Darren Tucker | 4d47ec9 | 2011-08-12 10:12:53 +1000 | [diff] [blame^] | 1 | 20110812 |
| 2 | - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context |
| 3 | change error by reporting old and new context names Patch from |
| 4 | jchadima at redhat. |
| 5 | |
Darren Tucker | 578451d | 2011-08-07 23:09:20 +1000 | [diff] [blame] | 6 | 20110807 |
| 7 | - (dtucker) OpenBSD CVS Sync |
| 8 | - jmc@cvs.openbsd.org 2008/06/26 06:59:39 |
| 9 | [moduli.5] |
| 10 | tweak previous; |
Darren Tucker | f279474 | 2011-08-07 23:10:11 +1000 | [diff] [blame] | 11 | - sobrado@cvs.openbsd.org 2009/10/28 08:56:54 |
| 12 | [moduli.5] |
| 13 | "Diffie-Hellman" is the usual spelling for the cryptographic protocol |
| 14 | first published by Whitfield Diffie and Martin Hellman in 1976. |
| 15 | ok jmc@ |
Darren Tucker | 91e6b57 | 2011-08-07 23:10:56 +1000 | [diff] [blame] | 16 | - jmc@cvs.openbsd.org 2010/10/14 20:41:28 |
| 17 | [moduli.5] |
| 18 | probabalistic -> probabilistic; from naddy |
Darren Tucker | ddccfb4 | 2011-08-07 23:12:26 +1000 | [diff] [blame] | 19 | - dtucker@cvs.openbsd.org 2011/08/07 12:55:30 |
| 20 | [sftp.1] |
| 21 | typo, fix from Laurent Gautrot |
Darren Tucker | 578451d | 2011-08-07 23:09:20 +1000 | [diff] [blame] | 22 | |
Damien Miller | 7741ce8 | 2011-08-06 06:15:15 +1000 | [diff] [blame] | 23 | 20110805 |
| 24 | - OpenBSD CVS Sync |
| 25 | - djm@cvs.openbsd.org 2011/06/23 23:35:42 |
| 26 | [monitor.c] |
| 27 | ignore EINTR errors from poll() |
Damien Miller | 6ea5e44 | 2011-08-06 06:16:00 +1000 | [diff] [blame] | 28 | - tedu@cvs.openbsd.org 2011/07/06 18:09:21 |
| 29 | [authfd.c] |
| 30 | bzero the agent address. the kernel was for a while very cranky about |
| 31 | these things. evne though that's fixed, always good to initialize |
| 32 | memory. ok deraadt djm |
Damien Miller | 35e4819 | 2011-08-06 06:16:23 +1000 | [diff] [blame] | 33 | - djm@cvs.openbsd.org 2011/07/29 14:42:45 |
| 34 | [sandbox-systrace.c] |
| 35 | fail open(2) with EPERM rather than SIGKILLing the whole process. libc |
| 36 | will call open() to do strerror() when NLS is enabled; |
| 37 | feedback and ok markus@ |
Damien Miller | adb467f | 2011-08-06 06:16:46 +1000 | [diff] [blame] | 38 | - markus@cvs.openbsd.org 2011/08/01 19:18:15 |
| 39 | [gss-serv.c] |
| 40 | prevent post-auth resource exhaustion (int overflow leading to 4GB malloc); |
| 41 | report Adam Zabrock; ok djm@, deraadt@ |
Damien Miller | 20bd453 | 2011-08-06 06:17:30 +1000 | [diff] [blame] | 42 | - djm@cvs.openbsd.org 2011/08/02 01:22:11 |
| 43 | [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5] |
| 44 | Add new SHA256 and SHA512 based HMAC modes from |
| 45 | http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt |
| 46 | Patch from mdb AT juniper.net; feedback and ok markus@ |
Damien Miller | c471860 | 2011-08-06 06:17:48 +1000 | [diff] [blame] | 47 | - djm@cvs.openbsd.org 2011/08/02 23:13:01 |
| 48 | [version.h] |
| 49 | crank now, release later |
Damien Miller | 765f8c4 | 2011-08-06 06:18:16 +1000 | [diff] [blame] | 50 | - djm@cvs.openbsd.org 2011/08/02 23:15:03 |
| 51 | [ssh.c] |
| 52 | typo in comment |
Damien Miller | 7741ce8 | 2011-08-06 06:15:15 +1000 | [diff] [blame] | 53 | |
Damien Miller | cd5e52e | 2011-06-27 07:18:18 +1000 | [diff] [blame] | 54 | 20110624 |
| 55 | - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for |
| 56 | Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing |
| 57 | markus@ |
| 58 | |
Damien Miller | 82c5587 | 2011-06-23 08:20:30 +1000 | [diff] [blame] | 59 | 20110623 |
| 60 | - OpenBSD CVS Sync |
| 61 | - djm@cvs.openbsd.org 2011/06/22 21:47:28 |
| 62 | [servconf.c] |
| 63 | reuse the multistate option arrays to pretty-print options for "sshd -T" |
Damien Miller | 69ff1df | 2011-06-23 08:30:03 +1000 | [diff] [blame] | 64 | - djm@cvs.openbsd.org 2011/06/22 21:57:01 |
| 65 | [servconf.c servconf.h sshd.c sshd_config.5] |
| 66 | [configure.ac Makefile.in] |
| 67 | introduce sandboxing of the pre-auth privsep child using systrace(4). |
| 68 | |
| 69 | This introduces a new "UsePrivilegeSeparation=sandbox" option for |
| 70 | sshd_config that applies mandatory restrictions on the syscalls the |
| 71 | privsep child can perform. This prevents a compromised privsep child |
| 72 | from being used to attack other hosts (by opening sockets and proxying) |
| 73 | or probing local kernel attack surface. |
| 74 | |
| 75 | The sandbox is implemented using systrace(4) in unsupervised "fast-path" |
| 76 | mode, where a list of permitted syscalls is supplied. Any syscall not |
| 77 | on the list results in SIGKILL being sent to the privsep child. Note |
| 78 | that this requires a kernel with the new SYSTR_POLICY_KILL option. |
| 79 | |
| 80 | UsePrivilegeSeparation=sandbox will become the default in the future |
| 81 | so please start testing it now. |
| 82 | |
| 83 | feedback dtucker@; ok markus@ |
Damien Miller | 6d7b437 | 2011-06-23 08:31:57 +1000 | [diff] [blame] | 84 | - djm@cvs.openbsd.org 2011/06/22 22:08:42 |
| 85 | [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c] |
| 86 | hook up a channel confirm callback to warn the user then requested X11 |
| 87 | forwarding was refused by the server; ok markus@ |
Damien Miller | dcbd41e | 2011-06-23 19:45:51 +1000 | [diff] [blame] | 88 | - djm@cvs.openbsd.org 2011/06/23 09:34:13 |
| 89 | [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c] |
| 90 | [sandbox-null.c] |
| 91 | rename sandbox.h => ssh-sandbox.h to make things easier for portable |
Damien Miller | 80b62e3 | 2011-06-23 19:03:18 +1000 | [diff] [blame] | 92 | - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support |
| 93 | setrlimit(2) |
Damien Miller | 82c5587 | 2011-06-23 08:20:30 +1000 | [diff] [blame] | 94 | |
Damien Miller | 6029e07 | 2011-06-20 14:22:49 +1000 | [diff] [blame] | 95 | 20110620 |
| 96 | - OpenBSD CVS Sync |
| 97 | - djm@cvs.openbsd.org 2011/06/04 00:10:26 |
| 98 | [ssh_config.5] |
| 99 | explain IdentifyFile's semantics a little better, prompted by bz#1898 |
| 100 | ok dtucker jmc |
Damien Miller | e7ac2bd | 2011-06-20 14:23:25 +1000 | [diff] [blame] | 101 | - markus@cvs.openbsd.org 2011/06/14 22:49:18 |
| 102 | [authfile.c] |
| 103 | make sure key_parse_public/private_rsa1() no longer consumes its input |
| 104 | buffer. fixes ssh-add for passphrase-protected ssh1-keys; |
| 105 | noted by naddy@; ok djm@ |
Damien Miller | 8f0bf23 | 2011-06-20 14:42:23 +1000 | [diff] [blame] | 106 | - djm@cvs.openbsd.org 2011/06/17 21:44:31 |
| 107 | [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c] |
| 108 | make the pre-auth privsep slave log via a socketpair shared with the |
| 109 | monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@ |
Damien Miller | f145a5b | 2011-06-20 14:42:51 +1000 | [diff] [blame] | 110 | - djm@cvs.openbsd.org 2011/06/17 21:46:16 |
| 111 | [sftp-server.c] |
| 112 | the protocol version should be unsigned; bz#1913 reported by mb AT |
| 113 | smartftp.com |
Damien Miller | 3332212 | 2011-06-20 14:43:11 +1000 | [diff] [blame] | 114 | - djm@cvs.openbsd.org 2011/06/17 21:47:35 |
| 115 | [servconf.c] |
| 116 | factor out multi-choice option parsing into a parse_multistate label |
| 117 | and some support structures; ok dtucker@ |
Damien Miller | 4ac99c3 | 2011-06-20 14:43:31 +1000 | [diff] [blame] | 118 | - djm@cvs.openbsd.org 2011/06/17 21:57:25 |
| 119 | [clientloop.c] |
| 120 | setproctitle for a mux master that has been gracefully stopped; |
| 121 | bz#1911 from Bert.Wesarg AT googlemail.com |
Damien Miller | 6029e07 | 2011-06-20 14:22:49 +1000 | [diff] [blame] | 122 | |
Darren Tucker | c412c15 | 2011-06-03 10:35:23 +1000 | [diff] [blame] | 123 | 20110603 |
| 124 | - (dtucker) [README version.h contrib/caldera/openssh.spec |
| 125 | contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version |
| 126 | bumps from the 5.8p2 branch into HEAD. ok djm. |
Tim Rice | 90f42b0 | 2011-06-02 18:17:49 -0700 | [diff] [blame] | 127 | - (tim) [configure.ac defines.h] Run test program to detect system mail |
| 128 | directory. Add --with-maildir option to override. Fixed OpenServer 6 |
| 129 | getting it wrong. Fixed many systems having MAIL=/var/mail//username |
| 130 | ok dtucker |
Darren Tucker | c3c7227 | 2011-06-03 11:20:06 +1000 | [diff] [blame] | 131 | - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair |
| 132 | unconditionally in other places and the survey data we have does not show |
| 133 | any systems that use it. "nuke it" djm@ |
Damien Miller | c09182f | 2011-06-03 12:11:38 +1000 | [diff] [blame] | 134 | - (djm) [configure.ac] enable setproctitle emulation for OS X |
| 135 | - (djm) OpenBSD CVS Sync |
Damien Miller | ea2c1a4 | 2011-06-03 12:10:22 +1000 | [diff] [blame] | 136 | - djm@cvs.openbsd.org 2011/06/03 00:54:38 |
| 137 | [ssh.c] |
| 138 | bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg |
| 139 | AT googlemail.com; ok dtucker@ |
| 140 | NB. includes additional portability code to enable setproctitle emulation |
| 141 | on platforms that don't support it. |
Darren Tucker | 3e78a51 | 2011-06-03 14:14:16 +1000 | [diff] [blame] | 142 | - dtucker@cvs.openbsd.org 2011/06/03 01:37:40 |
| 143 | [ssh-agent.c] |
| 144 | Check current parent process ID against saved one to determine if the parent |
| 145 | has exited, rather than attempting to send a zero signal, since the latter |
| 146 | won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn |
| 147 | Gillmor, ok djm@ |
Darren Tucker | 260c8fb | 2011-06-03 14:17:27 +1000 | [diff] [blame] | 148 | - dtucker@cvs.openbsd.org 2011/05/31 02:01:58 |
| 149 | [regress/dynamic-forward.sh] |
| 150 | back out revs 1.6 and 1.5 since it's not reliable |
Darren Tucker | 75e035c | 2011-06-03 14:18:17 +1000 | [diff] [blame] | 151 | - dtucker@cvs.openbsd.org 2011/05/31 02:03:34 |
| 152 | [regress/dynamic-forward.sh] |
| 153 | work around startup and teardown races; caught by deraadt |
Darren Tucker | bf4d05a | 2011-06-03 14:19:02 +1000 | [diff] [blame] | 154 | - dtucker@cvs.openbsd.org 2011/06/03 00:29:52 |
| 155 | [regress/dynamic-forward.sh] |
| 156 | Retry establishing the port forwarding after a small delay, should make |
| 157 | the tests less flaky when the previous test is slow to shut down and free |
| 158 | up the port. |
Tim Rice | bc48157 | 2011-06-02 22:26:19 -0700 | [diff] [blame] | 159 | - (tim) [regress/cfgmatch.sh] Build/test out of tree fix. |
Darren Tucker | c412c15 | 2011-06-03 10:35:23 +1000 | [diff] [blame] | 160 | |
Damien Miller | d8478b6 | 2011-05-29 21:39:36 +1000 | [diff] [blame] | 161 | 20110529 |
| 162 | - (djm) OpenBSD CVS Sync |
| 163 | - djm@cvs.openbsd.org 2011/05/23 03:30:07 |
| 164 | [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c] |
| 165 | [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5] |
| 166 | allow AuthorizedKeysFile to specify multiple files, separated by spaces. |
| 167 | Bring back authorized_keys2 as a default search path (to avoid breaking |
| 168 | existing users of this file), but override this in sshd_config so it will |
| 169 | be no longer used on fresh installs. Maybe in 2015 we can remove it |
| 170 | entierly :) |
| 171 | |
| 172 | feedback and ok markus@ dtucker@ |
Damien Miller | 1dd66e5 | 2011-05-29 21:40:42 +1000 | [diff] [blame] | 173 | - djm@cvs.openbsd.org 2011/05/23 03:33:38 |
| 174 | [auth.c] |
| 175 | make secure_filename() spam debug logs less |
Damien Miller | 201f425 | 2011-05-29 21:41:03 +1000 | [diff] [blame] | 176 | - djm@cvs.openbsd.org 2011/05/23 03:52:55 |
| 177 | [sshconnect.c] |
| 178 | remove extra newline |
Damien Miller | b9132fc | 2011-05-29 21:41:40 +1000 | [diff] [blame] | 179 | - jmc@cvs.openbsd.org 2011/05/23 07:10:21 |
| 180 | [sshd.8 sshd_config.5] |
| 181 | tweak previous; ok djm |
Damien Miller | 04bb56e | 2011-05-29 21:42:08 +1000 | [diff] [blame] | 182 | - djm@cvs.openbsd.org 2011/05/23 07:24:57 |
| 183 | [authfile.c] |
| 184 | read in key comments for v.2 keys (though note that these are not |
| 185 | passed over the agent protocol); bz#439, based on patch from binder |
| 186 | AT arago.de; ok markus@ |
Damien Miller | 295ee63 | 2011-05-29 21:42:31 +1000 | [diff] [blame] | 187 | - djm@cvs.openbsd.org 2011/05/24 07:15:47 |
| 188 | [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c] |
| 189 | Remove undocumented legacy options UserKnownHostsFile2 and |
| 190 | GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile |
| 191 | accept multiple paths per line and making their defaults include |
| 192 | known_hosts2; ok markus |
Damien Miller | 8cb3587 | 2011-05-29 21:59:10 +1000 | [diff] [blame] | 193 | - djm@cvs.openbsd.org 2011/05/23 03:31:31 |
| 194 | [regress/cfgmatch.sh] |
| 195 | include testing of multiple/overridden AuthorizedKeysFiles |
| 196 | refactor to simply daemon start/stop and get rid of racy constructs |
Damien Miller | d8478b6 | 2011-05-29 21:39:36 +1000 | [diff] [blame] | 197 | |
Damien Miller | 14684a1 | 2011-05-20 11:23:07 +1000 | [diff] [blame] | 198 | 20110520 |
| 199 | - (djm) [session.c] call setexeccon() before executing passwd for pw |
| 200 | changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@ |
Damien Miller | 989bb7f | 2011-05-20 18:56:30 +1000 | [diff] [blame] | 201 | - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options |
| 202 | options, we should corresponding -W-option when trying to determine |
| 203 | whether it is accepted. Also includes a warning fix on the program |
| 204 | fragment uses (bad main() return type). |
| 205 | bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@ |
Damien Miller | ec2eaa3 | 2011-05-20 18:57:14 +1000 | [diff] [blame] | 206 | - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2 |
Damien Miller | 814ace0 | 2011-05-20 19:02:47 +1000 | [diff] [blame] | 207 | - OpenBSD CVS Sync |
| 208 | - djm@cvs.openbsd.org 2011/05/15 08:09:01 |
| 209 | [authfd.c monitor.c serverloop.c] |
| 210 | use FD_CLOEXEC consistently; patch from zion AT x96.org |
Damien Miller | 8f639fe | 2011-05-20 19:03:08 +1000 | [diff] [blame] | 211 | - djm@cvs.openbsd.org 2011/05/17 07:13:31 |
| 212 | [key.c] |
| 213 | fatal() if asked to generate a legacy ECDSA cert (these don't exist) |
| 214 | and fix the regress test that was trying to generate them :) |
Damien Miller | 5d74e58 | 2011-05-20 19:03:31 +1000 | [diff] [blame] | 215 | - djm@cvs.openbsd.org 2011/05/20 00:55:02 |
| 216 | [servconf.c] |
| 217 | the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile |
| 218 | and AuthorizedPrincipalsFile were not being correctly applied in |
| 219 | Match blocks, despite being overridable there; ok dtucker@ |
Damien Miller | c241190 | 2011-05-20 19:03:49 +1000 | [diff] [blame] | 220 | - dtucker@cvs.openbsd.org 2011/05/20 02:00:19 |
| 221 | [servconf.c] |
| 222 | Add comment documenting what should be after the preauth check. ok djm |
Damien Miller | f2e407e | 2011-05-20 19:04:14 +1000 | [diff] [blame] | 223 | - djm@cvs.openbsd.org 2011/05/20 03:25:45 |
| 224 | [monitor.c monitor_wrap.c servconf.c servconf.h] |
| 225 | use a macro to define which string options to copy between configs |
| 226 | for Match. This avoids problems caused by forgetting to keep three |
| 227 | code locations in perfect sync and ordering |
| 228 | |
| 229 | "this is at once beautiful and horrible" + ok dtucker@ |
Damien Miller | f67188f | 2011-05-20 19:06:48 +1000 | [diff] [blame] | 230 | - djm@cvs.openbsd.org 2011/05/17 07:13:31 |
| 231 | [regress/cert-userkey.sh] |
| 232 | fatal() if asked to generate a legacy ECDSA cert (these don't exist) |
| 233 | and fix the regress test that was trying to generate them :) |
Damien Miller | 3045b45 | 2011-05-20 19:07:45 +1000 | [diff] [blame] | 234 | - djm@cvs.openbsd.org 2011/05/20 02:43:36 |
| 235 | [cert-hostkey.sh] |
| 236 | another attempt to generate a v00 ECDSA key that broke the test |
| 237 | ID sync only - portable already had this somehow |
Damien Miller | 7b9451f | 2011-05-20 19:08:11 +1000 | [diff] [blame] | 238 | - dtucker@cvs.openbsd.org 2011/05/20 05:19:50 |
| 239 | [dynamic-forward.sh] |
| 240 | Prevent races in dynamic forwarding test; ok djm |
Damien Miller | acacced | 2011-05-20 19:08:40 +1000 | [diff] [blame] | 241 | - dtucker@cvs.openbsd.org 2011/05/20 06:32:30 |
| 242 | [dynamic-forward.sh] |
| 243 | fix dumb error in dynamic-forward test |
Damien Miller | 14684a1 | 2011-05-20 11:23:07 +1000 | [diff] [blame] | 244 | |
Damien Miller | 60432d8 | 2011-05-15 08:34:46 +1000 | [diff] [blame] | 245 | 20110515 |
| 246 | - (djm) OpenBSD CVS Sync |
| 247 | - djm@cvs.openbsd.org 2011/05/05 05:12:08 |
| 248 | [mux.c] |
| 249 | gracefully fall back when ControlPath is too large for a |
| 250 | sockaddr_un. ok markus@ as part of a larger diff |
Damien Miller | fd53abd | 2011-05-15 08:36:02 +1000 | [diff] [blame] | 251 | - dtucker@cvs.openbsd.org 2011/05/06 01:03:35 |
| 252 | [sshd_config] |
| 253 | clarify language about overriding defaults. bz#1892, from Petr Cerny |
Damien Miller | 58a77e2 | 2011-05-15 08:36:29 +1000 | [diff] [blame] | 254 | - djm@cvs.openbsd.org 2011/05/06 01:09:53 |
| 255 | [sftp.1] |
| 256 | mention that IPv6 addresses must be enclosed in square brackets; |
| 257 | bz#1845 |
Damien Miller | 78c40c3 | 2011-05-15 08:36:59 +1000 | [diff] [blame] | 258 | - djm@cvs.openbsd.org 2011/05/06 02:05:41 |
| 259 | [sshconnect2.c] |
| 260 | fix memory leak; bz#1849 ok dtucker@ |
Damien Miller | d2ac5d7 | 2011-05-15 08:43:13 +1000 | [diff] [blame] | 261 | - djm@cvs.openbsd.org 2011/05/06 21:14:05 |
| 262 | [packet.c packet.h] |
| 263 | set traffic class for IPv6 traffic as we do for IPv4 TOS; |
| 264 | patch from lionel AT mamane.lu via Colin Watson in bz#1855; |
| 265 | ok markus@ |
Damien Miller | dfc85fa | 2011-05-15 08:44:02 +1000 | [diff] [blame] | 266 | - djm@cvs.openbsd.org 2011/05/06 21:18:02 |
| 267 | [ssh.c ssh_config.5] |
| 268 | add a %L expansion (short-form of the local host name) for ControlPath; |
| 269 | sync some more expansions with LocalCommand; ok markus@ |
Damien Miller | fe92421 | 2011-05-15 08:44:45 +1000 | [diff] [blame] | 270 | - djm@cvs.openbsd.org 2011/05/06 21:31:38 |
| 271 | [readconf.c ssh_config.5] |
| 272 | support negated Host matching, e.g. |
| 273 | |
| 274 | Host *.example.org !c.example.org |
| 275 | User mekmitasdigoat |
| 276 | |
| 277 | Will match "a.example.org", "b.example.org", but not "c.example.org" |
| 278 | ok markus@ |
Damien Miller | 21771e2 | 2011-05-15 08:45:50 +1000 | [diff] [blame] | 279 | - djm@cvs.openbsd.org 2011/05/06 21:34:32 |
| 280 | [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5] |
| 281 | Add a RequestTTY ssh_config option to allow configuration-based |
| 282 | control over tty allocation (like -t/-T); ok markus@ |
Damien Miller | a6bbbe4 | 2011-05-15 08:46:29 +1000 | [diff] [blame] | 283 | - djm@cvs.openbsd.org 2011/05/06 21:38:58 |
| 284 | [ssh.c] |
| 285 | fix dropping from previous diff |
Damien Miller | c067f62 | 2011-05-15 08:46:54 +1000 | [diff] [blame] | 286 | - djm@cvs.openbsd.org 2011/05/06 22:20:10 |
| 287 | [PROTOCOL.mux] |
| 288 | fix numbering; from bert.wesarg AT googlemail.com |
Damien Miller | 486dd2e | 2011-05-15 08:47:18 +1000 | [diff] [blame] | 289 | - jmc@cvs.openbsd.org 2011/05/07 23:19:39 |
| 290 | [ssh_config.5] |
| 291 | - tweak previous |
| 292 | - come consistency fixes |
| 293 | ok djm |
Damien Miller | f4b32aa | 2011-05-15 08:47:43 +1000 | [diff] [blame] | 294 | - jmc@cvs.openbsd.org 2011/05/07 23:20:25 |
| 295 | [ssh.1] |
| 296 | +.It RequestTTY |
Damien Miller | 555f3b8 | 2011-05-15 08:48:05 +1000 | [diff] [blame] | 297 | - djm@cvs.openbsd.org 2011/05/08 12:52:01 |
| 298 | [PROTOCOL.mux clientloop.c clientloop.h mux.c] |
| 299 | improve our behaviour when TTY allocation fails: if we are in |
| 300 | RequestTTY=auto mode (the default), then do not treat at TTY |
| 301 | allocation error as fatal but rather just restore the local TTY |
| 302 | to cooked mode and continue. This is more graceful on devices that |
| 303 | never allocate TTYs. |
| 304 | |
| 305 | If RequestTTY is set to "yes" or "force", then failure to allocate |
| 306 | a TTY is fatal. |
| 307 | |
| 308 | ok markus@ |
Damien Miller | 3219824 | 2011-05-15 08:50:32 +1000 | [diff] [blame] | 309 | - djm@cvs.openbsd.org 2011/05/10 05:46:46 |
| 310 | [authfile.c] |
| 311 | despam debug() logs by detecting that we are trying to load a private key |
| 312 | in key_try_load_public() and returning early; ok markus@ |
Damien Miller | 7c1b2c4 | 2011-05-15 08:51:05 +1000 | [diff] [blame] | 313 | - djm@cvs.openbsd.org 2011/05/11 04:47:06 |
| 314 | [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h] |
| 315 | remove support for authorized_keys2; it is a relic from the early days |
| 316 | of protocol v.2 support and has been undocumented for many years; |
| 317 | ok markus@ |
Damien Miller | 9d276b8 | 2011-05-15 08:51:43 +1000 | [diff] [blame] | 318 | - djm@cvs.openbsd.org 2011/05/13 00:05:36 |
| 319 | [authfile.c] |
| 320 | warn on unexpected key type in key_parse_private_type() |
Damien Miller | 23f425b | 2011-05-15 08:58:15 +1000 | [diff] [blame] | 321 | - (djm) [packet.c] unbreak portability #endif |
Damien Miller | 60432d8 | 2011-05-15 08:34:46 +1000 | [diff] [blame] | 322 | |
Darren Tucker | d6548fe | 2011-05-10 11:13:36 +1000 | [diff] [blame] | 323 | 20110510 |
| 324 | - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix |
| 325 | --with-ssl-engine which was broken with the change from deprecated |
| 326 | SSLeay_add_all_algorithms(). ok djm |
| 327 | |
Darren Tucker | 343f75f | 2011-05-06 10:43:50 +1000 | [diff] [blame] | 328 | 20110506 |
| 329 | - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype |
| 330 | for closefrom() in test code. Report from Dan Wallis via Gentoo. |
| 331 | |
Damien Miller | 68790fe | 2011-05-05 11:19:13 +1000 | [diff] [blame] | 332 | 20110505 |
| 333 | - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS |
| 334 | definitions. From des AT des.no |
Damien Miller | f22019b | 2011-05-05 13:48:37 +1000 | [diff] [blame] | 335 | - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac] |
| 336 | [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c] |
| 337 | [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c] |
| 338 | [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh] |
| 339 | [regress/README.regress] Remove ssh-rand-helper and all its |
| 340 | tentacles. PRNGd seeding has been rolled into entropy.c directly. |
| 341 | Thanks to tim@ for testing on affected platforms. |
Damien Miller | 3fcdfd5 | 2011-05-05 14:04:11 +1000 | [diff] [blame] | 342 | - OpenBSD CVS Sync |
| 343 | - djm@cvs.openbsd.org 2011/03/10 02:52:57 |
Damien Miller | b2da7d1 | 2011-05-05 14:04:50 +1000 | [diff] [blame] | 344 | [auth2-gss.c auth2.c auth.h] |
Damien Miller | 3fcdfd5 | 2011-05-05 14:04:11 +1000 | [diff] [blame] | 345 | allow GSSAPI authentication to detect when a server-side failure causes |
| 346 | authentication failure and don't count such failures against MaxAuthTries; |
| 347 | bz#1244 from simon AT sxw.org.uk; ok markus@ before lock |
Damien Miller | c5219e7 | 2011-05-05 14:05:12 +1000 | [diff] [blame] | 348 | - okan@cvs.openbsd.org 2011/03/15 10:36:02 |
| 349 | [ssh-keyscan.c] |
| 350 | use timerclear macro |
| 351 | ok djm@ |
Damien Miller | 58f1baf | 2011-05-05 14:06:15 +1000 | [diff] [blame] | 352 | - stevesk@cvs.openbsd.org 2011/03/23 15:16:22 |
| 353 | [ssh-keygen.1 ssh-keygen.c] |
| 354 | Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) |
| 355 | for which host keys do not exist, generate the host keys with the |
| 356 | default key file path, an empty passphrase, default bits for the key |
| 357 | type, and default comment. This will be used by /etc/rc to generate |
| 358 | new host keys. Idea from deraadt. |
| 359 | ok deraadt |
Damien Miller | 4a4d161 | 2011-05-05 14:06:39 +1000 | [diff] [blame] | 360 | - stevesk@cvs.openbsd.org 2011/03/23 16:24:56 |
| 361 | [ssh-keygen.1] |
| 362 | -q not used in /etc/rc now so remove statement. |
Damien Miller | 1114319 | 2011-05-05 14:13:25 +1000 | [diff] [blame] | 363 | - stevesk@cvs.openbsd.org 2011/03/23 16:50:04 |
| 364 | [ssh-keygen.c] |
| 365 | remove -d, documentation removed >10 years ago; ok markus |
Damien Miller | 3ca1eb3 | 2011-05-05 14:13:50 +1000 | [diff] [blame] | 366 | - jmc@cvs.openbsd.org 2011/03/24 15:29:30 |
| 367 | [ssh-keygen.1] |
| 368 | zap trailing whitespace; |
Damien Miller | 044f4a6 | 2011-05-05 14:14:08 +1000 | [diff] [blame] | 369 | - stevesk@cvs.openbsd.org 2011/03/24 22:14:54 |
| 370 | [ssh-keygen.c] |
| 371 | use strcasecmp() for "clear" cert permission option also; ok djm |
Damien Miller | 9147586 | 2011-05-05 14:14:34 +1000 | [diff] [blame] | 372 | - stevesk@cvs.openbsd.org 2011/03/29 18:54:17 |
| 373 | [misc.c misc.h servconf.c] |
| 374 | print ipqos friendly string for sshd -T; ok markus |
| 375 | # sshd -Tf sshd_config|grep ipqos |
| 376 | ipqos lowdelay throughput |
Damien Miller | 884b63a | 2011-05-05 14:14:52 +1000 | [diff] [blame] | 377 | - djm@cvs.openbsd.org 2011/04/12 04:23:50 |
| 378 | [ssh-keygen.c] |
| 379 | fix -Wshadow |
Damien Miller | 26b57ce | 2011-05-05 14:15:09 +1000 | [diff] [blame] | 380 | - djm@cvs.openbsd.org 2011/04/12 05:32:49 |
| 381 | [sshd.c] |
| 382 | exit with 0 status on SIGTERM; bz#1879 |
Damien Miller | 085c90f | 2011-05-05 14:15:33 +1000 | [diff] [blame] | 383 | - djm@cvs.openbsd.org 2011/04/13 04:02:48 |
| 384 | [ssh-keygen.1] |
| 385 | improve wording; bz#1861 |
Damien Miller | ad21032 | 2011-05-05 14:15:54 +1000 | [diff] [blame] | 386 | - djm@cvs.openbsd.org 2011/04/13 04:09:37 |
| 387 | [ssh-keygen.1] |
| 388 | mention valid -b sizes for ECDSA keys; bz#1862 |
Damien Miller | 6c3eec7 | 2011-05-05 14:16:22 +1000 | [diff] [blame] | 389 | - djm@cvs.openbsd.org 2011/04/17 22:42:42 |
| 390 | [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c] |
| 391 | allow graceful shutdown of multiplexing: request that a mux server |
| 392 | removes its listener socket and refuse future multiplexing requests; |
| 393 | ok markus@ |
Damien Miller | 8cb1cda | 2011-05-05 14:16:56 +1000 | [diff] [blame] | 394 | - djm@cvs.openbsd.org 2011/04/18 00:46:05 |
| 395 | [ssh-keygen.c] |
| 396 | certificate options are supposed to be packed in lexical order of |
| 397 | option name (though we don't actually enforce this at present). |
| 398 | Move one up that was out of sequence |
Damien Miller | 2ce12ef | 2011-05-05 14:17:18 +1000 | [diff] [blame] | 399 | - djm@cvs.openbsd.org 2011/05/04 21:15:29 |
| 400 | [authfile.c authfile.h ssh-add.c] |
| 401 | allow "ssh-add - < key"; feedback and ok markus@ |
Tim Rice | 19d8181 | 2011-05-04 21:44:25 -0700 | [diff] [blame] | 402 | - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE |
| 403 | so autoreconf 2.68 is happy. |
Tim Rice | 9abb697 | 2011-05-04 23:06:59 -0700 | [diff] [blame] | 404 | - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@ |
Damien Miller | 68790fe | 2011-05-05 11:19:13 +1000 | [diff] [blame] | 405 | |
Darren Tucker | e541aaa | 2011-02-21 21:41:29 +1100 | [diff] [blame] | 406 | 20110221 |
| 407 | - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the |
| 408 | Cygwin-specific service installer script ssh-host-config. The actual |
| 409 | functionality is the same, the revisited version is just more |
| 410 | exact when it comes to check for problems which disallow to run |
| 411 | certain aspects of the script. So, part of this script and the also |
| 412 | rearranged service helper script library "csih" is to check if all |
| 413 | the tools required to run the script are available on the system. |
| 414 | The new script also is more thorough to inform the user why the |
| 415 | script failed. Patch from vinschen at redhat com. |
| 416 | |
Damien Miller | 0588beb | 2011-02-18 09:18:45 +1100 | [diff] [blame] | 417 | 20110218 |
| 418 | - OpenBSD CVS Sync |
| 419 | - djm@cvs.openbsd.org 2011/02/16 00:31:14 |
| 420 | [ssh-keysign.c] |
| 421 | make hostbased auth with ECDSA keys work correctly. Based on patch |
| 422 | by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock) |
| 423 | |
Darren Tucker | 3b9617e | 2011-02-06 13:24:35 +1100 | [diff] [blame] | 424 | 20110206 |
| 425 | - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in |
| 426 | selinux code. Patch from Leonardo Chiquitto |
Darren Tucker | ea676a6 | 2011-02-06 13:31:23 +1100 | [diff] [blame] | 427 | - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key |
| 428 | generation and simplify. Patch from Corinna Vinschen. |
Darren Tucker | 3b9617e | 2011-02-06 13:24:35 +1100 | [diff] [blame] | 429 | |
Damien Miller | b407dd8 | 2011-02-04 11:46:39 +1100 | [diff] [blame] | 430 | 20110204 |
| 431 | - OpenBSD CVS Sync |
| 432 | - djm@cvs.openbsd.org 2011/01/31 21:42:15 |
| 433 | [PROTOCOL.mux] |
| 434 | cut'n'pasto; from bert.wesarg AT googlemail.com |
Damien Miller | 0a5f012 | 2011-02-04 11:47:01 +1100 | [diff] [blame] | 435 | - djm@cvs.openbsd.org 2011/02/04 00:44:21 |
| 436 | [key.c] |
| 437 | fix uninitialised nonce variable; reported by Mateusz Kocielski |
Damien Miller | a698127 | 2011-02-04 11:47:20 +1100 | [diff] [blame] | 438 | - djm@cvs.openbsd.org 2011/02/04 00:44:43 |
| 439 | [version.h] |
| 440 | openssh-5.8 |
Damien Miller | 0d30b09 | 2011-02-04 12:43:36 +1100 | [diff] [blame] | 441 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| 442 | [contrib/suse/openssh.spec] update versions in docs and spec files. |
| 443 | - Release OpenSSH 5.8p1 |
Damien Miller | b407dd8 | 2011-02-04 11:46:39 +1100 | [diff] [blame] | 444 | |
Damien Miller | d4a5504 | 2011-01-28 10:30:18 +1100 | [diff] [blame] | 445 | 20110128 |
| 446 | - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled |
| 447 | before attempting setfscreatecon(). Check whether matchpathcon() |
| 448 | succeeded before using its result. Patch from cjwatson AT debian.org; |
| 449 | bz#1851 |
| 450 | |
Tim Rice | d069c48 | 2011-01-26 12:32:12 -0800 | [diff] [blame] | 451 | 20110127 |
| 452 | - (tim) [config.guess config.sub] Sync with upstream. |
Tim Rice | 648f876 | 2011-01-26 12:38:57 -0800 | [diff] [blame] | 453 | - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete |
| 454 | AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with |
| 455 | AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white |
| 456 | space changes for consistency/readability. Makes autoconf 2.68 happy. |
| 457 | "Nice work" djm |
Tim Rice | d069c48 | 2011-01-26 12:32:12 -0800 | [diff] [blame] | 458 | |
Damien Miller | 71adf12 | 2011-01-25 12:16:15 +1100 | [diff] [blame] | 459 | 20110125 |
| 460 | - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c |
| 461 | openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to |
| 462 | port-linux.c to avoid compilation errors. Add -lselinux to ssh when |
| 463 | building with SELinux support to avoid linking failure; report from |
| 464 | amk AT spamfence.net; ok dtucker |
| 465 | |
Darren Tucker | 7924137 | 2011-01-22 09:37:01 +1100 | [diff] [blame] | 466 | 20110122 |
| 467 | - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add |
| 468 | RSA_get_default_method() for the benefit of openssl versions that don't |
| 469 | have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, |
| 470 | ok djm@. |
Damien Miller | ad4b1ad | 2011-01-22 20:21:33 +1100 | [diff] [blame] | 471 | - OpenBSD CVS Sync |
| 472 | - djm@cvs.openbsd.org 2011/01/22 09:18:53 |
| 473 | [version.h] |
| 474 | crank to OpenSSH-5.7 |
Damien Miller | 966accc | 2011-01-22 20:23:10 +1100 | [diff] [blame] | 475 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| 476 | [contrib/suse/openssh.spec] update versions in docs and spec files. |
Damien Miller | 6f8f04b | 2011-01-22 20:25:11 +1100 | [diff] [blame] | 477 | - (djm) Release 5.7p1 |
Darren Tucker | 7924137 | 2011-01-22 09:37:01 +1100 | [diff] [blame] | 478 | |
Tim Rice | 15e1b4d | 2011-01-18 20:47:04 -0800 | [diff] [blame] | 479 | 20110119 |
| 480 | - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead |
| 481 | of RPM so build completes. Signatures were changed to .asc since 4.1p1. |
Damien Miller | e323ebc | 2011-01-19 23:12:27 +1100 | [diff] [blame] | 482 | - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to |
| 483 | 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre- |
| 484 | release testing (random crashes and failure to load ECC keys). |
| 485 | ok dtucker@ |
Tim Rice | 15e1b4d | 2011-01-18 20:47:04 -0800 | [diff] [blame] | 486 | |
Damien Miller | 369c0e8 | 2011-01-17 10:51:40 +1100 | [diff] [blame] | 487 | 20110117 |
| 488 | - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in |
| 489 | $PATH, fix cleanup of droppings; reported by openssh AT |
| 490 | roumenpetrov.info; ok dtucker@ |
Damien Miller | fd3669e | 2011-01-17 11:20:18 +1100 | [diff] [blame] | 491 | - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding |
| 492 | its unique snowflake of a gdb error to the ones we look for. |
Damien Miller | 1ccbfa8 | 2011-01-17 11:52:40 +1100 | [diff] [blame] | 493 | - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running |
| 494 | ssh-add to avoid $SUDO failures on Linux |
Darren Tucker | 0c93adc | 2011-01-17 11:55:59 +1100 | [diff] [blame] | 495 | - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new |
| 496 | Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback |
| 497 | to the old values. Feedback from vapier at gentoo org and djm, ok djm. |
Damien Miller | 5849778 | 2011-01-17 16:17:09 +1100 | [diff] [blame] | 498 | - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh] |
| 499 | [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are |
| 500 | disabled on platforms that do not support them; add a "config_defined()" |
| 501 | shell function that greps for defines in config.h and use them to decide |
| 502 | on feature tests. |
| 503 | Convert a couple of existing grep's over config.h to use the new function |
| 504 | Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent |
| 505 | backslash characters in filenames, enable it for Cygwin and use it to turn |
| 506 | of tests for quotes backslashes in sftp-glob.sh. |
| 507 | based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@ |
Tim Rice | 6dfcd34 | 2011-01-16 22:53:56 -0800 | [diff] [blame] | 508 | - (tim) [regress/agent-getpeereid.sh] shell portability fix. |
Darren Tucker | 263d43d | 2011-01-17 18:50:22 +1100 | [diff] [blame] | 509 | - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on |
| 510 | the tinderbox. |
Darren Tucker | ea52a82 | 2011-01-17 21:15:27 +1100 | [diff] [blame] | 511 | - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h |
| 512 | configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem |
| 513 | support, based on patches from Tomas Mraz and jchadima at redhat. |
Damien Miller | 369c0e8 | 2011-01-17 10:51:40 +1100 | [diff] [blame] | 514 | |
Darren Tucker | 50c61f8 | 2011-01-16 18:28:09 +1100 | [diff] [blame] | 515 | 20110116 |
| 516 | - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based |
| 517 | on configurations that don't have it. |
Damien Miller | 4791f9d | 2011-01-16 23:16:53 +1100 | [diff] [blame] | 518 | - OpenBSD CVS Sync |
| 519 | - djm@cvs.openbsd.org 2011/01/16 11:50:05 |
| 520 | [clientloop.c] |
| 521 | Use atomicio when flushing protocol 1 std{out,err} buffers at |
| 522 | session close. This was a latent bug exposed by setting a SIGCHLD |
| 523 | handler and spotted by kevin.brott AT gmail.com; ok dtucker@ |
Damien Miller | 6fb6fd5 | 2011-01-16 23:17:45 +1100 | [diff] [blame] | 524 | - djm@cvs.openbsd.org 2011/01/16 11:50:36 |
| 525 | [sshconnect.c] |
| 526 | reset the SIGPIPE handler when forking to execute child processes; |
| 527 | ok dtucker@ |
Damien Miller | cfd6e4f | 2011-01-16 23:18:33 +1100 | [diff] [blame] | 528 | - djm@cvs.openbsd.org 2011/01/16 12:05:59 |
| 529 | [clientloop.c] |
| 530 | a couple more tweaks to the post-close protocol 1 stderr/stdout flush: |
| 531 | now that we use atomicio(), convert them from while loops to if statements |
| 532 | add test and cast to compile cleanly with -Wsigned |
Darren Tucker | 50c61f8 | 2011-01-16 18:28:09 +1100 | [diff] [blame] | 533 | |
Darren Tucker | 08f8388 | 2011-01-16 18:24:04 +1100 | [diff] [blame] | 534 | 20110114 |
Damien Miller | 445c9a5 | 2011-01-14 12:01:29 +1100 | [diff] [blame] | 535 | - OpenBSD CVS Sync |
| 536 | - djm@cvs.openbsd.org 2011/01/13 21:54:53 |
| 537 | [mux.c] |
| 538 | correct error messages; patch from bert.wesarg AT googlemail.com |
Damien Miller | 42747df | 2011-01-14 12:01:50 +1100 | [diff] [blame] | 539 | - djm@cvs.openbsd.org 2011/01/13 21:55:25 |
| 540 | [PROTOCOL.mux] |
| 541 | correct protocol names and add a couple of missing protocol number |
| 542 | defines; patch from bert.wesarg AT googlemail.com |
Damien Miller | e9b4048 | 2011-01-14 14:47:37 +1100 | [diff] [blame] | 543 | - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in |
| 544 | host-key-force target rather than a substitution that is replaced with a |
| 545 | comment so that the Makefile.in is still a syntactically valid Makefile |
| 546 | (useful to run the distprep target) |
Tim Rice | 02d99da | 2011-01-13 22:20:27 -0800 | [diff] [blame] | 547 | - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name. |
Tim Rice | c5c346b | 2011-01-13 22:36:14 -0800 | [diff] [blame] | 548 | - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some |
| 549 | ecdsa bits. |
Damien Miller | 445c9a5 | 2011-01-14 12:01:29 +1100 | [diff] [blame] | 550 | |
Darren Tucker | 08f8388 | 2011-01-16 18:24:04 +1100 | [diff] [blame] | 551 | 20110113 |
Damien Miller | 1708cb7 | 2011-01-13 12:21:34 +1100 | [diff] [blame] | 552 | - (djm) [misc.c] include time.h for nanosleep() prototype |
Tim Rice | cce927c | 2011-01-12 19:06:31 -0800 | [diff] [blame] | 553 | - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm |
Tim Rice | 9b87a5c | 2011-01-12 22:35:43 -0800 | [diff] [blame] | 554 | - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating |
| 555 | ecdsa keys. ok djm. |
Damien Miller | ff22df5 | 2011-01-13 21:05:27 +1100 | [diff] [blame] | 556 | - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid |
| 557 | gcc warning on platforms where it defaults to int |
Damien Miller | cbaf8e6 | 2011-01-13 21:08:27 +1100 | [diff] [blame] | 558 | - (djm) [regress/Makefile] add a few more generated files to the clean |
| 559 | target |
Damien Miller | 9b16086 | 2011-01-13 22:00:20 +1100 | [diff] [blame] | 560 | - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad |
| 561 | #define that was causing diffie-hellman-group-exchange-sha256 to be |
| 562 | incorrectly disabled |
Damien Miller | 5278806 | 2011-01-13 22:05:14 +1100 | [diff] [blame] | 563 | - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256 |
| 564 | should not depend on ECC support |
Damien Miller | 1708cb7 | 2011-01-13 12:21:34 +1100 | [diff] [blame] | 565 | |
Darren Tucker | 08f8388 | 2011-01-16 18:24:04 +1100 | [diff] [blame] | 566 | 20110112 |
Damien Miller | b66e917 | 2011-01-12 13:30:18 +1100 | [diff] [blame] | 567 | - OpenBSD CVS Sync |
| 568 | - nicm@cvs.openbsd.org 2010/10/08 21:48:42 |
| 569 | [openbsd-compat/glob.c] |
| 570 | Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit |
| 571 | from ARG_MAX to 64K. |
| 572 | Fixes glob-using programs (notably ftp) able to be triggered to hit |
| 573 | resource limits. |
| 574 | Idea from a similar NetBSD change, original problem reported by jasper@. |
| 575 | ok millert tedu jasper |
Damien Miller | 4927aaf | 2011-01-12 13:32:03 +1100 | [diff] [blame] | 576 | - djm@cvs.openbsd.org 2011/01/12 01:53:14 |
| 577 | avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS |
| 578 | and sanity check arguments (these will be unnecessary when we switch |
| 579 | struct glob members from being type into to size_t in the future); |
| 580 | "looks ok" tedu@ feedback guenther@ |
Damien Miller | 945aa0c | 2011-01-12 13:34:02 +1100 | [diff] [blame] | 581 | - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid |
| 582 | silly warnings on write() calls we don't care succeed or not. |
Damien Miller | 134d02a | 2011-01-12 16:00:37 +1100 | [diff] [blame] | 583 | - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler |
| 584 | flag tests that don't depend on gcc version at all; suggested by and |
| 585 | ok dtucker@ |
Damien Miller | b66e917 | 2011-01-12 13:30:18 +1100 | [diff] [blame] | 586 | |
Tim Rice | 076a3b9 | 2011-01-10 12:56:26 -0800 | [diff] [blame] | 587 | 20110111 |
| 588 | - (tim) [regress/host-expand.sh] Fix for building outside of read only |
| 589 | source tree. |
Damien Miller | 81ad4b1 | 2011-01-11 17:02:23 +1100 | [diff] [blame] | 590 | - (djm) [platform.c] Some missing includes that show up under -Werror |
Damien Miller | b73b6fd | 2011-01-11 17:18:56 +1100 | [diff] [blame] | 591 | - OpenBSD CVS Sync |
| 592 | - djm@cvs.openbsd.org 2011/01/08 10:51:51 |
| 593 | [clientloop.c] |
| 594 | use host and not options.hostname, as the latter may have unescaped |
| 595 | substitution characters |
Damien Miller | a256c8d | 2011-01-11 17:20:05 +1100 | [diff] [blame] | 596 | - djm@cvs.openbsd.org 2011/01/11 06:06:09 |
| 597 | [sshlogin.c] |
| 598 | fd leak on error paths; from zinovik@ |
| 599 | NB. Id sync only; we use loginrec.c that was also audited and fixed |
| 600 | recently |
Damien Miller | 821de0a | 2011-01-11 17:20:29 +1100 | [diff] [blame] | 601 | - djm@cvs.openbsd.org 2011/01/11 06:13:10 |
| 602 | [clientloop.c ssh-keygen.c sshd.c] |
| 603 | some unsigned long long casts that make things a bit easier for |
| 604 | portable without resorting to dropping PRIu64 formats everywhere |
Tim Rice | 076a3b9 | 2011-01-10 12:56:26 -0800 | [diff] [blame] | 605 | |
Damien Miller | e63b7f2 | 2011-01-09 09:19:50 +1100 | [diff] [blame] | 606 | 20110109 |
| 607 | - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by |
| 608 | openssh AT roumenpetrov.info |
| 609 | |
Damien Miller | 996384d | 2011-01-08 21:58:20 +1100 | [diff] [blame] | 610 | 20110108 |
| 611 | - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress |
| 612 | test on OSX and others. Reported by imorgan AT nas.nasa.gov |
| 613 | |
Damien Miller | 322125b | 2011-01-07 09:50:08 +1100 | [diff] [blame] | 614 | 20110107 |
| 615 | - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test |
| 616 | for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com |
Damien Miller | 83f8a40 | 2011-01-07 09:51:17 +1100 | [diff] [blame] | 617 | - djm@cvs.openbsd.org 2011/01/06 22:23:53 |
| 618 | [ssh.c] |
| 619 | unbreak %n expansion in LocalCommand; patch from bert.wesarg AT |
| 620 | googlemail.com; ok markus@ |
Damien Miller | 64abf31 | 2011-01-07 09:51:52 +1100 | [diff] [blame] | 621 | - djm@cvs.openbsd.org 2011/01/06 22:23:02 |
| 622 | [clientloop.c] |
| 623 | when exiting due to ServerAliveTimeout, mention the hostname that caused |
| 624 | it (useful with backgrounded controlmaster) |
Damien Miller | 7d06b00 | 2011-01-07 09:54:20 +1100 | [diff] [blame] | 625 | - djm@cvs.openbsd.org 2011/01/06 22:46:21 |
| 626 | [regress/Makefile regress/host-expand.sh] |
| 627 | regress test for LocalCommand %n expansion from bert.wesarg AT |
| 628 | googlemail.com; ok markus@ |
Damien Miller | ed3a8eb | 2011-01-07 10:02:52 +1100 | [diff] [blame] | 629 | - djm@cvs.openbsd.org 2011/01/06 23:01:35 |
| 630 | [sshconnect.c] |
| 631 | reset SIGCHLD handler to SIG_DFL when execuring LocalCommand; |
| 632 | ok markus@ |
Damien Miller | 322125b | 2011-01-07 09:50:08 +1100 | [diff] [blame] | 633 | |
Damien Miller | f121143 | 2011-01-06 22:40:30 +1100 | [diff] [blame] | 634 | 20110106 |
| 635 | - (djm) OpenBSD CVS Sync |
| 636 | - markus@cvs.openbsd.org 2010/12/08 22:46:03 |
| 637 | [scp.1 scp.c] |
| 638 | add a new -3 option to scp: Copies between two remote hosts are |
| 639 | transferred through the local host. Without this option the data |
| 640 | is copied directly between the two remote hosts. ok djm@ (bugzilla #1837) |
Damien Miller | 907998d | 2011-01-06 22:41:21 +1100 | [diff] [blame] | 641 | - jmc@cvs.openbsd.org 2010/12/09 14:13:33 |
| 642 | [scp.1 scp.c] |
| 643 | scp.1: grammer fix |
| 644 | scp.c: add -3 to usage() |
Damien Miller | 05c8997 | 2011-01-06 22:42:04 +1100 | [diff] [blame] | 645 | - markus@cvs.openbsd.org 2010/12/14 11:59:06 |
| 646 | [sshconnect.c] |
| 647 | don't mention key type in key-changed-warning, since we also print |
| 648 | this warning if a new key type appears. ok djm@ |
Damien Miller | 106079c | 2011-01-06 22:43:44 +1100 | [diff] [blame] | 649 | - djm@cvs.openbsd.org 2010/12/15 00:49:27 |
| 650 | [readpass.c] |
| 651 | fix ControlMaster=ask regression |
| 652 | reset SIGCHLD handler before fork (and restore it after) so we don't miss |
| 653 | the the askpass child's exit status. Correct test for exit status/signal to |
| 654 | account for waitpid() failure; with claudio@ ok claudio@ markus@ |
Damien Miller | de53fd0 | 2011-01-06 22:44:18 +1100 | [diff] [blame] | 655 | - djm@cvs.openbsd.org 2010/12/24 21:41:48 |
| 656 | [auth-options.c] |
| 657 | don't send the actual forced command in a debug message; ok markus deraadt |
Damien Miller | 8ad960b | 2011-01-06 22:44:44 +1100 | [diff] [blame] | 658 | - otto@cvs.openbsd.org 2011/01/04 20:44:13 |
| 659 | [ssh-keyscan.c] |
| 660 | handle ecdsa-sha2 with various key lengths; hint and ok djm@ |
Damien Miller | f121143 | 2011-01-06 22:40:30 +1100 | [diff] [blame] | 661 | |
Damien Miller | 30a69e7 | 2011-01-04 08:16:27 +1100 | [diff] [blame] | 662 | 20110104 |
| 663 | - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage |
| 664 | formatter if it is present, followed by nroff and groff respectively. |
| 665 | Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports |
| 666 | in favour of mandoc). feedback and ok tim |
| 667 | |
| 668 | 20110103 |
Damien Miller | d197fd6 | 2011-01-03 14:48:14 +1100 | [diff] [blame] | 669 | - (djm) [Makefile.in] revert local hack I didn't intend to commit |
| 670 | |
| 671 | 20110102 |
Damien Miller | 4a06f92 | 2011-01-02 21:43:59 +1100 | [diff] [blame] | 672 | - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker |
Damien Miller | 41bccf7 | 2011-01-02 21:53:07 +1100 | [diff] [blame] | 673 | - (djm) [configure.ac] Check whether libdes is needed when building |
| 674 | with Heimdal krb5 support. On OpenBSD this library no longer exists, |
| 675 | so linking it unconditionally causes a build failure; ok dtucker |
Damien Miller | 4a06f92 | 2011-01-02 21:43:59 +1100 | [diff] [blame] | 676 | |
Damien Miller | 928362d | 2010-12-26 14:26:45 +1100 | [diff] [blame] | 677 | 20101226 |
| 678 | - (dtucker) OpenBSD CVS Sync |
| 679 | - djm@cvs.openbsd.org 2010/12/08 04:02:47 |
| 680 | [ssh_config.5 sshd_config.5] |
| 681 | explain that IPQoS arguments are separated by whitespace; iirc requested |
| 682 | by jmc@ a while back |
| 683 | |
Darren Tucker | 37bb756 | 2010-12-05 08:46:05 +1100 | [diff] [blame] | 684 | 20101205 |
| 685 | - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from |
| 686 | debugging. Spotted by djm. |
Darren Tucker | 7336b90 | 2010-12-05 09:00:30 +1100 | [diff] [blame] | 687 | - (dtucker) OpenBSD CVS Sync |
| 688 | - djm@cvs.openbsd.org 2010/12/03 23:49:26 |
| 689 | [schnorr.c] |
| 690 | check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao |
| 691 | (this code is still disabled, but apprently people are treating it as |
| 692 | a reference implementation) |
Darren Tucker | adab6f1 | 2010-12-05 09:01:47 +1100 | [diff] [blame] | 693 | - djm@cvs.openbsd.org 2010/12/03 23:55:27 |
| 694 | [auth-rsa.c] |
| 695 | move check for revoked keys to run earlier (in auth_rsa_key_allowed) |
| 696 | bz#1829; patch from ldv AT altlinux.org; ok markus@ |
Darren Tucker | af1f909 | 2010-12-05 09:02:47 +1100 | [diff] [blame] | 697 | - djm@cvs.openbsd.org 2010/12/04 00:18:01 |
| 698 | [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] |
| 699 | add a protocol extension to support a hard link operation. It is |
| 700 | available through the "ln" command in the client. The old "ln" |
| 701 | behaviour of creating a symlink is available using its "-s" option |
| 702 | or through the preexisting "symlink" command; based on a patch from |
| 703 | miklos AT szeredi.hu in bz#1555; ok markus@ |
Darren Tucker | 094f1e9 | 2010-12-05 09:03:31 +1100 | [diff] [blame] | 704 | - djm@cvs.openbsd.org 2010/12/04 13:31:37 |
| 705 | [hostfile.c] |
| 706 | fix fd leak; spotted and ok dtucker |
Darren Tucker | 4288c53 | 2010-12-05 09:45:50 +1100 | [diff] [blame] | 707 | - djm@cvs.openbsd.org 2010/12/04 00:21:19 |
| 708 | [regress/sftp-cmds.sh] |
| 709 | adjust for hard-link support |
Darren Tucker | 7e1a5a4 | 2010-12-05 09:29:31 +1100 | [diff] [blame] | 710 | - (dtucker) [regress/Makefile] Id sync. |
Darren Tucker | 37bb756 | 2010-12-05 08:46:05 +1100 | [diff] [blame] | 711 | |
Damien Miller | d89745b | 2010-12-03 10:50:26 +1100 | [diff] [blame] | 712 | 20101204 |
| 713 | - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) |
| 714 | instead of (arc4random() % range) |
Darren Tucker | ebdef76 | 2010-12-04 23:20:50 +1100 | [diff] [blame] | 715 | - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add |
| 716 | shims for the new, non-deprecated OpenSSL key generation functions for |
| 717 | platforms that don't have the new interfaces. |
Damien Miller | d89745b | 2010-12-03 10:50:26 +1100 | [diff] [blame] | 718 | |
Damien Miller | 188ea81 | 2010-12-01 11:50:14 +1100 | [diff] [blame] | 719 | 20101201 |
| 720 | - OpenBSD CVS Sync |
| 721 | - deraadt@cvs.openbsd.org 2010/11/20 05:12:38 |
| 722 | [auth2-pubkey.c] |
| 723 | clean up cases of ;; |
Damien Miller | 2cd6293 | 2010-12-01 11:50:35 +1100 | [diff] [blame] | 724 | - djm@cvs.openbsd.org 2010/11/21 01:01:13 |
| 725 | [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c] |
| 726 | honour $TMPDIR for client xauth and ssh-agent temporary directories; |
| 727 | feedback and ok markus@ |
Damien Miller | a232792 | 2010-12-01 12:01:21 +1100 | [diff] [blame] | 728 | - djm@cvs.openbsd.org 2010/11/21 10:57:07 |
| 729 | [authfile.c] |
| 730 | Refactor internals of private key loading and saving to work on memory |
| 731 | buffers rather than directly on files. This will make a few things |
| 732 | easier to do in the future; ok markus@ |
Damien Miller | 6a740e7 | 2010-12-01 12:01:51 +1100 | [diff] [blame] | 733 | - djm@cvs.openbsd.org 2010/11/23 02:35:50 |
| 734 | [auth.c] |
| 735 | use strict_modes already passed as function argument over referencing |
| 736 | global options.strict_modes |
Damien Miller | d0fdd68 | 2010-12-01 12:02:14 +1100 | [diff] [blame] | 737 | - djm@cvs.openbsd.org 2010/11/23 23:57:24 |
| 738 | [clientloop.c] |
| 739 | avoid NULL deref on receiving a channel request on an unknown or invalid |
| 740 | channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@ |
Damien Miller | b7f827a | 2010-12-01 12:02:35 +1100 | [diff] [blame] | 741 | - djm@cvs.openbsd.org 2010/11/24 01:24:14 |
| 742 | [channels.c] |
| 743 | remove a debug() that pollutes stderr on client connecting to a server |
| 744 | in debug mode (channel_close_fds is called transitively from the session |
| 745 | code post-fork); bz#1719, ok dtucker |
Damien Miller | f80c3de | 2010-12-01 12:02:59 +1100 | [diff] [blame] | 746 | - djm@cvs.openbsd.org 2010/11/25 04:10:09 |
| 747 | [session.c] |
| 748 | replace close() loop for fds 3->64 with closefrom(); |
| 749 | ok markus deraadt dtucker |
Damien Miller | 87dc0a4 | 2010-12-01 12:03:19 +1100 | [diff] [blame] | 750 | - djm@cvs.openbsd.org 2010/11/26 05:52:49 |
| 751 | [scp.c] |
| 752 | Pass through ssh command-line flags and options when doing remote-remote |
| 753 | transfers, e.g. to enable agent forwarding which is particularly useful |
| 754 | in this case; bz#1837 ok dtucker@ |
Damien Miller | 03c0e53 | 2010-12-01 12:03:39 +1100 | [diff] [blame] | 755 | - markus@cvs.openbsd.org 2010/11/29 18:57:04 |
| 756 | [authfile.c] |
| 757 | correctly load comment for encrypted rsa1 keys; |
| 758 | report/fix Joachim Schipper; ok djm@ |
Damien Miller | d925dcd | 2010-12-01 12:21:51 +1100 | [diff] [blame] | 759 | - djm@cvs.openbsd.org 2010/11/29 23:45:51 |
| 760 | [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c] |
| 761 | [sshconnect.h sshconnect2.c] |
| 762 | automatically order the hostkeys requested by the client based on |
| 763 | which hostkeys are already recorded in known_hosts. This avoids |
| 764 | hostkey warnings when connecting to servers with new ECDSA keys |
| 765 | that are preferred by default; with markus@ |
Damien Miller | 188ea81 | 2010-12-01 11:50:14 +1100 | [diff] [blame] | 766 | |
Darren Tucker | d995712 | 2010-11-24 10:09:13 +1100 | [diff] [blame] | 767 | 20101124 |
| 768 | - (dtucker) [platform.c session.c] Move the getluid call out of session.c and |
| 769 | into the platform-specific code Only affects SCO, tested by and ok tim@. |
Damien Miller | 88e341e | 2010-11-24 10:36:15 +1100 | [diff] [blame] | 770 | - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow |
| 771 | group read/write. ok dtucker@ |
Darren Tucker | 4b6cbf7 | 2010-11-24 10:46:37 +1100 | [diff] [blame] | 772 | - (dtucker) [packet.c] Remove redundant local declaration of "int tos". |
Damien Miller | 73de86a | 2010-11-24 10:50:04 +1100 | [diff] [blame] | 773 | - (djm) [defines.h] Add IP DSCP defines |
Darren Tucker | d995712 | 2010-11-24 10:09:13 +1100 | [diff] [blame] | 774 | |
Darren Tucker | 9e0ff7a | 2010-11-22 17:59:00 +1100 | [diff] [blame] | 775 | 20101122 |
| 776 | - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch |
| 777 | from vapier at gentoo org. |
| 778 | |
Damien Miller | 7a221a1 | 2010-11-20 15:14:29 +1100 | [diff] [blame] | 779 | 20101120 |
| 780 | - OpenBSD CVS Sync |
| 781 | - djm@cvs.openbsd.org 2010/11/05 02:46:47 |
| 782 | [packet.c] |
| 783 | whitespace KNF |
Damien Miller | 4499f4c | 2010-11-20 15:15:49 +1100 | [diff] [blame] | 784 | - djm@cvs.openbsd.org 2010/11/10 01:33:07 |
| 785 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] |
| 786 | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. |
| 787 | these have been around for years by this time. ok markus |
Damien Miller | 0dac6fb | 2010-11-20 15:19:38 +1100 | [diff] [blame] | 788 | - djm@cvs.openbsd.org 2010/11/13 23:27:51 |
| 789 | [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h] |
| 790 | [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5] |
| 791 | allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of |
| 792 | hardcoding lowdelay/throughput. |
| 793 | |
| 794 | bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@ |
Damien Miller | 8e1ea4e | 2010-11-20 15:20:10 +1100 | [diff] [blame] | 795 | - jmc@cvs.openbsd.org 2010/11/15 07:40:14 |
| 796 | [ssh_config.5] |
| 797 | libary -> library; |
Damien Miller | 0a18473 | 2010-11-20 15:21:03 +1100 | [diff] [blame] | 798 | - jmc@cvs.openbsd.org 2010/11/18 15:01:00 |
| 799 | [scp.1 sftp.1 ssh.1 sshd_config.5] |
| 800 | add IPQoS to the various -o lists, and zap some trailing whitespace; |
Damien Miller | 7a221a1 | 2010-11-20 15:14:29 +1100 | [diff] [blame] | 801 | |
Damien Miller | dd190dd | 2010-11-11 14:17:02 +1100 | [diff] [blame] | 802 | 20101111 |
| 803 | - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on |
| 804 | platforms that don't support ECC. Fixes some spurious warnings reported |
| 805 | by tim@ |
| 806 | |
Tim Rice | e426f5e | 2010-11-08 09:15:14 -0800 | [diff] [blame] | 807 | 20101109 |
| 808 | - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin. |
| 809 | Feedback from dtucker@ |
Tim Rice | c7a8af0 | 2010-11-08 14:26:23 -0800 | [diff] [blame] | 810 | - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add |
| 811 | support for platforms missing isblank(). ok djm@ |
Tim Rice | e426f5e | 2010-11-08 09:15:14 -0800 | [diff] [blame] | 812 | |
Tim Rice | 522262f | 2010-11-07 13:00:27 -0800 | [diff] [blame] | 813 | 20101108 |
| 814 | - (tim) [regress/Makefile] Fixes to allow building/testing outside source |
| 815 | tree. |
Tim Rice | c10aeaa | 2010-11-07 13:03:11 -0800 | [diff] [blame] | 816 | - (tim) [regress/kextype.sh] Shell portability fix. |
Tim Rice | 522262f | 2010-11-07 13:00:27 -0800 | [diff] [blame] | 817 | |
Darren Tucker | d1ece6e | 2010-11-07 18:05:54 +1100 | [diff] [blame] | 818 | 20101107 |
| 819 | - (dtucker) [platform.c] includes.h instead of defines.h so that we get |
| 820 | the correct typedefs. |
| 821 | |
Damien Miller | 3a0e9f6 | 2010-11-05 10:16:34 +1100 | [diff] [blame] | 822 | 20101105 |
Damien Miller | 34ee420 | 2010-11-05 10:52:37 +1100 | [diff] [blame] | 823 | - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of |
| 824 | int. Should fix bz#1817 cleanly; ok dtucker@ |
Damien Miller | 3a0e9f6 | 2010-11-05 10:16:34 +1100 | [diff] [blame] | 825 | - OpenBSD CVS Sync |
| 826 | - djm@cvs.openbsd.org 2010/09/22 12:26:05 |
| 827 | [regress/Makefile regress/kextype.sh] |
| 828 | regress test for each of the key exchange algorithms that we support |
Damien Miller | b472a90 | 2010-11-05 10:19:49 +1100 | [diff] [blame] | 829 | - djm@cvs.openbsd.org 2010/10/28 11:22:09 |
| 830 | [authfile.c key.c key.h ssh-keygen.c] |
| 831 | fix a possible NULL deref on loading a corrupt ECDH key |
| 832 | |
| 833 | store ECDH group information in private keys files as "named groups" |
| 834 | rather than as a set of explicit group parameters (by setting |
| 835 | the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and |
| 836 | retrieves the group's OpenSSL NID that we need for various things. |
Damien Miller | 55fa565 | 2010-11-05 10:20:14 +1100 | [diff] [blame] | 837 | - jmc@cvs.openbsd.org 2010/10/28 18:33:28 |
| 838 | [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] |
| 839 | knock out some "-*- nroff -*-" lines; |
Damien Miller | 0733121 | 2010-11-05 10:20:31 +1100 | [diff] [blame] | 840 | - djm@cvs.openbsd.org 2010/11/04 02:45:34 |
| 841 | [sftp-server.c] |
| 842 | umask should be parsed as octal. reported by candland AT xmission.com; |
| 843 | ok markus@ |
Darren Tucker | 9752835 | 2010-11-05 12:03:05 +1100 | [diff] [blame] | 844 | - (dtucker) [configure.ac platform.{c,h} session.c |
| 845 | openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support. |
| 846 | Patch from cory.erickson at csu mnscu edu with a bit of rework from me. |
| 847 | ok djm@ |
Darren Tucker | 920612e | 2010-11-05 12:36:15 +1100 | [diff] [blame] | 848 | - (dtucker) [platform.c platform.h session.c] Add a platform hook to run |
| 849 | after the user's groups are established and move the selinux calls into it. |
Darren Tucker | 4db3807 | 2010-11-05 12:41:13 +1100 | [diff] [blame] | 850 | - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into |
| 851 | platform.c |
Darren Tucker | 44a97be | 2010-11-05 12:45:18 +1100 | [diff] [blame] | 852 | - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c. |
Darren Tucker | fd4d8aa | 2010-11-05 12:50:41 +1100 | [diff] [blame] | 853 | - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to |
| 854 | retain previous behavior. |
Darren Tucker | 728d837 | 2010-11-05 13:00:05 +1100 | [diff] [blame] | 855 | - (dtucker) [platform.c session.c] Move the PAM credential establishment for |
| 856 | the LOGIN_CAP case into platform.c. |
Darren Tucker | 7a8afe3 | 2010-11-05 13:07:24 +1100 | [diff] [blame] | 857 | - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into |
| 858 | platform.c |
Darren Tucker | 0b2ee64 | 2010-11-05 13:29:25 +1100 | [diff] [blame] | 859 | - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c. |
| 860 | - (dtucker) [platform.c session.c] Move irix setusercontext fragment into |
| 861 | platform.c. |
Darren Tucker | cc12418 | 2010-11-05 13:32:52 +1100 | [diff] [blame] | 862 | - (dtucker) [platform.c session.c] Move PAM credential establishment for the |
| 863 | non-LOGIN_CAP case into platform.c. |
Darren Tucker | b12fe27 | 2010-11-05 14:47:01 +1100 | [diff] [blame] | 864 | - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case |
| 865 | check into platform.c |
Darren Tucker | b69e033 | 2010-11-05 18:19:15 +1100 | [diff] [blame] | 866 | - (dtucker) [regress/keytype.sh] Import new test. |
Darren Tucker | eab5f0d | 2010-11-05 18:23:38 +1100 | [diff] [blame] | 867 | - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh] |
| 868 | Import recent changes to regress/Makefile, pass a flag to enable ECC tests |
| 869 | from configure through to regress/Makefile and use it in the tests. |
Darren Tucker | 345178d | 2010-11-05 18:35:52 +1100 | [diff] [blame] | 870 | - (dtucker) [regress/kextype.sh] Add missing "test". |
Darren Tucker | f619d1c | 2010-11-05 18:41:50 +1100 | [diff] [blame] | 871 | - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not |
| 872 | strictly correct since while ECC requires sha256 the reverse is not true |
| 873 | however it does prevent spurious test failures. |
Darren Tucker | 9283d8c | 2010-11-05 18:56:08 +1100 | [diff] [blame] | 874 | - (dtucker) [platform.c] Need servconf.h and extern options. |
Damien Miller | 3a0e9f6 | 2010-11-05 10:16:34 +1100 | [diff] [blame] | 875 | |
Tim Rice | bdd3e67 | 2010-10-24 18:35:55 -0700 | [diff] [blame] | 876 | 20101025 |
| 877 | - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with |
| 878 | 1.12 to unbreak Solaris build. |
| 879 | ok djm@ |
Darren Tucker | 54b1f31 | 2010-10-25 16:54:28 +1100 | [diff] [blame] | 880 | - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a |
| 881 | native one. |
Tim Rice | bdd3e67 | 2010-10-24 18:35:55 -0700 | [diff] [blame] | 882 | |
Darren Tucker | a539393 | 2010-10-24 10:47:30 +1100 | [diff] [blame] | 883 | 20101024 |
| 884 | - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build. |
Darren Tucker | bfd9b1b | 2010-10-24 11:19:26 +1100 | [diff] [blame] | 885 | - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms |
| 886 | which don't have ECC support in libcrypto. |
Darren Tucker | d633fef | 2010-10-24 11:33:07 +1100 | [diff] [blame] | 887 | - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms |
| 888 | which don't have ECC support in libcrypto. |
Darren Tucker | 7bc236d | 2010-10-24 11:58:43 +1100 | [diff] [blame] | 889 | - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't |
| 890 | have it. |
Darren Tucker | d78739a | 2010-10-24 10:56:32 +1100 | [diff] [blame] | 891 | - (dtucker) OpenBSD CVS Sync |
| 892 | - sthen@cvs.openbsd.org 2010/10/23 22:06:12 |
| 893 | [sftp.c] |
| 894 | escape '[' in filename tab-completion; fix a type while there. |
| 895 | ok djm@ |
Darren Tucker | a539393 | 2010-10-24 10:47:30 +1100 | [diff] [blame] | 896 | |
Damien Miller | 68512c0 | 2010-10-21 15:21:11 +1100 | [diff] [blame] | 897 | 20101021 |
| 898 | - OpenBSD CVS Sync |
| 899 | - dtucker@cvs.openbsd.org 2010/10/12 02:22:24 |
| 900 | [mux.c] |
| 901 | Typo in confirmation message. bz#1827, patch from imorgan at |
| 902 | nas nasa gov |
Damien Miller | 6fd2d7d | 2010-10-21 15:27:14 +1100 | [diff] [blame] | 903 | - djm@cvs.openbsd.org 2010/08/31 12:24:09 |
| 904 | [regress/cert-hostkey.sh regress/cert-userkey.sh] |
| 905 | tests for ECDSA certificates |
Damien Miller | 68512c0 | 2010-10-21 15:21:11 +1100 | [diff] [blame] | 906 | |
Damien Miller | 1f78980 | 2010-10-11 22:35:22 +1100 | [diff] [blame] | 907 | 20101011 |
Damien Miller | 47e57bf | 2010-10-12 13:28:12 +1100 | [diff] [blame] | 908 | - (djm) [canohost.c] Zero a4 instead of addr to better match type. |
| 909 | bz#1825, reported by foo AT mailinator.com |
Damien Miller | 9c0c31d | 2010-10-12 13:30:44 +1100 | [diff] [blame] | 910 | - (djm) [sshconnect.c] Need signal.h for prototype for kill(2) |
Damien Miller | 47e57bf | 2010-10-12 13:28:12 +1100 | [diff] [blame] | 911 | |
| 912 | 20101011 |
Damien Miller | 1f78980 | 2010-10-11 22:35:22 +1100 | [diff] [blame] | 913 | - (djm) [configure.ac] Use = instead of == in shell tests. Patch from |
| 914 | dr AT vasco.com |
| 915 | |
Damien Miller | aa18063 | 2010-10-07 21:25:27 +1100 | [diff] [blame] | 916 | 20101007 |
Damien Miller | 9a3d0dc | 2010-10-07 22:06:42 +1100 | [diff] [blame] | 917 | - (djm) [ssh-agent.c] Fix type for curve name. |
Damien Miller | aa18063 | 2010-10-07 21:25:27 +1100 | [diff] [blame] | 918 | - (djm) OpenBSD CVS Sync |
| 919 | - matthew@cvs.openbsd.org 2010/09/24 13:33:00 |
| 920 | [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h] |
| 921 | [openbsd-compat/timingsafe_bcmp.c] |
| 922 | Add timingsafe_bcmp(3) to libc, mention that it's already in the |
| 923 | kernel in kern(9), and remove it from OpenSSH. |
| 924 | ok deraadt@, djm@ |
| 925 | NB. re-added under openbsd-compat/ for portable OpenSSH |
Damien Miller | a6e121a | 2010-10-07 21:39:17 +1100 | [diff] [blame] | 926 | - djm@cvs.openbsd.org 2010/09/25 09:30:16 |
| 927 | [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h] |
| 928 | make use of new glob(3) GLOB_KEEPSTAT extension to save extra server |
| 929 | rountrips to fetch per-file stat(2) information. |
| 930 | NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to |
| 931 | match. |
Damien Miller | 68e2e56 | 2010-10-07 21:39:55 +1100 | [diff] [blame] | 932 | - djm@cvs.openbsd.org 2010/09/26 22:26:33 |
| 933 | [sftp.c] |
| 934 | when performing an "ls" in columnated (short) mode, only call |
| 935 | ioctl(TIOCGWINSZ) once to get the window width instead of per- |
| 936 | filename |
Damien Miller | c54b02c | 2010-10-07 21:40:17 +1100 | [diff] [blame] | 937 | - djm@cvs.openbsd.org 2010/09/30 11:04:51 |
| 938 | [servconf.c] |
| 939 | prevent free() of string in .rodata when overriding AuthorizedKeys in |
| 940 | a Match block; patch from rein AT basefarm.no |
Damien Miller | 9a3d0dc | 2010-10-07 22:06:42 +1100 | [diff] [blame] | 941 | - djm@cvs.openbsd.org 2010/10/01 23:05:32 |
| 942 | [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] |
| 943 | adapt to API changes in openssl-1.0.0a |
| 944 | NB. contains compat code to select correct API for older OpenSSL |
Damien Miller | 38d9a96 | 2010-10-07 22:07:11 +1100 | [diff] [blame] | 945 | - djm@cvs.openbsd.org 2010/10/05 05:13:18 |
| 946 | [sftp.c sshconnect.c] |
| 947 | use default shell /bin/sh if $SHELL is ""; ok markus@ |
Damien Miller | a41ccca | 2010-10-07 22:07:32 +1100 | [diff] [blame] | 948 | - djm@cvs.openbsd.org 2010/10/06 06:39:28 |
| 949 | [clientloop.c ssh.c sshconnect.c sshconnect.h] |
| 950 | kill proxy command on fatal() (we already kill it on clean exit); |
| 951 | ok markus@ |
Damien Miller | 45fcdaa | 2010-10-07 22:07:58 +1100 | [diff] [blame] | 952 | - djm@cvs.openbsd.org 2010/10/06 21:10:21 |
| 953 | [sshconnect.c] |
| 954 | swapped args to kill(2) |
Damien Miller | 37f4f18 | 2010-10-07 22:10:38 +1100 | [diff] [blame] | 955 | - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code. |
Damien Miller | 80e9953 | 2010-10-07 22:12:08 +1100 | [diff] [blame] | 956 | - (djm) [cipher-acss.c] Add missing header. |
Damien Miller | 88b844f | 2010-10-07 22:19:23 +1100 | [diff] [blame] | 957 | - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp |
Damien Miller | aa18063 | 2010-10-07 21:25:27 +1100 | [diff] [blame] | 958 | |
Damien Miller | 6186bbc | 2010-09-24 22:00:54 +1000 | [diff] [blame] | 959 | 20100924 |
| 960 | - (djm) OpenBSD CVS Sync |
| 961 | - naddy@cvs.openbsd.org 2010/09/10 15:19:29 |
| 962 | [ssh-keygen.1] |
| 963 | * mention ECDSA in more places |
| 964 | * less repetition in FILES section |
| 965 | * SSHv1 keys are still encrypted with 3DES |
| 966 | help and ok jmc@ |
Damien Miller | 1ca9469 | 2010-09-24 22:01:22 +1000 | [diff] [blame] | 967 | - djm@cvs.openbsd.org 2010/09/11 21:44:20 |
| 968 | [ssh.1] |
| 969 | mention RFC 5656 for ECC stuff |
Damien Miller | 881adf7 | 2010-09-24 22:01:54 +1000 | [diff] [blame] | 970 | - jmc@cvs.openbsd.org 2010/09/19 21:30:05 |
| 971 | [sftp.1] |
| 972 | more wacky macro fixing; |
Damien Miller | 857b02e | 2010-09-24 22:02:56 +1000 | [diff] [blame] | 973 | - djm@cvs.openbsd.org 2010/09/20 04:41:47 |
| 974 | [ssh.c] |
| 975 | install a SIGCHLD handler to reap expiried child process; ok markus@ |
Damien Miller | f7540cd | 2010-09-24 22:03:24 +1000 | [diff] [blame] | 976 | - djm@cvs.openbsd.org 2010/09/20 04:50:53 |
| 977 | [jpake.c schnorr.c] |
| 978 | check that received values are smaller than the group size in the |
| 979 | disabled and unfinished J-PAKE code. |
| 980 | avoids catastrophic security failure found by Sebastien Martini |
Damien Miller | 18e1cab | 2010-09-24 22:07:17 +1000 | [diff] [blame] | 981 | - djm@cvs.openbsd.org 2010/09/20 04:54:07 |
| 982 | [jpake.c] |
| 983 | missing #include |
Damien Miller | 603134e | 2010-09-24 22:07:55 +1000 | [diff] [blame] | 984 | - djm@cvs.openbsd.org 2010/09/20 07:19:27 |
| 985 | [mux.c] |
| 986 | "atomically" create the listening mux socket by binding it on a temorary |
| 987 | name and then linking it into position after listen() has succeeded. |
| 988 | this allows the mux clients to determine that the server socket is |
| 989 | either ready or stale without races. stale server sockets are now |
| 990 | automatically removed |
| 991 | ok deraadt |
Damien Miller | d5f62bf | 2010-09-24 22:11:14 +1000 | [diff] [blame] | 992 | - djm@cvs.openbsd.org 2010/09/22 05:01:30 |
| 993 | [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] |
| 994 | [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] |
| 995 | add a KexAlgorithms knob to the client and server configuration to allow |
| 996 | selection of which key exchange methods are used by ssh(1) and sshd(8) |
| 997 | and their order of preference. |
| 998 | ok markus@ |
Damien Miller | 7fe2b1f | 2010-09-24 22:11:53 +1000 | [diff] [blame] | 999 | - jmc@cvs.openbsd.org 2010/09/22 08:30:08 |
| 1000 | [ssh.1 ssh_config.5] |
| 1001 | ssh.1: add kexalgorithms to the -o list |
| 1002 | ssh_config.5: format the kexalgorithms in a more consistent |
| 1003 | (prettier!) way |
| 1004 | ok djm |
Damien Miller | 65e42f8 | 2010-09-24 22:15:11 +1000 | [diff] [blame] | 1005 | - djm@cvs.openbsd.org 2010/09/22 22:58:51 |
| 1006 | [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c] |
| 1007 | [sftp-client.h sftp.1 sftp.c] |
| 1008 | add an option per-read/write callback to atomicio |
| 1009 | |
| 1010 | factor out bandwidth limiting code from scp(1) into a generic bandwidth |
| 1011 | limiter that can be attached using the atomicio callback mechanism |
| 1012 | |
| 1013 | add a bandwidth limit option to sftp(1) using the above |
| 1014 | "very nice" markus@ |
Damien Miller | 56883e1 | 2010-09-24 22:15:39 +1000 | [diff] [blame] | 1015 | - jmc@cvs.openbsd.org 2010/09/23 13:34:43 |
| 1016 | [sftp.c] |
| 1017 | add [-l limit] to usage(); |
Damien Miller | 2beb32f | 2010-09-24 22:16:03 +1000 | [diff] [blame] | 1018 | - jmc@cvs.openbsd.org 2010/09/23 13:36:46 |
| 1019 | [scp.1 sftp.1] |
| 1020 | add KexAlgorithms to the -o list; |
Damien Miller | 6186bbc | 2010-09-24 22:00:54 +1000 | [diff] [blame] | 1021 | |
Damien Miller | 4314c2b | 2010-09-10 11:12:09 +1000 | [diff] [blame] | 1022 | 20100910 |
Darren Tucker | 50e3bab | 2010-09-10 10:30:25 +1000 | [diff] [blame] | 1023 | - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact |
| 1024 | return code since it can apparently return -1 under some conditions. From |
| 1025 | openssh bugs werbittewas de, ok djm@ |
Damien Miller | 4314c2b | 2010-09-10 11:12:09 +1000 | [diff] [blame] | 1026 | - OpenBSD CVS Sync |
| 1027 | - djm@cvs.openbsd.org 2010/08/31 12:33:38 |
| 1028 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| 1029 | reintroduce commit from tedu@, which I pulled out for release |
| 1030 | engineering: |
| 1031 | OpenSSL_add_all_algorithms is the name of the function we have a |
| 1032 | man page for, so use that. ok djm |
Damien Miller | de735ea | 2010-09-10 11:12:38 +1000 | [diff] [blame] | 1033 | - jmc@cvs.openbsd.org 2010/08/31 17:40:54 |
| 1034 | [ssh-agent.1] |
| 1035 | fix some macro abuse; |
Damien Miller | d442790 | 2010-09-10 11:15:10 +1000 | [diff] [blame] | 1036 | - jmc@cvs.openbsd.org 2010/08/31 21:14:58 |
| 1037 | [ssh.1] |
| 1038 | small text tweak to accommodate previous; |
Damien Miller | e13cadf | 2010-09-10 11:15:33 +1000 | [diff] [blame] | 1039 | - naddy@cvs.openbsd.org 2010/09/01 15:21:35 |
| 1040 | [servconf.c] |
| 1041 | pick up ECDSA host key by default; ok djm@ |
Damien Miller | 390f153 | 2010-09-10 11:17:54 +1000 | [diff] [blame] | 1042 | - markus@cvs.openbsd.org 2010/09/02 16:07:25 |
Damien Miller | 5773794 | 2010-09-10 11:16:37 +1000 | [diff] [blame] | 1043 | [ssh-keygen.c] |
| 1044 | permit -b 256, 384 or 521 as key size for ECDSA; ok djm@ |
Damien Miller | 390f153 | 2010-09-10 11:17:54 +1000 | [diff] [blame] | 1045 | - markus@cvs.openbsd.org 2010/09/02 16:08:39 |
Damien Miller | 5929c52 | 2010-09-10 11:17:02 +1000 | [diff] [blame] | 1046 | [ssh.c] |
| 1047 | unbreak ControlPersist=yes for ControlMaster=yes; ok djm@ |
Damien Miller | 6e9f680 | 2010-09-10 11:17:38 +1000 | [diff] [blame] | 1048 | - naddy@cvs.openbsd.org 2010/09/02 17:21:50 |
| 1049 | [ssh-keygen.c] |
| 1050 | Switch ECDSA default key size to 256 bits, which according to RFC5656 |
| 1051 | should still be better than our current RSA-2048 default. |
| 1052 | ok djm@, markus@ |
Damien Miller | 390f153 | 2010-09-10 11:17:54 +1000 | [diff] [blame] | 1053 | - jmc@cvs.openbsd.org 2010/09/03 11:09:29 |
| 1054 | [scp.1] |
| 1055 | add an EXIT STATUS section for /usr/bin; |
Damien Miller | daa7b22 | 2010-09-10 11:19:33 +1000 | [diff] [blame] | 1056 | - jmc@cvs.openbsd.org 2010/09/04 09:38:34 |
| 1057 | [ssh-add.1 ssh.1] |
| 1058 | two more EXIT STATUS sections; |
Damien Miller | 80ed82a | 2010-09-10 11:20:11 +1000 | [diff] [blame] | 1059 | - naddy@cvs.openbsd.org 2010/09/06 17:10:19 |
| 1060 | [sshd_config] |
| 1061 | add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste |
| 1062 | <mattieu.b@gmail.com> |
| 1063 | ok deraadt@ |
Damien Miller | bf0423e | 2010-09-10 11:20:38 +1000 | [diff] [blame] | 1064 | - djm@cvs.openbsd.org 2010/09/08 03:54:36 |
| 1065 | [authfile.c] |
| 1066 | typo |
Damien Miller | 3796ab4 | 2010-09-10 11:20:59 +1000 | [diff] [blame] | 1067 | - deraadt@cvs.openbsd.org 2010/09/08 04:13:31 |
| 1068 | [compress.c] |
| 1069 | work around name-space collisions some buggy compilers (looking at you |
| 1070 | gcc, at least in earlier versions, but this does not forgive your current |
| 1071 | transgressions) seen between zlib and openssl |
| 1072 | ok djm |
Damien Miller | 041ab7c | 2010-09-10 11:23:34 +1000 | [diff] [blame] | 1073 | - djm@cvs.openbsd.org 2010/09/09 10:45:45 |
| 1074 | [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c] |
| 1075 | ECDH/ECDSA compliance fix: these methods vary the hash function they use |
| 1076 | (SHA256/384/512) depending on the length of the curve in use. The previous |
| 1077 | code incorrectly used SHA256 in all cases. |
| 1078 | |
| 1079 | This fix will cause authentication failure when using 384 or 521-bit curve |
| 1080 | keys if one peer hasn't been upgraded and the other has. (256-bit curve |
| 1081 | keys work ok). In particular you may need to specify HostkeyAlgorithms |
| 1082 | when connecting to a server that has not been upgraded from an upgraded |
| 1083 | client. |
| 1084 | |
| 1085 | ok naddy@ |
Damien Miller | 6af914a | 2010-09-10 11:39:26 +1000 | [diff] [blame] | 1086 | - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c] |
| 1087 | [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c] |
| 1088 | [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on |
| 1089 | platforms that don't have the requisite OpenSSL support. ok dtucker@ |
Darren Tucker | 8ccb739 | 2010-09-10 12:28:24 +1000 | [diff] [blame] | 1090 | - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs |
| 1091 | for missing headers and compiler warnings. |
Darren Tucker | 50e3bab | 2010-09-10 10:30:25 +1000 | [diff] [blame] | 1092 | |
| 1093 | 20100831 |
Damien Miller | afdae61 | 2010-08-31 22:31:14 +1000 | [diff] [blame] | 1094 | - OpenBSD CVS Sync |
| 1095 | - jmc@cvs.openbsd.org 2010/08/08 19:36:30 |
| 1096 | [ssh-keysign.8 ssh.1 sshd.8] |
| 1097 | use the same template for all FILES sections; i.e. -compact/.Pp where we |
| 1098 | have multiple items, and .Pa for path names; |
Damien Miller | 9b87e79 | 2010-08-31 22:31:37 +1000 | [diff] [blame] | 1099 | - tedu@cvs.openbsd.org 2010/08/12 23:34:39 |
| 1100 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| 1101 | OpenSSL_add_all_algorithms is the name of the function we have a man page |
| 1102 | for, so use that. ok djm |
Damien Miller | d96546f | 2010-08-31 22:32:12 +1000 | [diff] [blame] | 1103 | - djm@cvs.openbsd.org 2010/08/16 04:06:06 |
| 1104 | [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c] |
| 1105 | backout previous temporarily; discussed with deraadt@ |
Damien Miller | da108ec | 2010-08-31 22:36:39 +1000 | [diff] [blame] | 1106 | - djm@cvs.openbsd.org 2010/08/31 09:58:37 |
| 1107 | [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c] |
| 1108 | [packet.h ssh-dss.c ssh-rsa.c] |
| 1109 | Add buffer_get_cstring() and related functions that verify that the |
| 1110 | string extracted from the buffer contains no embedded \0 characters* |
| 1111 | This prevents random (possibly malicious) crap from being appended to |
| 1112 | strings where it would not be noticed if the string is used with |
| 1113 | a string(3) function. |
| 1114 | |
| 1115 | Use the new API in a few sensitive places. |
| 1116 | |
| 1117 | * actually, we allow a single one at the end of the string for now because |
| 1118 | we don't know how many deployed implementations get this wrong, but don't |
| 1119 | count on this to remain indefinitely. |
Damien Miller | eb8b60e | 2010-08-31 22:41:14 +1000 | [diff] [blame] | 1120 | - djm@cvs.openbsd.org 2010/08/31 11:54:45 |
| 1121 | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] |
| 1122 | [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] |
| 1123 | [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] |
| 1124 | [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] |
| 1125 | [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] |
| 1126 | [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] |
| 1127 | [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] |
| 1128 | Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and |
| 1129 | host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer |
| 1130 | better performance than plain DH and DSA at the same equivalent symmetric |
| 1131 | key length, as well as much shorter keys. |
| 1132 | |
| 1133 | Only the mandatory sections of RFC5656 are implemented, specifically the |
| 1134 | three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and |
| 1135 | ECDSA. Point compression (optional in RFC5656 is NOT implemented). |
| 1136 | |
| 1137 | Certificate host and user keys using the new ECDSA key types are supported. |
| 1138 | |
| 1139 | Note that this code has not been tested for interoperability and may be |
| 1140 | subject to change. |
| 1141 | |
| 1142 | feedback and ok markus@ |
Damien Miller | b5a62d0 | 2010-08-31 22:47:15 +1000 | [diff] [blame] | 1143 | - (djm) [Makefile.in] Add new ECC files |
Damien Miller | c79ff07 | 2010-08-31 22:50:48 +1000 | [diff] [blame] | 1144 | - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include |
| 1145 | includes.h |
Damien Miller | afdae61 | 2010-08-31 22:31:14 +1000 | [diff] [blame] | 1146 | |
Darren Tucker | 6889abd | 2010-08-27 10:12:54 +1000 | [diff] [blame] | 1147 | 20100827 |
| 1148 | - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated, |
| 1149 | remove. Patch from martynas at venck us |
| 1150 | |
Damien Miller | a536202 | 2010-08-23 21:20:20 +1000 | [diff] [blame] | 1151 | 20100823 |
| 1152 | - (djm) Release OpenSSH-5.6p1 |
| 1153 | |
Darren Tucker | aa74f67 | 2010-08-16 13:15:23 +1000 | [diff] [blame] | 1154 | 20100816 |
| 1155 | - (dtucker) [configure.ac openbsd-compat/Makefile.in |
| 1156 | openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to |
| 1157 | the compat library which helps on platforms like old IRIX. Based on work |
| 1158 | by djm, tested by Tom Christensen. |
Damien Miller | 00d9ae2 | 2010-08-17 01:59:31 +1000 | [diff] [blame] | 1159 | - OpenBSD CVS Sync |
| 1160 | - djm@cvs.openbsd.org 2010/08/12 21:49:44 |
| 1161 | [ssh.c] |
| 1162 | close any extra file descriptors inherited from parent at start and |
| 1163 | reopen stdin/stdout to /dev/null when forking for ControlPersist. |
| 1164 | |
| 1165 | prevents tools that fork and run a captive ssh for communication from |
| 1166 | failing to exit when the ssh completes while they wait for these fds to |
| 1167 | close. The inherited fds may persist arbitrarily long if a background |
| 1168 | mux master has been started by ControlPersist. cvs and scp were effected |
| 1169 | by this. |
| 1170 | |
| 1171 | "please commit" markus@ |
Damien Miller | 07ad389 | 2010-08-17 07:04:28 +1000 | [diff] [blame] | 1172 | - (djm) [regress/README.regress] typo |
Darren Tucker | aa74f67 | 2010-08-16 13:15:23 +1000 | [diff] [blame] | 1173 | |
Tim Rice | 722b8d1 | 2010-08-12 09:43:13 -0700 | [diff] [blame] | 1174 | 20100812 |
| 1175 | - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh |
| 1176 | regress/test-exec.sh] Under certain conditions when testing with sudo |
| 1177 | tests would fail because the pidfile could not be read by a regular user. |
| 1178 | "cat: cannot open ...../regress/pidfile: Permission denied (error 13)" |
| 1179 | Make sure cat is run by $SUDO. no objection from me. djm@ |
Tim Rice | ad7d547 | 2010-08-12 10:33:01 -0700 | [diff] [blame] | 1180 | - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems. |
Tim Rice | 722b8d1 | 2010-08-12 09:43:13 -0700 | [diff] [blame] | 1181 | |
Damien Miller | 7e569b8 | 2010-08-09 02:28:37 +1000 | [diff] [blame] | 1182 | 20100809 |
Damien Miller | 2c4b13a | 2010-08-10 12:47:40 +1000 | [diff] [blame] | 1183 | - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is |
| 1184 | already set. Makes FreeBSD user openable tunnels useful; patch from |
| 1185 | richard.burakowski+ossh AT mrburak.net, ok dtucker@ |
Darren Tucker | 02c4734 | 2010-08-10 13:36:09 +1000 | [diff] [blame] | 1186 | - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. |
| 1187 | based in part on a patch from Colin Watson, ok djm@ |
Damien Miller | 2c4b13a | 2010-08-10 12:47:40 +1000 | [diff] [blame] | 1188 | |
| 1189 | 20100809 |
Damien Miller | 7e569b8 | 2010-08-09 02:28:37 +1000 | [diff] [blame] | 1190 | - OpenBSD CVS Sync |
| 1191 | - djm@cvs.openbsd.org 2010/08/08 16:26:42 |
| 1192 | [version.h] |
| 1193 | crank to 5.6 |
Damien Miller | 792010b | 2010-08-09 02:32:05 +1000 | [diff] [blame] | 1194 | - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] |
| 1195 | [contrib/suse/openssh.spec] Crank version numbers |
Damien Miller | 7e569b8 | 2010-08-09 02:28:37 +1000 | [diff] [blame] | 1196 | |
Damien Miller | 8e604ac | 2010-08-09 02:28:10 +1000 | [diff] [blame] | 1197 | 20100805 |
Damien Miller | 7fa9660 | 2010-08-05 13:03:13 +1000 | [diff] [blame] | 1198 | - OpenBSD CVS Sync |
| 1199 | - djm@cvs.openbsd.org 2010/08/04 05:37:01 |
| 1200 | [ssh.1 ssh_config.5 sshd.8] |
| 1201 | Remove mentions of weird "addr/port" alternate address format for IPv6 |
| 1202 | addresses combinations. It hasn't worked for ages and we have supported |
| 1203 | the more commen "[addr]:port" format for a long time. ok jmc@ markus@ |
Damien Miller | 1da6388 | 2010-08-05 13:03:51 +1000 | [diff] [blame] | 1204 | - djm@cvs.openbsd.org 2010/08/04 05:40:39 |
| 1205 | [PROTOCOL.certkeys ssh-keygen.c] |
| 1206 | tighten the rules for certificate encoding by requiring that options |
| 1207 | appear in lexical order and make our ssh-keygen comply. ok markus@ |
Damien Miller | c158331 | 2010-08-05 13:04:50 +1000 | [diff] [blame] | 1208 | - djm@cvs.openbsd.org 2010/08/04 05:42:47 |
| 1209 | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] |
| 1210 | [ssh-keysign.c ssh.c] |
| 1211 | enable certificates for hostbased authentication, from Iain Morgan; |
| 1212 | "looks ok" markus@ |
Damien Miller | 5458c4d | 2010-08-05 13:05:15 +1000 | [diff] [blame] | 1213 | - djm@cvs.openbsd.org 2010/08/04 05:49:22 |
| 1214 | [authfile.c] |
| 1215 | commited the wrong version of the hostbased certificate diff; this |
| 1216 | version replaces some strlc{py,at} verbosity with xasprintf() at |
| 1217 | the request of markus@ |
Damien Miller | 757f34e | 2010-08-05 13:05:31 +1000 | [diff] [blame] | 1218 | - djm@cvs.openbsd.org 2010/08/04 06:07:11 |
| 1219 | [ssh-keygen.1 ssh-keygen.c] |
| 1220 | Support CA keys in PKCS#11 tokens; feedback and ok markus@ |
Damien Miller | b89e6b7 | 2010-08-05 13:06:20 +1000 | [diff] [blame] | 1221 | - djm@cvs.openbsd.org 2010/08/04 06:08:40 |
| 1222 | [ssh-keysign.c] |
| 1223 | clean for -Wuninitialized (Id sync only; portable had this change) |
Damien Miller | 7d45718 | 2010-08-05 23:09:48 +1000 | [diff] [blame] | 1224 | - djm@cvs.openbsd.org 2010/08/05 13:08:42 |
| 1225 | [channels.c] |
| 1226 | Fix a trio of bugs in the local/remote window calculation for datagram |
| 1227 | data channels (i.e. TunnelForward): |
| 1228 | |
| 1229 | Calculate local_consumed correctly in channel_handle_wfd() by measuring |
| 1230 | the delta to buffer_len(c->output) from when we start to when we finish. |
| 1231 | The proximal problem here is that the output_filter we use in portable |
| 1232 | modified the length of the dequeued datagram (to futz with the headers |
| 1233 | for !OpenBSD). |
| 1234 | |
| 1235 | In channel_output_poll(), don't enqueue datagrams that won't fit in the |
| 1236 | peer's advertised packet size (highly unlikely to ever occur) or which |
| 1237 | won't fit in the peer's remaining window (more likely). |
| 1238 | |
| 1239 | In channel_input_data(), account for the 4-byte string header in |
| 1240 | datagram packets that we accept from the peer and enqueue in c->output. |
| 1241 | |
| 1242 | report, analysis and testing 2/3 cases from wierbows AT us.ibm.com; |
| 1243 | "looks good" markus@ |
Damien Miller | 7fa9660 | 2010-08-05 13:03:13 +1000 | [diff] [blame] | 1244 | |
Damien Miller | 8e604ac | 2010-08-09 02:28:10 +1000 | [diff] [blame] | 1245 | 20100803 |
Darren Tucker | 8b7a055 | 2010-08-03 15:50:16 +1000 | [diff] [blame] | 1246 | - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from |
| 1247 | PAM to sane values in case the PAM method doesn't write to them. Spotted by |
| 1248 | Bitman Zhou, ok djm@. |
Damien Miller | 844cccf | 2010-08-03 16:03:29 +1000 | [diff] [blame] | 1249 | - OpenBSD CVS Sync |
| 1250 | - djm@cvs.openbsd.org 2010/07/16 04:45:30 |
| 1251 | [ssh-keygen.c] |
| 1252 | avoid bogus compiler warning |
Damien Miller | 4e8285e | 2010-08-03 16:04:03 +1000 | [diff] [blame] | 1253 | - djm@cvs.openbsd.org 2010/07/16 14:07:35 |
| 1254 | [ssh-rsa.c] |
| 1255 | more timing paranoia - compare all parts of the expected decrypted |
| 1256 | data before returning. AFAIK not exploitable in the SSH protocol. |
| 1257 | "groovy" deraadt@ |
Damien Miller | c4bb91c | 2010-08-03 16:04:22 +1000 | [diff] [blame] | 1258 | - djm@cvs.openbsd.org 2010/07/19 03:16:33 |
| 1259 | [sftp-client.c] |
| 1260 | bz#1797: fix swapped args in upload_dir_internal(), breaking recursive |
| 1261 | upload depth checks and causing verbose printing of transfers to always |
| 1262 | be turned on; patch from imorgan AT nas.nasa.gov |
Damien Miller | e11e1ea | 2010-08-03 16:04:46 +1000 | [diff] [blame] | 1263 | - djm@cvs.openbsd.org 2010/07/19 09:15:12 |
| 1264 | [clientloop.c readconf.c readconf.h ssh.c ssh_config.5] |
| 1265 | add a "ControlPersist" option that automatically starts a background |
| 1266 | ssh(1) multiplex master when connecting. This connection can stay alive |
| 1267 | indefinitely, or can be set to automatically close after a user-specified |
| 1268 | duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but |
| 1269 | further hacked on by wmertens AT cisco.com, apb AT cequrux.com, |
| 1270 | martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@ |
Damien Miller | 8c1eb11 | 2010-08-03 16:05:05 +1000 | [diff] [blame] | 1271 | - djm@cvs.openbsd.org 2010/07/21 02:10:58 |
| 1272 | [misc.c] |
| 1273 | sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern |
Damien Miller | 081f3c7 | 2010-08-03 16:05:25 +1000 | [diff] [blame] | 1274 | - dtucker@cvs.openbsd.org 2010/07/23 08:49:25 |
| 1275 | [ssh.1] |
| 1276 | Ciphers is documented in ssh_config(5) these days |
Darren Tucker | 8b7a055 | 2010-08-03 15:50:16 +1000 | [diff] [blame] | 1277 | |
| 1278 | 20100819 |
Darren Tucker | 12b29db | 2010-07-19 21:24:13 +1000 | [diff] [blame] | 1279 | - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more |
| 1280 | details about its behaviour WRT existing directories. Patch from |
| 1281 | asguthrie at gmail com, ok djm. |
| 1282 | |
Damien Miller | 9308fc7 | 2010-07-16 13:56:01 +1000 | [diff] [blame] | 1283 | 20100716 |
| 1284 | - (djm) OpenBSD CVS Sync |
| 1285 | - djm@cvs.openbsd.org 2010/07/02 04:32:44 |
| 1286 | [misc.c] |
| 1287 | unbreak strdelim() skipping past quoted strings, e.g. |
| 1288 | AllowUsers "blah blah" blah |
| 1289 | was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com |
| 1290 | ok dtucker; |
Damien Miller | 1f25ab4 | 2010-07-16 13:56:23 +1000 | [diff] [blame] | 1291 | - djm@cvs.openbsd.org 2010/07/12 22:38:52 |
| 1292 | [ssh.c] |
| 1293 | Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f") |
| 1294 | for protocol 2. ok markus@ |
Damien Miller | d0244d4 | 2010-07-16 13:56:43 +1000 | [diff] [blame] | 1295 | - djm@cvs.openbsd.org 2010/07/12 22:41:13 |
| 1296 | [ssh.c ssh_config.5] |
| 1297 | expand %h to the hostname in ssh_config Hostname options. While this |
| 1298 | sounds useless, it is actually handy for working with unqualified |
| 1299 | hostnames: |
| 1300 | |
| 1301 | Host *.* |
| 1302 | Hostname %h |
| 1303 | Host * |
| 1304 | Hostname %h.example.org |
| 1305 | |
| 1306 | "I like it" markus@ |
Damien Miller | 8a0268f | 2010-07-16 13:57:51 +1000 | [diff] [blame] | 1307 | - djm@cvs.openbsd.org 2010/07/13 11:52:06 |
| 1308 | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c] |
| 1309 | [packet.c ssh-rsa.c] |
| 1310 | implement a timing_safe_cmp() function to compare memory without leaking |
| 1311 | timing information by short-circuiting like memcmp() and use it for |
| 1312 | some of the more sensitive comparisons (though nothing high-value was |
| 1313 | readily attackable anyway); "looks ok" markus@ |
Damien Miller | ea1651c | 2010-07-16 13:58:37 +1000 | [diff] [blame] | 1314 | - djm@cvs.openbsd.org 2010/07/13 23:13:16 |
| 1315 | [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c] |
| 1316 | [ssh-rsa.c] |
| 1317 | s/timing_safe_cmp/timingsafe_bcmp/g |
Damien Miller | bcfbc48 | 2010-07-16 13:59:11 +1000 | [diff] [blame] | 1318 | - jmc@cvs.openbsd.org 2010/07/14 17:06:58 |
| 1319 | [ssh.1] |
| 1320 | finally ssh synopsis looks nice again! this commit just removes a ton of |
| 1321 | hacks we had in place to make it work with old groff; |
Damien Miller | bad5e03 | 2010-07-16 13:59:59 +1000 | [diff] [blame] | 1322 | - schwarze@cvs.openbsd.org 2010/07/15 21:20:38 |
| 1323 | [ssh-keygen.1] |
| 1324 | repair incorrect block nesting, which screwed up indentation; |
| 1325 | problem reported and fix OK by jmc@ |
Damien Miller | 9308fc7 | 2010-07-16 13:56:01 +1000 | [diff] [blame] | 1326 | |
Tim Rice | cfbdc28 | 2010-07-14 13:42:28 -0700 | [diff] [blame] | 1327 | 20100714 |
| 1328 | - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass |
| 1329 | (line 77) should have been for no_x11_askpass. |
| 1330 | |
Damien Miller | cede1db | 2010-07-02 13:33:48 +1000 | [diff] [blame] | 1331 | 20100702 |
| 1332 | - (djm) OpenBSD CVS Sync |
| 1333 | - jmc@cvs.openbsd.org 2010/06/26 00:57:07 |
| 1334 | [ssh_config.5] |
| 1335 | tweak previous; |
Damien Miller | b96c441 | 2010-07-02 13:34:24 +1000 | [diff] [blame] | 1336 | - djm@cvs.openbsd.org 2010/06/26 23:04:04 |
| 1337 | [ssh.c] |
| 1338 | oops, forgot to #include <canohost.h>; spotted and patch from chl@ |
Damien Miller | 44b2504 | 2010-07-02 13:35:01 +1000 | [diff] [blame] | 1339 | - djm@cvs.openbsd.org 2010/06/29 23:15:30 |
| 1340 | [ssh-keygen.1 ssh-keygen.c] |
| 1341 | allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys; |
| 1342 | bz#1749; ok markus@ |
Damien Miller | 6018a36 | 2010-07-02 13:35:19 +1000 | [diff] [blame] | 1343 | - djm@cvs.openbsd.org 2010/06/29 23:16:46 |
| 1344 | [auth2-pubkey.c sshd_config.5] |
| 1345 | allow key options (command="..." and friends) in AuthorizedPrincipals; |
| 1346 | ok markus@ |
Damien Miller | ea72728 | 2010-07-02 13:35:34 +1000 | [diff] [blame] | 1347 | - jmc@cvs.openbsd.org 2010/06/30 07:24:25 |
| 1348 | [ssh-keygen.1] |
| 1349 | tweak previous; |
Damien Miller | 6022f58 | 2010-07-02 13:37:01 +1000 | [diff] [blame] | 1350 | - jmc@cvs.openbsd.org 2010/06/30 07:26:03 |
| 1351 | [ssh-keygen.c] |
| 1352 | sort usage(); |
Damien Miller | d59dab8 | 2010-07-02 13:37:17 +1000 | [diff] [blame] | 1353 | - jmc@cvs.openbsd.org 2010/06/30 07:28:34 |
| 1354 | [sshd_config.5] |
| 1355 | tweak previous; |
Damien Miller | 0979b40 | 2010-07-02 13:37:33 +1000 | [diff] [blame] | 1356 | - millert@cvs.openbsd.org 2010/07/01 13:06:59 |
| 1357 | [scp.c] |
| 1358 | Fix a longstanding problem where if you suspend scp at the |
| 1359 | password/passphrase prompt the terminal mode is not restored. |
| 1360 | OK djm@ |
Damien Miller | 527ded7 | 2010-07-02 13:40:16 +1000 | [diff] [blame] | 1361 | - phessler@cvs.openbsd.org 2010/06/27 19:19:56 |
| 1362 | [regress/Makefile] |
| 1363 | fix how we run the tests so we can successfully use SUDO='sudo -E' |
| 1364 | in our env |
Damien Miller | ab139cd | 2010-07-02 13:42:18 +1000 | [diff] [blame] | 1365 | - djm@cvs.openbsd.org 2010/06/29 23:59:54 |
| 1366 | [cert-userkey.sh] |
| 1367 | regress tests for key options in AuthorizedPrincipals |
Damien Miller | cede1db | 2010-07-02 13:33:48 +1000 | [diff] [blame] | 1368 | |
Tim Rice | 3fd307d | 2010-06-26 16:45:15 -0700 | [diff] [blame] | 1369 | 20100627 |
| 1370 | - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs |
| 1371 | key.h. |
| 1372 | |
Damien Miller | 2e77446 | 2010-06-26 09:30:47 +1000 | [diff] [blame] | 1373 | 20100626 |
| 1374 | - (djm) OpenBSD CVS Sync |
| 1375 | - djm@cvs.openbsd.org 2010/05/21 05:00:36 |
| 1376 | [misc.c] |
| 1377 | colon() returns char*, so s/return (0)/return NULL/ |
Damien Miller | 4fe686d | 2010-06-26 09:36:10 +1000 | [diff] [blame] | 1378 | - markus@cvs.openbsd.org 2010/06/08 21:32:19 |
| 1379 | [ssh-pkcs11.c] |
| 1380 | check length of value returned C_GetAttributValue for != 0 |
| 1381 | from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@ |
Damien Miller | c094d1e | 2010-06-26 09:36:34 +1000 | [diff] [blame] | 1382 | - djm@cvs.openbsd.org 2010/06/17 07:07:30 |
| 1383 | [mux.c] |
| 1384 | Correct sizing of object to be allocated by calloc(), replacing |
| 1385 | sizeof(state) with sizeof(*state). This worked by accident since |
| 1386 | the struct contained a single int at present, but could have broken |
| 1387 | in the future. patch from hyc AT symas.com |
Damien Miller | 99ac4e9 | 2010-06-26 09:36:58 +1000 | [diff] [blame] | 1388 | - djm@cvs.openbsd.org 2010/06/18 00:58:39 |
| 1389 | [sftp.c] |
| 1390 | unbreak ls in working directories that contains globbing characters in |
| 1391 | their pathnames. bz#1655 reported by vgiffin AT apple.com |
Damien Miller | 7aa46ec | 2010-06-26 09:37:57 +1000 | [diff] [blame] | 1392 | - djm@cvs.openbsd.org 2010/06/18 03:16:03 |
| 1393 | [session.c] |
| 1394 | Missing check for chroot_director == "none" (we already checked against |
| 1395 | NULL); bz#1564 from Jan.Pechanec AT Sun.COM |
Damien Miller | 4956631 | 2010-06-26 09:38:23 +1000 | [diff] [blame] | 1396 | - djm@cvs.openbsd.org 2010/06/18 04:43:08 |
| 1397 | [sftp-client.c] |
| 1398 | fix memory leak in do_realpath() error path; bz#1771, patch from |
| 1399 | anicka AT suse.cz |
Damien Miller | ab6de35 | 2010-06-26 09:38:45 +1000 | [diff] [blame] | 1400 | - djm@cvs.openbsd.org 2010/06/22 04:22:59 |
| 1401 | [servconf.c sshd_config.5] |
| 1402 | expose some more sshd_config options inside Match blocks: |
| 1403 | AuthorizedKeysFile AuthorizedPrincipalsFile |
| 1404 | HostbasedUsesNameFromPacketOnly PermitTunnel |
| 1405 | bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@ |
Damien Miller | ba3420a | 2010-06-26 09:39:07 +1000 | [diff] [blame] | 1406 | - djm@cvs.openbsd.org 2010/06/22 04:32:06 |
| 1407 | [ssh-keygen.c] |
| 1408 | standardise error messages when attempting to open private key |
| 1409 | files to include "progname: filename: error reason" |
| 1410 | bz#1783; ok dtucker@ |
Damien Miller | 48147d6 | 2010-06-26 09:39:25 +1000 | [diff] [blame] | 1411 | - djm@cvs.openbsd.org 2010/06/22 04:49:47 |
| 1412 | [auth.c] |
| 1413 | queue auth debug messages for bad ownership or permissions on the user's |
| 1414 | keyfiles. These messages will be sent after the user has successfully |
| 1415 | authenticated (where our client will display them with LogLevel=debug). |
Damien Miller | 0e76c5e | 2010-06-26 09:39:59 +1000 | [diff] [blame] | 1416 | bz#1554; ok dtucker@ |
| 1417 | - djm@cvs.openbsd.org 2010/06/22 04:54:30 |
| 1418 | [ssh-keyscan.c] |
| 1419 | replace verbose and overflow-prone Linebuf code with read_keyfile_line() |
| 1420 | based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@ |
Damien Miller | 1b2b61e | 2010-06-26 09:47:43 +1000 | [diff] [blame] | 1421 | - djm@cvs.openbsd.org 2010/06/22 04:59:12 |
| 1422 | [session.c] |
| 1423 | include the user name on "subsystem request for ..." log messages; |
| 1424 | bz#1571; ok dtucker@ |
Damien Miller | d834d35 | 2010-06-26 09:48:02 +1000 | [diff] [blame] | 1425 | - djm@cvs.openbsd.org 2010/06/23 02:59:02 |
| 1426 | [ssh-keygen.c] |
| 1427 | fix printing of extensions in v01 certificates that I broke in r1.190 |
Damien Miller | 232cfb1 | 2010-06-26 09:50:30 +1000 | [diff] [blame] | 1428 | - djm@cvs.openbsd.org 2010/06/25 07:14:46 |
| 1429 | [channels.c mux.c readconf.c readconf.h ssh.h] |
| 1430 | bz#1327: remove hardcoded limit of 100 permitopen clauses and port |
| 1431 | forwards per direction; ok markus@ stevesk@ |
Damien Miller | 8853ca5 | 2010-06-26 10:00:14 +1000 | [diff] [blame] | 1432 | - djm@cvs.openbsd.org 2010/06/25 07:20:04 |
| 1433 | [channels.c session.c] |
| 1434 | bz#1750: fix requirement for /dev/null inside ChrootDirectory for |
| 1435 | internal-sftp accidentally introduced in r1.253 by removing the code |
| 1436 | that opens and dup /dev/null to stderr and modifying the channels code |
| 1437 | to read stderr but discard it instead; ok markus@ |
Damien Miller | bda3eca | 2010-06-26 10:01:33 +1000 | [diff] [blame] | 1438 | - djm@cvs.openbsd.org 2010/06/25 08:46:17 |
| 1439 | [auth1.c auth2-none.c] |
| 1440 | skip the initial check for access with an empty password when |
| 1441 | PermitEmptyPasswords=no; bz#1638; ok markus@ |
Damien Miller | 383ffe6 | 2010-06-26 10:02:03 +1000 | [diff] [blame] | 1442 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 |
| 1443 | [ssh.c] |
| 1444 | log the hostname and address that we connected to at LogLevel=verbose |
| 1445 | after authentication is successful to mitigate "phishing" attacks by |
| 1446 | servers with trusted keys that accept authentication silently and |
| 1447 | automatically before presenting fake password/passphrase prompts; |
| 1448 | "nice!" markus@ |
Damien Miller | 1ab6a51 | 2010-06-26 10:02:24 +1000 | [diff] [blame] | 1449 | - djm@cvs.openbsd.org 2010/06/25 23:10:30 |
| 1450 | [ssh.c] |
| 1451 | log the hostname and address that we connected to at LogLevel=verbose |
| 1452 | after authentication is successful to mitigate "phishing" attacks by |
| 1453 | servers with trusted keys that accept authentication silently and |
| 1454 | automatically before presenting fake password/passphrase prompts; |
| 1455 | "nice!" markus@ |
Damien Miller | 2e77446 | 2010-06-26 09:30:47 +1000 | [diff] [blame] | 1456 | |
Damien Miller | d82a260 | 2010-06-22 15:02:39 +1000 | [diff] [blame] | 1457 | 20100622 |
| 1458 | - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512 |
| 1459 | bz#1579; ok dtucker |
| 1460 | |
Damien Miller | ea90979 | 2010-06-18 11:09:24 +1000 | [diff] [blame] | 1461 | 20100618 |
| 1462 | - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ |
| 1463 | rather than assuming that $CWD == $HOME. bz#1500, patch from |
| 1464 | timothy AT gelter.com |
| 1465 | |
Tim Rice | b9ae4ec | 2010-06-17 11:11:44 -0700 | [diff] [blame] | 1466 | 20100617 |
| 1467 | - (tim) [contrib/cygwin/README] Remove a reference to the obsolete |
| 1468 | minires-devel package, and to add the reference to the libedit-devel |
| 1469 | package since CYgwin now provides libedit. Patch from Corinna Vinschen. |
| 1470 | |
Damien Miller | 3bcce80 | 2010-05-21 14:48:16 +1000 | [diff] [blame] | 1471 | 20100521 |
| 1472 | - (djm) OpenBSD CVS Sync |
| 1473 | - djm@cvs.openbsd.org 2010/05/07 11:31:26 |
| 1474 | [regress/Makefile regress/cert-userkey.sh] |
| 1475 | regress tests for AuthorizedPrincipalsFile and "principals=" key option. |
| 1476 | feedback and ok markus@ |
Damien Miller | 3b90382 | 2010-05-21 14:56:25 +1000 | [diff] [blame] | 1477 | - djm@cvs.openbsd.org 2010/05/11 02:58:04 |
| 1478 | [auth-rsa.c] |
| 1479 | don't accept certificates marked as "cert-authority" here; ok markus@ |
Damien Miller | c6afb5f | 2010-05-21 14:56:47 +1000 | [diff] [blame] | 1480 | - djm@cvs.openbsd.org 2010/05/14 00:47:22 |
| 1481 | [ssh-add.c] |
| 1482 | check that the certificate matches the corresponding private key before |
| 1483 | grafting it on |
Damien Miller | d530f5f | 2010-05-21 14:57:10 +1000 | [diff] [blame] | 1484 | - djm@cvs.openbsd.org 2010/05/14 23:29:23 |
| 1485 | [channels.c channels.h mux.c ssh.c] |
| 1486 | Pause the mux channel while waiting for reply from aynch callbacks. |
| 1487 | Prevents misordering of replies if new requests arrive while waiting. |
| 1488 | |
| 1489 | Extend channel open confirm callback to allow signalling failure |
| 1490 | conditions as well as success. Use this to 1) fix a memory leak, 2) |
| 1491 | start using the above pause mechanism and 3) delay sending a success/ |
| 1492 | failure message on mux slave session open until we receive a reply from |
| 1493 | the server. |
| 1494 | |
| 1495 | motivated by and with feedback from markus@ |
Damien Miller | 388f6fc | 2010-05-21 14:57:35 +1000 | [diff] [blame] | 1496 | - markus@cvs.openbsd.org 2010/05/16 12:55:51 |
| 1497 | [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c] |
| 1498 | mux support for remote forwarding with dynamic port allocation, |
| 1499 | use with |
| 1500 | LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost` |
| 1501 | feedback and ok djm@ |
Damien Miller | 8439955 | 2010-05-21 14:58:12 +1000 | [diff] [blame] | 1502 | - djm@cvs.openbsd.org 2010/05/20 11:25:26 |
| 1503 | [auth2-pubkey.c] |
| 1504 | fix logspam when key options (from="..." especially) deny non-matching |
| 1505 | keys; reported by henning@ also bz#1765; ok markus@ dtucker@ |
Damien Miller | d0e4a8e | 2010-05-21 14:58:32 +1000 | [diff] [blame] | 1506 | - djm@cvs.openbsd.org 2010/05/20 23:46:02 |
| 1507 | [PROTOCOL.certkeys auth-options.c ssh-keygen.c] |
| 1508 | Move the permit-* options to the non-critical "extensions" field for v01 |
| 1509 | certificates. The logic is that if another implementation fails to |
| 1510 | implement them then the connection just loses features rather than fails |
| 1511 | outright. |
| 1512 | |
| 1513 | ok markus@ |
Damien Miller | 3bcce80 | 2010-05-21 14:48:16 +1000 | [diff] [blame] | 1514 | |
Darren Tucker | 5b6d0d0 | 2010-05-12 16:51:38 +1000 | [diff] [blame] | 1515 | 20100511 |
| 1516 | - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve |
| 1517 | circular dependency problem on old or odd platforms. From Tom Lane, ok |
| 1518 | djm@. |
Damien Miller | 4b1ec83 | 2010-05-12 17:49:59 +1000 | [diff] [blame] | 1519 | - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older |
| 1520 | libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't |
| 1521 | already. ok dtucker@ |
Darren Tucker | 5b6d0d0 | 2010-05-12 16:51:38 +1000 | [diff] [blame] | 1522 | |
Damien Miller | 50af79b | 2010-05-10 11:52:00 +1000 | [diff] [blame] | 1523 | 20100510 |
| 1524 | - OpenBSD CVS Sync |
| 1525 | - djm@cvs.openbsd.org 2010/04/23 01:47:41 |
| 1526 | [ssh-keygen.c] |
| 1527 | bz#1740: display a more helpful error message when $HOME is |
| 1528 | inaccessible while trying to create .ssh directory. Based on patch |
| 1529 | from jchadima AT redhat.com; ok dtucker@ |
Damien Miller | 85c50d7 | 2010-05-10 11:53:02 +1000 | [diff] [blame] | 1530 | - djm@cvs.openbsd.org 2010/04/23 22:27:38 |
| 1531 | [mux.c] |
| 1532 | set "detach_close" flag when registering channel cleanup callbacks. |
| 1533 | This causes the channel to close normally when its fds close and |
| 1534 | hangs when terminating a mux slave using ~. bz#1758; ok markus@ |
Damien Miller | 22a2988 | 2010-05-10 11:53:54 +1000 | [diff] [blame] | 1535 | - djm@cvs.openbsd.org 2010/04/23 22:42:05 |
| 1536 | [session.c] |
| 1537 | set stderr to /dev/null for subsystems rather than just closing it. |
| 1538 | avoids hangs if a subsystem or shell initialisation writes to stderr. |
| 1539 | bz#1750; ok markus@ |
Damien Miller | bebbb7e | 2010-05-10 11:54:38 +1000 | [diff] [blame] | 1540 | - djm@cvs.openbsd.org 2010/04/23 22:48:31 |
| 1541 | [ssh-keygen.c] |
| 1542 | refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS, |
| 1543 | since we would refuse to use them anyway. bz#1516; ok dtucker@ |
Damien Miller | 79442c0 | 2010-05-10 11:55:38 +1000 | [diff] [blame] | 1544 | - djm@cvs.openbsd.org 2010/04/26 22:28:24 |
| 1545 | [sshconnect2.c] |
| 1546 | bz#1502: authctxt.success is declared as an int, but passed by |
| 1547 | reference to function that accepts sig_atomic_t*. Convert it to |
| 1548 | the latter; ok markus@ dtucker@ |
Damien Miller | 2725c21 | 2010-05-10 11:56:14 +1000 | [diff] [blame] | 1549 | - djm@cvs.openbsd.org 2010/05/01 02:50:50 |
| 1550 | [PROTOCOL.certkeys] |
| 1551 | typo; jmeltzer@ |
Damien Miller | 099fc16 | 2010-05-10 11:56:50 +1000 | [diff] [blame] | 1552 | - dtucker@cvs.openbsd.org 2010/05/05 04:22:09 |
| 1553 | [sftp.c] |
| 1554 | restore mput and mget which got lost in the tab-completion changes. |
| 1555 | found by Kenneth Whitaker, ok djm@ |
Damien Miller | 30da344 | 2010-05-10 11:58:03 +1000 | [diff] [blame] | 1556 | - djm@cvs.openbsd.org 2010/05/07 11:30:30 |
| 1557 | [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c] |
| 1558 | [key.c servconf.c servconf.h sshd.8 sshd_config.5] |
| 1559 | add some optional indirection to matching of principal names listed |
| 1560 | in certificates. Currently, a certificate must include the a user's name |
| 1561 | to be accepted for authentication. This change adds the ability to |
| 1562 | specify a list of certificate principal names that are acceptable. |
| 1563 | |
| 1564 | When authenticating using a CA trusted through ~/.ssh/authorized_keys, |
| 1565 | this adds a new principals="name1[,name2,...]" key option. |
| 1566 | |
| 1567 | For CAs listed through sshd_config's TrustedCAKeys option, a new config |
| 1568 | option "AuthorizedPrincipalsFile" specifies a per-user file containing |
| 1569 | the list of acceptable names. |
| 1570 | |
| 1571 | If either option is absent, the current behaviour of requiring the |
| 1572 | username to appear in principals continues to apply. |
| 1573 | |
| 1574 | These options are useful for role accounts, disjoint account namespaces |
| 1575 | and "user@realm"-style naming policies in certificates. |
| 1576 | |
| 1577 | feedback and ok markus@ |
Damien Miller | 81d3fc5 | 2010-05-10 11:58:45 +1000 | [diff] [blame] | 1578 | - jmc@cvs.openbsd.org 2010/05/07 12:49:17 |
| 1579 | [sshd_config.5] |
| 1580 | tweak previous; |
Damien Miller | 50af79b | 2010-05-10 11:52:00 +1000 | [diff] [blame] | 1581 | |
Darren Tucker | 9f8703b | 2010-04-23 11:12:06 +1000 | [diff] [blame] | 1582 | 20100423 |
| 1583 | - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir |
| 1584 | in the openssl install directory (some newer openssl versions do this on at |
| 1585 | least some amd64 platforms). |
| 1586 | |
Damien Miller | c4eddee | 2010-04-18 08:07:43 +1000 | [diff] [blame] | 1587 | 20100418 |
| 1588 | - OpenBSD CVS Sync |
| 1589 | - jmc@cvs.openbsd.org 2010/04/16 06:45:01 |
| 1590 | [ssh_config.5] |
| 1591 | tweak previous; ok djm |
Damien Miller | 1f18142 | 2010-04-18 08:08:03 +1000 | [diff] [blame] | 1592 | - jmc@cvs.openbsd.org 2010/04/16 06:47:04 |
| 1593 | [ssh-keygen.1 ssh-keygen.c] |
| 1594 | tweak previous; ok djm |
Damien Miller | c617aa9 | 2010-04-18 08:08:20 +1000 | [diff] [blame] | 1595 | - djm@cvs.openbsd.org 2010/04/16 21:14:27 |
| 1596 | [sshconnect.c] |
| 1597 | oops, %r => remote username, not %u |
Damien Miller | 53f4bb6 | 2010-04-18 08:15:14 +1000 | [diff] [blame] | 1598 | - djm@cvs.openbsd.org 2010/04/16 01:58:45 |
| 1599 | [regress/cert-hostkey.sh regress/cert-userkey.sh] |
| 1600 | regression tests for v01 certificate format |
| 1601 | includes interop tests for v00 certs |
Darren Tucker | e25a9bd | 2010-04-18 13:35:00 +1000 | [diff] [blame] | 1602 | - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default |
| 1603 | file. |
Damien Miller | c4eddee | 2010-04-18 08:07:43 +1000 | [diff] [blame] | 1604 | |
Damien Miller | a45f1c0 | 2010-04-16 15:51:34 +1000 | [diff] [blame] | 1605 | 20100416 |
| 1606 | - (djm) Release openssh-5.5p1 |
Damien Miller | d6fc306 | 2010-04-16 15:51:45 +1000 | [diff] [blame] | 1607 | - OpenBSD CVS Sync |
| 1608 | - djm@cvs.openbsd.org 2010/03/26 03:13:17 |
| 1609 | [bufaux.c] |
| 1610 | allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer |
| 1611 | argument to allow skipping past values in a buffer |
Damien Miller | 67f30d7 | 2010-04-16 15:52:03 +1000 | [diff] [blame] | 1612 | - jmc@cvs.openbsd.org 2010/03/26 06:54:36 |
| 1613 | [ssh.1] |
| 1614 | tweak previous; |
Damien Miller | 544378d | 2010-04-16 15:52:24 +1000 | [diff] [blame] | 1615 | - jmc@cvs.openbsd.org 2010/03/27 14:26:55 |
| 1616 | [ssh_config.5] |
| 1617 | tweak previous; ok dtucker |
Damien Miller | deb5a14 | 2010-04-16 15:52:43 +1000 | [diff] [blame] | 1618 | - djm@cvs.openbsd.org 2010/04/10 00:00:16 |
| 1619 | [ssh.c] |
| 1620 | bz#1746 - suppress spurious tty warning when using -O and stdin |
| 1621 | is not a tty; ok dtucker@ markus@ |
Damien Miller | 6728399 | 2010-04-16 15:53:02 +1000 | [diff] [blame] | 1622 | - djm@cvs.openbsd.org 2010/04/10 00:04:30 |
| 1623 | [sshconnect.c] |
| 1624 | fix terminology: we didn't find a certificate in known_hosts, we found |
| 1625 | a CA key |
Damien Miller | 22c97f1 | 2010-04-16 15:53:23 +1000 | [diff] [blame] | 1626 | - djm@cvs.openbsd.org 2010/04/10 02:08:44 |
| 1627 | [clientloop.c] |
| 1628 | bz#1698: kill channel when pty allocation requests fail. Fixed |
| 1629 | stuck client if the server refuses pty allocation. |
| 1630 | ok dtucker@ "think so" markus@ |
Damien Miller | 8868065 | 2010-04-16 15:53:43 +1000 | [diff] [blame] | 1631 | - djm@cvs.openbsd.org 2010/04/10 02:10:56 |
| 1632 | [sshconnect2.c] |
| 1633 | show the key type that we are offering in debug(), helps distinguish |
| 1634 | between certs and plain keys as the path to the private key is usually |
| 1635 | the same. |
Damien Miller | 601a23c | 2010-04-16 15:54:01 +1000 | [diff] [blame] | 1636 | - djm@cvs.openbsd.org 2010/04/10 05:48:16 |
| 1637 | [mux.c] |
| 1638 | fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au |
Damien Miller | b1b1704 | 2010-04-16 15:54:19 +1000 | [diff] [blame] | 1639 | - djm@cvs.openbsd.org 2010/04/14 22:27:42 |
| 1640 | [ssh_config.5 sshconnect.c] |
| 1641 | expand %r => remote username in ssh_config:ProxyCommand; |
| 1642 | ok deraadt markus |
Damien Miller | 031c910 | 2010-04-16 15:54:44 +1000 | [diff] [blame] | 1643 | - markus@cvs.openbsd.org 2010/04/15 20:32:55 |
| 1644 | [ssh-pkcs11.c] |
| 1645 | retry lookup for private key if there's no matching key with CKA_SIGN |
| 1646 | attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736) |
| 1647 | ok djm@ |
Damien Miller | 4e270b0 | 2010-04-16 15:56:21 +1000 | [diff] [blame] | 1648 | - djm@cvs.openbsd.org 2010/04/16 01:47:26 |
| 1649 | [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c] |
| 1650 | [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c] |
| 1651 | [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c] |
| 1652 | [sshconnect.c sshconnect2.c sshd.c] |
| 1653 | revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the |
| 1654 | following changes: |
| 1655 | |
| 1656 | move the nonce field to the beginning of the certificate where it can |
| 1657 | better protect against chosen-prefix attacks on the signature hash |
| 1658 | |
| 1659 | Rename "constraints" field to "critical options" |
| 1660 | |
| 1661 | Add a new non-critical "extensions" field |
| 1662 | |
| 1663 | Add a serial number |
| 1664 | |
| 1665 | The older format is still support for authentication and cert generation |
| 1666 | (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate) |
| 1667 | |
| 1668 | ok markus@ |