summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-09-06* New upstream release (http://www.openssh.org/txt/release-5.9).Colin Watson
- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
2011-09-06autoreconfColin Watson
2011-09-06merge 5.9p1Colin Watson
2011-09-06actually, let's upstream-tag the revision with a tarball parent insteadColin Watson
2011-09-06keep bzr-builddeb happierColin Watson
2011-09-06Import 5.9p1 tarballColin Watson
2011-09-05bzr get -> bzr branchColin Watson
2011-09-05 - (djm) Release OpenSSH-5.9Damien Miller
2011-09-05 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update version numbers.
2011-09-04 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementationsDarren Tucker
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen support.
2011-09-04 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatalDamien Miller
regress errors for the sandbox to warnings. ok tim dtucker
2011-08-29 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attemptingDamien Miller
to switch SELinux context away from unconfined_t, based on patch from Jan Chadima; bz#1919 ok dtucker@
2011-08-28 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.Darren Tucker
2011-08-17 - (tim) [configure.ac] Typo in error message spotted by Andy TsouladzeTim Rice
2011-08-17 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2Damien Miller
MAC tests for platforms that hack EVP_SHA2 support
2011-08-17 - djm@cvs.openbsd.org 2011/08/02 01:23:41Damien Miller
[regress/cipher-speed.sh regress/try-ciphers.sh] add SHA256/SHA512 based HMAC modes
2011-08-17 - markus@cvs.openbsd.org 2011/06/30 22:44:43Damien Miller
[connect-privsep.sh] test with sandbox enabled; ok djm@
2011-08-17 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10Damien Miller
[regress/cfgmatch.sh] use OBJ to find test configs, patch from Tim Rice
2011-08-17 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted byDamien Miller
bisson AT archlinux.org
2011-08-17 - (djm) [configure.ac] error out if the host lacks the necessary bits forDamien Miller
an explicitly requested sandbox type
2011-08-17 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]Damien Miller
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
2011-08-16 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs forTim Rice
OpenSSL 0.9.7. ok djm
2011-08-12 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to theDamien Miller
identify file contained whitespace. bz#1828 patch from gwenael.lambrouin AT gmail.com; ok dtucker@
2011-08-12 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]Damien Miller
[contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES init scrips from imorgan AT nas.nasa.gov
2011-08-12 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux contextDarren Tucker
change error by reporting old and new context names Patch from jchadima at redhat.
2011-08-07 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30Darren Tucker
[sftp.1] typo, fix from Laurent Gautrot
2011-08-07 - jmc@cvs.openbsd.org 2010/10/14 20:41:28Darren Tucker
[moduli.5] probabalistic -> probabilistic; from naddy
2011-08-07 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54Darren Tucker
[moduli.5] "Diffie-Hellman" is the usual spelling for the cryptographic protocol first published by Whitfield Diffie and Martin Hellman in 1976. ok jmc@
2011-08-07 - (dtucker) OpenBSD CVS SyncDarren Tucker
- jmc@cvs.openbsd.org 2008/06/26 06:59:39 [moduli.5] tweak previous;
2011-08-06 - djm@cvs.openbsd.org 2011/08/02 23:15:03Damien Miller
[ssh.c] typo in comment
2011-08-06 - djm@cvs.openbsd.org 2011/08/02 23:13:01Damien Miller
[version.h] crank now, release later
2011-08-06 - djm@cvs.openbsd.org 2011/08/02 01:22:11Damien Miller
[mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] Add new SHA256 and SHA512 based HMAC modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt Patch from mdb AT juniper.net; feedback and ok markus@
2011-08-06 - markus@cvs.openbsd.org 2011/08/01 19:18:15Damien Miller
[gss-serv.c] prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); report Adam Zabrock; ok djm@, deraadt@
2011-08-06 - djm@cvs.openbsd.org 2011/07/29 14:42:45Damien Miller
[sandbox-systrace.c] fail open(2) with EPERM rather than SIGKILLing the whole process. libc will call open() to do strerror() when NLS is enabled; feedback and ok markus@
2011-08-06 - tedu@cvs.openbsd.org 2011/07/06 18:09:21Damien Miller
[authfd.c] bzero the agent address. the kernel was for a while very cranky about these things. evne though that's fixed, always good to initialize memory. ok deraadt djm
2011-08-06 - djm@cvs.openbsd.org 2011/06/23 23:35:42Damien Miller
[monitor.c] ignore EINTR errors from poll()
2011-07-29releasing version 1:5.8p1-7Colin Watson
2011-07-29Use 'dpkg-vendor --derives-from Ubuntu' to detect Ubuntu systems ratherColin Watson
than 'lsb_release -is' so that Ubuntu derivatives behave the same way as Ubuntu itself.
2011-07-29Only recommend ssh-import-id when built on Ubuntu (closes: #635887).Colin Watson
2011-07-28releasing version 1:5.8p1-6Colin Watson
2011-07-28* Merge from Ubuntu (Dustin Kirkland):Colin Watson
- openssh-server Recommends: ssh-import-id (no-op in Debian since that package doesn't exist there, but this reduces the Ubuntu delta).
2011-07-28Quieten logs when multiple from= restrictions are used in differentColin Watson
authorized_keys lines for the same key; it's still not ideal, but at least you'll only get one log entry per key (closes: #630606).
2011-07-28openssh-client and openssh-server Suggests: monkeysphere.Colin Watson
2011-07-24releasing version 1:5.8p1-5Colin Watson
2011-07-17* Backport from upstream:Colin Watson
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
2011-06-27 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox forDamien Miller
Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/23 09:34:13Damien Miller
[sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] [sandbox-null.c] rename sandbox.h => ssh-sandbox.h to make things easier for portable
2011-06-23 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't supportDamien Miller
setrlimit(2)
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 22:08:42Damien Miller
[channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] hook up a channel confirm callback to warn the user then requested X11 forwarding was refused by the server; ok markus@
2011-06-23 - djm@cvs.openbsd.org 2011/06/22 21:57:01Damien Miller
[servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c] [sandbox-systrace.c sandbox.h configure.ac Makefile.in] introduce sandboxing of the pre-auth privsep child using systrace(4). This introduces a new "UsePrivilegeSeparation=sandbox" option for sshd_config that applies mandatory restrictions on the syscalls the privsep child can perform. This prevents a compromised privsep child from being used to attack other hosts (by opening sockets and proxying) or probing local kernel attack surface. The sandbox is implemented using systrace(4) in unsupervised "fast-path" mode, where a list of permitted syscalls is supplied. Any syscall not on the list results in SIGKILL being sent to the privsep child. Note that this requires a kernel with the new SYSTR_POLICY_KILL option. UsePrivilegeSeparation=sandbox will become the default in the future so please start testing it now. feedback dtucker@; ok markus@