summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog4925
1 files changed, 2686 insertions, 2239 deletions
diff --git a/ChangeLog b/ChangeLog
index e008ec9f3..bb729917c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,2689 @@
1commit a0349a1cc4a18967ad1dbff5389bcdf9da098814
2Author: Damien Miller <djm@mindrot.org>
3Date: Mon Apr 2 15:38:28 2018 +1000
4
5 update versions in .spec files
6
7commit 816ad38f79792f5617e3913be306ddb27e91091c
8Author: Damien Miller <djm@mindrot.org>
9Date: Mon Apr 2 15:38:20 2018 +1000
10
11 update version number
12
13commit 2c71ca1dd1efe458cb7dee3f8a1a566f913182c2
14Author: Darren Tucker <dtucker@dtucker.net>
15Date: Fri Mar 30 18:23:07 2018 +1100
16
17 Disable native strndup and strnlen on AIX.
18
19 On at least some revisions of AIX, strndup returns unterminated strings
20 under some conditions, apparently because strnlen returns incorrect
21 values in those cases. Disable both on AIX and use the replacements
22 from openbsd-compat. Fixes problem with ECDSA keys there, ok djm.
23
24commit 6b5a17bc14e896e3904dc58d889b58934cfacd24
25Author: Darren Tucker <dtucker@dtucker.net>
26Date: Mon Mar 26 13:12:44 2018 +1100
27
28 Include ssh_api.h for struct ssh.
29
30 struct ssh is needed by implementations of sys_auth_passwd() that were
31 converted in commit bba02a50. Needed to fix build on AIX, I assume for
32 the other platforms too (although it should be harmless if not needed).
33
34commit bc3f80e4d191b8e48650045dfa8a682cd3aabd4d
35Author: Darren Tucker <dtucker@dtucker.net>
36Date: Mon Mar 26 12:58:09 2018 +1100
37
38 Remove UNICOS code missed during removal.
39
40 Fixes compile error on AIX.
41
42commit 9d57762c24882e2f000a21a0ffc8c5908a1fa738
43Author: markus@openbsd.org <markus@openbsd.org>
44Date: Sat Mar 24 19:29:03 2018 +0000
45
46 upstream: openssh-7.7
47
48 OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
49
50commit 4b7d8acdbbceef247dc035e611e577174ed8a87e
51Author: Damien Miller <djm@mindrot.org>
52Date: Mon Mar 26 09:37:02 2018 +1100
53
54 Remove authinfo.sh test dependency on printenv
55
56 Some platforms lack printenv in the default $PATH.
57 Reported by Tom G. Christensen
58
59commit 4afeaf3dcb7dc70efd98fcfcb0ed28a6b40b820e
60Author: Tim Rice <tim@multitalents.net>
61Date: Sun Mar 25 10:00:21 2018 -0700
62
63 Use libiaf on all sysv5 systems
64
65commit bba02a5094b3db228ceac41cb4bfca165d0735f3
66Author: Tim Rice <tim@multitalents.net>
67Date: Sun Mar 25 09:17:33 2018 -0700
68
69 modified: auth-sia.c
70 modified: openbsd-compat/port-aix.c
71 modified: openbsd-compat/port-uw.c
72
73 propogate changes to auth-passwd.c in commit
74 7c856857607112a3dfe6414696bf4c7ab7fb0cb3 to other providers
75 of sys_auth_passwd()
76
77commit d7a7a39168bdfe273587bf85d779d60569100a3f
78Author: markus@openbsd.org <markus@openbsd.org>
79Date: Sat Mar 24 19:29:03 2018 +0000
80
81 upstream: openssh-7.7
82
83 OpenBSD-Commit-ID: 274e614352460b9802c905f38fb5ea7ed5db3d41
84
85commit 9efcaaac314c611c6c0326e8bac5b486c424bbd2
86Author: markus@openbsd.org <markus@openbsd.org>
87Date: Sat Mar 24 19:28:43 2018 +0000
88
89 upstream: fix bogus warning when signing cert keys using agent;
90
91 from djm; ok deraadt dtucker
92
93 OpenBSD-Commit-ID: 12e50836ba2040042383a8b71e12d7ea06e9633d
94
95commit 393436024d2e4b4c7a01f9cfa5854e7437896d11
96Author: Darren Tucker <dtucker@dtucker.net>
97Date: Sun Mar 25 09:40:46 2018 +1100
98
99 Replace /dev/stdin with "-".
100
101 For some reason sftp -b doesn't work with /dev/stdin on Cygwin, as noted
102 and suggested by vinschen at redhat.com.
103
104commit b5974de1a1d419e316ffb6524b1b277dda2f3b49
105Author: Darren Tucker <dtucker@dtucker.net>
106Date: Fri Mar 23 13:21:14 2018 +1100
107
108 Provide $OBJ to paths in PuTTY interop tests.
109
110commit dc31e79454e9b9140b33ad380565fdb59b9c4f33
111Author: dtucker@openbsd.org <dtucker@openbsd.org>
112Date: Fri Mar 16 09:06:31 2018 +0000
113
114 upstream: Tell puttygen to use /dev/urandom instead of /dev/random. On
115
116 OpenBSD they are both non-blocking, but on many other -portable platforms it
117 blocks, stalling tests.
118
119 OpenBSD-Regress-ID: 397d0d4c719c353f24d79f5b14775e0cfdf0e1cc
120
121commit cb1f94431ef319cd48618b8b771b58739a8210cf
122Author: markus@openbsd.org <markus@openbsd.org>
123Date: Thu Mar 22 07:06:11 2018 +0000
124
125 upstream: ssh/xmss: fix build; ok djm@
126
127 OpenBSD-Commit-ID: c9374ca41d4497f1c673ab681cc33f6e7c5dd186
128
129commit 27979da9e4074322611355598f69175b9ff10d39
130Author: markus@openbsd.org <markus@openbsd.org>
131Date: Thu Mar 22 07:05:48 2018 +0000
132
133 upstream: ssh/xmss: fix deserialize for certs; ok djm@
134
135 OpenBSD-Commit-ID: f44c41636c16ec83502039828beaf521c057dddc
136
137commit c6cb2565c9285eb54fa9dfbb3890f5464aff410f
138Author: Darren Tucker <dtucker@dtucker.net>
139Date: Thu Mar 22 17:00:28 2018 +1100
140
141 Save $? before case statement.
142
143 In some shells (FreeBSD 9, ash) the case statement resets $?, so save
144 for later testing.
145
146commit 4c4e7f783b43b264c247233acb887ee10ed4ce4d
147Author: djm@openbsd.org <djm@openbsd.org>
148Date: Wed Mar 14 05:35:40 2018 +0000
149
150 upstream: rename recently-added "valid-before" key restriction to
151
152 "expiry-time" as the former is confusing wrt similar terminology in X.509;
153 pointed out by jsing@
154
155 OpenBSD-Regress-ID: ac8b41dbfd90cffd525d58350c327195b0937793
156
157commit 500396b204c58e78ad9d081516a365a9f28dc3fd
158Author: djm@openbsd.org <djm@openbsd.org>
159Date: Mon Mar 12 00:56:03 2018 +0000
160
161 upstream: check valid-before option in authorized_keys
162
163 OpenBSD-Regress-ID: 7e1e4a84f7f099a290e5a4cbf4196f90ff2d7e11
164
165commit a76b5d26c2a51d7dd7a5164e683ab3f4419be215
166Author: djm@openbsd.org <djm@openbsd.org>
167Date: Mon Mar 12 00:54:04 2018 +0000
168
169 upstream: explicitly specify RSA/SHA-2 keytype here too
170
171 OpenBSD-Regress-ID: 74d7b24e8c72c27af6b481198344eb077e993a62
172
173commit 3a43297ce29d37c64e37c7e21282cb219e28d3d1
174Author: djm@openbsd.org <djm@openbsd.org>
175Date: Mon Mar 12 00:52:57 2018 +0000
176
177 upstream: exlicitly include RSA/SHA-2 keytypes in
178
179 PubkeyAcceptedKeyTypes here
180
181 OpenBSD-Regress-ID: 954d19e0032a74e31697fb1dc7e7d3d1b2d65fe9
182
183commit 037fdc1dc2d68e1d43f9c9e2586c02cabc8f7cc8
184Author: jmc@openbsd.org <jmc@openbsd.org>
185Date: Wed Mar 14 06:56:20 2018 +0000
186
187 upstream: sort expiry-time;
188
189 OpenBSD-Commit-ID: 8c7d82ee1e63e26ceb2b3d3a16514019f984f6bf
190
191commit abc0fa38c9bc136871f28e452c3465c3051fc785
192Author: djm@openbsd.org <djm@openbsd.org>
193Date: Wed Mar 14 05:35:40 2018 +0000
194
195 upstream: rename recently-added "valid-before" key restriction to
196
197 "expiry-time" as the former is confusing wrt similar terminology in X.509;
198 pointed out by jsing@
199
200 OpenBSD-Commit-ID: 376939466a1f562f3950a22314bc6505733aaae6
201
202commit bf0fbf2b11a44f06a64b620af7d01ff171c28e13
203Author: djm@openbsd.org <djm@openbsd.org>
204Date: Mon Mar 12 00:52:01 2018 +0000
205
206 upstream: add valid-before="[time]" authorized_keys option. A
207
208 simple way of giving a key an expiry date. ok markus@
209
210 OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
211
212commit fbd733ab7adc907118a6cf56c08ed90c7000043f
213Author: Darren Tucker <dtucker@dtucker.net>
214Date: Mon Mar 12 19:17:26 2018 +1100
215
216 Add AC_LANG_PROGRAM to AC_COMPILE_IFELSE.
217
218 The recently added MIPS ABI tests need AC_LANG_PROGRAM to prevent
219 warnings from autoconf. Pointed out by klausz at haus-gisela.de.
220
221commit c7c458e8261b04d161763cd333d74e7a5842e917
222Author: djm@openbsd.org <djm@openbsd.org>
223Date: Wed Mar 7 23:53:08 2018 +0000
224
225 upstream: revert recent strdelim() change, it causes problems with
226
227 some configs.
228
229 revision 1.124
230 date: 2018/03/02 03:02:11; author: djm; state: Exp; lines: +19 -8; commitid: nNRsCijZiGG6SUTT;
231 Allow escaped quotes \" and \' in ssh_config and sshd_config quotes
232 option strings. bz#1596 ok markus@
233
234 OpenBSD-Commit-ID: 59c40b1b81206d713c06b49d8477402c86babda5
235
236commit 0bcd871ccdf3baf2b642509ba4773d5be067cfa2
237Author: jmc@openbsd.org <jmc@openbsd.org>
238Date: Mon Mar 5 07:03:18 2018 +0000
239
240 upstream: move the input format details to -f; remove the output
241
242 format details and point to sshd(8), where it is documented;
243
244 ok dtucker
245
246 OpenBSD-Commit-ID: 95f17e47dae02a6ac7329708c8c893d4cad0004a
247
248commit 45011511a09e03493568506ce32f4891a174a3bd
249Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
250Date: Tue Jun 20 16:42:28 2017 +0100
251
252 configure.ac: properly set seccomp_audit_arch for MIPS64
253
254 Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
255 AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
256 for MIPS64. However, that's only valid for n64 ABI. The right macros for
257 n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
258 AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
259
260 Because of that an sshd built for MIPS64 n32 rejects connection attempts
261 and the output of strace reveals that the problem is related to seccomp
262 audit:
263
264 [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
265 filter=0x555d5da0}) = 0
266 [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
267 [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
268 {fd=6, revents=POLLHUP}])
269 [pid 194] +++ killed by SIGSYS +++
270
271 This patch fixes that problem by setting the right value to
272 seccomp_audit_arch taking into account the MIPS64 ABI.
273
274 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
275
276commit 580086704c31de91dc7ba040a28e416bf1fefbca
277Author: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
278Date: Tue Jun 20 16:42:11 2017 +0100
279
280 configure.ac: detect MIPS ABI
281
282 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
283
284commit cd4e937aa701f70366cd5b5969af525dff6fdf15
285Author: Alan Yee <alyee@ucsd.edu>
286Date: Wed Mar 7 15:12:14 2018 -0800
287
288 Use https URLs for links that support it.
289
290commit c0a0c3fc4a76b682db22146b28ddc46566db1ce9
291Author: Darren Tucker <dtucker@dtucker.net>
292Date: Mon Mar 5 20:03:07 2018 +1100
293
294 Disable UTMPX on SunOS4.
295
296commit 58fd4c5c0140f6636227ca7acbb149ab0c2509b9
297Author: Darren Tucker <dtucker@dtucker.net>
298Date: Mon Mar 5 19:28:08 2018 +1100
299
300 Check for and work around buggy fflush(NULL).
301
302 Some really old platforms (eg SunOS4) segfault on fflush(NULL) so check
303 for and work around. With klausz at haus-gisela.de.
304
305commit 71e48bc7945f867029e50e06c665c66aed6d3c64
306Author: Darren Tucker <dtucker@dtucker.net>
307Date: Mon Mar 5 10:22:32 2018 +1100
308
309 Remove extra XMSS #endif
310
311 Extra #endif breaks compile with -DWITH_XMSS. Pointed out by Jack
312 Schmidt via github.
313
314commit 055e09e2212ff52067786bf6d794ca9512ff7f0c
315Author: dtucker@openbsd.org <dtucker@openbsd.org>
316Date: Sat Mar 3 06:37:53 2018 +0000
317
318 upstream: Update RSA minimum modulus size to 1024. sshkey.h rev 1.18
319
320 bumped the minimum from 768 to 1024, update man page accordingly.
321
322 OpenBSD-Commit-ID: 27563ab4e866cd2aac40a5247876f6787c08a338
323
324commit 7e4fadd3248d6bb7d39d6688c76a613d35d2efc1
325Author: djm@openbsd.org <djm@openbsd.org>
326Date: Sun Mar 4 01:46:48 2018 +0000
327
328 upstream: for the pty control tests, just check that the PTY path
329
330 points to something in /dev (rather than checking the device node itself);
331 makes life easier for portable, where systems with dynamic ptys can delete
332 nodes before we get around to testing their existence.
333
334 OpenBSD-Regress-ID: b1e455b821e62572bccd98102f8dd9d09bb94994
335
336commit 13ef4cf53f24753fe920832b990b25c9c9cd0530
337Author: Darren Tucker <dtucker@dtucker.net>
338Date: Sat Mar 3 16:21:20 2018 +1100
339
340 Update PAM password change to new opts API.
341
342commit 33561e68e0b27366cb769295a077aabc6a49d2a1
343Author: Darren Tucker <dtucker@dtucker.net>
344Date: Sat Mar 3 14:56:09 2018 +1100
345
346 Add strndup for platforms that need it.
347
348 Some platforms don't have strndup, which includes Solaris 10, NetBSD 3
349 and FreeBSD 6.
350
351commit e8a17feba95eef424303fb94441008f6c5347aaf
352Author: Darren Tucker <dtucker@dtucker.net>
353Date: Sat Mar 3 14:49:07 2018 +1100
354
355 Flatten and alphabetize object file lists.
356
357 This will make maintenance and changes easier. "no objection" tim@
358
359commit de1920d743d295f50e6905e5957c4172c038e8eb
360Author: djm@openbsd.org <djm@openbsd.org>
361Date: Sat Mar 3 03:16:17 2018 +0000
362
363 upstream: unit tests for new authorized_keys options API
364
365 OpenBSD-Regress-ID: 820f9ec9c6301f6ca330ad4052d85f0e67d0bdc1
366
367commit dc3e92df17556dc5b0ab19cee8dcb2a6ba348717
368Author: djm@openbsd.org <djm@openbsd.org>
369Date: Fri Mar 2 02:53:27 2018 +0000
370
371 upstream: fix testing of pty option, include positive test and
372
373 testing of restrict keyword
374
375 OpenBSD-Regress-ID: 4268f27c2706a0a95e725d9518c5bcbec9814c6d
376
377commit 3d1edd1ebbc0aabea8bbe61903060f37137f7c61
378Author: djm@openbsd.org <djm@openbsd.org>
379Date: Fri Mar 2 02:51:55 2018 +0000
380
381 upstream: better testing for port-forwarding and restrict flags in
382
383 authorized_keys
384
385 OpenBSD-Regress-ID: ee771df8955f2735df54746872c6228aff381daa
386
387commit 7c856857607112a3dfe6414696bf4c7ab7fb0cb3
388Author: djm@openbsd.org <djm@openbsd.org>
389Date: Sat Mar 3 03:15:51 2018 +0000
390
391 upstream: switch over to the new authorized_keys options API and
392
393 remove the legacy one.
394
395 Includes a fairly big refactor of auth2-pubkey.c to retain less state
396 between key file lines.
397
398 feedback and ok markus@
399
400 OpenBSD-Commit-ID: dece6cae0f47751b9892080eb13d6625599573df
401
402commit 90c4bec8b5f9ec4c003ae4abdf13fc7766f00c8b
403Author: djm@openbsd.org <djm@openbsd.org>
404Date: Sat Mar 3 03:06:02 2018 +0000
405
406 upstream: Introduce a new API for handling authorized_keys options.
407
408 This API parses options to a dedicated structure rather than the old API's
409 approach of setting global state. It also includes support for merging
410 options, e.g. from authorized_keys, authorized_principals and/or
411 certificates.
412
413 feedback and ok markus@
414
415 OpenBSD-Commit-ID: 98badda102cd575210d7802943e93a34232c80a2
416
417commit 26074380767e639ef89321610e146ae11016b385
418Author: djm@openbsd.org <djm@openbsd.org>
419Date: Sat Mar 3 03:01:50 2018 +0000
420
421 upstream: warn when the agent returns a signature type that was
422
423 different to what was requested. This might happen when an old/non-OpenSSH
424 agent is asked to make a rsa-sha2-256/512 signature but only supports
425 ssh-rsa. bz#2799 feedback and ok markus@
426
427 OpenBSD-Commit-ID: 760c0f9438c5c58abc16b5f98008ff2d95cb13ce
428
429commit f493d2b0b66fb003ed29f31dd66ff1aeb64be1fc
430Author: jmc@openbsd.org <jmc@openbsd.org>
431Date: Fri Mar 2 21:40:15 2018 +0000
432
433 upstream: apply a lick of paint; tweaks/ok dtucker
434
435 OpenBSD-Commit-ID: 518a6736338045e0037f503c21027d958d05e703
436
437commit 713d9cb510e0e7759398716cbe6dcf43e574be71
438Author: djm@openbsd.org <djm@openbsd.org>
439Date: Fri Mar 2 03:02:11 2018 +0000
440
441 upstream: Allow escaped quotes \" and \' in ssh_config and
442
443 sshd_config quotes option strings. bz#1596 ok markus@
444
445 OpenBSD-Commit-ID: dd3a29fc2dc905e8780198e5a6a30b096de1a1cb
446
447commit 94b4e2d29afaaaef89a95289b16c18bf5627f7cd
448Author: djm@openbsd.org <djm@openbsd.org>
449Date: Fri Mar 2 02:08:03 2018 +0000
450
451 upstream: refactor sshkey_read() to make it a little more, err,
452
453 readable. ok markus
454
455 OpenBSD-Commit-ID: 2e9247b5762fdac3b6335dc606d3822121714c28
456
457commit 5886b92968b360623491699247caddfb77a74d80
458Author: markus@openbsd.org <markus@openbsd.org>
459Date: Thu Mar 1 20:32:16 2018 +0000
460
461 upstream: missing #ifdef for _PATH_HOST_XMSS_KEY_FILE; report by
462
463 jmc@
464
465 OpenBSD-Commit-ID: 9039cb69a3f9886bfef096891a9e7fcbd620280b
466
467commit 3b36bed3d26f17f6a2b7e036e01777770fe1bcd4
468Author: dtucker@openbsd.org <dtucker@openbsd.org>
469Date: Mon Feb 26 12:14:53 2018 +0000
470
471 upstream: Remove unneeded (local) include. ok markus@
472
473 OpenBSD-Commit-ID: 132812dd2296b1caa8cb07d2408afc28e4e60f93
474
475commit 27b9f3950e0289e225b57b7b880a8f1859dcd70b
476Author: dtucker@openbsd.org <dtucker@openbsd.org>
477Date: Mon Feb 26 03:56:44 2018 +0000
478
479 upstream: Add $OpenBSD$ markers to xmss files to help keep synced
480
481 with portable. ok djm@.
482
483 OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
484
485commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd
486Author: dtucker@openbsd.org <dtucker@openbsd.org>
487Date: Mon Feb 26 03:03:05 2018 +0000
488
489 upstream: Add newline at end of file to prevent compiler warnings.
490
491 OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
492
493commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84
494Author: Darren Tucker <dtucker@dtucker.net>
495Date: Wed Feb 28 19:59:35 2018 +1100
496
497 Add WITH_XMSS, move to prevent conflicts.
498
499 Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
500 includes.h so it's less likely to conflict and will pick up WITH_XMSS if
501 added to config.h.
502
503commit a10d8552d0d2438da4ed539275abcbf557d1e7a8
504Author: Darren Tucker <dtucker@dtucker.net>
505Date: Tue Feb 27 14:45:17 2018 +1100
506
507 Conditionally compile XMSS code.
508
509 The XMSS code is currently experimental and, unlike the rest of OpenSSH
510 cannot currently be compiled with a c89 compiler.
511
512commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b
513Author: Darren Tucker <dtucker@dtucker.net>
514Date: Mon Feb 26 12:51:29 2018 +1100
515
516 Check dlopen has RTLD_NOW before enabling pkcs11.
517
518commit 1323f120d06a26074c4d154fcbe7f49bcad3d741
519Author: Darren Tucker <dtucker@dtucker.net>
520Date: Tue Feb 27 08:41:25 2018 +1100
521
522 Check for attributes on prototype args.
523
524 Some compilers (gcc 2.9.53, 3.0 and probably others, see gcc bug #3481)
525 do not accept __attribute__ on function pointer prototype args. Check for
526 this and hide them if they're not accepted.
527
528commit f0b245b0439e600fab782d19e97980e9f2c2533c
529Author: Darren Tucker <dtucker@dtucker.net>
530Date: Mon Feb 26 11:43:48 2018 +1100
531
532 Check if HAVE_DECL_BZERO correctly.
533
534commit c7ef4a399155e1621a532cc5e08e6fa773658dd4
535Author: Darren Tucker <dtucker@dtucker.net>
536Date: Mon Feb 26 17:42:56 2018 +1100
537
538 Wrap <stdint.h> in #ifdef HAVE_STDINT_H.
539
540commit ac53ce46cf8165cbda7f57ee045f9f32e1e92b31
541Author: Darren Tucker <dtucker@dtucker.net>
542Date: Mon Feb 26 16:24:23 2018 +1100
543
544 Replace $(CURDIR) with $(PWD).
545
546 The former doesn't work on Solaris or BSDs.
547
548commit 534b2680a15d14e7e60274d5b29b812d44cc5a44
549Author: Darren Tucker <dtucker@dtucker.net>
550Date: Mon Feb 26 14:51:59 2018 +1100
551
552 Comment out hexdump().
553
554 Nothing currently uses them but they cause conflicts on at least
555 FreeBSD, possibly others. ok djm@
556
557commit 5aea4aa522f61bb2f34c3055a7de203909dfae77
558Author: Darren Tucker <dtucker@dtucker.net>
559Date: Mon Feb 26 14:39:14 2018 +1100
560
561 typo: missing ;
562
563commit cd3ab57f9b388f8b1abf601dc4d78ff82d83b75e
564Author: Darren Tucker <dtucker@dtucker.net>
565Date: Mon Feb 26 14:37:06 2018 +1100
566
567 Hook up flock() compat code.
568
569 Also a couple of minor changes: fail if we can't lock instead of
570 silently succeeding, and apply a couple of minor style fixes.
571
572commit b087998d1ba90dd1ddb6bfdb17873dc3e7392798
573Author: Darren Tucker <dtucker@dtucker.net>
574Date: Mon Feb 26 14:27:02 2018 +1100
575
576 Import flock() compat from NetBSD.
577
578 From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
579
580commit 89212533dde6798324e835b1499084658df4579e
581Author: Darren Tucker <dtucker@dtucker.net>
582Date: Mon Feb 26 12:32:14 2018 +1100
583
584 Fix breakage when REGRESSTMP not set.
585
586 BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
587 instead. Pointed out by djm@.
588
589commit f885474137df4b89498c0b8834c2ac72c47aa4bd
590Author: Damien Miller <djm@mindrot.org>
591Date: Mon Feb 26 12:18:14 2018 +1100
592
593 XMSS-related files get includes.h
594
595commit 612faa34c72e421cdc9e63f624526bae62d557cc
596Author: Damien Miller <djm@mindrot.org>
597Date: Mon Feb 26 12:17:55 2018 +1100
598
599 object files end with .o - not .c
600
601commit bda709b8e13d3eef19e69c2d1684139e3af728f5
602Author: Damien Miller <djm@mindrot.org>
603Date: Mon Feb 26 12:17:22 2018 +1100
604
605 avoid inclusion of deprecated selinux/flask.h
606
607 Use string_to_security_class() instead.
608
609commit 2e396439365c4ca352cac222717d09b14f8a0dfd
610Author: Damien Miller <djm@mindrot.org>
611Date: Mon Feb 26 11:48:27 2018 +1100
612
613 updatedepend
614
615commit 1b11ea7c58cd5c59838b5fa574cd456d6047b2d4
616Author: markus@openbsd.org <markus@openbsd.org>
617Date: Fri Feb 23 15:58:37 2018 +0000
618
619 upstream: Add experimental support for PQC XMSS keys (Extended
620
621 Hash-Based Signatures) The code is not compiled in by default (see WITH_XMSS
622 in Makefile.inc) Joint work with stefan-lukas_gazdag at genua.eu See
623 https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12 ok
624 djm@
625
626 OpenBSD-Commit-ID: ef3eccb96762a5d6f135d7daeef608df7776a7ac
627
628commit 7d330a1ac02076de98cfc8fda05353d57b603755
629Author: jmc@openbsd.org <jmc@openbsd.org>
630Date: Fri Feb 23 07:38:09 2018 +0000
631
632 upstream: some cleanup for BindInterface and ssh-keyscan;
633
634 OpenBSD-Commit-ID: 1a719ebeae22a166adf05bea5009add7075acc8c
635
636commit c7b5a47e3b9db9a0f0198f9c90c705f6307afc2b
637Author: Darren Tucker <dtucker@dtucker.net>
638Date: Sun Feb 25 23:55:41 2018 +1100
639
640 Invert sense of getpgrp test.
641
642 AC_FUNC_GETPGRP tests if getpgrp(0) works, which it does if it's not
643 declared. Instead, test if the zero-arg version we want to use works.
644
645commit b39593a6de5290650a01adf8699c6460570403c2
646Author: Darren Tucker <dtucker@dtucker.net>
647Date: Sun Feb 25 13:25:15 2018 +1100
648
649 Add no-op getsid implmentation.
650
651commit 11057564eb6ab8fd987de50c3d7f394c6f6632b7
652Author: Darren Tucker <dtucker@dtucker.net>
653Date: Sun Feb 25 11:22:57 2018 +1100
654
655 bsd-statvfs: include sys/vfs.h, check for f_flags.
656
657commit e9dede06e5bc582a4aeb5b1cd5a7a640d7de3609
658Author: Darren Tucker <dtucker@dtucker.net>
659Date: Sun Feb 25 10:20:31 2018 +1100
660
661 Handle calloc(0,x) where different from malloc.
662
663 Configure assumes that if malloc(0) returns null then calloc(0,n)
664 also does. On some old platforms (SunOS4) malloc behaves as expected
665 (as determined by AC_FUNC_MALLOC) but calloc doesn't. Test for this
666 at configure time and activate the replacement function if found, plus
667 handle this case in rpl_calloc.
668
669commit 2eb4041493fd2635ffdc64a852d02b38c4955e0b
670Author: Darren Tucker <dtucker@dtucker.net>
671Date: Sat Feb 24 21:06:48 2018 +1100
672
673 Add prototype for readv if needed.
674
675commit 6c8c9a615b6d31db8a87bc25033f053d5b0a831e
676Author: Darren Tucker <dtucker@dtucker.net>
677Date: Sat Feb 24 20:46:37 2018 +1100
678
679 Check for raise and supply if needed.
680
681commit a9004425a032d7a7141a5437cfabfd02431e2a74
682Author: Darren Tucker <dtucker@dtucker.net>
683Date: Sat Feb 24 20:25:22 2018 +1100
684
685 Check for bzero and supply if needed.
686
687 Since explicit_bzero uses it via an indirect it needs to be a function
688 not just a macro.
689
690commit 1a348359e4d2876203b5255941bae348557f4f54
691Author: djm@openbsd.org <djm@openbsd.org>
692Date: Fri Feb 23 05:14:05 2018 +0000
693
694 upstream: Add ssh-keyscan -D option to make it print its results in
695
696 SSHFP format bz#2821, ok dtucker@
697
698 OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
699
700commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c
701Author: dtucker@openbsd.org <dtucker@openbsd.org>
702Date: Fri Feb 23 04:18:46 2018 +0000
703
704 upstream: Add missing braces.
705
706 Caught by the tinderbox's -Werror=misleading-indentation, ok djm@
707
708 OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca
709
710commit b59162da99399d89bd57f71c170c0003c55b1583
711Author: Darren Tucker <dtucker@dtucker.net>
712Date: Fri Feb 23 15:20:42 2018 +1100
713
714 Check for ifaddrs.h for BindInterface.
715
716 BindInterface required getifaddr and friends so disable if not available
717 (eg Solaris 10). We should be able to add support for some systems with
718 a bit more work but this gets the building again.
719
720commit a8dd6fe0aa10b6866830b4688a73ef966f0aed88
721Author: Damien Miller <djm@mindrot.org>
722Date: Fri Feb 23 14:19:11 2018 +1100
723
724 space before tab in previous
725
726commit b5e9263c7704247f9624c8f5c458e9181fcdbc09
727Author: dtucker@openbsd.org <dtucker@openbsd.org>
728Date: Fri Feb 9 03:40:22 2018 +0000
729
730 upstream: Replace fatal with exit in the case that we do not have
731
732 $SUDO set. Prevents test failures when neither sudo nor doas are configured.
733
734 OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
735
736commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2
737Author: Darren Tucker <dtucker@dtucker.net>
738Date: Fri Feb 23 14:10:53 2018 +1100
739
740 Use portable syntax for REGRESSTMP.
741
742commit 73282b61187883a2b2bb48e087fdda1d751d6059
743Author: djm@openbsd.org <djm@openbsd.org>
744Date: Fri Feb 23 03:03:00 2018 +0000
745
746 upstream: unbreak interop test after SSHv1 purge; patch from Colin
747
748 Watson via bz#2823
749
750 OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a
751
752commit f8985dde5f46aedade0373365cbf86ed3f1aead2
753Author: dtucker@openbsd.org <dtucker@openbsd.org>
754Date: Fri Feb 9 03:42:57 2018 +0000
755
756 upstream: Skip sftp-chroot test when SUDO not set instead of
757
758 fatal().
759
760 OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88
761
762commit df88551c02d4e3445c44ff67ba8757cff718609a
763Author: dtucker@openbsd.org <dtucker@openbsd.org>
764Date: Fri Feb 9 03:40:22 2018 +0000
765
766 upstream: Replace fatal with exit in the case that we do not have
767
768 $SUDO set. Prevents test failures when neither sudo nor doas are configured.
769
770 OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
771
772commit 3b252c20b19f093e87363de197f1100b79705dd3
773Author: djm@openbsd.org <djm@openbsd.org>
774Date: Thu Feb 8 08:46:20 2018 +0000
775
776 upstream: some helpers to check verbose/quiet mode
777
778 OpenBSD-Regress-ID: e736aac39e563f5360a0935080a71d5fdcb976de
779
780commit ac2e3026bbee1367e4cda34765d1106099be3287
781Author: djm@openbsd.org <djm@openbsd.org>
782Date: Fri Feb 23 02:34:33 2018 +0000
783
784 upstream: Add BindInterface ssh_config directive and -B
785
786 command-line argument to ssh(1) that directs it to bind its outgoing
787 connection to the address of the specified network interface.
788
789 BindInterface prefers to use addresses that aren't loopback or link-
790 local, but will fall back to those if no other addresses of the
791 required family are available on that interface.
792
793 Based on patch by Mike Manning in bz#2820, ok dtucker@
794
795 OpenBSD-Commit-ID: c5064d285c2851f773dd736a2c342aa384fbf713
796
797commit fcdb9d777839a3fa034b3bc3067ba8c1f6886679
798Author: djm@openbsd.org <djm@openbsd.org>
799Date: Mon Feb 19 00:55:02 2018 +0000
800
801 upstream: emphasise that the hostkey rotation may send key types
802
803 that the client may not support, and that the client should simply disregard
804 such keys (this is what ssh does already).
805
806 OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf
807
808commit ce066f688dc166506c082dac41ca686066e3de5f
809Author: Darren Tucker <dtucker@dtucker.net>
810Date: Thu Feb 22 20:45:09 2018 +1100
811
812 Add headers for sys/audit.h.
813
814 On some older platforms (at least sunos4, probably others) sys/audit.h
815 requires some other headers. Patch from klausz at haus-gisela.de.
816
817commit 3fd2d2291a695c96a54269deae079bacce6e3fb9
818Author: Darren Tucker <dtucker@dtucker.net>
819Date: Mon Feb 19 18:37:40 2018 +1100
820
821 Add REGRESSTMP make var override.
822
823 Defaults to original location ($srcdir/regress) but allows overriding
824 if desired, eg a directory in /tmp.
825
826commit f8338428588f3ecb5243c86336eccaa28809f97e
827Author: Darren Tucker <dtucker@dtucker.net>
828Date: Sun Feb 18 15:53:15 2018 +1100
829
830 Remove now-unused check for getrusage.
831
832 getrusage was used in ssh-rand-helper but that's now long gone.
833 Patch from klauszh at haus-gisela.de.
834
835commit 8570177195f6a4b3173c0a25484a83641ee3faa6
836Author: dtucker@openbsd.org <dtucker@openbsd.org>
837Date: Fri Feb 16 04:43:11 2018 +0000
838
839 upstream: Don't send IUTF8 to servers that don't like them.
840
841 Some SSH servers eg "ConfD" drop the connection if the client sends the
842 new IUTF8 (RFC8160) terminal mode even if it's not set. Add a bug bit
843 for such servers and avoid sending IUTF8 to them. ok djm@
844
845 OpenBSD-Commit-ID: 26425855402d870c3c0a90491e72e2a8a342ceda
846
847commit f6dc2ba3c9d12be53057b9371f5109ec553a399f
848Author: Darren Tucker <dtucker@dtucker.net>
849Date: Fri Feb 16 17:32:28 2018 +1100
850
851 freezero should check for NULL.
852
853commit 680321f3eb46773883111e234b3c262142ff7c5b
854Author: djm@openbsd.org <djm@openbsd.org>
855Date: Fri Feb 16 02:40:45 2018 +0000
856
857 upstream: Mention recent DH KEX methods:
858
859 diffie-hellman-group14-sha256
860 diffie-hellman-group16-sha512
861 diffie-hellman-group18-sha512
862
863 From Jakub Jelen via bz#2826
864
865 OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a
866
867commit 88c50a5ae20902715f0fca306bb9c38514f71679
868Author: djm@openbsd.org <djm@openbsd.org>
869Date: Fri Feb 16 02:32:40 2018 +0000
870
871 upstream: stop loading DSA keys by default, remove sshd_config
872
873 stanza and manpage bits; from Colin Watson via bz#2662, ok dtucker@
874
875 OpenBSD-Commit-ID: d33a849f481684ff655c140f5eb1b4acda8c5c09
876
877commit d2b3db2860c962927def39a52f67f1c23f7b201a
878Author: jsing@openbsd.org <jsing@openbsd.org>
879Date: Wed Feb 14 16:27:24 2018 +0000
880
881 upstream: Ensure that D mod (P-1) and D mod (Q-1) are calculated in
882
883 constant time.
884
885 This avoids a potential side channel timing leak.
886
887 ok djm@ markus@
888
889 OpenBSD-Commit-ID: 71ff3c16be03290e63d8edab8fac053d8a82968c
890
891commit 4270efad7048535b4f250f493d70f9acfb201593
892Author: jsing@openbsd.org <jsing@openbsd.org>
893Date: Wed Feb 14 16:03:32 2018 +0000
894
895 upstream: Some obvious freezero() conversions.
896
897 This also zeros an ed25519_pk when it was not being zeroed previously.
898
899 ok djm@ dtucker@
900
901 OpenBSD-Commit-ID: 5c196a3c85c23ac0bd9b11bcadaedd90b7a2ce82
902
903commit affa6ba67ffccc30b85d6e98f36eb5afd9386882
904Author: Darren Tucker <dtucker@dtucker.net>
905Date: Thu Feb 15 22:32:04 2018 +1100
906
907 Remove execute bit from modpipe.c.
908
909commit 9879dca438526ae6dfd656fecb26b0558c29c731
910Author: Darren Tucker <dtucker@dtucker.net>
911Date: Thu Feb 15 22:26:16 2018 +1100
912
913 Update prngd link to point to sourceforge.
914
915commit b6973fa5152b1a0bafd2417b7c3ad96f6e87d014
916Author: Darren Tucker <dtucker@dtucker.net>
917Date: Thu Feb 15 22:22:38 2018 +1100
918
919 Remove references to UNICOS.
920
921commit f1ca487940449f0b64f38f1da575078257609966
922Author: Darren Tucker <dtucker@dtucker.net>
923Date: Thu Feb 15 22:18:37 2018 +1100
924
925 Remove extra newline.
926
927commit 6d4e980f3cf27f409489cf89cd46c21501b13731
928Author: Darren Tucker <dtucker@dtucker.net>
929Date: Thu Feb 15 22:16:54 2018 +1100
930
931 OpenSSH's builtin entropy gathering is long gone.
932
933commit 389125b25d1a1d7f22e907463b7e8eca74af79ea
934Author: Darren Tucker <dtucker@dtucker.net>
935Date: Thu Feb 15 21:43:01 2018 +1100
936
937 Replace remaining mysignal() with signal().
938
939 These seem to have been missed during the replacement of mysignal
940 with #define signal in commit 5ade9ab. Both include the requisite
941 headers to pick up the #define.
942
943commit 265d88d4e61e352de6791733c8b29fa3d7d0c26d
944Author: Darren Tucker <dtucker@dtucker.net>
945Date: Thu Feb 15 20:06:19 2018 +1100
946
947 Remove remaining now-obsolete cvs $Ids.
948
949commit 015749e9b1d2f6e14733466d19ba72f014d0845c
950Author: Darren Tucker <dtucker@dtucker.net>
951Date: Thu Feb 15 17:01:54 2018 +1100
952
953 Regenerate dependencies after UNICOS removal.
954
955commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7
956Author: Darren Tucker <dtucker@dtucker.net>
957Date: Tue Feb 13 09:10:46 2018 +1100
958
959 Remove UNICOS support.
960
961 The code required to support it is quite invasive to the mainline
962 code that is synced with upstream and is an ongoing maintenance burden.
963 Both the hardware and software are literal museum pieces these days and
964 we could not find anyone still running OpenSSH on one.
965
966commit 174bed686968494723e6db881208cc4dac0d020f
967Author: Darren Tucker <dtucker@dtucker.net>
968Date: Tue Feb 13 18:12:47 2018 +1100
969
970 Retpoline linker flag only needed for linking.
971
972commit 075e258c2cc41e1d7f3ea2d292c5342091728d40
973Author: Darren Tucker <dtucker@dtucker.net>
974Date: Tue Feb 13 17:36:43 2018 +1100
975
976 Default PidFile is sshd.pid not ssh.pid.
977
978commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df
979Author: Darren Tucker <dtucker@dtucker.net>
980Date: Tue Feb 13 16:27:09 2018 +1100
981
982 Remove assigned-to-but-never-used variable.
983
984 'p' was removed in previous change but I neglected to remove the
985 otherwise-unused assignment to it.
986
987commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1
988Author: djm@openbsd.org <djm@openbsd.org>
989Date: Tue Feb 13 03:36:56 2018 +0000
990
991 upstream: remove space before tab
992
993 OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890
994
995commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab
996Author: dtucker@openbsd.org <dtucker@openbsd.org>
997Date: Sun Feb 11 21:16:56 2018 +0000
998
999 upstream Don't reset signal handlers inside handlers.
1000
1001 The signal handlers from the original ssh1 code on which OpenSSH
1002 is based assume unreliable signals and reinstall their handlers.
1003 Since OpenBSD (and pretty much every current system) has reliable
1004 signals this is not needed. In the unlikely even that -portable
1005 is still being used on such systems we will deal with it in the
1006 compat layer. ok deraadt@
1007
1008 OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
1009
1010commit 3c51143c639ac686687c7acf9b373b8c08195ffb
1011Author: Darren Tucker <dtucker@dtucker.net>
1012Date: Tue Feb 13 09:07:29 2018 +1100
1013
1014 Whitespace sync with upstream.
1015
1016commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7
1017Author: Darren Tucker <dtucker@dtucker.net>
1018Date: Tue Feb 13 08:25:46 2018 +1100
1019
1020 Whitespace sync with upstream.
1021
1022commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711
1023Author: Darren Tucker <dtucker@dtucker.net>
1024Date: Sun Feb 11 21:25:11 2018 +1300
1025
1026 Move signal compat code into bsd-signal.{c,h}
1027
1028commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab
1029Author: Darren Tucker <dtucker@dtucker.net>
1030Date: Sun Feb 11 21:20:39 2018 +1300
1031
1032 Include headers for linux/if.h.
1033
1034 Prevents configure-time "present but cannot be compiled" warning.
1035
1036commit bc02181c24fc551aab85eb2cff0f90380928ef43
1037Author: Darren Tucker <dtucker@dtucker.net>
1038Date: Sun Feb 11 19:45:47 2018 +1300
1039
1040 Fix test for -z,retpolineplt linker flag.
1041
1042commit 3377df00ea3fece5293db85fe63baef33bf5152e
1043Author: Darren Tucker <dtucker@dtucker.net>
1044Date: Sun Feb 11 09:32:37 2018 +1100
1045
1046 Add checks for Spectre v2 mitigation (retpoline)
1047
1048 This adds checks for gcc and clang flags for mitigations for Spectre
1049 variant 2, ie "retpoline". It'll automatically enabled if the compiler
1050 supports it as part of toolchain hardening flag. ok djm@
1051
1052commit d9e5cf078ea5380da6df767bb1773802ec557ef0
1053Author: djm@openbsd.org <djm@openbsd.org>
1054Date: Sat Feb 10 09:25:34 2018 +0000
1055
1056 upstream commit
1057
1058 constify some private key-related functions; based on
1059 https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
1060
1061 OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
1062
1063commit a7c38215d564bf98e8e9eb40c1079e3adf686f15
1064Author: djm@openbsd.org <djm@openbsd.org>
1065Date: Sat Feb 10 09:03:54 2018 +0000
1066
1067 upstream commit
1068
1069 Mention ServerAliveTimeout in context of TCPKeepAlives;
1070 prompted by Christoph Anton Mitterer via github
1071
1072 OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
1073
1074commit 62562ceae61e4f7cf896566592bb840216e71061
1075Author: djm@openbsd.org <djm@openbsd.org>
1076Date: Sat Feb 10 06:54:38 2018 +0000
1077
1078 upstream commit
1079
1080 clarify IgnoreUserKnownHosts; based on github PR from
1081 Christoph Anton Mitterer.
1082
1083 OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3
1084
1085commit 4f011daa4cada6450fa810f7563b8968639bb562
1086Author: djm@openbsd.org <djm@openbsd.org>
1087Date: Sat Feb 10 06:40:28 2018 +0000
1088
1089 upstream commit
1090
1091 Shorter, more accurate explanation of
1092 NoHostAuthenticationForLocalhost without the confusing example. Prompted by
1093 Christoph Anton Mitterer via github and bz#2293.
1094
1095 OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df
1096
1097commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f
1098Author: djm@openbsd.org <djm@openbsd.org>
1099Date: Sat Feb 10 06:15:12 2018 +0000
1100
1101 upstream commit
1102
1103 Disable RemoteCommand and RequestTTY in the ssh session
1104 started by scp. sftp is already doing this. From Camden Narzt via github; ok
1105 dtucker
1106
1107 OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b
1108
1109commit ca613249a00b64b2eea9f52d3834b55c28cf2862
1110Author: djm@openbsd.org <djm@openbsd.org>
1111Date: Sat Feb 10 05:48:46 2018 +0000
1112
1113 upstream commit
1114
1115 Refuse to create a certificate with an unusable number of
1116 principals; Prompted by gdestuynder via github
1117
1118 OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29
1119
1120commit b56ac069d46b6f800de34e1e935f98d050731d14
1121Author: djm@openbsd.org <djm@openbsd.org>
1122Date: Sat Feb 10 05:43:26 2018 +0000
1123
1124 upstream commit
1125
1126 fatal if we're unable to write all the public key; previously
1127 we would silently ignore errors writing the comment and terminating newline.
1128 Prompted by github PR from WillerZ; ok dtucker
1129
1130 OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831
1131
1132commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db
1133Author: Darren Tucker <dtucker@dtucker.net>
1134Date: Sat Feb 10 11:18:38 2018 +1100
1135
1136 Add changelog entry for binary strip change.
1137
1138commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf
1139Author: Darren Tucker <dtucker@dtucker.net>
1140Date: Sat Feb 10 11:14:54 2018 +1100
1141
1142 Remove unused variables.
1143
1144commit 937d96587df99c16c611d828cded292fa474a32b
1145Author: Darren Tucker <dtucker@dtucker.net>
1146Date: Sat Feb 10 11:12:45 2018 +1100
1147
1148 Don't strip binaries so debuginfo gets built.
1149
1150 Tell install not to strip binaries during package creation so that the
1151 debuginfo package can be built.
1152
1153commit eb0865f330f59c889ec92696b97bd397090e720c
1154Author: Darren Tucker <dtucker@dtucker.net>
1155Date: Sat Feb 10 10:33:11 2018 +1100
1156
1157 Fix bogus dates in changelog.
1158
1159commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165
1160Author: Darren Tucker <dtucker@dtucker.net>
1161Date: Sat Feb 10 10:25:15 2018 +1100
1162
1163 Remove SSH1 from description.
1164
1165commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4
1166Author: Darren Tucker <dtucker@dtucker.net>
1167Date: Sat Feb 10 10:19:16 2018 +1100
1168
1169 Add support for compat-openssl10 build dep.
1170
1171commit 04f4e8193cb5a5a751fcc356bd6656291fec539e
1172Author: Darren Tucker <dtucker@dtucker.net>
1173Date: Sat Feb 10 09:57:04 2018 +1100
1174
1175 Add leading zero so it'll work when rhel not set.
1176
1177 When rhel is not set it will error out with "bad if". Add leading zero
1178 as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
1179 on non-RHEL.
1180
1181commit 12abd67a6af28476550807a443b38def2076bb92
1182Author: Darren Tucker <dtucker@dtucker.net>
1183Date: Sat Feb 10 09:56:34 2018 +1100
1184
1185 Update openssl-devel dependency.
1186
1187commit b33e7645f8813719d7f9173fef24463c8833ebb3
1188Author: nkadel <nkadel@gmail.com>
1189Date: Sun Nov 16 18:19:58 2014 -0500
1190
1191 Add mandir with-mandir' for RHEL 5 compatibility.
1192
1193 Activate '--mandir' and '--with-mandir' settings in setup for RHEL
1194 5 compatibility.
1195
1196commit 94f8bf360eb0162e39ddf39d69925c2e93511e40
1197Author: nkadel <nkadel@gmail.com>
1198Date: Sun Nov 16 18:18:51 2014 -0500
1199
1200 Discard 'K5DIR' reporting.
1201
1202 It does not work inside 'mock' build environment.
1203
1204commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5
1205Author: nkadel <nkadel@gmail.com>
1206Date: Sun Nov 16 18:17:15 2014 -0500
1207
1208 Add 'dist' to 'rel' for OS specific RPM names.
1209
1210commit 87346f1f57f71150a9b8c7029d8c210e27027716
1211Author: nkadel <nkadel@gmail.com>
1212Date: Sun Nov 16 14:17:38 2014 -0500
1213
1214 Add openssh-devel >= 0.9.8f for redhat spec file.
1215
1216commit bec1478d710866d3c1b119343a35567a8fc71ec3
1217Author: nkadel <nkadel@gmail.com>
1218Date: Sun Nov 16 13:10:24 2014 -0500
1219
1220 Enhance BuildRequires for openssh-x11-askpass.
1221
1222commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f
1223Author: nkadel <nkadel@gmail.com>
1224Date: Sun Nov 16 13:04:14 2014 -0500
1225
1226 Always include x11-ssh-askpass SRPM.
1227
1228 Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
1229
1230commit c61d0d038d58eebc365f31830be6e04ce373ad1b
1231Author: Damien Miller <djm@mindrot.org>
1232Date: Sat Feb 10 09:43:12 2018 +1100
1233
1234 this is long unused; prompted by dtucker@
1235
1236commit 745771fb788e41bb7cdad34e5555bf82da3af7ed
1237Author: dtucker@openbsd.org <dtucker@openbsd.org>
1238Date: Fri Feb 9 02:37:36 2018 +0000
1239
1240 upstream commit
1241
1242 Remove unused sKerberosTgtPassing from enum. From
1243 calestyo via github pull req #11, ok djm@
1244
1245 OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
1246
1247commit 1f385f55332db830b0ae22a7663b98279ca2d657
1248Author: dtucker@openbsd.org <dtucker@openbsd.org>
1249Date: Thu Feb 8 04:12:32 2018 +0000
1250
1251 upstream commit
1252
1253 Rename struct umac_ctx to umac128_ctx too. In portable
1254 some linkers complain about two symbols with the same name having differing
1255 sizes. ok djm@
1256
1257 OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
1258
1259commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf
1260Author: dtucker@openbsd.org <dtucker@openbsd.org>
1261Date: Wed Feb 7 22:52:45 2018 +0000
1262
1263 upstream commit
1264
1265 ssh_free checks for and handles NULL args, remove NULL
1266 checks from remaining callers. ok djm@
1267
1268 OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
1269
1270commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c
1271Author: Darren Tucker <dtucker@dtucker.net>
1272Date: Thu Feb 8 12:36:22 2018 +1100
1273
1274 Set SO_REUSEADDR in regression test netcat.
1275
1276 Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
1277 Address already in use" which is likely due to previous invocations
1278 leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to
1279 SO_REUSEPORT which is alread set on platforms that support it). ok djm@
1280
1281commit 1749991c55bab716877b7c687cbfbf19189ac6f1
1282Author: jsing@openbsd.org <jsing@openbsd.org>
1283Date: Wed Feb 7 05:17:56 2018 +0000
1284
1285 upstream commit
1286
1287 Convert some explicit_bzero()/free() calls to freezero().
1288
1289 ok deraadt@ dtucker@
1290
1291 OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609
1292
1293commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2
1294Author: jsing@openbsd.org <jsing@openbsd.org>
1295Date: Wed Feb 7 05:15:49 2018 +0000
1296
1297 upstream commit
1298
1299 Remove some #ifdef notyet code from OpenSSL 0.9.8 days.
1300
1301 These functions have never appeared in OpenSSL and are likely never to do
1302 so.
1303
1304 "kill it with fire" djm@
1305
1306 OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e
1307
1308commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377
1309Author: jsing@openbsd.org <jsing@openbsd.org>
1310Date: Wed Feb 7 02:06:50 2018 +0000
1311
1312 upstream commit
1313
1314 Remove all guards for calls to OpenSSL free functions -
1315 all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards.
1316
1317 Prompted by dtucker@ asking about guards for RSA_free(), when looking at
1318 openssh-portable pr#84 on github.
1319
1320 ok deraadt@ dtucker@
1321
1322 OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae
1323
1324commit 3c000d57d46882eb736c6563edfc4995915c24a2
1325Author: Darren Tucker <dtucker@dtucker.net>
1326Date: Wed Feb 7 09:19:38 2018 +1100
1327
1328 Remove obsolete "Smartcard support" message
1329
1330 The configure checks that populated $SCARD_MSG were removed in commits
1331 7ea845e4 and d8f60022 when the smartcard support was replaced with
1332 PKCS#11.
1333
1334commit 3e615090de0ce36a833d811e01c28aec531247c4
1335Author: dtucker@openbsd.org <dtucker@openbsd.org>
1336Date: Tue Feb 6 06:01:54 2018 +0000
1337
1338 upstream commit
1339
1340 Replace "trojan horse" with the correct term (MITM).
1341 From maikel at predikkta.com via bz#2822, ok markus@
1342
1343 OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
1344
1345commit 3484380110d437c50e17f87d18544286328c75cb
1346Author: tb@openbsd.org <tb@openbsd.org>
1347Date: Mon Feb 5 05:37:46 2018 +0000
1348
1349 upstream commit
1350
1351 Add a couple of non-negativity checks to avoid close(-1).
1352
1353 ok djm
1354
1355 OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880
1356
1357commit 5069320be93c8b2a6584b9f944c86f60c2b04e48
1358Author: tb@openbsd.org <tb@openbsd.org>
1359Date: Mon Feb 5 05:36:49 2018 +0000
1360
1361 upstream commit
1362
1363 The file descriptors for socket, stdin, stdout and stderr
1364 aren't necessarily distinct, so check if they are the same to avoid closing
1365 the same fd several times.
1366
1367 ok djm
1368
1369 OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1
1370
1371commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d
1372Author: djm@openbsd.org <djm@openbsd.org>
1373Date: Mon Feb 5 04:02:53 2018 +0000
1374
1375 upstream commit
1376
1377 I accidentially a word
1378
1379 OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
1380
1381commit 130283d5c2545ff017c2162dc1258c5354e29399
1382Author: djm@openbsd.org <djm@openbsd.org>
1383Date: Thu Jan 25 03:34:43 2018 +0000
1384
1385 upstream commit
1386
1387 certificate options are case-sensitive; fix case on one
1388 that had it wrong.
1389
1390 move a badly-place sentence to a less bad place
1391
1392 OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
1393
1394commit 89f09ee68730337015bf0c3f138504494a34e9a6
1395Author: Damien Miller <djm@mindrot.org>
1396Date: Wed Jan 24 12:20:44 2018 +1100
1397
1398 crypto_api.h needs includes.h
1399
1400commit c9c1bba06ad1c7cad8548549a68c071bd807af60
1401Author: stsp@openbsd.org <stsp@openbsd.org>
1402Date: Tue Jan 23 20:00:58 2018 +0000
1403
1404 upstream commit
1405
1406 Fix a logic bug in sshd_exchange_identification which
1407 prevented clients using major protocol version 2 from connecting to the
1408 server. ok millert@
1409
1410 OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
1411
1412commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb
1413Author: stsp@openbsd.org <stsp@openbsd.org>
1414Date: Tue Jan 23 18:33:49 2018 +0000
1415
1416 upstream commit
1417
1418 Add missing braces; fixes 'write: Socket is not
1419 connected' error in ssh. ok deraadt@
1420
1421 OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24
1422
1423commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a
1424Author: Damien Miller <djm@mindrot.org>
1425Date: Tue Jan 23 16:49:43 2018 +1100
1426
1427 rebuild depends
1428
1429commit 552ea155be44f9c439c1f9f0c38f9e593428f838
1430Author: Damien Miller <djm@mindrot.org>
1431Date: Tue Jan 23 16:49:22 2018 +1100
1432
1433 one SSH_BUG_BANNER instance that got away
1434
1435commit 14b5c635d1190633b23ac3372379517fb645b0c2
1436Author: djm@openbsd.org <djm@openbsd.org>
1437Date: Tue Jan 23 05:27:21 2018 +0000
1438
1439 upstream commit
1440
1441 Drop compatibility hacks for some ancient SSH
1442 implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
1443
1444 These versions were all released in or before 2001 and predate the
1445 final SSH RFCs. The hacks in question aren't necessary for RFC-
1446 compliant SSH implementations.
1447
1448 ok markus@
1449
1450 OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
1451
1452commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb
1453Author: djm@openbsd.org <djm@openbsd.org>
1454Date: Tue Jan 23 05:17:04 2018 +0000
1455
1456 upstream commit
1457
1458 try harder to preserve errno during
1459 ssh_connect_direct() to make the final error message possibly accurate;
1460 bz#2814, ok dtucker@
1461
1462 OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
1463
1464commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec
1465Author: djm@openbsd.org <djm@openbsd.org>
1466Date: Tue Jan 23 05:12:12 2018 +0000
1467
1468 upstream commit
1469
1470 unbreak support for clients that advertise a protocol
1471 version of "1.99" (indicating both v2 and v1 support). Busted by me during
1472 SSHv1 purge in r1.358; bz2810, ok dtucker
1473
1474 OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
1475
1476commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d
1477Author: djm@openbsd.org <djm@openbsd.org>
1478Date: Tue Jan 23 05:06:25 2018 +0000
1479
1480 upstream commit
1481
1482 don't attempt to force hostnames that are addresses to
1483 lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
1484 remove ambiguities (e.g. ::0001 => ::1) before they are matched against
1485 known_hosts; bz#2763, ok dtucker@
1486
1487 OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0
1488
1489commit d6364f6fb1a3d753d7ca9bf15b2adce961324513
1490Author: djm@openbsd.org <djm@openbsd.org>
1491Date: Tue Jan 23 05:01:15 2018 +0000
1492
1493 upstream commit
1494
1495 avoid modifying pw->pw_passwd; let endpwent() clean up
1496 for us, but keep a scrubbed copy; bz2777, ok dtucker@
1497
1498 OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752
1499
1500commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215
1501Author: naddy@openbsd.org <naddy@openbsd.org>
1502Date: Sat Jan 13 00:24:09 2018 +0000
1503
1504 upstream commit
1505
1506 clarify authorship; prodded by and ok markus@
1507
1508 OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c
1509
1510commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4
1511Author: markus@openbsd.org <markus@openbsd.org>
1512Date: Mon Jan 8 15:37:21 2018 +0000
1513
1514 upstream commit
1515
1516 group shared source files (e.g. SRCS_KEX) and allow
1517 compilation w/o OPENSSL ok djm@
1518
1519 OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62
1520
1521commit 25cf9105b849932fc3b141590c009e704f2eeba6
1522Author: markus@openbsd.org <markus@openbsd.org>
1523Date: Mon Jan 8 15:21:49 2018 +0000
1524
1525 upstream commit
1526
1527 move subprocess() so scp/sftp do not need uidswap.o; ok
1528 djm@
1529
1530 OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8
1531
1532commit b0d34132b3ca26fe94013f01d7b92101e70b68bb
1533Author: markus@openbsd.org <markus@openbsd.org>
1534Date: Mon Jan 8 15:18:46 2018 +0000
1535
1536 upstream commit
1537
1538 switch ssh-pkcs11-helper to new API; ok djm@
1539
1540 OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42
1541
1542commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3
1543Author: markus@openbsd.org <markus@openbsd.org>
1544Date: Mon Jan 8 15:15:36 2018 +0000
1545
1546 upstream commit
1547
1548 split client/server kex; only ssh-keygen needs
1549 uuencode.o; only scp/sftp use progressmeter.o; ok djm@
1550
1551 OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee
1552
1553commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e
1554Author: markus@openbsd.org <markus@openbsd.org>
1555Date: Mon Jan 8 15:15:17 2018 +0000
1556
1557 upstream commit
1558
1559 only ssh-keygen needs uuencode.o; only scp/sftp use
1560 progressmeter.o
1561
1562 OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85
1563
1564commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172
1565Author: markus@openbsd.org <markus@openbsd.org>
1566Date: Mon Jan 8 15:14:44 2018 +0000
1567
1568 upstream commit
1569
1570 uuencode.h is not used
1571
1572 OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
1573
1574commit 4f29309c4cb19bcb1774931db84cacc414f17d29
1575Author: Damien Miller <djm@mindrot.org>
1576Date: Wed Jan 3 19:50:43 2018 +1100
1577
1578 unbreak fuzz harness
1579
1580commit f6b50bf84dc0b61f22c887c00423e0ea7644e844
1581Author: djm@openbsd.org <djm@openbsd.org>
1582Date: Thu Dec 21 05:46:35 2017 +0000
1583
1584 upstream commit
1585
1586 another libssh casualty
1587
1588 OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec
1589
1590commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13
1591Author: djm@openbsd.org <djm@openbsd.org>
1592Date: Thu Dec 21 03:01:49 2017 +0000
1593
1594 upstream commit
1595
1596 missed one (unbreak after ssh/lib removal)
1597
1598 OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322
1599
1600commit e6c4134165d05447009437a96e7201276688807f
1601Author: djm@openbsd.org <djm@openbsd.org>
1602Date: Thu Dec 21 00:41:22 2017 +0000
1603
1604 upstream commit
1605
1606 unbreak unit tests after removal of src/usr.bin/ssh/lib
1607
1608 OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9
1609
1610commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe
1611Author: djm@openbsd.org <djm@openbsd.org>
1612Date: Thu Dec 21 00:00:28 2017 +0000
1613
1614 upstream commit
1615
1616 revert stricter key type / signature type checking in
1617 userauth path; too much software generates inconsistent messages, so we need
1618 a better plan.
1619
1620 OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519
1621
1622commit c5a6cbdb79752f7e761074abdb487953ea6db671
1623Author: djm@openbsd.org <djm@openbsd.org>
1624Date: Tue Dec 19 00:49:30 2017 +0000
1625
1626 upstream commit
1627
1628 explicitly test all key types and their certificate
1629 counterparts
1630
1631 refactor a little
1632
1633 OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4
1634
1635commit f689adb7a370b5572612d88be9837ca9aea75447
1636Author: dtucker@openbsd.org <dtucker@openbsd.org>
1637Date: Mon Dec 11 11:41:56 2017 +0000
1638
1639 upstream commit
1640
1641 use cmp in a loop instead of diff -N to compare
1642 directories. The former works on more platforms for Portable.
1643
1644 OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099
1645
1646commit 748dd8e5de332b24c40f4b3bbedb902acb048c98
1647Author: Damien Miller <djm@mindrot.org>
1648Date: Tue Dec 19 16:17:59 2017 +1100
1649
1650 remove blocks.c from Makefile
1651
1652commit 278856320520e851063b06cef6ef1c60d4c5d652
1653Author: djm@openbsd.org <djm@openbsd.org>
1654Date: Tue Dec 19 00:24:34 2017 +0000
1655
1656 upstream commit
1657
1658 include signature type and CA key (if applicable) in some
1659 debug messages
1660
1661 OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
1662
1663commit 7860731ef190b52119fa480f8064ab03c44a120a
1664Author: djm@openbsd.org <djm@openbsd.org>
1665Date: Mon Dec 18 23:16:23 2017 +0000
1666
1667 upstream commit
1668
1669 unbreak hostkey rotation; attempting to sign with a
1670 desired signature algorithm of kex->hostkey_alg is incorrect when the key
1671 type isn't capable of making those signatures. ok markus@
1672
1673 OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
1674
1675commit 966ef478339ad5e631fb684d2a8effe846ce3fd4
1676Author: djm@openbsd.org <djm@openbsd.org>
1677Date: Mon Dec 18 23:14:34 2017 +0000
1678
1679 upstream commit
1680
1681 log mismatched RSA signature types; ok markus@
1682
1683 OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418
1684
1685commit 349ecd4da3a985359694a74635748009be6baca6
1686Author: djm@openbsd.org <djm@openbsd.org>
1687Date: Mon Dec 18 23:13:42 2017 +0000
1688
1689 upstream commit
1690
1691 pass kex->hostkey_alg and kex->hostkey_nid from pre-auth
1692 to post-auth unpriviledged child processes; ok markus@
1693
1694 OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302
1695
1696commit c9e37a8725c083441dd34a8a53768aa45c3c53fe
1697Author: millert@openbsd.org <millert@openbsd.org>
1698Date: Mon Dec 18 17:28:54 2017 +0000
1699
1700 upstream commit
1701
1702 Add helper function for uri handing in scp where a
1703 missing path simply means ".". Also fix exit code and add warnings when an
1704 invalid uri is encountered. OK otto@
1705
1706 OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a
1707
1708commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0
1709Author: djm@openbsd.org <djm@openbsd.org>
1710Date: Mon Dec 18 02:25:15 2017 +0000
1711
1712 upstream commit
1713
1714 pass negotiated signing algorithm though to
1715 sshkey_verify() and check that the negotiated algorithm matches the type in
1716 the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@
1717
1718 OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9
1719
1720commit 931c78dfd7fe30669681a59e536bbe66535f3ee9
1721Author: djm@openbsd.org <djm@openbsd.org>
1722Date: Mon Dec 18 02:22:29 2017 +0000
1723
1724 upstream commit
1725
1726 sshkey_sigtype() function to return the type of a
1727 signature; ok markus@
1728
1729 OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8
1730
1731commit 4cdc5956f2fcc9e9078938db833142dc07d8f523
1732Author: naddy@openbsd.org <naddy@openbsd.org>
1733Date: Thu Dec 14 21:07:39 2017 +0000
1734
1735 upstream commit
1736
1737 Replace ED25519's private SHA-512 implementation with a
1738 call to the regular digest code. This speeds up compilation considerably. ok
1739 markus@
1740
1741 OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c
1742
1743commit 012e5cb839faf76549e3b6101b192fe1a74d367e
1744Author: naddy@openbsd.org <naddy@openbsd.org>
1745Date: Tue Dec 12 15:06:12 2017 +0000
1746
1747 upstream commit
1748
1749 Create a persistent umac128.c source file: #define the
1750 output size and the name of the entry points for UMAC-128 before including
1751 umac.c. Idea from FreeBSD. ok dtucker@
1752
1753 OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1
1754
1755commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7
1756Author: Darren Tucker <dtucker@zip.com.au>
1757Date: Mon Dec 11 16:23:28 2017 +1100
1758
1759 Update .depend with empty config.h
1760
1761commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3
1762Author: Darren Tucker <dtucker@zip.com.au>
1763Date: Mon Dec 11 16:21:55 2017 +1100
1764
1765 Ensure config.h is always in dependencies.
1766
1767 Put an empty config.h into the dependency list to ensure that it's
1768 always listed and consistent.
1769
1770commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71
1771Author: deraadt@openbsd.org <deraadt@openbsd.org>
1772Date: Sun Dec 10 19:37:57 2017 +0000
1773
1774 upstream commit
1775
1776 ssh/lib hasn't worked towards our code-sharing goals for
1777 a quit while, perhaps it is too verbose? Change each */Makefile to
1778 specifying exactly what sources that program requires, compiling it seperate.
1779 Maybe we'll iterate by sorting those into seperatable chunks, splitting up
1780 files which contain common code + server/client specific code, or whatnot.
1781 But this isn't one step, or we'd have done it a long time ago.. ok dtucker
1782 markus djm
1783
1784 OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d
1785
1786commit 48c23a39a8f1069a57264dd826f6c90aa12778d5
1787Author: dtucker@openbsd.org <dtucker@openbsd.org>
1788Date: Sun Dec 10 05:55:29 2017 +0000
1789
1790 upstream commit
1791
1792 Put remote client info back into the ClientAlive
1793 connection termination message. Based in part on diff from lars.nooden at
1794 gmail, ok djm
1795
1796 OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
1797
1798commit aabd75ec76575c1b17232e6526a644097cd798e5
1799Author: deraadt@openbsd.org <deraadt@openbsd.org>
1800Date: Fri Dec 8 03:45:52 2017 +0000
1801
1802 upstream commit
1803
1804 time_t printing needs %lld and (long long) casts ok djm
1805
1806 OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7
1807
1808commit fd4eeeec16537870bd40d04836c7906ec141c17d
1809Author: djm@openbsd.org <djm@openbsd.org>
1810Date: Fri Dec 8 02:14:33 2017 +0000
1811
1812 upstream commit
1813
1814 fix ordering in previous to ensure errno isn't clobbered
1815 before logging.
1816
1817 OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
1818
1819commit 155072fdb0d938015df828836beb2f18a294ab8a
1820Author: djm@openbsd.org <djm@openbsd.org>
1821Date: Fri Dec 8 02:13:02 2017 +0000
1822
1823 upstream commit
1824
1825 for some reason unix_listener() logged most errors twice
1826 with each message containing only some of the useful information; merge these
1827
1828 OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
1829
1830commit 79c0e1d29959304e5a49af1dbc58b144628c09f3
1831Author: Darren Tucker <dtucker@zip.com.au>
1832Date: Mon Dec 11 14:38:33 2017 +1100
1833
1834 Add autogenerated dependency info to Makefile.
1835
1836 Adds a .depend file containing dependency information generated by
1837 makedepend, which is appended to the generated Makefile by configure.
1838
1839 You can regen the file with "make -f Makefile.in depend" if necessary,
1840 but we'll be looking at some way to automatically keep this up to date.
1841
1842 "no objection" djm@
1843
1844commit f001de8fbf7f3faddddd8efd03df18e57601f7eb
1845Author: Darren Tucker <dtucker@zip.com.au>
1846Date: Mon Dec 11 13:42:51 2017 +1100
1847
1848 Fix pasto in ldns handling.
1849
1850 When ldns-config is not found, configure would check the wrong variable.
1851 ok djm@
1852
1853commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee
1854Author: Darren Tucker <dtucker@zip.com.au>
1855Date: Sat Dec 9 10:12:23 2017 +1100
1856
1857 Portable switched to git so s/CVS/git/.
1858
1859commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b
1860Author: Darren Tucker <dtucker@zip.com.au>
1861Date: Sat Dec 9 08:06:00 2017 +1100
1862
1863 Remove now-used check for perl.
1864
1865commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240
1866Author: djm@openbsd.org <djm@openbsd.org>
1867Date: Wed Dec 6 05:06:21 2017 +0000
1868
1869 upstream commit
1870
1871 don't accept junk after "yes" or "no" responses to
1872 hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@
1873
1874 OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c
1875
1876commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0
1877Author: dtucker@openbsd.org <dtucker@openbsd.org>
1878Date: Tue Dec 5 23:59:47 2017 +0000
1879
1880 upstream commit
1881
1882 Replace atoi and strtol conversions for integer arguments
1883 to config keywords with a checking wrapper around strtonum. This will
1884 prevent and flag invalid and negative arguments to these keywords. ok djm@
1885
1886 OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
1887
1888commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84
1889Author: dtucker@openbsd.org <dtucker@openbsd.org>
1890Date: Tue Dec 5 23:56:07 2017 +0000
1891
1892 upstream commit
1893
1894 Add missing break for rdomain. Prevents spurious
1895 "Deprecated option" warnings. ok djm@
1896
1897 OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a
1898
1899commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198
1900Author: djm@openbsd.org <djm@openbsd.org>
1901Date: Tue Dec 5 01:30:19 2017 +0000
1902
1903 upstream commit
1904
1905 include the addr:port in bind/listen failure messages
1906
1907 OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
1908
1909commit a8c89499543e2d889629c4e5e8dcf47a655cf889
1910Author: dtucker@openbsd.org <dtucker@openbsd.org>
1911Date: Wed Nov 29 05:49:54 2017 +0000
1912
1913 upstream commit
1914
1915 Import updated moduli.
1916
1917 OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a
1918
1919commit 3dde09ab38c8e1cfc28252be473541a81bc57097
1920Author: dtucker@openbsd.org <dtucker@openbsd.org>
1921Date: Tue Nov 28 21:10:22 2017 +0000
1922
1923 upstream commit
1924
1925 Have sftp print a warning about shell cleanliness when
1926 decoding the first packet fails, which is usually caused by shells polluting
1927 stdout of non-interactive starups. bz#2800, ok markus@ deraadt@.
1928
1929 OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5
1930
1931commit 6c8a246437f612ada8541076be2414846d767319
1932Author: Darren Tucker <dtucker@zip.com.au>
1933Date: Fri Dec 1 17:11:47 2017 +1100
1934
1935 Replace mkinstalldirs with mkdir -p.
1936
1937 Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir:
1938 cannot create directory:... File exists" during "make install".
1939 Patch from eb at emlix.com.
1940
1941commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023
1942Author: Darren Tucker <dtucker@zip.com.au>
1943Date: Fri Dec 1 17:07:08 2017 +1100
1944
1945 Pull in newer install-sh from autoconf-2.69.
1946
1947 Suggested by eb at emlix.com
1948
1949commit 79226e5413c5b0fda3511351a8511ff457e306d8
1950Author: Darren Tucker <dtucker@zip.com.au>
1951Date: Fri Dec 1 16:55:35 2017 +1100
1952
1953 Remove RSA1 host key generation.
1954
1955 SSH1 support is now gone, remove SSH1 key generation.
1956 Patch from eb at emlix.com.
1957
1958commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb
1959Author: djm@openbsd.org <djm@openbsd.org>
1960Date: Tue Nov 28 06:09:38 2017 +0000
1961
1962 upstream commit
1963
1964 more whitespace errors
1965
1966 OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb
1967
1968commit 7f257bf3fd3a759f31098960cbbd1453fafc4164
1969Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
1970Date: Tue Nov 28 06:04:51 2017 +0000
1971
1972 upstream commit
1973
1974 whitespace at EOL
1975
1976 OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a
1977
1978commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4
1979Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>
1980Date: Sat Nov 25 06:46:22 2017 +0000
1981
1982 upstream commit
1983
1984 Add monotime_ts and monotime_tv that return monotonic
1985 timespec and timeval respectively. Replace calls to gettimeofday() in packet
1986 timing with monotime_tv so that the callers will work over a clock step.
1987 Should prevent integer overflow during clock steps reported by wangle6 at
1988 huawei.com. "I like" markus@
1989
1990 OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a
1991
1992commit 2d638e986085bdf1a40310ed6e2307463db96ea0
1993Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>
1994Date: Sat Nov 25 05:58:47 2017 +0000
1995
1996 upstream commit
1997
1998 Remove get_current_time() and replace with calls to
1999 monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I
2000 like" markus@
2001
2002 OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952
2003
2004commit ba460acae48a36ef749cb23068f968f4d5d90a24
2005Author: Darren Tucker <dtucker@zip.com.au>
2006Date: Fri Nov 24 16:24:31 2017 +1100
2007
2008 Include string.h for explicit_bzero.
2009
2010commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff
2011Author: Damien Miller <djm@mindrot.org>
2012Date: Fri Nov 24 10:23:47 2017 +1100
2013
2014 fix incorrect range of OpenSSL versions supported
2015
2016 Pointed out by Solar Designer
2017
2018commit 83a1e5dbec52d05775174f368e0c44b08619a308
2019Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2020Date: Wed Nov 15 02:10:16 2017 +0000
2021
2022 upstream commit
2023
2024 downgrade a couple more request parsing errors from
2025 process-fatal to just returning failure, making them consistent with the
2026 others that were already like that.
2027
2028 OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918
2029
2030commit 93c68a8f3da8e5e6acdc3396f54d73919165e242
2031Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2032Date: Wed Nov 15 00:13:40 2017 +0000
2033
2034 upstream commit
2035
2036 fix regression in 7.6: failure to parse a signature request
2037 message shouldn't be fatal to the process, just the request. Reported by Ron
2038 Frederick
2039
2040 OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05
2041
2042commit 548d3a66feb64c405733932a6b1abeaf7198fa71
2043Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2044Date: Tue Nov 14 00:45:29 2017 +0000
2045
2046 upstream commit
2047
2048 fix problem in configuration parsing when in config dump mode
2049 (sshd -T) without providing a full connection specification (sshd -T -C ...)
2050
2051 spotted by bluhm@
2052
2053 OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f
2054
2055commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88
2056Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2057Date: Fri Nov 3 05:18:44 2017 +0000
2058
2059 upstream commit
2060
2061 reuse parse_multistate for parse_flag (yes/no arguments).
2062 Saves a few lines of code and makes the parser more consistent wrt case-
2063 sensitivity. bz#2664 ok dtucker@
2064
2065 OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef
2066
2067commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9
2068Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2069Date: Fri Nov 3 05:14:04 2017 +0000
2070
2071 upstream commit
2072
2073 allow certificate validity intervals that specify only a
2074 start or stop time (we already support specifying both or neither)
2075
2076 OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
2077
2078commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91
2079Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2080Date: Fri Nov 3 03:46:52 2017 +0000
2081
2082 upstream commit
2083
2084 allow "cd" and "lcd" commands with no explicit path
2085 argument. lcd will change to the local user's home directory as usual. cd
2086 will change to the starting directory for session (because the protocol
2087 offers no way to obtain the remote user's home directory). bz#2760 ok
2088 dtucker@
2089
2090 OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393
2091
2092commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e
2093Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>
2094Date: Fri Nov 3 03:18:53 2017 +0000
2095
2096 upstream commit
2097
2098 When doing a config test with sshd -T, only require the
2099 attributes that are actually used in Match criteria rather than (an
2100 incomplete list of) all criteria. ok djm@, man page help jmc@
2101
2102 OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
2103
2104commit c357eed5a52cd2f4ff358b17e30e3f9a800644da
2105Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2106Date: Fri Nov 3 02:32:19 2017 +0000
2107
2108 upstream commit
2109
2110 typos in ECDSA certificate names; bz#2787 reported by
2111 Mike Gerow
2112
2113 OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163
2114
2115commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395
2116Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2117Date: Fri Nov 3 02:29:17 2017 +0000
2118
2119 upstream commit
2120
2121 Private keys in PEM format have been encrypted by AES-128 for
2122 a while (not 3DES). bz#2788 reported by Calum Mackay
2123
2124 OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a
2125
2126commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185
2127Author: Darren Tucker <dtucker@zip.com.au>
2128Date: Fri Nov 3 14:52:51 2017 +1100
2129
2130 Check for linux/if.h when enabling rdomain.
2131
2132 musl libc doesn't seem to have linux/if.h, so check for its presence
2133 before enabling rdomain support on Linux.
2134
2135commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f
2136Author: Darren Tucker <dtucker@zip.com.au>
2137Date: Fri Nov 3 14:09:45 2017 +1100
2138
2139 Add headers for sys/sysctl.h and net/route.h
2140
2141 On at least older OpenBSDs, sys/sysctl.h and net/route.h require
2142 sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME.
2143
2144commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb
2145Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2146Date: Fri Nov 3 02:22:41 2017 +0000
2147
2148 upstream commit
2149
2150 avoid unused variable warnings for !WITH_OPENSSL; patch from
2151 Marcus Folkesson
2152
2153 OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229
2154
2155commit 6b373e4635a7470baa94253dd1dc8953663da9e8
2156Author: Marcus Folkesson <marcus.folkesson@gmail.com>
2157Date: Sat Oct 28 19:48:39 2017 +0200
2158
2159 only enable functions in dh.c when openssl is used
2160
2161 Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
2162
2163commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b
2164Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2165Date: Wed Nov 1 00:04:15 2017 +0000
2166
2167 upstream commit
2168
2169 fix broken stdout in ControlPersist mode, introduced by me in
2170 r1.467 and reported by Alf Schlichting
2171
2172 OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509
2173
2174commit f21455a084f9cc3942cf1bde64055a4916849fed
2175Author: Darren Tucker <dtucker@zip.com.au>
2176Date: Tue Oct 31 10:09:33 2017 +1100
2177
2178 Include includes.h for HAVE_GETPAGESIZE.
2179
2180 The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
2181 config.h, but bsd-getpagesize.c forgot to include includes.h (which
2182 indirectly includes config.h) so the checks always fails, causing linker
2183 issues when linking statically on systems with getpagesize().
2184
2185 Patch from Peter Korsgaard <peter at korsgaard.com>
2186
2187commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5
2188Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2189Date: Mon Oct 30 22:01:52 2017 +0000
2190
2191 upstream commit
2192
2193 whitespace at EOL
2194
2195 OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07
2196
2197commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e
2198Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2199Date: Mon Oct 30 21:59:43 2017 +0000
2200
2201 upstream commit
2202
2203 whitespace at EOL
2204
2205 OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd
2206
2207commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3
2208Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org>
2209Date: Wed Oct 25 20:08:36 2017 +0000
2210
2211 upstream commit
2212
2213 Use printenv to test whether an SSH_USER_AUTH is set
2214 instead of using $SSH_USER_AUTH. The latter won't work with csh which treats
2215 unknown variables as an error when expanding them. OK markus@
2216
2217 OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1
2218
2219commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7
2220Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org>
2221Date: Tue Oct 24 19:33:32 2017 +0000
2222
2223 upstream commit
2224
2225 Add tests for URI parsing. OK markus@
2226
2227 OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b
2228
2229commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4
2230Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2231Date: Fri Oct 27 01:57:06 2017 +0000
2232
2233 upstream commit
2234
2235 whitespace at EOL
2236
2237 OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6
2238
2239commit d2135474344335a7c6ee643b6ade6db400fa76ee
2240Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2241Date: Fri Oct 27 01:01:17 2017 +0000
2242
2243 upstream commit
2244
2245 whitespace at EOL (lots)
2246
2247 OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747
2248
2249commit b77c29a07f5a02c7c1998701c73d92bde7ae1608
2250Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
2251Date: Fri Oct 27 00:18:41 2017 +0000
2252
2253 upstream commit
2254
2255 improve printing of rdomain on accept() a little
2256
2257 OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a
2258
2259commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b
2260Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
2261Date: Thu Oct 26 06:44:01 2017 +0000
2262
2263 upstream commit
2264
2265 mark up the rdomain keyword;
2266
2267 OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a
2268
2269commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b
2270Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
2271Date: Wed Oct 25 06:19:46 2017 +0000
2272
2273 upstream commit
2274
2275 tweak the uri text, specifically removing some markup to
2276 make it a bit more readable;
2277
2278 issue reported by - and diff ok - millert
2279
2280 OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
2281
2282commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40
2283Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
2284Date: Wed Oct 25 06:18:06 2017 +0000
2285
2286 upstream commit
2287
2288 simplify macros in previous, and some minor tweaks;
2289
2290 OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca
2291
2292commit eb9c582b710dc48976b48eb2204218f6863bae9a
2293Author: Damien Miller <djm@mindrot.org>
2294Date: Tue Oct 31 00:46:29 2017 +1100
2295
2296 Switch upstream git repository.
2297
2298 Previously portable OpenSSH has synced against a conversion of OpenBSD's
2299 CVS repository made using the git cvsimport tool, but this has become
2300 increasingly unreliable.
2301
2302 As of this commit, portable OpenSSH now tracks a conversion of the
2303 OpenBSD CVS upstream made using the excellent cvs2gitdump tool from
2304 YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump
2305
2306 cvs2gitdump is considerably more reliable than gitcvsimport and the old
2307 version of cvsps that it uses under the hood, and is the same tool used
2308 to export the entire OpenBSD repository to git (so we know it can cope
2309 with future growth).
2310
2311 These new conversions are mirrored at github, so interested parties can
2312 match portable OpenSSH commits to their upstream counterparts.
2313
2314 https://github.com/djmdjm/openbsd-openssh-src
2315 https://github.com/djmdjm/openbsd-openssh-regress
2316
2317 An unfortunate side effect of switching upstreams is that we must have
2318 a flag day, across which the upstream commit IDs will be inconsistent.
2319 The old commit IDs are recorded with the tags "Upstream-ID" for main
2320 directory commits and "Upstream-Regress-ID" for regress commits.
2321
2322 To make it clear that the commit IDs do not refer to the same
2323 things, the new repository will instead use "OpenBSD-ID" and
2324 "OpenBSD-Regress-ID" tags instead.
2325
2326 Apart from being a longwinded explanation of what is going on, this
2327 commit message also serves to synchronise our tools with the state of
2328 the tree, which happens to be:
2329
2330 OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1
2331 OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
2332
2333commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea
2334Author: Damien Miller <djm@mindrot.org>
2335Date: Fri Oct 27 08:42:33 2017 +1100
2336
2337 fix rdomain compilation errors
2338
2339commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab
2340Author: Damien Miller <djm@mindrot.org>
2341Date: Wed Oct 25 14:15:42 2017 +1100
2342
2343 autoconf glue to enable Linux VRF
2344
2345commit 97c5aaf925d61641d599071abb56012cde265978
2346Author: Damien Miller <djm@mindrot.org>
2347Date: Wed Oct 25 14:09:56 2017 +1100
2348
2349 basic valid_rdomain() implementation for Linux
2350
2351commit ce1cca39d7935dd394080ce2df62f5ce5b51f485
2352Author: Damien Miller <djm@mindrot.org>
2353Date: Wed Oct 25 13:47:59 2017 +1100
2354
2355 implement get/set_rdomain() for Linux
2356
2357 Not enabled, pending implementation of valid_rdomain() and autoconf glue
2358
2359commit 6eee79f9b8d4a3b113b698383948a119acb82415
2360Author: Damien Miller <djm@mindrot.org>
2361Date: Wed Oct 25 13:22:29 2017 +1100
2362
2363 stubs for rdomain replacement functions
2364
2365commit f5594f939f844bbb688313697d6676238da355b3
2366Author: Damien Miller <djm@mindrot.org>
2367Date: Wed Oct 25 13:13:57 2017 +1100
2368
2369 rename port-tun.[ch] => port-net.[ch]
2370
2371 Ahead of adding rdomain support
2372
2373commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb
2374Author: djm@openbsd.org <djm@openbsd.org>
2375Date: Wed Oct 25 02:10:39 2017 +0000
2376
2377 upstream commit
2378
2379 uninitialised variable in PermitTunnel printing code
2380
2381 Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a
2382
2383commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f
2384Author: Damien Miller <djm@mindrot.org>
2385Date: Wed Oct 25 13:10:59 2017 +1100
2386
2387 provide hooks and fallbacks for rdomain support
2388
2389commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04
2390Author: Damien Miller <djm@mindrot.org>
2391Date: Wed Oct 25 11:25:43 2017 +1100
2392
2393 check for net/route.h and sys/sysctl.h
2394
2395commit 4d5456c7de108e17603a0920c4d15bca87244921
2396Author: djm@openbsd.org <djm@openbsd.org>
2397Date: Wed Oct 25 00:21:37 2017 +0000
2398
2399 upstream commit
2400
2401 transfer ownership of stdout to the session channel by
2402 dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to
2403 the local side; reported by David Newall, ok markus@
2404
2405 Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
2406
2407commit 68af80e6fdeaeb79432209db614386ff0f37e75f
2408Author: djm@openbsd.org <djm@openbsd.org>
2409Date: Wed Oct 25 00:19:47 2017 +0000
2410
2411 upstream commit
2412
2413 add a "rdomain" criteria for the sshd_config Match
2414 keyword to allow conditional configuration that depends on which rdomain(4) a
2415 connection was recevied on. ok markus@
2416
2417 Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
2418
2419commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a
2420Author: djm@openbsd.org <djm@openbsd.org>
2421Date: Wed Oct 25 00:17:08 2017 +0000
2422
2423 upstream commit
2424
2425 add sshd_config RDomain keyword to place sshd and the
2426 subsequent user session (including the shell and any TCP/IP forwardings) into
2427 the specified rdomain(4)
2428
2429 ok markus@
2430
2431 Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
2432
2433commit acf559e1cffbd1d6167cc1742729fc381069f06b
2434Author: djm@openbsd.org <djm@openbsd.org>
2435Date: Wed Oct 25 00:15:35 2017 +0000
2436
2437 upstream commit
2438
2439 Add optional rdomain qualifier to sshd_config's
2440 ListenAddress option to allow listening on a different rdomain(4), e.g.
2441
2442 ListenAddress 0.0.0.0 rdomain 4
2443
2444 Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
2445
2446commit b9903ee8ee8671b447fc260c2bee3761e26c7227
2447Author: millert@openbsd.org <millert@openbsd.org>
2448Date: Tue Oct 24 19:41:45 2017 +0000
2449
2450 upstream commit
2451
2452 Kill dead store and some spaces vs. tabs indent in
2453 parse_user_host_path(). Noticed by markus@
2454
2455 Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200
2456
2457commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800
2458Author: jmc@openbsd.org <jmc@openbsd.org>
2459Date: Tue Oct 24 06:27:42 2017 +0000
2460
2461 upstream commit
2462
2463 tweak previous; ok djm
2464
2465 Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9
2466
2467commit e3fa20e2e58fdc88a0e842358778f2de448b771b
2468Author: Damien Miller <djm@mindrot.org>
2469Date: Mon Oct 23 16:25:24 2017 +1100
2470
2471 avoid -Wsign-compare warning in argv copying
2472
2473commit b7548b12a6b2b4abf4d057192c353147e0abba08
2474Author: djm@openbsd.org <djm@openbsd.org>
2475Date: Mon Oct 23 05:08:00 2017 +0000
2476
2477 upstream commit
2478
2479 Expose devices allocated for tun/tap forwarding.
2480
2481 At the client, the device may be obtained from a new %T expansion
2482 for LocalCommand.
2483
2484 At the server, the allocated devices will be listed in a
2485 SSH_TUNNEL variable exposed to the environment of any user sessions
2486 started after the tunnel forwarding was established.
2487
2488 ok markus
2489
2490 Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
2491
2492commit 887669ef032d63cf07f53cada216fa8a0c9a7d72
2493Author: millert@openbsd.org <millert@openbsd.org>
2494Date: Sat Oct 21 23:06:24 2017 +0000
2495
2496 upstream commit
2497
2498 Add URI support to ssh, sftp and scp. For example
2499 ssh://user@host or sftp://user@host/path. The connection parameters
2500 described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since
2501 the ssh fingerprint format in the draft uses md5 with no way to specify the
2502 hash function type. OK djm@
2503
2504 Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc
2505
2506commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98
2507Author: Damien Miller <djm@mindrot.org>
2508Date: Fri Oct 20 13:22:00 2017 +1100
2509
2510 Fix missed RCSID merges
2511
2512commit d3b6aeb546242c9e61721225ac4387d416dd3d5e
2513Author: djm@openbsd.org <djm@openbsd.org>
2514Date: Fri Oct 20 02:13:41 2017 +0000
2515
2516 upstream commit
2517
2518 more RCSIDs
2519
2520 Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
2521
2522commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a
2523Author: djm@openbsd.org <djm@openbsd.org>
2524Date: Fri Oct 20 01:56:39 2017 +0000
2525
2526 upstream commit
2527
2528 add RCSIDs to these; they make syncing portable a bit
2529 easier
2530
2531 Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
2532
2533commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464
2534Author: Damien Miller <djm@mindrot.org>
2535Date: Fri Oct 20 12:54:15 2017 +1100
2536
2537 upstream commit
2538
2539 Apply missing commit 1.11 to kexc25519s.c
2540
2541 Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
2542
2543commit 6f72280553cb6918859ebcacc717f2d2fafc1a27
2544Author: Damien Miller <djm@mindrot.org>
2545Date: Fri Oct 20 12:52:50 2017 +1100
2546
2547 upstream commit
2548
2549 Apply missing commit 1.127 to servconf.h
2550
2551 Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
2552
2553commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc
2554Author: jmc@openbsd.org <jmc@openbsd.org>
2555Date: Wed Oct 18 05:36:59 2017 +0000
2556
2557 upstream commit
2558
2559 remove unused Pp;
2560
2561 Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
2562
2563commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14
2564Author: djm@openbsd.org <djm@openbsd.org>
2565Date: Wed Oct 18 02:49:44 2017 +0000
2566
2567 upstream commit
2568
2569 In the description of pattern-lists, clarify negated
2570 matches by explicitly stating that a negated match will never yield a
2571 positive result, and that at least one positive term in the pattern-list must
2572 match. bz#1918
2573
2574 Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
2575
2576commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd
2577Author: djm@openbsd.org <djm@openbsd.org>
2578Date: Fri Oct 13 21:13:54 2017 +0000
2579
2580 upstream commit
2581
2582 log debug messages sent to peer; ok deraadt markus
2583
2584 Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
2585
2586commit 071325f458d615d7740da5c1c1d5a8b68a0b4605
2587Author: jmc@openbsd.org <jmc@openbsd.org>
2588Date: Fri Oct 13 16:50:45 2017 +0000
2589
2590 upstream commit
2591
2592 trim permitrootlogin description somewhat, to avoid
2593 ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and
2594 myself
2595
2596 ok sthen schwarze deraadt
2597
2598 Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
2599
2600commit 10727487becb897a15f658e0cb2d05466236e622
2601Author: djm@openbsd.org <djm@openbsd.org>
2602Date: Fri Oct 13 06:45:18 2017 +0000
2603
2604 upstream commit
2605
2606 mention SSH_USER_AUTH in the list of environment
2607 variables
2608
2609 Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
2610
2611commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2
2612Author: djm@openbsd.org <djm@openbsd.org>
2613Date: Fri Oct 13 06:24:51 2017 +0000
2614
2615 upstream commit
2616
2617 BIO_get_mem_data() is supposed to take a char* as pointer
2618 argument, so don't pass it a const char*
2619
2620 Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
2621
2622commit cfa46825b5ef7097373ed8e31b01a4538a8db565
2623Author: benno@openbsd.org <benno@openbsd.org>
2624Date: Mon Oct 9 20:12:51 2017 +0000
2625
2626 upstream commit
2627
2628 clarify the order in which config statements are used. ok
2629 jmc@ djm@
2630
2631 Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
2632
2633commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5
2634Author: djm@openbsd.org <djm@openbsd.org>
2635Date: Thu Oct 5 15:52:03 2017 +0000
2636
2637 upstream commit
2638
2639 replace statically-sized arrays in ServerOptions with
2640 dynamic ones managed by xrecallocarray, removing some arbitrary (though
2641 large) limits and saving a bit of memory; "much nicer" markus@
2642
2643 Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
2644
2645commit 2b4f3ab050c2aaf6977604dd037041372615178d
2646Author: jmc@openbsd.org <jmc@openbsd.org>
2647Date: Thu Oct 5 12:56:50 2017 +0000
2648
2649 upstream commit
2650
2651 %C is hashed; from klemens nanni ok markus
2652
2653 Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
2654
2655commit a66714508b86d6814e9055fefe362d9fe4d49ab3
2656Author: djm@openbsd.org <djm@openbsd.org>
2657Date: Wed Oct 4 18:50:23 2017 +0000
2658
2659 upstream commit
2660
2661 exercise PermitOpen a little more thoroughly
2662
2663 Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
2664
2665commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6
2666Author: dtucker@openbsd.org <dtucker@openbsd.org>
2667Date: Tue Sep 26 22:39:25 2017 +0000
2668
2669 upstream commit
2670
2671 UsePrivilegeSeparation is gone, stop trying to test it.
2672
2673 Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
2674
2675commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b
2676Author: djm@openbsd.org <djm@openbsd.org>
2677Date: Wed Oct 4 18:49:30 2017 +0000
2678
2679 upstream commit
2680
2681 fix (another) problem in PermitOpen introduced during the
2682 channels.c refactor: the third and subsequent arguments to PermitOpen were
2683 being silently ignored; ok markus@
2684
2685 Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
2686
1commit 66bf74a92131b7effe49fb0eefe5225151869dc5 2687commit 66bf74a92131b7effe49fb0eefe5225151869dc5
2Author: djm@openbsd.org <djm@openbsd.org> 2688Author: djm@openbsd.org <djm@openbsd.org>
3Date: Mon Oct 2 19:33:20 2017 +0000 2689Date: Mon Oct 2 19:33:20 2017 +0000
@@ -7110,2242 +9796,3 @@ Author: Darren Tucker <dtucker@zip.com.au>
7110Date: Mon Apr 4 11:07:59 2016 +1000 9796Date: Mon Apr 4 11:07:59 2016 +1000
7111 9797
7112 Fix configure-time warnings for openssl test. 9798 Fix configure-time warnings for openssl test.
7113
7114commit 95687f5831ae680f7959446d8ae4b52452ee05dd
7115Author: djm@openbsd.org <djm@openbsd.org>
7116Date: Fri Apr 1 02:34:10 2016 +0000
7117
7118 upstream commit
7119
7120 whitespace at EOL
7121
7122 Upstream-ID: 40ae2203d07cb14e0a89e1a0d4c6120ee8fd8c3a
7123
7124commit fdfbf4580de09d84a974211715e14f88a5704b8e
7125Author: dtucker@openbsd.org <dtucker@openbsd.org>
7126Date: Thu Mar 31 05:24:06 2016 +0000
7127
7128 upstream commit
7129
7130 Remove fallback from moduli to "primes" file that was
7131 deprecated in 2001 and fix log messages referring to primes file. Based on
7132 patch from xnox at ubuntu.com via bz#2559. "kill it" deraadt@
7133
7134 Upstream-ID: 0d4f8c70e2fa7431a83b95f8ca81033147ba8713
7135
7136commit 0235a5fa67fcac51adb564cba69011a535f86f6b
7137Author: djm@openbsd.org <djm@openbsd.org>
7138Date: Thu Mar 17 17:19:43 2016 +0000
7139
7140 upstream commit
7141
7142 UseDNS affects ssh hostname processing in authorized_keys,
7143 not known_hosts; bz#2554 reported by jjelen AT redhat.com
7144
7145 Upstream-ID: c1c1bb895dde46095fc6d81d8653703928437591
7146
7147commit 8c4739338f5e379d05b19d6e544540114965f07e
7148Author: Darren Tucker <dtucker@zip.com.au>
7149Date: Tue Mar 15 09:24:43 2016 +1100
7150
7151 Don't call Solaris setproject() with UsePAM=yes.
7152
7153 When Solaris Projects are enabled along with PAM setting the project
7154 is PAM's responsiblity. bz#2425, based on patch from
7155 brent.paulson at gmail.com.
7156
7157commit cff26f373c58457a32cb263e212cfff53fca987b
7158Author: Damien Miller <djm@mindrot.org>
7159Date: Tue Mar 15 04:30:21 2016 +1100
7160
7161 remove slogin from *.spec
7162
7163commit c38905ba391434834da86abfc988a2b8b9b62477
7164Author: djm@openbsd.org <djm@openbsd.org>
7165Date: Mon Mar 14 16:20:54 2016 +0000
7166
7167 upstream commit
7168
7169 unbreak authentication using lone certificate keys in
7170 ssh-agent: when attempting pubkey auth with a certificate, if no separate
7171 private key is found among the keys then try with the certificate key itself.
7172
7173 bz#2550 reported by Peter Moody
7174
7175 Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
7176
7177commit 4b4bfb01cd40b9ddb948e6026ddd287cc303d871
7178Author: djm@openbsd.org <djm@openbsd.org>
7179Date: Thu Mar 10 11:47:57 2016 +0000
7180
7181 upstream commit
7182
7183 sanitise characters destined for xauth reported by
7184 github.com/tintinweb feedback and ok deraadt and markus
7185
7186 Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
7187
7188commit 732b463d37221722b1206f43aa59563766a6a968
7189Author: Darren Tucker <dtucker@zip.com.au>
7190Date: Mon Mar 14 16:04:23 2016 +1100
7191
7192 Pass supported malloc options to connect-privsep.
7193
7194 This allows us to activate only the supported options during the malloc
7195 option portion of the connect-privsep test.
7196
7197commit d29c5b9b3e9f27394ca97a364ed4bb4a55a59744
7198Author: Darren Tucker <dtucker@zip.com.au>
7199Date: Mon Mar 14 09:30:58 2016 +1100
7200
7201 Remove leftover roaming.h file.
7202
7203 Pointed out by des at des.no.
7204
7205commit 8ff20ec95f4377021ed5e9b2331320f5c5a34cea
7206Author: Darren Tucker <dtucker@zip.com.au>
7207Date: Mon Mar 14 09:24:03 2016 +1100
7208
7209 Quote variables that may contain whitespace.
7210
7211 The variable $L_TMP_ID_FILE needs to be surrounded by quotes in order to
7212 survive paths containing whitespace. bz#2551, from Corinna Vinschen via
7213 Philip Hands.
7214
7215commit 627824480c01f0b24541842c7206ab9009644d02
7216Author: Darren Tucker <dtucker@zip.com.au>
7217Date: Fri Mar 11 14:47:41 2016 +1100
7218
7219 Include priv.h for priv_set_t.
7220
7221 From alex at cooperi.net.
7222
7223commit e960051f9a264f682c4d2fefbeecffcfc66b0ddf
7224Author: Darren Tucker <dtucker@zip.com.au>
7225Date: Wed Mar 9 13:14:18 2016 +1100
7226
7227 Wrap stdint.h inside #ifdef HAVE_STDINT_H.
7228
7229commit 2c48bd344d2c4b5e08dae9aea5ff44fc19a5e363
7230Author: Darren Tucker <dtucker@zip.com.au>
7231Date: Wed Mar 9 12:46:50 2016 +1100
7232
7233 Add compat to monotime_double().
7234
7235 Apply all of the portability changes in monotime() to monotime() double.
7236 Fixes build on at least older FreeBSD systems.
7237
7238commit 7b40ef6c2eef40c339f6ea8920cb8a44838e10c9
7239Author: Damien Miller <djm@mindrot.org>
7240Date: Tue Mar 8 14:12:58 2016 -0800
7241
7242 make a regress-binaries target
7243
7244 Easier to build all the regression/unit test binaries in one pass
7245 than going through all of ${REGRESS_BINARIES}
7246
7247commit c425494d6b6181beb54a1b3763ef9e944fd3c214
7248Author: Damien Miller <djm@mindrot.org>
7249Date: Tue Mar 8 14:03:54 2016 -0800
7250
7251 unbreak kexfuzz for -Werror without __bounded__
7252
7253commit 3ed9218c336607846563daea5d5ab4f701f4e042
7254Author: Damien Miller <djm@mindrot.org>
7255Date: Tue Mar 8 14:01:29 2016 -0800
7256
7257 unbreak PAM after canohost refactor
7258
7259commit 885fb2a44ff694f01e4f6470f803629e11f62961
7260Author: Darren Tucker <dtucker@zip.com.au>
7261Date: Tue Mar 8 11:58:43 2016 +1100
7262
7263 auth_get_canonical_hostname in portable code.
7264
7265 "refactor canohost.c" replaced get_canonical_hostname, this makes the
7266 same change to some portable-specific code.
7267
7268commit 95767262caa6692eff1e1565be1f5cb297949a89
7269Author: djm@openbsd.org <djm@openbsd.org>
7270Date: Mon Mar 7 19:02:43 2016 +0000
7271
7272 upstream commit
7273
7274 refactor canohost.c: move functions that cache results closer
7275 to the places that use them (authn and session code). After this, no state is
7276 cached in canohost.c
7277
7278 feedback and ok markus@
7279
7280 Upstream-ID: 5f2e4df88d4803fc8ec59ec53629105e23ce625e
7281
7282commit af0bb38ffd1f2c4f9f43b0029be2efe922815255
7283Author: Damien Miller <djm@mindrot.org>
7284Date: Fri Mar 4 15:11:55 2016 +1100
7285
7286 hook unittests/misc/kexfuzz into build
7287
7288commit 331b8e07ee5bcbdca12c11cc8f51a7e8de09b248
7289Author: dtucker@openbsd.org <dtucker@openbsd.org>
7290Date: Fri Mar 4 02:48:06 2016 +0000
7291
7292 upstream commit
7293
7294 Filter debug messages out of log before picking the last
7295 two lines. Should prevent problems if any more debug output is added late in
7296 the connection.
7297
7298 Upstream-Regress-ID: 345d0a9589c381e7d640a4ead06cfaadf4db1363
7299
7300commit 0892edaa3ce623381d3a7635544cbc69b31cf9cb
7301Author: djm@openbsd.org <djm@openbsd.org>
7302Date: Fri Mar 4 02:30:36 2016 +0000
7303
7304 upstream commit
7305
7306 add KEX fuzzer harness; ok deraadt@
7307
7308 Upstream-Regress-ID: 3df5242d30551b12b828aa9ba4a4cec0846be8d1
7309
7310commit ae2562c47d41b68dbb00240fd6dd60bed205367a
7311Author: dtucker@openbsd.org <dtucker@openbsd.org>
7312Date: Thu Mar 3 00:46:53 2016 +0000
7313
7314 upstream commit
7315
7316 Look back 3 lines for possible error messages. Changes
7317 to the code mean that "Bad packet length" errors are 3 lines back instead of
7318 the previous two, which meant we didn't skip some offsets that we intended
7319 to.
7320
7321 Upstream-Regress-ID: 24f36912740a634d509a3144ebc8eb7c09b9c684
7322
7323commit 988e429d903acfb298bfddfd75e7994327adfed0
7324Author: djm@openbsd.org <djm@openbsd.org>
7325Date: Fri Mar 4 03:35:44 2016 +0000
7326
7327 upstream commit
7328
7329 fix ClientAliveInterval when a time-based RekeyLimit is
7330 set; previously keepalive packets were not being sent. bz#2252 report and
7331 analysis by Christian Wittenhorst and Garrett Lee feedback and ok dtucker@
7332
7333 Upstream-ID: d48f9deadd35fdacdd5106b41bb07630ddd4aa81
7334
7335commit 8ef04d7a94bcdb8b0085fdd2a79a844b7d40792d
7336Author: dtucker@openbsd.org <dtucker@openbsd.org>
7337Date: Wed Mar 2 22:43:52 2016 +0000
7338
7339 upstream commit
7340
7341 Improve accuracy of reported transfer speeds by waiting
7342 for the ack from the other end. Pointed out by mmcc@, ok deraadt@ markus@
7343
7344 Upstream-ID: 99f1cf15c9a8f161086b814d414d862795ae153d
7345
7346commit b8d4eafe29684fe4f5bb587f7eab948e6ed62723
7347Author: dtucker@openbsd.org <dtucker@openbsd.org>
7348Date: Wed Mar 2 22:42:40 2016 +0000
7349
7350 upstream commit
7351
7352 Improve precision of progressmeter for sftp and scp by
7353 storing sub-second timestamps. Pointed out by mmcc@, ok deraadt@ markus@
7354
7355 Upstream-ID: 38fd83a3d83dbf81c8ff7b5d1302382fe54970ab
7356
7357commit 18f64b969c70ed00e74b9d8e50359dbe698ce4c0
7358Author: jca@openbsd.org <jca@openbsd.org>
7359Date: Mon Feb 29 20:22:36 2016 +0000
7360
7361 upstream commit
7362
7363 Print ssize_t with %zd; ok deraadt@ mmcc@
7364
7365 Upstream-ID: 0590313bbb013ff6692298c98f7e0be349d124bd
7366
7367commit 6e7f68ce38130c794ec1fb8d2a6091fbe982628d
7368Author: djm@openbsd.org <djm@openbsd.org>
7369Date: Sun Feb 28 22:27:00 2016 +0000
7370
7371 upstream commit
7372
7373 rearrange DH public value tests to be a little more clear
7374
7375 rearrange DH private value generation to explain rationale more
7376 clearly and include an extra sanity check.
7377
7378 ok deraadt
7379
7380 Upstream-ID: 9ad8a07e1a12684e1b329f9bd88941b249d4b2ad
7381
7382commit 2ed17aa34008bdfc8db674315adc425a0712be11
7383Author: Darren Tucker <dtucker@zip.com.au>
7384Date: Tue Mar 1 15:24:20 2016 +1100
7385
7386 Import updated moduli file from OpenBSD.
7387
7388 Note that 1.5k bit groups have been removed.
7389
7390commit 72b061d4ba0f909501c595d709ea76e06b01e5c9
7391Author: Darren Tucker <dtucker@zip.com.au>
7392Date: Fri Feb 26 14:40:04 2016 +1100
7393
7394 Add a note about using xlc on AIX.
7395
7396commit fd4e4f2416baa2e6565ea49d52aade296bad3e28
7397Author: Darren Tucker <dtucker@zip.com.au>
7398Date: Wed Feb 24 10:44:25 2016 +1100
7399
7400 Skip PrintLastLog in config dump mode.
7401
7402 When DISABLE_LASTLOG is set, do not try to include PrintLastLog in the
7403 config dump since it'll be reported as UNKNOWN.
7404
7405commit 99135c764fa250801da5ec3b8d06cbd0111caae8
7406Author: Damien Miller <djm@mindrot.org>
7407Date: Tue Feb 23 20:17:23 2016 +1100
7408
7409 update spec/README versions ahead of release
7410
7411commit b86a334aaaa4d1e643eb1fd71f718573d6d948b5
7412Author: Damien Miller <djm@mindrot.org>
7413Date: Tue Feb 23 20:16:53 2016 +1100
7414
7415 put back portable patchlevel to p1
7416
7417commit 555dd35ff176847e3c6bd068ba2e8db4022eb24f
7418Author: djm@openbsd.org <djm@openbsd.org>
7419Date: Tue Feb 23 09:14:34 2016 +0000
7420
7421 upstream commit
7422
7423 openssh-7.2
7424
7425 Upstream-ID: 9db776b26014147fc907ece8460ef2bcb0f11e78
7426
7427commit 1acc058d0a7913838c830ed998a1a1fb5b7864bf
7428Author: Damien Miller <djm@mindrot.org>
7429Date: Tue Feb 23 16:12:13 2016 +1100
7430
7431 Disable tests where fs perms are incorrect
7432
7433 Some tests have strict requirements on the filesystem permissions
7434 for certain files and directories. This adds a regress/check-perm
7435 tool that copies the relevant logic from sshd to exactly test
7436 the paths in question. This lets us skip tests when the local
7437 filesystem doesn't conform to our expectations rather than
7438 continuing and failing the test run.
7439
7440 ok dtucker@
7441
7442commit 39f303b1f36d934d8410b05625f25c7bcb75db4d
7443Author: Damien Miller <djm@mindrot.org>
7444Date: Tue Feb 23 12:56:59 2016 +1100
7445
7446 fix sandbox on OSX Lion
7447
7448 sshd was failing with:
7449
7450 ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261):cw
7451 image not found [preauth]
7452
7453 caused by chroot before sandboxing. Avoid by explicitly linking libsandbox
7454 to sshd. Spotted by Darren.
7455
7456commit 0d1451a32c7436e6d3d482351e776bc5e7824ce4
7457Author: djm@openbsd.org <djm@openbsd.org>
7458Date: Tue Feb 23 01:34:14 2016 +0000
7459
7460 upstream commit
7461
7462 fix spurious error message when incorrect passphrase
7463 entered for keys; reported by espie@ ok deraadt@
7464
7465 Upstream-ID: 58b2e46e63ed6912ed1ee780bd3bd8560f9a5899
7466
7467commit 09d87d79741beb85768b5e788d7dfdf4bc3543dc
7468Author: sobrado@openbsd.org <sobrado@openbsd.org>
7469Date: Sat Feb 20 23:06:23 2016 +0000
7470
7471 upstream commit
7472
7473 set ssh(1) protocol version to 2 only.
7474
7475 ok djm@
7476
7477 Upstream-ID: e168daf9d27d7e392e3c9923826bd8e87b2b3a10
7478
7479commit 9262e07826ba5eebf8423f7ac9e47ec488c47869
7480Author: sobrado@openbsd.org <sobrado@openbsd.org>
7481Date: Sat Feb 20 23:02:39 2016 +0000
7482
7483 upstream commit
7484
7485 add missing ~/.ssh/id_ecdsa and ~/.ssh/id_ed25519 to
7486 IdentityFile.
7487
7488 ok djm@
7489
7490 Upstream-ID: 6ce99466312e4ae7708017c3665e3edb976f70cf
7491
7492commit c12f0fdce8f985fca8d71829fd64c5b89dc777f5
7493Author: sobrado@openbsd.org <sobrado@openbsd.org>
7494Date: Sat Feb 20 23:01:46 2016 +0000
7495
7496 upstream commit
7497
7498 AddressFamily defaults to any.
7499
7500 ok djm@
7501
7502 Upstream-ID: 0d94aa06a4b889bf57a7f631c45ba36d24c13e0c
7503
7504commit 907091acb188b1057d50c2158f74c3ecf1c2302b
7505Author: Darren Tucker <dtucker@zip.com.au>
7506Date: Fri Feb 19 09:05:39 2016 +1100
7507
7508 Make Solaris privs code build on older systems.
7509
7510 Not all systems with Solaris privs have priv_basicset so factor that
7511 out and provide backward compatibility code. Similarly, not all have
7512 PRIV_NET_ACCESS so wrap that in #ifdef. Based on code from
7513 alex at cooperi.net and djm@ with help from carson at taltos.org and
7514 wieland at purdue.edu.
7515
7516commit 292a8dee14e5e67dcd1b49ba5c7b9023e8420d59
7517Author: djm@openbsd.org <djm@openbsd.org>
7518Date: Wed Feb 17 22:20:14 2016 +0000
7519
7520 upstream commit
7521
7522 rekey refactor broke SSH1; spotted by Tom G. Christensen
7523
7524 Upstream-ID: 43f0d57928cc077c949af0bfa71ef574dcb58243
7525
7526commit 3a13cb543df9919aec2fc6b75f3dd3802facaeca
7527Author: djm@openbsd.org <djm@openbsd.org>
7528Date: Wed Feb 17 08:57:34 2016 +0000
7529
7530 upstream commit
7531
7532 rsa-sha2-512,rsa-sha2-256 cannot be selected explicitly
7533 in *KeyTypes options yet. Remove them from the lists of algorithms for now.
7534 committing on behalf of markus@ ok djm@
7535
7536 Upstream-ID: c6e8820eb8e610ac21551832c0c89684a9a51bb7
7537
7538commit a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b
7539Author: jmc@openbsd.org <jmc@openbsd.org>
7540Date: Wed Feb 17 07:38:19 2016 +0000
7541
7542 upstream commit
7543
7544 since these pages now clearly tell folks to avoid v1,
7545 normalise the docs from a v2 perspective (i.e. stop pointing out which bits
7546 are v2 only);
7547
7548 ok/tweaks djm ok markus
7549
7550 Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
7551
7552commit c5c3f3279a0e4044b8de71b70d3570d692d0f29d
7553Author: djm@openbsd.org <djm@openbsd.org>
7554Date: Wed Feb 17 05:29:04 2016 +0000
7555
7556 upstream commit
7557
7558 make sandboxed privilege separation the default, not just
7559 for new installs; "absolutely" deraadt@
7560
7561 Upstream-ID: 5221ef3b927d2df044e9aa3f5db74ae91743f69b
7562
7563commit eb3f7337a651aa01d5dec019025e6cdc124ed081
7564Author: jmc@openbsd.org <jmc@openbsd.org>
7565Date: Tue Feb 16 07:47:54 2016 +0000
7566
7567 upstream commit
7568
7569 no need to state that protocol 2 is the default twice;
7570
7571 Upstream-ID: b1e4c36b0c2e12e338e5b66e2978f2ac953b95eb
7572
7573commit e7901efa9b24e5b0c7e74f2c5520d47eead4d005
7574Author: djm@openbsd.org <djm@openbsd.org>
7575Date: Tue Feb 16 05:11:04 2016 +0000
7576
7577 upstream commit
7578
7579 Replace list of ciphers and MACs adjacent to -1/-2 flag
7580 descriptions in ssh(1) with a strong recommendation not to use protocol 1.
7581 Add a similar warning to the Protocol option descriptions in ssh_config(5)
7582 and sshd_config(5);
7583
7584 prompted by and ok mmcc@
7585
7586 Upstream-ID: 961f99e5437d50e636feca023978950a232ead5e
7587
7588commit 5a0fcb77287342e2fc2ba1cee79b6af108973dc2
7589Author: djm@openbsd.org <djm@openbsd.org>
7590Date: Tue Feb 16 03:37:48 2016 +0000
7591
7592 upstream commit
7593
7594 add a "Close session" log entry (at loglevel=verbose) to
7595 correspond to the existing "Starting session" one. Also include the session
7596 id number to make multiplexed sessions more apparent.
7597
7598 feedback and ok dtucker@
7599
7600 Upstream-ID: e72d2ac080e02774376325136e532cb24c2e617c
7601
7602commit 624fd395b559820705171f460dd33d67743d13d6
7603Author: djm@openbsd.org <djm@openbsd.org>
7604Date: Wed Feb 17 02:24:17 2016 +0000
7605
7606 upstream commit
7607
7608 include bad $SSH_CONNECTION in failure output
7609
7610 Upstream-Regress-ID: b22d72edfde78c403aaec2b9c9753ef633cc0529
7611
7612commit 60d860e54b4f199e5e89963b1c086981309753cb
7613Author: Darren Tucker <dtucker@zip.com.au>
7614Date: Wed Feb 17 13:37:09 2016 +1100
7615
7616 Rollback addition of va_start.
7617
7618 va_start was added in 0f754e29dd3760fc0b172c1220f18b753fb0957e, however
7619 it has the wrong number of args and it's not usable in non-variadic
7620 functions anyway so it breaks things (for example Solaris 2.6 as
7621 reported by Tom G. Christensen).i ok djm@
7622
7623commit 2fee909c3cee2472a98b26eb82696297b81e0d38
7624Author: Darren Tucker <dtucker@zip.com.au>
7625Date: Wed Feb 17 09:48:15 2016 +1100
7626
7627 Look for gethostbyname in libresolv and libnsl.
7628
7629 Should fix build problem on Solaris 2.6 reported by Tom G. Christensen.
7630
7631commit 5ac712d81a84396aab441a272ec429af5b738302
7632Author: Damien Miller <djm@mindrot.org>
7633Date: Tue Feb 16 10:45:02 2016 +1100
7634
7635 make existing ssh_malloc_init only for __OpenBSD__
7636
7637commit 24c9bded569d9f2449ded73f92fb6d12db7a9eec
7638Author: djm@openbsd.org <djm@openbsd.org>
7639Date: Mon Feb 15 23:32:37 2016 +0000
7640
7641 upstream commit
7642
7643 memleak of algorithm name in mm_answer_sign; reported by
7644 Jakub Jelen
7645
7646 Upstream-ID: ccd742cd25952240ebd23d7d4d6b605862584d08
7647
7648commit ffb1e7e896139a42ceb78676f637658f44612411
7649Author: dtucker@openbsd.org <dtucker@openbsd.org>
7650Date: Mon Feb 15 09:47:49 2016 +0000
7651
7652 upstream commit
7653
7654 Add a function to enable security-related malloc_options.
7655 With and ok deraadt@, something similar has been in the snaps for a while.
7656
7657 Upstream-ID: 43a95523b832b7f3b943d2908662191110c380ed
7658
7659commit ef39e8c0497ff0564990a4f9e8b7338b3ba3507c
7660Author: Damien Miller <djm@mindrot.org>
7661Date: Tue Feb 16 10:34:39 2016 +1100
7662
7663 sync ssh-copy-id with upstream 783ef08b0a75
7664
7665commit d2d772f55b19bb0e8d03c2fe1b9bb176d9779efd
7666Author: djm@openbsd.org <djm@openbsd.org>
7667Date: Fri Feb 12 00:20:30 2016 +0000
7668
7669 upstream commit
7670
7671 avoid fatal() for PKCS11 tokens that present empty key IDs
7672 bz#1773, ok markus@
7673
7674 Upstream-ID: 044a764fee526f2c4a9d530bd10695422d01fc54
7675
7676commit e4c918a6c721410792b287c9fd21356a1bed5805
7677Author: djm@openbsd.org <djm@openbsd.org>
7678Date: Thu Feb 11 02:56:32 2016 +0000
7679
7680 upstream commit
7681
7682 sync crypto algorithm lists in ssh_config(5) and
7683 sshd_config(5) with current reality. bz#2527
7684
7685 Upstream-ID: d7fd1b6c1ed848d866236bcb1d7049d2bb9b2ff6
7686
7687commit e30cabfa4ab456a30b3224f7f545f1bdfc4a2517
7688Author: djm@openbsd.org <djm@openbsd.org>
7689Date: Thu Feb 11 02:21:34 2016 +0000
7690
7691 upstream commit
7692
7693 fix regression in openssh-6.8 sftp client: existing
7694 destination directories would incorrectly terminate recursive uploads;
7695 bz#2528
7696
7697 Upstream-ID: 3306be469f41f26758e3d447987ac6d662623e18
7698
7699commit 714e367226ded4dc3897078be48b961637350b05
7700Author: djm@openbsd.org <djm@openbsd.org>
7701Date: Tue Feb 9 05:30:04 2016 +0000
7702
7703 upstream commit
7704
7705 turn off more old crypto in the client: hmac-md5, ripemd,
7706 truncated HMACs, RC4, blowfish. ok markus@ dtucker@
7707
7708 Upstream-ID: 96aa11c2c082be45267a690c12f1d2aae6acd46e
7709
7710commit 5a622844ff7f78dcb75e223399f9ef0977e8d0a3
7711Author: djm@openbsd.org <djm@openbsd.org>
7712Date: Mon Feb 8 23:40:12 2016 +0000
7713
7714 upstream commit
7715
7716 don't attempt to percent_expand() already-canonicalised
7717 addresses, avoiding unnecessary failures when attempting to connect to scoped
7718 IPv6 addresses (that naturally contain '%' characters)
7719
7720 Upstream-ID: f24569cffa1a7cbde5f08dc739a72f4d78aa5c6a
7721
7722commit 19bcf2ea2d17413f2d9730dd2a19575ff86b9b6a
7723Author: djm@openbsd.org <djm@openbsd.org>
7724Date: Mon Feb 8 10:57:07 2016 +0000
7725
7726 upstream commit
7727
7728 refactor activation of rekeying
7729
7730 This makes automatic rekeying internal to the packet code (previously
7731 the server and client loops needed to assist). In doing to it makes
7732 application of rekey limits more accurate by accounting for packets
7733 about to be sent as well as packets queued during rekeying events
7734 themselves.
7735
7736 Based on a patch from dtucker@ which was in turn based on a patch
7737 Aleksander Adamowski in bz#2521; ok markus@
7738
7739 Upstream-ID: a441227fd64f9739850ca97b4cf794202860fcd8
7740
7741commit 603ba41179e4b53951c7b90ee95b6ef3faa3f15d
7742Author: naddy@openbsd.org <naddy@openbsd.org>
7743Date: Fri Feb 5 13:28:19 2016 +0000
7744
7745 upstream commit
7746
7747 Only check errno if read() has returned an error. EOF is
7748 not an error. This fixes a problem where the mux master would sporadically
7749 fail to notice that the client had exited. ok mikeb@ djm@
7750
7751 Upstream-ID: 3c2dadc21fac6ef64665688aac8a75fffd57ae53
7752
7753commit 56d7dac790693ce420d225119283bc355cff9185
7754Author: jsg@openbsd.org <jsg@openbsd.org>
7755Date: Fri Feb 5 04:31:21 2016 +0000
7756
7757 upstream commit
7758
7759 avoid an uninitialised value when NumberOfPasswordPrompts
7760 is 0 ok markus@ djm@
7761
7762 Upstream-ID: 11b068d83c2865343aeb46acf1e9eec00f829b6b
7763
7764commit deae7d52d59c5019c528f977360d87fdda15d20b
7765Author: djm@openbsd.org <djm@openbsd.org>
7766Date: Fri Feb 5 03:07:06 2016 +0000
7767
7768 upstream commit
7769
7770 mention internal DH-GEX fallback groups; bz#2302
7771
7772 Upstream-ID: e7b395fcca3122cd825515f45a2e41c9a157e09e
7773
7774commit cac3b6665f884d46192c0dc98a64112e8b11a766
7775Author: djm@openbsd.org <djm@openbsd.org>
7776Date: Fri Feb 5 02:37:56 2016 +0000
7777
7778 upstream commit
7779
7780 better description for MaxSessions; bz#2531
7781
7782 Upstream-ID: e2c0d74ee185cd1a3e9d4ca1f1b939b745b354da
7783
7784commit 5ef4b0fdcc7a239577a754829b50022b91ab4712
7785Author: Damien Miller <djm@mindrot.org>
7786Date: Wed Jan 27 17:45:56 2016 +1100
7787
7788 avoid FreeBSD RCS Id in comment
7789
7790 Change old $FreeBSD version string in comment so it doesn't
7791 become an RCS ident downstream; requested by des AT des.no
7792
7793commit 696d12683c90d20a0a9c5f4275fc916b7011fb04
7794Author: djm@openbsd.org <djm@openbsd.org>
7795Date: Thu Feb 4 23:43:48 2016 +0000
7796
7797 upstream commit
7798
7799 printf argument casts to avoid warnings on strict
7800 compilers
7801
7802 Upstream-ID: 7b9f6712cef01865ad29070262d366cf13587c9c
7803
7804commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a
7805Author: millert@openbsd.org <millert@openbsd.org>
7806Date: Mon Feb 1 21:18:17 2016 +0000
7807
7808 upstream commit
7809
7810 Avoid ugly "DISPLAY "(null)" invalid; disabling X11
7811 forwarding" message when DISPLAY is not set. This could also result in a
7812 crash on systems with a printf that doesn't handle NULL. OK djm@
7813
7814 Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
7815
7816commit 537f88ec7bcf40bd444ac5584c707c5588c55c43
7817Author: dtucker@openbsd.org <dtucker@openbsd.org>
7818Date: Fri Jan 29 05:18:15 2016 +0000
7819
7820 upstream commit
7821
7822 Add regression test for RekeyLimit parsing of >32bit values
7823 (4G and 8G).
7824
7825 Upstream-Regress-ID: 548390350c62747b6234f522a99c319eee401328
7826
7827commit 4c6cb8330460f94e6c7ae28a364236d4188156a3
7828Author: dtucker@openbsd.org <dtucker@openbsd.org>
7829Date: Fri Jan 29 23:04:46 2016 +0000
7830
7831 upstream commit
7832
7833 Remove leftover roaming dead code. ok djm markus.
7834
7835 Upstream-ID: 13d1f9c8b65a5109756bcfd3b74df949d53615be
7836
7837commit 28136471809806d6246ef41e4341467a39fe2f91
7838Author: djm@openbsd.org <djm@openbsd.org>
7839Date: Fri Jan 29 05:46:01 2016 +0000
7840
7841 upstream commit
7842
7843 include packet type of non-data packets in debug3 output;
7844 ok markus dtucker
7845
7846 Upstream-ID: 034eaf639acc96459b9c5ce782db9fcd8bd02d41
7847
7848commit 6fd6e28daccafaa35f02741036abe64534c361a1
7849Author: dtucker@openbsd.org <dtucker@openbsd.org>
7850Date: Fri Jan 29 03:31:03 2016 +0000
7851
7852 upstream commit
7853
7854 Revert "account for packets buffered but not yet
7855 processed" change as it breaks for very small RekeyLimit values due to
7856 continuous rekeying. ok djm@
7857
7858 Upstream-ID: 7e03f636cb45ab60db18850236ccf19079182a19
7859
7860commit 921ff00b0ac429666fb361d2d6cb1c8fff0006cb
7861Author: dtucker@openbsd.org <dtucker@openbsd.org>
7862Date: Fri Jan 29 02:54:45 2016 +0000
7863
7864 upstream commit
7865
7866 Allow RekeyLimits in excess of 4G up to 2**63 bits
7867 (limited by the return type of scan_scaled). Part of bz#2521, ok djm.
7868
7869 Upstream-ID: 13bea82be566b9704821b1ea05bf7804335c7979
7870
7871commit c0060a65296f01d4634f274eee184c0e93ba0f23
7872Author: dtucker@openbsd.org <dtucker@openbsd.org>
7873Date: Fri Jan 29 02:42:46 2016 +0000
7874
7875 upstream commit
7876
7877 Account for packets buffered but not yet processed when
7878 computing whether or not it is time to perform rekeying. bz#2521, based
7879 loosely on a patch from olo at fb.com, ok djm@
7880
7881 Upstream-ID: 67e268b547f990ed220f3cb70a5624d9bda12b8c
7882
7883commit 44cf930e670488c85c9efeb373fa5f4b455692ac
7884Author: djm@openbsd.org <djm@openbsd.org>
7885Date: Wed Jan 27 06:44:58 2016 +0000
7886
7887 upstream commit
7888
7889 change old $FreeBSD version string in comment so it doesn't
7890 become an RCS ident downstream; requested by des AT des.no
7891
7892 Upstream-ID: 8ca558c01f184e596b45e4fc8885534b2c864722
7893
7894commit ebacd377769ac07d1bf3c75169644336056b7060
7895Author: djm@openbsd.org <djm@openbsd.org>
7896Date: Wed Jan 27 00:53:12 2016 +0000
7897
7898 upstream commit
7899
7900 make the debug messages a bit more useful here
7901
7902 Upstream-ID: 478ccd4e897e0af8486b294aa63aa3f90ab78d64
7903
7904commit 458abc2934e82034c5c281336d8dc0f910aecad3
7905Author: jsg@openbsd.org <jsg@openbsd.org>
7906Date: Sat Jan 23 05:31:35 2016 +0000
7907
7908 upstream commit
7909
7910 Zero a stack buffer with explicit_bzero() instead of
7911 memset() when returning from client_loop() for consistency with
7912 buffer_free()/sshbuf_free().
7913
7914 ok dtucker@ deraadt@ djm@
7915
7916 Upstream-ID: bc9975b2095339811c3b954694d7d15ea5c58f66
7917
7918commit 65a3c0dacbc7dbb75ddb6a70ebe22d8de084d0b0
7919Author: dtucker@openbsd.org <dtucker@openbsd.org>
7920Date: Wed Jan 20 09:22:39 2016 +0000
7921
7922 upstream commit
7923
7924 Include sys/time.h for gettimeofday. From sortie at
7925 maxsi.org.
7926
7927 Upstream-ID: 6ed0c33b836d9de0a664cd091e86523ecaa2fb3b
7928
7929commit fc77ccdc2ce6d5d06628b8da5048a6a5f6ffca5a
7930Author: markus@openbsd.org <markus@openbsd.org>
7931Date: Thu Jan 14 22:56:56 2016 +0000
7932
7933 upstream commit
7934
7935 fd leaks; report Qualys Security Advisory team; ok
7936 deraadt@
7937
7938 Upstream-ID: 4ec0f12b9d8fa202293c9effa115464185aa071d
7939
7940commit a306863831c57ec5fad918687cc5d289ee8e2635
7941Author: markus@openbsd.org <markus@openbsd.org>
7942Date: Thu Jan 14 16:17:39 2016 +0000
7943
7944 upstream commit
7945
7946 remove roaming support; ok djm@
7947
7948 Upstream-ID: 2cab8f4b197bc95776fb1c8dc2859dad0c64dc56
7949
7950commit 6ef49e83e30688504552ac10875feabd5521565f
7951Author: deraadt@openbsd.org <deraadt@openbsd.org>
7952Date: Thu Jan 14 14:34:34 2016 +0000
7953
7954 upstream commit
7955
7956 Disable experimental client-side roaming support. Server
7957 side was disabled/gutted for years already, but this aspect was surprisingly
7958 forgotten. Thanks for report from Qualys
7959
7960 Upstream-ID: 2328004b58f431a554d4c1bf67f5407eae3389df
7961
7962commit 8d7b523b96d3be180572d9d338cedaafc0570f60
7963Author: Damien Miller <djm@mindrot.org>
7964Date: Thu Jan 14 11:08:19 2016 +1100
7965
7966 bump version numbers
7967
7968commit 8c3d512a1fac8b9c83b4d0c9c3f2376290bd84ca
7969Author: Damien Miller <djm@mindrot.org>
7970Date: Thu Jan 14 11:04:04 2016 +1100
7971
7972 openssh-7.1p2
7973
7974commit e6c85f8889c5c9eb04796fdb76d2807636b9eef5
7975Author: Damien Miller <djm@mindrot.org>
7976Date: Fri Jan 15 01:30:36 2016 +1100
7977
7978 forcibly disable roaming support in the client
7979
7980commit ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
7981Author: djm@openbsd.org <djm@openbsd.org>
7982Date: Wed Jan 13 23:04:47 2016 +0000
7983
7984 upstream commit
7985
7986 eliminate fallback from untrusted X11 forwarding to trusted
7987 forwarding when the X server disables the SECURITY extension; Reported by
7988 Thomas Hoger; ok deraadt@
7989
7990 Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
7991
7992commit 9a728cc918fad67c8a9a71201088b1e150340ba4
7993Author: djm@openbsd.org <djm@openbsd.org>
7994Date: Tue Jan 12 23:42:54 2016 +0000
7995
7996 upstream commit
7997
7998 use explicit_bzero() more liberally in the buffer code; ok
7999 deraadt
8000
8001 Upstream-ID: 0ece37069fd66bc6e4f55eb1321f93df372b65bf
8002
8003commit 4626cbaf78767fc8e9c86dd04785386c59ae0839
8004Author: Damien Miller <djm@mindrot.org>
8005Date: Fri Jan 8 14:24:56 2016 +1100
8006
8007 Support Illumos/Solaris fine-grained privileges
8008
8009 Includes a pre-auth privsep sandbox and several pledge()
8010 emulations. bz#2511, patch by Alex Wilson.
8011
8012 ok dtucker@
8013
8014commit 422d1b3ee977ff4c724b597fb2e437d38fc8de9d
8015Author: djm@openbsd.org <djm@openbsd.org>
8016Date: Thu Dec 31 00:33:52 2015 +0000
8017
8018 upstream commit
8019
8020 fix three bugs in KRL code related to (unused) signature
8021 support: verification length was being incorrectly calculated, multiple
8022 signatures were being incorrectly processed and a NULL dereference that
8023 occurred when signatures were verified. Reported by Carl Jackson
8024
8025 Upstream-ID: e705e97ad3ccce84291eaa651708dd1b9692576b
8026
8027commit 6074c84bf95d00f29cc7d5d3cd3798737851aa1a
8028Author: djm@openbsd.org <djm@openbsd.org>
8029Date: Wed Dec 30 23:46:14 2015 +0000
8030
8031 upstream commit
8032
8033 unused prototype
8034
8035 Upstream-ID: f3eef4389d53ed6c0d5c77dcdcca3060c745da97
8036
8037commit 6213f0e180e54122bb1ba928e11c784e2b4e5380
8038Author: guenther@openbsd.org <guenther@openbsd.org>
8039Date: Sat Dec 26 20:51:35 2015 +0000
8040
8041 upstream commit
8042
8043 Use pread/pwrite instead separate lseek+read/write for
8044 lastlog. Cast to off_t before multiplication to avoid truncation on ILP32
8045
8046 ok kettenis@ mmcc@
8047
8048 Upstream-ID: fc40092568cd195719ddf1a00aa0742340d616cf
8049
8050commit d7d2bc95045a43dd56ea696cc1d030ac9d77e81f
8051Author: semarie@openbsd.org <semarie@openbsd.org>
8052Date: Sat Dec 26 07:46:03 2015 +0000
8053
8054 upstream commit
8055
8056 adjust pledge promises for ControlMaster: when using
8057 "ask" or "autoask", the process will use ssh-askpass for asking confirmation.
8058
8059 problem found by halex@
8060
8061 ok halex@
8062
8063 Upstream-ID: 38a58b30ae3eef85051c74d3c247216ec0735f80
8064
8065commit 271df8185d9689b3fb0523f58514481b858f6843
8066Author: djm@openbsd.org <djm@openbsd.org>
8067Date: Sun Dec 13 22:42:23 2015 +0000
8068
8069 upstream commit
8070
8071 unbreak connections with peers that set
8072 first_kex_follows; fix from Matt Johnston va bz#2515
8073
8074 Upstream-ID: decc88ec4fc7515594fdb42b04aa03189a44184b
8075
8076commit 43849a47c5f8687699eafbcb5604f6b9c395179f
8077Author: doug@openbsd.org <doug@openbsd.org>
8078Date: Fri Dec 11 17:41:37 2015 +0000
8079
8080 upstream commit
8081
8082 Add "id" to ssh-agent pledge for subprocess support.
8083
8084 Found the hard way by Jan Johansson when using ssh-agent with X. Also,
8085 rearranged proc/exec and retval to match other pledge calls in the tree.
8086
8087 ok djm@
8088
8089 Upstream-ID: 914255f6850e5e7fa830a2de6c38605333b584db
8090
8091commit 52d7078421844b2f88329f5be3de370b0a938636
8092Author: mmcc@openbsd.org <mmcc@openbsd.org>
8093Date: Fri Dec 11 04:21:11 2015 +0000
8094
8095 upstream commit
8096
8097 Remove NULL-checks before sshbuf_free().
8098
8099 ok djm@
8100
8101 Upstream-ID: 5ebed00ed5f9f03b119a345085e8774565466917
8102
8103commit a4b9e0f4e4a6980a0eb8072f76ea611cab5b77e7
8104Author: djm@openbsd.org <djm@openbsd.org>
8105Date: Fri Dec 11 03:24:25 2015 +0000
8106
8107 upstream commit
8108
8109 include remote port number in a few more messages; makes
8110 tying log messages together into a session a bit easier; bz#2503 ok dtucker@
8111
8112 Upstream-ID: 9300dc354015f7a7368d94a8ff4a4266a69d237e
8113
8114commit 6091c362e89079397e68744ae30df121b0a72c07
8115Author: djm@openbsd.org <djm@openbsd.org>
8116Date: Fri Dec 11 03:20:09 2015 +0000
8117
8118 upstream commit
8119
8120 don't try to load SSHv1 private key when compiled without
8121 SSHv1 support. From Iain Morgan bz#2505
8122
8123 Upstream-ID: 8b8e7b02a448cf5e5635979df2d83028f58868a7
8124
8125commit cce6a36bb95e81fa8bfb46daf22eabcf13afc352
8126Author: djm@openbsd.org <djm@openbsd.org>
8127Date: Fri Dec 11 03:19:09 2015 +0000
8128
8129 upstream commit
8130
8131 use SSH_MAX_PUBKEY_BYTES consistently as buffer size when
8132 reading key files. Increase it to match the size of the buffers already being
8133 used.
8134
8135 Upstream-ID: 1b60586b484b55a947d99a0b32bd25e0ced56fae
8136
8137commit 89540b6de025b80404a0cb8418c06377f3f98848
8138Author: mmcc@openbsd.org <mmcc@openbsd.org>
8139Date: Fri Dec 11 02:31:47 2015 +0000
8140
8141 upstream commit
8142
8143 Remove NULL-checks before sshkey_free().
8144
8145 ok djm@
8146
8147 Upstream-ID: 3e35afe8a25e021216696b5d6cde7f5d2e5e3f52
8148
8149commit 79394ed6d74572c2d2643d73937dad33727fc240
8150Author: dtucker@openbsd.org <dtucker@openbsd.org>
8151Date: Fri Dec 11 02:29:03 2015 +0000
8152
8153 upstream commit
8154
8155 fflush stdout so that output is seen even when running in
8156 debug mode when output may otherwise not be flushed. Patch from dustin at
8157 null-ptr.net.
8158
8159 Upstream-ID: b0c6b4cd2cdb01d7e9eefbffdc522e35b5bc4acc
8160
8161commit ee607cccb6636eb543282ba90e0677b0604d8b7a
8162Author: Darren Tucker <dtucker@zip.com.au>
8163Date: Tue Dec 15 15:23:49 2015 +1100
8164
8165 Increase robustness of redhat/openssh.spec
8166
8167 - remove configure --with-rsh, because this option isn't supported anymore
8168 - replace last occurrence of BuildPreReq by BuildRequires
8169 - update grep statement to query the krb5 include directory
8170
8171 Patch from CarstenGrohmann via github, ok djm.
8172
8173commit b5fa0cd73555b991a543145603658d7088ec6b60
8174Author: Darren Tucker <dtucker@zip.com.au>
8175Date: Tue Dec 15 15:10:32 2015 +1100
8176
8177 Allow --without-ssl-engine with --without-openssl
8178
8179 Patch from Mike Frysinger via github.
8180
8181commit c1d7e546f6029024f3257cc25c92f2bddf163125
8182Author: Darren Tucker <dtucker@zip.com.au>
8183Date: Tue Dec 15 14:27:09 2015 +1100
8184
8185 Include openssl crypto.h for SSLeay.
8186
8187 Patch from doughdemon via github.
8188
8189commit c6f5f01651526e88c00d988ce59d71f481ebac62
8190Author: Darren Tucker <dtucker@zip.com.au>
8191Date: Tue Dec 15 13:59:12 2015 +1100
8192
8193 Add sys/time.h for gettimeofday.
8194
8195 Should allow it it compile with MUSL libc. Based on patch from
8196 doughdemon via github.
8197
8198commit 39736be06c7498ef57d6970f2d85cf066ae57c82
8199Author: djm@openbsd.org <djm@openbsd.org>
8200Date: Fri Dec 11 02:20:28 2015 +0000
8201
8202 upstream commit
8203
8204 correct error messages; from Tomas Kuthan bz#2507
8205
8206 Upstream-ID: 7454a0affeab772398052954c79300aa82077093
8207
8208commit 94141b7ade24afceeb6762a3f99e09e47a6c42b6
8209Author: mmcc@openbsd.org <mmcc@openbsd.org>
8210Date: Fri Dec 11 00:20:04 2015 +0000
8211
8212 upstream commit
8213
8214 Pass (char *)NULL rather than (char *)0 to execl and
8215 execlp.
8216
8217 ok dtucker@
8218
8219 Upstream-ID: 56c955106cbddba86c3dd9bbf786ac0d1b361492
8220
8221commit d59ce08811bf94111c2f442184cf7d1257ffae24
8222Author: mmcc@openbsd.org <mmcc@openbsd.org>
8223Date: Thu Dec 10 17:08:40 2015 +0000
8224
8225 upstream commit
8226
8227 Remove NULL-checks before free().
8228
8229 ok dtucker@
8230
8231 Upstream-ID: e3d3cb1ce900179906af36517b5eea0fb15e6ef8
8232
8233commit 8e56dd46cb37879c73bce2d6032cf5e7f82d5a71
8234Author: mmcc@openbsd.org <mmcc@openbsd.org>
8235Date: Thu Dec 10 07:01:35 2015 +0000
8236
8237 upstream commit
8238
8239 Fix a couple "the the" typos. ok dtucker@
8240
8241 Upstream-ID: ec364c5af32031f013001fd28d1bd3dfacfe9a72
8242
8243commit 6262a0522ddc2c0f2e9358dcb68d59b46e9c533e
8244Author: markus@openbsd.org <markus@openbsd.org>
8245Date: Mon Dec 7 20:04:09 2015 +0000
8246
8247 upstream commit
8248
8249 stricter encoding type checks for ssh-rsa; ok djm@
8250
8251 Upstream-ID: 8cca7c787599a5e8391e184d0b4f36fdc3665650
8252
8253commit d86a3ba7af160c13496102aed861ae48a4297072
8254Author: Damien Miller <djm@mindrot.org>
8255Date: Wed Dec 9 09:18:45 2015 +1100
8256
8257 Don't set IPV6_V6ONLY on OpenBSD
8258
8259 It isn't necessary and runs afoul of pledge(2) restrictions.
8260
8261commit da98c11d03d819a15429d8fff9688acd7505439f
8262Author: djm@openbsd.org <djm@openbsd.org>
8263Date: Mon Dec 7 02:20:46 2015 +0000
8264
8265 upstream commit
8266
8267 basic unit tests for rsa-sha2-* signature types
8268
8269 Upstream-Regress-ID: 7dc4b9db809d578ff104d591b4d86560c3598d3c
8270
8271commit 3da893fdec9936dd2c23739cdb3c0c9d4c59fca0
8272Author: markus@openbsd.org <markus@openbsd.org>
8273Date: Sat Dec 5 20:53:21 2015 +0000
8274
8275 upstream commit
8276
8277 prefer rsa-sha2-512 over -256 for hostkeys, too; noticed
8278 by naddy@
8279
8280 Upstream-ID: 685f55f7ec566a8caca587750672723a0faf3ffe
8281
8282commit 8b56e59714d87181505e4678f0d6d39955caf10e
8283Author: tobias@openbsd.org <tobias@openbsd.org>
8284Date: Fri Dec 4 21:51:06 2015 +0000
8285
8286 upstream commit
8287
8288 Properly handle invalid %-format by calling fatal.
8289
8290 ok deraadt, djm
8291
8292 Upstream-ID: 5692bce7d9f6eaa9c488cb93d3b55e758bef1eac
8293
8294commit 76c9fbbe35aabc1db977fb78e827644345e9442e
8295Author: markus@openbsd.org <markus@openbsd.org>
8296Date: Fri Dec 4 16:41:28 2015 +0000
8297
8298 upstream commit
8299
8300 implement SHA2-{256,512} for RSASSA-PKCS1-v1_5 signatures
8301 (user and host auth) based on draft-rsa-dsa-sha2-256-03.txt and
8302 draft-ssh-ext-info-04.txt; with & ok djm@
8303
8304 Upstream-ID: cf82ce532b2733e5c4b34bb7b7c94835632db309
8305
8306commit 6064a8b8295cb5a17b5ebcfade53053377714f40
8307Author: djm@openbsd.org <djm@openbsd.org>
8308Date: Fri Dec 4 00:24:55 2015 +0000
8309
8310 upstream commit
8311
8312 clean up agent_fd handling; properly initialise it to -1
8313 and make tests consistent
8314
8315 ok markus@
8316
8317 Upstream-ID: ac9554323d5065745caf17b5e37cb0f0d4825707
8318
8319commit b91926a97620f3e51761c271ba57aa5db790f48d
8320Author: semarie@openbsd.org <semarie@openbsd.org>
8321Date: Thu Dec 3 17:00:18 2015 +0000
8322
8323 upstream commit
8324
8325 pledges ssh client: - mux client: which is used when
8326 ControlMaster is in use. will end with "stdio proc tty" (proc is to
8327 permit sending SIGWINCH to mux master on window resize)
8328
8329 - client loop: several levels of pledging depending of your used options
8330
8331 ok deraadt@
8332
8333 Upstream-ID: 21676155a700e51f2ce911e33538e92a2cd1d94b
8334
8335commit bcce47466bbc974636f588b5e4a9a18ae386f64a
8336Author: doug@openbsd.org <doug@openbsd.org>
8337Date: Wed Dec 2 08:30:50 2015 +0000
8338
8339 upstream commit
8340
8341 Add "cpath" to the ssh-agent pledge so the cleanup
8342 handler can unlink().
8343
8344 ok djm@
8345
8346 Upstream-ID: 9e632991d48241d56db645602d381253a3d8c29d
8347
8348commit a90d001543f46716b6590c6dcc681d5f5322f8cf
8349Author: djm@openbsd.org <djm@openbsd.org>
8350Date: Wed Dec 2 08:00:58 2015 +0000
8351
8352 upstream commit
8353
8354 ssh-agent pledge needs proc for askpass; spotted by todd@
8355
8356 Upstream-ID: 349aa261b29cc0e7de47ef56167769c432630b2a
8357
8358commit d952162b3c158a8f23220587bb6c8fcda75da551
8359Author: djm@openbsd.org <djm@openbsd.org>
8360Date: Tue Dec 1 23:29:24 2015 +0000
8361
8362 upstream commit
8363
8364 basic pledge() for ssh-agent, more refinement needed
8365
8366 Upstream-ID: 5b5b03c88162fce549e45e1b6dd833f20bbb5e13
8367
8368commit f0191d7c8e76e30551084b79341886d9bb38e453
8369Author: Damien Miller <djm@mindrot.org>
8370Date: Mon Nov 30 10:53:25 2015 +1100
8371
8372 Revert "stub for pledge(2) for systems that lack it"
8373
8374 This reverts commit 14c887c8393adde2d9fd437d498be30f8c98535c.
8375
8376 dtucker beat me to it :/
8377
8378commit 6283cc72eb0e49a3470d30e07ca99a1ba9e89676
8379Author: Damien Miller <djm@mindrot.org>
8380Date: Mon Nov 30 10:37:03 2015 +1100
8381
8382 revert 7d4c7513: bring back S/Key prototypes
8383
8384 (but leave RCSID changes)
8385
8386commit 14c887c8393adde2d9fd437d498be30f8c98535c
8387Author: Damien Miller <djm@mindrot.org>
8388Date: Mon Nov 30 09:45:29 2015 +1100
8389
8390 stub for pledge(2) for systems that lack it
8391
8392commit 452c0b6af5d14c37553e30059bf74456012493f3
8393Author: djm@openbsd.org <djm@openbsd.org>
8394Date: Sun Nov 29 22:18:37 2015 +0000
8395
8396 upstream commit
8397
8398 pledge, better fatal() messages; feedback deraadt@
8399
8400 Upstream-ID: 3e00f6ccfe2b9a7a2d1dbba5409586180801488f
8401
8402commit 6da413c085dba37127687b2617a415602505729b
8403Author: deraadt@openbsd.org <deraadt@openbsd.org>
8404Date: Sat Nov 28 06:50:52 2015 +0000
8405
8406 upstream commit
8407
8408 do not leak temp file if there is no known_hosts file
8409 from craig leres, ok djm
8410
8411 Upstream-ID: c820497fd5574844c782e79405c55860f170e426
8412
8413commit 3ddd15e1b63a4d4f06c8ab16fbdd8a5a61764f16
8414Author: Darren Tucker <dtucker@zip.com.au>
8415Date: Mon Nov 30 07:23:53 2015 +1100
8416
8417 Add a null implementation of pledge.
8418
8419 Fixes builds on almost everything.
8420
8421commit b1d6b3971ef256a08692efc409fc9ada719111cc
8422Author: djm@openbsd.org <djm@openbsd.org>
8423Date: Sat Nov 28 06:41:03 2015 +0000
8424
8425 upstream commit
8426
8427 don't include port number in tcpip-forward replies for
8428 requests that don't allocate a port; bz#2509 diagnosed by Ron Frederick ok
8429 markus
8430
8431 Upstream-ID: 77efad818addb61ec638b5a2362f1554e21a970a
8432
8433commit 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65
8434Author: deraadt@openbsd.org <deraadt@openbsd.org>
8435Date: Fri Nov 27 00:49:31 2015 +0000
8436
8437 upstream commit
8438
8439 pledge "stdio rpath wpath cpath fattr tty proc exec"
8440 except for the -p option (which sadly has insane semantics...) ok semarie
8441 dtucker
8442
8443 Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
8444
8445commit 4d90625b229cf6b3551d81550a9861897509a65f
8446Author: halex@openbsd.org <halex@openbsd.org>
8447Date: Fri Nov 20 23:04:01 2015 +0000
8448
8449 upstream commit
8450
8451 allow comment change for all supported formats
8452
8453 ok djm@
8454
8455 Upstream-ID: 5fc477cf2f119b2d44aa9c683af16cb00bb3744b
8456
8457commit 8ca915fc761519dd1f7766a550ec597a81db5646
8458Author: djm@openbsd.org <djm@openbsd.org>
8459Date: Fri Nov 20 01:45:29 2015 +0000
8460
8461 upstream commit
8462
8463 add cast to make -Werror clean
8464
8465 Upstream-ID: 288db4f8f810bd475be01320c198250a04ff064d
8466
8467commit ac9473580dcd401f8281305af98635cdaae9bf96
8468Author: Damien Miller <djm@mindrot.org>
8469Date: Fri Nov 20 12:35:41 2015 +1100
8470
8471 fix multiple authentication using S/Key w/ privsep
8472
8473 bz#2502, patch from Kevin Korb and feandil_
8474
8475commit 88b6fcdeb87a2fb76767854d9eb15006662dca57
8476Author: djm@openbsd.org <djm@openbsd.org>
8477Date: Thu Nov 19 08:23:27 2015 +0000
8478
8479 upstream commit
8480
8481 ban ConnectionAttempts=0, it makes no sense and would cause
8482 ssh_connect_direct() to print an uninitialised stack variable; bz#2500
8483 reported by dvw AT phas.ubc.ca
8484
8485 Upstream-ID: 32b5134c608270583a90b93a07b3feb3cbd5f7d5
8486
8487commit 964ab3ee7a8f96bdbc963d5b5a91933d6045ebe7
8488Author: djm@openbsd.org <djm@openbsd.org>
8489Date: Thu Nov 19 01:12:32 2015 +0000
8490
8491 upstream commit
8492
8493 trailing whitespace
8494
8495 Upstream-ID: 31fe0ad7c4d08e87f1d69c79372f5e3c5cd79051
8496
8497commit f96516d052dbe38561f6b92b0e4365d8e24bb686
8498Author: djm@openbsd.org <djm@openbsd.org>
8499Date: Thu Nov 19 01:09:38 2015 +0000
8500
8501 upstream commit
8502
8503 print host certificate contents at debug level
8504
8505 Upstream-ID: 39354cdd8a2b32b308fd03f98645f877f540f00d
8506
8507commit 499cf36fecd6040e30e2912dd25655bc574739a7
8508Author: djm@openbsd.org <djm@openbsd.org>
8509Date: Thu Nov 19 01:08:55 2015 +0000
8510
8511 upstream commit
8512
8513 move the certificate validity formatting code to
8514 sshkey.[ch]
8515
8516 Upstream-ID: f05f7c78fab20d02ff1d5ceeda533ef52e8fe523
8517
8518commit bcb7bc77bbb1535d1008c7714085556f3065d99d
8519Author: djm@openbsd.org <djm@openbsd.org>
8520Date: Wed Nov 18 08:37:28 2015 +0000
8521
8522 upstream commit
8523
8524 fix "ssh-keygen -l" of private key, broken in support for
8525 multiple plain keys on stdin
8526
8527 Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d
8528
8529commit 259adb6179e23195c8f6913635ea71040d1ccd63
8530Author: millert@openbsd.org <millert@openbsd.org>
8531Date: Mon Nov 16 23:47:52 2015 +0000
8532
8533 upstream commit
8534
8535 Replace remaining calls to index(3) with strchr(3). OK
8536 jca@ krw@
8537
8538 Upstream-ID: 33837d767a0cf1db1489b96055f9e330bc0bab6d
8539
8540commit c56a255162c2166884539c0a1f7511575325b477
8541Author: djm@openbsd.org <djm@openbsd.org>
8542Date: Mon Nov 16 22:53:07 2015 +0000
8543
8544 upstream commit
8545
8546 Allow fingerprinting from standard input "ssh-keygen -lf
8547 -"
8548
8549 Support fingerprinting multiple plain keys in a file and authorized_keys
8550 files too (bz#1319)
8551
8552 ok markus@
8553
8554 Upstream-ID: 903f8b4502929d6ccf53509e4e07eae084574b77
8555
8556commit 5b4010d9b923cf1b46c9c7b1887c013c2967e204
8557Author: djm@openbsd.org <djm@openbsd.org>
8558Date: Mon Nov 16 22:51:05 2015 +0000
8559
8560 upstream commit
8561
8562 always call privsep_preauth_child() regardless of whether
8563 sshd was started by root; it does important priming before sandboxing and
8564 failing to call it could result in sandbox violations later; ok markus@
8565
8566 Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
8567
8568commit 3a9f84b58b0534bbb485f1eeab75665e2d03371f
8569Author: djm@openbsd.org <djm@openbsd.org>
8570Date: Mon Nov 16 22:50:01 2015 +0000
8571
8572 upstream commit
8573
8574 improve sshkey_read() semantics; only update *cpp when a
8575 key is successfully read; ok markus@
8576
8577 Upstream-ID: f371e78e8f4fab366cf69a42bdecedaed5d1b089
8578
8579commit db6f8dc5dd5655b59368efd074994d4568bc3556
8580Author: logan@openbsd.org <logan@openbsd.org>
8581Date: Mon Nov 16 06:13:04 2015 +0000
8582
8583 upstream commit
8584
8585 1) Use xcalloc() instead of xmalloc() to check for
8586 potential overflow. (Feedback from both mmcc@ and djm@) 2) move set_size
8587 just before the for loop. (suggested by djm@)
8588
8589 OK djm@
8590
8591 Upstream-ID: 013534c308187284756c3141f11d2c0f33c47213
8592
8593commit 383f10fb84a0fee3c01f9d97594f3e22aa3cd5e0
8594Author: djm@openbsd.org <djm@openbsd.org>
8595Date: Mon Nov 16 00:30:02 2015 +0000
8596
8597 upstream commit
8598
8599 Add a new authorized_keys option "restrict" that
8600 includes all current and future key restrictions (no-*-forwarding, etc). Also
8601 add permissive versions of the existing restrictions, e.g. "no-pty" -> "pty".
8602 This simplifies the task of setting up restricted keys and ensures they are
8603 maximally-restricted, regardless of any permissions we might implement in the
8604 future.
8605
8606 Example:
8607
8608 restrict,pty,command="nethack" ssh-ed25519 AAAAC3NzaC1lZDI1...
8609
8610 Idea from Jann Horn; ok markus@
8611
8612 Upstream-ID: 04ceb9d448e46e67e13887a7ae5ea45b4f1719d0
8613
8614commit e41a071f7bda6af1fb3f081bed0151235fa61f15
8615Author: jmc@openbsd.org <jmc@openbsd.org>
8616Date: Sun Nov 15 23:58:04 2015 +0000
8617
8618 upstream commit
8619
8620 correct section number for ssh-agent;
8621
8622 Upstream-ID: 44be72fd8bcc167635c49b357b1beea8d5674bd6
8623
8624commit 1a11670286acddcc19f5eff0966c380831fc4638
8625Author: jmc@openbsd.org <jmc@openbsd.org>
8626Date: Sun Nov 15 23:54:15 2015 +0000
8627
8628 upstream commit
8629
8630 do not confuse mandoc by presenting "Dd";
8631
8632 Upstream-ID: 1470fce171c47b60bbc7ecd0fc717a442c2cfe65
8633
8634commit f361df474c49a097bfcf16d1b7b5c36fcd844b4b
8635Author: jcs@openbsd.org <jcs@openbsd.org>
8636Date: Sun Nov 15 22:26:49 2015 +0000
8637
8638 upstream commit
8639
8640 Add an AddKeysToAgent client option which can be set to
8641 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
8642 private key that is used during authentication will be added to ssh-agent if
8643 it is running (with confirmation enabled if set to 'confirm').
8644
8645 Initial version from Joachim Schipper many years ago.
8646
8647 ok markus@
8648
8649 Upstream-ID: a680db2248e8064ec55f8be72d539458c987d5f4
8650
8651commit d87063d9baf5479b6e813d47dfb694a97df6f6f5
8652Author: djm@openbsd.org <djm@openbsd.org>
8653Date: Fri Nov 13 04:39:35 2015 +0000
8654
8655 upstream commit
8656
8657 send SSH2_MSG_UNIMPLEMENTED replies to unexpected
8658 messages during KEX; bz#2949, ok dtucker@
8659
8660 Upstream-ID: 2b3abdff344d53c8d505f45c83a7b12e84935786
8661
8662commit 9fd04681a1e9b0af21e08ff82eb674cf0a499bfc
8663Author: djm@openbsd.org <djm@openbsd.org>
8664Date: Fri Nov 13 04:38:06 2015 +0000
8665
8666 upstream commit
8667
8668 Support "none" as an argument for sshd_config
8669 ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
8670 global default. bz#2486 ok dtucker@
8671
8672 Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
8673
8674commit 94bc0b72c29e511cbbc5772190d43282e5acfdfe
8675Author: djm@openbsd.org <djm@openbsd.org>
8676Date: Fri Nov 13 04:34:15 2015 +0000
8677
8678 upstream commit
8679
8680 support multiple certificates (one per line) and
8681 reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
8682
8683 Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
8684
8685commit b6b9108f5b561c83612cb97ece4134eb59fde071
8686Author: djm@openbsd.org <djm@openbsd.org>
8687Date: Fri Nov 13 02:57:46 2015 +0000
8688
8689 upstream commit
8690
8691 list a couple more options usable in Match blocks;
8692 bz#2489
8693
8694 Upstream-ID: e4d03f39d254db4c0cc54101921bb89fbda19879
8695
8696commit a7994b3f5a5a5a33b52b0a6065d08e888f0a99fb
8697Author: djm@openbsd.org <djm@openbsd.org>
8698Date: Wed Nov 11 04:56:39 2015 +0000
8699
8700 upstream commit
8701
8702 improve PEEK/POKE macros: better casts, don't multiply
8703 evaluate arguments; ok deraadt@
8704
8705 Upstream-ID: 9a1889e19647615ededbbabab89064843ba92d3e
8706
8707commit 7d4c7513a7f209cb303a608ac6e46b3f1dfc11ec
8708Author: djm@openbsd.org <djm@openbsd.org>
8709Date: Wed Nov 11 01:48:01 2015 +0000
8710
8711 upstream commit
8712
8713 remove prototypes for long-gone s/key support; ok
8714 dtucker@
8715
8716 Upstream-ID: db5bed3c57118af986490ab23d399df807359a79
8717
8718commit 07889c75926c040b8e095949c724e66af26441cb
8719Author: Damien Miller <djm@mindrot.org>
8720Date: Sat Nov 14 18:44:49 2015 +1100
8721
8722 read back from libcrypto RAND when privdropping
8723
8724 makes certain libcrypto implementations cache a /dev/urandom fd
8725 in preparation of sandboxing. Based on patch by Greg Hartman.
8726
8727commit 1560596f44c01bb0cef977816410950ed17b8ecd
8728Author: Darren Tucker <dtucker@zip.com.au>
8729Date: Tue Nov 10 11:14:47 2015 +1100
8730
8731 Fix compiler warnings in the openssl header check.
8732
8733 Noted by Austin English.
8734
8735commit e72a8575ffe1d8adff42c9abe9ca36938acc036b
8736Author: jmc@openbsd.org <jmc@openbsd.org>
8737Date: Sun Nov 8 23:24:03 2015 +0000
8738
8739 upstream commit
8740
8741 -c before -H, in SYNOPSIS and usage();
8742
8743 Upstream-ID: 25e8c58a69e1f37fcd54ac2cd1699370acb5e404
8744
8745commit 3a424cdd21db08c7b0ded902f97b8f02af5aa485
8746Author: djm@openbsd.org <djm@openbsd.org>
8747Date: Sun Nov 8 22:30:20 2015 +0000
8748
8749 upstream commit
8750
8751 Add "ssh-keyscan -c ..." flag to allow fetching
8752 certificates instead of plain keys; ok markus@
8753
8754 Upstream-ID: 0947e2177dba92339eced9e49d3c5bf7dda69f82
8755
8756commit 69fead5d7cdaa73bdece9fcba80f8e8e70b90346
8757Author: jmc@openbsd.org <jmc@openbsd.org>
8758Date: Sun Nov 8 22:08:38 2015 +0000
8759
8760 upstream commit
8761
8762 remove slogin links; ok deraadt markus djm
8763
8764 Upstream-ID: 39ba08548acde4c54f2d4520c202c2a863a3c730
8765
8766commit 2fecfd486bdba9f51b3a789277bb0733ca36e1c0
8767Author: djm@openbsd.org <djm@openbsd.org>
8768Date: Sun Nov 8 21:59:11 2015 +0000
8769
8770 upstream commit
8771
8772 fix OOB read in packet code caused by missing return
8773 statement found by Ben Hawkes; ok markus@ deraadt@
8774
8775 Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
8776
8777commit 5e288923a303ca672b686908320bc5368ebec6e6
8778Author: mmcc@openbsd.org <mmcc@openbsd.org>
8779Date: Fri Nov 6 00:31:41 2015 +0000
8780
8781 upstream commit
8782
8783 1. rlogin and rsh are long gone 2. protocol version isn't
8784 of core relevance here, and v1 is going away
8785
8786 ok markus@, deraadt@
8787
8788 Upstream-ID: 8b46bc94cf1ca7c8c1a75b1c958b2bb38d7579c8
8789
8790commit 8b29008bbe97f33381d9b4b93fcfa304168d0286
8791Author: jmc@openbsd.org <jmc@openbsd.org>
8792Date: Thu Nov 5 09:48:05 2015 +0000
8793
8794 upstream commit
8795
8796 "commandline" -> "command line", since there are so few
8797 examples of the former in the pages, so many of the latter, and in some of
8798 these pages we had multiple spellings;
8799
8800 prompted by tj
8801
8802 Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
8803
8804commit 996b24cebf20077fbe5db07b3a2c20c2d9db736e
8805Author: Darren Tucker <dtucker@zip.com.au>
8806Date: Thu Oct 29 20:57:34 2015 +1100
8807
8808 (re)wrap SYS_sendsyslog in ifdef.
8809
8810 Replace ifdef that went missing in commit
8811 c61b42f2678f21f05653ac2d3d241b48ab5d59ac. Fixes build on older
8812 OpenBSDs.
8813
8814commit b67e2e76fcf1ae7c802eb27ca927e16c91a513ff
8815Author: djm@openbsd.org <djm@openbsd.org>
8816Date: Thu Oct 29 08:05:17 2015 +0000
8817
8818 upstream commit
8819
8820 regress test for "PubkeyAcceptedKeyTypes +..." inside a
8821 Match block
8822
8823 Upstream-Regress-ID: 246c37ed64a2e5704d4c158ccdca1ff700e10647
8824
8825commit abd9dbc3c0d8c8c7561347cfa22166156e78c077
8826Author: dtucker@openbsd.org <dtucker@openbsd.org>
8827Date: Mon Oct 26 02:50:58 2015 +0000
8828
8829 upstream commit
8830
8831 Fix typo certopt->certopts in shell variable. This would
8832 cause the test to hang at a host key prompt if you have an A or CNAME for
8833 "proxy" in your local domain.
8834
8835 Upstream-Regress-ID: 6ea03bcd39443a83c89e2c5606392ceb9585836a
8836
8837commit ed08510d38aef930a061ae30d10f2a9cf233bafa
8838Author: djm@openbsd.org <djm@openbsd.org>
8839Date: Thu Oct 29 08:05:01 2015 +0000
8840
8841 upstream commit
8842
8843 Fix "PubkeyAcceptedKeyTypes +..." inside a Match block;
8844 ok dtucker@
8845
8846 Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
8847
8848commit a4aef3ed29071719b2af82fdf1ac3c2514f82bc5
8849Author: djm@openbsd.org <djm@openbsd.org>
8850Date: Tue Oct 27 08:54:52 2015 +0000
8851
8852 upstream commit
8853
8854 fix execv arguments in a way less likely to cause grief
8855 for -portable; ok dtucker@
8856
8857 Upstream-ID: 5902bf0ea0371f39f1300698dc3b8e4105fc0fc5
8858
8859commit 63d188175accea83305e89fafa011136ff3d96ad
8860Author: djm@openbsd.org <djm@openbsd.org>
8861Date: Tue Oct 27 01:44:45 2015 +0000
8862
8863 upstream commit
8864
8865 log certificate serial in verbose() messages to match the
8866 main auth success/fail message; ok dtucker@
8867
8868 Upstream-ID: dfc48b417c320b97c36ff351d303c142f2186288
8869
8870commit 2aaba0cfd560ecfe92aa50c00750e6143842cf1f
8871Author: djm@openbsd.org <djm@openbsd.org>
8872Date: Tue Oct 27 00:49:53 2015 +0000
8873
8874 upstream commit
8875
8876 avoid de-const warning & shrink; ok dtucker@
8877
8878 Upstream-ID: 69a85ef94832378952a22c172009cbf52aaa11db
8879
8880commit 03239c18312b9bab7d1c3b03062c61e8bbc1ca6e
8881Author: dtucker@openbsd.org <dtucker@openbsd.org>
8882Date: Sun Oct 25 23:42:00 2015 +0000
8883
8884 upstream commit
8885
8886 Expand tildes in filenames passed to -i before checking
8887 whether or not the identity file exists. This means that if the shell
8888 doesn't do the expansion (eg because the option and filename were given as a
8889 single argument) then we'll still add the key. bz#2481, ok markus@
8890
8891 Upstream-ID: db1757178a14ac519e9a3e1a2dbd21113cb3bfc6
8892
8893commit 97e184e508dd33c37860c732c0eca3fc57698b40
8894Author: dtucker@openbsd.org <dtucker@openbsd.org>
8895Date: Sun Oct 25 23:14:03 2015 +0000
8896
8897 upstream commit
8898
8899 Do not prepend "exec" to the shell command run by "Match
8900 exec" in a config file. It's an unnecessary optimization from repurposed
8901 ProxyCommand code and prevents some things working with some shells.
8902 bz#2471, pointed out by res at qoxp.net. ok markus@
8903
8904 Upstream-ID: a1ead25ae336bfa15fb58d8c6b5589f85b4c33a3
8905
8906commit 8db134e7f457bcb069ec72bc4ee722e2af557c69
8907Author: Darren Tucker <dtucker@zip.com.au>
8908Date: Thu Oct 29 10:48:23 2015 +1100
8909
8910 Prevent name collisions with system glob (bz#2463)
8911
8912 Move glob.h from includes.h to the only caller (sftp) and override the
8913 names for the symbols. This prevents name collisions with the system glob
8914 in the case where something other than ssh uses it (eg kerberos). With
8915 jjelen at redhat.com, ok djm@
8916
8917commit 86c10dbbef6a5800d2431a66cf7f41a954bb62b5
8918Author: dtucker@openbsd.org <dtucker@openbsd.org>
8919Date: Fri Oct 23 02:22:01 2015 +0000
8920
8921 upstream commit
8922
8923 Update expected group sizes to match recent code changes.
8924
8925 Upstream-Regress-ID: 0004f0ea93428969fe75bcfff0d521c553977794
8926
8927commit 9ada37d36003a77902e90a3214981e417457cf13
8928Author: djm@openbsd.org <djm@openbsd.org>
8929Date: Sat Oct 24 22:56:19 2015 +0000
8930
8931 upstream commit
8932
8933 fix keyscan output for multiple hosts/addrs on one line
8934 when host hashing or a non standard port is in use; bz#2479 ok dtucker@
8935
8936 Upstream-ID: 5321dabfaeceba343da3c8a8b5754c6f4a0a307b
8937
8938commit 44fc7cd7dcef6c52c6b7e9ff830dfa32879bd319
8939Author: djm@openbsd.org <djm@openbsd.org>
8940Date: Sat Oct 24 22:52:22 2015 +0000
8941
8942 upstream commit
8943
8944 skip "Could not chdir to home directory" message when
8945 chrooted
8946
8947 patch from Christian Hesse in bz#2485 ok dtucker@
8948
8949 Upstream-ID: 86783c1953da426dff5b03b03ce46e699d9e5431
8950
8951commit a820a8618ec44735dabc688fab96fba38ad66bb2
8952Author: sthen@openbsd.org <sthen@openbsd.org>
8953Date: Sat Oct 24 08:34:09 2015 +0000
8954
8955 upstream commit
8956
8957 Handle the split of tun(4) "link0" into tap(4) in ssh
8958 tun-forwarding. Adapted from portable (using separate devices for this is the
8959 normal case in most OS). ok djm@
8960
8961 Upstream-ID: 90facf4c59ce73d6741db1bc926e578ef465cd39
8962
8963commit 66d2e229baa9fe57b868c373b05f7ff3bb20055b
8964Author: gsoares@openbsd.org <gsoares@openbsd.org>
8965Date: Wed Oct 21 11:33:03 2015 +0000
8966
8967 upstream commit
8968
8969 fix memory leak in error path ok djm@
8970
8971 Upstream-ID: dd2f402b0a0029b755df029fc7f0679e1365ce35
8972
8973commit 7d6c0362039ceacdc1366b5df29ad5d2693c13e5
8974Author: mmcc@openbsd.org <mmcc@openbsd.org>
8975Date: Tue Oct 20 23:24:25 2015 +0000
8976
8977 upstream commit
8978
8979 Compare pointers to NULL rather than 0.
8980
8981 ok djm@
8982
8983 Upstream-ID: 21616cfea27eda65a06e772cc887530b9a1a27f8
8984
8985commit f98a09cacff7baad8748c9aa217afd155a4d493f
8986Author: mmcc@openbsd.org <mmcc@openbsd.org>
8987Date: Tue Oct 20 03:36:35 2015 +0000
8988
8989 upstream commit
8990
8991 Replace a function-local allocation with stack memory.
8992
8993 ok djm@
8994
8995 Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
8996
8997commit ac908c1eeacccfa85659594d92428659320fd57e
8998Author: Damien Miller <djm@mindrot.org>
8999Date: Thu Oct 22 09:35:24 2015 +1100
9000
9001 turn off PrintLastLog when --disable-lastlog
9002
9003 bz#2278 from Brent Paulson
9004
9005commit b56deb847f4a0115a8bf488bf6ee8524658162fd
9006Author: djm@openbsd.org <djm@openbsd.org>
9007Date: Fri Oct 16 22:32:22 2015 +0000
9008
9009 upstream commit
9010
9011 increase the minimum modulus that we will send or accept in
9012 diffie-hellman-group-exchange to 2048 bits; ok markus@
9013
9014 Upstream-ID: 06dce7a24c17b999a0f5fadfe95de1ed6a1a9b6a
9015
9016commit 5ee0063f024bf5b3f3ffb275b8cd20055d62b4b9
9017Author: djm@openbsd.org <djm@openbsd.org>
9018Date: Fri Oct 16 18:40:49 2015 +0000
9019
9020 upstream commit
9021
9022 better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
9023 hostname canonicalisation - treat them as already canonical and remove the
9024 trailing '.' before matching ssh_config; ok markus@
9025
9026 Upstream-ID: f7619652e074ac3febe8363f19622aa4853b679a
9027
9028commit e92c499a75477ecfe94dd7b4aed89f20b1fac5a7
9029Author: mmcc@openbsd.org <mmcc@openbsd.org>
9030Date: Fri Oct 16 17:07:24 2015 +0000
9031
9032 upstream commit
9033
9034 0 -> NULL when comparing with a char*.
9035
9036 ok dtucker@, djm@.
9037
9038 Upstream-ID: a928e9c21c0a9020727d99738ff64027c1272300
9039
9040commit b1d38a3cc6fe349feb8d16a5f520ef12d1de7cb2
9041Author: djm@openbsd.org <djm@openbsd.org>
9042Date: Thu Oct 15 23:51:40 2015 +0000
9043
9044 upstream commit
9045
9046 fix some signed/unsigned integer type mismatches in
9047 format strings; reported by Nicholas Lemonias
9048
9049 Upstream-ID: 78cd55420a0eef68c4095bdfddd1af84afe5f95c
9050
9051commit 1a2663a15d356bb188196b6414b4c50dc12fd42b
9052Author: djm@openbsd.org <djm@openbsd.org>
9053Date: Thu Oct 15 23:08:23 2015 +0000
9054
9055 upstream commit
9056
9057 argument to sshkey_from_private() and sshkey_demote()
9058 can't be NULL
9059
9060 Upstream-ID: 0111245b1641d387977a9b38da15916820a5fd1f
9061
9062commit 0f754e29dd3760fc0b172c1220f18b753fb0957e
9063Author: Damien Miller <djm@mindrot.org>
9064Date: Fri Oct 16 10:53:14 2015 +1100
9065
9066 need va_copy before va_start
9067
9068 reported by Nicholas Lemonias
9069
9070commit eb6c50d82aa1f0d3fc95f5630ea69761e918bfcd
9071Author: Damien Miller <djm@mindrot.org>
9072Date: Thu Oct 15 15:48:28 2015 -0700
9073
9074 fix compilation on systems without SYMLOOP_MAX
9075
9076commit fafe1d84a210fb3dae7744f268059cc583db8c12
9077Author: Damien Miller <djm@mindrot.org>
9078Date: Wed Oct 14 09:22:15 2015 -0700
9079
9080 s/SANDBOX_TAME/SANDBOX_PLEDGE/g
9081
9082commit 8f22911027ff6c17d7226d232ccd20727f389310
9083Author: Damien Miller <djm@mindrot.org>
9084Date: Wed Oct 14 08:28:19 2015 +1100
9085
9086 upstream commit
9087
9088 revision 1.20
9089 date: 2015/10/13 20:55:37; author: millert; state: Exp; lines: +2 -2; commitid: X39sl5ay1czgFIgp;
9090 In rev 1.15 the sizeof argument was fixed in a strlcat() call but
9091 the truncation check immediately following it was not updated to
9092 match. Not an issue in practice since the buffers are the same
9093 size. OK deraadt@
9094
9095commit 23fa695bb735f54f04d46123662609edb6c76767
9096Author: Damien Miller <djm@mindrot.org>
9097Date: Wed Oct 14 08:27:51 2015 +1100
9098
9099 upstream commit
9100
9101 revision 1.19
9102 date: 2015/01/16 16:48:51; author: deraadt; state: Exp; lines: +3 -3; commitid: 0DYulI8hhujBHMcR;
9103 Move to the <limits.h> universe.
9104 review by millert, binary checking process with doug, concept with guenther
9105
9106commit c71be375a69af00c2d0a0c24d8752bec12d8fd1b
9107Author: Damien Miller <djm@mindrot.org>
9108Date: Wed Oct 14 08:27:08 2015 +1100
9109
9110 upstream commit
9111
9112 revision 1.18
9113 date: 2014/10/19 03:56:28; author: doug; state: Exp; lines: +9 -9; commitid: U6QxmtbXrGoc02S5;
9114 Revert last commit due to changed semantics found by make release.
9115
9116commit c39ad23b06e9aecc3ff788e92f787a08472905b1
9117Author: Damien Miller <djm@mindrot.org>
9118Date: Wed Oct 14 08:26:24 2015 +1100
9119
9120 upstream commit
9121
9122 revision 1.17
9123 date: 2014/10/18 20:43:52; author: doug; state: Exp; lines: +10 -10; commitid: I74hI1tVZtsspKEt;
9124 Better POSIX compliance in realpath(3).
9125
9126 millert@ made changes to realpath.c based on FreeBSD's version. I merged
9127 Todd's changes into dl_realpath.c.
9128
9129 ok millert@, guenther@
9130
9131commit e929a43f957dbd1254aca2aaf85c8c00cbfc25f4
9132Author: Damien Miller <djm@mindrot.org>
9133Date: Wed Oct 14 08:25:55 2015 +1100
9134
9135 upstream commit
9136
9137 revision 1.16
9138 date: 2013/04/05 12:59:54; author: kurt; state: Exp; lines: +3 -1;
9139 - Add comments regarding copies of these files also in libexec/ld.so
9140 okay guenther@
9141
9142commit 5225db68e58a1048cb17f0e36e0d33bc4a8fc410
9143Author: Damien Miller <djm@mindrot.org>
9144Date: Wed Oct 14 08:25:32 2015 +1100
9145
9146 upstream commit
9147
9148 revision 1.15
9149 date: 2012/09/13 15:39:05; author: deraadt; state: Exp; lines: +2 -2;
9150 specify the bounds of the dst to strlcat (both values were static and
9151 equal, but it is more correct)
9152 from Michal Mazurek
9153
9154commit 7365fe5b4859de2305e40ea132da3823830fa710
9155Author: Damien Miller <djm@mindrot.org>
9156Date: Wed Oct 14 08:25:09 2015 +1100
9157
9158 upstream commit
9159
9160 revision 1.14
9161 date: 2011/07/24 21:03:00; author: miod; state: Exp; lines: +35 -13;
9162 Recent Single Unix will malloc memory if the second argument of realpath()
9163 is NULL, and third-party software is starting to rely upon this.
9164 Adapted from FreeBSD via Jona Joachim (jaj ; hcl-club , .lu), with minor
9165 tweaks from nicm@ and yours truly.
9166
9167commit e679c09cd1951f963793aa3d9748d1c3fdcf808f
9168Author: djm@openbsd.org <djm@openbsd.org>
9169Date: Tue Oct 13 16:15:21 2015 +0000
9170
9171 upstream commit
9172
9173 apply PubkeyAcceptedKeyTypes filtering earlier, so all
9174 skipped keys are noted before pubkey authentication starts. ok dtucker@
9175
9176 Upstream-ID: ba4f52f54268a421a2a5f98bb375403f4cb044b8
9177
9178commit 179c353f564ec7ada64b87730b25fb41107babd7
9179Author: djm@openbsd.org <djm@openbsd.org>
9180Date: Tue Oct 13 00:21:27 2015 +0000
9181
9182 upstream commit
9183
9184 free the correct IV length, don't assume it's always the
9185 cipher blocksize; ok dtucker@
9186
9187 Upstream-ID: c260d9e5ec73628d9ff4b067fbb060eff5a7d298
9188
9189commit 2539dce2a049a8f6bb0d44cac51f07ad48e691d3
9190Author: deraadt@openbsd.org <deraadt@openbsd.org>
9191Date: Fri Oct 9 01:37:08 2015 +0000
9192
9193 upstream commit
9194
9195 Change all tame callers to namechange to pledge(2).
9196
9197 Upstream-ID: 17e654fc27ceaf523c60f4ffd9ec7ae4e7efc7f2
9198
9199commit 9846a2f4067383bb76b4e31a9d2303e0a9c13a73
9200Author: Damien Miller <djm@mindrot.org>
9201Date: Thu Oct 8 04:30:48 2015 +1100
9202
9203 hook tame(2) sandbox up to build
9204
9205 OpenBSD only for now
9206
9207commit 0c46bbe68b70bdf0d6d20588e5847e71f3739fe6
9208Author: djm@openbsd.org <djm@openbsd.org>
9209Date: Wed Oct 7 15:59:12 2015 +0000
9210
9211 upstream commit
9212
9213 include PubkeyAcceptedKeyTypes in ssh -G config dump
9214
9215 Upstream-ID: 6c097ce6ffebf6fe393fb7988b5d152a5d6b36bb
9216
9217commit bdcb73fb7641b1cf73c0065d1a0dd57b1e8b778e
9218Author: sobrado@openbsd.org <sobrado@openbsd.org>
9219Date: Wed Oct 7 14:45:30 2015 +0000
9220
9221 upstream commit
9222
9223 UsePrivilegeSeparation defaults to sandbox now.
9224
9225 ok djm@
9226
9227 Upstream-ID: bff136c38bcae89df82e044d2f42de21e1ad914f
9228
9229commit 2905d6f99c837bb699b6ebc61711b19acd030709
9230Author: djm@openbsd.org <djm@openbsd.org>
9231Date: Wed Oct 7 00:54:06 2015 +0000
9232
9233 upstream commit
9234
9235 don't try to change tun device flags if they are already
9236 what we need; makes it possible to use tun/tap networking as non- root user
9237 if device permissions and interface flags are pre-established; based on patch
9238 by Ossi Herrala
9239
9240 Upstream-ID: 89099ac4634cd477b066865acf54cb230780fd21
9241
9242commit 0dc74512bdb105b048883f07de538b37e5e024d4
9243Author: Damien Miller <djm@mindrot.org>
9244Date: Mon Oct 5 18:33:05 2015 -0700
9245
9246 unbreak merge botch
9247
9248commit fdd020e86439afa7f537e2429d29d4b744c94331
9249Author: djm@openbsd.org <djm@openbsd.org>
9250Date: Tue Oct 6 01:20:59 2015 +0000
9251
9252 upstream commit
9253
9254 adapt to recent sshkey_parse_private_fileblob() API
9255 change
9256
9257 Upstream-Regress-ID: 5c0d818da511e33e0abf6a92a31bd7163b7ad988
9258
9259commit 21ae8ee3b630b0925f973db647a1b9aa5fcdd4c5
9260Author: djm@openbsd.org <djm@openbsd.org>
9261Date: Thu Sep 24 07:15:39 2015 +0000
9262
9263 upstream commit
9264
9265 fix command-line option to match what was actually
9266 committed
9267
9268 Upstream-Regress-ID: 3e8c24a2044e8afd37e7ce17b69002ca817ac699
9269
9270commit e14ac43b75e68f1ffbd3e1a5e44143c8ae578dcd
9271Author: djm@openbsd.org <djm@openbsd.org>
9272Date: Thu Sep 24 06:16:53 2015 +0000
9273
9274 upstream commit
9275
9276 regress test for CertificateFile; patch from Meghana Bhat
9277 via bz#2436
9278
9279 Upstream-Regress-ID: e7a6e980cbe0f8081ba2e83de40d06c17be8bd25
9280
9281commit 905b054ed24e0d5b4ef226ebf2c8bfc02ae6d4ad
9282Author: djm@openbsd.org <djm@openbsd.org>
9283Date: Mon Oct 5 17:11:21 2015 +0000
9284
9285 upstream commit
9286
9287 some more bzero->explicit_bzero, from Michael McConville
9288
9289 Upstream-ID: 17f19545685c33327db2efdc357c1c9225ff00d0
9290
9291commit b007159a0acdbcf65814b3ee05dbe2cf4ea46011
9292Author: deraadt@openbsd.org <deraadt@openbsd.org>
9293Date: Fri Oct 2 15:52:55 2015 +0000
9294
9295 upstream commit
9296
9297 fix email
9298
9299 Upstream-ID: 72150f2d54b94de14ebef1ea054ef974281bf834
9300
9301commit b19e1b4ab11884c4f62aee9f8ab53127a4732658
9302Author: deraadt@openbsd.org <deraadt@openbsd.org>
9303Date: Fri Oct 2 01:39:52 2015 +0000
9304
9305 upstream commit
9306
9307 a sandbox using tame ok djm
9308
9309 Upstream-ID: 4ca24e47895e72f5daaa02f3e3d3e5ca2d820fa3
9310
9311commit c61b42f2678f21f05653ac2d3d241b48ab5d59ac
9312Author: deraadt@openbsd.org <deraadt@openbsd.org>
9313Date: Fri Oct 2 01:39:26 2015 +0000
9314
9315 upstream commit
9316
9317 re-order system calls in order of risk, ok i'll be
9318 honest, ordered this way they look like tame... ok djm
9319
9320 Upstream-ID: 42a1e6d251fd8be13c8262bee026059ae6328813
9321
9322commit c5f7c0843cb6e6074a93c8ac34e49ce33a6f5546
9323Author: jmc@openbsd.org <jmc@openbsd.org>
9324Date: Fri Sep 25 18:19:54 2015 +0000
9325
9326 upstream commit
9327
9328 some certificatefile tweaks; ok djm
9329
9330 Upstream-ID: 0e5a7852c28c05fc193419cc7e50e64c1c535af0
9331
9332commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8
9333Author: djm@openbsd.org <djm@openbsd.org>
9334Date: Thu Sep 24 06:15:11 2015 +0000
9335
9336 upstream commit
9337
9338 add ssh_config CertificateFile option to explicitly list
9339 a certificate; patch from Meghana Bhat on bz#2436; ok markus@
9340
9341 Upstream-ID: 58648ec53c510b41c1f46d8fe293aadc87229ab8
9342
9343commit e3cbb06ade83c72b640a53728d362bbefa0008e2
9344Author: sobrado@openbsd.org <sobrado@openbsd.org>
9345Date: Tue Sep 22 08:33:23 2015 +0000
9346
9347 upstream commit
9348
9349 fix two typos.
9350
9351 Upstream-ID: 424402c0d8863a11b51749bacd7f8d932083b709