| 20130423 |
| - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support |
| platforms, such as Android, that lack struct passwd.pw_gecos. Report |
| and initial patch from Nathan Osman bz#2086; feedback tim@ ok dtucker@ |
| - (djm) OpenBSD CVS Sync |
| - markus@cvs.openbsd.org 2013/03/05 20:16:09 |
| [sshconnect2.c] |
| reset pubkey order on partial success; ok djm@ |
| - djm@cvs.openbsd.org 2013/03/06 23:35:23 |
| [session.c] |
| fatal() when ChrootDirectory specified by running without root privileges; |
| ok markus@ |
| - djm@cvs.openbsd.org 2013/03/06 23:36:53 |
| [readconf.c] |
| g/c unused variable (-Wunused) |
| - djm@cvs.openbsd.org 2013/03/07 00:19:59 |
| [auth2-pubkey.c monitor.c] |
| reconstruct the original username that was sent by the client, which may |
| have included a style (e.g. "root:skey") when checking public key |
| signatures. Fixes public key and hostbased auth when the client specified |
| a style; ok markus@ |
| - markus@cvs.openbsd.org 2013/03/07 19:27:25 |
| [auth.h auth2-chall.c auth2.c monitor.c sshd_config.5] |
| add submethod support to AuthenticationMethods; ok and freedback djm@ |
| - djm@cvs.openbsd.org 2013/03/08 06:32:58 |
| [ssh.c] |
| allow "ssh -f none ..." ok markus@ |
| - djm@cvs.openbsd.org 2013/04/05 00:14:00 |
| [auth2-gss.c krl.c sshconnect2.c] |
| hush some {unused, printf type} warnings |
| - djm@cvs.openbsd.org 2013/04/05 00:31:49 |
| [pathnames.h] |
| use the existing _PATH_SSH_USER_RC define to construct the other |
| pathnames; bz#2077, ok dtucker@ (no binary change) |
| - djm@cvs.openbsd.org 2013/04/05 00:58:51 |
| [mux.c] |
| cleanup mux-created channels that are in SSH_CHANNEL_OPENING state too |
| (in addition to ones already in OPEN); bz#2079, ok dtucker@ |
| - markus@cvs.openbsd.org 2013/04/06 16:07:00 |
| [channels.c sshd.c] |
| handle ECONNABORTED for accept(); ok deraadt some time ago... |
| - dtucker@cvs.openbsd.org 2013/04/07 02:10:33 |
| [log.c log.h ssh.1 ssh.c sshd.8 sshd.c] |
| Add -E option to ssh and sshd to append debugging logs to a specified file |
| instead of stderr or syslog. ok markus@, man page help jmc@ |
| - dtucker@cvs.openbsd.org 2013/04/07 09:40:27 |
| [sshd.8] |
| clarify -e text. suggested by & ok jmc@ |
| |
| 20130418 |
| - (djm) [config.guess config.sub] Update to last versions before they switch |
| to GPL3. ok dtucker@ |
| - (dtucker) [configure.ac] Use -Qunused-arguments to suppress warnings from |
| unused argument warnings (in particular, -fno-builtin-memset) from clang. |
| |
| 20130404 |
| - (dtucker) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 |
| [readconf.c ssh.c readconf.h sshconnect2.c] |
| Keep track of which IndentityFile options were manually supplied and which |
| were default options, and don't warn if the latter are missing. |
| ok markus@ |
| - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 |
| [krl.c] |
| Remove bogus include. ok djm |
| - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 |
| [ssh.c readconf.c readconf.h] |
| Don't complain if IdentityFiles specified in system-wide configs are |
| missing. ok djm, deraadt. |
| - markus@cvs.openbsd.org 2013/02/22 19:13:56 |
| [sshconnect.c] |
| support ProxyCommand=- (stdin/out already point to the proxy); ok djm@ |
| - djm@cvs.openbsd.org 2013/02/22 22:09:01 |
| [ssh.c] |
| Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier |
| version) |
| |
| 20130401 |
| - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h |
| to avoid conflicting definitions of __int64, adding the required bits. |
| Patch from Corinna Vinschen. |
| |
| 20120323 |
| - (tim) [Makefile.in] remove some duplication introduced in 20130220 commit. |
| |
| 20120322 |
| - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil |
| Hands' greatly revised version. |
| - (djm) Release 6.2p1 |
| - (dtucker) [configure.ac] Add stdlib.h to zlib check for exit() prototype. |
| - (dtucker) [includes.h] Check if _GNU_SOURCE is already defined before |
| defining it again. Prevents warnings if someone, eg, sets it in CFLAGS. |
| |
| 20120318 |
| - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] |
| [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's |
| so mark it as broken. Patch from des AT des.no |
| |
| 20120317 |
| - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none |
| of the bits the configure test looks for. |
| |
| 20120316 |
| - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform |
| is unable to successfully compile them. Based on patch from des AT |
| des.no |
| - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] |
| Add a usleep replacement for platforms that lack it; ok dtucker |
| - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to |
| occur after UID switch; patch from John Marshall via des AT des.no; |
| ok dtucker@ |
| |
| 20120312 |
| - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] |
| Improve portability of cipher-speed test, based mostly on a patch from |
| Iain Morgan. |
| - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") |
| in addition to root as an owner of system directories on AIX and HP-UX. |
| ok djm@ |
| |
| 20130307 |
| - (dtucker) [INSTALL] Bump documented autoconf version to what we're |
| currently using. |
| - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it |
| was removed in configure.ac rev 1.481 as it was redundant. |
| - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days |
| ago. |
| - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a |
| chance to complete on broken systems; ok dtucker@ |
| |
| 20130306 |
| - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding |
| connection to start so that the test works on slower machines. |
| - (dtucker) [configure.ac] test that we can set number of file descriptors |
| to zero with setrlimit before enabling the rlimit sandbox. This affects |
| (at least) HPUX 11.11. |
| |
| 20130305 |
| - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for |
| HP/UX. Spotted by Kevin Brott |
| - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by |
| Amit Kulkarni and Kevin Brott. |
| - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure |
| build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin |
| Brott. |
| - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. |
| |
| 20130227 |
| - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] Crank version numbers |
| - (tim) [regress/forward-control.sh] use sh in case login shell is csh. |
| - (tim) [regress/integrity.sh] shell portability fix. |
| - (tim) [regress/integrity.sh] keep old solaris awk from hanging. |
| - (tim) [regress/krl.sh] keep old solaris awk from hanging. |
| |
| 20130226 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/02/20 08:27:50 |
| [integrity.sh] |
| Add an option to modpipe that warns if the modification offset it not |
| reached in it's stream and turn it on for t-integrity. This should catch |
| cases where the session is not fuzzed for being too short (cf. my last |
| "oops" commit) |
| - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage |
| for UsePAM=yes configuration |
| |
| 20130225 |
| - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed |
| to use Solaris native GSS libs. Patch from Pierre Ossman. |
| |
| 20130223 |
| - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer |
| bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. |
| ok tim |
| |
| 20130222 |
| - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to |
| ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. |
| - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named |
| libgss too. Patch from Pierre Ossman, ok djm. |
| - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux |
| seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; |
| ok dtucker |
| |
| 20130221 |
| - (tim) [regress/forward-control.sh] shell portability fix. |
| |
| 20130220 |
| - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. |
| - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded |
| err.h include from krl.c. Additional portability fixes for modpipe. OK djm |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/02/20 08:27:50 |
| [regress/integrity.sh regress/modpipe.c] |
| Add an option to modpipe that warns if the modification offset it not |
| reached in it's stream and turn it on for t-integrity. This should catch |
| cases where the session is not fuzzed for being too short (cf. my last |
| "oops" commit) |
| - djm@cvs.openbsd.org 2013/02/20 08:29:27 |
| [regress/modpipe.c] |
| s/Id/OpenBSD/ in RCS tag |
| |
| 20130219 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/02/18 22:26:47 |
| [integrity.sh] |
| crank the offset yet again; it was still fuzzing KEX one of Darren's |
| portable test hosts at 2800 |
| - djm@cvs.openbsd.org 2013/02/19 02:14:09 |
| [integrity.sh] |
| oops, forgot to increase the output of the ssh command to ensure that |
| we actually reach $offset |
| - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that |
| lack support for SHA2. |
| - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms |
| that do not have them. |
| |
| 20130217 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/02/17 23:16:55 |
| [integrity.sh] |
| make the ssh command generates some output to ensure that there are at |
| least offset+tries bytes in the stream. |
| |
| 20130216 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/02/16 06:08:45 |
| [integrity.sh] |
| make sure the fuzz offset is actually past the end of KEX for all KEX |
| types. diffie-hellman-group-exchange-sha256 requires an offset around |
| 2700. Noticed via test failures in portable OpenSSH on platforms that |
| lack ECC and this the more byte-frugal ECDH KEX algorithms. |
| |
| 20130215 |
| - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from |
| Iain Morgan |
| - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] |
| Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). |
| - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c |
| openbsd-compat/openbsd-compat.h] Add strtoull to compat library for |
| platforms that don't have it. |
| - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, |
| group strto* function prototypes together. |
| - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes |
| an argument. Pointed out by djm. |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/02/14 21:35:59 |
| [auth2-pubkey.c] |
| Correct error message that had a typo and was logging the wrong thing; |
| patch from Petr Lautrbach |
| - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 |
| [sshconnect2.c] |
| Warn more loudly if an IdentityFile provided by the user cannot be read. |
| bz #1981, ok djm@ |
| |
| 20130214 |
| - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. |
| - (djm) [regress/krl.sh] typo; found by Iain Morgan |
| - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead |
| of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by |
| Iain Morgan |
| |
| 20130212 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/01/24 21:45:37 |
| [krl.c] |
| fix handling of (unused) KRL signatures; skip string in correct buffer |
| - djm@cvs.openbsd.org 2013/01/24 22:08:56 |
| [krl.c] |
| skip serial lookup when cert's serial number is zero |
| - krw@cvs.openbsd.org 2013/01/25 05:00:27 |
| [krl.c] |
| Revert last. Breaks due to likely typo. Let djm@ fix later. |
| ok djm@ via dlg@ |
| - djm@cvs.openbsd.org 2013/01/25 10:22:19 |
| [krl.c] |
| redo last commit without the vi-vomit that snuck in: |
| skip serial lookup when cert's serial number is zero |
| (now with 100% better comment) |
| - djm@cvs.openbsd.org 2013/01/26 06:11:05 |
| [Makefile.in acss.c acss.h cipher-acss.c cipher.c] |
| [openbsd-compat/openssl-compat.h] |
| remove ACSS, now that it is gone from libcrypto too |
| - djm@cvs.openbsd.org 2013/01/27 10:06:12 |
| [krl.c] |
| actually use the xrealloc() return value; spotted by xi.wang AT gmail.com |
| - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 |
| [servconf.c sshd_config sshd_config.5] |
| Change default of MaxStartups to 10:30:100 to start doing random early |
| drop at 10 connections up to 100 connections. This will make it harder |
| to DoS as CPUs have come a long way since the original value was set |
| back in 2000. Prompted by nion at debian org, ok markus@ |
| - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 |
| [auth.c] |
| Fix comment, from jfree.e1 at gmail |
| - djm@cvs.openbsd.org 2013/02/08 00:41:12 |
| [sftp.c] |
| fix NULL deref when built without libedit and control characters |
| entered as command; debugging and patch from Iain Morgan an |
| Loganaden Velvindron in bz#1956 |
| - markus@cvs.openbsd.org 2013/02/10 21:19:34 |
| [version.h] |
| openssh 6.2 |
| - djm@cvs.openbsd.org 2013/02/10 23:32:10 |
| [ssh-keygen.c] |
| append to moduli file when screening candidates rather than overwriting. |
| allows resumption of interrupted screen; patch from Christophe Garault |
| in bz#1957; ok dtucker@ |
| - djm@cvs.openbsd.org 2013/02/10 23:35:24 |
| [packet.c] |
| record "Received disconnect" messages at ERROR rather than INFO priority, |
| since they are abnormal and result in a non-zero ssh exit status; patch |
| from Iain Morgan in bz#2057; ok dtucker@ |
| - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 |
| [sshd.c] |
| Add openssl version to debug output similar to the client. ok markus@ |
| - djm@cvs.openbsd.org 2013/02/11 23:58:51 |
| [regress/try-ciphers.sh] |
| remove acss here too |
| - (djm) [regress/try-ciphers.sh] clean up CVS merge botch |
| |
| 20130211 |
| - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old |
| libcrypto that lacks EVP_CIPHER_CTX_ctrl |
| |
| 20130208 |
| - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; |
| patch from Iain Morgan in bz#2059 |
| - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows |
| __attribute__ on return values and work around if necessary. ok djm@ |
| |
| 20130207 |
| - (djm) [configure.ac] Don't probe seccomp capability of running kernel |
| at configure time; the seccomp sandbox will fall back to rlimit at |
| runtime anyway. Patch from plautrba AT redhat.com in bz#2011 |
| |
| 20130120 |
| - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] |
| Move prototypes for replacement ciphers to openssl-compat.h; fix EVP |
| prototypes for openssl-1.0.0-fips. |
| - (djm) OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2013/01/18 07:57:47 |
| [ssh-keygen.1] |
| tweak previous; |
| - jmc@cvs.openbsd.org 2013/01/18 07:59:46 |
| [ssh-keygen.c] |
| -u before -V in usage(); |
| - jmc@cvs.openbsd.org 2013/01/18 08:00:49 |
| [sshd_config.5] |
| tweak previous; |
| - jmc@cvs.openbsd.org 2013/01/18 08:39:04 |
| [ssh-keygen.1] |
| add -Q to the options list; ok djm |
| - jmc@cvs.openbsd.org 2013/01/18 21:48:43 |
| [ssh-keygen.1] |
| command-line (adj.) -> command line (n.); |
| - jmc@cvs.openbsd.org 2013/01/19 07:13:25 |
| [ssh-keygen.1] |
| fix some formatting; ok djm |
| - markus@cvs.openbsd.org 2013/01/19 12:34:55 |
| [krl.c] |
| RB_INSERT does not remove existing elments; ok djm@ |
| - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer |
| version. |
| - (djm) [regress/krl.sh] replacement for jot; most platforms lack it |
| |
| 20130118 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/01/17 23:00:01 |
| [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] |
| [krl.c krl.h PROTOCOL.krl] |
| add support for Key Revocation Lists (KRLs). These are a compact way to |
| represent lists of revoked keys and certificates, taking as little as |
| a single bit of incremental cost to revoke a certificate by serial number. |
| KRLs are loaded via the existing RevokedKeys sshd_config option. |
| feedback and ok markus@ |
| - djm@cvs.openbsd.org 2013/01/18 00:45:29 |
| [regress/Makefile regress/cert-userkey.sh regress/krl.sh] |
| Tests for Key Revocation Lists (KRLs) |
| - djm@cvs.openbsd.org 2013/01/18 03:00:32 |
| [krl.c] |
| fix KRL generation bug for list sections |
| |
| 20130117 |
| - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] |
| check for GCM support before testing GCM ciphers. |
| |
| 20130112 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2013/01/12 11:22:04 |
| [cipher.c] |
| improve error message for integrity failure in AES-GCM modes; ok markus@ |
| - djm@cvs.openbsd.org 2013/01/12 11:23:53 |
| [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] |
| test AES-GCM modes; feedback markus@ |
| - (djm) [regress/integrity.sh] repair botched merge |
| |
| 20130109 |
| - (djm) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 |
| [auth.c] |
| use correct string in error message; from rustybsd at gmx.fr |
| - djm@cvs.openbsd.org 2013/01/02 00:32:07 |
| [clientloop.c mux.c] |
| channel_setup_local_fwd_listener() returns 0 on failure, not -ve |
| bz#2055 reported by mathieu.lacage AT gmail.com |
| - djm@cvs.openbsd.org 2013/01/02 00:33:49 |
| [PROTOCOL.agent] |
| correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED |
| bz#2051 from david AT lechnology.com |
| - djm@cvs.openbsd.org 2013/01/03 05:49:36 |
| [servconf.h] |
| add a couple of ServerOptions members that should be copied to the privsep |
| child (for consistency, in this case they happen only to be accessed in |
| the monitor); ok dtucker@ |
| - djm@cvs.openbsd.org 2013/01/03 12:49:01 |
| [PROTOCOL] |
| fix description of MAC calculation for EtM modes; ok markus@ |
| - djm@cvs.openbsd.org 2013/01/03 12:54:49 |
| [sftp-server.8 sftp-server.c] |
| allow specification of an alternate start directory for sftp-server(8) |
| "I like this" markus@ |
| - djm@cvs.openbsd.org 2013/01/03 23:22:58 |
| [ssh-keygen.c] |
| allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... |
| ok markus@ |
| - jmc@cvs.openbsd.org 2013/01/04 19:26:38 |
| [sftp-server.8 sftp-server.c] |
| sftp-server.8: add argument name to -d |
| sftp-server.c: add -d to usage() |
| ok djm |
| - markus@cvs.openbsd.org 2013/01/08 18:49:04 |
| [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] |
| [myproposal.h packet.c ssh_config.5 sshd_config.5] |
| support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) |
| ok and feedback djm@ |
| - djm@cvs.openbsd.org 2013/01/09 05:40:17 |
| [ssh-keygen.c] |
| correctly initialise fingerprint type for fingerprinting PKCS#11 keys |
| - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] |
| Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little |
| cipher compat code to openssl-compat.h |
| |
| 20121217 |
| - (dtucker) [Makefile.in] Add some scaffolding so that the new regress |
| tests will work with VPATH directories. |
| |
| 20121213 |
| - (djm) OpenBSD CVS Sync |
| - markus@cvs.openbsd.org 2012/12/12 16:45:52 |
| [packet.c] |
| reset incoming_packet buffer for each new packet in EtM-case, too; |
| this happens if packets are parsed only parially (e.g. ignore |
| messages sent when su/sudo turn off echo); noted by sthen/millert |
| - naddy@cvs.openbsd.org 2012/12/12 16:46:10 |
| [cipher.c] |
| use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled |
| counter mode code; ok djm@ |
| - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our |
| compat code for older OpenSSL |
| - (djm) [cipher.c] Fix missing prototype for compat code |
| |
| 20121212 |
| - (djm) OpenBSD CVS Sync |
| - markus@cvs.openbsd.org 2012/12/11 22:16:21 |
| [monitor.c] |
| drain the log messages after receiving the keystate from the unpriv |
| child. otherwise it might block while sending. ok djm@ |
| - markus@cvs.openbsd.org 2012/12/11 22:31:18 |
| [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] |
| [packet.c ssh_config.5 sshd_config.5] |
| add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms |
| that change the packet format and compute the MAC over the encrypted |
| message (including the packet size) instead of the plaintext data; |
| these EtM modes are considered more secure and used by default. |
| feedback and ok djm@ |
| - sthen@cvs.openbsd.org 2012/12/11 22:51:45 |
| [mac.c] |
| fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ |
| - markus@cvs.openbsd.org 2012/12/11 22:32:56 |
| [regress/try-ciphers.sh] |
| add etm modes |
| - markus@cvs.openbsd.org 2012/12/11 22:42:11 |
| [regress/Makefile regress/modpipe.c regress/integrity.sh] |
| test the integrity of the packets; with djm@ |
| - markus@cvs.openbsd.org 2012/12/11 23:12:13 |
| [try-ciphers.sh] |
| add hmac-ripemd160-etm@openssh.com |
| - (djm) [mac.c] fix merge botch |
| - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test |
| work on platforms without 'jot' |
| - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip |
| - (djm) [regress/Makefile] fix t-exec rule |
| |
| 20121207 |
| - (dtucker) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/12/06 06:06:54 |
| [regress/keys-command.sh] |
| Fix some problems with the keys-command test: |
| - use string comparison rather than numeric comparison |
| - check for existing KEY_COMMAND file and don't clobber if it exists |
| - clean up KEY_COMMAND file if we do create it. |
| - check that KEY_COMMAND is executable (which it won't be if eg /var/run |
| is mounted noexec). |
| ok djm. |
| - jmc@cvs.openbsd.org 2012/12/03 08:33:03 |
| [ssh-add.1 sshd_config.5] |
| tweak previous; |
| - markus@cvs.openbsd.org 2012/12/05 15:42:52 |
| [ssh-add.c] |
| prevent double-free of comment; ok djm@ |
| - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 |
| [serverloop.c] |
| Cast signal to int for logging. A no-op on openbsd (they're always ints) |
| but will prevent warnings in portable. ok djm@ |
| |
| 20121205 |
| - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@. |
| |
| 20121203 |
| - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get |
| TAILQ_FOREACH_SAFE needed for upcoming changes. |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2012/12/02 20:26:11 |
| [ssh_config.5 sshconnect2.c] |
| Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. |
| This allows control of which keys are offered from tokens using |
| IdentityFile. ok markus@ |
| - djm@cvs.openbsd.org 2012/12/02 20:42:15 |
| [ssh-add.1 ssh-add.c] |
| make deleting explicit keys "ssh-add -d" symmetric with adding keys - |
| try to delete the corresponding certificate too and respect the -k option |
| to allow deleting of the key only; feedback and ok markus@ |
| - djm@cvs.openbsd.org 2012/12/02 20:46:11 |
| [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] |
| [sshd_config.5] |
| make AllowTcpForwarding accept "local" and "remote" in addition to its |
| current "yes"/"no" to allow the server to specify whether just local or |
| remote TCP forwarding is enabled. ok markus@ |
| - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 |
| [regress/cipher-speed.sh regress/try-ciphers.sh] |
| Add umac-128@openssh.com to the list of MACs to be tested |
| - djm@cvs.openbsd.org 2012/10/19 05:10:42 |
| [regress/cert-userkey.sh] |
| include a serial number when generating certs |
| - djm@cvs.openbsd.org 2012/11/22 22:49:30 |
| [regress/Makefile regress/keys-command.sh] |
| regress for AuthorizedKeysCommand; hints from markus@ |
| - djm@cvs.openbsd.org 2012/12/02 20:47:48 |
| [Makefile regress/forward-control.sh] |
| regress for AllowTcpForwarding local/remote; ok markus@ |
| - djm@cvs.openbsd.org 2012/12/03 00:14:06 |
| [auth2-chall.c ssh-keygen.c] |
| Fix compilation with -Wall -Werror (trivial type fixes) |
| - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation |
| debugging. ok dtucker@ |
| - (djm) [configure.ac] Revert previous. configure.ac already does this |
| for us. |
| |
| 20121114 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2012/11/14 02:24:27 |
| [auth2-pubkey.c] |
| fix username passed to helper program |
| prepare stdio fds before closefrom() |
| spotted by landry@ |
| - djm@cvs.openbsd.org 2012/11/14 02:32:15 |
| [ssh-keygen.c] |
| allow the full range of unsigned serial numbers; 'fine' deraadt@ |
| - djm@cvs.openbsd.org 2012/12/02 20:34:10 |
| [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] |
| [monitor.c monitor.h] |
| Fixes logging of partial authentication when privsep is enabled |
| Previously, we recorded "Failed xxx" since we reset authenticated before |
| calling auth_log() in auth2.c. This adds an explcit "Partial" state. |
| |
| Add a "submethod" to auth_log() to report which submethod is used |
| for keyboard-interactive. |
| |
| Fix multiple authentication when one of the methods is |
| keyboard-interactive. |
| |
| ok markus@ |
| - dtucker@cvs.openbsd.org 2012/10/05 02:05:30 |
| [regress/multiplex.sh] |
| Use 'kill -0' to test for the presence of a pid since it's more portable |
| |
| 20121107 |
| - (djm) OpenBSD CVS Sync |
| - eric@cvs.openbsd.org 2011/11/28 08:46:27 |
| [moduli.5] |
| fix formula |
| ok djm@ |
| - jmc@cvs.openbsd.org 2012/09/26 17:34:38 |
| [moduli.5] |
| last stage of rfc changes, using consistent Rs/Re blocks, and moving the |
| references into a STANDARDS section; |
| |
| 20121105 |
| - (dtucker) [uidswap.c openbsd-compat/Makefile.in |
| openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h |
| openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids |
| and gids from uidswap.c to the compat library, which allows it to work with |
| the new setresuid calls in auth2-pubkey. with tim@, ok djm@ |
| - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that |
| don't have it. Spotted by tim@. |
| |
| 20121104 |
| - (djm) OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2012/10/31 08:04:50 |
| [sshd_config.5] |
| tweak previous; |
| - djm@cvs.openbsd.org 2012/11/04 10:38:43 |
| [auth2-pubkey.c sshd.c sshd_config.5] |
| Remove default of AuthorizedCommandUser. Administrators are now expected |
| to explicitly specify a user. feedback and ok markus@ |
| - djm@cvs.openbsd.org 2012/11/04 11:09:15 |
| [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] |
| [sshd_config.5] |
| Support multiple required authentication via an AuthenticationMethods |
| option. This option lists one or more comma-separated lists of |
| authentication method names. Successful completion of all the methods in |
| any list is required for authentication to complete; |
| feedback and ok markus@ |
| |
| 20121030 |
| - (djm) OpenBSD CVS Sync |
| - markus@cvs.openbsd.org 2012/10/05 12:34:39 |
| [sftp.c] |
| fix signed vs unsigned warning; feedback & ok: djm@ |
| - djm@cvs.openbsd.org 2012/10/30 21:29:55 |
| [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] |
| [sshd.c sshd_config sshd_config.5] |
| new sshd_config option AuthorizedKeysCommand to support fetching |
| authorized_keys from a command in addition to (or instead of) from |
| the filesystem. The command is run as the target server user unless |
| another specified via a new AuthorizedKeysCommandUser option. |
| |
| patch originally by jchadima AT redhat.com, reworked by me; feedback |
| and ok markus@ |
| |
| 20121019 |
| - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in |
| the generated file as intended. |
| |
| 20121005 |
| - (dtucker) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2012/09/17 09:54:44 |
| [sftp.c] |
| an XXX for later |
| - markus@cvs.openbsd.org 2012/09/17 13:04:11 |
| [packet.c] |
| clear old keys on rekeing; ok djm |
| - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 |
| [sftp.c] |
| Add bounds check on sftp tab-completion. Part of a patch from from |
| Jean-Marc Robert via tech@, ok djm |
| - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 |
| [sftp.c] |
| Fix improper handling of absolute paths when PWD is part of the completed |
| path. Patch from Jean-Marc Robert via tech@, ok djm. |
| - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 |
| [sftp.c] |
| Fix handling of filenames containing escaped globbing characters and |
| escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. |
| - jmc@cvs.openbsd.org 2012/09/26 16:12:13 |
| [ssh.1] |
| last stage of rfc changes, using consistent Rs/Re blocks, and moving the |
| references into a STANDARDS section; |
| - naddy@cvs.openbsd.org 2012/10/01 13:59:51 |
| [monitor_wrap.c] |
| pasto; ok djm@ |
| - djm@cvs.openbsd.org 2012/10/02 07:07:45 |
| [ssh-keygen.c] |
| fix -z option, broken in revision 1.215 |
| - markus@cvs.openbsd.org 2012/10/04 13:21:50 |
| [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] |
| add umac128 variant; ok djm@ at n2k12 |
| - dtucker@cvs.openbsd.org 2012/09/06 04:11:07 |
| [regress/try-ciphers.sh] |
| Restore missing space. (Id sync only). |
| - dtucker@cvs.openbsd.org 2012/09/09 11:51:25 |
| [regress/multiplex.sh] |
| Add test for ssh -Ostop |
| - dtucker@cvs.openbsd.org 2012/09/10 00:49:21 |
| [regress/multiplex.sh] |
| Log -O cmd output to the log file and make logging consistent with the |
| other tests. Test clean shutdown of an existing channel when testing |
| "stop". |
| - dtucker@cvs.openbsd.org 2012/09/10 01:51:19 |
| [regress/multiplex.sh] |
| use -Ocheck and waiting for completions by PID to make multiplexing test |
| less racy and (hopefully) more reliable on slow hardware. |
| - [Makefile umac.c] Add special-case target to build umac128.o. |
| - [umac.c] Enforce allowed umac output sizes. From djm@. |
| - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom". |
| |
| 20120917 |
| - (dtucker) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/09/13 23:37:36 |
| [servconf.c] |
| Fix comment line length |
| - markus@cvs.openbsd.org 2012/09/14 16:51:34 |
| [sshconnect.c] |
| remove unused variable |
| |
| 20120907 |
| - (dtucker) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/09/06 09:50:13 |
| [clientloop.c] |
| Make the escape command help (~?) context sensitive so that only commands |
| that will work in the current session are shown. ok markus@ |
| - jmc@cvs.openbsd.org 2012/09/06 13:57:42 |
| [ssh.1] |
| missing letter in previous; |
| - dtucker@cvs.openbsd.org 2012/09/07 00:30:19 |
| [clientloop.c] |
| Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ |
| - dtucker@cvs.openbsd.org 2012/09/07 01:10:21 |
| [clientloop.c] |
| Merge escape help text for ~v and ~V; ok djm@ |
| - dtucker@cvs.openbsd.org 2012/09/07 06:34:21 |
| [clientloop.c] |
| when muxmaster is run with -N, make it shut down gracefully when a client |
| sends it "-O stop" rather than hanging around (bz#1985). ok djm@ |
| |
| 20120906 |
| - (dtucker) OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2012/08/15 18:25:50 |
| [ssh-keygen.1] |
| a little more info on certificate validity; |
| requested by Ross L Richardson, and provided by djm |
| - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 |
| [clientloop.c clientloop.h mux.c] |
| Force a clean shutdown of ControlMaster client sessions when the ~. escape |
| sequence is used. This means that ~. should now work in mux clients even |
| if the server is no longer responding. Found by tedu, ok djm. |
| - djm@cvs.openbsd.org 2012/08/17 01:22:56 |
| [kex.c] |
| add some comments about better handling first-KEX-follows notifications |
| from the server. Nothing uses these right now. No binary change |
| - djm@cvs.openbsd.org 2012/08/17 01:25:58 |
| [ssh-keygen.c] |
| print details of which host lines were deleted when using |
| "ssh-keygen -R host"; ok markus@ |
| - djm@cvs.openbsd.org 2012/08/17 01:30:00 |
| [compat.c sshconnect.c] |
| Send client banner immediately, rather than waiting for the server to |
| move first for SSH protocol 2 connections (the default). Patch based on |
| one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ |
| - dtucker@cvs.openbsd.org 2012/09/06 04:37:39 |
| [clientloop.c log.c ssh.1 log.h] |
| Add ~v and ~V escape sequences to raise and lower the logging level |
| respectively. Man page help from jmc, ok deraadt jmc |
| |
| 20120830 |
| - (dtucker) [moduli] Import new moduli file. |
| |
| 20120828 |
| - (djm) Release openssh-6.1 |
| |
| 20120828 |
| - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN |
| for compatibility with future mingw-w64 headers. Patch from vinschen at |
| redhat com. |
| |
| 20120822 |
| - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] Update version numbers |
| |
| 20120731 |
| - (djm) OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2012/07/06 06:38:03 |
| [ssh-keygen.c] |
| missing full stop in usage(); |
| - djm@cvs.openbsd.org 2012/07/10 02:19:15 |
| [servconf.c servconf.h sshd.c sshd_config] |
| Turn on systrace sandboxing of pre-auth sshd by default for new installs |
| by shipping a config that overrides the current UsePrivilegeSeparation=yes |
| default. Make it easier to flip the default in the future by adding too. |
| prodded markus@ feedback dtucker@ "get it in" deraadt@ |
| - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 |
| [servconf.c] |
| handle long comments in config files better. bz#2025, ok markus |
| - markus@cvs.openbsd.org 2012/07/22 18:19:21 |
| [version.h] |
| openssh 6.1 |
| |
| 20120720 |
| - (dtucker) Import regened moduli file. |
| |
| 20120706 |
| - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is |
| not available. Allows use of sshd compiled on host with a filter-capable |
| kernel on hosts that lack the support. bz#2011 ok dtucker@ |
| - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no |
| unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT |
| esperi.org.uk; ok dtucker@ |
| - (djm) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 |
| [moduli.c ssh-keygen.1 ssh-keygen.c] |
| Add options to specify starting line number and number of lines to process |
| when screening moduli candidates. This allows processing of different |
| parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ |
| - djm@cvs.openbsd.org 2012/07/06 01:37:21 |
| [mux.c] |
| fix memory leak of passed-in environment variables and connection |
| context when new session message is malformed; bz#2003 from Bert.Wesarg |
| AT googlemail.com |
| - djm@cvs.openbsd.org 2012/07/06 01:47:38 |
| [ssh.c] |
| move setting of tty_flag to after config parsing so RequestTTY options |
| are correctly picked up. bz#1995 patch from przemoc AT gmail.com; |
| ok dtucker@ |
| |
| 20120704 |
| - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for |
| platforms that don't have it. "looks good" tim@ |
| |
| 20120703 |
| - (dtucker) [configure.ac] Detect platforms that can't use select(2) with |
| setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. |
| - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not |
| setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its |
| benefit is minor, so it's not worth disabling the sandbox if it doesn't |
| work. |
| |
| 20120702 |
| - (dtucker) OpenBSD CVS Sync |
| - naddy@cvs.openbsd.org 2012/06/29 13:57:25 |
| [ssh_config.5 sshd_config.5] |
| match the documented MAC order of preference to the actual one; |
| ok dtucker@ |
| - markus@cvs.openbsd.org 2012/06/30 14:35:09 |
| [sandbox-systrace.c sshd.c] |
| fix a during the load of the sandbox policies (child can still make |
| the read-syscall and wait forever for systrace-answers) by replacing |
| the read/write synchronisation with SIGSTOP/SIGCONT; |
| report and help hshoexer@; ok djm@, dtucker@ |
| - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 |
| [ssh.c] |
| set interactive ToS for forwarded X11 sessions. ok djm@ |
| - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 |
| [ssh-pkcs11-helper.c sftp-client.c] |
| fix a couple of "assigned but not used" warnings. ok markus@ |
| - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 |
| [regress/connect-privsep.sh] |
| remove exit from end of test since it prevents reporting failure |
| - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] |
| Move cygwin detection to test-exec and use to skip reexec test on cygwin. |
| - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. |
| |
| 20120629 |
| - OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 |
| [addrmatch.c] |
| fix strlcpy truncation check. from carsten at debian org, ok markus |
| - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 |
| [monitor.c sshconnect2.c] |
| remove dead code following 'for (;;)' loops. |
| From Steve.McClellan at radisys com, ok markus@ |
| - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 |
| [sftp.c] |
| Remove unused variable leftover from tab-completion changes. |
| From Steve.McClellan at radisys com, ok markus@ |
| - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 |
| [sandbox-systrace.c] |
| Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation |
| sandbox" since malloc now uses it. From johnw.mail at gmail com. |
| - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 |
| [mac.c myproposal.h ssh_config.5 sshd_config.5] |
| Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed |
| from draft6 of the spec and will not be in the RFC when published. Patch |
| from mdb at juniper net via bz#2023, ok markus. |
| - naddy@cvs.openbsd.org 2012/06/29 13:57:25 |
| [ssh_config.5 sshd_config.5] |
| match the documented MAC order of preference to the actual one; ok dtucker@ |
| - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 |
| [regress/addrmatch.sh] |
| Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests |
| to match. Feedback and ok djm@ markus@. |
| - djm@cvs.openbsd.org 2012/06/01 00:47:35 |
| [regress/multiplex.sh regress/forwarding.sh] |
| append to rather than truncate test log; bz#2013 from openssh AT |
| roumenpetrov.info |
| - djm@cvs.openbsd.org 2012/06/01 00:52:52 |
| [regress/sftp-cmds.sh] |
| don't delete .* on cleanup due to unintended env expansion; pointed out in |
| bz#2014 by openssh AT roumenpetrov.info |
| - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 |
| [regress/connect-privsep.sh] |
| test sandbox with every malloc option |
| - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 |
| [regress/try-ciphers.sh regress/cipher-speed.sh] |
| Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed |
| from draft6 of the spec and will not be in the RFC when published. Patch |
| from mdb at juniper net via bz#2023, ok markus. |
| - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. |
| - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have |
| the required functions in libcrypto. |
| |
| 20120628 |
| - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null |
| pointer deref in the client when built with LDNS and using DNSSEC with a |
| CNAME. Patch from gregdlg+mr at hochet info. |
| |
| 20120622 |
| - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as |
| can logon as a service. Patch from vinschen at redhat com. |
| |
| 20120620 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/12/02 00:41:56 |
| [mux.c] |
| fix bz#1948: ssh -f doesn't fork for multiplexed connection. |
| ok dtucker@ |
| - djm@cvs.openbsd.org 2011/12/04 23:16:12 |
| [mux.c] |
| revert: |
| > revision 1.32 |
| > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 |
| > fix bz#1948: ssh -f doesn't fork for multiplexed connection. |
| > ok dtucker@ |
| it interacts badly with ControlPersist |
| - djm@cvs.openbsd.org 2012/01/07 21:11:36 |
| [mux.c] |
| fix double-free in new session handler |
| NB. Id sync only |
| - djm@cvs.openbsd.org 2012/05/23 03:28:28 |
| [dns.c dns.h key.c key.h ssh-keygen.c] |
| add support for RFC6594 SSHFP DNS records for ECDSA key types. |
| patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ |
| (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black) |
| - djm@cvs.openbsd.org 2012/06/01 00:49:35 |
| [PROTOCOL.mux] |
| correct types of port numbers (integers, not strings); bz#2004 from |
| bert.wesarg AT googlemail.com |
| - djm@cvs.openbsd.org 2012/06/01 01:01:22 |
| [mux.c] |
| fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg |
| AT googlemail.com |
| - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 |
| [jpake.c] |
| correct sizeof usage. patch from saw at online.de, ok deraadt |
| - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 |
| [ssh_config.5] |
| RSA instead of DSA twice. From Steve.McClellan at radisys com |
| - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 |
| [ssh.1 sshd.8] |
| Remove mention of 'three' key files since there are now four. From |
| Steve.McClellan at radisys com. |
| - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 |
| [ssh.1] |
| Clarify description of -W. Noted by Steve.McClellan at radisys com, |
| ok jmc |
| - markus@cvs.openbsd.org 2012/06/19 18:25:28 |
| [servconf.c servconf.h sshd_config.5] |
| sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} |
| this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' |
| ok djm@ (back in March) |
| - jmc@cvs.openbsd.org 2012/06/19 21:35:54 |
| [sshd_config.5] |
| tweak previous; ok markus |
| - djm@cvs.openbsd.org 2012/06/20 04:42:58 |
| [clientloop.c serverloop.c] |
| initialise accept() backoff timer to avoid EINVAL from select(2) in |
| rekeying |
| |
| 20120519 |
| - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch |
| from cjwatson at debian org. |
| - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find |
| pkg-config so it does the right thing when cross-compiling. Patch from |
| cjwatson at debian org. |
| - (dtucker) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 |
| [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] |
| Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests |
| to match. Feedback and ok djm@ markus@. |
| - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 |
| [sshd_config.5] |
| Document PermitOpen none. bz#2001, patch from Loganaden Velvindron |
| |
| 20120504 |
| - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> |
| to fix building on some plaforms. Fom bowman at math utah edu and |
| des at des no. |
| |
| 20120427 |
| - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 |
| platform rather than exiting early, so that we still clean up and return |
| success or failure to test-exec.sh |
| |
| 20120426 |
| - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters |
| via Niels |
| - (djm) [auth-krb5.c] Save errno across calls that might modify it; |
| ok dtucker@ |
| |
| 20120423 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2012/04/23 08:18:17 |
| [channels.c] |
| fix function proto/source mismatch |
| |
| 20120422 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2012/02/29 11:21:26 |
| [ssh-keygen.c] |
| allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ |
| - guenther@cvs.openbsd.org 2012/03/15 03:10:27 |
| [session.c] |
| root should always be excluded from the test for /etc/nologin instead |
| of having it always enforced even when marked as ignorenologin. This |
| regressed when the logic was incompletely flipped around in rev 1.251 |
| ok halex@ millert@ |
| - djm@cvs.openbsd.org 2012/03/28 07:23:22 |
| [PROTOCOL.certkeys] |
| explain certificate extensions/crit split rationale. Mention requirement |
| that each appear at most once per cert. |
| - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 |
| [channels.c channels.h servconf.c] |
| Add PermitOpen none option based on patch from Loganaden Velvindron |
| (bz #1949). ok djm@ |
| - djm@cvs.openbsd.org 2012/04/11 13:16:19 |
| [channels.c channels.h clientloop.c serverloop.c] |
| don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a |
| while; ok deraadt@ markus@ |
| - djm@cvs.openbsd.org 2012/04/11 13:17:54 |
| [auth.c] |
| Support "none" as an argument for AuthorizedPrincipalsFile to indicate |
| no file should be read. |
| - djm@cvs.openbsd.org 2012/04/11 13:26:40 |
| [sshd.c] |
| don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a |
| while; ok deraadt@ markus@ |
| - djm@cvs.openbsd.org 2012/04/11 13:34:17 |
| [ssh-keyscan.1 ssh-keyscan.c] |
| now that sshd defaults to offering ECDSA keys, ssh-keyscan should also |
| look for them by default; bz#1971 |
| - djm@cvs.openbsd.org 2012/04/12 02:42:32 |
| [servconf.c servconf.h sshd.c sshd_config sshd_config.5] |
| VersionAddendum option to allow server operators to append some arbitrary |
| text to the SSH-... banner; ok deraadt@ "don't care" markus@ |
| - djm@cvs.openbsd.org 2012/04/12 02:43:55 |
| [sshd_config sshd_config.5] |
| mention AuthorizedPrincipalsFile=none default |
| - djm@cvs.openbsd.org 2012/04/20 03:24:23 |
| [sftp.c] |
| setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) |
| - jmc@cvs.openbsd.org 2012/04/20 16:26:22 |
| [ssh.1] |
| use "brackets" instead of "braces", for consistency; |
| |
| 20120420 |
| - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] Update for release 6.0 |
| - (djm) [README] Update URL to release notes. |
| - (djm) Release openssh-6.0 |
| |
| 20120419 |
| - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil |
| contains openpty() but not login() |
| |
| 20120404 |
| - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox |
| mode for Linux's new seccomp filter; patch from Will Drewry; feedback |
| and ok dtucker@ |
| |
| 20120330 |
| - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING |
| file from spec file. From crighter at nuclioss com. |
| - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running |
| openssh binaries on a newer fix release than they were compiled on. |
| with and ok dtucker@ |
| - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect |
| assumptions when building on Cygwin; patch from Corinna Vinschen |
| |
| 20120309 |
| - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux |
| systems where sshd is run in te wrong context. Patch from Sven |
| Vermeulen; ok dtucker@ |
| - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 |
| addressed connections. ok dtucker@ |
| |
| 20120224 |
| - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM |
| audit breakage in Solaris 11. Patch from Magnus Johansson. |
| |
| 20120215 |
| - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for |
| unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c |
| ok dtucker@ |
| - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so |
| it actually works. |
| - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote |
| to work. Spotted by Angel Gonzalez |
| |
| 20120214 |
| - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of |
| preserved Cygwin environment variables; from Corinna Vinschen |
| |
| 20120211 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2012/01/05 00:16:56 |
| [monitor.c] |
| memleak on error path |
| - djm@cvs.openbsd.org 2012/01/07 21:11:36 |
| [mux.c] |
| fix double-free in new session handler |
| - miod@cvs.openbsd.org 2012/01/08 13:17:11 |
| [ssh-ecdsa.c] |
| Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, |
| ok markus@ |
| - miod@cvs.openbsd.org 2012/01/16 20:34:09 |
| [ssh-pkcs11-client.c] |
| Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. |
| While there, be sure to buffer_clear() between send_msg() and recv_msg(). |
| ok markus@ |
| - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 |
| [clientloop.c] |
| Ensure that $DISPLAY contains only valid characters before using it to |
| extract xauth data so that it can't be used to play local shell |
| metacharacter games. Report from r00t_ati at ihteam.net, ok markus. |
| - markus@cvs.openbsd.org 2012/01/25 19:26:43 |
| [packet.c] |
| do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; |
| ok dtucker@, djm@ |
| - markus@cvs.openbsd.org 2012/01/25 19:36:31 |
| [authfile.c] |
| memleak in key_load_file(); from Jan Klemkow |
| - markus@cvs.openbsd.org 2012/01/25 19:40:09 |
| [packet.c packet.h] |
| packet_read_poll() is not used anymore. |
| - markus@cvs.openbsd.org 2012/02/09 20:00:18 |
| [version.h] |
| move from 6.0-beta to 6.0 |
| |
| 20120206 |
| - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms |
| that don't support ECC. Patch from Phil Oleson |
| |
| 20111219 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/12/02 00:41:56 |
| [mux.c] |
| fix bz#1948: ssh -f doesn't fork for multiplexed connection. |
| ok dtucker@ |
| - djm@cvs.openbsd.org 2011/12/02 00:43:57 |
| [mac.c] |
| fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before |
| HMAC_init (this change in policy seems insane to me) |
| ok dtucker@ |
| - djm@cvs.openbsd.org 2011/12/04 23:16:12 |
| [mux.c] |
| revert: |
| > revision 1.32 |
| > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 |
| > fix bz#1948: ssh -f doesn't fork for multiplexed connection. |
| > ok dtucker@ |
| it interacts badly with ControlPersist |
| - djm@cvs.openbsd.org 2011/12/07 05:44:38 |
| [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] |
| fix some harmless and/or unreachable int overflows; |
| reported Xi Wang, ok markus@ |
| |
| 20111125 |
| - OpenBSD CVS Sync |
| - oga@cvs.openbsd.org 2011/11/16 12:24:28 |
| [sftp.c] |
| Don't leak list in complete_cmd_parse if there are no commands found. |
| Discovered when I was ``borrowing'' this code for something else. |
| ok djm@ |
| |
| 20111121 |
| - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ |
| |
| 20111104 |
| - (dtucker) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/10/18 05:15:28 |
| [ssh.c] |
| ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ |
| - djm@cvs.openbsd.org 2011/10/18 23:37:42 |
| [ssh-add.c] |
| add -k to usage(); reminded by jmc@ |
| - djm@cvs.openbsd.org 2011/10/19 00:06:10 |
| [moduli.c] |
| s/tmpfile/tmp/ to make this -Wshadow clean |
| - djm@cvs.openbsd.org 2011/10/19 10:39:48 |
| [umac.c] |
| typo in comment; patch from Michael W. Bombardieri |
| - djm@cvs.openbsd.org 2011/10/24 02:10:46 |
| [ssh.c] |
| bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh |
| was incorrectly requesting the forward in both the control master and |
| slave. skip requesting it in the master to fix. ok markus@ |
| - djm@cvs.openbsd.org 2011/10/24 02:13:13 |
| [session.c] |
| bz#1859: send tty break to pty master instead of (probably already |
| closed) slave side; "looks good" markus@ |
| - dtucker@cvs.openbsd.org 011/11/04 00:09:39 |
| [moduli] |
| regenerated moduli file; ok deraadt |
| - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in |
| openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] |
| bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library |
| which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) |
| with some rework from myself and djm. ok djm. |
| |
| 20111025 |
| - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file |
| fails. Patch from Corinna Vinschen. |
| |
| 20111018 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/10/04 14:17:32 |
| [sftp-glob.c] |
| silence error spam for "ls */foo" in directory with files; bz#1683 |
| - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 |
| [moduli.c ssh-keygen.1 ssh-keygen.c] |
| Add optional checkpoints for moduli screening. feedback & ok deraadt |
| - jmc@cvs.openbsd.org 2011/10/16 15:02:41 |
| [ssh-keygen.c] |
| put -K in the right place (usage()); |
| - stsp@cvs.openbsd.org 2011/10/16 15:51:39 |
| [moduli.c] |
| add missing includes to unbreak tree; fix from rpointel |
| - djm@cvs.openbsd.org 2011/10/18 04:58:26 |
| [auth-options.c key.c] |
| remove explict search for \0 in packet strings, this job is now done |
| implicitly by buffer_get_cstring; ok markus |
| - djm@cvs.openbsd.org 2011/10/18 05:00:48 |
| [ssh-add.1 ssh-add.c] |
| new "ssh-add -k" option to load plain keys (skipping certificates); |
| "looks ok" markus@ |
| |
| 20111001 |
| - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm |
| - (dtucker) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 |
| [channels.c auth-options.c servconf.c channels.h sshd.8] |
| Add wildcard support to PermitOpen, allowing things like "PermitOpen |
| localhost:*". bz #1857, ok djm markus. |
| - markus@cvs.openbsd.org 2011/09/23 07:45:05 |
| [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c |
| version.h] |
| unbreak remote portforwarding with dynamic allocated listen ports: |
| 1) send the actual listen port in the open message (instead of 0). |
| this allows multiple forwardings with a dynamic listen port |
| 2) update the matching permit-open entry, so we can identify where |
| to connect to |
| report: den at skbkontur.ru and P. Szczygielski |
| feedback and ok djm@ |
| - djm@cvs.openbsd.org 2011/09/25 05:44:47 |
| [auth2-pubkey.c] |
| improve the AuthorizedPrincipalsFile debug log message to include |
| file and line number |
| - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 |
| [sshd.c] |
| don't attempt privsep cleanup when not using privsep; ok markus@ |
| - djm@cvs.openbsd.org 2011/09/30 21:22:49 |
| [sshd.c] |
| fix inverted test that caused logspam; spotted by henning@ |
| |
| 20110929 |
| - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch |
| from des AT des.no |
| - (dtucker) [configure.ac openbsd-compat/Makefile.in |
| openbsd-compat/strnlen.c] Add strnlen to the compat library. |
| |
| 20110923 |
| - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no |
| longer want to sync this file (OpenBSD uses a __getcwd syscall now, we |
| want this longhand version) |
| - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the |
| upstream version is YPified and we don't want this |
| - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. |
| The file was totally rewritten between what we had in tree and -current. |
| - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid |
| marker. The upstream API has changed (function and structure names) |
| enough to put it out of sync with other providers of this interface. |
| - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion |
| of static __findenv() function from upstream setenv.c |
| - OpenBSD CVS Sync |
| - millert@cvs.openbsd.org 2006/05/05 15:27:38 |
| [openbsd-compat/strlcpy.c] |
| Convert do {} while loop -> while {} for clarity. No binary change |
| on most architectures. From Oliver Smith. OK deraadt@ and henning@ |
| - tobias@cvs.openbsd.org 2007/10/21 11:09:30 |
| [openbsd-compat/mktemp.c] |
| Comment fix about time consumption of _gettemp. |
| FreeBSD did this in revision 1.20. |
| OK deraadt@, krw@ |
| - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 |
| [openbsd-compat/mktemp.c] |
| use arc4random_uniform(); ok djm millert |
| - millert@cvs.openbsd.org 2008/08/21 16:54:44 |
| [openbsd-compat/mktemp.c] |
| Remove useless code, the kernel will set errno appropriately if an |
| element in the path does not exist. OK deraadt@ pvalchev@ |
| - otto@cvs.openbsd.org 2008/12/09 19:38:38 |
| [openbsd-compat/inet_ntop.c] |
| fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon |
| |
| 20110922 |
| - OpenBSD CVS Sync |
| - pyr@cvs.openbsd.org 2011/05/12 07:15:10 |
| [openbsd-compat/glob.c] |
| When the max number of items for a directory has reached GLOB_LIMIT_READDIR |
| an error is returned but closedir() is not called. |
| spotted and fix provided by Frank Denis obsd-tech@pureftpd.org |
| ok otto@, millert@ |
| - stsp@cvs.openbsd.org 2011/09/20 10:18:46 |
| [glob.c] |
| In glob(3), limit recursion during matching attempts. Similar to |
| fnmatch fix. Also collapse consecutive '*' (from NetBSD). |
| ok miod deraadt |
| - djm@cvs.openbsd.org 2011/09/22 06:27:29 |
| [glob.c] |
| fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being |
| applied only to the gl_pathv vector and not the corresponding gl_statv |
| array. reported in OpenSSH bz#1935; feedback and okay matthew@ |
| - djm@cvs.openbsd.org 2011/08/26 01:45:15 |
| [ssh.1] |
| Add some missing ssh_config(5) options that can be used in ssh(1)'s |
| -o argument. Patch from duclare AT guu.fi |
| - djm@cvs.openbsd.org 2011/09/05 05:56:13 |
| [scp.1 sftp.1] |
| mention ControlPersist and KbdInteractiveAuthentication in the -o |
| verbiage in these pages too (prompted by jmc@) |
| - djm@cvs.openbsd.org 2011/09/05 05:59:08 |
| [misc.c] |
| fix typo in IPQoS parsing: there is no "AF14" class, but there is |
| an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk |
| - jmc@cvs.openbsd.org 2011/09/05 07:01:44 |
| [scp.1] |
| knock out a useless Ns; |
| - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 |
| [ssh-keygen.1] |
| typo (they vs the) found by Lawrence Teo |
| - djm@cvs.openbsd.org 2011/09/09 00:43:00 |
| [ssh_config.5 sshd_config.5] |
| fix typo in IPQoS parsing: there is no "AF14" class, but there is |
| an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk |
| - djm@cvs.openbsd.org 2011/09/09 00:44:07 |
| [PROTOCOL.mux] |
| MUX_C_CLOSE_FWD includes forward type in message (though it isn't |
| implemented anyway) |
| - djm@cvs.openbsd.org 2011/09/09 22:37:01 |
| [scp.c] |
| suppress adding '--' to remote commandlines when the first argument |
| does not start with '-'. saves breakage on some difficult-to-upgrade |
| embedded/router platforms; feedback & ok dtucker ok markus |
| - djm@cvs.openbsd.org 2011/09/09 22:38:21 |
| [sshd.c] |
| kill the preauth privsep child on fatal errors in the monitor; |
| ok markus@ |
| - djm@cvs.openbsd.org 2011/09/09 22:46:44 |
| [channels.c channels.h clientloop.h mux.c ssh.c] |
| support for cancelling local and remote port forwards via the multiplex |
| socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request |
| the cancellation of the specified forwardings; ok markus@ |
| - markus@cvs.openbsd.org 2011/09/10 22:26:34 |
| [channels.c channels.h clientloop.c ssh.1] |
| support cancellation of local/dynamic forwardings from ~C commandline; |
| ok & feedback djm@ |
| - okan@cvs.openbsd.org 2011/09/11 06:59:05 |
| [ssh.1] |
| document new -O cancel command; ok djm@ |
| - markus@cvs.openbsd.org 2011/09/11 16:07:26 |
| [sftp-client.c] |
| fix leaks in do_hardlink() and do_readlink(); bz#1921 |
| from Loganaden Velvindron |
| - markus@cvs.openbsd.org 2011/09/12 08:46:15 |
| [sftp-client.c] |
| fix leak in do_lsreaddir(); ok djm |
| - djm@cvs.openbsd.org 2011/09/22 06:29:03 |
| [sftp.c] |
| don't let remote_glob() implicitly sort its results in do_globbed_ls() - |
| in all likelihood, they will be resorted anyway |
| |
| 20110909 |
| - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From |
| Colin Watson. |
| |
| 20110906 |
| - (djm) [README version.h] Correct version |
| - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon |
| - (djm) Respin OpenSSH-5.9p1 release |
| |
| 20110905 |
| - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] Update version numbers. |
| |
| 20110904 |
| - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal |
| regress errors for the sandbox to warnings. ok tim dtucker |
| - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations |
| ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen |
| support. |
| |
| 20110829 |
| - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting |
| to switch SELinux context away from unconfined_t, based on patch from |
| Jan Chadima; bz#1919 ok dtucker@ |
| |
| 20110827 |
| - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. |
| |
| 20110818 |
| - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze |
| |
| 20110817 |
| - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for |
| OpenSSL 0.9.7. ok djm |
| - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] |
| binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen |
| - (djm) [configure.ac] error out if the host lacks the necessary bits for |
| an explicitly requested sandbox type |
| - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by |
| bisson AT archlinux.org |
| - (djm) OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 |
| [regress/cfgmatch.sh] |
| use OBJ to find test configs, patch from Tim Rice |
| - markus@cvs.openbsd.org 2011/06/30 22:44:43 |
| [regress/connect-privsep.sh] |
| test with sandbox enabled; ok djm@ |
| - djm@cvs.openbsd.org 2011/08/02 01:23:41 |
| [regress/cipher-speed.sh regress/try-ciphers.sh] |
| add SHA256/SHA512 based HMAC modes |
| - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 |
| MAC tests for platforms that hack EVP_SHA2 support |
| |
| 20110812 |
| - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context |
| change error by reporting old and new context names Patch from |
| jchadima at redhat. |
| - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] |
| [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES |
| init scrips from imorgan AT nas.nasa.gov; bz#1920 |
| - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the |
| identify file contained whitespace. bz#1828 patch from gwenael.lambrouin |
| AT gmail.com; ok dtucker@ |
| |
| 20110807 |
| - (dtucker) OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2008/06/26 06:59:39 |
| [moduli.5] |
| tweak previous; |
| - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 |
| [moduli.5] |
| "Diffie-Hellman" is the usual spelling for the cryptographic protocol |
| first published by Whitfield Diffie and Martin Hellman in 1976. |
| ok jmc@ |
| - jmc@cvs.openbsd.org 2010/10/14 20:41:28 |
| [moduli.5] |
| probabalistic -> probabilistic; from naddy |
| - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 |
| [sftp.1] |
| typo, fix from Laurent Gautrot |
| |
| 20110805 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/06/23 23:35:42 |
| [monitor.c] |
| ignore EINTR errors from poll() |
| - tedu@cvs.openbsd.org 2011/07/06 18:09:21 |
| [authfd.c] |
| bzero the agent address. the kernel was for a while very cranky about |
| these things. evne though that's fixed, always good to initialize |
| memory. ok deraadt djm |
| - djm@cvs.openbsd.org 2011/07/29 14:42:45 |
| [sandbox-systrace.c] |
| fail open(2) with EPERM rather than SIGKILLing the whole process. libc |
| will call open() to do strerror() when NLS is enabled; |
| feedback and ok markus@ |
| - markus@cvs.openbsd.org 2011/08/01 19:18:15 |
| [gss-serv.c] |
| prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); |
| report Adam Zabrock; ok djm@, deraadt@ |
| - djm@cvs.openbsd.org 2011/08/02 01:22:11 |
| [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] |
| Add new SHA256 and SHA512 based HMAC modes from |
| http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt |
| Patch from mdb AT juniper.net; feedback and ok markus@ |
| - djm@cvs.openbsd.org 2011/08/02 23:13:01 |
| [version.h] |
| crank now, release later |
| - djm@cvs.openbsd.org 2011/08/02 23:15:03 |
| [ssh.c] |
| typo in comment |
| |
| 20110624 |
| - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for |
| Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing |
| markus@ |
| |
| 20110623 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/06/22 21:47:28 |
| [servconf.c] |
| reuse the multistate option arrays to pretty-print options for "sshd -T" |
| - djm@cvs.openbsd.org 2011/06/22 21:57:01 |
| [servconf.c servconf.h sshd.c sshd_config.5] |
| [configure.ac Makefile.in] |
| introduce sandboxing of the pre-auth privsep child using systrace(4). |
| |
| This introduces a new "UsePrivilegeSeparation=sandbox" option for |
| sshd_config that applies mandatory restrictions on the syscalls the |
| privsep child can perform. This prevents a compromised privsep child |
| from being used to attack other hosts (by opening sockets and proxying) |
| or probing local kernel attack surface. |
| |
| The sandbox is implemented using systrace(4) in unsupervised "fast-path" |
| mode, where a list of permitted syscalls is supplied. Any syscall not |
| on the list results in SIGKILL being sent to the privsep child. Note |
| that this requires a kernel with the new SYSTR_POLICY_KILL option. |
| |
| UsePrivilegeSeparation=sandbox will become the default in the future |
| so please start testing it now. |
| |
| feedback dtucker@; ok markus@ |
| - djm@cvs.openbsd.org 2011/06/22 22:08:42 |
| [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] |
| hook up a channel confirm callback to warn the user then requested X11 |
| forwarding was refused by the server; ok markus@ |
| - djm@cvs.openbsd.org 2011/06/23 09:34:13 |
| [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] |
| [sandbox-null.c] |
| rename sandbox.h => ssh-sandbox.h to make things easier for portable |
| - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support |
| setrlimit(2) |
| |
| 20110620 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/06/04 00:10:26 |
| [ssh_config.5] |
| explain IdentifyFile's semantics a little better, prompted by bz#1898 |
| ok dtucker jmc |
| - markus@cvs.openbsd.org 2011/06/14 22:49:18 |
| [authfile.c] |
| make sure key_parse_public/private_rsa1() no longer consumes its input |
| buffer. fixes ssh-add for passphrase-protected ssh1-keys; |
| noted by naddy@; ok djm@ |
| - djm@cvs.openbsd.org 2011/06/17 21:44:31 |
| [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] |
| make the pre-auth privsep slave log via a socketpair shared with the |
| monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ |
| - djm@cvs.openbsd.org 2011/06/17 21:46:16 |
| [sftp-server.c] |
| the protocol version should be unsigned; bz#1913 reported by mb AT |
| smartftp.com |
| - djm@cvs.openbsd.org 2011/06/17 21:47:35 |
| [servconf.c] |
| factor out multi-choice option parsing into a parse_multistate label |
| and some support structures; ok dtucker@ |
| - djm@cvs.openbsd.org 2011/06/17 21:57:25 |
| [clientloop.c] |
| setproctitle for a mux master that has been gracefully stopped; |
| bz#1911 from Bert.Wesarg AT googlemail.com |
| |
| 20110603 |
| - (dtucker) [README version.h contrib/caldera/openssh.spec |
| contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version |
| bumps from the 5.8p2 branch into HEAD. ok djm. |
| - (tim) [configure.ac defines.h] Run test program to detect system mail |
| directory. Add --with-maildir option to override. Fixed OpenServer 6 |
| getting it wrong. Fixed many systems having MAIL=/var/mail//username |
| ok dtucker |
| - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair |
| unconditionally in other places and the survey data we have does not show |
| any systems that use it. "nuke it" djm@ |
| - (djm) [configure.ac] enable setproctitle emulation for OS X |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/06/03 00:54:38 |
| [ssh.c] |
| bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg |
| AT googlemail.com; ok dtucker@ |
| NB. includes additional portability code to enable setproctitle emulation |
| on platforms that don't support it. |
| - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 |
| [ssh-agent.c] |
| Check current parent process ID against saved one to determine if the parent |
| has exited, rather than attempting to send a zero signal, since the latter |
| won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn |
| Gillmor, ok djm@ |
| - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 |
| [regress/dynamic-forward.sh] |
| back out revs 1.6 and 1.5 since it's not reliable |
| - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 |
| [regress/dynamic-forward.sh] |
| work around startup and teardown races; caught by deraadt |
| - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 |
| [regress/dynamic-forward.sh] |
| Retry establishing the port forwarding after a small delay, should make |
| the tests less flaky when the previous test is slow to shut down and free |
| up the port. |
| - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. |
| |
| 20110529 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/05/23 03:30:07 |
| [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] |
| [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] |
| allow AuthorizedKeysFile to specify multiple files, separated by spaces. |
| Bring back authorized_keys2 as a default search path (to avoid breaking |
| existing users of this file), but override this in sshd_config so it will |
| be no longer used on fresh installs. Maybe in 2015 we can remove it |
| entierly :) |
| |
| feedback and ok markus@ dtucker@ |
| - djm@cvs.openbsd.org 2011/05/23 03:33:38 |
| [auth.c] |
| make secure_filename() spam debug logs less |
| - djm@cvs.openbsd.org 2011/05/23 03:52:55 |
| [sshconnect.c] |
| remove extra newline |
| - jmc@cvs.openbsd.org 2011/05/23 07:10:21 |
| [sshd.8 sshd_config.5] |
| tweak previous; ok djm |
| - djm@cvs.openbsd.org 2011/05/23 07:24:57 |
| [authfile.c] |
| read in key comments for v.2 keys (though note that these are not |
| passed over the agent protocol); bz#439, based on patch from binder |
| AT arago.de; ok markus@ |
| - djm@cvs.openbsd.org 2011/05/24 07:15:47 |
| [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] |
| Remove undocumented legacy options UserKnownHostsFile2 and |
| GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile |
| accept multiple paths per line and making their defaults include |
| known_hosts2; ok markus |
| - djm@cvs.openbsd.org 2011/05/23 03:31:31 |
| [regress/cfgmatch.sh] |
| include testing of multiple/overridden AuthorizedKeysFiles |
| refactor to simply daemon start/stop and get rid of racy constructs |
| |
| 20110520 |
| - (djm) [session.c] call setexeccon() before executing passwd for pw |
| changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ |
| - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options |
| options, we should corresponding -W-option when trying to determine |
| whether it is accepted. Also includes a warning fix on the program |
| fragment uses (bad main() return type). |
| bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ |
| - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/05/15 08:09:01 |
| [authfd.c monitor.c serverloop.c] |
| use FD_CLOEXEC consistently; patch from zion AT x96.org |
| - djm@cvs.openbsd.org 2011/05/17 07:13:31 |
| [key.c] |
| fatal() if asked to generate a legacy ECDSA cert (these don't exist) |
| and fix the regress test that was trying to generate them :) |
| - djm@cvs.openbsd.org 2011/05/20 00:55:02 |
| [servconf.c] |
| the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile |
| and AuthorizedPrincipalsFile were not being correctly applied in |
| Match blocks, despite being overridable there; ok dtucker@ |
| - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 |
| [servconf.c] |
| Add comment documenting what should be after the preauth check. ok djm |
| - djm@cvs.openbsd.org 2011/05/20 03:25:45 |
| [monitor.c monitor_wrap.c servconf.c servconf.h] |
| use a macro to define which string options to copy between configs |
| for Match. This avoids problems caused by forgetting to keep three |
| code locations in perfect sync and ordering |
| |
| "this is at once beautiful and horrible" + ok dtucker@ |
| - djm@cvs.openbsd.org 2011/05/17 07:13:31 |
| [regress/cert-userkey.sh] |
| fatal() if asked to generate a legacy ECDSA cert (these don't exist) |
| and fix the regress test that was trying to generate them :) |
| - djm@cvs.openbsd.org 2011/05/20 02:43:36 |
| [cert-hostkey.sh] |
| another attempt to generate a v00 ECDSA key that broke the test |
| ID sync only - portable already had this somehow |
| - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 |
| [dynamic-forward.sh] |
| Prevent races in dynamic forwarding test; ok djm |
| - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 |
| [dynamic-forward.sh] |
| fix dumb error in dynamic-forward test |
| |
| 20110515 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/05/05 05:12:08 |
| [mux.c] |
| gracefully fall back when ControlPath is too large for a |
| sockaddr_un. ok markus@ as part of a larger diff |
| - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 |
| [sshd_config] |
| clarify language about overriding defaults. bz#1892, from Petr Cerny |
| - djm@cvs.openbsd.org 2011/05/06 01:09:53 |
| [sftp.1] |
| mention that IPv6 addresses must be enclosed in square brackets; |
| bz#1845 |
| - djm@cvs.openbsd.org 2011/05/06 02:05:41 |
| [sshconnect2.c] |
| fix memory leak; bz#1849 ok dtucker@ |
| - djm@cvs.openbsd.org 2011/05/06 21:14:05 |
| [packet.c packet.h] |
| set traffic class for IPv6 traffic as we do for IPv4 TOS; |
| patch from lionel AT mamane.lu via Colin Watson in bz#1855; |
| ok markus@ |
| - djm@cvs.openbsd.org 2011/05/06 21:18:02 |
| [ssh.c ssh_config.5] |
| add a %L expansion (short-form of the local host name) for ControlPath; |
| sync some more expansions with LocalCommand; ok markus@ |
| - djm@cvs.openbsd.org 2011/05/06 21:31:38 |
| [readconf.c ssh_config.5] |
| support negated Host matching, e.g. |
| |
| Host *.example.org !c.example.org |
| User mekmitasdigoat |
| |
| Will match "a.example.org", "b.example.org", but not "c.example.org" |
| ok markus@ |
| - djm@cvs.openbsd.org 2011/05/06 21:34:32 |
| [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] |
| Add a RequestTTY ssh_config option to allow configuration-based |
| control over tty allocation (like -t/-T); ok markus@ |
| - djm@cvs.openbsd.org 2011/05/06 21:38:58 |
| [ssh.c] |
| fix dropping from previous diff |
| - djm@cvs.openbsd.org 2011/05/06 22:20:10 |
| [PROTOCOL.mux] |
| fix numbering; from bert.wesarg AT googlemail.com |
| - jmc@cvs.openbsd.org 2011/05/07 23:19:39 |
| [ssh_config.5] |
| - tweak previous |
| - come consistency fixes |
| ok djm |
| - jmc@cvs.openbsd.org 2011/05/07 23:20:25 |
| [ssh.1] |
| +.It RequestTTY |
| - djm@cvs.openbsd.org 2011/05/08 12:52:01 |
| [PROTOCOL.mux clientloop.c clientloop.h mux.c] |
| improve our behaviour when TTY allocation fails: if we are in |
| RequestTTY=auto mode (the default), then do not treat at TTY |
| allocation error as fatal but rather just restore the local TTY |
| to cooked mode and continue. This is more graceful on devices that |
| never allocate TTYs. |
| |
| If RequestTTY is set to "yes" or "force", then failure to allocate |
| a TTY is fatal. |
| |
| ok markus@ |
| - djm@cvs.openbsd.org 2011/05/10 05:46:46 |
| [authfile.c] |
| despam debug() logs by detecting that we are trying to load a private key |
| in key_try_load_public() and returning early; ok markus@ |
| - djm@cvs.openbsd.org 2011/05/11 04:47:06 |
| [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] |
| remove support for authorized_keys2; it is a relic from the early days |
| of protocol v.2 support and has been undocumented for many years; |
| ok markus@ |
| - djm@cvs.openbsd.org 2011/05/13 00:05:36 |
| [authfile.c] |
| warn on unexpected key type in key_parse_private_type() |
| - (djm) [packet.c] unbreak portability #endif |
| |
| 20110510 |
| - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix |
| --with-ssl-engine which was broken with the change from deprecated |
| SSLeay_add_all_algorithms(). ok djm |
| |
| 20110506 |
| - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype |
| for closefrom() in test code. Report from Dan Wallis via Gentoo. |
| |
| 20110505 |
| - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS |
| definitions. From des AT des.no |
| - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] |
| [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] |
| [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] |
| [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] |
| [regress/README.regress] Remove ssh-rand-helper and all its |
| tentacles. PRNGd seeding has been rolled into entropy.c directly. |
| Thanks to tim@ for testing on affected platforms. |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/03/10 02:52:57 |
| [auth2-gss.c auth2.c auth.h] |
| allow GSSAPI authentication to detect when a server-side failure causes |
| authentication failure and don't count such failures against MaxAuthTries; |
| bz#1244 from simon AT sxw.org.uk; ok markus@ before lock |
| - okan@cvs.openbsd.org 2011/03/15 10:36:02 |
| [ssh-keyscan.c] |
| use timerclear macro |
| ok djm@ |
| - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 |
| [ssh-keygen.1 ssh-keygen.c] |
| Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) |
| for which host keys do not exist, generate the host keys with the |
| default key file path, an empty passphrase, default bits for the key |
| type, and default comment. This will be used by /etc/rc to generate |
| new host keys. Idea from deraadt. |
| ok deraadt |
| - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 |
| [ssh-keygen.1] |
| -q not used in /etc/rc now so remove statement. |
| - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 |
| [ssh-keygen.c] |
| remove -d, documentation removed >10 years ago; ok markus |
| - jmc@cvs.openbsd.org 2011/03/24 15:29:30 |
| [ssh-keygen.1] |
| zap trailing whitespace; |
| - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 |
| [ssh-keygen.c] |
| use strcasecmp() for "clear" cert permission option also; ok djm |
| - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 |
| [misc.c misc.h servconf.c] |
| print ipqos friendly string for sshd -T; ok markus |
| # sshd -Tf sshd_config|grep ipqos |
| ipqos lowdelay throughput |
| - djm@cvs.openbsd.org 2011/04/12 04:23:50 |
| [ssh-keygen.c] |
| fix -Wshadow |
| - djm@cvs.openbsd.org 2011/04/12 05:32:49 |
| [sshd.c] |
| exit with 0 status on SIGTERM; bz#1879 |
| - djm@cvs.openbsd.org 2011/04/13 04:02:48 |
| [ssh-keygen.1] |
| improve wording; bz#1861 |
| - djm@cvs.openbsd.org 2011/04/13 04:09:37 |
| [ssh-keygen.1] |
| mention valid -b sizes for ECDSA keys; bz#1862 |
| - djm@cvs.openbsd.org 2011/04/17 22:42:42 |
| [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] |
| allow graceful shutdown of multiplexing: request that a mux server |
| removes its listener socket and refuse future multiplexing requests; |
| ok markus@ |
| - djm@cvs.openbsd.org 2011/04/18 00:46:05 |
| [ssh-keygen.c] |
| certificate options are supposed to be packed in lexical order of |
| option name (though we don't actually enforce this at present). |
| Move one up that was out of sequence |
| - djm@cvs.openbsd.org 2011/05/04 21:15:29 |
| [authfile.c authfile.h ssh-add.c] |
| allow "ssh-add - < key"; feedback and ok markus@ |
| - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE |
| so autoreconf 2.68 is happy. |
| - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ |
| |
| 20110221 |
| - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the |
| Cygwin-specific service installer script ssh-host-config. The actual |
| functionality is the same, the revisited version is just more |
| exact when it comes to check for problems which disallow to run |
| certain aspects of the script. So, part of this script and the also |
| rearranged service helper script library "csih" is to check if all |
| the tools required to run the script are available on the system. |
| The new script also is more thorough to inform the user why the |
| script failed. Patch from vinschen at redhat com. |
| |
| 20110218 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/02/16 00:31:14 |
| [ssh-keysign.c] |
| make hostbased auth with ECDSA keys work correctly. Based on patch |
| by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) |
| |
| 20110206 |
| - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in |
| selinux code. Patch from Leonardo Chiquitto |
| - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key |
| generation and simplify. Patch from Corinna Vinschen. |
| |
| 20110204 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/01/31 21:42:15 |
| [PROTOCOL.mux] |
| cut'n'pasto; from bert.wesarg AT googlemail.com |
| - djm@cvs.openbsd.org 2011/02/04 00:44:21 |
| [key.c] |
| fix uninitialised nonce variable; reported by Mateusz Kocielski |
| - djm@cvs.openbsd.org 2011/02/04 00:44:43 |
| [version.h] |
| openssh-5.8 |
| - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] update versions in docs and spec files. |
| - Release OpenSSH 5.8p1 |
| |
| 20110128 |
| - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled |
| before attempting setfscreatecon(). Check whether matchpathcon() |
| succeeded before using its result. Patch from cjwatson AT debian.org; |
| bz#1851 |
| |
| 20110127 |
| - (tim) [config.guess config.sub] Sync with upstream. |
| - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete |
| AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with |
| AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white |
| space changes for consistency/readability. Makes autoconf 2.68 happy. |
| "Nice work" djm |
| |
| 20110125 |
| - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c |
| openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to |
| port-linux.c to avoid compilation errors. Add -lselinux to ssh when |
| building with SELinux support to avoid linking failure; report from |
| amk AT spamfence.net; ok dtucker |
| |
| 20110122 |
| - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add |
| RSA_get_default_method() for the benefit of openssl versions that don't |
| have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, |
| ok djm@. |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/01/22 09:18:53 |
| [version.h] |
| crank to OpenSSH-5.7 |
| - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] update versions in docs and spec files. |
| - (djm) Release 5.7p1 |
| |
| 20110119 |
| - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead |
| of RPM so build completes. Signatures were changed to .asc since 4.1p1. |
| - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to |
| 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- |
| release testing (random crashes and failure to load ECC keys). |
| ok dtucker@ |
| |
| 20110117 |
| - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in |
| $PATH, fix cleanup of droppings; reported by openssh AT |
| roumenpetrov.info; ok dtucker@ |
| - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding |
| its unique snowflake of a gdb error to the ones we look for. |
| - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running |
| ssh-add to avoid $SUDO failures on Linux |
| - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new |
| Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback |
| to the old values. Feedback from vapier at gentoo org and djm, ok djm. |
| - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] |
| [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are |
| disabled on platforms that do not support them; add a "config_defined()" |
| shell function that greps for defines in config.h and use them to decide |
| on feature tests. |
| Convert a couple of existing grep's over config.h to use the new function |
| Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent |
| backslash characters in filenames, enable it for Cygwin and use it to turn |
| of tests for quotes backslashes in sftp-glob.sh. |
| based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ |
| - (tim) [regress/agent-getpeereid.sh] shell portability fix. |
| - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on |
| the tinderbox. |
| - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h |
| configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem |
| support, based on patches from Tomas Mraz and jchadima at redhat. |
| |
| 20110116 |
| - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based |
| on configurations that don't have it. |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/01/16 11:50:05 |
| [clientloop.c] |
| Use atomicio when flushing protocol 1 std{out,err} buffers at |
| session close. This was a latent bug exposed by setting a SIGCHLD |
| handler and spotted by kevin.brott AT gmail.com; ok dtucker@ |
| - djm@cvs.openbsd.org 2011/01/16 11:50:36 |
| [sshconnect.c] |
| reset the SIGPIPE handler when forking to execute child processes; |
| ok dtucker@ |
| - djm@cvs.openbsd.org 2011/01/16 12:05:59 |
| [clientloop.c] |
| a couple more tweaks to the post-close protocol 1 stderr/stdout flush: |
| now that we use atomicio(), convert them from while loops to if statements |
| add test and cast to compile cleanly with -Wsigned |
| |
| 20110114 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/01/13 21:54:53 |
| [mux.c] |
| correct error messages; patch from bert.wesarg AT googlemail.com |
| - djm@cvs.openbsd.org 2011/01/13 21:55:25 |
| [PROTOCOL.mux] |
| correct protocol names and add a couple of missing protocol number |
| defines; patch from bert.wesarg AT googlemail.com |
| - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in |
| host-key-force target rather than a substitution that is replaced with a |
| comment so that the Makefile.in is still a syntactically valid Makefile |
| (useful to run the distprep target) |
| - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. |
| - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some |
| ecdsa bits. |
| |
| 20110113 |
| - (djm) [misc.c] include time.h for nanosleep() prototype |
| - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm |
| - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating |
| ecdsa keys. ok djm. |
| - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid |
| gcc warning on platforms where it defaults to int |
| - (djm) [regress/Makefile] add a few more generated files to the clean |
| target |
| - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad |
| #define that was causing diffie-hellman-group-exchange-sha256 to be |
| incorrectly disabled |
| - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 |
| should not depend on ECC support |
| |
| 20110112 |
| - OpenBSD CVS Sync |
| - nicm@cvs.openbsd.org 2010/10/08 21:48:42 |
| [openbsd-compat/glob.c] |
| Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit |
| from ARG_MAX to 64K. |
| Fixes glob-using programs (notably ftp) able to be triggered to hit |
| resource limits. |
| Idea from a similar NetBSD change, original problem reported by jasper@. |
| ok millert tedu jasper |
| - djm@cvs.openbsd.org 2011/01/12 01:53:14 |
| avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS |
| and sanity check arguments (these will be unnecessary when we switch |
| struct glob members from being type into to size_t in the future); |
| "looks ok" tedu@ feedback guenther@ |
| - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid |
| silly warnings on write() calls we don't care succeed or not. |
| - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler |
| flag tests that don't depend on gcc version at all; suggested by and |
| ok dtucker@ |
| |
| 20110111 |
| - (tim) [regress/host-expand.sh] Fix for building outside of read only |
| source tree. |
| - (djm) [platform.c] Some missing includes that show up under -Werror |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2011/01/08 10:51:51 |
| [clientloop.c] |
| use host and not options.hostname, as the latter may have unescaped |
| substitution characters |
| - djm@cvs.openbsd.org 2011/01/11 06:06:09 |
| [sshlogin.c] |
| fd leak on error paths; from zinovik@ |
| NB. Id sync only; we use loginrec.c that was also audited and fixed |
| recently |
| - djm@cvs.openbsd.org 2011/01/11 06:13:10 |
| [clientloop.c ssh-keygen.c sshd.c] |
| some unsigned long long casts that make things a bit easier for |
| portable without resorting to dropping PRIu64 formats everywhere |
| |
| 20110109 |
| - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by |
| openssh AT roumenpetrov.info |
| |
| 20110108 |
| - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress |
| test on OSX and others. Reported by imorgan AT nas.nasa.gov |
| |
| 20110107 |
| - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test |
| for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com |
| - djm@cvs.openbsd.org 2011/01/06 22:23:53 |
| [ssh.c] |
| unbreak %n expansion in LocalCommand; patch from bert.wesarg AT |
| googlemail.com; ok markus@ |
| - djm@cvs.openbsd.org 2011/01/06 22:23:02 |
| [clientloop.c] |
| when exiting due to ServerAliveTimeout, mention the hostname that caused |
| it (useful with backgrounded controlmaster) |
| - djm@cvs.openbsd.org 2011/01/06 22:46:21 |
| [regress/Makefile regress/host-expand.sh] |
| regress test for LocalCommand %n expansion from bert.wesarg AT |
| googlemail.com; ok markus@ |
| - djm@cvs.openbsd.org 2011/01/06 23:01:35 |
| [sshconnect.c] |
| reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; |
| ok markus@ |
| |
| 20110106 |
| - (djm) OpenBSD CVS Sync |
| - markus@cvs.openbsd.org 2010/12/08 22:46:03 |
| [scp.1 scp.c] |
| add a new -3 option to scp: Copies between two remote hosts are |
| transferred through the local host. Without this option the data |
| is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) |
| - jmc@cvs.openbsd.org 2010/12/09 14:13:33 |
| [scp.1 scp.c] |
| scp.1: grammer fix |
| scp.c: add -3 to usage() |
| - markus@cvs.openbsd.org 2010/12/14 11:59:06 |
| [sshconnect.c] |
| don't mention key type in key-changed-warning, since we also print |
| this warning if a new key type appears. ok djm@ |
| - djm@cvs.openbsd.org 2010/12/15 00:49:27 |
| [readpass.c] |
| fix ControlMaster=ask regression |
| reset SIGCHLD handler before fork (and restore it after) so we don't miss |
| the the askpass child's exit status. Correct test for exit status/signal to |
| account for waitpid() failure; with claudio@ ok claudio@ markus@ |
| - djm@cvs.openbsd.org 2010/12/24 21:41:48 |
| [auth-options.c] |
| don't send the actual forced command in a debug message; ok markus deraadt |
| - otto@cvs.openbsd.org 2011/01/04 20:44:13 |
| [ssh-keyscan.c] |
| handle ecdsa-sha2 with various key lengths; hint and ok djm@ |
| |
| 20110104 |
| - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage |
| formatter if it is present, followed by nroff and groff respectively. |
| Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports |
| in favour of mandoc). feedback and ok tim |
| |
| 20110103 |
| - (djm) [Makefile.in] revert local hack I didn't intend to commit |
| |
| 20110102 |
| - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker |
| - (djm) [configure.ac] Check whether libdes is needed when building |
| with Heimdal krb5 support. On OpenBSD this library no longer exists, |
| so linking it unconditionally causes a build failure; ok dtucker |
| |
| 20101226 |
| - (dtucker) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/12/08 04:02:47 |
| [ssh_config.5 sshd_config.5] |
| explain that IPQoS arguments are separated by whitespace; iirc requested |
| by jmc@ a while back |
| |
| 20101205 |
| - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from |
| debugging. Spotted by djm. |
| - (dtucker) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/12/03 23:49:26 |
| [schnorr.c] |
| check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao |
| (this code is still disabled, but apprently people are treating it as |
| a reference implementation) |
| - djm@cvs.openbsd.org 2010/12/03 23:55:27 |
| [auth-rsa.c] |
| move check for revoked keys to run earlier (in auth_rsa_key_allowed) |
| bz#1829; patch from ldv AT altlinux.org; ok markus@ |
| - djm@cvs.openbsd.org 2010/12/04 00:18:01 |
| [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] |
| add a protocol extension to support a hard link operation. It is |
| available through the "ln" command in the client. The old "ln" |
| behaviour of creating a symlink is available using its "-s" option |
| or through the preexisting "symlink" command; based on a patch from |
| miklos AT szeredi.hu in bz#1555; ok markus@ |
| - djm@cvs.openbsd.org 2010/12/04 13:31:37 |
| [hostfile.c] |
| fix fd leak; spotted and ok dtucker |
| - djm@cvs.openbsd.org 2010/12/04 00:21:19 |
| [regress/sftp-cmds.sh] |
| adjust for hard-link support |
| - (dtucker) [regress/Makefile] Id sync. |
| |
| 20101204 |
| - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) |
| instead of (arc4random() % range) |
| - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add |
| shims for the new, non-deprecated OpenSSL key generation functions for |
| platforms that don't have the new interfaces. |
| |
| 20101201 |
| - OpenBSD CVS Sync |
| - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 |
| [auth2-pubkey.c] |
| clean up cases of ;; |
| - djm@cvs.openbsd.org 2010/11/21 01:01:13 |
| [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] |
| honour $TMPDIR for client xauth and ssh-agent temporary directories; |
| feedback and ok markus@ |
| - djm@cvs.openbsd.org 2010/11/21 10:57:07 |
| [authfile.c] |
| Refactor internals of private key loading and saving to work on memory |
| buffers rather than directly on files. This will make a few things |
| easier to do in the future; ok markus@ |
| - djm@cvs.openbsd.org 2010/11/23 02:35:50 |
| [auth.c] |
| use strict_modes already passed as function argument over referencing |
| global options.strict_modes |
| - djm@cvs.openbsd.org 2010/11/23 23:57:24 |
| [clientloop.c] |
| avoid NULL deref on receiving a channel request on an unknown or invalid |
| channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/11/24 01:24:14 |
| [channels.c] |
| remove a debug() that pollutes stderr on client connecting to a server |
| in debug mode (channel_close_fds is called transitively from the session |
| code post-fork); bz#1719, ok dtucker |
| - djm@cvs.openbsd.org 2010/11/25 04:10:09 |
| [session.c] |
| replace close() loop for fds 3->64 with closefrom(); |
| ok markus deraadt dtucker |
| - djm@cvs.openbsd.org 2010/11/26 05:52:49 |
| [scp.c] |
| Pass through ssh command-line flags and options when doing remote-remote |
| transfers, e.g. to enable agent forwarding which is particularly useful |
| in this case; bz#1837 ok dtucker@ |
| - markus@cvs.openbsd.org 2010/11/29 18:57:04 |
| [authfile.c] |
| correctly load comment for encrypted rsa1 keys; |
| report/fix Joachim Schipper; ok djm@ |
| - djm@cvs.openbsd.org 2010/11/29 23:45:51 |
| [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] |
| [sshconnect.h sshconnect2.c] |
| automatically order the hostkeys requested by the client based on |
| which hostkeys are already recorded in known_hosts. This avoids |
| hostkey warnings when connecting to servers with new ECDSA keys |
| that are preferred by default; with markus@ |
| |
| 20101124 |
| - (dtucker) [platform.c session.c] Move the getluid call out of session.c and |
| into the platform-specific code Only affects SCO, tested by and ok tim@. |
| - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow |
| group read/write. ok dtucker@ |
| - (dtucker) [packet.c] Remove redundant local declaration of "int tos". |
| - (djm) [defines.h] Add IP DSCP defines |
| |
| 20101122 |
| - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch |
| from vapier at gentoo org. |
| |
| 20101120 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/11/05 02:46:47 |
| [packet.c] |
| whitespace KNF |
| - djm@cvs.openbsd.org 2010/11/10 01:33:07 |
| [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] |
| use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. |
| these have been around for years by this time. ok markus |
| - djm@cvs.openbsd.org 2010/11/13 23:27:51 |
| [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] |
| [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] |
| allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of |
| hardcoding lowdelay/throughput. |
| |
| bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ |
| - jmc@cvs.openbsd.org 2010/11/15 07:40:14 |
| [ssh_config.5] |
| libary -> library; |
| - jmc@cvs.openbsd.org 2010/11/18 15:01:00 |
| [scp.1 sftp.1 ssh.1 sshd_config.5] |
| add IPQoS to the various -o lists, and zap some trailing whitespace; |
| |
| 20101111 |
| - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on |
| platforms that don't support ECC. Fixes some spurious warnings reported |
| by tim@ |
| |
| 20101109 |
| - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. |
| Feedback from dtucker@ |
| - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add |
| support for platforms missing isblank(). ok djm@ |
| |
| 20101108 |
| - (tim) [regress/Makefile] Fixes to allow building/testing outside source |
| tree. |
| - (tim) [regress/kextype.sh] Shell portability fix. |
| |
| 20101107 |
| - (dtucker) [platform.c] includes.h instead of defines.h so that we get |
| the correct typedefs. |
| |
| 20101105 |
| - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of |
| int. Should fix bz#1817 cleanly; ok dtucker@ |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/09/22 12:26:05 |
| [regress/Makefile regress/kextype.sh] |
| regress test for each of the key exchange algorithms that we support |
| - djm@cvs.openbsd.org 2010/10/28 11:22:09 |
| [authfile.c key.c key.h ssh-keygen.c] |
| fix a possible NULL deref on loading a corrupt ECDH key |
| |
| store ECDH group information in private keys files as "named groups" |
| rather than as a set of explicit group parameters (by setting |
| the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and |
| retrieves the group's OpenSSL NID that we need for various things. |
| - jmc@cvs.openbsd.org 2010/10/28 18:33:28 |
| [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] |
| knock out some "-*- nroff -*-" lines; |
| - djm@cvs.openbsd.org 2010/11/04 02:45:34 |
| [sftp-server.c] |
| umask should be parsed as octal. reported by candland AT xmission.com; |
| ok markus@ |
| - (dtucker) [configure.ac platform.{c,h} session.c |
| openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. |
| Patch from cory.erickson at csu mnscu edu with a bit of rework from me. |
| ok djm@ |
| - (dtucker) [platform.c platform.h session.c] Add a platform hook to run |
| after the user's groups are established and move the selinux calls into it. |
| - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into |
| platform.c |
| - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. |
| - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to |
| retain previous behavior. |
| - (dtucker) [platform.c session.c] Move the PAM credential establishment for |
| the LOGIN_CAP case into platform.c. |
| - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into |
| platform.c |
| - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. |
| - (dtucker) [platform.c session.c] Move irix setusercontext fragment into |
| platform.c. |
| - (dtucker) [platform.c session.c] Move PAM credential establishment for the |
| non-LOGIN_CAP case into platform.c. |
| - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case |
| check into platform.c |
| - (dtucker) [regress/keytype.sh] Import new test. |
| - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] |
| Import recent changes to regress/Makefile, pass a flag to enable ECC tests |
| from configure through to regress/Makefile and use it in the tests. |
| - (dtucker) [regress/kextype.sh] Add missing "test". |
| - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not |
| strictly correct since while ECC requires sha256 the reverse is not true |
| however it does prevent spurious test failures. |
| - (dtucker) [platform.c] Need servconf.h and extern options. |
| |
| 20101025 |
| - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with |
| 1.12 to unbreak Solaris build. |
| ok djm@ |
| - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a |
| native one. |
| |
| 20101024 |
| - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. |
| - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms |
| which don't have ECC support in libcrypto. |
| - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms |
| which don't have ECC support in libcrypto. |
| - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't |
| have it. |
| - (dtucker) OpenBSD CVS Sync |
| - sthen@cvs.openbsd.org 2010/10/23 22:06:12 |
| [sftp.c] |
| escape '[' in filename tab-completion; fix a type while there. |
| ok djm@ |
| |
| 20101021 |
| - OpenBSD CVS Sync |
| - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 |
| [mux.c] |
| Typo in confirmation message. bz#1827, patch from imorgan at |
| nas nasa gov |
| - djm@cvs.openbsd.org 2010/08/31 12:24:09 |
| [regress/cert-hostkey.sh regress/cert-userkey.sh] |
| tests for ECDSA certificates |
| |
| 20101011 |
| - (djm) [canohost.c] Zero a4 instead of addr to better match type. |
| bz#1825, reported by foo AT mailinator.com |
| - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) |
| |
| 20101011 |
| - (djm) [configure.ac] Use = instead of == in shell tests. Patch from |
| dr AT vasco.com |
| |
| 20101007 |
| - (djm) [ssh-agent.c] Fix type for curve name. |
| - (djm) OpenBSD CVS Sync |
| - matthew@cvs.openbsd.org 2010/09/24 13:33:00 |
| [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] |
| [openbsd-compat/timingsafe_bcmp.c] |
| Add timingsafe_bcmp(3) to libc, mention that it's already in the |
| kernel in kern(9), and remove it from OpenSSH. |
| ok deraadt@, djm@ |
| NB. re-added under openbsd-compat/ for portable OpenSSH |
| - djm@cvs.openbsd.org 2010/09/25 09:30:16 |
| [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] |
| make use of new glob(3) GLOB_KEEPSTAT extension to save extra server |
| rountrips to fetch per-file stat(2) information. |
| NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to |
| match. |
| - djm@cvs.openbsd.org 2010/09/26 22:26:33 |
| [sftp.c] |
| when performing an "ls" in columnated (short) mode, only call |
| ioctl(TIOCGWINSZ) once to get the window width instead of per- |
| filename |
| - djm@cvs.openbsd.org 2010/09/30 11:04:51 |
| [servconf.c] |
| prevent free() of string in .rodata when overriding AuthorizedKeys in |
| a Match block; patch from rein AT basefarm.no |
| - djm@cvs.openbsd.org 2010/10/01 23:05:32 |
| [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] |
| adapt to API changes in openssl-1.0.0a |
| NB. contains compat code to select correct API for older OpenSSL |
| - djm@cvs.openbsd.org 2010/10/05 05:13:18 |
| [sftp.c sshconnect.c] |
| use default shell /bin/sh if $SHELL is ""; ok markus@ |
| - djm@cvs.openbsd.org 2010/10/06 06:39:28 |
| [clientloop.c ssh.c sshconnect.c sshconnect.h] |
| kill proxy command on fatal() (we already kill it on clean exit); |
| ok markus@ |
| - djm@cvs.openbsd.org 2010/10/06 21:10:21 |
| [sshconnect.c] |
| swapped args to kill(2) |
| - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. |
| - (djm) [cipher-acss.c] Add missing header. |
| - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp |
| |
| 20100924 |
| - (djm) OpenBSD CVS Sync |
| - naddy@cvs.openbsd.org 2010/09/10 15:19:29 |
| [ssh-keygen.1] |
| * mention ECDSA in more places |
| * less repetition in FILES section |
| * SSHv1 keys are still encrypted with 3DES |
| help and ok jmc@ |
| - djm@cvs.openbsd.org 2010/09/11 21:44:20 |
| [ssh.1] |
| mention RFC 5656 for ECC stuff |
| - jmc@cvs.openbsd.org 2010/09/19 21:30:05 |
| [sftp.1] |
| more wacky macro fixing; |
| - djm@cvs.openbsd.org 2010/09/20 04:41:47 |
| [ssh.c] |
| install a SIGCHLD handler to reap expiried child process; ok markus@ |
| - djm@cvs.openbsd.org 2010/09/20 04:50:53 |
| [jpake.c schnorr.c] |
| check that received values are smaller than the group size in the |
| disabled and unfinished J-PAKE code. |
| avoids catastrophic security failure found by Sebastien Martini |
| - djm@cvs.openbsd.org 2010/09/20 04:54:07 |
| [jpake.c] |
| missing #include |
| - djm@cvs.openbsd.org 2010/09/20 07:19:27 |
| [mux.c] |
| "atomically" create the listening mux socket by binding it on a temorary |
| name and then linking it into position after listen() has succeeded. |
| this allows the mux clients to determine that the server socket is |
| either ready or stale without races. stale server sockets are now |
| automatically removed |
| ok deraadt |
| - djm@cvs.openbsd.org 2010/09/22 05:01:30 |
| [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] |
| [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] |
| add a KexAlgorithms knob to the client and server configuration to allow |
| selection of which key exchange methods are used by ssh(1) and sshd(8) |
| and their order of preference. |
| ok markus@ |
| - jmc@cvs.openbsd.org 2010/09/22 08:30:08 |
| [ssh.1 ssh_config.5] |
| ssh.1: add kexalgorithms to the -o list |
| ssh_config.5: format the kexalgorithms in a more consistent |
| (prettier!) way |
| ok djm |
| - djm@cvs.openbsd.org 2010/09/22 22:58:51 |
| [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] |
| [sftp-client.h sftp.1 sftp.c] |
| add an option per-read/write callback to atomicio |
| |
| factor out bandwidth limiting code from scp(1) into a generic bandwidth |
| limiter that can be attached using the atomicio callback mechanism |
| |
| add a bandwidth limit option to sftp(1) using the above |
| "very nice" markus@ |
| - jmc@cvs.openbsd.org 2010/09/23 13:34:43 |
| [sftp.c] |
| add [-l limit] to usage(); |
| - jmc@cvs.openbsd.org 2010/09/23 13:36:46 |
| [scp.1 sftp.1] |
| add KexAlgorithms to the -o list; |
| |
| 20100910 |
| - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact |
| return code since it can apparently return -1 under some conditions. From |
| openssh bugs werbittewas de, ok djm@ |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/08/31 12:33:38 |
| [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| reintroduce commit from tedu@, which I pulled out for release |
| engineering: |
| OpenSSL_add_all_algorithms is the name of the function we have a |
| man page for, so use that. ok djm |
| - jmc@cvs.openbsd.org 2010/08/31 17:40:54 |
| [ssh-agent.1] |
| fix some macro abuse; |
| - jmc@cvs.openbsd.org 2010/08/31 21:14:58 |
| [ssh.1] |
| small text tweak to accommodate previous; |
| - naddy@cvs.openbsd.org 2010/09/01 15:21:35 |
| [servconf.c] |
| pick up ECDSA host key by default; ok djm@ |
| - markus@cvs.openbsd.org 2010/09/02 16:07:25 |
| [ssh-keygen.c] |
| permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ |
| - markus@cvs.openbsd.org 2010/09/02 16:08:39 |
| [ssh.c] |
| unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ |
| - naddy@cvs.openbsd.org 2010/09/02 17:21:50 |
| [ssh-keygen.c] |
| Switch ECDSA default key size to 256 bits, which according to RFC5656 |
| should still be better than our current RSA-2048 default. |
| ok djm@, markus@ |
| - jmc@cvs.openbsd.org 2010/09/03 11:09:29 |
| [scp.1] |
| add an EXIT STATUS section for /usr/bin; |
| - jmc@cvs.openbsd.org 2010/09/04 09:38:34 |
| [ssh-add.1 ssh.1] |
| two more EXIT STATUS sections; |
| - naddy@cvs.openbsd.org 2010/09/06 17:10:19 |
| [sshd_config] |
| add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste |
| <mattieu.b@gmail.com> |
| ok deraadt@ |
| - djm@cvs.openbsd.org 2010/09/08 03:54:36 |
| [authfile.c] |
| typo |
| - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 |
| [compress.c] |
| work around name-space collisions some buggy compilers (looking at you |
| gcc, at least in earlier versions, but this does not forgive your current |
| transgressions) seen between zlib and openssl |
| ok djm |
| - djm@cvs.openbsd.org 2010/09/09 10:45:45 |
| [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] |
| ECDH/ECDSA compliance fix: these methods vary the hash function they use |
| (SHA256/384/512) depending on the length of the curve in use. The previous |
| code incorrectly used SHA256 in all cases. |
| |
| This fix will cause authentication failure when using 384 or 521-bit curve |
| keys if one peer hasn't been upgraded and the other has. (256-bit curve |
| keys work ok). In particular you may need to specify HostkeyAlgorithms |
| when connecting to a server that has not been upgraded from an upgraded |
| client. |
| |
| ok naddy@ |
| - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] |
| [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] |
| [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on |
| platforms that don't have the requisite OpenSSL support. ok dtucker@ |
| - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs |
| for missing headers and compiler warnings. |
| |
| 20100831 |
| - OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2010/08/08 19:36:30 |
| [ssh-keysign.8 ssh.1 sshd.8] |
| use the same template for all FILES sections; i.e. -compact/.Pp where we |
| have multiple items, and .Pa for path names; |
| - tedu@cvs.openbsd.org 2010/08/12 23:34:39 |
| [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| OpenSSL_add_all_algorithms is the name of the function we have a man page |
| for, so use that. ok djm |
| - djm@cvs.openbsd.org 2010/08/16 04:06:06 |
| [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| backout previous temporarily; discussed with deraadt@ |
| - djm@cvs.openbsd.org 2010/08/31 09:58:37 |
| [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] |
| [packet.h ssh-dss.c ssh-rsa.c] |
| Add buffer_get_cstring() and related functions that verify that the |
| string extracted from the buffer contains no embedded \0 characters* |
| This prevents random (possibly malicious) crap from being appended to |
| strings where it would not be noticed if the string is used with |
| a string(3) function. |
| |
| Use the new API in a few sensitive places. |
| |
| * actually, we allow a single one at the end of the string for now because |
| we don't know how many deployed implementations get this wrong, but don't |
| count on this to remain indefinitely. |
| - djm@cvs.openbsd.org 2010/08/31 11:54:45 |
| [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] |
| [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] |
| [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] |
| [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] |
| [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] |
| [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] |
| [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] |
| Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and |
| host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer |
| better performance than plain DH and DSA at the same equivalent symmetric |
| key length, as well as much shorter keys. |
| |
| Only the mandatory sections of RFC5656 are implemented, specifically the |
| three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and |
| ECDSA. Point compression (optional in RFC5656 is NOT implemented). |
| |
| Certificate host and user keys using the new ECDSA key types are supported. |
| |
| Note that this code has not been tested for interoperability and may be |
| subject to change. |
| |
| feedback and ok markus@ |
| - (djm) [Makefile.in] Add new ECC files |
| - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include |
| includes.h |
| |
| 20100827 |
| - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, |
| remove. Patch from martynas at venck us |
| |
| 20100823 |
| - (djm) Release OpenSSH-5.6p1 |
| |
| 20100816 |
| - (dtucker) [configure.ac openbsd-compat/Makefile.in |
| openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to |
| the compat library which helps on platforms like old IRIX. Based on work |
| by djm, tested by Tom Christensen. |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/08/12 21:49:44 |
| [ssh.c] |
| close any extra file descriptors inherited from parent at start and |
| reopen stdin/stdout to /dev/null when forking for ControlPersist. |
| |
| prevents tools that fork and run a captive ssh for communication from |
| failing to exit when the ssh completes while they wait for these fds to |
| close. The inherited fds may persist arbitrarily long if a background |
| mux master has been started by ControlPersist. cvs and scp were effected |
| by this. |
| |
| "please commit" markus@ |
| - (djm) [regress/README.regress] typo |
| |
| 20100812 |
| - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh |
| regress/test-exec.sh] Under certain conditions when testing with sudo |
| tests would fail because the pidfile could not be read by a regular user. |
| "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" |
| Make sure cat is run by $SUDO. no objection from me. djm@ |
| - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. |
| |
| 20100809 |
| - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is |
| already set. Makes FreeBSD user openable tunnels useful; patch from |
| richard.burakowski+ossh AT mrburak.net, ok dtucker@ |
| - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. |
| based in part on a patch from Colin Watson, ok djm@ |
| |
| 20100809 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/08/08 16:26:42 |
| [version.h] |
| crank to 5.6 |
| - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| [contrib/suse/openssh.spec] Crank version numbers |
| |
| 20100805 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/08/04 05:37:01 |
| [ssh.1 ssh_config.5 sshd.8] |
| Remove mentions of weird "addr/port" alternate address format for IPv6 |
| addresses combinations. It hasn't worked for ages and we have supported |
| the more commen "[addr]:port" format for a long time. ok jmc@ markus@ |
| - djm@cvs.openbsd.org 2010/08/04 05:40:39 |
| [PROTOCOL.certkeys ssh-keygen.c] |
| tighten the rules for certificate encoding by requiring that options |
| appear in lexical order and make our ssh-keygen comply. ok markus@ |
| - djm@cvs.openbsd.org 2010/08/04 05:42:47 |
| [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] |
| [ssh-keysign.c ssh.c] |
| enable certificates for hostbased authentication, from Iain Morgan; |
| "looks ok" markus@ |
| - djm@cvs.openbsd.org 2010/08/04 05:49:22 |
| [authfile.c] |
| commited the wrong version of the hostbased certificate diff; this |
| version replaces some strlc{py,at} verbosity with xasprintf() at |
| the request of markus@ |
| - djm@cvs.openbsd.org 2010/08/04 06:07:11 |
| [ssh-keygen.1 ssh-keygen.c] |
| Support CA keys in PKCS#11 tokens; feedback and ok markus@ |
| - djm@cvs.openbsd.org 2010/08/04 06:08:40 |
| [ssh-keysign.c] |
| clean for -Wuninitialized (Id sync only; portable had this change) |
| - djm@cvs.openbsd.org 2010/08/05 13:08:42 |
| [channels.c] |
| Fix a trio of bugs in the local/remote window calculation for datagram |
| data channels (i.e. TunnelForward): |
| |
| Calculate local_consumed correctly in channel_handle_wfd() by measuring |
| the delta to buffer_len(c->output) from when we start to when we finish. |
| The proximal problem here is that the output_filter we use in portable |
| modified the length of the dequeued datagram (to futz with the headers |
| for !OpenBSD). |
| |
| In channel_output_poll(), don't enqueue datagrams that won't fit in the |
| peer's advertised packet size (highly unlikely to ever occur) or which |
| won't fit in the peer's remaining window (more likely). |
| |
| In channel_input_data(), account for the 4-byte string header in |
| datagram packets that we accept from the peer and enqueue in c->output. |
| |
| report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; |
| "looks good" markus@ |
| |
| 20100803 |
| - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from |
| PAM to sane values in case the PAM method doesn't write to them. Spotted by |
| Bitman Zhou, ok djm@. |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/07/16 04:45:30 |
| [ssh-keygen.c] |
| avoid bogus compiler warning |
| - djm@cvs.openbsd.org 2010/07/16 14:07:35 |
| [ssh-rsa.c] |
| more timing paranoia - compare all parts of the expected decrypted |
| data before returning. AFAIK not exploitable in the SSH protocol. |
| "groovy" deraadt@ |
| - djm@cvs.openbsd.org 2010/07/19 03:16:33 |
| [sftp-client.c] |
| bz#1797: fix swapped args in upload_dir_internal(), breaking recursive |
| upload depth checks and causing verbose printing of transfers to always |
| be turned on; patch from imorgan AT nas.nasa.gov |
| - djm@cvs.openbsd.org 2010/07/19 09:15:12 |
| [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] |
| add a "ControlPersist" option that automatically starts a background |
| ssh(1) multiplex master when connecting. This connection can stay alive |
| indefinitely, or can be set to automatically close after a user-specified |
| duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but |
| further hacked on by wmertens AT cisco.com, apb AT cequrux.com, |
| martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ |
| - djm@cvs.openbsd.org 2010/07/21 02:10:58 |
| [misc.c] |
| sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern |
| - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 |
| [ssh.1] |
| Ciphers is documented in ssh_config(5) these days |
| |
| 20100819 |
| - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more |
| details about its behaviour WRT existing directories. Patch from |
| asguthrie at gmail com, ok djm. |
| |
| 20100716 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/07/02 04:32:44 |
| [misc.c] |
| unbreak strdelim() skipping past quoted strings, e.g. |
| AllowUsers "blah blah" blah |
| was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com |
| ok dtucker; |
| - djm@cvs.openbsd.org 2010/07/12 22:38:52 |
| [ssh.c] |
| Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") |
| for protocol 2. ok markus@ |
| - djm@cvs.openbsd.org 2010/07/12 22:41:13 |
| [ssh.c ssh_config.5] |
| expand %h to the hostname in ssh_config Hostname options. While this |
| sounds useless, it is actually handy for working with unqualified |
| hostnames: |
| |
| Host *.* |
| Hostname %h |
| Host * |
| Hostname %h.example.org |
| |
| "I like it" markus@ |
| - djm@cvs.openbsd.org 2010/07/13 11:52:06 |
| [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] |
| [packet.c ssh-rsa.c] |
| implement a timing_safe_cmp() function to compare memory without leaking |
| timing information by short-circuiting like memcmp() and use it for |
| some of the more sensitive comparisons (though nothing high-value was |
| readily attackable anyway); "looks ok" markus@ |
| - djm@cvs.openbsd.org 2010/07/13 23:13:16 |
| [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] |
| [ssh-rsa.c] |
| s/timing_safe_cmp/timingsafe_bcmp/g |
| - jmc@cvs.openbsd.org 2010/07/14 17:06:58 |
| [ssh.1] |
| finally ssh synopsis looks nice again! this commit just removes a ton of |
| hacks we had in place to make it work with old groff; |
| - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 |
| [ssh-keygen.1] |
| repair incorrect block nesting, which screwed up indentation; |
| problem reported and fix OK by jmc@ |
| |
| 20100714 |
| - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass |
| (line 77) should have been for no_x11_askpass. |
| |
| 20100702 |
| - (djm) OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2010/06/26 00:57:07 |
| [ssh_config.5] |
| tweak previous; |
| - djm@cvs.openbsd.org 2010/06/26 23:04:04 |
| [ssh.c] |
| oops, forgot to #include <canohost.h>; spotted and patch from chl@ |
| - djm@cvs.openbsd.org 2010/06/29 23:15:30 |
| [ssh-keygen.1 ssh-keygen.c] |
| allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; |
| bz#1749; ok markus@ |
| - djm@cvs.openbsd.org 2010/06/29 23:16:46 |
| [auth2-pubkey.c sshd_config.5] |
| allow key options (command="..." and friends) in AuthorizedPrincipals; |
| ok markus@ |
| - jmc@cvs.openbsd.org 2010/06/30 07:24:25 |
| [ssh-keygen.1] |
| tweak previous; |
| - jmc@cvs.openbsd.org 2010/06/30 07:26:03 |
| [ssh-keygen.c] |
| sort usage(); |
| - jmc@cvs.openbsd.org 2010/06/30 07:28:34 |
| [sshd_config.5] |
| tweak previous; |
| - millert@cvs.openbsd.org 2010/07/01 13:06:59 |
| [scp.c] |
| Fix a longstanding problem where if you suspend scp at the |
| password/passphrase prompt the terminal mode is not restored. |
| OK djm@ |
| - phessler@cvs.openbsd.org 2010/06/27 19:19:56 |
| [regress/Makefile] |
| fix how we run the tests so we can successfully use SUDO='sudo -E' |
| in our env |
| - djm@cvs.openbsd.org 2010/06/29 23:59:54 |
| [cert-userkey.sh] |
| regress tests for key options in AuthorizedPrincipals |
| |
| 20100627 |
| - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs |
| key.h. |
| |
| 20100626 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/05/21 05:00:36 |
| [misc.c] |
| colon() returns char*, so s/return (0)/return NULL/ |
| - markus@cvs.openbsd.org 2010/06/08 21:32:19 |
| [ssh-pkcs11.c] |
| check length of value returned C_GetAttributValue for != 0 |
| from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/06/17 07:07:30 |
| [mux.c] |
| Correct sizing of object to be allocated by calloc(), replacing |
| sizeof(state) with sizeof(*state). This worked by accident since |
| the struct contained a single int at present, but could have broken |
| in the future. patch from hyc AT symas.com |
| - djm@cvs.openbsd.org 2010/06/18 00:58:39 |
| [sftp.c] |
| unbreak ls in working directories that contains globbing characters in |
| their pathnames. bz#1655 reported by vgiffin AT apple.com |
| - djm@cvs.openbsd.org 2010/06/18 03:16:03 |
| [session.c] |
| Missing check for chroot_director == "none" (we already checked against |
| NULL); bz#1564 from Jan.Pechanec AT Sun.COM |
| - djm@cvs.openbsd.org 2010/06/18 04:43:08 |
| [sftp-client.c] |
| fix memory leak in do_realpath() error path; bz#1771, patch from |
| anicka AT suse.cz |
| - djm@cvs.openbsd.org 2010/06/22 04:22:59 |
| [servconf.c sshd_config.5] |
| expose some more sshd_config options inside Match blocks: |
| AuthorizedKeysFile AuthorizedPrincipalsFile |
| HostbasedUsesNameFromPacketOnly PermitTunnel |
| bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/06/22 04:32:06 |
| [ssh-keygen.c] |
| standardise error messages when attempting to open private key |
| files to include "progname: filename: error reason" |
| bz#1783; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/06/22 04:49:47 |
| [auth.c] |
| queue auth debug messages for bad ownership or permissions on the user's |
| keyfiles. These messages will be sent after the user has successfully |
| authenticated (where our client will display them with LogLevel=debug). |
| bz#1554; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/06/22 04:54:30 |
| [ssh-keyscan.c] |
| replace verbose and overflow-prone Linebuf code with read_keyfile_line() |
| based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/06/22 04:59:12 |
| [session.c] |
| include the user name on "subsystem request for ..." log messages; |
| bz#1571; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/06/23 02:59:02 |
| [ssh-keygen.c] |
| fix printing of extensions in v01 certificates that I broke in r1.190 |
| - djm@cvs.openbsd.org 2010/06/25 07:14:46 |
| [channels.c mux.c readconf.c readconf.h ssh.h] |
| bz#1327: remove hardcoded limit of 100 permitopen clauses and port |
| forwards per direction; ok markus@ stevesk@ |
| - djm@cvs.openbsd.org 2010/06/25 07:20:04 |
| [channels.c session.c] |
| bz#1750: fix requirement for /dev/null inside ChrootDirectory for |
| internal-sftp accidentally introduced in r1.253 by removing the code |
| that opens and dup /dev/null to stderr and modifying the channels code |
| to read stderr but discard it instead; ok markus@ |
| - djm@cvs.openbsd.org 2010/06/25 08:46:17 |
| [auth1.c auth2-none.c] |
| skip the initial check for access with an empty password when |
| PermitEmptyPasswords=no; bz#1638; ok markus@ |
| - djm@cvs.openbsd.org 2010/06/25 23:10:30 |
| [ssh.c] |
| log the hostname and address that we connected to at LogLevel=verbose |
| after authentication is successful to mitigate "phishing" attacks by |
| servers with trusted keys that accept authentication silently and |
| automatically before presenting fake password/passphrase prompts; |
| "nice!" markus@ |
| - djm@cvs.openbsd.org 2010/06/25 23:10:30 |
| [ssh.c] |
| log the hostname and address that we connected to at LogLevel=verbose |
| after authentication is successful to mitigate "phishing" attacks by |
| servers with trusted keys that accept authentication silently and |
| automatically before presenting fake password/passphrase prompts; |
| "nice!" markus@ |
| |
| 20100622 |
| - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
| bz#1579; ok dtucker |
| |
| 20100618 |
| - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ |
| rather than assuming that $CWD == $HOME. bz#1500, patch from |
| timothy AT gelter.com |
| |
| 20100617 |
| - (tim) [contrib/cygwin/README] Remove a reference to the obsolete |
| minires-devel package, and to add the reference to the libedit-devel |
| package since CYgwin now provides libedit. Patch from Corinna Vinschen. |
| |
| 20100521 |
| - (djm) OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/05/07 11:31:26 |
| [regress/Makefile regress/cert-userkey.sh] |
| regress tests for AuthorizedPrincipalsFile and "principals=" key option. |
| feedback and ok markus@ |
| - djm@cvs.openbsd.org 2010/05/11 02:58:04 |
| [auth-rsa.c] |
| don't accept certificates marked as "cert-authority" here; ok markus@ |
| - djm@cvs.openbsd.org 2010/05/14 00:47:22 |
| [ssh-add.c] |
| check that the certificate matches the corresponding private key before |
| grafting it on |
| - djm@cvs.openbsd.org 2010/05/14 23:29:23 |
| [channels.c channels.h mux.c ssh.c] |
| Pause the mux channel while waiting for reply from aynch callbacks. |
| Prevents misordering of replies if new requests arrive while waiting. |
| |
| Extend channel open confirm callback to allow signalling failure |
| conditions as well as success. Use this to 1) fix a memory leak, 2) |
| start using the above pause mechanism and 3) delay sending a success/ |
| failure message on mux slave session open until we receive a reply from |
| the server. |
| |
| motivated by and with feedback from markus@ |
| - markus@cvs.openbsd.org 2010/05/16 12:55:51 |
| [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] |
| mux support for remote forwarding with dynamic port allocation, |
| use with |
| LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` |
| feedback and ok djm@ |
| - djm@cvs.openbsd.org 2010/05/20 11:25:26 |
| [auth2-pubkey.c] |
| fix logspam when key options (from="..." especially) deny non-matching |
| keys; reported by henning@ also bz#1765; ok markus@ dtucker@ |
| - djm@cvs.openbsd.org 2010/05/20 23:46:02 |
| [PROTOCOL.certkeys auth-options.c ssh-keygen.c] |
| Move the permit-* options to the non-critical "extensions" field for v01 |
| certificates. The logic is that if another implementation fails to |
| implement them then the connection just loses features rather than fails |
| outright. |
| |
| ok markus@ |
| |
| 20100511 |
| - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve |
| circular dependency problem on old or odd platforms. From Tom Lane, ok |
| djm@. |
| - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older |
| libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't |
| already. ok dtucker@ |
| |
| 20100510 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/04/23 01:47:41 |
| [ssh-keygen.c] |
| bz#1740: display a more helpful error message when $HOME is |
| inaccessible while trying to create .ssh directory. Based on patch |
| from jchadima AT redhat.com; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/04/23 22:27:38 |
| [mux.c] |
| set "detach_close" flag when registering channel cleanup callbacks. |
| This causes the channel to close normally when its fds close and |
| hangs when terminating a mux slave using ~. bz#1758; ok markus@ |
| - djm@cvs.openbsd.org 2010/04/23 22:42:05 |
| [session.c] |
| set stderr to /dev/null for subsystems rather than just closing it. |
| avoids hangs if a subsystem or shell initialisation writes to stderr. |
| bz#1750; ok markus@ |
| - djm@cvs.openbsd.org 2010/04/23 22:48:31 |
| [ssh-keygen.c] |
| refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, |
| since we would refuse to use them anyway. bz#1516; ok dtucker@ |
| - djm@cvs.openbsd.org 2010/04/26 22:28:24 |
| [sshconnect2.c] |
| bz#1502: authctxt.success is declared as an int, but passed by |
| reference to function that accepts sig_atomic_t*. Convert it to |
| the latter; ok markus@ dtucker@ |
| - djm@cvs.openbsd.org 2010/05/01 02:50:50 |
| [PROTOCOL.certkeys] |
| typo; jmeltzer@ |
| - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 |
| [sftp.c] |
| restore mput and mget which got lost in the tab-completion changes. |
| found by Kenneth Whitaker, ok djm@ |
| - djm@cvs.openbsd.org 2010/05/07 11:30:30 |
| [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] |
| [key.c servconf.c servconf.h sshd.8 sshd_config.5] |
| add some optional indirection to matching of principal names listed |
| in certificates. Currently, a certificate must include the a user's name |
| to be accepted for authentication. This change adds the ability to |
| specify a list of certificate principal names that are acceptable. |
| |
| When authenticating using a CA trusted through ~/.ssh/authorized_keys, |
| this adds a new principals="name1[,name2,...]" key option. |
| |
| For CAs listed through sshd_config's TrustedCAKeys option, a new config |
| option "AuthorizedPrincipalsFile" specifies a per-user file containing |
| the list of acceptable names. |
| |
| If either option is absent, the current behaviour of requiring the |
| username to appear in principals continues to apply. |
| |
| These options are useful for role accounts, disjoint account namespaces |
| and "user@realm"-style naming policies in certificates. |
| |
| feedback and ok markus@ |
| - jmc@cvs.openbsd.org 2010/05/07 12:49:17 |
| [sshd_config.5] |
| tweak previous; |
| |
| 20100423 |
| - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir |
| in the openssl install directory (some newer openssl versions do this on at |
| least some amd64 platforms). |
| |
| 20100418 |
| - OpenBSD CVS Sync |
| - jmc@cvs.openbsd.org 2010/04/16 06:45:01 |
| [ssh_config.5] |
| tweak previous; ok djm |
| - jmc@cvs.openbsd.org 2010/04/16 06:47:04 |
| [ssh-keygen.1 ssh-keygen.c] |
| tweak previous; ok djm |
| - djm@cvs.openbsd.org 2010/04/16 21:14:27 |
| [sshconnect.c] |
| oops, %r => remote username, not %u |
| - djm@cvs.openbsd.org 2010/04/16 01:58:45 |
| [regress/cert-hostkey.sh regress/cert-userkey.sh] |
| regression tests for v01 certificate format |
| includes interop tests for v00 certs |
| - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default |
| file. |
| |
| 20100416 |
| - (djm) Release openssh-5.5p1 |
| - OpenBSD CVS Sync |
| - djm@cvs.openbsd.org 2010/03/26 03:13:17 |
| [bufaux.c] |
| allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer |
| argument to allow skipping past values in a buffer |
| - jmc@cvs.openbsd.org 2010/03/26 06:54:36 |
| [ssh.1] |
| tweak previous; |
| - jmc@cvs.openbsd.org 2010/03/27 14:26:55 |
| [ssh_config.5] |
| tweak previous; ok dtucker |
| - djm@cvs.openbsd.org 2010/04/10 00:00:16 |
| [ssh.c] |
| bz#1746 - suppress spurious tty warning when using -O and stdin |
| is not a tty; ok dtucker@ markus@ |
| - djm@cvs.openbsd.org 2010/04/10 00:04:30 |
| [sshconnect.c] |
| fix terminology: we didn't find a certificate in known_hosts, we found |
| a CA key |
| - djm@cvs.openbsd.org 2010/04/10 02:08:44 |
| [clientloop.c] |
| bz#1698: kill channel when pty allocation requests fail. Fixed |
| stuck client if the server refuses pty allocation. |
| ok dtucker@ "think so" markus@ |
| - djm@cvs.openbsd.org 2010/04/10 02:10:56 |
| [sshconnect2.c] |
| show the key type that we are offering in debug(), helps distinguish |
| between certs and plain keys as the path to the private key is usually |
| the same. |
| - djm@cvs.openbsd.org 2010/04/10 05:48:16 |
| [mux.c] |
| fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au |
| - djm@cvs.openbsd.org 2010/04/14 22:27:42 |
| [ssh_config.5 sshconnect.c] |
| expand %r => remote username in ssh_config:ProxyCommand; |
| ok deraadt markus |
| - markus@cvs.openbsd.org 2010/04/15 20:32:55 |
| [ssh-pkcs11.c] |
| retry lookup for private key if there's no matching key with CKA_SIGN |
| attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) |
| ok djm@ |
| - djm@cvs.openbsd.org 2010/04/16 01:47:26 |
| [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] |
| [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] |
| [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] |
| [sshconnect.c sshconnect2.c sshd.c] |
| revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the |
| following changes: |
| |
| move the nonce field to the beginning of the certificate where it can |
| better protect against chosen-prefix attacks on the signature hash |
| |
| Rename "constraints" field to "critical options" |
| |
| Add a new non-critical "extensions" field |
| |
| Add a serial number |
| |
| The older format is still support for authentication and cert generation |
| (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) |
| |
| ok markus@ |