summaryrefslogtreecommitdiff
path: root/ChangeLog
AgeCommit message (Collapse)Author
2014-06-11 - djm@cvs.openbsd.org 2014/06/05 22:17:50Darren Tucker
[sshconnect2.c] fix inverted test that caused PKCS#11 keys that were explicitly listed not to be preferred. Reported by Dirk-Willem van Gulik
2014-06-11 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdefDarren Tucker
ECC variable too.
2014-06-11 - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org inDarren Tucker
the proposal if the version of OpenSSL we're using doesn't support ECC.
2014-06-11 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.cDarren Tucker
regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 curve tests if OpenSSL has them.
2014-05-27 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]Damien Miller
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen.
2014-05-27 - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-configDamien Miller
from Corinna Vinschen, fixing a number of bugs and preparing for Cygwin 1.7.30.
2014-05-27 - (djm) [cipher.c] Fix merge botch.Damien Miller
2014-05-22 - (djm) [Makefile.in] typo in pathDamien Miller
2014-05-21 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONICDamien Miller
when it is available. It takes into account time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228 reported by John Haxby
2014-05-21 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to useDamien Miller
vhangup on Linux. It doens't work for non-root users, and for them it just messes up the tty settings.
2014-05-15 - (djm) [sshbuf.c] need __predict_falseDamien Miller
2014-05-15 - (djm) [regress/Makefile Makefile.in]Damien Miller
[regress/unittests/sshbuf/test_sshbuf.c [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] Hook new unit tests into the build and "make tests"
2014-05-15 - (djm) [regress/unittests/Makefile]Damien Miller
[regress/unittests/Makefile.inc] [regress/unittests/sshbuf/Makefile] [regress/unittests/sshbuf/test_sshbuf.c] [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/Makefile] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] [regress/unittests/test_helper/test_helper.h] Import new unit tests from OpenBSD; not yet hooked up to build.
2014-05-15 - logan@cvs.openbsd.org 2014/05/04 10:40:59Damien Miller
[connect-privsep.sh] Remove the Z flag from the list of malloc options as it was removed from malloc.c 10 days ago. OK from miod@
2014-05-15 - dtucker@cvs.openbsd.org 2014/05/03 18:46:14Damien Miller
[proxy-connect.sh] Add tests for with and without compression, with and without privsep.
2014-05-15 - djm@cvs.openbsd.org 2014/04/21 22:15:37Damien Miller
[dhgex.sh integrity.sh kextype.sh rekey.sh try-ciphers.sh] repair regress tests broken by server-side default cipher/kex/mac changes by ensuring that the option under test is included in the server's algorithm list
2014-05-15 - djm@cvs.openbsd.org 2014/03/13 20:44:49Damien Miller
[login-timeout.sh] this test is a sorry mess of race conditions; add another sleep to avoid a failure on slow machines (at least until I find a better way)
2014-05-15 - (djm) [Makefile.in configure.ac sshbuf-getput-basic.c]Damien Miller
[sshbuf-getput-crypto.c sshbuf.c] compilation and portability fixes
2014-05-15 - (djm) [configure.ac] Unconditionally define WITH_OPENSSL until we writeDamien Miller
portability glue to support building without libcrypto
2014-05-15 - logan@cvs.openbsd.org 2014/05/05 07:02:30Damien Miller
[sftp.c] Zap extra whitespace. OK from djm@ and dtucker@
2014-05-15 - markus@cvs.openbsd.org 2014/05/03 17:20:34Damien Miller
[monitor.c packet.c packet.h] unbreak compression, by re-init-ing the compression code in the post-auth child. the new buffer code is more strict, and requires buffer_init() while the old code was happy after a bzero(); originally from djm@
2014-05-15 - djm@cvs.openbsd.org 2014/05/02 03:27:54Damien Miller
[chacha.h cipher-chachapoly.h digest.h hmac.h kex.h kexc25519.c] [misc.h poly1305.h ssh-pkcs11.c defines.h] revert __bounded change; it causes way more problems for portable than it solves; pointed out by dtucker@
2014-05-15 - naddy@cvs.openbsd.org 2014/04/30 19:07:48Damien Miller
[mac.c myproposal.h umac.c] UMAC can use our local fallback implementation of AES when OpenSSL isn't available. Glue code straight from Ted Krovetz's original umac.c. ok markus@
2014-05-15 - djm@cvs.openbsd.org 2014/04/30 05:29:56Damien Miller
[bufaux.c bufbn.c bufec.c buffer.c buffer.h sshbuf-getput-basic.c] [sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c sshbuf.h ssherr.c] [ssherr.h] New buffer API; the first installment of the conversion/replacement of OpenSSH's internals to make them usable as a standalone library. This includes a set of wrappers to make it compatible with the existing buffer API so replacement can occur incrementally. With and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review.
2014-05-15 - dtucker@cvs.openbsd.org 2014/04/29 20:36:51Damien Miller
[sftp.c] Don't attempt to append a nul quote char to the filename. Should prevent fatal'ing with "el_insertstr failed" when there's a single quote char somewhere in the string. bz#2238, ok markus@
2014-05-15 - dtucker@cvs.openbsd.org 2014/04/29 19:58:50Damien Miller
[sftp.c] Move nulling of variable next to where it's freed. ok markus@
2014-05-15 - markus@cvs.openbsd.org 2014/04/29 18:01:49Damien Miller
[auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm
2014-05-15 - djm@cvs.openbsd.org 2014/04/29 13:10:30Damien Miller
[clientloop.c serverloop.c] bz#1818 - don't send channel success/failre replies on channels that have sent a close already; analysis and patch from Simon Tatham; ok markus@
2014-05-15 - djm@cvs.openbsd.org 2014/04/28 03:09:18Damien Miller
[authfile.c bufaux.c buffer.h channels.c krl.c mux.c packet.c packet.h] [ssh-keygen.c] buffer_get_string_ptr's return should be const to remind callers that futzing with it will futz with the actual buffer contents
2014-05-15 - djm@cvs.openbsd.org 2014/04/23 12:42:34Damien Miller
[readconf.c] don't record duplicate IdentityFiles
2014-05-15 - jmc@cvs.openbsd.org 2014/04/22 14:16:30Damien Miller
[sftp.1] zap eol whitespace;
2014-05-15 - logan@cvs.openbsd.org 2014/04/22 12:42:04Damien Miller
[sftp.1] Document sftp upload resume. OK from djm@, with feedback from okan@.
2014-05-15 - logan@cvs.openbsd.org 2014/04/22 10:07:12Damien Miller
[sftp.c] Sort the sftp command list. OK from djm@
2014-05-15 - logan@cvs.openbsd.org 2014/04/21 14:36:16Damien Miller
[sftp-client.c sftp-client.h sftp.c] Implement sftp upload resume support. OK from djm@, with input from guenther@, mlarkin@ and okan@
2014-05-15 - logan@cvs.openbsd.org 2014/04/20 09:24:26Damien Miller
[dns.c dns.h ssh-keygen.c] Add support for SSHFP DNS records for ED25519 key types. OK from djm@
2014-05-15 - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ineDamien Miller
OpenBSD
2014-05-01 - (dtucker) [defines.h] Define __GNUC_PREREQ__ macro if we don't alreadyDarren Tucker
have it. Only attempt to use __attribute__(__bounded__) for gcc.
2014-04-20 - djm@cvs.openbsd.org 2014/04/20 02:49:32Damien Miller
[compat.c] add a canonical 6.6 + curve25519 bignum fix fake version that I can recommend people use ahead of the openssh-6.7 release
2014-04-20 - djm@cvs.openbsd.org 2014/04/20 02:30:25Damien Miller
[misc.c misc.h umac.c] use get/put_u32 to load values rather than *((UINT32 *)p) that breaks on strict-alignment architectures; reported by and ok stsp@
2014-04-20 - tedu@cvs.openbsd.org 2014/04/19 18:42:19Damien Miller
[ssh.1] delete .xr to hosts.equiv. there's still an unfortunate amount of documentation referring to rhosts equivalency in here.
2014-04-20 - tedu@cvs.openbsd.org 2014/04/19 18:15:16Damien Miller
[sshd.8] remove some really old rsh references
2014-04-20 - tedu@cvs.openbsd.org 2014/04/19 14:53:48Damien Miller
[ssh-keysign.c sshd.c] Delete futile calls to RAND_seed. ok djm NB. Id sync only. This only applies to OpenBSD's libcrypto slashathon
2014-04-20 - djm@cvs.openbsd.org 2014/04/19 05:54:59Damien Miller
[compat.c] missing wildcard; pointed out by naddy@
2014-04-20 - djm@cvs.openbsd.org 2014/04/18 23:52:25Damien Miller
[compat.c compat.h sshconnect2.c sshd.c version.h] OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@
2014-04-20 - djm@cvs.openbsd.org 2014/04/16 23:28:12Damien Miller
[ssh-agent.1] remove the identity files from this manpage - ssh-agent doesn't deal with them at all and the same information is duplicated in ssh-add.1 (which does deal with them); prodded by deraadt@
2014-04-20 - djm@cvs.openbsd.org 2014/04/16 23:22:45Damien Miller
[bufaux.c] skip leading zero bytes in buffer_put_bignum2_from_string(); reported by jan AT mojzis.com; ok markus@
2014-04-20 - djm@cvs.openbsd.org 2014/04/12 04:55:53Damien Miller
[sshd.c] avoid crash at exit: check that pmonitor!=NULL before dereferencing; bz#2225, patch from kavi AT juniper.net
2014-04-20 - djm@cvs.openbsd.org 2014/04/01 05:32:57Damien Miller
[packet.c] demote a debug3 to PACKET_DEBUG; ok markus@
2014-04-20 - djm@cvs.openbsd.org 2014/04/01 03:34:10Damien Miller
[sshconnect.c] When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any certificate keys to plain keys and attempt SSHFP resolution. Prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys. Reported by mcv21 AT cam.ac.uk
2014-04-20 - djm@cvs.openbsd.org 2014/04/01 02:05:27Damien Miller
[ssh-keysign.c] include fingerprint of key not found use arc4random_buf() instead of loop+arc4random()