, OK jca@ | ||
8987 | |||
8988 | Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b | ||
8989 | |||
8990 | commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3 | ||
8991 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8992 | Date: Fri Jun 23 03:30:42 2017 +0000 | ||
8993 | |||
8994 | upstream commit | ||
8995 | |||
8996 | Import regenerated moduli. | ||
8997 | |||
8998 | Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95 | ||
8999 | |||
9000 | commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f | ||
9001 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9002 | Date: Fri Jun 23 03:25:53 2017 +0000 | ||
9003 | |||
9004 | upstream commit | ||
9005 | |||
9006 | Run the screen twice so we end up with more candidate | ||
9007 | groups. ok djm@ | ||
9008 | |||
9009 | Upstream-ID: b92c93266d8234d493857bb822260dacf4366157 | ||
9010 | |||
9011 | commit 4626e39c7053c6486c1c8b708ec757e464623f5f | ||
9012 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9013 | Date: Wed Jun 14 00:31:38 2017 +0000 | ||
9014 | |||
9015 | upstream commit | ||
9016 | |||
9017 | Add user@host prefix to client's "Permisison denied" | ||
9018 | messages, useful in particular when using "stacked" connections where it's | ||
9019 | not clear which host is denying. bz#2720, ok djm@ markus@ | ||
9020 | |||
9021 | Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be | ||
9022 | |||
9023 | commit c948030d54911b2d3cddb96a7a8e9269e15d11cd | ||
9024 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9025 | Date: Tue Jun 13 12:13:59 2017 +0000 | ||
9026 | |||
9027 | upstream commit | ||
9028 | |||
9029 | Do not require that unknown EXT_INFO extension values not | ||
9030 | contain \0 characters. This would cause fatal connection errors if an | ||
9031 | implementation sent e.g. string-encoded sub-values inside a value. | ||
9032 | |||
9033 | Reported by Denis Bider; ok markus@ | ||
9034 | |||
9035 | Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c | ||
9036 | |||
9037 | commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e | ||
9038 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9039 | Date: Tue Jun 13 11:22:15 2017 +0000 | ||
9040 | |||
9041 | upstream commit | ||
9042 | |||
9043 | missing prototype. | ||
9044 | |||
9045 | Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9 | ||
9046 | |||
9047 | commit bcd1485075aa72ba9418003f5cc27af2b049c51b | ||
9048 | Author: Damien Miller <djm@mindrot.org> | ||
9049 | Date: Sat Jun 10 23:41:25 2017 +1000 | ||
9050 | |||
9051 | portability for sftp globbed ls sort by mtime | ||
9052 | |||
9053 | Include replacement timespeccmp() for systems that lack it. | ||
9054 | Support time_t struct stat->st_mtime in addition to | ||
9055 | timespec stat->st_mtim, as well as unsorted fallback. | ||
9056 | |||
9057 | commit 072e172f1d302d2a2c6043ecbfb4004406717b96 | ||
9058 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9059 | Date: Sat Jun 10 06:36:46 2017 +0000 | ||
9060 | |||
9061 | upstream commit | ||
9062 | |||
9063 | print '?' instead of incorrect link count (that the | ||
9064 | protocol doesn't provide) for remote listings. bz#2710 ok dtucker@ | ||
9065 | |||
9066 | Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e | ||
9067 | |||
9068 | commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505 | ||
9069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9070 | Date: Sat Jun 10 06:33:34 2017 +0000 | ||
9071 | |||
9072 | upstream commit | ||
9073 | |||
9074 | implement sorting for globbed ls; bz#2649 ok dtucker@ | ||
9075 | |||
9076 | Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8 | ||
9077 | |||
9078 | commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721 | ||
9079 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9080 | Date: Fri Jun 9 06:47:13 2017 +0000 | ||
9081 | |||
9082 | upstream commit | ||
9083 | |||
9084 | return failure rather than fatal() for more cases during | ||
9085 | mux negotiations. Causes the session to fall back to a non-mux connection if | ||
9086 | they occur. bz#2707 ok dtucker@ | ||
9087 | |||
9088 | Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab | ||
9089 | |||
9090 | commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976 | ||
9091 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9092 | Date: Fri Jun 9 06:43:01 2017 +0000 | ||
9093 | |||
9094 | upstream commit | ||
9095 | |||
9096 | in description of public key authentication, mention that | ||
9097 | the server will send debug messages to the client for some error conditions | ||
9098 | after authentication has completed. bz#2709 ok dtucker | ||
9099 | |||
9100 | Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd | ||
9101 | |||
9102 | commit 2076e4adb986512ce8c415dd194fd4e52136c4b4 | ||
9103 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9104 | Date: Fri Jun 9 06:40:24 2017 +0000 | ||
9105 | |||
9106 | upstream commit | ||
9107 | |||
9108 | better translate libcrypto errors by looking deeper in | ||
9109 | the accursed error stack for codes that indicate the wrong passphrase was | ||
9110 | supplied for a PEM key. bz#2699 ok dtucker@ | ||
9111 | |||
9112 | Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681 | ||
9113 | |||
9114 | commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c | ||
9115 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9116 | Date: Fri Jun 9 04:40:04 2017 +0000 | ||
9117 | |||
9118 | upstream commit | ||
9119 | |||
9120 | Add comments referring to the relevant RFC sections for | ||
9121 | rekeying behaviour. | ||
9122 | |||
9123 | Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40 | ||
9124 | |||
9125 | commit ce9134260b9b1247e2385a1afed00c26112ba479 | ||
9126 | Author: Damien Miller <djm@mindrot.org> | ||
9127 | Date: Fri Jun 9 14:43:47 2017 +1000 | ||
9128 | |||
9129 | drop two more privileges in the Solaris sandbox | ||
9130 | |||
9131 | Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO. | ||
9132 | Patch from huieying.lee AT oracle.com via bz#2723 | ||
9133 | |||
9134 | commit e0f609c8a2ab940374689ab8c854199c3c285a76 | ||
9135 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9136 | Date: Fri Jun 9 13:36:29 2017 +1000 | ||
9137 | |||
9138 | Wrap stdint.h include in #ifdef. | ||
9139 | |||
9140 | commit 1de5e47a85850526a4fdaf77185134046c050f75 | ||
9141 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9142 | Date: Wed Jun 7 01:48:15 2017 +0000 | ||
9143 | |||
9144 | upstream commit | ||
9145 | |||
9146 | unbreak after sshv1 purge | ||
9147 | |||
9148 | Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b | ||
9149 | |||
9150 | commit 550c053168123fcc0791f9952abad684704b5760 | ||
9151 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9152 | Date: Tue Jun 6 09:12:17 2017 +0000 | ||
9153 | |||
9154 | upstream commit | ||
9155 | |||
9156 | Fix compression output stats broken in rev 1.201. Patch | ||
9157 | originally by Russell Coker via Debian bug #797964 and Christoph Biedl. ok | ||
9158 | djm@ | ||
9159 | |||
9160 | Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016 | ||
9161 | |||
9162 | commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39 | ||
9163 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9164 | Date: Fri Jun 2 06:06:10 2017 +0000 | ||
9165 | |||
9166 | upstream commit | ||
9167 | |||
9168 | rationalise the long list of manual CDIAGFLAGS that we | ||
9169 | add; most of these were redundant to -Wall -Wextra | ||
9170 | |||
9171 | Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c | ||
9172 | |||
9173 | commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1 | ||
9174 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9175 | Date: Thu Jun 1 06:59:21 2017 +0000 | ||
9176 | |||
9177 | upstream commit | ||
9178 | |||
9179 | no need to bzero allocated space now that we use use | ||
9180 | recallocarray; ok deraadt@ | ||
9181 | |||
9182 | Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8 | ||
9183 | |||
9184 | commit cc812baf39b93d5355565da98648d8c31f955990 | ||
9185 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9186 | Date: Thu Jun 1 06:58:25 2017 +0000 | ||
9187 | |||
9188 | upstream commit | ||
9189 | |||
9190 | unconditionally zero init size of buffer; ok markus@ | ||
9191 | deraadt@ | ||
9192 | |||
9193 | Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29 | ||
9194 | |||
9195 | commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226 | ||
9196 | Author: Damien Miller <djm@mindrot.org> | ||
9197 | Date: Thu Jun 1 16:25:09 2017 +1000 | ||
9198 | |||
9199 | avoid compiler warning | ||
9200 | |||
9201 | commit 2d75d74272dc2a0521fce13cfe6388800c9a2406 | ||
9202 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9203 | Date: Thu Jun 1 06:16:43 2017 +0000 | ||
9204 | |||
9205 | upstream commit | ||
9206 | |||
9207 | some warnings spotted by clang; ok markus@ | ||
9208 | |||
9209 | Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b | ||
9210 | |||
9211 | commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e | ||
9212 | Author: Damien Miller <djm@mindrot.org> | ||
9213 | Date: Thu Jun 1 15:25:13 2017 +1000 | ||
9214 | |||
9215 | add recallocarray replacement and dependency | ||
9216 | |||
9217 | recallocarray() needs getpagesize() so add a tiny replacement for that. | ||
9218 | |||
9219 | commit 01e6f78924da308447e71e9a32c8a6104ef4e888 | ||
9220 | Author: Damien Miller <djm@mindrot.org> | ||
9221 | Date: Thu Jun 1 15:16:24 2017 +1000 | ||
9222 | |||
9223 | add *.0 manpage droppings | ||
9224 | |||
9225 | commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36 | ||
9226 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9227 | Date: Thu Jun 1 04:51:58 2017 +0000 | ||
9228 | |||
9229 | upstream commit | ||
9230 | |||
9231 | fix casts re constness | ||
9232 | |||
9233 | Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266 | ||
9234 | |||
9235 | commit 75b8af8de805c0694b37fcf80ce82783b2acc86f | ||
9236 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9237 | Date: Wed May 31 10:54:00 2017 +0000 | ||
9238 | |||
9239 | upstream commit | ||
9240 | |||
9241 | make sure we don't pass a NULL string to vfprintf | ||
9242 | (triggered by the principals-command regress test); ok bluhm | ||
9243 | |||
9244 | Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990 | ||
9245 | |||
9246 | commit 84008608c9ee944d9f72f5100f31ccff743b10f2 | ||
9247 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9248 | Date: Wed May 31 10:04:29 2017 +0000 | ||
9249 | |||
9250 | upstream commit | ||
9251 | |||
9252 | use SO_ZEROIZE for privsep communication (if available) | ||
9253 | |||
9254 | Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62 | ||
9255 | |||
9256 | commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11 | ||
9257 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9258 | Date: Wed May 31 09:15:42 2017 +0000 | ||
9259 | |||
9260 | upstream commit | ||
9261 | |||
9262 | Switch to recallocarray() for a few operations. Both | ||
9263 | growth and shrinkage are handled safely, and there also is no need for | ||
9264 | preallocation dances. Future changes in this area will be less error prone. | ||
9265 | Review and one bug found by markus | ||
9266 | |||
9267 | Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065 | ||
9268 | |||
9269 | commit dc5dc45662773c0f7745c29cf77ae2d52723e55e | ||
9270 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9271 | Date: Wed May 31 08:58:52 2017 +0000 | ||
9272 | |||
9273 | upstream commit | ||
9274 | |||
9275 | These shutdown() SHUT_RDWR are not needed before close() | ||
9276 | ok djm markus claudio | ||
9277 | |||
9278 | Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5 | ||
9279 | |||
9280 | commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e | ||
9281 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9282 | Date: Wed May 31 08:09:45 2017 +0000 | ||
9283 | |||
9284 | upstream commit | ||
9285 | |||
9286 | clear session keys from memory; ok djm@ | ||
9287 | |||
9288 | Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f | ||
9289 | |||
9290 | commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8 | ||
9291 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9292 | Date: Wed May 31 07:00:13 2017 +0000 | ||
9293 | |||
9294 | upstream commit | ||
9295 | |||
9296 | remove now obsolete ctx from ssh_dispatch_run; ok djm@ | ||
9297 | |||
9298 | Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29 | ||
9299 | |||
9300 | commit 17ad5b346043c5bbc5befa864d0dbeb76be39390 | ||
9301 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9302 | Date: Wed May 31 05:34:14 2017 +0000 | ||
9303 | |||
9304 | upstream commit | ||
9305 | |||
9306 | use the ssh_dispatch_run_fatal variant | ||
9307 | |||
9308 | Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8 | ||
9309 | |||
9310 | commit 39896b777320a6574dd06707aebac5fb98e666da | ||
9311 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9312 | Date: Wed May 31 05:08:46 2017 +0000 | ||
9313 | |||
9314 | upstream commit | ||
9315 | |||
9316 | another ctx => ssh conversion (in GSSAPI code) | ||
9317 | |||
9318 | Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0 | ||
9319 | |||
9320 | commit 6116bd4ed354a71a733c8fd0f0467ce612f12911 | ||
9321 | Author: Damien Miller <djm@mindrot.org> | ||
9322 | Date: Wed May 31 14:56:07 2017 +1000 | ||
9323 | |||
9324 | fix conversion of kexc25519s.c to struct ssh too | ||
9325 | |||
9326 | git cvsimport missed this commit for some reason | ||
9327 | |||
9328 | commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7 | ||
9329 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9330 | Date: Wed May 31 04:29:44 2017 +0000 | ||
9331 | |||
9332 | upstream commit | ||
9333 | |||
9334 | spell out that custom options/extensions should follow the | ||
9335 | usual SSH naming rules, e.g. "extension@example.com" | ||
9336 | |||
9337 | Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d | ||
9338 | |||
9339 | commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b | ||
9340 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9341 | Date: Wed May 31 04:17:12 2017 +0000 | ||
9342 | |||
9343 | upstream commit | ||
9344 | |||
9345 | one more void *ctx => struct ssh *ssh conversion | ||
9346 | |||
9347 | Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2 | ||
9348 | |||
9349 | commit c04e979503e97f52b750d3b98caa6fe004ab2ab9 | ||
9350 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9351 | Date: Wed May 31 00:43:04 2017 +0000 | ||
9352 | |||
9353 | upstream commit | ||
9354 | |||
9355 | fix possible OOB strlen() in SOCKS4A hostname parsing; | ||
9356 | ok markus@ | ||
9357 | |||
9358 | Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11 | ||
9359 | |||
9360 | commit a3bb250c93bfe556838c46ed965066afce61cffa | ||
9361 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9362 | Date: Tue May 30 19:38:17 2017 +0000 | ||
9363 | |||
9364 | upstream commit | ||
9365 | |||
9366 | tweak previous; | ||
9367 | |||
9368 | Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031 | ||
9369 | |||
9370 | commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc | ||
9371 | Author: bluhm@openbsd.org <bluhm@openbsd.org> | ||
9372 | Date: Tue May 30 18:58:37 2017 +0000 | ||
9373 | |||
9374 | upstream commit | ||
9375 | |||
9376 | Add RemoteCommand option to specify a command in the | ||
9377 | ssh config file instead of giving it on the client's command line. This | ||
9378 | command will be executed on the remote host. The feature allows to automate | ||
9379 | tasks using ssh config. OK markus@ | ||
9380 | |||
9381 | Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee | ||
9382 | |||
9383 | commit eb272ea4099fd6157846f15c129ac5727933aa69 | ||
9384 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9385 | Date: Tue May 30 14:29:59 2017 +0000 | ||
9386 | |||
9387 | upstream commit | ||
9388 | |||
9389 | switch auth2 to ssh_dispatch API; ok djm@ | ||
9390 | |||
9391 | Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f | ||
9392 | |||
9393 | commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9 | ||
9394 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9395 | Date: Tue May 30 14:27:22 2017 +0000 | ||
9396 | |||
9397 | upstream commit | ||
9398 | |||
9399 | switch auth2-none.c to modern APIs; ok djm@ | ||
9400 | |||
9401 | Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b | ||
9402 | |||
9403 | commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2 | ||
9404 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9405 | Date: Tue May 30 14:26:49 2017 +0000 | ||
9406 | |||
9407 | upstream commit | ||
9408 | |||
9409 | switch auth2-passwd.c to modern APIs; ok djm@ | ||
9410 | |||
9411 | Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7 | ||
9412 | |||
9413 | commit eb76698b91338bd798c978d4db2d6af624d185e4 | ||
9414 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9415 | Date: Tue May 30 14:25:42 2017 +0000 | ||
9416 | |||
9417 | upstream commit | ||
9418 | |||
9419 | switch auth2-hostbased.c to modern APIs; ok djm@ | ||
9420 | |||
9421 | Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e | ||
9422 | |||
9423 | commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd | ||
9424 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9425 | Date: Tue May 30 14:23:52 2017 +0000 | ||
9426 | |||
9427 | upstream commit | ||
9428 | |||
9429 | protocol handlers all get struct ssh passed; ok djm@ | ||
9430 | |||
9431 | Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d | ||
9432 | |||
9433 | commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6 | ||
9434 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9435 | Date: Tue May 30 14:19:15 2017 +0000 | ||
9436 | |||
9437 | upstream commit | ||
9438 | |||
9439 | ssh: pass struct ssh to auth functions, too; ok djm@ | ||
9440 | |||
9441 | Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd | ||
9442 | |||
9443 | commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b | ||
9444 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9445 | Date: Tue May 30 14:18:15 2017 +0000 | ||
9446 | |||
9447 | upstream commit | ||
9448 | |||
9449 | sshd: pass struct ssh to auth functions; ok djm@ | ||
9450 | |||
9451 | Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488 | ||
9452 | |||
9453 | commit 7da5df11ac788bc1133d8d598d298e33500524cc | ||
9454 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9455 | Date: Tue May 30 14:16:41 2017 +0000 | ||
9456 | |||
9457 | upstream commit | ||
9458 | |||
9459 | remove unused wrapper functions from key.[ch]; ok djm@ | ||
9460 | |||
9461 | Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e | ||
9462 | |||
9463 | commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5 | ||
9464 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9465 | Date: Tue May 30 14:15:17 2017 +0000 | ||
9466 | |||
9467 | upstream commit | ||
9468 | |||
9469 | sshkey_new() might return NULL (pkcs#11 code only); ok | ||
9470 | djm@ | ||
9471 | |||
9472 | Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd | ||
9473 | |||
9474 | commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef | ||
9475 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9476 | Date: Tue May 30 14:13:40 2017 +0000 | ||
9477 | |||
9478 | upstream commit | ||
9479 | |||
9480 | switch sshconnect.c to modern APIs; ok djm@ | ||
9481 | |||
9482 | Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad | ||
9483 | |||
9484 | commit 00ed75c92d1f95fe50032835106c368fa22f0f02 | ||
9485 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9486 | Date: Tue May 30 14:10:53 2017 +0000 | ||
9487 | |||
9488 | upstream commit | ||
9489 | |||
9490 | switch auth2-pubkey.c to modern APIs; with & ok djm@ | ||
9491 | |||
9492 | Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07 | ||
9493 | |||
9494 | commit 54d90ace1d3535b44d92a8611952dc109a74a031 | ||
9495 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9496 | Date: Tue May 30 08:52:19 2017 +0000 | ||
9497 | |||
9498 | upstream commit | ||
9499 | |||
9500 | switch from Key typedef with struct sshkey; ok djm@ | ||
9501 | |||
9502 | Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f | ||
9503 | |||
9504 | commit c221219b1fbee47028dcaf66613f4f8d6b7640e9 | ||
9505 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9506 | Date: Tue May 30 08:49:58 2017 +0000 | ||
9507 | |||
9508 | upstream commit | ||
9509 | |||
9510 | remove ssh1 references; ok djm@ | ||
9511 | |||
9512 | Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d | ||
9513 | |||
9514 | commit afbfa68fa18081ef05a9cd294958509a5d3cda8b | ||
9515 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9516 | Date: Tue May 30 08:49:32 2017 +0000 | ||
9517 | |||
9518 | upstream commit | ||
9519 | |||
9520 | revise sshkey_load_public(): remove ssh1 related | ||
9521 | comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if | ||
9522 | 'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@ | ||
9523 | |||
9524 | Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca | ||
9525 | |||
9526 | commit 813f55336a24fdfc45e7ed655fccc7d792e8f859 | ||
9527 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9528 | Date: Fri May 26 20:34:49 2017 +0000 | ||
9529 | |||
9530 | upstream commit | ||
9531 | |||
9532 | sshbuf_consume: reset empty buffer; ok djm@ | ||
9533 | |||
9534 | Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821 | ||
9535 | |||
9536 | commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb | ||
9537 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9538 | Date: Fri May 26 19:35:50 2017 +0000 | ||
9539 | |||
9540 | upstream commit | ||
9541 | |||
9542 | remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@ | ||
9543 | |||
9544 | Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42 | ||
9545 | |||
9546 | commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8 | ||
9547 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9548 | Date: Fri May 26 19:34:12 2017 +0000 | ||
9549 | |||
9550 | upstream commit | ||
9551 | |||
9552 | remove channel_input_close_confirmation (ssh1 only); ok | ||
9553 | djm@ | ||
9554 | |||
9555 | Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1 | ||
9556 | |||
9557 | commit 8ba0fd40082751dbbc23a830433488bbfb1abdca | ||
9558 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9559 | Date: Fri May 26 01:40:07 2017 +0000 | ||
9560 | |||
9561 | upstream commit | ||
9562 | |||
9563 | fix references to obsolete v00 cert format; spotted by | ||
9564 | Jakub Jelen | ||
9565 | |||
9566 | Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f | ||
9567 | |||
9568 | commit dcc714c65cfb81eb6903095b4590719e8690f3da | ||
9569 | Author: Mike Frysinger <vapier@chromium.org> | ||
9570 | Date: Wed May 24 23:21:19 2017 -0400 | ||
9571 | |||
9572 | configure: actually set cache vars when cross-compiling | ||
9573 | |||
9574 | The cross-compiling fallback message says it's assuming the test | ||
9575 | passed, but it didn't actually set the cache var which causes | ||
9576 | later tests to fail. | ||
9577 | |||
9578 | commit 947a3e829a5b8832a4768fd764283709a4ca7955 | ||
9579 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9580 | Date: Sat May 20 02:35:47 2017 +0000 | ||
9581 | |||
9582 | upstream commit | ||
9583 | |||
9584 | there's no reason to artificially limit the key path | ||
9585 | here, just check that it fits PATH_MAX; spotted by Matthew Patton | ||
9586 | |||
9587 | Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58 | ||
9588 | |||
9589 | commit 773224802d7cb250bb8b461546fcce10567b4b2e | ||
9590 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9591 | Date: Fri May 19 21:07:17 2017 +0000 | ||
9592 | |||
9593 | upstream commit | ||
9594 | |||
9595 | Now that we no longer support SSHv1, replace the contents | ||
9596 | of this file with a pointer to | ||
9597 | https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited, | ||
9598 | doesn't need to document stuff we no longer implement and does document stuff | ||
9599 | that we do implement (RSA SHA256/512 signature flags) | ||
9600 | |||
9601 | Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e | ||
9602 | |||
9603 | commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899 | ||
9604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9605 | Date: Wed May 17 01:24:17 2017 +0000 | ||
9606 | |||
9607 | upstream commit | ||
9608 | |||
9609 | allow LogLevel in sshd_config Match blocks; ok dtucker | ||
9610 | bz#2717 | ||
9611 | |||
9612 | Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8 | ||
9613 | |||
9614 | commit 277abcda3f1b08d2376686f0ef20320160d4c8ab | ||
9615 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9616 | Date: Tue May 16 16:56:15 2017 +0000 | ||
9617 | |||
9618 | upstream commit | ||
9619 | |||
9620 | remove duplicate check; spotted by Jakub Jelen | ||
9621 | |||
9622 | Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0 | ||
9623 | |||
9624 | commit adb47ce839c977fa197e770c1be8f852508d65aa | ||
9625 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9626 | Date: Tue May 16 16:54:05 2017 +0000 | ||
9627 | |||
9628 | upstream commit | ||
9629 | |||
9630 | mention that Ed25519 keys are valid as CA keys; spotted | ||
9631 | by Jakub Jelen | ||
9632 | |||
9633 | Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4 | ||
9634 | |||
9635 | commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6 | ||
9636 | Author: Damien Miller <djm@mindrot.org> | ||
9637 | Date: Tue May 9 14:35:03 2017 +1000 | ||
9638 | |||
9639 | clean up regress files and add a .gitignore | ||
9640 | |||
9641 | commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b | ||
9642 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9643 | Date: Mon May 8 22:57:38 2017 +0000 | ||
9644 | |||
9645 | upstream commit | ||
9646 | |||
9647 | remove hmac-ripemd160; ok dtucker | ||
9648 | |||
9649 | Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d | ||
9650 | |||
9651 | commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554 | ||
9652 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9653 | Date: Mon May 8 06:11:06 2017 +0000 | ||
9654 | |||
9655 | upstream commit | ||
9656 | |||
9657 | make requesting bad ECDSA bits yield the same error | ||
9658 | (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA | ||
9659 | |||
9660 | Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6 | ||
9661 | |||
9662 | commit d757a4b633e8874629a1442c7c2e7b1b55d28c19 | ||
9663 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9664 | Date: Mon May 8 06:08:42 2017 +0000 | ||
9665 | |||
9666 | upstream commit | ||
9667 | |||
9668 | fix for new SSH_ERR_KEY_LENGTH error value | ||
9669 | |||
9670 | Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc | ||
9671 | |||
9672 | commit 2e58a69508ac49c02d1bb6057300fa6a76db1045 | ||
9673 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9674 | Date: Mon May 8 06:03:39 2017 +0000 | ||
9675 | |||
9676 | upstream commit | ||
9677 | |||
9678 | helps if I commit the correct version of the file. fix | ||
9679 | missing return statement. | ||
9680 | |||
9681 | Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c | ||
9682 | |||
9683 | commit effaf526bfa57c0ac9056ca236becf52385ce8af | ||
9684 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9685 | Date: Mon May 8 01:52:49 2017 +0000 | ||
9686 | |||
9687 | upstream commit | ||
9688 | |||
9689 | remove arcfour, blowfish and CAST here too | ||
9690 | |||
9691 | Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920 | ||
9692 | |||
9693 | commit 7461a5bc571696273252df28a1f1578968cae506 | ||
9694 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9695 | Date: Mon May 8 00:21:36 2017 +0000 | ||
9696 | |||
9697 | upstream commit | ||
9698 | |||
9699 | I was too aggressive with the scalpel in the last commit; | ||
9700 | unbreak sshd, spotted quickly by naddy@ | ||
9701 | |||
9702 | Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf | ||
9703 | |||
9704 | commit bd636f40911094a39c2920bf87d2ec340533c152 | ||
9705 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9706 | Date: Sun May 7 23:15:59 2017 +0000 | ||
9707 | |||
9708 | upstream commit | ||
9709 | |||
9710 | Refuse RSA keys <1024 bits in length. Improve reporting | ||
9711 | for keys that do not meet this requirement. ok markus@ | ||
9712 | |||
9713 | Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c | ||
9714 | |||
9715 | commit 70c1218fc45757a030285051eb4d209403f54785 | ||
9716 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9717 | Date: Sun May 7 23:13:42 2017 +0000 | ||
9718 | |||
9719 | upstream commit | ||
9720 | |||
9721 | Don't offer CBC ciphers by default in the client. ok | ||
9722 | markus@ | ||
9723 | |||
9724 | Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef | ||
9725 | |||
9726 | commit acaf34fd823235d549c633c0146ee03ac5956e82 | ||
9727 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9728 | Date: Sun May 7 23:12:57 2017 +0000 | ||
9729 | |||
9730 | upstream commit | ||
9731 | |||
9732 | As promised in last release announcement: remove | ||
9733 | support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@ | ||
9734 | |||
9735 | Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222 | ||
9736 | |||
9737 | commit 3e371bd2124427403971db853fb2e36ce789b6fd | ||
9738 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9739 | Date: Fri May 5 10:42:49 2017 +0000 | ||
9740 | |||
9741 | upstream commit | ||
9742 | |||
9743 | more simplification and removal of SSHv1-related code; | ||
9744 | ok djm@ | ||
9745 | |||
9746 | Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55 | ||
9747 | |||
9748 | commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd | ||
9749 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9750 | Date: Fri May 5 10:41:58 2017 +0000 | ||
9751 | |||
9752 | upstream commit | ||
9753 | |||
9754 | remove superfluous protocol 2 mentions; ok jmc@ | ||
9755 | |||
9756 | Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d | ||
9757 | |||
9758 | commit 744bde79c3361e2153cb395a2ecdcee6c713585d | ||
9759 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9760 | Date: Thu May 4 06:10:57 2017 +0000 | ||
9761 | |||
9762 | upstream commit | ||
9763 | |||
9764 | since a couple of people have asked, leave a comment | ||
9765 | explaining why we retain SSH v.1 support in the "delete all keys from agent" | ||
9766 | path. | ||
9767 | |||
9768 | Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4 | ||
9769 | |||
9770 | commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee | ||
9771 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9772 | Date: Thu May 4 01:33:21 2017 +0000 | ||
9773 | |||
9774 | upstream commit | ||
9775 | |||
9776 | another tentacle: cipher_set_key_string() was only ever | ||
9777 | used for SSHv1 | ||
9778 | |||
9779 | Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a | ||
9780 | |||
9781 | commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f | ||
9782 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9783 | Date: Wed May 3 21:49:18 2017 +0000 | ||
9784 | |||
9785 | upstream commit | ||
9786 | |||
9787 | restore mistakenly deleted description of the | ||
9788 | ConnectionAttempts option ok markus@ | ||
9789 | |||
9790 | Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348 | ||
9791 | |||
9792 | commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3 | ||
9793 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9794 | Date: Wed May 3 21:08:09 2017 +0000 | ||
9795 | |||
9796 | upstream commit | ||
9797 | |||
9798 | remove miscellaneous SSH1 leftovers; ok markus@ | ||
9799 | |||
9800 | Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c | ||
9801 | |||
9802 | commit 1a1b24f8229bf7a21f89df21987433283265527a | ||
9803 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9804 | Date: Wed May 3 10:01:44 2017 +0000 | ||
9805 | |||
9806 | upstream commit | ||
9807 | |||
9808 | more protocol 1 bits removed; ok djm | ||
9809 | |||
9810 | Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9 | ||
9811 | |||
9812 | commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 | ||
9813 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9814 | Date: Wed May 3 06:32:02 2017 +0000 | ||
9815 | |||
9816 | upstream commit | ||
9817 | |||
9818 | more protocol 1 stuff to go; ok djm | ||
9819 | |||
9820 | Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 | ||
9821 | |||
9822 | commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093 | ||
9823 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9824 | Date: Tue May 2 17:04:09 2017 +0000 | ||
9825 | |||
9826 | upstream commit | ||
9827 | |||
9828 | rsa1 is no longer valid; | ||
9829 | |||
9830 | Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89 | ||
9831 | |||
9832 | commit 42b690b4fd0faef78c4d68225948b6e5c46c5163 | ||
9833 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9834 | Date: Tue May 2 14:06:37 2017 +0000 | ||
9835 | |||
9836 | upstream commit | ||
9837 | |||
9838 | add PubKeyAcceptedKeyTypes to the -o list: scp(1) has | ||
9839 | it, so i guess this should too; | ||
9840 | |||
9841 | Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c | ||
9842 | |||
9843 | commit d852603214defd93e054de2877b20cc79c19d0c6 | ||
9844 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9845 | Date: Tue May 2 13:44:51 2017 +0000 | ||
9846 | |||
9847 | upstream commit | ||
9848 | |||
9849 | remove now obsolete protocol1 options from the -o | ||
9850 | lists; | ||
9851 | |||
9852 | Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd | ||
9853 | |||
9854 | commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74 | ||
9855 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9856 | Date: Tue May 2 09:05:58 2017 +0000 | ||
9857 | |||
9858 | upstream commit | ||
9859 | |||
9860 | more -O shuffle; ok djm | ||
9861 | |||
9862 | Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb | ||
9863 | |||
9864 | commit 3575f0b12afe6b561681582fd3c34067d1196231 | ||
9865 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9866 | Date: Tue May 2 08:54:19 2017 +0000 | ||
9867 | |||
9868 | upstream commit | ||
9869 | |||
9870 | remove -1 / -2 options; pointed out by jmc@ | ||
9871 | |||
9872 | Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa | ||
9873 | |||
9874 | commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f | ||
9875 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9876 | Date: Tue May 2 08:06:33 2017 +0000 | ||
9877 | |||
9878 | upstream commit | ||
9879 | |||
9880 | remove options -12 from usage(); | ||
9881 | |||
9882 | Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270 | ||
9883 | |||
9884 | commit 6b84897f7fd39956b849eac7810319d8a9958568 | ||
9885 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9886 | Date: Tue May 2 07:13:31 2017 +0000 | ||
9887 | |||
9888 | upstream commit | ||
9889 | |||
9890 | tidy up -O somewhat; ok djm | ||
9891 | |||
9892 | Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52 | ||
9893 | |||
9894 | commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868 | ||
9895 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9896 | Date: Mon May 1 22:09:48 2017 +0000 | ||
9897 | |||
9898 | upstream commit | ||
9899 | |||
9900 | when freeing a bitmap, zero all it bytes; spotted by Ilya | ||
9901 | Kaliman | ||
9902 | |||
9903 | Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4 | ||
9904 | |||
9905 | commit 0f163983016c2988a92e039d18a7569f9ea8e071 | ||
9906 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9907 | Date: Mon May 1 14:08:26 2017 +0000 | ||
9908 | |||
9909 | upstream commit | ||
9910 | |||
9911 | this one I did forget to "cvs rm" | ||
9912 | |||
9913 | Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913 | ||
9914 | |||
9915 | commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed | ||
9916 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9917 | Date: Mon May 1 09:27:45 2017 +0000 | ||
9918 | |||
9919 | upstream commit | ||
9920 | |||
9921 | don't know why cvs didn't exterminate these the first | ||
9922 | time around, I use rm -f and everuthing... | ||
9923 | |||
9924 | pointed out by sobrado@ | ||
9925 | |||
9926 | Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d | ||
9927 | |||
9928 | commit d29ba6f45086703fdcb894532848ada3427dfde6 | ||
9929 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9930 | Date: Mon May 1 13:53:07 2017 +1000 | ||
9931 | |||
9932 | Define INT32_MAX and INT64_MAX if needed. | ||
9933 | |||
9934 | commit 329037e389f02ec95c8e16bf93ffede94d3d44ce | ||
9935 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9936 | Date: Mon May 1 13:19:41 2017 +1000 | ||
9937 | |||
9938 | Wrap stdint.h in HAVE_STDINT_H | ||
9939 | |||
9940 | commit f382362e8dfb6b277f16779ab1936399d7f2af78 | ||
9941 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9942 | Date: Mon May 1 02:27:11 2017 +0000 | ||
9943 | |||
9944 | upstream commit | ||
9945 | |||
9946 | remove unused variable | ||
9947 | |||
9948 | Upstream-ID: 66011f00819d0e71b14700449a98414033284516 | ||
9949 | |||
9950 | commit dd369320d2435b630a5974ab270d686dcd92d024 | ||
9951 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9952 | Date: Sun Apr 30 23:34:55 2017 +0000 | ||
9953 | |||
9954 | upstream commit | ||
9955 | |||
9956 | eliminate explicit specification of protocol in tests and | ||
9957 | loops over protocol. We only support SSHv2 now. | ||
9958 | |||
9959 | Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd | ||
9960 | |||
9961 | commit 557f921aad004be15805e09fd9572969eb3d9321 | ||
9962 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9963 | Date: Sun Apr 30 23:33:48 2017 +0000 | ||
9964 | |||
9965 | upstream commit | ||
9966 | |||
9967 | remove SSHv1 support from unit tests | ||
9968 | |||
9969 | Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe | ||
9970 | |||
9971 | commit e77e1562716fb3da413e4c2397811017b762f5e3 | ||
9972 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9973 | Date: Mon May 1 00:03:18 2017 +0000 | ||
9974 | |||
9975 | upstream commit | ||
9976 | |||
9977 | fixup setting ciphercontext->plaintext (lost in SSHv1 purge), | ||
9978 | though it isn't really used for much anymore. | ||
9979 | |||
9980 | Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747 | ||
9981 | |||
9982 | commit f7849e6c83a4e0f602dea6c834a24091c622d68e | ||
9983 | Author: Damien Miller <djm@mindrot.org> | ||
9984 | Date: Mon May 1 09:55:56 2017 +1000 | ||
9985 | |||
9986 | remove configure --with-ssh1 | ||
9987 | |||
9988 | commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043 | ||
9989 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9990 | Date: Sun Apr 30 23:29:10 2017 +0000 | ||
9991 | |||
9992 | upstream commit | ||
9993 | |||
9994 | flense SSHv1 support from ssh-agent, considerably | ||
9995 | simplifying it | ||
9996 | |||
9997 | ok markus | ||
9998 | |||
9999 | Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365 | ||
10000 | |||
10001 | commit 930e8d2827853bc2e196c20c3e000263cc87fb75 | ||
10002 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10003 | Date: Sun Apr 30 23:28:41 2017 +0000 | ||
10004 | |||
10005 | upstream commit | ||
10006 | |||
10007 | obliterate ssh1.h and some dead code that used it | ||
10008 | |||
10009 | ok markus@ | ||
10010 | |||
10011 | Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343 | ||
10012 | |||
10013 | commit a3710d5d529a34b8f56aa62db798c70e85d576a0 | ||
10014 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10015 | Date: Sun Apr 30 23:28:12 2017 +0000 | ||
10016 | |||
10017 | upstream commit | ||
10018 | |||
10019 | exterminate the -1 flag from scp | ||
10020 | |||
10021 | ok markus@ | ||
10022 | |||
10023 | Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db | ||
10024 | |||
10025 | commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4 | ||
10026 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10027 | Date: Sun Apr 30 23:26:54 2017 +0000 | ||
10028 | |||
10029 | upstream commit | ||
10030 | |||
10031 | purge the last traces of SSHv1 from the TTY modes | ||
10032 | handling code | ||
10033 | |||
10034 | ok markus | ||
10035 | |||
10036 | Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195 | ||
10037 | |||
10038 | commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a | ||
10039 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10040 | Date: Sun Apr 30 23:26:16 2017 +0000 | ||
10041 | |||
10042 | upstream commit | ||
10043 | |||
10044 | remove the (in)famous SSHv1 CRC compensation attack | ||
10045 | detector. | ||
10046 | |||
10047 | Despite your cameo in The Matrix movies, you will not be missed. | ||
10048 | |||
10049 | ok markus | ||
10050 | |||
10051 | Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0 | ||
10052 | |||
10053 | commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6 | ||
10054 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10055 | Date: Sun Apr 30 23:25:03 2017 +0000 | ||
10056 | |||
10057 | upstream commit | ||
10058 | |||
10059 | undo some local debugging stuff that I committed by | ||
10060 | accident | ||
10061 | |||
10062 | Upstream-ID: fe5b31f69a60d47171836911f144acff77810217 | ||
10063 | |||
10064 | commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14 | ||
10065 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10066 | Date: Sun Apr 30 23:23:54 2017 +0000 | ||
10067 | |||
10068 | upstream commit | ||
10069 | |||
10070 | remove SSHv1 support from packet and buffer APIs | ||
10071 | |||
10072 | ok markus@ | ||
10073 | |||
10074 | Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9 | ||
10075 | |||
10076 | commit 05164358577c82de18ed7373196bc7dbd8a3f79c | ||
10077 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10078 | Date: Sun Apr 30 23:21:54 2017 +0000 | ||
10079 | |||
10080 | upstream commit | ||
10081 | |||
10082 | remove SSHv1-related buffers from client code | ||
10083 | |||
10084 | Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd | ||
10085 | |||
10086 | commit 873d3e7d9a4707d0934fb4c4299354418f91b541 | ||
10087 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10088 | Date: Sun Apr 30 23:18:44 2017 +0000 | ||
10089 | |||
10090 | upstream commit | ||
10091 | |||
10092 | remove KEY_RSA1 | ||
10093 | |||
10094 | ok markus@ | ||
10095 | |||
10096 | Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133 | ||
10097 | |||
10098 | commit 788ac799a6efa40517f2ac0d895a610394298ffc | ||
10099 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10100 | Date: Sun Apr 30 23:18:22 2017 +0000 | ||
10101 | |||
10102 | upstream commit | ||
10103 | |||
10104 | remove SSHv1 configuration options and man pages bits | ||
10105 | |||
10106 | ok markus@ | ||
10107 | |||
10108 | Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424 | ||
10109 | |||
10110 | commit e6882463a8ae0594aacb6d6575a6318a41973d84 | ||
10111 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10112 | Date: Sun Apr 30 23:17:37 2017 +0000 | ||
10113 | |||
10114 | upstream commit | ||
10115 | |||
10116 | remove SSH1 make flag and associated files ok markus@ | ||
10117 | |||
10118 | Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef | ||
10119 | |||
10120 | commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833 | ||
10121 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10122 | Date: Sun Apr 30 23:15:04 2017 +0000 | ||
10123 | |||
10124 | upstream commit | ||
10125 | |||
10126 | remove SSHv1 ciphers; ok markus@ | ||
10127 | |||
10128 | Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890 | ||
10129 | |||
10130 | commit 97f4d3083b036ce3e68d6346a6140a22123d5864 | ||
10131 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10132 | Date: Sun Apr 30 23:13:25 2017 +0000 | ||
10133 | |||
10134 | upstream commit | ||
10135 | |||
10136 | remove compat20/compat13/compat15 variables | ||
10137 | |||
10138 | ok markus@ | ||
10139 | |||
10140 | Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c | ||
10141 | |||
10142 | commit 99f95ba82673d33215dce17bfa1512b57f54ec09 | ||
10143 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10144 | Date: Sun Apr 30 23:11:45 2017 +0000 | ||
10145 | |||
10146 | upstream commit | ||
10147 | |||
10148 | remove options.protocol and client Protocol | ||
10149 | configuration knob | ||
10150 | |||
10151 | ok markus@ | ||
10152 | |||
10153 | Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366 | ||
10154 | |||
10155 | commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740 | ||
10156 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10157 | Date: Sun Apr 30 23:10:43 2017 +0000 | ||
10158 | |||
10159 | upstream commit | ||
10160 | |||
10161 | unifdef WITH_SSH1 ok markus@ | ||
10162 | |||
10163 | Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7 | ||
10164 | |||
10165 | commit d4084cd230f7319056559b00db8b99296dad49d5 | ||
10166 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10167 | Date: Sat Apr 29 06:06:01 2017 +0000 | ||
10168 | |||
10169 | upstream commit | ||
10170 | |||
10171 | tweak previous; | ||
10172 | |||
10173 | Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9 | ||
10174 | |||
10175 | commit 249516e428e8461b46340a5df5d5ed1fbad2ccce | ||
10176 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10177 | Date: Sat Apr 29 04:12:25 2017 +0000 | ||
10178 | |||
10179 | upstream commit | ||
10180 | |||
10181 | allow ssh-keygen to include arbitrary string or flag | ||
10182 | certificate extensions and critical options. ok markus@ dtucker@ | ||
10183 | |||
10184 | Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646 | ||
10185 | |||
10186 | commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9 | ||
10187 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10188 | Date: Fri Apr 28 06:15:03 2017 +0000 | ||
10189 | |||
10190 | upstream commit | ||
10191 | |||
10192 | sort; | ||
10193 | |||
10194 | Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a | ||
10195 | |||
10196 | commit 36465a76a79ad5040800711b41cf5f32249d5120 | ||
10197 | Author: Darren Tucker <dtucker@zip.com.au> | ||
10198 | Date: Fri Apr 28 14:44:28 2017 +1000 | ||
10199 | |||
10200 | Typo. | ||
10201 | |||
10202 | Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 | ||
10203 | |||
10204 | commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed | ||
10205 | Author: Darren Tucker <dtucker@zip.com.au> | ||
10206 | Date: Fri Apr 28 14:41:17 2017 +1000 | ||
10207 | |||
10208 | Add 2 regress commits I applied by hand. | ||
10209 | |||
10210 | Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c | ||
10211 | Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308 | ||
10212 | |||
10213 | commit 9504ea6b27f9f0ece64e88582ebb9235e664a100 | ||
10214 | Author: Darren Tucker <dtucker@zip.com.au> | ||
10215 | Date: Fri Apr 28 14:33:43 2017 +1000 | ||
10216 | |||
10217 | Merge integrity.sh rev 1.22. | ||
10218 | |||
10219 | Merge missing bits from Colin Watson's patch in bz#2658 which make integrity | ||
10220 | tests more robust against timeouts. ok djm@ | ||
10221 | |||
10222 | commit 06ec837a34542627e2183a412d6a9d2236f22140 | ||
10223 | Author: Darren Tucker <dtucker@zip.com.au> | ||
10224 | Date: Fri Apr 28 14:30:03 2017 +1000 | ||
10225 | |||
10226 | Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes | ||
10227 | |||
10228 | commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8 | ||
10229 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
10230 | Date: Mon Apr 17 11:02:31 2017 +0000 | ||
10231 | |||
10232 | upstream commit | ||
10233 | |||
10234 | Change COMPILER_VERSION tests which limited additional | ||
10235 | warnings to gcc4 to instead skip them on gcc3 as clang can handle | ||
10236 | -Wpointer-sign and -Wold-style-definition. | ||
10237 | |||
10238 | Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f | ||
10239 | |||
10240 | commit 6830be90e71f46bcd182a9202b151eaf2b299434 | ||
10241 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10242 | Date: Fri Apr 28 03:24:53 2017 +0000 | ||
10243 | |||
10244 | upstream commit | ||
10245 | |||
10246 | include key fingerprint in "Offering public key" debug | ||
10247 | message | ||
10248 | |||
10249 | Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52 | ||
10250 | |||
10251 | commit 066437187e16dcafcbc19f9402ef0e6575899b1d | ||
10252 | Author: millert@openbsd.org <millert@openbsd.org> | ||
10253 | Date: Fri Apr 28 03:21:12 2017 +0000 | ||
10254 | |||
10255 | upstream commit | ||
10256 | |||
10257 | Avoid relying on implementation-specific behavior when | ||
10258 | detecting whether the timestamp or file size overflowed. If time_t and off_t | ||
10259 | are not either 32-bit or 64-bit scp will exit with an error. OK djm@ | ||
10260 | |||
10261 | Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135 | ||
10262 | |||
10263 | commit 68d3a2a059183ebd83b15e54984ffaced04d2742 | ||
10264 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
10265 | Date: Fri Apr 28 03:20:27 2017 +0000 | ||
10266 | |||
10267 | upstream commit | ||
10268 | |||
10269 | Add SyslogFacility option to ssh(1) matching the | ||
10270 | equivalent option in sshd(8). bz#2705, patch from erahn at arista.com, ok | ||
10271 | djm@ | ||
10272 | |||
10273 | Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed | ||
10274 | |||
10275 | commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14 | ||
10276 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
10277 | Date: Thu Apr 27 13:40:05 2017 +0000 | ||
10278 | |||
10279 | upstream commit | ||
10280 | |||
10281 | remove a static array unused since rev 1.306 spotted by | ||
10282 | clang ok djm@ | ||
10283 | |||
10284 | Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8 | ||
10285 | |||
10286 | commit 91bd2181866659f00714903e78e1c3edd4c45f3d | ||
10287 | Author: millert@openbsd.org <millert@openbsd.org> | ||
10288 | Date: Thu Apr 27 11:53:12 2017 +0000 | ||
10289 | |||
10290 | upstream commit | ||
10291 | |||
10292 | Avoid potential signed int overflow when parsing the file | ||
10293 | size. Use strtoul() instead of parsing manually. OK djm@ | ||
10294 | |||
10295 | Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02 | ||
10296 | |||
10297 | commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 | ||
10298 | Author: Darren Tucker <dtucker@zip.com.au> | ||
10299 | Date: Tue Apr 25 08:32:27 2017 +1000 | ||
10300 | |||
10301 | Fix typo in "socketcall". | ||
10302 | |||
10303 | Pointed out by jjelen at redhat.com. | ||
10304 | |||
10305 | commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd | ||
10306 | Author: Darren Tucker <dtucker@zip.com.au> | ||
10307 | Date: Mon Apr 24 19:40:31 2017 +1000 | ||
10308 | |||
10309 | Deny socketcall in seccomp filter on ppc64le. | ||
10310 | |||
10311 | OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys | ||
10312 | in privsep child. The socket() syscall is already denied in the seccomp | ||
10313 | filter, but in ppc64le kernel, it is implemented using socketcall() | ||
10314 | syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and | ||
10315 | therefore fails hard. | ||
10316 | |||
10317 | Patch from jjelen at redhat.com. | ||
10318 | |||
10319 | commit f8500b2be599053daa05248a86a743232ec6a536 | ||
10320 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
10321 | Date: Mon Apr 17 14:31:23 2017 +0000 | ||
10322 | |||
10323 | upstream commit | ||
10324 | |||
10325 | Recognize nl_langinfo(CODESET) return values "646" and "" | ||
10326 | as aliases for "US-ASCII", useful for different versions of NetBSD and | ||
10327 | Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot | ||
10328 | com>. OK dtucker@ deraadt@ | ||
10329 | |||
10330 | Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384 | ||
10331 | |||
10332 | commit 7480dfedf8c5c93baaabef444b3def9331e86ad5 | ||
10333 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
10334 | Date: Mon Apr 17 11:02:31 2017 +0000 | ||
10335 | |||
10336 | upstream commit | ||
10337 | |||
10338 | Change COMPILER_VERSION tests which limited additional | ||
10339 | warnings to gcc4 to instead skip them on gcc3 as clang can handle | ||
10340 | -Wpointer-sign and -Wold-style-definition. | ||
10341 | |||
10342 | Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a | ||