blob: f44c4f1ca28059ea30ae5913661eee53a0e9428e [file] [log] [blame]
Damien Miller8c05da32012-12-13 07:18:59 +1100120121213
2 - (djm) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2012/12/12 16:45:52
4 [packet.c]
5 reset incoming_packet buffer for each new packet in EtM-case, too;
6 this happens if packets are parsed only parially (e.g. ignore
7 messages sent when su/sudo turn off echo); noted by sthen/millert
8
Damien Miller6a1937e2012-12-12 10:44:38 +1100920121212
10 - (djm) OpenBSD CVS Sync
11 - markus@cvs.openbsd.org 2012/12/11 22:16:21
12 [monitor.c]
13 drain the log messages after receiving the keystate from the unpriv
14 child. otherwise it might block while sending. ok djm@
Damien Milleraf43a7a2012-12-12 10:46:31 +110015 - markus@cvs.openbsd.org 2012/12/11 22:31:18
16 [PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h]
17 [packet.c ssh_config.5 sshd_config.5]
18 add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms
19 that change the packet format and compute the MAC over the encrypted
20 message (including the packet size) instead of the plaintext data;
21 these EtM modes are considered more secure and used by default.
22 feedback and ok djm@
Damien Miller74f13bd2012-12-12 10:46:53 +110023 - sthen@cvs.openbsd.org 2012/12/11 22:51:45
24 [mac.c]
25 fix typo, s/tem/etm in hmac-ripemd160-tem. ok markus@
Damien Miller1a45b632012-12-12 10:52:07 +110026 - markus@cvs.openbsd.org 2012/12/11 22:32:56
27 [regress/try-ciphers.sh]
28 add etm modes
Damien Miller1fb593a2012-12-12 10:54:37 +110029 - markus@cvs.openbsd.org 2012/12/11 22:42:11
30 [regress/Makefile regress/modpipe.c regress/integrity.sh]
31 test the integrity of the packets; with djm@
Damien Millerec7ce9a2012-12-12 10:55:32 +110032 - markus@cvs.openbsd.org 2012/12/11 23:12:13
33 [try-ciphers.sh]
34 add hmac-ripemd160-etm@openssh.com
Damien Miller37834af2012-12-12 11:00:37 +110035 - (djm) [mac.c] fix merge botch
Damien Miller37461d72012-12-12 12:37:32 +110036 - (djm) [regress/Makefile regress/integrity.sh] Make the integrity.sh test
37 work on platforms without 'jot'
38 - (djm) [regress/integrity.sh] Fix awk quoting, packet length skip
Damien Millerfaabeb62012-12-12 12:51:54 +110039 - (djm) [regress/Makefile] fix t-exec rule
Damien Miller6a1937e2012-12-12 10:44:38 +110040
Darren Tucker3dfb8772012-12-07 13:03:10 +11004120121207
42 - (dtucker) OpenBSD CVS Sync
43 - dtucker@cvs.openbsd.org 2012/12/06 06:06:54
44 [regress/keys-command.sh]
45 Fix some problems with the keys-command test:
46 - use string comparison rather than numeric comparison
47 - check for existing KEY_COMMAND file and don't clobber if it exists
48 - clean up KEY_COMMAND file if we do create it.
49 - check that KEY_COMMAND is executable (which it won't be if eg /var/run
50 is mounted noexec).
51 ok djm.
Darren Tuckerf9333d52012-12-07 13:06:13 +110052 - jmc@cvs.openbsd.org 2012/12/03 08:33:03
53 [ssh-add.1 sshd_config.5]
54 tweak previous;
Darren Tucker8a965222012-12-07 13:07:02 +110055 - markus@cvs.openbsd.org 2012/12/05 15:42:52
56 [ssh-add.c]
57 prevent double-free of comment; ok djm@
Darren Tucker3e1027c2012-12-07 13:07:46 +110058 - dtucker@cvs.openbsd.org 2012/12/07 01:51:35
59 [serverloop.c]
60 Cast signal to int for logging. A no-op on openbsd (they're always ints)
61 but will prevent warnings in portable. ok djm@
Darren Tucker3dfb8772012-12-07 13:03:10 +110062
Tim Rice96ce9a12012-12-04 07:50:03 -08006320121205
64 - (tim) [defines.h] Some platforms are missing ULLONG_MAX. Feedback djm@.
65
Damien Millercf6ef132012-12-03 09:37:56 +11006620121203
67 - (djm) [openbsd-compat/sys-queue.h] Sync with OpenBSD to get
68 TAILQ_FOREACH_SAFE needed for upcoming changes.
Damien Millercb6b68b2012-12-03 09:49:52 +110069 - (djm) OpenBSD CVS Sync
70 - djm@cvs.openbsd.org 2012/12/02 20:26:11
71 [ssh_config.5 sshconnect2.c]
72 Make IdentitiesOnly apply to keys obtained from a PKCS11Provider.
73 This allows control of which keys are offered from tokens using
74 IdentityFile. ok markus@
Damien Miller33a81362012-12-03 09:50:24 +110075 - djm@cvs.openbsd.org 2012/12/02 20:42:15
76 [ssh-add.1 ssh-add.c]
77 make deleting explicit keys "ssh-add -d" symmetric with adding keys -
78 try to delete the corresponding certificate too and respect the -k option
79 to allow deleting of the key only; feedback and ok markus@
Damien Milleraa5b3f82012-12-03 09:50:54 +110080 - djm@cvs.openbsd.org 2012/12/02 20:46:11
81 [auth-options.c channels.c servconf.c servconf.h serverloop.c session.c]
82 [sshd_config.5]
83 make AllowTcpForwarding accept "local" and "remote" in addition to its
84 current "yes"/"no" to allow the server to specify whether just local or
85 remote TCP forwarding is enabled. ok markus@
Damien Millerfa51d8b2012-12-03 10:08:25 +110086 - dtucker@cvs.openbsd.org 2012/10/05 02:20:48
87 [regress/cipher-speed.sh regress/try-ciphers.sh]
88 Add umac-128@openssh.com to the list of MACs to be tested
Damien Miller6618e922012-12-03 10:09:04 +110089 - djm@cvs.openbsd.org 2012/10/19 05:10:42
90 [regress/cert-userkey.sh]
91 include a serial number when generating certs
Damien Miller771c43c2012-12-03 10:12:13 +110092 - djm@cvs.openbsd.org 2012/11/22 22:49:30
93 [regress/Makefile regress/keys-command.sh]
94 regress for AuthorizedKeysCommand; hints from markus@
Damien Miller999bd2d2012-12-03 10:13:39 +110095 - djm@cvs.openbsd.org 2012/12/02 20:47:48
96 [Makefile regress/forward-control.sh]
97 regress for AllowTcpForwarding local/remote; ok markus@
Damien Miller55aca022012-12-03 11:25:30 +110098 - djm@cvs.openbsd.org 2012/12/03 00:14:06
99 [auth2-chall.c ssh-keygen.c]
100 Fix compilation with -Wall -Werror (trivial type fixes)
Damien Miller03af12e2012-12-03 11:55:53 +1100101 - (djm) [configure.ac] Turn on -g for gcc compilers. Helps pre-installation
102 debugging. ok dtucker@
Damien Miller8b489822012-12-03 12:35:55 +1100103 - (djm) [configure.ac] Revert previous. configure.ac already does this
104 for us.
Damien Millercf6ef132012-12-03 09:37:56 +1100105
Damien Miller1e854692012-11-14 19:04:02 +110010620121114
107 - (djm) OpenBSD CVS Sync
108 - djm@cvs.openbsd.org 2012/11/14 02:24:27
109 [auth2-pubkey.c]
110 fix username passed to helper program
111 prepare stdio fds before closefrom()
112 spotted by landry@
Damien Miller6f3b3622012-11-14 19:04:33 +1100113 - djm@cvs.openbsd.org 2012/11/14 02:32:15
114 [ssh-keygen.c]
115 allow the full range of unsigned serial numbers; 'fine' deraadt@
Damien Miller15b05cf2012-12-03 09:53:20 +1100116 - djm@cvs.openbsd.org 2012/12/02 20:34:10
117 [auth.c auth.h auth1.c auth2-chall.c auth2-gss.c auth2-jpake.c auth2.c]
118 [monitor.c monitor.h]
119 Fixes logging of partial authentication when privsep is enabled
120 Previously, we recorded "Failed xxx" since we reset authenticated before
121 calling auth_log() in auth2.c. This adds an explcit "Partial" state.
122
123 Add a "submethod" to auth_log() to report which submethod is used
124 for keyboard-interactive.
125
126 Fix multiple authentication when one of the methods is
127 keyboard-interactive.
128
129 ok markus@
Damien Millerd27a0262012-12-03 10:06:37 +1100130 - dtucker@cvs.openbsd.org 2012/10/05 02:05:30
131 [regress/multiplex.sh]
132 Use 'kill -0' to test for the presence of a pid since it's more portable
Damien Miller1e854692012-11-14 19:04:02 +1100133
Damien Millerd5c3d4c2012-11-07 08:35:38 +110013420121107
135 - (djm) OpenBSD CVS Sync
136 - eric@cvs.openbsd.org 2011/11/28 08:46:27
137 [moduli.5]
138 fix formula
139 ok djm@
Damien Miller0120c412012-11-07 08:36:00 +1100140 - jmc@cvs.openbsd.org 2012/09/26 17:34:38
141 [moduli.5]
142 last stage of rfc changes, using consistent Rs/Re blocks, and moving the
143 references into a STANDARDS section;
Damien Millerd5c3d4c2012-11-07 08:35:38 +1100144
Darren Tuckerf96ff182012-11-05 17:04:37 +110014520121105
146 - (dtucker) [uidswap.c openbsd-compat/Makefile.in
147 openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
148 openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids
149 and gids from uidswap.c to the compat library, which allows it to work with
150 the new setresuid calls in auth2-pubkey. with tim@, ok djm@
Darren Tucker737f7af2012-11-05 17:07:43 +1100151 - (dtucker) [auth2-pubkey.c] wrap paths.h in an ifdef for platforms that
152 don't have it. Spotted by tim@.
Darren Tuckerf96ff182012-11-05 17:04:37 +1100153
Damien Millerf33580e2012-11-04 22:22:52 +110015420121104
155 - (djm) OpenBSD CVS Sync
156 - jmc@cvs.openbsd.org 2012/10/31 08:04:50
157 [sshd_config.5]
158 tweak previous;
Damien Millerd0d10992012-11-04 22:23:14 +1100159 - djm@cvs.openbsd.org 2012/11/04 10:38:43
160 [auth2-pubkey.c sshd.c sshd_config.5]
161 Remove default of AuthorizedCommandUser. Administrators are now expected
162 to explicitly specify a user. feedback and ok markus@
Damien Millera6e3f012012-11-04 23:21:40 +1100163 - djm@cvs.openbsd.org 2012/11/04 11:09:15
164 [auth.h auth1.c auth2.c monitor.c servconf.c servconf.h sshd.c]
165 [sshd_config.5]
166 Support multiple required authentication via an AuthenticationMethods
167 option. This option lists one or more comma-separated lists of
168 authentication method names. Successful completion of all the methods in
169 any list is required for authentication to complete;
170 feedback and ok markus@
Damien Millerf33580e2012-11-04 22:22:52 +1100171
Damien Miller07daed52012-10-31 08:57:55 +110017220121030
173 - (djm) OpenBSD CVS Sync
174 - markus@cvs.openbsd.org 2012/10/05 12:34:39
175 [sftp.c]
176 fix signed vs unsigned warning; feedback & ok: djm@
Damien Miller09d3e122012-10-31 08:58:58 +1100177 - djm@cvs.openbsd.org 2012/10/30 21:29:55
178 [auth-rsa.c auth.c auth.h auth2-pubkey.c servconf.c servconf.h]
179 [sshd.c sshd_config sshd_config.5]
180 new sshd_config option AuthorizedKeysCommand to support fetching
181 authorized_keys from a command in addition to (or instead of) from
182 the filesystem. The command is run as the target server user unless
183 another specified via a new AuthorizedKeysCommandUser option.
184
185 patch originally by jchadima AT redhat.com, reworked by me; feedback
186 and ok markus@
Damien Miller07daed52012-10-31 08:57:55 +1100187
Tim Ricec0e5cbe2012-10-18 21:38:58 -070018820121019
189 - (tim) [buildpkg.sh.in] Double up on some backslashes so they end up in
190 the generated file as intended.
191
Darren Tucker0af24052012-10-05 10:41:25 +100019220121005
193 - (dtucker) OpenBSD CVS Sync
194 - djm@cvs.openbsd.org 2012/09/17 09:54:44
195 [sftp.c]
196 an XXX for later
Darren Tucker302889a2012-10-05 10:42:53 +1000197 - markus@cvs.openbsd.org 2012/09/17 13:04:11
198 [packet.c]
199 clear old keys on rekeing; ok djm
Darren Tucker063018d2012-10-05 10:43:58 +1000200 - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
201 [sftp.c]
202 Add bounds check on sftp tab-completion. Part of a patch from from
203 Jean-Marc Robert via tech@, ok djm
Darren Tucker191fcc62012-10-05 10:45:01 +1000204 - dtucker@cvs.openbsd.org 2012/09/21 10:53:07
205 [sftp.c]
206 Fix improper handling of absolute paths when PWD is part of the completed
207 path. Patch from Jean-Marc Robert via tech@, ok djm.
Darren Tucker17146d32012-10-05 10:46:16 +1000208 - dtucker@cvs.openbsd.org 2012/09/21 10:55:04
209 [sftp.c]
210 Fix handling of filenames containing escaped globbing characters and
211 escape "#" and "*". Patch from Jean-Marc Robert via tech@, ok djm.
Darren Tucker628a3fd2012-10-05 10:50:15 +1000212 - jmc@cvs.openbsd.org 2012/09/26 16:12:13
213 [ssh.1]
214 last stage of rfc changes, using consistent Rs/Re blocks, and moving the
215 references into a STANDARDS section;
Darren Tucker3a7c0412012-10-05 10:51:59 +1000216 - naddy@cvs.openbsd.org 2012/10/01 13:59:51
217 [monitor_wrap.c]
218 pasto; ok djm@
Darren Tucker0dc283b2012-10-05 10:52:51 +1000219 - djm@cvs.openbsd.org 2012/10/02 07:07:45
220 [ssh-keygen.c]
221 fix -z option, broken in revision 1.215
Darren Tucker427e4092012-10-05 11:02:39 +1000222 - markus@cvs.openbsd.org 2012/10/04 13:21:50
223 [myproposal.h ssh_config.5 umac.h sshd_config.5 ssh.1 sshd.8 mac.c]
224 add umac128 variant; ok djm@ at n2k12
Darren Tucker189e5ba2012-10-05 11:41:52 +1000225 - dtucker@cvs.openbsd.org 2012/09/06 04:11:07
226 [regress/try-ciphers.sh]
227 Restore missing space. (Id sync only).
Darren Tucker6fc5aa82012-10-05 11:43:57 +1000228 - dtucker@cvs.openbsd.org 2012/09/09 11:51:25
229 [regress/multiplex.sh]
230 Add test for ssh -Ostop
Darren Tucker9b2c0362012-10-05 11:45:39 +1000231 - dtucker@cvs.openbsd.org 2012/09/10 00:49:21
232 [regress/multiplex.sh]
233 Log -O cmd output to the log file and make logging consistent with the
234 other tests. Test clean shutdown of an existing channel when testing
235 "stop".
Darren Tuckeree4ad772012-10-05 12:04:10 +1000236 - dtucker@cvs.openbsd.org 2012/09/10 01:51:19
237 [regress/multiplex.sh]
238 use -Ocheck and waiting for completions by PID to make multiplexing test
239 less racy and (hopefully) more reliable on slow hardware.
Darren Tucker992faad2012-10-05 11:38:24 +1000240 - [Makefile umac.c] Add special-case target to build umac128.o.
Darren Tucker50ce4472012-10-05 12:11:33 +1000241 - [umac.c] Enforce allowed umac output sizes. From djm@.
Darren Tuckercc8e9ff2012-10-05 15:41:06 +1000242 - [Makefile.in] "Using $< in a non-suffix rule context is a GNUmake idiom".
Darren Tucker0af24052012-10-05 10:41:25 +1000243
Darren Tuckerbb6cc072012-09-17 13:25:06 +100024420120917
245 - (dtucker) OpenBSD CVS Sync
246 - dtucker@cvs.openbsd.org 2012/09/13 23:37:36
247 [servconf.c]
248 Fix comment line length
Darren Tucker26b9e3b2012-09-17 13:25:44 +1000249 - markus@cvs.openbsd.org 2012/09/14 16:51:34
250 [sshconnect.c]
251 remove unused variable
Darren Tuckerbb6cc072012-09-17 13:25:06 +1000252
Darren Tucker92a39cf2012-09-07 11:20:20 +100025320120907
254 - (dtucker) OpenBSD CVS Sync
255 - dtucker@cvs.openbsd.org 2012/09/06 09:50:13
256 [clientloop.c]
257 Make the escape command help (~?) context sensitive so that only commands
258 that will work in the current session are shown. ok markus@
Darren Tucker83d0af62012-09-07 11:21:03 +1000259 - jmc@cvs.openbsd.org 2012/09/06 13:57:42
260 [ssh.1]
261 missing letter in previous;
Darren Tuckerf111d402012-09-07 11:21:42 +1000262 - dtucker@cvs.openbsd.org 2012/09/07 00:30:19
263 [clientloop.c]
264 Print '^Z' instead of a raw ^Z when the sequence is not supported. ok djm@
Darren Tuckerca0d0fd2012-09-07 11:22:24 +1000265 - dtucker@cvs.openbsd.org 2012/09/07 01:10:21
266 [clientloop.c]
267 Merge escape help text for ~v and ~V; ok djm@
Darren Tucker48bf4b02012-09-07 16:38:53 +1000268 - dtucker@cvs.openbsd.org 2012/09/07 06:34:21
269 [clientloop.c]
270 when muxmaster is run with -N, make it shut down gracefully when a client
271 sends it "-O stop" rather than hanging around (bz#1985). ok djm@
Darren Tucker92a39cf2012-09-07 11:20:20 +1000272
Darren Tucker3ee50c52012-09-06 21:18:11 +100027320120906
274 - (dtucker) OpenBSD CVS Sync
275 - jmc@cvs.openbsd.org 2012/08/15 18:25:50
276 [ssh-keygen.1]
277 a little more info on certificate validity;
278 requested by Ross L Richardson, and provided by djm
Darren Tucker66cb0e02012-09-06 21:19:05 +1000279 - dtucker@cvs.openbsd.org 2012/08/17 00:45:45
280 [clientloop.c clientloop.h mux.c]
281 Force a clean shutdown of ControlMaster client sessions when the ~. escape
282 sequence is used. This means that ~. should now work in mux clients even
283 if the server is no longer responding. Found by tedu, ok djm.
Darren Tuckerae608bd2012-09-06 21:19:51 +1000284 - djm@cvs.openbsd.org 2012/08/17 01:22:56
285 [kex.c]
286 add some comments about better handling first-KEX-follows notifications
287 from the server. Nothing uses these right now. No binary change
Darren Tuckerf09a8a62012-09-06 21:20:39 +1000288 - djm@cvs.openbsd.org 2012/08/17 01:25:58
289 [ssh-keygen.c]
290 print details of which host lines were deleted when using
291 "ssh-keygen -R host"; ok markus@
Darren Tucker00c15182012-09-06 21:21:56 +1000292 - djm@cvs.openbsd.org 2012/08/17 01:30:00
293 [compat.c sshconnect.c]
294 Send client banner immediately, rather than waiting for the server to
295 move first for SSH protocol 2 connections (the default). Patch based on
296 one in bz#1999 by tls AT panix.com, feedback dtucker@ ok markus@
Darren Tucker50a48d02012-09-06 21:25:37 +1000297 - dtucker@cvs.openbsd.org 2012/09/06 04:37:39
298 [clientloop.c log.c ssh.1 log.h]
299 Add ~v and ~V escape sequences to raise and lower the logging level
300 respectively. Man page help from jmc, ok deraadt jmc
Darren Tucker3ee50c52012-09-06 21:18:11 +1000301
Darren Tucker23e4b802012-08-30 10:42:47 +100030220120830
303 - (dtucker) [moduli] Import new moduli file.
304
Darren Tucker31854182012-08-28 19:57:19 +100030520120828
Damien Miller4eb0a532012-08-29 10:26:20 +1000306 - (djm) Release openssh-6.1
307
30820120828
Darren Tucker31854182012-08-28 19:57:19 +1000309 - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN
310 for compatibility with future mingw-w64 headers. Patch from vinschen at
311 redhat com.
312
Damien Miller39a9d2c2012-08-22 21:57:13 +100031320120822
314 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
315 [contrib/suse/openssh.spec] Update version numbers
316
Damien Miller709a1e92012-07-31 12:20:43 +100031720120731
318 - (djm) OpenBSD CVS Sync
319 - jmc@cvs.openbsd.org 2012/07/06 06:38:03
320 [ssh-keygen.c]
321 missing full stop in usage();
Damien Miller5a5c2b92012-07-31 12:21:34 +1000322 - djm@cvs.openbsd.org 2012/07/10 02:19:15
323 [servconf.c servconf.h sshd.c sshd_config]
324 Turn on systrace sandboxing of pre-auth sshd by default for new installs
325 by shipping a config that overrides the current UsePrivilegeSeparation=yes
326 default. Make it easier to flip the default in the future by adding too.
Damien Miller1cce1032012-07-31 12:22:18 +1000327 prodded markus@ feedback dtucker@ "get it in" deraadt@
Damien Miller46cb75a2012-07-31 12:22:37 +1000328 - dtucker@cvs.openbsd.org 2012/07/13 01:35:21
329 [servconf.c]
330 handle long comments in config files better. bz#2025, ok markus
Damien Miller38fe6622012-07-31 12:23:16 +1000331 - markus@cvs.openbsd.org 2012/07/22 18:19:21
332 [version.h]
333 openssh 6.1
Damien Miller709a1e92012-07-31 12:20:43 +1000334
Darren Tuckerd809a4b2012-07-20 10:42:06 +100033520120720
336 - (dtucker) Import regened moduli file.
337
Damien Millera0433a72012-07-06 10:27:10 +100033820120706
339 - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is
340 not available. Allows use of sshd compiled on host with a filter-capable
341 kernel on hosts that lack the support. bz#2011 ok dtucker@
Damien Miller77eab7b2012-07-06 11:49:28 +1000342 - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no
343 unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT
344 esperi.org.uk; ok dtucker@
Damien Millerdfceafe2012-07-06 13:44:19 +1000345- (djm) OpenBSD CVS Sync
346 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
347 [moduli.c ssh-keygen.1 ssh-keygen.c]
348 Add options to specify starting line number and number of lines to process
349 when screening moduli candidates. This allows processing of different
350 parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
Damien Millerab523b02012-07-06 13:44:43 +1000351 - djm@cvs.openbsd.org 2012/07/06 01:37:21
352 [mux.c]
353 fix memory leak of passed-in environment variables and connection
354 context when new session message is malformed; bz#2003 from Bert.Wesarg
355 AT googlemail.com
Damien Millerfff9f092012-07-06 13:45:01 +1000356 - djm@cvs.openbsd.org 2012/07/06 01:47:38
357 [ssh.c]
358 move setting of tty_flag to after config parsing so RequestTTY options
359 are correctly picked up. bz#1995 patch from przemoc AT gmail.com;
360 ok dtucker@
Damien Millera0433a72012-07-06 10:27:10 +1000361
Darren Tucker34f702a2012-07-04 08:50:09 +100036220120704
363 - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for
364 platforms that don't have it. "looks good" tim@
365
Darren Tucker60395f92012-07-03 14:31:18 +100036620120703
367 - (dtucker) [configure.ac] Detect platforms that can't use select(2) with
368 setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those.
Darren Tuckerd545a4b2012-07-03 22:48:31 +1000369 - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not
370 setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its
371 benefit is minor, so it's not worth disabling the sandbox if it doesn't
372 work.
Darren Tucker60395f92012-07-03 14:31:18 +1000373
Darren Tuckerecbf14a2012-07-02 18:53:37 +100037420120702
375- (dtucker) OpenBSD CVS Sync
376 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
377 [ssh_config.5 sshd_config.5]
378 match the documented MAC order of preference to the actual one;
379 ok dtucker@
Darren Tucker3b4b2d32012-07-02 18:54:31 +1000380 - markus@cvs.openbsd.org 2012/06/30 14:35:09
381 [sandbox-systrace.c sshd.c]
382 fix a during the load of the sandbox policies (child can still make
383 the read-syscall and wait forever for systrace-answers) by replacing
384 the read/write synchronisation with SIGSTOP/SIGCONT;
385 report and help hshoexer@; ok djm@, dtucker@
Darren Tucker7b305012012-07-02 18:55:09 +1000386 - dtucker@cvs.openbsd.org 2012/07/02 08:50:03
387 [ssh.c]
388 set interactive ToS for forwarded X11 sessions. ok djm@
Darren Tucker4908d442012-07-02 22:15:38 +1000389 - dtucker@cvs.openbsd.org 2012/07/02 12:13:26
390 [ssh-pkcs11-helper.c sftp-client.c]
391 fix a couple of "assigned but not used" warnings. ok markus@
Darren Tucker369ceed2012-07-03 00:53:18 +1000392 - dtucker@cvs.openbsd.org 2012/07/02 14:37:06
393 [regress/connect-privsep.sh]
394 remove exit from end of test since it prevents reporting failure
Darren Tuckerec1e15d2012-07-03 01:06:49 +1000395 - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh]
396 Move cygwin detection to test-exec and use to skip reexec test on cygwin.
Darren Tucker6ea5dc62012-07-03 01:11:28 +1000397 - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k.
Darren Tuckerecbf14a2012-07-02 18:53:37 +1000398
Damien Miller97f43bb2012-06-30 08:32:29 +100039920120629
400 - OpenBSD CVS Sync
401 - dtucker@cvs.openbsd.org 2012/06/21 00:16:07
402 [addrmatch.c]
403 fix strlcpy truncation check. from carsten at debian org, ok markus
Damien Miller5f58a872012-06-30 08:33:17 +1000404 - dtucker@cvs.openbsd.org 2012/06/22 12:30:26
405 [monitor.c sshconnect2.c]
406 remove dead code following 'for (;;)' loops.
407 From Steve.McClellan at radisys com, ok markus@
Damien Millerea858292012-06-30 08:33:32 +1000408 - dtucker@cvs.openbsd.org 2012/06/22 14:36:33
409 [sftp.c]
410 Remove unused variable leftover from tab-completion changes.
411 From Steve.McClellan at radisys com, ok markus@
Damien Miller560de922012-06-30 08:33:53 +1000412 - dtucker@cvs.openbsd.org 2012/06/26 11:02:30
413 [sandbox-systrace.c]
414 Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
415 sandbox" since malloc now uses it. From johnw.mail at gmail com.
Damien Millerdb4f8e82012-06-30 08:34:59 +1000416 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
417 [mac.c myproposal.h ssh_config.5 sshd_config.5]
418 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
419 from draft6 of the spec and will not be in the RFC when published. Patch
420 from mdb at juniper net via bz#2023, ok markus.
Damien Milleree3c1962012-06-30 08:35:59 +1000421 - naddy@cvs.openbsd.org 2012/06/29 13:57:25
422 [ssh_config.5 sshd_config.5]
423 match the documented MAC order of preference to the actual one; ok dtucker@
Darren Tucker30139032012-06-30 15:01:22 +1000424 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
425 [regress/addrmatch.sh]
426 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
427 to match. Feedback and ok djm@ markus@.
Darren Tucker4430a862012-06-30 15:03:28 +1000428 - djm@cvs.openbsd.org 2012/06/01 00:47:35
Darren Tucker2920bc12012-06-30 15:06:28 +1000429 [regress/multiplex.sh regress/forwarding.sh]
Darren Tucker4430a862012-06-30 15:03:28 +1000430 append to rather than truncate test log; bz#2013 from openssh AT
431 roumenpetrov.info
Darren Tuckerff32d7c2012-06-30 15:04:13 +1000432 - djm@cvs.openbsd.org 2012/06/01 00:52:52
Darren Tucker2920bc12012-06-30 15:06:28 +1000433 [regress/sftp-cmds.sh]
Darren Tuckerff32d7c2012-06-30 15:04:13 +1000434 don't delete .* on cleanup due to unintended env expansion; pointed out in
435 bz#2014 by openssh AT roumenpetrov.info
Darren Tucker2920bc12012-06-30 15:06:28 +1000436 - dtucker@cvs.openbsd.org 2012/06/26 12:06:59
437 [regress/connect-privsep.sh]
438 test sandbox with every malloc option
Darren Tuckera08c2072012-06-30 15:08:53 +1000439 - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
440 [regress/try-ciphers.sh regress/cipher-speed.sh]
441 Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
442 from draft6 of the spec and will not be in the RFC when published. Patch
443 from mdb at juniper net via bz#2023, ok markus.
Darren Tucker3886f952012-06-30 19:47:01 +1000444 - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error.
Darren Tucker14a9d252012-06-30 20:05:02 +1000445 - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have
446 the required functions in libcrypto.
Damien Miller97f43bb2012-06-30 08:32:29 +1000447
Darren Tucker8908da72012-06-28 15:21:32 +100044820120628
449 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null
450 pointer deref in the client when built with LDNS and using DNSSEC with a
451 CNAME. Patch from gregdlg+mr at hochet info.
452
Darren Tucker62dcd632012-06-22 22:02:42 +100045320120622
454 - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as
455 can logon as a service. Patch from vinschen at redhat com.
456
Damien Millerefc6fc92012-06-20 21:44:56 +100045720120620
458 - (djm) OpenBSD CVS Sync
459 - djm@cvs.openbsd.org 2011/12/02 00:41:56
460 [mux.c]
461 fix bz#1948: ssh -f doesn't fork for multiplexed connection.
462 ok dtucker@
Damien Miller140df632012-06-20 21:46:57 +1000463 - djm@cvs.openbsd.org 2011/12/04 23:16:12
464 [mux.c]
465 revert:
466 > revision 1.32
467 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
468 > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
469 > ok dtucker@
470 it interacts badly with ControlPersist
Damien Millerac58ce82012-06-20 21:50:47 +1000471 - djm@cvs.openbsd.org 2012/01/07 21:11:36
472 [mux.c]
473 fix double-free in new session handler
474 NB. Id sync only
Damien Miller3bde12a2012-06-20 21:51:11 +1000475 - djm@cvs.openbsd.org 2012/05/23 03:28:28
476 [dns.c dns.h key.c key.h ssh-keygen.c]
477 add support for RFC6594 SSHFP DNS records for ECDSA key types.
478 patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@
Darren Tucker86dc9b42012-09-07 18:08:23 +1000479 (Original authors Ondřej Surý, Ondřej Caletka and Daniel Black)
Damien Miller7f121572012-06-20 21:51:29 +1000480 - djm@cvs.openbsd.org 2012/06/01 00:49:35
481 [PROTOCOL.mux]
482 correct types of port numbers (integers, not strings); bz#2004 from
483 bert.wesarg AT googlemail.com
Damien Miller2e7decf2012-06-20 21:52:00 +1000484 - djm@cvs.openbsd.org 2012/06/01 01:01:22
485 [mux.c]
486 fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg
487 AT googlemail.com
Damien Miller276dcfd2012-06-20 21:52:18 +1000488 - dtucker@cvs.openbsd.org 2012/06/18 11:43:53
489 [jpake.c]
490 correct sizeof usage. patch from saw at online.de, ok deraadt
Damien Miller71924332012-06-20 21:52:38 +1000491 - dtucker@cvs.openbsd.org 2012/06/18 11:49:58
492 [ssh_config.5]
493 RSA instead of DSA twice. From Steve.McClellan at radisys com
Damien Millerb9902cf2012-06-20 21:52:58 +1000494 - dtucker@cvs.openbsd.org 2012/06/18 12:07:07
495 [ssh.1 sshd.8]
496 Remove mention of 'three' key files since there are now four. From
497 Steve.McClellan at radisys com.
Damien Miller36378c62012-06-20 21:53:25 +1000498 - dtucker@cvs.openbsd.org 2012/06/18 12:17:18
499 [ssh.1]
500 Clarify description of -W. Noted by Steve.McClellan at radisys com,
501 ok jmc
Damien Millerc24da772012-06-20 21:53:58 +1000502 - markus@cvs.openbsd.org 2012/06/19 18:25:28
503 [servconf.c servconf.h sshd_config.5]
504 sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups}
505 this allows 'Match LocalPort 1022' combined with 'AllowUser bauer'
506 ok djm@ (back in March)
Damien Millerf8268502012-06-20 21:54:15 +1000507 - jmc@cvs.openbsd.org 2012/06/19 21:35:54
508 [sshd_config.5]
509 tweak previous; ok markus
Damien Miller6c6da332012-06-20 22:31:26 +1000510 - djm@cvs.openbsd.org 2012/06/20 04:42:58
511 [clientloop.c serverloop.c]
512 initialise accept() backoff timer to avoid EINVAL from select(2) in
513 rekeying
Damien Millerefc6fc92012-06-20 21:44:56 +1000514
Darren Tuckerd0494fd2012-05-19 14:25:39 +100051520120519
516 - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch
517 from cjwatson at debian org.
Darren Tucker59353892012-05-19 15:24:37 +1000518 - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find
519 pkg-config so it does the right thing when cross-compiling. Patch from
520 cjwatson at debian org.
Darren Tuckerfbcf8272012-05-19 19:37:01 +1000521- (dtucker) OpenBSD CVS Sync
522 - dtucker@cvs.openbsd.org 2012/05/13 01:42:32
523 [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5]
524 Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests
525 to match. Feedback and ok djm@ markus@.
Darren Tuckerba9ea322012-05-19 19:37:33 +1000526 - dtucker@cvs.openbsd.org 2012/05/19 06:30:30
527 [sshd_config.5]
528 Document PermitOpen none. bz#2001, patch from Loganaden Velvindron
Darren Tuckerd0494fd2012-05-19 14:25:39 +1000529
Darren Tuckere1a3ddf2012-05-04 11:05:45 +100053020120504
531 - (dtucker) [configure.ac] Include <sys/param.h> rather than <sys/types.h>
532 to fix building on some plaforms. Fom bowman at math utah edu and
533 des at des no.
534
Darren Tuckerd0d3fff2012-04-27 10:55:39 +100053520120427
536 - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6
537 platform rather than exiting early, so that we still clean up and return
538 success or failure to test-exec.sh
539
Damien Miller7584cb12012-04-26 09:51:26 +100054020120426
541 - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters
542 via Niels
Damien Miller025bfd12012-04-26 09:52:15 +1000543 - (djm) [auth-krb5.c] Save errno across calls that might modify it;
544 ok dtucker@
Damien Miller7584cb12012-04-26 09:51:26 +1000545
Damien Millerba77e1f2012-04-23 18:21:05 +100054620120423
547 - OpenBSD CVS Sync
548 - djm@cvs.openbsd.org 2012/04/23 08:18:17
549 [channels.c]
550 fix function proto/source mismatch
551
Damien Millera563cce2012-04-22 11:07:28 +100055220120422
553 - OpenBSD CVS Sync
554 - djm@cvs.openbsd.org 2012/02/29 11:21:26
555 [ssh-keygen.c]
556 allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@
Damien Miller29cd1882012-04-22 11:08:10 +1000557 - guenther@cvs.openbsd.org 2012/03/15 03:10:27
558 [session.c]
559 root should always be excluded from the test for /etc/nologin instead
560 of having it always enforced even when marked as ignorenologin. This
561 regressed when the logic was incompletely flipped around in rev 1.251
562 ok halex@ millert@
Damien Miller48348fc2012-04-22 11:08:30 +1000563 - djm@cvs.openbsd.org 2012/03/28 07:23:22
564 [PROTOCOL.certkeys]
565 explain certificate extensions/crit split rationale. Mention requirement
566 that each appear at most once per cert.
Damien Millerc6081482012-04-22 11:18:53 +1000567 - dtucker@cvs.openbsd.org 2012/03/29 23:54:36
568 [channels.c channels.h servconf.c]
569 Add PermitOpen none option based on patch from Loganaden Velvindron
570 (bz #1949). ok djm@
Damien Millera6508752012-04-22 11:21:10 +1000571 - djm@cvs.openbsd.org 2012/04/11 13:16:19
572 [channels.c channels.h clientloop.c serverloop.c]
573 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
574 while; ok deraadt@ markus@
Damien Miller9fed1612012-04-22 11:21:43 +1000575 - djm@cvs.openbsd.org 2012/04/11 13:17:54
576 [auth.c]
577 Support "none" as an argument for AuthorizedPrincipalsFile to indicate
578 no file should be read.
Damien Millera116d132012-04-22 11:23:46 +1000579 - djm@cvs.openbsd.org 2012/04/11 13:26:40
580 [sshd.c]
581 don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a
582 while; ok deraadt@ markus@
Damien Miller839f7432012-04-22 11:24:21 +1000583 - djm@cvs.openbsd.org 2012/04/11 13:34:17
584 [ssh-keyscan.1 ssh-keyscan.c]
585 now that sshd defaults to offering ECDSA keys, ssh-keyscan should also
586 look for them by default; bz#1971
Damien Miller23528812012-04-22 11:24:43 +1000587 - djm@cvs.openbsd.org 2012/04/12 02:42:32
588 [servconf.c servconf.h sshd.c sshd_config sshd_config.5]
589 VersionAddendum option to allow server operators to append some arbitrary
590 text to the SSH-... banner; ok deraadt@ "don't care" markus@
Damien Miller8fef9eb2012-04-22 11:25:10 +1000591 - djm@cvs.openbsd.org 2012/04/12 02:43:55
592 [sshd_config sshd_config.5]
593 mention AuthorizedPrincipalsFile=none default
Damien Miller49223152012-04-22 11:25:47 +1000594 - djm@cvs.openbsd.org 2012/04/20 03:24:23
595 [sftp.c]
596 setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...)
Damien Miller70b2d552012-04-22 11:26:10 +1000597 - jmc@cvs.openbsd.org 2012/04/20 16:26:22
598 [ssh.1]
599 use "brackets" instead of "braces", for consistency;
Damien Millera563cce2012-04-22 11:07:28 +1000600
Damien Miller8beb3202012-04-20 10:58:34 +100060120120420
602 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
603 [contrib/suse/openssh.spec] Update for release 6.0
Damien Millerbf230412012-04-20 14:11:04 +1000604 - (djm) [README] Update URL to release notes.
Damien Millerd5dacb42012-04-20 15:01:01 +1000605 - (djm) Release openssh-6.0
Damien Miller8beb3202012-04-20 10:58:34 +1000606
Damien Miller398c0ff2012-04-19 21:46:35 +100060720120419
608 - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil
609 contains openpty() but not login()
610
Damien Millere0956e32012-04-04 11:27:54 +100061120120404
612 - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox
613 mode for Linux's new seccomp filter; patch from Will Drewry; feedback
614 and ok dtucker@
615
Darren Tucker67ccc862012-03-30 10:19:56 +110061620120330
617 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
618 file from spec file. From crighter at nuclioss com.
Damien Miller4d557342012-03-30 11:34:27 +1100619 - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
620 openssh binaries on a newer fix release than they were compiled on.
621 with and ok dtucker@
Damien Millerce1ec9d2012-03-30 14:07:05 +1100622 - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect
623 assumptions when building on Cygwin; patch from Corinna Vinschen
Darren Tucker67ccc862012-03-30 10:19:56 +1100624
Damien Miller7bf7b882012-03-09 10:25:16 +110062520120309
626 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux
627 systems where sshd is run in te wrong context. Patch from Sven
628 Vermeulen; ok dtucker@
Damien Miller54c38d22012-03-09 10:28:07 +1100629 - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6
630 addressed connections. ok dtucker@
Damien Miller7bf7b882012-03-09 10:25:16 +1100631
Darren Tucker93a2d412012-02-24 10:40:41 +110063220120224
633 - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM
634 audit breakage in Solaris 11. Patch from Magnus Johansson.
635
Tim Ricee3609c92012-02-14 10:03:30 -080063620120215
637 - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for
638 unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c
639 ok dtucker@
Tim Ricef79b5d32012-02-14 20:13:05 -0800640 - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so
641 it actually works.
Tim Ricea3f297d2012-02-14 23:01:42 -0800642 - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote
643 to work. Spotted by Angel Gonzalez
Tim Ricee3609c92012-02-14 10:03:30 -0800644
Damien Miller7b7901c2012-02-14 06:38:36 +110064520120214
646 - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of
647 preserved Cygwin environment variables; from Corinna Vinschen
648
Damien Millera2876db2012-02-11 08:16:06 +110064920120211
650 - (djm) OpenBSD CVS Sync
651 - djm@cvs.openbsd.org 2012/01/05 00:16:56
652 [monitor.c]
653 memleak on error path
Damien Miller2ec03422012-02-11 08:16:28 +1100654 - djm@cvs.openbsd.org 2012/01/07 21:11:36
655 [mux.c]
656 fix double-free in new session handler
Damien Miller83ba8e62012-02-11 08:17:27 +1100657 - miod@cvs.openbsd.org 2012/01/08 13:17:11
658 [ssh-ecdsa.c]
659 Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron,
660 ok markus@
Damien Millerfb12c6d2012-02-11 08:17:52 +1100661 - miod@cvs.openbsd.org 2012/01/16 20:34:09
662 [ssh-pkcs11-client.c]
663 Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow.
664 While there, be sure to buffer_clear() between send_msg() and recv_msg().
665 ok markus@
Damien Miller8d60be52012-02-11 08:18:17 +1100666 - dtucker@cvs.openbsd.org 2012/01/18 21:46:43
667 [clientloop.c]
668 Ensure that $DISPLAY contains only valid characters before using it to
669 extract xauth data so that it can't be used to play local shell
670 metacharacter games. Report from r00t_ati at ihteam.net, ok markus.
Damien Miller1de2cfe2012-02-11 08:18:43 +1100671 - markus@cvs.openbsd.org 2012/01/25 19:26:43
672 [packet.c]
673 do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying;
674 ok dtucker@, djm@
Damien Miller5d007702012-02-11 08:19:02 +1100675 - markus@cvs.openbsd.org 2012/01/25 19:36:31
676 [authfile.c]
677 memleak in key_load_file(); from Jan Klemkow
Damien Miller72de9822012-02-11 08:19:21 +1100678 - markus@cvs.openbsd.org 2012/01/25 19:40:09
679 [packet.c packet.h]
680 packet_read_poll() is not used anymore.
Damien Millerdb854552012-02-11 08:19:44 +1100681 - markus@cvs.openbsd.org 2012/02/09 20:00:18
682 [version.h]
683 move from 6.0-beta to 6.0
Damien Millera2876db2012-02-11 08:16:06 +1100684
Damien Millerb56e4932012-02-06 07:41:27 +110068520120206
686 - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms
687 that don't support ECC. Patch from Phil Oleson
Darren Tuckere9b3ad72012-01-17 14:03:34 +1100688
Damien Miller5360dff2011-12-19 10:51:11 +110068920111219
690 - OpenBSD CVS Sync
691 - djm@cvs.openbsd.org 2011/12/02 00:41:56
692 [mux.c]
693 fix bz#1948: ssh -f doesn't fork for multiplexed connection.
694 ok dtucker@
Damien Millerd0e582c2011-12-19 10:51:39 +1100695 - djm@cvs.openbsd.org 2011/12/02 00:43:57
696 [mac.c]
697 fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before
698 HMAC_init (this change in policy seems insane to me)
699 ok dtucker@
Damien Miller913ddff2011-12-19 10:52:21 +1100700 - djm@cvs.openbsd.org 2011/12/04 23:16:12
701 [mux.c]
702 revert:
703 > revision 1.32
704 > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1
705 > fix bz#1948: ssh -f doesn't fork for multiplexed connection.
706 > ok dtucker@
707 it interacts badly with ControlPersist
Damien Miller8ed4de82011-12-19 10:52:50 +1100708 - djm@cvs.openbsd.org 2011/12/07 05:44:38
709 [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c]
710 fix some harmless and/or unreachable int overflows;
711 reported Xi Wang, ok markus@
Damien Miller5360dff2011-12-19 10:51:11 +1100712
Damien Miller47d81152011-11-25 13:53:48 +110071320111125
714 - OpenBSD CVS Sync
715 - oga@cvs.openbsd.org 2011/11/16 12:24:28
716 [sftp.c]
717 Don't leak list in complete_cmd_parse if there are no commands found.
718 Discovered when I was ``borrowing'' this code for something else.
719 ok djm@
720
Darren Tucker4a725ef2011-11-21 16:38:48 +110072120111121
722 - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@
723
Darren Tucker45c66d72011-11-04 10:50:40 +110072420111104
725 - (dtucker) OpenBSD CVS Sync
726 - djm@cvs.openbsd.org 2011/10/18 05:15:28
727 [ssh.c]
728 ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@
Darren Tuckere68cf842011-11-04 10:51:51 +1100729 - djm@cvs.openbsd.org 2011/10/18 23:37:42
730 [ssh-add.c]
731 add -k to usage(); reminded by jmc@
Darren Tucker9ee09cf2011-11-04 10:52:43 +1100732 - djm@cvs.openbsd.org 2011/10/19 00:06:10
733 [moduli.c]
734 s/tmpfile/tmp/ to make this -Wshadow clean
Darren Tucker8a057952011-11-04 10:53:31 +1100735 - djm@cvs.openbsd.org 2011/10/19 10:39:48
736 [umac.c]
737 typo in comment; patch from Michael W. Bombardieri
Darren Tucker2d6665d2011-11-04 10:54:22 +1100738 - djm@cvs.openbsd.org 2011/10/24 02:10:46
739 [ssh.c]
740 bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh
741 was incorrectly requesting the forward in both the control master and
742 slave. skip requesting it in the master to fix. ok markus@
Darren Tucker9c5d5532011-11-04 10:55:24 +1100743 - djm@cvs.openbsd.org 2011/10/24 02:13:13
744 [session.c]
745 bz#1859: send tty break to pty master instead of (probably already
746 closed) slave side; "looks good" markus@
Darren Tuckerbe4032b2011-11-04 11:16:06 +1100747 - dtucker@cvs.openbsd.org 011/11/04 00:09:39
748 [moduli]
749 regenerated moduli file; ok deraadt
Darren Tuckeraa3cbd12011-11-04 11:25:24 +1100750 - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in
751 openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c]
752 bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library
753 which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr)
754 with some rework from myself and djm. ok djm.
Darren Tucker45c66d72011-11-04 10:50:40 +1100755
Darren Tucker9f157ab2011-10-25 09:37:57 +110075620111025
757 - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file
758 fails. Patch from Corinna Vinschen.
759
Damien Millerd3e69902011-10-18 16:04:57 +110076020111018
761 - (djm) OpenBSD CVS Sync
762 - djm@cvs.openbsd.org 2011/10/04 14:17:32
763 [sftp-glob.c]
764 silence error spam for "ls */foo" in directory with files; bz#1683
Damien Miller390d0562011-10-18 16:05:19 +1100765 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
766 [moduli.c ssh-keygen.1 ssh-keygen.c]
767 Add optional checkpoints for moduli screening. feedback & ok deraadt
Damien Miller927d82b2011-10-18 16:05:38 +1100768 - jmc@cvs.openbsd.org 2011/10/16 15:02:41
769 [ssh-keygen.c]
770 put -K in the right place (usage());
Damien Miller91f3eae2011-10-18 16:05:55 +1100771 - stsp@cvs.openbsd.org 2011/10/16 15:51:39
772 [moduli.c]
773 add missing includes to unbreak tree; fix from rpointel
Damien Millerc51a5ab2011-10-18 16:06:14 +1100774 - djm@cvs.openbsd.org 2011/10/18 04:58:26
775 [auth-options.c key.c]
776 remove explict search for \0 in packet strings, this job is now done
777 implicitly by buffer_get_cstring; ok markus
Damien Miller8f4279e2011-10-18 16:06:33 +1100778 - djm@cvs.openbsd.org 2011/10/18 05:00:48
779 [ssh-add.1 ssh-add.c]
780 new "ssh-add -k" option to load plain keys (skipping certificates);
781 "looks ok" markus@
Damien Millerd3e69902011-10-18 16:04:57 +1100782
78320111001
Darren Tucker036876c2011-10-01 18:46:12 +1000784 - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm
Darren Tucker1338b9e2011-10-02 18:57:35 +1100785 - (dtucker) OpenBSD CVS Sync
786 - dtucker@cvs.openbsd.org 2011/09/23 00:22:04
787 [channels.c auth-options.c servconf.c channels.h sshd.8]
788 Add wildcard support to PermitOpen, allowing things like "PermitOpen
789 localhost:*". bz #1857, ok djm markus.
Darren Tucker68afb8c2011-10-02 18:59:03 +1100790 - markus@cvs.openbsd.org 2011/09/23 07:45:05
791 [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c
792 version.h]
793 unbreak remote portforwarding with dynamic allocated listen ports:
794 1) send the actual listen port in the open message (instead of 0).
795 this allows multiple forwardings with a dynamic listen port
796 2) update the matching permit-open entry, so we can identify where
797 to connect to
798 report: den at skbkontur.ru and P. Szczygielski
799 feedback and ok djm@
Darren Tuckeraf1a60e2011-10-02 18:59:59 +1100800 - djm@cvs.openbsd.org 2011/09/25 05:44:47
801 [auth2-pubkey.c]
802 improve the AuthorizedPrincipalsFile debug log message to include
803 file and line number
Darren Tucker95125e52011-10-02 19:09:07 +1100804 - dtucker@cvs.openbsd.org 2011/09/30 00:47:37
805 [sshd.c]
806 don't attempt privsep cleanup when not using privsep; ok markus@
Darren Tucker2e135602011-10-02 19:10:13 +1100807 - djm@cvs.openbsd.org 2011/09/30 21:22:49
808 [sshd.c]
809 fix inverted test that caused logspam; spotted by henning@
Darren Tucker036876c2011-10-01 18:46:12 +1000810
Damien Miller5ffe1c42011-09-29 11:11:51 +100081120110929
812 - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch
813 from des AT des.no
Darren Tuckerb54f50e2011-09-29 23:17:18 +1000814 - (dtucker) [configure.ac openbsd-compat/Makefile.in
815 openbsd-compat/strnlen.c] Add strnlen to the compat library.
Damien Miller5ffe1c42011-09-29 11:11:51 +1000816
Damien Milleradd1e202011-09-23 10:38:01 +100081720110923
Damien Milleracdf3fb2011-09-23 10:40:50 +1000818 - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no
819 longer want to sync this file (OpenBSD uses a __getcwd syscall now, we
820 want this longhand version)
Damien Millercd927902011-09-23 10:44:03 +1000821 - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the
822 upstream version is YPified and we don't want this
Damien Miller48886712011-09-23 10:56:29 +1000823 - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version.
824 The file was totally rewritten between what we had in tree and -current.
Damien Miller64efe962011-09-23 11:13:00 +1000825 - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid
826 marker. The upstream API has changed (function and structure names)
827 enough to put it out of sync with other providers of this interface.
Damien Millerd1a74582011-09-23 11:26:34 +1000828 - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion
829 of static __findenv() function from upstream setenv.c
Damien Milleradd1e202011-09-23 10:38:01 +1000830 - OpenBSD CVS Sync
831 - millert@cvs.openbsd.org 2006/05/05 15:27:38
Damien Milleracdf3fb2011-09-23 10:40:50 +1000832 [openbsd-compat/strlcpy.c]
Damien Milleradd1e202011-09-23 10:38:01 +1000833 Convert do {} while loop -> while {} for clarity. No binary change
834 on most architectures. From Oliver Smith. OK deraadt@ and henning@
Damien Miller834e8202011-09-23 10:42:02 +1000835 - tobias@cvs.openbsd.org 2007/10/21 11:09:30
Damien Miller3e6fe872011-09-23 11:16:09 +1000836 [openbsd-compat/mktemp.c]
Damien Miller834e8202011-09-23 10:42:02 +1000837 Comment fix about time consumption of _gettemp.
838 FreeBSD did this in revision 1.20.
839 OK deraadt@, krw@
Damien Millerdc0e09b2011-09-23 10:46:48 +1000840 - deraadt@cvs.openbsd.org 2008/07/22 21:47:45
Damien Miller3e6fe872011-09-23 11:16:09 +1000841 [openbsd-compat/mktemp.c]
Damien Millerdc0e09b2011-09-23 10:46:48 +1000842 use arc4random_uniform(); ok djm millert
Damien Miller3a359b32011-09-23 10:47:29 +1000843 - millert@cvs.openbsd.org 2008/08/21 16:54:44
Damien Miller3e6fe872011-09-23 11:16:09 +1000844 [openbsd-compat/mktemp.c]
Damien Miller3a359b32011-09-23 10:47:29 +1000845 Remove useless code, the kernel will set errno appropriately if an
846 element in the path does not exist. OK deraadt@ pvalchev@
Damien Miller3e6fe872011-09-23 11:16:09 +1000847 - otto@cvs.openbsd.org 2008/12/09 19:38:38
848 [openbsd-compat/inet_ntop.c]
849 fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon
Damien Milleradd1e202011-09-23 10:38:01 +1000850
Damien Millere01a6272011-09-22 21:20:21 +100085120110922
852 - OpenBSD CVS Sync
853 - pyr@cvs.openbsd.org 2011/05/12 07:15:10
854 [openbsd-compat/glob.c]
855 When the max number of items for a directory has reached GLOB_LIMIT_READDIR
856 an error is returned but closedir() is not called.
857 spotted and fix provided by Frank Denis obsd-tech@pureftpd.org
858 ok otto@, millert@
Damien Millerc4bf7dd2011-09-22 21:21:48 +1000859 - stsp@cvs.openbsd.org 2011/09/20 10:18:46
860 [glob.c]
861 In glob(3), limit recursion during matching attempts. Similar to
862 fnmatch fix. Also collapse consecutive '*' (from NetBSD).
863 ok miod deraadt
Damien Millere128a502011-09-22 21:22:21 +1000864 - djm@cvs.openbsd.org 2011/09/22 06:27:29
865 [glob.c]
866 fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being
867 applied only to the gl_pathv vector and not the corresponding gl_statv
868 array. reported in OpenSSH bz#1935; feedback and okay matthew@
Damien Millerefad7272011-09-22 21:33:53 +1000869 - djm@cvs.openbsd.org 2011/08/26 01:45:15
870 [ssh.1]
871 Add some missing ssh_config(5) options that can be used in ssh(1)'s
872 -o argument. Patch from duclare AT guu.fi
Damien Millere5777722011-09-22 21:34:15 +1000873 - djm@cvs.openbsd.org 2011/09/05 05:56:13
874 [scp.1 sftp.1]
875 mention ControlPersist and KbdInteractiveAuthentication in the -o
876 verbiage in these pages too (prompted by jmc@)
Damien Miller2918e032011-09-22 21:34:35 +1000877 - djm@cvs.openbsd.org 2011/09/05 05:59:08
878 [misc.c]
879 fix typo in IPQoS parsing: there is no "AF14" class, but there is
880 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
Damien Millere0296732011-09-22 21:34:56 +1000881 - jmc@cvs.openbsd.org 2011/09/05 07:01:44
882 [scp.1]
883 knock out a useless Ns;
Damien Miller6232a162011-09-22 21:36:00 +1000884 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
885 [ssh-keygen.1]
886 typo (they vs the) found by Lawrence Teo
Damien Millerf6e758c2011-09-22 21:37:13 +1000887 - djm@cvs.openbsd.org 2011/09/09 00:43:00
888 [ssh_config.5 sshd_config.5]
889 fix typo in IPQoS parsing: there is no "AF14" class, but there is
890 an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk
Damien Miller4cb855b2011-09-22 21:37:38 +1000891 - djm@cvs.openbsd.org 2011/09/09 00:44:07
892 [PROTOCOL.mux]
893 MUX_C_CLOSE_FWD includes forward type in message (though it isn't
894 implemented anyway)
Damien Miller0603d982011-09-22 21:38:00 +1000895 - djm@cvs.openbsd.org 2011/09/09 22:37:01
896 [scp.c]
897 suppress adding '--' to remote commandlines when the first argument
898 does not start with '-'. saves breakage on some difficult-to-upgrade
899 embedded/router platforms; feedback & ok dtucker ok markus
Damien Miller9ee2c602011-09-22 21:38:30 +1000900 - djm@cvs.openbsd.org 2011/09/09 22:38:21
901 [sshd.c]
902 kill the preauth privsep child on fatal errors in the monitor;
903 ok markus@
Damien Millerf6dff7c2011-09-22 21:38:52 +1000904 - djm@cvs.openbsd.org 2011/09/09 22:46:44
905 [channels.c channels.h clientloop.h mux.c ssh.c]
906 support for cancelling local and remote port forwards via the multiplex
907 socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request
908 the cancellation of the specified forwardings; ok markus@
Damien Millerff773642011-09-22 21:39:48 +1000909 - markus@cvs.openbsd.org 2011/09/10 22:26:34
910 [channels.c channels.h clientloop.c ssh.1]
911 support cancellation of local/dynamic forwardings from ~C commandline;
912 ok & feedback djm@
Damien Miller1bcbd0a2011-09-22 21:40:45 +1000913 - okan@cvs.openbsd.org 2011/09/11 06:59:05
914 [ssh.1]
915 document new -O cancel command; ok djm@
Damien Miller3decdba2011-09-22 21:41:05 +1000916 - markus@cvs.openbsd.org 2011/09/11 16:07:26
917 [sftp-client.c]
918 fix leaks in do_hardlink() and do_readlink(); bz#1921
919 from Loganaden Velvindron
Damien Miller57c38ac2011-09-22 21:42:45 +1000920 - markus@cvs.openbsd.org 2011/09/12 08:46:15
921 [sftp-client.c]
922 fix leak in do_lsreaddir(); ok djm
Damien Millerd7be70d2011-09-22 21:43:06 +1000923 - djm@cvs.openbsd.org 2011/09/22 06:29:03
924 [sftp.c]
925 don't let remote_glob() implicitly sort its results in do_globbed_ls() -
926 in all likelihood, they will be resorted anyway
Damien Millere01a6272011-09-22 21:20:21 +1000927
Darren Tuckere8a82c52011-09-09 11:29:40 +100092820110909
929 - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From
930 Colin Watson.
931
Damien Millerfb9d8172011-09-07 09:11:53 +100093220110906
933 - (djm) [README version.h] Correct version
Damien Miller022ee242011-09-07 09:15:02 +1000934 - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon
935 - (djm) Respin OpenSSH-5.9p1 release
Damien Millerfb9d8172011-09-07 09:11:53 +1000936
Damien Miller86dcd3e2011-09-05 10:29:04 +100093720110905
938 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
939 [contrib/suse/openssh.spec] Update version numbers.
940
Damien Miller6efd94f2011-09-04 19:04:16 +100094120110904
942 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
943 regress errors for the sandbox to warnings. ok tim dtucker
Darren Tucker0dd24e02011-09-04 19:59:26 +1000944 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementations
Damien Miller86dcd3e2011-09-05 10:29:04 +1000945 ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen
946 support.
Damien Miller6efd94f2011-09-04 19:04:16 +1000947
Damien Miller58ac11a2011-08-29 16:09:52 +100094820110829
949 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attempting
950 to switch SELinux context away from unconfined_t, based on patch from
951 Jan Chadima; bz#1919 ok dtucker@
952
Darren Tucker44383542011-08-28 04:50:16 +100095320110827
954 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.
955
Tim Ricea6e60612011-08-17 21:48:22 -070095620110818
957 - (tim) [configure.ac] Typo in error message spotted by Andy Tsouladze
958
Tim Ricea1226822011-08-16 17:29:01 -070095920110817
960 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
961 OpenSSL 0.9.7. ok djm
Damien Miller9c083122011-08-17 11:31:07 +1000962 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]
963 binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
Damien Miller1a91c0f2011-08-17 11:59:25 +1000964 - (djm) [configure.ac] error out if the host lacks the necessary bits for
965 an explicitly requested sandbox type
Damien Miller44a6c932011-08-17 12:01:44 +1000966 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted by
967 bisson AT archlinux.org
Damien Miller9231c8b2011-08-17 12:08:15 +1000968 - (djm) OpenBSD CVS Sync
969 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10
970 [regress/cfgmatch.sh]
971 use OBJ to find test configs, patch from Tim Rice
Damien Millerfaf4d802011-08-17 12:09:19 +1000972 - markus@cvs.openbsd.org 2011/06/30 22:44:43
973 [regress/connect-privsep.sh]
974 test with sandbox enabled; ok djm@
Damien Miller062fa302011-08-17 12:10:02 +1000975 - djm@cvs.openbsd.org 2011/08/02 01:23:41
976 [regress/cipher-speed.sh regress/try-ciphers.sh]
977 add SHA256/SHA512 based HMAC modes
Damien Miller2df1bec2011-08-17 12:25:46 +1000978 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2
979 MAC tests for platforms that hack EVP_SHA2 support
Tim Ricea1226822011-08-16 17:29:01 -0700980
Darren Tucker4d47ec92011-08-12 10:12:53 +100098120110812
982 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
983 change error by reporting old and new context names Patch from
984 jchadima at redhat.
Damien Miller2db99772011-08-12 11:02:35 +1000985 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]
986 [contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES
Damien Millerd1eb1dd2011-08-12 11:22:47 +1000987 init scrips from imorgan AT nas.nasa.gov; bz#1920
988 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to the
989 identify file contained whitespace. bz#1828 patch from gwenael.lambrouin
990 AT gmail.com; ok dtucker@
Darren Tucker4d47ec92011-08-12 10:12:53 +1000991
Darren Tucker578451d2011-08-07 23:09:20 +100099220110807
993 - (dtucker) OpenBSD CVS Sync
994 - jmc@cvs.openbsd.org 2008/06/26 06:59:39
995 [moduli.5]
996 tweak previous;
Darren Tuckerf2794742011-08-07 23:10:11 +1000997 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54
998 [moduli.5]
999 "Diffie-Hellman" is the usual spelling for the cryptographic protocol
1000 first published by Whitfield Diffie and Martin Hellman in 1976.
1001 ok jmc@
Darren Tucker91e6b572011-08-07 23:10:56 +10001002 - jmc@cvs.openbsd.org 2010/10/14 20:41:28
1003 [moduli.5]
1004 probabalistic -> probabilistic; from naddy
Darren Tuckerddccfb42011-08-07 23:12:26 +10001005 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30
1006 [sftp.1]
1007 typo, fix from Laurent Gautrot
Darren Tucker578451d2011-08-07 23:09:20 +10001008
Damien Miller7741ce82011-08-06 06:15:15 +1000100920110805
1010 - OpenBSD CVS Sync
1011 - djm@cvs.openbsd.org 2011/06/23 23:35:42
1012 [monitor.c]
1013 ignore EINTR errors from poll()
Damien Miller6ea5e442011-08-06 06:16:00 +10001014 - tedu@cvs.openbsd.org 2011/07/06 18:09:21
1015 [authfd.c]
1016 bzero the agent address. the kernel was for a while very cranky about
1017 these things. evne though that's fixed, always good to initialize
1018 memory. ok deraadt djm
Damien Miller35e48192011-08-06 06:16:23 +10001019 - djm@cvs.openbsd.org 2011/07/29 14:42:45
1020 [sandbox-systrace.c]
1021 fail open(2) with EPERM rather than SIGKILLing the whole process. libc
1022 will call open() to do strerror() when NLS is enabled;
1023 feedback and ok markus@
Damien Milleradb467f2011-08-06 06:16:46 +10001024 - markus@cvs.openbsd.org 2011/08/01 19:18:15
1025 [gss-serv.c]
1026 prevent post-auth resource exhaustion (int overflow leading to 4GB malloc);
1027 report Adam Zabrock; ok djm@, deraadt@
Damien Miller20bd4532011-08-06 06:17:30 +10001028 - djm@cvs.openbsd.org 2011/08/02 01:22:11
1029 [mac.c myproposal.h ssh.1 ssh_config.5 sshd.8 sshd_config.5]
1030 Add new SHA256 and SHA512 based HMAC modes from
1031 http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
1032 Patch from mdb AT juniper.net; feedback and ok markus@
Damien Millerc4718602011-08-06 06:17:48 +10001033 - djm@cvs.openbsd.org 2011/08/02 23:13:01
1034 [version.h]
1035 crank now, release later
Damien Miller765f8c42011-08-06 06:18:16 +10001036 - djm@cvs.openbsd.org 2011/08/02 23:15:03
1037 [ssh.c]
1038 typo in comment
Damien Miller7741ce82011-08-06 06:15:15 +10001039
Damien Millercd5e52e2011-06-27 07:18:18 +1000104020110624
1041 - (djm) [configure.ac Makefile.in sandbox-darwin.c] Add a sandbox for
1042 Darwin/OS X using sandbox_init() + setrlimit(); feedback and testing
1043 markus@
1044
Damien Miller82c55872011-06-23 08:20:30 +1000104520110623
1046 - OpenBSD CVS Sync
1047 - djm@cvs.openbsd.org 2011/06/22 21:47:28
1048 [servconf.c]
1049 reuse the multistate option arrays to pretty-print options for "sshd -T"
Damien Miller69ff1df2011-06-23 08:30:03 +10001050 - djm@cvs.openbsd.org 2011/06/22 21:57:01
1051 [servconf.c servconf.h sshd.c sshd_config.5]
1052 [configure.ac Makefile.in]
1053 introduce sandboxing of the pre-auth privsep child using systrace(4).
1054
1055 This introduces a new "UsePrivilegeSeparation=sandbox" option for
1056 sshd_config that applies mandatory restrictions on the syscalls the
1057 privsep child can perform. This prevents a compromised privsep child
1058 from being used to attack other hosts (by opening sockets and proxying)
1059 or probing local kernel attack surface.
1060
1061 The sandbox is implemented using systrace(4) in unsupervised "fast-path"
1062 mode, where a list of permitted syscalls is supplied. Any syscall not
1063 on the list results in SIGKILL being sent to the privsep child. Note
1064 that this requires a kernel with the new SYSTR_POLICY_KILL option.
1065
1066 UsePrivilegeSeparation=sandbox will become the default in the future
1067 so please start testing it now.
1068
1069 feedback dtucker@; ok markus@
Damien Miller6d7b4372011-06-23 08:31:57 +10001070 - djm@cvs.openbsd.org 2011/06/22 22:08:42
1071 [channels.c channels.h clientloop.c clientloop.h mux.c ssh.c]
1072 hook up a channel confirm callback to warn the user then requested X11
1073 forwarding was refused by the server; ok markus@
Damien Millerdcbd41e2011-06-23 19:45:51 +10001074 - djm@cvs.openbsd.org 2011/06/23 09:34:13
1075 [sshd.c ssh-sandbox.h sandbox.h sandbox-rlimit.c sandbox-systrace.c]
1076 [sandbox-null.c]
1077 rename sandbox.h => ssh-sandbox.h to make things easier for portable
Damien Miller80b62e32011-06-23 19:03:18 +10001078 - (djm) [sandbox-null.c] Dummy sandbox for platforms that don't support
1079 setrlimit(2)
Damien Miller82c55872011-06-23 08:20:30 +10001080
Damien Miller6029e072011-06-20 14:22:49 +1000108120110620
1082 - OpenBSD CVS Sync
1083 - djm@cvs.openbsd.org 2011/06/04 00:10:26
1084 [ssh_config.5]
1085 explain IdentifyFile's semantics a little better, prompted by bz#1898
1086 ok dtucker jmc
Damien Millere7ac2bd2011-06-20 14:23:25 +10001087 - markus@cvs.openbsd.org 2011/06/14 22:49:18
1088 [authfile.c]
1089 make sure key_parse_public/private_rsa1() no longer consumes its input
1090 buffer. fixes ssh-add for passphrase-protected ssh1-keys;
1091 noted by naddy@; ok djm@
Damien Miller8f0bf232011-06-20 14:42:23 +10001092 - djm@cvs.openbsd.org 2011/06/17 21:44:31
1093 [log.c log.h monitor.c monitor.h monitor_wrap.c monitor_wrap.h sshd.c]
1094 make the pre-auth privsep slave log via a socketpair shared with the
1095 monitor rather than /var/empty/dev/log; ok dtucker@ deraadt@ markus@
Damien Millerf145a5b2011-06-20 14:42:51 +10001096 - djm@cvs.openbsd.org 2011/06/17 21:46:16
1097 [sftp-server.c]
1098 the protocol version should be unsigned; bz#1913 reported by mb AT
1099 smartftp.com
Damien Miller33322122011-06-20 14:43:11 +10001100 - djm@cvs.openbsd.org 2011/06/17 21:47:35
1101 [servconf.c]
1102 factor out multi-choice option parsing into a parse_multistate label
1103 and some support structures; ok dtucker@
Damien Miller4ac99c32011-06-20 14:43:31 +10001104 - djm@cvs.openbsd.org 2011/06/17 21:57:25
1105 [clientloop.c]
1106 setproctitle for a mux master that has been gracefully stopped;
1107 bz#1911 from Bert.Wesarg AT googlemail.com
Damien Miller6029e072011-06-20 14:22:49 +10001108
Darren Tuckerc412c152011-06-03 10:35:23 +1000110920110603
1110 - (dtucker) [README version.h contrib/caldera/openssh.spec
1111 contrib/redhat/openssh.spec contrib/suse/openssh.spec] Pull the version
1112 bumps from the 5.8p2 branch into HEAD. ok djm.
Tim Rice90f42b02011-06-02 18:17:49 -07001113 - (tim) [configure.ac defines.h] Run test program to detect system mail
1114 directory. Add --with-maildir option to override. Fixed OpenServer 6
1115 getting it wrong. Fixed many systems having MAIL=/var/mail//username
1116 ok dtucker
Darren Tuckerc3c72272011-06-03 11:20:06 +10001117 - (dtucker) [monitor.c] Remove the !HAVE_SOCKETPAIR case. We use socketpair
1118 unconditionally in other places and the survey data we have does not show
1119 any systems that use it. "nuke it" djm@
Damien Millerc09182f2011-06-03 12:11:38 +10001120 - (djm) [configure.ac] enable setproctitle emulation for OS X
1121 - (djm) OpenBSD CVS Sync
Damien Millerea2c1a42011-06-03 12:10:22 +10001122 - djm@cvs.openbsd.org 2011/06/03 00:54:38
1123 [ssh.c]
1124 bz#1883 - setproctitle() to identify mux master; patch from Bert.Wesarg
1125 AT googlemail.com; ok dtucker@
1126 NB. includes additional portability code to enable setproctitle emulation
1127 on platforms that don't support it.
Darren Tucker3e78a512011-06-03 14:14:16 +10001128 - dtucker@cvs.openbsd.org 2011/06/03 01:37:40
1129 [ssh-agent.c]
1130 Check current parent process ID against saved one to determine if the parent
1131 has exited, rather than attempting to send a zero signal, since the latter
1132 won't work if the parent has changed privs. bz#1905, patch from Daniel Kahn
1133 Gillmor, ok djm@
Darren Tucker260c8fb2011-06-03 14:17:27 +10001134 - dtucker@cvs.openbsd.org 2011/05/31 02:01:58
1135 [regress/dynamic-forward.sh]
1136 back out revs 1.6 and 1.5 since it's not reliable
Darren Tucker75e035c2011-06-03 14:18:17 +10001137 - dtucker@cvs.openbsd.org 2011/05/31 02:03:34
1138 [regress/dynamic-forward.sh]
1139 work around startup and teardown races; caught by deraadt
Darren Tuckerbf4d05a2011-06-03 14:19:02 +10001140 - dtucker@cvs.openbsd.org 2011/06/03 00:29:52
1141 [regress/dynamic-forward.sh]
1142 Retry establishing the port forwarding after a small delay, should make
1143 the tests less flaky when the previous test is slow to shut down and free
1144 up the port.
Tim Ricebc481572011-06-02 22:26:19 -07001145 - (tim) [regress/cfgmatch.sh] Build/test out of tree fix.
Darren Tuckerc412c152011-06-03 10:35:23 +10001146
Damien Millerd8478b62011-05-29 21:39:36 +1000114720110529
1148 - (djm) OpenBSD CVS Sync
1149 - djm@cvs.openbsd.org 2011/05/23 03:30:07
1150 [auth-rsa.c auth.c auth.h auth2-pubkey.c monitor.c monitor_wrap.c]
1151 [pathnames.h servconf.c servconf.h sshd.8 sshd_config sshd_config.5]
1152 allow AuthorizedKeysFile to specify multiple files, separated by spaces.
1153 Bring back authorized_keys2 as a default search path (to avoid breaking
1154 existing users of this file), but override this in sshd_config so it will
1155 be no longer used on fresh installs. Maybe in 2015 we can remove it
1156 entierly :)
1157
1158 feedback and ok markus@ dtucker@
Damien Miller1dd66e52011-05-29 21:40:42 +10001159 - djm@cvs.openbsd.org 2011/05/23 03:33:38
1160 [auth.c]
1161 make secure_filename() spam debug logs less
Damien Miller201f4252011-05-29 21:41:03 +10001162 - djm@cvs.openbsd.org 2011/05/23 03:52:55
1163 [sshconnect.c]
1164 remove extra newline
Damien Millerb9132fc2011-05-29 21:41:40 +10001165 - jmc@cvs.openbsd.org 2011/05/23 07:10:21
1166 [sshd.8 sshd_config.5]
1167 tweak previous; ok djm
Damien Miller04bb56e2011-05-29 21:42:08 +10001168 - djm@cvs.openbsd.org 2011/05/23 07:24:57
1169 [authfile.c]
1170 read in key comments for v.2 keys (though note that these are not
1171 passed over the agent protocol); bz#439, based on patch from binder
1172 AT arago.de; ok markus@
Damien Miller295ee632011-05-29 21:42:31 +10001173 - djm@cvs.openbsd.org 2011/05/24 07:15:47
1174 [readconf.c readconf.h ssh.c ssh_config.5 sshconnect.c sshconnect2.c]
1175 Remove undocumented legacy options UserKnownHostsFile2 and
1176 GlobalKnownHostsFile2 by making UserKnownHostsFile/GlobalKnownHostsFile
1177 accept multiple paths per line and making their defaults include
1178 known_hosts2; ok markus
Damien Miller8cb35872011-05-29 21:59:10 +10001179 - djm@cvs.openbsd.org 2011/05/23 03:31:31
1180 [regress/cfgmatch.sh]
1181 include testing of multiple/overridden AuthorizedKeysFiles
1182 refactor to simply daemon start/stop and get rid of racy constructs
Damien Millerd8478b62011-05-29 21:39:36 +10001183
Damien Miller14684a12011-05-20 11:23:07 +1000118420110520
1185 - (djm) [session.c] call setexeccon() before executing passwd for pw
1186 changes; bz#1891 reported by jchadima AT redhat.com; ok dtucker@
Damien Miller989bb7f2011-05-20 18:56:30 +10001187 - (djm) [aclocal.m4 configure.ac] since gcc-4.x ignores all -Wno-options
1188 options, we should corresponding -W-option when trying to determine
1189 whether it is accepted. Also includes a warning fix on the program
1190 fragment uses (bad main() return type).
1191 bz#1900 and bz#1901 reported by g.esp AT free.fr; ok dtucker@
Damien Millerec2eaa32011-05-20 18:57:14 +10001192 - (djm) [servconf.c] remove leftover droppings of AuthorizedKeysFile2
Damien Miller814ace02011-05-20 19:02:47 +10001193 - OpenBSD CVS Sync
1194 - djm@cvs.openbsd.org 2011/05/15 08:09:01
1195 [authfd.c monitor.c serverloop.c]
1196 use FD_CLOEXEC consistently; patch from zion AT x96.org
Damien Miller8f639fe2011-05-20 19:03:08 +10001197 - djm@cvs.openbsd.org 2011/05/17 07:13:31
1198 [key.c]
1199 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1200 and fix the regress test that was trying to generate them :)
Damien Miller5d74e582011-05-20 19:03:31 +10001201 - djm@cvs.openbsd.org 2011/05/20 00:55:02
1202 [servconf.c]
1203 the options TrustedUserCAKeys, RevokedKeysFile, AuthorizedKeysFile
1204 and AuthorizedPrincipalsFile were not being correctly applied in
1205 Match blocks, despite being overridable there; ok dtucker@
Damien Millerc2411902011-05-20 19:03:49 +10001206 - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
1207 [servconf.c]
1208 Add comment documenting what should be after the preauth check. ok djm
Damien Millerf2e407e2011-05-20 19:04:14 +10001209 - djm@cvs.openbsd.org 2011/05/20 03:25:45
1210 [monitor.c monitor_wrap.c servconf.c servconf.h]
1211 use a macro to define which string options to copy between configs
1212 for Match. This avoids problems caused by forgetting to keep three
1213 code locations in perfect sync and ordering
1214
1215 "this is at once beautiful and horrible" + ok dtucker@
Damien Millerf67188f2011-05-20 19:06:48 +10001216 - djm@cvs.openbsd.org 2011/05/17 07:13:31
1217 [regress/cert-userkey.sh]
1218 fatal() if asked to generate a legacy ECDSA cert (these don't exist)
1219 and fix the regress test that was trying to generate them :)
Damien Miller3045b452011-05-20 19:07:45 +10001220 - djm@cvs.openbsd.org 2011/05/20 02:43:36
1221 [cert-hostkey.sh]
1222 another attempt to generate a v00 ECDSA key that broke the test
1223 ID sync only - portable already had this somehow
Damien Miller7b9451f2011-05-20 19:08:11 +10001224 - dtucker@cvs.openbsd.org 2011/05/20 05:19:50
1225 [dynamic-forward.sh]
1226 Prevent races in dynamic forwarding test; ok djm
Damien Milleracacced2011-05-20 19:08:40 +10001227 - dtucker@cvs.openbsd.org 2011/05/20 06:32:30
1228 [dynamic-forward.sh]
1229 fix dumb error in dynamic-forward test
Damien Miller14684a12011-05-20 11:23:07 +10001230
Damien Miller60432d82011-05-15 08:34:46 +1000123120110515
1232 - (djm) OpenBSD CVS Sync
1233 - djm@cvs.openbsd.org 2011/05/05 05:12:08
1234 [mux.c]
1235 gracefully fall back when ControlPath is too large for a
1236 sockaddr_un. ok markus@ as part of a larger diff
Damien Millerfd53abd2011-05-15 08:36:02 +10001237 - dtucker@cvs.openbsd.org 2011/05/06 01:03:35
1238 [sshd_config]
1239 clarify language about overriding defaults. bz#1892, from Petr Cerny
Damien Miller58a77e22011-05-15 08:36:29 +10001240 - djm@cvs.openbsd.org 2011/05/06 01:09:53
1241 [sftp.1]
1242 mention that IPv6 addresses must be enclosed in square brackets;
1243 bz#1845
Damien Miller78c40c32011-05-15 08:36:59 +10001244 - djm@cvs.openbsd.org 2011/05/06 02:05:41
1245 [sshconnect2.c]
1246 fix memory leak; bz#1849 ok dtucker@
Damien Millerd2ac5d72011-05-15 08:43:13 +10001247 - djm@cvs.openbsd.org 2011/05/06 21:14:05
1248 [packet.c packet.h]
1249 set traffic class for IPv6 traffic as we do for IPv4 TOS;
1250 patch from lionel AT mamane.lu via Colin Watson in bz#1855;
1251 ok markus@
Damien Millerdfc85fa2011-05-15 08:44:02 +10001252 - djm@cvs.openbsd.org 2011/05/06 21:18:02
1253 [ssh.c ssh_config.5]
1254 add a %L expansion (short-form of the local host name) for ControlPath;
1255 sync some more expansions with LocalCommand; ok markus@
Damien Millerfe924212011-05-15 08:44:45 +10001256 - djm@cvs.openbsd.org 2011/05/06 21:31:38
1257 [readconf.c ssh_config.5]
1258 support negated Host matching, e.g.
1259
1260 Host *.example.org !c.example.org
1261 User mekmitasdigoat
1262
1263 Will match "a.example.org", "b.example.org", but not "c.example.org"
1264 ok markus@
Damien Miller21771e22011-05-15 08:45:50 +10001265 - djm@cvs.openbsd.org 2011/05/06 21:34:32
1266 [clientloop.c mux.c readconf.c readconf.h ssh.c ssh_config.5]
1267 Add a RequestTTY ssh_config option to allow configuration-based
1268 control over tty allocation (like -t/-T); ok markus@
Damien Millera6bbbe42011-05-15 08:46:29 +10001269 - djm@cvs.openbsd.org 2011/05/06 21:38:58
1270 [ssh.c]
1271 fix dropping from previous diff
Damien Millerc067f622011-05-15 08:46:54 +10001272 - djm@cvs.openbsd.org 2011/05/06 22:20:10
1273 [PROTOCOL.mux]
1274 fix numbering; from bert.wesarg AT googlemail.com
Damien Miller486dd2e2011-05-15 08:47:18 +10001275 - jmc@cvs.openbsd.org 2011/05/07 23:19:39
1276 [ssh_config.5]
1277 - tweak previous
1278 - come consistency fixes
1279 ok djm
Damien Millerf4b32aa2011-05-15 08:47:43 +10001280 - jmc@cvs.openbsd.org 2011/05/07 23:20:25
1281 [ssh.1]
1282 +.It RequestTTY
Damien Miller555f3b82011-05-15 08:48:05 +10001283 - djm@cvs.openbsd.org 2011/05/08 12:52:01
1284 [PROTOCOL.mux clientloop.c clientloop.h mux.c]
1285 improve our behaviour when TTY allocation fails: if we are in
1286 RequestTTY=auto mode (the default), then do not treat at TTY
1287 allocation error as fatal but rather just restore the local TTY
1288 to cooked mode and continue. This is more graceful on devices that
1289 never allocate TTYs.
1290
1291 If RequestTTY is set to "yes" or "force", then failure to allocate
1292 a TTY is fatal.
1293
1294 ok markus@
Damien Miller32198242011-05-15 08:50:32 +10001295 - djm@cvs.openbsd.org 2011/05/10 05:46:46
1296 [authfile.c]
1297 despam debug() logs by detecting that we are trying to load a private key
1298 in key_try_load_public() and returning early; ok markus@
Damien Miller7c1b2c42011-05-15 08:51:05 +10001299 - djm@cvs.openbsd.org 2011/05/11 04:47:06
1300 [auth.c auth.h auth2-pubkey.c pathnames.h servconf.c servconf.h]
1301 remove support for authorized_keys2; it is a relic from the early days
1302 of protocol v.2 support and has been undocumented for many years;
1303 ok markus@
Damien Miller9d276b82011-05-15 08:51:43 +10001304 - djm@cvs.openbsd.org 2011/05/13 00:05:36
1305 [authfile.c]
1306 warn on unexpected key type in key_parse_private_type()
Damien Miller23f425b2011-05-15 08:58:15 +10001307 - (djm) [packet.c] unbreak portability #endif
Damien Miller60432d82011-05-15 08:34:46 +10001308
Darren Tuckerd6548fe2011-05-10 11:13:36 +1000130920110510
1310 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
1311 --with-ssl-engine which was broken with the change from deprecated
1312 SSLeay_add_all_algorithms(). ok djm
1313
Darren Tucker343f75f2011-05-06 10:43:50 +1000131420110506
1315 - (dtucker) [openbsd-compat/regress/closefromtest.c] Bug #1875: add prototype
1316 for closefrom() in test code. Report from Dan Wallis via Gentoo.
1317
Damien Miller68790fe2011-05-05 11:19:13 +1000131820110505
1319 - (djm) [defines.h] Move up include of netinet/ip.h for IPTOS
1320 definitions. From des AT des.no
Damien Millerf22019b2011-05-05 13:48:37 +10001321 - (djm) [Makefile.in WARNING.RNG aclocal.m4 buildpkg.sh.in configure.ac]
1322 [entropy.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c]
1323 [ssh-keysign.c ssh-pkcs11-helper.c ssh-rand-helper.8 ssh-rand-helper.c]
1324 [ssh.c ssh_prng_cmds.in sshd.c contrib/aix/buildbff.sh]
1325 [regress/README.regress] Remove ssh-rand-helper and all its
1326 tentacles. PRNGd seeding has been rolled into entropy.c directly.
1327 Thanks to tim@ for testing on affected platforms.
Damien Miller3fcdfd52011-05-05 14:04:11 +10001328 - OpenBSD CVS Sync
1329 - djm@cvs.openbsd.org 2011/03/10 02:52:57
Damien Millerb2da7d12011-05-05 14:04:50 +10001330 [auth2-gss.c auth2.c auth.h]
Damien Miller3fcdfd52011-05-05 14:04:11 +10001331 allow GSSAPI authentication to detect when a server-side failure causes
1332 authentication failure and don't count such failures against MaxAuthTries;
1333 bz#1244 from simon AT sxw.org.uk; ok markus@ before lock
Damien Millerc5219e72011-05-05 14:05:12 +10001334 - okan@cvs.openbsd.org 2011/03/15 10:36:02
1335 [ssh-keyscan.c]
1336 use timerclear macro
1337 ok djm@
Damien Miller58f1baf2011-05-05 14:06:15 +10001338 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22
1339 [ssh-keygen.1 ssh-keygen.c]
1340 Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa)
1341 for which host keys do not exist, generate the host keys with the
1342 default key file path, an empty passphrase, default bits for the key
1343 type, and default comment. This will be used by /etc/rc to generate
1344 new host keys. Idea from deraadt.
1345 ok deraadt
Damien Miller4a4d1612011-05-05 14:06:39 +10001346 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
1347 [ssh-keygen.1]
1348 -q not used in /etc/rc now so remove statement.
Damien Miller11143192011-05-05 14:13:25 +10001349 - stevesk@cvs.openbsd.org 2011/03/23 16:50:04
1350 [ssh-keygen.c]
1351 remove -d, documentation removed >10 years ago; ok markus
Damien Miller3ca1eb32011-05-05 14:13:50 +10001352 - jmc@cvs.openbsd.org 2011/03/24 15:29:30
1353 [ssh-keygen.1]
1354 zap trailing whitespace;
Damien Miller044f4a62011-05-05 14:14:08 +10001355 - stevesk@cvs.openbsd.org 2011/03/24 22:14:54
1356 [ssh-keygen.c]
1357 use strcasecmp() for "clear" cert permission option also; ok djm
Damien Miller91475862011-05-05 14:14:34 +10001358 - stevesk@cvs.openbsd.org 2011/03/29 18:54:17
1359 [misc.c misc.h servconf.c]
1360 print ipqos friendly string for sshd -T; ok markus
1361 # sshd -Tf sshd_config|grep ipqos
1362 ipqos lowdelay throughput
Damien Miller884b63a2011-05-05 14:14:52 +10001363 - djm@cvs.openbsd.org 2011/04/12 04:23:50
1364 [ssh-keygen.c]
1365 fix -Wshadow
Damien Miller26b57ce2011-05-05 14:15:09 +10001366 - djm@cvs.openbsd.org 2011/04/12 05:32:49
1367 [sshd.c]
1368 exit with 0 status on SIGTERM; bz#1879
Damien Miller085c90f2011-05-05 14:15:33 +10001369 - djm@cvs.openbsd.org 2011/04/13 04:02:48
1370 [ssh-keygen.1]
1371 improve wording; bz#1861
Damien Millerad210322011-05-05 14:15:54 +10001372 - djm@cvs.openbsd.org 2011/04/13 04:09:37
1373 [ssh-keygen.1]
1374 mention valid -b sizes for ECDSA keys; bz#1862
Damien Miller6c3eec72011-05-05 14:16:22 +10001375 - djm@cvs.openbsd.org 2011/04/17 22:42:42
1376 [PROTOCOL.mux clientloop.c clientloop.h mux.c ssh.1 ssh.c]
1377 allow graceful shutdown of multiplexing: request that a mux server
1378 removes its listener socket and refuse future multiplexing requests;
1379 ok markus@
Damien Miller8cb1cda2011-05-05 14:16:56 +10001380 - djm@cvs.openbsd.org 2011/04/18 00:46:05
1381 [ssh-keygen.c]
1382 certificate options are supposed to be packed in lexical order of
1383 option name (though we don't actually enforce this at present).
1384 Move one up that was out of sequence
Damien Miller2ce12ef2011-05-05 14:17:18 +10001385 - djm@cvs.openbsd.org 2011/05/04 21:15:29
1386 [authfile.c authfile.h ssh-add.c]
1387 allow "ssh-add - < key"; feedback and ok markus@
Tim Rice19d81812011-05-04 21:44:25 -07001388 - (tim) [configure.ac] Add AC_LANG_SOURCE to OPENSSH_CHECK_CFLAG_COMPILE
1389 so autoreconf 2.68 is happy.
Tim Rice9abb6972011-05-04 23:06:59 -07001390 - (tim) [defines.h] Deal with platforms that do not have S_IFSOCK ok djm@
Damien Miller68790fe2011-05-05 11:19:13 +10001391
Darren Tuckere541aaa2011-02-21 21:41:29 +1100139220110221
1393 - (dtucker) [contrib/cygwin/ssh-host-config] From Corinna: revamp of the
1394 Cygwin-specific service installer script ssh-host-config. The actual
1395 functionality is the same, the revisited version is just more
1396 exact when it comes to check for problems which disallow to run
1397 certain aspects of the script. So, part of this script and the also
1398 rearranged service helper script library "csih" is to check if all
1399 the tools required to run the script are available on the system.
1400 The new script also is more thorough to inform the user why the
1401 script failed. Patch from vinschen at redhat com.
1402
Damien Miller0588beb2011-02-18 09:18:45 +1100140320110218
1404 - OpenBSD CVS Sync
1405 - djm@cvs.openbsd.org 2011/02/16 00:31:14
1406 [ssh-keysign.c]
1407 make hostbased auth with ECDSA keys work correctly. Based on patch
1408 by harvey.eneman AT oracle.com in bz#1858; ok markus@ (pre-lock)
1409
Darren Tucker3b9617e2011-02-06 13:24:35 +1100141020110206
1411 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error in
1412 selinux code. Patch from Leonardo Chiquitto
Darren Tuckerea676a62011-02-06 13:31:23 +11001413 - (dtucker) [contrib/cygwin/ssh-{host,user}-config] Add ECDSA key
1414 generation and simplify. Patch from Corinna Vinschen.
Darren Tucker3b9617e2011-02-06 13:24:35 +11001415
Damien Millerb407dd82011-02-04 11:46:39 +1100141620110204
1417 - OpenBSD CVS Sync
1418 - djm@cvs.openbsd.org 2011/01/31 21:42:15
1419 [PROTOCOL.mux]
1420 cut'n'pasto; from bert.wesarg AT googlemail.com
Damien Miller0a5f0122011-02-04 11:47:01 +11001421 - djm@cvs.openbsd.org 2011/02/04 00:44:21
1422 [key.c]
1423 fix uninitialised nonce variable; reported by Mateusz Kocielski
Damien Millera6981272011-02-04 11:47:20 +11001424 - djm@cvs.openbsd.org 2011/02/04 00:44:43
1425 [version.h]
1426 openssh-5.8
Damien Miller0d30b092011-02-04 12:43:36 +11001427 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1428 [contrib/suse/openssh.spec] update versions in docs and spec files.
1429 - Release OpenSSH 5.8p1
Damien Millerb407dd82011-02-04 11:46:39 +11001430
Damien Millerd4a55042011-01-28 10:30:18 +1100143120110128
1432 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
1433 before attempting setfscreatecon(). Check whether matchpathcon()
1434 succeeded before using its result. Patch from cjwatson AT debian.org;
1435 bz#1851
1436
Tim Riced069c482011-01-26 12:32:12 -0800143720110127
1438 - (tim) [config.guess config.sub] Sync with upstream.
Tim Rice648f8762011-01-26 12:38:57 -08001439 - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete
1440 AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with
1441 AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white
1442 space changes for consistency/readability. Makes autoconf 2.68 happy.
1443 "Nice work" djm
Tim Riced069c482011-01-26 12:32:12 -08001444
Damien Miller71adf122011-01-25 12:16:15 +1100144520110125
1446 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
1447 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
1448 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
1449 building with SELinux support to avoid linking failure; report from
1450 amk AT spamfence.net; ok dtucker
1451
Darren Tucker79241372011-01-22 09:37:01 +1100145220110122
1453 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
1454 RSA_get_default_method() for the benefit of openssl versions that don't
1455 have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott,
1456 ok djm@.
Damien Millerad4b1ad2011-01-22 20:21:33 +11001457 - OpenBSD CVS Sync
1458 - djm@cvs.openbsd.org 2011/01/22 09:18:53
1459 [version.h]
1460 crank to OpenSSH-5.7
Damien Miller966accc2011-01-22 20:23:10 +11001461 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
1462 [contrib/suse/openssh.spec] update versions in docs and spec files.
Damien Miller6f8f04b2011-01-22 20:25:11 +11001463 - (djm) Release 5.7p1
Darren Tucker79241372011-01-22 09:37:01 +11001464
Tim Rice15e1b4d2011-01-18 20:47:04 -0800146520110119
1466 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead
1467 of RPM so build completes. Signatures were changed to .asc since 4.1p1.
Damien Millere323ebc2011-01-19 23:12:27 +11001468 - (djm) [configure.ac] Disable ECC on OpenSSL <0.9.8g. Releases prior to
1469 0.9.8 lacked it, and 0.9.8a through 0.9.8d have proven buggy in pre-
1470 release testing (random crashes and failure to load ECC keys).
1471 ok dtucker@
Tim Rice15e1b4d2011-01-18 20:47:04 -08001472
Damien Miller369c0e82011-01-17 10:51:40 +1100147320110117
1474 - (djm) [regress/Makefile] use $TEST_SSH_KEYGEN instead of the one in
1475 $PATH, fix cleanup of droppings; reported by openssh AT
1476 roumenpetrov.info; ok dtucker@
Damien Millerfd3669e2011-01-17 11:20:18 +11001477 - (djm) [regress/agent-ptrace.sh] Fix false failure on OS X by adding
1478 its unique snowflake of a gdb error to the ones we look for.
Damien Miller1ccbfa82011-01-17 11:52:40 +11001479 - (djm) [regress/agent-getpeereid.sh] leave stdout attached when running
1480 ssh-add to avoid $SUDO failures on Linux
Darren Tucker0c93adc2011-01-17 11:55:59 +11001481 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the new
1482 Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback
1483 to the old values. Feedback from vapier at gentoo org and djm, ok djm.
Damien Miller58497782011-01-17 16:17:09 +11001484 - (djm) [configure.ac regress/agent-getpeereid.sh regress/multiplex.sh]
1485 [regress/sftp-glob.sh regress/test-exec.sh] Rework how feature tests are
1486 disabled on platforms that do not support them; add a "config_defined()"
1487 shell function that greps for defines in config.h and use them to decide
1488 on feature tests.
1489 Convert a couple of existing grep's over config.h to use the new function
1490 Add a define "FILESYSTEM_NO_BACKSLASH" for filesystem that can't represent
1491 backslash characters in filenames, enable it for Cygwin and use it to turn
1492 of tests for quotes backslashes in sftp-glob.sh.
1493 based on discussion with vinschen AT redhat.com and dtucker@; ok dtucker@
Tim Rice6dfcd342011-01-16 22:53:56 -08001494 - (tim) [regress/agent-getpeereid.sh] shell portability fix.
Darren Tucker263d43d2011-01-17 18:50:22 +11001495 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror on
1496 the tinderbox.
Darren Tuckerea52a822011-01-17 21:15:27 +11001497 - (dtucker) [LICENCE Makefile.in audit-bsm.c audit-linux.c audit.c audit.h
1498 configure.ac defines.h loginrec.c] Bug #1402: add linux audit subsystem
1499 support, based on patches from Tomas Mraz and jchadima at redhat.
Damien Miller369c0e82011-01-17 10:51:40 +11001500
Darren Tucker50c61f82011-01-16 18:28:09 +1100150120110116
1502 - (dtucker) [Makefile.in configure.ac regress/kextype.sh] Skip sha256-based
1503 on configurations that don't have it.
Damien Miller4791f9d2011-01-16 23:16:53 +11001504 - OpenBSD CVS Sync
1505 - djm@cvs.openbsd.org 2011/01/16 11:50:05
1506 [clientloop.c]
1507 Use atomicio when flushing protocol 1 std{out,err} buffers at
1508 session close. This was a latent bug exposed by setting a SIGCHLD
1509 handler and spotted by kevin.brott AT gmail.com; ok dtucker@
Damien Miller6fb6fd52011-01-16 23:17:45 +11001510 - djm@cvs.openbsd.org 2011/01/16 11:50:36
1511 [sshconnect.c]
1512 reset the SIGPIPE handler when forking to execute child processes;
1513 ok dtucker@
Damien Millercfd6e4f2011-01-16 23:18:33 +11001514 - djm@cvs.openbsd.org 2011/01/16 12:05:59
1515 [clientloop.c]
1516 a couple more tweaks to the post-close protocol 1 stderr/stdout flush:
1517 now that we use atomicio(), convert them from while loops to if statements
1518 add test and cast to compile cleanly with -Wsigned
Darren Tucker50c61f82011-01-16 18:28:09 +11001519
Darren Tucker08f83882011-01-16 18:24:04 +1100152020110114
Damien Miller445c9a52011-01-14 12:01:29 +11001521 - OpenBSD CVS Sync
1522 - djm@cvs.openbsd.org 2011/01/13 21:54:53
1523 [mux.c]
1524 correct error messages; patch from bert.wesarg AT googlemail.com
Damien Miller42747df2011-01-14 12:01:50 +11001525 - djm@cvs.openbsd.org 2011/01/13 21:55:25
1526 [PROTOCOL.mux]
1527 correct protocol names and add a couple of missing protocol number
1528 defines; patch from bert.wesarg AT googlemail.com
Damien Millere9b40482011-01-14 14:47:37 +11001529 - (djm) [Makefile.in] Use shell test to disable ecdsa key generating in
1530 host-key-force target rather than a substitution that is replaced with a
1531 comment so that the Makefile.in is still a syntactically valid Makefile
1532 (useful to run the distprep target)
Tim Rice02d99da2011-01-13 22:20:27 -08001533 - (tim) [regress/cert-hostkey.sh] Typo. Missing $ on variable name.
Tim Ricec5c346b2011-01-13 22:36:14 -08001534 - (tim) [regress/cert-hostkey.sh] Add missing TEST_SSH_ECC guard around some
1535 ecdsa bits.
Damien Miller445c9a52011-01-14 12:01:29 +11001536
Darren Tucker08f83882011-01-16 18:24:04 +1100153720110113
Damien Miller1708cb72011-01-13 12:21:34 +11001538 - (djm) [misc.c] include time.h for nanosleep() prototype
Tim Ricecce927c2011-01-12 19:06:31 -08001539 - (tim) [Makefile.in] test the ECC bits if we have the capability. ok djm
Tim Rice9b87a5c2011-01-12 22:35:43 -08001540 - (tim) [Makefile.in configure.ac opensshd.init.in] Add support for generating
1541 ecdsa keys. ok djm.
Damien Millerff22df52011-01-13 21:05:27 +11001542 - (djm) [entropy.c] cast OPENSSL_VERSION_NUMBER to u_long to avoid
1543 gcc warning on platforms where it defaults to int
Damien Millercbaf8e62011-01-13 21:08:27 +11001544 - (djm) [regress/Makefile] add a few more generated files to the clean
1545 target
Damien Miller9b160862011-01-13 22:00:20 +11001546 - (djm) [myproposal.h] Fix reversed OPENSSL_VERSION_NUMBER test and bad
1547 #define that was causing diffie-hellman-group-exchange-sha256 to be
1548 incorrectly disabled
Damien Miller52788062011-01-13 22:05:14 +11001549 - (djm) [regress/kextype.sh] Testing diffie-hellman-group-exchange-sha256
1550 should not depend on ECC support
Damien Miller1708cb72011-01-13 12:21:34 +11001551
Darren Tucker08f83882011-01-16 18:24:04 +1100155220110112
Damien Millerb66e9172011-01-12 13:30:18 +11001553 - OpenBSD CVS Sync
1554 - nicm@cvs.openbsd.org 2010/10/08 21:48:42
1555 [openbsd-compat/glob.c]
1556 Extend GLOB_LIMIT to cover readdir and stat and bump the malloc limit
1557 from ARG_MAX to 64K.
1558 Fixes glob-using programs (notably ftp) able to be triggered to hit
1559 resource limits.
1560 Idea from a similar NetBSD change, original problem reported by jasper@.
1561 ok millert tedu jasper
Damien Miller4927aaf2011-01-12 13:32:03 +11001562 - djm@cvs.openbsd.org 2011/01/12 01:53:14
1563 avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
1564 and sanity check arguments (these will be unnecessary when we switch
1565 struct glob members from being type into to size_t in the future);
1566 "looks ok" tedu@ feedback guenther@
Damien Miller945aa0c2011-01-12 13:34:02 +11001567 - (djm) [configure.ac] Turn on -Wno-unused-result for gcc >= 4.4 to avoid
1568 silly warnings on write() calls we don't care succeed or not.
Damien Miller134d02a2011-01-12 16:00:37 +11001569 - (djm) [configure.ac] Fix broken test for gcc >= 4.4 with per-compiler
1570 flag tests that don't depend on gcc version at all; suggested by and
1571 ok dtucker@
Damien Millerb66e9172011-01-12 13:30:18 +11001572
Tim Rice076a3b92011-01-10 12:56:26 -0800157320110111
1574 - (tim) [regress/host-expand.sh] Fix for building outside of read only
1575 source tree.
Damien Miller81ad4b12011-01-11 17:02:23 +11001576 - (djm) [platform.c] Some missing includes that show up under -Werror
Damien Millerb73b6fd2011-01-11 17:18:56 +11001577 - OpenBSD CVS Sync
1578 - djm@cvs.openbsd.org 2011/01/08 10:51:51
1579 [clientloop.c]
1580 use host and not options.hostname, as the latter may have unescaped
1581 substitution characters
Damien Millera256c8d2011-01-11 17:20:05 +11001582 - djm@cvs.openbsd.org 2011/01/11 06:06:09
1583 [sshlogin.c]
1584 fd leak on error paths; from zinovik@
1585 NB. Id sync only; we use loginrec.c that was also audited and fixed
1586 recently
Damien Miller821de0a2011-01-11 17:20:29 +11001587 - djm@cvs.openbsd.org 2011/01/11 06:13:10
1588 [clientloop.c ssh-keygen.c sshd.c]
1589 some unsigned long long casts that make things a bit easier for
1590 portable without resorting to dropping PRIu64 formats everywhere
Tim Rice076a3b92011-01-10 12:56:26 -08001591
Damien Millere63b7f22011-01-09 09:19:50 +1100159220110109
1593 - (djm) [Makefile.in] list ssh_host_ecdsa key in PATHSUBS; spotted by
1594 openssh AT roumenpetrov.info
1595
Damien Miller996384d2011-01-08 21:58:20 +1100159620110108
1597 - (djm) [regress/keytype.sh] s/echo -n/echon/ to repair failing regress
1598 test on OSX and others. Reported by imorgan AT nas.nasa.gov
1599
Damien Miller322125b2011-01-07 09:50:08 +1100160020110107
1601 - (djm) [regress/cert-hostkey.sh regress/cert-userkey.sh] fix shell test
1602 for no-ECC case. Patch from cristian.ionescu-idbohrn AT axis.com
Damien Miller83f8a402011-01-07 09:51:17 +11001603 - djm@cvs.openbsd.org 2011/01/06 22:23:53
1604 [ssh.c]
1605 unbreak %n expansion in LocalCommand; patch from bert.wesarg AT
1606 googlemail.com; ok markus@
Damien Miller64abf312011-01-07 09:51:52 +11001607 - djm@cvs.openbsd.org 2011/01/06 22:23:02
1608 [clientloop.c]
1609 when exiting due to ServerAliveTimeout, mention the hostname that caused
1610 it (useful with backgrounded controlmaster)
Damien Miller7d06b002011-01-07 09:54:20 +11001611 - djm@cvs.openbsd.org 2011/01/06 22:46:21
1612 [regress/Makefile regress/host-expand.sh]
1613 regress test for LocalCommand %n expansion from bert.wesarg AT
1614 googlemail.com; ok markus@
Damien Millered3a8eb2011-01-07 10:02:52 +11001615 - djm@cvs.openbsd.org 2011/01/06 23:01:35
1616 [sshconnect.c]
1617 reset SIGCHLD handler to SIG_DFL when execuring LocalCommand;
1618 ok markus@
Damien Miller322125b2011-01-07 09:50:08 +11001619
Damien Millerf1211432011-01-06 22:40:30 +1100162020110106
1621 - (djm) OpenBSD CVS Sync
1622 - markus@cvs.openbsd.org 2010/12/08 22:46:03
1623 [scp.1 scp.c]
1624 add a new -3 option to scp: Copies between two remote hosts are
1625 transferred through the local host. Without this option the data
1626 is copied directly between the two remote hosts. ok djm@ (bugzilla #1837)
Damien Miller907998d2011-01-06 22:41:21 +11001627 - jmc@cvs.openbsd.org 2010/12/09 14:13:33
1628 [scp.1 scp.c]
1629 scp.1: grammer fix
1630 scp.c: add -3 to usage()
Damien Miller05c89972011-01-06 22:42:04 +11001631 - markus@cvs.openbsd.org 2010/12/14 11:59:06
1632 [sshconnect.c]
1633 don't mention key type in key-changed-warning, since we also print
1634 this warning if a new key type appears. ok djm@
Damien Miller106079c2011-01-06 22:43:44 +11001635 - djm@cvs.openbsd.org 2010/12/15 00:49:27
1636 [readpass.c]
1637 fix ControlMaster=ask regression
1638 reset SIGCHLD handler before fork (and restore it after) so we don't miss
1639 the the askpass child's exit status. Correct test for exit status/signal to
1640 account for waitpid() failure; with claudio@ ok claudio@ markus@
Damien Millerde53fd02011-01-06 22:44:18 +11001641 - djm@cvs.openbsd.org 2010/12/24 21:41:48
1642 [auth-options.c]
1643 don't send the actual forced command in a debug message; ok markus deraadt
Damien Miller8ad960b2011-01-06 22:44:44 +11001644 - otto@cvs.openbsd.org 2011/01/04 20:44:13
1645 [ssh-keyscan.c]
1646 handle ecdsa-sha2 with various key lengths; hint and ok djm@
Damien Millerf1211432011-01-06 22:40:30 +11001647
Damien Miller30a69e72011-01-04 08:16:27 +1100164820110104
1649 - (djm) [configure.ac Makefile.in] Use mandoc as preferred manpage
1650 formatter if it is present, followed by nroff and groff respectively.
1651 Fixes distprep target on OpenBSD (which has bumped groff/nroff to ports
1652 in favour of mandoc). feedback and ok tim
1653
165420110103
Damien Millerd197fd62011-01-03 14:48:14 +11001655 - (djm) [Makefile.in] revert local hack I didn't intend to commit
1656
165720110102
Damien Miller4a06f922011-01-02 21:43:59 +11001658 - (djm) [loginrec.c] Fix some fd leaks on error paths. ok dtucker
Damien Miller41bccf72011-01-02 21:53:07 +11001659 - (djm) [configure.ac] Check whether libdes is needed when building
1660 with Heimdal krb5 support. On OpenBSD this library no longer exists,
1661 so linking it unconditionally causes a build failure; ok dtucker
Damien Miller4a06f922011-01-02 21:43:59 +11001662
Damien Miller928362d2010-12-26 14:26:45 +1100166320101226
1664 - (dtucker) OpenBSD CVS Sync
1665 - djm@cvs.openbsd.org 2010/12/08 04:02:47
1666 [ssh_config.5 sshd_config.5]
1667 explain that IPQoS arguments are separated by whitespace; iirc requested
1668 by jmc@ a while back
1669
Darren Tucker37bb7562010-12-05 08:46:05 +1100167020101205
1671 - (dtucker) openbsd-compat/openssl-compat.c] remove sleep leftover from
1672 debugging. Spotted by djm.
Darren Tucker7336b902010-12-05 09:00:30 +11001673 - (dtucker) OpenBSD CVS Sync
1674 - djm@cvs.openbsd.org 2010/12/03 23:49:26
1675 [schnorr.c]
1676 check that g^x^q === 1 mod p; recommended by JPAKE author Feng Hao
1677 (this code is still disabled, but apprently people are treating it as
1678 a reference implementation)
Darren Tuckeradab6f12010-12-05 09:01:47 +11001679 - djm@cvs.openbsd.org 2010/12/03 23:55:27
1680 [auth-rsa.c]
1681 move check for revoked keys to run earlier (in auth_rsa_key_allowed)
1682 bz#1829; patch from ldv AT altlinux.org; ok markus@
Darren Tuckeraf1f9092010-12-05 09:02:47 +11001683 - djm@cvs.openbsd.org 2010/12/04 00:18:01
1684 [sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c]
1685 add a protocol extension to support a hard link operation. It is
1686 available through the "ln" command in the client. The old "ln"
1687 behaviour of creating a symlink is available using its "-s" option
1688 or through the preexisting "symlink" command; based on a patch from
1689 miklos AT szeredi.hu in bz#1555; ok markus@
Darren Tucker094f1e92010-12-05 09:03:31 +11001690 - djm@cvs.openbsd.org 2010/12/04 13:31:37
1691 [hostfile.c]
1692 fix fd leak; spotted and ok dtucker
Darren Tucker4288c532010-12-05 09:45:50 +11001693 - djm@cvs.openbsd.org 2010/12/04 00:21:19
1694 [regress/sftp-cmds.sh]
1695 adjust for hard-link support
Darren Tucker7e1a5a42010-12-05 09:29:31 +11001696 - (dtucker) [regress/Makefile] Id sync.
Darren Tucker37bb7562010-12-05 08:46:05 +11001697
Damien Millerd89745b2010-12-03 10:50:26 +1100169820101204
1699 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
1700 instead of (arc4random() % range)
Darren Tuckerebdef762010-12-04 23:20:50 +11001701 - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
1702 shims for the new, non-deprecated OpenSSL key generation functions for
1703 platforms that don't have the new interfaces.
Damien Millerd89745b2010-12-03 10:50:26 +11001704
Damien Miller188ea812010-12-01 11:50:14 +1100170520101201
1706 - OpenBSD CVS Sync
1707 - deraadt@cvs.openbsd.org 2010/11/20 05:12:38
1708 [auth2-pubkey.c]
1709 clean up cases of ;;
Damien Miller2cd62932010-12-01 11:50:35 +11001710 - djm@cvs.openbsd.org 2010/11/21 01:01:13
1711 [clientloop.c misc.c misc.h ssh-agent.1 ssh-agent.c]
1712 honour $TMPDIR for client xauth and ssh-agent temporary directories;
1713 feedback and ok markus@
Damien Millera2327922010-12-01 12:01:21 +11001714 - djm@cvs.openbsd.org 2010/11/21 10:57:07
1715 [authfile.c]
1716 Refactor internals of private key loading and saving to work on memory
1717 buffers rather than directly on files. This will make a few things
1718 easier to do in the future; ok markus@
Damien Miller6a740e72010-12-01 12:01:51 +11001719 - djm@cvs.openbsd.org 2010/11/23 02:35:50
1720 [auth.c]
1721 use strict_modes already passed as function argument over referencing
1722 global options.strict_modes
Damien Millerd0fdd682010-12-01 12:02:14 +11001723 - djm@cvs.openbsd.org 2010/11/23 23:57:24
1724 [clientloop.c]
1725 avoid NULL deref on receiving a channel request on an unknown or invalid
1726 channel; report bz#1842 from jchadima AT redhat.com; ok dtucker@
Damien Millerb7f827a2010-12-01 12:02:35 +11001727 - djm@cvs.openbsd.org 2010/11/24 01:24:14
1728 [channels.c]
1729 remove a debug() that pollutes stderr on client connecting to a server
1730 in debug mode (channel_close_fds is called transitively from the session
1731 code post-fork); bz#1719, ok dtucker
Damien Millerf80c3de2010-12-01 12:02:59 +11001732 - djm@cvs.openbsd.org 2010/11/25 04:10:09
1733 [session.c]
1734 replace close() loop for fds 3->64 with closefrom();
1735 ok markus deraadt dtucker
Damien Miller87dc0a42010-12-01 12:03:19 +11001736 - djm@cvs.openbsd.org 2010/11/26 05:52:49
1737 [scp.c]
1738 Pass through ssh command-line flags and options when doing remote-remote
1739 transfers, e.g. to enable agent forwarding which is particularly useful
1740 in this case; bz#1837 ok dtucker@
Damien Miller03c0e532010-12-01 12:03:39 +11001741 - markus@cvs.openbsd.org 2010/11/29 18:57:04
1742 [authfile.c]
1743 correctly load comment for encrypted rsa1 keys;
1744 report/fix Joachim Schipper; ok djm@
Damien Millerd925dcd2010-12-01 12:21:51 +11001745 - djm@cvs.openbsd.org 2010/11/29 23:45:51
1746 [auth.c hostfile.c hostfile.h ssh.c ssh_config.5 sshconnect.c]
1747 [sshconnect.h sshconnect2.c]
1748 automatically order the hostkeys requested by the client based on
1749 which hostkeys are already recorded in known_hosts. This avoids
1750 hostkey warnings when connecting to servers with new ECDSA keys
1751 that are preferred by default; with markus@
Damien Miller188ea812010-12-01 11:50:14 +11001752
Darren Tuckerd9957122010-11-24 10:09:13 +1100175320101124
1754 - (dtucker) [platform.c session.c] Move the getluid call out of session.c and
1755 into the platform-specific code Only affects SCO, tested by and ok tim@.
Damien Miller88e341e2010-11-24 10:36:15 +11001756 - (djm) [loginrec.c] Relax permission requirement on btmp logs to allow
1757 group read/write. ok dtucker@
Darren Tucker4b6cbf72010-11-24 10:46:37 +11001758 - (dtucker) [packet.c] Remove redundant local declaration of "int tos".
Damien Miller73de86a2010-11-24 10:50:04 +11001759 - (djm) [defines.h] Add IP DSCP defines
Darren Tuckerd9957122010-11-24 10:09:13 +11001760
Darren Tucker9e0ff7a2010-11-22 17:59:00 +1100176120101122
1762 - (dtucker) Bug #1840: fix warning when configuring --with-ssl-engine, patch
1763 from vapier at gentoo org.
1764
Damien Miller7a221a12010-11-20 15:14:29 +1100176520101120
1766 - OpenBSD CVS Sync
1767 - djm@cvs.openbsd.org 2010/11/05 02:46:47
1768 [packet.c]
1769 whitespace KNF
Damien Miller4499f4c2010-11-20 15:15:49 +11001770 - djm@cvs.openbsd.org 2010/11/10 01:33:07
1771 [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
1772 use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
1773 these have been around for years by this time. ok markus
Damien Miller0dac6fb2010-11-20 15:19:38 +11001774 - djm@cvs.openbsd.org 2010/11/13 23:27:51
1775 [clientloop.c misc.c misc.h packet.c packet.h readconf.c readconf.h]
1776 [servconf.c servconf.h session.c ssh.c ssh_config.5 sshd_config.5]
1777 allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of
1778 hardcoding lowdelay/throughput.
1779
1780 bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
Damien Miller8e1ea4e2010-11-20 15:20:10 +11001781 - jmc@cvs.openbsd.org 2010/11/15 07:40:14
1782 [ssh_config.5]
1783 libary -> library;
Damien Miller0a184732010-11-20 15:21:03 +11001784 - jmc@cvs.openbsd.org 2010/11/18 15:01:00
1785 [scp.1 sftp.1 ssh.1 sshd_config.5]
1786 add IPQoS to the various -o lists, and zap some trailing whitespace;
Damien Miller7a221a12010-11-20 15:14:29 +11001787
Damien Millerdd190dd2010-11-11 14:17:02 +1100178820101111
1789 - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on
1790 platforms that don't support ECC. Fixes some spurious warnings reported
1791 by tim@
1792
Tim Ricee426f5e2010-11-08 09:15:14 -0800179320101109
1794 - (tim) [regress/kextype.sh] Not all platforms have time in /usr/bin.
1795 Feedback from dtucker@
Tim Ricec7a8af02010-11-08 14:26:23 -08001796 - (tim) [configure.ac openbsd-compat/bsd-misc.h openbsd-compat/bsd-misc.c] Add
1797 support for platforms missing isblank(). ok djm@
Tim Ricee426f5e2010-11-08 09:15:14 -08001798
Tim Rice522262f2010-11-07 13:00:27 -0800179920101108
1800 - (tim) [regress/Makefile] Fixes to allow building/testing outside source
1801 tree.
Tim Ricec10aeaa2010-11-07 13:03:11 -08001802 - (tim) [regress/kextype.sh] Shell portability fix.
Tim Rice522262f2010-11-07 13:00:27 -08001803
Darren Tuckerd1ece6e2010-11-07 18:05:54 +1100180420101107
1805 - (dtucker) [platform.c] includes.h instead of defines.h so that we get
1806 the correct typedefs.
1807
Damien Miller3a0e9f62010-11-05 10:16:34 +1100180820101105
Damien Miller34ee4202010-11-05 10:52:37 +11001809 - (djm) [loginrec.c loginrec.h] Use correct uid_t/pid_t types instead of
1810 int. Should fix bz#1817 cleanly; ok dtucker@
Damien Miller3a0e9f62010-11-05 10:16:34 +11001811 - OpenBSD CVS Sync
1812 - djm@cvs.openbsd.org 2010/09/22 12:26:05
1813 [regress/Makefile regress/kextype.sh]
1814 regress test for each of the key exchange algorithms that we support
Damien Millerb472a902010-11-05 10:19:49 +11001815 - djm@cvs.openbsd.org 2010/10/28 11:22:09
1816 [authfile.c key.c key.h ssh-keygen.c]
1817 fix a possible NULL deref on loading a corrupt ECDH key
1818
1819 store ECDH group information in private keys files as "named groups"
1820 rather than as a set of explicit group parameters (by setting
1821 the OPENSSL_EC_NAMED_CURVE flag). This makes for shorter key files and
1822 retrieves the group's OpenSSL NID that we need for various things.
Damien Miller55fa5652010-11-05 10:20:14 +11001823 - jmc@cvs.openbsd.org 2010/10/28 18:33:28
1824 [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
1825 knock out some "-*- nroff -*-" lines;
Damien Miller07331212010-11-05 10:20:31 +11001826 - djm@cvs.openbsd.org 2010/11/04 02:45:34
1827 [sftp-server.c]
1828 umask should be parsed as octal. reported by candland AT xmission.com;
1829 ok markus@
Darren Tucker97528352010-11-05 12:03:05 +11001830 - (dtucker) [configure.ac platform.{c,h} session.c
1831 openbsd-compat/port-solaris.{c,h}] Bug #1824: Add Solaris Project support.
1832 Patch from cory.erickson at csu mnscu edu with a bit of rework from me.
1833 ok djm@
Darren Tucker920612e2010-11-05 12:36:15 +11001834 - (dtucker) [platform.c platform.h session.c] Add a platform hook to run
1835 after the user's groups are established and move the selinux calls into it.
Darren Tucker4db38072010-11-05 12:41:13 +11001836 - (dtucker) [platform.c session.c] Move the AIX setpcred+chroot hack into
1837 platform.c
Darren Tucker44a97be2010-11-05 12:45:18 +11001838 - (dtucker) [platform.c session.c] Move the BSDI setpgrp into platform.c.
Darren Tuckerfd4d8aa2010-11-05 12:50:41 +11001839 - (dtucker) [platform.c] Only call setpgrp on BSDI if running as root to
1840 retain previous behavior.
Darren Tucker728d8372010-11-05 13:00:05 +11001841 - (dtucker) [platform.c session.c] Move the PAM credential establishment for
1842 the LOGIN_CAP case into platform.c.
Darren Tucker7a8afe32010-11-05 13:07:24 +11001843 - (dtucker) platform.c session.c] Move the USE_LIBIAF fragment into
1844 platform.c
Darren Tucker0b2ee642010-11-05 13:29:25 +11001845 - (dtucker) [platform.c session.c] Move aix_usrinfo frament into platform.c.
1846 - (dtucker) [platform.c session.c] Move irix setusercontext fragment into
1847 platform.c.
Darren Tuckercc124182010-11-05 13:32:52 +11001848 - (dtucker) [platform.c session.c] Move PAM credential establishment for the
1849 non-LOGIN_CAP case into platform.c.
Darren Tuckerb12fe272010-11-05 14:47:01 +11001850 - (dtucker) [platform.c platform.h session.c] Move the Cygwin special-case
1851 check into platform.c
Darren Tuckerb69e0332010-11-05 18:19:15 +11001852 - (dtucker) [regress/keytype.sh] Import new test.
Darren Tuckereab5f0d2010-11-05 18:23:38 +11001853 - (dtucker) [Makefile configure.ac regress/Makefile regress/keytype.sh]
1854 Import recent changes to regress/Makefile, pass a flag to enable ECC tests
1855 from configure through to regress/Makefile and use it in the tests.
Darren Tucker345178d2010-11-05 18:35:52 +11001856 - (dtucker) [regress/kextype.sh] Add missing "test".
Darren Tuckerf619d1c2010-11-05 18:41:50 +11001857 - (dtucker) [regress/kextype.sh] Make sha256 test depend on ECC. This is not
1858 strictly correct since while ECC requires sha256 the reverse is not true
1859 however it does prevent spurious test failures.
Darren Tucker9283d8c2010-11-05 18:56:08 +11001860 - (dtucker) [platform.c] Need servconf.h and extern options.
Damien Miller3a0e9f62010-11-05 10:16:34 +11001861
Tim Ricebdd3e672010-10-24 18:35:55 -0700186220101025
1863 - (tim) [openbsd-compat/glob.h] Remove sys/cdefs.h include that came with
1864 1.12 to unbreak Solaris build.
1865 ok djm@
Darren Tucker54b1f312010-10-25 16:54:28 +11001866 - (dtucker) [defines.h] Use SIZE_T_MAX for SIZE_MAX for platforms that have a
1867 native one.
Tim Ricebdd3e672010-10-24 18:35:55 -07001868
Darren Tuckera5393932010-10-24 10:47:30 +1100186920101024
1870 - (dtucker) [includes.h] Add missing ifdef GLOB_HAS_GL_STATV to fix build.
Darren Tuckerbfd9b1b2010-10-24 11:19:26 +11001871 - (dtucker) [regress/cert-hostkey.sh] Disable ECC-based tests on platforms
1872 which don't have ECC support in libcrypto.
Darren Tuckerd633fef2010-10-24 11:33:07 +11001873 - (dtucker) [regress/cert-userkey.sh] Disable ECC-based tests on platforms
1874 which don't have ECC support in libcrypto.
Darren Tucker7bc236d2010-10-24 11:58:43 +11001875 - (dtucker) [defines.h] Add SIZE_MAX for the benefit of platforms that don't
1876 have it.
Darren Tuckerd78739a2010-10-24 10:56:32 +11001877 - (dtucker) OpenBSD CVS Sync
1878 - sthen@cvs.openbsd.org 2010/10/23 22:06:12
1879 [sftp.c]
1880 escape '[' in filename tab-completion; fix a type while there.
1881 ok djm@
Darren Tuckera5393932010-10-24 10:47:30 +11001882
Damien Miller68512c02010-10-21 15:21:11 +1100188320101021
1884 - OpenBSD CVS Sync
1885 - dtucker@cvs.openbsd.org 2010/10/12 02:22:24
1886 [mux.c]
1887 Typo in confirmation message. bz#1827, patch from imorgan at
1888 nas nasa gov
Damien Miller6fd2d7d2010-10-21 15:27:14 +11001889 - djm@cvs.openbsd.org 2010/08/31 12:24:09
1890 [regress/cert-hostkey.sh regress/cert-userkey.sh]
1891 tests for ECDSA certificates
Damien Miller68512c02010-10-21 15:21:11 +11001892
Damien Miller1f789802010-10-11 22:35:22 +1100189320101011
Damien Miller47e57bf2010-10-12 13:28:12 +11001894 - (djm) [canohost.c] Zero a4 instead of addr to better match type.
1895 bz#1825, reported by foo AT mailinator.com
Damien Miller9c0c31d2010-10-12 13:30:44 +11001896 - (djm) [sshconnect.c] Need signal.h for prototype for kill(2)
Damien Miller47e57bf2010-10-12 13:28:12 +11001897
189820101011
Damien Miller1f789802010-10-11 22:35:22 +11001899 - (djm) [configure.ac] Use = instead of == in shell tests. Patch from
1900 dr AT vasco.com
1901
Damien Milleraa180632010-10-07 21:25:27 +1100190220101007
Damien Miller9a3d0dc2010-10-07 22:06:42 +11001903 - (djm) [ssh-agent.c] Fix type for curve name.
Damien Milleraa180632010-10-07 21:25:27 +11001904 - (djm) OpenBSD CVS Sync
1905 - matthew@cvs.openbsd.org 2010/09/24 13:33:00
1906 [misc.c misc.h configure.ac openbsd-compat/openbsd-compat.h]
1907 [openbsd-compat/timingsafe_bcmp.c]
1908 Add timingsafe_bcmp(3) to libc, mention that it's already in the
1909 kernel in kern(9), and remove it from OpenSSH.
1910 ok deraadt@, djm@
1911 NB. re-added under openbsd-compat/ for portable OpenSSH
Damien Millera6e121a2010-10-07 21:39:17 +11001912 - djm@cvs.openbsd.org 2010/09/25 09:30:16
1913 [sftp.c configure.ac openbsd-compat/glob.c openbsd-compat/glob.h]
1914 make use of new glob(3) GLOB_KEEPSTAT extension to save extra server
1915 rountrips to fetch per-file stat(2) information.
1916 NB. update openbsd-compat/ glob(3) implementation from OpenBSD libc to
1917 match.
Damien Miller68e2e562010-10-07 21:39:55 +11001918 - djm@cvs.openbsd.org 2010/09/26 22:26:33
1919 [sftp.c]
1920 when performing an "ls" in columnated (short) mode, only call
1921 ioctl(TIOCGWINSZ) once to get the window width instead of per-
1922 filename
Damien Millerc54b02c2010-10-07 21:40:17 +11001923 - djm@cvs.openbsd.org 2010/09/30 11:04:51
1924 [servconf.c]
1925 prevent free() of string in .rodata when overriding AuthorizedKeys in
1926 a Match block; patch from rein AT basefarm.no
Damien Miller9a3d0dc2010-10-07 22:06:42 +11001927 - djm@cvs.openbsd.org 2010/10/01 23:05:32
1928 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h]
1929 adapt to API changes in openssl-1.0.0a
1930 NB. contains compat code to select correct API for older OpenSSL
Damien Miller38d9a962010-10-07 22:07:11 +11001931 - djm@cvs.openbsd.org 2010/10/05 05:13:18
1932 [sftp.c sshconnect.c]
1933 use default shell /bin/sh if $SHELL is ""; ok markus@
Damien Millera41ccca2010-10-07 22:07:32 +11001934 - djm@cvs.openbsd.org 2010/10/06 06:39:28
1935 [clientloop.c ssh.c sshconnect.c sshconnect.h]
1936 kill proxy command on fatal() (we already kill it on clean exit);
1937 ok markus@
Damien Miller45fcdaa2010-10-07 22:07:58 +11001938 - djm@cvs.openbsd.org 2010/10/06 21:10:21
1939 [sshconnect.c]
1940 swapped args to kill(2)
Damien Miller37f4f182010-10-07 22:10:38 +11001941 - (djm) [openbsd-compat/glob.c] restore ARG_MAX compat code.
Damien Miller80e99532010-10-07 22:12:08 +11001942 - (djm) [cipher-acss.c] Add missing header.
Damien Miller88b844f2010-10-07 22:19:23 +11001943 - (djm) [openbsd-compat/Makefile.in] Actually link timingsafe_bcmp
Damien Milleraa180632010-10-07 21:25:27 +11001944
Damien Miller6186bbc2010-09-24 22:00:54 +1000194520100924
1946 - (djm) OpenBSD CVS Sync
1947 - naddy@cvs.openbsd.org 2010/09/10 15:19:29
1948 [ssh-keygen.1]
1949 * mention ECDSA in more places
1950 * less repetition in FILES section
1951 * SSHv1 keys are still encrypted with 3DES
1952 help and ok jmc@
Damien Miller1ca94692010-09-24 22:01:22 +10001953 - djm@cvs.openbsd.org 2010/09/11 21:44:20
1954 [ssh.1]
1955 mention RFC 5656 for ECC stuff
Damien Miller881adf72010-09-24 22:01:54 +10001956 - jmc@cvs.openbsd.org 2010/09/19 21:30:05
1957 [sftp.1]
1958 more wacky macro fixing;
Damien Miller857b02e2010-09-24 22:02:56 +10001959 - djm@cvs.openbsd.org 2010/09/20 04:41:47
1960 [ssh.c]
1961 install a SIGCHLD handler to reap expiried child process; ok markus@
Damien Millerf7540cd2010-09-24 22:03:24 +10001962 - djm@cvs.openbsd.org 2010/09/20 04:50:53
1963 [jpake.c schnorr.c]
1964 check that received values are smaller than the group size in the
1965 disabled and unfinished J-PAKE code.
1966 avoids catastrophic security failure found by Sebastien Martini
Damien Miller18e1cab2010-09-24 22:07:17 +10001967 - djm@cvs.openbsd.org 2010/09/20 04:54:07
1968 [jpake.c]
1969 missing #include
Damien Miller603134e2010-09-24 22:07:55 +10001970 - djm@cvs.openbsd.org 2010/09/20 07:19:27
1971 [mux.c]
1972 "atomically" create the listening mux socket by binding it on a temorary
1973 name and then linking it into position after listen() has succeeded.
1974 this allows the mux clients to determine that the server socket is
1975 either ready or stale without races. stale server sockets are now
1976 automatically removed
1977 ok deraadt
Damien Millerd5f62bf2010-09-24 22:11:14 +10001978 - djm@cvs.openbsd.org 2010/09/22 05:01:30
1979 [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
1980 [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
1981 add a KexAlgorithms knob to the client and server configuration to allow
1982 selection of which key exchange methods are used by ssh(1) and sshd(8)
1983 and their order of preference.
1984 ok markus@
Damien Miller7fe2b1f2010-09-24 22:11:53 +10001985 - jmc@cvs.openbsd.org 2010/09/22 08:30:08
1986 [ssh.1 ssh_config.5]
1987 ssh.1: add kexalgorithms to the -o list
1988 ssh_config.5: format the kexalgorithms in a more consistent
1989 (prettier!) way
1990 ok djm
Damien Miller65e42f82010-09-24 22:15:11 +10001991 - djm@cvs.openbsd.org 2010/09/22 22:58:51
1992 [atomicio.c atomicio.h misc.c misc.h scp.c sftp-client.c]
1993 [sftp-client.h sftp.1 sftp.c]
1994 add an option per-read/write callback to atomicio
1995
1996 factor out bandwidth limiting code from scp(1) into a generic bandwidth
1997 limiter that can be attached using the atomicio callback mechanism
1998
1999 add a bandwidth limit option to sftp(1) using the above
2000 "very nice" markus@
Damien Miller56883e12010-09-24 22:15:39 +10002001 - jmc@cvs.openbsd.org 2010/09/23 13:34:43
2002 [sftp.c]
2003 add [-l limit] to usage();
Damien Miller2beb32f2010-09-24 22:16:03 +10002004 - jmc@cvs.openbsd.org 2010/09/23 13:36:46
2005 [scp.1 sftp.1]
2006 add KexAlgorithms to the -o list;
Damien Miller6186bbc2010-09-24 22:00:54 +10002007
Damien Miller4314c2b2010-09-10 11:12:09 +1000200820100910
Darren Tucker50e3bab2010-09-10 10:30:25 +10002009 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
2010 return code since it can apparently return -1 under some conditions. From
2011 openssh bugs werbittewas de, ok djm@
Damien Miller4314c2b2010-09-10 11:12:09 +10002012 - OpenBSD CVS Sync
2013 - djm@cvs.openbsd.org 2010/08/31 12:33:38
2014 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2015 reintroduce commit from tedu@, which I pulled out for release
2016 engineering:
2017 OpenSSL_add_all_algorithms is the name of the function we have a
2018 man page for, so use that. ok djm
Damien Millerde735ea2010-09-10 11:12:38 +10002019 - jmc@cvs.openbsd.org 2010/08/31 17:40:54
2020 [ssh-agent.1]
2021 fix some macro abuse;
Damien Millerd4427902010-09-10 11:15:10 +10002022 - jmc@cvs.openbsd.org 2010/08/31 21:14:58
2023 [ssh.1]
2024 small text tweak to accommodate previous;
Damien Millere13cadf2010-09-10 11:15:33 +10002025 - naddy@cvs.openbsd.org 2010/09/01 15:21:35
2026 [servconf.c]
2027 pick up ECDSA host key by default; ok djm@
Damien Miller390f1532010-09-10 11:17:54 +10002028 - markus@cvs.openbsd.org 2010/09/02 16:07:25
Damien Miller57737942010-09-10 11:16:37 +10002029 [ssh-keygen.c]
2030 permit -b 256, 384 or 521 as key size for ECDSA; ok djm@
Damien Miller390f1532010-09-10 11:17:54 +10002031 - markus@cvs.openbsd.org 2010/09/02 16:08:39
Damien Miller5929c522010-09-10 11:17:02 +10002032 [ssh.c]
2033 unbreak ControlPersist=yes for ControlMaster=yes; ok djm@
Damien Miller6e9f6802010-09-10 11:17:38 +10002034 - naddy@cvs.openbsd.org 2010/09/02 17:21:50
2035 [ssh-keygen.c]
2036 Switch ECDSA default key size to 256 bits, which according to RFC5656
2037 should still be better than our current RSA-2048 default.
2038 ok djm@, markus@
Damien Miller390f1532010-09-10 11:17:54 +10002039 - jmc@cvs.openbsd.org 2010/09/03 11:09:29
2040 [scp.1]
2041 add an EXIT STATUS section for /usr/bin;
Damien Millerdaa7b222010-09-10 11:19:33 +10002042 - jmc@cvs.openbsd.org 2010/09/04 09:38:34
2043 [ssh-add.1 ssh.1]
2044 two more EXIT STATUS sections;
Damien Miller80ed82a2010-09-10 11:20:11 +10002045 - naddy@cvs.openbsd.org 2010/09/06 17:10:19
2046 [sshd_config]
2047 add ssh_host_ecdsa_key to /etc; from Mattieu Baptiste
2048 <mattieu.b@gmail.com>
2049 ok deraadt@
Damien Millerbf0423e2010-09-10 11:20:38 +10002050 - djm@cvs.openbsd.org 2010/09/08 03:54:36
2051 [authfile.c]
2052 typo
Damien Miller3796ab42010-09-10 11:20:59 +10002053 - deraadt@cvs.openbsd.org 2010/09/08 04:13:31
2054 [compress.c]
2055 work around name-space collisions some buggy compilers (looking at you
2056 gcc, at least in earlier versions, but this does not forgive your current
2057 transgressions) seen between zlib and openssl
2058 ok djm
Damien Miller041ab7c2010-09-10 11:23:34 +10002059 - djm@cvs.openbsd.org 2010/09/09 10:45:45
2060 [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
2061 ECDH/ECDSA compliance fix: these methods vary the hash function they use
2062 (SHA256/384/512) depending on the length of the curve in use. The previous
2063 code incorrectly used SHA256 in all cases.
2064
2065 This fix will cause authentication failure when using 384 or 521-bit curve
2066 keys if one peer hasn't been upgraded and the other has. (256-bit curve
2067 keys work ok). In particular you may need to specify HostkeyAlgorithms
2068 when connecting to a server that has not been upgraded from an upgraded
2069 client.
2070
2071 ok naddy@
Damien Miller6af914a2010-09-10 11:39:26 +10002072 - (djm) [authfd.c authfile.c bufec.c buffer.h configure.ac kex.h kexecdh.c]
2073 [kexecdhc.c kexecdhs.c key.c key.h myproposal.h packet.c readconf.c]
2074 [ssh-agent.c ssh-ecdsa.c ssh-keygen.c ssh.c] Disable ECDH and ECDSA on
2075 platforms that don't have the requisite OpenSSL support. ok dtucker@
Darren Tucker8ccb7392010-09-10 12:28:24 +10002076 - (dtucker) [kex.h key.c packet.h ssh-agent.c ssh.c] A few more ECC ifdefs
2077 for missing headers and compiler warnings.
Darren Tucker50e3bab2010-09-10 10:30:25 +10002078
207920100831
Damien Millerafdae612010-08-31 22:31:14 +10002080 - OpenBSD CVS Sync
2081 - jmc@cvs.openbsd.org 2010/08/08 19:36:30
2082 [ssh-keysign.8 ssh.1 sshd.8]
2083 use the same template for all FILES sections; i.e. -compact/.Pp where we
2084 have multiple items, and .Pa for path names;
Damien Miller9b87e792010-08-31 22:31:37 +10002085 - tedu@cvs.openbsd.org 2010/08/12 23:34:39
2086 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2087 OpenSSL_add_all_algorithms is the name of the function we have a man page
2088 for, so use that. ok djm
Damien Millerd96546f2010-08-31 22:32:12 +10002089 - djm@cvs.openbsd.org 2010/08/16 04:06:06
2090 [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keysign.c ssh.c sshd.c]
2091 backout previous temporarily; discussed with deraadt@
Damien Millerda108ec2010-08-31 22:36:39 +10002092 - djm@cvs.openbsd.org 2010/08/31 09:58:37
2093 [auth-options.c auth1.c auth2.c bufaux.c buffer.h kex.c key.c packet.c]
2094 [packet.h ssh-dss.c ssh-rsa.c]
2095 Add buffer_get_cstring() and related functions that verify that the
2096 string extracted from the buffer contains no embedded \0 characters*
2097 This prevents random (possibly malicious) crap from being appended to
2098 strings where it would not be noticed if the string is used with
2099 a string(3) function.
2100
2101 Use the new API in a few sensitive places.
2102
2103 * actually, we allow a single one at the end of the string for now because
2104 we don't know how many deployed implementations get this wrong, but don't
2105 count on this to remain indefinitely.
Damien Millereb8b60e2010-08-31 22:41:14 +10002106 - djm@cvs.openbsd.org 2010/08/31 11:54:45
2107 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c]
2108 [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c]
2109 [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c]
2110 [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c]
2111 [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h]
2112 [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5]
2113 [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c]
2114 Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and
2115 host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer
2116 better performance than plain DH and DSA at the same equivalent symmetric
2117 key length, as well as much shorter keys.
2118
2119 Only the mandatory sections of RFC5656 are implemented, specifically the
2120 three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and
2121 ECDSA. Point compression (optional in RFC5656 is NOT implemented).
2122
2123 Certificate host and user keys using the new ECDSA key types are supported.
2124
2125 Note that this code has not been tested for interoperability and may be
2126 subject to change.
2127
2128 feedback and ok markus@
Damien Millerb5a62d02010-08-31 22:47:15 +10002129 - (djm) [Makefile.in] Add new ECC files
Damien Millerc79ff072010-08-31 22:50:48 +10002130 - (djm) [bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] include
2131 includes.h
Damien Millerafdae612010-08-31 22:31:14 +10002132
Darren Tucker6889abd2010-08-27 10:12:54 +1000213320100827
2134 - (dtucker) [contrib/redhat/sshd.init] Bug #1810: initlog is deprecated,
2135 remove. Patch from martynas at venck us
2136
Damien Millera5362022010-08-23 21:20:20 +1000213720100823
2138 - (djm) Release OpenSSH-5.6p1
2139
Darren Tuckeraa74f672010-08-16 13:15:23 +1000214020100816
2141 - (dtucker) [configure.ac openbsd-compat/Makefile.in
2142 openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
2143 the compat library which helps on platforms like old IRIX. Based on work
2144 by djm, tested by Tom Christensen.
Damien Miller00d9ae22010-08-17 01:59:31 +10002145 - OpenBSD CVS Sync
2146 - djm@cvs.openbsd.org 2010/08/12 21:49:44
2147 [ssh.c]
2148 close any extra file descriptors inherited from parent at start and
2149 reopen stdin/stdout to /dev/null when forking for ControlPersist.
2150
2151 prevents tools that fork and run a captive ssh for communication from
2152 failing to exit when the ssh completes while they wait for these fds to
2153 close. The inherited fds may persist arbitrarily long if a background
2154 mux master has been started by ControlPersist. cvs and scp were effected
2155 by this.
2156
2157 "please commit" markus@
Damien Miller07ad3892010-08-17 07:04:28 +10002158 - (djm) [regress/README.regress] typo
Darren Tuckeraa74f672010-08-16 13:15:23 +10002159
Tim Rice722b8d12010-08-12 09:43:13 -0700216020100812
2161 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
2162 regress/test-exec.sh] Under certain conditions when testing with sudo
2163 tests would fail because the pidfile could not be read by a regular user.
2164 "cat: cannot open ...../regress/pidfile: Permission denied (error 13)"
2165 Make sure cat is run by $SUDO. no objection from me. djm@
Tim Ricead7d5472010-08-12 10:33:01 -07002166 - (tim) [auth.c] add cast to quiet compiler. Change only affects SVR5 systems.
Tim Rice722b8d12010-08-12 09:43:13 -07002167
Damien Miller7e569b82010-08-09 02:28:37 +1000216820100809
Damien Miller2c4b13a2010-08-10 12:47:40 +10002169 - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is
2170 already set. Makes FreeBSD user openable tunnels useful; patch from
2171 richard.burakowski+ossh AT mrburak.net, ok dtucker@
Darren Tucker02c47342010-08-10 13:36:09 +10002172 - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id.
2173 based in part on a patch from Colin Watson, ok djm@
Damien Miller2c4b13a2010-08-10 12:47:40 +10002174
217520100809
Damien Miller7e569b82010-08-09 02:28:37 +10002176 - OpenBSD CVS Sync
2177 - djm@cvs.openbsd.org 2010/08/08 16:26:42
2178 [version.h]
2179 crank to 5.6
Damien Miller792010b2010-08-09 02:32:05 +10002180 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
2181 [contrib/suse/openssh.spec] Crank version numbers
Damien Miller7e569b82010-08-09 02:28:37 +10002182
Damien Miller8e604ac2010-08-09 02:28:10 +1000218320100805
Damien Miller7fa96602010-08-05 13:03:13 +10002184 - OpenBSD CVS Sync
2185 - djm@cvs.openbsd.org 2010/08/04 05:37:01
2186 [ssh.1 ssh_config.5 sshd.8]
2187 Remove mentions of weird "addr/port" alternate address format for IPv6
2188 addresses combinations. It hasn't worked for ages and we have supported
2189 the more commen "[addr]:port" format for a long time. ok jmc@ markus@
Damien Miller1da63882010-08-05 13:03:51 +10002190 - djm@cvs.openbsd.org 2010/08/04 05:40:39
2191 [PROTOCOL.certkeys ssh-keygen.c]
2192 tighten the rules for certificate encoding by requiring that options
2193 appear in lexical order and make our ssh-keygen comply. ok markus@
Damien Millerc1583312010-08-05 13:04:50 +10002194 - djm@cvs.openbsd.org 2010/08/04 05:42:47
2195 [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8]
2196 [ssh-keysign.c ssh.c]
2197 enable certificates for hostbased authentication, from Iain Morgan;
2198 "looks ok" markus@
Damien Miller5458c4d2010-08-05 13:05:15 +10002199 - djm@cvs.openbsd.org 2010/08/04 05:49:22
2200 [authfile.c]
2201 commited the wrong version of the hostbased certificate diff; this
2202 version replaces some strlc{py,at} verbosity with xasprintf() at
2203 the request of markus@
Damien Miller757f34e2010-08-05 13:05:31 +10002204 - djm@cvs.openbsd.org 2010/08/04 06:07:11
2205 [ssh-keygen.1 ssh-keygen.c]
2206 Support CA keys in PKCS#11 tokens; feedback and ok markus@
Damien Millerb89e6b72010-08-05 13:06:20 +10002207 - djm@cvs.openbsd.org 2010/08/04 06:08:40
2208 [ssh-keysign.c]
2209 clean for -Wuninitialized (Id sync only; portable had this change)
Damien Miller7d457182010-08-05 23:09:48 +10002210 - djm@cvs.openbsd.org 2010/08/05 13:08:42
2211 [channels.c]
2212 Fix a trio of bugs in the local/remote window calculation for datagram
2213 data channels (i.e. TunnelForward):
2214
2215 Calculate local_consumed correctly in channel_handle_wfd() by measuring
2216 the delta to buffer_len(c->output) from when we start to when we finish.
2217 The proximal problem here is that the output_filter we use in portable
2218 modified the length of the dequeued datagram (to futz with the headers
2219 for !OpenBSD).
2220
2221 In channel_output_poll(), don't enqueue datagrams that won't fit in the
2222 peer's advertised packet size (highly unlikely to ever occur) or which
2223 won't fit in the peer's remaining window (more likely).
2224
2225 In channel_input_data(), account for the 4-byte string header in
2226 datagram packets that we accept from the peer and enqueue in c->output.
2227
2228 report, analysis and testing 2/3 cases from wierbows AT us.ibm.com;
2229 "looks good" markus@
Damien Miller7fa96602010-08-05 13:03:13 +10002230
Damien Miller8e604ac2010-08-09 02:28:10 +1000223120100803
Darren Tucker8b7a0552010-08-03 15:50:16 +10002232 - (dtucker) [monitor.c] Bug #1795: Initialize the values to be returned from
2233 PAM to sane values in case the PAM method doesn't write to them. Spotted by
2234 Bitman Zhou, ok djm@.
Damien Miller844cccf2010-08-03 16:03:29 +10002235 - OpenBSD CVS Sync
2236 - djm@cvs.openbsd.org 2010/07/16 04:45:30
2237 [ssh-keygen.c]
2238 avoid bogus compiler warning
Damien Miller4e8285e2010-08-03 16:04:03 +10002239 - djm@cvs.openbsd.org 2010/07/16 14:07:35
2240 [ssh-rsa.c]
2241 more timing paranoia - compare all parts of the expected decrypted
2242 data before returning. AFAIK not exploitable in the SSH protocol.
2243 "groovy" deraadt@
Damien Millerc4bb91c2010-08-03 16:04:22 +10002244 - djm@cvs.openbsd.org 2010/07/19 03:16:33
2245 [sftp-client.c]
2246 bz#1797: fix swapped args in upload_dir_internal(), breaking recursive
2247 upload depth checks and causing verbose printing of transfers to always
2248 be turned on; patch from imorgan AT nas.nasa.gov
Damien Millere11e1ea2010-08-03 16:04:46 +10002249 - djm@cvs.openbsd.org 2010/07/19 09:15:12
2250 [clientloop.c readconf.c readconf.h ssh.c ssh_config.5]
2251 add a "ControlPersist" option that automatically starts a background
2252 ssh(1) multiplex master when connecting. This connection can stay alive
2253 indefinitely, or can be set to automatically close after a user-specified
2254 duration of inactivity. bz#1330 - patch by dwmw2 AT infradead.org, but
2255 further hacked on by wmertens AT cisco.com, apb AT cequrux.com,
2256 martin-mindrot-bugzilla AT earth.li and myself; "looks ok" markus@
Damien Miller8c1eb112010-08-03 16:05:05 +10002257 - djm@cvs.openbsd.org 2010/07/21 02:10:58
2258 [misc.c]
2259 sync timingsafe_bcmp() with the one dempsky@ committed to sys/lib/libkern
Damien Miller081f3c72010-08-03 16:05:25 +10002260 - dtucker@cvs.openbsd.org 2010/07/23 08:49:25
2261 [ssh.1]
2262 Ciphers is documented in ssh_config(5) these days
Darren Tucker8b7a0552010-08-03 15:50:16 +10002263
226420100819
Darren Tucker12b29db2010-07-19 21:24:13 +10002265 - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more
2266 details about its behaviour WRT existing directories. Patch from
2267 asguthrie at gmail com, ok djm.
2268
Damien Miller9308fc72010-07-16 13:56:01 +1000226920100716
2270 - (djm) OpenBSD CVS Sync
2271 - djm@cvs.openbsd.org 2010/07/02 04:32:44
2272 [misc.c]
2273 unbreak strdelim() skipping past quoted strings, e.g.
2274 AllowUsers "blah blah" blah
2275 was broken; report and fix in bz#1757 from bitman.zhou AT centrify.com
2276 ok dtucker;
Damien Miller1f25ab42010-07-16 13:56:23 +10002277 - djm@cvs.openbsd.org 2010/07/12 22:38:52
2278 [ssh.c]
2279 Make ExitOnForwardFailure work with fork-after-authentication ("ssh -f")
2280 for protocol 2. ok markus@
Damien Millerd0244d42010-07-16 13:56:43 +10002281 - djm@cvs.openbsd.org 2010/07/12 22:41:13
2282 [ssh.c ssh_config.5]
2283 expand %h to the hostname in ssh_config Hostname options. While this
2284 sounds useless, it is actually handy for working with unqualified
2285 hostnames:
2286
2287 Host *.*
2288 Hostname %h
2289 Host *
2290 Hostname %h.example.org
2291
2292 "I like it" markus@
Damien Miller8a0268f2010-07-16 13:57:51 +10002293 - djm@cvs.openbsd.org 2010/07/13 11:52:06
2294 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c]
2295 [packet.c ssh-rsa.c]
2296 implement a timing_safe_cmp() function to compare memory without leaking
2297 timing information by short-circuiting like memcmp() and use it for
2298 some of the more sensitive comparisons (though nothing high-value was
2299 readily attackable anyway); "looks ok" markus@
Damien Millerea1651c2010-07-16 13:58:37 +10002300 - djm@cvs.openbsd.org 2010/07/13 23:13:16
2301 [auth-rsa.c channels.c jpake.c key.c misc.c misc.h monitor.c packet.c]
2302 [ssh-rsa.c]
2303 s/timing_safe_cmp/timingsafe_bcmp/g
Damien Millerbcfbc482010-07-16 13:59:11 +10002304 - jmc@cvs.openbsd.org 2010/07/14 17:06:58
2305 [ssh.1]
2306 finally ssh synopsis looks nice again! this commit just removes a ton of
2307 hacks we had in place to make it work with old groff;
Damien Millerbad5e032010-07-16 13:59:59 +10002308 - schwarze@cvs.openbsd.org 2010/07/15 21:20:38
2309 [ssh-keygen.1]
2310 repair incorrect block nesting, which screwed up indentation;
2311 problem reported and fix OK by jmc@
Damien Miller9308fc72010-07-16 13:56:01 +10002312
Tim Ricecfbdc282010-07-14 13:42:28 -0700231320100714
2314 - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass
2315 (line 77) should have been for no_x11_askpass.
2316
Damien Millercede1db2010-07-02 13:33:48 +1000231720100702
2318 - (djm) OpenBSD CVS Sync
2319 - jmc@cvs.openbsd.org 2010/06/26 00:57:07
2320 [ssh_config.5]
2321 tweak previous;
Damien Millerb96c4412010-07-02 13:34:24 +10002322 - djm@cvs.openbsd.org 2010/06/26 23:04:04
2323 [ssh.c]
2324 oops, forgot to #include <canohost.h>; spotted and patch from chl@
Damien Miller44b25042010-07-02 13:35:01 +10002325 - djm@cvs.openbsd.org 2010/06/29 23:15:30
2326 [ssh-keygen.1 ssh-keygen.c]
2327 allow import (-i) and export (-e) of PEM and PKCS#8 encoded keys;
2328 bz#1749; ok markus@
Damien Miller6018a362010-07-02 13:35:19 +10002329 - djm@cvs.openbsd.org 2010/06/29 23:16:46
2330 [auth2-pubkey.c sshd_config.5]
2331 allow key options (command="..." and friends) in AuthorizedPrincipals;
2332 ok markus@
Damien Millerea727282010-07-02 13:35:34 +10002333 - jmc@cvs.openbsd.org 2010/06/30 07:24:25
2334 [ssh-keygen.1]
2335 tweak previous;
Damien Miller6022f582010-07-02 13:37:01 +10002336 - jmc@cvs.openbsd.org 2010/06/30 07:26:03
2337 [ssh-keygen.c]
2338 sort usage();
Damien Millerd59dab82010-07-02 13:37:17 +10002339 - jmc@cvs.openbsd.org 2010/06/30 07:28:34
2340 [sshd_config.5]
2341 tweak previous;
Damien Miller0979b402010-07-02 13:37:33 +10002342 - millert@cvs.openbsd.org 2010/07/01 13:06:59
2343 [scp.c]
2344 Fix a longstanding problem where if you suspend scp at the
2345 password/passphrase prompt the terminal mode is not restored.
2346 OK djm@
Damien Miller527ded72010-07-02 13:40:16 +10002347 - phessler@cvs.openbsd.org 2010/06/27 19:19:56
2348 [regress/Makefile]
2349 fix how we run the tests so we can successfully use SUDO='sudo -E'
2350 in our env
Damien Millerab139cd2010-07-02 13:42:18 +10002351 - djm@cvs.openbsd.org 2010/06/29 23:59:54
2352 [cert-userkey.sh]
2353 regress tests for key options in AuthorizedPrincipals
Damien Millercede1db2010-07-02 13:33:48 +10002354
Tim Rice3fd307d2010-06-26 16:45:15 -0700235520100627
2356 - (tim) [openbsd-compat/port-uw.c] Reorder includes. auth-options.h now needs
2357 key.h.
2358
Damien Miller2e774462010-06-26 09:30:47 +1000235920100626
2360 - (djm) OpenBSD CVS Sync
2361 - djm@cvs.openbsd.org 2010/05/21 05:00:36
2362 [misc.c]
2363 colon() returns char*, so s/return (0)/return NULL/
Damien Miller4fe686d2010-06-26 09:36:10 +10002364 - markus@cvs.openbsd.org 2010/06/08 21:32:19
2365 [ssh-pkcs11.c]
2366 check length of value returned C_GetAttributValue for != 0
2367 from mdrtbugzilla@codefive.co.uk; bugzilla #1773; ok dtucker@
Damien Millerc094d1e2010-06-26 09:36:34 +10002368 - djm@cvs.openbsd.org 2010/06/17 07:07:30
2369 [mux.c]
2370 Correct sizing of object to be allocated by calloc(), replacing
2371 sizeof(state) with sizeof(*state). This worked by accident since
2372 the struct contained a single int at present, but could have broken
2373 in the future. patch from hyc AT symas.com
Damien Miller99ac4e92010-06-26 09:36:58 +10002374 - djm@cvs.openbsd.org 2010/06/18 00:58:39
2375 [sftp.c]
2376 unbreak ls in working directories that contains globbing characters in
2377 their pathnames. bz#1655 reported by vgiffin AT apple.com
Damien Miller7aa46ec2010-06-26 09:37:57 +10002378 - djm@cvs.openbsd.org 2010/06/18 03:16:03
2379 [session.c]
2380 Missing check for chroot_director == "none" (we already checked against
2381 NULL); bz#1564 from Jan.Pechanec AT Sun.COM
Damien Miller49566312010-06-26 09:38:23 +10002382 - djm@cvs.openbsd.org 2010/06/18 04:43:08
2383 [sftp-client.c]
2384 fix memory leak in do_realpath() error path; bz#1771, patch from
2385 anicka AT suse.cz
Damien Millerab6de352010-06-26 09:38:45 +10002386 - djm@cvs.openbsd.org 2010/06/22 04:22:59
2387 [servconf.c sshd_config.5]
2388 expose some more sshd_config options inside Match blocks:
2389 AuthorizedKeysFile AuthorizedPrincipalsFile
2390 HostbasedUsesNameFromPacketOnly PermitTunnel
2391 bz#1764; feedback from imorgan AT nas.nasa.gov; ok dtucker@
Damien Millerba3420a2010-06-26 09:39:07 +10002392 - djm@cvs.openbsd.org 2010/06/22 04:32:06
2393 [ssh-keygen.c]
2394 standardise error messages when attempting to open private key
2395 files to include "progname: filename: error reason"
2396 bz#1783; ok dtucker@
Damien Miller48147d62010-06-26 09:39:25 +10002397 - djm@cvs.openbsd.org 2010/06/22 04:49:47
2398 [auth.c]
2399 queue auth debug messages for bad ownership or permissions on the user's
2400 keyfiles. These messages will be sent after the user has successfully
2401 authenticated (where our client will display them with LogLevel=debug).
Damien Miller0e76c5e2010-06-26 09:39:59 +10002402 bz#1554; ok dtucker@
2403 - djm@cvs.openbsd.org 2010/06/22 04:54:30
2404 [ssh-keyscan.c]
2405 replace verbose and overflow-prone Linebuf code with read_keyfile_line()
2406 based on patch from joachim AT joachimschipper.nl; bz#1565; ok dtucker@
Damien Miller1b2b61e2010-06-26 09:47:43 +10002407 - djm@cvs.openbsd.org 2010/06/22 04:59:12
2408 [session.c]
2409 include the user name on "subsystem request for ..." log messages;
2410 bz#1571; ok dtucker@
Damien Millerd834d352010-06-26 09:48:02 +10002411 - djm@cvs.openbsd.org 2010/06/23 02:59:02
2412 [ssh-keygen.c]
2413 fix printing of extensions in v01 certificates that I broke in r1.190
Damien Miller232cfb12010-06-26 09:50:30 +10002414 - djm@cvs.openbsd.org 2010/06/25 07:14:46
2415 [channels.c mux.c readconf.c readconf.h ssh.h]
2416 bz#1327: remove hardcoded limit of 100 permitopen clauses and port
2417 forwards per direction; ok markus@ stevesk@
Damien Miller8853ca52010-06-26 10:00:14 +10002418 - djm@cvs.openbsd.org 2010/06/25 07:20:04
2419 [channels.c session.c]
2420 bz#1750: fix requirement for /dev/null inside ChrootDirectory for
2421 internal-sftp accidentally introduced in r1.253 by removing the code
2422 that opens and dup /dev/null to stderr and modifying the channels code
2423 to read stderr but discard it instead; ok markus@
Damien Millerbda3eca2010-06-26 10:01:33 +10002424 - djm@cvs.openbsd.org 2010/06/25 08:46:17
2425 [auth1.c auth2-none.c]
2426 skip the initial check for access with an empty password when
2427 PermitEmptyPasswords=no; bz#1638; ok markus@
Damien Miller383ffe62010-06-26 10:02:03 +10002428 - djm@cvs.openbsd.org 2010/06/25 23:10:30
2429 [ssh.c]
2430 log the hostname and address that we connected to at LogLevel=verbose
2431 after authentication is successful to mitigate "phishing" attacks by
2432 servers with trusted keys that accept authentication silently and
2433 automatically before presenting fake password/passphrase prompts;
2434 "nice!" markus@
Damien Miller1ab6a512010-06-26 10:02:24 +10002435 - djm@cvs.openbsd.org 2010/06/25 23:10:30
2436 [ssh.c]
2437 log the hostname and address that we connected to at LogLevel=verbose
2438 after authentication is successful to mitigate "phishing" attacks by
2439 servers with trusted keys that accept authentication silently and
2440 automatically before presenting fake password/passphrase prompts;
2441 "nice!" markus@
Damien Miller2e774462010-06-26 09:30:47 +10002442
Damien Millerd82a2602010-06-22 15:02:39 +1000244320100622
2444 - (djm) [loginrec.c] crank LINFO_NAMESIZE (username length) to 512
2445 bz#1579; ok dtucker
2446
Damien Millerea909792010-06-18 11:09:24 +1000244720100618
2448 - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~
2449 rather than assuming that $CWD == $HOME. bz#1500, patch from
2450 timothy AT gelter.com
2451
Tim Riceb9ae4ec2010-06-17 11:11:44 -0700245220100617
2453 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete
2454 minires-devel package, and to add the reference to the libedit-devel
2455 package since CYgwin now provides libedit. Patch from Corinna Vinschen.
2456
Damien Miller3bcce802010-05-21 14:48:16 +1000245720100521
2458 - (djm) OpenBSD CVS Sync
2459 - djm@cvs.openbsd.org 2010/05/07 11:31:26
2460 [regress/Makefile regress/cert-userkey.sh]
2461 regress tests for AuthorizedPrincipalsFile and "principals=" key option.
2462 feedback and ok markus@
Damien Miller3b903822010-05-21 14:56:25 +10002463 - djm@cvs.openbsd.org 2010/05/11 02:58:04
2464 [auth-rsa.c]
2465 don't accept certificates marked as "cert-authority" here; ok markus@
Damien Millerc6afb5f2010-05-21 14:56:47 +10002466 - djm@cvs.openbsd.org 2010/05/14 00:47:22
2467 [ssh-add.c]
2468 check that the certificate matches the corresponding private key before
2469 grafting it on
Damien Millerd530f5f2010-05-21 14:57:10 +10002470 - djm@cvs.openbsd.org 2010/05/14 23:29:23
2471 [channels.c channels.h mux.c ssh.c]
2472 Pause the mux channel while waiting for reply from aynch callbacks.
2473 Prevents misordering of replies if new requests arrive while waiting.
2474
2475 Extend channel open confirm callback to allow signalling failure
2476 conditions as well as success. Use this to 1) fix a memory leak, 2)
2477 start using the above pause mechanism and 3) delay sending a success/
2478 failure message on mux slave session open until we receive a reply from
2479 the server.
2480
2481 motivated by and with feedback from markus@
Damien Miller388f6fc2010-05-21 14:57:35 +10002482 - markus@cvs.openbsd.org 2010/05/16 12:55:51
2483 [PROTOCOL.mux clientloop.h mux.c readconf.c readconf.h ssh.1 ssh.c]
2484 mux support for remote forwarding with dynamic port allocation,
2485 use with
2486 LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
2487 feedback and ok djm@
Damien Miller84399552010-05-21 14:58:12 +10002488 - djm@cvs.openbsd.org 2010/05/20 11:25:26
2489 [auth2-pubkey.c]
2490 fix logspam when key options (from="..." especially) deny non-matching
2491 keys; reported by henning@ also bz#1765; ok markus@ dtucker@
Damien Millerd0e4a8e2010-05-21 14:58:32 +10002492 - djm@cvs.openbsd.org 2010/05/20 23:46:02
2493 [PROTOCOL.certkeys auth-options.c ssh-keygen.c]
2494 Move the permit-* options to the non-critical "extensions" field for v01
2495 certificates. The logic is that if another implementation fails to
2496 implement them then the connection just loses features rather than fails
2497 outright.
2498
2499 ok markus@
Damien Miller3bcce802010-05-21 14:48:16 +10002500
Darren Tucker5b6d0d02010-05-12 16:51:38 +1000250120100511
2502 - (dtucker) [Makefile.in] Bug #1770: Link libopenbsd-compat twice to solve
2503 circular dependency problem on old or odd platforms. From Tom Lane, ok
2504 djm@.
Damien Miller4b1ec832010-05-12 17:49:59 +10002505 - (djm) [openbsd-compat/openssl-compat.h] Fix build breakage on older
2506 libcrypto by defining OPENSSL_[DR]SA_MAX_MODULUS_BITS if they aren't
2507 already. ok dtucker@
Darren Tucker5b6d0d02010-05-12 16:51:38 +10002508
Damien Miller50af79b2010-05-10 11:52:00 +1000250920100510
2510 - OpenBSD CVS Sync
2511 - djm@cvs.openbsd.org 2010/04/23 01:47:41
2512 [ssh-keygen.c]
2513 bz#1740: display a more helpful error message when $HOME is
2514 inaccessible while trying to create .ssh directory. Based on patch
2515 from jchadima AT redhat.com; ok dtucker@
Damien Miller85c50d72010-05-10 11:53:02 +10002516 - djm@cvs.openbsd.org 2010/04/23 22:27:38
2517 [mux.c]
2518 set "detach_close" flag when registering channel cleanup callbacks.
2519 This causes the channel to close normally when its fds close and
2520 hangs when terminating a mux slave using ~. bz#1758; ok markus@
Damien Miller22a29882010-05-10 11:53:54 +10002521 - djm@cvs.openbsd.org 2010/04/23 22:42:05
2522 [session.c]
2523 set stderr to /dev/null for subsystems rather than just closing it.
2524 avoids hangs if a subsystem or shell initialisation writes to stderr.
2525 bz#1750; ok markus@
Damien Millerbebbb7e2010-05-10 11:54:38 +10002526 - djm@cvs.openbsd.org 2010/04/23 22:48:31
2527 [ssh-keygen.c]
2528 refuse to generate keys longer than OPENSSL_[RD]SA_MAX_MODULUS_BITS,
2529 since we would refuse to use them anyway. bz#1516; ok dtucker@
Damien Miller79442c02010-05-10 11:55:38 +10002530 - djm@cvs.openbsd.org 2010/04/26 22:28:24
2531 [sshconnect2.c]
2532 bz#1502: authctxt.success is declared as an int, but passed by
2533 reference to function that accepts sig_atomic_t*. Convert it to
2534 the latter; ok markus@ dtucker@
Damien Miller2725c212010-05-10 11:56:14 +10002535 - djm@cvs.openbsd.org 2010/05/01 02:50:50
2536 [PROTOCOL.certkeys]
2537 typo; jmeltzer@
Damien Miller099fc162010-05-10 11:56:50 +10002538 - dtucker@cvs.openbsd.org 2010/05/05 04:22:09
2539 [sftp.c]
2540 restore mput and mget which got lost in the tab-completion changes.
2541 found by Kenneth Whitaker, ok djm@
Damien Miller30da3442010-05-10 11:58:03 +10002542 - djm@cvs.openbsd.org 2010/05/07 11:30:30
2543 [auth-options.c auth-options.h auth.c auth.h auth2-pubkey.c]
2544 [key.c servconf.c servconf.h sshd.8 sshd_config.5]
2545 add some optional indirection to matching of principal names listed
2546 in certificates. Currently, a certificate must include the a user's name
2547 to be accepted for authentication. This change adds the ability to
2548 specify a list of certificate principal names that are acceptable.
2549
2550 When authenticating using a CA trusted through ~/.ssh/authorized_keys,
2551 this adds a new principals="name1[,name2,...]" key option.
2552
2553 For CAs listed through sshd_config's TrustedCAKeys option, a new config
2554 option "AuthorizedPrincipalsFile" specifies a per-user file containing
2555 the list of acceptable names.
2556
2557 If either option is absent, the current behaviour of requiring the
2558 username to appear in principals continues to apply.
2559
2560 These options are useful for role accounts, disjoint account namespaces
2561 and "user@realm"-style naming policies in certificates.
2562
2563 feedback and ok markus@
Damien Miller81d3fc52010-05-10 11:58:45 +10002564 - jmc@cvs.openbsd.org 2010/05/07 12:49:17
2565 [sshd_config.5]
2566 tweak previous;
Damien Miller50af79b2010-05-10 11:52:00 +10002567
Darren Tucker9f8703b2010-04-23 11:12:06 +1000256820100423
2569 - (dtucker) [configure.ac] Bug #1756: Check for the existence of a lib64 dir
2570 in the openssl install directory (some newer openssl versions do this on at
2571 least some amd64 platforms).
2572
Damien Millerc4eddee2010-04-18 08:07:43 +1000257320100418
2574 - OpenBSD CVS Sync
2575 - jmc@cvs.openbsd.org 2010/04/16 06:45:01
2576 [ssh_config.5]
2577 tweak previous; ok djm
Damien Miller1f181422010-04-18 08:08:03 +10002578 - jmc@cvs.openbsd.org 2010/04/16 06:47:04
2579 [ssh-keygen.1 ssh-keygen.c]
2580 tweak previous; ok djm
Damien Millerc617aa92010-04-18 08:08:20 +10002581 - djm@cvs.openbsd.org 2010/04/16 21:14:27
2582 [sshconnect.c]
2583 oops, %r => remote username, not %u
Damien Miller53f4bb62010-04-18 08:15:14 +10002584 - djm@cvs.openbsd.org 2010/04/16 01:58:45
2585 [regress/cert-hostkey.sh regress/cert-userkey.sh]
2586 regression tests for v01 certificate format
2587 includes interop tests for v00 certs
Darren Tuckere25a9bd2010-04-18 13:35:00 +10002588 - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default
2589 file.
Damien Millerc4eddee2010-04-18 08:07:43 +10002590
Damien Millera45f1c02010-04-16 15:51:34 +1000259120100416
2592 - (djm) Release openssh-5.5p1
Damien Millerd6fc3062010-04-16 15:51:45 +10002593 - OpenBSD CVS Sync
2594 - djm@cvs.openbsd.org 2010/03/26 03:13:17
2595 [bufaux.c]
2596 allow buffer_get_int_ret/buffer_get_int64_ret to take a NULL pointer
2597 argument to allow skipping past values in a buffer
Damien Miller67f30d72010-04-16 15:52:03 +10002598 - jmc@cvs.openbsd.org 2010/03/26 06:54:36
2599 [ssh.1]
2600 tweak previous;
Damien Miller544378d2010-04-16 15:52:24 +10002601 - jmc@cvs.openbsd.org 2010/03/27 14:26:55
2602 [ssh_config.5]
2603 tweak previous; ok dtucker
Damien Millerdeb5a142010-04-16 15:52:43 +10002604 - djm@cvs.openbsd.org 2010/04/10 00:00:16
2605 [ssh.c]
2606 bz#1746 - suppress spurious tty warning when using -O and stdin
2607 is not a tty; ok dtucker@ markus@
Damien Miller67283992010-04-16 15:53:02 +10002608 - djm@cvs.openbsd.org 2010/04/10 00:04:30
2609 [sshconnect.c]
2610 fix terminology: we didn't find a certificate in known_hosts, we found
2611 a CA key
Damien Miller22c97f12010-04-16 15:53:23 +10002612 - djm@cvs.openbsd.org 2010/04/10 02:08:44
2613 [clientloop.c]
2614 bz#1698: kill channel when pty allocation requests fail. Fixed
2615 stuck client if the server refuses pty allocation.
2616 ok dtucker@ "think so" markus@
Damien Miller88680652010-04-16 15:53:43 +10002617 - djm@cvs.openbsd.org 2010/04/10 02:10:56
2618 [sshconnect2.c]
2619 show the key type that we are offering in debug(), helps distinguish
2620 between certs and plain keys as the path to the private key is usually
2621 the same.
Damien Miller601a23c2010-04-16 15:54:01 +10002622 - djm@cvs.openbsd.org 2010/04/10 05:48:16
2623 [mux.c]
2624 fix NULL dereference; from matthew.haub AT alumni.adelaide.edu.au
Damien Millerb1b17042010-04-16 15:54:19 +10002625 - djm@cvs.openbsd.org 2010/04/14 22:27:42
2626 [ssh_config.5 sshconnect.c]
2627 expand %r => remote username in ssh_config:ProxyCommand;
2628 ok deraadt markus
Damien Miller031c9102010-04-16 15:54:44 +10002629 - markus@cvs.openbsd.org 2010/04/15 20:32:55
2630 [ssh-pkcs11.c]
2631 retry lookup for private key if there's no matching key with CKA_SIGN
2632 attribute enabled; this fixes fixes MuscleCard support (bugzilla #1736)
2633 ok djm@
Damien Miller4e270b02010-04-16 15:56:21 +10002634 - djm@cvs.openbsd.org 2010/04/16 01:47:26
2635 [PROTOCOL.certkeys auth-options.c auth-options.h auth-rsa.c]
2636 [auth2-pubkey.c authfd.c key.c key.h myproposal.h ssh-add.c]
2637 [ssh-agent.c ssh-dss.c ssh-keygen.1 ssh-keygen.c ssh-rsa.c]
2638 [sshconnect.c sshconnect2.c sshd.c]
2639 revised certificate format ssh-{dss,rsa}-cert-v01@openssh.com with the
2640 following changes:
2641
2642 move the nonce field to the beginning of the certificate where it can
2643 better protect against chosen-prefix attacks on the signature hash
2644
2645 Rename "constraints" field to "critical options"
2646
2647 Add a new non-critical "extensions" field
2648
2649 Add a serial number
2650
2651 The older format is still support for authentication and cert generation
2652 (use "ssh-keygen -t v00 -s ca_key ..." to generate a v00 certificate)
2653
2654 ok markus@