2 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
3 [contrib/suse/openssh.spec] Prepare for 5.8p2 release.
4 - (djm) [version.h] crank version
8 - (djm) [entropy.c] closefrom() before running ssh-rand-helper; leftover fds
9 noticed by tmraz AT redhat.com
12 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
13 Cygwin-specific service installer script ssh-host-config. The actual
14 functionality is the same, the revisited version is just more
15 exact when it comes to check for problems which disallow to run
16 certain aspects of the script. So, part of this script and the also
17 rearranged service helper script library "csih" is to check if all
18 the tools required to run the script are available on the system.
19 The new script also is more thorough to inform the user why the
20 script failed. Patch from vinschen at redhat com.
23 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
24 selinux code. Patch from Leonardo Chiquitto
25 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
26 generation and simplify. Patch from Corinna Vinschen.
30 - djm@cvs.openbsd.org 2011/01/31 21:42:15
32 cut'n'pasto; from bert.wesarg AT googlemail.com
33 - djm@cvs.openbsd.org 2011/02/04 00:44:21
35 fix uninitialised nonce variable; reported by Mateusz Kocielski
36 - djm@cvs.openbsd.org 2011/02/04 00:44:43
39 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
40 [contrib/suse/openssh.spec] update versions in docs and spec files.
41 - Release OpenSSH 5.8p1
44 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
45 before attempting setfscreatecon(). Check whether matchpathcon()
46 succeeded before using its result. Patch from cjwatson AT debian.org;
50 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
51 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
52 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
53 building with SELinux support to avoid linking failure; report from
54 amk AT spamfence.net; ok dtucker
57 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
58 RSA_get_default_method() for the benefit of openssl versions that don't
59 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
62 - djm@cvs.openbsd.org 2011/01/22 09:18:53
65 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
66 [contrib/suse/openssh.spec] update versions in docs and spec files.
70 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
71 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
72 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
73 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
74 release testing (random crashes and failure to load ECC keys).
78 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
79 $PATH, fix cleanup of droppings; reported by openssh AT
80 roumenpetrov.info; ok dtucker@
81 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
82 its unique snowflake of a gdb error to the ones we look for.
83 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
84 ssh-add to avoid $SUDO failures on Linux
85 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
86 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
87 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
88 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
89 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
90 disabled on platforms that do not support them; add a "config_defined()"
91 shell function that greps for defines in config.h and use them to decide
93 Convert a couple of existing grep's over config.h to use the new function
94 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
95 backslash characters in filenames, enable it for Cygwin and use it to turn
96 of tests for quotes backslashes in sftp-glob.sh.
97 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
98 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
99 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
101 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
102 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
103 support, based on patches from Tomas Mraz and jchadima at redhat.
106 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
107 on configurations that don't have it.
109 - djm@cvs.openbsd.org 2011/01/16 11:50:05
111 Use atomicio when flushing protocol 1 std{out,err} buffers at
112 session close. This was a latent bug exposed by setting a SIGCHLD
113 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
114 - djm@cvs.openbsd.org 2011/01/16 11:50:36
116 reset the SIGPIPE handler when forking to execute child processes;
118 - djm@cvs.openbsd.org 2011/01/16 12:05:59
120 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
121 now that we use atomicio(), convert them from while loops to if statements
122 add test and cast to compile cleanly with -Wsigned
126 - djm@cvs.openbsd.org 2011/01/13 21:54:53
128 correct error messages; patch from bert.wesarg AT googlemail.com
129 - djm@cvs.openbsd.org 2011/01/13 21:55:25
131 correct protocol names and add a couple of missing protocol number
132 defines; patch from bert.wesarg AT googlemail.com
133 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
134 host-key-force target rather than a substitution that is replaced with a
135 comment so that the Makefile.in is still a syntactically valid Makefile
136 (useful to run the distprep target)
137 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
138 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
142 - (djm) [misc.c] include time.h for nanosleep() prototype
143 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
144 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
146 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
147 gcc warning on platforms where it defaults to int
148 - (djm) [regress/Makefile] add a few more generated files to the clean
150 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
151 #define that was causing diffie-hellman-group-exchange-sha256 to be
153 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
154 should not depend on ECC support
158 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
159 [openbsd-compat/glob.c]
160 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
162 Fixes glob-using programs (notably ftp) able to be triggered to hit
164 Idea from a similar NetBSD change, original problem reported by jasper@.
165 ok millert tedu jasper
166 - djm@cvs.openbsd.org 2011/01/12 01:53:14
167 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
168 and sanity check arguments (these will be unnecessary when we switch
169 struct glob members from being type into to size_t in the future);
170 "looks ok" tedu@ feedback guenther@
171 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
172 silly warnings on write() calls we don't care succeed or not.
173 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
174 flag tests that don't depend on gcc version at all; suggested by and
178 - (tim) [regress/host-expand.sh] Fix for building outside of read only
180 - (djm) [platform.c] Some missing includes that show up under -Werror
182 - djm@cvs.openbsd.org 2011/01/08 10:51:51
184 use host and not options.hostname, as the latter may have unescaped
185 substitution characters
186 - djm@cvs.openbsd.org 2011/01/11 06:06:09
188 fd leak on error paths; from zinovik@
189 NB. Id sync only; we use loginrec.c that was also audited and fixed
191 - djm@cvs.openbsd.org 2011/01/11 06:13:10
192 [clientloop.c ssh-keygen.c sshd.c]
193 some unsigned long long casts that make things a bit easier for
194 portable without resorting to dropping PRIu64 formats everywhere
197 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
198 openssh AT roumenpetrov.info
201 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
202 test on OSX and others. Reported by imorgan AT nas.nasa.gov
205 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
206 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
207 - djm@cvs.openbsd.org 2011/01/06 22:23:53
209 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
210 googlemail.com; ok markus@
211 - djm@cvs.openbsd.org 2011/01/06 22:23:02
213 when exiting due to ServerAliveTimeout, mention the hostname that caused
214 it (useful with backgrounded controlmaster)
215 - djm@cvs.openbsd.org 2011/01/06 22:46:21
216 [regress/Makefile regress/host-expand.sh]
217 regress test for LocalCommand %n expansion from bert.wesarg AT
218 googlemail.com; ok markus@
219 - djm@cvs.openbsd.org 2011/01/06 23:01:35
221 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
225 - (djm) OpenBSD CVS Sync
226 - markus@cvs.openbsd.org 2010/12/08 22:46:03
228 add a new -3 option to scp: Copies between two remote hosts are
229 transferred through the local host. Without this option the data
230 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
231 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
234 scp.c: add -3 to usage()
235 - markus@cvs.openbsd.org 2010/12/14 11:59:06
237 don't mention key type in key-changed-warning, since we also print
238 this warning if a new key type appears. ok djm@
239 - djm@cvs.openbsd.org 2010/12/15 00:49:27
241 fix ControlMaster=ask regression
242 reset SIGCHLD handler before fork (and restore it after) so we don't miss
243 the the askpass child's exit status. Correct test for exit status/signal to
244 account for waitpid() failure; with claudio@ ok claudio@ markus@
245 - djm@cvs.openbsd.org 2010/12/24 21:41:48
247 don't send the actual forced command in a debug message; ok markus deraadt
248 - otto@cvs.openbsd.org 2011/01/04 20:44:13
250 handle ecdsa-sha2 with various key lengths; hint and ok djm@
253 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
254 formatter if it is present, followed by nroff and groff respectively.
255 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
256 in favour of mandoc). feedback and ok tim
259 - (djm) [Makefile.in] revert local hack I didn't intend to commit
262 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
263 - (djm) [configure.ac] Check whether libdes is needed when building
264 with Heimdal krb5 support. On OpenBSD this library no longer exists,
265 so linking it unconditionally causes a build failure; ok dtucker
268 - (dtucker) OpenBSD CVS Sync
269 - djm@cvs.openbsd.org 2010/12/08 04:02:47
270 [ssh_config.5 sshd_config.5]
271 explain that IPQoS arguments are separated by whitespace; iirc requested
275 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
276 debugging. Spotted by djm.
277 - (dtucker) OpenBSD CVS Sync
278 - djm@cvs.openbsd.org 2010/12/03 23:49:26
280 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
281 (this code is still disabled, but apprently people are treating it as
282 a reference implementation)
283 - djm@cvs.openbsd.org 2010/12/03 23:55:27
285 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
286 bz#1829; patch from ldv AT altlinux.org; ok markus@
287 - djm@cvs.openbsd.org 2010/12/04 00:18:01
288 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
289 add a protocol extension to support a hard link operation. It is
290 available through the "ln" command in the client. The old "ln"
291 behaviour of creating a symlink is available using its "-s" option
292 or through the preexisting "symlink" command; based on a patch from
293 miklos AT szeredi.hu in bz#1555; ok markus@
294 - djm@cvs.openbsd.org 2010/12/04 13:31:37
296 fix fd leak; spotted and ok dtucker
297 - djm@cvs.openbsd.org 2010/12/04 00:21:19
298 [regress/sftp-cmds.sh]
299 adjust for hard-link support
300 - (dtucker) [regress/Makefile] Id sync.
303 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
304 instead of (arc4random() % range)
305 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
306 shims for the new, non-deprecated OpenSSL key generation functions for
307 platforms that don't have the new interfaces.
311 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
314 - djm@cvs.openbsd.org 2010/11/21 01:01:13
315 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
316 honour $TMPDIR for client xauth and ssh-agent temporary directories;
317 feedback and ok markus@
318 - djm@cvs.openbsd.org 2010/11/21 10:57:07
320 Refactor internals of private key loading and saving to work on memory
321 buffers rather than directly on files. This will make a few things
322 easier to do in the future; ok markus@
323 - djm@cvs.openbsd.org 2010/11/23 02:35:50
325 use strict_modes already passed as function argument over referencing
326 global options.strict_modes
327 - djm@cvs.openbsd.org 2010/11/23 23:57:24
329 avoid NULL deref on receiving a channel request on an unknown or invalid
330 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
331 - djm@cvs.openbsd.org 2010/11/24 01:24:14
333 remove a debug() that pollutes stderr on client connecting to a server
334 in debug mode (channel_close_fds is called transitively from the session
335 code post-fork); bz#1719, ok dtucker
336 - djm@cvs.openbsd.org 2010/11/25 04:10:09
338 replace close() loop for fds 3->64 with closefrom();
339 ok markus deraadt dtucker
340 - djm@cvs.openbsd.org 2010/11/26 05:52:49
342 Pass through ssh command-line flags and options when doing remote-remote
343 transfers, e.g. to enable agent forwarding which is particularly useful
344 in this case; bz#1837 ok dtucker@
345 - markus@cvs.openbsd.org 2010/11/29 18:57:04
347 correctly load comment for encrypted rsa1 keys;
348 report/fix Joachim Schipper; ok djm@
349 - djm@cvs.openbsd.org 2010/11/29 23:45:51
350 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
351 [sshconnect.h sshconnect2.c]
352 automatically order the hostkeys requested by the client based on
353 which hostkeys are already recorded in known_hosts. This avoids
354 hostkey warnings when connecting to servers with new ECDSA keys
355 that are preferred by default; with markus@
358 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
359 into the platform-specific code Only affects SCO, tested by and ok tim@.
360 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
361 group read/write. ok dtucker@
362 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
363 - (djm) [defines.h] Add IP DSCP defines
366 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
367 from vapier at gentoo org.
371 - djm@cvs.openbsd.org 2010/11/05 02:46:47
374 - djm@cvs.openbsd.org 2010/11/10 01:33:07
375 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
376 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
377 these have been around for years by this time. ok markus
378 - djm@cvs.openbsd.org 2010/11/13 23:27:51
379 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
380 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
381 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
382 hardcoding lowdelay/throughput.
384 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
385 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
388 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
389 [scp.1 sftp.1 ssh.1 sshd_config.5]
390 add IPQoS to the various -o lists, and zap some trailing whitespace;
393 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
394 platforms that don't support ECC. Fixes some spurious warnings reported
398 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
399 Feedback from dtucker@
400 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
401 support for platforms missing isblank(). ok djm@
404 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
406 - (tim) [regress/kextype.sh] Shell portability fix.
409 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
410 the correct typedefs.
413 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
414 int. Should fix bz#1817 cleanly; ok dtucker@
416 - djm@cvs.openbsd.org 2010/09/22 12:26:05
417 [regress/Makefile regress/kextype.sh]
418 regress test for each of the key exchange algorithms that we support
419 - djm@cvs.openbsd.org 2010/10/28 11:22:09
420 [authfile.c key.c key.h ssh-keygen.c]
421 fix a possible NULL deref on loading a corrupt ECDH key
423 store ECDH group information in private keys files as "named groups"
424 rather than as a set of explicit group parameters (by setting
425 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
426 retrieves the group's OpenSSL NID that we need for various things.
427 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
428 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
429 knock out some "-*- nroff -*-" lines;
430 - djm@cvs.openbsd.org 2010/11/04 02:45:34
432 umask should be parsed as octal. reported by candland AT xmission.com;
434 - (dtucker) [configure.ac platform.{c,h} session.c
435 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
436 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
438 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
439 after the user's groups are established and move the selinux calls into it.
440 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
442 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
443 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
444 retain previous behavior.
445 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
446 the LOGIN_CAP case into platform.c.
447 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
449 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
450 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
452 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
453 non-LOGIN_CAP case into platform.c.
454 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
455 check into platform.c
456 - (dtucker) [regress/keytype.sh] Import new test.
457 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
458 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
459 from configure through to regress/Makefile and use it in the tests.
460 - (dtucker) [regress/kextype.sh] Add missing "test".
461 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
462 strictly correct since while ECC requires sha256 the reverse is not true
463 however it does prevent spurious test failures.
464 - (dtucker) [platform.c] Need servconf.h and extern options.
467 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
468 1.12 to unbreak Solaris build.
470 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
474 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
475 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
476 which don't have ECC support in libcrypto.
477 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
478 which don't have ECC support in libcrypto.
479 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
481 - (dtucker) OpenBSD CVS Sync
482 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
484 escape '[' in filename tab-completion; fix a type while there.
489 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
491 Typo in confirmation message. bz#1827, patch from imorgan at
493 - djm@cvs.openbsd.org 2010/08/31 12:24:09
494 [regress/cert-hostkey.sh regress/cert-userkey.sh]
495 tests for ECDSA certificates
498 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
499 bz#1825, reported by foo AT mailinator.com
500 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
503 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
507 - (djm) [ssh-agent.c] Fix type for curve name.
508 - (djm) OpenBSD CVS Sync
509 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
510 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
511 [openbsd-compat/timingsafe_bcmp.c]
512 Add timingsafe_bcmp(3) to libc, mention that it's already in the
513 kernel in kern(9), and remove it from OpenSSH.
515 NB. re-added under openbsd-compat/ for portable OpenSSH
516 - djm@cvs.openbsd.org 2010/09/25 09:30:16
517 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
518 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
519 rountrips to fetch per-file stat(2) information.
520 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
522 - djm@cvs.openbsd.org 2010/09/26 22:26:33
524 when performing an "ls" in columnated (short) mode, only call
525 ioctl(TIOCGWINSZ) once to get the window width instead of per-
527 - djm@cvs.openbsd.org 2010/09/30 11:04:51
529 prevent free() of string in .rodata when overriding AuthorizedKeys in
530 a Match block; patch from rein AT basefarm.no
531 - djm@cvs.openbsd.org 2010/10/01 23:05:32
532 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
533 adapt to API changes in openssl-1.0.0a
534 NB. contains compat code to select correct API for older OpenSSL
535 - djm@cvs.openbsd.org 2010/10/05 05:13:18
536 [sftp.c sshconnect.c]
537 use default shell /bin/sh if $SHELL is ""; ok markus@
538 - djm@cvs.openbsd.org 2010/10/06 06:39:28
539 [clientloop.c ssh.c sshconnect.c sshconnect.h]
540 kill proxy command on fatal() (we already kill it on clean exit);
542 - djm@cvs.openbsd.org 2010/10/06 21:10:21
544 swapped args to kill(2)
545 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
546 - (djm) [cipher-acss.c] Add missing header.
547 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
550 - (djm) OpenBSD CVS Sync
551 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
553 * mention ECDSA in more places
554 * less repetition in FILES section
555 * SSHv1 keys are still encrypted with 3DES
557 - djm@cvs.openbsd.org 2010/09/11 21:44:20
559 mention RFC 5656 for ECC stuff
560 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
562 more wacky macro fixing;
563 - djm@cvs.openbsd.org 2010/09/20 04:41:47
565 install a SIGCHLD handler to reap expiried child process; ok markus@
566 - djm@cvs.openbsd.org 2010/09/20 04:50:53
568 check that received values are smaller than the group size in the
569 disabled and unfinished J-PAKE code.
570 avoids catastrophic security failure found by Sebastien Martini
571 - djm@cvs.openbsd.org 2010/09/20 04:54:07
574 - djm@cvs.openbsd.org 2010/09/20 07:19:27
576 "atomically" create the listening mux socket by binding it on a temorary
577 name and then linking it into position after listen() has succeeded.
578 this allows the mux clients to determine that the server socket is
579 either ready or stale without races. stale server sockets are now
580 automatically removed
582 - djm@cvs.openbsd.org 2010/09/22 05:01:30
583 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
584 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
585 add a KexAlgorithms knob to the client and server configuration to allow
586 selection of which key exchange methods are used by ssh(1) and sshd(8)
587 and their order of preference.
589 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
591 ssh.1: add kexalgorithms to the -o list
592 ssh_config.5: format the kexalgorithms in a more consistent
595 - djm@cvs.openbsd.org 2010/09/22 22:58:51
596 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
597 [sftp-client.h sftp.1 sftp.c]
598 add an option per-read/write callback to atomicio
600 factor out bandwidth limiting code from scp(1) into a generic bandwidth
601 limiter that can be attached using the atomicio callback mechanism
603 add a bandwidth limit option to sftp(1) using the above
605 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
607 add [-l limit] to usage();
608 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
610 add KexAlgorithms to the -o list;
613 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
614 return code since it can apparently return -1 under some conditions. From
615 openssh bugs werbittewas de, ok djm@
617 - djm@cvs.openbsd.org 2010/08/31 12:33:38
618 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
619 reintroduce commit from tedu@, which I pulled out for release
621 OpenSSL_add_all_algorithms is the name of the function we have a
622 man page for, so use that. ok djm
623 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
625 fix some macro abuse;
626 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
628 small text tweak to accommodate previous;
629 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
631 pick up ECDSA host key by default; ok djm@
632 - markus@cvs.openbsd.org 2010/09/02 16:07:25
634 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
635 - markus@cvs.openbsd.org 2010/09/02 16:08:39
637 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
638 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
640 Switch ECDSA default key size to 256 bits, which according to RFC5656
641 should still be better than our current RSA-2048 default.
643 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
645 add an EXIT STATUS section for /usr/bin;
646 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
648 two more EXIT STATUS sections;
649 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
651 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
652 <mattieu.b@gmail.com>
654 - djm@cvs.openbsd.org 2010/09/08 03:54:36
657 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
659 work around name-space collisions some buggy compilers (looking at you
660 gcc, at least in earlier versions, but this does not forgive your current
661 transgressions) seen between zlib and openssl
663 - djm@cvs.openbsd.org 2010/09/09 10:45:45
664 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
665 ECDH/ECDSA compliance fix: these methods vary the hash function they use
666 (SHA256/384/512) depending on the length of the curve in use. The previous
667 code incorrectly used SHA256 in all cases.
669 This fix will cause authentication failure when using 384 or 521-bit curve
670 keys if one peer hasn't been upgraded and the other has. (256-bit curve
671 keys work ok). In particular you may need to specify HostkeyAlgorithms
672 when connecting to a server that has not been upgraded from an upgraded
676 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
677 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
678 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
679 platforms that don't have the requisite OpenSSL support. ok dtucker@
680 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
681 for missing headers and compiler warnings.
685 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
686 [ssh-keysign.8 ssh.1 sshd.8]
687 use the same template for all FILES sections; i.e. -compact/.Pp where we
688 have multiple items, and .Pa for path names;
689 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
690 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
691 OpenSSL_add_all_algorithms is the name of the function we have a man page
692 for, so use that. ok djm
693 - djm@cvs.openbsd.org 2010/08/16 04:06:06
694 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
695 backout previous temporarily; discussed with deraadt@
696 - djm@cvs.openbsd.org 2010/08/31 09:58:37
697 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
698 [packet.h ssh-dss.c ssh-rsa.c]
699 Add buffer_get_cstring() and related functions that verify that the
700 string extracted from the buffer contains no embedded \0 characters*
701 This prevents random (possibly malicious) crap from being appended to
702 strings where it would not be noticed if the string is used with
703 a string(3) function.
705 Use the new API in a few sensitive places.
707 * actually, we allow a single one at the end of the string for now because
708 we don't know how many deployed implementations get this wrong, but don't
709 count on this to remain indefinitely.
710 - djm@cvs.openbsd.org 2010/08/31 11:54:45
711 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
712 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
713 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
714 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
715 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
716 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
717 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
718 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
719 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
720 better performance than plain DH and DSA at the same equivalent symmetric
721 key length, as well as much shorter keys.
723 Only the mandatory sections of RFC5656 are implemented, specifically the
724 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
725 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
727 Certificate host and user keys using the new ECDSA key types are supported.
729 Note that this code has not been tested for interoperability and may be
732 feedback and ok markus@
733 - (djm) [Makefile.in] Add new ECC files
734 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
738 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
739 remove. Patch from martynas at venck us
742 - (djm) Release OpenSSH-5.6p1
745 - (dtucker) [configure.ac openbsd-compat/Makefile.in
746 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
747 the compat library which helps on platforms like old IRIX. Based on work
748 by djm, tested by Tom Christensen.
750 - djm@cvs.openbsd.org 2010/08/12 21:49:44
752 close any extra file descriptors inherited from parent at start and
753 reopen stdin/stdout to /dev/null when forking for ControlPersist.
755 prevents tools that fork and run a captive ssh for communication from
756 failing to exit when the ssh completes while they wait for these fds to
757 close. The inherited fds may persist arbitrarily long if a background
758 mux master has been started by ControlPersist. cvs and scp were effected
761 "please commit" markus@
762 - (djm) [regress/README.regress] typo
765 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
766 regress/test-exec.sh] Under certain conditions when testing with sudo
767 tests would fail because the pidfile could not be read by a regular user.
768 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
769 Make sure cat is run by $SUDO. no objection from me. djm@
770 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
773 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
774 already set. Makes FreeBSD user openable tunnels useful; patch from
775 richard.burakowski+ossh AT mrburak.net, ok dtucker@
776 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
777 based in part on a patch from Colin Watson, ok djm@
781 - djm@cvs.openbsd.org 2010/08/08 16:26:42
784 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
785 [contrib/suse/openssh.spec] Crank version numbers
789 - djm@cvs.openbsd.org 2010/08/04 05:37:01
790 [ssh.1 ssh_config.5 sshd.8]
791 Remove mentions of weird "addr/port" alternate address format for IPv6
792 addresses combinations. It hasn't worked for ages and we have supported
793 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
794 - djm@cvs.openbsd.org 2010/08/04 05:40:39
795 [PROTOCOL.certkeys ssh-keygen.c]
796 tighten the rules for certificate encoding by requiring that options
797 appear in lexical order and make our ssh-keygen comply. ok markus@
798 - djm@cvs.openbsd.org 2010/08/04 05:42:47
799 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
800 [ssh-keysign.c ssh.c]
801 enable certificates for hostbased authentication, from Iain Morgan;
803 - djm@cvs.openbsd.org 2010/08/04 05:49:22
805 commited the wrong version of the hostbased certificate diff; this
806 version replaces some strlc{py,at} verbosity with xasprintf() at
807 the request of markus@
808 - djm@cvs.openbsd.org 2010/08/04 06:07:11
809 [ssh-keygen.1 ssh-keygen.c]
810 Support CA keys in PKCS#11 tokens; feedback and ok markus@
811 - djm@cvs.openbsd.org 2010/08/04 06:08:40
813 clean for -Wuninitialized (Id sync only; portable had this change)
814 - djm@cvs.openbsd.org 2010/08/05 13:08:42
816 Fix a trio of bugs in the local/remote window calculation for datagram
817 data channels (i.e. TunnelForward):
819 Calculate local_consumed correctly in channel_handle_wfd() by measuring
820 the delta to buffer_len(c->output) from when we start to when we finish.
821 The proximal problem here is that the output_filter we use in portable
822 modified the length of the dequeued datagram (to futz with the headers
825 In channel_output_poll(), don't enqueue datagrams that won't fit in the
826 peer's advertised packet size (highly unlikely to ever occur) or which
827 won't fit in the peer's remaining window (more likely).
829 In channel_input_data(), account for the 4-byte string header in
830 datagram packets that we accept from the peer and enqueue in c->output.
832 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
836 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
837 PAM to sane values in case the PAM method doesn't write to them. Spotted by
838 Bitman Zhou, ok djm@.
840 - djm@cvs.openbsd.org 2010/07/16 04:45:30
842 avoid bogus compiler warning
843 - djm@cvs.openbsd.org 2010/07/16 14:07:35
845 more timing paranoia - compare all parts of the expected decrypted
846 data before returning. AFAIK not exploitable in the SSH protocol.
848 - djm@cvs.openbsd.org 2010/07/19 03:16:33
850 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
851 upload depth checks and causing verbose printing of transfers to always
852 be turned on; patch from imorgan AT nas.nasa.gov
853 - djm@cvs.openbsd.org 2010/07/19 09:15:12
854 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
855 add a "ControlPersist" option that automatically starts a background
856 ssh(1) multiplex master when connecting. This connection can stay alive
857 indefinitely, or can be set to automatically close after a user-specified
858 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
859 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
860 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
861 - djm@cvs.openbsd.org 2010/07/21 02:10:58
863 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
864 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
866 Ciphers is documented in ssh_config(5) these days
869 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
870 details about its behaviour WRT existing directories. Patch from
871 asguthrie at gmail com, ok djm.
874 - (djm) OpenBSD CVS Sync
875 - djm@cvs.openbsd.org 2010/07/02 04:32:44
877 unbreak strdelim() skipping past quoted strings, e.g.
878 AllowUsers "blah blah" blah
879 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
881 - djm@cvs.openbsd.org 2010/07/12 22:38:52
883 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
884 for protocol 2. ok markus@
885 - djm@cvs.openbsd.org 2010/07/12 22:41:13
887 expand %h to the hostname in ssh_config Hostname options. While this
888 sounds useless, it is actually handy for working with unqualified
894 Hostname %h.example.org
897 - djm@cvs.openbsd.org 2010/07/13 11:52:06
898 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
900 implement a timing_safe_cmp() function to compare memory without leaking
901 timing information by short-circuiting like memcmp() and use it for
902 some of the more sensitive comparisons (though nothing high-value was
903 readily attackable anyway); "looks ok" markus@
904 - djm@cvs.openbsd.org 2010/07/13 23:13:16
905 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
907 s/timing_safe_cmp/timingsafe_bcmp/g
908 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
910 finally ssh synopsis looks nice again! this commit just removes a ton of
911 hacks we had in place to make it work with old groff;
912 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
914 repair incorrect block nesting, which screwed up indentation;
915 problem reported and fix OK by jmc@
918 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
919 (line 77) should have been for no_x11_askpass.
922 - (djm) OpenBSD CVS Sync
923 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
926 - djm@cvs.openbsd.org 2010/06/26 23:04:04
928 oops, forgot to #include <canohost.h>; spotted and patch from chl@
929 - djm@cvs.openbsd.org 2010/06/29 23:15:30
930 [ssh-keygen.1 ssh-keygen.c]
931 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
933 - djm@cvs.openbsd.org 2010/06/29 23:16:46
934 [auth2-pubkey.c sshd_config.5]
935 allow key options (command="..." and friends) in AuthorizedPrincipals;
937 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
940 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
943 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
946 - millert@cvs.openbsd.org 2010/07/01 13:06:59
948 Fix a longstanding problem where if you suspend scp at the
949 password/passphrase prompt the terminal mode is not restored.
951 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
953 fix how we run the tests so we can successfully use SUDO='sudo -E'
955 - djm@cvs.openbsd.org 2010/06/29 23:59:54
957 regress tests for key options in AuthorizedPrincipals
960 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
964 - (djm) OpenBSD CVS Sync
965 - djm@cvs.openbsd.org 2010/05/21 05:00:36
967 colon() returns char*, so s/return (0)/return NULL/
968 - markus@cvs.openbsd.org 2010/06/08 21:32:19
970 check length of value returned C_GetAttributValue for != 0
971 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
972 - djm@cvs.openbsd.org 2010/06/17 07:07:30
974 Correct sizing of object to be allocated by calloc(), replacing
975 sizeof(state) with sizeof(*state). This worked by accident since
976 the struct contained a single int at present, but could have broken
977 in the future. patch from hyc AT symas.com
978 - djm@cvs.openbsd.org 2010/06/18 00:58:39
980 unbreak ls in working directories that contains globbing characters in
981 their pathnames. bz#1655 reported by vgiffin AT apple.com
982 - djm@cvs.openbsd.org 2010/06/18 03:16:03
984 Missing check for chroot_director == "none" (we already checked against
985 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
986 - djm@cvs.openbsd.org 2010/06/18 04:43:08
988 fix memory leak in do_realpath() error path; bz#1771, patch from
990 - djm@cvs.openbsd.org 2010/06/22 04:22:59
991 [servconf.c sshd_config.5]
992 expose some more sshd_config options inside Match blocks:
993 AuthorizedKeysFile AuthorizedPrincipalsFile
994 HostbasedUsesNameFromPacketOnly PermitTunnel
995 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
996 - djm@cvs.openbsd.org 2010/06/22 04:32:06
998 standardise error messages when attempting to open private key
999 files to include "progname: filename: error reason"
1000 bz#1783; ok dtucker@
1001 - djm@cvs.openbsd.org 2010/06/22 04:49:47
1003 queue auth debug messages for bad ownership or permissions on the user's
1004 keyfiles. These messages will be sent after the user has successfully
1005 authenticated (where our client will display them with LogLevel=debug).
1006 bz#1554; ok dtucker@
1007 - djm@cvs.openbsd.org 2010/06/22 04:54:30
1009 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
1010 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
1011 - djm@cvs.openbsd.org 2010/06/22 04:59:12
1013 include the user name on "subsystem request for ..." log messages;
1014 bz#1571; ok dtucker@
1015 - djm@cvs.openbsd.org 2010/06/23 02:59:02
1017 fix printing of extensions in v01 certificates that I broke in r1.190
1018 - djm@cvs.openbsd.org 2010/06/25 07:14:46
1019 [channels.c mux.c readconf.c readconf.h ssh.h]
1020 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
1021 forwards per direction; ok markus@ stevesk@
1022 - djm@cvs.openbsd.org 2010/06/25 07:20:04
1023 [channels.c session.c]
1024 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
1025 internal-sftp accidentally introduced in r1.253 by removing the code
1026 that opens and dup /dev/null to stderr and modifying the channels code
1027 to read stderr but discard it instead; ok markus@
1028 - djm@cvs.openbsd.org 2010/06/25 08:46:17
1029 [auth1.c auth2-none.c]
1030 skip the initial check for access with an empty password when
1031 PermitEmptyPasswords=no; bz#1638; ok markus@
1032 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1034 log the hostname and address that we connected to at LogLevel=verbose
1035 after authentication is successful to mitigate "phishing" attacks by
1036 servers with trusted keys that accept authentication silently and
1037 automatically before presenting fake password/passphrase prompts;
1039 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1041 log the hostname and address that we connected to at LogLevel=verbose
1042 after authentication is successful to mitigate "phishing" attacks by
1043 servers with trusted keys that accept authentication silently and
1044 automatically before presenting fake password/passphrase prompts;
1048 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
1052 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
1053 rather than assuming that $CWD == $HOME. bz#1500, patch from
1054 timothy AT gelter.com
1057 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
1058 minires-devel package, and to add the reference to the libedit-devel
1059 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
1062 - (djm) OpenBSD CVS Sync
1063 - djm@cvs.openbsd.org 2010/05/07 11:31:26
1064 [regress/Makefile regress/cert-userkey.sh]
1065 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
1066 feedback and ok markus@
1067 - djm@cvs.openbsd.org 2010/05/11 02:58:04
1069 don't accept certificates marked as "cert-authority" here; ok markus@
1070 - djm@cvs.openbsd.org 2010/05/14 00:47:22
1072 check that the certificate matches the corresponding private key before
1074 - djm@cvs.openbsd.org 2010/05/14 23:29:23
1075 [channels.c channels.h mux.c ssh.c]
1076 Pause the mux channel while waiting for reply from aynch callbacks.
1077 Prevents misordering of replies if new requests arrive while waiting.
1079 Extend channel open confirm callback to allow signalling failure
1080 conditions as well as success. Use this to 1) fix a memory leak, 2)
1081 start using the above pause mechanism and 3) delay sending a success/
1082 failure message on mux slave session open until we receive a reply from
1085 motivated by and with feedback from markus@
1086 - markus@cvs.openbsd.org 2010/05/16 12:55:51
1087 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
1088 mux support for remote forwarding with dynamic port allocation,
1090 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
1091 feedback and ok djm@
1092 - djm@cvs.openbsd.org 2010/05/20 11:25:26
1094 fix logspam when key options (from="..." especially) deny non-matching
1095 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
1096 - djm@cvs.openbsd.org 2010/05/20 23:46:02
1097 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
1098 Move the permit-* options to the non-critical "extensions" field for v01
1099 certificates. The logic is that if another implementation fails to
1100 implement them then the connection just loses features rather than fails
1106 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
1107 circular dependency problem on old or odd platforms. From Tom Lane, ok
1109 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
1110 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
1111 already. ok dtucker@
1115 - djm@cvs.openbsd.org 2010/04/23 01:47:41
1117 bz#1740: display a more helpful error message when $HOME is
1118 inaccessible while trying to create .ssh directory. Based on patch
1119 from jchadima AT redhat.com; ok dtucker@
1120 - djm@cvs.openbsd.org 2010/04/23 22:27:38
1122 set "detach_close" flag when registering channel cleanup callbacks.
1123 This causes the channel to close normally when its fds close and
1124 hangs when terminating a mux slave using ~. bz#1758; ok markus@
1125 - djm@cvs.openbsd.org 2010/04/23 22:42:05
1127 set stderr to /dev/null for subsystems rather than just closing it.
1128 avoids hangs if a subsystem or shell initialisation writes to stderr.
1130 - djm@cvs.openbsd.org 2010/04/23 22:48:31
1132 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
1133 since we would refuse to use them anyway. bz#1516; ok dtucker@
1134 - djm@cvs.openbsd.org 2010/04/26 22:28:24
1136 bz#1502: authctxt.success is declared as an int, but passed by
1137 reference to function that accepts sig_atomic_t*. Convert it to
1138 the latter; ok markus@ dtucker@
1139 - djm@cvs.openbsd.org 2010/05/01 02:50:50
1142 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
1144 restore mput and mget which got lost in the tab-completion changes.
1145 found by Kenneth Whitaker, ok djm@
1146 - djm@cvs.openbsd.org 2010/05/07 11:30:30
1147 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
1148 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
1149 add some optional indirection to matching of principal names listed
1150 in certificates. Currently, a certificate must include the a user's name
1151 to be accepted for authentication. This change adds the ability to
1152 specify a list of certificate principal names that are acceptable.
1154 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
1155 this adds a new principals="name1[,name2,...]" key option.
1157 For CAs listed through sshd_config's TrustedCAKeys option, a new config
1158 option "AuthorizedPrincipalsFile" specifies a per-user file containing
1159 the list of acceptable names.
1161 If either option is absent, the current behaviour of requiring the
1162 username to appear in principals continues to apply.
1164 These options are useful for role accounts, disjoint account namespaces
1165 and "user@realm"-style naming policies in certificates.
1167 feedback and ok markus@
1168 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
1173 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
1174 in the openssl install directory (some newer openssl versions do this on at
1175 least some amd64 platforms).
1179 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
1181 tweak previous; ok djm
1182 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
1183 [ssh-keygen.1 ssh-keygen.c]
1184 tweak previous; ok djm
1185 - djm@cvs.openbsd.org 2010/04/16 21:14:27
1187 oops, %r => remote username, not %u
1188 - djm@cvs.openbsd.org 2010/04/16 01:58:45
1189 [regress/cert-hostkey.sh regress/cert-userkey.sh]
1190 regression tests for v01 certificate format
1191 includes interop tests for v00 certs
1192 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
1196 - (djm) Release openssh-5.5p1
1198 - djm@cvs.openbsd.org 2010/03/26 03:13:17
1200 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
1201 argument to allow skipping past values in a buffer
1202 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
1205 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
1207 tweak previous; ok dtucker
1208 - djm@cvs.openbsd.org 2010/04/10 00:00:16
1210 bz#1746 - suppress spurious tty warning when using -O and stdin
1211 is not a tty; ok dtucker@ markus@
1212 - djm@cvs.openbsd.org 2010/04/10 00:04:30
1214 fix terminology: we didn't find a certificate in known_hosts, we found
1216 - djm@cvs.openbsd.org 2010/04/10 02:08:44
1218 bz#1698: kill channel when pty allocation requests fail. Fixed
1219 stuck client if the server refuses pty allocation.
1220 ok dtucker@ "think so" markus@
1221 - djm@cvs.openbsd.org 2010/04/10 02:10:56
1223 show the key type that we are offering in debug(), helps distinguish
1224 between certs and plain keys as the path to the private key is usually
1226 - djm@cvs.openbsd.org 2010/04/10 05:48:16
1228 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
1229 - djm@cvs.openbsd.org 2010/04/14 22:27:42
1230 [ssh_config.5 sshconnect.c]
1231 expand %r => remote username in ssh_config:ProxyCommand;
1233 - markus@cvs.openbsd.org 2010/04/15 20:32:55
1235 retry lookup for private key if there's no matching key with CKA_SIGN
1236 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
1238 - djm@cvs.openbsd.org 2010/04/16 01:47:26
1239 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
1240 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
1241 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
1242 [sshconnect.c sshconnect2.c sshd.c]
1243 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
1246 move the nonce field to the beginning of the certificate where it can
1247 better protect against chosen-prefix attacks on the signature hash
1249 Rename "constraints" field to "critical options"
1251 Add a new non-critical "extensions" field
1255 The older format is still support for authentication and cert generation
1256 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)