2 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
3 Hands' greatly revised version.
7 - (djm) [configure.ac log.c scp.c sshconnect2.c openbsd-compat/vis.c]
8 [openbsd-compat/vis.h] FreeBSD's strnvis isn't compatible with OpenBSD's
9 so mark it as broken. Patch from des AT des.no
12 - (tim) [configure.ac] OpenServer 5 wants lastlog even though it has none
13 of the bits the configure test looks for.
16 - (djm) [configure.ac] Disable utmp, wtmp and/or lastlog if the platform
17 is unable to successfully compile them. Based on patch from des AT
19 - (djm) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
20 Add a usleep replacement for platforms that lack it; ok dtucker
21 - (djm) [session.c] FreeBSD needs setusercontext(..., LOGIN_SETUMASK) to
22 occur after UID switch; patch from John Marshall via des AT des.no;
26 - (dtucker) [regress/Makefile regress/cipher-speed.sh regress/test-exec.sh]
27 Improve portability of cipher-speed test, based mostly on a patch from
29 - (dtucker) [auth.c configure.ac platform.c platform.h] Accept uid 2 ("bin")
30 in addition to root as an owner of system directories on AIX and HP-UX.
34 - (dtucker) [INSTALL] Bump documented autoconf version to what we're
36 - (dtucker) [defines.h] Remove SIZEOF_CHAR bits since the test for it
37 was removed in configure.ac rev 1.481 as it was redundant.
38 - (tim) [Makefile.in] Add another missing $(EXEEXT) I should have seen 3 days
40 - (djm) [configure.ac] Add a timeout to the select/rlimit test to give it a
41 chance to complete on broken systems; ok dtucker@
44 - (dtucker) [regress/forward-control.sh] Wait longer for the forwarding
45 connection to start so that the test works on slower machines.
46 - (dtucker) [configure.ac] test that we can set number of file descriptors
47 to zero with setrlimit before enabling the rlimit sandbox. This affects
48 (at least) HPUX 11.11.
51 - (djm) [regress/modpipe.c] Compilation fix for AIX and parsing fix for
52 HP/UX. Spotted by Kevin Brott
53 - (dtucker) [configure.ac] use "=" for shell test and not "==". Spotted by
54 Amit Kulkarni and Kevin Brott.
55 - (dtucker) [Makefile.in] Remove trailing "\" on PATHS, which caused obscure
56 build breakage on (at least) HP-UX 11.11. Found by Amit Kulkarni and Kevin
58 - (tim) [Makefile.in] Add missing $(EXEEXT). Found by Roumen Petrov.
61 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
62 [contrib/suse/openssh.spec] Crank version numbers
63 - (tim) [regress/forward-control.sh] use sh in case login shell is csh.
64 - (tim) [regress/integrity.sh] shell portability fix.
65 - (tim) [regress/integrity.sh] keep old solaris awk from hanging.
66 - (tim) [regress/krl.sh] keep old solaris awk from hanging.
70 - djm@cvs.openbsd.org 2013/02/20 08:27:50
72 Add an option to modpipe that warns if the modification offset it not
73 reached in it's stream and turn it on for t-integrity. This should catch
74 cases where the session is not fuzzed for being too short (cf. my last
76 - (djm) [regress/integrity.sh] Run sshd via $SUDO; fixes tinderbox breakage
77 for UsePAM=yes configuration
80 - (dtucker) [configure.ac ssh-gss.h] bz#2073: additional #includes needed
81 to use Solaris native GSS libs. Patch from Pierre Ossman.
84 - (djm) [configure.ac includes.h loginrec.c mux.c sftp.c] Prefer
85 bsd/libutil.h to libutil.h to avoid deprecation warnings on Ubuntu.
89 - (dtucker) [Makefile.in configure.ac] bz#2072: don't link krb5 libs to
90 ssh(1) since they're not needed. Patch from Pierre Ossman, ok djm.
91 - (dtucker) [configure.ac] bz#2073: look for Solaris' differently-named
92 libgss too. Patch from Pierre Ossman, ok djm.
93 - (djm) [configure.ac sandbox-seccomp-filter.c] Support for Linux
94 seccomp-bpf sandbox on ARM. Patch from shawnlandden AT gmail.com;
98 - (tim) [regress/forward-control.sh] shell portability fix.
101 - (tim) [regress/cipher-speed.sh regress/try-ciphers.sh] shell portability fix.
102 - (tim) [krl.c Makefile.in regress/Makefile regress/modpipe.c] remove unneeded
103 err.h include from krl.c. Additional portability fixes for modpipe. OK djm
105 - djm@cvs.openbsd.org 2013/02/20 08:27:50
106 [regress/integrity.sh regress/modpipe.c]
107 Add an option to modpipe that warns if the modification offset it not
108 reached in it's stream and turn it on for t-integrity. This should catch
109 cases where the session is not fuzzed for being too short (cf. my last
111 - djm@cvs.openbsd.org 2013/02/20 08:29:27
113 s/Id/OpenBSD/ in RCS tag
117 - djm@cvs.openbsd.org 2013/02/18 22:26:47
119 crank the offset yet again; it was still fuzzing KEX one of Darren's
120 portable test hosts at 2800
121 - djm@cvs.openbsd.org 2013/02/19 02:14:09
123 oops, forgot to increase the output of the ssh command to ensure that
124 we actually reach $offset
125 - (djm) [regress/integrity.sh] Skip SHA2-based MACs on configurations that
126 lack support for SHA2.
127 - (djm) [regress/modpipe.c] Add local err, and errx functions for platforms
128 that do not have them.
132 - djm@cvs.openbsd.org 2013/02/17 23:16:55
134 make the ssh command generates some output to ensure that there are at
135 least offset+tries bytes in the stream.
139 - djm@cvs.openbsd.org 2013/02/16 06:08:45
141 make sure the fuzz offset is actually past the end of KEX for all KEX
142 types. diffie-hellman-group-exchange-sha256 requires an offset around
143 2700. Noticed via test failures in portable OpenSSH on platforms that
144 lack ECC and this the more byte-frugal ECDH KEX algorithms.
147 - (djm) [contrib/suse/rc.sshd] Use SSHD_BIN consistently; bz#2056 from
149 - (dtucker) [configure.ac openbsd-compat/bsd-misc.c openbsd-compat/bsd-misc.h]
150 Use getpgrp() if we don't have getpgid() (old BSDs, maybe others).
151 - (dtucker) [configure.ac openbsd-compat/Makefile.in openbsd-compat/strtoull.c
152 openbsd-compat/openbsd-compat.h] Add strtoull to compat library for
153 platforms that don't have it.
154 - (dtucker) [openbsd-compat/openbsd-compat.h] Add prototype for strtoul,
155 group strto* function prototypes together.
156 - (dtucker) [openbsd-compat/bsd-misc.c] Handle the case where setpgrp() takes
157 an argument. Pointed out by djm.
158 - (djm) OpenBSD CVS Sync
159 - djm@cvs.openbsd.org 2013/02/14 21:35:59
161 Correct error message that had a typo and was logging the wrong thing;
162 patch from Petr Lautrbach
163 - dtucker@cvs.openbsd.org 2013/02/15 00:21:01
165 Warn more loudly if an IdentityFile provided by the user cannot be read.
169 - (djm) [regress/krl.sh] Don't use ecdsa keys in environment that lack ECC.
170 - (djm) [regress/krl.sh] typo; found by Iain Morgan
171 - (djm) [regress/integrity.sh] Start fuzzing from offset 2500 (instead
172 of 2300) to avoid clobbering the end of (non-MAC'd) KEX. Verified by
176 - (djm) OpenBSD CVS Sync
177 - djm@cvs.openbsd.org 2013/01/24 21:45:37
179 fix handling of (unused) KRL signatures; skip string in correct buffer
180 - djm@cvs.openbsd.org 2013/01/24 22:08:56
182 skip serial lookup when cert's serial number is zero
183 - krw@cvs.openbsd.org 2013/01/25 05:00:27
185 Revert last. Breaks due to likely typo. Let djm@ fix later.
187 - djm@cvs.openbsd.org 2013/01/25 10:22:19
189 redo last commit without the vi-vomit that snuck in:
190 skip serial lookup when cert's serial number is zero
191 (now with 100% better comment)
192 - djm@cvs.openbsd.org 2013/01/26 06:11:05
193 [Makefile.in acss.c acss.h cipher-acss.c cipher.c]
194 [openbsd-compat/openssl-compat.h]
195 remove ACSS, now that it is gone from libcrypto too
196 - djm@cvs.openbsd.org 2013/01/27 10:06:12
198 actually use the xrealloc() return value; spotted by xi.wang AT gmail.com
199 - dtucker@cvs.openbsd.org 2013/02/06 00:20:42
200 [servconf.c sshd_config sshd_config.5]
201 Change default of MaxStartups to 10:30:100 to start doing random early
202 drop at 10 connections up to 100 connections. This will make it harder
203 to DoS as CPUs have come a long way since the original value was set
204 back in 2000. Prompted by nion at debian org, ok markus@
205 - dtucker@cvs.openbsd.org 2013/02/06 00:22:21
207 Fix comment, from jfree.e1 at gmail
208 - djm@cvs.openbsd.org 2013/02/08 00:41:12
210 fix NULL deref when built without libedit and control characters
211 entered as command; debugging and patch from Iain Morgan an
212 Loganaden Velvindron in bz#1956
213 - markus@cvs.openbsd.org 2013/02/10 21:19:34
216 - djm@cvs.openbsd.org 2013/02/10 23:32:10
218 append to moduli file when screening candidates rather than overwriting.
219 allows resumption of interrupted screen; patch from Christophe Garault
220 in bz#1957; ok dtucker@
221 - djm@cvs.openbsd.org 2013/02/10 23:35:24
223 record "Received disconnect" messages at ERROR rather than INFO priority,
224 since they are abnormal and result in a non-zero ssh exit status; patch
225 from Iain Morgan in bz#2057; ok dtucker@
226 - dtucker@cvs.openbsd.org 2013/02/11 21:21:58
228 Add openssl version to debug output similar to the client. ok markus@
229 - djm@cvs.openbsd.org 2013/02/11 23:58:51
230 [regress/try-ciphers.sh]
232 - (djm) [regress/try-ciphers.sh] clean up CVS merge botch
235 - (djm) [configure.ac openbsd-compat/openssl-compat.h] Repair build on old
236 libcrypto that lacks EVP_CIPHER_CTX_ctrl
239 - (djm) [contrib/redhat/sshd.init] treat RETVAL as an integer;
240 patch from Iain Morgan in bz#2059
241 - (dtucker) [configure.ac openbsd-compat/sys-tree.h] Test if compiler allows
242 __attribute__ on return values and work around if necessary. ok djm@
245 - (djm) [configure.ac] Don't probe seccomp capability of running kernel
246 at configure time; the seccomp sandbox will fall back to rlimit at
247 runtime anyway. Patch from plautrba AT redhat.com in bz#2011
250 - (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
251 Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
252 prototypes for openssl-1.0.0-fips.
253 - (djm) OpenBSD CVS Sync
254 - jmc@cvs.openbsd.org 2013/01/18 07:57:47
257 - jmc@cvs.openbsd.org 2013/01/18 07:59:46
259 -u before -V in usage();
260 - jmc@cvs.openbsd.org 2013/01/18 08:00:49
263 - jmc@cvs.openbsd.org 2013/01/18 08:39:04
265 add -Q to the options list; ok djm
266 - jmc@cvs.openbsd.org 2013/01/18 21:48:43
268 command-line (adj.) -> command line (n.);
269 - jmc@cvs.openbsd.org 2013/01/19 07:13:25
271 fix some formatting; ok djm
272 - markus@cvs.openbsd.org 2013/01/19 12:34:55
274 RB_INSERT does not remove existing elments; ok djm@
275 - (djm) [openbsd-compat/sys-tree.h] Sync with OpenBSD. krl.c needs newer
277 - (djm) [regress/krl.sh] replacement for jot; most platforms lack it
280 - (djm) OpenBSD CVS Sync
281 - djm@cvs.openbsd.org 2013/01/17 23:00:01
282 [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
283 [krl.c krl.h PROTOCOL.krl]
284 add support for Key Revocation Lists (KRLs). These are a compact way to
285 represent lists of revoked keys and certificates, taking as little as
286 a single bit of incremental cost to revoke a certificate by serial number.
287 KRLs are loaded via the existing RevokedKeys sshd_config option.
288 feedback and ok markus@
289 - djm@cvs.openbsd.org 2013/01/18 00:45:29
290 [regress/Makefile regress/cert-userkey.sh regress/krl.sh]
291 Tests for Key Revocation Lists (KRLs)
292 - djm@cvs.openbsd.org 2013/01/18 03:00:32
294 fix KRL generation bug for list sections
297 - (djm) [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
298 check for GCM support before testing GCM ciphers.
301 - (djm) OpenBSD CVS Sync
302 - djm@cvs.openbsd.org 2013/01/12 11:22:04
304 improve error message for integrity failure in AES-GCM modes; ok markus@
305 - djm@cvs.openbsd.org 2013/01/12 11:23:53
306 [regress/cipher-speed.sh regress/integrity.sh regress/try-ciphers.sh]
307 test AES-GCM modes; feedback markus@
308 - (djm) [regress/integrity.sh] repair botched merge
311 - (djm) OpenBSD CVS Sync
312 - dtucker@cvs.openbsd.org 2012/12/14 05:26:43
314 use correct string in error message; from rustybsd at gmx.fr
315 - djm@cvs.openbsd.org 2013/01/02 00:32:07
317 channel_setup_local_fwd_listener() returns 0 on failure, not -ve
318 bz#2055 reported by mathieu.lacage AT gmail.com
319 - djm@cvs.openbsd.org 2013/01/02 00:33:49
321 correct format description for SSH_AGENTC_ADD_RSA_ID_CONSTRAINED
322 bz#2051 from david AT lechnology.com
323 - djm@cvs.openbsd.org 2013/01/03 05:49:36
325 add a couple of ServerOptions members that should be copied to the privsep
326 child (for consistency, in this case they happen only to be accessed in
327 the monitor); ok dtucker@
328 - djm@cvs.openbsd.org 2013/01/03 12:49:01
330 fix description of MAC calculation for EtM modes; ok markus@
331 - djm@cvs.openbsd.org 2013/01/03 12:54:49
332 [sftp-server.8 sftp-server.c]
333 allow specification of an alternate start directory for sftp-server(8)
334 "I like this" markus@
335 - djm@cvs.openbsd.org 2013/01/03 23:22:58
337 allow fingerprinting of keys hosted in PKCS#11 tokens: ssh-keygen -lD ...
339 - jmc@cvs.openbsd.org 2013/01/04 19:26:38
340 [sftp-server.8 sftp-server.c]
341 sftp-server.8: add argument name to -d
342 sftp-server.c: add -d to usage()
344 - markus@cvs.openbsd.org 2013/01/08 18:49:04
345 [PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c]
346 [myproposal.h packet.c ssh_config.5 sshd_config.5]
347 support AES-GCM as defined in RFC 5647 (but with simpler KEX handling)
349 - djm@cvs.openbsd.org 2013/01/09 05:40:17
351 correctly initialise fingerprint type for fingerprinting PKCS#11 keys
352 - (djm) [cipher.c configure.ac openbsd-compat/openssl-compat.h]
353 Fix merge botch, automatically detect AES-GCM in OpenSSL, move a little
354 cipher compat code to openssl-compat.h
357 - (dtucker) [Makefile.in] Add some scaffolding so that the new regress
358 tests will work with VPATH directories.
361 - (djm) OpenBSD CVS Sync
362 - markus@cvs.openbsd.org 2012/12/12 16:45:52
364 reset incoming_packet buffer for each new packet in EtM-case, too;
365 this happens if packets are parsed only parially (e.g. ignore
366 messages sent when su/sudo turn off echo); noted by sthen/millert
367 - naddy@cvs.openbsd.org 2012/12/12 16:46:10
369 use OpenSSL's EVP_aes_{128,192,256}_ctr() API and remove our hand-rolled
370 counter mode code; ok djm@
371 - (djm) [configure.ac cipher-ctr.c] Adapt EVP AES CTR change to retain our
372 compat code for older OpenSSL
373 - (djm) [cipher.c] Fix missing prototype for compat code
376 - (djm) OpenBSD CVS Sync
377 - markus@cvs.openbsd.org 2012/12/11 22:16:21
379 drain the log messages after receiving the keystate from the unpriv
380 child. otherwise it might block while sending. ok djm@
381 - markus@cvs.openbsd.org 2012/12/11 22:31:18
382 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
383 [packet.c ssh_config.5 sshd_config.5]
384 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
385 that change the packet format and compute the MAC over the encrypted
386 message (including the packet size) instead of the plaintext data;
387 these EtM modes are considered more secure and used by default.
389 - sthen@cvs.openbsd.org 2012/12/11 22:51:45
391 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
392 - markus@cvs.openbsd.org 2012/12/11 22:32:56
393 [regress/try-ciphers.sh]
395 - markus@cvs.openbsd.org 2012/12/11 22:42:11
396 [regress/Makefile regress/modpipe.c regress/integrity.sh]
397 test the integrity of the packets; with djm@
398 - markus@cvs.openbsd.org 2012/12/11 23:12:13
400 add hmac-ripemd160-etm@openssh.com
401 - (djm) [mac.c] fix merge botch
402 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
403 work on platforms without 'jot'
404 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
405 - (djm) [regress/Makefile] fix t-exec rule
408 - (dtucker) OpenBSD CVS Sync
409 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
410 [regress/keys-command.sh]
411 Fix some problems with the keys-command test:
412 - use string comparison rather than numeric comparison
413 - check for existing KEY_COMMAND file and don't clobber if it exists
414 - clean up KEY_COMMAND file if we do create it.
415 - check that KEY_COMMAND is executable (which it won't be if eg /var/run
418 - jmc@cvs.openbsd.org 2012/12/03 08:33:03
419 [ssh-add.1 sshd_config.5]
421 - markus@cvs.openbsd.org 2012/12/05 15:42:52
423 prevent double-free of comment; ok djm@
424 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
426 Cast signal to int for logging. A no-op on openbsd (they're always ints)
427 but will prevent warnings in portable. ok djm@
430 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
433 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
434 TAILQ_FOREACH_SAFE needed for upcoming changes.
435 - (djm) OpenBSD CVS Sync
436 - djm@cvs.openbsd.org 2012/12/02 20:26:11
437 [ssh_config.5 sshconnect2.c]
438 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
439 This allows control of which keys are offered from tokens using
440 IdentityFile. ok markus@
441 - djm@cvs.openbsd.org 2012/12/02 20:42:15
442 [ssh-add.1 ssh-add.c]
443 make deleting explicit keys "ssh-add -d" symmetric with adding keys -
444 try to delete the corresponding certificate too and respect the -k option
445 to allow deleting of the key only; feedback and ok markus@
446 - djm@cvs.openbsd.org 2012/12/02 20:46:11
447 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
449 make AllowTcpForwarding accept "local" and "remote" in addition to its
450 current "yes"/"no" to allow the server to specify whether just local or
451 remote TCP forwarding is enabled. ok markus@
452 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
453 [regress/cipher-speed.sh regress/try-ciphers.sh]
454 Add umac-128@openssh.com to the list of MACs to be tested
455 - djm@cvs.openbsd.org 2012/10/19 05:10:42
456 [regress/cert-userkey.sh]
457 include a serial number when generating certs
458 - djm@cvs.openbsd.org 2012/11/22 22:49:30
459 [regress/Makefile regress/keys-command.sh]
460 regress for AuthorizedKeysCommand; hints from markus@
461 - djm@cvs.openbsd.org 2012/12/02 20:47:48
462 [Makefile regress/forward-control.sh]
463 regress for AllowTcpForwarding local/remote; ok markus@
464 - djm@cvs.openbsd.org 2012/12/03 00:14:06
465 [auth2-chall.c ssh-keygen.c]
466 Fix compilation with -Wall -Werror (trivial type fixes)
467 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
468 debugging. ok dtucker@
469 - (djm) [configure.ac] Revert previous. configure.ac already does this
473 - (djm) OpenBSD CVS Sync
474 - djm@cvs.openbsd.org 2012/11/14 02:24:27
476 fix username passed to helper program
477 prepare stdio fds before closefrom()
479 - djm@cvs.openbsd.org 2012/11/14 02:32:15
481 allow the full range of unsigned serial numbers; 'fine' deraadt@
482 - djm@cvs.openbsd.org 2012/12/02 20:34:10
483 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
484 [monitor.c monitor.h]
485 Fixes logging of partial authentication when privsep is enabled
486 Previously, we recorded "Failed xxx" since we reset authenticated before
487 calling auth_log() in auth2.c. This adds an explcit "Partial" state.
489 Add a "submethod" to auth_log() to report which submethod is used
490 for keyboard-interactive.
492 Fix multiple authentication when one of the methods is
493 keyboard-interactive.
496 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
497 [regress/multiplex.sh]
498 Use 'kill -0' to test for the presence of a pid since it's more portable
501 - (djm) OpenBSD CVS Sync
502 - eric@cvs.openbsd.org 2011/11/28 08:46:27
506 - jmc@cvs.openbsd.org 2012/09/26 17:34:38
508 last stage of rfc changes, using consistent Rs/Re blocks, and moving the
509 references into a STANDARDS section;
512 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
513 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
514 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
515 and gids from uidswap.c to the compat library, which allows it to work with
516 the new setresuid calls in auth2-pubkey. with tim@, ok djm@
517 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
518 don't have it. Spotted by tim@.
521 - (djm) OpenBSD CVS Sync
522 - jmc@cvs.openbsd.org 2012/10/31 08:04:50
525 - djm@cvs.openbsd.org 2012/11/04 10:38:43
526 [auth2-pubkey.c sshd.c sshd_config.5]
527 Remove default of AuthorizedCommandUser. Administrators are now expected
528 to explicitly specify a user. feedback and ok markus@
529 - djm@cvs.openbsd.org 2012/11/04 11:09:15
530 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
532 Support multiple required authentication via an AuthenticationMethods
533 option. This option lists one or more comma-separated lists of
534 authentication method names. Successful completion of all the methods in
535 any list is required for authentication to complete;
536 feedback and ok markus@
539 - (djm) OpenBSD CVS Sync
540 - markus@cvs.openbsd.org 2012/10/05 12:34:39
542 fix signed vs unsigned warning; feedback & ok: djm@
543 - djm@cvs.openbsd.org 2012/10/30 21:29:55
544 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
545 [sshd.c sshd_config sshd_config.5]
546 new sshd_config option AuthorizedKeysCommand to support fetching
547 authorized_keys from a command in addition to (or instead of) from
548 the filesystem. The command is run as the target server user unless
549 another specified via a new AuthorizedKeysCommandUser option.
551 patch originally by jchadima AT redhat.com, reworked by me; feedback
555 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
556 the generated file as intended.
559 - (dtucker) OpenBSD CVS Sync
560 - djm@cvs.openbsd.org 2012/09/17 09:54:44
563 - markus@cvs.openbsd.org 2012/09/17 13:04:11
565 clear old keys on rekeing; ok djm
566 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
568 Add bounds check on sftp tab-completion. Part of a patch from from
569 Jean-Marc Robert via tech@, ok djm
570 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
572 Fix improper handling of absolute paths when PWD is part of the completed
573 path. Patch from Jean-Marc Robert via tech@, ok djm.
574 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
576 Fix handling of filenames containing escaped globbing characters and
577 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
578 - jmc@cvs.openbsd.org 2012/09/26 16:12:13
580 last stage of rfc changes, using consistent Rs/Re blocks, and moving the
581 references into a STANDARDS section;
582 - naddy@cvs.openbsd.org 2012/10/01 13:59:51
585 - djm@cvs.openbsd.org 2012/10/02 07:07:45
587 fix -z option, broken in revision 1.215
588 - markus@cvs.openbsd.org 2012/10/04 13:21:50
589 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
590 add umac128 variant; ok djm@ at n2k12
591 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
592 [regress/try-ciphers.sh]
593 Restore missing space. (Id sync only).
594 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
595 [regress/multiplex.sh]
596 Add test for ssh -Ostop
597 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
598 [regress/multiplex.sh]
599 Log -O cmd output to the log file and make logging consistent with the
600 other tests. Test clean shutdown of an existing channel when testing
602 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
603 [regress/multiplex.sh]
604 use -Ocheck and waiting for completions by PID to make multiplexing test
605 less racy and (hopefully) more reliable on slow hardware.
606 - [Makefile umac.c] Add special-case target to build umac128.o.
607 - [umac.c] Enforce allowed umac output sizes. From djm@.
608 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
611 - (dtucker) OpenBSD CVS Sync
612 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
614 Fix comment line length
615 - markus@cvs.openbsd.org 2012/09/14 16:51:34
617 remove unused variable
620 - (dtucker) OpenBSD CVS Sync
621 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
623 Make the escape command help (~?) context sensitive so that only commands
624 that will work in the current session are shown. ok markus@
625 - jmc@cvs.openbsd.org 2012/09/06 13:57:42
627 missing letter in previous;
628 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
630 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
631 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
633 Merge escape help text for ~v and ~V; ok djm@
634 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
636 when muxmaster is run with -N, make it shut down gracefully when a client
637 sends it "-O stop" rather than hanging around (bz#1985). ok djm@
640 - (dtucker) OpenBSD CVS Sync
641 - jmc@cvs.openbsd.org 2012/08/15 18:25:50
643 a little more info on certificate validity;
644 requested by Ross L Richardson, and provided by djm
645 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
646 [clientloop.c clientloop.h mux.c]
647 Force a clean shutdown of ControlMaster client sessions when the ~. escape
648 sequence is used. This means that ~. should now work in mux clients even
649 if the server is no longer responding. Found by tedu, ok djm.
650 - djm@cvs.openbsd.org 2012/08/17 01:22:56
652 add some comments about better handling first-KEX-follows notifications
653 from the server. Nothing uses these right now. No binary change
654 - djm@cvs.openbsd.org 2012/08/17 01:25:58
656 print details of which host lines were deleted when using
657 "ssh-keygen -R host"; ok markus@
658 - djm@cvs.openbsd.org 2012/08/17 01:30:00
659 [compat.c sshconnect.c]
660 Send client banner immediately, rather than waiting for the server to
661 move first for SSH protocol 2 connections (the default). Patch based on
662 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
663 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
664 [clientloop.c log.c ssh.1 log.h]
665 Add ~v and ~V escape sequences to raise and lower the logging level
666 respectively. Man page help from jmc, ok deraadt jmc
669 - (dtucker) [moduli] Import new moduli file.
672 - (djm) Release openssh-6.1
675 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
676 for compatibility with future mingw-w64 headers. Patch from vinschen at
680 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
681 [contrib/suse/openssh.spec] Update version numbers
684 - (djm) OpenBSD CVS Sync
685 - jmc@cvs.openbsd.org 2012/07/06 06:38:03
687 missing full stop in usage();
688 - djm@cvs.openbsd.org 2012/07/10 02:19:15
689 [servconf.c servconf.h sshd.c sshd_config]
690 Turn on systrace sandboxing of pre-auth sshd by default for new installs
691 by shipping a config that overrides the current UsePrivilegeSeparation=yes
692 default. Make it easier to flip the default in the future by adding too.
693 prodded markus@ feedback dtucker@ "get it in" deraadt@
694 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
696 handle long comments in config files better. bz#2025, ok markus
697 - markus@cvs.openbsd.org 2012/07/22 18:19:21
702 - (dtucker) Import regened moduli file.
705 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
706 not available. Allows use of sshd compiled on host with a filter-capable
707 kernel on hosts that lack the support. bz#2011 ok dtucker@
708 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
709 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
710 esperi.org.uk; ok dtucker@
711 - (djm) OpenBSD CVS Sync
712 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
713 [moduli.c ssh-keygen.1 ssh-keygen.c]
714 Add options to specify starting line number and number of lines to process
715 when screening moduli candidates. This allows processing of different
716 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
717 - djm@cvs.openbsd.org 2012/07/06 01:37:21
719 fix memory leak of passed-in environment variables and connection
720 context when new session message is malformed; bz#2003 from Bert.Wesarg
722 - djm@cvs.openbsd.org 2012/07/06 01:47:38
724 move setting of tty_flag to after config parsing so RequestTTY options
725 are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
729 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
730 platforms that don't have it. "looks good" tim@
733 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
734 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
735 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
736 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
737 benefit is minor, so it's not worth disabling the sandbox if it doesn't
741 - (dtucker) OpenBSD CVS Sync
742 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
743 [ssh_config.5 sshd_config.5]
744 match the documented MAC order of preference to the actual one;
746 - markus@cvs.openbsd.org 2012/06/30 14:35:09
747 [sandbox-systrace.c sshd.c]
748 fix a during the load of the sandbox policies (child can still make
749 the read-syscall and wait forever for systrace-answers) by replacing
750 the read/write synchronisation with SIGSTOP/SIGCONT;
751 report and help hshoexer@; ok djm@, dtucker@
752 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
754 set interactive ToS for forwarded X11 sessions. ok djm@
755 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
756 [ssh-pkcs11-helper.c sftp-client.c]
757 fix a couple of "assigned but not used" warnings. ok markus@
758 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
759 [regress/connect-privsep.sh]
760 remove exit from end of test since it prevents reporting failure
761 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
762 Move cygwin detection to test-exec and use to skip reexec test on cygwin.
763 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
767 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
769 fix strlcpy truncation check. from carsten at debian org, ok markus
770 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
771 [monitor.c sshconnect2.c]
772 remove dead code following 'for (;;)' loops.
773 From Steve.McClellan at radisys com, ok markus@
774 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
776 Remove unused variable leftover from tab-completion changes.
777 From Steve.McClellan at radisys com, ok markus@
778 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
780 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
781 sandbox" since malloc now uses it. From johnw.mail at gmail com.
782 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
783 [mac.c myproposal.h ssh_config.5 sshd_config.5]
784 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
785 from draft6 of the spec and will not be in the RFC when published. Patch
786 from mdb at juniper net via bz#2023, ok markus.
787 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
788 [ssh_config.5 sshd_config.5]
789 match the documented MAC order of preference to the actual one; ok dtucker@
790 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
791 [regress/addrmatch.sh]
792 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
793 to match. Feedback and ok djm@ markus@.
794 - djm@cvs.openbsd.org 2012/06/01 00:47:35
795 [regress/multiplex.sh regress/forwarding.sh]
796 append to rather than truncate test log; bz#2013 from openssh AT
798 - djm@cvs.openbsd.org 2012/06/01 00:52:52
799 [regress/sftp-cmds.sh]
800 don't delete .* on cleanup due to unintended env expansion; pointed out in
801 bz#2014 by openssh AT roumenpetrov.info
802 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
803 [regress/connect-privsep.sh]
804 test sandbox with every malloc option
805 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
806 [regress/try-ciphers.sh regress/cipher-speed.sh]
807 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
808 from draft6 of the spec and will not be in the RFC when published. Patch
809 from mdb at juniper net via bz#2023, ok markus.
810 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
811 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
812 the required functions in libcrypto.
815 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
816 pointer deref in the client when built with LDNS and using DNSSEC with a
817 CNAME. Patch from gregdlg+mr at hochet info.
820 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
821 can logon as a service. Patch from vinschen at redhat com.
824 - (djm) OpenBSD CVS Sync
825 - djm@cvs.openbsd.org 2011/12/02 00:41:56
827 fix bz#1948: ssh -f doesn't fork for multiplexed connection.
829 - djm@cvs.openbsd.org 2011/12/04 23:16:12
833 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
834 > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
836 it interacts badly with ControlPersist
837 - djm@cvs.openbsd.org 2012/01/07 21:11:36
839 fix double-free in new session handler
841 - djm@cvs.openbsd.org 2012/05/23 03:28:28
842 [dns.c dns.h key.c key.h ssh-keygen.c]
843 add support for RFC6594 SSHFP DNS records for ECDSA key types.
844 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
845 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black)
846 - djm@cvs.openbsd.org 2012/06/01 00:49:35
848 correct types of port numbers (integers, not strings); bz#2004 from
849 bert.wesarg AT googlemail.com
850 - djm@cvs.openbsd.org 2012/06/01 01:01:22
852 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
854 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
856 correct sizeof usage. patch from saw at online.de, ok deraadt
857 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
859 RSA instead of DSA twice. From Steve.McClellan at radisys com
860 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
862 Remove mention of 'three' key files since there are now four. From
863 Steve.McClellan at radisys com.
864 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
866 Clarify description of -W. Noted by Steve.McClellan at radisys com,
868 - markus@cvs.openbsd.org 2012/06/19 18:25:28
869 [servconf.c servconf.h sshd_config.5]
870 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
871 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
872 ok djm@ (back in March)
873 - jmc@cvs.openbsd.org 2012/06/19 21:35:54
875 tweak previous; ok markus
876 - djm@cvs.openbsd.org 2012/06/20 04:42:58
877 [clientloop.c serverloop.c]
878 initialise accept() backoff timer to avoid EINVAL from select(2) in
882 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
883 from cjwatson at debian org.
884 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
885 pkg-config so it does the right thing when cross-compiling. Patch from
886 cjwatson at debian org.
887 - (dtucker) OpenBSD CVS Sync
888 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
889 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
890 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
891 to match. Feedback and ok djm@ markus@.
892 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
894 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
897 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
898 to fix building on some plaforms. Fom bowman at math utah edu and
902 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
903 platform rather than exiting early, so that we still clean up and return
904 success or failure to test-exec.sh
907 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
909 - (djm) [auth-krb5.c] Save errno across calls that might modify it;
914 - djm@cvs.openbsd.org 2012/04/23 08:18:17
916 fix function proto/source mismatch
920 - djm@cvs.openbsd.org 2012/02/29 11:21:26
922 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
923 - guenther@cvs.openbsd.org 2012/03/15 03:10:27
925 root should always be excluded from the test for /etc/nologin instead
926 of having it always enforced even when marked as ignorenologin. This
927 regressed when the logic was incompletely flipped around in rev 1.251
929 - djm@cvs.openbsd.org 2012/03/28 07:23:22
931 explain certificate extensions/crit split rationale. Mention requirement
932 that each appear at most once per cert.
933 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
934 [channels.c channels.h servconf.c]
935 Add PermitOpen none option based on patch from Loganaden Velvindron
937 - djm@cvs.openbsd.org 2012/04/11 13:16:19
938 [channels.c channels.h clientloop.c serverloop.c]
939 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
940 while; ok deraadt@ markus@
941 - djm@cvs.openbsd.org 2012/04/11 13:17:54
943 Support "none" as an argument for AuthorizedPrincipalsFile to indicate
944 no file should be read.
945 - djm@cvs.openbsd.org 2012/04/11 13:26:40
947 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
948 while; ok deraadt@ markus@
949 - djm@cvs.openbsd.org 2012/04/11 13:34:17
950 [ssh-keyscan.1 ssh-keyscan.c]
951 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
952 look for them by default; bz#1971
953 - djm@cvs.openbsd.org 2012/04/12 02:42:32
954 [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
955 VersionAddendum option to allow server operators to append some arbitrary
956 text to the SSH-... banner; ok deraadt@ "don't care" markus@
957 - djm@cvs.openbsd.org 2012/04/12 02:43:55
958 [sshd_config sshd_config.5]
959 mention AuthorizedPrincipalsFile=none default
960 - djm@cvs.openbsd.org 2012/04/20 03:24:23
962 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
963 - jmc@cvs.openbsd.org 2012/04/20 16:26:22
965 use "brackets" instead of "braces", for consistency;
968 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
969 [contrib/suse/openssh.spec] Update for release 6.0
970 - (djm) [README] Update URL to release notes.
971 - (djm) Release openssh-6.0
974 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
975 contains openpty() but not login()
978 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
979 mode for Linux's new seccomp filter; patch from Will Drewry; feedback
983 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
984 file from spec file. From crighter at nuclioss com.
985 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
986 openssh binaries on a newer fix release than they were compiled on.
988 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
989 assumptions when building on Cygwin; patch from Corinna Vinschen
992 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
993 systems where sshd is run in te wrong context. Patch from Sven
994 Vermeulen; ok dtucker@
995 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
996 addressed connections. ok dtucker@
999 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
1000 audit breakage in Solaris 11. Patch from Magnus Johansson.
1003 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
1004 unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
1006 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
1008 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
1009 to work. Spotted by Angel Gonzalez
1012 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
1013 preserved Cygwin environment variables; from Corinna Vinschen
1016 - (djm) OpenBSD CVS Sync
1017 - djm@cvs.openbsd.org 2012/01/05 00:16:56
1019 memleak on error path
1020 - djm@cvs.openbsd.org 2012/01/07 21:11:36
1022 fix double-free in new session handler
1023 - miod@cvs.openbsd.org 2012/01/08 13:17:11
1025 Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
1027 - miod@cvs.openbsd.org 2012/01/16 20:34:09
1028 [ssh-pkcs11-client.c]
1029 Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
1030 While there, be sure to buffer_clear() between send_msg() and recv_msg().
1032 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
1034 Ensure that $DISPLAY contains only valid characters before using it to
1035 extract xauth data so that it can't be used to play local shell
1036 metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
1037 - markus@cvs.openbsd.org 2012/01/25 19:26:43
1039 do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
1041 - markus@cvs.openbsd.org 2012/01/25 19:36:31
1043 memleak in key_load_file(); from Jan Klemkow
1044 - markus@cvs.openbsd.org 2012/01/25 19:40:09
1046 packet_read_poll() is not used anymore.
1047 - markus@cvs.openbsd.org 2012/02/09 20:00:18
1049 move from 6.0-beta to 6.0
1052 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
1053 that don't support ECC. Patch from Phil Oleson
1057 - djm@cvs.openbsd.org 2011/12/02 00:41:56
1059 fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1061 - djm@cvs.openbsd.org 2011/12/02 00:43:57
1063 fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
1064 HMAC_init (this change in policy seems insane to me)
1066 - djm@cvs.openbsd.org 2011/12/04 23:16:12
1070 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
1071 > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
1073 it interacts badly with ControlPersist
1074 - djm@cvs.openbsd.org 2011/12/07 05:44:38
1075 [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
1076 fix some harmless and/or unreachable int overflows;
1077 reported Xi Wang, ok markus@
1081 - oga@cvs.openbsd.org 2011/11/16 12:24:28
1083 Don't leak list in complete_cmd_parse if there are no commands found.
1084 Discovered when I was ``borrowing'' this code for something else.
1088 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
1091 - (dtucker) OpenBSD CVS Sync
1092 - djm@cvs.openbsd.org 2011/10/18 05:15:28
1094 ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
1095 - djm@cvs.openbsd.org 2011/10/18 23:37:42
1097 add -k to usage(); reminded by jmc@
1098 - djm@cvs.openbsd.org 2011/10/19 00:06:10
1100 s/tmpfile/tmp/ to make this -Wshadow clean
1101 - djm@cvs.openbsd.org 2011/10/19 10:39:48
1103 typo in comment; patch from Michael W. Bombardieri
1104 - djm@cvs.openbsd.org 2011/10/24 02:10:46
1106 bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
1107 was incorrectly requesting the forward in both the control master and
1108 slave. skip requesting it in the master to fix. ok markus@
1109 - djm@cvs.openbsd.org 2011/10/24 02:13:13
1111 bz#1859: send tty break to pty master instead of (probably already
1112 closed) slave side; "looks good" markus@
1113 - dtucker@cvs.openbsd.org 011/11/04 00:09:39
1115 regenerated moduli file; ok deraadt
1116 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
1117 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
1118 bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
1119 which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
1120 with some rework from myself and djm. ok djm.
1123 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
1124 fails. Patch from Corinna Vinschen.
1127 - (djm) OpenBSD CVS Sync
1128 - djm@cvs.openbsd.org 2011/10/04 14:17:32
1130 silence error spam for "ls */foo" in directory with files; bz#1683
1131 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
1132 [moduli.c ssh-keygen.1 ssh-keygen.c]
1133 Add optional checkpoints for moduli screening. feedback & ok deraadt
1134 - jmc@cvs.openbsd.org 2011/10/16 15:02:41
1136 put -K in the right place (usage());
1137 - stsp@cvs.openbsd.org 2011/10/16 15:51:39
1139 add missing includes to unbreak tree; fix from rpointel
1140 - djm@cvs.openbsd.org 2011/10/18 04:58:26
1141 [auth-options.c key.c]
1142 remove explict search for \0 in packet strings, this job is now done
1143 implicitly by buffer_get_cstring; ok markus
1144 - djm@cvs.openbsd.org 2011/10/18 05:00:48
1145 [ssh-add.1 ssh-add.c]
1146 new "ssh-add -k" option to load plain keys (skipping certificates);
1150 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
1151 - (dtucker) OpenBSD CVS Sync
1152 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
1153 [channels.c auth-options.c servconf.c channels.h sshd.8]
1154 Add wildcard support to PermitOpen, allowing things like "PermitOpen
1155 localhost:*". bz #1857, ok djm markus.
1156 - markus@cvs.openbsd.org 2011/09/23 07:45:05
1157 [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
1159 unbreak remote portforwarding with dynamic allocated listen ports:
1160 1) send the actual listen port in the open message (instead of 0).
1161 this allows multiple forwardings with a dynamic listen port
1162 2) update the matching permit-open entry, so we can identify where
1164 report: den at skbkontur.ru and P. Szczygielski
1165 feedback and ok djm@
1166 - djm@cvs.openbsd.org 2011/09/25 05:44:47
1168 improve the AuthorizedPrincipalsFile debug log message to include
1169 file and line number
1170 - dtucker@cvs.openbsd.org 2011/09/30 00:47:37
1172 don't attempt privsep cleanup when not using privsep; ok markus@
1173 - djm@cvs.openbsd.org 2011/09/30 21:22:49
1175 fix inverted test that caused logspam; spotted by henning@
1178 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
1180 - (dtucker) [configure.ac openbsd-compat/Makefile.in
1181 openbsd-compat/strnlen.c] Add strnlen to the compat library.
1184 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
1185 longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
1186 want this longhand version)
1187 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
1188 upstream version is YPified and we don't want this
1189 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
1190 The file was totally rewritten between what we had in tree and -current.
1191 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
1192 marker. The upstream API has changed (function and structure names)
1193 enough to put it out of sync with other providers of this interface.
1194 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
1195 of static __findenv() function from upstream setenv.c
1197 - millert@cvs.openbsd.org 2006/05/05 15:27:38
1198 [openbsd-compat/strlcpy.c]
1199 Convert do {} while loop -> while {} for clarity. No binary change
1200 on most architectures. From Oliver Smith. OK deraadt@ and henning@
1201 - tobias@cvs.openbsd.org 2007/10/21 11:09:30
1202 [openbsd-compat/mktemp.c]
1203 Comment fix about time consumption of _gettemp.
1204 FreeBSD did this in revision 1.20.
1206 - deraadt@cvs.openbsd.org 2008/07/22 21:47:45
1207 [openbsd-compat/mktemp.c]
1208 use arc4random_uniform(); ok djm millert
1209 - millert@cvs.openbsd.org 2008/08/21 16:54:44
1210 [openbsd-compat/mktemp.c]
1211 Remove useless code, the kernel will set errno appropriately if an
1212 element in the path does not exist. OK deraadt@ pvalchev@
1213 - otto@cvs.openbsd.org 2008/12/09 19:38:38
1214 [openbsd-compat/inet_ntop.c]
1215 fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
1219 - pyr@cvs.openbsd.org 2011/05/12 07:15:10
1220 [openbsd-compat/glob.c]
1221 When the max number of items for a directory has reached GLOB_LIMIT_READDIR
1222 an error is returned but closedir() is not called.
1223 spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
1225 - stsp@cvs.openbsd.org 2011/09/20 10:18:46
1227 In glob(3), limit recursion during matching attempts. Similar to
1228 fnmatch fix. Also collapse consecutive '*' (from NetBSD).
1230 - djm@cvs.openbsd.org 2011/09/22 06:27:29
1232 fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
1233 applied only to the gl_pathv vector and not the corresponding gl_statv
1234 array. reported in OpenSSH bz#1935; feedback and okay matthew@
1235 - djm@cvs.openbsd.org 2011/08/26 01:45:15
1237 Add some missing ssh_config(5) options that can be used in ssh(1)'s
1238 -o argument. Patch from duclare AT guu.fi
1239 - djm@cvs.openbsd.org 2011/09/05 05:56:13
1241 mention ControlPersist and KbdInteractiveAuthentication in the -o
1242 verbiage in these pages too (prompted by jmc@)
1243 - djm@cvs.openbsd.org 2011/09/05 05:59:08
1245 fix typo in IPQoS parsing: there is no "AF14" class, but there is
1246 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1247 - jmc@cvs.openbsd.org 2011/09/05 07:01:44
1249 knock out a useless Ns;
1250 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
1252 typo (they vs the) found by Lawrence Teo
1253 - djm@cvs.openbsd.org 2011/09/09 00:43:00
1254 [ssh_config.5 sshd_config.5]
1255 fix typo in IPQoS parsing: there is no "AF14" class, but there is
1256 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
1257 - djm@cvs.openbsd.org 2011/09/09 00:44:07
1259 MUX_C_CLOSE_FWD includes forward type in message (though it isn't
1261 - djm@cvs.openbsd.org 2011/09/09 22:37:01
1263 suppress adding '--' to remote commandlines when the first argument
1264 does not start with '-'. saves breakage on some difficult-to-upgrade
1265 embedded/router platforms; feedback & ok dtucker ok markus
1266 - djm@cvs.openbsd.org 2011/09/09 22:38:21
1268 kill the preauth privsep child on fatal errors in the monitor;
1270 - djm@cvs.openbsd.org 2011/09/09 22:46:44
1271 [channels.c channels.h clientloop.h mux.c ssh.c]
1272 support for cancelling local and remote port forwards via the multiplex
1273 socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
1274 the cancellation of the specified forwardings; ok markus@
1275 - markus@cvs.openbsd.org 2011/09/10 22:26:34
1276 [channels.c channels.h clientloop.c ssh.1]
1277 support cancellation of local/dynamic forwardings from ~C commandline;
1279 - okan@cvs.openbsd.org 2011/09/11 06:59:05
1281 document new -O cancel command; ok djm@
1282 - markus@cvs.openbsd.org 2011/09/11 16:07:26
1284 fix leaks in do_hardlink() and do_readlink(); bz#1921
1285 from Loganaden Velvindron
1286 - markus@cvs.openbsd.org 2011/09/12 08:46:15
1288 fix leak in do_lsreaddir(); ok djm
1289 - djm@cvs.openbsd.org 2011/09/22 06:29:03
1291 don't let remote_glob() implicitly sort its results in do_globbed_ls() -
1292 in all likelihood, they will be resorted anyway
1295 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From
1299 - (djm) [README version.h] Correct version
1300 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
1301 - (djm) Respin OpenSSH-5.9p1 release
1304 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1305 [contrib/suse/openssh.spec] Update version numbers.
1308 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
1309 regress errors for the sandbox to warnings. ok tim dtucker
1310 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
1311 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
1315 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
1316 to switch SELinux context away from unconfined_t, based on patch from
1317 Jan Chadima; bz#1919 ok dtucker@
1320 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
1323 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
1326 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
1327 OpenSSL 0.9.7. ok djm
1328 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
1329 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
1330 - (djm) [configure.ac] error out if the host lacks the necessary bits for
1331 an explicitly requested sandbox type
1332 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
1333 bisson AT archlinux.org
1334 - (djm) OpenBSD CVS Sync
1335 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
1336 [regress/cfgmatch.sh]
1337 use OBJ to find test configs, patch from Tim Rice
1338 - markus@cvs.openbsd.org 2011/06/30 22:44:43
1339 [regress/connect-privsep.sh]
1340 test with sandbox enabled; ok djm@
1341 - djm@cvs.openbsd.org 2011/08/02 01:23:41
1342 [regress/cipher-speed.sh regress/try-ciphers.sh]
1343 add SHA256/SHA512 based HMAC modes
1344 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
1345 MAC tests for platforms that hack EVP_SHA2 support
1348 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
1349 change error by reporting old and new context names Patch from
1351 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
1352 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
1353 init scrips from imorgan AT nas.nasa.gov; bz#1920
1354 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
1355 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
1356 AT gmail.com; ok dtucker@
1359 - (dtucker) OpenBSD CVS Sync
1360 - jmc@cvs.openbsd.org 2008/06/26 06:59:39
1363 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
1365 "Diffie-Hellman" is the usual spelling for the cryptographic protocol
1366 first published by Whitfield Diffie and Martin Hellman in 1976.
1368 - jmc@cvs.openbsd.org 2010/10/14 20:41:28
1370 probabalistic -> probabilistic; from naddy
1371 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
1373 typo, fix from Laurent Gautrot
1377 - djm@cvs.openbsd.org 2011/06/23 23:35:42
1379 ignore EINTR errors from poll()
1380 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
1382 bzero the agent address. the kernel was for a while very cranky about
1383 these things. evne though that's fixed, always good to initialize
1384 memory. ok deraadt djm
1385 - djm@cvs.openbsd.org 2011/07/29 14:42:45
1386 [sandbox-systrace.c]
1387 fail open(2) with EPERM rather than SIGKILLing the whole process. libc
1388 will call open() to do strerror() when NLS is enabled;
1389 feedback and ok markus@
1390 - markus@cvs.openbsd.org 2011/08/01 19:18:15
1392 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
1393 report Adam Zabrock; ok djm@, deraadt@
1394 - djm@cvs.openbsd.org 2011/08/02 01:22:11
1395 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
1396 Add new SHA256 and SHA512 based HMAC modes from
1397 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
1398 Patch from mdb AT juniper.net; feedback and ok markus@
1399 - djm@cvs.openbsd.org 2011/08/02 23:13:01
1401 crank now, release later
1402 - djm@cvs.openbsd.org 2011/08/02 23:15:03
1407 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
1408 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
1413 - djm@cvs.openbsd.org 2011/06/22 21:47:28
1415 reuse the multistate option arrays to pretty-print options for "sshd -T"
1416 - djm@cvs.openbsd.org 2011/06/22 21:57:01
1417 [servconf.c servconf.h sshd.c sshd_config.5]
1418 [configure.ac Makefile.in]
1419 introduce sandboxing of the pre-auth privsep child using systrace(4).
1421 This introduces a new "UsePrivilegeSeparation=sandbox" option for
1422 sshd_config that applies mandatory restrictions on the syscalls the
1423 privsep child can perform. This prevents a compromised privsep child
1424 from being used to attack other hosts (by opening sockets and proxying)
1425 or probing local kernel attack surface.
1427 The sandbox is implemented using systrace(4) in unsupervised "fast-path"
1428 mode, where a list of permitted syscalls is supplied. Any syscall not
1429 on the list results in SIGKILL being sent to the privsep child. Note
1430 that this requires a kernel with the new SYSTR_POLICY_KILL option.
1432 UsePrivilegeSeparation=sandbox will become the default in the future
1433 so please start testing it now.
1435 feedback dtucker@; ok markus@
1436 - djm@cvs.openbsd.org 2011/06/22 22:08:42
1437 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
1438 hook up a channel confirm callback to warn the user then requested X11
1439 forwarding was refused by the server; ok markus@
1440 - djm@cvs.openbsd.org 2011/06/23 09:34:13
1441 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
1443 rename sandbox.h => ssh-sandbox.h to make things easier for portable
1444 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
1449 - djm@cvs.openbsd.org 2011/06/04 00:10:26
1451 explain IdentifyFile's semantics a little better, prompted by bz#1898
1453 - markus@cvs.openbsd.org 2011/06/14 22:49:18
1455 make sure key_parse_public/private_rsa1() no longer consumes its input
1456 buffer. fixes ssh-add for passphrase-protected ssh1-keys;
1457 noted by naddy@; ok djm@
1458 - djm@cvs.openbsd.org 2011/06/17 21:44:31
1459 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
1460 make the pre-auth privsep slave log via a socketpair shared with the
1461 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
1462 - djm@cvs.openbsd.org 2011/06/17 21:46:16
1464 the protocol version should be unsigned; bz#1913 reported by mb AT
1466 - djm@cvs.openbsd.org 2011/06/17 21:47:35
1468 factor out multi-choice option parsing into a parse_multistate label
1469 and some support structures; ok dtucker@
1470 - djm@cvs.openbsd.org 2011/06/17 21:57:25
1472 setproctitle for a mux master that has been gracefully stopped;
1473 bz#1911 from Bert.Wesarg AT googlemail.com
1476 - (dtucker) [README version.h contrib/caldera/openssh.spec
1477 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
1478 bumps from the 5.8p2 branch into HEAD. ok djm.
1479 - (tim) [configure.ac defines.h] Run test program to detect system mail
1480 directory. Add --with-maildir option to override. Fixed OpenServer 6
1481 getting it wrong. Fixed many systems having MAIL=/var/mail//username
1483 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
1484 unconditionally in other places and the survey data we have does not show
1485 any systems that use it. "nuke it" djm@
1486 - (djm) [configure.ac] enable setproctitle emulation for OS X
1487 - (djm) OpenBSD CVS Sync
1488 - djm@cvs.openbsd.org 2011/06/03 00:54:38
1490 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
1491 AT googlemail.com; ok dtucker@
1492 NB. includes additional portability code to enable setproctitle emulation
1493 on platforms that don't support it.
1494 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
1496 Check current parent process ID against saved one to determine if the parent
1497 has exited, rather than attempting to send a zero signal, since the latter
1498 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
1500 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
1501 [regress/dynamic-forward.sh]
1502 back out revs 1.6 and 1.5 since it's not reliable
1503 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
1504 [regress/dynamic-forward.sh]
1505 work around startup and teardown races; caught by deraadt
1506 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
1507 [regress/dynamic-forward.sh]
1508 Retry establishing the port forwarding after a small delay, should make
1509 the tests less flaky when the previous test is slow to shut down and free
1511 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
1514 - (djm) OpenBSD CVS Sync
1515 - djm@cvs.openbsd.org 2011/05/23 03:30:07
1516 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
1517 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
1518 allow AuthorizedKeysFile to specify multiple files, separated by spaces.
1519 Bring back authorized_keys2 as a default search path (to avoid breaking
1520 existing users of this file), but override this in sshd_config so it will
1521 be no longer used on fresh installs. Maybe in 2015 we can remove it
1524 feedback and ok markus@ dtucker@
1525 - djm@cvs.openbsd.org 2011/05/23 03:33:38
1527 make secure_filename() spam debug logs less
1528 - djm@cvs.openbsd.org 2011/05/23 03:52:55
1530 remove extra newline
1531 - jmc@cvs.openbsd.org 2011/05/23 07:10:21
1532 [sshd.8 sshd_config.5]
1533 tweak previous; ok djm
1534 - djm@cvs.openbsd.org 2011/05/23 07:24:57
1536 read in key comments for v.2 keys (though note that these are not
1537 passed over the agent protocol); bz#439, based on patch from binder
1538 AT arago.de; ok markus@
1539 - djm@cvs.openbsd.org 2011/05/24 07:15:47
1540 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
1541 Remove undocumented legacy options UserKnownHostsFile2 and
1542 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
1543 accept multiple paths per line and making their defaults include
1544 known_hosts2; ok markus
1545 - djm@cvs.openbsd.org 2011/05/23 03:31:31
1546 [regress/cfgmatch.sh]
1547 include testing of multiple/overridden AuthorizedKeysFiles
1548 refactor to simply daemon start/stop and get rid of racy constructs
1551 - (djm) [session.c] call setexeccon() before executing passwd for pw
1552 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
1553 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
1554 options, we should corresponding -W-option when trying to determine
1555 whether it is accepted. Also includes a warning fix on the program
1556 fragment uses (bad main() return type).
1557 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
1558 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
1560 - djm@cvs.openbsd.org 2011/05/15 08:09:01
1561 [authfd.c monitor.c serverloop.c]
1562 use FD_CLOEXEC consistently; patch from zion AT x96.org
1563 - djm@cvs.openbsd.org 2011/05/17 07:13:31
1565 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1566 and fix the regress test that was trying to generate them :)
1567 - djm@cvs.openbsd.org 2011/05/20 00:55:02
1569 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
1570 and AuthorizedPrincipalsFile were not being correctly applied in
1571 Match blocks, despite being overridable there; ok dtucker@
1572 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
1574 Add comment documenting what should be after the preauth check. ok djm
1575 - djm@cvs.openbsd.org 2011/05/20 03:25:45
1576 [monitor.c monitor_wrap.c servconf.c servconf.h]
1577 use a macro to define which string options to copy between configs
1578 for Match. This avoids problems caused by forgetting to keep three
1579 code locations in perfect sync and ordering
1581 "this is at once beautiful and horrible" + ok dtucker@
1582 - djm@cvs.openbsd.org 2011/05/17 07:13:31
1583 [regress/cert-userkey.sh]
1584 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1585 and fix the regress test that was trying to generate them :)
1586 - djm@cvs.openbsd.org 2011/05/20 02:43:36
1588 another attempt to generate a v00 ECDSA key that broke the test
1589 ID sync only - portable already had this somehow
1590 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
1591 [dynamic-forward.sh]
1592 Prevent races in dynamic forwarding test; ok djm
1593 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
1594 [dynamic-forward.sh]
1595 fix dumb error in dynamic-forward test
1598 - (djm) OpenBSD CVS Sync
1599 - djm@cvs.openbsd.org 2011/05/05 05:12:08
1601 gracefully fall back when ControlPath is too large for a
1602 sockaddr_un. ok markus@ as part of a larger diff
1603 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
1605 clarify language about overriding defaults. bz#1892, from Petr Cerny
1606 - djm@cvs.openbsd.org 2011/05/06 01:09:53
1608 mention that IPv6 addresses must be enclosed in square brackets;
1610 - djm@cvs.openbsd.org 2011/05/06 02:05:41
1612 fix memory leak; bz#1849 ok dtucker@
1613 - djm@cvs.openbsd.org 2011/05/06 21:14:05
1615 set traffic class for IPv6 traffic as we do for IPv4 TOS;
1616 patch from lionel AT mamane.lu via Colin Watson in bz#1855;
1618 - djm@cvs.openbsd.org 2011/05/06 21:18:02
1619 [ssh.c ssh_config.5]
1620 add a %L expansion (short-form of the local host name) for ControlPath;
1621 sync some more expansions with LocalCommand; ok markus@
1622 - djm@cvs.openbsd.org 2011/05/06 21:31:38
1623 [readconf.c ssh_config.5]
1624 support negated Host matching, e.g.
1626 Host *.example.org !c.example.org
1629 Will match "a.example.org", "b.example.org", but not "c.example.org"
1631 - djm@cvs.openbsd.org 2011/05/06 21:34:32
1632 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
1633 Add a RequestTTY ssh_config option to allow configuration-based
1634 control over tty allocation (like -t/-T); ok markus@
1635 - djm@cvs.openbsd.org 2011/05/06 21:38:58
1637 fix dropping from previous diff
1638 - djm@cvs.openbsd.org 2011/05/06 22:20:10
1640 fix numbering; from bert.wesarg AT googlemail.com
1641 - jmc@cvs.openbsd.org 2011/05/07 23:19:39
1644 - come consistency fixes
1646 - jmc@cvs.openbsd.org 2011/05/07 23:20:25
1649 - djm@cvs.openbsd.org 2011/05/08 12:52:01
1650 [PROTOCOL.mux clientloop.c clientloop.h mux.c]
1651 improve our behaviour when TTY allocation fails: if we are in
1652 RequestTTY=auto mode (the default), then do not treat at TTY
1653 allocation error as fatal but rather just restore the local TTY
1654 to cooked mode and continue. This is more graceful on devices that
1655 never allocate TTYs.
1657 If RequestTTY is set to "yes" or "force", then failure to allocate
1661 - djm@cvs.openbsd.org 2011/05/10 05:46:46
1663 despam debug() logs by detecting that we are trying to load a private key
1664 in key_try_load_public() and returning early; ok markus@
1665 - djm@cvs.openbsd.org 2011/05/11 04:47:06
1666 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
1667 remove support for authorized_keys2; it is a relic from the early days
1668 of protocol v.2 support and has been undocumented for many years;
1670 - djm@cvs.openbsd.org 2011/05/13 00:05:36
1672 warn on unexpected key type in key_parse_private_type()
1673 - (djm) [packet.c] unbreak portability #endif
1676 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
1677 --with-ssl-engine which was broken with the change from deprecated
1678 SSLeay_add_all_algorithms(). ok djm
1681 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
1682 for closefrom() in test code. Report from Dan Wallis via Gentoo.
1685 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
1686 definitions. From des AT des.no
1687 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
1688 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
1689 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
1690 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
1691 [regress/README.regress] Remove ssh-rand-helper and all its
1692 tentacles. PRNGd seeding has been rolled into entropy.c directly.
1693 Thanks to tim@ for testing on affected platforms.
1695 - djm@cvs.openbsd.org 2011/03/10 02:52:57
1696 [auth2-gss.c auth2.c auth.h]
1697 allow GSSAPI authentication to detect when a server-side failure causes
1698 authentication failure and don't count such failures against MaxAuthTries;
1699 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
1700 - okan@cvs.openbsd.org 2011/03/15 10:36:02
1702 use timerclear macro
1704 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
1705 [ssh-keygen.1 ssh-keygen.c]
1706 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
1707 for which host keys do not exist, generate the host keys with the
1708 default key file path, an empty passphrase, default bits for the key
1709 type, and default comment. This will be used by /etc/rc to generate
1710 new host keys. Idea from deraadt.
1712 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
1714 -q not used in /etc/rc now so remove statement.
1715 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
1717 remove -d, documentation removed >10 years ago; ok markus
1718 - jmc@cvs.openbsd.org 2011/03/24 15:29:30
1720 zap trailing whitespace;
1721 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
1723 use strcasecmp() for "clear" cert permission option also; ok djm
1724 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
1725 [misc.c misc.h servconf.c]
1726 print ipqos friendly string for sshd -T; ok markus
1727 # sshd -Tf sshd_config|grep ipqos
1728 ipqos lowdelay throughput
1729 - djm@cvs.openbsd.org 2011/04/12 04:23:50
1732 - djm@cvs.openbsd.org 2011/04/12 05:32:49
1734 exit with 0 status on SIGTERM; bz#1879
1735 - djm@cvs.openbsd.org 2011/04/13 04:02:48
1737 improve wording; bz#1861
1738 - djm@cvs.openbsd.org 2011/04/13 04:09:37
1740 mention valid -b sizes for ECDSA keys; bz#1862
1741 - djm@cvs.openbsd.org 2011/04/17 22:42:42
1742 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
1743 allow graceful shutdown of multiplexing: request that a mux server
1744 removes its listener socket and refuse future multiplexing requests;
1746 - djm@cvs.openbsd.org 2011/04/18 00:46:05
1748 certificate options are supposed to be packed in lexical order of
1749 option name (though we don't actually enforce this at present).
1750 Move one up that was out of sequence
1751 - djm@cvs.openbsd.org 2011/05/04 21:15:29
1752 [authfile.c authfile.h ssh-add.c]
1753 allow "ssh-add - < key"; feedback and ok markus@
1754 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
1755 so autoreconf 2.68 is happy.
1756 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
1759 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
1760 Cygwin-specific service installer script ssh-host-config. The actual
1761 functionality is the same, the revisited version is just more
1762 exact when it comes to check for problems which disallow to run
1763 certain aspects of the script. So, part of this script and the also
1764 rearranged service helper script library "csih" is to check if all
1765 the tools required to run the script are available on the system.
1766 The new script also is more thorough to inform the user why the
1767 script failed. Patch from vinschen at redhat com.
1771 - djm@cvs.openbsd.org 2011/02/16 00:31:14
1773 make hostbased auth with ECDSA keys work correctly. Based on patch
1774 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
1777 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
1778 selinux code. Patch from Leonardo Chiquitto
1779 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
1780 generation and simplify. Patch from Corinna Vinschen.
1784 - djm@cvs.openbsd.org 2011/01/31 21:42:15
1786 cut'n'pasto; from bert.wesarg AT googlemail.com
1787 - djm@cvs.openbsd.org 2011/02/04 00:44:21
1789 fix uninitialised nonce variable; reported by Mateusz Kocielski
1790 - djm@cvs.openbsd.org 2011/02/04 00:44:43
1793 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1794 [contrib/suse/openssh.spec] update versions in docs and spec files.
1795 - Release OpenSSH 5.8p1
1798 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
1799 before attempting setfscreatecon(). Check whether matchpathcon()
1800 succeeded before using its result. Patch from cjwatson AT debian.org;
1804 - (tim) [config.guess config.sub] Sync with upstream.
1805 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
1806 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
1807 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
1808 space changes for consistency/readability. Makes autoconf 2.68 happy.
1812 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
1813 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
1814 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
1815 building with SELinux support to avoid linking failure; report from
1816 amk AT spamfence.net; ok dtucker
1819 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
1820 RSA_get_default_method() for the benefit of openssl versions that don't
1821 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
1824 - djm@cvs.openbsd.org 2011/01/22 09:18:53
1826 crank to OpenSSH-5.7
1827 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1828 [contrib/suse/openssh.spec] update versions in docs and spec files.
1829 - (djm) Release 5.7p1
1832 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
1833 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
1834 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
1835 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
1836 release testing (random crashes and failure to load ECC keys).
1840 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
1841 $PATH, fix cleanup of droppings; reported by openssh AT
1842 roumenpetrov.info; ok dtucker@
1843 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
1844 its unique snowflake of a gdb error to the ones we look for.
1845 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
1846 ssh-add to avoid $SUDO failures on Linux
1847 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
1848 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
1849 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
1850 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
1851 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
1852 disabled on platforms that do not support them; add a "config_defined()"
1853 shell function that greps for defines in config.h and use them to decide
1855 Convert a couple of existing grep's over config.h to use the new function
1856 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
1857 backslash characters in filenames, enable it for Cygwin and use it to turn
1858 of tests for quotes backslashes in sftp-glob.sh.
1859 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
1860 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
1861 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
1863 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
1864 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
1865 support, based on patches from Tomas Mraz and jchadima at redhat.
1868 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
1869 on configurations that don't have it.
1871 - djm@cvs.openbsd.org 2011/01/16 11:50:05
1873 Use atomicio when flushing protocol 1 std{out,err} buffers at
1874 session close. This was a latent bug exposed by setting a SIGCHLD
1875 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
1876 - djm@cvs.openbsd.org 2011/01/16 11:50:36
1878 reset the SIGPIPE handler when forking to execute child processes;
1880 - djm@cvs.openbsd.org 2011/01/16 12:05:59
1882 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
1883 now that we use atomicio(), convert them from while loops to if statements
1884 add test and cast to compile cleanly with -Wsigned
1888 - djm@cvs.openbsd.org 2011/01/13 21:54:53
1890 correct error messages; patch from bert.wesarg AT googlemail.com
1891 - djm@cvs.openbsd.org 2011/01/13 21:55:25
1893 correct protocol names and add a couple of missing protocol number
1894 defines; patch from bert.wesarg AT googlemail.com
1895 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
1896 host-key-force target rather than a substitution that is replaced with a
1897 comment so that the Makefile.in is still a syntactically valid Makefile
1898 (useful to run the distprep target)
1899 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
1900 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
1904 - (djm) [misc.c] include time.h for nanosleep() prototype
1905 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
1906 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
1908 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
1909 gcc warning on platforms where it defaults to int
1910 - (djm) [regress/Makefile] add a few more generated files to the clean
1912 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
1913 #define that was causing diffie-hellman-group-exchange-sha256 to be
1914 incorrectly disabled
1915 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
1916 should not depend on ECC support
1920 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
1921 [openbsd-compat/glob.c]
1922 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
1923 from ARG_MAX to 64K.
1924 Fixes glob-using programs (notably ftp) able to be triggered to hit
1926 Idea from a similar NetBSD change, original problem reported by jasper@.
1927 ok millert tedu jasper
1928 - djm@cvs.openbsd.org 2011/01/12 01:53:14
1929 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
1930 and sanity check arguments (these will be unnecessary when we switch
1931 struct glob members from being type into to size_t in the future);
1932 "looks ok" tedu@ feedback guenther@
1933 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
1934 silly warnings on write() calls we don't care succeed or not.
1935 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
1936 flag tests that don't depend on gcc version at all; suggested by and
1940 - (tim) [regress/host-expand.sh] Fix for building outside of read only
1942 - (djm) [platform.c] Some missing includes that show up under -Werror
1944 - djm@cvs.openbsd.org 2011/01/08 10:51:51
1946 use host and not options.hostname, as the latter may have unescaped
1947 substitution characters
1948 - djm@cvs.openbsd.org 2011/01/11 06:06:09
1950 fd leak on error paths; from zinovik@
1951 NB. Id sync only; we use loginrec.c that was also audited and fixed
1953 - djm@cvs.openbsd.org 2011/01/11 06:13:10
1954 [clientloop.c ssh-keygen.c sshd.c]
1955 some unsigned long long casts that make things a bit easier for
1956 portable without resorting to dropping PRIu64 formats everywhere
1959 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
1960 openssh AT roumenpetrov.info
1963 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
1964 test on OSX and others. Reported by imorgan AT nas.nasa.gov
1967 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
1968 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
1969 - djm@cvs.openbsd.org 2011/01/06 22:23:53
1971 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
1972 googlemail.com; ok markus@
1973 - djm@cvs.openbsd.org 2011/01/06 22:23:02
1975 when exiting due to ServerAliveTimeout, mention the hostname that caused
1976 it (useful with backgrounded controlmaster)
1977 - djm@cvs.openbsd.org 2011/01/06 22:46:21
1978 [regress/Makefile regress/host-expand.sh]
1979 regress test for LocalCommand %n expansion from bert.wesarg AT
1980 googlemail.com; ok markus@
1981 - djm@cvs.openbsd.org 2011/01/06 23:01:35
1983 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
1987 - (djm) OpenBSD CVS Sync
1988 - markus@cvs.openbsd.org 2010/12/08 22:46:03
1990 add a new -3 option to scp: Copies between two remote hosts are
1991 transferred through the local host. Without this option the data
1992 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
1993 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
1996 scp.c: add -3 to usage()
1997 - markus@cvs.openbsd.org 2010/12/14 11:59:06
1999 don't mention key type in key-changed-warning, since we also print
2000 this warning if a new key type appears. ok djm@
2001 - djm@cvs.openbsd.org 2010/12/15 00:49:27
2003 fix ControlMaster=ask regression
2004 reset SIGCHLD handler before fork (and restore it after) so we don't miss
2005 the the askpass child's exit status. Correct test for exit status/signal to
2006 account for waitpid() failure; with claudio@ ok claudio@ markus@
2007 - djm@cvs.openbsd.org 2010/12/24 21:41:48
2009 don't send the actual forced command in a debug message; ok markus deraadt
2010 - otto@cvs.openbsd.org 2011/01/04 20:44:13
2012 handle ecdsa-sha2 with various key lengths; hint and ok djm@
2015 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
2016 formatter if it is present, followed by nroff and groff respectively.
2017 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
2018 in favour of mandoc). feedback and ok tim
2021 - (djm) [Makefile.in] revert local hack I didn't intend to commit
2024 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
2025 - (djm) [configure.ac] Check whether libdes is needed when building
2026 with Heimdal krb5 support. On OpenBSD this library no longer exists,
2027 so linking it unconditionally causes a build failure; ok dtucker
2030 - (dtucker) OpenBSD CVS Sync
2031 - djm@cvs.openbsd.org 2010/12/08 04:02:47
2032 [ssh_config.5 sshd_config.5]
2033 explain that IPQoS arguments are separated by whitespace; iirc requested
2034 by jmc@ a while back
2037 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
2038 debugging. Spotted by djm.
2039 - (dtucker) OpenBSD CVS Sync
2040 - djm@cvs.openbsd.org 2010/12/03 23:49:26
2042 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
2043 (this code is still disabled, but apprently people are treating it as
2044 a reference implementation)
2045 - djm@cvs.openbsd.org 2010/12/03 23:55:27
2047 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
2048 bz#1829; patch from ldv AT altlinux.org; ok markus@
2049 - djm@cvs.openbsd.org 2010/12/04 00:18:01
2050 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
2051 add a protocol extension to support a hard link operation. It is
2052 available through the "ln" command in the client. The old "ln"
2053 behaviour of creating a symlink is available using its "-s" option
2054 or through the preexisting "symlink" command; based on a patch from
2055 miklos AT szeredi.hu in bz#1555; ok markus@
2056 - djm@cvs.openbsd.org 2010/12/04 13:31:37
2058 fix fd leak; spotted and ok dtucker
2059 - djm@cvs.openbsd.org 2010/12/04 00:21:19
2060 [regress/sftp-cmds.sh]
2061 adjust for hard-link support
2062 - (dtucker) [regress/Makefile] Id sync.
2065 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
2066 instead of (arc4random() % range)
2067 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
2068 shims for the new, non-deprecated OpenSSL key generation functions for
2069 platforms that don't have the new interfaces.
2073 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
2075 clean up cases of ;;
2076 - djm@cvs.openbsd.org 2010/11/21 01:01:13
2077 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
2078 honour $TMPDIR for client xauth and ssh-agent temporary directories;
2079 feedback and ok markus@
2080 - djm@cvs.openbsd.org 2010/11/21 10:57:07
2082 Refactor internals of private key loading and saving to work on memory
2083 buffers rather than directly on files. This will make a few things
2084 easier to do in the future; ok markus@
2085 - djm@cvs.openbsd.org 2010/11/23 02:35:50
2087 use strict_modes already passed as function argument over referencing
2088 global options.strict_modes
2089 - djm@cvs.openbsd.org 2010/11/23 23:57:24
2091 avoid NULL deref on receiving a channel request on an unknown or invalid
2092 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
2093 - djm@cvs.openbsd.org 2010/11/24 01:24:14
2095 remove a debug() that pollutes stderr on client connecting to a server
2096 in debug mode (channel_close_fds is called transitively from the session
2097 code post-fork); bz#1719, ok dtucker
2098 - djm@cvs.openbsd.org 2010/11/25 04:10:09
2100 replace close() loop for fds 3->64 with closefrom();
2101 ok markus deraadt dtucker
2102 - djm@cvs.openbsd.org 2010/11/26 05:52:49
2104 Pass through ssh command-line flags and options when doing remote-remote
2105 transfers, e.g. to enable agent forwarding which is particularly useful
2106 in this case; bz#1837 ok dtucker@
2107 - markus@cvs.openbsd.org 2010/11/29 18:57:04
2109 correctly load comment for encrypted rsa1 keys;
2110 report/fix Joachim Schipper; ok djm@
2111 - djm@cvs.openbsd.org 2010/11/29 23:45:51
2112 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
2113 [sshconnect.h sshconnect2.c]
2114 automatically order the hostkeys requested by the client based on
2115 which hostkeys are already recorded in known_hosts. This avoids
2116 hostkey warnings when connecting to servers with new ECDSA keys
2117 that are preferred by default; with markus@
2120 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
2121 into the platform-specific code Only affects SCO, tested by and ok tim@.
2122 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
2123 group read/write. ok dtucker@
2124 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
2125 - (djm) [defines.h] Add IP DSCP defines
2128 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
2129 from vapier at gentoo org.
2133 - djm@cvs.openbsd.org 2010/11/05 02:46:47
2136 - djm@cvs.openbsd.org 2010/11/10 01:33:07
2137 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
2138 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
2139 these have been around for years by this time. ok markus
2140 - djm@cvs.openbsd.org 2010/11/13 23:27:51
2141 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
2142 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
2143 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
2144 hardcoding lowdelay/throughput.
2146 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
2147 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
2150 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
2151 [scp.1 sftp.1 ssh.1 sshd_config.5]
2152 add IPQoS to the various -o lists, and zap some trailing whitespace;
2155 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
2156 platforms that don't support ECC. Fixes some spurious warnings reported
2160 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
2161 Feedback from dtucker@
2162 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
2163 support for platforms missing isblank(). ok djm@
2166 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
2168 - (tim) [regress/kextype.sh] Shell portability fix.
2171 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
2172 the correct typedefs.
2175 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
2176 int. Should fix bz#1817 cleanly; ok dtucker@
2178 - djm@cvs.openbsd.org 2010/09/22 12:26:05
2179 [regress/Makefile regress/kextype.sh]
2180 regress test for each of the key exchange algorithms that we support
2181 - djm@cvs.openbsd.org 2010/10/28 11:22:09
2182 [authfile.c key.c key.h ssh-keygen.c]
2183 fix a possible NULL deref on loading a corrupt ECDH key
2185 store ECDH group information in private keys files as "named groups"
2186 rather than as a set of explicit group parameters (by setting
2187 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
2188 retrieves the group's OpenSSL NID that we need for various things.
2189 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
2190 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
2191 knock out some "-*- nroff -*-" lines;
2192 - djm@cvs.openbsd.org 2010/11/04 02:45:34
2194 umask should be parsed as octal. reported by candland AT xmission.com;
2196 - (dtucker) [configure.ac platform.{c,h} session.c
2197 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
2198 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
2200 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
2201 after the user's groups are established and move the selinux calls into it.
2202 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
2204 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
2205 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
2206 retain previous behavior.
2207 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
2208 the LOGIN_CAP case into platform.c.
2209 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
2211 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
2212 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
2214 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
2215 non-LOGIN_CAP case into platform.c.
2216 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
2217 check into platform.c
2218 - (dtucker) [regress/keytype.sh] Import new test.
2219 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
2220 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
2221 from configure through to regress/Makefile and use it in the tests.
2222 - (dtucker) [regress/kextype.sh] Add missing "test".
2223 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
2224 strictly correct since while ECC requires sha256 the reverse is not true
2225 however it does prevent spurious test failures.
2226 - (dtucker) [platform.c] Need servconf.h and extern options.
2229 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
2230 1.12 to unbreak Solaris build.
2232 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
2236 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
2237 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
2238 which don't have ECC support in libcrypto.
2239 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
2240 which don't have ECC support in libcrypto.
2241 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
2243 - (dtucker) OpenBSD CVS Sync
2244 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
2246 escape '[' in filename tab-completion; fix a type while there.
2251 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
2253 Typo in confirmation message. bz#1827, patch from imorgan at
2255 - djm@cvs.openbsd.org 2010/08/31 12:24:09
2256 [regress/cert-hostkey.sh regress/cert-userkey.sh]
2257 tests for ECDSA certificates
2260 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
2261 bz#1825, reported by foo AT mailinator.com
2262 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
2265 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
2269 - (djm) [ssh-agent.c] Fix type for curve name.
2270 - (djm) OpenBSD CVS Sync
2271 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
2272 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
2273 [openbsd-compat/timingsafe_bcmp.c]
2274 Add timingsafe_bcmp(3) to libc, mention that it's already in the
2275 kernel in kern(9), and remove it from OpenSSH.
2277 NB. re-added under openbsd-compat/ for portable OpenSSH
2278 - djm@cvs.openbsd.org 2010/09/25 09:30:16
2279 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
2280 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
2281 rountrips to fetch per-file stat(2) information.
2282 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
2284 - djm@cvs.openbsd.org 2010/09/26 22:26:33
2286 when performing an "ls" in columnated (short) mode, only call
2287 ioctl(TIOCGWINSZ) once to get the window width instead of per-
2289 - djm@cvs.openbsd.org 2010/09/30 11:04:51
2291 prevent free() of string in .rodata when overriding AuthorizedKeys in
2292 a Match block; patch from rein AT basefarm.no
2293 - djm@cvs.openbsd.org 2010/10/01 23:05:32
2294 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
2295 adapt to API changes in openssl-1.0.0a
2296 NB. contains compat code to select correct API for older OpenSSL
2297 - djm@cvs.openbsd.org 2010/10/05 05:13:18
2298 [sftp.c sshconnect.c]
2299 use default shell /bin/sh if $SHELL is ""; ok markus@
2300 - djm@cvs.openbsd.org 2010/10/06 06:39:28
2301 [clientloop.c ssh.c sshconnect.c sshconnect.h]
2302 kill proxy command on fatal() (we already kill it on clean exit);
2304 - djm@cvs.openbsd.org 2010/10/06 21:10:21
2306 swapped args to kill(2)
2307 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
2308 - (djm) [cipher-acss.c] Add missing header.
2309 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
2312 - (djm) OpenBSD CVS Sync
2313 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
2315 * mention ECDSA in more places
2316 * less repetition in FILES section
2317 * SSHv1 keys are still encrypted with 3DES
2319 - djm@cvs.openbsd.org 2010/09/11 21:44:20
2321 mention RFC 5656 for ECC stuff
2322 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
2324 more wacky macro fixing;
2325 - djm@cvs.openbsd.org 2010/09/20 04:41:47
2327 install a SIGCHLD handler to reap expiried child process; ok markus@
2328 - djm@cvs.openbsd.org 2010/09/20 04:50:53
2330 check that received values are smaller than the group size in the
2331 disabled and unfinished J-PAKE code.
2332 avoids catastrophic security failure found by Sebastien Martini
2333 - djm@cvs.openbsd.org 2010/09/20 04:54:07
2336 - djm@cvs.openbsd.org 2010/09/20 07:19:27
2338 "atomically" create the listening mux socket by binding it on a temorary
2339 name and then linking it into position after listen() has succeeded.
2340 this allows the mux clients to determine that the server socket is
2341 either ready or stale without races. stale server sockets are now
2342 automatically removed
2344 - djm@cvs.openbsd.org 2010/09/22 05:01:30
2345 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
2346 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
2347 add a KexAlgorithms knob to the client and server configuration to allow
2348 selection of which key exchange methods are used by ssh(1) and sshd(8)
2349 and their order of preference.
2351 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
2352 [ssh.1 ssh_config.5]
2353 ssh.1: add kexalgorithms to the -o list
2354 ssh_config.5: format the kexalgorithms in a more consistent
2357 - djm@cvs.openbsd.org 2010/09/22 22:58:51
2358 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
2359 [sftp-client.h sftp.1 sftp.c]
2360 add an option per-read/write callback to atomicio
2362 factor out bandwidth limiting code from scp(1) into a generic bandwidth
2363 limiter that can be attached using the atomicio callback mechanism
2365 add a bandwidth limit option to sftp(1) using the above
2367 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
2369 add [-l limit] to usage();
2370 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
2372 add KexAlgorithms to the -o list;
2375 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
2376 return code since it can apparently return -1 under some conditions. From
2377 openssh bugs werbittewas de, ok djm@
2379 - djm@cvs.openbsd.org 2010/08/31 12:33:38
2380 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2381 reintroduce commit from tedu@, which I pulled out for release
2383 OpenSSL_add_all_algorithms is the name of the function we have a
2384 man page for, so use that. ok djm
2385 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
2387 fix some macro abuse;
2388 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
2390 small text tweak to accommodate previous;
2391 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
2393 pick up ECDSA host key by default; ok djm@
2394 - markus@cvs.openbsd.org 2010/09/02 16:07:25
2396 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
2397 - markus@cvs.openbsd.org 2010/09/02 16:08:39
2399 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
2400 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
2402 Switch ECDSA default key size to 256 bits, which according to RFC5656
2403 should still be better than our current RSA-2048 default.
2405 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
2407 add an EXIT STATUS section for /usr/bin;
2408 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
2410 two more EXIT STATUS sections;
2411 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
2413 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
2414 <mattieu.b@gmail.com>
2416 - djm@cvs.openbsd.org 2010/09/08 03:54:36
2419 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
2421 work around name-space collisions some buggy compilers (looking at you
2422 gcc, at least in earlier versions, but this does not forgive your current
2423 transgressions) seen between zlib and openssl
2425 - djm@cvs.openbsd.org 2010/09/09 10:45:45
2426 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
2427 ECDH/ECDSA compliance fix: these methods vary the hash function they use
2428 (SHA256/384/512) depending on the length of the curve in use. The previous
2429 code incorrectly used SHA256 in all cases.
2431 This fix will cause authentication failure when using 384 or 521-bit curve
2432 keys if one peer hasn't been upgraded and the other has. (256-bit curve
2433 keys work ok). In particular you may need to specify HostkeyAlgorithms
2434 when connecting to a server that has not been upgraded from an upgraded
2438 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
2439 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
2440 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
2441 platforms that don't have the requisite OpenSSL support. ok dtucker@
2442 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
2443 for missing headers and compiler warnings.
2447 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
2448 [ssh-keysign.8 ssh.1 sshd.8]
2449 use the same template for all FILES sections; i.e. -compact/.Pp where we
2450 have multiple items, and .Pa for path names;
2451 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
2452 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2453 OpenSSL_add_all_algorithms is the name of the function we have a man page
2454 for, so use that. ok djm
2455 - djm@cvs.openbsd.org 2010/08/16 04:06:06
2456 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2457 backout previous temporarily; discussed with deraadt@
2458 - djm@cvs.openbsd.org 2010/08/31 09:58:37
2459 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
2460 [packet.h ssh-dss.c ssh-rsa.c]
2461 Add buffer_get_cstring() and related functions that verify that the
2462 string extracted from the buffer contains no embedded \0 characters*
2463 This prevents random (possibly malicious) crap from being appended to
2464 strings where it would not be noticed if the string is used with
2465 a string(3) function.
2467 Use the new API in a few sensitive places.
2469 * actually, we allow a single one at the end of the string for now because
2470 we don't know how many deployed implementations get this wrong, but don't
2471 count on this to remain indefinitely.
2472 - djm@cvs.openbsd.org 2010/08/31 11:54:45
2473 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
2474 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
2475 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
2476 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
2477 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
2478 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
2479 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
2480 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
2481 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
2482 better performance than plain DH and DSA at the same equivalent symmetric
2483 key length, as well as much shorter keys.
2485 Only the mandatory sections of RFC5656 are implemented, specifically the
2486 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
2487 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
2489 Certificate host and user keys using the new ECDSA key types are supported.
2491 Note that this code has not been tested for interoperability and may be
2494 feedback and ok markus@
2495 - (djm) [Makefile.in] Add new ECC files
2496 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
2500 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
2501 remove. Patch from martynas at venck us
2504 - (djm) Release OpenSSH-5.6p1
2507 - (dtucker) [configure.ac openbsd-compat/Makefile.in
2508 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
2509 the compat library which helps on platforms like old IRIX. Based on work
2510 by djm, tested by Tom Christensen.
2512 - djm@cvs.openbsd.org 2010/08/12 21:49:44
2514 close any extra file descriptors inherited from parent at start and
2515 reopen stdin/stdout to /dev/null when forking for ControlPersist.
2517 prevents tools that fork and run a captive ssh for communication from
2518 failing to exit when the ssh completes while they wait for these fds to
2519 close. The inherited fds may persist arbitrarily long if a background
2520 mux master has been started by ControlPersist. cvs and scp were effected
2523 "please commit" markus@
2524 - (djm) [regress/README.regress] typo
2527 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
2528 regress/test-exec.sh] Under certain conditions when testing with sudo
2529 tests would fail because the pidfile could not be read by a regular user.
2530 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
2531 Make sure cat is run by $SUDO. no objection from me. djm@
2532 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
2535 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
2536 already set. Makes FreeBSD user openable tunnels useful; patch from
2537 richard.burakowski+ossh AT mrburak.net, ok dtucker@
2538 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
2539 based in part on a patch from Colin Watson, ok djm@
2543 - djm@cvs.openbsd.org 2010/08/08 16:26:42
2546 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2547 [contrib/suse/openssh.spec] Crank version numbers
2551 - djm@cvs.openbsd.org 2010/08/04 05:37:01
2552 [ssh.1 ssh_config.5 sshd.8]
2553 Remove mentions of weird "addr/port" alternate address format for IPv6
2554 addresses combinations. It hasn't worked for ages and we have supported
2555 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
2556 - djm@cvs.openbsd.org 2010/08/04 05:40:39
2557 [PROTOCOL.certkeys ssh-keygen.c]
2558 tighten the rules for certificate encoding by requiring that options
2559 appear in lexical order and make our ssh-keygen comply. ok markus@
2560 - djm@cvs.openbsd.org 2010/08/04 05:42:47
2561 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
2562 [ssh-keysign.c ssh.c]
2563 enable certificates for hostbased authentication, from Iain Morgan;
2565 - djm@cvs.openbsd.org 2010/08/04 05:49:22
2567 commited the wrong version of the hostbased certificate diff; this
2568 version replaces some strlc{py,at} verbosity with xasprintf() at
2569 the request of markus@
2570 - djm@cvs.openbsd.org 2010/08/04 06:07:11
2571 [ssh-keygen.1 ssh-keygen.c]
2572 Support CA keys in PKCS#11 tokens; feedback and ok markus@
2573 - djm@cvs.openbsd.org 2010/08/04 06:08:40
2575 clean for -Wuninitialized (Id sync only; portable had this change)
2576 - djm@cvs.openbsd.org 2010/08/05 13:08:42
2578 Fix a trio of bugs in the local/remote window calculation for datagram
2579 data channels (i.e. TunnelForward):
2581 Calculate local_consumed correctly in channel_handle_wfd() by measuring
2582 the delta to buffer_len(c->output) from when we start to when we finish.
2583 The proximal problem here is that the output_filter we use in portable
2584 modified the length of the dequeued datagram (to futz with the headers
2587 In channel_output_poll(), don't enqueue datagrams that won't fit in the
2588 peer's advertised packet size (highly unlikely to ever occur) or which
2589 won't fit in the peer's remaining window (more likely).
2591 In channel_input_data(), account for the 4-byte string header in
2592 datagram packets that we accept from the peer and enqueue in c->output.
2594 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
2595 "looks good" markus@
2598 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
2599 PAM to sane values in case the PAM method doesn't write to them. Spotted by
2600 Bitman Zhou, ok djm@.
2602 - djm@cvs.openbsd.org 2010/07/16 04:45:30
2604 avoid bogus compiler warning
2605 - djm@cvs.openbsd.org 2010/07/16 14:07:35
2607 more timing paranoia - compare all parts of the expected decrypted
2608 data before returning. AFAIK not exploitable in the SSH protocol.
2610 - djm@cvs.openbsd.org 2010/07/19 03:16:33
2612 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
2613 upload depth checks and causing verbose printing of transfers to always
2614 be turned on; patch from imorgan AT nas.nasa.gov
2615 - djm@cvs.openbsd.org 2010/07/19 09:15:12
2616 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
2617 add a "ControlPersist" option that automatically starts a background
2618 ssh(1) multiplex master when connecting. This connection can stay alive
2619 indefinitely, or can be set to automatically close after a user-specified
2620 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
2621 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
2622 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
2623 - djm@cvs.openbsd.org 2010/07/21 02:10:58
2625 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
2626 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
2628 Ciphers is documented in ssh_config(5) these days
2631 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
2632 details about its behaviour WRT existing directories. Patch from
2633 asguthrie at gmail com, ok djm.
2636 - (djm) OpenBSD CVS Sync
2637 - djm@cvs.openbsd.org 2010/07/02 04:32:44
2639 unbreak strdelim() skipping past quoted strings, e.g.
2640 AllowUsers "blah blah" blah
2641 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
2643 - djm@cvs.openbsd.org 2010/07/12 22:38:52
2645 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
2646 for protocol 2. ok markus@
2647 - djm@cvs.openbsd.org 2010/07/12 22:41:13
2648 [ssh.c ssh_config.5]
2649 expand %h to the hostname in ssh_config Hostname options. While this
2650 sounds useless, it is actually handy for working with unqualified
2656 Hostname %h.example.org
2659 - djm@cvs.openbsd.org 2010/07/13 11:52:06
2660 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
2661 [packet.c ssh-rsa.c]
2662 implement a timing_safe_cmp() function to compare memory without leaking
2663 timing information by short-circuiting like memcmp() and use it for
2664 some of the more sensitive comparisons (though nothing high-value was
2665 readily attackable anyway); "looks ok" markus@
2666 - djm@cvs.openbsd.org 2010/07/13 23:13:16
2667 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
2669 s/timing_safe_cmp/timingsafe_bcmp/g
2670 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
2672 finally ssh synopsis looks nice again! this commit just removes a ton of
2673 hacks we had in place to make it work with old groff;
2674 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
2676 repair incorrect block nesting, which screwed up indentation;
2677 problem reported and fix OK by jmc@
2680 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
2681 (line 77) should have been for no_x11_askpass.
2684 - (djm) OpenBSD CVS Sync
2685 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
2688 - djm@cvs.openbsd.org 2010/06/26 23:04:04
2690 oops, forgot to #include <canohost.h>; spotted and patch from chl@
2691 - djm@cvs.openbsd.org 2010/06/29 23:15:30
2692 [ssh-keygen.1 ssh-keygen.c]
2693 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
2695 - djm@cvs.openbsd.org 2010/06/29 23:16:46
2696 [auth2-pubkey.c sshd_config.5]
2697 allow key options (command="..." and friends) in AuthorizedPrincipals;
2699 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
2702 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
2705 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
2708 - millert@cvs.openbsd.org 2010/07/01 13:06:59
2710 Fix a longstanding problem where if you suspend scp at the
2711 password/passphrase prompt the terminal mode is not restored.
2713 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
2715 fix how we run the tests so we can successfully use SUDO='sudo -E'
2717 - djm@cvs.openbsd.org 2010/06/29 23:59:54
2719 regress tests for key options in AuthorizedPrincipals
2722 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
2726 - (djm) OpenBSD CVS Sync
2727 - djm@cvs.openbsd.org 2010/05/21 05:00:36
2729 colon() returns char*, so s/return (0)/return NULL/
2730 - markus@cvs.openbsd.org 2010/06/08 21:32:19
2732 check length of value returned C_GetAttributValue for != 0
2733 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
2734 - djm@cvs.openbsd.org 2010/06/17 07:07:30
2736 Correct sizing of object to be allocated by calloc(), replacing
2737 sizeof(state) with sizeof(*state). This worked by accident since
2738 the struct contained a single int at present, but could have broken
2739 in the future. patch from hyc AT symas.com
2740 - djm@cvs.openbsd.org 2010/06/18 00:58:39
2742 unbreak ls in working directories that contains globbing characters in
2743 their pathnames. bz#1655 reported by vgiffin AT apple.com
2744 - djm@cvs.openbsd.org 2010/06/18 03:16:03
2746 Missing check for chroot_director == "none" (we already checked against
2747 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
2748 - djm@cvs.openbsd.org 2010/06/18 04:43:08
2750 fix memory leak in do_realpath() error path; bz#1771, patch from
2752 - djm@cvs.openbsd.org 2010/06/22 04:22:59
2753 [servconf.c sshd_config.5]
2754 expose some more sshd_config options inside Match blocks:
2755 AuthorizedKeysFile AuthorizedPrincipalsFile
2756 HostbasedUsesNameFromPacketOnly PermitTunnel
2757 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
2758 - djm@cvs.openbsd.org 2010/06/22 04:32:06
2760 standardise error messages when attempting to open private key
2761 files to include "progname: filename: error reason"
2762 bz#1783; ok dtucker@
2763 - djm@cvs.openbsd.org 2010/06/22 04:49:47
2765 queue auth debug messages for bad ownership or permissions on the user's
2766 keyfiles. These messages will be sent after the user has successfully
2767 authenticated (where our client will display them with LogLevel=debug).
2768 bz#1554; ok dtucker@
2769 - djm@cvs.openbsd.org 2010/06/22 04:54:30
2771 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
2772 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
2773 - djm@cvs.openbsd.org 2010/06/22 04:59:12
2775 include the user name on "subsystem request for ..." log messages;
2776 bz#1571; ok dtucker@
2777 - djm@cvs.openbsd.org 2010/06/23 02:59:02
2779 fix printing of extensions in v01 certificates that I broke in r1.190
2780 - djm@cvs.openbsd.org 2010/06/25 07:14:46
2781 [channels.c mux.c readconf.c readconf.h ssh.h]
2782 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
2783 forwards per direction; ok markus@ stevesk@
2784 - djm@cvs.openbsd.org 2010/06/25 07:20:04
2785 [channels.c session.c]
2786 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
2787 internal-sftp accidentally introduced in r1.253 by removing the code
2788 that opens and dup /dev/null to stderr and modifying the channels code
2789 to read stderr but discard it instead; ok markus@
2790 - djm@cvs.openbsd.org 2010/06/25 08:46:17
2791 [auth1.c auth2-none.c]
2792 skip the initial check for access with an empty password when
2793 PermitEmptyPasswords=no; bz#1638; ok markus@
2794 - djm@cvs.openbsd.org 2010/06/25 23:10:30
2796 log the hostname and address that we connected to at LogLevel=verbose
2797 after authentication is successful to mitigate "phishing" attacks by
2798 servers with trusted keys that accept authentication silently and
2799 automatically before presenting fake password/passphrase prompts;
2801 - djm@cvs.openbsd.org 2010/06/25 23:10:30
2803 log the hostname and address that we connected to at LogLevel=verbose
2804 after authentication is successful to mitigate "phishing" attacks by
2805 servers with trusted keys that accept authentication silently and
2806 automatically before presenting fake password/passphrase prompts;
2810 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
2814 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
2815 rather than assuming that $CWD == $HOME. bz#1500, patch from
2816 timothy AT gelter.com
2819 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
2820 minires-devel package, and to add the reference to the libedit-devel
2821 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
2824 - (djm) OpenBSD CVS Sync
2825 - djm@cvs.openbsd.org 2010/05/07 11:31:26
2826 [regress/Makefile regress/cert-userkey.sh]
2827 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
2828 feedback and ok markus@
2829 - djm@cvs.openbsd.org 2010/05/11 02:58:04
2831 don't accept certificates marked as "cert-authority" here; ok markus@
2832 - djm@cvs.openbsd.org 2010/05/14 00:47:22
2834 check that the certificate matches the corresponding private key before
2836 - djm@cvs.openbsd.org 2010/05/14 23:29:23
2837 [channels.c channels.h mux.c ssh.c]
2838 Pause the mux channel while waiting for reply from aynch callbacks.
2839 Prevents misordering of replies if new requests arrive while waiting.
2841 Extend channel open confirm callback to allow signalling failure
2842 conditions as well as success. Use this to 1) fix a memory leak, 2)
2843 start using the above pause mechanism and 3) delay sending a success/
2844 failure message on mux slave session open until we receive a reply from
2847 motivated by and with feedback from markus@
2848 - markus@cvs.openbsd.org 2010/05/16 12:55:51
2849 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
2850 mux support for remote forwarding with dynamic port allocation,
2852 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
2853 feedback and ok djm@
2854 - djm@cvs.openbsd.org 2010/05/20 11:25:26
2856 fix logspam when key options (from="..." especially) deny non-matching
2857 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
2858 - djm@cvs.openbsd.org 2010/05/20 23:46:02
2859 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
2860 Move the permit-* options to the non-critical "extensions" field for v01
2861 certificates. The logic is that if another implementation fails to
2862 implement them then the connection just loses features rather than fails
2868 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
2869 circular dependency problem on old or odd platforms. From Tom Lane, ok
2871 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
2872 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
2873 already. ok dtucker@
2877 - djm@cvs.openbsd.org 2010/04/23 01:47:41
2879 bz#1740: display a more helpful error message when $HOME is
2880 inaccessible while trying to create .ssh directory. Based on patch
2881 from jchadima AT redhat.com; ok dtucker@
2882 - djm@cvs.openbsd.org 2010/04/23 22:27:38
2884 set "detach_close" flag when registering channel cleanup callbacks.
2885 This causes the channel to close normally when its fds close and
2886 hangs when terminating a mux slave using ~. bz#1758; ok markus@
2887 - djm@cvs.openbsd.org 2010/04/23 22:42:05
2889 set stderr to /dev/null for subsystems rather than just closing it.
2890 avoids hangs if a subsystem or shell initialisation writes to stderr.
2892 - djm@cvs.openbsd.org 2010/04/23 22:48:31
2894 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
2895 since we would refuse to use them anyway. bz#1516; ok dtucker@
2896 - djm@cvs.openbsd.org 2010/04/26 22:28:24
2898 bz#1502: authctxt.success is declared as an int, but passed by
2899 reference to function that accepts sig_atomic_t*. Convert it to
2900 the latter; ok markus@ dtucker@
2901 - djm@cvs.openbsd.org 2010/05/01 02:50:50
2904 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
2906 restore mput and mget which got lost in the tab-completion changes.
2907 found by Kenneth Whitaker, ok djm@
2908 - djm@cvs.openbsd.org 2010/05/07 11:30:30
2909 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
2910 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
2911 add some optional indirection to matching of principal names listed
2912 in certificates. Currently, a certificate must include the a user's name
2913 to be accepted for authentication. This change adds the ability to
2914 specify a list of certificate principal names that are acceptable.
2916 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
2917 this adds a new principals="name1[,name2,...]" key option.
2919 For CAs listed through sshd_config's TrustedCAKeys option, a new config
2920 option "AuthorizedPrincipalsFile" specifies a per-user file containing
2921 the list of acceptable names.
2923 If either option is absent, the current behaviour of requiring the
2924 username to appear in principals continues to apply.
2926 These options are useful for role accounts, disjoint account namespaces
2927 and "user@realm"-style naming policies in certificates.
2929 feedback and ok markus@
2930 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
2935 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
2936 in the openssl install directory (some newer openssl versions do this on at
2937 least some amd64 platforms).
2941 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
2943 tweak previous; ok djm
2944 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
2945 [ssh-keygen.1 ssh-keygen.c]
2946 tweak previous; ok djm
2947 - djm@cvs.openbsd.org 2010/04/16 21:14:27
2949 oops, %r => remote username, not %u
2950 - djm@cvs.openbsd.org 2010/04/16 01:58:45
2951 [regress/cert-hostkey.sh regress/cert-userkey.sh]
2952 regression tests for v01 certificate format
2953 includes interop tests for v00 certs
2954 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
2958 - (djm) Release openssh-5.5p1
2960 - djm@cvs.openbsd.org 2010/03/26 03:13:17
2962 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
2963 argument to allow skipping past values in a buffer
2964 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
2967 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
2969 tweak previous; ok dtucker
2970 - djm@cvs.openbsd.org 2010/04/10 00:00:16
2972 bz#1746 - suppress spurious tty warning when using -O and stdin
2973 is not a tty; ok dtucker@ markus@
2974 - djm@cvs.openbsd.org 2010/04/10 00:04:30
2976 fix terminology: we didn't find a certificate in known_hosts, we found
2978 - djm@cvs.openbsd.org 2010/04/10 02:08:44
2980 bz#1698: kill channel when pty allocation requests fail. Fixed
2981 stuck client if the server refuses pty allocation.
2982 ok dtucker@ "think so" markus@
2983 - djm@cvs.openbsd.org 2010/04/10 02:10:56
2985 show the key type that we are offering in debug(), helps distinguish
2986 between certs and plain keys as the path to the private key is usually
2988 - djm@cvs.openbsd.org 2010/04/10 05:48:16
2990 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
2991 - djm@cvs.openbsd.org 2010/04/14 22:27:42
2992 [ssh_config.5 sshconnect.c]
2993 expand %r => remote username in ssh_config:ProxyCommand;
2995 - markus@cvs.openbsd.org 2010/04/15 20:32:55
2997 retry lookup for private key if there's no matching key with CKA_SIGN
2998 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
3000 - djm@cvs.openbsd.org 2010/04/16 01:47:26
3001 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
3002 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
3003 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
3004 [sshconnect.c sshconnect2.c sshd.c]
3005 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
3008 move the nonce field to the beginning of the certificate where it can
3009 better protect against chosen-prefix attacks on the signature hash
3011 Rename "constraints" field to "critical options"
3013 Add a new non-critical "extensions" field
3017 The older format is still support for authentication and cert generation
3018 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)