2 - (djm) OpenBSD CVS Cherrypick
3 - djm@cvs.openbsd.org 2013/04/11 02:27:50
5 quiet disconnect notifications on the server from error() back to logit()
6 if it is a normal client closure; bz#2057 ok+feedback dtucker@
7 - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
8 [contrib/suse/openssh.spec] Crank version numbers for release.
11 - (dtucker) OpenBSD CVS Sync
12 - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
13 [readconf.c ssh.c readconf.h sshconnect2.c]
14 Keep track of which IndentityFile options were manually supplied and which
15 were default options, and don't warn if the latter are missing.
17 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
19 Remove bogus include. ok djm
20 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
21 [ssh.c readconf.c readconf.h]
22 Don't complain if IdentityFiles specified in system-wide configs are
23 missing. ok djm, deraadt.
24 - markus@cvs.openbsd.org 2013/02/22 19:13:56
26 support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
27 - djm@cvs.openbsd.org 2013/02/22 22:09:01
29 Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
33 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
34 to avoid conflicting definitions of __int64, adding the required bits.
35 Patch from Corinna Vinschen.
38 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
39 Hands' greatly revised version.
43 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
44 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
45 so mark it as broken. Patch from des AT des.no
48 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
49 of the bits the configure test looks for.
52 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
53 is unable to successfully compile them. Based on patch from des AT
55 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
56 Add a usleep replacement for platforms that lack it; ok dtucker
57 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
58 occur after UID switch; patch from John Marshall via des AT des.no;
62 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
63 Improve portability of cipher-speed test, based mostly on a patch from
65 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
66 in addition to root as an owner of system directories on AIX and HP-UX.
70 - (dtucker) [INSTALL] Bump documented autoconf version to what we're
72 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
73 was removed in configure.ac rev 1.481 as it was redundant.
74 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
76 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
77 chance to complete on broken systems; ok dtucker@
80 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
81 connection to start so that the test works on slower machines.
82 - (dtucker) [configure.ac] test that we can set number of file descriptors
83 to zero with setrlimit before enabling the rlimit sandbox. This affects
84 (at least) HPUX 11.11.
87 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
88 HP/UX. Spotted by Kevin Brott
89 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
90 Amit Kulkarni and Kevin Brott.
91 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
92 build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
94 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
97 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
98 [contrib/suse/openssh.spec] Crank version numbers
99 - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
100 - (tim) [regress/integrity.sh] shell portability fix.
101 - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
102 - (tim) [regress/krl.sh] keep old solaris awk from hanging.
106 - djm@cvs.openbsd.org 2013/02/20 08:27:50
108 Add an option to modpipe that warns if the modification offset it not
109 reached in it's stream and turn it on for t-integrity. This should catch
110 cases where the session is not fuzzed for being too short (cf. my last
112 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
113 for UsePAM=yes configuration
116 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
117 to use Solaris native GSS libs. Patch from Pierre Ossman.
120 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
121 bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
125 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
126 ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm.
127 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
128 libgss too. Patch from Pierre Ossman, ok djm.
129 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
130 seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
134 - (tim) [regress/forward-control.sh] shell portability fix.
137 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
138 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
139 err.h include from krl.c. Additional portability fixes for modpipe. OK djm
141 - djm@cvs.openbsd.org 2013/02/20 08:27:50
142 [regress/integrity.sh regress/modpipe.c]
143 Add an option to modpipe that warns if the modification offset it not
144 reached in it's stream and turn it on for t-integrity. This should catch
145 cases where the session is not fuzzed for being too short (cf. my last
147 - djm@cvs.openbsd.org 2013/02/20 08:29:27
149 s/Id/OpenBSD/ in RCS tag
153 - djm@cvs.openbsd.org 2013/02/18 22:26:47
155 crank the offset yet again; it was still fuzzing KEX one of Darren's
156 portable test hosts at 2800
157 - djm@cvs.openbsd.org 2013/02/19 02:14:09
159 oops, forgot to increase the output of the ssh command to ensure that
160 we actually reach $offset
161 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
162 lack support for SHA2.
163 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
164 that do not have them.
168 - djm@cvs.openbsd.org 2013/02/17 23:16:55
170 make the ssh command generates some output to ensure that there are at
171 least offset+tries bytes in the stream.
175 - djm@cvs.openbsd.org 2013/02/16 06:08:45
177 make sure the fuzz offset is actually past the end of KEX for all KEX
178 types. diffie-hellman-group-exchange-sha256 requires an offset around
179 2700. Noticed via test failures in portable OpenSSH on platforms that
180 lack ECC and this the more byte-frugal ECDH KEX algorithms.
183 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
185 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
186 Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
187 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
188 openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
189 platforms that don't have it.
190 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
191 group strto* function prototypes together.
192 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
193 an argument. Pointed out by djm.
194 - (djm) OpenBSD CVS Sync
195 - djm@cvs.openbsd.org 2013/02/14 21:35:59
197 Correct error message that had a typo and was logging the wrong thing;
198 patch from Petr Lautrbach
199 - dtucker@cvs.openbsd.org 2013/02/15 00:21:01
201 Warn more loudly if an IdentityFile provided by the user cannot be read.
205 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
206 - (djm) [regress/krl.sh] typo; found by Iain Morgan
207 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
208 of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
212 - (djm) OpenBSD CVS Sync
213 - djm@cvs.openbsd.org 2013/01/24 21:45:37
215 fix handling of (unused) KRL signatures; skip string in correct buffer
216 - djm@cvs.openbsd.org 2013/01/24 22:08:56
218 skip serial lookup when cert's serial number is zero
219 - krw@cvs.openbsd.org 2013/01/25 05:00:27
221 Revert last. Breaks due to likely typo. Let djm@ fix later.
223 - djm@cvs.openbsd.org 2013/01/25 10:22:19
225 redo last commit without the vi-vomit that snuck in:
226 skip serial lookup when cert's serial number is zero
227 (now with 100% better comment)
228 - djm@cvs.openbsd.org 2013/01/26 06:11:05
229 [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
230 [openbsd-compat/openssl-compat.h]
231 remove ACSS, now that it is gone from libcrypto too
232 - djm@cvs.openbsd.org 2013/01/27 10:06:12
234 actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
235 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
236 [servconf.c sshd_config sshd_config.5]
237 Change default of MaxStartups to 10:30:100 to start doing random early
238 drop at 10 connections up to 100 connections. This will make it harder
239 to DoS as CPUs have come a long way since the original value was set
240 back in 2000. Prompted by nion at debian org, ok markus@
241 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21
243 Fix comment, from jfree.e1 at gmail
244 - djm@cvs.openbsd.org 2013/02/08 00:41:12
246 fix NULL deref when built without libedit and control characters
247 entered as command; debugging and patch from Iain Morgan an
248 Loganaden Velvindron in bz#1956
249 - markus@cvs.openbsd.org 2013/02/10 21:19:34
252 - djm@cvs.openbsd.org 2013/02/10 23:32:10
254 append to moduli file when screening candidates rather than overwriting.
255 allows resumption of interrupted screen; patch from Christophe Garault
256 in bz#1957; ok dtucker@
257 - djm@cvs.openbsd.org 2013/02/10 23:35:24
259 record "Received disconnect" messages at ERROR rather than INFO priority,
260 since they are abnormal and result in a non-zero ssh exit status; patch
261 from Iain Morgan in bz#2057; ok dtucker@
262 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58
264 Add openssl version to debug output similar to the client. ok markus@
265 - djm@cvs.openbsd.org 2013/02/11 23:58:51
266 [regress/try-ciphers.sh]
268 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
271 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
272 libcrypto that lacks EVP_CIPHER_CTX_ctrl
275 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
276 patch from Iain Morgan in bz#2059
277 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
278 __attribute__ on return values and work around if necessary. ok djm@
281 - (djm) [configure.ac] Don't probe seccomp capability of running kernel
282 at configure time; the seccomp sandbox will fall back to rlimit at
283 runtime anyway. Patch from plautrba AT redhat.com in bz#2011
286 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
287 Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
288 prototypes for openssl-1.0.0-fips.
289 - (djm) OpenBSD CVS Sync
290 - jmc@cvs.openbsd.org 2013/01/18 07:57:47
293 - jmc@cvs.openbsd.org 2013/01/18 07:59:46
295 -u before -V in usage();
296 - jmc@cvs.openbsd.org 2013/01/18 08:00:49
299 - jmc@cvs.openbsd.org 2013/01/18 08:39:04
301 add -Q to the options list; ok djm
302 - jmc@cvs.openbsd.org 2013/01/18 21:48:43
304 command-line (adj.) -> command line (n.);
305 - jmc@cvs.openbsd.org 2013/01/19 07:13:25
307 fix some formatting; ok djm
308 - markus@cvs.openbsd.org 2013/01/19 12:34:55
310 RB_INSERT does not remove existing elments; ok djm@
311 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
313 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
316 - (djm) OpenBSD CVS Sync
317 - djm@cvs.openbsd.org 2013/01/17 23:00:01
318 [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
319 [krl.c krl.h PROTOCOL.krl]
320 add support for Key Revocation Lists (KRLs). These are a compact way to
321 represent lists of revoked keys and certificates, taking as little as
322 a single bit of incremental cost to revoke a certificate by serial number.
323 KRLs are loaded via the existing RevokedKeys sshd_config option.
324 feedback and ok markus@
325 - djm@cvs.openbsd.org 2013/01/18 00:45:29
326 [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
327 Tests for Key Revocation Lists (KRLs)
328 - djm@cvs.openbsd.org 2013/01/18 03:00:32
330 fix KRL generation bug for list sections
333 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
334 check for GCM support before testing GCM ciphers.
337 - (djm) OpenBSD CVS Sync
338 - djm@cvs.openbsd.org 2013/01/12 11:22:04
340 improve error message for integrity failure in AES-GCM modes; ok markus@
341 - djm@cvs.openbsd.org 2013/01/12 11:23:53
342 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
343 test AES-GCM modes; feedback markus@
344 - (djm) [regress/integrity.sh] repair botched merge
347 - (djm) OpenBSD CVS Sync
348 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43
350 use correct string in error message; from rustybsd at gmx.fr
351 - djm@cvs.openbsd.org 2013/01/02 00:32:07
353 channel_setup_local_fwd_listener() returns 0 on failure, not -ve
354 bz#2055 reported by mathieu.lacage AT gmail.com
355 - djm@cvs.openbsd.org 2013/01/02 00:33:49
357 correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
358 bz#2051 from david AT lechnology.com
359 - djm@cvs.openbsd.org 2013/01/03 05:49:36
361 add a couple of ServerOptions members that should be copied to the privsep
362 child (for consistency, in this case they happen only to be accessed in
363 the monitor); ok dtucker@
364 - djm@cvs.openbsd.org 2013/01/03 12:49:01
366 fix description of MAC calculation for EtM modes; ok markus@
367 - djm@cvs.openbsd.org 2013/01/03 12:54:49
368 [sftp-server.8 sftp-server.c]
369 allow specification of an alternate start directory for sftp-server(8)
370 "I like this" markus@
371 - djm@cvs.openbsd.org 2013/01/03 23:22:58
373 allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
375 - jmc@cvs.openbsd.org 2013/01/04 19:26:38
376 [sftp-server.8 sftp-server.c]
377 sftp-server.8: add argument name to -d
378 sftp-server.c: add -d to usage()
380 - markus@cvs.openbsd.org 2013/01/08 18:49:04
381 [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
382 [myproposal.h packet.c ssh_config.5 sshd_config.5]
383 support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
385 - djm@cvs.openbsd.org 2013/01/09 05:40:17
387 correctly initialise fingerprint type for fingerprinting PKCS#11 keys
388 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
389 Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
390 cipher compat code to openssl-compat.h
393 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
394 tests will work with VPATH directories.
397 - (djm) OpenBSD CVS Sync
398 - markus@cvs.openbsd.org 2012/12/12 16:45:52
400 reset incoming_packet buffer for each new packet in EtM-case, too;
401 this happens if packets are parsed only parially (e.g. ignore
402 messages sent when su/sudo turn off echo); noted by sthen/millert
403 - naddy@cvs.openbsd.org 2012/12/12 16:46:10
405 use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
406 counter mode code; ok djm@
407 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
408 compat code for older OpenSSL
409 - (djm) [cipher.c] Fix missing prototype for compat code
412 - (djm) OpenBSD CVS Sync
413 - markus@cvs.openbsd.org 2012/12/11 22:16:21
415 drain the log messages after receiving the keystate from the unpriv
416 child. otherwise it might block while sending. ok djm@
417 - markus@cvs.openbsd.org 2012/12/11 22:31:18
418 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
419 [packet.c ssh_config.5 sshd_config.5]
420 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
421 that change the packet format and compute the MAC over the encrypted
422 message (including the packet size) instead of the plaintext data;
423 these EtM modes are considered more secure and used by default.
425 - sthen@cvs.openbsd.org 2012/12/11 22:51:45
427 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
428 - markus@cvs.openbsd.org 2012/12/11 22:32:56
429 [regress/try-ciphers.sh]
431 - markus@cvs.openbsd.org 2012/12/11 22:42:11
432 [regress/Makefile regress/modpipe.c regress/integrity.sh]
433 test the integrity of the packets; with djm@
434 - markus@cvs.openbsd.org 2012/12/11 23:12:13
436 add hmac-ripemd160-etm@openssh.com
437 - (djm) [mac.c] fix merge botch
438 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
439 work on platforms without 'jot'
440 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
441 - (djm) [regress/Makefile] fix t-exec rule
444 - (dtucker) OpenBSD CVS Sync
445 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
446 [regress/keys-command.sh]
447 Fix some problems with the keys-command test:
448 - use string comparison rather than numeric comparison
449 - check for existing KEY_COMMAND file and don't clobber if it exists
450 - clean up KEY_COMMAND file if we do create it.
451 - check that KEY_COMMAND is executable (which it won't be if eg /var/run
454 - jmc@cvs.openbsd.org 2012/12/03 08:33:03
455 [ssh-add.1 sshd_config.5]
457 - markus@cvs.openbsd.org 2012/12/05 15:42:52
459 prevent double-free of comment; ok djm@
460 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
462 Cast signal to int for logging. A no-op on openbsd (they're always ints)
463 but will prevent warnings in portable. ok djm@
466 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
469 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
470 TAILQ_FOREACH_SAFE needed for upcoming changes.
471 - (djm) OpenBSD CVS Sync
472 - djm@cvs.openbsd.org 2012/12/02 20:26:11
473 [ssh_config.5 sshconnect2.c]
474 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
475 This allows control of which keys are offered from tokens using
476 IdentityFile. ok markus@
477 - djm@cvs.openbsd.org 2012/12/02 20:42:15
478 [ssh-add.1 ssh-add.c]
479 make deleting explicit keys "ssh-add -d" symmetric with adding keys -
480 try to delete the corresponding certificate too and respect the -k option
481 to allow deleting of the key only; feedback and ok markus@
482 - djm@cvs.openbsd.org 2012/12/02 20:46:11
483 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
485 make AllowTcpForwarding accept "local" and "remote" in addition to its
486 current "yes"/"no" to allow the server to specify whether just local or
487 remote TCP forwarding is enabled. ok markus@
488 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
489 [regress/cipher-speed.sh regress/try-ciphers.sh]
490 Add umac-128@openssh.com to the list of MACs to be tested
491 - djm@cvs.openbsd.org 2012/10/19 05:10:42
492 [regress/cert-userkey.sh]
493 include a serial number when generating certs
494 - djm@cvs.openbsd.org 2012/11/22 22:49:30
495 [regress/Makefile regress/keys-command.sh]
496 regress for AuthorizedKeysCommand; hints from markus@
497 - djm@cvs.openbsd.org 2012/12/02 20:47:48
498 [Makefile regress/forward-control.sh]
499 regress for AllowTcpForwarding local/remote; ok markus@
500 - djm@cvs.openbsd.org 2012/12/03 00:14:06
501 [auth2-chall.c ssh-keygen.c]
502 Fix compilation with -Wall -Werror (trivial type fixes)
503 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
504 debugging. ok dtucker@
505 - (djm) [configure.ac] Revert previous. configure.ac already does this
509 - (djm) OpenBSD CVS Sync
510 - djm@cvs.openbsd.org 2012/11/14 02:24:27
512 fix username passed to helper program
513 prepare stdio fds before closefrom()
515 - djm@cvs.openbsd.org 2012/11/14 02:32:15
517 allow the full range of unsigned serial numbers; 'fine' deraadt@
518 - djm@cvs.openbsd.org 2012/12/02 20:34:10
519 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
520 [monitor.c monitor.h]
521 Fixes logging of partial authentication when privsep is enabled
522 Previously, we recorded "Failed xxx" since we reset authenticated before
523 calling auth_log() in auth2.c. This adds an explcit "Partial" state.
525 Add a "submethod" to auth_log() to report which submethod is used
526 for keyboard-interactive.
528 Fix multiple authentication when one of the methods is
529 keyboard-interactive.
532 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
533 [regress/multiplex.sh]
534 Use 'kill -0' to test for the presence of a pid since it's more portable
537 - (djm) OpenBSD CVS Sync
538 - eric@cvs.openbsd.org 2011/11/28 08:46:27
542 - jmc@cvs.openbsd.org 2012/09/26 17:34:38
544 last stage of rfc changes, using consistent Rs/Re blocks, and moving the
545 references into a STANDARDS section;
548 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
549 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
550 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
551 and gids from uidswap.c to the compat library, which allows it to work with
552 the new setresuid calls in auth2-pubkey. with tim@, ok djm@
553 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
554 don't have it. Spotted by tim@.
557 - (djm) OpenBSD CVS Sync
558 - jmc@cvs.openbsd.org 2012/10/31 08:04:50
561 - djm@cvs.openbsd.org 2012/11/04 10:38:43
562 [auth2-pubkey.c sshd.c sshd_config.5]
563 Remove default of AuthorizedCommandUser. Administrators are now expected
564 to explicitly specify a user. feedback and ok markus@
565 - djm@cvs.openbsd.org 2012/11/04 11:09:15
566 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
568 Support multiple required authentication via an AuthenticationMethods
569 option. This option lists one or more comma-separated lists of
570 authentication method names. Successful completion of all the methods in
571 any list is required for authentication to complete;
572 feedback and ok markus@
575 - (djm) OpenBSD CVS Sync
576 - markus@cvs.openbsd.org 2012/10/05 12:34:39
578 fix signed vs unsigned warning; feedback & ok: djm@
579 - djm@cvs.openbsd.org 2012/10/30 21:29:55
580 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
581 [sshd.c sshd_config sshd_config.5]
582 new sshd_config option AuthorizedKeysCommand to support fetching
583 authorized_keys from a command in addition to (or instead of) from
584 the filesystem. The command is run as the target server user unless
585 another specified via a new AuthorizedKeysCommandUser option.
587 patch originally by jchadima AT redhat.com, reworked by me; feedback
591 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
592 the generated file as intended.
595 - (dtucker) OpenBSD CVS Sync
596 - djm@cvs.openbsd.org 2012/09/17 09:54:44
599 - markus@cvs.openbsd.org 2012/09/17 13:04:11
601 clear old keys on rekeing; ok djm
602 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
604 Add bounds check on sftp tab-completion. Part of a patch from from
605 Jean-Marc Robert via tech@, ok djm
606 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
608 Fix improper handling of absolute paths when PWD is part of the completed
609 path. Patch from Jean-Marc Robert via tech@, ok djm.
610 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
612 Fix handling of filenames containing escaped globbing characters and
613 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
614 - jmc@cvs.openbsd.org 2012/09/26 16:12:13
616 last stage of rfc changes, using consistent Rs/Re blocks, and moving the
617 references into a STANDARDS section;
618 - naddy@cvs.openbsd.org 2012/10/01 13:59:51
621 - djm@cvs.openbsd.org 2012/10/02 07:07:45
623 fix -z option, broken in revision 1.215
624 - markus@cvs.openbsd.org 2012/10/04 13:21:50
625 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
626 add umac128 variant; ok djm@ at n2k12
627 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
628 [regress/try-ciphers.sh]
629 Restore missing space. (Id sync only).
630 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
631 [regress/multiplex.sh]
632 Add test for ssh -Ostop
633 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
634 [regress/multiplex.sh]
635 Log -O cmd output to the log file and make logging consistent with the
636 other tests. Test clean shutdown of an existing channel when testing
638 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
639 [regress/multiplex.sh]
640 use -Ocheck and waiting for completions by PID to make multiplexing test
641 less racy and (hopefully) more reliable on slow hardware.
642 - [Makefile umac.c] Add special-case target to build umac128.o.
643 - [umac.c] Enforce allowed umac output sizes. From djm@.
644 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
647 - (dtucker) OpenBSD CVS Sync
648 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
650 Fix comment line length
651 - markus@cvs.openbsd.org 2012/09/14 16:51:34
653 remove unused variable
656 - (dtucker) OpenBSD CVS Sync
657 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
659 Make the escape command help (~?) context sensitive so that only commands
660 that will work in the current session are shown. ok markus@
661 - jmc@cvs.openbsd.org 2012/09/06 13:57:42
663 missing letter in previous;
664 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
666 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
667 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
669 Merge escape help text for ~v and ~V; ok djm@
670 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
672 when muxmaster is run with -N, make it shut down gracefully when a client
673 sends it "-O stop" rather than hanging around (bz#1985). ok djm@
676 - (dtucker) OpenBSD CVS Sync
677 - jmc@cvs.openbsd.org 2012/08/15 18:25:50
679 a little more info on certificate validity;
680 requested by Ross L Richardson, and provided by djm
681 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
682 [clientloop.c clientloop.h mux.c]
683 Force a clean shutdown of ControlMaster client sessions when the ~. escape
684 sequence is used. This means that ~. should now work in mux clients even
685 if the server is no longer responding. Found by tedu, ok djm.
686 - djm@cvs.openbsd.org 2012/08/17 01:22:56
688 add some comments about better handling first-KEX-follows notifications
689 from the server. Nothing uses these right now. No binary change
690 - djm@cvs.openbsd.org 2012/08/17 01:25:58
692 print details of which host lines were deleted when using
693 "ssh-keygen -R host"; ok markus@
694 - djm@cvs.openbsd.org 2012/08/17 01:30:00
695 [compat.c sshconnect.c]
696 Send client banner immediately, rather than waiting for the server to
697 move first for SSH protocol 2 connections (the default). Patch based on
698 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
699 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
700 [clientloop.c log.c ssh.1 log.h]
701 Add ~v and ~V escape sequences to raise and lower the logging level
702 respectively. Man page help from jmc, ok deraadt jmc
705 - (dtucker) [moduli] Import new moduli file.
708 - (djm) Release openssh-6.1
711 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
712 for compatibility with future mingw-w64 headers. Patch from vinschen at
716 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
717 [contrib/suse/openssh.spec] Update version numbers
720 - (djm) OpenBSD CVS Sync
721 - jmc@cvs.openbsd.org 2012/07/06 06:38:03
723 missing full stop in usage();
724 - djm@cvs.openbsd.org 2012/07/10 02:19:15
725 [servconf.c servconf.h sshd.c sshd_config]
726 Turn on systrace sandboxing of pre-auth sshd by default for new installs
727 by shipping a config that overrides the current UsePrivilegeSeparation=yes
728 default. Make it easier to flip the default in the future by adding too.
729 prodded markus@ feedback dtucker@ "get it in" deraadt@
730 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
732 handle long comments in config files better. bz#2025, ok markus
733 - markus@cvs.openbsd.org 2012/07/22 18:19:21
738 - (dtucker) Import regened moduli file.
741 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
742 not available. Allows use of sshd compiled on host with a filter-capable
743 kernel on hosts that lack the support. bz#2011 ok dtucker@
744 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
745 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
746 esperi.org.uk; ok dtucker@
747 - (djm) OpenBSD CVS Sync
748 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
749 [moduli.c ssh-keygen.1 ssh-keygen.c]
750 Add options to specify starting line number and number of lines to process
751 when screening moduli candidates. This allows processing of different
752 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
753 - djm@cvs.openbsd.org 2012/07/06 01:37:21
755 fix memory leak of passed-in environment variables and connection
756 context when new session message is malformed; bz#2003 from Bert.Wesarg
758 - djm@cvs.openbsd.org 2012/07/06 01:47:38
760 move setting of tty_flag to after config parsing so RequestTTY options
761 are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
765 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
766 platforms that don't have it. "looks good" tim@
769 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
770 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
771 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
772 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
773 benefit is minor, so it's not worth disabling the sandbox if it doesn't
777 - (dtucker) OpenBSD CVS Sync
778 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
779 [ssh_config.5 sshd_config.5]
780 match the documented MAC order of preference to the actual one;
782 - markus@cvs.openbsd.org 2012/06/30 14:35:09
783 [sandbox-systrace.c sshd.c]
784 fix a during the load of the sandbox policies (child can still make
785 the read-syscall and wait forever for systrace-answers) by replacing
786 the read/write synchronisation with SIGSTOP/SIGCONT;
787 report and help hshoexer@; ok djm@, dtucker@
788 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
790 set interactive ToS for forwarded X11 sessions. ok djm@
791 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
792 [ssh-pkcs11-helper.c sftp-client.c]
793 fix a couple of "assigned but not used" warnings. ok markus@
794 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
795 [regress/connect-privsep.sh]
796 remove exit from end of test since it prevents reporting failure
797 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
798 Move cygwin detection to test-exec and use to skip reexec test on cygwin.
799 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
803 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
805 fix strlcpy truncation check. from carsten at debian org, ok markus
806 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
807 [monitor.c sshconnect2.c]
808 remove dead code following 'for (;;)' loops.
809 From Steve.McClellan at radisys com, ok markus@
810 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
812 Remove unused variable leftover from tab-completion changes.
813 From Steve.McClellan at radisys com, ok markus@
814 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
816 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
817 sandbox" since malloc now uses it. From johnw.mail at gmail com.
818 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
819 [mac.c myproposal.h ssh_config.5 sshd_config.5]
820 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
821 from draft6 of the spec and will not be in the RFC when published. Patch
822 from mdb at juniper net via bz#2023, ok markus.
823 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
824 [ssh_config.5 sshd_config.5]
825 match the documented MAC order of preference to the actual one; ok dtucker@
826 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
827 [regress/addrmatch.sh]
828 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
829 to match. Feedback and ok djm@ markus@.
830 - djm@cvs.openbsd.org 2012/06/01 00:47:35
831 [regress/multiplex.sh regress/forwarding.sh]
832 append to rather than truncate test log; bz#2013 from openssh AT
834 - djm@cvs.openbsd.org 2012/06/01 00:52:52
835 [regress/sftp-cmds.sh]
836 don't delete .* on cleanup due to unintended env expansion; pointed out in
837 bz#2014 by openssh AT roumenpetrov.info
838 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
839 [regress/connect-privsep.sh]
840 test sandbox with every malloc option
841 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
842 [regress/try-ciphers.sh regress/cipher-speed.sh]
843 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
844 from draft6 of the spec and will not be in the RFC when published. Patch
845 from mdb at juniper net via bz#2023, ok markus.
846 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
847 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
848 the required functions in libcrypto.
851 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
852 pointer deref in the client when built with LDNS and using DNSSEC with a
853 CNAME. Patch from gregdlg+mr at hochet info.
856 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
857 can logon as a service. Patch from vinschen at redhat com.
860 - (djm) OpenBSD CVS Sync
861 - djm@cvs.openbsd.org 2011/12/02 00:41:56
863 fix bz#1948: ssh -f doesn't fork for multiplexed connection.
865 - djm@cvs.openbsd.org 2011/12/04 23:16:12
869 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
870 > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
872 it interacts badly with ControlPersist
873 - djm@cvs.openbsd.org 2012/01/07 21:11:36
875 fix double-free in new session handler
877 - djm@cvs.openbsd.org 2012/05/23 03:28:28
878 [dns.c dns.h key.c key.h ssh-keygen.c]
879 add support for RFC6594 SSHFP DNS records for ECDSA key types.
880 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
881 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black)
882 - djm@cvs.openbsd.org 2012/06/01 00:49:35
884 correct types of port numbers (integers, not strings); bz#2004 from
885 bert.wesarg AT googlemail.com
886 - djm@cvs.openbsd.org 2012/06/01 01:01:22
888 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
890 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
892 correct sizeof usage. patch from saw at online.de, ok deraadt
893 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
895 RSA instead of DSA twice. From Steve.McClellan at radisys com
896 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
898 Remove mention of 'three' key files since there are now four. From
899 Steve.McClellan at radisys com.
900 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
902 Clarify description of -W. Noted by Steve.McClellan at radisys com,
904 - markus@cvs.openbsd.org 2012/06/19 18:25:28
905 [servconf.c servconf.h sshd_config.5]
906 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
907 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
908 ok djm@ (back in March)
909 - jmc@cvs.openbsd.org 2012/06/19 21:35:54
911 tweak previous; ok markus
912 - djm@cvs.openbsd.org 2012/06/20 04:42:58
913 [clientloop.c serverloop.c]
914 initialise accept() backoff timer to avoid EINVAL from select(2) in
918 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
919 from cjwatson at debian org.
920 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
921 pkg-config so it does the right thing when cross-compiling. Patch from
922 cjwatson at debian org.
923 - (dtucker) OpenBSD CVS Sync
924 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
925 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
926 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
927 to match. Feedback and ok djm@ markus@.
928 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
930 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
933 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
934 to fix building on some plaforms. Fom bowman at math utah edu and
938 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
939 platform rather than exiting early, so that we still clean up and return
940 success or failure to test-exec.sh
943 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
945 - (djm) [auth-krb5.c] Save errno across calls that might modify it;
950 - djm@cvs.openbsd.org 2012/04/23 08:18:17
952 fix function proto/source mismatch
956 - djm@cvs.openbsd.org 2012/02/29 11:21:26
958 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
959 - guenther@cvs.openbsd.org 2012/03/15 03:10:27
961 root should always be excluded from the test for /etc/nologin instead
962 of having it always enforced even when marked as ignorenologin. This
963 regressed when the logic was incompletely flipped around in rev 1.251
965 - djm@cvs.openbsd.org 2012/03/28 07:23:22
967 explain certificate extensions/crit split rationale. Mention requirement
968 that each appear at most once per cert.
969 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
970 [channels.c channels.h servconf.c]
971 Add PermitOpen none option based on patch from Loganaden Velvindron
973 - djm@cvs.openbsd.org 2012/04/11 13:16:19
974 [channels.c channels.h clientloop.c serverloop.c]
975 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
976 while; ok deraadt@ markus@
977 - djm@cvs.openbsd.org 2012/04/11 13:17:54
979 Support "none" as an argument for AuthorizedPrincipalsFile to indicate
980 no file should be read.
981 - djm@cvs.openbsd.org 2012/04/11 13:26:40
983 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
984 while; ok deraadt@ markus@
985 - djm@cvs.openbsd.org 2012/04/11 13:34:17
986 [ssh-keyscan.1 ssh-keyscan.c]
987 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
988 look for them by default; bz#1971
989 - djm@cvs.openbsd.org 2012/04/12 02:42:32
990 [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
991 VersionAddendum option to allow server operators to append some arbitrary
992 text to the SSH-... banner; ok deraadt@ "don't care" markus@
993 - djm@cvs.openbsd.org 2012/04/12 02:43:55
994 [sshd_config sshd_config.5]
995 mention AuthorizedPrincipalsFile=none default
996 - djm@cvs.openbsd.org 2012/04/20 03:24:23
998 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
999 - jmc@cvs.openbsd.org 2012/04/20 16:26:22
1001 use "brackets" instead of "braces", for consistency;
1004 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1005 [contrib/suse/openssh.spec] Update for release 6.0
1006 - (djm) [README] Update URL to release notes.
1007 - (djm) Release openssh-6.0
1010 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
1011 contains openpty() but not login()
1014 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
1015 mode for Linux's new seccomp filter; patch from Will Drewry; feedback
1019 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
1020 file from spec file. From crighter at nuclioss com.
1021 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
1022 openssh binaries on a newer fix release than they were compiled on.
1023 with and ok dtucker@
1024 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
1025 assumptions when building on Cygwin; patch from Corinna Vinschen
1028 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
1029 systems where sshd is run in te wrong context. Patch from Sven
1030 Vermeulen; ok dtucker@
1031 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
1032 addressed connections. ok dtucker@
1035 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
1036 audit breakage in Solaris 11. Patch from Magnus Johansson.
1039 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
1040 unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
1042 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
1044 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
1045 to work. Spotted by Angel Gonzalez
1048 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
1049 preserved Cygwin environment variables; from Corinna Vinschen
1052 - (djm) OpenBSD CVS Sync
1053 - djm@cvs.openbsd.org 2012/01/05 00:16:56
1055 memleak on error path
1056 - djm@cvs.openbsd.org 2012/01/07 21:11:36
1058 fix double-free in new session handler
1059 - miod@cvs.openbsd.org 2012/01/08 13:17:11
1061 Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
1063 - miod@cvs.openbsd.org 2012/01/16 20:34:09
1064 [ssh-pkcs11-client.c]
1065 Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
1066 While there, be sure to buffer_clear() between send_msg() and recv_msg().
1068 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
1070 Ensure that $DISPLAY contains only valid characters before using it to
1071 extract xauth data so that it can't be used to play local shell
1072 metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
1073 - markus@cvs.openbsd.org 2012/01/25 19:26:43
1075 do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
1077 - markus@cvs.openbsd.org 2012/01/25 19:36:31
1079 memleak in key_load_file(); from Jan Klemkow
1080 - markus@cvs.openbsd.org 2012/01/25 19:40:09
1082 packet_read_poll() is not used anymore.
1083 - markus@cvs.openbsd.org 2012/02/09 20:00:18
1085 move from 6.0-beta to 6.0
1088 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
1089 that don't support ECC. Patch from Phil Oleson
1093 - djm@cvs.openbsd.org 2011/12/02 00:41:56
1095 fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1097 - djm@cvs.openbsd.org 2011/12/02 00:43:57
1099 fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
1100 HMAC_init (this change in policy seems insane to me)
1102 - djm@cvs.openbsd.org 2011/12/04 23:16:12
1106 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
1107 > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1109 it interacts badly with ControlPersist
1110 - djm@cvs.openbsd.org 2011/12/07 05:44:38
1111 [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
1112 fix some harmless and/or unreachable int overflows;
1113 reported Xi Wang, ok markus@
1117 - oga@cvs.openbsd.org 2011/11/16 12:24:28
1119 Don't leak list in complete_cmd_parse if there are no commands found.
1120 Discovered when I was ``borrowing'' this code for something else.
1124 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
1127 - (dtucker) OpenBSD CVS Sync
1128 - djm@cvs.openbsd.org 2011/10/18 05:15:28
1130 ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
1131 - djm@cvs.openbsd.org 2011/10/18 23:37:42
1133 add -k to usage(); reminded by jmc@
1134 - djm@cvs.openbsd.org 2011/10/19 00:06:10
1136 s/tmpfile/tmp/ to make this -Wshadow clean
1137 - djm@cvs.openbsd.org 2011/10/19 10:39:48
1139 typo in comment; patch from Michael W. Bombardieri
1140 - djm@cvs.openbsd.org 2011/10/24 02:10:46
1142 bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
1143 was incorrectly requesting the forward in both the control master and
1144 slave. skip requesting it in the master to fix. ok markus@
1145 - djm@cvs.openbsd.org 2011/10/24 02:13:13
1147 bz#1859: send tty break to pty master instead of (probably already
1148 closed) slave side; "looks good" markus@
1149 - dtucker@cvs.openbsd.org 011/11/04 00:09:39
1151 regenerated moduli file; ok deraadt
1152 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
1153 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
1154 bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
1155 which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
1156 with some rework from myself and djm. ok djm.
1159 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
1160 fails. Patch from Corinna Vinschen.
1163 - (djm) OpenBSD CVS Sync
1164 - djm@cvs.openbsd.org 2011/10/04 14:17:32
1166 silence error spam for "ls */foo" in directory with files; bz#1683
1167 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
1168 [moduli.c ssh-keygen.1 ssh-keygen.c]
1169 Add optional checkpoints for moduli screening. feedback & ok deraadt
1170 - jmc@cvs.openbsd.org 2011/10/16 15:02:41
1172 put -K in the right place (usage());
1173 - stsp@cvs.openbsd.org 2011/10/16 15:51:39
1175 add missing includes to unbreak tree; fix from rpointel
1176 - djm@cvs.openbsd.org 2011/10/18 04:58:26
1177 [auth-options.c key.c]
1178 remove explict search for \0 in packet strings, this job is now done
1179 implicitly by buffer_get_cstring; ok markus
1180 - djm@cvs.openbsd.org 2011/10/18 05:00:48
1181 [ssh-add.1 ssh-add.c]
1182 new "ssh-add -k" option to load plain keys (skipping certificates);
1186 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
1187 - (dtucker) OpenBSD CVS Sync
1188 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
1189 [channels.c auth-options.c servconf.c channels.h sshd.8]
1190 Add wildcard support to PermitOpen, allowing things like "PermitOpen
1191 localhost:*". bz #1857, ok djm markus.
1192 - markus@cvs.openbsd.org 2011/09/23 07:45:05
1193 [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
1195 unbreak remote portforwarding with dynamic allocated listen ports:
1196 1) send the actual listen port in the open message (instead of 0).
1197 this allows multiple forwardings with a dynamic listen port
1198 2) update the matching permit-open entry, so we can identify where
1200 report: den at skbkontur.ru and P. Szczygielski
1201 feedback and ok djm@
1202 - djm@cvs.openbsd.org 2011/09/25 05:44:47
1204 improve the AuthorizedPrincipalsFile debug log message to include
1205 file and line number
1206 - dtucker@cvs.openbsd.org 2011/09/30 00:47:37
1208 don't attempt privsep cleanup when not using privsep; ok markus@
1209 - djm@cvs.openbsd.org 2011/09/30 21:22:49
1211 fix inverted test that caused logspam; spotted by henning@
1214 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
1216 - (dtucker) [configure.ac openbsd-compat/Makefile.in
1217 openbsd-compat/strnlen.c] Add strnlen to the compat library.
1220 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
1221 longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
1222 want this longhand version)
1223 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
1224 upstream version is YPified and we don't want this
1225 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
1226 The file was totally rewritten between what we had in tree and -current.
1227 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
1228 marker. The upstream API has changed (function and structure names)
1229 enough to put it out of sync with other providers of this interface.
1230 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
1231 of static __findenv() function from upstream setenv.c
1233 - millert@cvs.openbsd.org 2006/05/05 15:27:38
1234 [openbsd-compat/strlcpy.c]
1235 Convert do {} while loop -> while {} for clarity. No binary change
1236 on most architectures. From Oliver Smith. OK deraadt@ and henning@
1237 - tobias@cvs.openbsd.org 2007/10/21 11:09:30
1238 [openbsd-compat/mktemp.c]
1239 Comment fix about time consumption of _gettemp.
1240 FreeBSD did this in revision 1.20.
1242 - deraadt@cvs.openbsd.org 2008/07/22 21:47:45
1243 [openbsd-compat/mktemp.c]
1244 use arc4random_uniform(); ok djm millert
1245 - millert@cvs.openbsd.org 2008/08/21 16:54:44
1246 [openbsd-compat/mktemp.c]
1247 Remove useless code, the kernel will set errno appropriately if an
1248 element in the path does not exist. OK deraadt@ pvalchev@
1249 - otto@cvs.openbsd.org 2008/12/09 19:38:38
1250 [openbsd-compat/inet_ntop.c]
1251 fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
1255 - pyr@cvs.openbsd.org 2011/05/12 07:15:10
1256 [openbsd-compat/glob.c]
1257 When the max number of items for a directory has reached GLOB_LIMIT_READDIR
1258 an error is returned but closedir() is not called.
1259 spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
1261 - stsp@cvs.openbsd.org 2011/09/20 10:18:46
1263 In glob(3), limit recursion during matching attempts. Similar to
1264 fnmatch fix. Also collapse consecutive '*' (from NetBSD).
1266 - djm@cvs.openbsd.org 2011/09/22 06:27:29
1268 fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
1269 applied only to the gl_pathv vector and not the corresponding gl_statv
1270 array. reported in OpenSSH bz#1935; feedback and okay matthew@
1271 - djm@cvs.openbsd.org 2011/08/26 01:45:15
1273 Add some missing ssh_config(5) options that can be used in ssh(1)'s
1274 -o argument. Patch from duclare AT guu.fi
1275 - djm@cvs.openbsd.org 2011/09/05 05:56:13
1277 mention ControlPersist and KbdInteractiveAuthentication in the -o
1278 verbiage in these pages too (prompted by jmc@)
1279 - djm@cvs.openbsd.org 2011/09/05 05:59:08
1281 fix typo in IPQoS parsing: there is no "AF14" class, but there is
1282 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1283 - jmc@cvs.openbsd.org 2011/09/05 07:01:44
1285 knock out a useless Ns;
1286 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
1288 typo (they vs the) found by Lawrence Teo
1289 - djm@cvs.openbsd.org 2011/09/09 00:43:00
1290 [ssh_config.5 sshd_config.5]
1291 fix typo in IPQoS parsing: there is no "AF14" class, but there is
1292 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1293 - djm@cvs.openbsd.org 2011/09/09 00:44:07
1295 MUX_C_CLOSE_FWD includes forward type in message (though it isn't
1297 - djm@cvs.openbsd.org 2011/09/09 22:37:01
1299 suppress adding '--' to remote commandlines when the first argument
1300 does not start with '-'. saves breakage on some difficult-to-upgrade
1301 embedded/router platforms; feedback & ok dtucker ok markus
1302 - djm@cvs.openbsd.org 2011/09/09 22:38:21
1304 kill the preauth privsep child on fatal errors in the monitor;
1306 - djm@cvs.openbsd.org 2011/09/09 22:46:44
1307 [channels.c channels.h clientloop.h mux.c ssh.c]
1308 support for cancelling local and remote port forwards via the multiplex
1309 socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
1310 the cancellation of the specified forwardings; ok markus@
1311 - markus@cvs.openbsd.org 2011/09/10 22:26:34
1312 [channels.c channels.h clientloop.c ssh.1]
1313 support cancellation of local/dynamic forwardings from ~C commandline;
1315 - okan@cvs.openbsd.org 2011/09/11 06:59:05
1317 document new -O cancel command; ok djm@
1318 - markus@cvs.openbsd.org 2011/09/11 16:07:26
1320 fix leaks in do_hardlink() and do_readlink(); bz#1921
1321 from Loganaden Velvindron
1322 - markus@cvs.openbsd.org 2011/09/12 08:46:15
1324 fix leak in do_lsreaddir(); ok djm
1325 - djm@cvs.openbsd.org 2011/09/22 06:29:03
1327 don't let remote_glob() implicitly sort its results in do_globbed_ls() -
1328 in all likelihood, they will be resorted anyway
1331 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From
1335 - (djm) [README version.h] Correct version
1336 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
1337 - (djm) Respin OpenSSH-5.9p1 release
1340 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1341 [contrib/suse/openssh.spec] Update version numbers.
1344 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
1345 regress errors for the sandbox to warnings. ok tim dtucker
1346 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
1347 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
1351 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
1352 to switch SELinux context away from unconfined_t, based on patch from
1353 Jan Chadima; bz#1919 ok dtucker@
1356 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
1359 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
1362 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
1363 OpenSSL 0.9.7. ok djm
1364 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
1365 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
1366 - (djm) [configure.ac] error out if the host lacks the necessary bits for
1367 an explicitly requested sandbox type
1368 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
1369 bisson AT archlinux.org
1370 - (djm) OpenBSD CVS Sync
1371 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
1372 [regress/cfgmatch.sh]
1373 use OBJ to find test configs, patch from Tim Rice
1374 - markus@cvs.openbsd.org 2011/06/30 22:44:43
1375 [regress/connect-privsep.sh]
1376 test with sandbox enabled; ok djm@
1377 - djm@cvs.openbsd.org 2011/08/02 01:23:41
1378 [regress/cipher-speed.sh regress/try-ciphers.sh]
1379 add SHA256/SHA512 based HMAC modes
1380 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
1381 MAC tests for platforms that hack EVP_SHA2 support
1384 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
1385 change error by reporting old and new context names Patch from
1387 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
1388 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
1389 init scrips from imorgan AT nas.nasa.gov; bz#1920
1390 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
1391 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
1392 AT gmail.com; ok dtucker@
1395 - (dtucker) OpenBSD CVS Sync
1396 - jmc@cvs.openbsd.org 2008/06/26 06:59:39
1399 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
1401 "Diffie-Hellman" is the usual spelling for the cryptographic protocol
1402 first published by Whitfield Diffie and Martin Hellman in 1976.
1404 - jmc@cvs.openbsd.org 2010/10/14 20:41:28
1406 probabalistic -> probabilistic; from naddy
1407 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
1409 typo, fix from Laurent Gautrot
1413 - djm@cvs.openbsd.org 2011/06/23 23:35:42
1415 ignore EINTR errors from poll()
1416 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
1418 bzero the agent address. the kernel was for a while very cranky about
1419 these things. evne though that's fixed, always good to initialize
1420 memory. ok deraadt djm
1421 - djm@cvs.openbsd.org 2011/07/29 14:42:45
1422 [sandbox-systrace.c]
1423 fail open(2) with EPERM rather than SIGKILLing the whole process. libc
1424 will call open() to do strerror() when NLS is enabled;
1425 feedback and ok markus@
1426 - markus@cvs.openbsd.org 2011/08/01 19:18:15
1428 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
1429 report Adam Zabrock; ok djm@, deraadt@
1430 - djm@cvs.openbsd.org 2011/08/02 01:22:11
1431 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
1432 Add new SHA256 and SHA512 based HMAC modes from
1433 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
1434 Patch from mdb AT juniper.net; feedback and ok markus@
1435 - djm@cvs.openbsd.org 2011/08/02 23:13:01
1437 crank now, release later
1438 - djm@cvs.openbsd.org 2011/08/02 23:15:03
1443 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
1444 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
1449 - djm@cvs.openbsd.org 2011/06/22 21:47:28
1451 reuse the multistate option arrays to pretty-print options for "sshd -T"
1452 - djm@cvs.openbsd.org 2011/06/22 21:57:01
1453 [servconf.c servconf.h sshd.c sshd_config.5]
1454 [configure.ac Makefile.in]
1455 introduce sandboxing of the pre-auth privsep child using systrace(4).
1457 This introduces a new "UsePrivilegeSeparation=sandbox" option for
1458 sshd_config that applies mandatory restrictions on the syscalls the
1459 privsep child can perform. This prevents a compromised privsep child
1460 from being used to attack other hosts (by opening sockets and proxying)
1461 or probing local kernel attack surface.
1463 The sandbox is implemented using systrace(4) in unsupervised "fast-path"
1464 mode, where a list of permitted syscalls is supplied. Any syscall not
1465 on the list results in SIGKILL being sent to the privsep child. Note
1466 that this requires a kernel with the new SYSTR_POLICY_KILL option.
1468 UsePrivilegeSeparation=sandbox will become the default in the future
1469 so please start testing it now.
1471 feedback dtucker@; ok markus@
1472 - djm@cvs.openbsd.org 2011/06/22 22:08:42
1473 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
1474 hook up a channel confirm callback to warn the user then requested X11
1475 forwarding was refused by the server; ok markus@
1476 - djm@cvs.openbsd.org 2011/06/23 09:34:13
1477 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
1479 rename sandbox.h => ssh-sandbox.h to make things easier for portable
1480 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
1485 - djm@cvs.openbsd.org 2011/06/04 00:10:26
1487 explain IdentifyFile's semantics a little better, prompted by bz#1898
1489 - markus@cvs.openbsd.org 2011/06/14 22:49:18
1491 make sure key_parse_public/private_rsa1() no longer consumes its input
1492 buffer. fixes ssh-add for passphrase-protected ssh1-keys;
1493 noted by naddy@; ok djm@
1494 - djm@cvs.openbsd.org 2011/06/17 21:44:31
1495 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
1496 make the pre-auth privsep slave log via a socketpair shared with the
1497 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
1498 - djm@cvs.openbsd.org 2011/06/17 21:46:16
1500 the protocol version should be unsigned; bz#1913 reported by mb AT
1502 - djm@cvs.openbsd.org 2011/06/17 21:47:35
1504 factor out multi-choice option parsing into a parse_multistate label
1505 and some support structures; ok dtucker@
1506 - djm@cvs.openbsd.org 2011/06/17 21:57:25
1508 setproctitle for a mux master that has been gracefully stopped;
1509 bz#1911 from Bert.Wesarg AT googlemail.com
1512 - (dtucker) [README version.h contrib/caldera/openssh.spec
1513 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
1514 bumps from the 5.8p2 branch into HEAD. ok djm.
1515 - (tim) [configure.ac defines.h] Run test program to detect system mail
1516 directory. Add --with-maildir option to override. Fixed OpenServer 6
1517 getting it wrong. Fixed many systems having MAIL=/var/mail//username
1519 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
1520 unconditionally in other places and the survey data we have does not show
1521 any systems that use it. "nuke it" djm@
1522 - (djm) [configure.ac] enable setproctitle emulation for OS X
1523 - (djm) OpenBSD CVS Sync
1524 - djm@cvs.openbsd.org 2011/06/03 00:54:38
1526 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
1527 AT googlemail.com; ok dtucker@
1528 NB. includes additional portability code to enable setproctitle emulation
1529 on platforms that don't support it.
1530 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
1532 Check current parent process ID against saved one to determine if the parent
1533 has exited, rather than attempting to send a zero signal, since the latter
1534 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
1536 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
1537 [regress/dynamic-forward.sh]
1538 back out revs 1.6 and 1.5 since it's not reliable
1539 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
1540 [regress/dynamic-forward.sh]
1541 work around startup and teardown races; caught by deraadt
1542 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
1543 [regress/dynamic-forward.sh]
1544 Retry establishing the port forwarding after a small delay, should make
1545 the tests less flaky when the previous test is slow to shut down and free
1547 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
1550 - (djm) OpenBSD CVS Sync
1551 - djm@cvs.openbsd.org 2011/05/23 03:30:07
1552 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
1553 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
1554 allow AuthorizedKeysFile to specify multiple files, separated by spaces.
1555 Bring back authorized_keys2 as a default search path (to avoid breaking
1556 existing users of this file), but override this in sshd_config so it will
1557 be no longer used on fresh installs. Maybe in 2015 we can remove it
1560 feedback and ok markus@ dtucker@
1561 - djm@cvs.openbsd.org 2011/05/23 03:33:38
1563 make secure_filename() spam debug logs less
1564 - djm@cvs.openbsd.org 2011/05/23 03:52:55
1566 remove extra newline
1567 - jmc@cvs.openbsd.org 2011/05/23 07:10:21
1568 [sshd.8 sshd_config.5]
1569 tweak previous; ok djm
1570 - djm@cvs.openbsd.org 2011/05/23 07:24:57
1572 read in key comments for v.2 keys (though note that these are not
1573 passed over the agent protocol); bz#439, based on patch from binder
1574 AT arago.de; ok markus@
1575 - djm@cvs.openbsd.org 2011/05/24 07:15:47
1576 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
1577 Remove undocumented legacy options UserKnownHostsFile2 and
1578 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
1579 accept multiple paths per line and making their defaults include
1580 known_hosts2; ok markus
1581 - djm@cvs.openbsd.org 2011/05/23 03:31:31
1582 [regress/cfgmatch.sh]
1583 include testing of multiple/overridden AuthorizedKeysFiles
1584 refactor to simply daemon start/stop and get rid of racy constructs
1587 - (djm) [session.c] call setexeccon() before executing passwd for pw
1588 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
1589 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
1590 options, we should corresponding -W-option when trying to determine
1591 whether it is accepted. Also includes a warning fix on the program
1592 fragment uses (bad main() return type).
1593 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
1594 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
1596 - djm@cvs.openbsd.org 2011/05/15 08:09:01
1597 [authfd.c monitor.c serverloop.c]
1598 use FD_CLOEXEC consistently; patch from zion AT x96.org
1599 - djm@cvs.openbsd.org 2011/05/17 07:13:31
1601 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1602 and fix the regress test that was trying to generate them :)
1603 - djm@cvs.openbsd.org 2011/05/20 00:55:02
1605 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
1606 and AuthorizedPrincipalsFile were not being correctly applied in
1607 Match blocks, despite being overridable there; ok dtucker@
1608 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
1610 Add comment documenting what should be after the preauth check. ok djm
1611 - djm@cvs.openbsd.org 2011/05/20 03:25:45
1612 [monitor.c monitor_wrap.c servconf.c servconf.h]
1613 use a macro to define which string options to copy between configs
1614 for Match. This avoids problems caused by forgetting to keep three
1615 code locations in perfect sync and ordering
1617 "this is at once beautiful and horrible" + ok dtucker@
1618 - djm@cvs.openbsd.org 2011/05/17 07:13:31
1619 [regress/cert-userkey.sh]
1620 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1621 and fix the regress test that was trying to generate them :)
1622 - djm@cvs.openbsd.org 2011/05/20 02:43:36
1624 another attempt to generate a v00 ECDSA key that broke the test
1625 ID sync only - portable already had this somehow
1626 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
1627 [dynamic-forward.sh]
1628 Prevent races in dynamic forwarding test; ok djm
1629 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
1630 [dynamic-forward.sh]
1631 fix dumb error in dynamic-forward test
1634 - (djm) OpenBSD CVS Sync
1635 - djm@cvs.openbsd.org 2011/05/05 05:12:08
1637 gracefully fall back when ControlPath is too large for a
1638 sockaddr_un. ok markus@ as part of a larger diff
1639 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
1641 clarify language about overriding defaults. bz#1892, from Petr Cerny
1642 - djm@cvs.openbsd.org 2011/05/06 01:09:53
1644 mention that IPv6 addresses must be enclosed in square brackets;
1646 - djm@cvs.openbsd.org 2011/05/06 02:05:41
1648 fix memory leak; bz#1849 ok dtucker@
1649 - djm@cvs.openbsd.org 2011/05/06 21:14:05
1651 set traffic class for IPv6 traffic as we do for IPv4 TOS;
1652 patch from lionel AT mamane.lu via Colin Watson in bz#1855;
1654 - djm@cvs.openbsd.org 2011/05/06 21:18:02
1655 [ssh.c ssh_config.5]
1656 add a %L expansion (short-form of the local host name) for ControlPath;
1657 sync some more expansions with LocalCommand; ok markus@
1658 - djm@cvs.openbsd.org 2011/05/06 21:31:38
1659 [readconf.c ssh_config.5]
1660 support negated Host matching, e.g.
1662 Host *.example.org !c.example.org
1665 Will match "a.example.org", "b.example.org", but not "c.example.org"
1667 - djm@cvs.openbsd.org 2011/05/06 21:34:32
1668 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
1669 Add a RequestTTY ssh_config option to allow configuration-based
1670 control over tty allocation (like -t/-T); ok markus@
1671 - djm@cvs.openbsd.org 2011/05/06 21:38:58
1673 fix dropping from previous diff
1674 - djm@cvs.openbsd.org 2011/05/06 22:20:10
1676 fix numbering; from bert.wesarg AT googlemail.com
1677 - jmc@cvs.openbsd.org 2011/05/07 23:19:39
1680 - come consistency fixes
1682 - jmc@cvs.openbsd.org 2011/05/07 23:20:25
1685 - djm@cvs.openbsd.org 2011/05/08 12:52:01
1686 [PROTOCOL.mux clientloop.c clientloop.h mux.c]
1687 improve our behaviour when TTY allocation fails: if we are in
1688 RequestTTY=auto mode (the default), then do not treat at TTY
1689 allocation error as fatal but rather just restore the local TTY
1690 to cooked mode and continue. This is more graceful on devices that
1691 never allocate TTYs.
1693 If RequestTTY is set to "yes" or "force", then failure to allocate
1697 - djm@cvs.openbsd.org 2011/05/10 05:46:46
1699 despam debug() logs by detecting that we are trying to load a private key
1700 in key_try_load_public() and returning early; ok markus@
1701 - djm@cvs.openbsd.org 2011/05/11 04:47:06
1702 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
1703 remove support for authorized_keys2; it is a relic from the early days
1704 of protocol v.2 support and has been undocumented for many years;
1706 - djm@cvs.openbsd.org 2011/05/13 00:05:36
1708 warn on unexpected key type in key_parse_private_type()
1709 - (djm) [packet.c] unbreak portability #endif
1712 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
1713 --with-ssl-engine which was broken with the change from deprecated
1714 SSLeay_add_all_algorithms(). ok djm
1717 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
1718 for closefrom() in test code. Report from Dan Wallis via Gentoo.
1721 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
1722 definitions. From des AT des.no
1723 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
1724 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
1725 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
1726 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
1727 [regress/README.regress] Remove ssh-rand-helper and all its
1728 tentacles. PRNGd seeding has been rolled into entropy.c directly.
1729 Thanks to tim@ for testing on affected platforms.
1731 - djm@cvs.openbsd.org 2011/03/10 02:52:57
1732 [auth2-gss.c auth2.c auth.h]
1733 allow GSSAPI authentication to detect when a server-side failure causes
1734 authentication failure and don't count such failures against MaxAuthTries;
1735 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
1736 - okan@cvs.openbsd.org 2011/03/15 10:36:02
1738 use timerclear macro
1740 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
1741 [ssh-keygen.1 ssh-keygen.c]
1742 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
1743 for which host keys do not exist, generate the host keys with the
1744 default key file path, an empty passphrase, default bits for the key
1745 type, and default comment. This will be used by /etc/rc to generate
1746 new host keys. Idea from deraadt.
1748 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
1750 -q not used in /etc/rc now so remove statement.
1751 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
1753 remove -d, documentation removed >10 years ago; ok markus
1754 - jmc@cvs.openbsd.org 2011/03/24 15:29:30
1756 zap trailing whitespace;
1757 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
1759 use strcasecmp() for "clear" cert permission option also; ok djm
1760 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
1761 [misc.c misc.h servconf.c]
1762 print ipqos friendly string for sshd -T; ok markus
1763 # sshd -Tf sshd_config|grep ipqos
1764 ipqos lowdelay throughput
1765 - djm@cvs.openbsd.org 2011/04/12 04:23:50
1768 - djm@cvs.openbsd.org 2011/04/12 05:32:49
1770 exit with 0 status on SIGTERM; bz#1879
1771 - djm@cvs.openbsd.org 2011/04/13 04:02:48
1773 improve wording; bz#1861
1774 - djm@cvs.openbsd.org 2011/04/13 04:09:37
1776 mention valid -b sizes for ECDSA keys; bz#1862
1777 - djm@cvs.openbsd.org 2011/04/17 22:42:42
1778 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
1779 allow graceful shutdown of multiplexing: request that a mux server
1780 removes its listener socket and refuse future multiplexing requests;
1782 - djm@cvs.openbsd.org 2011/04/18 00:46:05
1784 certificate options are supposed to be packed in lexical order of
1785 option name (though we don't actually enforce this at present).
1786 Move one up that was out of sequence
1787 - djm@cvs.openbsd.org 2011/05/04 21:15:29
1788 [authfile.c authfile.h ssh-add.c]
1789 allow "ssh-add - < key"; feedback and ok markus@
1790 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
1791 so autoreconf 2.68 is happy.
1792 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
1795 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
1796 Cygwin-specific service installer script ssh-host-config. The actual
1797 functionality is the same, the revisited version is just more
1798 exact when it comes to check for problems which disallow to run
1799 certain aspects of the script. So, part of this script and the also
1800 rearranged service helper script library "csih" is to check if all
1801 the tools required to run the script are available on the system.
1802 The new script also is more thorough to inform the user why the
1803 script failed. Patch from vinschen at redhat com.
1807 - djm@cvs.openbsd.org 2011/02/16 00:31:14
1809 make hostbased auth with ECDSA keys work correctly. Based on patch
1810 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
1813 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
1814 selinux code. Patch from Leonardo Chiquitto
1815 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
1816 generation and simplify. Patch from Corinna Vinschen.
1820 - djm@cvs.openbsd.org 2011/01/31 21:42:15
1822 cut'n'pasto; from bert.wesarg AT googlemail.com
1823 - djm@cvs.openbsd.org 2011/02/04 00:44:21
1825 fix uninitialised nonce variable; reported by Mateusz Kocielski
1826 - djm@cvs.openbsd.org 2011/02/04 00:44:43
1829 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1830 [contrib/suse/openssh.spec] update versions in docs and spec files.
1831 - Release OpenSSH 5.8p1
1834 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
1835 before attempting setfscreatecon(). Check whether matchpathcon()
1836 succeeded before using its result. Patch from cjwatson AT debian.org;
1840 - (tim) [config.guess config.sub] Sync with upstream.
1841 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
1842 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
1843 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
1844 space changes for consistency/readability. Makes autoconf 2.68 happy.
1848 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
1849 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
1850 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
1851 building with SELinux support to avoid linking failure; report from
1852 amk AT spamfence.net; ok dtucker
1855 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
1856 RSA_get_default_method() for the benefit of openssl versions that don't
1857 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
1860 - djm@cvs.openbsd.org 2011/01/22 09:18:53
1862 crank to OpenSSH-5.7
1863 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1864 [contrib/suse/openssh.spec] update versions in docs and spec files.
1865 - (djm) Release 5.7p1
1868 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
1869 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
1870 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
1871 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
1872 release testing (random crashes and failure to load ECC keys).
1876 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
1877 $PATH, fix cleanup of droppings; reported by openssh AT
1878 roumenpetrov.info; ok dtucker@
1879 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
1880 its unique snowflake of a gdb error to the ones we look for.
1881 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
1882 ssh-add to avoid $SUDO failures on Linux
1883 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
1884 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
1885 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
1886 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
1887 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
1888 disabled on platforms that do not support them; add a "config_defined()"
1889 shell function that greps for defines in config.h and use them to decide
1891 Convert a couple of existing grep's over config.h to use the new function
1892 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
1893 backslash characters in filenames, enable it for Cygwin and use it to turn
1894 of tests for quotes backslashes in sftp-glob.sh.
1895 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
1896 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
1897 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
1899 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
1900 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
1901 support, based on patches from Tomas Mraz and jchadima at redhat.
1904 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
1905 on configurations that don't have it.
1907 - djm@cvs.openbsd.org 2011/01/16 11:50:05
1909 Use atomicio when flushing protocol 1 std{out,err} buffers at
1910 session close. This was a latent bug exposed by setting a SIGCHLD
1911 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
1912 - djm@cvs.openbsd.org 2011/01/16 11:50:36
1914 reset the SIGPIPE handler when forking to execute child processes;
1916 - djm@cvs.openbsd.org 2011/01/16 12:05:59
1918 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
1919 now that we use atomicio(), convert them from while loops to if statements
1920 add test and cast to compile cleanly with -Wsigned
1924 - djm@cvs.openbsd.org 2011/01/13 21:54:53
1926 correct error messages; patch from bert.wesarg AT googlemail.com
1927 - djm@cvs.openbsd.org 2011/01/13 21:55:25
1929 correct protocol names and add a couple of missing protocol number
1930 defines; patch from bert.wesarg AT googlemail.com
1931 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
1932 host-key-force target rather than a substitution that is replaced with a
1933 comment so that the Makefile.in is still a syntactically valid Makefile
1934 (useful to run the distprep target)
1935 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
1936 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
1940 - (djm) [misc.c] include time.h for nanosleep() prototype
1941 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
1942 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
1944 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
1945 gcc warning on platforms where it defaults to int
1946 - (djm) [regress/Makefile] add a few more generated files to the clean
1948 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
1949 #define that was causing diffie-hellman-group-exchange-sha256 to be
1950 incorrectly disabled
1951 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
1952 should not depend on ECC support
1956 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
1957 [openbsd-compat/glob.c]
1958 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
1959 from ARG_MAX to 64K.
1960 Fixes glob-using programs (notably ftp) able to be triggered to hit
1962 Idea from a similar NetBSD change, original problem reported by jasper@.
1963 ok millert tedu jasper
1964 - djm@cvs.openbsd.org 2011/01/12 01:53:14
1965 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
1966 and sanity check arguments (these will be unnecessary when we switch
1967 struct glob members from being type into to size_t in the future);
1968 "looks ok" tedu@ feedback guenther@
1969 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
1970 silly warnings on write() calls we don't care succeed or not.
1971 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
1972 flag tests that don't depend on gcc version at all; suggested by and
1976 - (tim) [regress/host-expand.sh] Fix for building outside of read only
1978 - (djm) [platform.c] Some missing includes that show up under -Werror
1980 - djm@cvs.openbsd.org 2011/01/08 10:51:51
1982 use host and not options.hostname, as the latter may have unescaped
1983 substitution characters
1984 - djm@cvs.openbsd.org 2011/01/11 06:06:09
1986 fd leak on error paths; from zinovik@
1987 NB. Id sync only; we use loginrec.c that was also audited and fixed
1989 - djm@cvs.openbsd.org 2011/01/11 06:13:10
1990 [clientloop.c ssh-keygen.c sshd.c]
1991 some unsigned long long casts that make things a bit easier for
1992 portable without resorting to dropping PRIu64 formats everywhere
1995 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
1996 openssh AT roumenpetrov.info
1999 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
2000 test on OSX and others. Reported by imorgan AT nas.nasa.gov
2003 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
2004 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
2005 - djm@cvs.openbsd.org 2011/01/06 22:23:53
2007 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
2008 googlemail.com; ok markus@
2009 - djm@cvs.openbsd.org 2011/01/06 22:23:02
2011 when exiting due to ServerAliveTimeout, mention the hostname that caused
2012 it (useful with backgrounded controlmaster)
2013 - djm@cvs.openbsd.org 2011/01/06 22:46:21
2014 [regress/Makefile regress/host-expand.sh]
2015 regress test for LocalCommand %n expansion from bert.wesarg AT
2016 googlemail.com; ok markus@
2017 - djm@cvs.openbsd.org 2011/01/06 23:01:35
2019 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
2023 - (djm) OpenBSD CVS Sync
2024 - markus@cvs.openbsd.org 2010/12/08 22:46:03
2026 add a new -3 option to scp: Copies between two remote hosts are
2027 transferred through the local host. Without this option the data
2028 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
2029 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
2032 scp.c: add -3 to usage()
2033 - markus@cvs.openbsd.org 2010/12/14 11:59:06
2035 don't mention key type in key-changed-warning, since we also print
2036 this warning if a new key type appears. ok djm@
2037 - djm@cvs.openbsd.org 2010/12/15 00:49:27
2039 fix ControlMaster=ask regression
2040 reset SIGCHLD handler before fork (and restore it after) so we don't miss
2041 the the askpass child's exit status. Correct test for exit status/signal to
2042 account for waitpid() failure; with claudio@ ok claudio@ markus@
2043 - djm@cvs.openbsd.org 2010/12/24 21:41:48
2045 don't send the actual forced command in a debug message; ok markus deraadt
2046 - otto@cvs.openbsd.org 2011/01/04 20:44:13
2048 handle ecdsa-sha2 with various key lengths; hint and ok djm@
2051 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
2052 formatter if it is present, followed by nroff and groff respectively.
2053 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
2054 in favour of mandoc). feedback and ok tim
2057 - (djm) [Makefile.in] revert local hack I didn't intend to commit
2060 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2061 - (djm) [configure.ac] Check whether libdes is needed when building
2062 with Heimdal krb5 support. On OpenBSD this library no longer exists,
2063 so linking it unconditionally causes a build failure; ok dtucker
2066 - (dtucker) OpenBSD CVS Sync
2067 - djm@cvs.openbsd.org 2010/12/08 04:02:47
2068 [ssh_config.5 sshd_config.5]
2069 explain that IPQoS arguments are separated by whitespace; iirc requested
2070 by jmc@ a while back
2073 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
2074 debugging. Spotted by djm.
2075 - (dtucker) OpenBSD CVS Sync
2076 - djm@cvs.openbsd.org 2010/12/03 23:49:26
2078 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
2079 (this code is still disabled, but apprently people are treating it as
2080 a reference implementation)
2081 - djm@cvs.openbsd.org 2010/12/03 23:55:27
2083 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
2084 bz#1829; patch from ldv AT altlinux.org; ok markus@
2085 - djm@cvs.openbsd.org 2010/12/04 00:18:01
2086 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
2087 add a protocol extension to support a hard link operation. It is
2088 available through the "ln" command in the client. The old "ln"
2089 behaviour of creating a symlink is available using its "-s" option
2090 or through the preexisting "symlink" command; based on a patch from
2091 miklos AT szeredi.hu in bz#1555; ok markus@
2092 - djm@cvs.openbsd.org 2010/12/04 13:31:37
2094 fix fd leak; spotted and ok dtucker
2095 - djm@cvs.openbsd.org 2010/12/04 00:21:19
2096 [regress/sftp-cmds.sh]
2097 adjust for hard-link support
2098 - (dtucker) [regress/Makefile] Id sync.
2101 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
2102 instead of (arc4random() % range)
2103 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
2104 shims for the new, non-deprecated OpenSSL key generation functions for
2105 platforms that don't have the new interfaces.
2109 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
2111 clean up cases of ;;
2112 - djm@cvs.openbsd.org 2010/11/21 01:01:13
2113 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
2114 honour $TMPDIR for client xauth and ssh-agent temporary directories;
2115 feedback and ok markus@
2116 - djm@cvs.openbsd.org 2010/11/21 10:57:07
2118 Refactor internals of private key loading and saving to work on memory
2119 buffers rather than directly on files. This will make a few things
2120 easier to do in the future; ok markus@
2121 - djm@cvs.openbsd.org 2010/11/23 02:35:50
2123 use strict_modes already passed as function argument over referencing
2124 global options.strict_modes
2125 - djm@cvs.openbsd.org 2010/11/23 23:57:24
2127 avoid NULL deref on receiving a channel request on an unknown or invalid
2128 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2129 - djm@cvs.openbsd.org 2010/11/24 01:24:14
2131 remove a debug() that pollutes stderr on client connecting to a server
2132 in debug mode (channel_close_fds is called transitively from the session
2133 code post-fork); bz#1719, ok dtucker
2134 - djm@cvs.openbsd.org 2010/11/25 04:10:09
2136 replace close() loop for fds 3->64 with closefrom();
2137 ok markus deraadt dtucker
2138 - djm@cvs.openbsd.org 2010/11/26 05:52:49
2140 Pass through ssh command-line flags and options when doing remote-remote
2141 transfers, e.g. to enable agent forwarding which is particularly useful
2142 in this case; bz#1837 ok dtucker@
2143 - markus@cvs.openbsd.org 2010/11/29 18:57:04
2145 correctly load comment for encrypted rsa1 keys;
2146 report/fix Joachim Schipper; ok djm@
2147 - djm@cvs.openbsd.org 2010/11/29 23:45:51
2148 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
2149 [sshconnect.h sshconnect2.c]
2150 automatically order the hostkeys requested by the client based on
2151 which hostkeys are already recorded in known_hosts. This avoids
2152 hostkey warnings when connecting to servers with new ECDSA keys
2153 that are preferred by default; with markus@
2156 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
2157 into the platform-specific code Only affects SCO, tested by and ok tim@.
2158 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
2159 group read/write. ok dtucker@
2160 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2161 - (djm) [defines.h] Add IP DSCP defines
2164 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
2165 from vapier at gentoo org.
2169 - djm@cvs.openbsd.org 2010/11/05 02:46:47
2172 - djm@cvs.openbsd.org 2010/11/10 01:33:07
2173 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
2174 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
2175 these have been around for years by this time. ok markus
2176 - djm@cvs.openbsd.org 2010/11/13 23:27:51
2177 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
2178 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
2179 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
2180 hardcoding lowdelay/throughput.
2182 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2183 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
2186 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
2187 [scp.1 sftp.1 ssh.1 sshd_config.5]
2188 add IPQoS to the various -o lists, and zap some trailing whitespace;
2191 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
2192 platforms that don't support ECC. Fixes some spurious warnings reported
2196 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
2197 Feedback from dtucker@
2198 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
2199 support for platforms missing isblank(). ok djm@
2202 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
2204 - (tim) [regress/kextype.sh] Shell portability fix.
2207 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
2208 the correct typedefs.
2211 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
2212 int. Should fix bz#1817 cleanly; ok dtucker@
2214 - djm@cvs.openbsd.org 2010/09/22 12:26:05
2215 [regress/Makefile regress/kextype.sh]
2216 regress test for each of the key exchange algorithms that we support
2217 - djm@cvs.openbsd.org 2010/10/28 11:22:09
2218 [authfile.c key.c key.h ssh-keygen.c]
2219 fix a possible NULL deref on loading a corrupt ECDH key
2221 store ECDH group information in private keys files as "named groups"
2222 rather than as a set of explicit group parameters (by setting
2223 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
2224 retrieves the group's OpenSSL NID that we need for various things.
2225 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
2226 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2227 knock out some "-*- nroff -*-" lines;
2228 - djm@cvs.openbsd.org 2010/11/04 02:45:34
2230 umask should be parsed as octal. reported by candland AT xmission.com;
2232 - (dtucker) [configure.ac platform.{c,h} session.c
2233 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
2234 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
2236 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
2237 after the user's groups are established and move the selinux calls into it.
2238 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
2240 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2241 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
2242 retain previous behavior.
2243 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
2244 the LOGIN_CAP case into platform.c.
2245 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
2247 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
2248 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
2250 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
2251 non-LOGIN_CAP case into platform.c.
2252 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
2253 check into platform.c
2254 - (dtucker) [regress/keytype.sh] Import new test.
2255 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
2256 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
2257 from configure through to regress/Makefile and use it in the tests.
2258 - (dtucker) [regress/kextype.sh] Add missing "test".
2259 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
2260 strictly correct since while ECC requires sha256 the reverse is not true
2261 however it does prevent spurious test failures.
2262 - (dtucker) [platform.c] Need servconf.h and extern options.
2265 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
2266 1.12 to unbreak Solaris build.
2268 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
2272 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
2273 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
2274 which don't have ECC support in libcrypto.
2275 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
2276 which don't have ECC support in libcrypto.
2277 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
2279 - (dtucker) OpenBSD CVS Sync
2280 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
2282 escape '[' in filename tab-completion; fix a type while there.
2287 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
2289 Typo in confirmation message. bz#1827, patch from imorgan at
2291 - djm@cvs.openbsd.org 2010/08/31 12:24:09
2292 [regress/cert-hostkey.sh regress/cert-userkey.sh]
2293 tests for ECDSA certificates
2296 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
2297 bz#1825, reported by foo AT mailinator.com
2298 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
2301 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
2305 - (djm) [ssh-agent.c] Fix type for curve name.
2306 - (djm) OpenBSD CVS Sync
2307 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
2308 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
2309 [openbsd-compat/timingsafe_bcmp.c]
2310 Add timingsafe_bcmp(3) to libc, mention that it's already in the
2311 kernel in kern(9), and remove it from OpenSSH.
2313 NB. re-added under openbsd-compat/ for portable OpenSSH
2314 - djm@cvs.openbsd.org 2010/09/25 09:30:16
2315 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
2316 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
2317 rountrips to fetch per-file stat(2) information.
2318 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
2320 - djm@cvs.openbsd.org 2010/09/26 22:26:33
2322 when performing an "ls" in columnated (short) mode, only call
2323 ioctl(TIOCGWINSZ) once to get the window width instead of per-
2325 - djm@cvs.openbsd.org 2010/09/30 11:04:51
2327 prevent free() of string in .rodata when overriding AuthorizedKeys in
2328 a Match block; patch from rein AT basefarm.no
2329 - djm@cvs.openbsd.org 2010/10/01 23:05:32
2330 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
2331 adapt to API changes in openssl-1.0.0a
2332 NB. contains compat code to select correct API for older OpenSSL
2333 - djm@cvs.openbsd.org 2010/10/05 05:13:18
2334 [sftp.c sshconnect.c]
2335 use default shell /bin/sh if $SHELL is ""; ok markus@
2336 - djm@cvs.openbsd.org 2010/10/06 06:39:28
2337 [clientloop.c ssh.c sshconnect.c sshconnect.h]
2338 kill proxy command on fatal() (we already kill it on clean exit);
2340 - djm@cvs.openbsd.org 2010/10/06 21:10:21
2342 swapped args to kill(2)
2343 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
2344 - (djm) [cipher-acss.c] Add missing header.
2345 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2348 - (djm) OpenBSD CVS Sync
2349 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
2351 * mention ECDSA in more places
2352 * less repetition in FILES section
2353 * SSHv1 keys are still encrypted with 3DES
2355 - djm@cvs.openbsd.org 2010/09/11 21:44:20
2357 mention RFC 5656 for ECC stuff
2358 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
2360 more wacky macro fixing;
2361 - djm@cvs.openbsd.org 2010/09/20 04:41:47
2363 install a SIGCHLD handler to reap expiried child process; ok markus@
2364 - djm@cvs.openbsd.org 2010/09/20 04:50:53
2366 check that received values are smaller than the group size in the
2367 disabled and unfinished J-PAKE code.
2368 avoids catastrophic security failure found by Sebastien Martini
2369 - djm@cvs.openbsd.org 2010/09/20 04:54:07
2372 - djm@cvs.openbsd.org 2010/09/20 07:19:27
2374 "atomically" create the listening mux socket by binding it on a temorary
2375 name and then linking it into position after listen() has succeeded.
2376 this allows the mux clients to determine that the server socket is
2377 either ready or stale without races. stale server sockets are now
2378 automatically removed
2380 - djm@cvs.openbsd.org 2010/09/22 05:01:30
2381 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
2382 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
2383 add a KexAlgorithms knob to the client and server configuration to allow
2384 selection of which key exchange methods are used by ssh(1) and sshd(8)
2385 and their order of preference.
2387 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
2388 [ssh.1 ssh_config.5]
2389 ssh.1: add kexalgorithms to the -o list
2390 ssh_config.5: format the kexalgorithms in a more consistent
2393 - djm@cvs.openbsd.org 2010/09/22 22:58:51
2394 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
2395 [sftp-client.h sftp.1 sftp.c]
2396 add an option per-read/write callback to atomicio
2398 factor out bandwidth limiting code from scp(1) into a generic bandwidth
2399 limiter that can be attached using the atomicio callback mechanism
2401 add a bandwidth limit option to sftp(1) using the above
2403 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
2405 add [-l limit] to usage();
2406 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
2408 add KexAlgorithms to the -o list;
2411 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
2412 return code since it can apparently return -1 under some conditions. From
2413 openssh bugs werbittewas de, ok djm@
2415 - djm@cvs.openbsd.org 2010/08/31 12:33:38
2416 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2417 reintroduce commit from tedu@, which I pulled out for release
2419 OpenSSL_add_all_algorithms is the name of the function we have a
2420 man page for, so use that. ok djm
2421 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
2423 fix some macro abuse;
2424 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
2426 small text tweak to accommodate previous;
2427 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
2429 pick up ECDSA host key by default; ok djm@
2430 - markus@cvs.openbsd.org 2010/09/02 16:07:25
2432 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
2433 - markus@cvs.openbsd.org 2010/09/02 16:08:39
2435 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
2436 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
2438 Switch ECDSA default key size to 256 bits, which according to RFC5656
2439 should still be better than our current RSA-2048 default.
2441 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
2443 add an EXIT STATUS section for /usr/bin;
2444 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
2446 two more EXIT STATUS sections;
2447 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
2449 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
2450 <mattieu.b@gmail.com>
2452 - djm@cvs.openbsd.org 2010/09/08 03:54:36
2455 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
2457 work around name-space collisions some buggy compilers (looking at you
2458 gcc, at least in earlier versions, but this does not forgive your current
2459 transgressions) seen between zlib and openssl
2461 - djm@cvs.openbsd.org 2010/09/09 10:45:45
2462 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
2463 ECDH/ECDSA compliance fix: these methods vary the hash function they use
2464 (SHA256/384/512) depending on the length of the curve in use. The previous
2465 code incorrectly used SHA256 in all cases.
2467 This fix will cause authentication failure when using 384 or 521-bit curve
2468 keys if one peer hasn't been upgraded and the other has. (256-bit curve
2469 keys work ok). In particular you may need to specify HostkeyAlgorithms
2470 when connecting to a server that has not been upgraded from an upgraded
2474 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
2475 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
2476 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
2477 platforms that don't have the requisite OpenSSL support. ok dtucker@
2478 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
2479 for missing headers and compiler warnings.
2483 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
2484 [ssh-keysign.8 ssh.1 sshd.8]
2485 use the same template for all FILES sections; i.e. -compact/.Pp where we
2486 have multiple items, and .Pa for path names;
2487 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
2488 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2489 OpenSSL_add_all_algorithms is the name of the function we have a man page
2490 for, so use that. ok djm
2491 - djm@cvs.openbsd.org 2010/08/16 04:06:06
2492 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2493 backout previous temporarily; discussed with deraadt@
2494 - djm@cvs.openbsd.org 2010/08/31 09:58:37
2495 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
2496 [packet.h ssh-dss.c ssh-rsa.c]
2497 Add buffer_get_cstring() and related functions that verify that the
2498 string extracted from the buffer contains no embedded \0 characters*
2499 This prevents random (possibly malicious) crap from being appended to
2500 strings where it would not be noticed if the string is used with
2501 a string(3) function.
2503 Use the new API in a few sensitive places.
2505 * actually, we allow a single one at the end of the string for now because
2506 we don't know how many deployed implementations get this wrong, but don't
2507 count on this to remain indefinitely.
2508 - djm@cvs.openbsd.org 2010/08/31 11:54:45
2509 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
2510 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
2511 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
2512 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
2513 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
2514 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
2515 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
2516 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
2517 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
2518 better performance than plain DH and DSA at the same equivalent symmetric
2519 key length, as well as much shorter keys.
2521 Only the mandatory sections of RFC5656 are implemented, specifically the
2522 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
2523 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
2525 Certificate host and user keys using the new ECDSA key types are supported.
2527 Note that this code has not been tested for interoperability and may be
2530 feedback and ok markus@
2531 - (djm) [Makefile.in] Add new ECC files
2532 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
2536 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
2537 remove. Patch from martynas at venck us
2540 - (djm) Release OpenSSH-5.6p1
2543 - (dtucker) [configure.ac openbsd-compat/Makefile.in
2544 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
2545 the compat library which helps on platforms like old IRIX. Based on work
2546 by djm, tested by Tom Christensen.
2548 - djm@cvs.openbsd.org 2010/08/12 21:49:44
2550 close any extra file descriptors inherited from parent at start and
2551 reopen stdin/stdout to /dev/null when forking for ControlPersist.
2553 prevents tools that fork and run a captive ssh for communication from
2554 failing to exit when the ssh completes while they wait for these fds to
2555 close. The inherited fds may persist arbitrarily long if a background
2556 mux master has been started by ControlPersist. cvs and scp were effected
2559 "please commit" markus@
2560 - (djm) [regress/README.regress] typo
2563 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
2564 regress/test-exec.sh] Under certain conditions when testing with sudo
2565 tests would fail because the pidfile could not be read by a regular user.
2566 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
2567 Make sure cat is run by $SUDO. no objection from me. djm@
2568 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
2571 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
2572 already set. Makes FreeBSD user openable tunnels useful; patch from
2573 richard.burakowski+ossh AT mrburak.net, ok dtucker@
2574 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
2575 based in part on a patch from Colin Watson, ok djm@
2579 - djm@cvs.openbsd.org 2010/08/08 16:26:42
2582 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2583 [contrib/suse/openssh.spec] Crank version numbers
2587 - djm@cvs.openbsd.org 2010/08/04 05:37:01
2588 [ssh.1 ssh_config.5 sshd.8]
2589 Remove mentions of weird "addr/port" alternate address format for IPv6
2590 addresses combinations. It hasn't worked for ages and we have supported
2591 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
2592 - djm@cvs.openbsd.org 2010/08/04 05:40:39
2593 [PROTOCOL.certkeys ssh-keygen.c]
2594 tighten the rules for certificate encoding by requiring that options
2595 appear in lexical order and make our ssh-keygen comply. ok markus@
2596 - djm@cvs.openbsd.org 2010/08/04 05:42:47
2597 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
2598 [ssh-keysign.c ssh.c]
2599 enable certificates for hostbased authentication, from Iain Morgan;
2601 - djm@cvs.openbsd.org 2010/08/04 05:49:22
2603 commited the wrong version of the hostbased certificate diff; this
2604 version replaces some strlc{py,at} verbosity with xasprintf() at
2605 the request of markus@
2606 - djm@cvs.openbsd.org 2010/08/04 06:07:11
2607 [ssh-keygen.1 ssh-keygen.c]
2608 Support CA keys in PKCS#11 tokens; feedback and ok markus@
2609 - djm@cvs.openbsd.org 2010/08/04 06:08:40
2611 clean for -Wuninitialized (Id sync only; portable had this change)
2612 - djm@cvs.openbsd.org 2010/08/05 13:08:42
2614 Fix a trio of bugs in the local/remote window calculation for datagram
2615 data channels (i.e. TunnelForward):
2617 Calculate local_consumed correctly in channel_handle_wfd() by measuring
2618 the delta to buffer_len(c->output) from when we start to when we finish.
2619 The proximal problem here is that the output_filter we use in portable
2620 modified the length of the dequeued datagram (to futz with the headers
2623 In channel_output_poll(), don't enqueue datagrams that won't fit in the
2624 peer's advertised packet size (highly unlikely to ever occur) or which
2625 won't fit in the peer's remaining window (more likely).
2627 In channel_input_data(), account for the 4-byte string header in
2628 datagram packets that we accept from the peer and enqueue in c->output.
2630 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
2631 "looks good" markus@
2634 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
2635 PAM to sane values in case the PAM method doesn't write to them. Spotted by
2636 Bitman Zhou, ok djm@.
2638 - djm@cvs.openbsd.org 2010/07/16 04:45:30
2640 avoid bogus compiler warning
2641 - djm@cvs.openbsd.org 2010/07/16 14:07:35
2643 more timing paranoia - compare all parts of the expected decrypted
2644 data before returning. AFAIK not exploitable in the SSH protocol.
2646 - djm@cvs.openbsd.org 2010/07/19 03:16:33
2648 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
2649 upload depth checks and causing verbose printing of transfers to always
2650 be turned on; patch from imorgan AT nas.nasa.gov
2651 - djm@cvs.openbsd.org 2010/07/19 09:15:12
2652 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
2653 add a "ControlPersist" option that automatically starts a background
2654 ssh(1) multiplex master when connecting. This connection can stay alive
2655 indefinitely, or can be set to automatically close after a user-specified
2656 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
2657 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
2658 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
2659 - djm@cvs.openbsd.org 2010/07/21 02:10:58
2661 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
2662 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
2664 Ciphers is documented in ssh_config(5) these days
2667 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
2668 details about its behaviour WRT existing directories. Patch from
2669 asguthrie at gmail com, ok djm.
2672 - (djm) OpenBSD CVS Sync
2673 - djm@cvs.openbsd.org 2010/07/02 04:32:44
2675 unbreak strdelim() skipping past quoted strings, e.g.
2676 AllowUsers "blah blah" blah
2677 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
2679 - djm@cvs.openbsd.org 2010/07/12 22:38:52
2681 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
2682 for protocol 2. ok markus@
2683 - djm@cvs.openbsd.org 2010/07/12 22:41:13
2684 [ssh.c ssh_config.5]
2685 expand %h to the hostname in ssh_config Hostname options. While this
2686 sounds useless, it is actually handy for working with unqualified
2692 Hostname %h.example.org
2695 - djm@cvs.openbsd.org 2010/07/13 11:52:06
2696 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
2697 [packet.c ssh-rsa.c]
2698 implement a timing_safe_cmp() function to compare memory without leaking
2699 timing information by short-circuiting like memcmp() and use it for
2700 some of the more sensitive comparisons (though nothing high-value was
2701 readily attackable anyway); "looks ok" markus@
2702 - djm@cvs.openbsd.org 2010/07/13 23:13:16
2703 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
2705 s/timing_safe_cmp/timingsafe_bcmp/g
2706 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
2708 finally ssh synopsis looks nice again! this commit just removes a ton of
2709 hacks we had in place to make it work with old groff;
2710 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
2712 repair incorrect block nesting, which screwed up indentation;
2713 problem reported and fix OK by jmc@
2716 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
2717 (line 77) should have been for no_x11_askpass.
2720 - (djm) OpenBSD CVS Sync
2721 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
2724 - djm@cvs.openbsd.org 2010/06/26 23:04:04
2726 oops, forgot to #include <canohost.h>; spotted and patch from chl@
2727 - djm@cvs.openbsd.org 2010/06/29 23:15:30
2728 [ssh-keygen.1 ssh-keygen.c]
2729 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
2731 - djm@cvs.openbsd.org 2010/06/29 23:16:46
2732 [auth2-pubkey.c sshd_config.5]
2733 allow key options (command="..." and friends) in AuthorizedPrincipals;
2735 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
2738 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
2741 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
2744 - millert@cvs.openbsd.org 2010/07/01 13:06:59
2746 Fix a longstanding problem where if you suspend scp at the
2747 password/passphrase prompt the terminal mode is not restored.
2749 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
2751 fix how we run the tests so we can successfully use SUDO='sudo -E'
2753 - djm@cvs.openbsd.org 2010/06/29 23:59:54
2755 regress tests for key options in AuthorizedPrincipals
2758 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
2762 - (djm) OpenBSD CVS Sync
2763 - djm@cvs.openbsd.org 2010/05/21 05:00:36
2765 colon() returns char*, so s/return (0)/return NULL/
2766 - markus@cvs.openbsd.org 2010/06/08 21:32:19
2768 check length of value returned C_GetAttributValue for != 0
2769 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
2770 - djm@cvs.openbsd.org 2010/06/17 07:07:30
2772 Correct sizing of object to be allocated by calloc(), replacing
2773 sizeof(state) with sizeof(*state). This worked by accident since
2774 the struct contained a single int at present, but could have broken
2775 in the future. patch from hyc AT symas.com
2776 - djm@cvs.openbsd.org 2010/06/18 00:58:39
2778 unbreak ls in working directories that contains globbing characters in
2779 their pathnames. bz#1655 reported by vgiffin AT apple.com
2780 - djm@cvs.openbsd.org 2010/06/18 03:16:03
2782 Missing check for chroot_director == "none" (we already checked against
2783 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2784 - djm@cvs.openbsd.org 2010/06/18 04:43:08
2786 fix memory leak in do_realpath() error path; bz#1771, patch from
2788 - djm@cvs.openbsd.org 2010/06/22 04:22:59
2789 [servconf.c sshd_config.5]
2790 expose some more sshd_config options inside Match blocks:
2791 AuthorizedKeysFile AuthorizedPrincipalsFile
2792 HostbasedUsesNameFromPacketOnly PermitTunnel
2793 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
2794 - djm@cvs.openbsd.org 2010/06/22 04:32:06
2796 standardise error messages when attempting to open private key
2797 files to include "progname: filename: error reason"
2798 bz#1783; ok dtucker@
2799 - djm@cvs.openbsd.org 2010/06/22 04:49:47
2801 queue auth debug messages for bad ownership or permissions on the user's
2802 keyfiles. These messages will be sent after the user has successfully
2803 authenticated (where our client will display them with LogLevel=debug).
2804 bz#1554; ok dtucker@
2805 - djm@cvs.openbsd.org 2010/06/22 04:54:30
2807 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
2808 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
2809 - djm@cvs.openbsd.org 2010/06/22 04:59:12
2811 include the user name on "subsystem request for ..." log messages;
2812 bz#1571; ok dtucker@
2813 - djm@cvs.openbsd.org 2010/06/23 02:59:02
2815 fix printing of extensions in v01 certificates that I broke in r1.190
2816 - djm@cvs.openbsd.org 2010/06/25 07:14:46
2817 [channels.c mux.c readconf.c readconf.h ssh.h]
2818 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
2819 forwards per direction; ok markus@ stevesk@
2820 - djm@cvs.openbsd.org 2010/06/25 07:20:04
2821 [channels.c session.c]
2822 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
2823 internal-sftp accidentally introduced in r1.253 by removing the code
2824 that opens and dup /dev/null to stderr and modifying the channels code
2825 to read stderr but discard it instead; ok markus@
2826 - djm@cvs.openbsd.org 2010/06/25 08:46:17
2827 [auth1.c auth2-none.c]
2828 skip the initial check for access with an empty password when
2829 PermitEmptyPasswords=no; bz#1638; ok markus@
2830 - djm@cvs.openbsd.org 2010/06/25 23:10:30
2832 log the hostname and address that we connected to at LogLevel=verbose
2833 after authentication is successful to mitigate "phishing" attacks by
2834 servers with trusted keys that accept authentication silently and
2835 automatically before presenting fake password/passphrase prompts;
2837 - djm@cvs.openbsd.org 2010/06/25 23:10:30
2839 log the hostname and address that we connected to at LogLevel=verbose
2840 after authentication is successful to mitigate "phishing" attacks by
2841 servers with trusted keys that accept authentication silently and
2842 automatically before presenting fake password/passphrase prompts;
2846 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
2850 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
2851 rather than assuming that $CWD == $HOME. bz#1500, patch from
2852 timothy AT gelter.com
2855 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
2856 minires-devel package, and to add the reference to the libedit-devel
2857 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
2860 - (djm) OpenBSD CVS Sync
2861 - djm@cvs.openbsd.org 2010/05/07 11:31:26
2862 [regress/Makefile regress/cert-userkey.sh]
2863 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
2864 feedback and ok markus@
2865 - djm@cvs.openbsd.org 2010/05/11 02:58:04
2867 don't accept certificates marked as "cert-authority" here; ok markus@
2868 - djm@cvs.openbsd.org 2010/05/14 00:47:22
2870 check that the certificate matches the corresponding private key before
2872 - djm@cvs.openbsd.org 2010/05/14 23:29:23
2873 [channels.c channels.h mux.c ssh.c]
2874 Pause the mux channel while waiting for reply from aynch callbacks.
2875 Prevents misordering of replies if new requests arrive while waiting.
2877 Extend channel open confirm callback to allow signalling failure
2878 conditions as well as success. Use this to 1) fix a memory leak, 2)
2879 start using the above pause mechanism and 3) delay sending a success/
2880 failure message on mux slave session open until we receive a reply from
2883 motivated by and with feedback from markus@
2884 - markus@cvs.openbsd.org 2010/05/16 12:55:51
2885 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
2886 mux support for remote forwarding with dynamic port allocation,
2888 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
2889 feedback and ok djm@
2890 - djm@cvs.openbsd.org 2010/05/20 11:25:26
2892 fix logspam when key options (from="..." especially) deny non-matching
2893 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
2894 - djm@cvs.openbsd.org 2010/05/20 23:46:02
2895 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
2896 Move the permit-* options to the non-critical "extensions" field for v01
2897 certificates. The logic is that if another implementation fails to
2898 implement them then the connection just loses features rather than fails
2904 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
2905 circular dependency problem on old or odd platforms. From Tom Lane, ok
2907 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
2908 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
2909 already. ok dtucker@
2913 - djm@cvs.openbsd.org 2010/04/23 01:47:41
2915 bz#1740: display a more helpful error message when $HOME is
2916 inaccessible while trying to create .ssh directory. Based on patch
2917 from jchadima AT redhat.com; ok dtucker@
2918 - djm@cvs.openbsd.org 2010/04/23 22:27:38
2920 set "detach_close" flag when registering channel cleanup callbacks.
2921 This causes the channel to close normally when its fds close and
2922 hangs when terminating a mux slave using ~. bz#1758; ok markus@
2923 - djm@cvs.openbsd.org 2010/04/23 22:42:05
2925 set stderr to /dev/null for subsystems rather than just closing it.
2926 avoids hangs if a subsystem or shell initialisation writes to stderr.
2928 - djm@cvs.openbsd.org 2010/04/23 22:48:31
2930 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
2931 since we would refuse to use them anyway. bz#1516; ok dtucker@
2932 - djm@cvs.openbsd.org 2010/04/26 22:28:24
2934 bz#1502: authctxt.success is declared as an int, but passed by
2935 reference to function that accepts sig_atomic_t*. Convert it to
2936 the latter; ok markus@ dtucker@
2937 - djm@cvs.openbsd.org 2010/05/01 02:50:50
2940 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
2942 restore mput and mget which got lost in the tab-completion changes.
2943 found by Kenneth Whitaker, ok djm@
2944 - djm@cvs.openbsd.org 2010/05/07 11:30:30
2945 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
2946 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
2947 add some optional indirection to matching of principal names listed
2948 in certificates. Currently, a certificate must include the a user's name
2949 to be accepted for authentication. This change adds the ability to
2950 specify a list of certificate principal names that are acceptable.
2952 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
2953 this adds a new principals="name1[,name2,...]" key option.
2955 For CAs listed through sshd_config's TrustedCAKeys option, a new config
2956 option "AuthorizedPrincipalsFile" specifies a per-user file containing
2957 the list of acceptable names.
2959 If either option is absent, the current behaviour of requiring the
2960 username to appear in principals continues to apply.
2962 These options are useful for role accounts, disjoint account namespaces
2963 and "user@realm"-style naming policies in certificates.
2965 feedback and ok markus@
2966 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
2971 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
2972 in the openssl install directory (some newer openssl versions do this on at
2973 least some amd64 platforms).
2977 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
2979 tweak previous; ok djm
2980 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
2981 [ssh-keygen.1 ssh-keygen.c]
2982 tweak previous; ok djm
2983 - djm@cvs.openbsd.org 2010/04/16 21:14:27
2985 oops, %r => remote username, not %u
2986 - djm@cvs.openbsd.org 2010/04/16 01:58:45
2987 [regress/cert-hostkey.sh regress/cert-userkey.sh]
2988 regression tests for v01 certificate format
2989 includes interop tests for v00 certs
2990 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
2994 - (djm) Release openssh-5.5p1
2996 - djm@cvs.openbsd.org 2010/03/26 03:13:17
2998 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
2999 argument to allow skipping past values in a buffer
3000 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
3003 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
3005 tweak previous; ok dtucker
3006 - djm@cvs.openbsd.org 2010/04/10 00:00:16
3008 bz#1746 - suppress spurious tty warning when using -O and stdin
3009 is not a tty; ok dtucker@ markus@
3010 - djm@cvs.openbsd.org 2010/04/10 00:04:30
3012 fix terminology: we didn't find a certificate in known_hosts, we found
3014 - djm@cvs.openbsd.org 2010/04/10 02:08:44
3016 bz#1698: kill channel when pty allocation requests fail. Fixed
3017 stuck client if the server refuses pty allocation.
3018 ok dtucker@ "think so" markus@
3019 - djm@cvs.openbsd.org 2010/04/10 02:10:56
3021 show the key type that we are offering in debug(), helps distinguish
3022 between certs and plain keys as the path to the private key is usually
3024 - djm@cvs.openbsd.org 2010/04/10 05:48:16
3026 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
3027 - djm@cvs.openbsd.org 2010/04/14 22:27:42
3028 [ssh_config.5 sshconnect.c]
3029 expand %r => remote username in ssh_config:ProxyCommand;
3031 - markus@cvs.openbsd.org 2010/04/15 20:32:55
3033 retry lookup for private key if there's no matching key with CKA_SIGN
3034 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
3036 - djm@cvs.openbsd.org 2010/04/16 01:47:26
3037 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
3038 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
3039 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
3040 [sshconnect.c sshconnect2.c sshd.c]
3041 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
3044 move the nonce field to the beginning of the certificate where it can
3045 better protect against chosen-prefix attacks on the signature hash
3047 Rename "constraints" field to "critical options"
3049 Add a new non-critical "extensions" field
3053 The older format is still support for authentication and cert generation
3054 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)