2 - (djm) Release OpenSSH-5.6p1
5 - (dtucker) [configure.ac openbsd-compat/Makefile.in
6 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
7 the compat library which helps on platforms like old IRIX. Based on work
8 by djm, tested by Tom Christensen.
10 - djm@cvs.openbsd.org 2010/08/12 21:49:44
12 close any extra file descriptors inherited from parent at start and
13 reopen stdin/stdout to /dev/null when forking for ControlPersist.
15 prevents tools that fork and run a captive ssh for communication from
16 failing to exit when the ssh completes while they wait for these fds to
17 close. The inherited fds may persist arbitrarily long if a background
18 mux master has been started by ControlPersist. cvs and scp were effected
21 "please commit" markus@
22 - (djm) [regress/README.regress] typo
25 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
26 regress/test-exec.sh] Under certain conditions when testing with sudo
27 tests would fail because the pidfile could not be read by a regular user.
28 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
29 Make sure cat is run by $SUDO. no objection from me. djm@
30 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
33 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
34 already set. Makes FreeBSD user openable tunnels useful; patch from
35 richard.burakowski+ossh AT mrburak.net, ok dtucker@
36 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
37 based in part on a patch from Colin Watson, ok djm@
41 - djm@cvs.openbsd.org 2010/08/08 16:26:42
44 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
45 [contrib/suse/openssh.spec] Crank version numbers
49 - djm@cvs.openbsd.org 2010/08/04 05:37:01
50 [ssh.1 ssh_config.5 sshd.8]
51 Remove mentions of weird "addr/port" alternate address format for IPv6
52 addresses combinations. It hasn't worked for ages and we have supported
53 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
54 - djm@cvs.openbsd.org 2010/08/04 05:40:39
55 [PROTOCOL.certkeys ssh-keygen.c]
56 tighten the rules for certificate encoding by requiring that options
57 appear in lexical order and make our ssh-keygen comply. ok markus@
58 - djm@cvs.openbsd.org 2010/08/04 05:42:47
59 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
61 enable certificates for hostbased authentication, from Iain Morgan;
63 - djm@cvs.openbsd.org 2010/08/04 05:49:22
65 commited the wrong version of the hostbased certificate diff; this
66 version replaces some strlc{py,at} verbosity with xasprintf() at
67 the request of markus@
68 - djm@cvs.openbsd.org 2010/08/04 06:07:11
69 [ssh-keygen.1 ssh-keygen.c]
70 Support CA keys in PKCS#11 tokens; feedback and ok markus@
71 - djm@cvs.openbsd.org 2010/08/04 06:08:40
73 clean for -Wuninitialized (Id sync only; portable had this change)
74 - djm@cvs.openbsd.org 2010/08/05 13:08:42
76 Fix a trio of bugs in the local/remote window calculation for datagram
77 data channels (i.e. TunnelForward):
79 Calculate local_consumed correctly in channel_handle_wfd() by measuring
80 the delta to buffer_len(c->output) from when we start to when we finish.
81 The proximal problem here is that the output_filter we use in portable
82 modified the length of the dequeued datagram (to futz with the headers
85 In channel_output_poll(), don't enqueue datagrams that won't fit in the
86 peer's advertised packet size (highly unlikely to ever occur) or which
87 won't fit in the peer's remaining window (more likely).
89 In channel_input_data(), account for the 4-byte string header in
90 datagram packets that we accept from the peer and enqueue in c->output.
92 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
96 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
97 PAM to sane values in case the PAM method doesn't write to them. Spotted by
100 - djm@cvs.openbsd.org 2010/07/16 04:45:30
102 avoid bogus compiler warning
103 - djm@cvs.openbsd.org 2010/07/16 14:07:35
105 more timing paranoia - compare all parts of the expected decrypted
106 data before returning. AFAIK not exploitable in the SSH protocol.
108 - djm@cvs.openbsd.org 2010/07/19 03:16:33
110 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
111 upload depth checks and causing verbose printing of transfers to always
112 be turned on; patch from imorgan AT nas.nasa.gov
113 - djm@cvs.openbsd.org 2010/07/19 09:15:12
114 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
115 add a "ControlPersist" option that automatically starts a background
116 ssh(1) multiplex master when connecting. This connection can stay alive
117 indefinitely, or can be set to automatically close after a user-specified
118 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
119 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
120 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
121 - djm@cvs.openbsd.org 2010/07/21 02:10:58
123 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
124 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
126 Ciphers is documented in ssh_config(5) these days
129 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
130 details about its behaviour WRT existing directories. Patch from
131 asguthrie at gmail com, ok djm.
134 - (djm) OpenBSD CVS Sync
135 - djm@cvs.openbsd.org 2010/07/02 04:32:44
137 unbreak strdelim() skipping past quoted strings, e.g.
138 AllowUsers "blah blah" blah
139 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
141 - djm@cvs.openbsd.org 2010/07/12 22:38:52
143 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
144 for protocol 2. ok markus@
145 - djm@cvs.openbsd.org 2010/07/12 22:41:13
147 expand %h to the hostname in ssh_config Hostname options. While this
148 sounds useless, it is actually handy for working with unqualified
154 Hostname %h.example.org
157 - djm@cvs.openbsd.org 2010/07/13 11:52:06
158 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
160 implement a timing_safe_cmp() function to compare memory without leaking
161 timing information by short-circuiting like memcmp() and use it for
162 some of the more sensitive comparisons (though nothing high-value was
163 readily attackable anyway); "looks ok" markus@
164 - djm@cvs.openbsd.org 2010/07/13 23:13:16
165 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
167 s/timing_safe_cmp/timingsafe_bcmp/g
168 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
170 finally ssh synopsis looks nice again! this commit just removes a ton of
171 hacks we had in place to make it work with old groff;
172 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
174 repair incorrect block nesting, which screwed up indentation;
175 problem reported and fix OK by jmc@
178 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
179 (line 77) should have been for no_x11_askpass.
182 - (djm) OpenBSD CVS Sync
183 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
186 - djm@cvs.openbsd.org 2010/06/26 23:04:04
188 oops, forgot to #include <canohost.h>; spotted and patch from chl@
189 - djm@cvs.openbsd.org 2010/06/29 23:15:30
190 [ssh-keygen.1 ssh-keygen.c]
191 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
193 - djm@cvs.openbsd.org 2010/06/29 23:16:46
194 [auth2-pubkey.c sshd_config.5]
195 allow key options (command="..." and friends) in AuthorizedPrincipals;
197 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
200 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
203 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
206 - millert@cvs.openbsd.org 2010/07/01 13:06:59
208 Fix a longstanding problem where if you suspend scp at the
209 password/passphrase prompt the terminal mode is not restored.
211 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
213 fix how we run the tests so we can successfully use SUDO='sudo -E'
215 - djm@cvs.openbsd.org 2010/06/29 23:59:54
217 regress tests for key options in AuthorizedPrincipals
220 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
224 - (djm) OpenBSD CVS Sync
225 - djm@cvs.openbsd.org 2010/05/21 05:00:36
227 colon() returns char*, so s/return (0)/return NULL/
228 - markus@cvs.openbsd.org 2010/06/08 21:32:19
230 check length of value returned C_GetAttributValue for != 0
231 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
232 - djm@cvs.openbsd.org 2010/06/17 07:07:30
234 Correct sizing of object to be allocated by calloc(), replacing
235 sizeof(state) with sizeof(*state). This worked by accident since
236 the struct contained a single int at present, but could have broken
237 in the future. patch from hyc AT symas.com
238 - djm@cvs.openbsd.org 2010/06/18 00:58:39
240 unbreak ls in working directories that contains globbing characters in
241 their pathnames. bz#1655 reported by vgiffin AT apple.com
242 - djm@cvs.openbsd.org 2010/06/18 03:16:03
244 Missing check for chroot_director == "none" (we already checked against
245 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
246 - djm@cvs.openbsd.org 2010/06/18 04:43:08
248 fix memory leak in do_realpath() error path; bz#1771, patch from
250 - djm@cvs.openbsd.org 2010/06/22 04:22:59
251 [servconf.c sshd_config.5]
252 expose some more sshd_config options inside Match blocks:
253 AuthorizedKeysFile AuthorizedPrincipalsFile
254 HostbasedUsesNameFromPacketOnly PermitTunnel
255 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
256 - djm@cvs.openbsd.org 2010/06/22 04:32:06
258 standardise error messages when attempting to open private key
259 files to include "progname: filename: error reason"
261 - djm@cvs.openbsd.org 2010/06/22 04:49:47
263 queue auth debug messages for bad ownership or permissions on the user's
264 keyfiles. These messages will be sent after the user has successfully
265 authenticated (where our client will display them with LogLevel=debug).
267 - djm@cvs.openbsd.org 2010/06/22 04:54:30
269 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
270 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
271 - djm@cvs.openbsd.org 2010/06/22 04:59:12
273 include the user name on "subsystem request for ..." log messages;
275 - djm@cvs.openbsd.org 2010/06/23 02:59:02
277 fix printing of extensions in v01 certificates that I broke in r1.190
278 - djm@cvs.openbsd.org 2010/06/25 07:14:46
279 [channels.c mux.c readconf.c readconf.h ssh.h]
280 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
281 forwards per direction; ok markus@ stevesk@
282 - djm@cvs.openbsd.org 2010/06/25 07:20:04
283 [channels.c session.c]
284 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
285 internal-sftp accidentally introduced in r1.253 by removing the code
286 that opens and dup /dev/null to stderr and modifying the channels code
287 to read stderr but discard it instead; ok markus@
288 - djm@cvs.openbsd.org 2010/06/25 08:46:17
289 [auth1.c auth2-none.c]
290 skip the initial check for access with an empty password when
291 PermitEmptyPasswords=no; bz#1638; ok markus@
292 - djm@cvs.openbsd.org 2010/06/25 23:10:30
294 log the hostname and address that we connected to at LogLevel=verbose
295 after authentication is successful to mitigate "phishing" attacks by
296 servers with trusted keys that accept authentication silently and
297 automatically before presenting fake password/passphrase prompts;
299 - djm@cvs.openbsd.org 2010/06/25 23:10:30
301 log the hostname and address that we connected to at LogLevel=verbose
302 after authentication is successful to mitigate "phishing" attacks by
303 servers with trusted keys that accept authentication silently and
304 automatically before presenting fake password/passphrase prompts;
308 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
312 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
313 rather than assuming that $CWD == $HOME. bz#1500, patch from
314 timothy AT gelter.com
317 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
318 minires-devel package, and to add the reference to the libedit-devel
319 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
322 - (djm) OpenBSD CVS Sync
323 - djm@cvs.openbsd.org 2010/05/07 11:31:26
324 [regress/Makefile regress/cert-userkey.sh]
325 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
326 feedback and ok markus@
327 - djm@cvs.openbsd.org 2010/05/11 02:58:04
329 don't accept certificates marked as "cert-authority" here; ok markus@
330 - djm@cvs.openbsd.org 2010/05/14 00:47:22
332 check that the certificate matches the corresponding private key before
334 - djm@cvs.openbsd.org 2010/05/14 23:29:23
335 [channels.c channels.h mux.c ssh.c]
336 Pause the mux channel while waiting for reply from aynch callbacks.
337 Prevents misordering of replies if new requests arrive while waiting.
339 Extend channel open confirm callback to allow signalling failure
340 conditions as well as success. Use this to 1) fix a memory leak, 2)
341 start using the above pause mechanism and 3) delay sending a success/
342 failure message on mux slave session open until we receive a reply from
345 motivated by and with feedback from markus@
346 - markus@cvs.openbsd.org 2010/05/16 12:55:51
347 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
348 mux support for remote forwarding with dynamic port allocation,
350 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
352 - djm@cvs.openbsd.org 2010/05/20 11:25:26
354 fix logspam when key options (from="..." especially) deny non-matching
355 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
356 - djm@cvs.openbsd.org 2010/05/20 23:46:02
357 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
358 Move the permit-* options to the non-critical "extensions" field for v01
359 certificates. The logic is that if another implementation fails to
360 implement them then the connection just loses features rather than fails
366 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
367 circular dependency problem on old or odd platforms. From Tom Lane, ok
369 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
370 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
375 - djm@cvs.openbsd.org 2010/04/23 01:47:41
377 bz#1740: display a more helpful error message when $HOME is
378 inaccessible while trying to create .ssh directory. Based on patch
379 from jchadima AT redhat.com; ok dtucker@
380 - djm@cvs.openbsd.org 2010/04/23 22:27:38
382 set "detach_close" flag when registering channel cleanup callbacks.
383 This causes the channel to close normally when its fds close and
384 hangs when terminating a mux slave using ~. bz#1758; ok markus@
385 - djm@cvs.openbsd.org 2010/04/23 22:42:05
387 set stderr to /dev/null for subsystems rather than just closing it.
388 avoids hangs if a subsystem or shell initialisation writes to stderr.
390 - djm@cvs.openbsd.org 2010/04/23 22:48:31
392 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
393 since we would refuse to use them anyway. bz#1516; ok dtucker@
394 - djm@cvs.openbsd.org 2010/04/26 22:28:24
396 bz#1502: authctxt.success is declared as an int, but passed by
397 reference to function that accepts sig_atomic_t*. Convert it to
398 the latter; ok markus@ dtucker@
399 - djm@cvs.openbsd.org 2010/05/01 02:50:50
402 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
404 restore mput and mget which got lost in the tab-completion changes.
405 found by Kenneth Whitaker, ok djm@
406 - djm@cvs.openbsd.org 2010/05/07 11:30:30
407 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
408 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
409 add some optional indirection to matching of principal names listed
410 in certificates. Currently, a certificate must include the a user's name
411 to be accepted for authentication. This change adds the ability to
412 specify a list of certificate principal names that are acceptable.
414 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
415 this adds a new principals="name1[,name2,...]" key option.
417 For CAs listed through sshd_config's TrustedCAKeys option, a new config
418 option "AuthorizedPrincipalsFile" specifies a per-user file containing
419 the list of acceptable names.
421 If either option is absent, the current behaviour of requiring the
422 username to appear in principals continues to apply.
424 These options are useful for role accounts, disjoint account namespaces
425 and "user@realm"-style naming policies in certificates.
427 feedback and ok markus@
428 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
433 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
434 in the openssl install directory (some newer openssl versions do this on at
435 least some amd64 platforms).
439 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
441 tweak previous; ok djm
442 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
443 [ssh-keygen.1 ssh-keygen.c]
444 tweak previous; ok djm
445 - djm@cvs.openbsd.org 2010/04/16 21:14:27
447 oops, %r => remote username, not %u
448 - djm@cvs.openbsd.org 2010/04/16 01:58:45
449 [regress/cert-hostkey.sh regress/cert-userkey.sh]
450 regression tests for v01 certificate format
451 includes interop tests for v00 certs
452 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
456 - (djm) Release openssh-5.5p1
458 - djm@cvs.openbsd.org 2010/03/26 03:13:17
460 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
461 argument to allow skipping past values in a buffer
462 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
465 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
467 tweak previous; ok dtucker
468 - djm@cvs.openbsd.org 2010/04/10 00:00:16
470 bz#1746 - suppress spurious tty warning when using -O and stdin
471 is not a tty; ok dtucker@ markus@
472 - djm@cvs.openbsd.org 2010/04/10 00:04:30
474 fix terminology: we didn't find a certificate in known_hosts, we found
476 - djm@cvs.openbsd.org 2010/04/10 02:08:44
478 bz#1698: kill channel when pty allocation requests fail. Fixed
479 stuck client if the server refuses pty allocation.
480 ok dtucker@ "think so" markus@
481 - djm@cvs.openbsd.org 2010/04/10 02:10:56
483 show the key type that we are offering in debug(), helps distinguish
484 between certs and plain keys as the path to the private key is usually
486 - djm@cvs.openbsd.org 2010/04/10 05:48:16
488 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
489 - djm@cvs.openbsd.org 2010/04/14 22:27:42
490 [ssh_config.5 sshconnect.c]
491 expand %r => remote username in ssh_config:ProxyCommand;
493 - markus@cvs.openbsd.org 2010/04/15 20:32:55
495 retry lookup for private key if there's no matching key with CKA_SIGN
496 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
498 - djm@cvs.openbsd.org 2010/04/16 01:47:26
499 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
500 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
501 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
502 [sshconnect.c sshconnect2.c sshd.c]
503 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
506 move the nonce field to the beginning of the certificate where it can
507 better protect against chosen-prefix attacks on the signature hash
509 Rename "constraints" field to "critical options"
511 Add a new non-critical "extensions" field
515 The older format is still support for authentication and cert generation
516 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
521 - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
522 back so we disable the IPv6 tests if we don't have it.
525 - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong
526 ones. Based on a patch from Roumen Petrov.
527 - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we
528 have it and the path is not provided to --with-libedit. Based on a patch
530 - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable
531 utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
534 - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection
535 for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
536 - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally
537 by Ingo Weinhold via Scott McCreary, ok djm@
538 - (djm) OpenBSD CVS Sync
539 - djm@cvs.openbsd.org 2010/03/25 23:38:28
541 from portable: getcwd(NULL, 0) doesn't work on all platforms, so
542 use a stack buffer; ok dtucker@
543 - djm@cvs.openbsd.org 2010/03/26 00:26:58
545 mention that -S none disables connection sharing; from Colin Watson
546 - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
547 set up SELinux execution context before chroot() call. From Russell
548 Coker via Colin watson; bz#1726 ok dtucker@
549 - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721
551 - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using
552 pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold).
553 - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys;
554 bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@
555 - (dtucker) OpenBSD CVS Sync
556 - dtucker@cvs.openbsd.org 2010/03/26 01:06:13
558 Reformat default value of PreferredAuthentications entry (current
559 formatting implies ", " is acceptable as a separator, which it's not.
563 - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
564 containing the services file explicitely case-insensitive. This allows to
565 tweak the Windows services file reliably. Patch from vinschen at redhat.
568 - (djm) OpenBSD CVS Sync
569 - jmc@cvs.openbsd.org 2010/03/08 09:41:27
571 sort the list of constraints (to -O); ok djm
572 - jmc@cvs.openbsd.org 2010/03/10 07:40:35
574 typos; from Ross Richardson
575 closes prs 6334 and 6335
576 - djm@cvs.openbsd.org 2010/03/10 23:27:17
578 correct certificate logging and make it more consistent between
579 authorized_keys and TrustedCAKeys; ok markus@
580 - djm@cvs.openbsd.org 2010/03/12 01:06:25
582 unbreak AuthorizedKeys option with a $HOME-relative path; reported by
583 vinschen AT redhat.com, ok dtucker@
584 - markus@cvs.openbsd.org 2010/03/12 11:37:40
586 do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
587 free() (not xfree()) the buffer returned by getcwd()
588 - djm@cvs.openbsd.org 2010/03/13 21:10:38
590 protocol conformance fix: send language tag when disconnecting normally;
591 spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
592 - djm@cvs.openbsd.org 2010/03/13 21:45:46
594 Certificates are named *-cert.pub, not *_cert.pub; committing a diff
596 - jmc@cvs.openbsd.org 2010/03/13 23:38:13
598 fix a formatting error (args need quoted); noted by stevesk
599 - stevesk@cvs.openbsd.org 2010/03/15 19:40:02
600 [key.c key.h ssh-keygen.c]
601 also print certificate type (user or host) for ssh-keygen -L
603 - stevesk@cvs.openbsd.org 2010/03/16 15:46:52
605 spelling in error message. ok djm kettenis
606 - djm@cvs.openbsd.org 2010/03/16 16:36:49
608 crank version to openssh-5.5 since we have a few fixes since 5.4;
609 requested deraadt@ kettenis@
610 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
611 [contrib/suse/openssh.spec] Crank version numbers
614 - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix
615 compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot
617 - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for
618 ssh-pkcs11-helper to repair static builds (we do the same for
619 ssh-keyscan). Reported by felix-mindrot AT fefe.de
622 - (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir)
623 - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.
624 Patch from Corinna Vinschen.
625 - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install
626 on a Cygwin installation. Patch from Corinna Vinschen.
629 - (tim) [contrib/suse/openssh.spec] crank version number here too.
630 report by imorgan AT nas.nasa.gov
633 - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
634 so setting it in CFLAGS correctly skips IPv6 tests.
637 - (djm) OpenBSD CVS Sync
638 - djm@cvs.openbsd.org 2010/03/07 22:16:01
640 make internal strptime string match strftime format;
641 suggested by vinschen AT redhat.com and markus@
642 - djm@cvs.openbsd.org 2010/03/08 00:28:55
644 document permit-agent-forwarding certificate constraint; patch from
646 - djm@cvs.openbsd.org 2010/03/07 22:01:32
649 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
650 crank version numbers
651 - (djm) Release OpenSSH-5.4p1
654 - (dtucker) [auth.c] Bug #1710: call setauthdb on AIX before getpwuid so that
655 it gets the passwd struct from the LAM that knows about the user which is
656 not necessarily the default. Patch from Alexandre Letourneau.
657 - (dtucker) [session.c] Bug #1567: move setpcred call to before chroot and
658 do not set real uid, since that's needed for the chroot, and will be set
659 by permanently_set_uid.
660 - (dtucker) [session.c] Also initialize creds to NULL for handing to
662 - (dtucker) OpenBSD CVS Sync
663 - dtucker@cvs.openbsd.org 2010/03/07 11:57:13
664 [auth-rhosts.c monitor.c monitor_wrap.c session.c auth-options.c sshd.c]
665 Hold authentication debug messages until after successful authentication.
666 Fixes an info leak of environment variables specified in authorized_keys,
667 reported by Jacob Appelbaum. ok djm@
671 - jmc@cvs.openbsd.org 2010/03/04 12:51:25
672 [ssh.1 sshd_config.5]
674 - djm@cvs.openbsd.org 2010/03/04 20:35:08
675 [ssh-keygen.1 ssh-keygen.c]
676 Add a -L flag to print the contents of a certificate; ok markus@
677 - jmc@cvs.openbsd.org 2010/03/04 22:52:40
680 - djm@cvs.openbsd.org 2010/03/04 23:17:25
682 missing word; spotted by jmc@
683 - djm@cvs.openbsd.org 2010/03/04 23:19:29
685 move section on CA and revoked keys from ssh.1 to sshd.8's known hosts
686 format section and rework it a bit; requested by jmc@
687 - djm@cvs.openbsd.org 2010/03/04 23:27:25
688 [auth-options.c ssh-keygen.c]
689 "force-command" is not spelled "forced-command"; spotted by
690 imorgan AT nas.nasa.gov
691 - djm@cvs.openbsd.org 2010/03/05 02:58:11
693 make the warning for a revoked key louder and more noticable
694 - jmc@cvs.openbsd.org 2010/03/05 06:50:35
697 - jmc@cvs.openbsd.org 2010/03/05 08:31:20
699 document certificate authentication; help/ok djm
700 - djm@cvs.openbsd.org 2010/03/05 10:28:21
701 [ssh-add.1 ssh.1 ssh_config.5]
702 mention loading of certificate files from [private]-cert.pub when
703 they are present; feedback and ok jmc@
704 - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older
706 - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure
708 - (djm) [configure.ac] set -fno-strict-aliasing for gcc4; ok dtucker@
711 - (djm) [ssh-keygen.c] Use correct local variable, instead of
712 maybe-undefined global "optarg"
713 - (djm) [contrib/redhat/openssh.spec] Replace obsolete BuildPreReq
714 on XFree86-devel with neutral /usr/include/X11/Xlib.h;
715 imorgan AT nas.nasa.gov in bz#1731
716 - (djm) [.cvsignore] Ignore ssh-pkcs11-helper
717 - (djm) [regress/Makefile] Cleanup sshd_proxy_orig
719 - djm@cvs.openbsd.org 2010/03/03 01:44:36
720 [auth-options.c key.c]
721 reject strings with embedded ASCII nul chars in certificate key IDs,
722 principal names and constraints
723 - djm@cvs.openbsd.org 2010/03/03 22:49:50
725 the authorized_keys option for CA keys is "cert-authority", not
726 "from=cert-authority". spotted by imorgan AT nas.nasa.gov
727 - djm@cvs.openbsd.org 2010/03/03 22:50:40
729 s/similar same/similar/; from imorgan AT nas.nasa.gov
730 - djm@cvs.openbsd.org 2010/03/04 01:44:57
732 use buffer_get_string_ptr_ret() where we are checking the return
733 value explicitly instead of the fatal()-causing buffer_get_string_ptr()
734 - djm@cvs.openbsd.org 2010/03/04 10:36:03
735 [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
736 [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
737 [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
738 Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
739 are trusted to authenticate users (in addition than doing it per-user
742 Add a RevokedKeys option to sshd_config and a @revoked marker to
743 known_hosts to allow keys to me revoked and banned for user or host
746 feedback and ok markus@
747 - djm@cvs.openbsd.org 2010/03/03 00:47:23
748 [regress/cert-hostkey.sh regress/cert-userkey.sh]
749 add an extra test to ensure that authentication with the wrong
750 certificate fails as it should (and it does)
751 - djm@cvs.openbsd.org 2010/03/04 10:38:23
752 [regress/cert-hostkey.sh regress/cert-userkey.sh]
753 additional regression tests for revoked keys and TrustedUserCAKeys
756 - (djm) [PROTOCOL.certkeys] Add RCS Ident
758 - jmc@cvs.openbsd.org 2010/02/26 22:09:28
759 [ssh-keygen.1 ssh.1 sshd.8]
761 - otto@cvs.openbsd.org 2010/03/01 11:07:06
763 zap what seems to be a left-over debug message; ok markus@
764 - djm@cvs.openbsd.org 2010/03/02 23:20:57
766 POSIX strptime is stricter than OpenBSD's so do a little dance to
768 - (djm) [regress/cert-userkey.sh] s/echo -n/echon/ here too
771 - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
772 http://git.savannah.gnu.org/gitweb/ (2009-12-30 and 2010-01-22
776 - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace
777 "echo -n" with "echon" for portability.
778 - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM
779 adjust log at verbose only, since according to cjwatson in bug #1470
780 some virtualization platforms don't allow writes.
783 - (djm) [auth.c] On Cygwin, refuse usernames that have differences in
784 case from that matched in the system password database. On this
785 platform, passwords are stored case-insensitively, but sshd requires
786 exact case matching for Match blocks in sshd_config(5). Based on
787 a patch from vinschen AT redhat.com.
788 - (tim) [ssh-pkcs11-helper.c] Move declarations before calling functions
789 to make older compilers (gcc 2.95) happy.
792 - (djm) [ssh-pkcs11-helper.c ] Ensure RNG is initialised and seeded
793 - (djm) [openbsd-compat/bsd-cygwin_util.c] Reduce the set of environment
794 variables copied into sshd child processes. From vinschen AT redhat.com
798 - djm@cvs.openbsd.org 2010/02/26 20:29:54
799 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c]
800 [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c]
801 [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c]
802 [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c]
803 [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c]
804 [sshconnect2.c sshd.8 sshd.c sshd_config.5]
805 Add support for certificate key types for users and hosts.
807 OpenSSH certificate key types are not X.509 certificates, but a much
808 simpler format that encodes a public key, identity information and
809 some validity constraints and signs it with a CA key. CA keys are
810 regular SSH keys. This certificate style avoids the attack surface
811 of X.509 certificates and is very easy to deploy.
813 Certified host keys allow automatic acceptance of new host keys
814 when a CA certificate is marked as trusted in ~/.ssh/known_hosts.
815 see VERIFYING HOST KEYS in ssh(1) for details.
817 Certified user keys allow authentication of users when the signing
818 CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS
819 FILE FORMAT" in sshd(8) for details.
821 Certificates are minted using ssh-keygen(1), documentation is in
822 the "CERTIFICATES" section of that manpage.
824 Documentation on the format of certificates is in the file
827 feedback and ok markus@
828 - djm@cvs.openbsd.org 2010/02/26 20:33:21
829 [Makefile regress/cert-hostkey.sh regress/cert-userkey.sh]
830 regression tests for certified keys
833 - (djm) [pkcs11.h ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
834 [ssh-pkcs11.h] Add $OpenBSD$ RCS idents so we can sync portable
835 - (djm) OpenBSD CVS Sync
836 - djm@cvs.openbsd.org 2010/02/11 20:37:47
839 - dtucker@cvs.openbsd.org 2009/11/09 04:20:04
841 add regression test for ssh-keygen pubkey conversions
842 - dtucker@cvs.openbsd.org 2010/01/11 02:53:44
843 [regress/forwarding.sh]
844 regress test for stdio forwarding
845 - djm@cvs.openbsd.org 2010/02/09 04:57:36
846 [regress/addrmatch.sh]
848 - djm@cvs.openbsd.org 2010/02/09 06:29:02
850 turn on all the malloc(3) checking options when running regression
851 tests. this has caught a few bugs for me in the past; ok dtucker@
852 - djm@cvs.openbsd.org 2010/02/24 06:21:56
853 [regress/test-exec.sh]
854 wait for sshd to fully stop in cleanup() function; avoids races in tests
855 that do multiple start_sshd/cleanup cycles; "I hate pidfiles" deraadt@
856 - markus@cvs.openbsd.org 2010/02/08 10:52:47
857 [regress/agent-pkcs11.sh]
858 test for PKCS#11 support (currently disabled)
859 - (djm) [Makefile.in ssh-pkcs11-helper.8] Add manpage for PKCS#11 helper
860 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
861 [contrib/suse/openssh.spec] Add PKCS#11 helper binary and manpage
864 - (djm) OpenBSD CVS Sync
865 - djm@cvs.openbsd.org 2010/02/02 22:49:34
867 make buffer_get_string_ret() really non-fatal in all cases (it was
868 using buffer_get_int(), which could fatal() on buffer empty);
870 - markus@cvs.openbsd.org 2010/02/08 10:50:20
871 [pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
872 [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
873 replace our obsolete smartcard code with PKCS#11.
874 ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
875 ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
876 provider (shared library) while ssh-agent(1) delegates PKCS#11 to
877 a forked a ssh-pkcs11-helper process.
878 PKCS#11 is currently a compile time option.
879 feedback and ok djm@; inspired by patches from Alon Bar-Lev
880 - jmc@cvs.openbsd.org 2010/02/08 22:03:05
881 [ssh-add.1 ssh-keygen.1 ssh.1 ssh.c]
882 tweak previous; ok markus
883 - djm@cvs.openbsd.org 2010/02/09 00:50:36
885 fallout from PKCS#11: unbreak -D
886 - djm@cvs.openbsd.org 2010/02/09 00:50:59
889 - djm@cvs.openbsd.org 2010/02/09 03:56:28
891 constify the arguments to buffer_len, buffer_ptr and buffer_dump
892 - djm@cvs.openbsd.org 2010/02/09 06:18:46
894 unbreak ChrootDirectory+internal-sftp by skipping check for executable
895 shell when chrooting; reported by danh AT wzrd.com; ok dtucker@
896 - markus@cvs.openbsd.org 2010/02/10 23:20:38
897 [ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5]
898 pkcs#11 is no longer optional; improve wording; ok jmc@
899 - jmc@cvs.openbsd.org 2010/02/11 13:23:29
902 - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c]
903 [scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java]
904 Remove obsolete smartcard support
905 - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
906 Make it compile on OSX
907 - (djm) [ssh-pkcs11-client.c ssh-pkcs11-helper.c ssh-pkcs11.c]
908 Use ssh_get_progname to fill __progname
909 - (djm) [configure.ac] Enable PKCS#11 support only when we find a working
913 - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for
914 getseuserbyname; patch from calebcase AT gmail.com via
915 cjwatson AT debian.org
918 - (djm) OpenBSD CVS Sync
919 - djm@cvs.openbsd.org 2010/01/30 21:08:33
921 debug output goes to stderr, not "the system log"; ok markus dtucker
922 - djm@cvs.openbsd.org 2010/01/30 21:12:08
924 fake local addr:port when stdio fowarding as some servers (Tectia at
925 least) validate that they are well-formed;
926 reported by imorgan AT nas.nasa.gov
930 - (djm) OpenBSD CVS Sync
931 - djm@cvs.openbsd.org 2010/01/28 00:21:18
933 downgrade an error() to a debug() - this particular case can be hit in
934 normal operation for certain sequences of mux slave vs session closure
936 - djm@cvs.openbsd.org 2010/01/29 00:20:41
938 set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT redhat.com
940 - djm@cvs.openbsd.org 2010/01/29 20:16:17
942 kill correct channel (was killing already-dead mux channel, not
944 - djm@cvs.openbsd.org 2010/01/30 02:54:53
946 don't mark channel as read failed if it is already closing; suppresses
947 harmless error messages when connecting to SSH.COM Tectia server
948 report by imorgan AT nas.nasa.gov
951 - (dtucker) [openbsd-compat/openssl-compat.c] Bug #1707: Call OPENSSL_config()
952 after registering the hardware engines, which causes the openssl.cnf file to
953 be processed. See OpenSSL's man page for OPENSSL_config(3) for details.
954 Patch from Solomon Peachy, ok djm@.
957 - (djm) OpenBSD CVS Sync
958 - djm@cvs.openbsd.org 2010/01/26 02:15:20
960 -Wuninitialized and remove a // comment; from portable
962 - djm@cvs.openbsd.org 2010/01/27 13:26:17
964 fix bug introduced in mux rewrite:
966 In a mux master, when a socket to a mux slave closes before its server
967 session (as may occur when the slave has been signalled), gracefully
968 close the server session rather than deleting its channel immediately.
969 A server may have more messages on that channel to send (e.g. an exit
970 message) that will fatal() the client if they are sent to a channel that
971 has been prematurely deleted.
973 spotted by imorgan AT nas.nasa.gov
974 - djm@cvs.openbsd.org 2010/01/27 19:21:39
976 add missing "p" flag to getopt optstring;
977 bz#1704 from imorgan AT nas.nasa.gov
980 - (djm) OpenBSD CVS Sync
981 - tedu@cvs.openbsd.org 2010/01/17 21:49:09
983 Correct and clarify ssh-add's password asking behavior.
984 Improved text dtucker and ok jmc
985 - dtucker@cvs.openbsd.org 2010/01/18 01:50:27
987 s/long long unsigned/unsigned long long/, from tim via portable
988 (Id sync only, change already in portable)
989 - djm@cvs.openbsd.org 2010/01/26 01:28:35
990 [channels.c channels.h clientloop.c clientloop.h mux.c nchan.c ssh.c]
991 rewrite ssh(1) multiplexing code to a more sensible protocol.
993 The new multiplexing code uses channels for the listener and
994 accepted control sockets to make the mux master non-blocking, so
995 no stalls when processing messages from a slave.
997 avoid use of fatal() in mux master protocol parsing so an errant slave
998 process cannot take down a running master.
1000 implement requesting of port-forwards over multiplexed sessions. Any
1001 port forwards requested by the slave are added to those the master has
1004 add support for stdio forwarding ("ssh -W host:port ...") in mux slaves.
1006 document master/slave mux protocol so that other tools can use it to
1007 control a running ssh(1). Note: there are no guarantees that this
1008 protocol won't be incompatibly changed (though it is versioned).
1010 feedback Salvador Fandino, dtucker@
1011 channel changes ok markus@
1014 - (tim) [configure.ac] Due to constraints in Windows Sockets in terms of
1015 socket inheritance, reduce the default SO_RCVBUF/SO_SNDBUF buffer size
1016 in Cygwin to 65535. Patch from Corinna Vinschen.
1019 - (tim) [configure.ac] OpenServer 5 needs BROKEN_GETADDRINFO too.
1020 - (tim) [configure.ac] On SVR5 systems, use the C99-conforming functions
1021 snprintf() and vsnprintf() named _xsnprintf() and _xvsnprintf().
1024 - (dtucker) [openbsd-compat/pwcache.c] Pull in includes.h and thus defines.h
1025 so we correctly detect whether or not we have a native user_from_uid.
1026 - (dtucker) [openbsd-compat/openbsd-compat.h] Prototypes for user_from_uid
1028 - (dtucker) [openbsd-compat/openbsd-compat.h] Fix prototypes, spotted by
1030 - (dtucker) OpenBSD CVS Sync
1031 - markus@cvs.openbsd.org 2010/01/15 09:24:23
1034 - (dtucker) [openbsd-compat/pwcache.c] Shrink ifdef area to prevent unused
1036 - (dtucker) [openbsd-compat/openbsd-compat.h] Typo.
1037 - (tim) [regress/portnum.sh] Shell portability fix.
1038 - (tim) [configure.ac] Define BROKEN_GETADDRINFO on SVR5 systems. The native
1039 getaddrinfo() is too old and limited for addr_pton() in addrmatch.c.
1040 - (tim) [roaming_client.c] Use of <sys/queue.h> is not really portable so we
1041 use "openbsd-compat/sys-queue.h". s/long long unsigned/unsigned long long/
1042 to keep USL compilers happy.
1045 - (dtucker) OpenBSD CVS Sync
1046 - jmc@cvs.openbsd.org 2010/01/13 12:48:34
1048 sftp.1: put ls -h in the right place
1049 sftp.c: as above, plus add -p to get/put, and shorten their arg names
1050 to keep the help usage nicely aligned
1052 - djm@cvs.openbsd.org 2010/01/13 23:47:26
1054 when using ChrootDirectory, make sure we test for the existence of the
1055 user's shell inside the chroot; bz #1679, patch from alex AT rtfs.hu;
1057 - dtucker@cvs.openbsd.org 2010/01/14 23:41:49
1059 use user_from{uid,gid} to lookup up ids since it keeps a small cache.
1061 - guenther@cvs.openbsd.org 2010/01/15 00:05:22
1063 Reset SIGTERM to SIG_DFL before executing ssh, so that even if sftp
1064 inherited SIGTERM as ignored it will still be able to kill the ssh it
1067 - (dtucker) [openbsd-compat/pwcache.c] Pull in pwcache.c from OpenBSD (no
1068 changes yet but there will be some to come).
1069 - (dtucker) [configure.ac openbsd-compat/{Makefile.in,pwcache.c} Portability
1070 for pwcache. Also, added caching of negative hits.
1073 - (djm) [platform.h] Add missing prototype for
1074 platform_krb5_get_principal_name
1077 - (dtucker) [monitor_fdpass.c] Wrap poll.h include in ifdefs.
1078 - (dtucker) [openbsd-compat/readpassphrase.c] Resync against OpenBSD's r1.18:
1079 missing restore of SIGTTOU and some whitespace.
1080 - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.21.
1081 - (dtucker) [openbsd-compat/readpassphrase.c] Update to OpenBSD's r1.22.
1082 Fixes bz #1590, where sometimes you could not interrupt a connection while
1083 ssh was prompting for a passphrase or password.
1084 - (dtucker) OpenBSD CVS Sync
1085 - dtucker@cvs.openbsd.org 2010/01/13 00:19:04
1086 [sshconnect.c auth.c]
1087 Fix a couple of typos/mispellings in comments
1088 - dtucker@cvs.openbsd.org 2010/01/13 01:10:56
1090 Ignore and log any Protocol 1 keys where the claimed size is not equal to
1091 the actual size. Noted by Derek Martin, ok djm@
1092 - dtucker@cvs.openbsd.org 2010/01/13 01:20:20
1093 [canohost.c ssh-keysign.c sshconnect2.c]
1094 Make HostBased authentication work with a ProxyCommand. bz #1569, patch
1095 from imorgan at nas nasa gov, ok djm@
1096 - djm@cvs.openbsd.org 2010/01/13 01:40:16
1097 [sftp.c sftp-server.c sftp.1 sftp-common.c sftp-common.h]
1098 support '-h' (human-readable units) for sftp's ls command, just like
1100 - djm@cvs.openbsd.org 2010/01/13 03:48:13
1101 [servconf.c servconf.h sshd.c]
1102 avoid run-time failures when specifying hostkeys via a relative
1103 path by prepending the cwd in these cases; bz#1290; ok dtucker@
1104 - djm@cvs.openbsd.org 2010/01/13 04:10:50
1106 don't append a space after inserting a completion of a directory (i.e.
1107 a path ending in '/') for a slightly better user experience; ok dtucker@
1108 - (dtucker) [sftp-common.c] Wrap include of util.h in an ifdef.
1109 - (tim) [defines.h] openbsd-compat/readpassphrase.c now needs _NSIG.
1110 feedback and ok dtucker@
1113 - (dtucker) OpenBSD CVS Sync
1114 - dtucker@cvs.openbsd.org 2010/01/11 01:39:46
1115 [ssh_config channels.c ssh.1 channels.h ssh.c]
1116 Add a 'netcat mode' (ssh -W). This connects stdio on the client to a
1117 single port forward on the server. This allows, for example, using ssh as
1118 a ProxyCommand to route connections via intermediate servers.
1119 bz #1618, man page help from jmc@, ok markus@
1120 - dtucker@cvs.openbsd.org 2010/01/11 04:46:45
1121 [authfile.c sshconnect2.c]
1122 Do not prompt for a passphrase if we fail to open a keyfile, and log the
1123 reason the open failed to debug.
1124 bz #1693, found by tj AT castaglia org, ok djm@
1125 - djm@cvs.openbsd.org 2010/01/11 10:51:07
1127 when converting keys, truncate key comments at 72 chars as per RFC4716;
1128 bz#1630 reported by tj AT castaglia.org; ok markus@
1129 - dtucker@cvs.openbsd.org 2010/01/12 00:16:47
1131 Fix bug introduced in r1.78 (incorrect brace location) that broke key auth.
1132 Patch from joachim joachimschipper nl.
1133 - djm@cvs.openbsd.org 2010/01/12 00:58:25
1135 avoid spinning when fd passing on nonblocking sockets by calling poll()
1136 in the EINTR/EAGAIN path, much like we do in atomicio; ok dtucker@
1137 - djm@cvs.openbsd.org 2010/01/12 00:59:29
1139 delete with extreme prejudice a debug() that fired with every keypress;
1141 - dtucker@cvs.openbsd.org 2010/01/12 01:31:05
1143 Do not allow logins if /etc/nologin exists but is not readable by the user
1144 logging in. Noted by Jan.Pechanec at Sun, ok djm@ deraadt@
1145 - djm@cvs.openbsd.org 2010/01/12 01:36:08
1147 add a buffer_get_string_ptr_ret() that does the same as
1148 buffer_get_string_ptr() but does not fatal() on error; ok dtucker@
1149 - dtucker@cvs.openbsd.org 2010/01/12 08:33:17
1151 Add explicit stat so we reliably detect nologin with bad perms.
1155 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c]
1156 Remove hacks add for RoutingDomain in preparation for its removal.
1157 - (dtucker) OpenBSD CVS Sync
1158 - dtucker@cvs.openbsd.org 2010/01/09 23:04:13
1159 [channels.c ssh.1 servconf.c sshd_config.5 sshd.c channels.h servconf.h
1160 ssh-keyscan.1 ssh-keyscan.c readconf.c sshconnect.c misc.c ssh.c
1161 readconf.h scp.1 sftp.1 ssh_config.5 misc.h]
1162 Remove RoutingDomain from ssh since it's now not needed. It can be
1163 replaced with "route exec" or "nc -V" as a proxycommand. "route exec"
1164 also ensures that trafic such as DNS lookups stays withing the specified
1165 routingdomain. For example (from reyk):
1166 # route -T 2 exec /usr/sbin/sshd
1167 or inherited from the parent process
1168 $ route -T 2 exec sh
1170 ok deraadt@ markus@ stevesk@ reyk@
1171 - dtucker@cvs.openbsd.org 2010/01/10 03:51:17
1173 Add ChrootDirectory to sshd.c test-mode output
1174 - dtucker@cvs.openbsd.org 2010/01/10 07:15:56
1176 Output a debug if we can't open an existing keyfile. bz#1694, ok djm@
1179 - (dtucker) Wrap use of IPPROTO_IPV6 in an ifdef for platforms that don't
1181 - (dtucker) [defines.h] define PRIu64 for platforms that don't have it.
1182 - (dtucker) [roaming_client.c] Wrap inttypes.h in an ifdef.
1183 - (dtucker) [loginrec.c] Use the SUSv3 specified name for the user name
1184 when using utmpx. Patch from Ed Schouten.
1185 - (dtucker) OpenBSD CVS Sync
1186 - djm@cvs.openbsd.org 2010/01/09 00:20:26
1187 [sftp-server.c sftp-server.8]
1188 add a 'read-only' mode to sftp-server(8) that disables open in write mode
1189 and all other fs-modifying protocol methods. bz#430 ok dtucker@
1190 - djm@cvs.openbsd.org 2010/01/09 00:57:10
1193 - jmc@cvs.openbsd.org 2010/01/09 03:36:00
1195 bad place to forget a comma...
1196 - djm@cvs.openbsd.org 2010/01/09 05:04:24
1197 [mux.c sshpty.h clientloop.c sshtty.c]
1198 quell tc[gs]etattr warnings when forcing a tty (ssh -tt), since we
1199 usually don't actually have a tty to read/set; bz#1686 ok dtucker@
1200 - dtucker@cvs.openbsd.org 2010/01/09 05:17:00
1202 Remove a PRIu64 format string that snuck in with roaming. ok djm@
1203 - dtucker@cvs.openbsd.org 2010/01/09 11:13:02
1205 Prevent sftp from derefing a null pointer when given a "-" without a
1206 command. Also, allow whitespace to follow a "-". bz#1691, path from
1207 Colin Watson via Debian. ok djm@ deraadt@
1208 - dtucker@cvs.openbsd.org 2010/01/09 11:17:56
1210 Afer sshd receives a SIGHUP, ignore subsequent HUPs while sshd re-execs
1211 itself. Prevents two HUPs in quick succession from resulting in sshd
1212 dying. bz#1692, patch from Colin Watson via Ubuntu.
1213 - (dtucker) [defines.h] Remove now-undeeded PRIu64 define.
1216 - (dtucker) OpenBSD CVS Sync
1217 - andreas@cvs.openbsd.org 2009/10/24 11:11:58
1219 Declarations needed for upcoming changes.
1221 - andreas@cvs.openbsd.org 2009/10/24 11:13:54
1222 [sshconnect2.c kex.h kex.c]
1223 Let the client detect if the server supports roaming by looking
1224 for the resume@appgate.com kex algorithm.
1226 - andreas@cvs.openbsd.org 2009/10/24 11:15:29
1228 client_loop() must detect if the session has been suspended and resumed,
1229 and take appropriate action in that case.
1230 From Martin Forssen, maf at appgate dot com
1231 - andreas@cvs.openbsd.org 2009/10/24 11:19:17
1233 Define the KEX messages used when resuming a suspended connection.
1235 - andreas@cvs.openbsd.org 2009/10/24 11:22:37
1237 Do the actual suspend/resume in the client. This won't be useful until
1238 the server side supports roaming.
1239 Most code from Martin Forssen, maf at appgate dot com. Some changes by
1242 - andreas@cvs.openbsd.org 2009/10/24 11:23:42
1244 Request roaming to be enabled if UseRoaming is true and the server
1247 - reyk@cvs.openbsd.org 2009/10/28 16:38:18
1248 [ssh_config.5 sshd.c misc.h ssh-keyscan.1 readconf.h sshconnect.c
1249 channels.c channels.h servconf.h servconf.c ssh.1 ssh-keyscan.c scp.1
1250 sftp.1 sshd_config.5 readconf.c ssh.c misc.c]
1251 Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.
1253 - jmc@cvs.openbsd.org 2009/10/28 21:45:08
1254 [sshd_config.5 sftp.1]
1256 - djm@cvs.openbsd.org 2009/11/10 02:56:22
1258 explain the constraints on LocalCommand some more so people don't
1260 - djm@cvs.openbsd.org 2009/11/10 02:58:56
1262 clarify that StrictModes does not apply to ChrootDirectory. Permissions
1263 and ownership are always checked when chrooting. bz#1532
1264 - dtucker@cvs.openbsd.org 2009/11/10 04:30:45
1265 [sshconnect2.c channels.c sshconnect.c]
1266 Set close-on-exec on various descriptors so they don't get leaked to
1267 child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
1268 - markus@cvs.openbsd.org 2009/11/11 21:37:03
1269 [channels.c channels.h]
1270 fix race condition in x11/agent channel allocation: don't read after
1271 the end of the select read/write fdset and make sure a reused FD
1272 is not touched before the pre-handlers are called.
1274 - djm@cvs.openbsd.org 2009/11/17 05:31:44
1276 fix incorrect exit status when multiplexing and channel ID 0 is recycled
1277 bz#1570 reported by peter.oliver AT eon-is.co.uk; ok dtucker
1278 - djm@cvs.openbsd.org 2009/11/19 23:39:50
1280 bz#1606: error when an attempt is made to connect to a server
1281 with ForceCommand=internal-sftp with a shell session (i.e. not a
1282 subsystem session). Avoids stuck client when attempting to ssh to such a
1283 service. ok dtucker@
1284 - dtucker@cvs.openbsd.org 2009/11/20 00:15:41
1286 Warn but do not fail if stat()ing the subsystem binary fails. This helps
1287 with chrootdirectory+forcecommand=sftp-server and restricted shells.
1289 - djm@cvs.openbsd.org 2009/11/20 00:54:01
1291 bz#1588 change "Connecting to host..." message to "Connected to host."
1292 and delay it until after the sftp protocol connection has been established.
1293 Avoids confusing sequence of messages when the underlying ssh connection
1294 experiences problems. ok dtucker@
1295 - dtucker@cvs.openbsd.org 2009/11/20 00:59:36
1297 Use the HostKeyAlias when prompting for passwords. bz#1039, ok djm@
1298 - djm@cvs.openbsd.org 2009/11/20 03:24:07
1300 correct off-by-one in percent_expand(): we would fatal() when trying
1301 to expand EXPAND_MAX_KEYS, allowing only EXPAND_MAX_KEYS-1 to actually
1302 work. Note that nothing in OpenSSH actually uses close to this limit at
1303 present. bz#1607 from Jan.Pechanec AT Sun.COM
1304 - halex@cvs.openbsd.org 2009/11/22 13:18:00
1306 make passing of zero-length arguments to ssh safe by
1307 passing "-<switch>" "<value>" rather than "-<switch><value>"
1308 ok dtucker@, guenther@, djm@
1309 - dtucker@cvs.openbsd.org 2009/12/06 23:41:15
1311 zap unused variable and strlen; from Steve McClellan, ok djm
1312 - djm@cvs.openbsd.org 2009/12/06 23:53:45
1314 use socklen_t for getsockopt optlen parameter; reported by
1315 Steve.McClellan AT radisys.com, ok dtucker@
1316 - dtucker@cvs.openbsd.org 2009/12/06 23:53:54
1318 fix potential divide-by-zero in sftp's "df" output when talking to a server
1319 that reports zero files on the filesystem (Unix filesystems always have at
1320 least the root inode). From Steve McClellan at radisys, ok djm@
1321 - markus@cvs.openbsd.org 2009/12/11 18:16:33
1323 switch from 35 to the more common value of RSA_F4 == (2**16)+1 == 65537
1324 for the RSA public exponent; discussed with provos; ok djm@
1325 - guenther@cvs.openbsd.org 2009/12/20 07:28:36
1326 [ssh.c sftp.c scp.c]
1327 When passing user-controlled options with arguments to other programs,
1328 pass the option and option argument as separate argv entries and
1329 not smashed into one (e.g., as -l foo and not -lfoo). Also, always
1330 pass a "--" argument to stop option parsing, so that a positional
1331 argument that starts with a '-' isn't treated as an option. This
1332 fixes some error cases as well as the handling of hostnames and
1333 filenames that start with a '-'.
1334 Based on a diff by halex@
1335 ok halex@ djm@ deraadt@
1336 - djm@cvs.openbsd.org 2009/12/20 23:20:40
1338 fix an incorrect magic number and typo in PROTOCOL; bz#1688
1339 report and fix from ueno AT unixuser.org
1340 - stevesk@cvs.openbsd.org 2009/12/25 19:40:21
1341 [readconf.c servconf.c misc.h ssh-keyscan.c misc.c]
1342 validate routing domain is in range 0-RT_TABLEID_MAX.
1343 'Looks right' deraadt@
1344 - stevesk@cvs.openbsd.org 2009/12/29 16:38:41
1345 [sshd_config.5 readconf.c ssh_config.5 scp.1 servconf.c sftp.1 ssh.1]
1346 Rename RDomain config option to RoutingDomain to be more clear and
1347 consistent with other options.
1348 NOTE: if you currently use RDomain in the ssh client or server config,
1349 or ssh/sshd -o, you must update to use RoutingDomain.
1351 - jmc@cvs.openbsd.org 2009/12/29 18:03:32
1352 [sshd_config.5 ssh_config.5]
1354 - dtucker@cvs.openbsd.org 2010/01/04 01:45:30
1356 Don't escape backslashes in the SSH2 banner. bz#1533, patch from
1357 Michal Gorny via Gentoo.
1358 - djm@cvs.openbsd.org 2010/01/04 02:03:57
1360 Implement tab-completion of commands, local and remote filenames for sftp.
1361 Hacked on and off for some time by myself, mouring, Carlos Silva (via 2009
1362 Google Summer of Code) and polished to a fine sheen by myself again.
1363 It should deal more-or-less correctly with the ikky corner-cases presented
1364 by quoted filenames, but the UI could still be slightly improved.
1365 In particular, it is quite slow for remote completion on large directories.
1367 - djm@cvs.openbsd.org 2010/01/04 02:25:15
1369 bz#1566 don't unnecessarily dup() in and out fds for sftp-server;
1371 - dtucker@cvs.openbsd.org 2010/01/08 21:50:49
1373 Fix two warnings: possibly used unitialized and use a nul byte instead of
1374 NULL pointer. ok djm@
1375 - (dtucker) [Makefile.in added roaming_client.c roaming_serv.c] Import new
1376 files for roaming and add to Makefile.
1377 - (dtucker) [Makefile.in] .c files do not belong in the OBJ lines.
1378 - (dtucker) [sftp.c] ifdef out the sftp completion bits for platforms that
1380 - (dtucker) [configure.ac misc.c readconf.c servconf.c ssh-keyscan.c] Make
1381 RoutingDomain an unsupported option on platforms that don't have it.
1382 - (dtucker) [sftp.c] Expand ifdef for libedit to cover complete_is_remote
1384 - (dtucker) [misc.c] Move the routingdomain ifdef to allow the socket to
1386 - (dtucker] [misc.c] Shrink the area covered by USE_ROUTINGDOMAIN more
1387 to eliminate an unused variable warning.
1388 - (dtucker) [roaming_serv.c] Include includes.h for u_intXX_t types.
1391 - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
1392 Gzip all man pages. Patch from Corinna Vinschen.
1395 - (dtucker) [auth-krb5.c platform.{c,h} openbsd-compat/port-aix.{c,h}]
1396 Bug #1583: Use system's kerberos principal name on AIX if it's available.
1397 Based on a patch from and tested by Miguel Sanders
1400 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,
1401 based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
1404 - (dtucker) Bug #1160: use pkg-config for opensc config if it's available.
1405 Tested by Martin Paljak.
1406 - (dtucker) Bug #1677: add conditionals around the source for ssh-askpass.
1409 - (tim) [opensshd.init.in] If PidFile is set in sshd_config, use it.
1410 Bug 1628. OK dtucker@
1413 - (djm) [ssh-rand-helper.c] Print error and usage() when passed command-
1414 line arguments as none are supported. Exit when passed unrecognised
1415 commandline flags. bz#1568 from gson AT araneus.fi
1418 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
1419 set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
1420 setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
1421 bz#1648, report and fix from jan.kratochvil AT redhat.com
1422 - (djm) [contrib/gnome-ssh-askpass2.c] Make askpass dialog desktop-modal.
1423 bz#1645, patch from jchadima AT redhat.com
1426 - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
1427 keys when built with OpenSSL versions that don't do AES.
1430 - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
1431 older versions of OpenSSL.
1434 - (dtucker) OpenBSD CVS Sync
1435 - djm@cvs.openbsd.org 2009/10/11 23:03:15
1437 mention the host name that we are looking for in check_host_in_hostfile()
1438 - sobrado@cvs.openbsd.org 2009/10/17 12:10:39
1441 - sobrado@cvs.openbsd.org 2009/10/22 12:35:53
1442 [ssh.1 ssh-agent.1 ssh-add.1]
1443 use the UNIX-related macros (.At and .Ux) where appropriate.
1445 - sobrado@cvs.openbsd.org 2009/10/22 15:02:12
1446 [ssh-agent.1 ssh-add.1 ssh.1]
1447 write UNIX-domain in a more consistent way; while here, replace a
1448 few remaining ".Tn UNIX" macros with ".Ux" ones.
1449 pointed out by ratchov@, thanks!
1451 - djm@cvs.openbsd.org 2009/10/22 22:26:13
1453 switch from 3DES to AES-128 for encryption of passphrase-protected
1454 SSH protocol 2 private keys; ok several
1455 - djm@cvs.openbsd.org 2009/10/23 01:57:11
1457 disallow a hostile server from checking jpake auth by sending an
1458 out-of-sequence success message. (doesn't affect code enabled by default)
1459 - dtucker@cvs.openbsd.org 2009/10/24 00:48:34
1461 ssh-keygen now uses AES-128 for private keys
1462 - (dtucker) [mdoc2man.awk] Teach it to understand the .Ux macro.
1463 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux
1464 is enabled set the security context to "sftpd_t" before running the
1465 internal sftp server Based on a patch from jchadima at redhat.
1468 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
1469 dirent d_type and DTTOIF as we've switched OpenBSD to the more portable
1471 - (dtucker) OpenBSD CVS Sync
1472 - markus@cvs.openbsd.org 2009/10/08 14:03:41
1473 [sshd_config readconf.c ssh_config.5 servconf.c sshd_config.5]
1474 disable protocol 1 by default (after a transition period of about 10 years)
1476 - jmc@cvs.openbsd.org 2009/10/08 20:42:12
1477 [sshd_config.5 ssh_config.5 sshd.8 ssh.1]
1478 some tweaks now that protocol 1 is not offered by default; ok markus
1479 - dtucker@cvs.openbsd.org 2009/10/11 10:41:26
1481 d_type isn't portable so use lstat to get dirent modes. Suggested by and
1482 "looks sane" deraadt@
1483 - markus@cvs.openbsd.org 2009/10/08 18:04:27
1484 [regress/test-exec.sh]
1485 re-enable protocol v1 for the tests.
1488 - (dtucker) OpenBSD CVS Sync
1489 - djm@cvs.openbsd.org 2009/08/12 00:13:00
1491 support most of scp(1)'s commandline arguments in sftp(1), as a first
1492 step towards making sftp(1) a drop-in replacement for scp(1).
1493 One conflicting option (-P) has not been changed, pending further
1495 Patch from carlosvsilvapt@gmail.com as part of his work in the
1496 Google Summer of Code
1497 - jmc@cvs.openbsd.org 2009/08/12 06:31:42
1500 - djm@cvs.openbsd.org 2009/08/13 01:11:19
1502 Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
1503 add "-P port" to match scp(1). Fortunately, the -P option is only really
1504 used by our regression scripts.
1505 part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
1506 of Code work; ok deraadt markus
1507 - jmc@cvs.openbsd.org 2009/08/13 13:39:54
1509 sync synopsis and usage();
1510 - djm@cvs.openbsd.org 2009/08/14 18:17:49
1512 make the "get_handle: ..." error messages vaguely useful by allowing
1513 callers to specify their own error message strings.
1514 - fgsch@cvs.openbsd.org 2009/08/15 18:56:34
1516 remove unused define. markus@ ok.
1517 (Id sync only, Portable still uses this.)
1518 - dtucker@cvs.openbsd.org 2009/08/16 23:29:26
1520 Add PubkeyAuthentication to the list allowed in a Match block (bz #1577)
1521 - djm@cvs.openbsd.org 2009/08/18 18:36:21
1522 [sftp-client.h sftp.1 sftp-client.c sftp.c]
1523 recursive transfer support for get/put and on the commandline
1524 work mostly by carlosvsilvapt@gmail.com for the Google Summer of Code
1525 with some tweaks by me; "go for it" deraadt@
1526 - djm@cvs.openbsd.org 2009/08/18 21:15:59
1528 fix "get" command usage, spotted by jmc@
1529 - jmc@cvs.openbsd.org 2009/08/19 04:56:03
1532 - dtucker@cvs.openbsd.org 2009/08/20 23:54:28
1534 subsystem_flag is defined in ssh.c so it's extern; ok djm
1535 - djm@cvs.openbsd.org 2009/08/27 17:28:52
1537 allow setting an explicit umask on the commandline to override whatever
1538 default the user has. bz#1229; ok dtucker@ deraadt@ markus@
1539 - djm@cvs.openbsd.org 2009/08/27 17:33:49
1541 force use of correct hash function for random-art signature display
1542 as it was inheriting the wrong one when bubblebabble signatures were
1543 activated; bz#1611 report and patch from fwojcik+openssh AT besh.com;
1545 - djm@cvs.openbsd.org 2009/08/27 17:43:00
1547 allow setting an explicit umask on the commandline to override whatever
1548 default the user has. bz#1229; ok dtucker@ deraadt@ markus@
1549 - djm@cvs.openbsd.org 2009/08/27 17:44:52
1550 [authfd.c ssh-add.c authfd.h]
1551 Do not fall back to adding keys without contraints (ssh-add -c / -t ...)
1552 when the agent refuses the constrained add request. This was a useful
1553 migration measure back in 2002 when constraints were new, but just
1555 bz #1612, report and patch from dkg AT fifthhorseman.net; ok markus@
1556 - djm@cvs.openbsd.org 2009/08/31 20:56:02
1558 check correct variable for error message, spotted by martynas@
1559 - djm@cvs.openbsd.org 2009/08/31 21:01:29
1561 document -e and -h; prodded by jmc@
1562 - djm@cvs.openbsd.org 2009/09/01 14:43:17
1564 fix a race condition in ssh-agent that could result in a wedged or
1565 spinning agent: don't read off the end of the allocated fd_sets, and
1566 don't issue blocking read/write on agent sockets - just fall back to
1567 select() on retriable read/write errors. bz#1633 reported and tested
1568 by "noodle10000 AT googlemail.com"; ok dtucker@ markus@
1569 - grunk@cvs.openbsd.org 2009/10/01 11:37:33
1573 - djm@cvs.openbsd.org 2009/10/06 04:46:40
1575 bz#1596: fflush(NULL) before exec() to ensure that everying (motd
1576 in particular) has made it out before the streams go away.
1577 - djm@cvs.openbsd.org 2008/12/07 22:17:48
1578 [regress/addrmatch.sh]
1579 match string "passwordauthentication" only at start of line, not anywhere
1581 - dtucker@cvs.openbsd.org 2009/05/05 07:51:36
1582 [regress/multiplex.sh]
1583 Always specify ssh_config for multiplex tests: prevents breakage caused
1584 by options in ~/.ssh/config. From Dan Peterson.
1585 - djm@cvs.openbsd.org 2009/08/13 00:57:17
1587 regression test for port number parsing. written as part of the a2port
1588 change that went into 5.2 but I forgot to commit it at the time...
1589 - djm@cvs.openbsd.org 2009/08/13 01:11:55
1590 [regress/sftp-batch.sh regress/sftp-badcmds.sh regress/sftp.sh
1591 regress/sftp-cmds.sh regres/sftp-glob.sh]
1592 date: 2009/08/13 01:11:19; author: djm; state: Exp; lines: +10 -7
1593 Swizzle options: "-P sftp_server_path" moves to "-D sftp_server_path",
1594 add "-P port" to match scp(1). Fortunately, the -P option is only really
1595 used by our regression scripts.
1596 part of larger patch from carlosvsilvapt@gmail.com for his Google Summer
1597 of Code work; ok deraadt markus
1598 - djm@cvs.openbsd.org 2009/08/20 18:43:07
1599 [regress/ssh-com-sftp.sh]
1600 fix one sftp -D ... => sftp -P ... conversion that I missed; from Carlos
1601 Silva for Google Summer of Code
1602 - dtucker@cvs.openbsd.org 2009/10/06 23:51:49
1603 [regress/ssh2putty.sh]
1604 Add OpenBSD tag to make syncs easier
1605 - (dtucker) [regress/portnum.sh] Import new test.
1606 - (dtucker) [configure.ac sftp-client.c] DTOTIF is in fs/ffs/dir.h on at
1608 - (dtucker) d_type is not mandated by POSIX, so add fallback code using
1609 stat(), needed on at least cygwin.
1612 - (djm) [Makefile.in] Mention readconf.o in ssh-keysign's make deps.
1613 spotted by des AT des.no
1616 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1617 [contrib/suse/openssh.spec] Update for release
1618 - (djm) [README] update relnotes URL
1619 - (djm) [packet.c] Restore EWOULDBLOCK handling that got lost somewhere
1620 - (djm) Release 5.3p1
1623 - (dtucker) [configure.ac] Change the -lresolv check so it works on Mac OS X
1624 10.6 (which doesn't have BIND8_COMPAT and thus uses res_9_query). Patch
1625 from jbasney at ncsa uiuc edu.
1628 - (djm) [serverloop.c] Fix test for server-assigned remote forwarding port
1629 (-R 0:...); bz#1578, spotted and fix by gavin AT emf.net; ok dtucker@
1632 - (dtucker) [configure.ac] Bug #1639: use AC_PATH_PROG to search the path for
1633 krb5-config if it's not in the location specified by --with-kerberos5.
1634 Patch from jchadima at redhat.
1637 - (dtucker) [README.platform] Add text about development packages, based on
1638 text from Chris Pepper in bug #1631.
1641 - dtucker [auth-sia.c] Roll back the change for bug #1241 as it apparently
1642 causes problems in some Tru64 configurations.
1643 - (djm) [sshd_config.5] downgrade mention of login.conf to be an example
1644 and mention PAM as another provider for ChallengeResponseAuthentication;
1645 bz#1408; ok dtucker@
1646 - (djm) [sftp-server.c] bz#1535: accept ENOSYS as a fallback error when
1647 attempting atomic rename(); ok dtucker@
1648 - (djm) [Makefile.in] bz#1505: Solaris make(1) doesn't accept make variables
1649 in argv, so pass them in the environment; ok dtucker@
1650 - (dtucker) [channels.c configure.ac] Bug #1528: skip the tcgetattr call on
1651 the pty master on Solaris, since it never succeeds and can hang if large
1652 amounts of data is sent to the slave (eg a copy-paste). Based on a patch
1653 originally from Doke Scott, ok djm@
1654 - (dtucker) [clientloop.c configure.ac defines.h] Make the client's IO buffer
1655 size a compile-time option and set it to 64k on Cygwin, since Corinna
1656 reports that it makes a significant difference to performance. ok djm@
1657 - (dtucker) [configure.ac] Fix the syntax of the Solaris tcgetattr entry.
1660 - (dtucker) [includes.h] Bug #1634: do not include system glob.h if we're not
1661 using it since the type conflicts can cause problems on FreeBSD. Patch
1663 - (dtucker) [session.c openbsd-compat/port-aix.h] Bugs #1249 and #1567: move
1664 the setpcred call on AIX to immediately before the permanently_set_uid().
1665 Ensures that we still have privileges when we call chroot and
1666 pam_open_sesson. Based on a patch from David Leonard.
1669 - (dtucker) [configure.ac] Check for headers before libraries for openssl an
1670 zlib, which should make the errors slightly more meaningful on platforms
1671 where there's separate "-devel" packages for those.
1672 - (dtucker) [sshlogin.c openbsd-compat/port-aix.{c,h}] Bug #1595: make
1673 PrintLastLog work on AIX. Based in part on a patch from Miguel Sanders.
1676 - (tim) [contrib/cygwin/ssh-user-config] Change script to call correct error
1677 function. Patch from Corinna Vinschen.
1680 - (dtucker) [openbsd-compat/getrrsetbyname.c] Reduce answer buffer size so it
1681 fits into 16 bits to work around a bug in glibc's resolver where it masks
1682 off the buffer size at 16 bits. Patch from Hauke Lampe, ok djm jakob.
1685 - (dtucker) [configure.ac] Include sys/param.h for the sys/mount.h test,
1686 prevents configure complaining on older BSDs.
1687 - (dtucker [contrib/cygwin/ssh-{host,user}-config] Add license text. Patch
1688 from Corinna Vinschen.
1689 - (dtucker) [auth-pam.c] Bug #1534: move the deletion of PAM credentials on
1690 logout to after the session close. Patch from Anicka Bernathova,
1691 originally from Andreas Schwab via Novelll ok djm.
1694 - (dtucker) [contrib/cygwin/ssh-host-config] better support for automated
1695 scripts and fix usage of eval. Patch from Corinna Vinschen.
1698 - (dtucker) OpenBSD CVS Sync
1699 - andreas@cvs.openbsd.org 2009/06/27 09:29:06
1701 packet_bacup_state() and packet_restore_state() will be used to
1702 temporarily save the current state ren resuming a suspended connection.
1704 - andreas@cvs.openbsd.org 2009/06/27 09:32:43
1705 [roaming_common.c roaming.h]
1706 It may be necessary to retransmit some data when resuming, so add it
1707 to a buffer when roaming is enabled.
1708 Most of this code was written by Martin Forssen, maf at appgate dot com.
1710 - andreas@cvs.openbsd.org 2009/06/27 09:35:06
1711 [readconf.h readconf.c]
1712 Add client option UseRoaming. It doesn't do anything yet but will
1713 control whether the client tries to use roaming if enabled on the
1714 server. From Martin Forssen.
1716 - markus@cvs.openbsd.org 2009/06/30 14:54:40
1718 crank version; ok deraadt
1719 - dtucker@cvs.openbsd.org 2009/07/02 02:11:47
1721 allow for long home dir paths (bz #1615). ok deraadt
1722 (based in part on a patch from jchadima at redhat)
1723 - stevesk@cvs.openbsd.org 2009/07/05 19:28:33
1725 only send SSH2_MSG_DISCONNECT if we're in compat20; from dtucker@
1729 - (dtucker) OpenBSD CVS Sync
1730 - dtucker@cvs.openbsd.org 2009/06/22 05:39:28
1731 [monitor_wrap.c monitor_mm.c ssh-keygen.c auth2.c gss-genr.c sftp-client.c]
1732 alphabetize includes; reduces diff vs portable and style(9).
1734 (Id sync only; these were already in order in -portable)
1737 - (dtucker) OpenBSD CVS Sync
1738 - markus@cvs.openbsd.org 2009/03/17 21:37:00
1740 pass correct argv[0] to openlog(); ok djm@
1741 - jmc@cvs.openbsd.org 2009/03/19 15:15:09
1743 for "Ciphers", just point the reader to the keyword in ssh_config(5), just
1744 as we do for "MACs": this stops us getting out of sync when the lists
1746 fixes documentation/6102, submitted by Peter J. Philipp
1747 alternative fix proposed by djm
1749 - tobias@cvs.openbsd.org 2009/03/23 08:31:19
1751 Fixed a possible out-of-bounds memory access if the environment variable
1752 SHELL is shorter than 3 characters.
1753 with input by and ok dtucker
1754 - tobias@cvs.openbsd.org 2009/03/23 19:38:04
1756 My previous commit didn't fix the problem at all, so stick at my first
1757 version of the fix presented to dtucker.
1758 Issue notified by Matthias Barkhoff (matthias dot barkhoff at gmx dot de).
1760 - sobrado@cvs.openbsd.org 2009/03/26 08:38:39
1761 [sftp-server.8 sshd.8 ssh-agent.1]
1762 fix a few typographical errors found by spell(1).
1764 - stevesk@cvs.openbsd.org 2009/04/13 19:07:44
1766 fix possessive; ok djm@
1767 - stevesk@cvs.openbsd.org 2009/04/14 16:33:42
1769 remove unused option character from getopt() optstring; ok markus@
1770 - jj@cvs.openbsd.org 2009/04/14 21:10:54
1772 Fixed a few the-the misspellings in comments. Skipped a bunch in
1773 binutils,gcc and so on. ok jmc@
1774 - stevesk@cvs.openbsd.org 2009/04/17 19:23:06
1776 use INTERNAL_SFTP_NAME for setproctitle() of in-process sftp-server;
1778 - stevesk@cvs.openbsd.org 2009/04/17 19:40:17
1780 clarify that even internal-sftp needs /dev/log for logging to work; ok
1782 - jmc@cvs.openbsd.org 2009/04/18 18:39:10
1784 tweak previous; ok stevesk
1785 - stevesk@cvs.openbsd.org 2009/04/21 15:13:17
1787 clarify we cd to user's home after chroot; ok markus@ on
1788 earlier version; tweaks and ok jmc@
1789 - andreas@cvs.openbsd.org 2009/05/25 06:48:01
1790 [channels.c packet.c clientloop.c packet.h serverloop.c monitor_wrap.c
1792 Put the globals in packet.c into a struct and don't access it directly
1793 from other files. No functional changes.
1795 - andreas@cvs.openbsd.org 2009/05/27 06:31:25
1796 [canohost.h canohost.c]
1797 Add clear_cached_addr(), needed for upcoming changes allowing the peer
1800 - andreas@cvs.openbsd.org 2009/05/27 06:33:39
1802 Send SSH2_MSG_DISCONNECT when the client disconnects. From a larger
1803 change from Martin Forssen, maf at appgate dot com.
1805 - andreas@cvs.openbsd.org 2009/05/27 06:34:36
1807 Move the KEX_COOKIE_LEN define to kex.h
1809 - andreas@cvs.openbsd.org 2009/05/27 06:36:07
1811 Add packet_put_int64() and packet_get_int64(), part of a larger change
1812 from Martin Forssen.
1814 - andreas@cvs.openbsd.org 2009/05/27 06:38:16
1815 [sshconnect.h sshconnect.c]
1816 Un-static ssh_exchange_identification(), part of a larger change from
1817 Martin Forssen and needed for upcoming changes.
1819 - andreas@cvs.openbsd.org 2009/05/28 16:50:16
1820 [sshd.c packet.c serverloop.c monitor_wrap.c clientloop.c sshconnect.c
1821 monitor.c Added roaming.h roaming_common.c roaming_dummy.c]
1822 Keep track of number of bytes read and written. Needed for upcoming
1823 changes. Most code from Martin Forssen, maf at appgate dot com.
1825 Also, applied appropriate changes to Makefile.in
1826 - andreas@cvs.openbsd.org 2009/06/12 20:43:22
1827 [monitor.c packet.c]
1828 Fix warnings found by chl@ and djm@ and change roaming_atomicio's
1829 return type to match atomicio's
1830 Diff from djm@, ok markus@
1831 - andreas@cvs.openbsd.org 2009/06/12 20:58:32
1833 Move some more statics into session_state
1835 - dtucker@cvs.openbsd.org 2009/06/21 07:37:15
1836 [kexdhs.c kexgexs.c]
1837 abort if key_sign fails, preventing possible null deref. Based on report
1838 from Paolo Ganci, ok markus@ djm@
1839 - dtucker@cvs.openbsd.org 2009/06/21 09:04:03
1840 [roaming.h roaming_common.c roaming_dummy.c]
1841 Add tags for the benefit of the sync scripts
1842 Also: pull in the changes for 1.1->1.2 missed in the previous sync.
1843 - (dtucker) [auth2-jpake.c auth2.c canohost.h session.c] Whitespace and
1844 header-order changes to reduce diff vs OpenBSD.
1845 - (dtucker) [servconf.c sshd.c] More whitespace sync.
1846 - (dtucker) [roaming_common.c roaming_dummy.c] Wrap #include <inttypes.h> in
1850 - (dtucker) [configure.ac defines.h] Bug #1607: handle the case where fsid_t
1851 is a struct with a __val member. Fixes build on, eg, Redhat 6.2.
1854 - (dtucker) [sshlogin.c] Move the NO_SSH_LASTLOG #ifndef line to include
1855 variable declarations. Should prevent unused warnings anywhere it's set
1856 (only Crays as far as I can tell) and be a no-op everywhere else.
1859 - (tim) [configure.ac] Remove setting IP_TOS_IS_BROKEN for Cygwin. The problem
1860 that setsockopt(IP_TOS) doesn't work on Cygwin has been fixed since 2005.
1861 Based on patch from vinschen at redhat com.
1864 - (dtucker) [auth-passwd.c auth1.c auth2-kbdint.c auth2-none.c auth2-passwd.c
1865 auth2-pubkey.c session.c openbsd-compat/bsd-cygwin_util.{c,h}
1866 openbsd-compat/daemon.c] Remove support for Windows 95/98/ME and very old
1867 version of Cygwin. Patch from vinschen at redhat com.
1870 - (dtucker) [contrib/aix/buildbff.sh] Only try to rename ssh_prng_cmds if it
1871 exists (it's not created if OpenSSL's PRNG is self-seeded, eg if the OS
1873 - (dtucker) [schnorr.c openbsd-compat/openssl-compat.{c,h}] Add
1874 EVP_DigestUpdate to the OLD_EVP compatibility functions and tell schnorr.c
1875 to use them. Allows building with older OpenSSL versions.
1876 - (dtucker) [configure.ac defines.h] Check for in_port_t and typedef if needed.
1877 - (dtucker) [configure.ac] Missing comma in type list.
1878 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]
1879 EVP_DigestUpdate does not exactly match the other OLD_EVP functions (eg
1880 in openssl 0.9.6) so add an explicit test for it.
1883 - (djm) OpenBSD CVS Sync
1884 - djm@cvs.openbsd.org 2009/03/05 07:18:19
1885 [auth2-jpake.c jpake.c jpake.h monitor_wrap.c monitor_wrap.h schnorr.c]
1887 refactor the (disabled) Schnorr proof code to make it a little more
1889 - djm@cvs.openbsd.org 2009/03/05 11:30:50
1891 document what these functions do so I don't ever have to recuse into
1892 b64_pton/ntop to remember their return values
1895 - (djm) OpenBSD CVS Sync
1896 - djm@cvs.openbsd.org 2009/02/22 23:50:57
1897 [ssh_config.5 sshd_config.5]
1898 don't advertise experimental options
1899 - djm@cvs.openbsd.org 2009/02/22 23:59:25
1902 - djm@cvs.openbsd.org 2009/02/23 00:06:15
1905 - (djm) [README] update for 5.2
1906 - (djm) Release openssh-5.2p1
1909 - (djm) OpenBSD CVS Sync
1910 - tobias@cvs.openbsd.org 2009/02/21 19:32:04
1911 [misc.c sftp-server-main.c ssh-keygen.c]
1912 Added missing newlines in error messages.
1916 - (djm) OpenBSD CVS Sync
1917 - djm@cvs.openbsd.org 2009/02/17 01:28:32
1919 sync with revised default ciphers; pointed out by dkrause@
1920 - djm@cvs.openbsd.org 2009/02/18 04:31:21
1922 signature should hash over the entire group, not just the generator
1923 (this is still disabled code)
1924 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1925 [contrib/suse/openssh.spec] Prepare for 5.2p1
1928 - (djm) [regress/conch-ciphers.sh regress/putty-ciphers.sh]
1929 [regress/putty-kex.sh regress/putty-transfer.sh] Downgrade disabled
1930 interop tests from FATAL error to a warning. Allows some interop
1931 tests to proceed if others are missing necessary prerequisites.
1932 - (djm) [configure.ac] support GNU/kFreeBSD and GNU/kOpensolaris
1933 systems; patch from Aurelien Jarno via rmh AT aybabtu.com
1936 - (djm) OpenBSD CVS Sync
1937 - dtucker@cvs.openbsd.org 2009/02/02 11:15:14
1939 Initialize a few variables to prevent spurious "may be used
1940 uninitialized" warnings from newer gcc's. ok djm@
1941 - djm@cvs.openbsd.org 2009/02/12 03:00:56
1942 [canohost.c canohost.h channels.c channels.h clientloop.c readconf.c]
1943 [readconf.h serverloop.c ssh.c]
1944 support remote port forwarding with a zero listen port (-R0:...) to
1945 dyamically allocate a listen port at runtime (this is actually
1946 specified in rfc4254); bz#1003 ok markus@
1947 - djm@cvs.openbsd.org 2009/02/12 03:16:01
1949 tighten check for -R0:... forwarding: only allow dynamic allocation
1950 if want_reply is set in the packet
1951 - djm@cvs.openbsd.org 2009/02/12 03:26:22
1953 some paranoia: check that the serialised key is really KEY_RSA before
1954 diddling its internals
1955 - djm@cvs.openbsd.org 2009/02/12 03:42:09
1957 document -R0:... usage
1958 - djm@cvs.openbsd.org 2009/02/12 03:44:25
1960 consistency: Dq => Ql
1961 - djm@cvs.openbsd.org 2009/02/12 03:46:17
1963 document RemoteForward usage with 0 listen port
1964 - jmc@cvs.openbsd.org 2009/02/12 07:34:20
1966 kill trailing whitespace;
1967 - markus@cvs.openbsd.org 2009/02/13 11:50:21
1969 check for enc !=NULL in packet_start_discard
1970 - djm@cvs.openbsd.org 2009/02/14 06:35:49
1972 mention that eow and no-more-sessions extensions are sent only to
1976 - (djm) [sshpty.c] bz#1419: OSX uses cloning ptys that automagically
1977 set ownership and modes, so avoid explicitly setting them
1978 - (djm) [configure.ac loginrec.c] bz#1421: fix lastlog support for OSX.
1979 OSX provides a getlastlogxbyname function that automates the reading of
1980 a lastlog file. Also, the pututxline function will update lastlog so
1981 there is no need for loginrec.c to do it explicitly. Collapse some
1982 overly verbose code while I'm in there.
1985 - (dtucker) [defines.h sshconnect.c] INET6_ADDRSTRLEN is now needed in
1986 channels.c too, so move the definition for non-IP6 platforms to defines.h
1987 where it can be shared.
1990 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
1991 If the CYGWIN environment variable is empty, the installer script
1992 should not install the service with an empty CYGWIN variable, but
1993 rather without setting CYGWNI entirely.
1994 - (tim) [contrib/cygwin/ssh-host-config] Whitespace cleanup. No code changes.
1997 - (tim) [contrib/cygwin/ssh-host-config] Patch from Corinna Vinschen.
1998 Changes to work on Cygwin 1.5.x as well as on the new Cygwin 1.7.x.
1999 The information given for the setting of the CYGWIN environment variable
2000 is wrong for both releases so I just removed it, together with the
2001 unnecessary (Cygwin 1.5.x) or wrong (Cygwin 1.7.x) default setting.
2004 - (djm) OpenBSD CVS Sync
2005 - stevesk@cvs.openbsd.org 2008/12/09 03:20:42
2006 [channels.c servconf.c]
2007 channel_print_adm_permitted_opens() should deal with all the printing
2008 for that config option. suggested by markus@; ok markus@ djm@
2010 - djm@cvs.openbsd.org 2008/12/09 04:32:22
2012 replace by-hand string building with xasprinf(); ok deraadt@
2013 - sobrado@cvs.openbsd.org 2008/12/09 15:35:00
2015 update for the synopses displayed by the 'help' command, there are a
2016 few missing flags; add 'bye' to the output of 'help'; sorting and spacing.
2017 jmc@ suggested replacing .Oo/.Oc with a single .Op macro.
2019 - stevesk@cvs.openbsd.org 2008/12/09 22:37:33
2021 fix typo in error message
2022 - stevesk@cvs.openbsd.org 2008/12/10 03:55:20
2024 o cannot be NULL here but use xfree() to be consistent; ok djm@
2025 - stevesk@cvs.openbsd.org 2008/12/29 01:12:36
2027 fix example, default key type is rsa for 3+ years; from
2028 frederic.perrin@resel.fr
2029 - stevesk@cvs.openbsd.org 2008/12/29 02:23:26
2031 no need to escape single quotes in comments
2032 - okan@cvs.openbsd.org 2008/12/30 00:46:56
2034 add AllowAgentForwarding to available Match keywords list
2036 - djm@cvs.openbsd.org 2009/01/01 21:14:35
2038 call channel destroy callbacks on receipt of open failure messages.
2039 fixes client hangs when connecting to a server that has MaxSessions=0
2040 set spotted by imorgan AT nas.nasa.gov; ok markus@
2041 - djm@cvs.openbsd.org 2009/01/01 21:17:36
2043 fix hash calculation for KEXGEX: hash over the original client-supplied
2044 values and not the sanity checked versions that we acutally use;
2045 bz#1540 reported by john.smith AT arrows.demon.co.uk
2047 - djm@cvs.openbsd.org 2009/01/14 01:38:06
2049 support SOCKS4A protocol, from dwmw2 AT infradead.org via bz#1482;
2051 - stevesk@cvs.openbsd.org 2009/01/15 17:38:43
2053 1) use obsolete instead of alias for consistency
2054 2) oUserKnownHostsFile not obsolete but oGlobalKnownHostsFile2 is
2055 so move the comment.
2056 3) reorder so like options are together
2058 - djm@cvs.openbsd.org 2009/01/22 09:46:01
2059 [channels.c channels.h session.c]
2060 make Channel->path an allocated string, saving a few bytes here and
2061 there and fixing bz#1380 in the process; ok markus@
2062 - djm@cvs.openbsd.org 2009/01/22 09:49:57
2064 oops! I committed the wrong version of the Channel->path diff,
2065 it was missing some tweaks suggested by stevesk@
2066 - djm@cvs.openbsd.org 2009/01/22 10:02:34
2067 [clientloop.c misc.c readconf.c readconf.h servconf.c servconf.h]
2068 [serverloop.c ssh-keyscan.c ssh.c sshd.c]
2069 make a2port() return -1 when it encounters an invalid port number
2070 rather than 0, which it will now treat as valid (needed for future work)
2071 adjust current consumers of a2port() to check its return value is <= 0,
2072 which in turn required some things to be converted from u_short => int
2073 make use of int vs. u_short consistent in some other places too
2074 feedback & ok markus@
2075 - djm@cvs.openbsd.org 2009/01/22 10:09:16
2077 another chunk of a2port() diff that got away. wtfdjm??
2078 - djm@cvs.openbsd.org 2009/01/23 07:58:11
2080 prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC
2082 - naddy@cvs.openbsd.org 2009/01/24 17:10:22
2083 [ssh_config.5 sshd_config.5]
2084 sync list of preferred ciphers; ok djm@
2085 - markus@cvs.openbsd.org 2009/01/26 09:58:15
2086 [cipher.c cipher.h packet.c]
2087 Work around the CPNI-957037 Plaintext Recovery Attack by always
2088 reading 256K of data on packet size or HMAC errors (in CBC mode only).
2089 Help, feedback and ok djm@
2090 Feedback from Martin Albrecht and Paterson Kenny
2093 - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.
2094 Patch based on one from vgiffin AT apple.com; ok dtucker@
2095 - (djm) [channels.c] bz#1419: support "on demand" X11 forwarding via
2096 launchd on OS X; patch from vgiffin AT apple.com, slightly tweaked;
2098 - (djm) [contrib/ssh-copy-id.1 contrib/ssh-copy-id] bz#1492: Make
2099 ssh-copy-id copy id_rsa.pub by default (instead of the legacy "identity"
2100 key). Patch from cjwatson AT debian.org
2103 - (tim) [configure.ac defines.h openbsd-compat/port-uw.c
2104 openbsd-compat/xcrypt.c] Add SECUREWARE support to OpenServer 6 SVR5 ABI.
2106 - (tim) [configure.ac] Move check_for_libcrypt_later=1 in *-*-sysv5*) section.
2107 OpenServer 6 doesn't need libcrypt.
2110 - (djm) OpenBSD CVS Sync
2111 - djm@cvs.openbsd.org 2008/12/09 02:38:18
2113 The ~C escape handler does not work correctly for multiplexed sessions -
2114 it opens a commandline on the master session, instead of on the slave
2115 that requested it. Disable it on slave sessions until such time as it
2116 is fixed; bz#1543 report from Adrian Bridgett via Colin Watson
2118 - djm@cvs.openbsd.org 2008/12/09 02:39:59
2120 Deal correctly with failures in remote stat() operation in sftp,
2121 correcting fail-on-error behaviour in batchmode. bz#1541 report and
2122 fix from anedvedicky AT gmail.com; ok markus@
2123 - djm@cvs.openbsd.org 2008/12/09 02:58:16
2125 don't leave junk (free'd) pointers around in Forward *fwd argument on
2126 failure; avoids double-free in ~C -L handler when given an invalid
2127 forwarding specification; bz#1539 report from adejong AT debian.org
2128 via Colin Watson; ok markus@ dtucker@
2129 - djm@cvs.openbsd.org 2008/12/09 03:02:37
2131 correct sftp(1) and corresponding usage syntax;
2132 bz#1518 patch from imorgan AT nas.nasa.gov; ok deraadt@ improved diff jmc@
2135 - (djm) [configure.ac] bz#1538: better test for ProPolice/SSP: actually
2136 use some stack in main().
2137 Report and suggested fix from vapier AT gentoo.org
2138 - (djm) OpenBSD CVS Sync
2139 - markus@cvs.openbsd.org 2008/12/02 19:01:07
2141 we have to use the recipient's channel number (RFC 4254) for
2142 SSH2_MSG_CHANNEL_SUCCESS/SSH2_MSG_CHANNEL_FAILURE messages,
2143 otherwise we trigger 'Non-public channel' error messages on sshd
2144 systems with clientkeepalive enabled; noticed by sturm; ok djm;
2145 - markus@cvs.openbsd.org 2008/12/02 19:08:59
2147 backout 1.149, since it's not necessary and openssh clients send
2148 broken CHANNEL_FAILURE/SUCCESS messages since about 2004; ok djm@
2149 - markus@cvs.openbsd.org 2008/12/02 19:09:38
2151 s/remote_id/id/ to be more consistent with other code; ok djm@
2154 - (dtucker) [contrib/cygwin/{Makefile,ssh-host-config}] Add new doc files
2155 and tweak the is-sshd-running check in ssh-host-config. Patch from
2156 vinschen at redhat com.
2157 - (dtucker) OpenBSD CVS Sync
2158 - markus@cvs.openbsd.org 2008/11/21 15:47:38
2160 packet_disconnect() on padding error, too. should reduce the success
2161 probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18
2163 - dtucker@cvs.openbsd.org 2008/11/30 11:59:26
2165 Retry sendmsg/recvmsg on EAGAIN and EINTR; ok djm@
2168 - (dtucker) [monitor_fdpass.c] Reduce diff vs OpenBSD by moving some
2169 declarations, removing an unnecessary union member and adding whitespace.
2170 cmsgbuf.tmp thing spotted by des at des no, ok djm some time ago.
2173 - (tim) [addrmatch.c configure.ac] Some platforms do not have sin6_scope_id
2174 member of sockaddr_in6. Also reported in Bug 1491 by David Leonard. OK and
2178 - (dtucker) OpenBSD CVS Sync
2179 - jmc@cvs.openbsd.org 2008/11/05 11:22:54
2181 passord -> password;
2182 fixes user/5975 from Rene Maroufi
2183 - stevesk@cvs.openbsd.org 2008/11/07 00:42:12
2185 spelling/typo in comment
2186 - stevesk@cvs.openbsd.org 2008/11/07 18:50:18
2188 add space to some log/debug messages for readability; ok djm@ markus@
2189 - dtucker@cvs.openbsd.org 2008/11/07 23:34:48
2191 Move JPAKE define to make life easier for portable. ok djm@
2192 - tobias@cvs.openbsd.org 2008/11/09 12:34:47
2194 typo fixed (overriden -> overridden)
2196 - stevesk@cvs.openbsd.org 2008/11/11 02:58:09
2198 USE_AFS not referenced so remove #ifdef. fixes sshd -T not printing
2199 kerberosgetafstoken. ok dtucker@
2200 (Id sync only, we still want the ifdef in portable)
2201 - stevesk@cvs.openbsd.org 2008/11/11 03:55:11
2203 for sshd -T print 'permitopen any' vs. 'permitopen' for case of no
2204 permitopen's; ok and input dtucker@
2205 - djm@cvs.openbsd.org 2008/11/10 02:06:35
2206 [regress/putty-ciphers.sh]
2207 PuTTY supports AES CTR modes, so interop test against them too
2211 - djm@cvs.openbsd.org 2008/11/03 08:59:41
2213 include MaxSessions in sshd -T output; patch from imorgan AT nas.nasa.gov
2214 - djm@cvs.openbsd.org 2008/11/04 07:58:09
2216 need unistd.h for close() prototype
2218 - djm@cvs.openbsd.org 2008/11/04 08:22:13
2219 [auth.h auth2.c monitor.c monitor.h monitor_wrap.c monitor_wrap.h]
2220 [readconf.c readconf.h servconf.c servconf.h ssh2.h ssh_config.5]
2221 [sshconnect2.c sshd_config.5 jpake.c jpake.h schnorr.c auth2-jpake.c]
2223 Add support for an experimental zero-knowledge password authentication
2224 method using the J-PAKE protocol described in F. Hao, P. Ryan,
2225 "Password Authenticated Key Exchange by Juggling", 16th Workshop on
2226 Security Protocols, Cambridge, April 2008.
2228 This method allows password-based authentication without exposing
2229 the password to the server. Instead, the client and server exchange
2230 cryptographic proofs to demonstrate of knowledge of the password while
2231 revealing nothing useful to an attacker or compromised endpoint.
2233 This is experimental, work-in-progress code and is presently
2234 compiled-time disabled (turn on -DJPAKE in Makefile.inc).
2236 "just commit it. It isn't too intrusive." deraadt@
2237 - stevesk@cvs.openbsd.org 2008/11/04 19:18:00
2239 because parse_forward() is now used to parse all forward types (DLR),
2240 and it malloc's space for host variables, we don't need to malloc
2241 here. fixes small memory leaks.
2243 previously dynamic forwards were not parsed in parse_forward() and
2244 space was not malloc'd in that case.
2247 - stevesk@cvs.openbsd.org 2008/11/05 03:23:09
2248 [clientloop.c ssh.1]
2249 add dynamic forward escape command line; ok djm@
2253 - sthen@cvs.openbsd.org 2008/07/24 23:55:30
2255 Add "ssh-keygen -F -l" to synopsis (displays fingerprint from
2256 known_hosts). ok djm@
2257 - grunk@cvs.openbsd.org 2008/07/25 06:56:35
2259 Add VisualHostKey to example file, ok djm@
2260 - grunk@cvs.openbsd.org 2008/07/25 07:05:16
2262 In random art visualization, make sure to use the end marker only at the
2263 end. Initial diff by Dirk Loss, tweaks and ok djm@
2264 - markus@cvs.openbsd.org 2008/07/31 14:48:28
2266 don't allocate space for empty banners; report t8m at centrum.cz;
2268 - krw@cvs.openbsd.org 2008/08/02 04:29:51
2270 whitepsace -> whitespace. From Matthew Clarke via bugs@.
2271 - djm@cvs.openbsd.org 2008/08/21 04:09:57
2273 allow ForceCommand internal-sftp with arguments. based on patch from
2274 michael.barabanov AT gmail.com; ok markus@
2275 - djm@cvs.openbsd.org 2008/09/06 12:24:13
2277 OpenSSL 0.9.8h supplies a real EVP_sha256 so we do not need our
2279 (ID sync only for portable - we still need this)
2280 - markus@cvs.openbsd.org 2008/09/11 14:22:37
2281 [compat.c compat.h nchan.c ssh.c]
2282 only send eow and no-more-sessions requests to openssh 5 and newer;
2283 fixes interop problems with broken ssh v2 implementations; ok djm@
2284 - millert@cvs.openbsd.org 2008/10/02 14:39:35
2286 Convert an unchecked strdup to xstrdup. OK deraadt@
2287 - jmc@cvs.openbsd.org 2008/10/03 13:08:12
2289 do not give an example of how to chmod files: we can presume the user
2290 knows that. removes an ambiguity in the permission of authorized_keys;
2292 - deraadt@cvs.openbsd.org 2008/10/03 23:56:28
2294 Repair strnvis() buffersize of 4*n+1, with termination gauranteed by the
2296 spotted by des@freebsd, who commited an incorrect fix to the freebsd tree
2297 and (as is fairly typical) did not report the problem to us. But this fix
2300 - djm@cvs.openbsd.org 2008/10/08 23:34:03
2302 Add -y option to force logging via syslog rather than stderr.
2303 Useful for daemonised ssh connection (ssh -f). Patch originally from
2305 - djm@cvs.openbsd.org 2008/10/09 03:50:54
2306 [servconf.c sshd_config.5]
2307 support setting PermitEmptyPasswords in a Match block
2308 requested in PR3891; ok dtucker@
2309 - jmc@cvs.openbsd.org 2008/10/09 06:54:22
2312 - stevesk@cvs.openbsd.org 2008/10/10 04:55:16
2314 spelling in comment; ok djm@
2315 - stevesk@cvs.openbsd.org 2008/10/10 05:00:12
2317 typo in error message; ok djm@
2318 - stevesk@cvs.openbsd.org 2008/10/10 16:43:27
2320 use 'Privileged ports can be forwarded only when logging in as root on
2321 the remote machine.' for RemoteForward just like ssh.1 -R.
2323 - stevesk@cvs.openbsd.org 2008/10/14 18:11:33
2325 use #define ROQUIET here; no binary change. ok dtucker@
2326 - stevesk@cvs.openbsd.org 2008/10/17 18:36:24
2328 correct and clarify VisualHostKey; ok jmc@
2329 - stevesk@cvs.openbsd.org 2008/10/30 19:31:16
2330 [clientloop.c sshd.c]
2331 don't need to #include "monitor_fdpass.h"
2332 - stevesk@cvs.openbsd.org 2008/10/31 15:05:34
2334 remove unused #define DISPATCH_MIN; ok markus@
2335 - djm@cvs.openbsd.org 2008/11/01 04:50:08
2337 sprinkle ARGSUSED on dispatch handlers
2338 nuke stale unusued prototype
2339 - stevesk@cvs.openbsd.org 2008/11/01 06:43:33
2341 fix some typos in log messages; ok djm@
2342 - sobrado@cvs.openbsd.org 2008/11/01 11:14:36
2343 [ssh-keyscan.1 ssh-keyscan.c]
2344 the ellipsis is not an optional argument; while here, improve spacing.
2345 - stevesk@cvs.openbsd.org 2008/11/01 17:40:33
2346 [clientloop.c readconf.c readconf.h ssh.c]
2347 merge dynamic forward parsing into parse_forward();
2348 'i think this is OK' djm@
2349 - stevesk@cvs.openbsd.org 2008/11/02 00:16:16
2351 protocol 2 tty modes support is now 7.5 years old so remove these
2352 debug3()s; ok deraadt@
2353 - stevesk@cvs.openbsd.org 2008/11/03 01:07:02
2355 remove valueless comment
2356 - stevesk@cvs.openbsd.org 2008/11/03 02:44:41
2359 - (djm) [contrib/caldera/ssh-host-keygen contrib/suse/rc.sshd]
2360 Make example scripts generate keys with default sizes rather than fixed,
2361 non-default 1024 bits; patch from imorgan AT nas.nasa.gov
2362 - (djm) [contrib/sshd.pam.generic contrib/caldera/sshd.pam]
2363 [contrib/redhat/sshd.pam] Move pam_nologin to account group from
2364 incorrect auth group in example files;
2365 patch from imorgan AT nas.nasa.gov
2368 - (dtucker) [config.guess config.sub] Update to latest versions from
2369 http://git.savannah.gnu.org/gitweb/ (2008-04-14 and 2008-06-16
2373 - (dtucker) [openbsd-compat/bsd-poll.c] correctly check for number of FDs
2374 larger than FD_SETSIZE (OpenSSH only ever uses poll with one fd). Patch
2375 from Nicholas Marriott.
2378 - (djm) OpenBSD CVS Sync
2379 - djm@cvs.openbsd.org 2008/07/23 07:36:55
2381 do not try to print options that have been compile-time disabled
2382 in config test mode (sshd -T); report from nix-corp AT esperi.org.uk
2384 - (djm) [servconf.c] Print UsePAM option in config test mode (when it
2385 has been compiled in); report from nix-corp AT esperi.org.uk
2389 - (djm) OpenBSD CVS Sync
2390 - jmc@cvs.openbsd.org 2008/07/18 22:51:01
2392 no need for .Pp before or after .Sh;
2393 - djm@cvs.openbsd.org 2008/07/21 08:19:07
2396 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2397 [contrib/suse/openssh.spec] Update version number in README and RPM specs
2398 - (djm) Release OpenSSH-5.1
2401 - (djm) OpenBSD CVS Sync
2402 - djm@cvs.openbsd.org 2008/07/17 08:48:00
2404 strnvis preauth banner; pointed out by mpf@ ok markus@
2405 - djm@cvs.openbsd.org 2008/07/17 08:51:07
2407 strip trailing '.' from hostname when HostbasedUsesNameFromPacketOnly=yes
2408 report and patch from res AT qoxp.net (bz#1200); ok markus@
2409 - (dtucker) [openbsd-compat/bsd-cygwin_util.c] Remove long-unneeded compat
2410 code, replace with equivalent cygwin library call. Patch from vinschen
2411 at redhat.com, ok djm@.
2412 - (djm) [sshconnect2.c] vis.h isn't available everywhere
2416 - djm@cvs.openbsd.org 2008/07/15 02:23:14
2418 number of pipelined requests is now 64;
2419 prodded by Iain.Morgan AT nasa.gov
2420 - djm@cvs.openbsd.org 2008/07/16 11:51:14
2422 rename variable first_gc -> last_gc (since it is actually the last
2424 - djm@cvs.openbsd.org 2008/07/16 11:52:19
2426 this loop index should be automatic, not static
2429 - (djm) OpenBSD CVS Sync
2430 - sthen@cvs.openbsd.org 2008/07/13 21:22:52
2432 Change "ssh-keygen -F [host] -l" to not display random art unless
2433 -v is also specified, making it consistent with the manual and other
2436 - djm@cvs.openbsd.org 2008/07/13 22:13:07
2438 use struct sockaddr_storage instead of struct sockaddr for accept(2)
2439 address argument. from visibilis AT yahoo.com in bz#1485; ok markus@
2440 - djm@cvs.openbsd.org 2008/07/13 22:16:03
2442 increase number of piplelined requests so they properly fill the
2443 (recently increased) channel window. prompted by rapier AT psc.edu;
2445 - djm@cvs.openbsd.org 2008/07/14 01:55:56
2447 mention requirement for /dev/log inside chroot when using sftp-server
2448 with ChrootDirectory
2449 - (djm) [openbsd-compat/bindresvport.c] Rename variables s/sin/in/ to
2450 avoid clash with sin(3) function; reported by
2451 cristian.ionescu-idbohrn AT axis.com
2452 - (djm) [openbsd-compat/rresvport.c] Add unistd.h for missing close()
2453 prototype; reported by cristian.ionescu-idbohrn AT axis.com
2454 - (djm) [umac.c] Rename variable s/buffer_ptr/bufp/ to avoid clash;
2455 reported by cristian.ionescu-idbohrn AT axis.com
2456 - (djm) [contrib/cygwin/Makefile contrib/cygwin/ssh-host-config]
2457 [contrib/cygwin/ssh-user-config contrib/cygwin/sshd-inetd]
2458 Revamped and simplified Cygwin ssh-host-config script that uses
2459 unified csih configuration tool. Requires recent Cygwin.
2460 Patch from vinschen AT redhat.com
2463 - (djm) OpenBSD CVS Sync
2464 - djm@cvs.openbsd.org 2008/07/12 04:52:50
2466 unbreak; move clearing of cctx struct to before first use
2467 reported by dkrause@
2468 - djm@cvs.openbsd.org 2008/07/12 05:33:41
2470 better description for -i flag:
2471 s/RSA authentication/public key authentication/
2472 - (djm) [openbsd-compat/fake-rfc2553.c openbsd-compat/fake-rfc2553.h]
2473 return EAI_FAMILY when trying to lookup unsupported address family;
2474 from vinschen AT redhat.com
2477 - (djm) OpenBSD CVS Sync
2478 - stevesk@cvs.openbsd.org 2008/07/07 00:31:41
2480 we don't need arg after the debug3() was removed. from lint.
2482 - stevesk@cvs.openbsd.org 2008/07/07 23:32:51
2484 /*NOTREACHED*/ for lint warning:
2485 warning: function key_equal falls off bottom without returning value
2487 - markus@cvs.openbsd.org 2008/07/10 18:05:58
2489 missing bzero; from mickey; ok djm@
2490 - markus@cvs.openbsd.org 2008/07/10 18:08:11
2491 [clientloop.c monitor.c monitor_wrap.c packet.c packet.h sshd.c]
2492 sync v1 and v2 traffic accounting; add it to sshd, too;
2496 - (djm) [Makefile.in] Print "all tests passed" when all regress tests pass
2497 - (djm) [auth1.c] Fix format string vulnerability in protocol 1 PAM
2498 account check failure path. The vulnerable format buffer is supplied
2499 from PAM and should not contain attacker-supplied data.
2500 - (djm) [auth.c] Missing unistd.h for close()
2501 - (djm) [configure.ac] Add -Wformat-security to CFLAGS for gcc 3.x and 4.x
2504 - (djm) [auth.c] Fixed test for locked account on HP/UX with shadowed
2505 passwords disabled. bz#1083 report & patch from senthilkumar_sen AT
2506 hotpop.com, w/ dtucker@
2507 - (djm) [atomicio.c configure.ac] Disable poll() fallback in atomiciov for
2508 Tru64. readv doesn't seem to be a comparable object there.
2509 bz#1386, patch from dtucker@ ok me
2510 - (djm) [Makefile.in] Pass though pass to conch for interop tests
2511 - (djm) [configure.ac] unbreak: remove extra closing brace
2512 - (djm) OpenBSD CVS Sync
2513 - djm@cvs.openbsd.org 2008/07/04 23:08:25
2515 handle EINTR in packet_write_poll()l ok dtucker@
2516 - djm@cvs.openbsd.org 2008/07/04 23:30:16
2518 Make protocol 1 MaxAuthTries logic match protocol 2's.
2519 Do not treat the first protocol 2 authentication attempt as
2520 a failure IFF it is for method "none".
2521 Makes MaxAuthTries' user-visible behaviour identical for
2524 - djm@cvs.openbsd.org 2008/07/05 05:16:01
2529 - (dtucker) OpenBSD CVS Sync
2530 - djm@cvs.openbsd.org 2008/07/02 13:30:34
2532 really really remove the freebie "none" auth try for protocol 2
2533 - djm@cvs.openbsd.org 2008/07/02 13:47:39
2535 When forking after authentication ("ssh -f") with ExitOnForwardFailure
2536 enabled, delay the fork until after replies for any -R forwards have
2537 been seen. Allows for robust detection of -R forward failure when
2538 using -f (similar to bz#92); ok dtucker@
2539 - otto@cvs.openbsd.org 2008/07/03 21:46:58
2541 avoid nasty double free; ok dtucker@ djm@
2542 - djm@cvs.openbsd.org 2008/07/04 03:44:59
2543 [servconf.c groupaccess.h groupaccess.c]
2544 support negation of groups in "Match group" block (bz#1315); ok dtucker@
2545 - dtucker@cvs.openbsd.org 2008/07/04 03:47:02
2547 Make debug a little clearer. ok djm@
2548 - djm@cvs.openbsd.org 2008/06/30 08:07:34
2549 [regress/key-options.sh]
2550 shell portability: use "=" instead of "==" in test(1) expressions,
2551 double-quote string with backslash escaped /
2552 - djm@cvs.openbsd.org 2008/06/30 10:31:11
2553 [regress/{putty-transfer,putty-kex,putty-ciphers}.sh]
2554 remove "set -e" left over from debugging
2555 - djm@cvs.openbsd.org 2008/06/30 10:43:03
2556 [regress/conch-ciphers.sh]
2557 explicitly disable conch options that could interfere with the test
2558 - (dtucker) [sftp-server.c] Bug #1447: fall back to racy rename if link
2559 returns EXDEV. Patch from Mike Garrison, ok djm@
2560 - (djm) [atomicio.c channels.c clientloop.c defines.h includes.h]
2561 [packet.c scp.c serverloop.c sftp-client.c ssh-agent.c ssh-keyscan.c]
2562 [sshd.c] Explicitly handle EWOULDBLOCK wherever we handle EAGAIN, on
2563 some platforms (HP nonstop) it is a distinct errno;
2564 bz#1467 reported by sconeu AT yahoo.com; ok dtucker@
2567 - (dtucker) OpenBSD CVS Sync
2568 - djm@cvs.openbsd.org 2008/06/30 08:05:59
2570 typo: s/constraint_date/constraint_data/
2571 - djm@cvs.openbsd.org 2008/06/30 12:15:39
2573 only pass channel requests on session channels through to the session
2574 channel handler, avoiding spurious log messages; ok! markus@
2575 - djm@cvs.openbsd.org 2008/06/30 12:16:02
2577 only send eow@openssh.com notifications for session channels; ok! markus@
2578 - djm@cvs.openbsd.org 2008/06/30 12:18:34
2580 clarify that eow@openssh.com is only sent on session channels
2581 - dtucker@cvs.openbsd.org 2008/07/01 07:20:52
2583 Check ExitOnForwardFailure if forwardings are disabled due to a failed
2584 host key check. ok djm@
2585 - dtucker@cvs.openbsd.org 2008/07/01 07:24:22
2586 [sshconnect.c sshd.c]
2587 Send CR LF during protocol banner exchanges, but only for Protocol 2 only,
2588 in order to comply with RFC 4253. bz #1443, ok djm@
2589 - stevesk@cvs.openbsd.org 2008/07/01 23:12:47
2591 fix some typos; ok djm@
2592 - djm@cvs.openbsd.org 2008/07/02 02:24:18
2593 [sshd_config sshd_config.5 sshd.8 servconf.c]
2594 increase default size of ssh protocol 1 ephemeral key from 768 to 1024
2595 bits; prodded by & ok dtucker@ ok deraadt@
2596 - dtucker@cvs.openbsd.org 2008/07/02 12:03:51
2597 [auth-rsa.c auth.c auth2-pubkey.c auth.h]
2598 Merge duplicate host key file checks, based in part on a patch from Rob
2599 Holland via bz #1348 . Also checks for non-regular files during protocol
2601 - djm@cvs.openbsd.org 2008/07/02 12:36:39
2602 [auth2-none.c auth2.c]
2603 Make protocol 2 MaxAuthTries behaviour a little more sensible:
2604 Check whether client has exceeded MaxAuthTries before running
2605 an authentication method and skip it if they have, previously it
2606 would always allow one try (for "none" auth).
2607 Preincrement failure count before post-auth test - previously this
2608 checked and postincremented, also to allow one "none" try.
2609 Together, these two changes always count the "none" auth method
2610 which could be skipped by a malicious client (e.g. an SSH worm)
2611 to get an extra attempt at a real auth method. They also make
2612 MaxAuthTries=0 a useful way to block users entirely (esp. in a
2613 sshd_config Match block).
2614 Also, move sending of any preauth banner from "none" auth method
2615 to the first call to input_userauth_request(), so worms that skip
2616 the "none" method get to see it too.
2619 - (djm) OpenBSD CVS Sync
2620 - dtucker@cvs.openbsd.org 2008/06/10 23:13:43
2621 [regress/Makefile regress/key-options.sh]
2622 Add regress test for key options. ok djm@
2623 - dtucker@cvs.openbsd.org 2008/06/11 23:11:40
2625 Don't run cipher-speed test by default; mistakenly enabled by me
2626 - djm@cvs.openbsd.org 2008/06/28 13:57:25
2627 [regress/Makefile regress/test-exec.sh regress/conch-ciphers.sh]
2628 very basic regress test against Twisted Conch in "make interop"
2629 target (conch is available in ports/devel/py-twisted/conch);
2631 - (djm) [regress/Makefile] search for conch by path, like we do putty
2634 - (djm) OpenBSD CVS Sync
2635 - martynas@cvs.openbsd.org 2008/06/21 07:46:46
2637 use optopt to get invalid flag, instead of return value of getopt,
2638 which is always '?'; ok djm@
2639 - otto@cvs.openbsd.org 2008/06/25 11:13:43
2641 add key length to visual fingerprint; zap magical constants;
2643 - djm@cvs.openbsd.org 2008/06/26 06:10:09
2644 [sftp-client.c sftp-server.c]
2645 allow the sftp chmod(2)-equivalent operation to set set[ug]id/sticky
2646 bits. Note that this only affects explicit setting of modes (e.g. via
2647 sftp(1)'s chmod command) and not file transfers. (bz#1310)
2649 - djm@cvs.openbsd.org 2008/06/26 09:19:40
2650 [dh.c dh.h moduli.c]
2651 when loading moduli from /etc/moduli in sshd(8), check that they
2652 are of the expected "safe prime" structure and have had
2653 appropriate primality tests performed;
2654 feedback and ok dtucker@
2655 - grunk@cvs.openbsd.org 2008/06/26 11:46:31
2656 [readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
2657 Move SSH Fingerprint Visualization away from sharing the config option
2658 CheckHostIP to an own config option named VisualHostKey.
2659 While there, fix the behaviour that ssh would draw a random art picture
2660 on every newly seen host even when the option was not enabled.
2661 prodded by deraadt@, discussions,
2662 help and ok markus@ djm@ dtucker@
2663 - jmc@cvs.openbsd.org 2008/06/26 21:11:46
2665 add VisualHostKey to the list of options listed in -o;
2666 - djm@cvs.openbsd.org 2008/06/28 07:25:07
2669 - djm@cvs.openbsd.org 2008/06/28 13:58:23
2671 refuse to add a key that has unknown constraints specified;
2673 - djm@cvs.openbsd.org 2008/06/28 14:05:15
2675 reset global compat flag after processing a protocol 2 signature
2676 request with the legacy DSA encoding flag set; ok markus
2677 - djm@cvs.openbsd.org 2008/06/28 14:08:30
2678 [PROTOCOL PROTOCOL.agent]
2679 document the protocol used by ssh-agent; "looks ok" markus@
2682 - (djm) [RFC.nroff contrib/cygwin/Makefile contrib/suse/openssh.spec]
2683 RFC.nroff lacks a license, remove it (it is long gone in OpenBSD).
2686 - (djm) [Makefile.in moduli.5] Include moduli(5) manpage from OpenBSD.
2688 - (djm) [ contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2689 [contrib/suse/openssh.spec] Include moduli.5 in RPM spec files.
2692 - (dtucker) OpenBSD CVS Sync
2693 - dtucker@cvs.openbsd.org 2008/06/16 13:22:53
2694 [session.c channels.c]
2695 Rename the isatty argument to is_tty so we don't shadow
2696 isatty(3). ok markus@
2697 - (dtucker) [channels.c] isatty -> is_tty here too.
2700 - (dtucker) [configure.ac] Enable -fno-builtin-memset when using gcc.
2702 - dtucker@cvs.openbsd.org 2008/06/14 15:49:48
2704 wrap long line at 80 chars
2705 - dtucker@cvs.openbsd.org 2008/06/14 17:07:11
2707 ensure default umask disallows at least group and world write; ok djm@
2708 - djm@cvs.openbsd.org 2008/06/14 18:33:43
2710 suppress the warning message from chdir(homedir) failures
2711 when chrooted (bz#1461); ok dtucker
2712 - dtucker@cvs.openbsd.org 2008/06/14 19:42:10
2714 Mention that scp follows symlinks during -r. bz #1466,
2715 from nectar at apple
2716 - dtucker@cvs.openbsd.org 2008/06/15 16:55:38
2718 MaxSessions is allowed in a Match block too
2719 - dtucker@cvs.openbsd.org 2008/06/15 16:58:40
2720 [servconf.c sshd_config.5]
2721 Allow MaxAuthTries within a Match block. ok djm@
2722 - djm@cvs.openbsd.org 2008/06/15 20:06:26
2723 [channels.c channels.h session.c]
2724 don't call isatty() on a pty master, instead pass a flag down to
2725 channel_set_fds() indicating that te fds refer to a tty. Fixes a
2726 hang on exit on Solaris (bz#1463) in portable but is actually
2727 a generic bug; ok dtucker deraadt markus
2730 - (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction
2731 replacement code; patch from ighighi AT gmail.com in bz#1240;
2735 - (dtucker) OpenBSD CVS Sync
2736 - deraadt@cvs.openbsd.org 2008/06/13 09:44:36
2738 compile on older gcc; no decl after code
2739 - dtucker@cvs.openbsd.org 2008/06/13 13:56:59
2741 Clear key options in the monitor on failed authentication, prevents
2742 applying additional restrictions to non-pubkey authentications in
2743 the case where pubkey fails but another method subsequently succeeds.
2744 bz #1472, found by Colin Watson, ok markus@ djm@
2745 - dtucker@cvs.openbsd.org 2008/06/13 14:18:51
2746 [auth2-pubkey.c auth-rhosts.c]
2747 Include unistd.h for close(), prevents warnings in -portable
2748 - dtucker@cvs.openbsd.org 2008/06/13 17:21:20
2750 Friendlier error messages for mux fallback. ok djm@
2751 - dtucker@cvs.openbsd.org 2008/06/13 18:55:22
2753 Prevent -Wsign-compare warnings on LP64 systems. bz #1192, ok deraadt@
2754 - grunk@cvs.openbsd.org 2008/06/13 20:13:26
2756 Explain the use of SSH fpr visualization using random art, and cite the
2757 original scientific paper inspiring that technique.
2758 Much help with English and nroff by jmc@, thanks.
2759 - (dtucker) [configure.ac] Bug #1276: avoid linking against libgssapi, which
2760 despite its name doesn't seem to implement all of GSSAPI. Patch from
2761 Jan Engelhardt, sanity checked by Simon Wilkinson.
2764 - (dtucker) OpenBSD CVS Sync
2765 - jmc@cvs.openbsd.org 2008/06/11 07:30:37
2767 kill trailing whitespace;
2768 - grunk@cvs.openbsd.org 2008/06/11 21:01:35
2769 [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c key.c
2771 Introduce SSH Fingerprint ASCII Visualization, a technique inspired by the
2772 graphical hash visualization schemes known as "random art", and by
2773 Dan Kaminsky's musings on the subject during a BlackOp talk at the
2775 Scientific publication (original paper):
2776 "Hash Visualization: a New Technique to improve Real-World Security",
2777 Perrig A. and Song D., 1999, International Workshop on Cryptographic
2778 Techniques and E-Commerce (CrypTEC '99)
2779 http://sparrow.ece.cmu.edu/~adrian/projects/validation/validation.pdf
2780 The algorithm used here is a worm crawling over a discrete plane,
2781 leaving a trace (augmenting the field) everywhere it goes.
2782 Movement is taken from dgst_raw 2bit-wise. Bumping into walls
2783 makes the respective movement vector be ignored for this turn,
2784 thus switching to the other color of the chessboard.
2785 Graphs are not unambiguous for now, because circles in graphs can be
2786 walked in either direction.
2787 discussions with several people,
2788 help, corrections and ok markus@ djm@
2789 - grunk@cvs.openbsd.org 2008/06/11 21:38:25
2791 ssh-keygen -lv -f /etc/ssh/ssh_host_rsa_key.pub
2792 would not display you the random art as intended, spotted by canacar@
2793 - grunk@cvs.openbsd.org 2008/06/11 22:20:46
2794 [ssh-keygen.c ssh-keygen.1]
2795 ssh-keygen would write fingerprints to STDOUT, and random art to STDERR,
2796 that is not how it was envisioned.
2797 Also correct manpage saying that -v is needed along with -l for it to work.
2799 - otto@cvs.openbsd.org 2008/06/11 23:02:22
2801 simpler way of computing the augmentations; ok grunk@
2802 - grunk@cvs.openbsd.org 2008/06/11 23:03:56
2804 CheckHostIP set to ``fingerprint'' will display both hex and random art
2806 - grunk@cvs.openbsd.org 2008/06/11 23:51:57
2808 #define statements that are not atoms need braces around them, else they
2809 will cause trouble in some cases.
2810 Also do a computation of -1 once, and not in a loop several times.
2812 - dtucker@cvs.openbsd.org 2008/06/12 00:03:49
2813 [dns.c canohost.c sshconnect.c]
2814 Do not pass "0" strings as ports to getaddrinfo because the lookups
2815 can slow things down and we never use the service info anyway. bz
2816 #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
2818 djm belives that the reason for the "0" strings is to ensure that
2819 it's not possible to call getaddrinfo with both host and port being
2820 NULL. In the case of canohost.c host is a local array. In the
2821 case of sshconnect.c, it's checked for null immediately before use.
2822 In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
2823 be non-null but it's not obvious, so I added a warning message in
2824 case it is ever passed a null.
2825 - grunk@cvs.openbsd.org 2008/06/12 00:13:55
2827 Make ssh print the random art also when ssh'ing to a host using IP only.
2828 spotted by naddy@, ok and help djm@ dtucker@
2829 - otto@cvs.openbsd.org 2008/06/12 00:13:13
2831 use an odd number of rows and columns and a separate start marker, looks
2833 - djm@cvs.openbsd.org 2008/06/12 03:40:52
2834 [clientloop.h mux.c channels.c clientloop.c channels.h]
2835 Enable ~ escapes for multiplex slave sessions; give each channel
2836 its own escape state and hook the escape filters up to muxed
2838 Mux slaves do not currently support the ~^Z and ~& escapes.
2839 NB. this change cranks the mux protocol version, so a new ssh
2840 mux client will not be able to connect to a running old ssh
2843 - djm@cvs.openbsd.org 2008/06/12 04:06:00
2844 [clientloop.h ssh.c clientloop.c]
2845 maintain an ordered queue of outstanding global requests that we
2846 expect replies to, similar to the per-channel confirmation queue.
2847 Use this queue to verify success or failure for remote forward
2848 establishment in a race free way.
2850 - djm@cvs.openbsd.org 2008/06/12 04:17:47
2852 thall shalt not code past the eightieth column
2853 - djm@cvs.openbsd.org 2008/06/12 04:24:06
2855 thal shalt not code past the eightieth column
2856 - djm@cvs.openbsd.org 2008/06/12 05:15:41
2858 document tun@openssh.com forwarding method
2859 - djm@cvs.openbsd.org 2008/06/12 05:32:30
2861 some more TODO for me
2862 - grunk@cvs.openbsd.org 2008/06/12 05:42:46
2864 supply the key type (rsa1, rsa, dsa) as a caption in the frame of the
2865 random art. while there, stress the fact that the field base should at
2866 least be 8 characters for the pictures to make sense.
2868 - grunk@cvs.openbsd.org 2008/06/12 06:32:59
2870 We already mark the start of the worm, now also mark the end of the worm
2871 in our random art drawings.
2873 - djm@cvs.openbsd.org 2008/06/12 15:19:17
2874 [clientloop.h channels.h clientloop.c channels.c mux.c]
2875 The multiplexing escape char handler commit last night introduced a
2876 small memory leak per session; plug it.
2877 - dtucker@cvs.openbsd.org 2008/06/12 16:35:31
2878 [ssh_config.5 ssh.c]
2879 keyword expansion for localcommand. ok djm@
2880 - jmc@cvs.openbsd.org 2008/06/12 19:10:09
2881 [ssh_config.5 ssh-keygen.1]
2882 tweak the ascii art text; ok grunk
2883 - dtucker@cvs.openbsd.org 2008/06/12 20:38:28
2884 [sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
2885 Make keepalive timeouts apply while waiting for a packet, particularly
2886 during key renegotiation (bz #1363). With djm and Matt Day, ok djm@
2887 - djm@cvs.openbsd.org 2008/06/12 20:47:04
2889 print extension revisions for extensions that we understand
2890 - djm@cvs.openbsd.org 2008/06/12 21:06:25
2892 I was coalescing expected global request confirmation replies at
2893 the wrong end of the queue - fix; prompted by markus@
2894 - grunk@cvs.openbsd.org 2008/06/12 21:14:46
2896 make ssh-keygen -lf show the key type just as ssh-add -l would do it
2898 - grunk@cvs.openbsd.org 2008/06/12 22:03:36
2900 add my copyright, ok djm@
2901 - ian@cvs.openbsd.org 2008/06/12 23:24:58
2903 tweak wording in message, ok deraadt@ jmc@
2904 - dtucker@cvs.openbsd.org 2008/06/13 00:12:02
2906 replace __dead with __attribute__((noreturn)), makes things
2907 a little easier to port. Also, add it to sigdie(). ok djm@
2908 - djm@cvs.openbsd.org 2008/06/13 00:16:49
2910 fall back to creating a new TCP connection on most multiplexing errors
2911 (socket connect fail, invalid version, refused permittion, corrupted
2912 messages, etc.); bz #1329 ok dtucker@
2913 - dtucker@cvs.openbsd.org 2008/06/13 00:47:53
2915 upcast size_t to u_long to match format arg; ok djm@
2916 - dtucker@cvs.openbsd.org 2008/06/13 00:51:47
2918 upcast another size_t to u_long to match format
2919 - dtucker@cvs.openbsd.org 2008/06/13 01:38:23
2921 upcast uid to long with matching %ld, prevents warnings in portable
2922 - djm@cvs.openbsd.org 2008/06/13 04:40:22
2923 [auth2-pubkey.c auth-rhosts.c]
2924 refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
2925 regular files; report from Solar Designer via Colin Watson in bz#1471
2927 - (dtucker) [clientloop.c serverloop.c] channel_register_filter now
2928 takes 2 more args. with djm@
2929 - (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
2931 - (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64 SIA
2932 systems. Patch from R. Scott Bailey.
2933 - (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are never used
2934 on big endian machines, so ifdef them for little-endian only to prevent
2935 unused function warnings on big-endians.
2936 - (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent
2937 compiler warnings on some platforms. Based on a discussion with otto@
2940 - (djm) [channels.c configure.ac]
2941 Do not set SO_REUSEADDR on wildcard X11 listeners (X11UseLocalhost=no)
2945 - (dtucker) OpenBSD CVS Sync
2946 - djm@cvs.openbsd.org 2008/06/10 03:57:27
2947 [servconf.c match.h sshd_config.5]
2948 support CIDR address matching in sshd_config "Match address" blocks, with
2949 full support for negation and fall-back to classic wildcard matching.
2951 Match address 192.0.2.0/24,3ffe:ffff::/32,!10.*
2952 PasswordAuthentication yes
2953 addrmatch.c code mostly lifted from flowd's addr.c
2954 feedback and ok dtucker@
2955 - djm@cvs.openbsd.org 2008/06/10 04:17:46
2957 better reference for pattern-list
2958 - dtucker@cvs.openbsd.org 2008/06/10 04:50:25
2959 [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
2960 Add extended test mode (-T) and connection parameters for test mode (-C).
2961 -T causes sshd to write its effective configuration to stdout and exit.
2962 -C causes any relevant Match rules to be applied before output. The
2963 combination allows tesing of the parser and config files. ok deraadt djm
2964 - jmc@cvs.openbsd.org 2008/06/10 07:12:00
2967 - jmc@cvs.openbsd.org 2008/06/10 08:17:40
2970 - fix SYNOPSIS, and sort options
2971 - some minor additional fixes
2972 - dtucker@cvs.openbsd.org 2008/06/09 18:06:32
2973 [regress/test-exec.sh]
2974 Don't generate putty keys if we're not going to use them. ok djm
2975 - dtucker@cvs.openbsd.org 2008/06/10 05:23:32
2976 [regress/addrmatch.sh regress/Makefile]
2977 Regress test for Match CIDR rules. ok djm@
2978 - dtucker@cvs.openbsd.org 2008/06/10 15:21:41
2980 Use a more portable construct for checking if we're running a putty test
2981 - dtucker@cvs.openbsd.org 2008/06/10 15:28:49
2984 - dtucker@cvs.openbsd.org 2008/06/10 18:21:24
2986 clarify that Host patterns are space-separated. ok deraadt
2987 - djm@cvs.openbsd.org 2008/06/10 22:15:23
2988 [PROTOCOL ssh.c serverloop.c]
2989 Add a no-more-sessions@openssh.com global request extension that the
2990 client sends when it knows that it will never request another session
2991 (i.e. when session multiplexing is disabled). This allows a server to
2992 disallow further session requests and terminate the session.
2993 Why would a non-multiplexing client ever issue additional session
2994 requests? It could have been attacked with something like SSH'jack:
2995 http://www.storm.net.nz/projects/7
2996 feedback & ok markus
2997 - djm@cvs.openbsd.org 2008/06/10 23:06:19
2998 [auth-options.c match.c servconf.c addrmatch.c sshd.8]
2999 support CIDR address matching in .ssh/authorized_keys from="..." stanzas
3000 ok and extensive testing dtucker@
3001 - dtucker@cvs.openbsd.org 2008/06/10 23:21:34
3003 Use '\0' for a nul byte rather than unadorned 0. ok djm@
3004 - dtucker@cvs.openbsd.org 2008/06/10 23:13:43
3005 [Makefile regress/key-options.sh]
3006 Add regress test for key options. ok djm@
3007 - (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id to sockaddr_in6
3008 since the new CIDR code in addmatch.c references it.
3009 - (dtucker) [Makefile.in configure.ac regress/addrmatch.sh] Skip IPv6
3010 specific tests on platforms that don't do IPv6.
3011 - (dtucker) [Makefile.in] Define TEST_SSH_IPV6 in make's arguments as well
3013 - (dtucker) [Makefile.in] Move addrmatch.o to libssh.a where it's needed now.
3016 - (dtucker) OpenBSD CVS Sync
3017 - dtucker@cvs.openbsd.org 2008/06/08 17:04:41
3019 Add case for ENOSYS in errno_to_portable; ok deraadt
3020 - dtucker@cvs.openbsd.org 2008/06/08 20:15:29
3021 [sftp.c sftp-client.c sftp-client.h]
3022 Have the sftp client store the statvfs replies in wire format,
3023 which prevents problems when the server's native sizes exceed the
3025 Also extends the sizes of the remaining 32bit wire format to 64bit,
3026 they're specified as unsigned long in the standard.
3027 - dtucker@cvs.openbsd.org 2008/06/09 13:02:39
3029 Extend 32bit -> 64bit values for statvfs extension missed in previous
3031 - dtucker@cvs.openbsd.org 2008/06/09 13:38:46
3033 Use a $OpenBSD tag so our scripts will sync changes.
3036 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c
3037 openbsd-compat/Makefile.in openbsd-compat/openbsd-compat.h
3038 openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of statvfs and
3039 fstatvfs and remove #defines around statvfs code. ok djm@
3040 - (dtucker) [configure.ac defines.h sftp-client.c M sftp-server.c] Add a
3041 macro to convert fsid to unsigned long for platforms where fsid is a
3045 - (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H.
3046 - (dtucker) [configure.ac defines.h sftp-client.c sftp-server.c sftp.c]
3047 Do not enable statvfs extensions on platforms that do not have statvfs.
3048 - (dtucker) OpenBSD CVS Sync
3049 - djm@cvs.openbsd.org 2008/05/19 06:14:02
3050 [packet.c] unbreak protocol keepalive timeouts bz#1465; ok dtucker@
3051 - djm@cvs.openbsd.org 2008/05/19 15:45:07
3052 [sshtty.c ttymodes.c sshpty.h]
3053 Fix sending tty modes when stdin is not a tty (bz#1199). Previously
3054 we would send the modes corresponding to a zeroed struct termios,
3055 whereas we should have been sending an empty list of modes.
3056 Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
3057 - djm@cvs.openbsd.org 2008/05/19 15:46:31
3059 support -l (print fingerprint) in combination with -F (find host) to
3060 search for a host in ~/.ssh/known_hosts and display its fingerprint;
3062 - djm@cvs.openbsd.org 2008/05/19 20:53:52
3064 unbreak tree by committing this bit that I missed from:
3065 Fix sending tty modes when stdin is not a tty (bz#1199). Previously
3066 we would send the modes corresponding to a zeroed struct termios,
3067 whereas we should have been sending an empty list of modes.
3068 Based on patch from daniel.ritz AT alcatel.ch; ok dtucker@ markus@
3071 - (djm) [openbsd-compat/bsd-arc4random.c] Fix math bug that caused bias
3072 in arc4random_uniform with upper_bound in (2^30,2*31). Note that
3073 OpenSSH did not make requests with upper bounds in this range.
3076 - (djm) [configure.ac mux.c sftp.c openbsd-compat/Makefile.in]
3077 [openbsd-compat/fmt_scaled.c openbsd-compat/openbsd-compat.h]
3078 Fix compilation on Linux, including pulling in fmt_scaled(3)
3079 implementation from OpenBSD's libutil.
3082 - (djm) OpenBSD CVS Sync
3083 - djm@cvs.openbsd.org 2008/04/04 05:14:38
3085 ChrootDirectory is supported in Match blocks (in fact, it is most useful
3086 there). Spotted by Minstrel AT minstrel.org.uk
3087 - djm@cvs.openbsd.org 2008/04/04 06:44:26
3089 oops, some unrelated stuff crept into that commit - backout.
3091 - djm@cvs.openbsd.org 2008/04/05 02:46:02
3093 HostbasedAuthentication is supported under Match too
3094 - (djm) [openbsd-compat/bsd-arc4random.c openbsd-compat/openbsd-compat.c]
3095 [configure.ac] Implement arc4random_buf(), import implementation of
3096 arc4random_uniform() from OpenBSD
3097 - (djm) [openbsd-compat/bsd-arc4random.c] Warning fixes
3098 - (djm) [openbsd-compat/port-tun.c] needs sys/queue.h
3099 - (djm) OpenBSD CVS Sync
3100 - djm@cvs.openbsd.org 2008/04/13 00:22:17
3102 Use arc4random_buf() when requesting more than a single word of output
3103 Use arc4random_uniform() when the desired random number upper bound
3104 is not a power of two
3105 ok deraadt@ millert@
3106 - djm@cvs.openbsd.org 2008/04/18 12:32:11
3107 [sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c sftp.h]
3108 introduce sftp extension methods statvfs@openssh.com and
3109 fstatvfs@openssh.com that implement statvfs(2)-like operations,
3110 based on a patch from miklos AT szeredi.hu (bz#1399)
3111 also add a "df" command to the sftp client that uses the
3112 statvfs@openssh.com to produce a df(1)-like display of filesystem
3113 space and inode utilisation
3115 - jmc@cvs.openbsd.org 2008/04/18 17:15:47
3118 - djm@cvs.openbsd.org 2008/04/18 22:01:33
3120 remove unneccessary parentheses
3121 - otto@cvs.openbsd.org 2008/04/29 11:20:31
3123 garbage collect two unused fields in struct mm_master; ok markus@
3124 - djm@cvs.openbsd.org 2008/04/30 10:14:03
3125 [ssh-keyscan.1 ssh-keyscan.c]
3126 default to rsa (protocol 2) keys, instead of rsa1 keys; spotted by
3127 larsnooden AT openoffice.org
3128 - pyr@cvs.openbsd.org 2008/05/07 05:49:37
3129 [servconf.c servconf.h session.c sshd_config.5]
3130 Enable the AllowAgentForwarding option in sshd_config (global and match
3131 context), to specify if agents should be permitted on the server.
3132 As the man page states:
3133 ``Note that disabling Agent forwarding does not improve security
3134 unless users are also denied shell access, as they can always install
3135 their own forwarders.''
3136 ok djm@, ok and a mild frown markus@
3137 - pyr@cvs.openbsd.org 2008/05/07 06:43:35
3139 push the sshd_config bits in, spotted by ajacoutot@
3140 - jmc@cvs.openbsd.org 2008/05/07 08:00:14
3143 - markus@cvs.openbsd.org 2008/05/08 06:59:01
3144 [bufaux.c buffer.h channels.c packet.c packet.h]
3145 avoid extra malloc/copy/free when receiving data over the net;
3146 ~10% speedup for localhost-scp; ok djm@
3147 - djm@cvs.openbsd.org 2008/05/08 12:02:23
3148 [auth-options.c auth1.c channels.c channels.h clientloop.c gss-serv.c]
3149 [monitor.c monitor_wrap.c nchan.c servconf.c serverloop.c session.c]
3151 Implement a channel success/failure status confirmation callback
3152 mechanism. Each channel maintains a queue of callbacks, which will
3153 be drained in order (RFC4253 guarantees confirm messages are not
3154 reordered within an channel).
3155 Also includes a abandonment callback to clean up if a channel is
3156 closed without sending confirmation messages. This probably
3157 shouldn't happen in compliant implementations, but it could be
3158 abused to leak memory.
3159 ok markus@ (as part of a larger diff)
3160 - djm@cvs.openbsd.org 2008/05/08 12:21:16
3161 [monitor.c monitor_wrap.c session.h servconf.c servconf.h session.c]
3162 [sshd_config sshd_config.5]
3163 Make the maximum number of sessions run-time controllable via
3164 a sshd_config MaxSessions knob. This is useful for disabling
3165 login/shell/subsystem access while leaving port-forwarding working
3166 (MaxSessions 0), disabling connection multiplexing (MaxSessions 1) or
3167 simply increasing the number of allows multiplexed sessions.
3168 Because some bozos are sure to configure MaxSessions in excess of the
3169 number of available file descriptors in sshd (which, at peak, might be
3170 as many as 9*MaxSessions), audit sshd to ensure that it doesn't leak fds
3171 on error paths, and make it fail gracefully on out-of-fd conditions -
3172 sending channel errors instead of than exiting with fatal().
3173 bz#1090; MaxSessions config bits and manpage from junyer AT gmail.com
3175 - djm@cvs.openbsd.org 2008/05/08 13:06:11
3176 [clientloop.c clientloop.h ssh.c]
3177 Use new channel status confirmation callback system to properly deal
3178 with "important" channel requests that fail, in particular command exec,
3179 shell and subsystem requests. Previously we would optimistically assume
3180 that the requests would always succeed, which could cause hangs if they
3181 did not (e.g. when the server runs out of fds) or were unimplemented by
3182 the server (bz #1384)
3183 Also, properly report failing multiplex channel requests via the mux
3184 client stderr (subject to LogLevel in the mux master) - better than
3186 most bits ok markus@ (as part of a larger diff)
3187 - djm@cvs.openbsd.org 2008/05/09 04:55:56
3188 [channels.c channels.h clientloop.c serverloop.c]
3189 Try additional addresses when connecting to a port forward destination
3190 whose DNS name resolves to more than one address. The previous behaviour
3191 was to try the first address and give up.
3192 Reported by stig AT venaas.com in bz#343
3193 great feedback and ok markus@
3194 - djm@cvs.openbsd.org 2008/05/09 14:18:44
3195 [clientloop.c clientloop.h ssh.c mux.c]
3196 tidy up session multiplexing code, moving it into its own file and
3197 making the function names more consistent - making ssh.c and
3198 clientloop.c a fair bit more readable.
3200 - djm@cvs.openbsd.org 2008/05/09 14:26:08
3202 dingo stole my diff hunk
3203 - markus@cvs.openbsd.org 2008/05/09 16:16:06
3205 re-add the USE_PIPES code and enable it.
3206 without pipes shutdown-read from the sshd does not trigger
3207 a SIGPIPE when the forked program does a write.
3209 (Id sync only, USE_PIPES never left portable OpenSSH)
3210 - markus@cvs.openbsd.org 2008/05/09 16:17:51
3212 error-fd race: don't enable the error fd in the select bitmask
3213 for channels with both in- and output closed, since the channel
3214 will go away before we call select();
3215 report, lots of debugging help and ok djm@
3216 - markus@cvs.openbsd.org 2008/05/09 16:21:13
3217 [channels.h clientloop.c nchan.c serverloop.c]
3219 ssh -2 localhost od /bin/ls | true
3220 ignoring SIGPIPE by adding a new channel message (EOW) that signals
3221 the peer that we're not interested in any data it might send.
3222 fixes bz #85; discussion, debugging and ok djm@
3223 - pvalchev@cvs.openbsd.org 2008/05/12 20:52:20
3225 Ensure nh_result lies on a 64-bit boundary (fixes warnings observed
3226 on Itanium on Linux); from Dale Talcott (bug #1462); ok djm@
3227 - djm@cvs.openbsd.org 2008/05/15 23:52:24
3229 document eow message in ssh protocol 2 channel state machine;
3230 feedback and ok markus@
3231 - djm@cvs.openbsd.org 2008/05/18 21:29:05
3233 comment extension announcement
3234 - djm@cvs.openbsd.org 2008/05/16 08:30:42
3236 document our protocol extensions and deviations; ok markus@
3237 - djm@cvs.openbsd.org 2008/05/17 01:31:56
3239 grammar and correctness fixes from stevesk@
3242 - (djm) [openbsd-compat/bsd-poll.c] Include stdlib.h to avoid compile-
3243 time warnings on LynxOS. Patch from ops AT iki.fi
3244 - (djm) Force string arguments to replacement setproctitle() though
3245 strnvis first. Ok dtucker@
3248 - (djm) OpenBSD CVS sync:
3249 - markus@cvs.openbsd.org 2008/04/02 15:36:51
3251 avoid possible hijacking of x11-forwarded connections (back out 1.183)
3252 CVE-2008-1483; ok djm@
3253 - jmc@cvs.openbsd.org 2008/03/27 22:37:57
3255 remove trailing whitespace;
3256 - djm@cvs.openbsd.org 2008/04/03 09:50:14
3259 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3260 [contrib/suse/openssh.spec] Crank version numbers in RPM spec files
3261 - (djm) [README] Update link to release notes
3262 - (djm) Release 5.0p1