From 996ea80b1884b676a901439f1f2681eb6ff68501 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 30 Jan 2014 12:49:55 +1100 Subject: trim entries prior to openssh-6.0p1 --- ChangeLog | 2049 ------------------------------------------------------------- 1 file changed, 2049 deletions(-) diff --git a/ChangeLog b/ChangeLog index cf7e12f0a..b617c5ae0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2662,2052 +2662,3 @@ [contrib/suse/openssh.spec] Update for release 6.0 - (djm) [README] Update URL to release notes. - (djm) Release openssh-6.0 - -20120419 - - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil - contains openpty() but not login() - -20120404 - - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox - mode for Linux's new seccomp filter; patch from Will Drewry; feedback - and ok dtucker@ - -20120330 - - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING - file from spec file. From crighter at nuclioss com. - - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running - openssh binaries on a newer fix release than they were compiled on. - with and ok dtucker@ - - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect - assumptions when building on Cygwin; patch from Corinna Vinschen - -20120309 - - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux - systems where sshd is run in te wrong context. Patch from Sven - Vermeulen; ok dtucker@ - - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 - addressed connections. ok dtucker@ - -20120224 - - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM - audit breakage in Solaris 11. Patch from Magnus Johansson. - -20120215 - - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for - unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c - ok dtucker@ - - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so - it actually works. - - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote - to work. Spotted by Angel Gonzalez - -20120214 - - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of - preserved Cygwin environment variables; from Corinna Vinschen - -20120211 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2012/01/05 00:16:56 - [monitor.c] - memleak on error path - - djm@cvs.openbsd.org 2012/01/07 21:11:36 - [mux.c] - fix double-free in new session handler - - miod@cvs.openbsd.org 2012/01/08 13:17:11 - [ssh-ecdsa.c] - Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, - ok markus@ - - miod@cvs.openbsd.org 2012/01/16 20:34:09 - [ssh-pkcs11-client.c] - Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. - While there, be sure to buffer_clear() between send_msg() and recv_msg(). - ok markus@ - - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 - [clientloop.c] - Ensure that $DISPLAY contains only valid characters before using it to - extract xauth data so that it can't be used to play local shell - metacharacter games. Report from r00t_ati at ihteam.net, ok markus. - - markus@cvs.openbsd.org 2012/01/25 19:26:43 - [packet.c] - do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; - ok dtucker@, djm@ - - markus@cvs.openbsd.org 2012/01/25 19:36:31 - [authfile.c] - memleak in key_load_file(); from Jan Klemkow - - markus@cvs.openbsd.org 2012/01/25 19:40:09 - [packet.c packet.h] - packet_read_poll() is not used anymore. - - markus@cvs.openbsd.org 2012/02/09 20:00:18 - [version.h] - move from 6.0-beta to 6.0 - -20120206 - - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms - that don't support ECC. Patch from Phil Oleson - -20111219 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/12/02 00:41:56 - [mux.c] - fix bz#1948: ssh -f doesn't fork for multiplexed connection. - ok dtucker@ - - djm@cvs.openbsd.org 2011/12/02 00:43:57 - [mac.c] - fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before - HMAC_init (this change in policy seems insane to me) - ok dtucker@ - - djm@cvs.openbsd.org 2011/12/04 23:16:12 - [mux.c] - revert: - > revision 1.32 - > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 - > fix bz#1948: ssh -f doesn't fork for multiplexed connection. - > ok dtucker@ - it interacts badly with ControlPersist - - djm@cvs.openbsd.org 2011/12/07 05:44:38 - [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] - fix some harmless and/or unreachable int overflows; - reported Xi Wang, ok markus@ - -20111125 - - OpenBSD CVS Sync - - oga@cvs.openbsd.org 2011/11/16 12:24:28 - [sftp.c] - Don't leak list in complete_cmd_parse if there are no commands found. - Discovered when I was ``borrowing'' this code for something else. - ok djm@ - -20111121 - - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ - -20111104 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/10/18 05:15:28 - [ssh.c] - ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ - - djm@cvs.openbsd.org 2011/10/18 23:37:42 - [ssh-add.c] - add -k to usage(); reminded by jmc@ - - djm@cvs.openbsd.org 2011/10/19 00:06:10 - [moduli.c] - s/tmpfile/tmp/ to make this -Wshadow clean - - djm@cvs.openbsd.org 2011/10/19 10:39:48 - [umac.c] - typo in comment; patch from Michael W. Bombardieri - - djm@cvs.openbsd.org 2011/10/24 02:10:46 - [ssh.c] - bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh - was incorrectly requesting the forward in both the control master and - slave. skip requesting it in the master to fix. ok markus@ - - djm@cvs.openbsd.org 2011/10/24 02:13:13 - [session.c] - bz#1859: send tty break to pty master instead of (probably already - closed) slave side; "looks good" markus@ - - dtucker@cvs.openbsd.org 011/11/04 00:09:39 - [moduli] - regenerated moduli file; ok deraadt - - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in - openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] - bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library - which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) - with some rework from myself and djm. ok djm. - -20111025 - - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file - fails. Patch from Corinna Vinschen. - -20111018 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/10/04 14:17:32 - [sftp-glob.c] - silence error spam for "ls */foo" in directory with files; bz#1683 - - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 - [moduli.c ssh-keygen.1 ssh-keygen.c] - Add optional checkpoints for moduli screening. feedback & ok deraadt - - jmc@cvs.openbsd.org 2011/10/16 15:02:41 - [ssh-keygen.c] - put -K in the right place (usage()); - - stsp@cvs.openbsd.org 2011/10/16 15:51:39 - [moduli.c] - add missing includes to unbreak tree; fix from rpointel - - djm@cvs.openbsd.org 2011/10/18 04:58:26 - [auth-options.c key.c] - remove explict search for \0 in packet strings, this job is now done - implicitly by buffer_get_cstring; ok markus - - djm@cvs.openbsd.org 2011/10/18 05:00:48 - [ssh-add.1 ssh-add.c] - new "ssh-add -k" option to load plain keys (skipping certificates); - "looks ok" markus@ - -20111001 - - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm - - (dtucker) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 - [channels.c auth-options.c servconf.c channels.h sshd.8] - Add wildcard support to PermitOpen, allowing things like "PermitOpen - localhost:*". bz #1857, ok djm markus. - - markus@cvs.openbsd.org 2011/09/23 07:45:05 - [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c - version.h] - unbreak remote portforwarding with dynamic allocated listen ports: - 1) send the actual listen port in the open message (instead of 0). - this allows multiple forwardings with a dynamic listen port - 2) update the matching permit-open entry, so we can identify where - to connect to - report: den at skbkontur.ru and P. Szczygielski - feedback and ok djm@ - - djm@cvs.openbsd.org 2011/09/25 05:44:47 - [auth2-pubkey.c] - improve the AuthorizedPrincipalsFile debug log message to include - file and line number - - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 - [sshd.c] - don't attempt privsep cleanup when not using privsep; ok markus@ - - djm@cvs.openbsd.org 2011/09/30 21:22:49 - [sshd.c] - fix inverted test that caused logspam; spotted by henning@ - -20110929 - - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch - from des AT des.no - - (dtucker) [configure.ac openbsd-compat/Makefile.in - openbsd-compat/strnlen.c] Add strnlen to the compat library. - -20110923 - - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no - longer want to sync this file (OpenBSD uses a __getcwd syscall now, we - want this longhand version) - - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the - upstream version is YPified and we don't want this - - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. - The file was totally rewritten between what we had in tree and -current. - - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid - marker. The upstream API has changed (function and structure names) - enough to put it out of sync with other providers of this interface. - - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion - of static __findenv() function from upstream setenv.c - - OpenBSD CVS Sync - - millert@cvs.openbsd.org 2006/05/05 15:27:38 - [openbsd-compat/strlcpy.c] - Convert do {} while loop -> while {} for clarity. No binary change - on most architectures. From Oliver Smith. OK deraadt@ and henning@ - - tobias@cvs.openbsd.org 2007/10/21 11:09:30 - [openbsd-compat/mktemp.c] - Comment fix about time consumption of _gettemp. - FreeBSD did this in revision 1.20. - OK deraadt@, krw@ - - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 - [openbsd-compat/mktemp.c] - use arc4random_uniform(); ok djm millert - - millert@cvs.openbsd.org 2008/08/21 16:54:44 - [openbsd-compat/mktemp.c] - Remove useless code, the kernel will set errno appropriately if an - element in the path does not exist. OK deraadt@ pvalchev@ - - otto@cvs.openbsd.org 2008/12/09 19:38:38 - [openbsd-compat/inet_ntop.c] - fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon - -20110922 - - OpenBSD CVS Sync - - pyr@cvs.openbsd.org 2011/05/12 07:15:10 - [openbsd-compat/glob.c] - When the max number of items for a directory has reached GLOB_LIMIT_READDIR - an error is returned but closedir() is not called. - spotted and fix provided by Frank Denis obsd-tech@pureftpd.org - ok otto@, millert@ - - stsp@cvs.openbsd.org 2011/09/20 10:18:46 - [glob.c] - In glob(3), limit recursion during matching attempts. Similar to - fnmatch fix. Also collapse consecutive '*' (from NetBSD). - ok miod deraadt - - djm@cvs.openbsd.org 2011/09/22 06:27:29 - [glob.c] - fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being - applied only to the gl_pathv vector and not the corresponding gl_statv - array. reported in OpenSSH bz#1935; feedback and okay matthew@ - - djm@cvs.openbsd.org 2011/08/26 01:45:15 - [ssh.1] - Add some missing ssh_config(5) options that can be used in ssh(1)'s - -o argument. Patch from duclare AT guu.fi - - djm@cvs.openbsd.org 2011/09/05 05:56:13 - [scp.1 sftp.1] - mention ControlPersist and KbdInteractiveAuthentication in the -o - verbiage in these pages too (prompted by jmc@) - - djm@cvs.openbsd.org 2011/09/05 05:59:08 - [misc.c] - fix typo in IPQoS parsing: there is no "AF14" class, but there is - an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk - - jmc@cvs.openbsd.org 2011/09/05 07:01:44 - [scp.1] - knock out a useless Ns; - - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 - [ssh-keygen.1] - typo (they vs the) found by Lawrence Teo - - djm@cvs.openbsd.org 2011/09/09 00:43:00 - [ssh_config.5 sshd_config.5] - fix typo in IPQoS parsing: there is no "AF14" class, but there is - an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk - - djm@cvs.openbsd.org 2011/09/09 00:44:07 - [PROTOCOL.mux] - MUX_C_CLOSE_FWD includes forward type in message (though it isn't - implemented anyway) - - djm@cvs.openbsd.org 2011/09/09 22:37:01 - [scp.c] - suppress adding '--' to remote commandlines when the first argument - does not start with '-'. saves breakage on some difficult-to-upgrade - embedded/router platforms; feedback & ok dtucker ok markus - - djm@cvs.openbsd.org 2011/09/09 22:38:21 - [sshd.c] - kill the preauth privsep child on fatal errors in the monitor; - ok markus@ - - djm@cvs.openbsd.org 2011/09/09 22:46:44 - [channels.c channels.h clientloop.h mux.c ssh.c] - support for cancelling local and remote port forwards via the multiplex - socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request - the cancellation of the specified forwardings; ok markus@ - - markus@cvs.openbsd.org 2011/09/10 22:26:34 - [channels.c channels.h clientloop.c ssh.1] - support cancellation of local/dynamic forwardings from ~C commandline; - ok & feedback djm@ - - okan@cvs.openbsd.org 2011/09/11 06:59:05 - [ssh.1] - document new -O cancel command; ok djm@ - - markus@cvs.openbsd.org 2011/09/11 16:07:26 - [sftp-client.c] - fix leaks in do_hardlink() and do_readlink(); bz#1921 - from Loganaden Velvindron - - markus@cvs.openbsd.org 2011/09/12 08:46:15 - [sftp-client.c] - fix leak in do_lsreaddir(); ok djm - - djm@cvs.openbsd.org 2011/09/22 06:29:03 - [sftp.c] - don't let remote_glob() implicitly sort its results in do_globbed_ls() - - in all likelihood, they will be resorted anyway - -20110909 - - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From - Colin Watson. - -20110906 - - (djm) [README version.h] Correct version - - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon - - (djm) Respin OpenSSH-5.9p1 release - -20110905 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Update version numbers. - -20110904 - - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal - regress errors for the sandbox to warnings. ok tim dtucker - - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations - ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen - support. - -20110829 - - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting - to switch SELinux context away from unconfined_t, based on patch from - Jan Chadima; bz#1919 ok dtucker@ - -20110827 - - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. - -20110818 - - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze - -20110817 - - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for - OpenSSL 0.9.7. ok djm - - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] - binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen - - (djm) [configure.ac] error out if the host lacks the necessary bits for - an explicitly requested sandbox type - - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by - bisson AT archlinux.org - - (djm) OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 - [regress/cfgmatch.sh] - use OBJ to find test configs, patch from Tim Rice - - markus@cvs.openbsd.org 2011/06/30 22:44:43 - [regress/connect-privsep.sh] - test with sandbox enabled; ok djm@ - - djm@cvs.openbsd.org 2011/08/02 01:23:41 - [regress/cipher-speed.sh regress/try-ciphers.sh] - add SHA256/SHA512 based HMAC modes - - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 - MAC tests for platforms that hack EVP_SHA2 support - -20110812 - - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context - change error by reporting old and new context names Patch from - jchadima at redhat. - - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] - [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES - init scrips from imorgan AT nas.nasa.gov; bz#1920 - - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the - identify file contained whitespace. bz#1828 patch from gwenael.lambrouin - AT gmail.com; ok dtucker@ - -20110807 - - (dtucker) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2008/06/26 06:59:39 - [moduli.5] - tweak previous; - - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 - [moduli.5] - "Diffie-Hellman" is the usual spelling for the cryptographic protocol - first published by Whitfield Diffie and Martin Hellman in 1976. - ok jmc@ - - jmc@cvs.openbsd.org 2010/10/14 20:41:28 - [moduli.5] - probabalistic -> probabilistic; from naddy - - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 - [sftp.1] - typo, fix from Laurent Gautrot - -20110805 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/23 23:35:42 - [monitor.c] - ignore EINTR errors from poll() - - tedu@cvs.openbsd.org 2011/07/06 18:09:21 - [authfd.c] - bzero the agent address. the kernel was for a while very cranky about - these things. evne though that's fixed, always good to initialize - memory. ok deraadt djm - - djm@cvs.openbsd.org 2011/07/29 14:42:45 - [sandbox-systrace.c] - fail open(2) with EPERM rather than SIGKILLing the whole process. libc - will call open() to do strerror() when NLS is enabled; - feedback and ok markus@ - - markus@cvs.openbsd.org 2011/08/01 19:18:15 - [gss-serv.c] - prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); - report Adam Zabrock; ok djm@, deraadt@ - - djm@cvs.openbsd.org 2011/08/02 01:22:11 - [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] - Add new SHA256 and SHA512 based HMAC modes from - http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt - Patch from mdb AT juniper.net; feedback and ok markus@ - - djm@cvs.openbsd.org 2011/08/02 23:13:01 - [version.h] - crank now, release later - - djm@cvs.openbsd.org 2011/08/02 23:15:03 - [ssh.c] - typo in comment - -20110624 - - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for - Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing - markus@ - -20110623 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/22 21:47:28 - [servconf.c] - reuse the multistate option arrays to pretty-print options for "sshd -T" - - djm@cvs.openbsd.org 2011/06/22 21:57:01 - [servconf.c servconf.h sshd.c sshd_config.5] - [configure.ac Makefile.in] - introduce sandboxing of the pre-auth privsep child using systrace(4). - - This introduces a new "UsePrivilegeSeparation=sandbox" option for - sshd_config that applies mandatory restrictions on the syscalls the - privsep child can perform. This prevents a compromised privsep child - from being used to attack other hosts (by opening sockets and proxying) - or probing local kernel attack surface. - - The sandbox is implemented using systrace(4) in unsupervised "fast-path" - mode, where a list of permitted syscalls is supplied. Any syscall not - on the list results in SIGKILL being sent to the privsep child. Note - that this requires a kernel with the new SYSTR_POLICY_KILL option. - - UsePrivilegeSeparation=sandbox will become the default in the future - so please start testing it now. - - feedback dtucker@; ok markus@ - - djm@cvs.openbsd.org 2011/06/22 22:08:42 - [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] - hook up a channel confirm callback to warn the user then requested X11 - forwarding was refused by the server; ok markus@ - - djm@cvs.openbsd.org 2011/06/23 09:34:13 - [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] - [sandbox-null.c] - rename sandbox.h => ssh-sandbox.h to make things easier for portable - - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support - setrlimit(2) - -20110620 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/04 00:10:26 - [ssh_config.5] - explain IdentifyFile's semantics a little better, prompted by bz#1898 - ok dtucker jmc - - markus@cvs.openbsd.org 2011/06/14 22:49:18 - [authfile.c] - make sure key_parse_public/private_rsa1() no longer consumes its input - buffer. fixes ssh-add for passphrase-protected ssh1-keys; - noted by naddy@; ok djm@ - - djm@cvs.openbsd.org 2011/06/17 21:44:31 - [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] - make the pre-auth privsep slave log via a socketpair shared with the - monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ - - djm@cvs.openbsd.org 2011/06/17 21:46:16 - [sftp-server.c] - the protocol version should be unsigned; bz#1913 reported by mb AT - smartftp.com - - djm@cvs.openbsd.org 2011/06/17 21:47:35 - [servconf.c] - factor out multi-choice option parsing into a parse_multistate label - and some support structures; ok dtucker@ - - djm@cvs.openbsd.org 2011/06/17 21:57:25 - [clientloop.c] - setproctitle for a mux master that has been gracefully stopped; - bz#1911 from Bert.Wesarg AT googlemail.com - -20110603 - - (dtucker) [README version.h contrib/caldera/openssh.spec - contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version - bumps from the 5.8p2 branch into HEAD. ok djm. - - (tim) [configure.ac defines.h] Run test program to detect system mail - directory. Add --with-maildir option to override. Fixed OpenServer 6 - getting it wrong. Fixed many systems having MAIL=/var/mail//username - ok dtucker - - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair - unconditionally in other places and the survey data we have does not show - any systems that use it. "nuke it" djm@ - - (djm) [configure.ac] enable setproctitle emulation for OS X - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/06/03 00:54:38 - [ssh.c] - bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg - AT googlemail.com; ok dtucker@ - NB. includes additional portability code to enable setproctitle emulation - on platforms that don't support it. - - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 - [ssh-agent.c] - Check current parent process ID against saved one to determine if the parent - has exited, rather than attempting to send a zero signal, since the latter - won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn - Gillmor, ok djm@ - - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 - [regress/dynamic-forward.sh] - back out revs 1.6 and 1.5 since it's not reliable - - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 - [regress/dynamic-forward.sh] - work around startup and teardown races; caught by deraadt - - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 - [regress/dynamic-forward.sh] - Retry establishing the port forwarding after a small delay, should make - the tests less flaky when the previous test is slow to shut down and free - up the port. - - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. - -20110529 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/05/23 03:30:07 - [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] - [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] - allow AuthorizedKeysFile to specify multiple files, separated by spaces. - Bring back authorized_keys2 as a default search path (to avoid breaking - existing users of this file), but override this in sshd_config so it will - be no longer used on fresh installs. Maybe in 2015 we can remove it - entierly :) - - feedback and ok markus@ dtucker@ - - djm@cvs.openbsd.org 2011/05/23 03:33:38 - [auth.c] - make secure_filename() spam debug logs less - - djm@cvs.openbsd.org 2011/05/23 03:52:55 - [sshconnect.c] - remove extra newline - - jmc@cvs.openbsd.org 2011/05/23 07:10:21 - [sshd.8 sshd_config.5] - tweak previous; ok djm - - djm@cvs.openbsd.org 2011/05/23 07:24:57 - [authfile.c] - read in key comments for v.2 keys (though note that these are not - passed over the agent protocol); bz#439, based on patch from binder - AT arago.de; ok markus@ - - djm@cvs.openbsd.org 2011/05/24 07:15:47 - [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] - Remove undocumented legacy options UserKnownHostsFile2 and - GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile - accept multiple paths per line and making their defaults include - known_hosts2; ok markus - - djm@cvs.openbsd.org 2011/05/23 03:31:31 - [regress/cfgmatch.sh] - include testing of multiple/overridden AuthorizedKeysFiles - refactor to simply daemon start/stop and get rid of racy constructs - -20110520 - - (djm) [session.c] call setexeccon() before executing passwd for pw - changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ - - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options - options, we should corresponding -W-option when trying to determine - whether it is accepted. Also includes a warning fix on the program - fragment uses (bad main() return type). - bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ - - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/05/15 08:09:01 - [authfd.c monitor.c serverloop.c] - use FD_CLOEXEC consistently; patch from zion AT x96.org - - djm@cvs.openbsd.org 2011/05/17 07:13:31 - [key.c] - fatal() if asked to generate a legacy ECDSA cert (these don't exist) - and fix the regress test that was trying to generate them :) - - djm@cvs.openbsd.org 2011/05/20 00:55:02 - [servconf.c] - the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile - and AuthorizedPrincipalsFile were not being correctly applied in - Match blocks, despite being overridable there; ok dtucker@ - - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 - [servconf.c] - Add comment documenting what should be after the preauth check. ok djm - - djm@cvs.openbsd.org 2011/05/20 03:25:45 - [monitor.c monitor_wrap.c servconf.c servconf.h] - use a macro to define which string options to copy between configs - for Match. This avoids problems caused by forgetting to keep three - code locations in perfect sync and ordering - - "this is at once beautiful and horrible" + ok dtucker@ - - djm@cvs.openbsd.org 2011/05/17 07:13:31 - [regress/cert-userkey.sh] - fatal() if asked to generate a legacy ECDSA cert (these don't exist) - and fix the regress test that was trying to generate them :) - - djm@cvs.openbsd.org 2011/05/20 02:43:36 - [cert-hostkey.sh] - another attempt to generate a v00 ECDSA key that broke the test - ID sync only - portable already had this somehow - - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 - [dynamic-forward.sh] - Prevent races in dynamic forwarding test; ok djm - - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 - [dynamic-forward.sh] - fix dumb error in dynamic-forward test - -20110515 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/05/05 05:12:08 - [mux.c] - gracefully fall back when ControlPath is too large for a - sockaddr_un. ok markus@ as part of a larger diff - - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 - [sshd_config] - clarify language about overriding defaults. bz#1892, from Petr Cerny - - djm@cvs.openbsd.org 2011/05/06 01:09:53 - [sftp.1] - mention that IPv6 addresses must be enclosed in square brackets; - bz#1845 - - djm@cvs.openbsd.org 2011/05/06 02:05:41 - [sshconnect2.c] - fix memory leak; bz#1849 ok dtucker@ - - djm@cvs.openbsd.org 2011/05/06 21:14:05 - [packet.c packet.h] - set traffic class for IPv6 traffic as we do for IPv4 TOS; - patch from lionel AT mamane.lu via Colin Watson in bz#1855; - ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:18:02 - [ssh.c ssh_config.5] - add a %L expansion (short-form of the local host name) for ControlPath; - sync some more expansions with LocalCommand; ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:31:38 - [readconf.c ssh_config.5] - support negated Host matching, e.g. - - Host *.example.org !c.example.org - User mekmitasdigoat - - Will match "a.example.org", "b.example.org", but not "c.example.org" - ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:34:32 - [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] - Add a RequestTTY ssh_config option to allow configuration-based - control over tty allocation (like -t/-T); ok markus@ - - djm@cvs.openbsd.org 2011/05/06 21:38:58 - [ssh.c] - fix dropping from previous diff - - djm@cvs.openbsd.org 2011/05/06 22:20:10 - [PROTOCOL.mux] - fix numbering; from bert.wesarg AT googlemail.com - - jmc@cvs.openbsd.org 2011/05/07 23:19:39 - [ssh_config.5] - - tweak previous - - come consistency fixes - ok djm - - jmc@cvs.openbsd.org 2011/05/07 23:20:25 - [ssh.1] - +.It RequestTTY - - djm@cvs.openbsd.org 2011/05/08 12:52:01 - [PROTOCOL.mux clientloop.c clientloop.h mux.c] - improve our behaviour when TTY allocation fails: if we are in - RequestTTY=auto mode (the default), then do not treat at TTY - allocation error as fatal but rather just restore the local TTY - to cooked mode and continue. This is more graceful on devices that - never allocate TTYs. - - If RequestTTY is set to "yes" or "force", then failure to allocate - a TTY is fatal. - - ok markus@ - - djm@cvs.openbsd.org 2011/05/10 05:46:46 - [authfile.c] - despam debug() logs by detecting that we are trying to load a private key - in key_try_load_public() and returning early; ok markus@ - - djm@cvs.openbsd.org 2011/05/11 04:47:06 - [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] - remove support for authorized_keys2; it is a relic from the early days - of protocol v.2 support and has been undocumented for many years; - ok markus@ - - djm@cvs.openbsd.org 2011/05/13 00:05:36 - [authfile.c] - warn on unexpected key type in key_parse_private_type() - - (djm) [packet.c] unbreak portability #endif - -20110510 - - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix - --with-ssl-engine which was broken with the change from deprecated - SSLeay_add_all_algorithms(). ok djm - -20110506 - - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype - for closefrom() in test code. Report from Dan Wallis via Gentoo. - -20110505 - - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS - definitions. From des AT des.no - - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] - [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] - [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] - [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] - [regress/README.regress] Remove ssh-rand-helper and all its - tentacles. PRNGd seeding has been rolled into entropy.c directly. - Thanks to tim@ for testing on affected platforms. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/03/10 02:52:57 - [auth2-gss.c auth2.c auth.h] - allow GSSAPI authentication to detect when a server-side failure causes - authentication failure and don't count such failures against MaxAuthTries; - bz#1244 from simon AT sxw.org.uk; ok markus@ before lock - - okan@cvs.openbsd.org 2011/03/15 10:36:02 - [ssh-keyscan.c] - use timerclear macro - ok djm@ - - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 - [ssh-keygen.1 ssh-keygen.c] - Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) - for which host keys do not exist, generate the host keys with the - default key file path, an empty passphrase, default bits for the key - type, and default comment. This will be used by /etc/rc to generate - new host keys. Idea from deraadt. - ok deraadt - - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 - [ssh-keygen.1] - -q not used in /etc/rc now so remove statement. - - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 - [ssh-keygen.c] - remove -d, documentation removed >10 years ago; ok markus - - jmc@cvs.openbsd.org 2011/03/24 15:29:30 - [ssh-keygen.1] - zap trailing whitespace; - - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 - [ssh-keygen.c] - use strcasecmp() for "clear" cert permission option also; ok djm - - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 - [misc.c misc.h servconf.c] - print ipqos friendly string for sshd -T; ok markus - # sshd -Tf sshd_config|grep ipqos - ipqos lowdelay throughput - - djm@cvs.openbsd.org 2011/04/12 04:23:50 - [ssh-keygen.c] - fix -Wshadow - - djm@cvs.openbsd.org 2011/04/12 05:32:49 - [sshd.c] - exit with 0 status on SIGTERM; bz#1879 - - djm@cvs.openbsd.org 2011/04/13 04:02:48 - [ssh-keygen.1] - improve wording; bz#1861 - - djm@cvs.openbsd.org 2011/04/13 04:09:37 - [ssh-keygen.1] - mention valid -b sizes for ECDSA keys; bz#1862 - - djm@cvs.openbsd.org 2011/04/17 22:42:42 - [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] - allow graceful shutdown of multiplexing: request that a mux server - removes its listener socket and refuse future multiplexing requests; - ok markus@ - - djm@cvs.openbsd.org 2011/04/18 00:46:05 - [ssh-keygen.c] - certificate options are supposed to be packed in lexical order of - option name (though we don't actually enforce this at present). - Move one up that was out of sequence - - djm@cvs.openbsd.org 2011/05/04 21:15:29 - [authfile.c authfile.h ssh-add.c] - allow "ssh-add - < key"; feedback and ok markus@ - - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE - so autoreconf 2.68 is happy. - - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ - -20110221 - - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the - Cygwin-specific service installer script ssh-host-config. The actual - functionality is the same, the revisited version is just more - exact when it comes to check for problems which disallow to run - certain aspects of the script. So, part of this script and the also - rearranged service helper script library "csih" is to check if all - the tools required to run the script are available on the system. - The new script also is more thorough to inform the user why the - script failed. Patch from vinschen at redhat com. - -20110218 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/02/16 00:31:14 - [ssh-keysign.c] - make hostbased auth with ECDSA keys work correctly. Based on patch - by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) - -20110206 - - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in - selinux code. Patch from Leonardo Chiquitto - - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key - generation and simplify. Patch from Corinna Vinschen. - -20110204 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/31 21:42:15 - [PROTOCOL.mux] - cut'n'pasto; from bert.wesarg AT googlemail.com - - djm@cvs.openbsd.org 2011/02/04 00:44:21 - [key.c] - fix uninitialised nonce variable; reported by Mateusz Kocielski - - djm@cvs.openbsd.org 2011/02/04 00:44:43 - [version.h] - openssh-5.8 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] update versions in docs and spec files. - - Release OpenSSH 5.8p1 - -20110128 - - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled - before attempting setfscreatecon(). Check whether matchpathcon() - succeeded before using its result. Patch from cjwatson AT debian.org; - bz#1851 - -20110127 - - (tim) [config.guess config.sub] Sync with upstream. - - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete - AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with - AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white - space changes for consistency/readability. Makes autoconf 2.68 happy. - "Nice work" djm - -20110125 - - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c - openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to - port-linux.c to avoid compilation errors. Add -lselinux to ssh when - building with SELinux support to avoid linking failure; report from - amk AT spamfence.net; ok dtucker - -20110122 - - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add - RSA_get_default_method() for the benefit of openssl versions that don't - have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, - ok djm@. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/22 09:18:53 - [version.h] - crank to OpenSSH-5.7 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] update versions in docs and spec files. - - (djm) Release 5.7p1 - -20110119 - - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead - of RPM so build completes. Signatures were changed to .asc since 4.1p1. - - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to - 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- - release testing (random crashes and failure to load ECC keys). - ok dtucker@ - -20110117 - - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in - $PATH, fix cleanup of droppings; reported by openssh AT - roumenpetrov.info; ok dtucker@ - - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding - its unique snowflake of a gdb error to the ones we look for. - - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running - ssh-add to avoid $SUDO failures on Linux - - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new - Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback - to the old values. Feedback from vapier at gentoo org and djm, ok djm. - - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] - [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are - disabled on platforms that do not support them; add a "config_defined()" - shell function that greps for defines in config.h and use them to decide - on feature tests. - Convert a couple of existing grep's over config.h to use the new function - Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent - backslash characters in filenames, enable it for Cygwin and use it to turn - of tests for quotes backslashes in sftp-glob.sh. - based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ - - (tim) [regress/agent-getpeereid.sh] shell portability fix. - - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on - the tinderbox. - - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h - configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem - support, based on patches from Tomas Mraz and jchadima at redhat. - -20110116 - - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based - on configurations that don't have it. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/16 11:50:05 - [clientloop.c] - Use atomicio when flushing protocol 1 std{out,err} buffers at - session close. This was a latent bug exposed by setting a SIGCHLD - handler and spotted by kevin.brott AT gmail.com; ok dtucker@ - - djm@cvs.openbsd.org 2011/01/16 11:50:36 - [sshconnect.c] - reset the SIGPIPE handler when forking to execute child processes; - ok dtucker@ - - djm@cvs.openbsd.org 2011/01/16 12:05:59 - [clientloop.c] - a couple more tweaks to the post-close protocol 1 stderr/stdout flush: - now that we use atomicio(), convert them from while loops to if statements - add test and cast to compile cleanly with -Wsigned - -20110114 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/13 21:54:53 - [mux.c] - correct error messages; patch from bert.wesarg AT googlemail.com - - djm@cvs.openbsd.org 2011/01/13 21:55:25 - [PROTOCOL.mux] - correct protocol names and add a couple of missing protocol number - defines; patch from bert.wesarg AT googlemail.com - - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in - host-key-force target rather than a substitution that is replaced with a - comment so that the Makefile.in is still a syntactically valid Makefile - (useful to run the distprep target) - - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. - - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some - ecdsa bits. - -20110113 - - (djm) [misc.c] include time.h for nanosleep() prototype - - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm - - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating - ecdsa keys. ok djm. - - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid - gcc warning on platforms where it defaults to int - - (djm) [regress/Makefile] add a few more generated files to the clean - target - - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad - #define that was causing diffie-hellman-group-exchange-sha256 to be - incorrectly disabled - - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 - should not depend on ECC support - -20110112 - - OpenBSD CVS Sync - - nicm@cvs.openbsd.org 2010/10/08 21:48:42 - [openbsd-compat/glob.c] - Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit - from ARG_MAX to 64K. - Fixes glob-using programs (notably ftp) able to be triggered to hit - resource limits. - Idea from a similar NetBSD change, original problem reported by jasper@. - ok millert tedu jasper - - djm@cvs.openbsd.org 2011/01/12 01:53:14 - avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS - and sanity check arguments (these will be unnecessary when we switch - struct glob members from being type into to size_t in the future); - "looks ok" tedu@ feedback guenther@ - - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid - silly warnings on write() calls we don't care succeed or not. - - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler - flag tests that don't depend on gcc version at all; suggested by and - ok dtucker@ - -20110111 - - (tim) [regress/host-expand.sh] Fix for building outside of read only - source tree. - - (djm) [platform.c] Some missing includes that show up under -Werror - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2011/01/08 10:51:51 - [clientloop.c] - use host and not options.hostname, as the latter may have unescaped - substitution characters - - djm@cvs.openbsd.org 2011/01/11 06:06:09 - [sshlogin.c] - fd leak on error paths; from zinovik@ - NB. Id sync only; we use loginrec.c that was also audited and fixed - recently - - djm@cvs.openbsd.org 2011/01/11 06:13:10 - [clientloop.c ssh-keygen.c sshd.c] - some unsigned long long casts that make things a bit easier for - portable without resorting to dropping PRIu64 formats everywhere - -20110109 - - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by - openssh AT roumenpetrov.info - -20110108 - - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress - test on OSX and others. Reported by imorgan AT nas.nasa.gov - -20110107 - - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test - for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com - - djm@cvs.openbsd.org 2011/01/06 22:23:53 - [ssh.c] - unbreak %n expansion in LocalCommand; patch from bert.wesarg AT - googlemail.com; ok markus@ - - djm@cvs.openbsd.org 2011/01/06 22:23:02 - [clientloop.c] - when exiting due to ServerAliveTimeout, mention the hostname that caused - it (useful with backgrounded controlmaster) - - djm@cvs.openbsd.org 2011/01/06 22:46:21 - [regress/Makefile regress/host-expand.sh] - regress test for LocalCommand %n expansion from bert.wesarg AT - googlemail.com; ok markus@ - - djm@cvs.openbsd.org 2011/01/06 23:01:35 - [sshconnect.c] - reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; - ok markus@ - -20110106 - - (djm) OpenBSD CVS Sync - - markus@cvs.openbsd.org 2010/12/08 22:46:03 - [scp.1 scp.c] - add a new -3 option to scp: Copies between two remote hosts are - transferred through the local host. Without this option the data - is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) - - jmc@cvs.openbsd.org 2010/12/09 14:13:33 - [scp.1 scp.c] - scp.1: grammer fix - scp.c: add -3 to usage() - - markus@cvs.openbsd.org 2010/12/14 11:59:06 - [sshconnect.c] - don't mention key type in key-changed-warning, since we also print - this warning if a new key type appears. ok djm@ - - djm@cvs.openbsd.org 2010/12/15 00:49:27 - [readpass.c] - fix ControlMaster=ask regression - reset SIGCHLD handler before fork (and restore it after) so we don't miss - the the askpass child's exit status. Correct test for exit status/signal to - account for waitpid() failure; with claudio@ ok claudio@ markus@ - - djm@cvs.openbsd.org 2010/12/24 21:41:48 - [auth-options.c] - don't send the actual forced command in a debug message; ok markus deraadt - - otto@cvs.openbsd.org 2011/01/04 20:44:13 - [ssh-keyscan.c] - handle ecdsa-sha2 with various key lengths; hint and ok djm@ - -20110104 - - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage - formatter if it is present, followed by nroff and groff respectively. - Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports - in favour of mandoc). feedback and ok tim - -20110103 - - (djm) [Makefile.in] revert local hack I didn't intend to commit - -20110102 - - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker - - (djm) [configure.ac] Check whether libdes is needed when building - with Heimdal krb5 support. On OpenBSD this library no longer exists, - so linking it unconditionally causes a build failure; ok dtucker - -20101226 - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/12/08 04:02:47 - [ssh_config.5 sshd_config.5] - explain that IPQoS arguments are separated by whitespace; iirc requested - by jmc@ a while back - -20101205 - - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from - debugging. Spotted by djm. - - (dtucker) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/12/03 23:49:26 - [schnorr.c] - check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao - (this code is still disabled, but apprently people are treating it as - a reference implementation) - - djm@cvs.openbsd.org 2010/12/03 23:55:27 - [auth-rsa.c] - move check for revoked keys to run earlier (in auth_rsa_key_allowed) - bz#1829; patch from ldv AT altlinux.org; ok markus@ - - djm@cvs.openbsd.org 2010/12/04 00:18:01 - [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] - add a protocol extension to support a hard link operation. It is - available through the "ln" command in the client. The old "ln" - behaviour of creating a symlink is available using its "-s" option - or through the preexisting "symlink" command; based on a patch from - miklos AT szeredi.hu in bz#1555; ok markus@ - - djm@cvs.openbsd.org 2010/12/04 13:31:37 - [hostfile.c] - fix fd leak; spotted and ok dtucker - - djm@cvs.openbsd.org 2010/12/04 00:21:19 - [regress/sftp-cmds.sh] - adjust for hard-link support - - (dtucker) [regress/Makefile] Id sync. - -20101204 - - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) - instead of (arc4random() % range) - - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add - shims for the new, non-deprecated OpenSSL key generation functions for - platforms that don't have the new interfaces. - -20101201 - - OpenBSD CVS Sync - - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 - [auth2-pubkey.c] - clean up cases of ;; - - djm@cvs.openbsd.org 2010/11/21 01:01:13 - [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] - honour $TMPDIR for client xauth and ssh-agent temporary directories; - feedback and ok markus@ - - djm@cvs.openbsd.org 2010/11/21 10:57:07 - [authfile.c] - Refactor internals of private key loading and saving to work on memory - buffers rather than directly on files. This will make a few things - easier to do in the future; ok markus@ - - djm@cvs.openbsd.org 2010/11/23 02:35:50 - [auth.c] - use strict_modes already passed as function argument over referencing - global options.strict_modes - - djm@cvs.openbsd.org 2010/11/23 23:57:24 - [clientloop.c] - avoid NULL deref on receiving a channel request on an unknown or invalid - channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ - - djm@cvs.openbsd.org 2010/11/24 01:24:14 - [channels.c] - remove a debug() that pollutes stderr on client connecting to a server - in debug mode (channel_close_fds is called transitively from the session - code post-fork); bz#1719, ok dtucker - - djm@cvs.openbsd.org 2010/11/25 04:10:09 - [session.c] - replace close() loop for fds 3->64 with closefrom(); - ok markus deraadt dtucker - - djm@cvs.openbsd.org 2010/11/26 05:52:49 - [scp.c] - Pass through ssh command-line flags and options when doing remote-remote - transfers, e.g. to enable agent forwarding which is particularly useful - in this case; bz#1837 ok dtucker@ - - markus@cvs.openbsd.org 2010/11/29 18:57:04 - [authfile.c] - correctly load comment for encrypted rsa1 keys; - report/fix Joachim Schipper; ok djm@ - - djm@cvs.openbsd.org 2010/11/29 23:45:51 - [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] - [sshconnect.h sshconnect2.c] - automatically order the hostkeys requested by the client based on - which hostkeys are already recorded in known_hosts. This avoids - hostkey warnings when connecting to servers with new ECDSA keys - that are preferred by default; with markus@ - -20101124 - - (dtucker) [platform.c session.c] Move the getluid call out of session.c and - into the platform-specific code Only affects SCO, tested by and ok tim@. - - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow - group read/write. ok dtucker@ - - (dtucker) [packet.c] Remove redundant local declaration of "int tos". - - (djm) [defines.h] Add IP DSCP defines - -20101122 - - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch - from vapier at gentoo org. - -20101120 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/11/05 02:46:47 - [packet.c] - whitespace KNF - - djm@cvs.openbsd.org 2010/11/10 01:33:07 - [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] - use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. - these have been around for years by this time. ok markus - - djm@cvs.openbsd.org 2010/11/13 23:27:51 - [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] - [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] - allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of - hardcoding lowdelay/throughput. - - bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ - - jmc@cvs.openbsd.org 2010/11/15 07:40:14 - [ssh_config.5] - libary -> library; - - jmc@cvs.openbsd.org 2010/11/18 15:01:00 - [scp.1 sftp.1 ssh.1 sshd_config.5] - add IPQoS to the various -o lists, and zap some trailing whitespace; - -20101111 - - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on - platforms that don't support ECC. Fixes some spurious warnings reported - by tim@ - -20101109 - - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. - Feedback from dtucker@ - - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add - support for platforms missing isblank(). ok djm@ - -20101108 - - (tim) [regress/Makefile] Fixes to allow building/testing outside source - tree. - - (tim) [regress/kextype.sh] Shell portability fix. - -20101107 - - (dtucker) [platform.c] includes.h instead of defines.h so that we get - the correct typedefs. - -20101105 - - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of - int. Should fix bz#1817 cleanly; ok dtucker@ - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/09/22 12:26:05 - [regress/Makefile regress/kextype.sh] - regress test for each of the key exchange algorithms that we support - - djm@cvs.openbsd.org 2010/10/28 11:22:09 - [authfile.c key.c key.h ssh-keygen.c] - fix a possible NULL deref on loading a corrupt ECDH key - - store ECDH group information in private keys files as "named groups" - rather than as a set of explicit group parameters (by setting - the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and - retrieves the group's OpenSSL NID that we need for various things. - - jmc@cvs.openbsd.org 2010/10/28 18:33:28 - [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] - knock out some "-*- nroff -*-" lines; - - djm@cvs.openbsd.org 2010/11/04 02:45:34 - [sftp-server.c] - umask should be parsed as octal. reported by candland AT xmission.com; - ok markus@ - - (dtucker) [configure.ac platform.{c,h} session.c - openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. - Patch from cory.erickson at csu mnscu edu with a bit of rework from me. - ok djm@ - - (dtucker) [platform.c platform.h session.c] Add a platform hook to run - after the user's groups are established and move the selinux calls into it. - - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into - platform.c - - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. - - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to - retain previous behavior. - - (dtucker) [platform.c session.c] Move the PAM credential establishment for - the LOGIN_CAP case into platform.c. - - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into - platform.c - - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. - - (dtucker) [platform.c session.c] Move irix setusercontext fragment into - platform.c. - - (dtucker) [platform.c session.c] Move PAM credential establishment for the - non-LOGIN_CAP case into platform.c. - - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case - check into platform.c - - (dtucker) [regress/keytype.sh] Import new test. - - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] - Import recent changes to regress/Makefile, pass a flag to enable ECC tests - from configure through to regress/Makefile and use it in the tests. - - (dtucker) [regress/kextype.sh] Add missing "test". - - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not - strictly correct since while ECC requires sha256 the reverse is not true - however it does prevent spurious test failures. - - (dtucker) [platform.c] Need servconf.h and extern options. - -20101025 - - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with - 1.12 to unbreak Solaris build. - ok djm@ - - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a - native one. - -20101024 - - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. - - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms - which don't have ECC support in libcrypto. - - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms - which don't have ECC support in libcrypto. - - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't - have it. - - (dtucker) OpenBSD CVS Sync - - sthen@cvs.openbsd.org 2010/10/23 22:06:12 - [sftp.c] - escape '[' in filename tab-completion; fix a type while there. - ok djm@ - -20101021 - - OpenBSD CVS Sync - - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 - [mux.c] - Typo in confirmation message. bz#1827, patch from imorgan at - nas nasa gov - - djm@cvs.openbsd.org 2010/08/31 12:24:09 - [regress/cert-hostkey.sh regress/cert-userkey.sh] - tests for ECDSA certificates - -20101011 - - (djm) [canohost.c] Zero a4 instead of addr to better match type. - bz#1825, reported by foo AT mailinator.com - - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) - -20101011 - - (djm) [configure.ac] Use = instead of == in shell tests. Patch from - dr AT vasco.com - -20101007 - - (djm) [ssh-agent.c] Fix type for curve name. - - (djm) OpenBSD CVS Sync - - matthew@cvs.openbsd.org 2010/09/24 13:33:00 - [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] - [openbsd-compat/timingsafe_bcmp.c] - Add timingsafe_bcmp(3) to libc, mention that it's already in the - kernel in kern(9), and remove it from OpenSSH. - ok deraadt@, djm@ - NB. re-added under openbsd-compat/ for portable OpenSSH - - djm@cvs.openbsd.org 2010/09/25 09:30:16 - [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] - make use of new glob(3) GLOB_KEEPSTAT extension to save extra server - rountrips to fetch per-file stat(2) information. - NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to - match. - - djm@cvs.openbsd.org 2010/09/26 22:26:33 - [sftp.c] - when performing an "ls" in columnated (short) mode, only call - ioctl(TIOCGWINSZ) once to get the window width instead of per- - filename - - djm@cvs.openbsd.org 2010/09/30 11:04:51 - [servconf.c] - prevent free() of string in .rodata when overriding AuthorizedKeys in - a Match block; patch from rein AT basefarm.no - - djm@cvs.openbsd.org 2010/10/01 23:05:32 - [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] - adapt to API changes in openssl-1.0.0a - NB. contains compat code to select correct API for older OpenSSL - - djm@cvs.openbsd.org 2010/10/05 05:13:18 - [sftp.c sshconnect.c] - use default shell /bin/sh if $SHELL is ""; ok markus@ - - djm@cvs.openbsd.org 2010/10/06 06:39:28 - [clientloop.c ssh.c sshconnect.c sshconnect.h] - kill proxy command on fatal() (we already kill it on clean exit); - ok markus@ - - djm@cvs.openbsd.org 2010/10/06 21:10:21 - [sshconnect.c] - swapped args to kill(2) - - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. - - (djm) [cipher-acss.c] Add missing header. - - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp - -20100924 - - (djm) OpenBSD CVS Sync - - naddy@cvs.openbsd.org 2010/09/10 15:19:29 - [ssh-keygen.1] - * mention ECDSA in more places - * less repetition in FILES section - * SSHv1 keys are still encrypted with 3DES - help and ok jmc@ - - djm@cvs.openbsd.org 2010/09/11 21:44:20 - [ssh.1] - mention RFC 5656 for ECC stuff - - jmc@cvs.openbsd.org 2010/09/19 21:30:05 - [sftp.1] - more wacky macro fixing; - - djm@cvs.openbsd.org 2010/09/20 04:41:47 - [ssh.c] - install a SIGCHLD handler to reap expiried child process; ok markus@ - - djm@cvs.openbsd.org 2010/09/20 04:50:53 - [jpake.c schnorr.c] - check that received values are smaller than the group size in the - disabled and unfinished J-PAKE code. - avoids catastrophic security failure found by Sebastien Martini - - djm@cvs.openbsd.org 2010/09/20 04:54:07 - [jpake.c] - missing #include - - djm@cvs.openbsd.org 2010/09/20 07:19:27 - [mux.c] - "atomically" create the listening mux socket by binding it on a temorary - name and then linking it into position after listen() has succeeded. - this allows the mux clients to determine that the server socket is - either ready or stale without races. stale server sockets are now - automatically removed - ok deraadt - - djm@cvs.openbsd.org 2010/09/22 05:01:30 - [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] - [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] - add a KexAlgorithms knob to the client and server configuration to allow - selection of which key exchange methods are used by ssh(1) and sshd(8) - and their order of preference. - ok markus@ - - jmc@cvs.openbsd.org 2010/09/22 08:30:08 - [ssh.1 ssh_config.5] - ssh.1: add kexalgorithms to the -o list - ssh_config.5: format the kexalgorithms in a more consistent - (prettier!) way - ok djm - - djm@cvs.openbsd.org 2010/09/22 22:58:51 - [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] - [sftp-client.h sftp.1 sftp.c] - add an option per-read/write callback to atomicio - - factor out bandwidth limiting code from scp(1) into a generic bandwidth - limiter that can be attached using the atomicio callback mechanism - - add a bandwidth limit option to sftp(1) using the above - "very nice" markus@ - - jmc@cvs.openbsd.org 2010/09/23 13:34:43 - [sftp.c] - add [-l limit] to usage(); - - jmc@cvs.openbsd.org 2010/09/23 13:36:46 - [scp.1 sftp.1] - add KexAlgorithms to the -o list; - -20100910 - - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact - return code since it can apparently return -1 under some conditions. From - openssh bugs werbittewas de, ok djm@ - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/31 12:33:38 - [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] - reintroduce commit from tedu@, which I pulled out for release - engineering: - OpenSSL_add_all_algorithms is the name of the function we have a - man page for, so use that. ok djm - - jmc@cvs.openbsd.org 2010/08/31 17:40:54 - [ssh-agent.1] - fix some macro abuse; - - jmc@cvs.openbsd.org 2010/08/31 21:14:58 - [ssh.1] - small text tweak to accommodate previous; - - naddy@cvs.openbsd.org 2010/09/01 15:21:35 - [servconf.c] - pick up ECDSA host key by default; ok djm@ - - markus@cvs.openbsd.org 2010/09/02 16:07:25 - [ssh-keygen.c] - permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ - - markus@cvs.openbsd.org 2010/09/02 16:08:39 - [ssh.c] - unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ - - naddy@cvs.openbsd.org 2010/09/02 17:21:50 - [ssh-keygen.c] - Switch ECDSA default key size to 256 bits, which according to RFC5656 - should still be better than our current RSA-2048 default. - ok djm@, markus@ - - jmc@cvs.openbsd.org 2010/09/03 11:09:29 - [scp.1] - add an EXIT STATUS section for /usr/bin; - - jmc@cvs.openbsd.org 2010/09/04 09:38:34 - [ssh-add.1 ssh.1] - two more EXIT STATUS sections; - - naddy@cvs.openbsd.org 2010/09/06 17:10:19 - [sshd_config] - add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste - - ok deraadt@ - - djm@cvs.openbsd.org 2010/09/08 03:54:36 - [authfile.c] - typo - - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 - [compress.c] - work around name-space collisions some buggy compilers (looking at you - gcc, at least in earlier versions, but this does not forgive your current - transgressions) seen between zlib and openssl - ok djm - - djm@cvs.openbsd.org 2010/09/09 10:45:45 - [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] - ECDH/ECDSA compliance fix: these methods vary the hash function they use - (SHA256/384/512) depending on the length of the curve in use. The previous - code incorrectly used SHA256 in all cases. - - This fix will cause authentication failure when using 384 or 521-bit curve - keys if one peer hasn't been upgraded and the other has. (256-bit curve - keys work ok). In particular you may need to specify HostkeyAlgorithms - when connecting to a server that has not been upgraded from an upgraded - client. - - ok naddy@ - - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] - [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] - [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on - platforms that don't have the requisite OpenSSL support. ok dtucker@ - - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs - for missing headers and compiler warnings. - -20100831 - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/08/08 19:36:30 - [ssh-keysign.8 ssh.1 sshd.8] - use the same template for all FILES sections; i.e. -compact/.Pp where we - have multiple items, and .Pa for path names; - - tedu@cvs.openbsd.org 2010/08/12 23:34:39 - [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] - OpenSSL_add_all_algorithms is the name of the function we have a man page - for, so use that. ok djm - - djm@cvs.openbsd.org 2010/08/16 04:06:06 - [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] - backout previous temporarily; discussed with deraadt@ - - djm@cvs.openbsd.org 2010/08/31 09:58:37 - [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] - [packet.h ssh-dss.c ssh-rsa.c] - Add buffer_get_cstring() and related functions that verify that the - string extracted from the buffer contains no embedded \0 characters* - This prevents random (possibly malicious) crap from being appended to - strings where it would not be noticed if the string is used with - a string(3) function. - - Use the new API in a few sensitive places. - - * actually, we allow a single one at the end of the string for now because - we don't know how many deployed implementations get this wrong, but don't - count on this to remain indefinitely. - - djm@cvs.openbsd.org 2010/08/31 11:54:45 - [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] - [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] - [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] - [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] - [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] - [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] - [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] - Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and - host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer - better performance than plain DH and DSA at the same equivalent symmetric - key length, as well as much shorter keys. - - Only the mandatory sections of RFC5656 are implemented, specifically the - three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and - ECDSA. Point compression (optional in RFC5656 is NOT implemented). - - Certificate host and user keys using the new ECDSA key types are supported. - - Note that this code has not been tested for interoperability and may be - subject to change. - - feedback and ok markus@ - - (djm) [Makefile.in] Add new ECC files - - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include - includes.h - -20100827 - - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, - remove. Patch from martynas at venck us - -20100823 - - (djm) Release OpenSSH-5.6p1 - -20100816 - - (dtucker) [configure.ac openbsd-compat/Makefile.in - openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to - the compat library which helps on platforms like old IRIX. Based on work - by djm, tested by Tom Christensen. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/12 21:49:44 - [ssh.c] - close any extra file descriptors inherited from parent at start and - reopen stdin/stdout to /dev/null when forking for ControlPersist. - - prevents tools that fork and run a captive ssh for communication from - failing to exit when the ssh completes while they wait for these fds to - close. The inherited fds may persist arbitrarily long if a background - mux master has been started by ControlPersist. cvs and scp were effected - by this. - - "please commit" markus@ - - (djm) [regress/README.regress] typo - -20100812 - - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh - regress/test-exec.sh] Under certain conditions when testing with sudo - tests would fail because the pidfile could not be read by a regular user. - "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" - Make sure cat is run by $SUDO. no objection from me. djm@ - - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. - -20100809 - - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is - already set. Makes FreeBSD user openable tunnels useful; patch from - richard.burakowski+ossh AT mrburak.net, ok dtucker@ - - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. - based in part on a patch from Colin Watson, ok djm@ - -20100809 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/08 16:26:42 - [version.h] - crank to 5.6 - - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] - [contrib/suse/openssh.spec] Crank version numbers - -20100805 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/08/04 05:37:01 - [ssh.1 ssh_config.5 sshd.8] - Remove mentions of weird "addr/port" alternate address format for IPv6 - addresses combinations. It hasn't worked for ages and we have supported - the more commen "[addr]:port" format for a long time. ok jmc@ markus@ - - djm@cvs.openbsd.org 2010/08/04 05:40:39 - [PROTOCOL.certkeys ssh-keygen.c] - tighten the rules for certificate encoding by requiring that options - appear in lexical order and make our ssh-keygen comply. ok markus@ - - djm@cvs.openbsd.org 2010/08/04 05:42:47 - [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] - [ssh-keysign.c ssh.c] - enable certificates for hostbased authentication, from Iain Morgan; - "looks ok" markus@ - - djm@cvs.openbsd.org 2010/08/04 05:49:22 - [authfile.c] - commited the wrong version of the hostbased certificate diff; this - version replaces some strlc{py,at} verbosity with xasprintf() at - the request of markus@ - - djm@cvs.openbsd.org 2010/08/04 06:07:11 - [ssh-keygen.1 ssh-keygen.c] - Support CA keys in PKCS#11 tokens; feedback and ok markus@ - - djm@cvs.openbsd.org 2010/08/04 06:08:40 - [ssh-keysign.c] - clean for -Wuninitialized (Id sync only; portable had this change) - - djm@cvs.openbsd.org 2010/08/05 13:08:42 - [channels.c] - Fix a trio of bugs in the local/remote window calculation for datagram - data channels (i.e. TunnelForward): - - Calculate local_consumed correctly in channel_handle_wfd() by measuring - the delta to buffer_len(c->output) from when we start to when we finish. - The proximal problem here is that the output_filter we use in portable - modified the length of the dequeued datagram (to futz with the headers - for !OpenBSD). - - In channel_output_poll(), don't enqueue datagrams that won't fit in the - peer's advertised packet size (highly unlikely to ever occur) or which - won't fit in the peer's remaining window (more likely). - - In channel_input_data(), account for the 4-byte string header in - datagram packets that we accept from the peer and enqueue in c->output. - - report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; - "looks good" markus@ - -20100803 - - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from - PAM to sane values in case the PAM method doesn't write to them. Spotted by - Bitman Zhou, ok djm@. - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/07/16 04:45:30 - [ssh-keygen.c] - avoid bogus compiler warning - - djm@cvs.openbsd.org 2010/07/16 14:07:35 - [ssh-rsa.c] - more timing paranoia - compare all parts of the expected decrypted - data before returning. AFAIK not exploitable in the SSH protocol. - "groovy" deraadt@ - - djm@cvs.openbsd.org 2010/07/19 03:16:33 - [sftp-client.c] - bz#1797: fix swapped args in upload_dir_internal(), breaking recursive - upload depth checks and causing verbose printing of transfers to always - be turned on; patch from imorgan AT nas.nasa.gov - - djm@cvs.openbsd.org 2010/07/19 09:15:12 - [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] - add a "ControlPersist" option that automatically starts a background - ssh(1) multiplex master when connecting. This connection can stay alive - indefinitely, or can be set to automatically close after a user-specified - duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but - further hacked on by wmertens AT cisco.com, apb AT cequrux.com, - martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ - - djm@cvs.openbsd.org 2010/07/21 02:10:58 - [misc.c] - sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern - - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 - [ssh.1] - Ciphers is documented in ssh_config(5) these days - -20100819 - - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more - details about its behaviour WRT existing directories. Patch from - asguthrie at gmail com, ok djm. - -20100716 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/07/02 04:32:44 - [misc.c] - unbreak strdelim() skipping past quoted strings, e.g. - AllowUsers "blah blah" blah - was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com - ok dtucker; - - djm@cvs.openbsd.org 2010/07/12 22:38:52 - [ssh.c] - Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") - for protocol 2. ok markus@ - - djm@cvs.openbsd.org 2010/07/12 22:41:13 - [ssh.c ssh_config.5] - expand %h to the hostname in ssh_config Hostname options. While this - sounds useless, it is actually handy for working with unqualified - hostnames: - - Host *.* - Hostname %h - Host * - Hostname %h.example.org - - "I like it" markus@ - - djm@cvs.openbsd.org 2010/07/13 11:52:06 - [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] - [packet.c ssh-rsa.c] - implement a timing_safe_cmp() function to compare memory without leaking - timing information by short-circuiting like memcmp() and use it for - some of the more sensitive comparisons (though nothing high-value was - readily attackable anyway); "looks ok" markus@ - - djm@cvs.openbsd.org 2010/07/13 23:13:16 - [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] - [ssh-rsa.c] - s/timing_safe_cmp/timingsafe_bcmp/g - - jmc@cvs.openbsd.org 2010/07/14 17:06:58 - [ssh.1] - finally ssh synopsis looks nice again! this commit just removes a ton of - hacks we had in place to make it work with old groff; - - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 - [ssh-keygen.1] - repair incorrect block nesting, which screwed up indentation; - problem reported and fix OK by jmc@ - -20100714 - - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass - (line 77) should have been for no_x11_askpass. - -20100702 - - (djm) OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/06/26 00:57:07 - [ssh_config.5] - tweak previous; - - djm@cvs.openbsd.org 2010/06/26 23:04:04 - [ssh.c] - oops, forgot to #include ; spotted and patch from chl@ - - djm@cvs.openbsd.org 2010/06/29 23:15:30 - [ssh-keygen.1 ssh-keygen.c] - allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; - bz#1749; ok markus@ - - djm@cvs.openbsd.org 2010/06/29 23:16:46 - [auth2-pubkey.c sshd_config.5] - allow key options (command="..." and friends) in AuthorizedPrincipals; - ok markus@ - - jmc@cvs.openbsd.org 2010/06/30 07:24:25 - [ssh-keygen.1] - tweak previous; - - jmc@cvs.openbsd.org 2010/06/30 07:26:03 - [ssh-keygen.c] - sort usage(); - - jmc@cvs.openbsd.org 2010/06/30 07:28:34 - [sshd_config.5] - tweak previous; - - millert@cvs.openbsd.org 2010/07/01 13:06:59 - [scp.c] - Fix a longstanding problem where if you suspend scp at the - password/passphrase prompt the terminal mode is not restored. - OK djm@ - - phessler@cvs.openbsd.org 2010/06/27 19:19:56 - [regress/Makefile] - fix how we run the tests so we can successfully use SUDO='sudo -E' - in our env - - djm@cvs.openbsd.org 2010/06/29 23:59:54 - [cert-userkey.sh] - regress tests for key options in AuthorizedPrincipals - -20100627 - - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs - key.h. - -20100626 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/05/21 05:00:36 - [misc.c] - colon() returns char*, so s/return (0)/return NULL/ - - markus@cvs.openbsd.org 2010/06/08 21:32:19 - [ssh-pkcs11.c] - check length of value returned C_GetAttributValue for != 0 - from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/17 07:07:30 - [mux.c] - Correct sizing of object to be allocated by calloc(), replacing - sizeof(state) with sizeof(*state). This worked by accident since - the struct contained a single int at present, but could have broken - in the future. patch from hyc AT symas.com - - djm@cvs.openbsd.org 2010/06/18 00:58:39 - [sftp.c] - unbreak ls in working directories that contains globbing characters in - their pathnames. bz#1655 reported by vgiffin AT apple.com - - djm@cvs.openbsd.org 2010/06/18 03:16:03 - [session.c] - Missing check for chroot_director == "none" (we already checked against - NULL); bz#1564 from Jan.Pechanec AT Sun.COM - - djm@cvs.openbsd.org 2010/06/18 04:43:08 - [sftp-client.c] - fix memory leak in do_realpath() error path; bz#1771, patch from - anicka AT suse.cz - - djm@cvs.openbsd.org 2010/06/22 04:22:59 - [servconf.c sshd_config.5] - expose some more sshd_config options inside Match blocks: - AuthorizedKeysFile AuthorizedPrincipalsFile - HostbasedUsesNameFromPacketOnly PermitTunnel - bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:32:06 - [ssh-keygen.c] - standardise error messages when attempting to open private key - files to include "progname: filename: error reason" - bz#1783; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:49:47 - [auth.c] - queue auth debug messages for bad ownership or permissions on the user's - keyfiles. These messages will be sent after the user has successfully - authenticated (where our client will display them with LogLevel=debug). - bz#1554; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:54:30 - [ssh-keyscan.c] - replace verbose and overflow-prone Linebuf code with read_keyfile_line() - based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/22 04:59:12 - [session.c] - include the user name on "subsystem request for ..." log messages; - bz#1571; ok dtucker@ - - djm@cvs.openbsd.org 2010/06/23 02:59:02 - [ssh-keygen.c] - fix printing of extensions in v01 certificates that I broke in r1.190 - - djm@cvs.openbsd.org 2010/06/25 07:14:46 - [channels.c mux.c readconf.c readconf.h ssh.h] - bz#1327: remove hardcoded limit of 100 permitopen clauses and port - forwards per direction; ok markus@ stevesk@ - - djm@cvs.openbsd.org 2010/06/25 07:20:04 - [channels.c session.c] - bz#1750: fix requirement for /dev/null inside ChrootDirectory for - internal-sftp accidentally introduced in r1.253 by removing the code - that opens and dup /dev/null to stderr and modifying the channels code - to read stderr but discard it instead; ok markus@ - - djm@cvs.openbsd.org 2010/06/25 08:46:17 - [auth1.c auth2-none.c] - skip the initial check for access with an empty password when - PermitEmptyPasswords=no; bz#1638; ok markus@ - - djm@cvs.openbsd.org 2010/06/25 23:10:30 - [ssh.c] - log the hostname and address that we connected to at LogLevel=verbose - after authentication is successful to mitigate "phishing" attacks by - servers with trusted keys that accept authentication silently and - automatically before presenting fake password/passphrase prompts; - "nice!" markus@ - - djm@cvs.openbsd.org 2010/06/25 23:10:30 - [ssh.c] - log the hostname and address that we connected to at LogLevel=verbose - after authentication is successful to mitigate "phishing" attacks by - servers with trusted keys that accept authentication silently and - automatically before presenting fake password/passphrase prompts; - "nice!" markus@ - -20100622 - - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 - bz#1579; ok dtucker - -20100618 - - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ - rather than assuming that $CWD == $HOME. bz#1500, patch from - timothy AT gelter.com - -20100617 - - (tim) [contrib/cygwin/README] Remove a reference to the obsolete - minires-devel package, and to add the reference to the libedit-devel - package since CYgwin now provides libedit. Patch from Corinna Vinschen. - -20100521 - - (djm) OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/05/07 11:31:26 - [regress/Makefile regress/cert-userkey.sh] - regress tests for AuthorizedPrincipalsFile and "principals=" key option. - feedback and ok markus@ - - djm@cvs.openbsd.org 2010/05/11 02:58:04 - [auth-rsa.c] - don't accept certificates marked as "cert-authority" here; ok markus@ - - djm@cvs.openbsd.org 2010/05/14 00:47:22 - [ssh-add.c] - check that the certificate matches the corresponding private key before - grafting it on - - djm@cvs.openbsd.org 2010/05/14 23:29:23 - [channels.c channels.h mux.c ssh.c] - Pause the mux channel while waiting for reply from aynch callbacks. - Prevents misordering of replies if new requests arrive while waiting. - - Extend channel open confirm callback to allow signalling failure - conditions as well as success. Use this to 1) fix a memory leak, 2) - start using the above pause mechanism and 3) delay sending a success/ - failure message on mux slave session open until we receive a reply from - the server. - - motivated by and with feedback from markus@ - - markus@cvs.openbsd.org 2010/05/16 12:55:51 - [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] - mux support for remote forwarding with dynamic port allocation, - use with - LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` - feedback and ok djm@ - - djm@cvs.openbsd.org 2010/05/20 11:25:26 - [auth2-pubkey.c] - fix logspam when key options (from="..." especially) deny non-matching - keys; reported by henning@ also bz#1765; ok markus@ dtucker@ - - djm@cvs.openbsd.org 2010/05/20 23:46:02 - [PROTOCOL.certkeys auth-options.c ssh-keygen.c] - Move the permit-* options to the non-critical "extensions" field for v01 - certificates. The logic is that if another implementation fails to - implement them then the connection just loses features rather than fails - outright. - - ok markus@ - -20100511 - - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve - circular dependency problem on old or odd platforms. From Tom Lane, ok - djm@. - - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older - libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't - already. ok dtucker@ - -20100510 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/04/23 01:47:41 - [ssh-keygen.c] - bz#1740: display a more helpful error message when $HOME is - inaccessible while trying to create .ssh directory. Based on patch - from jchadima AT redhat.com; ok dtucker@ - - djm@cvs.openbsd.org 2010/04/23 22:27:38 - [mux.c] - set "detach_close" flag when registering channel cleanup callbacks. - This causes the channel to close normally when its fds close and - hangs when terminating a mux slave using ~. bz#1758; ok markus@ - - djm@cvs.openbsd.org 2010/04/23 22:42:05 - [session.c] - set stderr to /dev/null for subsystems rather than just closing it. - avoids hangs if a subsystem or shell initialisation writes to stderr. - bz#1750; ok markus@ - - djm@cvs.openbsd.org 2010/04/23 22:48:31 - [ssh-keygen.c] - refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, - since we would refuse to use them anyway. bz#1516; ok dtucker@ - - djm@cvs.openbsd.org 2010/04/26 22:28:24 - [sshconnect2.c] - bz#1502: authctxt.success is declared as an int, but passed by - reference to function that accepts sig_atomic_t*. Convert it to - the latter; ok markus@ dtucker@ - - djm@cvs.openbsd.org 2010/05/01 02:50:50 - [PROTOCOL.certkeys] - typo; jmeltzer@ - - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 - [sftp.c] - restore mput and mget which got lost in the tab-completion changes. - found by Kenneth Whitaker, ok djm@ - - djm@cvs.openbsd.org 2010/05/07 11:30:30 - [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] - [key.c servconf.c servconf.h sshd.8 sshd_config.5] - add some optional indirection to matching of principal names listed - in certificates. Currently, a certificate must include the a user's name - to be accepted for authentication. This change adds the ability to - specify a list of certificate principal names that are acceptable. - - When authenticating using a CA trusted through ~/.ssh/authorized_keys, - this adds a new principals="name1[,name2,...]" key option. - - For CAs listed through sshd_config's TrustedCAKeys option, a new config - option "AuthorizedPrincipalsFile" specifies a per-user file containing - the list of acceptable names. - - If either option is absent, the current behaviour of requiring the - username to appear in principals continues to apply. - - These options are useful for role accounts, disjoint account namespaces - and "user@realm"-style naming policies in certificates. - - feedback and ok markus@ - - jmc@cvs.openbsd.org 2010/05/07 12:49:17 - [sshd_config.5] - tweak previous; - -20100423 - - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir - in the openssl install directory (some newer openssl versions do this on at - least some amd64 platforms). - -20100418 - - OpenBSD CVS Sync - - jmc@cvs.openbsd.org 2010/04/16 06:45:01 - [ssh_config.5] - tweak previous; ok djm - - jmc@cvs.openbsd.org 2010/04/16 06:47:04 - [ssh-keygen.1 ssh-keygen.c] - tweak previous; ok djm - - djm@cvs.openbsd.org 2010/04/16 21:14:27 - [sshconnect.c] - oops, %r => remote username, not %u - - djm@cvs.openbsd.org 2010/04/16 01:58:45 - [regress/cert-hostkey.sh regress/cert-userkey.sh] - regression tests for v01 certificate format - includes interop tests for v00 certs - - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default - file. - -20100416 - - (djm) Release openssh-5.5p1 - - OpenBSD CVS Sync - - djm@cvs.openbsd.org 2010/03/26 03:13:17 - [bufaux.c] - allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer - argument to allow skipping past values in a buffer - - jmc@cvs.openbsd.org 2010/03/26 06:54:36 - [ssh.1] - tweak previous; - - jmc@cvs.openbsd.org 2010/03/27 14:26:55 - [ssh_config.5] - tweak previous; ok dtucker - - djm@cvs.openbsd.org 2010/04/10 00:00:16 - [ssh.c] - bz#1746 - suppress spurious tty warning when using -O and stdin - is not a tty; ok dtucker@ markus@ - - djm@cvs.openbsd.org 2010/04/10 00:04:30 - [sshconnect.c] - fix terminology: we didn't find a certificate in known_hosts, we found - a CA key - - djm@cvs.openbsd.org 2010/04/10 02:08:44 - [clientloop.c] - bz#1698: kill channel when pty allocation requests fail. Fixed - stuck client if the server refuses pty allocation. - ok dtucker@ "think so" markus@ - - djm@cvs.openbsd.org 2010/04/10 02:10:56 - [sshconnect2.c] - show the key type that we are offering in debug(), helps distinguish - between certs and plain keys as the path to the private key is usually - the same. - - djm@cvs.openbsd.org 2010/04/10 05:48:16 - [mux.c] - fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au - - djm@cvs.openbsd.org 2010/04/14 22:27:42 - [ssh_config.5 sshconnect.c] - expand %r => remote username in ssh_config:ProxyCommand; - ok deraadt markus - - markus@cvs.openbsd.org 2010/04/15 20:32:55 - [ssh-pkcs11.c] - retry lookup for private key if there's no matching key with CKA_SIGN - attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) - ok djm@ - - djm@cvs.openbsd.org 2010/04/16 01:47:26 - [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] - [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] - [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] - [sshconnect.c sshconnect2.c sshd.c] - revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the - following changes: - - move the nonce field to the beginning of the certificate where it can - better protect against chosen-prefix attacks on the signature hash - - Rename "constraints" field to "critical options" - - Add a new non-critical "extensions" field - - Add a serial number - - The older format is still support for authentication and cert generation - (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) - - ok markus@ -- cgit v1.2.3