ChangeLog revision 192595
120090223 2 - (djm) OpenBSD CVS Sync 3 - djm@cvs.openbsd.org 2009/02/22 23:50:57 4 [ssh_config.5 sshd_config.5] 5 don't advertise experimental options 6 - djm@cvs.openbsd.org 2009/02/22 23:59:25 7 [sshd_config.5] 8 missing period 9 - djm@cvs.openbsd.org 2009/02/23 00:06:15 10 [version.h] 11 openssh-5.2 12 - (djm) [README] update for 5.2 13 - (djm) Release openssh-5.2p1 14 1520090222 16 - (djm) OpenBSD CVS Sync 17 - tobias@cvs.openbsd.org 2009/02/21 19:32:04 18 [misc.c sftp-server-main.c ssh-keygen.c] 19 Added missing newlines in error messages. 20 ok dtucker 21 2220090221 23 - (djm) OpenBSD CVS Sync 24 - djm@cvs.openbsd.org 2009/02/17 01:28:32 25 [ssh_config] 26 sync with revised default ciphers; pointed out by dkrause@ 27 - djm@cvs.openbsd.org 2009/02/18 04:31:21 28 [schnorr.c] 29 signature should hash over the entire group, not just the generator 30 (this is still disabled code) 31 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 32 [contrib/suse/openssh.spec] Prepare for 5.2p1 33 3420090216 35 - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh] 36 [regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled 37 interop tests from FATAL error to a warning. Allows some interop 38 tests to proceed if others are missing necessary prerequisites. 39 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris 40 systems; patch from Aurelien Jarno via rmh AT aybabtu.com 41 4220090214 43 - (djm) OpenBSD CVS Sync 44 - dtucker@cvs.openbsd.org 2009/02/02 11:15:14 45 [sftp.c] 46 Initialize a few variables to prevent spurious "may be used 47 uninitialized" warnings from newer gcc's. ok djm@ 48 - djm@cvs.openbsd.org 2009/02/12 03:00:56 49 [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c] 50 [readconf.h serverloop.c ssh.c] 51 support remote port forwarding with a zero listen port (-R0:...) to 52 dyamically allocate a listen port at runtime (this is actually 53 specified in rfc4254); bz#1003 ok markus@ 54 - djm@cvs.openbsd.org 2009/02/12 03:16:01 55 [serverloop.c] 56 tighten check for -R0:... forwarding: only allow dynamic allocation 57 if want_reply is set in the packet 58 - djm@cvs.openbsd.org 2009/02/12 03:26:22 59 [monitor.c] 60 some paranoia: check that the serialised key is really KEY_RSA before 61 diddling its internals 62 - djm@cvs.openbsd.org 2009/02/12 03:42:09 63 [ssh.1] 64 document -R0:... usage 65 - djm@cvs.openbsd.org 2009/02/12 03:44:25 66 [ssh.1] 67 consistency: Dq => Ql 68 - djm@cvs.openbsd.org 2009/02/12 03:46:17 69 [ssh_config.5] 70 document RemoteForward usage with 0 listen port 71 - jmc@cvs.openbsd.org 2009/02/12 07:34:20 72 [ssh_config.5] 73 kill trailing whitespace; 74 - markus@cvs.openbsd.org 2009/02/13 11:50:21 75 [packet.c] 76 check for enc !=NULL in packet_start_discard 77 - djm@cvs.openbsd.org 2009/02/14 06:35:49 78 [PROTOCOL] 79 mention that eow and no-more-sessions extensions are sent only to 80 OpenSSH peers 81 8220090212 83 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically 84 set ownership and modes, so avoid explicitly setting them 85 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX. 86 OSX provides a getlastlogxbyname function that automates the reading of 87 a lastlog file. Also, the pututxline function will update lastlog so 88 there is no need for loginrec.c to do it explicitly. Collapse some 89 overly verbose code while I'm in there. 90 9120090201 92 - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in 93 channels.c too, so move the definition for non-IP6 platforms to defines.h 94 where it can be shared. 95 9620090129 97 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. 98 If the CYGWIN environment variable is empty, the installer script 99 should not install the service with an empty CYGWIN variable, but 100 rather without setting CYGWNI entirely. 101 - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes. 102 10320090128 104 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen. 105 Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x. 106 The information given for the setting of the CYGWIN environment variable 107 is wrong for both releases so I just removed it, together with the 108 unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting. 109 11020081228 111 - (djm) OpenBSD CVS Sync 112 - stevesk@cvs.openbsd.org 2008/12/09 03:20:42 113 [channels.c servconf.c] 114 channel_print_adm_permitted_opens() should deal with all the printing 115 for that config option. suggested by markus@; ok markus@ djm@ 116 dtucker@ 117 - djm@cvs.openbsd.org 2008/12/09 04:32:22 118 [auth2-chall.c] 119 replace by-hand string building with xasprinf(); ok deraadt@ 120 - sobrado@cvs.openbsd.org 2008/12/09 15:35:00 121 [sftp.1 sftp.c] 122 update for the synopses displayed by the 'help' command, there are a 123 few missing flags; add 'bye' to the output of 'help'; sorting and spacing. 124 jmc@ suggested replacing .Oo/.Oc with a single .Op macro. 125 ok jmc@ 126 - stevesk@cvs.openbsd.org 2008/12/09 22:37:33 127 [clientloop.c] 128 fix typo in error message 129 - stevesk@cvs.openbsd.org 2008/12/10 03:55:20 130 [addrmatch.c] 131 o cannot be NULL here but use xfree() to be consistent; ok djm@ 132 - stevesk@cvs.openbsd.org 2008/12/29 01:12:36 133 [ssh-keyscan.1] 134 fix example, default key type is rsa for 3+ years; from 135 frederic.perrin@resel.fr 136 - stevesk@cvs.openbsd.org 2008/12/29 02:23:26 137 [pathnames.h] 138 no need to escape single quotes in comments 139 - okan@cvs.openbsd.org 2008/12/30 00:46:56 140 [sshd_config.5] 141 add AllowAgentForwarding to available Match keywords list 142 ok djm 143 - djm@cvs.openbsd.org 2009/01/01 21:14:35 144 [channels.c] 145 call channel destroy callbacks on receipt of open failure messages. 146 fixes client hangs when connecting to a server that has MaxSessions=0 147 set spotted by imorgan AT nas.nasa.gov; ok markus@ 148 - djm@cvs.openbsd.org 2009/01/01 21:17:36 149 [kexgexs.c] 150 fix hash calculation for KEXGEX: hash over the original client-supplied 151 values and not the sanity checked versions that we acutally use; 152 bz#1540 reported by john.smith AT arrows.demon.co.uk 153 ok markus@ 154 - djm@cvs.openbsd.org 2009/01/14 01:38:06 155 [channels.c] 156 support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482; 157 "looks ok" markus@ 158 - stevesk@cvs.openbsd.org 2009/01/15 17:38:43 159 [readconf.c] 160 1) use obsolete instead of alias for consistency 161 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is 162 so move the comment. 163 3) reorder so like options are together 164 ok djm@ 165 - djm@cvs.openbsd.org 2009/01/22 09:46:01 166 [channels.c channels.h session.c] 167 make Channel->path an allocated string, saving a few bytes here and 168 there and fixing bz#1380 in the process; ok markus@ 169 - djm@cvs.openbsd.org 2009/01/22 09:49:57 170 [channels.c] 171 oops! I committed the wrong version of the Channel->path diff, 172 it was missing some tweaks suggested by stevesk@ 173 - djm@cvs.openbsd.org 2009/01/22 10:02:34 174 [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h] 175 [serverloop.c ssh-keyscan.c ssh.c sshd.c] 176 make a2port() return -1 when it encounters an invalid port number 177 rather than 0, which it will now treat as valid (needed for future work) 178 adjust current consumers of a2port() to check its return value is <= 0, 179 which in turn required some things to be converted from u_short => int 180 make use of int vs. u_short consistent in some other places too 181 feedback & ok markus@ 182 - djm@cvs.openbsd.org 2009/01/22 10:09:16 183 [auth-options.c] 184 another chunk of a2port() diff that got away. wtfdjm?? 185 - djm@cvs.openbsd.org 2009/01/23 07:58:11 186 [myproposal.h] 187 prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC 188 modes; ok markus@ 189 - naddy@cvs.openbsd.org 2009/01/24 17:10:22 190 [ssh_config.5 sshd_config.5] 191 sync list of preferred ciphers; ok djm@ 192 - markus@cvs.openbsd.org 2009/01/26 09:58:15 193 [cipher.c cipher.h packet.c] 194 Work around the CPNI-957037 Plaintext Recovery Attack by always 195 reading 256K of data on packet size or HMAC errors (in CBC mode only). 196 Help, feedback and ok djm@ 197 Feedback from Martin Albrecht and Paterson Kenny 198 19920090107 200 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X. 201 Patch based on one from vgiffin AT apple.com; ok dtucker@ 202 - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via 203 launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked; 204 ok dtucker@ 205 - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make 206 ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity" 207 key). Patch from cjwatson AT debian.org 208 20920090107 210 - (tim) [configure.ac defines.h openbsd-compat/port-uw.c 211 openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI. 212 OK djm@ dtucker@ 213 - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section. 214 OpenServer 6 doesn't need libcrypt. 215 21620081209 217 - (djm) OpenBSD CVS Sync 218 - djm@cvs.openbsd.org 2008/12/09 02:38:18 219 [clientloop.c] 220 The ~C escape handler does not work correctly for multiplexed sessions - 221 it opens a commandline on the master session, instead of on the slave 222 that requested it. Disable it on slave sessions until such time as it 223 is fixed; bz#1543 report from Adrian Bridgett via Colin Watson 224 ok markus@ 225 - djm@cvs.openbsd.org 2008/12/09 02:39:59 226 [sftp.c] 227 Deal correctly with failures in remote stat() operation in sftp, 228 correcting fail-on-error behaviour in batchmode. bz#1541 report and 229 fix from anedvedicky AT gmail.com; ok markus@ 230 - djm@cvs.openbsd.org 2008/12/09 02:58:16 231 [readconf.c] 232 don't leave junk (free'd) pointers around in Forward *fwd argument on 233 failure; avoids double-free in ~C -L handler when given an invalid 234 forwarding specification; bz#1539 report from adejong AT debian.org 235 via Colin Watson; ok markus@ dtucker@ 236 - djm@cvs.openbsd.org 2008/12/09 03:02:37 237 [sftp.1 sftp.c] 238 correct sftp(1) and corresponding usage syntax; 239 bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@ 240 24120081208 242 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually 243 use some stack in main(). 244 Report and suggested fix from vapier AT gentoo.org 245 - (djm) OpenBSD CVS Sync 246 - markus@cvs.openbsd.org 2008/12/02 19:01:07 247 [clientloop.c] 248 we have to use the recipient's channel number (RFC 4254) for 249 SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages, 250 otherwise we trigger 'Non-public channel' error messages on sshd 251 systems with clientkeepalive enabled; noticed by sturm; ok djm; 252 - markus@cvs.openbsd.org 2008/12/02 19:08:59 253 [serverloop.c] 254 backout 1.149, since it's not necessary and openssh clients send 255 broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@ 256 - markus@cvs.openbsd.org 2008/12/02 19:09:38 257 [channels.c] 258 s/remote_id/id/ to be more consistent with other code; ok djm@ 259 26020081201 261 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files 262 and tweak the is-sshd-running check in ssh-host-config. Patch from 263 vinschen at redhat com. 264 - (dtucker) OpenBSD CVS Sync 265 - markus@cvs.openbsd.org 2008/11/21 15:47:38 266 [packet.c] 267 packet_disconnect() on padding error, too. should reduce the success 268 probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18 269 ok djm@ 270 - dtucker@cvs.openbsd.org 2008/11/30 11:59:26 271 [monitor_fdpass.c] 272 Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@ 273 27420081123 275 - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some 276 declarations, removing an unnecessary union member and adding whitespace. 277 cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago. 278 27920081118 280 - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id 281 member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and 282 feedback by djm@ 283 28420081111 285 - (dtucker) OpenBSD CVS Sync 286 - jmc@cvs.openbsd.org 2008/11/05 11:22:54 287 [servconf.c] 288 passord -> password; 289 fixes user/5975 from Rene Maroufi 290 - stevesk@cvs.openbsd.org 2008/11/07 00:42:12 291 [ssh-keygen.c] 292 spelling/typo in comment 293 - stevesk@cvs.openbsd.org 2008/11/07 18:50:18 294 [nchan.c] 295 add space to some log/debug messages for readability; ok djm@ markus@ 296 - dtucker@cvs.openbsd.org 2008/11/07 23:34:48 297 [auth2-jpake.c] 298 Move JPAKE define to make life easier for portable. ok djm@ 299 - tobias@cvs.openbsd.org 2008/11/09 12:34:47 300 [session.c ssh.1] 301 typo fixed (overriden -> overridden) 302 ok espie, jmc 303 - stevesk@cvs.openbsd.org 2008/11/11 02:58:09 304 [servconf.c] 305 USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing 306 kerberosgetafstoken. ok dtucker@ 307 (Id sync only, we still want the ifdef in portable) 308 - stevesk@cvs.openbsd.org 2008/11/11 03:55:11 309 [channels.c] 310 for sshd -T print 'permitopen any' vs. 'permitopen' for case of no 311 permitopen's; ok and input dtucker@ 312 - djm@cvs.openbsd.org 2008/11/10 02:06:35 313 [regress/putty-ciphers.sh] 314 PuTTY supports AES CTR modes, so interop test against them too 315 31620081105 317 - OpenBSD CVS Sync 318 - djm@cvs.openbsd.org 2008/11/03 08:59:41 319 [servconf.c] 320 include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov 321 - djm@cvs.openbsd.org 2008/11/04 07:58:09 322 [auth.c] 323 need unistd.h for close() prototype 324 (ID sync only) 325 - djm@cvs.openbsd.org 2008/11/04 08:22:13 326 [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h] 327 [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5] 328 [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c] 329 [Makefile.in] 330 Add support for an experimental zero-knowledge password authentication 331 method using the J-PAKE protocol described in F. Hao, P. Ryan, 332 "Password Authenticated Key Exchange by Juggling", 16th Workshop on 333 Security Protocols, Cambridge, April 2008. 334 335 This method allows password-based authentication without exposing 336 the password to the server. Instead, the client and server exchange 337 cryptographic proofs to demonstrate of knowledge of the password while 338 revealing nothing useful to an attacker or compromised endpoint. 339 340 This is experimental, work-in-progress code and is presently 341 compiled-time disabled (turn on -DJPAKE in Makefile.inc). 342 343 "just commit it. It isn't too intrusive." deraadt@ 344 - stevesk@cvs.openbsd.org 2008/11/04 19:18:00 345 [readconf.c] 346 because parse_forward() is now used to parse all forward types (DLR), 347 and it malloc's space for host variables, we don't need to malloc 348 here. fixes small memory leaks. 349 350 previously dynamic forwards were not parsed in parse_forward() and 351 space was not malloc'd in that case. 352 353 ok djm@ 354 - stevesk@cvs.openbsd.org 2008/11/05 03:23:09 355 [clientloop.c ssh.1] 356 add dynamic forward escape command line; ok djm@ 357 35820081103 359 - OpenBSD CVS Sync 360 - sthen@cvs.openbsd.org 2008/07/24 23:55:30 361 [ssh-keygen.1] 362 Add "ssh-keygen -F -l" to synopsis (displays fingerprint from 363 known_hosts). ok djm@ 364 - grunk@cvs.openbsd.org 2008/07/25 06:56:35 365 [ssh_config] 366 Add VisualHostKey to example file, ok djm@ 367 - grunk@cvs.openbsd.org 2008/07/25 07:05:16 368 [key.c] 369 In random art visualization, make sure to use the end marker only at the 370 end. Initial diff by Dirk Loss, tweaks and ok djm@ 371 - markus@cvs.openbsd.org 2008/07/31 14:48:28 372 [sshconnect2.c] 373 don't allocate space for empty banners; report t8m at centrum.cz; 374 ok deraadt 375 - krw@cvs.openbsd.org 2008/08/02 04:29:51 376 [ssh_config.5] 377 whitepsace -> whitespace. From Matthew Clarke via bugs@. 378 - djm@cvs.openbsd.org 2008/08/21 04:09:57 379 [session.c] 380 allow ForceCommand internal-sftp with arguments. based on patch from 381 michael.barabanov AT gmail.com; ok markus@ 382 - djm@cvs.openbsd.org 2008/09/06 12:24:13 383 [kex.c] 384 OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our 385 replacement anymore 386 (ID sync only for portable - we still need this) 387 - markus@cvs.openbsd.org 2008/09/11 14:22:37 388 [compat.c compat.h nchan.c ssh.c] 389 only send eow and no-more-sessions requests to openssh 5 and newer; 390 fixes interop problems with broken ssh v2 implementations; ok djm@ 391 - millert@cvs.openbsd.org 2008/10/02 14:39:35 392 [session.c] 393 Convert an unchecked strdup to xstrdup. OK deraadt@ 394 - jmc@cvs.openbsd.org 2008/10/03 13:08:12 395 [sshd.8] 396 do not give an example of how to chmod files: we can presume the user 397 knows that. removes an ambiguity in the permission of authorized_keys; 398 ok deraadt 399 - deraadt@cvs.openbsd.org 2008/10/03 23:56:28 400 [sshconnect2.c] 401 Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the 402 function. 403 spotted by des@freebsd, who commited an incorrect fix to the freebsd tree 404 and (as is fairly typical) did not report the problem to us. But this fix 405 is correct. 406 ok djm 407 - djm@cvs.openbsd.org 2008/10/08 23:34:03 408 [ssh.1 ssh.c] 409 Add -y option to force logging via syslog rather than stderr. 410 Useful for daemonised ssh connection (ssh -f). Patch originally from 411 and ok'd by markus@ 412 - djm@cvs.openbsd.org 2008/10/09 03:50:54 413 [servconf.c sshd_config.5] 414 support setting PermitEmptyPasswords in a Match block 415 requested in PR3891; ok dtucker@ 416 - jmc@cvs.openbsd.org 2008/10/09 06:54:22 417 [ssh.c] 418 add -y to usage(); 419 - stevesk@cvs.openbsd.org 2008/10/10 04:55:16 420 [scp.c] 421 spelling in comment; ok djm@ 422 - stevesk@cvs.openbsd.org 2008/10/10 05:00:12 423 [key.c] 424 typo in error message; ok djm@ 425 - stevesk@cvs.openbsd.org 2008/10/10 16:43:27 426 [ssh_config.5] 427 use 'Privileged ports can be forwarded only when logging in as root on 428 the remote machine.' for RemoteForward just like ssh.1 -R. 429 ok djm@ jmc@ 430 - stevesk@cvs.openbsd.org 2008/10/14 18:11:33 431 [sshconnect.c] 432 use #define ROQUIET here; no binary change. ok dtucker@ 433 - stevesk@cvs.openbsd.org 2008/10/17 18:36:24 434 [ssh_config.5] 435 correct and clarify VisualHostKey; ok jmc@ 436 - stevesk@cvs.openbsd.org 2008/10/30 19:31:16 437 [clientloop.c sshd.c] 438 don't need to #include "monitor_fdpass.h" 439 - stevesk@cvs.openbsd.org 2008/10/31 15:05:34 440 [dispatch.c] 441 remove unused #define DISPATCH_MIN; ok markus@ 442 - djm@cvs.openbsd.org 2008/11/01 04:50:08 443 [sshconnect2.c] 444 sprinkle ARGSUSED on dispatch handlers 445 nuke stale unusued prototype 446 - stevesk@cvs.openbsd.org 2008/11/01 06:43:33 447 [channels.c] 448 fix some typos in log messages; ok djm@ 449 - sobrado@cvs.openbsd.org 2008/11/01 11:14:36 450 [ssh-keyscan.1 ssh-keyscan.c] 451 the ellipsis is not an optional argument; while here, improve spacing. 452 - stevesk@cvs.openbsd.org 2008/11/01 17:40:33 453 [clientloop.c readconf.c readconf.h ssh.c] 454 merge dynamic forward parsing into parse_forward(); 455 'i think this is OK' djm@ 456 - stevesk@cvs.openbsd.org 2008/11/02 00:16:16 457 [ttymodes.c] 458 protocol 2 tty modes support is now 7.5 years old so remove these 459 debug3()s; ok deraadt@ 460 - stevesk@cvs.openbsd.org 2008/11/03 01:07:02 461 [readconf.c] 462 remove valueless comment 463 - stevesk@cvs.openbsd.org 2008/11/03 02:44:41 464 [readconf.c] 465 fix comment 466 - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd] 467 Make example scripts generate keys with default sizes rather than fixed, 468 non-default 1024 bits; patch from imorgan AT nas.nasa.gov 469 - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam] 470 [contrib/redhat/sshd.pam] Move pam_nologin to account group from 471 incorrect auth group in example files; 472 patch from imorgan AT nas.nasa.gov 473 47420080906 475 - (dtucker) [config.guess config.sub] Update to latest versions from 476 http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16 477 respectively). 478 47920080830 480 - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs 481 larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch 482 from Nicholas Marriott. 483 48420080721 485 - (djm) OpenBSD CVS Sync 486 - djm@cvs.openbsd.org 2008/07/23 07:36:55 487 [servconf.c] 488 do not try to print options that have been compile-time disabled 489 in config test mode (sshd -T); report from nix-corp AT esperi.org.uk 490 ok dtucker@ 491 - (djm) [servconf.c] Print UsePAM option in config test mode (when it 492 has been compiled in); report from nix-corp AT esperi.org.uk 493 ok dtucker@ 494 49520080721 496 - (djm) OpenBSD CVS Sync 497 - jmc@cvs.openbsd.org 2008/07/18 22:51:01 498 [sftp-server.8] 499 no need for .Pp before or after .Sh; 500 - djm@cvs.openbsd.org 2008/07/21 08:19:07 501 [version.h] 502 openssh-5.1 503 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 504 [contrib/suse/openssh.spec] Update version number in README and RPM specs 505 - (djm) Release OpenSSH-5.1 506 50720080717 508 - (djm) OpenBSD CVS Sync 509 - djm@cvs.openbsd.org 2008/07/17 08:48:00 510 [sshconnect2.c] 511 strnvis preauth banner; pointed out by mpf@ ok markus@ 512 - djm@cvs.openbsd.org 2008/07/17 08:51:07 513 [auth2-hostbased.c] 514 strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes 515 report and patch from res AT qoxp.net (bz#1200); ok markus@ 516 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat 517 code, replace with equivalent cygwin library call. Patch from vinschen 518 at redhat.com, ok djm@. 519 - (djm) [sshconnect2.c] vis.h isn't available everywhere 520 52120080716 522 - OpenBSD CVS Sync 523 - djm@cvs.openbsd.org 2008/07/15 02:23:14 524 [sftp.1] 525 number of pipelined requests is now 64; 526 prodded by Iain.Morgan AT nasa.gov 527 - djm@cvs.openbsd.org 2008/07/16 11:51:14 528 [clientloop.c] 529 rename variable first_gc -> last_gc (since it is actually the last 530 in the list). 531 - djm@cvs.openbsd.org 2008/07/16 11:52:19 532 [channels.c] 533 this loop index should be automatic, not static 534 53520080714 536 - (djm) OpenBSD CVS Sync 537 - sthen@cvs.openbsd.org 2008/07/13 21:22:52 538 [ssh-keygen.c] 539 Change "ssh-keygen -F [host] -l" to not display random art unless 540 -v is also specified, making it consistent with the manual and other 541 uses of -l. 542 ok grunk@ 543 - djm@cvs.openbsd.org 2008/07/13 22:13:07 544 [channels.c] 545 use struct sockaddr_storage instead of struct sockaddr for accept(2) 546 address argument. from visibilis AT yahoo.com in bz#1485; ok markus@ 547 - djm@cvs.openbsd.org 2008/07/13 22:16:03 548 [sftp.c] 549 increase number of piplelined requests so they properly fill the 550 (recently increased) channel window. prompted by rapier AT psc.edu; 551 ok markus@ 552 - djm@cvs.openbsd.org 2008/07/14 01:55:56 553 [sftp-server.8] 554 mention requirement for /dev/log inside chroot when using sftp-server 555 with ChrootDirectory 556 - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to 557 avoid clash with sin(3) function; reported by 558 cristian.ionescu-idbohrn AT axis.com 559 - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close() 560 prototype; reported by cristian.ionescu-idbohrn AT axis.com 561 - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash; 562 reported by cristian.ionescu-idbohrn AT axis.com 563 - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config] 564 [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd] 565 Revamped and simplified Cygwin ssh-host-config script that uses 566 unified csih configuration tool. Requires recent Cygwin. 567 Patch from vinschen AT redhat.com 568 56920080712 570 - (djm) OpenBSD CVS Sync 571 - djm@cvs.openbsd.org 2008/07/12 04:52:50 572 [channels.c] 573 unbreak; move clearing of cctx struct to before first use 574 reported by dkrause@ 575 - djm@cvs.openbsd.org 2008/07/12 05:33:41 576 [scp.1] 577 better description for -i flag: 578 s/RSA authentication/public key authentication/ 579 - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h] 580 return EAI_FAMILY when trying to lookup unsupported address family; 581 from vinschen AT redhat.com 582 58320080711 584 - (djm) OpenBSD CVS Sync 585 - stevesk@cvs.openbsd.org 2008/07/07 00:31:41 586 [ttymodes.c] 587 we don't need arg after the debug3() was removed. from lint. 588 ok djm@ 589 - stevesk@cvs.openbsd.org 2008/07/07 23:32:51 590 [key.c] 591 /*NOTREACHED*/ for lint warning: 592 warning: function key_equal falls off bottom without returning value 593 ok djm@ 594 - markus@cvs.openbsd.org 2008/07/10 18:05:58 595 [channels.c] 596 missing bzero; from mickey; ok djm@ 597 - markus@cvs.openbsd.org 2008/07/10 18:08:11 598 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c] 599 sync v1 and v2 traffic accounting; add it to sshd, too; 600 ok djm@, dtucker@ 601 60220080709 603 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass 604 - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM 605 account check failure path. The vulnerable format buffer is supplied 606 from PAM and should not contain attacker-supplied data. 607 - (djm) [auth.c] Missing unistd.h for close() 608 - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x 609 61020080705 611 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed 612 passwords disabled. bz#1083 report & patch from senthilkumar_sen AT 613 hotpop.com, w/ dtucker@ 614 - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for 615 Tru64. readv doesn't seem to be a comparable object there. 616 bz#1386, patch from dtucker@ ok me 617 - (djm) [Makefile.in] Pass though pass to conch for interop tests 618 - (djm) [configure.ac] unbreak: remove extra closing brace 619 - (djm) OpenBSD CVS Sync 620 - djm@cvs.openbsd.org 2008/07/04 23:08:25 621 [packet.c] 622 handle EINTR in packet_write_poll()l ok dtucker@ 623 - djm@cvs.openbsd.org 2008/07/04 23:30:16 624 [auth1.c auth2.c] 625 Make protocol 1 MaxAuthTries logic match protocol 2's. 626 Do not treat the first protocol 2 authentication attempt as 627 a failure IFF it is for method "none". 628 Makes MaxAuthTries' user-visible behaviour identical for 629 protocol 1 vs 2. 630 ok dtucker@ 631 - djm@cvs.openbsd.org 2008/07/05 05:16:01 632 [PROTOCOL] 633 grammar 634 63520080704 636 - (dtucker) OpenBSD CVS Sync 637 - djm@cvs.openbsd.org 2008/07/02 13:30:34 638 [auth2.c] 639 really really remove the freebie "none" auth try for protocol 2 640 - djm@cvs.openbsd.org 2008/07/02 13:47:39 641 [ssh.1 ssh.c] 642 When forking after authentication ("ssh -f") with ExitOnForwardFailure 643 enabled, delay the fork until after replies for any -R forwards have 644 been seen. Allows for robust detection of -R forward failure when 645 using -f (similar to bz#92); ok dtucker@ 646 - otto@cvs.openbsd.org 2008/07/03 21:46:58 647 [auth2-pubkey.c] 648 avoid nasty double free; ok dtucker@ djm@ 649 - djm@cvs.openbsd.org 2008/07/04 03:44:59 650 [servconf.c groupaccess.h groupaccess.c] 651 support negation of groups in "Match group" block (bz#1315); ok dtucker@ 652 - dtucker@cvs.openbsd.org 2008/07/04 03:47:02 653 [monitor.c] 654 Make debug a little clearer. ok djm@ 655 - djm@cvs.openbsd.org 2008/06/30 08:07:34 656 [regress/key-options.sh] 657 shell portability: use "=" instead of "==" in test(1) expressions, 658 double-quote string with backslash escaped / 659 - djm@cvs.openbsd.org 2008/06/30 10:31:11 660 [regress/{putty-transfer,putty-kex,putty-ciphers}.sh] 661 remove "set -e" left over from debugging 662 - djm@cvs.openbsd.org 2008/06/30 10:43:03 663 [regress/conch-ciphers.sh] 664 explicitly disable conch options that could interfere with the test 665 - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link 666 returns EXDEV. Patch from Mike Garrison, ok djm@ 667 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h] 668 [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c] 669 [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on 670 some platforms (HP nonstop) it is a distinct errno; 671 bz#1467 reported by sconeu AT yahoo.com; ok dtucker@ 672 67320080702 674 - (dtucker) OpenBSD CVS Sync 675 - djm@cvs.openbsd.org 2008/06/30 08:05:59 676 [PROTOCOL.agent] 677 typo: s/constraint_date/constraint_data/ 678 - djm@cvs.openbsd.org 2008/06/30 12:15:39 679 [serverloop.c] 680 only pass channel requests on session channels through to the session 681 channel handler, avoiding spurious log messages; ok! markus@ 682 - djm@cvs.openbsd.org 2008/06/30 12:16:02 683 [nchan.c] 684 only send eow@openssh.com notifications for session channels; ok! markus@ 685 - djm@cvs.openbsd.org 2008/06/30 12:18:34 686 [PROTOCOL] 687 clarify that eow@openssh.com is only sent on session channels 688 - dtucker@cvs.openbsd.org 2008/07/01 07:20:52 689 [sshconnect.c] 690 Check ExitOnForwardFailure if forwardings are disabled due to a failed 691 host key check. ok djm@ 692 - dtucker@cvs.openbsd.org 2008/07/01 07:24:22 693 [sshconnect.c sshd.c] 694 Send CR LF during protocol banner exchanges, but only for Protocol 2 only, 695 in order to comply with RFC 4253. bz #1443, ok djm@ 696 - stevesk@cvs.openbsd.org 2008/07/01 23:12:47 697 [PROTOCOL.agent] 698 fix some typos; ok djm@ 699 - djm@cvs.openbsd.org 2008/07/02 02:24:18 700 [sshd_config sshd_config.5 sshd.8 servconf.c] 701 increase default size of ssh protocol 1 ephemeral key from 768 to 1024 702 bits; prodded by & ok dtucker@ ok deraadt@ 703 - dtucker@cvs.openbsd.org 2008/07/02 12:03:51 704 [auth-rsa.c auth.c auth2-pubkey.c auth.h] 705 Merge duplicate host key file checks, based in part on a patch from Rob 706 Holland via bz #1348 . Also checks for non-regular files during protocol 707 1 RSA auth. ok djm@ 708 - djm@cvs.openbsd.org 2008/07/02 12:36:39 709 [auth2-none.c auth2.c] 710 Make protocol 2 MaxAuthTries behaviour a little more sensible: 711 Check whether client has exceeded MaxAuthTries before running 712 an authentication method and skip it if they have, previously it 713 would always allow one try (for "none" auth). 714 Preincrement failure count before post-auth test - previously this 715 checked and postincremented, also to allow one "none" try. 716 Together, these two changes always count the "none" auth method 717 which could be skipped by a malicious client (e.g. an SSH worm) 718 to get an extra attempt at a real auth method. They also make 719 MaxAuthTries=0 a useful way to block users entirely (esp. in a 720 sshd_config Match block). 721 Also, move sending of any preauth banner from "none" auth method 722 to the first call to input_userauth_request(), so worms that skip 723 the "none" method get to see it too. 724 72520080630 726 - (djm) OpenBSD CVS Sync 727 - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 728 [regress/Makefile regress/key-options.sh] 729 Add regress test for key options. ok djm@ 730 - dtucker@cvs.openbsd.org 2008/06/11 23:11:40 731 [regress/Makefile] 732 Don't run cipher-speed test by default; mistakenly enabled by me 733 - djm@cvs.openbsd.org 2008/06/28 13:57:25 734 [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh] 735 very basic regress test against Twisted Conch in "make interop" 736 target (conch is available in ports/devel/py-twisted/conch); 737 ok markus@ 738 - (djm) [regress/Makefile] search for conch by path, like we do putty 739 74020080629 741 - (djm) OpenBSD CVS Sync 742 - martynas@cvs.openbsd.org 2008/06/21 07:46:46 743 [sftp.c] 744 use optopt to get invalid flag, instead of return value of getopt, 745 which is always '?'; ok djm@ 746 - otto@cvs.openbsd.org 2008/06/25 11:13:43 747 [key.c] 748 add key length to visual fingerprint; zap magical constants; 749 ok grunk@ djm@ 750 - djm@cvs.openbsd.org 2008/06/26 06:10:09 751 [sftp-client.c sftp-server.c] 752 allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky 753 bits. Note that this only affects explicit setting of modes (e.g. via 754 sftp(1)'s chmod command) and not file transfers. (bz#1310) 755 ok deraadt@ at c2k8 756 - djm@cvs.openbsd.org 2008/06/26 09:19:40 757 [dh.c dh.h moduli.c] 758 when loading moduli from /etc/moduli in sshd(8), check that they 759 are of the expected "safe prime" structure and have had 760 appropriate primality tests performed; 761 feedback and ok dtucker@ 762 - grunk@cvs.openbsd.org 2008/06/26 11:46:31 763 [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c] 764 Move SSH Fingerprint Visualization away from sharing the config option 765 CheckHostIP to an own config option named VisualHostKey. 766 While there, fix the behaviour that ssh would draw a random art picture 767 on every newly seen host even when the option was not enabled. 768 prodded by deraadt@, discussions, 769 help and ok markus@ djm@ dtucker@ 770 - jmc@cvs.openbsd.org 2008/06/26 21:11:46 771 [ssh.1] 772 add VisualHostKey to the list of options listed in -o; 773 - djm@cvs.openbsd.org 2008/06/28 07:25:07 774 [PROTOCOL] 775 spelling fixes 776 - djm@cvs.openbsd.org 2008/06/28 13:58:23 777 [ssh-agent.c] 778 refuse to add a key that has unknown constraints specified; 779 ok markus 780 - djm@cvs.openbsd.org 2008/06/28 14:05:15 781 [ssh-agent.c] 782 reset global compat flag after processing a protocol 2 signature 783 request with the legacy DSA encoding flag set; ok markus 784 - djm@cvs.openbsd.org 2008/06/28 14:08:30 785 [PROTOCOL PROTOCOL.agent] 786 document the protocol used by ssh-agent; "looks ok" markus@ 787 78820080628 789 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec] 790 RFC.nroff lacks a license, remove it (it is long gone in OpenBSD). 791 79220080626 793 - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD. 794 (bz#1372) 795 - (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 796 [contrib/suse/openssh.spec] Include moduli.5 in RPM spec files. 797 79820080616 799 - (dtucker) OpenBSD CVS Sync 800 - dtucker@cvs.openbsd.org 2008/06/16 13:22:53 801 [session.c channels.c] 802 Rename the isatty argument to is_tty so we don't shadow 803 isatty(3). ok markus@ 804 - (dtucker) [channels.c] isatty -> is_tty here too. 805 80620080615 807 - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc. 808 - OpenBSD CVS Sync 809 - dtucker@cvs.openbsd.org 2008/06/14 15:49:48 810 [sshd.c] 811 wrap long line at 80 chars 812 - dtucker@cvs.openbsd.org 2008/06/14 17:07:11 813 [sshd.c] 814 ensure default umask disallows at least group and world write; ok djm@ 815 - djm@cvs.openbsd.org 2008/06/14 18:33:43 816 [session.c] 817 suppress the warning message from chdir(homedir) failures 818 when chrooted (bz#1461); ok dtucker 819 - dtucker@cvs.openbsd.org 2008/06/14 19:42:10 820 [scp.1] 821 Mention that scp follows symlinks during -r. bz #1466, 822 from nectar at apple 823 - dtucker@cvs.openbsd.org 2008/06/15 16:55:38 824 [sshd_config.5] 825 MaxSessions is allowed in a Match block too 826 - dtucker@cvs.openbsd.org 2008/06/15 16:58:40 827 [servconf.c sshd_config.5] 828 Allow MaxAuthTries within a Match block. ok djm@ 829 - djm@cvs.openbsd.org 2008/06/15 20:06:26 830 [channels.c channels.h session.c] 831 don't call isatty() on a pty master, instead pass a flag down to 832 channel_set_fds() indicating that te fds refer to a tty. Fixes a 833 hang on exit on Solaris (bz#1463) in portable but is actually 834 a generic bug; ok dtucker deraadt markus 835 83620080614 837 - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction 838 replacement code; patch from ighighi AT gmail.com in bz#1240; 839 ok dtucker 840 84120080613 842 - (dtucker) OpenBSD CVS Sync 843 - deraadt@cvs.openbsd.org 2008/06/13 09:44:36 844 [packet.c] 845 compile on older gcc; no decl after code 846 - dtucker@cvs.openbsd.org 2008/06/13 13:56:59 847 [monitor.c] 848 Clear key options in the monitor on failed authentication, prevents 849 applying additional restrictions to non-pubkey authentications in 850 the case where pubkey fails but another method subsequently succeeds. 851 bz #1472, found by Colin Watson, ok markus@ djm@ 852 - dtucker@cvs.openbsd.org 2008/06/13 14:18:51 853 [auth2-pubkey.c auth-rhosts.c] 854 Include unistd.h for close(), prevents warnings in -portable 855 - dtucker@cvs.openbsd.org 2008/06/13 17:21:20 856 [mux.c] 857 Friendlier error messages for mux fallback. ok djm@ 858 - dtucker@cvs.openbsd.org 2008/06/13 18:55:22 859 [scp.c] 860 Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@ 861 - grunk@cvs.openbsd.org 2008/06/13 20:13:26 862 [ssh.1] 863 Explain the use of SSH fpr visualization using random art, and cite the 864 original scientific paper inspiring that technique. 865 Much help with English and nroff by jmc@, thanks. 866 - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which 867 despite its name doesn't seem to implement all of GSSAPI. Patch from 868 Jan Engelhardt, sanity checked by Simon Wilkinson. 869 87020080612 871 - (dtucker) OpenBSD CVS Sync 872 - jmc@cvs.openbsd.org 2008/06/11 07:30:37 873 [sshd.8] 874 kill trailing whitespace; 875 - grunk@cvs.openbsd.org 2008/06/11 21:01:35 876 [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c 877 sshconnect.c] 878 Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the 879 graphical hash visualization schemes known as "random art", and by 880 Dan Kaminsky's musings on the subject during a BlackOp talk at the 881 23C3 in Berlin. 882 Scientific publication (original paper): 883 "Hash Visualization: a New Technique to improve Real-World Security", 884 Perrig A. and Song D., 1999, International Workshop on Cryptographic 885 Techniques and E-Commerce (CrypTEC '99) 886 http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf 887 The algorithm used here is a worm crawling over a discrete plane, 888 leaving a trace (augmenting the field) everywhere it goes. 889 Movement is taken from dgst_raw 2bit-wise. Bumping into walls 890 makes the respective movement vector be ignored for this turn, 891 thus switching to the other color of the chessboard. 892 Graphs are not unambiguous for now, because circles in graphs can be 893 walked in either direction. 894 discussions with several people, 895 help, corrections and ok markus@ djm@ 896 - grunk@cvs.openbsd.org 2008/06/11 21:38:25 897 [ssh-keygen.c] 898 ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub 899 would not display you the random art as intended, spotted by canacar@ 900 - grunk@cvs.openbsd.org 2008/06/11 22:20:46 901 [ssh-keygen.c ssh-keygen.1] 902 ssh-keygen would write fingerprints to STDOUT, and random art to STDERR, 903 that is not how it was envisioned. 904 Also correct manpage saying that -v is needed along with -l for it to work. 905 spotted by naddy@ 906 - otto@cvs.openbsd.org 2008/06/11 23:02:22 907 [key.c] 908 simpler way of computing the augmentations; ok grunk@ 909 - grunk@cvs.openbsd.org 2008/06/11 23:03:56 910 [ssh_config.5] 911 CheckHostIP set to ``fingerprint'' will display both hex and random art 912 spotted by naddy@ 913 - grunk@cvs.openbsd.org 2008/06/11 23:51:57 914 [key.c] 915 #define statements that are not atoms need braces around them, else they 916 will cause trouble in some cases. 917 Also do a computation of -1 once, and not in a loop several times. 918 spotted by otto@ 919 - dtucker@cvs.openbsd.org 2008/06/12 00:03:49 920 [dns.c canohost.c sshconnect.c] 921 Do not pass "0" strings as ports to getaddrinfo because the lookups 922 can slow things down and we never use the service info anyway. bz 923 #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok 924 deraadt@ djm@ 925 djm belives that the reason for the "0" strings is to ensure that 926 it's not possible to call getaddrinfo with both host and port being 927 NULL. In the case of canohost.c host is a local array. In the 928 case of sshconnect.c, it's checked for null immediately before use. 929 In dns.c it ultimately comes from ssh.c:main() and is guaranteed to 930 be non-null but it's not obvious, so I added a warning message in 931 case it is ever passed a null. 932 - grunk@cvs.openbsd.org 2008/06/12 00:13:55 933 [sshconnect.c] 934 Make ssh print the random art also when ssh'ing to a host using IP only. 935 spotted by naddy@, ok and help djm@ dtucker@ 936 - otto@cvs.openbsd.org 2008/06/12 00:13:13 937 [key.c] 938 use an odd number of rows and columns and a separate start marker, looks 939 better; ok grunk@ 940 - djm@cvs.openbsd.org 2008/06/12 03:40:52 941 [clientloop.h mux.c channels.c clientloop.c channels.h] 942 Enable ~ escapes for multiplex slave sessions; give each channel 943 its own escape state and hook the escape filters up to muxed 944 channels. bz #1331 945 Mux slaves do not currently support the ~^Z and ~& escapes. 946 NB. this change cranks the mux protocol version, so a new ssh 947 mux client will not be able to connect to a running old ssh 948 mux master. 949 ok dtucker@ 950 - djm@cvs.openbsd.org 2008/06/12 04:06:00 951 [clientloop.h ssh.c clientloop.c] 952 maintain an ordered queue of outstanding global requests that we 953 expect replies to, similar to the per-channel confirmation queue. 954 Use this queue to verify success or failure for remote forward 955 establishment in a race free way. 956 ok dtucker@ 957 - djm@cvs.openbsd.org 2008/06/12 04:17:47 958 [clientloop.c] 959 thall shalt not code past the eightieth column 960 - djm@cvs.openbsd.org 2008/06/12 04:24:06 961 [ssh.c] 962 thal shalt not code past the eightieth column 963 - djm@cvs.openbsd.org 2008/06/12 05:15:41 964 [PROTOCOL] 965 document tun@openssh.com forwarding method 966 - djm@cvs.openbsd.org 2008/06/12 05:32:30 967 [mux.c] 968 some more TODO for me 969 - grunk@cvs.openbsd.org 2008/06/12 05:42:46 970 [key.c] 971 supply the key type (rsa1, rsa, dsa) as a caption in the frame of the 972 random art. while there, stress the fact that the field base should at 973 least be 8 characters for the pictures to make sense. 974 comment and ok djm@ 975 - grunk@cvs.openbsd.org 2008/06/12 06:32:59 976 [key.c] 977 We already mark the start of the worm, now also mark the end of the worm 978 in our random art drawings. 979 ok djm@ 980 - djm@cvs.openbsd.org 2008/06/12 15:19:17 981 [clientloop.h channels.h clientloop.c channels.c mux.c] 982 The multiplexing escape char handler commit last night introduced a 983 small memory leak per session; plug it. 984 - dtucker@cvs.openbsd.org 2008/06/12 16:35:31 985 [ssh_config.5 ssh.c] 986 keyword expansion for localcommand. ok djm@ 987 - jmc@cvs.openbsd.org 2008/06/12 19:10:09 988 [ssh_config.5 ssh-keygen.1] 989 tweak the ascii art text; ok grunk 990 - dtucker@cvs.openbsd.org 2008/06/12 20:38:28 991 [sshd.c sshconnect.c packet.h misc.c misc.h packet.c] 992 Make keepalive timeouts apply while waiting for a packet, particularly 993 during key renegotiation (bz #1363). With djm and Matt Day, ok djm@ 994 - djm@cvs.openbsd.org 2008/06/12 20:47:04 995 [sftp-client.c] 996 print extension revisions for extensions that we understand 997 - djm@cvs.openbsd.org 2008/06/12 21:06:25 998 [clientloop.c] 999 I was coalescing expected global request confirmation replies at 1000 the wrong end of the queue - fix; prompted by markus@ 1001 - grunk@cvs.openbsd.org 2008/06/12 21:14:46 1002 [ssh-keygen.c] 1003 make ssh-keygen -lf show the key type just as ssh-add -l would do it 1004 ok djm@ markus@ 1005 - grunk@cvs.openbsd.org 2008/06/12 22:03:36 1006 [key.c] 1007 add my copyright, ok djm@ 1008 - ian@cvs.openbsd.org 2008/06/12 23:24:58 1009 [sshconnect.c] 1010 tweak wording in message, ok deraadt@ jmc@ 1011 - dtucker@cvs.openbsd.org 2008/06/13 00:12:02 1012 [sftp.h log.h] 1013 replace __dead with __attribute__((noreturn)), makes things 1014 a little easier to port. Also, add it to sigdie(). ok djm@ 1015 - djm@cvs.openbsd.org 2008/06/13 00:16:49 1016 [mux.c] 1017 fall back to creating a new TCP connection on most multiplexing errors 1018 (socket connect fail, invalid version, refused permittion, corrupted 1019 messages, etc.); bz #1329 ok dtucker@ 1020 - dtucker@cvs.openbsd.org 2008/06/13 00:47:53 1021 [mux.c] 1022 upcast size_t to u_long to match format arg; ok djm@ 1023 - dtucker@cvs.openbsd.org 2008/06/13 00:51:47 1024 [mac.c] 1025 upcast another size_t to u_long to match format 1026 - dtucker@cvs.openbsd.org 2008/06/13 01:38:23 1027 [misc.c] 1028 upcast uid to long with matching %ld, prevents warnings in portable 1029 - djm@cvs.openbsd.org 2008/06/13 04:40:22 1030 [auth2-pubkey.c auth-rhosts.c] 1031 refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not 1032 regular files; report from Solar Designer via Colin Watson in bz#1471 1033 ok dtucker@ deraadt 1034 - (dtucker) [clientloop.c serverloop.c] channel_register_filter now 1035 takes 2 more args. with djm@ 1036 - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch 1037 from Todd Vierling. 1038 - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA 1039 systems. Patch from R. Scott Bailey. 1040 - (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used 1041 on big endian machines, so ifdef them for little-endian only to prevent 1042 unused function warnings on big-endians. 1043 - (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent 1044 compiler warnings on some platforms. Based on a discussion with otto@ 1045 104620080611 1047 - (djm) [channels.c configure.ac] 1048 Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no) 1049 bz#1464; ok dtucker 1050 105120080610 1052 - (dtucker) OpenBSD CVS Sync 1053 - djm@cvs.openbsd.org 2008/06/10 03:57:27 1054 [servconf.c match.h sshd_config.5] 1055 support CIDR address matching in sshd_config "Match address" blocks, with 1056 full support for negation and fall-back to classic wildcard matching. 1057 For example: 1058 Match address 192.0.2.0/24,3ffe:ffff::/32,!10.* 1059 PasswordAuthentication yes 1060 addrmatch.c code mostly lifted from flowd's addr.c 1061 feedback and ok dtucker@ 1062 - djm@cvs.openbsd.org 2008/06/10 04:17:46 1063 [sshd_config.5] 1064 better reference for pattern-list 1065 - dtucker@cvs.openbsd.org 2008/06/10 04:50:25 1066 [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8] 1067 Add extended test mode (-T) and connection parameters for test mode (-C). 1068 -T causes sshd to write its effective configuration to stdout and exit. 1069 -C causes any relevant Match rules to be applied before output. The 1070 combination allows tesing of the parser and config files. ok deraadt djm 1071 - jmc@cvs.openbsd.org 2008/06/10 07:12:00 1072 [sshd_config.5] 1073 tweak previous; 1074 - jmc@cvs.openbsd.org 2008/06/10 08:17:40 1075 [sshd.8 sshd.c] 1076 - update usage() 1077 - fix SYNOPSIS, and sort options 1078 - some minor additional fixes 1079 - dtucker@cvs.openbsd.org 2008/06/09 18:06:32 1080 [regress/test-exec.sh] 1081 Don't generate putty keys if we're not going to use them. ok djm 1082 - dtucker@cvs.openbsd.org 2008/06/10 05:23:32 1083 [regress/addrmatch.sh regress/Makefile] 1084 Regress test for Match CIDR rules. ok djm@ 1085 - dtucker@cvs.openbsd.org 2008/06/10 15:21:41 1086 [test-exec.sh] 1087 Use a more portable construct for checking if we're running a putty test 1088 - dtucker@cvs.openbsd.org 2008/06/10 15:28:49 1089 [test-exec.sh] 1090 Add quotes 1091 - dtucker@cvs.openbsd.org 2008/06/10 18:21:24 1092 [ssh_config.5] 1093 clarify that Host patterns are space-separated. ok deraadt 1094 - djm@cvs.openbsd.org 2008/06/10 22:15:23 1095 [PROTOCOL ssh.c serverloop.c] 1096 Add a no-more-sessions@openssh.com global request extension that the 1097 client sends when it knows that it will never request another session 1098 (i.e. when session multiplexing is disabled). This allows a server to 1099 disallow further session requests and terminate the session. 1100 Why would a non-multiplexing client ever issue additional session 1101 requests? It could have been attacked with something like SSH'jack: 1102 http://www.storm.net.nz/projects/7 1103 feedback & ok markus 1104 - djm@cvs.openbsd.org 2008/06/10 23:06:19 1105 [auth-options.c match.c servconf.c addrmatch.c sshd.8] 1106 support CIDR address matching in .ssh/authorized_keys from="..." stanzas 1107 ok and extensive testing dtucker@ 1108 - dtucker@cvs.openbsd.org 2008/06/10 23:21:34 1109 [bufaux.c] 1110 Use '\0' for a nul byte rather than unadorned 0. ok djm@ 1111 - dtucker@cvs.openbsd.org 2008/06/10 23:13:43 1112 [Makefile regress/key-options.sh] 1113 Add regress test for key options. ok djm@ 1114 - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6 1115 since the new CIDR code in addmatch.c references it. 1116 - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6 1117 specific tests on platforms that don't do IPv6. 1118 - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well 1119 as environment. 1120 - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now. 1121 112220080609 1123 - (dtucker) OpenBSD CVS Sync 1124 - dtucker@cvs.openbsd.org 2008/06/08 17:04:41 1125 [sftp-server.c] 1126 Add case for ENOSYS in errno_to_portable; ok deraadt 1127 - dtucker@cvs.openbsd.org 2008/06/08 20:15:29 1128 [sftp.c sftp-client.c sftp-client.h] 1129 Have the sftp client store the statvfs replies in wire format, 1130 which prevents problems when the server's native sizes exceed the 1131 client's. 1132 Also extends the sizes of the remaining 32bit wire format to 64bit, 1133 they're specified as unsigned long in the standard. 1134 - dtucker@cvs.openbsd.org 2008/06/09 13:02:39 1135 [sftp-server.c] 1136 Extend 32bit -> 64bit values for statvfs extension missed in previous 1137 commit. 1138 - dtucker@cvs.openbsd.org 2008/06/09 13:38:46 1139 [PROTOCOL] 1140 Use a $OpenBSD tag so our scripts will sync changes. 1141 114220080608 1143 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c 1144 openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h 1145 openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and 1146 fstatvfs and remove #defines around statvfs code. ok djm@ 1147 - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a 1148 macro to convert fsid to unsigned long for platforms where fsid is a 1149 2-member array. 1150 115120080607 1152 - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H. 1153 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c] 1154 Do not enable statvfs extensions on platforms that do not have statvfs. 1155 - (dtucker) OpenBSD CVS Sync 1156 - djm@cvs.openbsd.org 2008/05/19 06:14:02 1157 [packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@ 1158 - djm@cvs.openbsd.org 2008/05/19 15:45:07 1159 [sshtty.c ttymodes.c sshpty.h] 1160 Fix sending tty modes when stdin is not a tty (bz#1199). Previously 1161 we would send the modes corresponding to a zeroed struct termios, 1162 whereas we should have been sending an empty list of modes. 1163 Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ 1164 - djm@cvs.openbsd.org 2008/05/19 15:46:31 1165 [ssh-keygen.c] 1166 support -l (print fingerprint) in combination with -F (find host) to 1167 search for a host in ~/.ssh/known_hosts and display its fingerprint; 1168 ok markus@ 1169 - djm@cvs.openbsd.org 2008/05/19 20:53:52 1170 [clientloop.c] 1171 unbreak tree by committing this bit that I missed from: 1172 Fix sending tty modes when stdin is not a tty (bz#1199). Previously 1173 we would send the modes corresponding to a zeroed struct termios, 1174 whereas we should have been sending an empty list of modes. 1175 Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@ 1176 117720080604 1178 - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias 1179 in arc4random_uniform with upper_bound in (2^30,2*31). Note that 1180 OpenSSH did not make requests with upper bounds in this range. 1181 118220080519 1183 - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in] 1184 [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h] 1185 Fix compilation on Linux, including pulling in fmt_scaled(3) 1186 implementation from OpenBSD's libutil. 1187 118820080518 1189 - (djm) OpenBSD CVS Sync 1190 - djm@cvs.openbsd.org 2008/04/04 05:14:38 1191 [sshd_config.5] 1192 ChrootDirectory is supported in Match blocks (in fact, it is most useful 1193 there). Spotted by Minstrel AT minstrel.org.uk 1194 - djm@cvs.openbsd.org 2008/04/04 06:44:26 1195 [sshd_config.5] 1196 oops, some unrelated stuff crept into that commit - backout. 1197 spotted by jmc@ 1198 - djm@cvs.openbsd.org 2008/04/05 02:46:02 1199 [sshd_config.5] 1200 HostbasedAuthentication is supported under Match too 1201 - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c] 1202 [configure.ac] Implement arc4random_buf(), import implementation of 1203 arc4random_uniform() from OpenBSD 1204 - (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes 1205 - (djm) [openbsd-compat/port-tun.c] needs sys/queue.h 1206 - (djm) OpenBSD CVS Sync 1207 - djm@cvs.openbsd.org 2008/04/13 00:22:17 1208 [dh.c sshd.c] 1209 Use arc4random_buf() when requesting more than a single word of output 1210 Use arc4random_uniform() when the desired random number upper bound 1211 is not a power of two 1212 ok deraadt@ millert@ 1213 - djm@cvs.openbsd.org 2008/04/18 12:32:11 1214 [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h] 1215 introduce sftp extension methods statvfs@openssh.com and 1216 fstatvfs@openssh.com that implement statvfs(2)-like operations, 1217 based on a patch from miklos AT szeredi.hu (bz#1399) 1218 also add a "df" command to the sftp client that uses the 1219 statvfs@openssh.com to produce a df(1)-like display of filesystem 1220 space and inode utilisation 1221 ok markus@ 1222 - jmc@cvs.openbsd.org 2008/04/18 17:15:47 1223 [sftp.1] 1224 macro fixage; 1225 - djm@cvs.openbsd.org 2008/04/18 22:01:33 1226 [session.c] 1227 remove unneccessary parentheses 1228 - otto@cvs.openbsd.org 2008/04/29 11:20:31 1229 [monitor_mm.h] 1230 garbage collect two unused fields in struct mm_master; ok markus@ 1231 - djm@cvs.openbsd.org 2008/04/30 10:14:03 1232 [ssh-keyscan.1 ssh-keyscan.c] 1233 default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by 1234 larsnooden AT openoffice.org 1235 - pyr@cvs.openbsd.org 2008/05/07 05:49:37 1236 [servconf.c servconf.h session.c sshd_config.5] 1237 Enable the AllowAgentForwarding option in sshd_config (global and match 1238 context), to specify if agents should be permitted on the server. 1239 As the man page states: 1240 ``Note that disabling Agent forwarding does not improve security 1241 unless users are also denied shell access, as they can always install 1242 their own forwarders.'' 1243 ok djm@, ok and a mild frown markus@ 1244 - pyr@cvs.openbsd.org 2008/05/07 06:43:35 1245 [sshd_config] 1246 push the sshd_config bits in, spotted by ajacoutot@ 1247 - jmc@cvs.openbsd.org 2008/05/07 08:00:14 1248 [sshd_config.5] 1249 sort; 1250 - markus@cvs.openbsd.org 2008/05/08 06:59:01 1251 [bufaux.c buffer.h channels.c packet.c packet.h] 1252 avoid extra malloc/copy/free when receiving data over the net; 1253 ~10% speedup for localhost-scp; ok djm@ 1254 - djm@cvs.openbsd.org 2008/05/08 12:02:23 1255 [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c] 1256 [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c] 1257 [ssh.c sshd.c] 1258 Implement a channel success/failure status confirmation callback 1259 mechanism. Each channel maintains a queue of callbacks, which will 1260 be drained in order (RFC4253 guarantees confirm messages are not 1261 reordered within an channel). 1262 Also includes a abandonment callback to clean up if a channel is 1263 closed without sending confirmation messages. This probably 1264 shouldn't happen in compliant implementations, but it could be 1265 abused to leak memory. 1266 ok markus@ (as part of a larger diff) 1267 - djm@cvs.openbsd.org 2008/05/08 12:21:16 1268 [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c] 1269 [sshd_config sshd_config.5] 1270 Make the maximum number of sessions run-time controllable via 1271 a sshd_config MaxSessions knob. This is useful for disabling 1272 login/shell/subsystem access while leaving port-forwarding working 1273 (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or 1274 simply increasing the number of allows multiplexed sessions. 1275 Because some bozos are sure to configure MaxSessions in excess of the 1276 number of available file descriptors in sshd (which, at peak, might be 1277 as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds 1278 on error paths, and make it fail gracefully on out-of-fd conditions - 1279 sending channel errors instead of than exiting with fatal(). 1280 bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com 1281 ok markus@ 1282 - djm@cvs.openbsd.org 2008/05/08 13:06:11 1283 [clientloop.c clientloop.h ssh.c] 1284 Use new channel status confirmation callback system to properly deal 1285 with "important" channel requests that fail, in particular command exec, 1286 shell and subsystem requests. Previously we would optimistically assume 1287 that the requests would always succeed, which could cause hangs if they 1288 did not (e.g. when the server runs out of fds) or were unimplemented by 1289 the server (bz #1384) 1290 Also, properly report failing multiplex channel requests via the mux 1291 client stderr (subject to LogLevel in the mux master) - better than 1292 silently failing. 1293 most bits ok markus@ (as part of a larger diff) 1294 - djm@cvs.openbsd.org 2008/05/09 04:55:56 1295 [channels.c channels.h clientloop.c serverloop.c] 1296 Try additional addresses when connecting to a port forward destination 1297 whose DNS name resolves to more than one address. The previous behaviour 1298 was to try the first address and give up. 1299 Reported by stig AT venaas.com in bz#343 1300 great feedback and ok markus@ 1301 - djm@cvs.openbsd.org 2008/05/09 14:18:44 1302 [clientloop.c clientloop.h ssh.c mux.c] 1303 tidy up session multiplexing code, moving it into its own file and 1304 making the function names more consistent - making ssh.c and 1305 clientloop.c a fair bit more readable. 1306 ok markus@ 1307 - djm@cvs.openbsd.org 2008/05/09 14:26:08 1308 [ssh.c] 1309 dingo stole my diff hunk 1310 - markus@cvs.openbsd.org 2008/05/09 16:16:06 1311 [session.c] 1312 re-add the USE_PIPES code and enable it. 1313 without pipes shutdown-read from the sshd does not trigger 1314 a SIGPIPE when the forked program does a write. 1315 ok djm@ 1316 (Id sync only, USE_PIPES never left portable OpenSSH) 1317 - markus@cvs.openbsd.org 2008/05/09 16:17:51 1318 [channels.c] 1319 error-fd race: don't enable the error fd in the select bitmask 1320 for channels with both in- and output closed, since the channel 1321 will go away before we call select(); 1322 report, lots of debugging help and ok djm@ 1323 - markus@cvs.openbsd.org 2008/05/09 16:21:13 1324 [channels.h clientloop.c nchan.c serverloop.c] 1325 unbreak 1326 ssh -2 localhost od /bin/ls | true 1327 ignoring SIGPIPE by adding a new channel message (EOW) that signals 1328 the peer that we're not interested in any data it might send. 1329 fixes bz #85; discussion, debugging and ok djm@ 1330 - pvalchev@cvs.openbsd.org 2008/05/12 20:52:20 1331 [umac.c] 1332 Ensure nh_result lies on a 64-bit boundary (fixes warnings observed 1333 on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@ 1334 - djm@cvs.openbsd.org 2008/05/15 23:52:24 1335 [nchan2.ms] 1336 document eow message in ssh protocol 2 channel state machine; 1337 feedback and ok markus@ 1338 - djm@cvs.openbsd.org 2008/05/18 21:29:05 1339 [sftp-server.c] 1340 comment extension announcement 1341 - djm@cvs.openbsd.org 2008/05/16 08:30:42 1342 [PROTOCOL] 1343 document our protocol extensions and deviations; ok markus@ 1344 - djm@cvs.openbsd.org 2008/05/17 01:31:56 1345 [PROTOCOL] 1346 grammar and correctness fixes from stevesk@ 1347 134820080403 1349 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile- 1350 time warnings on LynxOS. Patch from ops AT iki.fi 1351 - (djm) Force string arguments to replacement setproctitle() though 1352 strnvis first. Ok dtucker@ 1353 135420080403 1355 - (djm) OpenBSD CVS sync: 1356 - markus@cvs.openbsd.org 2008/04/02 15:36:51 1357 [channels.c] 1358 avoid possible hijacking of x11-forwarded connections (back out 1.183) 1359 CVE-2008-1483; ok djm@ 1360 - jmc@cvs.openbsd.org 2008/03/27 22:37:57 1361 [sshd.8] 1362 remove trailing whitespace; 1363 - djm@cvs.openbsd.org 2008/04/03 09:50:14 1364 [version.h] 1365 openssh-5.0 1366 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] 1367 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files 1368 - (djm) [README] Update link to release notes 1369 - (djm) Release 5.0p1 1370