120130516 2 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be 3 executed if mktemp failed; bz#2105 ok dtucker@ 4 - (djm) Release 6.2p2 5 620130510 7 - (djm) OpenBSD CVS Cherrypick 8 - djm@cvs.openbsd.org 2013/04/11 02:27:50 9 [packet.c] 10 quiet disconnect notifications on the server from error() back to logit() 11 if it is a normal client closure; bz#2057 ok+feedback dtucker@ 12 - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 13 [contrib/suse/openssh.spec] Crank version numbers for release. 14 - (djm) [README] Update release notes URL 15 1620130404 17 - (dtucker) OpenBSD CVS Sync 18 - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 19 [readconf.c ssh.c readconf.h sshconnect2.c] 20 Keep track of which IndentityFile options were manually supplied and which 21 were default options, and don't warn if the latter are missing. 22 ok markus@ 23 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 24 [krl.c] 25 Remove bogus include. ok djm 26 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 27 [ssh.c readconf.c readconf.h] 28 Don't complain if IdentityFiles specified in system-wide configs are 29 missing. ok djm, deraadt. 30 - markus@cvs.openbsd.org 2013/02/22 19:13:56 31 [sshconnect.c] 32 support ProxyCommand=- (stdin/out already point to the proxy); ok djm@ 33 - djm@cvs.openbsd.org 2013/02/22 22:09:01 34 [ssh.c] 35 Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier 36 version) 37 3820130401 39 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h 40 to avoid conflicting definitions of __int64, adding the required bits. 41 Patch from Corinna Vinschen. 42 4320120322 44 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 45 Hands' greatly revised version. 46 - (djm) Release 6.2p1 47 4820120318 49 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 50 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's 51 so mark it as broken. Patch from des AT des.no 52 5320120317 54 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 55 of the bits the configure test looks for. 56 5720120316 58 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 59 is unable to successfully compile them. Based on patch from des AT 60 des.no 61 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 62 Add a usleep replacement for platforms that lack it; ok dtucker 63 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 64 occur after UID switch; patch from John Marshall via des AT des.no; 65 ok dtucker@ 66 6720120312 68 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 69 Improve portability of cipher-speed test, based mostly on a patch from 70 Iain Morgan. 71 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 72 in addition to root as an owner of system directories on AIX and HP-UX. 73 ok djm@ 74 7520130307 76 - (dtucker) [INSTALL] Bump documented autoconf version to what we're 77 currently using. 78 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it 79 was removed in configure.ac rev 1.481 as it was redundant. 80 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 81 ago. 82 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 83 chance to complete on broken systems; ok dtucker@ 84 8520130306 86 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 87 connection to start so that the test works on slower machines. 88 - (dtucker) [configure.ac] test that we can set number of file descriptors 89 to zero with setrlimit before enabling the rlimit sandbox. This affects 90 (at least) HPUX 11.11. 91 9220130305 93 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 94 HP/UX. Spotted by Kevin Brott 95 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 96 Amit Kulkarni and Kevin Brott. 97 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 98 build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin 99 Brott. 100 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 101 10220130227 103 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 104 [contrib/suse/openssh.spec] Crank version numbers 105 - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 106 - (tim) [regress/integrity.sh] shell portability fix. 107 - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 108 - (tim) [regress/krl.sh] keep old solaris awk from hanging. 109 11020130226 111 - OpenBSD CVS Sync 112 - djm@cvs.openbsd.org 2013/02/20 08:27:50 113 [integrity.sh] 114 Add an option to modpipe that warns if the modification offset it not 115 reached in it's stream and turn it on for t-integrity. This should catch 116 cases where the session is not fuzzed for being too short (cf. my last 117 "oops" commit) 118 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 119 for UsePAM=yes configuration 120 12120130225 122 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 123 to use Solaris native GSS libs. Patch from Pierre Ossman. 124 12520130223 126 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 127 bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. 128 ok tim 129 13020130222 131 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 132 ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. 133 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 134 libgss too. Patch from Pierre Ossman, ok djm. 135 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 136 seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; 137 ok dtucker 138 13920130221 140 - (tim) [regress/forward-control.sh] shell portability fix. 141 14220130220 143 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 144 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 145 err.h include from krl.c. Additional portability fixes for modpipe. OK djm 146 - OpenBSD CVS Sync 147 - djm@cvs.openbsd.org 2013/02/20 08:27:50 148 [regress/integrity.sh regress/modpipe.c] 149 Add an option to modpipe that warns if the modification offset it not 150 reached in it's stream and turn it on for t-integrity. This should catch 151 cases where the session is not fuzzed for being too short (cf. my last 152 "oops" commit) 153 - djm@cvs.openbsd.org 2013/02/20 08:29:27 154 [regress/modpipe.c] 155 s/Id/OpenBSD/ in RCS tag 156 15720130219 158 - OpenBSD CVS Sync 159 - djm@cvs.openbsd.org 2013/02/18 22:26:47 160 [integrity.sh] 161 crank the offset yet again; it was still fuzzing KEX one of Darren's 162 portable test hosts at 2800 163 - djm@cvs.openbsd.org 2013/02/19 02:14:09 164 [integrity.sh] 165 oops, forgot to increase the output of the ssh command to ensure that 166 we actually reach $offset 167 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 168 lack support for SHA2. 169 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms 170 that do not have them. 171 17220130217 173 - OpenBSD CVS Sync 174 - djm@cvs.openbsd.org 2013/02/17 23:16:55 175 [integrity.sh] 176 make the ssh command generates some output to ensure that there are at 177 least offset+tries bytes in the stream. 178 17920130216 180 - OpenBSD CVS Sync 181 - djm@cvs.openbsd.org 2013/02/16 06:08:45 182 [integrity.sh] 183 make sure the fuzz offset is actually past the end of KEX for all KEX 184 types. diffie-hellman-group-exchange-sha256 requires an offset around 185 2700. Noticed via test failures in portable OpenSSH on platforms that 186 lack ECC and this the more byte-frugal ECDH KEX algorithms. 187 18820130215 189 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 190 Iain Morgan 191 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 192 Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). 193 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 194 openbsd-compat/openbsd-compat.h] Add strtoull to compat library for 195 platforms that don't have it. 196 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 197 group strto* function prototypes together. 198 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 199 an argument. Pointed out by djm. 200 - (djm) OpenBSD CVS Sync 201 - djm@cvs.openbsd.org 2013/02/14 21:35:59 202 [auth2-pubkey.c] 203 Correct error message that had a typo and was logging the wrong thing; 204 patch from Petr Lautrbach 205 - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 206 [sshconnect2.c] 207 Warn more loudly if an IdentityFile provided by the user cannot be read. 208 bz #1981, ok djm@ 209 21020130214 211 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 212 - (djm) [regress/krl.sh] typo; found by Iain Morgan 213 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 214 of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by 215 Iain Morgan 216 21720130212 218 - (djm) OpenBSD CVS Sync 219 - djm@cvs.openbsd.org 2013/01/24 21:45:37 220 [krl.c] 221 fix handling of (unused) KRL signatures; skip string in correct buffer 222 - djm@cvs.openbsd.org 2013/01/24 22:08:56 223 [krl.c] 224 skip serial lookup when cert's serial number is zero 225 - krw@cvs.openbsd.org 2013/01/25 05:00:27 226 [krl.c] 227 Revert last. Breaks due to likely typo. Let djm@ fix later. 228 ok djm@ via dlg@ 229 - djm@cvs.openbsd.org 2013/01/25 10:22:19 230 [krl.c] 231 redo last commit without the vi-vomit that snuck in: 232 skip serial lookup when cert's serial number is zero 233 (now with 100% better comment) 234 - djm@cvs.openbsd.org 2013/01/26 06:11:05 235 [Makefile.in acss.c acss.h cipher-acss.c cipher.c] 236 [openbsd-compat/openssl-compat.h] 237 remove ACSS, now that it is gone from libcrypto too 238 - djm@cvs.openbsd.org 2013/01/27 10:06:12 239 [krl.c] 240 actually use the xrealloc() return value; spotted by xi.wang AT gmail.com 241 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 242 [servconf.c sshd_config sshd_config.5] 243 Change default of MaxStartups to 10:30:100 to start doing random early 244 drop at 10 connections up to 100 connections. This will make it harder 245 to DoS as CPUs have come a long way since the original value was set 246 back in 2000. Prompted by nion at debian org, ok markus@ 247 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 248 [auth.c] 249 Fix comment, from jfree.e1 at gmail 250 - djm@cvs.openbsd.org 2013/02/08 00:41:12 251 [sftp.c] 252 fix NULL deref when built without libedit and control characters 253 entered as command; debugging and patch from Iain Morgan an 254 Loganaden Velvindron in bz#1956 255 - markus@cvs.openbsd.org 2013/02/10 21:19:34 256 [version.h] 257 openssh 6.2 258 - djm@cvs.openbsd.org 2013/02/10 23:32:10 259 [ssh-keygen.c] 260 append to moduli file when screening candidates rather than overwriting. 261 allows resumption of interrupted screen; patch from Christophe Garault 262 in bz#1957; ok dtucker@ 263 - djm@cvs.openbsd.org 2013/02/10 23:35:24 264 [packet.c] 265 record "Received disconnect" messages at ERROR rather than INFO priority, 266 since they are abnormal and result in a non-zero ssh exit status; patch 267 from Iain Morgan in bz#2057; ok dtucker@ 268 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 269 [sshd.c] 270 Add openssl version to debug output similar to the client. ok markus@ 271 - djm@cvs.openbsd.org 2013/02/11 23:58:51 272 [regress/try-ciphers.sh] 273 remove acss here too 274 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 275 27620130211 277 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 278 libcrypto that lacks EVP_CIPHER_CTX_ctrl 279 28020130208 281 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 282 patch from Iain Morgan in bz#2059 283 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 284 __attribute__ on return values and work around if necessary. ok djm@ 285 28620130207 287 - (djm) [configure.ac] Don't probe seccomp capability of running kernel 288 at configure time; the seccomp sandbox will fall back to rlimit at 289 runtime anyway. Patch from plautrba AT redhat.com in bz#2011 290 29120130120 292 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 293 Move prototypes for replacement ciphers to openssl-compat.h; fix EVP 294 prototypes for openssl-1.0.0-fips. 295 - (djm) OpenBSD CVS Sync 296 - jmc@cvs.openbsd.org 2013/01/18 07:57:47 297 [ssh-keygen.1] 298 tweak previous; 299 - jmc@cvs.openbsd.org 2013/01/18 07:59:46 300 [ssh-keygen.c] 301 -u before -V in usage(); 302 - jmc@cvs.openbsd.org 2013/01/18 08:00:49 303 [sshd_config.5] 304 tweak previous; 305 - jmc@cvs.openbsd.org 2013/01/18 08:39:04 306 [ssh-keygen.1] 307 add -Q to the options list; ok djm 308 - jmc@cvs.openbsd.org 2013/01/18 21:48:43 309 [ssh-keygen.1] 310 command-line (adj.) -> command line (n.); 311 - jmc@cvs.openbsd.org 2013/01/19 07:13:25 312 [ssh-keygen.1] 313 fix some formatting; ok djm 314 - markus@cvs.openbsd.org 2013/01/19 12:34:55 315 [krl.c] 316 RB_INSERT does not remove existing elments; ok djm@ 317 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 318 version. 319 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 320 32120130118 322 - (djm) OpenBSD CVS Sync 323 - djm@cvs.openbsd.org 2013/01/17 23:00:01 324 [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] 325 [krl.c krl.h PROTOCOL.krl] 326 add support for Key Revocation Lists (KRLs). These are a compact way to 327 represent lists of revoked keys and certificates, taking as little as 328 a single bit of incremental cost to revoke a certificate by serial number. 329 KRLs are loaded via the existing RevokedKeys sshd_config option. 330 feedback and ok markus@ 331 - djm@cvs.openbsd.org 2013/01/18 00:45:29 332 [regress/Makefile regress/cert-userkey.sh regress/krl.sh] 333 Tests for Key Revocation Lists (KRLs) 334 - djm@cvs.openbsd.org 2013/01/18 03:00:32 335 [krl.c] 336 fix KRL generation bug for list sections 337 33820130117 339 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 340 check for GCM support before testing GCM ciphers. 341 34220130112 343 - (djm) OpenBSD CVS Sync 344 - djm@cvs.openbsd.org 2013/01/12 11:22:04 345 [cipher.c] 346 improve error message for integrity failure in AES-GCM modes; ok markus@ 347 - djm@cvs.openbsd.org 2013/01/12 11:23:53 348 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 349 test AES-GCM modes; feedback markus@ 350 - (djm) [regress/integrity.sh] repair botched merge 351 35220130109 353 - (djm) OpenBSD CVS Sync 354 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 355 [auth.c] 356 use correct string in error message; from rustybsd at gmx.fr 357 - djm@cvs.openbsd.org 2013/01/02 00:32:07 358 [clientloop.c mux.c] 359 channel_setup_local_fwd_listener() returns 0 on failure, not -ve 360 bz#2055 reported by mathieu.lacage AT gmail.com 361 - djm@cvs.openbsd.org 2013/01/02 00:33:49 362 [PROTOCOL.agent] 363 correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 364 bz#2051 from david AT lechnology.com 365 - djm@cvs.openbsd.org 2013/01/03 05:49:36 366 [servconf.h] 367 add a couple of ServerOptions members that should be copied to the privsep 368 child (for consistency, in this case they happen only to be accessed in 369 the monitor); ok dtucker@ 370 - djm@cvs.openbsd.org 2013/01/03 12:49:01 371 [PROTOCOL] 372 fix description of MAC calculation for EtM modes; ok markus@ 373 - djm@cvs.openbsd.org 2013/01/03 12:54:49 374 [sftp-server.8 sftp-server.c] 375 allow specification of an alternate start directory for sftp-server(8) 376 "I like this" markus@ 377 - djm@cvs.openbsd.org 2013/01/03 23:22:58 378 [ssh-keygen.c] 379 allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... 380 ok markus@ 381 - jmc@cvs.openbsd.org 2013/01/04 19:26:38 382 [sftp-server.8 sftp-server.c] 383 sftp-server.8: add argument name to -d 384 sftp-server.c: add -d to usage() 385 ok djm 386 - markus@cvs.openbsd.org 2013/01/08 18:49:04 387 [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] 388 [myproposal.h packet.c ssh_config.5 sshd_config.5] 389 support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) 390 ok and feedback djm@ 391 - djm@cvs.openbsd.org 2013/01/09 05:40:17 392 [ssh-keygen.c] 393 correctly initialise fingerprint type for fingerprinting PKCS#11 keys 394 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 395 Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little 396 cipher compat code to openssl-compat.h 397 39820121217 399 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 400 tests will work with VPATH directories. 401 40220121213 403 - (djm) OpenBSD CVS Sync 404 - markus@cvs.openbsd.org 2012/12/12 16:45:52 405 [packet.c] 406 reset incoming_packet buffer for each new packet in EtM-case, too; 407 this happens if packets are parsed only parially (e.g. ignore 408 messages sent when su/sudo turn off echo); noted by sthen/millert 409 - naddy@cvs.openbsd.org 2012/12/12 16:46:10 410 [cipher.c] 411 use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled 412 counter mode code; ok djm@ 413 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 414 compat code for older OpenSSL 415 - (djm) [cipher.c] Fix missing prototype for compat code 416 41720121212 418 - (djm) OpenBSD CVS Sync 419 - markus@cvs.openbsd.org 2012/12/11 22:16:21 420 [monitor.c] 421 drain the log messages after receiving the keystate from the unpriv 422 child. otherwise it might block while sending. ok djm@ 423 - markus@cvs.openbsd.org 2012/12/11 22:31:18 424 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] 425 [packet.c ssh_config.5 sshd_config.5] 426 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms 427 that change the packet format and compute the MAC over the encrypted 428 message (including the packet size) instead of the plaintext data; 429 these EtM modes are considered more secure and used by default. 430 feedback and ok djm@ 431 - sthen@cvs.openbsd.org 2012/12/11 22:51:45 432 [mac.c] 433 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ 434 - markus@cvs.openbsd.org 2012/12/11 22:32:56 435 [regress/try-ciphers.sh] 436 add etm modes 437 - markus@cvs.openbsd.org 2012/12/11 22:42:11 438 [regress/Makefile regress/modpipe.c regress/integrity.sh] 439 test the integrity of the packets; with djm@ 440 - markus@cvs.openbsd.org 2012/12/11 23:12:13 441 [try-ciphers.sh] 442 add hmac-ripemd160-etm@openssh.com 443 - (djm) [mac.c] fix merge botch 444 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 445 work on platforms without 'jot' 446 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 447 - (djm) [regress/Makefile] fix t-exec rule 448 44920121207 450 - (dtucker) OpenBSD CVS Sync 451 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54 452 [regress/keys-command.sh] 453 Fix some problems with the keys-command test: 454 - use string comparison rather than numeric comparison 455 - check for existing KEY_COMMAND file and don't clobber if it exists 456 - clean up KEY_COMMAND file if we do create it. 457 - check that KEY_COMMAND is executable (which it won't be if eg /var/run 458 is mounted noexec). 459 ok djm. 460 - jmc@cvs.openbsd.org 2012/12/03 08:33:03 461 [ssh-add.1 sshd_config.5] 462 tweak previous; 463 - markus@cvs.openbsd.org 2012/12/05 15:42:52 464 [ssh-add.c] 465 prevent double-free of comment; ok djm@ 466 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 467 [serverloop.c] 468 Cast signal to int for logging. A no-op on openbsd (they're always ints) 469 but will prevent warnings in portable. ok djm@ 470 47120121205 472 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@. 473 47420121203 475 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get 476 TAILQ_FOREACH_SAFE needed for upcoming changes. 477 - (djm) OpenBSD CVS Sync 478 - djm@cvs.openbsd.org 2012/12/02 20:26:11 479 [ssh_config.5 sshconnect2.c] 480 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. 481 This allows control of which keys are offered from tokens using 482 IdentityFile. ok markus@ 483 - djm@cvs.openbsd.org 2012/12/02 20:42:15 484 [ssh-add.1 ssh-add.c] 485 make deleting explicit keys "ssh-add -d" symmetric with adding keys - 486 try to delete the corresponding certificate too and respect the -k option 487 to allow deleting of the key only; feedback and ok markus@ 488 - djm@cvs.openbsd.org 2012/12/02 20:46:11 489 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] 490 [sshd_config.5] 491 make AllowTcpForwarding accept "local" and "remote" in addition to its 492 current "yes"/"no" to allow the server to specify whether just local or 493 remote TCP forwarding is enabled. ok markus@ 494 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 495 [regress/cipher-speed.sh regress/try-ciphers.sh] 496 Add umac-128@openssh.com to the list of MACs to be tested 497 - djm@cvs.openbsd.org 2012/10/19 05:10:42 498 [regress/cert-userkey.sh] 499 include a serial number when generating certs 500 - djm@cvs.openbsd.org 2012/11/22 22:49:30 501 [regress/Makefile regress/keys-command.sh] 502 regress for AuthorizedKeysCommand; hints from markus@ 503 - djm@cvs.openbsd.org 2012/12/02 20:47:48 504 [Makefile regress/forward-control.sh] 505 regress for AllowTcpForwarding local/remote; ok markus@ 506 - djm@cvs.openbsd.org 2012/12/03 00:14:06 507 [auth2-chall.c ssh-keygen.c] 508 Fix compilation with -Wall -Werror (trivial type fixes) 509 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation 510 debugging. ok dtucker@ 511 - (djm) [configure.ac] Revert previous. configure.ac already does this 512 for us. 513 51420121114 515 - (djm) OpenBSD CVS Sync 516 - djm@cvs.openbsd.org 2012/11/14 02:24:27 517 [auth2-pubkey.c] 518 fix username passed to helper program 519 prepare stdio fds before closefrom() 520 spotted by landry@ 521 - djm@cvs.openbsd.org 2012/11/14 02:32:15 522 [ssh-keygen.c] 523 allow the full range of unsigned serial numbers; 'fine' deraadt@ 524 - djm@cvs.openbsd.org 2012/12/02 20:34:10 525 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] 526 [monitor.c monitor.h] 527 Fixes logging of partial authentication when privsep is enabled 528 Previously, we recorded "Failed xxx" since we reset authenticated before 529 calling auth_log() in auth2.c. This adds an explcit "Partial" state. 530 531 Add a "submethod" to auth_log() to report which submethod is used 532 for keyboard-interactive. 533 534 Fix multiple authentication when one of the methods is 535 keyboard-interactive. 536 537 ok markus@ 538 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30 539 [regress/multiplex.sh] 540 Use 'kill -0' to test for the presence of a pid since it's more portable 541 54220121107 543 - (djm) OpenBSD CVS Sync 544 - eric@cvs.openbsd.org 2011/11/28 08:46:27 545 [moduli.5] 546 fix formula 547 ok djm@ 548 - jmc@cvs.openbsd.org 2012/09/26 17:34:38 549 [moduli.5] 550 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 551 references into a STANDARDS section; 552 55320121105 554 - (dtucker) [uidswap.c openbsd-compat/Makefile.in 555 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h 556 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids 557 and gids from uidswap.c to the compat library, which allows it to work with 558 the new setresuid calls in auth2-pubkey. with tim@, ok djm@ 559 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that 560 don't have it. Spotted by tim@. 561 56220121104 563 - (djm) OpenBSD CVS Sync 564 - jmc@cvs.openbsd.org 2012/10/31 08:04:50 565 [sshd_config.5] 566 tweak previous; 567 - djm@cvs.openbsd.org 2012/11/04 10:38:43 568 [auth2-pubkey.c sshd.c sshd_config.5] 569 Remove default of AuthorizedCommandUser. Administrators are now expected 570 to explicitly specify a user. feedback and ok markus@ 571 - djm@cvs.openbsd.org 2012/11/04 11:09:15 572 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] 573 [sshd_config.5] 574 Support multiple required authentication via an AuthenticationMethods 575 option. This option lists one or more comma-separated lists of 576 authentication method names. Successful completion of all the methods in 577 any list is required for authentication to complete; 578 feedback and ok markus@ 579 58020121030 581 - (djm) OpenBSD CVS Sync 582 - markus@cvs.openbsd.org 2012/10/05 12:34:39 583 [sftp.c] 584 fix signed vs unsigned warning; feedback & ok: djm@ 585 - djm@cvs.openbsd.org 2012/10/30 21:29:55 586 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] 587 [sshd.c sshd_config sshd_config.5] 588 new sshd_config option AuthorizedKeysCommand to support fetching 589 authorized_keys from a command in addition to (or instead of) from 590 the filesystem. The command is run as the target server user unless 591 another specified via a new AuthorizedKeysCommandUser option. 592 593 patch originally by jchadima AT redhat.com, reworked by me; feedback 594 and ok markus@ 595 59620121019 597 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in 598 the generated file as intended. 599 60020121005 601 - (dtucker) OpenBSD CVS Sync 602 - djm@cvs.openbsd.org 2012/09/17 09:54:44 603 [sftp.c] 604 an XXX for later 605 - markus@cvs.openbsd.org 2012/09/17 13:04:11 606 [packet.c] 607 clear old keys on rekeing; ok djm 608 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 609 [sftp.c] 610 Add bounds check on sftp tab-completion. Part of a patch from from 611 Jean-Marc Robert via tech@, ok djm 612 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 613 [sftp.c] 614 Fix improper handling of absolute paths when PWD is part of the completed 615 path. Patch from Jean-Marc Robert via tech@, ok djm. 616 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 617 [sftp.c] 618 Fix handling of filenames containing escaped globbing characters and 619 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. 620 - jmc@cvs.openbsd.org 2012/09/26 16:12:13 621 [ssh.1] 622 last stage of rfc changes, using consistent Rs/Re blocks, and moving the 623 references into a STANDARDS section; 624 - naddy@cvs.openbsd.org 2012/10/01 13:59:51 625 [monitor_wrap.c] 626 pasto; ok djm@ 627 - djm@cvs.openbsd.org 2012/10/02 07:07:45 628 [ssh-keygen.c] 629 fix -z option, broken in revision 1.215 630 - markus@cvs.openbsd.org 2012/10/04 13:21:50 631 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] 632 add umac128 variant; ok djm@ at n2k12 633 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07 634 [regress/try-ciphers.sh] 635 Restore missing space. (Id sync only). 636 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25 637 [regress/multiplex.sh] 638 Add test for ssh -Ostop 639 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21 640 [regress/multiplex.sh] 641 Log -O cmd output to the log file and make logging consistent with the 642 other tests. Test clean shutdown of an existing channel when testing 643 "stop". 644 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19 645 [regress/multiplex.sh] 646 use -Ocheck and waiting for completions by PID to make multiplexing test 647 less racy and (hopefully) more reliable on slow hardware. 648 - [Makefile umac.c] Add special-case target to build umac128.o. 649 - [umac.c] Enforce allowed umac output sizes. From djm@. 650 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom". 651 65220120917 653 - (dtucker) OpenBSD CVS Sync 654 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36 655 [servconf.c] 656 Fix comment line length 657 - markus@cvs.openbsd.org 2012/09/14 16:51:34 658 [sshconnect.c] 659 remove unused variable 660 66120120907 662 - (dtucker) OpenBSD CVS Sync 663 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13 664 [clientloop.c] 665 Make the escape command help (~?) context sensitive so that only commands 666 that will work in the current session are shown. ok markus@ 667 - jmc@cvs.openbsd.org 2012/09/06 13:57:42 668 [ssh.1] 669 missing letter in previous; 670 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19 671 [clientloop.c] 672 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ 673 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21 674 [clientloop.c] 675 Merge escape help text for ~v and ~V; ok djm@ 676 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21 677 [clientloop.c] 678 when muxmaster is run with -N, make it shut down gracefully when a client 679 sends it "-O stop" rather than hanging around (bz#1985). ok djm@ 680 68120120906 682 - (dtucker) OpenBSD CVS Sync 683 - jmc@cvs.openbsd.org 2012/08/15 18:25:50 684 [ssh-keygen.1] 685 a little more info on certificate validity; 686 requested by Ross L Richardson, and provided by djm 687 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 688 [clientloop.c clientloop.h mux.c] 689 Force a clean shutdown of ControlMaster client sessions when the ~. escape 690 sequence is used. This means that ~. should now work in mux clients even 691 if the server is no longer responding. Found by tedu, ok djm. 692 - djm@cvs.openbsd.org 2012/08/17 01:22:56 693 [kex.c] 694 add some comments about better handling first-KEX-follows notifications 695 from the server. Nothing uses these right now. No binary change 696 - djm@cvs.openbsd.org 2012/08/17 01:25:58 697 [ssh-keygen.c] 698 print details of which host lines were deleted when using 699 "ssh-keygen -R host"; ok markus@ 700 - djm@cvs.openbsd.org 2012/08/17 01:30:00 701 [compat.c sshconnect.c] 702 Send client banner immediately, rather than waiting for the server to 703 move first for SSH protocol 2 connections (the default). Patch based on 704 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ 705 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39 706 [clientloop.c log.c ssh.1 log.h] 707 Add ~v and ~V escape sequences to raise and lower the logging level 708 respectively. Man page help from jmc, ok deraadt jmc 709 71020120830 711 - (dtucker) [moduli] Import new moduli file. 712 71320120828 714 - (djm) Release openssh-6.1 715 71620120828 717 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN 718 for compatibility with future mingw-w64 headers. Patch from vinschen at 719 redhat com. 720 72120120822 722 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 723 [contrib/suse/openssh.spec] Update version numbers 724 72520120731 726 - (djm) OpenBSD CVS Sync 727 - jmc@cvs.openbsd.org 2012/07/06 06:38:03 728 [ssh-keygen.c] 729 missing full stop in usage(); 730 - djm@cvs.openbsd.org 2012/07/10 02:19:15 731 [servconf.c servconf.h sshd.c sshd_config] 732 Turn on systrace sandboxing of pre-auth sshd by default for new installs 733 by shipping a config that overrides the current UsePrivilegeSeparation=yes 734 default. Make it easier to flip the default in the future by adding too. 735 prodded markus@ feedback dtucker@ "get it in" deraadt@ 736 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 737 [servconf.c] 738 handle long comments in config files better. bz#2025, ok markus 739 - markus@cvs.openbsd.org 2012/07/22 18:19:21 740 [version.h] 741 openssh 6.1 742 74320120720 744 - (dtucker) Import regened moduli file. 745 74620120706 747 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is 748 not available. Allows use of sshd compiled on host with a filter-capable 749 kernel on hosts that lack the support. bz#2011 ok dtucker@ 750 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no 751 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT 752 esperi.org.uk; ok dtucker@ 753- (djm) OpenBSD CVS Sync 754 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 755 [moduli.c ssh-keygen.1 ssh-keygen.c] 756 Add options to specify starting line number and number of lines to process 757 when screening moduli candidates. This allows processing of different 758 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ 759 - djm@cvs.openbsd.org 2012/07/06 01:37:21 760 [mux.c] 761 fix memory leak of passed-in environment variables and connection 762 context when new session message is malformed; bz#2003 from Bert.Wesarg 763 AT googlemail.com 764 - djm@cvs.openbsd.org 2012/07/06 01:47:38 765 [ssh.c] 766 move setting of tty_flag to after config parsing so RequestTTY options 767 are correctly picked up. bz#1995 patch from przemoc AT gmail.com; 768 ok dtucker@ 769 77020120704 771 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 772 platforms that don't have it. "looks good" tim@ 773 77420120703 775 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with 776 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. 777 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not 778 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its 779 benefit is minor, so it's not worth disabling the sandbox if it doesn't 780 work. 781 78220120702 783- (dtucker) OpenBSD CVS Sync 784 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 785 [ssh_config.5 sshd_config.5] 786 match the documented MAC order of preference to the actual one; 787 ok dtucker@ 788 - markus@cvs.openbsd.org 2012/06/30 14:35:09 789 [sandbox-systrace.c sshd.c] 790 fix a during the load of the sandbox policies (child can still make 791 the read-syscall and wait forever for systrace-answers) by replacing 792 the read/write synchronisation with SIGSTOP/SIGCONT; 793 report and help hshoexer@; ok djm@, dtucker@ 794 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 795 [ssh.c] 796 set interactive ToS for forwarded X11 sessions. ok djm@ 797 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 798 [ssh-pkcs11-helper.c sftp-client.c] 799 fix a couple of "assigned but not used" warnings. ok markus@ 800 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 801 [regress/connect-privsep.sh] 802 remove exit from end of test since it prevents reporting failure 803 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] 804 Move cygwin detection to test-exec and use to skip reexec test on cygwin. 805 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. 806 80720120629 808 - OpenBSD CVS Sync 809 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 810 [addrmatch.c] 811 fix strlcpy truncation check. from carsten at debian org, ok markus 812 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 813 [monitor.c sshconnect2.c] 814 remove dead code following 'for (;;)' loops. 815 From Steve.McClellan at radisys com, ok markus@ 816 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 817 [sftp.c] 818 Remove unused variable leftover from tab-completion changes. 819 From Steve.McClellan at radisys com, ok markus@ 820 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 821 [sandbox-systrace.c] 822 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation 823 sandbox" since malloc now uses it. From johnw.mail at gmail com. 824 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 825 [mac.c myproposal.h ssh_config.5 sshd_config.5] 826 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 827 from draft6 of the spec and will not be in the RFC when published. Patch 828 from mdb at juniper net via bz#2023, ok markus. 829 - naddy@cvs.openbsd.org 2012/06/29 13:57:25 830 [ssh_config.5 sshd_config.5] 831 match the documented MAC order of preference to the actual one; ok dtucker@ 832 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 833 [regress/addrmatch.sh] 834 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 835 to match. Feedback and ok djm@ markus@. 836 - djm@cvs.openbsd.org 2012/06/01 00:47:35 837 [regress/multiplex.sh regress/forwarding.sh] 838 append to rather than truncate test log; bz#2013 from openssh AT 839 roumenpetrov.info 840 - djm@cvs.openbsd.org 2012/06/01 00:52:52 841 [regress/sftp-cmds.sh] 842 don't delete .* on cleanup due to unintended env expansion; pointed out in 843 bz#2014 by openssh AT roumenpetrov.info 844 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 845 [regress/connect-privsep.sh] 846 test sandbox with every malloc option 847 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 848 [regress/try-ciphers.sh regress/cipher-speed.sh] 849 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 850 from draft6 of the spec and will not be in the RFC when published. Patch 851 from mdb at juniper net via bz#2023, ok markus. 852 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. 853 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have 854 the required functions in libcrypto. 855 85620120628 857 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null 858 pointer deref in the client when built with LDNS and using DNSSEC with a 859 CNAME. Patch from gregdlg+mr at hochet info. 860 86120120622 862 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as 863 can logon as a service. Patch from vinschen at redhat com. 864 86520120620 866 - (djm) OpenBSD CVS Sync 867 - djm@cvs.openbsd.org 2011/12/02 00:41:56 868 [mux.c] 869 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 870 ok dtucker@ 871 - djm@cvs.openbsd.org 2011/12/04 23:16:12 872 [mux.c] 873 revert: 874 > revision 1.32 875 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 876 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 877 > ok dtucker@ 878 it interacts badly with ControlPersist 879 - djm@cvs.openbsd.org 2012/01/07 21:11:36 880 [mux.c] 881 fix double-free in new session handler 882 NB. Id sync only 883 - djm@cvs.openbsd.org 2012/05/23 03:28:28 884 [dns.c dns.h key.c key.h ssh-keygen.c] 885 add support for RFC6594 SSHFP DNS records for ECDSA key types. 886 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ 887 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black) 888 - djm@cvs.openbsd.org 2012/06/01 00:49:35 889 [PROTOCOL.mux] 890 correct types of port numbers (integers, not strings); bz#2004 from 891 bert.wesarg AT googlemail.com 892 - djm@cvs.openbsd.org 2012/06/01 01:01:22 893 [mux.c] 894 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg 895 AT googlemail.com 896 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 897 [jpake.c] 898 correct sizeof usage. patch from saw at online.de, ok deraadt 899 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 900 [ssh_config.5] 901 RSA instead of DSA twice. From Steve.McClellan at radisys com 902 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 903 [ssh.1 sshd.8] 904 Remove mention of 'three' key files since there are now four. From 905 Steve.McClellan at radisys com. 906 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 907 [ssh.1] 908 Clarify description of -W. Noted by Steve.McClellan at radisys com, 909 ok jmc 910 - markus@cvs.openbsd.org 2012/06/19 18:25:28 911 [servconf.c servconf.h sshd_config.5] 912 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} 913 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' 914 ok djm@ (back in March) 915 - jmc@cvs.openbsd.org 2012/06/19 21:35:54 916 [sshd_config.5] 917 tweak previous; ok markus 918 - djm@cvs.openbsd.org 2012/06/20 04:42:58 919 [clientloop.c serverloop.c] 920 initialise accept() backoff timer to avoid EINVAL from select(2) in 921 rekeying 922 92320120519 924 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch 925 from cjwatson at debian org. 926 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find 927 pkg-config so it does the right thing when cross-compiling. Patch from 928 cjwatson at debian org. 929- (dtucker) OpenBSD CVS Sync 930 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 931 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] 932 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 933 to match. Feedback and ok djm@ markus@. 934 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 935 [sshd_config.5] 936 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron 937 93820120504 939 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> 940 to fix building on some plaforms. Fom bowman at math utah edu and 941 des at des no. 942 94320120427 944 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 945 platform rather than exiting early, so that we still clean up and return 946 success or failure to test-exec.sh 947 94820120426 949 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters 950 via Niels 951 - (djm) [auth-krb5.c] Save errno across calls that might modify it; 952 ok dtucker@ 953 95420120423 955 - OpenBSD CVS Sync 956 - djm@cvs.openbsd.org 2012/04/23 08:18:17 957 [channels.c] 958 fix function proto/source mismatch 959 96020120422 961 - OpenBSD CVS Sync 962 - djm@cvs.openbsd.org 2012/02/29 11:21:26 963 [ssh-keygen.c] 964 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ 965 - guenther@cvs.openbsd.org 2012/03/15 03:10:27 966 [session.c] 967 root should always be excluded from the test for /etc/nologin instead 968 of having it always enforced even when marked as ignorenologin. This 969 regressed when the logic was incompletely flipped around in rev 1.251 970 ok halex@ millert@ 971 - djm@cvs.openbsd.org 2012/03/28 07:23:22 972 [PROTOCOL.certkeys] 973 explain certificate extensions/crit split rationale. Mention requirement 974 that each appear at most once per cert. 975 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 976 [channels.c channels.h servconf.c] 977 Add PermitOpen none option based on patch from Loganaden Velvindron 978 (bz #1949). ok djm@ 979 - djm@cvs.openbsd.org 2012/04/11 13:16:19 980 [channels.c channels.h clientloop.c serverloop.c] 981 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 982 while; ok deraadt@ markus@ 983 - djm@cvs.openbsd.org 2012/04/11 13:17:54 984 [auth.c] 985 Support "none" as an argument for AuthorizedPrincipalsFile to indicate 986 no file should be read. 987 - djm@cvs.openbsd.org 2012/04/11 13:26:40 988 [sshd.c] 989 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 990 while; ok deraadt@ markus@ 991 - djm@cvs.openbsd.org 2012/04/11 13:34:17 992 [ssh-keyscan.1 ssh-keyscan.c] 993 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also 994 look for them by default; bz#1971 995 - djm@cvs.openbsd.org 2012/04/12 02:42:32 996 [servconf.c servconf.h sshd.c sshd_config sshd_config.5] 997 VersionAddendum option to allow server operators to append some arbitrary 998 text to the SSH-... banner; ok deraadt@ "don't care" markus@ 999 - djm@cvs.openbsd.org 2012/04/12 02:43:55 1000 [sshd_config sshd_config.5] 1001 mention AuthorizedPrincipalsFile=none default 1002 - djm@cvs.openbsd.org 2012/04/20 03:24:23 1003 [sftp.c] 1004 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) 1005 - jmc@cvs.openbsd.org 2012/04/20 16:26:22 1006 [ssh.1] 1007 use "brackets" instead of "braces", for consistency; 1008 100920120420 1010 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1011 [contrib/suse/openssh.spec] Update for release 6.0 1012 - (djm) [README] Update URL to release notes. 1013 - (djm) Release openssh-6.0 1014 101520120419 1016 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil 1017 contains openpty() but not login() 1018 101920120404 1020 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox 1021 mode for Linux's new seccomp filter; patch from Will Drewry; feedback 1022 and ok dtucker@ 1023 102420120330 1025 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING 1026 file from spec file. From crighter at nuclioss com. 1027 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running 1028 openssh binaries on a newer fix release than they were compiled on. 1029 with and ok dtucker@ 1030 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect 1031 assumptions when building on Cygwin; patch from Corinna Vinschen 1032 103320120309 1034 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux 1035 systems where sshd is run in te wrong context. Patch from Sven 1036 Vermeulen; ok dtucker@ 1037 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 1038 addressed connections. ok dtucker@ 1039 104020120224 1041 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM 1042 audit breakage in Solaris 11. Patch from Magnus Johansson. 1043 104420120215 1045 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for 1046 unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c 1047 ok dtucker@ 1048 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so 1049 it actually works. 1050 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote 1051 to work. Spotted by Angel Gonzalez 1052 105320120214 1054 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of 1055 preserved Cygwin environment variables; from Corinna Vinschen 1056 105720120211 1058 - (djm) OpenBSD CVS Sync 1059 - djm@cvs.openbsd.org 2012/01/05 00:16:56 1060 [monitor.c] 1061 memleak on error path 1062 - djm@cvs.openbsd.org 2012/01/07 21:11:36 1063 [mux.c] 1064 fix double-free in new session handler 1065 - miod@cvs.openbsd.org 2012/01/08 13:17:11 1066 [ssh-ecdsa.c] 1067 Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, 1068 ok markus@ 1069 - miod@cvs.openbsd.org 2012/01/16 20:34:09 1070 [ssh-pkcs11-client.c] 1071 Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. 1072 While there, be sure to buffer_clear() between send_msg() and recv_msg(). 1073 ok markus@ 1074 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 1075 [clientloop.c] 1076 Ensure that $DISPLAY contains only valid characters before using it to 1077 extract xauth data so that it can't be used to play local shell 1078 metacharacter games. Report from r00t_ati at ihteam.net, ok markus. 1079 - markus@cvs.openbsd.org 2012/01/25 19:26:43 1080 [packet.c] 1081 do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; 1082 ok dtucker@, djm@ 1083 - markus@cvs.openbsd.org 2012/01/25 19:36:31 1084 [authfile.c] 1085 memleak in key_load_file(); from Jan Klemkow 1086 - markus@cvs.openbsd.org 2012/01/25 19:40:09 1087 [packet.c packet.h] 1088 packet_read_poll() is not used anymore. 1089 - markus@cvs.openbsd.org 2012/02/09 20:00:18 1090 [version.h] 1091 move from 6.0-beta to 6.0 1092 109320120206 1094 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms 1095 that don't support ECC. Patch from Phil Oleson 1096 109720111219 1098 - OpenBSD CVS Sync 1099 - djm@cvs.openbsd.org 2011/12/02 00:41:56 1100 [mux.c] 1101 fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1102 ok dtucker@ 1103 - djm@cvs.openbsd.org 2011/12/02 00:43:57 1104 [mac.c] 1105 fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before 1106 HMAC_init (this change in policy seems insane to me) 1107 ok dtucker@ 1108 - djm@cvs.openbsd.org 2011/12/04 23:16:12 1109 [mux.c] 1110 revert: 1111 > revision 1.32 1112 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 1113 > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1114 > ok dtucker@ 1115 it interacts badly with ControlPersist 1116 - djm@cvs.openbsd.org 2011/12/07 05:44:38 1117 [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] 1118 fix some harmless and/or unreachable int overflows; 1119 reported Xi Wang, ok markus@ 1120 112120111125 1122 - OpenBSD CVS Sync 1123 - oga@cvs.openbsd.org 2011/11/16 12:24:28 1124 [sftp.c] 1125 Don't leak list in complete_cmd_parse if there are no commands found. 1126 Discovered when I was ``borrowing'' this code for something else. 1127 ok djm@ 1128 112920111121 1130 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 1131 113220111104 1133 - (dtucker) OpenBSD CVS Sync 1134 - djm@cvs.openbsd.org 2011/10/18 05:15:28 1135 [ssh.c] 1136 ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ 1137 - djm@cvs.openbsd.org 2011/10/18 23:37:42 1138 [ssh-add.c] 1139 add -k to usage(); reminded by jmc@ 1140 - djm@cvs.openbsd.org 2011/10/19 00:06:10 1141 [moduli.c] 1142 s/tmpfile/tmp/ to make this -Wshadow clean 1143 - djm@cvs.openbsd.org 2011/10/19 10:39:48 1144 [umac.c] 1145 typo in comment; patch from Michael W. Bombardieri 1146 - djm@cvs.openbsd.org 2011/10/24 02:10:46 1147 [ssh.c] 1148 bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh 1149 was incorrectly requesting the forward in both the control master and 1150 slave. skip requesting it in the master to fix. ok markus@ 1151 - djm@cvs.openbsd.org 2011/10/24 02:13:13 1152 [session.c] 1153 bz#1859: send tty break to pty master instead of (probably already 1154 closed) slave side; "looks good" markus@ 1155 - dtucker@cvs.openbsd.org 011/11/04 00:09:39 1156 [moduli] 1157 regenerated moduli file; ok deraadt 1158 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in 1159 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] 1160 bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library 1161 which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) 1162 with some rework from myself and djm. ok djm. 1163 116420111025 1165 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file 1166 fails. Patch from Corinna Vinschen. 1167 116820111018 1169 - (djm) OpenBSD CVS Sync 1170 - djm@cvs.openbsd.org 2011/10/04 14:17:32 1171 [sftp-glob.c] 1172 silence error spam for "ls */foo" in directory with files; bz#1683 1173 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 1174 [moduli.c ssh-keygen.1 ssh-keygen.c] 1175 Add optional checkpoints for moduli screening. feedback & ok deraadt 1176 - jmc@cvs.openbsd.org 2011/10/16 15:02:41 1177 [ssh-keygen.c] 1178 put -K in the right place (usage()); 1179 - stsp@cvs.openbsd.org 2011/10/16 15:51:39 1180 [moduli.c] 1181 add missing includes to unbreak tree; fix from rpointel 1182 - djm@cvs.openbsd.org 2011/10/18 04:58:26 1183 [auth-options.c key.c] 1184 remove explict search for \0 in packet strings, this job is now done 1185 implicitly by buffer_get_cstring; ok markus 1186 - djm@cvs.openbsd.org 2011/10/18 05:00:48 1187 [ssh-add.1 ssh-add.c] 1188 new "ssh-add -k" option to load plain keys (skipping certificates); 1189 "looks ok" markus@ 1190 119120111001 1192 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm 1193 - (dtucker) OpenBSD CVS Sync 1194 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 1195 [channels.c auth-options.c servconf.c channels.h sshd.8] 1196 Add wildcard support to PermitOpen, allowing things like "PermitOpen 1197 localhost:*". bz #1857, ok djm markus. 1198 - markus@cvs.openbsd.org 2011/09/23 07:45:05 1199 [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c 1200 version.h] 1201 unbreak remote portforwarding with dynamic allocated listen ports: 1202 1) send the actual listen port in the open message (instead of 0). 1203 this allows multiple forwardings with a dynamic listen port 1204 2) update the matching permit-open entry, so we can identify where 1205 to connect to 1206 report: den at skbkontur.ru and P. Szczygielski 1207 feedback and ok djm@ 1208 - djm@cvs.openbsd.org 2011/09/25 05:44:47 1209 [auth2-pubkey.c] 1210 improve the AuthorizedPrincipalsFile debug log message to include 1211 file and line number 1212 - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 1213 [sshd.c] 1214 don't attempt privsep cleanup when not using privsep; ok markus@ 1215 - djm@cvs.openbsd.org 2011/09/30 21:22:49 1216 [sshd.c] 1217 fix inverted test that caused logspam; spotted by henning@ 1218 121920110929 1220 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch 1221 from des AT des.no 1222 - (dtucker) [configure.ac openbsd-compat/Makefile.in 1223 openbsd-compat/strnlen.c] Add strnlen to the compat library. 1224 122520110923 1226 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no 1227 longer want to sync this file (OpenBSD uses a __getcwd syscall now, we 1228 want this longhand version) 1229 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the 1230 upstream version is YPified and we don't want this 1231 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. 1232 The file was totally rewritten between what we had in tree and -current. 1233 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid 1234 marker. The upstream API has changed (function and structure names) 1235 enough to put it out of sync with other providers of this interface. 1236 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion 1237 of static __findenv() function from upstream setenv.c 1238 - OpenBSD CVS Sync 1239 - millert@cvs.openbsd.org 2006/05/05 15:27:38 1240 [openbsd-compat/strlcpy.c] 1241 Convert do {} while loop -> while {} for clarity. No binary change 1242 on most architectures. From Oliver Smith. OK deraadt@ and henning@ 1243 - tobias@cvs.openbsd.org 2007/10/21 11:09:30 1244 [openbsd-compat/mktemp.c] 1245 Comment fix about time consumption of _gettemp. 1246 FreeBSD did this in revision 1.20. 1247 OK deraadt@, krw@ 1248 - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 1249 [openbsd-compat/mktemp.c] 1250 use arc4random_uniform(); ok djm millert 1251 - millert@cvs.openbsd.org 2008/08/21 16:54:44 1252 [openbsd-compat/mktemp.c] 1253 Remove useless code, the kernel will set errno appropriately if an 1254 element in the path does not exist. OK deraadt@ pvalchev@ 1255 - otto@cvs.openbsd.org 2008/12/09 19:38:38 1256 [openbsd-compat/inet_ntop.c] 1257 fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon 1258 125920110922 1260 - OpenBSD CVS Sync 1261 - pyr@cvs.openbsd.org 2011/05/12 07:15:10 1262 [openbsd-compat/glob.c] 1263 When the max number of items for a directory has reached GLOB_LIMIT_READDIR 1264 an error is returned but closedir() is not called. 1265 spotted and fix provided by Frank Denis obsd-tech@pureftpd.org 1266 ok otto@, millert@ 1267 - stsp@cvs.openbsd.org 2011/09/20 10:18:46 1268 [glob.c] 1269 In glob(3), limit recursion during matching attempts. Similar to 1270 fnmatch fix. Also collapse consecutive '*' (from NetBSD). 1271 ok miod deraadt 1272 - djm@cvs.openbsd.org 2011/09/22 06:27:29 1273 [glob.c] 1274 fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being 1275 applied only to the gl_pathv vector and not the corresponding gl_statv 1276 array. reported in OpenSSH bz#1935; feedback and okay matthew@ 1277 - djm@cvs.openbsd.org 2011/08/26 01:45:15 1278 [ssh.1] 1279 Add some missing ssh_config(5) options that can be used in ssh(1)'s 1280 -o argument. Patch from duclare AT guu.fi 1281 - djm@cvs.openbsd.org 2011/09/05 05:56:13 1282 [scp.1 sftp.1] 1283 mention ControlPersist and KbdInteractiveAuthentication in the -o 1284 verbiage in these pages too (prompted by jmc@) 1285 - djm@cvs.openbsd.org 2011/09/05 05:59:08 1286 [misc.c] 1287 fix typo in IPQoS parsing: there is no "AF14" class, but there is 1288 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1289 - jmc@cvs.openbsd.org 2011/09/05 07:01:44 1290 [scp.1] 1291 knock out a useless Ns; 1292 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 1293 [ssh-keygen.1] 1294 typo (they vs the) found by Lawrence Teo 1295 - djm@cvs.openbsd.org 2011/09/09 00:43:00 1296 [ssh_config.5 sshd_config.5] 1297 fix typo in IPQoS parsing: there is no "AF14" class, but there is 1298 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1299 - djm@cvs.openbsd.org 2011/09/09 00:44:07 1300 [PROTOCOL.mux] 1301 MUX_C_CLOSE_FWD includes forward type in message (though it isn't 1302 implemented anyway) 1303 - djm@cvs.openbsd.org 2011/09/09 22:37:01 1304 [scp.c] 1305 suppress adding '--' to remote commandlines when the first argument 1306 does not start with '-'. saves breakage on some difficult-to-upgrade 1307 embedded/router platforms; feedback & ok dtucker ok markus 1308 - djm@cvs.openbsd.org 2011/09/09 22:38:21 1309 [sshd.c] 1310 kill the preauth privsep child on fatal errors in the monitor; 1311 ok markus@ 1312 - djm@cvs.openbsd.org 2011/09/09 22:46:44 1313 [channels.c channels.h clientloop.h mux.c ssh.c] 1314 support for cancelling local and remote port forwards via the multiplex 1315 socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request 1316 the cancellation of the specified forwardings; ok markus@ 1317 - markus@cvs.openbsd.org 2011/09/10 22:26:34 1318 [channels.c channels.h clientloop.c ssh.1] 1319 support cancellation of local/dynamic forwardings from ~C commandline; 1320 ok & feedback djm@ 1321 - okan@cvs.openbsd.org 2011/09/11 06:59:05 1322 [ssh.1] 1323 document new -O cancel command; ok djm@ 1324 - markus@cvs.openbsd.org 2011/09/11 16:07:26 1325 [sftp-client.c] 1326 fix leaks in do_hardlink() and do_readlink(); bz#1921 1327 from Loganaden Velvindron 1328 - markus@cvs.openbsd.org 2011/09/12 08:46:15 1329 [sftp-client.c] 1330 fix leak in do_lsreaddir(); ok djm 1331 - djm@cvs.openbsd.org 2011/09/22 06:29:03 1332 [sftp.c] 1333 don't let remote_glob() implicitly sort its results in do_globbed_ls() - 1334 in all likelihood, they will be resorted anyway 1335 133620110909 1337 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From 1338 Colin Watson. 1339 134020110906 1341 - (djm) [README version.h] Correct version 1342 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon 1343 - (djm) Respin OpenSSH-5.9p1 release 1344 134520110905 1346 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1347 [contrib/suse/openssh.spec] Update version numbers. 1348 134920110904 1350 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal 1351 regress errors for the sandbox to warnings. ok tim dtucker 1352 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations 1353 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen 1354 support. 1355 135620110829 1357 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting 1358 to switch SELinux context away from unconfined_t, based on patch from 1359 Jan Chadima; bz#1919 ok dtucker@ 1360 136120110827 1362 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. 1363 136420110818 1365 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 1366 136720110817 1368 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for 1369 OpenSSL 0.9.7. ok djm 1370 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] 1371 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen 1372 - (djm) [configure.ac] error out if the host lacks the necessary bits for 1373 an explicitly requested sandbox type 1374 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by 1375 bisson AT archlinux.org 1376 - (djm) OpenBSD CVS Sync 1377 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 1378 [regress/cfgmatch.sh] 1379 use OBJ to find test configs, patch from Tim Rice 1380 - markus@cvs.openbsd.org 2011/06/30 22:44:43 1381 [regress/connect-privsep.sh] 1382 test with sandbox enabled; ok djm@ 1383 - djm@cvs.openbsd.org 2011/08/02 01:23:41 1384 [regress/cipher-speed.sh regress/try-ciphers.sh] 1385 add SHA256/SHA512 based HMAC modes 1386 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 1387 MAC tests for platforms that hack EVP_SHA2 support 1388 138920110812 1390 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context 1391 change error by reporting old and new context names Patch from 1392 jchadima at redhat. 1393 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] 1394 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES 1395 init scrips from imorgan AT nas.nasa.gov; bz#1920 1396 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the 1397 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin 1398 AT gmail.com; ok dtucker@ 1399 140020110807 1401 - (dtucker) OpenBSD CVS Sync 1402 - jmc@cvs.openbsd.org 2008/06/26 06:59:39 1403 [moduli.5] 1404 tweak previous; 1405 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 1406 [moduli.5] 1407 "Diffie-Hellman" is the usual spelling for the cryptographic protocol 1408 first published by Whitfield Diffie and Martin Hellman in 1976. 1409 ok jmc@ 1410 - jmc@cvs.openbsd.org 2010/10/14 20:41:28 1411 [moduli.5] 1412 probabalistic -> probabilistic; from naddy 1413 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 1414 [sftp.1] 1415 typo, fix from Laurent Gautrot 1416 141720110805 1418 - OpenBSD CVS Sync 1419 - djm@cvs.openbsd.org 2011/06/23 23:35:42 1420 [monitor.c] 1421 ignore EINTR errors from poll() 1422 - tedu@cvs.openbsd.org 2011/07/06 18:09:21 1423 [authfd.c] 1424 bzero the agent address. the kernel was for a while very cranky about 1425 these things. evne though that's fixed, always good to initialize 1426 memory. ok deraadt djm 1427 - djm@cvs.openbsd.org 2011/07/29 14:42:45 1428 [sandbox-systrace.c] 1429 fail open(2) with EPERM rather than SIGKILLing the whole process. libc 1430 will call open() to do strerror() when NLS is enabled; 1431 feedback and ok markus@ 1432 - markus@cvs.openbsd.org 2011/08/01 19:18:15 1433 [gss-serv.c] 1434 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); 1435 report Adam Zabrock; ok djm@, deraadt@ 1436 - djm@cvs.openbsd.org 2011/08/02 01:22:11 1437 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] 1438 Add new SHA256 and SHA512 based HMAC modes from 1439 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt 1440 Patch from mdb AT juniper.net; feedback and ok markus@ 1441 - djm@cvs.openbsd.org 2011/08/02 23:13:01 1442 [version.h] 1443 crank now, release later 1444 - djm@cvs.openbsd.org 2011/08/02 23:15:03 1445 [ssh.c] 1446 typo in comment 1447 144820110624 1449 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for 1450 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing 1451 markus@ 1452 145320110623 1454 - OpenBSD CVS Sync 1455 - djm@cvs.openbsd.org 2011/06/22 21:47:28 1456 [servconf.c] 1457 reuse the multistate option arrays to pretty-print options for "sshd -T" 1458 - djm@cvs.openbsd.org 2011/06/22 21:57:01 1459 [servconf.c servconf.h sshd.c sshd_config.5] 1460 [configure.ac Makefile.in] 1461 introduce sandboxing of the pre-auth privsep child using systrace(4). 1462 1463 This introduces a new "UsePrivilegeSeparation=sandbox" option for 1464 sshd_config that applies mandatory restrictions on the syscalls the 1465 privsep child can perform. This prevents a compromised privsep child 1466 from being used to attack other hosts (by opening sockets and proxying) 1467 or probing local kernel attack surface. 1468 1469 The sandbox is implemented using systrace(4) in unsupervised "fast-path" 1470 mode, where a list of permitted syscalls is supplied. Any syscall not 1471 on the list results in SIGKILL being sent to the privsep child. Note 1472 that this requires a kernel with the new SYSTR_POLICY_KILL option. 1473 1474 UsePrivilegeSeparation=sandbox will become the default in the future 1475 so please start testing it now. 1476 1477 feedback dtucker@; ok markus@ 1478 - djm@cvs.openbsd.org 2011/06/22 22:08:42 1479 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] 1480 hook up a channel confirm callback to warn the user then requested X11 1481 forwarding was refused by the server; ok markus@ 1482 - djm@cvs.openbsd.org 2011/06/23 09:34:13 1483 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] 1484 [sandbox-null.c] 1485 rename sandbox.h => ssh-sandbox.h to make things easier for portable 1486 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support 1487 setrlimit(2) 1488 148920110620 1490 - OpenBSD CVS Sync 1491 - djm@cvs.openbsd.org 2011/06/04 00:10:26 1492 [ssh_config.5] 1493 explain IdentifyFile's semantics a little better, prompted by bz#1898 1494 ok dtucker jmc 1495 - markus@cvs.openbsd.org 2011/06/14 22:49:18 1496 [authfile.c] 1497 make sure key_parse_public/private_rsa1() no longer consumes its input 1498 buffer. fixes ssh-add for passphrase-protected ssh1-keys; 1499 noted by naddy@; ok djm@ 1500 - djm@cvs.openbsd.org 2011/06/17 21:44:31 1501 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] 1502 make the pre-auth privsep slave log via a socketpair shared with the 1503 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ 1504 - djm@cvs.openbsd.org 2011/06/17 21:46:16 1505 [sftp-server.c] 1506 the protocol version should be unsigned; bz#1913 reported by mb AT 1507 smartftp.com 1508 - djm@cvs.openbsd.org 2011/06/17 21:47:35 1509 [servconf.c] 1510 factor out multi-choice option parsing into a parse_multistate label 1511 and some support structures; ok dtucker@ 1512 - djm@cvs.openbsd.org 2011/06/17 21:57:25 1513 [clientloop.c] 1514 setproctitle for a mux master that has been gracefully stopped; 1515 bz#1911 from Bert.Wesarg AT googlemail.com 1516 151720110603 1518 - (dtucker) [README version.h contrib/caldera/openssh.spec 1519 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version 1520 bumps from the 5.8p2 branch into HEAD. ok djm. 1521 - (tim) [configure.ac defines.h] Run test program to detect system mail 1522 directory. Add --with-maildir option to override. Fixed OpenServer 6 1523 getting it wrong. Fixed many systems having MAIL=/var/mail//username 1524 ok dtucker 1525 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair 1526 unconditionally in other places and the survey data we have does not show 1527 any systems that use it. "nuke it" djm@ 1528 - (djm) [configure.ac] enable setproctitle emulation for OS X 1529 - (djm) OpenBSD CVS Sync 1530 - djm@cvs.openbsd.org 2011/06/03 00:54:38 1531 [ssh.c] 1532 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg 1533 AT googlemail.com; ok dtucker@ 1534 NB. includes additional portability code to enable setproctitle emulation 1535 on platforms that don't support it. 1536 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 1537 [ssh-agent.c] 1538 Check current parent process ID against saved one to determine if the parent 1539 has exited, rather than attempting to send a zero signal, since the latter 1540 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn 1541 Gillmor, ok djm@ 1542 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 1543 [regress/dynamic-forward.sh] 1544 back out revs 1.6 and 1.5 since it's not reliable 1545 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 1546 [regress/dynamic-forward.sh] 1547 work around startup and teardown races; caught by deraadt 1548 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 1549 [regress/dynamic-forward.sh] 1550 Retry establishing the port forwarding after a small delay, should make 1551 the tests less flaky when the previous test is slow to shut down and free 1552 up the port. 1553 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. 1554 155520110529 1556 - (djm) OpenBSD CVS Sync 1557 - djm@cvs.openbsd.org 2011/05/23 03:30:07 1558 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] 1559 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] 1560 allow AuthorizedKeysFile to specify multiple files, separated by spaces. 1561 Bring back authorized_keys2 as a default search path (to avoid breaking 1562 existing users of this file), but override this in sshd_config so it will 1563 be no longer used on fresh installs. Maybe in 2015 we can remove it 1564 entierly :) 1565 1566 feedback and ok markus@ dtucker@ 1567 - djm@cvs.openbsd.org 2011/05/23 03:33:38 1568 [auth.c] 1569 make secure_filename() spam debug logs less 1570 - djm@cvs.openbsd.org 2011/05/23 03:52:55 1571 [sshconnect.c] 1572 remove extra newline 1573 - jmc@cvs.openbsd.org 2011/05/23 07:10:21 1574 [sshd.8 sshd_config.5] 1575 tweak previous; ok djm 1576 - djm@cvs.openbsd.org 2011/05/23 07:24:57 1577 [authfile.c] 1578 read in key comments for v.2 keys (though note that these are not 1579 passed over the agent protocol); bz#439, based on patch from binder 1580 AT arago.de; ok markus@ 1581 - djm@cvs.openbsd.org 2011/05/24 07:15:47 1582 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] 1583 Remove undocumented legacy options UserKnownHostsFile2 and 1584 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile 1585 accept multiple paths per line and making their defaults include 1586 known_hosts2; ok markus 1587 - djm@cvs.openbsd.org 2011/05/23 03:31:31 1588 [regress/cfgmatch.sh] 1589 include testing of multiple/overridden AuthorizedKeysFiles 1590 refactor to simply daemon start/stop and get rid of racy constructs 1591 159220110520 1593 - (djm) [session.c] call setexeccon() before executing passwd for pw 1594 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ 1595 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options 1596 options, we should corresponding -W-option when trying to determine 1597 whether it is accepted. Also includes a warning fix on the program 1598 fragment uses (bad main() return type). 1599 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ 1600 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 1601 - OpenBSD CVS Sync 1602 - djm@cvs.openbsd.org 2011/05/15 08:09:01 1603 [authfd.c monitor.c serverloop.c] 1604 use FD_CLOEXEC consistently; patch from zion AT x96.org 1605 - djm@cvs.openbsd.org 2011/05/17 07:13:31 1606 [key.c] 1607 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1608 and fix the regress test that was trying to generate them :) 1609 - djm@cvs.openbsd.org 2011/05/20 00:55:02 1610 [servconf.c] 1611 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile 1612 and AuthorizedPrincipalsFile were not being correctly applied in 1613 Match blocks, despite being overridable there; ok dtucker@ 1614 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 1615 [servconf.c] 1616 Add comment documenting what should be after the preauth check. ok djm 1617 - djm@cvs.openbsd.org 2011/05/20 03:25:45 1618 [monitor.c monitor_wrap.c servconf.c servconf.h] 1619 use a macro to define which string options to copy between configs 1620 for Match. This avoids problems caused by forgetting to keep three 1621 code locations in perfect sync and ordering 1622 1623 "this is at once beautiful and horrible" + ok dtucker@ 1624 - djm@cvs.openbsd.org 2011/05/17 07:13:31 1625 [regress/cert-userkey.sh] 1626 fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1627 and fix the regress test that was trying to generate them :) 1628 - djm@cvs.openbsd.org 2011/05/20 02:43:36 1629 [cert-hostkey.sh] 1630 another attempt to generate a v00 ECDSA key that broke the test 1631 ID sync only - portable already had this somehow 1632 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 1633 [dynamic-forward.sh] 1634 Prevent races in dynamic forwarding test; ok djm 1635 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 1636 [dynamic-forward.sh] 1637 fix dumb error in dynamic-forward test 1638 163920110515 1640 - (djm) OpenBSD CVS Sync 1641 - djm@cvs.openbsd.org 2011/05/05 05:12:08 1642 [mux.c] 1643 gracefully fall back when ControlPath is too large for a 1644 sockaddr_un. ok markus@ as part of a larger diff 1645 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 1646 [sshd_config] 1647 clarify language about overriding defaults. bz#1892, from Petr Cerny 1648 - djm@cvs.openbsd.org 2011/05/06 01:09:53 1649 [sftp.1] 1650 mention that IPv6 addresses must be enclosed in square brackets; 1651 bz#1845 1652 - djm@cvs.openbsd.org 2011/05/06 02:05:41 1653 [sshconnect2.c] 1654 fix memory leak; bz#1849 ok dtucker@ 1655 - djm@cvs.openbsd.org 2011/05/06 21:14:05 1656 [packet.c packet.h] 1657 set traffic class for IPv6 traffic as we do for IPv4 TOS; 1658 patch from lionel AT mamane.lu via Colin Watson in bz#1855; 1659 ok markus@ 1660 - djm@cvs.openbsd.org 2011/05/06 21:18:02 1661 [ssh.c ssh_config.5] 1662 add a %L expansion (short-form of the local host name) for ControlPath; 1663 sync some more expansions with LocalCommand; ok markus@ 1664 - djm@cvs.openbsd.org 2011/05/06 21:31:38 1665 [readconf.c ssh_config.5] 1666 support negated Host matching, e.g. 1667 1668 Host *.example.org !c.example.org 1669 User mekmitasdigoat 1670 1671 Will match "a.example.org", "b.example.org", but not "c.example.org" 1672 ok markus@ 1673 - djm@cvs.openbsd.org 2011/05/06 21:34:32 1674 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] 1675 Add a RequestTTY ssh_config option to allow configuration-based 1676 control over tty allocation (like -t/-T); ok markus@ 1677 - djm@cvs.openbsd.org 2011/05/06 21:38:58 1678 [ssh.c] 1679 fix dropping from previous diff 1680 - djm@cvs.openbsd.org 2011/05/06 22:20:10 1681 [PROTOCOL.mux] 1682 fix numbering; from bert.wesarg AT googlemail.com 1683 - jmc@cvs.openbsd.org 2011/05/07 23:19:39 1684 [ssh_config.5] 1685 - tweak previous 1686 - come consistency fixes 1687 ok djm 1688 - jmc@cvs.openbsd.org 2011/05/07 23:20:25 1689 [ssh.1] 1690 +.It RequestTTY 1691 - djm@cvs.openbsd.org 2011/05/08 12:52:01 1692 [PROTOCOL.mux clientloop.c clientloop.h mux.c] 1693 improve our behaviour when TTY allocation fails: if we are in 1694 RequestTTY=auto mode (the default), then do not treat at TTY 1695 allocation error as fatal but rather just restore the local TTY 1696 to cooked mode and continue. This is more graceful on devices that 1697 never allocate TTYs. 1698 1699 If RequestTTY is set to "yes" or "force", then failure to allocate 1700 a TTY is fatal. 1701 1702 ok markus@ 1703 - djm@cvs.openbsd.org 2011/05/10 05:46:46 1704 [authfile.c] 1705 despam debug() logs by detecting that we are trying to load a private key 1706 in key_try_load_public() and returning early; ok markus@ 1707 - djm@cvs.openbsd.org 2011/05/11 04:47:06 1708 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] 1709 remove support for authorized_keys2; it is a relic from the early days 1710 of protocol v.2 support and has been undocumented for many years; 1711 ok markus@ 1712 - djm@cvs.openbsd.org 2011/05/13 00:05:36 1713 [authfile.c] 1714 warn on unexpected key type in key_parse_private_type() 1715 - (djm) [packet.c] unbreak portability #endif 1716 171720110510 1718 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 1719 --with-ssl-engine which was broken with the change from deprecated 1720 SSLeay_add_all_algorithms(). ok djm 1721 172220110506 1723 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype 1724 for closefrom() in test code. Report from Dan Wallis via Gentoo. 1725 172620110505 1727 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS 1728 definitions. From des AT des.no 1729 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 1730 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] 1731 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] 1732 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] 1733 [regress/README.regress] Remove ssh-rand-helper and all its 1734 tentacles. PRNGd seeding has been rolled into entropy.c directly. 1735 Thanks to tim@ for testing on affected platforms. 1736 - OpenBSD CVS Sync 1737 - djm@cvs.openbsd.org 2011/03/10 02:52:57 1738 [auth2-gss.c auth2.c auth.h] 1739 allow GSSAPI authentication to detect when a server-side failure causes 1740 authentication failure and don't count such failures against MaxAuthTries; 1741 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock 1742 - okan@cvs.openbsd.org 2011/03/15 10:36:02 1743 [ssh-keyscan.c] 1744 use timerclear macro 1745 ok djm@ 1746 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 1747 [ssh-keygen.1 ssh-keygen.c] 1748 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) 1749 for which host keys do not exist, generate the host keys with the 1750 default key file path, an empty passphrase, default bits for the key 1751 type, and default comment. This will be used by /etc/rc to generate 1752 new host keys. Idea from deraadt. 1753 ok deraadt 1754 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 1755 [ssh-keygen.1] 1756 -q not used in /etc/rc now so remove statement. 1757 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 1758 [ssh-keygen.c] 1759 remove -d, documentation removed >10 years ago; ok markus 1760 - jmc@cvs.openbsd.org 2011/03/24 15:29:30 1761 [ssh-keygen.1] 1762 zap trailing whitespace; 1763 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 1764 [ssh-keygen.c] 1765 use strcasecmp() for "clear" cert permission option also; ok djm 1766 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 1767 [misc.c misc.h servconf.c] 1768 print ipqos friendly string for sshd -T; ok markus 1769 # sshd -Tf sshd_config|grep ipqos 1770 ipqos lowdelay throughput 1771 - djm@cvs.openbsd.org 2011/04/12 04:23:50 1772 [ssh-keygen.c] 1773 fix -Wshadow 1774 - djm@cvs.openbsd.org 2011/04/12 05:32:49 1775 [sshd.c] 1776 exit with 0 status on SIGTERM; bz#1879 1777 - djm@cvs.openbsd.org 2011/04/13 04:02:48 1778 [ssh-keygen.1] 1779 improve wording; bz#1861 1780 - djm@cvs.openbsd.org 2011/04/13 04:09:37 1781 [ssh-keygen.1] 1782 mention valid -b sizes for ECDSA keys; bz#1862 1783 - djm@cvs.openbsd.org 2011/04/17 22:42:42 1784 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] 1785 allow graceful shutdown of multiplexing: request that a mux server 1786 removes its listener socket and refuse future multiplexing requests; 1787 ok markus@ 1788 - djm@cvs.openbsd.org 2011/04/18 00:46:05 1789 [ssh-keygen.c] 1790 certificate options are supposed to be packed in lexical order of 1791 option name (though we don't actually enforce this at present). 1792 Move one up that was out of sequence 1793 - djm@cvs.openbsd.org 2011/05/04 21:15:29 1794 [authfile.c authfile.h ssh-add.c] 1795 allow "ssh-add - < key"; feedback and ok markus@ 1796 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE 1797 so autoreconf 2.68 is happy. 1798 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ 1799 180020110221 1801 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the 1802 Cygwin-specific service installer script ssh-host-config. The actual 1803 functionality is the same, the revisited version is just more 1804 exact when it comes to check for problems which disallow to run 1805 certain aspects of the script. So, part of this script and the also 1806 rearranged service helper script library "csih" is to check if all 1807 the tools required to run the script are available on the system. 1808 The new script also is more thorough to inform the user why the 1809 script failed. Patch from vinschen at redhat com. 1810 181120110218 1812 - OpenBSD CVS Sync 1813 - djm@cvs.openbsd.org 2011/02/16 00:31:14 1814 [ssh-keysign.c] 1815 make hostbased auth with ECDSA keys work correctly. Based on patch 1816 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) 1817 181820110206 1819 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in 1820 selinux code. Patch from Leonardo Chiquitto 1821 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key 1822 generation and simplify. Patch from Corinna Vinschen. 1823 182420110204 1825 - OpenBSD CVS Sync 1826 - djm@cvs.openbsd.org 2011/01/31 21:42:15 1827 [PROTOCOL.mux] 1828 cut'n'pasto; from bert.wesarg AT googlemail.com 1829 - djm@cvs.openbsd.org 2011/02/04 00:44:21 1830 [key.c] 1831 fix uninitialised nonce variable; reported by Mateusz Kocielski 1832 - djm@cvs.openbsd.org 2011/02/04 00:44:43 1833 [version.h] 1834 openssh-5.8 1835 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1836 [contrib/suse/openssh.spec] update versions in docs and spec files. 1837 - Release OpenSSH 5.8p1 1838 183920110128 1840 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled 1841 before attempting setfscreatecon(). Check whether matchpathcon() 1842 succeeded before using its result. Patch from cjwatson AT debian.org; 1843 bz#1851 1844 184520110127 1846 - (tim) [config.guess config.sub] Sync with upstream. 1847 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete 1848 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with 1849 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white 1850 space changes for consistency/readability. Makes autoconf 2.68 happy. 1851 "Nice work" djm 1852 185320110125 1854 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 1855 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to 1856 port-linux.c to avoid compilation errors. Add -lselinux to ssh when 1857 building with SELinux support to avoid linking failure; report from 1858 amk AT spamfence.net; ok dtucker 1859 186020110122 1861 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 1862 RSA_get_default_method() for the benefit of openssl versions that don't 1863 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, 1864 ok djm@. 1865 - OpenBSD CVS Sync 1866 - djm@cvs.openbsd.org 2011/01/22 09:18:53 1867 [version.h] 1868 crank to OpenSSH-5.7 1869 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1870 [contrib/suse/openssh.spec] update versions in docs and spec files. 1871 - (djm) Release 5.7p1 1872 187320110119 1874 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead 1875 of RPM so build completes. Signatures were changed to .asc since 4.1p1. 1876 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 1877 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- 1878 release testing (random crashes and failure to load ECC keys). 1879 ok dtucker@ 1880 188120110117 1882 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in 1883 $PATH, fix cleanup of droppings; reported by openssh AT 1884 roumenpetrov.info; ok dtucker@ 1885 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding 1886 its unique snowflake of a gdb error to the ones we look for. 1887 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running 1888 ssh-add to avoid $SUDO failures on Linux 1889 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new 1890 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback 1891 to the old values. Feedback from vapier at gentoo org and djm, ok djm. 1892 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 1893 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are 1894 disabled on platforms that do not support them; add a "config_defined()" 1895 shell function that greps for defines in config.h and use them to decide 1896 on feature tests. 1897 Convert a couple of existing grep's over config.h to use the new function 1898 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent 1899 backslash characters in filenames, enable it for Cygwin and use it to turn 1900 of tests for quotes backslashes in sftp-glob.sh. 1901 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 1902 - (tim) [regress/agent-getpeereid.sh] shell portability fix. 1903 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on 1904 the tinderbox. 1905 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 1906 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem 1907 support, based on patches from Tomas Mraz and jchadima at redhat. 1908 190920110116 1910 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 1911 on configurations that don't have it. 1912 - OpenBSD CVS Sync 1913 - djm@cvs.openbsd.org 2011/01/16 11:50:05 1914 [clientloop.c] 1915 Use atomicio when flushing protocol 1 std{out,err} buffers at 1916 session close. This was a latent bug exposed by setting a SIGCHLD 1917 handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 1918 - djm@cvs.openbsd.org 2011/01/16 11:50:36 1919 [sshconnect.c] 1920 reset the SIGPIPE handler when forking to execute child processes; 1921 ok dtucker@ 1922 - djm@cvs.openbsd.org 2011/01/16 12:05:59 1923 [clientloop.c] 1924 a couple more tweaks to the post-close protocol 1 stderr/stdout flush: 1925 now that we use atomicio(), convert them from while loops to if statements 1926 add test and cast to compile cleanly with -Wsigned 1927 192820110114 1929 - OpenBSD CVS Sync 1930 - djm@cvs.openbsd.org 2011/01/13 21:54:53 1931 [mux.c] 1932 correct error messages; patch from bert.wesarg AT googlemail.com 1933 - djm@cvs.openbsd.org 2011/01/13 21:55:25 1934 [PROTOCOL.mux] 1935 correct protocol names and add a couple of missing protocol number 1936 defines; patch from bert.wesarg AT googlemail.com 1937 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in 1938 host-key-force target rather than a substitution that is replaced with a 1939 comment so that the Makefile.in is still a syntactically valid Makefile 1940 (useful to run the distprep target) 1941 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 1942 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some 1943 ecdsa bits. 1944 194520110113 1946 - (djm) [misc.c] include time.h for nanosleep() prototype 1947 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 1948 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 1949 ecdsa keys. ok djm. 1950 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid 1951 gcc warning on platforms where it defaults to int 1952 - (djm) [regress/Makefile] add a few more generated files to the clean 1953 target 1954 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad 1955 #define that was causing diffie-hellman-group-exchange-sha256 to be 1956 incorrectly disabled 1957 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 1958 should not depend on ECC support 1959 196020110112 1961 - OpenBSD CVS Sync 1962 - nicm@cvs.openbsd.org 2010/10/08 21:48:42 1963 [openbsd-compat/glob.c] 1964 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit 1965 from ARG_MAX to 64K. 1966 Fixes glob-using programs (notably ftp) able to be triggered to hit 1967 resource limits. 1968 Idea from a similar NetBSD change, original problem reported by jasper@. 1969 ok millert tedu jasper 1970 - djm@cvs.openbsd.org 2011/01/12 01:53:14 1971 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS 1972 and sanity check arguments (these will be unnecessary when we switch 1973 struct glob members from being type into to size_t in the future); 1974 "looks ok" tedu@ feedback guenther@ 1975 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 1976 silly warnings on write() calls we don't care succeed or not. 1977 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 1978 flag tests that don't depend on gcc version at all; suggested by and 1979 ok dtucker@ 1980 198120110111 1982 - (tim) [regress/host-expand.sh] Fix for building outside of read only 1983 source tree. 1984 - (djm) [platform.c] Some missing includes that show up under -Werror 1985 - OpenBSD CVS Sync 1986 - djm@cvs.openbsd.org 2011/01/08 10:51:51 1987 [clientloop.c] 1988 use host and not options.hostname, as the latter may have unescaped 1989 substitution characters 1990 - djm@cvs.openbsd.org 2011/01/11 06:06:09 1991 [sshlogin.c] 1992 fd leak on error paths; from zinovik@ 1993 NB. Id sync only; we use loginrec.c that was also audited and fixed 1994 recently 1995 - djm@cvs.openbsd.org 2011/01/11 06:13:10 1996 [clientloop.c ssh-keygen.c sshd.c] 1997 some unsigned long long casts that make things a bit easier for 1998 portable without resorting to dropping PRIu64 formats everywhere 1999 200020110109 2001 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by 2002 openssh AT roumenpetrov.info 2003 200420110108 2005 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress 2006 test on OSX and others. Reported by imorgan AT nas.nasa.gov 2007 200820110107 2009 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test 2010 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com 2011 - djm@cvs.openbsd.org 2011/01/06 22:23:53 2012 [ssh.c] 2013 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT 2014 googlemail.com; ok markus@ 2015 - djm@cvs.openbsd.org 2011/01/06 22:23:02 2016 [clientloop.c] 2017 when exiting due to ServerAliveTimeout, mention the hostname that caused 2018 it (useful with backgrounded controlmaster) 2019 - djm@cvs.openbsd.org 2011/01/06 22:46:21 2020 [regress/Makefile regress/host-expand.sh] 2021 regress test for LocalCommand %n expansion from bert.wesarg AT 2022 googlemail.com; ok markus@ 2023 - djm@cvs.openbsd.org 2011/01/06 23:01:35 2024 [sshconnect.c] 2025 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; 2026 ok markus@ 2027 202820110106 2029 - (djm) OpenBSD CVS Sync 2030 - markus@cvs.openbsd.org 2010/12/08 22:46:03 2031 [scp.1 scp.c] 2032 add a new -3 option to scp: Copies between two remote hosts are 2033 transferred through the local host. Without this option the data 2034 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) 2035 - jmc@cvs.openbsd.org 2010/12/09 14:13:33 2036 [scp.1 scp.c] 2037 scp.1: grammer fix 2038 scp.c: add -3 to usage() 2039 - markus@cvs.openbsd.org 2010/12/14 11:59:06 2040 [sshconnect.c] 2041 don't mention key type in key-changed-warning, since we also print 2042 this warning if a new key type appears. ok djm@ 2043 - djm@cvs.openbsd.org 2010/12/15 00:49:27 2044 [readpass.c] 2045 fix ControlMaster=ask regression 2046 reset SIGCHLD handler before fork (and restore it after) so we don't miss 2047 the the askpass child's exit status. Correct test for exit status/signal to 2048 account for waitpid() failure; with claudio@ ok claudio@ markus@ 2049 - djm@cvs.openbsd.org 2010/12/24 21:41:48 2050 [auth-options.c] 2051 don't send the actual forced command in a debug message; ok markus deraadt 2052 - otto@cvs.openbsd.org 2011/01/04 20:44:13 2053 [ssh-keyscan.c] 2054 handle ecdsa-sha2 with various key lengths; hint and ok djm@ 2055 205620110104 2057 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 2058 formatter if it is present, followed by nroff and groff respectively. 2059 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports 2060 in favour of mandoc). feedback and ok tim 2061 206220110103 2063 - (djm) [Makefile.in] revert local hack I didn't intend to commit 2064 206520110102 2066 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 2067 - (djm) [configure.ac] Check whether libdes is needed when building 2068 with Heimdal krb5 support. On OpenBSD this library no longer exists, 2069 so linking it unconditionally causes a build failure; ok dtucker 2070 207120101226 2072 - (dtucker) OpenBSD CVS Sync 2073 - djm@cvs.openbsd.org 2010/12/08 04:02:47 2074 [ssh_config.5 sshd_config.5] 2075 explain that IPQoS arguments are separated by whitespace; iirc requested 2076 by jmc@ a while back 2077 207820101205 2079 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from 2080 debugging. Spotted by djm. 2081 - (dtucker) OpenBSD CVS Sync 2082 - djm@cvs.openbsd.org 2010/12/03 23:49:26 2083 [schnorr.c] 2084 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao 2085 (this code is still disabled, but apprently people are treating it as 2086 a reference implementation) 2087 - djm@cvs.openbsd.org 2010/12/03 23:55:27 2088 [auth-rsa.c] 2089 move check for revoked keys to run earlier (in auth_rsa_key_allowed) 2090 bz#1829; patch from ldv AT altlinux.org; ok markus@ 2091 - djm@cvs.openbsd.org 2010/12/04 00:18:01 2092 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] 2093 add a protocol extension to support a hard link operation. It is 2094 available through the "ln" command in the client. The old "ln" 2095 behaviour of creating a symlink is available using its "-s" option 2096 or through the preexisting "symlink" command; based on a patch from 2097 miklos AT szeredi.hu in bz#1555; ok markus@ 2098 - djm@cvs.openbsd.org 2010/12/04 13:31:37 2099 [hostfile.c] 2100 fix fd leak; spotted and ok dtucker 2101 - djm@cvs.openbsd.org 2010/12/04 00:21:19 2102 [regress/sftp-cmds.sh] 2103 adjust for hard-link support 2104 - (dtucker) [regress/Makefile] Id sync. 2105 210620101204 2107 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) 2108 instead of (arc4random() % range) 2109 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 2110 shims for the new, non-deprecated OpenSSL key generation functions for 2111 platforms that don't have the new interfaces. 2112 211320101201 2114 - OpenBSD CVS Sync 2115 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 2116 [auth2-pubkey.c] 2117 clean up cases of ;; 2118 - djm@cvs.openbsd.org 2010/11/21 01:01:13 2119 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] 2120 honour $TMPDIR for client xauth and ssh-agent temporary directories; 2121 feedback and ok markus@ 2122 - djm@cvs.openbsd.org 2010/11/21 10:57:07 2123 [authfile.c] 2124 Refactor internals of private key loading and saving to work on memory 2125 buffers rather than directly on files. This will make a few things 2126 easier to do in the future; ok markus@ 2127 - djm@cvs.openbsd.org 2010/11/23 02:35:50 2128 [auth.c] 2129 use strict_modes already passed as function argument over referencing 2130 global options.strict_modes 2131 - djm@cvs.openbsd.org 2010/11/23 23:57:24 2132 [clientloop.c] 2133 avoid NULL deref on receiving a channel request on an unknown or invalid 2134 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 2135 - djm@cvs.openbsd.org 2010/11/24 01:24:14 2136 [channels.c] 2137 remove a debug() that pollutes stderr on client connecting to a server 2138 in debug mode (channel_close_fds is called transitively from the session 2139 code post-fork); bz#1719, ok dtucker 2140 - djm@cvs.openbsd.org 2010/11/25 04:10:09 2141 [session.c] 2142 replace close() loop for fds 3->64 with closefrom(); 2143 ok markus deraadt dtucker 2144 - djm@cvs.openbsd.org 2010/11/26 05:52:49 2145 [scp.c] 2146 Pass through ssh command-line flags and options when doing remote-remote 2147 transfers, e.g. to enable agent forwarding which is particularly useful 2148 in this case; bz#1837 ok dtucker@ 2149 - markus@cvs.openbsd.org 2010/11/29 18:57:04 2150 [authfile.c] 2151 correctly load comment for encrypted rsa1 keys; 2152 report/fix Joachim Schipper; ok djm@ 2153 - djm@cvs.openbsd.org 2010/11/29 23:45:51 2154 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] 2155 [sshconnect.h sshconnect2.c] 2156 automatically order the hostkeys requested by the client based on 2157 which hostkeys are already recorded in known_hosts. This avoids 2158 hostkey warnings when connecting to servers with new ECDSA keys 2159 that are preferred by default; with markus@ 2160 216120101124 2162 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 2163 into the platform-specific code Only affects SCO, tested by and ok tim@. 2164 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow 2165 group read/write. ok dtucker@ 2166 - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 2167 - (djm) [defines.h] Add IP DSCP defines 2168 216920101122 2170 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch 2171 from vapier at gentoo org. 2172 217320101120 2174 - OpenBSD CVS Sync 2175 - djm@cvs.openbsd.org 2010/11/05 02:46:47 2176 [packet.c] 2177 whitespace KNF 2178 - djm@cvs.openbsd.org 2010/11/10 01:33:07 2179 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] 2180 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. 2181 these have been around for years by this time. ok markus 2182 - djm@cvs.openbsd.org 2010/11/13 23:27:51 2183 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] 2184 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] 2185 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of 2186 hardcoding lowdelay/throughput. 2187 2188 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 2189 - jmc@cvs.openbsd.org 2010/11/15 07:40:14 2190 [ssh_config.5] 2191 libary -> library; 2192 - jmc@cvs.openbsd.org 2010/11/18 15:01:00 2193 [scp.1 sftp.1 ssh.1 sshd_config.5] 2194 add IPQoS to the various -o lists, and zap some trailing whitespace; 2195 219620101111 2197 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on 2198 platforms that don't support ECC. Fixes some spurious warnings reported 2199 by tim@ 2200 220120101109 2202 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. 2203 Feedback from dtucker@ 2204 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 2205 support for platforms missing isblank(). ok djm@ 2206 220720101108 2208 - (tim) [regress/Makefile] Fixes to allow building/testing outside source 2209 tree. 2210 - (tim) [regress/kextype.sh] Shell portability fix. 2211 221220101107 2213 - (dtucker) [platform.c] includes.h instead of defines.h so that we get 2214 the correct typedefs. 2215 221620101105 2217 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 2218 int. Should fix bz#1817 cleanly; ok dtucker@ 2219 - OpenBSD CVS Sync 2220 - djm@cvs.openbsd.org 2010/09/22 12:26:05 2221 [regress/Makefile regress/kextype.sh] 2222 regress test for each of the key exchange algorithms that we support 2223 - djm@cvs.openbsd.org 2010/10/28 11:22:09 2224 [authfile.c key.c key.h ssh-keygen.c] 2225 fix a possible NULL deref on loading a corrupt ECDH key 2226 2227 store ECDH group information in private keys files as "named groups" 2228 rather than as a set of explicit group parameters (by setting 2229 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and 2230 retrieves the group's OpenSSL NID that we need for various things. 2231 - jmc@cvs.openbsd.org 2010/10/28 18:33:28 2232 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 2233 knock out some "-*- nroff -*-" lines; 2234 - djm@cvs.openbsd.org 2010/11/04 02:45:34 2235 [sftp-server.c] 2236 umask should be parsed as octal. reported by candland AT xmission.com; 2237 ok markus@ 2238 - (dtucker) [configure.ac platform.{c,h} session.c 2239 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. 2240 Patch from cory.erickson at csu mnscu edu with a bit of rework from me. 2241 ok djm@ 2242 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 2243 after the user's groups are established and move the selinux calls into it. 2244 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 2245 platform.c 2246 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2247 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to 2248 retain previous behavior. 2249 - (dtucker) [platform.c session.c] Move the PAM credential establishment for 2250 the LOGIN_CAP case into platform.c. 2251 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 2252 platform.c 2253 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. 2254 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 2255 platform.c. 2256 - (dtucker) [platform.c session.c] Move PAM credential establishment for the 2257 non-LOGIN_CAP case into platform.c. 2258 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 2259 check into platform.c 2260 - (dtucker) [regress/keytype.sh] Import new test. 2261 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 2262 Import recent changes to regress/Makefile, pass a flag to enable ECC tests 2263 from configure through to regress/Makefile and use it in the tests. 2264 - (dtucker) [regress/kextype.sh] Add missing "test". 2265 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not 2266 strictly correct since while ECC requires sha256 the reverse is not true 2267 however it does prevent spurious test failures. 2268 - (dtucker) [platform.c] Need servconf.h and extern options. 2269 227020101025 2271 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 2272 1.12 to unbreak Solaris build. 2273 ok djm@ 2274 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a 2275 native one. 2276 227720101024 2278 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 2279 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms 2280 which don't have ECC support in libcrypto. 2281 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms 2282 which don't have ECC support in libcrypto. 2283 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't 2284 have it. 2285 - (dtucker) OpenBSD CVS Sync 2286 - sthen@cvs.openbsd.org 2010/10/23 22:06:12 2287 [sftp.c] 2288 escape '[' in filename tab-completion; fix a type while there. 2289 ok djm@ 2290 229120101021 2292 - OpenBSD CVS Sync 2293 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 2294 [mux.c] 2295 Typo in confirmation message. bz#1827, patch from imorgan at 2296 nas nasa gov 2297 - djm@cvs.openbsd.org 2010/08/31 12:24:09 2298 [regress/cert-hostkey.sh regress/cert-userkey.sh] 2299 tests for ECDSA certificates 2300 230120101011 2302 - (djm) [canohost.c] Zero a4 instead of addr to better match type. 2303 bz#1825, reported by foo AT mailinator.com 2304 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 2305 230620101011 2307 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 2308 dr AT vasco.com 2309 231020101007 2311 - (djm) [ssh-agent.c] Fix type for curve name. 2312 - (djm) OpenBSD CVS Sync 2313 - matthew@cvs.openbsd.org 2010/09/24 13:33:00 2314 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] 2315 [openbsd-compat/timingsafe_bcmp.c] 2316 Add timingsafe_bcmp(3) to libc, mention that it's already in the 2317 kernel in kern(9), and remove it from OpenSSH. 2318 ok deraadt@, djm@ 2319 NB. re-added under openbsd-compat/ for portable OpenSSH 2320 - djm@cvs.openbsd.org 2010/09/25 09:30:16 2321 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] 2322 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server 2323 rountrips to fetch per-file stat(2) information. 2324 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to 2325 match. 2326 - djm@cvs.openbsd.org 2010/09/26 22:26:33 2327 [sftp.c] 2328 when performing an "ls" in columnated (short) mode, only call 2329 ioctl(TIOCGWINSZ) once to get the window width instead of per- 2330 filename 2331 - djm@cvs.openbsd.org 2010/09/30 11:04:51 2332 [servconf.c] 2333 prevent free() of string in .rodata when overriding AuthorizedKeys in 2334 a Match block; patch from rein AT basefarm.no 2335 - djm@cvs.openbsd.org 2010/10/01 23:05:32 2336 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] 2337 adapt to API changes in openssl-1.0.0a 2338 NB. contains compat code to select correct API for older OpenSSL 2339 - djm@cvs.openbsd.org 2010/10/05 05:13:18 2340 [sftp.c sshconnect.c] 2341 use default shell /bin/sh if $SHELL is ""; ok markus@ 2342 - djm@cvs.openbsd.org 2010/10/06 06:39:28 2343 [clientloop.c ssh.c sshconnect.c sshconnect.h] 2344 kill proxy command on fatal() (we already kill it on clean exit); 2345 ok markus@ 2346 - djm@cvs.openbsd.org 2010/10/06 21:10:21 2347 [sshconnect.c] 2348 swapped args to kill(2) 2349 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 2350 - (djm) [cipher-acss.c] Add missing header. 2351 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 2352 235320100924 2354 - (djm) OpenBSD CVS Sync 2355 - naddy@cvs.openbsd.org 2010/09/10 15:19:29 2356 [ssh-keygen.1] 2357 * mention ECDSA in more places 2358 * less repetition in FILES section 2359 * SSHv1 keys are still encrypted with 3DES 2360 help and ok jmc@ 2361 - djm@cvs.openbsd.org 2010/09/11 21:44:20 2362 [ssh.1] 2363 mention RFC 5656 for ECC stuff 2364 - jmc@cvs.openbsd.org 2010/09/19 21:30:05 2365 [sftp.1] 2366 more wacky macro fixing; 2367 - djm@cvs.openbsd.org 2010/09/20 04:41:47 2368 [ssh.c] 2369 install a SIGCHLD handler to reap expiried child process; ok markus@ 2370 - djm@cvs.openbsd.org 2010/09/20 04:50:53 2371 [jpake.c schnorr.c] 2372 check that received values are smaller than the group size in the 2373 disabled and unfinished J-PAKE code. 2374 avoids catastrophic security failure found by Sebastien Martini 2375 - djm@cvs.openbsd.org 2010/09/20 04:54:07 2376 [jpake.c] 2377 missing #include 2378 - djm@cvs.openbsd.org 2010/09/20 07:19:27 2379 [mux.c] 2380 "atomically" create the listening mux socket by binding it on a temorary 2381 name and then linking it into position after listen() has succeeded. 2382 this allows the mux clients to determine that the server socket is 2383 either ready or stale without races. stale server sockets are now 2384 automatically removed 2385 ok deraadt 2386 - djm@cvs.openbsd.org 2010/09/22 05:01:30 2387 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] 2388 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] 2389 add a KexAlgorithms knob to the client and server configuration to allow 2390 selection of which key exchange methods are used by ssh(1) and sshd(8) 2391 and their order of preference. 2392 ok markus@ 2393 - jmc@cvs.openbsd.org 2010/09/22 08:30:08 2394 [ssh.1 ssh_config.5] 2395 ssh.1: add kexalgorithms to the -o list 2396 ssh_config.5: format the kexalgorithms in a more consistent 2397 (prettier!) way 2398 ok djm 2399 - djm@cvs.openbsd.org 2010/09/22 22:58:51 2400 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] 2401 [sftp-client.h sftp.1 sftp.c] 2402 add an option per-read/write callback to atomicio 2403 2404 factor out bandwidth limiting code from scp(1) into a generic bandwidth 2405 limiter that can be attached using the atomicio callback mechanism 2406 2407 add a bandwidth limit option to sftp(1) using the above 2408 "very nice" markus@ 2409 - jmc@cvs.openbsd.org 2010/09/23 13:34:43 2410 [sftp.c] 2411 add [-l limit] to usage(); 2412 - jmc@cvs.openbsd.org 2010/09/23 13:36:46 2413 [scp.1 sftp.1] 2414 add KexAlgorithms to the -o list; 2415 241620100910 2417 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact 2418 return code since it can apparently return -1 under some conditions. From 2419 openssh bugs werbittewas de, ok djm@ 2420 - OpenBSD CVS Sync 2421 - djm@cvs.openbsd.org 2010/08/31 12:33:38 2422 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2423 reintroduce commit from tedu@, which I pulled out for release 2424 engineering: 2425 OpenSSL_add_all_algorithms is the name of the function we have a 2426 man page for, so use that. ok djm 2427 - jmc@cvs.openbsd.org 2010/08/31 17:40:54 2428 [ssh-agent.1] 2429 fix some macro abuse; 2430 - jmc@cvs.openbsd.org 2010/08/31 21:14:58 2431 [ssh.1] 2432 small text tweak to accommodate previous; 2433 - naddy@cvs.openbsd.org 2010/09/01 15:21:35 2434 [servconf.c] 2435 pick up ECDSA host key by default; ok djm@ 2436 - markus@cvs.openbsd.org 2010/09/02 16:07:25 2437 [ssh-keygen.c] 2438 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 2439 - markus@cvs.openbsd.org 2010/09/02 16:08:39 2440 [ssh.c] 2441 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 2442 - naddy@cvs.openbsd.org 2010/09/02 17:21:50 2443 [ssh-keygen.c] 2444 Switch ECDSA default key size to 256 bits, which according to RFC5656 2445 should still be better than our current RSA-2048 default. 2446 ok djm@, markus@ 2447 - jmc@cvs.openbsd.org 2010/09/03 11:09:29 2448 [scp.1] 2449 add an EXIT STATUS section for /usr/bin; 2450 - jmc@cvs.openbsd.org 2010/09/04 09:38:34 2451 [ssh-add.1 ssh.1] 2452 two more EXIT STATUS sections; 2453 - naddy@cvs.openbsd.org 2010/09/06 17:10:19 2454 [sshd_config] 2455 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste 2456 <mattieu.b@gmail.com> 2457 ok deraadt@ 2458 - djm@cvs.openbsd.org 2010/09/08 03:54:36 2459 [authfile.c] 2460 typo 2461 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 2462 [compress.c] 2463 work around name-space collisions some buggy compilers (looking at you 2464 gcc, at least in earlier versions, but this does not forgive your current 2465 transgressions) seen between zlib and openssl 2466 ok djm 2467 - djm@cvs.openbsd.org 2010/09/09 10:45:45 2468 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] 2469 ECDH/ECDSA compliance fix: these methods vary the hash function they use 2470 (SHA256/384/512) depending on the length of the curve in use. The previous 2471 code incorrectly used SHA256 in all cases. 2472 2473 This fix will cause authentication failure when using 384 or 521-bit curve 2474 keys if one peer hasn't been upgraded and the other has. (256-bit curve 2475 keys work ok). In particular you may need to specify HostkeyAlgorithms 2476 when connecting to a server that has not been upgraded from an upgraded 2477 client. 2478 2479 ok naddy@ 2480 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 2481 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] 2482 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on 2483 platforms that don't have the requisite OpenSSL support. ok dtucker@ 2484 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 2485 for missing headers and compiler warnings. 2486 248720100831 2488 - OpenBSD CVS Sync 2489 - jmc@cvs.openbsd.org 2010/08/08 19:36:30 2490 [ssh-keysign.8 ssh.1 sshd.8] 2491 use the same template for all FILES sections; i.e. -compact/.Pp where we 2492 have multiple items, and .Pa for path names; 2493 - tedu@cvs.openbsd.org 2010/08/12 23:34:39 2494 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2495 OpenSSL_add_all_algorithms is the name of the function we have a man page 2496 for, so use that. ok djm 2497 - djm@cvs.openbsd.org 2010/08/16 04:06:06 2498 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2499 backout previous temporarily; discussed with deraadt@ 2500 - djm@cvs.openbsd.org 2010/08/31 09:58:37 2501 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] 2502 [packet.h ssh-dss.c ssh-rsa.c] 2503 Add buffer_get_cstring() and related functions that verify that the 2504 string extracted from the buffer contains no embedded \0 characters* 2505 This prevents random (possibly malicious) crap from being appended to 2506 strings where it would not be noticed if the string is used with 2507 a string(3) function. 2508 2509 Use the new API in a few sensitive places. 2510 2511 * actually, we allow a single one at the end of the string for now because 2512 we don't know how many deployed implementations get this wrong, but don't 2513 count on this to remain indefinitely. 2514 - djm@cvs.openbsd.org 2010/08/31 11:54:45 2515 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] 2516 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] 2517 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] 2518 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] 2519 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] 2520 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] 2521 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] 2522 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and 2523 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer 2524 better performance than plain DH and DSA at the same equivalent symmetric 2525 key length, as well as much shorter keys. 2526 2527 Only the mandatory sections of RFC5656 are implemented, specifically the 2528 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and 2529 ECDSA. Point compression (optional in RFC5656 is NOT implemented). 2530 2531 Certificate host and user keys using the new ECDSA key types are supported. 2532 2533 Note that this code has not been tested for interoperability and may be 2534 subject to change. 2535 2536 feedback and ok markus@ 2537 - (djm) [Makefile.in] Add new ECC files 2538 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include 2539 includes.h 2540 254120100827 2542 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, 2543 remove. Patch from martynas at venck us 2544 254520100823 2546 - (djm) Release OpenSSH-5.6p1 2547 254820100816 2549 - (dtucker) [configure.ac openbsd-compat/Makefile.in 2550 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to 2551 the compat library which helps on platforms like old IRIX. Based on work 2552 by djm, tested by Tom Christensen. 2553 - OpenBSD CVS Sync 2554 - djm@cvs.openbsd.org 2010/08/12 21:49:44 2555 [ssh.c] 2556 close any extra file descriptors inherited from parent at start and 2557 reopen stdin/stdout to /dev/null when forking for ControlPersist. 2558 2559 prevents tools that fork and run a captive ssh for communication from 2560 failing to exit when the ssh completes while they wait for these fds to 2561 close. The inherited fds may persist arbitrarily long if a background 2562 mux master has been started by ControlPersist. cvs and scp were effected 2563 by this. 2564 2565 "please commit" markus@ 2566 - (djm) [regress/README.regress] typo 2567 256820100812 2569 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh 2570 regress/test-exec.sh] Under certain conditions when testing with sudo 2571 tests would fail because the pidfile could not be read by a regular user. 2572 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" 2573 Make sure cat is run by $SUDO. no objection from me. djm@ 2574 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. 2575 257620100809 2577 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is 2578 already set. Makes FreeBSD user openable tunnels useful; patch from 2579 richard.burakowski+ossh AT mrburak.net, ok dtucker@ 2580 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. 2581 based in part on a patch from Colin Watson, ok djm@ 2582 258320100809 2584 - OpenBSD CVS Sync 2585 - djm@cvs.openbsd.org 2010/08/08 16:26:42 2586 [version.h] 2587 crank to 5.6 2588 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2589 [contrib/suse/openssh.spec] Crank version numbers 2590 259120100805 2592 - OpenBSD CVS Sync 2593 - djm@cvs.openbsd.org 2010/08/04 05:37:01 2594 [ssh.1 ssh_config.5 sshd.8] 2595 Remove mentions of weird "addr/port" alternate address format for IPv6 2596 addresses combinations. It hasn't worked for ages and we have supported 2597 the more commen "[addr]:port" format for a long time. ok jmc@ markus@ 2598 - djm@cvs.openbsd.org 2010/08/04 05:40:39 2599 [PROTOCOL.certkeys ssh-keygen.c] 2600 tighten the rules for certificate encoding by requiring that options 2601 appear in lexical order and make our ssh-keygen comply. ok markus@ 2602 - djm@cvs.openbsd.org 2010/08/04 05:42:47 2603 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] 2604 [ssh-keysign.c ssh.c] 2605 enable certificates for hostbased authentication, from Iain Morgan; 2606 "looks ok" markus@ 2607 - djm@cvs.openbsd.org 2010/08/04 05:49:22 2608 [authfile.c] 2609 commited the wrong version of the hostbased certificate diff; this 2610 version replaces some strlc{py,at} verbosity with xasprintf() at 2611 the request of markus@ 2612 - djm@cvs.openbsd.org 2010/08/04 06:07:11 2613 [ssh-keygen.1 ssh-keygen.c] 2614 Support CA keys in PKCS#11 tokens; feedback and ok markus@ 2615 - djm@cvs.openbsd.org 2010/08/04 06:08:40 2616 [ssh-keysign.c] 2617 clean for -Wuninitialized (Id sync only; portable had this change) 2618 - djm@cvs.openbsd.org 2010/08/05 13:08:42 2619 [channels.c] 2620 Fix a trio of bugs in the local/remote window calculation for datagram 2621 data channels (i.e. TunnelForward): 2622 2623 Calculate local_consumed correctly in channel_handle_wfd() by measuring 2624 the delta to buffer_len(c->output) from when we start to when we finish. 2625 The proximal problem here is that the output_filter we use in portable 2626 modified the length of the dequeued datagram (to futz with the headers 2627 for !OpenBSD). 2628 2629 In channel_output_poll(), don't enqueue datagrams that won't fit in the 2630 peer's advertised packet size (highly unlikely to ever occur) or which 2631 won't fit in the peer's remaining window (more likely). 2632 2633 In channel_input_data(), account for the 4-byte string header in 2634 datagram packets that we accept from the peer and enqueue in c->output. 2635 2636 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; 2637 "looks good" markus@ 2638 263920100803 2640 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from 2641 PAM to sane values in case the PAM method doesn't write to them. Spotted by 2642 Bitman Zhou, ok djm@. 2643 - OpenBSD CVS Sync 2644 - djm@cvs.openbsd.org 2010/07/16 04:45:30 2645 [ssh-keygen.c] 2646 avoid bogus compiler warning 2647 - djm@cvs.openbsd.org 2010/07/16 14:07:35 2648 [ssh-rsa.c] 2649 more timing paranoia - compare all parts of the expected decrypted 2650 data before returning. AFAIK not exploitable in the SSH protocol. 2651 "groovy" deraadt@ 2652 - djm@cvs.openbsd.org 2010/07/19 03:16:33 2653 [sftp-client.c] 2654 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive 2655 upload depth checks and causing verbose printing of transfers to always 2656 be turned on; patch from imorgan AT nas.nasa.gov 2657 - djm@cvs.openbsd.org 2010/07/19 09:15:12 2658 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] 2659 add a "ControlPersist" option that automatically starts a background 2660 ssh(1) multiplex master when connecting. This connection can stay alive 2661 indefinitely, or can be set to automatically close after a user-specified 2662 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but 2663 further hacked on by wmertens AT cisco.com, apb AT cequrux.com, 2664 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ 2665 - djm@cvs.openbsd.org 2010/07/21 02:10:58 2666 [misc.c] 2667 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern 2668 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 2669 [ssh.1] 2670 Ciphers is documented in ssh_config(5) these days 2671 267220100819 2673 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more 2674 details about its behaviour WRT existing directories. Patch from 2675 asguthrie at gmail com, ok djm. 2676 267720100716 2678 - (djm) OpenBSD CVS Sync 2679 - djm@cvs.openbsd.org 2010/07/02 04:32:44 2680 [misc.c] 2681 unbreak strdelim() skipping past quoted strings, e.g. 2682 AllowUsers "blah blah" blah 2683 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com 2684 ok dtucker; 2685 - djm@cvs.openbsd.org 2010/07/12 22:38:52 2686 [ssh.c] 2687 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") 2688 for protocol 2. ok markus@ 2689 - djm@cvs.openbsd.org 2010/07/12 22:41:13 2690 [ssh.c ssh_config.5] 2691 expand %h to the hostname in ssh_config Hostname options. While this 2692 sounds useless, it is actually handy for working with unqualified 2693 hostnames: 2694 2695 Host *.* 2696 Hostname %h 2697 Host * 2698 Hostname %h.example.org 2699 2700 "I like it" markus@ 2701 - djm@cvs.openbsd.org 2010/07/13 11:52:06 2702 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] 2703 [packet.c ssh-rsa.c] 2704 implement a timing_safe_cmp() function to compare memory without leaking 2705 timing information by short-circuiting like memcmp() and use it for 2706 some of the more sensitive comparisons (though nothing high-value was 2707 readily attackable anyway); "looks ok" markus@ 2708 - djm@cvs.openbsd.org 2010/07/13 23:13:16 2709 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] 2710 [ssh-rsa.c] 2711 s/timing_safe_cmp/timingsafe_bcmp/g 2712 - jmc@cvs.openbsd.org 2010/07/14 17:06:58 2713 [ssh.1] 2714 finally ssh synopsis looks nice again! this commit just removes a ton of 2715 hacks we had in place to make it work with old groff; 2716 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 2717 [ssh-keygen.1] 2718 repair incorrect block nesting, which screwed up indentation; 2719 problem reported and fix OK by jmc@ 2720 272120100714 2722 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass 2723 (line 77) should have been for no_x11_askpass. 2724 272520100702 2726 - (djm) OpenBSD CVS Sync 2727 - jmc@cvs.openbsd.org 2010/06/26 00:57:07 2728 [ssh_config.5] 2729 tweak previous; 2730 - djm@cvs.openbsd.org 2010/06/26 23:04:04 2731 [ssh.c] 2732 oops, forgot to #include <canohost.h>; spotted and patch from chl@ 2733 - djm@cvs.openbsd.org 2010/06/29 23:15:30 2734 [ssh-keygen.1 ssh-keygen.c] 2735 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; 2736 bz#1749; ok markus@ 2737 - djm@cvs.openbsd.org 2010/06/29 23:16:46 2738 [auth2-pubkey.c sshd_config.5] 2739 allow key options (command="..." and friends) in AuthorizedPrincipals; 2740 ok markus@ 2741 - jmc@cvs.openbsd.org 2010/06/30 07:24:25 2742 [ssh-keygen.1] 2743 tweak previous; 2744 - jmc@cvs.openbsd.org 2010/06/30 07:26:03 2745 [ssh-keygen.c] 2746 sort usage(); 2747 - jmc@cvs.openbsd.org 2010/06/30 07:28:34 2748 [sshd_config.5] 2749 tweak previous; 2750 - millert@cvs.openbsd.org 2010/07/01 13:06:59 2751 [scp.c] 2752 Fix a longstanding problem where if you suspend scp at the 2753 password/passphrase prompt the terminal mode is not restored. 2754 OK djm@ 2755 - phessler@cvs.openbsd.org 2010/06/27 19:19:56 2756 [regress/Makefile] 2757 fix how we run the tests so we can successfully use SUDO='sudo -E' 2758 in our env 2759 - djm@cvs.openbsd.org 2010/06/29 23:59:54 2760 [cert-userkey.sh] 2761 regress tests for key options in AuthorizedPrincipals 2762 276320100627 2764 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs 2765 key.h. 2766 276720100626 2768 - (djm) OpenBSD CVS Sync 2769 - djm@cvs.openbsd.org 2010/05/21 05:00:36 2770 [misc.c] 2771 colon() returns char*, so s/return (0)/return NULL/ 2772 - markus@cvs.openbsd.org 2010/06/08 21:32:19 2773 [ssh-pkcs11.c] 2774 check length of value returned C_GetAttributValue for != 0 2775 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ 2776 - djm@cvs.openbsd.org 2010/06/17 07:07:30 2777 [mux.c] 2778 Correct sizing of object to be allocated by calloc(), replacing 2779 sizeof(state) with sizeof(*state). This worked by accident since 2780 the struct contained a single int at present, but could have broken 2781 in the future. patch from hyc AT symas.com 2782 - djm@cvs.openbsd.org 2010/06/18 00:58:39 2783 [sftp.c] 2784 unbreak ls in working directories that contains globbing characters in 2785 their pathnames. bz#1655 reported by vgiffin AT apple.com 2786 - djm@cvs.openbsd.org 2010/06/18 03:16:03 2787 [session.c] 2788 Missing check for chroot_director == "none" (we already checked against 2789 NULL); bz#1564 from Jan.Pechanec AT Sun.COM 2790 - djm@cvs.openbsd.org 2010/06/18 04:43:08 2791 [sftp-client.c] 2792 fix memory leak in do_realpath() error path; bz#1771, patch from 2793 anicka AT suse.cz 2794 - djm@cvs.openbsd.org 2010/06/22 04:22:59 2795 [servconf.c sshd_config.5] 2796 expose some more sshd_config options inside Match blocks: 2797 AuthorizedKeysFile AuthorizedPrincipalsFile 2798 HostbasedUsesNameFromPacketOnly PermitTunnel 2799 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ 2800 - djm@cvs.openbsd.org 2010/06/22 04:32:06 2801 [ssh-keygen.c] 2802 standardise error messages when attempting to open private key 2803 files to include "progname: filename: error reason" 2804 bz#1783; ok dtucker@ 2805 - djm@cvs.openbsd.org 2010/06/22 04:49:47 2806 [auth.c] 2807 queue auth debug messages for bad ownership or permissions on the user's 2808 keyfiles. These messages will be sent after the user has successfully 2809 authenticated (where our client will display them with LogLevel=debug). 2810 bz#1554; ok dtucker@ 2811 - djm@cvs.openbsd.org 2010/06/22 04:54:30 2812 [ssh-keyscan.c] 2813 replace verbose and overflow-prone Linebuf code with read_keyfile_line() 2814 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ 2815 - djm@cvs.openbsd.org 2010/06/22 04:59:12 2816 [session.c] 2817 include the user name on "subsystem request for ..." log messages; 2818 bz#1571; ok dtucker@ 2819 - djm@cvs.openbsd.org 2010/06/23 02:59:02 2820 [ssh-keygen.c] 2821 fix printing of extensions in v01 certificates that I broke in r1.190 2822 - djm@cvs.openbsd.org 2010/06/25 07:14:46 2823 [channels.c mux.c readconf.c readconf.h ssh.h] 2824 bz#1327: remove hardcoded limit of 100 permitopen clauses and port 2825 forwards per direction; ok markus@ stevesk@ 2826 - djm@cvs.openbsd.org 2010/06/25 07:20:04 2827 [channels.c session.c] 2828 bz#1750: fix requirement for /dev/null inside ChrootDirectory for 2829 internal-sftp accidentally introduced in r1.253 by removing the code 2830 that opens and dup /dev/null to stderr and modifying the channels code 2831 to read stderr but discard it instead; ok markus@ 2832 - djm@cvs.openbsd.org 2010/06/25 08:46:17 2833 [auth1.c auth2-none.c] 2834 skip the initial check for access with an empty password when 2835 PermitEmptyPasswords=no; bz#1638; ok markus@ 2836 - djm@cvs.openbsd.org 2010/06/25 23:10:30 2837 [ssh.c] 2838 log the hostname and address that we connected to at LogLevel=verbose 2839 after authentication is successful to mitigate "phishing" attacks by 2840 servers with trusted keys that accept authentication silently and 2841 automatically before presenting fake password/passphrase prompts; 2842 "nice!" markus@ 2843 - djm@cvs.openbsd.org 2010/06/25 23:10:30 2844 [ssh.c] 2845 log the hostname and address that we connected to at LogLevel=verbose 2846 after authentication is successful to mitigate "phishing" attacks by 2847 servers with trusted keys that accept authentication silently and 2848 automatically before presenting fake password/passphrase prompts; 2849 "nice!" markus@ 2850 285120100622 2852 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 2853 bz#1579; ok dtucker 2854 285520100618 2856 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ 2857 rather than assuming that $CWD == $HOME. bz#1500, patch from 2858 timothy AT gelter.com 2859 286020100617 2861 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete 2862 minires-devel package, and to add the reference to the libedit-devel 2863 package since CYgwin now provides libedit. Patch from Corinna Vinschen. 2864 286520100521 2866 - (djm) OpenBSD CVS Sync 2867 - djm@cvs.openbsd.org 2010/05/07 11:31:26 2868 [regress/Makefile regress/cert-userkey.sh] 2869 regress tests for AuthorizedPrincipalsFile and "principals=" key option. 2870 feedback and ok markus@ 2871 - djm@cvs.openbsd.org 2010/05/11 02:58:04 2872 [auth-rsa.c] 2873 don't accept certificates marked as "cert-authority" here; ok markus@ 2874 - djm@cvs.openbsd.org 2010/05/14 00:47:22 2875 [ssh-add.c] 2876 check that the certificate matches the corresponding private key before 2877 grafting it on 2878 - djm@cvs.openbsd.org 2010/05/14 23:29:23 2879 [channels.c channels.h mux.c ssh.c] 2880 Pause the mux channel while waiting for reply from aynch callbacks. 2881 Prevents misordering of replies if new requests arrive while waiting. 2882 2883 Extend channel open confirm callback to allow signalling failure 2884 conditions as well as success. Use this to 1) fix a memory leak, 2) 2885 start using the above pause mechanism and 3) delay sending a success/ 2886 failure message on mux slave session open until we receive a reply from 2887 the server. 2888 2889 motivated by and with feedback from markus@ 2890 - markus@cvs.openbsd.org 2010/05/16 12:55:51 2891 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] 2892 mux support for remote forwarding with dynamic port allocation, 2893 use with 2894 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` 2895 feedback and ok djm@ 2896 - djm@cvs.openbsd.org 2010/05/20 11:25:26 2897 [auth2-pubkey.c] 2898 fix logspam when key options (from="..." especially) deny non-matching 2899 keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 2900 - djm@cvs.openbsd.org 2010/05/20 23:46:02 2901 [PROTOCOL.certkeys auth-options.c ssh-keygen.c] 2902 Move the permit-* options to the non-critical "extensions" field for v01 2903 certificates. The logic is that if another implementation fails to 2904 implement them then the connection just loses features rather than fails 2905 outright. 2906 2907 ok markus@ 2908 290920100511 2910 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve 2911 circular dependency problem on old or odd platforms. From Tom Lane, ok 2912 djm@. 2913 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older 2914 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't 2915 already. ok dtucker@ 2916 291720100510 2918 - OpenBSD CVS Sync 2919 - djm@cvs.openbsd.org 2010/04/23 01:47:41 2920 [ssh-keygen.c] 2921 bz#1740: display a more helpful error message when $HOME is 2922 inaccessible while trying to create .ssh directory. Based on patch 2923 from jchadima AT redhat.com; ok dtucker@ 2924 - djm@cvs.openbsd.org 2010/04/23 22:27:38 2925 [mux.c] 2926 set "detach_close" flag when registering channel cleanup callbacks. 2927 This causes the channel to close normally when its fds close and 2928 hangs when terminating a mux slave using ~. bz#1758; ok markus@ 2929 - djm@cvs.openbsd.org 2010/04/23 22:42:05 2930 [session.c] 2931 set stderr to /dev/null for subsystems rather than just closing it. 2932 avoids hangs if a subsystem or shell initialisation writes to stderr. 2933 bz#1750; ok markus@ 2934 - djm@cvs.openbsd.org 2010/04/23 22:48:31 2935 [ssh-keygen.c] 2936 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, 2937 since we would refuse to use them anyway. bz#1516; ok dtucker@ 2938 - djm@cvs.openbsd.org 2010/04/26 22:28:24 2939 [sshconnect2.c] 2940 bz#1502: authctxt.success is declared as an int, but passed by 2941 reference to function that accepts sig_atomic_t*. Convert it to 2942 the latter; ok markus@ dtucker@ 2943 - djm@cvs.openbsd.org 2010/05/01 02:50:50 2944 [PROTOCOL.certkeys] 2945 typo; jmeltzer@ 2946 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 2947 [sftp.c] 2948 restore mput and mget which got lost in the tab-completion changes. 2949 found by Kenneth Whitaker, ok djm@ 2950 - djm@cvs.openbsd.org 2010/05/07 11:30:30 2951 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] 2952 [key.c servconf.c servconf.h sshd.8 sshd_config.5] 2953 add some optional indirection to matching of principal names listed 2954 in certificates. Currently, a certificate must include the a user's name 2955 to be accepted for authentication. This change adds the ability to 2956 specify a list of certificate principal names that are acceptable. 2957 2958 When authenticating using a CA trusted through ~/.ssh/authorized_keys, 2959 this adds a new principals="name1[,name2,...]" key option. 2960 2961 For CAs listed through sshd_config's TrustedCAKeys option, a new config 2962 option "AuthorizedPrincipalsFile" specifies a per-user file containing 2963 the list of acceptable names. 2964 2965 If either option is absent, the current behaviour of requiring the 2966 username to appear in principals continues to apply. 2967 2968 These options are useful for role accounts, disjoint account namespaces 2969 and "user@realm"-style naming policies in certificates. 2970 2971 feedback and ok markus@ 2972 - jmc@cvs.openbsd.org 2010/05/07 12:49:17 2973 [sshd_config.5] 2974 tweak previous; 2975 297620100423 2977 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 2978 in the openssl install directory (some newer openssl versions do this on at 2979 least some amd64 platforms). 2980 298120100418 2982 - OpenBSD CVS Sync 2983 - jmc@cvs.openbsd.org 2010/04/16 06:45:01 2984 [ssh_config.5] 2985 tweak previous; ok djm 2986 - jmc@cvs.openbsd.org 2010/04/16 06:47:04 2987 [ssh-keygen.1 ssh-keygen.c] 2988 tweak previous; ok djm 2989 - djm@cvs.openbsd.org 2010/04/16 21:14:27 2990 [sshconnect.c] 2991 oops, %r => remote username, not %u 2992 - djm@cvs.openbsd.org 2010/04/16 01:58:45 2993 [regress/cert-hostkey.sh regress/cert-userkey.sh] 2994 regression tests for v01 certificate format 2995 includes interop tests for v00 certs 2996 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 2997 file. 2998 299920100416 3000 - (djm) Release openssh-5.5p1 3001 - OpenBSD CVS Sync 3002 - djm@cvs.openbsd.org 2010/03/26 03:13:17 3003 [bufaux.c] 3004 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer 3005 argument to allow skipping past values in a buffer 3006 - jmc@cvs.openbsd.org 2010/03/26 06:54:36 3007 [ssh.1] 3008 tweak previous; 3009 - jmc@cvs.openbsd.org 2010/03/27 14:26:55 3010 [ssh_config.5] 3011 tweak previous; ok dtucker 3012 - djm@cvs.openbsd.org 2010/04/10 00:00:16 3013 [ssh.c] 3014 bz#1746 - suppress spurious tty warning when using -O and stdin 3015 is not a tty; ok dtucker@ markus@ 3016 - djm@cvs.openbsd.org 2010/04/10 00:04:30 3017 [sshconnect.c] 3018 fix terminology: we didn't find a certificate in known_hosts, we found 3019 a CA key 3020 - djm@cvs.openbsd.org 2010/04/10 02:08:44 3021 [clientloop.c] 3022 bz#1698: kill channel when pty allocation requests fail. Fixed 3023 stuck client if the server refuses pty allocation. 3024 ok dtucker@ "think so" markus@ 3025 - djm@cvs.openbsd.org 2010/04/10 02:10:56 3026 [sshconnect2.c] 3027 show the key type that we are offering in debug(), helps distinguish 3028 between certs and plain keys as the path to the private key is usually 3029 the same. 3030 - djm@cvs.openbsd.org 2010/04/10 05:48:16 3031 [mux.c] 3032 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au 3033 - djm@cvs.openbsd.org 2010/04/14 22:27:42 3034 [ssh_config.5 sshconnect.c] 3035 expand %r => remote username in ssh_config:ProxyCommand; 3036 ok deraadt markus 3037 - markus@cvs.openbsd.org 2010/04/15 20:32:55 3038 [ssh-pkcs11.c] 3039 retry lookup for private key if there's no matching key with CKA_SIGN 3040 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) 3041 ok djm@ 3042 - djm@cvs.openbsd.org 2010/04/16 01:47:26 3043 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] 3044 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] 3045 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] 3046 [sshconnect.c sshconnect2.c sshd.c] 3047 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the 3048 following changes: 3049 3050 move the nonce field to the beginning of the certificate where it can 3051 better protect against chosen-prefix attacks on the signature hash 3052 3053 Rename "constraints" field to "critical options" 3054 3055 Add a new non-critical "extensions" field 3056 3057 Add a serial number 3058 3059 The older format is still support for authentication and cert generation 3060 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) 3061 3062 ok markus@ 3063