diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 5571 |
1 files changed, 3882 insertions, 1689 deletions
@@ -1,3 +1,3885 @@ | |||
1 | commit 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 | ||
2 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3 | Date: Fri Feb 14 00:39:20 2020 +0000 | ||
4 | |||
5 | upstream: openssh-8.2 | ||
6 | |||
7 | OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b | ||
8 | |||
9 | commit 72f0ce33f0d5a37f31bad5800d1eb2fbdb732de6 | ||
10 | Author: Damien Miller <djm@mindrot.org> | ||
11 | Date: Wed Feb 12 09:28:35 2020 +1100 | ||
12 | |||
13 | crank version numbers | ||
14 | |||
15 | commit b763ed05bd1f1f15ae1727c86a4498546bc36ca8 | ||
16 | Author: Darren Tucker <dtucker@dtucker.net> | ||
17 | Date: Tue Feb 11 12:51:24 2020 +1100 | ||
18 | |||
19 | Minor documentation update: | ||
20 | |||
21 | - remove duplication of dependency information (it's all in INSTALL). | ||
22 | - SSHFP is now an RFC. | ||
23 | |||
24 | commit 14ccfdb7248e33b1dc8bbac1425ace4598e094cb | ||
25 | Author: Darren Tucker <dtucker@dtucker.net> | ||
26 | Date: Sun Feb 9 11:23:35 2020 +1100 | ||
27 | |||
28 | Check if UINT32_MAX is defined before redefining. | ||
29 | |||
30 | commit be075110c735a451fd9d79a864e01e2e0d9f19d2 | ||
31 | Author: Damien Miller <djm@mindrot.org> | ||
32 | Date: Fri Feb 7 15:07:27 2020 +1100 | ||
33 | |||
34 | typo; reported by Phil Pennock | ||
35 | |||
36 | commit 963d71851e727ffdd2a97fe0898fad61d4a70ba1 | ||
37 | Author: djm@openbsd.org <djm@openbsd.org> | ||
38 | Date: Fri Feb 7 03:57:31 2020 +0000 | ||
39 | |||
40 | upstream: sync the description of the $SSH_SK_PROVIDER environment | ||
41 | |||
42 | variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive, | ||
43 | as the latter was more descriptive. | ||
44 | |||
45 | OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f | ||
46 | |||
47 | commit d4d9e1d40514e2746f9e05335d646512ea1020c6 | ||
48 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
49 | Date: Fri Feb 7 03:54:44 2020 +0000 | ||
50 | |||
51 | upstream: Add ssh -Q key-sig for all key and signature types. | ||
52 | |||
53 | Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as | ||
54 | an alias for the corresponding query. Man page help jmc@, ok djm@. | ||
55 | |||
56 | OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8 | ||
57 | |||
58 | commit fd68dc27864b099b552a6d9d507ca4b83afd6a76 | ||
59 | Author: djm@openbsd.org <djm@openbsd.org> | ||
60 | Date: Fri Feb 7 03:27:54 2020 +0000 | ||
61 | |||
62 | upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more | ||
63 | |||
64 | than the intended number of prompts (3) and 2) it would SEGV too many | ||
65 | incorrect PINs were entered; based on patch by Gabriel Kihlman | ||
66 | |||
67 | OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718 | ||
68 | |||
69 | commit 96bd895a0a0b3a36f81c14db8c91513578fc5563 | ||
70 | Author: djm@openbsd.org <djm@openbsd.org> | ||
71 | Date: Thu Feb 6 22:48:23 2020 +0000 | ||
72 | |||
73 | upstream: When using HostkeyAlgorithms to merely append or remove | ||
74 | |||
75 | algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the | ||
76 | default behaviour of preferring those algorithms that have existing keys in | ||
77 | known_hosts; ok markus | ||
78 | |||
79 | OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed | ||
80 | |||
81 | commit c7288486731734a864b58d024b1395029b55bbc5 | ||
82 | Author: djm@openbsd.org <djm@openbsd.org> | ||
83 | Date: Thu Feb 6 22:46:31 2020 +0000 | ||
84 | |||
85 | upstream: expand HostkeyAlgorithms prior to config dump, matching | ||
86 | |||
87 | other algorithm lists; ok markus@ | ||
88 | |||
89 | OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0 | ||
90 | |||
91 | commit a6ac5d36efc072b15690c65039754f8e44247bdf | ||
92 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
93 | Date: Thu Feb 6 22:34:58 2020 +0000 | ||
94 | |||
95 | upstream: Add Include to the list of permitted keywords after a | ||
96 | |||
97 | Match keyword. ok markus@ | ||
98 | |||
99 | OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb | ||
100 | |||
101 | commit a47f6a6c0e06628eed0c2a08dc31a8923bcc37ba | ||
102 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
103 | Date: Thu Feb 6 22:30:54 2020 +0000 | ||
104 | |||
105 | upstream: Replace "security key" with "authenticator" in program | ||
106 | |||
107 | messages. | ||
108 | |||
109 | This replaces "security key" in error/usage/verbose messages and | ||
110 | distinguishes between "authenticator" and "authenticator-hosted key". | ||
111 | |||
112 | ok djm@ | ||
113 | |||
114 | OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e | ||
115 | |||
116 | commit 849a9b87144f8a5b1771de6c85e44bfeb86be9a9 | ||
117 | Author: Darren Tucker <dtucker@dtucker.net> | ||
118 | Date: Thu Feb 6 11:28:14 2020 +1100 | ||
119 | |||
120 | Don't look for UINT32_MAX in inttypes.h | ||
121 | |||
122 | ... unless we are actually going to use it. Fixes build on HP-UX | ||
123 | without the potential impact to other platforms of a header change | ||
124 | shortly before release. | ||
125 | |||
126 | commit a2437f8ed0c3be54ddd21630a93c68ebd168286f | ||
127 | Author: Damien Miller <djm@mindrot.org> | ||
128 | Date: Thu Feb 6 12:02:22 2020 +1100 | ||
129 | |||
130 | depend | ||
131 | |||
132 | commit 9716e8c4956acdd7b223d1642bfa376e07e7503d | ||
133 | Author: Michael Forney <mforney@mforney.org> | ||
134 | Date: Wed Nov 27 19:17:26 2019 -0800 | ||
135 | |||
136 | Fix sha2 MAKE_CLONE no-op definition | ||
137 | |||
138 | The point of the dummy declaration is so that MAKE_CLONE(...) can have | ||
139 | a trailing semicolon without introducing an empty declaration. So, | ||
140 | the macro replacement text should *not* have a trailing semicolon, | ||
141 | just like DEF_WEAK. | ||
142 | |||
143 | commit d596b1d30dc158915a3979fa409d21ff2465b6ee | ||
144 | Author: djm@openbsd.org <djm@openbsd.org> | ||
145 | Date: Tue Feb 4 09:58:04 2020 +0000 | ||
146 | |||
147 | upstream: require FIDO application strings to start with "ssh:"; ok | ||
148 | |||
149 | markus@ | ||
150 | |||
151 | OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb | ||
152 | |||
153 | commit 501f3582438cb2cb1cb92be0f17be490ae96fb23 | ||
154 | Author: djm@openbsd.org <djm@openbsd.org> | ||
155 | Date: Mon Feb 3 23:47:57 2020 +0000 | ||
156 | |||
157 | upstream: revert enabling UpdateHostKeys by default - there are still | ||
158 | |||
159 | corner cases we need to address; ok markus | ||
160 | |||
161 | OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57 | ||
162 | |||
163 | commit 072f3b832d2a4db8d9880effcb6c4d0dad676504 | ||
164 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
165 | Date: Mon Feb 3 08:15:37 2020 +0000 | ||
166 | |||
167 | upstream: use better markup for challenge and write-attestation, and | ||
168 | |||
169 | rejig the challenge text a little; | ||
170 | |||
171 | ok djm | ||
172 | |||
173 | OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f | ||
174 | |||
175 | commit 262eb05a22cb1fabc3bc1746c220566490b80229 | ||
176 | Author: Damien Miller <djm@mindrot.org> | ||
177 | Date: Mon Feb 3 21:22:15 2020 +1100 | ||
178 | |||
179 | mention libfido2 in dependencies section | ||
180 | |||
181 | commit ccd3b247d59d3bde16c3bef0ea888213fbd6da86 | ||
182 | Author: Damien Miller <djm@mindrot.org> | ||
183 | Date: Mon Feb 3 19:40:12 2020 +1100 | ||
184 | |||
185 | add clock_gettime64(2) to sandbox allowed syscalls | ||
186 | |||
187 | bz3093 | ||
188 | |||
189 | commit adffbe1c645ad2887ba0b6d24c194aa7a40c5735 | ||
190 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
191 | Date: Sun Feb 2 09:45:34 2020 +0000 | ||
192 | |||
193 | upstream: Output (none) in debug in the case in the CheckHostIP=no case | ||
194 | |||
195 | as suggested by markus@ | ||
196 | |||
197 | OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf | ||
198 | |||
199 | commit 58c819096a2167983e55ae686486ce317b69b2d1 | ||
200 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
201 | Date: Sun Feb 2 09:22:22 2020 +0000 | ||
202 | |||
203 | upstream: Prevent possible null pointer deref of ip_str in debug. | ||
204 | |||
205 | OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf | ||
206 | |||
207 | commit 0facae7bc8d3f8f9d02d0f6bed3d163ff7f39806 | ||
208 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
209 | Date: Sun Feb 2 07:36:50 2020 +0000 | ||
210 | |||
211 | upstream: shuffle the challenge keyword to keep the -O list sorted; | ||
212 | |||
213 | OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe | ||
214 | |||
215 | commit 6fb3dd0ccda1c26b06223b87bcd1cab9ec8ec3cc | ||
216 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
217 | Date: Sat Feb 1 06:53:12 2020 +0000 | ||
218 | |||
219 | upstream: tweak previous; | ||
220 | |||
221 | OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3 | ||
222 | |||
223 | commit 92725d4d3fde675acc0ca040b48f3d0c7be73b7f | ||
224 | Author: Darren Tucker <dtucker@dtucker.net> | ||
225 | Date: Sat Feb 1 17:25:09 2020 +1100 | ||
226 | |||
227 | Use sys-queue.h from compat library. | ||
228 | |||
229 | Fixes build on platforms that don't have sys/queue.h (eg MUSL). | ||
230 | |||
231 | commit 677d0ece67634262b3b96c3cd6410b19f3a603b7 | ||
232 | Author: djm@openbsd.org <djm@openbsd.org> | ||
233 | Date: Fri Jan 31 23:25:08 2020 +0000 | ||
234 | |||
235 | upstream: regress test for sshd_config Include directive; from Jakub | ||
236 | |||
237 | Jelen | ||
238 | |||
239 | OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4 | ||
240 | |||
241 | commit d4f4cdd681ab6408a98419f398b75a55497ed324 | ||
242 | Author: djm@openbsd.org <djm@openbsd.org> | ||
243 | Date: Fri Jan 31 23:13:04 2020 +0000 | ||
244 | |||
245 | upstream: whitespace | ||
246 | |||
247 | OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772 | ||
248 | |||
249 | commit 245399dfb3ecebc6abfc2ef4ee2e650fa9f6942b | ||
250 | Author: djm@openbsd.org <djm@openbsd.org> | ||
251 | Date: Fri Jan 31 23:11:25 2020 +0000 | ||
252 | |||
253 | upstream: force early logging to stderr if debug_flag (-d) is set; | ||
254 | |||
255 | avoids missing messages from re-exec config passing | ||
256 | |||
257 | OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff | ||
258 | |||
259 | commit 7365f28a66d1c443723fbe6f4a2612ea6002901e | ||
260 | Author: djm@openbsd.org <djm@openbsd.org> | ||
261 | Date: Fri Jan 31 23:08:08 2020 +0000 | ||
262 | |||
263 | upstream: mistake in previous: filling the incorrect buffer | ||
264 | |||
265 | OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a | ||
266 | |||
267 | commit c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf | ||
268 | Author: djm@openbsd.org <djm@openbsd.org> | ||
269 | Date: Fri Jan 31 22:42:45 2020 +0000 | ||
270 | |||
271 | upstream: Add a sshd_config "Include" directive to allow inclusion | ||
272 | |||
273 | of files. This has sensible semantics wrt Match blocks and accepts glob(3) | ||
274 | patterns to specify the included files. Based on patch by Jakub Jelen in | ||
275 | bz2468; feedback and ok markus@ | ||
276 | |||
277 | OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff | ||
278 | |||
279 | commit ba261a1dd33266168ead4f8f40446dcece4d1600 | ||
280 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
281 | Date: Fri Jan 31 22:25:59 2020 +0000 | ||
282 | |||
283 | upstream: spelling fix; | ||
284 | |||
285 | OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402 | ||
286 | |||
287 | commit 771891a044f763be0711493eca14b6b0082e030f | ||
288 | Author: djm@openbsd.org <djm@openbsd.org> | ||
289 | Date: Thu Jan 30 22:25:34 2020 +0000 | ||
290 | |||
291 | upstream: document changed default for UpdateHostKeys | ||
292 | |||
293 | OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c | ||
294 | |||
295 | commit d53a518536c552672c00e8892e2aea28f664148c | ||
296 | Author: djm@openbsd.org <djm@openbsd.org> | ||
297 | Date: Thu Jan 30 22:19:32 2020 +0000 | ||
298 | |||
299 | upstream: enable UpdateKnownHosts=yes if the configuration | ||
300 | |||
301 | specifies only the default known_hosts files, otherwise select | ||
302 | UpdateKnownHosts=ask; ok markus@ | ||
303 | |||
304 | OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7 | ||
305 | |||
306 | commit bb63ff844e818d188da4fed3c016e0a4eecbbf25 | ||
307 | Author: Darren Tucker <dtucker@dtucker.net> | ||
308 | Date: Thu Jan 30 18:54:42 2020 +1100 | ||
309 | |||
310 | Look in inttypes.h for UINT32_MAX. | ||
311 | |||
312 | Should prevent warnings on at least some AIX versions. | ||
313 | |||
314 | commit afeb6a960da23f0a5cbc4b80cca107c7504e932a | ||
315 | Author: djm@openbsd.org <djm@openbsd.org> | ||
316 | Date: Thu Jan 30 07:21:38 2020 +0000 | ||
317 | |||
318 | upstream: use sshpkt_fatal() instead of plain fatal() for | ||
319 | |||
320 | ssh_packet_write_poll() failures here too as the former yields better error | ||
321 | messages; ok dtucker@ | ||
322 | |||
323 | OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3 | ||
324 | |||
325 | commit 65d6fd0a8a6f31c3ddf0c1192429a176575cf701 | ||
326 | Author: djm@openbsd.org <djm@openbsd.org> | ||
327 | Date: Thu Jan 30 07:20:57 2020 +0000 | ||
328 | |||
329 | upstream: check the return value of ssh_packet_write_poll() and | ||
330 | |||
331 | call sshpkt_fatal() if it fails; avoid potential busy-loop under some | ||
332 | circumstances. Based on patch by Mike Frysinger; ok dtucker@ | ||
333 | |||
334 | OpenBSD-Commit-ID: c79fe5cf4f0cd8074cb6db257c1394d5139408ec | ||
335 | |||
336 | commit dce74eab0c0f9010dc84c62500a17771d0131ff3 | ||
337 | Author: djm@openbsd.org <djm@openbsd.org> | ||
338 | Date: Thu Jan 30 07:20:05 2020 +0000 | ||
339 | |||
340 | upstream: have sshpkt_fatal() save/restore errno before we | ||
341 | |||
342 | potentially call strerror() (via ssh_err()); ok dtucker | ||
343 | |||
344 | OpenBSD-Commit-ID: 5590df31d21405498c848245b85c24acb84ad787 | ||
345 | |||
346 | commit 14ef4efe2bf4180e085ea6738fdbebc199458b0c | ||
347 | Author: djm@openbsd.org <djm@openbsd.org> | ||
348 | Date: Wed Jan 29 08:17:49 2020 +0000 | ||
349 | |||
350 | upstream: markus suggests a simplification to previous | ||
351 | |||
352 | OpenBSD-Commit-ID: 10bbfb6607ebbb9a018dcd163f0964941adf58de | ||
353 | |||
354 | commit 101ebc3a8cfa78d2e615afffbef9861bbbabf1ff | ||
355 | Author: djm@openbsd.org <djm@openbsd.org> | ||
356 | Date: Wed Jan 29 07:51:30 2020 +0000 | ||
357 | |||
358 | upstream: give more context to UpdateHostKeys messages, mentioning | ||
359 | |||
360 | that the changes are validated by the existing trusted host key. Prompted by | ||
361 | espie@ feedback and ok markus@ | ||
362 | |||
363 | OpenBSD-Commit-ID: b3d95f4a45f2692f4143b9e77bb241184dbb8dc5 | ||
364 | |||
365 | commit 24c0f752adf9021277a7b0a84931bb5fe48ea379 | ||
366 | Author: djm@openbsd.org <djm@openbsd.org> | ||
367 | Date: Tue Jan 28 08:01:34 2020 +0000 | ||
368 | |||
369 | upstream: changes to support FIDO attestation | ||
370 | |||
371 | Allow writing to disk the attestation certificate that is generated by | ||
372 | the FIDO token at key enrollment time. These certificates may be used | ||
373 | by an out-of-band workflow to prove that a particular key is held in | ||
374 | trustworthy hardware. | ||
375 | |||
376 | Allow passing in a challenge that will be sent to the card during | ||
377 | key enrollment. These are needed to build an attestation workflow | ||
378 | that resists replay attacks. | ||
379 | |||
380 | ok markus@ | ||
381 | |||
382 | OpenBSD-Commit-ID: 457dc3c3d689ba39eed328f0817ed9b91a5f78f6 | ||
383 | |||
384 | commit 156bef36f93a48212383235bb8e3d71eaf2b2777 | ||
385 | Author: djm@openbsd.org <djm@openbsd.org> | ||
386 | Date: Tue Jan 28 07:24:15 2020 +0000 | ||
387 | |||
388 | upstream: disable UpdateHostKeys=ask when in quiet mode; "work for | ||
389 | |||
390 | me" matthieu@ | ||
391 | |||
392 | OpenBSD-Commit-ID: 60d7b5eb91accf935ed9852650a826d86db2ddc7 | ||
393 | |||
394 | commit ec8a759b4045e54d6b38e690ffee4cbffc53c7b7 | ||
395 | Author: Damien Miller <djm@mindrot.org> | ||
396 | Date: Tue Jan 28 12:57:25 2020 +1100 | ||
397 | |||
398 | compat for missing IPTOS_DSCP_LE in system headers | ||
399 | |||
400 | commit 4594c7627680c4f41c2ad5fe412e55b7cc79b10c | ||
401 | Author: djm@openbsd.org <djm@openbsd.org> | ||
402 | Date: Tue Jan 28 01:49:36 2020 +0000 | ||
403 | |||
404 | upstream: make IPTOS_DSCP_LE available via IPQoS directive; bz2986, | ||
405 | |||
406 | based on patch by veegish AT cyberstorm.mu | ||
407 | |||
408 | OpenBSD-Commit-ID: 9902bf4fbb4ea51de2193ac2b1d965bc5d99c425 | ||
409 | |||
410 | commit da22216b5db3613325aa7b639f40dc017e4c6f69 | ||
411 | Author: markus@openbsd.org <markus@openbsd.org> | ||
412 | Date: Mon Jan 27 20:51:32 2020 +0000 | ||
413 | |||
414 | upstream: disable UpdateHostKeys=ask if command is specified; ok | ||
415 | |||
416 | djm@ sthen@ | ||
417 | |||
418 | OpenBSD-Commit-ID: e5bcc45eadb78896637d4143d289f1e42c2ef5d7 | ||
419 | |||
420 | commit 1e1db0544fdd788e2e3fc21d972a7ccb7de6b4ae | ||
421 | Author: djm@openbsd.org <djm@openbsd.org> | ||
422 | Date: Sun Jan 26 00:09:50 2020 +0000 | ||
423 | |||
424 | upstream: unbreak unittests for recent API / source file changes | ||
425 | |||
426 | OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0 | ||
427 | |||
428 | commit 0d1144769151edf65f74aee9a4c8545c37861695 | ||
429 | Author: Darren Tucker <dtucker@dtucker.net> | ||
430 | Date: Sun Jan 26 15:09:15 2020 +1100 | ||
431 | |||
432 | Move definition of UINT32_MAX. | ||
433 | |||
434 | This allows us to always define it if needed not just if we also | ||
435 | define the type ourself. | ||
436 | |||
437 | commit f73ab8a811bc874c2fb403012aa8e4bfdcaf5ec7 | ||
438 | Author: djm@openbsd.org <djm@openbsd.org> | ||
439 | Date: Sun Jan 26 00:09:50 2020 +0000 | ||
440 | |||
441 | upstream: unbreak unittests for recent API / source file changes | ||
442 | |||
443 | OpenBSD-Regress-ID: 075a899a01bbf7781d38bf0b33d8366faaf6d3c0 | ||
444 | |||
445 | commit 0373f9eba2b63455dceedbd3ac3d5dca306789ff | ||
446 | Author: Darren Tucker <dtucker@dtucker.net> | ||
447 | Date: Sun Jan 26 14:09:17 2020 +1100 | ||
448 | |||
449 | Include signal.h to prevent redefintion of _NSIG. | ||
450 | |||
451 | commit 638a45b5c1e20a8539100ca44166caad8abf26f8 | ||
452 | Author: Darren Tucker <dtucker@dtucker.net> | ||
453 | Date: Sun Jan 26 13:40:51 2020 +1100 | ||
454 | |||
455 | Wrap stdint.h in tests inside HAVE_STDINT_H. | ||
456 | |||
457 | commit 74dfc2c859c906eaab1f88a27fd883115ffb928f | ||
458 | Author: djm@openbsd.org <djm@openbsd.org> | ||
459 | Date: Sun Jan 26 00:14:45 2020 +0000 | ||
460 | |||
461 | upstream: for UpdateHostKeys, don't report errors for unsupported | ||
462 | |||
463 | key types - just ignore them. spotted by and ok dtucker@ | ||
464 | |||
465 | OpenBSD-Commit-ID: 91769e443f6197c983932fc8ae9d39948727d473 | ||
466 | |||
467 | commit b59618246c332e251160be0f1e0e88a7d4e2b0ae | ||
468 | Author: djm@openbsd.org <djm@openbsd.org> | ||
469 | Date: Sun Jan 26 00:13:20 2020 +0000 | ||
470 | |||
471 | upstream: downgrade error() for missing subsequent known_hosts | ||
472 | |||
473 | files to debug() as it was intended to be; spotted by dtucker@ | ||
474 | |||
475 | OpenBSD-Commit-ID: 18cfea382cb52f2da761be524e309cc3d5354ef9 | ||
476 | |||
477 | commit 469df611f778eec5950d556aabfe1d4efc227915 | ||
478 | Author: djm@openbsd.org <djm@openbsd.org> | ||
479 | Date: Sat Jan 25 23:33:27 2020 +0000 | ||
480 | |||
481 | upstream: clarify that BatchMode applies to all interactive prompts | ||
482 | |||
483 | (e.g. host key confirmation) and not just password prompts. | ||
484 | |||
485 | OpenBSD-Commit-ID: 97b001883d89d3fb1620d2e6b747c14a26aa9818 | ||
486 | |||
487 | commit de40876c4a5d7c519d3d7253557572fdfc13db76 | ||
488 | Author: djm@openbsd.org <djm@openbsd.org> | ||
489 | Date: Sat Jan 25 23:28:06 2020 +0000 | ||
490 | |||
491 | upstream: tidy headers; some junk snuck into sshbuf-misc.c and | ||
492 | |||
493 | sshbuf-io.c doesn't need SSHBUF_INTERNAL set | ||
494 | |||
495 | OpenBSD-Commit-ID: 27a724d2e0b2619c1a1490f44093bbd73580d9e6 | ||
496 | |||
497 | commit 6a107606355fa9547884cad6740e6144a7a7955b | ||
498 | Author: Damien Miller <djm@mindrot.org> | ||
499 | Date: Sun Jan 26 10:28:21 2020 +1100 | ||
500 | |||
501 | depend | ||
502 | |||
503 | commit 59d01f1d720ebede4da42882f592d1093dac7adc | ||
504 | Author: djm@openbsd.org <djm@openbsd.org> | ||
505 | Date: Sat Jan 25 23:13:09 2020 +0000 | ||
506 | |||
507 | upstream: improve the error message for u2f enrollment errors by | ||
508 | |||
509 | making ssh-keygen be solely responsible for printing the error message and | ||
510 | convertint some more common error responses from the middleware to a useful | ||
511 | ssherr.h status code. more detail remains visible via -v of course. | ||
512 | |||
513 | also remove indepedent copy of sk-api.h declarations in sk-usbhid.c | ||
514 | and just include it. | ||
515 | |||
516 | feedback & ok markus@ | ||
517 | |||
518 | OpenBSD-Commit-ID: a4a8ffa870d9a3e0cfd76544bcdeef5c9fb1f1bb | ||
519 | |||
520 | commit 99aa8035554ddb976348d2a9253ab3653019728d | ||
521 | Author: djm@openbsd.org <djm@openbsd.org> | ||
522 | Date: Sat Jan 25 23:02:13 2020 +0000 | ||
523 | |||
524 | upstream: factor out reading/writing sshbufs to dedicated | ||
525 | |||
526 | functions; feedback and ok markus@ | ||
527 | |||
528 | OpenBSD-Commit-ID: dc09e5f1950b7acc91b8fdf8015347782d2ecd3d | ||
529 | |||
530 | commit 065064fcf455778b0918f783033b374d4ba37a92 | ||
531 | Author: djm@openbsd.org <djm@openbsd.org> | ||
532 | Date: Sat Jan 25 22:49:38 2020 +0000 | ||
533 | |||
534 | upstream: add a comment describing the ranges of channel IDs that | ||
535 | |||
536 | we use; requested by markus@ | ||
537 | |||
538 | OpenBSD-Commit-ID: 83a1f09810ffa3a96a55fbe32675b34ba739e56b | ||
539 | |||
540 | commit 69334996ae203c51c70bf01d414c918a44618f8e | ||
541 | Author: djm@openbsd.org <djm@openbsd.org> | ||
542 | Date: Sat Jan 25 22:41:01 2020 +0000 | ||
543 | |||
544 | upstream: make sshd_config:ClientAliveCountMax=0 disable the | ||
545 | |||
546 | connection killing behaviour, rather than killing the connection after | ||
547 | sending the first liveness test probe (regardless of whether the client was | ||
548 | responsive) bz2627; ok markus | ||
549 | |||
550 | OpenBSD-Commit-ID: 5af79c35f4c9fa280643b6852f524bfcd9bccdaf | ||
551 | |||
552 | commit bf986a9e2792555e0879a3145fa18d2b49436c74 | ||
553 | Author: djm@openbsd.org <djm@openbsd.org> | ||
554 | Date: Sat Jan 25 22:36:22 2020 +0000 | ||
555 | |||
556 | upstream: clarify order of AllowUsers/DenyUsers vs | ||
557 | |||
558 | AllowGroups/DenyGroups; bz1690, ok markus@ | ||
559 | |||
560 | OpenBSD-Commit-ID: 5637584ec30db9cf64822460f41b3e42c8f9facd | ||
561 | |||
562 | commit 022ce92fa0daa9d78830baeb2bd2dc3f83c724ba | ||
563 | Author: djm@openbsd.org <djm@openbsd.org> | ||
564 | Date: Sat Jan 25 07:17:18 2020 +0000 | ||
565 | |||
566 | upstream: when AddKeysToAgent=yes is set and the key contains no | ||
567 | |||
568 | comment, add the key to the agent with the key's path as the comment. bz2564 | ||
569 | |||
570 | OpenBSD-Commit-ID: 8dd8ca9340d7017631a27f4ed5358a4cfddec16f | ||
571 | |||
572 | commit 0b813436bbf6546638b10c1fa71f54691bcf5e63 | ||
573 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
574 | Date: Sat Jan 25 07:09:14 2020 +0000 | ||
575 | |||
576 | upstream: group14-sha1 is no longer a default algorithm | ||
577 | |||
578 | OpenBSD-Commit-ID: a96f04d5e9c2ff760c6799579dc44f69b4ff431d | ||
579 | |||
580 | commit 3432b6e05d5c583c91c566c5708fed487cec79ac | ||
581 | Author: djm@openbsd.org <djm@openbsd.org> | ||
582 | Date: Sat Jan 25 07:02:51 2020 +0000 | ||
583 | |||
584 | upstream: reword HashKnownHosts description a little more; some | ||
585 | |||
586 | people found the wording confusing (bz#2560) | ||
587 | |||
588 | OpenBSD-Commit-ID: ac30896598694f07d498828690aecd424c496988 | ||
589 | |||
590 | commit f80d7d6aa98d6eddc5df02412efee6db75673d4c | ||
591 | Author: djm@openbsd.org <djm@openbsd.org> | ||
592 | Date: Sat Jan 25 07:01:00 2020 +0000 | ||
593 | |||
594 | upstream: weaken the language for what HashKnownHosts provides with | ||
595 | |||
596 | regards to known_hosts name privacy, it's not practical for this option to | ||
597 | offer any guarantee that hostnames cannot be recovered from a disclosed | ||
598 | known_hosts file (e.g. by brute force). | ||
599 | |||
600 | OpenBSD-Commit-ID: 13f1e3285f8acf7244e9770074296bcf446c6972 | ||
601 | |||
602 | commit 846446bf3e7421e6671a4afd074bdf15eecd7832 | ||
603 | Author: djm@openbsd.org <djm@openbsd.org> | ||
604 | Date: Sat Jan 25 06:40:20 2020 +0000 | ||
605 | |||
606 | upstream: the GatewayPorts vs -R listen address selection logic is | ||
607 | |||
608 | still confusing people, so add another comment explaining the special | ||
609 | handling of "localhost"; bz#3258 | ||
610 | |||
611 | OpenBSD-Commit-ID: e6bf0f0fbf1c7092bf0dbd9c6eab105970b5b53a | ||
612 | |||
613 | commit 734f2f83f5ff86f2967a99d67be9ce22dd0394dd | ||
614 | Author: djm@openbsd.org <djm@openbsd.org> | ||
615 | Date: Sat Jan 25 06:03:10 2020 +0000 | ||
616 | |||
617 | upstream: mention that permitopen=/PermitOpen do no name to address | ||
618 | |||
619 | translation; prompted by bz3099 | ||
620 | |||
621 | OpenBSD-Commit-ID: 0dda8e54d566b29855e76bebf9cfecce573f5c23 | ||
622 | |||
623 | commit e1e97cae19ff07b7a7f7e82556bc048c3c54af63 | ||
624 | Author: Damien Miller <djm@mindrot.org> | ||
625 | Date: Sat Jan 25 16:30:22 2020 +1100 | ||
626 | |||
627 | include tunnel device path in error message | ||
628 | |||
629 | commit 0ecd20bc9f0b9c7c697c9eb014613516c8f65834 | ||
630 | Author: djm@openbsd.org <djm@openbsd.org> | ||
631 | Date: Sat Jan 25 04:48:26 2020 +0000 | ||
632 | |||
633 | upstream: unrevert this: | ||
634 | |||
635 | > revision 1.217 | ||
636 | > date: 2019/11/27 03:34:04; author: dtucker; state: Exp; lines: +5 -7; commitid: wkiMn49XJyjzoJIs; | ||
637 | > Make channel_id u_int32_t and remove unnecessary check and cast that were | ||
638 | > left over from the type conversion. Noted by t-hashida@amiya.co.jp in | ||
639 | > bz#3098, ok markus@ djm@ | ||
640 | |||
641 | Darren was right the first time; ok dtucker@ "agreed" markus@ | ||
642 | |||
643 | OpenBSD-Commit-ID: 641dd1b99a6bbd85b7160da462ae1be83432c7c8 | ||
644 | |||
645 | commit a0c81d2402eedc514b9c9f25ef9604eb0576b86a | ||
646 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
647 | Date: Sat Jan 25 02:57:53 2020 +0000 | ||
648 | |||
649 | upstream: Move setting $NC into test-exec since it's now used by | ||
650 | |||
651 | multiple tests, and in -portable we use our own local copy to avoid | ||
652 | portability problems. | ||
653 | |||
654 | OpenBSD-Regress-ID: ceb78445fcaac317bec2fc51b3f0d9589048c114 | ||
655 | |||
656 | commit e16dfa94f86358033531c4a97dcb51508ef84d49 | ||
657 | Author: Darren Tucker <dtucker@dtucker.net> | ||
658 | Date: Sat Jan 25 13:05:42 2020 +1100 | ||
659 | |||
660 | Put EC key export inside OPENSSL_HAS_ECC. | ||
661 | |||
662 | Fixes link error when building against an OpenSSL that does not have | ||
663 | ECC. | ||
664 | |||
665 | commit 94a2e5951b374e1a89761ceaff72e66eb1946807 | ||
666 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
667 | Date: Sat Jan 25 00:27:56 2020 +0000 | ||
668 | |||
669 | upstream: Wait a bit longer for the multiplex master to become ready | ||
670 | |||
671 | since on very slow hosts the current delay is not sufficient and the test | ||
672 | will fail. | ||
673 | |||
674 | OpenBSD-Regress-ID: 6d90c7475d67ac3a95610b64af700629ece51a48 | ||
675 | |||
676 | commit b2df804f571d77b07059f087b90955ffbc2f67d4 | ||
677 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
678 | Date: Fri Jan 24 10:08:17 2020 +0000 | ||
679 | |||
680 | upstream: Add a connection test for proxycommand. This would have | ||
681 | |||
682 | caught the problem caused by ssh.c rev 1.507 wherein Host and Hostname were | ||
683 | swapped. Prompted by beck@ | ||
684 | |||
685 | OpenBSD-Regress-ID: d218500ae6aca4c479c27318fb5b09ebc00f7aae | ||
686 | |||
687 | commit c6f06fd38a257b9fcc7d6760f8fb6d505dccb628 | ||
688 | Author: djm@openbsd.org <djm@openbsd.org> | ||
689 | Date: Sat Jan 25 00:22:31 2020 +0000 | ||
690 | |||
691 | upstream: set UpdateKnownHosts=ask by default; bz#2894; ok | ||
692 | |||
693 | markus@ | ||
694 | |||
695 | OpenBSD-Commit-ID: f09cb3177f3a14c96428e14f347e976a8a531fee | ||
696 | |||
697 | commit 7955633a554397bc24913cec9fd7285002935f7e | ||
698 | Author: djm@openbsd.org <djm@openbsd.org> | ||
699 | Date: Sat Jan 25 00:21:08 2020 +0000 | ||
700 | |||
701 | upstream: allow UpdateKnownHosts=yes to function when multiple | ||
702 | |||
703 | known_hosts files are in use. When updating host keys, ssh will now search | ||
704 | subsequent known_hosts files, but will add new/changed host keys to the first | ||
705 | specified file only. bz#2738 | ||
706 | |||
707 | ok markus@ | ||
708 | |||
709 | OpenBSD-Commit-ID: 6ded6d878a03e57d5aa20bab9c31f92e929dbc6c | ||
710 | |||
711 | commit e5a278a62ab49dffe96929fa8d8506c6928dba90 | ||
712 | Author: djm@openbsd.org <djm@openbsd.org> | ||
713 | Date: Sat Jan 25 00:06:48 2020 +0000 | ||
714 | |||
715 | upstream: process security key provider via realpath() in agent, | ||
716 | |||
717 | avoids malicious client from being able to cause agent to load arbitrary | ||
718 | libraries into ssh-sk-helper. | ||
719 | |||
720 | reported by puck AT puckipedia.com; ok markus | ||
721 | |||
722 | OpenBSD-Commit-ID: 1086643df1b7eee4870825c687cf0c26a6145d1c | ||
723 | |||
724 | commit 89a8d4525e8edd9958ed3df60cf683551142eae0 | ||
725 | Author: djm@openbsd.org <djm@openbsd.org> | ||
726 | Date: Sat Jan 25 00:03:36 2020 +0000 | ||
727 | |||
728 | upstream: expose PKCS#11 key labels/X.509 subjects as comments | ||
729 | |||
730 | Extract the key label or X.509 subject string when PKCS#11 keys | ||
731 | are retrieved from the token and plumb this through to places where | ||
732 | it may be used as a comment. | ||
733 | |||
734 | based on https://github.com/openssh/openssh-portable/pull/138 | ||
735 | by Danielle Church | ||
736 | |||
737 | feedback and ok markus@ | ||
738 | |||
739 | OpenBSD-Commit-ID: cae1fda10d9e10971dea29520916e27cfec7ca35 | ||
740 | |||
741 | commit a8c05c640873621681ab64d2e47a314592d5efa2 | ||
742 | Author: djm@openbsd.org <djm@openbsd.org> | ||
743 | Date: Fri Jan 24 23:56:01 2020 +0000 | ||
744 | |||
745 | upstream: tweak proctitle to include sshd arguments, as these are | ||
746 | |||
747 | frequently used to distinguish between multiple independent instances of the | ||
748 | server. New proctitle looks like this: | ||
749 | |||
750 | $ pgrep -lf sshd | ||
751 | 12844 sshd: /usr/sbin/sshd -f /etc/ssh/sshd_config [listener] 0 of 10-100 startups | ||
752 | |||
753 | requested by sthen@ and aja@; ok aja@ | ||
754 | |||
755 | OpenBSD-Commit-ID: cf235a561c655a3524a82003cf7244ecb48ccc1e | ||
756 | |||
757 | commit 8075fccbd4f70a4371acabcfb47562471ff0de6f | ||
758 | Author: djm@openbsd.org <djm@openbsd.org> | ||
759 | Date: Fri Jan 24 23:54:40 2020 +0000 | ||
760 | |||
761 | upstream: add xextendf() to extend a string with a format | ||
762 | |||
763 | (reallocating as necessary). ok aja@ as part of a larger diff | ||
764 | |||
765 | OpenBSD-Commit-ID: 30796b50d330b3e0e201747fe40cdf9aa70a77f9 | ||
766 | |||
767 | commit d15c8adf2c6f1a6b4845131074383eb9c3d05c3d | ||
768 | Author: djm@openbsd.org <djm@openbsd.org> | ||
769 | Date: Fri Jan 24 05:33:01 2020 +0000 | ||
770 | |||
771 | upstream: minor tweaks to ssh-keygen -Y find-principals: | ||
772 | |||
773 | emit matched principals one per line to stdout rather than as comma- | ||
774 | separated and with a free-text preamble (easy confusion opportunity) | ||
775 | |||
776 | emit "not found" error to stderr | ||
777 | |||
778 | fix up argument testing for -Y operations and improve error message for | ||
779 | unsupported operations | ||
780 | |||
781 | OpenBSD-Commit-ID: 3d9c9a671ab07fc04a48f543edfa85eae77da69c | ||
782 | |||
783 | commit c3368a5d5ec368ef6bdf9971d6330ca0e3bdca06 | ||
784 | Author: djm@openbsd.org <djm@openbsd.org> | ||
785 | Date: Fri Jan 24 00:28:57 2020 +0000 | ||
786 | |||
787 | upstream: remove ssh-rsa (SHA1) from the list of allowed CA | ||
788 | |||
789 | signature algorithms ok markus | ||
790 | |||
791 | OpenBSD-Commit-ID: da3481fca8c81e6951f319a86b7be67502237f57 | ||
792 | |||
793 | commit 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 | ||
794 | Author: djm@openbsd.org <djm@openbsd.org> | ||
795 | Date: Fri Jan 24 00:27:04 2020 +0000 | ||
796 | |||
797 | upstream: when signing a certificate with an RSA key, default to | ||
798 | |||
799 | a safe signature algorithm (rsa-sha-512) if not is explicitly specified by | ||
800 | the user; ok markus@ | ||
801 | |||
802 | OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9 | ||
803 | |||
804 | commit 8dfb6a202c96cdf037c8ce05e53e32e0e0b7b454 | ||
805 | Author: djm@openbsd.org <djm@openbsd.org> | ||
806 | Date: Fri Jan 24 00:00:31 2020 +0000 | ||
807 | |||
808 | upstream: allow PEM export of DSA and ECDSA keys; bz3091, patch | ||
809 | |||
810 | from Jakub Jelen ok markus@ | ||
811 | |||
812 | OpenBSD-Commit-ID: a58edec8b9f07acab4b962a71a5125830d321b51 | ||
813 | |||
814 | commit 72a8bea2d748c8bd7f076a8b39a52082c79ae95f | ||
815 | Author: djm@openbsd.org <djm@openbsd.org> | ||
816 | Date: Thu Jan 23 23:31:52 2020 +0000 | ||
817 | |||
818 | upstream: ssh-keygen -Y find-principals fixes based on feedback | ||
819 | |||
820 | from Markus: | ||
821 | |||
822 | use "principals" instead of principal, as allowed_signers lines may list | ||
823 | multiple. | ||
824 | |||
825 | When the signing key is a certificate, emit only principals that match | ||
826 | the certificate principal list. | ||
827 | |||
828 | NB. the command -Y name changes: "find-principal" => "find-principals" | ||
829 | |||
830 | ok markus@ | ||
831 | |||
832 | OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf | ||
833 | |||
834 | commit 0585b5697201f5d8b32e6f1b0fee7e188268d30d | ||
835 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
836 | Date: Fri Jan 24 01:29:23 2020 +0000 | ||
837 | |||
838 | upstream: Do not warn about permissions on symlinks. | ||
839 | |||
840 | OpenBSD-Regress-ID: 339d4cbae224bd8743ffad9c3afb0cf3cb66c357 | ||
841 | |||
842 | commit 415192348a5737a960f6d1b292a17b64d55b542c | ||
843 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
844 | Date: Thu Jan 23 11:19:12 2020 +0000 | ||
845 | |||
846 | upstream: Handle zlib compression being disabled now that it's | ||
847 | |||
848 | optional. | ||
849 | |||
850 | OpenBSD-Regress-ID: 0af4fbc5168e62f89d0350de524bff1cb00e707a | ||
851 | |||
852 | commit fbce7c1a898ae75286349822950682cf46346121 | ||
853 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
854 | Date: Thu Jan 23 10:53:04 2020 +0000 | ||
855 | |||
856 | upstream: Fix typo in comment. | ||
857 | |||
858 | OpenBSD-Commit-ID: d1d7a6553208bf439378fd1cf686a828aceb353a | ||
859 | |||
860 | commit ba247af8e9e302910e22881ef9d307a8afeef036 | ||
861 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
862 | Date: Thu Jan 23 10:19:59 2020 +0000 | ||
863 | |||
864 | upstream: When checking for unsafe directories, ignore non-directories | ||
865 | |||
866 | (ie symlinks, where permissions are not relevant). | ||
867 | |||
868 | OpenBSD-Regress-ID: fb6cfc8b022becb62b2dcb99ed3f072b3326e501 | ||
869 | |||
870 | commit 74deb7029be4c00810443114aac9308875a81dae | ||
871 | Author: Darren Tucker <dtucker@dtucker.net> | ||
872 | Date: Thu Jan 23 22:17:24 2020 +1100 | ||
873 | |||
874 | zlib is now optional. | ||
875 | |||
876 | commit 633a2af47ee90291aaf93969aeee1e5046074c7c | ||
877 | Author: Darren Tucker <dtucker@dtucker.net> | ||
878 | Date: Thu Jan 23 22:16:51 2020 +1100 | ||
879 | |||
880 | Plumb WITH_ZLIB into configure. | ||
881 | |||
882 | This allows zlib support to be disabled by ./configure --without-zlib. | ||
883 | |||
884 | commit 7f8e66fea8c4e2a910df9067cb7638999b7764d5 | ||
885 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
886 | Date: Thu Jan 23 10:24:29 2020 +0000 | ||
887 | |||
888 | upstream: Make zlib optional. This adds a "ZLIB" build time option | ||
889 | |||
890 | that allows building without zlib compression and associated options. With | ||
891 | feedback from markus@, ok djm@ | ||
892 | |||
893 | OpenBSD-Commit-ID: 44c6e1133a90fd15a3aa865bdedc53bab28b7910 | ||
894 | |||
895 | commit 69ac4e33023b379e9a8e9b4b6aeeffa6d1fcf6fa | ||
896 | Author: djm@openbsd.org <djm@openbsd.org> | ||
897 | Date: Thu Jan 23 07:54:04 2020 +0000 | ||
898 | |||
899 | upstream: remove trailing period characters from pub/priv key | ||
900 | |||
901 | pathnames - they make them needlessly more difficult to cut and paste without | ||
902 | error; ok markus@ & dtucker@ | ||
903 | |||
904 | OpenBSD-Commit-ID: abdcfd1a5723fcac0711feee7665edc66ae2335a | ||
905 | |||
906 | commit 945bf52c3c815d95b1e842ebf6c910c3524bd5bb | ||
907 | Author: Darren Tucker <dtucker@dtucker.net> | ||
908 | Date: Thu Jan 23 21:06:45 2020 +1100 | ||
909 | |||
910 | Fix a couple of mysig_t leftovers. | ||
911 | |||
912 | commit 84226b447d45fe4542613de68c2ca59a890d7c01 | ||
913 | Author: Darren Tucker <dtucker@dtucker.net> | ||
914 | Date: Thu Jan 23 18:55:24 2020 +1100 | ||
915 | |||
916 | Remove mysignal wrapper. | ||
917 | |||
918 | We switched the main code to use sigaction(), so the wrapper is no | ||
919 | longer used. | ||
920 | |||
921 | commit 5533c2fb7ef21172fa3708d66b03faa2c6b3d93f | ||
922 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
923 | Date: Thu Jan 23 07:16:38 2020 +0000 | ||
924 | |||
925 | upstream: new sentence, new line; | ||
926 | |||
927 | OpenBSD-Commit-ID: b6c3f2f36ec77e99198619b38a9f146655281925 | ||
928 | |||
929 | commit 3bf2a6ac791d64046a537335a0f1d5e43579c5ad | ||
930 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
931 | Date: Thu Jan 23 07:10:22 2020 +0000 | ||
932 | |||
933 | upstream: Replace all calls to signal(2) with a wrapper around | ||
934 | |||
935 | sigaction(2). This wrapper blocks all other signals during the handler | ||
936 | preventing races between handlers, and sets SA_RESTART which should reduce | ||
937 | the potential for short read/write operations. | ||
938 | |||
939 | OpenBSD-Commit-ID: 5e047663fd77a40d7b07bdabe68529df51fd2519 | ||
940 | |||
941 | commit e027c044c796f3a01081a91bee55741204283f28 | ||
942 | Author: djm@openbsd.org <djm@openbsd.org> | ||
943 | Date: Thu Jan 23 04:54:34 2020 +0000 | ||
944 | |||
945 | upstream: missing header change from previous; spotted by dtucker@ | ||
946 | |||
947 | OpenBSD-Commit-ID: 321ce74c0a5bbd0f02fa3f20cb5cf2a952c6b96f | ||
948 | |||
949 | commit 7e1323102b1b04eef391b01e180710a2d408a7ab | ||
950 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
951 | Date: Thu Jan 23 03:42:41 2020 +0000 | ||
952 | |||
953 | upstream: Check for and warn about StrictModes permission problems. ok tb@ | ||
954 | |||
955 | OpenBSD-Regress-ID: 4841704ccdee50ee7efc6035bc686695c6ac2991 | ||
956 | |||
957 | commit 84de1c27f845d15c859db44e7070a46f45504b66 | ||
958 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
959 | Date: Thu Jan 23 03:35:07 2020 +0000 | ||
960 | |||
961 | upstream: Also test PuTTY chacha20. | ||
962 | |||
963 | OpenBSD-Regress-ID: 7af6a0e8763b05f1f8eee6bca5f31fcb16151040 | ||
964 | |||
965 | commit c7ed15a39695ecd5f1f21842d8d9cd22246d4ee2 | ||
966 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
967 | Date: Thu Jan 23 03:24:38 2020 +0000 | ||
968 | |||
969 | upstream: Also test PuTTY ecdh kex methods. | ||
970 | |||
971 | OpenBSD-Regress-ID: ec4017dce612131842398a03e93007a869c2c133 | ||
972 | |||
973 | commit c4b3a128954ee1b7fbcbda167baf8aca1a3d1c84 | ||
974 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
975 | Date: Thu Jan 23 02:46:49 2020 +0000 | ||
976 | |||
977 | upstream: Remove unsupported algorithms from list of defaults at run | ||
978 | |||
979 | time and remove ifdef and distinct settings for OPENSSL=no case. | ||
980 | |||
981 | This will make things much simpler for -portable where the exact set | ||
982 | of algos depends on the configuration of both OpenSSH and the libcrypto | ||
983 | it's linked against (if any). ok djm@ | ||
984 | |||
985 | OpenBSD-Commit-ID: e0116d0183dcafc7a9c40ba5fe9127805c5dfdd2 | ||
986 | |||
987 | commit 56cffcc09f8a2e661d2ba02e61364ae6f998b2b1 | ||
988 | Author: djm@openbsd.org <djm@openbsd.org> | ||
989 | Date: Thu Jan 23 02:43:48 2020 +0000 | ||
990 | |||
991 | upstream: add a new signature operations "find-principal" to look | ||
992 | |||
993 | up the principal associated with a signature from an allowed-signers file. | ||
994 | Work by Sebastian Kinne; ok dtucker@ | ||
995 | |||
996 | OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d | ||
997 | |||
998 | commit 65cf8730de6876a56595eef296e07a86c52534a6 | ||
999 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1000 | Date: Wed Jan 22 07:38:30 2020 +0000 | ||
1001 | |||
1002 | upstream: Ignore whitespace when checking explict fingerprint. | ||
1003 | |||
1004 | When confirming a host key using the fingerprint itself, ignore leading and | ||
1005 | trailing whitespace. ok deraadt@ djm@ | ||
1006 | |||
1007 | OpenBSD-Commit-ID: cafd7f803bbdcd40c3a8f8f1a77747e6b6d8c011 | ||
1008 | |||
1009 | commit 8d3af6ebdf524b34087a0a3ae415b5141ba10572 | ||
1010 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1011 | Date: Wed Jan 22 07:31:27 2020 +0000 | ||
1012 | |||
1013 | upstream: Increase keyscan timeout from default. On slow hosts 3 | ||
1014 | |||
1015 | concurrent keyscans can hit the default 5 second timeout, so increase to 15 | ||
1016 | seconds. | ||
1017 | |||
1018 | OpenBSD-Regress-ID: 16383dec166af369b7fb9948572856f5d544c93f | ||
1019 | |||
1020 | commit 6c30c9adbeeed09a8a9e7a69974cfa1f1ddd1e9e | ||
1021 | Author: tedu@openbsd.org <tedu@openbsd.org> | ||
1022 | Date: Wed Jan 22 04:58:23 2020 +0000 | ||
1023 | |||
1024 | upstream: remove diffie-hellman-group14-sha1 from default kex to | ||
1025 | |||
1026 | see what happens. general mostly ok | ||
1027 | |||
1028 | OpenBSD-Commit-ID: 216b7b8462d2ef5f4531f26cb2cb839b2153dad9 | ||
1029 | |||
1030 | commit 4a32c0ca44a2dc2a358f69b5d43c08e528b44b39 | ||
1031 | Author: claudio@openbsd.org <claudio@openbsd.org> | ||
1032 | Date: Wed Jan 22 04:51:51 2020 +0000 | ||
1033 | |||
1034 | upstream: For ssh-keygen -lF only add a space after key fingerprint | ||
1035 | |||
1036 | when there is a comment. This makes copy-paste of fingerprints into ssh | ||
1037 | easier. OK djm@ | ||
1038 | |||
1039 | OpenBSD-Commit-ID: fa01d95624f65c1eb4dc7c575d20d77c78010dfd | ||
1040 | |||
1041 | commit 37d3b736506760e4ebc7fe56255f7b8ea823a00c | ||
1042 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1043 | Date: Wed Jan 22 04:49:16 2020 +0000 | ||
1044 | |||
1045 | upstream: some __func__ and strerror(errno) here; no functional | ||
1046 | |||
1047 | change | ||
1048 | |||
1049 | OpenBSD-Commit-ID: 6c3ddd5f848b99ea560b31d3fba99ceed66cef37 | ||
1050 | |||
1051 | commit e2031b05c74c98b141179ceab13a323cf17d01e5 | ||
1052 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1053 | Date: Wed Jan 22 02:25:21 2020 +0000 | ||
1054 | |||
1055 | upstream: factor out parsing of allowed-signers lines | ||
1056 | |||
1057 | OpenBSD-Commit-ID: 85ee6aeff608371826019ea85e55bfa87f79d06e | ||
1058 | |||
1059 | commit 47160e1de8c2f638f0ef41cef42c976417b61778 | ||
1060 | Author: Damien Miller <djm@mindrot.org> | ||
1061 | Date: Wed Jan 22 10:30:13 2020 +1100 | ||
1062 | |||
1063 | unbreak fuzzer support for recent ssh-sk.h changes | ||
1064 | |||
1065 | commit 70d38c3cfd4550e8ee66cc3bf1b91aa339c91df5 | ||
1066 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1067 | Date: Tue Jan 21 22:39:57 2020 +0000 | ||
1068 | |||
1069 | upstream: expose the number of currently-authenticating connections | ||
1070 | |||
1071 | along with the MaxStartups limit in the proctitle; suggestion from Philipp | ||
1072 | Marek, w/ feedback from Craig Miskell ok dtucker@ | ||
1073 | |||
1074 | OpenBSD-Commit-ID: a4a6db2dc1641a5df8eddf7d6652176e359dffb3 | ||
1075 | |||
1076 | commit a78c66d5d2144bd49779bc80a647346bd3d7233d | ||
1077 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1078 | Date: Tue Jan 21 12:40:04 2020 +0000 | ||
1079 | |||
1080 | upstream: document the default value of the ControlPersist option; | ||
1081 | |||
1082 | ok dtucker@ djm@ | ||
1083 | |||
1084 | OpenBSD-Commit-ID: 0788e7f2b5a9d4e36d3d2ab378f73329320fef66 | ||
1085 | |||
1086 | commit b46a6325849e40aa2e4b0d962a6f00f708f6576a | ||
1087 | Author: Damien Miller <djm@mindrot.org> | ||
1088 | Date: Wed Jan 22 09:28:32 2020 +1100 | ||
1089 | |||
1090 | remove accidental change in f8c11461 | ||
1091 | |||
1092 | commit 80d3bebcab96fe1d177e45906e10db16895da01d | ||
1093 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1094 | Date: Tue Jan 21 11:06:09 2020 +0000 | ||
1095 | |||
1096 | upstream: don't #ifdef out the KRL code when compiling without | ||
1097 | |||
1098 | libcrypto support; it works just fine and disabling it breaks a few tests. ok | ||
1099 | dtucker@ | ||
1100 | |||
1101 | OpenBSD-Commit-ID: 65f6272c4241eb4b04de78b012fe98b2b555ad44 | ||
1102 | |||
1103 | commit f8c11461aa6db168fc5e7eeae448b4cbbf59642a | ||
1104 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1105 | Date: Tue Jan 21 08:06:27 2020 +0000 | ||
1106 | |||
1107 | upstream: pass SSH_SK_HELPER explicitly past $SUDO to avoid it getting | ||
1108 | |||
1109 | cleared; with dtucker@ | ||
1110 | |||
1111 | OpenBSD-Regress-ID: 03178a0580324bf0dff28f7eac6c3edbc5407f8e | ||
1112 | |||
1113 | commit b5fcb0ac1cc0ef01aeec1c089146298654ab3ae0 | ||
1114 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1115 | Date: Tue Jan 21 07:07:31 2020 +0000 | ||
1116 | |||
1117 | upstream: check access(ssh-sk-helper, X_OK) to provide friendly | ||
1118 | |||
1119 | error message for misconfigured helper paths | ||
1120 | |||
1121 | OpenBSD-Commit-ID: 061bcc262155d12e726305c91394ac0aaf1f8341 | ||
1122 | |||
1123 | commit 56bced43c14dc6fa2bfa1816007e441644105609 | ||
1124 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1125 | Date: Tue Jan 21 06:09:56 2020 +0000 | ||
1126 | |||
1127 | upstream: Document sntrup4591761x25519-sha512@tinyssh.org. Patch | ||
1128 | |||
1129 | from jtesta@positronsecurity.com via github PR#151. | ||
1130 | |||
1131 | OpenBSD-Commit-ID: f3d48168623045c258245c340a5a2af7dbb74edc | ||
1132 | |||
1133 | commit 4a05d789b86314fef7303824f69defbc6b96ed60 | ||
1134 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1135 | Date: Tue Jan 21 05:56:56 2020 +0000 | ||
1136 | |||
1137 | upstream: fix ssh-keygen not displaying authenticator touch | ||
1138 | |||
1139 | prompt; reported by jmc@ | ||
1140 | |||
1141 | OpenBSD-Commit-ID: 04d4f582fc194eb3897ebcbfe286c49958ba2859 | ||
1142 | |||
1143 | commit 881aded0389d999375f926051491a944c6d8752b | ||
1144 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1145 | Date: Tue Jan 21 05:56:27 2020 +0000 | ||
1146 | |||
1147 | upstream: a little more verbosity in sign_and_send_pubkey() debug | ||
1148 | |||
1149 | messages | ||
1150 | |||
1151 | OpenBSD-Commit-ID: 6da47a0e6373f6683006f49bc2a516d197655508 | ||
1152 | |||
1153 | commit b715fdc71bbd009d0caff691ab3fc04903c4aee8 | ||
1154 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1155 | Date: Sat Jan 18 21:16:43 2020 +0000 | ||
1156 | |||
1157 | upstream: one more replacement "(security) key" -> "(FIDO) | ||
1158 | |||
1159 | authenticator" | ||
1160 | |||
1161 | OpenBSD-Commit-ID: 031bca03c1d1f878ab929facd561911f1bc68dfd | ||
1162 | |||
1163 | commit 84911da1beeb6ed258a43468efb316cd39fb6855 | ||
1164 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1165 | Date: Sat Jan 18 15:45:41 2020 +0000 | ||
1166 | |||
1167 | upstream: undo merge error and replace the term "security key" | ||
1168 | |||
1169 | again | ||
1170 | |||
1171 | OpenBSD-Commit-ID: 341749062c089cc360a7877e9ee3a887aecde395 | ||
1172 | |||
1173 | commit e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0 | ||
1174 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1175 | Date: Fri Jan 17 20:13:47 2020 +0000 | ||
1176 | |||
1177 | upstream: Document loading of resident keys from a FIDO | ||
1178 | |||
1179 | authenticator. | ||
1180 | |||
1181 | * Rename -O to -K to keep "-O option" available. | ||
1182 | * Document -K. | ||
1183 | * Trim usage() message down to synopsis, like all other commands. | ||
1184 | |||
1185 | ok markus@ | ||
1186 | |||
1187 | OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a | ||
1188 | |||
1189 | commit 0d005d6372a067b59123dec8fc6dc905f2c09e1e | ||
1190 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1191 | Date: Tue Jan 14 15:07:30 2020 +0000 | ||
1192 | |||
1193 | upstream: sync ssh-keygen.1 and ssh-keygen's usage() with each | ||
1194 | |||
1195 | other and reality ok markus@ | ||
1196 | |||
1197 | OpenBSD-Commit-ID: cdf64454f2c3604c25977c944e5b6262a3bcce92 | ||
1198 | |||
1199 | commit b8a4ca2ebfddab862f7eb1ea2a07fb9f70330429 | ||
1200 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1201 | Date: Sat Jan 11 16:23:10 2020 +0000 | ||
1202 | |||
1203 | upstream: revise the fix for reversed arguments on | ||
1204 | |||
1205 | expand_proxy_command() | ||
1206 | |||
1207 | Always put 'host' before 'host_arg' for consistency. ok markus@ djm@ | ||
1208 | |||
1209 | OpenBSD-Commit-ID: 1ba5b25472779f1b1957295fcc6907bb961472a3 | ||
1210 | |||
1211 | commit 57b181eaf2d34fd0a1b51ab30cb6983df784de5a | ||
1212 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1213 | Date: Fri Jan 10 23:43:26 2020 +0000 | ||
1214 | |||
1215 | upstream: pass the log-on-stderr flag and log level through to | ||
1216 | |||
1217 | ssh-sk-helper, making debugging a bit easier. ok markus@ | ||
1218 | |||
1219 | OpenBSD-Commit-ID: 2e7aea6bf5770d3f38b7c7bba891069256c5a49a | ||
1220 | |||
1221 | commit a8bd5fdbdb7581afc7123a042a7cd6ca25357388 | ||
1222 | Author: Damien Miller <djm@mindrot.org> | ||
1223 | Date: Tue Jan 21 12:32:16 2020 +1100 | ||
1224 | |||
1225 | Wrap copy_environment_blacklist() in #ifdef | ||
1226 | |||
1227 | It's only needed for USE_PAM or HAVE_CYGWIN cases and will cause compiler | ||
1228 | warnings otherwise. | ||
1229 | |||
1230 | commit 10ecc647fc1db8d2dde9f6b9b826b201dfc48b62 | ||
1231 | Author: Damien Miller <djm@mindrot.org> | ||
1232 | Date: Tue Jan 21 12:20:05 2020 +1100 | ||
1233 | |||
1234 | depend | ||
1235 | |||
1236 | commit b3f7009c9ffa5891283ed96e043001e09934a8d4 | ||
1237 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1238 | Date: Mon Jan 20 11:56:48 2020 +0100 | ||
1239 | |||
1240 | Fix missing prototype warning for copy_environment | ||
1241 | |||
1242 | This function is only used in this file, and only on Cygwin, so make | ||
1243 | it static and hide it behind HAVE_CYGWIN. Prevents missing prototype | ||
1244 | warning. | ||
1245 | |||
1246 | commit 0c428c0e991e2c4fabc48cf5d9b8f84c9412e0c3 | ||
1247 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1248 | Date: Mon Jan 20 13:58:11 2020 +0100 | ||
1249 | |||
1250 | configure.ac: fix ldns test | ||
1251 | |||
1252 | When running ./configure --with-ldns, if ldns-config cannot be found, we | ||
1253 | add -Iyes/include to CPPFLAGS and -Lyes/lib to LDFLAGS. Fix that. | ||
1254 | |||
1255 | commit 6089abf715e2784751c9f62697e09bb103295b93 | ||
1256 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1257 | Date: Mon Jan 20 12:13:26 2020 +0100 | ||
1258 | |||
1259 | Make sshpam_password_change_required static. | ||
1260 | |||
1261 | sshpam_password_change_required is only used in auth-pam.c, so make it | ||
1262 | static to prevent a mising prototype warning. | ||
1263 | |||
1264 | commit 5a9b9c82851b7bc219dc3a65962a80803c76c102 | ||
1265 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1266 | Date: Mon Jan 20 12:24:51 2020 +0100 | ||
1267 | |||
1268 | sandbox-darwin.c: fix missing prototypes. | ||
1269 | |||
1270 | Include the right header just like the other sandbox files. | ||
1271 | Fixes missing prototype warnings for ssh_sandbox_* functions. | ||
1272 | |||
1273 | commit 335dc93526942a650f6c69666b3f6ca44d0a2910 | ||
1274 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1275 | Date: Mon Jan 20 11:09:27 2020 +0100 | ||
1276 | |||
1277 | Fix a few warnings when on Mac OS X. | ||
1278 | |||
1279 | Include stdlib.h for calloc, malloc, free and setenv. | ||
1280 | |||
1281 | commit 0488dc2d3050ea1a99ef5cf44afc50ffbf3f1315 | ||
1282 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1283 | Date: Mon Jan 20 10:32:23 2020 +0100 | ||
1284 | |||
1285 | Fix building without openssl. | ||
1286 | |||
1287 | This fixes the following when there are no openssl headers on the system: | ||
1288 | ssh-ecdsa-sk.c:34:10: fatal error: 'openssl/bn.h' file not found | ||
1289 | |||
1290 | commit e6b7157b4ef29c83ec3a2d1d7c927e4b8898f9bb | ||
1291 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1292 | Date: Wed Jan 15 16:08:55 2020 +0100 | ||
1293 | |||
1294 | Add config.log to .gitignore | ||
1295 | |||
1296 | commit 515e10ddf9644010b88cfd7ecf601f4306d42232 | ||
1297 | Author: Ruben Kerkhof <ruben@rubenkerkhof.com> | ||
1298 | Date: Wed Jan 15 16:16:31 2020 +0100 | ||
1299 | |||
1300 | Fix typo in README.md, s/crytpo/crypto/ | ||
1301 | |||
1302 | commit 1af3354aea3c4bfa5b5ecfb5d1ff3ad231c2073c | ||
1303 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1304 | Date: Wed Jan 15 16:22:36 2020 +1100 | ||
1305 | |||
1306 | Wrap stdint.h in ifdef HAVE_STDINT_H. | ||
1307 | |||
1308 | commit 429170f273ce1b0140f8111a45ba69390d98de3a | ||
1309 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1310 | Date: Tue Jan 14 14:41:47 2020 +1100 | ||
1311 | |||
1312 | Wrap stdint.h inside HAVE_STDINT_H. | ||
1313 | |||
1314 | commit a0989b60211b6f1c2313e1397c526d883a23a075 | ||
1315 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1316 | Date: Tue Jan 14 14:26:41 2020 +1100 | ||
1317 | |||
1318 | Include compat header for definitions. | ||
1319 | |||
1320 | commit e0cedcad51fe02683943bf4f1ad2961aa3f35313 | ||
1321 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1322 | Date: Tue Jan 14 09:42:52 2020 +1100 | ||
1323 | |||
1324 | Improve search for 'struct timespec'. | ||
1325 | |||
1326 | Make struct timespec test consistent with existing timeval test. | ||
1327 | Include time.h for timespec in compat header where required. | ||
1328 | |||
1329 | commit acaf9e058594310001ce64468ed2923dc6323e81 | ||
1330 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1331 | Date: Tue Jan 14 12:43:03 2020 +1100 | ||
1332 | |||
1333 | Update depend to remove rmd160.h. | ||
1334 | |||
1335 | commit 26b2675b0c3e3efea11a52609073aec01736ec84 | ||
1336 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1337 | Date: Tue Jan 14 07:24:46 2020 +1100 | ||
1338 | |||
1339 | Remove configure test & compat code for ripemd160. | ||
1340 | |||
1341 | RIPEMD160 support was removed upstream in 2017, however we still had | ||
1342 | a configure test and compat code for it, so clean those up now. | ||
1343 | |||
1344 | commit ed3ad71b17adcd1fb4431d145f53cee1c6a1135e | ||
1345 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1346 | Date: Thu Jan 9 03:28:38 2020 +0000 | ||
1347 | |||
1348 | upstream: fix reversed arguments on expand_proxy_command(); spotted | ||
1349 | |||
1350 | by anton@ | ||
1351 | |||
1352 | OpenBSD-Commit-ID: db1c32478a01dfbc9c4db171de0f25907bea5775 | ||
1353 | |||
1354 | commit cd53476383f0cf475f40ba8ac8deb6b76dd5ce4e | ||
1355 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1356 | Date: Mon Jan 6 07:43:28 2020 +0000 | ||
1357 | |||
1358 | upstream: put the fido options in a list, and tidy up the text a | ||
1359 | |||
1360 | little; ok djm | ||
1361 | |||
1362 | OpenBSD-Commit-ID: 491ce15ae52a88b7a6a2b3b6708a14b4aacdeebb | ||
1363 | |||
1364 | commit 30f704ebc0e9e32b3d12f5d9e8c1b705fdde2c89 | ||
1365 | Author: Jeremy Drake <github@jdrake.com> | ||
1366 | Date: Fri Oct 11 18:31:05 2019 -0700 | ||
1367 | |||
1368 | Deny (non-fatal) ipc in preauth privsep child. | ||
1369 | |||
1370 | As noted in openssh/openssh-portable#149, i386 does not have have | ||
1371 | _NR_shmget etc. Instead, it has a single ipc syscall (see man 2 ipc, | ||
1372 | https://linux.die.net/man/2/ipc). Add this syscall, if present, to the | ||
1373 | list of syscalls that seccomp will deny non-fatally. | ||
1374 | |||
1375 | commit b110cefdfbf5a20f49b774a55062d6ded2fb6e22 | ||
1376 | Author: Khem Raj <raj.khem@gmail.com> | ||
1377 | Date: Tue Jan 7 16:26:45 2020 -0800 | ||
1378 | |||
1379 | seccomp: Allow clock_gettime64() in sandbox. | ||
1380 | |||
1381 | This helps sshd accept connections on mips platforms with | ||
1382 | upcoming glibc ( 2.31 ) | ||
1383 | |||
1384 | commit 3cc60c899a92a469e5118310ba6b74cb57215618 | ||
1385 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1386 | Date: Mon Jan 6 02:39:30 2020 +0000 | ||
1387 | |||
1388 | upstream: missing else in check_enroll_options() | ||
1389 | |||
1390 | OpenBSD-Commit-ID: e058fb918fda56ddbbf0bee910101004cec421d4 | ||
1391 | |||
1392 | commit ff5784e2698d6c41e9f39ce4df24968c1beeb2bb | ||
1393 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1394 | Date: Mon Jan 6 02:24:28 2020 +0000 | ||
1395 | |||
1396 | upstream: fix error message | ||
1397 | |||
1398 | OpenBSD-Commit-ID: 1eb52025658eb78ea6223181e552862198d3d505 | ||
1399 | |||
1400 | commit dd2acc8b862c09751621995fba2d5fa6f4e24cc9 | ||
1401 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1402 | Date: Mon Jan 6 02:07:50 2020 +0000 | ||
1403 | |||
1404 | upstream: adapt sk-dummy to SK API changes | ||
1405 | |||
1406 | also, make it pull prototypes directly from sk-api.c and #error | ||
1407 | if the expected version changes. This will make any future regress | ||
1408 | test breakage because of SK API changes much more apparent | ||
1409 | |||
1410 | OpenBSD-Regress-ID: 79b07055de4feb988e31da71a89051ad5969829d | ||
1411 | |||
1412 | commit c312ca077cd2a6c15545cd6b4d34ee2f69289174 | ||
1413 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1414 | Date: Mon Jan 6 02:00:46 2020 +0000 | ||
1415 | |||
1416 | upstream: Extends the SK API to accept a set of key/value options | ||
1417 | |||
1418 | for all operations. These are intended to future-proof the API a little by | ||
1419 | making it easier to specify additional fields for without having to change | ||
1420 | the API version for each. | ||
1421 | |||
1422 | At present, only two options are defined: one to explicitly specify | ||
1423 | the device for an operation (rather than accepting the middleware's | ||
1424 | autoselection) and another to specify the FIDO2 username that may | ||
1425 | be used when generating a resident key. These new options may be | ||
1426 | invoked at key generation time via ssh-keygen -O | ||
1427 | |||
1428 | This also implements a suggestion from Markus to avoid "int" in favour | ||
1429 | of uint32_t for the algorithm argument in the API, to make implementation | ||
1430 | of ssh-sk-client/helper a little easier. | ||
1431 | |||
1432 | feedback, fixes and ok markus@ | ||
1433 | |||
1434 | OpenBSD-Commit-ID: 973ce11704609022ab36abbdeb6bc23c8001eabc | ||
1435 | |||
1436 | commit 2ab335712d084d9ccaf3f53afc3fa9535329da87 | ||
1437 | Author: beck@openbsd.org <beck@openbsd.org> | ||
1438 | Date: Sun Jan 5 16:28:22 2020 +0000 | ||
1439 | |||
1440 | upstream: fix CanonicalizeHostname, broken by rev 1.507 | ||
1441 | |||
1442 | Issue noticed and reported by Pierre-Olivier Martel <pom@apple.com> | ||
1443 | ok dtucker@ markus@ djm@ | ||
1444 | |||
1445 | OpenBSD-Commit-ID: 749f3168ec520609c35b0c4e1984e5fa47f16094 | ||
1446 | |||
1447 | commit 69e44ba701b90b0f530d64c3fe4363ea86e50cd3 | ||
1448 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1449 | Date: Mon Jan 6 09:02:53 2020 +1100 | ||
1450 | |||
1451 | Fix typo: 'you' -> 'your'. | ||
1452 | |||
1453 | bz#3108 from jmckitrick@gmail.com. | ||
1454 | |||
1455 | commit 7652a57662969bd5c61448b3843ec6d407ad12be | ||
1456 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1457 | Date: Mon Jan 6 08:56:46 2020 +1100 | ||
1458 | |||
1459 | Remove auth-skey.c. | ||
1460 | |||
1461 | S/Key support was removed in OpenSSH 7.8 but this file was missed. | ||
1462 | |||
1463 | commit c593cc5e826c9f4ec506e22b629d37cabfaacff9 | ||
1464 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1465 | Date: Fri Jan 3 07:33:33 2020 +0000 | ||
1466 | |||
1467 | upstream: the download resident keys option is -K (upper) not -k | ||
1468 | |||
1469 | (lower); ok djm | ||
1470 | |||
1471 | OpenBSD-Commit-ID: 71dc28a3e1fa7c553844abc508845bcf5766e091 | ||
1472 | |||
1473 | commit ff31f15773ee173502eec4d7861ec56f26bba381 | ||
1474 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1475 | Date: Fri Jan 3 03:02:26 2020 +0000 | ||
1476 | |||
1477 | upstream: what bozo decided to use 2020 as a future date in a regress | ||
1478 | |||
1479 | test? | ||
1480 | |||
1481 | OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a | ||
1482 | |||
1483 | commit 680eb7749a39d0e4d046e66cac4e51e8e3640b75 | ||
1484 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1485 | Date: Fri Jan 3 02:46:19 2020 +0000 | ||
1486 | |||
1487 | upstream: implement recent SK API change to support resident keys | ||
1488 | |||
1489 | and PIN prompting in the dummy middleware that we use for the tests. Should | ||
1490 | fix breakage spotted by dtucker@ | ||
1491 | |||
1492 | OpenBSD-Regress-ID: 379cf9eabfea57aaf7f3f59dafde59889566c484 | ||
1493 | |||
1494 | commit 86834fe6b54ac57b8528c30cf0b27e5cac5b7af7 | ||
1495 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1496 | Date: Thu Jan 2 13:25:38 2020 +0000 | ||
1497 | |||
1498 | upstream: Update keygen moduli screen test to match recent command | ||
1499 | |||
1500 | line option change to ssh-keygen(1). | ||
1501 | |||
1502 | OpenBSD-Regress-ID: 744a72755004377e9669b662c13c6aa9ead8a0c3 | ||
1503 | |||
1504 | commit 9039971887cccd95b209c479296f772a3a93e8e7 | ||
1505 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1506 | Date: Thu Jan 2 22:40:09 2020 +0000 | ||
1507 | |||
1508 | upstream: ability to download FIDO2 resident keys from a token via | ||
1509 | |||
1510 | "ssh-keygen -K". This will save public/private keys into the current | ||
1511 | directory. | ||
1512 | |||
1513 | This is handy if you move a token between hosts. | ||
1514 | |||
1515 | feedback & ok markus@ | ||
1516 | |||
1517 | OpenBSD-Commit-ID: d57c1f9802f7850f00a117a1d36682a6c6d10da6 | ||
1518 | |||
1519 | commit 878ba4350d57e905d6bb1865d8ff31bdfe5deab4 | ||
1520 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1521 | Date: Thu Jan 2 22:38:33 2020 +0000 | ||
1522 | |||
1523 | upstream: add sshkey_save_public(), to save a public key; ok | ||
1524 | |||
1525 | markus@ | ||
1526 | |||
1527 | OpenBSD-Commit-ID: 5d6f96a966d10d7fa689ff9aa9e1d6767ad5a076 | ||
1528 | |||
1529 | commit 3b1382ffd5e71eff78db8cef0f3cada22ff29409 | ||
1530 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1531 | Date: Mon Dec 30 16:10:00 2019 +0000 | ||
1532 | |||
1533 | upstream: simplify the list for moduli options - no need for | ||
1534 | |||
1535 | -compact; | ||
1536 | |||
1537 | OpenBSD-Commit-ID: 6492c72280482c6d072be46236b365cb359fc280 | ||
1538 | |||
1539 | commit 0248ec7c763dee9ff730a589e3d166eac5c74d7c | ||
1540 | Author: Damien Miller <djm@mindrot.org> | ||
1541 | Date: Thu Jan 2 13:41:31 2020 +1100 | ||
1542 | |||
1543 | ssh-sk-null.cc needs extern "C" {} | ||
1544 | |||
1545 | commit 5ca4b414effe4b56f0cfe3058c92391aa8a43871 | ||
1546 | Author: Damien Miller <djm@mindrot.org> | ||
1547 | Date: Thu Jan 2 10:56:29 2020 +1100 | ||
1548 | |||
1549 | add dummy ssh-sk API for linking with fuzzers | ||
1550 | |||
1551 | commit c4b2664be7ba25e4c233315b25212dec29b727ab | ||
1552 | Author: Damien Miller <djm@mindrot.org> | ||
1553 | Date: Mon Dec 30 21:04:09 2019 +1100 | ||
1554 | |||
1555 | refresh depend | ||
1556 | |||
1557 | commit 3093d12ff80927cf45da08d9f262a26680fb14ee | ||
1558 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1559 | Date: Mon Dec 30 09:49:52 2019 +0000 | ||
1560 | |||
1561 | upstream: Remove the -x option currently used for | ||
1562 | |||
1563 | FIDO/U2F-specific key flags. Instead these flags may be specified via -O. | ||
1564 | |||
1565 | ok markus@ | ||
1566 | |||
1567 | OpenBSD-Commit-ID: f23ebde2a8a7e1bf860a51055a711cffb8c328c1 | ||
1568 | |||
1569 | commit ef65e7dbaa8fac3245aa2bfc9f7e09be7cba0d9d | ||
1570 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1571 | Date: Mon Dec 30 09:25:29 2019 +0000 | ||
1572 | |||
1573 | upstream: document SK API changes in PROTOCOL.u2f | ||
1574 | |||
1575 | ok markus@ | ||
1576 | |||
1577 | OpenBSD-Commit-ID: 52622363c103a3c4d3d546050480ffe978a32186 | ||
1578 | |||
1579 | commit 43ce96427b76c4918e39af654e2fc9ee18d5d478 | ||
1580 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1581 | Date: Mon Dec 30 09:24:45 2019 +0000 | ||
1582 | |||
1583 | upstream: translate and return error codes; retry on bad PIN | ||
1584 | |||
1585 | Define some well-known error codes in the SK API and pass | ||
1586 | them back via ssh-sk-helper. | ||
1587 | |||
1588 | Use the new "wrong PIN" error code to retry PIN prompting during | ||
1589 | ssh-keygen of resident keys. | ||
1590 | |||
1591 | feedback and ok markus@ | ||
1592 | |||
1593 | OpenBSD-Commit-ID: 9663c6a2bb7a0bc8deaccc6c30d9a2983b481620 | ||
1594 | |||
1595 | commit d433596736a2cd4818f538be11fc94783f5c5236 | ||
1596 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1597 | Date: Mon Dec 30 09:24:03 2019 +0000 | ||
1598 | |||
1599 | upstream: improve some error messages; ok markus@ | ||
1600 | |||
1601 | OpenBSD-Commit-ID: 4ccd8ddabb8df4f995107dd3b7ea58220e93cb81 | ||
1602 | |||
1603 | commit c54cd1892c3e7f268b21e1f07ada9f0d9816ffc0 | ||
1604 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1605 | Date: Mon Dec 30 09:23:28 2019 +0000 | ||
1606 | |||
1607 | upstream: SK API and sk-helper error/PIN passing | ||
1608 | |||
1609 | Allow passing a PIN via the SK API (API major crank) and let the | ||
1610 | ssh-sk-helper API follow. | ||
1611 | |||
1612 | Also enhance the ssh-sk-helper API to support passing back an error | ||
1613 | code instead of a complete reply. Will be used to signal "wrong PIN", | ||
1614 | etc. | ||
1615 | |||
1616 | feedback and ok markus@ | ||
1617 | |||
1618 | OpenBSD-Commit-ID: a1bd6b0a2421646919a0c139b8183ad76d28fb71 | ||
1619 | |||
1620 | commit 79fe22d9bc2868c5118f032ec1200ac9c2e3aaef | ||
1621 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1622 | Date: Mon Dec 30 09:22:49 2019 +0000 | ||
1623 | |||
1624 | upstream: implement loading resident keys in ssh-add | ||
1625 | |||
1626 | "ssh-add -O" will load resident keys from a FIDO2 token and add them | ||
1627 | to a ssh-agent. | ||
1628 | |||
1629 | feedback and ok markus@ | ||
1630 | |||
1631 | OpenBSD-Commit-ID: 608104ae957a7d65cb84e0a3a26c8f60e0df3290 | ||
1632 | |||
1633 | commit 27753a8e21887d47fe6b5c78a4aed0efe558a850 | ||
1634 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1635 | Date: Mon Dec 30 09:21:59 2019 +0000 | ||
1636 | |||
1637 | upstream: implement loading of resident keys in ssh-sk-helper | ||
1638 | |||
1639 | feedback and ok markus@ | ||
1640 | |||
1641 | OpenBSD-Commit-ID: b273c23769ea182c55c4a7b8f9cbd9181722011a | ||
1642 | |||
1643 | commit 14cea36df397677b8f8568204300ef654114fd76 | ||
1644 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1645 | Date: Mon Dec 30 09:21:16 2019 +0000 | ||
1646 | |||
1647 | upstream: resident keys support in SK API | ||
1648 | |||
1649 | Adds a sk_load_resident_keys() function to the security key | ||
1650 | API that accepts a security key provider and a PIN and returns | ||
1651 | a list of keys. | ||
1652 | |||
1653 | Implement support for this in the usbhid middleware. | ||
1654 | |||
1655 | feedback and ok markus@ | ||
1656 | |||
1657 | OpenBSD-Commit-ID: 67e984e4e87f4999ce447a6178c4249a9174eff0 | ||
1658 | |||
1659 | commit 2fe05fcb4a2695f190b4fcf27770b655586ab349 | ||
1660 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1661 | Date: Mon Dec 30 09:20:36 2019 +0000 | ||
1662 | |||
1663 | upstream: Factor out parsing of struct sk_enroll_response | ||
1664 | |||
1665 | We'll reuse this for extracting resident keys from a device. | ||
1666 | |||
1667 | feedback and ok markus@ | ||
1668 | |||
1669 | OpenBSD-Commit-ID: 9bc1efd9c6897eac4df0983746cf6578c1542273 | ||
1670 | |||
1671 | commit 4532bd01d57ee13c3ca881eceac1bf9da96a4d7e | ||
1672 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1673 | Date: Mon Dec 30 09:19:52 2019 +0000 | ||
1674 | |||
1675 | upstream: basic support for generating FIDO2 resident keys | ||
1676 | |||
1677 | "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a | ||
1678 | device-resident key. | ||
1679 | |||
1680 | feedback and ok markus@ | ||
1681 | |||
1682 | OpenBSD-Commit-ID: 8e1b3c56a4b11d85047bd6c6c705b7eef4d58431 | ||
1683 | |||
1684 | commit 3e60d18fba1b502c21d64fc7e81d80bcd08a2092 | ||
1685 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1686 | Date: Mon Dec 30 03:30:09 2019 +0000 | ||
1687 | |||
1688 | upstream: remove single-letter flags for moduli options | ||
1689 | |||
1690 | Move all moduli generation options to live under the -O flag. | ||
1691 | |||
1692 | Frees up seven single-letter flags. | ||
1693 | |||
1694 | NB. this change break existing ssh-keygen commandline syntax for moduli- | ||
1695 | related operations. Very few people use these fortunately. | ||
1696 | |||
1697 | feedback and ok markus@ | ||
1698 | |||
1699 | OpenBSD-Commit-ID: d498f3eaf28128484826a4fcb343612764927935 | ||
1700 | |||
1701 | commit 1e645fe767f27725dc7fd7864526de34683f7daf | ||
1702 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1703 | Date: Mon Dec 30 03:28:41 2019 +0000 | ||
1704 | |||
1705 | upstream: prepare for use of ssh-keygen -O flag beyond certs | ||
1706 | |||
1707 | Move list of available certificate options in ssh-keygen.1 to the | ||
1708 | CERTIFICATES section. | ||
1709 | |||
1710 | Collect options specified by -O but delay parsing/validation of | ||
1711 | certificate options until we're sure that we're acting as a CA. | ||
1712 | |||
1713 | ok markus@ | ||
1714 | |||
1715 | OpenBSD-Commit-ID: 33e6bcc29cfca43606f6fa09bd84b955ee3a4106 | ||
1716 | |||
1717 | commit 20ccd854245c598e2b47cc9f8d4955d645195055 | ||
1718 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1719 | Date: Fri Dec 27 08:28:44 2019 +0000 | ||
1720 | |||
1721 | upstream: sort -Y internally in the options list, as is already | ||
1722 | |||
1723 | done in synopsis; | ||
1724 | |||
1725 | OpenBSD-Commit-ID: 86d033c5764404057616690d7be992e445b42274 | ||
1726 | |||
1727 | commit 5b6c954751dd3677466cda7adb92e4f05446c96c | ||
1728 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
1729 | Date: Fri Dec 27 08:25:07 2019 +0000 | ||
1730 | |||
1731 | upstream: in the options list, sort -Y and -y; | ||
1732 | |||
1733 | OpenBSD-Commit-ID: 24c2e6a3aeab6e050a0271ffc73fdff91c10dcaa | ||
1734 | |||
1735 | commit 141df487ba699cfd1ec3dcd98186e7c956e99024 | ||
1736 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1737 | Date: Sat Dec 21 20:22:34 2019 +0000 | ||
1738 | |||
1739 | upstream: Replace the term "security key" with "(FIDO) | ||
1740 | |||
1741 | authenticator". | ||
1742 | |||
1743 | The polysemous use of "key" was too confusing. Input from markus@. | ||
1744 | ok jmc@ | ||
1745 | |||
1746 | OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f | ||
1747 | |||
1748 | commit fbd9729d4eadf2f7097b6017156387ac64302453 | ||
1749 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1750 | Date: Sat Dec 21 02:33:07 2019 +0000 | ||
1751 | |||
1752 | upstream: unit tests for ForwardAgent=/path; from Eric Chiang | ||
1753 | |||
1754 | OpenBSD-Regress-ID: 24f693f78290b2c17725dab2c614dffe4a88c8da | ||
1755 | |||
1756 | commit e5b7cf8edca7e843adc125621e1dab14507f430a | ||
1757 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1758 | Date: Mon Dec 16 02:39:05 2019 +0000 | ||
1759 | |||
1760 | upstream: test security key host keys in addition to user keys | ||
1761 | |||
1762 | OpenBSD-Regress-ID: 9fb45326106669a27e4bf150575c321806e275b1 | ||
1763 | |||
1764 | commit 40be78f503277bd91c958fa25ea9ef918a2ffd3d | ||
1765 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1766 | Date: Sat Dec 21 02:19:13 2019 +0000 | ||
1767 | |||
1768 | upstream: Allow forwarding a different agent socket to the path | ||
1769 | |||
1770 | specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent option to | ||
1771 | accepting an explicit path or the name of an environment variable in addition | ||
1772 | to yes/no. | ||
1773 | |||
1774 | Patch by Eric Chiang, manpage by me; ok markus@ | ||
1775 | |||
1776 | OpenBSD-Commit-ID: 98f2ed80bf34ea54d8b2ddd19ac14ebbf40e9265 | ||
1777 | |||
1778 | commit 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e | ||
1779 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1780 | Date: Fri Dec 20 20:28:55 2019 +0000 | ||
1781 | |||
1782 | upstream: SSH U2F keys can now be used as host keys. Fix a garden | ||
1783 | |||
1784 | path sentence. ok markus@ | ||
1785 | |||
1786 | OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b | ||
1787 | |||
1788 | commit 68010acbcfe36167b3eece3115f3a502535f80df | ||
1789 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1790 | Date: Fri Dec 20 02:42:42 2019 +0000 | ||
1791 | |||
1792 | upstream: Move always unsupported keywords to be grouped with the other | ||
1793 | |||
1794 | ones. Move oSecurityProvider to match the order in the OpCodes enum. Patch | ||
1795 | from openbsd@academicsolutions.ch, ok djm@ | ||
1796 | |||
1797 | OpenBSD-Commit-ID: 061e4505861ec1e02ba3a63e3d1b3be3cad458ec | ||
1798 | |||
1799 | commit 8784b02dc49e1c98df4e7aca466be2f652ed4ad1 | ||
1800 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1801 | Date: Fri Dec 20 02:29:21 2019 +0000 | ||
1802 | |||
1803 | upstream: Remove obsolete opcodes from the configuation enum. | ||
1804 | |||
1805 | Patch from openbsd@academicsolutions.ch, ok djm@ | ||
1806 | |||
1807 | OpenBSD-Commit-ID: 395c202228872ce8d9044cc08552ac969f51e01b | ||
1808 | |||
1809 | commit 345be6091bdc9be09c90a937d1320f97c01fab2a | ||
1810 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1811 | Date: Fri Dec 20 02:11:38 2019 +0000 | ||
1812 | |||
1813 | upstream: Remove now-obsolete config options from example in | ||
1814 | |||
1815 | comment. Patch from openbsd@academicsolutions.ch, ok djm@ | ||
1816 | |||
1817 | OpenBSD-Commit-ID: 35862beb0927b1cb0af476ec23cc07f6e3006101 | ||
1818 | |||
1819 | commit ae024b22c4fd68e7f39681d605585889f9511108 | ||
1820 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1821 | Date: Thu Dec 19 15:09:30 2019 +0000 | ||
1822 | |||
1823 | upstream: Document that security key-hosted keys can act as host | ||
1824 | |||
1825 | keys. | ||
1826 | |||
1827 | Update the list of default host key algorithms in ssh_config.5 and | ||
1828 | sshd_config.5. Copy the description of the SecurityKeyProvider | ||
1829 | option to sshd_config.5. | ||
1830 | |||
1831 | ok jmc@ | ||
1832 | |||
1833 | OpenBSD-Commit-ID: edadf3566ab5e94582df4377fee3b8b702c7eca0 | ||
1834 | |||
1835 | commit bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f | ||
1836 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
1837 | Date: Thu Dec 19 03:50:01 2019 +0000 | ||
1838 | |||
1839 | upstream: "Forward security" -> "Forward secrecy" since that's the | ||
1840 | |||
1841 | correct term. Add "MAC" since we use that acronym in other man pages. ok | ||
1842 | naddy@ | ||
1843 | |||
1844 | OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5 | ||
1845 | |||
1846 | commit e905f7260d72bc0e33ef5f10a0db737ff6e77ba7 | ||
1847 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
1848 | Date: Tue Dec 17 16:21:07 2019 +0000 | ||
1849 | |||
1850 | upstream: cut obsolete lists of crypto algorithms from outline of | ||
1851 | |||
1852 | how SSH works ok markus@ jmc@ | ||
1853 | |||
1854 | OpenBSD-Commit-ID: 8e34973f232ab48c4d4f5d07df48d501708b9160 | ||
1855 | |||
1856 | commit f65cf1163ff01531ae02f3f9210391d0d692f699 | ||
1857 | Author: tobhe@openbsd.org <tobhe@openbsd.org> | ||
1858 | Date: Mon Dec 16 13:58:53 2019 +0000 | ||
1859 | |||
1860 | upstream: strdup may return NULL if memory allocation fails. Use | ||
1861 | |||
1862 | the safer xstrdup which fatals on allocation failures. | ||
1863 | |||
1864 | ok markus@ | ||
1865 | |||
1866 | OpenBSD-Commit-ID: 8b608d387120630753cbcb8110e0b019c0c9a0d0 | ||
1867 | |||
1868 | commit 57634bfc5708477826c0be265ddc59b9d83e4886 | ||
1869 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1870 | Date: Mon Dec 16 03:16:58 2019 +0000 | ||
1871 | |||
1872 | upstream: sort sk-* methods behind their plain key methods cousins | ||
1873 | |||
1874 | for now | ||
1875 | |||
1876 | OpenBSD-Commit-ID: c97e22c2b28c0d12ee389b8b4ef5f2ada7908828 | ||
1877 | |||
1878 | commit b8df8fe920e697edcc69c520390b78c3b7ad9d84 | ||
1879 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1880 | Date: Tue Dec 17 19:46:15 2019 +1100 | ||
1881 | |||
1882 | Mac OS X has PAM too. | ||
1883 | |||
1884 | commit bf8de8b8251af69b5ce96a8faa69145af156af4d | ||
1885 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1886 | Date: Tue Dec 17 19:37:06 2019 +1100 | ||
1887 | |||
1888 | Show portable tarball pattern in example. | ||
1889 | |||
1890 | commit a19ef613e98141cc37c8acdeebe285b9dbe2531e | ||
1891 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1892 | Date: Tue Dec 17 19:35:59 2019 +1100 | ||
1893 | |||
1894 | OpenSSL is now optional. | ||
1895 | |||
1896 | commit 1a7217ac063e48cf0082895aeee81ed2b8a57191 | ||
1897 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1898 | Date: Sun Dec 15 18:58:33 2019 +0000 | ||
1899 | |||
1900 | upstream: adapt to ssh-sk-client change | ||
1901 | |||
1902 | OpenBSD-Regress-ID: 40481999a5928d635ab2e5b029e8239c112005ea | ||
1903 | |||
1904 | commit a7fc1df246e80bfdabd09b069b91c72f9c578ca8 | ||
1905 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1906 | Date: Wed Dec 11 18:47:14 2019 +0000 | ||
1907 | |||
1908 | upstream: it's no longer possible to disable privilege separation | ||
1909 | |||
1910 | in sshd, so don't double the tests' work by trying both off/on | ||
1911 | |||
1912 | OpenBSD-Regress-ID: d366665466dbd09e9b707305da884be3e7619c68 | ||
1913 | |||
1914 | commit 3145d38ea06820a66c0f5e068f49af14fd2b7ac1 | ||
1915 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1916 | Date: Sun Dec 15 20:59:23 2019 +0000 | ||
1917 | |||
1918 | upstream: don't treat HostKeyAgent=none as a path either; avoids | ||
1919 | |||
1920 | spurious warnings from the cfgparse regress test | ||
1921 | |||
1922 | OpenBSD-Commit-ID: ba49ea7a5c92b8a16cb9c2e975dbb163853afc54 | ||
1923 | |||
1924 | commit 747e25192f436e71dd39e15d65aa32bca967533a | ||
1925 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1926 | Date: Sun Dec 15 20:57:15 2019 +0000 | ||
1927 | |||
1928 | upstream: do not attempt to find an absolute path for sshd_config | ||
1929 | |||
1930 | SecurityKeyProvider=internal - unbreaks cfgparse regress test | ||
1931 | |||
1932 | OpenBSD-Commit-ID: d2ddcf525c0dc3c8339522360c10b3c70f1fd641 | ||
1933 | |||
1934 | commit 9b6e30b96b094ad787511a5b989253e3b8fe1789 | ||
1935 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1936 | Date: Sun Dec 15 19:47:10 2019 +0000 | ||
1937 | |||
1938 | upstream: allow ssh-keyscan to find security key hostkeys | ||
1939 | |||
1940 | OpenBSD-Commit-ID: 1fe822a7f714df19a7e7184e3a3bbfbf546811d3 | ||
1941 | |||
1942 | commit 56584cce75f3d20aaa30befc7cbd331d922927f3 | ||
1943 | Author: djm@openbsd.org <djm@openbsd.org> | ||
1944 | Date: Sun Dec 15 18:57:30 2019 +0000 | ||
1945 | |||
1946 | upstream: allow security keys to act as host keys as well as user | ||
1947 | |||
1948 | keys. | ||
1949 | |||
1950 | Previously we didn't do this because we didn't want to expose | ||
1951 | the attack surface presented by USB and FIDO protocol handling, | ||
1952 | but now that this is insulated behind ssh-sk-helper there is | ||
1953 | less risk. | ||
1954 | |||
1955 | ok markus@ | ||
1956 | |||
1957 | OpenBSD-Commit-ID: 77b068dd133b8d87e0f010987bd5131e640ee64c | ||
1958 | |||
1959 | commit 5af6fd5461bb709304e6979c8b7856c7af921c9e | ||
1960 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1961 | Date: Mon Dec 16 13:55:56 2019 +1100 | ||
1962 | |||
1963 | Allow clock_nanosleep_time64 in seccomp sandbox. | ||
1964 | |||
1965 | Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com. | ||
1966 | |||
1967 | commit fff8ff6dd580e1a72ba09a6775d185175cdc8d13 | ||
1968 | Author: Darren Tucker <dtucker@dtucker.net> | ||
1969 | Date: Sun Dec 15 18:27:02 2019 +1100 | ||
1970 | |||
1971 | Put SK ECDSA bits inside ifdef OPENSSL_HAS_ECC. | ||
1972 | |||
1973 | Fixes build when linking against OpenSSLs built with no-ec. | ||
1974 | |||
1975 | commit 9244990ecdcfa36bb9371058111685b05f201c1e | ||
1976 | Author: Damien Miller <djm@mindrot.org> | ||
1977 | Date: Sat Dec 14 09:21:46 2019 +1100 | ||
1978 | |||
1979 | remove a bunch of ENABLE_SK #ifdefs | ||
1980 | |||
1981 | The ssh-sk-helper client API gives us a nice place to disable | ||
1982 | security key support when it is wasn't enabled at compile time, | ||
1983 | so we don't need to check everywere. | ||
1984 | |||
1985 | Also, verification of security key signatures can remain enabled | ||
1986 | all the time - it has no additional dependencies. So sshd can | ||
1987 | accept security key pubkeys in authorized_keys, etc regardless of | ||
1988 | the host's support for dlopen, etc. | ||
1989 | |||
1990 | commit a33ab1688b5c460a7e2a301418241ce1b13b2638 | ||
1991 | Author: Damien Miller <djm@mindrot.org> | ||
1992 | Date: Sat Dec 14 09:15:06 2019 +1100 | ||
1993 | |||
1994 | ssh-sk-client.c needs includes.h | ||
1995 | |||
1996 | commit 633778d567ad50b63d2a3bca5e1b97d279d236d9 | ||
1997 | Author: Damien Miller <djm@mindrot.org> | ||
1998 | Date: Sat Dec 14 08:40:33 2019 +1100 | ||
1999 | |||
2000 | only link ssh-sk-helper against libfido2 | ||
2001 | |||
2002 | commit 7b47b40b170db4d6f41da0479575f6d99dd7228a | ||
2003 | Author: Damien Miller <djm@mindrot.org> | ||
2004 | Date: Sat Dec 14 08:20:52 2019 +1100 | ||
2005 | |||
2006 | adapt Makefile to ssh-sk-client everywhere | ||
2007 | |||
2008 | commit f45f3a8a12e2bee601046b916e6c5cd6eae08048 | ||
2009 | Author: Damien Miller <djm@mindrot.org> | ||
2010 | Date: Sat Dec 14 07:53:11 2019 +1100 | ||
2011 | |||
2012 | fixup | ||
2013 | |||
2014 | commit d21434766764d5babf99fc3937c19b625c0f6334 | ||
2015 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2016 | Date: Fri Dec 13 20:16:56 2019 +0000 | ||
2017 | |||
2018 | upstream: actually commit the ssh-sk-helper client code; ok markus | ||
2019 | |||
2020 | OpenBSD-Commit-ID: fd2ea776a5bbbf4d452989d3c3054cf25a5e0589 | ||
2021 | |||
2022 | commit 611073fb40ecaf4ac65094e403edea3a08deb700 | ||
2023 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2024 | Date: Fri Dec 13 19:11:14 2019 +0000 | ||
2025 | |||
2026 | upstream: perform security key enrollment via ssh-sk-helper too. | ||
2027 | |||
2028 | This means that ssh-keygen no longer needs to link against ssh-sk-helper, and | ||
2029 | only ssh-sk-helper needs libfido2 and /dev/uhid* access; | ||
2030 | |||
2031 | feedback & ok markus@ | ||
2032 | |||
2033 | OpenBSD-Commit-ID: 9464233fab95708d2ff059f8bee29c0d1f270800 | ||
2034 | |||
2035 | commit 612b1dd1ec91ffb1e01f58cca0c6eb1d47bf4423 | ||
2036 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2037 | Date: Fri Dec 13 19:09:37 2019 +0000 | ||
2038 | |||
2039 | upstream: allow sshbuf_put_stringb(buf, NULL); ok markus@ | ||
2040 | |||
2041 | OpenBSD-Commit-ID: 91482c1ada9adb283165d48dafbb88ae91c657bd | ||
2042 | |||
2043 | commit b52ec0ba3983859514aa7b57d6100fa9759fe696 | ||
2044 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2045 | Date: Fri Dec 13 19:09:10 2019 +0000 | ||
2046 | |||
2047 | upstream: use ssh-sk-helper for all security key signing operations | ||
2048 | |||
2049 | This extracts and refactors the client interface for ssh-sk-helper | ||
2050 | from ssh-agent and generalises it for use by the other programs. | ||
2051 | This means that most OpenSSH tools no longer need to link against | ||
2052 | libfido2 or directly interact with /dev/uhid* | ||
2053 | |||
2054 | requested by, feedback and ok markus@ | ||
2055 | |||
2056 | OpenBSD-Commit-ID: 1abcd3aea9a7460eccfbf8ca154cdfa62f1dc93f | ||
2057 | |||
2058 | commit c33d46868c3d88e04a92610cdb429094aeeb5847 | ||
2059 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2060 | Date: Wed Dec 11 22:19:47 2019 +0000 | ||
2061 | |||
2062 | upstream: add a note about the 'extensions' field in the signed | ||
2063 | |||
2064 | object | ||
2065 | |||
2066 | OpenBSD-Commit-ID: 67c01e0565b258e0818c1ccfe1f1aeaf9a0d4c7b | ||
2067 | |||
2068 | commit a62f4e1960691f3aeb1f972e009788b29e2ae464 | ||
2069 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2070 | Date: Tue Dec 10 23:37:31 2019 +0000 | ||
2071 | |||
2072 | upstream: some more corrections for documentation problems spotted | ||
2073 | |||
2074 | by Ron Frederick | ||
2075 | |||
2076 | document certifiate private key format | ||
2077 | correct flags type for sk-ssh-ed25519@openssh.com keys | ||
2078 | |||
2079 | OpenBSD-Commit-ID: fc4e9a1ed7f9f7f9dd83e2e2c59327912e933e74 | ||
2080 | |||
2081 | commit 22d4beb79622fc82d7111ac941269861fc7aef8d | ||
2082 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2083 | Date: Tue Dec 10 23:21:56 2019 +0000 | ||
2084 | |||
2085 | upstream: loading security keys into ssh-agent used the extension | ||
2086 | |||
2087 | constraint "sk-provider@openssh.com", not "sk@openssh.com"; spotted by Ron | ||
2088 | Frederick | ||
2089 | |||
2090 | OpenBSD-Commit-ID: dbfba09edbe023abadd5f59c1492df9073b0e51d | ||
2091 | |||
2092 | commit 75f7f22a43799f6d25dffd9d6683de1601da05a3 | ||
2093 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2094 | Date: Tue Dec 10 22:43:19 2019 +0000 | ||
2095 | |||
2096 | upstream: add security key types to list of keys allowed to act as | ||
2097 | |||
2098 | CAs; spotted by Ron Frederick | ||
2099 | |||
2100 | OpenBSD-Commit-ID: 9bb0dfff927b4f7aa70679f983f84c69d45656c3 | ||
2101 | |||
2102 | commit 516605f2d596884cedc2beed6b262716ec76f63d | ||
2103 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2104 | Date: Tue Dec 10 22:37:20 2019 +0000 | ||
2105 | |||
2106 | upstream: when acting as a CA and using a security key as the CA | ||
2107 | |||
2108 | key, remind the user to touch they key to authorise the signature. | ||
2109 | |||
2110 | OpenBSD-Commit-ID: fe58733edd367362f9766b526a8b56827cc439c1 | ||
2111 | |||
2112 | commit c4036fe75ea5a4d03a2a40be1f3660dcbbfa01b2 | ||
2113 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2114 | Date: Tue Dec 10 22:36:08 2019 +0000 | ||
2115 | |||
2116 | upstream: chop some unnecessary and confusing verbiage from the | ||
2117 | |||
2118 | security key protocol description; feedback from Ron Frederick | ||
2119 | |||
2120 | OpenBSD-Commit-ID: 048c9483027fbf9c995e5a51b3ac502989085a42 | ||
2121 | |||
2122 | commit 59175a350fe1091af7528b2971e3273aa7ca7295 | ||
2123 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2124 | Date: Fri Dec 6 03:06:08 2019 +0000 | ||
2125 | |||
2126 | upstream: fix setting of $SSH_ASKPASS_PROMPT - it shouldn't be set | ||
2127 | |||
2128 | when asking passphrases, only when confirming the use of a key (i.e. for | ||
2129 | ssh-agent keys added with "ssh-add -c keyfile") | ||
2130 | |||
2131 | OpenBSD-Commit-ID: 6643c82960d9427d5972eb702c917b3b838ecf89 | ||
2132 | |||
2133 | commit 36eaa356d391a23a2d4e3a8aaa0223abc70b9822 | ||
2134 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2135 | Date: Fri Dec 6 02:55:21 2019 +0000 | ||
2136 | |||
2137 | upstream: bring the __func__ | ||
2138 | |||
2139 | OpenBSD-Commit-ID: 71a3a45b0fe1b8f680ff95cf264aa81f7abbff67 | ||
2140 | |||
2141 | commit 483cc723d1ff3b7fdafc6239348040a608ebc78d | ||
2142 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2143 | Date: Sat Nov 30 07:07:59 2019 +0000 | ||
2144 | |||
2145 | upstream: tweak the Nd lines for a bit of consistency; ok markus | ||
2146 | |||
2147 | OpenBSD-Commit-ID: 876651bdde06bc1e72dd4bd7ad599f42a6ce5a16 | ||
2148 | |||
2149 | commit afffd310360b155df2133d1f5f1ab2f4e939b570 | ||
2150 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2151 | Date: Wed Dec 11 13:22:06 2019 +1100 | ||
2152 | |||
2153 | Check if memmem is declared in system headers. | ||
2154 | |||
2155 | If the system (or one of the dependencies) implements memmem but does | ||
2156 | not define the header, we would not declare it either resulting in | ||
2157 | compiler warnings. Check for declaration explicitly. bz#3102. | ||
2158 | |||
2159 | commit ad8cd420797695f3b580aea1034b9de60bede9b9 | ||
2160 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2161 | Date: Wed Dec 11 13:12:01 2019 +1100 | ||
2162 | |||
2163 | Sort depends. | ||
2164 | |||
2165 | commit 5e3abff39e01817f6866494416f2ada25c316018 | ||
2166 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2167 | Date: Wed Dec 11 13:09:34 2019 +1100 | ||
2168 | |||
2169 | Sort .depend when rebuilding. | ||
2170 | |||
2171 | This makes diffs more stable between makedepend implementations. | ||
2172 | |||
2173 | commit 5df9d1f5c0943367d9b68435f4c82224ce11a73f | ||
2174 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2175 | Date: Wed Dec 11 13:06:43 2019 +1100 | ||
2176 | |||
2177 | Update depend to include sk files. | ||
2178 | |||
2179 | commit 9a967c5bbfca35835165f7d8a6165009f5b21872 | ||
2180 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2181 | Date: Mon Dec 9 20:25:26 2019 +1100 | ||
2182 | |||
2183 | Describe how to build libcrypto as PIC. | ||
2184 | |||
2185 | While there, move the OpenSSL 1.1.0g caveat closer to the other version | ||
2186 | information. | ||
2187 | |||
2188 | commit b66fa5da25c4b5b67cf9f0ce7af513f5a6a6a686 | ||
2189 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2190 | Date: Mon Dec 9 17:23:22 2019 +1100 | ||
2191 | |||
2192 | Recommend running LibreSSL or OpenSSL self-tests. | ||
2193 | |||
2194 | commit fa7924008e838cded7e8a561356ffe5e06e0ed64 | ||
2195 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2196 | Date: Fri Dec 6 14:17:26 2019 +1100 | ||
2197 | |||
2198 | Wrap ECC specific bits in ifdef. | ||
2199 | |||
2200 | Fixes tests when built against an OpenSSL configured with no-ec. | ||
2201 | |||
2202 | commit 2ff822eabd7d4461743f22d3b9ba35ab76069df5 | ||
2203 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2204 | Date: Fri Nov 29 20:21:36 2019 +1100 | ||
2205 | |||
2206 | Wrap sha2.h include in ifdef. | ||
2207 | |||
2208 | Fixes build --without-openssl on at least Fedora. | ||
2209 | |||
2210 | commit 443848155ffcda65a6077aac118c861b503a093f | ||
2211 | Author: Damien Miller <djm@mindrot.org> | ||
2212 | Date: Fri Nov 29 15:10:21 2019 +1100 | ||
2213 | |||
2214 | compile sk-dummy.so with no-PIE version of LDFLAGS | ||
2215 | |||
2216 | This lets it pick up the -L path to libcrypto for example. | ||
2217 | |||
2218 | commit 37f5b5346e4cc6a894245aa89d2930649bb7045b | ||
2219 | Author: Damien Miller <djm@mindrot.org> | ||
2220 | Date: Fri Nov 29 14:48:46 2019 +1100 | ||
2221 | |||
2222 | includes.h for sk-dummy.c, dummy | ||
2223 | |||
2224 | commit b218055e59a7c1a1816f7a55ca18e3f3c05d63a4 | ||
2225 | Author: Damien Miller <djm@mindrot.org> | ||
2226 | Date: Fri Nov 29 12:32:23 2019 +1100 | ||
2227 | |||
2228 | (yet) another x-platform fix for sk-dummy.so | ||
2229 | |||
2230 | Check for -fPIC support from compiler | ||
2231 | |||
2232 | Compile libopenbsd-compat -fPIC | ||
2233 | |||
2234 | Don't mix -fPIE and -fPIC when compiling | ||
2235 | |||
2236 | commit 0dedb703adcd98d0dbc4479f5f312a2bd3df2850 | ||
2237 | Author: Damien Miller <djm@mindrot.org> | ||
2238 | Date: Fri Nov 29 11:53:57 2019 +1100 | ||
2239 | |||
2240 | needs includes.h for WITH_OPENSSL | ||
2241 | |||
2242 | commit ef3853bb94c2c72e7eda0de6cec0bcb1da62058f | ||
2243 | Author: Damien Miller <djm@mindrot.org> | ||
2244 | Date: Fri Nov 29 11:52:23 2019 +1100 | ||
2245 | |||
2246 | another attempt at sk-dummy.so working x-platform | ||
2247 | |||
2248 | include a fatal() implementation to satisfy libopenbsd-compat | ||
2249 | |||
2250 | clean up .lo and .so files | ||
2251 | |||
2252 | .gitignore .lo and .so files | ||
2253 | |||
2254 | commit d46ac56f1cbd5a855a2d5e7309f90d383dcf6431 | ||
2255 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2256 | Date: Fri Nov 29 00:13:29 2019 +0000 | ||
2257 | |||
2258 | upstream: lots of dependencies go away here with ed25519 no longer | ||
2259 | |||
2260 | needing the ssh_digest API. | ||
2261 | |||
2262 | OpenBSD-Regress-ID: 785847ec78cb580d141e29abce351a436d6b5d49 | ||
2263 | |||
2264 | commit 7404b81f25a4a7847380c0f0cf7f1bea5f0a5cd3 | ||
2265 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2266 | Date: Fri Nov 29 00:11:21 2019 +0000 | ||
2267 | |||
2268 | upstream: perform hashing directly in crypto_hash_sha512() using | ||
2269 | |||
2270 | libcrypto or libc SHA512 functions rather than calling ssh_digest_memory(); | ||
2271 | avoids many dependencies on ssh code that complicate standalone use of | ||
2272 | ed25519, as we want to do in sk-dummy.so | ||
2273 | |||
2274 | OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d | ||
2275 | |||
2276 | commit d39a865b7af93a7a9b5a64cf7cf0ef4396c80ba3 | ||
2277 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2278 | Date: Thu Nov 28 12:24:31 2019 +0000 | ||
2279 | |||
2280 | upstream: improve the text for -A a little; input from naddy and | ||
2281 | |||
2282 | djm | ||
2283 | |||
2284 | OpenBSD-Commit-ID: f9cdfb1d6dbb9887c4bf3bb25f9c7a94294c988d | ||
2285 | |||
2286 | commit 9a0e01bd0c61f553ead96b5af84abd73865847b8 | ||
2287 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2288 | Date: Thu Nov 28 12:23:25 2019 +0000 | ||
2289 | |||
2290 | upstream: reshuffle the text to read better; input from naddy, | ||
2291 | |||
2292 | djmc, and dtucker | ||
2293 | |||
2294 | OpenBSD-Commit-ID: a0b2aca2b67614dda3d6618ea097bf0610c35013 | ||
2295 | |||
2296 | commit 5ca52c0f2e5e7f7d01d8d557b994b5c2087bed00 | ||
2297 | Author: Damien Miller <djm@mindrot.org> | ||
2298 | Date: Thu Nov 28 18:09:07 2019 +1100 | ||
2299 | |||
2300 | $< doesn't work as` I thought; explicily list objs | ||
2301 | |||
2302 | commit 18e84bfdc5906a73405c3b42d7f840013bbffe34 | ||
2303 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2304 | Date: Thu Nov 28 05:20:54 2019 +0000 | ||
2305 | |||
2306 | upstream: tweak wording | ||
2307 | |||
2308 | OpenBSD-Commit-ID: bd002ca1599b71331faca735ff5f6de29e32222e | ||
2309 | |||
2310 | commit 8ef5bf9d03aa0f047711cff47f5ffbe3b33ff8c9 | ||
2311 | Author: Damien Miller <djm@mindrot.org> | ||
2312 | Date: Thu Nov 28 13:12:30 2019 +1100 | ||
2313 | |||
2314 | missing .SUFFIXES line makes make sad | ||
2315 | |||
2316 | commit 323da82b8ea993b7f2c5793fd53b4f5ca105d19d | ||
2317 | Author: Damien Miller <djm@mindrot.org> | ||
2318 | Date: Thu Nov 28 09:53:42 2019 +1100 | ||
2319 | |||
2320 | (hopefully) fix out of tree builds of sk-dummy.so | ||
2321 | |||
2322 | commit d8b2838c5d19bf409d44ede4d32df8ee47aeb4cd | ||
2323 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2324 | Date: Wed Nov 27 22:32:11 2019 +0000 | ||
2325 | |||
2326 | upstream: remove stray semicolon after closing brace of function; | ||
2327 | |||
2328 | from Michael Forney | ||
2329 | |||
2330 | OpenBSD-Commit-ID: fda95acb799bb160d15e205ee126117cf33da3a7 | ||
2331 | |||
2332 | commit 6e1d1bbf5a3eca875005e0c87f341a0a03799809 | ||
2333 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2334 | Date: Wed Nov 27 05:38:43 2019 +0000 | ||
2335 | |||
2336 | upstream: Revert previous commit. The channels code still uses int | ||
2337 | |||
2338 | in many places for channel ids so the INT_MAX check still makes sense. | ||
2339 | |||
2340 | OpenBSD-Commit-ID: 532e4b644791b826956c3c61d6ac6da39bac84bf | ||
2341 | |||
2342 | commit 48989244658b9748b6801034ff4ffbdfc6b1520f | ||
2343 | Author: Damien Miller <djm@mindrot.org> | ||
2344 | Date: Wed Nov 27 16:03:12 2019 +1100 | ||
2345 | |||
2346 | wire sk-dummy.so into test suite | ||
2347 | |||
2348 | commit f79364bacaebde4f1c260318ab460fceacace02f | ||
2349 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2350 | Date: Wed Nov 27 05:00:17 2019 +0000 | ||
2351 | |||
2352 | upstream: use error()+_exit() instead of fatal() to avoid running | ||
2353 | |||
2354 | cleanup handlers in child process; spotted via weird regress failures in | ||
2355 | portable | ||
2356 | |||
2357 | OpenBSD-Commit-ID: 6902a9bb3987c7d347774444f7979b8a9ba7f412 | ||
2358 | |||
2359 | commit 70ec5e5e2681bcd409a9df94a2fec6f57a750945 | ||
2360 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2361 | Date: Wed Nov 27 03:34:04 2019 +0000 | ||
2362 | |||
2363 | upstream: Make channel_id u_int32_t and remove unnecessary check | ||
2364 | |||
2365 | and cast that were left over from the type conversion. Noted by | ||
2366 | t-hashida@amiya.co.jp in bz#3098, ok markus@ djm@ | ||
2367 | |||
2368 | OpenBSD-Commit-ID: 3ad105b6a905284e780b1fd7ff118e1c346e90b5 | ||
2369 | |||
2370 | commit ad44ca81bea83657d558aaef5a1d789a9032bac3 | ||
2371 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2372 | Date: Tue Nov 26 23:43:10 2019 +0000 | ||
2373 | |||
2374 | upstream: test FIDO2/U2F key types; ok markus@ | ||
2375 | |||
2376 | OpenBSD-Regress-ID: 367e06d5a260407619b4b113ea0bd7004a435474 | ||
2377 | |||
2378 | commit c6efa8a91af1d4fdb43909a23a0a4ffa012155ad | ||
2379 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2380 | Date: Tue Nov 26 23:41:23 2019 +0000 | ||
2381 | |||
2382 | upstream: add dummy security key middleware based on work by | ||
2383 | |||
2384 | markus@ | ||
2385 | |||
2386 | This will allow us to test U2F/FIDO2 support in OpenSSH without | ||
2387 | requiring real hardware. | ||
2388 | |||
2389 | ok markus@ | ||
2390 | |||
2391 | OpenBSD-Regress-ID: 88b309464b8850c320cf7513f26d97ee1fdf9aae | ||
2392 | |||
2393 | commit 8635afa1cdc21366d61730d943f3cf61861899c8 | ||
2394 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2395 | Date: Tue Nov 26 22:42:26 2019 +0000 | ||
2396 | |||
2397 | upstream: tweak previous; | ||
2398 | |||
2399 | OpenBSD-Commit-ID: a4c097364c75da320f1b291568db830fb1ee4883 | ||
2400 | |||
2401 | commit e0d38ae9bc8c0de421605b9021d8144e4d8ff22b | ||
2402 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2403 | Date: Tue Nov 26 03:04:27 2019 +0000 | ||
2404 | |||
2405 | upstream: more debugging; behind DEBUG_SK | ||
2406 | |||
2407 | OpenBSD-Commit-ID: a978896227118557505999ddefc1f4c839818b60 | ||
2408 | |||
2409 | commit 9281d4311b8abc63b88259f354944c53f9b0b3c7 | ||
2410 | Author: Damien Miller <djm@mindrot.org> | ||
2411 | Date: Mon Nov 25 21:47:49 2019 +1100 | ||
2412 | |||
2413 | unbreak fuzzers for recent security key changes | ||
2414 | |||
2415 | commit c5f1cc993597fed0a9013743556b1567f476c677 | ||
2416 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2417 | Date: Mon Nov 25 10:32:35 2019 +0000 | ||
2418 | |||
2419 | upstream: unbreak tests for recent security key changes | ||
2420 | |||
2421 | OpenBSD-Regress-ID: 2cdf2fcae9962ca4d711338f3ceec3c1391bdf95 | ||
2422 | |||
2423 | commit 64988266820cc90a45a21672be9d762cbde8d34d | ||
2424 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2425 | Date: Mon Nov 25 06:53:04 2019 +0000 | ||
2426 | |||
2427 | upstream: unbreak after security key support landed | ||
2428 | |||
2429 | OpenBSD-Regress-ID: 3ab578b0dbeb2aa6d9969b54a9c1bad329c0dcba | ||
2430 | |||
2431 | commit e65e25c81e22ea622e89a142a303726a3882384f | ||
2432 | Author: tb@openbsd.org <tb@openbsd.org> | ||
2433 | Date: Thu Nov 21 05:18:47 2019 +0000 | ||
2434 | |||
2435 | upstream: Remove workaround for broken 'openssl rsa -text' output | ||
2436 | |||
2437 | that was fixed in libcrypto/rsa/rsa_ameth.c r1.24. | ||
2438 | |||
2439 | ok dtucker inoguchi | ||
2440 | |||
2441 | OpenBSD-Regress-ID: c260edfac177daa8fcce90141587cf04a95c4f5f | ||
2442 | |||
2443 | commit 21377ec2a9378579ba4b44a681af7bbca77581f4 | ||
2444 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2445 | Date: Mon Nov 25 10:23:36 2019 +0000 | ||
2446 | |||
2447 | upstream: redundant test | ||
2448 | |||
2449 | OpenBSD-Commit-ID: 38fa7806c528a590d91ae560e67bd8b246c2d7a3 | ||
2450 | |||
2451 | commit 664deef95a2e770812533439b8bdd3f3c291ae59 | ||
2452 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2453 | Date: Mon Nov 25 00:57:51 2019 +0000 | ||
2454 | |||
2455 | upstream: document the "no-touch-required" certificate extension; | ||
2456 | |||
2457 | ok markus, feedback deraadt | ||
2458 | |||
2459 | OpenBSD-Commit-ID: 47640122b13f825e9c404ea99803b2372246579d | ||
2460 | |||
2461 | commit 26cb128b31efdd5395153f4943f5be3eddc07033 | ||
2462 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2463 | Date: Mon Nov 25 00:57:27 2019 +0000 | ||
2464 | |||
2465 | upstream: Print a key touch reminder when generating a security | ||
2466 | |||
2467 | key. Most keys require a touch to authorize the operation. | ||
2468 | |||
2469 | OpenBSD-Commit-ID: 7fe8b23edbf33e1bb81741b9f25e9a63be5f6b68 | ||
2470 | |||
2471 | commit daeaf4136927c2a82af1399022103d67ff03f74a | ||
2472 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2473 | Date: Mon Nov 25 00:55:58 2019 +0000 | ||
2474 | |||
2475 | upstream: allow "ssh-keygen -x no-touch-required" when generating a | ||
2476 | |||
2477 | security key keypair to request one that does not require a touch for each | ||
2478 | authentication attempt. The default remains to require touch. | ||
2479 | |||
2480 | feedback deraadt; ok markus@ | ||
2481 | |||
2482 | OpenBSD-Commit-ID: 887e7084b2e89c0c62d1598ac378aad8e434bcbd | ||
2483 | |||
2484 | commit 2e71263b80fec7ad977e098004fef7d122169d40 | ||
2485 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2486 | Date: Mon Nov 25 00:54:23 2019 +0000 | ||
2487 | |||
2488 | upstream: add a "no-touch-required" option for authorized_keys and | ||
2489 | |||
2490 | a similar extension for certificates. This option disables the default | ||
2491 | requirement that security key signatures attest that the user touched their | ||
2492 | key to authorize them. | ||
2493 | |||
2494 | feedback deraadt, ok markus | ||
2495 | |||
2496 | OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e | ||
2497 | |||
2498 | commit 0fddf2967ac51d518e300408a0d7e6adf4cd2634 | ||
2499 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2500 | Date: Mon Nov 25 00:52:46 2019 +0000 | ||
2501 | |||
2502 | upstream: Add a sshd_config PubkeyAuthOptions directive | ||
2503 | |||
2504 | This directive has a single valid option "no-touch-required" that | ||
2505 | causes sshd to skip checking whether user presence was tested before | ||
2506 | a security key signature was made (usually by the user touching the | ||
2507 | key). | ||
2508 | |||
2509 | ok markus@ | ||
2510 | |||
2511 | OpenBSD-Commit-ID: 46e434a49802d4ed82bc0aa38cb985c198c407de | ||
2512 | |||
2513 | commit b7e74ea072919b31391bc0f5ff653f80b9f5e84f | ||
2514 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2515 | Date: Mon Nov 25 00:51:37 2019 +0000 | ||
2516 | |||
2517 | upstream: Add new structure for signature options | ||
2518 | |||
2519 | This is populated during signature verification with additional fields | ||
2520 | that are present in and covered by the signature. At the moment, it is | ||
2521 | only used to record security key-specific options, especially the flags | ||
2522 | field. | ||
2523 | |||
2524 | with and ok markus@ | ||
2525 | |||
2526 | OpenBSD-Commit-ID: 338a1f0e04904008836130bedb9ece4faafd4e49 | ||
2527 | |||
2528 | commit d2b0f88178ec9e3f11b606bf1004ac2fe541a2c3 | ||
2529 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2530 | Date: Mon Nov 25 00:38:17 2019 +0000 | ||
2531 | |||
2532 | upstream: memleak in error path | ||
2533 | |||
2534 | OpenBSD-Commit-ID: 93488431bf02dde85a854429362695d2d43d9112 | ||
2535 | |||
2536 | commit e2c0a21ade5e0bd7f0aab08d7eb9457f086681e9 | ||
2537 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2538 | Date: Fri Nov 22 06:50:30 2019 +0000 | ||
2539 | |||
2540 | upstream: Wait for FD to be readable or writeable during a nonblocking | ||
2541 | |||
2542 | connect, not just readable. Prevents a timeout when the server doesn't | ||
2543 | immediately send a banner (eg multiplexers like sslh) but is also slightly | ||
2544 | quicker for other connections since, unlike ssh1, ssh2 doesn't specify | ||
2545 | that the client should parse the server banner before sending its own. | ||
2546 | Patch from mnissler@chromium.org, ok djm@ | ||
2547 | |||
2548 | OpenBSD-Commit-ID: aba9cd8480d1d9dd31d0ca0422ea155c26c5df1d | ||
2549 | |||
2550 | commit 2f95d43dc222ce194622b706682e8de07c9cfb42 | ||
2551 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2552 | Date: Wed Nov 20 16:34:11 2019 +1100 | ||
2553 | |||
2554 | Include openssl compat header. | ||
2555 | |||
2556 | Fixes warning for ECDSA_SIG_set0 on OpenSSL versions prior to 1.1. | ||
2557 | |||
2558 | commit a70d92f236576c032a45c39e68ca0d71e958d19d | ||
2559 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2560 | Date: Tue Nov 19 22:23:19 2019 +0000 | ||
2561 | |||
2562 | upstream: adjust on-wire signature encoding for ecdsa-sk keys to | ||
2563 | |||
2564 | better match ec25519-sk keys. Discussed with markus@ and Sebastian Kinne | ||
2565 | |||
2566 | NB. if you are depending on security keys (already?) then make sure you | ||
2567 | update both your clients and servers. | ||
2568 | |||
2569 | OpenBSD-Commit-ID: 53d88d8211f0dd02a7954d3af72017b1a79c0679 | ||
2570 | |||
2571 | commit 26369a5f7d9c4e4ef44a3e04910126e1bcea43d8 | ||
2572 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2573 | Date: Tue Nov 19 22:21:15 2019 +0000 | ||
2574 | |||
2575 | upstream: a little more information from the monitor when signature | ||
2576 | |||
2577 | verification fails. | ||
2578 | |||
2579 | OpenBSD-Commit-ID: e6a30071e0518cac512f9e10be3dc3500e2003f3 | ||
2580 | |||
2581 | commit 4402d6c9b5bf128dcfae2429f1d41cdaa8849b6b | ||
2582 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2583 | Date: Tue Nov 19 16:02:32 2019 +0000 | ||
2584 | |||
2585 | upstream: revert previous: naddy pointed out what's meant to | ||
2586 | |||
2587 | happen. rethink needed... | ||
2588 | |||
2589 | OpenBSD-Commit-ID: fb0fede8123ea7f725fd65e00d49241c40bd3421 | ||
2590 | |||
2591 | commit 88056f881315233e990e4e04a815f8f96b4674e1 | ||
2592 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2593 | Date: Tue Nov 19 14:54:47 2019 +0000 | ||
2594 | |||
2595 | upstream: -c and -s do not make sense with -k; reshuffle -k into | ||
2596 | |||
2597 | the main synopsis/usage; ok djm | ||
2598 | |||
2599 | OpenBSD-Commit-ID: f881ba253da015398ae8758d973e3390754869bc | ||
2600 | |||
2601 | commit 2cf262c21f35296c2ff718cfdb52e0473a1c3983 | ||
2602 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2603 | Date: Mon Nov 18 23:17:48 2019 +0000 | ||
2604 | |||
2605 | upstream: document '$' environment variable expansion for | ||
2606 | |||
2607 | SecurityKeyProvider; ok djm@ | ||
2608 | |||
2609 | OpenBSD-Commit-ID: 76db507ebd336a573e1cd4146cc40019332c5799 | ||
2610 | |||
2611 | commit f0edda81c5ebccffcce52b182c3033531a1aab71 | ||
2612 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2613 | Date: Mon Nov 18 23:16:49 2019 +0000 | ||
2614 | |||
2615 | upstream: more missing mentions of ed25519-sk; ok djm@ | ||
2616 | |||
2617 | OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff | ||
2618 | |||
2619 | commit 189550f5bc85148e85f4caa1f6b2fc623149a4ee | ||
2620 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2621 | Date: Mon Nov 18 16:10:05 2019 +0000 | ||
2622 | |||
2623 | upstream: additional missing stdarg.h includes when built without | ||
2624 | |||
2625 | WITH_OPENSSL; ok djm@ | ||
2626 | |||
2627 | OpenBSD-Commit-ID: 881f9a2c4e2239849cee8bbf4faec9bab128f55b | ||
2628 | |||
2629 | commit 723a5369864b338c48d22854bc2bb4ee5c083deb | ||
2630 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
2631 | Date: Mon Nov 18 16:08:57 2019 +0000 | ||
2632 | |||
2633 | upstream: add the missing WITH_OPENSSL ifdefs after the ED25519-SK | ||
2634 | |||
2635 | addition; ok djm@ | ||
2636 | |||
2637 | OpenBSD-Commit-ID: a9545e1c273e506cf70e328cbb9d0129b6d62474 | ||
2638 | |||
2639 | commit 478f4f98e4e93ae4ed1a8911dec4e5b75ea10f30 | ||
2640 | Author: Damien Miller <djm@mindrot.org> | ||
2641 | Date: Tue Nov 19 08:52:24 2019 +1100 | ||
2642 | |||
2643 | remove all EC algs from proposals, no just sk ones | ||
2644 | |||
2645 | ok dtucker@ | ||
2646 | |||
2647 | commit 6a7ef310da100f876a257b7367e3b0766dac3994 | ||
2648 | Author: Damien Miller <djm@mindrot.org> | ||
2649 | Date: Mon Nov 18 22:22:04 2019 +1100 | ||
2650 | |||
2651 | filter PUBKEY_DEFAULT_PK_ALG for ECC algorithms | ||
2652 | |||
2653 | Remove ECC algorithms from the PUBKEY_DEFAULT_PK_ALG list when | ||
2654 | compiling without ECC support in libcrypto. | ||
2655 | |||
2656 | commit 64f56f1d1af3947a71a4c391f2c08747d19ee591 | ||
2657 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
2658 | Date: Mon Nov 18 09:15:17 2019 +0000 | ||
2659 | |||
2660 | upstream: LibreSSL change the format for openssl rsa -text output from | ||
2661 | |||
2662 | "publicExponent" to "Exponent" so accept either. with djm. | ||
2663 | |||
2664 | OpenBSD-Regress-ID: b7e6c4bf700029a31c98be14600d4472fe0467e6 | ||
2665 | |||
2666 | commit 4bfc0503ad94a2a7190686a89649567c20b8534f | ||
2667 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2668 | Date: Mon Nov 18 06:58:00 2019 +0000 | ||
2669 | |||
2670 | upstream: fix a bug that prevented serialisation of ed25519-sk keys | ||
2671 | |||
2672 | OpenBSD-Commit-ID: 066682b79333159cac04fcbe03ebd9c8dcc152a9 | ||
2673 | |||
2674 | commit d88205417084f523107fbe1bc92061635cd57fd2 | ||
2675 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2676 | Date: Mon Nov 18 06:39:36 2019 +0000 | ||
2677 | |||
2678 | upstream: Fix incorrect error message when key certification fails | ||
2679 | |||
2680 | OpenBSD-Commit-ID: 7771bd77ee73f7116df37c734c41192943a73cee | ||
2681 | |||
2682 | commit 740c4bc9875cbb4b9fc03fd5eac19df080f20df5 | ||
2683 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2684 | Date: Mon Nov 18 06:39:02 2019 +0000 | ||
2685 | |||
2686 | upstream: fix bug that prevented certification of ed25519-sk keys | ||
2687 | |||
2688 | OpenBSD-Commit-ID: 64c8cc6f5de2cdd0ee3a81c3a9dee8d862645996 | ||
2689 | |||
2690 | commit 85409cbb505d8c463ab6e2284b4039764c7243de | ||
2691 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2692 | Date: Mon Nov 18 06:24:17 2019 +0000 | ||
2693 | |||
2694 | upstream: allow *-sk key types to be turned into certificates | ||
2695 | |||
2696 | OpenBSD-Commit-ID: cd365ee343934862286d0b011aa77fa739d2a945 | ||
2697 | |||
2698 | commit e2e1283404e06a22ac6135d057199e70dcadb8dd | ||
2699 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2700 | Date: Mon Nov 18 04:55:02 2019 +0000 | ||
2701 | |||
2702 | upstream: mention ed25519-sk key/cert types here too; prompted by | ||
2703 | |||
2704 | jmc@ | ||
2705 | |||
2706 | OpenBSD-Commit-ID: e281977e4a4f121f3470517cbd5e483eee37b818 | ||
2707 | |||
2708 | commit 97dc5d1d82865a7d20f1eb193b5c62ce684024e5 | ||
2709 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2710 | Date: Mon Nov 18 04:50:45 2019 +0000 | ||
2711 | |||
2712 | upstream: mention ed25519-sk in places where it is accepted; | ||
2713 | |||
2714 | prompted by jmc@ | ||
2715 | |||
2716 | OpenBSD-Commit-ID: 076d386739ebe7336c2137e583bc7a5c9538a442 | ||
2717 | |||
2718 | commit 130664344862a8c7afd3e24d8d36ce40af41a99f | ||
2719 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2720 | Date: Mon Nov 18 04:34:47 2019 +0000 | ||
2721 | |||
2722 | upstream: document ed25519-sk pubkey, private key and certificate | ||
2723 | |||
2724 | formats | ||
2725 | |||
2726 | OpenBSD-Commit-ID: 795a7c1c80315412e701bef90e31e376ea2f3c88 | ||
2727 | |||
2728 | commit 71856e1142fc01628ce53098f8cfc74765464b35 | ||
2729 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2730 | Date: Mon Nov 18 04:29:50 2019 +0000 | ||
2731 | |||
2732 | upstream: correct order or ecdsa-sk private key fields | ||
2733 | |||
2734 | OpenBSD-Commit-ID: 4d4a0c13226a79f0080ce6cbe74f73b03ed8092e | ||
2735 | |||
2736 | commit 93fa2a6649ae3e0626cbff25c985a4573d63e3f2 | ||
2737 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2738 | Date: Mon Nov 18 04:16:53 2019 +0000 | ||
2739 | |||
2740 | upstream: correct description of fields in pub/private keys (was | ||
2741 | |||
2742 | missing curve name); spotted by Sebastian Kinne | ||
2743 | |||
2744 | OpenBSD-Commit-ID: 2a11340dc7ed16200342d384fb45ecd4fcce26e7 | ||
2745 | |||
2746 | commit b497e920b409250309c4abe64229237b8f2730ba | ||
2747 | Author: Damien Miller <djm@mindrot.org> | ||
2748 | Date: Mon Nov 18 15:05:04 2019 +1100 | ||
2749 | |||
2750 | Teach the GTK2/3 ssh-askpass the new prompt hints | ||
2751 | |||
2752 | ssh/ssh-agent now sets a hint environment variable $SSH_ASKPASS_PROMPT | ||
2753 | when running the askpass program. This is intended to allow the | ||
2754 | askpass to vary its UI across the three cases it supports: asking for | ||
2755 | a passphrase, confirming the use of a key and (recently) reminding | ||
2756 | a user to touch their security key. | ||
2757 | |||
2758 | This adapts the gnome-ssh-askpass[23] to use these hints. Specifically, | ||
2759 | for SSH_ASKPASS_PROMPT=confirm it will skip the text input box and show | ||
2760 | only "yes"/"no" buttons. For SSH_ASKPASS_PROMPT=none (used to remind | ||
2761 | users to tap their security key), it shows only a "close" button. | ||
2762 | |||
2763 | Help wanted: adapt the other askpass programs in active use, including | ||
2764 | x11-ssh-askpass, lxqt-openssh-askpass, etc. | ||
2765 | |||
2766 | commit 857f49e91eeae6feb781ef5f5e26c38ca3d953ec | ||
2767 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2768 | Date: Mon Nov 18 14:15:26 2019 +1100 | ||
2769 | |||
2770 | Move ifdef OPENSSL_HAS_ECC. | ||
2771 | |||
2772 | Found by -Wimplicit-fallthrough: one ECC case was not inside the ifdef. | ||
2773 | ok djm@ | ||
2774 | |||
2775 | commit 6cf1c40096a79e5eedcf897c7cdb46bb32d4a3ee | ||
2776 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2777 | Date: Mon Nov 18 14:14:18 2019 +1100 | ||
2778 | |||
2779 | Enable -Wimplicit-fallthrough if supported | ||
2780 | |||
2781 | Suggested by djm. | ||
2782 | |||
2783 | commit 103c51fd5f5ddc01cd6b5c1132e711765b921bf5 | ||
2784 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2785 | Date: Mon Nov 18 01:59:48 2019 +0000 | ||
2786 | |||
2787 | upstream: missing break in getopt switch; spotted by Sebastian Kinne | ||
2788 | |||
2789 | OpenBSD-Commit-ID: f002dbf14dba5586e8407e90f0141148ade8e8fc | ||
2790 | |||
2791 | commit 9a1225e8ca2ce1fe809910874935302234399a6d | ||
2792 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2793 | Date: Sat Nov 16 23:17:20 2019 +0000 | ||
2794 | |||
2795 | upstream: tweak debug message | ||
2796 | |||
2797 | OpenBSD-Commit-ID: 2bf336d3be0b7e3dd97920d7e7471146a281d2b9 | ||
2798 | |||
2799 | commit 4103a3ec7c68493dbc4f0994a229507e943a86d3 | ||
2800 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2801 | Date: Sat Nov 16 22:42:30 2019 +0000 | ||
2802 | |||
2803 | upstream: a little debug() in the security key interface | ||
2804 | |||
2805 | OpenBSD-Commit-ID: 4c70300609a5c8b19707207bb7ad4109e963b0e8 | ||
2806 | |||
2807 | commit 05daa211de926f66f50b7380d637f84dc6341574 | ||
2808 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2809 | Date: Sat Nov 16 22:36:48 2019 +0000 | ||
2810 | |||
2811 | upstream: always use ssh-sk-helper, even for the internal USB HID | ||
2812 | |||
2813 | support. This avoid the need for a wpath pledge in ssh-agent. | ||
2814 | |||
2815 | reported by jmc@ | ||
2816 | |||
2817 | OpenBSD-Commit-ID: 19f799c4d020b870741d221335dbfa5e76691c23 | ||
2818 | |||
2819 | commit d431778a561d90131814f986b646299f9af33c8c | ||
2820 | Author: markus@openbsd.org <markus@openbsd.org> | ||
2821 | Date: Fri Nov 15 15:41:01 2019 +0000 | ||
2822 | |||
2823 | upstream: fix typos in sk_enroll | ||
2824 | |||
2825 | OpenBSD-Commit-ID: faa9bf779e008b3e64e2eb1344d9b7d83b3c4487 | ||
2826 | |||
2827 | commit af90aec0443ec51e6b2d804cb91771d3905f8a6f | ||
2828 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
2829 | Date: Fri Nov 15 11:16:28 2019 +0000 | ||
2830 | |||
2831 | upstream: double word; | ||
2832 | |||
2833 | OpenBSD-Commit-ID: 43d09bafa4ea9002078cb30ca9adc3dcc0b9c2b9 | ||
2834 | |||
2835 | commit fd1a96490cef7f945a1b3b5df4e90c8a1070f425 | ||
2836 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2837 | Date: Fri Nov 15 06:00:20 2019 +0000 | ||
2838 | |||
2839 | upstream: remove most uses of BN_CTX | ||
2840 | |||
2841 | We weren't following the rules re BN_CTX_start/BN_CTX_end and the places | ||
2842 | we were using it didn't benefit from its use anyway. ok dtucker@ | ||
2843 | |||
2844 | OpenBSD-Commit-ID: ea9ba6c0d2e6f6adfe00b309a8f41842fe12fc7a | ||
2845 | |||
2846 | commit 39b87104cdd47baf79ef77dc81de62cea07d119f | ||
2847 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2848 | Date: Fri Nov 15 18:56:54 2019 +1100 | ||
2849 | |||
2850 | Add wrappers for other ultrix headers. | ||
2851 | |||
2852 | Wrappers protect against multiple inclusions for headers that don't do | ||
2853 | it themselves. | ||
2854 | |||
2855 | commit 134a74f4e0cf750931f1125beb2a3f40c54c8809 | ||
2856 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2857 | Date: Fri Nov 15 18:55:13 2019 +1100 | ||
2858 | |||
2859 | Add SSIZE_MAX when we define ssize_t. | ||
2860 | |||
2861 | commit 9c6d0a3a1ed77989d8c5436d8c3cc6c7045c0197 | ||
2862 | Author: Darren Tucker <dtucker@dtucker.net> | ||
2863 | Date: Fri Nov 15 17:13:19 2019 +1100 | ||
2864 | |||
2865 | Remove ultrix realpath hack. | ||
2866 | |||
2867 | commit c63fba5e3472307167850bbd84187186af7fa9f0 | ||
2868 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2869 | Date: Fri Nov 15 05:37:27 2019 +0000 | ||
2870 | |||
2871 | upstream: unshield security key privkey before attempting signature | ||
2872 | |||
2873 | in agent. spotted by dtucker@ | ||
2874 | |||
2875 | OpenBSD-Commit-ID: fb67d451665385b8a0a55371231c50aac67b91d2 | ||
2876 | |||
2877 | commit d165bb5396e3f718480e6039ca2cf77f5a2c2885 | ||
2878 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
2879 | Date: Fri Nov 15 05:26:56 2019 +0000 | ||
2880 | |||
2881 | upstream: rewrite c99-ism | ||
2882 | |||
2883 | OpenBSD-Commit-ID: d0c70cca29cfa7e6d9f7ec1d6d5dabea112499b3 | ||
2884 | |||
2885 | commit 03e06dd0e6e1c0a9f4b4b9de7def8a44dcbf93a7 | ||
2886 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
2887 | Date: Fri Nov 15 05:25:52 2019 +0000 | ||
2888 | |||
2889 | upstream: only clang understands those new -W options | ||
2890 | |||
2891 | OpenBSD-Commit-ID: d9b910e412d139141b072a905e66714870c38ac0 | ||
2892 | |||
2893 | commit 5c0bc273cba53f822b7d777bbb6c35d160d3b505 | ||
2894 | Author: Damien Miller <djm@mindrot.org> | ||
2895 | Date: Fri Nov 15 16:08:00 2019 +1100 | ||
2896 | |||
2897 | configure flag to built-in security key support | ||
2898 | |||
2899 | Require --with-security-key-builtin before enabling the built-in | ||
2900 | security key support (and consequent dependency on libfido2). | ||
2901 | |||
2902 | commit fbcb9a7fa55300b8bd4c18bee024c6104c5a25d7 | ||
2903 | Author: Damien Miller <djm@mindrot.org> | ||
2904 | Date: Fri Nov 15 16:06:30 2019 +1100 | ||
2905 | |||
2906 | upstream commit | ||
2907 | |||
2908 | revision 1.48 | ||
2909 | date: 2019/02/04 16:45:40; author: millert; state: Exp; lines: +16 -17; commitid: cpNtVC7erojNyctw; | ||
2910 | Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match POSIX. | ||
2911 | This requires a libc major version bump. OK deraadt@ | ||
2912 | |||
2913 | commit 2cfb11abac85885de0cb888bbeb9a3e4303105ea | ||
2914 | Author: Damien Miller <djm@mindrot.org> | ||
2915 | Date: Fri Nov 15 16:05:07 2019 +1100 | ||
2916 | |||
2917 | upstream commit | ||
2918 | |||
2919 | revision 1.47 | ||
2920 | date: 2017/05/08 14:53:27; author: millert; state: Exp; lines: +34 -21; commitid: sYfxfyUHAfarP8sE; | ||
2921 | Fix exponential CPU use with repeated '*' operators by changing '*' | ||
2922 | handling to be interative instead of recursive. | ||
2923 | Fix by Yves Orton, ported to OpenBSD glob.c by Ray Lai. OK tb@ | ||
2924 | |||
2925 | commit 228dd595c7882bb9b161dbb7d4dca15c8a5f03f5 | ||
2926 | Author: Damien Miller <djm@mindrot.org> | ||
2927 | Date: Fri Nov 15 16:04:28 2019 +1100 | ||
2928 | |||
2929 | upstream commit | ||
2930 | |||
2931 | revision 1.46 | ||
2932 | date: 2015/12/28 22:08:18; author: mmcc; state: Exp; lines: +5 -9; commitid: 0uXuF2O13NH9q2e1; | ||
2933 | Remove NULL-checks before free() and a few related dead assignments. | ||
2934 | |||
2935 | ok and valuable input from millert@ | ||
2936 | |||
2937 | commit a16f748690139b9f452485d97511ad5e578f59b2 | ||
2938 | Author: Damien Miller <djm@mindrot.org> | ||
2939 | Date: Fri Nov 15 16:02:43 2019 +1100 | ||
2940 | |||
2941 | upstream commit | ||
2942 | |||
2943 | revision 1.44 | ||
2944 | date: 2015/09/14 16:09:13; author: tedu; state: Exp; lines: +3 -5; commitid: iWfSX2BIn0sLw62l; | ||
2945 | remove null check before free. from Michael McConville | ||
2946 | ok semarie | ||
2947 | |||
2948 | commit fd37cdeafe25adfcdc752280f535d28de7997ff1 | ||
2949 | Author: Damien Miller <djm@mindrot.org> | ||
2950 | Date: Fri Nov 15 16:02:27 2019 +1100 | ||
2951 | |||
2952 | upstream commit | ||
2953 | |||
2954 | revision 1.43 | ||
2955 | date: 2015/06/13 16:57:04; author: deraadt; state: Exp; lines: +4 -4; commitid: zOUKuqWBdOPOz1SZ; | ||
2956 | in glob() initialize the glob_t before the first failure check. | ||
2957 | from j@pureftpd.org | ||
2958 | ok millert stsp | ||
2959 | |||
2960 | commit fd62769c3882adea118dccaff80a06009874a2d1 | ||
2961 | Author: Damien Miller <djm@mindrot.org> | ||
2962 | Date: Fri Nov 15 16:01:20 2019 +1100 | ||
2963 | |||
2964 | upstream commit | ||
2965 | |||
2966 | revision 1.42 | ||
2967 | date: 2015/02/05 12:59:57; author: millert; state: Exp; lines: +2 -1; commitid: DTQbfd4poqBW8iSJ; | ||
2968 | Include stdint.h, not limits.h to get SIZE_MAX. OK guenther@ | ||
2969 | |||
2970 | commit 2b6cba7ee2b8b36f393be739c860a9d2e5d8eb48 | ||
2971 | Author: Damien Miller <djm@mindrot.org> | ||
2972 | Date: Fri Nov 15 16:00:07 2019 +1100 | ||
2973 | |||
2974 | upstream commit | ||
2975 | |||
2976 | revision 1.41 | ||
2977 | date: 2014/10/08 05:35:27; author: deraadt; state: Exp; lines: +3 -3; commitid: JwTGarRLHQKDgPh2; | ||
2978 | obvious realloc -> reallocarray conversion | ||
2979 | |||
2980 | commit ab3600665387ae34785498558c4409e27f495b0b | ||
2981 | Author: djm@openbsd.org <djm@openbsd.org> | ||
2982 | Date: Fri Nov 15 04:12:32 2019 +0000 | ||
2983 | |||
2984 | upstream: don't consult dlopen whitelist for internal security key | ||
2985 | |||
2986 | provider; spotted by dtucker@ | ||
2987 | |||
2988 | OpenBSD-Commit-ID: bfe5fbd17e4ff95dd85b9212181652b54444192e | ||
2989 | |||
2990 | commit 19f8ec428db835f68c1cfd63587e9880ccd6486c | ||
2991 | Author: Damien Miller <djm@mindrot.org> | ||
2992 | Date: Fri Nov 15 15:08:28 2019 +1100 | ||
2993 | |||
2994 | upstream commit | ||
2995 | |||
2996 | revision 1.40 | ||
2997 | date: 2013/09/30 12:02:34; author: millert; state: Exp; lines: +14 -15; | ||
2998 | Use PATH_MAX, NAME_MAX and LOGIN_NAME_MAX not MAXPATHNAMELEN, | ||
2999 | MAXNAMLEN or MAXLOGNAME where possible. OK deraadt@ | ||
3000 | |||
3001 | commit bb7413db98e418d4af791244660abf6c829783f5 | ||
3002 | Author: Damien Miller <djm@mindrot.org> | ||
3003 | Date: Fri Nov 15 15:07:30 2019 +1100 | ||
3004 | |||
3005 | upstream commit | ||
3006 | |||
3007 | revision 1.39 | ||
3008 | date: 2012/01/20 07:09:42; author: tedu; state: Exp; lines: +4 -4; | ||
3009 | the glob stat limit is way too low. bump to 2048. | ||
3010 | while here, failed stats should count against the limit too. | ||
3011 | ok deraadt sthen stsp | ||
3012 | |||
3013 | commit 01362cf7cb979525c014714e2bccf799a46e772e | ||
3014 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3015 | Date: Fri Nov 15 03:41:57 2019 +0000 | ||
3016 | |||
3017 | upstream: U2F tokens may return FIDO_ERR_USER_PRESENCE_REQUIRED when | ||
3018 | |||
3019 | probed to see if they own a key handle. Handle this case so the find_device() | ||
3020 | look can work for them. Reported by Michael Forney | ||
3021 | |||
3022 | OpenBSD-Commit-ID: 2ccd5b30a6ddfe4dba228b7159bf168601bd9166 | ||
3023 | |||
3024 | commit cf62307bc9758105913dcb91b418e4968ac2244d | ||
3025 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3026 | Date: Fri Nov 15 14:01:00 2019 +1100 | ||
3027 | |||
3028 | Add libfido2 to INSTALL. | ||
3029 | |||
3030 | commit 69fbda1894349d1f420c842dfcbcc883239d1aa7 | ||
3031 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3032 | Date: Fri Nov 15 13:42:15 2019 +1100 | ||
3033 | |||
3034 | libcrypto is now optional. | ||
3035 | |||
3036 | commit 45ffa369886e37930776d7c15dd8b973242d6ecc | ||
3037 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3038 | Date: Fri Nov 15 02:38:07 2019 +0000 | ||
3039 | |||
3040 | upstream: show the "please touch your security key" notifier when | ||
3041 | |||
3042 | using the (default) build-in security key support. | ||
3043 | |||
3044 | OpenBSD-Commit-ID: 4707643aaa7124501d14e92d1364b20f312a6428 | ||
3045 | |||
3046 | commit 49dc9fa928d77807c53bdc2898db7fb515fe5eb3 | ||
3047 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3048 | Date: Fri Nov 15 02:37:24 2019 +0000 | ||
3049 | |||
3050 | upstream: close the "touch your security key" notifier on the error | ||
3051 | |||
3052 | path too | ||
3053 | |||
3054 | OpenBSD-Commit-ID: c7628bf80505c1aefbb1de7abc8bb5ee51826829 | ||
3055 | |||
3056 | commit 22a82712e89bf17c27427aeba15795fb4011a0c2 | ||
3057 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3058 | Date: Fri Nov 15 02:20:06 2019 +0000 | ||
3059 | |||
3060 | upstream: correct function name in debug message | ||
3061 | |||
3062 | OpenBSD-Commit-ID: 2482c99d2ce448f39282493050f8a01e3ffc39ab | ||
3063 | |||
3064 | commit 018e2902a65c22faded215a7c588492c948f108c | ||
3065 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3066 | Date: Fri Nov 15 00:32:40 2019 +0000 | ||
3067 | |||
3068 | upstream: follow existing askpass logic for security key notifier: | ||
3069 | |||
3070 | fall back to _PATH_SSH_ASKPASS_DEFAULT if no $SSH_ASKPASS environment | ||
3071 | variable is set. | ||
3072 | |||
3073 | OpenBSD-Commit-ID: cda753726b13fb797bf7a9f7a0b3022d9ade4520 | ||
3074 | |||
3075 | commit 575d0042a94997c1eeb86a6dcfb30b3c7bdbcba3 | ||
3076 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3077 | Date: Thu Nov 14 21:56:52 2019 +0000 | ||
3078 | |||
3079 | upstream: remove debugging goop that snuck in to last commit | ||
3080 | |||
3081 | OpenBSD-Commit-ID: 8ea4455a2d9364a0a04f9e4a2cbfa4c9fcefe77e | ||
3082 | |||
3083 | commit 63a5b24f2dbdc9a4bf2182ac3db26731ddc617e8 | ||
3084 | Author: Damien Miller <djm@mindrot.org> | ||
3085 | Date: Fri Nov 15 11:21:26 2019 +1100 | ||
3086 | |||
3087 | don't fatal if libfido2 not found | ||
3088 | |||
3089 | spotted by dtucker@ | ||
3090 | |||
3091 | commit 129952a81c00c332721b4ba3ede868c720ad7f4e | ||
3092 | Author: Damien Miller <djm@mindrot.org> | ||
3093 | Date: Fri Nov 15 11:17:12 2019 +1100 | ||
3094 | |||
3095 | correct object dependency | ||
3096 | |||
3097 | commit 6bff9521ab9a9f7396d635755c342b72373bb4f9 | ||
3098 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3099 | Date: Thu Nov 14 21:27:29 2019 +0000 | ||
3100 | |||
3101 | upstream: directly support U2F/FIDO2 security keys in OpenSSH by | ||
3102 | |||
3103 | linking against the (previously external) USB HID middleware. The dlopen() | ||
3104 | capability still exists for alternate middlewares, e.g. for Bluetooth, NFC | ||
3105 | and test/debugging. | ||
3106 | |||
3107 | OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069 | ||
3108 | |||
3109 | commit 4f5e331cb8e11face3025aa6578662dde489c3ad | ||
3110 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3111 | Date: Wed Nov 13 22:00:21 2019 +0000 | ||
3112 | |||
3113 | upstream: in order to be able to figure out the number of | ||
3114 | |||
3115 | signatures left on a shielded key, we need to transfer the number of | ||
3116 | signatures left from the private to the public key. ok djm@ | ||
3117 | |||
3118 | OpenBSD-Commit-ID: 8a5d0d260aeace47d372695fdae383ce9b962574 | ||
3119 | |||
3120 | commit dffd02e297e6c2a4e86775f293eb1b0ff01fb3df | ||
3121 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3122 | Date: Wed Nov 13 20:25:45 2019 +0000 | ||
3123 | |||
3124 | upstream: fix check for sig_s; noted by qsa at qualys.com | ||
3125 | |||
3126 | OpenBSD-Commit-ID: 34198084e4afb424a859f52c04bb2c9668a52867 | ||
3127 | |||
3128 | commit fc173aeb1526d4268db89ec5dfebaf8750dd26cd | ||
3129 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3130 | Date: Wed Nov 13 11:25:11 2019 +0000 | ||
3131 | |||
3132 | upstream: When clients get denied by MaxStartups, send a | ||
3133 | |||
3134 | noification prior to the SSH2 protocol banner according to RFC4253 section | ||
3135 | 4.2. ok djm@ deraadt@ markus@ | ||
3136 | |||
3137 | OpenBSD-Commit-ID: e5dabcb722d54dea18eafb336d50b733af4f9c63 | ||
3138 | |||
3139 | commit bf219920b70cafbf29ebc9890ef67d0efa54e738 | ||
3140 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3141 | Date: Wed Nov 13 07:53:10 2019 +0000 | ||
3142 | |||
3143 | upstream: fix shield/unshield for xmss keys: - in ssh-agent we need | ||
3144 | |||
3145 | to delay the call to shield until we have received key specific options. - | ||
3146 | when serializing xmss keys for shield we need to deal with all optional | ||
3147 | components (e.g. state might not be loaded). ok djm@ | ||
3148 | |||
3149 | OpenBSD-Commit-ID: cc2db82524b209468eb176d6b4d6b9486422f41f | ||
3150 | |||
3151 | commit 40598b85d72a509566b7b2a6d57676c7231fed34 | ||
3152 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
3153 | Date: Wed Nov 13 05:42:26 2019 +0000 | ||
3154 | |||
3155 | upstream: remove size_t gl_pathc < 0 test, it is invalid. the | ||
3156 | |||
3157 | return value from glob() is sufficient. discussed with djm | ||
3158 | |||
3159 | OpenBSD-Commit-ID: c91203322db9caaf7efaf5ae90c794a91070be3c | ||
3160 | |||
3161 | commit 72687c8e7c38736e3e64e833ee7aa8f9cd9efed1 | ||
3162 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
3163 | Date: Wed Nov 13 04:47:52 2019 +0000 | ||
3164 | |||
3165 | upstream: stdarg.h required more broadly; ok djm | ||
3166 | |||
3167 | OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513 | ||
3168 | |||
3169 | commit 1e0b248d47c96be944868a735553af8482300a07 | ||
3170 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3171 | Date: Thu Nov 14 16:08:17 2019 +1100 | ||
3172 | |||
3173 | Put sshsk_sign call inside ifdef ENABLE_SK. | ||
3174 | |||
3175 | Fixes build against OpenSSL configured without ECC. | ||
3176 | |||
3177 | commit 546274a6f89489d2e6be8a8b62f2bb63c87a61fd | ||
3178 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3179 | Date: Wed Nov 13 23:27:31 2019 +1100 | ||
3180 | |||
3181 | Remove duplicate __NR_clock_nanosleep | ||
3182 | |||
3183 | commit b1c82f4b8adf3f42476d8a1f292df33fb7aa1a56 | ||
3184 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3185 | Date: Wed Nov 13 23:19:35 2019 +1100 | ||
3186 | |||
3187 | seccomp: Allow clock_nanosleep() in sandbox. | ||
3188 | |||
3189 | seccomp: Allow clock_nanosleep() to make OpenSSH working with latest | ||
3190 | glibc. Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093. | ||
3191 | |||
3192 | commit 2b523d23804c13cb68db135b919fcf312c42b580 | ||
3193 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3194 | Date: Wed Nov 13 11:56:56 2019 +1100 | ||
3195 | |||
3196 | Include stdarg.h for va_list in xmalloc.h. | ||
3197 | |||
3198 | commit 245dcbdca5374296bdb9c48be6e24bdf6b1c0af7 | ||
3199 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3200 | Date: Wed Nov 13 11:19:26 2019 +1100 | ||
3201 | |||
3202 | Put headers inside ifdef _AIX. | ||
3203 | |||
3204 | Prevents compile errors due to missing definitions (eg va_list) on | ||
3205 | non-AIX platforms. | ||
3206 | |||
3207 | commit a4cc579c6ad2b2e54bdd6cc0d5e12c2288113a56 | ||
3208 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3209 | Date: Wed Nov 13 10:41:41 2019 +1100 | ||
3210 | |||
3211 | Fix comment in match_usergroup_pattern_list. | ||
3212 | |||
3213 | Spotted by balu.gajjala@gmail.com via bz#3092. | ||
3214 | |||
3215 | commit fccff339cab5aa66f2554e0188b83f980683490b | ||
3216 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3217 | Date: Tue Nov 12 22:38:19 2019 +0000 | ||
3218 | |||
3219 | upstream: allow an empty attestation certificate returned by a | ||
3220 | |||
3221 | security key enrollment - these are possible for tokens that only offer self- | ||
3222 | attestation. This also needs support from the middleware. | ||
3223 | |||
3224 | ok markus@ | ||
3225 | |||
3226 | OpenBSD-Commit-ID: 135eeeb937088ef6830a25ca0bbe678dfd2c57cc | ||
3227 | |||
3228 | commit e44bb61824e36d0d181a08489c16c378c486a974 | ||
3229 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3230 | Date: Tue Nov 12 22:36:44 2019 +0000 | ||
3231 | |||
3232 | upstream: security keys typically need to be tapped/touched in | ||
3233 | |||
3234 | order to perform a signature operation. Notify the user when this is expected | ||
3235 | via the TTY (if available) or $SSH_ASKPASS if we can. | ||
3236 | |||
3237 | ok markus@ | ||
3238 | |||
3239 | OpenBSD-Commit-ID: 0ef90a99a85d4a2a07217a58efb4df8444818609 | ||
3240 | |||
3241 | commit 4671211068441519011ac0e38c588317f4157ba1 | ||
3242 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3243 | Date: Tue Nov 12 22:35:02 2019 +0000 | ||
3244 | |||
3245 | upstream: pass SSH_ASKPASS_PROMPT hint to y/n key confirm too | ||
3246 | |||
3247 | OpenBSD-Commit-ID: 08d46712e5e5f1bad0aea68e7717b7bec1ab8959 | ||
3248 | |||
3249 | commit 5d1c1590d736694f41b03e686045f08fcae20d62 | ||
3250 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3251 | Date: Tue Nov 12 22:34:20 2019 +0000 | ||
3252 | |||
3253 | upstream: dd API for performing one-shot notifications via tty or | ||
3254 | |||
3255 | SSH_ASKPASS | ||
3256 | |||
3257 | OpenBSD-Commit-ID: 9484aea33aff5b62ce3642bf259546c7639f23f3 | ||
3258 | |||
3259 | commit 166927fd410823eec8a7b2472463db51e0e6fef5 | ||
3260 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3261 | Date: Tue Nov 12 22:32:48 2019 +0000 | ||
3262 | |||
3263 | upstream: add xvasprintf() | ||
3264 | |||
3265 | OpenBSD-Commit-ID: e5e3671c05c121993b034db935bce1a7aa372247 | ||
3266 | |||
3267 | commit 782093ec6cf64cc6c4078410093359869ea9329f | ||
3268 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3269 | Date: Wed Nov 13 09:08:55 2019 +1100 | ||
3270 | |||
3271 | Remove leftover if statement from sync. | ||
3272 | |||
3273 | commit b556cc3cbf0c43f073bb41bba4e92ca709a1ec13 | ||
3274 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3275 | Date: Tue Nov 12 19:34:40 2019 +0000 | ||
3276 | |||
3277 | upstream: remove extra layer for ed25519 signature; ok djm@ | ||
3278 | |||
3279 | OpenBSD-Commit-ID: 7672d9d0278b4bf656a12d3aab0c0bfe92a8ae47 | ||
3280 | |||
3281 | commit 3fcf69ace19e75cf9dcd7206f396adfcb29611a8 | ||
3282 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3283 | Date: Tue Nov 12 19:34:00 2019 +0000 | ||
3284 | |||
3285 | upstream: check sig_r and sig_s for ssh-sk keys; ok djm | ||
3286 | |||
3287 | OpenBSD-Commit-ID: 1a1e6a85b5f465d447a3800f739e35c5b74e0abc | ||
3288 | |||
3289 | commit 2c55744a56de0ffc81fe445a1e7fc5cd308712b3 | ||
3290 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3291 | Date: Tue Nov 12 19:33:08 2019 +0000 | ||
3292 | |||
3293 | upstream: enable ed25519 support; ok djm | ||
3294 | |||
3295 | OpenBSD-Commit-ID: 1a399c5b3ef15bd8efb916110cf5a9e0b554ab7e | ||
3296 | |||
3297 | commit fd1a3b5e38721b1d69aae2d9de1a1d9155dfa5c7 | ||
3298 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3299 | Date: Tue Nov 12 19:32:30 2019 +0000 | ||
3300 | |||
3301 | upstream: update sk-api to version 2 for ed25519 support; ok djm | ||
3302 | |||
3303 | OpenBSD-Commit-ID: 77aa4d5b6ab17987d8a600907b49573940a0044a | ||
3304 | |||
3305 | commit 7c32b51edbed5bd57870249c0a45dffd06be0002 | ||
3306 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3307 | Date: Tue Nov 12 19:31:45 2019 +0000 | ||
3308 | |||
3309 | upstream: implement sshsk_ed25519_assemble(); ok djm | ||
3310 | |||
3311 | OpenBSD-Commit-ID: af9ec838b9bc643786310b5caefc4ca4754e68c6 | ||
3312 | |||
3313 | commit fe05a36dc0ea884c8c2395d53d804fe4f4202b26 | ||
3314 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3315 | Date: Tue Nov 12 19:31:18 2019 +0000 | ||
3316 | |||
3317 | upstream: implement sshsk_ed25519_inner_sig(); ok djm | ||
3318 | |||
3319 | OpenBSD-Commit-ID: f422d0052c6d948fe0e4b04bc961f37fdffa0910 | ||
3320 | |||
3321 | commit e03a29e6554cd0c9cdbac0dae53dd79e6eb4ea47 | ||
3322 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3323 | Date: Tue Nov 12 19:30:50 2019 +0000 | ||
3324 | |||
3325 | upstream: rename sshsk_ecdsa_sign() to sshsk_sign(); ok djm | ||
3326 | |||
3327 | OpenBSD-Commit-ID: 1524042e09d81e54c4470d7bfcc0194c5b46fe19 | ||
3328 | |||
3329 | commit bc7b5d6187de625c086b5f639b25bbad17bbabfc | ||
3330 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3331 | Date: Tue Nov 12 19:30:21 2019 +0000 | ||
3332 | |||
3333 | upstream: factor out sshsk_ecdsa_inner_sig(); ok djm@ | ||
3334 | |||
3335 | OpenBSD-Commit-ID: 07e41997b542f670a15d7e2807143fe01efef584 | ||
3336 | |||
3337 | commit cef84a062db8cfeece26f067235dc440f6992c17 | ||
3338 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3339 | Date: Tue Nov 12 19:29:54 2019 +0000 | ||
3340 | |||
3341 | upstream: factor out sshsk_ecdsa_assemble(); ok djm@ | ||
3342 | |||
3343 | OpenBSD-Commit-ID: 2313761a3a84ccfe032874d638d3c363e0f14026 | ||
3344 | |||
3345 | commit 7c096c456f33f3d2682736d4735cc10e790276e9 | ||
3346 | Author: markus@openbsd.org <markus@openbsd.org> | ||
3347 | Date: Tue Nov 12 19:29:24 2019 +0000 | ||
3348 | |||
3349 | upstream: implement ssh-ed25519-sk verification; ok djm@ | ||
3350 | |||
3351 | OpenBSD-Commit-ID: 37906d93948a1e3d237c20e713d6ca8fbf7d13f6 | ||
3352 | |||
3353 | commit ba5fb02bed1e556d0ce7b1740ae8a5f87b737491 | ||
3354 | Author: Damien Miller <djm@mindrot.org> | ||
3355 | Date: Wed Nov 13 08:48:30 2019 +1100 | ||
3356 | |||
3357 | ignore ssh-sk-helper | ||
3358 | |||
3359 | commit 78c96498947f711141f493a40d202c482cc59438 | ||
3360 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
3361 | Date: Mon Nov 11 19:53:37 2019 +0000 | ||
3362 | |||
3363 | upstream: skip demanding -fstack-protector-all on hppa. we never | ||
3364 | |||
3365 | wrote a stack protector for reverse-stack architectures, and i don't think | ||
3366 | anyone else did either. a warning per compiled file is just annoying. | ||
3367 | |||
3368 | OpenBSD-Commit-ID: 14806a59353152f843eb349e618abbf6f4dd3ada | ||
3369 | |||
3370 | commit aa1c9e37789f999979fe59df74ce5c8424861ac8 | ||
3371 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3372 | Date: Fri Nov 8 03:54:02 2019 +0000 | ||
3373 | |||
3374 | upstream: duplicate 'x' character in getopt(3) optstring | ||
3375 | |||
3376 | OpenBSD-Commit-ID: 64c81caa0cb5798de3621eca16b7dd22e5d0d8a7 | ||
3377 | |||
3378 | commit aa4c640dc362816d63584a16e786d5e314e24390 | ||
3379 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
3380 | Date: Thu Nov 7 08:38:38 2019 +0000 | ||
3381 | |||
3382 | upstream: Fill in missing man page bits for U2F security key support: | ||
3383 | |||
3384 | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's | ||
3385 | SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, | ||
3386 | and ssh-keygen's new -w and -x options. | ||
3387 | |||
3388 | Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal | ||
3389 | substitutions. | ||
3390 | |||
3391 | ok djm@ | ||
3392 | |||
3393 | OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4 | ||
3394 | |||
3395 | commit b236b27d6dada7f0542214003632b4e9b7aa1380 | ||
3396 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3397 | Date: Sun Nov 3 00:10:43 2019 +1100 | ||
3398 | |||
3399 | Put sftp-realpath in libssh.a | ||
3400 | |||
3401 | and remove it from the specific binary targets. | ||
3402 | |||
3403 | commit 382c18c20cdcec45b5d21ff25b4a5e0df91a68c4 | ||
3404 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3405 | Date: Sun Nov 3 00:09:21 2019 +1100 | ||
3406 | |||
3407 | statfs might be defined in sys/mount.h. | ||
3408 | |||
3409 | eg on old NetBSDs. | ||
3410 | |||
3411 | commit 03ffc0951c305c8e3b5fdc260d65312a57f8f7ea | ||
3412 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3413 | Date: Sat Nov 2 23:25:01 2019 +1100 | ||
3414 | |||
3415 | Put stdint.h inside ifdef HAVE_STDINT_H. | ||
3416 | |||
3417 | commit 19cb64c4b42d4312ce12091fd9436dbd6898998c | ||
3418 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3419 | Date: Sat Nov 2 22:45:44 2019 +1100 | ||
3420 | |||
3421 | Rebuild .depend. | ||
3422 | |||
3423 | commit 3611bfe89b92ada5914526d8ff0919aeb967cfa7 | ||
3424 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3425 | Date: Sat Nov 2 22:42:05 2019 +1100 | ||
3426 | |||
3427 | Define __BSD_VISIBLE in fnmatch.h. | ||
3428 | |||
3429 | .. since we use symbols defined only when it is when using the compat | ||
3430 | fnmatch. | ||
3431 | |||
3432 | commit f5cc5816aaddb8eca3cba193f53e99d6a0b37d05 | ||
3433 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3434 | Date: Sat Nov 2 16:39:38 2019 +1100 | ||
3435 | |||
3436 | Only enable U2F if OpenSSL supports ECC. | ||
3437 | |||
3438 | This requires moving the U2F bits to below the OpenSSL parts so we have | ||
3439 | the required information. ok djm@ | ||
3440 | |||
3441 | commit ad38406fc95fa223b0ef2edf8ff50508f8ab1cb6 | ||
3442 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
3443 | Date: Fri Nov 1 12:10:43 2019 +0000 | ||
3444 | |||
3445 | upstream: fix miscellaneous text problems; ok djm@ | ||
3446 | |||
3447 | OpenBSD-Commit-ID: 0cbf411a14d8fa0b269b69cbb1b4fc0ca699fe9f | ||
3448 | |||
3449 | commit 9cac151c2dc76b8e5b727b2fa216f572e372170f | ||
3450 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3451 | Date: Fri Nov 1 18:26:07 2019 +1100 | ||
3452 | |||
3453 | Add flags needed to build and work on Ultrix. | ||
3454 | |||
3455 | commit 0e3c5bc50907d2058407641b5a3581b7eda91b7e | ||
3456 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3457 | Date: Fri Nov 1 18:24:29 2019 +1100 | ||
3458 | |||
3459 | Hook up fnmatch for platforms that don't have it. | ||
3460 | |||
3461 | commit b56dbfd9d967e5b6ce7be9f81f206112e19e1030 | ||
3462 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3463 | Date: Fri Nov 1 18:17:42 2019 +1100 | ||
3464 | |||
3465 | Add missing bracket in realpath macro. | ||
3466 | |||
3467 | commit 59ccb56f15e5e530e7c1b5a0b361749d8c6217d5 | ||
3468 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3469 | Date: Fri Nov 1 17:32:47 2019 +1100 | ||
3470 | |||
3471 | Import fnmatch.c from OpenBSD. | ||
3472 | |||
3473 | commit 79d46de9fbea0f3c0e8ae7cf84effaba089071b0 | ||
3474 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3475 | Date: Fri Nov 1 15:22:32 2019 +1100 | ||
3476 | |||
3477 | Use sftp_realpath if no native realpath. | ||
3478 | |||
3479 | commit bb4f003ed8c5f61ec74a66bcedc8ab19bf5b35c4 | ||
3480 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3481 | Date: Fri Nov 1 15:06:16 2019 +1100 | ||
3482 | |||
3483 | Configure flags for haiku from haikuports. | ||
3484 | |||
3485 | Should build with the default flags with ./configure | ||
3486 | |||
3487 | commit 4332b4fe49360679647a8705bc08f4e81323f6b4 | ||
3488 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3489 | Date: Fri Nov 1 03:54:33 2019 +0000 | ||
3490 | |||
3491 | upstream: fix a race condition in the SIGCHILD handler that could turn | ||
3492 | |||
3493 | in to a kill(-1); bz3084, reported by Gao Rui, ok dtucker@ | ||
3494 | |||
3495 | OpenBSD-Commit-ID: ac2742e04a69d4c34223505b6a32f6d686e18896 | ||
3496 | |||
3497 | commit 03f9205f0fb49ea2507eacc143737a8511ae5a4e | ||
3498 | Author: Damien Miller <djm@mindrot.org> | ||
3499 | Date: Fri Nov 1 14:49:25 2019 +1100 | ||
3500 | |||
3501 | conditionalise SK sign/verify on ENABLE_SK | ||
3502 | |||
3503 | Spotted by Darren and his faux-Vax | ||
3504 | |||
3505 | commit 5eb7b9563ff818e17de24231bf2d347d9db302c5 | ||
3506 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3507 | Date: Fri Nov 1 14:41:07 2019 +1100 | ||
3508 | |||
3509 | Add prototype for localtime_r if needed. | ||
3510 | |||
3511 | commit d500b59a825f6a58f2abf7b04eb1992d81e45d58 | ||
3512 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3513 | Date: Fri Nov 1 13:42:12 2019 +1100 | ||
3514 | |||
3515 | Check if IP_TOS is defined before using. | ||
3516 | |||
3517 | commit 764d51e04460ec0da12e05e4777bc90c116accb9 | ||
3518 | Author: Damien Miller <djm@mindrot.org> | ||
3519 | Date: Fri Nov 1 13:34:49 2019 +1100 | ||
3520 | |||
3521 | autoconf pieces for U2F support | ||
3522 | |||
3523 | Mostly following existing logic for PKCS#11 - turning off support | ||
3524 | when either libcrypto or dlopen(3) are unavailable. | ||
3525 | |||
3526 | commit 45f17a159acfc5a8e450bfbcc2cffe72950ed7a3 | ||
3527 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3528 | Date: Fri Nov 1 02:32:05 2019 +0000 | ||
3529 | |||
3530 | upstream: remove duplicate PUBKEY_DEFAULT_PK_ALG on !WITH_OPENSSL path | ||
3531 | |||
3532 | OpenBSD-Commit-ID: 95a7cafad2a4665d57cabacc28031fabc0bea9fc | ||
3533 | |||
3534 | commit db8d13f7925da7337df87248995c533e111637ec | ||
3535 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3536 | Date: Fri Nov 1 02:06:52 2019 +0000 | ||
3537 | |||
3538 | upstream: more additional source files | ||
3539 | |||
3540 | OpenBSD-Regress-ID: 8eaa25fb901594aee23b76eda99dca5b8db94c6f | ||
3541 | |||
3542 | commit f89c5df65dd307739ff22319c2cf847d3b0c5ab4 | ||
3543 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3544 | Date: Fri Nov 1 02:04:25 2019 +0000 | ||
3545 | |||
3546 | upstream: additional source files here too | ||
3547 | |||
3548 | OpenBSD-Regress-ID: 8809f8e1c8f7459e7096ab6b58d8e56cb2f483fd | ||
3549 | |||
3550 | commit 02275afa1ecbfbd39f27d34c97090e76bec232ec | ||
3551 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3552 | Date: Fri Nov 1 02:03:27 2019 +0000 | ||
3553 | |||
3554 | upstream: additional source files here too | ||
3555 | |||
3556 | OpenBSD-Regress-ID: 09297e484327f911fd353489518cceaa0c1b95ce | ||
3557 | |||
3558 | commit dfc8f01b9886c7999e6e20acf3f7492cb8c80796 | ||
3559 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3560 | Date: Fri Nov 1 01:57:59 2019 +0000 | ||
3561 | |||
3562 | upstream: adapt to extra sshkey_sign() argument and additional | ||
3563 | |||
3564 | dependencies | ||
3565 | |||
3566 | OpenBSD-Regress-ID: 7a25604968486c4d6f81d06e8fbc7d17519de50e | ||
3567 | |||
3568 | commit afa59e26eeb44a93f36f043f60b936eaddae77c4 | ||
3569 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3570 | Date: Fri Nov 1 01:55:41 2019 +0000 | ||
3571 | |||
3572 | upstream: skip security-key key types for tests until we have a | ||
3573 | |||
3574 | dummy U2F middleware to use. | ||
3575 | |||
3576 | OpenBSD-Regress-ID: 37200462b44334a4ad45e6a1f7ad1bd717521a95 | ||
3577 | |||
3578 | commit de871e4daf346a712c78fa4ab8f18b231a47cb85 | ||
3579 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3580 | Date: Fri Nov 1 00:52:35 2019 +0000 | ||
3581 | |||
3582 | upstream: sort; | ||
3583 | |||
3584 | OpenBSD-Commit-ID: 8264b0be01ec5a60602bd50fd49cc3c81162ea16 | ||
3585 | |||
3586 | commit 2aae149a34b1b5dfbef423d3b7999a96818969bb | ||
3587 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3588 | Date: Thu Oct 31 21:37:33 2019 +0000 | ||
3589 | |||
3590 | upstream: undo debugging bits that shouldn't have been committed | ||
3591 | |||
3592 | OpenBSD-Commit-ID: 4bd5551b306df55379afe17d841207990eb773bf | ||
3593 | |||
3594 | commit 3420e0464bd0e8fedcfa5fd20ad37bdc740ad5b4 | ||
3595 | Author: Damien Miller <djm@mindrot.org> | ||
3596 | Date: Fri Nov 1 09:24:58 2019 +1100 | ||
3597 | |||
3598 | depend | ||
3599 | |||
3600 | commit b923a90abc7bccb11a513dc8b5c0f13a0ea9682c | ||
3601 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3602 | Date: Thu Oct 31 21:28:27 2019 +0000 | ||
3603 | |||
3604 | upstream: fix -Wshadow warning | ||
3605 | |||
3606 | OpenBSD-Commit-ID: 3441eb04f872a00c2483c11a5f1570dfe775103c | ||
3607 | |||
3608 | commit 9a14c64c38fc14d0029f1c7bc70cf62cc7f0fdf9 | ||
3609 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3610 | Date: Thu Oct 31 21:23:19 2019 +0000 | ||
3611 | |||
3612 | upstream: Refactor signing - use sshkey_sign for everything, | ||
3613 | |||
3614 | including the new U2F signatures. | ||
3615 | |||
3616 | Don't use sshsk_ecdsa_sign() directly, instead make it reachable via | ||
3617 | sshkey_sign() like all other signature operations. This means that | ||
3618 | we need to add a provider argument to sshkey_sign(), so most of this | ||
3619 | change is mechanically adding that. | ||
3620 | |||
3621 | Suggested by / ok markus@ | ||
3622 | |||
3623 | OpenBSD-Commit-ID: d5193a03fcfa895085d91b2b83d984a9fde76c8c | ||
3624 | |||
3625 | commit 07da39f71d36fb547749a5b16aa8892e621a7e4a | ||
3626 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3627 | Date: Thu Oct 31 21:22:01 2019 +0000 | ||
3628 | |||
3629 | upstream: ssh-agent support for U2F/FIDO keys | ||
3630 | |||
3631 | feedback & ok markus@ | ||
3632 | |||
3633 | OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb | ||
3634 | |||
3635 | commit eebec620c9519c4839d781c4d5b6082152998f82 | ||
3636 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3637 | Date: Thu Oct 31 21:20:38 2019 +0000 | ||
3638 | |||
3639 | upstream: ssh AddKeysToAgent support for U2F/FIDO keys | ||
3640 | |||
3641 | feedback & ok markus@ | ||
3642 | |||
3643 | OpenBSD-Commit-ID: ac08e45c7f995fa71f8d661b3f582e38cc0a2f91 | ||
3644 | |||
3645 | commit 486164d060314a7f8bca2a00f53be9e900c5e74d | ||
3646 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3647 | Date: Thu Oct 31 21:19:56 2019 +0000 | ||
3648 | |||
3649 | upstream: ssh-add support for U2F/FIDO keys | ||
3650 | |||
3651 | OpenBSD-Commit-ID: 7f88a5181c982687afedf3130c6ab2bba60f7644 | ||
3652 | |||
3653 | commit b9dd14d3091e31fb836f69873d3aa622eb7b4a1c | ||
3654 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3655 | Date: Thu Oct 31 21:19:14 2019 +0000 | ||
3656 | |||
3657 | upstream: add new agent key constraint for U2F/FIDO provider | ||
3658 | |||
3659 | feedback & ok markus@ | ||
3660 | |||
3661 | OpenBSD-Commit-ID: d880c380170704280b4003860a1744d286c7a172 | ||
3662 | |||
3663 | commit 884416bdb10468f1252e4d7c13d51b43dccba7f6 | ||
3664 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3665 | Date: Thu Oct 31 21:18:28 2019 +0000 | ||
3666 | |||
3667 | upstream: ssh client support for U2F/FIDO keys | ||
3668 | |||
3669 | OpenBSD-Commit-ID: eb2cfa6cf7419a1895e06e398ea6d41516c5b0bc | ||
3670 | |||
3671 | commit 01a0670f69c5b86e471e033b92145d6c7cc77c58 | ||
3672 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3673 | Date: Thu Oct 31 21:17:49 2019 +0000 | ||
3674 | |||
3675 | upstream: Separate myproposal.h userauth pubkey types | ||
3676 | |||
3677 | U2F/FIDO keys are not supported for host authentication, so we need | ||
3678 | a separate list for user keys. | ||
3679 | |||
3680 | feedback & ok markus@ | ||
3681 | |||
3682 | OpenBSD-Commit-ID: 7fe2e6ab85f9f2338866e5af8ca2d312abbf0429 | ||
3683 | |||
3684 | commit 23f38c2d8cda3fad24e214e1f0133c42435b54ee | ||
3685 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3686 | Date: Thu Oct 31 21:17:09 2019 +0000 | ||
3687 | |||
3688 | upstream: ssh-keygen support for generating U2F/FIDO keys | ||
3689 | |||
3690 | OpenBSD-Commit-ID: 6ce04f2b497ac9dd8c327f76f1e6c724fb1d1b37 | ||
3691 | |||
3692 | commit ed3467c1e16b7396ff7fcf12d2769261512935ec | ||
3693 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3694 | Date: Thu Oct 31 21:16:20 2019 +0000 | ||
3695 | |||
3696 | upstream: U2F/FIDO middleware interface | ||
3697 | |||
3698 | Supports enrolling (generating) keys and signatures. | ||
3699 | |||
3700 | feedback & ok markus@ | ||
3701 | |||
3702 | OpenBSD-Commit-ID: 73d1dd5939454f9c7bd840f48236cba41e8ad592 | ||
3703 | |||
3704 | commit 02bb0768a937e50bbb236efc2bbdddb1991b1c85 | ||
3705 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3706 | Date: Thu Oct 31 21:15:14 2019 +0000 | ||
3707 | |||
3708 | upstream: Initial infrastructure for U2F/FIDO support | ||
3709 | |||
3710 | Key library support: including allocation, marshalling public/private | ||
3711 | keys and certificates, signature validation. | ||
3712 | |||
3713 | feedback & ok markus@ | ||
3714 | |||
3715 | OpenBSD-Commit-ID: a17615ba15e0f7932ac4360cb18fc9a9544e68c7 | ||
3716 | |||
3717 | commit 57ecc10628b04c384cbba2fbc87d38b74cd1199d | ||
3718 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3719 | Date: Thu Oct 31 21:14:17 2019 +0000 | ||
3720 | |||
3721 | upstream: Protocol documentation for U2F/FIDO keys in OpenSSH | ||
3722 | |||
3723 | OpenBSD-Commit-ID: 8f3247317c2909870593aeb306dff848bc427915 | ||
3724 | |||
3725 | commit f4fdcd2b7a2bbf5d8770d44565173ca5158d4dcb | ||
3726 | Author: Damien Miller <djm@mindrot.org> | ||
3727 | Date: Fri Nov 1 08:36:16 2019 +1100 | ||
3728 | |||
3729 | Missing unit test files | ||
3730 | |||
3731 | commit 1bcd1169c5221688418fa38606e9c69055b72451 | ||
3732 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3733 | Date: Tue Oct 29 19:45:03 2019 +1100 | ||
3734 | |||
3735 | Add implementation of localtime_r. | ||
3736 | |||
3737 | commit 2046ed16c1202431b0307674c33a123a113e8297 | ||
3738 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3739 | Date: Tue Oct 29 07:47:27 2019 +0000 | ||
3740 | |||
3741 | upstream: Signal handler cleanup: remove leftover support for | ||
3742 | |||
3743 | unreliable signals and now-unneeded save and restore of errno. ok deraadt@ | ||
3744 | markus@ | ||
3745 | |||
3746 | OpenBSD-Commit-ID: 01dd8a1ebdd991c8629ba1f5237283341a93cd88 | ||
3747 | |||
3748 | commit 70fc9a6ca4dd33cb2dd400a4dad5db9683a3d284 | ||
3749 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
3750 | Date: Tue Oct 22 08:50:35 2019 +0000 | ||
3751 | |||
3752 | upstream: fixes from lucas; | ||
3753 | |||
3754 | OpenBSD-Commit-ID: 4c4bfd2806c5bbc753788ffe19c5ee13aaf418b2 | ||
3755 | |||
3756 | commit 702368aa4381c3b482368257ac574a87b5a80938 | ||
3757 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
3758 | Date: Tue Oct 22 07:06:35 2019 +0000 | ||
3759 | |||
3760 | upstream: Import regenerated moduli file. | ||
3761 | |||
3762 | OpenBSD-Commit-ID: 58ec755be4e51978ecfee73539090eb68652a987 | ||
3763 | |||
3764 | commit 5fe81da22652f8caa63e9e3a1af519a85d36337e | ||
3765 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3766 | Date: Mon Oct 28 21:19:47 2019 +1100 | ||
3767 | |||
3768 | Fix ifdefs to not mask needed bits. | ||
3769 | |||
3770 | commit 7694e9d2fb5785bbdd0920dce7a160bd79feaf00 | ||
3771 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3772 | Date: Mon Oct 28 17:05:36 2019 +1100 | ||
3773 | |||
3774 | Only use RLIMIT_NOFILE if it's defined. | ||
3775 | |||
3776 | commit d561b0b2fa2531b4cc3bc70a7d657c6485c9fd0b | ||
3777 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3778 | Date: Mon Oct 28 16:09:04 2019 +1100 | ||
3779 | |||
3780 | Make sure we have struct statfs before using. | ||
3781 | |||
3782 | commit 2912596aecfcf48e5115c7a906d1e664f7717a4b | ||
3783 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3784 | Date: Mon Oct 28 16:06:59 2019 +1100 | ||
3785 | |||
3786 | Define UINT32_MAX if needed. | ||
3787 | |||
3788 | commit 7169e31121e8c8cc729b55154deb722ae495b316 | ||
3789 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3790 | Date: Mon Oct 28 16:00:45 2019 +1100 | ||
3791 | |||
3792 | Move utimensat definition into timespec section. | ||
3793 | |||
3794 | Since utimensat uses struct timespec, move it to the section where we | ||
3795 | define struct timespec when needed. | ||
3796 | |||
3797 | commit 850ec1773d656cbff44d78a79e369dc262ce5853 | ||
3798 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3799 | Date: Mon Oct 28 15:57:22 2019 +1100 | ||
3800 | |||
3801 | Wrap OpenSSL bits in WITH_OPENSSL. | ||
3802 | |||
3803 | commit 6fc7e1c6fec3ba589869ae98e968c0e5e2e4695b | ||
3804 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3805 | Date: Mon Oct 28 15:53:25 2019 +1100 | ||
3806 | |||
3807 | Wrap poll.h includes in HAVE_POLL_H. | ||
3808 | |||
3809 | commit 9239a18f96905cc1a353e861e33af093652f24e7 | ||
3810 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3811 | Date: Thu Oct 24 14:39:49 2019 +1100 | ||
3812 | |||
3813 | Add a function call stackprotector tests. | ||
3814 | |||
3815 | Including a function call in the test programs for the gcc stack | ||
3816 | protector flag tests exercises more of the compiler and makes it more | ||
3817 | likely it'll detect problems. | ||
3818 | |||
3819 | commit b9705393be4612fd5e29d0cd8e7cf2b66ed19eb7 | ||
3820 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3821 | Date: Tue Oct 22 18:09:22 2019 +1100 | ||
3822 | |||
3823 | Import regenerated moduli file. | ||
3824 | |||
3825 | commit 76ed2199491397e0f9902ade80d5271e4a9b2630 | ||
3826 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3827 | Date: Wed Oct 16 06:05:39 2019 +0000 | ||
3828 | |||
3829 | upstream: potential NULL dereference for revoked hostkeys; reported | ||
3830 | |||
3831 | by krishnaiah bommu | ||
3832 | |||
3833 | OpenBSD-Commit-ID: 35ff685e7cc9dd2e3fe2e3dfcdcb9bc5c79f6506 | ||
3834 | |||
3835 | commit 6500c3bc71bf4fe14972c1177e6b93f1164d07a4 | ||
3836 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3837 | Date: Wed Oct 16 06:03:30 2019 +0000 | ||
3838 | |||
3839 | upstream: free buf before return; reported by krishnaiah bommu | ||
3840 | |||
3841 | OpenBSD-Commit-ID: 091bb23a6e913af5d4f72c50030b53ce1cef4de1 | ||
3842 | |||
3843 | commit d7d116b6d9e6cb79cc235e9801caa683d3db3181 | ||
3844 | Author: djm@openbsd.org <djm@openbsd.org> | ||
3845 | Date: Mon Oct 14 06:00:02 2019 +0000 | ||
3846 | |||
3847 | upstream: memleak in error path; spotted by oss-fuzz, ok markus@ | ||
3848 | |||
3849 | OpenBSD-Commit-ID: d6ed260cbbc297ab157ad63931802fb1ef7a4266 | ||
3850 | |||
3851 | commit 9b9e3ca6945351eefb821ff783a4a8e6d9b98b9a | ||
3852 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3853 | Date: Fri Oct 11 14:12:16 2019 +1100 | ||
3854 | |||
3855 | Re-add SA_RESTART to mysignal. | ||
3856 | |||
3857 | This makes mysignal implement reliable BSD semantics according to | ||
3858 | Stevens' APUE. This was first attempted in 2001 but was reverted | ||
3859 | due to problems with HP-UX 10.20 and select() and possibly grantpt(). | ||
3860 | Modern systems should be fine with it, but if any current platforms have | ||
3861 | a problem with it now we can disable it just for those. ok djm@ | ||
3862 | |||
3863 | commit 0bd312a362168c1eae3cd6b3889395a78e6fd0f8 | ||
3864 | Author: Darren Tucker <dtucker@dtucker.net> | ||
3865 | Date: Thu Oct 10 09:42:03 2019 +1100 | ||
3866 | |||
3867 | Fix ifdef typo for declaration of memmem. | ||
3868 | |||
3869 | Fixes build on IRIX. bz#3081. | ||
3870 | |||
3871 | commit 01ce1cd402d5eecde2bba35b67e08f5b266b37fd | ||
3872 | Author: Abhishek Arya <inferno@chromium.org> | ||
3873 | Date: Tue Oct 8 20:19:18 2019 -0700 | ||
3874 | |||
3875 | Update README.md | ||
3876 | |||
3877 | commit 1ba130ac8fb2884307f658126f04578f8aef409e | ||
3878 | Author: Damien Miller <djm@mindrot.org> | ||
3879 | Date: Wed Oct 9 13:49:35 2019 +1100 | ||
3880 | |||
3881 | add a fuzzer for private key parsing | ||
3882 | |||
1 | commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c | 3883 | commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c |
2 | Author: Damien Miller <djm@mindrot.org> | 3884 | Author: Damien Miller <djm@mindrot.org> |
3 | Date: Wed Oct 9 11:31:03 2019 +1100 | 3885 | Date: Wed Oct 9 11:31:03 2019 +1100 |
@@ -8779,1692 +12661,3 @@ Date: Tue Feb 13 09:10:46 2018 +1100 | |||
8779 | code that is synced with upstream and is an ongoing maintenance burden. | 12661 | code that is synced with upstream and is an ongoing maintenance burden. |
8780 | Both the hardware and software are literal museum pieces these days and | 12662 | Both the hardware and software are literal museum pieces these days and |
8781 | we could not find anyone still running OpenSSH on one. | 12663 | we could not find anyone still running OpenSSH on one. |
8782 | |||
8783 | commit 174bed686968494723e6db881208cc4dac0d020f | ||
8784 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8785 | Date: Tue Feb 13 18:12:47 2018 +1100 | ||
8786 | |||
8787 | Retpoline linker flag only needed for linking. | ||
8788 | |||
8789 | commit 075e258c2cc41e1d7f3ea2d292c5342091728d40 | ||
8790 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8791 | Date: Tue Feb 13 17:36:43 2018 +1100 | ||
8792 | |||
8793 | Default PidFile is sshd.pid not ssh.pid. | ||
8794 | |||
8795 | commit 49f3c0ec47730ea264e2bd1e6ece11167d6384df | ||
8796 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8797 | Date: Tue Feb 13 16:27:09 2018 +1100 | ||
8798 | |||
8799 | Remove assigned-to-but-never-used variable. | ||
8800 | |||
8801 | 'p' was removed in previous change but I neglected to remove the | ||
8802 | otherwise-unused assignment to it. | ||
8803 | |||
8804 | commit b8bbff3b3fc823bf80c5ab226c94f13cb887d5b1 | ||
8805 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8806 | Date: Tue Feb 13 03:36:56 2018 +0000 | ||
8807 | |||
8808 | upstream: remove space before tab | ||
8809 | |||
8810 | OpenBSD-Commit-ID: 674edd214d0a7332dd4623c9cf8117301b012890 | ||
8811 | |||
8812 | commit 05046d907c211cb9b4cd21b8eff9e7a46cd6c5ab | ||
8813 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
8814 | Date: Sun Feb 11 21:16:56 2018 +0000 | ||
8815 | |||
8816 | upstream Don't reset signal handlers inside handlers. | ||
8817 | |||
8818 | The signal handlers from the original ssh1 code on which OpenSSH | ||
8819 | is based assume unreliable signals and reinstall their handlers. | ||
8820 | Since OpenBSD (and pretty much every current system) has reliable | ||
8821 | signals this is not needed. In the unlikely even that -portable | ||
8822 | is still being used on such systems we will deal with it in the | ||
8823 | compat layer. ok deraadt@ | ||
8824 | |||
8825 | OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c | ||
8826 | |||
8827 | commit 3c51143c639ac686687c7acf9b373b8c08195ffb | ||
8828 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8829 | Date: Tue Feb 13 09:07:29 2018 +1100 | ||
8830 | |||
8831 | Whitespace sync with upstream. | ||
8832 | |||
8833 | commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7 | ||
8834 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8835 | Date: Tue Feb 13 08:25:46 2018 +1100 | ||
8836 | |||
8837 | Whitespace sync with upstream. | ||
8838 | |||
8839 | commit fbfa6f980d7460b3e12b0ce88ed3b6018edf4711 | ||
8840 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8841 | Date: Sun Feb 11 21:25:11 2018 +1300 | ||
8842 | |||
8843 | Move signal compat code into bsd-signal.{c,h} | ||
8844 | |||
8845 | commit 24d2a33bd3bf5170700bfdd8675498aa09a79eab | ||
8846 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8847 | Date: Sun Feb 11 21:20:39 2018 +1300 | ||
8848 | |||
8849 | Include headers for linux/if.h. | ||
8850 | |||
8851 | Prevents configure-time "present but cannot be compiled" warning. | ||
8852 | |||
8853 | commit bc02181c24fc551aab85eb2cff0f90380928ef43 | ||
8854 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8855 | Date: Sun Feb 11 19:45:47 2018 +1300 | ||
8856 | |||
8857 | Fix test for -z,retpolineplt linker flag. | ||
8858 | |||
8859 | commit 3377df00ea3fece5293db85fe63baef33bf5152e | ||
8860 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8861 | Date: Sun Feb 11 09:32:37 2018 +1100 | ||
8862 | |||
8863 | Add checks for Spectre v2 mitigation (retpoline) | ||
8864 | |||
8865 | This adds checks for gcc and clang flags for mitigations for Spectre | ||
8866 | variant 2, ie "retpoline". It'll automatically enabled if the compiler | ||
8867 | supports it as part of toolchain hardening flag. ok djm@ | ||
8868 | |||
8869 | commit d9e5cf078ea5380da6df767bb1773802ec557ef0 | ||
8870 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8871 | Date: Sat Feb 10 09:25:34 2018 +0000 | ||
8872 | |||
8873 | upstream commit | ||
8874 | |||
8875 | constify some private key-related functions; based on | ||
8876 | https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault | ||
8877 | |||
8878 | OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c | ||
8879 | |||
8880 | commit a7c38215d564bf98e8e9eb40c1079e3adf686f15 | ||
8881 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8882 | Date: Sat Feb 10 09:03:54 2018 +0000 | ||
8883 | |||
8884 | upstream commit | ||
8885 | |||
8886 | Mention ServerAliveTimeout in context of TCPKeepAlives; | ||
8887 | prompted by Christoph Anton Mitterer via github | ||
8888 | |||
8889 | OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2 | ||
8890 | |||
8891 | commit 62562ceae61e4f7cf896566592bb840216e71061 | ||
8892 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8893 | Date: Sat Feb 10 06:54:38 2018 +0000 | ||
8894 | |||
8895 | upstream commit | ||
8896 | |||
8897 | clarify IgnoreUserKnownHosts; based on github PR from | ||
8898 | Christoph Anton Mitterer. | ||
8899 | |||
8900 | OpenBSD-Commit-ID: 4fff2c17620c342fb2f1f9c2d2e679aab3e589c3 | ||
8901 | |||
8902 | commit 4f011daa4cada6450fa810f7563b8968639bb562 | ||
8903 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8904 | Date: Sat Feb 10 06:40:28 2018 +0000 | ||
8905 | |||
8906 | upstream commit | ||
8907 | |||
8908 | Shorter, more accurate explanation of | ||
8909 | NoHostAuthenticationForLocalhost without the confusing example. Prompted by | ||
8910 | Christoph Anton Mitterer via github and bz#2293. | ||
8911 | |||
8912 | OpenBSD-Commit-ID: 19dc96bea25b80d78d416b581fb8506f1e7b76df | ||
8913 | |||
8914 | commit 77e05394af21d3f5faa0c09ed3855e4505a5cf9f | ||
8915 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8916 | Date: Sat Feb 10 06:15:12 2018 +0000 | ||
8917 | |||
8918 | upstream commit | ||
8919 | |||
8920 | Disable RemoteCommand and RequestTTY in the ssh session | ||
8921 | started by scp. sftp is already doing this. From Camden Narzt via github; ok | ||
8922 | dtucker | ||
8923 | |||
8924 | OpenBSD-Commit-ID: 59e2611141c0b2ee579c6866e8eb9d7d8217bc6b | ||
8925 | |||
8926 | commit ca613249a00b64b2eea9f52d3834b55c28cf2862 | ||
8927 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8928 | Date: Sat Feb 10 05:48:46 2018 +0000 | ||
8929 | |||
8930 | upstream commit | ||
8931 | |||
8932 | Refuse to create a certificate with an unusable number of | ||
8933 | principals; Prompted by gdestuynder via github | ||
8934 | |||
8935 | OpenBSD-Commit-ID: 8cfae2451e8f07810e3e2546dfdcce66984cbd29 | ||
8936 | |||
8937 | commit b56ac069d46b6f800de34e1e935f98d050731d14 | ||
8938 | Author: djm@openbsd.org <djm@openbsd.org> | ||
8939 | Date: Sat Feb 10 05:43:26 2018 +0000 | ||
8940 | |||
8941 | upstream commit | ||
8942 | |||
8943 | fatal if we're unable to write all the public key; previously | ||
8944 | we would silently ignore errors writing the comment and terminating newline. | ||
8945 | Prompted by github PR from WillerZ; ok dtucker | ||
8946 | |||
8947 | OpenBSD-Commit-ID: 18fbfcfd4e8c6adbc84820039b64d70906e49831 | ||
8948 | |||
8949 | commit cdb10bd431f9f6833475c27e9a82ebb36fdb12db | ||
8950 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8951 | Date: Sat Feb 10 11:18:38 2018 +1100 | ||
8952 | |||
8953 | Add changelog entry for binary strip change. | ||
8954 | |||
8955 | commit fbddd91897cfaf456bfc2081f39fb4a2208a0ebf | ||
8956 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8957 | Date: Sat Feb 10 11:14:54 2018 +1100 | ||
8958 | |||
8959 | Remove unused variables. | ||
8960 | |||
8961 | commit 937d96587df99c16c611d828cded292fa474a32b | ||
8962 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8963 | Date: Sat Feb 10 11:12:45 2018 +1100 | ||
8964 | |||
8965 | Don't strip binaries so debuginfo gets built. | ||
8966 | |||
8967 | Tell install not to strip binaries during package creation so that the | ||
8968 | debuginfo package can be built. | ||
8969 | |||
8970 | commit eb0865f330f59c889ec92696b97bd397090e720c | ||
8971 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8972 | Date: Sat Feb 10 10:33:11 2018 +1100 | ||
8973 | |||
8974 | Fix bogus dates in changelog. | ||
8975 | |||
8976 | commit 7fbde1b34c1f6c9ca9e9d10805ba1e5e4538e165 | ||
8977 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8978 | Date: Sat Feb 10 10:25:15 2018 +1100 | ||
8979 | |||
8980 | Remove SSH1 from description. | ||
8981 | |||
8982 | commit 9c34a76f099c4e0634bf6ecc2f40ce93925402c4 | ||
8983 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8984 | Date: Sat Feb 10 10:19:16 2018 +1100 | ||
8985 | |||
8986 | Add support for compat-openssl10 build dep. | ||
8987 | |||
8988 | commit 04f4e8193cb5a5a751fcc356bd6656291fec539e | ||
8989 | Author: Darren Tucker <dtucker@dtucker.net> | ||
8990 | Date: Sat Feb 10 09:57:04 2018 +1100 | ||
8991 | |||
8992 | Add leading zero so it'll work when rhel not set. | ||
8993 | |||
8994 | When rhel is not set it will error out with "bad if". Add leading zero | ||
8995 | as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work | ||
8996 | on non-RHEL. | ||
8997 | |||
8998 | commit 12abd67a6af28476550807a443b38def2076bb92 | ||
8999 | Author: Darren Tucker <dtucker@dtucker.net> | ||
9000 | Date: Sat Feb 10 09:56:34 2018 +1100 | ||
9001 | |||
9002 | Update openssl-devel dependency. | ||
9003 | |||
9004 | commit b33e7645f8813719d7f9173fef24463c8833ebb3 | ||
9005 | Author: nkadel <nkadel@gmail.com> | ||
9006 | Date: Sun Nov 16 18:19:58 2014 -0500 | ||
9007 | |||
9008 | Add mandir with-mandir' for RHEL 5 compatibility. | ||
9009 | |||
9010 | Activate '--mandir' and '--with-mandir' settings in setup for RHEL | ||
9011 | 5 compatibility. | ||
9012 | |||
9013 | commit 94f8bf360eb0162e39ddf39d69925c2e93511e40 | ||
9014 | Author: nkadel <nkadel@gmail.com> | ||
9015 | Date: Sun Nov 16 18:18:51 2014 -0500 | ||
9016 | |||
9017 | Discard 'K5DIR' reporting. | ||
9018 | |||
9019 | It does not work inside 'mock' build environment. | ||
9020 | |||
9021 | commit bb7e54dbaf34b70b3e57acf7982f3a2136c94ee5 | ||
9022 | Author: nkadel <nkadel@gmail.com> | ||
9023 | Date: Sun Nov 16 18:17:15 2014 -0500 | ||
9024 | |||
9025 | Add 'dist' to 'rel' for OS specific RPM names. | ||
9026 | |||
9027 | commit 87346f1f57f71150a9b8c7029d8c210e27027716 | ||
9028 | Author: nkadel <nkadel@gmail.com> | ||
9029 | Date: Sun Nov 16 14:17:38 2014 -0500 | ||
9030 | |||
9031 | Add openssh-devel >= 0.9.8f for redhat spec file. | ||
9032 | |||
9033 | commit bec1478d710866d3c1b119343a35567a8fc71ec3 | ||
9034 | Author: nkadel <nkadel@gmail.com> | ||
9035 | Date: Sun Nov 16 13:10:24 2014 -0500 | ||
9036 | |||
9037 | Enhance BuildRequires for openssh-x11-askpass. | ||
9038 | |||
9039 | commit 3104fcbdd3c70aefcb0cdc3ee24948907db8dc8f | ||
9040 | Author: nkadel <nkadel@gmail.com> | ||
9041 | Date: Sun Nov 16 13:04:14 2014 -0500 | ||
9042 | |||
9043 | Always include x11-ssh-askpass SRPM. | ||
9044 | |||
9045 | Always include x11-ssh-askpass tarball in redhat SRPM, even if unused. | ||
9046 | |||
9047 | commit c61d0d038d58eebc365f31830be6e04ce373ad1b | ||
9048 | Author: Damien Miller <djm@mindrot.org> | ||
9049 | Date: Sat Feb 10 09:43:12 2018 +1100 | ||
9050 | |||
9051 | this is long unused; prompted by dtucker@ | ||
9052 | |||
9053 | commit 745771fb788e41bb7cdad34e5555bf82da3af7ed | ||
9054 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9055 | Date: Fri Feb 9 02:37:36 2018 +0000 | ||
9056 | |||
9057 | upstream commit | ||
9058 | |||
9059 | Remove unused sKerberosTgtPassing from enum. From | ||
9060 | calestyo via github pull req #11, ok djm@ | ||
9061 | |||
9062 | OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540 | ||
9063 | |||
9064 | commit 1f385f55332db830b0ae22a7663b98279ca2d657 | ||
9065 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9066 | Date: Thu Feb 8 04:12:32 2018 +0000 | ||
9067 | |||
9068 | upstream commit | ||
9069 | |||
9070 | Rename struct umac_ctx to umac128_ctx too. In portable | ||
9071 | some linkers complain about two symbols with the same name having differing | ||
9072 | sizes. ok djm@ | ||
9073 | |||
9074 | OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3 | ||
9075 | |||
9076 | commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf | ||
9077 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9078 | Date: Wed Feb 7 22:52:45 2018 +0000 | ||
9079 | |||
9080 | upstream commit | ||
9081 | |||
9082 | ssh_free checks for and handles NULL args, remove NULL | ||
9083 | checks from remaining callers. ok djm@ | ||
9084 | |||
9085 | OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b | ||
9086 | |||
9087 | commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c | ||
9088 | Author: Darren Tucker <dtucker@dtucker.net> | ||
9089 | Date: Thu Feb 8 12:36:22 2018 +1100 | ||
9090 | |||
9091 | Set SO_REUSEADDR in regression test netcat. | ||
9092 | |||
9093 | Sometimes multiplex tests fail on Solaris with "netcat: local_listen: | ||
9094 | Address already in use" which is likely due to previous invocations | ||
9095 | leaving the port in TIME_WAIT. Set SO_REUSEADDR (in addition to | ||
9096 | SO_REUSEPORT which is alread set on platforms that support it). ok djm@ | ||
9097 | |||
9098 | commit 1749991c55bab716877b7c687cbfbf19189ac6f1 | ||
9099 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
9100 | Date: Wed Feb 7 05:17:56 2018 +0000 | ||
9101 | |||
9102 | upstream commit | ||
9103 | |||
9104 | Convert some explicit_bzero()/free() calls to freezero(). | ||
9105 | |||
9106 | ok deraadt@ dtucker@ | ||
9107 | |||
9108 | OpenBSD-Commit-ID: f566ab99149650ebe58b1d4b946ea726c3829609 | ||
9109 | |||
9110 | commit 94ec2b69d403f4318b7a0d9b17f8bc3efbf4d0d2 | ||
9111 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
9112 | Date: Wed Feb 7 05:15:49 2018 +0000 | ||
9113 | |||
9114 | upstream commit | ||
9115 | |||
9116 | Remove some #ifdef notyet code from OpenSSL 0.9.8 days. | ||
9117 | |||
9118 | These functions have never appeared in OpenSSL and are likely never to do | ||
9119 | so. | ||
9120 | |||
9121 | "kill it with fire" djm@ | ||
9122 | |||
9123 | OpenBSD-Commit-ID: fee9560e283fd836efc2631ef381658cc673d23e | ||
9124 | |||
9125 | commit 7cd31632e3a6607170ed0c9ed413a7ded5b9b377 | ||
9126 | Author: jsing@openbsd.org <jsing@openbsd.org> | ||
9127 | Date: Wed Feb 7 02:06:50 2018 +0000 | ||
9128 | |||
9129 | upstream commit | ||
9130 | |||
9131 | Remove all guards for calls to OpenSSL free functions - | ||
9132 | all of these functions handle NULL, from at least OpenSSL 1.0.1g onwards. | ||
9133 | |||
9134 | Prompted by dtucker@ asking about guards for RSA_free(), when looking at | ||
9135 | openssh-portable pr#84 on github. | ||
9136 | |||
9137 | ok deraadt@ dtucker@ | ||
9138 | |||
9139 | OpenBSD-Commit-ID: 954f1c51b94297d0ae1f749271e184141e0cadae | ||
9140 | |||
9141 | commit 3c000d57d46882eb736c6563edfc4995915c24a2 | ||
9142 | Author: Darren Tucker <dtucker@dtucker.net> | ||
9143 | Date: Wed Feb 7 09:19:38 2018 +1100 | ||
9144 | |||
9145 | Remove obsolete "Smartcard support" message | ||
9146 | |||
9147 | The configure checks that populated $SCARD_MSG were removed in commits | ||
9148 | 7ea845e4 and d8f60022 when the smartcard support was replaced with | ||
9149 | PKCS#11. | ||
9150 | |||
9151 | commit 3e615090de0ce36a833d811e01c28aec531247c4 | ||
9152 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9153 | Date: Tue Feb 6 06:01:54 2018 +0000 | ||
9154 | |||
9155 | upstream commit | ||
9156 | |||
9157 | Replace "trojan horse" with the correct term (MITM). | ||
9158 | From maikel at predikkta.com via bz#2822, ok markus@ | ||
9159 | |||
9160 | OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53 | ||
9161 | |||
9162 | commit 3484380110d437c50e17f87d18544286328c75cb | ||
9163 | Author: tb@openbsd.org <tb@openbsd.org> | ||
9164 | Date: Mon Feb 5 05:37:46 2018 +0000 | ||
9165 | |||
9166 | upstream commit | ||
9167 | |||
9168 | Add a couple of non-negativity checks to avoid close(-1). | ||
9169 | |||
9170 | ok djm | ||
9171 | |||
9172 | OpenBSD-Commit-ID: 4701ce0b37161c891c838d0931305f1d37a50880 | ||
9173 | |||
9174 | commit 5069320be93c8b2a6584b9f944c86f60c2b04e48 | ||
9175 | Author: tb@openbsd.org <tb@openbsd.org> | ||
9176 | Date: Mon Feb 5 05:36:49 2018 +0000 | ||
9177 | |||
9178 | upstream commit | ||
9179 | |||
9180 | The file descriptors for socket, stdin, stdout and stderr | ||
9181 | aren't necessarily distinct, so check if they are the same to avoid closing | ||
9182 | the same fd several times. | ||
9183 | |||
9184 | ok djm | ||
9185 | |||
9186 | OpenBSD-Commit-ID: 60d71fd22e9a32f5639d4ba6e25a2f417fc36ac1 | ||
9187 | |||
9188 | commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d | ||
9189 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9190 | Date: Mon Feb 5 04:02:53 2018 +0000 | ||
9191 | |||
9192 | upstream commit | ||
9193 | |||
9194 | I accidentially a word | ||
9195 | |||
9196 | OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a | ||
9197 | |||
9198 | commit 130283d5c2545ff017c2162dc1258c5354e29399 | ||
9199 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9200 | Date: Thu Jan 25 03:34:43 2018 +0000 | ||
9201 | |||
9202 | upstream commit | ||
9203 | |||
9204 | certificate options are case-sensitive; fix case on one | ||
9205 | that had it wrong. | ||
9206 | |||
9207 | move a badly-place sentence to a less bad place | ||
9208 | |||
9209 | OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b | ||
9210 | |||
9211 | commit 89f09ee68730337015bf0c3f138504494a34e9a6 | ||
9212 | Author: Damien Miller <djm@mindrot.org> | ||
9213 | Date: Wed Jan 24 12:20:44 2018 +1100 | ||
9214 | |||
9215 | crypto_api.h needs includes.h | ||
9216 | |||
9217 | commit c9c1bba06ad1c7cad8548549a68c071bd807af60 | ||
9218 | Author: stsp@openbsd.org <stsp@openbsd.org> | ||
9219 | Date: Tue Jan 23 20:00:58 2018 +0000 | ||
9220 | |||
9221 | upstream commit | ||
9222 | |||
9223 | Fix a logic bug in sshd_exchange_identification which | ||
9224 | prevented clients using major protocol version 2 from connecting to the | ||
9225 | server. ok millert@ | ||
9226 | |||
9227 | OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9 | ||
9228 | |||
9229 | commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb | ||
9230 | Author: stsp@openbsd.org <stsp@openbsd.org> | ||
9231 | Date: Tue Jan 23 18:33:49 2018 +0000 | ||
9232 | |||
9233 | upstream commit | ||
9234 | |||
9235 | Add missing braces; fixes 'write: Socket is not | ||
9236 | connected' error in ssh. ok deraadt@ | ||
9237 | |||
9238 | OpenBSD-Commit-ID: db73a3a9e147722d410866cac34d43ed52e1ad24 | ||
9239 | |||
9240 | commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a | ||
9241 | Author: Damien Miller <djm@mindrot.org> | ||
9242 | Date: Tue Jan 23 16:49:43 2018 +1100 | ||
9243 | |||
9244 | rebuild depends | ||
9245 | |||
9246 | commit 552ea155be44f9c439c1f9f0c38f9e593428f838 | ||
9247 | Author: Damien Miller <djm@mindrot.org> | ||
9248 | Date: Tue Jan 23 16:49:22 2018 +1100 | ||
9249 | |||
9250 | one SSH_BUG_BANNER instance that got away | ||
9251 | |||
9252 | commit 14b5c635d1190633b23ac3372379517fb645b0c2 | ||
9253 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9254 | Date: Tue Jan 23 05:27:21 2018 +0000 | ||
9255 | |||
9256 | upstream commit | ||
9257 | |||
9258 | Drop compatibility hacks for some ancient SSH | ||
9259 | implementations, including ssh.com <=2.* and OpenSSH <= 3.*. | ||
9260 | |||
9261 | These versions were all released in or before 2001 and predate the | ||
9262 | final SSH RFCs. The hacks in question aren't necessary for RFC- | ||
9263 | compliant SSH implementations. | ||
9264 | |||
9265 | ok markus@ | ||
9266 | |||
9267 | OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138 | ||
9268 | |||
9269 | commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb | ||
9270 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9271 | Date: Tue Jan 23 05:17:04 2018 +0000 | ||
9272 | |||
9273 | upstream commit | ||
9274 | |||
9275 | try harder to preserve errno during | ||
9276 | ssh_connect_direct() to make the final error message possibly accurate; | ||
9277 | bz#2814, ok dtucker@ | ||
9278 | |||
9279 | OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca | ||
9280 | |||
9281 | commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec | ||
9282 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9283 | Date: Tue Jan 23 05:12:12 2018 +0000 | ||
9284 | |||
9285 | upstream commit | ||
9286 | |||
9287 | unbreak support for clients that advertise a protocol | ||
9288 | version of "1.99" (indicating both v2 and v1 support). Busted by me during | ||
9289 | SSHv1 purge in r1.358; bz2810, ok dtucker | ||
9290 | |||
9291 | OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b | ||
9292 | |||
9293 | commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d | ||
9294 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9295 | Date: Tue Jan 23 05:06:25 2018 +0000 | ||
9296 | |||
9297 | upstream commit | ||
9298 | |||
9299 | don't attempt to force hostnames that are addresses to | ||
9300 | lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to | ||
9301 | remove ambiguities (e.g. ::0001 => ::1) before they are matched against | ||
9302 | known_hosts; bz#2763, ok dtucker@ | ||
9303 | |||
9304 | OpenBSD-Commit-ID: ba0863ff087e61e5c65efdbe53be3cb92c9aefa0 | ||
9305 | |||
9306 | commit d6364f6fb1a3d753d7ca9bf15b2adce961324513 | ||
9307 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9308 | Date: Tue Jan 23 05:01:15 2018 +0000 | ||
9309 | |||
9310 | upstream commit | ||
9311 | |||
9312 | avoid modifying pw->pw_passwd; let endpwent() clean up | ||
9313 | for us, but keep a scrubbed copy; bz2777, ok dtucker@ | ||
9314 | |||
9315 | OpenBSD-Commit-ID: 715afc0f59c6b82c4929a73279199ed241ce0752 | ||
9316 | |||
9317 | commit a69bbb07cd6fb4dfb9bdcacd370ab26d0a2b4215 | ||
9318 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9319 | Date: Sat Jan 13 00:24:09 2018 +0000 | ||
9320 | |||
9321 | upstream commit | ||
9322 | |||
9323 | clarify authorship; prodded by and ok markus@ | ||
9324 | |||
9325 | OpenBSD-Commit-ID: e1938eee58c89b064befdabe232835fa83bb378c | ||
9326 | |||
9327 | commit 04214b30be3d3e73a01584db4e040d5ccbaaddd4 | ||
9328 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9329 | Date: Mon Jan 8 15:37:21 2018 +0000 | ||
9330 | |||
9331 | upstream commit | ||
9332 | |||
9333 | group shared source files (e.g. SRCS_KEX) and allow | ||
9334 | compilation w/o OPENSSL ok djm@ | ||
9335 | |||
9336 | OpenBSD-Commit-ID: fa728823ba21c4b45212750e1d3a4b2086fd1a62 | ||
9337 | |||
9338 | commit 25cf9105b849932fc3b141590c009e704f2eeba6 | ||
9339 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9340 | Date: Mon Jan 8 15:21:49 2018 +0000 | ||
9341 | |||
9342 | upstream commit | ||
9343 | |||
9344 | move subprocess() so scp/sftp do not need uidswap.o; ok | ||
9345 | djm@ | ||
9346 | |||
9347 | OpenBSD-Commit-ID: 6601b8360388542c2e5fef0f4085f8e54750bea8 | ||
9348 | |||
9349 | commit b0d34132b3ca26fe94013f01d7b92101e70b68bb | ||
9350 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9351 | Date: Mon Jan 8 15:18:46 2018 +0000 | ||
9352 | |||
9353 | upstream commit | ||
9354 | |||
9355 | switch ssh-pkcs11-helper to new API; ok djm@ | ||
9356 | |||
9357 | OpenBSD-Commit-ID: e0c0ed2a568e25b1d2024f3e630f3fea837c2a42 | ||
9358 | |||
9359 | commit ec4a9831184c0c6ed5f7f0cfff01ede5455465a3 | ||
9360 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9361 | Date: Mon Jan 8 15:15:36 2018 +0000 | ||
9362 | |||
9363 | upstream commit | ||
9364 | |||
9365 | split client/server kex; only ssh-keygen needs | ||
9366 | uuencode.o; only scp/sftp use progressmeter.o; ok djm@ | ||
9367 | |||
9368 | OpenBSD-Commit-ID: f2c9feb26963615c4fece921906cf72e248b61ee | ||
9369 | |||
9370 | commit ec77efeea06ac62ee1d76fe0b3225f3000775a9e | ||
9371 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9372 | Date: Mon Jan 8 15:15:17 2018 +0000 | ||
9373 | |||
9374 | upstream commit | ||
9375 | |||
9376 | only ssh-keygen needs uuencode.o; only scp/sftp use | ||
9377 | progressmeter.o | ||
9378 | |||
9379 | OpenBSD-Commit-ID: a337e886a49f96701ccbc4832bed086a68abfa85 | ||
9380 | |||
9381 | commit 25aae35d3d6ee86a8c4c0b1896acafc1eab30172 | ||
9382 | Author: markus@openbsd.org <markus@openbsd.org> | ||
9383 | Date: Mon Jan 8 15:14:44 2018 +0000 | ||
9384 | |||
9385 | upstream commit | ||
9386 | |||
9387 | uuencode.h is not used | ||
9388 | |||
9389 | OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c | ||
9390 | |||
9391 | commit 4f29309c4cb19bcb1774931db84cacc414f17d29 | ||
9392 | Author: Damien Miller <djm@mindrot.org> | ||
9393 | Date: Wed Jan 3 19:50:43 2018 +1100 | ||
9394 | |||
9395 | unbreak fuzz harness | ||
9396 | |||
9397 | commit f6b50bf84dc0b61f22c887c00423e0ea7644e844 | ||
9398 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9399 | Date: Thu Dec 21 05:46:35 2017 +0000 | ||
9400 | |||
9401 | upstream commit | ||
9402 | |||
9403 | another libssh casualty | ||
9404 | |||
9405 | OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec | ||
9406 | |||
9407 | commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13 | ||
9408 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9409 | Date: Thu Dec 21 03:01:49 2017 +0000 | ||
9410 | |||
9411 | upstream commit | ||
9412 | |||
9413 | missed one (unbreak after ssh/lib removal) | ||
9414 | |||
9415 | OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322 | ||
9416 | |||
9417 | commit e6c4134165d05447009437a96e7201276688807f | ||
9418 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9419 | Date: Thu Dec 21 00:41:22 2017 +0000 | ||
9420 | |||
9421 | upstream commit | ||
9422 | |||
9423 | unbreak unit tests after removal of src/usr.bin/ssh/lib | ||
9424 | |||
9425 | OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9 | ||
9426 | |||
9427 | commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe | ||
9428 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9429 | Date: Thu Dec 21 00:00:28 2017 +0000 | ||
9430 | |||
9431 | upstream commit | ||
9432 | |||
9433 | revert stricter key type / signature type checking in | ||
9434 | userauth path; too much software generates inconsistent messages, so we need | ||
9435 | a better plan. | ||
9436 | |||
9437 | OpenBSD-Commit-ID: 4a44ddc991c803c4ecc8f1ad40e0ab4d22e1c519 | ||
9438 | |||
9439 | commit c5a6cbdb79752f7e761074abdb487953ea6db671 | ||
9440 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9441 | Date: Tue Dec 19 00:49:30 2017 +0000 | ||
9442 | |||
9443 | upstream commit | ||
9444 | |||
9445 | explicitly test all key types and their certificate | ||
9446 | counterparts | ||
9447 | |||
9448 | refactor a little | ||
9449 | |||
9450 | OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4 | ||
9451 | |||
9452 | commit f689adb7a370b5572612d88be9837ca9aea75447 | ||
9453 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9454 | Date: Mon Dec 11 11:41:56 2017 +0000 | ||
9455 | |||
9456 | upstream commit | ||
9457 | |||
9458 | use cmp in a loop instead of diff -N to compare | ||
9459 | directories. The former works on more platforms for Portable. | ||
9460 | |||
9461 | OpenBSD-Regress-ID: c3aa72807f9c488e8829a26ae50fe5bcc5b57099 | ||
9462 | |||
9463 | commit 748dd8e5de332b24c40f4b3bbedb902acb048c98 | ||
9464 | Author: Damien Miller <djm@mindrot.org> | ||
9465 | Date: Tue Dec 19 16:17:59 2017 +1100 | ||
9466 | |||
9467 | remove blocks.c from Makefile | ||
9468 | |||
9469 | commit 278856320520e851063b06cef6ef1c60d4c5d652 | ||
9470 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9471 | Date: Tue Dec 19 00:24:34 2017 +0000 | ||
9472 | |||
9473 | upstream commit | ||
9474 | |||
9475 | include signature type and CA key (if applicable) in some | ||
9476 | debug messages | ||
9477 | |||
9478 | OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5 | ||
9479 | |||
9480 | commit 7860731ef190b52119fa480f8064ab03c44a120a | ||
9481 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9482 | Date: Mon Dec 18 23:16:23 2017 +0000 | ||
9483 | |||
9484 | upstream commit | ||
9485 | |||
9486 | unbreak hostkey rotation; attempting to sign with a | ||
9487 | desired signature algorithm of kex->hostkey_alg is incorrect when the key | ||
9488 | type isn't capable of making those signatures. ok markus@ | ||
9489 | |||
9490 | OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906 | ||
9491 | |||
9492 | commit 966ef478339ad5e631fb684d2a8effe846ce3fd4 | ||
9493 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9494 | Date: Mon Dec 18 23:14:34 2017 +0000 | ||
9495 | |||
9496 | upstream commit | ||
9497 | |||
9498 | log mismatched RSA signature types; ok markus@ | ||
9499 | |||
9500 | OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418 | ||
9501 | |||
9502 | commit 349ecd4da3a985359694a74635748009be6baca6 | ||
9503 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9504 | Date: Mon Dec 18 23:13:42 2017 +0000 | ||
9505 | |||
9506 | upstream commit | ||
9507 | |||
9508 | pass kex->hostkey_alg and kex->hostkey_nid from pre-auth | ||
9509 | to post-auth unpriviledged child processes; ok markus@ | ||
9510 | |||
9511 | OpenBSD-Commit-ID: 4a35bc7af0a5f8a232d1361f79f4ebc376137302 | ||
9512 | |||
9513 | commit c9e37a8725c083441dd34a8a53768aa45c3c53fe | ||
9514 | Author: millert@openbsd.org <millert@openbsd.org> | ||
9515 | Date: Mon Dec 18 17:28:54 2017 +0000 | ||
9516 | |||
9517 | upstream commit | ||
9518 | |||
9519 | Add helper function for uri handing in scp where a | ||
9520 | missing path simply means ".". Also fix exit code and add warnings when an | ||
9521 | invalid uri is encountered. OK otto@ | ||
9522 | |||
9523 | OpenBSD-Commit-ID: 47dcf872380586dabf7fcc6e7baf5f8ad508ae1a | ||
9524 | |||
9525 | commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0 | ||
9526 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9527 | Date: Mon Dec 18 02:25:15 2017 +0000 | ||
9528 | |||
9529 | upstream commit | ||
9530 | |||
9531 | pass negotiated signing algorithm though to | ||
9532 | sshkey_verify() and check that the negotiated algorithm matches the type in | ||
9533 | the signature (only matters for RSA SHA1/SHA2 sigs). ok markus@ | ||
9534 | |||
9535 | OpenBSD-Commit-ID: 735fb15bf4adc060d3bee9d047a4bcaaa81b1af9 | ||
9536 | |||
9537 | commit 931c78dfd7fe30669681a59e536bbe66535f3ee9 | ||
9538 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9539 | Date: Mon Dec 18 02:22:29 2017 +0000 | ||
9540 | |||
9541 | upstream commit | ||
9542 | |||
9543 | sshkey_sigtype() function to return the type of a | ||
9544 | signature; ok markus@ | ||
9545 | |||
9546 | OpenBSD-Commit-ID: d3772b065ad6eed97285589bfb544befed9032e8 | ||
9547 | |||
9548 | commit 4cdc5956f2fcc9e9078938db833142dc07d8f523 | ||
9549 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9550 | Date: Thu Dec 14 21:07:39 2017 +0000 | ||
9551 | |||
9552 | upstream commit | ||
9553 | |||
9554 | Replace ED25519's private SHA-512 implementation with a | ||
9555 | call to the regular digest code. This speeds up compilation considerably. ok | ||
9556 | markus@ | ||
9557 | |||
9558 | OpenBSD-Commit-ID: fcce8c3bcfe7389462a28228f63c823e80ade41c | ||
9559 | |||
9560 | commit 012e5cb839faf76549e3b6101b192fe1a74d367e | ||
9561 | Author: naddy@openbsd.org <naddy@openbsd.org> | ||
9562 | Date: Tue Dec 12 15:06:12 2017 +0000 | ||
9563 | |||
9564 | upstream commit | ||
9565 | |||
9566 | Create a persistent umac128.c source file: #define the | ||
9567 | output size and the name of the entry points for UMAC-128 before including | ||
9568 | umac.c. Idea from FreeBSD. ok dtucker@ | ||
9569 | |||
9570 | OpenBSD-Commit-ID: 463cfacfa07cb8060a4d4961e63dca307bf3f4b1 | ||
9571 | |||
9572 | commit b35addfb4cd3b5cdb56a2a489d38e940ada926c7 | ||
9573 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9574 | Date: Mon Dec 11 16:23:28 2017 +1100 | ||
9575 | |||
9576 | Update .depend with empty config.h | ||
9577 | |||
9578 | commit 2d96f28246938e0ca474a939d8ac82ecd0de27e3 | ||
9579 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9580 | Date: Mon Dec 11 16:21:55 2017 +1100 | ||
9581 | |||
9582 | Ensure config.h is always in dependencies. | ||
9583 | |||
9584 | Put an empty config.h into the dependency list to ensure that it's | ||
9585 | always listed and consistent. | ||
9586 | |||
9587 | commit ac4987a55ee5d4dcc8e87f7ae7c1f87be7257d71 | ||
9588 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9589 | Date: Sun Dec 10 19:37:57 2017 +0000 | ||
9590 | |||
9591 | upstream commit | ||
9592 | |||
9593 | ssh/lib hasn't worked towards our code-sharing goals for | ||
9594 | a quit while, perhaps it is too verbose? Change each */Makefile to | ||
9595 | specifying exactly what sources that program requires, compiling it seperate. | ||
9596 | Maybe we'll iterate by sorting those into seperatable chunks, splitting up | ||
9597 | files which contain common code + server/client specific code, or whatnot. | ||
9598 | But this isn't one step, or we'd have done it a long time ago.. ok dtucker | ||
9599 | markus djm | ||
9600 | |||
9601 | OpenBSD-Commit-ID: 5317f294d63a876bfc861e19773b1575f96f027d | ||
9602 | |||
9603 | commit 48c23a39a8f1069a57264dd826f6c90aa12778d5 | ||
9604 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9605 | Date: Sun Dec 10 05:55:29 2017 +0000 | ||
9606 | |||
9607 | upstream commit | ||
9608 | |||
9609 | Put remote client info back into the ClientAlive | ||
9610 | connection termination message. Based in part on diff from lars.nooden at | ||
9611 | gmail, ok djm | ||
9612 | |||
9613 | OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0 | ||
9614 | |||
9615 | commit aabd75ec76575c1b17232e6526a644097cd798e5 | ||
9616 | Author: deraadt@openbsd.org <deraadt@openbsd.org> | ||
9617 | Date: Fri Dec 8 03:45:52 2017 +0000 | ||
9618 | |||
9619 | upstream commit | ||
9620 | |||
9621 | time_t printing needs %lld and (long long) casts ok djm | ||
9622 | |||
9623 | OpenBSD-Commit-ID: 4a93bc2b0d42a39b8f8de8bb74d07ad2e5e83ef7 | ||
9624 | |||
9625 | commit fd4eeeec16537870bd40d04836c7906ec141c17d | ||
9626 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9627 | Date: Fri Dec 8 02:14:33 2017 +0000 | ||
9628 | |||
9629 | upstream commit | ||
9630 | |||
9631 | fix ordering in previous to ensure errno isn't clobbered | ||
9632 | before logging. | ||
9633 | |||
9634 | OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2 | ||
9635 | |||
9636 | commit 155072fdb0d938015df828836beb2f18a294ab8a | ||
9637 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9638 | Date: Fri Dec 8 02:13:02 2017 +0000 | ||
9639 | |||
9640 | upstream commit | ||
9641 | |||
9642 | for some reason unix_listener() logged most errors twice | ||
9643 | with each message containing only some of the useful information; merge these | ||
9644 | |||
9645 | OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a | ||
9646 | |||
9647 | commit 79c0e1d29959304e5a49af1dbc58b144628c09f3 | ||
9648 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9649 | Date: Mon Dec 11 14:38:33 2017 +1100 | ||
9650 | |||
9651 | Add autogenerated dependency info to Makefile. | ||
9652 | |||
9653 | Adds a .depend file containing dependency information generated by | ||
9654 | makedepend, which is appended to the generated Makefile by configure. | ||
9655 | |||
9656 | You can regen the file with "make -f Makefile.in depend" if necessary, | ||
9657 | but we'll be looking at some way to automatically keep this up to date. | ||
9658 | |||
9659 | "no objection" djm@ | ||
9660 | |||
9661 | commit f001de8fbf7f3faddddd8efd03df18e57601f7eb | ||
9662 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9663 | Date: Mon Dec 11 13:42:51 2017 +1100 | ||
9664 | |||
9665 | Fix pasto in ldns handling. | ||
9666 | |||
9667 | When ldns-config is not found, configure would check the wrong variable. | ||
9668 | ok djm@ | ||
9669 | |||
9670 | commit c5bfe83f67cb64e71cf2fe0d1500f6904b0099ee | ||
9671 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9672 | Date: Sat Dec 9 10:12:23 2017 +1100 | ||
9673 | |||
9674 | Portable switched to git so s/CVS/git/. | ||
9675 | |||
9676 | commit bb82e61a40a4ee52e4eb904caaee2c27b763ab5b | ||
9677 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9678 | Date: Sat Dec 9 08:06:00 2017 +1100 | ||
9679 | |||
9680 | Remove now-used check for perl. | ||
9681 | |||
9682 | commit e0ce54c0b9ca3a9388f9c50f4fa6cc25c28a3240 | ||
9683 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9684 | Date: Wed Dec 6 05:06:21 2017 +0000 | ||
9685 | |||
9686 | upstream commit | ||
9687 | |||
9688 | don't accept junk after "yes" or "no" responses to | ||
9689 | hostkey prompts. bz#2803 reported by Maksim Derbasov; ok dtucker@ | ||
9690 | |||
9691 | OpenBSD-Commit-ID: e1b159fb2253be973ce25eb7a7be26e6f967717c | ||
9692 | |||
9693 | commit 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 | ||
9694 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9695 | Date: Tue Dec 5 23:59:47 2017 +0000 | ||
9696 | |||
9697 | upstream commit | ||
9698 | |||
9699 | Replace atoi and strtol conversions for integer arguments | ||
9700 | to config keywords with a checking wrapper around strtonum. This will | ||
9701 | prevent and flag invalid and negative arguments to these keywords. ok djm@ | ||
9702 | |||
9703 | OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998 | ||
9704 | |||
9705 | commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 | ||
9706 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9707 | Date: Tue Dec 5 23:56:07 2017 +0000 | ||
9708 | |||
9709 | upstream commit | ||
9710 | |||
9711 | Add missing break for rdomain. Prevents spurious | ||
9712 | "Deprecated option" warnings. ok djm@ | ||
9713 | |||
9714 | OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a | ||
9715 | |||
9716 | commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198 | ||
9717 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9718 | Date: Tue Dec 5 01:30:19 2017 +0000 | ||
9719 | |||
9720 | upstream commit | ||
9721 | |||
9722 | include the addr:port in bind/listen failure messages | ||
9723 | |||
9724 | OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e | ||
9725 | |||
9726 | commit a8c89499543e2d889629c4e5e8dcf47a655cf889 | ||
9727 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9728 | Date: Wed Nov 29 05:49:54 2017 +0000 | ||
9729 | |||
9730 | upstream commit | ||
9731 | |||
9732 | Import updated moduli. | ||
9733 | |||
9734 | OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a | ||
9735 | |||
9736 | commit 3dde09ab38c8e1cfc28252be473541a81bc57097 | ||
9737 | Author: dtucker@openbsd.org <dtucker@openbsd.org> | ||
9738 | Date: Tue Nov 28 21:10:22 2017 +0000 | ||
9739 | |||
9740 | upstream commit | ||
9741 | |||
9742 | Have sftp print a warning about shell cleanliness when | ||
9743 | decoding the first packet fails, which is usually caused by shells polluting | ||
9744 | stdout of non-interactive starups. bz#2800, ok markus@ deraadt@. | ||
9745 | |||
9746 | OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5 | ||
9747 | |||
9748 | commit 6c8a246437f612ada8541076be2414846d767319 | ||
9749 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9750 | Date: Fri Dec 1 17:11:47 2017 +1100 | ||
9751 | |||
9752 | Replace mkinstalldirs with mkdir -p. | ||
9753 | |||
9754 | Check for MIKDIR_P and use it instead of mkinstalldirs. Should fix "mkdir: | ||
9755 | cannot create directory:... File exists" during "make install". | ||
9756 | Patch from eb at emlix.com. | ||
9757 | |||
9758 | commit 3058dd78d2e43ed0f82ad8eab8bb04b043a72023 | ||
9759 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9760 | Date: Fri Dec 1 17:07:08 2017 +1100 | ||
9761 | |||
9762 | Pull in newer install-sh from autoconf-2.69. | ||
9763 | |||
9764 | Suggested by eb at emlix.com | ||
9765 | |||
9766 | commit 79226e5413c5b0fda3511351a8511ff457e306d8 | ||
9767 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9768 | Date: Fri Dec 1 16:55:35 2017 +1100 | ||
9769 | |||
9770 | Remove RSA1 host key generation. | ||
9771 | |||
9772 | SSH1 support is now gone, remove SSH1 key generation. | ||
9773 | Patch from eb at emlix.com. | ||
9774 | |||
9775 | commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb | ||
9776 | Author: djm@openbsd.org <djm@openbsd.org> | ||
9777 | Date: Tue Nov 28 06:09:38 2017 +0000 | ||
9778 | |||
9779 | upstream commit | ||
9780 | |||
9781 | more whitespace errors | ||
9782 | |||
9783 | OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb | ||
9784 | |||
9785 | commit 7f257bf3fd3a759f31098960cbbd1453fafc4164 | ||
9786 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9787 | Date: Tue Nov 28 06:04:51 2017 +0000 | ||
9788 | |||
9789 | upstream commit | ||
9790 | |||
9791 | whitespace at EOL | ||
9792 | |||
9793 | OpenBSD-Commit-ID: 76d3965202b22d59c2784a8df3a8bfa5ee67b96a | ||
9794 | |||
9795 | commit 5db6fbf1438b108e5df3e79a1b4de544373bc2d4 | ||
9796 | Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | ||
9797 | Date: Sat Nov 25 06:46:22 2017 +0000 | ||
9798 | |||
9799 | upstream commit | ||
9800 | |||
9801 | Add monotime_ts and monotime_tv that return monotonic | ||
9802 | timespec and timeval respectively. Replace calls to gettimeofday() in packet | ||
9803 | timing with monotime_tv so that the callers will work over a clock step. | ||
9804 | Should prevent integer overflow during clock steps reported by wangle6 at | ||
9805 | huawei.com. "I like" markus@ | ||
9806 | |||
9807 | OpenBSD-Commit-ID: 74d684264814ff806f197948b87aa732cb1b0b8a | ||
9808 | |||
9809 | commit 2d638e986085bdf1a40310ed6e2307463db96ea0 | ||
9810 | Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | ||
9811 | Date: Sat Nov 25 05:58:47 2017 +0000 | ||
9812 | |||
9813 | upstream commit | ||
9814 | |||
9815 | Remove get_current_time() and replace with calls to | ||
9816 | monotime_double() which uses CLOCK_MONOTONIC and works over clock steps. "I | ||
9817 | like" markus@ | ||
9818 | |||
9819 | OpenBSD-Commit-ID: 3ad2f7d2414e2cfcaef99877a7a5b0baf2242952 | ||
9820 | |||
9821 | commit ba460acae48a36ef749cb23068f968f4d5d90a24 | ||
9822 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9823 | Date: Fri Nov 24 16:24:31 2017 +1100 | ||
9824 | |||
9825 | Include string.h for explicit_bzero. | ||
9826 | |||
9827 | commit a65655fb1a12b77fb22f9e71559b9d73030ec8ff | ||
9828 | Author: Damien Miller <djm@mindrot.org> | ||
9829 | Date: Fri Nov 24 10:23:47 2017 +1100 | ||
9830 | |||
9831 | fix incorrect range of OpenSSL versions supported | ||
9832 | |||
9833 | Pointed out by Solar Designer | ||
9834 | |||
9835 | commit 83a1e5dbec52d05775174f368e0c44b08619a308 | ||
9836 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9837 | Date: Wed Nov 15 02:10:16 2017 +0000 | ||
9838 | |||
9839 | upstream commit | ||
9840 | |||
9841 | downgrade a couple more request parsing errors from | ||
9842 | process-fatal to just returning failure, making them consistent with the | ||
9843 | others that were already like that. | ||
9844 | |||
9845 | OpenBSD-Commit-ID: c111461f7a626690a2d53018ef26557b34652918 | ||
9846 | |||
9847 | commit 93c68a8f3da8e5e6acdc3396f54d73919165e242 | ||
9848 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9849 | Date: Wed Nov 15 00:13:40 2017 +0000 | ||
9850 | |||
9851 | upstream commit | ||
9852 | |||
9853 | fix regression in 7.6: failure to parse a signature request | ||
9854 | message shouldn't be fatal to the process, just the request. Reported by Ron | ||
9855 | Frederick | ||
9856 | |||
9857 | OpenBSD-Commit-ID: e5d01b3819caa1a2ad51fc57d6ded43f48bbcc05 | ||
9858 | |||
9859 | commit 548d3a66feb64c405733932a6b1abeaf7198fa71 | ||
9860 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9861 | Date: Tue Nov 14 00:45:29 2017 +0000 | ||
9862 | |||
9863 | upstream commit | ||
9864 | |||
9865 | fix problem in configuration parsing when in config dump mode | ||
9866 | (sshd -T) without providing a full connection specification (sshd -T -C ...) | ||
9867 | |||
9868 | spotted by bluhm@ | ||
9869 | |||
9870 | OpenBSD-Commit-ID: 7125faf5740eaa9d3a2f25400a0bc85e94e28b8f | ||
9871 | |||
9872 | commit 33edb6ebdc2f81ebed1bceadacdfb8910b64fb88 | ||
9873 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9874 | Date: Fri Nov 3 05:18:44 2017 +0000 | ||
9875 | |||
9876 | upstream commit | ||
9877 | |||
9878 | reuse parse_multistate for parse_flag (yes/no arguments). | ||
9879 | Saves a few lines of code and makes the parser more consistent wrt case- | ||
9880 | sensitivity. bz#2664 ok dtucker@ | ||
9881 | |||
9882 | OpenBSD-Commit-ID: b2ad1b6086858d5db71c7b11e5a74dba6d60efef | ||
9883 | |||
9884 | commit d52131a98316e76c0caa348f09bf6f7b9b01a1b9 | ||
9885 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9886 | Date: Fri Nov 3 05:14:04 2017 +0000 | ||
9887 | |||
9888 | upstream commit | ||
9889 | |||
9890 | allow certificate validity intervals that specify only a | ||
9891 | start or stop time (we already support specifying both or neither) | ||
9892 | |||
9893 | OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42 | ||
9894 | |||
9895 | commit fbe8e7ac94c2fa380421a9205a8bc966549c2f91 | ||
9896 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9897 | Date: Fri Nov 3 03:46:52 2017 +0000 | ||
9898 | |||
9899 | upstream commit | ||
9900 | |||
9901 | allow "cd" and "lcd" commands with no explicit path | ||
9902 | argument. lcd will change to the local user's home directory as usual. cd | ||
9903 | will change to the starting directory for session (because the protocol | ||
9904 | offers no way to obtain the remote user's home directory). bz#2760 ok | ||
9905 | dtucker@ | ||
9906 | |||
9907 | OpenBSD-Commit-ID: 15333f5087cee8c1ed1330cac1bd0a3e6a767393 | ||
9908 | |||
9909 | commit 0208a48517b5e8e8b091f32fa4addcd67c31ca9e | ||
9910 | Author: dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | ||
9911 | Date: Fri Nov 3 03:18:53 2017 +0000 | ||
9912 | |||
9913 | upstream commit | ||
9914 | |||
9915 | When doing a config test with sshd -T, only require the | ||
9916 | attributes that are actually used in Match criteria rather than (an | ||
9917 | incomplete list of) all criteria. ok djm@, man page help jmc@ | ||
9918 | |||
9919 | OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc | ||
9920 | |||
9921 | commit c357eed5a52cd2f4ff358b17e30e3f9a800644da | ||
9922 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9923 | Date: Fri Nov 3 02:32:19 2017 +0000 | ||
9924 | |||
9925 | upstream commit | ||
9926 | |||
9927 | typos in ECDSA certificate names; bz#2787 reported by | ||
9928 | Mike Gerow | ||
9929 | |||
9930 | OpenBSD-Commit-ID: 824938b6aba1b31321324ba1f56c05f84834b163 | ||
9931 | |||
9932 | commit ecbf005b8fd80b81d0c61dfc1e96fe3da6099395 | ||
9933 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9934 | Date: Fri Nov 3 02:29:17 2017 +0000 | ||
9935 | |||
9936 | upstream commit | ||
9937 | |||
9938 | Private keys in PEM format have been encrypted by AES-128 for | ||
9939 | a while (not 3DES). bz#2788 reported by Calum Mackay | ||
9940 | |||
9941 | OpenBSD-Commit-ID: bd33da7acbbb3c882f0a0ee56007a35ce0d8a11a | ||
9942 | |||
9943 | commit 81c9ccdbf6ddbf9bfbd6f1f775a5a7c13e47e185 | ||
9944 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9945 | Date: Fri Nov 3 14:52:51 2017 +1100 | ||
9946 | |||
9947 | Check for linux/if.h when enabling rdomain. | ||
9948 | |||
9949 | musl libc doesn't seem to have linux/if.h, so check for its presence | ||
9950 | before enabling rdomain support on Linux. | ||
9951 | |||
9952 | commit fa1b834cce41a1ce3e6a8d57fb67ef18c9dd803f | ||
9953 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9954 | Date: Fri Nov 3 14:09:45 2017 +1100 | ||
9955 | |||
9956 | Add headers for sys/sysctl.h and net/route.h | ||
9957 | |||
9958 | On at least older OpenBSDs, sys/sysctl.h and net/route.h require | ||
9959 | sys/types and, in the case of sys/sysctl.h, sys/param.h for MAXLOGNAME. | ||
9960 | |||
9961 | commit 41bff4da21fcd8a7c6a83a7e0f92b018f904f6fb | ||
9962 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9963 | Date: Fri Nov 3 02:22:41 2017 +0000 | ||
9964 | |||
9965 | upstream commit | ||
9966 | |||
9967 | avoid unused variable warnings for !WITH_OPENSSL; patch from | ||
9968 | Marcus Folkesson | ||
9969 | |||
9970 | OpenBSD-Commit-ID: c01d27a3f907acdc3dd4ea48170fac3ba236d229 | ||
9971 | |||
9972 | commit 6b373e4635a7470baa94253dd1dc8953663da9e8 | ||
9973 | Author: Marcus Folkesson <marcus.folkesson@gmail.com> | ||
9974 | Date: Sat Oct 28 19:48:39 2017 +0200 | ||
9975 | |||
9976 | only enable functions in dh.c when openssl is used | ||
9977 | |||
9978 | Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com> | ||
9979 | |||
9980 | commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b | ||
9981 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
9982 | Date: Wed Nov 1 00:04:15 2017 +0000 | ||
9983 | |||
9984 | upstream commit | ||
9985 | |||
9986 | fix broken stdout in ControlPersist mode, introduced by me in | ||
9987 | r1.467 and reported by Alf Schlichting | ||
9988 | |||
9989 | OpenBSD-Commit-ID: 3750a16e02108fc25f747e4ebcedb7123c1ef509 | ||
9990 | |||
9991 | commit f21455a084f9cc3942cf1bde64055a4916849fed | ||
9992 | Author: Darren Tucker <dtucker@zip.com.au> | ||
9993 | Date: Tue Oct 31 10:09:33 2017 +1100 | ||
9994 | |||
9995 | Include includes.h for HAVE_GETPAGESIZE. | ||
9996 | |||
9997 | The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in | ||
9998 | config.h, but bsd-getpagesize.c forgot to include includes.h (which | ||
9999 | indirectly includes config.h) so the checks always fails, causing linker | ||
10000 | issues when linking statically on systems with getpagesize(). | ||
10001 | |||
10002 | Patch from Peter Korsgaard <peter at korsgaard.com> | ||
10003 | |||
10004 | commit f2ad63c0718b93ac1d1e85f53fee33b06eef86b5 | ||
10005 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10006 | Date: Mon Oct 30 22:01:52 2017 +0000 | ||
10007 | |||
10008 | upstream commit | ||
10009 | |||
10010 | whitespace at EOL | ||
10011 | |||
10012 | OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07 | ||
10013 | |||
10014 | commit c6415b1f8f1d0c2735564371647fd6a177fb9a3e | ||
10015 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10016 | Date: Mon Oct 30 21:59:43 2017 +0000 | ||
10017 | |||
10018 | upstream commit | ||
10019 | |||
10020 | whitespace at EOL | ||
10021 | |||
10022 | OpenBSD-Regress-ID: 19b1394393deee4c8a2114a3b7d18189f27a15cd | ||
10023 | |||
10024 | commit e4d4ddbbba0e585ca3ec3a455430750b4622a6d3 | ||
10025 | Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org> | ||
10026 | Date: Wed Oct 25 20:08:36 2017 +0000 | ||
10027 | |||
10028 | upstream commit | ||
10029 | |||
10030 | Use printenv to test whether an SSH_USER_AUTH is set | ||
10031 | instead of using $SSH_USER_AUTH. The latter won't work with csh which treats | ||
10032 | unknown variables as an error when expanding them. OK markus@ | ||
10033 | |||
10034 | OpenBSD-Regress-ID: f601e878dd8b71aa40381573dde3a8f567e6f2d1 | ||
10035 | |||
10036 | commit 116b1b439413a724ebb3320633a64dd0f3ee1fe7 | ||
10037 | Author: millert@openbsd.org@openbsd.org <millert@openbsd.org@openbsd.org> | ||
10038 | Date: Tue Oct 24 19:33:32 2017 +0000 | ||
10039 | |||
10040 | upstream commit | ||
10041 | |||
10042 | Add tests for URI parsing. OK markus@ | ||
10043 | |||
10044 | OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b | ||
10045 | |||
10046 | commit dbe0662e9cd482593a4a8bf58c6481bfe8a747a4 | ||
10047 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10048 | Date: Fri Oct 27 01:57:06 2017 +0000 | ||
10049 | |||
10050 | upstream commit | ||
10051 | |||
10052 | whitespace at EOL | ||
10053 | |||
10054 | OpenBSD-Commit-ID: c95549cf5a07d56ea11aaff818415118720214f6 | ||
10055 | |||
10056 | commit d2135474344335a7c6ee643b6ade6db400fa76ee | ||
10057 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10058 | Date: Fri Oct 27 01:01:17 2017 +0000 | ||
10059 | |||
10060 | upstream commit | ||
10061 | |||
10062 | whitespace at EOL (lots) | ||
10063 | |||
10064 | OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747 | ||
10065 | |||
10066 | commit b77c29a07f5a02c7c1998701c73d92bde7ae1608 | ||
10067 | Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org> | ||
10068 | Date: Fri Oct 27 00:18:41 2017 +0000 | ||
10069 | |||
10070 | upstream commit | ||
10071 | |||
10072 | improve printing of rdomain on accept() a little | ||
10073 | |||
10074 | OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a | ||
10075 | |||
10076 | commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b | ||
10077 | Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> | ||
10078 | Date: Thu Oct 26 06:44:01 2017 +0000 | ||
10079 | |||
10080 | upstream commit | ||
10081 | |||
10082 | mark up the rdomain keyword; | ||
10083 | |||
10084 | OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a | ||
10085 | |||
10086 | commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b | ||
10087 | Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> | ||
10088 | Date: Wed Oct 25 06:19:46 2017 +0000 | ||
10089 | |||
10090 | upstream commit | ||
10091 | |||
10092 | tweak the uri text, specifically removing some markup to | ||
10093 | make it a bit more readable; | ||
10094 | |||
10095 | issue reported by - and diff ok - millert | ||
10096 | |||
10097 | OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f | ||
10098 | |||
10099 | commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40 | ||
10100 | Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org> | ||
10101 | Date: Wed Oct 25 06:18:06 2017 +0000 | ||
10102 | |||
10103 | upstream commit | ||
10104 | |||
10105 | simplify macros in previous, and some minor tweaks; | ||
10106 | |||
10107 | OpenBSD-Commit-ID: 6efeca3d8b095b76e21b484607d9cc67ac9a11ca | ||
10108 | |||
10109 | commit eb9c582b710dc48976b48eb2204218f6863bae9a | ||
10110 | Author: Damien Miller <djm@mindrot.org> | ||
10111 | Date: Tue Oct 31 00:46:29 2017 +1100 | ||
10112 | |||
10113 | Switch upstream git repository. | ||
10114 | |||
10115 | Previously portable OpenSSH has synced against a conversion of OpenBSD's | ||
10116 | CVS repository made using the git cvsimport tool, but this has become | ||
10117 | increasingly unreliable. | ||
10118 | |||
10119 | As of this commit, portable OpenSSH now tracks a conversion of the | ||
10120 | OpenBSD CVS upstream made using the excellent cvs2gitdump tool from | ||
10121 | YASUOKA Masahiko: https://github.com/yasuoka/cvs2gitdump | ||
10122 | |||
10123 | cvs2gitdump is considerably more reliable than gitcvsimport and the old | ||
10124 | version of cvsps that it uses under the hood, and is the same tool used | ||
10125 | to export the entire OpenBSD repository to git (so we know it can cope | ||
10126 | with future growth). | ||
10127 | |||
10128 | These new conversions are mirrored at github, so interested parties can | ||
10129 | match portable OpenSSH commits to their upstream counterparts. | ||
10130 | |||
10131 | https://github.com/djmdjm/openbsd-openssh-src | ||
10132 | https://github.com/djmdjm/openbsd-openssh-regress | ||
10133 | |||
10134 | An unfortunate side effect of switching upstreams is that we must have | ||
10135 | a flag day, across which the upstream commit IDs will be inconsistent. | ||
10136 | The old commit IDs are recorded with the tags "Upstream-ID" for main | ||
10137 | directory commits and "Upstream-Regress-ID" for regress commits. | ||
10138 | |||
10139 | To make it clear that the commit IDs do not refer to the same | ||
10140 | things, the new repository will instead use "OpenBSD-ID" and | ||
10141 | "OpenBSD-Regress-ID" tags instead. | ||
10142 | |||
10143 | Apart from being a longwinded explanation of what is going on, this | ||
10144 | commit message also serves to synchronise our tools with the state of | ||
10145 | the tree, which happens to be: | ||
10146 | |||
10147 | OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1 | ||
10148 | OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef | ||
10149 | |||
10150 | commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea | ||
10151 | Author: Damien Miller <djm@mindrot.org> | ||
10152 | Date: Fri Oct 27 08:42:33 2017 +1100 | ||
10153 | |||
10154 | fix rdomain compilation errors | ||
10155 | |||
10156 | commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab | ||
10157 | Author: Damien Miller <djm@mindrot.org> | ||
10158 | Date: Wed Oct 25 14:15:42 2017 +1100 | ||
10159 | |||
10160 | autoconf glue to enable Linux VRF | ||
10161 | |||
10162 | commit 97c5aaf925d61641d599071abb56012cde265978 | ||
10163 | Author: Damien Miller <djm@mindrot.org> | ||
10164 | Date: Wed Oct 25 14:09:56 2017 +1100 | ||
10165 | |||
10166 | basic valid_rdomain() implementation for Linux | ||
10167 | |||
10168 | commit ce1cca39d7935dd394080ce2df62f5ce5b51f485 | ||
10169 | Author: Damien Miller <djm@mindrot.org> | ||
10170 | Date: Wed Oct 25 13:47:59 2017 +1100 | ||
10171 | |||
10172 | implement get/set_rdomain() for Linux | ||
10173 | |||
10174 | Not enabled, pending implementation of valid_rdomain() and autoconf glue | ||
10175 | |||
10176 | commit 6eee79f9b8d4a3b113b698383948a119acb82415 | ||
10177 | Author: Damien Miller <djm@mindrot.org> | ||
10178 | Date: Wed Oct 25 13:22:29 2017 +1100 | ||
10179 | |||
10180 | stubs for rdomain replacement functions | ||
10181 | |||
10182 | commit f5594f939f844bbb688313697d6676238da355b3 | ||
10183 | Author: Damien Miller <djm@mindrot.org> | ||
10184 | Date: Wed Oct 25 13:13:57 2017 +1100 | ||
10185 | |||
10186 | rename port-tun.[ch] => port-net.[ch] | ||
10187 | |||
10188 | Ahead of adding rdomain support | ||
10189 | |||
10190 | commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb | ||
10191 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10192 | Date: Wed Oct 25 02:10:39 2017 +0000 | ||
10193 | |||
10194 | upstream commit | ||
10195 | |||
10196 | uninitialised variable in PermitTunnel printing code | ||
10197 | |||
10198 | Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a | ||
10199 | |||
10200 | commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f | ||
10201 | Author: Damien Miller <djm@mindrot.org> | ||
10202 | Date: Wed Oct 25 13:10:59 2017 +1100 | ||
10203 | |||
10204 | provide hooks and fallbacks for rdomain support | ||
10205 | |||
10206 | commit 3235473bc8e075fad7216b7cd62fcd2b0320ea04 | ||
10207 | Author: Damien Miller <djm@mindrot.org> | ||
10208 | Date: Wed Oct 25 11:25:43 2017 +1100 | ||
10209 | |||
10210 | check for net/route.h and sys/sysctl.h | ||
10211 | |||
10212 | commit 4d5456c7de108e17603a0920c4d15bca87244921 | ||
10213 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10214 | Date: Wed Oct 25 00:21:37 2017 +0000 | ||
10215 | |||
10216 | upstream commit | ||
10217 | |||
10218 | transfer ownership of stdout to the session channel by | ||
10219 | dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to | ||
10220 | the local side; reported by David Newall, ok markus@ | ||
10221 | |||
10222 | Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79 | ||
10223 | |||
10224 | commit 68af80e6fdeaeb79432209db614386ff0f37e75f | ||
10225 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10226 | Date: Wed Oct 25 00:19:47 2017 +0000 | ||
10227 | |||
10228 | upstream commit | ||
10229 | |||
10230 | add a "rdomain" criteria for the sshd_config Match | ||
10231 | keyword to allow conditional configuration that depends on which rdomain(4) a | ||
10232 | connection was recevied on. ok markus@ | ||
10233 | |||
10234 | Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb | ||
10235 | |||
10236 | commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a | ||
10237 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10238 | Date: Wed Oct 25 00:17:08 2017 +0000 | ||
10239 | |||
10240 | upstream commit | ||
10241 | |||
10242 | add sshd_config RDomain keyword to place sshd and the | ||
10243 | subsequent user session (including the shell and any TCP/IP forwardings) into | ||
10244 | the specified rdomain(4) | ||
10245 | |||
10246 | ok markus@ | ||
10247 | |||
10248 | Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5 | ||
10249 | |||
10250 | commit acf559e1cffbd1d6167cc1742729fc381069f06b | ||
10251 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10252 | Date: Wed Oct 25 00:15:35 2017 +0000 | ||
10253 | |||
10254 | upstream commit | ||
10255 | |||
10256 | Add optional rdomain qualifier to sshd_config's | ||
10257 | ListenAddress option to allow listening on a different rdomain(4), e.g. | ||
10258 | |||
10259 | ListenAddress 0.0.0.0 rdomain 4 | ||
10260 | |||
10261 | Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091 | ||
10262 | |||
10263 | commit b9903ee8ee8671b447fc260c2bee3761e26c7227 | ||
10264 | Author: millert@openbsd.org <millert@openbsd.org> | ||
10265 | Date: Tue Oct 24 19:41:45 2017 +0000 | ||
10266 | |||
10267 | upstream commit | ||
10268 | |||
10269 | Kill dead store and some spaces vs. tabs indent in | ||
10270 | parse_user_host_path(). Noticed by markus@ | ||
10271 | |||
10272 | Upstream-ID: 114fec91dadf9af46c7c94fd40fc630ea2de8200 | ||
10273 | |||
10274 | commit 0869627e00f4ee2a038cb62d7bd9ffad405e1800 | ||
10275 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10276 | Date: Tue Oct 24 06:27:42 2017 +0000 | ||
10277 | |||
10278 | upstream commit | ||
10279 | |||
10280 | tweak previous; ok djm | ||
10281 | |||
10282 | Upstream-ID: 7d913981ab315296be1f759c67b6e17aea38fca9 | ||
10283 | |||
10284 | commit e3fa20e2e58fdc88a0e842358778f2de448b771b | ||
10285 | Author: Damien Miller <djm@mindrot.org> | ||
10286 | Date: Mon Oct 23 16:25:24 2017 +1100 | ||
10287 | |||
10288 | avoid -Wsign-compare warning in argv copying | ||
10289 | |||
10290 | commit b7548b12a6b2b4abf4d057192c353147e0abba08 | ||
10291 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10292 | Date: Mon Oct 23 05:08:00 2017 +0000 | ||
10293 | |||
10294 | upstream commit | ||
10295 | |||
10296 | Expose devices allocated for tun/tap forwarding. | ||
10297 | |||
10298 | At the client, the device may be obtained from a new %T expansion | ||
10299 | for LocalCommand. | ||
10300 | |||
10301 | At the server, the allocated devices will be listed in a | ||
10302 | SSH_TUNNEL variable exposed to the environment of any user sessions | ||
10303 | started after the tunnel forwarding was established. | ||
10304 | |||
10305 | ok markus | ||
10306 | |||
10307 | Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e | ||
10308 | |||
10309 | commit 887669ef032d63cf07f53cada216fa8a0c9a7d72 | ||
10310 | Author: millert@openbsd.org <millert@openbsd.org> | ||
10311 | Date: Sat Oct 21 23:06:24 2017 +0000 | ||
10312 | |||
10313 | upstream commit | ||
10314 | |||
10315 | Add URI support to ssh, sftp and scp. For example | ||
10316 | ssh://user@host or sftp://user@host/path. The connection parameters | ||
10317 | described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since | ||
10318 | the ssh fingerprint format in the draft uses md5 with no way to specify the | ||
10319 | hash function type. OK djm@ | ||
10320 | |||
10321 | Upstream-ID: 4ba3768b662d6722de59e6ecb00abf2d4bf9cacc | ||
10322 | |||
10323 | commit d27bff293cfeb2252f4c7a58babe5ad3262c6c98 | ||
10324 | Author: Damien Miller <djm@mindrot.org> | ||
10325 | Date: Fri Oct 20 13:22:00 2017 +1100 | ||
10326 | |||
10327 | Fix missed RCSID merges | ||
10328 | |||
10329 | commit d3b6aeb546242c9e61721225ac4387d416dd3d5e | ||
10330 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10331 | Date: Fri Oct 20 02:13:41 2017 +0000 | ||
10332 | |||
10333 | upstream commit | ||
10334 | |||
10335 | more RCSIDs | ||
10336 | |||
10337 | Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be | ||
10338 | |||
10339 | commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a | ||
10340 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10341 | Date: Fri Oct 20 01:56:39 2017 +0000 | ||
10342 | |||
10343 | upstream commit | ||
10344 | |||
10345 | add RCSIDs to these; they make syncing portable a bit | ||
10346 | easier | ||
10347 | |||
10348 | Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68 | ||
10349 | |||
10350 | commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464 | ||
10351 | Author: Damien Miller <djm@mindrot.org> | ||
10352 | Date: Fri Oct 20 12:54:15 2017 +1100 | ||
10353 | |||
10354 | upstream commit | ||
10355 | |||
10356 | Apply missing commit 1.11 to kexc25519s.c | ||
10357 | |||
10358 | Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8 | ||
10359 | |||
10360 | commit 6f72280553cb6918859ebcacc717f2d2fafc1a27 | ||
10361 | Author: Damien Miller <djm@mindrot.org> | ||
10362 | Date: Fri Oct 20 12:52:50 2017 +1100 | ||
10363 | |||
10364 | upstream commit | ||
10365 | |||
10366 | Apply missing commit 1.127 to servconf.h | ||
10367 | |||
10368 | Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15 | ||
10369 | |||
10370 | commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc | ||
10371 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10372 | Date: Wed Oct 18 05:36:59 2017 +0000 | ||
10373 | |||
10374 | upstream commit | ||
10375 | |||
10376 | remove unused Pp; | ||
10377 | |||
10378 | Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550 | ||
10379 | |||
10380 | commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14 | ||
10381 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10382 | Date: Wed Oct 18 02:49:44 2017 +0000 | ||
10383 | |||
10384 | upstream commit | ||
10385 | |||
10386 | In the description of pattern-lists, clarify negated | ||
10387 | matches by explicitly stating that a negated match will never yield a | ||
10388 | positive result, and that at least one positive term in the pattern-list must | ||
10389 | match. bz#1918 | ||
10390 | |||
10391 | Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14 | ||
10392 | |||
10393 | commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd | ||
10394 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10395 | Date: Fri Oct 13 21:13:54 2017 +0000 | ||
10396 | |||
10397 | upstream commit | ||
10398 | |||
10399 | log debug messages sent to peer; ok deraadt markus | ||
10400 | |||
10401 | Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9 | ||
10402 | |||
10403 | commit 071325f458d615d7740da5c1c1d5a8b68a0b4605 | ||
10404 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10405 | Date: Fri Oct 13 16:50:45 2017 +0000 | ||
10406 | |||
10407 | upstream commit | ||
10408 | |||
10409 | trim permitrootlogin description somewhat, to avoid | ||
10410 | ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and | ||
10411 | myself | ||
10412 | |||
10413 | ok sthen schwarze deraadt | ||
10414 | |||
10415 | Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2 | ||
10416 | |||
10417 | commit 10727487becb897a15f658e0cb2d05466236e622 | ||
10418 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10419 | Date: Fri Oct 13 06:45:18 2017 +0000 | ||
10420 | |||
10421 | upstream commit | ||
10422 | |||
10423 | mention SSH_USER_AUTH in the list of environment | ||
10424 | variables | ||
10425 | |||
10426 | Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691 | ||
10427 | |||
10428 | commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2 | ||
10429 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10430 | Date: Fri Oct 13 06:24:51 2017 +0000 | ||
10431 | |||
10432 | upstream commit | ||
10433 | |||
10434 | BIO_get_mem_data() is supposed to take a char* as pointer | ||
10435 | argument, so don't pass it a const char* | ||
10436 | |||
10437 | Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec | ||
10438 | |||
10439 | commit cfa46825b5ef7097373ed8e31b01a4538a8db565 | ||
10440 | Author: benno@openbsd.org <benno@openbsd.org> | ||
10441 | Date: Mon Oct 9 20:12:51 2017 +0000 | ||
10442 | |||
10443 | upstream commit | ||
10444 | |||
10445 | clarify the order in which config statements are used. ok | ||
10446 | jmc@ djm@ | ||
10447 | |||
10448 | Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed | ||
10449 | |||
10450 | commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5 | ||
10451 | Author: djm@openbsd.org <djm@openbsd.org> | ||
10452 | Date: Thu Oct 5 15:52:03 2017 +0000 | ||
10453 | |||
10454 | upstream commit | ||
10455 | |||
10456 | replace statically-sized arrays in ServerOptions with | ||
10457 | dynamic ones managed by xrecallocarray, removing some arbitrary (though | ||
10458 | large) limits and saving a bit of memory; "much nicer" markus@ | ||
10459 | |||
10460 | Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2 | ||
10461 | |||
10462 | commit 2b4f3ab050c2aaf6977604dd037041372615178d | ||
10463 | Author: jmc@openbsd.org <jmc@openbsd.org> | ||
10464 | Date: Thu Oct 5 12:56:50 2017 +0000 | ||
10465 | |||
10466 | upstream commit | ||
10467 | |||
10468 | %C is hashed; from klemens nanni ok markus | ||
10469 | |||
10470 | Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998 | ||