blob: 8b1269324606920ad91618946044552e17011230 [file] [log] [blame]
Darren Tucker4d47ec92011-08-12 10:12:53 +1000120110812
2 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
3 change error by reporting old and new context names Patch from
4 jchadima at redhat.
5
Darren Tucker578451d2011-08-07 23:09:20 +1000620110807
7 - (dtucker) OpenBSD CVS Sync
8 - jmc@cvs.openbsd.org 2008/06/26 06:59:39
9 [moduli.5]
10 tweak previous;
Darren Tuckerf2794742011-08-07 23:10:11 +100011 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
12 [moduli.5]
13 "Diffie-Hellman" is the usual spelling for the cryptographic protocol
14 first published by Whitfield Diffie and Martin Hellman in 1976.
15 ok jmc@
Darren Tucker91e6b572011-08-07 23:10:56 +100016 - jmc@cvs.openbsd.org 2010/10/14 20:41:28
17 [moduli.5]
18 probabalistic -> probabilistic; from naddy
Darren Tuckerddccfb42011-08-07 23:12:26 +100019 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
20 [sftp.1]
21 typo, fix from Laurent Gautrot
Darren Tucker578451d2011-08-07 23:09:20 +100022
Damien Miller7741ce82011-08-06 06:15:15 +10002320110805
24 - OpenBSD CVS Sync
25 - djm@cvs.openbsd.org 2011/06/23 23:35:42
26 [monitor.c]
27 ignore EINTR errors from poll()
Damien Miller6ea5e442011-08-06 06:16:00 +100028 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
29 [authfd.c]
30 bzero the agent address. the kernel was for a while very cranky about
31 these things. evne though that's fixed, always good to initialize
32 memory. ok deraadt djm
Damien Miller35e48192011-08-06 06:16:23 +100033 - djm@cvs.openbsd.org 2011/07/29 14:42:45
34 [sandbox-systrace.c]
35 fail open(2) with EPERM rather than SIGKILLing the whole process. libc
36 will call open() to do strerror() when NLS is enabled;
37 feedback and ok markus@
Damien Milleradb467f2011-08-06 06:16:46 +100038 - markus@cvs.openbsd.org 2011/08/01 19:18:15
39 [gss-serv.c]
40 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
41 report Adam Zabrock; ok djm@, deraadt@
Damien Miller20bd4532011-08-06 06:17:30 +100042 - djm@cvs.openbsd.org 2011/08/02 01:22:11
43 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
44 Add new SHA256 and SHA512 based HMAC modes from
45 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
46 Patch from mdb AT juniper.net; feedback and ok markus@
Damien Millerc4718602011-08-06 06:17:48 +100047 - djm@cvs.openbsd.org 2011/08/02 23:13:01
48 [version.h]
49 crank now, release later
Damien Miller765f8c42011-08-06 06:18:16 +100050 - djm@cvs.openbsd.org 2011/08/02 23:15:03
51 [ssh.c]
52 typo in comment
Damien Miller7741ce82011-08-06 06:15:15 +100053
Damien Millercd5e52e2011-06-27 07:18:18 +10005420110624
55 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
56 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
57 markus@
58
Damien Miller82c55872011-06-23 08:20:30 +10005920110623
60 - OpenBSD CVS Sync
61 - djm@cvs.openbsd.org 2011/06/22 21:47:28
62 [servconf.c]
63 reuse the multistate option arrays to pretty-print options for "sshd -T"
Damien Miller69ff1df2011-06-23 08:30:03 +100064 - djm@cvs.openbsd.org 2011/06/22 21:57:01
65 [servconf.c servconf.h sshd.c sshd_config.5]
66 [configure.ac Makefile.in]
67 introduce sandboxing of the pre-auth privsep child using systrace(4).
68
69 This introduces a new "UsePrivilegeSeparation=sandbox" option for
70 sshd_config that applies mandatory restrictions on the syscalls the
71 privsep child can perform. This prevents a compromised privsep child
72 from being used to attack other hosts (by opening sockets and proxying)
73 or probing local kernel attack surface.
74
75 The sandbox is implemented using systrace(4) in unsupervised "fast-path"
76 mode, where a list of permitted syscalls is supplied. Any syscall not
77 on the list results in SIGKILL being sent to the privsep child. Note
78 that this requires a kernel with the new SYSTR_POLICY_KILL option.
79
80 UsePrivilegeSeparation=sandbox will become the default in the future
81 so please start testing it now.
82
83 feedback dtucker@; ok markus@
Damien Miller6d7b4372011-06-23 08:31:57 +100084 - djm@cvs.openbsd.org 2011/06/22 22:08:42
85 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
86 hook up a channel confirm callback to warn the user then requested X11
87 forwarding was refused by the server; ok markus@
Damien Millerdcbd41e2011-06-23 19:45:51 +100088 - djm@cvs.openbsd.org 2011/06/23 09:34:13
89 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
90 [sandbox-null.c]
91 rename sandbox.h => ssh-sandbox.h to make things easier for portable
Damien Miller80b62e32011-06-23 19:03:18 +100092 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
93 setrlimit(2)
Damien Miller82c55872011-06-23 08:20:30 +100094
Damien Miller6029e072011-06-20 14:22:49 +10009520110620
96 - OpenBSD CVS Sync
97 - djm@cvs.openbsd.org 2011/06/04 00:10:26
98 [ssh_config.5]
99 explain IdentifyFile's semantics a little better, prompted by bz#1898
100 ok dtucker jmc
Damien Millere7ac2bd2011-06-20 14:23:25 +1000101 - markus@cvs.openbsd.org 2011/06/14 22:49:18
102 [authfile.c]
103 make sure key_parse_public/private_rsa1() no longer consumes its input
104 buffer. fixes ssh-add for passphrase-protected ssh1-keys;
105 noted by naddy@; ok djm@
Damien Miller8f0bf232011-06-20 14:42:23 +1000106 - djm@cvs.openbsd.org 2011/06/17 21:44:31
107 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
108 make the pre-auth privsep slave log via a socketpair shared with the
109 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Damien Millerf145a5b2011-06-20 14:42:51 +1000110 - djm@cvs.openbsd.org 2011/06/17 21:46:16
111 [sftp-server.c]
112 the protocol version should be unsigned; bz#1913 reported by mb AT
113 smartftp.com
Damien Miller33322122011-06-20 14:43:11 +1000114 - djm@cvs.openbsd.org 2011/06/17 21:47:35
115 [servconf.c]
116 factor out multi-choice option parsing into a parse_multistate label
117 and some support structures; ok dtucker@
Damien Miller4ac99c32011-06-20 14:43:31 +1000118 - djm@cvs.openbsd.org 2011/06/17 21:57:25
119 [clientloop.c]
120 setproctitle for a mux master that has been gracefully stopped;
121 bz#1911 from Bert.Wesarg AT googlemail.com
Damien Miller6029e072011-06-20 14:22:49 +1000122
Darren Tuckerc412c152011-06-03 10:35:23 +100012320110603
124 - (dtucker) [README version.h contrib/caldera/openssh.spec
125 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
126 bumps from the 5.8p2 branch into HEAD. ok djm.
Tim Rice90f42b02011-06-02 18:17:49 -0700127 - (tim) [configure.ac defines.h] Run test program to detect system mail
128 directory. Add --with-maildir option to override. Fixed OpenServer 6
129 getting it wrong. Fixed many systems having MAIL=/var/mail//username
130 ok dtucker
Darren Tuckerc3c72272011-06-03 11:20:06 +1000131 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
132 unconditionally in other places and the survey data we have does not show
133 any systems that use it. "nuke it" djm@
Damien Millerc09182f2011-06-03 12:11:38 +1000134 - (djm) [configure.ac] enable setproctitle emulation for OS X
135 - (djm) OpenBSD CVS Sync
Damien Millerea2c1a42011-06-03 12:10:22 +1000136 - djm@cvs.openbsd.org 2011/06/03 00:54:38
137 [ssh.c]
138 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
139 AT googlemail.com; ok dtucker@
140 NB. includes additional portability code to enable setproctitle emulation
141 on platforms that don't support it.
Darren Tucker3e78a512011-06-03 14:14:16 +1000142 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
143 [ssh-agent.c]
144 Check current parent process ID against saved one to determine if the parent
145 has exited, rather than attempting to send a zero signal, since the latter
146 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
147 Gillmor, ok djm@
Darren Tucker260c8fb2011-06-03 14:17:27 +1000148 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
149 [regress/dynamic-forward.sh]
150 back out revs 1.6 and 1.5 since it's not reliable
Darren Tucker75e035c2011-06-03 14:18:17 +1000151 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
152 [regress/dynamic-forward.sh]
153 work around startup and teardown races; caught by deraadt
Darren Tuckerbf4d05a2011-06-03 14:19:02 +1000154 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
155 [regress/dynamic-forward.sh]
156 Retry establishing the port forwarding after a small delay, should make
157 the tests less flaky when the previous test is slow to shut down and free
158 up the port.
Tim Ricebc481572011-06-02 22:26:19 -0700159 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
Darren Tuckerc412c152011-06-03 10:35:23 +1000160
Damien Millerd8478b62011-05-29 21:39:36 +100016120110529
162 - (djm) OpenBSD CVS Sync
163 - djm@cvs.openbsd.org 2011/05/23 03:30:07
164 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
165 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
166 allow AuthorizedKeysFile to specify multiple files, separated by spaces.
167 Bring back authorized_keys2 as a default search path (to avoid breaking
168 existing users of this file), but override this in sshd_config so it will
169 be no longer used on fresh installs. Maybe in 2015 we can remove it
170 entierly :)
171
172 feedback and ok markus@ dtucker@
Damien Miller1dd66e52011-05-29 21:40:42 +1000173 - djm@cvs.openbsd.org 2011/05/23 03:33:38
174 [auth.c]
175 make secure_filename() spam debug logs less
Damien Miller201f4252011-05-29 21:41:03 +1000176 - djm@cvs.openbsd.org 2011/05/23 03:52:55
177 [sshconnect.c]
178 remove extra newline
Damien Millerb9132fc2011-05-29 21:41:40 +1000179 - jmc@cvs.openbsd.org 2011/05/23 07:10:21
180 [sshd.8 sshd_config.5]
181 tweak previous; ok djm
Damien Miller04bb56e2011-05-29 21:42:08 +1000182 - djm@cvs.openbsd.org 2011/05/23 07:24:57
183 [authfile.c]
184 read in key comments for v.2 keys (though note that these are not
185 passed over the agent protocol); bz#439, based on patch from binder
186 AT arago.de; ok markus@
Damien Miller295ee632011-05-29 21:42:31 +1000187 - djm@cvs.openbsd.org 2011/05/24 07:15:47
188 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
189 Remove undocumented legacy options UserKnownHostsFile2 and
190 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
191 accept multiple paths per line and making their defaults include
192 known_hosts2; ok markus
Damien Miller8cb35872011-05-29 21:59:10 +1000193 - djm@cvs.openbsd.org 2011/05/23 03:31:31
194 [regress/cfgmatch.sh]
195 include testing of multiple/overridden AuthorizedKeysFiles
196 refactor to simply daemon start/stop and get rid of racy constructs
Damien Millerd8478b62011-05-29 21:39:36 +1000197
Damien Miller14684a12011-05-20 11:23:07 +100019820110520
199 - (djm) [session.c] call setexeccon() before executing passwd for pw
200 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
Damien Miller989bb7f2011-05-20 18:56:30 +1000201 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
202 options, we should corresponding -W-option when trying to determine
203 whether it is accepted. Also includes a warning fix on the program
204 fragment uses (bad main() return type).
205 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
Damien Millerec2eaa32011-05-20 18:57:14 +1000206 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
Damien Miller814ace02011-05-20 19:02:47 +1000207 - OpenBSD CVS Sync
208 - djm@cvs.openbsd.org 2011/05/15 08:09:01
209 [authfd.c monitor.c serverloop.c]
210 use FD_CLOEXEC consistently; patch from zion AT x96.org
Damien Miller8f639fe2011-05-20 19:03:08 +1000211 - djm@cvs.openbsd.org 2011/05/17 07:13:31
212 [key.c]
213 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
214 and fix the regress test that was trying to generate them :)
Damien Miller5d74e582011-05-20 19:03:31 +1000215 - djm@cvs.openbsd.org 2011/05/20 00:55:02
216 [servconf.c]
217 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
218 and AuthorizedPrincipalsFile were not being correctly applied in
219 Match blocks, despite being overridable there; ok dtucker@
Damien Millerc2411902011-05-20 19:03:49 +1000220 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
221 [servconf.c]
222 Add comment documenting what should be after the preauth check. ok djm
Damien Millerf2e407e2011-05-20 19:04:14 +1000223 - djm@cvs.openbsd.org 2011/05/20 03:25:45
224 [monitor.c monitor_wrap.c servconf.c servconf.h]
225 use a macro to define which string options to copy between configs
226 for Match. This avoids problems caused by forgetting to keep three
227 code locations in perfect sync and ordering
228
229 "this is at once beautiful and horrible" + ok dtucker@
Damien Millerf67188f2011-05-20 19:06:48 +1000230 - djm@cvs.openbsd.org 2011/05/17 07:13:31
231 [regress/cert-userkey.sh]
232 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
233 and fix the regress test that was trying to generate them :)
Damien Miller3045b452011-05-20 19:07:45 +1000234 - djm@cvs.openbsd.org 2011/05/20 02:43:36
235 [cert-hostkey.sh]
236 another attempt to generate a v00 ECDSA key that broke the test
237 ID sync only - portable already had this somehow
Damien Miller7b9451f2011-05-20 19:08:11 +1000238 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
239 [dynamic-forward.sh]
240 Prevent races in dynamic forwarding test; ok djm
Damien Milleracacced2011-05-20 19:08:40 +1000241 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
242 [dynamic-forward.sh]
243 fix dumb error in dynamic-forward test
Damien Miller14684a12011-05-20 11:23:07 +1000244
Damien Miller60432d82011-05-15 08:34:46 +100024520110515
246 - (djm) OpenBSD CVS Sync
247 - djm@cvs.openbsd.org 2011/05/05 05:12:08
248 [mux.c]
249 gracefully fall back when ControlPath is too large for a
250 sockaddr_un. ok markus@ as part of a larger diff
Damien Millerfd53abd2011-05-15 08:36:02 +1000251 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
252 [sshd_config]
253 clarify language about overriding defaults. bz#1892, from Petr Cerny
Damien Miller58a77e22011-05-15 08:36:29 +1000254 - djm@cvs.openbsd.org 2011/05/06 01:09:53
255 [sftp.1]
256 mention that IPv6 addresses must be enclosed in square brackets;
257 bz#1845
Damien Miller78c40c32011-05-15 08:36:59 +1000258 - djm@cvs.openbsd.org 2011/05/06 02:05:41
259 [sshconnect2.c]
260 fix memory leak; bz#1849 ok dtucker@
Damien Millerd2ac5d72011-05-15 08:43:13 +1000261 - djm@cvs.openbsd.org 2011/05/06 21:14:05
262 [packet.c packet.h]
263 set traffic class for IPv6 traffic as we do for IPv4 TOS;
264 patch from lionel AT mamane.lu via Colin Watson in bz#1855;
265 ok markus@
Damien Millerdfc85fa2011-05-15 08:44:02 +1000266 - djm@cvs.openbsd.org 2011/05/06 21:18:02
267 [ssh.c ssh_config.5]
268 add a %L expansion (short-form of the local host name) for ControlPath;
269 sync some more expansions with LocalCommand; ok markus@
Damien Millerfe924212011-05-15 08:44:45 +1000270 - djm@cvs.openbsd.org 2011/05/06 21:31:38
271 [readconf.c ssh_config.5]
272 support negated Host matching, e.g.
273
274 Host *.example.org !c.example.org
275 User mekmitasdigoat
276
277 Will match "a.example.org", "b.example.org", but not "c.example.org"
278 ok markus@
Damien Miller21771e22011-05-15 08:45:50 +1000279 - djm@cvs.openbsd.org 2011/05/06 21:34:32
280 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
281 Add a RequestTTY ssh_config option to allow configuration-based
282 control over tty allocation (like -t/-T); ok markus@
Damien Millera6bbbe42011-05-15 08:46:29 +1000283 - djm@cvs.openbsd.org 2011/05/06 21:38:58
284 [ssh.c]
285 fix dropping from previous diff
Damien Millerc067f622011-05-15 08:46:54 +1000286 - djm@cvs.openbsd.org 2011/05/06 22:20:10
287 [PROTOCOL.mux]
288 fix numbering; from bert.wesarg AT googlemail.com
Damien Miller486dd2e2011-05-15 08:47:18 +1000289 - jmc@cvs.openbsd.org 2011/05/07 23:19:39
290 [ssh_config.5]
291 - tweak previous
292 - come consistency fixes
293 ok djm
Damien Millerf4b32aa2011-05-15 08:47:43 +1000294 - jmc@cvs.openbsd.org 2011/05/07 23:20:25
295 [ssh.1]
296 +.It RequestTTY
Damien Miller555f3b82011-05-15 08:48:05 +1000297 - djm@cvs.openbsd.org 2011/05/08 12:52:01
298 [PROTOCOL.mux clientloop.c clientloop.h mux.c]
299 improve our behaviour when TTY allocation fails: if we are in
300 RequestTTY=auto mode (the default), then do not treat at TTY
301 allocation error as fatal but rather just restore the local TTY
302 to cooked mode and continue. This is more graceful on devices that
303 never allocate TTYs.
304
305 If RequestTTY is set to "yes" or "force", then failure to allocate
306 a TTY is fatal.
307
308 ok markus@
Damien Miller32198242011-05-15 08:50:32 +1000309 - djm@cvs.openbsd.org 2011/05/10 05:46:46
310 [authfile.c]
311 despam debug() logs by detecting that we are trying to load a private key
312 in key_try_load_public() and returning early; ok markus@
Damien Miller7c1b2c42011-05-15 08:51:05 +1000313 - djm@cvs.openbsd.org 2011/05/11 04:47:06
314 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
315 remove support for authorized_keys2; it is a relic from the early days
316 of protocol v.2 support and has been undocumented for many years;
317 ok markus@
Damien Miller9d276b82011-05-15 08:51:43 +1000318 - djm@cvs.openbsd.org 2011/05/13 00:05:36
319 [authfile.c]
320 warn on unexpected key type in key_parse_private_type()
Damien Miller23f425b2011-05-15 08:58:15 +1000321 - (djm) [packet.c] unbreak portability #endif
Damien Miller60432d82011-05-15 08:34:46 +1000322
Darren Tuckerd6548fe2011-05-10 11:13:36 +100032320110510
324 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
325 --with-ssl-engine which was broken with the change from deprecated
326 SSLeay_add_all_algorithms(). ok djm
327
Darren Tucker343f75f2011-05-06 10:43:50 +100032820110506
329 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
330 for closefrom() in test code. Report from Dan Wallis via Gentoo.
331
Damien Miller68790fe2011-05-05 11:19:13 +100033220110505
333 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
334 definitions. From des AT des.no
Damien Millerf22019b2011-05-05 13:48:37 +1000335 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
336 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
337 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
338 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
339 [regress/README.regress] Remove ssh-rand-helper and all its
340 tentacles. PRNGd seeding has been rolled into entropy.c directly.
341 Thanks to tim@ for testing on affected platforms.
Damien Miller3fcdfd52011-05-05 14:04:11 +1000342 - OpenBSD CVS Sync
343 - djm@cvs.openbsd.org 2011/03/10 02:52:57
Damien Millerb2da7d12011-05-05 14:04:50 +1000344 [auth2-gss.c auth2.c auth.h]
Damien Miller3fcdfd52011-05-05 14:04:11 +1000345 allow GSSAPI authentication to detect when a server-side failure causes
346 authentication failure and don't count such failures against MaxAuthTries;
347 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
Damien Millerc5219e72011-05-05 14:05:12 +1000348 - okan@cvs.openbsd.org 2011/03/15 10:36:02
349 [ssh-keyscan.c]
350 use timerclear macro
351 ok djm@
Damien Miller58f1baf2011-05-05 14:06:15 +1000352 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
353 [ssh-keygen.1 ssh-keygen.c]
354 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
355 for which host keys do not exist, generate the host keys with the
356 default key file path, an empty passphrase, default bits for the key
357 type, and default comment. This will be used by /etc/rc to generate
358 new host keys. Idea from deraadt.
359 ok deraadt
Damien Miller4a4d1612011-05-05 14:06:39 +1000360 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
361 [ssh-keygen.1]
362 -q not used in /etc/rc now so remove statement.
Damien Miller11143192011-05-05 14:13:25 +1000363 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
364 [ssh-keygen.c]
365 remove -d, documentation removed >10 years ago; ok markus
Damien Miller3ca1eb32011-05-05 14:13:50 +1000366 - jmc@cvs.openbsd.org 2011/03/24 15:29:30
367 [ssh-keygen.1]
368 zap trailing whitespace;
Damien Miller044f4a62011-05-05 14:14:08 +1000369 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
370 [ssh-keygen.c]
371 use strcasecmp() for "clear" cert permission option also; ok djm
Damien Miller91475862011-05-05 14:14:34 +1000372 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
373 [misc.c misc.h servconf.c]
374 print ipqos friendly string for sshd -T; ok markus
375 # sshd -Tf sshd_config|grep ipqos
376 ipqos lowdelay throughput
Damien Miller884b63a2011-05-05 14:14:52 +1000377 - djm@cvs.openbsd.org 2011/04/12 04:23:50
378 [ssh-keygen.c]
379 fix -Wshadow
Damien Miller26b57ce2011-05-05 14:15:09 +1000380 - djm@cvs.openbsd.org 2011/04/12 05:32:49
381 [sshd.c]
382 exit with 0 status on SIGTERM; bz#1879
Damien Miller085c90f2011-05-05 14:15:33 +1000383 - djm@cvs.openbsd.org 2011/04/13 04:02:48
384 [ssh-keygen.1]
385 improve wording; bz#1861
Damien Millerad210322011-05-05 14:15:54 +1000386 - djm@cvs.openbsd.org 2011/04/13 04:09:37
387 [ssh-keygen.1]
388 mention valid -b sizes for ECDSA keys; bz#1862
Damien Miller6c3eec72011-05-05 14:16:22 +1000389 - djm@cvs.openbsd.org 2011/04/17 22:42:42
390 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
391 allow graceful shutdown of multiplexing: request that a mux server
392 removes its listener socket and refuse future multiplexing requests;
393 ok markus@
Damien Miller8cb1cda2011-05-05 14:16:56 +1000394 - djm@cvs.openbsd.org 2011/04/18 00:46:05
395 [ssh-keygen.c]
396 certificate options are supposed to be packed in lexical order of
397 option name (though we don't actually enforce this at present).
398 Move one up that was out of sequence
Damien Miller2ce12ef2011-05-05 14:17:18 +1000399 - djm@cvs.openbsd.org 2011/05/04 21:15:29
400 [authfile.c authfile.h ssh-add.c]
401 allow "ssh-add - < key"; feedback and ok markus@
Tim Rice19d81812011-05-04 21:44:25 -0700402 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
403 so autoreconf 2.68 is happy.
Tim Rice9abb6972011-05-04 23:06:59 -0700404 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
Damien Miller68790fe2011-05-05 11:19:13 +1000405
Darren Tuckere541aaa2011-02-21 21:41:29 +110040620110221
407 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
408 Cygwin-specific service installer script ssh-host-config. The actual
409 functionality is the same, the revisited version is just more
410 exact when it comes to check for problems which disallow to run
411 certain aspects of the script. So, part of this script and the also
412 rearranged service helper script library "csih" is to check if all
413 the tools required to run the script are available on the system.
414 The new script also is more thorough to inform the user why the
415 script failed. Patch from vinschen at redhat com.
416
Damien Miller0588beb2011-02-18 09:18:45 +110041720110218
418 - OpenBSD CVS Sync
419 - djm@cvs.openbsd.org 2011/02/16 00:31:14
420 [ssh-keysign.c]
421 make hostbased auth with ECDSA keys work correctly. Based on patch
422 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
423
Darren Tucker3b9617e2011-02-06 13:24:35 +110042420110206
425 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
426 selinux code. Patch from Leonardo Chiquitto
Darren Tuckerea676a62011-02-06 13:31:23 +1100427 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
428 generation and simplify. Patch from Corinna Vinschen.
Darren Tucker3b9617e2011-02-06 13:24:35 +1100429
Damien Millerb407dd82011-02-04 11:46:39 +110043020110204
431 - OpenBSD CVS Sync
432 - djm@cvs.openbsd.org 2011/01/31 21:42:15
433 [PROTOCOL.mux]
434 cut'n'pasto; from bert.wesarg AT googlemail.com
Damien Miller0a5f0122011-02-04 11:47:01 +1100435 - djm@cvs.openbsd.org 2011/02/04 00:44:21
436 [key.c]
437 fix uninitialised nonce variable; reported by Mateusz Kocielski
Damien Millera6981272011-02-04 11:47:20 +1100438 - djm@cvs.openbsd.org 2011/02/04 00:44:43
439 [version.h]
440 openssh-5.8
Damien Miller0d30b092011-02-04 12:43:36 +1100441 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
442 [contrib/suse/openssh.spec] update versions in docs and spec files.
443 - Release OpenSSH 5.8p1
Damien Millerb407dd82011-02-04 11:46:39 +1100444
Damien Millerd4a55042011-01-28 10:30:18 +110044520110128
446 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
447 before attempting setfscreatecon(). Check whether matchpathcon()
448 succeeded before using its result. Patch from cjwatson AT debian.org;
449 bz#1851
450
Tim Riced069c482011-01-26 12:32:12 -080045120110127
452 - (tim) [config.guess config.sub] Sync with upstream.
Tim Rice648f8762011-01-26 12:38:57 -0800453 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
454 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
455 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
456 space changes for consistency/readability. Makes autoconf 2.68 happy.
457 "Nice work" djm
Tim Riced069c482011-01-26 12:32:12 -0800458
Damien Miller71adf122011-01-25 12:16:15 +110045920110125
460 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
461 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
462 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
463 building with SELinux support to avoid linking failure; report from
464 amk AT spamfence.net; ok dtucker
465
Darren Tucker79241372011-01-22 09:37:01 +110046620110122
467 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
468 RSA_get_default_method() for the benefit of openssl versions that don't
469 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
470 ok djm@.
Damien Millerad4b1ad2011-01-22 20:21:33 +1100471 - OpenBSD CVS Sync
472 - djm@cvs.openbsd.org 2011/01/22 09:18:53
473 [version.h]
474 crank to OpenSSH-5.7
Damien Miller966accc2011-01-22 20:23:10 +1100475 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
476 [contrib/suse/openssh.spec] update versions in docs and spec files.
Damien Miller6f8f04b2011-01-22 20:25:11 +1100477 - (djm) Release 5.7p1
Darren Tucker79241372011-01-22 09:37:01 +1100478
Tim Rice15e1b4d2011-01-18 20:47:04 -080047920110119
480 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
481 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
Damien Millere323ebc2011-01-19 23:12:27 +1100482 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
483 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
484 release testing (random crashes and failure to load ECC keys).
485 ok dtucker@
Tim Rice15e1b4d2011-01-18 20:47:04 -0800486
Damien Miller369c0e82011-01-17 10:51:40 +110048720110117
488 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
489 $PATH, fix cleanup of droppings; reported by openssh AT
490 roumenpetrov.info; ok dtucker@
Damien Millerfd3669e2011-01-17 11:20:18 +1100491 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
492 its unique snowflake of a gdb error to the ones we look for.
Damien Miller1ccbfa82011-01-17 11:52:40 +1100493 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
494 ssh-add to avoid $SUDO failures on Linux
Darren Tucker0c93adc2011-01-17 11:55:59 +1100495 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
496 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
497 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
Damien Miller58497782011-01-17 16:17:09 +1100498 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
499 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
500 disabled on platforms that do not support them; add a "config_defined()"
501 shell function that greps for defines in config.h and use them to decide
502 on feature tests.
503 Convert a couple of existing grep's over config.h to use the new function
504 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
505 backslash characters in filenames, enable it for Cygwin and use it to turn
506 of tests for quotes backslashes in sftp-glob.sh.
507 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
Tim Rice6dfcd342011-01-16 22:53:56 -0800508 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
Darren Tucker263d43d2011-01-17 18:50:22 +1100509 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
510 the tinderbox.
Darren Tuckerea52a822011-01-17 21:15:27 +1100511 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
512 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
513 support, based on patches from Tomas Mraz and jchadima at redhat.
Damien Miller369c0e82011-01-17 10:51:40 +1100514
Darren Tucker50c61f82011-01-16 18:28:09 +110051520110116
516 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
517 on configurations that don't have it.
Damien Miller4791f9d2011-01-16 23:16:53 +1100518 - OpenBSD CVS Sync
519 - djm@cvs.openbsd.org 2011/01/16 11:50:05
520 [clientloop.c]
521 Use atomicio when flushing protocol 1 std{out,err} buffers at
522 session close. This was a latent bug exposed by setting a SIGCHLD
523 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
Damien Miller6fb6fd52011-01-16 23:17:45 +1100524 - djm@cvs.openbsd.org 2011/01/16 11:50:36
525 [sshconnect.c]
526 reset the SIGPIPE handler when forking to execute child processes;
527 ok dtucker@
Damien Millercfd6e4f2011-01-16 23:18:33 +1100528 - djm@cvs.openbsd.org 2011/01/16 12:05:59
529 [clientloop.c]
530 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
531 now that we use atomicio(), convert them from while loops to if statements
532 add test and cast to compile cleanly with -Wsigned
Darren Tucker50c61f82011-01-16 18:28:09 +1100533
Darren Tucker08f83882011-01-16 18:24:04 +110053420110114
Damien Miller445c9a52011-01-14 12:01:29 +1100535 - OpenBSD CVS Sync
536 - djm@cvs.openbsd.org 2011/01/13 21:54:53
537 [mux.c]
538 correct error messages; patch from bert.wesarg AT googlemail.com
Damien Miller42747df2011-01-14 12:01:50 +1100539 - djm@cvs.openbsd.org 2011/01/13 21:55:25
540 [PROTOCOL.mux]
541 correct protocol names and add a couple of missing protocol number
542 defines; patch from bert.wesarg AT googlemail.com
Damien Millere9b40482011-01-14 14:47:37 +1100543 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
544 host-key-force target rather than a substitution that is replaced with a
545 comment so that the Makefile.in is still a syntactically valid Makefile
546 (useful to run the distprep target)
Tim Rice02d99da2011-01-13 22:20:27 -0800547 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
Tim Ricec5c346b2011-01-13 22:36:14 -0800548 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
549 ecdsa bits.
Damien Miller445c9a52011-01-14 12:01:29 +1100550
Darren Tucker08f83882011-01-16 18:24:04 +110055120110113
Damien Miller1708cb72011-01-13 12:21:34 +1100552 - (djm) [misc.c] include time.h for nanosleep() prototype
Tim Ricecce927c2011-01-12 19:06:31 -0800553 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
Tim Rice9b87a5c2011-01-12 22:35:43 -0800554 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
555 ecdsa keys. ok djm.
Damien Millerff22df52011-01-13 21:05:27 +1100556 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
557 gcc warning on platforms where it defaults to int
Damien Millercbaf8e62011-01-13 21:08:27 +1100558 - (djm) [regress/Makefile] add a few more generated files to the clean
559 target
Damien Miller9b160862011-01-13 22:00:20 +1100560 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
561 #define that was causing diffie-hellman-group-exchange-sha256 to be
562 incorrectly disabled
Damien Miller52788062011-01-13 22:05:14 +1100563 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
564 should not depend on ECC support
Damien Miller1708cb72011-01-13 12:21:34 +1100565
Darren Tucker08f83882011-01-16 18:24:04 +110056620110112
Damien Millerb66e9172011-01-12 13:30:18 +1100567 - OpenBSD CVS Sync
568 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
569 [openbsd-compat/glob.c]
570 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
571 from ARG_MAX to 64K.
572 Fixes glob-using programs (notably ftp) able to be triggered to hit
573 resource limits.
574 Idea from a similar NetBSD change, original problem reported by jasper@.
575 ok millert tedu jasper
Damien Miller4927aaf2011-01-12 13:32:03 +1100576 - djm@cvs.openbsd.org 2011/01/12 01:53:14
577 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
578 and sanity check arguments (these will be unnecessary when we switch
579 struct glob members from being type into to size_t in the future);
580 "looks ok" tedu@ feedback guenther@
Damien Miller945aa0c2011-01-12 13:34:02 +1100581 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
582 silly warnings on write() calls we don't care succeed or not.
Damien Miller134d02a2011-01-12 16:00:37 +1100583 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
584 flag tests that don't depend on gcc version at all; suggested by and
585 ok dtucker@
Damien Millerb66e9172011-01-12 13:30:18 +1100586
Tim Rice076a3b92011-01-10 12:56:26 -080058720110111
588 - (tim) [regress/host-expand.sh] Fix for building outside of read only
589 source tree.
Damien Miller81ad4b12011-01-11 17:02:23 +1100590 - (djm) [platform.c] Some missing includes that show up under -Werror
Damien Millerb73b6fd2011-01-11 17:18:56 +1100591 - OpenBSD CVS Sync
592 - djm@cvs.openbsd.org 2011/01/08 10:51:51
593 [clientloop.c]
594 use host and not options.hostname, as the latter may have unescaped
595 substitution characters
Damien Millera256c8d2011-01-11 17:20:05 +1100596 - djm@cvs.openbsd.org 2011/01/11 06:06:09
597 [sshlogin.c]
598 fd leak on error paths; from zinovik@
599 NB. Id sync only; we use loginrec.c that was also audited and fixed
600 recently
Damien Miller821de0a2011-01-11 17:20:29 +1100601 - djm@cvs.openbsd.org 2011/01/11 06:13:10
602 [clientloop.c ssh-keygen.c sshd.c]
603 some unsigned long long casts that make things a bit easier for
604 portable without resorting to dropping PRIu64 formats everywhere
Tim Rice076a3b92011-01-10 12:56:26 -0800605
Damien Millere63b7f22011-01-09 09:19:50 +110060620110109
607 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
608 openssh AT roumenpetrov.info
609
Damien Miller996384d2011-01-08 21:58:20 +110061020110108
611 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
612 test on OSX and others. Reported by imorgan AT nas.nasa.gov
613
Damien Miller322125b2011-01-07 09:50:08 +110061420110107
615 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
616 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
Damien Miller83f8a402011-01-07 09:51:17 +1100617 - djm@cvs.openbsd.org 2011/01/06 22:23:53
618 [ssh.c]
619 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
620 googlemail.com; ok markus@
Damien Miller64abf312011-01-07 09:51:52 +1100621 - djm@cvs.openbsd.org 2011/01/06 22:23:02
622 [clientloop.c]
623 when exiting due to ServerAliveTimeout, mention the hostname that caused
624 it (useful with backgrounded controlmaster)
Damien Miller7d06b002011-01-07 09:54:20 +1100625 - djm@cvs.openbsd.org 2011/01/06 22:46:21
626 [regress/Makefile regress/host-expand.sh]
627 regress test for LocalCommand %n expansion from bert.wesarg AT
628 googlemail.com; ok markus@
Damien Millered3a8eb2011-01-07 10:02:52 +1100629 - djm@cvs.openbsd.org 2011/01/06 23:01:35
630 [sshconnect.c]
631 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
632 ok markus@
Damien Miller322125b2011-01-07 09:50:08 +1100633
Damien Millerf1211432011-01-06 22:40:30 +110063420110106
635 - (djm) OpenBSD CVS Sync
636 - markus@cvs.openbsd.org 2010/12/08 22:46:03
637 [scp.1 scp.c]
638 add a new -3 option to scp: Copies between two remote hosts are
639 transferred through the local host. Without this option the data
640 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
Damien Miller907998d2011-01-06 22:41:21 +1100641 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
642 [scp.1 scp.c]
643 scp.1: grammer fix
644 scp.c: add -3 to usage()
Damien Miller05c89972011-01-06 22:42:04 +1100645 - markus@cvs.openbsd.org 2010/12/14 11:59:06
646 [sshconnect.c]
647 don't mention key type in key-changed-warning, since we also print
648 this warning if a new key type appears. ok djm@
Damien Miller106079c2011-01-06 22:43:44 +1100649 - djm@cvs.openbsd.org 2010/12/15 00:49:27
650 [readpass.c]
651 fix ControlMaster=ask regression
652 reset SIGCHLD handler before fork (and restore it after) so we don't miss
653 the the askpass child's exit status. Correct test for exit status/signal to
654 account for waitpid() failure; with claudio@ ok claudio@ markus@
Damien Millerde53fd02011-01-06 22:44:18 +1100655 - djm@cvs.openbsd.org 2010/12/24 21:41:48
656 [auth-options.c]
657 don't send the actual forced command in a debug message; ok markus deraadt
Damien Miller8ad960b2011-01-06 22:44:44 +1100658 - otto@cvs.openbsd.org 2011/01/04 20:44:13
659 [ssh-keyscan.c]
660 handle ecdsa-sha2 with various key lengths; hint and ok djm@
Damien Millerf1211432011-01-06 22:40:30 +1100661
Damien Miller30a69e72011-01-04 08:16:27 +110066220110104
663 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
664 formatter if it is present, followed by nroff and groff respectively.
665 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
666 in favour of mandoc). feedback and ok tim
667
66820110103
Damien Millerd197fd62011-01-03 14:48:14 +1100669 - (djm) [Makefile.in] revert local hack I didn't intend to commit
670
67120110102
Damien Miller4a06f922011-01-02 21:43:59 +1100672 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
Damien Miller41bccf72011-01-02 21:53:07 +1100673 - (djm) [configure.ac] Check whether libdes is needed when building
674 with Heimdal krb5 support. On OpenBSD this library no longer exists,
675 so linking it unconditionally causes a build failure; ok dtucker
Damien Miller4a06f922011-01-02 21:43:59 +1100676
Damien Miller928362d2010-12-26 14:26:45 +110067720101226
678 - (dtucker) OpenBSD CVS Sync
679 - djm@cvs.openbsd.org 2010/12/08 04:02:47
680 [ssh_config.5 sshd_config.5]
681 explain that IPQoS arguments are separated by whitespace; iirc requested
682 by jmc@ a while back
683
Darren Tucker37bb7562010-12-05 08:46:05 +110068420101205
685 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
686 debugging. Spotted by djm.
Darren Tucker7336b902010-12-05 09:00:30 +1100687 - (dtucker) OpenBSD CVS Sync
688 - djm@cvs.openbsd.org 2010/12/03 23:49:26
689 [schnorr.c]
690 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
691 (this code is still disabled, but apprently people are treating it as
692 a reference implementation)
Darren Tuckeradab6f12010-12-05 09:01:47 +1100693 - djm@cvs.openbsd.org 2010/12/03 23:55:27
694 [auth-rsa.c]
695 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
696 bz#1829; patch from ldv AT altlinux.org; ok markus@
Darren Tuckeraf1f9092010-12-05 09:02:47 +1100697 - djm@cvs.openbsd.org 2010/12/04 00:18:01
698 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
699 add a protocol extension to support a hard link operation. It is
700 available through the "ln" command in the client. The old "ln"
701 behaviour of creating a symlink is available using its "-s" option
702 or through the preexisting "symlink" command; based on a patch from
703 miklos AT szeredi.hu in bz#1555; ok markus@
Darren Tucker094f1e92010-12-05 09:03:31 +1100704 - djm@cvs.openbsd.org 2010/12/04 13:31:37
705 [hostfile.c]
706 fix fd leak; spotted and ok dtucker
Darren Tucker4288c532010-12-05 09:45:50 +1100707 - djm@cvs.openbsd.org 2010/12/04 00:21:19
708 [regress/sftp-cmds.sh]
709 adjust for hard-link support
Darren Tucker7e1a5a42010-12-05 09:29:31 +1100710 - (dtucker) [regress/Makefile] Id sync.
Darren Tucker37bb7562010-12-05 08:46:05 +1100711
Damien Millerd89745b2010-12-03 10:50:26 +110071220101204
713 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
714 instead of (arc4random() % range)
Darren Tuckerebdef762010-12-04 23:20:50 +1100715 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
716 shims for the new, non-deprecated OpenSSL key generation functions for
717 platforms that don't have the new interfaces.
Damien Millerd89745b2010-12-03 10:50:26 +1100718
Damien Miller188ea812010-12-01 11:50:14 +110071920101201
720 - OpenBSD CVS Sync
721 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
722 [auth2-pubkey.c]
723 clean up cases of ;;
Damien Miller2cd62932010-12-01 11:50:35 +1100724 - djm@cvs.openbsd.org 2010/11/21 01:01:13
725 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
726 honour $TMPDIR for client xauth and ssh-agent temporary directories;
727 feedback and ok markus@
Damien Millera2327922010-12-01 12:01:21 +1100728 - djm@cvs.openbsd.org 2010/11/21 10:57:07
729 [authfile.c]
730 Refactor internals of private key loading and saving to work on memory
731 buffers rather than directly on files. This will make a few things
732 easier to do in the future; ok markus@
Damien Miller6a740e72010-12-01 12:01:51 +1100733 - djm@cvs.openbsd.org 2010/11/23 02:35:50
734 [auth.c]
735 use strict_modes already passed as function argument over referencing
736 global options.strict_modes
Damien Millerd0fdd682010-12-01 12:02:14 +1100737 - djm@cvs.openbsd.org 2010/11/23 23:57:24
738 [clientloop.c]
739 avoid NULL deref on receiving a channel request on an unknown or invalid
740 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
Damien Millerb7f827a2010-12-01 12:02:35 +1100741 - djm@cvs.openbsd.org 2010/11/24 01:24:14
742 [channels.c]
743 remove a debug() that pollutes stderr on client connecting to a server
744 in debug mode (channel_close_fds is called transitively from the session
745 code post-fork); bz#1719, ok dtucker
Damien Millerf80c3de2010-12-01 12:02:59 +1100746 - djm@cvs.openbsd.org 2010/11/25 04:10:09
747 [session.c]
748 replace close() loop for fds 3->64 with closefrom();
749 ok markus deraadt dtucker
Damien Miller87dc0a42010-12-01 12:03:19 +1100750 - djm@cvs.openbsd.org 2010/11/26 05:52:49
751 [scp.c]
752 Pass through ssh command-line flags and options when doing remote-remote
753 transfers, e.g. to enable agent forwarding which is particularly useful
754 in this case; bz#1837 ok dtucker@
Damien Miller03c0e532010-12-01 12:03:39 +1100755 - markus@cvs.openbsd.org 2010/11/29 18:57:04
756 [authfile.c]
757 correctly load comment for encrypted rsa1 keys;
758 report/fix Joachim Schipper; ok djm@
Damien Millerd925dcd2010-12-01 12:21:51 +1100759 - djm@cvs.openbsd.org 2010/11/29 23:45:51
760 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
761 [sshconnect.h sshconnect2.c]
762 automatically order the hostkeys requested by the client based on
763 which hostkeys are already recorded in known_hosts. This avoids
764 hostkey warnings when connecting to servers with new ECDSA keys
765 that are preferred by default; with markus@
Damien Miller188ea812010-12-01 11:50:14 +1100766
Darren Tuckerd9957122010-11-24 10:09:13 +110076720101124
768 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
769 into the platform-specific code Only affects SCO, tested by and ok tim@.
Damien Miller88e341e2010-11-24 10:36:15 +1100770 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
771 group read/write. ok dtucker@
Darren Tucker4b6cbf72010-11-24 10:46:37 +1100772 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
Damien Miller73de86a2010-11-24 10:50:04 +1100773 - (djm) [defines.h] Add IP DSCP defines
Darren Tuckerd9957122010-11-24 10:09:13 +1100774
Darren Tucker9e0ff7a2010-11-22 17:59:00 +110077520101122
776 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
777 from vapier at gentoo org.
778
Damien Miller7a221a12010-11-20 15:14:29 +110077920101120
780 - OpenBSD CVS Sync
781 - djm@cvs.openbsd.org 2010/11/05 02:46:47
782 [packet.c]
783 whitespace KNF
Damien Miller4499f4c2010-11-20 15:15:49 +1100784 - djm@cvs.openbsd.org 2010/11/10 01:33:07
785 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
786 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
787 these have been around for years by this time. ok markus
Damien Miller0dac6fb2010-11-20 15:19:38 +1100788 - djm@cvs.openbsd.org 2010/11/13 23:27:51
789 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
790 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
791 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
792 hardcoding lowdelay/throughput.
793
794 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Damien Miller8e1ea4e2010-11-20 15:20:10 +1100795 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
796 [ssh_config.5]
797 libary -> library;
Damien Miller0a184732010-11-20 15:21:03 +1100798 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
799 [scp.1 sftp.1 ssh.1 sshd_config.5]
800 add IPQoS to the various -o lists, and zap some trailing whitespace;
Damien Miller7a221a12010-11-20 15:14:29 +1100801
Damien Millerdd190dd2010-11-11 14:17:02 +110080220101111
803 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
804 platforms that don't support ECC. Fixes some spurious warnings reported
805 by tim@
806
Tim Ricee426f5e2010-11-08 09:15:14 -080080720101109
808 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
809 Feedback from dtucker@
Tim Ricec7a8af02010-11-08 14:26:23 -0800810 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
811 support for platforms missing isblank(). ok djm@
Tim Ricee426f5e2010-11-08 09:15:14 -0800812
Tim Rice522262f2010-11-07 13:00:27 -080081320101108
814 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
815 tree.
Tim Ricec10aeaa2010-11-07 13:03:11 -0800816 - (tim) [regress/kextype.sh] Shell portability fix.
Tim Rice522262f2010-11-07 13:00:27 -0800817
Darren Tuckerd1ece6e2010-11-07 18:05:54 +110081820101107
819 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
820 the correct typedefs.
821
Damien Miller3a0e9f62010-11-05 10:16:34 +110082220101105
Damien Miller34ee4202010-11-05 10:52:37 +1100823 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
824 int. Should fix bz#1817 cleanly; ok dtucker@
Damien Miller3a0e9f62010-11-05 10:16:34 +1100825 - OpenBSD CVS Sync
826 - djm@cvs.openbsd.org 2010/09/22 12:26:05
827 [regress/Makefile regress/kextype.sh]
828 regress test for each of the key exchange algorithms that we support
Damien Millerb472a902010-11-05 10:19:49 +1100829 - djm@cvs.openbsd.org 2010/10/28 11:22:09
830 [authfile.c key.c key.h ssh-keygen.c]
831 fix a possible NULL deref on loading a corrupt ECDH key
832
833 store ECDH group information in private keys files as "named groups"
834 rather than as a set of explicit group parameters (by setting
835 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
836 retrieves the group's OpenSSL NID that we need for various things.
Damien Miller55fa5652010-11-05 10:20:14 +1100837 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
838 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
839 knock out some "-*- nroff -*-" lines;
Damien Miller07331212010-11-05 10:20:31 +1100840 - djm@cvs.openbsd.org 2010/11/04 02:45:34
841 [sftp-server.c]
842 umask should be parsed as octal. reported by candland AT xmission.com;
843 ok markus@
Darren Tucker97528352010-11-05 12:03:05 +1100844 - (dtucker) [configure.ac platform.{c,h} session.c
845 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
846 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
847 ok djm@
Darren Tucker920612e2010-11-05 12:36:15 +1100848 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
849 after the user's groups are established and move the selinux calls into it.
Darren Tucker4db38072010-11-05 12:41:13 +1100850 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
851 platform.c
Darren Tucker44a97be2010-11-05 12:45:18 +1100852 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
Darren Tuckerfd4d8aa2010-11-05 12:50:41 +1100853 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
854 retain previous behavior.
Darren Tucker728d8372010-11-05 13:00:05 +1100855 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
856 the LOGIN_CAP case into platform.c.
Darren Tucker7a8afe32010-11-05 13:07:24 +1100857 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
858 platform.c
Darren Tucker0b2ee642010-11-05 13:29:25 +1100859 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
860 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
861 platform.c.
Darren Tuckercc124182010-11-05 13:32:52 +1100862 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
863 non-LOGIN_CAP case into platform.c.
Darren Tuckerb12fe272010-11-05 14:47:01 +1100864 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
865 check into platform.c
Darren Tuckerb69e0332010-11-05 18:19:15 +1100866 - (dtucker) [regress/keytype.sh] Import new test.
Darren Tuckereab5f0d2010-11-05 18:23:38 +1100867 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
868 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
869 from configure through to regress/Makefile and use it in the tests.
Darren Tucker345178d2010-11-05 18:35:52 +1100870 - (dtucker) [regress/kextype.sh] Add missing "test".
Darren Tuckerf619d1c2010-11-05 18:41:50 +1100871 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
872 strictly correct since while ECC requires sha256 the reverse is not true
873 however it does prevent spurious test failures.
Darren Tucker9283d8c2010-11-05 18:56:08 +1100874 - (dtucker) [platform.c] Need servconf.h and extern options.
Damien Miller3a0e9f62010-11-05 10:16:34 +1100875
Tim Ricebdd3e672010-10-24 18:35:55 -070087620101025
877 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
878 1.12 to unbreak Solaris build.
879 ok djm@
Darren Tucker54b1f312010-10-25 16:54:28 +1100880 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
881 native one.
Tim Ricebdd3e672010-10-24 18:35:55 -0700882
Darren Tuckera5393932010-10-24 10:47:30 +110088320101024
884 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
Darren Tuckerbfd9b1b2010-10-24 11:19:26 +1100885 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
886 which don't have ECC support in libcrypto.
Darren Tuckerd633fef2010-10-24 11:33:07 +1100887 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
888 which don't have ECC support in libcrypto.
Darren Tucker7bc236d2010-10-24 11:58:43 +1100889 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
890 have it.
Darren Tuckerd78739a2010-10-24 10:56:32 +1100891 - (dtucker) OpenBSD CVS Sync
892 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
893 [sftp.c]
894 escape '[' in filename tab-completion; fix a type while there.
895 ok djm@
Darren Tuckera5393932010-10-24 10:47:30 +1100896
Damien Miller68512c02010-10-21 15:21:11 +110089720101021
898 - OpenBSD CVS Sync
899 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
900 [mux.c]
901 Typo in confirmation message. bz#1827, patch from imorgan at
902 nas nasa gov
Damien Miller6fd2d7d2010-10-21 15:27:14 +1100903 - djm@cvs.openbsd.org 2010/08/31 12:24:09
904 [regress/cert-hostkey.sh regress/cert-userkey.sh]
905 tests for ECDSA certificates
Damien Miller68512c02010-10-21 15:21:11 +1100906
Damien Miller1f789802010-10-11 22:35:22 +110090720101011
Damien Miller47e57bf2010-10-12 13:28:12 +1100908 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
909 bz#1825, reported by foo AT mailinator.com
Damien Miller9c0c31d2010-10-12 13:30:44 +1100910 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
Damien Miller47e57bf2010-10-12 13:28:12 +1100911
91220101011
Damien Miller1f789802010-10-11 22:35:22 +1100913 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
914 dr AT vasco.com
915
Damien Milleraa180632010-10-07 21:25:27 +110091620101007
Damien Miller9a3d0dc2010-10-07 22:06:42 +1100917 - (djm) [ssh-agent.c] Fix type for curve name.
Damien Milleraa180632010-10-07 21:25:27 +1100918 - (djm) OpenBSD CVS Sync
919 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
920 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
921 [openbsd-compat/timingsafe_bcmp.c]
922 Add timingsafe_bcmp(3) to libc, mention that it's already in the
923 kernel in kern(9), and remove it from OpenSSH.
924 ok deraadt@, djm@
925 NB. re-added under openbsd-compat/ for portable OpenSSH
Damien Millera6e121a2010-10-07 21:39:17 +1100926 - djm@cvs.openbsd.org 2010/09/25 09:30:16
927 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
928 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
929 rountrips to fetch per-file stat(2) information.
930 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
931 match.
Damien Miller68e2e562010-10-07 21:39:55 +1100932 - djm@cvs.openbsd.org 2010/09/26 22:26:33
933 [sftp.c]
934 when performing an "ls" in columnated (short) mode, only call
935 ioctl(TIOCGWINSZ) once to get the window width instead of per-
936 filename
Damien Millerc54b02c2010-10-07 21:40:17 +1100937 - djm@cvs.openbsd.org 2010/09/30 11:04:51
938 [servconf.c]
939 prevent free() of string in .rodata when overriding AuthorizedKeys in
940 a Match block; patch from rein AT basefarm.no
Damien Miller9a3d0dc2010-10-07 22:06:42 +1100941 - djm@cvs.openbsd.org 2010/10/01 23:05:32
942 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
943 adapt to API changes in openssl-1.0.0a
944 NB. contains compat code to select correct API for older OpenSSL
Damien Miller38d9a962010-10-07 22:07:11 +1100945 - djm@cvs.openbsd.org 2010/10/05 05:13:18
946 [sftp.c sshconnect.c]
947 use default shell /bin/sh if $SHELL is ""; ok markus@
Damien Millera41ccca2010-10-07 22:07:32 +1100948 - djm@cvs.openbsd.org 2010/10/06 06:39:28
949 [clientloop.c ssh.c sshconnect.c sshconnect.h]
950 kill proxy command on fatal() (we already kill it on clean exit);
951 ok markus@
Damien Miller45fcdaa2010-10-07 22:07:58 +1100952 - djm@cvs.openbsd.org 2010/10/06 21:10:21
953 [sshconnect.c]
954 swapped args to kill(2)
Damien Miller37f4f182010-10-07 22:10:38 +1100955 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
Damien Miller80e99532010-10-07 22:12:08 +1100956 - (djm) [cipher-acss.c] Add missing header.
Damien Miller88b844f2010-10-07 22:19:23 +1100957 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
Damien Milleraa180632010-10-07 21:25:27 +1100958
Damien Miller6186bbc2010-09-24 22:00:54 +100095920100924
960 - (djm) OpenBSD CVS Sync
961 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
962 [ssh-keygen.1]
963 * mention ECDSA in more places
964 * less repetition in FILES section
965 * SSHv1 keys are still encrypted with 3DES
966 help and ok jmc@
Damien Miller1ca94692010-09-24 22:01:22 +1000967 - djm@cvs.openbsd.org 2010/09/11 21:44:20
968 [ssh.1]
969 mention RFC 5656 for ECC stuff
Damien Miller881adf72010-09-24 22:01:54 +1000970 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
971 [sftp.1]
972 more wacky macro fixing;
Damien Miller857b02e2010-09-24 22:02:56 +1000973 - djm@cvs.openbsd.org 2010/09/20 04:41:47
974 [ssh.c]
975 install a SIGCHLD handler to reap expiried child process; ok markus@
Damien Millerf7540cd2010-09-24 22:03:24 +1000976 - djm@cvs.openbsd.org 2010/09/20 04:50:53
977 [jpake.c schnorr.c]
978 check that received values are smaller than the group size in the
979 disabled and unfinished J-PAKE code.
980 avoids catastrophic security failure found by Sebastien Martini
Damien Miller18e1cab2010-09-24 22:07:17 +1000981 - djm@cvs.openbsd.org 2010/09/20 04:54:07
982 [jpake.c]
983 missing #include
Damien Miller603134e2010-09-24 22:07:55 +1000984 - djm@cvs.openbsd.org 2010/09/20 07:19:27
985 [mux.c]
986 "atomically" create the listening mux socket by binding it on a temorary
987 name and then linking it into position after listen() has succeeded.
988 this allows the mux clients to determine that the server socket is
989 either ready or stale without races. stale server sockets are now
990 automatically removed
991 ok deraadt
Damien Millerd5f62bf2010-09-24 22:11:14 +1000992 - djm@cvs.openbsd.org 2010/09/22 05:01:30
993 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
994 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
995 add a KexAlgorithms knob to the client and server configuration to allow
996 selection of which key exchange methods are used by ssh(1) and sshd(8)
997 and their order of preference.
998 ok markus@
Damien Miller7fe2b1f2010-09-24 22:11:53 +1000999 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
1000 [ssh.1 ssh_config.5]
1001 ssh.1: add kexalgorithms to the -o list
1002 ssh_config.5: format the kexalgorithms in a more consistent
1003 (prettier!) way
1004 ok djm
Damien Miller65e42f82010-09-24 22:15:11 +10001005 - djm@cvs.openbsd.org 2010/09/22 22:58:51
1006 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
1007 [sftp-client.h sftp.1 sftp.c]
1008 add an option per-read/write callback to atomicio
1009
1010 factor out bandwidth limiting code from scp(1) into a generic bandwidth
1011 limiter that can be attached using the atomicio callback mechanism
1012
1013 add a bandwidth limit option to sftp(1) using the above
1014 "very nice" markus@
Damien Miller56883e12010-09-24 22:15:39 +10001015 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
1016 [sftp.c]
1017 add [-l limit] to usage();
Damien Miller2beb32f2010-09-24 22:16:03 +10001018 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
1019 [scp.1 sftp.1]
1020 add KexAlgorithms to the -o list;
Damien Miller6186bbc2010-09-24 22:00:54 +10001021
Damien Miller4314c2b2010-09-10 11:12:09 +1000102220100910
Darren Tucker50e3bab2010-09-10 10:30:25 +10001023 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
1024 return code since it can apparently return -1 under some conditions. From
1025 openssh bugs werbittewas de, ok djm@
Damien Miller4314c2b2010-09-10 11:12:09 +10001026 - OpenBSD CVS Sync
1027 - djm@cvs.openbsd.org 2010/08/31 12:33:38
1028 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
1029 reintroduce commit from tedu@, which I pulled out for release
1030 engineering:
1031 OpenSSL_add_all_algorithms is the name of the function we have a
1032 man page for, so use that. ok djm
Damien Millerde735ea2010-09-10 11:12:38 +10001033 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
1034 [ssh-agent.1]
1035 fix some macro abuse;
Damien Millerd4427902010-09-10 11:15:10 +10001036 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
1037 [ssh.1]
1038 small text tweak to accommodate previous;
Damien Millere13cadf2010-09-10 11:15:33 +10001039 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
1040 [servconf.c]
1041 pick up ECDSA host key by default; ok djm@
Damien Miller390f1532010-09-10 11:17:54 +10001042 - markus@cvs.openbsd.org 2010/09/02 16:07:25
Damien Miller57737942010-09-10 11:16:37 +10001043 [ssh-keygen.c]
1044 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
Damien Miller390f1532010-09-10 11:17:54 +10001045 - markus@cvs.openbsd.org 2010/09/02 16:08:39
Damien Miller5929c522010-09-10 11:17:02 +10001046 [ssh.c]
1047 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
Damien Miller6e9f6802010-09-10 11:17:38 +10001048 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
1049 [ssh-keygen.c]
1050 Switch ECDSA default key size to 256 bits, which according to RFC5656
1051 should still be better than our current RSA-2048 default.
1052 ok djm@, markus@
Damien Miller390f1532010-09-10 11:17:54 +10001053 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
1054 [scp.1]
1055 add an EXIT STATUS section for /usr/bin;
Damien Millerdaa7b222010-09-10 11:19:33 +10001056 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
1057 [ssh-add.1 ssh.1]
1058 two more EXIT STATUS sections;
Damien Miller80ed82a2010-09-10 11:20:11 +10001059 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
1060 [sshd_config]
1061 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
1062 <mattieu.b@gmail.com>
1063 ok deraadt@
Damien Millerbf0423e2010-09-10 11:20:38 +10001064 - djm@cvs.openbsd.org 2010/09/08 03:54:36
1065 [authfile.c]
1066 typo
Damien Miller3796ab42010-09-10 11:20:59 +10001067 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
1068 [compress.c]
1069 work around name-space collisions some buggy compilers (looking at you
1070 gcc, at least in earlier versions, but this does not forgive your current
1071 transgressions) seen between zlib and openssl
1072 ok djm
Damien Miller041ab7c2010-09-10 11:23:34 +10001073 - djm@cvs.openbsd.org 2010/09/09 10:45:45
1074 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
1075 ECDH/ECDSA compliance fix: these methods vary the hash function they use
1076 (SHA256/384/512) depending on the length of the curve in use. The previous
1077 code incorrectly used SHA256 in all cases.
1078
1079 This fix will cause authentication failure when using 384 or 521-bit curve
1080 keys if one peer hasn't been upgraded and the other has. (256-bit curve
1081 keys work ok). In particular you may need to specify HostkeyAlgorithms
1082 when connecting to a server that has not been upgraded from an upgraded
1083 client.
1084
1085 ok naddy@
Damien Miller6af914a2010-09-10 11:39:26 +10001086 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
1087 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
1088 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
1089 platforms that don't have the requisite OpenSSL support. ok dtucker@
Darren Tucker8ccb7392010-09-10 12:28:24 +10001090 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
1091 for missing headers and compiler warnings.
Darren Tucker50e3bab2010-09-10 10:30:25 +10001092
109320100831
Damien Millerafdae612010-08-31 22:31:14 +10001094 - OpenBSD CVS Sync
1095 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
1096 [ssh-keysign.8 ssh.1 sshd.8]
1097 use the same template for all FILES sections; i.e. -compact/.Pp where we
1098 have multiple items, and .Pa for path names;
Damien Miller9b87e792010-08-31 22:31:37 +10001099 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
1100 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
1101 OpenSSL_add_all_algorithms is the name of the function we have a man page
1102 for, so use that. ok djm
Damien Millerd96546f2010-08-31 22:32:12 +10001103 - djm@cvs.openbsd.org 2010/08/16 04:06:06
1104 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
1105 backout previous temporarily; discussed with deraadt@
Damien Millerda108ec2010-08-31 22:36:39 +10001106 - djm@cvs.openbsd.org 2010/08/31 09:58:37
1107 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
1108 [packet.h ssh-dss.c ssh-rsa.c]
1109 Add buffer_get_cstring() and related functions that verify that the
1110 string extracted from the buffer contains no embedded \0 characters*
1111 This prevents random (possibly malicious) crap from being appended to
1112 strings where it would not be noticed if the string is used with
1113 a string(3) function.
1114
1115 Use the new API in a few sensitive places.
1116
1117 * actually, we allow a single one at the end of the string for now because
1118 we don't know how many deployed implementations get this wrong, but don't
1119 count on this to remain indefinitely.
Damien Millereb8b60e2010-08-31 22:41:14 +10001120 - djm@cvs.openbsd.org 2010/08/31 11:54:45
1121 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
1122 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
1123 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
1124 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
1125 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
1126 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
1127 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
1128 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
1129 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
1130 better performance than plain DH and DSA at the same equivalent symmetric
1131 key length, as well as much shorter keys.
1132
1133 Only the mandatory sections of RFC5656 are implemented, specifically the
1134 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
1135 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
1136
1137 Certificate host and user keys using the new ECDSA key types are supported.
1138
1139 Note that this code has not been tested for interoperability and may be
1140 subject to change.
1141
1142 feedback and ok markus@
Damien Millerb5a62d02010-08-31 22:47:15 +10001143 - (djm) [Makefile.in] Add new ECC files
Damien Millerc79ff072010-08-31 22:50:48 +10001144 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
1145 includes.h
Damien Millerafdae612010-08-31 22:31:14 +10001146
Darren Tucker6889abd2010-08-27 10:12:54 +1000114720100827
1148 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
1149 remove. Patch from martynas at venck us
1150
Damien Millera5362022010-08-23 21:20:20 +1000115120100823
1152 - (djm) Release OpenSSH-5.6p1
1153
Darren Tuckeraa74f672010-08-16 13:15:23 +1000115420100816
1155 - (dtucker) [configure.ac openbsd-compat/Makefile.in
1156 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
1157 the compat library which helps on platforms like old IRIX. Based on work
1158 by djm, tested by Tom Christensen.
Damien Miller00d9ae22010-08-17 01:59:31 +10001159 - OpenBSD CVS Sync
1160 - djm@cvs.openbsd.org 2010/08/12 21:49:44
1161 [ssh.c]
1162 close any extra file descriptors inherited from parent at start and
1163 reopen stdin/stdout to /dev/null when forking for ControlPersist.
1164
1165 prevents tools that fork and run a captive ssh for communication from
1166 failing to exit when the ssh completes while they wait for these fds to
1167 close. The inherited fds may persist arbitrarily long if a background
1168 mux master has been started by ControlPersist. cvs and scp were effected
1169 by this.
1170
1171 "please commit" markus@
Damien Miller07ad3892010-08-17 07:04:28 +10001172 - (djm) [regress/README.regress] typo
Darren Tuckeraa74f672010-08-16 13:15:23 +10001173
Tim Rice722b8d12010-08-12 09:43:13 -0700117420100812
1175 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
1176 regress/test-exec.sh] Under certain conditions when testing with sudo
1177 tests would fail because the pidfile could not be read by a regular user.
1178 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
1179 Make sure cat is run by $SUDO. no objection from me. djm@
Tim Ricead7d5472010-08-12 10:33:01 -07001180 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
Tim Rice722b8d12010-08-12 09:43:13 -07001181
Damien Miller7e569b82010-08-09 02:28:37 +1000118220100809
Damien Miller2c4b13a2010-08-10 12:47:40 +10001183 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
1184 already set. Makes FreeBSD user openable tunnels useful; patch from
1185 richard.burakowski+ossh AT mrburak.net, ok dtucker@
Darren Tucker02c47342010-08-10 13:36:09 +10001186 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
1187 based in part on a patch from Colin Watson, ok djm@
Damien Miller2c4b13a2010-08-10 12:47:40 +10001188
118920100809
Damien Miller7e569b82010-08-09 02:28:37 +10001190 - OpenBSD CVS Sync
1191 - djm@cvs.openbsd.org 2010/08/08 16:26:42
1192 [version.h]
1193 crank to 5.6
Damien Miller792010b2010-08-09 02:32:05 +10001194 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1195 [contrib/suse/openssh.spec] Crank version numbers
Damien Miller7e569b82010-08-09 02:28:37 +10001196
Damien Miller8e604ac2010-08-09 02:28:10 +1000119720100805
Damien Miller7fa96602010-08-05 13:03:13 +10001198 - OpenBSD CVS Sync
1199 - djm@cvs.openbsd.org 2010/08/04 05:37:01
1200 [ssh.1 ssh_config.5 sshd.8]
1201 Remove mentions of weird "addr/port" alternate address format for IPv6
1202 addresses combinations. It hasn't worked for ages and we have supported
1203 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
Damien Miller1da63882010-08-05 13:03:51 +10001204 - djm@cvs.openbsd.org 2010/08/04 05:40:39
1205 [PROTOCOL.certkeys ssh-keygen.c]
1206 tighten the rules for certificate encoding by requiring that options
1207 appear in lexical order and make our ssh-keygen comply. ok markus@
Damien Millerc1583312010-08-05 13:04:50 +10001208 - djm@cvs.openbsd.org 2010/08/04 05:42:47
1209 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
1210 [ssh-keysign.c ssh.c]
1211 enable certificates for hostbased authentication, from Iain Morgan;
1212 "looks ok" markus@
Damien Miller5458c4d2010-08-05 13:05:15 +10001213 - djm@cvs.openbsd.org 2010/08/04 05:49:22
1214 [authfile.c]
1215 commited the wrong version of the hostbased certificate diff; this
1216 version replaces some strlc{py,at} verbosity with xasprintf() at
1217 the request of markus@
Damien Miller757f34e2010-08-05 13:05:31 +10001218 - djm@cvs.openbsd.org 2010/08/04 06:07:11
1219 [ssh-keygen.1 ssh-keygen.c]
1220 Support CA keys in PKCS#11 tokens; feedback and ok markus@
Damien Millerb89e6b72010-08-05 13:06:20 +10001221 - djm@cvs.openbsd.org 2010/08/04 06:08:40
1222 [ssh-keysign.c]
1223 clean for -Wuninitialized (Id sync only; portable had this change)
Damien Miller7d457182010-08-05 23:09:48 +10001224 - djm@cvs.openbsd.org 2010/08/05 13:08:42
1225 [channels.c]
1226 Fix a trio of bugs in the local/remote window calculation for datagram
1227 data channels (i.e. TunnelForward):
1228
1229 Calculate local_consumed correctly in channel_handle_wfd() by measuring
1230 the delta to buffer_len(c->output) from when we start to when we finish.
1231 The proximal problem here is that the output_filter we use in portable
1232 modified the length of the dequeued datagram (to futz with the headers
1233 for !OpenBSD).
1234
1235 In channel_output_poll(), don't enqueue datagrams that won't fit in the
1236 peer's advertised packet size (highly unlikely to ever occur) or which
1237 won't fit in the peer's remaining window (more likely).
1238
1239 In channel_input_data(), account for the 4-byte string header in
1240 datagram packets that we accept from the peer and enqueue in c->output.
1241
1242 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
1243 "looks good" markus@
Damien Miller7fa96602010-08-05 13:03:13 +10001244
Damien Miller8e604ac2010-08-09 02:28:10 +1000124520100803
Darren Tucker8b7a0552010-08-03 15:50:16 +10001246 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
1247 PAM to sane values in case the PAM method doesn't write to them. Spotted by
1248 Bitman Zhou, ok djm@.
Damien Miller844cccf2010-08-03 16:03:29 +10001249 - OpenBSD CVS Sync
1250 - djm@cvs.openbsd.org 2010/07/16 04:45:30
1251 [ssh-keygen.c]
1252 avoid bogus compiler warning
Damien Miller4e8285e2010-08-03 16:04:03 +10001253 - djm@cvs.openbsd.org 2010/07/16 14:07:35
1254 [ssh-rsa.c]
1255 more timing paranoia - compare all parts of the expected decrypted
1256 data before returning. AFAIK not exploitable in the SSH protocol.
1257 "groovy" deraadt@
Damien Millerc4bb91c2010-08-03 16:04:22 +10001258 - djm@cvs.openbsd.org 2010/07/19 03:16:33
1259 [sftp-client.c]
1260 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
1261 upload depth checks and causing verbose printing of transfers to always
1262 be turned on; patch from imorgan AT nas.nasa.gov
Damien Millere11e1ea2010-08-03 16:04:46 +10001263 - djm@cvs.openbsd.org 2010/07/19 09:15:12
1264 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
1265 add a "ControlPersist" option that automatically starts a background
1266 ssh(1) multiplex master when connecting. This connection can stay alive
1267 indefinitely, or can be set to automatically close after a user-specified
1268 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
1269 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
1270 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Damien Miller8c1eb112010-08-03 16:05:05 +10001271 - djm@cvs.openbsd.org 2010/07/21 02:10:58
1272 [misc.c]
1273 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
Damien Miller081f3c72010-08-03 16:05:25 +10001274 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
1275 [ssh.1]
1276 Ciphers is documented in ssh_config(5) these days
Darren Tucker8b7a0552010-08-03 15:50:16 +10001277
127820100819
Darren Tucker12b29db2010-07-19 21:24:13 +10001279 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
1280 details about its behaviour WRT existing directories. Patch from
1281 asguthrie at gmail com, ok djm.
1282
Damien Miller9308fc72010-07-16 13:56:01 +1000128320100716
1284 - (djm) OpenBSD CVS Sync
1285 - djm@cvs.openbsd.org 2010/07/02 04:32:44
1286 [misc.c]
1287 unbreak strdelim() skipping past quoted strings, e.g.
1288 AllowUsers "blah blah" blah
1289 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
1290 ok dtucker;
Damien Miller1f25ab42010-07-16 13:56:23 +10001291 - djm@cvs.openbsd.org 2010/07/12 22:38:52
1292 [ssh.c]
1293 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
1294 for protocol 2. ok markus@
Damien Millerd0244d42010-07-16 13:56:43 +10001295 - djm@cvs.openbsd.org 2010/07/12 22:41:13
1296 [ssh.c ssh_config.5]
1297 expand %h to the hostname in ssh_config Hostname options. While this
1298 sounds useless, it is actually handy for working with unqualified
1299 hostnames:
1300
1301 Host *.*
1302 Hostname %h
1303 Host *
1304 Hostname %h.example.org
1305
1306 "I like it" markus@
Damien Miller8a0268f2010-07-16 13:57:51 +10001307 - djm@cvs.openbsd.org 2010/07/13 11:52:06
1308 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
1309 [packet.c ssh-rsa.c]
1310 implement a timing_safe_cmp() function to compare memory without leaking
1311 timing information by short-circuiting like memcmp() and use it for
1312 some of the more sensitive comparisons (though nothing high-value was
1313 readily attackable anyway); "looks ok" markus@
Damien Millerea1651c2010-07-16 13:58:37 +10001314 - djm@cvs.openbsd.org 2010/07/13 23:13:16
1315 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
1316 [ssh-rsa.c]
1317 s/timing_safe_cmp/timingsafe_bcmp/g
Damien Millerbcfbc482010-07-16 13:59:11 +10001318 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
1319 [ssh.1]
1320 finally ssh synopsis looks nice again! this commit just removes a ton of
1321 hacks we had in place to make it work with old groff;
Damien Millerbad5e032010-07-16 13:59:59 +10001322 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
1323 [ssh-keygen.1]
1324 repair incorrect block nesting, which screwed up indentation;
1325 problem reported and fix OK by jmc@
Damien Miller9308fc72010-07-16 13:56:01 +10001326
Tim Ricecfbdc282010-07-14 13:42:28 -0700132720100714
1328 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
1329 (line 77) should have been for no_x11_askpass.
1330
Damien Millercede1db2010-07-02 13:33:48 +1000133120100702
1332 - (djm) OpenBSD CVS Sync
1333 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
1334 [ssh_config.5]
1335 tweak previous;
Damien Millerb96c4412010-07-02 13:34:24 +10001336 - djm@cvs.openbsd.org 2010/06/26 23:04:04
1337 [ssh.c]
1338 oops, forgot to #include <canohost.h>; spotted and patch from chl@
Damien Miller44b25042010-07-02 13:35:01 +10001339 - djm@cvs.openbsd.org 2010/06/29 23:15:30
1340 [ssh-keygen.1 ssh-keygen.c]
1341 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
1342 bz#1749; ok markus@
Damien Miller6018a362010-07-02 13:35:19 +10001343 - djm@cvs.openbsd.org 2010/06/29 23:16:46
1344 [auth2-pubkey.c sshd_config.5]
1345 allow key options (command="..." and friends) in AuthorizedPrincipals;
1346 ok markus@
Damien Millerea727282010-07-02 13:35:34 +10001347 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
1348 [ssh-keygen.1]
1349 tweak previous;
Damien Miller6022f582010-07-02 13:37:01 +10001350 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
1351 [ssh-keygen.c]
1352 sort usage();
Damien Millerd59dab82010-07-02 13:37:17 +10001353 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
1354 [sshd_config.5]
1355 tweak previous;
Damien Miller0979b402010-07-02 13:37:33 +10001356 - millert@cvs.openbsd.org 2010/07/01 13:06:59
1357 [scp.c]
1358 Fix a longstanding problem where if you suspend scp at the
1359 password/passphrase prompt the terminal mode is not restored.
1360 OK djm@
Damien Miller527ded72010-07-02 13:40:16 +10001361 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
1362 [regress/Makefile]
1363 fix how we run the tests so we can successfully use SUDO='sudo -E'
1364 in our env
Damien Millerab139cd2010-07-02 13:42:18 +10001365 - djm@cvs.openbsd.org 2010/06/29 23:59:54
1366 [cert-userkey.sh]
1367 regress tests for key options in AuthorizedPrincipals
Damien Millercede1db2010-07-02 13:33:48 +10001368
Tim Rice3fd307d2010-06-26 16:45:15 -0700136920100627
1370 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
1371 key.h.
1372
Damien Miller2e774462010-06-26 09:30:47 +1000137320100626
1374 - (djm) OpenBSD CVS Sync
1375 - djm@cvs.openbsd.org 2010/05/21 05:00:36
1376 [misc.c]
1377 colon() returns char*, so s/return (0)/return NULL/
Damien Miller4fe686d2010-06-26 09:36:10 +10001378 - markus@cvs.openbsd.org 2010/06/08 21:32:19
1379 [ssh-pkcs11.c]
1380 check length of value returned C_GetAttributValue for != 0
1381 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
Damien Millerc094d1e2010-06-26 09:36:34 +10001382 - djm@cvs.openbsd.org 2010/06/17 07:07:30
1383 [mux.c]
1384 Correct sizing of object to be allocated by calloc(), replacing
1385 sizeof(state) with sizeof(*state). This worked by accident since
1386 the struct contained a single int at present, but could have broken
1387 in the future. patch from hyc AT symas.com
Damien Miller99ac4e92010-06-26 09:36:58 +10001388 - djm@cvs.openbsd.org 2010/06/18 00:58:39
1389 [sftp.c]
1390 unbreak ls in working directories that contains globbing characters in
1391 their pathnames. bz#1655 reported by vgiffin AT apple.com
Damien Miller7aa46ec2010-06-26 09:37:57 +10001392 - djm@cvs.openbsd.org 2010/06/18 03:16:03
1393 [session.c]
1394 Missing check for chroot_director == "none" (we already checked against
1395 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
Damien Miller49566312010-06-26 09:38:23 +10001396 - djm@cvs.openbsd.org 2010/06/18 04:43:08
1397 [sftp-client.c]
1398 fix memory leak in do_realpath() error path; bz#1771, patch from
1399 anicka AT suse.cz
Damien Millerab6de352010-06-26 09:38:45 +10001400 - djm@cvs.openbsd.org 2010/06/22 04:22:59
1401 [servconf.c sshd_config.5]
1402 expose some more sshd_config options inside Match blocks:
1403 AuthorizedKeysFile AuthorizedPrincipalsFile
1404 HostbasedUsesNameFromPacketOnly PermitTunnel
1405 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
Damien Millerba3420a2010-06-26 09:39:07 +10001406 - djm@cvs.openbsd.org 2010/06/22 04:32:06
1407 [ssh-keygen.c]
1408 standardise error messages when attempting to open private key
1409 files to include "progname: filename: error reason"
1410 bz#1783; ok dtucker@
Damien Miller48147d62010-06-26 09:39:25 +10001411 - djm@cvs.openbsd.org 2010/06/22 04:49:47
1412 [auth.c]
1413 queue auth debug messages for bad ownership or permissions on the user's
1414 keyfiles. These messages will be sent after the user has successfully
1415 authenticated (where our client will display them with LogLevel=debug).
Damien Miller0e76c5e2010-06-26 09:39:59 +10001416 bz#1554; ok dtucker@
1417 - djm@cvs.openbsd.org 2010/06/22 04:54:30
1418 [ssh-keyscan.c]
1419 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
1420 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
Damien Miller1b2b61e2010-06-26 09:47:43 +10001421 - djm@cvs.openbsd.org 2010/06/22 04:59:12
1422 [session.c]
1423 include the user name on "subsystem request for ..." log messages;
1424 bz#1571; ok dtucker@
Damien Millerd834d352010-06-26 09:48:02 +10001425 - djm@cvs.openbsd.org 2010/06/23 02:59:02
1426 [ssh-keygen.c]
1427 fix printing of extensions in v01 certificates that I broke in r1.190
Damien Miller232cfb12010-06-26 09:50:30 +10001428 - djm@cvs.openbsd.org 2010/06/25 07:14:46
1429 [channels.c mux.c readconf.c readconf.h ssh.h]
1430 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
1431 forwards per direction; ok markus@ stevesk@
Damien Miller8853ca52010-06-26 10:00:14 +10001432 - djm@cvs.openbsd.org 2010/06/25 07:20:04
1433 [channels.c session.c]
1434 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
1435 internal-sftp accidentally introduced in r1.253 by removing the code
1436 that opens and dup /dev/null to stderr and modifying the channels code
1437 to read stderr but discard it instead; ok markus@
Damien Millerbda3eca2010-06-26 10:01:33 +10001438 - djm@cvs.openbsd.org 2010/06/25 08:46:17
1439 [auth1.c auth2-none.c]
1440 skip the initial check for access with an empty password when
1441 PermitEmptyPasswords=no; bz#1638; ok markus@
Damien Miller383ffe62010-06-26 10:02:03 +10001442 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1443 [ssh.c]
1444 log the hostname and address that we connected to at LogLevel=verbose
1445 after authentication is successful to mitigate "phishing" attacks by
1446 servers with trusted keys that accept authentication silently and
1447 automatically before presenting fake password/passphrase prompts;
1448 "nice!" markus@
Damien Miller1ab6a512010-06-26 10:02:24 +10001449 - djm@cvs.openbsd.org 2010/06/25 23:10:30
1450 [ssh.c]
1451 log the hostname and address that we connected to at LogLevel=verbose
1452 after authentication is successful to mitigate "phishing" attacks by
1453 servers with trusted keys that accept authentication silently and
1454 automatically before presenting fake password/passphrase prompts;
1455 "nice!" markus@
Damien Miller2e774462010-06-26 09:30:47 +10001456
Damien Millerd82a2602010-06-22 15:02:39 +1000145720100622
1458 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
1459 bz#1579; ok dtucker
1460
Damien Millerea909792010-06-18 11:09:24 +1000146120100618
1462 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
1463 rather than assuming that $CWD == $HOME. bz#1500, patch from
1464 timothy AT gelter.com
1465
Tim Riceb9ae4ec2010-06-17 11:11:44 -0700146620100617
1467 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
1468 minires-devel package, and to add the reference to the libedit-devel
1469 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
1470
Damien Miller3bcce802010-05-21 14:48:16 +1000147120100521
1472 - (djm) OpenBSD CVS Sync
1473 - djm@cvs.openbsd.org 2010/05/07 11:31:26
1474 [regress/Makefile regress/cert-userkey.sh]
1475 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
1476 feedback and ok markus@
Damien Miller3b903822010-05-21 14:56:25 +10001477 - djm@cvs.openbsd.org 2010/05/11 02:58:04
1478 [auth-rsa.c]
1479 don't accept certificates marked as "cert-authority" here; ok markus@
Damien Millerc6afb5f2010-05-21 14:56:47 +10001480 - djm@cvs.openbsd.org 2010/05/14 00:47:22
1481 [ssh-add.c]
1482 check that the certificate matches the corresponding private key before
1483 grafting it on
Damien Millerd530f5f2010-05-21 14:57:10 +10001484 - djm@cvs.openbsd.org 2010/05/14 23:29:23
1485 [channels.c channels.h mux.c ssh.c]
1486 Pause the mux channel while waiting for reply from aynch callbacks.
1487 Prevents misordering of replies if new requests arrive while waiting.
1488
1489 Extend channel open confirm callback to allow signalling failure
1490 conditions as well as success. Use this to 1) fix a memory leak, 2)
1491 start using the above pause mechanism and 3) delay sending a success/
1492 failure message on mux slave session open until we receive a reply from
1493 the server.
1494
1495 motivated by and with feedback from markus@
Damien Miller388f6fc2010-05-21 14:57:35 +10001496 - markus@cvs.openbsd.org 2010/05/16 12:55:51
1497 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
1498 mux support for remote forwarding with dynamic port allocation,
1499 use with
1500 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
1501 feedback and ok djm@
Damien Miller84399552010-05-21 14:58:12 +10001502 - djm@cvs.openbsd.org 2010/05/20 11:25:26
1503 [auth2-pubkey.c]
1504 fix logspam when key options (from="..." especially) deny non-matching
1505 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
Damien Millerd0e4a8e2010-05-21 14:58:32 +10001506 - djm@cvs.openbsd.org 2010/05/20 23:46:02
1507 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
1508 Move the permit-* options to the non-critical "extensions" field for v01
1509 certificates. The logic is that if another implementation fails to
1510 implement them then the connection just loses features rather than fails
1511 outright.
1512
1513 ok markus@
Damien Miller3bcce802010-05-21 14:48:16 +10001514
Darren Tucker5b6d0d02010-05-12 16:51:38 +1000151520100511
1516 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
1517 circular dependency problem on old or odd platforms. From Tom Lane, ok
1518 djm@.
Damien Miller4b1ec832010-05-12 17:49:59 +10001519 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
1520 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
1521 already. ok dtucker@
Darren Tucker5b6d0d02010-05-12 16:51:38 +10001522
Damien Miller50af79b2010-05-10 11:52:00 +1000152320100510
1524 - OpenBSD CVS Sync
1525 - djm@cvs.openbsd.org 2010/04/23 01:47:41
1526 [ssh-keygen.c]
1527 bz#1740: display a more helpful error message when $HOME is
1528 inaccessible while trying to create .ssh directory. Based on patch
1529 from jchadima AT redhat.com; ok dtucker@
Damien Miller85c50d72010-05-10 11:53:02 +10001530 - djm@cvs.openbsd.org 2010/04/23 22:27:38
1531 [mux.c]
1532 set "detach_close" flag when registering channel cleanup callbacks.
1533 This causes the channel to close normally when its fds close and
1534 hangs when terminating a mux slave using ~. bz#1758; ok markus@
Damien Miller22a29882010-05-10 11:53:54 +10001535 - djm@cvs.openbsd.org 2010/04/23 22:42:05
1536 [session.c]
1537 set stderr to /dev/null for subsystems rather than just closing it.
1538 avoids hangs if a subsystem or shell initialisation writes to stderr.
1539 bz#1750; ok markus@
Damien Millerbebbb7e2010-05-10 11:54:38 +10001540 - djm@cvs.openbsd.org 2010/04/23 22:48:31
1541 [ssh-keygen.c]
1542 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
1543 since we would refuse to use them anyway. bz#1516; ok dtucker@
Damien Miller79442c02010-05-10 11:55:38 +10001544 - djm@cvs.openbsd.org 2010/04/26 22:28:24
1545 [sshconnect2.c]
1546 bz#1502: authctxt.success is declared as an int, but passed by
1547 reference to function that accepts sig_atomic_t*. Convert it to
1548 the latter; ok markus@ dtucker@
Damien Miller2725c212010-05-10 11:56:14 +10001549 - djm@cvs.openbsd.org 2010/05/01 02:50:50
1550 [PROTOCOL.certkeys]
1551 typo; jmeltzer@
Damien Miller099fc162010-05-10 11:56:50 +10001552 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
1553 [sftp.c]
1554 restore mput and mget which got lost in the tab-completion changes.
1555 found by Kenneth Whitaker, ok djm@
Damien Miller30da3442010-05-10 11:58:03 +10001556 - djm@cvs.openbsd.org 2010/05/07 11:30:30
1557 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
1558 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
1559 add some optional indirection to matching of principal names listed
1560 in certificates. Currently, a certificate must include the a user's name
1561 to be accepted for authentication. This change adds the ability to
1562 specify a list of certificate principal names that are acceptable.
1563
1564 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
1565 this adds a new principals="name1[,name2,...]" key option.
1566
1567 For CAs listed through sshd_config's TrustedCAKeys option, a new config
1568 option "AuthorizedPrincipalsFile" specifies a per-user file containing
1569 the list of acceptable names.
1570
1571 If either option is absent, the current behaviour of requiring the
1572 username to appear in principals continues to apply.
1573
1574 These options are useful for role accounts, disjoint account namespaces
1575 and "user@realm"-style naming policies in certificates.
1576
1577 feedback and ok markus@
Damien Miller81d3fc52010-05-10 11:58:45 +10001578 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
1579 [sshd_config.5]
1580 tweak previous;
Damien Miller50af79b2010-05-10 11:52:00 +10001581
Darren Tucker9f8703b2010-04-23 11:12:06 +1000158220100423
1583 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
1584 in the openssl install directory (some newer openssl versions do this on at
1585 least some amd64 platforms).
1586
Damien Millerc4eddee2010-04-18 08:07:43 +1000158720100418
1588 - OpenBSD CVS Sync
1589 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
1590 [ssh_config.5]
1591 tweak previous; ok djm
Damien Miller1f181422010-04-18 08:08:03 +10001592 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
1593 [ssh-keygen.1 ssh-keygen.c]
1594 tweak previous; ok djm
Damien Millerc617aa92010-04-18 08:08:20 +10001595 - djm@cvs.openbsd.org 2010/04/16 21:14:27
1596 [sshconnect.c]
1597 oops, %r => remote username, not %u
Damien Miller53f4bb62010-04-18 08:15:14 +10001598 - djm@cvs.openbsd.org 2010/04/16 01:58:45
1599 [regress/cert-hostkey.sh regress/cert-userkey.sh]
1600 regression tests for v01 certificate format
1601 includes interop tests for v00 certs
Darren Tuckere25a9bd2010-04-18 13:35:00 +10001602 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
1603 file.
Damien Millerc4eddee2010-04-18 08:07:43 +10001604
Damien Millera45f1c02010-04-16 15:51:34 +1000160520100416
1606 - (djm) Release openssh-5.5p1
Damien Millerd6fc3062010-04-16 15:51:45 +10001607 - OpenBSD CVS Sync
1608 - djm@cvs.openbsd.org 2010/03/26 03:13:17
1609 [bufaux.c]
1610 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
1611 argument to allow skipping past values in a buffer
Damien Miller67f30d72010-04-16 15:52:03 +10001612 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
1613 [ssh.1]
1614 tweak previous;
Damien Miller544378d2010-04-16 15:52:24 +10001615 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
1616 [ssh_config.5]
1617 tweak previous; ok dtucker
Damien Millerdeb5a142010-04-16 15:52:43 +10001618 - djm@cvs.openbsd.org 2010/04/10 00:00:16
1619 [ssh.c]
1620 bz#1746 - suppress spurious tty warning when using -O and stdin
1621 is not a tty; ok dtucker@ markus@
Damien Miller67283992010-04-16 15:53:02 +10001622 - djm@cvs.openbsd.org 2010/04/10 00:04:30
1623 [sshconnect.c]
1624 fix terminology: we didn't find a certificate in known_hosts, we found
1625 a CA key
Damien Miller22c97f12010-04-16 15:53:23 +10001626 - djm@cvs.openbsd.org 2010/04/10 02:08:44
1627 [clientloop.c]
1628 bz#1698: kill channel when pty allocation requests fail. Fixed
1629 stuck client if the server refuses pty allocation.
1630 ok dtucker@ "think so" markus@
Damien Miller88680652010-04-16 15:53:43 +10001631 - djm@cvs.openbsd.org 2010/04/10 02:10:56
1632 [sshconnect2.c]
1633 show the key type that we are offering in debug(), helps distinguish
1634 between certs and plain keys as the path to the private key is usually
1635 the same.
Damien Miller601a23c2010-04-16 15:54:01 +10001636 - djm@cvs.openbsd.org 2010/04/10 05:48:16
1637 [mux.c]
1638 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
Damien Millerb1b17042010-04-16 15:54:19 +10001639 - djm@cvs.openbsd.org 2010/04/14 22:27:42
1640 [ssh_config.5 sshconnect.c]
1641 expand %r => remote username in ssh_config:ProxyCommand;
1642 ok deraadt markus
Damien Miller031c9102010-04-16 15:54:44 +10001643 - markus@cvs.openbsd.org 2010/04/15 20:32:55
1644 [ssh-pkcs11.c]
1645 retry lookup for private key if there's no matching key with CKA_SIGN
1646 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
1647 ok djm@
Damien Miller4e270b02010-04-16 15:56:21 +10001648 - djm@cvs.openbsd.org 2010/04/16 01:47:26
1649 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
1650 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
1651 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
1652 [sshconnect.c sshconnect2.c sshd.c]
1653 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
1654 following changes:
1655
1656 move the nonce field to the beginning of the certificate where it can
1657 better protect against chosen-prefix attacks on the signature hash
1658
1659 Rename "constraints" field to "critical options"
1660
1661 Add a new non-critical "extensions" field
1662
1663 Add a serial number
1664
1665 The older format is still support for authentication and cert generation
1666 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
1667
1668 ok markus@