summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog933
1 files changed, 572 insertions, 361 deletions
diff --git a/ChangeLog b/ChangeLog
index c63681f16..ed0502115 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,575 @@
1commit 1dc8d93ce69d6565747eb44446ed117187621b26
2Author: deraadt@openbsd.org <deraadt@openbsd.org>
3Date: Thu Aug 6 14:53:21 2015 +0000
4
5 upstream commit
6
7 add prohibit-password as a synonymn for without-password,
8 since the without-password is causing too many questions. Harden it to ban
9 all but pubkey, hostbased, and GSSAPI auth (when the latter is enabled) from
10 djm, ok markus
11
12 Upstream-ID: d53317d7b28942153e6236d3fd6e12ceb482db7a
13
14commit 90a95a4745a531b62b81ce3b025e892bdc434de5
15Author: Damien Miller <djm@mindrot.org>
16Date: Tue Aug 11 13:53:41 2015 +1000
17
18 update version in README
19
20commit 318c37743534b58124f1bab37a8a0087a3a9bd2f
21Author: Damien Miller <djm@mindrot.org>
22Date: Tue Aug 11 13:53:09 2015 +1000
23
24 update versions in *.spec
25
26commit 5e75f5198769056089fb06c4d738ab0e5abc66f7
27Author: Damien Miller <djm@mindrot.org>
28Date: Tue Aug 11 13:34:12 2015 +1000
29
30 set sshpam_ctxt to NULL after free
31
32 Avoids use-after-free in monitor when privsep child is compromised.
33 Reported by Moritz Jodeit; ok dtucker@
34
35commit d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
36Author: Damien Miller <djm@mindrot.org>
37Date: Tue Aug 11 13:33:24 2015 +1000
38
39 Don't resend username to PAM; it already has it.
40
41 Pointed out by Moritz Jodeit; ok dtucker@
42
43commit 88763a6c893bf3dfe951ba9271bf09715e8d91ca
44Author: Darren Tucker <dtucker@zip.com.au>
45Date: Mon Jul 27 12:14:25 2015 +1000
46
47 Import updated moduli file from OpenBSD.
48
49commit 55b263fb7cfeacb81aaf1c2036e0394c881637da
50Author: Damien Miller <djm@mindrot.org>
51Date: Mon Aug 10 11:13:44 2015 +1000
52
53 let principals-command.sh work for noexec /var/run
54
55commit 2651e34cd11b1aac3a0fe23b86d8c2ff35c07897
56Author: Damien Miller <djm@mindrot.org>
57Date: Thu Aug 6 11:43:42 2015 +1000
58
59 work around echo -n / sed behaviour in tests
60
61commit d85dad81778c1aa8106acd46930b25fdf0d15b2a
62Author: djm@openbsd.org <djm@openbsd.org>
63Date: Wed Aug 5 05:27:33 2015 +0000
64
65 upstream commit
66
67 adjust for RSA minimum modulus switch; ok deraadt@
68
69 Upstream-Regress-ID: 5a72c83431b96224d583c573ca281cd3a3ebfdae
70
71commit 57e8e229bad5fe6056b5f1199665f5f7008192c6
72Author: djm@openbsd.org <djm@openbsd.org>
73Date: Tue Aug 4 05:23:06 2015 +0000
74
75 upstream commit
76
77 backout SSH_RSA_MINIMUM_MODULUS_SIZE increase for this
78 release; problems spotted by sthen@ ok deraadt@ markus@
79
80 Upstream-ID: d0bd60dde9e8c3cd7030007680371894c1499822
81
82commit f097d0ea1e0889ca0fa2e53a00214e43ab7fa22a
83Author: djm@openbsd.org <djm@openbsd.org>
84Date: Sun Aug 2 09:56:42 2015 +0000
85
86 upstream commit
87
88 openssh 7.0; ok deraadt@
89
90 Upstream-ID: c63afdef537f57f28ae84145c5a8e29e9250221f
91
92commit 3d5728a0f6874ce4efb16913a12963595070f3a9
93Author: chris@openbsd.org <chris@openbsd.org>
94Date: Fri Jul 31 15:38:09 2015 +0000
95
96 upstream commit
97
98 Allow PermitRootLogin to be overridden by config
99
100 ok markus@ deeradt@
101
102 Upstream-ID: 5cf3e26ed702888de84e2dc9d0054ccf4d9125b4
103
104commit 6f941396b6835ad18018845f515b0c4fe20be21a
105Author: djm@openbsd.org <djm@openbsd.org>
106Date: Thu Jul 30 23:09:15 2015 +0000
107
108 upstream commit
109
110 fix pty permissions; patch from Nikolay Edigaryev; ok
111 deraadt
112
113 Upstream-ID: 40ff076d2878b916fbfd8e4f45dbe5bec019e550
114
115commit f4373ed1e8fbc7c8ce3fc4ea97d0ba2e0c1d7ef0
116Author: deraadt@openbsd.org <deraadt@openbsd.org>
117Date: Thu Jul 30 19:23:02 2015 +0000
118
119 upstream commit
120
121 change default: PermitRootLogin without-password matching
122 install script changes coming as well ok djm markus
123
124 Upstream-ID: 0e2a6c4441daf5498b47a61767382bead5eb8ea6
125
126commit 0c30ba91f87fcda7e975e6ff8a057f624e87ea1c
127Author: Damien Miller <djm@mindrot.org>
128Date: Thu Jul 30 12:31:39 2015 +1000
129
130 downgrade OOM adjustment logging: verbose -> debug
131
132commit f9eca249d4961f28ae4b09186d7dc91de74b5895
133Author: djm@openbsd.org <djm@openbsd.org>
134Date: Thu Jul 30 00:01:34 2015 +0000
135
136 upstream commit
137
138 Allow ssh_config and sshd_config kex parameters options be
139 prefixed by a '+' to indicate that the specified items be appended to the
140 default rather than replacing it.
141
142 approach suggested by dtucker@, feedback dlg@, ok markus@
143
144 Upstream-ID: 0f901137298fc17095d5756ff1561a7028e8882a
145
146commit 5cefe769105a2a2e3ca7479d28d9a325d5ef0163
147Author: djm@openbsd.org <djm@openbsd.org>
148Date: Wed Jul 29 08:34:54 2015 +0000
149
150 upstream commit
151
152 fix bug in previous; was printing incorrect string for
153 failed host key algorithms negotiation
154
155 Upstream-ID: 22c0dc6bc61930513065d92e11f0753adc4c6e6e
156
157commit f319912b0d0e1675b8bb051ed8213792c788bcb2
158Author: djm@openbsd.org <djm@openbsd.org>
159Date: Wed Jul 29 04:43:06 2015 +0000
160
161 upstream commit
162
163 include the peer's offer when logging a failure to
164 negotiate a mutual set of algorithms (kex, pubkey, ciphers, etc.) ok markus@
165
166 Upstream-ID: bbb8caabf5c01790bb845f5ce135565248d7c796
167
168commit b6ea0e573042eb85d84defb19227c89eb74cf05a
169Author: djm@openbsd.org <djm@openbsd.org>
170Date: Tue Jul 28 23:20:42 2015 +0000
171
172 upstream commit
173
174 add Cisco to the list of clients that choke on the
175 hostkeys update extension. Pointed out by Howard Kash
176
177 Upstream-ID: c9eadde28ecec056c73d09ee10ba4570dfba7e84
178
179commit 3f628c7b537291c1019ce86af90756fb4e66d0fd
180Author: guenther@openbsd.org <guenther@openbsd.org>
181Date: Mon Jul 27 16:29:23 2015 +0000
182
183 upstream commit
184
185 Permit kbind(2) use in the sandbox now, to ease testing
186 of ld.so work using it
187
188 reminded by miod@, ok deraadt@
189
190 Upstream-ID: 523922e4d1ba7a091e3824e77a8a3c818ee97413
191
192commit ebe27ebe520098bbc0fe58945a87ce8490121edb
193Author: millert@openbsd.org <millert@openbsd.org>
194Date: Mon Jul 20 18:44:12 2015 +0000
195
196 upstream commit
197
198 Move .Pp before .Bl, not after to quiet mandoc -Tlint.
199 Noticed by jmc@
200
201 Upstream-ID: 59fadbf8407cec4e6931e50c53cfa0214a848e23
202
203commit d5d91d0da819611167782c66ab629159169d94d4
204Author: millert@openbsd.org <millert@openbsd.org>
205Date: Mon Jul 20 18:42:35 2015 +0000
206
207 upstream commit
208
209 Sync usage with SYNOPSIS
210
211 Upstream-ID: 7a321a170181a54f6450deabaccb6ef60cf3f0b7
212
213commit 79ec2142fbc68dd2ed9688608da355fc0b1ed743
214Author: millert@openbsd.org <millert@openbsd.org>
215Date: Mon Jul 20 15:39:52 2015 +0000
216
217 upstream commit
218
219 Better desciption of Unix domain socket forwarding.
220 bz#2423; ok jmc@
221
222 Upstream-ID: 85e28874726897e3f26ae50dfa2e8d2de683805d
223
224commit d56fd1828074a4031b18b8faa0bf949669eb18a0
225Author: Damien Miller <djm@mindrot.org>
226Date: Mon Jul 20 11:19:51 2015 +1000
227
228 make realpath.c compile -Wsign-compare clean
229
230commit c63c9a691dca26bb7648827f5a13668832948929
231Author: djm@openbsd.org <djm@openbsd.org>
232Date: Mon Jul 20 00:30:01 2015 +0000
233
234 upstream commit
235
236 mention that the default of UseDNS=no implies that
237 hostnames cannot be used for host matching in sshd_config and
238 authorized_keys; bz#2045, ok dtucker@
239
240 Upstream-ID: 0812705d5f2dfa59aab01f2764ee800b1741c4e1
241
242commit 63ebcd0005e9894fcd6871b7b80aeea1fec0ff76
243Author: djm@openbsd.org <djm@openbsd.org>
244Date: Sat Jul 18 08:02:17 2015 +0000
245
246 upstream commit
247
248 don't ignore PKCS#11 hosted keys that return empty
249 CKA_ID; patch by Jakub Jelen via bz#2429; ok markus
250
251 Upstream-ID: 2f7c94744eb0342f8ee8bf97b2351d4e00116485
252
253commit b15fd989c8c62074397160147a8d5bc34b3f3c63
254Author: djm@openbsd.org <djm@openbsd.org>
255Date: Sat Jul 18 08:00:21 2015 +0000
256
257 upstream commit
258
259 skip uninitialised PKCS#11 slots; patch from Jakub Jelen
260 in bz#2427 ok markus@
261
262 Upstream-ID: 744c1e7796e237ad32992d0d02148e8a18f27d29
263
264commit 5b64f85bb811246c59ebab70aed331f26ba37b18
265Author: djm@openbsd.org <djm@openbsd.org>
266Date: Sat Jul 18 07:57:14 2015 +0000
267
268 upstream commit
269
270 only query each keyboard-interactive device once per
271 authentication request regardless of how many times it is listed; ok markus@
272
273 Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1
274
275commit cd7324d0667794eb5c236d8a4e0f236251babc2d
276Author: djm@openbsd.org <djm@openbsd.org>
277Date: Fri Jul 17 03:34:27 2015 +0000
278
279 upstream commit
280
281 remove -u flag to diff (only used for error output) to make
282 things easier for -portable
283
284 Upstream-Regress-ID: a5d6777d2909540d87afec3039d9bb2414ade548
285
286commit deb8d99ecba70b67f4af7880b11ca8768df9ec3a
287Author: djm@openbsd.org <djm@openbsd.org>
288Date: Fri Jul 17 03:09:19 2015 +0000
289
290 upstream commit
291
292 direct-streamlocal@openssh.com Unix domain foward
293 messages do not contain a "reserved for future use" field and in fact,
294 serverloop.c checks that there isn't one. Remove erroneous mention from
295 PROTOCOL description. bz#2421 from Daniel Black
296
297 Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
298
299commit 356b61f365405b5257f5b2ab446e5d7bd33a7b52
300Author: djm@openbsd.org <djm@openbsd.org>
301Date: Fri Jul 17 03:04:27 2015 +0000
302
303 upstream commit
304
305 describe magic for setting up Unix domain socket fowards
306 via the mux channel; bz#2422 patch from Daniel Black
307
308 Upstream-ID: 943080fe3864715c423bdeb7c920bb30c4eee861
309
310commit d3e2aee41487d55b8d7d40f538b84ff1db7989bc
311Author: Darren Tucker <dtucker@zip.com.au>
312Date: Fri Jul 17 12:52:34 2015 +1000
313
314 Check if realpath works on nonexistent files.
315
316 On some platforms the native realpath doesn't work with non-existent
317 files (this is actually specified in some versions of POSIX), however
318 the sftp spec says its realpath with "canonicalize any given path name".
319 On those platforms, use realpath from the compat library.
320
321 In addition, when compiling with -DFORTIFY_SOURCE, glibc redefines
322 the realpath symbol to the checked version, so redefine ours to
323 something else so we pick up the compat version we want.
324
325 bz#2428, ok djm@
326
327commit 25b14610dab655646a109db5ef8cb4c4bf2a48a0
328Author: djm@openbsd.org <djm@openbsd.org>
329Date: Fri Jul 17 02:47:45 2015 +0000
330
331 upstream commit
332
333 fix incorrect test for SSH1 keys when compiled without SSH1
334 support
335
336 Upstream-ID: 6004d720345b8e481c405e8ad05ce2271726e451
337
338commit df56a8035d429b2184ee94aaa7e580c1ff67f73a
339Author: djm@openbsd.org <djm@openbsd.org>
340Date: Wed Jul 15 08:00:11 2015 +0000
341
342 upstream commit
343
344 fix NULL-deref when SSH1 reenabled
345
346 Upstream-ID: f22fd805288c92b3e9646782d15b48894b2d5295
347
348commit 41e38c4d49dd60908484e6703316651333f16b93
349Author: djm@openbsd.org <djm@openbsd.org>
350Date: Wed Jul 15 07:19:50 2015 +0000
351
352 upstream commit
353
354 regen RSA1 test keys; the last batch was missing their
355 private parts
356
357 Upstream-Regress-ID: 7ccf437305dd63ff0b48dd50c5fd0f4d4230c10a
358
359commit 5bf0933184cb622ca3f96d224bf3299fd2285acc
360Author: markus@openbsd.org <markus@openbsd.org>
361Date: Fri Jul 10 06:23:25 2015 +0000
362
363 upstream commit
364
365 Adapt tests, now that DSA if off by default; use
366 PubkeyAcceptedKeyTypes and PubkeyAcceptedKeyTypes to test DSA.
367
368 Upstream-Regress-ID: 0ff2a3ff5ac1ce5f92321d27aa07b98656efcc5c
369
370commit 7a6e3fd7b41dbd3756b6bf9acd67954c0b1564cc
371Author: markus@openbsd.org <markus@openbsd.org>
372Date: Tue Jul 7 14:54:16 2015 +0000
373
374 upstream commit
375
376 regen test data after mktestdata.sh changes
377
378 Upstream-Regress-ID: 3495ecb082b9a7c048a2d7c5c845d3bf181d25a4
379
380commit 7c8c174c69f681d4910fa41c37646763692b28e2
381Author: markus@openbsd.org <markus@openbsd.org>
382Date: Tue Jul 7 14:53:30 2015 +0000
383
384 upstream commit
385
386 adapt tests to new minimum RSA size and default FP format
387
388 Upstream-Regress-ID: a4b30afd174ce82b96df14eb49fb0b81398ffd0e
389
390commit 6a977a4b68747ade189e43d302f33403fd4a47ac
391Author: djm@openbsd.org <djm@openbsd.org>
392Date: Fri Jul 3 04:39:23 2015 +0000
393
394 upstream commit
395
396 legacy v00 certificates are gone; adapt and don't try to
397 test them; "sure" markus@ dtucker@
398
399 Upstream-Regress-ID: c57321e69b3cd4a3b3396dfcc43f0803d047da12
400
401commit 0c4123ad5e93fb90fee9c6635b13a6cdabaac385
402Author: djm@openbsd.org <djm@openbsd.org>
403Date: Wed Jul 1 23:11:18 2015 +0000
404
405 upstream commit
406
407 don't expect SSH v.1 in unittests
408
409 Upstream-Regress-ID: f8812b16668ba78e6a698646b2a652b90b653397
410
411commit 3c099845798a817cdde513c39074ec2063781f18
412Author: djm@openbsd.org <djm@openbsd.org>
413Date: Mon Jun 15 06:38:50 2015 +0000
414
415 upstream commit
416
417 turn SSH1 back on to match src/usr.bin/ssh being tested
418
419 Upstream-Regress-ID: 6c4f763a2f0cc6893bf33983919e9030ae638333
420
421commit b1dc2b33689668c75e95f873a42d5aea1f4af1db
422Author: dtucker@openbsd.org <dtucker@openbsd.org>
423Date: Mon Jul 13 04:57:14 2015 +0000
424
425 upstream commit
426
427 Add "PuTTY_Local:" to the clients to which we do not
428 offer DH-GEX. This was the string that was used for development versions
429 prior to September 2014 and they don't do RFC4419 DH-GEX, but unfortunately
430 there are some extant products based on those versions. bx2424 from Jay
431 Rouman, ok markus@ djm@
432
433 Upstream-ID: be34d41e18b966832fe09ca243d275b81882e1d5
434
435commit 3a1638dda19bbc73d0ae02b4c251ce08e564b4b9
436Author: markus@openbsd.org <markus@openbsd.org>
437Date: Fri Jul 10 06:21:53 2015 +0000
438
439 upstream commit
440
441 Turn off DSA by default; add HostKeyAlgorithms to the
442 server and PubkeyAcceptedKeyTypes to the client side, so it still can be
443 tested or turned back on; feedback and ok djm@
444
445 Upstream-ID: 8450a9e6d83f80c9bfed864ff061dfc9323cec21
446
447commit 16db0a7ee9a87945cc594d13863cfcb86038db59
448Author: markus@openbsd.org <markus@openbsd.org>
449Date: Thu Jul 9 09:49:46 2015 +0000
450
451 upstream commit
452
453 re-enable ed25519-certs if compiled w/o openssl; ok djm
454
455 Upstream-ID: e10c90808b001fd2c7a93778418e9b318f5c4c49
456
457commit c355bf306ac33de6545ce9dac22b84a194601e2f
458Author: markus@openbsd.org <markus@openbsd.org>
459Date: Wed Jul 8 20:24:02 2015 +0000
460
461 upstream commit
462
463 no need to include the old buffer/key API
464
465 Upstream-ID: fb13c9f7c0bba2545f3eb0a0e69cb0030819f52b
466
467commit a3cc48cdf9853f1e832d78cb29bedfab7adce1ee
468Author: markus@openbsd.org <markus@openbsd.org>
469Date: Wed Jul 8 19:09:25 2015 +0000
470
471 upstream commit
472
473 typedefs for Cipher&CipherContext are unused
474
475 Upstream-ID: 50e6a18ee92221d23ad173a96d5b6c42207cf9a7
476
477commit a635bd06b5c427a57c3ae760d3a2730bb2c863c0
478Author: markus@openbsd.org <markus@openbsd.org>
479Date: Wed Jul 8 19:04:21 2015 +0000
480
481 upstream commit
482
483 xmalloc.h is unused
484
485 Upstream-ID: afb532355b7fa7135a60d944ca1e644d1d63cb58
486
487commit 2521cf0e36c7f3f6b19f206da0af134f535e4a31
488Author: markus@openbsd.org <markus@openbsd.org>
489Date: Wed Jul 8 19:01:15 2015 +0000
490
491 upstream commit
492
493 compress.c is gone
494
495 Upstream-ID: 174fa7faa9b9643cba06164b5e498591356fbced
496
497commit c65a7aa6c43aa7a308ee1ab8a96f216169ae9615
498Author: djm@openbsd.org <djm@openbsd.org>
499Date: Fri Jul 3 04:05:54 2015 +0000
500
501 upstream commit
502
503 another SSH_RSA_MINIMUM_MODULUS_SIZE that needed
504 cranking
505
506 Upstream-ID: 9d8826cafe96aab4ae8e2f6fd22800874b7ffef1
507
508commit b1f383da5cd3cb921fc7776f17a14f44b8a31757
509Author: djm@openbsd.org <djm@openbsd.org>
510Date: Fri Jul 3 03:56:25 2015 +0000
511
512 upstream commit
513
514 add an XXX reminder for getting correct key paths from
515 sshd_config
516
517 Upstream-ID: feae52b209d7782ad742df04a4260e9fe41741db
518
519commit 933935ce8d093996c34d7efa4d59113163080680
520Author: djm@openbsd.org <djm@openbsd.org>
521Date: Fri Jul 3 03:49:45 2015 +0000
522
523 upstream commit
524
525 refuse to generate or accept RSA keys smaller than 1024
526 bits; feedback and ok dtucker@
527
528 Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
529
530commit bdfd29f60b74f3e678297269dc6247a5699583c1
531Author: djm@openbsd.org <djm@openbsd.org>
532Date: Fri Jul 3 03:47:00 2015 +0000
533
534 upstream commit
535
536 turn off 1024 bit diffie-hellman-group1-sha1 key
537 exchange method (already off in server, this turns it off in the client by
538 default too) ok dtucker@
539
540 Upstream-ID: f59b88f449210ab7acf7d9d88f20f1daee97a4fa
541
542commit c28fc62d789d860c75e23a9fa9fb250eb2beca57
543Author: djm@openbsd.org <djm@openbsd.org>
544Date: Fri Jul 3 03:43:18 2015 +0000
545
546 upstream commit
547
548 delete support for legacy v00 certificates; "sure"
549 markus@ dtucker@
550
551 Upstream-ID: b5b9bb5f9202d09e88f912989d74928601b6636f
552
553commit 564d63e1b4a9637a209d42a9d49646781fc9caef
554Author: djm@openbsd.org <djm@openbsd.org>
555Date: Wed Jul 1 23:10:47 2015 +0000
556
557 upstream commit
558
559 Compile-time disable SSH v.1 again
560
561 Upstream-ID: 1d4b513a3a06232f02650b73bad25100d1b800af
562
563commit 868109b650504dd9bcccdb1f51d0906f967c20ff
564Author: djm@openbsd.org <djm@openbsd.org>
565Date: Wed Jul 1 02:39:06 2015 +0000
566
567 upstream commit
568
569 twiddle PermitRootLogin back
570
571 Upstream-ID: 2bd23976305d0512e9f84d054e1fc23cd70b89f2
572
1commit 7de4b03a6e4071d454b72927ffaf52949fa34545 573commit 7de4b03a6e4071d454b72927ffaf52949fa34545
2Author: djm@openbsd.org <djm@openbsd.org> 574Author: djm@openbsd.org <djm@openbsd.org>
3Date: Wed Jul 1 02:32:17 2015 +0000 575Date: Wed Jul 1 02:32:17 2015 +0000
@@ -8572,364 +9144,3 @@ Date: Wed Aug 21 02:38:51 2013 +1000
8572 fix some whitespace at EOL 9144 fix some whitespace at EOL
8573 make list of commands an enum rather than a long list of defines 9145 make list of commands an enum rather than a long list of defines
8574 add -a to usage() 9146 add -a to usage()
8575
8576commit acd2060f750c16d48b87b92a10b5a833227baf9d
8577Author: Darren Tucker <dtucker@zip.com.au>
8578Date: Thu Aug 8 17:02:12 2013 +1000
8579
8580 - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt
8581 removal. The "make clean" removes modpipe which is built by the top-level
8582 directory before running the tests. Spotted by tim@
8583
8584commit 9542de4547beebf707f3640082d471f1a85534c9
8585Author: Darren Tucker <dtucker@zip.com.au>
8586Date: Thu Aug 8 12:50:06 2013 +1000
8587
8588 - (dtucker) [misc.c] Remove define added for fallback testing that was
8589 mistakenly included in the previous commit.
8590
8591commit 94396b7f06f512a0acb230640d7f703fb802a9ee
8592Author: Darren Tucker <dtucker@zip.com.au>
8593Date: Thu Aug 8 11:52:37 2013 +1000
8594
8595 - (dtucker) [misc.c] Fall back to time(2) at runtime if clock_gettime(
8596 CLOCK_MONOTONIC...) fails. Some older versions of RHEL have the
8597 CLOCK_MONOTONIC define but don't actually support it. Found and tested
8598 by Kevin Brott, ok djm.
8599
8600commit a5a3cbfa0fb8ef011d3e7b38910a13f6ebbb8818
8601Author: Darren Tucker <dtucker@zip.com.au>
8602Date: Thu Aug 8 10:58:49 2013 +1000
8603
8604 - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt
8605 since some platforms (eg really old FreeBSD) don't have it. Instead,
8606 run "make clean" before a complete regress run. ok djm.
8607
8608commit f3ab2c5f9cf4aed44971eded3ac9eeb1344b2be5
8609Author: Darren Tucker <dtucker@zip.com.au>
8610Date: Sun Aug 4 21:48:41 2013 +1000
8611
8612 - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support
8613 for building with older Heimdal versions. ok djm.
8614
8615commit ab3575c055adfbce70fa7405345cf0f80b07c827
8616Author: Damien Miller <djm@mindrot.org>
8617Date: Thu Aug 1 14:34:16 2013 +1000
8618
8619 - (djm) [sshlogin.h] Fix prototype merge botch from 2006; bz#2134
8620
8621commit c192a4c4f6da907dc0e67a3ca61d806f9a92c931
8622Author: Damien Miller <djm@mindrot.org>
8623Date: Thu Aug 1 14:29:20 2013 +1000
8624
8625 - (djm) [channels.c channels.h] bz#2135: On Solaris, isatty() on a non-
8626 blocking connecting socket will clear any stored errno that might
8627 otherwise have been retrievable via getsockopt(). A hack to limit writes
8628 to TTYs on AIX was triggering this. Since only AIX needs the hack, wrap
8629 it in an #ifdef. Diagnosis and patch from Ivo Raisr.
8630
8631commit 81f7cf1ec5bc2fd202eda05abc2e5361c54633c5
8632Author: Tim Rice <tim@multitalents.net>
8633Date: Thu Jul 25 18:41:40 2013 -0700
8634
8635 more correct comment for last commit
8636
8637commit 0553ad76ffdff35fb31b9e6df935a71a1cc6daa2
8638Author: Tim Rice <tim@multitalents.net>
8639Date: Thu Jul 25 16:03:16 2013 -0700
8640
8641 - (tim) [regress/forwarding.sh] Fix for building outside read only source tree.
8642
8643commit ed899eb597a8901ff7322cba809660515ec0d601
8644Author: Tim Rice <tim@multitalents.net>
8645Date: Thu Jul 25 15:40:00 2013 -0700
8646
8647 - (tim) [sftp-client.c] Use of a gcc extension trips up native compilers on
8648 Solaris and UnixWare. Feedback and OK djm@
8649
8650commit e9e936d33b4b1d77ffbaace9438cb2f1469c1dc7
8651Author: Damien Miller <djm@mindrot.org>
8652Date: Thu Jul 25 12:34:00 2013 +1000
8653
8654 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
8655 [contrib/suse/openssh.spec] Update version numbers
8656
8657commit d1e26cf391de31128b4edde118bff5fed98a90ea
8658Author: Damien Miller <djm@mindrot.org>
8659Date: Thu Jul 25 12:11:18 2013 +1000
8660
8661 - djm@cvs.openbsd.org 2013/06/21 02:26:26
8662 [regress/sftp-cmds.sh regress/test-exec.sh]
8663 unbreak sftp-cmds for renamed test data (s/ls/data/)
8664
8665commit 78d47b7c5b182e44552913de2b4b7e0363c8e3cc
8666Author: Damien Miller <djm@mindrot.org>
8667Date: Thu Jul 25 12:08:46 2013 +1000
8668
8669 - dtucker@cvs.openbsd.org 2013/06/10 21:56:43
8670 [regress/forwarding.sh]
8671 Add test for forward config parsing
8672
8673commit fea440639e04cea9f2605375a41d654390369402
8674Author: Damien Miller <djm@mindrot.org>
8675Date: Thu Jul 25 12:08:07 2013 +1000
8676
8677 - dtucker@cvs.openbsd.org 2013/05/30 20:12:32
8678 [regress/test-exec.sh]
8679 use ssh and sshd as testdata since it needs to be >256k for the rekey test
8680
8681commit 53435b2d8773a5d7c78359e9f7bf9df2d93b9ef5
8682Author: Damien Miller <djm@mindrot.org>
8683Date: Thu Jul 25 11:57:15 2013 +1000
8684
8685 - djm@cvs.openbsd.org 2013/07/25 00:57:37
8686 [version.h]
8687 openssh-6.3 for release
8688
8689commit 0d032419ee6e1968fc1cb187af63bf3b77b506ea
8690Author: Damien Miller <djm@mindrot.org>
8691Date: Thu Jul 25 11:56:52 2013 +1000
8692
8693 - djm@cvs.openbsd.org 2013/07/25 00:56:52
8694 [sftp-client.c sftp-client.h sftp.1 sftp.c]
8695 sftp support for resuming partial downloads; patch mostly by Loganaden
8696 Velvindron/AfriNIC with some tweaks by me; feedback and ok dtucker@
8697
8698commit 98e27dcf581647b5bbe9780e8f59685d942d8ea3
8699Author: Damien Miller <djm@mindrot.org>
8700Date: Thu Jul 25 11:55:52 2013 +1000
8701
8702 - djm@cvs.openbsd.org 2013/07/25 00:29:10
8703 [ssh.c]
8704 daemonise backgrounded (ControlPersist'ed) multiplexing master to ensure
8705 it is fully detached from its controlling terminal. based on debugging
8706
8707commit 94c9cd34d1590ea1d4bf76919a15b5688fa90ed1
8708Author: Damien Miller <djm@mindrot.org>
8709Date: Thu Jul 25 11:55:39 2013 +1000
8710
8711 - djm@cvs.openbsd.org 2013/07/22 12:20:02
8712 [umac.h]
8713 oops, forgot to commit corresponding header change;
8714 spotted by jsg and jasper
8715
8716commit c331dbd22297ab9bf351abee659893d139c9f28a
8717Author: Damien Miller <djm@mindrot.org>
8718Date: Thu Jul 25 11:55:20 2013 +1000
8719
8720 - djm@cvs.openbsd.org 2013/07/22 05:00:17
8721 [umac.c]
8722 make MAC key, data to be hashed and nonce for final hash const;
8723 checked with -Wcast-qual
8724
8725commit c8669a8cd24952b3f16a44eac63d2b6ce8a6343a
8726Author: Damien Miller <djm@mindrot.org>
8727Date: Thu Jul 25 11:52:48 2013 +1000
8728
8729 - djm@cvs.openbsd.org 2013/07/20 22:20:42
8730 [krl.c]
8731 fix verification error in (as-yet usused) KRL signature checking path
8732
8733commit 63ddc899d28cf60045b560891894b9fbf6f822e9
8734Author: Damien Miller <djm@mindrot.org>
8735Date: Sat Jul 20 13:35:45 2013 +1000
8736
8737 - djm@cvs.openbsd.org 2013/07/20 01:55:13
8738 [auth-krb5.c gss-serv-krb5.c gss-serv.c]
8739 fix kerberos/GSSAPI deprecation warnings and linking; "looks okay" millert@
8740
8741commit 1f0e86f23fcebb026371c0888402a981df2a61c4
8742Author: Damien Miller <djm@mindrot.org>
8743Date: Sat Jul 20 13:22:49 2013 +1000
8744
8745 - djm@cvs.openbsd.org 2013/07/20 01:50:20
8746 [ssh-agent.c]
8747 call cleanup_handler on SIGINT when in debug mode to ensure sockets
8748 are cleaned up on manual exit; bz#2120
8749
8750commit 3009d3cbb89316b1294fb5cedb54770b5d114d04
8751Author: Damien Miller <djm@mindrot.org>
8752Date: Sat Jul 20 13:22:31 2013 +1000
8753
8754 - djm@cvs.openbsd.org 2013/07/20 01:44:37
8755 [ssh-keygen.c ssh.c]
8756 More useful error message on missing current user in /etc/passwd
8757
8758commit 32ecfa0f7920db31471ca8c1f4adc20ae38ed9d6
8759Author: Damien Miller <djm@mindrot.org>
8760Date: Sat Jul 20 13:22:13 2013 +1000
8761
8762 - djm@cvs.openbsd.org 2013/07/20 01:43:46
8763 [umac.c]
8764 use a union to ensure correct alignment; ok deraadt
8765
8766commit 85b45e09188e7a7fc8f0a900a4c6a0f04a5720a7
8767Author: Damien Miller <djm@mindrot.org>
8768Date: Sat Jul 20 13:21:52 2013 +1000
8769
8770 - markus@cvs.openbsd.org 2013/07/19 07:37:48
8771 [auth.h kex.h kexdhs.c kexecdhs.c kexgexs.c monitor.c servconf.c]
8772 [servconf.h session.c sshd.c sshd_config.5]
8773 add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
8774 or hostkeys on smartcards; most of the work by Zev Weiss; bz #1974
8775 ok djm@
8776
8777commit d93340cbb6bc0fc0dbd4427e0cec6d994a494dd9
8778Author: Damien Miller <djm@mindrot.org>
8779Date: Thu Jul 18 16:14:34 2013 +1000
8780
8781 - djm@cvs.openbsd.org 2013/07/18 01:12:26
8782 [ssh.1]
8783 be more exact wrt perms for ~/.ssh/config; bz#2078
8784
8785commit bf836e535dc3a8050c1756423539bac127ee5098
8786Author: Damien Miller <djm@mindrot.org>
8787Date: Thu Jul 18 16:14:13 2013 +1000
8788
8789 - schwarze@cvs.openbsd.org 2013/07/16 00:07:52
8790 [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8]
8791 use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
8792
8793commit 649fe025a409d0ce88c60a068f3f211193c35873
8794Author: Damien Miller <djm@mindrot.org>
8795Date: Thu Jul 18 16:13:55 2013 +1000
8796
8797 - djm@cvs.openbsd.org 2013/07/12 05:48:55
8798 [ssh.c]
8799 set TCP nodelay for connections started with -N; bz#2124 ok dtucker@
8800
8801commit 5bb8833e809d827496dffca0dc2c223052c93931
8802Author: Damien Miller <djm@mindrot.org>
8803Date: Thu Jul 18 16:13:37 2013 +1000
8804
8805 - djm@cvs.openbsd.org 2013/07/12 05:42:03
8806 [ssh-keygen.c]
8807 do_print_resource_record() can never be called with a NULL filename, so
8808 don't attempt (and bungle) asking for one if it has not been specified
8809 bz#2127 ok dtucker@
8810
8811commit 7313fc9222785d0c54a7ffcaf2067f4db02c8d72
8812Author: Damien Miller <djm@mindrot.org>
8813Date: Thu Jul 18 16:13:19 2013 +1000
8814
8815 - djm@cvs.openbsd.org 2013/07/12 00:43:50
8816 [misc.c]
8817 in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
8818 errno == 0. Avoids confusing error message in some broken resolver
8819 cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
8820
8821commit 746d1a6c524d2e90ebe98cc29e42573a3e1c3c1b
8822Author: Damien Miller <djm@mindrot.org>
8823Date: Thu Jul 18 16:13:02 2013 +1000
8824
8825 - djm@cvs.openbsd.org 2013/07/12 00:20:00
8826 [sftp.c ssh-keygen.c ssh-pkcs11.c]
8827 fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
8828
8829commit ce98654674648fb7d58f73edf6aa398656a2dba4
8830Author: Damien Miller <djm@mindrot.org>
8831Date: Thu Jul 18 16:12:44 2013 +1000
8832
8833 - djm@cvs.openbsd.org 2013/07/12 00:19:59
8834 [auth-options.c auth-rsa.c bufaux.c buffer.h channels.c hostfile.c]
8835 [hostfile.h mux.c packet.c packet.h roaming_common.c serverloop.c]
8836 fix pointer-signedness warnings from clang/llvm-3.3; "seems nice" deraadt@
8837
8838commit 0d02c3e10e1ed16d6396748375a133d348127a2a
8839Author: Damien Miller <djm@mindrot.org>
8840Date: Thu Jul 18 16:12:06 2013 +1000
8841
8842 - markus@cvs.openbsd.org 2013/07/02 12:31:43
8843 [dh.c]
8844 remove extra whitespace
8845
8846commit fecfd118d6c90df4fcd3cec7b14e4d3ce69a41d5
8847Author: Damien Miller <djm@mindrot.org>
8848Date: Thu Jul 18 16:11:50 2013 +1000
8849
8850 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
8851 [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
8852 do not use Sx for sections outwith the man page - ingo informs me that
8853 stuff like html will render with broken links;
8854
8855 issue reported by Eric S. Raymond, via djm
8856
8857commit bc35d92e78fd53c3f32cbdbdf89d8b1919788c50
8858Author: Damien Miller <djm@mindrot.org>
8859Date: Thu Jul 18 16:11:25 2013 +1000
8860
8861 - djm@cvs.openbsd.org 2013/06/22 06:31:57
8862 [scp.c]
8863 improved time_t overflow check suggested by guenther@
8864
8865commit 8158441d01ab84f33a7e70e27f87c02cbf67e709
8866Author: Damien Miller <djm@mindrot.org>
8867Date: Thu Jul 18 16:11:07 2013 +1000
8868
8869 - djm@cvs.openbsd.org 2013/06/21 05:43:10
8870 [scp.c]
8871 make this -Wsign-compare clean after time_t conversion
8872
8873commit bbeb1dac550bad8e6aff9bd27113c6bd5ebb7413
8874Author: Damien Miller <djm@mindrot.org>
8875Date: Thu Jul 18 16:10:49 2013 +1000
8876
8877 - djm@cvs.openbsd.org 2013/06/21 05:42:32
8878 [dh.c]
8879 sprinkle in some error() to explain moduli(5) parse failures
8880
8881commit 7f2b438ca0b7c3b9684a03d7bf3eaf379da16de9
8882Author: Damien Miller <djm@mindrot.org>
8883Date: Thu Jul 18 16:10:29 2013 +1000
8884
8885 - djm@cvs.openbsd.org 2013/06/21 00:37:49
8886 [ssh_config.5]
8887 explicitly mention that IdentitiesOnly can be used with IdentityFile
8888 to control which keys are offered from an agent.
8889
8890commit 20bdcd72365e8b3d51261993928cc47c5f0d7c8a
8891Author: Damien Miller <djm@mindrot.org>
8892Date: Thu Jul 18 16:10:09 2013 +1000
8893
8894 - djm@cvs.openbsd.org 2013/06/21 00:34:49
8895 [auth-rsa.c auth.h auth2-hostbased.c auth2-pubkey.c monitor.c]
8896 for hostbased authentication, print the client host and user on
8897 the auth success/failure line; bz#2064, ok dtucker@
8898
8899commit 3071070b39e6d1722151c754cdc2b26640eaf45e
8900Author: Damien Miller <djm@mindrot.org>
8901Date: Thu Jul 18 16:09:44 2013 +1000
8902
8903 - markus@cvs.openbsd.org 2013/06/20 19:15:06
8904 [krl.c]
8905 don't leak the rdata blob on errors; ok djm@
8906
8907commit 044bd2a7ddb0b6f6b716c87e57261572e2b89028
8908Author: Damien Miller <djm@mindrot.org>
8909Date: Thu Jul 18 16:09:25 2013 +1000
8910
8911 - guenther@cvs.openbsd.org 2013/06/17 04:48:42
8912 [scp.c]
8913 Handle time_t values as long long's when formatting them and when
8914 parsing them from remote servers.
8915 Improve error checking in parsing of 'T' lines.
8916
8917 ok dtucker@ deraadt@
8918
8919commit 9a6615542108118582f64b7161ca0e12176e3712
8920Author: Damien Miller <djm@mindrot.org>
8921Date: Thu Jul 18 16:09:04 2013 +1000
8922
8923 - dtucker@cvs.openbsd.org 2013/06/10 19:19:44
8924 [readconf.c]
8925 revert 1.203 while we investigate crashes reported by okan@
8926
8927commit b7482cff46e7e76bfb3cda86c365a08f58d4fca0
8928Author: Darren Tucker <dtucker@zip.com.au>
8929Date: Tue Jul 2 20:06:46 2013 +1000
8930
8931 - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config
8932 contrib/cygwin/ssh-user-config] Modernizes and improve readability of
8933 the Cygwin README file (which hasn't been updated for ages), drop
8934 unsupported OSes from the ssh-host-config help text, and drop an
8935 unneeded option from ssh-user-config. Patch from vinschen at redhat com.