summaryrefslogtreecommitdiff
path: root/ChangeLog
AgeCommit message (Collapse)Author
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 03:47:27Damien Miller
[ssh-keygen.c] When hashing or removing hosts using ssh-keygen, don't choke on @revoked markers and don't remove @cert-authority markers; bz#2241, reported by mlindgren AT runelind.net
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 03:34:09Damien Miller
[gss-serv.c session.c ssh-keygen.c] standardise on NI_MAXHOST for gethostname() string lengths; about 1/2 the cases were using it already. Fixes bz#2239 en passant
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 03:26:43Damien Miller
[digest-openssl.c] use EVP_Digest() for one-shot hash instead of creating, updating, finalising and destroying a context. bz#2231, based on patch from Timo Teras
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 03:15:01Damien Miller
[ssh-add.c] make stdout line-buffered; saves partial output getting lost when ssh-add fatal()s part-way through (e.g. when listing keys from an agent that supports key types that ssh-add doesn't); bz#2234, reported by Phil Pennock
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 03:11:03Damien Miller
[ssh-agent.c] Only cleanup agent socket in the main agent process and not in any subprocesses it may have started (e.g. forked askpass). Fixes agent sockets being zapped when askpass processes fatal(); bz#2236 patch from Dmitry V. Levin
2014-07-03 - djm@cvs.openbsd.org 2014/07/03 01:45:38Damien Miller
[sshkey.c] make Ed25519 keys' title fit properly in the randomart border; bz#2247 based on patch from Christian Hesse
2014-07-03 - (djm) [monitor_fdpass.c] Use sys/poll.h if poll.h doesn't exist;Damien Miller
bz#2237
2014-07-03 - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcryptoDamien Miller
doesn't support it.
2014-07-02 - (djm) [regress/Makefile] fix execution of sshkey unit/fuzz testDamien Miller
2014-07-02 - (djm) [sshkey.c] Conditionalise inclusion of util.hDamien Miller
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:14:17Damien Miller
[Makefile.in regress/Makefile regress/unittests/Makefile] [regress/unittests/sshkey/Makefile] [regress/unittests/sshkey/common.c] [regress/unittests/sshkey/common.h] [regress/unittests/sshkey/mktestdata.sh] [regress/unittests/sshkey/test_file.c] [regress/unittests/sshkey/test_fuzz.c] [regress/unittests/sshkey/test_sshkey.c] [regress/unittests/sshkey/tests.c] [regress/unittests/sshkey/testdata/dsa_1] [regress/unittests/sshkey/testdata/dsa_1-cert.fp] [regress/unittests/sshkey/testdata/dsa_1-cert.pub] [regress/unittests/sshkey/testdata/dsa_1.fp] [regress/unittests/sshkey/testdata/dsa_1.fp.bb] [regress/unittests/sshkey/testdata/dsa_1.param.g] [regress/unittests/sshkey/testdata/dsa_1.param.priv] [regress/unittests/sshkey/testdata/dsa_1.param.pub] [regress/unittests/sshkey/testdata/dsa_1.pub] [regress/unittests/sshkey/testdata/dsa_1_pw] [regress/unittests/sshkey/testdata/dsa_2] [regress/unittests/sshkey/testdata/dsa_2.fp] [regress/unittests/sshkey/testdata/dsa_2.fp.bb] [regress/unittests/sshkey/testdata/dsa_2.pub] [regress/unittests/sshkey/testdata/dsa_n] [regress/unittests/sshkey/testdata/dsa_n_pw] [regress/unittests/sshkey/testdata/ecdsa_1] [regress/unittests/sshkey/testdata/ecdsa_1-cert.fp] [regress/unittests/sshkey/testdata/ecdsa_1-cert.pub] [regress/unittests/sshkey/testdata/ecdsa_1.fp] [regress/unittests/sshkey/testdata/ecdsa_1.fp.bb] [regress/unittests/sshkey/testdata/ecdsa_1.param.curve] [regress/unittests/sshkey/testdata/ecdsa_1.param.priv] [regress/unittests/sshkey/testdata/ecdsa_1.param.pub] [regress/unittests/sshkey/testdata/ecdsa_1.pub] [regress/unittests/sshkey/testdata/ecdsa_1_pw] [regress/unittests/sshkey/testdata/ecdsa_2] [regress/unittests/sshkey/testdata/ecdsa_2.fp] [regress/unittests/sshkey/testdata/ecdsa_2.fp.bb] [regress/unittests/sshkey/testdata/ecdsa_2.param.curve] [regress/unittests/sshkey/testdata/ecdsa_2.param.priv] [regress/unittests/sshkey/testdata/ecdsa_2.param.pub] [regress/unittests/sshkey/testdata/ecdsa_2.pub] [regress/unittests/sshkey/testdata/ecdsa_n] [regress/unittests/sshkey/testdata/ecdsa_n_pw] [regress/unittests/sshkey/testdata/ed25519_1] [regress/unittests/sshkey/testdata/ed25519_1-cert.fp] [regress/unittests/sshkey/testdata/ed25519_1-cert.pub] [regress/unittests/sshkey/testdata/ed25519_1.fp] [regress/unittests/sshkey/testdata/ed25519_1.fp.bb] [regress/unittests/sshkey/testdata/ed25519_1.pub] [regress/unittests/sshkey/testdata/ed25519_1_pw] [regress/unittests/sshkey/testdata/ed25519_2] [regress/unittests/sshkey/testdata/ed25519_2.fp] [regress/unittests/sshkey/testdata/ed25519_2.fp.bb] [regress/unittests/sshkey/testdata/ed25519_2.pub] [regress/unittests/sshkey/testdata/pw] [regress/unittests/sshkey/testdata/rsa1_1] [regress/unittests/sshkey/testdata/rsa1_1.fp] [regress/unittests/sshkey/testdata/rsa1_1.fp.bb] [regress/unittests/sshkey/testdata/rsa1_1.param.n] [regress/unittests/sshkey/testdata/rsa1_1.pub] [regress/unittests/sshkey/testdata/rsa1_1_pw] [regress/unittests/sshkey/testdata/rsa1_2] [regress/unittests/sshkey/testdata/rsa1_2.fp] [regress/unittests/sshkey/testdata/rsa1_2.fp.bb] [regress/unittests/sshkey/testdata/rsa1_2.param.n] [regress/unittests/sshkey/testdata/rsa1_2.pub] [regress/unittests/sshkey/testdata/rsa_1] [regress/unittests/sshkey/testdata/rsa_1-cert.fp] [regress/unittests/sshkey/testdata/rsa_1-cert.pub] [regress/unittests/sshkey/testdata/rsa_1.fp] [regress/unittests/sshkey/testdata/rsa_1.fp.bb] [regress/unittests/sshkey/testdata/rsa_1.param.n] [regress/unittests/sshkey/testdata/rsa_1.param.p] [regress/unittests/sshkey/testdata/rsa_1.param.q] [regress/unittests/sshkey/testdata/rsa_1.pub] [regress/unittests/sshkey/testdata/rsa_1_pw] [regress/unittests/sshkey/testdata/rsa_2] [regress/unittests/sshkey/testdata/rsa_2.fp] [regress/unittests/sshkey/testdata/rsa_2.fp.bb] [regress/unittests/sshkey/testdata/rsa_2.param.n] [regress/unittests/sshkey/testdata/rsa_2.param.p] [regress/unittests/sshkey/testdata/rsa_2.param.q] [regress/unittests/sshkey/testdata/rsa_2.pub] [regress/unittests/sshkey/testdata/rsa_n] [regress/unittests/sshkey/testdata/rsa_n_pw] unit and fuzz tests for new key API
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:04:43Damien Miller
[regress/krl.sh] regress test for broken consecutive revoked serial number ranges
2014-07-02 - djm@cvs.openbsd.org 2014/05/21 07:04:21Damien Miller
[regress/integrity.sh] when failing because of unexpected output, show the offending output
2014-07-02 - djm@cvs.openbsd.org 2014/04/30 05:32:00Damien Miller
[regress/Makefile] unit tests for new buffer API; including basic fuzz testing NB. Id sync only.
2014-07-02 - djm@cvs.openbsd.org 2014/06/30 12:54:39Damien Miller
[key.c] suppress spurious error message when loading key with a passphrase; reported by kettenis@ ok markus@ - djm@cvs.openbsd.org 2014/07/02 04:59:06 [cipher-3des1.c] fix ssh protocol 1 on the server that regressed with the sshkey change (sometimes fatal() after auth completed), make file return useful status codes. NB. Id sync only for these two. They were bundled into the sshkey merge above, since it was easier to sync the entire file and then apply portable-specific changed atop it.
2014-07-02 - markus@cvs.openbsd.org 2014/06/27 18:50:39Damien Miller
[ssh-add.c] fix loading of private keys
2014-07-02 - markus@cvs.openbsd.org 2014/06/27 16:41:56Damien Miller
[channels.c channels.h clientloop.c ssh.c] fix remote fwding with same listen port but different listen address with gerhard@, ok djm@
2014-07-02 - deraadt@cvs.openbsd.org 2014/06/25 14:16:09Damien Miller
[sshbuf.c] unblock SIGSEGV before raising it ok djm
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 02:21:01Damien Miller
[scp.c] when copying local->remote fails during read, don't send uninitialised heap to the remote end. Reported by Jann Horn
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 02:19:48Damien Miller
[ssh.c] don't fatal() when hostname canonicalisation fails with a ProxyCommand in use; continue and allow the ProxyCommand to connect anyway (e.g. to a host with a name outside the DNS behind a bastion)
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 01:13:21Damien Miller
[Makefile.in auth-bsdauth.c auth-chall.c auth-options.c auth-rsa.c [auth2-none.c auth2-pubkey.c authfile.c authfile.h cipher-3des1.c [cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h [digest-libc.c digest-openssl.c digest.h dns.c entropy.c hmac.h [hostfile.c key.c key.h krl.c monitor.c packet.c rsa.c rsa.h [ssh-add.c ssh-agent.c ssh-dss.c ssh-ecdsa.c ssh-ed25519.c [ssh-keygen.c ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c [ssh-rsa.c sshbuf-misc.c sshbuf.h sshconnect.c sshconnect1.c [sshconnect2.c sshd.c sshkey.c sshkey.h [openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] New key API: refactor key-related functions to be more library-like, existing API is offered as a set of wrappers. with and ok markus@ Thanks also to Ben Hawkes, David Tomaschik, Ivan Fratric, Matthew Dempsky and Ron Bowes for a detailed review a few months ago. NB. This commit also removes portable OpenSSH support for OpenSSL <0.9.8e.
2014-07-02 - djm@cvs.openbsd.org 2014/06/24 00:52:02Damien Miller
[krl.c] fix bug in KRL generation: multiple consecutive revoked certificate serial number ranges could be serialised to an invalid format. Readers of a broken KRL caused by this bug will fail closed, so no should-have-been-revoked key will be accepted.
2014-07-02 - naddy@cvs.openbsd.org 2014/06/18 15:42:09Damien Miller
[sshbuf-getput-crypto.c] The ssh_get_bignum functions must accept the same range of bignums the corresponding ssh_put_bignum functions create. This fixes the use of 16384-bit RSA keys (bug reported by Eivind Evensen). ok djm@
2014-07-02 - matthew@cvs.openbsd.org 2014/06/18 02:59:13Damien Miller
[sandbox-systrace.c] Now that we have a dedicated getentropy(2) system call for arc4random(3), we can disallow __sysctl(2) in OpenSSH's systrace sandbox. ok djm
2014-07-02 - deraadt@cvs.openbsd.org 2014/06/13 08:26:29Damien Miller
[sandbox-systrace.c] permit SYS_getentropy from matthew
2014-06-18 - (tim) [openssh/session.c] Work around to get chroot sftp working on UnixWareTim Rice
2014-06-17 - (dtucker) [entropy.c openbsd-compat/openssl-compat.{c,h}Darren Tucker
openbsd-compat/regress/{.cvsignore,Makefile.in,opensslvertest.c}] Move the OpenSSL header/library version test into its own function and add tests for it. Fix it to allow fix version upgrades (but not downgrades). Prompted by chl@ via OpenSMTPD (issue #462) and Debian (bug #748150). ok djm@ chl@
2014-06-16 - (dtucker) [defines.h] Fix undef of _PATH_MAILDIR. From rak at debian viaDarren Tucker
OpenSMTPD and chl@
2014-06-13 - (dtucker) [configure.ac] Remove tcpwrappers support, support has alreadyDarren Tucker
been removed from sshd.c.
2014-06-11 - (tim) [regress/unittests/test_helper/test_helper.h] Add includes.h forTim Rice
u_intXX_t types.
2014-06-12 - (dtucker) [regress/unittests/sshbuf/*.c regress/unittests/test_helper/*]Darren Tucker
Wrap stdlib.h include an ifdef for platforms that don't have it.
2014-06-12 - (dtucker) [defines.h] Add va_copy if we don't already have it, taken fromDarren Tucker
openbsd-compat/bsd-asprintf.c.
2014-06-11 - (dtucker) [bufaux.c bufbn.c bufec.c buffer.c] Pull in includes.h forDarren Tucker
compat stuff, specifically whether or not OpenSSL has ECC.
2014-06-11 - (dtucker) [openbsd-compat/arc4random.c] Use explicit_bzero instead of anDarren Tucker
assigment that might get optimized out. ok djm@
2014-06-11 - (dtucker) [sshbuf.h] Only declare ECC functions if building withoutDarren Tucker
OpenSSL or if OpenSSL has ECC.
2014-06-11 - dtucker@cvs.openbsd.org 2014/06/10 21:46:11Darren Tucker
[sshbuf.h] Group ECC functions together to make things a little easier in -portable. "doesn't bother me" deraadt@
2014-06-11 - djm@cvs.openbsd.org 2014/06/05 22:17:50Darren Tucker
[sshconnect2.c] fix inverted test that caused PKCS#11 keys that were explicitly listed not to be preferred. Reported by Dirk-Willem van Gulik
2014-06-11 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] ifdefDarren Tucker
ECC variable too.
2014-06-11 - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org inDarren Tucker
the proposal if the version of OpenSSL we're using doesn't support ECC.
2014-06-11 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.cDarren Tucker
regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256 curve tests if OpenSSL has them.
2014-05-27 - (djm) [configure.ac openbsd-compat/bsd-cygwin_util.c]Damien Miller
[openbsd-compat/bsd-cygwin_util.h] On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account. Patch from Corinna Vinschen.
2014-05-27 - (djm) [contrib/cygwin/ssh-host-config] Updated Cygwin ssh-host-configDamien Miller
from Corinna Vinschen, fixing a number of bugs and preparing for Cygwin 1.7.30.
2014-05-27 - (djm) [cipher.c] Fix merge botch.Damien Miller
2014-05-22 - (djm) [Makefile.in] typo in pathDamien Miller
2014-05-21 - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONICDamien Miller
when it is available. It takes into account time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228 reported by John Haxby
2014-05-21 - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to useDamien Miller
vhangup on Linux. It doens't work for non-root users, and for them it just messes up the tty settings.
2014-05-15 - (djm) [sshbuf.c] need __predict_falseDamien Miller
2014-05-15 - (djm) [regress/Makefile Makefile.in]Damien Miller
[regress/unittests/sshbuf/test_sshbuf.c [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] Hook new unit tests into the build and "make tests"
2014-05-15 - (djm) [regress/unittests/Makefile]Damien Miller
[regress/unittests/Makefile.inc] [regress/unittests/sshbuf/Makefile] [regress/unittests/sshbuf/test_sshbuf.c] [regress/unittests/sshbuf/test_sshbuf_fixed.c] [regress/unittests/sshbuf/test_sshbuf_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_getput_basic.c] [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c] [regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] [regress/unittests/sshbuf/test_sshbuf_misc.c] [regress/unittests/sshbuf/tests.c] [regress/unittests/test_helper/Makefile] [regress/unittests/test_helper/fuzz.c] [regress/unittests/test_helper/test_helper.c] [regress/unittests/test_helper/test_helper.h] Import new unit tests from OpenBSD; not yet hooked up to build.
2014-05-15 - logan@cvs.openbsd.org 2014/05/04 10:40:59Damien Miller
[connect-privsep.sh] Remove the Z flag from the list of malloc options as it was removed from malloc.c 10 days ago. OK from miod@