ChangeLog revision 250739
1250739Sdes20130510 2250739Sdes - (djm) OpenBSD CVS Cherrypick 3250739Sdes - djm@cvs.openbsd.org 2013/04/11 02:27:50 4250739Sdes [packet.c] 5250739Sdes quiet disconnect notifications on the server from error() back to logit() 6250739Sdes if it is a normal client closure; bz#2057 ok+feedback dtucker@ 7250739Sdes - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 8250739Sdes [contrib/suse/openssh.spec] Crank version numbers for release. 9250739Sdes 10250739Sdes20130404 11250739Sdes - (dtucker) OpenBSD CVS Sync 12250739Sdes - dtucker@cvs.openbsd.org 2013/02/17 23:16:57 13250739Sdes [readconf.c ssh.c readconf.h sshconnect2.c] 14250739Sdes Keep track of which IndentityFile options were manually supplied and which 15250739Sdes were default options, and don't warn if the latter are missing. 16250739Sdes ok markus@ 17250739Sdes - dtucker@cvs.openbsd.org 2013/02/19 02:12:47 18250739Sdes [krl.c] 19250739Sdes Remove bogus include. ok djm 20250739Sdes - dtucker@cvs.openbsd.org 2013/02/22 04:45:09 21250739Sdes [ssh.c readconf.c readconf.h] 22250739Sdes Don't complain if IdentityFiles specified in system-wide configs are 23250739Sdes missing. ok djm, deraadt. 24250739Sdes - markus@cvs.openbsd.org 2013/02/22 19:13:56 25250739Sdes [sshconnect.c] 26250739Sdes support ProxyCommand=- (stdin/out already point to the proxy); ok djm@ 27250739Sdes - djm@cvs.openbsd.org 2013/02/22 22:09:01 28250739Sdes [ssh.c] 29250739Sdes Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier 30250739Sdes version) 31250739Sdes 32250739Sdes20130401 33250739Sdes - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h 34250739Sdes to avoid conflicting definitions of __int64, adding the required bits. 35250739Sdes Patch from Corinna Vinschen. 36250739Sdes 37248619Sdes20120322 38248619Sdes - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 39248619Sdes Hands' greatly revised version. 40248619Sdes - (djm) Release 6.2p1 41248619Sdes 42248619Sdes20120318 43248619Sdes - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c] 44248619Sdes [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's 45248619Sdes so mark it as broken. Patch from des AT des.no 46248619Sdes 47248619Sdes20120317 48248619Sdes - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none 49248619Sdes of the bits the configure test looks for. 50248619Sdes 51248619Sdes20120316 52248619Sdes - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform 53248619Sdes is unable to successfully compile them. Based on patch from des AT 54248619Sdes des.no 55248619Sdes - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 56248619Sdes Add a usleep replacement for platforms that lack it; ok dtucker 57248619Sdes - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to 58248619Sdes occur after UID switch; patch from John Marshall via des AT des.no; 59248619Sdes ok dtucker@ 60248619Sdes 61248619Sdes20120312 62248619Sdes - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh] 63248619Sdes Improve portability of cipher-speed test, based mostly on a patch from 64248619Sdes Iain Morgan. 65248619Sdes - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin") 66248619Sdes in addition to root as an owner of system directories on AIX and HP-UX. 67248619Sdes ok djm@ 68248619Sdes 69248619Sdes20130307 70248619Sdes - (dtucker) [INSTALL] Bump documented autoconf version to what we're 71248619Sdes currently using. 72248619Sdes - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it 73248619Sdes was removed in configure.ac rev 1.481 as it was redundant. 74248619Sdes - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days 75248619Sdes ago. 76248619Sdes - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a 77248619Sdes chance to complete on broken systems; ok dtucker@ 78248619Sdes 79248619Sdes20130306 80248619Sdes - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding 81248619Sdes connection to start so that the test works on slower machines. 82248619Sdes - (dtucker) [configure.ac] test that we can set number of file descriptors 83248619Sdes to zero with setrlimit before enabling the rlimit sandbox. This affects 84248619Sdes (at least) HPUX 11.11. 85248619Sdes 86248619Sdes20130305 87248619Sdes - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for 88248619Sdes HP/UX. Spotted by Kevin Brott 89248619Sdes - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by 90248619Sdes Amit Kulkarni and Kevin Brott. 91248619Sdes - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure 92248619Sdes build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin 93248619Sdes Brott. 94248619Sdes - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov. 95248619Sdes 96248619Sdes20130227 97248619Sdes - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 98248619Sdes [contrib/suse/openssh.spec] Crank version numbers 99248619Sdes - (tim) [regress/forward-control.sh] use sh in case login shell is csh. 100248619Sdes - (tim) [regress/integrity.sh] shell portability fix. 101248619Sdes - (tim) [regress/integrity.sh] keep old solaris awk from hanging. 102248619Sdes - (tim) [regress/krl.sh] keep old solaris awk from hanging. 103248619Sdes 104248619Sdes20130226 105248619Sdes - OpenBSD CVS Sync 106248619Sdes - djm@cvs.openbsd.org 2013/02/20 08:27:50 107248619Sdes [integrity.sh] 108248619Sdes Add an option to modpipe that warns if the modification offset it not 109248619Sdes reached in it's stream and turn it on for t-integrity. This should catch 110248619Sdes cases where the session is not fuzzed for being too short (cf. my last 111248619Sdes "oops" commit) 112248619Sdes - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage 113248619Sdes for UsePAM=yes configuration 114248619Sdes 115248619Sdes20130225 116248619Sdes - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed 117248619Sdes to use Solaris native GSS libs. Patch from Pierre Ossman. 118248619Sdes 119248619Sdes20130223 120248619Sdes - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer 121248619Sdes bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu. 122248619Sdes ok tim 123248619Sdes 124248619Sdes20130222 125248619Sdes - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to 126248619Sdes ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm. 127248619Sdes - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named 128248619Sdes libgss too. Patch from Pierre Ossman, ok djm. 129248619Sdes - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux 130248619Sdes seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com; 131248619Sdes ok dtucker 132248619Sdes 133248619Sdes20130221 134248619Sdes - (tim) [regress/forward-control.sh] shell portability fix. 135248619Sdes 136248619Sdes20130220 137248619Sdes - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix. 138248619Sdes - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded 139248619Sdes err.h include from krl.c. Additional portability fixes for modpipe. OK djm 140248619Sdes - OpenBSD CVS Sync 141248619Sdes - djm@cvs.openbsd.org 2013/02/20 08:27:50 142248619Sdes [regress/integrity.sh regress/modpipe.c] 143248619Sdes Add an option to modpipe that warns if the modification offset it not 144248619Sdes reached in it's stream and turn it on for t-integrity. This should catch 145248619Sdes cases where the session is not fuzzed for being too short (cf. my last 146248619Sdes "oops" commit) 147248619Sdes - djm@cvs.openbsd.org 2013/02/20 08:29:27 148248619Sdes [regress/modpipe.c] 149248619Sdes s/Id/OpenBSD/ in RCS tag 150248619Sdes 151248619Sdes20130219 152248619Sdes - OpenBSD CVS Sync 153248619Sdes - djm@cvs.openbsd.org 2013/02/18 22:26:47 154248619Sdes [integrity.sh] 155248619Sdes crank the offset yet again; it was still fuzzing KEX one of Darren's 156248619Sdes portable test hosts at 2800 157248619Sdes - djm@cvs.openbsd.org 2013/02/19 02:14:09 158248619Sdes [integrity.sh] 159248619Sdes oops, forgot to increase the output of the ssh command to ensure that 160248619Sdes we actually reach $offset 161248619Sdes - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that 162248619Sdes lack support for SHA2. 163248619Sdes - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms 164248619Sdes that do not have them. 165248619Sdes 166248619Sdes20130217 167248619Sdes - OpenBSD CVS Sync 168248619Sdes - djm@cvs.openbsd.org 2013/02/17 23:16:55 169248619Sdes [integrity.sh] 170248619Sdes make the ssh command generates some output to ensure that there are at 171248619Sdes least offset+tries bytes in the stream. 172248619Sdes 173248619Sdes20130216 174248619Sdes - OpenBSD CVS Sync 175248619Sdes - djm@cvs.openbsd.org 2013/02/16 06:08:45 176248619Sdes [integrity.sh] 177248619Sdes make sure the fuzz offset is actually past the end of KEX for all KEX 178248619Sdes types. diffie-hellman-group-exchange-sha256 requires an offset around 179248619Sdes 2700. Noticed via test failures in portable OpenSSH on platforms that 180248619Sdes lack ECC and this the more byte-frugal ECDH KEX algorithms. 181248619Sdes 182248619Sdes20130215 183248619Sdes - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from 184248619Sdes Iain Morgan 185248619Sdes - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h] 186248619Sdes Use getpgrp() if we don't have getpgid() (old BSDs, maybe others). 187248619Sdes - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c 188248619Sdes openbsd-compat/openbsd-compat.h] Add strtoull to compat library for 189248619Sdes platforms that don't have it. 190248619Sdes - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul, 191248619Sdes group strto* function prototypes together. 192248619Sdes - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes 193248619Sdes an argument. Pointed out by djm. 194248619Sdes - (djm) OpenBSD CVS Sync 195248619Sdes - djm@cvs.openbsd.org 2013/02/14 21:35:59 196248619Sdes [auth2-pubkey.c] 197248619Sdes Correct error message that had a typo and was logging the wrong thing; 198248619Sdes patch from Petr Lautrbach 199248619Sdes - dtucker@cvs.openbsd.org 2013/02/15 00:21:01 200248619Sdes [sshconnect2.c] 201248619Sdes Warn more loudly if an IdentityFile provided by the user cannot be read. 202248619Sdes bz #1981, ok djm@ 203248619Sdes 204248619Sdes20130214 205248619Sdes - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC. 206248619Sdes - (djm) [regress/krl.sh] typo; found by Iain Morgan 207248619Sdes - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead 208248619Sdes of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by 209248619Sdes Iain Morgan 210248619Sdes 211248619Sdes20130212 212248619Sdes - (djm) OpenBSD CVS Sync 213248619Sdes - djm@cvs.openbsd.org 2013/01/24 21:45:37 214248619Sdes [krl.c] 215248619Sdes fix handling of (unused) KRL signatures; skip string in correct buffer 216248619Sdes - djm@cvs.openbsd.org 2013/01/24 22:08:56 217248619Sdes [krl.c] 218248619Sdes skip serial lookup when cert's serial number is zero 219248619Sdes - krw@cvs.openbsd.org 2013/01/25 05:00:27 220248619Sdes [krl.c] 221248619Sdes Revert last. Breaks due to likely typo. Let djm@ fix later. 222248619Sdes ok djm@ via dlg@ 223248619Sdes - djm@cvs.openbsd.org 2013/01/25 10:22:19 224248619Sdes [krl.c] 225248619Sdes redo last commit without the vi-vomit that snuck in: 226248619Sdes skip serial lookup when cert's serial number is zero 227248619Sdes (now with 100% better comment) 228248619Sdes - djm@cvs.openbsd.org 2013/01/26 06:11:05 229248619Sdes [Makefile.in acss.c acss.h cipher-acss.c cipher.c] 230248619Sdes [openbsd-compat/openssl-compat.h] 231248619Sdes remove ACSS, now that it is gone from libcrypto too 232248619Sdes - djm@cvs.openbsd.org 2013/01/27 10:06:12 233248619Sdes [krl.c] 234248619Sdes actually use the xrealloc() return value; spotted by xi.wang AT gmail.com 235248619Sdes - dtucker@cvs.openbsd.org 2013/02/06 00:20:42 236248619Sdes [servconf.c sshd_config sshd_config.5] 237248619Sdes Change default of MaxStartups to 10:30:100 to start doing random early 238248619Sdes drop at 10 connections up to 100 connections. This will make it harder 239248619Sdes to DoS as CPUs have come a long way since the original value was set 240248619Sdes back in 2000. Prompted by nion at debian org, ok markus@ 241248619Sdes - dtucker@cvs.openbsd.org 2013/02/06 00:22:21 242248619Sdes [auth.c] 243248619Sdes Fix comment, from jfree.e1 at gmail 244248619Sdes - djm@cvs.openbsd.org 2013/02/08 00:41:12 245248619Sdes [sftp.c] 246248619Sdes fix NULL deref when built without libedit and control characters 247248619Sdes entered as command; debugging and patch from Iain Morgan an 248248619Sdes Loganaden Velvindron in bz#1956 249248619Sdes - markus@cvs.openbsd.org 2013/02/10 21:19:34 250248619Sdes [version.h] 251248619Sdes openssh 6.2 252248619Sdes - djm@cvs.openbsd.org 2013/02/10 23:32:10 253248619Sdes [ssh-keygen.c] 254248619Sdes append to moduli file when screening candidates rather than overwriting. 255248619Sdes allows resumption of interrupted screen; patch from Christophe Garault 256248619Sdes in bz#1957; ok dtucker@ 257248619Sdes - djm@cvs.openbsd.org 2013/02/10 23:35:24 258248619Sdes [packet.c] 259248619Sdes record "Received disconnect" messages at ERROR rather than INFO priority, 260248619Sdes since they are abnormal and result in a non-zero ssh exit status; patch 261248619Sdes from Iain Morgan in bz#2057; ok dtucker@ 262248619Sdes - dtucker@cvs.openbsd.org 2013/02/11 21:21:58 263248619Sdes [sshd.c] 264248619Sdes Add openssl version to debug output similar to the client. ok markus@ 265248619Sdes - djm@cvs.openbsd.org 2013/02/11 23:58:51 266248619Sdes [regress/try-ciphers.sh] 267248619Sdes remove acss here too 268248619Sdes - (djm) [regress/try-ciphers.sh] clean up CVS merge botch 269248619Sdes 270248619Sdes20130211 271248619Sdes - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old 272248619Sdes libcrypto that lacks EVP_CIPHER_CTX_ctrl 273248619Sdes 274248619Sdes20130208 275248619Sdes - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer; 276248619Sdes patch from Iain Morgan in bz#2059 277248619Sdes - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows 278248619Sdes __attribute__ on return values and work around if necessary. ok djm@ 279248619Sdes 280248619Sdes20130207 281248619Sdes - (djm) [configure.ac] Don't probe seccomp capability of running kernel 282248619Sdes at configure time; the seccomp sandbox will fall back to rlimit at 283248619Sdes runtime anyway. Patch from plautrba AT redhat.com in bz#2011 284248619Sdes 285248619Sdes20130120 286248619Sdes - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h] 287248619Sdes Move prototypes for replacement ciphers to openssl-compat.h; fix EVP 288248619Sdes prototypes for openssl-1.0.0-fips. 289248619Sdes - (djm) OpenBSD CVS Sync 290248619Sdes - jmc@cvs.openbsd.org 2013/01/18 07:57:47 291248619Sdes [ssh-keygen.1] 292248619Sdes tweak previous; 293248619Sdes - jmc@cvs.openbsd.org 2013/01/18 07:59:46 294248619Sdes [ssh-keygen.c] 295248619Sdes -u before -V in usage(); 296248619Sdes - jmc@cvs.openbsd.org 2013/01/18 08:00:49 297248619Sdes [sshd_config.5] 298248619Sdes tweak previous; 299248619Sdes - jmc@cvs.openbsd.org 2013/01/18 08:39:04 300248619Sdes [ssh-keygen.1] 301248619Sdes add -Q to the options list; ok djm 302248619Sdes - jmc@cvs.openbsd.org 2013/01/18 21:48:43 303248619Sdes [ssh-keygen.1] 304248619Sdes command-line (adj.) -> command line (n.); 305248619Sdes - jmc@cvs.openbsd.org 2013/01/19 07:13:25 306248619Sdes [ssh-keygen.1] 307248619Sdes fix some formatting; ok djm 308248619Sdes - markus@cvs.openbsd.org 2013/01/19 12:34:55 309248619Sdes [krl.c] 310248619Sdes RB_INSERT does not remove existing elments; ok djm@ 311248619Sdes - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer 312248619Sdes version. 313248619Sdes - (djm) [regress/krl.sh] replacement for jot; most platforms lack it 314248619Sdes 315248619Sdes20130118 316248619Sdes - (djm) OpenBSD CVS Sync 317248619Sdes - djm@cvs.openbsd.org 2013/01/17 23:00:01 318248619Sdes [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] 319248619Sdes [krl.c krl.h PROTOCOL.krl] 320248619Sdes add support for Key Revocation Lists (KRLs). These are a compact way to 321248619Sdes represent lists of revoked keys and certificates, taking as little as 322248619Sdes a single bit of incremental cost to revoke a certificate by serial number. 323248619Sdes KRLs are loaded via the existing RevokedKeys sshd_config option. 324248619Sdes feedback and ok markus@ 325248619Sdes - djm@cvs.openbsd.org 2013/01/18 00:45:29 326248619Sdes [regress/Makefile regress/cert-userkey.sh regress/krl.sh] 327248619Sdes Tests for Key Revocation Lists (KRLs) 328248619Sdes - djm@cvs.openbsd.org 2013/01/18 03:00:32 329248619Sdes [krl.c] 330248619Sdes fix KRL generation bug for list sections 331248619Sdes 332248619Sdes20130117 333248619Sdes - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 334248619Sdes check for GCM support before testing GCM ciphers. 335248619Sdes 336248619Sdes20130112 337248619Sdes - (djm) OpenBSD CVS Sync 338248619Sdes - djm@cvs.openbsd.org 2013/01/12 11:22:04 339248619Sdes [cipher.c] 340248619Sdes improve error message for integrity failure in AES-GCM modes; ok markus@ 341248619Sdes - djm@cvs.openbsd.org 2013/01/12 11:23:53 342248619Sdes [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh] 343248619Sdes test AES-GCM modes; feedback markus@ 344248619Sdes - (djm) [regress/integrity.sh] repair botched merge 345248619Sdes 346248619Sdes20130109 347248619Sdes - (djm) OpenBSD CVS Sync 348248619Sdes - dtucker@cvs.openbsd.org 2012/12/14 05:26:43 349248619Sdes [auth.c] 350248619Sdes use correct string in error message; from rustybsd at gmx.fr 351248619Sdes - djm@cvs.openbsd.org 2013/01/02 00:32:07 352248619Sdes [clientloop.c mux.c] 353248619Sdes channel_setup_local_fwd_listener() returns 0 on failure, not -ve 354248619Sdes bz#2055 reported by mathieu.lacage AT gmail.com 355248619Sdes - djm@cvs.openbsd.org 2013/01/02 00:33:49 356248619Sdes [PROTOCOL.agent] 357248619Sdes correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 358248619Sdes bz#2051 from david AT lechnology.com 359248619Sdes - djm@cvs.openbsd.org 2013/01/03 05:49:36 360248619Sdes [servconf.h] 361248619Sdes add a couple of ServerOptions members that should be copied to the privsep 362248619Sdes child (for consistency, in this case they happen only to be accessed in 363248619Sdes the monitor); ok dtucker@ 364248619Sdes - djm@cvs.openbsd.org 2013/01/03 12:49:01 365248619Sdes [PROTOCOL] 366248619Sdes fix description of MAC calculation for EtM modes; ok markus@ 367248619Sdes - djm@cvs.openbsd.org 2013/01/03 12:54:49 368248619Sdes [sftp-server.8 sftp-server.c] 369248619Sdes allow specification of an alternate start directory for sftp-server(8) 370248619Sdes "I like this" markus@ 371248619Sdes - djm@cvs.openbsd.org 2013/01/03 23:22:58 372248619Sdes [ssh-keygen.c] 373248619Sdes allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ... 374248619Sdes ok markus@ 375248619Sdes - jmc@cvs.openbsd.org 2013/01/04 19:26:38 376248619Sdes [sftp-server.8 sftp-server.c] 377248619Sdes sftp-server.8: add argument name to -d 378248619Sdes sftp-server.c: add -d to usage() 379248619Sdes ok djm 380248619Sdes - markus@cvs.openbsd.org 2013/01/08 18:49:04 381248619Sdes [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] 382248619Sdes [myproposal.h packet.c ssh_config.5 sshd_config.5] 383248619Sdes support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) 384248619Sdes ok and feedback djm@ 385248619Sdes - djm@cvs.openbsd.org 2013/01/09 05:40:17 386248619Sdes [ssh-keygen.c] 387248619Sdes correctly initialise fingerprint type for fingerprinting PKCS#11 keys 388248619Sdes - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h] 389248619Sdes Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little 390248619Sdes cipher compat code to openssl-compat.h 391248619Sdes 392248619Sdes20121217 393248619Sdes - (dtucker) [Makefile.in] Add some scaffolding so that the new regress 394248619Sdes tests will work with VPATH directories. 395248619Sdes 396248619Sdes20121213 397248619Sdes - (djm) OpenBSD CVS Sync 398248619Sdes - markus@cvs.openbsd.org 2012/12/12 16:45:52 399248619Sdes [packet.c] 400248619Sdes reset incoming_packet buffer for each new packet in EtM-case, too; 401248619Sdes this happens if packets are parsed only parially (e.g. ignore 402248619Sdes messages sent when su/sudo turn off echo); noted by sthen/millert 403248619Sdes - naddy@cvs.openbsd.org 2012/12/12 16:46:10 404248619Sdes [cipher.c] 405248619Sdes use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled 406248619Sdes counter mode code; ok djm@ 407248619Sdes - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our 408248619Sdes compat code for older OpenSSL 409248619Sdes - (djm) [cipher.c] Fix missing prototype for compat code 410248619Sdes 411248619Sdes20121212 412248619Sdes - (djm) OpenBSD CVS Sync 413248619Sdes - markus@cvs.openbsd.org 2012/12/11 22:16:21 414248619Sdes [monitor.c] 415248619Sdes drain the log messages after receiving the keystate from the unpriv 416248619Sdes child. otherwise it might block while sending. ok djm@ 417248619Sdes - markus@cvs.openbsd.org 2012/12/11 22:31:18 418248619Sdes [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] 419248619Sdes [packet.c ssh_config.5 sshd_config.5] 420248619Sdes add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms 421248619Sdes that change the packet format and compute the MAC over the encrypted 422248619Sdes message (including the packet size) instead of the plaintext data; 423248619Sdes these EtM modes are considered more secure and used by default. 424248619Sdes feedback and ok djm@ 425248619Sdes - sthen@cvs.openbsd.org 2012/12/11 22:51:45 426248619Sdes [mac.c] 427248619Sdes fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@ 428248619Sdes - markus@cvs.openbsd.org 2012/12/11 22:32:56 429248619Sdes [regress/try-ciphers.sh] 430248619Sdes add etm modes 431248619Sdes - markus@cvs.openbsd.org 2012/12/11 22:42:11 432248619Sdes [regress/Makefile regress/modpipe.c regress/integrity.sh] 433248619Sdes test the integrity of the packets; with djm@ 434248619Sdes - markus@cvs.openbsd.org 2012/12/11 23:12:13 435248619Sdes [try-ciphers.sh] 436248619Sdes add hmac-ripemd160-etm@openssh.com 437248619Sdes - (djm) [mac.c] fix merge botch 438248619Sdes - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test 439248619Sdes work on platforms without 'jot' 440248619Sdes - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip 441248619Sdes - (djm) [regress/Makefile] fix t-exec rule 442248619Sdes 443248619Sdes20121207 444248619Sdes - (dtucker) OpenBSD CVS Sync 445248619Sdes - dtucker@cvs.openbsd.org 2012/12/06 06:06:54 446248619Sdes [regress/keys-command.sh] 447248619Sdes Fix some problems with the keys-command test: 448248619Sdes - use string comparison rather than numeric comparison 449248619Sdes - check for existing KEY_COMMAND file and don't clobber if it exists 450248619Sdes - clean up KEY_COMMAND file if we do create it. 451248619Sdes - check that KEY_COMMAND is executable (which it won't be if eg /var/run 452248619Sdes is mounted noexec). 453248619Sdes ok djm. 454248619Sdes - jmc@cvs.openbsd.org 2012/12/03 08:33:03 455248619Sdes [ssh-add.1 sshd_config.5] 456248619Sdes tweak previous; 457248619Sdes - markus@cvs.openbsd.org 2012/12/05 15:42:52 458248619Sdes [ssh-add.c] 459248619Sdes prevent double-free of comment; ok djm@ 460248619Sdes - dtucker@cvs.openbsd.org 2012/12/07 01:51:35 461248619Sdes [serverloop.c] 462248619Sdes Cast signal to int for logging. A no-op on openbsd (they're always ints) 463248619Sdes but will prevent warnings in portable. ok djm@ 464248619Sdes 465248619Sdes20121205 466248619Sdes - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@. 467248619Sdes 468248619Sdes20121203 469248619Sdes - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get 470248619Sdes TAILQ_FOREACH_SAFE needed for upcoming changes. 471248619Sdes - (djm) OpenBSD CVS Sync 472248619Sdes - djm@cvs.openbsd.org 2012/12/02 20:26:11 473248619Sdes [ssh_config.5 sshconnect2.c] 474248619Sdes Make IdentitiesOnly apply to keys obtained from a PKCS11Provider. 475248619Sdes This allows control of which keys are offered from tokens using 476248619Sdes IdentityFile. ok markus@ 477248619Sdes - djm@cvs.openbsd.org 2012/12/02 20:42:15 478248619Sdes [ssh-add.1 ssh-add.c] 479248619Sdes make deleting explicit keys "ssh-add -d" symmetric with adding keys - 480248619Sdes try to delete the corresponding certificate too and respect the -k option 481248619Sdes to allow deleting of the key only; feedback and ok markus@ 482248619Sdes - djm@cvs.openbsd.org 2012/12/02 20:46:11 483248619Sdes [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c] 484248619Sdes [sshd_config.5] 485248619Sdes make AllowTcpForwarding accept "local" and "remote" in addition to its 486248619Sdes current "yes"/"no" to allow the server to specify whether just local or 487248619Sdes remote TCP forwarding is enabled. ok markus@ 488248619Sdes - dtucker@cvs.openbsd.org 2012/10/05 02:20:48 489248619Sdes [regress/cipher-speed.sh regress/try-ciphers.sh] 490248619Sdes Add umac-128@openssh.com to the list of MACs to be tested 491248619Sdes - djm@cvs.openbsd.org 2012/10/19 05:10:42 492248619Sdes [regress/cert-userkey.sh] 493248619Sdes include a serial number when generating certs 494248619Sdes - djm@cvs.openbsd.org 2012/11/22 22:49:30 495248619Sdes [regress/Makefile regress/keys-command.sh] 496248619Sdes regress for AuthorizedKeysCommand; hints from markus@ 497248619Sdes - djm@cvs.openbsd.org 2012/12/02 20:47:48 498248619Sdes [Makefile regress/forward-control.sh] 499248619Sdes regress for AllowTcpForwarding local/remote; ok markus@ 500248619Sdes - djm@cvs.openbsd.org 2012/12/03 00:14:06 501248619Sdes [auth2-chall.c ssh-keygen.c] 502248619Sdes Fix compilation with -Wall -Werror (trivial type fixes) 503248619Sdes - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation 504248619Sdes debugging. ok dtucker@ 505248619Sdes - (djm) [configure.ac] Revert previous. configure.ac already does this 506248619Sdes for us. 507248619Sdes 508248619Sdes20121114 509248619Sdes - (djm) OpenBSD CVS Sync 510248619Sdes - djm@cvs.openbsd.org 2012/11/14 02:24:27 511248619Sdes [auth2-pubkey.c] 512248619Sdes fix username passed to helper program 513248619Sdes prepare stdio fds before closefrom() 514248619Sdes spotted by landry@ 515248619Sdes - djm@cvs.openbsd.org 2012/11/14 02:32:15 516248619Sdes [ssh-keygen.c] 517248619Sdes allow the full range of unsigned serial numbers; 'fine' deraadt@ 518248619Sdes - djm@cvs.openbsd.org 2012/12/02 20:34:10 519248619Sdes [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c] 520248619Sdes [monitor.c monitor.h] 521248619Sdes Fixes logging of partial authentication when privsep is enabled 522248619Sdes Previously, we recorded "Failed xxx" since we reset authenticated before 523248619Sdes calling auth_log() in auth2.c. This adds an explcit "Partial" state. 524248619Sdes 525248619Sdes Add a "submethod" to auth_log() to report which submethod is used 526248619Sdes for keyboard-interactive. 527248619Sdes 528248619Sdes Fix multiple authentication when one of the methods is 529248619Sdes keyboard-interactive. 530248619Sdes 531248619Sdes ok markus@ 532248619Sdes - dtucker@cvs.openbsd.org 2012/10/05 02:05:30 533248619Sdes [regress/multiplex.sh] 534248619Sdes Use 'kill -0' to test for the presence of a pid since it's more portable 535248619Sdes 536248619Sdes20121107 537248619Sdes - (djm) OpenBSD CVS Sync 538248619Sdes - eric@cvs.openbsd.org 2011/11/28 08:46:27 539248619Sdes [moduli.5] 540248619Sdes fix formula 541248619Sdes ok djm@ 542248619Sdes - jmc@cvs.openbsd.org 2012/09/26 17:34:38 543248619Sdes [moduli.5] 544248619Sdes last stage of rfc changes, using consistent Rs/Re blocks, and moving the 545248619Sdes references into a STANDARDS section; 546248619Sdes 547248619Sdes20121105 548248619Sdes - (dtucker) [uidswap.c openbsd-compat/Makefile.in 549248619Sdes openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h 550248619Sdes openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids 551248619Sdes and gids from uidswap.c to the compat library, which allows it to work with 552248619Sdes the new setresuid calls in auth2-pubkey. with tim@, ok djm@ 553248619Sdes - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that 554248619Sdes don't have it. Spotted by tim@. 555248619Sdes 556248619Sdes20121104 557248619Sdes - (djm) OpenBSD CVS Sync 558248619Sdes - jmc@cvs.openbsd.org 2012/10/31 08:04:50 559248619Sdes [sshd_config.5] 560248619Sdes tweak previous; 561248619Sdes - djm@cvs.openbsd.org 2012/11/04 10:38:43 562248619Sdes [auth2-pubkey.c sshd.c sshd_config.5] 563248619Sdes Remove default of AuthorizedCommandUser. Administrators are now expected 564248619Sdes to explicitly specify a user. feedback and ok markus@ 565248619Sdes - djm@cvs.openbsd.org 2012/11/04 11:09:15 566248619Sdes [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c] 567248619Sdes [sshd_config.5] 568248619Sdes Support multiple required authentication via an AuthenticationMethods 569248619Sdes option. This option lists one or more comma-separated lists of 570248619Sdes authentication method names. Successful completion of all the methods in 571248619Sdes any list is required for authentication to complete; 572248619Sdes feedback and ok markus@ 573248619Sdes 574248619Sdes20121030 575248619Sdes - (djm) OpenBSD CVS Sync 576248619Sdes - markus@cvs.openbsd.org 2012/10/05 12:34:39 577248619Sdes [sftp.c] 578248619Sdes fix signed vs unsigned warning; feedback & ok: djm@ 579248619Sdes - djm@cvs.openbsd.org 2012/10/30 21:29:55 580248619Sdes [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h] 581248619Sdes [sshd.c sshd_config sshd_config.5] 582248619Sdes new sshd_config option AuthorizedKeysCommand to support fetching 583248619Sdes authorized_keys from a command in addition to (or instead of) from 584248619Sdes the filesystem. The command is run as the target server user unless 585248619Sdes another specified via a new AuthorizedKeysCommandUser option. 586248619Sdes 587248619Sdes patch originally by jchadima AT redhat.com, reworked by me; feedback 588248619Sdes and ok markus@ 589248619Sdes 590248619Sdes20121019 591248619Sdes - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in 592248619Sdes the generated file as intended. 593248619Sdes 594248619Sdes20121005 595248619Sdes - (dtucker) OpenBSD CVS Sync 596248619Sdes - djm@cvs.openbsd.org 2012/09/17 09:54:44 597248619Sdes [sftp.c] 598248619Sdes an XXX for later 599248619Sdes - markus@cvs.openbsd.org 2012/09/17 13:04:11 600248619Sdes [packet.c] 601248619Sdes clear old keys on rekeing; ok djm 602248619Sdes - dtucker@cvs.openbsd.org 2012/09/18 10:36:12 603248619Sdes [sftp.c] 604248619Sdes Add bounds check on sftp tab-completion. Part of a patch from from 605248619Sdes Jean-Marc Robert via tech@, ok djm 606248619Sdes - dtucker@cvs.openbsd.org 2012/09/21 10:53:07 607248619Sdes [sftp.c] 608248619Sdes Fix improper handling of absolute paths when PWD is part of the completed 609248619Sdes path. Patch from Jean-Marc Robert via tech@, ok djm. 610248619Sdes - dtucker@cvs.openbsd.org 2012/09/21 10:55:04 611248619Sdes [sftp.c] 612248619Sdes Fix handling of filenames containing escaped globbing characters and 613248619Sdes escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm. 614248619Sdes - jmc@cvs.openbsd.org 2012/09/26 16:12:13 615248619Sdes [ssh.1] 616248619Sdes last stage of rfc changes, using consistent Rs/Re blocks, and moving the 617248619Sdes references into a STANDARDS section; 618248619Sdes - naddy@cvs.openbsd.org 2012/10/01 13:59:51 619248619Sdes [monitor_wrap.c] 620248619Sdes pasto; ok djm@ 621248619Sdes - djm@cvs.openbsd.org 2012/10/02 07:07:45 622248619Sdes [ssh-keygen.c] 623248619Sdes fix -z option, broken in revision 1.215 624248619Sdes - markus@cvs.openbsd.org 2012/10/04 13:21:50 625248619Sdes [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c] 626248619Sdes add umac128 variant; ok djm@ at n2k12 627248619Sdes - dtucker@cvs.openbsd.org 2012/09/06 04:11:07 628248619Sdes [regress/try-ciphers.sh] 629248619Sdes Restore missing space. (Id sync only). 630248619Sdes - dtucker@cvs.openbsd.org 2012/09/09 11:51:25 631248619Sdes [regress/multiplex.sh] 632248619Sdes Add test for ssh -Ostop 633248619Sdes - dtucker@cvs.openbsd.org 2012/09/10 00:49:21 634248619Sdes [regress/multiplex.sh] 635248619Sdes Log -O cmd output to the log file and make logging consistent with the 636248619Sdes other tests. Test clean shutdown of an existing channel when testing 637248619Sdes "stop". 638248619Sdes - dtucker@cvs.openbsd.org 2012/09/10 01:51:19 639248619Sdes [regress/multiplex.sh] 640248619Sdes use -Ocheck and waiting for completions by PID to make multiplexing test 641248619Sdes less racy and (hopefully) more reliable on slow hardware. 642248619Sdes - [Makefile umac.c] Add special-case target to build umac128.o. 643248619Sdes - [umac.c] Enforce allowed umac output sizes. From djm@. 644248619Sdes - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom". 645248619Sdes 646248619Sdes20120917 647248619Sdes - (dtucker) OpenBSD CVS Sync 648248619Sdes - dtucker@cvs.openbsd.org 2012/09/13 23:37:36 649248619Sdes [servconf.c] 650248619Sdes Fix comment line length 651248619Sdes - markus@cvs.openbsd.org 2012/09/14 16:51:34 652248619Sdes [sshconnect.c] 653248619Sdes remove unused variable 654248619Sdes 655248619Sdes20120907 656248619Sdes - (dtucker) OpenBSD CVS Sync 657248619Sdes - dtucker@cvs.openbsd.org 2012/09/06 09:50:13 658248619Sdes [clientloop.c] 659248619Sdes Make the escape command help (~?) context sensitive so that only commands 660248619Sdes that will work in the current session are shown. ok markus@ 661248619Sdes - jmc@cvs.openbsd.org 2012/09/06 13:57:42 662248619Sdes [ssh.1] 663248619Sdes missing letter in previous; 664248619Sdes - dtucker@cvs.openbsd.org 2012/09/07 00:30:19 665248619Sdes [clientloop.c] 666248619Sdes Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@ 667248619Sdes - dtucker@cvs.openbsd.org 2012/09/07 01:10:21 668248619Sdes [clientloop.c] 669248619Sdes Merge escape help text for ~v and ~V; ok djm@ 670248619Sdes - dtucker@cvs.openbsd.org 2012/09/07 06:34:21 671248619Sdes [clientloop.c] 672248619Sdes when muxmaster is run with -N, make it shut down gracefully when a client 673248619Sdes sends it "-O stop" rather than hanging around (bz#1985). ok djm@ 674248619Sdes 675248619Sdes20120906 676248619Sdes - (dtucker) OpenBSD CVS Sync 677248619Sdes - jmc@cvs.openbsd.org 2012/08/15 18:25:50 678248619Sdes [ssh-keygen.1] 679248619Sdes a little more info on certificate validity; 680248619Sdes requested by Ross L Richardson, and provided by djm 681248619Sdes - dtucker@cvs.openbsd.org 2012/08/17 00:45:45 682248619Sdes [clientloop.c clientloop.h mux.c] 683248619Sdes Force a clean shutdown of ControlMaster client sessions when the ~. escape 684248619Sdes sequence is used. This means that ~. should now work in mux clients even 685248619Sdes if the server is no longer responding. Found by tedu, ok djm. 686248619Sdes - djm@cvs.openbsd.org 2012/08/17 01:22:56 687248619Sdes [kex.c] 688248619Sdes add some comments about better handling first-KEX-follows notifications 689248619Sdes from the server. Nothing uses these right now. No binary change 690248619Sdes - djm@cvs.openbsd.org 2012/08/17 01:25:58 691248619Sdes [ssh-keygen.c] 692248619Sdes print details of which host lines were deleted when using 693248619Sdes "ssh-keygen -R host"; ok markus@ 694248619Sdes - djm@cvs.openbsd.org 2012/08/17 01:30:00 695248619Sdes [compat.c sshconnect.c] 696248619Sdes Send client banner immediately, rather than waiting for the server to 697248619Sdes move first for SSH protocol 2 connections (the default). Patch based on 698248619Sdes one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@ 699248619Sdes - dtucker@cvs.openbsd.org 2012/09/06 04:37:39 700248619Sdes [clientloop.c log.c ssh.1 log.h] 701248619Sdes Add ~v and ~V escape sequences to raise and lower the logging level 702248619Sdes respectively. Man page help from jmc, ok deraadt jmc 703248619Sdes 704248619Sdes20120830 705248619Sdes - (dtucker) [moduli] Import new moduli file. 706248619Sdes 707240075Sdes20120828 708240075Sdes - (djm) Release openssh-6.1 709240075Sdes 710240075Sdes20120828 711240075Sdes - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN 712240075Sdes for compatibility with future mingw-w64 headers. Patch from vinschen at 713240075Sdes redhat com. 714240075Sdes 715240075Sdes20120822 716240075Sdes - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 717240075Sdes [contrib/suse/openssh.spec] Update version numbers 718240075Sdes 719240075Sdes20120731 720240075Sdes - (djm) OpenBSD CVS Sync 721240075Sdes - jmc@cvs.openbsd.org 2012/07/06 06:38:03 722240075Sdes [ssh-keygen.c] 723240075Sdes missing full stop in usage(); 724240075Sdes - djm@cvs.openbsd.org 2012/07/10 02:19:15 725240075Sdes [servconf.c servconf.h sshd.c sshd_config] 726240075Sdes Turn on systrace sandboxing of pre-auth sshd by default for new installs 727240075Sdes by shipping a config that overrides the current UsePrivilegeSeparation=yes 728240075Sdes default. Make it easier to flip the default in the future by adding too. 729240075Sdes prodded markus@ feedback dtucker@ "get it in" deraadt@ 730240075Sdes - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 731240075Sdes [servconf.c] 732240075Sdes handle long comments in config files better. bz#2025, ok markus 733240075Sdes - markus@cvs.openbsd.org 2012/07/22 18:19:21 734240075Sdes [version.h] 735240075Sdes openssh 6.1 736240075Sdes 737240075Sdes20120720 738240075Sdes - (dtucker) Import regened moduli file. 739240075Sdes 740240075Sdes20120706 741240075Sdes - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is 742240075Sdes not available. Allows use of sshd compiled on host with a filter-capable 743240075Sdes kernel on hosts that lack the support. bz#2011 ok dtucker@ 744240075Sdes - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no 745240075Sdes unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT 746240075Sdes esperi.org.uk; ok dtucker@ 747240075Sdes- (djm) OpenBSD CVS Sync 748240075Sdes - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 749240075Sdes [moduli.c ssh-keygen.1 ssh-keygen.c] 750240075Sdes Add options to specify starting line number and number of lines to process 751240075Sdes when screening moduli candidates. This allows processing of different 752240075Sdes parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ 753240075Sdes - djm@cvs.openbsd.org 2012/07/06 01:37:21 754240075Sdes [mux.c] 755240075Sdes fix memory leak of passed-in environment variables and connection 756240075Sdes context when new session message is malformed; bz#2003 from Bert.Wesarg 757240075Sdes AT googlemail.com 758240075Sdes - djm@cvs.openbsd.org 2012/07/06 01:47:38 759240075Sdes [ssh.c] 760240075Sdes move setting of tty_flag to after config parsing so RequestTTY options 761240075Sdes are correctly picked up. bz#1995 patch from przemoc AT gmail.com; 762240075Sdes ok dtucker@ 763240075Sdes 764240075Sdes20120704 765240075Sdes - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for 766240075Sdes platforms that don't have it. "looks good" tim@ 767240075Sdes 768240075Sdes20120703 769240075Sdes - (dtucker) [configure.ac] Detect platforms that can't use select(2) with 770240075Sdes setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. 771240075Sdes - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not 772240075Sdes setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its 773240075Sdes benefit is minor, so it's not worth disabling the sandbox if it doesn't 774240075Sdes work. 775240075Sdes 776240075Sdes20120702 777240075Sdes- (dtucker) OpenBSD CVS Sync 778240075Sdes - naddy@cvs.openbsd.org 2012/06/29 13:57:25 779240075Sdes [ssh_config.5 sshd_config.5] 780240075Sdes match the documented MAC order of preference to the actual one; 781240075Sdes ok dtucker@ 782240075Sdes - markus@cvs.openbsd.org 2012/06/30 14:35:09 783240075Sdes [sandbox-systrace.c sshd.c] 784240075Sdes fix a during the load of the sandbox policies (child can still make 785240075Sdes the read-syscall and wait forever for systrace-answers) by replacing 786240075Sdes the read/write synchronisation with SIGSTOP/SIGCONT; 787240075Sdes report and help hshoexer@; ok djm@, dtucker@ 788240075Sdes - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 789240075Sdes [ssh.c] 790240075Sdes set interactive ToS for forwarded X11 sessions. ok djm@ 791240075Sdes - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 792240075Sdes [ssh-pkcs11-helper.c sftp-client.c] 793240075Sdes fix a couple of "assigned but not used" warnings. ok markus@ 794240075Sdes - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 795240075Sdes [regress/connect-privsep.sh] 796240075Sdes remove exit from end of test since it prevents reporting failure 797240075Sdes - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] 798240075Sdes Move cygwin detection to test-exec and use to skip reexec test on cygwin. 799240075Sdes - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. 800240075Sdes 801240075Sdes20120629 802240075Sdes - OpenBSD CVS Sync 803240075Sdes - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 804240075Sdes [addrmatch.c] 805240075Sdes fix strlcpy truncation check. from carsten at debian org, ok markus 806240075Sdes - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 807240075Sdes [monitor.c sshconnect2.c] 808240075Sdes remove dead code following 'for (;;)' loops. 809240075Sdes From Steve.McClellan at radisys com, ok markus@ 810240075Sdes - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 811240075Sdes [sftp.c] 812240075Sdes Remove unused variable leftover from tab-completion changes. 813240075Sdes From Steve.McClellan at radisys com, ok markus@ 814240075Sdes - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 815240075Sdes [sandbox-systrace.c] 816240075Sdes Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation 817240075Sdes sandbox" since malloc now uses it. From johnw.mail at gmail com. 818240075Sdes - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 819240075Sdes [mac.c myproposal.h ssh_config.5 sshd_config.5] 820240075Sdes Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 821240075Sdes from draft6 of the spec and will not be in the RFC when published. Patch 822240075Sdes from mdb at juniper net via bz#2023, ok markus. 823240075Sdes - naddy@cvs.openbsd.org 2012/06/29 13:57:25 824240075Sdes [ssh_config.5 sshd_config.5] 825240075Sdes match the documented MAC order of preference to the actual one; ok dtucker@ 826240075Sdes - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 827240075Sdes [regress/addrmatch.sh] 828240075Sdes Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 829240075Sdes to match. Feedback and ok djm@ markus@. 830240075Sdes - djm@cvs.openbsd.org 2012/06/01 00:47:35 831240075Sdes [regress/multiplex.sh regress/forwarding.sh] 832240075Sdes append to rather than truncate test log; bz#2013 from openssh AT 833240075Sdes roumenpetrov.info 834240075Sdes - djm@cvs.openbsd.org 2012/06/01 00:52:52 835240075Sdes [regress/sftp-cmds.sh] 836240075Sdes don't delete .* on cleanup due to unintended env expansion; pointed out in 837240075Sdes bz#2014 by openssh AT roumenpetrov.info 838240075Sdes - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 839240075Sdes [regress/connect-privsep.sh] 840240075Sdes test sandbox with every malloc option 841240075Sdes - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 842240075Sdes [regress/try-ciphers.sh regress/cipher-speed.sh] 843240075Sdes Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed 844240075Sdes from draft6 of the spec and will not be in the RFC when published. Patch 845240075Sdes from mdb at juniper net via bz#2023, ok markus. 846240075Sdes - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. 847240075Sdes - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have 848240075Sdes the required functions in libcrypto. 849240075Sdes 850240075Sdes20120628 851240075Sdes - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null 852240075Sdes pointer deref in the client when built with LDNS and using DNSSEC with a 853240075Sdes CNAME. Patch from gregdlg+mr at hochet info. 854240075Sdes 855240075Sdes20120622 856240075Sdes - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as 857240075Sdes can logon as a service. Patch from vinschen at redhat com. 858240075Sdes 859240075Sdes20120620 860240075Sdes - (djm) OpenBSD CVS Sync 861240075Sdes - djm@cvs.openbsd.org 2011/12/02 00:41:56 862240075Sdes [mux.c] 863240075Sdes fix bz#1948: ssh -f doesn't fork for multiplexed connection. 864240075Sdes ok dtucker@ 865240075Sdes - djm@cvs.openbsd.org 2011/12/04 23:16:12 866240075Sdes [mux.c] 867240075Sdes revert: 868240075Sdes > revision 1.32 869240075Sdes > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 870240075Sdes > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 871240075Sdes > ok dtucker@ 872240075Sdes it interacts badly with ControlPersist 873240075Sdes - djm@cvs.openbsd.org 2012/01/07 21:11:36 874240075Sdes [mux.c] 875240075Sdes fix double-free in new session handler 876240075Sdes NB. Id sync only 877240075Sdes - djm@cvs.openbsd.org 2012/05/23 03:28:28 878240075Sdes [dns.c dns.h key.c key.h ssh-keygen.c] 879240075Sdes add support for RFC6594 SSHFP DNS records for ECDSA key types. 880240075Sdes patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ 881248619Sdes (Original authors Ond��ej Sur��, Ond��ej Caletka and Daniel Black) 882240075Sdes - djm@cvs.openbsd.org 2012/06/01 00:49:35 883240075Sdes [PROTOCOL.mux] 884240075Sdes correct types of port numbers (integers, not strings); bz#2004 from 885240075Sdes bert.wesarg AT googlemail.com 886240075Sdes - djm@cvs.openbsd.org 2012/06/01 01:01:22 887240075Sdes [mux.c] 888240075Sdes fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg 889240075Sdes AT googlemail.com 890240075Sdes - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 891240075Sdes [jpake.c] 892240075Sdes correct sizeof usage. patch from saw at online.de, ok deraadt 893240075Sdes - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 894240075Sdes [ssh_config.5] 895240075Sdes RSA instead of DSA twice. From Steve.McClellan at radisys com 896240075Sdes - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 897240075Sdes [ssh.1 sshd.8] 898240075Sdes Remove mention of 'three' key files since there are now four. From 899240075Sdes Steve.McClellan at radisys com. 900240075Sdes - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 901240075Sdes [ssh.1] 902240075Sdes Clarify description of -W. Noted by Steve.McClellan at radisys com, 903240075Sdes ok jmc 904240075Sdes - markus@cvs.openbsd.org 2012/06/19 18:25:28 905240075Sdes [servconf.c servconf.h sshd_config.5] 906240075Sdes sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} 907240075Sdes this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' 908240075Sdes ok djm@ (back in March) 909240075Sdes - jmc@cvs.openbsd.org 2012/06/19 21:35:54 910240075Sdes [sshd_config.5] 911240075Sdes tweak previous; ok markus 912240075Sdes - djm@cvs.openbsd.org 2012/06/20 04:42:58 913240075Sdes [clientloop.c serverloop.c] 914240075Sdes initialise accept() backoff timer to avoid EINVAL from select(2) in 915240075Sdes rekeying 916240075Sdes 917240075Sdes20120519 918240075Sdes - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch 919240075Sdes from cjwatson at debian org. 920240075Sdes - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find 921240075Sdes pkg-config so it does the right thing when cross-compiling. Patch from 922240075Sdes cjwatson at debian org. 923240075Sdes- (dtucker) OpenBSD CVS Sync 924240075Sdes - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 925240075Sdes [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] 926240075Sdes Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests 927240075Sdes to match. Feedback and ok djm@ markus@. 928240075Sdes - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 929240075Sdes [sshd_config.5] 930240075Sdes Document PermitOpen none. bz#2001, patch from Loganaden Velvindron 931240075Sdes 932240075Sdes20120504 933240075Sdes - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h> 934240075Sdes to fix building on some plaforms. Fom bowman at math utah edu and 935240075Sdes des at des no. 936240075Sdes 937240075Sdes20120427 938240075Sdes - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 939240075Sdes platform rather than exiting early, so that we still clean up and return 940240075Sdes success or failure to test-exec.sh 941240075Sdes 942240075Sdes20120426 943240075Sdes - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters 944240075Sdes via Niels 945240075Sdes - (djm) [auth-krb5.c] Save errno across calls that might modify it; 946240075Sdes ok dtucker@ 947240075Sdes 948240075Sdes20120423 949240075Sdes - OpenBSD CVS Sync 950240075Sdes - djm@cvs.openbsd.org 2012/04/23 08:18:17 951240075Sdes [channels.c] 952240075Sdes fix function proto/source mismatch 953240075Sdes 954240075Sdes20120422 955240075Sdes - OpenBSD CVS Sync 956240075Sdes - djm@cvs.openbsd.org 2012/02/29 11:21:26 957240075Sdes [ssh-keygen.c] 958240075Sdes allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ 959240075Sdes - guenther@cvs.openbsd.org 2012/03/15 03:10:27 960240075Sdes [session.c] 961240075Sdes root should always be excluded from the test for /etc/nologin instead 962240075Sdes of having it always enforced even when marked as ignorenologin. This 963240075Sdes regressed when the logic was incompletely flipped around in rev 1.251 964240075Sdes ok halex@ millert@ 965240075Sdes - djm@cvs.openbsd.org 2012/03/28 07:23:22 966240075Sdes [PROTOCOL.certkeys] 967240075Sdes explain certificate extensions/crit split rationale. Mention requirement 968240075Sdes that each appear at most once per cert. 969240075Sdes - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 970240075Sdes [channels.c channels.h servconf.c] 971240075Sdes Add PermitOpen none option based on patch from Loganaden Velvindron 972240075Sdes (bz #1949). ok djm@ 973240075Sdes - djm@cvs.openbsd.org 2012/04/11 13:16:19 974240075Sdes [channels.c channels.h clientloop.c serverloop.c] 975240075Sdes don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 976240075Sdes while; ok deraadt@ markus@ 977240075Sdes - djm@cvs.openbsd.org 2012/04/11 13:17:54 978240075Sdes [auth.c] 979240075Sdes Support "none" as an argument for AuthorizedPrincipalsFile to indicate 980240075Sdes no file should be read. 981240075Sdes - djm@cvs.openbsd.org 2012/04/11 13:26:40 982240075Sdes [sshd.c] 983240075Sdes don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a 984240075Sdes while; ok deraadt@ markus@ 985240075Sdes - djm@cvs.openbsd.org 2012/04/11 13:34:17 986240075Sdes [ssh-keyscan.1 ssh-keyscan.c] 987240075Sdes now that sshd defaults to offering ECDSA keys, ssh-keyscan should also 988240075Sdes look for them by default; bz#1971 989240075Sdes - djm@cvs.openbsd.org 2012/04/12 02:42:32 990240075Sdes [servconf.c servconf.h sshd.c sshd_config sshd_config.5] 991240075Sdes VersionAddendum option to allow server operators to append some arbitrary 992240075Sdes text to the SSH-... banner; ok deraadt@ "don't care" markus@ 993240075Sdes - djm@cvs.openbsd.org 2012/04/12 02:43:55 994240075Sdes [sshd_config sshd_config.5] 995240075Sdes mention AuthorizedPrincipalsFile=none default 996240075Sdes - djm@cvs.openbsd.org 2012/04/20 03:24:23 997240075Sdes [sftp.c] 998240075Sdes setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) 999240075Sdes - jmc@cvs.openbsd.org 2012/04/20 16:26:22 1000240075Sdes [ssh.1] 1001240075Sdes use "brackets" instead of "braces", for consistency; 1002240075Sdes 1003240075Sdes20120420 1004240075Sdes - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1005240075Sdes [contrib/suse/openssh.spec] Update for release 6.0 1006240075Sdes - (djm) [README] Update URL to release notes. 1007240075Sdes - (djm) Release openssh-6.0 1008240075Sdes 1009240075Sdes20120419 1010240075Sdes - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil 1011240075Sdes contains openpty() but not login() 1012240075Sdes 1013240075Sdes20120404 1014240075Sdes - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox 1015240075Sdes mode for Linux's new seccomp filter; patch from Will Drewry; feedback 1016240075Sdes and ok dtucker@ 1017240075Sdes 1018240075Sdes20120330 1019240075Sdes - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING 1020240075Sdes file from spec file. From crighter at nuclioss com. 1021240075Sdes - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running 1022240075Sdes openssh binaries on a newer fix release than they were compiled on. 1023240075Sdes with and ok dtucker@ 1024240075Sdes - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect 1025240075Sdes assumptions when building on Cygwin; patch from Corinna Vinschen 1026240075Sdes 1027240075Sdes20120309 1028240075Sdes - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux 1029240075Sdes systems where sshd is run in te wrong context. Patch from Sven 1030240075Sdes Vermeulen; ok dtucker@ 1031240075Sdes - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 1032240075Sdes addressed connections. ok dtucker@ 1033240075Sdes 1034240075Sdes20120224 1035240075Sdes - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM 1036240075Sdes audit breakage in Solaris 11. Patch from Magnus Johansson. 1037240075Sdes 1038240075Sdes20120215 1039240075Sdes - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for 1040240075Sdes unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c 1041240075Sdes ok dtucker@ 1042240075Sdes - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so 1043240075Sdes it actually works. 1044240075Sdes - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote 1045240075Sdes to work. Spotted by Angel Gonzalez 1046240075Sdes 1047240075Sdes20120214 1048240075Sdes - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of 1049240075Sdes preserved Cygwin environment variables; from Corinna Vinschen 1050240075Sdes 1051240075Sdes20120211 1052240075Sdes - (djm) OpenBSD CVS Sync 1053240075Sdes - djm@cvs.openbsd.org 2012/01/05 00:16:56 1054240075Sdes [monitor.c] 1055240075Sdes memleak on error path 1056240075Sdes - djm@cvs.openbsd.org 2012/01/07 21:11:36 1057240075Sdes [mux.c] 1058240075Sdes fix double-free in new session handler 1059240075Sdes - miod@cvs.openbsd.org 2012/01/08 13:17:11 1060240075Sdes [ssh-ecdsa.c] 1061240075Sdes Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, 1062240075Sdes ok markus@ 1063240075Sdes - miod@cvs.openbsd.org 2012/01/16 20:34:09 1064240075Sdes [ssh-pkcs11-client.c] 1065240075Sdes Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. 1066240075Sdes While there, be sure to buffer_clear() between send_msg() and recv_msg(). 1067240075Sdes ok markus@ 1068240075Sdes - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 1069240075Sdes [clientloop.c] 1070240075Sdes Ensure that $DISPLAY contains only valid characters before using it to 1071240075Sdes extract xauth data so that it can't be used to play local shell 1072240075Sdes metacharacter games. Report from r00t_ati at ihteam.net, ok markus. 1073240075Sdes - markus@cvs.openbsd.org 2012/01/25 19:26:43 1074240075Sdes [packet.c] 1075240075Sdes do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; 1076240075Sdes ok dtucker@, djm@ 1077240075Sdes - markus@cvs.openbsd.org 2012/01/25 19:36:31 1078240075Sdes [authfile.c] 1079240075Sdes memleak in key_load_file(); from Jan Klemkow 1080240075Sdes - markus@cvs.openbsd.org 2012/01/25 19:40:09 1081240075Sdes [packet.c packet.h] 1082240075Sdes packet_read_poll() is not used anymore. 1083240075Sdes - markus@cvs.openbsd.org 2012/02/09 20:00:18 1084240075Sdes [version.h] 1085240075Sdes move from 6.0-beta to 6.0 1086240075Sdes 1087240075Sdes20120206 1088240075Sdes - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms 1089240075Sdes that don't support ECC. Patch from Phil Oleson 1090240075Sdes 1091240075Sdes20111219 1092240075Sdes - OpenBSD CVS Sync 1093240075Sdes - djm@cvs.openbsd.org 2011/12/02 00:41:56 1094240075Sdes [mux.c] 1095240075Sdes fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1096240075Sdes ok dtucker@ 1097240075Sdes - djm@cvs.openbsd.org 2011/12/02 00:43:57 1098240075Sdes [mac.c] 1099240075Sdes fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before 1100240075Sdes HMAC_init (this change in policy seems insane to me) 1101240075Sdes ok dtucker@ 1102240075Sdes - djm@cvs.openbsd.org 2011/12/04 23:16:12 1103240075Sdes [mux.c] 1104240075Sdes revert: 1105240075Sdes > revision 1.32 1106240075Sdes > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 1107240075Sdes > fix bz#1948: ssh -f doesn't fork for multiplexed connection. 1108240075Sdes > ok dtucker@ 1109240075Sdes it interacts badly with ControlPersist 1110240075Sdes - djm@cvs.openbsd.org 2011/12/07 05:44:38 1111240075Sdes [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] 1112240075Sdes fix some harmless and/or unreachable int overflows; 1113240075Sdes reported Xi Wang, ok markus@ 1114240075Sdes 1115240075Sdes20111125 1116240075Sdes - OpenBSD CVS Sync 1117240075Sdes - oga@cvs.openbsd.org 2011/11/16 12:24:28 1118240075Sdes [sftp.c] 1119240075Sdes Don't leak list in complete_cmd_parse if there are no commands found. 1120240075Sdes Discovered when I was ``borrowing'' this code for something else. 1121240075Sdes ok djm@ 1122240075Sdes 1123240075Sdes20111121 1124240075Sdes - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ 1125240075Sdes 1126240075Sdes20111104 1127240075Sdes - (dtucker) OpenBSD CVS Sync 1128240075Sdes - djm@cvs.openbsd.org 2011/10/18 05:15:28 1129240075Sdes [ssh.c] 1130240075Sdes ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ 1131240075Sdes - djm@cvs.openbsd.org 2011/10/18 23:37:42 1132240075Sdes [ssh-add.c] 1133240075Sdes add -k to usage(); reminded by jmc@ 1134240075Sdes - djm@cvs.openbsd.org 2011/10/19 00:06:10 1135240075Sdes [moduli.c] 1136240075Sdes s/tmpfile/tmp/ to make this -Wshadow clean 1137240075Sdes - djm@cvs.openbsd.org 2011/10/19 10:39:48 1138240075Sdes [umac.c] 1139240075Sdes typo in comment; patch from Michael W. Bombardieri 1140240075Sdes - djm@cvs.openbsd.org 2011/10/24 02:10:46 1141240075Sdes [ssh.c] 1142240075Sdes bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh 1143240075Sdes was incorrectly requesting the forward in both the control master and 1144240075Sdes slave. skip requesting it in the master to fix. ok markus@ 1145240075Sdes - djm@cvs.openbsd.org 2011/10/24 02:13:13 1146240075Sdes [session.c] 1147240075Sdes bz#1859: send tty break to pty master instead of (probably already 1148240075Sdes closed) slave side; "looks good" markus@ 1149240075Sdes - dtucker@cvs.openbsd.org 011/11/04 00:09:39 1150240075Sdes [moduli] 1151240075Sdes regenerated moduli file; ok deraadt 1152240075Sdes - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in 1153240075Sdes openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] 1154240075Sdes bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library 1155240075Sdes which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) 1156240075Sdes with some rework from myself and djm. ok djm. 1157240075Sdes 1158240075Sdes20111025 1159240075Sdes - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file 1160240075Sdes fails. Patch from Corinna Vinschen. 1161240075Sdes 1162240075Sdes20111018 1163240075Sdes - (djm) OpenBSD CVS Sync 1164240075Sdes - djm@cvs.openbsd.org 2011/10/04 14:17:32 1165240075Sdes [sftp-glob.c] 1166240075Sdes silence error spam for "ls */foo" in directory with files; bz#1683 1167240075Sdes - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 1168240075Sdes [moduli.c ssh-keygen.1 ssh-keygen.c] 1169240075Sdes Add optional checkpoints for moduli screening. feedback & ok deraadt 1170240075Sdes - jmc@cvs.openbsd.org 2011/10/16 15:02:41 1171240075Sdes [ssh-keygen.c] 1172240075Sdes put -K in the right place (usage()); 1173240075Sdes - stsp@cvs.openbsd.org 2011/10/16 15:51:39 1174240075Sdes [moduli.c] 1175240075Sdes add missing includes to unbreak tree; fix from rpointel 1176240075Sdes - djm@cvs.openbsd.org 2011/10/18 04:58:26 1177240075Sdes [auth-options.c key.c] 1178240075Sdes remove explict search for \0 in packet strings, this job is now done 1179240075Sdes implicitly by buffer_get_cstring; ok markus 1180240075Sdes - djm@cvs.openbsd.org 2011/10/18 05:00:48 1181240075Sdes [ssh-add.1 ssh-add.c] 1182240075Sdes new "ssh-add -k" option to load plain keys (skipping certificates); 1183240075Sdes "looks ok" markus@ 1184240075Sdes 1185240075Sdes20111001 1186240075Sdes - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm 1187240075Sdes - (dtucker) OpenBSD CVS Sync 1188240075Sdes - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 1189240075Sdes [channels.c auth-options.c servconf.c channels.h sshd.8] 1190240075Sdes Add wildcard support to PermitOpen, allowing things like "PermitOpen 1191240075Sdes localhost:*". bz #1857, ok djm markus. 1192240075Sdes - markus@cvs.openbsd.org 2011/09/23 07:45:05 1193240075Sdes [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c 1194240075Sdes version.h] 1195240075Sdes unbreak remote portforwarding with dynamic allocated listen ports: 1196240075Sdes 1) send the actual listen port in the open message (instead of 0). 1197240075Sdes this allows multiple forwardings with a dynamic listen port 1198240075Sdes 2) update the matching permit-open entry, so we can identify where 1199240075Sdes to connect to 1200240075Sdes report: den at skbkontur.ru and P. Szczygielski 1201240075Sdes feedback and ok djm@ 1202240075Sdes - djm@cvs.openbsd.org 2011/09/25 05:44:47 1203240075Sdes [auth2-pubkey.c] 1204240075Sdes improve the AuthorizedPrincipalsFile debug log message to include 1205240075Sdes file and line number 1206240075Sdes - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 1207240075Sdes [sshd.c] 1208240075Sdes don't attempt privsep cleanup when not using privsep; ok markus@ 1209240075Sdes - djm@cvs.openbsd.org 2011/09/30 21:22:49 1210240075Sdes [sshd.c] 1211240075Sdes fix inverted test that caused logspam; spotted by henning@ 1212240075Sdes 1213240075Sdes20110929 1214240075Sdes - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch 1215240075Sdes from des AT des.no 1216240075Sdes - (dtucker) [configure.ac openbsd-compat/Makefile.in 1217240075Sdes openbsd-compat/strnlen.c] Add strnlen to the compat library. 1218240075Sdes 1219240075Sdes20110923 1220240075Sdes - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no 1221240075Sdes longer want to sync this file (OpenBSD uses a __getcwd syscall now, we 1222240075Sdes want this longhand version) 1223240075Sdes - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the 1224240075Sdes upstream version is YPified and we don't want this 1225240075Sdes - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. 1226240075Sdes The file was totally rewritten between what we had in tree and -current. 1227240075Sdes - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid 1228240075Sdes marker. The upstream API has changed (function and structure names) 1229240075Sdes enough to put it out of sync with other providers of this interface. 1230240075Sdes - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion 1231240075Sdes of static __findenv() function from upstream setenv.c 1232240075Sdes - OpenBSD CVS Sync 1233240075Sdes - millert@cvs.openbsd.org 2006/05/05 15:27:38 1234240075Sdes [openbsd-compat/strlcpy.c] 1235240075Sdes Convert do {} while loop -> while {} for clarity. No binary change 1236240075Sdes on most architectures. From Oliver Smith. OK deraadt@ and henning@ 1237240075Sdes - tobias@cvs.openbsd.org 2007/10/21 11:09:30 1238240075Sdes [openbsd-compat/mktemp.c] 1239240075Sdes Comment fix about time consumption of _gettemp. 1240240075Sdes FreeBSD did this in revision 1.20. 1241240075Sdes OK deraadt@, krw@ 1242240075Sdes - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 1243240075Sdes [openbsd-compat/mktemp.c] 1244240075Sdes use arc4random_uniform(); ok djm millert 1245240075Sdes - millert@cvs.openbsd.org 2008/08/21 16:54:44 1246240075Sdes [openbsd-compat/mktemp.c] 1247240075Sdes Remove useless code, the kernel will set errno appropriately if an 1248240075Sdes element in the path does not exist. OK deraadt@ pvalchev@ 1249240075Sdes - otto@cvs.openbsd.org 2008/12/09 19:38:38 1250240075Sdes [openbsd-compat/inet_ntop.c] 1251240075Sdes fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon 1252240075Sdes 1253240075Sdes20110922 1254240075Sdes - OpenBSD CVS Sync 1255240075Sdes - pyr@cvs.openbsd.org 2011/05/12 07:15:10 1256240075Sdes [openbsd-compat/glob.c] 1257240075Sdes When the max number of items for a directory has reached GLOB_LIMIT_READDIR 1258240075Sdes an error is returned but closedir() is not called. 1259240075Sdes spotted and fix provided by Frank Denis obsd-tech@pureftpd.org 1260240075Sdes ok otto@, millert@ 1261240075Sdes - stsp@cvs.openbsd.org 2011/09/20 10:18:46 1262240075Sdes [glob.c] 1263240075Sdes In glob(3), limit recursion during matching attempts. Similar to 1264240075Sdes fnmatch fix. Also collapse consecutive '*' (from NetBSD). 1265240075Sdes ok miod deraadt 1266240075Sdes - djm@cvs.openbsd.org 2011/09/22 06:27:29 1267240075Sdes [glob.c] 1268240075Sdes fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being 1269240075Sdes applied only to the gl_pathv vector and not the corresponding gl_statv 1270240075Sdes array. reported in OpenSSH bz#1935; feedback and okay matthew@ 1271240075Sdes - djm@cvs.openbsd.org 2011/08/26 01:45:15 1272240075Sdes [ssh.1] 1273240075Sdes Add some missing ssh_config(5) options that can be used in ssh(1)'s 1274240075Sdes -o argument. Patch from duclare AT guu.fi 1275240075Sdes - djm@cvs.openbsd.org 2011/09/05 05:56:13 1276240075Sdes [scp.1 sftp.1] 1277240075Sdes mention ControlPersist and KbdInteractiveAuthentication in the -o 1278240075Sdes verbiage in these pages too (prompted by jmc@) 1279240075Sdes - djm@cvs.openbsd.org 2011/09/05 05:59:08 1280240075Sdes [misc.c] 1281240075Sdes fix typo in IPQoS parsing: there is no "AF14" class, but there is 1282240075Sdes an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1283240075Sdes - jmc@cvs.openbsd.org 2011/09/05 07:01:44 1284240075Sdes [scp.1] 1285240075Sdes knock out a useless Ns; 1286240075Sdes - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 1287240075Sdes [ssh-keygen.1] 1288240075Sdes typo (they vs the) found by Lawrence Teo 1289240075Sdes - djm@cvs.openbsd.org 2011/09/09 00:43:00 1290240075Sdes [ssh_config.5 sshd_config.5] 1291240075Sdes fix typo in IPQoS parsing: there is no "AF14" class, but there is 1292240075Sdes an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk 1293240075Sdes - djm@cvs.openbsd.org 2011/09/09 00:44:07 1294240075Sdes [PROTOCOL.mux] 1295240075Sdes MUX_C_CLOSE_FWD includes forward type in message (though it isn't 1296240075Sdes implemented anyway) 1297240075Sdes - djm@cvs.openbsd.org 2011/09/09 22:37:01 1298240075Sdes [scp.c] 1299240075Sdes suppress adding '--' to remote commandlines when the first argument 1300240075Sdes does not start with '-'. saves breakage on some difficult-to-upgrade 1301240075Sdes embedded/router platforms; feedback & ok dtucker ok markus 1302240075Sdes - djm@cvs.openbsd.org 2011/09/09 22:38:21 1303240075Sdes [sshd.c] 1304240075Sdes kill the preauth privsep child on fatal errors in the monitor; 1305240075Sdes ok markus@ 1306240075Sdes - djm@cvs.openbsd.org 2011/09/09 22:46:44 1307240075Sdes [channels.c channels.h clientloop.h mux.c ssh.c] 1308240075Sdes support for cancelling local and remote port forwards via the multiplex 1309240075Sdes socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request 1310240075Sdes the cancellation of the specified forwardings; ok markus@ 1311240075Sdes - markus@cvs.openbsd.org 2011/09/10 22:26:34 1312240075Sdes [channels.c channels.h clientloop.c ssh.1] 1313240075Sdes support cancellation of local/dynamic forwardings from ~C commandline; 1314240075Sdes ok & feedback djm@ 1315240075Sdes - okan@cvs.openbsd.org 2011/09/11 06:59:05 1316240075Sdes [ssh.1] 1317240075Sdes document new -O cancel command; ok djm@ 1318240075Sdes - markus@cvs.openbsd.org 2011/09/11 16:07:26 1319240075Sdes [sftp-client.c] 1320240075Sdes fix leaks in do_hardlink() and do_readlink(); bz#1921 1321240075Sdes from Loganaden Velvindron 1322240075Sdes - markus@cvs.openbsd.org 2011/09/12 08:46:15 1323240075Sdes [sftp-client.c] 1324240075Sdes fix leak in do_lsreaddir(); ok djm 1325240075Sdes - djm@cvs.openbsd.org 2011/09/22 06:29:03 1326240075Sdes [sftp.c] 1327240075Sdes don't let remote_glob() implicitly sort its results in do_globbed_ls() - 1328240075Sdes in all likelihood, they will be resorted anyway 1329240075Sdes 1330240075Sdes20110909 1331240075Sdes - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From 1332240075Sdes Colin Watson. 1333240075Sdes 1334226046Sdes20110906 1335226046Sdes - (djm) [README version.h] Correct version 1336226046Sdes - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon 1337226046Sdes - (djm) Respin OpenSSH-5.9p1 release 1338226046Sdes 1339226046Sdes20110905 1340221420Sdes - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1341226046Sdes [contrib/suse/openssh.spec] Update version numbers. 1342221420Sdes 1343226046Sdes20110904 1344226046Sdes - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal 1345226046Sdes regress errors for the sandbox to warnings. ok tim dtucker 1346226046Sdes - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations 1347226046Sdes ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen 1348226046Sdes support. 1349226046Sdes 1350226046Sdes20110829 1351226046Sdes - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting 1352226046Sdes to switch SELinux context away from unconfined_t, based on patch from 1353226046Sdes Jan Chadima; bz#1919 ok dtucker@ 1354226046Sdes 1355226046Sdes20110827 1356226046Sdes - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey. 1357226046Sdes 1358226046Sdes20110818 1359226046Sdes - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze 1360226046Sdes 1361226046Sdes20110817 1362226046Sdes - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for 1363226046Sdes OpenSSL 0.9.7. ok djm 1364226046Sdes - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h] 1365226046Sdes binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen 1366226046Sdes - (djm) [configure.ac] error out if the host lacks the necessary bits for 1367226046Sdes an explicitly requested sandbox type 1368226046Sdes - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by 1369226046Sdes bisson AT archlinux.org 1370226046Sdes - (djm) OpenBSD CVS Sync 1371226046Sdes - dtucker@cvs.openbsd.org 2011/06/03 05:35:10 1372226046Sdes [regress/cfgmatch.sh] 1373226046Sdes use OBJ to find test configs, patch from Tim Rice 1374226046Sdes - markus@cvs.openbsd.org 2011/06/30 22:44:43 1375226046Sdes [regress/connect-privsep.sh] 1376226046Sdes test with sandbox enabled; ok djm@ 1377226046Sdes - djm@cvs.openbsd.org 2011/08/02 01:23:41 1378226046Sdes [regress/cipher-speed.sh regress/try-ciphers.sh] 1379226046Sdes add SHA256/SHA512 based HMAC modes 1380226046Sdes - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2 1381226046Sdes MAC tests for platforms that hack EVP_SHA2 support 1382226046Sdes 1383226046Sdes20110812 1384226046Sdes - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context 1385226046Sdes change error by reporting old and new context names Patch from 1386226046Sdes jchadima at redhat. 1387226046Sdes - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init] 1388226046Sdes [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES 1389226046Sdes init scrips from imorgan AT nas.nasa.gov; bz#1920 1390226046Sdes - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the 1391226046Sdes identify file contained whitespace. bz#1828 patch from gwenael.lambrouin 1392226046Sdes AT gmail.com; ok dtucker@ 1393226046Sdes 1394226046Sdes20110807 1395226046Sdes - (dtucker) OpenBSD CVS Sync 1396226046Sdes - jmc@cvs.openbsd.org 2008/06/26 06:59:39 1397226046Sdes [moduli.5] 1398226046Sdes tweak previous; 1399226046Sdes - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 1400226046Sdes [moduli.5] 1401226046Sdes "Diffie-Hellman" is the usual spelling for the cryptographic protocol 1402226046Sdes first published by Whitfield Diffie and Martin Hellman in 1976. 1403226046Sdes ok jmc@ 1404226046Sdes - jmc@cvs.openbsd.org 2010/10/14 20:41:28 1405226046Sdes [moduli.5] 1406226046Sdes probabalistic -> probabilistic; from naddy 1407226046Sdes - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 1408226046Sdes [sftp.1] 1409226046Sdes typo, fix from Laurent Gautrot 1410226046Sdes 1411226046Sdes20110805 1412226046Sdes - OpenBSD CVS Sync 1413226046Sdes - djm@cvs.openbsd.org 2011/06/23 23:35:42 1414226046Sdes [monitor.c] 1415226046Sdes ignore EINTR errors from poll() 1416226046Sdes - tedu@cvs.openbsd.org 2011/07/06 18:09:21 1417226046Sdes [authfd.c] 1418226046Sdes bzero the agent address. the kernel was for a while very cranky about 1419226046Sdes these things. evne though that's fixed, always good to initialize 1420226046Sdes memory. ok deraadt djm 1421226046Sdes - djm@cvs.openbsd.org 2011/07/29 14:42:45 1422226046Sdes [sandbox-systrace.c] 1423226046Sdes fail open(2) with EPERM rather than SIGKILLing the whole process. libc 1424226046Sdes will call open() to do strerror() when NLS is enabled; 1425226046Sdes feedback and ok markus@ 1426226046Sdes - markus@cvs.openbsd.org 2011/08/01 19:18:15 1427226046Sdes [gss-serv.c] 1428226046Sdes prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); 1429226046Sdes report Adam Zabrock; ok djm@, deraadt@ 1430226046Sdes - djm@cvs.openbsd.org 2011/08/02 01:22:11 1431226046Sdes [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] 1432226046Sdes Add new SHA256 and SHA512 based HMAC modes from 1433226046Sdes http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt 1434226046Sdes Patch from mdb AT juniper.net; feedback and ok markus@ 1435226046Sdes - djm@cvs.openbsd.org 2011/08/02 23:13:01 1436226046Sdes [version.h] 1437226046Sdes crank now, release later 1438226046Sdes - djm@cvs.openbsd.org 2011/08/02 23:15:03 1439226046Sdes [ssh.c] 1440226046Sdes typo in comment 1441226046Sdes 1442226046Sdes20110624 1443226046Sdes - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for 1444226046Sdes Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing 1445226046Sdes markus@ 1446226046Sdes 1447226046Sdes20110623 1448226046Sdes - OpenBSD CVS Sync 1449226046Sdes - djm@cvs.openbsd.org 2011/06/22 21:47:28 1450226046Sdes [servconf.c] 1451226046Sdes reuse the multistate option arrays to pretty-print options for "sshd -T" 1452226046Sdes - djm@cvs.openbsd.org 2011/06/22 21:57:01 1453226046Sdes [servconf.c servconf.h sshd.c sshd_config.5] 1454226046Sdes [configure.ac Makefile.in] 1455226046Sdes introduce sandboxing of the pre-auth privsep child using systrace(4). 1456226046Sdes 1457226046Sdes This introduces a new "UsePrivilegeSeparation=sandbox" option for 1458226046Sdes sshd_config that applies mandatory restrictions on the syscalls the 1459226046Sdes privsep child can perform. This prevents a compromised privsep child 1460226046Sdes from being used to attack other hosts (by opening sockets and proxying) 1461226046Sdes or probing local kernel attack surface. 1462226046Sdes 1463226046Sdes The sandbox is implemented using systrace(4) in unsupervised "fast-path" 1464226046Sdes mode, where a list of permitted syscalls is supplied. Any syscall not 1465226046Sdes on the list results in SIGKILL being sent to the privsep child. Note 1466226046Sdes that this requires a kernel with the new SYSTR_POLICY_KILL option. 1467226046Sdes 1468226046Sdes UsePrivilegeSeparation=sandbox will become the default in the future 1469226046Sdes so please start testing it now. 1470226046Sdes 1471226046Sdes feedback dtucker@; ok markus@ 1472226046Sdes - djm@cvs.openbsd.org 2011/06/22 22:08:42 1473226046Sdes [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] 1474226046Sdes hook up a channel confirm callback to warn the user then requested X11 1475226046Sdes forwarding was refused by the server; ok markus@ 1476226046Sdes - djm@cvs.openbsd.org 2011/06/23 09:34:13 1477226046Sdes [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] 1478226046Sdes [sandbox-null.c] 1479226046Sdes rename sandbox.h => ssh-sandbox.h to make things easier for portable 1480226046Sdes - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support 1481226046Sdes setrlimit(2) 1482226046Sdes 1483226046Sdes20110620 1484226046Sdes - OpenBSD CVS Sync 1485226046Sdes - djm@cvs.openbsd.org 2011/06/04 00:10:26 1486226046Sdes [ssh_config.5] 1487226046Sdes explain IdentifyFile's semantics a little better, prompted by bz#1898 1488226046Sdes ok dtucker jmc 1489226046Sdes - markus@cvs.openbsd.org 2011/06/14 22:49:18 1490226046Sdes [authfile.c] 1491226046Sdes make sure key_parse_public/private_rsa1() no longer consumes its input 1492226046Sdes buffer. fixes ssh-add for passphrase-protected ssh1-keys; 1493226046Sdes noted by naddy@; ok djm@ 1494226046Sdes - djm@cvs.openbsd.org 2011/06/17 21:44:31 1495226046Sdes [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] 1496226046Sdes make the pre-auth privsep slave log via a socketpair shared with the 1497226046Sdes monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ 1498226046Sdes - djm@cvs.openbsd.org 2011/06/17 21:46:16 1499226046Sdes [sftp-server.c] 1500226046Sdes the protocol version should be unsigned; bz#1913 reported by mb AT 1501226046Sdes smartftp.com 1502226046Sdes - djm@cvs.openbsd.org 2011/06/17 21:47:35 1503226046Sdes [servconf.c] 1504226046Sdes factor out multi-choice option parsing into a parse_multistate label 1505226046Sdes and some support structures; ok dtucker@ 1506226046Sdes - djm@cvs.openbsd.org 2011/06/17 21:57:25 1507226046Sdes [clientloop.c] 1508226046Sdes setproctitle for a mux master that has been gracefully stopped; 1509226046Sdes bz#1911 from Bert.Wesarg AT googlemail.com 1510226046Sdes 1511226046Sdes20110603 1512226046Sdes - (dtucker) [README version.h contrib/caldera/openssh.spec 1513226046Sdes contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version 1514226046Sdes bumps from the 5.8p2 branch into HEAD. ok djm. 1515226046Sdes - (tim) [configure.ac defines.h] Run test program to detect system mail 1516226046Sdes directory. Add --with-maildir option to override. Fixed OpenServer 6 1517226046Sdes getting it wrong. Fixed many systems having MAIL=/var/mail//username 1518226046Sdes ok dtucker 1519226046Sdes - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair 1520226046Sdes unconditionally in other places and the survey data we have does not show 1521226046Sdes any systems that use it. "nuke it" djm@ 1522226046Sdes - (djm) [configure.ac] enable setproctitle emulation for OS X 1523226046Sdes - (djm) OpenBSD CVS Sync 1524226046Sdes - djm@cvs.openbsd.org 2011/06/03 00:54:38 1525226046Sdes [ssh.c] 1526226046Sdes bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg 1527226046Sdes AT googlemail.com; ok dtucker@ 1528226046Sdes NB. includes additional portability code to enable setproctitle emulation 1529226046Sdes on platforms that don't support it. 1530226046Sdes - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 1531226046Sdes [ssh-agent.c] 1532226046Sdes Check current parent process ID against saved one to determine if the parent 1533226046Sdes has exited, rather than attempting to send a zero signal, since the latter 1534226046Sdes won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn 1535226046Sdes Gillmor, ok djm@ 1536226046Sdes - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 1537226046Sdes [regress/dynamic-forward.sh] 1538226046Sdes back out revs 1.6 and 1.5 since it's not reliable 1539226046Sdes - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 1540226046Sdes [regress/dynamic-forward.sh] 1541226046Sdes work around startup and teardown races; caught by deraadt 1542226046Sdes - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 1543226046Sdes [regress/dynamic-forward.sh] 1544226046Sdes Retry establishing the port forwarding after a small delay, should make 1545226046Sdes the tests less flaky when the previous test is slow to shut down and free 1546226046Sdes up the port. 1547226046Sdes - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. 1548226046Sdes 1549226046Sdes20110529 1550226046Sdes - (djm) OpenBSD CVS Sync 1551226046Sdes - djm@cvs.openbsd.org 2011/05/23 03:30:07 1552226046Sdes [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] 1553226046Sdes [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] 1554226046Sdes allow AuthorizedKeysFile to specify multiple files, separated by spaces. 1555226046Sdes Bring back authorized_keys2 as a default search path (to avoid breaking 1556226046Sdes existing users of this file), but override this in sshd_config so it will 1557226046Sdes be no longer used on fresh installs. Maybe in 2015 we can remove it 1558226046Sdes entierly :) 1559226046Sdes 1560226046Sdes feedback and ok markus@ dtucker@ 1561226046Sdes - djm@cvs.openbsd.org 2011/05/23 03:33:38 1562226046Sdes [auth.c] 1563226046Sdes make secure_filename() spam debug logs less 1564226046Sdes - djm@cvs.openbsd.org 2011/05/23 03:52:55 1565226046Sdes [sshconnect.c] 1566226046Sdes remove extra newline 1567226046Sdes - jmc@cvs.openbsd.org 2011/05/23 07:10:21 1568226046Sdes [sshd.8 sshd_config.5] 1569226046Sdes tweak previous; ok djm 1570226046Sdes - djm@cvs.openbsd.org 2011/05/23 07:24:57 1571226046Sdes [authfile.c] 1572226046Sdes read in key comments for v.2 keys (though note that these are not 1573226046Sdes passed over the agent protocol); bz#439, based on patch from binder 1574226046Sdes AT arago.de; ok markus@ 1575226046Sdes - djm@cvs.openbsd.org 2011/05/24 07:15:47 1576226046Sdes [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] 1577226046Sdes Remove undocumented legacy options UserKnownHostsFile2 and 1578226046Sdes GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile 1579226046Sdes accept multiple paths per line and making their defaults include 1580226046Sdes known_hosts2; ok markus 1581226046Sdes - djm@cvs.openbsd.org 2011/05/23 03:31:31 1582226046Sdes [regress/cfgmatch.sh] 1583226046Sdes include testing of multiple/overridden AuthorizedKeysFiles 1584226046Sdes refactor to simply daemon start/stop and get rid of racy constructs 1585226046Sdes 1586226046Sdes20110520 1587226046Sdes - (djm) [session.c] call setexeccon() before executing passwd for pw 1588226046Sdes changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ 1589226046Sdes - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options 1590226046Sdes options, we should corresponding -W-option when trying to determine 1591226046Sdes whether it is accepted. Also includes a warning fix on the program 1592226046Sdes fragment uses (bad main() return type). 1593226046Sdes bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ 1594226046Sdes - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 1595226046Sdes - OpenBSD CVS Sync 1596226046Sdes - djm@cvs.openbsd.org 2011/05/15 08:09:01 1597226046Sdes [authfd.c monitor.c serverloop.c] 1598226046Sdes use FD_CLOEXEC consistently; patch from zion AT x96.org 1599226046Sdes - djm@cvs.openbsd.org 2011/05/17 07:13:31 1600226046Sdes [key.c] 1601226046Sdes fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1602226046Sdes and fix the regress test that was trying to generate them :) 1603226046Sdes - djm@cvs.openbsd.org 2011/05/20 00:55:02 1604226046Sdes [servconf.c] 1605226046Sdes the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile 1606226046Sdes and AuthorizedPrincipalsFile were not being correctly applied in 1607226046Sdes Match blocks, despite being overridable there; ok dtucker@ 1608226046Sdes - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 1609226046Sdes [servconf.c] 1610226046Sdes Add comment documenting what should be after the preauth check. ok djm 1611226046Sdes - djm@cvs.openbsd.org 2011/05/20 03:25:45 1612226046Sdes [monitor.c monitor_wrap.c servconf.c servconf.h] 1613226046Sdes use a macro to define which string options to copy between configs 1614226046Sdes for Match. This avoids problems caused by forgetting to keep three 1615226046Sdes code locations in perfect sync and ordering 1616226046Sdes 1617226046Sdes "this is at once beautiful and horrible" + ok dtucker@ 1618226046Sdes - djm@cvs.openbsd.org 2011/05/17 07:13:31 1619226046Sdes [regress/cert-userkey.sh] 1620226046Sdes fatal() if asked to generate a legacy ECDSA cert (these don't exist) 1621226046Sdes and fix the regress test that was trying to generate them :) 1622226046Sdes - djm@cvs.openbsd.org 2011/05/20 02:43:36 1623226046Sdes [cert-hostkey.sh] 1624226046Sdes another attempt to generate a v00 ECDSA key that broke the test 1625226046Sdes ID sync only - portable already had this somehow 1626226046Sdes - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 1627226046Sdes [dynamic-forward.sh] 1628226046Sdes Prevent races in dynamic forwarding test; ok djm 1629226046Sdes - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 1630226046Sdes [dynamic-forward.sh] 1631226046Sdes fix dumb error in dynamic-forward test 1632226046Sdes 1633226046Sdes20110515 1634226046Sdes - (djm) OpenBSD CVS Sync 1635226046Sdes - djm@cvs.openbsd.org 2011/05/05 05:12:08 1636226046Sdes [mux.c] 1637226046Sdes gracefully fall back when ControlPath is too large for a 1638226046Sdes sockaddr_un. ok markus@ as part of a larger diff 1639226046Sdes - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 1640226046Sdes [sshd_config] 1641226046Sdes clarify language about overriding defaults. bz#1892, from Petr Cerny 1642226046Sdes - djm@cvs.openbsd.org 2011/05/06 01:09:53 1643226046Sdes [sftp.1] 1644226046Sdes mention that IPv6 addresses must be enclosed in square brackets; 1645226046Sdes bz#1845 1646226046Sdes - djm@cvs.openbsd.org 2011/05/06 02:05:41 1647226046Sdes [sshconnect2.c] 1648226046Sdes fix memory leak; bz#1849 ok dtucker@ 1649226046Sdes - djm@cvs.openbsd.org 2011/05/06 21:14:05 1650226046Sdes [packet.c packet.h] 1651226046Sdes set traffic class for IPv6 traffic as we do for IPv4 TOS; 1652226046Sdes patch from lionel AT mamane.lu via Colin Watson in bz#1855; 1653226046Sdes ok markus@ 1654226046Sdes - djm@cvs.openbsd.org 2011/05/06 21:18:02 1655226046Sdes [ssh.c ssh_config.5] 1656226046Sdes add a %L expansion (short-form of the local host name) for ControlPath; 1657226046Sdes sync some more expansions with LocalCommand; ok markus@ 1658226046Sdes - djm@cvs.openbsd.org 2011/05/06 21:31:38 1659226046Sdes [readconf.c ssh_config.5] 1660226046Sdes support negated Host matching, e.g. 1661226046Sdes 1662226046Sdes Host *.example.org !c.example.org 1663226046Sdes User mekmitasdigoat 1664226046Sdes 1665226046Sdes Will match "a.example.org", "b.example.org", but not "c.example.org" 1666226046Sdes ok markus@ 1667226046Sdes - djm@cvs.openbsd.org 2011/05/06 21:34:32 1668226046Sdes [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] 1669226046Sdes Add a RequestTTY ssh_config option to allow configuration-based 1670226046Sdes control over tty allocation (like -t/-T); ok markus@ 1671226046Sdes - djm@cvs.openbsd.org 2011/05/06 21:38:58 1672226046Sdes [ssh.c] 1673226046Sdes fix dropping from previous diff 1674226046Sdes - djm@cvs.openbsd.org 2011/05/06 22:20:10 1675226046Sdes [PROTOCOL.mux] 1676226046Sdes fix numbering; from bert.wesarg AT googlemail.com 1677226046Sdes - jmc@cvs.openbsd.org 2011/05/07 23:19:39 1678226046Sdes [ssh_config.5] 1679226046Sdes - tweak previous 1680226046Sdes - come consistency fixes 1681226046Sdes ok djm 1682226046Sdes - jmc@cvs.openbsd.org 2011/05/07 23:20:25 1683226046Sdes [ssh.1] 1684226046Sdes +.It RequestTTY 1685226046Sdes - djm@cvs.openbsd.org 2011/05/08 12:52:01 1686226046Sdes [PROTOCOL.mux clientloop.c clientloop.h mux.c] 1687226046Sdes improve our behaviour when TTY allocation fails: if we are in 1688226046Sdes RequestTTY=auto mode (the default), then do not treat at TTY 1689226046Sdes allocation error as fatal but rather just restore the local TTY 1690226046Sdes to cooked mode and continue. This is more graceful on devices that 1691226046Sdes never allocate TTYs. 1692226046Sdes 1693226046Sdes If RequestTTY is set to "yes" or "force", then failure to allocate 1694226046Sdes a TTY is fatal. 1695226046Sdes 1696226046Sdes ok markus@ 1697226046Sdes - djm@cvs.openbsd.org 2011/05/10 05:46:46 1698226046Sdes [authfile.c] 1699226046Sdes despam debug() logs by detecting that we are trying to load a private key 1700226046Sdes in key_try_load_public() and returning early; ok markus@ 1701226046Sdes - djm@cvs.openbsd.org 2011/05/11 04:47:06 1702226046Sdes [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] 1703226046Sdes remove support for authorized_keys2; it is a relic from the early days 1704226046Sdes of protocol v.2 support and has been undocumented for many years; 1705226046Sdes ok markus@ 1706226046Sdes - djm@cvs.openbsd.org 2011/05/13 00:05:36 1707226046Sdes [authfile.c] 1708226046Sdes warn on unexpected key type in key_parse_private_type() 1709226046Sdes - (djm) [packet.c] unbreak portability #endif 1710226046Sdes 1711226046Sdes20110510 1712226046Sdes - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 1713226046Sdes --with-ssl-engine which was broken with the change from deprecated 1714226046Sdes SSLeay_add_all_algorithms(). ok djm 1715226046Sdes 1716226046Sdes20110506 1717226046Sdes - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype 1718226046Sdes for closefrom() in test code. Report from Dan Wallis via Gentoo. 1719226046Sdes 1720226046Sdes20110505 1721226046Sdes - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS 1722226046Sdes definitions. From des AT des.no 1723226046Sdes - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] 1724226046Sdes [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] 1725226046Sdes [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] 1726226046Sdes [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] 1727226046Sdes [regress/README.regress] Remove ssh-rand-helper and all its 1728226046Sdes tentacles. PRNGd seeding has been rolled into entropy.c directly. 1729226046Sdes Thanks to tim@ for testing on affected platforms. 1730226046Sdes - OpenBSD CVS Sync 1731226046Sdes - djm@cvs.openbsd.org 2011/03/10 02:52:57 1732226046Sdes [auth2-gss.c auth2.c auth.h] 1733226046Sdes allow GSSAPI authentication to detect when a server-side failure causes 1734226046Sdes authentication failure and don't count such failures against MaxAuthTries; 1735226046Sdes bz#1244 from simon AT sxw.org.uk; ok markus@ before lock 1736226046Sdes - okan@cvs.openbsd.org 2011/03/15 10:36:02 1737226046Sdes [ssh-keyscan.c] 1738226046Sdes use timerclear macro 1739226046Sdes ok djm@ 1740226046Sdes - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 1741226046Sdes [ssh-keygen.1 ssh-keygen.c] 1742226046Sdes Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) 1743226046Sdes for which host keys do not exist, generate the host keys with the 1744226046Sdes default key file path, an empty passphrase, default bits for the key 1745226046Sdes type, and default comment. This will be used by /etc/rc to generate 1746226046Sdes new host keys. Idea from deraadt. 1747226046Sdes ok deraadt 1748226046Sdes - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 1749226046Sdes [ssh-keygen.1] 1750226046Sdes -q not used in /etc/rc now so remove statement. 1751226046Sdes - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 1752226046Sdes [ssh-keygen.c] 1753226046Sdes remove -d, documentation removed >10 years ago; ok markus 1754226046Sdes - jmc@cvs.openbsd.org 2011/03/24 15:29:30 1755226046Sdes [ssh-keygen.1] 1756226046Sdes zap trailing whitespace; 1757226046Sdes - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 1758226046Sdes [ssh-keygen.c] 1759226046Sdes use strcasecmp() for "clear" cert permission option also; ok djm 1760226046Sdes - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 1761226046Sdes [misc.c misc.h servconf.c] 1762226046Sdes print ipqos friendly string for sshd -T; ok markus 1763226046Sdes # sshd -Tf sshd_config|grep ipqos 1764226046Sdes ipqos lowdelay throughput 1765226046Sdes - djm@cvs.openbsd.org 2011/04/12 04:23:50 1766226046Sdes [ssh-keygen.c] 1767226046Sdes fix -Wshadow 1768226046Sdes - djm@cvs.openbsd.org 2011/04/12 05:32:49 1769226046Sdes [sshd.c] 1770226046Sdes exit with 0 status on SIGTERM; bz#1879 1771226046Sdes - djm@cvs.openbsd.org 2011/04/13 04:02:48 1772226046Sdes [ssh-keygen.1] 1773226046Sdes improve wording; bz#1861 1774226046Sdes - djm@cvs.openbsd.org 2011/04/13 04:09:37 1775226046Sdes [ssh-keygen.1] 1776226046Sdes mention valid -b sizes for ECDSA keys; bz#1862 1777226046Sdes - djm@cvs.openbsd.org 2011/04/17 22:42:42 1778226046Sdes [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] 1779226046Sdes allow graceful shutdown of multiplexing: request that a mux server 1780226046Sdes removes its listener socket and refuse future multiplexing requests; 1781226046Sdes ok markus@ 1782226046Sdes - djm@cvs.openbsd.org 2011/04/18 00:46:05 1783226046Sdes [ssh-keygen.c] 1784226046Sdes certificate options are supposed to be packed in lexical order of 1785226046Sdes option name (though we don't actually enforce this at present). 1786226046Sdes Move one up that was out of sequence 1787226046Sdes - djm@cvs.openbsd.org 2011/05/04 21:15:29 1788226046Sdes [authfile.c authfile.h ssh-add.c] 1789226046Sdes allow "ssh-add - < key"; feedback and ok markus@ 1790226046Sdes - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE 1791226046Sdes so autoreconf 2.68 is happy. 1792226046Sdes - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ 1793226046Sdes 1794221420Sdes20110221 1795221420Sdes - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the 1796221420Sdes Cygwin-specific service installer script ssh-host-config. The actual 1797221420Sdes functionality is the same, the revisited version is just more 1798221420Sdes exact when it comes to check for problems which disallow to run 1799221420Sdes certain aspects of the script. So, part of this script and the also 1800221420Sdes rearranged service helper script library "csih" is to check if all 1801221420Sdes the tools required to run the script are available on the system. 1802221420Sdes The new script also is more thorough to inform the user why the 1803221420Sdes script failed. Patch from vinschen at redhat com. 1804221420Sdes 1805226046Sdes20110218 1806226046Sdes - OpenBSD CVS Sync 1807226046Sdes - djm@cvs.openbsd.org 2011/02/16 00:31:14 1808226046Sdes [ssh-keysign.c] 1809226046Sdes make hostbased auth with ECDSA keys work correctly. Based on patch 1810226046Sdes by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) 1811226046Sdes 1812221420Sdes20110206 1813221420Sdes - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in 1814221420Sdes selinux code. Patch from Leonardo Chiquitto 1815221420Sdes - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key 1816221420Sdes generation and simplify. Patch from Corinna Vinschen. 1817221420Sdes 1818221420Sdes20110204 1819221420Sdes - OpenBSD CVS Sync 1820221420Sdes - djm@cvs.openbsd.org 2011/01/31 21:42:15 1821221420Sdes [PROTOCOL.mux] 1822221420Sdes cut'n'pasto; from bert.wesarg AT googlemail.com 1823221420Sdes - djm@cvs.openbsd.org 2011/02/04 00:44:21 1824221420Sdes [key.c] 1825221420Sdes fix uninitialised nonce variable; reported by Mateusz Kocielski 1826221420Sdes - djm@cvs.openbsd.org 2011/02/04 00:44:43 1827221420Sdes [version.h] 1828221420Sdes openssh-5.8 1829221420Sdes - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1830221420Sdes [contrib/suse/openssh.spec] update versions in docs and spec files. 1831221420Sdes - Release OpenSSH 5.8p1 1832221420Sdes 1833221420Sdes20110128 1834221420Sdes - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled 1835221420Sdes before attempting setfscreatecon(). Check whether matchpathcon() 1836221420Sdes succeeded before using its result. Patch from cjwatson AT debian.org; 1837221420Sdes bz#1851 1838221420Sdes 1839226046Sdes20110127 1840226046Sdes - (tim) [config.guess config.sub] Sync with upstream. 1841226046Sdes - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete 1842226046Sdes AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with 1843226046Sdes AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white 1844226046Sdes space changes for consistency/readability. Makes autoconf 2.68 happy. 1845226046Sdes "Nice work" djm 1846226046Sdes 1847221420Sdes20110125 1848221420Sdes - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c 1849221420Sdes openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to 1850221420Sdes port-linux.c to avoid compilation errors. Add -lselinux to ssh when 1851221420Sdes building with SELinux support to avoid linking failure; report from 1852221420Sdes amk AT spamfence.net; ok dtucker 1853221420Sdes 1854221420Sdes20110122 1855221420Sdes - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 1856221420Sdes RSA_get_default_method() for the benefit of openssl versions that don't 1857221420Sdes have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, 1858221420Sdes ok djm@. 1859221420Sdes - OpenBSD CVS Sync 1860221420Sdes - djm@cvs.openbsd.org 2011/01/22 09:18:53 1861221420Sdes [version.h] 1862221420Sdes crank to OpenSSH-5.7 1863221420Sdes - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1864221420Sdes [contrib/suse/openssh.spec] update versions in docs and spec files. 1865221420Sdes - (djm) Release 5.7p1 1866221420Sdes 1867221420Sdes20110119 1868221420Sdes - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead 1869221420Sdes of RPM so build completes. Signatures were changed to .asc since 4.1p1. 1870221420Sdes - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to 1871221420Sdes 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- 1872221420Sdes release testing (random crashes and failure to load ECC keys). 1873221420Sdes ok dtucker@ 1874221420Sdes 1875221420Sdes20110117 1876221420Sdes - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in 1877221420Sdes $PATH, fix cleanup of droppings; reported by openssh AT 1878221420Sdes roumenpetrov.info; ok dtucker@ 1879221420Sdes - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding 1880221420Sdes its unique snowflake of a gdb error to the ones we look for. 1881221420Sdes - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running 1882221420Sdes ssh-add to avoid $SUDO failures on Linux 1883221420Sdes - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new 1884221420Sdes Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback 1885221420Sdes to the old values. Feedback from vapier at gentoo org and djm, ok djm. 1886221420Sdes - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] 1887221420Sdes [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are 1888221420Sdes disabled on platforms that do not support them; add a "config_defined()" 1889221420Sdes shell function that greps for defines in config.h and use them to decide 1890221420Sdes on feature tests. 1891221420Sdes Convert a couple of existing grep's over config.h to use the new function 1892221420Sdes Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent 1893221420Sdes backslash characters in filenames, enable it for Cygwin and use it to turn 1894221420Sdes of tests for quotes backslashes in sftp-glob.sh. 1895221420Sdes based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ 1896221420Sdes - (tim) [regress/agent-getpeereid.sh] shell portability fix. 1897221420Sdes - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on 1898221420Sdes the tinderbox. 1899221420Sdes - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h 1900221420Sdes configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem 1901221420Sdes support, based on patches from Tomas Mraz and jchadima at redhat. 1902221420Sdes 1903221420Sdes20110116 1904221420Sdes - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based 1905221420Sdes on configurations that don't have it. 1906221420Sdes - OpenBSD CVS Sync 1907221420Sdes - djm@cvs.openbsd.org 2011/01/16 11:50:05 1908221420Sdes [clientloop.c] 1909221420Sdes Use atomicio when flushing protocol 1 std{out,err} buffers at 1910221420Sdes session close. This was a latent bug exposed by setting a SIGCHLD 1911221420Sdes handler and spotted by kevin.brott AT gmail.com; ok dtucker@ 1912221420Sdes - djm@cvs.openbsd.org 2011/01/16 11:50:36 1913221420Sdes [sshconnect.c] 1914221420Sdes reset the SIGPIPE handler when forking to execute child processes; 1915221420Sdes ok dtucker@ 1916221420Sdes - djm@cvs.openbsd.org 2011/01/16 12:05:59 1917221420Sdes [clientloop.c] 1918221420Sdes a couple more tweaks to the post-close protocol 1 stderr/stdout flush: 1919221420Sdes now that we use atomicio(), convert them from while loops to if statements 1920221420Sdes add test and cast to compile cleanly with -Wsigned 1921221420Sdes 1922221420Sdes20110114 1923221420Sdes - OpenBSD CVS Sync 1924221420Sdes - djm@cvs.openbsd.org 2011/01/13 21:54:53 1925221420Sdes [mux.c] 1926221420Sdes correct error messages; patch from bert.wesarg AT googlemail.com 1927221420Sdes - djm@cvs.openbsd.org 2011/01/13 21:55:25 1928221420Sdes [PROTOCOL.mux] 1929221420Sdes correct protocol names and add a couple of missing protocol number 1930221420Sdes defines; patch from bert.wesarg AT googlemail.com 1931221420Sdes - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in 1932221420Sdes host-key-force target rather than a substitution that is replaced with a 1933221420Sdes comment so that the Makefile.in is still a syntactically valid Makefile 1934221420Sdes (useful to run the distprep target) 1935221420Sdes - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. 1936221420Sdes - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some 1937221420Sdes ecdsa bits. 1938221420Sdes 1939221420Sdes20110113 1940221420Sdes - (djm) [misc.c] include time.h for nanosleep() prototype 1941221420Sdes - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm 1942221420Sdes - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating 1943221420Sdes ecdsa keys. ok djm. 1944221420Sdes - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid 1945221420Sdes gcc warning on platforms where it defaults to int 1946221420Sdes - (djm) [regress/Makefile] add a few more generated files to the clean 1947221420Sdes target 1948221420Sdes - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad 1949221420Sdes #define that was causing diffie-hellman-group-exchange-sha256 to be 1950221420Sdes incorrectly disabled 1951221420Sdes - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 1952221420Sdes should not depend on ECC support 1953221420Sdes 1954221420Sdes20110112 1955221420Sdes - OpenBSD CVS Sync 1956221420Sdes - nicm@cvs.openbsd.org 2010/10/08 21:48:42 1957221420Sdes [openbsd-compat/glob.c] 1958221420Sdes Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit 1959221420Sdes from ARG_MAX to 64K. 1960221420Sdes Fixes glob-using programs (notably ftp) able to be triggered to hit 1961221420Sdes resource limits. 1962221420Sdes Idea from a similar NetBSD change, original problem reported by jasper@. 1963221420Sdes ok millert tedu jasper 1964221420Sdes - djm@cvs.openbsd.org 2011/01/12 01:53:14 1965221420Sdes avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS 1966221420Sdes and sanity check arguments (these will be unnecessary when we switch 1967221420Sdes struct glob members from being type into to size_t in the future); 1968221420Sdes "looks ok" tedu@ feedback guenther@ 1969221420Sdes - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid 1970221420Sdes silly warnings on write() calls we don't care succeed or not. 1971221420Sdes - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler 1972221420Sdes flag tests that don't depend on gcc version at all; suggested by and 1973221420Sdes ok dtucker@ 1974221420Sdes 1975221420Sdes20110111 1976221420Sdes - (tim) [regress/host-expand.sh] Fix for building outside of read only 1977221420Sdes source tree. 1978221420Sdes - (djm) [platform.c] Some missing includes that show up under -Werror 1979221420Sdes - OpenBSD CVS Sync 1980221420Sdes - djm@cvs.openbsd.org 2011/01/08 10:51:51 1981221420Sdes [clientloop.c] 1982221420Sdes use host and not options.hostname, as the latter may have unescaped 1983221420Sdes substitution characters 1984221420Sdes - djm@cvs.openbsd.org 2011/01/11 06:06:09 1985221420Sdes [sshlogin.c] 1986221420Sdes fd leak on error paths; from zinovik@ 1987221420Sdes NB. Id sync only; we use loginrec.c that was also audited and fixed 1988221420Sdes recently 1989221420Sdes - djm@cvs.openbsd.org 2011/01/11 06:13:10 1990221420Sdes [clientloop.c ssh-keygen.c sshd.c] 1991221420Sdes some unsigned long long casts that make things a bit easier for 1992221420Sdes portable without resorting to dropping PRIu64 formats everywhere 1993221420Sdes 1994221420Sdes20110109 1995221420Sdes - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by 1996221420Sdes openssh AT roumenpetrov.info 1997221420Sdes 1998221420Sdes20110108 1999221420Sdes - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress 2000221420Sdes test on OSX and others. Reported by imorgan AT nas.nasa.gov 2001221420Sdes 2002221420Sdes20110107 2003221420Sdes - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test 2004221420Sdes for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com 2005221420Sdes - djm@cvs.openbsd.org 2011/01/06 22:23:53 2006221420Sdes [ssh.c] 2007221420Sdes unbreak %n expansion in LocalCommand; patch from bert.wesarg AT 2008221420Sdes googlemail.com; ok markus@ 2009221420Sdes - djm@cvs.openbsd.org 2011/01/06 22:23:02 2010221420Sdes [clientloop.c] 2011221420Sdes when exiting due to ServerAliveTimeout, mention the hostname that caused 2012221420Sdes it (useful with backgrounded controlmaster) 2013221420Sdes - djm@cvs.openbsd.org 2011/01/06 22:46:21 2014221420Sdes [regress/Makefile regress/host-expand.sh] 2015221420Sdes regress test for LocalCommand %n expansion from bert.wesarg AT 2016221420Sdes googlemail.com; ok markus@ 2017221420Sdes - djm@cvs.openbsd.org 2011/01/06 23:01:35 2018221420Sdes [sshconnect.c] 2019221420Sdes reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; 2020221420Sdes ok markus@ 2021221420Sdes 2022221420Sdes20110106 2023221420Sdes - (djm) OpenBSD CVS Sync 2024221420Sdes - markus@cvs.openbsd.org 2010/12/08 22:46:03 2025221420Sdes [scp.1 scp.c] 2026221420Sdes add a new -3 option to scp: Copies between two remote hosts are 2027221420Sdes transferred through the local host. Without this option the data 2028221420Sdes is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) 2029221420Sdes - jmc@cvs.openbsd.org 2010/12/09 14:13:33 2030221420Sdes [scp.1 scp.c] 2031221420Sdes scp.1: grammer fix 2032221420Sdes scp.c: add -3 to usage() 2033221420Sdes - markus@cvs.openbsd.org 2010/12/14 11:59:06 2034221420Sdes [sshconnect.c] 2035221420Sdes don't mention key type in key-changed-warning, since we also print 2036221420Sdes this warning if a new key type appears. ok djm@ 2037221420Sdes - djm@cvs.openbsd.org 2010/12/15 00:49:27 2038221420Sdes [readpass.c] 2039221420Sdes fix ControlMaster=ask regression 2040221420Sdes reset SIGCHLD handler before fork (and restore it after) so we don't miss 2041221420Sdes the the askpass child's exit status. Correct test for exit status/signal to 2042221420Sdes account for waitpid() failure; with claudio@ ok claudio@ markus@ 2043221420Sdes - djm@cvs.openbsd.org 2010/12/24 21:41:48 2044221420Sdes [auth-options.c] 2045221420Sdes don't send the actual forced command in a debug message; ok markus deraadt 2046221420Sdes - otto@cvs.openbsd.org 2011/01/04 20:44:13 2047221420Sdes [ssh-keyscan.c] 2048221420Sdes handle ecdsa-sha2 with various key lengths; hint and ok djm@ 2049221420Sdes 2050221420Sdes20110104 2051221420Sdes - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage 2052221420Sdes formatter if it is present, followed by nroff and groff respectively. 2053221420Sdes Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports 2054221420Sdes in favour of mandoc). feedback and ok tim 2055221420Sdes 2056221420Sdes20110103 2057221420Sdes - (djm) [Makefile.in] revert local hack I didn't intend to commit 2058221420Sdes 2059221420Sdes20110102 2060221420Sdes - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker 2061221420Sdes - (djm) [configure.ac] Check whether libdes is needed when building 2062221420Sdes with Heimdal krb5 support. On OpenBSD this library no longer exists, 2063221420Sdes so linking it unconditionally causes a build failure; ok dtucker 2064221420Sdes 2065221420Sdes20101226 2066221420Sdes - (dtucker) OpenBSD CVS Sync 2067221420Sdes - djm@cvs.openbsd.org 2010/12/08 04:02:47 2068221420Sdes [ssh_config.5 sshd_config.5] 2069221420Sdes explain that IPQoS arguments are separated by whitespace; iirc requested 2070221420Sdes by jmc@ a while back 2071221420Sdes 2072221420Sdes20101205 2073221420Sdes - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from 2074221420Sdes debugging. Spotted by djm. 2075221420Sdes - (dtucker) OpenBSD CVS Sync 2076221420Sdes - djm@cvs.openbsd.org 2010/12/03 23:49:26 2077221420Sdes [schnorr.c] 2078221420Sdes check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao 2079221420Sdes (this code is still disabled, but apprently people are treating it as 2080221420Sdes a reference implementation) 2081221420Sdes - djm@cvs.openbsd.org 2010/12/03 23:55:27 2082221420Sdes [auth-rsa.c] 2083221420Sdes move check for revoked keys to run earlier (in auth_rsa_key_allowed) 2084221420Sdes bz#1829; patch from ldv AT altlinux.org; ok markus@ 2085221420Sdes - djm@cvs.openbsd.org 2010/12/04 00:18:01 2086221420Sdes [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] 2087221420Sdes add a protocol extension to support a hard link operation. It is 2088221420Sdes available through the "ln" command in the client. The old "ln" 2089221420Sdes behaviour of creating a symlink is available using its "-s" option 2090221420Sdes or through the preexisting "symlink" command; based on a patch from 2091221420Sdes miklos AT szeredi.hu in bz#1555; ok markus@ 2092221420Sdes - djm@cvs.openbsd.org 2010/12/04 13:31:37 2093221420Sdes [hostfile.c] 2094221420Sdes fix fd leak; spotted and ok dtucker 2095221420Sdes - djm@cvs.openbsd.org 2010/12/04 00:21:19 2096221420Sdes [regress/sftp-cmds.sh] 2097221420Sdes adjust for hard-link support 2098221420Sdes - (dtucker) [regress/Makefile] Id sync. 2099221420Sdes 2100221420Sdes20101204 2101221420Sdes - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) 2102221420Sdes instead of (arc4random() % range) 2103221420Sdes - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add 2104221420Sdes shims for the new, non-deprecated OpenSSL key generation functions for 2105221420Sdes platforms that don't have the new interfaces. 2106221420Sdes 2107221420Sdes20101201 2108221420Sdes - OpenBSD CVS Sync 2109221420Sdes - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 2110221420Sdes [auth2-pubkey.c] 2111221420Sdes clean up cases of ;; 2112221420Sdes - djm@cvs.openbsd.org 2010/11/21 01:01:13 2113221420Sdes [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] 2114221420Sdes honour $TMPDIR for client xauth and ssh-agent temporary directories; 2115221420Sdes feedback and ok markus@ 2116221420Sdes - djm@cvs.openbsd.org 2010/11/21 10:57:07 2117221420Sdes [authfile.c] 2118221420Sdes Refactor internals of private key loading and saving to work on memory 2119221420Sdes buffers rather than directly on files. This will make a few things 2120221420Sdes easier to do in the future; ok markus@ 2121221420Sdes - djm@cvs.openbsd.org 2010/11/23 02:35:50 2122221420Sdes [auth.c] 2123221420Sdes use strict_modes already passed as function argument over referencing 2124221420Sdes global options.strict_modes 2125221420Sdes - djm@cvs.openbsd.org 2010/11/23 23:57:24 2126221420Sdes [clientloop.c] 2127221420Sdes avoid NULL deref on receiving a channel request on an unknown or invalid 2128221420Sdes channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ 2129221420Sdes - djm@cvs.openbsd.org 2010/11/24 01:24:14 2130221420Sdes [channels.c] 2131221420Sdes remove a debug() that pollutes stderr on client connecting to a server 2132221420Sdes in debug mode (channel_close_fds is called transitively from the session 2133221420Sdes code post-fork); bz#1719, ok dtucker 2134221420Sdes - djm@cvs.openbsd.org 2010/11/25 04:10:09 2135221420Sdes [session.c] 2136221420Sdes replace close() loop for fds 3->64 with closefrom(); 2137221420Sdes ok markus deraadt dtucker 2138221420Sdes - djm@cvs.openbsd.org 2010/11/26 05:52:49 2139221420Sdes [scp.c] 2140221420Sdes Pass through ssh command-line flags and options when doing remote-remote 2141221420Sdes transfers, e.g. to enable agent forwarding which is particularly useful 2142221420Sdes in this case; bz#1837 ok dtucker@ 2143221420Sdes - markus@cvs.openbsd.org 2010/11/29 18:57:04 2144221420Sdes [authfile.c] 2145221420Sdes correctly load comment for encrypted rsa1 keys; 2146221420Sdes report/fix Joachim Schipper; ok djm@ 2147221420Sdes - djm@cvs.openbsd.org 2010/11/29 23:45:51 2148221420Sdes [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] 2149221420Sdes [sshconnect.h sshconnect2.c] 2150221420Sdes automatically order the hostkeys requested by the client based on 2151221420Sdes which hostkeys are already recorded in known_hosts. This avoids 2152221420Sdes hostkey warnings when connecting to servers with new ECDSA keys 2153221420Sdes that are preferred by default; with markus@ 2154221420Sdes 2155221420Sdes20101124 2156221420Sdes - (dtucker) [platform.c session.c] Move the getluid call out of session.c and 2157221420Sdes into the platform-specific code Only affects SCO, tested by and ok tim@. 2158221420Sdes - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow 2159221420Sdes group read/write. ok dtucker@ 2160221420Sdes - (dtucker) [packet.c] Remove redundant local declaration of "int tos". 2161221420Sdes - (djm) [defines.h] Add IP DSCP defines 2162221420Sdes 2163221420Sdes20101122 2164221420Sdes - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch 2165221420Sdes from vapier at gentoo org. 2166221420Sdes 2167221420Sdes20101120 2168221420Sdes - OpenBSD CVS Sync 2169221420Sdes - djm@cvs.openbsd.org 2010/11/05 02:46:47 2170221420Sdes [packet.c] 2171221420Sdes whitespace KNF 2172221420Sdes - djm@cvs.openbsd.org 2010/11/10 01:33:07 2173221420Sdes [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] 2174221420Sdes use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. 2175221420Sdes these have been around for years by this time. ok markus 2176221420Sdes - djm@cvs.openbsd.org 2010/11/13 23:27:51 2177221420Sdes [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] 2178221420Sdes [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] 2179221420Sdes allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of 2180221420Sdes hardcoding lowdelay/throughput. 2181221420Sdes 2182221420Sdes bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ 2183221420Sdes - jmc@cvs.openbsd.org 2010/11/15 07:40:14 2184221420Sdes [ssh_config.5] 2185221420Sdes libary -> library; 2186221420Sdes - jmc@cvs.openbsd.org 2010/11/18 15:01:00 2187221420Sdes [scp.1 sftp.1 ssh.1 sshd_config.5] 2188221420Sdes add IPQoS to the various -o lists, and zap some trailing whitespace; 2189221420Sdes 2190221420Sdes20101111 2191221420Sdes - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on 2192221420Sdes platforms that don't support ECC. Fixes some spurious warnings reported 2193221420Sdes by tim@ 2194221420Sdes 2195221420Sdes20101109 2196221420Sdes - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. 2197221420Sdes Feedback from dtucker@ 2198221420Sdes - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add 2199221420Sdes support for platforms missing isblank(). ok djm@ 2200221420Sdes 2201221420Sdes20101108 2202221420Sdes - (tim) [regress/Makefile] Fixes to allow building/testing outside source 2203221420Sdes tree. 2204221420Sdes - (tim) [regress/kextype.sh] Shell portability fix. 2205221420Sdes 2206221420Sdes20101107 2207221420Sdes - (dtucker) [platform.c] includes.h instead of defines.h so that we get 2208221420Sdes the correct typedefs. 2209221420Sdes 2210221420Sdes20101105 2211221420Sdes - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of 2212221420Sdes int. Should fix bz#1817 cleanly; ok dtucker@ 2213221420Sdes - OpenBSD CVS Sync 2214221420Sdes - djm@cvs.openbsd.org 2010/09/22 12:26:05 2215221420Sdes [regress/Makefile regress/kextype.sh] 2216221420Sdes regress test for each of the key exchange algorithms that we support 2217221420Sdes - djm@cvs.openbsd.org 2010/10/28 11:22:09 2218221420Sdes [authfile.c key.c key.h ssh-keygen.c] 2219221420Sdes fix a possible NULL deref on loading a corrupt ECDH key 2220221420Sdes 2221221420Sdes store ECDH group information in private keys files as "named groups" 2222221420Sdes rather than as a set of explicit group parameters (by setting 2223221420Sdes the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and 2224221420Sdes retrieves the group's OpenSSL NID that we need for various things. 2225221420Sdes - jmc@cvs.openbsd.org 2010/10/28 18:33:28 2226221420Sdes [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] 2227221420Sdes knock out some "-*- nroff -*-" lines; 2228221420Sdes - djm@cvs.openbsd.org 2010/11/04 02:45:34 2229221420Sdes [sftp-server.c] 2230221420Sdes umask should be parsed as octal. reported by candland AT xmission.com; 2231221420Sdes ok markus@ 2232221420Sdes - (dtucker) [configure.ac platform.{c,h} session.c 2233221420Sdes openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. 2234221420Sdes Patch from cory.erickson at csu mnscu edu with a bit of rework from me. 2235221420Sdes ok djm@ 2236221420Sdes - (dtucker) [platform.c platform.h session.c] Add a platform hook to run 2237221420Sdes after the user's groups are established and move the selinux calls into it. 2238221420Sdes - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into 2239221420Sdes platform.c 2240221420Sdes - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. 2241221420Sdes - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to 2242221420Sdes retain previous behavior. 2243221420Sdes - (dtucker) [platform.c session.c] Move the PAM credential establishment for 2244221420Sdes the LOGIN_CAP case into platform.c. 2245221420Sdes - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into 2246221420Sdes platform.c 2247221420Sdes - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. 2248221420Sdes - (dtucker) [platform.c session.c] Move irix setusercontext fragment into 2249221420Sdes platform.c. 2250221420Sdes - (dtucker) [platform.c session.c] Move PAM credential establishment for the 2251221420Sdes non-LOGIN_CAP case into platform.c. 2252221420Sdes - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case 2253221420Sdes check into platform.c 2254221420Sdes - (dtucker) [regress/keytype.sh] Import new test. 2255221420Sdes - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] 2256221420Sdes Import recent changes to regress/Makefile, pass a flag to enable ECC tests 2257221420Sdes from configure through to regress/Makefile and use it in the tests. 2258221420Sdes - (dtucker) [regress/kextype.sh] Add missing "test". 2259221420Sdes - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not 2260221420Sdes strictly correct since while ECC requires sha256 the reverse is not true 2261221420Sdes however it does prevent spurious test failures. 2262221420Sdes - (dtucker) [platform.c] Need servconf.h and extern options. 2263221420Sdes 2264221420Sdes20101025 2265221420Sdes - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with 2266221420Sdes 1.12 to unbreak Solaris build. 2267221420Sdes ok djm@ 2268221420Sdes - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a 2269221420Sdes native one. 2270221420Sdes 2271221420Sdes20101024 2272221420Sdes - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. 2273221420Sdes - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms 2274221420Sdes which don't have ECC support in libcrypto. 2275221420Sdes - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms 2276221420Sdes which don't have ECC support in libcrypto. 2277221420Sdes - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't 2278221420Sdes have it. 2279221420Sdes - (dtucker) OpenBSD CVS Sync 2280221420Sdes - sthen@cvs.openbsd.org 2010/10/23 22:06:12 2281221420Sdes [sftp.c] 2282221420Sdes escape '[' in filename tab-completion; fix a type while there. 2283221420Sdes ok djm@ 2284221420Sdes 2285221420Sdes20101021 2286221420Sdes - OpenBSD CVS Sync 2287221420Sdes - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 2288221420Sdes [mux.c] 2289221420Sdes Typo in confirmation message. bz#1827, patch from imorgan at 2290221420Sdes nas nasa gov 2291221420Sdes - djm@cvs.openbsd.org 2010/08/31 12:24:09 2292221420Sdes [regress/cert-hostkey.sh regress/cert-userkey.sh] 2293221420Sdes tests for ECDSA certificates 2294221420Sdes 2295221420Sdes20101011 2296221420Sdes - (djm) [canohost.c] Zero a4 instead of addr to better match type. 2297221420Sdes bz#1825, reported by foo AT mailinator.com 2298221420Sdes - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) 2299221420Sdes 2300221420Sdes20101011 2301221420Sdes - (djm) [configure.ac] Use = instead of == in shell tests. Patch from 2302221420Sdes dr AT vasco.com 2303221420Sdes 2304221420Sdes20101007 2305221420Sdes - (djm) [ssh-agent.c] Fix type for curve name. 2306221420Sdes - (djm) OpenBSD CVS Sync 2307221420Sdes - matthew@cvs.openbsd.org 2010/09/24 13:33:00 2308221420Sdes [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] 2309221420Sdes [openbsd-compat/timingsafe_bcmp.c] 2310221420Sdes Add timingsafe_bcmp(3) to libc, mention that it's already in the 2311221420Sdes kernel in kern(9), and remove it from OpenSSH. 2312221420Sdes ok deraadt@, djm@ 2313221420Sdes NB. re-added under openbsd-compat/ for portable OpenSSH 2314221420Sdes - djm@cvs.openbsd.org 2010/09/25 09:30:16 2315221420Sdes [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] 2316221420Sdes make use of new glob(3) GLOB_KEEPSTAT extension to save extra server 2317221420Sdes rountrips to fetch per-file stat(2) information. 2318221420Sdes NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to 2319221420Sdes match. 2320221420Sdes - djm@cvs.openbsd.org 2010/09/26 22:26:33 2321221420Sdes [sftp.c] 2322221420Sdes when performing an "ls" in columnated (short) mode, only call 2323221420Sdes ioctl(TIOCGWINSZ) once to get the window width instead of per- 2324221420Sdes filename 2325221420Sdes - djm@cvs.openbsd.org 2010/09/30 11:04:51 2326221420Sdes [servconf.c] 2327221420Sdes prevent free() of string in .rodata when overriding AuthorizedKeys in 2328221420Sdes a Match block; patch from rein AT basefarm.no 2329221420Sdes - djm@cvs.openbsd.org 2010/10/01 23:05:32 2330221420Sdes [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] 2331221420Sdes adapt to API changes in openssl-1.0.0a 2332221420Sdes NB. contains compat code to select correct API for older OpenSSL 2333221420Sdes - djm@cvs.openbsd.org 2010/10/05 05:13:18 2334221420Sdes [sftp.c sshconnect.c] 2335221420Sdes use default shell /bin/sh if $SHELL is ""; ok markus@ 2336221420Sdes - djm@cvs.openbsd.org 2010/10/06 06:39:28 2337221420Sdes [clientloop.c ssh.c sshconnect.c sshconnect.h] 2338221420Sdes kill proxy command on fatal() (we already kill it on clean exit); 2339221420Sdes ok markus@ 2340221420Sdes - djm@cvs.openbsd.org 2010/10/06 21:10:21 2341221420Sdes [sshconnect.c] 2342221420Sdes swapped args to kill(2) 2343221420Sdes - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. 2344221420Sdes - (djm) [cipher-acss.c] Add missing header. 2345221420Sdes - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp 2346221420Sdes 2347221420Sdes20100924 2348221420Sdes - (djm) OpenBSD CVS Sync 2349221420Sdes - naddy@cvs.openbsd.org 2010/09/10 15:19:29 2350221420Sdes [ssh-keygen.1] 2351221420Sdes * mention ECDSA in more places 2352221420Sdes * less repetition in FILES section 2353221420Sdes * SSHv1 keys are still encrypted with 3DES 2354221420Sdes help and ok jmc@ 2355221420Sdes - djm@cvs.openbsd.org 2010/09/11 21:44:20 2356221420Sdes [ssh.1] 2357221420Sdes mention RFC 5656 for ECC stuff 2358221420Sdes - jmc@cvs.openbsd.org 2010/09/19 21:30:05 2359221420Sdes [sftp.1] 2360221420Sdes more wacky macro fixing; 2361221420Sdes - djm@cvs.openbsd.org 2010/09/20 04:41:47 2362221420Sdes [ssh.c] 2363221420Sdes install a SIGCHLD handler to reap expiried child process; ok markus@ 2364221420Sdes - djm@cvs.openbsd.org 2010/09/20 04:50:53 2365221420Sdes [jpake.c schnorr.c] 2366221420Sdes check that received values are smaller than the group size in the 2367221420Sdes disabled and unfinished J-PAKE code. 2368221420Sdes avoids catastrophic security failure found by Sebastien Martini 2369221420Sdes - djm@cvs.openbsd.org 2010/09/20 04:54:07 2370221420Sdes [jpake.c] 2371221420Sdes missing #include 2372221420Sdes - djm@cvs.openbsd.org 2010/09/20 07:19:27 2373221420Sdes [mux.c] 2374221420Sdes "atomically" create the listening mux socket by binding it on a temorary 2375221420Sdes name and then linking it into position after listen() has succeeded. 2376221420Sdes this allows the mux clients to determine that the server socket is 2377221420Sdes either ready or stale without races. stale server sockets are now 2378221420Sdes automatically removed 2379221420Sdes ok deraadt 2380221420Sdes - djm@cvs.openbsd.org 2010/09/22 05:01:30 2381221420Sdes [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] 2382221420Sdes [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] 2383221420Sdes add a KexAlgorithms knob to the client and server configuration to allow 2384221420Sdes selection of which key exchange methods are used by ssh(1) and sshd(8) 2385221420Sdes and their order of preference. 2386221420Sdes ok markus@ 2387221420Sdes - jmc@cvs.openbsd.org 2010/09/22 08:30:08 2388221420Sdes [ssh.1 ssh_config.5] 2389221420Sdes ssh.1: add kexalgorithms to the -o list 2390221420Sdes ssh_config.5: format the kexalgorithms in a more consistent 2391221420Sdes (prettier!) way 2392221420Sdes ok djm 2393221420Sdes - djm@cvs.openbsd.org 2010/09/22 22:58:51 2394221420Sdes [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] 2395221420Sdes [sftp-client.h sftp.1 sftp.c] 2396221420Sdes add an option per-read/write callback to atomicio 2397221420Sdes 2398221420Sdes factor out bandwidth limiting code from scp(1) into a generic bandwidth 2399221420Sdes limiter that can be attached using the atomicio callback mechanism 2400221420Sdes 2401221420Sdes add a bandwidth limit option to sftp(1) using the above 2402221420Sdes "very nice" markus@ 2403221420Sdes - jmc@cvs.openbsd.org 2010/09/23 13:34:43 2404221420Sdes [sftp.c] 2405221420Sdes add [-l limit] to usage(); 2406221420Sdes - jmc@cvs.openbsd.org 2010/09/23 13:36:46 2407221420Sdes [scp.1 sftp.1] 2408221420Sdes add KexAlgorithms to the -o list; 2409221420Sdes 2410221420Sdes20100910 2411221420Sdes - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact 2412221420Sdes return code since it can apparently return -1 under some conditions. From 2413221420Sdes openssh bugs werbittewas de, ok djm@ 2414221420Sdes - OpenBSD CVS Sync 2415221420Sdes - djm@cvs.openbsd.org 2010/08/31 12:33:38 2416221420Sdes [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2417221420Sdes reintroduce commit from tedu@, which I pulled out for release 2418221420Sdes engineering: 2419221420Sdes OpenSSL_add_all_algorithms is the name of the function we have a 2420221420Sdes man page for, so use that. ok djm 2421221420Sdes - jmc@cvs.openbsd.org 2010/08/31 17:40:54 2422221420Sdes [ssh-agent.1] 2423221420Sdes fix some macro abuse; 2424221420Sdes - jmc@cvs.openbsd.org 2010/08/31 21:14:58 2425221420Sdes [ssh.1] 2426221420Sdes small text tweak to accommodate previous; 2427221420Sdes - naddy@cvs.openbsd.org 2010/09/01 15:21:35 2428221420Sdes [servconf.c] 2429221420Sdes pick up ECDSA host key by default; ok djm@ 2430221420Sdes - markus@cvs.openbsd.org 2010/09/02 16:07:25 2431221420Sdes [ssh-keygen.c] 2432221420Sdes permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ 2433221420Sdes - markus@cvs.openbsd.org 2010/09/02 16:08:39 2434221420Sdes [ssh.c] 2435221420Sdes unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ 2436221420Sdes - naddy@cvs.openbsd.org 2010/09/02 17:21:50 2437221420Sdes [ssh-keygen.c] 2438221420Sdes Switch ECDSA default key size to 256 bits, which according to RFC5656 2439221420Sdes should still be better than our current RSA-2048 default. 2440221420Sdes ok djm@, markus@ 2441221420Sdes - jmc@cvs.openbsd.org 2010/09/03 11:09:29 2442221420Sdes [scp.1] 2443221420Sdes add an EXIT STATUS section for /usr/bin; 2444221420Sdes - jmc@cvs.openbsd.org 2010/09/04 09:38:34 2445221420Sdes [ssh-add.1 ssh.1] 2446221420Sdes two more EXIT STATUS sections; 2447221420Sdes - naddy@cvs.openbsd.org 2010/09/06 17:10:19 2448221420Sdes [sshd_config] 2449221420Sdes add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste 2450221420Sdes <mattieu.b@gmail.com> 2451221420Sdes ok deraadt@ 2452221420Sdes - djm@cvs.openbsd.org 2010/09/08 03:54:36 2453221420Sdes [authfile.c] 2454221420Sdes typo 2455221420Sdes - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 2456221420Sdes [compress.c] 2457221420Sdes work around name-space collisions some buggy compilers (looking at you 2458221420Sdes gcc, at least in earlier versions, but this does not forgive your current 2459221420Sdes transgressions) seen between zlib and openssl 2460221420Sdes ok djm 2461221420Sdes - djm@cvs.openbsd.org 2010/09/09 10:45:45 2462221420Sdes [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] 2463221420Sdes ECDH/ECDSA compliance fix: these methods vary the hash function they use 2464221420Sdes (SHA256/384/512) depending on the length of the curve in use. The previous 2465221420Sdes code incorrectly used SHA256 in all cases. 2466221420Sdes 2467221420Sdes This fix will cause authentication failure when using 384 or 521-bit curve 2468221420Sdes keys if one peer hasn't been upgraded and the other has. (256-bit curve 2469221420Sdes keys work ok). In particular you may need to specify HostkeyAlgorithms 2470221420Sdes when connecting to a server that has not been upgraded from an upgraded 2471221420Sdes client. 2472221420Sdes 2473221420Sdes ok naddy@ 2474221420Sdes - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] 2475221420Sdes [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] 2476221420Sdes [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on 2477221420Sdes platforms that don't have the requisite OpenSSL support. ok dtucker@ 2478221420Sdes - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs 2479221420Sdes for missing headers and compiler warnings. 2480221420Sdes 2481221420Sdes20100831 2482221420Sdes - OpenBSD CVS Sync 2483221420Sdes - jmc@cvs.openbsd.org 2010/08/08 19:36:30 2484221420Sdes [ssh-keysign.8 ssh.1 sshd.8] 2485221420Sdes use the same template for all FILES sections; i.e. -compact/.Pp where we 2486221420Sdes have multiple items, and .Pa for path names; 2487221420Sdes - tedu@cvs.openbsd.org 2010/08/12 23:34:39 2488221420Sdes [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2489221420Sdes OpenSSL_add_all_algorithms is the name of the function we have a man page 2490221420Sdes for, so use that. ok djm 2491221420Sdes - djm@cvs.openbsd.org 2010/08/16 04:06:06 2492221420Sdes [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] 2493221420Sdes backout previous temporarily; discussed with deraadt@ 2494221420Sdes - djm@cvs.openbsd.org 2010/08/31 09:58:37 2495221420Sdes [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] 2496221420Sdes [packet.h ssh-dss.c ssh-rsa.c] 2497221420Sdes Add buffer_get_cstring() and related functions that verify that the 2498221420Sdes string extracted from the buffer contains no embedded \0 characters* 2499221420Sdes This prevents random (possibly malicious) crap from being appended to 2500221420Sdes strings where it would not be noticed if the string is used with 2501221420Sdes a string(3) function. 2502221420Sdes 2503221420Sdes Use the new API in a few sensitive places. 2504221420Sdes 2505221420Sdes * actually, we allow a single one at the end of the string for now because 2506221420Sdes we don't know how many deployed implementations get this wrong, but don't 2507221420Sdes count on this to remain indefinitely. 2508221420Sdes - djm@cvs.openbsd.org 2010/08/31 11:54:45 2509221420Sdes [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] 2510221420Sdes [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] 2511221420Sdes [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] 2512221420Sdes [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] 2513221420Sdes [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] 2514221420Sdes [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] 2515221420Sdes [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] 2516221420Sdes Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and 2517221420Sdes host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer 2518221420Sdes better performance than plain DH and DSA at the same equivalent symmetric 2519221420Sdes key length, as well as much shorter keys. 2520221420Sdes 2521221420Sdes Only the mandatory sections of RFC5656 are implemented, specifically the 2522221420Sdes three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and 2523221420Sdes ECDSA. Point compression (optional in RFC5656 is NOT implemented). 2524221420Sdes 2525221420Sdes Certificate host and user keys using the new ECDSA key types are supported. 2526221420Sdes 2527221420Sdes Note that this code has not been tested for interoperability and may be 2528221420Sdes subject to change. 2529221420Sdes 2530221420Sdes feedback and ok markus@ 2531221420Sdes - (djm) [Makefile.in] Add new ECC files 2532221420Sdes - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include 2533221420Sdes includes.h 2534221420Sdes 2535221420Sdes20100827 2536221420Sdes - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, 2537221420Sdes remove. Patch from martynas at venck us 2538221420Sdes 2539215116Sdes20100823 2540215116Sdes - (djm) Release OpenSSH-5.6p1 2541215116Sdes 2542215116Sdes20100816 2543215116Sdes - (dtucker) [configure.ac openbsd-compat/Makefile.in 2544215116Sdes openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to 2545215116Sdes the compat library which helps on platforms like old IRIX. Based on work 2546215116Sdes by djm, tested by Tom Christensen. 2547215116Sdes - OpenBSD CVS Sync 2548215116Sdes - djm@cvs.openbsd.org 2010/08/12 21:49:44 2549215116Sdes [ssh.c] 2550215116Sdes close any extra file descriptors inherited from parent at start and 2551215116Sdes reopen stdin/stdout to /dev/null when forking for ControlPersist. 2552215116Sdes 2553215116Sdes prevents tools that fork and run a captive ssh for communication from 2554215116Sdes failing to exit when the ssh completes while they wait for these fds to 2555215116Sdes close. The inherited fds may persist arbitrarily long if a background 2556215116Sdes mux master has been started by ControlPersist. cvs and scp were effected 2557215116Sdes by this. 2558215116Sdes 2559215116Sdes "please commit" markus@ 2560215116Sdes - (djm) [regress/README.regress] typo 2561215116Sdes 2562215116Sdes20100812 2563215116Sdes - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh 2564215116Sdes regress/test-exec.sh] Under certain conditions when testing with sudo 2565215116Sdes tests would fail because the pidfile could not be read by a regular user. 2566215116Sdes "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" 2567215116Sdes Make sure cat is run by $SUDO. no objection from me. djm@ 2568215116Sdes - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. 2569215116Sdes 2570215116Sdes20100809 2571215116Sdes - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is 2572215116Sdes already set. Makes FreeBSD user openable tunnels useful; patch from 2573215116Sdes richard.burakowski+ossh AT mrburak.net, ok dtucker@ 2574215116Sdes - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. 2575215116Sdes based in part on a patch from Colin Watson, ok djm@ 2576215116Sdes 2577215116Sdes20100809 2578215116Sdes - OpenBSD CVS Sync 2579215116Sdes - djm@cvs.openbsd.org 2010/08/08 16:26:42 2580215116Sdes [version.h] 2581215116Sdes crank to 5.6 2582215116Sdes - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 2583215116Sdes [contrib/suse/openssh.spec] Crank version numbers 2584215116Sdes 2585215116Sdes20100805 2586215116Sdes - OpenBSD CVS Sync 2587215116Sdes - djm@cvs.openbsd.org 2010/08/04 05:37:01 2588215116Sdes [ssh.1 ssh_config.5 sshd.8] 2589215116Sdes Remove mentions of weird "addr/port" alternate address format for IPv6 2590215116Sdes addresses combinations. It hasn't worked for ages and we have supported 2591215116Sdes the more commen "[addr]:port" format for a long time. ok jmc@ markus@ 2592215116Sdes - djm@cvs.openbsd.org 2010/08/04 05:40:39 2593215116Sdes [PROTOCOL.certkeys ssh-keygen.c] 2594215116Sdes tighten the rules for certificate encoding by requiring that options 2595215116Sdes appear in lexical order and make our ssh-keygen comply. ok markus@ 2596215116Sdes - djm@cvs.openbsd.org 2010/08/04 05:42:47 2597215116Sdes [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] 2598215116Sdes [ssh-keysign.c ssh.c] 2599215116Sdes enable certificates for hostbased authentication, from Iain Morgan; 2600215116Sdes "looks ok" markus@ 2601215116Sdes - djm@cvs.openbsd.org 2010/08/04 05:49:22 2602215116Sdes [authfile.c] 2603215116Sdes commited the wrong version of the hostbased certificate diff; this 2604215116Sdes version replaces some strlc{py,at} verbosity with xasprintf() at 2605215116Sdes the request of markus@ 2606215116Sdes - djm@cvs.openbsd.org 2010/08/04 06:07:11 2607215116Sdes [ssh-keygen.1 ssh-keygen.c] 2608215116Sdes Support CA keys in PKCS#11 tokens; feedback and ok markus@ 2609215116Sdes - djm@cvs.openbsd.org 2010/08/04 06:08:40 2610215116Sdes [ssh-keysign.c] 2611215116Sdes clean for -Wuninitialized (Id sync only; portable had this change) 2612215116Sdes - djm@cvs.openbsd.org 2010/08/05 13:08:42 2613215116Sdes [channels.c] 2614215116Sdes Fix a trio of bugs in the local/remote window calculation for datagram 2615215116Sdes data channels (i.e. TunnelForward): 2616215116Sdes 2617215116Sdes Calculate local_consumed correctly in channel_handle_wfd() by measuring 2618215116Sdes the delta to buffer_len(c->output) from when we start to when we finish. 2619215116Sdes The proximal problem here is that the output_filter we use in portable 2620215116Sdes modified the length of the dequeued datagram (to futz with the headers 2621215116Sdes for !OpenBSD). 2622215116Sdes 2623215116Sdes In channel_output_poll(), don't enqueue datagrams that won't fit in the 2624215116Sdes peer's advertised packet size (highly unlikely to ever occur) or which 2625215116Sdes won't fit in the peer's remaining window (more likely). 2626215116Sdes 2627215116Sdes In channel_input_data(), account for the 4-byte string header in 2628215116Sdes datagram packets that we accept from the peer and enqueue in c->output. 2629215116Sdes 2630215116Sdes report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; 2631215116Sdes "looks good" markus@ 2632215116Sdes 2633215116Sdes20100803 2634215116Sdes - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from 2635215116Sdes PAM to sane values in case the PAM method doesn't write to them. Spotted by 2636215116Sdes Bitman Zhou, ok djm@. 2637215116Sdes - OpenBSD CVS Sync 2638215116Sdes - djm@cvs.openbsd.org 2010/07/16 04:45:30 2639215116Sdes [ssh-keygen.c] 2640215116Sdes avoid bogus compiler warning 2641215116Sdes - djm@cvs.openbsd.org 2010/07/16 14:07:35 2642215116Sdes [ssh-rsa.c] 2643215116Sdes more timing paranoia - compare all parts of the expected decrypted 2644215116Sdes data before returning. AFAIK not exploitable in the SSH protocol. 2645215116Sdes "groovy" deraadt@ 2646215116Sdes - djm@cvs.openbsd.org 2010/07/19 03:16:33 2647215116Sdes [sftp-client.c] 2648215116Sdes bz#1797: fix swapped args in upload_dir_internal(), breaking recursive 2649215116Sdes upload depth checks and causing verbose printing of transfers to always 2650215116Sdes be turned on; patch from imorgan AT nas.nasa.gov 2651215116Sdes - djm@cvs.openbsd.org 2010/07/19 09:15:12 2652215116Sdes [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] 2653215116Sdes add a "ControlPersist" option that automatically starts a background 2654215116Sdes ssh(1) multiplex master when connecting. This connection can stay alive 2655215116Sdes indefinitely, or can be set to automatically close after a user-specified 2656215116Sdes duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but 2657215116Sdes further hacked on by wmertens AT cisco.com, apb AT cequrux.com, 2658215116Sdes martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ 2659215116Sdes - djm@cvs.openbsd.org 2010/07/21 02:10:58 2660215116Sdes [misc.c] 2661215116Sdes sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern 2662215116Sdes - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 2663215116Sdes [ssh.1] 2664215116Sdes Ciphers is documented in ssh_config(5) these days 2665215116Sdes 2666215116Sdes20100819 2667215116Sdes - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more 2668215116Sdes details about its behaviour WRT existing directories. Patch from 2669215116Sdes asguthrie at gmail com, ok djm. 2670215116Sdes 2671215116Sdes20100716 2672215116Sdes - (djm) OpenBSD CVS Sync 2673215116Sdes - djm@cvs.openbsd.org 2010/07/02 04:32:44 2674215116Sdes [misc.c] 2675215116Sdes unbreak strdelim() skipping past quoted strings, e.g. 2676215116Sdes AllowUsers "blah blah" blah 2677215116Sdes was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com 2678215116Sdes ok dtucker; 2679215116Sdes - djm@cvs.openbsd.org 2010/07/12 22:38:52 2680215116Sdes [ssh.c] 2681215116Sdes Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") 2682215116Sdes for protocol 2. ok markus@ 2683215116Sdes - djm@cvs.openbsd.org 2010/07/12 22:41:13 2684215116Sdes [ssh.c ssh_config.5] 2685215116Sdes expand %h to the hostname in ssh_config Hostname options. While this 2686215116Sdes sounds useless, it is actually handy for working with unqualified 2687215116Sdes hostnames: 2688215116Sdes 2689215116Sdes Host *.* 2690215116Sdes Hostname %h 2691215116Sdes Host * 2692215116Sdes Hostname %h.example.org 2693215116Sdes 2694215116Sdes "I like it" markus@ 2695215116Sdes - djm@cvs.openbsd.org 2010/07/13 11:52:06 2696215116Sdes [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] 2697215116Sdes [packet.c ssh-rsa.c] 2698215116Sdes implement a timing_safe_cmp() function to compare memory without leaking 2699215116Sdes timing information by short-circuiting like memcmp() and use it for 2700215116Sdes some of the more sensitive comparisons (though nothing high-value was 2701215116Sdes readily attackable anyway); "looks ok" markus@ 2702215116Sdes - djm@cvs.openbsd.org 2010/07/13 23:13:16 2703215116Sdes [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] 2704215116Sdes [ssh-rsa.c] 2705215116Sdes s/timing_safe_cmp/timingsafe_bcmp/g 2706215116Sdes - jmc@cvs.openbsd.org 2010/07/14 17:06:58 2707215116Sdes [ssh.1] 2708215116Sdes finally ssh synopsis looks nice again! this commit just removes a ton of 2709215116Sdes hacks we had in place to make it work with old groff; 2710215116Sdes - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 2711215116Sdes [ssh-keygen.1] 2712215116Sdes repair incorrect block nesting, which screwed up indentation; 2713215116Sdes problem reported and fix OK by jmc@ 2714215116Sdes 2715215116Sdes20100714 2716215116Sdes - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass 2717215116Sdes (line 77) should have been for no_x11_askpass. 2718215116Sdes 2719215116Sdes20100702 2720215116Sdes - (djm) OpenBSD CVS Sync 2721215116Sdes - jmc@cvs.openbsd.org 2010/06/26 00:57:07 2722215116Sdes [ssh_config.5] 2723215116Sdes tweak previous; 2724215116Sdes - djm@cvs.openbsd.org 2010/06/26 23:04:04 2725215116Sdes [ssh.c] 2726215116Sdes oops, forgot to #include <canohost.h>; spotted and patch from chl@ 2727215116Sdes - djm@cvs.openbsd.org 2010/06/29 23:15:30 2728215116Sdes [ssh-keygen.1 ssh-keygen.c] 2729215116Sdes allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; 2730215116Sdes bz#1749; ok markus@ 2731215116Sdes - djm@cvs.openbsd.org 2010/06/29 23:16:46 2732215116Sdes [auth2-pubkey.c sshd_config.5] 2733215116Sdes allow key options (command="..." and friends) in AuthorizedPrincipals; 2734215116Sdes ok markus@ 2735215116Sdes - jmc@cvs.openbsd.org 2010/06/30 07:24:25 2736215116Sdes [ssh-keygen.1] 2737215116Sdes tweak previous; 2738215116Sdes - jmc@cvs.openbsd.org 2010/06/30 07:26:03 2739215116Sdes [ssh-keygen.c] 2740215116Sdes sort usage(); 2741215116Sdes - jmc@cvs.openbsd.org 2010/06/30 07:28:34 2742215116Sdes [sshd_config.5] 2743215116Sdes tweak previous; 2744215116Sdes - millert@cvs.openbsd.org 2010/07/01 13:06:59 2745215116Sdes [scp.c] 2746215116Sdes Fix a longstanding problem where if you suspend scp at the 2747215116Sdes password/passphrase prompt the terminal mode is not restored. 2748215116Sdes OK djm@ 2749215116Sdes - phessler@cvs.openbsd.org 2010/06/27 19:19:56 2750215116Sdes [regress/Makefile] 2751215116Sdes fix how we run the tests so we can successfully use SUDO='sudo -E' 2752215116Sdes in our env 2753215116Sdes - djm@cvs.openbsd.org 2010/06/29 23:59:54 2754215116Sdes [cert-userkey.sh] 2755215116Sdes regress tests for key options in AuthorizedPrincipals 2756215116Sdes 2757215116Sdes20100627 2758215116Sdes - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs 2759215116Sdes key.h. 2760215116Sdes 2761215116Sdes20100626 2762215116Sdes - (djm) OpenBSD CVS Sync 2763215116Sdes - djm@cvs.openbsd.org 2010/05/21 05:00:36 2764215116Sdes [misc.c] 2765215116Sdes colon() returns char*, so s/return (0)/return NULL/ 2766215116Sdes - markus@cvs.openbsd.org 2010/06/08 21:32:19 2767215116Sdes [ssh-pkcs11.c] 2768215116Sdes check length of value returned C_GetAttributValue for != 0 2769215116Sdes from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ 2770215116Sdes - djm@cvs.openbsd.org 2010/06/17 07:07:30 2771215116Sdes [mux.c] 2772215116Sdes Correct sizing of object to be allocated by calloc(), replacing 2773215116Sdes sizeof(state) with sizeof(*state). This worked by accident since 2774215116Sdes the struct contained a single int at present, but could have broken 2775215116Sdes in the future. patch from hyc AT symas.com 2776215116Sdes - djm@cvs.openbsd.org 2010/06/18 00:58:39 2777215116Sdes [sftp.c] 2778215116Sdes unbreak ls in working directories that contains globbing characters in 2779215116Sdes their pathnames. bz#1655 reported by vgiffin AT apple.com 2780215116Sdes - djm@cvs.openbsd.org 2010/06/18 03:16:03 2781215116Sdes [session.c] 2782215116Sdes Missing check for chroot_director == "none" (we already checked against 2783215116Sdes NULL); bz#1564 from Jan.Pechanec AT Sun.COM 2784215116Sdes - djm@cvs.openbsd.org 2010/06/18 04:43:08 2785215116Sdes [sftp-client.c] 2786215116Sdes fix memory leak in do_realpath() error path; bz#1771, patch from 2787215116Sdes anicka AT suse.cz 2788215116Sdes - djm@cvs.openbsd.org 2010/06/22 04:22:59 2789215116Sdes [servconf.c sshd_config.5] 2790215116Sdes expose some more sshd_config options inside Match blocks: 2791215116Sdes AuthorizedKeysFile AuthorizedPrincipalsFile 2792215116Sdes HostbasedUsesNameFromPacketOnly PermitTunnel 2793215116Sdes bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ 2794215116Sdes - djm@cvs.openbsd.org 2010/06/22 04:32:06 2795215116Sdes [ssh-keygen.c] 2796215116Sdes standardise error messages when attempting to open private key 2797215116Sdes files to include "progname: filename: error reason" 2798215116Sdes bz#1783; ok dtucker@ 2799215116Sdes - djm@cvs.openbsd.org 2010/06/22 04:49:47 2800215116Sdes [auth.c] 2801215116Sdes queue auth debug messages for bad ownership or permissions on the user's 2802215116Sdes keyfiles. These messages will be sent after the user has successfully 2803215116Sdes authenticated (where our client will display them with LogLevel=debug). 2804215116Sdes bz#1554; ok dtucker@ 2805215116Sdes - djm@cvs.openbsd.org 2010/06/22 04:54:30 2806215116Sdes [ssh-keyscan.c] 2807215116Sdes replace verbose and overflow-prone Linebuf code with read_keyfile_line() 2808215116Sdes based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ 2809215116Sdes - djm@cvs.openbsd.org 2010/06/22 04:59:12 2810215116Sdes [session.c] 2811215116Sdes include the user name on "subsystem request for ..." log messages; 2812215116Sdes bz#1571; ok dtucker@ 2813215116Sdes - djm@cvs.openbsd.org 2010/06/23 02:59:02 2814215116Sdes [ssh-keygen.c] 2815215116Sdes fix printing of extensions in v01 certificates that I broke in r1.190 2816215116Sdes - djm@cvs.openbsd.org 2010/06/25 07:14:46 2817215116Sdes [channels.c mux.c readconf.c readconf.h ssh.h] 2818215116Sdes bz#1327: remove hardcoded limit of 100 permitopen clauses and port 2819215116Sdes forwards per direction; ok markus@ stevesk@ 2820215116Sdes - djm@cvs.openbsd.org 2010/06/25 07:20:04 2821215116Sdes [channels.c session.c] 2822215116Sdes bz#1750: fix requirement for /dev/null inside ChrootDirectory for 2823215116Sdes internal-sftp accidentally introduced in r1.253 by removing the code 2824215116Sdes that opens and dup /dev/null to stderr and modifying the channels code 2825215116Sdes to read stderr but discard it instead; ok markus@ 2826215116Sdes - djm@cvs.openbsd.org 2010/06/25 08:46:17 2827215116Sdes [auth1.c auth2-none.c] 2828215116Sdes skip the initial check for access with an empty password when 2829215116Sdes PermitEmptyPasswords=no; bz#1638; ok markus@ 2830215116Sdes - djm@cvs.openbsd.org 2010/06/25 23:10:30 2831215116Sdes [ssh.c] 2832215116Sdes log the hostname and address that we connected to at LogLevel=verbose 2833215116Sdes after authentication is successful to mitigate "phishing" attacks by 2834215116Sdes servers with trusted keys that accept authentication silently and 2835215116Sdes automatically before presenting fake password/passphrase prompts; 2836215116Sdes "nice!" markus@ 2837215116Sdes - djm@cvs.openbsd.org 2010/06/25 23:10:30 2838215116Sdes [ssh.c] 2839215116Sdes log the hostname and address that we connected to at LogLevel=verbose 2840215116Sdes after authentication is successful to mitigate "phishing" attacks by 2841215116Sdes servers with trusted keys that accept authentication silently and 2842215116Sdes automatically before presenting fake password/passphrase prompts; 2843215116Sdes "nice!" markus@ 2844215116Sdes 2845215116Sdes20100622 2846215116Sdes - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 2847215116Sdes bz#1579; ok dtucker 2848215116Sdes 2849215116Sdes20100618 2850215116Sdes - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ 2851215116Sdes rather than assuming that $CWD == $HOME. bz#1500, patch from 2852215116Sdes timothy AT gelter.com 2853215116Sdes 2854215116Sdes20100617 2855215116Sdes - (tim) [contrib/cygwin/README] Remove a reference to the obsolete 2856215116Sdes minires-devel package, and to add the reference to the libedit-devel 2857215116Sdes package since CYgwin now provides libedit. Patch from Corinna Vinschen. 2858215116Sdes 2859215116Sdes20100521 2860215116Sdes - (djm) OpenBSD CVS Sync 2861215116Sdes - djm@cvs.openbsd.org 2010/05/07 11:31:26 2862215116Sdes [regress/Makefile regress/cert-userkey.sh] 2863215116Sdes regress tests for AuthorizedPrincipalsFile and "principals=" key option. 2864215116Sdes feedback and ok markus@ 2865215116Sdes - djm@cvs.openbsd.org 2010/05/11 02:58:04 2866215116Sdes [auth-rsa.c] 2867215116Sdes don't accept certificates marked as "cert-authority" here; ok markus@ 2868215116Sdes - djm@cvs.openbsd.org 2010/05/14 00:47:22 2869215116Sdes [ssh-add.c] 2870215116Sdes check that the certificate matches the corresponding private key before 2871215116Sdes grafting it on 2872215116Sdes - djm@cvs.openbsd.org 2010/05/14 23:29:23 2873215116Sdes [channels.c channels.h mux.c ssh.c] 2874215116Sdes Pause the mux channel while waiting for reply from aynch callbacks. 2875215116Sdes Prevents misordering of replies if new requests arrive while waiting. 2876215116Sdes 2877215116Sdes Extend channel open confirm callback to allow signalling failure 2878215116Sdes conditions as well as success. Use this to 1) fix a memory leak, 2) 2879215116Sdes start using the above pause mechanism and 3) delay sending a success/ 2880215116Sdes failure message on mux slave session open until we receive a reply from 2881215116Sdes the server. 2882215116Sdes 2883215116Sdes motivated by and with feedback from markus@ 2884215116Sdes - markus@cvs.openbsd.org 2010/05/16 12:55:51 2885215116Sdes [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] 2886215116Sdes mux support for remote forwarding with dynamic port allocation, 2887215116Sdes use with 2888215116Sdes LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` 2889215116Sdes feedback and ok djm@ 2890215116Sdes - djm@cvs.openbsd.org 2010/05/20 11:25:26 2891215116Sdes [auth2-pubkey.c] 2892215116Sdes fix logspam when key options (from="..." especially) deny non-matching 2893215116Sdes keys; reported by henning@ also bz#1765; ok markus@ dtucker@ 2894215116Sdes - djm@cvs.openbsd.org 2010/05/20 23:46:02 2895215116Sdes [PROTOCOL.certkeys auth-options.c ssh-keygen.c] 2896215116Sdes Move the permit-* options to the non-critical "extensions" field for v01 2897215116Sdes certificates. The logic is that if another implementation fails to 2898215116Sdes implement them then the connection just loses features rather than fails 2899215116Sdes outright. 2900215116Sdes 2901215116Sdes ok markus@ 2902215116Sdes 2903215116Sdes20100511 2904215116Sdes - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve 2905215116Sdes circular dependency problem on old or odd platforms. From Tom Lane, ok 2906215116Sdes djm@. 2907215116Sdes - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older 2908215116Sdes libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't 2909215116Sdes already. ok dtucker@ 2910215116Sdes 2911215116Sdes20100510 2912215116Sdes - OpenBSD CVS Sync 2913215116Sdes - djm@cvs.openbsd.org 2010/04/23 01:47:41 2914215116Sdes [ssh-keygen.c] 2915215116Sdes bz#1740: display a more helpful error message when $HOME is 2916215116Sdes inaccessible while trying to create .ssh directory. Based on patch 2917215116Sdes from jchadima AT redhat.com; ok dtucker@ 2918215116Sdes - djm@cvs.openbsd.org 2010/04/23 22:27:38 2919215116Sdes [mux.c] 2920215116Sdes set "detach_close" flag when registering channel cleanup callbacks. 2921215116Sdes This causes the channel to close normally when its fds close and 2922215116Sdes hangs when terminating a mux slave using ~. bz#1758; ok markus@ 2923215116Sdes - djm@cvs.openbsd.org 2010/04/23 22:42:05 2924215116Sdes [session.c] 2925215116Sdes set stderr to /dev/null for subsystems rather than just closing it. 2926215116Sdes avoids hangs if a subsystem or shell initialisation writes to stderr. 2927215116Sdes bz#1750; ok markus@ 2928215116Sdes - djm@cvs.openbsd.org 2010/04/23 22:48:31 2929215116Sdes [ssh-keygen.c] 2930215116Sdes refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, 2931215116Sdes since we would refuse to use them anyway. bz#1516; ok dtucker@ 2932215116Sdes - djm@cvs.openbsd.org 2010/04/26 22:28:24 2933215116Sdes [sshconnect2.c] 2934215116Sdes bz#1502: authctxt.success is declared as an int, but passed by 2935215116Sdes reference to function that accepts sig_atomic_t*. Convert it to 2936215116Sdes the latter; ok markus@ dtucker@ 2937215116Sdes - djm@cvs.openbsd.org 2010/05/01 02:50:50 2938215116Sdes [PROTOCOL.certkeys] 2939215116Sdes typo; jmeltzer@ 2940215116Sdes - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 2941215116Sdes [sftp.c] 2942215116Sdes restore mput and mget which got lost in the tab-completion changes. 2943215116Sdes found by Kenneth Whitaker, ok djm@ 2944215116Sdes - djm@cvs.openbsd.org 2010/05/07 11:30:30 2945215116Sdes [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] 2946215116Sdes [key.c servconf.c servconf.h sshd.8 sshd_config.5] 2947215116Sdes add some optional indirection to matching of principal names listed 2948215116Sdes in certificates. Currently, a certificate must include the a user's name 2949215116Sdes to be accepted for authentication. This change adds the ability to 2950215116Sdes specify a list of certificate principal names that are acceptable. 2951215116Sdes 2952215116Sdes When authenticating using a CA trusted through ~/.ssh/authorized_keys, 2953215116Sdes this adds a new principals="name1[,name2,...]" key option. 2954215116Sdes 2955215116Sdes For CAs listed through sshd_config's TrustedCAKeys option, a new config 2956215116Sdes option "AuthorizedPrincipalsFile" specifies a per-user file containing 2957215116Sdes the list of acceptable names. 2958215116Sdes 2959215116Sdes If either option is absent, the current behaviour of requiring the 2960215116Sdes username to appear in principals continues to apply. 2961215116Sdes 2962215116Sdes These options are useful for role accounts, disjoint account namespaces 2963215116Sdes and "user@realm"-style naming policies in certificates. 2964215116Sdes 2965215116Sdes feedback and ok markus@ 2966215116Sdes - jmc@cvs.openbsd.org 2010/05/07 12:49:17 2967215116Sdes [sshd_config.5] 2968215116Sdes tweak previous; 2969215116Sdes 2970215116Sdes20100423 2971215116Sdes - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir 2972215116Sdes in the openssl install directory (some newer openssl versions do this on at 2973215116Sdes least some amd64 platforms). 2974215116Sdes 2975215116Sdes20100418 2976215116Sdes - OpenBSD CVS Sync 2977215116Sdes - jmc@cvs.openbsd.org 2010/04/16 06:45:01 2978215116Sdes [ssh_config.5] 2979215116Sdes tweak previous; ok djm 2980215116Sdes - jmc@cvs.openbsd.org 2010/04/16 06:47:04 2981215116Sdes [ssh-keygen.1 ssh-keygen.c] 2982215116Sdes tweak previous; ok djm 2983215116Sdes - djm@cvs.openbsd.org 2010/04/16 21:14:27 2984215116Sdes [sshconnect.c] 2985215116Sdes oops, %r => remote username, not %u 2986215116Sdes - djm@cvs.openbsd.org 2010/04/16 01:58:45 2987215116Sdes [regress/cert-hostkey.sh regress/cert-userkey.sh] 2988215116Sdes regression tests for v01 certificate format 2989215116Sdes includes interop tests for v00 certs 2990215116Sdes - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default 2991215116Sdes file. 2992215116Sdes 2993215116Sdes20100416 2994215116Sdes - (djm) Release openssh-5.5p1 2995215116Sdes - OpenBSD CVS Sync 2996215116Sdes - djm@cvs.openbsd.org 2010/03/26 03:13:17 2997215116Sdes [bufaux.c] 2998215116Sdes allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer 2999215116Sdes argument to allow skipping past values in a buffer 3000215116Sdes - jmc@cvs.openbsd.org 2010/03/26 06:54:36 3001215116Sdes [ssh.1] 3002215116Sdes tweak previous; 3003215116Sdes - jmc@cvs.openbsd.org 2010/03/27 14:26:55 3004215116Sdes [ssh_config.5] 3005215116Sdes tweak previous; ok dtucker 3006215116Sdes - djm@cvs.openbsd.org 2010/04/10 00:00:16 3007215116Sdes [ssh.c] 3008215116Sdes bz#1746 - suppress spurious tty warning when using -O and stdin 3009215116Sdes is not a tty; ok dtucker@ markus@ 3010215116Sdes - djm@cvs.openbsd.org 2010/04/10 00:04:30 3011215116Sdes [sshconnect.c] 3012215116Sdes fix terminology: we didn't find a certificate in known_hosts, we found 3013215116Sdes a CA key 3014215116Sdes - djm@cvs.openbsd.org 2010/04/10 02:08:44 3015215116Sdes [clientloop.c] 3016215116Sdes bz#1698: kill channel when pty allocation requests fail. Fixed 3017215116Sdes stuck client if the server refuses pty allocation. 3018215116Sdes ok dtucker@ "think so" markus@ 3019215116Sdes - djm@cvs.openbsd.org 2010/04/10 02:10:56 3020215116Sdes [sshconnect2.c] 3021215116Sdes show the key type that we are offering in debug(), helps distinguish 3022215116Sdes between certs and plain keys as the path to the private key is usually 3023215116Sdes the same. 3024215116Sdes - djm@cvs.openbsd.org 2010/04/10 05:48:16 3025215116Sdes [mux.c] 3026215116Sdes fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au 3027215116Sdes - djm@cvs.openbsd.org 2010/04/14 22:27:42 3028215116Sdes [ssh_config.5 sshconnect.c] 3029215116Sdes expand %r => remote username in ssh_config:ProxyCommand; 3030215116Sdes ok deraadt markus 3031215116Sdes - markus@cvs.openbsd.org 2010/04/15 20:32:55 3032215116Sdes [ssh-pkcs11.c] 3033215116Sdes retry lookup for private key if there's no matching key with CKA_SIGN 3034215116Sdes attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) 3035215116Sdes ok djm@ 3036215116Sdes - djm@cvs.openbsd.org 2010/04/16 01:47:26 3037215116Sdes [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] 3038215116Sdes [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] 3039215116Sdes [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] 3040215116Sdes [sshconnect.c sshconnect2.c sshd.c] 3041215116Sdes revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the 3042215116Sdes following changes: 3043215116Sdes 3044215116Sdes move the nonce field to the beginning of the certificate where it can 3045215116Sdes better protect against chosen-prefix attacks on the signature hash 3046215116Sdes 3047215116Sdes Rename "constraints" field to "critical options" 3048215116Sdes 3049215116Sdes Add a new non-critical "extensions" field 3050215116Sdes 3051215116Sdes Add a serial number 3052215116Sdes 3053215116Sdes The older format is still support for authentication and cert generation 3054215116Sdes (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) 3055215116Sdes 3056215116Sdes ok markus@ 3057