summaryrefslogtreecommitdiff
path: root/ChangeLog
AgeCommit message (Collapse)Author
2014-01-18 - (dtucker) [configure.ac] On Cygwin the getopt variables (like optargs,Darren Tucker
optind) are defined in getopt.h already. Unfortunately they are defined as "declspec(dllimport)" for historical reasons, because the GNU linker didn't allow auto-import on PE/COFF targets way back when. The problem is the dllexport attributes collide with the definitions in the various source files in OpenSSH, which obviousy define the variables without declspec(dllimport). The least intrusive way to get rid of these warnings is to disable warnings for GCC compiler attributes when building on Cygwin. Patch from vinschen at redhat.com.
2014-01-18 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] Add missing functionDarren Tucker
declarations that stopped being included when we stopped including <windows.h> from openbsd-compat/bsd-cygwin_util.h. Patch from vinschen at redhat.com.
2014-01-18 - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. PatchDarren Tucker
from vinschen at redhat.com
2014-01-18 - (dtucker) [defines.h] Move our definitions of uintXX_t types down to afterDarren Tucker
they're defined if we have to define them ourselves. Fixes builds on old AIX.
2014-01-18 - (dtucker) [readconf.c] Wrap paths.h inside an ifdef. Allows building onDarren Tucker
Solaris.
2014-01-17 - (dtucker) [configure.ac] Have --without-toolchain-hardening not turn offDarren Tucker
stack-protector since that has a separate flag that's been around a while.
2014-01-17 - (dtucker) [configure.ac] Also look in inttypes.h for uintXX_t types.Darren Tucker
2014-01-17 - (dtucker) [openbsd-compat/bsd-statvfs.h] Only start including headers if weDarren Tucker
need them to cut down on the name collisions.
2014-01-17 - (dtucker) [configure.ac openbsd-compat/bsd-statvfs.cDarren Tucker
openbsd-compat/bsd-statvfs.h] Implement enough of statvfs on top of statfs to be useful (and for the regression tests to pass) on platforms that have statfs and fstatfs. ok djm@
2014-01-17 - (dtucker) Fix typo in #ifndef.Darren Tucker
2014-01-17 - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.cDarren Tucker
openbsd-compat/openssl-compat.h] Add compatibility layer for older openssl versions. ok djm@
2014-01-17 - (djm) [Makefile.in configure.ac sandbox-capsicum.c sandbox-darwin.c]Damien Miller
[sandbox-null.c sandbox-rlimit.c sandbox-seccomp-filter.c] [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@
2014-01-17 - dtucker@cvs.openbsd.org 2014/01/17 05:26:41Darren Tucker
[digest.c] remove unused includes. ok djm@
2014-01-17 - djm@cvs.openbsd.org 2014/01/17 00:21:06Darren Tucker
[sftp-client.c] signed/unsigned comparison warning fix; from portable (Id sync only)
2014-01-17 - (dtucker) [configure.ac] Split AC_CHECK_FUNCS for OpenSSL functions intoDarren Tucker
separate lines and alphabetize for easier diffing of changes.
2014-01-17 - (dtucker) [defines.h] Add typedefs for uintXX_t types for platforms thatDarren Tucker
don't have them.
2014-01-17 - (dtucker) [openbsd-compat/bcrypt_pbkdf.c] Wrap stdlib.h include insideDarren Tucker
#ifdef HAVE_STDINT_H.
2014-01-17 - (dtucker) [blocks.c fe25519.c ge25519.c hash.c sc25519.c verify.c] IncludeDarren Tucker
includes.h to pull in all of the compatibility stuff.
2014-01-17 - (dtucker) [poly1305.c] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.Darren Tucker
2014-01-17 - (dtucker) [crypto_api.h] Wrap stdlib.h include inside #ifdef HAVE_STDINT_H.Darren Tucker
2014-01-17 - (dtucker) [loginrec.c] Cast to the types specfied in the formatDarren Tucker
specification to prevent warnings.
2014-01-17 - (djm) [sftp-client.c] signed/unsigned comparison fixDamien Miller
2014-01-17 - (dtucker) [aclocal.m4 configure.ac] Add some additional compiler/toolchainDarren Tucker
hardening flags including -fstack-protector-strong. These default to on if the toolchain supports them, but there is a configure-time knob (--without-hardening) to disable them if necessary. ok djm@
2014-01-16 - (djm) [README] update release notes URL.Damien Miller
2014-01-16 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Crank RPM spec version numbers.
2014-01-16 - djm@cvs.openbsd.org 2014/01/16 07:32:00Damien Miller
[version.h] openssh-6.5
2014-01-16 - djm@cvs.openbsd.org 2014/01/16 07:31:09Damien Miller
[sftp-client.c] needless and incorrect cast to size_t can break resumption of large download; patch from tobias@
2014-01-12 - djm@cvs.openbsd.org 2014/01/12 08:13:13Damien Miller
[bufaux.c buffer.h kex.c kex.h kexc25519.c kexc25519c.c kexc25519s.c] [kexdhc.c kexdhs.c kexecdhc.c kexecdhs.c kexgexc.c kexgexs.c] avoid use of OpenSSL BIGNUM type and functions for KEX with Curve25519 by adding a buffer_put_bignum2_from_string() that stores a string using the bignum encoding rules. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in the future; ok markus@
2014-01-12 - djm@cvs.openbsd.org 2014/01/10 05:59:19Damien Miller
[sshd_config] the /etc/ssh/ssh_host_ed25519_key is loaded by default too
2014-01-10 - djm@cvs.openbsd.org 2014/01/09 23:26:48Damien Miller
[sshconnect.c sshd.c] ban clients/servers that suffer from SSH_BUG_DERIVEKEY, they are ancient, deranged and might make some attacks on KEX easier; ok markus@
2014-01-10 - djm@cvs.openbsd.org 2014/01/09 23:20:00Damien Miller
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c] [kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c] [kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c] [schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c] Introduce digest API and use it to perform all hashing operations rather than calling OpenSSL EVP_Digest* directly. Will make it easier to build a reduced-feature OpenSSH without OpenSSL in future; feedback, ok markus@
2014-01-10 - guenther@cvs.openbsd.org 2014/01/09 03:26:00Damien Miller
[sftp-common.c] When formating the time for "ls -l"-style output, show dates in the future with the year, and rearrange a comparison to avoid a potentional signed arithmetic overflow that would give the wrong result. ok djm@
2014-01-10 - tedu@cvs.openbsd.org 2014/01/04 17:50:55Damien Miller
[mac.c monitor_mm.c monitor_mm.h xmalloc.c] use standard types and formats for size_t like variables. ok dtucker
2014-01-08 - (djm) [regress/.cvsignore] Ignore regress test droppings; ok dtucker@Damien Miller
2013-12-31 - djm@cvs.openbsd.org 2013/12/30 23:52:28Damien Miller
[auth2-hostbased.c auth2-pubkey.c compat.c compat.h ssh-rsa.c] [sshconnect.c sshconnect2.c sshd.c] refuse RSA keys from old proprietary clients/servers that use the obsolete RSA+MD5 signature scheme. it will still be possible to connect with these clients/servers but only DSA keys will be accepted, and we'll deprecate them entirely in a future release. ok markus@
2013-12-29 - (djm) [regress/Makefile] Add some generated files for cleaningDamien Miller
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 05:57:02Damien Miller
[sshconnect.c] when showing other hostkeys, don't forget Ed25519 keys
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 05:42:16Damien Miller
[ssh.c] don't forget to load Ed25519 certs too
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 04:35:50Damien Miller
[authfile.c] don't refuse to load Ed25519 certificates
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 04:29:25Damien Miller
[authfd.c] allow deletion of ed25519 keys from the agent
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 04:20:04Damien Miller
[key.c] to make sure we don't omit any key types as valid CA keys again, factor the valid key type check into a key_type_is_valid_ca() function
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 02:49:52Damien Miller
[key.c] correct comment for key_drop_cert()
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 02:37:04Damien Miller
[key.c] correct comment for key_to_certified()
2013-12-29 - djm@cvs.openbsd.org 2013/12/29 02:28:10Damien Miller
[key.c] allow ed25519 keys to appear as certificate authorities
2013-12-29 - djm@cvs.openbsd.org 2013/12/27 22:37:18Damien Miller
[ssh-rsa.c] correct comment
2013-12-29 - djm@cvs.openbsd.org 2013/12/27 22:30:17Damien Miller
[ssh-dss.c ssh-ecdsa.c ssh-rsa.c] make the original RSA and DSA signing/verification code look more like the ECDSA/Ed25519 ones: use key_type_plain() when checking the key type rather than tediously listing all variants, use __func__ for debug/ error messages
2013-12-29 - tedu@cvs.openbsd.org 2013/12/21 07:10:47Damien Miller
[ssh-keygen.1] small typo
2013-12-29 - djm@cvs.openbsd.org 2013/12/19 22:57:13Damien Miller
[poly1305.c poly1305.h] use full name for author, with his permission
2013-12-29 - djm@cvs.openbsd.org 2013/12/19 01:19:41Damien Miller
[ssh-agent.c] bz#2186: don't crash (NULL deref) when deleting PKCS#11 keys from an agent that has a mix of normal and PKCS#11 keys; fix from jay AT slushpupie.com; ok dtucker
2013-12-29 - djm@cvs.openbsd.org 2013/12/19 01:04:36Damien Miller
[channels.c] bz#2147: fix multiple remote forwardings with dynamically assigned listen ports. In the s->c message to open the channel we were sending zero (the magic number to request a dynamic port) instead of the actual listen port. The client therefore had no way of discriminating between them. Diagnosis and fix by ronf AT timeheart.net