diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 3101 |
1 files changed, 1035 insertions, 2066 deletions
@@ -1,25 +1,1042 @@ | |||
1 | 20140130 | ||
2 | - (djm) [configure.ac] Only check for width-specified integer types | ||
3 | in headers that actually exist. patch from Tom G. Christensen; | ||
4 | ok dtucker@ | ||
5 | - (djm) [configure.ac atomicio.c] Kludge around NetBSD offering | ||
6 | different symbols for 'read' when various compiler flags are | ||
7 | in use, causing atomicio.c comparisons against it to break and | ||
8 | read/write operations to hang; ok dtucker | ||
9 | - (djm) Release openssh-6.5p1 | ||
10 | |||
11 | 20140129 | ||
12 | - (djm) [configure.ac] Fix broken shell test '==' vs '='; patch from | ||
13 | Tom G. Christensen | ||
14 | |||
15 | 20140128 | ||
16 | - (djm) [configure.ac] Search for inet_ntop in libnsl and libresovl; | ||
17 | ok dtucker | ||
18 | - (djm) [sshd.c] Use kill(0, ...) instead of killpg(0, ...); the | ||
19 | latter being specified to have undefined behaviour in SUSv3; | ||
20 | ok dtucker | ||
21 | - (tim) [regress/agent.sh regress/agent-ptrace.sh] Assign $? to a variable | ||
22 | when used as an error message inside an if statement so we display the | ||
23 | correct into. agent.sh patch from Petr Lautrbach. | ||
24 | |||
25 | 20140127 | ||
26 | - (dtucker) [Makefile.in] Remove trailing backslash which some make | ||
27 | implementations (eg older Solaris) do not cope with. | ||
28 | |||
29 | 20140126 | ||
30 | - OpenBSD CVS Sync | ||
31 | - dtucker@cvs.openbsd.org 2014/01/25 10:12:50 | ||
32 | [cipher.c cipher.h kex.c kex.h kexgexc.c] | ||
33 | Add a special case for the DH group size for 3des-cbc, which has an | ||
34 | effective strength much lower than the key size. This causes problems | ||
35 | with some cryptlib implementations, which don't support group sizes larger | ||
36 | than 4k but also don't use the largest group size it does support as | ||
37 | specified in the RFC. Based on a patch from Petr Lautrbach at Redhat, | ||
38 | reduced by me with input from Markus. ok djm@ markus@ | ||
39 | - markus@cvs.openbsd.org 2014/01/25 20:35:37 | ||
40 | [kex.c] | ||
41 | dh_need needs to be set to max(seclen, blocksize, ivlen, mac_len) | ||
42 | ok dtucker@, noted by mancha | ||
43 | - (djm) [configure.ac sandbox-capsicum.c sandbox-rlimit.c] Disable | ||
44 | RLIMIT_NOFILE pseudo-sandbox on FreeBSD. In some configurations, | ||
45 | libc will attempt to open additional file descriptors for crypto | ||
46 | offload and crash if they cannot be opened. | ||
47 | - (djm) [configure.ac] correct AC_DEFINE for previous. | ||
48 | |||
49 | 20140125 | ||
50 | - (djm) [configure.ac] Fix detection of capsicum sandbox on FreeBSD | ||
51 | - (djm) [configure.ac] Do not attempt to use capsicum sandbox unless | ||
52 | sys/capability.h exists and cap_rights_limit is in libc. Fixes | ||
53 | build on FreeBSD9x which provides the header but not the libc | ||
54 | support. | ||
55 | - (djm) [configure.ac] autoconf sets finds to 'yes' not '1', so test | ||
56 | against the correct thing. | ||
57 | |||
58 | 20140124 | ||
59 | - (djm) [Makefile.in regress/scp-ssh-wrapper.sh regress/scp.sh] Make | ||
60 | the scp regress test actually test the built scp rather than the one | ||
61 | in $PATH. ok dtucker@ | ||
62 | |||
63 | 20140123 | ||
64 | - (tim) [session.c] Improve error reporting on set_id(). | ||
65 | - (dtucker) [configure.ac] NetBSD's (and FreeBSD's) strnvis is gratuitously | ||
66 | incompatible with OpenBSD's despite post-dating it by more than a decade. | ||
67 | Declare it as broken, and document FreeBSD's as the same. ok djm@ | ||
68 | |||
69 | 20140122 | ||
70 | - (djm) [openbsd-compat/setproctitle.c] Don't fail to compile if a | ||
71 | platform that is expected to use the reuse-argv style setproctitle | ||
72 | hack surprises us by providing a setproctitle in libc; ok dtucker | ||
73 | - (djm) [configure.ac] Unless specifically requested, only attempt | ||
74 | to build Position Independent Executables on gcc >= 4.x; ok dtucker | ||
75 | - (djm) [configure.ac aclocal.m4] More tests to detect fallout from | ||
76 | platform hardening options: include some long long int arithmatic | ||
77 | to detect missing support functions for -ftrapv in libgcc and | ||
78 | equivalents, actually test linking when -ftrapv is supplied and | ||
79 | set either both -pie/-fPIE or neither. feedback and ok dtucker@ | ||
80 | |||
81 | 20140121 | ||
82 | - (dtucker) [configure.ac] Make PIE a configure-time option which defaults | ||
83 | to on platforms where it's known to be reliably detected and off elsewhere. | ||
84 | Works around platforms such as FreeBSD 9.1 where it does not interop with | ||
85 | -ftrapv (it seems to work but fails when trying to link ssh). ok djm@ | ||
86 | - (dtucker) [aclocal.m4] Differentiate between compile-time and link-time | ||
87 | tests in the configure output. ok djm. | ||
88 | - (tim) [platform.c session.c] Fix bug affecting SVR5 platforms introduced | ||
89 | with sftp chroot support. Move set_id call after chroot. | ||
90 | - (djm) [aclocal.m4] Flesh out the code run in the OSSH_CHECK_CFLAG_COMPILE | ||
91 | and OSSH_CHECK_LDFLAG_LINK tests to give them a better chance of | ||
92 | detecting toolchain-related problems; ok dtucker | ||
93 | |||
94 | 20140120 | ||
95 | - (dtucker) [gss-serv-krb5.c] Fall back to krb5_cc_gen_new if the Kerberos | ||
96 | implementation does not have krb5_cc_new_unique, similar to what we do | ||
97 | in auth-krb5.c. | ||
98 | - (djm) [regress/cert-hostkey.sh] Fix regress failure on platforms that | ||
99 | skip one or more key types (e.g. RHEL/CentOS 6.5); ok dtucker@ | ||
100 | - (djm) OpenBSD CVS Sync | ||
101 | - djm@cvs.openbsd.org 2014/01/20 00:08:48 | ||
102 | [digest.c] | ||
103 | memleak; found by Loganaden Velvindron @ AfriNIC; ok markus@ | ||
104 | |||
105 | 20140119 | ||
106 | - (dtucker) OpenBSD CVS Sync | ||
107 | - dtucker@cvs.openbsd.org 2014/01/17 06:23:24 | ||
108 | [sftp-server.c] | ||
109 | fix log message statvfs. ok djm | ||
110 | - dtucker@cvs.openbsd.org 2014/01/18 09:36:26 | ||
111 | [session.c] | ||
112 | explicitly define USE_PIPES to 1 to prevent redefinition warnings in | ||
113 | portable on platforms that use pipes for everything. From vinschen at | ||
114 | redhat. | ||
115 | - dtucker@cvs.openbsd.org 2014/01/19 04:17:29 | ||
116 | [canohost.c addrmatch.c] | ||
117 | Cast socklen_t when comparing to size_t and use socklen_t to iterate over | ||
118 | the ip options, both to prevent signed/unsigned comparison warnings. | ||
119 | Patch from vinschen at redhat via portable openssh, begrudging ok deraadt. | ||
120 | - djm@cvs.openbsd.org 2014/01/19 04:48:08 | ||
121 | [ssh_config.5] | ||
122 | fix inverted meaning of 'no' and 'yes' for CanonicalizeFallbackLocal | ||
123 | - dtucker@cvs.openbsd.org 2014/01/19 11:21:51 | ||
124 | [addrmatch.c] | ||
125 | Cast the sizeof to socklen_t so it'll work even if the supplied len is | ||
126 | negative. Suggested by and ok djm, ok deraadt. | ||
127 | |||
128 | 20140118 | ||
129 | - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. Patch | ||
130 | from vinschen at redhat.com | ||
131 | - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing function | ||
132 | declarations that stopped being included when we stopped including | ||
133 | <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at | ||
134 | redhat.com. | ||
135 | - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs, | ||
136 | optind) are defined in getopt.h already. Unfortunately they are defined as | ||
137 | "declspec(dllimport)" for historical reasons, because the GNU linker didn't | ||
138 | allow auto-import on PE/COFF targets way back when. The problem is the | ||
139 | dllexport attributes collide with the definitions in the various source | ||
140 | files in OpenSSH, which obviousy define the variables without | ||
141 | declspec(dllimport). The least intrusive way to get rid of these warnings | ||
142 | is to disable warnings for GCC compiler attributes when building on Cygwin. | ||
143 | Patch from vinschen at redhat.com. | ||
144 | - (dtucker) [sandbox-capsicum.c] Correct some error messages and make the | ||
145 | return value check for cap_enter() consistent with the other uses in | ||
146 | FreeBSD. From by Loganaden Velvindron @ AfriNIC via bz#2140. | ||
147 | |||
148 | 20140117 | ||
149 | - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchain | ||
150 | hardening flags including -fstack-protector-strong. These default to on | ||
151 | if the toolchain supports them, but there is a configure-time knob | ||
152 | (--without-hardening) to disable them if necessary. ok djm@ | ||
153 | - (djm) [sftp-client.c] signed/unsigned comparison fix | ||
154 | - (dtucker) [loginrec.c] Cast to the types specfied in the format | ||
155 | specification to prevent warnings. | ||
156 | - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. | ||
157 | - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H. | ||
158 | - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] Include | ||
159 | includes.h to pull in all of the compatibility stuff. | ||
160 | - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include inside | ||
161 | #ifdef HAVE_STDINT_H. | ||
162 | - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms that | ||
163 | don't have them. | ||
164 | - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions into | ||
165 | separate lines and alphabetize for easier diffing of changes. | ||
166 | - (dtucker) OpenBSD CVS Sync | ||
167 | - djm@cvs.openbsd.org 2014/01/17 00:21:06 | ||
168 | [sftp-client.c] | ||
169 | signed/unsigned comparison warning fix; from portable (Id sync only) | ||
170 | - dtucker@cvs.openbsd.org 2014/01/17 05:26:41 | ||
171 | [digest.c] | ||
172 | remove unused includes. ok djm@ | ||
173 | - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c] | ||
174 | [sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] | ||
175 | [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing | ||
176 | using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling | ||
177 | Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@ | ||
178 | - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c | ||
179 | openbsd-compat/openssl-compat.h] Add compatibility layer for older | ||
180 | openssl versions. ok djm@ | ||
181 | - (dtucker) Fix typo in #ifndef. | ||
182 | - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.c | ||
183 | openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs | ||
184 | to be useful (and for the regression tests to pass) on platforms that | ||
185 | have statfs and fstatfs. ok djm@ | ||
186 | - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if we | ||
187 | need them to cut down on the name collisions. | ||
188 | - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types. | ||
189 | - (dtucker) [configure.ac] Have --without-hardening not turn off | ||
190 | stack-protector since that has a separate flag that's been around a while. | ||
191 | - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building on | ||
192 | Solaris. | ||
193 | - (dtucker) [defines.h] Move our definitions of uintXX_t types down to after | ||
194 | they're defined if we have to define them ourselves. Fixes builds on old | ||
195 | AIX. | ||
196 | |||
197 | 20140118 | ||
198 | - (djm) OpenBSD CVS Sync | ||
199 | - djm@cvs.openbsd.org 2014/01/16 07:31:09 | ||
200 | [sftp-client.c] | ||
201 | needless and incorrect cast to size_t can break resumption of | ||
202 | large download; patch from tobias@ | ||
203 | - djm@cvs.openbsd.org 2014/01/16 07:32:00 | ||
204 | [version.h] | ||
205 | openssh-6.5 | ||
206 | - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
207 | [contrib/suse/openssh.spec] Crank RPM spec version numbers. | ||
208 | - (djm) [README] update release notes URL. | ||
209 | |||
210 | 20140112 | ||
211 | - (djm) OpenBSD CVS Sync | ||
212 | - djm@cvs.openbsd.org 2014/01/10 05:59:19 | ||
213 | [sshd_config] | ||
214 | the /etc/ssh/ssh_host_ed25519_key is loaded by default too | ||
215 | - djm@cvs.openbsd.org 2014/01/12 08:13:13 | ||
216 | [bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] | ||
217 | [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] | ||
218 | avoid use of OpenSSL BIGNUM type and functions for KEX with | ||
219 | Curve25519 by adding a buffer_put_bignum2_from_string() that stores | ||
220 | a string using the bignum encoding rules. Will make it easier to | ||
221 | build a reduced-feature OpenSSH without OpenSSL in the future; | ||
222 | ok markus@ | ||
223 | |||
224 | 20140110 | ||
225 | - (djm) OpenBSD CVS Sync | ||
226 | - tedu@cvs.openbsd.org 2014/01/04 17:50:55 | ||
227 | [mac.c monitor_mm.c monitor_mm.h xmalloc.c] | ||
228 | use standard types and formats for size_t like variables. ok dtucker | ||
229 | - guenther@cvs.openbsd.org 2014/01/09 03:26:00 | ||
230 | [sftp-common.c] | ||
231 | When formating the time for "ls -l"-style output, show dates in the future | ||
232 | with the year, and rearrange a comparison to avoid a potentional signed | ||
233 | arithmetic overflow that would give the wrong result. | ||
234 | ok djm@ | ||
235 | - djm@cvs.openbsd.org 2014/01/09 23:20:00 | ||
236 | [digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] | ||
237 | [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] | ||
238 | [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] | ||
239 | [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] | ||
240 | Introduce digest API and use it to perform all hashing operations | ||
241 | rather than calling OpenSSL EVP_Digest* directly. Will make it easier | ||
242 | to build a reduced-feature OpenSSH without OpenSSL in future; | ||
243 | feedback, ok markus@ | ||
244 | - djm@cvs.openbsd.org 2014/01/09 23:26:48 | ||
245 | [sshconnect.c sshd.c] | ||
246 | ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, | ||
247 | deranged and might make some attacks on KEX easier; ok markus@ | ||
248 | |||
249 | 20140108 | ||
250 | - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@ | ||
251 | |||
252 | 20131231 | ||
253 | - (djm) OpenBSD CVS Sync | ||
254 | - djm@cvs.openbsd.org 2013/12/30 23:52:28 | ||
255 | [auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] | ||
256 | [sshconnect.c sshconnect2.c sshd.c] | ||
257 | refuse RSA keys from old proprietary clients/servers that use the | ||
258 | obsolete RSA+MD5 signature scheme. it will still be possible to connect | ||
259 | with these clients/servers but only DSA keys will be accepted, and we'll | ||
260 | deprecate them entirely in a future release. ok markus@ | ||
261 | |||
262 | 20131229 | ||
263 | - (djm) [loginrec.c] Check for username truncation when looking up lastlog | ||
264 | entries | ||
265 | - (djm) [regress/Makefile] Add some generated files for cleaning | ||
266 | - (djm) OpenBSD CVS Sync | ||
267 | - djm@cvs.openbsd.org 2013/12/19 00:10:30 | ||
268 | [ssh-add.c] | ||
269 | skip requesting smartcard PIN when removing keys from agent; bz#2187 | ||
270 | patch from jay AT slushpupie.com; ok dtucker | ||
271 | - dtucker@cvs.openbsd.org 2013/12/19 00:19:12 | ||
272 | [serverloop.c] | ||
273 | Cast client_alive_interval to u_int64_t before assinging to | ||
274 | max_time_milliseconds to avoid potential integer overflow in the timeout. | ||
275 | bz#2170, patch from Loganaden Velvindron, ok djm@ | ||
276 | - djm@cvs.openbsd.org 2013/12/19 00:27:57 | ||
277 | [auth-options.c] | ||
278 | simplify freeing of source-address certificate restriction | ||
279 | - djm@cvs.openbsd.org 2013/12/19 01:04:36 | ||
280 | [channels.c] | ||
281 | bz#2147: fix multiple remote forwardings with dynamically assigned | ||
282 | listen ports. In the s->c message to open the channel we were sending | ||
283 | zero (the magic number to request a dynamic port) instead of the actual | ||
284 | listen port. The client therefore had no way of discriminating between | ||
285 | them. | ||
286 | |||
287 | Diagnosis and fix by ronf AT timeheart.net | ||
288 | - djm@cvs.openbsd.org 2013/12/19 01:19:41 | ||
289 | [ssh-agent.c] | ||
290 | bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent | ||
291 | that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; | ||
292 | ok dtucker | ||
293 | - djm@cvs.openbsd.org 2013/12/19 22:57:13 | ||
294 | [poly1305.c poly1305.h] | ||
295 | use full name for author, with his permission | ||
296 | - tedu@cvs.openbsd.org 2013/12/21 07:10:47 | ||
297 | [ssh-keygen.1] | ||
298 | small typo | ||
299 | - djm@cvs.openbsd.org 2013/12/27 22:30:17 | ||
300 | [ssh-dss.c ssh-ecdsa.c ssh-rsa.c] | ||
301 | make the original RSA and DSA signing/verification code look more like | ||
302 | the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type | ||
303 | rather than tediously listing all variants, use __func__ for debug/ | ||
304 | error messages | ||
305 | - djm@cvs.openbsd.org 2013/12/27 22:37:18 | ||
306 | [ssh-rsa.c] | ||
307 | correct comment | ||
308 | - djm@cvs.openbsd.org 2013/12/29 02:28:10 | ||
309 | [key.c] | ||
310 | allow ed25519 keys to appear as certificate authorities | ||
311 | - djm@cvs.openbsd.org 2013/12/29 02:37:04 | ||
312 | [key.c] | ||
313 | correct comment for key_to_certified() | ||
314 | - djm@cvs.openbsd.org 2013/12/29 02:49:52 | ||
315 | [key.c] | ||
316 | correct comment for key_drop_cert() | ||
317 | - djm@cvs.openbsd.org 2013/12/29 04:20:04 | ||
318 | [key.c] | ||
319 | to make sure we don't omit any key types as valid CA keys again, | ||
320 | factor the valid key type check into a key_type_is_valid_ca() | ||
321 | function | ||
322 | - djm@cvs.openbsd.org 2013/12/29 04:29:25 | ||
323 | [authfd.c] | ||
324 | allow deletion of ed25519 keys from the agent | ||
325 | - djm@cvs.openbsd.org 2013/12/29 04:35:50 | ||
326 | [authfile.c] | ||
327 | don't refuse to load Ed25519 certificates | ||
328 | - djm@cvs.openbsd.org 2013/12/29 05:42:16 | ||
329 | [ssh.c] | ||
330 | don't forget to load Ed25519 certs too | ||
331 | - djm@cvs.openbsd.org 2013/12/29 05:57:02 | ||
332 | [sshconnect.c] | ||
333 | when showing other hostkeys, don't forget Ed25519 keys | ||
334 | |||
335 | 20131221 | ||
336 | - (dtucker) [regress/keytype.sh] Actually test ecdsa key types. | ||
337 | |||
338 | 20131219 | ||
339 | - (dtucker) [configure.ac] bz#2178: Don't try to use BSM on Solaris versions | ||
340 | greater than 11 either rather than just 11. Patch from Tomas Kuthan. | ||
341 | - (dtucker) [auth-pam.c] bz#2163: check return value from pam_get_item(). | ||
342 | Patch from Loganaden Velvindron. | ||
343 | |||
344 | 20131218 | ||
345 | - (djm) OpenBSD CVS Sync | ||
346 | - djm@cvs.openbsd.org 2013/12/07 08:08:26 | ||
347 | [ssh-keygen.1] | ||
348 | document -a and -o wrt new key format | ||
349 | - naddy@cvs.openbsd.org 2013/12/07 11:58:46 | ||
350 | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] | ||
351 | [ssh_config.5 sshd.8 sshd_config.5] | ||
352 | add missing mentions of ed25519; ok djm@ | ||
353 | - dtucker@cvs.openbsd.org 2013/12/08 09:53:27 | ||
354 | [sshd_config.5] | ||
355 | Use a literal for the default value of KEXAlgorithms. ok deraadt jmc | ||
356 | - markus@cvs.openbsd.org 2013/12/09 11:03:45 | ||
357 | [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] | ||
358 | [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] | ||
359 | Add Authors for the public domain ed25519/nacl code. | ||
360 | see also http://nacl.cr.yp.to/features.html | ||
361 | All of the NaCl software is in the public domain. | ||
362 | and http://ed25519.cr.yp.to/software.html | ||
363 | The Ed25519 software is in the public domain. | ||
364 | - markus@cvs.openbsd.org 2013/12/09 11:08:17 | ||
365 | [crypto_api.h] | ||
366 | remove unused defines | ||
367 | - pascal@cvs.openbsd.org 2013/12/15 18:17:26 | ||
368 | [ssh-add.c] | ||
369 | Make ssh-add also add .ssh/id_ed25519; fixes lie in manual page. | ||
370 | ok markus@ | ||
371 | - djm@cvs.openbsd.org 2013/12/15 21:42:35 | ||
372 | [cipher-chachapoly.c] | ||
373 | add some comments and constify a constant | ||
374 | - markus@cvs.openbsd.org 2013/12/17 10:36:38 | ||
375 | [crypto_api.h] | ||
376 | I've assempled the header file by cut&pasting from generated headers | ||
377 | and the source files. | ||
378 | |||
379 | 20131208 | ||
380 | - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna | ||
381 | Vinschen | ||
382 | - (djm) [Makefile.in regress/Makefile regress/agent-ptrace.sh] | ||
383 | [regress/setuid-allowed.c] Check that ssh-agent is not on a no-setuid | ||
384 | filesystem before running agent-ptrace.sh; ok dtucker | ||
385 | |||
386 | 20131207 | ||
387 | - (djm) OpenBSD CVS Sync | ||
388 | - djm@cvs.openbsd.org 2013/12/05 22:59:45 | ||
389 | [sftp-client.c] | ||
390 | fix memory leak in error path in do_readdir(); pointed out by | ||
391 | Loganaden Velvindron @ AfriNIC in bz#2163 | ||
392 | - djm@cvs.openbsd.org 2013/12/06 03:40:51 | ||
393 | [ssh-keygen.c] | ||
394 | remove duplicated character ('g') in getopt() string; | ||
395 | document the (few) remaining option characters so we don't have to | ||
396 | rummage next time. | ||
397 | - markus@cvs.openbsd.org 2013/12/06 13:30:08 | ||
398 | [authfd.c key.c key.h ssh-agent.c] | ||
399 | move private key (de)serialization to key.c; ok djm | ||
400 | - markus@cvs.openbsd.org 2013/12/06 13:34:54 | ||
401 | [authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c] | ||
402 | [ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by | ||
403 | default; details in PROTOCOL.key; feedback and lots help from djm; | ||
404 | ok djm@ | ||
405 | - markus@cvs.openbsd.org 2013/12/06 13:39:49 | ||
406 | [authfd.c authfile.c key.c key.h myproposal.h pathnames.h readconf.c] | ||
407 | [servconf.c ssh-agent.c ssh-keygen.c ssh-keyscan.1 ssh-keyscan.c] | ||
408 | [ssh-keysign.c ssh.c ssh_config.5 sshd.8 sshd.c verify.c ssh-ed25519.c] | ||
409 | [sc25519.h sc25519.c hash.c ge25519_base.data ge25519.h ge25519.c] | ||
410 | [fe25519.h fe25519.c ed25519.c crypto_api.h blocks.c] | ||
411 | support ed25519 keys (hostkeys and user identities) using the public | ||
412 | domain ed25519 reference code from SUPERCOP, see | ||
413 | http://ed25519.cr.yp.to/software.html | ||
414 | feedback, help & ok djm@ | ||
415 | - jmc@cvs.openbsd.org 2013/12/06 15:29:07 | ||
416 | [sshd.8] | ||
417 | missing comma; | ||
418 | - djm@cvs.openbsd.org 2013/12/07 00:19:15 | ||
419 | [key.c] | ||
420 | set k->cert = NULL after freeing it | ||
421 | - markus@cvs.openbsd.org 2013/12/06 13:52:46 | ||
422 | [regress/Makefile regress/agent.sh regress/cert-hostkey.sh] | ||
423 | [regress/cert-userkey.sh regress/keytype.sh] | ||
424 | test ed25519 support; from djm@ | ||
425 | - (djm) [blocks.c ed25519.c fe25519.c fe25519.h ge25519.c ge25519.h] | ||
426 | [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents | ||
427 | - (djm) [Makefile.in] Add ed25519 sources | ||
428 | - (djm) [authfile.c] Conditionalise inclusion of util.h | ||
429 | - (djm) [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c] | ||
430 | [openbsd-compat/blf.h openbsd-compat/blowfish.c] | ||
431 | [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in | ||
432 | portable. | ||
433 | - (djm) [ed25519.c ssh-ed25519.c openbsd-compat/Makefile.in] | ||
434 | [openbsd-compat/bcrypt_pbkdf.c] Make ed25519/new key format compile on | ||
435 | Linux | ||
436 | - (djm) [regress/cert-hostkey.sh] Fix merge botch | ||
437 | - (djm) [Makefile.in] PATHSUBS and keygen bits for Ed25519; from | ||
438 | Loganaden Velvindron @ AfriNIC in bz#2179 | ||
439 | |||
440 | 20131205 | ||
441 | - (djm) OpenBSD CVS Sync | ||
442 | - jmc@cvs.openbsd.org 2013/11/21 08:05:09 | ||
443 | [ssh_config.5 sshd_config.5] | ||
444 | no need for .Pp before displays; | ||
445 | - deraadt@cvs.openbsd.org 2013/11/25 18:04:21 | ||
446 | [ssh.1 ssh.c] | ||
447 | improve -Q usage and such. One usage change is that the option is now | ||
448 | case-sensitive | ||
449 | ok dtucker markus djm | ||
450 | - jmc@cvs.openbsd.org 2013/11/26 12:14:54 | ||
451 | [ssh.1 ssh.c] | ||
452 | - put -Q in the right place | ||
453 | - Ar was a poor choice for the arguments to -Q. i've chosen an | ||
454 | admittedly equally poor Cm, at least consistent with the rest | ||
455 | of the docs. also no need for multiple instances | ||
456 | - zap a now redundant Nm | ||
457 | - usage() sync | ||
458 | - deraadt@cvs.openbsd.org 2013/11/26 19:15:09 | ||
459 | [pkcs11.h] | ||
460 | cleanup 1 << 31 idioms. Resurrection of this issue pointed out by | ||
461 | Eitan Adler ok markus for ssh, implies same change in kerberosV | ||
462 | - djm@cvs.openbsd.org 2013/12/01 23:19:05 | ||
463 | [PROTOCOL] | ||
464 | mention curve25519-sha256@libssh.org key exchange algorithm | ||
465 | - djm@cvs.openbsd.org 2013/12/02 02:50:27 | ||
466 | [PROTOCOL.chacha20poly1305] | ||
467 | typo; from Jon Cave | ||
468 | - djm@cvs.openbsd.org 2013/12/02 02:56:17 | ||
469 | [ssh-pkcs11-helper.c] | ||
470 | use-after-free; bz#2175 patch from Loganaden Velvindron @ AfriNIC | ||
471 | - djm@cvs.openbsd.org 2013/12/02 03:09:22 | ||
472 | [key.c] | ||
473 | make key_to_blob() return a NULL blob on failure; part of | ||
474 | bz#2175 from Loganaden Velvindron @ AfriNIC | ||
475 | - djm@cvs.openbsd.org 2013/12/02 03:13:14 | ||
476 | [cipher.c] | ||
477 | correct bzero of chacha20+poly1305 key context. bz#2177 from | ||
478 | Loganaden Velvindron @ AfriNIC | ||
479 | |||
480 | Also make it a memset for consistency with the rest of cipher.c | ||
481 | - djm@cvs.openbsd.org 2013/12/04 04:20:01 | ||
482 | [sftp-client.c] | ||
483 | bz#2171: don't leak local_fd on error; from Loganaden Velvindron @ | ||
484 | AfriNIC | ||
485 | - djm@cvs.openbsd.org 2013/12/05 01:16:41 | ||
486 | [servconf.c servconf.h] | ||
487 | bz#2161 - fix AuthorizedKeysCommand inside a Match block and | ||
488 | rearrange things so the same error is harder to make next time; | ||
489 | with and ok dtucker@ | ||
490 | - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct | ||
491 | -L location for libedit. Patch from Serge van den Boom. | ||
492 | |||
493 | 20131121 | ||
494 | - (djm) OpenBSD CVS Sync | ||
495 | - dtucker@cvs.openbsd.org 2013/11/08 11:15:19 | ||
496 | [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c] | ||
497 | [uidswap.c] Include stdlib.h for free() as per the man page. | ||
498 | - markus@cvs.openbsd.org 2013/11/13 13:48:20 | ||
499 | [ssh-pkcs11.c] | ||
500 | add missing braces found by pedro | ||
501 | - djm@cvs.openbsd.org 2013/11/20 02:19:01 | ||
502 | [sshd.c] | ||
503 | delay closure of in/out fds until after "Bad protocol version | ||
504 | identification..." message, as get_remote_ipaddr/get_remote_port | ||
505 | require them open. | ||
506 | - deraadt@cvs.openbsd.org 2013/11/20 20:53:10 | ||
507 | [scp.c] | ||
508 | unsigned casts for ctype macros where neccessary | ||
509 | ok guenther millert markus | ||
510 | - deraadt@cvs.openbsd.org 2013/11/20 20:54:10 | ||
511 | [canohost.c clientloop.c match.c readconf.c sftp.c] | ||
512 | unsigned casts for ctype macros where neccessary | ||
513 | ok guenther millert markus | ||
514 | - djm@cvs.openbsd.org 2013/11/21 00:45:44 | ||
515 | [Makefile.in PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] | ||
516 | [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] | ||
517 | [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] | ||
518 | [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport | ||
519 | cipher "chacha20-poly1305@openssh.com" that combines Daniel | ||
520 | Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an | ||
521 | authenticated encryption mode. | ||
522 | |||
523 | Inspired by and similar to Adam Langley's proposal for TLS: | ||
524 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | ||
525 | but differs in layout used for the MAC calculation and the use of a | ||
526 | second ChaCha20 instance to separately encrypt packet lengths. | ||
527 | Details are in the PROTOCOL.chacha20poly1305 file. | ||
528 | |||
529 | Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC | ||
530 | ok markus@ naddy@ | ||
531 | - naddy@cvs.openbsd.org 2013/11/18 05:09:32 | ||
532 | [regress/forward-control.sh] | ||
533 | bump timeout to 10 seconds to allow slow machines (e.g. Alpha PC164) | ||
534 | to successfully run this; ok djm@ | ||
535 | - djm@cvs.openbsd.org 2013/11/21 03:15:46 | ||
536 | [regress/krl.sh] | ||
537 | add some reminders for additional tests that I'd like to implement | ||
538 | - djm@cvs.openbsd.org 2013/11/21 03:16:47 | ||
539 | [regress/modpipe.c] | ||
540 | use unsigned long long instead of u_int64_t here to avoid warnings | ||
541 | on some systems portable OpenSSH is built on. | ||
542 | - djm@cvs.openbsd.org 2013/11/21 03:18:51 | ||
543 | [regress/cipher-speed.sh regress/integrity.sh regress/rekey.sh] | ||
544 | [regress/try-ciphers.sh] | ||
545 | use new "ssh -Q cipher-auth" query to obtain lists of authenticated | ||
546 | encryption ciphers instead of specifying them manually; ensures that | ||
547 | the new chacha20poly1305@openssh.com mode is tested; | ||
548 | |||
549 | ok markus@ and naddy@ as part of the diff to add | ||
550 | chacha20poly1305@openssh.com | ||
551 | |||
552 | 20131110 | ||
553 | - (dtucker) [regress/keytype.sh] Populate ECDSA key types to be tested by | ||
554 | querying the ones that are compiled in. | ||
555 | |||
556 | 20131109 | ||
557 | - (dtucker) OpenBSD CVS Sync | ||
558 | - dtucker@cvs.openbsd.org 2013/11/09 05:41:34 | ||
559 | [regress/test-exec.sh regress/rekey.sh] | ||
560 | Use smaller test data files to speed up tests. Grow test datafiles | ||
561 | where necessary for a specific test. | ||
562 | - (dtucker) [configure.ac kex.c key.c myproposal.h] Test for the presence of | ||
563 | NID_X9_62_prime256v1, NID_secp384r1 and NID_secp521r1 and test that the | ||
564 | latter actually works before using it. Fedora (at least) has NID_secp521r1 | ||
565 | that doesn't work (see https://bugzilla.redhat.com/show_bug.cgi?id=1021897). | ||
566 | - (dtucker) [configure.ac] Fix brackets in NID_secp521r1 test. | ||
567 | - (dtucker) [configure.ac] Add missing "test". | ||
568 | - (dtucker) [key.c] Check for the correct defines for NID_secp521r1. | ||
569 | |||
1 | 20131108 | 570 | 20131108 |
571 | - (dtucker) OpenBSD CVS Sync | ||
572 | - dtucker@cvs.openbsd.org 2013/11/08 01:06:14 | ||
573 | [regress/rekey.sh] | ||
574 | Rekey less frequently during tests to speed them up | ||
2 | - (djm) OpenBSD CVS Sync | 575 | - (djm) OpenBSD CVS Sync |
3 | - markus@cvs.openbsd.org 2013/11/06 16:52:11 | 576 | - dtucker@cvs.openbsd.org 2013/11/07 11:58:27 |
4 | [monitor_wrap.c] | 577 | [cipher.c cipher.h kex.c kex.h mac.c mac.h servconf.c ssh.c] |
5 | fix rekeying for AES-GCM modes; ok deraadt | 578 | Output the effective values of Ciphers, MACs and KexAlgorithms when |
579 | the default has not been overridden. ok markus@ | ||
6 | - djm@cvs.openbsd.org 2013/11/08 00:39:15 | 580 | - djm@cvs.openbsd.org 2013/11/08 00:39:15 |
7 | [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] | 581 | [auth-options.c auth2-chall.c authfd.c channels.c cipher-3des1.c] |
8 | [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] | 582 | [clientloop.c gss-genr.c monitor_mm.c packet.c schnorr.c umac.c] |
9 | [sftp-client.c sftp-glob.c] | 583 | [sftp-client.c sftp-glob.c] |
10 | use calloc for all structure allocations; from markus@ | 584 | use calloc for all structure allocations; from markus@ |
11 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
12 | [contrib/suse/openssh.spec] update version numbers | ||
13 | - djm@cvs.openbsd.org 2013/11/08 01:38:11 | 585 | - djm@cvs.openbsd.org 2013/11/08 01:38:11 |
14 | [version.h] | 586 | [version.h] |
15 | openssh-6.4 | 587 | openssh-6.4 |
16 | - (djm) Release 6.4p1 | 588 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
589 | [contrib/suse/openssh.spec] Update version numbers following release. | ||
590 | - (dtucker) [openbsd-compat/openbsd-compat.h] Add null implementation of | ||
591 | arc4random_stir for platforms that have arc4random but don't have | ||
592 | arc4random_stir (right now this is only OpenBSD -current). | ||
593 | - (dtucker) [kex.c] Only enable CURVE25519_SHA256 if we actually have | ||
594 | EVP_sha256. | ||
595 | - (dtucker) [myproposal.h] Conditionally enable CURVE25519_SHA256. | ||
596 | - (dtucker) [openbsd-compat/bsd-poll.c] Add headers to prevent compile | ||
597 | warnings. | ||
598 | - (dtucker) [Makefile.in configure.ac] Set MALLOC_OPTIONS per platform | ||
599 | and pass in TEST_ENV. use stderr to get polluted | ||
600 | and the stderr-data test to fail. | ||
601 | - (dtucker) [contrib/cygwin/ssh-host-config] Simplify host key generation: | ||
602 | rather than testing and generating each key, call ssh-keygen -A. | ||
603 | Patch from vinschen at redhat.com. | ||
604 | - (dtucker) OpenBSD CVS Sync | ||
605 | - dtucker@cvs.openbsd.org 2013/11/09 05:41:34 | ||
606 | [regress/test-exec.sh regress/rekey.sh] | ||
607 | Use smaller test data files to speed up tests. Grow test datafiles | ||
608 | where necessary for a specific test. | ||
609 | |||
610 | 20131107 | ||
611 | - (djm) [ssh-pkcs11.c] Bring back "non-constant initialiser" fix (rev 1.5) | ||
612 | that got lost in recent merge. | ||
613 | - (djm) [Makefile.in monitor.c] Missed chunks of curve25519 KEX diff | ||
614 | - (djm) [regress/modpipe.c regress/rekey.sh] Never intended to commit these | ||
615 | - (djm) [configure.ac defines.h] Skip arc4random_stir() calls on platforms | ||
616 | that lack it but have arc4random_uniform() | ||
617 | - (djm) OpenBSD CVS Sync | ||
618 | - markus@cvs.openbsd.org 2013/11/04 11:51:16 | ||
619 | [monitor.c] | ||
620 | fix rekeying for KEX_C25519_SHA256; noted by dtucker@ | ||
621 | RCSID sync only; I thought this was a merge botch and fixed it already | ||
622 | - markus@cvs.openbsd.org 2013/11/06 16:52:11 | ||
623 | [monitor_wrap.c] | ||
624 | fix rekeying for AES-GCM modes; ok deraadt | ||
625 | - djm@cvs.openbsd.org 2013/11/06 23:05:59 | ||
626 | [ssh-pkcs11.c] | ||
627 | from portable: s/true/true_val/ to avoid name collisions on dump platforms | ||
628 | RCSID sync only | ||
629 | - (dtucker) OpenBSD CVS Sync | ||
630 | - djm@cvs.openbsd.org 2013/10/09 23:44:14 | ||
631 | [regress/Makefile] (ID sync only) | ||
632 | regression test for sftp request white/blacklisting and readonly mode. | ||
633 | - markus@cvs.openbsd.org 2013/11/02 22:39:53 | ||
634 | [regress/kextype.sh] | ||
635 | add curve25519-sha256@libssh.org | ||
636 | - dtucker@cvs.openbsd.org 2013/11/04 12:27:42 | ||
637 | [regress/rekey.sh] | ||
638 | Test rekeying with all KexAlgorithms. | ||
639 | - dtucker@cvs.openbsd.org 2013/11/07 00:12:05 | ||
640 | [regress/rekey.sh] | ||
641 | Test rekeying for every Cipher, MAC and KEX, plus test every KEX with | ||
642 | the GCM ciphers. | ||
643 | - dtucker@cvs.openbsd.org 2013/11/07 01:12:51 | ||
644 | [regress/rekey.sh] | ||
645 | Factor out the data transfer rekey tests | ||
646 | - dtucker@cvs.openbsd.org 2013/11/07 02:48:38 | ||
647 | [regress/integrity.sh regress/cipher-speed.sh regress/try-ciphers.sh] | ||
648 | Use ssh -Q instead of hardcoding lists of ciphers or MACs. | ||
649 | - dtucker@cvs.openbsd.org 2013/11/07 03:55:41 | ||
650 | [regress/kextype.sh] | ||
651 | Use ssh -Q to get kex types instead of a static list. | ||
652 | - dtucker@cvs.openbsd.org 2013/11/07 04:26:56 | ||
653 | [regress/kextype.sh] | ||
654 | trailing space | ||
655 | - (dtucker) [Makefile.in configure.ac] Remove TEST_SSH_SHA256 environment | ||
656 | variable. It's no longer used now that we get the supported MACs from | ||
657 | ssh -Q. | ||
658 | |||
659 | 20131104 | ||
660 | - (djm) OpenBSD CVS Sync | ||
661 | - markus@cvs.openbsd.org 2013/11/02 20:03:54 | ||
662 | [ssh-pkcs11.c] | ||
663 | support pkcs#11 tokes that only provide x509 zerts instead of raw pubkeys; | ||
664 | fixes bz#1908; based on patch from Laurent Barbe; ok djm | ||
665 | - markus@cvs.openbsd.org 2013/11/02 21:59:15 | ||
666 | [kex.c kex.h myproposal.h ssh-keyscan.c sshconnect2.c sshd.c] | ||
667 | use curve25519 for default key exchange (curve25519-sha256@libssh.org); | ||
668 | initial patch from Aris Adamantiadis; ok djm@ | ||
669 | - markus@cvs.openbsd.org 2013/11/02 22:10:15 | ||
670 | [kexdhs.c kexecdhs.c] | ||
671 | no need to include monitor_wrap.h | ||
672 | - markus@cvs.openbsd.org 2013/11/02 22:24:24 | ||
673 | [kexdhs.c kexecdhs.c] | ||
674 | no need to include ssh-gss.h | ||
675 | - markus@cvs.openbsd.org 2013/11/02 22:34:01 | ||
676 | [auth-options.c] | ||
677 | no need to include monitor_wrap.h and ssh-gss.h | ||
678 | - markus@cvs.openbsd.org 2013/11/02 22:39:19 | ||
679 | [ssh_config.5 sshd_config.5] | ||
680 | the default kex is now curve25519-sha256@libssh.org | ||
681 | - djm@cvs.openbsd.org 2013/11/03 10:37:19 | ||
682 | [roaming_common.c] | ||
683 | fix a couple of function definitions foo() -> foo(void) | ||
684 | (-Wold-style-definition) | ||
685 | - (djm) [kexc25519.c kexc25519c.c kexc25519s.c] Import missed files from | ||
686 | KEX/curve25519 change | ||
687 | |||
688 | 20131103 | ||
689 | - (dtucker) [openbsd-compat/bsd-misc.c] Include time.h for nanosleep. | ||
690 | From OpenSMTPD where it prevents "implicit declaration" warnings (it's | ||
691 | a no-op in OpenSSH). From chl at openbsd. | ||
692 | - (dtucker) [openbsd-compat/setproctitle.c] Handle error case form the 2nd | ||
693 | vsnprintf. From eric at openbsd via chl@. | ||
694 | - (dtucker) [configure.ac defines.h] Add typedefs for intmax_t and uintmax_t | ||
695 | for platforms that don't have them. | ||
696 | |||
697 | 20131030 | ||
698 | - (djm) OpenBSD CVS Sync | ||
699 | - djm@cvs.openbsd.org 2013/10/29 09:42:11 | ||
700 | [key.c key.h] | ||
701 | fix potential stack exhaustion caused by nested certificates; | ||
702 | report by Mateusz Kocielski; ok dtucker@ markus@ | ||
703 | - djm@cvs.openbsd.org 2013/10/29 09:48:02 | ||
704 | [servconf.c servconf.h session.c sshd_config sshd_config.5] | ||
705 | shd_config PermitTTY to disallow TTY allocation, mirroring the | ||
706 | longstanding no-pty authorized_keys option; | ||
707 | bz#2070, patch from Teran McKinney; ok markus@ | ||
708 | - jmc@cvs.openbsd.org 2013/10/29 18:49:32 | ||
709 | [sshd_config.5] | ||
710 | pty(4), not pty(7); | ||
17 | 711 | ||
18 | 20130913 | 712 | 20131026 |
19 | - (djm) [channels.c] Fix unaligned access on sparc machines in SOCKS5 code; | 713 | - (djm) OpenBSD CVS Sync |
20 | ok dtucker@ | 714 | - djm@cvs.openbsd.org 2013/10/25 23:04:51 |
21 | - (djm) [channels.c] sigh, typo s/buffet_/buffer_/ | 715 | [ssh.c] |
22 | - (djm) Release 6.3p1 | 716 | fix crash when using ProxyCommand caused by previous commit - was calling |
717 | freeaddrinfo(NULL); spotted by sthen@ and Tim Ruehsen, patch by sthen@ | ||
718 | |||
719 | 20131025 | ||
720 | - (djm) [ssh-keygen.c ssh-keysign.c sshconnect1.c sshd.c] Remove | ||
721 | unnecessary arc4random_stir() calls. The only ones left are to ensure | ||
722 | that the PRNG gets a different state after fork() for platforms that | ||
723 | have broken the API. | ||
724 | |||
725 | 20131024 | ||
726 | - (djm) [auth-krb5.c] bz#2032 - use local username in krb5_kuserok check | ||
727 | rather than full client name which may be of form user@REALM; | ||
728 | patch from Miguel Sanders; ok dtucker@ | ||
729 | - (djm) OpenBSD CVS Sync | ||
730 | - dtucker@cvs.openbsd.org 2013/10/23 05:40:58 | ||
731 | [servconf.c] | ||
732 | fix comment | ||
733 | - djm@cvs.openbsd.org 2013/10/23 23:35:32 | ||
734 | [sshd.c] | ||
735 | include local address and port in "Connection from ..." message (only | ||
736 | shown at loglevel>=verbose) | ||
737 | - dtucker@cvs.openbsd.org 2013/10/24 00:49:49 | ||
738 | [moduli.c] | ||
739 | Periodically print progress and, if possible, expected time to completion | ||
740 | when screening moduli for DH groups. ok deraadt djm | ||
741 | - dtucker@cvs.openbsd.org 2013/10/24 00:51:48 | ||
742 | [readconf.c servconf.c ssh_config.5 sshd_config.5] | ||
743 | Disallow empty Match statements and add "Match all" which matches | ||
744 | everything. ok djm, man page help jmc@ | ||
745 | - djm@cvs.openbsd.org 2013/10/24 08:19:36 | ||
746 | [ssh.c] | ||
747 | fix bug introduced in hostname canonicalisation commit: don't try to | ||
748 | resolve hostnames when a ProxyCommand is set unless the user has forced | ||
749 | canonicalisation; spotted by Iain Morgan | ||
750 | - (tim) [regress/sftp-perm.sh] We need a shell that understands "! somecmd" | ||
751 | |||
752 | 20131023 | ||
753 | - (djm) OpenBSD CVS Sync | ||
754 | - djm@cvs.openbsd.org 2013/10/20 04:39:28 | ||
755 | [ssh_config.5] | ||
756 | document % expansions performed by "Match command ..." | ||
757 | - djm@cvs.openbsd.org 2013/10/20 06:19:28 | ||
758 | [readconf.c ssh_config.5] | ||
759 | rename "command" subclause of the recently-added "Match" keyword to | ||
760 | "exec"; it's shorter, clearer in intent and we might want to add the | ||
761 | ability to match against the command being executed at the remote end in | ||
762 | the future. | ||
763 | - djm@cvs.openbsd.org 2013/10/20 09:51:26 | ||
764 | [scp.1 sftp.1] | ||
765 | add canonicalisation options to -o lists | ||
766 | - jmc@cvs.openbsd.org 2013/10/20 18:00:13 | ||
767 | [ssh_config.5] | ||
768 | tweak the "exec" description, as worded by djm; | ||
769 | - djm@cvs.openbsd.org 2013/10/23 03:03:07 | ||
770 | [readconf.c] | ||
771 | Hostname may have %h sequences that should be expanded prior to Match | ||
772 | evaluation; spotted by Iain Morgan | ||
773 | - djm@cvs.openbsd.org 2013/10/23 03:05:19 | ||
774 | [readconf.c ssh.c] | ||
775 | comment | ||
776 | - djm@cvs.openbsd.org 2013/10/23 04:16:22 | ||
777 | [ssh-keygen.c] | ||
778 | Make code match documentation: relative-specified certificate expiry time | ||
779 | should be relative to current time and not the validity start time. | ||
780 | Reported by Petr Lautrbach; ok deraadt@ | ||
781 | |||
782 | 20131018 | ||
783 | - (djm) OpenBSD CVS Sync | ||
784 | - djm@cvs.openbsd.org 2013/10/09 23:44:14 | ||
785 | [regress/Makefile regress/sftp-perm.sh] | ||
786 | regression test for sftp request white/blacklisting and readonly mode. | ||
787 | - jmc@cvs.openbsd.org 2013/10/17 07:35:48 | ||
788 | [sftp.1 sftp.c] | ||
789 | tweak previous; | ||
790 | - djm@cvs.openbsd.org 2013/10/17 22:08:04 | ||
791 | [sshd.c] | ||
792 | include remote port in bad banner message; bz#2162 | ||
793 | |||
794 | 20131017 | ||
795 | - (djm) OpenBSD CVS Sync | ||
796 | - jmc@cvs.openbsd.org 2013/10/15 14:10:25 | ||
797 | [ssh.1 ssh_config.5] | ||
798 | tweak previous; | ||
799 | - djm@cvs.openbsd.org 2013/10/16 02:31:47 | ||
800 | [readconf.c readconf.h roaming_client.c ssh.1 ssh.c ssh_config.5] | ||
801 | [sshconnect.c sshconnect.h] | ||
802 | Implement client-side hostname canonicalisation to allow an explicit | ||
803 | search path of domain suffixes to use to convert unqualified host names | ||
804 | to fully-qualified ones for host key matching. | ||
805 | This is particularly useful for host certificates, which would otherwise | ||
806 | need to list unqualified names alongside fully-qualified ones (and this | ||
807 | causes a number of problems). | ||
808 | "looks fine" markus@ | ||
809 | - jmc@cvs.openbsd.org 2013/10/16 06:42:25 | ||
810 | [ssh_config.5] | ||
811 | tweak previous; | ||
812 | - djm@cvs.openbsd.org 2013/10/16 22:49:39 | ||
813 | [readconf.c readconf.h ssh.1 ssh.c ssh_config.5] | ||
814 | s/canonicalise/canonicalize/ for consistency with existing spelling, | ||
815 | e.g. authorized_keys; pointed out by naddy@ | ||
816 | - djm@cvs.openbsd.org 2013/10/16 22:58:01 | ||
817 | [ssh.c ssh_config.5] | ||
818 | one I missed in previous: s/isation/ization/ | ||
819 | - djm@cvs.openbsd.org 2013/10/17 00:30:13 | ||
820 | [PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c] | ||
821 | fsync@openssh.com protocol extension for sftp-server | ||
822 | client support to allow calling fsync() faster successful transfer | ||
823 | patch mostly by imorgan AT nas.nasa.gov; bz#1798 | ||
824 | "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@ | ||
825 | - djm@cvs.openbsd.org 2013/10/17 00:46:49 | ||
826 | [ssh.c] | ||
827 | rearrange check to reduce diff against -portable | ||
828 | (Id sync only) | ||
829 | |||
830 | 20131015 | ||
831 | - (djm) OpenBSD CVS Sync | ||
832 | - djm@cvs.openbsd.org 2013/10/09 23:42:17 | ||
833 | [sftp-server.8 sftp-server.c] | ||
834 | Add ability to whitelist and/or blacklist sftp protocol requests by name. | ||
835 | Refactor dispatch loop and consolidate read-only mode checks. | ||
836 | Make global variables static, since sftp-server is linked into sshd(8). | ||
837 | ok dtucker@ | ||
838 | - djm@cvs.openbsd.org 2013/10/10 00:53:25 | ||
839 | [sftp-server.c] | ||
840 | add -Q, -P and -p to usage() before jmc@ catches me | ||
841 | - djm@cvs.openbsd.org 2013/10/10 01:43:03 | ||
842 | [sshd.c] | ||
843 | bz#2139: fix re-exec fallback by ensuring that startup_pipe is correctly | ||
844 | updated; ok dtucker@ | ||
845 | - djm@cvs.openbsd.org 2013/10/11 02:45:36 | ||
846 | [sftp-client.c] | ||
847 | rename flag arguments to be more clear and consistent. | ||
848 | reorder some internal function arguments to make adding additional flags | ||
849 | easier. | ||
850 | no functional change | ||
851 | - djm@cvs.openbsd.org 2013/10/11 02:52:23 | ||
852 | [sftp-client.c] | ||
853 | missed one arg reorder | ||
854 | - djm@cvs.openbsd.org 2013/10/11 02:53:45 | ||
855 | [sftp-client.h] | ||
856 | obsolete comment | ||
857 | - jmc@cvs.openbsd.org 2013/10/14 14:18:56 | ||
858 | [sftp-server.8 sftp-server.c] | ||
859 | tweak previous; | ||
860 | ok djm | ||
861 | - djm@cvs.openbsd.org 2013/10/14 21:20:52 | ||
862 | [session.c session.h] | ||
863 | Add logging of session starts in a useful format; ok markus@ feedback and | ||
864 | ok dtucker@ | ||
865 | - djm@cvs.openbsd.org 2013/10/14 22:22:05 | ||
866 | [readconf.c readconf.h ssh-keysign.c ssh.c ssh_config.5] | ||
867 | add a "Match" keyword to ssh_config that allows matching on hostname, | ||
868 | user and result of arbitrary commands. "nice work" markus@ | ||
869 | - djm@cvs.openbsd.org 2013/10/14 23:28:23 | ||
870 | [canohost.c misc.c misc.h readconf.c sftp-server.c ssh.c] | ||
871 | refactor client config code a little: | ||
872 | add multistate option partsing to readconf.c, similar to servconf.c's | ||
873 | existing code. | ||
874 | move checking of options that accept "none" as an argument to readconf.c | ||
875 | add a lowercase() function and use it instead of explicit tolower() in | ||
876 | loops | ||
877 | part of a larger diff that was ok markus@ | ||
878 | - djm@cvs.openbsd.org 2013/10/14 23:31:01 | ||
879 | [ssh.c] | ||
880 | whitespace at EOL; pointed out by markus@ | ||
881 | - [ssh.c] g/c unused variable. | ||
882 | |||
883 | 20131010 | ||
884 | - (dtucker) OpenBSD CVS Sync | ||
885 | - sthen@cvs.openbsd.org 2013/09/16 11:35:43 | ||
886 | [ssh_config] | ||
887 | Remove gssapi config parts from ssh_config, as was already done for | ||
888 | sshd_config. Req by/ok ajacoutot@ | ||
889 | ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular | ||
890 | - djm@cvs.openbsd.org 2013/09/19 00:24:52 | ||
891 | [progressmeter.c] | ||
892 | store the initial file offset so the progress meter doesn't freak out | ||
893 | when resuming sftp transfers. bz#2137; patch from Iain Morgan; ok dtucker@` | ||
894 | - djm@cvs.openbsd.org 2013/09/19 00:49:12 | ||
895 | [sftp-client.c] | ||
896 | fix swapped pflag and printflag in sftp upload_dir; from Iain Morgan | ||
897 | - djm@cvs.openbsd.org 2013/09/19 01:24:46 | ||
898 | [channels.c] | ||
899 | bz#1297 - tell the client (via packet_send_debug) when their preferred | ||
900 | listen address has been overridden by the server's GatewayPorts; | ||
901 | ok dtucker@ | ||
902 | - djm@cvs.openbsd.org 2013/09/19 01:26:29 | ||
903 | [sshconnect.c] | ||
904 | bz#1211: make BindAddress work with UsePrivilegedPort=yes; patch from | ||
905 | swp AT swp.pp.ru; ok dtucker@ | ||
906 | - dtucker@cvs.openbsd.org 2013/10/08 11:42:13 | ||
907 | [dh.c dh.h] | ||
908 | Increase the size of the Diffie-Hellman groups requested for a each | ||
909 | symmetric key size. New values from NIST Special Publication 800-57 with | ||
910 | the upper limit specified by RFC4419. Pointed out by Peter Backes, ok | ||
911 | djm@. | ||
912 | |||
913 | 20131009 | ||
914 | - (djm) [openbsd-compat/arc4random.c openbsd-compat/chacha_private.h] Pull | ||
915 | in OpenBSD implementation of arc4random, shortly to replace the existing | ||
916 | bsd-arc4random.c | ||
917 | - (djm) [openbsd-compat/Makefile.in openbsd-compat/arc4random.c] | ||
918 | [openbsd-compat/bsd-arc4random.c] Replace old RC4-based arc4random | ||
919 | implementation with recent OpenBSD's ChaCha-based PRNG. ok dtucker@, | ||
920 | tested tim@ | ||
921 | |||
922 | 20130922 | ||
923 | - (dtucker) [platform.c platform.h sshd.c] bz#2156: restore Linux oom_adj | ||
924 | setting when handling SIGHUP to maintain behaviour over retart. Patch | ||
925 | from Matthew Ife. | ||
926 | |||
927 | 20130918 | ||
928 | - (dtucker) [sshd_config] Trailing whitespace; from jstjohn at purdue edu. | ||
929 | |||
930 | 20130914 | ||
931 | - (djm) OpenBSD CVS Sync | ||
932 | - djm@cvs.openbsd.org 2013/08/22 19:02:21 | ||
933 | [sshd.c] | ||
934 | Stir PRNG after post-accept fork. The child gets a different PRNG state | ||
935 | anyway via rexec and explicit privsep reseeds, but it's good to be sure. | ||
936 | ok markus@ | ||
937 | - mikeb@cvs.openbsd.org 2013/08/28 12:34:27 | ||
938 | [ssh-keygen.c] | ||
939 | improve batch processing a bit by making use of the quite flag a bit | ||
940 | more often and exit with a non zero code if asked to find a hostname | ||
941 | in a known_hosts file and it wasn't there; | ||
942 | originally from reyk@, ok djm | ||
943 | - djm@cvs.openbsd.org 2013/08/31 00:13:54 | ||
944 | [sftp.c] | ||
945 | make ^w match ksh behaviour (delete previous word instead of entire line) | ||
946 | - deraadt@cvs.openbsd.org 2013/09/02 22:00:34 | ||
947 | [ssh-keygen.c sshconnect1.c sshd.c] | ||
948 | All the instances of arc4random_stir() are bogus, since arc4random() | ||
949 | does this itself, inside itself, and has for a very long time.. Actually, | ||
950 | this was probably reducing the entropy available. | ||
951 | ok djm | ||
952 | ID SYNC ONLY for portable; we don't trust other arc4random implementations | ||
953 | to do this right. | ||
954 | - sthen@cvs.openbsd.org 2013/09/07 13:53:11 | ||
955 | [sshd_config] | ||
956 | Remove commented-out kerberos/gssapi config options from sample config, | ||
957 | kerberos support is currently not enabled in ssh in OpenBSD. Discussed with | ||
958 | various people; ok deraadt@ | ||
959 | ID SYNC ONLY for portable; kerberos/gssapi is still pretty popular | ||
960 | - djm@cvs.openbsd.org 2013/09/12 01:41:12 | ||
961 | [clientloop.c] | ||
962 | fix connection crash when sending break (~B) on ControlPersist'd session; | ||
963 | ok dtucker@ | ||
964 | - djm@cvs.openbsd.org 2013/09/13 06:54:34 | ||
965 | [channels.c] | ||
966 | avoid unaligned access in code that reused a buffer to send a | ||
967 | struct in_addr in a reply; simpler just use use buffer_put_int(); | ||
968 | from portable; spotted by and ok dtucker@ | ||
969 | |||
970 | 20130828 | ||
971 | - (djm) [openbsd-compat/bsd-snprintf.c] teach our local snprintf code the | ||
972 | 'j' (intmax_t/uintmax_t) and 'z' (size_t/ssize_t) conversions in case we | ||
973 | start to use them in the future. | ||
974 | - (djm) [openbsd-compat/bsd-snprintf.c] #ifdef noytet for intmax_t bits | ||
975 | until we have configure support. | ||
976 | |||
977 | 20130821 | ||
978 | - (djm) OpenBSD CVS Sync | ||
979 | - djm@cvs.openbsd.org 2013/08/06 23:03:49 | ||
980 | [sftp.c] | ||
981 | fix some whitespace at EOL | ||
982 | make list of commands an enum rather than a long list of defines | ||
983 | add -a to usage() | ||
984 | - djm@cvs.openbsd.org 2013/08/06 23:05:01 | ||
985 | [sftp.1] | ||
986 | document top-level -a option (the -a option to 'get' was already | ||
987 | documented) | ||
988 | - djm@cvs.openbsd.org 2013/08/06 23:06:01 | ||
989 | [servconf.c] | ||
990 | add cast to avoid format warning; from portable | ||
991 | - jmc@cvs.openbsd.org 2013/08/07 06:24:51 | ||
992 | [sftp.1 sftp.c] | ||
993 | sort -a; | ||
994 | - djm@cvs.openbsd.org 2013/08/08 04:52:04 | ||
995 | [sftp.c] | ||
996 | fix two year old regression: symlinking a file would incorrectly | ||
997 | canonicalise the target path. bz#2129 report from delphij AT freebsd.org | ||
998 | - djm@cvs.openbsd.org 2013/08/08 05:04:03 | ||
999 | [sftp-client.c sftp-client.h sftp.c] | ||
1000 | add a "-l" flag for the rename command to force it to use the silly | ||
1001 | standard SSH_FXP_RENAME command instead of the POSIX-rename- like | ||
1002 | posix-rename@openssh.com extension. | ||
1003 | |||
1004 | intended for use in regress tests, so no documentation. | ||
1005 | - djm@cvs.openbsd.org 2013/08/09 03:37:25 | ||
1006 | [sftp.c] | ||
1007 | do getopt parsing for all sftp commands (with an empty optstring for | ||
1008 | commands without arguments) to ensure consistent behaviour | ||
1009 | - djm@cvs.openbsd.org 2013/08/09 03:39:13 | ||
1010 | [sftp-client.c] | ||
1011 | two problems found by a to-be-committed regress test: 1) msg_id was not | ||
1012 | being initialised so was starting at a random value from the heap | ||
1013 | (harmless, but confusing). 2) some error conditions were not being | ||
1014 | propagated back to the caller | ||
1015 | - djm@cvs.openbsd.org 2013/08/09 03:56:42 | ||
1016 | [sftp.c] | ||
1017 | enable ctrl-left-arrow and ctrl-right-arrow to move forward/back a word; | ||
1018 | matching ksh's relatively recent change. | ||
1019 | - djm@cvs.openbsd.org 2013/08/13 18:32:08 | ||
1020 | [ssh-keygen.c] | ||
1021 | typo in error message; from Stephan Rickauer | ||
1022 | - djm@cvs.openbsd.org 2013/08/13 18:33:08 | ||
1023 | [ssh-keygen.c] | ||
1024 | another of the same typo | ||
1025 | - jmc@cvs.openbsd.org 2013/08/14 08:39:27 | ||
1026 | [scp.1 ssh.1] | ||
1027 | some Bx/Ox conversion; | ||
1028 | From: Jan Stary | ||
1029 | - djm@cvs.openbsd.org 2013/08/20 00:11:38 | ||
1030 | [readconf.c readconf.h ssh_config.5 sshconnect.c] | ||
1031 | Add a ssh_config ProxyUseFDPass option that supports the use of | ||
1032 | ProxyCommands that establish a connection and then pass a connected | ||
1033 | file descriptor back to ssh(1). This allows the ProxyCommand to exit | ||
1034 | rather than have to shuffle data back and forth and enables ssh to use | ||
1035 | getpeername, etc. to obtain address information just like it does with | ||
1036 | regular directly-connected sockets. ok markus@ | ||
1037 | - jmc@cvs.openbsd.org 2013/08/20 06:56:07 | ||
1038 | [ssh.1 ssh_config.5] | ||
1039 | some proxyusefdpass tweaks; | ||
23 | 1040 | ||
24 | 20130808 | 1041 | 20130808 |
25 | - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt | 1042 | - (dtucker) [regress/Makefile regress/test-exec.sh] Don't try to use test -nt |
@@ -34,6 +1051,7 @@ | |||
34 | - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt | 1051 | - (dtucker) [regress/Makefile regress/test-exec.sh] Roll back the -nt |
35 | removal. The "make clean" removes modpipe which is built by the top-level | 1052 | removal. The "make clean" removes modpipe which is built by the top-level |
36 | directory before running the tests. Spotted by tim@ | 1053 | directory before running the tests. Spotted by tim@ |
1054 | - (djm) Release 6.3p1 | ||
37 | 1055 | ||
38 | 20130804 | 1056 | 20130804 |
39 | - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support | 1057 | - (dtucker) [auth-krb5.c configure.ac openbsd-compat/bsd-misc.h] Add support |
@@ -668,10 +1686,10 @@ | |||
668 | to avoid conflicting definitions of __int64, adding the required bits. | 1686 | to avoid conflicting definitions of __int64, adding the required bits. |
669 | Patch from Corinna Vinschen. | 1687 | Patch from Corinna Vinschen. |
670 | 1688 | ||
671 | 20120323 | 1689 | 20130323 |
672 | - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. | 1690 | - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. |
673 | 1691 | ||
674 | 20120322 | 1692 | 20130322 |
675 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil | 1693 | - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil |
676 | Hands' greatly revised version. | 1694 | Hands' greatly revised version. |
677 | - (djm) Release 6.2p1 | 1695 | - (djm) Release 6.2p1 |
@@ -679,16 +1697,16 @@ | |||
679 | - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before | 1697 | - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before |
680 | defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. | 1698 | defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. |
681 | 1699 | ||
682 | 20120318 | 1700 | 20130318 |
683 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] | 1701 | - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] |
684 | [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's | 1702 | [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's |
685 | so mark it as broken. Patch from des AT des.no | 1703 | so mark it as broken. Patch from des AT des.no |
686 | 1704 | ||
687 | 20120317 | 1705 | 20130317 |
688 | - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none | 1706 | - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none |
689 | of the bits the configure test looks for. | 1707 | of the bits the configure test looks for. |
690 | 1708 | ||
691 | 20120316 | 1709 | 20130316 |
692 | - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform | 1710 | - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform |
693 | is unable to successfully compile them. Based on patch from des AT | 1711 | is unable to successfully compile them. Based on patch from des AT |
694 | des.no | 1712 | des.no |
@@ -698,7 +1716,7 @@ | |||
698 | occur after UID switch; patch from John Marshall via des AT des.no; | 1716 | occur after UID switch; patch from John Marshall via des AT des.no; |
699 | ok dtucker@ | 1717 | ok dtucker@ |
700 | 1718 | ||
701 | 20120312 | 1719 | 20130312 |
702 | - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] | 1720 | - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] |
703 | Improve portability of cipher-speed test, based mostly on a patch from | 1721 | Improve portability of cipher-speed test, based mostly on a patch from |
704 | Iain Morgan. | 1722 | Iain Morgan. |
@@ -1645,2052 +2663,3 @@ | |||
1645 | [contrib/suse/openssh.spec] Update for release 6.0 | 2663 | [contrib/suse/openssh.spec] Update for release 6.0 |
1646 | - (djm) [README] Update URL to release notes. | 2664 | - (djm) [README] Update URL to release notes. |
1647 | - (djm) Release openssh-6.0 | 2665 | - (djm) Release openssh-6.0 |
1648 | |||
1649 | 20120419 | ||
1650 | - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil | ||
1651 | contains openpty() but not login() | ||
1652 | |||
1653 | 20120404 | ||
1654 | - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox | ||
1655 | mode for Linux's new seccomp filter; patch from Will Drewry; feedback | ||
1656 | and ok dtucker@ | ||
1657 | |||
1658 | 20120330 | ||
1659 | - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING | ||
1660 | file from spec file. From crighter at nuclioss com. | ||
1661 | - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running | ||
1662 | openssh binaries on a newer fix release than they were compiled on. | ||
1663 | with and ok dtucker@ | ||
1664 | - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect | ||
1665 | assumptions when building on Cygwin; patch from Corinna Vinschen | ||
1666 | |||
1667 | 20120309 | ||
1668 | - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux | ||
1669 | systems where sshd is run in te wrong context. Patch from Sven | ||
1670 | Vermeulen; ok dtucker@ | ||
1671 | - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 | ||
1672 | addressed connections. ok dtucker@ | ||
1673 | |||
1674 | 20120224 | ||
1675 | - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM | ||
1676 | audit breakage in Solaris 11. Patch from Magnus Johansson. | ||
1677 | |||
1678 | 20120215 | ||
1679 | - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for | ||
1680 | unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c | ||
1681 | ok dtucker@ | ||
1682 | - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so | ||
1683 | it actually works. | ||
1684 | - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote | ||
1685 | to work. Spotted by Angel Gonzalez | ||
1686 | |||
1687 | 20120214 | ||
1688 | - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of | ||
1689 | preserved Cygwin environment variables; from Corinna Vinschen | ||
1690 | |||
1691 | 20120211 | ||
1692 | - (djm) OpenBSD CVS Sync | ||
1693 | - djm@cvs.openbsd.org 2012/01/05 00:16:56 | ||
1694 | [monitor.c] | ||
1695 | memleak on error path | ||
1696 | - djm@cvs.openbsd.org 2012/01/07 21:11:36 | ||
1697 | [mux.c] | ||
1698 | fix double-free in new session handler | ||
1699 | - miod@cvs.openbsd.org 2012/01/08 13:17:11 | ||
1700 | [ssh-ecdsa.c] | ||
1701 | Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, | ||
1702 | ok markus@ | ||
1703 | - miod@cvs.openbsd.org 2012/01/16 20:34:09 | ||
1704 | [ssh-pkcs11-client.c] | ||
1705 | Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. | ||
1706 | While there, be sure to buffer_clear() between send_msg() and recv_msg(). | ||
1707 | ok markus@ | ||
1708 | - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 | ||
1709 | [clientloop.c] | ||
1710 | Ensure that $DISPLAY contains only valid characters before using it to | ||
1711 | extract xauth data so that it can't be used to play local shell | ||
1712 | metacharacter games. Report from r00t_ati at ihteam.net, ok markus. | ||
1713 | - markus@cvs.openbsd.org 2012/01/25 19:26:43 | ||
1714 | [packet.c] | ||
1715 | do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; | ||
1716 | ok dtucker@, djm@ | ||
1717 | - markus@cvs.openbsd.org 2012/01/25 19:36:31 | ||
1718 | [authfile.c] | ||
1719 | memleak in key_load_file(); from Jan Klemkow | ||
1720 | - markus@cvs.openbsd.org 2012/01/25 19:40:09 | ||
1721 | [packet.c packet.h] | ||
1722 | packet_read_poll() is not used anymore. | ||
1723 | - markus@cvs.openbsd.org 2012/02/09 20:00:18 | ||
1724 | [version.h] | ||
1725 | move from 6.0-beta to 6.0 | ||
1726 | |||
1727 | 20120206 | ||
1728 | - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms | ||
1729 | that don't support ECC. Patch from Phil Oleson | ||
1730 | |||
1731 | 20111219 | ||
1732 | - OpenBSD CVS Sync | ||
1733 | - djm@cvs.openbsd.org 2011/12/02 00:41:56 | ||
1734 | [mux.c] | ||
1735 | fix bz#1948: ssh -f doesn't fork for multiplexed connection. | ||
1736 | ok dtucker@ | ||
1737 | - djm@cvs.openbsd.org 2011/12/02 00:43:57 | ||
1738 | [mac.c] | ||
1739 | fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before | ||
1740 | HMAC_init (this change in policy seems insane to me) | ||
1741 | ok dtucker@ | ||
1742 | - djm@cvs.openbsd.org 2011/12/04 23:16:12 | ||
1743 | [mux.c] | ||
1744 | revert: | ||
1745 | > revision 1.32 | ||
1746 | > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 | ||
1747 | > fix bz#1948: ssh -f doesn't fork for multiplexed connection. | ||
1748 | > ok dtucker@ | ||
1749 | it interacts badly with ControlPersist | ||
1750 | - djm@cvs.openbsd.org 2011/12/07 05:44:38 | ||
1751 | [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] | ||
1752 | fix some harmless and/or unreachable int overflows; | ||
1753 | reported Xi Wang, ok markus@ | ||
1754 | |||
1755 | 20111125 | ||
1756 | - OpenBSD CVS Sync | ||
1757 | - oga@cvs.openbsd.org 2011/11/16 12:24:28 | ||
1758 | [sftp.c] | ||
1759 | Don't leak list in complete_cmd_parse if there are no commands found. | ||
1760 | Discovered when I was ``borrowing'' this code for something else. | ||
1761 | ok djm@ | ||
1762 | |||
1763 | 20111121 | ||
1764 | - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ | ||
1765 | |||
1766 | 20111104 | ||
1767 | - (dtucker) OpenBSD CVS Sync | ||
1768 | - djm@cvs.openbsd.org 2011/10/18 05:15:28 | ||
1769 | [ssh.c] | ||
1770 | ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ | ||
1771 | - djm@cvs.openbsd.org 2011/10/18 23:37:42 | ||
1772 | [ssh-add.c] | ||
1773 | add -k to usage(); reminded by jmc@ | ||
1774 | - djm@cvs.openbsd.org 2011/10/19 00:06:10 | ||
1775 | [moduli.c] | ||
1776 | s/tmpfile/tmp/ to make this -Wshadow clean | ||
1777 | - djm@cvs.openbsd.org 2011/10/19 10:39:48 | ||
1778 | [umac.c] | ||
1779 | typo in comment; patch from Michael W. Bombardieri | ||
1780 | - djm@cvs.openbsd.org 2011/10/24 02:10:46 | ||
1781 | [ssh.c] | ||
1782 | bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh | ||
1783 | was incorrectly requesting the forward in both the control master and | ||
1784 | slave. skip requesting it in the master to fix. ok markus@ | ||
1785 | - djm@cvs.openbsd.org 2011/10/24 02:13:13 | ||
1786 | [session.c] | ||
1787 | bz#1859: send tty break to pty master instead of (probably already | ||
1788 | closed) slave side; "looks good" markus@ | ||
1789 | - dtucker@cvs.openbsd.org 011/11/04 00:09:39 | ||
1790 | [moduli] | ||
1791 | regenerated moduli file; ok deraadt | ||
1792 | - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in | ||
1793 | openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] | ||
1794 | bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library | ||
1795 | which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) | ||
1796 | with some rework from myself and djm. ok djm. | ||
1797 | |||
1798 | 20111025 | ||
1799 | - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file | ||
1800 | fails. Patch from Corinna Vinschen. | ||
1801 | |||
1802 | 20111018 | ||
1803 | - (djm) OpenBSD CVS Sync | ||
1804 | - djm@cvs.openbsd.org 2011/10/04 14:17:32 | ||
1805 | [sftp-glob.c] | ||
1806 | silence error spam for "ls */foo" in directory with files; bz#1683 | ||
1807 | - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 | ||
1808 | [moduli.c ssh-keygen.1 ssh-keygen.c] | ||
1809 | Add optional checkpoints for moduli screening. feedback & ok deraadt | ||
1810 | - jmc@cvs.openbsd.org 2011/10/16 15:02:41 | ||
1811 | [ssh-keygen.c] | ||
1812 | put -K in the right place (usage()); | ||
1813 | - stsp@cvs.openbsd.org 2011/10/16 15:51:39 | ||
1814 | [moduli.c] | ||
1815 | add missing includes to unbreak tree; fix from rpointel | ||
1816 | - djm@cvs.openbsd.org 2011/10/18 04:58:26 | ||
1817 | [auth-options.c key.c] | ||
1818 | remove explict search for \0 in packet strings, this job is now done | ||
1819 | implicitly by buffer_get_cstring; ok markus | ||
1820 | - djm@cvs.openbsd.org 2011/10/18 05:00:48 | ||
1821 | [ssh-add.1 ssh-add.c] | ||
1822 | new "ssh-add -k" option to load plain keys (skipping certificates); | ||
1823 | "looks ok" markus@ | ||
1824 | |||
1825 | 20111001 | ||
1826 | - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm | ||
1827 | - (dtucker) OpenBSD CVS Sync | ||
1828 | - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 | ||
1829 | [channels.c auth-options.c servconf.c channels.h sshd.8] | ||
1830 | Add wildcard support to PermitOpen, allowing things like "PermitOpen | ||
1831 | localhost:*". bz #1857, ok djm markus. | ||
1832 | - markus@cvs.openbsd.org 2011/09/23 07:45:05 | ||
1833 | [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c | ||
1834 | version.h] | ||
1835 | unbreak remote portforwarding with dynamic allocated listen ports: | ||
1836 | 1) send the actual listen port in the open message (instead of 0). | ||
1837 | this allows multiple forwardings with a dynamic listen port | ||
1838 | 2) update the matching permit-open entry, so we can identify where | ||
1839 | to connect to | ||
1840 | report: den at skbkontur.ru and P. Szczygielski | ||
1841 | feedback and ok djm@ | ||
1842 | - djm@cvs.openbsd.org 2011/09/25 05:44:47 | ||
1843 | [auth2-pubkey.c] | ||
1844 | improve the AuthorizedPrincipalsFile debug log message to include | ||
1845 | file and line number | ||
1846 | - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 | ||
1847 | [sshd.c] | ||
1848 | don't attempt privsep cleanup when not using privsep; ok markus@ | ||
1849 | - djm@cvs.openbsd.org 2011/09/30 21:22:49 | ||
1850 | [sshd.c] | ||
1851 | fix inverted test that caused logspam; spotted by henning@ | ||
1852 | |||
1853 | 20110929 | ||
1854 | - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch | ||
1855 | from des AT des.no | ||
1856 | - (dtucker) [configure.ac openbsd-compat/Makefile.in | ||
1857 | openbsd-compat/strnlen.c] Add strnlen to the compat library. | ||
1858 | |||
1859 | 20110923 | ||
1860 | - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no | ||
1861 | longer want to sync this file (OpenBSD uses a __getcwd syscall now, we | ||
1862 | want this longhand version) | ||
1863 | - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the | ||
1864 | upstream version is YPified and we don't want this | ||
1865 | - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. | ||
1866 | The file was totally rewritten between what we had in tree and -current. | ||
1867 | - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid | ||
1868 | marker. The upstream API has changed (function and structure names) | ||
1869 | enough to put it out of sync with other providers of this interface. | ||
1870 | - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion | ||
1871 | of static __findenv() function from upstream setenv.c | ||
1872 | - OpenBSD CVS Sync | ||
1873 | - millert@cvs.openbsd.org 2006/05/05 15:27:38 | ||
1874 | [openbsd-compat/strlcpy.c] | ||
1875 | Convert do {} while loop -> while {} for clarity. No binary change | ||
1876 | on most architectures. From Oliver Smith. OK deraadt@ and henning@ | ||
1877 | - tobias@cvs.openbsd.org 2007/10/21 11:09:30 | ||
1878 | [openbsd-compat/mktemp.c] | ||
1879 | Comment fix about time consumption of _gettemp. | ||
1880 | FreeBSD did this in revision 1.20. | ||
1881 | OK deraadt@, krw@ | ||
1882 | - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 | ||
1883 | [openbsd-compat/mktemp.c] | ||
1884 | use arc4random_uniform(); ok djm millert | ||
1885 | - millert@cvs.openbsd.org 2008/08/21 16:54:44 | ||
1886 | [openbsd-compat/mktemp.c] | ||
1887 | Remove useless code, the kernel will set errno appropriately if an | ||
1888 | element in the path does not exist. OK deraadt@ pvalchev@ | ||
1889 | - otto@cvs.openbsd.org 2008/12/09 19:38:38 | ||
1890 | [openbsd-compat/inet_ntop.c] | ||
1891 | fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon | ||
1892 | |||
1893 | 20110922 | ||
1894 | - OpenBSD CVS Sync | ||
1895 | - pyr@cvs.openbsd.org 2011/05/12 07:15:10 | ||
1896 | [openbsd-compat/glob.c] | ||
1897 | When the max number of items for a directory has reached GLOB_LIMIT_READDIR | ||
1898 | an error is returned but closedir() is not called. | ||
1899 | spotted and fix provided by Frank Denis obsd-tech@pureftpd.org | ||
1900 | ok otto@, millert@ | ||
1901 | - stsp@cvs.openbsd.org 2011/09/20 10:18:46 | ||
1902 | [glob.c] | ||
1903 | In glob(3), limit recursion during matching attempts. Similar to | ||
1904 | fnmatch fix. Also collapse consecutive '*' (from NetBSD). | ||
1905 | ok miod deraadt | ||
1906 | - djm@cvs.openbsd.org 2011/09/22 06:27:29 | ||
1907 | [glob.c] | ||
1908 | fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being | ||
1909 | applied only to the gl_pathv vector and not the corresponding gl_statv | ||
1910 | array. reported in OpenSSH bz#1935; feedback and okay matthew@ | ||
1911 | - djm@cvs.openbsd.org 2011/08/26 01:45:15 | ||
1912 | [ssh.1] | ||
1913 | Add some missing ssh_config(5) options that can be used in ssh(1)'s | ||
1914 | -o argument. Patch from duclare AT guu.fi | ||
1915 | - djm@cvs.openbsd.org 2011/09/05 05:56:13 | ||
1916 | [scp.1 sftp.1] | ||
1917 | mention ControlPersist and KbdInteractiveAuthentication in the -o | ||
1918 | verbiage in these pages too (prompted by jmc@) | ||
1919 | - djm@cvs.openbsd.org 2011/09/05 05:59:08 | ||
1920 | [misc.c] | ||
1921 | fix typo in IPQoS parsing: there is no "AF14" class, but there is | ||
1922 | an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk | ||
1923 | - jmc@cvs.openbsd.org 2011/09/05 07:01:44 | ||
1924 | [scp.1] | ||
1925 | knock out a useless Ns; | ||
1926 | - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 | ||
1927 | [ssh-keygen.1] | ||
1928 | typo (they vs the) found by Lawrence Teo | ||
1929 | - djm@cvs.openbsd.org 2011/09/09 00:43:00 | ||
1930 | [ssh_config.5 sshd_config.5] | ||
1931 | fix typo in IPQoS parsing: there is no "AF14" class, but there is | ||
1932 | an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk | ||
1933 | - djm@cvs.openbsd.org 2011/09/09 00:44:07 | ||
1934 | [PROTOCOL.mux] | ||
1935 | MUX_C_CLOSE_FWD includes forward type in message (though it isn't | ||
1936 | implemented anyway) | ||
1937 | - djm@cvs.openbsd.org 2011/09/09 22:37:01 | ||
1938 | [scp.c] | ||
1939 | suppress adding '--' to remote commandlines when the first argument | ||
1940 | does not start with '-'. saves breakage on some difficult-to-upgrade | ||
1941 | embedded/router platforms; feedback & ok dtucker ok markus | ||
1942 | - djm@cvs.openbsd.org 2011/09/09 22:38:21 | ||
1943 | [sshd.c] | ||
1944 | kill the preauth privsep child on fatal errors in the monitor; | ||
1945 | ok markus@ | ||
1946 | - djm@cvs.openbsd.org 2011/09/09 22:46:44 | ||
1947 | [channels.c channels.h clientloop.h mux.c ssh.c] | ||
1948 | support for cancelling local and remote port forwards via the multiplex | ||
1949 | socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request | ||
1950 | the cancellation of the specified forwardings; ok markus@ | ||
1951 | - markus@cvs.openbsd.org 2011/09/10 22:26:34 | ||
1952 | [channels.c channels.h clientloop.c ssh.1] | ||
1953 | support cancellation of local/dynamic forwardings from ~C commandline; | ||
1954 | ok & feedback djm@ | ||
1955 | - okan@cvs.openbsd.org 2011/09/11 06:59:05 | ||
1956 | [ssh.1] | ||
1957 | document new -O cancel command; ok djm@ | ||
1958 | - markus@cvs.openbsd.org 2011/09/11 16:07:26 | ||
1959 | [sftp-client.c] | ||
1960 | fix leaks in do_hardlink() and do_readlink(); bz#1921 | ||
1961 | from Loganaden Velvindron | ||
1962 | - markus@cvs.openbsd.org 2011/09/12 08:46:15 | ||
1963 | [sftp-client.c] | ||
1964 | fix leak in do_lsreaddir(); ok djm | ||
1965 | - djm@cvs.openbsd.org 2011/09/22 06:29:03 | ||
1966 | [sftp.c] | ||
1967 | don't let remote_glob() implicitly sort its results in do_globbed_ls() - | ||
1968 | in all likelihood, they will be resorted anyway | ||
1969 | |||
1970 | 20110909 | ||
1971 | - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From | ||
1972 | Colin Watson. | ||
1973 | |||
1974 | 20110906 | ||
1975 | - (djm) [README version.h] Correct version | ||
1976 | - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon | ||
1977 | - (djm) Respin OpenSSH-5.9p1 release | ||
1978 | |||
1979 | 20110905 | ||
1980 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
1981 | [contrib/suse/openssh.spec] Update version numbers. | ||
1982 | |||
1983 | 20110904 | ||
1984 | - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal | ||
1985 | regress errors for the sandbox to warnings. ok tim dtucker | ||
1986 | - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations | ||
1987 | ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen | ||
1988 | support. | ||
1989 | |||
1990 | 20110829 | ||
1991 | - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting | ||
1992 | to switch SELinux context away from unconfined_t, based on patch from | ||
1993 | Jan Chadima; bz#1919 ok dtucker@ | ||
1994 | |||
1995 | 20110827 | ||
1996 | - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. | ||
1997 | |||
1998 | 20110818 | ||
1999 | - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze | ||
2000 | |||
2001 | 20110817 | ||
2002 | - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for | ||
2003 | OpenSSL 0.9.7. ok djm | ||
2004 | - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] | ||
2005 | binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen | ||
2006 | - (djm) [configure.ac] error out if the host lacks the necessary bits for | ||
2007 | an explicitly requested sandbox type | ||
2008 | - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by | ||
2009 | bisson AT archlinux.org | ||
2010 | - (djm) OpenBSD CVS Sync | ||
2011 | - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 | ||
2012 | [regress/cfgmatch.sh] | ||
2013 | use OBJ to find test configs, patch from Tim Rice | ||
2014 | - markus@cvs.openbsd.org 2011/06/30 22:44:43 | ||
2015 | [regress/connect-privsep.sh] | ||
2016 | test with sandbox enabled; ok djm@ | ||
2017 | - djm@cvs.openbsd.org 2011/08/02 01:23:41 | ||
2018 | [regress/cipher-speed.sh regress/try-ciphers.sh] | ||
2019 | add SHA256/SHA512 based HMAC modes | ||
2020 | - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 | ||
2021 | MAC tests for platforms that hack EVP_SHA2 support | ||
2022 | |||
2023 | 20110812 | ||
2024 | - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context | ||
2025 | change error by reporting old and new context names Patch from | ||
2026 | jchadima at redhat. | ||
2027 | - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] | ||
2028 | [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES | ||
2029 | init scrips from imorgan AT nas.nasa.gov; bz#1920 | ||
2030 | - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the | ||
2031 | identify file contained whitespace. bz#1828 patch from gwenael.lambrouin | ||
2032 | AT gmail.com; ok dtucker@ | ||
2033 | |||
2034 | 20110807 | ||
2035 | - (dtucker) OpenBSD CVS Sync | ||
2036 | - jmc@cvs.openbsd.org 2008/06/26 06:59:39 | ||
2037 | [moduli.5] | ||
2038 | tweak previous; | ||
2039 | - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 | ||
2040 | [moduli.5] | ||
2041 | "Diffie-Hellman" is the usual spelling for the cryptographic protocol | ||
2042 | first published by Whitfield Diffie and Martin Hellman in 1976. | ||
2043 | ok jmc@ | ||
2044 | - jmc@cvs.openbsd.org 2010/10/14 20:41:28 | ||
2045 | [moduli.5] | ||
2046 | probabalistic -> probabilistic; from naddy | ||
2047 | - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 | ||
2048 | [sftp.1] | ||
2049 | typo, fix from Laurent Gautrot | ||
2050 | |||
2051 | 20110805 | ||
2052 | - OpenBSD CVS Sync | ||
2053 | - djm@cvs.openbsd.org 2011/06/23 23:35:42 | ||
2054 | [monitor.c] | ||
2055 | ignore EINTR errors from poll() | ||
2056 | - tedu@cvs.openbsd.org 2011/07/06 18:09:21 | ||
2057 | [authfd.c] | ||
2058 | bzero the agent address. the kernel was for a while very cranky about | ||
2059 | these things. evne though that's fixed, always good to initialize | ||
2060 | memory. ok deraadt djm | ||
2061 | - djm@cvs.openbsd.org 2011/07/29 14:42:45 | ||
2062 | [sandbox-systrace.c] | ||
2063 | fail open(2) with EPERM rather than SIGKILLing the whole process. libc | ||
2064 | will call open() to do strerror() when NLS is enabled; | ||
2065 | feedback and ok markus@ | ||
2066 | - markus@cvs.openbsd.org 2011/08/01 19:18:15 | ||
2067 | [gss-serv.c] | ||
2068 | prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); | ||
2069 | report Adam Zabrock; ok djm@, deraadt@ | ||
2070 | - djm@cvs.openbsd.org 2011/08/02 01:22:11 | ||
2071 | [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
2072 | Add new SHA256 and SHA512 based HMAC modes from | ||
2073 | http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt | ||
2074 | Patch from mdb AT juniper.net; feedback and ok markus@ | ||
2075 | - djm@cvs.openbsd.org 2011/08/02 23:13:01 | ||
2076 | [version.h] | ||
2077 | crank now, release later | ||
2078 | - djm@cvs.openbsd.org 2011/08/02 23:15:03 | ||
2079 | [ssh.c] | ||
2080 | typo in comment | ||
2081 | |||
2082 | 20110624 | ||
2083 | - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for | ||
2084 | Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing | ||
2085 | markus@ | ||
2086 | |||
2087 | 20110623 | ||
2088 | - OpenBSD CVS Sync | ||
2089 | - djm@cvs.openbsd.org 2011/06/22 21:47:28 | ||
2090 | [servconf.c] | ||
2091 | reuse the multistate option arrays to pretty-print options for "sshd -T" | ||
2092 | - djm@cvs.openbsd.org 2011/06/22 21:57:01 | ||
2093 | [servconf.c servconf.h sshd.c sshd_config.5] | ||
2094 | [configure.ac Makefile.in] | ||
2095 | introduce sandboxing of the pre-auth privsep child using systrace(4). | ||
2096 | |||
2097 | This introduces a new "UsePrivilegeSeparation=sandbox" option for | ||
2098 | sshd_config that applies mandatory restrictions on the syscalls the | ||
2099 | privsep child can perform. This prevents a compromised privsep child | ||
2100 | from being used to attack other hosts (by opening sockets and proxying) | ||
2101 | or probing local kernel attack surface. | ||
2102 | |||
2103 | The sandbox is implemented using systrace(4) in unsupervised "fast-path" | ||
2104 | mode, where a list of permitted syscalls is supplied. Any syscall not | ||
2105 | on the list results in SIGKILL being sent to the privsep child. Note | ||
2106 | that this requires a kernel with the new SYSTR_POLICY_KILL option. | ||
2107 | |||
2108 | UsePrivilegeSeparation=sandbox will become the default in the future | ||
2109 | so please start testing it now. | ||
2110 | |||
2111 | feedback dtucker@; ok markus@ | ||
2112 | - djm@cvs.openbsd.org 2011/06/22 22:08:42 | ||
2113 | [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] | ||
2114 | hook up a channel confirm callback to warn the user then requested X11 | ||
2115 | forwarding was refused by the server; ok markus@ | ||
2116 | - djm@cvs.openbsd.org 2011/06/23 09:34:13 | ||
2117 | [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] | ||
2118 | [sandbox-null.c] | ||
2119 | rename sandbox.h => ssh-sandbox.h to make things easier for portable | ||
2120 | - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support | ||
2121 | setrlimit(2) | ||
2122 | |||
2123 | 20110620 | ||
2124 | - OpenBSD CVS Sync | ||
2125 | - djm@cvs.openbsd.org 2011/06/04 00:10:26 | ||
2126 | [ssh_config.5] | ||
2127 | explain IdentifyFile's semantics a little better, prompted by bz#1898 | ||
2128 | ok dtucker jmc | ||
2129 | - markus@cvs.openbsd.org 2011/06/14 22:49:18 | ||
2130 | [authfile.c] | ||
2131 | make sure key_parse_public/private_rsa1() no longer consumes its input | ||
2132 | buffer. fixes ssh-add for passphrase-protected ssh1-keys; | ||
2133 | noted by naddy@; ok djm@ | ||
2134 | - djm@cvs.openbsd.org 2011/06/17 21:44:31 | ||
2135 | [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] | ||
2136 | make the pre-auth privsep slave log via a socketpair shared with the | ||
2137 | monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ | ||
2138 | - djm@cvs.openbsd.org 2011/06/17 21:46:16 | ||
2139 | [sftp-server.c] | ||
2140 | the protocol version should be unsigned; bz#1913 reported by mb AT | ||
2141 | smartftp.com | ||
2142 | - djm@cvs.openbsd.org 2011/06/17 21:47:35 | ||
2143 | [servconf.c] | ||
2144 | factor out multi-choice option parsing into a parse_multistate label | ||
2145 | and some support structures; ok dtucker@ | ||
2146 | - djm@cvs.openbsd.org 2011/06/17 21:57:25 | ||
2147 | [clientloop.c] | ||
2148 | setproctitle for a mux master that has been gracefully stopped; | ||
2149 | bz#1911 from Bert.Wesarg AT googlemail.com | ||
2150 | |||
2151 | 20110603 | ||
2152 | - (dtucker) [README version.h contrib/caldera/openssh.spec | ||
2153 | contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version | ||
2154 | bumps from the 5.8p2 branch into HEAD. ok djm. | ||
2155 | - (tim) [configure.ac defines.h] Run test program to detect system mail | ||
2156 | directory. Add --with-maildir option to override. Fixed OpenServer 6 | ||
2157 | getting it wrong. Fixed many systems having MAIL=/var/mail//username | ||
2158 | ok dtucker | ||
2159 | - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair | ||
2160 | unconditionally in other places and the survey data we have does not show | ||
2161 | any systems that use it. "nuke it" djm@ | ||
2162 | - (djm) [configure.ac] enable setproctitle emulation for OS X | ||
2163 | - (djm) OpenBSD CVS Sync | ||
2164 | - djm@cvs.openbsd.org 2011/06/03 00:54:38 | ||
2165 | [ssh.c] | ||
2166 | bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg | ||
2167 | AT googlemail.com; ok dtucker@ | ||
2168 | NB. includes additional portability code to enable setproctitle emulation | ||
2169 | on platforms that don't support it. | ||
2170 | - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 | ||
2171 | [ssh-agent.c] | ||
2172 | Check current parent process ID against saved one to determine if the parent | ||
2173 | has exited, rather than attempting to send a zero signal, since the latter | ||
2174 | won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn | ||
2175 | Gillmor, ok djm@ | ||
2176 | - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 | ||
2177 | [regress/dynamic-forward.sh] | ||
2178 | back out revs 1.6 and 1.5 since it's not reliable | ||
2179 | - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 | ||
2180 | [regress/dynamic-forward.sh] | ||
2181 | work around startup and teardown races; caught by deraadt | ||
2182 | - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 | ||
2183 | [regress/dynamic-forward.sh] | ||
2184 | Retry establishing the port forwarding after a small delay, should make | ||
2185 | the tests less flaky when the previous test is slow to shut down and free | ||
2186 | up the port. | ||
2187 | - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. | ||
2188 | |||
2189 | 20110529 | ||
2190 | - (djm) OpenBSD CVS Sync | ||
2191 | - djm@cvs.openbsd.org 2011/05/23 03:30:07 | ||
2192 | [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] | ||
2193 | [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] | ||
2194 | allow AuthorizedKeysFile to specify multiple files, separated by spaces. | ||
2195 | Bring back authorized_keys2 as a default search path (to avoid breaking | ||
2196 | existing users of this file), but override this in sshd_config so it will | ||
2197 | be no longer used on fresh installs. Maybe in 2015 we can remove it | ||
2198 | entierly :) | ||
2199 | |||
2200 | feedback and ok markus@ dtucker@ | ||
2201 | - djm@cvs.openbsd.org 2011/05/23 03:33:38 | ||
2202 | [auth.c] | ||
2203 | make secure_filename() spam debug logs less | ||
2204 | - djm@cvs.openbsd.org 2011/05/23 03:52:55 | ||
2205 | [sshconnect.c] | ||
2206 | remove extra newline | ||
2207 | - jmc@cvs.openbsd.org 2011/05/23 07:10:21 | ||
2208 | [sshd.8 sshd_config.5] | ||
2209 | tweak previous; ok djm | ||
2210 | - djm@cvs.openbsd.org 2011/05/23 07:24:57 | ||
2211 | [authfile.c] | ||
2212 | read in key comments for v.2 keys (though note that these are not | ||
2213 | passed over the agent protocol); bz#439, based on patch from binder | ||
2214 | AT arago.de; ok markus@ | ||
2215 | - djm@cvs.openbsd.org 2011/05/24 07:15:47 | ||
2216 | [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] | ||
2217 | Remove undocumented legacy options UserKnownHostsFile2 and | ||
2218 | GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile | ||
2219 | accept multiple paths per line and making their defaults include | ||
2220 | known_hosts2; ok markus | ||
2221 | - djm@cvs.openbsd.org 2011/05/23 03:31:31 | ||
2222 | [regress/cfgmatch.sh] | ||
2223 | include testing of multiple/overridden AuthorizedKeysFiles | ||
2224 | refactor to simply daemon start/stop and get rid of racy constructs | ||
2225 | |||
2226 | 20110520 | ||
2227 | - (djm) [session.c] call setexeccon() before executing passwd for pw | ||
2228 | changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ | ||
2229 | - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options | ||
2230 | options, we should corresponding -W-option when trying to determine | ||
2231 | whether it is accepted. Also includes a warning fix on the program | ||
2232 | fragment uses (bad main() return type). | ||
2233 | bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ | ||
2234 | - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 | ||
2235 | - OpenBSD CVS Sync | ||
2236 | - djm@cvs.openbsd.org 2011/05/15 08:09:01 | ||
2237 | [authfd.c monitor.c serverloop.c] | ||
2238 | use FD_CLOEXEC consistently; patch from zion AT x96.org | ||
2239 | - djm@cvs.openbsd.org 2011/05/17 07:13:31 | ||
2240 | [key.c] | ||
2241 | fatal() if asked to generate a legacy ECDSA cert (these don't exist) | ||
2242 | and fix the regress test that was trying to generate them :) | ||
2243 | - djm@cvs.openbsd.org 2011/05/20 00:55:02 | ||
2244 | [servconf.c] | ||
2245 | the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile | ||
2246 | and AuthorizedPrincipalsFile were not being correctly applied in | ||
2247 | Match blocks, despite being overridable there; ok dtucker@ | ||
2248 | - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 | ||
2249 | [servconf.c] | ||
2250 | Add comment documenting what should be after the preauth check. ok djm | ||
2251 | - djm@cvs.openbsd.org 2011/05/20 03:25:45 | ||
2252 | [monitor.c monitor_wrap.c servconf.c servconf.h] | ||
2253 | use a macro to define which string options to copy between configs | ||
2254 | for Match. This avoids problems caused by forgetting to keep three | ||
2255 | code locations in perfect sync and ordering | ||
2256 | |||
2257 | "this is at once beautiful and horrible" + ok dtucker@ | ||
2258 | - djm@cvs.openbsd.org 2011/05/17 07:13:31 | ||
2259 | [regress/cert-userkey.sh] | ||
2260 | fatal() if asked to generate a legacy ECDSA cert (these don't exist) | ||
2261 | and fix the regress test that was trying to generate them :) | ||
2262 | - djm@cvs.openbsd.org 2011/05/20 02:43:36 | ||
2263 | [cert-hostkey.sh] | ||
2264 | another attempt to generate a v00 ECDSA key that broke the test | ||
2265 | ID sync only - portable already had this somehow | ||
2266 | - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 | ||
2267 | [dynamic-forward.sh] | ||
2268 | Prevent races in dynamic forwarding test; ok djm | ||
2269 | - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 | ||
2270 | [dynamic-forward.sh] | ||
2271 | fix dumb error in dynamic-forward test | ||
2272 | |||
2273 | 20110515 | ||
2274 | - (djm) OpenBSD CVS Sync | ||
2275 | - djm@cvs.openbsd.org 2011/05/05 05:12:08 | ||
2276 | [mux.c] | ||
2277 | gracefully fall back when ControlPath is too large for a | ||
2278 | sockaddr_un. ok markus@ as part of a larger diff | ||
2279 | - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 | ||
2280 | [sshd_config] | ||
2281 | clarify language about overriding defaults. bz#1892, from Petr Cerny | ||
2282 | - djm@cvs.openbsd.org 2011/05/06 01:09:53 | ||
2283 | [sftp.1] | ||
2284 | mention that IPv6 addresses must be enclosed in square brackets; | ||
2285 | bz#1845 | ||
2286 | - djm@cvs.openbsd.org 2011/05/06 02:05:41 | ||
2287 | [sshconnect2.c] | ||
2288 | fix memory leak; bz#1849 ok dtucker@ | ||
2289 | - djm@cvs.openbsd.org 2011/05/06 21:14:05 | ||
2290 | [packet.c packet.h] | ||
2291 | set traffic class for IPv6 traffic as we do for IPv4 TOS; | ||
2292 | patch from lionel AT mamane.lu via Colin Watson in bz#1855; | ||
2293 | ok markus@ | ||
2294 | - djm@cvs.openbsd.org 2011/05/06 21:18:02 | ||
2295 | [ssh.c ssh_config.5] | ||
2296 | add a %L expansion (short-form of the local host name) for ControlPath; | ||
2297 | sync some more expansions with LocalCommand; ok markus@ | ||
2298 | - djm@cvs.openbsd.org 2011/05/06 21:31:38 | ||
2299 | [readconf.c ssh_config.5] | ||
2300 | support negated Host matching, e.g. | ||
2301 | |||
2302 | Host *.example.org !c.example.org | ||
2303 | User mekmitasdigoat | ||
2304 | |||
2305 | Will match "a.example.org", "b.example.org", but not "c.example.org" | ||
2306 | ok markus@ | ||
2307 | - djm@cvs.openbsd.org 2011/05/06 21:34:32 | ||
2308 | [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] | ||
2309 | Add a RequestTTY ssh_config option to allow configuration-based | ||
2310 | control over tty allocation (like -t/-T); ok markus@ | ||
2311 | - djm@cvs.openbsd.org 2011/05/06 21:38:58 | ||
2312 | [ssh.c] | ||
2313 | fix dropping from previous diff | ||
2314 | - djm@cvs.openbsd.org 2011/05/06 22:20:10 | ||
2315 | [PROTOCOL.mux] | ||
2316 | fix numbering; from bert.wesarg AT googlemail.com | ||
2317 | - jmc@cvs.openbsd.org 2011/05/07 23:19:39 | ||
2318 | [ssh_config.5] | ||
2319 | - tweak previous | ||
2320 | - come consistency fixes | ||
2321 | ok djm | ||
2322 | - jmc@cvs.openbsd.org 2011/05/07 23:20:25 | ||
2323 | [ssh.1] | ||
2324 | +.It RequestTTY | ||
2325 | - djm@cvs.openbsd.org 2011/05/08 12:52:01 | ||
2326 | [PROTOCOL.mux clientloop.c clientloop.h mux.c] | ||
2327 | improve our behaviour when TTY allocation fails: if we are in | ||
2328 | RequestTTY=auto mode (the default), then do not treat at TTY | ||
2329 | allocation error as fatal but rather just restore the local TTY | ||
2330 | to cooked mode and continue. This is more graceful on devices that | ||
2331 | never allocate TTYs. | ||
2332 | |||
2333 | If RequestTTY is set to "yes" or "force", then failure to allocate | ||
2334 | a TTY is fatal. | ||
2335 | |||
2336 | ok markus@ | ||
2337 | - djm@cvs.openbsd.org 2011/05/10 05:46:46 | ||
2338 | [authfile.c] | ||
2339 | despam debug() logs by detecting that we are trying to load a private key | ||
2340 | in key_try_load_public() and returning early; ok markus@ | ||
2341 | - djm@cvs.openbsd.org 2011/05/11 04:47:06 | ||
2342 | [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] | ||
2343 | remove support for authorized_keys2; it is a relic from the early days | ||
2344 | of protocol v.2 support and has been undocumented for many years; | ||
2345 | ok markus@ | ||
2346 | - djm@cvs.openbsd.org 2011/05/13 00:05:36 | ||
2347 | [authfile.c] | ||
2348 | warn on unexpected key type in key_parse_private_type() | ||
2349 | - (djm) [packet.c] unbreak portability #endif | ||
2350 | |||
2351 | 20110510 | ||
2352 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix | ||
2353 | --with-ssl-engine which was broken with the change from deprecated | ||
2354 | SSLeay_add_all_algorithms(). ok djm | ||
2355 | |||
2356 | 20110506 | ||
2357 | - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype | ||
2358 | for closefrom() in test code. Report from Dan Wallis via Gentoo. | ||
2359 | |||
2360 | 20110505 | ||
2361 | - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS | ||
2362 | definitions. From des AT des.no | ||
2363 | - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] | ||
2364 | [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] | ||
2365 | [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] | ||
2366 | [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] | ||
2367 | [regress/README.regress] Remove ssh-rand-helper and all its | ||
2368 | tentacles. PRNGd seeding has been rolled into entropy.c directly. | ||
2369 | Thanks to tim@ for testing on affected platforms. | ||
2370 | - OpenBSD CVS Sync | ||
2371 | - djm@cvs.openbsd.org 2011/03/10 02:52:57 | ||
2372 | [auth2-gss.c auth2.c auth.h] | ||
2373 | allow GSSAPI authentication to detect when a server-side failure causes | ||
2374 | authentication failure and don't count such failures against MaxAuthTries; | ||
2375 | bz#1244 from simon AT sxw.org.uk; ok markus@ before lock | ||
2376 | - okan@cvs.openbsd.org 2011/03/15 10:36:02 | ||
2377 | [ssh-keyscan.c] | ||
2378 | use timerclear macro | ||
2379 | ok djm@ | ||
2380 | - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 | ||
2381 | [ssh-keygen.1 ssh-keygen.c] | ||
2382 | Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) | ||
2383 | for which host keys do not exist, generate the host keys with the | ||
2384 | default key file path, an empty passphrase, default bits for the key | ||
2385 | type, and default comment. This will be used by /etc/rc to generate | ||
2386 | new host keys. Idea from deraadt. | ||
2387 | ok deraadt | ||
2388 | - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 | ||
2389 | [ssh-keygen.1] | ||
2390 | -q not used in /etc/rc now so remove statement. | ||
2391 | - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 | ||
2392 | [ssh-keygen.c] | ||
2393 | remove -d, documentation removed >10 years ago; ok markus | ||
2394 | - jmc@cvs.openbsd.org 2011/03/24 15:29:30 | ||
2395 | [ssh-keygen.1] | ||
2396 | zap trailing whitespace; | ||
2397 | - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 | ||
2398 | [ssh-keygen.c] | ||
2399 | use strcasecmp() for "clear" cert permission option also; ok djm | ||
2400 | - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 | ||
2401 | [misc.c misc.h servconf.c] | ||
2402 | print ipqos friendly string for sshd -T; ok markus | ||
2403 | # sshd -Tf sshd_config|grep ipqos | ||
2404 | ipqos lowdelay throughput | ||
2405 | - djm@cvs.openbsd.org 2011/04/12 04:23:50 | ||
2406 | [ssh-keygen.c] | ||
2407 | fix -Wshadow | ||
2408 | - djm@cvs.openbsd.org 2011/04/12 05:32:49 | ||
2409 | [sshd.c] | ||
2410 | exit with 0 status on SIGTERM; bz#1879 | ||
2411 | - djm@cvs.openbsd.org 2011/04/13 04:02:48 | ||
2412 | [ssh-keygen.1] | ||
2413 | improve wording; bz#1861 | ||
2414 | - djm@cvs.openbsd.org 2011/04/13 04:09:37 | ||
2415 | [ssh-keygen.1] | ||
2416 | mention valid -b sizes for ECDSA keys; bz#1862 | ||
2417 | - djm@cvs.openbsd.org 2011/04/17 22:42:42 | ||
2418 | [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] | ||
2419 | allow graceful shutdown of multiplexing: request that a mux server | ||
2420 | removes its listener socket and refuse future multiplexing requests; | ||
2421 | ok markus@ | ||
2422 | - djm@cvs.openbsd.org 2011/04/18 00:46:05 | ||
2423 | [ssh-keygen.c] | ||
2424 | certificate options are supposed to be packed in lexical order of | ||
2425 | option name (though we don't actually enforce this at present). | ||
2426 | Move one up that was out of sequence | ||
2427 | - djm@cvs.openbsd.org 2011/05/04 21:15:29 | ||
2428 | [authfile.c authfile.h ssh-add.c] | ||
2429 | allow "ssh-add - < key"; feedback and ok markus@ | ||
2430 | - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE | ||
2431 | so autoreconf 2.68 is happy. | ||
2432 | - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ | ||
2433 | |||
2434 | 20110221 | ||
2435 | - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the | ||
2436 | Cygwin-specific service installer script ssh-host-config. The actual | ||
2437 | functionality is the same, the revisited version is just more | ||
2438 | exact when it comes to check for problems which disallow to run | ||
2439 | certain aspects of the script. So, part of this script and the also | ||
2440 | rearranged service helper script library "csih" is to check if all | ||
2441 | the tools required to run the script are available on the system. | ||
2442 | The new script also is more thorough to inform the user why the | ||
2443 | script failed. Patch from vinschen at redhat com. | ||
2444 | |||
2445 | 20110218 | ||
2446 | - OpenBSD CVS Sync | ||
2447 | - djm@cvs.openbsd.org 2011/02/16 00:31:14 | ||
2448 | [ssh-keysign.c] | ||
2449 | make hostbased auth with ECDSA keys work correctly. Based on patch | ||
2450 | by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) | ||
2451 | |||
2452 | 20110206 | ||
2453 | - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in | ||
2454 | selinux code. Patch from Leonardo Chiquitto | ||
2455 | - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key | ||
2456 | generation and simplify. Patch from Corinna Vinschen. | ||
2457 | |||
2458 | 20110204 | ||
2459 | - OpenBSD CVS Sync | ||
2460 | - djm@cvs.openbsd.org 2011/01/31 21:42:15 | ||
2461 | [PROTOCOL.mux] | ||
2462 | cut'n'pasto; from bert.wesarg AT googlemail.com | ||
2463 | - djm@cvs.openbsd.org 2011/02/04 00:44:21 | ||
2464 | [key.c] | ||
2465 | fix uninitialised nonce variable; reported by Mateusz Kocielski | ||
2466 | - djm@cvs.openbsd.org 2011/02/04 00:44:43 | ||
2467 | [version.h] | ||
2468 | openssh-5.8 | ||
2469 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
2470 | [contrib/suse/openssh.spec] update versions in docs and spec files. | ||
2471 | - Release OpenSSH 5.8p1 | ||
2472 | |||
2473 | 20110128 | ||
2474 | - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled | ||
2475 | before attempting setfscreatecon(). Check whether matchpathcon() | ||
2476 | succeeded before using its result. Patch from cjwatson AT debian.org; | ||
2477 | bz#1851 | ||
2478 | |||
2479 | 20110127 | ||
2480 | - (tim) [config.guess config.sub] Sync with upstream. | ||
2481 | - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete | ||
2482 | AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with | ||
2483 | AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white | ||
2484 | space changes for consistency/readability. Makes autoconf 2.68 happy. | ||
2485 | "Nice work" djm | ||
2486 | |||
2487 | 20110125 | ||
2488 | - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c | ||
2489 | openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to | ||
2490 | port-linux.c to avoid compilation errors. Add -lselinux to ssh when | ||
2491 | building with SELinux support to avoid linking failure; report from | ||
2492 | amk AT spamfence.net; ok dtucker | ||
2493 | |||
2494 | 20110122 | ||
2495 | - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add | ||
2496 | RSA_get_default_method() for the benefit of openssl versions that don't | ||
2497 | have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, | ||
2498 | ok djm@. | ||
2499 | - OpenBSD CVS Sync | ||
2500 | - djm@cvs.openbsd.org 2011/01/22 09:18:53 | ||
2501 | [version.h] | ||
2502 | crank to OpenSSH-5.7 | ||
2503 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
2504 | [contrib/suse/openssh.spec] update versions in docs and spec files. | ||
2505 | - (djm) Release 5.7p1 | ||
2506 | |||
2507 | 20110119 | ||
2508 | - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead | ||
2509 | of RPM so build completes. Signatures were changed to .asc since 4.1p1. | ||
2510 | - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to | ||
2511 | 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- | ||
2512 | release testing (random crashes and failure to load ECC keys). | ||
2513 | ok dtucker@ | ||
2514 | |||
2515 | 20110117 | ||
2516 | - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in | ||
2517 | $PATH, fix cleanup of droppings; reported by openssh AT | ||
2518 | roumenpetrov.info; ok dtucker@ | ||
2519 | - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding | ||
2520 | its unique snowflake of a gdb error to the ones we look for. | ||
2521 | - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running | ||
2522 | ssh-add to avoid $SUDO failures on Linux | ||
2523 | - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new | ||
2524 | Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback | ||
2525 | to the old values. Feedback from vapier at gentoo org and djm, ok djm. | ||
2526 | - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] | ||
2527 | [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are | ||
2528 | disabled on platforms that do not support them; add a "config_defined()" | ||
2529 | shell function that greps for defines in config.h and use them to decide | ||
2530 | on feature tests. | ||
2531 | Convert a couple of existing grep's over config.h to use the new function | ||
2532 | Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent | ||
2533 | backslash characters in filenames, enable it for Cygwin and use it to turn | ||
2534 | of tests for quotes backslashes in sftp-glob.sh. | ||
2535 | based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ | ||
2536 | - (tim) [regress/agent-getpeereid.sh] shell portability fix. | ||
2537 | - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on | ||
2538 | the tinderbox. | ||
2539 | - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h | ||
2540 | configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem | ||
2541 | support, based on patches from Tomas Mraz and jchadima at redhat. | ||
2542 | |||
2543 | 20110116 | ||
2544 | - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based | ||
2545 | on configurations that don't have it. | ||
2546 | - OpenBSD CVS Sync | ||
2547 | - djm@cvs.openbsd.org 2011/01/16 11:50:05 | ||
2548 | [clientloop.c] | ||
2549 | Use atomicio when flushing protocol 1 std{out,err} buffers at | ||
2550 | session close. This was a latent bug exposed by setting a SIGCHLD | ||
2551 | handler and spotted by kevin.brott AT gmail.com; ok dtucker@ | ||
2552 | - djm@cvs.openbsd.org 2011/01/16 11:50:36 | ||
2553 | [sshconnect.c] | ||
2554 | reset the SIGPIPE handler when forking to execute child processes; | ||
2555 | ok dtucker@ | ||
2556 | - djm@cvs.openbsd.org 2011/01/16 12:05:59 | ||
2557 | [clientloop.c] | ||
2558 | a couple more tweaks to the post-close protocol 1 stderr/stdout flush: | ||
2559 | now that we use atomicio(), convert them from while loops to if statements | ||
2560 | add test and cast to compile cleanly with -Wsigned | ||
2561 | |||
2562 | 20110114 | ||
2563 | - OpenBSD CVS Sync | ||
2564 | - djm@cvs.openbsd.org 2011/01/13 21:54:53 | ||
2565 | [mux.c] | ||
2566 | correct error messages; patch from bert.wesarg AT googlemail.com | ||
2567 | - djm@cvs.openbsd.org 2011/01/13 21:55:25 | ||
2568 | [PROTOCOL.mux] | ||
2569 | correct protocol names and add a couple of missing protocol number | ||
2570 | defines; patch from bert.wesarg AT googlemail.com | ||
2571 | - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in | ||
2572 | host-key-force target rather than a substitution that is replaced with a | ||
2573 | comment so that the Makefile.in is still a syntactically valid Makefile | ||
2574 | (useful to run the distprep target) | ||
2575 | - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. | ||
2576 | - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some | ||
2577 | ecdsa bits. | ||
2578 | |||
2579 | 20110113 | ||
2580 | - (djm) [misc.c] include time.h for nanosleep() prototype | ||
2581 | - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm | ||
2582 | - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating | ||
2583 | ecdsa keys. ok djm. | ||
2584 | - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid | ||
2585 | gcc warning on platforms where it defaults to int | ||
2586 | - (djm) [regress/Makefile] add a few more generated files to the clean | ||
2587 | target | ||
2588 | - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad | ||
2589 | #define that was causing diffie-hellman-group-exchange-sha256 to be | ||
2590 | incorrectly disabled | ||
2591 | - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 | ||
2592 | should not depend on ECC support | ||
2593 | |||
2594 | 20110112 | ||
2595 | - OpenBSD CVS Sync | ||
2596 | - nicm@cvs.openbsd.org 2010/10/08 21:48:42 | ||
2597 | [openbsd-compat/glob.c] | ||
2598 | Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit | ||
2599 | from ARG_MAX to 64K. | ||
2600 | Fixes glob-using programs (notably ftp) able to be triggered to hit | ||
2601 | resource limits. | ||
2602 | Idea from a similar NetBSD change, original problem reported by jasper@. | ||
2603 | ok millert tedu jasper | ||
2604 | - djm@cvs.openbsd.org 2011/01/12 01:53:14 | ||
2605 | avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS | ||
2606 | and sanity check arguments (these will be unnecessary when we switch | ||
2607 | struct glob members from being type into to size_t in the future); | ||
2608 | "looks ok" tedu@ feedback guenther@ | ||
2609 | - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid | ||
2610 | silly warnings on write() calls we don't care succeed or not. | ||
2611 | - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler | ||
2612 | flag tests that don't depend on gcc version at all; suggested by and | ||
2613 | ok dtucker@ | ||
2614 | |||
2615 | 20110111 | ||
2616 | - (tim) [regress/host-expand.sh] Fix for building outside of read only | ||
2617 | source tree. | ||
2618 | - (djm) [platform.c] Some missing includes that show up under -Werror | ||
2619 | - OpenBSD CVS Sync | ||
2620 | - djm@cvs.openbsd.org 2011/01/08 10:51:51 | ||
2621 | [clientloop.c] | ||
2622 | use host and not options.hostname, as the latter may have unescaped | ||
2623 | substitution characters | ||
2624 | - djm@cvs.openbsd.org 2011/01/11 06:06:09 | ||
2625 | [sshlogin.c] | ||
2626 | fd leak on error paths; from zinovik@ | ||
2627 | NB. Id sync only; we use loginrec.c that was also audited and fixed | ||
2628 | recently | ||
2629 | - djm@cvs.openbsd.org 2011/01/11 06:13:10 | ||
2630 | [clientloop.c ssh-keygen.c sshd.c] | ||
2631 | some unsigned long long casts that make things a bit easier for | ||
2632 | portable without resorting to dropping PRIu64 formats everywhere | ||
2633 | |||
2634 | 20110109 | ||
2635 | - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by | ||
2636 | openssh AT roumenpetrov.info | ||
2637 | |||
2638 | 20110108 | ||
2639 | - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress | ||
2640 | test on OSX and others. Reported by imorgan AT nas.nasa.gov | ||
2641 | |||
2642 | 20110107 | ||
2643 | - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test | ||
2644 | for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com | ||
2645 | - djm@cvs.openbsd.org 2011/01/06 22:23:53 | ||
2646 | [ssh.c] | ||
2647 | unbreak %n expansion in LocalCommand; patch from bert.wesarg AT | ||
2648 | googlemail.com; ok markus@ | ||
2649 | - djm@cvs.openbsd.org 2011/01/06 22:23:02 | ||
2650 | [clientloop.c] | ||
2651 | when exiting due to ServerAliveTimeout, mention the hostname that caused | ||
2652 | it (useful with backgrounded controlmaster) | ||
2653 | - djm@cvs.openbsd.org 2011/01/06 22:46:21 | ||
2654 | [regress/Makefile regress/host-expand.sh] | ||
2655 | regress test for LocalCommand %n expansion from bert.wesarg AT | ||
2656 | googlemail.com; ok markus@ | ||
2657 | - djm@cvs.openbsd.org 2011/01/06 23:01:35 | ||
2658 | [sshconnect.c] | ||
2659 | reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; | ||
2660 | ok markus@ | ||
2661 | |||
2662 | 20110106 | ||
2663 | - (djm) OpenBSD CVS Sync | ||
2664 | - markus@cvs.openbsd.org 2010/12/08 22:46:03 | ||
2665 | [scp.1 scp.c] | ||
2666 | add a new -3 option to scp: Copies between two remote hosts are | ||
2667 | transferred through the local host. Without this option the data | ||
2668 | is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) | ||
2669 | - jmc@cvs.openbsd.org 2010/12/09 14:13:33 | ||
2670 | [scp.1 scp.c] | ||
2671 | scp.1: grammer fix | ||
2672 | scp.c: add -3 to usage() | ||
2673 | - markus@cvs.openbsd.org 2010/12/14 11:59:06 | ||
2674 | [sshconnect.c] | ||
2675 | don't mention key type in key-changed-warning, since we also print | ||
2676 | this warning if a new key type appears. ok djm@ | ||
2677 | - djm@cvs.openbsd.org 2010/12/15 00:49:27 | ||
2678 | [readpass.c] | ||
2679 | fix ControlMaster=ask regression | ||
2680 | reset SIGCHLD handler before fork (and restore it after) so we don't miss | ||
2681 | the the askpass child's exit status. Correct test for exit status/signal to | ||
2682 | account for waitpid() failure; with claudio@ ok claudio@ markus@ | ||
2683 | - djm@cvs.openbsd.org 2010/12/24 21:41:48 | ||
2684 | [auth-options.c] | ||
2685 | don't send the actual forced command in a debug message; ok markus deraadt | ||
2686 | - otto@cvs.openbsd.org 2011/01/04 20:44:13 | ||
2687 | [ssh-keyscan.c] | ||
2688 | handle ecdsa-sha2 with various key lengths; hint and ok djm@ | ||
2689 | |||
2690 | 20110104 | ||
2691 | - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage | ||
2692 | formatter if it is present, followed by nroff and groff respectively. | ||
2693 | Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports | ||
2694 | in favour of mandoc). feedback and ok tim | ||
2695 | |||
2696 | 20110103 | ||
2697 | - (djm) [Makefile.in] revert local hack I didn't intend to commit | ||
2698 | |||
2699 | 20110102 | ||
2700 | - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker | ||
2701 | - (djm) [configure.ac] Check whether libdes is needed when building | ||
2702 | with Heimdal krb5 support. On OpenBSD this library no longer exists, | ||
2703 | so linking it unconditionally causes a build failure; ok dtucker | ||
2704 | |||
2705 | 20101226 | ||
2706 | - (dtucker) OpenBSD CVS Sync | ||
2707 | - djm@cvs.openbsd.org 2010/12/08 04:02:47 | ||
2708 | [ssh_config.5 sshd_config.5] | ||
2709 | explain that IPQoS arguments are separated by whitespace; iirc requested | ||
2710 | by jmc@ a while back | ||
2711 | |||
2712 | 20101205 | ||
2713 | - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from | ||
2714 | debugging. Spotted by djm. | ||
2715 | - (dtucker) OpenBSD CVS Sync | ||
2716 | - djm@cvs.openbsd.org 2010/12/03 23:49:26 | ||
2717 | [schnorr.c] | ||
2718 | check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao | ||
2719 | (this code is still disabled, but apprently people are treating it as | ||
2720 | a reference implementation) | ||
2721 | - djm@cvs.openbsd.org 2010/12/03 23:55:27 | ||
2722 | [auth-rsa.c] | ||
2723 | move check for revoked keys to run earlier (in auth_rsa_key_allowed) | ||
2724 | bz#1829; patch from ldv AT altlinux.org; ok markus@ | ||
2725 | - djm@cvs.openbsd.org 2010/12/04 00:18:01 | ||
2726 | [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] | ||
2727 | add a protocol extension to support a hard link operation. It is | ||
2728 | available through the "ln" command in the client. The old "ln" | ||
2729 | behaviour of creating a symlink is available using its "-s" option | ||
2730 | or through the preexisting "symlink" command; based on a patch from | ||
2731 | miklos AT szeredi.hu in bz#1555; ok markus@ | ||
2732 | - djm@cvs.openbsd.org 2010/12/04 13:31:37 | ||
2733 | [hostfile.c] | ||
2734 | fix fd leak; spotted and ok dtucker | ||
2735 | - djm@cvs.openbsd.org 2010/12/04 00:21:19 | ||
2736 | [regress/sftp-cmds.sh] | ||
2737 | adjust for hard-link support | ||
2738 | - (dtucker) [regress/Makefile] Id sync. | ||
2739 | |||
2740 | 20101204 | ||
2741 | - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) | ||
2742 | instead of (arc4random() % range) | ||
2743 | - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add | ||
2744 | shims for the new, non-deprecated OpenSSL key generation functions for | ||
2745 | platforms that don't have the new interfaces. | ||
2746 | |||
2747 | 20101201 | ||
2748 | - OpenBSD CVS Sync | ||
2749 | - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 | ||
2750 | [auth2-pubkey.c] | ||
2751 | clean up cases of ;; | ||
2752 | - djm@cvs.openbsd.org 2010/11/21 01:01:13 | ||
2753 | [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] | ||
2754 | honour $TMPDIR for client xauth and ssh-agent temporary directories; | ||
2755 | feedback and ok markus@ | ||
2756 | - djm@cvs.openbsd.org 2010/11/21 10:57:07 | ||
2757 | [authfile.c] | ||
2758 | Refactor internals of private key loading and saving to work on memory | ||
2759 | buffers rather than directly on files. This will make a few things | ||
2760 | easier to do in the future; ok markus@ | ||
2761 | - djm@cvs.openbsd.org 2010/11/23 02:35:50 | ||
2762 | [auth.c] | ||
2763 | use strict_modes already passed as function argument over referencing | ||
2764 | global options.strict_modes | ||
2765 | - djm@cvs.openbsd.org 2010/11/23 23:57:24 | ||
2766 | [clientloop.c] | ||
2767 | avoid NULL deref on receiving a channel request on an unknown or invalid | ||
2768 | channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ | ||
2769 | - djm@cvs.openbsd.org 2010/11/24 01:24:14 | ||
2770 | [channels.c] | ||
2771 | remove a debug() that pollutes stderr on client connecting to a server | ||
2772 | in debug mode (channel_close_fds is called transitively from the session | ||
2773 | code post-fork); bz#1719, ok dtucker | ||
2774 | - djm@cvs.openbsd.org 2010/11/25 04:10:09 | ||
2775 | [session.c] | ||
2776 | replace close() loop for fds 3->64 with closefrom(); | ||
2777 | ok markus deraadt dtucker | ||
2778 | - djm@cvs.openbsd.org 2010/11/26 05:52:49 | ||
2779 | [scp.c] | ||
2780 | Pass through ssh command-line flags and options when doing remote-remote | ||
2781 | transfers, e.g. to enable agent forwarding which is particularly useful | ||
2782 | in this case; bz#1837 ok dtucker@ | ||
2783 | - markus@cvs.openbsd.org 2010/11/29 18:57:04 | ||
2784 | [authfile.c] | ||
2785 | correctly load comment for encrypted rsa1 keys; | ||
2786 | report/fix Joachim Schipper; ok djm@ | ||
2787 | - djm@cvs.openbsd.org 2010/11/29 23:45:51 | ||
2788 | [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] | ||
2789 | [sshconnect.h sshconnect2.c] | ||
2790 | automatically order the hostkeys requested by the client based on | ||
2791 | which hostkeys are already recorded in known_hosts. This avoids | ||
2792 | hostkey warnings when connecting to servers with new ECDSA keys | ||
2793 | that are preferred by default; with markus@ | ||
2794 | |||
2795 | 20101124 | ||
2796 | - (dtucker) [platform.c session.c] Move the getluid call out of session.c and | ||
2797 | into the platform-specific code Only affects SCO, tested by and ok tim@. | ||
2798 | - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow | ||
2799 | group read/write. ok dtucker@ | ||
2800 | - (dtucker) [packet.c] Remove redundant local declaration of "int tos". | ||
2801 | - (djm) [defines.h] Add IP DSCP defines | ||
2802 | |||
2803 | 20101122 | ||
2804 | - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch | ||
2805 | from vapier at gentoo org. | ||
2806 | |||
2807 | 20101120 | ||
2808 | - OpenBSD CVS Sync | ||
2809 | - djm@cvs.openbsd.org 2010/11/05 02:46:47 | ||
2810 | [packet.c] | ||
2811 | whitespace KNF | ||
2812 | - djm@cvs.openbsd.org 2010/11/10 01:33:07 | ||
2813 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] | ||
2814 | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. | ||
2815 | these have been around for years by this time. ok markus | ||
2816 | - djm@cvs.openbsd.org 2010/11/13 23:27:51 | ||
2817 | [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] | ||
2818 | [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] | ||
2819 | allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of | ||
2820 | hardcoding lowdelay/throughput. | ||
2821 | |||
2822 | bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ | ||
2823 | - jmc@cvs.openbsd.org 2010/11/15 07:40:14 | ||
2824 | [ssh_config.5] | ||
2825 | libary -> library; | ||
2826 | - jmc@cvs.openbsd.org 2010/11/18 15:01:00 | ||
2827 | [scp.1 sftp.1 ssh.1 sshd_config.5] | ||
2828 | add IPQoS to the various -o lists, and zap some trailing whitespace; | ||
2829 | |||
2830 | 20101111 | ||
2831 | - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on | ||
2832 | platforms that don't support ECC. Fixes some spurious warnings reported | ||
2833 | by tim@ | ||
2834 | |||
2835 | 20101109 | ||
2836 | - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. | ||
2837 | Feedback from dtucker@ | ||
2838 | - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add | ||
2839 | support for platforms missing isblank(). ok djm@ | ||
2840 | |||
2841 | 20101108 | ||
2842 | - (tim) [regress/Makefile] Fixes to allow building/testing outside source | ||
2843 | tree. | ||
2844 | - (tim) [regress/kextype.sh] Shell portability fix. | ||
2845 | |||
2846 | 20101107 | ||
2847 | - (dtucker) [platform.c] includes.h instead of defines.h so that we get | ||
2848 | the correct typedefs. | ||
2849 | |||
2850 | 20101105 | ||
2851 | - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of | ||
2852 | int. Should fix bz#1817 cleanly; ok dtucker@ | ||
2853 | - OpenBSD CVS Sync | ||
2854 | - djm@cvs.openbsd.org 2010/09/22 12:26:05 | ||
2855 | [regress/Makefile regress/kextype.sh] | ||
2856 | regress test for each of the key exchange algorithms that we support | ||
2857 | - djm@cvs.openbsd.org 2010/10/28 11:22:09 | ||
2858 | [authfile.c key.c key.h ssh-keygen.c] | ||
2859 | fix a possible NULL deref on loading a corrupt ECDH key | ||
2860 | |||
2861 | store ECDH group information in private keys files as "named groups" | ||
2862 | rather than as a set of explicit group parameters (by setting | ||
2863 | the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and | ||
2864 | retrieves the group's OpenSSL NID that we need for various things. | ||
2865 | - jmc@cvs.openbsd.org 2010/10/28 18:33:28 | ||
2866 | [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] | ||
2867 | knock out some "-*- nroff -*-" lines; | ||
2868 | - djm@cvs.openbsd.org 2010/11/04 02:45:34 | ||
2869 | [sftp-server.c] | ||
2870 | umask should be parsed as octal. reported by candland AT xmission.com; | ||
2871 | ok markus@ | ||
2872 | - (dtucker) [configure.ac platform.{c,h} session.c | ||
2873 | openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. | ||
2874 | Patch from cory.erickson at csu mnscu edu with a bit of rework from me. | ||
2875 | ok djm@ | ||
2876 | - (dtucker) [platform.c platform.h session.c] Add a platform hook to run | ||
2877 | after the user's groups are established and move the selinux calls into it. | ||
2878 | - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into | ||
2879 | platform.c | ||
2880 | - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. | ||
2881 | - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to | ||
2882 | retain previous behavior. | ||
2883 | - (dtucker) [platform.c session.c] Move the PAM credential establishment for | ||
2884 | the LOGIN_CAP case into platform.c. | ||
2885 | - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into | ||
2886 | platform.c | ||
2887 | - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. | ||
2888 | - (dtucker) [platform.c session.c] Move irix setusercontext fragment into | ||
2889 | platform.c. | ||
2890 | - (dtucker) [platform.c session.c] Move PAM credential establishment for the | ||
2891 | non-LOGIN_CAP case into platform.c. | ||
2892 | - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case | ||
2893 | check into platform.c | ||
2894 | - (dtucker) [regress/keytype.sh] Import new test. | ||
2895 | - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] | ||
2896 | Import recent changes to regress/Makefile, pass a flag to enable ECC tests | ||
2897 | from configure through to regress/Makefile and use it in the tests. | ||
2898 | - (dtucker) [regress/kextype.sh] Add missing "test". | ||
2899 | - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not | ||
2900 | strictly correct since while ECC requires sha256 the reverse is not true | ||
2901 | however it does prevent spurious test failures. | ||
2902 | - (dtucker) [platform.c] Need servconf.h and extern options. | ||
2903 | |||
2904 | 20101025 | ||
2905 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with | ||
2906 | 1.12 to unbreak Solaris build. | ||
2907 | ok djm@ | ||
2908 | - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a | ||
2909 | native one. | ||
2910 | |||
2911 | 20101024 | ||
2912 | - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. | ||
2913 | - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms | ||
2914 | which don't have ECC support in libcrypto. | ||
2915 | - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms | ||
2916 | which don't have ECC support in libcrypto. | ||
2917 | - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't | ||
2918 | have it. | ||
2919 | - (dtucker) OpenBSD CVS Sync | ||
2920 | - sthen@cvs.openbsd.org 2010/10/23 22:06:12 | ||
2921 | [sftp.c] | ||
2922 | escape '[' in filename tab-completion; fix a type while there. | ||
2923 | ok djm@ | ||
2924 | |||
2925 | 20101021 | ||
2926 | - OpenBSD CVS Sync | ||
2927 | - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 | ||
2928 | [mux.c] | ||
2929 | Typo in confirmation message. bz#1827, patch from imorgan at | ||
2930 | nas nasa gov | ||
2931 | - djm@cvs.openbsd.org 2010/08/31 12:24:09 | ||
2932 | [regress/cert-hostkey.sh regress/cert-userkey.sh] | ||
2933 | tests for ECDSA certificates | ||
2934 | |||
2935 | 20101011 | ||
2936 | - (djm) [canohost.c] Zero a4 instead of addr to better match type. | ||
2937 | bz#1825, reported by foo AT mailinator.com | ||
2938 | - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) | ||
2939 | |||
2940 | 20101011 | ||
2941 | - (djm) [configure.ac] Use = instead of == in shell tests. Patch from | ||
2942 | dr AT vasco.com | ||
2943 | |||
2944 | 20101007 | ||
2945 | - (djm) [ssh-agent.c] Fix type for curve name. | ||
2946 | - (djm) OpenBSD CVS Sync | ||
2947 | - matthew@cvs.openbsd.org 2010/09/24 13:33:00 | ||
2948 | [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] | ||
2949 | [openbsd-compat/timingsafe_bcmp.c] | ||
2950 | Add timingsafe_bcmp(3) to libc, mention that it's already in the | ||
2951 | kernel in kern(9), and remove it from OpenSSH. | ||
2952 | ok deraadt@, djm@ | ||
2953 | NB. re-added under openbsd-compat/ for portable OpenSSH | ||
2954 | - djm@cvs.openbsd.org 2010/09/25 09:30:16 | ||
2955 | [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] | ||
2956 | make use of new glob(3) GLOB_KEEPSTAT extension to save extra server | ||
2957 | rountrips to fetch per-file stat(2) information. | ||
2958 | NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to | ||
2959 | match. | ||
2960 | - djm@cvs.openbsd.org 2010/09/26 22:26:33 | ||
2961 | [sftp.c] | ||
2962 | when performing an "ls" in columnated (short) mode, only call | ||
2963 | ioctl(TIOCGWINSZ) once to get the window width instead of per- | ||
2964 | filename | ||
2965 | - djm@cvs.openbsd.org 2010/09/30 11:04:51 | ||
2966 | [servconf.c] | ||
2967 | prevent free() of string in .rodata when overriding AuthorizedKeys in | ||
2968 | a Match block; patch from rein AT basefarm.no | ||
2969 | - djm@cvs.openbsd.org 2010/10/01 23:05:32 | ||
2970 | [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] | ||
2971 | adapt to API changes in openssl-1.0.0a | ||
2972 | NB. contains compat code to select correct API for older OpenSSL | ||
2973 | - djm@cvs.openbsd.org 2010/10/05 05:13:18 | ||
2974 | [sftp.c sshconnect.c] | ||
2975 | use default shell /bin/sh if $SHELL is ""; ok markus@ | ||
2976 | - djm@cvs.openbsd.org 2010/10/06 06:39:28 | ||
2977 | [clientloop.c ssh.c sshconnect.c sshconnect.h] | ||
2978 | kill proxy command on fatal() (we already kill it on clean exit); | ||
2979 | ok markus@ | ||
2980 | - djm@cvs.openbsd.org 2010/10/06 21:10:21 | ||
2981 | [sshconnect.c] | ||
2982 | swapped args to kill(2) | ||
2983 | - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. | ||
2984 | - (djm) [cipher-acss.c] Add missing header. | ||
2985 | - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp | ||
2986 | |||
2987 | 20100924 | ||
2988 | - (djm) OpenBSD CVS Sync | ||
2989 | - naddy@cvs.openbsd.org 2010/09/10 15:19:29 | ||
2990 | [ssh-keygen.1] | ||
2991 | * mention ECDSA in more places | ||
2992 | * less repetition in FILES section | ||
2993 | * SSHv1 keys are still encrypted with 3DES | ||
2994 | help and ok jmc@ | ||
2995 | - djm@cvs.openbsd.org 2010/09/11 21:44:20 | ||
2996 | [ssh.1] | ||
2997 | mention RFC 5656 for ECC stuff | ||
2998 | - jmc@cvs.openbsd.org 2010/09/19 21:30:05 | ||
2999 | [sftp.1] | ||
3000 | more wacky macro fixing; | ||
3001 | - djm@cvs.openbsd.org 2010/09/20 04:41:47 | ||
3002 | [ssh.c] | ||
3003 | install a SIGCHLD handler to reap expiried child process; ok markus@ | ||
3004 | - djm@cvs.openbsd.org 2010/09/20 04:50:53 | ||
3005 | [jpake.c schnorr.c] | ||
3006 | check that received values are smaller than the group size in the | ||
3007 | disabled and unfinished J-PAKE code. | ||
3008 | avoids catastrophic security failure found by Sebastien Martini | ||
3009 | - djm@cvs.openbsd.org 2010/09/20 04:54:07 | ||
3010 | [jpake.c] | ||
3011 | missing #include | ||
3012 | - djm@cvs.openbsd.org 2010/09/20 07:19:27 | ||
3013 | [mux.c] | ||
3014 | "atomically" create the listening mux socket by binding it on a temorary | ||
3015 | name and then linking it into position after listen() has succeeded. | ||
3016 | this allows the mux clients to determine that the server socket is | ||
3017 | either ready or stale without races. stale server sockets are now | ||
3018 | automatically removed | ||
3019 | ok deraadt | ||
3020 | - djm@cvs.openbsd.org 2010/09/22 05:01:30 | ||
3021 | [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] | ||
3022 | [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] | ||
3023 | add a KexAlgorithms knob to the client and server configuration to allow | ||
3024 | selection of which key exchange methods are used by ssh(1) and sshd(8) | ||
3025 | and their order of preference. | ||
3026 | ok markus@ | ||
3027 | - jmc@cvs.openbsd.org 2010/09/22 08:30:08 | ||
3028 | [ssh.1 ssh_config.5] | ||
3029 | ssh.1: add kexalgorithms to the -o list | ||
3030 | ssh_config.5: format the kexalgorithms in a more consistent | ||
3031 | (prettier!) way | ||
3032 | ok djm | ||
3033 | - djm@cvs.openbsd.org 2010/09/22 22:58:51 | ||
3034 | [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] | ||
3035 | [sftp-client.h sftp.1 sftp.c] | ||
3036 | add an option per-read/write callback to atomicio | ||
3037 | |||
3038 | factor out bandwidth limiting code from scp(1) into a generic bandwidth | ||
3039 | limiter that can be attached using the atomicio callback mechanism | ||
3040 | |||
3041 | add a bandwidth limit option to sftp(1) using the above | ||
3042 | "very nice" markus@ | ||
3043 | - jmc@cvs.openbsd.org 2010/09/23 13:34:43 | ||
3044 | [sftp.c] | ||
3045 | add [-l limit] to usage(); | ||
3046 | - jmc@cvs.openbsd.org 2010/09/23 13:36:46 | ||
3047 | [scp.1 sftp.1] | ||
3048 | add KexAlgorithms to the -o list; | ||
3049 | |||
3050 | 20100910 | ||
3051 | - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact | ||
3052 | return code since it can apparently return -1 under some conditions. From | ||
3053 | openssh bugs werbittewas de, ok djm@ | ||
3054 | - OpenBSD CVS Sync | ||
3055 | - djm@cvs.openbsd.org 2010/08/31 12:33:38 | ||
3056 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | ||
3057 | reintroduce commit from tedu@, which I pulled out for release | ||
3058 | engineering: | ||
3059 | OpenSSL_add_all_algorithms is the name of the function we have a | ||
3060 | man page for, so use that. ok djm | ||
3061 | - jmc@cvs.openbsd.org 2010/08/31 17:40:54 | ||
3062 | [ssh-agent.1] | ||
3063 | fix some macro abuse; | ||
3064 | - jmc@cvs.openbsd.org 2010/08/31 21:14:58 | ||
3065 | [ssh.1] | ||
3066 | small text tweak to accommodate previous; | ||
3067 | - naddy@cvs.openbsd.org 2010/09/01 15:21:35 | ||
3068 | [servconf.c] | ||
3069 | pick up ECDSA host key by default; ok djm@ | ||
3070 | - markus@cvs.openbsd.org 2010/09/02 16:07:25 | ||
3071 | [ssh-keygen.c] | ||
3072 | permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ | ||
3073 | - markus@cvs.openbsd.org 2010/09/02 16:08:39 | ||
3074 | [ssh.c] | ||
3075 | unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ | ||
3076 | - naddy@cvs.openbsd.org 2010/09/02 17:21:50 | ||
3077 | [ssh-keygen.c] | ||
3078 | Switch ECDSA default key size to 256 bits, which according to RFC5656 | ||
3079 | should still be better than our current RSA-2048 default. | ||
3080 | ok djm@, markus@ | ||
3081 | - jmc@cvs.openbsd.org 2010/09/03 11:09:29 | ||
3082 | [scp.1] | ||
3083 | add an EXIT STATUS section for /usr/bin; | ||
3084 | - jmc@cvs.openbsd.org 2010/09/04 09:38:34 | ||
3085 | [ssh-add.1 ssh.1] | ||
3086 | two more EXIT STATUS sections; | ||
3087 | - naddy@cvs.openbsd.org 2010/09/06 17:10:19 | ||
3088 | [sshd_config] | ||
3089 | add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste | ||
3090 | <mattieu.b@gmail.com> | ||
3091 | ok deraadt@ | ||
3092 | - djm@cvs.openbsd.org 2010/09/08 03:54:36 | ||
3093 | [authfile.c] | ||
3094 | typo | ||
3095 | - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 | ||
3096 | [compress.c] | ||
3097 | work around name-space collisions some buggy compilers (looking at you | ||
3098 | gcc, at least in earlier versions, but this does not forgive your current | ||
3099 | transgressions) seen between zlib and openssl | ||
3100 | ok djm | ||
3101 | - djm@cvs.openbsd.org 2010/09/09 10:45:45 | ||
3102 | [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] | ||
3103 | ECDH/ECDSA compliance fix: these methods vary the hash function they use | ||
3104 | (SHA256/384/512) depending on the length of the curve in use. The previous | ||
3105 | code incorrectly used SHA256 in all cases. | ||
3106 | |||
3107 | This fix will cause authentication failure when using 384 or 521-bit curve | ||
3108 | keys if one peer hasn't been upgraded and the other has. (256-bit curve | ||
3109 | keys work ok). In particular you may need to specify HostkeyAlgorithms | ||
3110 | when connecting to a server that has not been upgraded from an upgraded | ||
3111 | client. | ||
3112 | |||
3113 | ok naddy@ | ||
3114 | - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] | ||
3115 | [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] | ||
3116 | [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on | ||
3117 | platforms that don't have the requisite OpenSSL support. ok dtucker@ | ||
3118 | - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs | ||
3119 | for missing headers and compiler warnings. | ||
3120 | |||
3121 | 20100831 | ||
3122 | - OpenBSD CVS Sync | ||
3123 | - jmc@cvs.openbsd.org 2010/08/08 19:36:30 | ||
3124 | [ssh-keysign.8 ssh.1 sshd.8] | ||
3125 | use the same template for all FILES sections; i.e. -compact/.Pp where we | ||
3126 | have multiple items, and .Pa for path names; | ||
3127 | - tedu@cvs.openbsd.org 2010/08/12 23:34:39 | ||
3128 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | ||
3129 | OpenSSL_add_all_algorithms is the name of the function we have a man page | ||
3130 | for, so use that. ok djm | ||
3131 | - djm@cvs.openbsd.org 2010/08/16 04:06:06 | ||
3132 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] | ||
3133 | backout previous temporarily; discussed with deraadt@ | ||
3134 | - djm@cvs.openbsd.org 2010/08/31 09:58:37 | ||
3135 | [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] | ||
3136 | [packet.h ssh-dss.c ssh-rsa.c] | ||
3137 | Add buffer_get_cstring() and related functions that verify that the | ||
3138 | string extracted from the buffer contains no embedded \0 characters* | ||
3139 | This prevents random (possibly malicious) crap from being appended to | ||
3140 | strings where it would not be noticed if the string is used with | ||
3141 | a string(3) function. | ||
3142 | |||
3143 | Use the new API in a few sensitive places. | ||
3144 | |||
3145 | * actually, we allow a single one at the end of the string for now because | ||
3146 | we don't know how many deployed implementations get this wrong, but don't | ||
3147 | count on this to remain indefinitely. | ||
3148 | - djm@cvs.openbsd.org 2010/08/31 11:54:45 | ||
3149 | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] | ||
3150 | [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] | ||
3151 | [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] | ||
3152 | [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] | ||
3153 | [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] | ||
3154 | [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] | ||
3155 | [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] | ||
3156 | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and | ||
3157 | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer | ||
3158 | better performance than plain DH and DSA at the same equivalent symmetric | ||
3159 | key length, as well as much shorter keys. | ||
3160 | |||
3161 | Only the mandatory sections of RFC5656 are implemented, specifically the | ||
3162 | three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and | ||
3163 | ECDSA. Point compression (optional in RFC5656 is NOT implemented). | ||
3164 | |||
3165 | Certificate host and user keys using the new ECDSA key types are supported. | ||
3166 | |||
3167 | Note that this code has not been tested for interoperability and may be | ||
3168 | subject to change. | ||
3169 | |||
3170 | feedback and ok markus@ | ||
3171 | - (djm) [Makefile.in] Add new ECC files | ||
3172 | - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include | ||
3173 | includes.h | ||
3174 | |||
3175 | 20100827 | ||
3176 | - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, | ||
3177 | remove. Patch from martynas at venck us | ||
3178 | |||
3179 | 20100823 | ||
3180 | - (djm) Release OpenSSH-5.6p1 | ||
3181 | |||
3182 | 20100816 | ||
3183 | - (dtucker) [configure.ac openbsd-compat/Makefile.in | ||
3184 | openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to | ||
3185 | the compat library which helps on platforms like old IRIX. Based on work | ||
3186 | by djm, tested by Tom Christensen. | ||
3187 | - OpenBSD CVS Sync | ||
3188 | - djm@cvs.openbsd.org 2010/08/12 21:49:44 | ||
3189 | [ssh.c] | ||
3190 | close any extra file descriptors inherited from parent at start and | ||
3191 | reopen stdin/stdout to /dev/null when forking for ControlPersist. | ||
3192 | |||
3193 | prevents tools that fork and run a captive ssh for communication from | ||
3194 | failing to exit when the ssh completes while they wait for these fds to | ||
3195 | close. The inherited fds may persist arbitrarily long if a background | ||
3196 | mux master has been started by ControlPersist. cvs and scp were effected | ||
3197 | by this. | ||
3198 | |||
3199 | "please commit" markus@ | ||
3200 | - (djm) [regress/README.regress] typo | ||
3201 | |||
3202 | 20100812 | ||
3203 | - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh | ||
3204 | regress/test-exec.sh] Under certain conditions when testing with sudo | ||
3205 | tests would fail because the pidfile could not be read by a regular user. | ||
3206 | "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" | ||
3207 | Make sure cat is run by $SUDO. no objection from me. djm@ | ||
3208 | - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. | ||
3209 | |||
3210 | 20100809 | ||
3211 | - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is | ||
3212 | already set. Makes FreeBSD user openable tunnels useful; patch from | ||
3213 | richard.burakowski+ossh AT mrburak.net, ok dtucker@ | ||
3214 | - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. | ||
3215 | based in part on a patch from Colin Watson, ok djm@ | ||
3216 | |||
3217 | 20100809 | ||
3218 | - OpenBSD CVS Sync | ||
3219 | - djm@cvs.openbsd.org 2010/08/08 16:26:42 | ||
3220 | [version.h] | ||
3221 | crank to 5.6 | ||
3222 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] | ||
3223 | [contrib/suse/openssh.spec] Crank version numbers | ||
3224 | |||
3225 | 20100805 | ||
3226 | - OpenBSD CVS Sync | ||
3227 | - djm@cvs.openbsd.org 2010/08/04 05:37:01 | ||
3228 | [ssh.1 ssh_config.5 sshd.8] | ||
3229 | Remove mentions of weird "addr/port" alternate address format for IPv6 | ||
3230 | addresses combinations. It hasn't worked for ages and we have supported | ||
3231 | the more commen "[addr]:port" format for a long time. ok jmc@ markus@ | ||
3232 | - djm@cvs.openbsd.org 2010/08/04 05:40:39 | ||
3233 | [PROTOCOL.certkeys ssh-keygen.c] | ||
3234 | tighten the rules for certificate encoding by requiring that options | ||
3235 | appear in lexical order and make our ssh-keygen comply. ok markus@ | ||
3236 | - djm@cvs.openbsd.org 2010/08/04 05:42:47 | ||
3237 | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] | ||
3238 | [ssh-keysign.c ssh.c] | ||
3239 | enable certificates for hostbased authentication, from Iain Morgan; | ||
3240 | "looks ok" markus@ | ||
3241 | - djm@cvs.openbsd.org 2010/08/04 05:49:22 | ||
3242 | [authfile.c] | ||
3243 | commited the wrong version of the hostbased certificate diff; this | ||
3244 | version replaces some strlc{py,at} verbosity with xasprintf() at | ||
3245 | the request of markus@ | ||
3246 | - djm@cvs.openbsd.org 2010/08/04 06:07:11 | ||
3247 | [ssh-keygen.1 ssh-keygen.c] | ||
3248 | Support CA keys in PKCS#11 tokens; feedback and ok markus@ | ||
3249 | - djm@cvs.openbsd.org 2010/08/04 06:08:40 | ||
3250 | [ssh-keysign.c] | ||
3251 | clean for -Wuninitialized (Id sync only; portable had this change) | ||
3252 | - djm@cvs.openbsd.org 2010/08/05 13:08:42 | ||
3253 | [channels.c] | ||
3254 | Fix a trio of bugs in the local/remote window calculation for datagram | ||
3255 | data channels (i.e. TunnelForward): | ||
3256 | |||
3257 | Calculate local_consumed correctly in channel_handle_wfd() by measuring | ||
3258 | the delta to buffer_len(c->output) from when we start to when we finish. | ||
3259 | The proximal problem here is that the output_filter we use in portable | ||
3260 | modified the length of the dequeued datagram (to futz with the headers | ||
3261 | for !OpenBSD). | ||
3262 | |||
3263 | In channel_output_poll(), don't enqueue datagrams that won't fit in the | ||
3264 | peer's advertised packet size (highly unlikely to ever occur) or which | ||
3265 | won't fit in the peer's remaining window (more likely). | ||
3266 | |||
3267 | In channel_input_data(), account for the 4-byte string header in | ||
3268 | datagram packets that we accept from the peer and enqueue in c->output. | ||
3269 | |||
3270 | report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; | ||
3271 | "looks good" markus@ | ||
3272 | |||
3273 | 20100803 | ||
3274 | - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from | ||
3275 | PAM to sane values in case the PAM method doesn't write to them. Spotted by | ||
3276 | Bitman Zhou, ok djm@. | ||
3277 | - OpenBSD CVS Sync | ||
3278 | - djm@cvs.openbsd.org 2010/07/16 04:45:30 | ||
3279 | [ssh-keygen.c] | ||
3280 | avoid bogus compiler warning | ||
3281 | - djm@cvs.openbsd.org 2010/07/16 14:07:35 | ||
3282 | [ssh-rsa.c] | ||
3283 | more timing paranoia - compare all parts of the expected decrypted | ||
3284 | data before returning. AFAIK not exploitable in the SSH protocol. | ||
3285 | "groovy" deraadt@ | ||
3286 | - djm@cvs.openbsd.org 2010/07/19 03:16:33 | ||
3287 | [sftp-client.c] | ||
3288 | bz#1797: fix swapped args in upload_dir_internal(), breaking recursive | ||
3289 | upload depth checks and causing verbose printing of transfers to always | ||
3290 | be turned on; patch from imorgan AT nas.nasa.gov | ||
3291 | - djm@cvs.openbsd.org 2010/07/19 09:15:12 | ||
3292 | [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] | ||
3293 | add a "ControlPersist" option that automatically starts a background | ||
3294 | ssh(1) multiplex master when connecting. This connection can stay alive | ||
3295 | indefinitely, or can be set to automatically close after a user-specified | ||
3296 | duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but | ||
3297 | further hacked on by wmertens AT cisco.com, apb AT cequrux.com, | ||
3298 | martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ | ||
3299 | - djm@cvs.openbsd.org 2010/07/21 02:10:58 | ||
3300 | [misc.c] | ||
3301 | sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern | ||
3302 | - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 | ||
3303 | [ssh.1] | ||
3304 | Ciphers is documented in ssh_config(5) these days | ||
3305 | |||
3306 | 20100819 | ||
3307 | - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more | ||
3308 | details about its behaviour WRT existing directories. Patch from | ||
3309 | asguthrie at gmail com, ok djm. | ||
3310 | |||
3311 | 20100716 | ||
3312 | - (djm) OpenBSD CVS Sync | ||
3313 | - djm@cvs.openbsd.org 2010/07/02 04:32:44 | ||
3314 | [misc.c] | ||
3315 | unbreak strdelim() skipping past quoted strings, e.g. | ||
3316 | AllowUsers "blah blah" blah | ||
3317 | was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com | ||
3318 | ok dtucker; | ||
3319 | - djm@cvs.openbsd.org 2010/07/12 22:38:52 | ||
3320 | [ssh.c] | ||
3321 | Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") | ||
3322 | for protocol 2. ok markus@ | ||
3323 | - djm@cvs.openbsd.org 2010/07/12 22:41:13 | ||
3324 | [ssh.c ssh_config.5] | ||
3325 | expand %h to the hostname in ssh_config Hostname options. While this | ||
3326 | sounds useless, it is actually handy for working with unqualified | ||
3327 | hostnames: | ||
3328 | |||
3329 | Host *.* | ||
3330 | Hostname %h | ||
3331 | Host * | ||
3332 | Hostname %h.example.org | ||
3333 | |||
3334 | "I like it" markus@ | ||
3335 | - djm@cvs.openbsd.org 2010/07/13 11:52:06 | ||
3336 | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] | ||
3337 | [packet.c ssh-rsa.c] | ||
3338 | implement a timing_safe_cmp() function to compare memory without leaking | ||
3339 | timing information by short-circuiting like memcmp() and use it for | ||
3340 | some of the more sensitive comparisons (though nothing high-value was | ||
3341 | readily attackable anyway); "looks ok" markus@ | ||
3342 | - djm@cvs.openbsd.org 2010/07/13 23:13:16 | ||
3343 | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] | ||
3344 | [ssh-rsa.c] | ||
3345 | s/timing_safe_cmp/timingsafe_bcmp/g | ||
3346 | - jmc@cvs.openbsd.org 2010/07/14 17:06:58 | ||
3347 | [ssh.1] | ||
3348 | finally ssh synopsis looks nice again! this commit just removes a ton of | ||
3349 | hacks we had in place to make it work with old groff; | ||
3350 | - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 | ||
3351 | [ssh-keygen.1] | ||
3352 | repair incorrect block nesting, which screwed up indentation; | ||
3353 | problem reported and fix OK by jmc@ | ||
3354 | |||
3355 | 20100714 | ||
3356 | - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass | ||
3357 | (line 77) should have been for no_x11_askpass. | ||
3358 | |||
3359 | 20100702 | ||
3360 | - (djm) OpenBSD CVS Sync | ||
3361 | - jmc@cvs.openbsd.org 2010/06/26 00:57:07 | ||
3362 | [ssh_config.5] | ||
3363 | tweak previous; | ||
3364 | - djm@cvs.openbsd.org 2010/06/26 23:04:04 | ||
3365 | [ssh.c] | ||
3366 | oops, forgot to #include <canohost.h>; spotted and patch from chl@ | ||
3367 | - djm@cvs.openbsd.org 2010/06/29 23:15:30 | ||
3368 | [ssh-keygen.1 ssh-keygen.c] | ||
3369 | allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; | ||
3370 | bz#1749; ok markus@ | ||
3371 | - djm@cvs.openbsd.org 2010/06/29 23:16:46 | ||
3372 | [auth2-pubkey.c sshd_config.5] | ||
3373 | allow key options (command="..." and friends) in AuthorizedPrincipals; | ||
3374 | ok markus@ | ||
3375 | - jmc@cvs.openbsd.org 2010/06/30 07:24:25 | ||
3376 | [ssh-keygen.1] | ||
3377 | tweak previous; | ||
3378 | - jmc@cvs.openbsd.org 2010/06/30 07:26:03 | ||
3379 | [ssh-keygen.c] | ||
3380 | sort usage(); | ||
3381 | - jmc@cvs.openbsd.org 2010/06/30 07:28:34 | ||
3382 | [sshd_config.5] | ||
3383 | tweak previous; | ||
3384 | - millert@cvs.openbsd.org 2010/07/01 13:06:59 | ||
3385 | [scp.c] | ||
3386 | Fix a longstanding problem where if you suspend scp at the | ||
3387 | password/passphrase prompt the terminal mode is not restored. | ||
3388 | OK djm@ | ||
3389 | - phessler@cvs.openbsd.org 2010/06/27 19:19:56 | ||
3390 | [regress/Makefile] | ||
3391 | fix how we run the tests so we can successfully use SUDO='sudo -E' | ||
3392 | in our env | ||
3393 | - djm@cvs.openbsd.org 2010/06/29 23:59:54 | ||
3394 | [cert-userkey.sh] | ||
3395 | regress tests for key options in AuthorizedPrincipals | ||
3396 | |||
3397 | 20100627 | ||
3398 | - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs | ||
3399 | key.h. | ||
3400 | |||
3401 | 20100626 | ||
3402 | - (djm) OpenBSD CVS Sync | ||
3403 | - djm@cvs.openbsd.org 2010/05/21 05:00:36 | ||
3404 | [misc.c] | ||
3405 | colon() returns char*, so s/return (0)/return NULL/ | ||
3406 | - markus@cvs.openbsd.org 2010/06/08 21:32:19 | ||
3407 | [ssh-pkcs11.c] | ||
3408 | check length of value returned C_GetAttributValue for != 0 | ||
3409 | from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ | ||
3410 | - djm@cvs.openbsd.org 2010/06/17 07:07:30 | ||
3411 | [mux.c] | ||
3412 | Correct sizing of object to be allocated by calloc(), replacing | ||
3413 | sizeof(state) with sizeof(*state). This worked by accident since | ||
3414 | the struct contained a single int at present, but could have broken | ||
3415 | in the future. patch from hyc AT symas.com | ||
3416 | - djm@cvs.openbsd.org 2010/06/18 00:58:39 | ||
3417 | [sftp.c] | ||
3418 | unbreak ls in working directories that contains globbing characters in | ||
3419 | their pathnames. bz#1655 reported by vgiffin AT apple.com | ||
3420 | - djm@cvs.openbsd.org 2010/06/18 03:16:03 | ||
3421 | [session.c] | ||
3422 | Missing check for chroot_director == "none" (we already checked against | ||
3423 | NULL); bz#1564 from Jan.Pechanec AT Sun.COM | ||
3424 | - djm@cvs.openbsd.org 2010/06/18 04:43:08 | ||
3425 | [sftp-client.c] | ||
3426 | fix memory leak in do_realpath() error path; bz#1771, patch from | ||
3427 | anicka AT suse.cz | ||
3428 | - djm@cvs.openbsd.org 2010/06/22 04:22:59 | ||
3429 | [servconf.c sshd_config.5] | ||
3430 | expose some more sshd_config options inside Match blocks: | ||
3431 | AuthorizedKeysFile AuthorizedPrincipalsFile | ||
3432 | HostbasedUsesNameFromPacketOnly PermitTunnel | ||
3433 | bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ | ||
3434 | - djm@cvs.openbsd.org 2010/06/22 04:32:06 | ||
3435 | [ssh-keygen.c] | ||
3436 | standardise error messages when attempting to open private key | ||
3437 | files to include "progname: filename: error reason" | ||
3438 | bz#1783; ok dtucker@ | ||
3439 | - djm@cvs.openbsd.org 2010/06/22 04:49:47 | ||
3440 | [auth.c] | ||
3441 | queue auth debug messages for bad ownership or permissions on the user's | ||
3442 | keyfiles. These messages will be sent after the user has successfully | ||
3443 | authenticated (where our client will display them with LogLevel=debug). | ||
3444 | bz#1554; ok dtucker@ | ||
3445 | - djm@cvs.openbsd.org 2010/06/22 04:54:30 | ||
3446 | [ssh-keyscan.c] | ||
3447 | replace verbose and overflow-prone Linebuf code with read_keyfile_line() | ||
3448 | based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ | ||
3449 | - djm@cvs.openbsd.org 2010/06/22 04:59:12 | ||
3450 | [session.c] | ||
3451 | include the user name on "subsystem request for ..." log messages; | ||
3452 | bz#1571; ok dtucker@ | ||
3453 | - djm@cvs.openbsd.org 2010/06/23 02:59:02 | ||
3454 | [ssh-keygen.c] | ||
3455 | fix printing of extensions in v01 certificates that I broke in r1.190 | ||
3456 | - djm@cvs.openbsd.org 2010/06/25 07:14:46 | ||
3457 | [channels.c mux.c readconf.c readconf.h ssh.h] | ||
3458 | bz#1327: remove hardcoded limit of 100 permitopen clauses and port | ||
3459 | forwards per direction; ok markus@ stevesk@ | ||
3460 | - djm@cvs.openbsd.org 2010/06/25 07:20:04 | ||
3461 | [channels.c session.c] | ||
3462 | bz#1750: fix requirement for /dev/null inside ChrootDirectory for | ||
3463 | internal-sftp accidentally introduced in r1.253 by removing the code | ||
3464 | that opens and dup /dev/null to stderr and modifying the channels code | ||
3465 | to read stderr but discard it instead; ok markus@ | ||
3466 | - djm@cvs.openbsd.org 2010/06/25 08:46:17 | ||
3467 | [auth1.c auth2-none.c] | ||
3468 | skip the initial check for access with an empty password when | ||
3469 | PermitEmptyPasswords=no; bz#1638; ok markus@ | ||
3470 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 | ||
3471 | [ssh.c] | ||
3472 | log the hostname and address that we connected to at LogLevel=verbose | ||
3473 | after authentication is successful to mitigate "phishing" attacks by | ||
3474 | servers with trusted keys that accept authentication silently and | ||
3475 | automatically before presenting fake password/passphrase prompts; | ||
3476 | "nice!" markus@ | ||
3477 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 | ||
3478 | [ssh.c] | ||
3479 | log the hostname and address that we connected to at LogLevel=verbose | ||
3480 | after authentication is successful to mitigate "phishing" attacks by | ||
3481 | servers with trusted keys that accept authentication silently and | ||
3482 | automatically before presenting fake password/passphrase prompts; | ||
3483 | "nice!" markus@ | ||
3484 | |||
3485 | 20100622 | ||
3486 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 | ||
3487 | bz#1579; ok dtucker | ||
3488 | |||
3489 | 20100618 | ||
3490 | - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ | ||
3491 | rather than assuming that $CWD == $HOME. bz#1500, patch from | ||
3492 | timothy AT gelter.com | ||
3493 | |||
3494 | 20100617 | ||
3495 | - (tim) [contrib/cygwin/README] Remove a reference to the obsolete | ||
3496 | minires-devel package, and to add the reference to the libedit-devel | ||
3497 | package since CYgwin now provides libedit. Patch from Corinna Vinschen. | ||
3498 | |||
3499 | 20100521 | ||
3500 | - (djm) OpenBSD CVS Sync | ||
3501 | - djm@cvs.openbsd.org 2010/05/07 11:31:26 | ||
3502 | [regress/Makefile regress/cert-userkey.sh] | ||
3503 | regress tests for AuthorizedPrincipalsFile and "principals=" key option. | ||
3504 | feedback and ok markus@ | ||
3505 | - djm@cvs.openbsd.org 2010/05/11 02:58:04 | ||
3506 | [auth-rsa.c] | ||
3507 | don't accept certificates marked as "cert-authority" here; ok markus@ | ||
3508 | - djm@cvs.openbsd.org 2010/05/14 00:47:22 | ||
3509 | [ssh-add.c] | ||
3510 | check that the certificate matches the corresponding private key before | ||
3511 | grafting it on | ||
3512 | - djm@cvs.openbsd.org 2010/05/14 23:29:23 | ||
3513 | [channels.c channels.h mux.c ssh.c] | ||
3514 | Pause the mux channel while waiting for reply from aynch callbacks. | ||
3515 | Prevents misordering of replies if new requests arrive while waiting. | ||
3516 | |||
3517 | Extend channel open confirm callback to allow signalling failure | ||
3518 | conditions as well as success. Use this to 1) fix a memory leak, 2) | ||
3519 | start using the above pause mechanism and 3) delay sending a success/ | ||
3520 | failure message on mux slave session open until we receive a reply from | ||
3521 | the server. | ||
3522 | |||
3523 | motivated by and with feedback from markus@ | ||
3524 | - markus@cvs.openbsd.org 2010/05/16 12:55:51 | ||
3525 | [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] | ||
3526 | mux support for remote forwarding with dynamic port allocation, | ||
3527 | use with | ||
3528 | LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` | ||
3529 | feedback and ok djm@ | ||
3530 | - djm@cvs.openbsd.org 2010/05/20 11:25:26 | ||
3531 | [auth2-pubkey.c] | ||
3532 | fix logspam when key options (from="..." especially) deny non-matching | ||
3533 | keys; reported by henning@ also bz#1765; ok markus@ dtucker@ | ||
3534 | - djm@cvs.openbsd.org 2010/05/20 23:46:02 | ||
3535 | [PROTOCOL.certkeys auth-options.c ssh-keygen.c] | ||
3536 | Move the permit-* options to the non-critical "extensions" field for v01 | ||
3537 | certificates. The logic is that if another implementation fails to | ||
3538 | implement them then the connection just loses features rather than fails | ||
3539 | outright. | ||
3540 | |||
3541 | ok markus@ | ||
3542 | |||
3543 | 20100511 | ||
3544 | - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve | ||
3545 | circular dependency problem on old or odd platforms. From Tom Lane, ok | ||
3546 | djm@. | ||
3547 | - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older | ||
3548 | libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't | ||
3549 | already. ok dtucker@ | ||
3550 | |||
3551 | 20100510 | ||
3552 | - OpenBSD CVS Sync | ||
3553 | - djm@cvs.openbsd.org 2010/04/23 01:47:41 | ||
3554 | [ssh-keygen.c] | ||
3555 | bz#1740: display a more helpful error message when $HOME is | ||
3556 | inaccessible while trying to create .ssh directory. Based on patch | ||
3557 | from jchadima AT redhat.com; ok dtucker@ | ||
3558 | - djm@cvs.openbsd.org 2010/04/23 22:27:38 | ||
3559 | [mux.c] | ||
3560 | set "detach_close" flag when registering channel cleanup callbacks. | ||
3561 | This causes the channel to close normally when its fds close and | ||
3562 | hangs when terminating a mux slave using ~. bz#1758; ok markus@ | ||
3563 | - djm@cvs.openbsd.org 2010/04/23 22:42:05 | ||
3564 | [session.c] | ||
3565 | set stderr to /dev/null for subsystems rather than just closing it. | ||
3566 | avoids hangs if a subsystem or shell initialisation writes to stderr. | ||
3567 | bz#1750; ok markus@ | ||
3568 | - djm@cvs.openbsd.org 2010/04/23 22:48:31 | ||
3569 | [ssh-keygen.c] | ||
3570 | refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, | ||
3571 | since we would refuse to use them anyway. bz#1516; ok dtucker@ | ||
3572 | - djm@cvs.openbsd.org 2010/04/26 22:28:24 | ||
3573 | [sshconnect2.c] | ||
3574 | bz#1502: authctxt.success is declared as an int, but passed by | ||
3575 | reference to function that accepts sig_atomic_t*. Convert it to | ||
3576 | the latter; ok markus@ dtucker@ | ||
3577 | - djm@cvs.openbsd.org 2010/05/01 02:50:50 | ||
3578 | [PROTOCOL.certkeys] | ||
3579 | typo; jmeltzer@ | ||
3580 | - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 | ||
3581 | [sftp.c] | ||
3582 | restore mput and mget which got lost in the tab-completion changes. | ||
3583 | found by Kenneth Whitaker, ok djm@ | ||
3584 | - djm@cvs.openbsd.org 2010/05/07 11:30:30 | ||
3585 | [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] | ||
3586 | [key.c servconf.c servconf.h sshd.8 sshd_config.5] | ||
3587 | add some optional indirection to matching of principal names listed | ||
3588 | in certificates. Currently, a certificate must include the a user's name | ||
3589 | to be accepted for authentication. This change adds the ability to | ||
3590 | specify a list of certificate principal names that are acceptable. | ||
3591 | |||
3592 | When authenticating using a CA trusted through ~/.ssh/authorized_keys, | ||
3593 | this adds a new principals="name1[,name2,...]" key option. | ||
3594 | |||
3595 | For CAs listed through sshd_config's TrustedCAKeys option, a new config | ||
3596 | option "AuthorizedPrincipalsFile" specifies a per-user file containing | ||
3597 | the list of acceptable names. | ||
3598 | |||
3599 | If either option is absent, the current behaviour of requiring the | ||
3600 | username to appear in principals continues to apply. | ||
3601 | |||
3602 | These options are useful for role accounts, disjoint account namespaces | ||
3603 | and "user@realm"-style naming policies in certificates. | ||
3604 | |||
3605 | feedback and ok markus@ | ||
3606 | - jmc@cvs.openbsd.org 2010/05/07 12:49:17 | ||
3607 | [sshd_config.5] | ||
3608 | tweak previous; | ||
3609 | |||
3610 | 20100423 | ||
3611 | - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir | ||
3612 | in the openssl install directory (some newer openssl versions do this on at | ||
3613 | least some amd64 platforms). | ||
3614 | |||
3615 | 20100418 | ||
3616 | - OpenBSD CVS Sync | ||
3617 | - jmc@cvs.openbsd.org 2010/04/16 06:45:01 | ||
3618 | [ssh_config.5] | ||
3619 | tweak previous; ok djm | ||
3620 | - jmc@cvs.openbsd.org 2010/04/16 06:47:04 | ||
3621 | [ssh-keygen.1 ssh-keygen.c] | ||
3622 | tweak previous; ok djm | ||
3623 | - djm@cvs.openbsd.org 2010/04/16 21:14:27 | ||
3624 | [sshconnect.c] | ||
3625 | oops, %r => remote username, not %u | ||
3626 | - djm@cvs.openbsd.org 2010/04/16 01:58:45 | ||
3627 | [regress/cert-hostkey.sh regress/cert-userkey.sh] | ||
3628 | regression tests for v01 certificate format | ||
3629 | includes interop tests for v00 certs | ||
3630 | - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default | ||
3631 | file. | ||
3632 | |||
3633 | 20100416 | ||
3634 | - (djm) Release openssh-5.5p1 | ||
3635 | - OpenBSD CVS Sync | ||
3636 | - djm@cvs.openbsd.org 2010/03/26 03:13:17 | ||
3637 | [bufaux.c] | ||
3638 | allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer | ||
3639 | argument to allow skipping past values in a buffer | ||
3640 | - jmc@cvs.openbsd.org 2010/03/26 06:54:36 | ||
3641 | [ssh.1] | ||
3642 | tweak previous; | ||
3643 | - jmc@cvs.openbsd.org 2010/03/27 14:26:55 | ||
3644 | [ssh_config.5] | ||
3645 | tweak previous; ok dtucker | ||
3646 | - djm@cvs.openbsd.org 2010/04/10 00:00:16 | ||
3647 | [ssh.c] | ||
3648 | bz#1746 - suppress spurious tty warning when using -O and stdin | ||
3649 | is not a tty; ok dtucker@ markus@ | ||
3650 | - djm@cvs.openbsd.org 2010/04/10 00:04:30 | ||
3651 | [sshconnect.c] | ||
3652 | fix terminology: we didn't find a certificate in known_hosts, we found | ||
3653 | a CA key | ||
3654 | - djm@cvs.openbsd.org 2010/04/10 02:08:44 | ||
3655 | [clientloop.c] | ||
3656 | bz#1698: kill channel when pty allocation requests fail. Fixed | ||
3657 | stuck client if the server refuses pty allocation. | ||
3658 | ok dtucker@ "think so" markus@ | ||
3659 | - djm@cvs.openbsd.org 2010/04/10 02:10:56 | ||
3660 | [sshconnect2.c] | ||
3661 | show the key type that we are offering in debug(), helps distinguish | ||
3662 | between certs and plain keys as the path to the private key is usually | ||
3663 | the same. | ||
3664 | - djm@cvs.openbsd.org 2010/04/10 05:48:16 | ||
3665 | [mux.c] | ||
3666 | fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au | ||
3667 | - djm@cvs.openbsd.org 2010/04/14 22:27:42 | ||
3668 | [ssh_config.5 sshconnect.c] | ||
3669 | expand %r => remote username in ssh_config:ProxyCommand; | ||
3670 | ok deraadt markus | ||
3671 | - markus@cvs.openbsd.org 2010/04/15 20:32:55 | ||
3672 | [ssh-pkcs11.c] | ||
3673 | retry lookup for private key if there's no matching key with CKA_SIGN | ||
3674 | attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) | ||
3675 | ok djm@ | ||
3676 | - djm@cvs.openbsd.org 2010/04/16 01:47:26 | ||
3677 | [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] | ||
3678 | [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] | ||
3679 | [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] | ||
3680 | [sshconnect.c sshconnect2.c sshd.c] | ||
3681 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the | ||
3682 | following changes: | ||
3683 | |||
3684 | move the nonce field to the beginning of the certificate where it can | ||
3685 | better protect against chosen-prefix attacks on the signature hash | ||
3686 | |||
3687 | Rename "constraints" field to "critical options" | ||
3688 | |||
3689 | Add a new non-critical "extensions" field | ||
3690 | |||
3691 | Add a serial number | ||
3692 | |||
3693 | The older format is still support for authentication and cert generation | ||
3694 | (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) | ||
3695 | |||
3696 | ok markus@ | ||