diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 3214 |
1 files changed, 1171 insertions, 2043 deletions
@@ -1,3 +1,1174 @@ | |||
1 | commit d38f05dbdd291212bc95ea80648b72b7177e9f4e | ||
2 | Author: Darren Tucker <dtucker@zip.com.au> | ||
3 | Date: Mon Mar 20 13:38:27 2017 +1100 | ||
4 | |||
5 | Add llabs() implementation. | ||
6 | |||
7 | commit 72536316a219b7394996a74691a5d4ec197480f7 | ||
8 | Author: Damien Miller <djm@mindrot.org> | ||
9 | Date: Mon Mar 20 12:23:04 2017 +1100 | ||
10 | |||
11 | crank version numbers | ||
12 | |||
13 | commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f | ||
14 | Author: djm@openbsd.org <djm@openbsd.org> | ||
15 | Date: Mon Mar 20 01:18:59 2017 +0000 | ||
16 | |||
17 | upstream commit | ||
18 | |||
19 | openssh-7.5 | ||
20 | |||
21 | Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5 | ||
22 | |||
23 | commit db84e52fe9cfad57f22e7e23c5fbf00092385129 | ||
24 | Author: Damien Miller <djm@mindrot.org> | ||
25 | Date: Mon Mar 20 12:07:20 2017 +1100 | ||
26 | |||
27 | I'm a doofus. | ||
28 | |||
29 | Unbreak obvious syntax error. | ||
30 | |||
31 | commit 89f04852db27643717c9c3a2b0dde97ae50099ee | ||
32 | Author: Damien Miller <djm@mindrot.org> | ||
33 | Date: Mon Mar 20 11:53:34 2017 +1100 | ||
34 | |||
35 | on Cygwin, check paths from server for backslashes | ||
36 | |||
37 | Pointed out by Jann Horn of Google Project Zero | ||
38 | |||
39 | commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9 | ||
40 | Author: Damien Miller <djm@mindrot.org> | ||
41 | Date: Mon Mar 20 11:48:34 2017 +1100 | ||
42 | |||
43 | Yet another synonym for ASCII: "646" | ||
44 | |||
45 | Used by NetBSD; this unbreaks mprintf() and friends there for the C | ||
46 | locale (caught by dtucker@ and his menagerie of test systems). | ||
47 | |||
48 | commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b | ||
49 | Author: Damien Miller <djm@mindrot.org> | ||
50 | Date: Mon Mar 20 09:58:34 2017 +1100 | ||
51 | |||
52 | create test mux socket in /tmp | ||
53 | |||
54 | Creating the socket in $OBJ could blow past the (quite limited) | ||
55 | path limit for Unix domain sockets. As a bandaid for bz#2660, | ||
56 | reported by Colin Watson; ok dtucker@ | ||
57 | |||
58 | commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163 | ||
59 | Author: markus@openbsd.org <markus@openbsd.org> | ||
60 | Date: Wed Mar 15 07:07:39 2017 +0000 | ||
61 | |||
62 | upstream commit | ||
63 | |||
64 | disallow KEXINIT before NEWKEYS; ok djm; report by | ||
65 | vegard.nossum at oracle.com | ||
66 | |||
67 | Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234 | ||
68 | |||
69 | commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c | ||
70 | Author: Darren Tucker <dtucker@zip.com.au> | ||
71 | Date: Thu Mar 16 14:05:46 2017 +1100 | ||
72 | |||
73 | Include includes.h for compat bits. | ||
74 | |||
75 | commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad | ||
76 | Author: Darren Tucker <dtucker@zip.com.au> | ||
77 | Date: Thu Mar 16 13:45:17 2017 +1100 | ||
78 | |||
79 | Wrap stdint.h in #ifdef HAVE_STDINT_H | ||
80 | |||
81 | commit 55a1117d7342a0bf8b793250cf314bab6b482b99 | ||
82 | Author: Damien Miller <djm@mindrot.org> | ||
83 | Date: Thu Mar 16 11:22:42 2017 +1100 | ||
84 | |||
85 | Adapt Cygwin config script to privsep knob removal | ||
86 | |||
87 | Patch from Corinna Vinschen. | ||
88 | |||
89 | commit 1a321bfdb91defe3c4d9cca5651724ae167e5436 | ||
90 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
91 | Date: Wed Mar 15 03:52:30 2017 +0000 | ||
92 | |||
93 | upstream commit | ||
94 | |||
95 | accidents happen to the best of us; ok djm | ||
96 | |||
97 | Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604 | ||
98 | |||
99 | commit 25f837646be8c2017c914d34be71ca435dfc0e07 | ||
100 | Author: djm@openbsd.org <djm@openbsd.org> | ||
101 | Date: Wed Mar 15 02:25:09 2017 +0000 | ||
102 | |||
103 | upstream commit | ||
104 | |||
105 | fix regression in 7.4: deletion of PKCS#11-hosted keys | ||
106 | would fail unless they were specified by full physical pathname. Report and | ||
107 | fix from Jakub Jelen via bz#2682; ok dtucker@ | ||
108 | |||
109 | Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268 | ||
110 | |||
111 | commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f | ||
112 | Author: djm@openbsd.org <djm@openbsd.org> | ||
113 | Date: Wed Mar 15 02:19:09 2017 +0000 | ||
114 | |||
115 | upstream commit | ||
116 | |||
117 | Fix segfault when sshd attempts to load RSA1 keys (can | ||
118 | only happen when protocol v.1 support is enabled for the client). Reported by | ||
119 | Jakub Jelen in bz#2686; ok dtucker | ||
120 | |||
121 | Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7 | ||
122 | |||
123 | commit 66705948c0639a7061a0d0753266da7685badfec | ||
124 | Author: djm@openbsd.org <djm@openbsd.org> | ||
125 | Date: Tue Mar 14 07:19:07 2017 +0000 | ||
126 | |||
127 | upstream commit | ||
128 | |||
129 | Mark the sshd_config UsePrivilegeSeparation option as | ||
130 | deprecated, effectively making privsep mandatory in sandboxing mode. ok | ||
131 | markus@ deraadt@ | ||
132 | |||
133 | (note: this doesn't remove the !privsep code paths, though that will | ||
134 | happen eventually). | ||
135 | |||
136 | Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a | ||
137 | |||
138 | commit f86586b03fe6cd8f595289bde200a94bc2c191af | ||
139 | Author: Damien Miller <djm@mindrot.org> | ||
140 | Date: Tue Mar 14 18:26:29 2017 +1100 | ||
141 | |||
142 | Make seccomp-bpf sandbox work on Linux/X32 | ||
143 | |||
144 | Allow clock_gettime syscall with X32 bit masked off. Apparently | ||
145 | this is required for at least some kernel versions. bz#2142 | ||
146 | Patch mostly by Colin Watson. ok dtucker@ | ||
147 | |||
148 | commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6 | ||
149 | Author: Damien Miller <djm@mindrot.org> | ||
150 | Date: Tue Mar 14 18:01:52 2017 +1100 | ||
151 | |||
152 | require OpenSSL >=1.0.1 | ||
153 | |||
154 | commit e3ea335abeab731c68f2b2141bee85a4b0bf680f | ||
155 | Author: Damien Miller <djm@mindrot.org> | ||
156 | Date: Tue Mar 14 17:48:43 2017 +1100 | ||
157 | |||
158 | Remove macro trickery; no binary change | ||
159 | |||
160 | This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros | ||
161 | prepending __NR_ to the syscall number parameter and just makes | ||
162 | them explicit in the macro invocations. | ||
163 | |||
164 | No binary change in stripped object file before/after. | ||
165 | |||
166 | commit 5f1596e11d55539678c41f68aed358628d33d86f | ||
167 | Author: Damien Miller <djm@mindrot.org> | ||
168 | Date: Tue Mar 14 13:15:18 2017 +1100 | ||
169 | |||
170 | support ioctls for ICA crypto card on Linux/s390 | ||
171 | |||
172 | Based on patch from Eduardo Barretto; ok dtucker@ | ||
173 | |||
174 | commit b1b22dd0df2668b322dda174e501dccba2cf5c44 | ||
175 | Author: Darren Tucker <dtucker@zip.com.au> | ||
176 | Date: Tue Mar 14 14:19:36 2017 +1100 | ||
177 | |||
178 | Plumb conversion test into makefile. | ||
179 | |||
180 | commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9 | ||
181 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
182 | Date: Tue Mar 14 01:20:29 2017 +0000 | ||
183 | |||
184 | upstream commit | ||
185 | |||
186 | Add unit test for convtime(). | ||
187 | |||
188 | Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1 | ||
189 | |||
190 | commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c | ||
191 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
192 | Date: Tue Mar 14 01:10:07 2017 +0000 | ||
193 | |||
194 | upstream commit | ||
195 | |||
196 | Add ASSERT_LONG_* helpers. | ||
197 | |||
198 | Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431 | ||
199 | |||
200 | commit c6774d21185220c0ba11e8fd204bf0ad1a432071 | ||
201 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
202 | Date: Tue Mar 14 00:55:37 2017 +0000 | ||
203 | |||
204 | upstream commit | ||
205 | |||
206 | Fix convtime() overflow test on boundary condition, | ||
207 | spotted by & ok djm. | ||
208 | |||
209 | Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708 | ||
210 | |||
211 | commit f5746b40cfe6d767c8e128fe50c43274b31cd594 | ||
212 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
213 | Date: Tue Mar 14 00:25:03 2017 +0000 | ||
214 | |||
215 | upstream commit | ||
216 | |||
217 | Check for integer overflow when parsing times in | ||
218 | convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ | ||
219 | |||
220 | Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13 | ||
221 | |||
222 | commit f5907982f42a8d88a430b8a46752cbb7859ba979 | ||
223 | Author: Darren Tucker <dtucker@zip.com.au> | ||
224 | Date: Tue Mar 14 13:38:15 2017 +1100 | ||
225 | |||
226 | Add a "unit" target to run only unit tests. | ||
227 | |||
228 | commit 9e96b41682aed793fadbea5ccd472f862179fb02 | ||
229 | Author: Damien Miller <djm@mindrot.org> | ||
230 | Date: Tue Mar 14 12:24:47 2017 +1100 | ||
231 | |||
232 | Fix weakness in seccomp-bpf sandbox arg inspection | ||
233 | |||
234 | Syscall arguments are passed via an array of 64-bit values in struct | ||
235 | seccomp_data, but we were only inspecting the bottom 32 bits and not | ||
236 | even those correctly for BE systems. | ||
237 | |||
238 | Fortunately, the only case argument inspection was used was in the | ||
239 | socketcall filtering so using this for sandbox escape seems | ||
240 | impossible. | ||
241 | |||
242 | ok dtucker | ||
243 | |||
244 | commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275 | ||
245 | Author: djm@openbsd.org <djm@openbsd.org> | ||
246 | Date: Sat Mar 11 23:44:16 2017 +0000 | ||
247 | |||
248 | upstream commit | ||
249 | |||
250 | regress tests for loading certificates without public keys; | ||
251 | bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@ | ||
252 | |||
253 | Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0 | ||
254 | |||
255 | commit 1e24552716194db8f2f620587b876158a9ef56ad | ||
256 | Author: djm@openbsd.org <djm@openbsd.org> | ||
257 | Date: Sat Mar 11 23:40:26 2017 +0000 | ||
258 | |||
259 | upstream commit | ||
260 | |||
261 | allow ssh to use certificates accompanied by a private | ||
262 | key file but no corresponding plain *.pub public key. bz#2617 based on patch | ||
263 | from Adam Eijdenberg; ok dtucker@ markus@ | ||
264 | |||
265 | Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9 | ||
266 | |||
267 | commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e | ||
268 | Author: markus@openbsd.org <markus@openbsd.org> | ||
269 | Date: Sat Mar 11 13:07:35 2017 +0000 | ||
270 | |||
271 | upstream commit | ||
272 | |||
273 | Don't count the initial block twice when computing how | ||
274 | many bytes to discard for the work around for the attacks against CBC-mode. | ||
275 | ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL | ||
276 | |||
277 | Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2 | ||
278 | |||
279 | commit ef653dd5bd5777132d9f9ee356225f9ee3379504 | ||
280 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
281 | Date: Fri Mar 10 07:18:32 2017 +0000 | ||
282 | |||
283 | upstream commit | ||
284 | |||
285 | krl.c | ||
286 | |||
287 | Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1 | ||
288 | |||
289 | commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0 | ||
290 | Author: Damien Miller <djm@mindrot.org> | ||
291 | Date: Sun Mar 12 10:48:14 2017 +1100 | ||
292 | |||
293 | sync fmt_scaled.c with OpenBSD | ||
294 | |||
295 | revision 1.13 | ||
296 | date: 2017/03/11 23:37:23; author: djm; state: Exp; lines: +14 -1; commitid: jnFKyHkB3CEiEZ2R; | ||
297 | fix signed integer overflow in scan_scaled. Found by Nicolas Iooss | ||
298 | using AFL against ssh_config. ok deraadt@ millert@ | ||
299 | ---------------------------- | ||
300 | revision 1.12 | ||
301 | date: 2013/11/29 19:00:51; author: deraadt; state: Exp; lines: +6 -5; | ||
302 | fairly simple unsigned char casts for ctype | ||
303 | ok krw | ||
304 | ---------------------------- | ||
305 | revision 1.11 | ||
306 | date: 2012/11/12 14:07:20; author: halex; state: Exp; lines: +4 -2; | ||
307 | make scan_scaled set errno to EINVAL rather than ERANGE if it encounters | ||
308 | an invalid multiplier, like the man page says it should | ||
309 | |||
310 | "looks sensible" deraadt@, ok ian@ | ||
311 | ---------------------------- | ||
312 | revision 1.10 | ||
313 | date: 2009/06/20 15:00:04; author: martynas; state: Exp; lines: +4 -4; | ||
314 | use llabs instead of the home-grown version; and some comment changes | ||
315 | ok ian@, millert@ | ||
316 | ---------------------------- | ||
317 | |||
318 | commit 894221a63fa061e52e414ca58d47edc5fe645968 | ||
319 | Author: djm@openbsd.org <djm@openbsd.org> | ||
320 | Date: Fri Mar 10 05:01:13 2017 +0000 | ||
321 | |||
322 | upstream commit | ||
323 | |||
324 | When updating hostkeys, accept RSA keys if | ||
325 | HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA | ||
326 | keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms | ||
327 | nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok | ||
328 | dtucker@ | ||
329 | |||
330 | Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2 | ||
331 | |||
332 | commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c | ||
333 | Author: djm@openbsd.org <djm@openbsd.org> | ||
334 | Date: Fri Mar 10 04:24:55 2017 +0000 | ||
335 | |||
336 | upstream commit | ||
337 | |||
338 | make hostname matching really insensitive to case; | ||
339 | bz#2685, reported by Petr Cerny; ok dtucker@ | ||
340 | |||
341 | Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253 | ||
342 | |||
343 | commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f | ||
344 | Author: djm@openbsd.org <djm@openbsd.org> | ||
345 | Date: Fri Mar 10 03:52:48 2017 +0000 | ||
346 | |||
347 | upstream commit | ||
348 | |||
349 | reword a comment to make it fit 80 columns | ||
350 | |||
351 | Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4 | ||
352 | |||
353 | commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc | ||
354 | Author: djm@openbsd.org <djm@openbsd.org> | ||
355 | Date: Fri Mar 10 04:27:32 2017 +0000 | ||
356 | |||
357 | upstream commit | ||
358 | |||
359 | better match sshd config parser behaviour: fatal() if | ||
360 | line is overlong, increase line buffer to match sshd's; bz#2651 reported by | ||
361 | Don Fong; ok dtucker@ | ||
362 | |||
363 | Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18 | ||
364 | |||
365 | commit db2597207e69912f2592cd86a1de8e948a9d7ffb | ||
366 | Author: djm@openbsd.org <djm@openbsd.org> | ||
367 | Date: Fri Mar 10 04:26:06 2017 +0000 | ||
368 | |||
369 | upstream commit | ||
370 | |||
371 | ensure hostname is lower-case before hashing it; | ||
372 | bz#2591 reported by Griff Miller II; ok dtucker@ | ||
373 | |||
374 | Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17 | ||
375 | |||
376 | commit df9936936c695f85c1038bd706d62edf752aca4b | ||
377 | Author: djm@openbsd.org <djm@openbsd.org> | ||
378 | Date: Fri Mar 10 04:24:55 2017 +0000 | ||
379 | |||
380 | upstream commit | ||
381 | |||
382 | make hostname matching really insensitive to case; | ||
383 | bz#2685, reported by Petr Cerny; ok dtucker@ | ||
384 | |||
385 | Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549 | ||
386 | |||
387 | commit 67eed24bfa7645d88fa0b883745fccb22a0e527e | ||
388 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
389 | Date: Fri Mar 10 04:11:00 2017 +0000 | ||
390 | |||
391 | upstream commit | ||
392 | |||
393 | Remove old null check from config dumper. Patch from | ||
394 | jjelen at redhat.com vi bz#2687, ok djm@ | ||
395 | |||
396 | Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528 | ||
397 | |||
398 | commit 183ba55aaaecca0206184b854ad6155df237adbe | ||
399 | Author: djm@openbsd.org <djm@openbsd.org> | ||
400 | Date: Fri Mar 10 04:07:20 2017 +0000 | ||
401 | |||
402 | upstream commit | ||
403 | |||
404 | fix regression in 7.4 server-sig-algs, where we were | ||
405 | accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno | ||
406 | Goncalves; ok dtucker@ | ||
407 | |||
408 | Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8 | ||
409 | |||
410 | commit 66be4fe8c4435af5bbc82998501a142a831f1181 | ||
411 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
412 | Date: Fri Mar 10 03:53:11 2017 +0000 | ||
413 | |||
414 | upstream commit | ||
415 | |||
416 | Check for NULL return value from key_new. Patch from | ||
417 | jjelen at redhat.com via bz#2687, ok djm@ | ||
418 | |||
419 | Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e | ||
420 | |||
421 | commit ec2892b5c7fea199914cb3a6afb3af38f84990bf | ||
422 | Author: djm@openbsd.org <djm@openbsd.org> | ||
423 | Date: Fri Mar 10 03:52:48 2017 +0000 | ||
424 | |||
425 | upstream commit | ||
426 | |||
427 | reword a comment to make it fit 80 columns | ||
428 | |||
429 | Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349 | ||
430 | |||
431 | commit 7fadbb6da3f4122de689165651eb39985e1cba85 | ||
432 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
433 | Date: Fri Mar 10 03:48:57 2017 +0000 | ||
434 | |||
435 | upstream commit | ||
436 | |||
437 | Check for NULL argument to sshkey_read. Patch from | ||
438 | jjelen at redhat.com via bz#2687, ok djm@ | ||
439 | |||
440 | Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e | ||
441 | |||
442 | commit 5a06b9e019e2b0b0f65a223422935b66f3749de3 | ||
443 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
444 | Date: Fri Mar 10 03:45:40 2017 +0000 | ||
445 | |||
446 | upstream commit | ||
447 | |||
448 | Plug some mem leaks mostly on error paths. From jjelen | ||
449 | at redhat.com via bz#2687, ok djm@ | ||
450 | |||
451 | Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2 | ||
452 | |||
453 | commit f6edbe9febff8121f26835996b1229b5064d31b7 | ||
454 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
455 | Date: Fri Mar 10 03:24:48 2017 +0000 | ||
456 | |||
457 | upstream commit | ||
458 | |||
459 | Plug mem leak on GLOB_NOMATCH case. From jjelen at | ||
460 | redhat.com via bz#2687, ok djm@ | ||
461 | |||
462 | Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d | ||
463 | |||
464 | commit 566b3a46e89a2fda2db46f04f2639e92da64a120 | ||
465 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
466 | Date: Fri Mar 10 03:22:40 2017 +0000 | ||
467 | |||
468 | upstream commit | ||
469 | |||
470 | Plug descriptor leaks of auth_sock. From jjelen at | ||
471 | redhat.com via bz#2687, ok djm@ | ||
472 | |||
473 | Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88 | ||
474 | |||
475 | commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2 | ||
476 | Author: djm@openbsd.org <djm@openbsd.org> | ||
477 | Date: Fri Mar 10 03:18:24 2017 +0000 | ||
478 | |||
479 | upstream commit | ||
480 | |||
481 | correctly hash hosts with a port number. Reported by Josh | ||
482 | Powers in bz#2692; ok dtucker@ | ||
483 | |||
484 | Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 | ||
485 | |||
486 | commit 9747b9c742de409633d4753bf1a752cbd211e2d3 | ||
487 | Author: djm@openbsd.org <djm@openbsd.org> | ||
488 | Date: Fri Mar 10 03:15:58 2017 +0000 | ||
489 | |||
490 | upstream commit | ||
491 | |||
492 | don't truncate off \r\n from long stderr lines; bz#2688, | ||
493 | reported by Brian Dyson; ok dtucker@ | ||
494 | |||
495 | Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4 | ||
496 | |||
497 | commit 4a4b75adac862029a1064577eb5af299b1580cdd | ||
498 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
499 | Date: Fri Mar 10 02:59:51 2017 +0000 | ||
500 | |||
501 | upstream commit | ||
502 | |||
503 | Validate digest arg in ssh_digest_final; from jjelen at | ||
504 | redhat.com via bz#2687, ok djm@ | ||
505 | |||
506 | Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878 | ||
507 | |||
508 | commit bee0167be2340d8de4bdc1ab1064ec957c85a447 | ||
509 | Author: Darren Tucker <dtucker@zip.com.au> | ||
510 | Date: Fri Mar 10 13:40:18 2017 +1100 | ||
511 | |||
512 | Check for NULL from malloc. | ||
513 | |||
514 | Part of bz#2687, from jjelen at redhat.com. | ||
515 | |||
516 | commit da39b09d43b137a5a3d071b51589e3efb3701238 | ||
517 | Author: Darren Tucker <dtucker@zip.com.au> | ||
518 | Date: Fri Mar 10 13:22:32 2017 +1100 | ||
519 | |||
520 | If OSX is using launchd, remove screen no. | ||
521 | |||
522 | Check for socket with and without screen number. From Apple and Jakob | ||
523 | Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@ | ||
524 | |||
525 | commit 8fb15311a011517eb2394bb95a467c209b8b336c | ||
526 | Author: djm@openbsd.org <djm@openbsd.org> | ||
527 | Date: Wed Mar 8 12:07:47 2017 +0000 | ||
528 | |||
529 | upstream commit | ||
530 | |||
531 | quote [host]:port in generated ProxyJump commandline; the | ||
532 | [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri | ||
533 | Tirkkonen via bugs@ | ||
534 | |||
535 | Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182 | ||
536 | |||
537 | commit 18501151cf272a15b5f2c5e777f2e0933633c513 | ||
538 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
539 | Date: Mon Mar 6 02:03:20 2017 +0000 | ||
540 | |||
541 | upstream commit | ||
542 | |||
543 | Check l->hosts before dereferencing; fixes potential null | ||
544 | pointer deref. ok djm@ | ||
545 | |||
546 | Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301 | ||
547 | |||
548 | commit d072370793f1a20f01ad827ba8fcd3b8f2c46165 | ||
549 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
550 | Date: Mon Mar 6 00:44:51 2017 +0000 | ||
551 | |||
552 | upstream commit | ||
553 | |||
554 | linenum is unsigned long so use %lu in log formats. ok | ||
555 | deraadt@ | ||
556 | |||
557 | Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08 | ||
558 | |||
559 | commit 12d3767ba4c84c32150cbe6ff6494498780f12c9 | ||
560 | Author: djm@openbsd.org <djm@openbsd.org> | ||
561 | Date: Fri Mar 3 06:13:11 2017 +0000 | ||
562 | |||
563 | upstream commit | ||
564 | |||
565 | fix ssh-keygen -H accidentally corrupting known_hosts that | ||
566 | contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by | ||
567 | hostkeys_foreach() when hostname matching is in use, so we need to look for | ||
568 | the hash marker explicitly. | ||
569 | |||
570 | Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528 | ||
571 | |||
572 | commit d7abb771bd5a941b26144ba400a34563a1afa589 | ||
573 | Author: djm@openbsd.org <djm@openbsd.org> | ||
574 | Date: Tue Feb 28 06:10:08 2017 +0000 | ||
575 | |||
576 | upstream commit | ||
577 | |||
578 | small memleak: free fd_set on connection timeout (though | ||
579 | we are heading to exit anyway). From Tom Rix in bz#2683 | ||
580 | |||
581 | Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4 | ||
582 | |||
583 | commit 78142e3ab3887e53a968d6e199bcb18daaf2436e | ||
584 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
585 | Date: Mon Feb 27 14:30:33 2017 +0000 | ||
586 | |||
587 | upstream commit | ||
588 | |||
589 | errant dot; from klemens nanni | ||
590 | |||
591 | Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921 | ||
592 | |||
593 | commit 8071a6924c12bb51406a9a64a4b2892675112c87 | ||
594 | Author: djm@openbsd.org <djm@openbsd.org> | ||
595 | Date: Fri Feb 24 03:16:34 2017 +0000 | ||
596 | |||
597 | upstream commit | ||
598 | |||
599 | might as well set the listener socket CLOEXEC | ||
600 | |||
601 | Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57 | ||
602 | |||
603 | commit d5499190559ebe374bcdfa8805408646ceffad64 | ||
604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
605 | Date: Sun Feb 19 00:11:29 2017 +0000 | ||
606 | |||
607 | upstream commit | ||
608 | |||
609 | add test cases for C locale; ok schwarze@ | ||
610 | |||
611 | Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87 | ||
612 | |||
613 | commit 011c8ffbb0275281a0cf330054cf21be10c43e37 | ||
614 | Author: djm@openbsd.org <djm@openbsd.org> | ||
615 | Date: Sun Feb 19 00:10:57 2017 +0000 | ||
616 | |||
617 | upstream commit | ||
618 | |||
619 | Add a common nl_langinfo(CODESET) alias for US-ASCII | ||
620 | "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for | ||
621 | non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@ | ||
622 | |||
623 | Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719 | ||
624 | |||
625 | commit 0c4430a19b73058a569573492f55e4c9eeaae67b | ||
626 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
627 | Date: Tue Feb 7 23:03:11 2017 +0000 | ||
628 | |||
629 | upstream commit | ||
630 | |||
631 | Remove deprecated SSH1 options RSAAuthentication and | ||
632 | RhostsRSAAuthentication from regression test sshd_config. | ||
633 | |||
634 | Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491 | ||
635 | |||
636 | commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199 | ||
637 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
638 | Date: Fri Feb 17 02:32:05 2017 +0000 | ||
639 | |||
640 | upstream commit | ||
641 | |||
642 | Do not show rsa1 key type in usage when compiled without | ||
643 | SSH1 support. | ||
644 | |||
645 | Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57 | ||
646 | |||
647 | commit ecc35893715f969e98fee118481f404772de4132 | ||
648 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
649 | Date: Fri Feb 17 02:31:14 2017 +0000 | ||
650 | |||
651 | upstream commit | ||
652 | |||
653 | ifdef out "rsa1" from the list of supported keytypes when | ||
654 | compiled without SSH1 support. Found by kdunlop at guralp.com, ok djm@ | ||
655 | |||
656 | Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f | ||
657 | |||
658 | commit 10577c6d96a55b877a960b2d0b75edef1b9945af | ||
659 | Author: djm@openbsd.org <djm@openbsd.org> | ||
660 | Date: Fri Feb 17 02:04:15 2017 +0000 | ||
661 | |||
662 | upstream commit | ||
663 | |||
664 | For ProxyJump/-J, surround host name with brackets to | ||
665 | allow literal IPv6 addresses. From Dick Visser; ok dtucker@ | ||
666 | |||
667 | Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1 | ||
668 | |||
669 | commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4 | ||
670 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
671 | Date: Wed Feb 15 23:38:31 2017 +0000 | ||
672 | |||
673 | upstream commit | ||
674 | |||
675 | Fix memory leaks in match_filter_list() error paths. | ||
676 | |||
677 | ok dtucker@ markus@ | ||
678 | |||
679 | Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e | ||
680 | |||
681 | commit 6d5a41b38b55258213ecfaae9df7a758caa752a1 | ||
682 | Author: djm@openbsd.org <djm@openbsd.org> | ||
683 | Date: Wed Feb 15 01:46:47 2017 +0000 | ||
684 | |||
685 | upstream commit | ||
686 | |||
687 | fix division by zero crash in "df" output when server | ||
688 | returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok | ||
689 | dtucker@ | ||
690 | |||
691 | Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f | ||
692 | |||
693 | commit bd5d7d239525d595ecea92765334af33a45d9d63 | ||
694 | Author: Darren Tucker <dtucker@zip.com.au> | ||
695 | Date: Sun Feb 12 15:45:15 2017 +1100 | ||
696 | |||
697 | ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR | ||
698 | |||
699 | EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out | ||
700 | for the benefit of OpenSSL versions prior to that. | ||
701 | |||
702 | commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe | ||
703 | Author: djm@openbsd.org <djm@openbsd.org> | ||
704 | Date: Fri Feb 10 04:34:50 2017 +0000 | ||
705 | |||
706 | upstream commit | ||
707 | |||
708 | bring back r1.34 that was backed out for problems loading | ||
709 | public keys: | ||
710 | |||
711 | translate OpenSSL error codes to something more | ||
712 | meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@ | ||
713 | |||
714 | with additional fix from Jakub Jelen to solve the backout. | ||
715 | bz#2525 bz#2523 re-ok dtucker@ | ||
716 | |||
717 | Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031 | ||
718 | |||
719 | commit a287c5ad1e0bf9811c7b9221979b969255076019 | ||
720 | Author: djm@openbsd.org <djm@openbsd.org> | ||
721 | Date: Fri Feb 10 03:36:40 2017 +0000 | ||
722 | |||
723 | upstream commit | ||
724 | |||
725 | Sanitise escape sequences in key comments sent to printf | ||
726 | but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@ | ||
727 | |||
728 | Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e | ||
729 | |||
730 | commit e40269be388972848aafcca7060111c70aab5b87 | ||
731 | Author: millert@openbsd.org <millert@openbsd.org> | ||
732 | Date: Wed Feb 8 20:32:43 2017 +0000 | ||
733 | |||
734 | upstream commit | ||
735 | |||
736 | Avoid printf %s NULL. From semarie@, OK djm@ | ||
737 | |||
738 | Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c | ||
739 | |||
740 | commit 5b90709ab8704dafdb31e5651073b259d98352bc | ||
741 | Author: djm@openbsd.org <djm@openbsd.org> | ||
742 | Date: Mon Feb 6 09:22:51 2017 +0000 | ||
743 | |||
744 | upstream commit | ||
745 | |||
746 | Restore \r\n newline sequence for server ident string. The CR | ||
747 | got lost in the flensing of SSHv1. Pointed out by Stef Bon | ||
748 | |||
749 | Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac | ||
750 | |||
751 | commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc | ||
752 | Author: djm@openbsd.org <djm@openbsd.org> | ||
753 | Date: Fri Feb 3 23:01:42 2017 +0000 | ||
754 | |||
755 | upstream commit | ||
756 | |||
757 | unit test for match_filter_list() function; still want a | ||
758 | better name for this... | ||
759 | |||
760 | Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a | ||
761 | |||
762 | commit f1a193464a7b77646f0d0cedc929068e4a413ab4 | ||
763 | Author: djm@openbsd.org <djm@openbsd.org> | ||
764 | Date: Fri Feb 3 23:05:57 2017 +0000 | ||
765 | |||
766 | upstream commit | ||
767 | |||
768 | use ssh_packet_set_log_preamble() to include connection | ||
769 | username in packet log messages, e.g. | ||
770 | |||
771 | Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth] | ||
772 | |||
773 | ok markus@ bz#113 | ||
774 | |||
775 | Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15 | ||
776 | |||
777 | commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441 | ||
778 | Author: djm@openbsd.org <djm@openbsd.org> | ||
779 | Date: Fri Feb 3 23:03:33 2017 +0000 | ||
780 | |||
781 | upstream commit | ||
782 | |||
783 | add ssh_packet_set_log_preamble() to allow inclusion of a | ||
784 | preamble string in disconnect messages; ok markus@ | ||
785 | |||
786 | Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead | ||
787 | |||
788 | commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59 | ||
789 | Author: djm@openbsd.org <djm@openbsd.org> | ||
790 | Date: Fri Feb 3 23:01:19 2017 +0000 | ||
791 | |||
792 | upstream commit | ||
793 | |||
794 | support =- for removing methods from algorithms lists, | ||
795 | e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like | ||
796 | it" markus@ | ||
797 | |||
798 | Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d | ||
799 | |||
800 | commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e | ||
801 | Author: djm@openbsd.org <djm@openbsd.org> | ||
802 | Date: Fri Feb 3 05:05:56 2017 +0000 | ||
803 | |||
804 | upstream commit | ||
805 | |||
806 | allow form-feed characters at EOL; bz#2431 ok dtucker@ | ||
807 | |||
808 | Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2 | ||
809 | |||
810 | commit 523db8540b720c4d21ab0ff6f928476c70c38aab | ||
811 | Author: Damien Miller <djm@mindrot.org> | ||
812 | Date: Fri Feb 3 16:01:22 2017 +1100 | ||
813 | |||
814 | prefer to use ldns-config to find libldns | ||
815 | |||
816 | Should fix bz#2603 - "Build with ldns and without kerberos support | ||
817 | fails if ldns compiled with kerberos support" by including correct | ||
818 | cflags/libs | ||
819 | |||
820 | ok dtucker@ | ||
821 | |||
822 | commit c998bf0afa1a01257a53793eba57941182e9e0b7 | ||
823 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
824 | Date: Fri Feb 3 02:56:00 2017 +0000 | ||
825 | |||
826 | upstream commit | ||
827 | |||
828 | Make ssh_packet_set_rekey_limits take u32 for the number of | ||
829 | seconds until rekeying (negative values are rejected at config parse time). | ||
830 | This allows the removal of some casts and a signed vs unsigned comparison | ||
831 | warning. | ||
832 | |||
833 | rekey_time is cast to int64 for the comparison which is a no-op | ||
834 | on OpenBSD, but should also do the right thing in -portable on | ||
835 | anything still using 32bit time_t (until the system time actually | ||
836 | wraps, anyway). | ||
837 | |||
838 | some early guidance deraadt@, ok djm@ | ||
839 | |||
840 | Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c | ||
841 | |||
842 | commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422 | ||
843 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
844 | Date: Thu Feb 2 10:54:25 2017 +0000 | ||
845 | |||
846 | upstream commit | ||
847 | |||
848 | In vasnmprintf() return an error if malloc fails and | ||
849 | don't set a function argument to the address of free'd memory. | ||
850 | |||
851 | ok djm@ | ||
852 | |||
853 | Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779 | ||
854 | |||
855 | commit 858252fb1d451ebb0969cf9749116c8f0ee42753 | ||
856 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
857 | Date: Wed Feb 1 02:59:09 2017 +0000 | ||
858 | |||
859 | upstream commit | ||
860 | |||
861 | Return true reason for port forwarding failures where | ||
862 | feasible rather than always "administratively prohibited". bz#2674, ok djm@ | ||
863 | |||
864 | Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419 | ||
865 | |||
866 | commit 6ba9f893838489add6ec4213c7a997b425e4a9e0 | ||
867 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
868 | Date: Mon Jan 30 23:27:39 2017 +0000 | ||
869 | |||
870 | upstream commit | ||
871 | |||
872 | Small correction to the known_hosts section on when it is | ||
873 | updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at | ||
874 | sdf.org | ||
875 | |||
876 | Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5 | ||
877 | |||
878 | commit c61d5ec3c11e7ff9779b6127421d9f166cf10915 | ||
879 | Author: Darren Tucker <dtucker@zip.com.au> | ||
880 | Date: Fri Feb 3 14:10:34 2017 +1100 | ||
881 | |||
882 | Remove _XOPEN_SOURCE from wide char detection. | ||
883 | |||
884 | Having _XOPEN_SOURCE unconditionally causes problems on some platforms | ||
885 | and configurations, notably Solaris 64-bit binaries. It was there for | ||
886 | the benefit of Linux put the required bits in the *-*linux* section. | ||
887 | |||
888 | Patch from yvoinov at gmail.com. | ||
889 | |||
890 | commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd | ||
891 | Author: djm@openbsd.org <djm@openbsd.org> | ||
892 | Date: Mon Jan 30 05:22:14 2017 +0000 | ||
893 | |||
894 | upstream commit | ||
895 | |||
896 | fully unbreak: some $SSH invocations did not have -F | ||
897 | specified and could pick up the ~/.ssh/config of the user running the tests | ||
898 | |||
899 | Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89 | ||
900 | |||
901 | commit 6956e21fb26652887475fe77ea40d2efcf25908b | ||
902 | Author: djm@openbsd.org <djm@openbsd.org> | ||
903 | Date: Mon Jan 30 04:54:07 2017 +0000 | ||
904 | |||
905 | upstream commit | ||
906 | |||
907 | partially unbreak: was not specifying hostname on some | ||
908 | $SSH invocations | ||
909 | |||
910 | Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc | ||
911 | |||
912 | commit 52763dd3fe0a4678dafdf7aeb32286e514130afc | ||
913 | Author: djm@openbsd.org <djm@openbsd.org> | ||
914 | Date: Mon Jan 30 01:03:00 2017 +0000 | ||
915 | |||
916 | upstream commit | ||
917 | |||
918 | revise keys/principals command hang fix (bz#2655) to | ||
919 | consume entire output, avoiding sending SIGPIPE to subprocesses early; ok | ||
920 | dtucker@ | ||
921 | |||
922 | Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc | ||
923 | |||
924 | commit 381a2615a154a82c4c53b787f4a564ef894fe9ac | ||
925 | Author: djm@openbsd.org <djm@openbsd.org> | ||
926 | Date: Mon Jan 30 00:38:50 2017 +0000 | ||
927 | |||
928 | upstream commit | ||
929 | |||
930 | small cleanup post SSHv1 removal: | ||
931 | |||
932 | remove SSHv1-isms in commented examples | ||
933 | |||
934 | reorder token table to group deprecated and compile-time conditional tokens | ||
935 | better | ||
936 | |||
937 | fix config dumping code for some compile-time conditional options that | ||
938 | weren't being correctly skipped (SSHv1 and PKCS#11) | ||
939 | |||
940 | Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105 | ||
941 | |||
942 | commit 4833d01591b7eb049489d9558b65f5553387ed43 | ||
943 | Author: djm@openbsd.org <djm@openbsd.org> | ||
944 | Date: Mon Jan 30 00:34:01 2017 +0000 | ||
945 | |||
946 | upstream commit | ||
947 | |||
948 | some explicit NULL tests when dumping configured | ||
949 | forwardings; from Karsten Weiss | ||
950 | |||
951 | Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d | ||
952 | |||
953 | commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2 | ||
954 | Author: djm@openbsd.org <djm@openbsd.org> | ||
955 | Date: Mon Jan 30 00:32:28 2017 +0000 | ||
956 | |||
957 | upstream commit | ||
958 | |||
959 | misplaced braces in test; from Karsten Weiss | ||
960 | |||
961 | Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae | ||
962 | |||
963 | commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb | ||
964 | Author: djm@openbsd.org <djm@openbsd.org> | ||
965 | Date: Mon Jan 30 00:32:03 2017 +0000 | ||
966 | |||
967 | upstream commit | ||
968 | |||
969 | don't dereference authctxt before testing != NULL, it | ||
970 | causes compilers to make assumptions; from Karsten Weiss | ||
971 | |||
972 | Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2 | ||
973 | |||
974 | commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057 | ||
975 | Author: djm@openbsd.org <djm@openbsd.org> | ||
976 | Date: Fri Jan 6 02:51:16 2017 +0000 | ||
977 | |||
978 | upstream commit | ||
979 | |||
980 | use correct ssh-add program; bz#2654, from Colin Watson | ||
981 | |||
982 | Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030 | ||
983 | |||
984 | commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5 | ||
985 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
986 | Date: Fri Jan 6 02:26:10 2017 +0000 | ||
987 | |||
988 | upstream commit | ||
989 | |||
990 | Account for timeouts in the integrity tests as failures. | ||
991 | |||
992 | If the first test in a series for a given MAC happens to modify the low | ||
993 | bytes of a packet length, then ssh will time out and this will be | ||
994 | interpreted as a test failure. Patch from cjwatson at debian.org via | ||
995 | bz#2658. | ||
996 | |||
997 | Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9 | ||
998 | |||
999 | commit dbaf599b61bd6e0f8469363a8c8e7f633b334018 | ||
1000 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1001 | Date: Fri Jan 6 02:09:25 2017 +0000 | ||
1002 | |||
1003 | upstream commit | ||
1004 | |||
1005 | Make forwarding test less racy by using unix domain | ||
1006 | sockets instead of TCP ports where possible. Patch from cjwatson at | ||
1007 | debian.org via bz#2659. | ||
1008 | |||
1009 | Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9 | ||
1010 | |||
1011 | commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6 | ||
1012 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1013 | Date: Sun Jan 29 21:35:23 2017 +0000 | ||
1014 | |||
1015 | upstream commit | ||
1016 | |||
1017 | Fix typo in ~C error message for bad port forward | ||
1018 | cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's | ||
1019 | bugtracker. | ||
1020 | |||
1021 | Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af | ||
1022 | |||
1023 | commit 4ba15462ca38883b8a61a1eccc093c79462d5414 | ||
1024 | Author: guenther@openbsd.org <guenther@openbsd.org> | ||
1025 | Date: Sat Jan 21 11:32:04 2017 +0000 | ||
1026 | |||
1027 | upstream commit | ||
1028 | |||
1029 | The POSIX APIs that that sockaddrs all ignore the s*_len | ||
1030 | field in the incoming socket, so userspace doesn't need to set it unless it | ||
1031 | has its own reasons for tracking the size along with the sockaddr. | ||
1032 | |||
1033 | ok phessler@ deraadt@ florian@ | ||
1034 | |||
1035 | Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437 | ||
1036 | |||
1037 | commit a1187bd3ef3e4940af849ca953a1b849dae78445 | ||
1038 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1039 | Date: Fri Jan 6 16:28:12 2017 +0000 | ||
1040 | |||
1041 | upstream commit | ||
1042 | |||
1043 | keep the tokens list sorted; | ||
1044 | |||
1045 | Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638 | ||
1046 | |||
1047 | commit b64077f9767634715402014f509e58decf1e140d | ||
1048 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1049 | Date: Fri Jan 6 09:27:52 2017 +0000 | ||
1050 | |||
1051 | upstream commit | ||
1052 | |||
1053 | fix previous | ||
1054 | |||
1055 | Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895 | ||
1056 | |||
1057 | commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de | ||
1058 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1059 | Date: Fri Jan 6 03:53:58 2017 +0000 | ||
1060 | |||
1061 | upstream commit | ||
1062 | |||
1063 | show a useful error message when included config files | ||
1064 | can't be opened; bz#2653, ok dtucker@ | ||
1065 | |||
1066 | Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b | ||
1067 | |||
1068 | commit 13bd2e2d622d01dc85d22b94520a5b243d006049 | ||
1069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1070 | Date: Fri Jan 6 03:45:41 2017 +0000 | ||
1071 | |||
1072 | upstream commit | ||
1073 | |||
1074 | sshd_config is documented to set | ||
1075 | GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this. | ||
1076 | bz#2637 ok dtucker | ||
1077 | |||
1078 | Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665 | ||
1079 | |||
1080 | commit f89b928534c9e77f608806a217d39a2960cc7fd0 | ||
1081 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1082 | Date: Fri Jan 6 03:41:58 2017 +0000 | ||
1083 | |||
1084 | upstream commit | ||
1085 | |||
1086 | Avoid confusing error message when attempting to use | ||
1087 | ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583 | ||
1088 | |||
1089 | Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165 | ||
1090 | |||
1091 | commit 0999533014784579aa6f01c2d3a06e3e8804b680 | ||
1092 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1093 | Date: Fri Jan 6 02:34:54 2017 +0000 | ||
1094 | |||
1095 | upstream commit | ||
1096 | |||
1097 | Re-add '%k' token for AuthorizedKeysCommand which was | ||
1098 | lost during the re-org in rev 1.235. bz#2656, from jboning at gmail.com. | ||
1099 | |||
1100 | Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38 | ||
1101 | |||
1102 | commit 51045869fa084cdd016fdd721ea760417c0a3bf3 | ||
1103 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1104 | Date: Wed Jan 4 05:37:40 2017 +0000 | ||
1105 | |||
1106 | upstream commit | ||
1107 | |||
1108 | unbreak Unix domain socket forwarding for root; ok | ||
1109 | markus@ | ||
1110 | |||
1111 | Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 | ||
1112 | |||
1113 | commit 58fca12ba967ea5c768653535604e1522d177e44 | ||
1114 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1115 | Date: Mon Jan 16 09:08:32 2017 +1100 | ||
1116 | |||
1117 | Remove LOGIN_PROGRAM. | ||
1118 | |||
1119 | UseLogin is gone, remove leftover. bz#2665, from cjwatson at debian.org | ||
1120 | |||
1121 | commit b108ce92aae0ca0376dce9513d953be60e449ae1 | ||
1122 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1123 | Date: Wed Jan 4 02:21:43 2017 +0000 | ||
1124 | |||
1125 | upstream commit | ||
1126 | |||
1127 | relax PKCS#11 whitelist a bit to allow libexec as well as | ||
1128 | lib directories. | ||
1129 | |||
1130 | Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702 | ||
1131 | |||
1132 | commit c7995f296b9222df2846f56ecf61e5ae13d7a53d | ||
1133 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1134 | Date: Tue Jan 3 05:46:51 2017 +0000 | ||
1135 | |||
1136 | upstream commit | ||
1137 | |||
1138 | check number of entries in SSH2_FXP_NAME response; avoids | ||
1139 | unreachable overflow later. Reported by Jann Horn | ||
1140 | |||
1141 | Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f | ||
1142 | |||
1143 | commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2 | ||
1144 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1145 | Date: Fri Dec 30 22:08:02 2016 +0000 | ||
1146 | |||
1147 | upstream commit | ||
1148 | |||
1149 | fix deadlock when keys/principals command produces a lot of | ||
1150 | output and a key is matched early; bz#2655, patch from jboning AT gmail.com | ||
1151 | |||
1152 | Upstream-ID: e19456429bf99087ea994432c16d00a642060afe | ||
1153 | |||
1154 | commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f | ||
1155 | Author: Darren Tucker <dtucker@zip.com.au> | ||
1156 | Date: Tue Dec 20 12:16:11 2016 +1100 | ||
1157 | |||
1158 | Re-add missing "Prerequisites" header and fix typo | ||
1159 | |||
1160 | Patch from HARUYAMA Seigo <haruyama at unixuser org>. | ||
1161 | |||
1162 | commit c8c60f3663165edd6a52632c6ddbfabfce1ca865 | ||
1163 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1164 | Date: Mon Dec 19 22:35:23 2016 +0000 | ||
1165 | |||
1166 | upstream commit | ||
1167 | |||
1168 | use standard /bin/sh equality test; from Mike Frysinger | ||
1169 | |||
1170 | Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2 | ||
1171 | |||
1 | commit 4a354fc231174901f2629437c2a6e924a2dd6772 | 1172 | commit 4a354fc231174901f2629437c2a6e924a2dd6772 |
2 | Author: Damien Miller <djm@mindrot.org> | 1173 | Author: Damien Miller <djm@mindrot.org> |
3 | Date: Mon Dec 19 15:59:26 2016 +1100 | 1174 | Date: Mon Dec 19 15:59:26 2016 +1100 |
@@ -8221,2046 +9392,3 @@ Date: Wed Mar 11 00:48:39 2015 +0000 | |||
8221 | 9392 | ||
8222 | add back the changes from rev 1.206, djm reverted this by | 9393 | add back the changes from rev 1.206, djm reverted this by |
8223 | mistake in rev 1.207 | 9394 | mistake in rev 1.207 |
8224 | |||
8225 | commit 4d24b3b6a4a6383e05e7da26d183b79fa8663697 | ||
8226 | Author: Damien Miller <djm@mindrot.org> | ||
8227 | Date: Fri Mar 20 09:11:59 2015 +1100 | ||
8228 | |||
8229 | remove error() accidentally inserted for debugging | ||
8230 | |||
8231 | pointed out by Christian Hesse | ||
8232 | |||
8233 | commit 9f82e5a9042f2d872e98f48a876fcab3e25dd9bb | ||
8234 | Author: Tim Rice <tim@multitalents.net> | ||
8235 | Date: Mon Mar 16 22:49:20 2015 -0700 | ||
8236 | |||
8237 | portability fix: Solaris systems may not have a grep that understands -q | ||
8238 | |||
8239 | commit 8ef691f7d9ef500257a549d0906d78187490668f | ||
8240 | Author: Damien Miller <djm@google.com> | ||
8241 | Date: Wed Mar 11 10:35:26 2015 +1100 | ||
8242 | |||
8243 | fix compile with clang | ||
8244 | |||
8245 | commit 4df590cf8dc799e8986268d62019b487a8ed63ad | ||
8246 | Author: Damien Miller <djm@google.com> | ||
8247 | Date: Wed Mar 11 10:02:39 2015 +1100 | ||
8248 | |||
8249 | make unit tests work for !OPENSSH_HAS_ECC | ||
8250 | |||
8251 | commit 307bb40277ca2c32e97e61d70d1ed74b571fd6ba | ||
8252 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8253 | Date: Sat Mar 7 04:41:48 2015 +0000 | ||
8254 | |||
8255 | upstream commit | ||
8256 | |||
8257 | unbreak for w/SSH1 (default) case; ok markus@ deraadt@ | ||
8258 | |||
8259 | commit b44ee0c998fb4c5f3c3281f2398af5ce42840b6f | ||
8260 | Author: Damien Miller <djm@mindrot.org> | ||
8261 | Date: Thu Mar 5 18:39:20 2015 -0800 | ||
8262 | |||
8263 | unbreak hostkeys test for w/ SSH1 case | ||
8264 | |||
8265 | commit 55e5bdeb519cb60cc18b7ba0545be581fb8598b4 | ||
8266 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8267 | Date: Fri Mar 6 01:40:56 2015 +0000 | ||
8268 | |||
8269 | upstream commit | ||
8270 | |||
8271 | fix sshkey_certify() return value for unsupported key types; | ||
8272 | ok markus@ deraadt@ | ||
8273 | |||
8274 | commit be8f658e550a434eac04256bfbc4289457a24e99 | ||
8275 | Author: Damien Miller <djm@mindrot.org> | ||
8276 | Date: Wed Mar 4 15:38:03 2015 -0800 | ||
8277 | |||
8278 | update version numbers to match version.h | ||
8279 | |||
8280 | commit ac5e8acefa253eb5e5ba186e34236c0e8007afdc | ||
8281 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8282 | Date: Wed Mar 4 23:22:35 2015 +0000 | ||
8283 | |||
8284 | upstream commit | ||
8285 | |||
8286 | make these work with !SSH1; ok markus@ deraadt@ | ||
8287 | |||
8288 | commit 2f04af92f036b0c87a23efb259c37da98cd81fe6 | ||
8289 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8290 | Date: Wed Mar 4 21:12:59 2015 +0000 | ||
8291 | |||
8292 | upstream commit | ||
8293 | |||
8294 | make ssh-add -D work with !SSH1 agent | ||
8295 | |||
8296 | commit a05adf95d2af6abb2b7826ddaa7a0ec0cdc1726b | ||
8297 | Author: Damien Miller <djm@mindrot.org> | ||
8298 | Date: Wed Mar 4 00:55:48 2015 -0800 | ||
8299 | |||
8300 | netcat needs poll.h portability goop | ||
8301 | |||
8302 | commit dad2b1892b4c1b7e58df483a8c5b983c4454e099 | ||
8303 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8304 | Date: Tue Mar 3 22:35:19 2015 +0000 | ||
8305 | |||
8306 | upstream commit | ||
8307 | |||
8308 | make it possible to run tests w/o ssh1 support; ok djm@ | ||
8309 | |||
8310 | commit d48a22601bdd3eec054794c535f4ae8d8ae4c6e2 | ||
8311 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8312 | Date: Wed Mar 4 18:53:53 2015 +0000 | ||
8313 | |||
8314 | upstream commit | ||
8315 | |||
8316 | crank; ok markus, deraadt | ||
8317 | |||
8318 | commit bbffb23daa0b002dd9f296e396a9ab8a5866b339 | ||
8319 | Author: Damien Miller <djm@mindrot.org> | ||
8320 | Date: Tue Mar 3 13:50:27 2015 -0800 | ||
8321 | |||
8322 | more --without-ssh1 fixes | ||
8323 | |||
8324 | commit 6c2039286f503e2012a58a1d109e389016e7a99b | ||
8325 | Author: Damien Miller <djm@mindrot.org> | ||
8326 | Date: Tue Mar 3 13:48:48 2015 -0800 | ||
8327 | |||
8328 | fix merge both that broke --without-ssh1 compile | ||
8329 | |||
8330 | commit 111dfb225478a76f89ecbcd31e96eaf1311b59d3 | ||
8331 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8332 | Date: Tue Mar 3 21:21:13 2015 +0000 | ||
8333 | |||
8334 | upstream commit | ||
8335 | |||
8336 | add SSH1 Makefile knob to make it easier to build without | ||
8337 | SSH1 support; ok markus@ | ||
8338 | |||
8339 | commit 3f7f5e6c5d2aa3f6710289c1a30119e534e56c5c | ||
8340 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8341 | Date: Tue Mar 3 20:42:49 2015 +0000 | ||
8342 | |||
8343 | upstream commit | ||
8344 | |||
8345 | expand __unused to full __attribute__ for better portability | ||
8346 | |||
8347 | commit 2fab9b0f8720baf990c931e3f68babb0bf9949c6 | ||
8348 | Author: Damien Miller <djm@mindrot.org> | ||
8349 | Date: Wed Mar 4 07:41:27 2015 +1100 | ||
8350 | |||
8351 | avoid warning | ||
8352 | |||
8353 | commit d1bc844322461f882b4fd2277ba9a8d4966573d2 | ||
8354 | Author: Damien Miller <djm@mindrot.org> | ||
8355 | Date: Wed Mar 4 06:31:45 2015 +1100 | ||
8356 | |||
8357 | Revert "define __unused to nothing if not already defined" | ||
8358 | |||
8359 | This reverts commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908. | ||
8360 | |||
8361 | Some system headers have objects named __unused | ||
8362 | |||
8363 | commit 00797e86b2d98334d1bb808f65fa1fd47f328ff1 | ||
8364 | Author: Damien Miller <djm@mindrot.org> | ||
8365 | Date: Wed Mar 4 05:02:45 2015 +1100 | ||
8366 | |||
8367 | check for crypt and DES_crypt in openssl block | ||
8368 | |||
8369 | fixes builds on systems that use DES_crypt; based on patch | ||
8370 | from Roumen Petrov | ||
8371 | |||
8372 | commit 1598419e38afbaa8aa5df8dd6b0af98301e2c908 | ||
8373 | Author: Damien Miller <djm@mindrot.org> | ||
8374 | Date: Wed Mar 4 04:59:13 2015 +1100 | ||
8375 | |||
8376 | define __unused to nothing if not already defined | ||
8377 | |||
8378 | fixes builds on BSD/OS | ||
8379 | |||
8380 | commit d608a51daad4f14ad6ab43d7cf74ef4801cc3fe9 | ||
8381 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8382 | Date: Tue Mar 3 17:53:40 2015 +0000 | ||
8383 | |||
8384 | upstream commit | ||
8385 | |||
8386 | reorder logic for better portability; patch from Roumen | ||
8387 | Petrov | ||
8388 | |||
8389 | commit 68d2dfc464fbcdf8d6387884260f9801f4352393 | ||
8390 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8391 | Date: Tue Mar 3 06:48:58 2015 +0000 | ||
8392 | |||
8393 | upstream commit | ||
8394 | |||
8395 | Allow "ssh -Q protocol-version" to list supported SSH | ||
8396 | protocol versions. Useful for detecting builds without SSH v.1 support; idea | ||
8397 | and ok markus@ | ||
8398 | |||
8399 | commit 39e2f1229562e1195169905607bc12290d21f021 | ||
8400 | Author: millert@openbsd.org <millert@openbsd.org> | ||
8401 | Date: Sun Mar 1 15:44:40 2015 +0000 | ||
8402 | |||
8403 | upstream commit | ||
8404 | |||
8405 | Make sure we only call getnameinfo() for AF_INET or AF_INET6 | ||
8406 | sockets. getpeername() of a Unix domain socket may return without error on | ||
8407 | some systems without actually setting ss_family so getnameinfo() was getting | ||
8408 | called with ss_family set to AF_UNSPEC. OK djm@ | ||
8409 | |||
8410 | commit e47536ba9692d271b8ad89078abdecf0a1c11707 | ||
8411 | Author: Damien Miller <djm@mindrot.org> | ||
8412 | Date: Sat Feb 28 08:20:11 2015 -0800 | ||
8413 | |||
8414 | portability fixes for regress/netcat.c | ||
8415 | |||
8416 | Mostly avoiding "err(1, NULL)" | ||
8417 | |||
8418 | commit 02973ad5f6f49d8420e50a392331432b0396c100 | ||
8419 | Author: Damien Miller <djm@mindrot.org> | ||
8420 | Date: Sat Feb 28 08:05:27 2015 -0800 | ||
8421 | |||
8422 | twiddle another test for portability | ||
8423 | |||
8424 | from Tom G. Christensen | ||
8425 | |||
8426 | commit f7f3116abf2a6e2f309ab096b08c58d19613e5d0 | ||
8427 | Author: Damien Miller <djm@mindrot.org> | ||
8428 | Date: Fri Feb 27 15:52:49 2015 -0800 | ||
8429 | |||
8430 | twiddle test for portability | ||
8431 | |||
8432 | commit 1ad3a77cc9d5568f5437ff99d377aa7a41859b83 | ||
8433 | Author: Damien Miller <djm@mindrot.org> | ||
8434 | Date: Thu Feb 26 20:33:22 2015 -0800 | ||
8435 | |||
8436 | make regress/netcat.c fd passing (more) portable | ||
8437 | |||
8438 | commit 9e1cfca7e1fe9cf8edb634fc894e43993e4da1ea | ||
8439 | Author: Damien Miller <djm@mindrot.org> | ||
8440 | Date: Thu Feb 26 20:32:58 2015 -0800 | ||
8441 | |||
8442 | create OBJ/valgrind-out before running unittests | ||
8443 | |||
8444 | commit bd58853102cee739f0e115e6d4b5334332ab1442 | ||
8445 | Author: Damien Miller <djm@mindrot.org> | ||
8446 | Date: Wed Feb 25 16:58:22 2015 -0800 | ||
8447 | |||
8448 | valgrind support | ||
8449 | |||
8450 | commit f43d17269194761eded9e89f17456332f4c83824 | ||
8451 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8452 | Date: Thu Feb 26 20:45:47 2015 +0000 | ||
8453 | |||
8454 | upstream commit | ||
8455 | |||
8456 | don't printf NULL key comments; reported by Tom Christensen | ||
8457 | |||
8458 | commit 6e6458b476ec854db33e3e68ebf4f489d0ab3df8 | ||
8459 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8460 | Date: Wed Feb 25 23:05:47 2015 +0000 | ||
8461 | |||
8462 | upstream commit | ||
8463 | |||
8464 | zero cmsgbuf before use; we initialise the bits we use | ||
8465 | but valgrind still spams warning on it | ||
8466 | |||
8467 | commit a63cfa26864b93ab6afefad0b630e5358ed8edfa | ||
8468 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8469 | Date: Wed Feb 25 19:54:02 2015 +0000 | ||
8470 | |||
8471 | upstream commit | ||
8472 | |||
8473 | fix small memory leak when UpdateHostkeys=no | ||
8474 | |||
8475 | commit e6b950341dd75baa8526f1862bca39e52f5b879b | ||
8476 | Author: Tim Rice <tim@multitalents.net> | ||
8477 | Date: Wed Feb 25 09:56:48 2015 -0800 | ||
8478 | |||
8479 | Revert "Work around finicky USL linker so netcat will build." | ||
8480 | |||
8481 | This reverts commit d1db656021d0cd8c001a6692f772f1de29b67c8b. | ||
8482 | |||
8483 | No longer needed with commit 678e473e2af2e4802f24dd913985864d9ead7fb3 | ||
8484 | |||
8485 | commit 6f621603f9cff2a5d6016a404c96cb2f8ac2dec0 | ||
8486 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8487 | Date: Wed Feb 25 17:29:38 2015 +0000 | ||
8488 | |||
8489 | upstream commit | ||
8490 | |||
8491 | don't leak validity of user in "too many authentication | ||
8492 | failures" disconnect message; reported by Sebastian Reitenbach | ||
8493 | |||
8494 | commit 6288e3a935494df12519164f52ca5c8c65fc3ca5 | ||
8495 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
8496 | Date: Tue Feb 24 15:24:05 2015 +0000 | ||
8497 | |||
8498 | upstream commit | ||
8499 | |||
8500 | add -v (show ASCII art) to -l's synopsis; ok djm@ | ||
8501 | |||
8502 | commit 678e473e2af2e4802f24dd913985864d9ead7fb3 | ||
8503 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8504 | Date: Thu Feb 26 04:12:58 2015 +1100 | ||
8505 | |||
8506 | Remove dependency on xmalloc. | ||
8507 | |||
8508 | Remove ssh_get_progname's dependency on xmalloc, which should reduce | ||
8509 | link order problems. ok djm@ | ||
8510 | |||
8511 | commit 5d5ec165c5b614b03678afdad881f10e25832e46 | ||
8512 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8513 | Date: Wed Feb 25 15:32:49 2015 +1100 | ||
8514 | |||
8515 | Restrict ECDSA and ECDH tests. | ||
8516 | |||
8517 | ifdef out some more ECDSA and ECDH tests when built against an OpenSSL | ||
8518 | that does not have eliptic curve functionality. | ||
8519 | |||
8520 | commit 1734e276d99b17e92d4233fac7aef3a3180aaca7 | ||
8521 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8522 | Date: Wed Feb 25 13:40:45 2015 +1100 | ||
8523 | |||
8524 | Move definition of _NSIG. | ||
8525 | |||
8526 | _NSIG is only unsed in one file, so move it there prevent redefinition | ||
8527 | warnings reported by Kevin Brott. | ||
8528 | |||
8529 | commit a47ead7c95cfbeb72721066c4da2312e5b1b9f3d | ||
8530 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8531 | Date: Wed Feb 25 13:17:40 2015 +1100 | ||
8532 | |||
8533 | Add includes.h for compatibility stuff. | ||
8534 | |||
8535 | commit 38806bda6d2e48ad32812b461eebe17672ada771 | ||
8536 | Author: Damien Miller <djm@mindrot.org> | ||
8537 | Date: Tue Feb 24 16:50:06 2015 -0800 | ||
8538 | |||
8539 | include netdb.h to look for MAXHOSTNAMELEN; ok tim | ||
8540 | |||
8541 | commit d1db656021d0cd8c001a6692f772f1de29b67c8b | ||
8542 | Author: Tim Rice <tim@multitalents.net> | ||
8543 | Date: Tue Feb 24 10:42:08 2015 -0800 | ||
8544 | |||
8545 | Work around finicky USL linker so netcat will build. | ||
8546 | |||
8547 | commit cb030ce25f555737e8ba97bdd7883ac43f3ff2a3 | ||
8548 | Author: Damien Miller <djm@mindrot.org> | ||
8549 | Date: Tue Feb 24 09:23:04 2015 -0800 | ||
8550 | |||
8551 | include includes.h to avoid build failure on AIX | ||
8552 | |||
8553 | commit 13af342458f5064144abbb07e5ac9bbd4eb42567 | ||
8554 | Author: Tim Rice <tim@multitalents.net> | ||
8555 | Date: Tue Feb 24 07:56:47 2015 -0800 | ||
8556 | |||
8557 | Original portability patch from djm@ for platforms missing err.h. | ||
8558 | Fix name space clash on Solaris 10. Still more to do for Solaris 10 | ||
8559 | to deal with msghdr structure differences. ok djm@ | ||
8560 | |||
8561 | commit 910209203d0cd60c5083901cbcc0b7b44d9f48d2 | ||
8562 | Author: Tim Rice <tim@multitalents.net> | ||
8563 | Date: Mon Feb 23 22:06:56 2015 -0800 | ||
8564 | |||
8565 | cleaner way fix dispatch.h portion of commit | ||
8566 | a88dd1da119052870bb2654c1a32c51971eade16 | ||
8567 | (some systems have sig_atomic_t in signal.h, some in sys/signal.h) | ||
8568 | Sounds good to me djm@ | ||
8569 | |||
8570 | commit 676c38d7cbe65b76bbfff796861bb6615cc6a596 | ||
8571 | Author: Tim Rice <tim@multitalents.net> | ||
8572 | Date: Mon Feb 23 21:51:33 2015 -0800 | ||
8573 | |||
8574 | portability fix: if we can't dind a better define for HOST_NAME_MAX, use 255 | ||
8575 | |||
8576 | commit 1221b22023dce38cbc90ba77eae4c5d78c77a5e6 | ||
8577 | Author: Tim Rice <tim@multitalents.net> | ||
8578 | Date: Mon Feb 23 21:50:34 2015 -0800 | ||
8579 | |||
8580 | portablity fix: s/__inline__/inline/ | ||
8581 | |||
8582 | commit 4c356308a88d309c796325bb75dce90ca16591d5 | ||
8583 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8584 | Date: Tue Feb 24 13:49:31 2015 +1100 | ||
8585 | |||
8586 | Wrap stdint.h includes in HAVE_STDINT_H. | ||
8587 | |||
8588 | commit c9c88355c6a27a908e7d1e5003a2b35ea99c1614 | ||
8589 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8590 | Date: Tue Feb 24 13:43:57 2015 +1100 | ||
8591 | |||
8592 | Add AI_NUMERICSERV to fake-rfc2553. | ||
8593 | |||
8594 | Our getaddrinfo implementation always returns numeric values already. | ||
8595 | |||
8596 | commit ef342ab1ce6fb9a4b30186c89c309d0ae9d0eeb4 | ||
8597 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8598 | Date: Tue Feb 24 13:39:57 2015 +1100 | ||
8599 | |||
8600 | Include OpenSSL's objects.h before bn.h. | ||
8601 | |||
8602 | Prevents compile errors on some platforms (at least old GCCs and AIX's | ||
8603 | XLC compilers). | ||
8604 | |||
8605 | commit dcc8997d116f615195aa7c9ec019fb36c28c6228 | ||
8606 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8607 | Date: Tue Feb 24 12:30:59 2015 +1100 | ||
8608 | |||
8609 | Convert two macros into functions. | ||
8610 | |||
8611 | Convert packet_send_debug and packet_disconnect from macros to | ||
8612 | functions. Some older GCCs (2.7.x, 2.95.x) see to have problems with | ||
8613 | variadic macros with only one argument so we convert these two into | ||
8614 | functions. ok djm@ | ||
8615 | |||
8616 | commit 2285c30d51b7e2052c6526445abe7e7cc7e170a1 | ||
8617 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8618 | Date: Mon Feb 23 22:21:21 2015 +0000 | ||
8619 | |||
8620 | upstream commit | ||
8621 | |||
8622 | further silence spurious error message even when -v is | ||
8623 | specified (e.g. to get visual host keys); reported by naddy@ | ||
8624 | |||
8625 | commit 9af21979c00652029e160295e988dea40758ece2 | ||
8626 | Author: Damien Miller <djm@mindrot.org> | ||
8627 | Date: Tue Feb 24 09:04:32 2015 +1100 | ||
8628 | |||
8629 | don't include stdint.h unless HAVE_STDINT_H set | ||
8630 | |||
8631 | commit 62f678dd51660d6f8aee1da33d3222c5de10a89e | ||
8632 | Author: Damien Miller <djm@mindrot.org> | ||
8633 | Date: Tue Feb 24 09:02:54 2015 +1100 | ||
8634 | |||
8635 | nother sys/queue.h -> sys-queue.h fix | ||
8636 | |||
8637 | spotted by Tom Christensen | ||
8638 | |||
8639 | commit b3c19151cba2c0ed01b27f55de0d723ad07ca98f | ||
8640 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8641 | Date: Mon Feb 23 20:32:15 2015 +0000 | ||
8642 | |||
8643 | upstream commit | ||
8644 | |||
8645 | fix a race condition by using a mux socket rather than an | ||
8646 | ineffectual wait statement | ||
8647 | |||
8648 | commit a88dd1da119052870bb2654c1a32c51971eade16 | ||
8649 | Author: Damien Miller <djm@mindrot.org> | ||
8650 | Date: Tue Feb 24 06:30:29 2015 +1100 | ||
8651 | |||
8652 | various include fixes for portable | ||
8653 | |||
8654 | commit 5248429b5ec524d0a65507cff0cdd6e0cb99effd | ||
8655 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8656 | Date: Mon Feb 23 16:55:51 2015 +0000 | ||
8657 | |||
8658 | upstream commit | ||
8659 | |||
8660 | add an XXX to remind me to improve sshkey_load_public | ||
8661 | |||
8662 | commit e94e4b07ef2eaead38b085a60535df9981cdbcdb | ||
8663 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8664 | Date: Mon Feb 23 16:55:31 2015 +0000 | ||
8665 | |||
8666 | upstream commit | ||
8667 | |||
8668 | silence a spurious error message when listing | ||
8669 | fingerprints for known_hosts; bz#2342 | ||
8670 | |||
8671 | commit f2293a65392b54ac721f66bc0b44462e8d1d81f8 | ||
8672 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8673 | Date: Mon Feb 23 16:33:25 2015 +0000 | ||
8674 | |||
8675 | upstream commit | ||
8676 | |||
8677 | fix setting/clearing of TTY raw mode around | ||
8678 | UpdateHostKeys=ask confirmation question; reported by Herb Goldman | ||
8679 | |||
8680 | commit f2004cd1adf34492eae0a44b1ef84e0e31b06088 | ||
8681 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8682 | Date: Mon Feb 23 05:04:21 2015 +1100 | ||
8683 | |||
8684 | Repair for non-ECC OpenSSL. | ||
8685 | |||
8686 | Ifdef out the ECC parts when building with an OpenSSL that doesn't have | ||
8687 | it. | ||
8688 | |||
8689 | commit 37f9220db8d1a52c75894c3de1e5f2ae5bd71b6f | ||
8690 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8691 | Date: Mon Feb 23 03:07:24 2015 +1100 | ||
8692 | |||
8693 | Wrap stdint.h includes in ifdefs. | ||
8694 | |||
8695 | commit f81f1bbc5b892c8614ea740b1f92735652eb43f0 | ||
8696 | Author: Tim Rice <tim@multitalents.net> | ||
8697 | Date: Sat Feb 21 18:12:10 2015 -0800 | ||
8698 | |||
8699 | out of tree build fix | ||
8700 | |||
8701 | commit 2e13a1e4d22f3b503c3bfc878562cc7386a1d1ae | ||
8702 | Author: Tim Rice <tim@multitalents.net> | ||
8703 | Date: Sat Feb 21 18:08:51 2015 -0800 | ||
8704 | |||
8705 | mkdir kex unit test directory so testing out of tree builds works | ||
8706 | |||
8707 | commit 1797f49b1ba31e8700231cd6b1d512d80bb50d2c | ||
8708 | Author: halex@openbsd.org <halex@openbsd.org> | ||
8709 | Date: Sat Feb 21 21:46:57 2015 +0000 | ||
8710 | |||
8711 | upstream commit | ||
8712 | |||
8713 | make "ssh-add -d" properly remove a corresponding | ||
8714 | certificate, and also not whine and fail if there is none | ||
8715 | |||
8716 | ok djm@ | ||
8717 | |||
8718 | commit 7faaa32da83a609059d95dbfcb0649fdb04caaf6 | ||
8719 | Author: Damien Miller <djm@mindrot.org> | ||
8720 | Date: Sun Feb 22 07:57:27 2015 +1100 | ||
8721 | |||
8722 | mkdir hostkey and bitmap unit test directories | ||
8723 | |||
8724 | commit bd49da2ef197efac5e38f5399263a8b47990c538 | ||
8725 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8726 | Date: Fri Feb 20 23:46:01 2015 +0000 | ||
8727 | |||
8728 | upstream commit | ||
8729 | |||
8730 | sort options useable under Match case-insensitively; prodded | ||
8731 | jmc@ | ||
8732 | |||
8733 | commit 1a779a0dd6cd8b4a1a40ea33b5415ab8408128ac | ||
8734 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8735 | Date: Sat Feb 21 20:51:02 2015 +0000 | ||
8736 | |||
8737 | upstream commit | ||
8738 | |||
8739 | correct paths to configuration files being written/updated; | ||
8740 | they live in $OBJ not cwd; some by Roumen Petrov | ||
8741 | |||
8742 | commit 28ba006c1acddff992ae946d0bc0b500b531ba6b | ||
8743 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8744 | Date: Sat Feb 21 15:41:07 2015 +1100 | ||
8745 | |||
8746 | More correct checking of HAVE_DECL_AI_NUMERICSERV. | ||
8747 | |||
8748 | commit e50e8c97a9cecae1f28febccaa6ca5ab3bc10f54 | ||
8749 | Author: Darren Tucker <dtucker@zip.com.au> | ||
8750 | Date: Sat Feb 21 15:10:33 2015 +1100 | ||
8751 | |||
8752 | Add null declaration of AI_NUMERICINFO. | ||
8753 | |||
8754 | Some platforms (older FreeBSD and DragonFly versions) do have | ||
8755 | getaddrinfo() but do not have AI_NUMERICINFO. so define it to zero | ||
8756 | in those cases. | ||
8757 | |||
8758 | commit 18a208d6a460d707a45916db63a571e805f5db46 | ||
8759 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8760 | Date: Fri Feb 20 22:40:32 2015 +0000 | ||
8761 | |||
8762 | upstream commit | ||
8763 | |||
8764 | more options that are available under Match; bz#2353 reported | ||
8765 | by calestyo AT scientia.net | ||
8766 | |||
8767 | commit 44732de06884238049f285f1455b2181baa7dc82 | ||
8768 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8769 | Date: Fri Feb 20 22:17:21 2015 +0000 | ||
8770 | |||
8771 | upstream commit | ||
8772 | |||
8773 | UpdateHostKeys fixes: | ||
8774 | |||
8775 | I accidentally changed the format of the hostkeys@openssh.com messages | ||
8776 | last week without changing the extension name, and this has been causing | ||
8777 | connection failures for people who are running -current. First reported | ||
8778 | by sthen@ | ||
8779 | |||
8780 | s/hostkeys@openssh.com/hostkeys-00@openssh.com/ | ||
8781 | Change the name of the proof message too, and reorder it a little. | ||
8782 | |||
8783 | Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY | ||
8784 | available to read the response) so disable UpdateHostKeys if it is in | ||
8785 | ask mode and ControlPersist is active (and document this) | ||
8786 | |||
8787 | commit 13a39414d25646f93e6d355521d832a03aaaffe2 | ||
8788 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8789 | Date: Tue Feb 17 00:14:05 2015 +0000 | ||
8790 | |||
8791 | upstream commit | ||
8792 | |||
8793 | Regression: I broke logging of public key fingerprints in | ||
8794 | 1.46. Pointed out by Pontus Lundkvist | ||
8795 | |||
8796 | commit 773dda25e828c4c9a52f7bdce6e1e5924157beab | ||
8797 | Author: Damien Miller <djm@mindrot.org> | ||
8798 | Date: Fri Jan 30 23:10:17 2015 +1100 | ||
8799 | |||
8800 | repair --without-openssl; broken in refactor | ||
8801 | |||
8802 | commit e89c780886b23600de1e1c8d74aabd1ff61f43f0 | ||
8803 | Author: Damien Miller <djm@google.com> | ||
8804 | Date: Tue Feb 17 10:04:55 2015 +1100 | ||
8805 | |||
8806 | hook up hostkeys unittest to portable Makefiles | ||
8807 | |||
8808 | commit 0abf41f99aa16ff09b263bead242d6cb2dbbcf99 | ||
8809 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8810 | Date: Mon Feb 16 22:21:03 2015 +0000 | ||
8811 | |||
8812 | upstream commit | ||
8813 | |||
8814 | enable hostkeys unit tests | ||
8815 | |||
8816 | commit 68a5d647ccf0fb6782b2f749433a1eee5bc9044b | ||
8817 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8818 | Date: Mon Feb 16 22:20:50 2015 +0000 | ||
8819 | |||
8820 | upstream commit | ||
8821 | |||
8822 | check string/memory compare arguments aren't NULL | ||
8823 | |||
8824 | commit ef575ef20d09f20722e26b45dab80b3620469687 | ||
8825 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8826 | Date: Mon Feb 16 22:18:34 2015 +0000 | ||
8827 | |||
8828 | upstream commit | ||
8829 | |||
8830 | unit tests for hostfile.c code, just hostkeys_foreach so | ||
8831 | far | ||
8832 | |||
8833 | commit 8ea3365e6aa2759ccf5c76eaea62cbc8a280b0e7 | ||
8834 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8835 | Date: Sat Feb 14 12:43:16 2015 +0000 | ||
8836 | |||
8837 | upstream commit | ||
8838 | |||
8839 | test server rekey limit | ||
8840 | |||
8841 | commit ce63c4b063c39b2b22d4ada449c9e3fbde788cb3 | ||
8842 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8843 | Date: Mon Feb 16 22:30:03 2015 +0000 | ||
8844 | |||
8845 | upstream commit | ||
8846 | |||
8847 | partial backout of: | ||
8848 | |||
8849 | revision 1.441 | ||
8850 | date: 2015/01/31 20:30:05; author: djm; state: Exp; lines: +17 -10; commitid | ||
8851 | : x8klYPZMJSrVlt3O; | ||
8852 | Let sshd load public host keys even when private keys are missing. | ||
8853 | Allows sshd to advertise additional keys for future key rotation. | ||
8854 | Also log fingerprint of hostkeys loaded; ok markus@ | ||
8855 | |||
8856 | hostkey updates now require access to the private key, so we can't | ||
8857 | load public keys only. The improved log messages (fingerprints of keys | ||
8858 | loaded) are kept. | ||
8859 | |||
8860 | commit 523463a3a2a9bfc6cfc5afa01bae9147f76a37cc | ||
8861 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8862 | Date: Mon Feb 16 22:13:32 2015 +0000 | ||
8863 | |||
8864 | upstream commit | ||
8865 | |||
8866 | Revise hostkeys@openssh.com hostkey learning extension. | ||
8867 | |||
8868 | The client will not ask the server to prove ownership of the private | ||
8869 | halves of any hitherto-unseen hostkeys it offers to the client. | ||
8870 | |||
8871 | Allow UpdateHostKeys option to take an 'ask' argument to let the | ||
8872 | user manually review keys offered. | ||
8873 | |||
8874 | ok markus@ | ||
8875 | |||
8876 | commit 6c5c949782d86a6e7d58006599c7685bfcd01685 | ||
8877 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8878 | Date: Mon Feb 16 22:08:57 2015 +0000 | ||
8879 | |||
8880 | upstream commit | ||
8881 | |||
8882 | Refactor hostkeys_foreach() and dependent code Deal with | ||
8883 | IP addresses (i.e. CheckHostIP) Don't clobber known_hosts when nothing | ||
8884 | changed ok markus@ as part of larger commit | ||
8885 | |||
8886 | commit 51b082ccbe633dc970df1d1f4c9c0497115fe721 | ||
8887 | Author: miod@openbsd.org <miod@openbsd.org> | ||
8888 | Date: Mon Feb 16 18:26:26 2015 +0000 | ||
8889 | |||
8890 | upstream commit | ||
8891 | |||
8892 | Declare ge25519_base as extern, to prevent it from | ||
8893 | becoming a common. Gets us rid of ``lignment 4 of symbol | ||
8894 | `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in | ||
8895 | mod_ed25519.o'' warnings at link time. | ||
8896 | |||
8897 | commit 02db468bf7e3281a8e3c058ced571b38b6407c34 | ||
8898 | Author: markus@openbsd.org <markus@openbsd.org> | ||
8899 | Date: Fri Feb 13 18:57:00 2015 +0000 | ||
8900 | |||
8901 | upstream commit | ||
8902 | |||
8903 | make rekey_limit for sshd w/privsep work; ok djm@ | ||
8904 | dtucker@ | ||
8905 | |||
8906 | commit 8ec67d505bd23c8bf9e17b7a364b563a07a58ec8 | ||
8907 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8908 | Date: Thu Feb 12 20:34:19 2015 +0000 | ||
8909 | |||
8910 | upstream commit | ||
8911 | |||
8912 | Prevent sshd spamming syslog with | ||
8913 | "ssh_dispatch_run_fatal: disconnected". ok markus@ | ||
8914 | |||
8915 | commit d4c0295d1afc342057ba358237acad6be8af480b | ||
8916 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8917 | Date: Wed Feb 11 01:20:38 2015 +0000 | ||
8918 | |||
8919 | upstream commit | ||
8920 | |||
8921 | Some packet error messages show the address of the peer, | ||
8922 | but might be generated after the socket to the peer has suffered a TCP reset. | ||
8923 | In these cases, getpeername() won't work so cache the address earlier. | ||
8924 | |||
8925 | spotted in the wild via deraadt@ and tedu@ | ||
8926 | |||
8927 | commit 4af1709cf774475ce5d1bc3ddcc165f6c222897d | ||
8928 | Author: jsg@openbsd.org <jsg@openbsd.org> | ||
8929 | Date: Mon Feb 9 23:22:37 2015 +0000 | ||
8930 | |||
8931 | upstream commit | ||
8932 | |||
8933 | fix some leaks in error paths ok markus@ | ||
8934 | |||
8935 | commit fd36834871d06a03e1ff8d69e41992efa1bbf85f | ||
8936 | Author: millert@openbsd.org <millert@openbsd.org> | ||
8937 | Date: Fri Feb 6 23:21:59 2015 +0000 | ||
8938 | |||
8939 | upstream commit | ||
8940 | |||
8941 | SIZE_MAX is standard, we should be using it in preference to | ||
8942 | the obsolete SIZE_T_MAX. OK miod@ beck@ | ||
8943 | |||
8944 | commit 1910a286d7771eab84c0b047f31c0a17505236fa | ||
8945 | Author: millert@openbsd.org <millert@openbsd.org> | ||
8946 | Date: Thu Feb 5 12:59:57 2015 +0000 | ||
8947 | |||
8948 | upstream commit | ||
8949 | |||
8950 | Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ | ||
8951 | |||
8952 | commit ce4f59b2405845584f45e0b3214760eb0008c06c | ||
8953 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
8954 | Date: Tue Feb 3 08:07:20 2015 +0000 | ||
8955 | |||
8956 | upstream commit | ||
8957 | |||
8958 | missing ; djm and mlarkin really having great | ||
8959 | interactions recently | ||
8960 | |||
8961 | commit 5d34aa94938abb12b877a25be51862757f25d54b | ||
8962 | Author: halex@openbsd.org <halex@openbsd.org> | ||
8963 | Date: Tue Feb 3 00:34:14 2015 +0000 | ||
8964 | |||
8965 | upstream commit | ||
8966 | |||
8967 | slightly extend the passphrase prompt if running with -c | ||
8968 | in order to give the user a chance to notice if unintentionally running | ||
8969 | without it | ||
8970 | |||
8971 | wording tweak and ok djm@ | ||
8972 | |||
8973 | commit cb3bde373e80902c7d5d0db429f85068d19b2918 | ||
8974 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8975 | Date: Mon Feb 2 22:48:53 2015 +0000 | ||
8976 | |||
8977 | upstream commit | ||
8978 | |||
8979 | handle PKCS#11 C_Login returning | ||
8980 | CKR_USER_ALREADY_LOGGED_IN; based on patch from Yuri Samoilenko; ok markus@ | ||
8981 | |||
8982 | commit 15ad750e5ec3cc69765b7eba1ce90060e7083399 | ||
8983 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8984 | Date: Mon Feb 2 07:41:40 2015 +0000 | ||
8985 | |||
8986 | upstream commit | ||
8987 | |||
8988 | turn UpdateHostkeys off by default until I figure out | ||
8989 | mlarkin@'s warning message; requested by deraadt@ | ||
8990 | |||
8991 | commit 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 | ||
8992 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
8993 | Date: Mon Feb 2 01:57:44 2015 +0000 | ||
8994 | |||
8995 | upstream commit | ||
8996 | |||
8997 | increasing encounters with difficult DNS setups in | ||
8998 | darknets has convinced me UseDNS off by default is better ok djm | ||
8999 | |||
9000 | commit 6049a548a8a68ff0bbe581ab1748ea6a59ecdc38 | ||
9001 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9002 | Date: Sat Jan 31 20:30:05 2015 +0000 | ||
9003 | |||
9004 | upstream commit | ||
9005 | |||
9006 | Let sshd load public host keys even when private keys are | ||
9007 | missing. Allows sshd to advertise additional keys for future key rotation. | ||
9008 | Also log fingerprint of hostkeys loaded; ok markus@ | ||
9009 | |||
9010 | commit 46347ed5968f582661e8a70a45f448e0179ca0ab | ||
9011 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9012 | Date: Fri Jan 30 11:43:14 2015 +0000 | ||
9013 | |||
9014 | upstream commit | ||
9015 | |||
9016 | Add a ssh_config HostbasedKeyType option to control which | ||
9017 | host public key types are tried during hostbased authentication. | ||
9018 | |||
9019 | This may be used to prevent too many keys being sent to the server, | ||
9020 | and blowing past its MaxAuthTries limit. | ||
9021 | |||
9022 | bz#2211 based on patch by Iain Morgan; ok markus@ | ||
9023 | |||
9024 | commit 802660cb70453fa4d230cb0233bc1bbdf8328de1 | ||
9025 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9026 | Date: Fri Jan 30 10:44:49 2015 +0000 | ||
9027 | |||
9028 | upstream commit | ||
9029 | |||
9030 | set a timeout to prevent hangs when talking to busted | ||
9031 | servers; ok markus@ | ||
9032 | |||
9033 | commit 86936ec245a15c7abe71a0722610998b0a28b194 | ||
9034 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9035 | Date: Fri Jan 30 01:11:39 2015 +0000 | ||
9036 | |||
9037 | upstream commit | ||
9038 | |||
9039 | regression test for 'wildcard CA' serial/key ID revocations | ||
9040 | |||
9041 | commit 4509b5d4a4fa645a022635bfa7e86d09b285001f | ||
9042 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9043 | Date: Fri Jan 30 01:13:33 2015 +0000 | ||
9044 | |||
9045 | upstream commit | ||
9046 | |||
9047 | avoid more fatal/exit in the packet.c paths that | ||
9048 | ssh-keyscan uses; feedback and "looks good" markus@ | ||
9049 | |||
9050 | commit 669aee994348468af8b4b2ebd29b602cf2860b22 | ||
9051 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9052 | Date: Fri Jan 30 01:10:33 2015 +0000 | ||
9053 | |||
9054 | upstream commit | ||
9055 | |||
9056 | permit KRLs that revoke certificates by serial number or | ||
9057 | key ID without scoping to a particular CA; ok markus@ | ||
9058 | |||
9059 | commit 7a2c368477e26575d0866247d3313da4256cb2b5 | ||
9060 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9061 | Date: Fri Jan 30 00:59:19 2015 +0000 | ||
9062 | |||
9063 | upstream commit | ||
9064 | |||
9065 | missing parentheses after if in do_convert_from() broke | ||
9066 | private key conversion from other formats some time in 2010; bz#2345 reported | ||
9067 | by jjelen AT redhat.com | ||
9068 | |||
9069 | commit 25f5f78d8bf5c22d9cea8b49de24ebeee648a355 | ||
9070 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9071 | Date: Fri Jan 30 00:22:25 2015 +0000 | ||
9072 | |||
9073 | upstream commit | ||
9074 | |||
9075 | fix ssh protocol 1, spotted by miod@ | ||
9076 | |||
9077 | commit 9ce86c926dfa6e0635161b035e3944e611cbccf0 | ||
9078 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9079 | Date: Wed Jan 28 22:36:00 2015 +0000 | ||
9080 | |||
9081 | upstream commit | ||
9082 | |||
9083 | update to new API (key_fingerprint => sshkey_fingerprint) | ||
9084 | check sshkey_fingerprint return values; ok markus | ||
9085 | |||
9086 | commit 9125525c37bf73ad3ee4025520889d2ce9d10f29 | ||
9087 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9088 | Date: Wed Jan 28 22:05:31 2015 +0000 | ||
9089 | |||
9090 | upstream commit | ||
9091 | |||
9092 | avoid fatal() calls in packet code makes ssh-keyscan more | ||
9093 | reliable against server failures ok dtucker@ markus@ | ||
9094 | |||
9095 | commit fae7bbe544cba7a9e5e4ab47ff6faa3d978646eb | ||
9096 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9097 | Date: Wed Jan 28 21:15:47 2015 +0000 | ||
9098 | |||
9099 | upstream commit | ||
9100 | |||
9101 | avoid fatal() calls in packet code makes ssh-keyscan more | ||
9102 | reliable against server failures ok dtucker@ markus@ | ||
9103 | |||
9104 | commit 1a3d14f6b44a494037c7deab485abe6496bf2c60 | ||
9105 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9106 | Date: Wed Jan 28 11:07:25 2015 +0000 | ||
9107 | |||
9108 | upstream commit | ||
9109 | |||
9110 | remove obsolete comment | ||
9111 | |||
9112 | commit 80c25b7bc0a71d75c43a4575d9a1336f589eb639 | ||
9113 | Author: okan@openbsd.org <okan@openbsd.org> | ||
9114 | Date: Tue Jan 27 12:54:06 2015 +0000 | ||
9115 | |||
9116 | upstream commit | ||
9117 | |||
9118 | Since r1.2 removed the use of PRI* macros, inttypes.h is | ||
9119 | no longer required. | ||
9120 | |||
9121 | ok djm@ | ||
9122 | |||
9123 | commit 69ff64f69615c2a21c97cb5878a0996c21423257 | ||
9124 | Author: Damien Miller <djm@mindrot.org> | ||
9125 | Date: Tue Jan 27 23:07:43 2015 +1100 | ||
9126 | |||
9127 | compile on systems without TCP_MD5SIG (e.g. OSX) | ||
9128 | |||
9129 | commit 358964f3082fb90b2ae15bcab07b6105cfad5a43 | ||
9130 | Author: Damien Miller <djm@mindrot.org> | ||
9131 | Date: Tue Jan 27 23:07:25 2015 +1100 | ||
9132 | |||
9133 | use ssh-keygen under test rather than system's | ||
9134 | |||
9135 | commit a2c95c1bf33ea53038324d1fdd774bc953f98236 | ||
9136 | Author: Damien Miller <djm@mindrot.org> | ||
9137 | Date: Tue Jan 27 23:06:59 2015 +1100 | ||
9138 | |||
9139 | OSX lacks HOST_NAME_MAX, has _POSIX_HOST_NAME_MAX | ||
9140 | |||
9141 | commit ade31d7b6f608a19b85bee29a7a00b1e636a2919 | ||
9142 | Author: Damien Miller <djm@mindrot.org> | ||
9143 | Date: Tue Jan 27 23:06:23 2015 +1100 | ||
9144 | |||
9145 | these need active_state defined to link on OSX | ||
9146 | |||
9147 | temporary measure until active_state goes away entirely | ||
9148 | |||
9149 | commit e56aa87502f22c5844918c10190e8b4f785f067b | ||
9150 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9151 | Date: Tue Jan 27 12:01:36 2015 +0000 | ||
9152 | |||
9153 | upstream commit | ||
9154 | |||
9155 | use printf instead of echo -n to reduce diff against | ||
9156 | -portable | ||
9157 | |||
9158 | commit 9f7637f56eddfaf62ce3c0af89c25480f2cf1068 | ||
9159 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9160 | Date: Mon Jan 26 13:55:29 2015 +0000 | ||
9161 | |||
9162 | upstream commit | ||
9163 | |||
9164 | sort previous; | ||
9165 | |||
9166 | commit 3076ee7d530d5b16842fac7a6229706c7e5acd26 | ||
9167 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9168 | Date: Mon Jan 26 13:36:53 2015 +0000 | ||
9169 | |||
9170 | upstream commit | ||
9171 | |||
9172 | properly restore umask | ||
9173 | |||
9174 | commit d411d395556b73ba1b9e451516a0bd6697c4b03d | ||
9175 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9176 | Date: Mon Jan 26 06:12:18 2015 +0000 | ||
9177 | |||
9178 | upstream commit | ||
9179 | |||
9180 | regression test for host key rotation | ||
9181 | |||
9182 | commit fe8a3a51699afbc6407a8fae59b73349d01e49f8 | ||
9183 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9184 | Date: Mon Jan 26 06:11:28 2015 +0000 | ||
9185 | |||
9186 | upstream commit | ||
9187 | |||
9188 | adapt to sshkey API tweaks | ||
9189 | |||
9190 | commit 7dd355fb1f0038a3d5cdca57ebab4356c7a5b434 | ||
9191 | Author: miod@openbsd.org <miod@openbsd.org> | ||
9192 | Date: Sat Jan 24 10:39:21 2015 +0000 | ||
9193 | |||
9194 | upstream commit | ||
9195 | |||
9196 | Move -lz late in the linker commandline for things to | ||
9197 | build on static arches. | ||
9198 | |||
9199 | commit 0dad3b806fddb93c475b30853b9be1a25d673a33 | ||
9200 | Author: miod@openbsd.org <miod@openbsd.org> | ||
9201 | Date: Fri Jan 23 21:21:23 2015 +0000 | ||
9202 | |||
9203 | upstream commit | ||
9204 | |||
9205 | -Wpointer-sign is supported by gcc 4 only. | ||
9206 | |||
9207 | commit 2b3b1c1e4bd9577b6e780c255c278542ea66c098 | ||
9208 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9209 | Date: Tue Jan 20 22:58:57 2015 +0000 | ||
9210 | |||
9211 | upstream commit | ||
9212 | |||
9213 | use SUBDIR to recuse into unit tests; makes "make obj" | ||
9214 | actually work | ||
9215 | |||
9216 | commit 1d1092bff8db27080155541212b420703f8b9c92 | ||
9217 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9218 | Date: Mon Jan 26 12:16:36 2015 +0000 | ||
9219 | |||
9220 | upstream commit | ||
9221 | |||
9222 | correct description of UpdateHostKeys in ssh_config.5 and | ||
9223 | add it to -o lists for ssh, scp and sftp; pointed out by jmc@ | ||
9224 | |||
9225 | commit 5104db7cbd6cdd9c5971f4358e74414862fc1022 | ||
9226 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9227 | Date: Mon Jan 26 06:10:03 2015 +0000 | ||
9228 | |||
9229 | upstream commit | ||
9230 | |||
9231 | correctly match ECDSA subtype (== curve) for | ||
9232 | offered/recevied host keys. Fixes connection-killing host key mismatches when | ||
9233 | a server offers multiple ECDSA keys with different curve type (an extremely | ||
9234 | unlikely configuration). | ||
9235 | |||
9236 | ok markus, "looks mechanical" deraadt@ | ||
9237 | |||
9238 | commit 8d4f87258f31cb6def9b3b55b6a7321d84728ff2 | ||
9239 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9240 | Date: Mon Jan 26 03:04:45 2015 +0000 | ||
9241 | |||
9242 | upstream commit | ||
9243 | |||
9244 | Host key rotation support. | ||
9245 | |||
9246 | Add a hostkeys@openssh.com protocol extension (global request) for | ||
9247 | a server to inform a client of all its available host key after | ||
9248 | authentication has completed. The client may record the keys in | ||
9249 | known_hosts, allowing it to upgrade to better host key algorithms | ||
9250 | and a server to gracefully rotate its keys. | ||
9251 | |||
9252 | The client side of this is controlled by a UpdateHostkeys config | ||
9253 | option (default on). | ||
9254 | |||
9255 | ok markus@ | ||
9256 | |||
9257 | commit 60b1825262b1f1e24fc72050b907189c92daf18e | ||
9258 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9259 | Date: Mon Jan 26 02:59:11 2015 +0000 | ||
9260 | |||
9261 | upstream commit | ||
9262 | |||
9263 | small refactor and add some convenience functions; ok | ||
9264 | markus | ||
9265 | |||
9266 | commit a5a3e3328ddce91e76f71ff479022d53e35c60c9 | ||
9267 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
9268 | Date: Thu Jan 22 21:00:42 2015 +0000 | ||
9269 | |||
9270 | upstream commit | ||
9271 | |||
9272 | heirarchy -> hierarchy; | ||
9273 | |||
9274 | commit dcff5810a11195c57e1b3343c0d6b6f2b9974c11 | ||
9275 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9276 | Date: Thu Jan 22 20:24:41 2015 +0000 | ||
9277 | |||
9278 | upstream commit | ||
9279 | |||
9280 | Provide a warning about chroot misuses (which sadly, seem | ||
9281 | to have become quite popular because shiny). sshd cannot detect/manage/do | ||
9282 | anything about these cases, best we can do is warn in the right spot in the | ||
9283 | man page. ok markus | ||
9284 | |||
9285 | commit 087266ec33c76fc8d54ac5a19efacf2f4a4ca076 | ||
9286 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9287 | Date: Tue Jan 20 23:14:00 2015 +0000 | ||
9288 | |||
9289 | upstream commit | ||
9290 | |||
9291 | Reduce use of <sys/param.h> and transition to <limits.h> | ||
9292 | throughout. ok djm markus | ||
9293 | |||
9294 | commit 57e783c8ba2c0797f93977e83b2a8644a03065d8 | ||
9295 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9296 | Date: Tue Jan 20 20:16:21 2015 +0000 | ||
9297 | |||
9298 | upstream commit | ||
9299 | |||
9300 | kex_setup errors are fatal() | ||
9301 | |||
9302 | commit 1d6424a6ff94633c221297ae8f42d54e12a20912 | ||
9303 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9304 | Date: Tue Jan 20 08:02:33 2015 +0000 | ||
9305 | |||
9306 | upstream commit | ||
9307 | |||
9308 | this test would accidentally delete agent.sh if run without | ||
9309 | obj/ | ||
9310 | |||
9311 | commit 12b5f50777203e12575f1b08568281e447249ed3 | ||
9312 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9313 | Date: Tue Jan 20 07:56:44 2015 +0000 | ||
9314 | |||
9315 | upstream commit | ||
9316 | |||
9317 | make this compile with KERBEROS5 enabled | ||
9318 | |||
9319 | commit e2cc6bef08941256817d44d146115b3478586ad4 | ||
9320 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9321 | Date: Tue Jan 20 07:55:33 2015 +0000 | ||
9322 | |||
9323 | upstream commit | ||
9324 | |||
9325 | fix hostkeys in agent; ok markus@ | ||
9326 | |||
9327 | commit 1ca3e2155aa5d3801a7ae050f85c71f41fcb95b1 | ||
9328 | Author: Damien Miller <djm@mindrot.org> | ||
9329 | Date: Tue Jan 20 10:11:31 2015 +1100 | ||
9330 | |||
9331 | fix kex test | ||
9332 | |||
9333 | commit c78a578107c7e6dcf5d30a2f34cb6581bef14029 | ||
9334 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9335 | Date: Mon Jan 19 20:45:25 2015 +0000 | ||
9336 | |||
9337 | upstream commit | ||
9338 | |||
9339 | finally enable the KEX tests I wrote some years ago... | ||
9340 | |||
9341 | commit 31821d7217e686667d04935aeec99e1fc4a46e7e | ||
9342 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9343 | Date: Mon Jan 19 20:42:31 2015 +0000 | ||
9344 | |||
9345 | upstream commit | ||
9346 | |||
9347 | adapt to new error message (SSH_ERR_MAC_INVALID) | ||
9348 | |||
9349 | commit d3716ca19e510e95d956ae14d5b367e364bff7f1 | ||
9350 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9351 | Date: Mon Jan 19 17:31:13 2015 +0000 | ||
9352 | |||
9353 | upstream commit | ||
9354 | |||
9355 | this test was broken in at least two ways, such that it | ||
9356 | wasn't checking that a KRL was not excluding valid keys | ||
9357 | |||
9358 | commit 3f797653748e7c2b037dacb57574c01d9ef3b4d3 | ||
9359 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9360 | Date: Mon Jan 19 20:32:39 2015 +0000 | ||
9361 | |||
9362 | upstream commit | ||
9363 | |||
9364 | switch ssh-keyscan from setjmp to multiple ssh transport | ||
9365 | layer instances ok djm@ | ||
9366 | |||
9367 | commit f582f0e917bb0017b00944783cd5f408bf4b0b5e | ||
9368 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9369 | Date: Mon Jan 19 20:30:23 2015 +0000 | ||
9370 | |||
9371 | upstream commit | ||
9372 | |||
9373 | add experimental api for packet layer; ok djm@ | ||
9374 | |||
9375 | commit 48b3b2ba75181f11fca7f327058a591f4426cade | ||
9376 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9377 | Date: Mon Jan 19 20:20:20 2015 +0000 | ||
9378 | |||
9379 | upstream commit | ||
9380 | |||
9381 | store compat flags in struct ssh; ok djm@ | ||
9382 | |||
9383 | commit 57d10cbe861a235dd269c74fb2fe248469ecee9d | ||
9384 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9385 | Date: Mon Jan 19 20:16:15 2015 +0000 | ||
9386 | |||
9387 | upstream commit | ||
9388 | |||
9389 | adapt kex to sshbuf and struct ssh; ok djm@ | ||
9390 | |||
9391 | commit 3fdc88a0def4f86aa88a5846ac079dc964c0546a | ||
9392 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9393 | Date: Mon Jan 19 20:07:45 2015 +0000 | ||
9394 | |||
9395 | upstream commit | ||
9396 | |||
9397 | move dispatch to struct ssh; ok djm@ | ||
9398 | |||
9399 | commit 091c302829210c41e7f57c3f094c7b9c054306f0 | ||
9400 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9401 | Date: Mon Jan 19 19:52:16 2015 +0000 | ||
9402 | |||
9403 | upstream commit | ||
9404 | |||
9405 | update packet.c & isolate, introduce struct ssh a) switch | ||
9406 | packet.c to buffer api and isolate per-connection info into struct ssh b) | ||
9407 | (de)serialization of the state is moved from monitor to packet.c c) the old | ||
9408 | packet.c API is implemented in opacket.[ch] d) compress.c/h is removed and | ||
9409 | integrated into packet.c with and ok djm@ | ||
9410 | |||
9411 | commit 4e62cc68ce4ba20245d208b252e74e91d3785b74 | ||
9412 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9413 | Date: Mon Jan 19 17:35:48 2015 +0000 | ||
9414 | |||
9415 | upstream commit | ||
9416 | |||
9417 | fix format strings in (disabled) debugging | ||
9418 | |||
9419 | commit d85e06245907d49a2cd0cfa0abf59150ad616f42 | ||
9420 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9421 | Date: Mon Jan 19 06:01:32 2015 +0000 | ||
9422 | |||
9423 | upstream commit | ||
9424 | |||
9425 | be a bit more careful in these tests to ensure that | ||
9426 | known_hosts is clean | ||
9427 | |||
9428 | commit 7947810eab5fe0ad311f32a48f4d4eb1f71be6cf | ||
9429 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9430 | Date: Sun Jan 18 22:00:18 2015 +0000 | ||
9431 | |||
9432 | upstream commit | ||
9433 | |||
9434 | regression test for known_host file editing using | ||
9435 | ssh-keygen (-H / -R / -F) after hostkeys_foreach() change; feedback and ok | ||
9436 | markus@ | ||
9437 | |||
9438 | commit 3a2b09d147a565d8a47edf37491e149a02c0d3a3 | ||
9439 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9440 | Date: Sun Jan 18 19:54:46 2015 +0000 | ||
9441 | |||
9442 | upstream commit | ||
9443 | |||
9444 | more and better key tests | ||
9445 | |||
9446 | test signatures and verification | ||
9447 | test certificate generation | ||
9448 | flesh out nested cert test | ||
9449 | |||
9450 | removes most of the XXX todo markers | ||
9451 | |||
9452 | commit 589e69fd82724cfc9738f128e4771da2e6405d0d | ||
9453 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9454 | Date: Sun Jan 18 19:53:58 2015 +0000 | ||
9455 | |||
9456 | upstream commit | ||
9457 | |||
9458 | make the signature fuzzing test much more rigorous: | ||
9459 | ensure that the fuzzed input cases do not match the original (using new | ||
9460 | fuzz_matches_original() function) and check that the verification fails in | ||
9461 | each case | ||
9462 | |||
9463 | commit 80603c0daa2538c349c1c152405580b164d5475f | ||
9464 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9465 | Date: Sun Jan 18 19:52:44 2015 +0000 | ||
9466 | |||
9467 | upstream commit | ||
9468 | |||
9469 | add a fuzz_matches_original() function to the fuzzer to | ||
9470 | detect fuzz cases that are identical to the original data. Hacky | ||
9471 | implementation, but very useful when you need the fuzz to be different, e.g. | ||
9472 | when verifying signature | ||
9473 | |||
9474 | commit 87d5495bd337e358ad69c524fcb9495208c0750b | ||
9475 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9476 | Date: Sun Jan 18 19:50:55 2015 +0000 | ||
9477 | |||
9478 | upstream commit | ||
9479 | |||
9480 | better dumps from the fuzzer (shown on errors) - | ||
9481 | include the original data as well as the fuzzed copy. | ||
9482 | |||
9483 | commit d59ec478c453a3fff05badbbfd96aa856364f2c2 | ||
9484 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9485 | Date: Sun Jan 18 19:47:55 2015 +0000 | ||
9486 | |||
9487 | upstream commit | ||
9488 | |||
9489 | enable hostkey-agent.sh test | ||
9490 | |||
9491 | commit 26b3425170bf840e4b095e1c10bf25a0a3e3a105 | ||
9492 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9493 | Date: Sat Jan 17 18:54:30 2015 +0000 | ||
9494 | |||
9495 | upstream commit | ||
9496 | |||
9497 | unit test for hostkeys in ssh-agent | ||
9498 | |||
9499 | commit 9e06a0fb23ec55d9223b26a45bb63c7649e2f2f2 | ||
9500 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9501 | Date: Thu Jan 15 23:41:29 2015 +0000 | ||
9502 | |||
9503 | upstream commit | ||
9504 | |||
9505 | add kex unit tests | ||
9506 | |||
9507 | commit d2099dec6da21ae627f6289aedae6bc1d41a22ce | ||
9508 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9509 | Date: Mon Jan 19 00:32:54 2015 +0000 | ||
9510 | |||
9511 | upstream commit | ||
9512 | |||
9513 | djm, your /usr/include tree is old | ||
9514 | |||
9515 | commit 2b3c3c76c30dc5076fe09d590f5b26880f148a54 | ||
9516 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9517 | Date: Sun Jan 18 21:51:19 2015 +0000 | ||
9518 | |||
9519 | upstream commit | ||
9520 | |||
9521 | some feedback from markus@: comment hostkeys_foreach() | ||
9522 | context and avoid a member in it. | ||
9523 | |||
9524 | commit cecb30bc2ba6d594366e657d664d5c494b6c8a7f | ||
9525 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9526 | Date: Sun Jan 18 21:49:42 2015 +0000 | ||
9527 | |||
9528 | upstream commit | ||
9529 | |||
9530 | make ssh-keygen use hostkeys_foreach(). Removes some | ||
9531 | horrendous code; ok markus@ | ||
9532 | |||
9533 | commit ec3d065df3a9557ea96b02d061fd821a18c1a0b9 | ||
9534 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9535 | Date: Sun Jan 18 21:48:09 2015 +0000 | ||
9536 | |||
9537 | upstream commit | ||
9538 | |||
9539 | convert load_hostkeys() (hostkey ordering and | ||
9540 | known_host matching) to use the new hostkey_foreach() iterator; ok markus | ||
9541 | |||
9542 | commit c29811cc480a260e42fd88849fc86a80c1e91038 | ||
9543 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9544 | Date: Sun Jan 18 21:40:23 2015 +0000 | ||
9545 | |||
9546 | upstream commit | ||
9547 | |||
9548 | introduce hostkeys_foreach() to allow iteration over a | ||
9549 | known_hosts file or controlled subset thereof. This will allow us to pull out | ||
9550 | some ugly and duplicated code, and will be used to implement hostkey rotation | ||
9551 | later. | ||
9552 | |||
9553 | feedback and ok markus | ||
9554 | |||
9555 | commit f101d8291da01bbbfd6fb8c569cfd0cc61c0d346 | ||
9556 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9557 | Date: Sun Jan 18 14:01:00 2015 +0000 | ||
9558 | |||
9559 | upstream commit | ||
9560 | |||
9561 | string truncation due to sizeof(size) ok djm markus | ||
9562 | |||
9563 | commit 35d6022b55b7969fc10c261cb6aa78cc4a5fcc41 | ||
9564 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9565 | Date: Sun Jan 18 13:33:34 2015 +0000 | ||
9566 | |||
9567 | upstream commit | ||
9568 | |||
9569 | avoid trailing ',' in host key algorithms | ||
9570 | |||
9571 | commit 7efb455789a0cb76bdcdee91c6060a3dc8f5c007 | ||
9572 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9573 | Date: Sun Jan 18 13:22:28 2015 +0000 | ||
9574 | |||
9575 | upstream commit | ||
9576 | |||
9577 | infer key length correctly when user specified a fully- | ||
9578 | qualified key name instead of using the -b bits option; ok markus@ | ||
9579 | |||
9580 | commit 83f8ffa6a55ccd0ce9d8a205e3e7439ec18fedf5 | ||
9581 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9582 | Date: Sat Jan 17 18:53:34 2015 +0000 | ||
9583 | |||
9584 | upstream commit | ||
9585 | |||
9586 | fix hostkeys on ssh agent; found by unit test I'm about | ||
9587 | to commit | ||
9588 | |||
9589 | commit 369d61f17657b814124268f99c033e4dc6e436c1 | ||
9590 | Author: schwarze@openbsd.org <schwarze@openbsd.org> | ||
9591 | Date: Fri Jan 16 16:20:23 2015 +0000 | ||
9592 | |||
9593 | upstream commit | ||
9594 | |||
9595 | garbage collect empty .No macros mandoc warns about | ||
9596 | |||
9597 | commit bb8b442d32dbdb8521d610e10d8b248d938bd747 | ||
9598 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9599 | Date: Fri Jan 16 15:55:07 2015 +0000 | ||
9600 | |||
9601 | upstream commit | ||
9602 | |||
9603 | regression: incorrect error message on | ||
9604 | otherwise-successful ssh-keygen -A. Reported by Dmitry Orlov, via deraadt@ | ||
9605 | |||
9606 | commit 9010902954a40b59d0bf3df3ccbc3140a653e2bc | ||
9607 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9608 | Date: Fri Jan 16 07:19:48 2015 +0000 | ||
9609 | |||
9610 | upstream commit | ||
9611 | |||
9612 | when hostname canonicalisation is enabled, try to parse | ||
9613 | hostnames as addresses before looking them up for canonicalisation. fixes | ||
9614 | bz#2074 and avoids needless DNS lookups in some cases; ok markus | ||
9615 | |||
9616 | commit 2ae4f337b2a5fb2841b6b0053b49496fef844d1c | ||
9617 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9618 | Date: Fri Jan 16 06:40:12 2015 +0000 | ||
9619 | |||
9620 | upstream commit | ||
9621 | |||
9622 | Replace <sys/param.h> with <limits.h> and other less | ||
9623 | dirty headers where possible. Annotate <sys/param.h> lines with their | ||
9624 | current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, | ||
9625 | LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of | ||
9626 | MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. | ||
9627 | These are the files confirmed through binary verification. ok guenther, | ||
9628 | millert, doug (helped with the verification protocol) | ||
9629 | |||
9630 | commit 3c4726f4c24118e8f1bb80bf75f1456c76df072c | ||
9631 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9632 | Date: Thu Jan 15 21:38:50 2015 +0000 | ||
9633 | |||
9634 | upstream commit | ||
9635 | |||
9636 | remove xmalloc, switch to sshbuf | ||
9637 | |||
9638 | commit e17ac01f8b763e4b83976b9e521e90a280acc097 | ||
9639 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9640 | Date: Thu Jan 15 21:37:14 2015 +0000 | ||
9641 | |||
9642 | upstream commit | ||
9643 | |||
9644 | switch to sshbuf | ||
9645 | |||
9646 | commit ddef9995a1fa6c7a8ff3b38bfe6cf724bebf13d0 | ||
9647 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9648 | Date: Thu Jan 15 18:32:54 2015 +0000 | ||
9649 | |||
9650 | upstream commit | ||
9651 | |||
9652 | handle UMAC128 initialization like UMAC; ok djm@ markus@ | ||
9653 | |||
9654 | commit f14564c1f7792446bca143580aef0e7ac25dcdae | ||
9655 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9656 | Date: Thu Jan 15 11:04:36 2015 +0000 | ||
9657 | |||
9658 | upstream commit | ||
9659 | |||
9660 | fix regression reported by brad@ for passworded keys without | ||
9661 | agent present | ||
9662 | |||
9663 | commit 45c0fd70bb2a88061319dfff20cb12ef7b1bc47e | ||
9664 | Author: Damien Miller <djm@mindrot.org> | ||
9665 | Date: Thu Jan 15 22:08:23 2015 +1100 | ||
9666 | |||
9667 | make bitmap test compile | ||
9668 | |||
9669 | commit d333f89abf7179021e5c3f28673f469abe032062 | ||
9670 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9671 | Date: Thu Jan 15 07:36:28 2015 +0000 | ||
9672 | |||
9673 | upstream commit | ||
9674 | |||
9675 | unit tests for KRL bitmap | ||
9676 | |||
9677 | commit 7613f828f49c55ff356007ae9645038ab6682556 | ||
9678 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9679 | Date: Wed Jan 14 09:58:21 2015 +0000 | ||
9680 | |||
9681 | upstream commit | ||
9682 | |||
9683 | re-add comment about full path | ||
9684 | |||
9685 | commit 6c43b48b307c41cd656b415621a644074579a578 | ||
9686 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9687 | Date: Wed Jan 14 09:54:38 2015 +0000 | ||
9688 | |||
9689 | upstream commit | ||
9690 | |||
9691 | don't reset to the installed sshd; connect before | ||
9692 | reconfigure, too | ||
9693 | |||
9694 | commit 771bb47a1df8b69061f09462e78aa0b66cd594bf | ||
9695 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9696 | Date: Tue Jan 13 14:51:51 2015 +0000 | ||
9697 | |||
9698 | upstream commit | ||
9699 | |||
9700 | implement a SIGINFO handler so we can discern a stuck | ||
9701 | fuzz test from a merely glacial one; prompted by and ok markus | ||
9702 | |||
9703 | commit cfaa57962f8536f3cf0fd7daf4d6a55d6f6de45f | ||
9704 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9705 | Date: Tue Jan 13 08:23:26 2015 +0000 | ||
9706 | |||
9707 | upstream commit | ||
9708 | |||
9709 | use $SSH instead of installed ssh to allow override; | ||
9710 | spotted by markus@ | ||
9711 | |||
9712 | commit 0920553d0aee117a596b03ed5b49b280d34a32c5 | ||
9713 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9714 | Date: Tue Jan 13 07:49:49 2015 +0000 | ||
9715 | |||
9716 | upstream commit | ||
9717 | |||
9718 | regress test for PubkeyAcceptedKeyTypes; ok markus@ | ||
9719 | |||
9720 | commit 27ca1a5c0095eda151934bca39a77e391f875d17 | ||
9721 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9722 | Date: Mon Jan 12 20:13:27 2015 +0000 | ||
9723 | |||
9724 | upstream commit | ||
9725 | |||
9726 | unbreak parsing of pubkey comments; with gerhard; ok | ||
9727 | djm/deraadt | ||
9728 | |||
9729 | commit 55358f0b4e0b83bc0df81c5f854c91b11e0bb4dc | ||
9730 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9731 | Date: Mon Jan 12 11:46:32 2015 +0000 | ||
9732 | |||
9733 | upstream commit | ||
9734 | |||
9735 | fatal if soft-PKCS11 library is missing rather (rather | ||
9736 | than continue and fail with a more cryptic error) | ||
9737 | |||
9738 | commit c3554cdd2a1a62434b8161017aa76fa09718a003 | ||
9739 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9740 | Date: Mon Jan 12 11:12:38 2015 +0000 | ||
9741 | |||
9742 | upstream commit | ||
9743 | |||
9744 | let this test all supporte key types; pointed out/ok | ||
9745 | markus@ | ||
9746 | |||
9747 | commit 1129dcfc5a3e508635004bcc05a3574cb7687167 | ||
9748 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9749 | Date: Thu Jan 15 09:40:00 2015 +0000 | ||
9750 | |||
9751 | upstream commit | ||
9752 | |||
9753 | sync ssh-keysign, ssh-keygen and some dependencies to the | ||
9754 | new buffer/key API; mostly mechanical, ok markus@ | ||
9755 | |||
9756 | commit e4ebf5586452bf512da662ac277aaf6ecf0efe7c | ||
9757 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9758 | Date: Thu Jan 15 07:57:08 2015 +0000 | ||
9759 | |||
9760 | upstream commit | ||
9761 | |||
9762 | remove commented-out test code now that it has moved to a | ||
9763 | proper unit test | ||
9764 | |||
9765 | commit e81cba066c1e9eb70aba0f6e7c0ff220611b370f | ||
9766 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9767 | Date: Wed Jan 14 20:54:29 2015 +0000 | ||
9768 | |||
9769 | upstream commit | ||
9770 | |||
9771 | whitespace | ||
9772 | |||
9773 | commit 141efe49542f7156cdbc2e4cd0a041d8b1aab622 | ||
9774 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9775 | Date: Wed Jan 14 20:05:27 2015 +0000 | ||
9776 | |||
9777 | upstream commit | ||
9778 | |||
9779 | move authfd.c and its tentacles to the new buffer/key | ||
9780 | API; ok markus@ | ||
9781 | |||
9782 | commit 0088c57af302cda278bd26d8c3ae81d5b6f7c289 | ||
9783 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9784 | Date: Wed Jan 14 19:33:41 2015 +0000 | ||
9785 | |||
9786 | upstream commit | ||
9787 | |||
9788 | fix small regression: ssh-agent would return a success | ||
9789 | message but an empty signature if asked to sign using an unknown key; ok | ||
9790 | markus@ | ||
9791 | |||
9792 | commit b03ebe2c22b8166e4f64c37737f4278676e3488d | ||
9793 | Author: Damien Miller <djm@mindrot.org> | ||
9794 | Date: Thu Jan 15 03:08:58 2015 +1100 | ||
9795 | |||
9796 | more --without-openssl | ||
9797 | |||
9798 | fix some regressions caused by upstream merges | ||
9799 | |||
9800 | enable KRLs now that they no longer require BIGNUMs | ||
9801 | |||
9802 | commit bc42cc6fe784f36df225c44c93b74830027cb5a2 | ||
9803 | Author: Damien Miller <djm@mindrot.org> | ||
9804 | Date: Thu Jan 15 03:08:29 2015 +1100 | ||
9805 | |||
9806 | kludge around tun API mismatch betterer | ||
9807 | |||
9808 | commit c332110291089b624fa0951fbf2d1ee6de525b9f | ||
9809 | Author: Damien Miller <djm@mindrot.org> | ||
9810 | Date: Thu Jan 15 02:59:51 2015 +1100 | ||
9811 | |||
9812 | some systems lack SO_REUSEPORT | ||
9813 | |||
9814 | commit 83b9678a62cbdc74eb2031cf1e1e4ffd58e233ae | ||
9815 | Author: Damien Miller <djm@mindrot.org> | ||
9816 | Date: Thu Jan 15 02:35:50 2015 +1100 | ||
9817 | |||
9818 | fix merge botch | ||
9819 | |||
9820 | commit 0cdc5a3eb6fb383569a4da2a30705d9b90428d6b | ||
9821 | Author: Damien Miller <djm@mindrot.org> | ||
9822 | Date: Thu Jan 15 02:35:33 2015 +1100 | ||
9823 | |||
9824 | unbreak across API change | ||
9825 | |||
9826 | commit 6e2549ac2b5e7f96cbc2d83a6e0784b120444b47 | ||
9827 | Author: Damien Miller <djm@mindrot.org> | ||
9828 | Date: Thu Jan 15 02:30:18 2015 +1100 | ||
9829 | |||
9830 | need includes.h for portable OpenSSH | ||
9831 | |||
9832 | commit 72ef7c148c42db7d5632a29f137f8b87b579f2d9 | ||
9833 | Author: Damien Miller <djm@mindrot.org> | ||
9834 | Date: Thu Jan 15 02:21:31 2015 +1100 | ||
9835 | |||
9836 | support --without-openssl at configure time | ||
9837 | |||
9838 | Disables and removes dependency on OpenSSL. Many features don't | ||
9839 | work and the set of crypto options is greatly restricted. This | ||
9840 | will only work on system with native arc4random or /dev/urandom. | ||
9841 | |||
9842 | Considered highly experimental for now. | ||
9843 | |||
9844 | commit 4f38c61c68ae7e3f9ee4b3c38bc86cd39f65ece9 | ||
9845 | Author: Damien Miller <djm@mindrot.org> | ||
9846 | Date: Thu Jan 15 02:28:00 2015 +1100 | ||
9847 | |||
9848 | add files missed in last commit | ||
9849 | |||
9850 | commit a165bab605f7be55940bb8fae977398e8c96a46d | ||
9851 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9852 | Date: Wed Jan 14 15:02:39 2015 +0000 | ||
9853 | |||
9854 | upstream commit | ||
9855 | |||
9856 | avoid BIGNUM in KRL code by using a simple bitmap; | ||
9857 | feedback and ok markus | ||
9858 | |||
9859 | commit 7d845f4a0b7ec97887be204c3760e44de8bf1f32 | ||
9860 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9861 | Date: Wed Jan 14 13:54:13 2015 +0000 | ||
9862 | |||
9863 | upstream commit | ||
9864 | |||
9865 | update sftp client and server to new buffer API. pretty | ||
9866 | much just mechanical changes; with & ok markus | ||
9867 | |||
9868 | commit 139ca81866ec1b219c717d17061e5e7ad1059e2a | ||
9869 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9870 | Date: Wed Jan 14 13:09:09 2015 +0000 | ||
9871 | |||
9872 | upstream commit | ||
9873 | |||
9874 | switch to sshbuf/sshkey; with & ok djm@ | ||
9875 | |||
9876 | commit 81bfbd0bd35683de5d7f2238b985e5f8150a9180 | ||
9877 | Author: Damien Miller <djm@mindrot.org> | ||
9878 | Date: Wed Jan 14 21:48:18 2015 +1100 | ||
9879 | |||
9880 | support --without-openssl at configure time | ||
9881 | |||
9882 | Disables and removes dependency on OpenSSL. Many features don't | ||
9883 | work and the set of crypto options is greatly restricted. This | ||
9884 | will only work on system with native arc4random or /dev/urandom. | ||
9885 | |||
9886 | Considered highly experimental for now. | ||
9887 | |||
9888 | commit 54924b53af15ccdcbb9f89984512b5efef641a31 | ||
9889 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9890 | Date: Wed Jan 14 10:46:28 2015 +0000 | ||
9891 | |||
9892 | upstream commit | ||
9893 | |||
9894 | avoid an warning for the !OPENSSL case | ||
9895 | |||
9896 | commit ae8b463217f7c9b66655bfc3945c050ffdaeb861 | ||
9897 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9898 | Date: Wed Jan 14 10:30:34 2015 +0000 | ||
9899 | |||
9900 | upstream commit | ||
9901 | |||
9902 | swith auth-options to new sshbuf/sshkey; ok djm@ | ||
9903 | |||
9904 | commit 540e891191b98b89ee90aacf5b14a4a68635e763 | ||
9905 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9906 | Date: Wed Jan 14 10:29:45 2015 +0000 | ||
9907 | |||
9908 | upstream commit | ||
9909 | |||
9910 | make non-OpenSSL aes-ctr work on sshd w/ privsep; ok | ||
9911 | markus@ | ||
9912 | |||
9913 | commit 60c2c4ea5e1ad0ddfe8b2877b78ed5143be79c53 | ||
9914 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9915 | Date: Wed Jan 14 10:24:42 2015 +0000 | ||
9916 | |||
9917 | upstream commit | ||
9918 | |||
9919 | remove unneeded includes, sync my copyright across files | ||
9920 | & whitespace; ok djm@ | ||
9921 | |||
9922 | commit 128343bcdb0b60fc826f2733df8cf979ec1627b4 | ||
9923 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9924 | Date: Tue Jan 13 19:31:40 2015 +0000 | ||
9925 | |||
9926 | upstream commit | ||
9927 | |||
9928 | adapt mac.c to ssherr.h return codes (de-fatal) and | ||
9929 | simplify dependencies ok djm@ | ||
9930 | |||
9931 | commit e7fd952f4ea01f09ceb068721a5431ac2fd416ed | ||
9932 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9933 | Date: Tue Jan 13 19:04:35 2015 +0000 | ||
9934 | |||
9935 | upstream commit | ||
9936 | |||
9937 | sync changes from libopenssh; prepared by markus@ mostly | ||
9938 | debug output tweaks, a couple of error return value changes and some other | ||
9939 | minor stuff | ||
9940 | |||
9941 | commit 76c0480a85675f03a1376167cb686abed01a3583 | ||
9942 | Author: Damien Miller <djm@mindrot.org> | ||
9943 | Date: Tue Jan 13 19:38:18 2015 +1100 | ||
9944 | |||
9945 | add --without-ssh1 option to configure | ||
9946 | |||
9947 | Allows disabling support for SSH protocol 1. | ||
9948 | |||
9949 | commit 1f729f0614d1376c3332fa1edb6a5e5cec7e9e03 | ||
9950 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9951 | Date: Tue Jan 13 07:39:19 2015 +0000 | ||
9952 | |||
9953 | upstream commit | ||
9954 | |||
9955 | add sshd_config HostbasedAcceptedKeyTypes and | ||
9956 | PubkeyAcceptedKeyTypes options to allow sshd to control what public key types | ||
9957 | will be accepted. Currently defaults to all. Feedback & ok markus@ | ||
9958 | |||
9959 | commit 816d1538c24209a93ba0560b27c4fda57c3fff65 | ||
9960 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9961 | Date: Mon Jan 12 20:13:27 2015 +0000 | ||
9962 | |||
9963 | upstream commit | ||
9964 | |||
9965 | unbreak parsing of pubkey comments; with gerhard; ok | ||
9966 | djm/deraadt | ||
9967 | |||
9968 | commit 0097565f849851812df610b7b6b3c4bd414f6c62 | ||
9969 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9970 | Date: Mon Jan 12 19:22:46 2015 +0000 | ||
9971 | |||
9972 | upstream commit | ||
9973 | |||
9974 | missing error assigment on sshbuf_put_string() | ||
9975 | |||
9976 | commit a7f49dcb527dd17877fcb8d5c3a9a6f550e0bba5 | ||
9977 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9978 | Date: Mon Jan 12 15:18:07 2015 +0000 | ||
9979 | |||
9980 | upstream commit | ||
9981 | |||
9982 | apparently memcpy(x, NULL, 0) is undefined behaviour | ||
9983 | according to C99 (cf. sections 7.21.1 and 7.1.4), so check skip memcpy calls | ||
9984 | when length==0; ok markus@ | ||
9985 | |||
9986 | commit 905fe30fca82f38213763616d0d26eb6790bde33 | ||
9987 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9988 | Date: Mon Jan 12 14:05:19 2015 +0000 | ||
9989 | |||
9990 | upstream commit | ||
9991 | |||
9992 | free->sshkey_free; ok djm@ | ||
9993 | |||
9994 | commit f067cca2bc20c86b110174c3fef04086a7f57b13 | ||
9995 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9996 | Date: Mon Jan 12 13:29:27 2015 +0000 | ||
9997 | |||
9998 | upstream commit | ||
9999 | |||
10000 | allow WITH_OPENSSL w/o WITH_SSH1; ok djm@ | ||
10001 | |||
10002 | commit c4bfafcc2a9300d9cfb3c15e75572d3a7d74670d | ||
10003 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10004 | Date: Thu Jan 8 13:10:58 2015 +0000 | ||
10005 | |||
10006 | upstream commit | ||
10007 | |||
10008 | adjust for sshkey_load_file() API change | ||
10009 | |||
10010 | commit e752c6d547036c602b89e9e704851463bd160e32 | ||
10011 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10012 | Date: Thu Jan 8 13:44:36 2015 +0000 | ||
10013 | |||
10014 | upstream commit | ||
10015 | |||
10016 | fix ssh_config FingerprintHash evaluation order; from Petr | ||
10017 | Lautrbach | ||
10018 | |||
10019 | commit ab24ab847b0fc94c8d5e419feecff0bcb6d6d1bf | ||
10020 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10021 | Date: Thu Jan 8 10:15:45 2015 +0000 | ||
10022 | |||
10023 | upstream commit | ||
10024 | |||
10025 | reorder hostbased key attempts to better match the | ||
10026 | default hostkey algorithms order in myproposal.h; ok markus@ | ||
10027 | |||
10028 | commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46 | ||
10029 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10030 | Date: Thu Jan 8 10:14:08 2015 +0000 | ||
10031 | |||
10032 | upstream commit | ||
10033 | |||
10034 | deprecate key_load_private_pem() and | ||
10035 | sshkey_load_private_pem() interfaces. Refactor the generic key loading API to | ||
10036 | not require pathnames to be specified (they weren't really used). | ||
10037 | |||
10038 | Fixes a few other things en passant: | ||
10039 | |||
10040 | Makes ed25519 keys work for hostbased authentication (ssh-keysign | ||
10041 | previously used the PEM-only routines). | ||
10042 | |||
10043 | Fixes key comment regression bz#2306: key pathnames were being lost as | ||
10044 | comment fields. | ||
10045 | |||
10046 | ok markus@ | ||
10047 | |||
10048 | commit febbe09e4e9aff579b0c5cc1623f756862e4757d | ||
10049 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
10050 | Date: Wed Jan 7 18:15:07 2015 +0000 | ||
10051 | |||
10052 | upstream commit | ||
10053 | |||
10054 | workaround for the Meyer, et al, Bleichenbacher Side | ||
10055 | Channel Attack. fake up a bignum key before RSA decryption. discussed/ok djm | ||
10056 | markus | ||
10057 | |||
10058 | commit 5191df927db282d3123ca2f34a04d8d96153911a | ||
10059 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10060 | Date: Tue Dec 23 22:42:48 2014 +0000 | ||
10061 | |||
10062 | upstream commit | ||
10063 | |||
10064 | KNF and add a little more debug() | ||
10065 | |||
10066 | commit 8abd80315d3419b20e6938f74d37e2e2b547f0b7 | ||
10067 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10068 | Date: Mon Dec 22 09:26:31 2014 +0000 | ||
10069 | |||
10070 | upstream commit | ||
10071 | |||
10072 | add fingerprinthash to the options list; | ||
10073 | |||
10074 | commit 296ef0560f60980da01d83b9f0e1a5257826536f | ||
10075 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10076 | Date: Mon Dec 22 09:24:59 2014 +0000 | ||
10077 | |||
10078 | upstream commit | ||
10079 | |||
10080 | tweak previous; | ||
10081 | |||
10082 | commit 462082eacbd37778a173afb6b84c6f4d898a18b5 | ||
10083 | Author: Damien Miller <djm@google.com> | ||
10084 | Date: Tue Dec 30 08:16:11 2014 +1100 | ||
10085 | |||
10086 | avoid uninitialised free of ldns_res | ||
10087 | |||
10088 | If an invalid rdclass was passed to getrrsetbyname() then | ||
10089 | this would execute a free on an uninitialised pointer. | ||
10090 | OpenSSH only ever calls this with a fixed and valid rdclass. | ||
10091 | |||
10092 | Reported by Joshua Rogers | ||
10093 | |||
10094 | commit 01b63498801053f131a0740eb9d13faf35d636c8 | ||
10095 | Author: Damien Miller <djm@google.com> | ||
10096 | Date: Mon Dec 29 18:10:18 2014 +1100 | ||
10097 | |||
10098 | pull updated OpenBSD BCrypt PBKDF implementation | ||
10099 | |||
10100 | Includes fix for 1 byte output overflow for large key length | ||
10101 | requests (not reachable in OpenSSH). | ||
10102 | |||
10103 | Pointed out by Joshua Rogers | ||
10104 | |||
10105 | commit c528c1b4af2f06712177b3de9b30705752f7cbcb | ||
10106 | Author: Damien Miller <djm@google.com> | ||
10107 | Date: Tue Dec 23 15:26:13 2014 +1100 | ||
10108 | |||
10109 | fix variable name for IPv6 case in construct_utmpx | ||
10110 | |||
10111 | patch from writeonce AT midipix.org via bz#2296 | ||
10112 | |||
10113 | commit 293cac52dcda123244b2e594d15592e5e481c55e | ||
10114 | Author: Damien Miller <djm@google.com> | ||
10115 | Date: Mon Dec 22 16:30:42 2014 +1100 | ||
10116 | |||
10117 | include and use OpenBSD netcat in regress/ | ||
10118 | |||
10119 | commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d | ||
10120 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10121 | Date: Mon Dec 22 09:05:17 2014 +0000 | ||
10122 | |||
10123 | upstream commit | ||
10124 | |||
10125 | mention ssh -Q feature to list supported { MAC, cipher, | ||
10126 | KEX, key } algorithms in more places and include the query string used to | ||
10127 | list the relevant information; bz#2288 | ||
10128 | |||
10129 | commit 449e11b4d7847079bd0a2daa6e3e7ea03d8ef700 | ||
10130 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10131 | Date: Mon Dec 22 08:24:17 2014 +0000 | ||
10132 | |||
10133 | upstream commit | ||
10134 | |||
10135 | tweak previous; | ||
10136 | |||
10137 | commit 4bea0ab3290c0b9dd2aa199e932de8e7e18062d6 | ||
10138 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10139 | Date: Mon Dec 22 08:06:03 2014 +0000 | ||
10140 | |||
10141 | upstream commit | ||
10142 | |||
10143 | regression test for multiple required pubkey authentication; | ||
10144 | ok markus@ | ||
10145 | |||
10146 | commit f1c4d8ec52158b6f57834b8cd839605b0a33e7f2 | ||
10147 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10148 | Date: Mon Dec 22 08:04:23 2014 +0000 | ||
10149 | |||
10150 | upstream commit | ||
10151 | |||
10152 | correct description of what will happen when a | ||
10153 | AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser is not (sshd | ||
10154 | will refuse to start) | ||
10155 | |||
10156 | commit 161cf419f412446635013ac49e8c660cadc36080 | ||
10157 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10158 | Date: Mon Dec 22 07:55:51 2014 +0000 | ||
10159 | |||
10160 | upstream commit | ||
10161 | |||
10162 | make internal handling of filename arguments of "none" | ||
10163 | more consistent with ssh. "none" arguments are now replaced with NULL when | ||
10164 | the configuration is finalised. | ||
10165 | |||
10166 | Simplifies checking later on (just need to test not-NULL rather than | ||
10167 | that + strcmp) and cleans up some inconsistencies. ok markus@ | ||
10168 | |||
10169 | commit f69b69b8625be447b8826b21d87713874dac25a6 | ||
10170 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10171 | Date: Mon Dec 22 07:51:30 2014 +0000 | ||
10172 | |||
10173 | upstream commit | ||
10174 | |||
10175 | remember which public keys have been used for | ||
10176 | authentication and refuse to accept previously-used keys. | ||
10177 | |||
10178 | This allows AuthenticationMethods=publickey,publickey to require | ||
10179 | that users authenticate using two _different_ pubkeys. | ||
10180 | |||
10181 | ok markus@ | ||
10182 | |||
10183 | commit 46ac2ed4677968224c4ca825bc98fc68dae183f0 | ||
10184 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10185 | Date: Mon Dec 22 07:24:11 2014 +0000 | ||
10186 | |||
10187 | upstream commit | ||
10188 | |||
10189 | fix passing of wildcard forward bind addresses when | ||
10190 | connection multiplexing is in use; patch from Sami Hartikainen via bz#2324; | ||
10191 | ok dtucker@ | ||
10192 | |||
10193 | commit 0d1b241a262e4d0a6bbfdd595489ab1b853c43a1 | ||
10194 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10195 | Date: Mon Dec 22 06:14:29 2014 +0000 | ||
10196 | |||
10197 | upstream commit | ||
10198 | |||
10199 | make this slightly easier to diff against portable | ||
10200 | |||
10201 | commit 0715bcdddbf68953964058f17255bf54734b8737 | ||
10202 | Author: Damien Miller <djm@mindrot.org> | ||
10203 | Date: Mon Dec 22 13:47:07 2014 +1100 | ||
10204 | |||
10205 | add missing regress output file | ||
10206 | |||
10207 | commit 1e30483c8ad2c2f39445d4a4b6ab20c241e40593 | ||
10208 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10209 | Date: Mon Dec 22 02:15:52 2014 +0000 | ||
10210 | |||
10211 | upstream commit | ||
10212 | |||
10213 | adjust for new SHA256 key fingerprints and | ||
10214 | slightly-different MD5 hex fingerprint format | ||
10215 | |||
10216 | commit 6b40567ed722df98593ad8e6a2d2448fc2b4b151 | ||
10217 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10218 | Date: Mon Dec 22 01:14:49 2014 +0000 | ||
10219 | |||
10220 | upstream commit | ||
10221 | |||
10222 | poll changes to netcat (usr.bin/netcat.c r1.125) broke | ||
10223 | this test; fix it by ensuring more stdio fds are sent to devnull | ||
10224 | |||
10225 | commit a5375ccb970f49dddf7d0ef63c9b713ede9e7260 | ||
10226 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10227 | Date: Sun Dec 21 23:35:14 2014 +0000 | ||
10228 | |||
10229 | upstream commit | ||
10230 | |||
10231 | tweak previous; | ||
10232 | |||
10233 | commit b79efde5c3badf5ce4312fe608d8307eade533c5 | ||
10234 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10235 | Date: Sun Dec 21 23:12:42 2014 +0000 | ||
10236 | |||
10237 | upstream commit | ||
10238 | |||
10239 | document FingerprintHash here too | ||
10240 | |||
10241 | commit d16bdd8027dd116afa01324bb071a4016cdc1a75 | ||
10242 | Author: Damien Miller <djm@mindrot.org> | ||
10243 | Date: Mon Dec 22 10:18:09 2014 +1100 | ||
10244 | |||
10245 | missing include for base64 encoding | ||
10246 | |||
10247 | commit 56d1c83cdd1ac76f1c6bd41e01e80dad834f3994 | ||
10248 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10249 | Date: Sun Dec 21 22:27:55 2014 +0000 | ||
10250 | |||
10251 | upstream commit | ||
10252 | |||
10253 | Add FingerprintHash option to control algorithm used for | ||
10254 | key fingerprints. Default changes from MD5 to SHA256 and format from hex to | ||
10255 | base64. | ||
10256 | |||
10257 | Feedback and ok naddy@ markus@ | ||
10258 | |||
10259 | commit 058f839fe15c51be8b3a844a76ab9a8db550be4f | ||
10260 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10261 | Date: Thu Dec 18 23:58:04 2014 +0000 | ||
10262 | |||
10263 | upstream commit | ||
10264 | |||
10265 | don't count partial authentication success as a failure | ||
10266 | against MaxAuthTries; ok deraadt@ | ||